Bug 243252
| Summary: | WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the owner's URL | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> |
| Component: | WebCore Misc. | Assignee: | Chris Dumez <cdumez> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Chris Dumez
WorkerGlobalScope.isSecureContext should be based on owner's top-level creation URL, not the owner's URL:
- https://html.spec.whatwg.org/multipage/webappapis.html#secure-context
This means that if a worker created in a HTTPS iframe, under a HTTP top-level document should not be considered as secure.
This is causing us to fail the "HTTPS worker from HTTPS subframe" subtest on secure-contexts/basic-dedicated-worker.html WPT test. This test is passing in both Gecko and Blink.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Chris Dumez
Pull request: https://github.com/WebKit/WebKit/pull/2780
EWS
Committed 252913@main (abdef0407a12): <https://commits.webkit.org/252913@main>
Reviewed commits have been landed. Closing PR #2780 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/97727226>