[Webkit-unassigned] [Bug 218795] New: Layout test imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html and fetch-mixed-content-to-outscope.https.html failing

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 11 01:59:39 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=218795

            Bug ID: 218795
           Summary: Layout test
                    imported/w3c/web-platform-tests/service-workers/servic
                    e-worker/fetch-mixed-content-to-inscope.https.html and
                    fetch-mixed-content-to-outscope.https.html failing
           Product: WebKit
           Version: Other
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Tools / Tests
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fred.wang at free.fr
                CC: youennf at gmail.com
        Depends on: 218623
            Blocks: 171934

After bug 218623,

imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html
imported/w3c/web-platform-tests/service-workers/service-worker/fetch-mixed-content-to-outscope.https.html 

are failing. They do a complicate nesting of resource loading which arrives at service-workers/service-worker/resources/fetch-mixed-content-iframe-inscope-to-*html which loads

   http://127.0.0.1:8800(...)fetch-access-control.py?PNGIMAGE" 
  ./dummy?url=http://127.0.0.1:8800(...)fetch-access-control.py?PNGIMAGE" 

as images. The test expects page load to fail but that's no longer the case with loopback IP addresses treated as secure. 

The corresponding tests at wpt.live

https://wpt.live/service-workers/service-worker/fetch-mixed-content-to-inscope.https.html
https://wpt.live/service-workers/service-worker/fetch-mixed-content-to-outscop.https.html

still pass, since they don't use loopback IP addresses. So maybe it's a problem in our test infra as suggested in bug 218623 comment 9.

An alternative would be to force TrustworthyLoopbackIPAddressesEnabled to be disabled during these tests, so that these PNG images are not treated as secure, but I was not able to do that even by adding a

<!-- webkit-test-runner [ TrustworthyLoopbackIPAddressesEnabled=false ] -->

header in the various HTML files involved in these tests.


Referenced Bugs:

https://bugs.webkit.org/show_bug.cgi?id=171934
[Bug 171934] Don't treat loopback addresses (127.0.0.0/8, ::1/128, localhost, .localhost) as mixed content
https://bugs.webkit.org/show_bug.cgi?id=218623
[Bug 218623] Don't treat loopback IP addresses (127.0.0.0/8, ::1/128) as mixed content
-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201111/f735647e/attachment.htm>

More information about the webkit-unassigned mailing list