[ '/path/to/media.php', 'http://www.example.com/', FALSE, ], 'no base URL domain' => [ 'http://www.example.com/media.php', '/invalid/base/url', FALSE, ], 'same domain' => [ 'http://www.example.com/media.php', 'http://www.example.com/', FALSE, ], 'different domain' => [ 'http://www.example.com/media.php', 'http://www.example-assets.com/', TRUE, ], 'same subdomain' => [ 'http://foo.example.com/media.php', 'http://foo.example.com/', FALSE, ], 'different subdomain' => [ 'http://assets.example.com/media.php', 'http://foo.example.com/', TRUE, ], 'subdomain and top-level domain' => [ 'http://assets.example.com/media.php', 'http://example.com/', TRUE, ], ]; } /** * Tests that isSecure() behaves properly. * * @param string $url * The URL to test for security. * @param string $base_url * The base URL to compare $url against. * @param bool $secure * The expected result of isSecure(). * * @covers ::isSecure * * @dataProvider providerIsSecure */ public function testIsSecure($url, $base_url, $secure) { $request_context = $this->prophesize(RequestContext::class); $request_context->getCompleteBaseUrl()->willReturn($base_url); $url_helper = new IFrameUrlHelper( $request_context->reveal(), $this->prophesize(PrivateKey::class)->reveal() ); $this->assertSame($secure, $url_helper->isSecure($url)); } }