The following tests are consistently failing on macOS bots: http/tests/security/credentials-iframes.html http/tests/security/mixedContent/insecure-basic-auth-image.https.html http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html https://build.webkit.org/results/Apple-Catalina-Release-WK2-Tests/r268474%20(9322)/results.html
All of the diffs have an unexpected "didReceiveAuthenticationChallenge" console log line.
<rdar://problem/70311833>
http/tests/security/credentials-iframes.html http/tests/security/mixedContent/insecure-basic-auth-image.https.html http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html Tests are a constant failure according to history on macOS Debug and across iOS. First occurrence of failure is at r268474. History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2Fcredentials-iframes.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-basic-auth-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-image-redirects-to-basic-auth-secure-image.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html Diff: --- /Volumes/Data/slave/catalina-debug-tests-wk2/build/layout-test-results/http/tests/security/credentials-iframes-expected.txt +++ /Volumes/Data/slave/catalina-debug-tests-wk2/build/layout-test-results/http/tests/security/credentials-iframes-actual.txt @@ -1,4 +1,4 @@ ALERT: parent host: 127.0.0.1 iframe host: 127.0.0.1 credentials:User: same-domain-user, password: same-domain-password. -CONSOLE MESSAGE: Blocked http://127.0.0.1:8000/security/resources/cors-basic-auth.php from asking for credentials because it is a cross-origin request. +127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Simulating cancelled authentication sheet ALERT: parent host: localhost iframe host: 127.0.0.1 credentials:Authentication canceled
The tests failed on EWS in https://bugs.webkit.org/show_bug.cgi?id=217645, but they passed on retry within the run so they weren't surfaced as failures. We don't retry failures on post-commit bots, which is why the failures are surfaced there.
I think I must have messed something up with the view re-use, as there are a few tests in those directories that explicitly enable AllowCrossOriginSubresourcesToAskForCredentials=true via test headers.
The change was reverted in https://trac.webkit.org/changeset/268498/webkit