Closed Bug 1685359 Opened 6 months ago Closed 4 months ago

Fix failing DOM:Web Authentication tests with cross-origin

Categories

(Core :: DOM: Web Authentication, defect)

Product:
Core
Component:
DOM: Web Authentication
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1579278
Project Flags:
Fission Milestone M7

People

(Reporter: neha, Assigned: rmf)

References

(Blocks 1 open bug)

Details

Attachments

(1 obsolete file)

The following tests fail with cross-origin enabled AND Fission disabled (they pass for Fission AND xorigin enabled). This is very suspicious and most likely, the test (or the feature itself) needs to be fixed for cross-origin behavior. It's also possible that by design, these tests (and features) are not expected to work cross-origin, and if that's the case, it should be noted in the .ini file(s).

dom/webauthn/tests/test_webauthn_abort_signal.html
dom/webauthn/tests/test_webauthn_attestation_conveyance.html
dom/webauthn/tests/test_webauthn_authenticator_selection.html
dom/webauthn/tests/test_webauthn_authenticator_transports.html
dom/webauthn/tests/test_webauthn_get_assertion.html
dom/webauthn/tests/test_webauthn_make_credential.html
dom/webauthn/tests/test_webauthn_store_credential.html

These are tracked for Fission mochitests work at https://docs.google.com/spreadsheets/d/16G5AZhHWWow3rBgim4QBHzWXMIIJiky2SzXYgDMTTKY/edit?skip_itp2_check=true&pli=1#gid=1354562828&range=20:27

Blocks: fission-mochitests
Summary: Fix failing DOM:Web Authentication tests with Fission → Fix failing DOM:Web Authentication tests with cross-origin

Tracking these test failures for Fission M7 Beta. We need to investigate whether why these tests fail for xorigin && !fission but pass for xorigin && fission. This is probably a test bug.

Fission Milestone: --- → M7

The current list of Web Authentication tests that fail in xorigin mode:

https://searchfox.org/mozilla-central/rev/d5e98892f9553f9113e69c585308008e681e19c9/dom/webauthn/tests/mochitest.ini#10-25,28-31

Some always fail in xorigin mode and some unexpectedly pass when Fission is enabled, which is not good either:

[test_webauthn_abort_signal.html]
fail-if = (xorigin && !fission)
[test_webauthn_attestation_conveyance.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_authenticator_selection.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_authenticator_transports.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_loopback.html]
skip-if = xorigin # Hangs, JavaScript error: https://example.org/tests/SimpleTest/SimpleTest.js, line 76: DataCloneError: The object could not be cloned.
[test_webauthn_no_token.html]
skip-if = xorigin # JavaScript error: https://example.org/tests/SimpleTest/SimpleTest.js, line 76: DataCloneError: The object could not be cloned.
[test_webauthn_make_credential.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_get_assertion.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_store_credential.html]
fail-if = (xorigin && !fission) # NotAllowedError
[test_webauthn_sameorigin.html]
fail-if = xorigin # NotAllowedError

Based on the spec it appears as though some of the APIs being tested require that the calling document have sameOriginWithAncestors be true, while xorigin tests inherently force this to be false, as they're running in a cross-origin iframe, so it's probably expected that these tests will fail under xorigin tests.

it's much more worrying that the tests don't fail with xorigin && fission, as that means that whatever check the webauthn code is doing to make sure that there are no cross-origin ancestors is broken with Fission enabled. I think the root of at least some of this issue is probably the IsSameOriginWithAncestors call, which looks like it's going to be fixed by bug 1579278 - so we should come back to these tests and make sure that they reliably fail in the correct way in xorigin tests after that bug is fixed. Ni? :rmf to take a look at this bug when they're done with bug 1579278.

We should also likely make a test which explicitly makes sure that these tests fail correctly in the xorigin case.

Flags: needinfo?(bugs)
Status: NEW → RESOLVED
Closed: 4 months ago
Flags: needinfo?(bugs)
Resolution: --- → DUPLICATE
Duplicate of bug: 1579278
Assignee: nobody → bugs

Martinho, this bug was specifically for fixing these tests that were weirdly failing with xorigin && !fission, which kmag has done in bug 1579278, and now these just fail with xorigin.
You should file a separate bug for fixing these for xorigin, or for marking them as expected failures for xorigin, if they aren't meant to be run in xorigin mode anyway. I see that you've added a new xorigin test to webauthn, that's great but should be done in a separate bug.

Comment on attachment 9203423 [details]
Bug 1685359 - Fix failing DOM:Web Authentication tests with cross-origin

Revision D105315 was moved to bug 1694639. Setting attachment 9203423 [details] to obsolete.

Attachment #9203423 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.