From d8bbc7858622b6d9c278469aab701ca0b609cddf Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 15 May 2024 05:35:49 +0200
Subject: Merging upstream version 126.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../general/file_block_script_wrong_mime_sw.js     |  51 ++++++++++
 dom/security/test/general/mochitest.toml           |   1 +
 .../test/general/test_block_script_wrong_mime.html | 105 ++++++++++++++++++---
 dom/security/test/gtest/TestCSPParser.cpp          |   3 +-
 dom/security/test/https-first/browser.toml         |   8 +-
 .../browser_beforeunload_permit_http.js            |   2 +-
 .../https-first/browser_subdocument_downgrade.js   |  60 ++++++++++++
 dom/security/test/https-first/file_empty.html      |   1 +
 .../file_mixed_content_auto_upgrade.html           |   2 +-
 .../test/https-first/file_multiple_redirection.sjs |  18 +++-
 .../https-first/file_subdocument_downgrade.sjs     |   8 ++
 dom/security/test/https-first/test.ogv             | Bin 2344665 -> 0 bytes
 dom/security/test/https-first/test.webm            | Bin 0 -> 97465 bytes
 .../https-first/test_multiple_redirection.html     |   8 +-
 dom/security/test/mixedcontentblocker/browser.toml |   2 +-
 .../browser_mixed_content_auth_download.js         |   6 +-
 ...dcontent_and_mixed_content_display_upgrade.html |   2 +-
 .../test/mixedcontentblocker/file_server.sjs       |   4 +-
 .../test/mixedcontentblocker/mochitest.toml        |   4 +-
 dom/security/test/mixedcontentblocker/test.ogv     | Bin 2344665 -> 0 bytes
 dom/security/test/mixedcontentblocker/test.webm    | Bin 0 -> 97465 bytes
 dom/security/test/referrer-policy/browser.toml     |   7 +-
 ...rowser_referrer_disallow_cross_site_relaxing.js |   2 +
 23 files changed, 263 insertions(+), 31 deletions(-)
 create mode 100644 dom/security/test/general/file_block_script_wrong_mime_sw.js
 create mode 100644 dom/security/test/https-first/browser_subdocument_downgrade.js
 create mode 100644 dom/security/test/https-first/file_empty.html
 create mode 100644 dom/security/test/https-first/file_subdocument_downgrade.sjs
 delete mode 100644 dom/security/test/https-first/test.ogv
 create mode 100644 dom/security/test/https-first/test.webm
 delete mode 100644 dom/security/test/mixedcontentblocker/test.ogv
 create mode 100644 dom/security/test/mixedcontentblocker/test.webm

(limited to 'dom/security/test')

