From: Simon McVittie <smcv@debian.org>
Date: Sun, 5 Oct 2014 13:29:32 +0000 (+0100)
Subject: add the beginnings of a test for CGI/static URL interactions
X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/commitdiff_plain/823268e5c78be454f0da5013c1bfa7e5d936902d

add the beginnings of a test for CGI/static URL interactions
---

diff --git a/doc/todo/design_for_cross-linking_between_content_and_CGI.mdwn b/doc/todo/design_for_cross-linking_between_content_and_CGI.mdwn
index 64b3e848c..7c920f01f 100644
--- a/doc/todo/design_for_cross-linking_between_content_and_CGI.mdwn
+++ b/doc/todo/design_for_cross-linking_between_content_and_CGI.mdwn
@@ -109,3 +109,10 @@ in the setup file as http if you intend that they will most commonly
 be accessed via http (e.g. the "my cert is not CA-cartel approved"
 use-case), or as https if you intend to force accesses into
 being via https (the "my wiki is secret" use-case).
+
+# Regression test
+
+I've added a regression test in `t/relativity.t`. We might want to
+consider dropping some of it or skipping it unless a special environment
+variable is set once this is all working, since it's a bit slow.
+--[[smcv]]
diff --git a/t/relativity.t b/t/relativity.t
new file mode 100755
index 000000000..ca1664f3c
--- /dev/null
+++ b/t/relativity.t
@@ -0,0 +1,601 @@
+#!/usr/bin/perl
+use warnings;
+use strict;
+
+use Cwd qw(getcwd);
+use Errno qw(ENOENT);
+
+BEGIN {
+	if (!eval q{
+		use IPC::Run qw(run);
+		1;
+	}) {
+		eval q{use Test::More skip_all => "IPC::Run not available"};
+	}
+	else {
+		eval q{use Test::More};
+	}
+	use_ok("IkiWiki");
+}
+
+my $pwd = getcwd();
+
+# Black-box (ish) test for relative linking between CGI and static content
+
+my $blob;
+my ($content, $in, %bits);
+
+sub parse_cgi_content {
+	my %bits;
+	if ($content =~ qr{<base href="([^"]+)" */>}) {
+		$bits{basehref} = $1;
+	}
+	if ($content =~ qr{href="([^"]+/style.css)"}) {
+		$bits{stylehref} = $1;
+	}
+	if ($content =~ qr{class="parentlinks">\s+<a href="([^"]+)">this is the name of my wiki</a>/}s) {
+		$bits{tophref} = $1;
+	}
+	if ($content =~ qr{<a[^>]+href="([^"]+)\?do=prefs"}) {
+		$bits{cgihref} = $1;
+	}
+	return %bits;
+}
+
+ok(! system("make -s ikiwiki.out"));
+ok(! system("rm -rf t/tmp"));
+ok(! system("mkdir t/tmp"));
+
+sub write_old_file {
+	my $name = shift;
+	my $content = shift;
+
+	writefile($name, "t/tmp/in", $content);
+	ok(utime(333333333, 333333333, "t/tmp/in/$name"));
+}
+
+write_old_file("a.mdwn", "A");
+write_old_file("a/b.mdwn", "B");
+write_old_file("a/b/c.mdwn",
+"* A: [[a]]\n".
+"* B: [[b]]\n".
