Bugzilla

I would honestly have expected mixed content to work (and thought it was working). Workers used to inherit policy information from the main document, making their global different from main thread globals. That was changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used, and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

I would honestly have expected mixed content to work (and thought it was working). Workers used to inherit policy information from the main document, making their global different from main thread globals. That was changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used, and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I have done this wrong, or I might be wrong about the cause, so open to suggestions here.

I would honestly have expected mixed content to work (and thought it was working). Workers used to inherit policy information from the main document, making their global different from main thread globals. That was changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used (all of the expected allows now pass, all of the expected blocks now fail), and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I have done this wrong, or I might be wrong about the cause, so open to suggestions here.

I would honestly have expected mixed content to work (and thought it was working). Workers per spec used to inherit policy information from the main document, making their global different from main thread globals. That was recently changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used (all of the expected allows now pass, all of the expected blocks now fail), and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I have done this wrong, or I might be wrong about the cause, so open to suggestions here.

Workers per spec used to inherit policy information from the main document, making their global different from main thread globals. That was recently changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used (all of the expected allows now pass, all of the expected blocks now fail), and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I have done this wrong, or I might be wrong about the cause, so open to suggestions here.

Workers per spec used to inherit policy information from the main document, making their global different from main thread globals. That was recently changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation. 

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the [fetch](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html.headers) and [websocket](https://searchfox.org/mozilla-central/source/testing/web-platform/tests/mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html.headers) to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used (all of the expected allows now pass, all of the expected blocks now fail), and if my hunch is right, then this is expected as we aren't inheriting from the document. 

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I may have done this wrong, or I might be wrong about the cause, so open to suggestions here.