From e811dabb6ced6f7c40778e0c35ec3105c62ac98b Mon Sep 17 00:00:00 2001 From: Pete Bacon Darwin Date: Tue, 19 May 2026 16:31:32 +0100 Subject: [PATCH 1/2] [miniflare] Point HTTPS-CA test at a stable URL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `packages/miniflare/test/index.spec.ts` had a test that fetched `https://workers.cloudflare.com/cf.json` from inside a worker and asserted `res.ok === true` to verify that workerd trusts public CAs. That URL now permanently 301s to `https://www.cloudflare.com/cf.json` which returns 404 `not found :(`. Following the redirect produces a non-OK response and the test fails on every CI run regardless of the change under test, blocking all PRs touching anything in the packages-and-tools matrix. Switch the test to `https://example.com/` — the IANA-maintained stable test endpoint — which serves a 200 over HTTPS with a public CA chain and so still exercises the original behaviour the test was written to verify. --- .changeset/fix-miniflare-https-test-broken-url.md | 11 +++++++++++ packages/miniflare/test/index.spec.ts | 7 ++++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 .changeset/fix-miniflare-https-test-broken-url.md diff --git a/.changeset/fix-miniflare-https-test-broken-url.md b/.changeset/fix-miniflare-https-test-broken-url.md new file mode 100644 index 0000000000..5cf2c88dd2 --- /dev/null +++ b/.changeset/fix-miniflare-https-test-broken-url.md @@ -0,0 +1,11 @@ +--- +"miniflare": patch +--- + +Fix `Miniflare: HTTPS fetches using browser CA certificates` test to use a stable URL + +The test fetched `https://workers.cloudflare.com/cf.json` from inside a worker and asserted the response was OK. That URL now permanently 301s to `https://www.cloudflare.com/cf.json` which returns a 404, so the test failed on every CI run regardless of the change under test. + +Switch the test to `https://example.com/`, the IANA-maintained stable test endpoint, which is more appropriate for verifying that workerd trusts a public CA chain. + +This is a test-only change; no Miniflare runtime behaviour changes. diff --git a/packages/miniflare/test/index.spec.ts b/packages/miniflare/test/index.spec.ts index 13578f4d7b..197dff0777 100644 --- a/packages/miniflare/test/index.spec.ts +++ b/packages/miniflare/test/index.spec.ts @@ -1566,11 +1566,16 @@ test("Miniflare: python modules", async ({ expect }) => { test("Miniflare: HTTPS fetches using browser CA certificates", async ({ expect, }) => { + // example.com is intentionally maintained as a stable test endpoint by IANA. + // We previously fetched https://workers.cloudflare.com/cf.json but that URL + // now 301s to https://www.cloudflare.com/cf.json which 404s, so the test + // was effectively asserting on an unintended 404 path rather than HTTPS CA + // trust. const mf = new Miniflare({ modules: true, script: `export default { fetch() { - return fetch("https://workers.cloudflare.com/cf.json"); + return fetch("https://example.com/"); } }`, }); From 2326536a415c9ceac6ea52490cb7a9faf1f15e52 Mon Sep 17 00:00:00 2001 From: Pete Bacon Darwin Date: Tue, 19 May 2026 16:40:20 +0100 Subject: [PATCH 2/2] Delete .changeset/fix-miniflare-https-test-broken-url.md --- .changeset/fix-miniflare-https-test-broken-url.md | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 .changeset/fix-miniflare-https-test-broken-url.md diff --git a/.changeset/fix-miniflare-https-test-broken-url.md b/.changeset/fix-miniflare-https-test-broken-url.md deleted file mode 100644 index 5cf2c88dd2..0000000000 --- a/.changeset/fix-miniflare-https-test-broken-url.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -"miniflare": patch ---- - -Fix `Miniflare: HTTPS fetches using browser CA certificates` test to use a stable URL - -The test fetched `https://workers.cloudflare.com/cf.json` from inside a worker and asserted the response was OK. That URL now permanently 301s to `https://www.cloudflare.com/cf.json` which returns a 404, so the test failed on every CI run regardless of the change under test. - -Switch the test to `https://example.com/`, the IANA-maintained stable test endpoint, which is more appropriate for verifying that workerd trusts a public CA chain. - -This is a test-only change; no Miniflare runtime behaviour changes.