summaryrefslogtreecommitdiffstats
path: root/dom/security/test
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test')
-rw-r--r--dom/security/test/general/file_block_script_wrong_mime_sw.js51
-rw-r--r--dom/security/test/general/mochitest.toml1
-rw-r--r--dom/security/test/general/test_block_script_wrong_mime.html105
-rw-r--r--dom/security/test/gtest/TestCSPParser.cpp3
-rw-r--r--dom/security/test/https-first/browser.toml8
-rw-r--r--dom/security/test/https-first/browser_beforeunload_permit_http.js2
-rw-r--r--dom/security/test/https-first/browser_subdocument_downgrade.js60
-rw-r--r--dom/security/test/https-first/file_empty.html1
-rw-r--r--dom/security/test/https-first/file_mixed_content_auto_upgrade.html2
-rw-r--r--dom/security/test/https-first/file_multiple_redirection.sjs18
-rw-r--r--dom/security/test/https-first/file_subdocument_downgrade.sjs8
-rw-r--r--dom/security/test/https-first/test.ogvbin2344665 -> 0 bytes
-rw-r--r--dom/security/test/https-first/test.webmbin0 -> 97465 bytes
-rw-r--r--dom/security/test/https-first/test_multiple_redirection.html8
-rw-r--r--dom/security/test/mixedcontentblocker/browser.toml2
-rw-r--r--dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js6
-rw-r--r--dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html2
-rw-r--r--dom/security/test/mixedcontentblocker/file_server.sjs4
-rw-r--r--dom/security/test/mixedcontentblocker/mochitest.toml4
-rw-r--r--dom/security/test/mixedcontentblocker/test.ogvbin2344665 -> 0 bytes
-rw-r--r--dom/security/test/mixedcontentblocker/test.webmbin0 -> 97465 bytes
-rw-r--r--dom/security/test/referrer-policy/browser.toml7
-rw-r--r--dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js2
23 files changed, 263 insertions, 31 deletions
diff --git a/dom/security/test/general/file_block_script_wrong_mime_sw.js b/dom/security/test/general/file_block_script_wrong_mime_sw.js
new file mode 100644
index 0000000000..4d8d667af4
--- /dev/null
+++ b/dom/security/test/general/file_block_script_wrong_mime_sw.js
@@ -0,0 +1,51 @@
+/**
+ * Service Worker that runs in 2 modes: 1) direct pass-through via
+ * fetch(event.request) and 2) indirect pass-through via
+ * fetch(event.request.url).
+ *
+ * Because this is updating a pre-existing mochitest that didn't use a SW and
+ * used a single test document, we use a SW idiom where the SW claims the
+ * existing window client. And because we operate in two modes and we
+ * parameterize via URL, we also ensure that we skipWaiting.
+ **/
+
+/* eslint-env serviceworker */
+
+// We are parameterized by "mode".
+const params = new URLSearchParams(location.search);
+const fetchMode = params.get("fetchMode");
+
+// When activating on initial install, claim the existing window client.
+// For synchronziation, also message the controlled document to report our mode.
+self.addEventListener("activate", event => {
+ event.waitUntil(
+ (async () => {
+ await clients.claim();
+ const allClients = await clients.matchAll();
+ for (const client of allClients) {
+ client.postMessage({
+ fetchMode,
+ });
+ }
+ })()
+ );
+});
+
+// When updating the SW to change our mode of operation, skipWaiting so we
+// advance directly to activating without waiting for the test window client
+// to stop being controlled by our previous configuration.