diff --git a/dom/security/test/general/file_block_script_wrong_mime_sw.js b/dom/security/test/general/file_block_script_wrong_mime_sw.js
new file mode 100644
index 0000000000..4d8d667af4
--- /dev/null
+++ b/dom/security/test/general/file_block_script_wrong_mime_sw.js
@@ -0,0 +1,51 @@
+/**
+ * Service Worker that runs in 2 modes: 1) direct pass-through via
+ * fetch(event.request) and 2) indirect pass-through via
+ * fetch(event.request.url).
+ *
+ * Because this is updating a pre-existing mochitest that didn't use a SW and
+ * used a single test document, we use a SW idiom where the SW claims the
+ * existing window client.  And because we operate in two modes and we
+ * parameterize via URL, we also ensure that we skipWaiting.
+ **/
+
+/* eslint-env serviceworker */
+
+// We are parameterized by "mode".
+const params = new URLSearchParams(location.search);
+const fetchMode = params.get("fetchMode");
+
+// When activating on initial install, claim the existing window client.
+// For synchronziation, also message the controlled document to report our mode.
+self.addEventListener("activate", event => {
+  event.waitUntil(
+    (async () => {
+      await clients.claim();
+      const allClients = await clients.matchAll();
+      for (const client of allClients) {
+        client.postMessage({
+          fetchMode,
+        });
+      }
+    })()
+  );
+});
+
+// When updating the SW to change our mode of operation, skipWaiting so we
+// advance directly to activating without waiting for the test window client
+// to stop being controlled by our previous configuration.
+self.addEventListener("install", () => {
+  self.skipWaiting();
+});
+
+self.addEventListener("fetch", event => {
+  switch (fetchMode) {
+    case "direct":
+      event.respondWith(fetch(event.request));
+      break;
+
+    case "indirect":
+      event.respondWith(fetch(event.request.url));
+      break;
+  }
+});
diff --git a/dom/security/test/general/mochitest.toml b/dom/security/test/general/mochitest.toml
index c46b5ecf57..22024fcc67 100644
--- a/dom/security/test/general/mochitest.toml
+++ b/dom/security/test/general/mochitest.toml
@@ -8,6 +8,7 @@ support-files = [
   "file_block_toplevel_data_navigation2.html",
   "file_block_toplevel_data_navigation3.html",
   "file_block_toplevel_data_redirect.sjs",
+  "file_block_script_wrong_mime_sw.js",
   "file_block_subresource_redir_to_data.sjs",
   "file_same_site_cookies_subrequest.sjs",
   "file_same_site_cookies_toplevel_nav.sjs",
diff --git a/dom/security/test/general/test_block_script_wrong_mime.html b/dom/security/test/general/test_block_script_wrong_mime.html
index 7122363dfc..896823a417 100644
--- a/dom/security/test/general/test_block_script_wrong_mime.html
+++ b/dom/security/test/general/test_block_script_wrong_mime.html
@@ -29,7 +29,7 @@ function testScript([mime, shouldLoad]) {
     let script = document.createElement("script");
     script.onload = () => {
       document.body.removeChild(script);
-      ok(shouldLoad, `script with mime '${mime}' should load`);
+      ok(shouldLoad, `script with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
       resolve();
     };
     script.onerror = () => {
@@ -47,7 +47,7 @@ function testWorker([mime, shouldLoad]) {
   return new Promise((resolve) => {
     let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker&mime="+mime);
     worker.onmessage = (event) => {
-      ok(shouldLoad, `worker with mime '${mime}' should load`)
+      ok(shouldLoad, `worker with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
       is(event.data, "worker-loaded", "worker should send correct message");
       resolve();
     };
@@ -65,7 +65,7 @@ function testWorkerImportScripts([mime, shouldLoad]) {
   return new Promise((resolve) => {
     let worker = new Worker("file_block_script_wrong_mime_server.sjs?type=worker-import&mime="+mime);
     worker.onmessage = (event) => {
-      ok(shouldLoad, `worker/importScripts with mime '${mime}' should load`)
+      ok(shouldLoad, `worker/importScripts with mime '${mime}' should ${shouldLoad ? "" : "NOT "}load`);
       is(event.data, "worker-loaded", "worker should send correct message");
       resolve();
     };
@@ -73,20 +73,103 @@ function testWorkerImportScripts([mime, shouldLoad]) {
       ok(!shouldLoad, `worker/importScripts with wrong mime '${mime}' should be blocked`);
       error.preventDefault();
       resolve();
+      // The worker doesn't self-terminate via close, so let's do it.
+      worker.terminate();
     }
     worker.postMessage("dummy");
   });
 }
 
-SimpleTest.waitForExplicitFinish();
-Promise.all(MIMETypes.map(testScript)).then(() => {
-  return Promise.all(MIMETypes.map(testWorker));
-}).then(() => {
-  return Promise.all(MIMETypes.map(testWorkerImportScripts));
-}).then(() => {
-  return SpecialPowers.popPrefEnv();
-}).then(SimpleTest.finish);
+async function runMimeTypePermutations() {
+  info("### Running document script MIME checks.");
+  for (const mimeType of MIMETypes) {
+    await testScript(mimeType);
+  }
 
