From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- netwerk/test/browser/103_preload.html | 6 + netwerk/test/browser/103_preload.html^headers^ | 1 + .../103_preload.html^informationalResponse^ | 2 + netwerk/test/browser/103_preload_anchor.html | 6 + .../test/browser/103_preload_anchor.html^headers^ | 1 + .../103_preload_anchor.html^informationalResponse^ | 2 + netwerk/test/browser/103_preload_and_404.html | 6 + .../test/browser/103_preload_and_404.html^headers^ | 1 + ...103_preload_and_404.html^informationalResponse^ | 2 + .../test/browser/103_preload_csp_imgsrc_none.html | 6 + .../103_preload_csp_imgsrc_none.html^headers^ | 2 + ...oad_csp_imgsrc_none.html^informationalResponse^ | 2 + netwerk/test/browser/103_preload_iframe.html | 6 + .../test/browser/103_preload_iframe.html^headers^ | 1 + netwerk/test/browser/auth_post.sjs | 37 + netwerk/test/browser/browser.toml | 188 + netwerk/test/browser/browser_103_assets.js | 169 + .../test/browser/browser_103_assets_extension.js | 78 + netwerk/test/browser/browser_103_cleanup.js | 47 + netwerk/test/browser/browser_103_csp.js | 86 + netwerk/test/browser/browser_103_csp_images.js | 170 + netwerk/test/browser/browser_103_csp_styles.js | 86 + netwerk/test/browser/browser_103_error.js | 121 + .../test/browser/browser_103_no_cancel_on_error.js | 67 + netwerk/test/browser/browser_103_preconnect.js | 71 + netwerk/test/browser/browser_103_preload.js | 138 + netwerk/test/browser/browser_103_preload_2.js | 180 + netwerk/test/browser/browser_103_private_window.js | 70 + netwerk/test/browser/browser_103_redirect.js | 52 + .../browser/browser_103_redirect_from_server.js | 321 + .../test/browser/browser_103_referrer_policy.js | 167 + netwerk/test/browser/browser_103_telemetry.js | 107 + netwerk/test/browser/browser_103_user_load.js | 85 + netwerk/test/browser/browser_NetUtil.js | 111 + netwerk/test/browser/browser_about_cache.js | 136 + .../browser_backgroundtask_purgeHTTPCache.js | 40 + netwerk/test/browser/browser_bug1535877.js | 15 + netwerk/test/browser/browser_bug1629307.js | 81 + netwerk/test/browser/browser_child_resource.js | 246 + .../test/browser/browser_cookie_filtering_basic.js | 184 + .../browser_cookie_filtering_cross_origin.js | 146 + .../browser/browser_cookie_filtering_insecure.js | 106 + .../test/browser/browser_cookie_filtering_oa.js | 190 + .../browser/browser_cookie_filtering_subdomain.js | 175 + .../browser/browser_cookie_sync_across_tabs.js | 79 + netwerk/test/browser/browser_fetch_lnk.js | 23 + netwerk/test/browser/browser_http_index_format.js | 48 + .../browser/browser_nsIFormPOSTActionChannel.js | 273 + netwerk/test/browser/browser_post_auth.js | 65 + netwerk/test/browser/browser_post_file.js | 71 + .../test/browser/browser_purgeCache_idle_daily.js | 86 + .../test/browser/browser_resource_navigation.js | 76 + .../browser_speculative_connection_link_header.js | 57 + .../browser/browser_test_data_channel_observer.js | 35 + netwerk/test/browser/browser_test_favicon.js | 26 + netwerk/test/browser/browser_test_io_activity.js | 50 + netwerk/test/browser/browser_test_offline_tab.js | 36 + .../test/browser/cookie_filtering_helper.sys.mjs | 166 + netwerk/test/browser/cookie_filtering_resource.sjs | 35 + .../cookie_filtering_secure_resource_com.html | 6 + ...kie_filtering_secure_resource_com.html^headers^ | 2 + .../cookie_filtering_secure_resource_org.html | 6 + ...kie_filtering_secure_resource_org.html^headers^ | 2 + netwerk/test/browser/cookie_filtering_square.png | 0 .../browser/cookie_filtering_square.png^headers^ | 2 + netwerk/test/browser/damonbowling.jpg | Bin 0 -> 44008 bytes netwerk/test/browser/damonbowling.jpg^headers^ | 2 + netwerk/test/browser/dummy.html | 11 + netwerk/test/browser/early_hint_asset.sjs | 50 + netwerk/test/browser/early_hint_asset_html.sjs | 135 + .../test/browser/early_hint_csp_options_html.sjs | 120 + netwerk/test/browser/early_hint_error.sjs | 35 + netwerk/test/browser/early_hint_main_html.sjs | 62 + netwerk/test/browser/early_hint_main_redirect.sjs | 67 + netwerk/test/browser/early_hint_pixel.sjs | 37 + netwerk/test/browser/early_hint_pixel_count.sjs | 9 + .../test/browser/early_hint_preconnect_html.sjs | 32 + .../browser/early_hint_preload_test_helper.sys.mjs | 159 + netwerk/test/browser/early_hint_redirect.sjs | 21 + netwerk/test/browser/early_hint_redirect_html.sjs | 24 + .../browser/early_hint_referrer_policy_html.sjs | 132 + netwerk/test/browser/file_favicon.html | 7 + netwerk/test/browser/file_link_header.sjs | 24 + netwerk/test/browser/file_lnk.lnk | Bin 0 -> 1531 bytes netwerk/test/browser/ioactivity.html | 11 + netwerk/test/browser/no_103_preload.html | 6 + netwerk/test/browser/no_103_preload.html^headers^ | 1 + netwerk/test/browser/post.html | 14 + netwerk/test/browser/redirect.sjs | 6 + netwerk/test/browser/res.css | 4 + netwerk/test/browser/res.css^headers^ | 1 + netwerk/test/browser/res.csv | 1 + netwerk/test/browser/res.csv^headers^ | 1 + netwerk/test/browser/res.mp3 | Bin 0 -> 3530 bytes netwerk/test/browser/res.unknown | 1 + netwerk/test/browser/res_206.html | 11 + netwerk/test/browser/res_206.html^headers^ | 2 + netwerk/test/browser/res_206.mp3 | Bin 0 -> 3530 bytes netwerk/test/browser/res_206.mp3^headers^ | 1 + netwerk/test/browser/res_empty.zip | Bin 0 -> 166 bytes netwerk/test/browser/res_http_index_format | 1 + .../test/browser/res_http_index_format^headers^ | 1 + netwerk/test/browser/res_img.png | Bin 0 -> 129497 bytes netwerk/test/browser/res_img_for_unknown_decoder | Bin 0 -> 4421 bytes .../browser/res_img_for_unknown_decoder^headers^ | 2 + netwerk/test/browser/res_img_unknown.png | 11 + netwerk/test/browser/res_invalid_partial.mp3 | Bin 0 -> 3530 bytes .../test/browser/res_invalid_partial.mp3^headers^ | 2 + netwerk/test/browser/res_nosniff.html | 11 + netwerk/test/browser/res_nosniff.html^headers^ | 2 + netwerk/test/browser/res_nosniff2.html | 11 + netwerk/test/browser/res_nosniff2.html^headers^ | 2 + netwerk/test/browser/res_not_200or206.mp3 | Bin 0 -> 3530 bytes netwerk/test/browser/res_not_200or206.mp3^headers^ | 1 + netwerk/test/browser/res_not_ok.html | 11 + netwerk/test/browser/res_not_ok.html^headers^ | 1 + netwerk/test/browser/res_object.html | 18 + netwerk/test/browser/res_sub_document.html | 11 + netwerk/test/browser/square.png | 0 netwerk/test/browser/test_1629307.html | 9 + netwerk/test/browser/x_frame_options.html | 0 netwerk/test/browser/x_frame_options.html^headers^ | 3 + netwerk/test/crashtests/1274044-1.html | 7 + netwerk/test/crashtests/1334468-1.html | 25 + netwerk/test/crashtests/1399467-1.html | 1 + netwerk/test/crashtests/1787122.html | 15 + netwerk/test/crashtests/1793521.html | 1 + netwerk/test/crashtests/675518.html | 21 + netwerk/test/crashtests/785753-1.html | 253 + netwerk/test/crashtests/785753-2.html | 3 + netwerk/test/crashtests/crashtests.list | 8 + netwerk/test/fuzz/FuzzingStreamListener.cpp | 44 + netwerk/test/fuzz/FuzzingStreamListener.h | 37 + netwerk/test/fuzz/TestHttpFuzzing.cpp | 297 + netwerk/test/fuzz/TestJARFuzzing.cpp | 187 + netwerk/test/fuzz/TestURIFuzzing.cpp | 238 + netwerk/test/fuzz/TestWebsocketFuzzing.cpp | 229 + netwerk/test/fuzz/moz.build | 32 + netwerk/test/fuzz/url_tokens.dict | 51 + netwerk/test/gtest/TestBase64Stream.cpp | 123 + netwerk/test/gtest/TestBind.cpp | 187 + netwerk/test/gtest/TestBufferedInputStream.cpp | 252 + netwerk/test/gtest/TestCommon.cpp | 7 + netwerk/test/gtest/TestCommon.h | 45 + netwerk/test/gtest/TestCookie.cpp | 1126 +++ netwerk/test/gtest/TestDNSPacket.cpp | 69 + netwerk/test/gtest/TestHeaders.cpp | 29 + netwerk/test/gtest/TestHttpAtom.cpp | 39 + netwerk/test/gtest/TestHttpAuthUtils.cpp | 43 + netwerk/test/gtest/TestHttpChannel.cpp | 135 + netwerk/test/gtest/TestHttpResponseHead.cpp | 183 + netwerk/test/gtest/TestInputStreamTransport.cpp | 204 + netwerk/test/gtest/TestIsValidIp.cpp | 178 + netwerk/test/gtest/TestLinkHeader.cpp | 356 + netwerk/test/gtest/TestMIMEInputStream.cpp | 268 + netwerk/test/gtest/TestMozURL.cpp | 392 + netwerk/test/gtest/TestNamedPipeService.cpp | 281 + .../test/gtest/TestNetworkLinkIdHashingDarwin.cpp | 93 + .../test/gtest/TestNetworkLinkIdHashingWindows.cpp | 88 + netwerk/test/gtest/TestPACMan.cpp | 246 + netwerk/test/gtest/TestProtocolProxyService.cpp | 164 + netwerk/test/gtest/TestReadStreamToString.cpp | 190 + netwerk/test/gtest/TestSSLTokensCache.cpp | 154 + netwerk/test/gtest/TestServerTimingHeader.cpp | 238 + netwerk/test/gtest/TestSocketTransportService.cpp | 164 + netwerk/test/gtest/TestStandardURL.cpp | 441 + netwerk/test/gtest/TestUDPSocket.cpp | 410 + netwerk/test/gtest/TestURIMutator.cpp | 163 + netwerk/test/gtest/moz.build | 80 + netwerk/test/gtest/urltestdata-orig.json | 6148 +++++++++++++ netwerk/test/gtest/urltestdata.json | 9050 ++++++++++++++++++++ netwerk/test/http3server/Cargo.toml | 35 + netwerk/test/http3server/moz.build | 18 + netwerk/test/http3server/src/main.rs | 1386 +++ netwerk/test/http3serverDB/cert9.db | Bin 0 -> 229376 bytes netwerk/test/http3serverDB/key4.db | Bin 0 -> 294912 bytes netwerk/test/http3serverDB/pkcs11.txt | 4 + netwerk/test/httpserver/README | 101 + netwerk/test/httpserver/TODO | 17 + netwerk/test/httpserver/httpd.sys.mjs | 5576 ++++++++++++ netwerk/test/httpserver/moz.build | 21 + netwerk/test/httpserver/nsIHttpServer.idl | 649 ++ .../test/data/cern_meta/caret_test.txt^^ | 1 + .../test/data/cern_meta/caret_test.txt^^headers^ | 3 + .../httpserver/test/data/cern_meta/test_both.html | 2 + .../test/data/cern_meta/test_both.html^headers^ | 2 + .../test/data/cern_meta/test_ctype_override.txt | 9 + .../cern_meta/test_ctype_override.txt^headers^ | 1 + .../test/data/cern_meta/test_status_override.html | 9 + .../cern_meta/test_status_override.html^headers^ | 1 + .../data/cern_meta/test_status_override_nodesc.txt | 1 + .../test_status_override_nodesc.txt^headers^ | 1 + .../httpserver/test/data/name-scheme/bar.html^^ | 10 + .../test/data/name-scheme/bar.html^^headers^ | 2 + .../name-scheme/folder^^/ERROR_IF_SEE_THIS.txt^ | 1 + .../name-scheme/folder^^/SHOULD_SEE_THIS.txt^^ | 1 + .../test/data/name-scheme/folder^^/file.txt | 2 + .../httpserver/test/data/name-scheme/foo.html^ | 9 + .../test/data/name-scheme/normal-file.txt | 1 + netwerk/test/httpserver/test/data/ranges/empty.txt | 0 .../test/httpserver/test/data/ranges/headers.txt | 1 + .../test/data/ranges/headers.txt^headers^ | 1 + netwerk/test/httpserver/test/data/ranges/range.txt | 1 + netwerk/test/httpserver/test/data/sjs/cgi.sjs | 8 + .../test/httpserver/test/data/sjs/cgi.sjs^headers^ | 2 + .../test/httpserver/test/data/sjs/object-state.sjs | 74 + netwerk/test/httpserver/test/data/sjs/qi.sjs | 45 + .../httpserver/test/data/sjs/range-checker.sjs | 1 + netwerk/test/httpserver/test/data/sjs/sjs | 4 + netwerk/test/httpserver/test/data/sjs/state1.sjs | 38 + netwerk/test/httpserver/test/data/sjs/state2.sjs | 38 + netwerk/test/httpserver/test/data/sjs/thrower.sjs | 6 + netwerk/test/httpserver/test/head_utils.js | 605 ++ .../httpserver/test/test_async_response_sending.js | 1661 ++++ .../httpserver/test/test_basic_functionality.js | 182 + netwerk/test/httpserver/test/test_body_length.js | 68 + netwerk/test/httpserver/test/test_byte_range.js | 272 + netwerk/test/httpserver/test/test_cern_meta.js | 79 + .../httpserver/test/test_default_index_handler.js | 248 + netwerk/test/httpserver/test/test_empty_body.js | 59 + .../httpserver/test/test_errorhandler_exception.js | 95 + netwerk/test/httpserver/test/test_header_array.js | 66 + netwerk/test/httpserver/test/test_headers.js | 169 + netwerk/test/httpserver/test/test_host.js | 608 ++ netwerk/test/httpserver/test/test_host_identity.js | 115 + netwerk/test/httpserver/test/test_linedata.js | 22 + netwerk/test/httpserver/test/test_load_module.js | 18 + netwerk/test/httpserver/test/test_name_scheme.js | 91 + netwerk/test/httpserver/test/test_processasync.js | 272 + netwerk/test/httpserver/test/test_qi.js | 107 + .../test/httpserver/test/test_registerdirectory.js | 278 + netwerk/test/httpserver/test/test_registerfile.js | 44 + .../test/httpserver/test/test_registerprefix.js | 130 + .../test/test_request_line_split_in_two_packets.js | 137 + .../test/httpserver/test/test_response_write.js | 57 + netwerk/test/httpserver/test/test_seizepower.js | 180 + .../test/httpserver/test/test_setindexhandler.js | 60 + netwerk/test/httpserver/test/test_setstatusline.js | 142 + netwerk/test/httpserver/test/test_sjs.js | 243 + .../test/httpserver/test/test_sjs_object_state.js | 305 + netwerk/test/httpserver/test/test_sjs_state.js | 203 + .../test/test_sjs_throwing_exceptions.js | 73 + netwerk/test/httpserver/test/test_start_stop.js | 166 + .../test/httpserver/test/test_start_stop_ipv6.js | 166 + netwerk/test/httpserver/test/xpcshell.toml | 68 + netwerk/test/marionette/manifest.toml | 3 + .../test_purge_http_cache_at_shutdown.py | 125 + netwerk/test/mochitests/beltzner.jpg | Bin 0 -> 9995 bytes netwerk/test/mochitests/beltzner.jpg^headers^ | 3 + netwerk/test/mochitests/empty.html | 16 + netwerk/test/mochitests/file_1331680.js | 24 + netwerk/test/mochitests/file_1502055.sjs | 17 + netwerk/test/mochitests/file_1503201.sjs | 4 + netwerk/test/mochitests/file_chromecommon.js | 15 + .../file_documentcookie_maxage_chromescript.js | 45 + .../mochitests/file_domain_hierarchy_inner.html | 13 + .../file_domain_hierarchy_inner.html^headers^ | 4 + .../file_domain_hierarchy_inner_inner.html | 13 + ...file_domain_hierarchy_inner_inner.html^headers^ | 4 + .../file_domain_hierarchy_inner_inner_inner.html | 13 + ...omain_hierarchy_inner_inner_inner.html^headers^ | 1 + netwerk/test/mochitests/file_domain_inner.html | 13 + .../mochitests/file_domain_inner.html^headers^ | 4 + .../test/mochitests/file_domain_inner_inner.html | 13 + .../file_domain_inner_inner.html^headers^ | 4 + .../mochitests/file_iframe_allow_same_origin.html | 8 + .../test/mochitests/file_iframe_allow_scripts.html | 6 + netwerk/test/mochitests/file_image_inner.html | 14 + .../test/mochitests/file_image_inner.html^headers^ | 4 + .../test/mochitests/file_image_inner_inner.html | 19 + .../file_image_inner_inner.html^headers^ | 4 + netwerk/test/mochitests/file_lnk.lnk | Bin 0 -> 1531 bytes netwerk/test/mochitests/file_loadflags_inner.html | 16 + .../mochitests/file_loadflags_inner.html^headers^ | 4 + .../mochitests/file_loadinfo_redirectchain.sjs | 109 + netwerk/test/mochitests/file_localhost_inner.html | 13 + .../mochitests/file_localhost_inner.html^headers^ | 4 + netwerk/test/mochitests/file_loopback_inner.html | 13 + .../mochitests/file_loopback_inner.html^headers^ | 4 + netwerk/test/mochitests/file_subdomain_inner.html | 13 + .../mochitests/file_subdomain_inner.html^headers^ | 4 + netwerk/test/mochitests/file_testcommon.js | 84 + netwerk/test/mochitests/file_testloadflags.js | 130 + .../mochitests/file_testloadflags_chromescript.js | 144 + netwerk/test/mochitests/iframe_1502055.html | 33 + netwerk/test/mochitests/image1.png | Bin 0 -> 821 bytes netwerk/test/mochitests/image1.png^headers^ | 3 + netwerk/test/mochitests/image2.png | Bin 0 -> 821 bytes netwerk/test/mochitests/image2.png^headers^ | 3 + netwerk/test/mochitests/method.sjs | 9 + netwerk/test/mochitests/mochitest.toml | 217 + netwerk/test/mochitests/origin_header.sjs | 10 + .../test/mochitests/origin_header_form_post.html | 19 + .../origin_header_form_post_xorigin.html | 19 + netwerk/test/mochitests/partial_content.sjs | 193 + netwerk/test/mochitests/redirect.sjs | 4 + netwerk/test/mochitests/redirect_idn.html | 0 netwerk/test/mochitests/redirect_idn.html^headers^ | 3 + netwerk/test/mochitests/redirect_to.sjs | 4 + netwerk/test/mochitests/rel_preconnect.sjs | 17 + netwerk/test/mochitests/reset_cookie_xhr.sjs | 15 + netwerk/test/mochitests/set_cookie_xhr.sjs | 15 + .../test/mochitests/signed_web_packaged_app.sjs | 73 + netwerk/test/mochitests/subResources.sjs | 78 + netwerk/test/mochitests/sw_1502055.js | 1 + netwerk/test/mochitests/test1.css | 2 + netwerk/test/mochitests/test1.css^headers^ | 3 + netwerk/test/mochitests/test2.css | 2 + netwerk/test/mochitests/test2.css^headers^ | 3 + netwerk/test/mochitests/test_1331680.html | 87 + netwerk/test/mochitests/test_1331680_iframe.html | 68 + netwerk/test/mochitests/test_1331680_xhr.html | 90 + netwerk/test/mochitests/test_1396395.html | 48 + netwerk/test/mochitests/test_1421324.html | 88 + netwerk/test/mochitests/test_1425031.html | 74 + netwerk/test/mochitests/test_1502055.html | 49 + netwerk/test/mochitests/test_1503201.html | 28 + netwerk/test/mochitests/test_accept_header.html | 87 + netwerk/test/mochitests/test_accept_header.sjs | 62 + .../mochitests/test_arraybufferinputstream.html | 89 + .../test_arraybufferinputstream_large.html | 45 + .../test_different_domain_in_hierarchy.html | 15 + netwerk/test/mochitests/test_differentdomain.html | 15 + .../mochitests/test_documentcookies_maxage.html | 149 + netwerk/test/mochitests/test_fetch_lnk.html | 17 + netwerk/test/mochitests/test_idn_redirect.html | 35 + netwerk/test/mochitests/test_image.html | 14 + netwerk/test/mochitests/test_loadflags.html | 21 + .../mochitests/test_loadinfo_redirectchain.html | 269 + netwerk/test/mochitests/test_origin_header.html | 398 + .../mochitests/test_partially_cached_content.html | 95 + netwerk/test/mochitests/test_redirect_ref.html | 29 + netwerk/test/mochitests/test_rel_preconnect.html | 61 + netwerk/test/mochitests/test_same_base_domain.html | 15 + .../test/mochitests/test_same_base_domain_2.html | 15 + .../test/mochitests/test_same_base_domain_3.html | 15 + .../test/mochitests/test_same_base_domain_4.html | 15 + .../test/mochitests/test_same_base_domain_5.html | 15 + .../test/mochitests/test_same_base_domain_6.html | 26 + netwerk/test/mochitests/test_samedomain.html | 15 + netwerk/test/mochitests/test_uri_scheme.html | 50 + netwerk/test/mochitests/test_url_perf.html | 75 + .../mochitests/test_viewsource_unlinkable.html | 25 + netwerk/test/mochitests/test_xhr_method_case.html | 65 + netwerk/test/mochitests/web_packaged_app.sjs | 47 + netwerk/test/moz.build | 33 + netwerk/test/perf/.eslintrc.js | 12 + netwerk/test/perf/hooks_throttling.py | 202 + netwerk/test/perf/perftest.toml | 17 + netwerk/test/perf/perftest_http3_cloudflareblog.js | 56 + netwerk/test/perf/perftest_http3_controlled.js | 32 + .../test/perf/perftest_http3_facebook_scroll.js | 165 + netwerk/test/perf/perftest_http3_google_image.js | 190 + netwerk/test/perf/perftest_http3_google_search.js | 73 + netwerk/test/perf/perftest_http3_lucasquicfetch.js | 134 + netwerk/test/perf/perftest_http3_youtube_watch.js | 74 + .../perf/perftest_http3_youtube_watch_scroll.js | 86 + netwerk/test/reftest/658949-1-ref.html | 1 + netwerk/test/reftest/658949-1.html | 1 + netwerk/test/reftest/bug565432-1-ref.html | 11 + netwerk/test/reftest/bug565432-1.html | 17 + netwerk/test/reftest/reftest.list | 2 + netwerk/test/unit/client-cert.p12 | Bin 0 -> 2333 bytes netwerk/test/unit/client-cert.p12.pkcs12spec | 3 + netwerk/test/unit/data/cookies_v10.sqlite | Bin 0 -> 131072 bytes netwerk/test/unit/data/image.png | Bin 0 -> 102591 bytes netwerk/test/unit/data/signed_win.exe | Bin 0 -> 61064 bytes netwerk/test/unit/data/system_root.lnk | Bin 0 -> 1677 bytes netwerk/test/unit/data/test_psl.txt | 98 + netwerk/test/unit/data/test_readline1.txt | 0 netwerk/test/unit/data/test_readline2.txt | 1 + netwerk/test/unit/data/test_readline3.txt | 3 + netwerk/test/unit/data/test_readline4.txt | 3 + netwerk/test/unit/data/test_readline5.txt | 1 + netwerk/test/unit/data/test_readline6.txt | 1 + netwerk/test/unit/data/test_readline7.txt | 2 + netwerk/test/unit/data/test_readline8.txt | 1 + netwerk/test/unit/head_cache.js | 137 + netwerk/test/unit/head_cache2.js | 429 + netwerk/test/unit/head_channels.js | 527 ++ netwerk/test/unit/head_cookies.js | 1062 +++ netwerk/test/unit/head_http3.js | 105 + netwerk/test/unit/head_servers.js | 925 ++ netwerk/test/unit/head_telemetry.js | 171 + netwerk/test/unit/head_trr.js | 550 ++ netwerk/test/unit/head_websocket.js | 71 + netwerk/test/unit/head_webtransport.js | 134 + netwerk/test/unit/http2-ca.pem | 18 + netwerk/test/unit/http2-ca.pem.certspec | 4 + netwerk/test/unit/http2_test_common.js | 1504 ++++ .../unit/node_execute/test_node_execute_loop.js | 22 + netwerk/test/unit/node_execute/xpcshell.toml | 5 + netwerk/test/unit/perftest.toml | 3 + netwerk/test/unit/proxy-ca.pem | 18 + netwerk/test/unit/proxy-ca.pem.certspec | 4 + netwerk/test/unit/socks_client_subprocess.js | 94 + netwerk/test/unit/test_1073747.js | 42 + netwerk/test/unit/test_304_headers.js | 91 + netwerk/test/unit/test_304_responses.js | 92 + netwerk/test/unit/test_307_redirect.js | 95 + netwerk/test/unit/test_421.js | 65 + netwerk/test/unit/test_MIME_params.js | 798 ++ netwerk/test/unit/test_NetUtil.js | 804 ++ netwerk/test/unit/test_SuperfluousAuth.js | 101 + netwerk/test/unit/test_URIs.js | 996 +++ netwerk/test/unit/test_URIs2.js | 881 ++ netwerk/test/unit/test_XHR_redirects.js | 275 + netwerk/test/unit/test_about_networking.js | 120 + netwerk/test/unit/test_about_protocol.js | 49 + netwerk/test/unit/test_aboutblank.js | 32 + netwerk/test/unit/test_addr_in_use_error.js | 36 + netwerk/test/unit/test_alt-data_closeWithStatus.js | 184 + netwerk/test/unit/test_alt-data_cross_process.js | 153 + netwerk/test/unit/test_alt-data_overwrite.js | 209 + netwerk/test/unit/test_alt-data_simple.js | 212 + netwerk/test/unit/test_alt-data_stream.js | 163 + netwerk/test/unit/test_alt-data_too_big.js | 113 + netwerk/test/unit/test_altsvc.js | 597 ++ netwerk/test/unit/test_altsvc_http3.js | 494 ++ netwerk/test/unit/test_altsvc_pref.js | 136 + netwerk/test/unit/test_anonymous-coalescing.js | 179 + netwerk/test/unit/test_auth_dialog_permission.js | 280 + netwerk/test/unit/test_auth_jar.js | 92 + netwerk/test/unit/test_auth_multiple.js | 464 + netwerk/test/unit/test_auth_proxy.js | 463 + netwerk/test/unit/test_authentication.js | 1400 +++ netwerk/test/unit/test_authpromptwrapper.js | 207 + netwerk/test/unit/test_backgroundfilesaver.js | 761 ++ netwerk/test/unit/test_be_conservative.js | 256 + .../unit/test_be_conservative_error_handling.js | 216 + netwerk/test/unit/test_bhttp.js | 220 + netwerk/test/unit/test_blob_channelname.js | 42 + netwerk/test/unit/test_brotli_decoding.js | 128 + netwerk/test/unit/test_brotli_http.js | 122 + .../test/unit/test_brotli_unknown_content_type.js | 74 + netwerk/test/unit/test_bug1064258.js | 144 + netwerk/test/unit/test_bug1177909.js | 251 + netwerk/test/unit/test_bug1195415.js | 116 + netwerk/test/unit/test_bug1218029.js | 116 + netwerk/test/unit/test_bug1279246.js | 100 + netwerk/test/unit/test_bug1312774_http1.js | 149 + netwerk/test/unit/test_bug1312782_http1.js | 197 + netwerk/test/unit/test_bug1355539_http1.js | 206 + netwerk/test/unit/test_bug1378385_http1.js | 198 + netwerk/test/unit/test_bug1411316_http1.js | 116 + netwerk/test/unit/test_bug1527293.js | 94 + netwerk/test/unit/test_bug1683176.js | 91 + netwerk/test/unit/test_bug1725766.js | 85 + netwerk/test/unit/test_bug203271.js | 249 + netwerk/test/unit/test_bug248970_cache.js | 144 + netwerk/test/unit/test_bug248970_cookie.js | 148 + netwerk/test/unit/test_bug261425.js | 29 + netwerk/test/unit/test_bug263127.js | 58 + netwerk/test/unit/test_bug282432.js | 37 + netwerk/test/unit/test_bug321706.js | 10 + netwerk/test/unit/test_bug331825.js | 43 + netwerk/test/unit/test_bug336501.js | 26 + netwerk/test/unit/test_bug337744.js | 126 + netwerk/test/unit/test_bug368702.js | 147 + netwerk/test/unit/test_bug369787.js | 73 + netwerk/test/unit/test_bug371473.js | 36 + netwerk/test/unit/test_bug376844.js | 19 + netwerk/test/unit/test_bug376865.js | 23 + netwerk/test/unit/test_bug379034.js | 19 + netwerk/test/unit/test_bug380994.js | 24 + netwerk/test/unit/test_bug388281.js | 25 + netwerk/test/unit/test_bug396389.js | 63 + netwerk/test/unit/test_bug401564.js | 42 + netwerk/test/unit/test_bug411952.js | 53 + netwerk/test/unit/test_bug412457.js | 79 + netwerk/test/unit/test_bug412945.js | 44 + netwerk/test/unit/test_bug414122.js | 59 + netwerk/test/unit/test_bug427957.js | 100 + netwerk/test/unit/test_bug429347.js | 39 + netwerk/test/unit/test_bug455311.js | 128 + netwerk/test/unit/test_bug464591.js | 94 + netwerk/test/unit/test_bug468426.js | 131 + netwerk/test/unit/test_bug468594.js | 178 + netwerk/test/unit/test_bug470716.js | 171 + netwerk/test/unit/test_bug477578.js | 51 + netwerk/test/unit/test_bug479413.js | 48 + netwerk/test/unit/test_bug479485.js | 65 + netwerk/test/unit/test_bug482601.js | 264 + netwerk/test/unit/test_bug482934.js | 190 + netwerk/test/unit/test_bug490095.js | 160 + netwerk/test/unit/test_bug504014.js | 72 + netwerk/test/unit/test_bug510359.js | 104 + netwerk/test/unit/test_bug526789.js | 289 + netwerk/test/unit/test_bug528292.js | 87 + .../unit/test_bug536324_64bit_content_length.js | 66 + netwerk/test/unit/test_bug540566.js | 24 + netwerk/test/unit/test_bug553970.js | 50 + netwerk/test/unit/test_bug561042.js | 44 + netwerk/test/unit/test_bug561276.js | 66 + netwerk/test/unit/test_bug580508.js | 31 + netwerk/test/unit/test_bug586908.js | 103 + netwerk/test/unit/test_bug596443.js | 117 + netwerk/test/unit/test_bug618835.js | 124 + netwerk/test/unit/test_bug633743.js | 195 + netwerk/test/unit/test_bug650522.js | 35 + netwerk/test/unit/test_bug650995.js | 187 + netwerk/test/unit/test_bug652761.js | 19 + netwerk/test/unit/test_bug654926.js | 91 + netwerk/test/unit/test_bug654926_doom_and_read.js | 82 + netwerk/test/unit/test_bug654926_test_seek.js | 76 + netwerk/test/unit/test_bug659569.js | 60 + netwerk/test/unit/test_bug660066.js | 53 + netwerk/test/unit/test_bug667087.js | 33 + netwerk/test/unit/test_bug667818.js | 49 + netwerk/test/unit/test_bug667907.js | 88 + netwerk/test/unit/test_bug669001.js | 178 + netwerk/test/unit/test_bug770243.js | 246 + netwerk/test/unit/test_bug812167.js | 143 + netwerk/test/unit/test_bug826063.js | 88 + netwerk/test/unit/test_bug856978.js | 138 + netwerk/test/unit/test_bug894586.js | 135 + netwerk/test/unit/test_bug935499.js | 10 + netwerk/test/unit/test_cache-control_request.js | 448 + netwerk/test/unit/test_cache-entry-id.js | 220 + netwerk/test/unit/test_cache2-00-service-get.js | 15 + netwerk/test/unit/test_cache2-01-basic.js | 45 + .../test/unit/test_cache2-01a-basic-readonly.js | 45 + .../test/unit/test_cache2-01b-basic-datasize.js | 51 + .../unit/test_cache2-01c-basic-hasmeta-only.js | 45 + .../test/unit/test_cache2-01d-basic-not-wanted.js | 45 + .../unit/test_cache2-01e-basic-bypass-if-busy.js | 39 + .../unit/test_cache2-01f-basic-openTruncate.js | 24 + .../test/unit/test_cache2-02-open-non-existing.js | 45 + .../test_cache2-02b-open-non-existing-and-doom.js | 180 + .../test_cache2-03-oncacheentryavail-throws.js | 36 + .../test_cache2-04-oncacheentryavail-throws2x.js | 45 + netwerk/test/unit/test_cache2-05-visit.js | 113 + netwerk/test/unit/test_cache2-06-pb-mode.js | 50 + netwerk/test/unit/test_cache2-07-visit-memory.js | 123 + netwerk/test/unit/test_cache2-07a-open-memory.js | 81 + .../test_cache2-08-evict-disk-by-memory-storage.js | 25 + .../test/unit/test_cache2-09-evict-disk-by-uri.js | 32 + netwerk/test/unit/test_cache2-10-evict-direct.js | 29 + .../unit/test_cache2-10b-evict-direct-immediate.js | 21 + netwerk/test/unit/test_cache2-11-evict-memory.js | 89 + netwerk/test/unit/test_cache2-12-evict-disk.js | 81 + .../test/unit/test_cache2-13-evict-non-existing.js | 16 + .../test/unit/test_cache2-14-concurent-readers.js | 48 + .../test_cache2-14b-concurent-readers-complete.js | 76 + .../test/unit/test_cache2-15-conditional-304.js | 60 + .../test/unit/test_cache2-16-conditional-200.js | 76 + netwerk/test/unit/test_cache2-17-evict-all.js | 17 + netwerk/test/unit/test_cache2-18-not-valid.js | 38 + netwerk/test/unit/test_cache2-19-range-206.js | 65 + netwerk/test/unit/test_cache2-20-range-200.js | 72 + netwerk/test/unit/test_cache2-21-anon-storage.js | 52 + netwerk/test/unit/test_cache2-22-anon-visit.js | 43 + .../test/unit/test_cache2-23-read-over-chunk.js | 34 + netwerk/test/unit/test_cache2-24-exists.js | 43 + .../test/unit/test_cache2-25-chunk-memory-limit.js | 53 + .../unit/test_cache2-26-no-outputstream-open.js | 36 + .../test/unit/test_cache2-27-force-valid-for.js | 35 + .../test/unit/test_cache2-28-last-access-attrs.js | 46 + netwerk/test/unit/test_cache2-28a-OPEN_SECRETLY.js | 42 + ...9a-concurrent_read_resumable_entry_size_zero.js | 76 + ...oncurrent_read_non-resumable_entry_size_zero.js | 80 + ..._cache2-29c-concurrent_read_half-interrupted.js | 95 + ...ache2-29d-concurrent_read_half-corrupted-206.js | 95 + ...e2-29e-concurrent_read_half-non-206-response.js | 90 + netwerk/test/unit/test_cache2-30a-entry-pinning.js | 39 + .../unit/test_cache2-30b-pinning-storage-clear.js | 45 + .../unit/test_cache2-30c-pinning-deferred-doom.js | 185 + .../unit/test_cache2-30d-pinning-WasEvicted-API.js | 148 + netwerk/test/unit/test_cache2-31-visit-all.js | 88 + netwerk/test/unit/test_cache2-32-clear-origin.js | 69 + netwerk/test/unit/test_cache_204_response.js | 62 + netwerk/test/unit/test_cache_jar.js | 105 + netwerk/test/unit/test_cacheflags.js | 437 + netwerk/test/unit/test_captive_portal_service.js | 325 + netwerk/test/unit/test_cert_info.js | 162 + .../test/unit/test_cert_verification_failure.js | 66 + netwerk/test/unit/test_channel_close.js | 70 + netwerk/test/unit/test_channel_long_domain.js | 14 + netwerk/test/unit/test_channel_priority.js | 98 + netwerk/test/unit/test_chunked_responses.js | 180 + netwerk/test/unit/test_client_auth_with_proxy.js | 176 + .../unit/test_coaleasing_h2_and_h3_connection.js | 109 + netwerk/test/unit/test_compareURIs.js | 61 + netwerk/test/unit/test_compressappend.js | 99 + netwerk/test/unit/test_connection_based_auth.js | 91 + netwerk/test/unit/test_content_encoding_gzip.js | 163 + netwerk/test/unit/test_content_length_underrun.js | 295 + netwerk/test/unit/test_content_sniffer.js | 157 + netwerk/test/unit/test_cookie_blacklist.js | 43 + netwerk/test/unit/test_cookie_header.js | 112 + netwerk/test/unit/test_cookie_ipv6.js | 53 + .../test/unit/test_cookie_partitioned_attribute.js | 80 + netwerk/test/unit/test_cookiejars.js | 188 + netwerk/test/unit/test_cookiejars_safebrowsing.js | 231 + netwerk/test/unit/test_cookies_async_failure.js | 514 ++ .../test/unit/test_cookies_partition_counting.js | 183 + netwerk/test/unit/test_cookies_privatebrowsing.js | 132 + netwerk/test/unit/test_cookies_profile_close.js | 114 + netwerk/test/unit/test_cookies_purge_counting.js | 74 + .../unit/test_cookies_purge_counting_per_host.js | 81 + netwerk/test/unit/test_cookies_read.js | 119 + netwerk/test/unit/test_cookies_sync_failure.js | 344 + netwerk/test/unit/test_cookies_thirdparty.js | 164 + .../test/unit/test_cookies_thirdparty_session.js | 77 + netwerk/test/unit/test_cookies_upgrade_10.js | 61 + netwerk/test/unit/test_data_protocol.js | 90 + netwerk/test/unit/test_defaultURI.js | 186 + netwerk/test/unit/test_dns_by_type_resolve.js | 83 + netwerk/test/unit/test_dns_cancel.js | 119 + netwerk/test/unit/test_dns_disable_ipv4.js | 68 + netwerk/test/unit/test_dns_disable_ipv6.js | 51 + netwerk/test/unit/test_dns_disabled.js | 88 + netwerk/test/unit/test_dns_localredirect.js | 59 + netwerk/test/unit/test_dns_offline.js | 105 + netwerk/test/unit/test_dns_onion.js | 76 + netwerk/test/unit/test_dns_originAttributes.js | 93 + netwerk/test/unit/test_dns_override.js | 515 ++ .../test/unit/test_dns_override_for_localhost.js | 92 + netwerk/test/unit/test_dns_proxy_bypass.js | 95 + netwerk/test/unit/test_dns_retry.js | 319 + netwerk/test/unit/test_dns_service.js | 123 + netwerk/test/unit/test_domain_eviction.js | 182 + netwerk/test/unit/test_dooh.js | 354 + netwerk/test/unit/test_doomentry.js | 108 + netwerk/test/unit/test_duplicate_headers.js | 563 ++ netwerk/test/unit/test_early_hint_listener.js | 170 + .../test/unit/test_early_hint_listener_http2.js | 110 + netwerk/test/unit/test_ech_grease.js | 270 + netwerk/test/unit/test_event_sink.js | 183 + netwerk/test/unit/test_eviction.js | 252 + .../unit/test_extract_charset_from_content_type.js | 238 + netwerk/test/unit/test_file_protocol.js | 277 + netwerk/test/unit/test_filestreams.js | 300 + netwerk/test/unit/test_freshconnection.js | 30 + netwerk/test/unit/test_getHost.js | 65 + netwerk/test/unit/test_gio_protocol.js | 201 + netwerk/test/unit/test_gre_resources.js | 30 + netwerk/test/unit/test_h2proxy_connection_limit.js | 77 + netwerk/test/unit/test_head.js | 171 + .../unit/test_head_request_no_response_body.js | 78 + netwerk/test/unit/test_header_Accept-Language.js | 99 + .../test/unit/test_header_Accept-Language_case.js | 50 + netwerk/test/unit/test_header_Server_Timing.js | 64 + netwerk/test/unit/test_headers.js | 184 + netwerk/test/unit/test_hostnameIsLocalIPAddress.js | 37 + .../test/unit/test_hostnameIsSharedIPAddress.js | 17 + netwerk/test/unit/test_hpke_config_manager.js | 112 + netwerk/test/unit/test_http1-proxy.js | 231 + netwerk/test/unit/test_http2-proxy-failing.js | 174 + netwerk/test/unit/test_http2-proxy.js | 862 ++ netwerk/test/unit/test_http2.js | 481 ++ netwerk/test/unit/test_http2_with_proxy.js | 425 + netwerk/test/unit/test_http3.js | 571 ++ netwerk/test/unit/test_http3_0rtt.js | 96 + netwerk/test/unit/test_http3_421.js | 172 + netwerk/test/unit/test_http3_alt_svc.js | 136 + netwerk/test/unit/test_http3_coalescing.js | 113 + netwerk/test/unit/test_http3_direct_proxy.js | 54 + netwerk/test/unit/test_http3_dns_retry.js | 357 + .../test/unit/test_http3_early_hint_listener.js | 92 + .../test/unit/test_http3_error_before_connect.js | 109 + netwerk/test/unit/test_http3_fast_fallback.js | 908 ++ netwerk/test/unit/test_http3_fatal_stream_error.js | 135 + netwerk/test/unit/test_http3_large_post.js | 165 + .../test/unit/test_http3_large_post_telemetry.js | 151 + netwerk/test/unit/test_http3_perf.js | 262 + netwerk/test/unit/test_http3_prio_disabled.js | 106 + netwerk/test/unit/test_http3_prio_enabled.js | 108 + netwerk/test/unit/test_http3_prio_helpers.js | 121 + netwerk/test/unit/test_http3_server.js | 168 + .../test/unit/test_http3_server_not_existing.js | 109 + netwerk/test/unit/test_http3_trans_close.js | 84 + netwerk/test/unit/test_http3_version1.js | 93 + netwerk/test/unit/test_httpResponseTimeout.js | 162 + netwerk/test/unit/test_http_408_retry.js | 92 + netwerk/test/unit/test_http_headers.js | 75 + netwerk/test/unit/test_http_server_timing.js | 97 + netwerk/test/unit/test_http_sfv.js | 597 ++ netwerk/test/unit/test_httpauth.js | 204 + netwerk/test/unit/test_httpcancel.js | 261 + netwerk/test/unit/test_https_rr_ech_prefs.js | 535 ++ netwerk/test/unit/test_https_rr_sorted_alpn.js | 226 + netwerk/test/unit/test_httpssvc_ech_with_alpn.js | 246 + netwerk/test/unit/test_httpssvc_https_upgrade.js | 352 + netwerk/test/unit/test_httpssvc_iphint.js | 350 + netwerk/test/unit/test_httpssvc_priority.js | 125 + netwerk/test/unit/test_httpssvc_retry_with_ech.js | 511 ++ .../test/unit/test_httpssvc_retry_without_ech.js | 138 + netwerk/test/unit/test_httpsuspend.js | 86 + netwerk/test/unit/test_idn_blacklist.js | 168 + netwerk/test/unit/test_idn_spoof.js | 1052 +++ netwerk/test/unit/test_idn_urls.js | 436 + netwerk/test/unit/test_idna2008.js | 65 + netwerk/test/unit/test_idnservice.js | 39 + netwerk/test/unit/test_immutable.js | 206 + netwerk/test/unit/test_inhibit_caching.js | 94 + netwerk/test/unit/test_ioservice.js | 19 + netwerk/test/unit/test_large_port.js | 65 + netwerk/test/unit/test_link.desktop | 3 + netwerk/test/unit/test_link.lnk | Bin 0 -> 345 bytes netwerk/test/unit/test_link.url | 5 + netwerk/test/unit/test_loadgroup_cancel.js | 96 + netwerk/test/unit/test_localhost_offline.js | 77 + netwerk/test/unit/test_localstreams.js | 89 + netwerk/test/unit/test_mismatch_last-modified.js | 154 + netwerk/test/unit/test_mozTXTToHTMLConv.js | 394 + netwerk/test/unit/test_multipart_byteranges.js | 143 + .../unit/test_multipart_streamconv-byte-by-byte.js | 115 + netwerk/test/unit/test_multipart_streamconv.js | 100 + .../test/unit/test_multipart_streamconv_empty.js | 68 + ...part_streamconv_missing_boundary_lead_dashes.js | 92 + ...t_multipart_streamconv_missing_lead_boundary.js | 92 + netwerk/test/unit/test_nestedabout_serialize.js | 39 + netwerk/test/unit/test_net_addr.js | 216 + .../test/unit/test_network_connectivity_service.js | 215 + .../unit/test_networking_over_socket_process.js | 168 + .../unit/test_no_cookies_after_last_pb_exit.js | 135 + netwerk/test/unit/test_node_execute.js | 87 + netwerk/test/unit/test_nojsredir.js | 67 + ...non_ipv4_hostname_ending_in_number_cookie_db.js | 128 + ...test_nsIBufferedOutputStream_writeFrom_block.js | 193 + netwerk/test/unit/test_ntlm_authentication.js | 268 + netwerk/test/unit/test_ntlm_proxy_and_web_auth.js | 362 + netwerk/test/unit/test_ntlm_proxy_auth.js | 408 + netwerk/test/unit/test_ntlm_web_auth.js | 251 + netwerk/test/unit/test_oblivious_http.js | 206 + netwerk/test/unit/test_obs-fold.js | 75 + netwerk/test/unit/test_offline_status.js | 15 + netwerk/test/unit/test_ohttp.js | 41 + netwerk/test/unit/test_orb_empty_header.js | 83 + netwerk/test/unit/test_origin.js | 323 + .../test/unit/test_original_sent_received_head.js | 249 + .../unit/test_pac_reload_after_network_change.js | 75 + netwerk/test/unit/test_parse_content_type.js | 365 + ...est_partial_response_entry_size_smart_shrink.js | 106 + netwerk/test/unit/test_permmgr.js | 125 + netwerk/test/unit/test_ping_aboutnetworking.js | 103 + netwerk/test/unit/test_plaintext_sniff.js | 211 + netwerk/test/unit/test_port_remapping.js | 50 + netwerk/test/unit/test_post.js | 141 + netwerk/test/unit/test_predictor.js | 852 ++ netwerk/test/unit/test_private_cookie_changed.js | 44 + netwerk/test/unit/test_private_necko_channel.js | 60 + netwerk/test/unit/test_progress.js | 145 + .../test/unit/test_progress_no_proxy_and_proxy.js | 205 + .../test_protocolproxyservice-async-filters.js | 435 + netwerk/test/unit/test_protocolproxyservice.js | 1071 +++ netwerk/test/unit/test_proxy-failover_canceled.js | 57 + netwerk/test/unit/test_proxy-failover_passing.js | 45 + netwerk/test/unit/test_proxy-replace_canceled.js | 57 + netwerk/test/unit/test_proxy-replace_passing.js | 45 + netwerk/test/unit/test_proxy-slow-upload.js | 105 + netwerk/test/unit/test_proxy_cancel.js | 397 + netwerk/test/unit/test_proxy_pac.js | 126 + netwerk/test/unit/test_proxyconnect.js | 360 + netwerk/test/unit/test_psl.js | 39 + netwerk/test/unit/test_race_cache_with_network.js | 273 + netwerk/test/unit/test_range_requests.js | 443 + .../unit/test_rcwn_always_cache_new_content.js | 116 + netwerk/test/unit/test_rcwn_interrupted.js | 108 + netwerk/test/unit/test_readline.js | 104 + .../test/unit/test_redirect-caching_canceled.js | 64 + netwerk/test/unit/test_redirect-caching_failure.js | 81 + netwerk/test/unit/test_redirect-caching_passing.js | 56 + netwerk/test/unit/test_redirect_baduri.js | 44 + netwerk/test/unit/test_redirect_canceled.js | 50 + .../test/unit/test_redirect_different-protocol.js | 49 + netwerk/test/unit/test_redirect_failure.js | 59 + netwerk/test/unit/test_redirect_from_script.js | 247 + ...test_redirect_from_script_after-open_passing.js | 247 + netwerk/test/unit/test_redirect_history.js | 75 + netwerk/test/unit/test_redirect_loop.js | 88 + netwerk/test/unit/test_redirect_passing.js | 55 + .../test/unit/test_redirect_protocol_telemetry.js | 65 + netwerk/test/unit/test_redirect_veto.js | 102 + netwerk/test/unit/test_reentrancy.js | 109 + netwerk/test/unit/test_referrer.js | 248 + netwerk/test/unit/test_referrer_cross_origin.js | 332 + netwerk/test/unit/test_referrer_policy.js | 154 + netwerk/test/unit/test_reopen.js | 136 + .../test/unit/test_reply_without_content_type.js | 151 + netwerk/test/unit/test_resumable_channel.js | 426 + netwerk/test/unit/test_resumable_truncate.js | 95 + netwerk/test/unit/test_retry_0rtt.js | 123 + netwerk/test/unit/test_safeoutputstream.js | 70 + netwerk/test/unit/test_safeoutputstream_append.js | 45 + netwerk/test/unit/test_schema_10_migration.js | 181 + netwerk/test/unit/test_schema_12_migration.js | 181 + netwerk/test/unit/test_schema_13_db.js | 87 + netwerk/test/unit/test_schema_2_migration.js | 303 + netwerk/test/unit/test_schema_3_migration.js | 170 + netwerk/test/unit/test_separate_connections.js | 104 + netwerk/test/unit/test_servers.js | 324 + netwerk/test/unit/test_signature_extraction.js | 203 + netwerk/test/unit/test_simple.js | 70 + .../test/unit/test_sockettransportsvc_available.js | 11 + netwerk/test/unit/test_socks.js | 520 ++ netwerk/test/unit/test_speculative_connect.js | 382 + .../test/unit/test_stale-while-revalidate_loop.js | 43 + .../unit/test_stale-while-revalidate_max-age-0.js | 113 + .../unit/test_stale-while-revalidate_negative.js | 92 + .../unit/test_stale-while-revalidate_positive.js | 113 + netwerk/test/unit/test_standardurl.js | 1053 +++ netwerk/test/unit/test_standardurl_default_port.js | 58 + netwerk/test/unit/test_standardurl_port.js | 53 + netwerk/test/unit/test_streamcopier.js | 63 + .../unit/test_substituting_protocol_handler.js | 64 + .../unit/test_suspend_channel_before_connect.js | 93 + .../test/unit/test_suspend_channel_on_authRetry.js | 264 + .../test/unit/test_suspend_channel_on_examine.js | 76 + ...t_suspend_channel_on_examine_merged_response.js | 208 + .../test/unit/test_suspend_channel_on_modified.js | 177 + netwerk/test/unit/test_synthesized_response.js | 288 + netwerk/test/unit/test_throttlechannel.js | 48 + netwerk/test/unit/test_throttlequeue.js | 25 + netwerk/test/unit/test_throttling.js | 66 + netwerk/test/unit/test_tldservice_nextsubdomain.js | 24 + netwerk/test/unit/test_tls13_disabled.js | 93 + netwerk/test/unit/test_tls_flags.js | 248 + .../unit/test_tls_flags_separate_connections.js | 117 + netwerk/test/unit/test_tls_server.js | 314 + .../test/unit/test_tls_server_multiple_clients.js | 130 + netwerk/test/unit/test_traceable_channel.js | 145 + .../test_trackingProtection_annotateChannels.js | 391 + netwerk/test/unit/test_trr.js | 946 ++ netwerk/test/unit/test_trr_additional_section.js | 380 + netwerk/test/unit/test_trr_af_fallback.js | 117 + netwerk/test/unit/test_trr_blocklist.js | 78 + netwerk/test/unit/test_trr_cancel.js | 180 + netwerk/test/unit/test_trr_case_sensitivity.js | 153 + netwerk/test/unit/test_trr_cname_chain.js | 231 + netwerk/test/unit/test_trr_confirmation.js | 401 + netwerk/test/unit/test_trr_decoding.js | 56 + netwerk/test/unit/test_trr_domain.js | 123 + netwerk/test/unit/test_trr_enterprise_policy.js | 93 + netwerk/test/unit/test_trr_extended_error.js | 319 + netwerk/test/unit/test_trr_https_fallback.js | 1105 +++ netwerk/test/unit/test_trr_httpssvc.js | 728 ++ netwerk/test/unit/test_trr_nat64.js | 120 + netwerk/test/unit/test_trr_noPrefetch.js | 174 + netwerk/test/unit/test_trr_proxy.js | 156 + netwerk/test/unit/test_trr_proxy_auth.js | 122 + netwerk/test/unit/test_trr_strict_mode.js | 52 + netwerk/test/unit/test_trr_telemetry.js | 118 + netwerk/test/unit/test_trr_ttl.js | 60 + netwerk/test/unit/test_trr_with_proxy.js | 210 + netwerk/test/unit/test_udp_multicast.js | 99 + netwerk/test/unit/test_udpsocket.js | 89 + netwerk/test/unit/test_udpsocket_offline.js | 144 + netwerk/test/unit/test_unescapestring.js | 35 + netwerk/test/unit/test_unix_domain.js | 699 ++ netwerk/test/unit/test_uri_mutator.js | 48 + netwerk/test/unit/test_use_httpssvc.js | 240 + netwerk/test/unit/test_verify_traffic.js | 110 + netwerk/test/unit/test_websocket_500k.js | 222 + netwerk/test/unit/test_websocket_fails.js | 194 + netwerk/test/unit/test_websocket_fails_2.js | 57 + netwerk/test/unit/test_websocket_offline.js | 51 + netwerk/test/unit/test_websocket_server.js | 317 + .../test/unit/test_websocket_server_multiclient.js | 141 + netwerk/test/unit/test_websocket_with_h3_active.js | 97 + netwerk/test/unit/test_webtransport_simple.js | 460 + netwerk/test/unit/test_xmlhttprequest.js | 57 + netwerk/test/unit/trr_common.js | 1235 +++ netwerk/test/unit/xpcshell.toml | 1270 +++ netwerk/test/unit_ipc/child_channel_id.js | 47 + netwerk/test/unit_ipc/child_cookie_header.js | 93 + netwerk/test/unit_ipc/child_dns_by_type_resolve.js | 22 + netwerk/test/unit_ipc/child_is_proxy_used.js | 24 + netwerk/test/unit_ipc/child_veto_in_parent.js | 53 + netwerk/test/unit_ipc/head_channels_clone.js | 12 + netwerk/test/unit_ipc/head_http3_clone.js | 10 + netwerk/test/unit_ipc/head_trr_clone.js | 10 + netwerk/test/unit_ipc/test_XHR_redirects.js | 3 + .../unit_ipc/test_alt-data_closeWithStatus_wrap.js | 17 + .../unit_ipc/test_alt-data_cross_process_wrap.js | 96 + netwerk/test/unit_ipc/test_alt-data_simple_wrap.js | 17 + netwerk/test/unit_ipc/test_alt-data_stream_wrap.js | 3 + netwerk/test/unit_ipc/test_cache-entry-id_wrap.js | 13 + netwerk/test/unit_ipc/test_cache_jar_wrap.js | 4 + netwerk/test/unit_ipc/test_cacheflags_wrap.js | 8 + netwerk/test/unit_ipc/test_channel_close_wrap.js | 3 + netwerk/test/unit_ipc/test_channel_id.js | 109 + .../test/unit_ipc/test_channel_priority_wrap.js | 49 + .../test/unit_ipc/test_chunked_responses_wrap.js | 7 + .../test/unit_ipc/test_cookie_header_stripped.js | 94 + netwerk/test/unit_ipc/test_cookiejars_wrap.js | 13 + .../test/unit_ipc/test_dns_by_type_resolve_wrap.js | 52 + netwerk/test/unit_ipc/test_dns_cancel_wrap.js | 7 + netwerk/test/unit_ipc/test_dns_service_wrap.js | 7 + .../test/unit_ipc/test_duplicate_headers_wrap.js | 7 + netwerk/test/unit_ipc/test_event_sink_wrap.js | 7 + netwerk/test/unit_ipc/test_getHost_wrap.js | 3 + netwerk/test/unit_ipc/test_gio_protocol_wrap.js | 21 + netwerk/test/unit_ipc/test_head_wrap.js | 7 + netwerk/test/unit_ipc/test_headers_wrap.js | 7 + .../test/unit_ipc/test_http3_prio_disabled_wrap.js | 20 + .../test/unit_ipc/test_http3_prio_enabled_wrap.js | 20 + netwerk/test/unit_ipc/test_httpcancel_wrap.js | 48 + netwerk/test/unit_ipc/test_httpsuspend_wrap.js | 3 + netwerk/test/unit_ipc/test_is_proxy_used.js | 32 + .../unit_ipc/test_multipart_streamconv_wrap.js | 3 + .../test/unit_ipc/test_orb_empty_header_wrap.js | 8 + .../test_original_sent_received_head_wrap.js | 7 + netwerk/test/unit_ipc/test_post_wrap.js | 3 + netwerk/test/unit_ipc/test_predictor_wrap.js | 44 + netwerk/test/unit_ipc/test_progress_wrap.js | 3 + .../test_redirect-caching_canceled_wrap.js | 7 + .../unit_ipc/test_redirect-caching_failure_wrap.js | 11 + .../unit_ipc/test_redirect-caching_passing_wrap.js | 7 + .../test/unit_ipc/test_redirect_canceled_wrap.js | 7 + .../test_redirect_different-protocol_wrap.js | 7 + .../test/unit_ipc/test_redirect_failure_wrap.js | 8 + .../unit_ipc/test_redirect_from_script_wrap.js | 3 + .../test/unit_ipc/test_redirect_history_wrap.js | 7 + .../test/unit_ipc/test_redirect_passing_wrap.js | 7 + netwerk/test/unit_ipc/test_redirect_veto_parent.js | 64 + netwerk/test/unit_ipc/test_redirect_veto_wrap.js | 7 + netwerk/test/unit_ipc/test_reentrancy_wrap.js | 3 + .../test_reply_without_content_type_wrap.js | 7 + .../test/unit_ipc/test_resumable_channel_wrap.js | 3 + netwerk/test/unit_ipc/test_simple_wrap.js | 7 + ...st_trackingProtection_annotateChannels_wrap1.js | 26 + ...st_trackingProtection_annotateChannels_wrap2.js | 26 + netwerk/test/unit_ipc/test_trr_httpssvc_wrap.js | 88 + netwerk/test/unit_ipc/test_xmlhttprequest_wrap.js | 3 + netwerk/test/unit_ipc/xpcshell.toml | 240 + netwerk/test/useragent/browser_nonsnap.toml | 4 + netwerk/test/useragent/browser_snap.toml | 8 + netwerk/test/useragent/browser_ua_nonsnap.js | 10 + netwerk/test/useragent/browser_ua_snap_ubuntu.js | 10 + 931 files changed, 137013 insertions(+) create mode 100644 netwerk/test/browser/103_preload.html create mode 100644 netwerk/test/browser/103_preload.html^headers^ create mode 100644 netwerk/test/browser/103_preload.html^informationalResponse^ create mode 100644 netwerk/test/browser/103_preload_anchor.html create mode 100644 netwerk/test/browser/103_preload_anchor.html^headers^ create mode 100644 netwerk/test/browser/103_preload_anchor.html^informationalResponse^ create mode 100644 netwerk/test/browser/103_preload_and_404.html create mode 100644 netwerk/test/browser/103_preload_and_404.html^headers^ create mode 100644 netwerk/test/browser/103_preload_and_404.html^informationalResponse^ create mode 100644 netwerk/test/browser/103_preload_csp_imgsrc_none.html create mode 100644 netwerk/test/browser/103_preload_csp_imgsrc_none.html^headers^ create mode 100644 netwerk/test/browser/103_preload_csp_imgsrc_none.html^informationalResponse^ create mode 100644 netwerk/test/browser/103_preload_iframe.html create mode 100644 netwerk/test/browser/103_preload_iframe.html^headers^ create mode 100644 netwerk/test/browser/auth_post.sjs create mode 100644 netwerk/test/browser/browser.toml create mode 100644 netwerk/test/browser/browser_103_assets.js create mode 100644 netwerk/test/browser/browser_103_assets_extension.js create mode 100644 netwerk/test/browser/browser_103_cleanup.js create mode 100644 netwerk/test/browser/browser_103_csp.js create mode 100644 netwerk/test/browser/browser_103_csp_images.js create mode 100644 netwerk/test/browser/browser_103_csp_styles.js create mode 100644 netwerk/test/browser/browser_103_error.js create mode 100644 netwerk/test/browser/browser_103_no_cancel_on_error.js create mode 100644 netwerk/test/browser/browser_103_preconnect.js create mode 100644 netwerk/test/browser/browser_103_preload.js create mode 100644 netwerk/test/browser/browser_103_preload_2.js create mode 100644 netwerk/test/browser/browser_103_private_window.js create mode 100644 netwerk/test/browser/browser_103_redirect.js create mode 100644 netwerk/test/browser/browser_103_redirect_from_server.js create mode 100644 netwerk/test/browser/browser_103_referrer_policy.js create mode 100644 netwerk/test/browser/browser_103_telemetry.js create mode 100644 netwerk/test/browser/browser_103_user_load.js create mode 100644 netwerk/test/browser/browser_NetUtil.js create mode 100644 netwerk/test/browser/browser_about_cache.js create mode 100644 netwerk/test/browser/browser_backgroundtask_purgeHTTPCache.js create mode 100644 netwerk/test/browser/browser_bug1535877.js create mode 100644 netwerk/test/browser/browser_bug1629307.js create mode 100644 netwerk/test/browser/browser_child_resource.js create mode 100644 netwerk/test/browser/browser_cookie_filtering_basic.js create mode 100644 netwerk/test/browser/browser_cookie_filtering_cross_origin.js create mode 100644 netwerk/test/browser/browser_cookie_filtering_insecure.js create mode 100644 netwerk/test/browser/browser_cookie_filtering_oa.js create mode 100644 netwerk/test/browser/browser_cookie_filtering_subdomain.js create mode 100644 netwerk/test/browser/browser_cookie_sync_across_tabs.js create mode 100644 netwerk/test/browser/browser_fetch_lnk.js create mode 100644 netwerk/test/browser/browser_http_index_format.js create mode 100644 netwerk/test/browser/browser_nsIFormPOSTActionChannel.js create mode 100644 netwerk/test/browser/browser_post_auth.js create mode 100644 netwerk/test/browser/browser_post_file.js create mode 100644 netwerk/test/browser/browser_purgeCache_idle_daily.js create mode 100644 netwerk/test/browser/browser_resource_navigation.js create mode 100644 netwerk/test/browser/browser_speculative_connection_link_header.js create mode 100644 netwerk/test/browser/browser_test_data_channel_observer.js create mode 100644 netwerk/test/browser/browser_test_favicon.js create mode 100644 netwerk/test/browser/browser_test_io_activity.js create mode 100644 netwerk/test/browser/browser_test_offline_tab.js create mode 100644 netwerk/test/browser/cookie_filtering_helper.sys.mjs create mode 100644 netwerk/test/browser/cookie_filtering_resource.sjs create mode 100644 netwerk/test/browser/cookie_filtering_secure_resource_com.html create mode 100644 netwerk/test/browser/cookie_filtering_secure_resource_com.html^headers^ create mode 100644 netwerk/test/browser/cookie_filtering_secure_resource_org.html create mode 100644 netwerk/test/browser/cookie_filtering_secure_resource_org.html^headers^ create mode 100644 netwerk/test/browser/cookie_filtering_square.png create mode 100644 netwerk/test/browser/cookie_filtering_square.png^headers^ create mode 100644 netwerk/test/browser/damonbowling.jpg create mode 100644 netwerk/test/browser/damonbowling.jpg^headers^ create mode 100644 netwerk/test/browser/dummy.html create mode 100644 netwerk/test/browser/early_hint_asset.sjs create mode 100644 netwerk/test/browser/early_hint_asset_html.sjs create mode 100644 netwerk/test/browser/early_hint_csp_options_html.sjs create mode 100644 netwerk/test/browser/early_hint_error.sjs create mode 100644 netwerk/test/browser/early_hint_main_html.sjs create mode 100644 netwerk/test/browser/early_hint_main_redirect.sjs create mode 100644 netwerk/test/browser/early_hint_pixel.sjs create mode 100644 netwerk/test/browser/early_hint_pixel_count.sjs create mode 100644 netwerk/test/browser/early_hint_preconnect_html.sjs create mode 100644 netwerk/test/browser/early_hint_preload_test_helper.sys.mjs create mode 100644 netwerk/test/browser/early_hint_redirect.sjs create mode 100644 netwerk/test/browser/early_hint_redirect_html.sjs create mode 100644 netwerk/test/browser/early_hint_referrer_policy_html.sjs create mode 100644 netwerk/test/browser/file_favicon.html create mode 100644 netwerk/test/browser/file_link_header.sjs create mode 100644 netwerk/test/browser/file_lnk.lnk create mode 100644 netwerk/test/browser/ioactivity.html create mode 100644 netwerk/test/browser/no_103_preload.html create mode 100644 netwerk/test/browser/no_103_preload.html^headers^ create mode 100644 netwerk/test/browser/post.html create mode 100644 netwerk/test/browser/redirect.sjs create mode 100644 netwerk/test/browser/res.css create mode 100644 netwerk/test/browser/res.css^headers^ create mode 100644 netwerk/test/browser/res.csv create mode 100644 netwerk/test/browser/res.csv^headers^ create mode 100644 netwerk/test/browser/res.mp3 create mode 100644 netwerk/test/browser/res.unknown create mode 100644 netwerk/test/browser/res_206.html create mode 100644 netwerk/test/browser/res_206.html^headers^ create mode 100644 netwerk/test/browser/res_206.mp3 create mode 100644 netwerk/test/browser/res_206.mp3^headers^ create mode 100644 netwerk/test/browser/res_empty.zip create mode 100644 netwerk/test/browser/res_http_index_format create mode 100644 netwerk/test/browser/res_http_index_format^headers^ create mode 100644 netwerk/test/browser/res_img.png create mode 100644 netwerk/test/browser/res_img_for_unknown_decoder create mode 100644 netwerk/test/browser/res_img_for_unknown_decoder^headers^ create mode 100644 netwerk/test/browser/res_img_unknown.png create mode 100644 netwerk/test/browser/res_invalid_partial.mp3 create mode 100644 netwerk/test/browser/res_invalid_partial.mp3^headers^ create mode 100644 netwerk/test/browser/res_nosniff.html create mode 100644 netwerk/test/browser/res_nosniff.html^headers^ create mode 100644 netwerk/test/browser/res_nosniff2.html create mode 100644 netwerk/test/browser/res_nosniff2.html^headers^ create mode 100644 netwerk/test/browser/res_not_200or206.mp3 create mode 100644 netwerk/test/browser/res_not_200or206.mp3^headers^ create mode 100644 netwerk/test/browser/res_not_ok.html create mode 100644 netwerk/test/browser/res_not_ok.html^headers^ create mode 100644 netwerk/test/browser/res_object.html create mode 100644 netwerk/test/browser/res_sub_document.html create mode 100644 netwerk/test/browser/square.png create mode 100644 netwerk/test/browser/test_1629307.html create mode 100644 netwerk/test/browser/x_frame_options.html create mode 100644 netwerk/test/browser/x_frame_options.html^headers^ create mode 100644 netwerk/test/crashtests/1274044-1.html create mode 100644 netwerk/test/crashtests/1334468-1.html create mode 100644 netwerk/test/crashtests/1399467-1.html create mode 100644 netwerk/test/crashtests/1787122.html create mode 100644 netwerk/test/crashtests/1793521.html create mode 100644 netwerk/test/crashtests/675518.html create mode 100644 netwerk/test/crashtests/785753-1.html create mode 100644 netwerk/test/crashtests/785753-2.html create mode 100644 netwerk/test/crashtests/crashtests.list create mode 100644 netwerk/test/fuzz/FuzzingStreamListener.cpp create mode 100644 netwerk/test/fuzz/FuzzingStreamListener.h create mode 100644 netwerk/test/fuzz/TestHttpFuzzing.cpp create mode 100644 netwerk/test/fuzz/TestJARFuzzing.cpp create mode 100644 netwerk/test/fuzz/TestURIFuzzing.cpp create mode 100644 netwerk/test/fuzz/TestWebsocketFuzzing.cpp create mode 100644 netwerk/test/fuzz/moz.build create mode 100644 netwerk/test/fuzz/url_tokens.dict create mode 100644 netwerk/test/gtest/TestBase64Stream.cpp create mode 100644 netwerk/test/gtest/TestBind.cpp create mode 100644 netwerk/test/gtest/TestBufferedInputStream.cpp create mode 100644 netwerk/test/gtest/TestCommon.cpp create mode 100644 netwerk/test/gtest/TestCommon.h create mode 100644 netwerk/test/gtest/TestCookie.cpp create mode 100644 netwerk/test/gtest/TestDNSPacket.cpp create mode 100644 netwerk/test/gtest/TestHeaders.cpp create mode 100644 netwerk/test/gtest/TestHttpAtom.cpp create mode 100644 netwerk/test/gtest/TestHttpAuthUtils.cpp create mode 100644 netwerk/test/gtest/TestHttpChannel.cpp create mode 100644 netwerk/test/gtest/TestHttpResponseHead.cpp create mode 100644 netwerk/test/gtest/TestInputStreamTransport.cpp create mode 100644 netwerk/test/gtest/TestIsValidIp.cpp create mode 100644 netwerk/test/gtest/TestLinkHeader.cpp create mode 100644 netwerk/test/gtest/TestMIMEInputStream.cpp create mode 100644 netwerk/test/gtest/TestMozURL.cpp create mode 100644 netwerk/test/gtest/TestNamedPipeService.cpp create mode 100644 netwerk/test/gtest/TestNetworkLinkIdHashingDarwin.cpp create mode 100644 netwerk/test/gtest/TestNetworkLinkIdHashingWindows.cpp create mode 100644 netwerk/test/gtest/TestPACMan.cpp create mode 100644 netwerk/test/gtest/TestProtocolProxyService.cpp create mode 100644 netwerk/test/gtest/TestReadStreamToString.cpp create mode 100644 netwerk/test/gtest/TestSSLTokensCache.cpp create mode 100644 netwerk/test/gtest/TestServerTimingHeader.cpp create mode 100644 netwerk/test/gtest/TestSocketTransportService.cpp create mode 100644 netwerk/test/gtest/TestStandardURL.cpp create mode 100644 netwerk/test/gtest/TestUDPSocket.cpp create mode 100644 netwerk/test/gtest/TestURIMutator.cpp create mode 100644 netwerk/test/gtest/moz.build create mode 100644 netwerk/test/gtest/urltestdata-orig.json create mode 100644 netwerk/test/gtest/urltestdata.json create mode 100644 netwerk/test/http3server/Cargo.toml create mode 100644 netwerk/test/http3server/moz.build create mode 100644 netwerk/test/http3server/src/main.rs create mode 100644 netwerk/test/http3serverDB/cert9.db create mode 100644 netwerk/test/http3serverDB/key4.db create mode 100644 netwerk/test/http3serverDB/pkcs11.txt create mode 100644 netwerk/test/httpserver/README create mode 100644 netwerk/test/httpserver/TODO create mode 100644 netwerk/test/httpserver/httpd.sys.mjs create mode 100644 netwerk/test/httpserver/moz.build create mode 100644 netwerk/test/httpserver/nsIHttpServer.idl create mode 100644 netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^ create mode 100644 netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^headers^ create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_both.html create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_both.html^headers^ create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt^headers^ create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_status_override.html create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_status_override.html^headers^ create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt create mode 100644 netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt^headers^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/bar.html^^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/bar.html^^headers^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/folder^^/ERROR_IF_SEE_THIS.txt^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/folder^^/SHOULD_SEE_THIS.txt^^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/folder^^/file.txt create mode 100644 netwerk/test/httpserver/test/data/name-scheme/foo.html^ create mode 100644 netwerk/test/httpserver/test/data/name-scheme/normal-file.txt create mode 100644 netwerk/test/httpserver/test/data/ranges/empty.txt create mode 100644 netwerk/test/httpserver/test/data/ranges/headers.txt create mode 100644 netwerk/test/httpserver/test/data/ranges/headers.txt^headers^ create mode 100644 netwerk/test/httpserver/test/data/ranges/range.txt create mode 100644 netwerk/test/httpserver/test/data/sjs/cgi.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/cgi.sjs^headers^ create mode 100644 netwerk/test/httpserver/test/data/sjs/object-state.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/qi.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/range-checker.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/state1.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/state2.sjs create mode 100644 netwerk/test/httpserver/test/data/sjs/thrower.sjs create mode 100644 netwerk/test/httpserver/test/head_utils.js create mode 100644 netwerk/test/httpserver/test/test_async_response_sending.js create mode 100644 netwerk/test/httpserver/test/test_basic_functionality.js create mode 100644 netwerk/test/httpserver/test/test_body_length.js create mode 100644 netwerk/test/httpserver/test/test_byte_range.js create mode 100644 netwerk/test/httpserver/test/test_cern_meta.js create mode 100644 netwerk/test/httpserver/test/test_default_index_handler.js create mode 100644 netwerk/test/httpserver/test/test_empty_body.js create mode 100644 netwerk/test/httpserver/test/test_errorhandler_exception.js create mode 100644 netwerk/test/httpserver/test/test_header_array.js create mode 100644 netwerk/test/httpserver/test/test_headers.js create mode 100644 netwerk/test/httpserver/test/test_host.js create mode 100644 netwerk/test/httpserver/test/test_host_identity.js create mode 100644 netwerk/test/httpserver/test/test_linedata.js create mode 100644 netwerk/test/httpserver/test/test_load_module.js create mode 100644 netwerk/test/httpserver/test/test_name_scheme.js create mode 100644 netwerk/test/httpserver/test/test_processasync.js create mode 100644 netwerk/test/httpserver/test/test_qi.js create mode 100644 netwerk/test/httpserver/test/test_registerdirectory.js create mode 100644 netwerk/test/httpserver/test/test_registerfile.js create mode 100644 netwerk/test/httpserver/test/test_registerprefix.js create mode 100644 netwerk/test/httpserver/test/test_request_line_split_in_two_packets.js create mode 100644 netwerk/test/httpserver/test/test_response_write.js create mode 100644 netwerk/test/httpserver/test/test_seizepower.js create mode 100644 netwerk/test/httpserver/test/test_setindexhandler.js create mode 100644 netwerk/test/httpserver/test/test_setstatusline.js create mode 100644 netwerk/test/httpserver/test/test_sjs.js create mode 100644 netwerk/test/httpserver/test/test_sjs_object_state.js create mode 100644 netwerk/test/httpserver/test/test_sjs_state.js create mode 100644 netwerk/test/httpserver/test/test_sjs_throwing_exceptions.js create mode 100644 netwerk/test/httpserver/test/test_start_stop.js create mode 100644 netwerk/test/httpserver/test/test_start_stop_ipv6.js create mode 100644 netwerk/test/httpserver/test/xpcshell.toml create mode 100644 netwerk/test/marionette/manifest.toml create mode 100644 netwerk/test/marionette/test_purge_http_cache_at_shutdown.py create mode 100644 netwerk/test/mochitests/beltzner.jpg create mode 100644 netwerk/test/mochitests/beltzner.jpg^headers^ create mode 100644 netwerk/test/mochitests/empty.html create mode 100644 netwerk/test/mochitests/file_1331680.js create mode 100644 netwerk/test/mochitests/file_1502055.sjs create mode 100644 netwerk/test/mochitests/file_1503201.sjs create mode 100644 netwerk/test/mochitests/file_chromecommon.js create mode 100644 netwerk/test/mochitests/file_documentcookie_maxage_chromescript.js create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner.html create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html create mode 100644 netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_domain_inner.html create mode 100644 netwerk/test/mochitests/file_domain_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_domain_inner_inner.html create mode 100644 netwerk/test/mochitests/file_domain_inner_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_iframe_allow_same_origin.html create mode 100644 netwerk/test/mochitests/file_iframe_allow_scripts.html create mode 100644 netwerk/test/mochitests/file_image_inner.html create mode 100644 netwerk/test/mochitests/file_image_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_image_inner_inner.html create mode 100644 netwerk/test/mochitests/file_image_inner_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_lnk.lnk create mode 100644 netwerk/test/mochitests/file_loadflags_inner.html create mode 100644 netwerk/test/mochitests/file_loadflags_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_loadinfo_redirectchain.sjs create mode 100644 netwerk/test/mochitests/file_localhost_inner.html create mode 100644 netwerk/test/mochitests/file_localhost_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_loopback_inner.html create mode 100644 netwerk/test/mochitests/file_loopback_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_subdomain_inner.html create mode 100644 netwerk/test/mochitests/file_subdomain_inner.html^headers^ create mode 100644 netwerk/test/mochitests/file_testcommon.js create mode 100644 netwerk/test/mochitests/file_testloadflags.js create mode 100644 netwerk/test/mochitests/file_testloadflags_chromescript.js create mode 100644 netwerk/test/mochitests/iframe_1502055.html create mode 100644 netwerk/test/mochitests/image1.png create mode 100644 netwerk/test/mochitests/image1.png^headers^ create mode 100644 netwerk/test/mochitests/image2.png create mode 100644 netwerk/test/mochitests/image2.png^headers^ create mode 100644 netwerk/test/mochitests/method.sjs create mode 100644 netwerk/test/mochitests/mochitest.toml create mode 100644 netwerk/test/mochitests/origin_header.sjs create mode 100644 netwerk/test/mochitests/origin_header_form_post.html create mode 100644 netwerk/test/mochitests/origin_header_form_post_xorigin.html create mode 100644 netwerk/test/mochitests/partial_content.sjs create mode 100644 netwerk/test/mochitests/redirect.sjs create mode 100644 netwerk/test/mochitests/redirect_idn.html create mode 100644 netwerk/test/mochitests/redirect_idn.html^headers^ create mode 100644 netwerk/test/mochitests/redirect_to.sjs create mode 100644 netwerk/test/mochitests/rel_preconnect.sjs create mode 100644 netwerk/test/mochitests/reset_cookie_xhr.sjs create mode 100644 netwerk/test/mochitests/set_cookie_xhr.sjs create mode 100644 netwerk/test/mochitests/signed_web_packaged_app.sjs create mode 100644 netwerk/test/mochitests/subResources.sjs create mode 100644 netwerk/test/mochitests/sw_1502055.js create mode 100644 netwerk/test/mochitests/test1.css create mode 100644 netwerk/test/mochitests/test1.css^headers^ create mode 100644 netwerk/test/mochitests/test2.css create mode 100644 netwerk/test/mochitests/test2.css^headers^ create mode 100644 netwerk/test/mochitests/test_1331680.html create mode 100644 netwerk/test/mochitests/test_1331680_iframe.html create mode 100644 netwerk/test/mochitests/test_1331680_xhr.html create mode 100644 netwerk/test/mochitests/test_1396395.html create mode 100644 netwerk/test/mochitests/test_1421324.html create mode 100644 netwerk/test/mochitests/test_1425031.html create mode 100644 netwerk/test/mochitests/test_1502055.html create mode 100644 netwerk/test/mochitests/test_1503201.html create mode 100644 netwerk/test/mochitests/test_accept_header.html create mode 100644 netwerk/test/mochitests/test_accept_header.sjs create mode 100644 netwerk/test/mochitests/test_arraybufferinputstream.html create mode 100644 netwerk/test/mochitests/test_arraybufferinputstream_large.html create mode 100644 netwerk/test/mochitests/test_different_domain_in_hierarchy.html create mode 100644 netwerk/test/mochitests/test_differentdomain.html create mode 100644 netwerk/test/mochitests/test_documentcookies_maxage.html create mode 100644 netwerk/test/mochitests/test_fetch_lnk.html create mode 100644 netwerk/test/mochitests/test_idn_redirect.html create mode 100644 netwerk/test/mochitests/test_image.html create mode 100644 netwerk/test/mochitests/test_loadflags.html create mode 100644 netwerk/test/mochitests/test_loadinfo_redirectchain.html create mode 100644 netwerk/test/mochitests/test_origin_header.html create mode 100644 netwerk/test/mochitests/test_partially_cached_content.html create mode 100644 netwerk/test/mochitests/test_redirect_ref.html create mode 100644 netwerk/test/mochitests/test_rel_preconnect.html create mode 100644 netwerk/test/mochitests/test_same_base_domain.html create mode 100644 netwerk/test/mochitests/test_same_base_domain_2.html create mode 100644 netwerk/test/mochitests/test_same_base_domain_3.html create mode 100644 netwerk/test/mochitests/test_same_base_domain_4.html create mode 100644 netwerk/test/mochitests/test_same_base_domain_5.html create mode 100644 netwerk/test/mochitests/test_same_base_domain_6.html create mode 100644 netwerk/test/mochitests/test_samedomain.html create mode 100644 netwerk/test/mochitests/test_uri_scheme.html create mode 100644 netwerk/test/mochitests/test_url_perf.html create mode 100644 netwerk/test/mochitests/test_viewsource_unlinkable.html create mode 100644 netwerk/test/mochitests/test_xhr_method_case.html create mode 100644 netwerk/test/mochitests/web_packaged_app.sjs create mode 100644 netwerk/test/moz.build create mode 100644 netwerk/test/perf/.eslintrc.js create mode 100644 netwerk/test/perf/hooks_throttling.py create mode 100644 netwerk/test/perf/perftest.toml create mode 100644 netwerk/test/perf/perftest_http3_cloudflareblog.js create mode 100644 netwerk/test/perf/perftest_http3_controlled.js create mode 100644 netwerk/test/perf/perftest_http3_facebook_scroll.js create mode 100644 netwerk/test/perf/perftest_http3_google_image.js create mode 100644 netwerk/test/perf/perftest_http3_google_search.js create mode 100644 netwerk/test/perf/perftest_http3_lucasquicfetch.js create mode 100644 netwerk/test/perf/perftest_http3_youtube_watch.js create mode 100644 netwerk/test/perf/perftest_http3_youtube_watch_scroll.js create mode 100644 netwerk/test/reftest/658949-1-ref.html create mode 100644 netwerk/test/reftest/658949-1.html create mode 100644 netwerk/test/reftest/bug565432-1-ref.html create mode 100644 netwerk/test/reftest/bug565432-1.html create mode 100644 netwerk/test/reftest/reftest.list create mode 100644 netwerk/test/unit/client-cert.p12 create mode 100644 netwerk/test/unit/client-cert.p12.pkcs12spec create mode 100644 netwerk/test/unit/data/cookies_v10.sqlite create mode 100644 netwerk/test/unit/data/image.png create mode 100644 netwerk/test/unit/data/signed_win.exe create mode 100644 netwerk/test/unit/data/system_root.lnk create mode 100644 netwerk/test/unit/data/test_psl.txt create mode 100644 netwerk/test/unit/data/test_readline1.txt create mode 100644 netwerk/test/unit/data/test_readline2.txt create mode 100644 netwerk/test/unit/data/test_readline3.txt create mode 100644 netwerk/test/unit/data/test_readline4.txt create mode 100644 netwerk/test/unit/data/test_readline5.txt create mode 100644 netwerk/test/unit/data/test_readline6.txt create mode 100644 netwerk/test/unit/data/test_readline7.txt create mode 100644 netwerk/test/unit/data/test_readline8.txt create mode 100644 netwerk/test/unit/head_cache.js create mode 100644 netwerk/test/unit/head_cache2.js create mode 100644 netwerk/test/unit/head_channels.js create mode 100644 netwerk/test/unit/head_cookies.js create mode 100644 netwerk/test/unit/head_http3.js create mode 100644 netwerk/test/unit/head_servers.js create mode 100644 netwerk/test/unit/head_telemetry.js create mode 100644 netwerk/test/unit/head_trr.js create mode 100644 netwerk/test/unit/head_websocket.js create mode 100644 netwerk/test/unit/head_webtransport.js create mode 100644 netwerk/test/unit/http2-ca.pem create mode 100644 netwerk/test/unit/http2-ca.pem.certspec create mode 100644 netwerk/test/unit/http2_test_common.js create mode 100644 netwerk/test/unit/node_execute/test_node_execute_loop.js create mode 100644 netwerk/test/unit/node_execute/xpcshell.toml create mode 100644 netwerk/test/unit/perftest.toml create mode 100644 netwerk/test/unit/proxy-ca.pem create mode 100644 netwerk/test/unit/proxy-ca.pem.certspec create mode 100644 netwerk/test/unit/socks_client_subprocess.js create mode 100644 netwerk/test/unit/test_1073747.js create mode 100644 netwerk/test/unit/test_304_headers.js create mode 100644 netwerk/test/unit/test_304_responses.js create mode 100644 netwerk/test/unit/test_307_redirect.js create mode 100644 netwerk/test/unit/test_421.js create mode 100644 netwerk/test/unit/test_MIME_params.js create mode 100644 netwerk/test/unit/test_NetUtil.js create mode 100644 netwerk/test/unit/test_SuperfluousAuth.js create mode 100644 netwerk/test/unit/test_URIs.js create mode 100644 netwerk/test/unit/test_URIs2.js create mode 100644 netwerk/test/unit/test_XHR_redirects.js create mode 100644 netwerk/test/unit/test_about_networking.js create mode 100644 netwerk/test/unit/test_about_protocol.js create mode 100644 netwerk/test/unit/test_aboutblank.js create mode 100644 netwerk/test/unit/test_addr_in_use_error.js create mode 100644 netwerk/test/unit/test_alt-data_closeWithStatus.js create mode 100644 netwerk/test/unit/test_alt-data_cross_process.js create mode 100644 netwerk/test/unit/test_alt-data_overwrite.js create mode 100644 netwerk/test/unit/test_alt-data_simple.js create mode 100644 netwerk/test/unit/test_alt-data_stream.js create mode 100644 netwerk/test/unit/test_alt-data_too_big.js create mode 100644 netwerk/test/unit/test_altsvc.js create mode 100644 netwerk/test/unit/test_altsvc_http3.js create mode 100644 netwerk/test/unit/test_altsvc_pref.js create mode 100644 netwerk/test/unit/test_anonymous-coalescing.js create mode 100644 netwerk/test/unit/test_auth_dialog_permission.js create mode 100644 netwerk/test/unit/test_auth_jar.js create mode 100644 netwerk/test/unit/test_auth_multiple.js create mode 100644 netwerk/test/unit/test_auth_proxy.js create mode 100644 netwerk/test/unit/test_authentication.js create mode 100644 netwerk/test/unit/test_authpromptwrapper.js create mode 100644 netwerk/test/unit/test_backgroundfilesaver.js create mode 100644 netwerk/test/unit/test_be_conservative.js create mode 100644 netwerk/test/unit/test_be_conservative_error_handling.js create mode 100644 netwerk/test/unit/test_bhttp.js create mode 100644 netwerk/test/unit/test_blob_channelname.js create mode 100644 netwerk/test/unit/test_brotli_decoding.js create mode 100644 netwerk/test/unit/test_brotli_http.js create mode 100644 netwerk/test/unit/test_brotli_unknown_content_type.js create mode 100644 netwerk/test/unit/test_bug1064258.js create mode 100644 netwerk/test/unit/test_bug1177909.js create mode 100644 netwerk/test/unit/test_bug1195415.js create mode 100644 netwerk/test/unit/test_bug1218029.js create mode 100644 netwerk/test/unit/test_bug1279246.js create mode 100644 netwerk/test/unit/test_bug1312774_http1.js create mode 100644 netwerk/test/unit/test_bug1312782_http1.js create mode 100644 netwerk/test/unit/test_bug1355539_http1.js create mode 100644 netwerk/test/unit/test_bug1378385_http1.js create mode 100644 netwerk/test/unit/test_bug1411316_http1.js create mode 100644 netwerk/test/unit/test_bug1527293.js create mode 100644 netwerk/test/unit/test_bug1683176.js create mode 100644 netwerk/test/unit/test_bug1725766.js create mode 100644 netwerk/test/unit/test_bug203271.js create mode 100644 netwerk/test/unit/test_bug248970_cache.js create mode 100644 netwerk/test/unit/test_bug248970_cookie.js create mode 100644 netwerk/test/unit/test_bug261425.js create mode 100644 netwerk/test/unit/test_bug263127.js create mode 100644 netwerk/test/unit/test_bug282432.js create mode 100644 netwerk/test/unit/test_bug321706.js create mode 100644 netwerk/test/unit/test_bug331825.js create mode 100644 netwerk/test/unit/test_bug336501.js create mode 100644 netwerk/test/unit/test_bug337744.js create mode 100644 netwerk/test/unit/test_bug368702.js create mode 100644 netwerk/test/unit/test_bug369787.js create mode 100644 netwerk/test/unit/test_bug371473.js create mode 100644 netwerk/test/unit/test_bug376844.js create mode 100644 netwerk/test/unit/test_bug376865.js create mode 100644 netwerk/test/unit/test_bug379034.js create mode 100644 netwerk/test/unit/test_bug380994.js create mode 100644 netwerk/test/unit/test_bug388281.js create mode 100644 netwerk/test/unit/test_bug396389.js create mode 100644 netwerk/test/unit/test_bug401564.js create mode 100644 netwerk/test/unit/test_bug411952.js create mode 100644 netwerk/test/unit/test_bug412457.js create mode 100644 netwerk/test/unit/test_bug412945.js create mode 100644 netwerk/test/unit/test_bug414122.js create mode 100644 netwerk/test/unit/test_bug427957.js create mode 100644 netwerk/test/unit/test_bug429347.js create mode 100644 netwerk/test/unit/test_bug455311.js create mode 100644 netwerk/test/unit/test_bug464591.js create mode 100644 netwerk/test/unit/test_bug468426.js create mode 100644 netwerk/test/unit/test_bug468594.js create mode 100644 netwerk/test/unit/test_bug470716.js create mode 100644 netwerk/test/unit/test_bug477578.js create mode 100644 netwerk/test/unit/test_bug479413.js create mode 100644 netwerk/test/unit/test_bug479485.js create mode 100644 netwerk/test/unit/test_bug482601.js create mode 100644 netwerk/test/unit/test_bug482934.js create mode 100644 netwerk/test/unit/test_bug490095.js create mode 100644 netwerk/test/unit/test_bug504014.js create mode 100644 netwerk/test/unit/test_bug510359.js create mode 100644 netwerk/test/unit/test_bug526789.js create mode 100644 netwerk/test/unit/test_bug528292.js create mode 100644 netwerk/test/unit/test_bug536324_64bit_content_length.js create mode 100644 netwerk/test/unit/test_bug540566.js create mode 100644 netwerk/test/unit/test_bug553970.js create mode 100644 netwerk/test/unit/test_bug561042.js create mode 100644 netwerk/test/unit/test_bug561276.js create mode 100644 netwerk/test/unit/test_bug580508.js create mode 100644 netwerk/test/unit/test_bug586908.js create mode 100644 netwerk/test/unit/test_bug596443.js create mode 100644 netwerk/test/unit/test_bug618835.js create mode 100644 netwerk/test/unit/test_bug633743.js create mode 100644 netwerk/test/unit/test_bug650522.js create mode 100644 netwerk/test/unit/test_bug650995.js create mode 100644 netwerk/test/unit/test_bug652761.js create mode 100644 netwerk/test/unit/test_bug654926.js create mode 100644 netwerk/test/unit/test_bug654926_doom_and_read.js create mode 100644 netwerk/test/unit/test_bug654926_test_seek.js create mode 100644 netwerk/test/unit/test_bug659569.js create mode 100644 netwerk/test/unit/test_bug660066.js create mode 100644 netwerk/test/unit/test_bug667087.js create mode 100644 netwerk/test/unit/test_bug667818.js create mode 100644 netwerk/test/unit/test_bug667907.js create mode 100644 netwerk/test/unit/test_bug669001.js create mode 100644 netwerk/test/unit/test_bug770243.js create mode 100644 netwerk/test/unit/test_bug812167.js create mode 100644 netwerk/test/unit/test_bug826063.js create mode 100644 netwerk/test/unit/test_bug856978.js create mode 100644 netwerk/test/unit/test_bug894586.js create mode 100644 netwerk/test/unit/test_bug935499.js create mode 100644 netwerk/test/unit/test_cache-control_request.js create mode 100644 netwerk/test/unit/test_cache-entry-id.js create mode 100644 netwerk/test/unit/test_cache2-00-service-get.js create mode 100644 netwerk/test/unit/test_cache2-01-basic.js create mode 100644 netwerk/test/unit/test_cache2-01a-basic-readonly.js create mode 100644 netwerk/test/unit/test_cache2-01b-basic-datasize.js create mode 100644 netwerk/test/unit/test_cache2-01c-basic-hasmeta-only.js create mode 100644 netwerk/test/unit/test_cache2-01d-basic-not-wanted.js create mode 100644 netwerk/test/unit/test_cache2-01e-basic-bypass-if-busy.js create mode 100644 netwerk/test/unit/test_cache2-01f-basic-openTruncate.js create mode 100644 netwerk/test/unit/test_cache2-02-open-non-existing.js create mode 100644 netwerk/test/unit/test_cache2-02b-open-non-existing-and-doom.js create mode 100644 netwerk/test/unit/test_cache2-03-oncacheentryavail-throws.js create mode 100644 netwerk/test/unit/test_cache2-04-oncacheentryavail-throws2x.js create mode 100644 netwerk/test/unit/test_cache2-05-visit.js create mode 100644 netwerk/test/unit/test_cache2-06-pb-mode.js create mode 100644 netwerk/test/unit/test_cache2-07-visit-memory.js create mode 100644 netwerk/test/unit/test_cache2-07a-open-memory.js create mode 100644 netwerk/test/unit/test_cache2-08-evict-disk-by-memory-storage.js create mode 100644 netwerk/test/unit/test_cache2-09-evict-disk-by-uri.js create mode 100644 netwerk/test/unit/test_cache2-10-evict-direct.js create mode 100644 netwerk/test/unit/test_cache2-10b-evict-direct-immediate.js create mode 100644 netwerk/test/unit/test_cache2-11-evict-memory.js create mode 100644 netwerk/test/unit/test_cache2-12-evict-disk.js create mode 100644 netwerk/test/unit/test_cache2-13-evict-non-existing.js create mode 100644 netwerk/test/unit/test_cache2-14-concurent-readers.js create mode 100644 netwerk/test/unit/test_cache2-14b-concurent-readers-complete.js create mode 100644 netwerk/test/unit/test_cache2-15-conditional-304.js create mode 100644 netwerk/test/unit/test_cache2-16-conditional-200.js create mode 100644 netwerk/test/unit/test_cache2-17-evict-all.js create mode 100644 netwerk/test/unit/test_cache2-18-not-valid.js create mode 100644 netwerk/test/unit/test_cache2-19-range-206.js create mode 100644 netwerk/test/unit/test_cache2-20-range-200.js create mode 100644 netwerk/test/unit/test_cache2-21-anon-storage.js create mode 100644 netwerk/test/unit/test_cache2-22-anon-visit.js create mode 100644 netwerk/test/unit/test_cache2-23-read-over-chunk.js create mode 100644 netwerk/test/unit/test_cache2-24-exists.js create mode 100644 netwerk/test/unit/test_cache2-25-chunk-memory-limit.js create mode 100644 netwerk/test/unit/test_cache2-26-no-outputstream-open.js create mode 100644 netwerk/test/unit/test_cache2-27-force-valid-for.js create mode 100644 netwerk/test/unit/test_cache2-28-last-access-attrs.js create mode 100644 netwerk/test/unit/test_cache2-28a-OPEN_SECRETLY.js create mode 100644 netwerk/test/unit/test_cache2-29a-concurrent_read_resumable_entry_size_zero.js create mode 100644 netwerk/test/unit/test_cache2-29b-concurrent_read_non-resumable_entry_size_zero.js create mode 100644 netwerk/test/unit/test_cache2-29c-concurrent_read_half-interrupted.js create mode 100644 netwerk/test/unit/test_cache2-29d-concurrent_read_half-corrupted-206.js create mode 100644 netwerk/test/unit/test_cache2-29e-concurrent_read_half-non-206-response.js create mode 100644 netwerk/test/unit/test_cache2-30a-entry-pinning.js create mode 100644 netwerk/test/unit/test_cache2-30b-pinning-storage-clear.js create mode 100644 netwerk/test/unit/test_cache2-30c-pinning-deferred-doom.js create mode 100644 netwerk/test/unit/test_cache2-30d-pinning-WasEvicted-API.js create mode 100644 netwerk/test/unit/test_cache2-31-visit-all.js create mode 100644 netwerk/test/unit/test_cache2-32-clear-origin.js create mode 100644 netwerk/test/unit/test_cache_204_response.js create mode 100644 netwerk/test/unit/test_cache_jar.js create mode 100644 netwerk/test/unit/test_cacheflags.js create mode 100644 netwerk/test/unit/test_captive_portal_service.js create mode 100644 netwerk/test/unit/test_cert_info.js create mode 100644 netwerk/test/unit/test_cert_verification_failure.js create mode 100644 netwerk/test/unit/test_channel_close.js create mode 100644 netwerk/test/unit/test_channel_long_domain.js create mode 100644 netwerk/test/unit/test_channel_priority.js create mode 100644 netwerk/test/unit/test_chunked_responses.js create mode 100644 netwerk/test/unit/test_client_auth_with_proxy.js create mode 100644 netwerk/test/unit/test_coaleasing_h2_and_h3_connection.js create mode 100644 netwerk/test/unit/test_compareURIs.js create mode 100644 netwerk/test/unit/test_compressappend.js create mode 100644 netwerk/test/unit/test_connection_based_auth.js create mode 100644 netwerk/test/unit/test_content_encoding_gzip.js create mode 100644 netwerk/test/unit/test_content_length_underrun.js create mode 100644 netwerk/test/unit/test_content_sniffer.js create mode 100644 netwerk/test/unit/test_cookie_blacklist.js create mode 100644 netwerk/test/unit/test_cookie_header.js create mode 100644 netwerk/test/unit/test_cookie_ipv6.js create mode 100644 netwerk/test/unit/test_cookie_partitioned_attribute.js create mode 100644 netwerk/test/unit/test_cookiejars.js create mode 100644 netwerk/test/unit/test_cookiejars_safebrowsing.js create mode 100644 netwerk/test/unit/test_cookies_async_failure.js create mode 100644 netwerk/test/unit/test_cookies_partition_counting.js create mode 100644 netwerk/test/unit/test_cookies_privatebrowsing.js create mode 100644 netwerk/test/unit/test_cookies_profile_close.js create mode 100644 netwerk/test/unit/test_cookies_purge_counting.js create mode 100644 netwerk/test/unit/test_cookies_purge_counting_per_host.js create mode 100644 netwerk/test/unit/test_cookies_read.js create mode 100644 netwerk/test/unit/test_cookies_sync_failure.js create mode 100644 netwerk/test/unit/test_cookies_thirdparty.js create mode 100644 netwerk/test/unit/test_cookies_thirdparty_session.js create mode 100644 netwerk/test/unit/test_cookies_upgrade_10.js create mode 100644 netwerk/test/unit/test_data_protocol.js create mode 100644 netwerk/test/unit/test_defaultURI.js create mode 100644 netwerk/test/unit/test_dns_by_type_resolve.js create mode 100644 netwerk/test/unit/test_dns_cancel.js create mode 100644 netwerk/test/unit/test_dns_disable_ipv4.js create mode 100644 netwerk/test/unit/test_dns_disable_ipv6.js create mode 100644 netwerk/test/unit/test_dns_disabled.js create mode 100644 netwerk/test/unit/test_dns_localredirect.js create mode 100644 netwerk/test/unit/test_dns_offline.js create mode 100644 netwerk/test/unit/test_dns_onion.js create mode 100644 netwerk/test/unit/test_dns_originAttributes.js create mode 100644 netwerk/test/unit/test_dns_override.js create mode 100644 netwerk/test/unit/test_dns_override_for_localhost.js create mode 100644 netwerk/test/unit/test_dns_proxy_bypass.js create mode 100644 netwerk/test/unit/test_dns_retry.js create mode 100644 netwerk/test/unit/test_dns_service.js create mode 100644 netwerk/test/unit/test_domain_eviction.js create mode 100644 netwerk/test/unit/test_dooh.js create mode 100644 netwerk/test/unit/test_doomentry.js create mode 100644 netwerk/test/unit/test_duplicate_headers.js create mode 100644 netwerk/test/unit/test_early_hint_listener.js create mode 100644 netwerk/test/unit/test_early_hint_listener_http2.js create mode 100644 netwerk/test/unit/test_ech_grease.js create mode 100644 netwerk/test/unit/test_event_sink.js create mode 100644 netwerk/test/unit/test_eviction.js create mode 100644 netwerk/test/unit/test_extract_charset_from_content_type.js create mode 100644 netwerk/test/unit/test_file_protocol.js create mode 100644 netwerk/test/unit/test_filestreams.js create mode 100644 netwerk/test/unit/test_freshconnection.js create mode 100644 netwerk/test/unit/test_getHost.js create mode 100644 netwerk/test/unit/test_gio_protocol.js create mode 100644 netwerk/test/unit/test_gre_resources.js create mode 100644 netwerk/test/unit/test_h2proxy_connection_limit.js create mode 100644 netwerk/test/unit/test_head.js create mode 100644 netwerk/test/unit/test_head_request_no_response_body.js create mode 100644 netwerk/test/unit/test_header_Accept-Language.js create mode 100644 netwerk/test/unit/test_header_Accept-Language_case.js create mode 100644 netwerk/test/unit/test_header_Server_Timing.js create mode 100644 netwerk/test/unit/test_headers.js create mode 100644 netwerk/test/unit/test_hostnameIsLocalIPAddress.js create mode 100644 netwerk/test/unit/test_hostnameIsSharedIPAddress.js create mode 100644 netwerk/test/unit/test_hpke_config_manager.js create mode 100644 netwerk/test/unit/test_http1-proxy.js create mode 100644 netwerk/test/unit/test_http2-proxy-failing.js create mode 100644 netwerk/test/unit/test_http2-proxy.js create mode 100644 netwerk/test/unit/test_http2.js create mode 100644 netwerk/test/unit/test_http2_with_proxy.js create mode 100644 netwerk/test/unit/test_http3.js create mode 100644 netwerk/test/unit/test_http3_0rtt.js create mode 100644 netwerk/test/unit/test_http3_421.js create mode 100644 netwerk/test/unit/test_http3_alt_svc.js create mode 100644 netwerk/test/unit/test_http3_coalescing.js create mode 100644 netwerk/test/unit/test_http3_direct_proxy.js create mode 100644 netwerk/test/unit/test_http3_dns_retry.js create mode 100644 netwerk/test/unit/test_http3_early_hint_listener.js create mode 100644 netwerk/test/unit/test_http3_error_before_connect.js create mode 100644 netwerk/test/unit/test_http3_fast_fallback.js create mode 100644 netwerk/test/unit/test_http3_fatal_stream_error.js create mode 100644 netwerk/test/unit/test_http3_large_post.js create mode 100644 netwerk/test/unit/test_http3_large_post_telemetry.js create mode 100644 netwerk/test/unit/test_http3_perf.js create mode 100644 netwerk/test/unit/test_http3_prio_disabled.js create mode 100644 netwerk/test/unit/test_http3_prio_enabled.js create mode 100644 netwerk/test/unit/test_http3_prio_helpers.js create mode 100644 netwerk/test/unit/test_http3_server.js create mode 100644 netwerk/test/unit/test_http3_server_not_existing.js create mode 100644 netwerk/test/unit/test_http3_trans_close.js create mode 100644 netwerk/test/unit/test_http3_version1.js create mode 100644 netwerk/test/unit/test_httpResponseTimeout.js create mode 100644 netwerk/test/unit/test_http_408_retry.js create mode 100644 netwerk/test/unit/test_http_headers.js create mode 100644 netwerk/test/unit/test_http_server_timing.js create mode 100644 netwerk/test/unit/test_http_sfv.js create mode 100644 netwerk/test/unit/test_httpauth.js create mode 100644 netwerk/test/unit/test_httpcancel.js create mode 100644 netwerk/test/unit/test_https_rr_ech_prefs.js create mode 100644 netwerk/test/unit/test_https_rr_sorted_alpn.js create mode 100644 netwerk/test/unit/test_httpssvc_ech_with_alpn.js create mode 100644 netwerk/test/unit/test_httpssvc_https_upgrade.js create mode 100644 netwerk/test/unit/test_httpssvc_iphint.js create mode 100644 netwerk/test/unit/test_httpssvc_priority.js create mode 100644 netwerk/test/unit/test_httpssvc_retry_with_ech.js create mode 100644 netwerk/test/unit/test_httpssvc_retry_without_ech.js create mode 100644 netwerk/test/unit/test_httpsuspend.js create mode 100644 netwerk/test/unit/test_idn_blacklist.js create mode 100644 netwerk/test/unit/test_idn_spoof.js create mode 100644 netwerk/test/unit/test_idn_urls.js create mode 100644 netwerk/test/unit/test_idna2008.js create mode 100644 netwerk/test/unit/test_idnservice.js create mode 100644 netwerk/test/unit/test_immutable.js create mode 100644 netwerk/test/unit/test_inhibit_caching.js create mode 100644 netwerk/test/unit/test_ioservice.js create mode 100644 netwerk/test/unit/test_large_port.js create mode 100644 netwerk/test/unit/test_link.desktop create mode 100644 netwerk/test/unit/test_link.lnk create mode 100644 netwerk/test/unit/test_link.url create mode 100644 netwerk/test/unit/test_loadgroup_cancel.js create mode 100644 netwerk/test/unit/test_localhost_offline.js create mode 100644 netwerk/test/unit/test_localstreams.js create mode 100644 netwerk/test/unit/test_mismatch_last-modified.js create mode 100644 netwerk/test/unit/test_mozTXTToHTMLConv.js create mode 100644 netwerk/test/unit/test_multipart_byteranges.js create mode 100644 netwerk/test/unit/test_multipart_streamconv-byte-by-byte.js create mode 100644 netwerk/test/unit/test_multipart_streamconv.js create mode 100644 netwerk/test/unit/test_multipart_streamconv_empty.js create mode 100644 netwerk/test/unit/test_multipart_streamconv_missing_boundary_lead_dashes.js create mode 100644 netwerk/test/unit/test_multipart_streamconv_missing_lead_boundary.js create mode 100644 netwerk/test/unit/test_nestedabout_serialize.js create mode 100644 netwerk/test/unit/test_net_addr.js create mode 100644 netwerk/test/unit/test_network_connectivity_service.js create mode 100644 netwerk/test/unit/test_networking_over_socket_process.js create mode 100644 netwerk/test/unit/test_no_cookies_after_last_pb_exit.js create mode 100644 netwerk/test/unit/test_node_execute.js create mode 100644 netwerk/test/unit/test_nojsredir.js create mode 100644 netwerk/test/unit/test_non_ipv4_hostname_ending_in_number_cookie_db.js create mode 100644 netwerk/test/unit/test_nsIBufferedOutputStream_writeFrom_block.js create mode 100644 netwerk/test/unit/test_ntlm_authentication.js create mode 100644 netwerk/test/unit/test_ntlm_proxy_and_web_auth.js create mode 100644 netwerk/test/unit/test_ntlm_proxy_auth.js create mode 100644 netwerk/test/unit/test_ntlm_web_auth.js create mode 100644 netwerk/test/unit/test_oblivious_http.js create mode 100644 netwerk/test/unit/test_obs-fold.js create mode 100644 netwerk/test/unit/test_offline_status.js create mode 100644 netwerk/test/unit/test_ohttp.js create mode 100644 netwerk/test/unit/test_orb_empty_header.js create mode 100644 netwerk/test/unit/test_origin.js create mode 100644 netwerk/test/unit/test_original_sent_received_head.js create mode 100644 netwerk/test/unit/test_pac_reload_after_network_change.js create mode 100644 netwerk/test/unit/test_parse_content_type.js create mode 100644 netwerk/test/unit/test_partial_response_entry_size_smart_shrink.js create mode 100644 netwerk/test/unit/test_permmgr.js create mode 100644 netwerk/test/unit/test_ping_aboutnetworking.js create mode 100644 netwerk/test/unit/test_plaintext_sniff.js create mode 100644 netwerk/test/unit/test_port_remapping.js create mode 100644 netwerk/test/unit/test_post.js create mode 100644 netwerk/test/unit/test_predictor.js create mode 100644 netwerk/test/unit/test_private_cookie_changed.js create mode 100644 netwerk/test/unit/test_private_necko_channel.js create mode 100644 netwerk/test/unit/test_progress.js create mode 100644 netwerk/test/unit/test_progress_no_proxy_and_proxy.js create mode 100644 netwerk/test/unit/test_protocolproxyservice-async-filters.js create mode 100644 netwerk/test/unit/test_protocolproxyservice.js create mode 100644 netwerk/test/unit/test_proxy-failover_canceled.js create mode 100644 netwerk/test/unit/test_proxy-failover_passing.js create mode 100644 netwerk/test/unit/test_proxy-replace_canceled.js create mode 100644 netwerk/test/unit/test_proxy-replace_passing.js create mode 100644 netwerk/test/unit/test_proxy-slow-upload.js create mode 100644 netwerk/test/unit/test_proxy_cancel.js create mode 100644 netwerk/test/unit/test_proxy_pac.js create mode 100644 netwerk/test/unit/test_proxyconnect.js create mode 100644 netwerk/test/unit/test_psl.js create mode 100644 netwerk/test/unit/test_race_cache_with_network.js create mode 100644 netwerk/test/unit/test_range_requests.js create mode 100644 netwerk/test/unit/test_rcwn_always_cache_new_content.js create mode 100644 netwerk/test/unit/test_rcwn_interrupted.js create mode 100644 netwerk/test/unit/test_readline.js create mode 100644 netwerk/test/unit/test_redirect-caching_canceled.js create mode 100644 netwerk/test/unit/test_redirect-caching_failure.js create mode 100644 netwerk/test/unit/test_redirect-caching_passing.js create mode 100644 netwerk/test/unit/test_redirect_baduri.js create mode 100644 netwerk/test/unit/test_redirect_canceled.js create mode 100644 netwerk/test/unit/test_redirect_different-protocol.js create mode 100644 netwerk/test/unit/test_redirect_failure.js create mode 100644 netwerk/test/unit/test_redirect_from_script.js create mode 100644 netwerk/test/unit/test_redirect_from_script_after-open_passing.js create mode 100644 netwerk/test/unit/test_redirect_history.js create mode 100644 netwerk/test/unit/test_redirect_loop.js create mode 100644 netwerk/test/unit/test_redirect_passing.js create mode 100644 netwerk/test/unit/test_redirect_protocol_telemetry.js create mode 100644 netwerk/test/unit/test_redirect_veto.js create mode 100644 netwerk/test/unit/test_reentrancy.js create mode 100644 netwerk/test/unit/test_referrer.js create mode 100644 netwerk/test/unit/test_referrer_cross_origin.js create mode 100644 netwerk/test/unit/test_referrer_policy.js create mode 100644 netwerk/test/unit/test_reopen.js create mode 100644 netwerk/test/unit/test_reply_without_content_type.js create mode 100644 netwerk/test/unit/test_resumable_channel.js create mode 100644 netwerk/test/unit/test_resumable_truncate.js create mode 100644 netwerk/test/unit/test_retry_0rtt.js create mode 100644 netwerk/test/unit/test_safeoutputstream.js create mode 100644 netwerk/test/unit/test_safeoutputstream_append.js create mode 100644 netwerk/test/unit/test_schema_10_migration.js create mode 100644 netwerk/test/unit/test_schema_12_migration.js create mode 100644 netwerk/test/unit/test_schema_13_db.js create mode 100644 netwerk/test/unit/test_schema_2_migration.js create mode 100644 netwerk/test/unit/test_schema_3_migration.js create mode 100644 netwerk/test/unit/test_separate_connections.js create mode 100644 netwerk/test/unit/test_servers.js create mode 100644 netwerk/test/unit/test_signature_extraction.js create mode 100644 netwerk/test/unit/test_simple.js create mode 100644 netwerk/test/unit/test_sockettransportsvc_available.js create mode 100644 netwerk/test/unit/test_socks.js create mode 100644 netwerk/test/unit/test_speculative_connect.js create mode 100644 netwerk/test/unit/test_stale-while-revalidate_loop.js create mode 100644 netwerk/test/unit/test_stale-while-revalidate_max-age-0.js create mode 100644 netwerk/test/unit/test_stale-while-revalidate_negative.js create mode 100644 netwerk/test/unit/test_stale-while-revalidate_positive.js create mode 100644 netwerk/test/unit/test_standardurl.js create mode 100644 netwerk/test/unit/test_standardurl_default_port.js create mode 100644 netwerk/test/unit/test_standardurl_port.js create mode 100644 netwerk/test/unit/test_streamcopier.js create mode 100644 netwerk/test/unit/test_substituting_protocol_handler.js create mode 100644 netwerk/test/unit/test_suspend_channel_before_connect.js create mode 100644 netwerk/test/unit/test_suspend_channel_on_authRetry.js create mode 100644 netwerk/test/unit/test_suspend_channel_on_examine.js create mode 100644 netwerk/test/unit/test_suspend_channel_on_examine_merged_response.js create mode 100644 netwerk/test/unit/test_suspend_channel_on_modified.js create mode 100644 netwerk/test/unit/test_synthesized_response.js create mode 100644 netwerk/test/unit/test_throttlechannel.js create mode 100644 netwerk/test/unit/test_throttlequeue.js create mode 100644 netwerk/test/unit/test_throttling.js create mode 100644 netwerk/test/unit/test_tldservice_nextsubdomain.js create mode 100644 netwerk/test/unit/test_tls13_disabled.js create mode 100644 netwerk/test/unit/test_tls_flags.js create mode 100644 netwerk/test/unit/test_tls_flags_separate_connections.js create mode 100644 netwerk/test/unit/test_tls_server.js create mode 100644 netwerk/test/unit/test_tls_server_multiple_clients.js create mode 100644 netwerk/test/unit/test_traceable_channel.js create mode 100644 netwerk/test/unit/test_trackingProtection_annotateChannels.js create mode 100644 netwerk/test/unit/test_trr.js create mode 100644 netwerk/test/unit/test_trr_additional_section.js create mode 100644 netwerk/test/unit/test_trr_af_fallback.js create mode 100644 netwerk/test/unit/test_trr_blocklist.js create mode 100644 netwerk/test/unit/test_trr_cancel.js create mode 100644 netwerk/test/unit/test_trr_case_sensitivity.js create mode 100644 netwerk/test/unit/test_trr_cname_chain.js create mode 100644 netwerk/test/unit/test_trr_confirmation.js create mode 100644 netwerk/test/unit/test_trr_decoding.js create mode 100644 netwerk/test/unit/test_trr_domain.js create mode 100644 netwerk/test/unit/test_trr_enterprise_policy.js create mode 100644 netwerk/test/unit/test_trr_extended_error.js create mode 100644 netwerk/test/unit/test_trr_https_fallback.js create mode 100644 netwerk/test/unit/test_trr_httpssvc.js create mode 100644 netwerk/test/unit/test_trr_nat64.js create mode 100644 netwerk/test/unit/test_trr_noPrefetch.js create mode 100644 netwerk/test/unit/test_trr_proxy.js create mode 100644 netwerk/test/unit/test_trr_proxy_auth.js create mode 100644 netwerk/test/unit/test_trr_strict_mode.js create mode 100644 netwerk/test/unit/test_trr_telemetry.js create mode 100644 netwerk/test/unit/test_trr_ttl.js create mode 100644 netwerk/test/unit/test_trr_with_proxy.js create mode 100644 netwerk/test/unit/test_udp_multicast.js create mode 100644 netwerk/test/unit/test_udpsocket.js create mode 100644 netwerk/test/unit/test_udpsocket_offline.js create mode 100644 netwerk/test/unit/test_unescapestring.js create mode 100644 netwerk/test/unit/test_unix_domain.js create mode 100644 netwerk/test/unit/test_uri_mutator.js create mode 100644 netwerk/test/unit/test_use_httpssvc.js create mode 100644 netwerk/test/unit/test_verify_traffic.js create mode 100644 netwerk/test/unit/test_websocket_500k.js create mode 100644 netwerk/test/unit/test_websocket_fails.js create mode 100644 netwerk/test/unit/test_websocket_fails_2.js create mode 100644 netwerk/test/unit/test_websocket_offline.js create mode 100644 netwerk/test/unit/test_websocket_server.js create mode 100644 netwerk/test/unit/test_websocket_server_multiclient.js create mode 100644 netwerk/test/unit/test_websocket_with_h3_active.js create mode 100644 netwerk/test/unit/test_webtransport_simple.js create mode 100644 netwerk/test/unit/test_xmlhttprequest.js create mode 100644 netwerk/test/unit/trr_common.js create mode 100644 netwerk/test/unit/xpcshell.toml create mode 100644 netwerk/test/unit_ipc/child_channel_id.js create mode 100644 netwerk/test/unit_ipc/child_cookie_header.js create mode 100644 netwerk/test/unit_ipc/child_dns_by_type_resolve.js create mode 100644 netwerk/test/unit_ipc/child_is_proxy_used.js create mode 100644 netwerk/test/unit_ipc/child_veto_in_parent.js create mode 100644 netwerk/test/unit_ipc/head_channels_clone.js create mode 100644 netwerk/test/unit_ipc/head_http3_clone.js create mode 100644 netwerk/test/unit_ipc/head_trr_clone.js create mode 100644 netwerk/test/unit_ipc/test_XHR_redirects.js create mode 100644 netwerk/test/unit_ipc/test_alt-data_closeWithStatus_wrap.js create mode 100644 netwerk/test/unit_ipc/test_alt-data_cross_process_wrap.js create mode 100644 netwerk/test/unit_ipc/test_alt-data_simple_wrap.js create mode 100644 netwerk/test/unit_ipc/test_alt-data_stream_wrap.js create mode 100644 netwerk/test/unit_ipc/test_cache-entry-id_wrap.js create mode 100644 netwerk/test/unit_ipc/test_cache_jar_wrap.js create mode 100644 netwerk/test/unit_ipc/test_cacheflags_wrap.js create mode 100644 netwerk/test/unit_ipc/test_channel_close_wrap.js create mode 100644 netwerk/test/unit_ipc/test_channel_id.js create mode 100644 netwerk/test/unit_ipc/test_channel_priority_wrap.js create mode 100644 netwerk/test/unit_ipc/test_chunked_responses_wrap.js create mode 100644 netwerk/test/unit_ipc/test_cookie_header_stripped.js create mode 100644 netwerk/test/unit_ipc/test_cookiejars_wrap.js create mode 100644 netwerk/test/unit_ipc/test_dns_by_type_resolve_wrap.js create mode 100644 netwerk/test/unit_ipc/test_dns_cancel_wrap.js create mode 100644 netwerk/test/unit_ipc/test_dns_service_wrap.js create mode 100644 netwerk/test/unit_ipc/test_duplicate_headers_wrap.js create mode 100644 netwerk/test/unit_ipc/test_event_sink_wrap.js create mode 100644 netwerk/test/unit_ipc/test_getHost_wrap.js create mode 100644 netwerk/test/unit_ipc/test_gio_protocol_wrap.js create mode 100644 netwerk/test/unit_ipc/test_head_wrap.js create mode 100644 netwerk/test/unit_ipc/test_headers_wrap.js create mode 100644 netwerk/test/unit_ipc/test_http3_prio_disabled_wrap.js create mode 100644 netwerk/test/unit_ipc/test_http3_prio_enabled_wrap.js create mode 100644 netwerk/test/unit_ipc/test_httpcancel_wrap.js create mode 100644 netwerk/test/unit_ipc/test_httpsuspend_wrap.js create mode 100644 netwerk/test/unit_ipc/test_is_proxy_used.js create mode 100644 netwerk/test/unit_ipc/test_multipart_streamconv_wrap.js create mode 100644 netwerk/test/unit_ipc/test_orb_empty_header_wrap.js create mode 100644 netwerk/test/unit_ipc/test_original_sent_received_head_wrap.js create mode 100644 netwerk/test/unit_ipc/test_post_wrap.js create mode 100644 netwerk/test/unit_ipc/test_predictor_wrap.js create mode 100644 netwerk/test/unit_ipc/test_progress_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect-caching_canceled_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect-caching_failure_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect-caching_passing_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_canceled_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_different-protocol_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_failure_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_from_script_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_history_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_passing_wrap.js create mode 100644 netwerk/test/unit_ipc/test_redirect_veto_parent.js create mode 100644 netwerk/test/unit_ipc/test_redirect_veto_wrap.js create mode 100644 netwerk/test/unit_ipc/test_reentrancy_wrap.js create mode 100644 netwerk/test/unit_ipc/test_reply_without_content_type_wrap.js create mode 100644 netwerk/test/unit_ipc/test_resumable_channel_wrap.js create mode 100644 netwerk/test/unit_ipc/test_simple_wrap.js create mode 100644 netwerk/test/unit_ipc/test_trackingProtection_annotateChannels_wrap1.js create mode 100644 netwerk/test/unit_ipc/test_trackingProtection_annotateChannels_wrap2.js create mode 100644 netwerk/test/unit_ipc/test_trr_httpssvc_wrap.js create mode 100644 netwerk/test/unit_ipc/test_xmlhttprequest_wrap.js create mode 100644 netwerk/test/unit_ipc/xpcshell.toml create mode 100644 netwerk/test/useragent/browser_nonsnap.toml create mode 100644 netwerk/test/useragent/browser_snap.toml create mode 100644 netwerk/test/useragent/browser_ua_nonsnap.js create mode 100644 netwerk/test/useragent/browser_ua_snap_ubuntu.js (limited to 'netwerk/test') diff --git a/netwerk/test/browser/103_preload.html b/netwerk/test/browser/103_preload.html new file mode 100644 index 0000000000..9583815cfb --- /dev/null +++ b/netwerk/test/browser/103_preload.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/103_preload.html^headers^ b/netwerk/test/browser/103_preload.html^headers^ new file mode 100644 index 0000000000..9e23c73b7f --- /dev/null +++ b/netwerk/test/browser/103_preload.html^headers^ @@ -0,0 +1 @@ +Cache-Control: no-cache diff --git a/netwerk/test/browser/103_preload.html^informationalResponse^ b/netwerk/test/browser/103_preload.html^informationalResponse^ new file mode 100644 index 0000000000..b95a96e74b --- /dev/null +++ b/netwerk/test/browser/103_preload.html^informationalResponse^ @@ -0,0 +1,2 @@ +HTTP 103 Too Early +Link: ; rel=preload; as=image diff --git a/netwerk/test/browser/103_preload_anchor.html b/netwerk/test/browser/103_preload_anchor.html new file mode 100644 index 0000000000..c12fe92072 --- /dev/null +++ b/netwerk/test/browser/103_preload_anchor.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/103_preload_anchor.html^headers^ b/netwerk/test/browser/103_preload_anchor.html^headers^ new file mode 100644 index 0000000000..9e23c73b7f --- /dev/null +++ b/netwerk/test/browser/103_preload_anchor.html^headers^ @@ -0,0 +1 @@ +Cache-Control: no-cache diff --git a/netwerk/test/browser/103_preload_anchor.html^informationalResponse^ b/netwerk/test/browser/103_preload_anchor.html^informationalResponse^ new file mode 100644 index 0000000000..1099062e15 --- /dev/null +++ b/netwerk/test/browser/103_preload_anchor.html^informationalResponse^ @@ -0,0 +1,2 @@ +HTTP 103 Early Hints +Link: ; rel=preload; as=image; anchor="/browser/" diff --git a/netwerk/test/browser/103_preload_and_404.html b/netwerk/test/browser/103_preload_and_404.html new file mode 100644 index 0000000000..f09f5cb085 --- /dev/null +++ b/netwerk/test/browser/103_preload_and_404.html @@ -0,0 +1,6 @@ + + 404 Not Found + +

