Cross origin isolation doesn't happen when going from an HTTP URL to a HTTPS one with COOP+COEP. The COOP header is ignored for non-secure contexts. However, our check is slightly wrong and we always check if the source of the navigation is a secure context or not.
<rdar://problem/82630927>
Created attachment 437058 [details] Patch
Committed r281935 (241244@main): <https://commits.webkit.org/241244@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 437058 [details].
The test added in this change is flaky on GTK, sometimes passing and sometimes failing like this: --- /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-expected.txt +++ /home/buildbot/worker/gtk-linux-64-release-skip-failing-tests/build/layout-test-results/http/wpt/cross-origin-opener-policy/non-secure-to-secure-context-navigation.https-actual.txt @@ -1,3 +1,3 @@ -PASS Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one +FAIL Make sure that COOP causes a browsing context group switch when navigating from a secure context to a non-secure one assert_true: Window should be closed expected true got false