Bug 217731 - REGRESSION(r268474): [ macOS iOS ] 6 http/tests/security layout tests constantly failing
Summary: REGRESSION(r268474): [ macOS iOS ] 6 http/tests/security layout tests constan...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sam Weinig
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-10-14 14:23 PDT by Ryan Haddad
Modified: 2020-10-14 19:00 PDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2020-10-14 14:23:48 PDT 
The following tests are consistently failing on macOS bots:

http/tests/security/credentials-iframes.html
http/tests/security/mixedContent/insecure-basic-auth-image.https.html
http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html
http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

https://build.webkit.org/results/Apple-Catalina-Release-WK2-Tests/r268474%20(9322)/results.html
Comment 1 Ryan Haddad 2020-10-14 14:25:32 PDT 
All of the diffs have an unexpected "didReceiveAuthenticationChallenge" console log line.
Comment 2 Radar WebKit Bug Importer 2020-10-14 15:53:55 PDT 
<rdar://problem/70311833>
Comment 3 Hector Lopez 2020-10-14 15:59:27 PDT 
http/tests/security/credentials-iframes.html
http/tests/security/mixedContent/insecure-basic-auth-image.https.html
http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html
http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

Tests are a constant failure according to history on macOS Debug and across iOS. First occurrence of failure is at r268474. 

History:

https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2Fcredentials-iframes.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-basic-auth-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-image-redirects-to-basic-auth-secure-image.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

Diff:

--- /Volumes/Data/slave/catalina-debug-tests-wk2/build/layout-test-results/http/tests/security/credentials-iframes-expected.txt
+++ /Volumes/Data/slave/catalina-debug-tests-wk2/build/layout-test-results/http/tests/security/credentials-iframes-actual.txt
@@ -1,4 +1,4 @@
 ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password.
-CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.php from asking for credentials because it is a cross-origin request.
+127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet
 ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
Comment 4 Ryan Haddad 2020-10-14 16:05:58 PDT 
The tests failed on EWS in https://bugs.webkit.org/show_bug.cgi?id=217645, but they passed on retry within the run so they weren't surfaced as failures.

We don't retry failures on post-commit bots, which is why the failures are surfaced there.
Comment 5 Sam Weinig 2020-10-14 16:16:53 PDT 
I think I must have messed something up with the view re-use, as there are a few tests in those directories that explicitly enable AllowCrossOriginSubresourcesToAskForCredentials=true via test headers.
Comment 6 Ryan Haddad 2020-10-14 16:27:17 PDT 
The change was reverted in https://trac.webkit.org/changeset/268498/webkit