+"* E: [[a/d/e]]\n");
+write_old_file("a/d.mdwn", "D");
+write_old_file("a/d/e.mdwn", "E");
+
+#######################################################################
+# site 1: a perfectly ordinary ikiwiki
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+url: "http://example.com/wiki/"
+cgiurl: "http://example.com/cgi-bin/ikiwiki.cgi"
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+# make it easier to test previewing
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi") || $!{ENOENT});
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+my (undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# url and cgiurl are on the same host so the cgiurl is host-relative
+like($content, qr{<a[^>]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "http://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:http:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:http:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when accessed via HTTPS, links are secure
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "https://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when accessed via a different hostname, links stay on that host
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'staging.example.net';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "http://staging.example.net/wiki/");
+like($bits{stylehref}, qr{^(?:(?:http:)?//staging.example.net)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$});
+
+# previewing a page
+$in = 'do=edit&page=a/b/c&Preview';
+run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'POST';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{CONTENT_LENGTH} = length $in;
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "http://example.com/wiki/a/b/c/");
+like($bits{stylehref}, qr{^(?:(?:http:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$});
+like($bits{cgihref}, qr{^(?:(?:http:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+#######################################################################
+# site 2: static content and CGI are on different servers
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+url: "http://static.example.com/"
+cgiurl: "http://cgi.example.com/ikiwiki.cgi"
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+# make it easier to test previewing
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi"));
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+(undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# url and cgiurl are not on the same host so the cgiurl has to be
+# protocol-relative or absolute
+like($content, qr{<a[^>]+href="(?:http:)?//cgi.example.com/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are still relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'cgi.example.com';
+});
+%bits = parse_cgi_content($content);
+like($bits{basehref}, qr{^http://static.example.com/$});
+like($bits{stylehref}, qr{^(?:(?:http:)?//static.example.com)?/style.css$});
+like($bits{tophref}, qr{^(?:http:)?//static.example.com/$});
+like($bits{cgihref}, qr{^(?:(?:http:)?//cgi.example.com)?/ikiwiki.cgi$});
+
+# when accessed via HTTPS, links are secure
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'cgi.example.com';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+TODO: {
+local $TODO = "avoid mixed content";
+like($bits{basehref}, qr{^https://static.example.com/$});
+like($bits{stylehref}, qr{^(?:(?:https:)?//static.example.com)?/style.css$});
+like($bits{tophref}, qr{^(?:https:)?//static.example.com/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//cgi.example.com)?/ikiwiki.cgi$});
+}
+
+# when accessed via a different hostname, links to the CGI (only) should
+# stay on that host?
+$in = 'do=edit&page=a/b/c&Preview';
+run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'POST';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/ikiwiki.cgi';
+	$ENV{HTTP_HOST} = 'staging.example.net';
+	$ENV{HTTPS} = 'on';
+	$ENV{CONTENT_LENGTH} = length $in;
+});
+like($bits{basehref}, qr{^http://static.example.com/$});
+like($bits{stylehref}, qr{^(?:(?:http:)?//static.example.com)?/style.css$});
+like($bits{tophref}, qr{^(?:http:)?//static.example.com/$});
+TODO: {
+local $TODO = "use self-referential CGI URL?";
+like($bits{cgihref}, qr{^(?:(?:http:)?//staging.example.net)?/ikiwiki.cgi$});
+}
+
+#######################################################################
+# site 3: we specifically want everything to be secure
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+url: "https://example.com/wiki/"
+cgiurl: "https://example.com/cgi-bin/ikiwiki.cgi"
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+# make it easier to test previewing
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi"));
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+(undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# url and cgiurl are on the same host so the cgiurl is host-relative
+like($content, qr{<a[^>]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+# when accessed via HTTPS, links are secure
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "https://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when not accessed via HTTPS, links should still be secure
+# (but if this happens, that's a sign of web server misconfiguration)
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+});
+%bits = parse_cgi_content($content);
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+TODO: {
+local $TODO = "treat https in configured url, cgiurl as required?";
+is($bits{basehref}, "https://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+}
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when accessed via a different hostname, links stay on that host
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'staging.example.net';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "https://staging.example.net/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//staging.example.net)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$});
+
+# previewing a page
+$in = 'do=edit&page=a/b/c&Preview';
+run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'POST';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{CONTENT_LENGTH} = length $in;
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+is($bits{basehref}, "https://example.com/wiki/a/b/c/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+#######################################################################
+# site 4 (NetBSD wiki): CGI is secure, static content doesn't have to be
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+url: "http://example.com/wiki/"
+cgiurl: "https://example.com/cgi-bin/ikiwiki.cgi"
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+# make it easier to test previewing
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi"));
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+(undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# url and cgiurl are on the same host but different schemes
+like($content, qr{<a[^>]+href="https://example.com/cgi-bin/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+# when accessed via HTTPS, links are secure (to avoid mixed-content)
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+TODO: {
+local $TODO = "avoid mixed content";
+is($bits{basehref}, "https://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+}
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when not accessed via HTTPS, ???
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'example.com';
+});
+%bits = parse_cgi_content($content);
+like($bits{basehref}, qr{^https?://example.com/wiki/$});
+like($bits{stylehref}, qr{^(?:(?:https?:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:(?:https?://example.com)?/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# when accessed via a different hostname, links stay on that host
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'staging.example.net';
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+TODO: {
+local $TODO = "avoid mixed content";
+like($bits{basehref}, qr{^https://example.com/wiki/$});
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+like($bits{tophref}, qr{^(?:(?:(?:https:)?//example.com)?/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//staging.example.net)?/cgi-bin/ikiwiki.cgi$});
+}
+
+# previewing a page
+$in = 'do=edit&page=a/b/c&Preview';
+run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'POST';
+	$ENV{SERVER_PORT} = '443';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{HTTP_HOST} = 'example.com';
+	$ENV{CONTENT_LENGTH} = length $in;
+	$ENV{HTTPS} = 'on';
+});
+%bits = parse_cgi_content($content);
+TODO: {
+local $TODO = "avoid mixed content";
+is($bits{basehref}, "https://example.com/wiki/a/b/c/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+}
+like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+
+# Deliberately not testing https static content with http cgiurl,
+# because that makes remarkably little sense.
