RESOLVED FIXED 265388
REGRESSION ( 271130@main ): [ macOS wk1 ] 4 tests in http/tests/security/mixedContent are a consistent failure 
https://bugs.webkit.org/show_bug.cgi?id=265388
Summary REGRESSION ( 271130@main ): [ macOS wk1 ] 4 tests in http/tests/security/mixe...
Marta Darbinyan
Reported 2023-11-27 09:21:16 PST
Description: The following tests are constantly failing on macOS wk1 since 271130@main was committed. http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html History: https://results.webkit.org/?version_name=Monterey&version_name=Sonoma&version_name=Ventura&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-image-redirects-to-basic-auth-secure-image.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html Diff Log: @@ -1,7 +1,5 @@ CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-redirects-to-basic-auth-secure-image.html was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.py?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py. -CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request. -CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request. CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request. This test opens a new window to a secure page that loads an insecure image that redirects to a secure image guarded by basic authentication. The secure image should be blocked because it requires credentials and was loaded via an insecure redirect. Link: https://build.webkit.org/results/Apple-Sonoma-Debug-AppleSilicon-WK1-Tests/271143@main%20(719)/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-pretty-diff.html
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-11-27 09:21:48 PST
<rdar://problem/118836741>
EWS
Comment 2 2023-11-27 10:19:45 PST
Test gardening commit 271151@main (825b8975e975): <https://commits.webkit.org/271151@main> Reviewed commits have been landed. Closing PR #20938 and removing active labels.
Anne van Kesteren
Comment 3 2023-11-28 01:44:14 PST
Pull request: https://github.com/WebKit/WebKit/pull/20981
EWS
Comment 4 2023-11-28 09:04:27 PST
Committed 271220@main (bb9db9eb4700): <https://commits.webkit.org/271220@main> Reviewed commits have been landed. Closing PR #20981 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.