DEV: Allow CSP to be enabled during QUnit tests (#8668)

The QUnit rake task starts a server in test mode. We need a tweak to allow dynamic CSP hostnames in test mode. This tweak is already present in development mode. To allow CSP to work, the browser host/port must match what the server sees. Therefore we need to disable the enforce_hostname middleware in test mode. To keep rspec and production as similar as possible, we skip enforce_hostname using an environment variable. Also move the qunit rake task to use unicorn, for consistency with development and production.
2024-11-22 13:09:18 +08:00 · 2020-01-07 12:22:58 +00:00 · 2020-01-07 12:22:58 +00:00 · c8d438cc63
commit c8d438cc63
parent d3a64e34e7
3 changed files with 13 additions and 15 deletions
--- a/config/application.rb
+++ b/config/application.rb
@ -224,7 +224,7 @@ module Discourse
    # supports etags (post 1.7)
    config.middleware.delete Rack::ETag

-    unless Rails.env.development?
+    if !(Rails.env.development? || ENV['SKIP_ENFORCE_HOSTNAME'] == "1")
      require 'middleware/enforce_hostname'
      config.middleware.insert_after Rack::MethodOverride, Middleware::EnforceHostname
    end
--- a/lib/content_security_policy/middleware.rb
+++ b/lib/content_security_policy/middleware.rb
@ -12,7 +12,7 @@ class ContentSecurityPolicy
      _, headers, _ = response = @app.call(env)

      return response unless html_response?(headers)
-      ContentSecurityPolicy.base_url = request.host_with_port if Rails.env.development?
+      ContentSecurityPolicy.base_url = request.host_with_port if !Rails.env.production?

      theme_ids = env[:resolved_theme_ids]

--- a/lib/tasks/qunit.rake
+++ b/lib/tasks/qunit.rake
@ -2,14 +2,10 @@

 desc "Runs the qunit test suite"

-task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args|
-  require "rack"
+task "qunit:test", [:timeout, :qunit_path] do |_, args|
  require "socket"
  require 'rbconfig'

-  puts "Turning off CSP to allow qunit to run"
-  SiteSetting.content_security_policy = false
-
  if RbConfig::CONFIG['host_os'][/darwin|mac os/]
    google_chrome_cli = "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome"
  else
@ -45,14 +41,16 @@ task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args|
    port += 1
  end

-  unless pid = fork
-    Discourse.after_fork
-    Rack::Server.start(config: "config.ru",
-                       AccessLog: [],
-                       environment: 'test',
-                       Port: port)
-    exit
-  end
+  pid = Process.spawn(
+    {
+      "RAILS_ENV" => "test",
+      "SKIP_ENFORCE_HOSTNAME" => "1",
+      "UNICORN_PID_PATH" => "#{Rails.root}/tmp/pids/unicorn_test.pid", # So this can run alongside development
+      "UNICORN_PORT" => port.to_s,
+      "UNICORN_SIDEKIQS" => "0"
+    },
+    "#{Rails.root}/bin/unicorn -c config/unicorn.conf.rb"
+  )

  begin
    success = true