404 Not Found

+ + diff --git a/netwerk/test/browser/103_preload_and_404.html^headers^ b/netwerk/test/browser/103_preload_and_404.html^headers^ new file mode 100644 index 0000000000..937e38c6c4 --- /dev/null +++ b/netwerk/test/browser/103_preload_and_404.html^headers^ @@ -0,0 +1 @@ +HTTP 404 Not Found diff --git a/netwerk/test/browser/103_preload_and_404.html^informationalResponse^ b/netwerk/test/browser/103_preload_and_404.html^informationalResponse^ new file mode 100644 index 0000000000..78cb7efea4 --- /dev/null +++ b/netwerk/test/browser/103_preload_and_404.html^informationalResponse^ @@ -0,0 +1,2 @@ +HTTP 103 Early Hints +Link: ; rel=preload; as=image diff --git a/netwerk/test/browser/103_preload_csp_imgsrc_none.html b/netwerk/test/browser/103_preload_csp_imgsrc_none.html new file mode 100644 index 0000000000..367e80a6b3 --- /dev/null +++ b/netwerk/test/browser/103_preload_csp_imgsrc_none.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/103_preload_csp_imgsrc_none.html^headers^ b/netwerk/test/browser/103_preload_csp_imgsrc_none.html^headers^ new file mode 100644 index 0000000000..b4dedd0812 --- /dev/null +++ b/netwerk/test/browser/103_preload_csp_imgsrc_none.html^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-cache +Content-Security-Policy: img-src 'none' diff --git a/netwerk/test/browser/103_preload_csp_imgsrc_none.html^informationalResponse^ b/netwerk/test/browser/103_preload_csp_imgsrc_none.html^informationalResponse^ new file mode 100644 index 0000000000..d82224fd07 --- /dev/null +++ b/netwerk/test/browser/103_preload_csp_imgsrc_none.html^informationalResponse^ @@ -0,0 +1,2 @@ +HTTP 103 Too Early +Link: ; rel=preload; as=image diff --git a/netwerk/test/browser/103_preload_iframe.html b/netwerk/test/browser/103_preload_iframe.html new file mode 100644 index 0000000000..815a14220f --- /dev/null +++ b/netwerk/test/browser/103_preload_iframe.html @@ -0,0 +1,6 @@ + + + + + + +`; + } else if (this.uri.spec.startsWith(ACTION_BASE)) { + var postData = ""; + var headers = {}; + if (this._uploadStream) { + var bstream = Cc["@mozilla.org/binaryinputstream;1"].createInstance( + Ci.nsIBinaryInputStream + ); + bstream.setInputStream(this._uploadStream); + postData = bstream.readBytes(bstream.available()); + + if (this._uploadStream instanceof Ci.nsIMIMEInputStream) { + this._uploadStream.visitHeaders((name, value) => { + headers[name] = value; + }); + } + } + data += ` + + + +`; + } + + data += ` + + +`; + + var stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( + Ci.nsIStringInputStream + ); + stream.setData(data, data.length); + + var runnable = { + run: () => { + try { + aListener.onStartRequest(this, null); + } catch (e) {} + try { + aListener.onDataAvailable(this, stream, 0, stream.available()); + } catch (e) {} + try { + aListener.onStopRequest(this, null, Cr.NS_OK); + } catch (e) {} + }, + }; + Services.tm.dispatchToMainThread(runnable); + }, + + /** nsIRequest */ + get name() { + return this.uri.spec; + }, + isPending() { + return false; + }, + get status() { + return Cr.NS_OK; + }, + cancel(status) {}, + loadGroup: null, + loadFlags: + Ci.nsIRequest.LOAD_NORMAL | + Ci.nsIRequest.INHIBIT_CACHING | + Ci.nsIRequest.LOAD_BYPASS_CACHE, +}; + +function frameScript() { + /* eslint-env mozilla/frame-script */ + /* eslint-disable mozilla/no-arbitrary-setTimeout */ + addMessageListener("Test:WaitForIFrame", function () { + var check = function () { + if (content) { + var frame = content.document.getElementById("frame"); + if (frame) { + var upload_stream = + frame.contentDocument.getElementById("upload_stream"); + var post_data = frame.contentDocument.getElementById("post_data"); + var headers = frame.contentDocument.getElementById("upload_headers"); + if (upload_stream && post_data && headers) { + sendAsyncMessage("Test:IFrameLoaded", [ + upload_stream.value, + post_data.value, + headers.value, + ]); + return; + } + } + } + + setTimeout(check, 100); + }; + + check(); + }); + /* eslint-enable mozilla/no-arbitrary-setTimeout */ +} + +function loadTestTab(uri) { + gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, uri); + var browser = gBrowser.selectedBrowser; + + let manager = browser.messageManager; + browser.messageManager.loadFrameScript( + "data:,(" + frameScript.toString() + ")();", + true + ); + + return new Promise(resolve => { + function listener({ data: [hasUploadStream, postData, headers] }) { + manager.removeMessageListener("Test:IFrameLoaded", listener); + resolve([hasUploadStream, atob(postData), JSON.parse(headers)]); + } + + manager.addMessageListener("Test:IFrameLoaded", listener); + manager.sendAsyncMessage("Test:WaitForIFrame"); + }); +} + +add_task(async function () { + var handler = new CustomProtocolHandler(); + Services.io.registerProtocolHandler( + SCHEME, + handler, + Ci.nsIProtocolHandler.URI_NORELATIVE | + Ci.nsIProtocolHandler.URI_IS_LOCAL_RESOURCE, + -1 + ); + registerCleanupFunction(function () { + Services.io.unregisterProtocolHandler(SCHEME); + }); +}); + +add_task(async function () { + var [hasUploadStream] = await loadTestTab(NORMAL_FORM_URI); + is(hasUploadStream, "no", "normal action should not have uploadStream"); + + gBrowser.removeCurrentTab(); +}); + +add_task(async function () { + var [hasUploadStream] = await loadTestTab(UPLOAD_FORM_URI); + is(hasUploadStream, "no", "upload action should not have uploadStream"); + + gBrowser.removeCurrentTab(); +}); + +add_task(async function () { + var [hasUploadStream, postData, headers] = await loadTestTab(POST_FORM_URI); + + is(hasUploadStream, "yes", "post action should have uploadStream"); + is(postData, "foo=bar\r\n", "POST data is received correctly"); + + is(headers["Content-Type"], "text/plain", "Content-Type header is correct"); + is(headers["Content-Length"], undefined, "Content-Length header is correct"); + + gBrowser.removeCurrentTab(); +}); diff --git a/netwerk/test/browser/browser_post_auth.js b/netwerk/test/browser/browser_post_auth.js new file mode 100644 index 0000000000..24104f96d6 --- /dev/null +++ b/netwerk/test/browser/browser_post_auth.js @@ -0,0 +1,65 @@ +"use strict"; + +const { PromptTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/PromptTestUtils.sys.mjs" +); + +const FOLDER = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content/", + "http://mochi.test:8888/" +); + +add_task(async function () { + let tab = await BrowserTestUtils.openNewForegroundTab( + gBrowser, + "about:blank" + ); + let browserLoadedPromise = BrowserTestUtils.browserLoaded( + tab.linkedBrowser, + true, + `${FOLDER}post.html` + ); + BrowserTestUtils.startLoadingURIString( + tab.linkedBrowser, + `${FOLDER}post.html` + ); + await browserLoadedPromise; + + let finalLoadPromise = BrowserTestUtils.browserLoaded( + tab.linkedBrowser, + true, + `${FOLDER}auth_post.sjs` + ); + + await SpecialPowers.spawn(tab.linkedBrowser, [], async function () { + let file = new content.File( + [new content.Blob(["1234".repeat(1024 * 500)], { type: "text/plain" })], + "test-name" + ); + content.document.getElementById("input_file").mozSetFileArray([file]); + content.document.getElementById("form").submit(); + }); + + let promptPromise = PromptTestUtils.handleNextPrompt( + tab.linkedBrowser, + { + modalType: Services.prefs.getIntPref("prompts.modalType.httpAuth"), + promptType: "promptUserAndPass", + }, + { buttonNumClick: 0, loginInput: "user", passwordInput: "pass" } + ); + + await promptPromise; + + await finalLoadPromise; + + await SpecialPowers.spawn(tab.linkedBrowser, [], async function () { + Assert.ok(content.location.href.includes("auth_post.sjs")); + Assert.ok(content.document.body.innerHTML.includes("1234")); + }); + + BrowserTestUtils.removeTab(tab); + + // Clean up any active logins we added during the test. + Services.obs.notifyObservers(null, "net:clear-active-logins"); +}); diff --git a/netwerk/test/browser/browser_post_file.js b/netwerk/test/browser/browser_post_file.js new file mode 100644 index 0000000000..8b156dff9e --- /dev/null +++ b/netwerk/test/browser/browser_post_file.js @@ -0,0 +1,71 @@ +/* + * Tests for bug 1241100: Post to local file should not overwrite the file. + */ +"use strict"; + +async function createTestFile(filename, content) { + let path = PathUtils.join(PathUtils.tempDir, filename); + await IOUtils.writeUTF8(path, content); + return path; +} + +add_task(async function () { + var postFilename = "post_file.html"; + var actionFilename = "action_file.html"; + + var postFileContent = ` + + + + +post file + + +
+ + +
+ + + +`; + + var actionFileContent = ` + + + + +action file + + +
ok
+ + +`; + + var postPath = await createTestFile(postFilename, postFileContent); + var actionPath = await createTestFile(actionFilename, actionFileContent); + + var postURI = PathUtils.toFileURI(postPath); + var actionURI = PathUtils.toFileURI(actionPath); + + let tab = await BrowserTestUtils.openNewForegroundTab( + gBrowser, + "about:blank" + ); + let browserLoadedPromise = BrowserTestUtils.browserLoaded( + tab.linkedBrowser, + true, + actionURI + ); + BrowserTestUtils.startLoadingURIString(tab.linkedBrowser, postURI); + await browserLoadedPromise; + + var actionFileContentAfter = await IOUtils.readUTF8(actionPath); + is(actionFileContentAfter, actionFileContent, "action file is not modified"); + + await IOUtils.remove(postPath); + await IOUtils.remove(actionPath); + + gBrowser.removeCurrentTab(); +}); diff --git a/netwerk/test/browser/browser_purgeCache_idle_daily.js b/netwerk/test/browser/browser_purgeCache_idle_daily.js new file mode 100644 index 0000000000..21ba46af1d --- /dev/null +++ b/netwerk/test/browser/browser_purgeCache_idle_daily.js @@ -0,0 +1,86 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +add_task(async function test_idle_cleanup() { + Services.fog.testResetFOG(); + Services.prefs.setBoolPref( + "network.cache.shutdown_purge_in_background_task", + true + ); + Services.prefs.setBoolPref("privacy.clearOnShutdown.cache", true); + Services.prefs.setBoolPref("privacy.sanitize.sanitizeOnShutdown", true); + let dir = Services.dirsvc.get("ProfD", Ci.nsIFile); + dir.append("cache2.2021-11-25-08-47-04.purge.bg_rm"); + Assert.equal(dir.exists(), false, `Folder ${dir.path} should not exist`); + dir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o744); + Assert.equal( + dir.exists(), + true, + `Folder ${dir.path} should have been created` + ); + + Services.obs.notifyObservers(null, "idle-daily"); + + await TestUtils.waitForCondition(() => { + return !dir.exists(); + }); + + Assert.equal( + dir.exists(), + false, + `Folder ${dir.path} should have been purged by background task` + ); + Assert.equal( + await Glean.networking.residualCacheFolderCount.testGetValue(), + 1 + ); + Assert.equal( + await Glean.networking.residualCacheFolderRemoval.success.testGetValue(), + 1 + ); + Assert.equal( + await Glean.networking.residualCacheFolderRemoval.failure.testGetValue(), + null + ); + + // Check that telemetry properly detects folders failing to be deleted when readonly + // Making folders readonly only works on windows + if (AppConstants.platform == "win") { + dir.create(Ci.nsIFile.DIRECTORY_TYPE, 0o744); + dir.QueryInterface(Ci.nsILocalFileWin).readOnly = true; + + Services.obs.notifyObservers(null, "idle-daily"); + + await BrowserTestUtils.waitForCondition(async () => { + return ( + (await Glean.networking.residualCacheFolderRemoval.failure.testGetValue()) == + 1 + ); + }); + + Assert.equal( + await Glean.networking.residualCacheFolderCount.testGetValue(), + 2 + ); + Assert.equal( + await Glean.networking.residualCacheFolderRemoval.success.testGetValue(), + 1 + ); + Assert.equal( + await Glean.networking.residualCacheFolderRemoval.failure.testGetValue(), + 1 + ); + + dir.QueryInterface(Ci.nsILocalFileWin).readOnly = false; + dir.remove(true); + } + + Services.prefs.clearUserPref( + "network.cache.shutdown_purge_in_background_task" + ); + Services.prefs.clearUserPref("privacy.clearOnShutdown.cache"); + Services.prefs.clearUserPref("privacy.sanitize.sanitizeOnShutdown"); +}); diff --git a/netwerk/test/browser/browser_resource_navigation.js b/netwerk/test/browser/browser_resource_navigation.js new file mode 100644 index 0000000000..56ec280b83 --- /dev/null +++ b/netwerk/test/browser/browser_resource_navigation.js @@ -0,0 +1,76 @@ +/* + * Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ + */ + +"use strict"; + +add_task(async function () { + info("Make sure navigation through links in resource:// pages work"); + + await BrowserTestUtils.withNewTab( + { gBrowser, url: "resource://gre/" }, + async function (browser) { + // Following a directory link shall properly open the directory (bug 1224046) + await SpecialPowers.spawn(browser, [], function () { + let link = Array.prototype.filter.call( + content.document.getElementsByClassName("dir"), + function (element) { + let name = element.textContent; + // Depending whether resource:// is backed by jar: or file://, + // directories either have a trailing slash or they don't. + if (name.endsWith("/")) { + name = name.slice(0, -1); + } + return name == "components"; + } + )[0]; + // First ensure the link is in the viewport + link.scrollIntoView(); + // Then click on it. + link.click(); + }); + + await BrowserTestUtils.browserLoaded( + browser, + undefined, + "resource://gre/components/" + ); + + // Following the parent link shall properly open the parent (bug 1366180) + await SpecialPowers.spawn(browser, [], function () { + let link = content.document + .getElementById("UI_goUp") + .getElementsByTagName("a")[0]; + // The link should always be high enough in the page to be in the viewport. + link.click(); + }); + + await BrowserTestUtils.browserLoaded( + browser, + undefined, + "resource://gre/" + ); + + // Following a link to a given file shall properly open the file. + await SpecialPowers.spawn(browser, [], function () { + let link = Array.prototype.filter.call( + content.document.getElementsByClassName("file"), + function (element) { + return element.textContent == "greprefs.js"; + } + )[0]; + link.scrollIntoView(); + link.click(); + }); + + await BrowserTestUtils.browserLoaded( + browser, + undefined, + "resource://gre/greprefs.js" + ); + + ok(true, "Got to the end of the test!"); + } + ); +}); diff --git a/netwerk/test/browser/browser_speculative_connection_link_header.js b/netwerk/test/browser/browser_speculative_connection_link_header.js new file mode 100644 index 0000000000..24549d30b0 --- /dev/null +++ b/netwerk/test/browser/browser_speculative_connection_link_header.js @@ -0,0 +1,57 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +Services.prefs.setBoolPref("network.http.debug-observations", true); + +registerCleanupFunction(function () { + Services.prefs.clearUserPref("network.http.debug-observations"); +}); + +// Test steps: +// 1. Load file_link_header.sjs +// 2.`` is in +// file_link_header.sjs, so we will create a speculative connection. +// 3. We use "speculative-connect-request" topic to observe whether the +// speculative connection is attempted. +// 4. Finally, we check if the observed host and partition key are the same and +// as the expected. +add_task(async function test_link_preconnect() { + let requestUrl = `https://example.com/browser/netwerk/test/browser/file_link_header.sjs`; + + let observed = ""; + let observer = { + QueryInterface: ChromeUtils.generateQI(["nsIObserver"]), + observe(aSubject, aTopic, aData) { + if (aTopic == "speculative-connect-request") { + Services.obs.removeObserver(observer, "speculative-connect-request"); + observed = aData; + } + }, + }; + Services.obs.addObserver(observer, "speculative-connect-request"); + + await BrowserTestUtils.withNewTab( + { + gBrowser, + url: requestUrl, + waitForLoad: true, + }, + async function () {} + ); + + // The hash key should be like: + // ".S........[tlsflags0x00000000]localhost:443^partitionKey=%28https%2Cexample.com%29" + + // Extracting "localhost:443" + let hostPortRegex = /\[.*\](.*?)\^/; + let hostPortMatch = hostPortRegex.exec(observed); + let hostPort = hostPortMatch ? hostPortMatch[1] : ""; + // Extracting "%28https%2Cexample.com%29" + let partitionKeyRegex = /\^partitionKey=(.*)$/; + let partitionKeyMatch = partitionKeyRegex.exec(observed); + let partitionKey = partitionKeyMatch ? partitionKeyMatch[1] : ""; + + Assert.equal(hostPort, "localhost:443"); + Assert.equal(partitionKey, "%28https%2Cexample.com%29"); +}); diff --git a/netwerk/test/browser/browser_test_data_channel_observer.js b/netwerk/test/browser/browser_test_data_channel_observer.js new file mode 100644 index 0000000000..e03bbc72e6 --- /dev/null +++ b/netwerk/test/browser/browser_test_data_channel_observer.js @@ -0,0 +1,35 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +const TEST_URI = "data:text/html;charset=utf-8,

Test"; + +let created = false; + +add_task(async function test_data_channel_observer() { + setupObserver(); + let tab = await BrowserTestUtils.addTab(gBrowser, TEST_URI); + await BrowserTestUtils.waitForCondition(() => created); + ok(created, "We received observer notification"); + await BrowserTestUtils.removeTab(tab); +}); + +function setupObserver() { + const observer = { + QueryInterface: ChromeUtils.generateQI(["nsIObserver"]), + + observe: function observe(subject, topic) { + switch (topic) { + case "data-channel-opened": + let channelURI = subject.QueryInterface(Ci.nsIChannel).URI.spec; + if (channelURI === TEST_URI) { + Services.obs.removeObserver(observer, "data-channel-opened"); + created = true; + } + break; + } + }, + }; + Services.obs.addObserver(observer, "data-channel-opened"); +} diff --git a/netwerk/test/browser/browser_test_favicon.js b/netwerk/test/browser/browser_test_favicon.js new file mode 100644 index 0000000000..99cc6b0922 --- /dev/null +++ b/netwerk/test/browser/browser_test_favicon.js @@ -0,0 +1,26 @@ +// Tests third party cookie blocking using a favicon loaded from a different +// domain. The cookie should be considered third party. +"use strict"; +add_task(async function () { + const iconUrl = + "http://example.org/browser/netwerk/test/browser/damonbowling.jpg"; + const pageUrl = + "http://example.com/browser/netwerk/test/browser/file_favicon.html"; + await SpecialPowers.pushPrefEnv({ + set: [["network.cookie.cookieBehavior", 1]], + }); + + let promise = TestUtils.topicObserved("cookie-rejected", subject => { + let uri = subject.QueryInterface(Ci.nsIURI); + return uri.spec == iconUrl; + }); + + // Kick off a page load that will load the favicon. + let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, pageUrl); + registerCleanupFunction(async function () { + BrowserTestUtils.removeTab(tab); + }); + + await promise; + ok(true, "foreign favicon cookie was blocked"); +}); diff --git a/netwerk/test/browser/browser_test_io_activity.js b/netwerk/test/browser/browser_test_io_activity.js new file mode 100644 index 0000000000..1e9cb29b6d --- /dev/null +++ b/netwerk/test/browser/browser_test_io_activity.js @@ -0,0 +1,50 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; +const ROOT_URL = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content/", + "https://example.com/" +); +const TEST_URL = "about:license"; +const TEST_URL2 = ROOT_URL + "ioactivity.html"; + +var gotSocket = false; +var gotFile = false; +var gotSqlite = false; +var gotEmptyData = false; + +function processResults(results) { + for (let data of results) { + console.log(data.location); + gotEmptyData = data.rx == 0 && data.tx == 0 && !gotEmptyData; + gotSocket = data.location.startsWith("socket://127.0.0.1:") || gotSocket; + gotFile = data.location.endsWith("aboutLicense.css") || gotFile; + gotSqlite = data.location.endsWith("places.sqlite") || gotSqlite; + // check for the write-ahead file as well + gotSqlite = data.location.endsWith("places.sqlite-wal") || gotSqlite; + } +} + +add_task(async function testRequestIOActivity() { + await SpecialPowers.pushPrefEnv({ + set: [["io.activity.enabled", true]], + }); + waitForExplicitFinish(); + Services.obs.notifyObservers(null, "profile-initial-state"); + + await BrowserTestUtils.withNewTab(TEST_URL, async function (browser) { + await BrowserTestUtils.withNewTab(TEST_URL2, async function (browser) { + let results = await ChromeUtils.requestIOActivity(); + processResults(results); + + ok(gotSocket, "A socket was used"); + // test deactivated for now + // ok(gotFile, "A file was used"); + ok(gotSqlite, "A sqlite DB was used"); + ok(!gotEmptyData, "Every I/O event had data"); + }); + }); +}); diff --git a/netwerk/test/browser/browser_test_offline_tab.js b/netwerk/test/browser/browser_test_offline_tab.js new file mode 100644 index 0000000000..bf60b4f462 --- /dev/null +++ b/netwerk/test/browser/browser_test_offline_tab.js @@ -0,0 +1,36 @@ +/* Any copyright is dedicated to the Public Domain. + http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +add_task(async function test_set_tab_offline() { + await BrowserTestUtils.withNewTab("https://example.com", async browser => { + // Set the tab to offline + gBrowser.selectedBrowser.browsingContext.forceOffline = true; + + await SpecialPowers.spawn(browser, [], async () => { + try { + await content.fetch("https://example.com/empty.html"); + ok(false, "Should not load since tab is offline"); + } catch (err) { + is(err.name, "TypeError", "Should fail since tab is offline"); + } + }); + }); +}); + +add_task(async function test_set_tab_online() { + await BrowserTestUtils.withNewTab("https://example.com", async browser => { + // Set the tab to online + gBrowser.selectedBrowser.browsingContext.forceOffline = false; + + await SpecialPowers.spawn(browser, [], async () => { + try { + await content.fetch("https://example.com/empty.html"); + ok(true, "Should load since tab is online"); + } catch (err) { + ok(false, "Should not fail since tab is online"); + } + }); + }); +}); diff --git a/netwerk/test/browser/cookie_filtering_helper.sys.mjs b/netwerk/test/browser/cookie_filtering_helper.sys.mjs new file mode 100644 index 0000000000..ab9d721359 --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_helper.sys.mjs @@ -0,0 +1,166 @@ +/* + * Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ + */ + +// The functions in this file will run in the content process in a test +// scope. +/* eslint-env mozilla/simpletest */ +/* global ContentTaskUtils, content */ + +import { NetUtil } from "resource://gre/modules/NetUtil.sys.mjs"; + +const info = console.log; + +export var HTTPS_EXAMPLE_ORG = "https://example.org"; +export var HTTPS_EXAMPLE_COM = "https://example.com"; +export var HTTP_EXAMPLE_COM = "http://example.com"; + +export function browserTestPath(uri) { + return uri + "/browser/netwerk/test/browser/"; +} + +export function waitForAllExpectedTests() { + return ContentTaskUtils.waitForCondition(() => { + return content.testDone === true; + }); +} + +export function cleanupObservers() { + Services.obs.notifyObservers(null, "cookie-content-filter-cleanup"); +} + +export async function preclean_test() { + // enable all cookies for the set-cookie trigger via setCookieStringFromHttp + Services.prefs.setIntPref("network.cookie.cookieBehavior", 0); + Services.prefs.setBoolPref( + "network.cookieJarSettings.unblocked_for_testing", + true + ); + + Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false); + Services.prefs.setBoolPref( + "network.cookie.sameSite.noneRequiresSecure", + false + ); + Services.prefs.setBoolPref("network.cookie.sameSite.schemeful", false); + + Services.cookies.removeAll(); +} + +export async function cleanup_test() { + Services.prefs.clearUserPref("network.cookie.cookieBehavior"); + Services.prefs.clearUserPref( + "network.cookieJarSettings.unblocked_for_testing" + ); + + Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault"); + Services.prefs.clearUserPref("network.cookie.sameSite.noneRequiresSecure"); + Services.prefs.clearUserPref("network.cookie.sameSite.schemeful"); + + Services.cookies.removeAll(); +} + +export async function fetchHelper(url, cookie, secure, domain = "") { + let headers = new Headers(); + + headers.append("return-set-cookie", cookie); + + if (!secure) { + headers.append("return-insecure-cookie", cookie); + } + + if (domain != "") { + headers.append("return-cookie-domain", domain); + } + + info("fetching " + url); + await fetch(url, { headers }); +} + +// cookie header strings with multiple name=value pairs delimited by \n +// will trigger multiple "cookie-changed" signals +export function triggerSetCookieFromHttp(uri, cookie, fpd = "", ucd = 0) { + info("about to trigger set-cookie: " + uri + " " + cookie); + let channel = NetUtil.newChannel({ + uri, + loadUsingSystemPrincipal: true, + contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT, + }); + + if (fpd != "") { + channel.loadInfo.originAttributes = { firstPartyDomain: fpd }; + } + + if (ucd != 0) { + channel.loadInfo.originAttributes = { userContextId: ucd }; + } + Services.cookies.setCookieStringFromHttp(uri, cookie, channel); +} + +export async function triggerSetCookieFromHttpPrivate(uri, cookie) { + info("about to trigger set-cookie: " + uri + " " + cookie); + let channel = NetUtil.newChannel({ + uri, + loadUsingSystemPrincipal: true, + contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT, + }).QueryInterface(Ci.nsIPrivateBrowsingChannel); + channel.loadInfo.originAttributes = { privateBrowsingId: 1 }; + channel.setPrivate(true); + Services.cookies.setCookieStringFromHttp(uri, cookie, channel); +} + +// observer/listener function that will be run on the content processes +// listens and checks for the expected cookies +export function checkExpectedCookies(expected, browserName) { + const COOKIE_FILTER_TEST_MESSAGE = "content-added-cookie"; + const COOKIE_FILTER_TEST_CLEANUP = "cookie-content-filter-cleanup"; + + // Counting the expected number of tests is vital to the integrity of these + // tests due to the fact that this test suite relies on triggering tests + // to occur on multiple content processes. + // As such, test modifications/bugs often lead to silent failures. + // Hence, we count to ensure we didn't break anything + // To reduce risk here, we modularize each test as much as possible to + // increase liklihood that a silent failure will trigger a no-test + // error/warning + content.testDone = false; + let testNumber = 0; + + // setup observer that continues listening/testing + function obs(subject, topic) { + // cleanup trigger recieved -> tear down the observer + if (topic == COOKIE_FILTER_TEST_CLEANUP) { + info("cleaning up: " + browserName); + Services.obs.removeObserver(obs, COOKIE_FILTER_TEST_MESSAGE); + Services.obs.removeObserver(obs, COOKIE_FILTER_TEST_CLEANUP); + return; + } + + // test trigger recv'd -> perform test on cookie contents + if (topic == COOKIE_FILTER_TEST_MESSAGE) { + info("Checking if cookie visible: " + browserName); + let result = content.document.cookie; + let resultStr = + "Result " + + result + + " == expected: " + + expected[testNumber] + + " in " + + browserName; + ok(result == expected[testNumber], resultStr); + testNumber++; + if (testNumber >= expected.length) { + info("finishing browser tests: " + browserName); + content.testDone = true; + } + return; + } + + ok(false, "Didn't handle cookie message properly"); // + } + + info("setting up observers: " + browserName); + Services.obs.addObserver(obs, COOKIE_FILTER_TEST_MESSAGE); + Services.obs.addObserver(obs, COOKIE_FILTER_TEST_CLEANUP); +} diff --git a/netwerk/test/browser/cookie_filtering_resource.sjs b/netwerk/test/browser/cookie_filtering_resource.sjs new file mode 100644 index 0000000000..979d56dc9c --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_resource.sjs @@ -0,0 +1,35 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, 200, "OK"); + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/html", false); + + // configure set-cookie domain + let domain = ""; + if (request.hasHeader("return-cookie-domain")) { + domain = "; Domain=" + request.getHeader("return-cookie-domain"); + } + + // configure set-cookie sameSite + let authStr = "; Secure"; + if (request.hasHeader("return-insecure-cookie")) { + authStr = ""; + } + + // use headers to decide if we have them + if (request.hasHeader("return-set-cookie")) { + response.setHeader( + "Set-Cookie", + request.getHeader("return-set-cookie") + authStr + domain, + false + ); + } + + let body = " true "; + response.write(body); +} diff --git a/netwerk/test/browser/cookie_filtering_secure_resource_com.html b/netwerk/test/browser/cookie_filtering_secure_resource_com.html new file mode 100644 index 0000000000..e25a719644 --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_secure_resource_com.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/cookie_filtering_secure_resource_com.html^headers^ b/netwerk/test/browser/cookie_filtering_secure_resource_com.html^headers^ new file mode 100644 index 0000000000..2bdf118064 --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_secure_resource_com.html^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-store +Set-Cookie: test-cookie=comhtml diff --git a/netwerk/test/browser/cookie_filtering_secure_resource_org.html b/netwerk/test/browser/cookie_filtering_secure_resource_org.html new file mode 100644 index 0000000000..7221dc370d --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_secure_resource_org.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/cookie_filtering_secure_resource_org.html^headers^ b/netwerk/test/browser/cookie_filtering_secure_resource_org.html^headers^ new file mode 100644 index 0000000000..924c150ccc --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_secure_resource_org.html^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-store +Set-Cookie: test-cookie=orghtml diff --git a/netwerk/test/browser/cookie_filtering_square.png b/netwerk/test/browser/cookie_filtering_square.png new file mode 100644 index 0000000000..e69de29bb2 diff --git a/netwerk/test/browser/cookie_filtering_square.png^headers^ b/netwerk/test/browser/cookie_filtering_square.png^headers^ new file mode 100644 index 0000000000..912856ae4a --- /dev/null +++ b/netwerk/test/browser/cookie_filtering_square.png^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-cache +Set-Cookie: test-cookie=png diff --git a/netwerk/test/browser/damonbowling.jpg b/netwerk/test/browser/damonbowling.jpg new file mode 100644 index 0000000000..8bdb2b6042 Binary files /dev/null and b/netwerk/test/browser/damonbowling.jpg differ diff --git a/netwerk/test/browser/damonbowling.jpg^headers^ b/netwerk/test/browser/damonbowling.jpg^headers^ new file mode 100644 index 0000000000..77f4f49089 --- /dev/null +++ b/netwerk/test/browser/damonbowling.jpg^headers^ @@ -0,0 +1,2 @@ +Cache-Control: no-store +Set-Cookie: damon=bowling diff --git a/netwerk/test/browser/dummy.html b/netwerk/test/browser/dummy.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/dummy.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/early_hint_asset.sjs b/netwerk/test/browser/early_hint_asset.sjs new file mode 100644 index 0000000000..ba52e757ff --- /dev/null +++ b/netwerk/test/browser/early_hint_asset.sjs @@ -0,0 +1,50 @@ +"use strict"; + +function handleRequest(request, response) { + let hinted = + request.hasHeader("X-Moz") && request.getHeader("X-Moz") === "early hint"; + let count = JSON.parse(getSharedState("earlyHintCount")); + if (hinted) { + count.hinted += 1; + } else { + count.normal += 1; + } + setSharedState("earlyHintCount", JSON.stringify(count)); + + let content = ""; + let qs = new URLSearchParams(request.queryString); + let asset = qs.get("as"); + + if (qs.get("cached") === "1") { + response.setHeader("Cache-Control", "max-age=604800", false); + } else { + response.setHeader("Cache-Control", "no-cache", false); + } + + if (asset === "image") { + response.setHeader("Content-Type", "image/png", false); + // set to green/black horizontal stripes (71 bytes) + content = atob( + hinted + ? "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAADklEQVQIW2OU+i/FAAcADoABNV8XGBMAAAAASUVORK5CYII=" + : "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAAE0lEQVQIW2P4//+/N8MkBiAGsgA1bAe1SzDY8gAAAABJRU5ErkJggg==" + ); + } else if (asset === "style") { + response.setHeader("Content-Type", "text/css", false); + // green background on hint response, purple response otherwise + content = `#square { background: ${hinted ? "#1aff1a" : "#4b0092"}`; + } else if (asset === "script") { + response.setHeader("Content-Type", "application/javascript", false); + // green background on hint response, purple response otherwise + content = `window.onload = function() { + document.getElementById('square').style.background = "${ + hinted ? "#1aff1a" : "#4b0092" + }"; + }`; + } else if (asset === "fetch") { + response.setHeader("Content-Type", "text/plain", false); + content = hinted ? "hinted" : "normal"; + } + + response.write(content); +} diff --git a/netwerk/test/browser/early_hint_asset_html.sjs b/netwerk/test/browser/early_hint_asset_html.sjs new file mode 100644 index 0000000000..eb5156d4f8 --- /dev/null +++ b/netwerk/test/browser/early_hint_asset_html.sjs @@ -0,0 +1,135 @@ +"use strict"; + +function handleRequest(request, response) { + let qs = new URLSearchParams(request.queryString); + let asset = qs.get("as"); + let hinted = qs.get("hinted") === "1"; + let httpCode = qs.get("code"); + let uuid = qs.get("uuid"); + let cached = qs.get("cached") === "1"; + + let url = `early_hint_asset.sjs?as=${asset}${uuid ? `&uuid=${uuid}` : ""}${ + cached ? "&cached=1" : "" + }`; + + // write to raw socket + response.seizePower(); + let link = ""; + if (hinted) { + response.write("HTTP/1.1 103 Early Hint\r\n"); + if (asset === "fetch" || asset === "font") { + // fetch and font has to specify the crossorigin attribute + // https://developer.mozilla.org/en-US/docs/Web/HTML/Element/link#attr-as + link = `Link: <${url}>; rel=preload; as=${asset}; crossorigin=anonymous\r\n`; + response.write(link); + } else if (asset === "module") { + // module preloads are handled differently + link = `Link: <${url}>; rel=modulepreload\r\n`; + response.write(link); + } else { + link = `Link: <${url}>; rel=preload; as=${asset}\r\n`; + response.write(link); + } + response.write("\r\n"); + } + + let body = ""; + if (asset === "image") { + body = ` + + + + + `; + } else if (asset === "style") { + body = ` + + + + + +

Test preload css

+
+ + + `; + } else if (asset === "script") { + body = ` + + + + + +

Test preload javascript

+
+ + + `; + } else if (asset === "module") { + // this code assumes that the .sjs for the module is in the same directory + var file_name = url.split("/"); + file_name = file_name[file_name.length - 1]; + body = ` + + + + +

Test preload module

+
+ + + + `; + } else if (asset === "fetch") { + body = ` + + + +

Test preload fetch

+

Fetching...

+ + + `; + } else if (asset === "font") { + body = ` + + + + + +

Test preload font

+ + + `; + } + + if (!httpCode) { + response.write(`HTTP/1.1 200 OK\r\n`); + } else { + response.write(`HTTP/1.1 ${httpCode} Error\r\n`); + } + response.write(link); + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + response.write("\r\n"); + response.write(body); + response.finish(); +} diff --git a/netwerk/test/browser/early_hint_csp_options_html.sjs b/netwerk/test/browser/early_hint_csp_options_html.sjs new file mode 100644 index 0000000000..73a6a539d8 --- /dev/null +++ b/netwerk/test/browser/early_hint_csp_options_html.sjs @@ -0,0 +1,120 @@ +"use strict"; + +function handleRequest(request, response) { + let qs = new URLSearchParams(request.queryString); + let asset = qs.get("as"); + let hinted = qs.get("hinted") !== "0"; + let httpCode = qs.get("code"); + let csp = qs.get("csp"); + let csp_in_early_hint = qs.get("csp_in_early_hint"); + let host = qs.get("host"); + + // eslint-disable-next-line mozilla/use-services + let uuidGenerator = Cc["@mozilla.org/uuid-generator;1"].getService( + Ci.nsIUUIDGenerator + ); + let uuid = uuidGenerator.generateUUID().toString(); + let url = `early_hint_pixel.sjs?as=${asset}&uuid=${uuid}`; + if (host) { + url = host + url; + } + + // write to raw socket + response.seizePower(); + + if (hinted) { + response.write("HTTP/1.1 103 Early Hint\r\n"); + if (csp_in_early_hint) { + response.write( + `Content-Security-Policy: ${csp_in_early_hint.replaceAll('"', "")}\r\n` + ); + } + response.write(`Link: <${url}>; rel=preload; as=${asset}\r\n`); + response.write("\r\n"); + } + + let body = ""; + if (asset === "image") { + body = ` + + + + + `; + } else if (asset === "style") { + body = ` + + + + + +

Test preload css

+
+ + + `; + } else if (asset === "script") { + body = ` + + + + + +

Test preload javascript

+
+ + + `; + } else if (asset === "fetch") { + body = ` + + + +

Test preload fetch

+

Fetching...

