From f73b9fd909e6e801c96c77d3807300ae5ed310c4 Mon Sep 17 00:00:00 2001
From: Jeff Posnick <jeffy@google.com>
Date: Wed, 18 Jan 2017 12:41:00 -0500
Subject: [PATCH 1/3] Add in same-origin check for ExpressRoute

---
 packages/sw-routing/src/lib/express-route.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/sw-routing/src/lib/express-route.js b/packages/sw-routing/src/lib/express-route.js
index f71325b39..d56d84355 100644
--- a/packages/sw-routing/src/lib/express-route.js
+++ b/packages/sw-routing/src/lib/express-route.js
@@ -71,8 +71,12 @@ class ExpressRoute extends Route {
     // https://github.com/pillarjs/path-to-regexp#usage
     const regExp = pathToRegExp(path, keys);
     const match = ({url}) => {
-      const regexpMatches = url.pathname.match(regExp);
+      // Return null immediately if we have a cross-origin request.
+      if (url.origin !== location.origin) {
+        return null;
+      }
 
+      const regexpMatches = url.pathname.match(regExp);
       // Return null immediately if this route doesn't match.
       if (!regexpMatches) {
         return null;

From db297626f417a275405bca4b4e1f7e9b787384aa Mon Sep 17 00:00:00 2001
From: Jeff Posnick <jeffy@google.com>
Date: Wed, 18 Jan 2017 16:46:38 -0500
Subject: [PATCH 2/3] Explicitly check for a '/' prefix and warn when it's not
 there.

---
 lib/error-factory.js                         |  2 +-
 packages/sw-routing/src/lib/error-factory.js | 24 ++++++++++++++++++++
 packages/sw-routing/src/lib/express-route.js |  6 +++--
 3 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 packages/sw-routing/src/lib/error-factory.js

diff --git a/lib/error-factory.js b/lib/error-factory.js
index 1c484f016..5dccc5685 100644
--- a/lib/error-factory.js
+++ b/lib/error-factory.js
@@ -37,7 +37,7 @@ class ErrorFactory {
       throw new Error(`Unable to generate error '${name}'.`);
     }
 
-    let message = this._errors[name];
+    let message = this._errors[name].replace(/\s+/g, ' ');
     let stack = null;
     if (thrownError) {
       message += ` [${thrownError.message}]`;
diff --git a/packages/sw-routing/src/lib/error-factory.js b/packages/sw-routing/src/lib/error-factory.js
new file mode 100644
index 000000000..baa016f87
--- /dev/null
+++ b/packages/sw-routing/src/lib/error-factory.js
@@ -0,0 +1,24 @@
+/*
+ Copyright 2016 Google Inc. All Rights Reserved.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+import ErrorFactory from '../../../../lib/error-factory';
+
+const errors = {
+  'express-route-requires-absolute-path': `When using ExpressRoute, you must
+    provide a path that starts with a '/' character. You can only match
+    same-origin requests. For more flexibility, use RegExpRoute.`
+};
+
+export default new ErrorFactory(errors);
diff --git a/packages/sw-routing/src/lib/express-route.js b/packages/sw-routing/src/lib/express-route.js
index d56d84355..4ce78b317 100644
--- a/packages/sw-routing/src/lib/express-route.js
+++ b/packages/sw-routing/src/lib/express-route.js
@@ -13,8 +13,8 @@
  limitations under the License.
 */
 
+import ErrorFactory from './error-factory';
 import Route from './route';
-import assert from '../../../../lib/assert';
 import pathToRegExp from 'path-to-regexp';
 
 /**
@@ -63,7 +63,9 @@ class ExpressRoute extends Route {
    *        HTTP method. Defaults to `'GET'` if not specified.
    */
   constructor({path, handler, method}) {
-    assert.isType({path}, 'string');
+    if (path.substring(0, 1) !== '/') {
+      throw ErrorFactory.createError('express-route-requires-absolute-path');
+    }
 
     let keys = [];
     // keys is populated as a side effect of pathToRegExp. This isn't the nicest

From b543d40f928d614c814c1624ae88d1a93ba0b2df Mon Sep 17 00:00:00 2001
From: Jeff Posnick <jeffy@google.com>
Date: Thu, 19 Jan 2017 11:33:56 -0500
Subject: [PATCH 3/3] Linting fix

---
 packages/sw-routing/src/lib/error-factory.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/sw-routing/src/lib/error-factory.js b/packages/sw-routing/src/lib/error-factory.js
index baa016f87..a2c1205ff 100644
--- a/packages/sw-routing/src/lib/error-factory.js
+++ b/packages/sw-routing/src/lib/error-factory.js
@@ -18,7 +18,7 @@ import ErrorFactory from '../../../../lib/error-factory';
 const errors = {
   'express-route-requires-absolute-path': `When using ExpressRoute, you must
     provide a path that starts with a '/' character. You can only match
-    same-origin requests. For more flexibility, use RegExpRoute.`
+    same-origin requests. For more flexibility, use RegExpRoute.`,
 };
 
 export default new ErrorFactory(errors);