Isolate globals for ContentSecurityPolicy tests

With "$wgResourceBasePath = '/';", various ContentSecurityPolicy tests
failed due to unexpected output. An extra "extensions" is added in the
output line.

The reason is getAdditionalSelfUrls() injecting URls from a few global
settings but the test fails to set them in setUp(). The settings are:

  $wgLoadScript
  $wgExtensionAssetsPath
  $wgStylePath
  $wgResourceBasePath

Set them explicitly in setUp() so the test outcome does not depend on
values that might have been set in LocalSettings.php.

Add a quick test to ensure getAdditionalSelfUrls() does recognize
domains in those four global settings.

Change-Id: Ia0dc2f44c71bdf89a0ee9ef82d9cb6a1cbd8a9da

diff --git a/tests/phpunit/includes/ContentSecurityPolicyTest.php b/tests/phpunit/includes/ContentSecurityPolicyTest.php
index a758f99..5d6c067 100644 (file)
--- a/tests/phpunit/includes/ContentSecurityPolicyTest.php
+++ b/tests/phpunit/includes/ContentSecurityPolicyTest.php
@@ -13,6 +13,10 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
                        'wgAllowExternalImagesFrom' => [],
                        'wgAllowImageTag' => false,
                        'wgEnableImageWhitelist' => false,
+                       'wgLoadScript' => false,
+                       'wgExtensionAssetsPath' => false,
+                       'wgStylePath' => false,
+                       'wgResourceBasePath' => null,
                        'wgCrossSiteAJAXdomains' => [
                                'sister-site.somewhere.com',
                                '*.wikipedia.org',
@@ -47,6 +51,29 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
                return parent::setUp();
        }
 
+       /**
+        * @covers ContentSecurityPolicy::getAdditionalSelfUrls
+        */
+       public function testGetAdditionalSelfUrlsRespectsUrlSettings() {
+               $this->setMwGlobals( 'wgLoadScript', 'https://wgLoadScript.example.org/load.php' );
+               $this->setMwGlobals( 'wgExtensionAssetsPath',
+                       'https://wgExtensionAssetsPath.example.org/assets/' );
+               $this->setMwGlobals( 'wgStylePath', 'https://wgStylePath.example.org/style/' );
+               $this->setMwGlobals( 'wgResourceBasePath', 'https://wgResourceBasePath.example.org/resources/' );
+
+               $this->assertEquals(
+                       [
+                               'https://upload.wikimedia.org',
+                               'https://commons.wikimedia.org',
+                               'https://wgLoadScript.example.org',
+                               'https://wgExtensionAssetsPath.example.org',
+                               'https://wgStylePath.example.org',
+                               'https://wgResourceBasePath.example.org',
+                       ],
+                       array_values( $this->csp->getAdditionalSelfUrls() )
+               );
+       }
+
        /**
         * @dataProvider providerFalsePositiveBrowser
         * @covers ContentSecurityPolicy::falsePositiveBrowser