Skip to content

Add WPT for no challenge in the Secure-Session-Registration header #56947

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chromium-wpt-export-bot merged 1 commit into from
Jan 6, 2026

Add WPT for no challenge in the Secure-Session-Registration header

a35db0f
Select commit
Loading
Failed to load commit list.
Merged

Add WPT for no challenge in the Secure-Session-Registration header #56947

Add WPT for no challenge in the Secure-Session-Registration header
a35db0f
Select commit
Loading
Failed to load commit list.
Community-TC Integration / wpt-firefox-nightly-results-without-changes succeeded Jan 6, 2026 in 13m 18s

Community-TC (pull_request)

Collect results for all tests affected by a pull request in firefox but without the changes in the PR.

Details

View task in Taskcluster | View logs in Taskcluster | View task group in Taskcluster

Task Status

Started: 2026-01-06T17:58:00.612Z
Resolved: 2026-01-06T18:07:36.794Z
Task Execution Time: 9 minutes, 36 seconds, 182 milliseconds
Task Status: completed
Reason Resolved: completed
RunId: 0

Artifacts

- public/logs/live_backing.log
- public/logs/live.log
- public/results/checkrun.md
- public/results/wpt_report.json.gz
- public/results/wpt_screenshot.txt.gz

WPT Command: python3 ./wpt run --channel=nightly --no-fail-on-unexpected --log-wptreport=../artifacts/wpt_report.json --log-wptscreenshot=../artifacts/wpt_screenshot.txt --affected task_head --log-mach-level=info --log-mach=- -y --no-pause --no-restart-on-unexpected --install-fonts --verify-log-full --no-headless --binary=/home/test/build/firefox/firefox firefox

[taskcluster 2026-01-06 17:58:00.686Z] Task ID: MgAmGGeiQTW5Ol_hOaKoOA
[taskcluster 2026-01-06 17:58:00.686Z] Worker ID: 143422941218011065
[taskcluster 2026-01-06 17:58:00.686Z] Worker Group: us-east4-a
[taskcluster 2026-01-06 17:58:00.686Z] Worker Node Type: projects/757942385826/machineTypes/n2-standard-4
[taskcluster 2026-01-06 17:58:00.686Z] Worker Pool: proj-wpt/ci
[taskcluster 2026-01-06 17:58:00.686Z] Worker Version: 46.1.0
[taskcluster 2026-01-06 17:58:00.686Z] Public IP: 34.48.181.142
[taskcluster 2026-01-06 17:58:00.686Z] Hostname: proj-wpt-ci-yb8hqp00skkcfbgnshrf9a

[taskcluster 2026-01-06 17:58:01.587Z] === Task Starting ===
+ '[' '' ']'
+ '[' -d /etc/profile.d ']'
+ for i in /etc/profile.d/*.sh
+ '[' -r /etc/profile.d/01-locale-fix.sh ']'
+ . /etc/profile.d/01-locale-fix.sh
+++ /usr/bin/locale-check C.UTF-8
++ eval
+ for i in /etc/profile.d/*.sh
+ '[' -r /etc/profile.d/apps-bin-path.sh ']'
+ . /etc/profile.d/apps-bin-path.sh

...(488 lines hidden)...

