fix: Reinstate Jetpack assets to editor assets endpoint

[dcalhoun]

#44093 fixed de-registering of assets not present on the allow list. However, it was overlooked that certain Jetpack assets were then erroneously excluded.

Namely, the jetpack-blocks-editor assets were excluded as their jetpack-blocks-assets-base-url dependency was also excluded. The latter was excluded as it is an "inline" script without a src attribute. The lack of a src meant the path-based exclusion erroneously de-registered the script.

Using a handle-based exclusion means that both inline and external scripts are correct assessed by the plugin filtering logic.

Proposed changes:

Replace asset path-based exclusion logic with asset handle-based exclusion logic.

Other information:

• Have you written new tests for your changes, if applicable?
• Have you checked the E2E test CI results, and verified that your changes do not break them?
• Have you tested your changes on WordPress.com, if applicable (if so, you'll see a generated comment below with a script to run)?

Jetpack product discussion

0b1591ec5132-linear-project

Does this pull request change what data or activity we track or use?

No

Testing instructions:

1. Create a WPCOM site.
2. Apply these Jetpack changes to your site (see comment).
3. Make a request to the /wpcom/v2/sites/<site_id>/editor-assets endpoint for the WPCOM site—via API Console, curl, etc.
4. Verify the 200 response contains the jetpack-blocks-editor-js script.

[github-actions]

Are you an Automattician? Please test your changes on all WordPress.com environments to help mitigate accidental explosions.

• To test on WoA, go to the Plugins menu on a WoA dev site. Click on the "Upload" button and follow the upgrade flow to be able to upload, install, and activate the Jetpack Beta plugin. Once the plugin is active, go to Jetpack > Jetpack Beta, select your plugin (Jetpack), and enable the fix/reinstate-jetpack-assets-to-editor-assets-endpoint branch.
• To test on Simple, run the following command on your sandbox:

bin/jetpack-downloader test jetpack fix/reinstate-jetpack-assets-to-editor-assets-endpoint

Interested in more tips and information?

• In your local development environment, use the jetpack rsync command to sync your changes to a WoA dev blog.
• Read more about our development workflow here: PCYsg-eg0-p2
• Figure out when your changes will be shipped to customers here: PCYsg-eg5-p2

[github-actions]

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

• ✅ Include a description of your PR changes.
  
• ✅ Add a "[Status]" label (In Progress, Needs Review, ...).
  
• ✅ Add a "[Type]" label (Bug, Enhancement, Janitorial, Task).
  
• ✅ Add testing instructions.
  
• ✅ Specify whether this PR includes any changes to data or privacy.
  
• ✅ Add changelog entries to affected projects
  

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

---

Follow this PR Review Process:

1. Ensure all required checks appearing at the bottom of this PR are passing.
2. Make sure to test your changes on all platforms that it applies to. You're responsible for the quality of the code you ship.
3. You can use GitHub's Reviewers functionality to request a review.
4. When it's reviewed and merged, you will be pinged in Slack to deploy the changes to WordPress.com simple once the build is done.

If you have questions about anything, reach out in #jetpack-developers for guidance!

---

Jetpack plugin:

The Jetpack plugin has different release cadences depending on the platform:

• WordPress.com Simple releases happen as soon as you deploy your changes after merging this PR (PCYsg-Jjm-p2).
• WoA releases happen weekly.
• Releases to self-hosted sites happen monthly:
  • Scheduled release: August 5, 2025
  • Code freeze: August 4, 2025

If you have any questions about the release process, please ask in the #jetpack-releases channel on Slack.

[jp-launch-control]

Code Coverage Summary

Coverage changed in 2 files.

File	Coverage	Δ%	Δ Uncovered
projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-block-editor-assets.php	128/134 (95.52%)	-0.69%	1 ❤️‍🩹
projects/plugins/jetpack/modules/photon-cdn.php	50/112 (44.64%)	0.89%	-1 💚

Full summary · PHP report · JS report

[dcalhoun]

Relocated these mocks to be co-located with related test cases to better communicate intent.

[dcalhoun]

The path-based allow list meant that inline script tags were erroneously disallowed, as inline scripts do not have a path assigned to a src attribute.

[Copilot]

Pull Request Overview

This PR replaces the previous path-based asset exclusion in the block editor assets endpoint with a handle-prefix–based approach to ensure inline and external Jetpack assets are correctly retained.

• Switched from URL substring checks to handle-prefix checks for asset whitelisting in the endpoint class.
• Renamed helper methods and updated constants (ALLOWED_PLUGIN_HANDLE_PREFIXES, is_core_or_gutenberg_asset, is_allowed_plugin_handle).
• Updated tests to mock and verify allowed, disallowed, and WPCOM Gutenberg assets using the new handle-based logic, and added a changelog entry.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
projects/plugins/jetpack/_inc/lib/core-api/wpcom-endpoints/class-wpcom-rest-api-v2-endpoint-block-editor-assets.php	Swapped path-based exclusion for handle-prefix logic and renamed related methods/constants.
projects/plugins/jetpack/tests/php/core-api/wpcom-endpoints/WPCOM_REST_API_V2_Endpoint_Block_Editor_Assets_Test.php	Removed old mocks, added new handle-based tests and mock methods.
projects/plugins/jetpack/changelog/fix-reinstate-jetpack-assets-to-editor-assets-endpoint	Added a patch-level changelog entry.

[kean]

I reviewed it, and to the best of my knowledge, the changes look good.