Dont falsely report protocol relative href urls as violating the mixe…

…d-content rule
Munter · Feb 8, 2017 · 6b8c82e · 6b8c82e
1 parent 998b075
commit 6b8c82e
Showing 1 changed file with 4 additions and 8 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -95,11 +95,11 @@ module.exports = function (options) {
         });
 
         if (secureSourceRelations.length > 0) {
-            var hasInsecureTarget = url.indexOf('https:') !== 0 || redirects.some(function (redirect) {
-                return redirect.redirectUri.indexOf('https:') !== 0;
+            var hasSecureTarget = /^(?:https:)?\/\//.test(url) && redirects.every(function (redirect) {
+                return /^(?:https:)?\/\//.test(redirect.redirectUri);
             });
 
-            if (hasInsecureTarget) {
+            if (!hasSecureTarget) {
                 var insecureLog = [].concat({ redirectUri: url }, redirects).map(function (item, idx, arr) {
                     if (arr[idx + 1]) {
                         item.statusCode = arr[idx + 1].statusCode;
@@ -250,11 +250,7 @@ module.exports = function (options) {
                 crossorigin: true,
                 href: /^(?:https?:)?\/\//
             }, true), function (relation) {
-                var url = relation.href.replace(/#.*$/, '');
-
-                if (relation.hrefType === 'protocolRelative') {
-                    url = 'http:' + url;
-                }
+                var url = relation.to.url.replace(/#.*$/, '');
 
                 return url;
             });