From c8d438cc63b853c4a2b84d9e9c4332dbbbb3e145 Mon Sep 17 00:00:00 2001 From: David Taylor Date: Tue, 7 Jan 2020 12:22:58 +0000 Subject: [PATCH] DEV: Allow CSP to be enabled during QUnit tests (#8668) The QUnit rake task starts a server in test mode. We need a tweak to allow dynamic CSP hostnames in test mode. This tweak is already present in development mode. To allow CSP to work, the browser host/port must match what the server sees. Therefore we need to disable the enforce_hostname middleware in test mode. To keep rspec and production as similar as possible, we skip enforce_hostname using an environment variable. Also move the qunit rake task to use unicorn, for consistency with development and production. --- config/application.rb | 2 +- lib/content_security_policy/middleware.rb | 2 +- lib/tasks/qunit.rake | 24 +++++++++++------------ 3 files changed, 13 insertions(+), 15 deletions(-) diff --git a/config/application.rb b/config/application.rb index a8e9af88d73..5f1246a7d51 100644 --- a/config/application.rb +++ b/config/application.rb @@ -224,7 +224,7 @@ module Discourse # supports etags (post 1.7) config.middleware.delete Rack::ETag - unless Rails.env.development? + if !(Rails.env.development? || ENV['SKIP_ENFORCE_HOSTNAME'] == "1") require 'middleware/enforce_hostname' config.middleware.insert_after Rack::MethodOverride, Middleware::EnforceHostname end diff --git a/lib/content_security_policy/middleware.rb b/lib/content_security_policy/middleware.rb index 3dfb2594406..3e10db2f264 100644 --- a/lib/content_security_policy/middleware.rb +++ b/lib/content_security_policy/middleware.rb @@ -12,7 +12,7 @@ class ContentSecurityPolicy _, headers, _ = response = @app.call(env) return response unless html_response?(headers) - ContentSecurityPolicy.base_url = request.host_with_port if Rails.env.development? + ContentSecurityPolicy.base_url = request.host_with_port if !Rails.env.production? theme_ids = env[:resolved_theme_ids] diff --git a/lib/tasks/qunit.rake b/lib/tasks/qunit.rake index f476c774b49..a233c56dfda 100644 --- a/lib/tasks/qunit.rake +++ b/lib/tasks/qunit.rake @@ -2,14 +2,10 @@ desc "Runs the qunit test suite" -task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args| - require "rack" +task "qunit:test", [:timeout, :qunit_path] do |_, args| require "socket" require 'rbconfig' - puts "Turning off CSP to allow qunit to run" - SiteSetting.content_security_policy = false - if RbConfig::CONFIG['host_os'][/darwin|mac os/] google_chrome_cli = "/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome" else @@ -45,14 +41,16 @@ task "qunit:test", [:timeout, :qunit_path] => :environment do |_, args| port += 1 end - unless pid = fork - Discourse.after_fork - Rack::Server.start(config: "config.ru", - AccessLog: [], - environment: 'test', - Port: port) - exit - end + pid = Process.spawn( + { + "RAILS_ENV" => "test", + "SKIP_ENFORCE_HOSTNAME" => "1", + "UNICORN_PID_PATH" => "#{Rails.root}/tmp/pids/unicorn_test.pid", # So this can run alongside development + "UNICORN_PORT" => port.to_s, + "UNICORN_SIDEKIQS" => "0" + }, + "#{Rails.root}/bin/unicorn -c config/unicorn.conf.rb" + ) begin success = true