+  info("### Running worker top-level script MIME checks.");
+  for (const mimeType of MIMETypes) {
+    await testWorker(mimeType);
+  }
+
+  info("### Running worker importScripts MIME checks.");
+  for (const mimeType of MIMETypes) {
+    await testWorkerImportScripts(mimeType);
+  }
+}
+
+let gRegistration;
+
+/**
+ * Register and wait for the helper ServiceWorker to be active in the given
+ * mode.
+ */
+async function useServiceWorker({ fetchMode }) {
+  info(`### Registering ServiceWorker with mode '${fetchMode}'`);
+  const activePromise = new Promise((resolve, reject) => {
+    navigator.serviceWorker.addEventListener(
+      "message",
+      event => {
+        if (event.data.fetchMode === fetchMode) {
+          resolve();
+        } else {
+          reject(`wrong fetchMode: ${fetchMode}`);
+        }
+        is(fetchMode, event.data.fetchMode, "right fetch mode");
+      },
+      { once: true });
+  });
+
+  const reg = gRegistration = await navigator.serviceWorker.register(
+    `file_block_script_wrong_mime_sw.js?fetchMode=${fetchMode}`);
+  info("register resolved. " +
+       `installing: ${!!reg.installing} ` +
+       `waiting: ${!!reg.waiting} ` +
+       `active: ${!!reg.active}`);
+
+  await activePromise;
+}
+
+/**
+ * Unregister the ServiceWorker, with the caveat that the ServiceWorker will
+ * still be controlling us until this window goes away.
+ */
+async function cleanupServiceWorkerWithCaveat() {
+  await gRegistration.unregister();
+}
+
+/**
+ * Top-level test that runs the MIME type checks in different ServiceWorker/
+ * network configurations.
+ *
+ * We use the ServiceWorker mechanism that allows ServiceWorkers to claim
+ * existing scope-matching clients in order to make this window controlled and
+ * then run the tests.  When changing the SW behavior the SW also needs to
+ * skipWaiting in order to advance to active.
+ */
+async function runNetworkPermutations() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["dom.serviceWorkers.enabled", true],
+      ["dom.serviceWorkers.exemptFromPerDomainMax", true],
+      ["dom.serviceWorkers.testing.enabled", true],
+    ],
+  });
+
+  info("## Run tests without a ServiceWorker involved.");
+  await runMimeTypePermutations();
+
+  info("## Run tests with a pass-through fetch(event.request) handler.");
+  await useServiceWorker({ fetchMode: "direct" });
+  await runMimeTypePermutations();
+
+  info("## Run tests with a naive URL propagating fetch(event.request.url) handler.");
+  await useServiceWorker({ fetchMode: "indirect" });
+  await runMimeTypePermutations();
+
+  await cleanupServiceWorkerWithCaveat();
+}
+
+add_task(runNetworkPermutations);
 </script>
 </body>
 </html>
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index b8a4e986b6..19ba0548de 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -93,8 +93,7 @@ nsresult runTest(
 
   // for testing the parser we only need to set a principal which is needed
   // to translate the keyword 'self' into an actual URI.
-  rv =
-      csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, u""_ns, 0);
+  rv = csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI, ""_ns, 0);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // append a policy
diff --git a/dom/security/test/https-first/browser.toml b/dom/security/test/https-first/browser.toml
index 0c63b8317d..49e2d522f4 100644
--- a/dom/security/test/https-first/browser.toml
+++ b/dom/security/test/https-first/browser.toml
@@ -7,7 +7,7 @@ support-files = ["file_beforeunload_permit_http.html"]
 support-files = [
   "file_mixed_content_auto_upgrade.html",
   "pass.png",
-  "test.ogv",
+  "test.webm",
   "test.wav",
 ]
 
@@ -40,6 +40,12 @@ support-files = [
 ["browser_navigation.js"]
 support-files = ["file_navigation.html"]
 
+["browser_subdocument_downgrade.js"]
+support-files = [
+  "file_empty.html",
+  "file_subdocument_downgrade.sjs",
+]
+
 ["browser_schemeless.js"]
 
