Fix invalid URL protocol for local development

.github/workflows/build-test-measure.yml

@@ -542,6 +542,10 @@ jobs:
         if: needs.pre-run.outputs.changed-php-count > 0
         run: cp -r "$PWD" "$WP_CORE_DIR/src/wp-content/plugins/amp"
 
+      - name: Setup required WP constants
+        run: |
+          echo "WP_ENVIRONMENT_TYPE=local" >> $GITHUB_ENV
+
       - name: Run tests
         if: ${{ matrix.coverage == false && needs.pre-run.outputs.changed-php-count > 0 }}
         run: vendor/bin/phpunit --verbose

includes/amp-helper-functions.php

@@ -1450,6 +1450,16 @@ function amp_is_dev_mode() {
 			( is_admin_bar_showing() && is_user_logged_in() )
 			||
 			is_customize_preview()
+			||
+			(
+				! is_ssl()
+				&&
+				function_exists( 'wp_get_environment_type' )
+				&&
+				'local' === wp_get_environment_type()
+				&&
+				'localhost' === wp_parse_url( home_url(), PHP_URL_HOST )
+			)
 		)
 	);
 }
@@ -1522,6 +1532,7 @@ function amp_get_content_sanitizers( $post = null ) {
 		AMP_Theme_Support::TRANSITIONAL_MODE_SLUG === AMP_Options_Manager::get_option( Option::THEME_SUPPORT )
 	);
 
+	$is_dev_mode     = amp_is_dev_mode();
 	$native_img_used = amp_is_native_img_used();
 
 	$sanitizers = [
@@ -1590,7 +1601,8 @@ function amp_get_content_sanitizers( $post = null ) {
 		AMP_Accessibility_Sanitizer::class         => [],
 		// Note: This validating sanitizer must come at the end to clean up any remaining issues the other sanitizers didn't catch.
 		AMP_Tag_And_Attribute_Sanitizer::class     => [
-			'prefer_bento' => amp_is_bento_enabled(),
+			'prefer_bento'                  => amp_is_bento_enabled(),
+			'allow_localhost_http_protocol' => $is_dev_mode,
 		],
 	];
 
@@ -1651,7 +1663,7 @@ function amp_get_content_sanitizers( $post = null ) {
 	 */
 	$sanitizers = apply_filters( 'amp_content_sanitizers', $sanitizers, $post );
 
-	if ( amp_is_dev_mode() ) {
+	if ( $is_dev_mode ) {
 		/**
 		 * Filters the XPath queries for elements that should be enabled for dev mode.
 		 *
@@ -1696,6 +1708,11 @@ function amp_get_content_sanitizers( $post = null ) {
 			);
 		}
 
+		// Mark the manifest output by PWA plugin as being in dev mode.
+		if ( ! is_ssl() && 'localhost' === $parsed_home_url['host'] ) {
+			$dev_mode_xpaths[] = '//link[@rel="manifest" and contains(@href, "web-app-manifest")]';
+		}
+
 		$sanitizers = array_merge(
 			[
 				AMP_Dev_Mode_Sanitizer::class => [

includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php

@@ -92,6 +92,13 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
 	const SPECIFIED_LAYOUT_INVALID             = 'SPECIFIED_LAYOUT_INVALID';
 	const WRONG_PARENT_TAG                     = 'WRONG_PARENT_TAG';
 
+	/**
+	 * Key for localhost.
+	 *
+	 * @var string
+	 */
+	const LOCALHOST = 'localhost';
+
 	/**
 	 * Allowed tags.
 	 *
@@ -184,6 +191,7 @@ public function __construct( $dom, $args = [] ) {
 			'amp_globally_allowed_attributes' => AMP_Allowed_Tags_Generated::get_allowed_attributes(),
 			'amp_layout_allowed_attributes'   => AMP_Allowed_Tags_Generated::get_layout_attributes(),
 			'prefer_bento'                    => false,
+			'allow_localhost_http_protocol'   => false,
 		];
 