+self.addEventListener("install", () => {
+ self.skipWaiting();
+});
+
+self.addEventListener("fetch", event => {
+ switch (fetchMode) {
+ case "direct":
+ event.respondWith(fetch(event.request));
+ break;
+
+ case "indirect":
+ event.respondWith(fetch(event.request.url));
+ break;
+ }
+});
diff --git a/dom/security/test/general/mochitest.toml b/dom/security/test/general/mochitest.toml
index c46b5ecf57..22024fcc67 100644
--- a/dom/security/test/general/mochitest.toml
+++ b/dom/security/test/general/mochitest.toml
@@ -8,6 +8,7 @@ support-files = [
"file_block_toplevel_data_navigation2.html",
"file_block_toplevel_data_navigation3.html",
"file_block_toplevel_data_redirect.sjs",
+ "file_block_script_wrong_mime_sw.js",
"file_block_subresource_redir_to_data.sjs",
"file_same_site_cookies_subrequest.sjs",
"file_same_site_cookies_toplevel_nav.sjs",
diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html
index 7122363dfc..896823a417 100644
--- a/dom/security/test/general/test_block_script_wrong_mime.html
+++ b/dom/security/test/general/test_block_script_wrong_mime.html
@@ -29,7 +29,7 @@ function testScript([mime, shouldLoad]) {
let script = document.createElement("script");
script.onload = () => {
document.body.removeChild(script);
- ok(shouldLoad, `script with mime '${mime}' should load`);
+ ok(shouldLoad, `script with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
resolve();
};
script.onerror = () => {
@@ -47,7 +47,7 @@ function testWorker([mime, shouldLoad]) {
return new Promise((resolve) => {
let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime);
worker.onmessage = (event) => {
- ok(shouldLoad, `worker with mime '${mime}' should load`)
+ ok(shouldLoad, `worker with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
is(event.data, "worker-loaded", "worker should send correct message");
resolve();
};
@@ -65,7 +65,7 @@ function testWorkerImportScripts([mime, shouldLoad]) {
return new Promise((resolve) => {
let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime);
worker.onmessage = (event) => {
- ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`)
+ ok(shouldLoad, `worker/importScripts with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
is(event.data, "worker-loaded", "worker should send correct message");
resolve();
};
@@ -73,20 +73,103 @@ function testWorkerImportScripts([mime, shouldLoad]) {
ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`);
error.preventDefault();
resolve();
+ // The worker doesn't self-terminate via close, so let's do it.
+ worker.terminate();
}
worker.postMessage("dummy");
});
}
-SimpleTest.waitForExplicitFinish();
-Promise.all(MIMETypes.map(testScript)).then(() => {
- return Promise.all(MIMETypes.map(testWorker));
-}).then(() => {
- return Promise.all(MIMETypes.map(testWorkerImportScripts));
-}).then(() => {
- return SpecialPowers.popPrefEnv();
-}).then(SimpleTest.finish);
+async function runMimeTypePermutations() {
+ info("### Running document script MIME checks.");
+ for (const mimeType of MIMETypes) {
+ await testScript(mimeType);
+ }
+ info("### Running worker top-level script MIME checks.");
+ for (const mimeType of MIMETypes) {
+ await testWorker(mimeType);
+ }
+
+ info("### Running worker importScripts MIME checks.");
+ for (const mimeType of MIMETypes) {
+ await testWorkerImportScripts(mimeType);
+ }
+}
+
+let gRegistration;
+
+/**
+ * Register and wait for the helper ServiceWorker to be active in the given
+ * mode.
+ */
+async function useServiceWorker({ fetchMode }) {
+ info(`### Registering ServiceWorker with mode '${fetchMode}'`);
+ const activePromise = new Promise((resolve, reject) => {
+ navigator.serviceWorker.addEventListener(
+ "message",
+ event => {
+ if (event.data.fetchMode === fetchMode) {
+ resolve();
+ } else {
+ reject(`wrong fetchMode: ${fetchMode}`);
+ }
+ is(fetchMode, event.data.fetchMode, "right fetch mode");
+ },
+ { once: true });
+ });
+
+ const reg = gRegistration = await navigator.serviceWorker.register(
+ `file_block_script_wrong_mime_sw.js?fetchMode=${fetchMode}`);
+ info("register resolved. " +
+ `installing: ${!!reg.installing} ` +
+ `waiting: ${!!reg.waiting} ` +
+ `active: ${!!reg.active}`);
+
+ await activePromise;
+}
+
+/**
+ * Unregister the ServiceWorker, with the caveat that the ServiceWorker will
+ * still be controlling us until this window goes away.
+ */
+async function cleanupServiceWorkerWithCaveat() {
+ await gRegistration.unregister();
+}
+
+/**
+ * Top-level test that runs the MIME type checks in different ServiceWorker/
+ * network configurations.
