Skip to content

Add WPT for no challenge in the Secure-Session-Registration header #56947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chromium-wpt-export-bot merged 1 commit into from
Jan 6, 2026

Add WPT for no challenge in the Secure-Session-Registration header

a35db0f
Select commit
Loading
Failed to load commit list.
Merged

Add WPT for no challenge in the Secure-Session-Registration header #56947

Add WPT for no challenge in the Secure-Session-Registration header
a35db0f
Select commit
Loading
Failed to load commit list.
Community-TC Integration / wpt-firefox-nightly-results succeeded Jan 6, 2026 in 10m 26s

Community-TC (pull_request)

Collect results for all tests affected by a pull request in firefox.

Details

View task in Taskcluster | View logs in Taskcluster | View task group in Taskcluster

Task Status

Started: 2026-01-06T17:57:07.328Z
Resolved: 2026-01-06T18:04:44.744Z
Task Execution Time: 7 minutes, 37 seconds, 416 milliseconds
Task Status: completed
Reason Resolved: completed
RunId: 0

Artifacts

- public/logs/live_backing.log
- public/logs/live.log
- public/results/checkrun.md
- public/results/wpt_report.json.gz
- public/results/wpt_screenshot.txt.gz

WPT Command: python3 ./wpt run --channel=nightly --no-fail-on-unexpected --log-wptreport=../artifacts/wpt_report.json --log-wptscreenshot=../artifacts/wpt_screenshot.txt --affected base_head --log-mach-level=info --log-mach=- -y --no-pause --no-restart-on-unexpected --install-fonts --verify-log-full --no-headless --binary=/home/test/build/firefox/firefox firefox

[taskcluster 2026-01-06 17:57:07.463Z] Task ID: a7Cz2SVzROOB4j9PV7UMZA
[taskcluster 2026-01-06 17:57:07.463Z] Worker ID: 2618009821012619818
[taskcluster 2026-01-06 17:57:07.463Z] Worker Group: us-central1-b
[taskcluster 2026-01-06 17:57:07.463Z] Worker Node Type: projects/757942385826/machineTypes/n2-standard-4
[taskcluster 2026-01-06 17:57:07.463Z] Worker Pool: proj-wpt/ci
[taskcluster 2026-01-06 17:57:07.463Z] Worker Version: 46.1.0
[taskcluster 2026-01-06 17:57:07.463Z] Public IP: 34.56.134.182
[taskcluster 2026-01-06 17:57:07.463Z] Hostname: proj-wpt-ci-otnrzuwqshmxkk5winc1iw

ac811f28856d - Started downloading
8f84a9f2102e - Started downloading
ac811f28856d - Downloaded in 0.034 seconds
40516d781e70 - Started downloading
44ebbf800033 - Started downloading
44ebbf800033 - Downloaded in 0.052 seconds
8f84a9f2102e - Downloaded in 0.211 seconds
4f4fb700ef54 - Started downloading
a8884b21e40e - Started downloading
79c347416ee8 - Started downloading
79c347416ee8 - Downloaded in 0.084 seconds

...(527 lines hidden)...

