Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_frame_src_csp_header_set fails on customized ALLOWED_IFRAME_SOURCES #5068

Closed
mueller-contria opened this issue Jun 13, 2024 · 1 comment
Closed

test_frame_src_csp_header_set fails on customized ALLOWED_IFRAME_SOURCES #5068

mueller-contria opened this issue Jun 13, 2024 · 1 comment
Labels
🐛 Bug
Milestone
BookStack v24.05.3

Comments

@mueller-contria
Copy link
Contributor

Describe the Bug

test_frame_src_csp_header_set() (in tests/SecurityHeaderTest.php) tests the CspHeader->frame-src against a fixed string, identical to the default-setting for ALLOWED_IFRAME_SOURCES.
If we customize ALLOWED_IFRAME_SOURCES in our .env, the test fails.

Comparable Environment Variables are defined in the phpunit.xml, but unfortunately not ALLOWED_IFRAME_SOURCES

I will provide a Pull-Request for phpunit.xml soon.

Steps to Reproduce

  1. Add a line like ALLOWED_IFRAME_SOURCES="https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.google.com" to your .env-file
  2. Execute vendor/bin/phpunit --filter test_frame_src_csp_header_set
  3. The test fails
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com'
+'frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.google.com'

Expected Behaviour

The test should pass.

The tests should not rely on the ALLOWED_IFRAME_SOURCES-value set in .env. Instead, phpunit.xml should define the value of this env-var.

Screenshots or Additional Context

No response

Browser Details

CLI / PHPUnit

Exact BookStack Version

v24.03-dev
mueller-contria added a commit to mueller-contria/BookStack that referenced this issue Jun 13, 2024
@mueller-contria
Add ALLOWED_IFRAME_SOURCES to phpunit.xml
b81f2b5 
Fix for bug BookStackApp#5068
test_frame_src_csp_header_set fails, when .env-file has
customized ALLOWED_IFRAME_SOURCES
@mueller-contria mueller-contria mentioned this issue Jun 13, 2024
Merged
@ssddanbrown ssddanbrown added this to the BookStack v24.05.3 milestone Jul 14, 2024
@ssddanbrown
Copy link
Member

Closed with merge of #5069, thanks again @mueller-contria!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 Bug
Milestone
BookStack v24.05.3
Development

No branches or pull requests
2 participants
@ssddanbrown @mueller-contria