Making isURLSameOrigin/cookies safe to use in all envs

lib/adapters/http.js

@@ -2,7 +2,7 @@
 
 var defaults = require('./../defaults');
 var utils = require('./../utils');
-var buildUrl = require('./../helpers/buildUrl');
+var buildURL = require('./../helpers/buildURL');
 var transformData = require('./../helpers/transformData');
 var http = require('http');
 var https = require('https');
@@ -50,7 +50,7 @@ module.exports = function httpAdapter(resolve, reject, config) {
   var options = {
     host: parsed.hostname,
     port: parsed.port,
-    path: buildUrl(parsed.path, config.params).replace(/^\?/, ''),
+    path: buildURL(parsed.path, config.params).replace(/^\?/, ''),
     method: config.method,
     headers: headers,
     agent: config.agent

lib/adapters/xhr.js

@@ -4,7 +4,7 @@
 
 var defaults = require('./../defaults');
 var utils = require('./../utils');
-var buildUrl = require('./../helpers/buildUrl');
+var buildURL = require('./../helpers/buildURL');
 var parseHeaders = require('./../helpers/parseHeaders');
 var transformData = require('./../helpers/transformData');
 
@@ -29,7 +29,7 @@ module.exports = function xhrAdapter(resolve, reject, config) {
 
   // Create the request
   var request = new (XMLHttpRequest || ActiveXObject)('Microsoft.XMLHTTP');
-  request.open(config.method.toUpperCase(), buildUrl(config.url, config.params, config.paramsSerializer), true);
+  request.open(config.method.toUpperCase(), buildURL(config.url, config.params, config.paramsSerializer), true);
 
   // Set the request timeout in MS
   request.timeout = config.timeout;
@@ -67,10 +67,10 @@ module.exports = function xhrAdapter(resolve, reject, config) {
   // Specifically not if we're in a web worker, or react-native.
   if (utils.isStandardBrowserEnv()) {
     var cookies = require('./../helpers/cookies');
-    var urlIsSameOrigin = require('./../helpers/urlIsSameOrigin');
+    var isURLSameOrigin = require('./../helpers/isURLSameOrigin');
 
     // Add xsrf header
-    var xsrfValue = urlIsSameOrigin(config.url) ?
+    var xsrfValue = isURLSameOrigin(config.url) ?
         cookies.read(config.xsrfCookieName || defaults.xsrfCookieName) :
         undefined;
 

lib/helpers/buildUrl.js

@@ -20,7 +20,7 @@ function encode(val) {
  * @param {object} [params] The params to be appended
  * @returns {string} The formatted url
  */
-module.exports = function buildUrl(url, params, paramsSerializer) {
+module.exports = function buildURL(url, params, paramsSerializer) {
   if (!params) {
     return url;
   }

lib/helpers/cookies.js

 'use strict';
 
-/**
- * WARNING:
- *  This file makes references to objects that aren't safe in all environments.
- *  Please see lib/utils.isStandardBrowserEnv before including this file.
- */
-
 var utils = require('./../utils');
 
-module.exports = {
-  write: function write(name, value, expires, path, domain, secure) {
-    var cookie = [];
-    cookie.push(name + '=' + encodeURIComponent(value));
-
-    if (utils.isNumber(expires)) {
-      cookie.push('expires=' + new Date(expires).toGMTString());
-    }
-
-    if (utils.isString(path)) {
-      cookie.push('path=' + path);
-    }
-
-    if (utils.isString(domain)) {
-      cookie.push('domain=' + domain);
-    }
-
-    if (secure === true) {
-      cookie.push('secure');
-    }
-
-    document.cookie = cookie.join('; ');
-  },
-
-  read: function read(name) {
-    var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
-    return (match ? decodeURIComponent(match[3]) : null);
-  },
-
-  remove: function remove(name) {
-    this.write(name, '', Date.now() - 86400000);
-  }
-};
+module.exports = (
+  utils.isStandardBrowserEnv() ?
+
+  // Standard browser envs support document.cookie
+  (function () {
+    return {
+      write: function write(name, value, expires, path, domain, secure) {
+        var cookie = [];
+        cookie.push(name + '=' + encodeURIComponent(value));
+
+        if (utils.isNumber(expires)) {
+          cookie.push('expires=' + new Date(expires).toGMTString());
+        }
+
+        if (utils.isString(path)) {
+          cookie.push('path=' + path);
+        }
+
+        if (utils.isString(domain)) {
+          cookie.push('domain=' + domain);
+        }
+
+        if (secure === true) {
+          cookie.push('secure');
+        }
+
+        document.cookie = cookie.join('; ');
+      },
+
+      read: function read(name) {
+        var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)'));
+        return (match ? decodeURIComponent(match[3]) : null);
+      },
+
+      remove: function remove(name) {
+        this.write(name, '', Date.now() - 86400000);
+      }
+    };
+  })() :
+
+  // Non standard browser env (web workers, react-native) lack needed support.
+  (function () {
+    return {
+      write: function write() {},
+      read: function read() { return null; },
+      remove: function remove() {}
+    };
+  })()
+);