 4:07.79 TEST_START: /device-bound-session-credentials/registration-sends-challenge.https.html
 4:07.79 INFO Closing window 3711f650-9b8a-4fe4-ab93-2b50708df8bd
mem avail: 13929 of 15806 MiB (88.13%), swap free:    0 of    0 MiB ( 0.00%)
 4:17.88 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT Registration can't send back 403 with challenge - Test timed outNOTRUN Registration can send back challenge with session instructionsTIMEOUT /device-bound-session-credentials/registration-sends-challenge.https.html
 4:17.88 TEST_START: /device-bound-session-credentials/requests-have-query-params.https.html
 4:17.88 INFO Closing window 59693765-0605-43d8-8f10-85fa8409f571
 4:27.97 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Registration and refresh endpoints can contain query params - Test timed outTIMEOUT /device-bound-session-credentials/requests-have-query-params.https.html
 4:27.97 TEST_START: /device-bound-session-credentials/resolving-urls.https.html
 4:27.98 INFO Closing window 5a3eafd5-f1cf-41d4-8dc4-860423bd83ff
 4:38.07 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/3. Unexpected 3
TIMEOUT The registration and refresh endpoints can be configured as absolute URLs - Test timed outNOTRUN The registration and refresh endpoints can be configured as relative URLs with leading slashNOTRUN The registration and refresh endpoints can be configured as relative URLs without leading slashTIMEOUT /device-bound-session-credentials/resolving-urls.https.html
 4:38.07 TEST_START: /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
 4:38.08 INFO Closing window d4e01434-bccb-4ba2-bdba-524e809176e8
 4:48.16 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT An established session can refresh a cookie that has all default attributes - Test timed outTIMEOUT /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
 4:48.16 TEST_START: /device-bound-session-credentials/set-authorization.https.html
 4:48.16 INFO Closing window 48bfee68-1b64-4138-9477-729a018581e6
 4:58.25 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Session registration sends the authorization value - Test timed outTIMEOUT /device-bound-session-credentials/set-authorization.https.html
 4:58.25 TEST_START: /device-bound-session-credentials/set-early-challenge.https.html
 4:58.25 INFO Closing window 3f0659e6-4894-46dc-8d25-a6cfb7b69676
 5:08.35 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/3. Unexpected 3
TIMEOUT A challenge can be set ahead of time - Test timed outNOTRUN A challenge can be set for multiple sessions ahead of time (single header)NOTRUN A challenge can be set for multiple sessions ahead of time (multiple headers)TIMEOUT /device-bound-session-credentials/set-early-challenge.https.html
 5:08.35 TEST_START: /device-bound-session-credentials/set-scope-origin.https.html
 5:08.35 INFO Closing window d64914a5-4d5b-44e5-9330-df5bc125e9ea
mem avail: 13927 of 15806 MiB (88.11%), swap free:    0 of    0 MiB ( 0.00%)
 5:18.44 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT A request within the scope origin refreshes - Test timed outNOTRUN A request outside the scope origin does not refreshTIMEOUT /device-bound-session-credentials/set-scope-origin.https.html
 5:18.44 TEST_START: /device-bound-session-credentials/set-scope-specification.https.html
 5:18.44 INFO Closing window b20dbd9e-ea81-40d9-96f2-77fe27052e48
 5:28.53 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT Scope specification configuration is respected - Test timed outTIMEOUT /device-bound-session-credentials/set-scope-specification.https.html
 5:28.53 TEST_START: /device-bound-session-credentials/subdomain-registration.https.html
 5:28.53 INFO Closing window 26bb8d3d-5e83-463a-9979-e9c32ac32a85
 5:38.62 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/2. Unexpected 2
TIMEOUT Registration fails without a .well-known - Test timed outNOTRUN Registration succeeds with a .well-knownTIMEOUT /device-bound-session-credentials/subdomain-registration.https.html
 5:38.62 TEST_START: /device-bound-session-credentials/third-party-registration.https.html
 5:38.63 INFO Closing window fd5abb8f-d9b9-4a90-b6f8-e75fae174e77
 5:38.86 wptserve WARNING Internal server error loading https://web-platform.test:8443/device-bound-session-credentials/login.py:
  Traceback (most recent call last):
    File "/home/test/web-platform-tests/tools/wptserve/wptserve/handlers.py", line 373, in __call__
    rv = self.func(request, response)

    File "/home/test/web-platform-tests/device-bound-session-credentials/login.py", line 22, in main
    test_session_manager = session_manager.find_for_request(request)

    File "/home/test/web-platform-tests/device-bound-session-credentials/session_manager.py", line 11, in find_for_request
    test_id = request.cookies.get(b'test_id').value.decode('utf-8')
  AttributeError: 'NoneType' object has no attribute 'value'

 5:38.90 pid:1425 JavaScript error: , line 0: TypeError: NetworkError when attempting to fetch resource.
 5:48.80 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/4. Unexpected 4
TIMEOUT Registration of first-party session not allowed in third-party context - Test timed outNOTRUN Registration of session with third-party cookies allowed in third-party contextNOTRUN Set challenge of first-party not allowed in third-party contextNOTRUN Set challenge of session with third-party cookies allowed in third-party contextTIMEOUT /device-bound-session-credentials/third-party-registration.https.html
 5:48.80 TEST_START: /device-bound-session-credentials/websockets.https.html
 5:48.81 INFO Closing window a9bc7e14-8f8b-4bac-a5a0-ba349e8bf12c
 5:58.91 TEST_END: Test TIMEOUT, expected OK. Subtests passed 0/1. Unexpected 1
TIMEOUT An established session applies to WebSocket handshakes - Test timed outTIMEOUT /device-bound-session-credentials/websockets.https.html
 5:58.91 INFO No more tests
 5:58.91 pid:1425 1767722852099	Marionette	INFO	Stopped listening on port 49827
 5:59.08 INFO Browser exited with return code -15
 5:58.95 INFO Closing logging queue
 5:58.95 INFO queue closed
 5:59.09 SUITE_END

