Wouldn't

be the simpler change (found in @jtnord's Jira comment)?

I see documentation on MDN for the global isSecureContext. In the MDN documentation for window, the window.isSecureContext heading links to the documentation of the global property. I assumed that means the MDN recommends use of the global rather than using window.isSecureContext.

There is not a window.isSecureContext page on MDN (404 from https://developer.mozilla.org/en-US/docs/Web/API/Window/isSecureContext ), though there was at one point as indicated by a link from a stackoverflow article.

I also believe that I read a recommendation on some location that the global isSecureContext was preferred. However, I can't find that reference now.

I also prefer the added check of window.isRunAsTest because it makes it clear that this workaround can be removed when we update to an HTMLUnit version that recognizes the global isSecureContext. See the response from the maintainer of HTMLUnit in:

• isSecureContext not recognized in JavaScript HtmlUnit/htmlunit#573

If changing the implementation to the window.secureContext instead of !window.isRunAsTest && isSecureConext will allow this to be merged, then I am happy to change it to that form.

The W3C Candidate Recommendation Draft, 18 September 2021 spec for secure context says in section 2.2.2:

An application can determine whether it’s executing in a secure context by checking the isSecureContext boolean defined on WindowOrWorkerGlobalScope.

Since the spec says that the boolean is defined on window or worker global scope, I believe we can use either of them.

Fine for me either way, just seemed simpler.