 		parent::__construct( $dom, $args );
@@ -1939,7 +1947,9 @@ private function check_attr_spec_rule_allowed_protocol( DOMElement $node, $attr_
 			if ( $node->hasAttribute( $attr_name ) ) {
 				foreach ( $this->extract_attribute_urls( $node->getAttributeNode( $attr_name ) ) as $url ) {
 					$url_scheme = $this->parse_protocol( $this->normalize_url_from_attribute_value( $url ) );
-					if ( isset( $url_scheme ) && ! in_array( strtolower( $url_scheme ), $attr_spec_rule[ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOWED_PROTOCOL ], true ) ) {
+					if ( $this->args['allow_localhost_http_protocol'] && self::LOCALHOST === wp_parse_url( $url, PHP_URL_HOST ) ) {
+						return AMP_Rule_Spec::PASS;
+					} elseif ( isset( $url_scheme ) && ! in_array( strtolower( $url_scheme ), $attr_spec_rule[ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOWED_PROTOCOL ], true ) ) {
 						return AMP_Rule_Spec::FAIL;
 					}
 				}
@@ -1951,7 +1961,9 @@ private function check_attr_spec_rule_allowed_protocol( DOMElement $node, $attr_
 					if ( $node->hasAttribute( $alternative_name ) ) {
 						foreach ( $this->extract_attribute_urls( $node->getAttributeNode( $alternative_name ), $attr_name ) as $url ) {
 							$url_scheme = $this->parse_protocol( $this->normalize_url_from_attribute_value( $url ) );
-							if ( isset( $url_scheme ) && ! in_array( strtolower( $url_scheme ), $attr_spec_rule[ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOWED_PROTOCOL ], true ) ) {
+							if ( $this->args['allow_localhost_http_protocol'] && self::LOCALHOST === wp_parse_url( $url, PHP_URL_HOST ) ) {
+								return AMP_Rule_Spec::PASS;
+							} elseif ( isset( $url_scheme ) && ! in_array( strtolower( $url_scheme ), $attr_spec_rule[ AMP_Rule_Spec::VALUE_URL ][ AMP_Rule_Spec::ALLOWED_PROTOCOL ], true ) ) {
 								return AMP_Rule_Spec::FAIL;
 							}
 						}

package.json

@@ -144,6 +144,7 @@
     "test:js:update-snapshots": "npm run test:js -- --updateSnapshot",
     "test:js:watch": "npm run test:js -- --watch",
     "test:php": "wp-env run phpunit 'env WP_PHPUNIT__TESTS_CONFIG=/wordpress-phpunit/wp-tests-config.php WORDPRESS_TABLE_PREFIX=wptests_ WP_TESTS_DIR=/var/www/wordpress-develop/tests/phpunit /var/www/html/wp-content/plugins/amp/vendor/bin/phpunit -c /var/www/html/wp-content/plugins/amp/phpunit.xml.dist $npm_config_args'",
+    "test:php:coverage": "wp-env run tests-wordpress 'env WP_TESTS_DIR=/var/www/wordpress-develop/tests/phpunit WP_PHPUNIT__TESTS_CONFIG=/wordpress-phpunit/wp-tests-config.php /var/www/html/wp-content/plugins/amp/vendor/bin/phpunit -c /var/www/html/wp-content/plugins/amp/phpunit.xml.dist --coverage-html /var/www/html/wp-content/plugins/amp/coverage'",
     "test:php:multisite": "wp-env run phpunit 'env WP_MULTISITE=1 WP_PHPUNIT__TESTS_CONFIG=/wordpress-phpunit/wp-tests-config.php WORDPRESS_TABLE_PREFIX=wptests_ WP_TESTS_DIR=/var/www/wordpress-develop/tests/phpunit /var/www/html/wp-content/plugins/amp/vendor/bin/phpunit -c /var/www/html/wp-content/plugins/amp/phpunit.xml.dist $npm_config_args'",
     "test:php:xdebug": "wp-env run tests-wordpress 'env PHP_IDE_CONFIG=serverName=localhost WORDPRESS_TABLE_PREFIX=wptests_ WP_TESTS_DIR=/var/www/wordpress-develop/tests/phpunit WP_PHPUNIT__TESTS_CONFIG=/wordpress-phpunit/wp-tests-config.php /var/www/html/wp-content/plugins/amp/vendor/bin/phpunit -c /var/www/html/wp-content/plugins/amp/phpunit.xml.dist $npm_config_args'",
     "test:php:help": "npm run test:php --args='--help'",
@@ -159,4 +160,4 @@
     }
   },
   "title": "AMP for WordPress"
-}
+}

tests/php/test-amp-helper-functions.php

@@ -1897,6 +1897,10 @@ public function test_amp_get_content_embed_handlers() {
 	public function test_amp_is_dev_mode() {
 		AMP_Options_Manager::update_option( Option::THEME_SUPPORT, AMP_Theme_Support::STANDARD_MODE_SLUG );
 
