qa: add 10 E2E tests covering JS-disabled, adblock bypass, plugin health#222
Merged
parhumm merged 4 commits intodevelopmentfrom Mar 15, 2026
Merged
qa: add 10 E2E tests covering JS-disabled, adblock bypass, plugin health#222parhumm merged 4 commits intodevelopmentfrom
parhumm merged 4 commits intodevelopmentfrom
Conversation
…nd plugin health - Gap 1: server-side-tracking-js-disabled.spec.ts (3 tests) — validates server-side PHP tracking works when browser JS is disabled - Gap 2: adblock-bypass-fallback.spec.ts (3 tests) — validates adblock bypass transport records hits and graceful failure when all blocked - Gap 3: plugin-health-checks.spec.ts (4 tests) — automates manual QA checklist: deactivate/reactivate, PHP error log, admin pages, GDPR banner - Infrastructure: 2 new mu-plugins, setup.ts helpers, Batch H in run-all.sh - Config: trace on-first-retry, screenshot on-failure, maxFailures=10
Prevents maxFailures=10 from stopping the suite early when pre-existing flaky tests (cloudflare-ip, consent-banner) fail on local dev environment.
|
Warning Rate limit exceeded
⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds multiple end-to-end Playwright test suites, two MU-plugin helpers exposing AJAX endpoints for test control, supporting test setup utilities, and Playwright/runtime config tweaks for retries, tracing, and CI behavior. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~22 minutes Possibly related issues
Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
tests/e2e/helpers/plugin-lifecycle-mu-plugin.php (1)
1-47: Consider using tabs for indentation.Same as the rewrite-flush MU-plugin, this file uses 4-space indentation rather than tabs.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/e2e/helpers/plugin-lifecycle-mu-plugin.php` around lines 1 - 47, The file uses 4-space indentation for the anonymous AJAX handlers (hooks wp_ajax_e2e_deactivate_plugin and wp_ajax_e2e_activate_plugin); convert the leading spaces to tabs throughout the file so indentation matches the project's tab style (apply to the function blocks, array formatting in wp_send_json_success calls, and any other indented lines in this MU-plugin).tests/e2e/helpers/rewrite-flush-mu-plugin.php (1)
1-23: Consider using tabs for indentation.The file uses 4-space indentation, but the coding guidelines specify tabs for PHP files. This is a minor consistency issue for a test helper.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/e2e/helpers/rewrite-flush-mu-plugin.php` around lines 1 - 23, The file uses 4-space indentation instead of tabs; update the indentation to tabs throughout this MU-plugin test helper (the add_action callback block registering 'wp_ajax_e2e_flush_rewrite_rules', including the anonymous function body that calls flush_rewrite_rules( true ) and wp_send_json_success( [ 'flushed' => true ] )). Ensure all leading spaces are replaced with tabs to comply with the PHP coding guidelines while keeping the same logic and function names unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@tests/e2e/adblock-bypass-fallback.spec.ts`:
- Around line 88-94: The computed boolean hasAdblockRequest (derived from
postUrls) is unused; either assert it to verify the adblock bypass transport or
remove it and the related comment—update the test in
adblock-bypass-fallback.spec.ts by adding expect(hasAdblockRequest).toBe(true)
(or toBeTruthy()) after computing hasAdblockRequest to validate the tracker used
the adblock_bypass path, or delete the hasAdblockRequest variable and its
comment if any-transport acceptance is intended; refer to the hasAdblockRequest
variable, postUrls array, and existing expect(stat).not.toBeNull() when making
the change.
In `@tests/e2e/helpers/rewrite-flush-mu-plugin.php`:
- Around line 20-23: The AJAX handler hooked to
'wp_ajax_e2e_flush_rewrite_rules' mutates server state without verifying
permissions; update the anonymous function to first ensure SLIMSTAT_E2E_TESTING
is set, then validate a request nonce using wp_verify_nonce() (matching the
pattern in nonce-helper-mu-plugin.php), and check
current_user_can('manage_options') before calling flush_rewrite_rules(true); if
either check fails, return early with wp_send_json_error (or wp_die) and an
appropriate message; keep the final successful path using wp_send_json_success([
'flushed' => true ]) after the checks.
---
Nitpick comments:
In `@tests/e2e/helpers/plugin-lifecycle-mu-plugin.php`:
- Around line 1-47: The file uses 4-space indentation for the anonymous AJAX
handlers (hooks wp_ajax_e2e_deactivate_plugin and wp_ajax_e2e_activate_plugin);
convert the leading spaces to tabs throughout the file so indentation matches
the project's tab style (apply to the function blocks, array formatting in
wp_send_json_success calls, and any other indented lines in this MU-plugin).
