// Simple script redirects to the query part of the uri if the browser
// authenticates with username "testuser" password "testpass"

function handleRequest(request, response) {
  if (request.hasHeader("Authorization")) {
    if (request.getHeader("Authorization") == "Basic dGVzdHVzZXI6dGVzdHBhc3M=") {
      response.setStatusLine(request.httpVersion, 302, "Found");
      response.setHeader("Location", request.queryString);
      response.write("See " + request.queryString);
    }
    else {
      response.setStatusLine(request.httpVersion, 403, "Forbidden");
      response.write("Invalid credentials");
    }
  }
  else {
    response.setStatusLine(request.httpVersion, 401, "Authentication required");
    response.setHeader("WWW-Authenticate", "basic realm=\"XPInstall\"", false);
    response.write("Unauthenticated request");
  }
}