From: Antoine Musso <hashar@free.fr>
Date: Thu, 13 Jun 2019 10:29:49 +0000 (+0200)
Subject: Isolate globals for ContentSecurityPolicy tests
X-Git-Tag: 1.34.0-rc.0~1099^2
X-Git-Url: http://git.cyclocoop.org/data/%24self?a=commitdiff_plain;h=629c43e91b903726befd83dd3c88fa1c5ab2d096;p=lhc%2Fweb%2Fwiklou.git

Isolate globals for ContentSecurityPolicy tests

With "$wgResourceBasePath = '/';", various ContentSecurityPolicy tests
failed due to unexpected output. An extra "extensions" is added in the
output line.

The reason is getAdditionalSelfUrls() injecting URls from a few global
settings but the test fails to set them in setUp(). The settings are:

  $wgLoadScript
  $wgExtensionAssetsPath
  $wgStylePath
  $wgResourceBasePath

Set them explicitly in setUp() so the test outcome does not depend on
values that might have been set in LocalSettings.php.

Add a quick test to ensure getAdditionalSelfUrls() does recognize
domains in those four global settings.

Change-Id: Ia0dc2f44c71bdf89a0ee9ef82d9cb6a1cbd8a9da
---

diff --git a/tests/phpunit/includes/ContentSecurityPolicyTest.php b/tests/phpunit/includes/ContentSecurityPolicyTest.php
index a758f990c9..5d6c0677bd 100644
--- a/tests/phpunit/includes/ContentSecurityPolicyTest.php
+++ b/tests/phpunit/includes/ContentSecurityPolicyTest.php
@@ -13,6 +13,10 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 			'wgAllowExternalImagesFrom' => [],
 			'wgAllowImageTag' => false,
 			'wgEnableImageWhitelist' => false,
+			'wgLoadScript' => false,
+			'wgExtensionAssetsPath' => false,
+			'wgStylePath' => false,
+			'wgResourceBasePath' => null,
 			'wgCrossSiteAJAXdomains' => [
 				'sister-site.somewhere.com',
 				'*.wikipedia.org',
@@ -47,6 +51,29 @@ class ContentSecurityPolicyTest extends MediaWikiTestCase {
 		return parent::setUp();
 	}
 
+	/**
+	 * @covers ContentSecurityPolicy::getAdditionalSelfUrls
+	 */
+	public function testGetAdditionalSelfUrlsRespectsUrlSettings() {
+		$this->setMwGlobals( 'wgLoadScript', 'https://wgLoadScript.example.org/load.php' );
+		$this->setMwGlobals( 'wgExtensionAssetsPath',
+			'https://wgExtensionAssetsPath.example.org/assets/' );
+		$this->setMwGlobals( 'wgStylePath', 'https://wgStylePath.example.org/style/' );
+		$this->setMwGlobals( 'wgResourceBasePath', 'https://wgResourceBasePath.example.org/resources/' );
+
+		$this->assertEquals(
+			[
+				'https://upload.wikimedia.org',
+				'https://commons.wikimedia.org',
+				'https://wgLoadScript.example.org',
+				'https://wgExtensionAssetsPath.example.org',
+				'https://wgStylePath.example.org',
+				'https://wgResourceBasePath.example.org',
+			],
+			array_values( $this->csp->getAdditionalSelfUrls() )
+		);
+	}
+
 	/**
 	 * @dataProvider providerFalsePositiveBrowser
 	 * @covers ContentSecurityPolicy::falsePositiveBrowser