Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/includes
History
Timo Tijhof b28faecb2b ResourceLoader: Remove support for CSP nonce 
The "nonce" CSP feature has been never been properly tested and is not
on track to be enabled at WMF or in MW by default. The use of
nonce-protected eval is not particularly meaningful. It is trivially
bypassed by mw.loader.implement, mw.loader.store, or importScript();
all of which allow any code to be executed directly, or to be stored
and loaded from a first-party origin.

The "nonce" feature is not required for the T208188 roadmap, and with
change I51b8535b2b21a3 there is now also a (small) performance reason
to keep this disabled long-term.

Until and unless there is a plan for enabling this particular aspect
of CSP, we might as well remove it so that we don't waste time our
time building abstraction layers and satisfying dependency injection
through many years for something that might never be used.

Note that this does not remove CSP support from ResourceLoader, and
does not take away from the future of enabling CSP in MediaWiki to
e.g. strictly block third-party scripts, or to require domains to
opt-in by site config or user pref (T208188).

Change-Id: I5a176c41a06a484a11e64bdacdc42b40811fe72e
2023-08-09 02:30:39 +01:00
..
actions Fix DB usage in non-database tests 2023-07-21 13:52:47 +02:00
api Avoid DB access in more non-Database tests 2023-08-06 16:07:27 +00:00
auth Auth: Introduce several AuthManager session keys as constants 2023-08-06 12:55:40 +01:00
block Merge "block: Simplify deletion by parent id for BlockRestrictionStore" 2023-08-02 16:55:20 +00:00
cache language: Move tests from /cache to /language 2023-07-28 15:23:06 +02:00
changes EnhancedChangesList: Use HTML/CSS for collapsing 2023-07-13 23:12:45 +00:00
changetags Simplify WHERE conditions with field IS NULL 2023-07-24 19:22:36 +02:00
collation tests: Make some PHPUnit data providers static 2023-05-20 01:05:27 +02:00
config config: Widen @covers annotations in unit tests 2023-07-24 05:33:30 +01:00
content Merge "Hard-deprecate ParserOutput::{get,set}Flag()" 2023-08-02 17:48:18 +00:00
db rdbms: Move two static methods of LBFactory to ChronologyProtector 2023-08-01 10:40:52 +00:00
debug tests: Change expectDeprecation to expectDeprecationAndContinue 2023-07-18 16:35:43 +00:00
deferred Avoid DB access in more non-Database tests 2023-08-06 16:07:27 +00:00
diff Merge "Add support for wikidiff2_multi_format_diff()" 2023-07-31 11:54:12 +00:00
editpage editpage: Fix use of includeonly for preload of page in mw namespace 2023-07-07 19:01:59 +02:00
exception
externalstore
filebackend
filerepo Migrate more calls of Database::select* to SelectQueryBuilder 2023-07-26 13:01:28 +02:00
GlobalFunctions Resolve GlobalFunctions phpunit filename deprecation errors 2023-07-01 09:30:42 +00:00
HookContainer Remove the $replace parameter from HookContainer::scopedRegister. 2023-06-14 11:00:54 +00:00
htmlform htmlform: Allow validation-callback to return Status instances 2023-07-09 19:53:01 +02:00
http
import WikiImporter: Improve error message output 2023-07-09 22:48:55 +00:00
installer
interwiki tests: Migrate Database::delete calls to DeleteQueryBuilder 2023-07-14 14:48:42 +02:00
jobqueue Deprecate MediaWikiIntegrationTestCase::$users 2023-07-25 12:12:43 +00:00
language Language: Remove deprecated functions and constants 2023-08-06 00:53:30 +02:00
languages Add tests for date formatting in Walloon (wa) 2023-08-04 16:45:32 +02:00
libs objectcache: Reduce boilerplate and indirection around makeKey() 2023-08-03 10:42:56 +02:00
linkeddata tests: Make some PHPUnit data providers static 2023-05-20 01:05:27 +02:00
linker Fix space after comma in single-line array declaration 2023-07-24 19:04:59 +02:00
logging Avoid DB access in more non-Database tests 2023-08-06 16:07:27 +00:00
mail tests: Make some PHPUnit data providers static 2023-05-20 01:05:27 +02:00
media Avoid calling overrideConfigValue() multiple times 2023-07-20 14:59:42 +02:00
Message
Navigation tests: Change some setMwGlobals to overrideConfigValue 2023-07-17 23:02:32 +02:00
objectcache Avoid DB access in more non-Database tests 2023-08-06 16:07:27 +00:00
page Fix more non-database tests accessing the database 2023-08-06 15:30:41 +00:00
pager Fix DB usage in non-database tests 2023-07-21 13:52:47 +02:00
ParamValidator/TypeDef tests: Avoid database usage when possible 2023-07-31 00:46:13 +00:00
parser Fix more non-database tests accessing the database 2023-08-06 15:30:41 +00:00
password
Permissions Avoid calling overrideConfigValue() multiple times 2023-07-20 14:59:42 +02:00
poolcounter
