Merge remote-tracking branch 'origin/release/2025-03-17' into publish/2025-03-17

Author: westonruter

plugins/optimization-detective/detect.js

@@ -329,23 +329,6 @@ function extendElementData( xpath, properties ) {
 	Object.assign( elementData, properties );
 }
 
-/**
- * Compresses a (JSON) string using CompressionStream API.
- *
- * @param {string} jsonString - JSON string to compress.
- * @return {Promise<Blob>} Compressed data.
- */
-async function compress( jsonString ) {
-	const encodedData = new TextEncoder().encode( jsonString );
-	const compressedDataStream = new Blob( [ encodedData ] )
-		.stream()
-		.pipeThrough( new CompressionStream( 'gzip' ) );
-	const compressedDataBuffer = await new Response(
-		compressedDataStream
-	).arrayBuffer();
-	return new Blob( [ compressedDataBuffer ], { type: 'application/gzip' } );
-}
-
 /**
  * @typedef {{timestamp: number, creationDate: Date}} UrlMetricDebugData
  * @typedef {{groups: Array<{url_metrics: Array<UrlMetricDebugData>}>}} CollectionDebugData
@@ -361,8 +344,6 @@ async function compress( jsonString ) {
  * @param {boolean}                args.isDebug                    - Whether to show debug messages.
  * @param {string}                 args.restApiEndpoint            - URL for where to send the detection data.
  * @param {string}                 [args.restApiNonce]             - Nonce for the REST API when the user is logged-in.
- * @param {boolean}                args.gzdecodeAvailable          - Whether application/gzip can be sent to the REST API.
- * @param {number}                 args.maxUrlMetricSize           - Maximum size of the URL Metric to send.
  * @param {string}                 args.currentETag                - Current ETag.
  * @param {string}                 args.currentUrl                 - Current URL.
  * @param {string}                 args.urlMetricSlug              - Slug for URL Metric.
@@ -381,8 +362,6 @@ export default async function detect( {
 	extensionModuleUrls,
 	restApiEndpoint,
 	restApiNonce,
-	gzdecodeAvailable,
-	maxUrlMetricSize,
 	currentETag,
 	currentUrl,
 	urlMetricSlug,
@@ -817,17 +796,7 @@ export default async function detect( {
 	const maxBodyLengthBytes = maxBodyLengthKiB * 1024;
 
 	const jsonBody = JSON.stringify( urlMetric );
-	if ( jsonBody.length > maxUrlMetricSize ) {
-		error(
-			`URL Metric is ${ jsonBody.length.toLocaleString() } bytes, exceeding the maximum size of ${ maxUrlMetricSize.toLocaleString() } bytes:`,
-			urlMetric
-		);
-		return;
-	}
-
-	const payloadBlob = gzdecodeAvailable
-		? await compress( jsonBody )
-		: new Blob( [ jsonBody ], { type: 'application/json' } );
+	const payloadBlob = new Blob( [ jsonBody ], { type: 'application/json' } );
 	const percentOfBudget =
 		( payloadBlob.size / ( maxBodyLengthKiB * 1000 ) ) * 100;
 

plugins/optimization-detective/detection.php

@@ -140,8 +140,6 @@ static function ( OD_URL_Metric_Group $group ): array {
 		'storageLockTTL'         => OD_Storage_Lock::get_ttl(),
 		'freshnessTTL'           => od_get_url_metric_freshness_ttl(),
 		'webVitalsLibrarySrc'    => $web_vitals_lib_src,
-		'gzdecodeAvailable'      => function_exists( 'gzdecode' ),
-		'maxUrlMetricSize'       => od_get_maximum_url_metric_size(),
 	);
 	if ( is_user_logged_in() ) {
 		$detect_args['restApiNonce'] = wp_create_nonce( 'wp_rest' );
@@ -174,8 +172,6 @@ function od_register_rest_url_metric_store_endpoint(): void {
 		$endpoint_controller::ROUTE_BASE,
 		$endpoint_controller->get_registration_args()
 	);
-
-	add_filter( 'rest_pre_dispatch', array( $endpoint_controller, 'decompress_rest_request_body' ), 10, 3 );
 }
 
 /**

plugins/optimization-detective/storage/class-od-rest-url-metrics-store-endpoint.php

@@ -230,8 +230,13 @@ public function handle_rest_request( WP_REST_Request $request ) {
 			);
 		}
 
