detect cross-origin requests

Author: steffans

src/http.js

@@ -9,9 +9,12 @@ var jsonType = {'Content-Type': 'application/json;charset=utf-8'};
 
 module.exports = function (Vue) {
 
+    var Url = Vue.url;
+    var originUrl = Url.parse(location.href);
+
     function Http(url, options) {
 
-        var self = this, headers, promise;
+        var self = this, promise;
 
         options = options || {};
 
@@ -20,21 +23,45 @@ module.exports = function (Vue) {
             url = '';
         }
 
-        headers = _.extend({},
-            Http.headers.common,
-            Http.headers[options.method.toLowerCase()]
+        options = _.extend(true, {url: url},
+            Http.options, _.options('http', this, options)
         );
 
-        options = _.extend(true, {url: url, headers: headers},
-            Http.options, _.options('http', this, options)
+        if (options.crossOrigin === null) {
+            options.crossOrigin = crossOrigin(options.url);
+        }
+
+        options.headers = _.extend({},
+            Http.headers.common,
+            !options.crossOrigin ? Http.headers.custom : {},
+            Http.headers[options.method.toLowerCase()],
+            options.headers
         );
 
         if (_.isPlainObject(options.data) && /^(get|jsonp)$/i.test(options.method)) {
             _.extend(options.params, options.data);
             delete options.data;
         }
 
-        promise = (options.method.toLowerCase() == 'jsonp' ? jsonp : xhr).call(this, this.$url || Vue.url, options);
+        if (options.emulateHTTP && !option.crossOrigin && /^(put|patch|delete)$/i.test(options.method)) {
+            options.headers['X-HTTP-Method-Override'] = options.method;
+            options.method = 'post';
+        }
+
+        if (options.emulateJSON && _.isPlainObject(options.data)) {
+            options.headers['Content-Type'] = 'application/x-www-form-urlencoded';
+            options.data = Url.params(options.data);
+        }
+
+        if (_.isObject(options.data) && /FormData/i.test(options.data.toString())) {
+            delete options.headers['Content-Type'];
+        }
+
+        if (_.isPlainObject(options.data)) {
+            options.data = JSON.stringify(options.data);
+        }
+
+        promise = (options.method.toLowerCase() == 'jsonp' ? jsonp : xhr).call(this, this.$url || Url, options);
 
         promise.then(transformResponse, transformResponse);
 
@@ -88,12 +115,20 @@ module.exports = function (Vue) {
 
     }
 
+    function crossOrigin(url) {
+
+        var requestUrl = Url.parse(url);
+
+        return (requestUrl.protocol !== originUrl.protocol || requestUrl.host !== originUrl.host);
+    }
+
     Http.options = {
         method: 'get',
         params: {},
         data: '',
         jsonp: 'callback',
         beforeSend: null,
+        crossOrigin: null,
         emulateHTTP: false,
         emulateJSON: false
     };
@@ -103,10 +138,8 @@ module.exports = function (Vue) {
         post: jsonType,
         patch: jsonType,
         delete: jsonType,
-        common: {
-            'Accept': 'application/json, text/plain, */*',
-            'X-Requested-With': 'XMLHttpRequest'
-        }
+        common: {'Accept': 'application/json, text/plain, */*'},
+        custom: {'X-Requested-With': 'XMLHttpRequest'}
     };
 
     ['get', 'put', 'post', 'patch', 'delete', 'jsonp'].forEach(function (method) {

src/lib/xhr.js

@@ -13,24 +13,6 @@ module.exports = function (url, options) {
         options.beforeSend.call(this, request, options);
     }
 
-    if (options.emulateHTTP && /^(put|patch|delete)$/i.test(options.method)) {
-        options.headers['X-HTTP-Method-Override'] = options.method;
-        options.method = 'post';
-    }
-
-    if (options.emulateJSON && _.isPlainObject(options.data)) {
-        options.headers['Content-Type'] = 'application/x-www-form-urlencoded';
-        options.data = url.params(options.data);
-    }
-
-    if (_.isObject(options.data) && /FormData/i.test(options.data.toString())) {
-        delete options.headers['Content-Type'];
-    }
-
-    if (_.isPlainObject(options.data)) {
-        options.data = JSON.stringify(options.data);
-    }
-
     promise = new Promise(function (resolve, reject) {
 
         request.open(options.method, url(options), true);

src/resource.js

@@ -67,7 +67,7 @@ module.exports = function (Vue) {
 
                 if (_.isFunction (args[0])) {
                     success = args[0];
-                } else if (/^(POST|PUT|PATCH)$/i.test(options.method)) {
+                } else if (/^(post|put|patch)$/i.test(options.method)) {
                     data = args[0];
                 } else {
                     params = args[0];
@@ -101,11 +101,11 @@ module.exports = function (Vue) {
 
     Resource.actions = {
 
-        get: {method: 'GET'},
-        save: {method: 'POST'},
-        query: {method: 'GET'},
-        remove: {method: 'DELETE'},
-        delete: {method: 'DELETE'}
+        get: {method: 'get'},
+        save: {method: 'post'},
+        query: {method: 'get'},
+        remove: {method: 'delete'},
+        delete: {method: 'delete'}
 
     };
 

src/url.js

@@ -3,6 +3,7 @@
  */
 
 var _ = require('./lib/util');
+var el = document.createElement('a');
 
 module.exports = function (Vue) {
 
@@ -93,16 +94,17 @@ module.exports = function (Vue) {
 
     Url.parse = function (url) {
 
-        var pattern = new RegExp("^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\\?([^#]*))?(?:#(.*))?"),
-            matches = url.match(pattern);
+        el.href = url;
 
         return {
-            url: url,
-            scheme: matches[1] || '',
-            host: matches[2] || '',
-            path: matches[3] || '',
-            query: matches[4] || '',
-            fragment: matches[5] || ''
+            href: el.href,
+            protocol: el.protocol ? el.protocol.replace(/:$/, '') : '',
+            port: el.port,
+            host: el.host,
+            hostname: el.hostname,
+            pathname: el.pathname.charAt(0) === '/' ? el.pathname : '/' + el.pathname,
+            search: el.search ? el.search.replace(/^\?/, '') : '',
+            hash: el.hash ? el.hash.replace(/^#/, '') : ''
         };
     };