+ + + `; + } else if (asset === "font") { + body = ` + + + + + +

Test preload font

+ + + `; + } + + if (!httpCode) { + response.write(`HTTP/1.1 200 OK\r\n`); + } else { + response.write(`HTTP/1.1 ${httpCode} Error\r\n`); + } + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + if (csp) { + response.write(`Content-Security-Policy: ${csp.replaceAll('"', "")}\r\n`); + } + response.write("\r\n"); + response.write(body); + + response.finish(); +} diff --git a/netwerk/test/browser/early_hint_error.sjs b/netwerk/test/browser/early_hint_error.sjs new file mode 100644 index 0000000000..d3d0da4bd5 --- /dev/null +++ b/netwerk/test/browser/early_hint_error.sjs @@ -0,0 +1,35 @@ +"use strict"; + +function handleRequest(request, response) { + response.setStatusLine( + request.httpVersion, + parseInt(request.queryString), + "Dynamic error" + ); + response.setHeader("Content-Type", "image/png", false); + response.setHeader("Cache-Control", "max-age=604800", false); + + // count requests + let image; + let count = JSON.parse(getSharedState("earlyHintCount")); + if ( + request.hasHeader("X-Moz") && + request.getHeader("X-Moz") === "early hint" + ) { + count.hinted += 1; + // set to green/black horizontal stripes (71 bytes) + image = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAADklEQVQIW2OU+i/FAAcADoABNV8X" + + "GBMAAAAASUVORK5CYII=" + ); + } else { + count.normal += 1; + // set to purple/white checkered pattern (76 bytes) + image = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAAE0lEQVQIW2P4//+/N8MkBiAGsgA1" + + "bAe1SzDY8gAAAABJRU5ErkJggg==" + ); + } + setSharedState("earlyHintCount", JSON.stringify(count)); + response.write(image); +} diff --git a/netwerk/test/browser/early_hint_main_html.sjs b/netwerk/test/browser/early_hint_main_html.sjs new file mode 100644 index 0000000000..dc95273c9d --- /dev/null +++ b/netwerk/test/browser/early_hint_main_html.sjs @@ -0,0 +1,62 @@ +"use strict"; + +function handleRequest(request, response) { + // write to raw socket + response.seizePower(); + + let qs = new URLSearchParams(request.queryString); + let imgs = []; + let new_hint = true; + let new_header = true; + for (const [imgUrl, uuid] of qs.entries()) { + if (new_hint) { + // we need to write a new header + new_hint = false; + response.write("HTTP/1.1 103 Early Hint\r\n"); + } + if (!imgUrl.length) { + // next hint in new early hint response when empty string is passed + new_header = true; + if (uuid === "new_response") { + new_hint = true; + response.write("\r\n"); + } else if (uuid === "non_link_header") { + response.write("Content-Length: 25\r\n"); + } + response.write("\r\n"); + } else { + // either append link in new header or in same header + if (new_header) { + new_header = false; + response.write("Link: "); + } else { + response.write(", "); + } + // add query string to make request unique this has the drawback that + // the preloaded image can't accept query strings on it's own / or has + // to strip the appended "?uuid" from the query string before parsing + imgs.push(``); + response.write(`<${imgUrl}?${uuid}>; rel=preload; as=image`); + } + } + if (!new_hint) { + // add separator to main document + response.write("\r\n\r\n"); + } + + let body = ` + + +${imgs.join("\n")} + +`; + + // main document response + response.write("HTTP/1.1 200 OK\r\n"); + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + response.write("\r\n"); + response.write(body); + response.finish(); +} diff --git a/netwerk/test/browser/early_hint_main_redirect.sjs b/netwerk/test/browser/early_hint_main_redirect.sjs new file mode 100644 index 0000000000..0da69d5cee --- /dev/null +++ b/netwerk/test/browser/early_hint_main_redirect.sjs @@ -0,0 +1,67 @@ +"use strict"; + +// In an SJS file we need to get the setTimeout bits ourselves, despite +// what eslint might think applies for browser tests. +// eslint-disable-next-line mozilla/no-redeclare-with-import-autofix +let { setTimeout } = ChromeUtils.importESModule( + "resource://gre/modules/Timer.sys.mjs" +); + +async function handleRequest(request, response) { + let hinted = + request.hasHeader("X-Moz") && request.getHeader("X-Moz") === "early hint"; + let count = JSON.parse(getSharedState("earlyHintCount")); + if (hinted) { + count.hinted += 1; + } else { + count.normal += 1; + } + setSharedState("earlyHintCount", JSON.stringify(count)); + response.setHeader("Cache-Control", "max-age=604800", false); + + let content = ""; + let qs = new URLSearchParams(request.queryString); + let asset = qs.get("as"); + + if (asset === "image") { + response.setHeader("Content-Type", "image/png", false); + // set to green/black horizontal stripes (71 bytes) + content = atob( + hinted + ? "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAADklEQVQIW2OU+i/FAAcADoABNV8XGBMAAAAASUVORK5CYII=" + : "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAAE0lEQVQIW2P4//+/N8MkBiAGsgA1bAe1SzDY8gAAAABJRU5ErkJggg==" + ); + } else if (asset === "style") { + response.setHeader("Content-Type", "text/css", false); + // green background on hint response, purple response otherwise + content = `#square { background: ${hinted ? "#1aff1a" : "#4b0092"}`; + } else if (asset === "script") { + response.setHeader("Content-Type", "application/javascript", false); + // green background on hint response, purple response otherwise + content = `window.onload = function() { + document.getElementById('square').style.background = "${ + hinted ? "#1aff1a" : "#4b0092" + }"; + }`; + } else if (asset === "module") { + response.setHeader("Content-Type", "application/javascript", false); + // green background on hint response, purple response otherwise + content = `export function draw() { + document.getElementById('square').style.background = "${ + hinted ? "#1aff1a" : "#4b0092" + }"; + }`; + } else if (asset === "fetch") { + response.setHeader("Content-Type", "text/plain", false); + content = hinted ? "hinted" : "normal"; + } else if (asset === "font") { + response.setHeader("Content-Type", "font/svg+xml", false); + content = ''; + } + response.processAsync(); + setTimeout(() => { + response.write(content); + response.finish(); + }, 0); + //response.write(content); +} diff --git a/netwerk/test/browser/early_hint_pixel.sjs b/netwerk/test/browser/early_hint_pixel.sjs new file mode 100644 index 0000000000..56a64e9af2 --- /dev/null +++ b/netwerk/test/browser/early_hint_pixel.sjs @@ -0,0 +1,37 @@ +"use strict"; + +function handleRequest(request, response) { + response.setHeader("Content-Type", "image/png", false); + response.setHeader("Cache-Control", "max-age=604800", false); + + // the typo in "Referer" is part of the http spec + if (request.hasHeader("Referer")) { + setSharedState("requestReferrer", request.getHeader("Referer")); + } else { + setSharedState("requestReferrer", ""); + } + + let count = JSON.parse(getSharedState("earlyHintCount")); + let image; + // send different sized images depending whether this is an early hint request + if ( + request.hasHeader("X-Moz") && + request.getHeader("X-Moz") === "early hint" + ) { + count.hinted += 1; + // set to green/black horizontal stripes (71 bytes) + image = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAADklEQVQIW2OU+i/FAAcADoABNV8X" + + "GBMAAAAASUVORK5CYII=" + ); + } else { + count.normal += 1; + // set to purple/white checkered pattern (76 bytes) + image = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAIAAAACCAIAAAD91JpzAAAAE0lEQVQIW2P4//+/N8MkBiAGsgA1" + + "bAe1SzDY8gAAAABJRU5ErkJggg==" + ); + } + setSharedState("earlyHintCount", JSON.stringify(count)); + response.write(image); +} diff --git a/netwerk/test/browser/early_hint_pixel_count.sjs b/netwerk/test/browser/early_hint_pixel_count.sjs new file mode 100644 index 0000000000..b59dd035de --- /dev/null +++ b/netwerk/test/browser/early_hint_pixel_count.sjs @@ -0,0 +1,9 @@ +"use strict"; + +function handleRequest(request, response) { + if (request.hasHeader("X-Early-Hint-Count-Start")) { + setSharedState("earlyHintCount", JSON.stringify({ hinted: 0, normal: 0 })); + } + response.setHeader("Content-Type", "application/json", false); + response.write(getSharedState("earlyHintCount")); +} diff --git a/netwerk/test/browser/early_hint_preconnect_html.sjs b/netwerk/test/browser/early_hint_preconnect_html.sjs new file mode 100644 index 0000000000..044c842142 --- /dev/null +++ b/netwerk/test/browser/early_hint_preconnect_html.sjs @@ -0,0 +1,32 @@ +"use strict"; + +function handleRequest(request, response) { + let qs = new URLSearchParams(request.queryString); + let href = qs.get("href"); + let crossOrigin = qs.get("crossOrigin"); + + // write to raw socket + response.seizePower(); + + response.write("HTTP/1.1 103 Early Hint\r\n"); + response.write( + `Link: <${href}>; rel=preconnect; crossOrigin=${crossOrigin}\r\n` + ); + response.write("\r\n"); + + let body = ` + + +

Test rel=preconnect

+ + `; + + response.write("HTTP/1.1 200 OK\r\n"); + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + response.write("\r\n"); + response.write(body); + + response.finish(); +} diff --git a/netwerk/test/browser/early_hint_preload_test_helper.sys.mjs b/netwerk/test/browser/early_hint_preload_test_helper.sys.mjs new file mode 100644 index 0000000000..afe6a6bb70 --- /dev/null +++ b/netwerk/test/browser/early_hint_preload_test_helper.sys.mjs @@ -0,0 +1,159 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +import { Assert } from "resource://testing-common/Assert.sys.mjs"; +import { BrowserTestUtils } from "resource://testing-common/BrowserTestUtils.sys.mjs"; + +const { gBrowser } = Services.wm.getMostRecentWindow("navigator:browser"); + +export async function request_count_checking(testName, got, expected) { + // stringify to pretty print assert output + let g = JSON.stringify(got); + let e = JSON.stringify(expected); + // each early hint request can starts one hinted request, but doesn't yet + // complete the early hint request during the test case + Assert.ok( + got.hinted == expected.hinted, + `${testName}: unexpected amount of hinted request made expected ${expected.hinted} (${e}), got ${got.hinted} (${g})` + ); + // when the early hint request doesn't complete fast enough, another request + // is currently sent from the main document + let expected_normal = expected.normal; + Assert.ok( + got.normal == expected_normal, + `${testName}: unexpected amount of normal request made expected ${expected_normal} (${e}), got ${got.normal} (${g})` + ); +} + +export async function test_hint_preload( + testName, + requestFrom, + imgUrl, + expectedRequestCount, + uuid = undefined +) { + // generate a uuid if none were passed + if (uuid == undefined) { + uuid = Services.uuid.generateUUID(); + } + await test_hint_preload_internal( + testName, + requestFrom, + [[imgUrl, uuid.toString()]], + expectedRequestCount + ); +} + +// - testName is just there to be printed during Asserts when failing +// - the baseUrl can't have query strings, because they are currently used to pass +// the early hint the server responds with +// - urls are in the form [[url1, uuid1], ...]. The uuids are there to make each preload +// unique and not available in the cache from other test cases +// - expectedRequestCount is the sum of all requested objects { normal: count, hinted: count } +export async function test_hint_preload_internal( + testName, + requestFrom, + imgUrls, + expectedRequestCount +) { + // reset the count + let headers = new Headers(); + headers.append("X-Early-Hint-Count-Start", ""); + await fetch( + "http://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs", + { headers } + ); + + let requestUrl = + requestFrom + + "/browser/netwerk/test/browser/early_hint_main_html.sjs?" + + new URLSearchParams(imgUrls).toString(); // encode the hinted images as query string + + await BrowserTestUtils.withNewTab( + { + gBrowser, + url: requestUrl, + waitForLoad: true, + }, + async function () {} + ); + + let gotRequestCount = await fetch( + "http://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs" + ).then(response => response.json()); + + await request_count_checking(testName, gotRequestCount, expectedRequestCount); +} + +// Verify that CSP policies in both the 103 response as well as the main response are respected. +// e.g. +// 103 Early Hint +// Content-Security-Policy: style-src: self; +// Link: ; rel=preload; as=style +// 200 OK +// Content-Security-Policy: style-src: none; +// Link: ; rel=preload; as=font + +// Server-side we verify that: +// - the hinted preload request was made as expected +// - the load request request was made as expected +// Client-side, we verify that the image was loaded or not loaded, depending on the scenario + +// This verifies preload hints and requests +export async function test_preload_hint_and_request(input, expected_results) { + // reset the count + let headers = new Headers(); + headers.append("X-Early-Hint-Count-Start", ""); + await fetch( + "https://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs", + { headers } + ); + + let requestUrl = `https://example.com/browser/netwerk/test/browser/early_hint_csp_options_html.sjs?as=${ + input.resource_type + }&hinted=${input.hinted ? "1" : "0"}${input.csp ? "&csp=" + input.csp : ""}${ + input.csp_in_early_hint + ? "&csp_in_early_hint=" + input.csp_in_early_hint + : "" + }${input.host ? "&host=" + input.host : ""}`; + + await BrowserTestUtils.openNewForegroundTab(gBrowser, requestUrl, true); + + let gotRequestCount = await fetch( + "https://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs" + ).then(response => response.json()); + + await Assert.deepEqual(gotRequestCount, expected_results, input.test_name); + + gBrowser.removeCurrentTab(); + Services.cache2.clear(); +} + +// simple loading of one url and then checking the request count against the +// passed expected count +export async function test_preload_url(testName, url, expectedRequestCount) { + // reset the count + let headers = new Headers(); + headers.append("X-Early-Hint-Count-Start", ""); + await fetch( + "http://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs", + { headers } + ); + + await BrowserTestUtils.withNewTab( + { + gBrowser, + url, + waitForLoad: true, + }, + async function () {} + ); + + let gotRequestCount = await fetch( + "http://example.com/browser/netwerk/test/browser/early_hint_pixel_count.sjs" + ).then(response => response.json()); + + await request_count_checking(testName, gotRequestCount, expectedRequestCount); + Services.cache2.clear(); +} diff --git a/netwerk/test/browser/early_hint_redirect.sjs b/netwerk/test/browser/early_hint_redirect.sjs new file mode 100644 index 0000000000..6bcb6bdc86 --- /dev/null +++ b/netwerk/test/browser/early_hint_redirect.sjs @@ -0,0 +1,21 @@ +"use strict"; + +function handleRequest(request, response) { + // increase count + let count = JSON.parse(getSharedState("earlyHintCount")); + if ( + request.hasHeader("X-Moz") && + request.getHeader("X-Moz") === "early hint" + ) { + count.hinted += 1; + } else { + count.normal += 1; + } + setSharedState("earlyHintCount", JSON.stringify(count)); + + // respond with redirect + response.setStatusLine(request.httpVersion, 301, "Moved Permanently"); + let location = request.queryString; + response.setHeader("Location", location, false); + response.write("Hello world!"); +} diff --git a/netwerk/test/browser/early_hint_redirect_html.sjs b/netwerk/test/browser/early_hint_redirect_html.sjs new file mode 100644 index 0000000000..c111af0978 --- /dev/null +++ b/netwerk/test/browser/early_hint_redirect_html.sjs @@ -0,0 +1,24 @@ +"use strict"; + +// usage via url parameters: +// - link: if set sends a link header with the given link value as an early hint repsonse +// - location: sets destination of 301 response + +function handleRequest(request, response) { + let qs = new URLSearchParams(request.queryString); + let link = qs.get("link"); + let location = qs.get("location"); + + // write to raw socket + response.seizePower(); + if (link != undefined) { + response.write("HTTP/1.1 103 Early Hint\r\n"); + response.write(`Link: ${link}\r\n`); + response.write("\r\n"); + } + + response.write("HTTP/1.1 307 Temporary Redirect\r\n"); + response.write(`Location: ${location}\r\n`); + response.write("\r\n"); + response.finish(); +} diff --git a/netwerk/test/browser/early_hint_referrer_policy_html.sjs b/netwerk/test/browser/early_hint_referrer_policy_html.sjs new file mode 100644 index 0000000000..3c8a626de1 --- /dev/null +++ b/netwerk/test/browser/early_hint_referrer_policy_html.sjs @@ -0,0 +1,132 @@ +"use strict"; + +function handleRequest(request, response) { + let qs = new URLSearchParams(request.queryString); + let asset = qs.get("as"); + var action = qs.get("action"); + let hinted = qs.get("hinted") !== "0"; + let httpCode = qs.get("code"); + let header_referrer_policy = qs.get("header_referrer_policy"); + let link_referrer_policy = qs.get("link_referrer_policy"); + + // eslint-disable-next-line mozilla/use-services + let uuidGenerator = Cc["@mozilla.org/uuid-generator;1"].getService( + Ci.nsIUUIDGenerator + ); + let uuid = uuidGenerator.generateUUID().toString(); + let url = `early_hint_pixel.sjs?as=${asset}&uuid=${uuid}`; + + if (action === "get_request_referrer_results") { + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/plain", false); + response.write(getSharedState("requestReferrer")); + return; + } else if (action === "reset_referrer_results") { + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/plain", false); + response.write(setSharedState("requestReferrer", "not set")); + return; + } + + // write to raw socket + response.seizePower(); + + if (hinted) { + response.write("HTTP/1.1 103 Early Hint\r\n"); + + if (header_referrer_policy) { + response.write( + `Referrer-Policy: ${header_referrer_policy.replaceAll('"', "")}\r\n` + ); + } + + response.write( + `Link: <${url}>; rel=preload; as=${asset}; ${ + link_referrer_policy ? "referrerpolicy=" + link_referrer_policy : "" + } \r\n` + ); + response.write("\r\n"); + } + + let body = ""; + if (asset === "image") { + body = ` + + + + + `; + } else if (asset === "style") { + body = ` + + + + + +

Test preload css

+
+ + + `; + } else if (asset === "script") { + body = ` + + + + + +

Test preload javascript

+
+ + + `; + } else if (asset === "fetch") { + body = ` + + + +

Test preload fetch

+

Fetching...

+ + + `; + } else if (asset === "font") { + body = ` + + + + + +

Test preload font

+ + + `; + } + + if (!httpCode) { + response.write(`HTTP/1.1 200 OK\r\n`); + } else { + response.write(`HTTP/1.1 ${httpCode} Error\r\n`); + } + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + response.write("\r\n"); + response.write(body); + + response.finish(); +} diff --git a/netwerk/test/browser/file_favicon.html b/netwerk/test/browser/file_favicon.html new file mode 100644 index 0000000000..77532a3a53 --- /dev/null +++ b/netwerk/test/browser/file_favicon.html @@ -0,0 +1,7 @@ + + + + + + + diff --git a/netwerk/test/browser/file_link_header.sjs b/netwerk/test/browser/file_link_header.sjs new file mode 100644 index 0000000000..6bab515d19 --- /dev/null +++ b/netwerk/test/browser/file_link_header.sjs @@ -0,0 +1,24 @@ +"use strict"; + +function handleRequest(request, response) { + // write to raw socket + response.seizePower(); + let body = ` + + + + + +

Test rel=preconnect

+ + `; + + response.write("HTTP/1.1 200 OK\r\n"); + response.write("Content-Type: text/html;charset=utf-8\r\n"); + response.write("Cache-Control: no-cache\r\n"); + response.write(`Content-Length: ${body.length}\r\n`); + response.write("\r\n"); + response.write(body); + + response.finish(); +} diff --git a/netwerk/test/browser/file_lnk.lnk b/netwerk/test/browser/file_lnk.lnk new file mode 100644 index 0000000000..abce7587d2 Binary files /dev/null and b/netwerk/test/browser/file_lnk.lnk differ diff --git a/netwerk/test/browser/ioactivity.html b/netwerk/test/browser/ioactivity.html new file mode 100644 index 0000000000..5e23f6f117 --- /dev/null +++ b/netwerk/test/browser/ioactivity.html @@ -0,0 +1,11 @@ + + + + + + + + +

IOActivity Test Page

+ + diff --git a/netwerk/test/browser/no_103_preload.html b/netwerk/test/browser/no_103_preload.html new file mode 100644 index 0000000000..64f5e79259 --- /dev/null +++ b/netwerk/test/browser/no_103_preload.html @@ -0,0 +1,6 @@ + + + + + + diff --git a/netwerk/test/browser/no_103_preload.html^headers^ b/netwerk/test/browser/no_103_preload.html^headers^ new file mode 100644 index 0000000000..9e23c73b7f --- /dev/null +++ b/netwerk/test/browser/no_103_preload.html^headers^ @@ -0,0 +1 @@ +Cache-Control: no-cache diff --git a/netwerk/test/browser/post.html b/netwerk/test/browser/post.html new file mode 100644 index 0000000000..9d238c2b97 --- /dev/null +++ b/netwerk/test/browser/post.html @@ -0,0 +1,14 @@ + + + + +post file + + +
+ + + +
+ + diff --git a/netwerk/test/browser/redirect.sjs b/netwerk/test/browser/redirect.sjs new file mode 100644 index 0000000000..09e7d9b1e4 --- /dev/null +++ b/netwerk/test/browser/redirect.sjs @@ -0,0 +1,6 @@ +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, 301, "Moved Permanently"); + let location = request.queryString; + response.setHeader("Location", location, false); + response.write("Hello world!"); +} diff --git a/netwerk/test/browser/res.css b/netwerk/test/browser/res.css new file mode 100644 index 0000000000..eab83656ed --- /dev/null +++ b/netwerk/test/browser/res.css @@ -0,0 +1,4 @@ +/* François was here. */ +#purple-text { + color: purple; +} diff --git a/netwerk/test/browser/res.css^headers^ b/netwerk/test/browser/res.css^headers^ new file mode 100644 index 0000000000..e13897f157 --- /dev/null +++ b/netwerk/test/browser/res.css^headers^ @@ -0,0 +1 @@ +Content-Type: text/css; charset=utf-8 diff --git a/netwerk/test/browser/res.csv b/netwerk/test/browser/res.csv new file mode 100644 index 0000000000..b0246d5964 --- /dev/null +++ b/netwerk/test/browser/res.csv @@ -0,0 +1 @@ +1,2,3 diff --git a/netwerk/test/browser/res.csv^headers^ b/netwerk/test/browser/res.csv^headers^ new file mode 100644 index 0000000000..8d30131059 --- /dev/null +++ b/netwerk/test/browser/res.csv^headers^ @@ -0,0 +1 @@ +Content-Type: text/csv; diff --git a/netwerk/test/browser/res.mp3 b/netwerk/test/browser/res.mp3 new file mode 100644 index 0000000000..bad506cf18 Binary files /dev/null and b/netwerk/test/browser/res.mp3 differ diff --git a/netwerk/test/browser/res.unknown b/netwerk/test/browser/res.unknown new file mode 100644 index 0000000000..3546645658 --- /dev/null +++ b/netwerk/test/browser/res.unknown @@ -0,0 +1 @@ +unknown diff --git a/netwerk/test/browser/res_206.html b/netwerk/test/browser/res_206.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_206.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/res_206.html^headers^ b/netwerk/test/browser/res_206.html^headers^ new file mode 100644 index 0000000000..5a3e3a24c8 --- /dev/null +++ b/netwerk/test/browser/res_206.html^headers^ @@ -0,0 +1,2 @@ +HTTP 206 +Content-Type: text/html; diff --git a/netwerk/test/browser/res_206.mp3 b/netwerk/test/browser/res_206.mp3 new file mode 100644 index 0000000000..bad506cf18 Binary files /dev/null and b/netwerk/test/browser/res_206.mp3 differ diff --git a/netwerk/test/browser/res_206.mp3^headers^ b/netwerk/test/browser/res_206.mp3^headers^ new file mode 100644 index 0000000000..6e7e4d23ba --- /dev/null +++ b/netwerk/test/browser/res_206.mp3^headers^ @@ -0,0 +1 @@ +HTTP 206 diff --git a/netwerk/test/browser/res_empty.zip b/netwerk/test/browser/res_empty.zip new file mode 100644 index 0000000000..b613b60c02 Binary files /dev/null and b/netwerk/test/browser/res_empty.zip differ diff --git a/netwerk/test/browser/res_http_index_format b/netwerk/test/browser/res_http_index_format new file mode 100644 index 0000000000..e42645a762 --- /dev/null +++ b/netwerk/test/browser/res_http_index_format @@ -0,0 +1 @@ +100: This is a sample application/http-index-format directory index listing. diff --git a/netwerk/test/browser/res_http_index_format^headers^ b/netwerk/test/browser/res_http_index_format^headers^ new file mode 100644 index 0000000000..f076e27a72 --- /dev/null +++ b/netwerk/test/browser/res_http_index_format^headers^ @@ -0,0 +1 @@ +Content-Type: application/http-index-format diff --git a/netwerk/test/browser/res_img.png b/netwerk/test/browser/res_img.png new file mode 100644 index 0000000000..94e7eb6db2 Binary files /dev/null and b/netwerk/test/browser/res_img.png differ diff --git a/netwerk/test/browser/res_img_for_unknown_decoder b/netwerk/test/browser/res_img_for_unknown_decoder new file mode 100644 index 0000000000..74d74fde5a Binary files /dev/null and b/netwerk/test/browser/res_img_for_unknown_decoder differ diff --git a/netwerk/test/browser/res_img_for_unknown_decoder^headers^ b/netwerk/test/browser/res_img_for_unknown_decoder^headers^ new file mode 100644 index 0000000000..defde38020 --- /dev/null +++ b/netwerk/test/browser/res_img_for_unknown_decoder^headers^ @@ -0,0 +1,2 @@ +Content-Type: +Content-Encoding: gzip diff --git a/netwerk/test/browser/res_img_unknown.png b/netwerk/test/browser/res_img_unknown.png new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_img_unknown.png @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/res_invalid_partial.mp3 b/netwerk/test/browser/res_invalid_partial.mp3 new file mode 100644 index 0000000000..bad506cf18 Binary files /dev/null and b/netwerk/test/browser/res_invalid_partial.mp3 differ diff --git a/netwerk/test/browser/res_invalid_partial.mp3^headers^ b/netwerk/test/browser/res_invalid_partial.mp3^headers^ new file mode 100644 index 0000000000..0213f38e4e --- /dev/null +++ b/netwerk/test/browser/res_invalid_partial.mp3^headers^ @@ -0,0 +1,2 @@ +HTTP 206 +Content-Range: bytes 100-1024/* diff --git a/netwerk/test/browser/res_nosniff.html b/netwerk/test/browser/res_nosniff.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_nosniff.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/res_nosniff.html^headers^ b/netwerk/test/browser/res_nosniff.html^headers^ new file mode 100644 index 0000000000..024cdcf5ab --- /dev/null +++ b/netwerk/test/browser/res_nosniff.html^headers^ @@ -0,0 +1,2 @@ +X-Content-Type-Options: nosniff +Content-Type: text/html; diff --git a/netwerk/test/browser/res_nosniff2.html b/netwerk/test/browser/res_nosniff2.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_nosniff2.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/res_nosniff2.html^headers^ b/netwerk/test/browser/res_nosniff2.html^headers^ new file mode 100644 index 0000000000..e46db01e23 --- /dev/null +++ b/netwerk/test/browser/res_nosniff2.html^headers^ @@ -0,0 +1,2 @@ +X-Content-Type-Options: nosniff +Content-Type: text/test diff --git a/netwerk/test/browser/res_not_200or206.mp3 b/netwerk/test/browser/res_not_200or206.mp3 new file mode 100644 index 0000000000..bad506cf18 Binary files /dev/null and b/netwerk/test/browser/res_not_200or206.mp3 differ diff --git a/netwerk/test/browser/res_not_200or206.mp3^headers^ b/netwerk/test/browser/res_not_200or206.mp3^headers^ new file mode 100644 index 0000000000..dd0b48aaa0 --- /dev/null +++ b/netwerk/test/browser/res_not_200or206.mp3^headers^ @@ -0,0 +1 @@ +HTTP 226 diff --git a/netwerk/test/browser/res_not_ok.html b/netwerk/test/browser/res_not_ok.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_not_ok.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/res_not_ok.html^headers^ b/netwerk/test/browser/res_not_ok.html^headers^ new file mode 100644 index 0000000000..5d15d79e46 --- /dev/null +++ b/netwerk/test/browser/res_not_ok.html^headers^ @@ -0,0 +1 @@ +HTTP 302 Found diff --git a/netwerk/test/browser/res_object.html b/netwerk/test/browser/res_object.html new file mode 100644 index 0000000000..8097415d17 --- /dev/null +++ b/netwerk/test/browser/res_object.html @@ -0,0 +1,18 @@ + + + + + + + + +

Dummy Page

+ + + diff --git a/netwerk/test/browser/res_sub_document.html b/netwerk/test/browser/res_sub_document.html new file mode 100644 index 0000000000..8025fcdb20 --- /dev/null +++ b/netwerk/test/browser/res_sub_document.html @@ -0,0 +1,11 @@ + + + + + + + + +

Dummy Page

+ + diff --git a/netwerk/test/browser/square.png b/netwerk/test/browser/square.png new file mode 100644 index 0000000000..e69de29bb2 diff --git a/netwerk/test/browser/test_1629307.html b/netwerk/test/browser/test_1629307.html new file mode 100644 index 0000000000..01f2a0439e --- /dev/null +++ b/netwerk/test/browser/test_1629307.html @@ -0,0 +1,9 @@ + + + + + + + + diff --git a/netwerk/test/browser/x_frame_options.html b/netwerk/test/browser/x_frame_options.html new file mode 100644 index 0000000000..e69de29bb2 diff --git a/netwerk/test/browser/x_frame_options.html^headers^ b/netwerk/test/browser/x_frame_options.html^headers^ new file mode 100644 index 0000000000..dc4bb949f5 --- /dev/null +++ b/netwerk/test/browser/x_frame_options.html^headers^ @@ -0,0 +1,3 @@ +HTTP 401 UNAUTHORIZED +X-Frame-Options: SAMEORIGIN +WWW-Authenticate: basic realm="login required" diff --git a/netwerk/test/crashtests/1274044-1.html b/netwerk/test/crashtests/1274044-1.html new file mode 100644 index 0000000000..cb88e50bcd --- /dev/null +++ b/netwerk/test/crashtests/1274044-1.html @@ -0,0 +1,7 @@ + diff --git a/netwerk/test/crashtests/1334468-1.html b/netwerk/test/crashtests/1334468-1.html new file mode 100644 index 0000000000..3d94d69949 --- /dev/null +++ b/netwerk/test/crashtests/1334468-1.html @@ -0,0 +1,25 @@ + + + + + + + + + diff --git a/netwerk/test/crashtests/1399467-1.html b/netwerk/test/crashtests/1399467-1.html new file mode 100644 index 0000000000..7d16e119d0 --- /dev/null +++ b/netwerk/test/crashtests/1399467-1.html @@ -0,0 +1 @@ + + + + diff --git a/netwerk/test/crashtests/1793521.html b/netwerk/test/crashtests/1793521.html new file mode 100644 index 0000000000..5bd19df01d --- /dev/null +++ b/netwerk/test/crashtests/1793521.html @@ -0,0 +1 @@ + diff --git a/netwerk/test/crashtests/675518.html b/netwerk/test/crashtests/675518.html new file mode 100644 index 0000000000..44a43570e4 --- /dev/null +++ b/netwerk/test/crashtests/675518.html @@ -0,0 +1,21 @@ + + + + diff --git a/netwerk/test/crashtests/785753-1.html b/netwerk/test/crashtests/785753-1.html new file mode 100644 index 0000000000..9c8e06bba8 --- /dev/null +++ b/netwerk/test/crashtests/785753-1.html @@ -0,0 +1,253 @@ + + + +Test for importing styles via incorrect link element + + + + + + + +

