<rdar://problem/119349300>

This is easily reproducible at Sonoma Release WK1 ToT running the test as follows: run-webkit-tests imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html -1 --force There's already an expectation marked for this test because it was slowing down EWS. It appears that this test has been failing on macOS WK1 only for at least 50,000 commits if not more.

My mistake, I thought this had been failing for longer than it has been. As it turns out, I was able to discover a regression point. https://commits.webkit.org/266644@main is what broke this test I verified it by checking out my head back to 266643@main, and running the test on a ToT spade..

(In reply to Robert Jenner from comment #3) > My mistake, I thought this had been failing for longer than it has been. As > it turns out, I was able to discover a regression point. > https://commits.webkit.org/266644@main is what broke this test > > I verified it by checking out my head back to 266643@main, and running the > test on a ToT build.. Sorry, unfinished thought here. Running the repo steps above with your HEAD checked out to 266643@main, but running testing on the ToT build produces a pass. Checking out your HEAD to 266644@main, and running the tests again on the same ToT build produces the failure. So https://commits.webkit.org/266644@main is the culprit.

The original result for LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub-expected.txt was the result produced by WebKitLegacy. Either I had previously checked in a bad result for modern WebKit and didn’t notice it, or Ryan fixed a bug that was preventing the test from passing on all platforms. Either way, Ryan's work in 266644@main progressed this test case in modern WebKit, and he checked that expectation in. Unfortunately, WebKitLegacy relies on a PingHandle implementation that cannot authenticate against https (which is a missing feature in the entire deprecated WebKitLegacy platform for the old PingHandle implementation). We do to intend to invest time working on implementing such a feature in WebKitLegacy, so expect this test to fail. In the end, this was indeed just a Test Development bug. I need to check the correct expectation in for WebKitLegacy at which point the test system will be in the correct state. I'll land a WebKitLegacy test expectation so we can document the expected behavior. Note that the new logging shows that the load was blocked properly in WebKitLegacy. However, the report message never gets to the https endpoint because it needs the non-existant `canAuthenticateAgainstProtectionSpace` logic to work properly. (People: Don't use WebKitLegacy for things!)

PR: https://github.com/WebKit/WebKit/pull/28315

Committed 278543@main (c741b1a50100): <https://commits.webkit.org/278543@main> Reviewed commits have been landed. Closing PR #28315 and removing active labels.