preferences Fix more non-database tests accessing the database 2023-08-06 15:30:41 +00:00
profiler
rcfeed rcfeed: Add 'notify_url' and 'title_url' to MachineReadableRCFeedFormatter 2023-05-19 15:48:40 +03:00
registration Simplify HookContainer (v2) 2023-06-06 12:06:23 +02:00
ResourceLoader ResourceLoader: Remove support for CSP nonce 2023-08-09 02:30:39 +01:00
Rest tests: Prevent leaking $_SERVER in RequestFromGlobalsTest 2023-07-19 09:23:52 +02:00
Revision Migrate last batch of simple Database::select* calls to SQB 2023-08-01 20:38:13 +02:00
search Fix more non-database tests accessing the database 2023-08-06 15:30:41 +00:00
session Reorg: Move ProxyLookup to Request/ 2023-08-06 12:22:58 +02:00
shell Make Shell::makeScriptCommand use run.php 2023-07-25 01:35:59 +00:00
site site: Use DeleteQueryBuilder in DBSiteStore 2023-07-06 22:18:36 +00:00
skins ResourceLoader: Remove support for CSP nonce 2023-08-09 02:30:39 +01:00
sparql tests: Make some PHPUnit data providers static 2023-05-20 01:05:27 +02:00
specialpage Merge "Simplify WHERE conditions with field IS NULL" 2023-07-24 18:34:30 +00:00
specials tests: Avoid database usage when possible 2023-07-31 00:46:13 +00:00
Storage Migrate assertSelect() to SelectQueryBuilder 2023-06-28 09:03:58 +10:00
title Inject extension namespaces into NamespaceInfo 2023-07-16 22:53:26 +02:00
upload Replace usages of ApiTestCase::$users 2023-07-25 12:12:58 +00:00
user Merge "tests: Avoid database usage when possible" 2023-08-01 09:07:20 +00:00
utils
watcheditem Deprecate MediaWikiIntegrationTestCase::$users 2023-07-25 12:12:43 +00:00
AutoLoaderTest.php
CategoryTest.php Category: Widen @covers annotations in unit tests 2023-05-30 15:59:25 +01:00
CommentStoreCommentTest.php
CommentStoreTest.php CommentStore: Drop temp table code 2023-06-13 23:30:58 +00:00
CommentStoreTest.sql
ContentSecurityPolicyTest.php ResourceLoader: Remove support for CSP nonce 2023-08-09 02:30:39 +01:00
EditPageConstraintsTest.php tests: Migrate calls to Database::update to UpdateQueryBuilder 2023-07-14 15:40:11 +02:00
EditPageTest.php tests: Migrate calls to Database::update to UpdateQueryBuilder 2023-07-14 15:40:11 +02:00
ExportTest.php tests: Require existing page in ExportTest 2023-07-29 18:24:27 +00:00
ExtraParserTest.php
FauxRequestTest.php Replace some more usages of deprecated MWException 2023-06-09 02:07:08 +02:00
GitInfoTest.php
HooksTest.php HookContainer: avoid instantiation of handlers when calling register() 2023-07-22 16:40:14 +02:00
HtmlTest.php tests: Change some setMwGlobals to overrideConfigValue 2023-07-17 23:02:32 +02:00
LinkerTest.php tests: Use Title::makeTitle instead of Title::newFromText 2023-06-19 21:54:57 +02:00
LinkFilterTest.php ExternalLinks: Make oneWildcard avoid adding wildcard to domain 2023-07-10 18:38:55 +02:00
MediaWikiServicesTest.php Avoid DB access in more non-Database tests 2023-08-06 16:07:27 +00:00
MediaWikiTest.php phpunit: Do not call addCoreDBData if the test doesn't need the DB 2023-07-25 11:59:31 +00:00
MediaWikiVersionFetcherTest.php
MergeHistoryTest.php phpunit: Update @covers annotations for namespaced classes 2023-05-27 17:43:12 +08:00
MessageTest.php MWTimestamp,Message: Widen @covers annotations in unit tests 2023-06-03 16:30:15 +01:00
MockServiceWiring.php
MovePageTest.php Migrate assertSelect() to SelectQueryBuilder 2023-06-28 09:03:58 +10:00
MultiHttpClientTest.php
MWTimestampTest.php MWTimestamp,Message: Widen @covers annotations in unit tests 2023-06-03 16:30:15 +01:00
OutputPageTest.php ResourceLoader: Remove support for CSP nonce 2023-08-09 02:30:39 +01:00
SampleTest.php tests: Use Title::makeTitle instead of Title::newFromText 2023-06-19 21:54:57 +02:00
SiteStatsTest.php phpunit: Update @covers annotations for namespaced classes 2023-05-27 17:43:12 +08:00
StatusTest.php
TemplateCategoriesTest.php phpunit: Update @covers annotations for namespaced classes 2023-05-27 17:43:12 +08:00
TestUser.php Merge "tests: Migrate Database::update usages to UpdateQueryBuilder" 2023-06-08 13:25:06 +00:00
TestUserRegistry.php Remove non-existing password parameter in TestUserRegistry 2023-07-07 10:38:32 +02:00
TimeAdjustTest.php
TitleTest.php Avoid calling overrideConfigValue() multiple times 2023-07-20 14:59:42 +02:00
TitleUrlTest.php phpunit: Update @covers annotations for namespaced classes 2023-05-27 17:43:12 +08:00
TrackingCategoriesTest.php
WebRequestTest.php Reorg: Move ProxyLookup to Request/ 2023-08-06 12:22:58 +02:00
WikiMapTest.php Fix space after comma in single-line array declaration 2023-07-24 19:04:59 +02:00
XmlTest.php [tests] Add a regression test for Xml::input 2023-07-11 18:17:00 +02:00