+ *
+ * We use the ServiceWorker mechanism that allows ServiceWorkers to claim
+ * existing scope-matching clients in order to make this window controlled and
+ * then run the tests. When changing the SW behavior the SW also needs to
+ * skipWaiting in order to advance to active.
+ */
+async function runNetworkPermutations() {
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ ["dom.serviceWorkers.enabled", true],
+ ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+ ["dom.serviceWorkers.testing.enabled", true],
+ ],
+ });
+
+ info("## Run tests without a ServiceWorker involved.");
+ await runMimeTypePermutations();
+
+ info("## Run tests with a pass-through fetch(event.request) handler.");
+ await useServiceWorker({ fetchMode: "direct" });
+ await runMimeTypePermutations();
+
+ info("## Run tests with a naive URL propagating fetch(event.request.url) handler.");
+ await useServiceWorker({ fetchMode: "indirect" });
+ await runMimeTypePermutations();
+
+ await cleanupServiceWorkerWithCaveat();
+}
+
+add_task(runNetworkPermutations);
</script>
</body>
</html>
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index b8a4e986b6..19ba0548de 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -93,8 +93,7 @@ nsresult runTest(
// for testing the parser we only need to set a principal which is needed
// to translate the keyword 'self' into an actual URI.
- rv =
- csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, u""_ns, 0);
+ rv = csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, ""_ns, 0);
NS_ENSURE_SUCCESS(rv, rv);
// append a policy
diff --git a/dom/security/test/https-first/browser.toml b/dom/security/test/https-first/browser.toml
index 0c63b8317d..49e2d522f4 100644
--- a/dom/security/test/https-first/browser.toml
+++ b/dom/security/test/https-first/browser.toml
@@ -7,7 +7,7 @@ support-files = ["file_beforeunload_permit_http.html"]
support-files = [
"file_mixed_content_auto_upgrade.html",
"pass.png",
- "test.ogv",
+ "test.webm",
"test.wav",
]
@@ -40,6 +40,12 @@ support-files = [
["browser_navigation.js"]
support-files = ["file_navigation.html"]
+["browser_subdocument_downgrade.js"]
+support-files = [
+ "file_empty.html",
+ "file_subdocument_downgrade.sjs",
+]
+
["browser_schemeless.js"]
["browser_slow_download.js"]
diff --git a/dom/security/test/https-first/browser_beforeunload_permit_http.js b/dom/security/test/https-first/browser_beforeunload_permit_http.js
index 660c1a352d..281def37e9 100644
--- a/dom/security/test/https-first/browser_beforeunload_permit_http.js
+++ b/dom/security/test/https-first/browser_beforeunload_permit_http.js
@@ -162,7 +162,7 @@ async function loadPageAndReload(testCase) {
}
);
is(true, hasInteractedWith, "Simulated successfully user interaction");
- BrowserReloadWithFlags(testCase.reloadFlag);
+ BrowserCommands.reloadWithFlags(testCase.reloadFlag);
await BrowserTestUtils.browserLoaded(browser);
is(true, true, `reload with flag ${testCase.name} was successful`);
}
diff --git a/dom/security/test/https-first/browser_subdocument_downgrade.js b/dom/security/test/https-first/browser_subdocument_downgrade.js
new file mode 100644
index 0000000000..4cb5b4ed2e
--- /dev/null
+++ b/dom/security/test/https-first/browser_subdocument_downgrade.js
@@ -0,0 +1,60 @@
+/* Any copyright is dedicated to the Public Domain.
+ https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const EMPTY_URL =
+ "http://example.com/browser/dom/security/test/https-first/file_empty.html";
+const SUBDOCUMENT_URL =
+ "https://example.com/browser/dom/security/test/https-first/file_subdocument_downgrade.sjs";
+
+add_task(async function test_subdocument_downgrade() {
+ await SpecialPowers.pushPrefEnv({
+ set: [
+ // We want to test HTTPS-First
+ ["dom.security.https_first", true],
+ // Makes it easier to detect the error
+ ["security.mixed_content.block_active_content", false],
+ ],
+ });
+
+ // Open a empty document with origin http://example.com, which gets upgraded
+ // to https://example.com by HTTPS-First and thus is marked as
+ // HTTPS_ONLY_UPGRADED_HTTPS_FIRST.
