10 files changed, 102 insertions, 5 deletions

diff --git a/dom/security/test/https-first/browser.toml b/dom/security/test/https-first/browser.toml
index 0c63b8317d..49e2d522f4 100644
--- a/dom/security/test/https-first/browser.toml
+++ b/dom/security/test/https-first/browser.toml
@@ -7,7 +7,7 @@ support-files = ["file_beforeunload_permit_http.html"]
 support-files = [
   "file_mixed_content_auto_upgrade.html",
   "pass.png",
-  "test.ogv",
+  "test.webm",
   "test.wav",
 ]
 
@@ -40,6 +40,12 @@ support-files = [
 ["browser_navigation.js"]
 support-files = ["file_navigation.html"]
 
+["browser_subdocument_downgrade.js"]
+support-files = [
+  "file_empty.html",
+  "file_subdocument_downgrade.sjs",
+]
+
 ["browser_schemeless.js"]
 
 ["browser_slow_download.js"]
diff --git a/dom/security/test/https-first/browser_beforeunload_permit_http.js b/dom/security/test/https-first/browser_beforeunload_permit_http.js
index 660c1a352d..281def37e9 100644
--- a/dom/security/test/https-first/browser_beforeunload_permit_http.js
+++ b/dom/security/test/https-first/browser_beforeunload_permit_http.js
@@ -162,7 +162,7 @@ async function loadPageAndReload(testCase) {
         }
       );
       is(true, hasInteractedWith, "Simulated successfully user interaction");
-      BrowserReloadWithFlags(testCase.reloadFlag);
+      BrowserCommands.reloadWithFlags(testCase.reloadFlag);
       await BrowserTestUtils.browserLoaded(browser);
       is(true, true, `reload with flag ${testCase.name} was successful`);
     }
diff --git a/dom/security/test/https-first/browser_subdocument_downgrade.js b/dom/security/test/https-first/browser_subdocument_downgrade.js
new file mode 100644
index 0000000000..4cb5b4ed2e
--- /dev/null
+++ b/dom/security/test/https-first/browser_subdocument_downgrade.js
@@ -0,0 +1,60 @@
+/* Any copyright is dedicated to the Public Domain.
+   https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const EMPTY_URL =
+  "http://example.com/browser/dom/security/test/https-first/file_empty.html";
+const SUBDOCUMENT_URL =
+  "https://example.com/browser/dom/security/test/https-first/file_subdocument_downgrade.sjs";
+
+add_task(async function test_subdocument_downgrade() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      // We want to test HTTPS-First
+      ["dom.security.https_first", true],
+      // Makes it easier to detect the error
+      ["security.mixed_content.block_active_content", false],
+    ],
+  });
+
+  // Open a empty document with origin http://example.com, which gets upgraded
+  // to https://example.com by HTTPS-First and thus is marked as
+  // HTTPS_ONLY_UPGRADED_HTTPS_FIRST.
+  await BrowserTestUtils.withNewTab(EMPTY_URL, async browser => {
+    await SpecialPowers.spawn(
+      browser,
+      [SUBDOCUMENT_URL],
+      async SUBDOCUMENT_URL => {
+        function isCrossOriginIframe(iframe) {
+          try {
+            return !iframe.contentDocument;
+          } catch (e) {
+            return true;
+          }
+        }
+        const subdocument = content.document.createElement("iframe");
+        // We open https://example.com/.../file_subdocument_downgrade.sjs in a
+        // iframe, which sends a invalid response if the scheme is https. Thus
+        // we should get an error. But if we accidentally copy the
+        // HTTPS_ONLY_UPGRADED_HTTPS_FIRST flag from the parent into the iframe
+        // loadinfo, HTTPS-First will try to downgrade the iframe. We test that
+        // this doesn't happen.
+        subdocument.src = SUBDOCUMENT_URL;
+        const loadPromise = new Promise(resolve => {
+          subdocument.addEventListener("load", () => {
+            ok(
+              // If the iframe got downgraded, it should now have the origin
+              // http://example.com, which we can detect as being cross-origin.
+              !isCrossOriginIframe(subdocument),
+              "Subdocument should not be downgraded"
+            );
+            resolve();
+          });
+        });
+        content.document.body.appendChild(subdocument);
+        await loadPromise;
+      }
+    );
+  });
+});
diff --git a/dom/security/test/https-first/file_empty.html b/dom/security/test/https-first/file_empty.html
new file mode 100644
index 0000000000..39d495653e
--- /dev/null
+++ b/dom/security/test/https-first/file_empty.html
@@ -0,0 +1 @@
+<!doctype html><html><body></body></html>
diff --git a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
index 7dda8909a5..5a8bef6bb0 100644
--- a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
+++ b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
@@ -6,7 +6,7 @@
 <body>
    <!--upgradeable resources--->
   <img src="http://example.com/browser/dom/security/test/https-first/pass.png">
-  <video src="http://example.com/browser/dom/security/test/https-first/test.ogv">
+  <video src="http://example.com/browser/dom/security/test/https-first/test.webm">
   <audio src="http://example.com/browser/dom/security/test/https-first/test.wav">
 </body>
 </html>
diff --git a/dom/security/test/https-first/file_multiple_redirection.sjs b/dom/security/test/https-first/file_multiple_redirection.sjs
index 49098ccdb7..e34a360fa6 100644
--- a/dom/security/test/https-first/file_multiple_redirection.sjs
+++ b/dom/security/test/https-first/file_multiple_redirection.sjs
@@ -5,6 +5,8 @@ const REDIRECT_URI =
   "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?redirect";
 const REDIRECT_URI_HTTP =
   "http://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
+const OTHERHOST_REDIRECT_URI_HTTP =
+  "http://example.org/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
 const REDIRECT_URI_HTTPS =
   "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
 
