http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load.html This is a flakey failure on both BigSur WK1/Wk2 Debug and Catalina Wk1/Wk2 Debug History: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2FcontentSecurityPolicy%2Fframe-src-cross-origin-load.html Text DIff: --- /Volumes/Data/worker/bigsur-release-tests-wk1/build/layout-test-results/http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-expected.txt +++ /Volumes/Data/worker/bigsur-release-tests-wk1/build/layout-test-results/http/tests/security/contentSecurityPolicy/frame-src-cross-origin-load-actual.txt @@ -1,6 +1,6 @@ CONSOLE MESSAGE: Refused to load https://localhost:8443/security/contentSecurityPolicy/resources/alert-fail.html because it does not appear in the frame-src directive of the Content Security Policy. +CONSOLE MESSAGE: PASS ALERT: PASS -CONSOLE MESSAGE: PASS IFrames blocked by CSP should generate a 'load' event, regardless of blocked state. This means they appear to be normal cross-origin loads, thereby not leaking URL information directly to JS. On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".