iLoveElysia/pjax
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity

Could not handle 301/302 redirect probably. #216

New Issue
Closed
opened 2019-09-15 05:47:54 -05:00 by KawaiiZapic · 1 comment
KawaiiZapic commented 2019-09-15 05:47:54 -05:00 (Migrated from github.com)
Copy Link

When a target of a link try to make a 301/302 redirect to other site that not in this domain,PJAX will also try to request it and blocked by the browser for security reason.
And user will not get a probably redirect.

For an example:
On http://www.example.com/index.html ,there is a link to http://www.example.com/login.html .
But the login.html made a 301 redirect to http://login.example.net/login.php ,and this script could not redirect to login.php probably.

When a target of a link try to make a 301/302 redirect to other site that not in this domain,PJAX will also try to request it and blocked by the browser for security reason. And user will not get a probably redirect. For an example: On http://www.example.com/index.html ,there is a link to http://www.example.com/login.html . But the login.html made a 301 redirect to http://login.example.net/login.php ,and this script could not redirect to login.php probably.
iangreenleaf commented 2021-01-14 14:50:37 -05:00 (Migrated from github.com)
Copy Link

I just ran into this recently. It's a tough one because browsers handle redirects transparently in XmlHttpRequest, so the PJAX JS can't stop the request from going to the external URL (and probably erroring on a CORS failure). To fix this without server modifications, I think this script would need to migrate to the fetch API, which has more control over redirect behavior.

Because I do have control over my server, I was able to work around it as follows:

  1. On the server, when redirecting I check for the x-pjax header. If it's present, instead of returning a 301/302 I return a 204 with a x-pjax-location header set (the name of this header can be anything, I'm the only one using it).
  2. On the client, I added this: 
      pjax._handleResponse = pjax.handleResponse;

  pjax.handleResponse = function(responseText, request, href, options) {
    var redirect = request.getResponseHeader("x-pjax-location")
    if (redirect) {
      window.location = redirect
    } else {
      pjax._handleResponse(responseText, request, href, options);
    }
  }
I just ran into this recently. It's a tough one because browsers handle redirects transparently in `XmlHttpRequest`, so the PJAX JS can't stop the request from going to the external URL (and probably erroring on a CORS failure). To fix this without server modifications, I think this script would need to migrate to the `fetch` API, which has more control over redirect behavior. Because I do have control over my server, I was able to work around it as follows: 1. On the server, when redirecting I check for the `x-pjax` header. If it's present, instead of returning a 301/302 I return a 204 with a `x-pjax-location` header set (the name of this header can be anything, I'm the only one using it). 2. On the client, I added this: ```javascript pjax._handleResponse = pjax.handleResponse; pjax.handleResponse = function(responseText, request, href, options) { var redirect = request.getResponseHeader("x-pjax-location") if (redirect) { window.location = redirect } else { pjax._handleResponse(responseText, request, href, options); } } ```
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
dependencies
Pull requests that update a dependency file
 duplicate
enhancement
invalid
question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
iLoveElysia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: iLoveElysia/pjax#216
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?