Filed by: csabou [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=399723199&repo=mozilla-central
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/YMjadXgGSPqRAI3DulHR8A/runs/0/artifacts/public/logs/live_backing.log

There are several tests here that either have unexpected pass or fail. The list is:

11:23:07 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context. - expected FAIL
66240	11:23:07 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context. - expected FAIL
66342	11:23:11 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html | Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context. - expected FAIL
66345	11:23:11 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html | Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
66348	11:23:11 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.http-rp/opt-in/websocket.https.html | Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
66448	11:23:14 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/xhr.https.html | Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context. - expected FAIL
66451	11:23:14 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/xhr.https.html | Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context. - expected FAIL
66553	11:23:19 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/opt-in/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context. - expected FAIL
66654	11:23:22 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/opt-in/websocket.https.html | Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context. - expected FAIL
66657	11:23:22 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.meta/opt-in/websocket.https.html | Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
66660	11:23:22 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.meta/opt-in/websocket.https.html | Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
66760	11:23:26 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/opt-in/xhr.https.html | Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context. - expected FAIL
66861	11:23:30 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/unset/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context. - expected FAIL
66864	11:23:30 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/unset/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context. - expected FAIL
66965	11:23:33 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/unset/websocket.https.html | Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context. - expected FAIL
66968	11:23:33 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.meta/unset/websocket.https.html | Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
66971	11:23:33 INFO - TEST-UNEXPECTED-FAIL | /mixed-content/gen/worker-module-data.meta/unset/websocket.https.html | Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context. - assert_equals: The resource request should be 'blocked'. expected "blocked" but got "allowed"
67071	11:23:37 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/unset/xhr.https.html | Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context. - expected FAIL
67074	11:23:37 INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.meta/unset/xhr.https.html | Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context. - expected FAIL

[task 2022-12-15T11:23:06.067Z] 11:23:06     INFO - TEST-START | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html
[task 2022-12-15T11:23:06.081Z] 11:23:06     INFO - Setting pref network.prefetch-next.aggressive to true
[task 2022-12-15T11:23:07.242Z] 11:23:07     INFO - 
[task 2022-12-15T11:23:07.242Z] 11:23:07     INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context. - expected FAIL
[task 2022-12-15T11:23:07.242Z] 11:23:07     INFO - TEST-INFO | expected FAIL
[task 2022-12-15T11:23:07.243Z] 11:23:07     INFO - 
[task 2022-12-15T11:23:07.243Z] 11:23:07     INFO - TEST-UNEXPECTED-PASS | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html | Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context. - expected FAIL
[task 2022-12-15T11:23:07.243Z] 11:23:07     INFO - TEST-INFO | expected FAIL
[task 2022-12-15T11:23:07.249Z] 11:23:07     INFO - ........
[task 2022-12-15T11:23:07.249Z] 11:23:07     INFO - TEST-OK | /mixed-content/gen/worker-module-data.http-rp/opt-in/fetch.https.html | took 1177ms

We probably just need to amend the test annotation here, given bug 1247687 just landed three hours ago.
@Tomer can you take a look?

Set release status flags based on info from the regressing bug 1247687

Sure, I am on it :)

:yulia, since you are the author of the regressor, bug 1247687, could you take a look?

For more information, please visit auto_nag documentation.

I'm surprised this didn't come up when I was running WPT tests for workers, but I see there are a couple of failures among the passes. Could this be that this is due to us deviating from the specification (see the discussion here: https://github.com/w3c/webappsec-csp/issues/336#issuecomment-1274703333) with regards to static imports inheriting the main worker's CSP information rather than the document? Let me know if I can help.

Yulia: But the issue you're linking to is about mixed-content, not CSP - right?
Tomer said he can going to look through the failures and help distinguishing between expected & unexpected failures.

Workers per spec used to inherit policy information from the main document, making their global different from main thread globals. That was recently changed, kind of -- all worker loaded content now inherits from the worker, not from the document. This is except for static imports which were just implemented, which still inherit the document in the spec, but not in our implementation.

However, the tests are written with the csp being inherited from the document for static workers. The pattern looks the same as for the CSP tests. We use the headers file for the fetch and websocket to load the content policy to block mixed content. The failures all indicate that no CSP to block mixed content is being used (all of the expected allows now pass, all of the expected blocks now fail), and if my hunch is right, then this is expected as we aren't inheriting from the document.

As we aren't inheriting that intentionally, I adjusted our tests under web-platform/mozilla/tests to instead use the CSP as provided by the worker. You can see those changes here: https://phabricator.services.mozilla.com/D162742

But I may have done this wrong, or I might be wrong about the cause, so open to suggestions here.

Yulia, the relanding of https://bugzilla.mozilla.org/show_bug.cgi?id=1247687#c83 brought this up again. Could you have a look over it?
Treeherder link.

This appears to have been fixed elsewhere.