supertokens · rishabhpoddar · Jan 22, 2024 · Jan 22, 2024 · Jan 22, 2024 · Jan 22, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added a `DateProvider`, that both built-in and custom validators can use instead of `Date.now` to get an estimate of the server clock.
 - Added the `dateProvider` prop to the configuration that can be used to customize the built-in `DateProvider`.
 - Added `getClockSkewInMillis` as an overrideable function that estimates the time difference between the backend and the client.
+- Added a test to check that relative URLs get intercepted correctly
 
 ## [17.0.5] - 2024-01-03
 

diff --git a/test/axios.test.js b/test/axios.test.js
@@ -2003,6 +2003,40 @@ describe("Axios AuthHttpRequest class tests", function () {
             await browser.close();
         }
     });
+
+    it("test that relative URLs get intercepted if frontend and backend are on same domain", async function () {
+        await startST(3);
+        const browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+        try {
+            const page = await browser.newPage();
+            await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+            await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.addAxiosInterceptors(axios);
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+                let loginResponse = await axios.post(`/login`, JSON.stringify({ userId }), {
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    }
+                });
+                let userIdFromResponse = loginResponse.data;
+                assertEqual(userId, userIdFromResponse);
+
+                let checkRidResponse = await axios({ url: `/check-rid`, method: "GET" });
+
+                assertEqual(await checkRidResponse.data, "success");
+            });
+        } finally {
+            await browser.close();
+        }
+    });
 });
 
 function addAxiosInterceptorsTest(axiosInstance) {

diff --git a/test/fetch.test.js b/test/fetch.test.js
@@ -2325,4 +2325,40 @@ describe("Fetch AuthHttpRequest class tests", function () {
             await browser.close();
         }
     });
+
+    it("test that relative URLs get intercepted if frontend and backend are on same domain", async function () {
+        await startST(3);
+        const browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+        try {
+            const page = await browser.newPage();
+            await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+            await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginResponse = await fetch(`/login`, {
+                    method: "post",
+                    headers: {
+                        Accept: "application/json",
+                        "Content-Type": "application/json"
+                    },
+                    body: JSON.stringify({ userId })
+                });
+
+                assertEqual(await loginResponse.text(), userId);
+
+                let checkRidResponse = await fetch(`/check-rid`);
+
+                assertEqual(await checkRidResponse.text(), "success");
+            });
+        } finally {
+            await browser.close();
+        }
+    });
 });
diff --git a/test/xmlhttprequest.test.js b/test/xmlhttprequest.test.js
@@ -16,10 +16,10 @@ const axios = require("axios");
 
 const puppeteer = require("puppeteer");
 const assert = require("assert");
-const { BASE_URL, BASE_URL_FOR_ST } = require("./utils.js");
+const { BASE_URL, BASE_URL_FOR_ST, startST } = require("./utils.js");
 const { spawn } = require("child_process");
 
-describe("Axios AuthHttpRequest class tests header", function () {
+describe("XmlHttpRequest tests", function () {
     let browser, page;
     before(async function () {
         spawn(
@@ -123,4 +123,43 @@ describe("Axios AuthHttpRequest class tests header", function () {
             assert.strictEqual(errors.length, 0);
         });
     });
+
+    it("test that relative URLs get intercepted if frontend and backend are on same domain", async function () {
+        await startST(3);
+        const browser = await puppeteer.launch({
+            args: ["--no-sandbox", "--disable-setuid-sandbox"]
+        });
+        try {
+            const page = await browser.newPage();
+            await page.goto(BASE_URL + "/index.html", { waitUntil: "load" });
+            await page.addScriptTag({ path: `./bundle/bundle.js`, type: "text/javascript" });
+            await page.evaluate(async () => {
+                let BASE_URL = "http://localhost.org:8080";
+                supertokens.init({
+                    apiDomain: BASE_URL
+                });
+                let userId = "testing-supertokens-website";
+
+                let loginRequest = new XMLHttpRequest();
+                loginRequest.open("POST", `/login`);
+                loginRequest.setRequestHeader("Content-Type", "application/json");
+                loginRequest.setRequestHeader("Accept", "application/json");
+                loginRequest.send(JSON.stringify({ userId }));
+                await new Promise(res => {
+                    loginRequest.onload = res;
+                });
+                assertEqual(loginRequest.responseText, userId);
+
+                let checkRidRequest = new XMLHttpRequest();
+                checkRidRequest.open("GET", `/check-rid`);
+                checkRidRequest.send();
+                await new Promise(res => {
+                    checkRidRequest.onload = res;
+                });
+                assertEqual(checkRidRequest.responseText, "success");
+            });
+        } finally {
+            await browser.close();
+        }
+    });
 });