Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:42:13 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-06-30 11:42:37 +0000
commit: 33e4d44c11427a31ada41e7a0757d35f03d62ce7 (patch)
tree: e098358958160304d5896eb4e145fe8728d1866f /app/assets/javascripts/lib
parent: 814aa80c3a0af2b1eaa402116cff49dd14fda2dd (diff)
download: gitlab-ce-33e4d44c11427a31ada41e7a0757d35f03d62ce7.tar.gz
1 files changed, 24 insertions, 0 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js
index 48abc072675..d68b41b7f7a 100644
--- a/app/assets/javascripts/lib/utils/url_utility.js
+++ b/app/assets/javascripts/lib/utils/url_utility.js
@@ -545,3 +545,27 @@ export function getURLOrigin(url) {
     return null;
   }
 }
+
+/**
+ * Returns `true` if the given `url` resolves to the same origin the page is served
+ * from; otherwise, returns `false`.
+ *
+ * The `url` may be absolute or relative.
+ *
+ * @param {string} url The URL to check.
+ * @returns {boolean}
+ */
+export function isSameOriginUrl(url) {
+  if (typeof url !== 'string') {
+    return false;
+  }
+
+  const { origin } = window.location;
+
+  try {
+    return new URL(url, origin).origin === origin;
+  } catch {
+    // Invalid URLs cannot have the same origin
+    return false;
+  }
+}
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:42:13 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-06-30 11:42:37 +0000
commit	33e4d44c11427a31ada41e7a0757d35f03d62ce7 (patch)
tree	e098358958160304d5896eb4e145fe8728d1866f /app/assets/javascripts/lib
parent	814aa80c3a0af2b1eaa402116cff49dd14fda2dd (diff)
download	gitlab-ce-33e4d44c11427a31ada41e7a0757d35f03d62ce7.tar.gz