Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make sure that ExpressRoute only matches same-origin requests #151

Closed
jeffposnick opened this issue Jan 13, 2017 · 1 comment
Closed

Make sure that ExpressRoute only matches same-origin requests #151

jeffposnick opened this issue Jan 13, 2017 · 1 comment
Assignees
@jeffposnick
Labels
Bug An issue with our existing, production codebase.

Comments

@jeffposnick
Copy link
Contributor

Right now the goog.routing.ExpessRoute just looks at .pathname of the request URL, and compares it to the path used to the configure the route.

This means that a request for https://cross-domain.com/path/to/file would match a route that was configured with new ExpressRoute({path: '/path/to/file', hander}), even if the service worker were served from https://example.com.

I think the decision was made not to support that additional origin configuration option that sw-toolbox supported, and which was pretty confusing. (@gauntface @addyosmani, can you confirm that's what we decided?)

I'll point out in the docs that ExpressRoute should only be used for same-origin routing, and if cross-origin routes are needed, something like RegExpRoute is a better choice.
@jeffposnick jeffposnick added Bug An issue with our existing, production codebase. hackday labels Jan 13, 2017
@jeffposnick jeffposnick self-assigned this Jan 13, 2017
@gauntface
Copy link

This sounds good to me.

I was never a fan of the origin parameter in sw-toolbox and I feel that developers should be more cautious with third party requests so LGTM.

@jeffposnick jeffposnick mentioned this issue Jan 18, 2017
Merged
@jeffposnick jeffposnick mentioned this issue Mar 8, 2017
Closed
@snyk-bot snyk-bot mentioned this issue Feb 1, 2020
Open
@snyk-bot snyk-bot mentioned this issue Mar 25, 2021
Open
@snyk-bot snyk-bot mentioned this issue Sep 16, 2021
Open
@snyk-bot snyk-bot mentioned this issue Sep 28, 2021
Open
@Jeremip11 Jeremip11 mentioned this issue May 13, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeffposnick jeffposnick

Labels
Bug An issue with our existing, production codebase.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gauntface @jeffposnick