+
+#######################################################################
+# site 5: w3mmode, as documented in [[w3mmode]]
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+cgiurl: ikiwiki.cgi
+w3mmode: 1
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi"));
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+(undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# FIXME: does /$LIB/ikiwiki-w3m.cgi work under w3m?
+like($content, qr{<a[^>]+href="(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are still relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{PATH_INFO} = '/ikiwiki.cgi';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki-w3m.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+});
+%bits = parse_cgi_content($content);
+like($bits{tophref}, qr{^(?:\Q$pwd\E/t/tmp/out|\.)/$});
+like($bits{cgihref}, qr{^(?:file://)?/\$LIB/ikiwiki-w3m.cgi/ikiwiki.cgi$});
+TODO: {
+local $TODO = "should be file:///";
+like($bits{basehref}, qr{^(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out/$});
+like($bits{stylehref}, qr{^(?:(?:(?:file:)?//)?\Q$pwd\E/t/tmp/out|\.)/style.css$});
+}
+
+#######################################################################
+# site 6: we're behind a reverse-proxy
+
+writefile("test.setup", "t/tmp", <<EOF
+# IkiWiki::Setup::Yaml - YAML formatted setup file
+wikiname: this is the name of my wiki
+srcdir: t/tmp/in
+destdir: t/tmp/out
+templatedir: templates
+url: "https://example.com/wiki/"
+cgiurl: "https://example.com/cgi-bin/ikiwiki.cgi"
+cgi_wrapper: t/tmp/ikiwiki.cgi
+cgi_wrappermode: 0754
+# make it easier to test previewing
+add_plugins:
+- anonok
+anonok_pagespec: "*"
+reverse_proxy: 1
+EOF
+);
+
+ok(unlink("t/tmp/ikiwiki.cgi"));
+ok(! system("./ikiwiki.out --setup t/tmp/test.setup --rebuild --wrappers"));
+
+# CGI wrapper should be exactly the requested mode
+(undef, undef, $mode, undef, undef,
+	undef, undef, undef, undef, undef,
+	undef, undef, undef) = stat("t/tmp/ikiwiki.cgi");
+is($mode & 07777, 0754);
+
+ok(-e "t/tmp/out/a/b/c/index.html");
+$content = readfile("t/tmp/out/a/b/c/index.html");
+# no <base> on static HTML
+unlike($content, qr{<base\W});
+# url and cgiurl are on the same host so the cgiurl is host-relative
+like($content, qr{<a[^>]+href="/cgi-bin/ikiwiki.cgi\?do=prefs"});
+# cross-links between static pages are relative
+like($content, qr{<li>A: <a href="../../">a</a></li>});
+like($content, qr{<li>B: <a href="../">b</a></li>});
+like($content, qr{<li>E: <a href="../../d/e/">e</a></li>});
+
+# because we are behind a reverse-proxy we must assume that
+# we're being accessed by the configured cgiurl
+run(["./t/tmp/ikiwiki.cgi"], \undef, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'GET';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{QUERY_STRING} = 'do=prefs';
+	$ENV{HTTP_HOST} = 'localhost';
+});
+%bits = parse_cgi_content($content);
+like($bits{tophref}, qr{^(?:/wiki|\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+TODO: {
+local $TODO = "reverse-proxy support needed";
+is($bits{basehref}, "https://example.com/wiki/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+}
+
+# previewing a page
+$in = 'do=edit&page=a/b/c&Preview';
+run(["./t/tmp/ikiwiki.cgi"], \$in, \$content, init => sub {
+	$ENV{REQUEST_METHOD} = 'POST';
+	$ENV{SERVER_PORT} = '80';
+	$ENV{SCRIPT_NAME} = '/cgi-bin/ikiwiki.cgi';
+	$ENV{HTTP_HOST} = 'localhost';
+	$ENV{CONTENT_LENGTH} = length $in;
+});
+%bits = parse_cgi_content($content);
+like($bits{tophref}, qr{^(?:/wiki|\.\./\.\./\.\.)/$});
+like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
+TODO: {
+local $TODO = "reverse-proxy support needed";
+is($bits{basehref}, "https://example.com/wiki/a/b/c/");
+like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
+}
+
+done_testing;