Bug 229745

Summary: [COOP] Cross origin isolation doesn't happen when going from an HTTP URL to a HTTPS one with COOP+COEP
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, crzwdjk, darin, ews-watchlist, ggaren, japhet, kkinnunen, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230017
Bug Depends on:    
Bug Blocks: 228755    
Attachments:
Description Flags
Patch none

Chris Dumez
Reported 2021-08-31 16:04:17 PDT
Cross origin isolation doesn't happen when going from an HTTP URL to a HTTPS one with COOP+COEP. The COOP header is ignored for non-secure contexts. However, our check is slightly wrong and we always check if the source of the navigation is a secure context or not.
Attachments
Patch (18.37 KB, patch)
2021-09-01 12:59 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-09-01 09:02:17 PDT
<rdar://problem/82630927>
Chris Dumez
Comment 2 2021-09-01 12:59:01 PDT
Created attachment 437058 [details] Patch
EWS
Comment 3 2021-09-02 10:25:42 PDT
Committed r281935 (241244@main): <https://commits.webkit.org/241244@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 437058 [details].
Arcady Goldmints-Orlov
Comment 4 2021-09-07 12:48:18 PDT
The test added in this change is flaky on GTK, sometimes passing and sometimes failing like this: --- /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-expected.txt +++ /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-actual.txt @@ -1,3 +1,3 @@ -PASS Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one +FAIL Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one assert_true: Window should be closed expected true got false
Note You need to log in before you can comment on or make changes to this bug.