 3:56.08 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT Registration can't send back 403 with challenge - Test timed outNOTRUN Registration can send back challenge with session instructionsTIMEOUT /device-bound-session-credentials/registration-sends-challenge.https.html
 3:56.08 TEST_START: /device-bound-session-credentials/requests-have-query-params.https.html
 3:56.08 INFO Closing window 91af0da0-9154-40af-88bb-a334c2bbca09
 4:06.19 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Registration and refresh endpoints can contain query params - Test timed outTIMEOUT /device-bound-session-credentials/requests-have-query-params.https.html
 4:06.19 TEST_START: /device-bound-session-credentials/resolving-urls.https.html
 4:06.19 INFO Closing window added021-3d1f-4197-ae27-32c40bc92437
 4:16.28 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/3. Unexpected 3
TIMEOUT The registration and refresh endpoints can be configured as absolute URLs - Test timed outNOTRUN The registration and refresh endpoints can be configured as relative URLs with leading slashNOTRUN The registration and refresh endpoints can be configured as relative URLs without leading slashTIMEOUT /device-bound-session-credentials/resolving-urls.https.html
 4:16.28 TEST_START: /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
 4:16.28 INFO Closing window 68041914-98a2-46d2-a7e2-87229b29cc50
 4:26.39 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT An established session can refresh a cookie that has all default attributes - Test timed outTIMEOUT /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
 4:26.39 TEST_START: /device-bound-session-credentials/set-authorization.https.html
 4:26.39 INFO Closing window 38ca5dd1-fc89-46ca-9aff-43ea20f7022a
 4:36.51 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Session registration sends the authorization value - Test timed outTIMEOUT /device-bound-session-credentials/set-authorization.https.html
 4:36.51 TEST_START: /device-bound-session-credentials/set-early-challenge.https.html
 4:36.52 INFO Closing window f8f11455-4fd4-4b84-865a-67f69315f7c6
mem avail: 13893 of 15806 MiB (87.90%), swap free:    0 of    0 MiB ( 0.00%)
 4:46.63 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/3. Unexpected 3
TIMEOUT A challenge can be set ahead of time - Test timed outNOTRUN A challenge can be set for multiple sessions ahead of time (single header)NOTRUN A challenge can be set for multiple sessions ahead of time (multiple headers)TIMEOUT /device-bound-session-credentials/set-early-challenge.https.html
 4:46.63 TEST_START: /device-bound-session-credentials/set-scope-origin.https.html
 4:46.64 INFO Closing window d225ee90-b59b-400b-a43d-eaee36a828d7
 4:56.75 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT A request within the scope origin refreshes - Test timed outNOTRUN A request outside the scope origin does not refreshTIMEOUT /device-bound-session-credentials/set-scope-origin.https.html
 4:56.75 TEST_START: /device-bound-session-credentials/set-scope-specification.https.html
 4:56.75 INFO Closing window 87581c29-8b65-4abf-aacb-15f18b0f6441
 5:06.86 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Scope specification configuration is respected - Test timed outTIMEOUT /device-bound-session-credentials/set-scope-specification.https.html
 5:06.86 TEST_START: /device-bound-session-credentials/subdomain-registration.https.html
 5:06.87 INFO Closing window 45c57a9c-2af2-45a2-8435-77e6cce4ebde
 5:16.96 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT Registration fails without a .well-known - Test timed outNOTRUN Registration succeeds with a .well-knownTIMEOUT /device-bound-session-credentials/subdomain-registration.https.html
 5:16.96 TEST_START: /device-bound-session-credentials/third-party-registration.https.html
 5:16.96 INFO Closing window 50ca6063-8a8f-4120-bf66-0ba6955db70d
 5:17.23 wptserve WARNING Internal server error loading https://web-platform.test:8443/device-bound-session-credentials/login.py:
  Traceback (most recent call last):
    File "/home/test/web-platform-tests/tools/wptserve/wptserve/handlers.py", line 373, in __call__
    rv = self.func(request, response)

    File "/home/test/web-platform-tests/device-bound-session-credentials/login.py", line 22, in main
    test_session_manager = session_manager.find_for_request(request)

    File "/home/test/web-platform-tests/device-bound-session-credentials/session_manager.py", line 11, in find_for_request
    test_id = request.cookies.get(b'test_id').value.decode('utf-8')
  AttributeError: 'NoneType' object has no attribute 'value'

 5:17.27 pid:1426 JavaScript error: , line 0: TypeError: NetworkError when attempting to fetch resource.
 5:27.16 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/4. Unexpected 4
TIMEOUT Registration of first-party session not allowed in third-party context - Test timed outNOTRUN Registration of session with third-party cookies allowed in third-party contextNOTRUN Set challenge of first-party not allowed in third-party contextNOTRUN Set challenge of session with third-party cookies allowed in third-party contextTIMEOUT /device-bound-session-credentials/third-party-registration.https.html
 5:27.16 TEST_START: /device-bound-session-credentials/websockets.https.html
 5:27.16 INFO Closing window 646f0c7d-672e-4d7c-8727-6972a780be9d
 5:37.28 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT An established session applies to WebSocket handshakes - Test timed outTIMEOUT /device-bound-session-credentials/websockets.https.html
 5:37.28 INFO No more tests
 5:37.28 pid:1426 1767722678798	Marionette	INFO	Stopped listening on port 36933
 5:37.49 INFO Browser exited with return code -15
 5:37.33 INFO Closing logging queue
 5:37.33 INFO queue closed
 5:37.50 SUITE_END