+ await BrowserTestUtils.withNewTab(EMPTY_URL, async browser => {
+ await SpecialPowers.spawn(
+ browser,
+ [SUBDOCUMENT_URL],
+ async SUBDOCUMENT_URL => {
+ function isCrossOriginIframe(iframe) {
+ try {
+ return !iframe.contentDocument;
+ } catch (e) {
+ return true;
+ }
+ }
+ const subdocument = content.document.createElement("iframe");
+ // We open https://example.com/.../file_subdocument_downgrade.sjs in a
+ // iframe, which sends a invalid response if the scheme is https. Thus
+ // we should get an error. But if we accidentally copy the
+ // HTTPS_ONLY_UPGRADED_HTTPS_FIRST flag from the parent into the iframe
+ // loadinfo, HTTPS-First will try to downgrade the iframe. We test that
+ // this doesn't happen.
+ subdocument.src = SUBDOCUMENT_URL;
+ const loadPromise = new Promise(resolve => {
+ subdocument.addEventListener("load", () => {
+ ok(
+ // If the iframe got downgraded, it should now have the origin
+ // http://example.com, which we can detect as being cross-origin.
+ !isCrossOriginIframe(subdocument),
+ "Subdocument should not be downgraded"
+ );
+ resolve();
+ });
+ });
+ content.document.body.appendChild(subdocument);
+ await loadPromise;
+ }
+ );
+ });
+});
diff --git a/dom/security/test/https-first/file_empty.html b/dom/security/test/https-first/file_empty.html
new file mode 100644
index 0000000000..39d495653e
--- /dev/null
+++ b/dom/security/test/https-first/file_empty.html
@@ -0,0 +1 @@
+<!doctype html><html><body></body></html>
diff --git a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
index 7dda8909a5..5a8bef6bb0 100644
--- a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
+++ b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
@@ -6,7 +6,7 @@
<body>
<!--upgradeable resources--->
<img src="http://example.com/browser/dom/security/test/https-first/pass.png">
- <video src="http://example.com/browser/dom/security/test/https-first/test.ogv">
+ <video src="http://example.com/browser/dom/security/test/https-first/test.webm">
<audio src="http://example.com/browser/dom/security/test/https-first/test.wav">
</body>
</html>
diff --git a/dom/security/test/https-first/file_multiple_redirection.sjs b/dom/security/test/https-first/file_multiple_redirection.sjs
index 49098ccdb7..e34a360fa6 100644
--- a/dom/security/test/https-first/file_multiple_redirection.sjs
+++ b/dom/security/test/https-first/file_multiple_redirection.sjs
@@ -5,6 +5,8 @@ const REDIRECT_URI =
"https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?redirect";
const REDIRECT_URI_HTTP =
"http://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
+const OTHERHOST_REDIRECT_URI_HTTP =
+ "http://example.org/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
const REDIRECT_URI_HTTPS =
"https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
@@ -44,6 +46,11 @@ function sendRedirection(query, response) {
if (query.includes("test3")) {
response.setHeader("Strict-Transport-Security", "max-age=60");
response.setHeader("Location", REDIRECT_URI_HTTP, false);
+ return;
+ }
+ // send a redirection to a different http uri
+ if (query.includes("test4")) {
+ response.setHeader("Location", OTHERHOST_REDIRECT_URI_HTTP, false);
}
}
@@ -53,6 +60,11 @@ function handleRequest(request, response) {
// if the query contains a test query start first test
if (query.startsWith("test")) {
+ // all of these should be upgraded
+ if (request.scheme !== "https") {
+ response.setStatusLine(request.httpVersion, 500, "OK");
+ response.write("Request should have been HTTPS.");
+ }
// send a 302 redirection
response.setStatusLine(request.httpVersion, 302, "Found");
response.setHeader("Location", REDIRECT_URI + query, false);
@@ -60,6 +72,10 @@ function handleRequest(request, response) {
}
// Send a redirection
if (query.includes("redirect")) {
+ if (request.scheme !== "https") {
+ response.setStatusLine(request.httpVersion, 500, "OK");
+ response.write("Request should have been HTTPS.");
+ }
response.setStatusLine(request.httpVersion, 302, "Found");
sendRedirection(query, response);
return;
@@ -83,5 +99,5 @@ function handleRequest(request, response) {
// We should never get here, but just in case ...
