http/tests/security/basic-auth-subresource.html and some other http auth tests are flaky: --- /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-expected.txt +++ /Volumes/Data/WebKit/OpenSource/WebKitBuild/Release-iphonesimulator/layout-test-results/http/tests/security/basic-auth-subresource-actual.txt @@ -5,9 +5,11 @@ 127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. +127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked http://localhost:8000/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. +127.0.0.1:8000 - didReceiveAuthenticationChallenge - ProtectionSpaceAuthenticationSchemeHTTPBasic - Responding with testUser:testPassword CONSOLE MESSAGE: Blocked https://127.0.0.1:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/resources/subresource2/protected-image.py from asking for credentials because it is a cross-origin request. Tests whether credentials are requested for protected subresources. Credentials should be requested if and only if the origin of the subresource matches the origin of the top-most frame.
<rdar://85150486>
Created attachment 447160 [details] Patch
Created attachment 447163 [details] Patch
Impacted tests: http/tests/misc/authentication-redirect-1/authentication-sent-to-redirect-cross-origin.html http/tests/misc/authentication-redirect-2/authentication-sent-to-redirect-same-origin.html http/tests/misc/authentication-redirect-3/authentication-sent-to-redirect-same-origin-with-location-credentials.html http/tests/misc/authentication-redirect-4/authentication-sent-to-redirect-same-origin-url.html http/tests/security/basic-auth-subresource.html http/tests/security/credentials-from-different-domains.html http/tests/security/credentials-main-resource.html http/tests/security/sync-xhr-partition.html
Comment on attachment 447163 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=447163&action=review > Source/WebCore/platform/network/ProtectionSpaceHash.h:43 > + WTF::add(hasher, protectionSpace.host()); > + WTF::add(hasher, protectionSpace.port()); > + WTF::add(hasher, protectionSpace.serverType()); > + WTF::add(hasher, protectionSpace.authenticationScheme()); > + if (!protectionSpace.isProxy()) > + WTF::add(hasher, protectionSpace.realm()); Should not need the WTF:: prefixes.
Created attachment 447232 [details] Patch for landing
Committed r287077 (245272@main): <https://commits.webkit.org/245272@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447232 [details].
Follow-up build fix: <https://commits.webkit.org/r287107>.