Skip to content

Restore --unsafely-treat-insecure-origin-as-secure flag for Blazor WASM Lighthouse scenario#2157

Merged
sebastienros merged 2 commits intoaspnet:mainfrom
ilonatommy:blazor-restore-insecure-origin-flag
Mar 4, 2026
Merged

Restore --unsafely-treat-insecure-origin-as-secure flag for Blazor WASM Lighthouse scenario#2157
sebastienros merged 2 commits intoaspnet:mainfrom
ilonatommy:blazor-restore-insecure-origin-flag

Conversation

@ilonatommy
Copy link
Contributor

@ilonatommy ilonatommy commented Mar 3, 2026
edited
Loading

Blazor WASM requires crypto.subtle, which is only available in secure contexts (HTTPS or localhost). This restores the --unsafely-treat-insecure-origin-as-secure Chromium flag so the Lighthouse benchmark can run against non-HTTPS targets.

Original error:

[Browser]: MONO_WASM: Assert failed: This engine doesn't support crypto.subtle. Please use a modern version. Error: Assert failed: This engine doesn't support crypto.subtle. Please use a modern version.

See: https://dev.azure.com/dnceng/internal/_build/results?buildId=2916489&view=logs&j=11a54114-a913-5aee-3e37-a7e79dd06658&t=dce0fd39-734b-57d9-3c15-08dd4b8e31d5, "Blazor Web (WebAssembly)" or "Blazor Web (Auto)"

Further errors discovered when fixing the initial one:

[STDERR] file:///src/src/blazor-scenario.js:136
[STDERR]       throw new Error(`Unexpected uncached wasm resource '${url}'`);
[STDERR]             ^
[STDERR] 
[STDERR] Error: Unexpected uncached wasm resource 'http://10.0.0.102:5000/_framework/System.Runtime.InteropServices.JavaScript.xzugz00is9.wasm'
[STDERR]     at file:///src/src/blazor-scenario.js:136:13
[STDERR]     at file:///src/node_modules/puppeteer-core/lib/esm/third_party/mitt/mitt.js:36:7
[STDERR]     at Array.map (<anonymous>)
[STDERR]     at Object.emit (file:///src/node_modules/puppeteer-core/lib/esm/third_party/mitt/mitt.js:35:20)
[STDERR]     at CdpPage.emit (file:///src/node_modules/puppeteer-core/lib/esm/puppeteer/common/EventEmitter.js:77:23)
[STDERR]     at file:///src/node_modules/puppeteer-core/lib/esm/puppeteer/cdp/Page.js:177:18
[STDERR]     at file:///src/node_modules/puppeteer-core/lib/esm/third_party/mitt/mitt.js:36:7
[STDERR]     at Array.map (<anonymous>)
[STDERR]     at Object.emit (file:///src/node_modules/puppeteer-core/lib/esm/third_party/mitt/mitt.js:35:20)
[STDERR]     at NetworkManager.emit (file:///src/node_modules/puppeteer-core/lib/esm/puppeteer/common/EventEmitter.js:77:23)

build

At the time of adding the check for response.status .wasm resources were not fingerprinted (#1944). They used stable filenames with ETag/Last-Modified caching, where the browser would always make a conditional request and get a 304. Since then, Blazor switched to fingerprinted filenames (e.g., *.xzugz00is9.wasm), which triggers Cache-Control: immutable — meaning the browser serves from cache directly (200 from cache) with no server round-trip, so 304 never occurs.

Verification

AzDo build, job WebAssembly and Auto: build

@ilonatommy ilonatommy marked this pull request as draft March 3, 2026 16:03
sebastienros
sebastienros reviewed Mar 3, 2026
View reviewed changes
@ilonatommy ilonatommy force-pushed the blazor-restore-insecure-origin-flag branch 2 times, most recently from f8e913e to 9e09711 Compare March 3, 2026 17:23
ilonatommy and others added 2 commits March 3, 2026 18:31
@ilonatommy
Restore --unsafely-treat-insecure-origin-as-secure flag for Blazor WA…
576b51c 
…SM Lighthouse scenario

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@ilonatommy
Also accept cached (fromCache) responses in WASM caching check
aae2433 
The WASM caching enforcement check previously only accepted HTTP 304
(Not Modified) as proof that a .wasm resource was cached. However,
browsers may serve cached resources with HTTP 200 from disk/memory
cache without making a network round-trip at all. Puppeteer exposes
this via response.fromCache(). Both cases indicate the resource was
properly cached after the first page load, so both should be accepted.

Without this fix, the 'Second page load' step fails with:
  Unexpected uncached wasm resource '...System.Runtime.InteropServices.JavaScript.*.wasm'
even though the resource is served from the browser cache.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@ilonatommy ilonatommy force-pushed the blazor-restore-insecure-origin-flag branch from 9e09711 to aae2433 Compare March 3, 2026 17:32
@ilonatommy ilonatommy marked this pull request as ready for review March 3, 2026 17:33
@ilonatommy ilonatommy requested a review from sebastienros March 3, 2026 17:33
@sebastienros sebastienros merged commit b6d9c75 into aspnet:main Mar 4, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sebastienros sebastienros sebastienros approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ilonatommy @sebastienros