sameHost check with https: urls #80

finchi · 2024-10-02T23:39:58Z

Hello,

I encountered an issue with a CDN that blocked the x-csrf-token header. Since the CDN and the requesting site have different hostnames, I was initially confused about where the problem was originating.

After reviewing the code, I found the following line and was wondering why https: is not included here:

request.js/src/fetch_request.js

Line 52 in f3460a1

if (!this.originalUrl.startsWith('http:')) {

Is this an oversight, or is there another reason for omitting https:?

The text was updated successfully, but these errors were encountered:

marcelolx · 2024-10-03T12:22:56Z

Probably an oversight @t27duck?

Related PR #46

t27duck · 2024-10-03T12:32:50Z

Yep, probably an oversight. I'll see if I can get a PR going shortly. If I can't (at my day job right now) it'll be later this evening.

t27duck · 2024-10-03T12:43:40Z

#81 should do it

marcelolx · 2024-10-03T13:01:00Z

Thanks @t27duck

finchi · 2024-10-03T13:02:13Z

@t27duck thanks for the quick fix 👏

t27duck mentioned this issue Oct 3, 2024

Consider https for same origin check #81

Merged

marcelolx closed this as completed in #81 Oct 3, 2024

marcelolx closed this as completed in 1e04ca7 Oct 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sameHost check with https: urls #80

sameHost check with https: urls #80

finchi commented Oct 2, 2024

marcelolx commented Oct 3, 2024

t27duck commented Oct 3, 2024

t27duck commented Oct 3, 2024

marcelolx commented Oct 3, 2024

finchi commented Oct 3, 2024

sameHost check with https: urls #80

sameHost check with https: urls #80

Comments

finchi commented Oct 2, 2024

marcelolx commented Oct 3, 2024

t27duck commented Oct 3, 2024

t27duck commented Oct 3, 2024

marcelolx commented Oct 3, 2024

finchi commented Oct 3, 2024