response.setStatusLine(request.httpVersion, 500, "OK");
- response.write("unexepcted query");
+ response.write("unexpected query");
}
diff --git a/dom/security/test/https-first/file_subdocument_downgrade.sjs b/dom/security/test/https-first/file_subdocument_downgrade.sjs
new file mode 100644
index 0000000000..53ced94ba8
--- /dev/null
+++ b/dom/security/test/https-first/file_subdocument_downgrade.sjs
@@ -0,0 +1,8 @@
+function handleRequest(request, response) {
+ if (request.scheme === "https") {
+ response.setStatusLine("1.1", 429, "Too Many Requests");
+ } else {
+ response.setHeader("Content-Type", "text/html", false);
+ response.write("<!doctype html><html><body></body></html>");
+ }
+}
diff --git a/dom/security/test/https-first/test.ogv b/dom/security/test/https-first/test.ogv
deleted file mode 100644
index 0f83996e5d..0000000000
--- a/dom/security/test/https-first/test.ogv
+++ /dev/null
Binary files differ
diff --git a/dom/security/test/https-first/test.webm b/dom/security/test/https-first/test.webm
new file mode 100644
index 0000000000..221877e303
--- /dev/null
+++ b/dom/security/test/https-first/test.webm
Binary files differ
diff --git a/dom/security/test/https-first/test_multiple_redirection.html b/dom/security/test/https-first/test_multiple_redirection.html
index d631f140e6..678a8133a8 100644
--- a/dom/security/test/https-first/test_multiple_redirection.html
+++ b/dom/security/test/https-first/test_multiple_redirection.html
@@ -37,6 +37,12 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
{name: "test last redirect HSTS", result: "scheme-https", query: "test3"},
// reset: reset hsts header for example.com
{name: "reset HSTS header", result: "scheme-https", query: "reset"},
+ // test 4: http://example.com/...test4 -upgrade-> httpS://example.com/...test4
+ // https://example.com/...test4 -redir-> https://example.com/.../REDIRECT
+ // https://example.com/.../redirect -redir-> http://example.ORG/.../verify
+ // http://example.org/.../verify -upgrade-> httpS://example.ORG/.../verify
+ // Everything should be upgraded and accessed only via HTTPS!
+ {name: "test last redirect other HTTP origin gets upgraded", result: "scheme-https", query: "test4" },
]
let currentTest = 0;
let testWin;
@@ -48,7 +54,7 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
let test = testCase[currentTest];
is(event.data.result,
test.result,
- "same-origin redirect results in " + test.name
+ "redirect results in " + test.name
);
testWin.close();
if (++currentTest < testCase.length) {
diff --git a/dom/security/test/mixedcontentblocker/browser.toml b/dom/security/test/mixedcontentblocker/browser.toml
index 5b0b85cb0b..402e8b91b1 100644
--- a/dom/security/test/mixedcontentblocker/browser.toml
+++ b/dom/security/test/mixedcontentblocker/browser.toml
@@ -15,7 +15,7 @@ support-files = [
support-files = [
"file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html",
"pass.png",
- "test.ogv",
+ "test.webm",
"test.wav",
]
diff --git a/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js b/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
index 25fee8de3c..57842eb623 100644
--- a/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
+++ b/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
@@ -12,10 +12,6 @@ const { PromptTestUtils } = ChromeUtils.importESModule(
"resource://testing-common/PromptTestUtils.sys.mjs"
);
-let authPromptModalType = Services.prefs.getIntPref(
- "prompts.modalType.httpAuth"
-);
-
const downloadMonitoringView = {
_listeners: [],
onDownloadAdded(download) {
@@ -107,7 +103,7 @@ async function runTest(url, link, checkFunction, description) {
// Wait for the auth prompt, enter the login details and close the prompt
await PromptTestUtils.handleNextPrompt(
gBrowser.selectedBrowser,
- { modalType: authPromptModalType, promptType: "promptUserAndPass" },
