Reader/PostNorm: Leave https image srcs from non-wp hosts alone.

This fixes images coming from private WPCOM sites and images from places like github and medium which block photon. It also fixes https images that rely on querystring arguments that photon cannot understand.

client/lib/post-normalizer/index.js

@@ -101,6 +101,12 @@ function maxWidthPhotonishURL( imageURL, width ) {
 		return imageURL;
 	}
 
+	if ( ! ( endsWith( parsedURL.host, 'wp.com' ) ||
+		endsWith( parsedURL.host, 'wordpress.com' ) ||
+		endsWith( parsedURL.host, 'gravatar.com' ) ) ) {
+		return imageURL;
+	}
+
 	isGravatar = parsedURL.host.indexOf( 'gravatar.com' ) !== -1;
 
 	delete parsedURL.search;

client/lib/post-normalizer/test/post-normalizer-test.js

@@ -218,9 +218,9 @@ describe( 'post-normalizer', function() {
 				}
 			};
 			normalizer( post, [ normalizer.safeImageProperties( 200 ) ], function( err, normalized ) {
-				assert.strictEqual( normalized.author.avatar_URL, 'http://example.com/me.jpg-SAFE?w=200&quality=80&strip=info' );
-				assert.strictEqual( normalized.featured_image, 'http://foo.bar/-SAFE?w=200&quality=80&strip=info' );
-				assert.strictEqual( normalized.featured_media.uri, 'http://example.com/media.jpg-SAFE?w=200&quality=80&strip=info' );
+				assert.strictEqual( normalized.author.avatar_URL, 'http://example.com/me.jpg-SAFE' );
+				assert.strictEqual( normalized.featured_image, 'http://foo.bar/-SAFE' );
+				assert.strictEqual( normalized.featured_media.uri, 'http://example.com/media.jpg-SAFE' );
 				done( err );
 			} );
 		} );
@@ -417,13 +417,13 @@ describe( 'post-normalizer', function() {
 			);
 		} );
 
-		it( 'can route all images through photon if a size is specified', function( done ) {
+		it( 'only routes images through photon if a size is specified and the host is a photonable host', function( done ) {
 			normalizer(
 				{
-					content: '<img src="http://example.com/example.jpg"><img src="http://example.com/example2.jpg">'
+					content: '<img src="http://example.com/example.jpg"><img src="http://example.wordpress.com/example2.jpg">'
 				},
 				[ normalizer.withContentDOM( [ normalizer.content.safeContentImages( 400 ) ] ) ], function( err, normalized ) {
-					assert.equal( normalized.content, '<img src="http://example.com/example.jpg-SAFE?w=400&amp;quality=80&amp;strip=info"><img src="http://example.com/example2.jpg-SAFE?w=400&amp;quality=80&amp;strip=info">' );
+					assert.equal( normalized.content, '<img src="http://example.com/example.jpg-SAFE"><img src="http://example.wordpress.com/example2.jpg-SAFE?w=400&amp;quality=80&amp;strip=info">' );
 					done( err );
 				}
 			);

client/lib/safe-image-url/index.js

@@ -2,7 +2,8 @@
  * External Dependencies
  */
 var photon = require( 'photon' ),
-	uri = require( 'url' );
+	uri = require( 'url' ),
+	startsWith = require( 'lodash/string/startsWith' );
 
 /**
  * Internal Dependencies
@@ -31,6 +32,10 @@ function safeImageURL( url ) {
 		return url;
 	}
 
+	if ( startsWith( url, 'https:' ) ) {
+		return url;
+	}
+
 	const parsed = uri.parse( url, false, true );
 
 	if ( /^([-a-zA-Z0-9_]+\.)*(gravatar.com|wordpress.com|wp.com|a8c.com)$/.test( parsed.hostname ) ) {

client/lib/safe-image-url/test/index.js

@@ -17,22 +17,34 @@ describe( 'safe-image-url', function() {
 		expect( safeImage( 'http://example.com/foo' ) ).to.eql( 'https://i1.wp.com/example.com/foo' );
 	} );
 
-	it( 'should make a non-wpcom https url safe', function() {
-		expect( safeImage( 'https://example.com/foo' ) ).to.eql( 'https://i1.wp.com/example.com/foo' );
+	it( 'should leave non-wpcom https url alone', function() {
+		expect( safeImage( 'https://example.com/foo' ) ).to.eql( 'https://example.com/foo' );
 	} );
 
 	it( 'should make wp-com like subdomain url safe', function() {
-		expect( safeImage( 'https://wordpress.com.example.com/foo' ) ).to.eql(
+		expect( safeImage( 'http://wordpress.com.example.com/foo' ) ).to.eql(
 			'https://i0.wp.com/wordpress.com.example.com/foo'
 		);
 	} );
 
+	it( 'should leave wp-com like subdomain url alone', function() {
+		expect( safeImage( 'https://wordpress.com.example.com/foo' ) ).to.eql(
+			'https://wordpress.com.example.com/foo'
+		);
+	} );
+
 	it( 'should make domain ending by wp-com url safe', function() {
-		expect( safeImage( 'https://examplewordpress.com/foo' ) ).to.eql(
+		expect( safeImage( 'http://examplewordpress.com/foo' ) ).to.eql(
 			'https://i0.wp.com/examplewordpress.com/foo'
 		);
 	} );
 
+	it( 'should leave domain ending by wp-com url alone', function() {
+		expect( safeImage( 'https://examplewordpress.com/foo' ) ).to.eql(
+			'https://examplewordpress.com/foo'
+		);
+	} );
+
 	it( 'should make a non-wpcom protocol relative url safe', function() {
 		expect( safeImage( '//example.com/foo' ) ).to.eql( 'https://i1.wp.com/example.com/foo' );
 	} );
@@ -58,11 +70,11 @@ describe( 'safe-image-url', function() {
 		expect( safeImage( 'https://gravatar.com/' ) ).to.eql( 'https://gravatar.com/' );
 	} );
 
-	it( 'should strip querystring args from photoned urls', function() {
-		expect( safeImage( 'https://example.com/foo?bar' ) ).to.eql( 'https://i1.wp.com/example.com/foo' );
-		expect( safeImage( 'https://example.com/foo.jpg?bar' ) ).to.eql( 'https://i0.wp.com/example.com/foo.jpg' );
-		expect( safeImage( 'https://example.com/foo.jpeg?bar' ) ).to.eql( 'https://i0.wp.com/example.com/foo.jpeg' );
-		expect( safeImage( 'https://example.com/foo.gif?bar' ) ).to.eql( 'https://i2.wp.com/example.com/foo.gif' );
-		expect( safeImage( 'https://example.com/foo.png?bar' ) ).to.eql( 'https://i0.wp.com/example.com/foo.png' );
+	it( 'should leave https urls alone', function() {
+		expect( safeImage( 'https://example.com/foo?bar' ) ).to.eql( 'https://example.com/foo?bar' );
+		expect( safeImage( 'https://example.com/foo.jpg?bar' ) ).to.eql( 'https://example.com/foo.jpg?bar' );
+		expect( safeImage( 'https://example.com/foo.jpeg?bar' ) ).to.eql( 'https://example.com/foo.jpeg?bar' );
+		expect( safeImage( 'https://example.com/foo.gif?bar' ) ).to.eql( 'https://example.com/foo.gif?bar' );
+		expect( safeImage( 'https://example.com/foo.png?bar' ) ).to.eql( 'https://example.com/foo.png?bar' );
 	} );
 } );