fix: ensure same protocol for configured api url #3303
No reviewers
Labels
No Label
area/internal-code
changes requested
confirmed
dependencies
duplicate
good first issue
help wanted
hosting
invalid
kind/bug
kind/feature
question
wontfix
No Milestone
No project
No Assignees
3 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: vikunja/frontend#3303
Loading…
Reference in New Issue
No description provided.
Delete Branch "fix/ensure-same-origin"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Resolves https://github.com/go-vikunja/frontend/issues/109
Vikunja would save the api url with
http
instead ofhttps
when the frontend was accessed via https. This was fine in most cases when the server would redirect all requests made to http to the secure https variant. However, in newer Firefox versions (and soon, Chrome probably as well) the browser would not follow that redirect anymore. Hence, we need to make sure to only make api requests to the same protocol. Doing API requests from an https hosted fronted to an http hosted api would probably fail already anyway.Hi konrad!
Thank you for creating a PR!
I've deployed the changes of this PR on a preview environment under this URL: https://3303-fix-ensure-same-origin--vikunja-frontend-preview.netlify.app
You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somehwere. The easiest to use is https://try.vikunja.io/.
Have a nice day!
@ -16,3 +18,3 @@
!url.startsWith('https://')
) {
url = `http://${url}`
if (shouldCheckHttps) {
Even easier:
@ -21,3 +23,4 @@
const urlToCheck: URL = new URL(url)
const origUrlToCheck = urlToCheck
urlToCheck.protocol = shouldCheckHttps ? 'https:' : 'http:'
This will also be the same as
window.location.protocol
because of that the
shouldCheckHttps
is not necessary anymore.Oh right, I've cleaned it up. Please check again.
see comment
@ -16,3 +16,3 @@
!url.startsWith('https://')
) {
url = `http://${url}`
url = `${window.location.protocol}//${url}`
This should already have
window.location.protocol
since we assign it in line 10.In line 10 we only assign the host, not the protocol.
oh yes, sry. Hard to read code on mobile
oh yes, sry. Hard to read code on mobile
@ -21,3 +21,4 @@
const urlToCheck: URL = new URL(url)
const origUrlToCheck = urlToCheck
urlToCheck.protocol = window.location.protocol
since this is based on
url
it should also already havewindow.location.protocol
Fixed.
Can I merge this? (Given how many little commits with one line changes I made and the still tiny size of this PR I think we should squash this)