web-platform-test
~~~~~~~~~~~~~~~~~
Ran 83 checks (56 subtests, 27 tests)
Expected results: 2
Unexpected results: 81
  test: 26 (26 timeout)
  subtest: 55 (29 notrun, 26 timeout)

Unexpected Results
------------------
/device-bound-session-credentials/allowed-refresh-initiators.https.html
  TIMEOUT An established session refreshes when initated by the owning site - Test timed out
  NOTRUN An established session refreshes when initated by a host in allowed_refresh_initiators
  NOTRUN An established session does not refresh when initated by a host not in allowed_refresh_initiators
  TIMEOUT /device-bound-session-credentials/allowed-refresh-initiators.https.html
/device-bound-session-credentials/clear-site-data.https.html
  TIMEOUT A session ended with Clear-Site-Data: 'cookies' does not refresh cookies - Test timed out
  NOTRUN A session ended with Clear-Site-Data: 'storage' does not refresh cookies
  TIMEOUT /device-bound-session-credentials/clear-site-data.https.html
/device-bound-session-credentials/create-session.https.html
  TIMEOUT An established session can refresh a cookie - Test timed out
  TIMEOUT /device-bound-session-credentials/create-session.https.html
/device-bound-session-credentials/credentials-matching.https.html
  TIMEOUT Expires attribute in credentials doesn't affect matching - Test timed out
  NOTRUN Max-Age attribute in credentials doesn't affect matching
  NOTRUN HttpOnly attribute in credentials affects matching
  NOTRUN SameSite attribute in credentials affects matching
  NOTRUN Secure attribute in credentials affects matching
  NOTRUN Path attribute in credentials affects matching
  NOTRUN Partition attribute in credentials affects matching
  TIMEOUT /device-bound-session-credentials/credentials-matching.https.html
/device-bound-session-credentials/debug-header.https.html
  TIMEOUT A session that fails to reach the refresh endpoint sets debug header - Test timed out
  NOTRUN Same-site redirects continue to send debug header
  NOTRUN Cross-site redirects do not send debug header
  NOTRUN Two failing sessions both set debug header
  TIMEOUT /device-bound-session-credentials/debug-header.https.html
/device-bound-session-credentials/empty-response.https.html
  TIMEOUT An empty response fails on registration - Test timed out
  NOTRUN An empty response is allowed on refresh
  TIMEOUT /device-bound-session-credentials/empty-response.https.html
/device-bound-session-credentials/federated-session.https.html
  TIMEOUT Successful federated session registration - Test timed out
  NOTRUN Invalid thumbprint
  NOTRUN Invalid provider session id
  NOTRUN Not authorized by .well-known
  TIMEOUT /device-bound-session-credentials/federated-session.https.html
/device-bound-session-credentials/fetch-no-credentials.https.html
  TIMEOUT A cross-site fetch without credentials should not refresh - Test timed out
  TIMEOUT /device-bound-session-credentials/fetch-no-credentials.https.html
/device-bound-session-credentials/include-site.https.html
  TIMEOUT An established session refreshes across origins if the site is included - Test timed out
  NOTRUN An established session does not refresh across origins if the site is not included
  TIMEOUT /device-bound-session-credentials/include-site.https.html
/device-bound-session-credentials/multiple-credentials.https.html
  TIMEOUT A session can have multiple credentials set - Test timed out
  TIMEOUT /device-bound-session-credentials/multiple-credentials.https.html
/device-bound-session-credentials/multiple-registrations.https.html
  TIMEOUT Multiple registrations can be triggered in one response (single header) - Test timed out
  NOTRUN Multiple registrations can be triggered in one response (multiple headers)
  TIMEOUT /device-bound-session-credentials/multiple-registrations.https.html
/device-bound-session-credentials/refresh-does-not-send-challenge.https.html
  TIMEOUT Refresh does not send back Secure-Session-Challenge - Test timed out
  TIMEOUT /device-bound-session-credentials/refresh-does-not-send-challenge.https.html
/device-bound-session-credentials/refresh-replaces-config.https.html
  TIMEOUT Refresh can replace session config - Test timed out
  NOTRUN Refresh cannot replace session identifier
  TIMEOUT /device-bound-session-credentials/refresh-replaces-config.https.html
/device-bound-session-credentials/refresh-with-continue-false.https.html
  TIMEOUT A session ended with continue:false does not refresh cookies - Test timed out
  TIMEOUT /device-bound-session-credentials/refresh-with-continue-false.https.html
/device-bound-session-credentials/registration-no-challenge.https.html
