diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:42:13 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-06-30 11:42:37 +0000 |
commit | 33e4d44c11427a31ada41e7a0757d35f03d62ce7 (patch) | |
tree | e098358958160304d5896eb4e145fe8728d1866f /app/assets/javascripts/lib | |
parent | 814aa80c3a0af2b1eaa402116cff49dd14fda2dd (diff) | |
download | gitlab-ce-33e4d44c11427a31ada41e7a0757d35f03d62ce7.tar.gz |
Add latest changes from gitlab-org/security/gitlab@14-0-stable-ee
Diffstat (limited to 'app/assets/javascripts/lib')
-rw-r--r-- | app/assets/javascripts/lib/utils/url_utility.js | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/app/assets/javascripts/lib/utils/url_utility.js b/app/assets/javascripts/lib/utils/url_utility.js index 48abc072675..d68b41b7f7a 100644 --- a/app/assets/javascripts/lib/utils/url_utility.js +++ b/app/assets/javascripts/lib/utils/url_utility.js @@ -545,3 +545,27 @@ export function getURLOrigin(url) { return null; } } + +/** + * Returns `true` if the given `url` resolves to the same origin the page is served + * from; otherwise, returns `false`. + * + * The `url` may be absolute or relative. + * + * @param {string} url The URL to check. + * @returns {boolean} + */ +export function isSameOriginUrl(url) { + if (typeof url !== 'string') { + return false; + } + + const { origin } = window.location; + + try { + return new URL(url, origin).origin === origin; + } catch { + // Invalid URLs cannot have the same origin + return false; + } +} |