fixup! feat($http): support sending XSRF token to whitelisted origins

Author: gkalpak

src/ng/http.js

@@ -397,12 +397,14 @@ function $HttpProvider() {
    *
    * **Note:** An "origin" consists of the [URI scheme](https://en.wikipedia.org/wiki/URI_scheme),
    * the [hostname](https://en.wikipedia.org/wiki/Hostname) and the
-   * [port number](https://en.wikipedia.org/wiki/Port_(computer_networking).
+   * [port number](https://en.wikipedia.org/wiki/Port_(computer_networking). For `http:` and
+   * `https:`, the port number can be omitted if using th default ports (80 and 443 respectively).
+   * Examples: `http://example.com`, `https://api.example.com:9876`
    *
    * <div class="alert alert-warning">
    *   It is not possible to whitelist specific URLs/paths. The `path`, `query` and `fragment` parts
    *   of a URL will be ignored. For example, `https://foo.com/path/bar?query=baz#fragment` will be
-   *   treated as `https://foo.com/`, meaning that **all** requests to URLs starting with
+   *   treated as `https://foo.com`, meaning that **all** requests to URLs starting with
    *   `https://foo.com/` will include the XSRF token.
    * </div>
    *
@@ -413,7 +415,7 @@ function $HttpProvider() {
    * angular.
    *   module('xsrfWhitelistedOriginsExample', []).
    *   config(['$httpProvider', function($httpProvider) {
-   *     $httpProvider.xsrfWhitelistedOrigins.push('https://api.example.com/');
+   *     $httpProvider.xsrfWhitelistedOrigins.push('https://api.example.com');
    *   }]).
    *   run(['$http', function($http) {
    *     // The XSRF token will be sent.

test/ng/httpSpec.js

@@ -2213,7 +2213,9 @@ describe('$http', function() {
     var $httpBackend;
 
     beforeEach(module(function($httpProvider) {
-      $httpProvider.xsrfWhitelistedOrigins.push('https://whitelisted.example.com/');
+      $httpProvider.xsrfWhitelistedOrigins.push(
+          'https://whitelisted.example.com',
+          'https://whitelisted2.example.com:1337/ignored/path');
     }));
 
     beforeEach(inject(function(_$http_, _$httpBackend_) {
@@ -2308,15 +2310,19 @@ describe('$http', function() {
       function checkHeaders(headers) {
         return isUndefined(headers['X-XSRF-TOKEN']);
       }
-      var currentUrl = 'https://example.com/path';
-      var requestUrl = 'https://api.example.com/path';
+      var requestUrls = [
+        'https://api.example.com/path',
+        'http://whitelisted.example.com',
+        'https://whitelisted2.example.com:1338'
+      ];
 
       mockedCookies['XSRF-TOKEN'] = 'secret';
-      $httpBackend.expect('GET', requestUrl, null, checkHeaders).respond(null);
 
-      $http.get(requestUrl);
-
-      $httpBackend.flush();
+      requestUrls.forEach(function(url) {
+        $httpBackend.expect('GET', url, null, checkHeaders).respond(null);
+        $http.get(url);
+        $httpBackend.flush();
+      });
     });
 
 
@@ -2326,16 +2332,19 @@ describe('$http', function() {
           return headers['X-XSRF-TOKEN'] === 'secret';
         }
         var currentUrl = 'https://example.com/path';
-        var requestUrl = 'https://whitelisted.example.com/path';
+        var requestUrls = [
+          'https://whitelisted.example.com/path',
+          'https://whitelisted2.example.com:1337/path'
+        ];
 
         $browser.url(currentUrl);
-
         mockedCookies['XSRF-TOKEN'] = 'secret';
-        $httpBackend.expect('GET', requestUrl, null, checkHeaders).respond(null);
 
-        $http.get(requestUrl);
-
-        $httpBackend.flush();
+        requestUrls.forEach(function(url) {
+          $httpBackend.expect('GET', url, null, checkHeaders).respond(null);
+          $http.get(url);
+          $httpBackend.flush();
+        });
       })
     );
   });