From a05115d2ec27866ccf16cc4c550f225f054037fd Mon Sep 17 00:00:00 2001
From: Job van der Weiden <job@2gears.com>
Date: Fri, 3 Mar 2017 23:18:51 +0100
Subject: [PATCH] Network: use the current location to prevent errors when
 using CSP headers

When using content security headers to restrict connections to the same origin,
you may not make connections to `example.com`. This feature detection also
works with a request to the current location.
---
 src/core/network.js | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core/network.js b/src/core/network.js
index cf86e0be7..ad4fb1028 100644
--- a/src/core/network.js
+++ b/src/core/network.js
@@ -31,6 +31,8 @@ if (typeof PDFJSDev !== 'undefined' && PDFJSDev.test('FIREFOX || MOZCENTRAL')) {
                   'be used with FIREFOX or MOZCENTRAL build.');
 }
 
+  var globalScope = sharedUtil.globalScope;
+
   var OK_RESPONSE = 200;
   var PARTIAL_CONTENT_RESPONSE = 206;
 
@@ -74,7 +76,7 @@ if (typeof PDFJSDev !== 'undefined' && PDFJSDev.test('FIREFOX || MOZCENTRAL')) {
       // blocked, e.g. via the connect-src CSP directive or the NoScript addon.
       // When this error occurs, this feature detection method will mistakenly
       // report that moz-chunked-arraybuffer is not supported in Firefox 37-.
-      x.open('GET', 'https://example.com');
+      x.open('GET', globalScope.location.href);
       x.responseType = 'moz-chunked-arraybuffer';
       return x.responseType === 'moz-chunked-arraybuffer';
     } catch (e) {