 ["browser_slow_download.js"]
diff --git a/dom/security/test/https-first/browser_beforeunload_permit_http.js b/dom/security/test/https-first/browser_beforeunload_permit_http.js
index 660c1a352d..281def37e9 100644
--- a/dom/security/test/https-first/browser_beforeunload_permit_http.js
+++ b/dom/security/test/https-first/browser_beforeunload_permit_http.js
@@ -162,7 +162,7 @@ async function loadPageAndReload(testCase) {
         }
       );
       is(true, hasInteractedWith, "Simulated successfully user interaction");
-      BrowserReloadWithFlags(testCase.reloadFlag);
+      BrowserCommands.reloadWithFlags(testCase.reloadFlag);
       await BrowserTestUtils.browserLoaded(browser);
       is(true, true, `reload with flag ${testCase.name} was successful`);
     }
diff --git a/dom/security/test/https-first/browser_subdocument_downgrade.js b/dom/security/test/https-first/browser_subdocument_downgrade.js
new file mode 100644
index 0000000000..4cb5b4ed2e
--- /dev/null
+++ b/dom/security/test/https-first/browser_subdocument_downgrade.js
@@ -0,0 +1,60 @@
+/* Any copyright is dedicated to the Public Domain.
+   https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const EMPTY_URL =
+  "http://example.com/browser/dom/security/test/https-first/file_empty.html";
+const SUBDOCUMENT_URL =
+  "https://example.com/browser/dom/security/test/https-first/file_subdocument_downgrade.sjs";
+
+add_task(async function test_subdocument_downgrade() {
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      // We want to test HTTPS-First
+      ["dom.security.https_first", true],
+      // Makes it easier to detect the error
+      ["security.mixed_content.block_active_content", false],
+    ],
+  });
+
+  // Open a empty document with origin http://example.com, which gets upgraded
+  // to https://example.com by HTTPS-First and thus is marked as
+  // HTTPS_ONLY_UPGRADED_HTTPS_FIRST.
+  await BrowserTestUtils.withNewTab(EMPTY_URL, async browser => {
+    await SpecialPowers.spawn(
+      browser,
+      [SUBDOCUMENT_URL],
+      async SUBDOCUMENT_URL => {
+        function isCrossOriginIframe(iframe) {
+          try {
+            return !iframe.contentDocument;
+          } catch (e) {
+            return true;
+          }
+        }
+        const subdocument = content.document.createElement("iframe");
+        // We open https://example.com/.../file_subdocument_downgrade.sjs in a
+        // iframe, which sends a invalid response if the scheme is https. Thus
+        // we should get an error. But if we accidentally copy the
+        // HTTPS_ONLY_UPGRADED_HTTPS_FIRST flag from the parent into the iframe
+        // loadinfo, HTTPS-First will try to downgrade the iframe. We test that
+        // this doesn't happen.
+        subdocument.src = SUBDOCUMENT_URL;
+        const loadPromise = new Promise(resolve => {
+          subdocument.addEventListener("load", () => {
+            ok(
+              // If the iframe got downgraded, it should now have the origin
+              // http://example.com, which we can detect as being cross-origin.
+              !isCrossOriginIframe(subdocument),
+              "Subdocument should not be downgraded"
+            );
+            resolve();
+          });
+        });
+        content.document.body.appendChild(subdocument);
+        await loadPromise;
+      }
+    );
+  });
+});
diff --git a/dom/security/test/https-first/file_empty.html b/dom/security/test/https-first/file_empty.html
new file mode 100644
index 0000000000..39d495653e
--- /dev/null
+++ b/dom/security/test/https-first/file_empty.html
@@ -0,0 +1 @@
+<!doctype html><html><body></body></html>
diff --git a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
index 7dda8909a5..5a8bef6bb0 100644
--- a/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
+++ b/dom/security/test/https-first/file_mixed_content_auto_upgrade.html
@@ -6,7 +6,7 @@
 <body>
    <!--upgradeable resources--->
   <img src="http://example.com/browser/dom/security/test/https-first/pass.png">
-  <video src="http://example.com/browser/dom/security/test/https-first/test.ogv">
+  <video src="http://example.com/browser/dom/security/test/https-first/test.webm">
   <audio src="http://example.com/browser/dom/security/test/https-first/test.wav">
 </body>
 </html>
diff --git a/dom/security/test/https-first/file_multiple_redirection.sjs b/dom/security/test/https-first/file_multiple_redirection.sjs
index 49098ccdb7..e34a360fa6 100644
--- a/dom/security/test/https-first/file_multiple_redirection.sjs
+++ b/dom/security/test/https-first/file_multiple_redirection.sjs
@@ -5,6 +5,8 @@ const REDIRECT_URI =
   "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?redirect";
 const REDIRECT_URI_HTTP =
   "http://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
+const OTHERHOST_REDIRECT_URI_HTTP =
+  "http://example.org/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
 const REDIRECT_URI_HTTPS =
   "https://example.com/tests/dom/security/test/https-first/file_multiple_redirection.sjs?verify";
 
@@ -44,6 +46,11 @@ function sendRedirection(query, response) {
   if (query.includes("test3")) {
     response.setHeader("Strict-Transport-Security", "max-age=60");
     response.setHeader("Location", REDIRECT_URI_HTTP, false);
+    return;
+  }
+  // send a redirection to a different http uri
+  if (query.includes("test4")) {
+    response.setHeader("Location", OTHERHOST_REDIRECT_URI_HTTP, false);
   }
 }
 
