diff options
| author | Ferdinand Thiessen <opensource@fthiessen.de> | 2023-10-17 16:14:53 +0200 |
|---|---|---|
| committer | Ferdinand Thiessen <opensource@fthiessen.de> | 2023-10-17 17:41:51 +0200 |
| commit | 0414ca35c03281ecfe0a887025e674c4e3f13c5e (patch) | |
| tree | 3f8dab377daf8c07db2bd993d1c81e38f430f2f1 /core | |
| parent | fbf8a463dba973dcd8077e84fe5934a70d3d45f2 (diff) | |
| download | nextcloud-server-0414ca35c03281ecfe0a887025e674c4e3f13c5e.tar.gz nextcloud-server-0414ca35c03281ecfe0a887025e674c4e3f13c5e.zip | |
fix(xhr-request): Make sure to also allow strings as url
Our utility to add `X-Requested-With` headers on API calls intercepts
calls to `window.fetch`, so we must ensure we allow all parameters that the default
browser provided `window.fetch` allows.
In this case make sure to allow all stringify-able objects.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
Diffstat (limited to 'core')
| -rw-r--r-- | core/src/utils/xhr-request.js | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/core/src/utils/xhr-request.js b/core/src/utils/xhr-request.js index 0432fc9fd3f..66f994246e0 100644 --- a/core/src/utils/xhr-request.js +++ b/core/src/utils/xhr-request.js @@ -21,6 +21,10 @@ import { getRootUrl } from '@nextcloud/router' +/** + * @param {string} url The URL to check + * @return {boolean} true if the URL points to this nextcloud instance + */ const isNextcloudUrl = (url) => { const nextcloudBaseUrl = window.location.protocol + '//' + window.location.host + getRootUrl() // try with relative and absolute URL @@ -43,24 +47,25 @@ export const interceptRequests = () => { })(XMLHttpRequest.prototype.open) window.fetch = (function(fetch) { - return (input, init) => { - if (!isNextcloudUrl(input.url)) { - return fetch(input, init) + return (resource, options) => { + // fetch allows the `input` to be either a Request object or any stringifyable value + if (!isNextcloudUrl(resource.url ?? resource.toString())) { + return fetch(resource, options) } - if (!init) { - init = {} + if (!options) { + options = {} } - if (!init.headers) { - init.headers = new Headers() + if (!options.headers) { + options.headers = new Headers() } - if (init.headers instanceof Headers && !init.headers.has('X-Requested-With')) { - init.headers.append('X-Requested-With', 'XMLHttpRequest') - } else if (init.headers instanceof Object && !init.headers['X-Requested-With']) { - init.headers['X-Requested-With'] = 'XMLHttpRequest' + if (options.headers instanceof Headers && !options.headers.has('X-Requested-With')) { + options.headers.append('X-Requested-With', 'XMLHttpRequest') + } else if (options.headers instanceof Object && !options.headers['X-Requested-With']) { + options.headers['X-Requested-With'] = 'XMLHttpRequest' } - return fetch(input, init) + return fetch(resource, options) } })(window.fetch) } |