-
Notifications
You must be signed in to change notification settings - Fork 221
Allow redirect to external sites if CORS isn't enabled #1891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -296,7 +296,15 @@ window.submitForm = function (form, possibleClickedButton) { | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 'Content-Type', | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| 'application/x-www-form-urlencoded' | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| ); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| request.send(parameters.join('&')); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| try { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| request.send(parameters.join('&')); | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| } catch (e) { | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| // If the send method throws an exception, redirect to the form action URL. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| // This can happen for example if redirecting to an external site, which doesn't have CORS enabled, | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| // so we can't use Ajax. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| window.location.href = url; | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| window.location.href = url; | |
| window.location.href = formAction; |
Copilot
AI
Dec 16, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
XMLHttpRequest.send() typically does not throw exceptions for CORS errors. CORS failures are asynchronous and trigger the 'onerror' event handler instead. The try-catch block may not catch CORS-related issues as intended. Consider adding a request.onerror handler or a timeout mechanism to detect when AJAX submission fails and fallback to a regular form submission.
| try { | |
| request.send(parameters.join('&')); | |
| } catch (e) { | |
| // If the send method throws an exception, redirect to the form action URL. | |
| // This can happen for example if redirecting to an external site, which doesn't have CORS enabled, | |
| // so we can't use Ajax. | |
| window.location.href = url; | |
| // Fallback handler to ensure redirect only happens once | |
| var hasFallenBack = false; | |
| function fallbackToRegularSubmission() { | |
| if (!hasFallenBack) { | |
| hasFallenBack = true; | |
| window.location.href = url; | |
| } | |
| } | |
| request.onerror = fallbackToRegularSubmission; | |
| request.ontimeout = fallbackToRegularSubmission; | |
| // Set a timeout (e.g., 10 seconds) | |
| request.timeout = 10000; | |
| try { | |
| request.send(parameters.join('&')); | |
| } catch (e) { | |
| // If the send method throws an exception, redirect to the form action URL. | |
| // This can happen for example if redirecting to an external site, which doesn't have CORS enabled, | |
| // so we can't use Ajax. | |
| fallbackToRegularSubmission(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This won't work for forms that are submitted via POST. I don't think this can be really fixed at all except by disabling the JS form submission in those forms
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, I'll share my example code soon to show my use case
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's the example: amitaibu/ihp-cms-starter#35
If you navigate to
http://localhost:8000without the PR it will result with console error. With the PR you'll be redirected to the repo of one of the best Haskell frameworks! 😄There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mpscholten ^^