web-platform-test
~~~~~~~~~~~~~~~~~
Ran 81 checks (55 subtests, 26 tests)
Expected results: 2
Unexpected results: 79
  test: 25 (25 timeout)
  subtest: 54 (29 notrun, 25 timeout)

Unexpected Results
------------------
/device-bound-session-credentials/allowed-refresh-initiators.https.html
  TIMEOUT An established session refreshes when initated by the owning site - Test timed out
  NOTRUN An established session refreshes when initated by a host in allowed_refresh_initiators
  NOTRUN An established session does not refresh when initated by a host not in allowed_refresh_initiators
  TIMEOUT /device-bound-session-credentials/allowed-refresh-initiators.https.html
/device-bound-session-credentials/clear-site-data.https.html
  TIMEOUT A session ended with Clear-Site-Data: 'cookies' does not refresh cookies - Test timed out
  NOTRUN A session ended with Clear-Site-Data: 'storage' does not refresh cookies
  TIMEOUT /device-bound-session-credentials/clear-site-data.https.html
/device-bound-session-credentials/create-session.https.html
  TIMEOUT An established session can refresh a cookie - Test timed out
  TIMEOUT /device-bound-session-credentials/create-session.https.html
/device-bound-session-credentials/credentials-matching.https.html
  TIMEOUT Expires attribute in credentials doesn't affect matching - Test timed out
  NOTRUN Max-Age attribute in credentials doesn't affect matching
  NOTRUN HttpOnly attribute in credentials affects matching
  NOTRUN SameSite attribute in credentials affects matching
  NOTRUN Secure attribute in credentials affects matching
  NOTRUN Path attribute in credentials affects matching
  NOTRUN Partition attribute in credentials affects matching
  TIMEOUT /device-bound-session-credentials/credentials-matching.https.html
/device-bound-session-credentials/debug-header.https.html
  TIMEOUT A session that fails to reach the refresh endpoint sets debug header - Test timed out
  NOTRUN Same-site redirects continue to send debug header
  NOTRUN Cross-site redirects do not send debug header
  NOTRUN Two failing sessions both set debug header
  TIMEOUT /device-bound-session-credentials/debug-header.https.html
/device-bound-session-credentials/empty-response.https.html
  TIMEOUT An empty response fails on registration - Test timed out
  NOTRUN An empty response is allowed on refresh
  TIMEOUT /device-bound-session-credentials/empty-response.https.html
/device-bound-session-credentials/federated-session.https.html
  TIMEOUT Successful federated session registration - Test timed out
  NOTRUN Invalid thumbprint
  NOTRUN Invalid provider session id
  NOTRUN Not authorized by .well-known
  TIMEOUT /device-bound-session-credentials/federated-session.https.html
/device-bound-session-credentials/fetch-no-credentials.https.html
  TIMEOUT A cross-site fetch without credentials should not refresh - Test timed out
  TIMEOUT /device-bound-session-credentials/fetch-no-credentials.https.html
/device-bound-session-credentials/include-site.https.html
  TIMEOUT An established session refreshes across origins if the site is included - Test timed out
  NOTRUN An established session does not refresh across origins if the site is not included
  TIMEOUT /device-bound-session-credentials/include-site.https.html
/device-bound-session-credentials/multiple-credentials.https.html
  TIMEOUT A session can have multiple credentials set - Test timed out
  TIMEOUT /device-bound-session-credentials/multiple-credentials.https.html
/device-bound-session-credentials/multiple-registrations.https.html
  TIMEOUT Multiple registrations can be triggered in one response (single header) - Test timed out
  NOTRUN Multiple registrations can be triggered in one response (multiple headers)
  TIMEOUT /device-bound-session-credentials/multiple-registrations.https.html
/device-bound-session-credentials/refresh-does-not-send-challenge.https.html
  TIMEOUT Refresh does not send back Secure-Session-Challenge - Test timed out
  TIMEOUT /device-bound-session-credentials/refresh-does-not-send-challenge.https.html
/device-bound-session-credentials/refresh-replaces-config.https.html
  TIMEOUT Refresh can replace session config - Test timed out
  NOTRUN Refresh cannot replace session identifier
  TIMEOUT /device-bound-session-credentials/refresh-replaces-config.https.html
/device-bound-session-credentials/refresh-with-continue-false.https.html
  TIMEOUT A session ended with continue:false does not refresh cookies - Test timed out
  TIMEOUT /device-bound-session-credentials/refresh-with-continue-false.https.html