In `@tests/e2e/helpers/rewrite-flush-mu-plugin.php`:
- Around line 1-23: The file uses 4-space indentation instead of tabs; update
the indentation to tabs throughout this MU-plugin test helper (the add_action
callback block registering 'wp_ajax_e2e_flush_rewrite_rules', including the
anonymous function body that calls flush_rewrite_rules( true ) and
wp_send_json_success( [ 'flushed' => true ] )). Ensure all leading spaces are
replaced with tabs to comply with the PHP coding guidelines while keeping the
same logic and function names unchanged.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: ad1f1932-5eac-4db9-90e2-5c7172fc3a79
📒 Files selected for processing (8)
tests/e2e/adblock-bypass-fallback.spec.tstests/e2e/helpers/plugin-lifecycle-mu-plugin.phptests/e2e/helpers/rewrite-flush-mu-plugin.phptests/e2e/helpers/setup.tstests/e2e/playwright.config.tstests/e2e/plugin-health-checks.spec.tstests/e2e/run-all.shtests/e2e/server-side-tracking-js-disabled.spec.ts
Comment on lines
+20
to
+23
| add_action( 'wp_ajax_e2e_flush_rewrite_rules', function () { | ||
| flush_rewrite_rules( true ); | ||
| wp_send_json_success( [ 'flushed' => true ] ); | ||
| } ); |
There was a problem hiding this comment.
Add capability check for the AJAX handler.
The e2e_flush_rewrite_rules action modifies server state without verifying user capabilities. While the SLIMSTAT_E2E_TESTING guard provides some protection, adding a capability check aligns with WordPress security best practices and the pattern used in nonce-helper-mu-plugin.php.
🛡️ Proposed fix
add_action( 'wp_ajax_e2e_flush_rewrite_rules', function () {
+ if ( ! current_user_can( 'manage_options' ) ) {
+ wp_send_json_error( 'Insufficient permissions', 403 );
+ }
+
flush_rewrite_rules( true );
wp_send_json_success( [ 'flushed' => true ] );
} );As per coding guidelines: "Perform nonce check and capability check for every state-changing action using wp_verify_nonce() and current_user_can() with manage_options."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@tests/e2e/helpers/rewrite-flush-mu-plugin.php` around lines 20 - 23, The AJAX
handler hooked to 'wp_ajax_e2e_flush_rewrite_rules' mutates server state without
verifying permissions; update the anonymous function to first ensure
SLIMSTAT_E2E_TESTING is set, then validate a request nonce using
wp_verify_nonce() (matching the pattern in nonce-helper-mu-plugin.php), and
check current_user_can('manage_options') before calling
flush_rewrite_rules(true); if either check fails, return early with
wp_send_json_error (or wp_die) and an appropriate message; keep the final
successful path using wp_send_json_success([ 'flushed' => true ]) after the
checks.
…ck, fix indentation
- Assert hasAdblockRequest instead of leaving it unused
- Add current_user_can('manage_options') check to rewrite-flush mu-plugin
- Convert both mu-plugins from spaces to tabs (project PHP style)
There was a problem hiding this comment.
🧹 Nitpick comments (1)
tests/e2e/adblock-bypass-fallback.spec.ts (1)
147-154: Consider anchoring the hash URL pattern.The regex
/\/[a-f0-9]{32}/matches any 32-character hex sequence in the URL path. While this works for testing, a more precise pattern like/\/[a-f0-9]{32}(?:\/|$)/would ensure it matches complete path segments (ending with/or end of path). This is a minor nitpick for test code.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@tests/e2e/adblock-bypass-fallback.spec.ts` around lines 147 - 154, The regex used in anonPage.route to block the adblock bypass hash (/\/[a-f0-9]{32}/) is too permissive; update the route matcher in the anonPage.route call to anchor the segment so it only matches full 32-char hex path segments (e.g., change to a pattern that requires a trailing slash or end-of-path such as /\/[a-f0-9]{32}(?:\/|$)/) so the route.abort('blockedbyclient') only triggers for complete hash path segments.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@tests/e2e/adblock-bypass-fallback.spec.ts`:
- Around line 147-154: The regex used in anonPage.route to block the adblock
bypass hash (/\/[a-f0-9]{32}/) is too permissive; update the route matcher in
the anonPage.route call to anchor the segment so it only matches full 32-char
hex path segments (e.g., change to a pattern that requires a trailing slash or
end-of-path such as /\/[a-f0-9]{32}(?:\/|$)/) so the
route.abort('blockedbyclient') only triggers for complete hash path segments.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 7063460a-101c-4a8e-b8bf-f024c8b847f5
📒 Files selected for processing (3)
tests/e2e/adblock-bypass-fallback.spec.tstests/e2e/helpers/plugin-lifecycle-mu-plugin.phptests/e2e/helpers/rewrite-flush-mu-plugin.php
Merged
This was referenced Mar 17, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 10 new Playwright E2E tests across 3 spec files to close the test gaps identified in the PR #170 consolidated QA summary. Also updates Playwright config with performance/diagnostic improvements.
New Spec Files
Infrastructure Changes
Test Results (10/10 PASS)
Why You Can Trust These Results
Test plan
Summary by CodeRabbit