Skip to content

Support product-provided self-hosted Playground remote origins #1722

Description

@chubes4

Parent: chubes4/wp-build#1073

WordPress Build needs to point browser preview boot at a Playground remote hosted on the product runtime origin instead of https://playground.wordpress.net.

Current evidence:

  • wp-build already passes remote_url and client_module_url through the boot contract.
  • wp-codebox normalizes playground.client_module_url and playground.remote_url in packages/wordpress-plugin/src/trait-wp-codebox-abilities-browser-runtime.php, but the default trusted origins are only https://playground.wordpress.net and https://playground.automattic.ai.
  • The browser runtime imports boot.client_module_url and passes boot.remote_url as remoteUrl to startPlaygroundWeb.

Scope:

  • Add/confirm a documented product extension point for allowed Playground remote/client origins.
  • Add coverage proving a product-provided same-origin remote URL is accepted without weakening default trust.
  • Preserve provenance for the normalized remote/client URL so product evidence can show which origin booted.

Acceptance:

  • A product can allow https://<runtime-origin>/wp-build-playground/remote.html without patching wp-codebox internals.
  • Invalid/untrusted origins still fail closed.
  • Tests cover custom origin acceptance and rejection.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions