diff --git a/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php b/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php index a3ce0df..c1082f8 100644 --- a/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php +++ b/core/tests/Drupal/Tests/Core/DrupalKernel/TrustedHostsTest.php @@ -44,19 +44,23 @@ public function providerTestTrustedHosts() { // Test our hardcoded defaults for local development with non-production // server configurations. - $data[] = ['localhost', '', '', TRUE]; - $data[] = ['localhost.d8', '', '', TRUE]; - $data[] = ['d8.local', '', '', TRUE]; + $data[] = ['localhost', '', 'localhost is trusted', TRUE]; + $data[] = ['localhost.d8', '', 'localhost.d8 is trusted', TRUE]; + $data[] = ['d8.local', '', 'd8.local is trusted', TRUE]; // Tests canonical URL - $data[] = ['www.example.com', 'www.example.com', '', TRUE]; + $data[] = ['www.example.com', 'www.example.com', 'canonical URL is trusted', TRUE]; + + // Tests missing hostname for HTTP/1.0 compatability where the Host + // header is optional + $data[] = [NULL, 'www.example.com', 'empty Host is valid', TRUE]; // Tests mismatches - $data[] = ['example.com', 'www.example.com', '', FALSE]; - $data[] = ['subdomain.example.com', 'www.example.com', '', FALSE]; - $data[] = ['www.example.org', 'www.example.com', '', FALSE]; - $data[] = ['example.org', 'www.example.com', '', FALSE]; - $data[] = ['www.blackhat.com', 'www.example.com', '', FALSE]; + $data[] = ['example.com', 'www.example.com', 'non-canonical host is not trusted', FALSE]; + $data[] = ['subdomain.example.com', 'www.example.com', 'host with subdomain is not trusted', FALSE]; + $data[] = ['www.example.org', 'www.example.com', 'host with different TLD is not trusted', FALSE]; + $data[] = ['example.org', 'www.example.com', 'host with different TLD is not trusted', FALSE]; + $data[] = ['www.blackhat.com', 'www.example.com', 'unspecified host is untrusted', FALSE]; return $data; } @@ -80,7 +84,10 @@ public function testTrustedHostsWithSettings($host, $server_name, $message, $exp $request = new Request(); - $request->headers->set('HOST', $host); + if (!empty($host)) { + $request->headers->set('HOST', $host); + } + $request->server->set('SERVER_NAME', $server_name); $valid_host = DrupalKernel::setupTrustedHosts($request); @@ -96,21 +103,25 @@ public function providerTestTrustedHostsWithSettings() { // Test our hardcoded defaults for local development with non-production // server configurations. - $data[] = ['localhost', '', '', TRUE]; - $data[] = ['localhost.d8', '', '', TRUE]; - $data[] = ['d8.local', '', '', TRUE]; + $data[] = ['localhost', '', 'localhost is trusted', TRUE]; + $data[] = ['localhost.d8', '', 'localhost.d8 is trusted', TRUE]; + $data[] = ['d8.local', '', 'd8.local is trusted', TRUE]; // Tests canonical URL - $data[] = ['www.example.com', 'www.example.com', '', TRUE]; + $data[] = ['www.example.com', 'www.example.com', 'canonical URL is trusted', TRUE]; + + // Tests missing hostname for HTTP/1.0 compatability where the Host + // header is optional + $data[] = [NULL, 'www.example.com', 'empty Host is valid', TRUE]; // Tests the additional paterns from the settings. - $data[] = ['example.com', 'www.example.com', '', TRUE]; - $data[] = ['subdomain.example.com', 'www.example.com', '', TRUE]; - $data[] = ['www.example.org', 'www.example.com', '', TRUE]; - $data[] = ['example.org', 'www.example.com', '', TRUE]; + $data[] = ['example.com', 'www.example.com', 'host from settings is trusted', TRUE]; + $data[] = ['subdomain.example.com', 'www.example.com', 'host from settings is trusted', TRUE]; + $data[] = ['www.example.org', 'www.example.com', 'host from settings is trusted', TRUE]; + $data[] = ['example.org', 'www.example.com', 'host from settings is trusted', TRUE]; // Tests mismatches - $data[] = ['www.blackhat.com', 'www.example.com', '', FALSE]; + $data[] = ['www.blackhat.com', 'www.example.com', 'unspecified host is untrusted', FALSE]; return $data; }