summaryrefslogtreecommitdiff
path: root/tests/phpunit/includes/api
diff options
context:
space:
mode:
Diffstat (limited to 'tests/phpunit/includes/api')
-rw-r--r--tests/phpunit/includes/api/ApiMainTest.php27
-rw-r--r--tests/phpunit/includes/api/format/ApiFormatJsonTest.php4
2 files changed, 29 insertions, 2 deletions
diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php
index 94b741dc..a2bc7aed 100644
--- a/tests/phpunit/includes/api/ApiMainTest.php
+++ b/tests/phpunit/includes/api/ApiMainTest.php
@@ -248,4 +248,31 @@ class ApiMainTest extends ApiTestCase {
);
}
+ /**
+ * @covers ApiMain::lacksSameOriginSecurity
+ */
+ public function testLacksSameOriginSecurity() {
+ // Basic test
+ $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+ $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' );
+
+ // JSONp
+ $main = new ApiMain(
+ new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ) )
+ );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' );
+
+ // Header
+ $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) );
+ $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value!
+ $main = new ApiMain( $request );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' );
+
+ // Hook
+ $this->mergeMwGlobalArrayValue( 'wgHooks', array(
+ 'RequestHasSameOriginSecurity' => array( function () { return false; } )
+ ) );
+ $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) );
+ $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' );
+ }
}
diff --git a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
index 3dfcaf0f..8d599b08 100644
--- a/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
+++ b/tests/phpunit/includes/api/format/ApiFormatJsonTest.php
@@ -61,7 +61,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase {
array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ),
// Cross-domain mangling
- array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ),
+ array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ),
) ),
self::addFormatVersion( 2, array(
// Basic types
@@ -102,7 +102,7 @@ class ApiFormatJsonTest extends ApiFormatTestBase {
array( array( 1 ), '/**/myCallback([1])', array( 'callback' => 'myCallback' ) ),
// Cross-domain mangling
- array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy \u003E"]' ),
+ array( array( '< Cross-Domain-Policy >' ), '["\u003C Cross-Domain-Policy >"]' ),
) )
);
}
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-21 20:02:49 +0000