+		// Enabale HTTPS to short circuit `amp_is_dev_mode()` in multiste tests which depends on wp-env.
+		// We require it because wp-env already meets the prerequisites for local development.
+		$_SERVER['HTTPS'] = 'on';
+
 		$this->assertFalse( amp_is_dev_mode() );
 		add_filter( 'amp_dev_mode_enabled', '__return_true' );
 		$this->assertTrue( amp_is_dev_mode() );
@@ -1916,6 +1920,26 @@ public function test_amp_is_dev_mode() {
 		$this->assertFalse( is_user_logged_in() );
 		$this->assertTrue( is_admin_bar_showing() );
 		$this->assertFalse( amp_is_dev_mode() );
+
+		if ( function_exists( 'wp_get_environment_type' ) ) {
+			// Just to ensure is_ssl() is false.
+			$_SERVER['HTTPS'] = false;
+
+			add_filter(
+				'home_url',
+				static function () {
+					return 'http://localhost';
+				}
+			);
+
+			$this->assertFalse( is_ssl() );
+			$this->assertTrue( amp_is_dev_mode() );
+			$this->assertEquals( 'local', wp_get_environment_type() );
+			$this->assertTrue( 'localhost' === wp_parse_url( home_url(), PHP_URL_HOST ) );
+		} else {
+			$this->assertFalse( amp_is_dev_mode() );
+			$this->assertFalse( function_exists( 'wp_get_environment_type' ) );
+		}
 	}
 
 	/**
@@ -1958,6 +1982,10 @@ public function test_amp_get_content_sanitizers() {
 		$post = self::factory()->post->create_and_get();
 		add_filter( 'amp_content_sanitizers', [ $this, 'capture_filter_call' ], 10, 2 );
 
+		// Enabale HTTPS to short circuit `amp_is_dev_mode()` in multiste tests which depends on wp-env.
+		// We require it because wp-env already meets the prerequisites for local development.
+		$_SERVER['HTTPS'] = 'on';
+
 		$this->last_filter_call = null;
 		AMP_Options_Manager::update_option( Option::THEME_SUPPORT, AMP_Theme_Support::STANDARD_MODE_SLUG );
 		$handlers = amp_get_content_sanitizers();
@@ -2034,6 +2062,10 @@ function ( $xpaths ) use ( $element_xpaths ) {
 			}
 		);
 
+		// Enabale HTTPS to short circuit `amp_is_dev_mode()` in multiste tests which depends on wp-env.
+		// We require it because wp-env already meets the prerequisites for local development.
+		$_SERVER['HTTPS'] = 'on';
+
 		// Check that AMP_Dev_Mode_Sanitizer is not registered if not in dev mode.
 		$sanitizers = amp_get_content_sanitizers();
 		$this->assertFalse( amp_is_dev_mode() );
@@ -2091,6 +2123,13 @@ public function test_amp_get_content_sanitizers_with_post_preview() {
 		);
 		$this->go_to( get_preview_post_link( $post ) );
 
+		add_filter(
+			'home_url',
+			static function () {
+				return 'http://localhost';
+			}
+		);
+
 		$sanitizers = amp_get_content_sanitizers();
 		$this->assertTrue( is_admin_bar_showing() );
 		$this->assertTrue( amp_is_dev_mode() );
@@ -2102,6 +2141,7 @@ public function test_amp_get_content_sanitizers_with_post_preview() {
 				'//*[ @id = "wpadminbar" ]//*',
 				'//style[ @id = "admin-bar-inline-css" ]',
 				'//script[ not( @src ) and contains( text(), "document.location.search" ) and contains( text(), "preview=true" ) and contains( text(), "unload" ) and contains( text(), "window.name" ) and contains( text(), "wp-preview-' . $post . '" ) ]',
+				'//link[@rel="manifest" and contains(@href, "web-app-manifest")]',
 			],
 			$sanitizers[ AMP_Dev_Mode_Sanitizer::class ]['element_xpaths']
 		);