Bug 234314

Summary: http/tests/security/basic-auth-subresource.html and some other http auth tests are flaky
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, darin, ggaren, kkinnunen, sam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=234368
https://bugs.webkit.org/show_bug.cgi?id=234455
https://bugs.webkit.org/show_bug.cgi?id=232809
Attachments:
Description Flags
Patch
none
Patch
darin: review+, ews-feeder: commit-queue-
Patch for landing none

Chris Dumez
Reported 2021-12-14 14:02:49 PST
http/tests/security/basic-auth-subresource.html and some other http auth tests are flaky: --- /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-expected.txt +++ /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-actual.txt @@ -5,9 +5,11 @@ 127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. +127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. +127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. Tests whether credentials are requested for protected subresources. Credentials should be requested if and only if the origin of the subresource matches the origin of the top-most frame.
Attachments
Patch (9.49 KB, patch)
2021-12-14 14:20 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (10.24 KB, patch)
2021-12-14 14:28 PST, Chris Dumez 		darin: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch for landing (10.21 KB, patch)
2021-12-15 08:02 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-12-14 14:03:00 PST
<rdar://85150486>
Chris Dumez
Comment 2 2021-12-14 14:20:34 PST
Created attachment 447160 [details] Patch
Chris Dumez
Comment 3 2021-12-14 14:28:05 PST
Created attachment 447163 [details] Patch
Chris Dumez
Comment 4 2021-12-14 15:25:38 PST
Impacted tests: http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin.html http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin.html http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials.html http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url.html http/tests/security/basic-auth-subresource.html http/tests/security/credentials-from-different-domains.html http/tests/security/credentials-main-resource.html http/tests/security/sync-xhr-partition.html
Darin Adler
Comment 5 2021-12-14 18:08:04 PST
Comment on attachment 447163 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=447163&action=review > Source/WebCore/platform/network/ProtectionSpaceHash.h:43 > + WTF::add(hasher, protectionSpace.host()); > + WTF::add(hasher, protectionSpace.port()); > + WTF::add(hasher, protectionSpace.serverType()); > + WTF::add(hasher, protectionSpace.authenticationScheme()); > + if (!protectionSpace.isProxy()) > + WTF::add(hasher, protectionSpace.realm()); Should not need the WTF:: prefixes.
Chris Dumez
Comment 6 2021-12-15 08:02:56 PST
Created attachment 447232 [details] Patch for landing
EWS
Comment 7 2021-12-15 09:11:57 PST
Committed r287077 (245272@main): <https://commits.webkit.org/245272@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447232 [details].
Chris Dumez
Comment 8 2021-12-15 13:54:51 PST
Follow-up build fix: <https://commits.webkit.org/r287107>.
Note You need to log in before you can comment on or make changes to this bug.