This line should not have red background

+

This line should have lime background

+

This line should not have red background

+

This line should have lime background

+ + + + diff --git a/netwerk/test/crashtests/785753-2.html b/netwerk/test/crashtests/785753-2.html new file mode 100644 index 0000000000..15a9865388 --- /dev/null +++ b/netwerk/test/crashtests/785753-2.html @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/netwerk/test/crashtests/crashtests.list b/netwerk/test/crashtests/crashtests.list new file mode 100644 index 0000000000..a48c1e3c5a --- /dev/null +++ b/netwerk/test/crashtests/crashtests.list @@ -0,0 +1,8 @@ +skip load 675518.html +load 785753-1.html +load 785753-2.html +load 1274044-1.html +skip-if(ThreadSanitizer) skip-if(Android) pref(privacy.firstparty.isolate,true) load 1334468-1.html # Bug 1639080 +load 1399467-1.html +load 1793521.html +load 1787122.html diff --git a/netwerk/test/fuzz/FuzzingStreamListener.cpp b/netwerk/test/fuzz/FuzzingStreamListener.cpp new file mode 100644 index 0000000000..878b116c5b --- /dev/null +++ b/netwerk/test/fuzz/FuzzingStreamListener.cpp @@ -0,0 +1,44 @@ +#include "FuzzingInterface.h" +#include "FuzzingStreamListener.h" + +namespace mozilla { +namespace net { + +NS_IMPL_ISUPPORTS(FuzzingStreamListener, nsIStreamListener, nsIRequestObserver) + +NS_IMETHODIMP +FuzzingStreamListener::OnStartRequest(nsIRequest* aRequest) { + FUZZING_LOG(("FuzzingStreamListener::OnStartRequest")); + return NS_OK; +} + +NS_IMETHODIMP +FuzzingStreamListener::OnDataAvailable(nsIRequest* aRequest, + nsIInputStream* aInputStream, + uint64_t aOffset, uint32_t aCount) { + FUZZING_LOG(("FuzzingStreamListener::OnDataAvailable")); + static uint32_t const kCopyChunkSize = 128 * 1024; + uint32_t toRead = std::min(aCount, kCopyChunkSize); + nsCString data; + + while (aCount) { + nsresult rv = NS_ReadInputStreamToString(aInputStream, data, toRead); + if (NS_FAILED(rv)) { + return rv; + } + aCount -= toRead; + toRead = std::min(aCount, kCopyChunkSize); + } + return NS_OK; +} + +NS_IMETHODIMP +FuzzingStreamListener::OnStopRequest(nsIRequest* aRequest, + nsresult aStatusCode) { + FUZZING_LOG(("FuzzingStreamListener::OnStopRequest")); + mChannelDone = true; + return NS_OK; +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/fuzz/FuzzingStreamListener.h b/netwerk/test/fuzz/FuzzingStreamListener.h new file mode 100644 index 0000000000..86f60ed102 --- /dev/null +++ b/netwerk/test/fuzz/FuzzingStreamListener.h @@ -0,0 +1,37 @@ +#ifndef FuzzingStreamListener_h__ +#define FuzzingStreamListener_h__ + +#include "mozilla/SpinEventLoopUntil.h" +#include "nsCOMPtr.h" +#include "nsNetCID.h" +#include "nsString.h" +#include "nsNetUtil.h" +#include "nsIStreamListener.h" + +namespace mozilla { +namespace net { + +class FuzzingStreamListener final : public nsIStreamListener { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIREQUESTOBSERVER + NS_DECL_NSISTREAMLISTENER + + FuzzingStreamListener() = default; + + void waitUntilDone() { + SpinEventLoopUntil("net::FuzzingStreamListener::waitUntilDone"_ns, + [&]() { return mChannelDone; }); + } + + bool isDone() { return mChannelDone; } + + private: + ~FuzzingStreamListener() = default; + bool mChannelDone = false; +}; + +} // namespace net +} // namespace mozilla + +#endif diff --git a/netwerk/test/fuzz/TestHttpFuzzing.cpp b/netwerk/test/fuzz/TestHttpFuzzing.cpp new file mode 100644 index 0000000000..e717b608e7 --- /dev/null +++ b/netwerk/test/fuzz/TestHttpFuzzing.cpp @@ -0,0 +1,297 @@ +#include "mozilla/LoadInfo.h" +#include "mozilla/Preferences.h" +#include "mozilla/SpinEventLoopUntil.h" + +#include "nsCOMPtr.h" +#include "nsNetCID.h" +#include "nsString.h" +#include "nsComponentManagerUtils.h" +#include "nsContentUtils.h" +#include "nsIChannel.h" +#include "nsIHttpChannel.h" +#include "nsILoadInfo.h" +#include "nsIProxiedProtocolHandler.h" +#include "nsIOService.h" +#include "nsProtocolProxyService.h" +#include "nsScriptSecurityManager.h" +#include "nsServiceManagerUtils.h" +#include "nsNetUtil.h" +#include "NullPrincipal.h" +#include "nsCycleCollector.h" +#include "RequestContextService.h" +#include "nsSandboxFlags.h" + +#include "FuzzingInterface.h" +#include "FuzzingStreamListener.h" +#include "FuzzyLayer.h" + +namespace mozilla { +namespace net { + +// Target spec and optional proxy type to use, set by the respective +// initialization function so we can cover all combinations. +static nsAutoCString httpSpec; +static nsAutoCString proxyType; +static size_t minSize; + +static int FuzzingInitNetworkHttp(int* argc, char*** argv) { + Preferences::SetBool("network.dns.native-is-localhost", true); + Preferences::SetBool("fuzzing.necko.enabled", true); + Preferences::SetInt("network.http.speculative-parallel-limit", 0); + Preferences::SetInt("network.http.http2.default-concurrent", 1); + + if (httpSpec.IsEmpty()) { + httpSpec = "http://127.0.0.1/"; + } + + net_EnsurePSMInit(); + + return 0; +} + +static int FuzzingInitNetworkHttp2(int* argc, char*** argv) { + httpSpec = "https://127.0.0.1/"; + return FuzzingInitNetworkHttp(argc, argv); +} + +static int FuzzingInitNetworkHttp3(int* argc, char*** argv) { + Preferences::SetBool("fuzzing.necko.http3", true); + Preferences::SetBool("network.http.http3.enable", true); + Preferences::SetCString("network.http.http3.alt-svc-mapping-for-testing", + "fuzz.bad.tld;h3=:443"); + httpSpec = "https://fuzz.bad.tld/"; + minSize = 1200; + return FuzzingInitNetworkHttp(argc, argv); +} + +static int FuzzingInitNetworkHttpProxyHttp2(int* argc, char*** argv) { + // This is http over an https proxy + proxyType = "https"; + + return FuzzingInitNetworkHttp(argc, argv); +} + +static int FuzzingInitNetworkHttp2ProxyHttp2(int* argc, char*** argv) { + // This is https over an https proxy + proxyType = "https"; + + return FuzzingInitNetworkHttp2(argc, argv); +} + +static int FuzzingInitNetworkHttpProxyPlain(int* argc, char*** argv) { + // This is http over an http proxy + proxyType = "http"; + + return FuzzingInitNetworkHttp(argc, argv); +} + +static int FuzzingInitNetworkHttp2ProxyPlain(int* argc, char*** argv) { + // This is https over an http proxy + proxyType = "http"; + + return FuzzingInitNetworkHttp2(argc, argv); +} + +static int FuzzingRunNetworkHttp(const uint8_t* data, size_t size) { + if (size < minSize) { + return 0; + } + + // Set the data to be processed + addNetworkFuzzingBuffer(data, size); + + nsWeakPtr channelRef; + + nsCOMPtr rcsvc = + mozilla::net::RequestContextService::GetOrCreate(); + uint64_t rcID; + + { + nsCOMPtr url; + nsresult rv; + + if (NS_NewURI(getter_AddRefs(url), httpSpec) != NS_OK) { + MOZ_CRASH("Call to NS_NewURI failed."); + } + + nsLoadFlags loadFlags; + loadFlags = nsIRequest::LOAD_BACKGROUND | nsIRequest::LOAD_BYPASS_CACHE | + nsIRequest::INHIBIT_CACHING | + nsIRequest::LOAD_FRESH_CONNECTION | + nsIChannel::LOAD_INITIAL_DOCUMENT_URI; + nsSecurityFlags secFlags; + secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; + uint32_t sandboxFlags = SANDBOXED_ORIGIN; + + nsCOMPtr channel; + nsCOMPtr loadInfo; + + if (!proxyType.IsEmpty()) { + nsAutoCString proxyHost("127.0.0.2"); + + nsCOMPtr ps = + do_GetService(NS_PROTOCOLPROXYSERVICE_CID); + if (!ps) { + MOZ_CRASH("Failed to create nsIProtocolProxyService2"); + } + + mozilla::net::nsProtocolProxyService* pps = + static_cast(ps.get()); + + nsCOMPtr proxyInfo; + rv = pps->NewProxyInfo(proxyType, proxyHost, 443, + ""_ns, // aProxyAuthorizationHeader + ""_ns, // aConnectionIsolationKey + 0, // aFlags + UINT32_MAX, // aFailoverTimeout + nullptr, // aFailoverProxy + getter_AddRefs(proxyInfo)); + + if (NS_FAILED(rv)) { + MOZ_CRASH("Call to NewProxyInfo failed."); + } + + nsCOMPtr ioService = do_GetIOService(&rv); + if (NS_FAILED(rv)) { + MOZ_CRASH("do_GetIOService failed."); + } + + nsCOMPtr handler; + rv = ioService->GetProtocolHandler("http", getter_AddRefs(handler)); + if (NS_FAILED(rv)) { + MOZ_CRASH("GetProtocolHandler failed."); + } + + nsCOMPtr pph = do_QueryInterface(handler, &rv); + if (NS_FAILED(rv)) { + MOZ_CRASH("do_QueryInterface failed."); + } + + loadInfo = new LoadInfo( + nsContentUtils::GetSystemPrincipal(), // loading principal + nsContentUtils::GetSystemPrincipal(), // triggering principal + nullptr, // Context + secFlags, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST, + Maybe(), + Maybe(), sandboxFlags); + + rv = pph->NewProxiedChannel(url, proxyInfo, + 0, // aProxyResolveFlags + nullptr, // aProxyURI + loadInfo, getter_AddRefs(channel)); + + if (NS_FAILED(rv)) { + MOZ_CRASH("Call to newProxiedChannel failed."); + } + } else { + rv = NS_NewChannel(getter_AddRefs(channel), url, + nsContentUtils::GetSystemPrincipal(), secFlags, + nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST, + nullptr, // aCookieJarSettings + nullptr, // aPerformanceStorage + nullptr, // loadGroup + nullptr, // aCallbacks + loadFlags, // aLoadFlags + nullptr, // aIoService + sandboxFlags); + + if (NS_FAILED(rv)) { + MOZ_CRASH("Call to NS_NewChannel failed."); + } + + loadInfo = channel->LoadInfo(); + } + + if (NS_FAILED(loadInfo->SetSkipContentSniffing(true))) { + MOZ_CRASH("Failed to call SetSkipContentSniffing"); + } + + RefPtr gStreamListener; + nsCOMPtr gHttpChannel; + + gHttpChannel = do_QueryInterface(channel); + rv = gHttpChannel->SetRequestMethod("GET"_ns); + if (NS_FAILED(rv)) { + MOZ_CRASH("SetRequestMethod on gHttpChannel failed."); + } + + nsCOMPtr rc; + rv = rcsvc->NewRequestContext(getter_AddRefs(rc)); + if (NS_FAILED(rv)) { + MOZ_CRASH("NewRequestContext failed."); + } + rcID = rc->GetID(); + + rv = gHttpChannel->SetRequestContextID(rcID); + if (NS_FAILED(rv)) { + MOZ_CRASH("SetRequestContextID on gHttpChannel failed."); + } + + if (!proxyType.IsEmpty()) { + // NewProxiedChannel doesn't allow us to pass loadFlags directly + rv = gHttpChannel->SetLoadFlags(loadFlags); + if (rv != NS_OK) { + MOZ_CRASH("SetRequestMethod on gHttpChannel failed."); + } + } + + gStreamListener = new FuzzingStreamListener(); + gHttpChannel->AsyncOpen(gStreamListener); + + // Wait for StopRequest + gStreamListener->waitUntilDone(); + + bool mainPingBack = false; + + NS_DispatchBackgroundTask(NS_NewRunnableFunction("Dummy", [&]() { + NS_DispatchToMainThread( + NS_NewRunnableFunction("Dummy", [&]() { mainPingBack = true; })); + })); + + SpinEventLoopUntil("FuzzingRunNetworkHttp(mainPingBack)"_ns, + [&]() -> bool { return mainPingBack; }); + + channelRef = do_GetWeakReference(gHttpChannel); + } + + // Wait for the channel to be destroyed + SpinEventLoopUntil( + "FuzzingRunNetworkHttp(channel == nullptr)"_ns, [&]() -> bool { + nsCycleCollector_collect(CCReason::API, nullptr); + nsCOMPtr channel = do_QueryReferent(channelRef); + return channel == nullptr; + }); + + if (!signalNetworkFuzzingDone()) { + // Wait for the connection to indicate closed + SpinEventLoopUntil("FuzzingRunNetworkHttp(gFuzzingConnClosed)"_ns, + [&]() -> bool { return gFuzzingConnClosed; }); + } + + rcsvc->RemoveRequestContext(rcID); + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttp, FuzzingRunNetworkHttp, + NetworkHttp); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttp2, FuzzingRunNetworkHttp, + NetworkHttp2); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttp3, FuzzingRunNetworkHttp, + NetworkHttp3); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttp2ProxyHttp2, + FuzzingRunNetworkHttp, NetworkHttp2ProxyHttp2); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttpProxyHttp2, + FuzzingRunNetworkHttp, NetworkHttpProxyHttp2); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttpProxyPlain, + FuzzingRunNetworkHttp, NetworkHttpProxyPlain); + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkHttp2ProxyPlain, + FuzzingRunNetworkHttp, NetworkHttp2ProxyPlain); + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/fuzz/TestJARFuzzing.cpp b/netwerk/test/fuzz/TestJARFuzzing.cpp new file mode 100644 index 0000000000..3d27a5bf7d --- /dev/null +++ b/netwerk/test/fuzz/TestJARFuzzing.cpp @@ -0,0 +1,187 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +#include + +#include "FuzzingInterface.h" +#include "nsComponentManagerUtils.h" +#include "nsCOMPtr.h" +#include "nsIZipReader.h" +#include "nsNetUtil.h" +#include "nsNetCID.h" +#include "nsPrintfCString.h" +#include "nsString.h" +#include "mozilla/Span.h" +#include "mozilla/Unused.h" +#include "nsIInputStream.h" +#include "nsIStringEnumerator.h" + +enum FuzzMethodType { + eTest = 0, + eGetEntry, + eHasEntry, + eFindEntries, + eInputStream, + eOpenInner, + eLastMethod, +}; +static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID); + +template +T jar_get_num(char** buf, size_t* size) { + if (sizeof(T) > *size) { + return 0; + } + + T* iptr = reinterpret_cast(*buf); + *buf += sizeof(T); + *size -= sizeof(T); + return *iptr; +} + +nsAutoCString jar_get_string(char** buf, size_t* size) { + uint8_t len = jar_get_num(buf, size); + if (len > *size) { + len = static_cast(*size); + } + nsAutoCString str(*buf, len); + + *buf += len; + *size -= len; + return str; +} + +nsresult FuzzEntries(char** buf, size_t* size, nsIZipReader* aReader, + const nsACString& aName) { + uint8_t iters = jar_get_num(buf, size); + nsresult rv; + for (uint8_t i = 0; i < iters; ++i) { + nsAutoCString out; + uint64_t written; + nsCOMPtr entry; + nsCOMPtr stream; + + switch (jar_get_num(buf, size) % eLastMethod) { + case eTest: { + rv = aReader->Test(aName); + NS_ENSURE_SUCCESS(rv, rv); + break; + } + case eGetEntry: { + rv = aReader->GetEntry(aName, getter_AddRefs(entry)); + NS_ENSURE_SUCCESS(rv, rv); + break; + } + case eHasEntry: { + bool has = false; + rv = aReader->HasEntry(aName, &has); + NS_ENSURE_SUCCESS(rv, rv); + break; + } + case eInputStream: + rv = aReader->GetInputStream(aName, getter_AddRefs(stream)); + NS_ENSURE_SUCCESS(rv, rv); + if (NS_FAILED(rv)) { + break; + } + rv = NS_ReadInputStreamToString(stream, out, -1, &written); + NS_ENSURE_SUCCESS(rv, rv); + break; + default: + break; + } + } + return NS_OK; +} + +nsresult FuzzReader(char** buf, size_t* size, nsIZipReader* aReader) { + nsresult rv; + nsAutoCString name; + nsCOMPtr entry; + bool has = false; + nsAutoCString pattern; + nsCOMPtr enumerator; + nsCOMPtr stream; + bool hasMore; + nsAutoCString out; + uint64_t written; + nsCOMPtr newReader = do_CreateInstance(kZipReaderCID, &rv); + switch (jar_get_num(buf, size) % eLastMethod) { + case eTest: + rv = aReader->Test(""_ns); + NS_ENSURE_SUCCESS(rv, rv); + break; + case eGetEntry: + name = jar_get_string(buf, size); + rv = aReader->GetEntry(name, getter_AddRefs(entry)); + NS_ENSURE_SUCCESS(rv, rv); + break; + case eHasEntry: + name = jar_get_string(buf, size); + rv = aReader->HasEntry(name, &has); + NS_ENSURE_SUCCESS(rv, rv); + break; + case eFindEntries: + pattern = jar_get_string(buf, size); + rv = aReader->FindEntries(pattern, getter_AddRefs(enumerator)); + NS_ENSURE_SUCCESS(rv, rv); + while (NS_SUCCEEDED(enumerator->HasMore(&hasMore)) && hasMore) { + if (NS_FAILED(enumerator->GetNext(name))) { + break; + } + rv = FuzzEntries(buf, size, aReader, name); + NS_ENSURE_SUCCESS(rv, rv); + } + + break; + case eInputStream: + name = jar_get_string(buf, size); + rv = aReader->GetInputStream(name, getter_AddRefs(stream)); + NS_ENSURE_SUCCESS(rv, rv); + rv = NS_ReadInputStreamToString(stream, out, -1, &written); + NS_ENSURE_SUCCESS(rv, rv); + break; + case eOpenInner: + name = jar_get_string(buf, size); + rv = newReader->OpenInner(aReader, name); + NS_ENSURE_SUCCESS(rv, rv); + rv = FuzzReader(buf, size, newReader); + NS_ENSURE_SUCCESS(rv, rv); + break; + default: + break; + } + return rv; +} + +static int FuzzingRunJARParser(const uint8_t* data, size_t size) { + char* buf = (char*)data; + nsresult rv; + + nsCOMPtr uri; + nsAutoCString jardata = jar_get_string(&buf, &size); + + nsCOMPtr reader = do_CreateInstance(kZipReaderCID, &rv); + rv = reader->OpenMemory((void*)jardata.get(), jardata.Length()); + NS_ENSURE_SUCCESS(rv, 0); + +#if 0 + // For easily exporting the last test case that triggered a crash. + FILE * f = fopen("/tmp/input.jar", "wb"); + fwrite((void*)jardata.get(), 1, jardata.Length(), f); + fclose(f); +#endif + + uint8_t iters = jar_get_num(&buf, &size); + for (uint8_t i = 0; i < iters; ++i) { + rv = FuzzReader(&buf, &size, reader); + NS_ENSURE_SUCCESS(rv, 0); + } + + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(nullptr, FuzzingRunJARParser, JARParser); diff --git a/netwerk/test/fuzz/TestURIFuzzing.cpp b/netwerk/test/fuzz/TestURIFuzzing.cpp new file mode 100644 index 0000000000..312a0d2db5 --- /dev/null +++ b/netwerk/test/fuzz/TestURIFuzzing.cpp @@ -0,0 +1,238 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ + +#include + +#include "FuzzingInterface.h" +#include "nsComponentManagerUtils.h" +#include "nsCOMPtr.h" +#include "nsIURL.h" +#include "nsIStandardURL.h" +#include "nsIURIMutator.h" +#include "nsNetUtil.h" +#include "nsNetCID.h" +#include "nsPrintfCString.h" +#include "nsString.h" +#include "mozilla/Encoding.h" +#include "mozilla/Span.h" +#include "mozilla/Unused.h" + +template +T get_numeric(char** buf, size_t* size) { + if (sizeof(T) > *size) { + return 0; + } + + T* iptr = reinterpret_cast(*buf); + *buf += sizeof(T); + *size -= sizeof(T); + return *iptr; +} + +nsAutoCString get_string(char** buf, size_t* size) { + uint8_t len = get_numeric(buf, size); + if (len > *size) { + len = static_cast(*size); + } + nsAutoCString str(*buf, len); + + *buf += len; + *size -= len; + return str; +} + +const char* charsets[] = { + "Big5", "EUC-JP", "EUC-KR", "gb18030", + "gbk", "IBM866", "ISO-2022-JP", "ISO-8859-10", + "ISO-8859-13", "ISO-8859-14", "ISO-8859-15", "ISO-8859-16", + "ISO-8859-2", "ISO-8859-3", "ISO-8859-4", "ISO-8859-5", + "ISO-8859-6", "ISO-8859-7", "ISO-8859-8", "ISO-8859-8-I", + "KOI8-R", "KOI8-U", "macintosh", "replacement", + "Shift_JIS", "UTF-16BE", "UTF-16LE", "UTF-8", + "windows-1250", "windows-1251", "windows-1252", "windows-1253", + "windows-1254", "windows-1255", "windows-1256", "windows-1257", + "windows-1258", "windows-874", "x-mac-cyrillic", "x-user-defined"}; + +static int FuzzingRunURIParser(const uint8_t* data, size_t size) { + char* buf = (char*)data; + + nsCOMPtr uri; + nsAutoCString spec = get_string(&buf, &size); + + nsresult rv = NS_NewURI(getter_AddRefs(uri), spec); + + if (NS_FAILED(rv)) { + return 0; + } + + uint8_t iters = get_numeric(&buf, &size); + for (int i = 0; i < iters; i++) { + if (get_numeric(&buf, &size) % 25 != 0) { + NS_MutateURI mutator(uri); + nsAutoCString acdata = get_string(&buf, &size); + + switch (get_numeric(&buf, &size) % 12) { + default: + mutator.SetSpec(acdata); + break; + case 1: + mutator.SetScheme(acdata); + break; + case 2: + mutator.SetUserPass(acdata); + break; + case 3: + mutator.SetUsername(acdata); + break; + case 4: + mutator.SetPassword(acdata); + break; + case 5: + mutator.SetHostPort(acdata); + break; + case 6: + // Called via SetHostPort + mutator.SetHost(acdata); + break; + case 7: + // Called via multiple paths + mutator.SetPathQueryRef(acdata); + break; + case 8: + mutator.SetRef(acdata); + break; + case 9: + mutator.SetFilePath(acdata); + break; + case 10: + mutator.SetQuery(acdata); + break; + case 11: { + const uint8_t index = get_numeric(&buf, &size) % + (sizeof(charsets) / sizeof(char*)); + const char* charset = charsets[index]; + auto encoding = mozilla::Encoding::ForLabelNoReplacement( + mozilla::MakeStringSpan(charset)); + mutator.SetQueryWithEncoding(acdata, encoding); + break; + } + } + + nsresult rv = mutator.Finalize(uri); + if (NS_FAILED(rv)) { + return 0; + } + } else { + nsAutoCString out; + + if (uri) { + switch (get_numeric(&buf, &size) % 26) { + default: + uri->GetSpec(out); + break; + case 1: + uri->GetPrePath(out); + break; + case 2: + uri->GetScheme(out); + break; + case 3: + uri->GetUserPass(out); + break; + case 4: + uri->GetUsername(out); + break; + case 5: + uri->GetPassword(out); + break; + case 6: + uri->GetHostPort(out); + break; + case 7: + uri->GetHost(out); + break; + case 8: { + int rv; + uri->GetPort(&rv); + break; + } + case 9: + uri->GetPathQueryRef(out); + break; + case 10: { + nsCOMPtr other; + bool rv; + nsAutoCString spec = get_string(&buf, &size); + NS_NewURI(getter_AddRefs(other), spec); + uri->Equals(other, &rv); + break; + } + case 11: { + nsAutoCString scheme = get_string(&buf, &size); + bool rv; + uri->SchemeIs("https", &rv); + break; + } + case 12: { + nsAutoCString in = get_string(&buf, &size); + uri->Resolve(in, out); + break; + } + case 13: + uri->GetAsciiSpec(out); + break; + case 14: + uri->GetAsciiHostPort(out); + break; + case 15: + uri->GetAsciiHost(out); + break; + case 16: + uri->GetRef(out); + break; + case 17: { + nsCOMPtr other; + bool rv; + nsAutoCString spec = get_string(&buf, &size); + NS_NewURI(getter_AddRefs(other), spec); + uri->EqualsExceptRef(other, &rv); + break; + } + case 18: + uri->GetSpecIgnoringRef(out); + break; + case 19: { + bool rv; + uri->GetHasRef(&rv); + break; + } + case 20: + uri->GetFilePath(out); + break; + case 21: + uri->GetQuery(out); + break; + case 22: + uri->GetDisplayHost(out); + break; + case 23: + uri->GetDisplayHostPort(out); + break; + case 24: + uri->GetDisplaySpec(out); + break; + case 25: + uri->GetDisplayPrePath(out); + break; + } + } + } + } + + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(nullptr, FuzzingRunURIParser, URIParser); diff --git a/netwerk/test/fuzz/TestWebsocketFuzzing.cpp b/netwerk/test/fuzz/TestWebsocketFuzzing.cpp new file mode 100644 index 0000000000..89fd08859f --- /dev/null +++ b/netwerk/test/fuzz/TestWebsocketFuzzing.cpp @@ -0,0 +1,229 @@ +#include "mozilla/Preferences.h" + +#include "FuzzingInterface.h" +#include "FuzzyLayer.h" +#include "mozilla/SpinEventLoopUntil.h" +#include "nsComponentManagerUtils.h" +#include "nsCOMPtr.h" +#include "nsContentUtils.h" +#include "nsCycleCollector.h" +#include "nsIPrincipal.h" +#include "nsIWebSocketChannel.h" +#include "nsIWebSocketListener.h" +#include "nsNetCID.h" +#include "nsNetUtil.h" +#include "nsString.h" +#include "nsScriptSecurityManager.h" +#include "nsServiceManagerUtils.h" +#include "NullPrincipal.h" +#include "nsSandboxFlags.h" + +namespace mozilla { +namespace net { + +// Used to determine if the fuzzing target should use https:// in spec. +static bool fuzzWSS = true; + +class FuzzingWebSocketListener final : public nsIWebSocketListener { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIWEBSOCKETLISTENER + + FuzzingWebSocketListener() = default; + + void waitUntilDoneOrStarted() { + SpinEventLoopUntil("FuzzingWebSocketListener::waitUntilDoneOrStarted"_ns, + [&]() { return mChannelDone || mChannelStarted; }); + } + + void waitUntilDone() { + SpinEventLoopUntil("FuzzingWebSocketListener::waitUntilDone"_ns, + [&]() { return mChannelDone; }); + } + + void waitUntilDoneOrAck() { + SpinEventLoopUntil("FuzzingWebSocketListener::waitUntilDoneOrAck"_ns, + [&]() { return mChannelDone || mChannelAck; }); + } + + bool isStarted() { return mChannelStarted; } + + private: + ~FuzzingWebSocketListener() = default; + bool mChannelDone = false; + bool mChannelStarted = false; + bool mChannelAck = false; +}; + +NS_IMPL_ISUPPORTS(FuzzingWebSocketListener, nsIWebSocketListener) + +NS_IMETHODIMP +FuzzingWebSocketListener::OnStart(nsISupports* aContext) { + FUZZING_LOG(("FuzzingWebSocketListener::OnStart")); + mChannelStarted = true; + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnStop(nsISupports* aContext, nsresult aStatusCode) { + FUZZING_LOG(("FuzzingWebSocketListener::OnStop")); + mChannelDone = true; + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnAcknowledge(nsISupports* aContext, uint32_t aSize) { + FUZZING_LOG(("FuzzingWebSocketListener::OnAcknowledge")); + mChannelAck = true; + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnServerClose(nsISupports* aContext, uint16_t aCode, + const nsACString& aReason) { + FUZZING_LOG(("FuzzingWebSocketListener::OnServerClose")); + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnMessageAvailable(nsISupports* aContext, + const nsACString& aMsg) { + FUZZING_LOG(("FuzzingWebSocketListener::OnMessageAvailable")); + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnBinaryMessageAvailable(nsISupports* aContext, + const nsACString& aMsg) { + FUZZING_LOG(("FuzzingWebSocketListener::OnBinaryMessageAvailable")); + return NS_OK; +} + +NS_IMETHODIMP +FuzzingWebSocketListener::OnError() { + FUZZING_LOG(("FuzzingWebSocketListener::OnError")); + return NS_OK; +} + +static int FuzzingInitNetworkWebsocket(int* argc, char*** argv) { + Preferences::SetBool("network.dns.native-is-localhost", true); + Preferences::SetBool("fuzzing.necko.enabled", true); + Preferences::SetBool("network.websocket.delay-failed-reconnects", false); + Preferences::SetInt("network.http.speculative-parallel-limit", 0); + Preferences::SetInt("network.proxy.type", 0); // PROXYCONFIG_DIRECT + return 0; +} + +static int FuzzingInitNetworkWebsocketPlain(int* argc, char*** argv) { + fuzzWSS = false; + return FuzzingInitNetworkWebsocket(argc, argv); +} + +static int FuzzingRunNetworkWebsocket(const uint8_t* data, size_t size) { + // Set the data to be processed + addNetworkFuzzingBuffer(data, size); + + nsWeakPtr channelRef; + + { + nsresult rv; + + nsSecurityFlags secFlags; + secFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL; + uint32_t sandboxFlags = SANDBOXED_ORIGIN; + + nsCOMPtr url; + nsAutoCString spec; + RefPtr gWebSocketListener; + nsCOMPtr gWebSocketChannel; + + if (fuzzWSS) { + spec = "https://127.0.0.1/"; + gWebSocketChannel = + do_CreateInstance("@mozilla.org/network/protocol;1?name=wss", &rv); + } else { + spec = "http://127.0.0.1/"; + gWebSocketChannel = + do_CreateInstance("@mozilla.org/network/protocol;1?name=ws", &rv); + } + + if (rv != NS_OK) { + MOZ_CRASH("Failed to create WebSocketChannel"); + } + + if (NS_NewURI(getter_AddRefs(url), spec) != NS_OK) { + MOZ_CRASH("Call to NS_NewURI failed."); + } + + nsCOMPtr nullPrincipal = + NullPrincipal::CreateWithoutOriginAttributes(); + + rv = gWebSocketChannel->InitLoadInfoNative( + nullptr, nullPrincipal, nsContentUtils::GetSystemPrincipal(), nullptr, + secFlags, nsIContentPolicy::TYPE_WEBSOCKET, sandboxFlags); + + if (rv != NS_OK) { + MOZ_CRASH("Failed to call InitLoadInfo"); + } + + gWebSocketListener = new FuzzingWebSocketListener(); + + OriginAttributes attrs; + rv = gWebSocketChannel->AsyncOpenNative(url, spec, attrs, 0, + gWebSocketListener, nullptr); + + if (rv == NS_OK) { + FUZZING_LOG(("Successful call to AsyncOpen")); + + // Wait for StartRequest or StopRequest + gWebSocketListener->waitUntilDoneOrStarted(); + + if (gWebSocketListener->isStarted()) { + rv = gWebSocketChannel->SendBinaryMsg("Hello world"_ns); + + if (rv != NS_OK) { + FUZZING_LOG(("Warning: Failed to call SendBinaryMsg")); + } else { + gWebSocketListener->waitUntilDoneOrAck(); + } + + rv = gWebSocketChannel->Close(1000, ""_ns); + + if (rv != NS_OK) { + FUZZING_LOG(("Warning: Failed to call close")); + } + } + + // Wait for StopRequest + gWebSocketListener->waitUntilDone(); + } else { + FUZZING_LOG(("Warning: Failed to call AsyncOpen")); + } + + channelRef = do_GetWeakReference(gWebSocketChannel); + } + + // Wait for the channel to be destroyed + SpinEventLoopUntil( + "FuzzingRunNetworkWebsocket(channel == nullptr)"_ns, [&]() -> bool { + nsCycleCollector_collect(CCReason::API, nullptr); + nsCOMPtr channel = do_QueryReferent(channelRef); + return channel == nullptr; + }); + + if (!signalNetworkFuzzingDone()) { + // Wait for the connection to indicate closed + SpinEventLoopUntil("FuzzingRunNetworkWebsocket(gFuzzingConnClosed)"_ns, + [&]() -> bool { return gFuzzingConnClosed; }); + } + + return 0; +} + +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkWebsocket, + FuzzingRunNetworkWebsocket, NetworkWebsocket); +MOZ_FUZZING_INTERFACE_RAW(FuzzingInitNetworkWebsocketPlain, + FuzzingRunNetworkWebsocket, NetworkWebsocketPlain); + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/fuzz/moz.build b/netwerk/test/fuzz/moz.build new file mode 100644 index 0000000000..969b9b0b82 --- /dev/null +++ b/netwerk/test/fuzz/moz.build @@ -0,0 +1,32 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + "FuzzingStreamListener.cpp", + "TestHttpFuzzing.cpp", + "TestJARFuzzing.cpp", + "TestURIFuzzing.cpp", + "TestWebsocketFuzzing.cpp", +] + +LOCAL_INCLUDES += [ + "/caps", + "/netwerk/base", + "/netwerk/protocol/http", + "/xpcom/tests/gtest", +] + +EXPORTS.mozilla.fuzzing += [ + "FuzzingStreamListener.h", +] + +include("/ipc/chromium/chromium-config.mozbuild") + +FINAL_LIBRARY = "xul-gtest" + +LOCAL_INCLUDES += ["!/xpcom", "/xpcom/components"] + +include("/tools/fuzzing/libfuzzer-config.mozbuild") diff --git a/netwerk/test/fuzz/url_tokens.dict b/netwerk/test/fuzz/url_tokens.dict new file mode 100644 index 0000000000..f297ad5de7 --- /dev/null +++ b/netwerk/test/fuzz/url_tokens.dict @@ -0,0 +1,51 @@ +### netwerk/base/nsStandardURL.cpp +# Control characters +" " +"#" +"/" +":" +"?" +"@" +"[" +"\\" +"]" +"*" +"<" +">" +"|" +"\\" + +# URI schemes +"about" +"android" +"blob" +"chrome" +"data" +"file" +"ftp" +"http" +"https" +"indexeddb" +"jar" +"javascript" +"moz" +"moz-safe-about" +"page" +"resource" +"sftp" +"smb" +"ssh" +"view" +"ws" +"wss" + +# URI Hosts +"selfuri.com" +"127.0.0.1" +"::1" + +# about protocol safe paths +"blank" +"license" +"logo" +"srcdoc" diff --git a/netwerk/test/gtest/TestBase64Stream.cpp b/netwerk/test/gtest/TestBase64Stream.cpp new file mode 100644 index 0000000000..47ef9e7bc6 --- /dev/null +++ b/netwerk/test/gtest/TestBase64Stream.cpp @@ -0,0 +1,123 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "mozilla/Base64.h" +#include "mozilla/gtest/MozAssertions.h" +#include "nsCOMPtr.h" +#include "nsIInputStream.h" +#include "nsStringStream.h" + +namespace mozilla { +namespace net { + +// An input stream whose ReadSegments method calls aWriter with writes of size +// aStep from the provided aInput in order to test edge-cases related to small +// buffers. +class TestStream final : public nsIInputStream { + public: + NS_DECL_ISUPPORTS; + + TestStream(const nsACString& aInput, uint32_t aStep) + : mInput(aInput), mStep(aStep) {} + + NS_IMETHOD Close() override { MOZ_CRASH("This should not be called"); } + + NS_IMETHOD Available(uint64_t* aLength) override { + *aLength = mInput.Length() - mPos; + return NS_OK; + } + + NS_IMETHOD StreamStatus() override { return NS_OK; } + + NS_IMETHOD Read(char* aBuffer, uint32_t aCount, + uint32_t* aReadCount) override { + MOZ_CRASH("This should not be called"); + } + + NS_IMETHOD ReadSegments(nsWriteSegmentFun aWriter, void* aClosure, + uint32_t aCount, uint32_t* aResult) override { + *aResult = 0; + + if (mPos == mInput.Length()) { + return NS_OK; + } + + while (aCount > 0) { + uint32_t amt = std::min(mStep, (uint32_t)(mInput.Length() - mPos)); + + uint32_t read = 0; + nsresult rv = + aWriter(this, aClosure, mInput.get() + mPos, *aResult, amt, &read); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + *aResult += read; + aCount -= read; + mPos += read; + } + + return NS_OK; + } + + NS_IMETHOD IsNonBlocking(bool* aNonBlocking) override { + *aNonBlocking = true; + return NS_OK; + } + + private: + ~TestStream() = default; + + nsCString mInput; + const uint32_t mStep; + uint32_t mPos = 0; +}; + +NS_IMPL_ISUPPORTS(TestStream, nsIInputStream) + +// Test the base64 encoder with writer buffer sizes between 1 byte and the +// entire length of "Hello World!" in order to exercise various edge cases. +TEST(TestBase64Stream, Run) +{ + nsCString input; + input.AssignLiteral("Hello World!"); + + for (uint32_t step = 1; step <= input.Length(); ++step) { + RefPtr ts = new TestStream(input, step); + + nsAutoString encodedData; + nsresult rv = Base64EncodeInputStream(ts, encodedData, input.Length()); + ASSERT_NS_SUCCEEDED(rv); + + EXPECT_TRUE(encodedData.EqualsLiteral("SGVsbG8gV29ybGQh")); + } +} + +TEST(TestBase64Stream, VaryingCount) +{ + nsCString input; + input.AssignLiteral("Hello World!"); + + std::pair tests[] = { + {0, "SGVsbG8gV29ybGQh"_ns}, {1, "SA=="_ns}, + {5, "SGVsbG8="_ns}, {11, "SGVsbG8gV29ybGQ="_ns}, + {12, "SGVsbG8gV29ybGQh"_ns}, {13, "SGVsbG8gV29ybGQh"_ns}, + }; + + for (auto& [count, expected] : tests) { + nsCOMPtr is; + nsresult rv = NS_NewCStringInputStream(getter_AddRefs(is), input); + ASSERT_NS_SUCCEEDED(rv); + + nsAutoCString encodedData; + rv = Base64EncodeInputStream(is, encodedData, count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(encodedData, expected) << "count: " << count; + } +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestBind.cpp b/netwerk/test/gtest/TestBind.cpp new file mode 100644 index 0000000000..371a09fdab --- /dev/null +++ b/netwerk/test/gtest/TestBind.cpp @@ -0,0 +1,187 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TestCommon.h" +#include "gtest/gtest.h" +#include "mozilla/gtest/MozAssertions.h" +#include "nsISocketTransportService.h" +#include "nsISocketTransport.h" +#include "nsIServerSocket.h" +#include "nsIAsyncInputStream.h" +#include "mozilla/net/DNS.h" +#include "prerror.h" +#include "../../base/nsSocketTransportService2.h" +#include "nsComponentManagerUtils.h" +#include "nsServiceManagerUtils.h" + +using namespace mozilla::net; +using namespace mozilla; + +class ServerListener : public nsIServerSocketListener { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSISERVERSOCKETLISTENER + + explicit ServerListener(WaitForCondition* waiter); + + // Port that is got from server side will be store here. + uint32_t mClientPort; + bool mFailed; + RefPtr mWaiter; + + private: + virtual ~ServerListener(); +}; + +NS_IMPL_ISUPPORTS(ServerListener, nsIServerSocketListener) + +ServerListener::ServerListener(WaitForCondition* waiter) + : mClientPort(-1), mFailed(false), mWaiter(waiter) {} + +ServerListener::~ServerListener() = default; + +NS_IMETHODIMP +ServerListener::OnSocketAccepted(nsIServerSocket* aServ, + nsISocketTransport* aTransport) { + // Run on STS thread. + NetAddr peerAddr; + nsresult rv = aTransport->GetPeerAddr(&peerAddr); + if (NS_FAILED(rv)) { + mFailed = true; + mWaiter->Notify(); + return NS_OK; + } + mClientPort = PR_ntohs(peerAddr.inet.port); + mWaiter->Notify(); + return NS_OK; +} + +NS_IMETHODIMP +ServerListener::OnStopListening(nsIServerSocket* aServ, nsresult aStatus) { + return NS_OK; +} + +class ClientInputCallback : public nsIInputStreamCallback { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIINPUTSTREAMCALLBACK + + explicit ClientInputCallback(WaitForCondition* waiter); + + bool mFailed; + RefPtr mWaiter; + + private: + virtual ~ClientInputCallback(); +}; + +NS_IMPL_ISUPPORTS(ClientInputCallback, nsIInputStreamCallback) + +ClientInputCallback::ClientInputCallback(WaitForCondition* waiter) + : mFailed(false), mWaiter(waiter) {} + +ClientInputCallback::~ClientInputCallback() = default; + +NS_IMETHODIMP +ClientInputCallback::OnInputStreamReady(nsIAsyncInputStream* aStream) { + // Server doesn't send. That means if we are here, we probably have run into + // an error. + uint64_t avail; + nsresult rv = aStream->Available(&avail); + if (NS_FAILED(rv)) { + mFailed = true; + } + mWaiter->Notify(); + return NS_OK; +} + +TEST(TestBind, MainTest) +{ + // + // Server side. + // + nsCOMPtr server = + do_CreateInstance("@mozilla.org/network/server-socket;1"); + ASSERT_TRUE(server); + + nsresult rv = server->Init(-1, true, -1); + ASSERT_NS_SUCCEEDED(rv); + + int32_t serverPort; + rv = server->GetPort(&serverPort); + ASSERT_NS_SUCCEEDED(rv); + + RefPtr waiter = new WaitForCondition(); + + // Listening. + RefPtr serverListener = new ServerListener(waiter); + rv = server->AsyncListen(serverListener); + ASSERT_NS_SUCCEEDED(rv); + + // + // Client side + // + uint32_t bindingPort = 20000; + nsCOMPtr service = + do_GetService("@mozilla.org/network/socket-transport-service;1", &rv); + ASSERT_NS_SUCCEEDED(rv); + + nsCOMPtr inputStream; + RefPtr clientCallback; + + auto* sts = gSocketTransportService; + ASSERT_TRUE(sts); + for (int32_t tried = 0; tried < 100; tried++) { + NS_DispatchAndSpinEventLoopUntilComplete( + "test"_ns, sts, NS_NewRunnableFunction("test", [&]() { + nsCOMPtr client; + rv = service->CreateTransport(nsTArray(), "127.0.0.1"_ns, + serverPort, nullptr, nullptr, + getter_AddRefs(client)); + ASSERT_NS_SUCCEEDED(rv); + + // Bind to a port. It's possible that we are binding to a port + // that is currently in use. If we failed to bind, we try next + // port. + NetAddr bindingAddr; + bindingAddr.inet.family = AF_INET; + bindingAddr.inet.ip = 0; + bindingAddr.inet.port = PR_htons(bindingPort); + rv = client->Bind(&bindingAddr); + ASSERT_NS_SUCCEEDED(rv); + + // Open IO streams, to make client SocketTransport connect to + // server. + clientCallback = new ClientInputCallback(waiter); + rv = client->OpenInputStream(nsITransport::OPEN_UNBUFFERED, 0, 0, + getter_AddRefs(inputStream)); + ASSERT_NS_SUCCEEDED(rv); + + nsCOMPtr asyncInputStream = + do_QueryInterface(inputStream); + rv = asyncInputStream->AsyncWait(clientCallback, 0, 0, nullptr); + })); + + // Wait for server's response or callback of input stream. + waiter->Wait(1); + if (clientCallback->mFailed) { + // if client received error, we likely have bound a port that is + // in use. we can try another port. + bindingPort++; + } else { + // We are unlocked by server side, leave the loop and check + // result. + break; + } + } + + ASSERT_FALSE(serverListener->mFailed); + ASSERT_EQ(serverListener->mClientPort, bindingPort); + + inputStream->Close(); + waiter->Wait(1); + ASSERT_TRUE(clientCallback->mFailed); + + server->Close(); +} diff --git a/netwerk/test/gtest/TestBufferedInputStream.cpp b/netwerk/test/gtest/TestBufferedInputStream.cpp new file mode 100644 index 0000000000..7230fe7e5b --- /dev/null +++ b/netwerk/test/gtest/TestBufferedInputStream.cpp @@ -0,0 +1,252 @@ +#include "gtest/gtest.h" + +#include "mozilla/SpinEventLoopUntil.h" +#include "nsBufferedStreams.h" +#include "nsIThread.h" +#include "nsNetUtil.h" +#include "nsStreamUtils.h" +#include "nsThreadUtils.h" +#include "Helpers.h" + +// Helper function for creating a testing::AsyncStringStream +already_AddRefed CreateStream(uint32_t aSize, + nsCString& aBuffer) { + aBuffer.SetLength(aSize); + for (uint32_t i = 0; i < aSize; ++i) { + aBuffer.BeginWriting()[i] = i % 10; + } + + nsCOMPtr stream = new testing::AsyncStringStream(aBuffer); + + RefPtr bis = new nsBufferedInputStream(); + bis->Init(stream, aSize); + return bis.forget(); +} + +// Simple reading. +TEST(TestBufferedInputStream, SimpleRead) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + uint64_t length; + ASSERT_EQ(NS_OK, bis->Available(&length)); + ASSERT_EQ((uint64_t)kBufSize, length); + + char buf2[kBufSize]; + uint32_t count; + ASSERT_EQ(NS_OK, bis->Read(buf2, sizeof(buf2), &count)); + ASSERT_EQ(count, buf.Length()); + ASSERT_TRUE(nsCString(buf.get(), kBufSize).Equals(nsCString(buf2, count))); +} + +// Simple segment reading. +TEST(TestBufferedInputStream, SimpleReadSegments) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + char buf2[kBufSize]; + uint32_t count; + ASSERT_EQ(NS_OK, bis->ReadSegments(NS_CopySegmentToBuffer, buf2, sizeof(buf2), + &count)); + ASSERT_EQ(count, buf.Length()); + ASSERT_TRUE(nsCString(buf.get(), kBufSize).Equals(nsCString(buf2, count))); +} + +// AsyncWait - sync +TEST(TestBufferedInputStream, AsyncWait_sync) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + RefPtr cb = new testing::InputStreamCallback(); + + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, 0, 0, nullptr)); + + // Immediatelly called + ASSERT_TRUE(cb->Called()); +} + +// AsyncWait - async +TEST(TestBufferedInputStream, AsyncWait_async) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + RefPtr cb = new testing::InputStreamCallback(); + nsCOMPtr thread = do_GetCurrentThread(); + + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, 0, 0, thread)); + + ASSERT_FALSE(cb->Called()); + + // Eventually it is called. + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncWait_async)"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); +} + +// AsyncWait - sync - closureOnly +TEST(TestBufferedInputStream, AsyncWait_sync_closureOnly) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + RefPtr cb = new testing::InputStreamCallback(); + + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, nsIAsyncInputStream::WAIT_CLOSURE_ONLY, 0, + nullptr)); + ASSERT_FALSE(cb->Called()); + + bis->CloseWithStatus(NS_ERROR_FAILURE); + + // Immediatelly called + ASSERT_TRUE(cb->Called()); +} + +// AsyncWait - async +TEST(TestBufferedInputStream, AsyncWait_async_closureOnly) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + RefPtr cb = new testing::InputStreamCallback(); + nsCOMPtr thread = do_GetCurrentThread(); + + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, nsIAsyncInputStream::WAIT_CLOSURE_ONLY, 0, + thread)); + + ASSERT_FALSE(cb->Called()); + bis->CloseWithStatus(NS_ERROR_FAILURE); + ASSERT_FALSE(cb->Called()); + + // Eventually it is called. + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncWait_async_closureOnly)"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); +} + +TEST(TestBufferedInputStream, AsyncWait_after_close) +{ + const size_t kBufSize = 10; + + nsCString buf; + RefPtr bis = CreateStream(kBufSize, buf); + + nsCOMPtr eventTarget = do_GetCurrentThread(); + + auto cb = mozilla::MakeRefPtr(); + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, 0, 0, eventTarget)); + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncWait_after_close) 1"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); + + ASSERT_EQ(NS_OK, bis->Close()); + + cb = mozilla::MakeRefPtr(); + ASSERT_EQ(NS_OK, bis->AsyncWait(cb, 0, 0, eventTarget)); + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncWait_after_close) 2"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); +} + +TEST(TestBufferedInputStream, AsyncLengthWait_after_close) +{ + nsCString buf{"The Quick Brown Fox Jumps over the Lazy Dog"}; + const size_t kBufSize = 44; + + RefPtr bis = CreateStream(kBufSize, buf); + + nsCOMPtr eventTarget = do_GetCurrentThread(); + + auto cb = mozilla::MakeRefPtr(); + ASSERT_EQ(NS_OK, bis->AsyncLengthWait(cb, eventTarget)); + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncLengthWait_after_close) 1"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); + + uint64_t length; + ASSERT_EQ(NS_OK, bis->Available(&length)); + ASSERT_EQ((uint64_t)kBufSize, length); + + cb = mozilla::MakeRefPtr(); + ASSERT_EQ(NS_OK, bis->AsyncLengthWait(cb, eventTarget)); + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestBufferedInputStream, AsyncLengthWait_after_close) 2"_ns, + [&]() { return cb->Called(); })); + ASSERT_TRUE(cb->Called()); +} + +// This stream returns a few bytes on the first read, and error on the second. +class BrokenInputStream : public nsIInputStream { + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIINPUTSTREAM + private: + virtual ~BrokenInputStream() = default; + bool mFirst = true; +}; + +NS_IMPL_ISUPPORTS(BrokenInputStream, nsIInputStream) + +NS_IMETHODIMP BrokenInputStream::Close(void) { return NS_OK; } + +NS_IMETHODIMP BrokenInputStream::Available(uint64_t* _retval) { + *_retval = 100; + return NS_OK; +} + +NS_IMETHODIMP BrokenInputStream::StreamStatus(void) { return NS_OK; } + +NS_IMETHODIMP BrokenInputStream::Read(char* aBuf, uint32_t aCount, + uint32_t* _retval) { + if (mFirst) { + aBuf[0] = 'h'; + aBuf[1] = 'e'; + aBuf[2] = 'l'; + aBuf[3] = 0; + *_retval = 4; + mFirst = false; + return NS_OK; + } + return NS_ERROR_CORRUPTED_CONTENT; +} + +NS_IMETHODIMP BrokenInputStream::ReadSegments(nsWriteSegmentFun aWriter, + void* aClosure, uint32_t aCount, + uint32_t* _retval) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP BrokenInputStream::IsNonBlocking(bool* _retval) { + *_retval = false; + return NS_OK; +} + +// Check that the error from BrokenInputStream::Read is propagated +// through NS_ReadInputStreamToString +TEST(TestBufferedInputStream, BrokenInputStreamToBuffer) +{ + nsAutoCString out; + RefPtr stream = new BrokenInputStream(); + + nsresult rv = NS_ReadInputStreamToString(stream, out, -1); + ASSERT_EQ(rv, NS_ERROR_CORRUPTED_CONTENT); +} diff --git a/netwerk/test/gtest/TestCommon.cpp b/netwerk/test/gtest/TestCommon.cpp new file mode 100644 index 0000000000..37c08fbed8 --- /dev/null +++ b/netwerk/test/gtest/TestCommon.cpp @@ -0,0 +1,7 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TestCommon.h" + +NS_IMPL_ISUPPORTS(WaitForCondition, nsIRunnable) diff --git a/netwerk/test/gtest/TestCommon.h b/netwerk/test/gtest/TestCommon.h new file mode 100644 index 0000000000..0d2fd74e5b --- /dev/null +++ b/netwerk/test/gtest/TestCommon.h @@ -0,0 +1,45 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef TestCommon_h__ +#define TestCommon_h__ + +#include +#include "nsThreadUtils.h" +#include "mozilla/Attributes.h" +#include "mozilla/SpinEventLoopUntil.h" + +//----------------------------------------------------------------------------- + +class WaitForCondition final : public nsIRunnable { + public: + NS_DECL_THREADSAFE_ISUPPORTS + + void Wait(int pending) { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(mPending == 0); + + mPending = pending; + mozilla::SpinEventLoopUntil("TestCommon.h:WaitForCondition::Wait"_ns, + [&]() { return !mPending; }); + NS_ProcessPendingEvents(nullptr); + } + + void Notify() { NS_DispatchToMainThread(this); } + + private: + virtual ~WaitForCondition() = default; + + NS_IMETHOD Run() override { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(mPending); + + --mPending; + return NS_OK; + } + + uint32_t mPending = 0; +}; + +#endif diff --git a/netwerk/test/gtest/TestCookie.cpp b/netwerk/test/gtest/TestCookie.cpp new file mode 100644 index 0000000000..4812ee47f1 --- /dev/null +++ b/netwerk/test/gtest/TestCookie.cpp @@ -0,0 +1,1126 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TestCommon.h" +#include "gtest/gtest.h" +#include "nsContentUtils.h" +#include "nsICookieService.h" +#include "nsICookieManager.h" +#include "nsICookie.h" +#include +#include "plstr.h" +#include "nsNetUtil.h" +#include "nsIChannel.h" +#include "nsIPrincipal.h" +#include "nsIScriptSecurityManager.h" +#include "nsServiceManagerUtils.h" +#include "nsNetCID.h" +#include "nsIPrefBranch.h" +#include "nsIPrefService.h" +#include "mozilla/dom/Document.h" +#include "mozilla/gtest/MozAssertions.h" +#include "mozilla/Preferences.h" +#include "mozilla/Unused.h" +#include "mozilla/net/CookieJarSettings.h" +#include "Cookie.h" +#include "nsIURI.h" + +using namespace mozilla; +using namespace mozilla::net; + +static NS_DEFINE_CID(kCookieServiceCID, NS_COOKIESERVICE_CID); +static NS_DEFINE_CID(kPrefServiceCID, NS_PREFSERVICE_CID); + +// various pref strings +static const char kCookiesPermissions[] = "network.cookie.cookieBehavior"; +static const char kPrefCookieQuotaPerHost[] = "network.cookie.quotaPerHost"; +static const char kCookiesMaxPerHost[] = "network.cookie.maxPerHost"; + +#define OFFSET_ONE_WEEK int64_t(604800) * PR_USEC_PER_SEC +#define OFFSET_ONE_DAY int64_t(86400) * PR_USEC_PER_SEC + +// Set server time or expiry time +void SetTime(PRTime offsetTime, nsAutoCString& serverString, + nsAutoCString& cookieString, bool expiry) { + char timeStringPreset[40]; + PRTime CurrentTime = PR_Now(); + PRTime SetCookieTime = CurrentTime + offsetTime; + PRTime SetExpiryTime; + if (expiry) { + SetExpiryTime = SetCookieTime - OFFSET_ONE_DAY; + } else { + SetExpiryTime = SetCookieTime + OFFSET_ONE_DAY; + } + + // Set server time string + PRExplodedTime explodedTime; + PR_ExplodeTime(SetCookieTime, PR_GMTParameters, &explodedTime); + PR_FormatTimeUSEnglish(timeStringPreset, 40, "%c GMT", &explodedTime); + serverString.Assign(timeStringPreset); + + // Set cookie string + PR_ExplodeTime(SetExpiryTime, PR_GMTParameters, &explodedTime); + PR_FormatTimeUSEnglish(timeStringPreset, 40, "%c GMT", &explodedTime); + cookieString.ReplaceLiteral( + 0, strlen("test=expiry; expires=") + strlen(timeStringPreset) + 1, + "test=expiry; expires="); + cookieString.Append(timeStringPreset); +} + +void SetACookieInternal(nsICookieService* aCookieService, const char* aSpec, + const char* aCookieString, bool aAllowed) { + nsCOMPtr uri; + NS_NewURI(getter_AddRefs(uri), aSpec); + + // We create a dummy channel using the aSpec to simulate same-siteness + nsresult rv0; + nsCOMPtr ssm = + do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0); + ASSERT_NS_SUCCEEDED(rv0); + nsCOMPtr specPrincipal; + nsCString tmpString(aSpec); + ssm->CreateContentPrincipalFromOrigin(tmpString, + getter_AddRefs(specPrincipal)); + + nsCOMPtr dummyChannel; + NS_NewChannel(getter_AddRefs(dummyChannel), uri, specPrincipal, + nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, + nsIContentPolicy::TYPE_OTHER); + + nsCOMPtr cookieJarSettings = + aAllowed + ? CookieJarSettings::Create(CookieJarSettings::eRegular, + /* shouldResistFingerprinting */ false) + : CookieJarSettings::GetBlockingAll( + /* shouldResistFingerprinting */ false); + MOZ_ASSERT(cookieJarSettings); + + nsCOMPtr loadInfo = dummyChannel->LoadInfo(); + loadInfo->SetCookieJarSettings(cookieJarSettings); + + nsresult rv = aCookieService->SetCookieStringFromHttp( + uri, nsDependentCString(aCookieString), dummyChannel); + EXPECT_NS_SUCCEEDED(rv); +} + +void SetACookieJarBlocked(nsICookieService* aCookieService, const char* aSpec, + const char* aCookieString) { + SetACookieInternal(aCookieService, aSpec, aCookieString, false); +} + +void SetACookie(nsICookieService* aCookieService, const char* aSpec, + const char* aCookieString) { + SetACookieInternal(aCookieService, aSpec, aCookieString, true); +} + +// The cookie string is returned via aCookie. +void GetACookie(nsICookieService* aCookieService, const char* aSpec, + nsACString& aCookie) { + nsCOMPtr uri; + NS_NewURI(getter_AddRefs(uri), aSpec); + + nsCOMPtr service = do_GetIOService(); + + nsCOMPtr channel; + Unused << service->NewChannelFromURI( + uri, nullptr, nsContentUtils::GetSystemPrincipal(), + nsContentUtils::GetSystemPrincipal(), 0, nsIContentPolicy::TYPE_DOCUMENT, + getter_AddRefs(channel)); + + Unused << aCookieService->GetCookieStringFromHttp(uri, channel, aCookie); +} + +// The cookie string is returned via aCookie. +void GetACookieNoHttp(nsICookieService* aCookieService, const char* aSpec, + nsACString& aCookie) { + nsCOMPtr uri; + NS_NewURI(getter_AddRefs(uri), aSpec); + + RefPtr principal = + BasePrincipal::CreateContentPrincipal(uri, OriginAttributes()); + MOZ_ASSERT(principal); + + nsCOMPtr document; + nsresult rv = NS_NewDOMDocument(getter_AddRefs(document), + u""_ns, // aNamespaceURI + u""_ns, // aQualifiedName + nullptr, // aDoctype + uri, uri, principal, + false, // aLoadedAsData + nullptr, // aEventObject + DocumentFlavorHTML); + Unused << NS_WARN_IF(NS_FAILED(rv)); + + Unused << aCookieService->GetCookieStringFromDocument(document, aCookie); +} + +// some #defines for comparison rules +#define MUST_BE_NULL 0 +#define MUST_EQUAL 1 +#define MUST_CONTAIN 2 +#define MUST_NOT_CONTAIN 3 +#define MUST_NOT_EQUAL 4 + +// a simple helper function to improve readability: +// takes one of the #defined rules above, and performs the appropriate test. +// true means the test passed; false means the test failed. +static inline bool CheckResult(const char* aLhs, uint32_t aRule, + const char* aRhs = nullptr) { + switch (aRule) { + case MUST_BE_NULL: + return !aLhs || !*aLhs; + + case MUST_EQUAL: + return !PL_strcmp(aLhs, aRhs); + + case MUST_NOT_EQUAL: + return PL_strcmp(aLhs, aRhs); + + case MUST_CONTAIN: + return strstr(aLhs, aRhs) != nullptr; + + case MUST_NOT_CONTAIN: + return strstr(aLhs, aRhs) == nullptr; + + default: + return false; // failure + } +} + +void InitPrefs(nsIPrefBranch* aPrefBranch) { + // init some relevant prefs, so the tests don't go awry. + // we use the most restrictive set of prefs we can; + // however, we don't test third party blocking here. + aPrefBranch->SetIntPref(kCookiesPermissions, 0); // accept all + // Set quotaPerHost to maxPerHost - 1, so there is only one cookie + // will be evicted everytime. + aPrefBranch->SetIntPref(kPrefCookieQuotaPerHost, 49); + // Set the base domain limit to 50 so we have a known value. + aPrefBranch->SetIntPref(kCookiesMaxPerHost, 50); + + // SameSite=None by default. We have other tests for lax-by-default. + // XXX: Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by + // default" + Preferences::SetBool("network.cookie.sameSite.laxByDefault", false); + Preferences::SetBool("network.cookieJarSettings.unblocked_for_testing", true); + Preferences::SetBool("dom.securecontext.allowlist_onions", false); + Preferences::SetBool("network.cookie.sameSite.schemeful", false); +} + +TEST(TestCookie, TestCookieMain) +{ + nsresult rv0; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv0); + ASSERT_NS_SUCCEEDED(rv0); + + nsCOMPtr prefBranch = do_GetService(kPrefServiceCID, &rv0); + ASSERT_NS_SUCCEEDED(rv0); + + InitPrefs(prefBranch); + + nsCString cookie; + + /* The basic idea behind these tests is the following: + * + * we set() some cookie, then try to get() it in various ways. we have + * several possible tests we perform on the cookie string returned from + * get(): + * + * a) check whether the returned string is null (i.e. we got no cookies + * back). this is used e.g. to ensure a given cookie was deleted + * correctly, or to ensure a certain cookie wasn't returned to a given + * host. + * b) check whether the returned string exactly matches a given string. + * this is used where we want to make sure our cookie service adheres to + * some strict spec (e.g. ordering of multiple cookies), or where we + * just know exactly what the returned string should be. + * c) check whether the returned string contains/does not contain a given + * string. this is used where we don't know/don't care about the + * ordering of multiple cookies - we just want to make sure the cookie + * string contains them all, in some order. + * + * NOTE: this testsuite is not yet comprehensive or complete, and is + * somewhat contrived - still under development, and needs improving! + */ + + // test some basic variations of the domain & path + SetACookie(cookieService, "http://www.basic.com", "test=basic"); + GetACookie(cookieService, "http://www.basic.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); + GetACookie(cookieService, "http://www.basic.com/testPath/testfile.txt", + cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); + GetACookie(cookieService, "http://www.basic.com./", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://www.basic.com.", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://www.basic.com./testPath/testfile.txt", + cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://www.basic2.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://www.basic.com", "test=basic; max-age=-1"); + GetACookie(cookieService, "http://www.basic.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // *** domain tests + + // test some variations of the domain & path, for different domains of + // a domain cookie + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=domain.com"); + GetACookie(cookieService, "http://domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + GetACookie(cookieService, "http://domain.com.", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://www.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=domain.com; max-age=-1"); + GetACookie(cookieService, "http://domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=.domain.com"); + GetACookie(cookieService, "http://domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + GetACookie(cookieService, "http://www.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + GetACookie(cookieService, "http://bah.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=.domain.com; max-age=-1"); + GetACookie(cookieService, "http://domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=.foo.domain.com"); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=moose.com"); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=domain.com."); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=..domain.com"); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.domain.com", + "test=domain; domain=..domain.com."); + GetACookie(cookieService, "http://foo.domain.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://path.net/path/file", + R"(test=taco; path="/bogus")"); + GetACookie(cookieService, "http://path.net/path/file", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=taco")); + SetACookie(cookieService, "http://path.net/path/file", + "test=taco; max-age=-1"); + GetACookie(cookieService, "http://path.net/path/file", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // *** path tests + + // test some variations of the domain & path, for different paths of + // a path cookie + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/path"); + GetACookie(cookieService, "http://path.net/path", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); + GetACookie(cookieService, "http://path.net/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); + GetACookie(cookieService, "http://path.net/path/hithere.foo", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); + GetACookie(cookieService, "http://path.net/path?hithere/foo", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); + GetACookie(cookieService, "http://path.net/path2", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://path.net/path2/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/path; max-age=-1"); + GetACookie(cookieService, "http://path.net/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/path/"); + GetACookie(cookieService, "http://path.net/path", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://path.net/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/path/; max-age=-1"); + GetACookie(cookieService, "http://path.net/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // note that a site can set a cookie for a path it's not on. + // this is an intentional deviation from spec (see comments in + // CookieService::CheckPath()), so we test this functionality too + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/foo/"); + GetACookie(cookieService, "http://path.net/path", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + GetACookie(cookieService, "http://path.net/foo", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://path.net/path/file", + "test=path; path=/foo/; max-age=-1"); + GetACookie(cookieService, "http://path.net/foo/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // bug 373228: make sure cookies with paths longer than 1024 bytes, + // and cookies with paths or names containing tabs, are rejected. + // the following cookie has a path > 1024 bytes explicitly specified in the + // cookie + SetACookie( + cookieService, "http://path.net/", + "test=path; " + "path=/" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890/"); + GetACookie( + cookieService, + "http://path.net/" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890", + cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + // the following cookie has a path > 1024 bytes implicitly specified by the + // uri path + SetACookie( + cookieService, + "http://path.net/" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890/", + "test=path"); + GetACookie( + cookieService, + "http://path.net/" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "901234567890123456789012345678901234567890123456789012345678901234567890" + "123456789012345678901234567890123456789012345678901234567890123456789012" + "345678901234567890123456789012345678901234567890123456789012345678901234" + "567890123456789012345678901234567890123456789012345678901234567890123456" + "789012345678901234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890/", + cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + // the following cookie includes a tab in the path + SetACookie(cookieService, "http://path.net/", "test=path; path=/foo\tbar/"); + GetACookie(cookieService, "http://path.net/foo\tbar/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + // the following cookie includes a tab in the name + SetACookie(cookieService, "http://path.net/", "test\ttabs=tab"); + GetACookie(cookieService, "http://path.net/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + // the following cookie includes a tab in the value - allowed + SetACookie(cookieService, "http://path.net/", "test=tab\ttest"); + GetACookie(cookieService, "http://path.net/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=tab\ttest")); + SetACookie(cookieService, "http://path.net/", "test=tab\ttest; max-age=-1"); + GetACookie(cookieService, "http://path.net/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // *** expiry & deletion tests + // XXX add server time str parsing tests here + + // test some variations of the expiry time, + // and test deletion of previously set cookies + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=-1"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=0"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", "test=expiry; expires=bad"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); + SetACookie(cookieService, "http://expireme.org/", + "test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", + R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT)"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", + R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT")"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=-20"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); + SetACookie(cookieService, "http://expireme.org/", + "test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60"); + SetACookie(cookieService, "http://expireme.org/", + "newtest=expiry; max-age=60"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=expiry")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=expiry")); + SetACookie(cookieService, "http://expireme.org/", + "test=differentvalue; max-age=0"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "newtest=expiry")); + SetACookie(cookieService, "http://expireme.org/", + "newtest=evendifferentvalue; max-age=0"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://foo.expireme.org/", + "test=expiry; domain=.expireme.org; max-age=60"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); + SetACookie(cookieService, "http://bar.expireme.org/", + "test=differentvalue; domain=.expireme.org; max-age=0"); + GetACookie(cookieService, "http://expireme.org/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + nsAutoCString ServerTime; + nsAutoCString CookieString; + + // *** multiple cookie tests + + // test the setting of multiple cookies, and test the order of precedence + // (a later cookie overwriting an earlier one, in the same header string) + SetACookie(cookieService, "http://multiple.cookies/", + "test=multiple; domain=.multiple.cookies \n test=different \n " + "test=same; domain=.multiple.cookies \n newtest=ciao \n " + "newtest=foo; max-age=-6 \n newtest=reincarnated"); + GetACookie(cookieService, "http://multiple.cookies/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=multiple")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=different")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=same")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=ciao")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=foo")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=reincarnated")); + SetACookie(cookieService, "http://multiple.cookies/", + "test=expiry; domain=.multiple.cookies; max-age=0"); + GetACookie(cookieService, "http://multiple.cookies/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=same")); + SetACookie(cookieService, "http://multiple.cookies/", + "\n test=different; max-age=0 \n"); + GetACookie(cookieService, "http://multiple.cookies/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=different")); + SetACookie(cookieService, "http://multiple.cookies/", + "newtest=dead; max-age=0"); + GetACookie(cookieService, "http://multiple.cookies/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // *** parser tests + + // test the cookie header parser, under various circumstances. + SetACookie(cookieService, "http://parser.test/", + "test=parser; domain=.parser.test; ;; ;=; ,,, ===,abc,=; " + "abracadabra! max-age=20;=;;"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=parser")); + SetACookie(cookieService, "http://parser.test/", + "test=parser; domain=.parser.test; max-age=0"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "http://parser.test/", + "test=\"fubar! = foo;bar\\\";\" parser; domain=.parser.test; " + "max-age=6\nfive; max-age=2.63,"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, R"(test="fubar! = foo)")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "five")); + SetACookie(cookieService, "http://parser.test/", + "test=kill; domain=.parser.test; max-age=0 \n five; max-age=0"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // test the handling of VALUE-only cookies (see bug 169091), + // i.e. "six" should assume an empty NAME, which allows other VALUE-only + // cookies to overwrite it + SetACookie(cookieService, "http://parser.test/", "six"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "six")); + SetACookie(cookieService, "http://parser.test/", "seven"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "seven")); + SetACookie(cookieService, "http://parser.test/", " =eight"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "eight")); + SetACookie(cookieService, "http://parser.test/", "test=six"); + GetACookie(cookieService, "http://parser.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=six")); + + // *** path ordering tests + + // test that cookies are returned in path order - longest to shortest. + // if the header doesn't specify a path, it's taken from the host URI. + SetACookie(cookieService, "http://multi.path.tests/", + "test1=path; path=/one/two/three"); + SetACookie(cookieService, "http://multi.path.tests/", + "test2=path; path=/one \n test3=path; path=/one/two/three/four \n " + "test4=path; path=/one/two \n test5=path; path=/one/two/"); + SetACookie(cookieService, "http://multi.path.tests/one/two/three/four/five/", + "test6=path"); + SetACookie(cookieService, + "http://multi.path.tests/one/two/three/four/five/six/", + "test7=path; path="); + SetACookie(cookieService, "http://multi.path.tests/", "test8=path; path=/"); + GetACookie(cookieService, + "http://multi.path.tests/one/two/three/four/five/six/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, + "test7=path; test6=path; test3=path; test1=path; " + "test5=path; test4=path; test2=path; test8=path")); + + // *** Cookie prefix tests + + // prefixed cookies can't be set from insecure HTTP + SetACookie(cookieService, "http://prefixed.test/", "__Secure-test1=test"); + SetACookie(cookieService, "http://prefixed.test/", + "__Secure-test2=test; secure"); + SetACookie(cookieService, "http://prefixed.test/", "__Host-test1=test"); + SetACookie(cookieService, "http://prefixed.test/", + "__Host-test2=test; secure"); + GetACookie(cookieService, "http://prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // prefixed cookies won't be set without the secure flag + SetACookie(cookieService, "https://prefixed.test/", "__Secure-test=test"); + SetACookie(cookieService, "https://prefixed.test/", "__Host-test=test"); + GetACookie(cookieService, "https://prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // prefixed cookies can be set when done correctly + SetACookie(cookieService, "https://prefixed.test/", + "__Secure-test=test; secure"); + SetACookie(cookieService, "https://prefixed.test/", + "__Host-test=test; secure"); + GetACookie(cookieService, "https://prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "__Secure-test=test")); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "__Host-test=test")); + + // but when set must not be returned to the host insecurely + GetACookie(cookieService, "http://prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // Host-prefixed cookies cannot specify a domain + SetACookie(cookieService, "https://host.prefixed.test/", + "__Host-a=test; secure; domain=prefixed.test"); + SetACookie(cookieService, "https://host.prefixed.test/", + "__Host-b=test; secure; domain=.prefixed.test"); + SetACookie(cookieService, "https://host.prefixed.test/", + "__Host-c=test; secure; domain=host.prefixed.test"); + SetACookie(cookieService, "https://host.prefixed.test/", + "__Host-d=test; secure; domain=.host.prefixed.test"); + GetACookie(cookieService, "https://host.prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // Host-prefixed cookies can only have a path of "/" + SetACookie(cookieService, "https://host.prefixed.test/some/path", + "__Host-e=test; secure"); + SetACookie(cookieService, "https://host.prefixed.test/some/path", + "__Host-f=test; secure; path=/"); + SetACookie(cookieService, "https://host.prefixed.test/some/path", + "__Host-g=test; secure; path=/some"); + GetACookie(cookieService, "https://host.prefixed.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "__Host-f=test")); + + // *** leave-secure-alone tests + + // testing items 0 & 1 for 3.1 of spec Deprecate modification of ’secure’ + // cookies from non-secure origins + SetACookie(cookieService, "http://www.security.test/", + "test=non-security; secure"); + GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + SetACookie(cookieService, "https://www.security.test/path/", + "test=security; secure; path=/path/"); + GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security")); + // testing items 2 & 3 & 4 for 3.2 of spec Deprecate modification of ’secure’ + // cookies from non-secure origins + // Secure site can modify cookie value + SetACookie(cookieService, "https://www.security.test/path/", + "test=security2; secure; path=/path/"); + GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2")); + // If new cookie contains same name, same host and partially matching path + // with an existing security cookie on non-security site, it can't modify an + // existing security cookie. + SetACookie(cookieService, "http://www.security.test/path/foo/", + "test=non-security; path=/path/foo"); + GetACookieNoHttp(cookieService, "https://www.security.test/path/foo/", + cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2")); + // Non-secure cookie can set by same name, same host and non-matching path. + SetACookie(cookieService, "http://www.security.test/bar/", + "test=non-security; path=/bar"); + GetACookieNoHttp(cookieService, "http://www.security.test/bar/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=non-security")); + // Modify value and downgrade secure level. + SetACookie( + cookieService, "https://www.security.test/", + "test_modify_cookie=security-cookie; secure; domain=.security.test"); + GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, + "test_modify_cookie=security-cookie")); + SetACookie(cookieService, "https://www.security.test/", + "test_modify_cookie=non-security-cookie; domain=.security.test"); + GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, + "test_modify_cookie=non-security-cookie")); + + // Test the non-security cookie can set when domain or path not same to secure + // cookie of same name. + SetACookie(cookieService, "https://www.security.test/", "test=security3"); + GetACookieNoHttp(cookieService, "http://www.security.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=security3")); + SetACookie(cookieService, "http://www.security.test/", + "test=non-security2; domain=security.test"); + GetACookieNoHttp(cookieService, "http://www.security.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=non-security2")); + + // *** nsICookieManager interface tests + nsCOMPtr cookieMgr = + do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv0); + ASSERT_NS_SUCCEEDED(rv0); + + const nsCOMPtr& cookieMgr2 = cookieMgr; + ASSERT_TRUE(cookieMgr2); + + mozilla::OriginAttributes attrs; + + // first, ensure a clean slate + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + // add some cookies + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative("cookiemgr.test"_ns, // domain + "/foo"_ns, // path + "test1"_ns, // name + "yes"_ns, // value + false, // is secure + false, // is httponly + true, // is session + INT64_MAX, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, + nsICookie::SCHEME_HTTPS))); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative( + "cookiemgr.test"_ns, // domain + "/foo"_ns, // path + "test2"_ns, // name + "yes"_ns, // value + false, // is secure + true, // is httponly + true, // is session + PR_Now() / PR_USEC_PER_SEC + 2, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, nsICookie::SCHEME_HTTPS))); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative("new.domain"_ns, // domain + "/rabbit"_ns, // path + "test3"_ns, // name + "yes"_ns, // value + false, // is secure + false, // is httponly + true, // is session + INT64_MAX, // expiry time + &attrs, // originAttributes + nsICookie::SAMESITE_NONE, + nsICookie::SCHEME_HTTPS))); + // confirm using enumerator + nsTArray> cookies; + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + nsCOMPtr expiredCookie, newDomainCookie; + for (const auto& cookie : cookies) { + nsAutoCString name; + cookie->GetName(name); + if (name.EqualsLiteral("test2")) { + expiredCookie = cookie; + } else if (name.EqualsLiteral("test3")) { + newDomainCookie = cookie; + } + } + EXPECT_EQ(cookies.Length(), 3ul); + // check the httpOnly attribute of the second cookie is honored + GetACookie(cookieService, "http://cookiemgr.test/foo/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test2=yes")); + GetACookieNoHttp(cookieService, "http://cookiemgr.test/foo/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test2=yes")); + // check CountCookiesFromHost() + uint32_t hostCookies = 0; + EXPECT_TRUE(NS_SUCCEEDED( + cookieMgr2->CountCookiesFromHost("cookiemgr.test"_ns, &hostCookies))); + EXPECT_EQ(hostCookies, 2u); + // check CookieExistsNative() using the third cookie + bool found; + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative( + "new.domain"_ns, "/rabbit"_ns, "test3"_ns, &attrs, &found))); + EXPECT_TRUE(found); + + // sleep four seconds, to make sure the second cookie has expired + PR_Sleep(4 * PR_TicksPerSecond()); + // check that both CountCookiesFromHost() and CookieExistsNative() count the + // expired cookie + EXPECT_TRUE(NS_SUCCEEDED( + cookieMgr2->CountCookiesFromHost("cookiemgr.test"_ns, &hostCookies))); + EXPECT_EQ(hostCookies, 2u); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative( + "cookiemgr.test"_ns, "/foo"_ns, "test2"_ns, &attrs, &found))); + EXPECT_TRUE(found); + // double-check RemoveAll() using the enumerator + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + cookies.SetLength(0); + EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)) && + cookies.IsEmpty()); + + // *** eviction and creation ordering tests + + // test that cookies are + // a) returned by order of creation time (oldest first, newest last) + // b) evicted by order of lastAccessed time, if the limit on cookies per host + // (50) is reached + nsAutoCString name; + nsAutoCString expected; + for (int32_t i = 0; i < 60; ++i) { + name = "test"_ns; + name.AppendInt(i); + name += "=creation"_ns; + SetACookie(cookieService, "http://creation.ordering.tests/", name.get()); + + if (i >= 10) { + expected += name; + if (i < 59) expected += "; "_ns; + } + } + GetACookie(cookieService, "http://creation.ordering.tests/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, expected.get())); + + cookieMgr->RemoveAll(); + + for (int32_t i = 0; i < 60; ++i) { + name = "test"_ns; + name.AppendInt(i); + name += "=delete_non_security"_ns; + + // Create 50 cookies that include the secure flag. + if (i < 50) { + name += "; secure"_ns; + SetACookie(cookieService, "https://creation.ordering.tests/", name.get()); + } else { + // non-security cookies will be removed beside the latest cookie that be + // created. + SetACookie(cookieService, "http://creation.ordering.tests/", name.get()); + } + } + GetACookie(cookieService, "http://creation.ordering.tests/", cookie); + + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + // *** SameSite attribute - parsing and cookie storage tests + // Clear the cookies + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + + // None of these cookies will be set because using + // CookieJarSettings::GetBlockingAll(). + SetACookieJarBlocked(cookieService, "http://samesite.test", "unset=yes"); + SetACookieJarBlocked(cookieService, "http://samesite.test", + "unspecified=yes; samesite"); + SetACookieJarBlocked(cookieService, "http://samesite.test", + "empty=yes; samesite="); + SetACookieJarBlocked(cookieService, "http://samesite.test", + "bogus=yes; samesite=bogus"); + SetACookieJarBlocked(cookieService, "http://samesite.test", + "strict=yes; samesite=strict"); + SetACookieJarBlocked(cookieService, "http://samesite.test", + "lax=yes; samesite=lax"); + + cookies.SetLength(0); + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + + EXPECT_TRUE(cookies.IsEmpty()); + + // Set cookies with various incantations of the samesite attribute: + // No same site attribute present + SetACookie(cookieService, "http://samesite.test", "unset=yes"); + // samesite attribute present but with no value + SetACookie(cookieService, "http://samesite.test", + "unspecified=yes; samesite"); + // samesite attribute present but with an empty value + SetACookie(cookieService, "http://samesite.test", "empty=yes; samesite="); + // samesite attribute present but with an invalid value + SetACookie(cookieService, "http://samesite.test", + "bogus=yes; samesite=bogus"); + // samesite=strict + SetACookie(cookieService, "http://samesite.test", + "strict=yes; samesite=strict"); + // samesite=lax + SetACookie(cookieService, "http://samesite.test", "lax=yes; samesite=lax"); + + cookies.SetLength(0); + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + + // check the cookies for the required samesite value + for (const auto& cookie : cookies) { + nsAutoCString name; + cookie->GetName(name); + int32_t sameSiteAttr; + cookie->GetSameSite(&sameSiteAttr); + if (name.EqualsLiteral("unset")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_NONE); + } else if (name.EqualsLiteral("unspecified")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_NONE); + } else if (name.EqualsLiteral("empty")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_NONE); + } else if (name.EqualsLiteral("bogus")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_NONE); + } else if (name.EqualsLiteral("strict")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_STRICT); + } else if (name.EqualsLiteral("lax")) { + EXPECT_TRUE(sameSiteAttr == nsICookie::SAMESITE_LAX); + } + } + + EXPECT_TRUE(cookies.Length() == 6); + + // *** SameSite attribute + // Clear the cookies + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + + // please note that the flag aForeign is always set to true using this test + // setup because no nsIChannel is passed to SetCookieString(). therefore we + // can only test that no cookies are sent for cross origin requests using + // same-site cookies. + SetACookie(cookieService, "http://www.samesite.com", + "test=sameSiteStrictVal; samesite=strict"); + GetACookie(cookieService, "http://www.notsamesite.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://www.samesite.test", + "test=sameSiteLaxVal; samesite=lax"); + GetACookie(cookieService, "http://www.notsamesite.com", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + static const char* secureURIs[] = { + "http://localhost", "http://localhost:1234", "http://127.0.0.1", + "http://127.0.0.2", "http://127.1.0.1", "http://[::1]", + // TODO bug 1220810 "http://xyzzy.localhost" + }; + + uint32_t numSecureURIs = sizeof(secureURIs) / sizeof(const char*); + for (uint32_t i = 0; i < numSecureURIs; ++i) { + SetACookie(cookieService, secureURIs[i], "test=basic; secure"); + GetACookie(cookieService, secureURIs[i], cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); + SetACookie(cookieService, secureURIs[i], "test=basic1"); + GetACookie(cookieService, secureURIs[i], cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic1")); + } + + // XXX the following are placeholders: add these tests please! + // *** "noncompliant cookie" tests + // *** IP address tests + // *** speed tests +} + +TEST(TestCookie, SameSiteLax) +{ + Preferences::SetBool("network.cookie.sameSite.laxByDefault", true); + + nsresult rv; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv); + ASSERT_NS_SUCCEEDED(rv); + + nsCOMPtr cookieMgr = + do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv); + ASSERT_NS_SUCCEEDED(rv); + + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + + SetACookie(cookieService, "http://samesite.test", "unset=yes"); + + nsTArray> cookies; + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + EXPECT_EQ(cookies.Length(), (uint64_t)1); + + Cookie* cookie = static_cast(cookies[0].get()); + EXPECT_EQ(cookie->RawSameSite(), nsICookie::SAMESITE_NONE); + EXPECT_EQ(cookie->SameSite(), nsICookie::SAMESITE_LAX); + + Preferences::SetCString("network.cookie.sameSite.laxByDefault.disabledHosts", + "foo.com,samesite.test,bar.net"); + + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + + cookies.SetLength(0); + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + EXPECT_EQ(cookies.Length(), (uint64_t)0); + + SetACookie(cookieService, "http://samesite.test", "unset=yes"); + + cookies.SetLength(0); + EXPECT_NS_SUCCEEDED(cookieMgr->GetCookies(cookies)); + EXPECT_EQ(cookies.Length(), (uint64_t)1); + + cookie = static_cast(cookies[0].get()); + EXPECT_EQ(cookie->RawSameSite(), nsICookie::SAMESITE_NONE); + EXPECT_EQ(cookie->SameSite(), nsICookie::SAMESITE_LAX); +} + +TEST(TestCookie, OnionSite) +{ + Preferences::SetBool("dom.securecontext.allowlist_onions", true); + Preferences::SetBool("network.cookie.sameSite.laxByDefault", false); + + nsresult rv; + nsCString cookie; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv); + ASSERT_NS_SUCCEEDED(rv); + + // .onion secure cookie tests + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security; secure"); + GetACookieNoHttp(cookieService, "https://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security")); + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security2; secure"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security2")); + SetACookie(cookieService, "https://123456789abcdef.onion/", + "test=onion-security3; secure"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security3")); + SetACookie(cookieService, "http://123456789abcdef.onion/", + "test=onion-security4"); + GetACookieNoHttp(cookieService, "http://123456789abcdef.onion/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=onion-security4")); +} + +TEST(TestCookie, HiddenPrefix) +{ + nsresult rv; + nsCString cookie; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv); + ASSERT_NS_SUCCEEDED(rv); + + SetACookie(cookieService, "http://hiddenprefix.test/", "=__Host-test=a"); + GetACookie(cookieService, "http://hiddenprefix.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://hiddenprefix.test/", "=__Secure-test=a"); + GetACookie(cookieService, "http://hiddenprefix.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://hiddenprefix.test/", "=__Host-check"); + GetACookie(cookieService, "http://hiddenprefix.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://hiddenprefix.test/", "=__Secure-check"); + GetACookie(cookieService, "http://hiddenprefix.test/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); +} + +TEST(TestCookie, BlockUnicode) +{ + Preferences::SetBool("network.cookie.blockUnicode", true); + + nsresult rv; + nsCString cookie; + + nsCOMPtr cookieService = + do_GetService(kCookieServiceCID, &rv); + ASSERT_NS_SUCCEEDED(rv); + + SetACookie(cookieService, "http://unicode.com/", "name=🍪"); + GetACookie(cookieService, "http://unicode.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + SetACookie(cookieService, "http://unicode.com/", "🍪=value"); + GetACookie(cookieService, "http://unicode.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); + + Preferences::SetBool("network.cookie.blockUnicode", false); + + SetACookie(cookieService, "http://unicode.com/", "name=🍪"); + GetACookie(cookieService, "http://unicode.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "name=🍪")); + + nsCOMPtr cookieMgr = + do_GetService(NS_COOKIEMANAGER_CONTRACTID); + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + + SetACookie(cookieService, "http://unicode.com/", "🍪=value"); + GetACookie(cookieService, "http://unicode.com/", cookie); + EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "🍪=value")); + + EXPECT_NS_SUCCEEDED(cookieMgr->RemoveAll()); + Preferences::ClearUser("network.cookie.blockUnicode"); +} diff --git a/netwerk/test/gtest/TestDNSPacket.cpp b/netwerk/test/gtest/TestDNSPacket.cpp new file mode 100644 index 0000000000..49530b80e0 --- /dev/null +++ b/netwerk/test/gtest/TestDNSPacket.cpp @@ -0,0 +1,69 @@ +#include "gtest/gtest.h" + +#include "mozilla/net/DNSPacket.h" +#include "mozilla/Preferences.h" + +using namespace mozilla; +using namespace mozilla::net; + +void AssertDnsPadding(uint32_t PaddingLength, unsigned int WithPadding, + unsigned int WithoutPadding, bool DisableEcn, + const nsCString& host) { + DNSPacket encoder; + nsCString buf; + + ASSERT_EQ(Preferences::SetUint("network.trr.padding.length", PaddingLength), + NS_OK); + + ASSERT_EQ(Preferences::SetBool("network.trr.padding", true), NS_OK); + ASSERT_EQ(encoder.EncodeRequest(buf, host, 1, DisableEcn), NS_OK); + ASSERT_EQ(buf.Length(), WithPadding); + + ASSERT_EQ(Preferences::SetBool("network.trr.padding", false), NS_OK); + ASSERT_EQ(encoder.EncodeRequest(buf, host, 1, DisableEcn), NS_OK); + ASSERT_EQ(buf.Length(), WithoutPadding); +} + +TEST(TestDNSPacket, PaddingLenEcn) +{ + AssertDnsPadding(16, 48, 41, true, "a.de"_ns); + AssertDnsPadding(16, 48, 42, true, "ab.de"_ns); + AssertDnsPadding(16, 48, 43, true, "abc.de"_ns); + AssertDnsPadding(16, 48, 44, true, "abcd.de"_ns); + AssertDnsPadding(16, 64, 45, true, "abcde.de"_ns); + AssertDnsPadding(16, 64, 46, true, "abcdef.de"_ns); + AssertDnsPadding(16, 64, 47, true, "abcdefg.de"_ns); + AssertDnsPadding(16, 64, 48, true, "abcdefgh.de"_ns); +} + +TEST(TestDNSPacket, PaddingLenDisableEcn) +{ + AssertDnsPadding(16, 48, 22, false, "a.de"_ns); + AssertDnsPadding(16, 48, 23, false, "ab.de"_ns); + AssertDnsPadding(16, 48, 24, false, "abc.de"_ns); + AssertDnsPadding(16, 48, 25, false, "abcd.de"_ns); + AssertDnsPadding(16, 48, 26, false, "abcde.de"_ns); + AssertDnsPadding(16, 48, 27, false, "abcdef.de"_ns); + AssertDnsPadding(16, 48, 32, false, "abcdefghijk.de"_ns); + AssertDnsPadding(16, 48, 33, false, "abcdefghijkl.de"_ns); + AssertDnsPadding(16, 64, 34, false, "abcdefghijklm.de"_ns); + AssertDnsPadding(16, 64, 35, false, "abcdefghijklmn.de"_ns); +} + +TEST(TestDNSPacket, PaddingLengths) +{ + AssertDnsPadding(0, 45, 41, true, "a.de"_ns); + AssertDnsPadding(1, 45, 41, true, "a.de"_ns); + AssertDnsPadding(2, 46, 41, true, "a.de"_ns); + AssertDnsPadding(3, 45, 41, true, "a.de"_ns); + AssertDnsPadding(4, 48, 41, true, "a.de"_ns); + AssertDnsPadding(16, 48, 41, true, "a.de"_ns); + AssertDnsPadding(32, 64, 41, true, "a.de"_ns); + AssertDnsPadding(42, 84, 41, true, "a.de"_ns); + AssertDnsPadding(52, 52, 41, true, "a.de"_ns); + AssertDnsPadding(80, 80, 41, true, "a.de"_ns); + AssertDnsPadding(128, 128, 41, true, "a.de"_ns); + AssertDnsPadding(256, 256, 41, true, "a.de"_ns); + AssertDnsPadding(1024, 1024, 41, true, "a.de"_ns); + AssertDnsPadding(1025, 1024, 41, true, "a.de"_ns); +} diff --git a/netwerk/test/gtest/TestHeaders.cpp b/netwerk/test/gtest/TestHeaders.cpp new file mode 100644 index 0000000000..0da6b06c70 --- /dev/null +++ b/netwerk/test/gtest/TestHeaders.cpp @@ -0,0 +1,29 @@ +#include "gtest/gtest.h" + +#include "nsHttpHeaderArray.h" + +TEST(TestHeaders, DuplicateHSTS) +{ + // When the Strict-Transport-Security header is sent multiple times, its + // effective value is the value of the first item. It is not merged as other + // headers are. + mozilla::net::nsHttpHeaderArray headers; + nsresult rv = headers.SetHeaderFromNet( + mozilla::net::nsHttp::Strict_Transport_Security, + "Strict_Transport_Security"_ns, "max-age=360"_ns, true); + ASSERT_EQ(rv, NS_OK); + + nsAutoCString h; + rv = headers.GetHeader(mozilla::net::nsHttp::Strict_Transport_Security, h); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(h.get(), "max-age=360"); + + rv = headers.SetHeaderFromNet(mozilla::net::nsHttp::Strict_Transport_Security, + "Strict_Transport_Security"_ns, + "max-age=720"_ns, true); + ASSERT_EQ(rv, NS_OK); + + rv = headers.GetHeader(mozilla::net::nsHttp::Strict_Transport_Security, h); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(h.get(), "max-age=360"); +} diff --git a/netwerk/test/gtest/TestHttpAtom.cpp b/netwerk/test/gtest/TestHttpAtom.cpp new file mode 100644 index 0000000000..917210a2c4 --- /dev/null +++ b/netwerk/test/gtest/TestHttpAtom.cpp @@ -0,0 +1,39 @@ +#include "gtest/gtest.h" + +#include "nsHttp.h" + +TEST(TestHttpAtom, AtomComparison) +{ + mozilla::net::nsHttpAtom atom(mozilla::net::nsHttp::Host); + mozilla::net::nsHttpAtom same_atom(mozilla::net::nsHttp::Host); + mozilla::net::nsHttpAtom different_atom(mozilla::net::nsHttp::Accept); + + ASSERT_EQ(atom, atom); + ASSERT_EQ(atom, mozilla::net::nsHttp::Host); + ASSERT_EQ(mozilla::net::nsHttp::Host, atom); + ASSERT_EQ(atom, same_atom); + ASSERT_EQ(atom.get(), same_atom.get()); + ASSERT_EQ(atom.get(), mozilla::net::nsHttp::Host.get()); + + ASSERT_NE(atom, different_atom); + ASSERT_NE(atom.get(), different_atom.get()); +} + +TEST(TestHttpAtom, LiteralComparison) +{ + ASSERT_EQ(mozilla::net::nsHttp::Host, mozilla::net::nsHttp::Host); + ASSERT_NE(mozilla::net::nsHttp::Host, mozilla::net::nsHttp::Accept); + + ASSERT_EQ(mozilla::net::nsHttp::Host.get(), mozilla::net::nsHttp::Host.get()); + ASSERT_NE(mozilla::net::nsHttp::Host.get(), + mozilla::net::nsHttp::Accept.get()); +} + +TEST(TestHttpAtom, Validity) +{ + mozilla::net::nsHttpAtom atom(mozilla::net::nsHttp::Host); + ASSERT_TRUE(atom); + + mozilla::net::nsHttpAtom atom_empty; + ASSERT_FALSE(atom_empty); +} diff --git a/netwerk/test/gtest/TestHttpAuthUtils.cpp b/netwerk/test/gtest/TestHttpAuthUtils.cpp new file mode 100644 index 0000000000..78fb40d4d0 --- /dev/null +++ b/netwerk/test/gtest/TestHttpAuthUtils.cpp @@ -0,0 +1,43 @@ +#include "gtest/gtest.h" + +#include "mozilla/net/HttpAuthUtils.h" +#include "mozilla/Preferences.h" +#include "nsNetUtil.h" + +namespace mozilla { +namespace net { + +#define TEST_PREF "network.http_test.auth_utils" + +TEST(TestHttpAuthUtils, Bug1351301) +{ + nsCOMPtr url; + nsAutoCString spec; + + ASSERT_EQ(Preferences::SetCString(TEST_PREF, "bar.com"), NS_OK); + spec = "http://bar.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(auth::URIMatchesPrefPattern(url, TEST_PREF), true); + + spec = "http://foo.bar.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(auth::URIMatchesPrefPattern(url, TEST_PREF), true); + + spec = "http://foobar.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(auth::URIMatchesPrefPattern(url, TEST_PREF), false); + + ASSERT_EQ(Preferences::SetCString(TEST_PREF, ".bar.com"), NS_OK); + spec = "http://foo.bar.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(auth::URIMatchesPrefPattern(url, TEST_PREF), true); + + spec = "http://bar.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(auth::URIMatchesPrefPattern(url, TEST_PREF), false); + + ASSERT_EQ(Preferences::ClearUser(TEST_PREF), NS_OK); +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestHttpChannel.cpp b/netwerk/test/gtest/TestHttpChannel.cpp new file mode 100644 index 0000000000..10ef744bb4 --- /dev/null +++ b/netwerk/test/gtest/TestHttpChannel.cpp @@ -0,0 +1,135 @@ +#include "gtest/gtest.h" + +#include "nsCOMPtr.h" +#include "mozilla/Maybe.h" +#include "mozilla/PreloadHashKey.h" +#include "mozilla/SpinEventLoopUntil.h" +#include "nsNetUtil.h" +#include "nsIChannel.h" +#include "nsIStreamListener.h" +#include "nsThreadUtils.h" +#include "nsStringStream.h" +#include "nsIPrivateBrowsingChannel.h" +#include "nsIInterfaceRequestor.h" +#include "nsContentUtils.h" + +using namespace mozilla; + +class FakeListener : public nsIStreamListener, public nsIInterfaceRequestor { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIREQUESTOBSERVER + NS_DECL_NSISTREAMLISTENER + NS_DECL_NSIINTERFACEREQUESTOR + + enum { Never, OnStart, OnData, OnStop } mCancelIn = Never; + + nsresult mOnStartResult = NS_OK; + nsresult mOnDataResult = NS_OK; + nsresult mOnStopResult = NS_OK; + + bool mOnStart = false; + nsCString mOnData; + Maybe mOnStop; + + private: + virtual ~FakeListener() = default; +}; + +NS_IMPL_ISUPPORTS(FakeListener, nsIStreamListener, nsIRequestObserver, + nsIInterfaceRequestor) + +NS_IMETHODIMP +FakeListener::GetInterface(const nsIID& aIID, void** aResult) { + NS_ENSURE_ARG_POINTER(aResult); + *aResult = nullptr; + return NS_NOINTERFACE; +} + +NS_IMETHODIMP FakeListener::OnStartRequest(nsIRequest* request) { + EXPECT_FALSE(mOnStart); + mOnStart = true; + + if (mCancelIn == OnStart) { + request->Cancel(NS_ERROR_ABORT); + } + + return mOnStartResult; +} + +NS_IMETHODIMP FakeListener::OnDataAvailable(nsIRequest* request, + nsIInputStream* input, + uint64_t offset, uint32_t count) { + nsAutoCString data; + data.SetLength(count); + + uint32_t read; + input->Read(data.BeginWriting(), count, &read); + mOnData += data; + + if (mCancelIn == OnData) { + request->Cancel(NS_ERROR_ABORT); + } + + return mOnDataResult; +} + +NS_IMETHODIMP FakeListener::OnStopRequest(nsIRequest* request, + nsresult status) { + EXPECT_FALSE(mOnStop); + mOnStop.emplace(status); + + if (mCancelIn == OnStop) { + request->Cancel(NS_ERROR_ABORT); + } + + return mOnStopResult; +} + +// Test that nsHttpChannel::AsyncOpen properly picks up changes to +// loadInfo.mPrivateBrowsingId that occur after the channel was created. +TEST(TestHttpChannel, PBAsyncOpen) +{ + nsCOMPtr uri; + NS_NewURI(getter_AddRefs(uri), "http://localhost/"_ns); + + nsCOMPtr channel; + nsresult rv = NS_NewChannel( + getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(), + nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL, + nsIContentPolicy::TYPE_OTHER); + ASSERT_EQ(rv, NS_OK); + + RefPtr listener = new FakeListener(); + rv = channel->SetNotificationCallbacks(listener); + ASSERT_EQ(rv, NS_OK); + + nsCOMPtr pbchannel = do_QueryInterface(channel); + ASSERT_TRUE(pbchannel); + + bool isPrivate = false; + rv = pbchannel->GetIsChannelPrivate(&isPrivate); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(isPrivate, false); + + nsCOMPtr loadInfo = channel->LoadInfo(); + OriginAttributes attrs; + attrs.mPrivateBrowsingId = 1; + rv = loadInfo->SetOriginAttributes(attrs); + ASSERT_EQ(rv, NS_OK); + + rv = pbchannel->GetIsChannelPrivate(&isPrivate); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(isPrivate, false); + + rv = channel->AsyncOpen(listener); + ASSERT_EQ(rv, NS_OK); + + rv = pbchannel->GetIsChannelPrivate(&isPrivate); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(isPrivate, true); + + MOZ_ALWAYS_TRUE(mozilla::SpinEventLoopUntil( + "TEST(TestHttpChannel, PBAsyncOpen)"_ns, + [&]() -> bool { return listener->mOnStop.isSome(); })); +} diff --git a/netwerk/test/gtest/TestHttpResponseHead.cpp b/netwerk/test/gtest/TestHttpResponseHead.cpp new file mode 100644 index 0000000000..643489d496 --- /dev/null +++ b/netwerk/test/gtest/TestHttpResponseHead.cpp @@ -0,0 +1,183 @@ +#include "gtest/gtest.h" + +#include "chrome/common/ipc_message.h" +#include "mozilla/net/PHttpChannelParams.h" +#include "mozilla/Unused.h" +#include "nsHttp.h" +#include "nsIPrefBranch.h" +#include "nsIPrefService.h" +#include "nsURLHelper.h" + +namespace mozilla { +namespace net { + +void AssertRoundTrips(const nsHttpResponseHead& aHead) { + { + // Assert it round-trips via IPC. + UniquePtr msg(new IPC::Message(MSG_ROUTING_NONE, 0)); + IPC::MessageWriter writer(*msg); + IPC::ParamTraits::Write(&writer, aHead); + + nsHttpResponseHead deserializedHead; + IPC::MessageReader reader(*msg); + bool res = IPC::ParamTraits::Read( + &reader, &deserializedHead); + ASSERT_TRUE(res); + ASSERT_EQ(aHead, deserializedHead); + } + + { + // Assert it round-trips through copy-ctor. + nsHttpResponseHead copied(aHead); + ASSERT_EQ(aHead, copied); + } + + { + // Assert it round-trips through operator= + nsHttpResponseHead copied; + copied = aHead; + // It is important that the below statement cannot be + // ASSERT_EQ(aHead, copied) to avoid potential lock-order inversion problem. + // See Bug 1829445 for more details + ASSERT_EQ(copied, aHead); + } +} + +TEST(TestHttpResponseHead, Bug1636930) +{ + nsHttpResponseHead head; + + Unused << head.ParseStatusLine("HTTP/1.1 200 OK"_ns); + Unused << head.ParseHeaderLine("content-type: text/plain"_ns); + Unused << head.ParseHeaderLine("etag: Just testing"_ns); + Unused << head.ParseHeaderLine("cache-control: max-age=99999"_ns); + Unused << head.ParseHeaderLine("accept-ranges: bytes"_ns); + Unused << head.ParseHeaderLine("content-length: 1408"_ns); + Unused << head.ParseHeaderLine("connection: close"_ns); + Unused << head.ParseHeaderLine("server: httpd.js"_ns); + Unused << head.ParseHeaderLine("date: Tue, 12 May 2020 09:24:23 GMT"_ns); + + AssertRoundTrips(head); +} + +TEST(TestHttpResponseHead, bug1649807) +{ + nsHttpResponseHead head; + + Unused << head.ParseStatusLine("HTTP/1.1 200 OK"_ns); + Unused << head.ParseHeaderLine("content-type: text/plain"_ns); + Unused << head.ParseHeaderLine("etag: Just testing"_ns); + Unused << head.ParseHeaderLine("cache-control: age=99999"_ns); + Unused << head.ParseHeaderLine("accept-ranges: bytes"_ns); + Unused << head.ParseHeaderLine("content-length: 1408"_ns); + Unused << head.ParseHeaderLine("connection: close"_ns); + Unused << head.ParseHeaderLine("server: httpd.js"_ns); + Unused << head.ParseHeaderLine("pragma: no-cache"_ns); + Unused << head.ParseHeaderLine("date: Tue, 12 May 2020 09:24:23 GMT"_ns); + + ASSERT_FALSE(head.NoCache()) + << "Cache-Control wins over Pragma: no-cache"; + AssertRoundTrips(head); +} + +TEST(TestHttpResponseHead, bug1660200) +{ + nsHttpResponseHead head; + + Unused << head.ParseStatusLine("HTTP/1.1 200 OK"_ns); + Unused << head.ParseHeaderLine("content-type: text/plain"_ns); + Unused << head.ParseHeaderLine("etag: Just testing"_ns); + Unused << head.ParseHeaderLine("cache-control: no-cache"_ns); + Unused << head.ParseHeaderLine("accept-ranges: bytes"_ns); + Unused << head.ParseHeaderLine("content-length: 1408"_ns); + Unused << head.ParseHeaderLine("connection: close"_ns); + Unused << head.ParseHeaderLine("server: httpd.js"_ns); + Unused << head.ParseHeaderLine("date: Tue, 12 May 2020 09:24:23 GMT"_ns); + + AssertRoundTrips(head); +} + +TEST(TestHttpResponseHead, bug1687903) +{ + nsHttpResponseHead head; + + bool usingStrictParsing = false; + nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); + if (prefs) { + prefs->GetBoolPref("network.http.strict_response_status_line_parsing", + &usingStrictParsing); + } + + nsresult expectation = + usingStrictParsing ? NS_ERROR_PARSING_HTTP_STATUS_LINE : NS_OK; + + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 "_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 BLAH"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 1000 BOO"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 0200 BOO"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 60200 200"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 131072 HIOK"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 -200 OK"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 0x9 OK"_ns)); + ASSERT_EQ(expectation, head.ParseStatusLine("HTTP/1.1 C8 OK"_ns)); +} + +TEST(TestHttpResponseHead, atoms) +{ + // Test that the resolving the content-type atom returns the initial static + ASSERT_EQ(nsHttp::Content_Type, nsHttp::ResolveAtom("content-type"_ns)); + // Check that they're case insensitive + ASSERT_EQ(nsHttp::ResolveAtom("Content-Type"_ns), + nsHttp::ResolveAtom("content-type"_ns)); + // This string literal should be the backing of the atom when resolved first + auto header1 = "CustomHeaderXXX1"_ns; + auto atom1 = nsHttp::ResolveAtom(header1); + auto header2 = "customheaderxxx1"_ns; + auto atom2 = nsHttp::ResolveAtom(header2); + ASSERT_EQ(atom1, atom2); + ASSERT_EQ(atom1.get(), atom2.get()); + // Check that we get the expected pointer back. + ASSERT_EQ(atom2.get(), header1.BeginReading()); +} + +TEST(ContentTypeParsing, CommentHandling1) +{ + bool dummy; + const nsAutoCString val("text/html;charset=gbk("); + nsCString contentType; + nsCString contentCharset; + + net_ParseContentType(val, contentType, contentCharset, &dummy); + + ASSERT_TRUE(contentType.EqualsLiteral("text/html")); + ASSERT_TRUE(contentCharset.EqualsLiteral("gbk(")); +} + +TEST(ContentTypeParsing, CommentHandling2) +{ + bool dummy; + const nsAutoCString val("text/html;x=(;charset=gbk"); + nsCString contentType; + nsCString contentCharset; + + net_ParseContentType(val, contentType, contentCharset, &dummy); + + ASSERT_TRUE(contentType.EqualsLiteral("text/html")); + ASSERT_TRUE(contentCharset.EqualsLiteral("gbk")); +} + +TEST(ContentTypeParsing, CommentHandling3) +{ + bool dummy; + const nsAutoCString val("text/html;test=test;(;charset=gbk"); + nsCString contentType; + nsCString contentCharset; + + net_ParseContentType(val, contentType, contentCharset, &dummy); + + ASSERT_TRUE(contentType.EqualsLiteral("text/html")); + ASSERT_TRUE(contentCharset.EqualsLiteral("gbk")); +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestInputStreamTransport.cpp b/netwerk/test/gtest/TestInputStreamTransport.cpp new file mode 100644 index 0000000000..43df0e193a --- /dev/null +++ b/netwerk/test/gtest/TestInputStreamTransport.cpp @@ -0,0 +1,204 @@ +#include "gtest/gtest.h" + +#include "nsIStreamTransportService.h" +#include "nsStreamUtils.h" +#include "nsThreadUtils.h" +#include "Helpers.h" +#include "nsNetCID.h" +#include "nsServiceManagerUtils.h" +#include "nsITransport.h" +#include "nsNetUtil.h" + +static NS_DEFINE_CID(kStreamTransportServiceCID, NS_STREAMTRANSPORTSERVICE_CID); + +void CreateStream(already_AddRefed aSource, + nsIAsyncInputStream** aStream) { + nsCOMPtr source = std::move(aSource); + + nsresult rv; + nsCOMPtr sts = + do_GetService(kStreamTransportServiceCID, &rv); + ASSERT_EQ(NS_OK, rv); + + nsCOMPtr transport; + rv = sts->CreateInputTransport(source, true, getter_AddRefs(transport)); + ASSERT_EQ(NS_OK, rv); + + nsCOMPtr wrapper; + rv = transport->OpenInputStream(0, 0, 0, getter_AddRefs(wrapper)); + ASSERT_EQ(NS_OK, rv); + + nsCOMPtr asyncStream = do_QueryInterface(wrapper); + MOZ_ASSERT(asyncStream); + + asyncStream.forget(aStream); +} + +class BlockingSyncStream final : public nsIInputStream { + nsCOMPtr mStream; + + public: + NS_DECL_THREADSAFE_ISUPPORTS + + explicit BlockingSyncStream(const nsACString& aBuffer) { + NS_NewCStringInputStream(getter_AddRefs(mStream), aBuffer); + } + + NS_IMETHOD + Available(uint64_t* aLength) override { return mStream->Available(aLength); } + + NS_IMETHOD + StreamStatus() override { return mStream->StreamStatus(); } + + NS_IMETHOD + Read(char* aBuffer, uint32_t aCount, uint32_t* aReadCount) override { + return mStream->Read(aBuffer, aCount, aReadCount); + } + + NS_IMETHOD + ReadSegments(nsWriteSegmentFun aWriter, void* aClosure, uint32_t aCount, + uint32_t* aResult) override { + return mStream->ReadSegments(aWriter, aClosure, aCount, aResult); + } + + NS_IMETHOD + Close() override { return mStream->Close(); } + + NS_IMETHOD + IsNonBlocking(bool* aNonBlocking) override { + *aNonBlocking = false; + return NS_OK; + } + + private: + ~BlockingSyncStream() = default; +}; + +NS_IMPL_ISUPPORTS(BlockingSyncStream, nsIInputStream) + +// Testing a simple blocking stream. +TEST(TestInputStreamTransport, BlockingNotAsync) +{ + RefPtr stream = new BlockingSyncStream("Hello world"_ns); + + nsCOMPtr ais; + CreateStream(stream.forget(), getter_AddRefs(ais)); + ASSERT_TRUE(!!ais); + + nsAutoCString data; + nsresult rv = NS_ReadInputStreamToString(ais, data, -1); + ASSERT_EQ(NS_OK, rv); + + ASSERT_TRUE(data.EqualsLiteral("Hello world")); +} + +class BlockingAsyncStream final : public nsIAsyncInputStream { + nsCOMPtr mStream; + bool mPending; + + public: + NS_DECL_THREADSAFE_ISUPPORTS + + explicit BlockingAsyncStream(const nsACString& aBuffer) : mPending(false) { + NS_NewCStringInputStream(getter_AddRefs(mStream), aBuffer); + } + + NS_IMETHOD + Available(uint64_t* aLength) override { + mStream->Available(aLength); + + // 1 char at the time, just to test the asyncWait+Read loop a bit more. + if (*aLength > 0) { + *aLength = 1; + } + + return NS_OK; + } + + NS_IMETHOD + StreamStatus() override { return mStream->StreamStatus(); } + + NS_IMETHOD + Read(char* aBuffer, uint32_t aCount, uint32_t* aReadCount) override { + mPending = !mPending; + if (mPending) { + return NS_BASE_STREAM_WOULD_BLOCK; + } + + // 1 char at the time, just to test the asyncWait+Read loop a bit more. + aCount = 1; + + return mStream->Read(aBuffer, aCount, aReadCount); + } + + NS_IMETHOD + ReadSegments(nsWriteSegmentFun aWriter, void* aClosure, uint32_t aCount, + uint32_t* aResult) override { + mPending = !mPending; + if (mPending) { + return NS_BASE_STREAM_WOULD_BLOCK; + } + + // 1 char at the time, just to test the asyncWait+Read loop a bit more. + aCount = 1; + + return mStream->ReadSegments(aWriter, aClosure, aCount, aResult); + } + + NS_IMETHOD + Close() override { return mStream->Close(); } + + NS_IMETHOD + IsNonBlocking(bool* aNonBlocking) override { + *aNonBlocking = false; + return NS_OK; + } + + NS_IMETHOD + CloseWithStatus(nsresult aStatus) override { return Close(); } + + NS_IMETHOD + AsyncWait(nsIInputStreamCallback* aCallback, uint32_t aFlags, + uint32_t aRequestedCount, nsIEventTarget* aEventTarget) override { + if (!aCallback) { + return NS_OK; + } + + RefPtr self = this; + nsCOMPtr callback = aCallback; + + nsCOMPtr r = NS_NewRunnableFunction( + "gtest-asyncwait", + [self, callback]() { callback->OnInputStreamReady(self); }); + + if (aEventTarget) { + aEventTarget->Dispatch(r.forget()); + } else { + r->Run(); + } + + return NS_OK; + } + + private: + ~BlockingAsyncStream() = default; +}; + +NS_IMPL_ISUPPORTS(BlockingAsyncStream, nsIInputStream, nsIAsyncInputStream) + +// Testing an async blocking stream. +TEST(TestInputStreamTransport, BlockingAsync) +{ + RefPtr stream = + new BlockingAsyncStream("Hello world"_ns); + + nsCOMPtr ais; + CreateStream(stream.forget(), getter_AddRefs(ais)); + ASSERT_TRUE(!!ais); + + nsAutoCString data; + nsresult rv = NS_ReadInputStreamToString(ais, data, -1); + ASSERT_EQ(NS_OK, rv); + + ASSERT_TRUE(data.EqualsLiteral("Hello world")); +} diff --git a/netwerk/test/gtest/TestIsValidIp.cpp b/netwerk/test/gtest/TestIsValidIp.cpp new file mode 100644 index 0000000000..dfee8c5c0f --- /dev/null +++ b/netwerk/test/gtest/TestIsValidIp.cpp @@ -0,0 +1,178 @@ +#include "gtest/MozGTestBench.h" // For MOZ_GTEST_BENCH +#include "gtest/gtest.h" + +#include "nsURLHelper.h" + +TEST(TestIsValidIp, IPV4Localhost) +{ + constexpr auto ip = "127.0.0.1"_ns; + ASSERT_EQ(true, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4Only0) +{ + constexpr auto ip = "0.0.0.0"_ns; + ASSERT_EQ(true, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4Max) +{ + constexpr auto ip = "255.255.255.255"_ns; + ASSERT_EQ(true, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4LeadingZero) +{ + constexpr auto ip = "055.225.255.255"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip)); + + constexpr auto ip2 = "255.055.255.255"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip2)); + + constexpr auto ip3 = "255.255.055.255"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip3)); + + constexpr auto ip4 = "255.255.255.055"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip4)); +} + +TEST(TestIsValidIp, IPV4StartWithADot) +{ + constexpr auto ip = ".192.168.120.197"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4StartWith4Digits) +{ + constexpr auto ip = "1927.168.120.197"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4OutOfRange) +{ + constexpr auto invalid1 = "421.168.120.124"_ns; + constexpr auto invalid2 = "192.997.120.124"_ns; + constexpr auto invalid3 = "192.168.300.124"_ns; + constexpr auto invalid4 = "192.168.120.256"_ns; + + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid1)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid2)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid3)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid4)); +} + +TEST(TestIsValidIp, IPV4EmptyDigits) +{ + constexpr auto invalid1 = "..0.0.0"_ns; + constexpr auto invalid2 = "127..0.0"_ns; + constexpr auto invalid3 = "127.0..0"_ns; + constexpr auto invalid4 = "127.0.0."