forked from bazaarvoice/bv-ui-core
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.js
95 lines (82 loc) · 3.01 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
/**
* @fileOverview
* The DomainPolice module is used to provide validation that content is only
* being loaded on authorized domains.
*/
/**
* Returns true if the hostname is an exact match for a specific domain or a
* suffix match for a wildcard domain (domain starts with a '.').
*
* @param {String} domain Domain to check.
* @param {String} hostname Hostname to check against.
* @return {Boolean}
*/
function domainMatches (domain, hostname) {
if (domain && (domain.charAt(0) === '.') && hostname) {
// domainMatches('.domain.com', 'sub.domain.com') and
// domainMatches('.sub.domain.com', 'sub.domain.com') are both true.
var index = ('.' + hostname).lastIndexOf(domain);
return index >= 0 && index === (1 + hostname.length - domain.length);
}
return hostname === domain || hostname === ('www.' + domain);
}
/**
* Returns the matching domain object if the hostname of the specified URL
* matches one of the specified domains.
*
* @param {Array} domains The set of domain objects to check the URL against
* @param {String} hostname The hostname to check
* @return {Object} The matching domain object from the array of provided domains
*/
function allowedDomain (domains, hostname) {
var matchedDomain;
for (var i = 0; i < domains.length; i++) {
if (domainMatches(domains[i].domain, hostname)) {
matchedDomain = domains[i];
return matchedDomain;
}
}
// No match found, explicitly returning undefined
return undefined;
}
/**
* Returns an object that represents a found domain, including the ability to get various attributes off of the associated object from the domains array.
*
* @param {Array} domains The set of domain objects to check the URL against
* @param {String} hostname The hostname to be checked against. Preferably sourced by using window.location.hostname.
* @return {Object} An object representing the state of the matched domain
*/
function domainPolice (domains, hostname) {
var domainState = {};
var domain = {
isValid: false,
get: function (key) {
return domainState[key];
}
};
var domainObject = allowedDomain(domains, hostname);
// If we have a matching domain
if (domainObject) {
domain.isValid = true;
// Manually copying keys, because I can't safely use Object.assign
// or the npm object-assign module, or even lodash.assign/lodash.extend,
// as they're assuming ES5 environments.
//
// TODO: Once we drop IE11, simplify.
for (var key in domainObject) {
if (domainObject.hasOwnProperty(key)) {
domainState[key] = domainObject[key];
}
}
// Special case: If the domain is a valid IPv4 address,
// remove the leading period.
// The return value here should be used when setting a cookie, and IPv4
// addresses with a prefixed period do not work for cookie setting like
// they do for domains.
if (domainState.domain.match(/^(\.\d+){4}$/)) {
domainState.domain = domainState.domain.substr(1);
}
}
return domain;
}
module.exports = domainPolice;