lib/helpers/isURLSameOrigin.js

+'use strict';
+
+var utils = require('./../utils');
+
+module.exports = (
+  utils.isStandardBrowserEnv() ?
+
+  // Standard browser envs have full support of the APIs needed to test
+  // whether the request URL is of the same origin as current location.
+  (function () {
+    var msie = /(msie|trident)/i.test(navigator.userAgent);
+    var urlParsingNode = document.createElement('a');
+    var originURL;
+
+    /**
+    * Parse a URL to discover it's components
+    *
+    * @param {String} url The URL to be parsed
+    * @returns {Object}
+    */
+    function resolveURL(url) {
+      var href = url;
+
+      if (msie) {
+        // IE needs attribute set twice to normalize properties
+        urlParsingNode.setAttribute('href', href);
+        href = urlParsingNode.href;
+      }
+
+      urlParsingNode.setAttribute('href', href);
+
+      // urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils
+      return {
+        href: urlParsingNode.href,
+        protocol: urlParsingNode.protocol ? urlParsingNode.protocol.replace(/:$/, '') : '',
+        host: urlParsingNode.host,
+        search: urlParsingNode.search ? urlParsingNode.search.replace(/^\?/, '') : '',
+        hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '',
+        hostname: urlParsingNode.hostname,
+        port: urlParsingNode.port,
+        pathname: (urlParsingNode.pathname.charAt(0) === '/') ?
+                  urlParsingNode.pathname :
+                  '/' + urlParsingNode.pathname
+      };
+    }
+
+    originURL = resolveURL(window.location.href);
+
+    /**
+    * Determine if a URL shares the same origin as the current location
+    *
+    * @param {String} requestURL The URL to test
+    * @returns {boolean} True if URL shares the same origin, otherwise false
+    */
+    return function isURLSameOrigin(requestURL) {
+      var parsed = (utils.isString(requestURL)) ? resolveURL(requestURL) : requestURL;
+      return (parsed.protocol === originURL.protocol &&
+            parsed.host === originURL.host);
+    };
+  })() :
+
+  // Non standard browser envs (web workers, react-native) lack needed support.
+  (function () {
+    return function isURLSameOrigin() {
+      return true;
+    };
+  })()
+);