-		// Limit JSON payload size to safeguard against clients sending possibly malicious payloads much larger than allowed.
-		$max_size       = od_get_maximum_url_metric_size();
+		/*
+		 * The limit for data sent via navigator.sendBeacon() is 64 KiB. This limit is checked in detect.js so that the
+		 * request will not even be attempted if the payload is too large. This server-side restriction is added as a
+		 * safeguard against clients sending possibly malicious payloads much larger than 64 KiB which should never be
+		 * getting sent.
+		 */
+		$max_size       = 64 * 1024; // 64 KB
 		$content_length = strlen( (string) wp_json_encode( $url_metric ) );
 		if ( $content_length > $max_size ) {
 			return new WP_Error(
@@ -307,65 +312,4 @@ public function handle_rest_request( WP_REST_Request $request ) {
 			)
 		);
 	}
-
-	/**
-	 * Decompresses the REST API request body for the URL Metrics endpoint.
-	 *
-	 * @since 1.0.0
-	 * @access private
-	 *
-	 * @phpstan-param WP_REST_Request<array<string, mixed>> $request
-	 *
-	 * @param mixed           $result  Response to replace the requested version with. Can be anything a normal endpoint can return, or null to not hijack the request.
-	 * @param WP_REST_Server  $server  Server instance.
-	 * @param WP_REST_Request $request Request used to generate the response.
-	 * @return mixed Passed through $result if successful, or otherwise a WP_Error.
-	 */
-	public function decompress_rest_request_body( $result, WP_REST_Server $server, WP_REST_Request $request ) {
-		unset( $server ); // Unused.
-
-		if (
-			$request->get_route() === '/' . self::ROUTE_NAMESPACE . self::ROUTE_BASE &&
-			'application/gzip' === $request->get_header( 'Content-Type' ) &&
-			function_exists( 'gzdecode' )
-		) {
-			$compressed_body = $request->get_body();
-
-			/*
-			 * The limit for data sent via navigator.sendBeacon() is 64 KiB. This limit is checked in detect.js so that the
-			 * request will not even be attempted if the payload is too large. This server-side restriction is added as a
-			 * safeguard against clients sending possibly malicious payloads much larger than 64 KiB which should never be
-			 * getting sent.
-			 */
-			$max_size       = 64 * 1024; // 64 KB
-			$content_length = strlen( $compressed_body );
-			if ( $content_length > $max_size ) {
-				return new WP_Error(
-					'rest_content_too_large',
-					sprintf(
-					/* translators: 1: the size of the payload, 2: the maximum allowed payload size */
-						__( 'Compressed JSON payload size is %1$s bytes which is larger than the maximum allowed size of %2$s bytes.', 'optimization-detective' ),
-						number_format_i18n( $content_length ),
-						number_format_i18n( $max_size )
-					),
-					array( 'status' => 413 )
-				);
-			}
-
-			$decompressed_body = @gzdecode( $compressed_body ); // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged -- We need to suppress errors here.
-
-			if ( false === $decompressed_body ) {
-				return new WP_Error(
-					'rest_invalid_payload',
-					__( 'Unable to decompress the gzip payload.', 'optimization-detective' ),
-					array( 'status' => 400 )
-				);
-			}
-
-			// Update the request so later handlers see the decompressed JSON.
-			$request->set_body( $decompressed_body );
-			$request->set_header( 'Content-Type', 'application/json' );
-		}
-		return $result;
-	}
 }

plugins/optimization-detective/storage/data.php

@@ -460,40 +460,3 @@ function od_get_url_metrics_breakpoint_sample_size(): int {
 
 	return $sample_size;
 }
-
-/**
- * Gets the maximum allowed size in bytes for a URL Metric serialized to JSON.
- *
- * @since 1.0.0
- * @access private
- *
- * @return positive-int Maximum allowed byte size.
- */
-function od_get_maximum_url_metric_size(): int {
-	/**
-	 * Filters the maximum allowed size in bytes for a URL Metric serialized to JSON.
-	 *
-	 * The default value is 1 MB.
-	 *
-	 * @since 1.0.0
-	 *
-	 * @param int $max_size Maximum allowed byte size.
-	 * @return int Filtered maximum allowed byte size.
-	 */
-	$size = (int) apply_filters( 'od_maximum_url_metric_size', MB_IN_BYTES );
-	if ( $size <= 0 ) {
-		_doing_it_wrong(
-			esc_html( "Filter: 'od_maximum_url_metric_size'" ),
-			esc_html(
-				sprintf(
-					/* translators: %s: size */
-					__( 'Invalid size "%s". Must be greater than zero.', 'optimization-detective' ),
-					$size
-				)
-			),
-			'Optimization Detective 1.0.0'
-		);
-		$size = MB_IN_BYTES;
-	}
-	return $size;
-}