fixup! feat($http): support sending XSRF token to whitelisted origins

gkalpak · gkalpak · commit bb1796458ded · 2018-03-21T21:10:04.000+02:00
diff --git a/src/.eslintrc.json b/src/.eslintrc.json
@@ -161,7 +161,7 @@
     "urlResolve": false,
     "urlIsSameOrigin": false,
     "urlIsSameOriginAsBaseUrl": false,
-    "urlIsAllowedOriginChecker": false,
+    "urlIsAllowedOriginFactory": false,
 
     /* ng/controller.js */
     "identifierForController": false,
diff --git a/src/ng/http.js b/src/ng/http.js
@@ -391,9 +391,9 @@ function $HttpProvider() {
    * @name $httpProvider#xsrfWhitelistedOrigins
    * @description
    *
-   * Array containing URLs whose origins are considered trusted enough to receive the XSRF token.
-   * See the {@link ng.$http#security-considerations Security Considerations} sections for more
-   * details on XSRF.
+   * Array containing URLs whose origins are trusted to receive the XSRF token. See the
+   * {@link ng.$http#security-considerations Security Considerations} sections for more details on
+   * XSRF.
    *
    * **Note:** An "origin" consists of the [URI scheme](https://en.wikipedia.org/wiki/URI_scheme),
    * the [hostname](https://en.wikipedia.org/wiki/Hostname) and the
@@ -452,7 +452,7 @@ function $HttpProvider() {
     /**
      * A function to check request URLs against a list of allowed origins.
      */
-    var urlIsAllowedOrigin = urlIsAllowedOriginChecker(xsrfWhitelistedOrigins);
+    var urlIsAllowedOrigin = urlIsAllowedOriginFactory(xsrfWhitelistedOrigins);
 
     /**
      * @ngdoc service
@@ -824,7 +824,7 @@ function $HttpProvider() {
      * for added security.
      *
      * The header will &mdash; by default &mdash; **not** be set for cross-domain requests. This
-     * prevents unauthorized servers (e.g. malicious or compromized 3rd-party APIs) from gaining
+     * prevents unauthorized servers (e.g. malicious or compromised 3rd-party APIs) from gaining
      * access to your users' XSRF tokens and exposing them to Cross Site Request Forgery. If you
      * want to, you can whitelist additional origins to also receive the XSRF token, by adding them
      * to {@link ng.$httpProvider#xsrfWhitelistedOrigins xsrfWhitelistedOrigins}. This might be
diff --git a/src/ng/urlUtils.js b/src/ng/urlUtils.js
@@ -118,7 +118,7 @@ function urlIsSameOriginAsBaseUrl(requestUrl) {
  * @returns {Function} - A function that receives a URL (string or parsed URL object) and returns
  *     whether it is of an allowed origin.
  */
-function urlIsAllowedOriginChecker(whitelistedOriginUrls) {
+function urlIsAllowedOriginFactory(whitelistedOriginUrls) {
   var parsedAllowedOriginUrls = [originUrl].concat(whitelistedOriginUrls.map(urlResolve));
 
   /**
diff --git a/test/.eslintrc.json b/test/.eslintrc.json
@@ -153,7 +153,7 @@
     "urlResolve": false,
     "urlIsSameOrigin": false,
     "urlIsSameOriginAsBaseUrl": false,
-    "urlIsAllowedOriginChecker": false,
+    "urlIsAllowedOriginFactory": false,
 
     /* karma */
     "dump": false,
diff --git a/test/ng/urlUtilsSpec.js b/test/ng/urlUtilsSpec.js
@@ -58,12 +58,12 @@ describe('urlUtils', function() {
   });
 
 
-  describe('urlIsAllowedOriginChecker', function() {
+  describe('urlIsAllowedOriginFactory', function() {
     var origin = urlResolve(window.location.href);
     var urlIsAllowedOrigin;
 
     beforeEach(function() {
-      urlIsAllowedOrigin = urlIsAllowedOriginChecker([
+      urlIsAllowedOrigin = urlIsAllowedOriginFactory([
         'https://foo.com/',
         origin.protocol + '://bar.com:1337/'
       ]);