/device-bound-session-credentials/registration-sends-challenge.https.html
  TIMEOUT Registration can't send back 403 with challenge - Test timed out
  NOTRUN Registration can send back challenge with session instructions
  TIMEOUT /device-bound-session-credentials/registration-sends-challenge.https.html
/device-bound-session-credentials/requests-have-query-params.https.html
  TIMEOUT Registration and refresh endpoints can contain query params - Test timed out
  TIMEOUT /device-bound-session-credentials/requests-have-query-params.https.html
/device-bound-session-credentials/resolving-urls.https.html
  TIMEOUT The registration and refresh endpoints can be configured as absolute URLs - Test timed out
  NOTRUN The registration and refresh endpoints can be configured as relative URLs with leading slash
  NOTRUN The registration and refresh endpoints can be configured as relative URLs without leading slash
  TIMEOUT /device-bound-session-credentials/resolving-urls.https.html
/device-bound-session-credentials/session-cookie-has-no-attributes.https.html
  TIMEOUT An established session can refresh a cookie that has all default attributes - Test timed out
  TIMEOUT /device-bound-session-credentials/session-cookie-has-no-attributes.https.html
/device-bound-session-credentials/set-authorization.https.html
  TIMEOUT Session registration sends the authorization value - Test timed out
  TIMEOUT /device-bound-session-credentials/set-authorization.https.html
/device-bound-session-credentials/set-early-challenge.https.html
  TIMEOUT A challenge can be set ahead of time - Test timed out
  NOTRUN A challenge can be set for multiple sessions ahead of time (single header)
  NOTRUN A challenge can be set for multiple sessions ahead of time (multiple headers)
  TIMEOUT /device-bound-session-credentials/set-early-challenge.https.html
/device-bound-session-credentials/set-scope-origin.https.html
  TIMEOUT A request within the scope origin refreshes - Test timed out
  NOTRUN A request outside the scope origin does not refresh
  TIMEOUT /device-bound-session-credentials/set-scope-origin.https.html
/device-bound-session-credentials/set-scope-specification.https.html
  TIMEOUT Scope specification configuration is respected - Test timed out
  TIMEOUT /device-bound-session-credentials/set-scope-specification.https.html
/device-bound-session-credentials/subdomain-registration.https.html
  TIMEOUT Registration fails without a .well-known - Test timed out
  NOTRUN Registration succeeds with a .well-known
  TIMEOUT /device-bound-session-credentials/subdomain-registration.https.html
/device-bound-session-credentials/third-party-registration.https.html
  TIMEOUT Registration of first-party session not allowed in third-party context - Test timed out
  NOTRUN Registration of session with third-party cookies allowed in third-party context
  NOTRUN Set challenge of first-party not allowed in third-party context
  NOTRUN Set challenge of session with third-party cookies allowed in third-party context
  TIMEOUT /device-bound-session-credentials/third-party-registration.https.html
/device-bound-session-credentials/websockets.https.html
  TIMEOUT An established session applies to WebSocket handshakes - Test timed out
  TIMEOUT /device-bound-session-credentials/websockets.https.html
 5:59.09 INFO Got 25 unexpected results, with 0 unexpected passes
 5:59.09 wptserve INFO Stopped http server on 127.0.0.1:8000
 5:59.09 wptserve INFO Stopped http server on 127.0.0.1:8002
 5:59.09 wptserve INFO Stopped http server on 127.0.0.1:8003
 5:59.09 wptserve INFO Stopped http server on 127.0.0.1:8443
 5:59.09 wptserve INFO Stopped http server on 127.0.0.1:8001
 5:59.10 wptserve INFO Stopped http server on 127.0.0.1:8445
 5:59.10 wptserve INFO Stopped http server on 127.0.0.1:8444
 5:59.10 wptserve INFO Stopped http server on 127.0.0.1:8446
 5:59.11 wptserve INFO Close on: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 8889))
 5:59.12 wptserve INFO Stopped http server on 127.0.0.1:9000
 5:59.12 wptserve INFO Stopped WebTransport over HTTP/3 server on 127.0.0.1:11000
 5:59.60 wptserve INFO Close on: (<AddressFamily.AF_INET: 2>, <SocketKind.SOCK_STREAM: 1>, 6, '', ('127.0.0.1', 8888))
 5:59.63 INFO Removed font: Ahem.ttf
 5:59.66 INFO Closing logging queue
 5:59.66 INFO queue closed
 5:59.66 INFO Tolerating 25 unexpected results
[taskcluster 2026-01-06 18:07:34.543Z] === Task Finished ===
[taskcluster 2026-01-06 18:07:35.483Z] Successful task run with exit code: 0 completed in 574.798 seconds
View more details on Community-TC Integration