This fails on 10.9 and 10.10 (haven't tested 10.8), but the test doesn't fail when ran as part of the whole suite.
run-webkit-tests LayoutTests/http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html -2
run-webkit-tests -2 http/tests/security/contentSecurityPolicy/script-src-star-cross-scheme.html http/tests/security/mixedContent/about-blank-iframe-in-main-frame.html
I wonder if we for some reason don't allow insecure SSL when it loads from an iframe.
UI process doesn't get a canAuthenticateAgainstProtectionSpaceInFrame callback. Perhaps it's only set up for main frame? Will need to debug further.
That callback is expected to be made for any request that needs it, including subresources and subframes.
Created attachment 242549 [details]
Let's see if this changes any other test results...