'wgAllowExternalImagesFrom' => [],
'wgAllowImageTag' => false,
'wgEnableImageWhitelist' => false,
+ 'wgLoadScript' => false,
+ 'wgExtensionAssetsPath' => false,
+ 'wgStylePath' => false,
+ 'wgResourceBasePath' => null,
'wgCrossSiteAJAXdomains' => [
'sister-site.somewhere.com',
'*.wikipedia.org',
// Note, there are some obscure globals which
// could affect the results which aren't included above.
- RepoGroup::destroySingleton();
+ $this->overrideMwServices();
$context = RequestContext::getMain();
$resp = $context->getRequest()->response();
$conf = $context->getConfig();
return parent::setUp();
}
+ /**
+ * @covers ContentSecurityPolicy::getAdditionalSelfUrls
+ */
+ public function testGetAdditionalSelfUrlsRespectsUrlSettings() {
+ $this->setMwGlobals( 'wgLoadScript', 'https://wgLoadScript.example.org/load.php' );
+ $this->setMwGlobals( 'wgExtensionAssetsPath',
+ 'https://wgExtensionAssetsPath.example.org/assets/' );
+ $this->setMwGlobals( 'wgStylePath', 'https://wgStylePath.example.org/style/' );
+ $this->setMwGlobals( 'wgResourceBasePath', 'https://wgResourceBasePath.example.org/resources/' );
+
+ $this->assertEquals(
+ [
+ 'https://upload.wikimedia.org',
+ 'https://commons.wikimedia.org',
+ 'https://wgLoadScript.example.org',
+ 'https://wgExtensionAssetsPath.example.org',
+ 'https://wgStylePath.example.org',
+ 'https://wgResourceBasePath.example.org',
+ ],
+ array_values( $this->csp->getAdditionalSelfUrls() )
+ );
+ }
+
/**
* @dataProvider providerFalsePositiveBrowser
* @covers ContentSecurityPolicy::falsePositiveBrowser
* @covers ContentSecurityPolicy::isNonceRequired
*/
public function testCSPIsEnabled( $main, $reportOnly, $expected ) {
- global $wgCSPReportOnlyHeader, $wgCSPHeader;
- global $wgCSPHeader;
- $oldReport = wfSetVar( $wgCSPReportOnlyHeader, $reportOnly );
- $oldMain = wfSetVar( $wgCSPHeader, $main );
+ $this->setMwGlobals( 'wgCSPReportOnlyHeader', $reportOnly );
+ $this->setMwGlobals( 'wgCSPHeader', $main );
$res = ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() );
- wfSetVar( $wgCSPReportOnlyHeader, $oldReport );
- wfSetVar( $wgCSPHeader, $oldMain );
$this->assertEquals( $res, $expected );
}