Skip to content

fix: Handle origin ports and enable lint-staged#97

Merged
justlevine merged 3 commits intomainfrom
refactor/release-workflow-migration
Apr 23, 2026
Merged

fix: Handle origin ports and enable lint-staged#97
justlevine merged 3 commits intomainfrom
refactor/release-workflow-migration

Conversation

@sabbir1991
Copy link
Copy Markdown
Member

@sabbir1991 sabbir1991 commented Apr 22, 2026
edited by github-actions Bot
Loading

Description

Fix local REST origin validation so OneMedia wp-env environments running on different localhost ports can communicate correctly.

Technical Details

  • Include the origin port when building the request URL during REST permission checks.
  • Pass the origin port into the same-site and governing-site host validation.
  • Align OneMedia localhost validation behavior with OneSearch.

Checklist

  • Fix localhost port-aware REST validation for local wp-env environments.

Screenshots

N/A

To-do

  • Publish ci-artifacts prerelease.
  • Add the repo to Codecov and update CODECOV_TOKEN.
  • Update branch/repo config changes separately.

Fixes/Covers issue

Open WordPress Playground Preview

Copilot AI review requested due to automatic review settings April 22, 2026 17:35
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates REST origin validation to be port-aware (supporting local wp-env setups where sites run on different localhost ports) and enables lint-staged via Lefthook.

Changes:

  • Include the origin port when building the request URL used for REST token lookup.
  • Pass the origin port into same-site and governing-site host validation.
  • Enable lint-staged as a pre-commit hook command.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
inc/Modules/Rest/Abstract_REST_Controller.php Makes REST permission checks and host comparisons aware of the Origin port.
.lefthook.yml Enables lint-staged in the pre-commit hook.
.github/PULL_REQUEST_TEMPLATE.md Simplifies and restructures the PR template sections.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread inc/Modules/Rest/Abstract_REST_Controller.php
Comment on lines +65 to +67
$origin_port = $parsed_origin['port'] ?? 80;

if ( empty( $request_url ) || $this->is_url_from_host( get_site_url(), $parsed_origin['host'], $origin_port ) ) {
Copy link

Copilot AI Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$origin_port defaults to 80 when the Origin header has no explicit port. For https origins this should default to 443 (and in general the default port should be derived from the parsed scheme). As-is, port-aware comparisons can incorrectly fail (or match) when one side includes an explicit default port (e.g., :443) and the other omits it. Consider deriving the default from $parsed_origin['scheme'] and also updating is_url_from_host() to use the parsed URL scheme when defaulting $url_port.

Copilot uses AI. Check for mistakes.
justlevine
justlevine requested changes Apr 22, 2026
View reviewed changes
Comment thread .github/PULL_REQUEST_TEMPLATE.md
Copy link
Copy Markdown
Collaborator

@justlevine justlevine Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets revert this file back. Not sure why onesearch isnt using the template from plugin-skeleton-d but it's really bad and doesn't make sense in a public-facing repo.

Copy link
Copy Markdown
Member Author

@sabbir1991 sabbir1991 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done on this comment 82e2b0b

@justlevine justlevine changed the title Handle origin ports and enable lint-staged fix: Handle origin ports and enable lint-staged Apr 22, 2026
@justlevine justlevine changed the base branch from develop to main April 22, 2026 18:49
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 23, 2026

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

@justlevine justlevine merged commit d4c9006 into main Apr 23, 2026
16 checks passed
@justlevine justlevine deleted the refactor/release-workflow-migration branch April 23, 2026 06:16
@github-actions github-actions Bot mentioned this pull request Apr 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@justlevine justlevine justlevine approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sabbir1991 @codecov-commenter @justlevine