From 1ee797efa4f1258b4567b81a6b7ec8b90fed03ac Mon Sep 17 00:00:00 2001
From: David Rowe <david@ctrlaltstudio.com>
Date: Fri, 27 Mar 2015 13:59:52 -0700
Subject: [PATCH 1/2] Fix authorization of API calls in XMLHttpRequest

---
 libraries/script-engine/src/XMLHttpRequestClass.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/script-engine/src/XMLHttpRequestClass.cpp b/libraries/script-engine/src/XMLHttpRequestClass.cpp
index 8755527860..f408e2001d 100644
--- a/libraries/script-engine/src/XMLHttpRequestClass.cpp
+++ b/libraries/script-engine/src/XMLHttpRequestClass.cpp
@@ -207,7 +207,7 @@ void XMLHttpRequestClass::open(const QString& method, const QString& url, bool a
                 notImplemented();
             }
         } else {
-            if (url.toLower().left(33) == "https://metaverse.highfidelity.com/api/") {
+            if (url.toLower().left(39) == "https://metaverse.highfidelity.com/api/") {
                 AccountManager& accountManager = AccountManager::getInstance();
                 
                 if (accountManager.hasValidAccessToken()) {

From c45676041941ae3e2c6985f10f895a3df5155ff6 Mon Sep 17 00:00:00 2001
From: David Rowe <david@ctrlaltstudio.com>
Date: Fri, 27 Mar 2015 15:24:55 -0700
Subject: [PATCH 2/2] Extract API URL into a const

---
 libraries/script-engine/src/XMLHttpRequestClass.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libraries/script-engine/src/XMLHttpRequestClass.cpp b/libraries/script-engine/src/XMLHttpRequestClass.cpp
index f408e2001d..3054472a3c 100644
--- a/libraries/script-engine/src/XMLHttpRequestClass.cpp
+++ b/libraries/script-engine/src/XMLHttpRequestClass.cpp
@@ -22,6 +22,8 @@
 #include "XMLHttpRequestClass.h"
 #include "ScriptEngine.h"
 
+const QString METAVERSE_API_URL = "https://metaverse.highfidelity.com/api/";
+
 Q_DECLARE_METATYPE(QByteArray*)
 
 XMLHttpRequestClass::XMLHttpRequestClass(QScriptEngine* engine) :
@@ -207,7 +209,7 @@ void XMLHttpRequestClass::open(const QString& method, const QString& url, bool a
                 notImplemented();
             }
         } else {
-            if (url.toLower().left(39) == "https://metaverse.highfidelity.com/api/") {
+            if (url.toLower().left(METAVERSE_API_URL.length()) == METAVERSE_API_URL) {
                 AccountManager& accountManager = AccountManager::getInstance();
                 
                 if (accountManager.hasValidAccessToken()) {