Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

test_frame_src_csp_header_set fails on customized ALLOWED_IFRAME_SOURCES #5068

Closed
mueller-contria opened this issue Jun 13, 2024 · 1 comment
Closed

test_frame_src_csp_header_set fails on customized ALLOWED_IFRAME_SOURCES #5068

mueller-contria opened this issue Jun 13, 2024 · 1 comment
Labels
🐛 Bug
Milestone
BookStack v24.05.3

Comments

@mueller-contria
Copy link
Contributor

Describe the Bug

test_frame_src_csp_header_set() (in tests/SecurityHeaderTest.php) tests the CspHeader->frame-src against a fixed string, identical to the default-setting for ALLOWED_IFRAME_SOURCES.
If we customize ALLOWED_IFRAME_SOURCES in our .env, the test fails.

Comparable Environment Variables are defined in the phpunit.xml, but unfortunately not ALLOWED_IFRAME_SOURCES

I will provide a Pull-Request for phpunit.xml soon.

Steps to Reproduce

  1. Add a line like ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.google.com" to your .env-file
  2. Execute vendor/bin/phpunit --filter test_frame_src_csp_header_set
  3. The test fails
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com'
+'frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.google.com'

Expected Behaviour

The test should pass.

The tests should not rely on the ALLOWED_IFRAME_SOURCES-value set in .env. Instead, phpunit.xml should define the value of this env-var.

Screenshots or Additional Context

No response

Browser Details

CLI / PHPUnit

Exact BookStack Version

v24.03-dev
mueller-contria added a commit to mueller-contria/BookStack that referenced this issue Jun 13, 2024
@mueller-contria
Add ALLOWED_IFRAME_SOURCES to phpunit.xml
b81f2b5 
Fix for bug BookStackApp#5068
test_frame_src_csp_header_set fails, when .env-file has
customized ALLOWED_IFRAME_SOURCES
@mueller-contria mueller-contria mentioned this issue Jun 13, 2024
Merged
@ssddanbrown ssddanbrown added this to the BookStack v24.05.3 milestone Jul 14, 2024
@ssddanbrown
Copy link
Member

Closed with merge of #5069, thanks again @mueller-contria!

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
🐛 Bug
Milestone
BookStack v24.05.3
Development

No branches or pull requests
2 participants
@ssddanbrown @mueller-contria