WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
218795
Layout test imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html and fetch-mixed-content-to-outscope.https.html failing
https://bugs.webkit.org/show_bug.cgi?id=218795
Summary
Layout test imported/w3c/web-platform-tests/service-workers/service-worker/fe...
Frédéric Wang (:fredw)
Reported
2020-11-11 01:59:39 PST
After
bug 218623
, imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https.html are failing. They do a complicate nesting of resource loading which arrives at service-workers/service-worker/resources/fetch-mixed-content-iframe-inscope-to-*html which loads
http://127.0.0.1:8800(...)fetch-access-control.py?PNGIMAGE
" ./dummy?url=
http://127.0.0.1:8800(...)fetch-access-control.py?PNGIMAGE
" as images. The test expects page load to fail but that's no longer the case with loopback IP addresses treated as secure. The corresponding tests at wpt.live
https://wpt.live/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html
https://wpt.live/service-workers/service-worker/fetch-mixed-content-to-outscop.https.html
still pass, since they don't use loopback IP addresses. So maybe it's a problem in our test infra as suggested in
bug 218623 comment 9
. An alternative would be to force TrustworthyLoopbackIPAddressesEnabled to be disabled during these tests, so that these PNG images are not treated as secure, but I was not able to do that even by adding a <!-- webkit-test-runner [ TrustworthyLoopbackIPAddressesEnabled=false ] --> header in the various HTML files involved in these tests.
Attachments
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2020-11-16 06:56:27 PST
(In reply to Frédéric Wang (:fredw) from
comment #0
)
> An alternative would be to force TrustworthyLoopbackIPAddressesEnabled to be > disabled during these tests, so that these PNG images are not treated as > secure, but I was not able to do that even by adding a > > <!-- webkit-test-runner [ TrustworthyLoopbackIPAddressesEnabled=false ] --> > > header in the various HTML files involved in these tests.
Uh... maybe that indicates that the ServiceWorker code is missing mixed content checks where required? That seems much more likely than a problem with the preferences, right?
Frédéric Wang (:fredw)
Comment 2
2020-11-17 03:40:01 PST
(In reply to Michael Catanzaro from
comment #1
)
> (In reply to Frédéric Wang (:fredw) from
comment #0
) > > An alternative would be to force TrustworthyLoopbackIPAddressesEnabled to be > > disabled during these tests, so that these PNG images are not treated as > > secure, but I was not able to do that even by adding a > > > > <!-- webkit-test-runner [ TrustworthyLoopbackIPAddressesEnabled=false ] --> > > > > header in the various HTML files involved in these tests. > > Uh... maybe that indicates that the ServiceWorker code is missing mixed > content checks where required? That seems much more likely than a problem > with the preferences, right?
Yes, that makes sense. I guess we'll need to investigate this a bit more...
Radar WebKit Bug Importer
Comment 3
2020-11-18 02:00:35 PST
<
rdar://problem/71529894
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug