Bug 229745

Summary: [COOP] Cross origin isolation doesn't happen when going from an HTTP URL to a HTTPS one with COOP+COEP
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, crzwdjk, darin, ews-watchlist, ggaren, japhet, kkinnunen, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230017
Bug Depends on:    
Bug Blocks: 228755    
Attachments:
Description Flags
Patch none

Description Chris Dumez 2021-08-31 16:04:17 PDT
Cross origin isolation doesn't happen when going from an HTTP URL to a HTTPS one with COOP+COEP.

The COOP header is ignored for non-secure contexts. However, our check is slightly wrong and we always check if the source of the navigation is a secure context or not.
Comment 1 Radar WebKit Bug Importer 2021-09-01 09:02:17 PDT
<rdar://problem/82630927>
Comment 2 Chris Dumez 2021-09-01 12:59:01 PDT
Created attachment 437058 [details]
Patch
Comment 3 EWS 2021-09-02 10:25:42 PDT
Committed r281935 (241244@main): <https://commits.webkit.org/241244@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 437058 [details].
Comment 4 Arcady Goldmints-Orlov 2021-09-07 12:48:18 PDT
The test added in this change is flaky on GTK, sometimes passing and sometimes failing like this:

--- /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-expected.txt
+++ /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-actual.txt
@@ -1,3 +1,3 @@
 
-PASS Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one
+FAIL Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one assert_true: Window should be closed expected true got false