X-Git-Url: http://git.cyclocoop.org/?a=blobdiff_plain;f=tests%2Fphpunit%2Fincludes%2FContentSecurityPolicyTest.php;h=5f0200d09def7ae6bc917a4f0660df18be9cb7e7;hb=f585244a778ed712859f48383472c24f105b1b4e;hp=250d49d7207fd7482dcdbf6c7e78d51175910e12;hpb=a0b490bbe7a87b54de49f075c59befa8232b2237;p=lhc%2Fweb%2Fwiklou.git

diff --git a/tests/phpunit/includes/ContentSecurityPolicyTest.php b/tests/phpunit/includes/ContentSecurityPolicyTest.php
index 250d49d720..5d6c0677bd 100644
--- a/tests/phpunit/includes/ContentSecurityPolicyTest.php
+++ b/tests/phpunit/includes/ContentSecurityPolicyTest.php
@@ -13,6 +13,10 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 			'wgAllowExternalImagesFrom' => [],
 			'wgAllowImageTag' => false,
 			'wgEnableImageWhitelist' => false,
+			'wgLoadScript' => false,
+			'wgExtensionAssetsPath' => false,
+			'wgStylePath' => false,
+			'wgResourceBasePath' => null,
 			'wgCrossSiteAJAXdomains' => [
 				'sister-site.somewhere.com',
 				'*.wikipedia.org',
@@ -37,7 +41,7 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 		// Note, there are some obscure globals which
 		// could affect the results which aren't included above.
 
-		RepoGroup::destroySingleton();
+		$this->overrideMwServices();
 		$context = RequestContext::getMain();
 		$resp = $context->getRequest()->response();
 		$conf = $context->getConfig();
@@ -47,6 +51,29 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 		return parent::setUp();
 	}
 
+	/**
+	 * @covers ContentSecurityPolicy::getAdditionalSelfUrls
+	 */
+	public function testGetAdditionalSelfUrlsRespectsUrlSettings() {
+		$this->setMwGlobals( 'wgLoadScript', 'https://wgLoadScript.example.org/load.php' );
+		$this->setMwGlobals( 'wgExtensionAssetsPath',
+			'https://wgExtensionAssetsPath.example.org/assets/' );
+		$this->setMwGlobals( 'wgStylePath', 'https://wgStylePath.example.org/style/' );
+		$this->setMwGlobals( 'wgResourceBasePath', 'https://wgResourceBasePath.example.org/resources/' );
+
+		$this->assertEquals(
+			[
+				'https://upload.wikimedia.org',
+				'https://commons.wikimedia.org',
+				'https://wgLoadScript.example.org',
+				'https://wgExtensionAssetsPath.example.org',
+				'https://wgStylePath.example.org',
+				'https://wgResourceBasePath.example.org',
+			],
+			array_values( $this->csp->getAdditionalSelfUrls() )
+		);
+	}
+
 	/**
 	 * @dataProvider providerFalsePositiveBrowser
 	 * @covers ContentSecurityPolicy::falsePositiveBrowser
@@ -273,13 +300,9 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 	 * @covers ContentSecurityPolicy::isNonceRequired
 	 */
 	public function testCSPIsEnabled( $main, $reportOnly, $expected ) {
-		global $wgCSPReportOnlyHeader, $wgCSPHeader;
-		global $wgCSPHeader;
-		$oldReport = wfSetVar( $wgCSPReportOnlyHeader, $reportOnly );
-		$oldMain = wfSetVar( $wgCSPHeader, $main );
+		$this->setMwGlobals( 'wgCSPReportOnlyHeader', $reportOnly );
+		$this->setMwGlobals( 'wgCSPHeader', $main );
 		$res = ContentSecurityPolicy::isNonceRequired( RequestContext::getMain()->getConfig() );
-		wfSetVar( $wgCSPReportOnlyHeader, $oldReport );
-		wfSetVar( $wgCSPHeader, $oldMain );
 		$this->assertEquals( $res, $expected );
 	}