@@ -53,6 +60,11 @@ function handleRequest(request, response) {
 
   // if the query contains a test query start first test
   if (query.startsWith("test")) {
+    // all of these should be upgraded
+    if (request.scheme !== "https") {
+      response.setStatusLine(request.httpVersion, 500, "OK");
+      response.write("Request should have been HTTPS.");
+    }
     // send a 302 redirection
     response.setStatusLine(request.httpVersion, 302, "Found");
     response.setHeader("Location", REDIRECT_URI + query, false);
@@ -60,6 +72,10 @@ function handleRequest(request, response) {
   }
   // Send a redirection
   if (query.includes("redirect")) {
+    if (request.scheme !== "https") {
+      response.setStatusLine(request.httpVersion, 500, "OK");
+      response.write("Request should have been HTTPS.");
+    }
     response.setStatusLine(request.httpVersion, 302, "Found");
     sendRedirection(query, response);
     return;
@@ -83,5 +99,5 @@ function handleRequest(request, response) {
 
   // We should never get here, but just in case ...
   response.setStatusLine(request.httpVersion, 500, "OK");
-  response.write("unexepcted query");
+  response.write("unexpected query");
 }
diff --git a/dom/security/test/https-first/file_subdocument_downgrade.sjs b/dom/security/test/https-first/file_subdocument_downgrade.sjs
new file mode 100644
index 0000000000..53ced94ba8
--- /dev/null
+++ b/dom/security/test/https-first/file_subdocument_downgrade.sjs
@@ -0,0 +1,8 @@
+function handleRequest(request, response) {
+  if (request.scheme === "https") {
+    response.setStatusLine("1.1", 429, "Too Many Requests");
+  } else {
+    response.setHeader("Content-Type", "text/html", false);
+    response.write("<!doctype html><html><body></body></html>");
+  }
+}
diff --git a/dom/security/test/https-first/test.ogv b/dom/security/test/https-first/test.ogv
deleted file mode 100644
index 0f83996e5d..0000000000
Binary files a/dom/security/test/https-first/test.ogv and /dev/null differ
diff --git a/dom/security/test/https-first/test.webm b/dom/security/test/https-first/test.webm
new file mode 100644
index 0000000000..221877e303
Binary files /dev/null and b/dom/security/test/https-first/test.webm differ
diff --git a/dom/security/test/https-first/test_multiple_redirection.html b/dom/security/test/https-first/test_multiple_redirection.html
index d631f140e6..678a8133a8 100644
--- a/dom/security/test/https-first/test_multiple_redirection.html
+++ b/dom/security/test/https-first/test_multiple_redirection.html
@@ -37,6 +37,12 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
     {name: "test last redirect HSTS", result: "scheme-https", query: "test3"},
     // reset: reset hsts header for example.com
     {name: "reset HSTS header", result: "scheme-https", query: "reset"},
+    // test 4: http://example.com/...test4 -upgrade-> httpS://example.com/...test4
+    //         https://example.com/...test4 -redir-> https://example.com/.../REDIRECT
+    //         https://example.com/.../redirect -redir-> http://example.ORG/.../verify
+    //         http://example.org/.../verify -upgrade-> httpS://example.ORG/.../verify
+    //         Everything should be upgraded and accessed only via HTTPS!
+    {name: "test last redirect other HTTP origin gets upgraded", result: "scheme-https", query: "test4" },
   ]
   let currentTest = 0;
   let testWin;
@@ -48,7 +54,7 @@ Test multiple redirects using https-first and ensure the entire redirect chain i
     let test = testCase[currentTest];
       is(event.data.result,
        test.result,
-       "same-origin redirect results in " + test.name
+       "redirect results in " + test.name
     );
     testWin.close();
     if (++currentTest < testCase.length) {
diff --git a/dom/security/test/mixedcontentblocker/browser.toml b/dom/security/test/mixedcontentblocker/browser.toml
index 5b0b85cb0b..402e8b91b1 100644
--- a/dom/security/test/mixedcontentblocker/browser.toml
+++ b/dom/security/test/mixedcontentblocker/browser.toml
@@ -15,7 +15,7 @@ support-files = [
 support-files = [
   "file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html",
   "pass.png",
-  "test.ogv",
+  "test.webm",
   "test.wav",
 ]
 
diff --git a/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js b/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
index 25fee8de3c..57842eb623 100644
--- a/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
+++ b/dom/security/test/mixedcontentblocker/browser_mixed_content_auth_download.js
@@ -12,10 +12,6 @@ const { PromptTestUtils } = ChromeUtils.importESModule(
   "resource://testing-common/PromptTestUtils.sys.mjs"
 );
 
