From 5d7d8a7f681d6f654a7106a2b0e285f4b15c3800 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Wed, 28 Oct 2020 13:41:41 +0100
Subject: [PATCH] Replace window.location with the full URL to prevent passing
 query parameters

* Example before:
location + '/mark_as_solved'
/request_for_comments/30885?locale=de/mark_as_solved

Now: //localhost:3333/request_for_comments/30885/mark_as_solved

Note: https or http will be added automatically by browsers
---
 app/assets/javascripts/error_templates.js     | 2 +-
 app/assets/javascripts/external_users.js      | 2 +-
 app/views/request_for_comments/show.html.slim | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/error_templates.js b/app/assets/javascripts/error_templates.js
index 74978157..3cb7dcaf 100644
--- a/app/assets/javascripts/error_templates.js
+++ b/app/assets/javascripts/error_templates.js
@@ -1,7 +1,7 @@
 $(document).on('turbolinks:load', function() {
     if ($.isController('error_templates')) {
         $('#add-attribute').find('button').on('click', function () {
-            $.ajax(location + '/attribute.json', {
+            $.ajax('//' + location.host + location.pathname + '/attribute.json', {
                 method: 'POST',
                 data: {
                     _method: 'PUT',
diff --git a/app/assets/javascripts/external_users.js b/app/assets/javascripts/external_users.js
index 058fdfa0..402c5473 100644
--- a/app/assets/javascripts/external_users.js
+++ b/app/assets/javascripts/external_users.js
@@ -17,7 +17,7 @@ $(document).on('turbolinks:load', function() {
         </a>';
     };
 
-    var jqxhr = $.ajax(window.location.href + '/tag_statistics', {
+    var jqxhr = $.ajax('//' + location.host + location.pathname + '/tag_statistics', {
       dataType: 'json',
       method: 'GET'
     });
diff --git a/app/views/request_for_comments/show.html.slim b/app/views/request_for_comments/show.html.slim
index d5cca4a3..2a16170d 100644
--- a/app/views/request_for_comments/show.html.slim
+++ b/app/views/request_for_comments/show.html.slim
@@ -109,7 +109,7 @@ javascript:
     $.ajax({
       dataType: 'json',
       method: 'GET',
-      url: location + '/mark_as_solved'
+      url: '//' + location.host + location.pathname + '/mark_as_solved'
     }).done(function(response){
       if(response.solved){
         solvedButton.removeClass('btn-primary');
@@ -127,7 +127,7 @@ javascript:
       $.ajax({
         dataType: 'json',
         method: 'POST',
-        url: location + '/set_thank_you_note',
+        url: '//' + location.host + location.pathname + '/set_thank_you_note',
         data: {
             note: value
         }