sameHost check with https: urls
Closed this issue · 5 comments
finchi commented
Hello,
I encountered an issue with a CDN that blocked the x-csrf-token header. Since the CDN and the requesting site have different hostnames, I was initially confused about where the problem was originating.
After reviewing the code, I found the following line and was wondering why https: is not included here:
request.js/src/fetch_request.js
Line 52 in f3460a1
Is this an oversight, or is there another reason for omitting https:?
t27duck commented
Yep, probably an oversight. I'll see if I can get a PR going shortly. If I can't (at my day job right now) it'll be later this evening.