trustedHosts checks for hostname match instead of host

[makepanic]

I don't know if this is a bug, but the trustedHosts filter checks for a urls hostname instead of its host. ( https://github.com/ember-cli/ember-ajax/blob/master/addon/mixins/ajax-request.js#L355 )

This results in valid hosts not being accepted, because the hosts port isn't matched:

If it's a bug, I can open a PR to change the behavior (maybe resulting in a breaking change?). One way would be to simply rename trustedHosts to trustedHostnames which describes the given hostname check. Alternatively change it to check the urls host.

[alexlafroscia]

Thanks for catching this! I don't think it was intentional. I would imagine that most people wouldn't provide the host in the whitelist, but then again, I'm not sure that we want to assume that just because one port is valid, all of them are...

What if compare by host and port, and add an implicit port 80 to items in the whitelist that don't provide one? If we're always using host and port, we're always comparing apples to apples and since 80 is the implicit default, we can use that fact to add the port if we need to just for the comparison.

[makepanic]

Sounds like a good way to solve this issue. Should I try to implement it? (Would the best way to change this, to pass the RequestUrl object to the _matchHosts(host, matcher) and simply compare its hostname + port field?)

[alexlafroscia]

If you'd like to, that would be great! I think that sounds like a good approach; just make sure to add some testing to make sure that it handles the implicit port numbers correctly!

[makepanic]

Should the implicit port only work with trusted hosts in string format? I'm not sure if we should modify a given regex.

[alexlafroscia]

What do you mean? Can you provide an example?