Move the isSameOrigin helper function

This function is currently placed in the `src/shared/util.js` file, which means that the code is duplicated in both of the *built* `pdf.js` and `pdf.worker.js` files. Furthermore, it only has a single call-site which is also specific to the `GENERIC`-build of the PDF.js library. Hence this helper function is instead moved into the `src/display/api.js` file, in such a way that it's conditionally defined but still can be unit-tested.
2025-04-22 16:18:08 +02:00 · 2022-03-10 13:37:21 +01:00 · 2022-03-10 13:37:21 +01:00 · 537ed37835
commit 537ed37835
parent ee39499a5a
4 changed files with 49 additions and 46 deletions
--- a/src/display/api.js
+++ b/src/display/api.js
@ -26,7 +26,6 @@ import {
  info,
  InvalidPDFException,
  isArrayBuffer,
-  isSameOrigin,
  MissingPDFException,
  PasswordException,
  RenderingIntentFlag,
@ -1959,7 +1958,7 @@ const PDFWorkerUtil = {
  fallbackWorkerSrc: null,
  fakeWorkerId: 0,
 };
-if (typeof PDFJSDev !== "undefined" && PDFJSDev.test("GENERIC")) {
+if (typeof PDFJSDev === "undefined" || PDFJSDev.test("GENERIC")) {
  // eslint-disable-next-line no-undef
  if (isNodeJS && typeof __non_webpack_require__ === "function") {
    // Workers aren't supported in Node.js, force-disabling them there.
@ -1978,6 +1977,22 @@ if (typeof PDFJSDev !== "undefined" && PDFJSDev.test("GENERIC")) {
    }
  }

+  // Check if URLs have the same origin. For non-HTTP based URLs, returns false.
+  PDFWorkerUtil.isSameOrigin = function (baseUrl, otherUrl) {
+    let base;
+    try {
+      base = new URL(baseUrl);
+      if (!base.origin || base.origin === "null") {
+        return false; // non-HTTP url
+      }
+    } catch (e) {
+      return false;
+    }
+
+    const other = new URL(otherUrl, base);
+    return base.origin === other.origin;
+  };
+
  PDFWorkerUtil.createCDNWrapper = function (url) {
    // We will rely on blob URL's property to specify origin.
    // We want this function to fail in case if createObjectURL or Blob do not
@ -2079,7 +2094,7 @@ class PDFWorker {
        if (
          typeof PDFJSDev !== "undefined" &&
          PDFJSDev.test("GENERIC") &&
-          !isSameOrigin(window.location.href, workerSrc)
+          !PDFWorkerUtil.isSameOrigin(window.location.href, workerSrc)
        ) {
          workerSrc = PDFWorkerUtil.createCDNWrapper(
            new URL(workerSrc, window.location).href
@ -3370,6 +3385,7 @@ export {
  PDFDocumentProxy,
  PDFPageProxy,
  PDFWorker,
+  PDFWorkerUtil,
  RenderTask,
  setPDFNetworkStreamFactory,
  version,
--- a/src/shared/util.js
+++ b/src/shared/util.js
@ -411,22 +411,6 @@ function assert(cond, msg) {
  }
 }

-// Checks if URLs have the same origin. For non-HTTP based URLs, returns false.
-function isSameOrigin(baseUrl, otherUrl) {
-  let base;
-  try {
-    base = new URL(baseUrl);
-    if (!base.origin || base.origin === "null") {
-      return false; // non-HTTP url
-    }
-  } catch (e) {
-    return false;
-  }
-
-  const other = new URL(otherUrl, base);
-  return base.origin === other.origin;
-}
-
 // Checks if URLs use one of the allowed protocols, e.g. to avoid XSS.
 function _isValidProtocol(url) {
  if (!url) {
@ -1133,7 +1117,6 @@ export {
  isAscii,
  IsEvalSupportedCached,
  IsLittleEndianCached,
-  isSameOrigin,
  MissingPDFException,
  objectFromMap,
  objectSize,