From 2864eb49f55895a7d1d4e08d7f2b7259d263b2db Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Sat, 3 Jun 2017 00:19:43 -0400 Subject: [PATCH 1/3] fix: bootstrap check with alternate anchor properties microsoft edge does not support the origin property on anchor elements, so bootstrapping fails for edge extensions. this fix simply changes the bootstrap origin check to use supported anchor properties while having the same effect closes #16030 --- src/Angular.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Angular.js b/src/Angular.js index e6bd34013b0f..923b95919b5a 100644 --- a/src/Angular.js +++ b/src/Angular.js @@ -1517,7 +1517,8 @@ function allowAutoBootstrap(document) { var link = document.createElement('a'); link.href = src.value; - if (document.location.origin === link.origin) { + if (document.location.protocol === link.protocol && document.location.host === link.host && + document.location.port === link.port) { // Same-origin resources are always allowed, even for non-whitelisted schemes. return true; } From bcc82fd3b8049b333f2279ddc1dddfe7bd0b4476 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Sat, 3 Jun 2017 10:29:31 -0400 Subject: [PATCH 2/3] fix: bootstrap check with hostname rather than host `host` already includes port so be more explicit with `hostname` closes #16030 --- src/Angular.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Angular.js b/src/Angular.js index 923b95919b5a..56e41270fcc1 100644 --- a/src/Angular.js +++ b/src/Angular.js @@ -1517,7 +1517,7 @@ function allowAutoBootstrap(document) { var link = document.createElement('a'); link.href = src.value; - if (document.location.protocol === link.protocol && document.location.host === link.host && + if (document.location.protocol === link.protocol && document.location.hostname === link.hostname && document.location.port === link.port) { // Same-origin resources are always allowed, even for non-whitelisted schemes. return true; From 1607ba95e055e910e2123655e03625af68d28167 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Sat, 3 Jun 2017 21:40:38 -0400 Subject: [PATCH 3/3] fix: bootstrap check with alternate anchor properties tests tests were outdated and still constructing fake doc with only a protocol and origin property closes #16030 --- test/AngularSpec.js | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/test/AngularSpec.js b/test/AngularSpec.js index bb8ca7a8def6..0e3de60e7fbf 100644 --- a/test/AngularSpec.js +++ b/test/AngularSpec.js @@ -1716,7 +1716,8 @@ describe('angular', function() { function createFakeDoc(attrs, protocol, currentScript) { protocol = protocol || 'http:'; - var origin = protocol + '//something'; + var hostname = 'something'; + var origin = protocol + '//' + hostname; if (currentScript === undefined) { currentScript = document.createElement('script'); @@ -1726,7 +1727,7 @@ describe('angular', function() { // Fake a minimal document object (the actual document.currentScript is readonly). return { currentScript: currentScript, - location: {protocol: protocol, origin: origin}, + location: {protocol: protocol, origin: origin, hostname: hostname, host: hostname, port: ''}, createElement: document.createElement.bind(document) }; } @@ -1749,20 +1750,9 @@ describe('angular', function() { } - if (protocol === 'ms-browser-extension:') { - // Support: Edge 13-15 - // In Edge, URLs with protocol 'ms-browser-extension:' return "null" for the origin, - // therefore it's impossible to know if a script is same-origin. - it('should not bootstrap for same-origin documents', function() { - expect(allowAutoBootstrap(createFakeDoc({src: protocol + '//something'}, protocol))).toBe(false); - }); - - } else { - it('should bootstrap for same-origin documents', function() { - - expect(allowAutoBootstrap(createFakeDoc({src: protocol + '//something'}, protocol))).toBe(true); - }); - } + it('should bootstrap for same-origin documents', function() { + expect(allowAutoBootstrap(createFakeDoc({src: protocol + '//something'}, protocol))).toBe(true); + }); it('should not bootstrap for cross-origin documents', function() { expect(allowAutoBootstrap(createFakeDoc({src: protocol + '//something-else'}, protocol))).toBe(false);