diff options
| author | Julien Veyssier <julien-nc@posteo.net> | 2023-09-18 10:44:37 +0200 |
|---|---|---|
| committer | Julien Veyssier <julien-nc@posteo.net> | 2023-10-16 10:28:47 +0200 |
| commit | d2cc4c47986b7ebe3cbe2eb93e58287725660373 (patch) | |
| tree | 66ac1ae3c54cf69040ffaaa7679981e2bb88e3d3 /core/src/utils/xhr-request.js | |
| parent | 8212feefb9cf5796e6a92b27956092a1b5e933fe (diff) | |
| download | nextcloud-server-d2cc4c47986b7ebe3cbe2eb93e58287725660373.tar.gz nextcloud-server-d2cc4c47986b7ebe3cbe2eb93e58287725660373.zip | |
only add x-requested-with header if requests point to NC
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'core/src/utils/xhr-request.js')
| -rw-r--r-- | core/src/utils/xhr-request.js | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/core/src/utils/xhr-request.js b/core/src/utils/xhr-request.js index f124dc38f0d..0432fc9fd3f 100644 --- a/core/src/utils/xhr-request.js +++ b/core/src/utils/xhr-request.js @@ -19,6 +19,14 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ +import { getRootUrl } from '@nextcloud/router' + +const isNextcloudUrl = (url) => { + const nextcloudBaseUrl = window.location.protocol + '//' + window.location.host + getRootUrl() + // try with relative and absolute URL + return url.startsWith(nextcloudBaseUrl) || url.startsWith(getRootUrl()) +} + /** * Intercept XMLHttpRequest and fetch API calls to add X-Requested-With header * @@ -28,7 +36,7 @@ export const interceptRequests = () => { XMLHttpRequest.prototype.open = (function(open) { return function(method, url, async) { open.apply(this, arguments) - if (!this.getResponseHeader('X-Requested-With')) { + if (isNextcloudUrl(url) && !this.getResponseHeader('X-Requested-With')) { this.setRequestHeader('X-Requested-With', 'XMLHttpRequest') } } @@ -36,6 +44,9 @@ export const interceptRequests = () => { window.fetch = (function(fetch) { return (input, init) => { + if (!isNextcloudUrl(input.url)) { + return fetch(input, init) + } if (!init) { init = {} } |