_ns; + + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid1)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid2)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid3)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid4)); +} + +TEST(TestIsValidIp, IPV4NonNumeric) +{ + constexpr auto invalid1 = "127.0.0.f"_ns; + constexpr auto invalid2 = "127.0.0.!"_ns; + constexpr auto invalid3 = "127#0.0.1"_ns; + + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid1)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid2)); + ASSERT_EQ(false, net_IsValidIPv4Addr(invalid3)); +} + +TEST(TestIsValidIp, IPV4TooManyDigits) +{ + constexpr auto ip = "127.0.0.1.2"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV4TooFewDigits) +{ + constexpr auto ip = "127.0.1"_ns; + ASSERT_EQ(false, net_IsValidIPv4Addr(ip)); +} + +TEST(TestIsValidIp, IPV6WithIPV4Inside) +{ + constexpr auto ipv6 = "0123:4567:89ab:cdef:0123:4567:127.0.0.1"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPv6FullForm) +{ + constexpr auto ipv6 = "0123:4567:89ab:cdef:0123:4567:890a:bcde"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPv6TrimLeading0) +{ + constexpr auto ipv6 = "123:4567:0:0:123:4567:890a:bcde"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPv6Collapsed) +{ + constexpr auto ipv6 = "FF01::101"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6WithIPV4InsideCollapsed) +{ + constexpr auto ipv6 = "::FFFF:129.144.52.38"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6Localhost) +{ + constexpr auto ipv6 = "::1"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6LinkLocalPrefix) +{ + constexpr auto ipv6 = "fe80::"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6GlobalUnicastPrefix) +{ + constexpr auto ipv6 = "2001::"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6Unspecified) +{ + constexpr auto ipv6 = "::"_ns; + ASSERT_EQ(true, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6InvalidIPV4Inside) +{ + constexpr auto ipv6 = "0123:4567:89ab:cdef:0123:4567:127.0."_ns; + ASSERT_EQ(false, net_IsValidIPv6Addr(ipv6)); +} + +TEST(TestIsValidIp, IPV6InvalidCharacters) +{ + constexpr auto ipv6 = "012g:4567:89ab:cdef:0123:4567:127.0.0.1"_ns; + ASSERT_EQ(false, net_IsValidIPv6Addr(ipv6)); + + constexpr auto ipv6pound = "0123:456#:89ab:cdef:0123:4567:127.0.0.1"_ns; + ASSERT_EQ(false, net_IsValidIPv6Addr(ipv6pound)); +} + +TEST(TestIsValidIp, IPV6TooManyCharacters) +{ + constexpr auto ipv6 = "0123:45671:89ab:cdef:0123:4567:127.0.0.1"_ns; + ASSERT_EQ(false, net_IsValidIPv6Addr(ipv6)); +} +TEST(TestIsValidIp, IPV6DoubleDoubleDots) +{ + constexpr auto ipv6 = "0123::4567:890a::bcde:0123:4567"_ns; + ASSERT_EQ(false, net_IsValidIPv6Addr(ipv6)); +} diff --git a/netwerk/test/gtest/TestLinkHeader.cpp b/netwerk/test/gtest/TestLinkHeader.cpp new file mode 100644 index 0000000000..4da7002f87 --- /dev/null +++ b/netwerk/test/gtest/TestLinkHeader.cpp @@ -0,0 +1,356 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include + +#include "gtest/gtest-param-test.h" +#include "gtest/gtest.h" + +#include "mozilla/gtest/MozAssertions.h" +#include "nsNetUtil.h" + +using namespace mozilla::net; + +LinkHeader LinkHeaderSetAll(nsAString const& v) { + LinkHeader l; + l.mHref = v; + l.mRel = v; + l.mTitle = v; + l.mIntegrity = v; + l.mSrcset = v; + l.mSizes = v; + l.mType = v; + l.mMedia = v; + l.mAnchor = v; + l.mCrossOrigin = v; + l.mReferrerPolicy = v; + l.mAs = v; + l.mFetchPriority = v; + return l; +} + +LinkHeader LinkHeaderSetTitle(nsAString const& v) { + LinkHeader l; + l.mHref = v; + l.mRel = v; + l.mTitle = v; + return l; +} + +LinkHeader LinkHeaderSetMinimum(nsAString const& v) { + LinkHeader l; + l.mHref = v; + l.mRel = v; + return l; +} + +void PrintTo(const nsTArray& aLinkHeaders, std::ostream* aOs) { + bool first = true; + for (const auto& header : aLinkHeaders) { + if (!first) { + *aOs << ", "; + } + first = false; + + *aOs << "(mHref=" << header.mHref << ", " + << "mRel=" << header.mRel << ", " + << "mTitle=" << header.mTitle << ", " + << "mNonce=" << header.mNonce << ", " + << "mIntegrity=" << header.mIntegrity << ", " + << "mSrcset=" << header.mSrcset << ", " + << "mSizes=" << header.mSizes << ", " + << "mType=" << header.mType << ", " + << "mMedia=" << header.mMedia << ", " + << "mAnchor=" << header.mAnchor << ", " + << "mCrossOrigin=" << header.mCrossOrigin << ", " + << "mReferrerPolicy=" << header.mReferrerPolicy << ", " + << "mAs=" << header.mAs << ", " + << "mFetchPriority=" << header.mFetchPriority << ")"; + } +} + +TEST(TestLinkHeader, MultipleLinkHeaders) +{ + nsString link = + u"; rel=a; title=a; integrity=a; imagesrcset=a; imagesizes=a; type=a; media=a; anchor=a; crossorigin=a; referrerpolicy=a; as=a; fetchpriority=a,"_ns + u"; rel=b; title=b; integrity=b; imagesrcset=b; imagesizes=b; type=b; media=b; anchor=b; crossorigin=b; referrerpolicy=b; as=b; fetchpriority=b,"_ns + u"; rel=c"_ns; + + nsTArray linkHeaders = ParseLinkHeader(link); + + nsTArray expected; + expected.AppendElement(LinkHeaderSetAll(u"a"_ns)); + expected.AppendElement(LinkHeaderSetAll(u"b"_ns)); + expected.AppendElement(LinkHeaderSetMinimum(u"c"_ns)); + + ASSERT_EQ(linkHeaders, expected); +} + +// title* has to be tested separately +TEST(TestLinkHeader, MultipleLinkHeadersTitleStar) +{ + nsString link = + u"; rel=d; title*=UTF-8'de'd,"_ns + u"; rel=e; title*=UTF-8'de'e; title=g,"_ns + u"; rel=f"_ns; + + nsTArray linkHeaders = ParseLinkHeader(link); + + nsTArray expected; + expected.AppendElement(LinkHeaderSetTitle(u"d"_ns)); + expected.AppendElement(LinkHeaderSetTitle(u"e"_ns)); + expected.AppendElement(LinkHeaderSetMinimum(u"f"_ns)); + + ASSERT_EQ(linkHeaders, expected); +} + +struct SimpleParseTestData { + nsString link; + bool valid; + nsString url; + nsString rel; + nsString as; + nsString fetchpriority; + + friend void PrintTo(const SimpleParseTestData& aData, std::ostream* aOs) { + *aOs << "link=" << aData.link << ", valid=" << aData.valid + << ", url=" << aData.url << ", rel=" << aData.rel + << ", as=" << aData.as << ", fetchpriority=" << aData.fetchpriority + << ")"; + } +}; + +class SimpleParseTest : public ::testing::TestWithParam {}; + +TEST_P(SimpleParseTest, Simple) { + const SimpleParseTestData test = GetParam(); + + nsTArray linkHeaders = ParseLinkHeader(test.link); + + EXPECT_EQ(test.valid, !linkHeaders.IsEmpty()); + if (test.valid) { + ASSERT_EQ(linkHeaders.Length(), (nsTArray::size_type)1); + EXPECT_EQ(test.url, linkHeaders[0].mHref); + EXPECT_EQ(test.rel, linkHeaders[0].mRel); + EXPECT_EQ(test.as, linkHeaders[0].mAs); + EXPECT_EQ(test.fetchpriority, linkHeaders[0].mFetchPriority); + } +} + +// Some test data copied and adapted from +// https://source.chromium.org/chromium/chromium/src/+/main:components/link_header_util/link_header_util_unittest.cc +// the different behavior of the parser is commented above each test case. +const SimpleParseTestData simple_parse_tests[] = { + {u"; rel=stylesheet; fetchpriority=\"auto\""_ns, true, u"s.css"_ns, + u"stylesheet"_ns, u""_ns, u"auto"_ns}, + {u"; rel=stylesheet; fetchpriority=\"low\""_ns, true, u"s.css"_ns, + u"stylesheet"_ns, u""_ns, u"low"_ns}, + {u"; rel=stylesheet; fetchpriority=\"high\""_ns, true, u"s.css"_ns, + u"stylesheet"_ns, u""_ns, u"high"_ns}, + {u"; rel=stylesheet; fetchpriority=\"foo\""_ns, true, u"s.css"_ns, + u"stylesheet"_ns, u""_ns, u"foo"_ns}, + {u"; rel=stylesheet; fetchpriority=\"\""_ns, true, u"s.css"_ns, + u"stylesheet"_ns, u""_ns, u""_ns}, + {u"; rel=stylesheet; fetchpriority=fooWithoutDoubleQuotes"_ns, true, + u"s.css"_ns, u"stylesheet"_ns, u""_ns, u"fooWithoutDoubleQuotes"_ns}, + {u"; rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u";rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u" ;rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u" ; rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"< /images/cat.jpg> ; rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u" ; rel=prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + // TODO(1744051): don't ignore spaces in href + // {u" ; rel=prefetch"_ns, true, + // u"/images/cat.jpg wutwut"_ns, u"prefetch"_ns, u""_ns}, + {u" ; rel=prefetch"_ns, true, + u"/images/cat.jpgwutwut"_ns, u"prefetch"_ns, u""_ns}, + // TODO(1744051): don't ignore spaces in href + // {u" ; rel=prefetch"_ns, true, + // u"/images/cat.jpg wutwut"_ns, u"prefetch"_ns, u""_ns}, + {u" ; rel=prefetch"_ns, true, + u"/images/cat.jpgwutwut"_ns, u"prefetch"_ns, u""_ns}, + {u"; rel=prefetch "_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; Rel=prefetch "_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; Rel=PReFetCh "_ns, true, u"/images/cat.jpg"_ns, + u"PReFetCh"_ns, u""_ns}, + {u"; rel=prefetch; rel=somethingelse"_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + {u"\t\t ; \trel=prefetch \t "_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + {u"; rel= prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"<../images/cat.jpg?dog>; rel= prefetch"_ns, true, + u"../images/cat.jpg?dog"_ns, u"prefetch"_ns, u""_ns}, + {u"; rel =prefetch"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; rel pel=prefetch"_ns, false}, + // different from chromium test case, because we already check for + // existence of "rel" parameter + {u"< /images/cat.jpg>"_ns, false}, + {u"; wut=sup; rel =prefetch"_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + {u"; wut=sup ; rel =prefetch"_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + {u"; wut=sup ; rel =prefetch \t ;"_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + // TODO(1744051): forbid non-whitespace characters between '>' and the first + // semicolon making it conform RFC 8288 Sec 3 + // {u" wut=sup ; rel =prefetch \t ;"_ns, false}, + {u" wut=sup ; rel =prefetch \t ;"_ns, true, + u"/images/cat.jpg"_ns, u"prefetch"_ns, u""_ns}, + {u"< /images/cat.jpg"_ns, false}, + // TODO(1744051): don't ignore spaces in href + // {u"< http://wut.com/ sdfsdf ?sd>; rel=dns-prefetch"_ns, true, + // u"http://wut.com/ sdfsdf ?sd"_ns, u"dns-prefetch"_ns, u""_ns}, + {u"< http://wut.com/ sdfsdf ?sd>; rel=dns-prefetch"_ns, true, + u"http://wut.com/sdfsdf?sd"_ns, u"dns-prefetch"_ns, u""_ns}, + {u"< http://wut.com/%20%20%3dsdfsdf?sd>; rel=dns-prefetch"_ns, true, + u"http://wut.com/%20%20%3dsdfsdf?sd"_ns, u"dns-prefetch"_ns, u""_ns}, + {u"< http://wut.com/dfsdf?sdf=ghj&wer=rty>; rel=prefetch"_ns, true, + u"http://wut.com/dfsdf?sdf=ghj&wer=rty"_ns, u"prefetch"_ns, u""_ns}, + {u"< http://wut.com/dfsdf?sdf=ghj&wer=rty>;;;;; rel=prefetch"_ns, true, + u"http://wut.com/dfsdf?sdf=ghj&wer=rty"_ns, u"prefetch"_ns, u""_ns}, + {u"< http://wut.com/%20%20%3dsdfsdf?sd>; rel=preload;as=image"_ns, true, + u"http://wut.com/%20%20%3dsdfsdf?sd"_ns, u"preload"_ns, u"image"_ns}, + {u"< http://wut.com/%20%20%3dsdfsdf?sd>; rel=preload;as=whatever"_ns, + true, u"http://wut.com/%20%20%3dsdfsdf?sd"_ns, u"preload"_ns, + u"whatever"_ns}, + {u"; rel=prefetch;"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; rel=prefetch ;"_ns, true, u"/images/cat.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; rel=prefetch ;"_ns, true, u"/images/ca,t.jpg"_ns, + u"prefetch"_ns, u""_ns}, + {u"; rel=stylesheet; title=\"title with a DQUOTE and " + "backslash\""_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=stylesheet; title=\"title with a DQUOTE \\\" and " + // "backslash: \\\""_ns, false}, + {u"; rel=stylesheet; title=\"title with a DQUOTE \\\" and backslash: \\\""_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + {u"; title=\"title with a DQUOTE \\\" and backslash: \"; " + "rel=stylesheet; "_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + {u"; title=\'title with a DQUOTE \\\' and backslash: \'; " + "rel=stylesheet; "_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + {u"; title=\"title with a DQUOTE \\\" and ;backslash,: \"; " + "rel=stylesheet; "_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + {u"; title=\"title with a DQUOTE \' and ;backslash,: \"; " + "rel=stylesheet; "_ns, + true, u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + {u"; title=\"\"; rel=stylesheet; "_ns, true, u"simple.css"_ns, + u"stylesheet"_ns, u""_ns}, + {u"; title=\"\"; rel=\"stylesheet\"; "_ns, true, + u"simple.css"_ns, u"stylesheet"_ns, u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=stylesheet; title=\""_ns, false}, + {u"; rel=stylesheet; title=\""_ns, true, u"simple.css"_ns, + u"stylesheet"_ns, u""_ns}, + {u"; rel=stylesheet; title=\"\""_ns, true, u"simple.css"_ns, + u"stylesheet"_ns, u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=\"stylesheet\"; title=\""_ns, false}, + {u"; rel=\"stylesheet\"; title=\""_ns, true, u"simple.css"_ns, + u"stylesheet"_ns, u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=\";style,sheet\"; title=\""_ns, false}, + {u"; rel=\";style,sheet\"; title=\""_ns, true, u"simple.css"_ns, + u";style,sheet"_ns, u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=\"bla'sdf\"; title=\""_ns, false} + {u"; rel=\"bla'sdf\"; title=\""_ns, true, u"simple.css"_ns, + u"bla'sdf"_ns, u""_ns}, + // TODO(1744051): allow explicit empty rel + // {u"; rel=\"\"; title=\"\""_ns, true, u"simple.css"_ns, + // u""_ns, u""_ns} + {u"; rel=\"\"; title=\"\""_ns, false}, + {u"; rel=''; title=\"\""_ns, true, u"simple.css"_ns, u"''"_ns, + u""_ns}, + {u"; rel=''; bla"_ns, true, u"simple.css"_ns, u"''"_ns, u""_ns}, + {u"; rel='prefetch"_ns, true, u"simple.css"_ns, u"'prefetch"_ns, + u""_ns}, + // TODO(1744051): forbid missing end quote + // {u"; rel=\"prefetch"_ns, false}, + {u"; rel=\"prefetch"_ns, true, u"simple.css"_ns, + u"\"prefetch"_ns, u""_ns}, + {u"; rel=\""_ns, false}, + {u"simple.css; rel=prefetch"_ns, false}, + {u"; rel=prefetch; rel=foobar"_ns, true, u"simple.css"_ns, + u"prefetch"_ns, u""_ns}, +}; + +INSTANTIATE_TEST_SUITE_P(TestLinkHeader, SimpleParseTest, + testing::ValuesIn(simple_parse_tests)); + +// Test anchor + +struct AnchorTestData { + nsString baseURI; + // building the new anchor in combination with the baseURI + nsString anchor; + nsString href; + const char* resolved; +}; + +class AnchorTest : public ::testing::TestWithParam {}; + +const AnchorTestData anchor_tests[] = { + {u"http://example.com/path/to/index.html"_ns, u""_ns, u"page.html"_ns, + "http://example.com/path/to/page.html"}, + {u"http://example.com/path/to/index.html"_ns, + u"http://example.com/path/"_ns, u"page.html"_ns, + "http://example.com/path/page.html"}, + {u"http://example.com/path/to/index.html"_ns, + u"http://example.com/path/"_ns, u"/page.html"_ns, + "http://example.com/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u".."_ns, u"page.html"_ns, + "http://example.com/path/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u".."_ns, + u"from/page.html"_ns, "http://example.com/path/from/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u"/hello/"_ns, + u"page.html"_ns, "http://example.com/hello/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u"/hello"_ns, u"page.html"_ns, + "http://example.com/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u"#necko"_ns, u"page.html"_ns, + "http://example.com/path/to/page.html"}, + {u"http://example.com/path/to/index.html"_ns, u"https://example.net/"_ns, + u"to/page.html"_ns, "https://example.net/to/page.html"}, +}; + +LinkHeader LinkHeaderFromHrefAndAnchor(nsAString const& aHref, + nsAString const& aAnchor) { + LinkHeader l; + l.mHref = aHref; + l.mAnchor = aAnchor; + return l; +} + +TEST_P(AnchorTest, Anchor) { + const AnchorTestData test = GetParam(); + + LinkHeader linkHeader = LinkHeaderFromHrefAndAnchor(test.href, test.anchor); + + nsCOMPtr baseURI; + ASSERT_NS_SUCCEEDED(NS_NewURI(getter_AddRefs(baseURI), test.baseURI)); + + nsCOMPtr resolved; + ASSERT_TRUE(NS_SUCCEEDED( + linkHeader.NewResolveHref(getter_AddRefs(resolved), baseURI))); + + ASSERT_STREQ(resolved->GetSpecOrDefault().get(), test.resolved); +} + +INSTANTIATE_TEST_SUITE_P(TestLinkHeader, AnchorTest, + testing::ValuesIn(anchor_tests)); diff --git a/netwerk/test/gtest/TestMIMEInputStream.cpp b/netwerk/test/gtest/TestMIMEInputStream.cpp new file mode 100644 index 0000000000..a2f3f7a43d --- /dev/null +++ b/netwerk/test/gtest/TestMIMEInputStream.cpp @@ -0,0 +1,268 @@ +#include "gtest/gtest.h" + +#include "Helpers.h" +#include "mozilla/SpinEventLoopUntil.h" +#include "nsComponentManagerUtils.h" +#include "nsCOMPtr.h" +#include "nsStreamUtils.h" +#include "nsString.h" +#include "nsStringStream.h" +#include "nsIMIMEInputStream.h" +#include "nsISeekableStream.h" + +using mozilla::GetCurrentSerialEventTarget; +using mozilla::SpinEventLoopUntil; + +namespace { + +class SeekableLengthInputStream final : public testing::LengthInputStream, + public nsISeekableStream { + public: + SeekableLengthInputStream(const nsACString& aBuffer, + bool aIsInputStreamLength, + bool aIsAsyncInputStreamLength, + nsresult aLengthRv = NS_OK, + bool aNegativeValue = false) + : testing::LengthInputStream(aBuffer, aIsInputStreamLength, + aIsAsyncInputStreamLength, aLengthRv, + aNegativeValue) {} + + NS_DECL_ISUPPORTS_INHERITED + + NS_IMETHOD + Seek(int32_t aWhence, int64_t aOffset) override { + MOZ_CRASH("This method should not be called."); + return NS_ERROR_FAILURE; + } + + NS_IMETHOD + Tell(int64_t* aResult) override { + MOZ_CRASH("This method should not be called."); + return NS_ERROR_FAILURE; + } + + NS_IMETHOD + SetEOF() override { + MOZ_CRASH("This method should not be called."); + return NS_ERROR_FAILURE; + } + + private: + ~SeekableLengthInputStream() = default; +}; + +NS_IMPL_ISUPPORTS_INHERITED(SeekableLengthInputStream, + testing::LengthInputStream, nsISeekableStream) + +} // namespace + +// nsIInputStreamLength && nsIAsyncInputStreamLength + +TEST(TestNsMIMEInputStream, QIInputStreamLength) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + for (int i = 0; i < 4; i++) { + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, i % 2, i > 1); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + { + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_EQ(!!(i % 2), !!qi); + } + + { + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_EQ(i > 1, !!qi); + } + } +} + +TEST(TestNsMIMEInputStream, InputStreamLength) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, true, false); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_TRUE(!!qi); + + int64_t size; + nsresult rv = qi->Length(&size); + ASSERT_EQ(NS_OK, rv); + ASSERT_EQ(int64_t(buf.Length()), size); +} + +TEST(TestNsMIMEInputStream, NegativeInputStreamLength) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, true, false, NS_OK, true); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_TRUE(!!qi); + + int64_t size; + nsresult rv = qi->Length(&size); + ASSERT_EQ(NS_OK, rv); + ASSERT_EQ(-1, size); +} + +TEST(TestNsMIMEInputStream, AsyncInputStreamLength) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, false, true); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_TRUE(!!qi); + + RefPtr callback = new testing::LengthCallback(); + + nsresult rv = qi->AsyncLengthWait(callback, GetCurrentSerialEventTarget()); + ASSERT_EQ(NS_OK, rv); + + MOZ_ALWAYS_TRUE(SpinEventLoopUntil( + "TEST(TestNsMIMEInputStream, AsyncInputStreamLength)"_ns, + [&]() { return callback->Called(); })); + ASSERT_EQ(int64_t(buf.Length()), callback->Size()); +} + +TEST(TestNsMIMEInputStream, NegativeAsyncInputStreamLength) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, false, true, NS_OK, true); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_TRUE(!!qi); + + RefPtr callback = new testing::LengthCallback(); + + nsresult rv = qi->AsyncLengthWait(callback, GetCurrentSerialEventTarget()); + ASSERT_EQ(NS_OK, rv); + + MOZ_ALWAYS_TRUE(SpinEventLoopUntil( + "TEST(TestNsMIMEInputStream, NegativeAsyncInputStreamLength)"_ns, + [&]() { return callback->Called(); })); + ASSERT_EQ(-1, callback->Size()); +} + +TEST(TestNsMIMEInputStream, AbortLengthCallback) +{ + nsCString buf; + buf.AssignLiteral("Hello world"); + + nsCOMPtr mis; + { + RefPtr stream = + new SeekableLengthInputStream(buf, false, true, NS_OK, true); + + nsresult rv; + nsCOMPtr m( + do_CreateInstance("@mozilla.org/network/mime-input-stream;1", &rv)); + ASSERT_EQ(NS_OK, rv); + + rv = m->SetData(stream); + ASSERT_EQ(NS_OK, rv); + + mis = m; + ASSERT_TRUE(!!mis); + } + + nsCOMPtr qi = do_QueryInterface(mis); + ASSERT_TRUE(!!qi); + + RefPtr callback1 = new testing::LengthCallback(); + nsresult rv = qi->AsyncLengthWait(callback1, GetCurrentSerialEventTarget()); + ASSERT_EQ(NS_OK, rv); + + RefPtr callback2 = new testing::LengthCallback(); + rv = qi->AsyncLengthWait(callback2, GetCurrentSerialEventTarget()); + ASSERT_EQ(NS_OK, rv); + + MOZ_ALWAYS_TRUE( + SpinEventLoopUntil("TEST(TestNsMIMEInputStream, AbortLengthCallback)"_ns, + [&]() { return callback2->Called(); })); + ASSERT_TRUE(!callback1->Called()); + ASSERT_EQ(-1, callback2->Size()); +} diff --git a/netwerk/test/gtest/TestMozURL.cpp b/netwerk/test/gtest/TestMozURL.cpp new file mode 100644 index 0000000000..826adb241d --- /dev/null +++ b/netwerk/test/gtest/TestMozURL.cpp @@ -0,0 +1,392 @@ +#include "gtest/gtest.h" +#include "gtest/MozGTestBench.h" // For MOZ_GTEST_BENCH + +#include +#include "json/json.h" +#include "json/reader.h" +#include "mozilla/TextUtils.h" +#include "nsString.h" +#include "mozilla/net/MozURL.h" +#include "nsCOMPtr.h" +#include "nsDirectoryServiceDefs.h" +#include "nsNetUtil.h" +#include "nsIFile.h" +#include "nsIURI.h" +#include "nsStreamUtils.h" +#include "mozilla/BasePrincipal.h" + +using namespace mozilla; +using namespace mozilla::net; + +TEST(TestMozURL, Getters) +{ + nsAutoCString href("http://user:pass@example.com/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + ASSERT_TRUE(url->Scheme().EqualsLiteral("http")); + + ASSERT_TRUE(url->Spec() == href); + + ASSERT_TRUE(url->Username().EqualsLiteral("user")); + + ASSERT_TRUE(url->Password().EqualsLiteral("pass")); + + ASSERT_TRUE(url->Host().EqualsLiteral("example.com")); + + ASSERT_TRUE(url->FilePath().EqualsLiteral("/path")); + + ASSERT_TRUE(url->Query().EqualsLiteral("query")); + + ASSERT_TRUE(url->Ref().EqualsLiteral("ref")); + + url = nullptr; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), ""_ns), NS_ERROR_MALFORMED_URI); + ASSERT_EQ(url, nullptr); +} + +TEST(TestMozURL, MutatorChain) +{ + nsAutoCString href("http://user:pass@example.com/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + nsAutoCString out; + + RefPtr url2; + ASSERT_EQ(url->Mutate() + .SetScheme("https"_ns) + .SetUsername("newuser"_ns) + .SetPassword("newpass"_ns) + .SetHostname("test"_ns) + .SetFilePath("new/file/path"_ns) + .SetQuery("bla"_ns) + .SetRef("huh"_ns) + .Finalize(getter_AddRefs(url2)), + NS_OK); + + ASSERT_TRUE(url2->Spec().EqualsLiteral( + "https://newuser:newpass@test/new/file/path?bla#huh")); +} + +TEST(TestMozURL, MutatorFinalizeTwice) +{ + nsAutoCString href("http://user:pass@example.com/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + nsAutoCString out; + + RefPtr url2; + MozURL::Mutator mut = url->Mutate(); + mut.SetScheme("https"_ns); // Change the scheme to https + ASSERT_EQ(mut.Finalize(getter_AddRefs(url2)), NS_OK); + ASSERT_TRUE(url2->Spec().EqualsLiteral( + "https://user:pass@example.com/path?query#ref")); + + // Test that a second call to Finalize will result in an error code + url2 = nullptr; + ASSERT_EQ(mut.Finalize(getter_AddRefs(url2)), NS_ERROR_NOT_AVAILABLE); + ASSERT_EQ(url2, nullptr); +} + +TEST(TestMozURL, MutatorErrorStatus) +{ + nsAutoCString href("http://user:pass@example.com/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + nsAutoCString out; + + // Test that trying to set the scheme to a bad value will get you an error + MozURL::Mutator mut = url->Mutate(); + mut.SetScheme("!@#$%^&*("_ns); + ASSERT_EQ(mut.GetStatus(), NS_ERROR_MALFORMED_URI); + + // Test that the mutator will not work after one faulty operation + mut.SetScheme("test"_ns); + ASSERT_EQ(mut.GetStatus(), NS_ERROR_MALFORMED_URI); +} + +TEST(TestMozURL, InitWithBase) +{ + nsAutoCString href("https://example.net/a/b.html"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + ASSERT_TRUE(url->Spec().EqualsLiteral("https://example.net/a/b.html")); + + RefPtr url2; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url2), "c.png"_ns, url), NS_OK); + + ASSERT_TRUE(url2->Spec().EqualsLiteral("https://example.net/a/c.png")); +} + +TEST(TestMozURL, Path) +{ + nsAutoCString href("about:blank"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + ASSERT_TRUE(url->Spec().EqualsLiteral("about:blank")); + + ASSERT_TRUE(url->Scheme().EqualsLiteral("about")); + + ASSERT_TRUE(url->FilePath().EqualsLiteral("blank")); +} + +TEST(TestMozURL, HostPort) +{ + nsAutoCString href("https://user:pass@example.net:1234/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + ASSERT_TRUE(url->HostPort().EqualsLiteral("example.net:1234")); + + RefPtr url2; + url->Mutate().SetHostPort("test:321"_ns).Finalize(getter_AddRefs(url2)); + + ASSERT_TRUE(url2->HostPort().EqualsLiteral("test:321")); + ASSERT_TRUE( + url2->Spec().EqualsLiteral("https://user:pass@test:321/path?query#ref")); + + href.Assign("https://user:pass@example.net:443/path?query#ref"); + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + ASSERT_TRUE(url->HostPort().EqualsLiteral("example.net")); + ASSERT_EQ(url->Port(), -1); +} + +TEST(TestMozURL, Origin) +{ + nsAutoCString href("https://user:pass@example.net:1234/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + nsAutoCString out; + url->Origin(out); + ASSERT_TRUE(out.EqualsLiteral("https://example.net:1234")); + + RefPtr url2; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url2), "file:///tmp/foo"_ns), NS_OK); + url2->Origin(out); + ASSERT_TRUE(out.EqualsLiteral("file:///tmp/foo")); + + RefPtr url3; + ASSERT_EQ( + MozURL::Init(getter_AddRefs(url3), + nsLiteralCString( + "moz-extension://53711a8f-65ed-e742-9671-1f02e267c0bc/" + "foo/bar.html")), + NS_OK); + url3->Origin(out); + ASSERT_TRUE(out.EqualsLiteral( + "moz-extension://53711a8f-65ed-e742-9671-1f02e267c0bc")); + + RefPtr url4; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url4), "resource://foo/bar.html"_ns), + NS_OK); + url4->Origin(out); + ASSERT_TRUE(out.EqualsLiteral("resource://foo")); + + RefPtr url5; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url5), "about:home"_ns), NS_OK); + url5->Origin(out); + ASSERT_TRUE(out.EqualsLiteral("about:home")); +} + +TEST(TestMozURL, BaseDomain) +{ + nsAutoCString href("https://user:pass@example.net:1234/path?query#ref"); + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), href), NS_OK); + + nsAutoCString out; + ASSERT_EQ(url->BaseDomain(out), NS_OK); + ASSERT_TRUE(out.EqualsLiteral("example.net")); + + RefPtr url2; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url2), "file:///tmp/foo"_ns), NS_OK); + ASSERT_EQ(url2->BaseDomain(out), NS_OK); + ASSERT_TRUE(out.EqualsLiteral("/tmp/foo")); + + RefPtr url3; + ASSERT_EQ( + MozURL::Init(getter_AddRefs(url3), + nsLiteralCString( + "moz-extension://53711a8f-65ed-e742-9671-1f02e267c0bc/" + "foo/bar.html")), + NS_OK); + ASSERT_EQ(url3->BaseDomain(out), NS_OK); + ASSERT_TRUE(out.EqualsLiteral("53711a8f-65ed-e742-9671-1f02e267c0bc")); + + RefPtr url4; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url4), "resource://foo/bar.html"_ns), + NS_OK); + ASSERT_EQ(url4->BaseDomain(out), NS_OK); + ASSERT_TRUE(out.EqualsLiteral("foo")); + + RefPtr url5; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url5), "about:home"_ns), NS_OK); + ASSERT_EQ(url5->BaseDomain(out), NS_OK); + ASSERT_TRUE(out.EqualsLiteral("about:home")); +} + +namespace { + +bool OriginMatchesExpectedOrigin(const nsACString& aOrigin, + const nsACString& aExpectedOrigin) { + if (aExpectedOrigin.Equals("null") && + StringBeginsWith(aOrigin, "moz-nullprincipal"_ns)) { + return true; + } + return aOrigin == aExpectedOrigin; +} + +bool IsUUID(const nsACString& aString) { + if (!IsAscii(aString)) { + return false; + } + + std::regex pattern( + "^\\{[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-4[0-9A-Fa-f]{3}-[89ABab" + "][0-9A-Fa-f]{3}-[0-9A-Fa-f]{12}\\}$"); + return regex_match(nsCString(aString).get(), pattern); +} + +bool BaseDomainsEqual(const nsACString& aBaseDomain1, + const nsACString& aBaseDomain2) { + if (IsUUID(aBaseDomain1) && IsUUID(aBaseDomain2)) { + return true; + } + return aBaseDomain1 == aBaseDomain2; +} + +void CheckOrigin(const nsACString& aSpec, const nsACString& aBase, + const nsACString& aOrigin) { + nsCOMPtr baseUri; + nsresult rv = NS_NewURI(getter_AddRefs(baseUri), aBase); + ASSERT_EQ(rv, NS_OK); + + nsCOMPtr uri; + rv = NS_NewURI(getter_AddRefs(uri), aSpec, nullptr, baseUri); + ASSERT_EQ(rv, NS_OK); + + OriginAttributes attrs; + + nsCOMPtr principal = + BasePrincipal::CreateContentPrincipal(uri, attrs); + ASSERT_TRUE(principal); + + nsCString origin; + rv = principal->GetOriginNoSuffix(origin); + ASSERT_EQ(rv, NS_OK); + + EXPECT_TRUE(OriginMatchesExpectedOrigin(origin, aOrigin)); + + nsCString baseDomain; + rv = principal->GetBaseDomain(baseDomain); + + bool baseDomainSucceeded = NS_SUCCEEDED(rv); + + RefPtr baseUrl; + ASSERT_EQ(MozURL::Init(getter_AddRefs(baseUrl), aBase), NS_OK); + + RefPtr url; + ASSERT_EQ(MozURL::Init(getter_AddRefs(url), aSpec, baseUrl), NS_OK); + + url->Origin(origin); + + EXPECT_TRUE(OriginMatchesExpectedOrigin(origin, aOrigin)); + + nsCString baseDomain2; + rv = url->BaseDomain(baseDomain2); + + bool baseDomain2Succeeded = NS_SUCCEEDED(rv); + + EXPECT_TRUE(baseDomainSucceeded == baseDomain2Succeeded); + + if (baseDomainSucceeded) { + EXPECT_TRUE(BaseDomainsEqual(baseDomain, baseDomain2)); + } +} + +} // namespace + +TEST(TestMozURL, UrlTestData) +{ + nsCOMPtr file; + nsresult rv = + NS_GetSpecialDirectory(NS_OS_CURRENT_WORKING_DIR, getter_AddRefs(file)); + ASSERT_EQ(rv, NS_OK); + + rv = file->Append(u"urltestdata.json"_ns); + ASSERT_EQ(rv, NS_OK); + + bool exists; + rv = file->Exists(&exists); + ASSERT_EQ(rv, NS_OK); + + ASSERT_TRUE(exists); + + nsCOMPtr stream; + rv = NS_NewLocalFileInputStream(getter_AddRefs(stream), file); + ASSERT_EQ(rv, NS_OK); + + nsCOMPtr bufferedStream; + rv = NS_NewBufferedInputStream(getter_AddRefs(bufferedStream), + stream.forget(), 4096); + ASSERT_EQ(rv, NS_OK); + + nsCString data; + rv = NS_ConsumeStream(bufferedStream, UINT32_MAX, data); + ASSERT_EQ(rv, NS_OK); + + Json::Value root; + Json::CharReaderBuilder builder; + std::unique_ptr const reader(builder.newCharReader()); + ASSERT_TRUE( + reader->parse(data.BeginReading(), data.EndReading(), &root, nullptr)); + ASSERT_TRUE(root.isArray()); + + for (auto& item : root) { + if (!item.isObject()) { + continue; + } + + const Json::Value& skip = item["skip"]; + ASSERT_TRUE(skip.isNull() || skip.isBool()); + if (skip.isBool() && skip.asBool()) { + continue; + } + + const Json::Value& failure = item["failure"]; + ASSERT_TRUE(failure.isNull() || failure.isBool()); + if (failure.isBool() && failure.asBool()) { + continue; + } + + const Json::Value& origin = item["origin"]; + ASSERT_TRUE(origin.isNull() || origin.isString()); + if (origin.isNull()) { + continue; + } + const char* originBegin; + const char* originEnd; + origin.getString(&originBegin, &originEnd); + + auto baseCString = nsDependentCString("about:blank"); + const Json::Value& base = item["base"]; + if (!base.isNull()) { + const char* baseBegin; + const char* baseEnd; + base.getString(&baseBegin, &baseEnd); + baseCString.Assign(nsDependentCSubstring(baseBegin, baseEnd)); + } + + const Json::Value& input = item["input"]; + ASSERT_TRUE(input.isString()); + const char* inputBegin; + const char* inputEnd; + input.getString(&inputBegin, &inputEnd); + + CheckOrigin(nsDependentCString(inputBegin, inputEnd), baseCString, + nsDependentCString(originBegin, originEnd)); + } +} diff --git a/netwerk/test/gtest/TestNamedPipeService.cpp b/netwerk/test/gtest/TestNamedPipeService.cpp new file mode 100644 index 0000000000..b91a17a93e --- /dev/null +++ b/netwerk/test/gtest/TestNamedPipeService.cpp @@ -0,0 +1,281 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TestCommon.h" +#include "gtest/gtest.h" + +#include + +#include "mozilla/Atomics.h" +#include "mozilla/gtest/MozAssertions.h" +#include "mozilla/Monitor.h" +#include "nsNamedPipeService.h" +#include "nsNetCID.h" + +#define PIPE_NAME L"\\\\.\\pipe\\TestNPS" +#define TEST_STR "Hello World" + +using namespace mozilla; + +/** + * Unlike a monitor, an event allows a thread to wait on another thread + * completing an action without regard to ordering of the wait and the notify. + */ +class Event { + public: + explicit Event(const char* aName) : mMonitor(aName) {} + + ~Event() = default; + + void Set() { + MonitorAutoLock lock(mMonitor); + MOZ_ASSERT(!mSignaled); + mSignaled = true; + mMonitor.Notify(); + } + void Wait() { + MonitorAutoLock lock(mMonitor); + while (!mSignaled) { + lock.Wait(); + } + mSignaled = false; + } + + private: + Monitor mMonitor MOZ_UNANNOTATED; + bool mSignaled = false; +}; + +class nsNamedPipeDataObserver final : public nsINamedPipeDataObserver { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSINAMEDPIPEDATAOBSERVER + + explicit nsNamedPipeDataObserver(HANDLE aPipe); + + int Read(void* aBuffer, uint32_t aSize); + int Write(const void* aBuffer, uint32_t aSize); + + uint32_t Transferred() const { return mBytesTransferred; } + + private: + ~nsNamedPipeDataObserver() = default; + + HANDLE mPipe; + OVERLAPPED mOverlapped; + Atomic mBytesTransferred; + Event mEvent; +}; + +NS_IMPL_ISUPPORTS(nsNamedPipeDataObserver, nsINamedPipeDataObserver) + +nsNamedPipeDataObserver::nsNamedPipeDataObserver(HANDLE aPipe) + : mPipe(aPipe), mOverlapped(), mBytesTransferred(0), mEvent("named-pipe") { + mOverlapped.hEvent = CreateEventA(nullptr, TRUE, TRUE, "named-pipe"); +} + +int nsNamedPipeDataObserver::Read(void* aBuffer, uint32_t aSize) { + DWORD bytesRead = 0; + if (!ReadFile(mPipe, aBuffer, aSize, &bytesRead, &mOverlapped)) { + switch (GetLastError()) { + case ERROR_IO_PENDING: { + mEvent.Wait(); + } + if (!GetOverlappedResult(mPipe, &mOverlapped, &bytesRead, FALSE)) { + ADD_FAILURE() << "GetOverlappedResult failed"; + return -1; + } + if (mBytesTransferred != bytesRead) { + ADD_FAILURE() << "GetOverlappedResult mismatch"; + return -1; + } + + break; + default: + ADD_FAILURE() << "ReadFile error " << GetLastError(); + return -1; + } + } else { + mEvent.Wait(); + + if (mBytesTransferred != bytesRead) { + ADD_FAILURE() << "GetOverlappedResult mismatch"; + return -1; + } + } + + mBytesTransferred = 0; + return bytesRead; +} + +int nsNamedPipeDataObserver::Write(const void* aBuffer, uint32_t aSize) { + DWORD bytesWritten = 0; + if (!WriteFile(mPipe, aBuffer, aSize, &bytesWritten, &mOverlapped)) { + switch (GetLastError()) { + case ERROR_IO_PENDING: { + mEvent.Wait(); + } + if (!GetOverlappedResult(mPipe, &mOverlapped, &bytesWritten, FALSE)) { + ADD_FAILURE() << "GetOverlappedResult failed"; + return -1; + } + if (mBytesTransferred != bytesWritten) { + ADD_FAILURE() << "GetOverlappedResult mismatch"; + return -1; + } + + break; + default: + ADD_FAILURE() << "WriteFile error " << GetLastError(); + return -1; + } + } else { + mEvent.Wait(); + + if (mBytesTransferred != bytesWritten) { + ADD_FAILURE() << "GetOverlappedResult mismatch"; + return -1; + } + } + + mBytesTransferred = 0; + return bytesWritten; +} + +NS_IMETHODIMP +nsNamedPipeDataObserver::OnDataAvailable(uint32_t aBytesTransferred, + void* aOverlapped) { + if (aOverlapped != &mOverlapped) { + ADD_FAILURE() << "invalid overlapped object"; + return NS_ERROR_FAILURE; + } + + DWORD bytesTransferred = 0; + BOOL ret = + GetOverlappedResult(mPipe, reinterpret_cast(aOverlapped), + &bytesTransferred, FALSE); + + if (!ret) { + ADD_FAILURE() << "GetOverlappedResult failed"; + return NS_ERROR_FAILURE; + } + + if (bytesTransferred != aBytesTransferred) { + ADD_FAILURE() << "GetOverlappedResult mismatch"; + return NS_ERROR_FAILURE; + } + + mBytesTransferred += aBytesTransferred; + mEvent.Set(); + + return NS_OK; +} + +NS_IMETHODIMP +nsNamedPipeDataObserver::OnError(uint32_t aError, void* aOverlapped) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +BOOL CreateAndConnectInstance(LPOVERLAPPED aOverlapped, LPHANDLE aPipe); +BOOL ConnectToNewClient(HANDLE aPipe, LPOVERLAPPED aOverlapped); + +BOOL CreateAndConnectInstance(LPOVERLAPPED aOverlapped, LPHANDLE aPipe) { + // FIXME: adjust parameters + *aPipe = + CreateNamedPipeW(PIPE_NAME, PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED, + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, + 65536, 65536, 3000, NULL); + + if (*aPipe == INVALID_HANDLE_VALUE) { + ADD_FAILURE() << "CreateNamedPipe failed " << GetLastError(); + return FALSE; + } + + return ConnectToNewClient(*aPipe, aOverlapped); +} + +BOOL ConnectToNewClient(HANDLE aPipe, LPOVERLAPPED aOverlapped) { + if (ConnectNamedPipe(aPipe, aOverlapped)) { + ADD_FAILURE() + << "Unexpected, overlapped ConnectNamedPipe() always returns 0."; + return FALSE; + } + + switch (GetLastError()) { + case ERROR_IO_PENDING: + return TRUE; + + case ERROR_PIPE_CONNECTED: + if (SetEvent(aOverlapped->hEvent)) break; + + [[fallthrough]]; + default: // error + ADD_FAILURE() << "ConnectNamedPipe failed " << GetLastError(); + break; + } + + return FALSE; +} + +static nsresult CreateNamedPipe(LPHANDLE aServer, LPHANDLE aClient) { + OVERLAPPED overlapped; + overlapped.hEvent = CreateEvent(NULL, TRUE, TRUE, NULL); + BOOL ret; + + ret = CreateAndConnectInstance(&overlapped, aServer); + if (!ret) { + ADD_FAILURE() << "pipe server should be pending"; + return NS_ERROR_FAILURE; + } + + *aClient = CreateFileW(PIPE_NAME, GENERIC_READ | GENERIC_WRITE, + FILE_SHARE_READ | FILE_SHARE_WRITE, nullptr, + OPEN_EXISTING, FILE_FLAG_OVERLAPPED, nullptr); + + if (*aClient == INVALID_HANDLE_VALUE) { + ADD_FAILURE() << "Unable to create pipe client"; + CloseHandle(*aServer); + return NS_ERROR_FAILURE; + } + + DWORD pipeMode = PIPE_READMODE_MESSAGE; + if (!SetNamedPipeHandleState(*aClient, &pipeMode, nullptr, nullptr)) { + ADD_FAILURE() << "SetNamedPipeHandleState error " << GetLastError(); + CloseHandle(*aServer); + CloseHandle(*aClient); + return NS_ERROR_FAILURE; + } + + WaitForSingleObjectEx(overlapped.hEvent, INFINITE, TRUE); + + return NS_OK; +} + +TEST(TestNamedPipeService, Test) +{ + nsCOMPtr svc = net::NamedPipeService::GetOrCreate(); + + HANDLE readPipe, writePipe; + nsresult rv = CreateNamedPipe(&readPipe, &writePipe); + ASSERT_NS_SUCCEEDED(rv); + + RefPtr readObserver = + new nsNamedPipeDataObserver(readPipe); + RefPtr writeObserver = + new nsNamedPipeDataObserver(writePipe); + + ASSERT_NS_SUCCEEDED(svc->AddDataObserver(readPipe, readObserver)); + ASSERT_NS_SUCCEEDED(svc->AddDataObserver(writePipe, writeObserver)); + ASSERT_EQ(std::size_t(writeObserver->Write(TEST_STR, sizeof(TEST_STR))), + sizeof(TEST_STR)); + + char buffer[sizeof(TEST_STR)]; + ASSERT_EQ(std::size_t(readObserver->Read(buffer, sizeof(buffer))), + sizeof(TEST_STR)); + ASSERT_STREQ(buffer, TEST_STR) << "I/O mismatch"; + + ASSERT_NS_SUCCEEDED(svc->RemoveDataObserver(readPipe, readObserver)); + ASSERT_NS_SUCCEEDED(svc->RemoveDataObserver(writePipe, writeObserver)); +} diff --git a/netwerk/test/gtest/TestNetworkLinkIdHashingDarwin.cpp b/netwerk/test/gtest/TestNetworkLinkIdHashingDarwin.cpp new file mode 100644 index 0000000000..a07c9438bd --- /dev/null +++ b/netwerk/test/gtest/TestNetworkLinkIdHashingDarwin.cpp @@ -0,0 +1,93 @@ +#include + +#include "gtest/gtest.h" +#include "mozilla/SHA1.h" +#include "nsString.h" +#include "nsPrintfCString.h" +#include "mozilla/Logging.h" +#include "nsNetworkLinkService.h" + +using namespace mozilla; + +in6_addr StringToSockAddr(const std::string& str) { + sockaddr_in6 ip; + inet_pton(AF_INET6, str.c_str(), &(ip.sin6_addr)); + return ip.sin6_addr; +} + +TEST(TestNetworkLinkIdHashingDarwin, Single) +{ + // Setup + SHA1Sum expected_sha1; + SHA1Sum::Hash expected_digest; + + in6_addr a1 = StringToSockAddr("2001:db8:8714:3a91::1"); + + // Prefix + expected_sha1.update(&a1, sizeof(in6_addr)); + // Netmask + expected_sha1.update(&a1, sizeof(in6_addr)); + expected_sha1.finish(expected_digest); + + std::vector prefixNetmaskStore; + prefixNetmaskStore.push_back(std::make_pair(a1, a1)); + SHA1Sum actual_sha1; + // Run + nsNetworkLinkService::HashSortedPrefixesAndNetmasks(prefixNetmaskStore, + &actual_sha1); + SHA1Sum::Hash actual_digest; + actual_sha1.finish(actual_digest); + + // Assert + ASSERT_EQ(0, memcmp(&expected_digest, &actual_digest, sizeof(SHA1Sum::Hash))); +} + +TEST(TestNetworkLinkIdHashingDarwin, Multiple) +{ + // Setup + SHA1Sum expected_sha1; + SHA1Sum::Hash expected_digest; + + std::vector addresses; + addresses.push_back(StringToSockAddr("2001:db8:8714:3a91::1")); + addresses.push_back(StringToSockAddr("2001:db8:8714:3a91::2")); + addresses.push_back(StringToSockAddr("2001:db8:8714:3a91::3")); + addresses.push_back(StringToSockAddr("2001:db8:8714:3a91::4")); + + for (const auto& address : addresses) { + // Prefix + expected_sha1.update(&address, sizeof(in6_addr)); + // Netmask + expected_sha1.update(&address, sizeof(in6_addr)); + } + expected_sha1.finish(expected_digest); + + // Ordered + std::vector ordered; + for (const auto& address : addresses) { + ordered.push_back(std::make_pair(address, address)); + } + SHA1Sum ordered_sha1; + + // Unordered + std::vector reversed; + for (auto it = addresses.rbegin(); it != addresses.rend(); ++it) { + reversed.push_back(std::make_pair(*it, *it)); + } + SHA1Sum reversed_sha1; + + // Run + nsNetworkLinkService::HashSortedPrefixesAndNetmasks(ordered, &ordered_sha1); + SHA1Sum::Hash ordered_digest; + ordered_sha1.finish(ordered_digest); + + nsNetworkLinkService::HashSortedPrefixesAndNetmasks(reversed, &reversed_sha1); + SHA1Sum::Hash reversed_digest; + reversed_sha1.finish(reversed_digest); + + // Assert + ASSERT_EQ(0, + memcmp(&expected_digest, &ordered_digest, sizeof(SHA1Sum::Hash))); + ASSERT_EQ(0, + memcmp(&expected_digest, &reversed_digest, sizeof(SHA1Sum::Hash))); +} diff --git a/netwerk/test/gtest/TestNetworkLinkIdHashingWindows.cpp b/netwerk/test/gtest/TestNetworkLinkIdHashingWindows.cpp new file mode 100644 index 0000000000..eb2097d0a4 --- /dev/null +++ b/netwerk/test/gtest/TestNetworkLinkIdHashingWindows.cpp @@ -0,0 +1,88 @@ +#include + +#include "gtest/gtest.h" +#include "mozilla/SHA1.h" +#include "nsNotifyAddrListener.h" + +using namespace mozilla; + +GUID StringToGuid(const std::string& str) { + GUID guid; + sscanf(str.c_str(), + "%8lx-%4hx-%4hx-%2hhx%2hhx-%2hhx%2hhx%2hhx%2hhx%2hhx%2hhx", + &guid.Data1, &guid.Data2, &guid.Data3, &guid.Data4[0], &guid.Data4[1], + &guid.Data4[2], &guid.Data4[3], &guid.Data4[4], &guid.Data4[5], + &guid.Data4[6], &guid.Data4[7]); + + return guid; +} + +TEST(TestGuidHashWindows, Single) +{ + // Setup + SHA1Sum expected_sha1; + SHA1Sum::Hash expected_digest; + + GUID g1 = StringToGuid("264555b1-289c-4494-83d1-e158d1d95115"); + + expected_sha1.update(&g1, sizeof(GUID)); + expected_sha1.finish(expected_digest); + + std::vector nwGUIDS; + nwGUIDS.push_back(g1); + SHA1Sum actual_sha1; + // Run + nsNotifyAddrListener::HashSortedNetworkIds(nwGUIDS, actual_sha1); + SHA1Sum::Hash actual_digest; + actual_sha1.finish(actual_digest); + + // Assert + ASSERT_EQ(0, memcmp(&expected_digest, &actual_digest, sizeof(SHA1Sum::Hash))); +} + +TEST(TestNetworkLinkIdHashingWindows, Multiple) +{ + // Setup + SHA1Sum expected_sha1; + SHA1Sum::Hash expected_digest; + + std::vector nwGUIDS; + nwGUIDS.push_back(StringToGuid("00000000-0000-0000-0000-000000000001")); + nwGUIDS.push_back(StringToGuid("00000000-0000-0000-0000-000000000002")); + nwGUIDS.push_back(StringToGuid("00000000-0000-0000-0000-000000000003")); + nwGUIDS.push_back(StringToGuid("00000000-0000-0000-0000-000000000004")); + + for (const auto& guid : nwGUIDS) { + expected_sha1.update(&guid, sizeof(GUID)); + } + expected_sha1.finish(expected_digest); + + // Ordered + std::vector ordered; + for (const auto& guid : nwGUIDS) { + ordered.push_back(guid); + } + SHA1Sum ordered_sha1; + + // Unordered + std::vector reversed; + for (auto it = nwGUIDS.rbegin(); it != nwGUIDS.rend(); ++it) { + reversed.push_back(*it); + } + SHA1Sum reversed_sha1; + + // Run + nsNotifyAddrListener::HashSortedNetworkIds(ordered, ordered_sha1); + SHA1Sum::Hash ordered_digest; + ordered_sha1.finish(ordered_digest); + + nsNotifyAddrListener::HashSortedNetworkIds(reversed, reversed_sha1); + SHA1Sum::Hash reversed_digest; + reversed_sha1.finish(reversed_digest); + + // Assert + ASSERT_EQ(0, + memcmp(&expected_digest, &ordered_digest, sizeof(SHA1Sum::Hash))); + ASSERT_EQ(0, + memcmp(&expected_digest, &reversed_digest, sizeof(SHA1Sum::Hash))); +} diff --git a/netwerk/test/gtest/TestPACMan.cpp b/netwerk/test/gtest/TestPACMan.cpp new file mode 100644 index 0000000000..46c57cfc79 --- /dev/null +++ b/netwerk/test/gtest/TestPACMan.cpp @@ -0,0 +1,246 @@ +#include + +#include "gtest/gtest.h" +#include "nsServiceManagerUtils.h" +#include "../../../xpcom/threads/nsThreadManager.h" +#include "nsIDHCPClient.h" +#include "nsIPrefBranch.h" +#include "nsComponentManager.h" +#include "nsIPrefService.h" +#include "nsNetCID.h" +#include "mozilla/ModuleUtils.h" +#include "mozilla/GenericFactory.h" +#include "../../base/nsPACMan.h" + +#define TEST_WPAD_DHCP_OPTION "http://pac/pac.dat" +#define TEST_ASSIGNED_PAC_URL "http://assignedpac/pac.dat" +#define WPAD_PREF 4 +#define NETWORK_PROXY_TYPE_PREF_NAME "network.proxy.type" +#define GETTING_NETWORK_PROXY_TYPE_FAILED (-1) + +nsCString WPADOptionResult; + +namespace mozilla { +namespace net { + +nsresult SetNetworkProxyType(int32_t pref) { + nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); + + if (!prefs) { + return NS_ERROR_FACTORY_NOT_REGISTERED; + } + return prefs->SetIntPref(NETWORK_PROXY_TYPE_PREF_NAME, pref); +} + +nsresult GetNetworkProxyType(int32_t* pref) { + nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID); + + if (!prefs) { + return NS_ERROR_FACTORY_NOT_REGISTERED; + } + return prefs->GetIntPref(NETWORK_PROXY_TYPE_PREF_NAME, pref); +} + +class nsTestDHCPClient final : public nsIDHCPClient { + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIDHCPCLIENT + + nsTestDHCPClient() = default; + + nsresult Init() { return NS_OK; }; + + private: + ~nsTestDHCPClient() = default; +}; + +NS_IMETHODIMP +nsTestDHCPClient::GetOption(uint8_t option, nsACString& _retval) { + _retval.Assign(WPADOptionResult); + return NS_OK; +} + +NS_IMPL_ISUPPORTS(nsTestDHCPClient, nsIDHCPClient) + +#define NS_TESTDHCPCLIENTSERVICE_CID /* {FEBF1D69-4D7D-4891-9524-045AD18B5593} \ + */ \ + { \ + 0xFEBF1D69, 0x4D7D, 0x4891, { \ + 0x95, 0x24, 0x04, 0x5a, 0xd1, 0x8b, 0x55, 0x93 \ + } \ + } + +NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsTestDHCPClient, Init) +NS_DEFINE_NAMED_CID(NS_TESTDHCPCLIENTSERVICE_CID); + +void SetOptionResult(const char* result) { WPADOptionResult.Assign(result); } + +class ProcessPendingEventsAction final : public Runnable { + public: + ProcessPendingEventsAction() : Runnable("net::ProcessPendingEventsAction") {} + + NS_IMETHOD + Run() override { + if (NS_HasPendingEvents(nullptr)) { + NS_WARNING("Found pending requests on PAC thread"); + nsresult rv; + rv = NS_ProcessPendingEvents(nullptr); + EXPECT_EQ(NS_OK, rv); + } + NS_WARNING("No pending requests on PAC thread"); + return NS_OK; + } +}; + +class TestPACMan : public ::testing::Test { + protected: + RefPtr mPACMan; + + void ProcessAllEvents() { + ProcessPendingEventsOnPACThread(); + nsresult rv; + while (NS_HasPendingEvents(nullptr)) { + NS_WARNING("Pending events on main thread"); + rv = NS_ProcessPendingEvents(nullptr); + ASSERT_EQ(NS_OK, rv); + ProcessPendingEventsOnPACThread(); + } + NS_WARNING("End of pending events on main thread"); + } + + // This method is used to ensure that all pending events on the main thread + // and the Proxy thread are processsed. + // It iterates over ProcessAllEvents because simply calling ProcessAllEvents + // once did not reliably process the events on both threads on all platforms. + void ProcessAllEventsTenTimes() { + for (int i = 0; i < 10; i++) { + ProcessAllEvents(); + } + } + + virtual void SetUp() { + ASSERT_EQ(NS_OK, GetNetworkProxyType(&originalNetworkProxyTypePref)); + nsCOMPtr factory; + nsresult rv = nsComponentManagerImpl::gComponentManager->GetClassObject( + kNS_TESTDHCPCLIENTSERVICE_CID, NS_GET_IID(nsIFactory), + getter_AddRefs(factory)); + if (NS_SUCCEEDED(rv) && factory) { + rv = nsComponentManagerImpl::gComponentManager->UnregisterFactory( + kNS_TESTDHCPCLIENTSERVICE_CID, factory); + ASSERT_EQ(NS_OK, rv); + } + factory = new mozilla::GenericFactory(nsTestDHCPClientConstructor); + nsComponentManagerImpl::gComponentManager->RegisterFactory( + kNS_TESTDHCPCLIENTSERVICE_CID, "nsTestDHCPClient", + NS_DHCPCLIENT_CONTRACTID, factory); + + mPACMan = new nsPACMan(nullptr); + mPACMan->SetWPADOverDHCPEnabled(true); + mPACMan->Init(nullptr); + ASSERT_EQ(NS_OK, SetNetworkProxyType(WPAD_PREF)); + } + + virtual void TearDown() { + mPACMan->Shutdown(); + if (originalNetworkProxyTypePref != GETTING_NETWORK_PROXY_TYPE_FAILED) { + ASSERT_EQ(NS_OK, SetNetworkProxyType(originalNetworkProxyTypePref)); + } + } + + nsCOMPtr GetPACManDHCPCient() { return mPACMan->mDHCPClient; } + + void SetPACManDHCPCient(nsCOMPtr aValue) { + mPACMan->mDHCPClient = std::move(aValue); + } + + void AssertPACSpecEqualTo(const char* aExpected) { + ASSERT_STREQ(aExpected, mPACMan->mPACURISpec.Data()); + } + + private: + int32_t originalNetworkProxyTypePref = GETTING_NETWORK_PROXY_TYPE_FAILED; + + void ProcessPendingEventsOnPACThread() { + RefPtr action = + new ProcessPendingEventsAction(); + + mPACMan->DispatchToPAC(action.forget(), /*aSync =*/true); + } +}; + +TEST_F(TestPACMan, TestCreateDHCPClientAndGetOption) { + SetOptionResult(TEST_WPAD_DHCP_OPTION); + nsCString spec; + + GetPACManDHCPCient()->GetOption(252, spec); + + ASSERT_STREQ(TEST_WPAD_DHCP_OPTION, spec.Data()); +} + +TEST_F(TestPACMan, TestCreateDHCPClientAndGetEmptyOption) { + SetOptionResult(""); + nsCString spec; + spec.AssignLiteral(TEST_ASSIGNED_PAC_URL); + + GetPACManDHCPCient()->GetOption(252, spec); + + ASSERT_TRUE(spec.IsEmpty()); +} + +TEST_F(TestPACMan, + WhenTheDHCPClientExistsAndDHCPIsNonEmptyDHCPOptionIsUsedAsPACUri) { + SetOptionResult(TEST_WPAD_DHCP_OPTION); + + mPACMan->LoadPACFromURI(""_ns); + ProcessAllEventsTenTimes(); + + ASSERT_STREQ(TEST_WPAD_DHCP_OPTION, WPADOptionResult.Data()); + AssertPACSpecEqualTo(TEST_WPAD_DHCP_OPTION); +} + +TEST_F(TestPACMan, WhenTheDHCPResponseIsEmptyWPADDefaultsToStandardURL) { + SetOptionResult(""_ns.Data()); + + mPACMan->LoadPACFromURI(""_ns); + ASSERT_TRUE(NS_HasPendingEvents(nullptr)); + ProcessAllEventsTenTimes(); + + ASSERT_STREQ("", WPADOptionResult.Data()); + AssertPACSpecEqualTo("http://wpad/wpad.dat"); +} + +TEST_F(TestPACMan, WhenThereIsNoDHCPClientWPADDefaultsToStandardURL) { + SetOptionResult(TEST_WPAD_DHCP_OPTION); + SetPACManDHCPCient(nullptr); + + mPACMan->LoadPACFromURI(""_ns); + ProcessAllEventsTenTimes(); + + ASSERT_STREQ(TEST_WPAD_DHCP_OPTION, WPADOptionResult.Data()); + AssertPACSpecEqualTo("http://wpad/wpad.dat"); +} + +TEST_F(TestPACMan, WhenWPADOverDHCPIsPreffedOffWPADDefaultsToStandardURL) { + SetOptionResult(TEST_WPAD_DHCP_OPTION); + mPACMan->SetWPADOverDHCPEnabled(false); + + mPACMan->LoadPACFromURI(""_ns); + ProcessAllEventsTenTimes(); + + ASSERT_STREQ(TEST_WPAD_DHCP_OPTION, WPADOptionResult.Data()); + AssertPACSpecEqualTo("http://wpad/wpad.dat"); +} + +TEST_F(TestPACMan, WhenPACUriIsSetDirectlyItIsUsedRatherThanWPAD) { + SetOptionResult(TEST_WPAD_DHCP_OPTION); + nsCString spec; + spec.AssignLiteral(TEST_ASSIGNED_PAC_URL); + + mPACMan->LoadPACFromURI(spec); + ProcessAllEventsTenTimes(); + + AssertPACSpecEqualTo(TEST_ASSIGNED_PAC_URL); +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestProtocolProxyService.cpp b/netwerk/test/gtest/TestProtocolProxyService.cpp new file mode 100644 index 0000000000..a26f5f62a8 --- /dev/null +++ b/netwerk/test/gtest/TestProtocolProxyService.cpp @@ -0,0 +1,164 @@ +#include "gtest/gtest.h" + +#include "nsCOMPtr.h" +#include "nsNetCID.h" +#include "nsString.h" +#include "nsComponentManagerUtils.h" +#include "../../base/nsProtocolProxyService.h" +#include "nsServiceManagerUtils.h" +#include "mozilla/Preferences.h" +#include "nsNetUtil.h" + +namespace mozilla { +namespace net { + +TEST(TestProtocolProxyService, LoadHostFilters) +{ + nsCOMPtr ps = + do_GetService(NS_PROTOCOLPROXYSERVICE_CID); + ASSERT_TRUE(ps); + mozilla::net::nsProtocolProxyService* pps = + static_cast(ps.get()); + + nsCOMPtr url; + nsAutoCString spec; + + auto CheckLoopbackURLs = [&](bool expected) { + // loopback IPs are always filtered + spec = "http://127.0.0.1"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + spec = "http://[::1]"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + spec = "http://localhost"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + }; + + auto CheckURLs = [&](bool expected) { + spec = "http://example.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "https://10.2.3.4"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 443), expected); + + spec = "http://1.2.3.4"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "http://1.2.3.4:8080"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "http://[2001::1]"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "http://2.3.4.5:7777"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "http://[abcd::2]:123"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + + spec = "http://bla.test.com"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + }; + + auto CheckPortDomain = [&](bool expected) { + spec = "http://blabla.com:10"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + }; + + auto CheckLocalDomain = [&](bool expected) { + spec = "http://test"; + ASSERT_EQ(NS_NewURI(getter_AddRefs(url), spec), NS_OK); + ASSERT_EQ(pps->CanUseProxy(url, 80), expected); + }; + + // -------------------------------------------------------------------------- + + nsAutoCString filter; + + // Anything is allowed when there are no filters set + printf("Testing empty filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(false); + CheckLocalDomain(true); + CheckURLs(true); + CheckPortDomain(true); + + // -------------------------------------------------------------------------- + + filter = + "example.com, 1.2.3.4/16, [2001::1], 10.0.0.0/8, 2.3.0.0/16:7777, " + "[abcd::1]/64:123, *.test.com"; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(false); + // Check URLs can no longer use filtered proxy + CheckURLs(false); + CheckLocalDomain(true); + CheckPortDomain(true); + + // -------------------------------------------------------------------------- + + // This is space separated. See bug 1346711 comment 4. We check this to keep + // backwards compatibility. + filter = " blabla.com:10"; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(false); + CheckURLs(true); + CheckLocalDomain(false); + CheckPortDomain(false); + + // Check that we don't crash on weird input + filter = "a b c abc:1x2, ,, * ** *.* *:10 :20 :40/12 */12:90"; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + // Check that filtering works properly when the filter is set to "" + filter = ""; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(false); + CheckURLs(true); + CheckLocalDomain(false); + CheckPortDomain(true); + + // Check that allow_hijacking_localhost works with empty filter + Preferences::SetBool("network.proxy.allow_hijacking_localhost", true); + + filter = ""; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(true); + CheckLocalDomain(true); + CheckURLs(true); + CheckPortDomain(true); + + // Check that allow_hijacking_localhost works with non-trivial filter + filter = "127.0.0.1, [::1], localhost, blabla.com:10"; + printf("Testing filter: %s\n", filter.get()); + pps->LoadHostFilters(filter); + + CheckLoopbackURLs(false); + CheckLocalDomain(true); + CheckURLs(true); + CheckPortDomain(false); +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestReadStreamToString.cpp b/netwerk/test/gtest/TestReadStreamToString.cpp new file mode 100644 index 0000000000..f5fa0a4979 --- /dev/null +++ b/netwerk/test/gtest/TestReadStreamToString.cpp @@ -0,0 +1,190 @@ +#include "gtest/gtest.h" + +#include "Helpers.h" +#include "nsCOMPtr.h" +#include "nsNetUtil.h" +#include "nsStringStream.h" + +// Here we test the reading a pre-allocated size +TEST(TestReadStreamToString, SyncStreamPreAllocatedSize) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream; + ASSERT_EQ(NS_OK, NS_NewCStringInputStream(getter_AddRefs(stream), buffer)); + + uint64_t written; + nsAutoCString result; + result.SetLength(5); + + void* ptr = result.BeginWriting(); + + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, 5, &written)); + ASSERT_EQ((uint64_t)5, written); + ASSERT_TRUE(nsCString(buffer.get(), 5).Equals(result)); + + // The pointer should be equal: no relocation. + ASSERT_EQ(ptr, result.BeginWriting()); +} + +// Here we test the reading the full size of a sync stream +TEST(TestReadStreamToString, SyncStreamFullSize) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream; + ASSERT_EQ(NS_OK, NS_NewCStringInputStream(getter_AddRefs(stream), buffer)); + + uint64_t written; + nsAutoCString result; + + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, buffer.Length(), + &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading less than the full size of a sync stream +TEST(TestReadStreamToString, SyncStreamLessThan) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream; + ASSERT_EQ(NS_OK, NS_NewCStringInputStream(getter_AddRefs(stream), buffer)); + + uint64_t written; + nsAutoCString result; + + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, 5, &written)); + ASSERT_EQ((uint64_t)5, written); + ASSERT_TRUE(nsCString(buffer.get(), 5).Equals(result)); +} + +// Here we test the reading more than the full size of a sync stream +TEST(TestReadStreamToString, SyncStreamMoreThan) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream; + ASSERT_EQ(NS_OK, NS_NewCStringInputStream(getter_AddRefs(stream), buffer)); + + uint64_t written; + nsAutoCString result; + + // Reading more than the buffer size. + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, + buffer.Length() + 5, &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading a sync stream without passing the size +TEST(TestReadStreamToString, SyncStreamUnknownSize) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream; + ASSERT_EQ(NS_OK, NS_NewCStringInputStream(getter_AddRefs(stream), buffer)); + + uint64_t written; + nsAutoCString result; + + // Reading all without passing the size + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, -1, &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading the full size of an async stream +TEST(TestReadStreamToString, AsyncStreamFullSize) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream = new testing::AsyncStringStream(buffer); + + uint64_t written; + nsAutoCString result; + + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, buffer.Length(), + &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading less than the full size of an async stream +TEST(TestReadStreamToString, AsyncStreamLessThan) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream = new testing::AsyncStringStream(buffer); + + uint64_t written; + nsAutoCString result; + + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, 5, &written)); + ASSERT_EQ((uint64_t)5, written); + ASSERT_TRUE(nsCString(buffer.get(), 5).Equals(result)); +} + +// Here we test the reading more than the full size of an async stream +TEST(TestReadStreamToString, AsyncStreamMoreThan) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream = new testing::AsyncStringStream(buffer); + + uint64_t written; + nsAutoCString result; + + // Reading more than the buffer size. + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, + buffer.Length() + 5, &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading an async stream without passing the size +TEST(TestReadStreamToString, AsyncStreamUnknownSize) +{ + nsCString buffer; + buffer.AssignLiteral("Hello world!"); + + nsCOMPtr stream = new testing::AsyncStringStream(buffer); + + uint64_t written; + nsAutoCString result; + + // Reading all without passing the size + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, -1, &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} + +// Here we test the reading an async big stream without passing the size +TEST(TestReadStreamToString, AsyncStreamUnknownBigSize) +{ + nsCString buffer; + + buffer.SetLength(4096 * 2); + for (uint32_t i = 0; i < 4096 * 2; ++i) { + buffer.BeginWriting()[i] = i % 10; + } + + nsCOMPtr stream = new testing::AsyncStringStream(buffer); + + uint64_t written; + nsAutoCString result; + + // Reading all without passing the size + ASSERT_EQ(NS_OK, NS_ReadInputStreamToString(stream, result, -1, &written)); + ASSERT_EQ(buffer.Length(), written); + ASSERT_TRUE(buffer.Equals(result)); +} diff --git a/netwerk/test/gtest/TestSSLTokensCache.cpp b/netwerk/test/gtest/TestSSLTokensCache.cpp new file mode 100644 index 0000000000..0f67a532eb --- /dev/null +++ b/netwerk/test/gtest/TestSSLTokensCache.cpp @@ -0,0 +1,154 @@ +#include + +#include "CertVerifier.h" +#include "CommonSocketControl.h" +#include "SSLTokensCache.h" +#include "TransportSecurityInfo.h" +#include "gtest/gtest.h" +#include "mozilla/Preferences.h" +#include "nsITransportSecurityInfo.h" +#include "nsIWebProgressListener.h" +#include "nsIX509Cert.h" +#include "nsIX509CertDB.h" +#include "nsServiceManagerUtils.h" +#include "sslproto.h" + +static already_AddRefed createDummySocketControl() { + nsCOMPtr certDB(do_GetService(NS_X509CERTDB_CONTRACTID)); + EXPECT_TRUE(certDB); + nsLiteralCString base64( + "MIIBbjCCARWgAwIBAgIUOyCxVVqw03yUxKSfSojsMF8K/" + "ikwCgYIKoZIzj0EAwIwHTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMjAxM" + "TI3MDAwMDAwWhgPMjAyMzAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfM" + "jU2LXJvb3Rfc2VjcDI1NmsxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/" + "u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/" + "LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMB" + "Af8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIFuwodUwyOUnIR4KN5ZCSrU7y4iz" + "4/1EWRdHm5kWKi8dAiB6Ixn9sw3uBVbyxnQKYqGnOwM+qLOkJK0W8XkIE3n5sg=="); + nsCOMPtr cert; + EXPECT_TRUE(NS_SUCCEEDED( + certDB->ConstructX509FromBase64(base64, getter_AddRefs(cert)))); + EXPECT_TRUE(cert); + nsTArray> succeededCertChain; + for (size_t i = 0; i < 3; i++) { + nsTArray certDER; + EXPECT_TRUE(NS_SUCCEEDED(cert->GetRawDER(certDER))); + succeededCertChain.AppendElement(std::move(certDER)); + } + RefPtr socketControl( + new CommonSocketControl(nsLiteralCString("example.com"), 433, 0)); + socketControl->SetServerCert(cert, mozilla::psm::EVStatus::NotEV); + socketControl->SetSucceededCertChain(std::move(succeededCertChain)); + return socketControl.forget(); +} + +static auto MakeTestData(const size_t aDataSize) { + auto data = nsTArray(); + data.SetLength(aDataSize); + std::iota(data.begin(), data.end(), 0); + return data; +} + +static void putToken(const nsACString& aKey, uint32_t aSize) { + RefPtr socketControl = createDummySocketControl(); + nsTArray token = MakeTestData(aSize); + nsresult rv = mozilla::net::SSLTokensCache::Put(aKey, token.Elements(), aSize, + socketControl, aSize); + ASSERT_EQ(rv, NS_OK); +} + +static void getAndCheckResult(const nsACString& aKey, uint32_t aExpectedSize) { + nsTArray result; + mozilla::net::SessionCacheInfo unused; + nsresult rv = mozilla::net::SSLTokensCache::Get(aKey, result, unused); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(result.Length(), (size_t)aExpectedSize); +} + +TEST(TestTokensCache, SinglePut) +{ + mozilla::net::SSLTokensCache::Clear(); + mozilla::Preferences::SetInt("network.ssl_tokens_cache_records_per_entry", 1); + mozilla::Preferences::SetBool("network.ssl_tokens_cache_use_only_once", true); + + putToken("anon:www.example.com:443"_ns, 100); + nsTArray result; + mozilla::net::SessionCacheInfo unused; + nsresult rv = mozilla::net::SSLTokensCache::Get("anon:www.example.com:443"_ns, + result, unused); + ASSERT_EQ(rv, NS_OK); + rv = mozilla::net::SSLTokensCache::Get("anon:www.example.com:443"_ns, result, + unused); + ASSERT_EQ(rv, NS_ERROR_NOT_AVAILABLE); +} + +TEST(TestTokensCache, MultiplePut) +{ + mozilla::net::SSLTokensCache::Clear(); + mozilla::Preferences::SetInt("network.ssl_tokens_cache_records_per_entry", 3); + + putToken("anon:www.example1.com:443"_ns, 300); + // This record will be removed because + // "network.ssl_tokens_cache_records_per_entry" is 3. + putToken("anon:www.example1.com:443"_ns, 100); + putToken("anon:www.example1.com:443"_ns, 200); + putToken("anon:www.example1.com:443"_ns, 400); + + // Test if records are ordered by the expiration time + getAndCheckResult("anon:www.example1.com:443"_ns, 200); + getAndCheckResult("anon:www.example1.com:443"_ns, 300); + getAndCheckResult("anon:www.example1.com:443"_ns, 400); +} + +TEST(TestTokensCache, RemoveAll) +{ + mozilla::net::SSLTokensCache::Clear(); + mozilla::Preferences::SetInt("network.ssl_tokens_cache_records_per_entry", 3); + + putToken("anon:www.example1.com:443"_ns, 100); + putToken("anon:www.example1.com:443"_ns, 200); + putToken("anon:www.example1.com:443"_ns, 300); + + putToken("anon:www.example2.com:443"_ns, 100); + putToken("anon:www.example2.com:443"_ns, 200); + putToken("anon:www.example2.com:443"_ns, 300); + + nsTArray result; + mozilla::net::SessionCacheInfo unused; + nsresult rv = mozilla::net::SSLTokensCache::Get( + "anon:www.example1.com:443"_ns, result, unused); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(result.Length(), (size_t)100); + + rv = mozilla::net::SSLTokensCache::RemoveAll("anon:www.example1.com:443"_ns); + ASSERT_EQ(rv, NS_OK); + + rv = mozilla::net::SSLTokensCache::Get("anon:www.example1.com:443"_ns, result, + unused); + ASSERT_EQ(rv, NS_ERROR_NOT_AVAILABLE); + + rv = mozilla::net::SSLTokensCache::Get("anon:www.example2.com:443"_ns, result, + unused); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(result.Length(), (size_t)100); +} + +TEST(TestTokensCache, Eviction) +{ + mozilla::net::SSLTokensCache::Clear(); + + mozilla::Preferences::SetInt("network.ssl_tokens_cache_records_per_entry", 3); + mozilla::Preferences::SetInt("network.ssl_tokens_cache_capacity", 8); + + putToken("anon:www.example2.com:443"_ns, 300); + putToken("anon:www.example2.com:443"_ns, 400); + putToken("anon:www.example2.com:443"_ns, 500); + // The one has expiration time "300" will be removed because we only allow 3 + // records per entry. + putToken("anon:www.example2.com:443"_ns, 600); + + putToken("anon:www.example3.com:443"_ns, 600); + putToken("anon:www.example3.com:443"_ns, 500); + // The one has expiration time "400" was evicted, so we get "500". + getAndCheckResult("anon:www.example2.com:443"_ns, 500); +} diff --git a/netwerk/test/gtest/TestServerTimingHeader.cpp b/netwerk/test/gtest/TestServerTimingHeader.cpp new file mode 100644 index 0000000000..183726a440 --- /dev/null +++ b/netwerk/test/gtest/TestServerTimingHeader.cpp @@ -0,0 +1,238 @@ +#include "gtest/gtest.h" + +#include "mozilla/Unused.h" +#include "mozilla/net/nsServerTiming.h" +#include +#include + +using namespace mozilla; +using namespace mozilla::net; + +void testServerTimingHeader( + const char* headerValue, + std::vector> expectedResults) { + nsAutoCString header(headerValue); + ServerTimingParser parser(header); + parser.Parse(); + + nsTArray> results = + parser.TakeServerTimingHeaders(); + + ASSERT_EQ(results.Length(), expectedResults.size()); + + unsigned i = 0; + for (const auto& header : results) { + std::vector expectedResult(expectedResults[i++]); + nsCString name; + mozilla::Unused << header->GetName(name); + ASSERT_TRUE(name.Equals(expectedResult[0].c_str())); + + double duration; + mozilla::Unused << header->GetDuration(&duration); + ASSERT_EQ(duration, atof(expectedResult[1].c_str())); + + nsCString description; + mozilla::Unused << header->GetDescription(description); + ASSERT_TRUE(description.Equals(expectedResult[2].c_str())); + } +} + +TEST(TestServerTimingHeader, HeaderParsing) +{ + // Test cases below are copied from + // https://cs.chromium.org/chromium/src/third_party/WebKit/Source/platform/network/HTTPParsersTest.cpp + + testServerTimingHeader("", {}); + testServerTimingHeader("metric", {{"metric", "0", ""}}); + testServerTimingHeader("metric;dur", {{"metric", "0", ""}}); + testServerTimingHeader("metric;dur=123.4", {{"metric", "123.4", ""}}); + testServerTimingHeader("metric;dur=\"123.4\"", {{"metric", "123.4", ""}}); + + testServerTimingHeader("metric;desc", {{"metric", "0", ""}}); + testServerTimingHeader("metric;desc=description", + {{"metric", "0", "description"}}); + testServerTimingHeader("metric;desc=\"description\"", + {{"metric", "0", "description"}}); + + testServerTimingHeader("metric;dur;desc", {{"metric", "0", ""}}); + testServerTimingHeader("metric;dur=123.4;desc", {{"metric", "123.4", ""}}); + testServerTimingHeader("metric;dur;desc=description", + {{"metric", "0", "description"}}); + testServerTimingHeader("metric;dur=123.4;desc=description", + {{"metric", "123.4", "description"}}); + testServerTimingHeader("metric;desc;dur", {{"metric", "0", ""}}); + testServerTimingHeader("metric;desc;dur=123.4", {{"metric", "123.4", ""}}); + testServerTimingHeader("metric;desc=description;dur", + {{"metric", "0", "description"}}); + testServerTimingHeader("metric;desc=description;dur=123.4", + {{"metric", "123.4", "description"}}); + + // special chars in name + testServerTimingHeader("aB3!#$%&'*+-.^_`|~", + {{"aB3!#$%&'*+-.^_`|~", "0", ""}}); + + // delimiter chars in quoted description + testServerTimingHeader("metric;desc=\"descr;,=iption\";dur=123.4", + {{"metric", "123.4", "descr;,=iption"}}); + + // whitespace + testServerTimingHeader("metric ; ", {{"metric", "0", ""}}); + testServerTimingHeader("metric , ", {{"metric", "0", ""}}); + testServerTimingHeader("metric ; dur = 123.4 ; desc = description", + {{"metric", "123.4", "description"}}); + testServerTimingHeader("metric ; desc = description ; dur = 123.4", + {{"metric", "123.4", "description"}}); + + // multiple entries + testServerTimingHeader( + "metric1;dur=12.3;desc=description1,metric2;dur=45.6;" + "desc=description2,metric3;dur=78.9;desc=description3", + {{"metric1", "12.3", "description1"}, + {"metric2", "45.6", "description2"}, + {"metric3", "78.9", "description3"}}); + testServerTimingHeader("metric1,metric2 ,metric3, metric4 , metric5", + {{"metric1", "0", ""}, + {"metric2", "0", ""}, + {"metric3", "0", ""}, + {"metric4", "0", ""}, + {"metric5", "0", ""}}); + + // quoted-strings + // metric;desc=\ --> '' + testServerTimingHeader("metric;desc=\\", {{"metric", "0", ""}}); + // metric;desc=" --> '' + testServerTimingHeader("metric;desc=\"", {{"metric", "0", ""}}); + // metric;desc=\\ --> '' + testServerTimingHeader("metric;desc=\\\\", {{"metric", "0", ""}}); + // metric;desc=\" --> '' + testServerTimingHeader("metric;desc=\\\"", {{"metric", "0", ""}}); + // metric;desc="\ --> '' + testServerTimingHeader("metric;desc=\"\\", {{"metric", "0", ""}}); + // metric;desc="" --> '' + testServerTimingHeader("metric;desc=\"\"", {{"metric", "0", ""}}); + // metric;desc=\\\ --> '' + testServerTimingHeader(R"(metric;desc=\\\)", {{"metric", "0", ""}}); + // metric;desc=\\" --> '' + testServerTimingHeader(R"(metric;desc=\\")", {{"metric", "0", ""}}); + // metric;desc=\"\ --> '' + testServerTimingHeader(R"(metric;desc=\"\)", {{"metric", "0", ""}}); + // metric;desc=\"" --> '' + testServerTimingHeader(R"(metric;desc=\"")", {{"metric", "0", ""}}); + // metric;desc="\\ --> '' + testServerTimingHeader(R"(metric;desc="\\)", {{"metric", "0", ""}}); + // metric;desc="\" --> '' + testServerTimingHeader(R"(metric;desc="\")", {{"metric", "0", ""}}); + // metric;desc=""\ --> '' + testServerTimingHeader(R"(metric;desc=""\)", {{"metric", "0", ""}}); + // metric;desc=""" --> '' + testServerTimingHeader(R"(metric;desc=""")", {{"metric", "0", ""}}); + // metric;desc=\\\\ --> '' + testServerTimingHeader(R"(metric;desc=\\\\)", {{"metric", "0", ""}}); + // metric;desc=\\\" --> '' + testServerTimingHeader(R"(metric;desc=\\\")", {{"metric", "0", ""}}); + // metric;desc=\\"\ --> '' + testServerTimingHeader(R"(metric;desc=\\"\)", {{"metric", "0", ""}}); + // metric;desc=\\"" --> '' + testServerTimingHeader(R"(metric;desc=\\"")", {{"metric", "0", ""}}); + // metric;desc=\"\\ --> '' + testServerTimingHeader(R"(metric;desc=\"\\)", {{"metric", "0", ""}}); + // metric;desc=\"\" --> '' + testServerTimingHeader(R"(metric;desc=\"\")", {{"metric", "0", ""}}); + // metric;desc=\""\ --> '' + testServerTimingHeader(R"(metric;desc=\""\)", {{"metric", "0", ""}}); + // metric;desc=\""" --> '' + testServerTimingHeader(R"(metric;desc=\""")", {{"metric", "0", ""}}); + // metric;desc="\\\ --> '' + testServerTimingHeader(R"(metric;desc="\\\)", {{"metric", "0", ""}}); + // metric;desc="\\" --> '\' + testServerTimingHeader(R"(metric;desc="\\")", {{"metric", "0", "\\"}}); + // metric;desc="\"\ --> '' + testServerTimingHeader(R"(metric;desc="\"\)", {{"metric", "0", ""}}); + // metric;desc="\"" --> '"' + testServerTimingHeader(R"(metric;desc="\"")", {{"metric", "0", "\""}}); + // metric;desc=""\\ --> '' + testServerTimingHeader(R"(metric;desc=""\\)", {{"metric", "0", ""}}); + // metric;desc=""\" --> '' + testServerTimingHeader(R"(metric;desc=""\")", {{"metric", "0", ""}}); + // metric;desc="""\ --> '' + testServerTimingHeader(R"(metric;desc="""\)", {{"metric", "0", ""}}); + // metric;desc="""" --> '' + testServerTimingHeader(R"(metric;desc="""")", {{"metric", "0", ""}}); + + // duplicate entry names + testServerTimingHeader( + "metric;dur=12.3;desc=description1,metric;dur=45.6;" + "desc=description2", + {{"metric", "12.3", "description1"}, {"metric", "45.6", "description2"}}); + + // non-numeric durations + testServerTimingHeader("metric;dur=foo", {{"metric", "0", ""}}); + testServerTimingHeader("metric;dur=\"foo\"", {{"metric", "0", ""}}); + + // unrecognized param names + testServerTimingHeader( + "metric;foo=bar;desc=description;foo=bar;dur=123.4;foo=bar", + {{"metric", "123.4", "description"}}); + + // duplicate param names + testServerTimingHeader("metric;dur=123.4;dur=567.8", + {{"metric", "123.4", ""}}); + testServerTimingHeader("metric;desc=description1;desc=description2", + {{"metric", "0", "description1"}}); + testServerTimingHeader("metric;dur=foo;dur=567.8", {{"metric", "", ""}}); + + // unspecified param values + testServerTimingHeader("metric;dur;dur=123.4", {{"metric", "0", ""}}); + testServerTimingHeader("metric;desc;desc=description", {{"metric", "0", ""}}); + + // param name case + testServerTimingHeader("metric;DuR=123.4;DeSc=description", + {{"metric", "123.4", "description"}}); + + // nonsense + testServerTimingHeader("metric=foo;dur;dur=123.4,metric2", + {{"metric", "0", ""}, {"metric2", "0", ""}}); + testServerTimingHeader("metric\"foo;dur;dur=123.4,metric2", + {{"metric", "0", ""}}); + + // nonsense - return zero entries + testServerTimingHeader(" ", {}); + testServerTimingHeader("=", {}); + testServerTimingHeader("[", {}); + testServerTimingHeader("]", {}); + testServerTimingHeader(";", {}); + testServerTimingHeader(",", {}); + testServerTimingHeader("=;", {}); + testServerTimingHeader(";=", {}); + testServerTimingHeader("=,", {}); + testServerTimingHeader(",=", {}); + testServerTimingHeader(";,", {}); + testServerTimingHeader(",;", {}); + testServerTimingHeader("=;,", {}); + + // Invalid token + testServerTimingHeader("met=ric", {{"met", "0", ""}}); + testServerTimingHeader("met ric", {{"met", "0", ""}}); + testServerTimingHeader("met[ric", {{"met", "0", ""}}); + testServerTimingHeader("met]ric", {{"met", "0", ""}}); + testServerTimingHeader("metric;desc=desc=123, metric2", + {{"metric", "0", "desc"}, {"metric2", "0", ""}}); + testServerTimingHeader("met ric;desc=de sc , metric2", + {{"met", "0", "de"}, {"metric2", "0", ""}}); + + // test cases from https://w3c.github.io/server-timing/#examples + testServerTimingHeader( + " miss, ,db;dur=53, app;dur=47.2 ", + {{"miss", "0", ""}, {"db", "53", ""}, {"app", "47.2", ""}}); + testServerTimingHeader(" customView, dc;desc=atl ", + {{"customView", "0", ""}, {"dc", "0", "atl"}}); + testServerTimingHeader(" total;dur=123.4 ", {{"total", "123.4", ""}}); + + // test cases for comma in quoted string + testServerTimingHeader(R"( metric ; desc="descr\"\";,=iption";dur=123.4)", + {{"metric", "123.4", "descr\"\";,=iption"}}); + testServerTimingHeader( + " metric2;dur=\"123.4\";;desc=\",;\\\",;,\";;, metric ; desc = \" " + "\\\", ;\\\" \"; dur=123.4,", + {{"metric2", "123.4", ",;\",;,"}, {"metric", "123.4", " \", ;\" "}}); +} diff --git a/netwerk/test/gtest/TestSocketTransportService.cpp b/netwerk/test/gtest/TestSocketTransportService.cpp new file mode 100644 index 0000000000..89adad3740 --- /dev/null +++ b/netwerk/test/gtest/TestSocketTransportService.cpp @@ -0,0 +1,164 @@ +#include "gtest/gtest.h" + +#include "nsCOMPtr.h" +#include "nsISocketTransport.h" +#include "nsString.h" +#include "nsComponentManagerUtils.h" +#include "../../base/nsSocketTransportService2.h" +#include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" + +namespace mozilla { +namespace net { + +TEST(TestSocketTransportService, PortRemappingPreferenceReading) +{ + nsCOMPtr service = + do_GetService("@mozilla.org/network/socket-transport-service;1"); + ASSERT_TRUE(service); + + auto* sts = gSocketTransportService; + ASSERT_TRUE(sts); + + NS_DispatchAndSpinEventLoopUntilComplete( + "test"_ns, sts, NS_NewRunnableFunction("test", [&]() { + auto CheckPortRemap = [&](uint16_t input, uint16_t output) -> bool { + sts->ApplyPortRemap(&input); + return input == output; + }; + + // Ill-formed prefs + ASSERT_FALSE(sts->UpdatePortRemapPreference(";"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference(" ;"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("; "_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("foo"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference(" foo"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference(" foo "_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("10=20;"_ns)); + + ASSERT_FALSE(sts->UpdatePortRemapPreference("1"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1="_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1,="_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-="_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-,="_ns)); + + ASSERT_FALSE(sts->UpdatePortRemapPreference("1=2,"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1=2-3"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-2,=3"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-2,3"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-2,3-4"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-2,3-4,"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-2,3-4="_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("10000000=10"_ns)); + + ASSERT_FALSE(sts->UpdatePortRemapPreference("1=2;3"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=2;3"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=2;3="_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-foo=2;3=15"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=foo;3=15"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=2;foo=15"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=2;3=foo"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1-4=2x3=15"_ns)); + ASSERT_FALSE(sts->UpdatePortRemapPreference("1+4=2;3=15"_ns)); + + // Well-formed prefs + ASSERT_TRUE(sts->UpdatePortRemapPreference("1=2"_ns)); + ASSERT_TRUE(CheckPortRemap(1, 2)); + ASSERT_TRUE(CheckPortRemap(2, 2)); + ASSERT_TRUE(CheckPortRemap(3, 3)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("10=20"_ns)); + ASSERT_TRUE(CheckPortRemap(1, 1)); + ASSERT_TRUE(CheckPortRemap(2, 2)); + ASSERT_TRUE(CheckPortRemap(3, 3)); + ASSERT_TRUE(CheckPortRemap(10, 20)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("100-200=1000"_ns)); + ASSERT_TRUE(CheckPortRemap(10, 10)); + ASSERT_TRUE(CheckPortRemap(99, 99)); + ASSERT_TRUE(CheckPortRemap(100, 1000)); + ASSERT_TRUE(CheckPortRemap(101, 1000)); + ASSERT_TRUE(CheckPortRemap(200, 1000)); + ASSERT_TRUE(CheckPortRemap(201, 201)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("100-200,500=1000"_ns)); + ASSERT_TRUE(CheckPortRemap(10, 10)); + ASSERT_TRUE(CheckPortRemap(99, 99)); + ASSERT_TRUE(CheckPortRemap(100, 1000)); + ASSERT_TRUE(CheckPortRemap(101, 1000)); + ASSERT_TRUE(CheckPortRemap(200, 1000)); + ASSERT_TRUE(CheckPortRemap(201, 201)); + ASSERT_TRUE(CheckPortRemap(499, 499)); + ASSERT_TRUE(CheckPortRemap(500, 1000)); + ASSERT_TRUE(CheckPortRemap(501, 501)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("1-3=10;5-8,12=20"_ns)); + ASSERT_TRUE(CheckPortRemap(1, 10)); + ASSERT_TRUE(CheckPortRemap(2, 10)); + ASSERT_TRUE(CheckPortRemap(3, 10)); + ASSERT_TRUE(CheckPortRemap(4, 4)); + ASSERT_TRUE(CheckPortRemap(5, 20)); + ASSERT_TRUE(CheckPortRemap(8, 20)); + ASSERT_TRUE(CheckPortRemap(11, 11)); + ASSERT_TRUE(CheckPortRemap(12, 20)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("80=8080;443=8080"_ns)); + ASSERT_TRUE(CheckPortRemap(80, 8080)); + ASSERT_TRUE(CheckPortRemap(443, 8080)); + + // Later rules rewrite earlier rules + ASSERT_TRUE(sts->UpdatePortRemapPreference("10=100;10=200"_ns)); + ASSERT_TRUE(CheckPortRemap(10, 200)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("10-20=100;10-20=200"_ns)); + ASSERT_TRUE(CheckPortRemap(10, 200)); + ASSERT_TRUE(CheckPortRemap(20, 200)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference("10-20=100;15=200"_ns)); + ASSERT_TRUE(CheckPortRemap(10, 100)); + ASSERT_TRUE(CheckPortRemap(15, 200)); + ASSERT_TRUE(CheckPortRemap(20, 100)); + + ASSERT_TRUE(sts->UpdatePortRemapPreference( + " 100 - 200 = 1000 ; 150 = 2000 "_ns)); + ASSERT_TRUE(CheckPortRemap(100, 1000)); + ASSERT_TRUE(CheckPortRemap(150, 2000)); + ASSERT_TRUE(CheckPortRemap(200, 1000)); + + // Turn off any mapping + ASSERT_TRUE(sts->UpdatePortRemapPreference(""_ns)); + for (uint32_t port = 0; port < 65536; ++port) { + ASSERT_TRUE(CheckPortRemap((uint16_t)port, (uint16_t)port)); + } + })); +} + +TEST(TestSocketTransportService, StatusValues) +{ + static_assert(static_cast(nsISocketTransport::STATUS_RESOLVING) == + NS_NET_STATUS_RESOLVING_HOST); + static_assert(static_cast(nsISocketTransport::STATUS_RESOLVED) == + NS_NET_STATUS_RESOLVED_HOST); + static_assert( + static_cast(nsISocketTransport::STATUS_CONNECTING_TO) == + NS_NET_STATUS_CONNECTING_TO); + static_assert( + static_cast(nsISocketTransport::STATUS_CONNECTED_TO) == + NS_NET_STATUS_CONNECTED_TO); + static_assert(static_cast(nsISocketTransport::STATUS_SENDING_TO) == + NS_NET_STATUS_SENDING_TO); + static_assert(static_cast(nsISocketTransport::STATUS_WAITING_FOR) == + NS_NET_STATUS_WAITING_FOR); + static_assert( + static_cast(nsISocketTransport::STATUS_RECEIVING_FROM) == + NS_NET_STATUS_RECEIVING_FROM); + static_assert(static_cast( + nsISocketTransport::STATUS_TLS_HANDSHAKE_STARTING) == + NS_NET_STATUS_TLS_HANDSHAKE_STARTING); + static_assert( + static_cast(nsISocketTransport::STATUS_TLS_HANDSHAKE_ENDED) == + NS_NET_STATUS_TLS_HANDSHAKE_ENDED); +} + +} // namespace net +} // namespace mozilla diff --git a/netwerk/test/gtest/TestStandardURL.cpp b/netwerk/test/gtest/TestStandardURL.cpp new file mode 100644 index 0000000000..035c92fcc2 --- /dev/null +++ b/netwerk/test/gtest/TestStandardURL.cpp @@ -0,0 +1,441 @@ +#include "gtest/gtest.h" +#include "gtest/MozGTestBench.h" // For MOZ_GTEST_BENCH + +#include "nsCOMPtr.h" +#include "nsNetCID.h" +#include "nsIURL.h" +#include "nsIStandardURL.h" +#include "nsString.h" +#include "nsPrintfCString.h" +#include "nsComponentManagerUtils.h" +#include "nsIURIMutator.h" +#include "mozilla/ipc/URIUtils.h" +#include "mozilla/Unused.h" +#include "nsSerializationHelper.h" +#include "mozilla/Base64.h" +#include "nsEscape.h" + +using namespace mozilla; + +// In nsStandardURL.cpp +extern nsresult Test_NormalizeIPv4(const nsACString& host, nsCString& result); +extern nsresult Test_ParseIPv4Number(const nsACString& input, int32_t base, + uint32_t& number, uint32_t maxNumber); +extern int32_t Test_ValidateIPv4Number(const nsACString& host, int32_t bases[4], + int32_t dotIndex[3], bool& onlyBase10, + int32_t length); +TEST(TestStandardURL, Simple) +{ + nsCOMPtr url; + ASSERT_EQ(NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec("http://example.com"_ns) + .Finalize(url), + NS_OK); + ASSERT_TRUE(url); + + ASSERT_EQ(NS_MutateURI(url).SetSpec("http://example.com"_ns).Finalize(url), + NS_OK); + + nsAutoCString out; + + ASSERT_EQ(url->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "http://example.com/"_ns); + + ASSERT_EQ(url->Resolve("foo.html?q=45"_ns, out), NS_OK); + ASSERT_TRUE(out == "http://example.com/foo.html?q=45"_ns); + + ASSERT_EQ(NS_MutateURI(url).SetScheme("foo"_ns).Finalize(url), NS_OK); + + ASSERT_EQ(url->GetScheme(out), NS_OK); + ASSERT_TRUE(out == "foo"_ns); + + ASSERT_EQ(url->GetHost(out), NS_OK); + ASSERT_TRUE(out == "example.com"_ns); + ASSERT_EQ(NS_MutateURI(url).SetHost("www.yahoo.com"_ns).Finalize(url), NS_OK); + ASSERT_EQ(url->GetHost(out), NS_OK); + ASSERT_TRUE(out == "www.yahoo.com"_ns); + + ASSERT_EQ(NS_MutateURI(url) + .SetPathQueryRef(nsLiteralCString( + "/some-path/one-the-net/about.html?with-a-query#for-you")) + .Finalize(url), + NS_OK); + ASSERT_EQ(url->GetPathQueryRef(out), NS_OK); + ASSERT_TRUE(out == + nsLiteralCString( + "/some-path/one-the-net/about.html?with-a-query#for-you")); + + ASSERT_EQ(NS_MutateURI(url) + .SetQuery(nsLiteralCString( + "a=b&d=c&what-ever-you-want-to-be-called=45")) + .Finalize(url), + NS_OK); + ASSERT_EQ(url->GetQuery(out), NS_OK); + ASSERT_TRUE(out == "a=b&d=c&what-ever-you-want-to-be-called=45"_ns); + + ASSERT_EQ(NS_MutateURI(url).SetRef("#some-book-mark"_ns).Finalize(url), + NS_OK); + ASSERT_EQ(url->GetRef(out), NS_OK); + ASSERT_TRUE(out == "some-book-mark"_ns); +} + +TEST(TestStandardURL, NormalizeGood) +{ + nsCString result; + const char* manual[] = {"0.0.0.0", + "0.0.0.0", + "0", + "0.0.0.0", + "000", + "0.0.0.0", + "0x00", + "0.0.0.0", + "10.20.100.200", + "10.20.100.200", + "255.255.255.255", + "255.255.255.255", + "0XFF.0xFF.0xff.0xFf", + "255.255.255.255", + "0x000ff.0X00FF.0x0ff.0xff", + "255.255.255.255", + "0x000fA.0X00FB.0x0fC.0xfD", + "250.251.252.253", + "0x000fE.0X00FF.0x0fC.0xfD", + "254.255.252.253", + "0x000fa.0x00fb.0x0fc.0xfd", + "250.251.252.253", + "0x000fe.0x00ff.0x0fc.0xfd", + "254.255.252.253", + "0377.0377.0377.0377", + "255.255.255.255", + "0000377.000377.00377.0377", + "255.255.255.255", + "65535", + "0.0.255.255", + "0xfFFf", + "0.0.255.255", + "0x00000ffff", + "0.0.255.255", + "0177777", + "0.0.255.255", + "000177777", + "0.0.255.255", + "0.13.65535", + "0.13.255.255", + "0.22.0xffff", + "0.22.255.255", + "0.123.0177777", + "0.123.255.255", + "65536", + "0.1.0.0", + "0200000", + "0.1.0.0", + "0x10000", + "0.1.0.0"}; + for (uint32_t i = 0; i < sizeof(manual) / sizeof(manual[0]); i += 2) { + nsCString encHost(manual[i + 0]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.Equals(manual[i + 1])); + } + + // Make sure we're getting the numbers correctly interpreted: + for (int i = 0; i < 256; i++) { + nsCString encHost = nsPrintfCString("0x%x", i); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.Equals(nsPrintfCString("0.0.0.%d", i))); + + encHost = nsPrintfCString("0%o", i); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.Equals(nsPrintfCString("0.0.0.%d", i))); + } + + // Some random numbers in the range, mixing hex, decimal, octal + for (int i = 0; i < 8; i++) { + int val[4] = {i * 11 + 13, i * 18 + 22, i * 4 + 28, i * 15 + 2}; + + nsCString encHost = + nsPrintfCString("%d.%d.%d.%d", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.Equals(encHost)); + + nsCString encHostM = + nsPrintfCString("0x%x.0x%x.0x%x.0x%x", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHostM, result)); + ASSERT_TRUE(result.Equals(encHost)); + + encHostM = + nsPrintfCString("0%o.0%o.0%o.0%o", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHostM, result)); + ASSERT_TRUE(result.Equals(encHost)); + + encHostM = + nsPrintfCString("0x%x.%d.0%o.%d", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHostM, result)); + ASSERT_TRUE(result.Equals(encHost)); + + encHostM = + nsPrintfCString("%d.0%o.0%o.0x%x", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHostM, result)); + ASSERT_TRUE(result.Equals(encHost)); + + encHostM = + nsPrintfCString("0%o.0%o.0x%x.0x%x", val[0], val[1], val[2], val[3]); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHostM, result)); + ASSERT_TRUE(result.Equals(encHost)); + } +} + +TEST(TestStandardURL, NormalizeBad) +{ + nsAutoCString result; + const char* manual[] = { + "x22.232.12.32", "122..12.32", "122.12.32.12.32", "122.12.32..", + "122.12.xx.22", "122.12.0xx.22", "0xx.12.01.22", "12.12.02x.22", + "1q.12.2.22", "122.01f.02.22", "12a.01.02.22", "12.01.02.20x1", + "10x2.01.02.20", "0xx.01.02.20", "10.x.02.20", "10.00x2.02.20", + "10.13.02x2.20", "10.x13.02.20", "10.0x134def.02.20", "\0.2.2.2", + "256.2.2.2", "2.256.2.2", "2.2.256.2", "2.2.2.256", + "2.2.-2.3", "+2.2.2.3", "13.0x2x2.2.3", "0x2x2.13.2.3"}; + + for (auto& i : manual) { + nsCString encHost(i); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost, result)); + } +} + +TEST(TestStandardURL, From_test_standardurldotjs) +{ + // These are test (success and failure) cases from test_standardurl.js + nsAutoCString result; + + const char* localIPv4s[] = { + "127.0.0.1", + "127.0.1", + "127.1", + "2130706433", + "0177.00.00.01", + "0177.00.01", + "0177.01", + "00000000000000000000000000177.0000000.0000000.0001", + "000000177.0000001", + "017700000001", + "0x7f.0x00.0x00.0x01", + "0x7f.0x01", + "0x7f000001", + "0x007f.0x0000.0x0000.0x0001", + "000177.0.00000.0x0001", + "127.0.0.1.", + + "0X7F.0X00.0X00.0X01", + "0X7F.0X01", + "0X7F000001", + "0X007F.0X0000.0X0000.0X0001", + "000177.0.00000.0X0001"}; + for (auto& localIPv4 : localIPv4s) { + nsCString encHost(localIPv4); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.EqualsLiteral("127.0.0.1")); + } + + const char* nonIPv4s[] = {"0xfffffffff", "0x100000000", + "4294967296", "1.2.0x10000", + "1.0x1000000", "256.0.0.1", + "1.256.1", "-1.0.0.0", + "1.2.3.4.5", "010000000000000000", + "2+3", "0.0.0.-1", + "1.2.3.4..", "1..2", + ".1.2.3.4", ".127"}; + for (auto& nonIPv4 : nonIPv4s) { + nsCString encHost(nonIPv4); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost, result)); + } + + const char* oneOrNoDotsIPv4s[] = {"127", "127."