Bug 265388

Summary:	REGRESSION ( 271130@main ): [ macOS wk1 ] 4 tests in http/tests/security/mixedContent are a consistent failure
Product:	WebKit	Reporter:	Marta Darbinyan <darbinyan>
Component:	New Bugs	Assignee:	Anne van Kesteren <annevk>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Description Marta Darbinyan 2023-11-27 09:21:16 PST

Description:
The following tests are constantly failing on macOS wk1 since 271130@main was committed.

http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html	
http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html	
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html	
http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

History:
https://results.webkit.org/?version_name=Monterey&version_name=Sonoma&version_name=Ventura&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=http%2Ftests%2Fsecurity%2FmixedContent%2Finsecure-image-redirects-to-basic-auth-secure-image.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html&test=http%2Ftests%2Fsecurity%2FmixedContent%2Fsecure-redirect-to-secure-redirect-to-basic-auth-secure-image.https.html

Diff Log:
@@ -1,7 +1,5 @@
 CONSOLE MESSAGE: The page at https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-image-redirects-to-basic-auth-secure-image.html was allowed to display insecure content from http://127.0.0.1:8080/resources/redirect.py?url=https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py.
 
-CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request.
-CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request.
 CONSOLE MESSAGE: Blocked https://localhost:8443/security/mixedContent/resources/subresource/protected-image.py from asking for credentials because it is a cross-origin request.
 This test opens a new window to a secure page that loads an insecure image that redirects to a secure image guarded by basic authentication. The secure image should be blocked because it requires credentials and was loaded via an insecure redirect.
 

Link:
https://build.webkit.org/results/Apple-Sonoma-Debug-AppleSilicon-WK1-Tests/271143@main%20(719)/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image-pretty-diff.html

Comment 1 Radar WebKit Bug Importer 2023-11-27 09:21:48 PST

<rdar://problem/118836741>

Comment 2 EWS 2023-11-27 10:19:45 PST

Test gardening commit 271151@main (825b8975e975): <https://commits.webkit.org/271151@main>

Reviewed commits have been landed. Closing PR #20938 and removing active labels.

Comment 3 Anne van Kesteren 2023-11-28 01:44:14 PST

Pull request: https://github.com/WebKit/WebKit/pull/20981

Comment 4 EWS 2023-11-28 09:04:27 PST

Committed 271220@main (bb9db9eb4700): <https://commits.webkit.org/271220@main>

Reviewed commits have been landed. Closing PR #20981 and removing active labels.