mirror of
https://github.com/tenrok/axios.git
synced 2026-06-20 20:00:40 +03:00
fix: use URL API instead of DOM to fix a potential vulnerability warning; (#6714)
This commit is contained in:
Dmitriy Mozgovoy
@@ -1,67 +1,14 @@
|
|||||||
'use strict';
|
|
||||||
|
|
||||||
import utils from './../utils.js';
|
|
||||||
import platform from '../platform/index.js';
|
import platform from '../platform/index.js';
|
||||||
|
|
||||||
export default platform.hasStandardBrowserEnv ?
|
export default platform.hasStandardBrowserEnv ? ((origin, isMSIE) => (url) => {
|
||||||
|
url = new URL(url, platform.origin);
|
||||||
|
|
||||||
// Standard browser envs have full support of the APIs needed to test
|
return (
|
||||||
// whether the request URL is of the same origin as current location.
|
origin.protocol === url.protocol &&
|
||||||
(function standardBrowserEnv() {
|
origin.host === url.host &&
|
||||||
const msie = platform.navigator && /(msie|trident)/i.test(platform.navigator.userAgent);
|
(isMSIE || origin.port === url.port)
|
||||||
const urlParsingNode = document.createElement('a');
|
);
|
||||||
let originURL;
|
})(
|
||||||
|
new URL(platform.origin),
|
||||||
/**
|
platform.navigator && /(msie|trident)/i.test(platform.navigator.userAgent)
|
||||||
* Parse a URL to discover its components
|
) : () => true;
|
||||||
*
|
|
||||||
* @param {String} url The URL to be parsed
|
|
||||||
* @returns {Object}
|
|
||||||
*/
|
|
||||||
function resolveURL(url) {
|
|
||||||
let href = url;
|
|
||||||
|
|
||||||
if (msie) {
|
|
||||||
// IE needs attribute set twice to normalize properties
|
|
||||||
urlParsingNode.setAttribute('href', href);
|
|
||||||
href = urlParsingNode.href;
|
|
||||||
}
|
|
||||||
|
|
||||||
urlParsingNode.setAttribute('href', href);
|
|
||||||
|
|
||||||
// urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils
|
|
||||||
return {
|
|
||||||
href: urlParsingNode.href,
|
|
||||||
protocol: urlParsingNode.protocol ? urlParsingNode.protocol.replace(/:$/, '') : '',
|
|
||||||
host: urlParsingNode.host,
|
|
||||||
search: urlParsingNode.search ? urlParsingNode.search.replace(/^\?/, '') : '',
|
|
||||||
hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '',
|
|
||||||
hostname: urlParsingNode.hostname,
|
|
||||||
port: urlParsingNode.port,
|
|
||||||
pathname: (urlParsingNode.pathname.charAt(0) === '/') ?
|
|
||||||
urlParsingNode.pathname :
|
|
||||||
'/' + urlParsingNode.pathname
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
originURL = resolveURL(window.location.href);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Determine if a URL shares the same origin as the current location
|
|
||||||
*
|
|
||||||
* @param {String} requestURL The URL to test
|
|
||||||
* @returns {boolean} True if URL shares the same origin, otherwise false
|
|
||||||
*/
|
|
||||||
return function isURLSameOrigin(requestURL) {
|
|
||||||
const parsed = (utils.isString(requestURL)) ? resolveURL(requestURL) : requestURL;
|
|
||||||
return (parsed.protocol === originURL.protocol &&
|
|
||||||
parsed.host === originURL.host);
|
|
||||||
};
|
|
||||||
})() :
|
|
||||||
|
|
||||||
// Non standard browser envs (web workers, react-native) lack needed support.
|
|
||||||
(function nonStandardBrowserEnv() {
|
|
||||||
return function isURLSameOrigin() {
|
|
||||||
return true;
|
|
||||||
};
|
|
||||||
})();
|
|
||||||
|
|||||||
Reference in New Issue
Block a user