@@ -44,6 +46,11 @@ function sendRedirection(query, response) {
   if (query.includes("test3")) {
     response.setHeader("Strict-Transport-Security", "max-age=60");
     response.setHeader("Location", REDIRECT_URI_HTTP, false);
+    return;
+  }
+  // send a redirection to a different http uri
+  if (query.includes("test4")) {
+    response.setHeader("Location", OTHERHOST_REDIRECT_URI_HTTP, false);
   }
 }
 
@@ -53,6 +60,11 @@ function handleRequest(request, response) {
 
   // if the query contains a test query start first test
   if (query.startsWith("test")) {
+    // all of these should be upgraded
+    if (request.scheme !== "https") {
+      response.setStatusLine(request.httpVersion, 500, "OK");
+      response.write("Request should have been HTTPS.");
+    }
     // send a 302 redirection
     response.setStatusLine(request.httpVersion, 302, "Found");
     response.setHeader("Location", REDIRECT_URI + query, false);
@@ -60,6 +72,10 @@ function handleRequest(request, response) {
   }
   // Send a redirection
   if (query.includes("redirect")) {
+    if (request.scheme !== "https") {
+      response.setStatusLine(request.httpVersion, 500, "OK");
+      response.write("Request should have been HTTPS.");
+    }
     response.setStatusLine(request.httpVersion, 302, "Found");
     sendRedirection(query, response);
     return;
@@ -83,5 +99,5 @@ function handleRequest(request, response) {
 
   // We should never get here, but just in case ...
   response.setStatusLine(request.httpVersion, 500, "OK");
-  response.write("unexepcted query");
+  response.write("unexpected query");
 }
diff --git a/dom/security/test/https-first/file_subdocument_downgrade.sjs b/dom/security/test/https-first/file_subdocument_downgrade.sjs
new file mode 100644
index 0000000000..53ced94ba8
--- /dev/null
+++ b/dom/security/test/https-first/file_subdocument_downgrade.sjs
@@ -0,0 +1,8 @@
+function handleRequest(request, response) {
+  if (request.scheme === "https") {
+    response.setStatusLine("1.1", 429, "Too Many Requests");
+  } else {
+    response.setHeader("Content-Type", "text/html", false);
+    response.write("<!doctype html><html><body></body></html>");
+  }
+}
diff --git a/dom/security/test/https-first/test.ogv b/dom/security/test/https-first/test.ogv
deleted file mode 100644
index 0f83996e5d..0000000000
--- a/dom/security/test/https-first/test.ogv
+++ /dev/null
diff --git a/dom/security/test/https-first/test.webm b/dom/security/test/https-first/test.webm
new file mode 100644
index 0000000000..221877e303
--- /dev/null
+++ b/dom/security/test/https-first/test.webm
diff --git a/dom/security/test/https-first/test_multiple_redirection.html b/dom/security/test/https-first/test_multiple_redirection.html
index d631f140e6..678a8133a8 100644
--- a/dom/security/test/https-first/test_multiple_redirection.html
+++ b/dom/security/test/https-first/test_multiple_redirection.html
@@ -37,6 +37,12 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
     {name: "test last redirect HSTS", result: "scheme-https", query: "test3"},
     // reset: reset hsts header for example.com
     {name: "reset HSTS header", result: "scheme-https", query: "reset"},
+    // test 4: http://example.com/...test4 -upgrade-> httpS://example.com/...test4
+    //         https://example.com/...test4 -redir-> https://example.com/.../REDIRECT
+    //         https://example.com/.../redirect -redir-> http://example.ORG/.../verify
+    //         http://example.org/.../verify -upgrade-> httpS://example.ORG/.../verify
+    //         Everything should be upgraded and accessed only via HTTPS!
+    {name: "test last redirect other HTTP origin gets upgraded", result: "scheme-https", query: "test4" },
   ]
   let currentTest = 0;
   let testWin;
@@ -48,7 +54,7 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
     let test = testCase[currentTest];
       is(event.data.result,
        test.result,
-       "same-origin redirect results in " + test.name
+       "redirect results in " + test.name
     );
     testWin.close();
     if (++currentTest < testCase.length) {