lib/helpers/urlIsSameOrigin.js

-'use strict';
-
-/**
- * WARNING:
- *  This file makes references to objects that aren't safe in all environments.
- *  Please see lib/utils.isStandardBrowserEnv before including this file.
- */
-
-var utils = require('./../utils');
-var msie = /(msie|trident)/i.test(navigator.userAgent);
-var urlParsingNode = document.createElement('a');
-var originUrl;
-
-/**
- * Parse a URL to discover it's components
- *
- * @param {String} url The URL to be parsed
- * @returns {Object}
- */
-function urlResolve(url) {
-  var href = url;
-
-  if (msie) {
-    // IE needs attribute set twice to normalize properties
-    urlParsingNode.setAttribute('href', href);
-    href = urlParsingNode.href;
-  }
-
-  urlParsingNode.setAttribute('href', href);
-
-  // urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils
-  return {
-    href: urlParsingNode.href,
-    protocol: urlParsingNode.protocol ? urlParsingNode.protocol.replace(/:$/, '') : '',
-    host: urlParsingNode.host,
-    search: urlParsingNode.search ? urlParsingNode.search.replace(/^\?/, '') : '',
-    hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '',
-    hostname: urlParsingNode.hostname,
-    port: urlParsingNode.port,
-    pathname: (urlParsingNode.pathname.charAt(0) === '/') ?
-              urlParsingNode.pathname :
-              '/' + urlParsingNode.pathname
-  };
-}
-
-originUrl = urlResolve(window.location.href);
-
-/**
- * Determine if a URL shares the same origin as the current location
- *
- * @param {String} requestUrl The URL to test
- * @returns {boolean} True if URL shares the same origin, otherwise false
- */
-module.exports = function urlIsSameOrigin(requestUrl) {
-  var parsed = (utils.isString(requestUrl)) ? urlResolve(requestUrl) : requestUrl;
-  return (parsed.protocol === originUrl.protocol &&
-        parsed.host === originUrl.host);
-};

test/specs/helpers/buildUrl.spec.js

-var buildUrl = require('../../../lib/helpers/buildUrl');
+var buildURL = require('../../../lib/helpers/buildURL');
 
-describe('helpers::buildUrl', function () {
+describe('helpers::buildURL', function () {
   it('should support null params', function () {
-    expect(buildUrl('/foo')).toEqual('/foo');
+    expect(buildURL('/foo')).toEqual('/foo');
   });
 
   it('should support params', function () {
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       foo: 'bar'
     })).toEqual('/foo?foo=bar');
   });
 
   it('should support object params', function () {
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       foo: {
         bar: 'baz'
       }
@@ -22,31 +22,31 @@ describe('helpers::buildUrl', function () {
   it('should support date params', function () {
     var date = new Date();
 
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       date: date
     })).toEqual('/foo?date=' + date.toISOString());
   });
 
   it('should support array params', function () {
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       foo: ['bar', 'baz']
     })).toEqual('/foo?foo[]=bar&foo[]=baz');
   });
 
   it('should support special char params', function () {
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       foo: '@:$, '
     })).toEqual('/foo?foo=@:$,+');
   });
 
   it('should support existing params', function () {
-    expect(buildUrl('/foo?foo=bar', {
+    expect(buildURL('/foo?foo=bar', {
       bar: 'baz'
     })).toEqual('/foo?foo=bar&bar=baz');
   });
 
   it('should support "length" parameter', function () {
-    expect(buildUrl('/foo', {
+    expect(buildURL('/foo', {
       query: 'bar',
       start: 0,
       length: 5
@@ -57,7 +57,7 @@ describe('helpers::buildUrl', function () {
     serializer = sinon.stub();
     params = {foo: 'bar'};
     serializer.returns('foo=bar');
-    expect(buildUrl('/foo', params, serializer)).toEqual('/foo?foo=bar');
+    expect(buildURL('/foo', params, serializer)).toEqual('/foo?foo=bar');
     expect(serializer.calledOnce).toBe(true);
     expect(serializer.calledWith(params)).toBe(true);
   })

test/specs/helpers/urlIsSameOrigin.spec.js → test/specs/helpers/isURLSameOrigin.spec.js

-var urlIsSameOrigin = require('../../../lib/helpers/urlIsSameOrigin');
+var isURLSameOrigin = require('../../../lib/helpers/isURLSameOrigin');
 
-describe('helpers::urlIsSameOrigin', function () {
+describe('helpers::isURLSameOrigin', function () {
   it('should detect same origin', function () {
-    expect(urlIsSameOrigin(window.location.href)).toEqual(true);
+    expect(isURLSameOrigin(window.location.href)).toEqual(true);
   });
 
   it('should detect different origin', function () {
-    expect(urlIsSameOrigin('https://github.com/mzabriskie/axios')).toEqual(false);
+    expect(isURLSameOrigin('https://github.com/mzabriskie/axios')).toEqual(false);
   });
 });