Last active
December 17, 2015 18:39
-
-
Save zhuzhuor/5654594 to your computer and use it in GitHub Desktop.
XMLHttpRequest in Chrome doesn't handle cross-domain redirect properly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var xip_url = 'http://127.0.0.1.xip.io:5000/api'; | |
| chrome.webRequest.onBeforeRequest.addListener( | |
| function(info) { | |
| console.log(info.url + ' is redirected to ' + xip_url); | |
| return {redirectUrl: xip_url}; | |
| }, { | |
| urls: [ | |
| 'http://127.0.0.1:5000/notexist', | |
| 'http://127.0.0.1.xip.io:5000/notexist' | |
| ] | |
| }, ['blocking'] | |
| ); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "Test", | |
| "version": "1.0", | |
| "permissions": ["webRequest", "webRequestBlocking", "<all_urls>"], | |
| "background": { | |
| "scripts": ["background.js"] | |
| }, | |
| "manifest_version": 2 | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from flask import Flask | |
| app = Flask(__name__, static_folder='') | |
| xip_url = 'http://127.0.0.1.xip.io:5000/api' | |
| @app.route("/") | |
| def idx(): | |
| return app.send_static_file('test.html') | |
| @app.route("/redirect") | |
| def rdr(): | |
| return '', 302, { | |
| 'Access-Control-Allow-Origin': '*', | |
| 'Location': xip_url | |
| } | |
| @app.route("/api") | |
| def api(): | |
| return 'Passed', 200, {'Access-Control-Allow-Origin': '*'} | |
| if __name__ == "__main__": | |
| app.debug = True | |
| app.run(host='127.0.0.1', port=5000) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Test Cross-domain XHRs with Redirects</title> | |
| </head> | |
| <body> | |
| <p>Directly access cross-domain resource: <span id="req1">N/A</span></p> | |
| <p>Local request redirect to cross-domain resource: <span id="req2">N/A</span></p> | |
| <p>Cross-domain request redirect to cross-domain resource: <span id="req3">N/A</span></p> | |
| <p>Local request redirected by extension to cross-domain resource: <span id="req4">N/A</span></p> | |
| <p>Cross-domain request redirected by extension to cross-domain resource: <span id="req5">Silently Failed</span></p> | |
| <script type="text/javascript"> | |
| var xhr1 = new XMLHttpRequest(); | |
| xhr1.onreadystatechange = function() { | |
| if (xhr1.readyState === 4){ | |
| if (xhr1.responseText === 'Passed') { | |
| document.getElementById("req1").innerHTML = 'Passed'; | |
| } else { | |
| document.getElementById("req1").innerHTML = 'Failed'; | |
| } | |
| } | |
| }; | |
| xhr1.open("GET", "api", true); | |
| xhr1.send(); | |
| var xhr2 = new XMLHttpRequest(); | |
| xhr2.onreadystatechange = function() { | |
| if (xhr2.readyState === 4) { | |
| if (xhr2.responseText === 'Passed') { | |
| document.getElementById("req2").innerHTML = 'Passed'; | |
| } else { | |
| document.getElementById("req2").innerHTML = 'Failed'; | |
| } | |
| } | |
| }; | |
| xhr2.open("GET", "redirect", true); | |
| xhr2.send(); | |
| var xhr3 = new XMLHttpRequest(); | |
| xhr3.onreadystatechange = function() { | |
| if (xhr3.readyState === 4) { | |
| if (xhr3.responseText === 'Passed') { | |
| document.getElementById("req3").innerHTML = 'Passed'; | |
| } else { | |
| document.getElementById("req3").innerHTML = 'Failed'; | |
| } | |
| } | |
| }; | |
| xhr3.open("GET", "http://127.0.0.1.xip.io:5000/redirect", true); | |
| xhr3.send(); | |
| var xhr4 = new XMLHttpRequest(); | |
| xhr4.onreadystatechange = function() { | |
| if (xhr4.readyState === 4) { | |
| if (xhr4.responseText === 'Passed') { | |
| document.getElementById("req4").innerHTML = 'Passed'; | |
| } else if (xhr4.status === 404) { | |
| document.getElementById("req4").innerHTML = 'Ext not installed.'; | |
| } else { | |
| document.getElementById("req4").innerHTML = 'Failed'; | |
| } | |
| } | |
| }; | |
| xhr4.open("GET", "notexist", true); | |
| xhr4.send(); | |
| var xhr5 = new XMLHttpRequest(); | |
| xhr5.onreadystatechange = function() { | |
| if (xhr5.readyState === 5) { | |
| if (xhr5.responseText === 'Passed') { | |
| document.getElementById("req5").innerHTML = 'Passed'; | |
| } else if (xhr5.status === 404) { | |
| document.getElementById("req5").innerHTML = 'Ext not installed.'; | |
| } else { | |
| document.getElementById("req5").innerHTML = 'Failed'; | |
| } | |
| } | |
| }; | |
| xhr5.open("GET", "http://127.0.0.1.xip.io:5000/notexist", true); | |
| xhr5.send(); | |
| </script> | |
| </body> | |
| </html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment