Bug 234314

Summary: http/tests/security/basic-auth-subresource.html and some other http auth tests are flaky
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, darin, ggaren, kkinnunen, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=234368
https://bugs.webkit.org/show_bug.cgi?id=234455
https://bugs.webkit.org/show_bug.cgi?id=232809
Attachments:
Description Flags
Patch
none
Patch
darin: review+, ews-feeder: commit-queue-
Patch for landing none

Description Chris Dumez 2021-12-14 14:02:49 PST
http/tests/security/basic-auth-subresource.html and some other http auth tests are flaky:

--- /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-expected.txt
+++ /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-actual.txt
@@ -5,9 +5,11 @@
 127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword
 CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request.
 Tests whether credentials are requested for protected subresources. Credentials should be requested if and only if the origin of the subresource matches the origin of the top-most frame.
Comment 1 Chris Dumez 2021-12-14 14:03:00 PST
<rdar://85150486>
Comment 2 Chris Dumez 2021-12-14 14:20:34 PST
Created attachment 447160 [details]
Patch
Comment 3 Chris Dumez 2021-12-14 14:28:05 PST
Created attachment 447163 [details]
Patch
Comment 4 Chris Dumez 2021-12-14 15:25:38 PST
Impacted tests:
http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin.html
http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin.html
http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials.html
http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url.html
http/tests/security/basic-auth-subresource.html
http/tests/security/credentials-from-different-domains.html
http/tests/security/credentials-main-resource.html
http/tests/security/sync-xhr-partition.html
Comment 5 Darin Adler 2021-12-14 18:08:04 PST
Comment on attachment 447163 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=447163&action=review

> Source/WebCore/platform/network/ProtectionSpaceHash.h:43
> +        WTF::add(hasher, protectionSpace.host());
> +        WTF::add(hasher, protectionSpace.port());
> +        WTF::add(hasher, protectionSpace.serverType());
> +        WTF::add(hasher, protectionSpace.authenticationScheme());
> +        if (!protectionSpace.isProxy())
> +            WTF::add(hasher, protectionSpace.realm());

Should not need the WTF:: prefixes.
Comment 6 Chris Dumez 2021-12-15 08:02:56 PST
Created attachment 447232 [details]
Patch for landing
Comment 7 EWS 2021-12-15 09:11:57 PST
Committed r287077 (245272@main): <https://commits.webkit.org/245272@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 447232 [details].
Comment 8 Chris Dumez 2021-12-15 13:54:51 PST
Follow-up build fix: <https://commits.webkit.org/r287107>.