243252 – WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the owner's URL

Bug 243252 - WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the owner's URL

Summary: WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-07-27 09:00 PDT by Chris Dumez
Modified:	2022-07-28 09:25 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2022-07-27 09:00:32 PDT

WorkerGlobalScope.isSecureContext should be based on owner's top-level creation URL, not the owner's URL:
- https://html.spec.whatwg.org/multipage/webappapis.html#secure-context

This means that if a worker created in a HTTPS iframe, under a HTTP top-level document should not be considered as secure.

This is causing us to fail the "HTTPS worker from HTTPS subframe" subtest on secure-contexts/basic-dedicated-worker.html WPT test. This test is passing in both Gecko and Blink.

Comment 1 Chris Dumez 2022-07-27 09:04:36 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2780

Comment 2 EWS 2022-07-28 09:24:17 PDT

Committed 252913@main (abdef0407a12): <https://commits.webkit.org/252913@main>

Reviewed commits have been landed. Closing PR #2780 and removing active labels.

Comment 3 Radar WebKit Bug Importer 2022-07-28 09:25:18 PDT

<rdar://problem/97727226>