}; + for (auto& localIPv4 : oneOrNoDotsIPv4s) { + nsCString encHost(localIPv4); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + ASSERT_TRUE(result.EqualsLiteral("0.0.0.127")); + } +} + +#define TEST_COUNT 10000 + +MOZ_GTEST_BENCH(TestStandardURL, DISABLED_Perf, [] { + nsCOMPtr url; + ASSERT_EQ(NS_OK, NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec("http://example.com"_ns) + .Finalize(url)); + + nsAutoCString out; + for (int i = TEST_COUNT; i; --i) { + ASSERT_EQ(NS_MutateURI(url).SetSpec("http://example.com"_ns).Finalize(url), + NS_OK); + ASSERT_EQ(url->GetSpec(out), NS_OK); + url->Resolve("foo.html?q=45"_ns, out); + mozilla::Unused << NS_MutateURI(url).SetScheme("foo"_ns).Finalize(url); + url->GetScheme(out); + mozilla::Unused + << NS_MutateURI(url).SetHost("www.yahoo.com"_ns).Finalize(url); + url->GetHost(out); + mozilla::Unused + << NS_MutateURI(url) + .SetPathQueryRef(nsLiteralCString( + "/some-path/one-the-net/about.html?with-a-query#for-you")) + .Finalize(url); + url->GetPathQueryRef(out); + mozilla::Unused << NS_MutateURI(url) + .SetQuery(nsLiteralCString( + "a=b&d=c&what-ever-you-want-to-be-called=45")) + .Finalize(url); + url->GetQuery(out); + mozilla::Unused + << NS_MutateURI(url).SetRef("#some-book-mark"_ns).Finalize(url); + url->GetRef(out); + } +}); + +// Note the five calls in the loop, so divide by 100k +MOZ_GTEST_BENCH(TestStandardURL, DISABLED_NormalizePerf, [] { + nsAutoCString result; + for (int i = 0; i < 20000; i++) { + nsAutoCString encHost("123.232.12.32"); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost, result)); + nsAutoCString encHost2("83.62.12.92"); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost2, result)); + nsAutoCString encHost3("8.7.6.5"); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost3, result)); + nsAutoCString encHost4("111.159.123.220"); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost4, result)); + nsAutoCString encHost5("1.160.204.200"); + ASSERT_EQ(NS_OK, Test_NormalizeIPv4(encHost5, result)); + } +}); + +// Bug 1394785 - ignore unstable test on OSX +#ifndef XP_MACOSX +// Note the five calls in the loop, so divide by 100k +MOZ_GTEST_BENCH(TestStandardURL, DISABLED_NormalizePerfFails, [] { + nsAutoCString result; + for (int i = 0; i < 20000; i++) { + nsAutoCString encHost("123.292.12.32"); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost, result)); + nsAutoCString encHost2("83.62.12.0x13292"); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost2, result)); + nsAutoCString encHost3("8.7.6.0xhello"); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost3, result)); + nsAutoCString encHost4("111.159.notonmywatch.220"); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost4, result)); + nsAutoCString encHost5("1.160.204.20f"); + ASSERT_EQ(NS_ERROR_FAILURE, Test_NormalizeIPv4(encHost5, result)); + } +}); +#endif + +TEST(TestStandardURL, Mutator) +{ + nsAutoCString out; + nsCOMPtr uri; + nsresult rv = NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec("http://example.com"_ns) + .Finalize(uri); + ASSERT_EQ(rv, NS_OK); + + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "http://example.com/"_ns); + + rv = NS_MutateURI(uri) + .SetScheme("ftp"_ns) + .SetHost("mozilla.org"_ns) + .SetPathQueryRef("/path?query#ref"_ns) + .Finalize(uri); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "ftp://mozilla.org/path?query#ref"_ns); + + nsCOMPtr url; + rv = NS_MutateURI(uri).SetScheme("https"_ns).Finalize(url); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(url->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?query#ref"_ns); +} + +TEST(TestStandardURL, Deserialize_Bug1392739) +{ + mozilla::ipc::StandardURLParams standard_params; + standard_params.urlType() = nsIStandardURL::URLTYPE_STANDARD; + standard_params.spec().Truncate(); + standard_params.host() = mozilla::ipc::StandardURLSegment(4294967295, 1); + + mozilla::ipc::URIParams params(standard_params); + + nsCOMPtr mutator = + do_CreateInstance(NS_STANDARDURLMUTATOR_CID); + ASSERT_EQ(mutator->Deserialize(params), NS_ERROR_FAILURE); +} + +TEST(TestStandardURL, CorruptSerialization) +{ + auto spec = "http://user:pass@example.com/path/to/file.ext?query#hash"_ns; + + nsCOMPtr uri; + nsresult rv = NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec(spec) + .Finalize(uri); + ASSERT_EQ(rv, NS_OK); + + nsAutoCString serialization; + nsCOMPtr serializable = do_QueryInterface(uri); + ASSERT_TRUE(serializable); + + // Check that the URL is normally serializable. + ASSERT_EQ(NS_OK, NS_SerializeToString(serializable, serialization)); + nsCOMPtr deserializedObject; + ASSERT_EQ(NS_OK, NS_DeserializeObject(serialization, + getter_AddRefs(deserializedObject))); + + nsAutoCString canonicalBin; + Unused << Base64Decode(serialization, canonicalBin); + +// The spec serialization begins at byte 49 +// If the implementation of nsStandardURL::Write changes, this test will need +// to be adjusted. +#define SPEC_OFFSET 49 + + ASSERT_EQ(Substring(canonicalBin, SPEC_OFFSET, 7), "http://"_ns); + + nsAutoCString corruptedBin = canonicalBin; + // change mScheme.mPos + corruptedBin.BeginWriting()[SPEC_OFFSET + spec.Length()] = 1; + Unused << Base64Encode(corruptedBin, serialization); + ASSERT_EQ( + NS_ERROR_MALFORMED_URI, + NS_DeserializeObject(serialization, getter_AddRefs(deserializedObject))); + + corruptedBin = canonicalBin; + // change mScheme.mLen + corruptedBin.BeginWriting()[SPEC_OFFSET + spec.Length() + 4] = 127; + Unused << Base64Encode(corruptedBin, serialization); + ASSERT_EQ( + NS_ERROR_MALFORMED_URI, + NS_DeserializeObject(serialization, getter_AddRefs(deserializedObject))); +} + +TEST(TestStandardURL, ParseIPv4Num) +{ + auto host = "0x.0x.0"_ns; + + int32_t bases[4] = {10, 10, 10, 10}; + bool onlyBase10 = true; // Track this as a special case + int32_t dotIndex[3]; // The positions of the dots in the string + int32_t length = static_cast(host.Length()); + + ASSERT_EQ(2, + Test_ValidateIPv4Number(host, bases, dotIndex, onlyBase10, length)); + + nsCString result; + ASSERT_EQ(NS_OK, Test_NormalizeIPv4("0x.0x.0"_ns, result)); + + uint32_t number; + Test_ParseIPv4Number("0x10"_ns, 16, number, 255); + ASSERT_EQ(number, (uint32_t)16); +} diff --git a/netwerk/test/gtest/TestUDPSocket.cpp b/netwerk/test/gtest/TestUDPSocket.cpp new file mode 100644 index 0000000000..fe6e9b223d --- /dev/null +++ b/netwerk/test/gtest/TestUDPSocket.cpp @@ -0,0 +1,410 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "TestCommon.h" +#include "gtest/gtest.h" +#include "nsIUDPSocket.h" +#include "nsISocketTransport.h" +#include "nsIOutputStream.h" +#include "nsINetAddr.h" +#include "nsITimer.h" +#include "nsContentUtils.h" +#include "mozilla/gtest/MozAssertions.h" +#include "mozilla/net/DNS.h" +#include "prerror.h" +#include "nsComponentManagerUtils.h" + +#define REQUEST 0x68656c6f +#define RESPONSE 0x6f6c6568 +#define MULTICAST_TIMEOUT 2000 + +enum TestPhase { TEST_OUTPUT_STREAM, TEST_SEND_API, TEST_MULTICAST, TEST_NONE }; + +static TestPhase phase = TEST_NONE; + +static bool CheckMessageContent(nsIUDPMessage* aMessage, + uint32_t aExpectedContent) { + nsCString data; + aMessage->GetData(data); + + const char* buffer = data.get(); + uint32_t len = data.Length(); + + FallibleTArray& rawData = aMessage->GetDataAsTArray(); + uint32_t rawLen = rawData.Length(); + + if (len != rawLen) { + ADD_FAILURE() << "Raw data length " << rawLen + << " does not match String data length " << len; + return false; + } + + for (uint32_t i = 0; i < len; i++) { + if (buffer[i] != rawData[i]) { + ADD_FAILURE(); + return false; + } + } + + uint32_t input = 0; + for (uint32_t i = 0; i < len; i++) { + input += buffer[i] << (8 * i); + } + + if (len != sizeof(uint32_t)) { + ADD_FAILURE() << "Message length mismatch, expected " << sizeof(uint32_t) + << " got " << len; + return false; + } + if (input != aExpectedContent) { + ADD_FAILURE() << "Message content mismatch, expected 0x" << std::hex + << aExpectedContent << " got 0x" << input; + return false; + } + + return true; +} + +/* + * UDPClientListener: listens for incomming UDP packets + */ +class UDPClientListener : public nsIUDPSocketListener { + protected: + virtual ~UDPClientListener(); + + public: + explicit UDPClientListener(WaitForCondition* waiter) : mWaiter(waiter) {} + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIUDPSOCKETLISTENER + nsresult mResult = NS_ERROR_FAILURE; + RefPtr mWaiter; +}; + +NS_IMPL_ISUPPORTS(UDPClientListener, nsIUDPSocketListener) + +UDPClientListener::~UDPClientListener() = default; + +NS_IMETHODIMP +UDPClientListener::OnPacketReceived(nsIUDPSocket* socket, + nsIUDPMessage* message) { + mResult = NS_OK; + + uint16_t port; + nsCString ip; + nsCOMPtr fromAddr; + message->GetFromAddr(getter_AddRefs(fromAddr)); + fromAddr->GetPort(&port); + fromAddr->GetAddress(ip); + + if (TEST_SEND_API == phase && CheckMessageContent(message, REQUEST)) { + uint32_t count; + nsTArray data; + const uint32_t dataBuffer = RESPONSE; + data.AppendElements((const uint8_t*)&dataBuffer, sizeof(uint32_t)); + mResult = socket->SendWithAddr(fromAddr, data, &count); + if (mResult == NS_OK && count == sizeof(uint32_t)) { + SUCCEED(); + } else { + ADD_FAILURE(); + } + return NS_OK; + } + if (TEST_OUTPUT_STREAM != phase || !CheckMessageContent(message, RESPONSE)) { + mResult = NS_ERROR_FAILURE; + } + + // Notify thread + mWaiter->Notify(); + return NS_OK; +} + +NS_IMETHODIMP +UDPClientListener::OnStopListening(nsIUDPSocket*, nsresult) { + mWaiter->Notify(); + return NS_OK; +} + +/* + * UDPServerListener: listens for incomming UDP packets + */ +class UDPServerListener : public nsIUDPSocketListener { + protected: + virtual ~UDPServerListener(); + + public: + explicit UDPServerListener(WaitForCondition* waiter) : mWaiter(waiter) {} + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIUDPSOCKETLISTENER + + nsresult mResult = NS_ERROR_FAILURE; + RefPtr mWaiter; +}; + +NS_IMPL_ISUPPORTS(UDPServerListener, nsIUDPSocketListener) + +UDPServerListener::~UDPServerListener() = default; + +NS_IMETHODIMP +UDPServerListener::OnPacketReceived(nsIUDPSocket* socket, + nsIUDPMessage* message) { + mResult = NS_OK; + + uint16_t port; + nsCString ip; + nsCOMPtr fromAddr; + message->GetFromAddr(getter_AddRefs(fromAddr)); + fromAddr->GetPort(&port); + fromAddr->GetAddress(ip); + SUCCEED(); + + if (TEST_OUTPUT_STREAM == phase && CheckMessageContent(message, REQUEST)) { + nsCOMPtr outstream; + message->GetOutputStream(getter_AddRefs(outstream)); + + uint32_t count; + const uint32_t data = RESPONSE; + mResult = outstream->Write((const char*)&data, sizeof(uint32_t), &count); + + if (mResult == NS_OK && count == sizeof(uint32_t)) { + SUCCEED(); + } else { + ADD_FAILURE(); + } + return NS_OK; + } + if (TEST_MULTICAST == phase && CheckMessageContent(message, REQUEST)) { + mResult = NS_OK; + } else if (TEST_SEND_API != phase || + !CheckMessageContent(message, RESPONSE)) { + mResult = NS_ERROR_FAILURE; + } + + // Notify thread + mWaiter->Notify(); + return NS_OK; +} + +NS_IMETHODIMP +UDPServerListener::OnStopListening(nsIUDPSocket*, nsresult) { + mWaiter->Notify(); + return NS_OK; +} + +/** + * Multicast timer callback: detects delivery failure + */ +class MulticastTimerCallback : public nsITimerCallback, public nsINamed { + protected: + virtual ~MulticastTimerCallback(); + + public: + explicit MulticastTimerCallback(WaitForCondition* waiter) + : mResult(NS_ERROR_NOT_INITIALIZED), mWaiter(waiter) {} + + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSITIMERCALLBACK + NS_DECL_NSINAMED + + nsresult mResult; + RefPtr mWaiter; +}; + +NS_IMPL_ISUPPORTS(MulticastTimerCallback, nsITimerCallback, nsINamed) + +MulticastTimerCallback::~MulticastTimerCallback() = default; + +NS_IMETHODIMP +MulticastTimerCallback::Notify(nsITimer* timer) { + if (TEST_MULTICAST != phase) { + return NS_OK; + } + // Multicast ping failed + printf("Multicast ping timeout expired\n"); + mResult = NS_ERROR_FAILURE; + mWaiter->Notify(); + return NS_OK; +} + +NS_IMETHODIMP +MulticastTimerCallback::GetName(nsACString& aName) { + aName.AssignLiteral("MulticastTimerCallback"); + return NS_OK; +} + +/**** Main ****/ + +TEST(TestUDPSocket, TestUDPSocketMain) +{ + nsresult rv; + + // Create UDPSocket + nsCOMPtr server, client; + server = do_CreateInstance("@mozilla.org/network/udp-socket;1", &rv); + ASSERT_NS_SUCCEEDED(rv); + + client = do_CreateInstance("@mozilla.org/network/udp-socket;1", &rv); + ASSERT_NS_SUCCEEDED(rv); + + RefPtr waiter = new WaitForCondition(); + + // Create UDPServerListener to process UDP packets + RefPtr serverListener = new UDPServerListener(waiter); + + nsCOMPtr systemPrincipal = nsContentUtils::GetSystemPrincipal(); + + // Bind server socket to 0.0.0.0 + rv = server->Init(0, false, systemPrincipal, true, 0); + ASSERT_NS_SUCCEEDED(rv); + int32_t serverPort; + server->GetPort(&serverPort); + server->AsyncListen(serverListener); + + // Bind clinet on arbitrary port + RefPtr clientListener = new UDPClientListener(waiter); + client->Init(0, false, systemPrincipal, true, 0); + client->AsyncListen(clientListener); + + // Write data to server + uint32_t count; + nsTArray data; + const uint32_t dataBuffer = REQUEST; + data.AppendElements((const uint8_t*)&dataBuffer, sizeof(uint32_t)); + + phase = TEST_OUTPUT_STREAM; + rv = client->Send("127.0.0.1"_ns, serverPort, data, &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server + waiter->Wait(1); + ASSERT_NS_SUCCEEDED(serverListener->mResult); + + // Read response from server + ASSERT_NS_SUCCEEDED(clientListener->mResult); + + mozilla::net::NetAddr clientAddr; + rv = client->GetAddress(&clientAddr); + ASSERT_NS_SUCCEEDED(rv); + // The client address is 0.0.0.0, but Windows won't receive packets there, so + // use 127.0.0.1 explicitly + clientAddr.inet.ip = PR_htonl(127 << 24 | 1); + + phase = TEST_SEND_API; + rv = server->SendWithAddress(&clientAddr, data.Elements(), data.Length(), + &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server + waiter->Wait(1); + ASSERT_NS_SUCCEEDED(serverListener->mResult); + + // Read response from server + ASSERT_NS_SUCCEEDED(clientListener->mResult); + + // Setup timer to detect multicast failure + nsCOMPtr timer = NS_NewTimer(); + ASSERT_TRUE(timer); + RefPtr timerCb = new MulticastTimerCallback(waiter); + + // Join multicast group + printf("Joining multicast group\n"); + phase = TEST_MULTICAST; + mozilla::net::NetAddr multicastAddr; + multicastAddr.inet.family = AF_INET; + multicastAddr.inet.ip = PR_htonl(224 << 24 | 255); + multicastAddr.inet.port = PR_htons(serverPort); + rv = server->JoinMulticastAddr(multicastAddr, nullptr); + ASSERT_NS_SUCCEEDED(rv); + + // Send multicast ping + timerCb->mResult = NS_OK; + timer->InitWithCallback(timerCb, MULTICAST_TIMEOUT, nsITimer::TYPE_ONE_SHOT); + rv = client->SendWithAddress(&multicastAddr, data.Elements(), data.Length(), + &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server to receive successfully + waiter->Wait(1); + ASSERT_NS_SUCCEEDED(serverListener->mResult); + ASSERT_NS_SUCCEEDED(timerCb->mResult); + timer->Cancel(); + + // Disable multicast loopback + printf("Disable multicast loopback\n"); + client->SetMulticastLoopback(false); + server->SetMulticastLoopback(false); + + // Send multicast ping + timerCb->mResult = NS_OK; + timer->InitWithCallback(timerCb, MULTICAST_TIMEOUT, nsITimer::TYPE_ONE_SHOT); + rv = client->SendWithAddress(&multicastAddr, data.Elements(), data.Length(), + &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server to fail to receive + waiter->Wait(1); + ASSERT_FALSE(NS_SUCCEEDED(timerCb->mResult)); + timer->Cancel(); + + // Reset state + client->SetMulticastLoopback(true); + server->SetMulticastLoopback(true); + + // Change multicast interface + mozilla::net::NetAddr loopbackAddr; + loopbackAddr.inet.family = AF_INET; + loopbackAddr.inet.ip = PR_htonl(INADDR_LOOPBACK); + client->SetMulticastInterfaceAddr(loopbackAddr); + + // Send multicast ping + timerCb->mResult = NS_OK; + timer->InitWithCallback(timerCb, MULTICAST_TIMEOUT, nsITimer::TYPE_ONE_SHOT); + rv = client->SendWithAddress(&multicastAddr, data.Elements(), data.Length(), + &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server to fail to receive + waiter->Wait(1); + ASSERT_FALSE(NS_SUCCEEDED(timerCb->mResult)); + timer->Cancel(); + + // Reset state + mozilla::net::NetAddr anyAddr; + anyAddr.inet.family = AF_INET; + anyAddr.inet.ip = PR_htonl(INADDR_ANY); + client->SetMulticastInterfaceAddr(anyAddr); + + // Leave multicast group + rv = server->LeaveMulticastAddr(multicastAddr, nullptr); + ASSERT_NS_SUCCEEDED(rv); + + // Send multicast ping + timerCb->mResult = NS_OK; + timer->InitWithCallback(timerCb, MULTICAST_TIMEOUT, nsITimer::TYPE_ONE_SHOT); + rv = client->SendWithAddress(&multicastAddr, data.Elements(), data.Length(), + &count); + ASSERT_NS_SUCCEEDED(rv); + EXPECT_EQ(count, sizeof(uint32_t)); + + // Wait for server to fail to receive + waiter->Wait(1); + ASSERT_FALSE(NS_SUCCEEDED(timerCb->mResult)); + timer->Cancel(); + + goto close; // suppress warning about unused label + +close: + // Close server + server->Close(); + client->Close(); + + // Wait for client and server to see closing + waiter->Wait(2); +} diff --git a/netwerk/test/gtest/TestURIMutator.cpp b/netwerk/test/gtest/TestURIMutator.cpp new file mode 100644 index 0000000000..255ed640eb --- /dev/null +++ b/netwerk/test/gtest/TestURIMutator.cpp @@ -0,0 +1,163 @@ +#include "gtest/gtest.h" +#include "nsCOMPtr.h" +#include "nsNetCID.h" +#include "nsIURIMutator.h" +#include "nsIURL.h" +#include "nsThreadPool.h" +#include "nsNetUtil.h" + +TEST(TestURIMutator, Mutator) +{ + nsAutoCString out; + + // This test instantiates a new nsStandardURL::Mutator (via contractID) + // and uses it to create a new URI. + nsCOMPtr uri; + nsresult rv = NS_MutateURI(NS_STANDARDURLMUTATOR_CONTRACTID) + .SetSpec("http://example.com"_ns) + .Finalize(uri); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "http://example.com/"_ns); + + // This test verifies that we can use NS_MutateURI to change a URI + rv = NS_MutateURI(uri) + .SetScheme("ftp"_ns) + .SetHost("mozilla.org"_ns) + .SetPathQueryRef("/path?query#ref"_ns) + .Finalize(uri); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "ftp://mozilla.org/path?query#ref"_ns); + + // This test verifies that we can pass nsIURL to Finalize, and + nsCOMPtr url; + rv = NS_MutateURI(uri).SetScheme("https"_ns).Finalize(url); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(url->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?query#ref"_ns); + + // This test verifies that we can pass nsIURL** to Finalize. + // We need to use the explicit template because it's actually passing + // getter_AddRefs + nsCOMPtr url2; + rv = NS_MutateURI(url) + .SetRef("newref"_ns) + .Finalize(getter_AddRefs(url2)); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(url2->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?query#newref"_ns); + + // This test verifies that we can pass nsIURI** to Finalize. + // No need to be explicit. + auto functionSetRef = [](nsIURI* aURI, nsIURI** aResult) -> nsresult { + return NS_MutateURI(aURI).SetRef("originalRef"_ns).Finalize(aResult); + }; + + nsCOMPtr newURI; + rv = functionSetRef(url2, getter_AddRefs(newURI)); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(newURI->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?query#originalRef"_ns); + + // This test verifies that we can pass nsIURI** to Finalize. + nsCOMPtr uri2; + rv = + NS_MutateURI(url2).SetQuery("newquery"_ns).Finalize(getter_AddRefs(uri2)); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(uri2->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?newquery#newref"_ns); + + // This test verifies that we can pass nsIURI** to Finalize. + // No need to be explicit. + auto functionSetQuery = [](nsIURI* aURI, nsIURL** aResult) -> nsresult { + return NS_MutateURI(aURI).SetQuery("originalQuery"_ns).Finalize(aResult); + }; + + nsCOMPtr newURL; + rv = functionSetQuery(uri2, getter_AddRefs(newURL)); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(newURL->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path?originalQuery#newref"_ns); + + // Check that calling Finalize twice will fail. + NS_MutateURI mutator(newURL); + rv = mutator.SetQuery(""_ns).Finalize(uri2); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(uri2->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "https://mozilla.org/path#newref"_ns); + nsCOMPtr uri3; + rv = mutator.Finalize(uri3); + ASSERT_EQ(rv, NS_ERROR_NOT_AVAILABLE); + ASSERT_TRUE(uri3 == nullptr); + + // Make sure changing scheme updates the default port + rv = NS_NewURI(getter_AddRefs(uri), + "https://example.org:80/path?query#ref"_ns); + ASSERT_EQ(rv, NS_OK); + rv = NS_MutateURI(uri).SetScheme("http"_ns).Finalize(uri); + ASSERT_EQ(rv, NS_OK); + rv = uri->GetSpec(out); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(out, "http://example.org/path?query#ref"_ns); + int32_t port; + rv = uri->GetPort(&port); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(port, -1); + rv = uri->GetFilePath(out); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(out, "/path"_ns); + rv = uri->GetQuery(out); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(out, "query"_ns); + rv = uri->GetRef(out); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(out, "ref"_ns); + + // Make sure changing scheme does not change non-default port + rv = NS_NewURI(getter_AddRefs(uri), "https://example.org:123"_ns); + ASSERT_EQ(rv, NS_OK); + rv = NS_MutateURI(uri).SetScheme("http"_ns).Finalize(uri); + ASSERT_EQ(rv, NS_OK); + rv = uri->GetSpec(out); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(out, "http://example.org:123/"_ns); + rv = uri->GetPort(&port); + ASSERT_EQ(rv, NS_OK); + ASSERT_EQ(port, 123); +} + +extern MOZ_THREAD_LOCAL(uint32_t) gTlsURLRecursionCount; + +TEST(TestURIMutator, OnAnyThread) +{ + nsCOMPtr pool = new nsThreadPool(); + pool->SetThreadLimit(60); + + pool = new nsThreadPool(); + for (int i = 0; i < 1000; ++i) { + nsCOMPtr task = + NS_NewRunnableFunction("gtest-OnAnyThread", []() { + nsCOMPtr uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), "http://example.com"_ns); + ASSERT_EQ(rv, NS_OK); + nsAutoCString out; + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "http://example.com/"_ns); + }); + EXPECT_TRUE(task); + + pool->Dispatch(task, NS_DISPATCH_NORMAL); + } + + nsCOMPtr uri; + nsresult rv = NS_NewURI(getter_AddRefs(uri), "http://example.com"_ns); + ASSERT_EQ(rv, NS_OK); + nsAutoCString out; + ASSERT_EQ(uri->GetSpec(out), NS_OK); + ASSERT_TRUE(out == "http://example.com/"_ns); + + pool->Shutdown(); + + ASSERT_EQ(gTlsURLRecursionCount.get(), 0u); +} diff --git a/netwerk/test/gtest/moz.build b/netwerk/test/gtest/moz.build new file mode 100644 index 0000000000..b6d82b41db --- /dev/null +++ b/netwerk/test/gtest/moz.build @@ -0,0 +1,80 @@ +# -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +UNIFIED_SOURCES += [ + "TestBase64Stream.cpp", + "TestBind.cpp", + "TestBufferedInputStream.cpp", + "TestCommon.cpp", + "TestCookie.cpp", + "TestDNSPacket.cpp", + "TestHeaders.cpp", + "TestHttpAtom.cpp", + "TestHttpAuthUtils.cpp", + "TestHttpChannel.cpp", + "TestHttpResponseHead.cpp", + "TestInputStreamTransport.cpp", + "TestIsValidIp.cpp", + "TestLinkHeader.cpp", + "TestMIMEInputStream.cpp", + "TestMozURL.cpp", + "TestProtocolProxyService.cpp", + "TestReadStreamToString.cpp", + "TestServerTimingHeader.cpp", + "TestSocketTransportService.cpp", + "TestSSLTokensCache.cpp", + "TestStandardURL.cpp", + "TestUDPSocket.cpp", +] + +if CONFIG["OS_TARGET"] == "WINNT": + UNIFIED_SOURCES += [ + "TestNamedPipeService.cpp", + ] + +# skip the test on windows10-aarch64 +if not (CONFIG["OS_TARGET"] == "WINNT" and CONFIG["TARGET_CPU"] == "aarch64"): + UNIFIED_SOURCES += [ + "TestPACMan.cpp", + "TestURIMutator.cpp", + ] + +# run the test on windows only +if CONFIG["OS_TARGET"] == "WINNT": + UNIFIED_SOURCES += ["TestNetworkLinkIdHashingWindows.cpp"] + +# run the test on mac only +if CONFIG["OS_TARGET"] == "Darwin": + UNIFIED_SOURCES += ["TestNetworkLinkIdHashingDarwin.cpp"] + +TEST_HARNESS_FILES.gtest += [ + "urltestdata.json", +] + +USE_LIBS += [ + "jsoncpp", +] + +LOCAL_INCLUDES += [ + "/netwerk/base", + "/netwerk/cookie", + "/toolkit/components/jsoncpp/include", + "/xpcom/tests/gtest", +] + +# windows includes only +if CONFIG["OS_TARGET"] == "WINNT": + LOCAL_INCLUDES += ["/netwerk/system/win32"] + +# mac includes only +if CONFIG["OS_TARGET"] == "Darwin": + LOCAL_INCLUDES += ["/netwerk/system/mac"] + +include("/ipc/chromium/chromium-config.mozbuild") + +FINAL_LIBRARY = "xul-gtest" + +LOCAL_INCLUDES += ["!/xpcom", "/xpcom/components"] diff --git a/netwerk/test/gtest/urltestdata-orig.json b/netwerk/test/gtest/urltestdata-orig.json new file mode 100644 index 0000000000..5565c938fd --- /dev/null +++ b/netwerk/test/gtest/urltestdata-orig.json @@ -0,0 +1,6148 @@ +[ + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/script-tests/segments.js", + { + "input": "http://example\t.\norg", + "base": "http://example.org/foo/bar", + "href": "http://example.org/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://user:pass@foo:21/bar;par?b#c", + "base": "http://example.org/foo/bar", + "href": "http://user:pass@foo:21/bar;par?b#c", + "origin": "http://foo:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "foo:21", + "hostname": "foo", + "port": "21", + "pathname": "/bar;par", + "search": "?b", + "hash": "#c" + }, + { + "input": "https://test:@test", + "base": "about:blank", + "href": "https://test@test/", + "origin": "https://test", + "protocol": "https:", + "username": "test", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://:@test", + "base": "about:blank", + "href": "https://test/", + "origin": "https://test", + "protocol": "https:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://test:@test/x", + "base": "about:blank", + "href": "non-special://test@test/x", + "origin": "null", + "protocol": "non-special:", + "username": "test", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + { + "input": "non-special://:@test/x", + "base": "about:blank", + "href": "non-special://test/x", + "origin": "null", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + { + "input": "http:foo.com", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/foo.com", + "search": "", + "hash": "" + }, + { + "input": "\t :foo.com \n", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com", + "search": "", + "hash": "" + }, + { + "input": " foo.com ", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/foo.com", + "search": "", + "hash": "" + }, + { + "input": "a:\t foo.com", + "base": "http://example.org/foo/bar", + "href": "a: foo.com", + "origin": "null", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": " foo.com", + "search": "", + "hash": "" + }, + { + "input": "http://f:21/ b ? d # e ", + "base": "http://example.org/foo/bar", + "href": "http://f:21/%20b%20?%20d%20# e", + "origin": "http://f:21", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:21", + "hostname": "f", + "port": "21", + "pathname": "/%20b%20", + "search": "?%20d%20", + "hash": "# e" + }, + { + "input": "lolscheme:x x#x x", + "base": "about:blank", + "href": "lolscheme:x x#x x", + "protocol": "lolscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "x x", + "search": "", + "hash": "#x x" + }, + { + "input": "http://f:/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:0/c", + "base": "http://example.org/foo/bar", + "href": "http://f:0/c", + "origin": "http://f:0", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:0", + "hostname": "f", + "port": "0", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:00000000000000/c", + "base": "http://example.org/foo/bar", + "href": "http://f:0/c", + "origin": "http://f:0", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:0", + "hostname": "f", + "port": "0", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:00000000000000000000080/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:b/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f: /c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f:\n/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:fifty-two/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f:999999/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "non-special://f:999999/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f: 21 / b ? d # e ", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": " \t", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": ":foo.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com/", + "search": "", + "hash": "" + }, + { + "input": ":foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com/", + "search": "", + "hash": "" + }, + { + "input": ":", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:", + "search": "", + "hash": "" + }, + { + "input": ":a", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:a", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:a", + "search": "", + "hash": "" + }, + { + "input": ":/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:/", + "search": "", + "hash": "" + }, + { + "input": ":\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:/", + "search": "", + "hash": "" + }, + { + "input": ":#", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:#", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:", + "search": "", + "hash": "" + }, + { + "input": "#", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "#/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#/" + }, + { + "input": "#\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#\\", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#\\" + }, + { + "input": "#;?", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#;?", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#;?" + }, + { + "input": "?", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar?", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": ":23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:23", + "search": "", + "hash": "" + }, + { + "input": "/:23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/:23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/:23", + "search": "", + "hash": "" + }, + { + "input": "::", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/::", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/::", + "search": "", + "hash": "" + }, + { + "input": "::23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/::23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/::23", + "search": "", + "hash": "" + }, + { + "input": "foo://", + "base": "http://example.org/foo/bar", + "href": "foo:///", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://a:b@c:29/d", + "base": "http://example.org/foo/bar", + "href": "http://a:b@c:29/d", + "origin": "http://c:29", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "c:29", + "hostname": "c", + "port": "29", + "pathname": "/d", + "search": "", + "hash": "" + }, + { + "input": "http::@c:29", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:@c:29", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:@c:29", + "search": "", + "hash": "" + }, + { + "input": "http://&a:foo(b]c@d:2/", + "base": "http://example.org/foo/bar", + "href": "http://&a:foo(b%5Dc@d:2/", + "origin": "http://d:2", + "protocol": "http:", + "username": "&a", + "password": "foo(b%5Dc", + "host": "d:2", + "hostname": "d", + "port": "2", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://::@c@d:2", + "base": "http://example.org/foo/bar", + "href": "http://:%3A%40c@d:2/", + "origin": "http://d:2", + "protocol": "http:", + "username": "", + "password": "%3A%40c", + "host": "d:2", + "hostname": "d", + "port": "2", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo.com:b@d/", + "base": "http://example.org/foo/bar", + "href": "http://foo.com:b@d/", + "origin": "http://d", + "protocol": "http:", + "username": "foo.com", + "password": "b", + "host": "d", + "hostname": "d", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo.com/\\@", + "base": "http://example.org/foo/bar", + "href": "http://foo.com//@", + "origin": "http://foo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.com", + "hostname": "foo.com", + "port": "", + "pathname": "//@", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://foo.com/", + "origin": "http://foo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.com", + "hostname": "foo.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\a\\b:c\\d@foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://a/b:c/d@foo.com/", + "origin": "http://a", + "protocol": "http:", + "username": "", + "password": "", + "host": "a", + "hostname": "a", + "port": "", + "pathname": "/b:c/d@foo.com/", + "search": "", + "hash": "" + }, + { + "input": "foo:/", + "base": "http://example.org/foo/bar", + "href": "foo:/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "foo:/bar.com/", + "base": "http://example.org/foo/bar", + "href": "foo:/bar.com/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/bar.com/", + "search": "", + "hash": "" + }, + { + "input": "foo://///////", + "base": "http://example.org/foo/bar", + "href": "foo://///////", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///////", + "search": "", + "hash": "" + }, + { + "input": "foo://///////bar.com/", + "base": "http://example.org/foo/bar", + "href": "foo://///////bar.com/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///////bar.com/", + "search": "", + "hash": "" + }, + { + "input": "foo:////://///", + "base": "http://example.org/foo/bar", + "href": "foo:////://///", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//://///", + "search": "", + "hash": "" + }, + { + "input": "c:/foo", + "base": "http://example.org/foo/bar", + "href": "c:/foo", + "origin": "null", + "protocol": "c:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "//foo/bar", + "base": "http://example.org/foo/bar", + "href": "http://foo/bar", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/bar", + "search": "", + "hash": "" + }, + { + "input": "http://foo/path;a??e#f#g", + "base": "http://example.org/foo/bar", + "href": "http://foo/path;a??e#f#g", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/path;a", + "search": "??e", + "hash": "#f#g" + }, + { + "input": "http://foo/abcd?efgh?ijkl", + "base": "http://example.org/foo/bar", + "href": "http://foo/abcd?efgh?ijkl", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/abcd", + "search": "?efgh?ijkl", + "hash": "" + }, + { + "input": "http://foo/abcd#foo?bar", + "base": "http://example.org/foo/bar", + "href": "http://foo/abcd#foo?bar", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/abcd", + "search": "", + "hash": "#foo?bar" + }, + { + "input": "[61:24:74]:98", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/[61:24:74]:98", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/[61:24:74]:98", + "search": "", + "hash": "" + }, + { + "input": "http:[61:27]/:foo", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/[61:27]/:foo", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/[61:27]/:foo", + "search": "", + "hash": "" + }, + { + "input": "http://[1::2]:3:4", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1]", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1]:80", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://[2001::1]", + "base": "http://example.org/foo/bar", + "href": "http://[2001::1]/", + "origin": "http://[2001::1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[2001::1]", + "hostname": "[2001::1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[::127.0.0.1]", + "base": "http://example.org/foo/bar", + "href": "http://[::7f00:1]/", + "origin": "http://[::7f00:1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[::7f00:1]", + "hostname": "[::7f00:1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[0:0:0:0:0:0:13.1.68.3]", + "base": "http://example.org/foo/bar", + "href": "http://[::d01:4403]/", + "origin": "http://[::d01:4403]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[::d01:4403]", + "hostname": "[::d01:4403]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[2001::1]:80", + "base": "http://example.org/foo/bar", + "href": "http://[2001::1]/", + "origin": "http://[2001::1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[2001::1]", + "hostname": "[2001::1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/example.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/example.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftp:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:/example.com/", + "base": "http://example.org/foo/bar", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:/example.com/", + "base": "http://example.org/foo/bar", + "href": "madeupscheme:/example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file:/example.com/", + "base": "http://example.org/foo/bar", + "href": "file:///example.com/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file://example:1/", + "base": "about:blank", + "failure": true + }, + { + "input": "file://example:test/", + "base": "about:blank", + "failure": true + }, + { + "input": "file://example%/", + "base": "about:blank", + "failure": true + }, + { + "input": "file://[example]/", + "base": "about:blank", + "failure": true + }, + { + "input": "ftps:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ftps:/example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:/example.com/", + "base": "http://example.org/foo/bar", + "href": "gopher://example.com/", + "origin": "gopher://example.com", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:/example.com/", + "base": "http://example.org/foo/bar", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:/example.com/", + "base": "http://example.org/foo/bar", + "href": "data:/example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/example.com/", + "base": "http://example.org/foo/bar", + "href": "javascript:/example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/example.com/", + "base": "http://example.org/foo/bar", + "href": "mailto:/example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "http:example.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/example.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftp:example.com/", + "base": "http://example.org/foo/bar", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:example.com/", + "base": "http://example.org/foo/bar", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:example.com/", + "base": "http://example.org/foo/bar", + "href": "madeupscheme:example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:example.com/", + "base": "http://example.org/foo/bar", + "href": "ftps:example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:example.com/", + "base": "http://example.org/foo/bar", + "href": "gopher://example.com/", + "origin": "gopher://example.com", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws:example.com/", + "base": "http://example.org/foo/bar", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:example.com/", + "base": "http://example.org/foo/bar", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:example.com/", + "base": "http://example.org/foo/bar", + "href": "data:example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:example.com/", + "base": "http://example.org/foo/bar", + "href": "javascript:example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:example.com/", + "base": "http://example.org/foo/bar", + "href": "mailto:example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "/a/b/c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/b/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/b/c", + "search": "", + "hash": "" + }, + { + "input": "/a/ /c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/%20/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/%20/c", + "search": "", + "hash": "" + }, + { + "input": "/a%2fc", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a%2fc", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a%2fc", + "search": "", + "hash": "" + }, + { + "input": "/a/%2f/c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/%2f/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/%2f/c", + "search": "", + "hash": "" + }, + { + "input": "#β", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#%CE%B2", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#%CE%B2" + }, + { + "input": "data:text/html,test#test", + "base": "http://example.org/foo/bar", + "href": "data:text/html,test#test", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "text/html,test", + "search": "", + "hash": "#test" + }, + { + "input": "tel:1234567890", + "base": "http://example.org/foo/bar", + "href": "tel:1234567890", + "origin": "null", + "protocol": "tel:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "1234567890", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/file.html", + { + "input": "file:c:\\foo\\bar.html", + "base": "file:///tmp/mock/path", + "href": "file:///c:/foo/bar.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar.html", + "search": "", + "hash": "" + }, + { + "input": " File:c|////foo\\bar.html", + "base": "file:///tmp/mock/path", + "href": "file:///c:////foo/bar.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:////foo/bar.html", + "search": "", + "hash": "" + }, + { + "input": "C|/foo/bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/C|\\foo\\bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "//C|/foo/bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "//server/file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "\\\\server\\file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "/\\server/file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "file:///foo/bar.txt", + "base": "file:///tmp/mock/path", + "href": "file:///foo/bar.txt", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/foo/bar.txt", + "search": "", + "hash": "" + }, + { + "input": "file:///home/me", + "base": "file:///tmp/mock/path", + "href": "file:///home/me", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/home/me", + "search": "", + "hash": "" + }, + { + "input": "//", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "///", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "///test", + "base": "file:///tmp/mock/path", + "href": "file:///test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "file://test", + "base": "file:///tmp/mock/path", + "href": "file://test/", + "protocol": "file:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost/", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost/test", + "base": "file:///tmp/mock/path", + "href": "file:///test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "test", + "base": "file:///tmp/mock/path", + "href": "file:///tmp/mock/test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/tmp/mock/test", + "search": "", + "hash": "" + }, + { + "input": "file:test", + "base": "file:///tmp/mock/path", + "href": "file:///tmp/mock/test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/tmp/mock/test", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/script-tests/path.js", + { + "input": "http://example.com/././foo", + "base": "about:blank", + "href": "http://example.com/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/./.foo", + "base": "about:blank", + "href": "http://example.com/.foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/.foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/.", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/./", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/..", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/..bar", + "base": "about:blank", + "href": "http://example.com/foo/..bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/..bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../ton", + "base": "about:blank", + "href": "http://example.com/foo/ton", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/ton", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../ton/../../a", + "base": "about:blank", + "href": "http://example.com/a", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/a", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/../../..", + "base": "about:blank", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/../../../ton", + "base": "about:blank", + "href": "http://example.com/ton", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/ton", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e%2", + "base": "about:blank", + "href": "http://example.com/foo/%2e%2", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/%2e%2", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e./%2e%2e/.%2e/%2e.bar", + "base": "about:blank", + "href": "http://example.com/%2e.bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%2e.bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com////../..", + "base": "about:blank", + "href": "http://example.com//", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar//../..", + "base": "about:blank", + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar//..", + "base": "about:blank", + "href": "http://example.com/foo/bar/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/bar/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo", + "base": "about:blank", + "href": "http://example.com/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%20foo", + "base": "about:blank", + "href": "http://example.com/%20foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%20foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%", + "base": "about:blank", + "href": "http://example.com/foo%", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2", + "base": "about:blank", + "href": "http://example.com/foo%2", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2zbar", + "base": "about:blank", + "href": "http://example.com/foo%2zbar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2zbar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2©zbar", + "base": "about:blank", + "href": "http://example.com/foo%2%C3%82%C2%A9zbar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2%C3%82%C2%A9zbar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%41%7a", + "base": "about:blank", + "href": "http://example.com/foo%41%7a", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%41%7a", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo\t\u0091%91", + "base": "about:blank", + "href": "http://example.com/foo%C2%91%91", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%C2%91%91", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%00%51", + "base": "about:blank", + "href": "http://example.com/foo%00%51", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%00%51", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/(%28:%3A%29)", + "base": "about:blank", + "href": "http://example.com/(%28:%3A%29)", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/(%28:%3A%29)", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%3A%3a%3C%3c", + "base": "about:blank", + "href": "http://example.com/%3A%3a%3C%3c", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%3A%3a%3C%3c", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo\tbar", + "base": "about:blank", + "href": "http://example.com/foobar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foobar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com\\\\foo\\\\bar", + "base": "about:blank", + "href": "http://example.com//foo//bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "//foo//bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%7Ffp3%3Eju%3Dduvgw%3Dd", + "base": "about:blank", + "href": "http://example.com/%7Ffp3%3Eju%3Dduvgw%3Dd", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%7Ffp3%3Eju%3Dduvgw%3Dd", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/@asdf%40", + "base": "about:blank", + "href": "http://example.com/@asdf%40", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/@asdf%40", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/你好你好", + "base": "about:blank", + "href": "http://example.com/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/‥/foo", + "base": "about:blank", + "href": "http://example.com/%E2%80%A5/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E2%80%A5/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com//foo", + "base": "about:blank", + "href": "http://example.com/%EF%BB%BF/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%EF%BB%BF/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/‮/foo/‭/bar", + "base": "about:blank", + "href": "http://example.com/%E2%80%AE/foo/%E2%80%AD/bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E2%80%AE/foo/%E2%80%AD/bar", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/script-tests/relative.js", + { + "input": "http://www.google.com/foo?bar=baz#", + "base": "about:blank", + "href": "http://www.google.com/foo?bar=baz#", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "?bar=baz", + "hash": "" + }, + { + "input": "http://www.google.com/foo?bar=baz# »", + "base": "about:blank", + "href": "http://www.google.com/foo?bar=baz# %C2%BB", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "?bar=baz", + "hash": "# %C2%BB" + }, + { + "input": "data:test# »", + "base": "about:blank", + "href": "data:test# %C2%BB", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "", + "hash": "# %C2%BB" + }, + { + "input": "http://www.google.com", + "base": "about:blank", + "href": "http://www.google.com/", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.0x00A80001", + "base": "about:blank", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://www/foo%2Ehtml", + "base": "about:blank", + "href": "http://www/foo%2Ehtml", + "origin": "http://www", + "protocol": "http:", + "username": "", + "password": "", + "host": "www", + "hostname": "www", + "port": "", + "pathname": "/foo%2Ehtml", + "search": "", + "hash": "" + }, + { + "input": "http://www/foo/%2E/html", + "base": "about:blank", + "href": "http://www/foo/html", + "origin": "http://www", + "protocol": "http:", + "username": "", + "password": "", + "host": "www", + "hostname": "www", + "port": "", + "pathname": "/foo/html", + "search": "", + "hash": "" + }, + { + "input": "http://user:pass@/", + "base": "about:blank", + "failure": true + }, + { + "input": "http://%25DOMAIN:foobar@foodomain.com/", + "base": "about:blank", + "href": "http://%25DOMAIN:foobar@foodomain.com/", + "origin": "http://foodomain.com", + "protocol": "http:", + "username": "%25DOMAIN", + "password": "foobar", + "host": "foodomain.com", + "hostname": "foodomain.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\www.google.com\\foo", + "base": "about:blank", + "href": "http://www.google.com/foo", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://foo:80/", + "base": "about:blank", + "href": "http://foo/", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo:81/", + "base": "about:blank", + "href": "http://foo:81/", + "origin": "http://foo:81", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "httpa://foo:80/", + "base": "about:blank", + "href": "httpa://foo:80/", + "origin": "null", + "protocol": "httpa:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo:-80/", + "base": "about:blank", + "failure": true + }, + { + "input": "https://foo:443/", + "base": "about:blank", + "href": "https://foo/", + "origin": "https://foo", + "protocol": "https:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://foo:80/", + "base": "about:blank", + "href": "https://foo:80/", + "origin": "https://foo:80", + "protocol": "https:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp://foo:21/", + "base": "about:blank", + "href": "ftp://foo/", + "origin": "ftp://foo", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp://foo:80/", + "base": "about:blank", + "href": "ftp://foo:80/", + "origin": "ftp://foo:80", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "gopher://foo:70/", + "base": "about:blank", + "href": "gopher://foo/", + "origin": "gopher://foo", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "gopher://foo:443/", + "base": "about:blank", + "href": "gopher://foo:443/", + "origin": "gopher://foo:443", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "foo:443", + "hostname": "foo", + "port": "443", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:80/", + "base": "about:blank", + "href": "ws://foo/", + "origin": "ws://foo", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:81/", + "base": "about:blank", + "href": "ws://foo:81/", + "origin": "ws://foo:81", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:443/", + "base": "about:blank", + "href": "ws://foo:443/", + "origin": "ws://foo:443", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:443", + "hostname": "foo", + "port": "443", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:815/", + "base": "about:blank", + "href": "ws://foo:815/", + "origin": "ws://foo:815", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:815", + "hostname": "foo", + "port": "815", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:80/", + "base": "about:blank", + "href": "wss://foo:80/", + "origin": "wss://foo:80", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:81/", + "base": "about:blank", + "href": "wss://foo:81/", + "origin": "wss://foo:81", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:443/", + "base": "about:blank", + "href": "wss://foo/", + "origin": "wss://foo", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:815/", + "base": "about:blank", + "href": "wss://foo:815/", + "origin": "wss://foo:815", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:815", + "hostname": "foo", + "port": "815", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/example.com/", + "base": "about:blank", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp:/example.com/", + "base": "about:blank", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:/example.com/", + "base": "about:blank", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:/example.com/", + "base": "about:blank", + "href": "madeupscheme:/example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file:/example.com/", + "base": "about:blank", + "href": "file:///example.com/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:/example.com/", + "base": "about:blank", + "href": "ftps:/example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:/example.com/", + "base": "about:blank", + "href": "gopher://example.com/", + "origin": "gopher://example.com", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws:/example.com/", + "base": "about:blank", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:/example.com/", + "base": "about:blank", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:/example.com/", + "base": "about:blank", + "href": "data:/example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/example.com/", + "base": "about:blank", + "href": "javascript:/example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/example.com/", + "base": "about:blank", + "href": "mailto:/example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "http:example.com/", + "base": "about:blank", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp:example.com/", + "base": "about:blank", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:example.com/", + "base": "about:blank", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:example.com/", + "base": "about:blank", + "href": "madeupscheme:example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:example.com/", + "base": "about:blank", + "href": "ftps:example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:example.com/", + "base": "about:blank", + "href": "gopher://example.com/", + "origin": "gopher://example.com", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws:example.com/", + "base": "about:blank", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:example.com/", + "base": "about:blank", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:example.com/", + "base": "about:blank", + "href": "data:example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:example.com/", + "base": "about:blank", + "href": "javascript:example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:example.com/", + "base": "about:blank", + "href": "mailto:example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/segments-userinfo-vs-host.html", + { + "input": "http:@www.example.com", + "base": "about:blank", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/@www.example.com", + "base": "about:blank", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://@www.example.com", + "base": "about:blank", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:a:b@www.example.com", + "base": "about:blank", + "href": "http://a:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/a:b@www.example.com", + "base": "about:blank", + "href": "http://a:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://a:b@www.example.com", + "base": "about:blank", + "href": "http://a:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://@pple.com", + "base": "about:blank", + "href": "http://pple.com/", + "origin": "http://pple.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "pple.com", + "hostname": "pple.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http::b@www.example.com", + "base": "about:blank", + "href": "http://:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/:b@www.example.com", + "base": "about:blank", + "href": "http://:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://:b@www.example.com", + "base": "about:blank", + "href": "http://:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/:@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http://user@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:/@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http://@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "https:@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:a:b@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:/a:b@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http://a:b@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http::@/www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:a:@www.example.com", + "base": "about:blank", + "href": "http://a@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/a:@www.example.com", + "base": "about:blank", + "href": "http://a@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://a:@www.example.com", + "base": "about:blank", + "href": "http://a@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://www.@pple.com", + "base": "about:blank", + "href": "http://www.@pple.com/", + "origin": "http://pple.com", + "protocol": "http:", + "username": "www.", + "password": "", + "host": "pple.com", + "hostname": "pple.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:@:www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http:/@:www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http://@:www.example.com", + "base": "about:blank", + "failure": true + }, + { + "input": "http://:@www.example.com", + "base": "about:blank", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# Others", + { + "input": "/", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": ".", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "./test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../aaa/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/aaa/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/aaa/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../../test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "中/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/%E4%B8%AD/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/%E4%B8%AD/test.txt", + "search": "", + "hash": "" + }, + { + "input": "http://www.example2.com", + "base": "http://www.example.com/test", + "href": "http://www.example2.com/", + "origin": "http://www.example2.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example2.com", + "hostname": "www.example2.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "//www.example2.com", + "base": "http://www.example.com/test", + "href": "http://www.example2.com/", + "origin": "http://www.example2.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example2.com", + "hostname": "www.example2.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:...", + "base": "http://www.example.com/test", + "href": "file:///...", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/...", + "search": "", + "hash": "" + }, + { + "input": "file:..", + "base": "http://www.example.com/test", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:a", + "base": "http://www.example.com/test", + "href": "file:///a", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/a", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/host.html", + "Basic canonicalization, uppercase should be converted to lowercase", + { + "input": "http://ExAmPlE.CoM", + "base": "http://other.com/", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://example example.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://Goo%20 goo%7C|.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[:]", + "base": "http://other.com/", + "failure": true + }, + "U+3000 is mapped to U+0020 (space) which is disallowed", + { + "input": "http://GOO\u00a0\u3000goo.com", + "base": "http://other.com/", + "failure": true + }, + "Other types of space (no-break, zero-width, zero-width-no-break) are name-prepped away to nothing. U+200B, U+2060, and U+FEFF, are ignored", + { + "input": "http://GOO\u200b\u2060\ufeffgoo.com", + "base": "http://other.com/", + "href": "http://googoo.com/", + "origin": "http://googoo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "googoo.com", + "hostname": "googoo.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Leading and trailing C0 control or space", + { + "input": "\u0000\u001b\u0004\u0012 http://example.com/\u001f \u000d ", + "base": "about:blank", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Ideographic full stop (full-width period for Chinese, etc.) should be treated as a dot. U+3002 is mapped to U+002E (dot)", + { + "input": "http://www.foo。bar.com", + "base": "http://other.com/", + "href": "http://www.foo.bar.com/", + "origin": "http://www.foo.bar.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.foo.bar.com", + "hostname": "www.foo.bar.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid unicode characters should fail... U+FDD0 is disallowed; %ef%b7%90 is U+FDD0", + { + "input": "http://\ufdd0zyx.com", + "base": "http://other.com/", + "failure": true + }, + "This is the same as previous but escaped", + { + "input": "http://%ef%b7%90zyx.com", + "base": "http://other.com/", + "failure": true + }, + "U+FFFD", + { + "input": "https://\ufffd", + "base": "about:blank", + "failure": true + }, + { + "input": "https://%EF%BF%BD", + "base": "about:blank", + "failure": true + }, + { + "input": "https://x/\ufffd?\ufffd#\ufffd", + "base": "about:blank", + "href": "https://x/%EF%BF%BD?%EF%BF%BD#%EF%BF%BD", + "origin": "https://x", + "protocol": "https:", + "username": "", + "password": "", + "host": "x", + "hostname": "x", + "port": "", + "pathname": "/%EF%BF%BD", + "search": "?%EF%BF%BD", + "hash": "#%EF%BF%BD" + }, + "Test name prepping, fullwidth input should be converted to ASCII and NOT IDN-ized. This is 'Go' in fullwidth UTF-8/UTF-16.", + { + "input": "http://Go.com", + "base": "http://other.com/", + "href": "http://go.com/", + "origin": "http://go.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "go.com", + "hostname": "go.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "URL spec forbids the following. https://www.w3.org/Bugs/Public/show_bug.cgi?id=24257", + { + "input": "http://%41.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://%ef%bc%85%ef%bc%94%ef%bc%91.com", + "base": "http://other.com/", + "failure": true + }, + "...%00 in fullwidth should fail (also as escaped UTF-8 input)", + { + "input": "http://%00.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://%ef%bc%85%ef%bc%90%ef%bc%90.com", + "base": "http://other.com/", + "failure": true + }, + "Basic IDN support, UTF-8 and UTF-16 input should be converted to IDN", + { + "input": "http://你好你好", + "base": "http://other.com/", + "href": "http://xn--6qqa088eba/", + "origin": "http://xn--6qqa088eba", + "protocol": "http:", + "username": "", + "password": "", + "host": "xn--6qqa088eba", + "hostname": "xn--6qqa088eba", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://faß.ExAmPlE/", + "base": "about:blank", + "href": "https://xn--fa-hia.example/", + "origin": "https://xn--fa-hia.example", + "protocol": "https:", + "username": "", + "password": "", + "host": "xn--fa-hia.example", + "hostname": "xn--fa-hia.example", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://faß.ExAmPlE/", + "base": "about:blank", + "href": "sc://fa%C3%9F.ExAmPlE/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "fa%C3%9F.ExAmPlE", + "hostname": "fa%C3%9F.ExAmPlE", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid escaped characters should fail and the percents should be escaped. https://www.w3.org/Bugs/Public/show_bug.cgi?id=24191", + { + "input": "http://%zz%66%a.com", + "base": "http://other.com/", + "failure": true + }, + "If we get an invalid character that has been escaped.", + { + "input": "http://%25", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://hello%00", + "base": "http://other.com/", + "failure": true + }, + "Escaped numbers should be treated like IP addresses if they are.", + { + "input": "http://%30%78%63%30%2e%30%32%35%30.01", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://%30%78%63%30%2e%30%32%35%30.01%2e", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.0.257", + "base": "http://other.com/", + "failure": true + }, + "Invalid escaping in hosts causes failure", + { + "input": "http://%3g%78%63%30%2e%30%32%35%30%2E.01", + "base": "http://other.com/", + "failure": true + }, + "A space in a host causes failure", + { + "input": "http://192.168.0.1 hello", + "base": "http://other.com/", + "failure": true + }, + { + "input": "https://x x:12", + "base": "about:blank", + "failure": true + }, + "Fullwidth and escaped UTF-8 fullwidth should still be treated as IP", + { + "input": "http://0Xc0.0250.01", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Domains with empty labels", + { + "input": "http://./", + "base": "about:blank", + "href": "http://./", + "origin": "http://.", + "protocol": "http:", + "username": "", + "password": "", + "host": ".", + "hostname": ".", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://../", + "base": "about:blank", + "href": "http://../", + "origin": "http://..", + "protocol": "http:", + "username": "", + "password": "", + "host": "..", + "hostname": "..", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0..0x300/", + "base": "about:blank", + "href": "http://0..0x300/", + "origin": "http://0..0x300", + "protocol": "http:", + "username": "", + "password": "", + "host": "0..0x300", + "hostname": "0..0x300", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Broken IPv6", + { + "input": "http://[www.google.com]/", + "base": "about:blank", + "failure": true + }, + { + "input": "http://[google.com]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.3.4x]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.3.]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.]", + "base": "http://other.com/", + "failure": true + }, + "Misc Unicode", + { + "input": "http://foo:💩@example.com/bar", + "base": "http://other.com/", + "href": "http://foo:%F0%9F%92%A9@example.com/bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "foo", + "password": "%F0%9F%92%A9", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/bar", + "search": "", + "hash": "" + }, + "# resolving a fragment against any scheme succeeds", + { + "input": "#", + "base": "test:test", + "href": "test:test#", + "origin": "null", + "protocol": "test:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "", + "hash": "" + }, + { + "input": "#x", + "base": "mailto:x@x.com", + "href": "mailto:x@x.com#x", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "x@x.com", + "search": "", + "hash": "#x" + }, + { + "input": "#x", + "base": "data:,", + "href": "data:,#x", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": ",", + "search": "", + "hash": "#x" + }, + { + "input": "#x", + "base": "about:blank", + "href": "about:blank#x", + "origin": "null", + "protocol": "about:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "blank", + "search": "", + "hash": "#x" + }, + { + "input": "#", + "base": "test:test?test", + "href": "test:test?test#", + "origin": "null", + "protocol": "test:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "?test", + "hash": "" + }, + "# multiple @ in authority state", + { + "input": "https://@test@test@example:800/", + "base": "http://doesnotmatter/", + "href": "https://%40test%40test@example:800/", + "origin": "https://example:800", + "protocol": "https:", + "username": "%40test%40test", + "password": "", + "host": "example:800", + "hostname": "example", + "port": "800", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://@@@example", + "base": "http://doesnotmatter/", + "href": "https://%40%40@example/", + "origin": "https://example", + "protocol": "https:", + "username": "%40%40", + "password": "", + "host": "example", + "hostname": "example", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "non-az-09 characters", + { + "input": "http://`{}:`{}@h/`{}?`{}", + "base": "http://doesnotmatter/", + "href": "http://%60%7B%7D:%60%7B%7D@h/%60%7B%7D?`{}", + "origin": "http://h", + "protocol": "http:", + "username": "%60%7B%7D", + "password": "%60%7B%7D", + "host": "h", + "hostname": "h", + "port": "", + "pathname": "/%60%7B%7D", + "search": "?`{}", + "hash": "" + }, + "# Credentials in base", + { + "input": "/some/path", + "base": "http://user@example.org/smth", + "href": "http://user@example.org/some/path", + "origin": "http://example.org", + "protocol": "http:", + "username": "user", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/some/path", + "search": "", + "hash": "" + }, + { + "input": "", + "base": "http://user:pass@example.org:21/smth", + "href": "http://user:pass@example.org:21/smth", + "origin": "http://example.org:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "example.org:21", + "hostname": "example.org", + "port": "21", + "pathname": "/smth", + "search": "", + "hash": "" + }, + { + "input": "/some/path", + "base": "http://user:pass@example.org:21/smth", + "href": "http://user:pass@example.org:21/some/path", + "origin": "http://example.org:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "example.org:21", + "hostname": "example.org", + "port": "21", + "pathname": "/some/path", + "search": "", + "hash": "" + }, + "# a set of tests designed by zcorpan for relative URLs with unknown schemes", + { + "input": "i", + "base": "sc:sd", + "failure": true + }, + { + "input": "i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "i", + "base": "sc:/pa/pa", + "href": "sc:/pa/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/i", + "search": "", + "hash": "" + }, + { + "input": "i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "i", + "base": "sc:///pa/pa", + "href": "sc:///pa/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc:sd", + "failure": true + }, + { + "input": "../i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "../i", + "base": "sc:/pa/pa", + "href": "sc:/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc:///pa/pa", + "href": "sc:///i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc:sd", + "failure": true + }, + { + "input": "/i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "/i", + "base": "sc:/pa/pa", + "href": "sc:/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc:///pa/pa", + "href": "sc:///i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "?i", + "base": "sc:sd", + "failure": true + }, + { + "input": "?i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "?i", + "base": "sc:/pa/pa", + "href": "sc:/pa/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "?i", + "hash": "" + }, + { + "input": "?i", + "base": "sc://ho/pa", + "href": "sc://ho/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/pa", + "search": "?i", + "hash": "" + }, + { + "input": "?i", + "base": "sc:///pa/pa", + "href": "sc:///pa/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "?i", + "hash": "" + }, + { + "input": "#i", + "base": "sc:sd", + "href": "sc:sd#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "sd", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:sd/sd", + "href": "sc:sd/sd#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "sd/sd", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:/pa/pa", + "href": "sc:/pa/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc://ho/pa", + "href": "sc://ho/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/pa", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:///pa/pa", + "href": "sc:///pa/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "", + "hash": "#i" + }, + "# make sure that relative URL logic works on known typically non-relative schemes too", + { + "input": "about:/../", + "base": "about:blank", + "href": "about:/", + "origin": "null", + "protocol": "about:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:/../", + "base": "about:blank", + "href": "data:/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/../", + "base": "about:blank", + "href": "javascript:/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/../", + "base": "about:blank", + "href": "mailto:/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# unknown schemes and their hosts", + { + "input": "sc://ñ.test/", + "base": "about:blank", + "href": "sc://%C3%B1.test/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1.test", + "hostname": "%C3%B1.test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://\u001F!\"$&'()*+,-.;<=>^_`{|}~/", + "base": "about:blank", + "href": "sc://%1F!\"$&'()*+,-.;<=>^_`{|}~/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%1F!\"$&'()*+,-.;<=>^_`{|}~", + "hostname": "%1F!\"$&'()*+,-.;<=>^_`{|}~", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://\u0000/", + "base": "about:blank", + "failure": true + }, + { + "input": "sc:// /", + "base": "about:blank", + "failure": true + }, + { + "input": "sc://%/", + "base": "about:blank", + "href": "sc://%/", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%", + "hostname": "%", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://[/", + "base": "about:blank", + "failure": true + }, + { + "input": "sc://\\/", + "base": "about:blank", + "failure": true + }, + { + "input": "sc://]/", + "base": "about:blank", + "failure": true + }, + { + "input": "x", + "base": "sc://ñ", + "href": "sc://%C3%B1/x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + "# unknown schemes and backslashes", + { + "input": "sc:\\../", + "base": "about:blank", + "href": "sc:\\../", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "\\../", + "search": "", + "hash": "" + }, + "# unknown scheme with path looking like a password", + { + "input": "sc::a@example.net", + "base": "about:blank", + "href": "sc::a@example.net", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": ":a@example.net", + "search": "", + "hash": "" + }, + "# unknown scheme with bogus percent-encoding", + { + "input": "wow:%NBD", + "base": "about:blank", + "href": "wow:%NBD", + "origin": "null", + "protocol": "wow:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "%NBD", + "search": "", + "hash": "" + }, + { + "input": "wow:%1G", + "base": "about:blank", + "href": "wow:%1G", + "origin": "null", + "protocol": "wow:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "%1G", + "search": "", + "hash": "" + }, + "# Hosts and percent-encoding", + { + "input": "ftp://example.com%80/", + "base": "about:blank", + "failure": true + }, + { + "input": "ftp://example.com%A0/", + "base": "about:blank", + "failure": true + }, + { + "input": "https://example.com%80/", + "base": "about:blank", + "failure": true + }, + { + "input": "https://example.com%A0/", + "base": "about:blank", + "failure": true + }, + { + "input": "ftp://%e2%98%83", + "base": "about:blank", + "href": "ftp://xn--n3h/", + "origin": "ftp://xn--n3h", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "xn--n3h", + "hostname": "xn--n3h", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://%e2%98%83", + "base": "about:blank", + "href": "https://xn--n3h/", + "origin": "https://xn--n3h", + "protocol": "https:", + "username": "", + "password": "", + "host": "xn--n3h", + "hostname": "xn--n3h", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# tests from jsdom/whatwg-url designed for code coverage", + { + "input": "http://127.0.0.1:10100/relative_import.html", + "base": "about:blank", + "href": "http://127.0.0.1:10100/relative_import.html", + "origin": "http://127.0.0.1:10100", + "protocol": "http:", + "username": "", + "password": "", + "host": "127.0.0.1:10100", + "hostname": "127.0.0.1", + "port": "10100", + "pathname": "/relative_import.html", + "search": "", + "hash": "" + }, + { + "input": "http://facebook.com/?foo=%7B%22abc%22", + "base": "about:blank", + "href": "http://facebook.com/?foo=%7B%22abc%22", + "origin": "http://facebook.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "facebook.com", + "hostname": "facebook.com", + "port": "", + "pathname": "/", + "search": "?foo=%7B%22abc%22", + "hash": "" + }, + { + "input": "https://localhost:3000/jqueryui@1.2.3", + "base": "about:blank", + "href": "https://localhost:3000/jqueryui@1.2.3", + "origin": "https://localhost:3000", + "protocol": "https:", + "username": "", + "password": "", + "host": "localhost:3000", + "hostname": "localhost", + "port": "3000", + "pathname": "/jqueryui@1.2.3", + "search": "", + "hash": "" + }, + "# tab/LF/CR", + { + "input": "h\tt\nt\rp://h\to\ns\rt:9\t0\n0\r0/p\ta\nt\rh?q\tu\ne\rry#f\tr\na\rg", + "base": "about:blank", + "href": "http://host:9000/path?query#frag", + "origin": "http://host:9000", + "protocol": "http:", + "username": "", + "password": "", + "host": "host:9000", + "hostname": "host", + "port": "9000", + "pathname": "/path", + "search": "?query", + "hash": "#frag" + }, + "# Stringification of URL.searchParams", + { + "input": "?a=b&c=d", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar?a=b&c=d", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "?a=b&c=d", + "searchParams": "a=b&c=d", + "hash": "" + }, + { + "input": "??a=b&c=d", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar??a=b&c=d", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "??a=b&c=d", + "searchParams": "%3Fa=b&c=d", + "hash": "" + }, + "# Scheme only", + { + "input": "http:", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "searchParams": "", + "hash": "" + }, + { + "input": "http:", + "base": "https://example.org/foo/bar", + "failure": true + }, + { + "input": "sc:", + "base": "https://example.org/foo/bar", + "href": "sc:", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "searchParams": "", + "hash": "" + }, + "# Percent encoding of fragments", + { + "input": "http://foo.bar/baz?qux#foo\bbar", + "base": "about:blank", + "href": "http://foo.bar/baz?qux#foo%08bar", + "origin": "http://foo.bar", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.bar", + "hostname": "foo.bar", + "port": "", + "pathname": "/baz", + "search": "?qux", + "searchParams": "qux=", + "hash": "#foo%08bar" + }, + "# IPv4 parsing (via https://github.com/nodejs/node/pull/10317)", + { + "input": "http://192.168.257", + "base": "http://other.com/", + "href": "http://192.168.1.1/", + "origin": "http://192.168.1.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.1.1", + "hostname": "192.168.1.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.257.com", + "base": "http://other.com/", + "href": "http://192.168.257.com/", + "origin": "http://192.168.257.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.257.com", + "hostname": "192.168.257.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://256", + "base": "http://other.com/", + "href": "http://0.0.1.0/", + "origin": "http://0.0.1.0", + "protocol": "http:", + "username": "", + "password": "", + "host": "0.0.1.0", + "hostname": "0.0.1.0", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://256.com", + "base": "http://other.com/", + "href": "http://256.com/", + "origin": "http://256.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "256.com", + "hostname": "256.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://999999999", + "base": "http://other.com/", + "href": "http://59.154.201.255/", + "origin": "http://59.154.201.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "59.154.201.255", + "hostname": "59.154.201.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://999999999.com", + "base": "http://other.com/", + "href": "http://999999999.com/", + "origin": "http://999999999.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "999999999.com", + "hostname": "999999999.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://10000000000", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://10000000000.com", + "base": "http://other.com/", + "href": "http://10000000000.com/", + "origin": "http://10000000000.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "10000000000.com", + "hostname": "10000000000.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://4294967295", + "base": "http://other.com/", + "href": "http://255.255.255.255/", + "origin": "http://255.255.255.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "255.255.255.255", + "hostname": "255.255.255.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://4294967296", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://0xffffffff", + "base": "http://other.com/", + "href": "http://255.255.255.255/", + "origin": "http://255.255.255.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "255.255.255.255", + "hostname": "255.255.255.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0xffffffff1", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://256.256.256.256", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://256.256.256.256.256", + "base": "http://other.com/", + "href": "http://256.256.256.256.256/", + "origin": "http://256.256.256.256.256", + "protocol": "http:", + "username": "", + "password": "", + "host": "256.256.256.256.256", + "hostname": "256.256.256.256.256", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://0x.0x.0", + "base": "about:blank", + "href": "https://0.0.0.0/", + "origin": "https://0.0.0.0", + "protocol": "https:", + "username": "", + "password": "", + "host": "0.0.0.0", + "hostname": "0.0.0.0", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "More IPv4 parsing (via https://github.com/jsdom/whatwg-url/issues/92)", + { + "input": "https://256.0.0.1/test", + "base": "about:blank", + "failure": true + }, + "# file URLs containing percent-encoded Windows drive letters (shouldn't work)", + { + "input": "file:///C%3A/", + "base": "about:blank", + "href": "file:///C%3A/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C%3A/", + "search": "", + "hash": "" + }, + { + "input": "file:///C%7C/", + "base": "about:blank", + "href": "file:///C%7C/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C%7C/", + "search": "", + "hash": "" + }, + "# file URLs relative to other file URLs (via https://github.com/jsdom/whatwg-url/pull/60)", + { + "input": "pix/submit.gif", + "base": "file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/anchor.html", + "href": "file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/pix/submit.gif", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/pix/submit.gif", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///C:/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# More file URL tests by zcorpan and annevk", + { + "input": "/", + "base": "file:///C:/a/b", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "//d:", + "base": "file:///C:/a/b", + "href": "file:///d:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/d:", + "search": "", + "hash": "" + }, + { + "input": "//d:/..", + "base": "file:///C:/a/b", + "href": "file:///d:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/d:/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///ab:/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///1:/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "", + "base": "file:///test?test#test", + "href": "file:///test?test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "" + }, + { + "input": "file:", + "base": "file:///test?test#test", + "href": "file:///test?test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "" + }, + { + "input": "?x", + "base": "file:///test?test#test", + "href": "file:///test?x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?x", + "hash": "" + }, + { + "input": "file:?x", + "base": "file:///test?test#test", + "href": "file:///test?x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?x", + "hash": "" + }, + { + "input": "#x", + "base": "file:///test?test#test", + "href": "file:///test?test#x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "#x" + }, + { + "input": "file:#x", + "base": "file:///test?test#test", + "href": "file:///test?test#x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "#x" + }, + "# File URLs and many (back)slashes", + { + "input": "file:///localhost//cat", + "base": "about:blank", + "href": "file:///localhost//cat", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/localhost//cat", + "search": "", + "hash": "" + }, + { + "input": "\\//pig", + "base": "file://lion/", + "href": "file:///pig", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pig", + "search": "", + "hash": "" + }, + { + "input": "file://", + "base": "file://ape/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# Windows drive letter handling with the 'file:' base URL", + { + "input": "C|#", + "base": "file://host/dir/file", + "href": "file:///C:#", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|?", + "base": "file://host/dir/file", + "href": "file:///C:?", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|/", + "base": "file://host/dir/file", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C|\n/", + "base": "file://host/dir/file", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C|\\", + "base": "file://host/dir/file", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C", + "base": "file://host/dir/file", + "href": "file://host/dir/C", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/dir/C", + "search": "", + "hash": "" + }, + { + "input": "C|a", + "base": "file://host/dir/file", + "href": "file://host/dir/C|a", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/dir/C|a", + "search": "", + "hash": "" + }, + "# Windows drive letter quirk in the file slash state", + { + "input": "/c:/foo/bar", + "base": "file://host/path", + "href": "file:///c:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar", + "search": "", + "hash": "" + }, + "# Windows drive letter quirk (no host)", + { + "input": "file:/C|/", + "base": "about:blank", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://C|/", + "base": "about:blank", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# Windows drive letter quirk with not empty host", + { + "input": "file://example.net/C:/", + "base": "about:blank", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://1.2.3.4/C:/", + "base": "about:blank", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://[1::8]/C:/", + "base": "about:blank", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# file URLs without base URL by Rimas Misevičius", + { + "input": "file:", + "base": "about:blank", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:?q=v", + "base": "about:blank", + "href": "file:///?q=v", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "?q=v", + "hash": "" + }, + { + "input": "file:#frag", + "base": "about:blank", + "href": "file:///#frag", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "#frag" + }, + "# IPv6 tests", + { + "input": "http://[1:0::]", + "base": "http://example.net/", + "href": "http://[1::]/", + "origin": "http://[1::]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[1::]", + "hostname": "[1::]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[0:1:2:3:4:5:6:7:8]", + "base": "http://example.net/", + "failure": true + }, + { + "input": "https://[0::0::0]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:.0]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:0:]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:1:2:3:4:5:6:7.0.0.0.1]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:1.00.0.0.0]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:1.290.0.0.0]", + "base": "about:blank", + "failure": true + }, + { + "input": "https://[0:1.23.23]", + "base": "about:blank", + "failure": true + }, + "# Empty host", + { + "input": "http://?", + "base": "about:blank", + "failure": true + }, + { + "input": "http://#", + "base": "about:blank", + "failure": true + }, + "Port overflow (2^32 + 81)", + { + "input": "http://f:4294967377/c", + "base": "http://example.org/", + "failure": true + }, + "Port overflow (2^64 + 81)", + { + "input": "http://f:18446744073709551697/c", + "base": "http://example.org/", + "failure": true + }, + "Port overflow (2^128 + 81)", + { + "input": "http://f:340282366920938463463374607431768211537/c", + "base": "http://example.org/", + "failure": true + }, + "# Non-special-URL path tests", + { + "input": "///", + "base": "sc://x/", + "href": "sc:///", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "tftp://foobar.com/someconfig;mode=netascii", + "base": "about:blank", + "href": "tftp://foobar.com/someconfig;mode=netascii", + "origin": "null", + "protocol": "tftp:", + "username": "", + "password": "", + "host": "foobar.com", + "hostname": "foobar.com", + "port": "", + "pathname": "/someconfig;mode=netascii", + "search": "", + "hash": "" + }, + { + "input": "telnet://user:pass@foobar.com:23/", + "base": "about:blank", + "href": "telnet://user:pass@foobar.com:23/", + "origin": "null", + "protocol": "telnet:", + "username": "user", + "password": "pass", + "host": "foobar.com:23", + "hostname": "foobar.com", + "port": "23", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ut2004://10.10.10.10:7777/Index.ut2", + "base": "about:blank", + "href": "ut2004://10.10.10.10:7777/Index.ut2", + "origin": "null", + "protocol": "ut2004:", + "username": "", + "password": "", + "host": "10.10.10.10:7777", + "hostname": "10.10.10.10", + "port": "7777", + "pathname": "/Index.ut2", + "search": "", + "hash": "" + }, + { + "input": "redis://foo:bar@somehost:6379/0?baz=bam&qux=baz", + "base": "about:blank", + "href": "redis://foo:bar@somehost:6379/0?baz=bam&qux=baz", + "origin": "null", + "protocol": "redis:", + "username": "foo", + "password": "bar", + "host": "somehost:6379", + "hostname": "somehost", + "port": "6379", + "pathname": "/0", + "search": "?baz=bam&qux=baz", + "hash": "" + }, + { + "input": "rsync://foo@host:911/sup", + "base": "about:blank", + "href": "rsync://foo@host:911/sup", + "origin": "null", + "protocol": "rsync:", + "username": "foo", + "password": "", + "host": "host:911", + "hostname": "host", + "port": "911", + "pathname": "/sup", + "search": "", + "hash": "" + }, + { + "input": "git://github.com/foo/bar.git", + "base": "about:blank", + "href": "git://github.com/foo/bar.git", + "origin": "null", + "protocol": "git:", + "username": "", + "password": "", + "host": "github.com", + "hostname": "github.com", + "port": "", + "pathname": "/foo/bar.git", + "search": "", + "hash": "" + }, + { + "input": "irc://myserver.com:6999/channel?passwd", + "base": "about:blank", + "href": "irc://myserver.com:6999/channel?passwd", + "origin": "null", + "protocol": "irc:", + "username": "", + "password": "", + "host": "myserver.com:6999", + "hostname": "myserver.com", + "port": "6999", + "pathname": "/channel", + "search": "?passwd", + "hash": "" + }, + { + "input": "dns://fw.example.org:9999/foo.bar.org?type=TXT", + "base": "about:blank", + "href": "dns://fw.example.org:9999/foo.bar.org?type=TXT", + "origin": "null", + "protocol": "dns:", + "username": "", + "password": "", + "host": "fw.example.org:9999", + "hostname": "fw.example.org", + "port": "9999", + "pathname": "/foo.bar.org", + "search": "?type=TXT", + "hash": "" + }, + { + "input": "ldap://localhost:389/ou=People,o=JNDITutorial", + "base": "about:blank", + "href": "ldap://localhost:389/ou=People,o=JNDITutorial", + "origin": "null", + "protocol": "ldap:", + "username": "", + "password": "", + "host": "localhost:389", + "hostname": "localhost", + "port": "389", + "pathname": "/ou=People,o=JNDITutorial", + "search": "", + "hash": "" + }, + { + "input": "git+https://github.com/foo/bar", + "base": "about:blank", + "href": "git+https://github.com/foo/bar", + "origin": "null", + "protocol": "git+https:", + "username": "", + "password": "", + "host": "github.com", + "hostname": "github.com", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "urn:ietf:rfc:2648", + "base": "about:blank", + "href": "urn:ietf:rfc:2648", + "origin": "null", + "protocol": "urn:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "ietf:rfc:2648", + "search": "", + "hash": "" + }, + { + "input": "tag:joe@example.org,2001:foo/bar", + "base": "about:blank", + "href": "tag:joe@example.org,2001:foo/bar", + "origin": "null", + "protocol": "tag:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "joe@example.org,2001:foo/bar", + "search": "", + "hash": "" + }, + "# percent encoded hosts in non-special-URLs", + { + "input": "non-special://%E2%80%A0/", + "base": "about:blank", + "href": "non-special://%E2%80%A0/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "%E2%80%A0", + "hostname": "%E2%80%A0", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://H%4fSt/path", + "base": "about:blank", + "href": "non-special://H%4fSt/path", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "H%4fSt", + "hostname": "H%4fSt", + "port": "", + "pathname": "/path", + "search": "", + "hash": "" + }, + "# IPv6 in non-special-URLs", + { + "input": "non-special://[1:2:0:0:5:0:0:0]/", + "base": "about:blank", + "href": "non-special://[1:2:0:0:5::]/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2:0:0:5::]", + "hostname": "[1:2:0:0:5::]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[1:2:0:0:0:0:0:3]/", + "base": "about:blank", + "href": "non-special://[1:2::3]/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2::3]", + "hostname": "[1:2::3]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[1:2::3]:80/", + "base": "about:blank", + "href": "non-special://[1:2::3]:80/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2::3]:80", + "hostname": "[1:2::3]", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[:80/", + "base": "about:blank", + "failure": true + }, + { + "input": "blob:https://example.com:443/", + "base": "about:blank", + "href": "blob:https://example.com:443/", + "protocol": "blob:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "https://example.com:443/", + "search": "", + "hash": "" + }, + { + "input": "blob:d3958f5c-0777-0845-9dcf-2cb28783acaf", + "base": "about:blank", + "href": "blob:d3958f5c-0777-0845-9dcf-2cb28783acaf", + "protocol": "blob:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "d3958f5c-0777-0845-9dcf-2cb28783acaf", + "search": "", + "hash": "" + }, + "Invalid IPv4 radix digits", + { + "input": "http://0177.0.0.0189", + "base": "about:blank", + "href": "http://0177.0.0.0189/", + "protocol": "http:", + "username": "", + "password": "", + "host": "0177.0.0.0189", + "hostname": "0177.0.0.0189", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0x7f.0.0.0x7g", + "base": "about:blank", + "href": "http://0x7f.0.0.0x7g/", + "protocol": "http:", + "username": "", + "password": "", + "host": "0x7f.0.0.0x7g", + "hostname": "0x7f.0.0.0x7g", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0X7F.0.0.0X7G", + "base": "about:blank", + "href": "http://0x7f.0.0.0x7g/", + "protocol": "http:", + "username": "", + "password": "", + "host": "0x7f.0.0.0x7g", + "hostname": "0x7f.0.0.0x7g", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid IPv4 portion of IPv6 address", + { + "input": "http://[::127.0.0.0.1]", + "base": "about:blank", + "failure": true + }, + "Uncompressed IPv6 addresses with 0", + { + "input": "http://[0:1:0:1:0:1:0:1]", + "base": "about:blank", + "href": "http://[0:1:0:1:0:1:0:1]/", + "protocol": "http:", + "username": "", + "password": "", + "host": "[0:1:0:1:0:1:0:1]", + "hostname": "[0:1:0:1:0:1:0:1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[1:0:1:0:1:0:1:0]", + "base": "about:blank", + "href": "http://[1:0:1:0:1:0:1:0]/", + "protocol": "http:", + "username": "", + "password": "", + "host": "[1:0:1:0:1:0:1:0]", + "hostname": "[1:0:1:0:1:0:1:0]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Percent-encoded query and fragment", + { + "input": "http://example.org/test?\u0022", + "base": "about:blank", + "href": "http://example.org/test?%22", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%22", + "hash": "" + }, + { + "input": "http://example.org/test?\u0023", + "base": "about:blank", + "href": "http://example.org/test?#", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "http://example.org/test?\u003C", + "base": "about:blank", + "href": "http://example.org/test?%3C", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%3C", + "hash": "" + }, + { + "input": "http://example.org/test?\u003E", + "base": "about:blank", + "href": "http://example.org/test?%3E", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%3E", + "hash": "" + }, + { + "input": "http://example.org/test?\u2323", + "base": "about:blank", + "href": "http://example.org/test?%E2%8C%A3", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%E2%8C%A3", + "hash": "" + }, + { + "input": "http://example.org/test?%23%23", + "base": "about:blank", + "href": "http://example.org/test?%23%23", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%23%23", + "hash": "" + }, + { + "input": "http://example.org/test?%GH", + "base": "about:blank", + "href": "http://example.org/test?%GH", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%GH", + "hash": "" + }, + { + "input": "http://example.org/test?a#%EF", + "base": "about:blank", + "href": "http://example.org/test?a#%EF", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#%EF" + }, + { + "input": "http://example.org/test?a#%GH", + "base": "about:blank", + "href": "http://example.org/test?a#%GH", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#%GH" + }, + "Bad bases", + { + "input": "test-a.html", + "base": "a", + "failure": true + }, + { + "input": "test-a-slash.html", + "base": "a/", + "failure": true + }, + { + "input": "test-a-slash-slash.html", + "base": "a//", + "failure": true + }, + { + "input": "test-a-colon.html", + "base": "a:", + "failure": true + }, + { + "input": "test-a-colon-slash.html", + "base": "a:/", + "href": "a:/test-a-colon-slash.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-slash-slash.html", + "base": "a://", + "href": "a:///test-a-colon-slash-slash.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash-slash.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-b.html", + "base": "a:b", + "failure": true + }, + { + "input": "test-a-colon-slash-b.html", + "base": "a:/b", + "href": "a:/test-a-colon-slash-b.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash-b.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-slash-slash-b.html", + "base": "a://b", + "href": "a://b/test-a-colon-slash-slash-b.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "b", + "hostname": "b", + "port": "", + "pathname": "/test-a-colon-slash-slash-b.html", + "search": "", + "hash": "" + }, + "Null code point in fragment", + { + "input": "http://example.org/test?a#b\u0000c", + "base": "about:blank", + "href": "http://example.org/test?a#bc", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#bc" + } +] diff --git a/netwerk/test/gtest/urltestdata.json b/netwerk/test/gtest/urltestdata.json new file mode 100644 index 0000000000..41cf6725b3 --- /dev/null +++ b/netwerk/test/gtest/urltestdata.json @@ -0,0 +1,9050 @@ +[ + "This file is based on testing/web-platform/tests/url/resources/urltestdata.json (with failing tests removed)", + { + "input": "http://example\t.\norg", + "base": "http://example.org/foo/bar", + "href": "http://example.org/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://user:pass@foo:21/bar;par?b#c", + "base": "http://example.org/foo/bar", + "href": "http://user:pass@foo:21/bar;par?b#c", + "origin": "http://foo:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "foo:21", + "hostname": "foo", + "port": "21", + "pathname": "/bar;par", + "search": "?b", + "hash": "#c" + }, + { + "input": "https://test:@test", + "base": null, + "href": "https://test@test/", + "origin": "https://test", + "protocol": "https:", + "username": "test", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://:@test", + "base": null, + "href": "https://test/", + "origin": "https://test", + "protocol": "https:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://test:@test/x", + "base": null, + "href": "non-special://test@test/x", + "origin": "null", + "protocol": "non-special:", + "username": "test", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + { + "input": "non-special://:@test/x", + "base": null, + "href": "non-special://test/x", + "origin": "null", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + { + "input": "http:foo.com", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/foo.com", + "search": "", + "hash": "" + }, + { + "input": "\t :foo.com \n", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com", + "search": "", + "hash": "" + }, + { + "input": " foo.com ", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/foo.com", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/foo.com", + "search": "", + "hash": "" + }, + { + "input": "a:\t foo.com", + "base": "http://example.org/foo/bar", + "href": "a: foo.com", + "origin": "null", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": " foo.com", + "search": "", + "hash": "" + }, + { + "input": "http://f:21/ b ? d # e ", + "base": "http://example.org/foo/bar", + "href": "http://f:21/%20b%20?