Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Network: use the current location to prevent errors when using CSP headers

Browse Source 
When using content security headers to restrict connections to the same origin,
you may not make connections to `example.com`. This feature detection also
works with a request to the current location.
This commit is contained in:
Job van der Weiden 2017-03-03 23:18:51 +01:00 committed by Tim van der Meij
parent 25f772a255
commit a05115d2ec
No known key found for this signature in database
GPG Key ID: 8C3FD2925A5F2762
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/core/network.js
View File

@ -31,6 +31,8 @@ if (typeof PDFJSDev !== 'undefined' && PDFJSDev.test('FIREFOX || MOZCENTRAL')) {
'be used with FIREFOX or MOZCENTRAL build.');
}
var globalScope = sharedUtil.globalScope;
var OK_RESPONSE = 200;
var PARTIAL_CONTENT_RESPONSE = 206;
@ -74,7 +76,7 @@ if (typeof PDFJSDev !== 'undefined' && PDFJSDev.test('FIREFOX || MOZCENTRAL')) {
// blocked, e.g. via the connect-src CSP directive or the NoScript addon.
// When this error occurs, this feature detection method will mistakenly
// report that moz-chunked-arraybuffer is not supported in Firefox 37-.
x.open('GET', 'https://example.com');
x.open('GET', globalScope.location.href);
x.responseType = 'moz-chunked-arraybuffer';
return x.responseType === 'moz-chunked-arraybuffer';
} catch (e) {