-let authPromptModalType = Services.prefs.getIntPref(
-  "prompts.modalType.httpAuth"
-);
-
 const downloadMonitoringView = {
   _listeners: [],
   onDownloadAdded(download) {
@@ -107,7 +103,7 @@ async function runTest(url, link, checkFunction, description) {
   // Wait for the auth prompt, enter the login details and close the prompt
   await PromptTestUtils.handleNextPrompt(
     gBrowser.selectedBrowser,
-    { modalType: authPromptModalType, promptType: "promptUserAndPass" },
+    { modalType: Ci.nsIPrompt.MODAL_TYPE_TAB, promptType: "promptUserAndPass" },
     { buttonNumClick: 0, loginInput: "user", passwordInput: "pass" }
   );
   await checkPromise;
diff --git a/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html b/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
index 80e97443ed..62e705227f 100644
--- a/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
+++ b/dom/security/test/mixedcontentblocker/file_csp_block_all_mixedcontent_and_mixed_content_display_upgrade.html
@@ -8,7 +8,7 @@
 <body>
    <!--upgradeable resources--->
   <img id="some-img" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/pass.png" width="100px">
-  <video id="some-video" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.ogv" width="100px">
+  <video id="some-video" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.webm" width="100px">
   <audio id="some-audio" src="http://test1.example.com/browser/dom/security/test/mixedcontentblocker/test.wav" width="100px">
 </body>
 </html>
diff --git a/dom/security/test/mixedcontentblocker/file_server.sjs b/dom/security/test/mixedcontentblocker/file_server.sjs
index 4f86c282ee..90034dad3f 100644
--- a/dom/security/test/mixedcontentblocker/file_server.sjs
+++ b/dom/security/test/mixedcontentblocker/file_server.sjs
@@ -96,8 +96,8 @@ function handleRequest(request, response) {
       break;
 
     case "media":
-      response.setHeader("Content-Type", "video/ogg", false);
-      response.write(loadContentFromFile("tests/dom/media/test/320x240.ogv"));
+      response.setHeader("Content-Type", "video/webm", false);
+      response.write(loadContentFromFile("tests/dom/media/test/vp9.webm"));
       break;
 
     case "iframe":
diff --git a/dom/security/test/mixedcontentblocker/mochitest.toml b/dom/security/test/mixedcontentblocker/mochitest.toml
index 17d8cb4608..cf1d4827a0 100644
--- a/dom/security/test/mixedcontentblocker/mochitest.toml
+++ b/dom/security/test/mixedcontentblocker/mochitest.toml
@@ -16,7 +16,9 @@ support-files = [
   "file_main_bug803225.html",
   "file_main_bug803225_websocket_wsh.py",
   "file_server.sjs",
-  "!/dom/media/test/320x240.ogv",
+  "!/dom/media/test/vp9.webm",
+  "test.webm",
+  "test.wav",
   "!/image/test/mochitest/blue.png",
   "file_redirect.html",
   "file_redirect_handler.sjs",
diff --git a/dom/security/test/mixedcontentblocker/test.ogv b/dom/security/test/mixedcontentblocker/test.ogv
deleted file mode 100644
index 0f83996e5d..0000000000
Binary files a/dom/security/test/mixedcontentblocker/test.ogv and /dev/null differ
diff --git a/dom/security/test/mixedcontentblocker/test.webm b/dom/security/test/mixedcontentblocker/test.webm
new file mode 100644
index 0000000000..221877e303
Binary files /dev/null and b/dom/security/test/mixedcontentblocker/test.webm differ
diff --git a/dom/security/test/referrer-policy/browser.toml b/dom/security/test/referrer-policy/browser.toml
index a77046c85b..ba571fec81 100644
--- a/dom/security/test/referrer-policy/browser.toml
+++ b/dom/security/test/referrer-policy/browser.toml
@@ -1,9 +1,10 @@
 [DEFAULT]
 support-files = ["referrer_page.sjs"]
 
-["browser_session_history.js"]
-support-files = ["file_session_history.sjs"]
-
 ["browser_referrer_disallow_cross_site_relaxing.js"]
+skip-if = ["asan"] # too slow
 
 ["browser_referrer_telemetry.js"]
+
+["browser_session_history.js"]
+support-files = ["file_session_history.sjs"]
diff --git a/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js b/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
index 7f8df7b34b..84e79af3ef 100644
--- a/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
+++ b/dom/security/test/referrer-policy/browser_referrer_disallow_cross_site_relaxing.js
@@ -191,6 +191,8 @@ add_setup(async function () {
     set: [
       // Disable mixed content blocking to be able to test downgrade scenario.
       ["security.mixed_content.block_active_content", false],
+      // Disable https-first since we are testing http and https referrers
+      ["dom.security.https_first", false],
     ],
   });
 });
-- 
cgit v1.2.3