%20d%20#%20e", + "origin": "http://f:21", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:21", + "hostname": "f", + "port": "21", + "pathname": "/%20b%20", + "search": "?%20d%20", + "hash": "#%20e" + }, + { + "input": "lolscheme:x x#x x", + "base": null, + "href": "lolscheme:x x#x%20x", + "protocol": "lolscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "x x", + "search": "", + "hash": "#x%20x" + }, + { + "input": "http://f:/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:0/c", + "base": "http://example.org/foo/bar", + "href": "http://f:0/c", + "origin": "http://f:0", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:0", + "hostname": "f", + "port": "0", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:00000000000000/c", + "base": "http://example.org/foo/bar", + "href": "http://f:0/c", + "origin": "http://f:0", + "protocol": "http:", + "username": "", + "password": "", + "host": "f:0", + "hostname": "f", + "port": "0", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:00000000000000000000080/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:b/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f: /c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f:\n/c", + "base": "http://example.org/foo/bar", + "href": "http://f/c", + "origin": "http://f", + "protocol": "http:", + "username": "", + "password": "", + "host": "f", + "hostname": "f", + "port": "", + "pathname": "/c", + "search": "", + "hash": "" + }, + { + "input": "http://f:fifty-two/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f:999999/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "non-special://f:999999/c", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://f: 21 / b ? d # e ", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": " \t", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": ":foo.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com/", + "search": "", + "hash": "" + }, + { + "input": ":foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:foo.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:foo.com/", + "search": "", + "hash": "" + }, + { + "input": ":", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:", + "search": "", + "hash": "" + }, + { + "input": ":a", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:a", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:a", + "search": "", + "hash": "" + }, + { + "input": ":/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:/", + "search": "", + "hash": "" + }, + { + "input": ":\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:/", + "search": "", + "hash": "" + }, + { + "input": ":#", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:#", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:", + "search": "", + "hash": "" + }, + { + "input": "#", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "#/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#/" + }, + { + "input": "#\\", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#\\", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#\\" + }, + { + "input": "#;?", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#;?", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#;?" + }, + { + "input": "?", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar?", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": ":23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:23", + "search": "", + "hash": "" + }, + { + "input": "/:23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/:23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/:23", + "search": "", + "hash": "" + }, + { + "input": "\\x", + "base": "http://example.org/foo/bar", + "href": "http://example.org/x", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + { + "input": "\\\\x\\hello", + "base": "http://example.org/foo/bar", + "href": "http://x/hello", + "origin": "http://x", + "protocol": "http:", + "username": "", + "password": "", + "host": "x", + "hostname": "x", + "port": "", + "pathname": "/hello", + "search": "", + "hash": "" + }, + { + "input": "::", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/::", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/::", + "search": "", + "hash": "" + }, + { + "input": "::23", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/::23", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/::23", + "search": "", + "hash": "" + }, + { + "input": "foo://", + "base": "http://example.org/foo/bar", + "href": "foo://", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + { + "input": "http://a:b@c:29/d", + "base": "http://example.org/foo/bar", + "href": "http://a:b@c:29/d", + "origin": "http://c:29", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "c:29", + "hostname": "c", + "port": "29", + "pathname": "/d", + "search": "", + "hash": "" + }, + { + "input": "http::@c:29", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/:@c:29", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/:@c:29", + "search": "", + "hash": "" + }, + { + "input": "http://&a:foo(b]c@d:2/", + "base": "http://example.org/foo/bar", + "href": "http://&a:foo(b%5Dc@d:2/", + "origin": "http://d:2", + "protocol": "http:", + "username": "&a", + "password": "foo(b%5Dc", + "host": "d:2", + "hostname": "d", + "port": "2", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://::@c@d:2", + "base": "http://example.org/foo/bar", + "href": "http://:%3A%40c@d:2/", + "origin": "http://d:2", + "protocol": "http:", + "username": "", + "password": "%3A%40c", + "host": "d:2", + "hostname": "d", + "port": "2", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo.com:b@d/", + "base": "http://example.org/foo/bar", + "href": "http://foo.com:b@d/", + "origin": "http://d", + "protocol": "http:", + "username": "foo.com", + "password": "b", + "host": "d", + "hostname": "d", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo.com/\\@", + "base": "http://example.org/foo/bar", + "href": "http://foo.com//@", + "origin": "http://foo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.com", + "hostname": "foo.com", + "port": "", + "pathname": "//@", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://foo.com/", + "origin": "http://foo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.com", + "hostname": "foo.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\a\\b:c\\d@foo.com\\", + "base": "http://example.org/foo/bar", + "href": "http://a/b:c/d@foo.com/", + "origin": "http://a", + "protocol": "http:", + "username": "", + "password": "", + "host": "a", + "hostname": "a", + "port": "", + "pathname": "/b:c/d@foo.com/", + "search": "", + "hash": "" + }, + { + "input": "foo:/", + "base": "http://example.org/foo/bar", + "href": "foo:/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "foo:/bar.com/", + "base": "http://example.org/foo/bar", + "href": "foo:/bar.com/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/bar.com/", + "search": "", + "hash": "" + }, + { + "input": "foo://///////", + "base": "http://example.org/foo/bar", + "href": "foo://///////", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///////", + "search": "", + "hash": "" + }, + { + "input": "foo://///////bar.com/", + "base": "http://example.org/foo/bar", + "href": "foo://///////bar.com/", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///////bar.com/", + "search": "", + "hash": "" + }, + { + "input": "foo:////://///", + "base": "http://example.org/foo/bar", + "href": "foo:////://///", + "origin": "null", + "protocol": "foo:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//://///", + "search": "", + "hash": "" + }, + { + "input": "c:/foo", + "base": "http://example.org/foo/bar", + "href": "c:/foo", + "origin": "null", + "protocol": "c:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "//foo/bar", + "base": "http://example.org/foo/bar", + "href": "http://foo/bar", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/bar", + "search": "", + "hash": "" + }, + { + "input": "http://foo/path;a??e#f#g", + "base": "http://example.org/foo/bar", + "href": "http://foo/path;a??e#f#g", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/path;a", + "search": "??e", + "hash": "#f#g" + }, + { + "input": "http://foo/abcd?efgh?ijkl", + "base": "http://example.org/foo/bar", + "href": "http://foo/abcd?efgh?ijkl", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/abcd", + "search": "?efgh?ijkl", + "hash": "" + }, + { + "input": "http://foo/abcd#foo?bar", + "base": "http://example.org/foo/bar", + "href": "http://foo/abcd#foo?bar", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/abcd", + "search": "", + "hash": "#foo?bar" + }, + { + "input": "[61:24:74]:98", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/[61:24:74]:98", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/[61:24:74]:98", + "search": "", + "hash": "" + }, + { + "input": "http:[61:27]/:foo", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/[61:27]/:foo", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/[61:27]/:foo", + "search": "", + "hash": "" + }, + { + "input": "http://[1::2]:3:4", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1]", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://2001::1]:80", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://[2001::1]", + "base": "http://example.org/foo/bar", + "href": "http://[2001::1]/", + "origin": "http://[2001::1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[2001::1]", + "hostname": "[2001::1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[::127.0.0.1]", + "base": "http://example.org/foo/bar", + "href": "http://[::7f00:1]/", + "origin": "http://[::7f00:1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[::7f00:1]", + "hostname": "[::7f00:1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[::127.0.0.1.]", + "base": "http://example.org/foo/bar", + "failure": true + }, + { + "input": "http://[0:0:0:0:0:0:13.1.68.3]", + "base": "http://example.org/foo/bar", + "href": "http://[::d01:4403]/", + "origin": "http://[::d01:4403]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[::d01:4403]", + "hostname": "[::d01:4403]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[2001::1]:80", + "base": "http://example.org/foo/bar", + "href": "http://[2001::1]/", + "origin": "http://[2001::1]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[2001::1]", + "hostname": "[2001::1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/example.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/example.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftp:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:/example.com/", + "base": "http://example.org/foo/bar", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:/example.com/", + "base": "http://example.org/foo/bar", + "href": "madeupscheme:/example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file:/example.com/", + "base": "http://example.org/foo/bar", + "href": "file:///example.com/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file://example:1/", + "base": null, + "failure": true + }, + { + "input": "file://example:test/", + "base": null, + "failure": true + }, + { + "input": "file://example%/", + "base": null, + "failure": true + }, + { + "input": "file://[example]/", + "base": null, + "failure": true + }, + { + "input": "ftps:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ftps:/example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:/example.com/", + "base": "http://example.org/foo/bar", + "href": "gopher:/example.com/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ws:/example.com/", + "base": "http://example.org/foo/bar", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:/example.com/", + "base": "http://example.org/foo/bar", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:/example.com/", + "base": "http://example.org/foo/bar", + "href": "data:/example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/example.com/", + "base": "http://example.org/foo/bar", + "href": "javascript:/example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/example.com/", + "base": "http://example.org/foo/bar", + "href": "mailto:/example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "http:example.com/", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/example.com/", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftp:example.com/", + "base": "http://example.org/foo/bar", + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:example.com/", + "base": "http://example.org/foo/bar", + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:example.com/", + "base": "http://example.org/foo/bar", + "href": "madeupscheme:example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:example.com/", + "base": "http://example.org/foo/bar", + "href": "ftps:example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:example.com/", + "base": "http://example.org/foo/bar", + "href": "gopher:example.com/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ws:example.com/", + "base": "http://example.org/foo/bar", + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:example.com/", + "base": "http://example.org/foo/bar", + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:example.com/", + "base": "http://example.org/foo/bar", + "href": "data:example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:example.com/", + "base": "http://example.org/foo/bar", + "href": "javascript:example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:example.com/", + "base": "http://example.org/foo/bar", + "href": "mailto:example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "/a/b/c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/b/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/b/c", + "search": "", + "hash": "" + }, + { + "input": "/a/ /c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/%20/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/%20/c", + "search": "", + "hash": "" + }, + { + "input": "/a%2fc", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a%2fc", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a%2fc", + "search": "", + "hash": "" + }, + { + "input": "/a/%2f/c", + "base": "http://example.org/foo/bar", + "href": "http://example.org/a/%2f/c", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/a/%2f/c", + "search": "", + "hash": "" + }, + { + "input": "#β", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar#%CE%B2", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "#%CE%B2" + }, + { + "input": "data:text/html,test#test", + "base": "http://example.org/foo/bar", + "href": "data:text/html,test#test", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "text/html,test", + "search": "", + "hash": "#test" + }, + { + "input": "tel:1234567890", + "base": "http://example.org/foo/bar", + "href": "tel:1234567890", + "origin": "null", + "protocol": "tel:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "1234567890", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/file.html", + { + "input": "file:c:\\foo\\bar.html", + "base": "file:///tmp/mock/path", + "href": "file:///c:/foo/bar.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar.html", + "search": "", + "hash": "" + }, + { + "input": " File:c|////foo\\bar.html", + "base": "file:///tmp/mock/path", + "href": "file:///c:////foo/bar.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:////foo/bar.html", + "search": "", + "hash": "" + }, + { + "input": "C|/foo/bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/C|\\foo\\bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "//C|/foo/bar", + "base": "file:///tmp/mock/path", + "href": "file:///C:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "//server/file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "\\\\server\\file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "/\\server/file", + "base": "file:///tmp/mock/path", + "href": "file://server/file", + "protocol": "file:", + "username": "", + "password": "", + "host": "server", + "hostname": "server", + "port": "", + "pathname": "/file", + "search": "", + "hash": "" + }, + { + "input": "file:///foo/bar.txt", + "base": "file:///tmp/mock/path", + "href": "file:///foo/bar.txt", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/foo/bar.txt", + "search": "", + "hash": "" + }, + { + "input": "file:///home/me", + "base": "file:///tmp/mock/path", + "href": "file:///home/me", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/home/me", + "search": "", + "hash": "" + }, + { + "input": "//", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "///", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "///test", + "base": "file:///tmp/mock/path", + "href": "file:///test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "file://test", + "base": "file:///tmp/mock/path", + "href": "file://test/", + "protocol": "file:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost/", + "base": "file:///tmp/mock/path", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file://localhost/test", + "base": "file:///tmp/mock/path", + "href": "file:///test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "test", + "base": "file:///tmp/mock/path", + "href": "file:///tmp/mock/test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/tmp/mock/test", + "search": "", + "hash": "" + }, + { + "input": "file:test", + "base": "file:///tmp/mock/path", + "href": "file:///tmp/mock/test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/tmp/mock/test", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/script-tests/path.js", + { + "input": "http://example.com/././foo", + "base": null, + "href": "http://example.com/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/./.foo", + "base": null, + "href": "http://example.com/.foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/.foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/.", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/./", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/..", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/..bar", + "base": null, + "href": "http://example.com/foo/..bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/..bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../ton", + "base": null, + "href": "http://example.com/foo/ton", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/ton", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar/../ton/../../a", + "base": null, + "href": "http://example.com/a", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/a", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/../../..", + "base": null, + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/../../../ton", + "base": null, + "href": "http://example.com/ton", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/ton", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e%2", + "base": null, + "href": "http://example.com/foo/%2e%2", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/%2e%2", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/%2e./%2e%2e/.%2e/%2e.bar", + "base": null, + "href": "http://example.com/%2e.bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%2e.bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com////../..", + "base": null, + "href": "http://example.com//", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar//../..", + "base": null, + "href": "http://example.com/foo/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo/bar//..", + "base": null, + "href": "http://example.com/foo/bar/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo/bar/", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo", + "base": null, + "href": "http://example.com/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%20foo", + "base": null, + "href": "http://example.com/%20foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%20foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%", + "base": null, + "href": "http://example.com/foo%", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2", + "base": null, + "href": "http://example.com/foo%2", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2zbar", + "base": null, + "href": "http://example.com/foo%2zbar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2zbar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%2©zbar", + "base": null, + "href": "http://example.com/foo%2%C3%82%C2%A9zbar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%2%C3%82%C2%A9zbar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%41%7a", + "base": null, + "href": "http://example.com/foo%41%7a", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%41%7a", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo\t\u0091%91", + "base": null, + "href": "http://example.com/foo%C2%91%91", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%C2%91%91", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo%00%51", + "base": null, + "href": "http://example.com/foo%00%51", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foo%00%51", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/(%28:%3A%29)", + "base": null, + "href": "http://example.com/(%28:%3A%29)", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/(%28:%3A%29)", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%3A%3a%3C%3c", + "base": null, + "href": "http://example.com/%3A%3a%3C%3c", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%3A%3a%3C%3c", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/foo\tbar", + "base": null, + "href": "http://example.com/foobar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/foobar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com\\\\foo\\\\bar", + "base": null, + "href": "http://example.com//foo//bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "//foo//bar", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/%7Ffp3%3Eju%3Dduvgw%3Dd", + "base": null, + "href": "http://example.com/%7Ffp3%3Eju%3Dduvgw%3Dd", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%7Ffp3%3Eju%3Dduvgw%3Dd", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/@asdf%40", + "base": null, + "href": "http://example.com/@asdf%40", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/@asdf%40", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/你好你好", + "base": null, + "href": "http://example.com/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E4%BD%A0%E5%A5%BD%E4%BD%A0%E5%A5%BD", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/‥/foo", + "base": null, + "href": "http://example.com/%E2%80%A5/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E2%80%A5/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com//foo", + "base": null, + "href": "http://example.com/%EF%BB%BF/foo", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%EF%BB%BF/foo", + "search": "", + "hash": "" + }, + { + "input": "http://example.com/‮/foo/‭/bar", + "base": null, + "href": "http://example.com/%E2%80%AE/foo/%E2%80%AD/bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/%E2%80%AE/foo/%E2%80%AD/bar", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/script-tests/relative.js", + { + "input": "http://www.google.com/foo?bar=baz#", + "base": null, + "href": "http://www.google.com/foo?bar=baz#", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "?bar=baz", + "hash": "" + }, + { + "input": "http://www.google.com/foo?bar=baz# »", + "base": null, + "href": "http://www.google.com/foo?bar=baz#%20%C2%BB", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "?bar=baz", + "hash": "#%20%C2%BB" + }, + { + "input": "data:test# »", + "base": null, + "href": "data:test#%20%C2%BB", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "", + "hash": "#%20%C2%BB" + }, + { + "input": "http://www.google.com", + "base": null, + "href": "http://www.google.com/", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.0x00A80001", + "base": null, + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://www/foo%2Ehtml", + "base": null, + "href": "http://www/foo%2Ehtml", + "origin": "http://www", + "protocol": "http:", + "username": "", + "password": "", + "host": "www", + "hostname": "www", + "port": "", + "pathname": "/foo%2Ehtml", + "search": "", + "hash": "" + }, + { + "input": "http://www/foo/%2E/html", + "base": null, + "href": "http://www/foo/html", + "origin": "http://www", + "protocol": "http:", + "username": "", + "password": "", + "host": "www", + "hostname": "www", + "port": "", + "pathname": "/foo/html", + "search": "", + "hash": "" + }, + { + "input": "http://user:pass@/", + "base": null, + "failure": true + }, + { + "input": "http://%25DOMAIN:foobar@foodomain.com/", + "base": null, + "href": "http://%25DOMAIN:foobar@foodomain.com/", + "origin": "http://foodomain.com", + "protocol": "http:", + "username": "%25DOMAIN", + "password": "foobar", + "host": "foodomain.com", + "hostname": "foodomain.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:\\\\www.google.com\\foo", + "base": null, + "href": "http://www.google.com/foo", + "origin": "http://www.google.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.google.com", + "hostname": "www.google.com", + "port": "", + "pathname": "/foo", + "search": "", + "hash": "" + }, + { + "input": "http://foo:80/", + "base": null, + "href": "http://foo/", + "origin": "http://foo", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo:81/", + "base": null, + "href": "http://foo:81/", + "origin": "http://foo:81", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "httpa://foo:80/", + "base": null, + "href": "httpa://foo:80/", + "origin": "null", + "protocol": "httpa:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://foo:-80/", + "base": null, + "failure": true + }, + { + "input": "https://foo:443/", + "base": null, + "href": "https://foo/", + "origin": "https://foo", + "protocol": "https:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://foo:80/", + "base": null, + "href": "https://foo:80/", + "origin": "https://foo:80", + "protocol": "https:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp://foo:21/", + "base": null, + "href": "ftp://foo/", + "origin": "ftp://foo", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp://foo:80/", + "base": null, + "href": "ftp://foo:80/", + "origin": "ftp://foo:80", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "gopher://foo:70/", + "base": null, + "href": "gopher://foo:70/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "foo:70", + "hostname": "foo", + "port": "70", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "gopher://foo:443/", + "base": null, + "href": "gopher://foo:443/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "foo:443", + "hostname": "foo", + "port": "443", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:80/", + "base": null, + "href": "ws://foo/", + "origin": "ws://foo", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:81/", + "base": null, + "href": "ws://foo:81/", + "origin": "ws://foo:81", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:443/", + "base": null, + "href": "ws://foo:443/", + "origin": "ws://foo:443", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:443", + "hostname": "foo", + "port": "443", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ws://foo:815/", + "base": null, + "href": "ws://foo:815/", + "origin": "ws://foo:815", + "protocol": "ws:", + "username": "", + "password": "", + "host": "foo:815", + "hostname": "foo", + "port": "815", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:80/", + "base": null, + "href": "wss://foo:80/", + "origin": "wss://foo:80", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:80", + "hostname": "foo", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:81/", + "base": null, + "href": "wss://foo:81/", + "origin": "wss://foo:81", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:81", + "hostname": "foo", + "port": "81", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:443/", + "base": null, + "href": "wss://foo/", + "origin": "wss://foo", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo", + "hostname": "foo", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss://foo:815/", + "base": null, + "href": "wss://foo:815/", + "origin": "wss://foo:815", + "protocol": "wss:", + "username": "", + "password": "", + "host": "foo:815", + "hostname": "foo", + "port": "815", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ftp:/example.com/", + "base": null, + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:/example.com/", + "base": null, + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:/example.com/", + "base": null, + "href": "madeupscheme:/example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "file:/example.com/", + "base": null, + "href": "file:///example.com/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:/example.com/", + "base": null, + "href": "ftps:/example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:/example.com/", + "base": null, + "href": "gopher:/example.com/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ws:/example.com/", + "base": null, + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:/example.com/", + "base": null, + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:/example.com/", + "base": null, + "href": "data:/example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/example.com/", + "base": null, + "href": "javascript:/example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/example.com/", + "base": null, + "href": "mailto:/example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftp:example.com/", + "base": null, + "href": "ftp://example.com/", + "origin": "ftp://example.com", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https:example.com/", + "base": null, + "href": "https://example.com/", + "origin": "https://example.com", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "madeupscheme:example.com/", + "base": null, + "href": "madeupscheme:example.com/", + "origin": "null", + "protocol": "madeupscheme:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ftps:example.com/", + "base": null, + "href": "ftps:example.com/", + "origin": "null", + "protocol": "ftps:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "gopher:example.com/", + "base": null, + "href": "gopher:example.com/", + "origin": "null", + "protocol": "gopher:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "ws:example.com/", + "base": null, + "href": "ws://example.com/", + "origin": "ws://example.com", + "protocol": "ws:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "wss:example.com/", + "base": null, + "href": "wss://example.com/", + "origin": "wss://example.com", + "protocol": "wss:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "data:example.com/", + "base": null, + "href": "data:example.com/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "javascript:example.com/", + "base": null, + "href": "javascript:example.com/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "mailto:example.com/", + "base": null, + "href": "mailto:example.com/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "example.com/", + "search": "", + "hash": "" + }, + { + "input": "http://@www.example.com", + "base": null, + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://a:b@www.example.com", + "base": null, + "href": "http://a:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://@pple.com", + "base": null, + "href": "http://pple.com/", + "origin": "http://pple.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "pple.com", + "hostname": "pple.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://:b@www.example.com", + "base": null, + "href": "http://:b@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "b", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:/:@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http://user@/www.example.com", + "base": null, + "failure": true + }, + { + "input": "http:@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http:/@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http://@/www.example.com", + "base": null, + "failure": true + }, + { + "input": "https:@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http:a:b@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http:/a:b@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http://a:b@/www.example.com", + "base": null, + "failure": true + }, + { + "input": "http::@/www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http://a:@www.example.com", + "base": null, + "href": "http://a@www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "a", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://www.@pple.com", + "base": null, + "href": "http://www.@pple.com/", + "origin": "http://pple.com", + "protocol": "http:", + "username": "www.", + "password": "", + "host": "pple.com", + "hostname": "pple.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http:@:www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http:/@:www.example.com", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "http://@:www.example.com", + "base": null, + "failure": true + }, + { + "input": "http://:@www.example.com", + "base": null, + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# Others", + { + "input": "/", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": ".", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "http://www.example.com/test", + "href": "http://www.example.com/", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "./test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../aaa/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/aaa/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/aaa/test.txt", + "search": "", + "hash": "" + }, + { + "input": "../../test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/test.txt", + "search": "", + "hash": "" + }, + { + "input": "中/test.txt", + "base": "http://www.example.com/test", + "href": "http://www.example.com/%E4%B8%AD/test.txt", + "origin": "http://www.example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example.com", + "hostname": "www.example.com", + "port": "", + "pathname": "/%E4%B8%AD/test.txt", + "search": "", + "hash": "" + }, + { + "input": "http://www.example2.com", + "base": "http://www.example.com/test", + "href": "http://www.example2.com/", + "origin": "http://www.example2.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example2.com", + "hostname": "www.example2.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "//www.example2.com", + "base": "http://www.example.com/test", + "href": "http://www.example2.com/", + "origin": "http://www.example2.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.example2.com", + "hostname": "www.example2.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:...", + "base": "http://www.example.com/test", + "href": "file:///...", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/...", + "search": "", + "hash": "" + }, + { + "input": "file:..", + "base": "http://www.example.com/test", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:a", + "base": "http://www.example.com/test", + "href": "file:///a", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/a", + "search": "", + "hash": "" + }, + "# Based on http://trac.webkit.org/browser/trunk/LayoutTests/fast/url/host.html", + "Basic canonicalization, uppercase should be converted to lowercase", + { + "input": "http://ExAmPlE.CoM", + "base": "http://other.com/", + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://example example.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://Goo%20 goo%7C|.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[:]", + "base": "http://other.com/", + "failure": true + }, + "U+3000 is mapped to U+0020 (space) which is disallowed", + { + "input": "http://GOO\u00a0\u3000goo.com", + "base": "http://other.com/", + "failure": true + }, + "Other types of space (no-break, zero-width, zero-width-no-break) are name-prepped away to nothing. U+200B, U+2060, and U+FEFF, are ignored", + { + "input": "http://GOO\u200b\u2060\ufeffgoo.com", + "base": "http://other.com/", + "href": "http://googoo.com/", + "origin": "http://googoo.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "googoo.com", + "hostname": "googoo.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Leading and trailing C0 control or space", + { + "input": "\u0000\u001b\u0004\u0012 http://example.com/\u001f \u000d ", + "base": null, + "href": "http://example.com/", + "origin": "http://example.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Ideographic full stop (full-width period for Chinese, etc.) should be treated as a dot. U+3002 is mapped to U+002E (dot)", + { + "input": "http://www.foo。bar.com", + "base": "http://other.com/", + "href": "http://www.foo.bar.com/", + "origin": "http://www.foo.bar.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "www.foo.bar.com", + "hostname": "www.foo.bar.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid unicode characters should fail... U+FDD0 is disallowed; %ef%b7%90 is U+FDD0", + { + "input": "http://\ufdd0zyx.com", + "base": "http://other.com/", + "failure": true + }, + "This is the same as previous but escaped", + { + "input": "http://%ef%b7%90zyx.com", + "base": "http://other.com/", + "failure": true + }, + "U+FFFD", + { + "input": "https://\ufffd", + "base": null, + "failure": true + }, + { + "input": "https://%EF%BF%BD", + "base": null, + "failure": true + }, + { + "input": "https://x/\ufffd?\ufffd#\ufffd", + "base": null, + "href": "https://x/%EF%BF%BD?%EF%BF%BD#%EF%BF%BD", + "origin": "https://x", + "protocol": "https:", + "username": "", + "password": "", + "host": "x", + "hostname": "x", + "port": "", + "pathname": "/%EF%BF%BD", + "search": "?%EF%BF%BD", + "hash": "#%EF%BF%BD" + }, + "Domain is ASCII, but a label is invalid IDNA", + { + "input": "http://a.b.c.xn--pokxncvks", + "base": null, + "failure": true + }, + { + "input": "http://10.0.0.xn--pokxncvks", + "base": null, + "failure": true + }, + "IDNA labels should be matched case-insensitively", + { + "input": "http://a.b.c.XN--pokxncvks", + "base": null, + "failure": true + }, + { + "input": "http://a.b.c.Xn--pokxncvks", + "base": null, + "failure": true + }, + { + "input": "http://10.0.0.XN--pokxncvks", + "base": null, + "failure": true + }, + { + "input": "http://10.0.0.xN--pokxncvks", + "base": null, + "failure": true + }, + "Test name prepping, fullwidth input should be converted to ASCII and NOT IDN-ized. This is 'Go' in fullwidth UTF-8/UTF-16.", + { + "input": "http://Go.com", + "base": "http://other.com/", + "href": "http://go.com/", + "origin": "http://go.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "go.com", + "hostname": "go.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "URL spec forbids the following. https://www.w3.org/Bugs/Public/show_bug.cgi?id=24257", + { + "input": "http://%41.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://%ef%bc%85%ef%bc%94%ef%bc%91.com", + "base": "http://other.com/", + "failure": true + }, + "...%00 in fullwidth should fail (also as escaped UTF-8 input)", + { + "input": "http://%00.com", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://%ef%bc%85%ef%bc%90%ef%bc%90.com", + "base": "http://other.com/", + "failure": true + }, + "Basic IDN support, UTF-8 and UTF-16 input should be converted to IDN", + { + "input": "http://你好你好", + "base": "http://other.com/", + "href": "http://xn--6qqa088eba/", + "origin": "http://xn--6qqa088eba", + "protocol": "http:", + "username": "", + "password": "", + "host": "xn--6qqa088eba", + "hostname": "xn--6qqa088eba", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://faß.ExAmPlE/", + "base": null, + "href": "https://xn--fa-hia.example/", + "origin": "https://xn--fa-hia.example", + "protocol": "https:", + "username": "", + "password": "", + "host": "xn--fa-hia.example", + "hostname": "xn--fa-hia.example", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://faß.ExAmPlE/", + "base": null, + "href": "sc://fa%C3%9F.ExAmPlE/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "fa%C3%9F.ExAmPlE", + "hostname": "fa%C3%9F.ExAmPlE", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid escaped characters should fail and the percents should be escaped. https://www.w3.org/Bugs/Public/show_bug.cgi?id=24191", + { + "input": "http://%zz%66%a.com", + "base": "http://other.com/", + "failure": true + }, + "If we get an invalid character that has been escaped.", + { + "input": "http://%25", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://hello%00", + "base": "http://other.com/", + "failure": true + }, + "Escaped numbers should be treated like IP addresses if they are.", + { + "input": "http://%30%78%63%30%2e%30%32%35%30.01", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://%30%78%63%30%2e%30%32%35%30.01%2e", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.0.257", + "base": "http://other.com/", + "failure": true + }, + "Invalid escaping in hosts causes failure", + { + "input": "http://%3g%78%63%30%2e%30%32%35%30%2E.01", + "base": "http://other.com/", + "failure": true + }, + "A space in a host causes failure", + { + "input": "http://192.168.0.1 hello", + "base": "http://other.com/", + "failure": true + }, + { + "input": "https://x x:12", + "base": null, + "failure": true + }, + "Fullwidth and escaped UTF-8 fullwidth should still be treated as IP", + { + "input": "http://0Xc0.0250.01", + "base": "http://other.com/", + "href": "http://192.168.0.1/", + "origin": "http://192.168.0.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.0.1", + "hostname": "192.168.0.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Domains with empty labels", + { + "input": "http://./", + "base": null, + "href": "http://./", + "origin": "http://.", + "protocol": "http:", + "username": "", + "password": "", + "host": ".", + "hostname": ".", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://../", + "base": null, + "href": "http://../", + "origin": "http://..", + "protocol": "http:", + "username": "", + "password": "", + "host": "..", + "hostname": "..", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Non-special domains with empty labels", + { + "input": "h://.", + "base": null, + "href": "h://.", + "origin": "null", + "protocol": "h:", + "username": "", + "password": "", + "host": ".", + "hostname": ".", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + "Broken IPv6", + { + "input": "http://[www.google.com]/", + "base": null, + "failure": true + }, + { + "input": "http://[google.com]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.3.4x]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.3.]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.2.]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::.1.2]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::1.]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::.1]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://[::%31]", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://%5B::1]", + "base": "http://other.com/", + "failure": true + }, + "Misc Unicode", + { + "input": "http://foo:💩@example.com/bar", + "base": "http://other.com/", + "href": "http://foo:%F0%9F%92%A9@example.com/bar", + "origin": "http://example.com", + "protocol": "http:", + "username": "foo", + "password": "%F0%9F%92%A9", + "host": "example.com", + "hostname": "example.com", + "port": "", + "pathname": "/bar", + "search": "", + "hash": "" + }, + "# resolving a fragment against any scheme succeeds", + { + "input": "#", + "base": "test:test", + "href": "test:test#", + "origin": "null", + "protocol": "test:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "", + "hash": "" + }, + { + "input": "#x", + "base": "mailto:x@x.com", + "href": "mailto:x@x.com#x", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "x@x.com", + "search": "", + "hash": "#x" + }, + { + "input": "#x", + "base": "data:,", + "href": "data:,#x", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": ",", + "search": "", + "hash": "#x" + }, + { + "input": "#x", + "base": "about:blank", + "href": "about:blank#x", + "origin": "null", + "protocol": "about:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "blank", + "search": "", + "hash": "#x" + }, + { + "input": "#x:y", + "base": "about:blank", + "href": "about:blank#x:y", + "origin": "null", + "protocol": "about:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "blank", + "search": "", + "hash": "#x:y" + }, + { + "input": "#", + "base": "test:test?test", + "href": "test:test?test#", + "origin": "null", + "protocol": "test:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "test", + "search": "?test", + "hash": "" + }, + "# multiple @ in authority state", + { + "input": "https://@test@test@example:800/", + "base": "http://doesnotmatter/", + "href": "https://%40test%40test@example:800/", + "origin": "https://example:800", + "protocol": "https:", + "username": "%40test%40test", + "password": "", + "host": "example:800", + "hostname": "example", + "port": "800", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://@@@example", + "base": "http://doesnotmatter/", + "href": "https://%40%40@example/", + "origin": "https://example", + "protocol": "https:", + "username": "%40%40", + "password": "", + "host": "example", + "hostname": "example", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "non-az-09 characters", + { + "input": "http://`{}:`{}@h/`{}?`{}", + "base": "http://doesnotmatter/", + "href": "http://%60%7B%7D:%60%7B%7D@h/%60%7B%7D?`{}", + "origin": "http://h", + "protocol": "http:", + "username": "%60%7B%7D", + "password": "%60%7B%7D", + "host": "h", + "hostname": "h", + "port": "", + "pathname": "/%60%7B%7D", + "search": "?`{}", + "hash": "" + }, + "byte is ' and url is special", + { + "input": "http://host/?'", + "base": null, + "href": "http://host/?%27", + "origin": "http://host", + "protocol": "http:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/", + "search": "?%27", + "hash": "" + }, + { + "input": "notspecial://host/?'", + "base": null, + "href": "notspecial://host/?'", + "origin": "null", + "protocol": "notspecial:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/", + "search": "?'", + "hash": "" + }, + "# Credentials in base", + { + "input": "/some/path", + "base": "http://user@example.org/smth", + "href": "http://user@example.org/some/path", + "origin": "http://example.org", + "protocol": "http:", + "username": "user", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/some/path", + "search": "", + "hash": "" + }, + { + "input": "", + "base": "http://user:pass@example.org:21/smth", + "href": "http://user:pass@example.org:21/smth", + "origin": "http://example.org:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "example.org:21", + "hostname": "example.org", + "port": "21", + "pathname": "/smth", + "search": "", + "hash": "" + }, + { + "input": "/some/path", + "base": "http://user:pass@example.org:21/smth", + "href": "http://user:pass@example.org:21/some/path", + "origin": "http://example.org:21", + "protocol": "http:", + "username": "user", + "password": "pass", + "host": "example.org:21", + "hostname": "example.org", + "port": "21", + "pathname": "/some/path", + "search": "", + "hash": "" + }, + "# a set of tests designed by zcorpan for relative URLs with unknown schemes", + { + "input": "i", + "base": "sc:sd", + "failure": true + }, + { + "input": "i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "i", + "base": "sc:/pa/pa", + "href": "sc:/pa/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/i", + "search": "", + "hash": "" + }, + { + "input": "i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "i", + "base": "sc:///pa/pa", + "href": "sc:///pa/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc:sd", + "failure": true + }, + { + "input": "../i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "../i", + "base": "sc:/pa/pa", + "href": "sc:/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "../i", + "base": "sc:///pa/pa", + "href": "sc:///i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc:sd", + "failure": true + }, + { + "input": "/i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "/i", + "base": "sc:/pa/pa", + "href": "sc:/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc://ho/pa", + "href": "sc://ho/i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "/i", + "base": "sc:///pa/pa", + "href": "sc:///i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/i", + "search": "", + "hash": "" + }, + { + "input": "?i", + "base": "sc:sd", + "failure": true + }, + { + "input": "?i", + "base": "sc:sd/sd", + "failure": true + }, + { + "input": "?i", + "base": "sc:/pa/pa", + "href": "sc:/pa/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "?i", + "hash": "" + }, + { + "input": "?i", + "base": "sc://ho/pa", + "href": "sc://ho/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/pa", + "search": "?i", + "hash": "" + }, + { + "input": "?i", + "base": "sc:///pa/pa", + "href": "sc:///pa/pa?i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "?i", + "hash": "" + }, + { + "input": "#i", + "base": "sc:sd", + "href": "sc:sd#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "sd", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:sd/sd", + "href": "sc:sd/sd#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "sd/sd", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:/pa/pa", + "href": "sc:/pa/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc://ho/pa", + "href": "sc://ho/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "ho", + "hostname": "ho", + "port": "", + "pathname": "/pa", + "search": "", + "hash": "#i" + }, + { + "input": "#i", + "base": "sc:///pa/pa", + "href": "sc:///pa/pa#i", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pa/pa", + "search": "", + "hash": "#i" + }, + "# make sure that relative URL logic works on known typically non-relative schemes too", + { + "input": "data:/../", + "base": null, + "href": "data:/", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "javascript:/../", + "base": null, + "href": "javascript:/", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "mailto:/../", + "base": null, + "href": "mailto:/", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# unknown schemes and their hosts", + { + "input": "sc://ñ.test/", + "base": null, + "href": "sc://%C3%B1.test/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1.test", + "hostname": "%C3%B1.test", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://%/", + "base": null, + "href": "sc://%/", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%", + "hostname": "%", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "sc://@/", + "base": null, + "failure": true + }, + { + "input": "sc://te@s:t@/", + "base": null, + "failure": true + }, + { + "input": "sc://:/", + "base": null, + "failure": true + }, + { + "input": "sc://:12/", + "base": null, + "failure": true + }, + { + "input": "x", + "base": "sc://ñ", + "href": "sc://%C3%B1/x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "/x", + "search": "", + "hash": "" + }, + "# unknown schemes and backslashes", + { + "input": "sc:\\../", + "base": null, + "href": "sc:\\../", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "\\../", + "search": "", + "hash": "" + }, + "# unknown scheme with path looking like a password", + { + "input": "sc::a@example.net", + "base": null, + "href": "sc::a@example.net", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": ":a@example.net", + "search": "", + "hash": "" + }, + "# unknown scheme with bogus percent-encoding", + { + "input": "wow:%NBD", + "base": null, + "href": "wow:%NBD", + "origin": "null", + "protocol": "wow:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "%NBD", + "search": "", + "hash": "" + }, + { + "input": "wow:%1G", + "base": null, + "href": "wow:%1G", + "origin": "null", + "protocol": "wow:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "%1G", + "search": "", + "hash": "" + }, + "# unknown scheme with non-URL characters", + { + "input": "wow:\uFFFF", + "base": null, + "href": "wow:%EF%BF%BF", + "origin": "null", + "protocol": "wow:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "%EF%BF%BF", + "search": "", + "hash": "" + }, + "Forbidden host code points", + { + "input": "sc://a\u0000b/", + "base": null, + "failure": true + }, + { + "input": "sc://a b/", + "base": null, + "failure": true + }, + { + "input": "sc://ab", + "base": null, + "failure": true + }, + { + "input": "sc://a[b/", + "base": null, + "failure": true + }, + { + "input": "sc://a\\b/", + "base": null, + "failure": true + }, + { + "input": "sc://a]b/", + "base": null, + "failure": true + }, + { + "input": "sc://a^b", + "base": null, + "failure": true + }, + { + "input": "sc://a|b/", + "base": null, + "failure": true + }, + "Forbidden host codepoints: tabs and newlines are removed during preprocessing", + { + "input": "foo://ho\u0009st/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + { + "input": "foo://ho\u000Ast/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + { + "input": "foo://ho\u000Dst/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + "Forbidden domain code-points", + { + "input": "http://a\u0000b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0001b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0002b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0003b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0004b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0005b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0006b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0007b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0008b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u000Bb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u000Cb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u000Eb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u000Fb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0010b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0011b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0012b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0013b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0014b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0015b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0016b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0017b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0018b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u0019b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Ab/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Bb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Cb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Db/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Eb/", + "base": null, + "failure": true + }, + { + "input": "http://a\u001Fb/", + "base": null, + "failure": true + }, + { + "input": "http://a b/", + "base": null, + "failure": true + }, + { + "input": "http://a%b/", + "base": null, + "failure": true + }, + { + "input": "http://ab", + "base": null, + "failure": true + }, + { + "input": "http://a[b/", + "base": null, + "failure": true + }, + { + "input": "http://a]b/", + "base": null, + "failure": true + }, + { + "input": "http://a^b", + "base": null, + "failure": true + }, + { + "input": "http://a|b/", + "base": null, + "failure": true + }, + { + "input": "http://a\u007Fb/", + "base": null, + "failure": true + }, + "Forbidden domain codepoints: tabs and newlines are removed during preprocessing", + { + "input": "http://ho\u0009st/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "http://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "http:", + "search": "", + "username": "" + }, + { + "input": "http://ho\u000Ast/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "http://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "http:", + "search": "", + "username": "" + }, + { + "input": "http://ho\u000Dst/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "http://host/", + "password": "", + "pathname": "/", + "port": "", + "protocol": "http:", + "search": "", + "username": "" + }, + "Encoded forbidden domain codepoints in special URLs", + { + "input": "http://ho%00st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%01st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%02st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%03st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%04st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%05st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%06st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%07st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%08st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%09st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Ast/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Bst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Cst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Dst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Est/", + "base": null, + "failure": true + }, + { + "input": "http://ho%0Fst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%10st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%11st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%12st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%13st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%14st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%15st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%16st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%17st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%18st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%19st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Ast/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Bst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Cst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Dst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Est/", + "base": null, + "failure": true + }, + { + "input": "http://ho%1Fst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%20st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%23st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%25st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%2Fst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%3Ast/", + "base": null, + "failure": true + }, + { + "input": "http://ho%3Cst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%3Est/", + "base": null, + "failure": true + }, + { + "input": "http://ho%3Fst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%40st/", + "base": null, + "failure": true + }, + { + "input": "http://ho%5Bst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%5Cst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%5Dst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%7Cst/", + "base": null, + "failure": true + }, + { + "input": "http://ho%7Fst/", + "base": null, + "failure": true + }, + "Allowed host/domain code points", + { + "input": "sc://\u0001\u0002\u0003\u0004\u0005\u0006\u0007\u0008\u000B\u000C\u000E\u000F\u0010\u0011\u0012\u0013\u0014\u0015\u0016\u0017\u0018\u0019\u001A\u001B\u001C\u001D\u001E\u001F\u007F!\"$%&'()*+,-.;=_`{}~/", + "base": null, + "href": "sc://%01%02%03%04%05%06%07%08%0B%0C%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%7F!\"$%&'()*+,-.;=_`{}~/", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%01%02%03%04%05%06%07%08%0B%0C%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%7F!\"$%&'()*+,-.;=_`{}~", + "hostname": "%01%02%03%04%05%06%07%08%0B%0C%0E%0F%10%11%12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F%7F!\"$%&'()*+,-.;=_`{}~", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# Hosts and percent-encoding", + { + "input": "ftp://example.com%80/", + "base": null, + "failure": true + }, + { + "input": "ftp://example.com%A0/", + "base": null, + "failure": true + }, + { + "input": "https://example.com%80/", + "base": null, + "failure": true + }, + { + "input": "https://example.com%A0/", + "base": null, + "failure": true + }, + { + "input": "ftp://%e2%98%83", + "base": null, + "href": "ftp://xn--n3h/", + "origin": "ftp://xn--n3h", + "protocol": "ftp:", + "username": "", + "password": "", + "host": "xn--n3h", + "hostname": "xn--n3h", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "https://%e2%98%83", + "base": null, + "href": "https://xn--n3h/", + "origin": "https://xn--n3h", + "protocol": "https:", + "username": "", + "password": "", + "host": "xn--n3h", + "hostname": "xn--n3h", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# tests from jsdom/whatwg-url designed for code coverage", + { + "input": "http://127.0.0.1:10100/relative_import.html", + "base": null, + "href": "http://127.0.0.1:10100/relative_import.html", + "origin": "http://127.0.0.1:10100", + "protocol": "http:", + "username": "", + "password": "", + "host": "127.0.0.1:10100", + "hostname": "127.0.0.1", + "port": "10100", + "pathname": "/relative_import.html", + "search": "", + "hash": "" + }, + { + "input": "http://facebook.com/?foo=%7B%22abc%22", + "base": null, + "href": "http://facebook.com/?foo=%7B%22abc%22", + "origin": "http://facebook.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "facebook.com", + "hostname": "facebook.com", + "port": "", + "pathname": "/", + "search": "?foo=%7B%22abc%22", + "hash": "" + }, + { + "input": "https://localhost:3000/jqueryui@1.2.3", + "base": null, + "href": "https://localhost:3000/jqueryui@1.2.3", + "origin": "https://localhost:3000", + "protocol": "https:", + "username": "", + "password": "", + "host": "localhost:3000", + "hostname": "localhost", + "port": "3000", + "pathname": "/jqueryui@1.2.3", + "search": "", + "hash": "" + }, + "# tab/LF/CR", + { + "input": "h\tt\nt\rp://h\to\ns\rt:9\t0\n0\r0/p\ta\nt\rh?q\tu\ne\rry#f\tr\na\rg", + "base": null, + "href": "http://host:9000/path?query#frag", + "origin": "http://host:9000", + "protocol": "http:", + "username": "", + "password": "", + "host": "host:9000", + "hostname": "host", + "port": "9000", + "pathname": "/path", + "search": "?query", + "hash": "#frag" + }, + "# Stringification of URL.searchParams", + { + "input": "?a=b&c=d", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar?a=b&c=d", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "?a=b&c=d", + "searchParams": "a=b&c=d", + "hash": "" + }, + { + "input": "??a=b&c=d", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar??a=b&c=d", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "??a=b&c=d", + "searchParams": "%3Fa=b&c=d", + "hash": "" + }, + "# Scheme only", + { + "input": "http:", + "base": "http://example.org/foo/bar", + "href": "http://example.org/foo/bar", + "origin": "http://example.org", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/foo/bar", + "search": "", + "searchParams": "", + "hash": "" + }, + { + "input": "http:", + "base": "https://example.org/foo/bar", + "failure": true + }, + { + "input": "sc:", + "base": "https://example.org/foo/bar", + "href": "sc:", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "searchParams": "", + "hash": "" + }, + "# Percent encoding of fragments", + { + "input": "http://foo.bar/baz?qux#foo\bbar", + "base": null, + "href": "http://foo.bar/baz?qux#foo%08bar", + "origin": "http://foo.bar", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.bar", + "hostname": "foo.bar", + "port": "", + "pathname": "/baz", + "search": "?qux", + "searchParams": "qux=", + "hash": "#foo%08bar" + }, + { + "input": "http://foo.bar/baz?qux#foo\"bar", + "base": null, + "href": "http://foo.bar/baz?qux#foo%22bar", + "origin": "http://foo.bar", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.bar", + "hostname": "foo.bar", + "port": "", + "pathname": "/baz", + "search": "?qux", + "searchParams": "qux=", + "hash": "#foo%22bar" + }, + { + "input": "http://foo.bar/baz?qux#foobar", + "base": null, + "href": "http://foo.bar/baz?qux#foo%3Ebar", + "origin": "http://foo.bar", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.bar", + "hostname": "foo.bar", + "port": "", + "pathname": "/baz", + "search": "?qux", + "searchParams": "qux=", + "hash": "#foo%3Ebar" + }, + { + "input": "http://foo.bar/baz?qux#foo`bar", + "base": null, + "href": "http://foo.bar/baz?qux#foo%60bar", + "origin": "http://foo.bar", + "protocol": "http:", + "username": "", + "password": "", + "host": "foo.bar", + "hostname": "foo.bar", + "port": "", + "pathname": "/baz", + "search": "?qux", + "searchParams": "qux=", + "hash": "#foo%60bar" + }, + "# IPv4 parsing (via https://github.com/nodejs/node/pull/10317)", + { + "input": "http://1.2.3.4/", + "base": "http://other.com/", + "href": "http://1.2.3.4/", + "origin": "http://1.2.3.4", + "protocol": "http:", + "username": "", + "password": "", + "host": "1.2.3.4", + "hostname": "1.2.3.4", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://1.2.3.4./", + "base": "http://other.com/", + "href": "http://1.2.3.4/", + "origin": "http://1.2.3.4", + "protocol": "http:", + "username": "", + "password": "", + "host": "1.2.3.4", + "hostname": "1.2.3.4", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.257", + "base": "http://other.com/", + "href": "http://192.168.1.1/", + "origin": "http://192.168.1.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.1.1", + "hostname": "192.168.1.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.257.", + "base": "http://other.com/", + "href": "http://192.168.1.1/", + "origin": "http://192.168.1.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.1.1", + "hostname": "192.168.1.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://192.168.257.com", + "base": "http://other.com/", + "href": "http://192.168.257.com/", + "origin": "http://192.168.257.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.257.com", + "hostname": "192.168.257.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://256", + "base": "http://other.com/", + "href": "http://0.0.1.0/", + "origin": "http://0.0.1.0", + "protocol": "http:", + "username": "", + "password": "", + "host": "0.0.1.0", + "hostname": "0.0.1.0", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://256.com", + "base": "http://other.com/", + "href": "http://256.com/", + "origin": "http://256.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "256.com", + "hostname": "256.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://999999999", + "base": "http://other.com/", + "href": "http://59.154.201.255/", + "origin": "http://59.154.201.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "59.154.201.255", + "hostname": "59.154.201.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://999999999.", + "base": "http://other.com/", + "href": "http://59.154.201.255/", + "origin": "http://59.154.201.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "59.154.201.255", + "hostname": "59.154.201.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "", + "failure": true + }, + { + "input": "http://999999999.com", + "base": "http://other.com/", + "href": "http://999999999.com/", + "origin": "http://999999999.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "999999999.com", + "hostname": "999999999.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://10000000000", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://10000000000.com", + "base": "http://other.com/", + "href": "http://10000000000.com/", + "origin": "http://10000000000.com", + "protocol": "http:", + "username": "", + "password": "", + "host": "10000000000.com", + "hostname": "10000000000.com", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://4294967295", + "base": "http://other.com/", + "href": "http://255.255.255.255/", + "origin": "http://255.255.255.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "255.255.255.255", + "hostname": "255.255.255.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://4294967296", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://0xffffffff", + "base": "http://other.com/", + "href": "http://255.255.255.255/", + "origin": "http://255.255.255.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "255.255.255.255", + "hostname": "255.255.255.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0xffffffff1", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://256.256.256.256", + "base": "http://other.com/", + "failure": true + }, + "More IPv4 parsing (via https://github.com/jsdom/whatwg-url/issues/92)", + { + "input": "https://0x100000000/test", + "base": null, + "failure": true + }, + { + "input": "https://256.0.0.1/test", + "base": null, + "failure": true + }, + "# file URLs containing percent-encoded Windows drive letters (shouldn't work)", + { + "input": "file:///C%3A/", + "base": null, + "href": "file:///C%3A/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C%3A/", + "search": "", + "hash": "" + }, + { + "input": "file:///C%7C/", + "base": null, + "href": "file:///C%7C/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C%7C/", + "search": "", + "hash": "" + }, + { + "input": "file://%43%3A", + "base": null, + "failure": true + }, + { + "input": "file://%43%7C", + "base": null, + "failure": true + }, + { + "input": "file://%43|", + "base": null, + "failure": true + }, + { + "input": "file://C%7C", + "base": null, + "failure": true + }, + { + "input": "file://%43%7C/", + "base": null, + "failure": true + }, + { + "input": "https://%43%7C/", + "base": null, + "failure": true + }, + { + "input": "asdf://%43|/", + "base": null, + "failure": true + }, + { + "input": "asdf://%43%7C/", + "base": null, + "href": "asdf://%43%7C/", + "origin": "null", + "protocol": "asdf:", + "username": "", + "password": "", + "host": "%43%7C", + "hostname": "%43%7C", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# file URLs relative to other file URLs (via https://github.com/jsdom/whatwg-url/pull/60)", + { + "input": "pix/submit.gif", + "base": "file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/anchor.html", + "href": "file:///C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/pix/submit.gif", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/Users/Domenic/Dropbox/GitHub/tmpvar/jsdom/test/level2/html/files/pix/submit.gif", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///C:/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# More file URL tests by zcorpan and annevk", + { + "input": "/", + "base": "file:///C:/a/b", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "/", + "base": "file://h/C:/a/b", + "href": "file://h/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "h", + "hostname": "h", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "/", + "base": "file://h/a/b", + "href": "file://h/", + "protocol": "file:", + "username": "", + "password": "", + "host": "h", + "hostname": "h", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "//d:", + "base": "file:///C:/a/b", + "href": "file:///d:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/d:", + "search": "", + "hash": "" + }, + { + "input": "//d:/..", + "base": "file:///C:/a/b", + "href": "file:///d:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/d:/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///ab:/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "..", + "base": "file:///1:/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "", + "base": "file:///test?test#test", + "href": "file:///test?test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "" + }, + { + "input": "file:", + "base": "file:///test?test#test", + "href": "file:///test?test", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "" + }, + { + "input": "?x", + "base": "file:///test?test#test", + "href": "file:///test?x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?x", + "hash": "" + }, + { + "input": "file:?x", + "base": "file:///test?test#test", + "href": "file:///test?x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?x", + "hash": "" + }, + { + "input": "#x", + "base": "file:///test?test#test", + "href": "file:///test?test#x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "#x" + }, + { + "input": "file:#x", + "base": "file:///test?test#test", + "href": "file:///test?test#x", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?test", + "hash": "#x" + }, + "# File URLs and many (back)slashes", + { + "input": "file:\\\\//", + "base": null, + "href": "file:////", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "file:\\\\\\\\", + "base": null, + "href": "file:////", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "file:\\\\\\\\?fox", + "base": null, + "href": "file:////?fox", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "?fox", + "hash": "" + }, + { + "input": "file:\\\\\\\\#guppy", + "base": null, + "href": "file:////#guppy", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "#guppy" + }, + { + "input": "file://spider///", + "base": null, + "href": "file://spider///", + "protocol": "file:", + "username": "", + "password": "", + "host": "spider", + "hostname": "spider", + "port": "", + "pathname": "///", + "search": "", + "hash": "" + }, + { + "input": "file:\\\\localhost//", + "base": null, + "href": "file:////", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "file:///localhost//cat", + "base": null, + "href": "file:///localhost//cat", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/localhost//cat", + "search": "", + "hash": "" + }, + { + "input": "file://\\/localhost//cat", + "base": null, + "href": "file:////localhost//cat", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//localhost//cat", + "search": "", + "hash": "" + }, + { + "input": "file://localhost//a//../..//", + "base": null, + "href": "file://///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///", + "search": "", + "hash": "" + }, + { + "input": "/////mouse", + "base": "file:///elephant", + "href": "file://///mouse", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///mouse", + "search": "", + "hash": "" + }, + { + "input": "\\//pig", + "base": "file://lion/", + "href": "file:///pig", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/pig", + "search": "", + "hash": "" + }, + { + "input": "\\/localhost//pig", + "base": "file://lion/", + "href": "file:////pig", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//pig", + "search": "", + "hash": "" + }, + { + "input": "//localhost//pig", + "base": "file://lion/", + "href": "file:////pig", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//pig", + "search": "", + "hash": "" + }, + { + "input": "/..//localhost//pig", + "base": "file://lion/", + "href": "file://lion//localhost//pig", + "protocol": "file:", + "username": "", + "password": "", + "host": "lion", + "hostname": "lion", + "port": "", + "pathname": "//localhost//pig", + "search": "", + "hash": "" + }, + { + "input": "file://", + "base": "file://ape/", + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "# File URLs with non-empty hosts", + { + "input": "/rooibos", + "base": "file://tea/", + "href": "file://tea/rooibos", + "protocol": "file:", + "username": "", + "password": "", + "host": "tea", + "hostname": "tea", + "port": "", + "pathname": "/rooibos", + "search": "", + "hash": "" + }, + { + "input": "/?chai", + "base": "file://tea/", + "href": "file://tea/?chai", + "protocol": "file:", + "username": "", + "password": "", + "host": "tea", + "hostname": "tea", + "port": "", + "pathname": "/", + "search": "?chai", + "hash": "" + }, + "# Windows drive letter handling with the 'file:' base URL", + { + "input": "C|", + "base": "file://host/dir/file", + "href": "file://host/C:", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|", + "base": "file://host/D:/dir1/dir2/file", + "href": "file://host/C:", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|#", + "base": "file://host/dir/file", + "href": "file://host/C:#", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|?", + "base": "file://host/dir/file", + "href": "file://host/C:?", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:", + "search": "", + "hash": "" + }, + { + "input": "C|/", + "base": "file://host/dir/file", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C|\n/", + "base": "file://host/dir/file", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C|\\", + "base": "file://host/dir/file", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "C", + "base": "file://host/dir/file", + "href": "file://host/dir/C", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/dir/C", + "search": "", + "hash": "" + }, + { + "input": "C|a", + "base": "file://host/dir/file", + "href": "file://host/dir/C|a", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/dir/C|a", + "search": "", + "hash": "" + }, + "# Windows drive letter quirk in the file slash state", + { + "input": "/c:/foo/bar", + "base": "file:///c:/baz/qux", + "href": "file:///c:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/c|/foo/bar", + "base": "file:///c:/baz/qux", + "href": "file:///c:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "file:\\c:\\foo\\bar", + "base": "file:///c:/baz/qux", + "href": "file:///c:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/c:/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "/c:/foo/bar", + "base": "file://host/path", + "href": "file://host/c:/foo/bar", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/c:/foo/bar", + "search": "", + "hash": "" + }, + "# Do not drop the host in the presence of a drive letter", + { + "input": "file://example.net/C:/", + "base": null, + "href": "file://example.net/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "example.net", + "hostname": "example.net", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://1.2.3.4/C:/", + "base": null, + "href": "file://1.2.3.4/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "1.2.3.4", + "hostname": "1.2.3.4", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://[1::8]/C:/", + "base": null, + "href": "file://[1::8]/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "[1::8]", + "hostname": "[1::8]", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# Copy the host from the base URL in the following cases", + { + "input": "C|/", + "base": "file://host/", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "/C:/", + "base": "file://host/", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file:C:/", + "base": "file://host/", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file:/C:/", + "base": "file://host/", + "href": "file://host/C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "host", + "hostname": "host", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# Copy the empty host from the input in the following cases", + { + "input": "//C:/", + "base": "file://host/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://C:/", + "base": "file://host/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "///C:/", + "base": "file://host/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file:///C:/", + "base": "file://host/", + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# Windows drive letter quirk (no host)", + { + "input": "file:/C|/", + "base": null, + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + { + "input": "file://C|/", + "base": null, + "href": "file:///C:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/C:/", + "search": "", + "hash": "" + }, + "# file URLs without base URL by Rimas Misevičius", + { + "input": "file:", + "base": null, + "href": "file:///", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "file:?q=v", + "base": null, + "href": "file:///?q=v", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "?q=v", + "hash": "" + }, + { + "input": "file:#frag", + "base": null, + "href": "file:///#frag", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "#frag" + }, + "# file: drive letter cases from https://crbug.com/1078698", + { + "input": "file:///Y:", + "base": null, + "href": "file:///Y:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/Y:", + "search": "", + "hash": "" + }, + { + "input": "file:///Y:/", + "base": null, + "href": "file:///Y:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/Y:/", + "search": "", + "hash": "" + }, + { + "input": "file:///./Y", + "base": null, + "href": "file:///Y", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/Y", + "search": "", + "hash": "" + }, + { + "input": "file:///./Y:", + "base": null, + "href": "file:///Y:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/Y:", + "search": "", + "hash": "" + }, + { + "input": "\\\\\\.\\Y:", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + "# file: drive letter cases from https://crbug.com/1078698 but lowercased", + { + "input": "file:///y:", + "base": null, + "href": "file:///y:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/y:", + "search": "", + "hash": "" + }, + { + "input": "file:///y:/", + "base": null, + "href": "file:///y:/", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/y:/", + "search": "", + "hash": "" + }, + { + "input": "file:///./y", + "base": null, + "href": "file:///y", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/y", + "search": "", + "hash": "" + }, + { + "input": "file:///./y:", + "base": null, + "href": "file:///y:", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/y:", + "search": "", + "hash": "" + }, + { + "input": "\\\\\\.\\y:", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + "# Additional file URL tests for (https://github.com/whatwg/url/issues/405)", + { + "input": "file://localhost//a//../..//foo", + "base": null, + "href": "file://///foo", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "///foo", + "search": "", + "hash": "" + }, + { + "input": "file://localhost////foo", + "base": null, + "href": "file://////foo", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "////foo", + "search": "", + "hash": "" + }, + { + "input": "file:////foo", + "base": null, + "href": "file:////foo", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//foo", + "search": "", + "hash": "" + }, + { + "input": "file:///one/two", + "base": "file:///", + "href": "file:///one/two", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/one/two", + "search": "", + "hash": "" + }, + { + "input": "file:////one/two", + "base": "file:///", + "href": "file:////one/two", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//one/two", + "search": "", + "hash": "" + }, + { + "input": "//one/two", + "base": "file:///", + "href": "file://one/two", + "protocol": "file:", + "username": "", + "password": "", + "host": "one", + "hostname": "one", + "port": "", + "pathname": "/two", + "search": "", + "hash": "" + }, + { + "input": "///one/two", + "base": "file:///", + "href": "file:///one/two", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/one/two", + "search": "", + "hash": "" + }, + { + "input": "////one/two", + "base": "file:///", + "href": "file:////one/two", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//one/two", + "search": "", + "hash": "" + }, + { + "input": "file:///.//", + "base": "file:////", + "href": "file:////", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + "File URL tests for https://github.com/whatwg/url/issues/549", + { + "input": "file:.//p", + "base": null, + "href": "file:////p", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//p", + "search": "", + "hash": "" + }, + { + "input": "file:/.//p", + "base": null, + "href": "file:////p", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//p", + "search": "", + "hash": "" + }, + "# IPv6 tests", + { + "input": "http://[1:0::]", + "base": "http://example.net/", + "href": "http://[1::]/", + "origin": "http://[1::]", + "protocol": "http:", + "username": "", + "password": "", + "host": "[1::]", + "hostname": "[1::]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[0:1:2:3:4:5:6:7:8]", + "base": "http://example.net/", + "failure": true + }, + { + "input": "https://[0::0::0]", + "base": null, + "failure": true + }, + { + "input": "https://[0:.0]", + "base": null, + "failure": true + }, + { + "input": "https://[0:0:]", + "base": null, + "failure": true + }, + { + "input": "https://[0:1:2:3:4:5:6:7.0.0.0.1]", + "base": null, + "failure": true + }, + { + "input": "https://[0:1.00.0.0.0]", + "base": null, + "failure": true + }, + { + "input": "https://[0:1.290.0.0.0]", + "base": null, + "failure": true + }, + { + "input": "https://[0:1.23.23]", + "base": null, + "failure": true + }, + "# Empty host", + { + "input": "http://?", + "base": null, + "failure": true + }, + { + "input": "http://#", + "base": null, + "failure": true + }, + "Port overflow (2^32 + 81)", + { + "input": "http://f:4294967377/c", + "base": "http://example.org/", + "failure": true + }, + "Port overflow (2^64 + 81)", + { + "input": "http://f:18446744073709551697/c", + "base": "http://example.org/", + "failure": true + }, + "Port overflow (2^128 + 81)", + { + "input": "http://f:340282366920938463463374607431768211537/c", + "base": "http://example.org/", + "failure": true + }, + "# Non-special-URL path tests", + { + "input": "sc://ñ", + "base": null, + "href": "sc://%C3%B1", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + { + "input": "sc://ñ?x", + "base": null, + "href": "sc://%C3%B1?x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "", + "search": "?x", + "hash": "" + }, + { + "input": "sc://ñ#x", + "base": null, + "href": "sc://%C3%B1#x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "", + "search": "", + "hash": "#x" + }, + { + "input": "#x", + "base": "sc://ñ", + "href": "sc://%C3%B1#x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "", + "search": "", + "hash": "#x" + }, + { + "input": "?x", + "base": "sc://ñ", + "href": "sc://%C3%B1?x", + "origin": "null", + "protocol": "sc:", + "username": "", + "password": "", + "host": "%C3%B1", + "hostname": "%C3%B1", + "port": "", + "pathname": "", + "search": "?x", + "hash": "" + }, + { + "input": "sc://?", + "base": null, + "href": "sc://?", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + { + "input": "sc://#", + "base": null, + "href": "sc://#", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + { + "input": "///", + "base": "sc://x/", + "href": "sc:///", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "////", + "base": "sc://x/", + "href": "sc:////", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "////x/", + "base": "sc://x/", + "href": "sc:////x/", + "protocol": "sc:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//x/", + "search": "", + "hash": "" + }, + { + "input": "tftp://foobar.com/someconfig;mode=netascii", + "base": null, + "href": "tftp://foobar.com/someconfig;mode=netascii", + "origin": "null", + "protocol": "tftp:", + "username": "", + "password": "", + "host": "foobar.com", + "hostname": "foobar.com", + "port": "", + "pathname": "/someconfig;mode=netascii", + "search": "", + "hash": "" + }, + { + "input": "telnet://user:pass@foobar.com:23/", + "base": null, + "href": "telnet://user:pass@foobar.com:23/", + "origin": "null", + "protocol": "telnet:", + "username": "user", + "password": "pass", + "host": "foobar.com:23", + "hostname": "foobar.com", + "port": "23", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "ut2004://10.10.10.10:7777/Index.ut2", + "base": null, + "href": "ut2004://10.10.10.10:7777/Index.ut2", + "origin": "null", + "protocol": "ut2004:", + "username": "", + "password": "", + "host": "10.10.10.10:7777", + "hostname": "10.10.10.10", + "port": "7777", + "pathname": "/Index.ut2", + "search": "", + "hash": "" + }, + { + "input": "redis://foo:bar@somehost:6379/0?baz=bam&qux=baz", + "base": null, + "href": "redis://foo:bar@somehost:6379/0?baz=bam&qux=baz", + "origin": "null", + "protocol": "redis:", + "username": "foo", + "password": "bar", + "host": "somehost:6379", + "hostname": "somehost", + "port": "6379", + "pathname": "/0", + "search": "?baz=bam&qux=baz", + "hash": "" + }, + { + "input": "rsync://foo@host:911/sup", + "base": null, + "href": "rsync://foo@host:911/sup", + "origin": "null", + "protocol": "rsync:", + "username": "foo", + "password": "", + "host": "host:911", + "hostname": "host", + "port": "911", + "pathname": "/sup", + "search": "", + "hash": "" + }, + { + "input": "git://github.com/foo/bar.git", + "base": null, + "href": "git://github.com/foo/bar.git", + "origin": "null", + "protocol": "git:", + "username": "", + "password": "", + "host": "github.com", + "hostname": "github.com", + "port": "", + "pathname": "/foo/bar.git", + "search": "", + "hash": "" + }, + { + "input": "irc://myserver.com:6999/channel?passwd", + "base": null, + "href": "irc://myserver.com:6999/channel?passwd", + "origin": "null", + "protocol": "irc:", + "username": "", + "password": "", + "host": "myserver.com:6999", + "hostname": "myserver.com", + "port": "6999", + "pathname": "/channel", + "search": "?passwd", + "hash": "" + }, + { + "input": "dns://fw.example.org:9999/foo.bar.org?type=TXT", + "base": null, + "href": "dns://fw.example.org:9999/foo.bar.org?type=TXT", + "origin": "null", + "protocol": "dns:", + "username": "", + "password": "", + "host": "fw.example.org:9999", + "hostname": "fw.example.org", + "port": "9999", + "pathname": "/foo.bar.org", + "search": "?type=TXT", + "hash": "" + }, + { + "input": "ldap://localhost:389/ou=People,o=JNDITutorial", + "base": null, + "href": "ldap://localhost:389/ou=People,o=JNDITutorial", + "origin": "null", + "protocol": "ldap:", + "username": "", + "password": "", + "host": "localhost:389", + "hostname": "localhost", + "port": "389", + "pathname": "/ou=People,o=JNDITutorial", + "search": "", + "hash": "" + }, + { + "input": "git+https://github.com/foo/bar", + "base": null, + "href": "git+https://github.com/foo/bar", + "origin": "null", + "protocol": "git+https:", + "username": "", + "password": "", + "host": "github.com", + "hostname": "github.com", + "port": "", + "pathname": "/foo/bar", + "search": "", + "hash": "" + }, + { + "input": "urn:ietf:rfc:2648", + "base": null, + "href": "urn:ietf:rfc:2648", + "origin": "null", + "protocol": "urn:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "ietf:rfc:2648", + "search": "", + "hash": "" + }, + { + "input": "tag:joe@example.org,2001:foo/bar", + "base": null, + "href": "tag:joe@example.org,2001:foo/bar", + "origin": "null", + "protocol": "tag:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "joe@example.org,2001:foo/bar", + "search": "", + "hash": "" + }, + "Serialize /. in path", + { + "input": "non-spec:/.//", + "base": null, + "href": "non-spec:/.//", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "non-spec:/..//", + "base": null, + "href": "non-spec:/.//", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "non-spec:/a/..//", + "base": null, + "href": "non-spec:/.//", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//", + "search": "", + "hash": "" + }, + { + "input": "non-spec:/.//path", + "base": null, + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "non-spec:/..//path", + "base": null, + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "non-spec:/a/..//path", + "base": null, + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "/.//path", + "base": "non-spec:/p", + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "/..//path", + "base": "non-spec:/p", + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "..//path", + "base": "non-spec:/p", + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "a/..//path", + "base": "non-spec:/p", + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + { + "input": "", + "base": "non-spec:/..//p", + "href": "non-spec:/.//p", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//p", + "search": "", + "hash": "" + }, + { + "input": "path", + "base": "non-spec:/..//p", + "href": "non-spec:/.//path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "//path", + "search": "", + "hash": "" + }, + "Do not serialize /. in path", + { + "input": "../path", + "base": "non-spec:/.//p", + "href": "non-spec:/path", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/path", + "search": "", + "hash": "" + }, + "# percent encoded hosts in non-special-URLs", + { + "input": "non-special://%E2%80%A0/", + "base": null, + "href": "non-special://%E2%80%A0/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "%E2%80%A0", + "hostname": "%E2%80%A0", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://H%4fSt/path", + "base": null, + "href": "non-special://H%4fSt/path", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "H%4fSt", + "hostname": "H%4fSt", + "port": "", + "pathname": "/path", + "search": "", + "hash": "" + }, + "# IPv6 in non-special-URLs", + { + "input": "non-special://[1:2:0:0:5:0:0:0]/", + "base": null, + "href": "non-special://[1:2:0:0:5::]/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2:0:0:5::]", + "hostname": "[1:2:0:0:5::]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[1:2:0:0:0:0:0:3]/", + "base": null, + "href": "non-special://[1:2::3]/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2::3]", + "hostname": "[1:2::3]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[1:2::3]:80/", + "base": null, + "href": "non-special://[1:2::3]:80/", + "protocol": "non-special:", + "username": "", + "password": "", + "host": "[1:2::3]:80", + "hostname": "[1:2::3]", + "port": "80", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "non-special://[:80/", + "base": null, + "failure": true + }, + { + "input": "blob:d3958f5c-0777-0845-9dcf-2cb28783acaf", + "base": null, + "href": "blob:d3958f5c-0777-0845-9dcf-2cb28783acaf", + "origin": "null", + "protocol": "blob:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "d3958f5c-0777-0845-9dcf-2cb28783acaf", + "search": "", + "hash": "" + }, + { + "input": "blob:", + "base": null, + "href": "blob:", + "origin": "null", + "protocol": "blob:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "", + "search": "", + "hash": "" + }, + "Invalid IPv4 radix digits", + { + "input": "http://0x7f.0.0.0x7g", + "base": null, + "href": "http://0x7f.0.0.0x7g/", + "protocol": "http:", + "username": "", + "password": "", + "host": "0x7f.0.0.0x7g", + "hostname": "0x7f.0.0.0x7g", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://0X7F.0.0.0X7G", + "base": null, + "href": "http://0x7f.0.0.0x7g/", + "protocol": "http:", + "username": "", + "password": "", + "host": "0x7f.0.0.0x7g", + "hostname": "0x7f.0.0.0x7g", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Invalid IPv4 portion of IPv6 address", + { + "input": "http://[::127.0.0.0.1]", + "base": null, + "failure": true + }, + "Uncompressed IPv6 addresses with 0", + { + "input": "http://[0:1:0:1:0:1:0:1]", + "base": null, + "href": "http://[0:1:0:1:0:1:0:1]/", + "protocol": "http:", + "username": "", + "password": "", + "host": "[0:1:0:1:0:1:0:1]", + "hostname": "[0:1:0:1:0:1:0:1]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://[1:0:1:0:1:0:1:0]", + "base": null, + "href": "http://[1:0:1:0:1:0:1:0]/", + "protocol": "http:", + "username": "", + "password": "", + "host": "[1:0:1:0:1:0:1:0]", + "hostname": "[1:0:1:0:1:0:1:0]", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + "Percent-encoded query and fragment", + { + "input": "http://example.org/test?\u0022", + "base": null, + "href": "http://example.org/test?%22", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%22", + "hash": "" + }, + { + "input": "http://example.org/test?\u0023", + "base": null, + "href": "http://example.org/test?#", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "http://example.org/test?\u003C", + "base": null, + "href": "http://example.org/test?%3C", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%3C", + "hash": "" + }, + { + "input": "http://example.org/test?\u003E", + "base": null, + "href": "http://example.org/test?%3E", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%3E", + "hash": "" + }, + { + "input": "http://example.org/test?\u2323", + "base": null, + "href": "http://example.org/test?%E2%8C%A3", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%E2%8C%A3", + "hash": "" + }, + { + "input": "http://example.org/test?%23%23", + "base": null, + "href": "http://example.org/test?%23%23", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%23%23", + "hash": "" + }, + { + "input": "http://example.org/test?%GH", + "base": null, + "href": "http://example.org/test?%GH", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?%GH", + "hash": "" + }, + { + "input": "http://example.org/test?a#%EF", + "base": null, + "href": "http://example.org/test?a#%EF", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#%EF" + }, + { + "input": "http://example.org/test?a#%GH", + "base": null, + "href": "http://example.org/test?a#%GH", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#%GH" + }, + "URLs that require a non-about:blank base. (Also serve as invalid base tests.)", + { + "input": "a", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "a/", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "a//", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + "Bases that don't fail to parse but fail to be bases", + { + "input": "test-a-colon.html", + "base": "a:", + "failure": true + }, + { + "input": "test-a-colon-b.html", + "base": "a:b", + "failure": true + }, + "Other base URL tests, that must succeed", + { + "input": "test-a-colon-slash.html", + "base": "a:/", + "href": "a:/test-a-colon-slash.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-slash-slash.html", + "base": "a://", + "href": "a:///test-a-colon-slash-slash.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash-slash.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-slash-b.html", + "base": "a:/b", + "href": "a:/test-a-colon-slash-b.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test-a-colon-slash-b.html", + "search": "", + "hash": "" + }, + { + "input": "test-a-colon-slash-slash-b.html", + "base": "a://b", + "href": "a://b/test-a-colon-slash-slash-b.html", + "protocol": "a:", + "username": "", + "password": "", + "host": "b", + "hostname": "b", + "port": "", + "pathname": "/test-a-colon-slash-slash-b.html", + "search": "", + "hash": "" + }, + "Null code point in fragment", + { + "input": "http://example.org/test?a#b\u0000c", + "base": null, + "href": "http://example.org/test?a#b%00c", + "protocol": "http:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#b%00c" + }, + { + "input": "non-spec://example.org/test?a#b\u0000c", + "base": null, + "href": "non-spec://example.org/test?a#b%00c", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#b%00c" + }, + { + "input": "non-spec:/test?a#b\u0000c", + "base": null, + "href": "non-spec:/test?a#b%00c", + "protocol": "non-spec:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "?a", + "hash": "#b%00c" + }, + "First scheme char - not allowed: https://github.com/whatwg/url/issues/464", + { + "input": "10.0.0.7:8080/foo.html", + "base": "file:///some/dir/bar.html", + "href": "file:///some/dir/10.0.0.7:8080/foo.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/some/dir/10.0.0.7:8080/foo.html", + "search": "", + "hash": "" + }, + "Subsequent scheme chars - not allowed", + { + "input": "a!@$*=/foo.html", + "base": "file:///some/dir/bar.html", + "href": "file:///some/dir/a!@$*=/foo.html", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/some/dir/a!