firefox/dom/security/test/sec-fetch/test_trustworthy_loopback.html

<!DOCTYPE HTML>
<html>
<head>
  <title>Bug 1732069: Sec-Fetch-Site inconsistent on localhost/IPs</title>
  <script src="/tests/SimpleTest/SimpleTest.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<script type="application/javascript">

SimpleTest.waitForExplicitFinish();

let testsSucceeded = 0;

let win;
function checkTestsDone() {
  testsSucceeded++;
  if (testsSucceeded == 3) {
    win.close();
    SimpleTest.finish();
  }
}

var script = SpecialPowers.loadChromeScript(() => {
  /* eslint-env mozilla/chrome-script */
  Services.obs.addObserver(function onExamResp(subject) {
    let channel = subject.QueryInterface(Ci.nsIHttpChannel);
    if (!channel.URI.spec.includes("localhost") ||
        channel.URI.spec.startsWith("http://localhost:9898/tests/dom/security/test/sec-fetch/file_trustworthy_loopback.html")) {
      return;
    }

    const expectedHeaders = {
      "localhost:9898": {
        "sec-fetch-site": "same-origin",
        "sec-fetch-mode": "navigate",
        "sec-fetch-dest": "iframe",
      },
      "sub.localhost:-1": {
        "sec-fetch-site": "cross-site",
        "sec-fetch-mode": "navigate",
        "sec-fetch-dest": "iframe",
      },
      "localhost:9899": {
        "sec-fetch-site": "same-site",
        "sec-fetch-mode": "navigate",
        "sec-fetch-dest": "iframe",
      },
    };

    info(`checking headers for request to ${channel.URI.spec}`);
    const expected = expectedHeaders[channel.URI.host + ":" + channel.URI.port];
    for (let key in expected) {
      try {
        is(channel.getRequestHeader(key), expected[key], `${key} header matches`);
      } catch (e) {
        ok(false, "failed to check headers");
      }
    }
    sendAsyncMessage("test-end");
  }, "http-on-stop-request");
});

script.addMessageListener("test-end", () => {
  checkTestsDone();
});

SpecialPowers.pushPrefEnv({set: [
  ["network.proxy.allow_hijacking_localhost", true],
  ["network.proxy.testing_localhost_is_secure_when_hijacked", true],
]}).then(function() {
  win = window.open("http://localhost:9898/tests/dom/security/test/sec-fetch/file_trustworthy_loopback.html");
});

</script>
</body>
</html>