[webkit-changes] [WebKit/WebKit] a1ffad: Enable upgrading mixed content in mixed security c...

Matthew Finkel noreply at github.com
Fri Feb 16 07:27:31 PST 2024


  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a1ffadc325c11e30687205dc917d8ee220158ca3
      https://github.com/WebKit/WebKit/commit/a1ffadc325c11e30687205dc917d8ee220158ca3
  Author: Matthew Finkel <sysrqb at apple.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M LayoutTests/TestExpectations
    M LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin.https.html
    M LayoutTests/http/tests/inspector/network/loadResource-insecure-resource.html
    M LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https.html
    M LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https.html
    M LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin.html
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/same-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https.html
    M LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-blob-url-iframe-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-cors.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades.html
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-audio-video-in-main-frame-expected.txt
    M LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-image-in-main-frame-expected.txt
    M LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt
    M LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image.https.html
    M LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies.html
    M LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe.html
    A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-expected.txt
    A LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors.html
    M LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html
    M LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block.html
    M LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script.html
    M LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies.html
    M LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet.html
    M LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    M LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html
    M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html
    M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html
    M LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html
    M LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html
    M LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html
    M LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html
    M LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html
    M LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt
    M LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-expected.txt
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https.html
    M LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html
    M LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=(Document_Window)-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/audio-tag.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https.html
    A LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/img-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/img-tag.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/video-tag.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/audio-tag.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/video-tag.https.html
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/audio-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/img-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/picture-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/video-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/imageset.https.sub-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/unset/img-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/srcdoc-inherit.meta/unset/img-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/top.meta/unset/img-tag.https-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/worklets/audio-worklet-csp.https-expected.txt
    M LayoutTests/platform/glib/TestExpectations
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=(Document_Window)-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/audio-tag.https-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/img-tag.https-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/picture-tag.https-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/video-tag.https-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/imageset.https.sub-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt
    R LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt
    A LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https-expected.txt
    M LayoutTests/platform/glib/imported/w3c/web-platform-tests/worklets/audio-worklet-csp.https-expected.txt
    M LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt
    M LayoutTests/platform/mac-wk1/TestExpectations
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
    R LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
    M LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt
    R LayoutTests/platform/mac/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt
    A LayoutTests/platform/wk2/http/tests/referrer-policy-img/same-origin/cross-origin-http.https-expected.txt
    R LayoutTests/platform/wpe/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-referrer-expected.txt
    M Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm
    M Tools/TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp

  Log Message:
  -----------
  Enable upgrading mixed content in mixed security contexts
https://bugs.webkit.org/show_bug.cgi?id=268823
rdar://122385309

Reviewed by Youenn Fablet.

Enable Mixed Content Level 2 by moving UpgradeMixedContentEnabled to stable.

https://www.w3.org/TR/mixed-content/

This change disables the UpgradeMixedContentEnabled preference in many existing
tests because I introduced duplicate tests where the preference is enable for
each of them in 274409 at main. This change also disables the preference for
block-all-mixed-content tests, because upgrading mixed content is mutually
exclusive from block-all-mixed-content (and the current mixed-content spec
deprecates the block-all-mixed-content directive).

Unfortunately, I'm marking some mac-wk1 tests as flakey as part of this change
because some console logs are different with multiple iterations.

