Innovenergy_trunk/frontend/node_modules/testcafe-hammerhead/lib/request-pipeline/same-origin-policy.js

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.shouldOmitCredentials = exports.check = void 0;
const builtin_header_names_1 = __importDefault(require("./builtin-header-names"));
const lodash_1 = require("lodash");
const url_1 = require("../utils/url");
// NOTE: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
function check(ctx) {
    const reqOrigin = ctx.dest.reqOrigin;
    // PASSED: Same origin.
    if (ctx.dest.domain === reqOrigin)
        return true;
    const withCredentials = ctx.dest.credentials === url_1.Credentials.include;
    const allowOriginHeader = ctx.destRes.headers[builtin_header_names_1.default.accessControlAllowOrigin];
    const allowCredentialsHeader = ctx.destRes.headers[builtin_header_names_1.default.accessControlAllowCredentials];
    const allowCredentials = String(allowCredentialsHeader).toLowerCase() === 'true';
    const allowedOrigins = (0, lodash_1.castArray)(allowOriginHeader);
    const wildcardAllowed = allowedOrigins.includes('*');
    // FAILED: Destination server doesn't provide the Access-Control-Allow-Origin header.
    // So cross-domain requests are denied
    if (!allowOriginHeader)
        return false;
    // FAILED: Credentialed requests are not allowed or wild carding was used
    // for the allowed origin (credentialed requests should specify the exact domain).
    if (withCredentials && (!allowCredentials || wildcardAllowed))
        return false;
    // FINAL CHECK: The request origin should match one of the allowed origins.
    return wildcardAllowed || allowedOrigins.includes(reqOrigin);
}
exports.check = check;
function shouldOmitCredentials(ctx) {
    switch (ctx.dest.credentials) {
        case url_1.Credentials.omit:
            return true;
        case url_1.Credentials.sameOrigin:
            return ctx.dest.reqOrigin !== ctx.dest.domain;
        case url_1.Credentials.include:
            return false;
        default:
            return false;
    }
}
exports.shouldOmitCredentials = shouldOmitCredentials;
adding untracked frontend and typescript files 2023-02-21 06:27:20 +00:00			`"use strict";`
			`var __importDefault = (this && this.__importDefault) \|\| function (mod) {`
			`return (mod && mod.__esModule) ? mod : { "default": mod };`
			`};`
			`Object.defineProperty(exports, "__esModule", { value: true });`
			`exports.shouldOmitCredentials = exports.check = void 0;`
			`const builtin_header_names_1 = __importDefault(require("./builtin-header-names"));`
			`const lodash_1 = require("lodash");`
			`const url_1 = require("../utils/url");`
			`// NOTE: https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS`
			`function check(ctx) {`
			`const reqOrigin = ctx.dest.reqOrigin;`
			`// PASSED: Same origin.`
			`if (ctx.dest.domain === reqOrigin)`
			`return true;`
			`const withCredentials = ctx.dest.credentials === url_1.Credentials.include;`
			`const allowOriginHeader = ctx.destRes.headers[builtin_header_names_1.default.accessControlAllowOrigin];`
			`const allowCredentialsHeader = ctx.destRes.headers[builtin_header_names_1.default.accessControlAllowCredentials];`
			`const allowCredentials = String(allowCredentialsHeader).toLowerCase() === 'true';`
			`const allowedOrigins = (0, lodash_1.castArray)(allowOriginHeader);`
			`const wildcardAllowed = allowedOrigins.includes('*');`
			`// FAILED: Destination server doesn't provide the Access-Control-Allow-Origin header.`
			`// So cross-domain requests are denied`
			`if (!allowOriginHeader)`
			`return false;`
			`// FAILED: Credentialed requests are not allowed or wild carding was used`
			`// for the allowed origin (credentialed requests should specify the exact domain).`
			`if (withCredentials && (!allowCredentials \|\| wildcardAllowed))`
			`return false;`
			`// FINAL CHECK: The request origin should match one of the allowed origins.`
			`return wildcardAllowed \|\| allowedOrigins.includes(reqOrigin);`
			`}`
			`exports.check = check;`
			`function shouldOmitCredentials(ctx) {`
			`switch (ctx.dest.credentials) {`
			`case url_1.Credentials.omit:`
			`return true;`
			`case url_1.Credentials.sameOrigin:`
			`return ctx.dest.reqOrigin !== ctx.dest.domain;`
			`case url_1.Credentials.include:`
			`return false;`
			`default:`
			`return false;`
			`}`
			`}`
			`exports.shouldOmitCredentials = shouldOmitCredentials;`