Merge pull request #427 from lgustafson/lgustafson/fix-cross-domain-ie7

rafaelfranca · rafaelfranca · commit 998caefbfda1 · 2015-09-01T01:53:28.000-03:00
Fix for #426 along with updated tests
diff --git a/src/rails.js b/src/rails.js
@@ -191,10 +191,14 @@
         // This is a workaround to a IE bug.
         urlAnchor.href = urlAnchor.href;
 
-        // Make sure that the browser parses the URL and that the protocols and hosts match.
-        return !urlAnchor.protocol || !urlAnchor.host ||
-          (originAnchor.protocol + '//' + originAnchor.host !==
-            urlAnchor.protocol + '//' + urlAnchor.host);
+        // If URL protocol is false or is a string containing a single colon
+        // *and* host are false, assume it is not a cross-domain request
+        // (should only be the case for IE7 and IE compatibility mode).
+        // Otherwise, evaluate protocol and host of the URL against the origin
+        // protocol and host.
+        return !(((!urlAnchor.protocol || urlAnchor.protocol === ':') && !urlAnchor.host) ||
+          (originAnchor.protocol + '//' + originAnchor.host ===
+            urlAnchor.protocol + '//' + urlAnchor.host));
       } catch (e) {
         // If there is an error parsing the URL, assume it is crossDomain.
         return true;
diff --git a/test/public/test/call-remote.js b/test/public/test/call-remote.js
@@ -122,7 +122,7 @@ asyncTest('sends CSRF token in custom header', 1, function() {
   });
 });
 
-asyncTest('intelligently guesses crossDomain behavior when target URL is a different domain', 1, function(e, xhr) {
+asyncTest('intelligently guesses crossDomain behavior when target URL has a different protocol and/or hostname', 1, function(e, xhr) {
 
   // Don't set data-cross-domain here, just set action to be a different domain than localhost
   buildForm({ action: 'http://www.alfajango.com' });
@@ -140,4 +140,23 @@ asyncTest('intelligently guesses crossDomain behavior when target URL is a diffe
 
   setTimeout(function() { start(); }, 13);
 });
+
+asyncTest('intelligently guesses crossDomain behavior when target URL consists of only a path', 1, function(e, xhr) {
+
+  // Don't set data-cross-domain here, just set action to be a different domain than localhost
+  buildForm({ action: '/just/a/path' });
+  $('#qunit-fixture').append('<meta name="csrf-token" content="cf50faa3fe97702ca1ae" />');
+
+  $('#qunit-fixture').find('form')
+    .bind('ajax:beforeSend', function(e, xhr, settings) {
+
+      equal(settings.crossDomain, false, 'crossDomain should be set to false');
+
+      // prevent request from actually getting sent off-domain
+      return false;
+    })
+    .trigger('submit');
+
+  setTimeout(function() { start(); }, 13);
+});
 })();
