243252 – WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the owner's URL

RESOLVED FIXED243252

WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the owner's URL

https://bugs.webkit.org/show_bug.cgi?id=243252

Summary WorkerGlobalScope.isSecureContext should be based on owner's top URL, not the...

Chris Dumez

Reported 2022-07-27 09:00:32 PDT

WorkerGlobalScope.isSecureContext should be based on owner's top-level creation URL, not the owner's URL: - https://html.spec.whatwg.org/multipage/webappapis.html#secure-context This means that if a worker created in a HTTPS iframe, under a HTTP top-level document should not be considered as secure. This is causing us to fail the "HTTPS worker from HTTPS subframe" subtest on secure-contexts/basic-dedicated-worker.html WPT test. This test is passing in both Gecko and Blink.

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2022-07-27 09:04:36 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2780

EWS

Comment 2 2022-07-28 09:24:17 PDT

Committed 252913@main (abdef0407a12): <https://commits.webkit.org/252913@main> Reviewed commits have been landed. Closing PR #2780 and removing active labels.

Radar WebKit Bug Importer

Comment 3 2022-07-28 09:25:18 PDT

<rdar://problem/97727226>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Chris Dumez

Reported

2022-07-27 09:00 PDT

Modified

2022-07-28 09:25 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks