From d4c77deb4c4ebe6d8ce95d0ee6a6327c03257cd2 Mon Sep 17 00:00:00 2001
From: Prateek Surana <prateeksurana3255@gmail.com>
Date: Mon, 22 Jan 2024 17:44:18 +0530
Subject: [PATCH] Add similar tests for fetch and xhr

---
 test/axios.test.js          | 34 +++++++++++++++++++++++++++++
 test/fetch.test.js          |  4 ++--
 test/xmlhttprequest.test.js | 43 +++++++++++++++++++++++++++++++++++--
 3 files changed, 77 insertions(+), 4 deletions(-)

diff --git a/test/axios.test.js b/test/axios.test.js
index be981a68..40968366 100644
--- a/test/axios.test.js
+++ b/test/axios.test.js
@@ -2003,6 +2003,40 @@ describe("Axios AuthHttpRequest class tests", function () {
             await browser.close();
         }
     });
+
+    it("test that relative URLs get intercepted if frontend and backend are on same domain", async function () {
+        await startST(3);
+        const browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+        try {
+            const page = await browser.newPage();
+            await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+            await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.addAxiosInterceptors(axios);
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+                let loginResponse = await axios.post(`/login`, JSON.stringify({ userId }), {
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    }
+                });
+                let userIdFromResponse = loginResponse.data;
+                assertEqual(userId, userIdFromResponse);
+
+                let checkRidResponse = await axios({ url: `/check-rid`, method: "GET" });
+
+                assertEqual(await checkRidResponse.data, "success");
+            });
+        } finally {
+            await browser.close();
+        }
+    });
 });
 
 function addAxiosInterceptorsTest(axiosInstance) {
diff --git a/test/fetch.test.js b/test/fetch.test.js
index abfcb8a3..530fd80d 100644
--- a/test/fetch.test.js
+++ b/test/fetch.test.js
@@ -2353,9 +2353,9 @@ describe("Fetch AuthHttpRequest class tests", function () {
 
                 assertEqual(await loginResponse.text(), userId);
 
-                let getResponse = await fetch(`/check-rid`);
+                let checkRidResponse = await fetch(`/check-rid`);
 
-                assertEqual(await getResponse.text(), "success");
+                assertEqual(await checkRidResponse.text(), "success");
             });
         } finally {
             await browser.close();
diff --git a/test/xmlhttprequest.test.js b/test/xmlhttprequest.test.js
index 8acd6a81..18a397c4 100644
--- a/test/xmlhttprequest.test.js
+++ b/test/xmlhttprequest.test.js
@@ -16,10 +16,10 @@ const axios = require("axios");
 
 const puppeteer = require("puppeteer");
 const assert = require("assert");
-const { BASE_URL, BASE_URL_FOR_ST } = require("./utils.js");
+const { BASE_URL, BASE_URL_FOR_ST, startST } = require("./utils.js");
 const { spawn } = require("child_process");
 
-describe("Axios AuthHttpRequest class tests header", function () {
+describe("XmlHttpRequest tests", function () {
     let browser, page;
     before(async function () {
         spawn(
@@ -123,4 +123,43 @@ describe("Axios AuthHttpRequest class tests header", function () {
             assert.strictEqual(errors.length, 0);
         });
     });
+
+    it("test that relative URLs get intercepted if frontend and backend are on same domain", async function () {
+        await startST(3);
+        const browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+        try {
+            const page = await browser.newPage();
+            await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+            await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginRequest = new XMLHttpRequest();
+                loginRequest.open("POST", `/login`);
+                loginRequest.setRequestHeader("Content-Type", "application/json");
+                loginRequest.setRequestHeader("Accept", "application/json");
+                loginRequest.send(JSON.stringify({ userId }));
+                await new Promise(res => {
+                    loginRequest.onload = res;
+                });
+                assertEqual(loginRequest.responseText, userId);
+
+                let checkRidRequest = new XMLHttpRequest();
+                checkRidRequest.open("GET", `/check-rid`);
+                checkRidRequest.send();
+                await new Promise(res => {
+                    checkRidRequest.onload = res;
+                });
+                assertEqual(checkRidRequest.responseText, "success");
+            });
+        } finally {
+            await browser.close();
+        }
+    });
 });