8 failing web-platform-tests for Web Crypto that pass in Firefox and Edge |
|
Issue descriptionhttp://w3c-test.org/WebCryptoAPI/digest/test_digest.html http://w3c-test.org/WebCryptoAPI/generateKey/test_aes-cbc.html http://w3c-test.org/WebCryptoAPI/generateKey/test_successes.html http://w3c-test.org/WebCryptoAPI/generateKey/test_successes_AES-CBC.html http://w3c-test.org/WebCryptoAPI/generateKey/test_successes_AES-GCM.html http://w3c-test.org/WebCryptoAPI/generateKey/test_successes_AES-KW.html http://w3c-test.org/WebCryptoAPI/generateKey/test_successes_RSA-OAEP.html http://w3c-test.org/WebCryptoAPI/idlharness.html These failures need analysis, but may point to low-hanging fruit for improving interop. Judgement is required, the failures may be entangled with spec issues. See issue 651572 for the source of this data, which includes failing subtests. Note: Results may have changed in the interim.
,
Sep 30 2016
Hmm, when I filed the first of these bugs I couldn't reach https://w3c-test.org/ and just assumed it wasn't set up at all. Are there tests in web-platform-tests that verify that Web Crypto isn't supported on non-secure origins?
,
Sep 30 2016
> Are there tests in web-platform-tests that verify that Web Crypto isn't supported on non-secure origins? Not that I am aware of.
,
Sep 30 2016
OK, thanks, and sorry for the noise. |
|
►
Sign in to add a comment |
|
Comment 1 by eroman@chromium.org
, Sep 30 2016Thanks for filing a report. These failures are expected. The given error is: NotSupportedError: Only secure origins are allowed (see: https://goo.gl/Y0ZkNV). The correct way to run these tests in Chrome is to change the URL from http://XXX to https://XXX I confirmed that they work when run over https://XXX As far as whether Chrome is correct to fail on non-secure origins, there has been a lot of discussion around this. This discussion is now resolved though: https://github.com/w3c/webcrypto/issues/28 The spec now mandates secure origin, so implementations will (hopefully) soon be aligning on this behavior.