* LayoutTests/TestExpectations:
* LayoutTests/http/tests/blink/sendbeacon/beacon-cross-origin.https.html:
* LayoutTests/http/tests/inspector/network/loadResource-insecure-resource.html:
* LayoutTests/http/tests/navigation/ping-attribute/anchor-cross-origin-from-https.html:
* LayoutTests/http/tests/navigation/ping-attribute/area-cross-origin-from-https.html:
* LayoutTests/http/tests/navigation/ping-attribute/secure-anchor-cross-origin.html:
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer-when-downgrade/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/no-referrer/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/same-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/strict-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-iframe/unsafe-url/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/no-referrer-when-downgrade/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/no-referrer/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/same-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/strict-origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/strict-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-img/unsafe-url/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/no-referrer-when-downgrade/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/no-referrer/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/same-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/strict-origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/strict-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy-script/unsafe-url/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/no-referrer-when-downgrade/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/no-referrer/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/same-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/strict-origin-when-cross-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/strict-origin/cross-origin-http.https.html:
* LayoutTests/http/tests/referrer-policy/unsafe-url/cross-origin-http.https.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/1.1/securitypolicyviolation-block-image-https.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe-report-only.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-css-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-iframe-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-blob-url-iframe-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-enforced-and-report-policies.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe-with-inherited-policy.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-javascript-url-iframe-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-image-in-xslt-document-in-iframe-with-inherited-policy.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe-with-inherited-policy.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-script-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-asynchronous-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/insecure-xhr-synchronous-in-main-frame.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/block-all-mixed-content/secure-image-after-upgrade-redirect-in-iframe.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-after-redirect.https.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade-cors.https-expected.txt:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https-expected.txt:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/iframe-upgrade.https.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/proper-open-window-upgrades.html:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-audio-video-in-main-frame-expected.txt:
* LayoutTests/http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/upgrade-insecure-image-in-main-frame-expected.txt:
* LayoutTests/http/tests/security/mixedContent/import-insecure-script-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt:
* LayoutTests/http/tests/security/mixedContent/insecure-basic-auth-image.https.html:
* LayoutTests/http/tests/security/mixedContent/insecure-css-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-css-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/insecure-css-with-secure-cookies.html:
* LayoutTests/http/tests/security/mixedContent/insecure-executable-css-with-secure-cookies.html:
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/insecure-iframe-in-sandboxed-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors-expected.txt: Added.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame-with-cors.html: Copied from LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame.html.
* LayoutTests/http/tests/security/mixedContent/insecure-image-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/insecure-image-redirects-to-basic-auth-secure-image.html:
* LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie-block.html:
* LayoutTests/http/tests/security/mixedContent/insecure-image-with-securecookie.html:
* LayoutTests/http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html:
* LayoutTests/http/tests/security/mixedContent/insecure-script-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/insecure-script-redirects-to-basic-auth-secure-script.html:
* LayoutTests/http/tests/security/mixedContent/insecure-script-with-secure-cookies.html:
* LayoutTests/http/tests/security/mixedContent/insecure-stylesheet-redirects-to-basic-auth-secure-stylesheet.html:
* LayoutTests/http/tests/security/mixedContent/insecure-xhr-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt:
* LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt:
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html:
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies-block.html:
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-image-secure-cookies.html:
* LayoutTests/http/tests/security/mixedContent/redirect-https-to-http-script-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-insecure-redirect-to-basic-auth-secure-image.https.html:
* LayoutTests/http/tests/security/mixedContent/secure-redirect-to-secure-redirect-to-basic-auth-insecure-image.https.html:
* LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-iframe.html:
* LayoutTests/http/tests/security/mixedContent/websocket/insecure-websocket-in-main-frame.html:
* LayoutTests/http/tests/security/mixedcontent-geolocation-block-insecure-content.html:
* LayoutTests/http/tests/security/mixedcontent-geolocation-expected.txt:
* LayoutTests/http/tests/ssl/mixedContent/insecure-websocket-expected.txt:
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-http-with-embedded-https-expected.txt:
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked-https-with-embedded-http-with-embedded-https.https.html:
* LayoutTests/http/tests/websocket/tests/hybi/non-document-mixed-content-blocked.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/content-security-policy/reporting/report-original-url-on-mixed-content-frame.https.sub.html:
* LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=(Document_Window)-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/audio-tag.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/beacon.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/img-tag.https-expected.txt: Added.
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/img-tag.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.http-rp/opt-in/video-tag.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/audio-tag.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/beacon.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/opt-in/video-tag.https.html:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/audio-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/img-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/picture-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/video-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/imageset.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/unset/img-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/srcdoc-inherit.meta/unset/img-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/upgrade-insecure-requests/gen/top.meta/unset/img-tag.https-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/worklets/audio-worklet-csp.https-expected.txt:
* LayoutTests/platform/glib/TestExpectations:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/fetch/cross-origin-resource-policy/scheme-restriction.https.window-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_exclude=(Document_Window_HTML._)-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=(Document_Window)-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/audio-tag.https-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/img-tag.https-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/picture-tag.https-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/gen/top.meta/unset/video-tag.https-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/imageset.https.sub-expected.txt:
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/audio-upgrade.https.sub-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/image-upgrade.https.sub-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/mixed-content/tentative/autoupgrades/video-upgrade.https.sub-expected.txt: Removed.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https-expected.txt: Copied from LayoutTests/imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https-expected.txt.
* LayoutTests/platform/glib/imported/w3c/web-platform-tests/worklets/audio-worklet-csp.https-expected.txt:
* LayoutTests/platform/ios-wk2/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt:
* LayoutTests/platform/mac-wk1/TestExpectations:
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt: Removed.
* LayoutTests/platform/mac-wk1/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt: Removed.
* LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/html/dom/idlharness.https_include=HTML._-expected.txt:
* LayoutTests/platform/mac/http/tests/security/mixedContent/insecure-audio-video-in-main-frame-expected.txt: Removed.
* LayoutTests/platform/wk2/http/tests/referrer-policy-img/same-origin/cross-origin-http.https-expected.txt: Added.
* LayoutTests/platform/wpe/imported/w3c/web-platform-tests/workers/modules/shared-worker-import-referrer-expected.txt: Removed.
* Source/WTF/Scripts/Preferences/UnifiedWebPreferences.yaml:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
(TestWebKitAPI::webViewWithNavigationDelegate):
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebKitGLib/TestSSL.cpp:
(testInsecureContent):

Canonical link: https://commits.webkit.org/274826@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list