+ { modalType: Ci.nsIPrompt.MODAL_TYPE_TAB, promptType: "promptUserAndPass" },
{ buttonNumClick: 0, loginInput: "user", passwordInput: "pass" }
);
await checkPromise;
diff --git a/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html b/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
index 80e97443ed..62e705227f 100644
--- a/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
+++ b/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
@@ -8,7 +8,7 @@
<body>
<!--upgradeable resources--->
<img id="some-img" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/pass.png" width="100px">
- <video id="some-video" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.ogv" width="100px">
+ <video id="some-video" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.webm" width="100px">
<audio id="some-audio" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.wav" width="100px">
</body>
</html>
diff --git a/dom/security/test/mixedcontentblocker/file_server.sjs b/dom/security/test/mixedcontentblocker/file_server.sjs
index 4f86c282ee..90034dad3f 100644
--- a/dom/security/test/mixedcontentblocker/file_server.sjs
+++ b/dom/security/test/mixedcontentblocker/file_server.sjs
@@ -96,8 +96,8 @@ function handleRequest(request, response) {
break;
case "media":
- response.setHeader("Content-Type", "video/ogg", false);
- response.write(loadContentFromFile("tests/dom/media/test/320x240.ogv"));
+ response.setHeader("Content-Type", "video/webm", false);
+ response.write(loadContentFromFile("tests/dom/media/test/vp9.webm"));
break;
case "iframe":
diff --git a/dom/security/test/mixedcontentblocker/mochitest.toml b/dom/security/test/mixedcontentblocker/mochitest.toml
index 17d8cb4608..cf1d4827a0 100644
--- a/dom/security/test/mixedcontentblocker/mochitest.toml
+++ b/dom/security/test/mixedcontentblocker/mochitest.toml
@@ -16,7 +16,9 @@ support-files = [
"file_main_bug803225.html",
"file_main_bug803225_websocket_wsh.py",
"file_server.sjs",
- "!/dom/media/test/320x240.ogv",
+ "!/dom/media/test/vp9.webm",
+ "test.webm",
+ "test.wav",
"!/image/test/mochitest/blue.png",
"file_redirect.html",
"file_redirect_handler.sjs",
diff --git a/dom/security/test/mixedcontentblocker/test.ogv b/dom/security/test/mixedcontentblocker/test.ogv
deleted file mode 100644
index 0f83996e5d..0000000000
--- a/dom/security/test/mixedcontentblocker/test.ogv
+++ /dev/null
Binary files differ
diff --git a/dom/security/test/mixedcontentblocker/test.webm b/dom/security/test/mixedcontentblocker/test.webm
new file mode 100644
index 0000000000..221877e303
--- /dev/null
+++ b/dom/security/test/mixedcontentblocker/test.webm
Binary files differ
diff --git a/dom/security/test/referrer-policy/browser.toml b/dom/security/test/referrer-policy/browser.toml
index a77046c85b..ba571fec81 100644
--- a/dom/security/test/referrer-policy/browser.toml
+++ b/dom/security/test/referrer-policy/browser.toml
@@ -1,9 +1,10 @@
[DEFAULT]
support-files = ["referrer_page.sjs"]
-["browser_session_history.js"]
-support-files = ["file_session_history.sjs"]
-
["browser_referrer_disallow_cross_site_relaxing.js"]
+skip-if = ["asan"] # too slow
["browser_referrer_telemetry.js"]
+
+["browser_session_history.js"]
+support-files = ["file_session_history.sjs"]
diff --git a/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js b/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
index 7f8df7b34b..84e79af3ef 100644
--- a/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
+++ b/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
@@ -191,6 +191,8 @@ add_setup(async function () {
set: [
// Disable mixed content blocking to be able to test downgrade scenario.
["security.mixed_content.block_active_content", false],
+ // Disable https-first since we are testing http and https referrers
+ ["dom.security.https_first", false],
],
});
});