Fix IE default redirect url #1373
Conversation
| @@ -37,6 +37,15 @@ describe('setup', () => { | |||
| const model = mock.calls[0][1].toJS(); | |||
| expect(model.auth.redirectUrl).toBe('https://test.com/path/'); | |||
| }); | |||
| it('default redirectUrl should work when `window.location.origin` is not available', () => { | |||
| setURL('https://test.com/path/#not-this-part', { noOrigin: true }); | |||
| const options = {}; | |||
There was a problem hiding this comment.
any reason why you have the declaration separate from the usage, since you're hardcoding the rest of the parameters too?
There was a problem hiding this comment.
easy to copy/paste later if needed 😬
| var url = 'https://test.com/example'; | ||
| expect(getOriginFromUrl(url)).toBe('https://test.com'); | ||
| }); | ||
| it('should use add the `port` when available', function() { |
| const mapping = { | ||
| 'https://localhost:3000/foo?id=1': { | ||
| href: 'https://localhost:3000/foo?id=1', | ||
| protocol: 'https:', |
There was a problem hiding this comment.
protocol should not include the :.
There was a problem hiding this comment.
Actually, the function does return the protocol with a colon:
// http://banana.com
host:"banana.com"
hostname:"banana.com"
href:"http://banana.com"
protocol:"http:"
Wikipedia says that protocol is:
A non-empty scheme component followed by a colon
... which tells me that protocol should not include it. That said, type this into your console:
> window.location
...
< protocol: "https:"
The built-in URL object (MDN) has the colon so I think this is the right implementation. Again, in the console:
> var url = new URL(window.location.toString()); url;
...
< protocol: "https:"
There was a problem hiding this comment.
lucho is discovering all the greatness of javascript. our boy is growing 😝
| protocol: 'https:', | ||
| host: 'auth0.com', | ||
| hostname: 'auth0.com', | ||
| port: undefined, |
There was a problem hiding this comment.
Should you return undefined or 80 (default)?
There was a problem hiding this comment.
It's text parsing, silly! No port in the text === no port found
| search: '', | ||
| hash: '' | ||
| }, | ||
| 'https://auth0.com#access_token=foo': { |
There was a problem hiding this comment.
If I enter manage.auth0.com, the # is put after the /. .e.g.: https://manage.auth0.com/#/applications
There was a problem hiding this comment.
/# and # is the same thing
There was a problem hiding this comment.
I tried:
- https://manage.auth0.com/#/applications -> fine
- https://manage.auth0.com#/applications -> redirs to https://manage.auth0.com/#/applications
- https://manage.auth0.com/#applications -> no content in the frame
- https://manage.auth0.com#applications -> no content in the frame
So as how I see it, I don't think they are the same. Maybe I'm wrong? Anyway, just add an extra case to test that scenario where the # is after the / such as https://manage.auth0.com/#/applications.
| port: undefined, | ||
| pathname: '', | ||
| search: '', | ||
| hash: '#access_token=foo' |
There was a problem hiding this comment.
why does hash includes the #? Same as port property, it shouldn't. It's already implied in the property name 😂
There was a problem hiding this comment.
Same as protocol above, browser parsing with URL includes the #
There was a problem hiding this comment.
yeah, it's what window.location.hash returns
| @@ -273,7 +273,8 @@ function extractAuthOptions(options) { | |||
| // if responseType was not set and there is a redirectUrl, it defaults to code. Otherwise token. | |||
| responseType = typeof responseType === 'string' ? responseType : redirectUrl ? 'code' : 'token'; | |||
| // now we set the default because we already did the validation | |||
| redirectUrl = redirectUrl || `${window.location.origin}${window.location.pathname}`; | |||
| redirectUrl = | |||
| redirectUrl || `${getOriginFromUrl(window.location.href)}${window.location.pathname}`; | |||
There was a problem hiding this comment.
does this alternative of not using window.location.origin work in every scenario?
There was a problem hiding this comment.
yes, if anything, it's way more reliable, since works across all browsers.
| expect(getOriginFromUrl(null)).toBe(undefined); | ||
| }); | ||
| it('should use an anchor to parse the url and return the origin', function() { | ||
| var url = 'https://test.com/example'; |
There was a problem hiding this comment.
pushed some tests with http
| @@ -1,5 +1,29 @@ | |||
| export function parseUrl(str) { | |||
There was a problem hiding this comment.
Is it breaking to remove this?
There was a problem hiding this comment.
nope. internal use only
| }); | ||
| }); | ||
| describe('getLocationFromUrl', function() { | ||
| const mapping = { |
There was a problem hiding this comment.
Might want to add a subdomain test here
| const mapping = { | ||
| 'https://localhost:3000/foo?id=1': { | ||
| href: 'https://localhost:3000/foo?id=1', | ||
| protocol: 'https:', |
There was a problem hiding this comment.
Actually, the function does return the protocol with a colon:
// http://banana.com
host:"banana.com"
hostname:"banana.com"
href:"http://banana.com"
protocol:"http:"
Wikipedia says that protocol is:
A non-empty scheme component followed by a colon
... which tells me that protocol should not include it. That said, type this into your console:
> window.location
...
< protocol: "https:"
The built-in URL object (MDN) has the colon so I think this is the right implementation. Again, in the console:
> var url = new URL(window.location.toString()); url;
...
< protocol: "https:"
| var url = 'https://test.com/example'; | ||
| expect(getOriginFromUrl(url)).toBe('https://test.com'); | ||
| }); | ||
| it('should use add the `port` when available', function() { |
| protocol: 'https:', | ||
| host: 'auth0.com', | ||
| hostname: 'auth0.com', | ||
| port: undefined, |
There was a problem hiding this comment.
It's text parsing, silly! No port in the text === no port found
| port: undefined, | ||
| pathname: '', | ||
| search: '', | ||
| hash: '#access_token=foo' |
There was a problem hiding this comment.
Same as protocol above, browser parsing with URL includes the #
| } | ||
|
|
||
| export function getOriginFromUrl(url) { | ||
| if (!url) { |
There was a problem hiding this comment.
You're catching an empty string here but ... 👇
src/utils/url_utils.js
Outdated
| return undefined; | ||
| } | ||
| var parsed = getLocationFromUrl(url); | ||
| var origin = parsed.protocol + '//' + parsed.hostname; |
There was a problem hiding this comment.
... this is also a source of an error if you just pass in a string:
> getLocationFromUrl('banana')
< null
If there is no match then null is returned.
There was a problem hiding this comment.
good catch. pushed a fix.
fix #1361