Skip to content

Commit e7298c1

Browse files
adamsilversteinadamsilverstein
committed
Media: Add tests for secure origin check
Add unit tests verifying that client-side media processing is disabled on non-secure, non-localhost origins and enabled on localhost regardless of SSL.
1 parent fb7caae commit e7298c1

1 file changed

Lines changed: 69 additions & 0 deletions

File tree

tests/phpunit/tests/media/wpCrossOriginIsolation.php

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
* @group media
77
* @covers ::wp_set_up_cross_origin_isolation
88
* @covers ::wp_start_cross_origin_isolation_output_buffer
9+
* @covers ::wp_is_client_side_media_processing_enabled
910
*/
1011
class Tests_Media_wpCrossOriginIsolation extends WP_UnitTestCase {
1112

@@ -16,9 +17,33 @@ class Tests_Media_wpCrossOriginIsolation extends WP_UnitTestCase {
1617
*/
1718
private $original_user_agent;
1819

20+
/**
21+
* Original HTTP_HOST value.
22+
*
23+
* @var string|null
24+
*/
25+
private $original_http_host;
26+
27+
/**
28+
* Original HTTPS value.
29+
*
30+
* @var string|null
31+
*/
32+
private $original_https;
33+
34+
/**
35+
* Original $_GET['action'] value.
36+
*
37+
* @var string|null
38+
*/
39+
private $original_get_action;
40+
1941
public function set_up() {
2042
parent::set_up();
2143
$this->original_user_agent = isset( $_SERVER['HTTP_USER_AGENT'] ) ? $_SERVER['HTTP_USER_AGENT'] : null;
44+
$this->original_http_host = isset( $_SERVER['HTTP_HOST'] ) ? $_SERVER['HTTP_HOST'] : null;
45+
$this->original_https = isset( $_SERVER['HTTPS'] ) ? $_SERVER['HTTPS'] : null;
46+
$this->original_get_action = isset( $_GET['action'] ) ? $_GET['action'] : null;
2247
}
2348

2449
public function tear_down() {
@@ -28,6 +53,24 @@ public function tear_down() {
2853
$_SERVER['HTTP_USER_AGENT'] = $this->original_user_agent;
2954
}
3055

56+
if ( null === $this->original_http_host ) {
57+
unset( $_SERVER['HTTP_HOST'] );
58+
} else {
59+
$_SERVER['HTTP_HOST'] = $this->original_http_host;
60+
}
61+
62+
if ( null === $this->original_https ) {
63+
unset( $_SERVER['HTTPS'] );
64+
} else {
65+
$_SERVER['HTTPS'] = $this->original_https;
66+
}
67+
68+
if ( null === $this->original_get_action ) {
69+
unset( $_GET['action'] );
70+
} else {
71+
$_GET['action'] = $this->original_get_action;
72+
}
73+
3174
// Clean up any output buffers started during tests.
3275
while ( ob_get_level() > 1 ) {
3376
ob_end_clean();
@@ -124,6 +167,32 @@ public function test_does_not_start_output_buffer_for_safari() {
124167
$this->assertSame( $level_before, $level_after, 'Output buffer should not be started for Safari.' );
125168
}
126169

170+
/**
171+
* @ticket 64803
172+
*/
173+
public function test_client_side_processing_disabled_on_non_secure_origin() {
174+
$_SERVER['HTTP_HOST'] = 'example.com';
175+
$_SERVER['HTTPS'] = '';
176+
177+
$this->assertFalse(
178+
wp_is_client_side_media_processing_enabled(),
179+
'Client-side media processing should be disabled on non-secure, non-localhost origins.'
180+
);
181+
}
182+
183+
/**
184+
* @ticket 64803
185+
*/
186+
public function test_client_side_processing_enabled_on_localhost() {
187+
$_SERVER['HTTP_HOST'] = 'localhost';
188+
$_SERVER['HTTPS'] = '';
189+
190+
$this->assertTrue(
191+
wp_is_client_side_media_processing_enabled(),
192+
'Client-side media processing should be enabled on localhost.'
193+
);
194+
}
195+
127196
/**
128197
* This test must run in a separate process because the output buffer
129198
* callback sends HTTP headers via header(), which would fail in the

0 commit comments

Comments
 (0)