BookStack/phpunit.xml
Dan Brown 92922288dd
Added iframe CSP, improved session cookie security
Added iframe CSP headers with configuration via .env.
Updated session cookies to be lax by default, dynamically changing to
none when iframes configured to allow third-party control.
Updated cookie security to be auto-secure if a https APP_URL is set.

Related to #2427 and #2207.
2021-01-02 02:43:50 +00:00

60 lines
2.6 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false"
backupStaticAttributes="false"
bootstrap="vendor/autoload.php"
colors="true"
convertErrorsToExceptions="true"
convertNoticesToExceptions="true"
convertWarningsToExceptions="true"
processIsolation="false"
stopOnFailure="false">
<testsuites>
<testsuite name="Application Test Suite">
<directory>./tests/</directory>
</testsuite>
</testsuites>
<filter>
<whitelist>
<directory suffix=".php">app/</directory>
</whitelist>
</filter>
<php>
<server name="APP_ENV" value="testing"/>
<server name="APP_DEBUG" value="false"/>
<server name="APP_LANG" value="en"/>
<server name="APP_THEME" value="none"/>
<server name="APP_AUTO_LANG_PUBLIC" value="true"/>
<server name="APP_URL" value="http://bookstack.dev"/>
<server name="ALLOWED_IFRAME_HOSTS" value=""/>
<server name="CACHE_DRIVER" value="array"/>
<server name="SESSION_DRIVER" value="array"/>
<server name="QUEUE_CONNECTION" value="sync"/>
<server name="DB_CONNECTION" value="mysql_testing"/>
<server name="BCRYPT_ROUNDS" value="4"/>
<server name="MAIL_DRIVER" value="array"/>
<server name="LOG_CHANNEL" value="single"/>
<server name="AUTH_METHOD" value="standard"/>
<server name="DISABLE_EXTERNAL_SERVICES" value="true"/>
<server name="AVATAR_URL" value=""/>
<server name="LDAP_VERSION" value="3"/>
<server name="SESSION_SECURE_COOKIE" value="null"/>
<server name="STORAGE_TYPE" value="local"/>
<server name="STORAGE_ATTACHMENT_TYPE" value="local"/>
<server name="STORAGE_IMAGE_TYPE" value="local"/>
<server name="GITHUB_APP_ID" value="aaaaaaaaaaaaaa"/>
<server name="GITHUB_APP_SECRET" value="aaaaaaaaaaaaaa"/>
<server name="GITHUB_AUTO_REGISTER" value=""/>
<server name="GITHUB_AUTO_CONFIRM_EMAIL" value=""/>
<server name="GOOGLE_APP_ID" value="aaaaaaaaaaaaaa"/>
<server name="GOOGLE_APP_SECRET" value="aaaaaaaaaaaaaa"/>
<server name="GOOGLE_AUTO_REGISTER" value=""/>
<server name="GOOGLE_AUTO_CONFIRM_EMAIL" value=""/>
<server name="GOOGLE_SELECT_ACCOUNT" value=""/>
<server name="DEBUGBAR_ENABLED" value="false"/>
<server name="SAML2_ENABLED" value="false"/>
<server name="API_REQUESTS_PER_MIN" value="180"/>
<server name="LOG_FAILED_LOGIN_MESSAGE" value=""/>
<server name="LOG_FAILED_LOGIN_CHANNEL" value="testing"/>
</php>
</phpunit>