  TIMEOUT Registration header doesn't need a challenge - Test timed out
  TIMEOUT /device-bound-session-credentials/registration-no-challenge.https.html
/device-bound-session-credentials/registration-sends-challenge.https.html
  TIMEOUT Registration can't send back 403 with challenge - Test timed out
  NOTRUN Registration can send back challenge with session instructions
  TIMEOUT /device-bound-session-credentials/registration-sends-challenge.https.html
/device-bound-session-credentials/requests-have-query-params.https.html
  TIMEOUT Registration and refresh endpoints can contain query params - Test timed out
  TIMEOUT /device-bound-session-credentials/requests-have-query-params.https.html
/device-bound-session-credentials/resolving-urls.https.html
  TIMEOUT The registration and refresh endpoints can be configured as absolute URLs - Test timed out
  NOTRUN The registration and refresh endpoints can be configured as relative URLs with leading slash
  NOTRUN The registration and refresh endpoints can be configured as relative URLs without leading slash
  TIMEOUT /device-bound-session-credentials/resolving-urls.https.html
/device-bound-session-credentials/session-cookie-has-no-attributes.https.html
  TIMEOUT An established session can refresh a cookie that has all default attributes - Test timed out
  TIMEOUT /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
/device-bound-session-credentials/set-authorization.https.html
  TIMEOUT Session registration sends the authorization value - Test timed out
  TIMEOUT /device-bound-session-credentials/set-authorization.https.html
/device-bound-session-credentials/set-early-challenge.https.html
  TIMEOUT A challenge can be set ahead of time - Test timed out
  NOTRUN A challenge can be set for multiple sessions ahead of time (single header)
  NOTRUN A challenge can be set for multiple sessions ahead of time (multiple headers)
  TIMEOUT /device-bound-session-credentials/set-early-challenge.https.html
/device-bound-session-credentials/set-scope-origin.https.html
  TIMEOUT A request within the scope origin refreshes - Test timed out
  NOTRUN A request outside the scope origin does not refresh
  TIMEOUT /device-bound-session-credentials/set-scope-origin.https.html
/device-bound-session-credentials/set-scope-specification.https.html
  TIMEOUT Scope specification configuration is respected - Test timed out
  TIMEOUT /device-bound-session-credentials/set-scope-specification.https.html
/device-bound-session-credentials/subdomain-registration.https.html
  TIMEOUT Registration fails without a .well-known - Test timed out
  NOTRUN Registration succeeds with a .well-known
  TIMEOUT /device-bound-session-credentials/subdomain-registration.https.html
/device-bound-session-credentials/third-party-registration.https.html
  TIMEOUT Registration of first-party session not allowed in third-party context - Test timed out
  NOTRUN Registration of session with third-party cookies allowed in third-party context
  NOTRUN Set challenge of first-party not allowed in third-party context
  NOTRUN Set challenge of session with third-party cookies allowed in third-party context
  TIMEOUT /device-bound-session-credentials/third-party-registration.https.html
/device-bound-session-credentials/websockets.https.html
  TIMEOUT An established session applies to WebSocket handshakes - Test timed out
  TIMEOUT /device-bound-session-credentials/websockets.https.html
 5:37.50 INFO Got 26 unexpected results, with 0 unexpected passes
 5:37.50 wptserve INFO Stopped http server on 127.0.0.1:8000
 5:37.50 wptserve INFO Stopped http server on 127.0.0.1:8001
 5:37.50 wptserve INFO Stopped http server on 127.0.0.1:8002
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:8444
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:8445
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:8443
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:8003
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:8446
 5:37.52 wptserve INFO Stopped http server on 127.0.0.1:9000
 5:37.52 wptserve INFO Stopped WebTransport over HTTP/3 server on 127.0.0.1:11000
 5:37.69 wptserve INFO Close on: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 8889))
 5:37.69 wptserve INFO Close on: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 8888))
 5:37.74 INFO Removed font: Ahem.ttf
 5:37.77 INFO Closing logging queue
 5:37.77 INFO queue closed
 5:37.77 INFO Tolerating 26 unexpected results
[taskcluster 2026-01-06 18:04:41.355Z] === Task Finished ===
[taskcluster 2026-01-06 18:04:42.357Z] Successful task run with exit code: 0 completed in 454.896 seconds
View more details on Community-TC Integration