responseURLに対応していないライブラリを使っているときにクロスドメイン通信を無理やり止める

cors_killer.js

// responseURLに対応していないライブラリを使っているときにクロスドメイン通信を無理やり止める
// https://github.com/jquery/jquery/pull/1615

// responseURL
// https://bugzilla.mozilla.org/show_bug.cgi?id=998076
// https://bugs.chromium.org/p/chromium/issues/detail?id=377583
// https://bugs.webkit.org/show_bug.cgi?id=136938


new function(){
    var base = location.origin;
    var orig = XMLHttpRequest.prototype;
    ["response","responseText","responseXML"].forEach(function(prop){
        var orig_getter = Object.getOwnPropertyDescriptor(orig, prop).get;
        Object.defineProperty(orig, prop, {
            get: function(){
                var val = orig_getter.call(this);
                if (base !== new URL(this.responseURL).origin) {
                    console.log("cross origin request detected!!!");
                    throw "cross origin request detected";
                }
                return val;
            }
        });
    });
};

/*
OR

function MyXMLHttpRequest(){
    var xhr = new XMLHttpRequest;
    var base = location.origin;
    var orig = XMLHttpRequest.prototype;
    ["response","responseText","responseXML"].forEach(function(prop){
        var orig_getter = Object.getOwnPropertyDescriptor(orig, prop).get;
        Object.defineProperty(xhr, prop, {
            get: function(){
                var val = orig_getter.call(this);
                if (base !== new URL(this.responseURL).origin) {
                    console.log("cross origin request detected!!!");
                    throw "cross origin request detected";
                }
                return val;
            }
        });
    });
    return xhr;
}
var xhr = new MyXMLHttpRequest;
...
*/