XDomainRequest must always be protocol relative (cant http -> https)

benvinegar · benvinegar · commit e3732bb24336 · 2015-12-15T14:07:14.000-08:00
diff --git a/src/raven.js b/src/raven.js
@@ -909,6 +909,7 @@ Raven.prototype = {
     _makeXhrRequest: function(opts) {
         var request;
 
+        var url = opts.url;
         function handler() {
             if (request.status === 200) {
                 if (opts.onSuccess) {
@@ -929,13 +930,17 @@ Raven.prototype = {
             };
         } else {
             request = new XDomainRequest();
+            // xdomainrequest cannot go http -> https (or vice versa),
+            // so always use protocol relative
+            url = url.replace(/^https?:/, '');
+
             // onreadystatechange not supported by XDomainRequest
             request.onload = handler;
         }
 
         // NOTE: auth is intentionally sent as part of query string (NOT as custom
         //       HTTP header) so as to avoid preflight CORS requests
-        request.open('POST', opts.url + '?' + urlencode(opts.auth));
+        request.open('POST', url + '?' + urlencode(opts.auth));
         request.send(JSON.stringify(opts.data));
     },
 
