Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 48528588dbf2e7fccb99c339a95193b4311fd051
https://github.com/WebKit/WebKit/commit/48528588dbf2e7fccb99c339a95193b4311fd051
Author: Ruthvik Konda <[email protected]>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-insecure-css.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-http-to-https-script.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe.html
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt
M
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html
M LayoutTests/platform/ios-site-isolation/TestExpectations
M LayoutTests/platform/mac-site-isolation/TestExpectations
R
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt
R
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt
R
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt
Log Message:
-----------
[Site Isolation] Fix SI upgrade-insecure-requests test failures
https://bugs.webkit.org/show_bug.cgi?id=303951
rdar://166258180
Reviewed by Sihui Liu.
These tests were failing due to frame loading callback differences. With site
isolation on, frame load order output is indeterministic.
Similar to https://commits.webkit.org/304243@main, frame load callbacks are
currently present because the tests were
written about a decade ago (for example,
https://commits.webkit.org/176539@main). In the past, the frame load output was
almost certainly
used for debugging.
However today, the frame load callbacks do not contribute anything useful to
these upgrade-insecure-requests tests and they should be removed.
upgrade-insecure-requests is a CSP directive that allows developers to upgrade
blockable content (the mixed content spec
only upgrades upgradeable content by default. blockable content is blocked by
default). So for these tests, verification of success
is tested by making sure that no mixed content console warnings (ex. CONSOLE
MESSAGE: [blocked]) are emitted in the expected.txt.
To make the tests more robust, rather than just rely on the absence of mixed
content violation messages, I added additional machinery
to confirm that the upgrade+load actually succeeded for all the resources. One
of the tests needed its port number changed from
8080 to 8443 in order to correctly confirm the load succeeded (this doesn't
change the test logic at all).
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-insecure-css.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-http-to-https-script.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/resources/frame-with-redirect-https-to-http-script.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe.html:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
*
LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe.html:
* LayoutTests/platform/ios-site-isolation/TestExpectations:
* LayoutTests/platform/mac-site-isolation/TestExpectations:
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-css-in-iframe-expected.txt:
Removed.
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-http-to-https-script-in-iframe-expected.txt:
Removed.
*
LayoutTests/platform/wk2/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-redirect-https-to-http-script-in-iframe-expected.txt:
Removed.
Canonical link: https://commits.webkit.org/304370@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