@$*=/foo.html", + "search": "", + "hash": "" + }, + "First and subsequent scheme chars - allowed", + { + "input": "a1234567890-+.:foo/bar", + "base": "http://example.com/dir/file", + "href": "a1234567890-+.:foo/bar", + "protocol": "a1234567890-+.:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "foo/bar", + "search": "", + "hash": "" + }, + "IDNA ignored code points in file URLs hosts", + { + "input": "file://a\u00ADb/p", + "base": null, + "href": "file://ab/p", + "protocol": "file:", + "username": "", + "password": "", + "host": "ab", + "hostname": "ab", + "port": "", + "pathname": "/p", + "search": "", + "hash": "" + }, + { + "input": "file://a%C2%ADb/p", + "base": null, + "href": "file://ab/p", + "protocol": "file:", + "username": "", + "password": "", + "host": "ab", + "hostname": "ab", + "port": "", + "pathname": "/p", + "search": "", + "hash": "" + }, + "IDNA hostnames which get mapped to 'localhost'", + { + "input": "file://loC𝐀𝐋𝐇𝐨𝐬𝐭/usr/bin", + "base": null, + "href": "file:///usr/bin", + "protocol": "file:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/usr/bin", + "search": "", + "hash": "" + }, + "Empty host after the domain to ASCII", + { + "input": "file://\u00ad/p", + "base": null, + "failure": true + }, + { + "input": "file://%C2%AD/p", + "base": null, + "failure": true + }, + { + "input": "file://xn--/p", + "base": null, + "failure": true + }, + "https://bugzilla.mozilla.org/show_bug.cgi?id=1647058", + { + "input": "#link", + "base": "https://example.org/##link", + "href": "https://example.org/#link", + "protocol": "https:", + "username": "", + "password": "", + "host": "example.org", + "hostname": "example.org", + "port": "", + "pathname": "/", + "search": "", + "hash": "#link" + }, + "UTF-8 percent-encode of C0 control percent-encode set and supersets", + { + "input": "non-special:cannot-be-a-base-url-\u0000\u0001\u001F\u001E\u007E\u007F\u0080", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:cannot-be-a-base-url-%00%01%1F%1E~%7F%C2%80", + "origin": "null", + "password": "", + "pathname": "cannot-be-a-base-url-%00%01%1F%1E~%7F%C2%80", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "https://www.example.com/path{\u007Fpath.html?query'\u007F=query#fragment<\u007Ffragment", + "base": null, + "hash": "#fragment%3C%7Ffragment", + "host": "www.example.com", + "hostname": "www.example.com", + "href": "https://www.example.com/path%7B%7Fpath.html?query%27%7F=query#fragment%3C%7Ffragment", + "origin": "https://www.example.com", + "password": "", + "pathname": "/path%7B%7Fpath.html", + "port": "", + "protocol": "https:", + "search": "?query%27%7F=query", + "username": "" + }, + { + "input": "https://user:pass[\u007F@foo/bar", + "base": "http://example.org", + "hash": "", + "host": "foo", + "hostname": "foo", + "href": "https://user:pass%5B%7F@foo/bar", + "origin": "https://foo", + "password": "pass%5B%7F", + "pathname": "/bar", + "port": "", + "protocol": "https:", + "search": "", + "username": "user" + }, + "Tests for the distinct percent-encode sets", + { + "input": "foo:// !\"$%&'()*+,-.;<=>@[\\]^_`{|}~@host/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://%20!%22$%&'()*+,-.%3B%3C%3D%3E%40%5B%5C%5D%5E_%60%7B%7C%7D~@host/", + "origin": "null", + "password": "", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "%20!%22$%&'()*+,-.%3B%3C%3D%3E%40%5B%5C%5D%5E_%60%7B%7C%7D~" + }, + { + "input": "foo://joe: !\"$%&'()*+,-.:;<=>@[\\]^_`{|}~@host/", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://joe:%20!%22$%&'()*+,-.%3A%3B%3C%3D%3E%40%5B%5C%5D%5E_%60%7B%7C%7D~@host/", + "origin": "null", + "password": "%20!%22$%&'()*+,-.%3A%3B%3C%3D%3E%40%5B%5C%5D%5E_%60%7B%7C%7D~", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "joe" + }, + { + "input": "foo://!\"$%&'()*+,-.;=_`{}~/", + "base": null, + "hash": "", + "host": "!\"$%&'()*+,-.;=_`{}~", + "hostname": "!\"$%&'()*+,-.;=_`{}~", + "href": "foo://!\"$%&'()*+,-.;=_`{}~/", + "origin": "null", + "password": "", + "pathname": "/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + { + "input": "foo://host/ !\"$%&'()*+,-./:;<=>@[\\]^_`{|}~", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://host/%20!%22$%&'()*+,-./:;%3C=%3E@[\\]^_%60%7B|%7D~", + "origin": "null", + "password": "", + "pathname": "/%20!%22$%&'()*+,-./:;%3C=%3E@[\\]^_%60%7B|%7D~", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + { + "input": "foo://host/dir/? !\"$%&'()*+,-./:;<=>?@[\\]^_`{|}~", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "foo://host/dir/?%20!%22$%&'()*+,-./:;%3C=%3E?@[\\]^_`{|}~", + "origin": "null", + "password": "", + "pathname": "/dir/", + "port": "", + "protocol": "foo:", + "search": "?%20!%22$%&'()*+,-./:;%3C=%3E?@[\\]^_`{|}~", + "username": "" + }, + { + "input": "wss://host/dir/? !\"$%&'()*+,-./:;<=>?@[\\]^_`{|}~", + "base": null, + "hash": "", + "host": "host", + "hostname": "host", + "href": "wss://host/dir/?%20!%22$%&%27()*+,-./:;%3C=%3E?@[\\]^_`{|}~", + "origin": "wss://host", + "password": "", + "pathname": "/dir/", + "port": "", + "protocol": "wss:", + "search": "?%20!%22$%&%27()*+,-./:;%3C=%3E?@[\\]^_`{|}~", + "username": "" + }, + { + "input": "foo://host/dir/# !\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~", + "base": null, + "hash": "#%20!%22#$%&'()*+,-./:;%3C=%3E?@[\\]^_%60{|}~", + "host": "host", + "hostname": "host", + "href": "foo://host/dir/#%20!%22#$%&'()*+,-./:;%3C=%3E?@[\\]^_%60{|}~", + "origin": "null", + "password": "", + "pathname": "/dir/", + "port": "", + "protocol": "foo:", + "search": "", + "username": "" + }, + "Ensure that input schemes are not ignored when resolving non-special URLs", + { + "input": "abc:rootless", + "base": "abc://host/path", + "hash": "", + "host": "", + "hostname": "", + "href": "abc:rootless", + "password": "", + "pathname": "rootless", + "port": "", + "protocol": "abc:", + "search": "", + "username": "" + }, + { + "input": "abc:rootless", + "base": "abc:/path", + "hash": "", + "host": "", + "hostname": "", + "href": "abc:rootless", + "password": "", + "pathname": "rootless", + "port": "", + "protocol": "abc:", + "search": "", + "username": "" + }, + { + "input": "abc:rootless", + "base": "abc:path", + "hash": "", + "host": "", + "hostname": "", + "href": "abc:rootless", + "password": "", + "pathname": "rootless", + "port": "", + "protocol": "abc:", + "search": "", + "username": "" + }, + { + "input": "abc:/rooted", + "base": "abc://host/path", + "hash": "", + "host": "", + "hostname": "", + "href": "abc:/rooted", + "password": "", + "pathname": "/rooted", + "port": "", + "protocol": "abc:", + "search": "", + "username": "" + }, + "Empty query and fragment with blank should throw an error", + { + "input": "#", + "base": null, + "failure": true, + "relativeTo": "any-base" + }, + { + "input": "?", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + "Last component looks like a number, but not valid IPv4", + { + "input": "http://1.2.3.4.5", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://1.2.3.4.5.", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://0..0x300/", + "base": null, + "failure": true + }, + { + "input": "http://0..0x300./", + "base": null, + "failure": true + }, + { + "input": "http://256.256.256.256.256", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://256.256.256.256.256.", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://1.2.3.08", + "base": null, + "failure": true + }, + { + "input": "http://1.2.3.08.", + "base": null, + "failure": true + }, + { + "input": "http://1.2.3.09", + "base": null, + "failure": true + }, + { + "input": "http://09.2.3.4", + "base": null, + "failure": true + }, + { + "input": "http://09.2.3.4.", + "base": null, + "failure": true + }, + { + "input": "http://01.2.3.4.5", + "base": null, + "failure": true + }, + { + "input": "http://01.2.3.4.5.", + "base": null, + "failure": true + }, + { + "input": "http://0x100.2.3.4", + "base": null, + "failure": true + }, + { + "input": "http://0x100.2.3.4.", + "base": null, + "failure": true + }, + { + "input": "http://0x1.2.3.4.5", + "base": null, + "failure": true + }, + { + "input": "http://0x1.2.3.4.5.", + "base": null, + "failure": true + }, + { + "input": "http://foo.1.2.3.4", + "base": null, + "failure": true + }, + { + "input": "http://foo.1.2.3.4.", + "base": null, + "failure": true + }, + { + "input": "http://foo.2.3.4", + "base": null, + "failure": true + }, + { + "input": "http://foo.2.3.4.", + "base": null, + "failure": true + }, + { + "input": "http://foo.09", + "base": null, + "failure": true + }, + { + "input": "http://foo.09.", + "base": null, + "failure": true + }, + { + "input": "http://foo.0x4", + "base": null, + "failure": true + }, + { + "input": "http://foo.0x4.", + "base": null, + "failure": true + }, + { + "input": "http://foo.09..", + "base": null, + "hash": "", + "host": "foo.09..", + "hostname": "foo.09..", + "href": "http://foo.09../", + "password": "", + "pathname": "/", + "port": "", + "protocol": "http:", + "search": "", + "username": "" + }, + { + "input": "http://0999999999999999999/", + "base": null, + "failure": true + }, + { + "input": "http://foo.0x", + "base": null, + "failure": true + }, + { + "input": "http://foo.0XFfFfFfFfFfFfFfFfFfAcE123", + "base": null, + "failure": true + }, + { + "input": "http://💩.123/", + "base": null, + "failure": true + }, + "U+0000 and U+FFFF in various places", + { + "input": "https://\u0000y", + "base": null, + "failure": true + }, + { + "input": "https://x/\u0000y", + "base": null, + "hash": "", + "host": "x", + "hostname": "x", + "href": "https://x/%00y", + "password": "", + "pathname": "/%00y", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "input": "https://x/?\u0000y", + "base": null, + "hash": "", + "host": "x", + "hostname": "x", + "href": "https://x/?%00y", + "password": "", + "pathname": "/", + "port": "", + "protocol": "https:", + "search": "?%00y", + "username": "" + }, + { + "input": "https://x/?#\u0000y", + "base": null, + "hash": "#%00y", + "host": "x", + "hostname": "x", + "href": "https://x/?#%00y", + "password": "", + "pathname": "/", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "input": "https://\uFFFFy", + "base": null, + "failure": true + }, + { + "input": "https://x/\uFFFFy", + "base": null, + "hash": "", + "host": "x", + "hostname": "x", + "href": "https://x/%EF%BF%BFy", + "password": "", + "pathname": "/%EF%BF%BFy", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "input": "https://x/?\uFFFFy", + "base": null, + "hash": "", + "host": "x", + "hostname": "x", + "href": "https://x/?%EF%BF%BFy", + "password": "", + "pathname": "/", + "port": "", + "protocol": "https:", + "search": "?%EF%BF%BFy", + "username": "" + }, + { + "input": "https://x/?#\uFFFFy", + "base": null, + "hash": "#%EF%BF%BFy", + "host": "x", + "hostname": "x", + "href": "https://x/?#%EF%BF%BFy", + "password": "", + "pathname": "/", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "input": "non-special:\u0000y", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:%00y", + "password": "", + "pathname": "%00y", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "non-special:x/\u0000y", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:x/%00y", + "password": "", + "pathname": "x/%00y", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "non-special:x/?\u0000y", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:x/?%00y", + "password": "", + "pathname": "x/", + "port": "", + "protocol": "non-special:", + "search": "?%00y", + "username": "" + }, + { + "input": "non-special:x/?#\u0000y", + "base": null, + "hash": "#%00y", + "host": "", + "hostname": "", + "href": "non-special:x/?#%00y", + "password": "", + "pathname": "x/", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "non-special:\uFFFFy", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:%EF%BF%BFy", + "password": "", + "pathname": "%EF%BF%BFy", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "non-special:x/\uFFFFy", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:x/%EF%BF%BFy", + "password": "", + "pathname": "x/%EF%BF%BFy", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "non-special:x/?\uFFFFy", + "base": null, + "hash": "", + "host": "", + "hostname": "", + "href": "non-special:x/?%EF%BF%BFy", + "password": "", + "pathname": "x/", + "port": "", + "protocol": "non-special:", + "search": "?%EF%BF%BFy", + "username": "" + }, + { + "input": "non-special:x/?#\uFFFFy", + "base": null, + "hash": "#%EF%BF%BFy", + "host": "", + "hostname": "", + "href": "non-special:x/?#%EF%BF%BFy", + "password": "", + "pathname": "x/", + "port": "", + "protocol": "non-special:", + "search": "", + "username": "" + }, + { + "input": "", + "base": null, + "failure": true, + "relativeTo": "non-opaque-path-base" + }, + { + "input": "https://example.com/\"quoted\"", + "base": null, + "hash": "", + "host": "example.com", + "hostname": "example.com", + "href": "https://example.com/%22quoted%22", + "origin": "https://example.com", + "password": "", + "pathname": "/%22quoted%22", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "input": "https://a%C2%ADb/", + "base": null, + "hash": "", + "host": "ab", + "hostname": "ab", + "href": "https://ab/", + "origin": "https://ab", + "password": "", + "pathname": "/", + "port": "", + "protocol": "https:", + "search": "", + "username": "" + }, + { + "comment": "Empty host after domain to ASCII", + "input": "https://\u00AD/", + "base": null, + "failure": true + }, + { + "input": "https://%C2%AD/", + "base": null, + "failure": true + }, + { + "input": "https://xn--/", + "base": null, + "failure": true + }, + "Non-special schemes that some implementations might incorrectly treat as special", + { + "input": "data://example.com:8080/pathname?search#hash", + "base": null, + "href": "data://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "data:///test", + "base": null, + "href": "data:///test", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "data://test/a/../b", + "base": null, + "href": "data://test/b", + "origin": "null", + "protocol": "data:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "data://:443", + "base": null, + "failure": true + }, + { + "input": "data://test:test", + "base": null, + "failure": true + }, + { + "input": "data://[:1]", + "base": null, + "failure": true + }, + { + "input": "javascript://example.com:8080/pathname?search#hash", + "base": null, + "href": "javascript://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "javascript:///test", + "base": null, + "href": "javascript:///test", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "javascript://test/a/../b", + "base": null, + "href": "javascript://test/b", + "origin": "null", + "protocol": "javascript:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "javascript://:443", + "base": null, + "failure": true + }, + { + "input": "javascript://test:test", + "base": null, + "failure": true + }, + { + "input": "javascript://[:1]", + "base": null, + "failure": true + }, + { + "input": "mailto://example.com:8080/pathname?search#hash", + "base": null, + "href": "mailto://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "mailto:///test", + "base": null, + "href": "mailto:///test", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "mailto://test/a/../b", + "base": null, + "href": "mailto://test/b", + "origin": "null", + "protocol": "mailto:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "mailto://:443", + "base": null, + "failure": true + }, + { + "input": "mailto://test:test", + "base": null, + "failure": true + }, + { + "input": "mailto://[:1]", + "base": null, + "failure": true + }, + { + "input": "intent://example.com:8080/pathname?search#hash", + "base": null, + "href": "intent://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "intent:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "intent:///test", + "base": null, + "href": "intent:///test", + "origin": "null", + "protocol": "intent:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "intent://test/a/../b", + "base": null, + "href": "intent://test/b", + "origin": "null", + "protocol": "intent:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "intent://:443", + "base": null, + "failure": true + }, + { + "input": "intent://test:test", + "base": null, + "failure": true + }, + { + "input": "intent://[:1]", + "base": null, + "failure": true + }, + { + "input": "urn://example.com:8080/pathname?search#hash", + "base": null, + "href": "urn://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "urn:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "urn:///test", + "base": null, + "href": "urn:///test", + "origin": "null", + "protocol": "urn:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "urn://test/a/../b", + "base": null, + "href": "urn://test/b", + "origin": "null", + "protocol": "urn:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "urn://:443", + "base": null, + "failure": true + }, + { + "input": "urn://test:test", + "base": null, + "failure": true + }, + { + "input": "urn://[:1]", + "base": null, + "failure": true + }, + { + "input": "turn://example.com:8080/pathname?search#hash", + "base": null, + "href": "turn://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "turn:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "turn:///test", + "base": null, + "href": "turn:///test", + "origin": "null", + "protocol": "turn:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "turn://test/a/../b", + "base": null, + "href": "turn://test/b", + "origin": "null", + "protocol": "turn:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "turn://:443", + "base": null, + "failure": true + }, + { + "input": "turn://test:test", + "base": null, + "failure": true + }, + { + "input": "turn://[:1]", + "base": null, + "failure": true + }, + { + "input": "stun://example.com:8080/pathname?search#hash", + "base": null, + "href": "stun://example.com:8080/pathname?search#hash", + "origin": "null", + "protocol": "stun:", + "username": "", + "password": "", + "host": "example.com:8080", + "hostname": "example.com", + "port": "8080", + "pathname": "/pathname", + "search": "?search", + "hash": "#hash" + }, + { + "input": "stun:///test", + "base": null, + "href": "stun:///test", + "origin": "null", + "protocol": "stun:", + "username": "", + "password": "", + "host": "", + "hostname": "", + "port": "", + "pathname": "/test", + "search": "", + "hash": "" + }, + { + "input": "stun://test/a/../b", + "base": null, + "href": "stun://test/b", + "origin": "null", + "protocol": "stun:", + "username": "", + "password": "", + "host": "test", + "hostname": "test", + "port": "", + "pathname": "/b", + "search": "", + "hash": "" + }, + { + "input": "stun://:443", + "base": null, + "failure": true + }, + { + "input": "stun://test:test", + "base": null, + "failure": true + }, + { + "input": "stun://[:1]", + "base": null, + "failure": true + } +] diff --git a/netwerk/test/http3server/Cargo.toml b/netwerk/test/http3server/Cargo.toml new file mode 100644 index 0000000000..24fdd28137 --- /dev/null +++ b/netwerk/test/http3server/Cargo.toml @@ -0,0 +1,35 @@ +[package] +name = "http3server" +version = "0.1.1" +authors = ["Dragana Damjanovic "] +edition = "2018" +license = "MPL-2.0" + +[dependencies] +neqo-transport = { tag = "v0.7.0", git = "https://github.com/mozilla/neqo" } +neqo-common = { tag = "v0.7.0", git = "https://github.com/mozilla/neqo" } +neqo-http3 = { tag = "v0.7.0", git = "https://github.com/mozilla/neqo" } +neqo-qpack = { tag = "v0.7.0", git = "https://github.com/mozilla/neqo" } +mio = "0.6.17" +mio-extras = "2.0.5" +log = "0.4.0" +base64 = "0.21" +cfg-if = "1.0" +http = "0.2.8" +hyper = { version = "0.14", features = ["full"] } +tokio = { version = "1", features = ["rt-multi-thread"] } +mozilla-central-workspace-hack = { version = "0.1", features = ["http3server"], optional = true } + +[dependencies.neqo-crypto] +tag = "v0.7.0" +git = "https://github.com/mozilla/neqo" +default-features = false +features = ["gecko"] + +# Make sure to use bindgen's runtime-loading of libclang, as it allows for a wider range of clang versions to be used +[build-dependencies] +bindgen = {version = "0.69", default-features = false, features = ["runtime"] } + +[[bin]] +name = "http3server" +path = "src/main.rs" diff --git a/netwerk/test/http3server/moz.build b/netwerk/test/http3server/moz.build new file mode 100644 index 0000000000..8be2cdb31e --- /dev/null +++ b/netwerk/test/http3server/moz.build @@ -0,0 +1,18 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +if CONFIG["COMPILE_ENVIRONMENT"]: + RUST_PROGRAMS += [ + "http3server", + ] + +# Ideally, the build system would set @rpath to be @executable_path as +# a default for this executable so that this addition to LDFLAGS would not be +# needed here. Bug 1772575 is filed to implement that. +if CONFIG["OS_ARCH"] == "Darwin": + LDFLAGS += ["-Wl,-rpath,@executable_path"] + +USE_LIBS += ["nss"] diff --git a/netwerk/test/http3server/src/main.rs b/netwerk/test/http3server/src/main.rs new file mode 100644 index 0000000000..a308f56442 --- /dev/null +++ b/netwerk/test/http3server/src/main.rs @@ -0,0 +1,1386 @@ +// Licensed under the Apache License, Version 2.0 or the MIT license +// , at your +// option. This file may not be copied, modified, or distributed +// except according to those terms. + +#![deny(warnings)] + +use base64::prelude::*; +use neqo_common::{event::Provider, qdebug, qinfo, qtrace, Datagram, Header, IpTos}; +use neqo_crypto::{generate_ech_keys, init_db, AllowZeroRtt, AntiReplay}; +use neqo_http3::{ + Error, Http3OrWebTransportStream, Http3Parameters, Http3Server, Http3ServerEvent, + WebTransportRequest, WebTransportServerEvent, WebTransportSessionAcceptAction, +}; +use neqo_transport::server::{ActiveConnectionRef, Server}; +use neqo_transport::{ + ConnectionEvent, ConnectionParameters, Output, RandomConnectionIdGenerator, StreamId, + StreamType, +}; +use std::env; + +use std::cell::RefCell; +use std::io; +use std::path::PathBuf; +use std::process::exit; +use std::rc::Rc; +use std::thread; +use std::time::{Duration, Instant}; + +use cfg_if::cfg_if; +use core::fmt::Display; + +cfg_if! { + if #[cfg(not(target_os = "android"))] { + use std::sync::mpsc::{channel, Receiver, TryRecvError}; + use hyper::body::HttpBody; + use hyper::header::{HeaderName, HeaderValue}; + use hyper::{Body, Client, Method, Request}; + } +} + +use mio::net::UdpSocket; +use mio::{Events, Poll, PollOpt, Ready, Token}; +use mio_extras::timer::{Builder, Timeout, Timer}; +use std::cmp::{max, min}; +use std::collections::hash_map::DefaultHasher; +use std::collections::HashMap; +use std::collections::HashSet; +use std::hash::{Hash, Hasher}; +use std::mem; +use std::net::SocketAddr; + +const MAX_TABLE_SIZE: u64 = 65536; +const MAX_BLOCKED_STREAMS: u16 = 10; +const PROTOCOLS: &[&str] = &["h3-29", "h3"]; +const TIMER_TOKEN: Token = Token(0xffff); +const ECH_CONFIG_ID: u8 = 7; +const ECH_PUBLIC_NAME: &str = "public.example"; + +const HTTP_RESPONSE_WITH_WRONG_FRAME: &[u8] = &[ + 0x01, 0x06, 0x00, 0x00, 0xd9, 0x54, 0x01, 0x37, // headers + 0x0, 0x3, 0x61, 0x62, 0x63, // the first data frame + 0x3, 0x1, 0x5, // a cancel push frame that is not allowed +]; + +trait HttpServer: Display { + fn process(&mut self, dgram: Option) -> Output; + fn process_events(&mut self); + fn get_timeout(&self) -> Option { + None + } +} + +struct Http3TestServer { + server: Http3Server, + // This a map from a post request to amount of data ithas been received on the request. + // The respons will carry the amount of data received. + posts: HashMap, + responses: HashMap>, + current_connection_hash: u64, + sessions_to_close: HashMap>, + sessions_to_create_stream: Vec<(WebTransportRequest, StreamType, bool)>, + webtransport_bidi_stream: HashSet, + wt_unidi_conn_to_stream: HashMap, + wt_unidi_echo_back: HashMap, + received_datagram: Option>, +} + +impl ::std::fmt::Display for Http3TestServer { + fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result { + write!(f, "{}", self.server) + } +} + +impl Http3TestServer { + pub fn new(server: Http3Server) -> Self { + Self { + server, + posts: HashMap::new(), + responses: HashMap::new(), + current_connection_hash: 0, + sessions_to_close: HashMap::new(), + sessions_to_create_stream: Vec::new(), + webtransport_bidi_stream: HashSet::new(), + wt_unidi_conn_to_stream: HashMap::new(), + wt_unidi_echo_back: HashMap::new(), + received_datagram: None, + } + } + + fn new_response(&mut self, mut stream: Http3OrWebTransportStream, mut data: Vec) { + if data.len() == 0 { + let _ = stream.stream_close_send(); + return; + } + match stream.send_data(&data) { + Ok(sent) => { + if sent < data.len() { + self.responses.insert(stream, data.split_off(sent)); + } else { + stream.stream_close_send().unwrap(); + } + } + Err(e) => { + eprintln!("error is {:?}", e); + } + } + } + + fn handle_stream_writable(&mut self, mut stream: Http3OrWebTransportStream) { + if let Some(data) = self.responses.get_mut(&stream) { + match stream.send_data(&data) { + Ok(sent) => { + if sent < data.len() { + let new_d = (*data).split_off(sent); + *data = new_d; + } else { + stream.stream_close_send().unwrap(); + self.responses.remove(&stream); + } + } + Err(_) => { + eprintln!("Unexpected error"); + } + } + } + } + + fn maybe_close_session(&mut self) { + let now = Instant::now(); + for (expires, sessions) in self.sessions_to_close.iter_mut() { + if *expires <= now { + for s in sessions.iter_mut() { + mem::drop(s.close_session(0, "")); + } + } + } + self.sessions_to_close.retain(|expires, _| *expires >= now); + } + + fn maybe_create_wt_stream(&mut self) { + if self.sessions_to_create_stream.is_empty() { + return; + } + let tuple = self.sessions_to_create_stream.pop().unwrap(); + let mut session = tuple.0; + let mut wt_server_stream = session.create_stream(tuple.1).unwrap(); + if tuple.1 == StreamType::UniDi { + if tuple.2 { + wt_server_stream.send_data(b"qwerty").unwrap(); + wt_server_stream.stream_close_send().unwrap(); + } else { + // relaying Http3ServerEvent::Data to uni streams + // slows down netwerk/test/unit/test_webtransport_simple.js + // to the point of failure. Only do so when necessary. + self.wt_unidi_conn_to_stream + .insert(wt_server_stream.conn.clone(), wt_server_stream); + } + } else { + if tuple.2 { + wt_server_stream.send_data(b"asdfg").unwrap(); + wt_server_stream.stream_close_send().unwrap(); + wt_server_stream + .stream_stop_sending(Error::HttpNoError.code()) + .unwrap(); + } else { + self.webtransport_bidi_stream.insert(wt_server_stream); + } + } + } +} + +impl HttpServer for Http3TestServer { + fn process(&mut self, dgram: Option) -> Output { + self.server.process(dgram.as_ref(), Instant::now()) + } + + fn process_events(&mut self) { + self.maybe_close_session(); + self.maybe_create_wt_stream(); + + while let Some(event) = self.server.next_event() { + qtrace!("Event: {:?}", event); + match event { + Http3ServerEvent::Headers { + mut stream, + headers, + fin, + } => { + qtrace!("Headers (request={} fin={}): {:?}", stream, fin, headers); + + // Some responses do not have content-type. This is on purpose to exercise + // UnknownDecoder code. + let default_ret = b"Hello World".to_vec(); + let default_headers = vec![ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-length", default_ret.len().to_string()), + Header::new( + "x-http3-conn-hash", + self.current_connection_hash.to_string(), + ), + ]; + + let path_hdr = headers.iter().find(|&h| h.name() == ":path"); + match path_hdr { + Some(ph) if !ph.value().is_empty() => { + let path = ph.value(); + qtrace!("Serve request {}", path); + if path == "/Response421" { + let response_body = b"0123456789".to_vec(); + stream + .send_headers(&[ + Header::new(":status", "421"), + Header::new("cache-control", "no-cache"), + Header::new("content-type", "text/plain"), + Header::new( + "content-length", + response_body.len().to_string(), + ), + ]) + .unwrap(); + self.new_response(stream, response_body); + } else if path == "/RequestCancelled" { + stream + .stream_stop_sending(Error::HttpRequestCancelled.code()) + .unwrap(); + stream + .stream_reset_send(Error::HttpRequestCancelled.code()) + .unwrap(); + } else if path == "/VersionFallback" { + stream + .stream_stop_sending(Error::HttpVersionFallback.code()) + .unwrap(); + stream + .stream_reset_send(Error::HttpVersionFallback.code()) + .unwrap(); + } else if path == "/EarlyResponse" { + stream + .stream_stop_sending(Error::HttpNoError.code()) + .unwrap(); + } else if path == "/RequestRejected" { + stream + .stream_stop_sending(Error::HttpRequestRejected.code()) + .unwrap(); + stream + .stream_reset_send(Error::HttpRequestRejected.code()) + .unwrap(); + } else if path == "/.well-known/http-opportunistic" { + let host_hdr = headers.iter().find(|&h| h.name() == ":authority"); + match host_hdr { + Some(host) if !host.value().is_empty() => { + let mut content = b"[\"http://".to_vec(); + content.extend(host.value().as_bytes()); + content.extend(b"\"]".to_vec()); + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-type", "application/json"), + Header::new( + "content-length", + content.len().to_string(), + ), + ]) + .unwrap(); + self.new_response(stream, content); + } + _ => { + stream.send_headers(&default_headers).unwrap(); + self.new_response(stream, default_ret); + } + } + } else if path == "/no_body" { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + ]) + .unwrap(); + stream.stream_close_send().unwrap(); + } else if path == "/no_content_length" { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + ]) + .unwrap(); + self.new_response(stream, vec![b'a'; 4000]); + } else if path == "/content_length_smaller" { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-type", "text/plain"), + Header::new("content-length", 4000.to_string()), + ]) + .unwrap(); + self.new_response(stream, vec![b'a'; 8000]); + } else if path == "/post" { + // Read all data before responding. + self.posts.insert(stream, 0); + } else if path == "/priority_mirror" { + if let Some(priority) = + headers.iter().find(|h| h.name() == "priority") + { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-type", "text/plain"), + Header::new("priority-mirror", priority.value()), + Header::new( + "content-length", + priority.value().len().to_string(), + ), + ]) + .unwrap(); + self.new_response(stream, priority.value().as_bytes().to_vec()); + } else { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + ]) + .unwrap(); + stream.stream_close_send().unwrap(); + } + } else if path == "/103_response" { + if let Some(early_hint) = + headers.iter().find(|h| h.name() == "link-to-set") + { + for l in early_hint.value().split(',') { + stream + .send_headers(&[ + Header::new(":status", "103"), + Header::new("link", l), + ]) + .unwrap(); + } + } + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-length", "0"), + ]) + .unwrap(); + stream.stream_close_send().unwrap(); + } else if path == "/get_webtransport_datagram" { + if let Some(vec_ref) = self.received_datagram.as_ref() { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new( + "content-length", + vec_ref.len().to_string(), + ), + ]) + .unwrap(); + self.new_response(stream, vec_ref.to_vec()); + self.received_datagram = None; + } else { + stream + .send_headers(&[ + Header::new(":status", "404"), + Header::new("cache-control", "no-cache"), + ]) + .unwrap(); + stream.stream_close_send().unwrap(); + } + } else { + match path.trim_matches(|p| p == '/').parse::() { + Ok(v) => { + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-type", "text/plain"), + Header::new("content-length", v.to_string()), + ]) + .unwrap(); + self.new_response(stream, vec![b'a'; v]); + } + Err(_) => { + stream.send_headers(&default_headers).unwrap(); + self.new_response(stream, default_ret); + } + } + } + } + _ => { + stream.send_headers(&default_headers).unwrap(); + self.new_response(stream, default_ret); + } + } + } + Http3ServerEvent::Data { + mut stream, + data, + fin, + } => { + // echo bidirectional input back to client + if self.webtransport_bidi_stream.contains(&stream) { + if stream.handler.borrow().state().active() { + self.new_response(stream, data); + } + break; + } + + // echo unidirectional input to back to client + // need to close or we hang + if self.wt_unidi_echo_back.contains_key(&stream) { + let mut echo_back = self.wt_unidi_echo_back.remove(&stream).unwrap(); + echo_back.send_data(&data).unwrap(); + echo_back.stream_close_send().unwrap(); + break; + } + + if let Some(r) = self.posts.get_mut(&stream) { + *r += data.len(); + } + if fin { + if let Some(r) = self.posts.remove(&stream) { + let default_ret = b"Hello World".to_vec(); + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("x-data-received-length", r.to_string()), + Header::new("content-length", default_ret.len().to_string()), + ]) + .unwrap(); + self.new_response(stream, default_ret); + } + } + } + Http3ServerEvent::DataWritable { stream } => self.handle_stream_writable(stream), + Http3ServerEvent::StateChange { conn, state } => { + if matches!(state, neqo_http3::Http3State::Connected) { + let mut h = DefaultHasher::new(); + conn.hash(&mut h); + self.current_connection_hash = h.finish(); + } + } + Http3ServerEvent::PriorityUpdate { .. } => {} + Http3ServerEvent::StreamReset { stream, error } => { + qtrace!("Http3ServerEvent::StreamReset {:?} {:?}", stream, error); + } + Http3ServerEvent::StreamStopSending { stream, error } => { + qtrace!( + "Http3ServerEvent::StreamStopSending {:?} {:?}", + stream, + error + ); + } + Http3ServerEvent::WebTransport(WebTransportServerEvent::NewSession { + mut session, + headers, + }) => { + qdebug!( + "WebTransportServerEvent::NewSession {:?} {:?}", + session, + headers + ); + let path_hdr = headers.iter().find(|&h| h.name() == ":path"); + match path_hdr { + Some(ph) if !ph.value().is_empty() => { + let path = ph.value(); + qtrace!("Serve request {}", path); + if path == "/success" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + } else if path == "/redirect" { + session + .response(&WebTransportSessionAcceptAction::Reject( + [ + Header::new(":status", "302"), + Header::new("location", "/"), + ] + .to_vec(), + )) + .unwrap(); + } else if path == "/reject" { + session + .response(&WebTransportSessionAcceptAction::Reject( + [Header::new(":status", "404")].to_vec(), + )) + .unwrap(); + } else if path == "/closeafter0ms" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + let now = Instant::now(); + if !self.sessions_to_close.contains_key(&now) { + self.sessions_to_close.insert(now, Vec::new()); + } + self.sessions_to_close.get_mut(&now).unwrap().push(session); + } else if path == "/closeafter100ms" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + let expires = Instant::now() + Duration::from_millis(100); + if !self.sessions_to_close.contains_key(&expires) { + self.sessions_to_close.insert(expires, Vec::new()); + } + self.sessions_to_close + .get_mut(&expires) + .unwrap() + .push(session); + } else if path == "/create_unidi_stream" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + self.sessions_to_create_stream.push(( + session, + StreamType::UniDi, + false, + )); + } else if path == "/create_unidi_stream_and_hello" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + self.sessions_to_create_stream.push(( + session, + StreamType::UniDi, + true, + )); + } else if path == "/create_bidi_stream" { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + self.sessions_to_create_stream.push(( + session, + StreamType::BiDi, + false, + )); + } else if path == "/create_bidi_stream_and_hello" { + self.webtransport_bidi_stream.clear(); + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + self.sessions_to_create_stream.push(( + session, + StreamType::BiDi, + true, + )); + } else { + session + .response(&WebTransportSessionAcceptAction::Accept) + .unwrap(); + } + } + _ => { + session + .response(&WebTransportSessionAcceptAction::Reject( + [Header::new(":status", "404")].to_vec(), + )) + .unwrap(); + } + } + } + Http3ServerEvent::WebTransport(WebTransportServerEvent::SessionClosed { + session, + reason, + headers: _, + }) => { + qdebug!( + "WebTransportServerEvent::SessionClosed {:?} {:?}", + session, + reason + ); + } + Http3ServerEvent::WebTransport(WebTransportServerEvent::NewStream(stream)) => { + // new stream could be from client-outgoing unidirectional + // or bidirectional + if !stream.stream_info.is_http() { + if stream.stream_id().is_bidi() { + self.webtransport_bidi_stream.insert(stream); + } else { + // Newly created stream happens on same connection + // as the stream creation for client's incoming stream. + // Link the streams with map for echo back + if self.wt_unidi_conn_to_stream.contains_key(&stream.conn) { + let s = self.wt_unidi_conn_to_stream.remove(&stream.conn).unwrap(); + self.wt_unidi_echo_back.insert(stream, s); + } + } + } + } + Http3ServerEvent::WebTransport(WebTransportServerEvent::Datagram { + session, + datagram, + }) => { + qdebug!( + "WebTransportServerEvent::Datagram {:?} {:?}", + session, + datagram + ); + self.received_datagram = Some(datagram); + } + } + } + } + + fn get_timeout(&self) -> Option { + if let Some(next) = self.sessions_to_close.keys().min() { + return Some(max(*next - Instant::now(), Duration::from_millis(0))); + } + None + } +} + +impl HttpServer for Server { + fn process(&mut self, dgram: Option) -> Output { + self.process(dgram.as_ref(), Instant::now()) + } + + fn process_events(&mut self) { + let active_conns = self.active_connections(); + for mut acr in active_conns { + loop { + let event = match acr.borrow_mut().next_event() { + None => break, + Some(e) => e, + }; + match event { + ConnectionEvent::RecvStreamReadable { stream_id } => { + if stream_id.is_bidi() && stream_id.is_client_initiated() { + // We are only interesting in request streams + acr.borrow_mut() + .stream_send(stream_id, HTTP_RESPONSE_WITH_WRONG_FRAME) + .expect("Read should succeed"); + } + } + _ => {} + } + } + } + } +} + +struct Http3ProxyServer { + server: Http3Server, + responses: HashMap>, + server_port: i32, + request_header: HashMap>, + request_body: HashMap>, + #[cfg(not(target_os = "android"))] + stream_map: HashMap, + #[cfg(not(target_os = "android"))] + response_to_send: HashMap, Vec)>>, +} + +impl ::std::fmt::Display for Http3ProxyServer { + fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result { + write!(f, "{}", self.server) + } +} + +impl Http3ProxyServer { + pub fn new(server: Http3Server, server_port: i32) -> Self { + Self { + server, + responses: HashMap::new(), + server_port, + request_header: HashMap::new(), + request_body: HashMap::new(), + #[cfg(not(target_os = "android"))] + stream_map: HashMap::new(), + #[cfg(not(target_os = "android"))] + response_to_send: HashMap::new(), + } + } + + #[cfg(not(target_os = "android"))] + fn new_response(&mut self, mut stream: Http3OrWebTransportStream, mut data: Vec) { + if data.len() == 0 { + let _ = stream.stream_close_send(); + return; + } + match stream.send_data(&data) { + Ok(sent) => { + if sent < data.len() { + self.responses.insert(stream, data.split_off(sent)); + } else { + stream.stream_close_send().unwrap(); + } + } + Err(e) => { + eprintln!("error is {:?}, stream will be reset", e); + let _ = stream.stream_reset_send(Error::HttpRequestCancelled.code()); + } + } + } + + fn handle_stream_writable(&mut self, mut stream: Http3OrWebTransportStream) { + if let Some(data) = self.responses.get_mut(&stream) { + match stream.send_data(&data) { + Ok(sent) => { + if sent < data.len() { + let new_d = (*data).split_off(sent); + *data = new_d; + } else { + stream.stream_close_send().unwrap(); + self.responses.remove(&stream); + } + } + Err(_) => { + eprintln!("Unexpected error"); + } + } + } + } + + #[cfg(not(target_os = "android"))] + async fn fetch_url( + request: hyper::Request, + out_header: &mut Vec
, + out_body: &mut Vec, + ) -> Result<(), Box> { + let client = Client::new(); + let mut resp = client.request(request).await?; + out_header.push(Header::new(":status", resp.status().as_str())); + for (key, value) in resp.headers() { + out_header.push(Header::new( + key.as_str().to_ascii_lowercase(), + match value.to_str() { + Ok(str) => str, + _ => "", + }, + )); + } + + while let Some(chunk) = resp.body_mut().data().await { + match chunk { + Ok(data) => { + out_body.append(&mut data.to_vec()); + } + _ => {} + } + } + + Ok(()) + } + + #[cfg(not(target_os = "android"))] + fn fetch( + &mut self, + mut stream: Http3OrWebTransportStream, + request_headers: &Vec
, + request_body: Vec, + ) { + let mut request: hyper::Request = Request::default(); + let mut path = String::new(); + for hdr in request_headers.iter() { + match hdr.name() { + ":method" => { + *request.method_mut() = Method::from_bytes(hdr.value().as_bytes()).unwrap(); + } + ":scheme" => {} + ":authority" => { + request.headers_mut().insert( + hyper::header::HOST, + HeaderValue::from_str(hdr.value()).unwrap(), + ); + } + ":path" => { + path = String::from(hdr.value()); + } + _ => { + if let Ok(hdr_name) = HeaderName::from_lowercase(hdr.name().as_bytes()) { + request + .headers_mut() + .insert(hdr_name, HeaderValue::from_str(hdr.value()).unwrap()); + } + } + } + } + *request.body_mut() = Body::from(request_body); + *request.uri_mut() = + match format!("http://127.0.0.1:{}{}", self.server_port.to_string(), path).parse() { + Ok(uri) => uri, + _ => { + eprintln!("invalid uri: {}", path); + stream + .send_headers(&[ + Header::new(":status", "400"), + Header::new("cache-control", "no-cache"), + Header::new("content-length", "0"), + ]) + .unwrap(); + return; + } + }; + qtrace!("request header: {:?}", request); + + let (sender, receiver) = channel(); + thread::spawn(move || { + let rt = tokio::runtime::Runtime::new().unwrap(); + let mut h: Vec
= Vec::new(); + let mut data: Vec = Vec::new(); + let _ = rt.block_on(Self::fetch_url(request, &mut h, &mut data)); + qtrace!("response headers: {:?}", h); + qtrace!("res data: {:02X?}", data); + + match sender.send((h, data)) { + Ok(()) => {} + _ => { + eprintln!("sender.send failed"); + } + } + }); + + self.response_to_send.insert(stream.stream_id(), receiver); + self.stream_map.insert(stream.stream_id(), stream); + } + + #[cfg(target_os = "android")] + fn fetch( + &mut self, + mut _stream: Http3OrWebTransportStream, + _request_headers: &Vec
, + _request_body: Vec, + ) { + // do nothing + } + + #[cfg(not(target_os = "android"))] + fn maybe_process_response(&mut self) { + let mut data_to_send = HashMap::new(); + self.response_to_send + .retain(|id, receiver| match receiver.try_recv() { + Ok((headers, body)) => { + data_to_send.insert(*id, (headers.clone(), body.clone())); + false + } + Err(TryRecvError::Empty) => true, + Err(TryRecvError::Disconnected) => false, + }); + while let Some(id) = data_to_send.keys().next().cloned() { + let mut stream = self.stream_map.remove(&id).unwrap(); + let (header, data) = data_to_send.remove(&id).unwrap(); + qtrace!("response headers: {:?}", header); + match stream.send_headers(&header) { + Ok(()) => { + self.new_response(stream, data); + } + _ => {} + } + } + } +} + +impl HttpServer for Http3ProxyServer { + fn process(&mut self, dgram: Option) -> Output { + self.server.process(dgram.as_ref(), Instant::now()) + } + + fn process_events(&mut self) { + #[cfg(not(target_os = "android"))] + self.maybe_process_response(); + while let Some(event) = self.server.next_event() { + qtrace!("Event: {:?}", event); + match event { + Http3ServerEvent::Headers { + mut stream, + headers, + fin: _, + } => { + qtrace!("Headers {:?}", headers); + if self.server_port != -1 { + let method_hdr = headers.iter().find(|&h| h.name() == ":method"); + match method_hdr { + Some(method) => match method.value() { + "POST" => { + let content_length = + headers.iter().find(|&h| h.name() == "content-length"); + if let Some(length_str) = content_length { + if let Ok(len) = length_str.value().parse::() { + if len > 0 { + self.request_header + .insert(stream.stream_id(), headers); + self.request_body + .insert(stream.stream_id(), Vec::new()); + } else { + self.fetch(stream, &headers, b"".to_vec()); + } + } + } + } + _ => { + self.fetch(stream, &headers, b"".to_vec()); + } + }, + _ => {} + } + } else { + let path_hdr = headers.iter().find(|&h| h.name() == ":path"); + match path_hdr { + Some(ph) if !ph.value().is_empty() => { + let path = ph.value(); + match &path[..6] { + "/port?" => { + let port = path[6..].parse::(); + if let Ok(port) = port { + qtrace!("got port {}", port); + self.server_port = port; + } + } + _ => {} + } + } + _ => {} + } + stream + .send_headers(&[ + Header::new(":status", "200"), + Header::new("cache-control", "no-cache"), + Header::new("content-length", "0"), + ]) + .unwrap(); + } + } + Http3ServerEvent::Data { + stream, + mut data, + fin, + } => { + if let Some(d) = self.request_body.get_mut(&stream.stream_id()) { + d.append(&mut data); + } + if fin { + if let Some(d) = self.request_body.remove(&stream.stream_id()) { + let headers = self.request_header.remove(&stream.stream_id()).unwrap(); + self.fetch(stream, &headers, d); + } + } + } + Http3ServerEvent::DataWritable { stream } => self.handle_stream_writable(stream), + Http3ServerEvent::StateChange { .. } | Http3ServerEvent::PriorityUpdate { .. } => {} + Http3ServerEvent::StreamReset { stream, error } => { + qtrace!("Http3ServerEvent::StreamReset {:?} {:?}", stream, error); + } + Http3ServerEvent::StreamStopSending { stream, error } => { + qtrace!( + "Http3ServerEvent::StreamStopSending {:?} {:?}", + stream, + error + ); + } + Http3ServerEvent::WebTransport(_) => {} + } + } + } +} + +#[derive(Default)] +struct NonRespondingServer {} + +impl ::std::fmt::Display for NonRespondingServer { + fn fmt(&self, f: &mut ::std::fmt::Formatter) -> ::std::fmt::Result { + write!(f, "NonRespondingServer") + } +} + +impl HttpServer for NonRespondingServer { + fn process(&mut self, _dgram: Option) -> Output { + Output::None + } + + fn process_events(&mut self) {} +} + +fn emit_packet(socket: &UdpSocket, out_dgram: Datagram) { + let res = match socket.send_to(&out_dgram, &out_dgram.destination()) { + Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => 0, + Err(err) => { + eprintln!("UDP send error: {:?}", err); + exit(1); + } + Ok(res) => res, + }; + if res != out_dgram.len() { + qinfo!("Unable to send all {} bytes of datagram", out_dgram.len()); + } +} + +fn process( + server: &mut dyn HttpServer, + svr_timeout: &mut Option, + inx: usize, + dgram: Option, + timer: &mut Timer, + socket: &mut UdpSocket, +) -> bool { + match server.process(dgram) { + Output::Datagram(dgram) => { + emit_packet(socket, dgram); + true + } + Output::Callback(mut new_timeout) => { + if let Some(t) = server.get_timeout() { + new_timeout = min(new_timeout, t); + } + if let Some(svr_timeout) = svr_timeout { + timer.cancel_timeout(svr_timeout); + } + + qinfo!("Setting timeout of {:?} for {}", new_timeout, server); + if new_timeout > Duration::from_secs(1) { + new_timeout = Duration::from_millis(500); + } + *svr_timeout = Some(timer.set_timeout(new_timeout, inx)); + false + } + Output::None => { + qdebug!("Output::None"); + false + } + } +} + +fn read_dgram( + socket: &mut UdpSocket, + local_address: &SocketAddr, +) -> Result, io::Error> { + let buf = &mut [0u8; 2048]; + let res = socket.recv_from(&mut buf[..]); + if let Some(err) = res.as_ref().err() { + if err.kind() != io::ErrorKind::WouldBlock { + eprintln!("UDP recv error: {:?}", err); + } + return Ok(None); + }; + + let (sz, remote_addr) = res.unwrap(); + if sz == buf.len() { + eprintln!("Might have received more than {} bytes", buf.len()); + } + + if sz == 0 { + eprintln!("zero length datagram received?"); + Ok(None) + } else { + Ok(Some(Datagram::new( + remote_addr, + *local_address, + IpTos::default(), + None, + &buf[..sz], + ))) + } +} + +enum ServerType { + Http3, + Http3Fail, + Http3NoResponse, + Http3Ech, + Http3Proxy, +} + +struct ServersRunner { + hosts: Vec, + poll: Poll, + sockets: Vec, + servers: HashMap, Option)>, + timer: Timer, + active_servers: HashSet, + ech_config: Vec, +} + +impl ServersRunner { + pub fn new() -> Result { + Ok(Self { + hosts: Vec::new(), + poll: Poll::new()?, + sockets: Vec::new(), + servers: HashMap::new(), + timer: Builder::default() + .tick_duration(Duration::from_millis(1)) + .build::(), + active_servers: HashSet::new(), + ech_config: Vec::new(), + }) + } + + pub fn init(&mut self) { + self.add_new_socket(0, ServerType::Http3, 0); + self.add_new_socket(1, ServerType::Http3Fail, 0); + self.add_new_socket(2, ServerType::Http3Ech, 0); + + let proxy_port = match env::var("MOZ_HTTP3_PROXY_PORT") { + Ok(val) => val.parse::().unwrap(), + _ => 0, + }; + self.add_new_socket(3, ServerType::Http3Proxy, proxy_port); + self.add_new_socket(5, ServerType::Http3NoResponse, 0); + + println!( + "HTTP3 server listening on ports {}, {}, {}, {} and {}. EchConfig is @{}@", + self.hosts[0].port(), + self.hosts[1].port(), + self.hosts[2].port(), + self.hosts[3].port(), + self.hosts[4].port(), + BASE64_STANDARD.encode(&self.ech_config) + ); + self.poll + .register(&self.timer, TIMER_TOKEN, Ready::readable(), PollOpt::edge()) + .unwrap(); + } + + fn add_new_socket(&mut self, count: usize, server_type: ServerType, port: u16) -> u16 { + let addr = format!("127.0.0.1:{}", port).parse().unwrap(); + + let socket = match UdpSocket::bind(&addr) { + Err(err) => { + eprintln!("Unable to bind UDP socket: {}", err); + exit(1) + } + Ok(s) => s, + }; + + let local_addr = match socket.local_addr() { + Err(err) => { + eprintln!("Socket local address not bound: {}", err); + exit(1) + } + Ok(s) => s, + }; + + self.hosts.push(local_addr); + + self.poll + .register( + &socket, + Token(count), + Ready::readable() | Ready::writable(), + PollOpt::edge(), + ) + .unwrap(); + + self.sockets.push(socket); + let server = self.create_server(server_type); + self.servers.insert(local_addr, (server, None)); + local_addr.port() + } + + fn create_server(&mut self, server_type: ServerType) -> Box { + let anti_replay = AntiReplay::new(Instant::now(), Duration::from_secs(10), 7, 14) + .expect("unable to setup anti-replay"); + let cid_mgr = Rc::new(RefCell::new(RandomConnectionIdGenerator::new(10))); + + match server_type { + ServerType::Http3 => Box::new(Http3TestServer::new( + Http3Server::new( + Instant::now(), + &[" HTTP2 Test Cert"], + PROTOCOLS, + anti_replay, + cid_mgr, + Http3Parameters::default() + .max_table_size_encoder(MAX_TABLE_SIZE) + .max_table_size_decoder(MAX_TABLE_SIZE) + .max_blocked_streams(MAX_BLOCKED_STREAMS) + .webtransport(true) + .connection_parameters(ConnectionParameters::default().datagram_size(1200)), + None, + ) + .expect("We cannot make a server!"), + )), + ServerType::Http3Fail => Box::new( + Server::new( + Instant::now(), + &[" HTTP2 Test Cert"], + PROTOCOLS, + anti_replay, + Box::new(AllowZeroRtt {}), + cid_mgr, + ConnectionParameters::default(), + ) + .expect("We cannot make a server!"), + ), + ServerType::Http3NoResponse => Box::new(NonRespondingServer::default()), + ServerType::Http3Ech => { + let mut server = Box::new(Http3TestServer::new( + Http3Server::new( + Instant::now(), + &[" HTTP2 Test Cert"], + PROTOCOLS, + anti_replay, + cid_mgr, + Http3Parameters::default() + .max_table_size_encoder(MAX_TABLE_SIZE) + .max_table_size_decoder(MAX_TABLE_SIZE) + .max_blocked_streams(MAX_BLOCKED_STREAMS), + None, + ) + .expect("We cannot make a server!"), + )); + let ref mut unboxed_server = (*server).server; + let (sk, pk) = generate_ech_keys().unwrap(); + unboxed_server + .enable_ech(ECH_CONFIG_ID, ECH_PUBLIC_NAME, &sk, &pk) + .expect("unable to enable ech"); + self.ech_config = Vec::from(unboxed_server.ech_config()); + server + } + ServerType::Http3Proxy => { + let server_config = if env::var("MOZ_HTTP3_MOCHITEST").is_ok() { + ("mochitest-cert", 8888) + } else { + (" HTTP2 Test Cert", -1) + }; + let server = Box::new(Http3ProxyServer::new( + Http3Server::new( + Instant::now(), + &[server_config.0], + PROTOCOLS, + anti_replay, + cid_mgr, + Http3Parameters::default() + .max_table_size_encoder(MAX_TABLE_SIZE) + .max_table_size_decoder(MAX_TABLE_SIZE) + .max_blocked_streams(MAX_BLOCKED_STREAMS) + .webtransport(true) + .connection_parameters( + ConnectionParameters::default().datagram_size(1200), + ), + None, + ) + .expect("We cannot make a server!"), + server_config.1, + )); + server + } + } + } + + fn process_datagrams_and_events( + &mut self, + inx: usize, + read_socket: bool, + ) -> Result<(), io::Error> { + if let Some(socket) = self.sockets.get_mut(inx) { + if let Some((ref mut server, svr_timeout)) = + self.servers.get_mut(&socket.local_addr().unwrap()) + { + if read_socket { + loop { + let dgram = read_dgram(socket, &self.hosts[inx])?; + if dgram.is_none() { + break; + } + let _ = process( + &mut **server, + svr_timeout, + inx, + dgram, + &mut self.timer, + socket, + ); + } + } else { + let _ = process( + &mut **server, + svr_timeout, + inx, + None, + &mut self.timer, + socket, + ); + } + server.process_events(); + if process( + &mut **server, + svr_timeout, + inx, + None, + &mut self.timer, + socket, + ) { + self.active_servers.insert(inx); + } + } + } + Ok(()) + } + + fn process_active_conns(&mut self) -> Result<(), io::Error> { + let curr_active = mem::take(&mut self.active_servers); + for inx in curr_active { + self.process_datagrams_and_events(inx, false)?; + } + Ok(()) + } + + fn process_timeout(&mut self) -> Result<(), io::Error> { + while let Some(inx) = self.timer.poll() { + qinfo!("Timer expired for {:?}", inx); + self.process_datagrams_and_events(inx, false)?; + } + Ok(()) + } + + pub fn run(&mut self) -> Result<(), io::Error> { + let mut events = Events::with_capacity(1024); + loop { + // If there are active servers do not block in poll. + self.poll.poll( + &mut events, + if self.active_servers.is_empty() { + None + } else { + Some(Duration::from_millis(0)) + }, + )?; + + for event in &events { + if event.token() == TIMER_TOKEN { + self.process_timeout()?; + } else { + self.process_datagrams_and_events( + event.token().0, + event.readiness().is_readable(), + )?; + } + } + self.process_active_conns()?; + } + } +} + +fn main() -> Result<(), io::Error> { + let args: Vec = env::args().collect(); + if args.len() < 2 { + eprintln!("Wrong arguments."); + exit(1) + } + + // Read data from stdin and terminate the server if EOF is detected, which + // means that runxpcshelltests.py ended without shutting down the server. + thread::spawn(|| loop { + let mut buffer = String::new(); + match io::stdin().read_line(&mut buffer) { + Ok(n) => { + if n == 0 { + exit(0); + } + } + Err(_) => { + exit(0); + } + } + }); + + init_db(PathBuf::from(args[1].clone())); + + let mut servers_runner = ServersRunner::new()?; + servers_runner.init(); + servers_runner.run() +} diff --git a/netwerk/test/http3serverDB/cert9.db b/netwerk/test/http3serverDB/cert9.db new file mode 100644 index 0000000000..173c4fff61 Binary files /dev/null and b/netwerk/test/http3serverDB/cert9.db differ diff --git a/netwerk/test/http3serverDB/key4.db b/netwerk/test/http3serverDB/key4.db new file mode 100644 index 0000000000..a06bec3684 Binary files /dev/null and b/netwerk/test/http3serverDB/key4.db differ diff --git a/netwerk/test/http3serverDB/pkcs11.txt b/netwerk/test/http3serverDB/pkcs11.txt new file mode 100644 index 0000000000..2f1a4bfb5b --- /dev/null +++ b/netwerk/test/http3serverDB/pkcs11.txt @@ -0,0 +1,4 @@ +library= +name=NSS Internal PKCS #11 Module +parameters=configdir='.' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' +NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) diff --git a/netwerk/test/httpserver/README b/netwerk/test/httpserver/README new file mode 100644 index 0000000000..97624789ca --- /dev/null +++ b/netwerk/test/httpserver/README @@ -0,0 +1,101 @@ +httpd.js README +=============== + +httpd.js is a small cross-platform implementation of an HTTP/1.1 server in +JavaScript for the Mozilla platform. + +httpd.js may be used as an XPCOM component, as an inline script in a document +with XPCOM privileges, or from the XPCOM shell (xpcshell). Currently, its most- +supported method of use is from the XPCOM shell, where you can get all the +dynamicity of JS in adding request handlers and the like, but component-based +equivalent functionality is planned. + + +Using httpd.js as an XPCOM Component +------------------------------------ + +First, create an XPT file for nsIHttpServer.idl, using the xpidl tool included +in the Mozilla SDK for the environment in which you wish to run httpd.js. See + for further details on how to +do this. + +Next, register httpd.js and nsIHttpServer.xpt in your Mozilla application. In +Firefox, these simply need to be added to the /components directory of your XPI. +Other applications may require use of regxpcom or other techniques; consult the +applicable documentation for further details. + +Finally, load httpd.js into the current file, and create an instance of the +server using the following command: + + var server = new nsHttpServer(); + +At this point you'll want to initialize the server, since by default it doesn't +serve many useful paths. For more information on this, see the IDL docs for the +nsIHttpServer interface in nsIHttpServer.idl, particularly for +registerDirectory (useful for mapping the contents of directories onto request +paths), registerPathHandler (for setting a custom handler for a specific path on +the server, such as CGI functionality), and registerFile (for mapping a file to +a specific path). + +Finally, you'll want to start (and later stop) the server. Here's some example +code which does this: + + server.start(8080); // port on which server will operate + + // ...server now runs and serves requests... + + server.stop(); + +This server will only respond to requests on 127.0.0.1:8080 or localhost:8080. +If you want it to respond to requests at different hosts (say via a proxy +mechanism), you must use server.identity.add() or server.identity.setPrimary() +to add it. + + +Using httpd.js as an Inline Script or from xpcshell +--------------------------------------------------- + +Using httpd.js as a script or from xpcshell isn't very different from using it +as a component; the only real difference lies in how you create an instance of +the server. To create an instance, do the following: + + var server = new nsHttpServer(); + +You now can use |server| exactly as you would when |server| was created as an +XPCOM component. Note, however, that doing so will trample over the global +namespace, and global values defined in httpd.js will leak into your script. +This may typically be benign, but since some of the global values defined are +constants (specifically, Cc/Ci/Cr as abbreviations for the classes, interfaces, +and results properties of Components), it's possible this trampling could +break your script. In general you should use httpd.js as an XPCOM component +whenever possible. + + +Known Issues +------------ + +httpd.js makes no effort to time out requests, beyond any the socket itself +might or might not provide. I don't believe it provides any by default, but +I haven't verified this. + +Every incoming request is processed by the corresponding request handler +synchronously. In other words, once the first CRLFCRLF of a request is +received, the entire response is created before any new incoming requests can be +served. I anticipate adding asynchronous handler functionality in bug 396226, +but it may be some time before that happens. + +There is no way to access the body of an incoming request. This problem is +merely a symptom of the previous one, and they will probably both be addressed +at the same time. + + +Other Goodies +------------- + +A special testing function, |server|, is provided for use in xpcshell for quick +testing of the server; see the source code for details on its use. You don't +want to use this in a script, however, because doing so will block until the +server is shut down. It's also a good example of how to use the basic +functionality of httpd.js, if you need one. + +Have fun! diff --git a/netwerk/test/httpserver/TODO b/netwerk/test/httpserver/TODO new file mode 100644 index 0000000000..3a95466117 --- /dev/null +++ b/netwerk/test/httpserver/TODO @@ -0,0 +1,17 @@ +Bugs to fix: +- make content-length generation not rely on .available() returning the entire + size of the body stream's contents -- some sort of wrapper (but how does that + work for the unscriptable method WriteSegments, which is good to support from + a performance standpoint?) + +Ideas for future improvements: +- add API to disable response buffering which, when called, causes errors when + you try to do anything other than write to the body stream (i.e., modify + headers or status line) once you've written anything to it -- useful when + storing the entire response in memory is unfeasible (e.g., you're testing + >4GB download characteristics) +- add an API which performs asynchronous response processing (instead of + nsIHttpRequestHandler.handle, which must construct the response before control + returns; |void asyncHandle(request, response)|) -- useful, and can it be done + in JS? +- other awesomeness? diff --git a/netwerk/test/httpserver/httpd.sys.mjs b/netwerk/test/httpserver/httpd.sys.mjs new file mode 100644 index 0000000000..569e4d1489 --- /dev/null +++ b/netwerk/test/httpserver/httpd.sys.mjs @@ -0,0 +1,5576 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * An implementation of an HTTP server both as a loadable script and as an XPCOM + * component. See the accompanying README file for user documentation on + * httpd.js. + */ + +const CC = Components.Constructor; + +const PR_UINT32_MAX = Math.pow(2, 32) - 1; + +/** True if debugging output is enabled, false otherwise. */ +var DEBUG = false; // non-const *only* so tweakable in server tests + +/** True if debugging output should be timestamped. */ +var DEBUG_TIMESTAMP = false; // non-const so tweakable in server tests + +/** + * Sets the debugging status, intended for tweaking in server tests. + * + * @param {boolean} debug + * Enables debugging output + * @param {boolean} debugTimestamp + * Enables timestamping of the debugging output. + */ +export function setDebuggingStatus(debug, debugTimestamp) { + DEBUG = debug; + DEBUG_TIMESTAMP = debugTimestamp; +} + +import { AppConstants } from "resource://gre/modules/AppConstants.sys.mjs"; + +/** + * Asserts that the given condition holds. If it doesn't, the given message is + * dumped, a stack trace is printed, and an exception is thrown to attempt to + * stop execution (which unfortunately must rely upon the exception not being + * accidentally swallowed by the code that uses it). + */ +function NS_ASSERT(cond, msg) { + if (DEBUG && !cond) { + dumpn("###!!!"); + dumpn("###!!! ASSERTION" + (msg ? ": " + msg : "!")); + dumpn("###!!! Stack follows:"); + + var stack = new Error().stack.split(/\n/); + dumpn( + stack + .map(function (val) { + return "###!!! " + val; + }) + .join("\n") + ); + + throw Components.Exception("", Cr.NS_ERROR_ABORT); + } +} + +/** Constructs an HTTP error object. */ +export function HttpError(code, description) { + this.code = code; + this.description = description; +} + +HttpError.prototype = { + toString() { + return this.code + " " + this.description; + }, +}; + +/** + * Errors thrown to trigger specific HTTP server responses. + */ +export var HTTP_400 = new HttpError(400, "Bad Request"); + +export var HTTP_401 = new HttpError(401, "Unauthorized"); +export var HTTP_402 = new HttpError(402, "Payment Required"); +export var HTTP_403 = new HttpError(403, "Forbidden"); +export var HTTP_404 = new HttpError(404, "Not Found"); +export var HTTP_405 = new HttpError(405, "Method Not Allowed"); +export var HTTP_406 = new HttpError(406, "Not Acceptable"); +export var HTTP_407 = new HttpError(407, "Proxy Authentication Required"); +export var HTTP_408 = new HttpError(408, "Request Timeout"); +export var HTTP_409 = new HttpError(409, "Conflict"); +export var HTTP_410 = new HttpError(410, "Gone"); +export var HTTP_411 = new HttpError(411, "Length Required"); +export var HTTP_412 = new HttpError(412, "Precondition Failed"); +export var HTTP_413 = new HttpError(413, "Request Entity Too Large"); +export var HTTP_414 = new HttpError(414, "Request-URI Too Long"); +export var HTTP_415 = new HttpError(415, "Unsupported Media Type"); +export var HTTP_417 = new HttpError(417, "Expectation Failed"); +export var HTTP_500 = new HttpError(500, "Internal Server Error"); +export var HTTP_501 = new HttpError(501, "Not Implemented"); +export var HTTP_502 = new HttpError(502, "Bad Gateway"); +export var HTTP_503 = new HttpError(503, "Service Unavailable"); +export var HTTP_504 = new HttpError(504, "Gateway Timeout"); +export var HTTP_505 = new HttpError(505, "HTTP Version Not Supported"); + +/** Creates a hash with fields corresponding to the values in arr. */ +function array2obj(arr) { + var obj = {}; + for (var i = 0; i < arr.length; i++) { + obj[arr[i]] = arr[i]; + } + return obj; +} + +/** Returns an array of the integers x through y, inclusive. */ +function range(x, y) { + var arr = []; + for (var i = x; i <= y; i++) { + arr.push(i); + } + return arr; +} + +/** An object (hash) whose fields are the numbers of all HTTP error codes. */ +const HTTP_ERROR_CODES = array2obj(range(400, 417).concat(range(500, 505))); + +/** + * The character used to distinguish hidden files from non-hidden files, a la + * the leading dot in Apache. Since that mechanism also hides files from + * easy display in LXR, ls output, etc. however, we choose instead to use a + * suffix character. If a requested file ends with it, we append another + * when getting the file on the server. If it doesn't, we just look up that + * file. Therefore, any file whose name ends with exactly one of the character + * is "hidden" and available for use by the server. + */ +const HIDDEN_CHAR = "^"; + +/** + * The file name suffix indicating the file containing overridden headers for + * a requested file. + */ +const HEADERS_SUFFIX = HIDDEN_CHAR + "headers" + HIDDEN_CHAR; +const INFORMATIONAL_RESPONSE_SUFFIX = + HIDDEN_CHAR + "informationalResponse" + HIDDEN_CHAR; + +/** Type used to denote SJS scripts for CGI-like functionality. */ +const SJS_TYPE = "sjs"; + +/** Base for relative timestamps produced by dumpn(). */ +var firstStamp = 0; + +/** dump(str) with a trailing "\n" -- only outputs if DEBUG. */ +export function dumpn(str) { + if (DEBUG) { + var prefix = "HTTPD-INFO | "; + if (DEBUG_TIMESTAMP) { + if (firstStamp === 0) { + firstStamp = Date.now(); + } + + var elapsed = Date.now() - firstStamp; // milliseconds + var min = Math.floor(elapsed / 60000); + var sec = (elapsed % 60000) / 1000; + + if (sec < 10) { + prefix += min + ":0" + sec.toFixed(3) + " | "; + } else { + prefix += min + ":" + sec.toFixed(3) + " | "; + } + } + + dump(prefix + str + "\n"); + } +} + +/** Dumps the current JS stack if DEBUG. */ +function dumpStack() { + // peel off the frames for dumpStack() and Error() + var stack = new Error().stack.split(/\n/).slice(2); + stack.forEach(dumpn); +} + +/** + * JavaScript constructors for commonly-used classes; precreating these is a + * speedup over doing the same from base principles. See the docs at + * http://developer.mozilla.org/en/docs/Components.Constructor for details. + */ +const ServerSocket = CC( + "@mozilla.org/network/server-socket;1", + "nsIServerSocket", + "init" +); +const ServerSocketIPv6 = CC( + "@mozilla.org/network/server-socket;1", + "nsIServerSocket", + "initIPv6" +); +const ServerSocketDualStack = CC( + "@mozilla.org/network/server-socket;1", + "nsIServerSocket", + "initDualStack" +); +const ScriptableInputStream = CC( + "@mozilla.org/scriptableinputstream;1", + "nsIScriptableInputStream", + "init" +); +const Pipe = CC("@mozilla.org/pipe;1", "nsIPipe", "init"); +const FileInputStream = CC( + "@mozilla.org/network/file-input-stream;1", + "nsIFileInputStream", + "init" +); +const ConverterInputStream = CC( + "@mozilla.org/intl/converter-input-stream;1", + "nsIConverterInputStream", + "init" +); +const WritablePropertyBag = CC( + "@mozilla.org/hash-property-bag;1", + "nsIWritablePropertyBag2" +); +const SupportsString = CC( + "@mozilla.org/supports-string;1", + "nsISupportsString" +); + +/* These two are non-const only so a test can overwrite them. */ +var BinaryInputStream = CC( + "@mozilla.org/binaryinputstream;1", + "nsIBinaryInputStream", + "setInputStream" +); +var BinaryOutputStream = CC( + "@mozilla.org/binaryoutputstream;1", + "nsIBinaryOutputStream", + "setOutputStream" +); + +export function overrideBinaryStreamsForTests( + inputStream, + outputStream, + responseSegmentSize +) { + BinaryInputStream = inputStream; + BinaryOutputStream = outputStream; + Response.SEGMENT_SIZE = responseSegmentSize; +} + +/** + * Returns the RFC 822/1123 representation of a date. + * + * @param date : Number + * the date, in milliseconds from midnight (00:00:00), January 1, 1970 GMT + * @returns string + * the representation of the given date + */ +function toDateString(date) { + // + // rfc1123-date = wkday "," SP date1 SP time SP "GMT" + // date1 = 2DIGIT SP month SP 4DIGIT + // ; day month year (e.g., 02 Jun 1982) + // time = 2DIGIT ":" 2DIGIT ":" 2DIGIT + // ; 00:00:00 - 23:59:59 + // wkday = "Mon" | "Tue" | "Wed" + // | "Thu" | "Fri" | "Sat" | "Sun" + // month = "Jan" | "Feb" | "Mar" | "Apr" + // | "May" | "Jun" | "Jul" | "Aug" + // | "Sep" | "Oct" | "Nov" | "Dec" + // + + const wkdayStrings = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"]; + const monthStrings = [ + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec", + ]; + + /** + * Processes a date and returns the encoded UTC time as a string according to + * the format specified in RFC 2616. + * + * @param date : Date + * the date to process + * @returns string + * a string of the form "HH:MM:SS", ranging from "00:00:00" to "23:59:59" + */ + function toTime(date) { + var hrs = date.getUTCHours(); + var rv = hrs < 10 ? "0" + hrs : hrs; + + var mins = date.getUTCMinutes(); + rv += ":"; + rv += mins < 10 ? "0" + mins : mins; + + var secs = date.getUTCSeconds(); + rv += ":"; + rv += secs < 10 ? "0" + secs : secs; + + return rv; + } + + /** + * Processes a date and returns the encoded UTC date as a string according to + * the date1 format specified in RFC 2616. + * + * @param date : Date + * the date to process + * @returns string + * a string of the form "HH:MM:SS", ranging from "00:00:00" to "23:59:59" + */ + function toDate1(date) { + var day = date.getUTCDate(); + var month = date.getUTCMonth(); + var year = date.getUTCFullYear(); + + var rv = day < 10 ? "0" + day : day; + rv += " " + monthStrings[month]; + rv += " " + year; + + return rv; + } + + date = new Date(date); + + const fmtString = "%wkday%, %date1% %time% GMT"; + var rv = fmtString.replace("%wkday%", wkdayStrings[date.getUTCDay()]); + rv = rv.replace("%time%", toTime(date)); + return rv.replace("%date1%", toDate1(date)); +} + +/** + * Instantiates a new HTTP server. + */ +export function nsHttpServer() { + /** The port on which this server listens. */ + this._port = undefined; + + /** The socket associated with this. */ + this._socket = null; + + /** The handler used to process requests to this server. */ + this._handler = new ServerHandler(this); + + /** Naming information for this server. */ + this._identity = new ServerIdentity(); + + /** + * Indicates when the server is to be shut down at the end of the request. + */ + this._doQuit = false; + + /** + * True if the socket in this is closed (and closure notifications have been + * sent and processed if the socket was ever opened), false otherwise. + */ + this._socketClosed = true; + + /** + * Used for tracking existing connections and ensuring that all connections + * are properly cleaned up before server shutdown; increases by 1 for every + * new incoming connection. + */ + this._connectionGen = 0; + + /** + * Hash of all open connections, indexed by connection number at time of + * creation. + */ + this._connections = {}; +} + +nsHttpServer.prototype = { + // NSISERVERSOCKETLISTENER + + /** + * Processes an incoming request coming in on the given socket and contained + * in the given transport. + * + * @param socket : nsIServerSocket + * the socket through which the request was served + * @param trans : nsISocketTransport + * the transport for the request/response + * @see nsIServerSocketListener.onSocketAccepted + */ + onSocketAccepted(socket, trans) { + dumpn("*** onSocketAccepted(socket=" + socket + ", trans=" + trans + ")"); + + dumpn(">>> new connection on " + trans.host + ":" + trans.port); + + const SEGMENT_SIZE = 8192; + const SEGMENT_COUNT = 1024; + try { + var input = trans + .openInputStream(0, SEGMENT_SIZE, SEGMENT_COUNT) + .QueryInterface(Ci.nsIAsyncInputStream); + var output = trans.openOutputStream(0, 0, 0); + } catch (e) { + dumpn("*** error opening transport streams: " + e); + trans.close(Cr.NS_BINDING_ABORTED); + return; + } + + var connectionNumber = ++this._connectionGen; + + try { + var conn = new Connection( + input, + output, + this, + socket.port, + trans.port, + connectionNumber, + trans + ); + var reader = new RequestReader(conn); + + // XXX add request timeout functionality here! + + // Note: must use main thread here, or we might get a GC that will cause + // threadsafety assertions. We really need to fix XPConnect so that + // you can actually do things in multi-threaded JS. :-( + input.asyncWait(reader, 0, 0, Services.tm.mainThread); + } catch (e) { + // Assume this connection can't be salvaged and bail on it completely; + // don't attempt to close it so that we can assert that any connection + // being closed is in this._connections. + dumpn("*** error in initial request-processing stages: " + e); + trans.close(Cr.NS_BINDING_ABORTED); + return; + } + + this._connections[connectionNumber] = conn; + dumpn("*** starting connection " + connectionNumber); + }, + + /** + * Called when the socket associated with this is closed. + * + * @param socket : nsIServerSocket + * the socket being closed + * @param status : nsresult + * the reason the socket stopped listening (NS_BINDING_ABORTED if the server + * was stopped using nsIHttpServer.stop) + * @see nsIServerSocketListener.onStopListening + */ + onStopListening(socket, status) { + dumpn(">>> shutting down server on port " + socket.port); + for (var n in this._connections) { + if (!this._connections[n]._requestStarted) { + this._connections[n].close(); + } + } + this._socketClosed = true; + if (this._hasOpenConnections()) { + dumpn("*** open connections!!!"); + } + if (!this._hasOpenConnections()) { + dumpn("*** no open connections, notifying async from onStopListening"); + + // Notify asynchronously so that any pending teardown in stop() has a + // chance to run first. + var self = this; + var stopEvent = { + run() { + dumpn("*** _notifyStopped async callback"); + self._notifyStopped(); + }, + }; + Services.tm.currentThread.dispatch( + stopEvent, + Ci.nsIThread.DISPATCH_NORMAL + ); + } + }, + + // NSIHTTPSERVER + + // + // see nsIHttpServer.start + // + start(port) { + this._start(port, "localhost"); + }, + + // + // see nsIHttpServer.start_ipv6 + // + start_ipv6(port) { + this._start(port, "[::1]"); + }, + + start_dualStack(port) { + this._start(port, "[::1]", true); + }, + + _start(port, host, dualStack) { + if (this._socket) { + throw Components.Exception("", Cr.NS_ERROR_ALREADY_INITIALIZED); + } + + this._port = port; + this._doQuit = this._socketClosed = false; + + this._host = host; + + // The listen queue needs to be long enough to handle + // network.http.max-persistent-connections-per-server or + // network.http.max-persistent-connections-per-proxy concurrent + // connections, plus a safety margin in case some other process is + // talking to the server as well. + var maxConnections = + 5 + + Math.max( + Services.prefs.getIntPref( + "network.http.max-persistent-connections-per-server" + ), + Services.prefs.getIntPref( + "network.http.max-persistent-connections-per-proxy" + ) + ); + + try { + var loopback = true; + if ( + this._host != "127.0.0.1" && + this._host != "localhost" && + this._host != "[::1]" + ) { + loopback = false; + } + + // When automatically selecting a port, sometimes the chosen port is + // "blocked" from clients. We don't want to use these ports because + // tests will intermittently fail. So, we simply keep trying to to + // get a server socket until a valid port is obtained. We limit + // ourselves to finite attempts just so we don't loop forever. + var socket; + for (var i = 100; i; i--) { + var temp = null; + if (dualStack) { + temp = new ServerSocketDualStack(this._port, maxConnections); + } else if (this._host.includes(":")) { + temp = new ServerSocketIPv6( + this._port, + loopback, // true = localhost, false = everybody + maxConnections + ); + } else { + temp = new ServerSocket( + this._port, + loopback, // true = localhost, false = everybody + maxConnections + ); + } + + var allowed = Services.io.allowPort(temp.port, "http"); + if (!allowed) { + dumpn( + ">>>Warning: obtained ServerSocket listens on a blocked " + + "port: " + + temp.port + ); + } + + if (!allowed && this._port == -1) { + dumpn(">>>Throwing away ServerSocket with bad port."); + temp.close(); + continue; + } + + socket = temp; + break; + } + + if (!socket) { + throw new Error( + "No socket server available. Are there no available ports?" + ); + } + + socket.asyncListen(this); + this._port = socket.port; + this._identity._initialize(socket.port, host, true, dualStack); + this._socket = socket; + dumpn( + ">>> listening on port " + + socket.port + + ", " + + maxConnections + + " pending connections" + ); + } catch (e) { + dump("\n!!! could not start server on port " + port + ": " + e + "\n\n"); + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + }, + + // + // see nsIHttpServer.stop + // + stop(callback) { + if (!this._socket) { + throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); + } + + // If no argument was provided to stop, return a promise. + let returnValue = undefined; + if (!callback) { + returnValue = new Promise(resolve => { + callback = resolve; + }); + } + + this._stopCallback = + typeof callback === "function" + ? callback + : function () { + callback.onStopped(); + }; + + dumpn(">>> stopping listening on port " + this._socket.port); + this._socket.close(); + this._socket = null; + + // We can't have this identity any more, and the port on which we're running + // this server now could be meaningless the next time around. + this._identity._teardown(); + + this._doQuit = false; + + // socket-close notification and pending request completion happen async + + return returnValue; + }, + + // + // see nsIHttpServer.registerFile + // + registerFile(path, file, handler) { + if (file && (!file.exists() || file.isDirectory())) { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + this._handler.registerFile(path, file, handler); + }, + + // + // see nsIHttpServer.registerDirectory + // + registerDirectory(path, directory) { + // XXX true path validation! + if ( + path.charAt(0) != "/" || + path.charAt(path.length - 1) != "/" || + (directory && (!directory.exists() || !directory.isDirectory())) + ) { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + // XXX determine behavior of nonexistent /foo/bar when a /foo/bar/ mapping + // exists! + + this._handler.registerDirectory(path, directory); + }, + + // + // see nsIHttpServer.registerPathHandler + // + registerPathHandler(path, handler) { + this._handler.registerPathHandler(path, handler); + }, + + // + // see nsIHttpServer.registerPrefixHandler + // + registerPrefixHandler(prefix, handler) { + this._handler.registerPrefixHandler(prefix, handler); + }, + + // + // see nsIHttpServer.registerErrorHandler + // + registerErrorHandler(code, handler) { + this._handler.registerErrorHandler(code, handler); + }, + + // + // see nsIHttpServer.setIndexHandler + // + setIndexHandler(handler) { + this._handler.setIndexHandler(handler); + }, + + // + // see nsIHttpServer.registerContentType + // + registerContentType(ext, type) { + this._handler.registerContentType(ext, type); + }, + + get connectionNumber() { + return this._connectionGen; + }, + + // + // see nsIHttpServer.serverIdentity + // + get identity() { + return this._identity; + }, + + // + // see nsIHttpServer.getState + // + getState(path, k) { + return this._handler._getState(path, k); + }, + + // + // see nsIHttpServer.setState + // + setState(path, k, v) { + return this._handler._setState(path, k, v); + }, + + // + // see nsIHttpServer.getSharedState + // + getSharedState(k) { + return this._handler._getSharedState(k); + }, + + // + // see nsIHttpServer.setSharedState + // + setSharedState(k, v) { + return this._handler._setSharedState(k, v); + }, + + // + // see nsIHttpServer.getObjectState + // + getObjectState(k) { + return this._handler._getObjectState(k); + }, + + // + // see nsIHttpServer.setObjectState + // + setObjectState(k, v) { + return this._handler._setObjectState(k, v); + }, + + get wrappedJSObject() { + return this; + }, + + // NSISUPPORTS + + // + // see nsISupports.QueryInterface + // + QueryInterface: ChromeUtils.generateQI([ + "nsIHttpServer", + "nsIServerSocketListener", + ]), + + // NON-XPCOM PUBLIC API + + /** + * Returns true iff this server is not running (and is not in the process of + * serving any requests still to be processed when the server was last + * stopped after being run). + */ + isStopped() { + return this._socketClosed && !this._hasOpenConnections(); + }, + + // PRIVATE IMPLEMENTATION + + /** True if this server has any open connections to it, false otherwise. */ + _hasOpenConnections() { + // + // If we have any open connections, they're tracked as numeric properties on + // |this._connections|. The non-standard __count__ property could be used + // to check whether there are any properties, but standard-wise, even + // looking forward to ES5, there's no less ugly yet still O(1) way to do + // this. + // + for (var n in this._connections) { + return true; + } + return false; + }, + + /** Calls the server-stopped callback provided when stop() was called. */ + _notifyStopped() { + NS_ASSERT(this._stopCallback !== null, "double-notifying?"); + NS_ASSERT(!this._hasOpenConnections(), "should be done serving by now"); + + // + // NB: We have to grab this now, null out the member, *then* call the + // callback here, or otherwise the callback could (indirectly) futz with + // this._stopCallback by starting and immediately stopping this, at + // which point we'd be nulling out a field we no longer have a right to + // modify. + // + var callback = this._stopCallback; + this._stopCallback = null; + try { + callback(); + } catch (e) { + // not throwing because this is specified as being usually (but not + // always) asynchronous + dump("!!! error running onStopped callback: " + e + "\n"); + } + }, + + /** + * Notifies this server that the given connection has been closed. + * + * @param connection : Connection + * the connection that was closed + */ + _connectionClosed(connection) { + NS_ASSERT( + connection.number in this._connections, + "closing a connection " + + this + + " that we never added to the " + + "set of open connections?" + ); + NS_ASSERT( + this._connections[connection.number] === connection, + "connection number mismatch? " + this._connections[connection.number] + ); + delete this._connections[connection.number]; + + // Fire a pending server-stopped notification if it's our responsibility. + if (!this._hasOpenConnections() && this._socketClosed) { + this._notifyStopped(); + } + }, + + /** + * Requests that the server be shut down when possible. + */ + _requestQuit() { + dumpn(">>> requesting a quit"); + dumpStack(); + this._doQuit = true; + }, +}; + +export var HttpServer = nsHttpServer; + +export class NodeServer { + // Executes command in the context of a node server. + // See handler in moz-http2.js + // + // Example use: + // let id = NodeServer.fork(); // id is a random string + // await NodeServer.execute(id, `"hello"`) + // > "hello" + // await NodeServer.execute(id, `(() => "hello")()`) + // > "hello" + // await NodeServer.execute(id, `(() => var_defined_on_server)()`) + // > "0" + // await NodeServer.execute(id, `var_defined_on_server`) + // > "0" + // function f(param) { if (param) return param; return "bla"; } + // await NodeServer.execute(id, f); // Defines the function on the server + // await NodeServer.execute(id, `f()`) // executes defined function + // > "bla" + // let result = await NodeServer.execute(id, `f("test")`); + // > "test" + // await NodeServer.kill(id); // shuts down the server + + // Forks a new node server using moz-http2-child.js as a starting point + static fork() { + return this.sendCommand("", "/fork"); + } + // Executes command in the context of the node server indicated by `id` + static execute(id, command) { + return this.sendCommand(command, `/execute/${id}`); + } + // Shuts down the server + static kill(id) { + return this.sendCommand("", `/kill/${id}`); + } + + // Issues a request to the node server (handler defined in moz-http2.js) + // This method should not be called directly. + static sendCommand(command, path) { + let h2Port = Services.env.get("MOZNODE_EXEC_PORT"); + if (!h2Port) { + throw new Error("Could not find MOZNODE_EXEC_PORT"); + } + + let req = new XMLHttpRequest(); + const serverIP = + AppConstants.platform == "android" ? "10.0.2.2" : "127.0.0.1"; + req.open("POST", `http://${serverIP}:${h2Port}${path}`); + req.channel.QueryInterface(Ci.nsIHttpChannelInternal).bypassProxy = true; + + // Passing a function to NodeServer.execute will define that function + // in node. It can be called in a later execute command. + let isFunction = function (obj) { + return !!(obj && obj.constructor && obj.call && obj.apply); + }; + let payload = command; + if (isFunction(command)) { + payload = `${command.name} = ${command.toString()};`; + } + + return new Promise((resolve, reject) => { + req.onload = () => { + let x = null; + + if (req.statusText != "OK") { + reject(`XHR request failed: ${req.statusText}`); + return; + } + + try { + x = JSON.parse(req.responseText); + } catch (e) { + reject(`Failed to parse ${req.responseText} - ${e}`); + return; + } + + if (x.error) { + let e = new Error(x.error, "", 0); + e.stack = x.errorStack; + reject(e); + return; + } + resolve(x.result); + }; + req.onerror = e => { + reject(e); + }; + + req.send(payload.toString()); + }); + } +} + +// +// RFC 2396 section 3.2.2: +// +// host = hostname | IPv4address +// hostname = *( domainlabel "." ) toplabel [ "." ] +// domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum +// toplabel = alpha | alpha *( alphanum | "-" ) alphanum +// IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit +// +// IPv6 addresses are notably lacking in the above definition of 'host'. +// RFC 2732 section 3 extends the host definition: +// host = hostname | IPv4address | IPv6reference +// ipv6reference = "[" IPv6address "]" +// +// RFC 3986 supersedes RFC 2732 and offers a more precise definition of a IPv6 +// address. For simplicity, the regexp below captures all canonical IPv6 +// addresses (e.g. [::1]), but may also match valid non-canonical IPv6 addresses +// (e.g. [::127.0.0.1]) and even invalid bracketed addresses ([::], [99999::]). + +const HOST_REGEX = new RegExp( + "^(?:" + + // *( domainlabel "." ) + "(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)*" + + // toplabel [ "." ] + "[a-z](?:[a-z0-9-]*[a-z0-9])?\\.?" + + "|" + + // IPv4 address + "\\d+\\.\\d+\\.\\d+\\.\\d+" + + "|" + + // IPv6 addresses (e.g. [::1]) + "\\[[:0-9a-f]+\\]" + + ")$", + "i" +); + +/** + * Represents the identity of a server. An identity consists of a set of + * (scheme, host, port) tuples denoted as locations (allowing a single server to + * serve multiple sites or to be used behind both HTTP and HTTPS proxies for any + * host/port). Any incoming request must be to one of these locations, or it + * will be rejected with an HTTP 400 error. One location, denoted as the + * primary location, is the location assigned in contexts where a location + * cannot otherwise be endogenously derived, such as for HTTP/1.0 requests. + * + * A single identity may contain at most one location per unique host/port pair; + * other than that, no restrictions are placed upon what locations may + * constitute an identity. + */ +function ServerIdentity() { + /** The scheme of the primary location. */ + this._primaryScheme = "http"; + + /** The hostname of the primary location. */ + this._primaryHost = "127.0.0.1"; + + /** The port number of the primary location. */ + this._primaryPort = -1; + + /** + * The current port number for the corresponding server, stored so that a new + * primary location can always be set if the current one is removed. + */ + this._defaultPort = -1; + + /** + * Maps hosts to maps of ports to schemes, e.g. the following would represent + * https://example.com:789/ and http://example.org/: + * + * { + * "xexample.com": { 789: "https" }, + * "xexample.org": { 80: "http" } + * } + * + * Note the "x" prefix on hostnames, which prevents collisions with special + * JS names like "prototype". + */ + this._locations = { xlocalhost: {} }; +} +ServerIdentity.prototype = { + // NSIHTTPSERVERIDENTITY + + // + // see nsIHttpServerIdentity.primaryScheme + // + get primaryScheme() { + if (this._primaryPort === -1) { + throw Components.Exception("", Cr.NS_ERROR_NOT_INITIALIZED); + } + return this._primaryScheme; + }, + + // + // see nsIHttpServerIdentity.primaryHost + // + get primaryHost() { + if (this._primaryPort === -1) { + throw Components.Exception("", Cr.NS_ERROR_NOT_INITIALIZED); + } + return this._primaryHost; + }, + + // + // see nsIHttpServerIdentity.primaryPort + // + get primaryPort() { + if (this._primaryPort === -1) { + throw Components.Exception("", Cr.NS_ERROR_NOT_INITIALIZED); + } + return this._primaryPort; + }, + + // + // see nsIHttpServerIdentity.add + // + add(scheme, host, port) { + this._validate(scheme, host, port); + + var entry = this._locations["x" + host]; + if (!entry) { + this._locations["x" + host] = entry = {}; + } + + entry[port] = scheme; + }, + + // + // see nsIHttpServerIdentity.remove + // + remove(scheme, host, port) { + this._validate(scheme, host, port); + + var entry = this._locations["x" + host]; + if (!entry) { + return false; + } + + var present = port in entry; + delete entry[port]; + + if ( + this._primaryScheme == scheme && + this._primaryHost == host && + this._primaryPort == port && + this._defaultPort !== -1 + ) { + // Always keep at least one identity in existence at any time, unless + // we're in the process of shutting down (the last condition above). + this._primaryPort = -1; + this._initialize(this._defaultPort, host, false); + } + + return present; + }, + + // + // see nsIHttpServerIdentity.has + // + has(scheme, host, port) { + this._validate(scheme, host, port); + + return ( + "x" + host in this._locations && + scheme === this._locations["x" + host][port] + ); + }, + + // + // see nsIHttpServerIdentity.has + // + getScheme(host, port) { + this._validate("http", host, port); + + var entry = this._locations["x" + host]; + if (!entry) { + return ""; + } + + return entry[port] || ""; + }, + + // + // see nsIHttpServerIdentity.setPrimary + // + setPrimary(scheme, host, port) { + this._validate(scheme, host, port); + + this.add(scheme, host, port); + + this._primaryScheme = scheme; + this._primaryHost = host; + this._primaryPort = port; + }, + + // NSISUPPORTS + + // + // see nsISupports.QueryInterface + // + QueryInterface: ChromeUtils.generateQI(["nsIHttpServerIdentity"]), + + // PRIVATE IMPLEMENTATION + + /** + * Initializes the primary name for the corresponding server, based on the + * provided port number. + */ + _initialize(port, host, addSecondaryDefault, dualStack) { + this._host = host; + if (this._primaryPort !== -1) { + this.add("http", host, port); + } else { + this.setPrimary("http", "localhost", port); + } + this._defaultPort = port; + + // Only add this if we're being called at server startup + if (addSecondaryDefault && host != "127.0.0.1") { + if (host.includes(":")) { + this.add("http", "[::1]", port); + if (dualStack) { + this.add("http", "127.0.0.1", port); + } + } else { + this.add("http", "127.0.0.1", port); + } + } + }, + + /** + * Called at server shutdown time, unsets the primary location only if it was + * the default-assigned location and removes the default location from the + * set of locations used. + */ + _teardown() { + if (this._host != "127.0.0.1") { + // Not the default primary location, nothing special to do here + this.remove("http", "127.0.0.1", this._defaultPort); + } + + // This is a *very* tricky bit of reasoning here; make absolutely sure the + // tests for this code pass before you commit changes to it. + if ( + this._primaryScheme == "http" && + this._primaryHost == this._host && + this._primaryPort == this._defaultPort + ) { + // Make sure we don't trigger the readding logic in .remove(), then remove + // the default location. + var port = this._defaultPort; + this._defaultPort = -1; + this.remove("http", this._host, port); + + // Ensure a server start triggers the setPrimary() path in ._initialize() + this._primaryPort = -1; + } else { + // No reason not to remove directly as it's not our primary location + this.remove("http", this._host, this._defaultPort); + } + }, + + /** + * Ensures scheme, host, and port are all valid with respect to RFC 2396. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if any argument doesn't match the corresponding production + */ + _validate(scheme, host, port) { + if (scheme !== "http" && scheme !== "https") { + dumpn("*** server only supports http/https schemes: '" + scheme + "'"); + dumpStack(); + throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE); + } + if (!HOST_REGEX.test(host)) { + dumpn("*** unexpected host: '" + host + "'"); + throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE); + } + if (port < 0 || port > 65535) { + dumpn("*** unexpected port: '" + port + "'"); + throw Components.Exception("", Cr.NS_ERROR_ILLEGAL_VALUE); + } + }, +}; + +/** + * Represents a connection to the server (and possibly in the future the thread + * on which the connection is processed). + * + * @param input : nsIInputStream + * stream from which incoming data on the connection is read + * @param output : nsIOutputStream + * stream to write data out the connection + * @param server : nsHttpServer + * the server handling the connection + * @param port : int + * the port on which the server is running + * @param outgoingPort : int + * the outgoing port used by this connection + * @param number : uint + * a serial number used to uniquely identify this connection + */ +function Connection( + input, + output, + server, + port, + outgoingPort, + number, + transport +) { + dumpn("*** opening new connection " + number + " on port " + outgoingPort); + + /** Stream of incoming data. */ + this.input = input; + + /** Stream for outgoing data. */ + this.output = output; + + /** The server associated with this request. */ + this.server = server; + + /** The port on which the server is running. */ + this.port = port; + + /** The outgoing poort used by this connection. */ + this._outgoingPort = outgoingPort; + + /** The serial number of this connection. */ + this.number = number; + + /** Reference to the underlying transport. */ + this.transport = transport; + + /** + * The request for which a response is being generated, null if the + * incoming request has not been fully received or if it had errors. + */ + this.request = null; + + /** This allows a connection to disambiguate between a peer initiating a + * close and the socket being forced closed on shutdown. + */ + this._closed = false; + + /** State variable for debugging. */ + this._processed = false; + + /** whether or not 1st line of request has been received */ + this._requestStarted = false; +} +Connection.prototype = { + /** Closes this connection's input/output streams. */ + close() { + if (this._closed) { + return; + } + + dumpn( + "*** closing connection " + this.number + " on port " + this._outgoingPort + ); + + this.input.close(); + this.output.close(); + this._closed = true; + + var server = this.server; + server._connectionClosed(this); + + // If an error triggered a server shutdown, act on it now + if (server._doQuit) { + server.stop(function () { + /* not like we can do anything better */ + }); + } + }, + + /** + * Initiates processing of this connection, using the data in the given + * request. + * + * @param request : Request + * the request which should be processed + */ + process(request) { + NS_ASSERT(!this._closed && !this._processed); + + this._processed = true; + + this.request = request; + this.server._handler.handleResponse(this); + }, + + /** + * Initiates processing of this connection, generating a response with the + * given HTTP error code. + * + * @param code : uint + * an HTTP code, so in the range [0, 1000) + * @param request : Request + * incomplete data about the incoming request (since there were errors + * during its processing + */ + processError(code, request) { + NS_ASSERT(!this._closed && !this._processed); + + this._processed = true; + this.request = request; + this.server._handler.handleError(code, this); + }, + + /** Converts this to a string for debugging purposes. */ + toString() { + return ( + "" + ); + }, + + requestStarted() { + this._requestStarted = true; + }, +}; + +/** Returns an array of count bytes from the given input stream. */ +function readBytes(inputStream, count) { + return new BinaryInputStream(inputStream).readByteArray(count); +} + +/** Request reader processing states; see RequestReader for details. */ +const READER_IN_REQUEST_LINE = 0; +const READER_IN_HEADERS = 1; +const READER_IN_BODY = 2; +const READER_FINISHED = 3; + +/** + * Reads incoming request data asynchronously, does any necessary preprocessing, + * and forwards it to the request handler. Processing occurs in three states: + * + * READER_IN_REQUEST_LINE Reading the request's status line + * READER_IN_HEADERS Reading headers in the request + * READER_IN_BODY Reading the body of the request + * READER_FINISHED Entire request has been read and processed + * + * During the first two stages, initial metadata about the request is gathered + * into a Request object. Once the status line and headers have been processed, + * we start processing the body of the request into the Request. Finally, when + * the entire body has been read, we create a Response and hand it off to the + * ServerHandler to be given to the appropriate request handler. + * + * @param connection : Connection + * the connection for the request being read + */ +function RequestReader(connection) { + /** Connection metadata for this request. */ + this._connection = connection; + + /** + * A container providing line-by-line access to the raw bytes that make up the + * data which has been read from the connection but has not yet been acted + * upon (by passing it to the request handler or by extracting request + * metadata from it). + */ + this._data = new LineData(); + + /** + * The amount of data remaining to be read from the body of this request. + * After all headers in the request have been read this is the value in the + * Content-Length header, but as the body is read its value decreases to zero. + */ + this._contentLength = 0; + + /** The current state of parsing the incoming request. */ + this._state = READER_IN_REQUEST_LINE; + + /** Metadata constructed from the incoming request for the request handler. */ + this._metadata = new Request(connection.port); + + /** + * Used to preserve state if we run out of line data midway through a + * multi-line header. _lastHeaderName stores the name of the header, while + * _lastHeaderValue stores the value we've seen so far for the header. + * + * These fields are always either both undefined or both strings. + */ + this._lastHeaderName = this._lastHeaderValue = undefined; +} +RequestReader.prototype = { + // NSIINPUTSTREAMCALLBACK + + /** + * Called when more data from the incoming request is available. This method + * then reads the available data from input and deals with that data as + * necessary, depending upon the syntax of already-downloaded data. + * + * @param input : nsIAsyncInputStream + * the stream of incoming data from the connection + */ + onInputStreamReady(input) { + dumpn( + "*** onInputStreamReady(input=" + + input + + ") on thread " + + Services.tm.currentThread + + " (main is " + + Services.tm.mainThread + + ")" + ); + dumpn("*** this._state == " + this._state); + + // Handle cases where we get more data after a request error has been + // discovered but *before* we can close the connection. + var data = this._data; + if (!data) { + return; + } + + try { + data.appendBytes(readBytes(input, input.available())); + } catch (e) { + if (streamClosed(e)) { + dumpn( + "*** WARNING: unexpected error when reading from socket; will " + + "be treated as if the input stream had been closed" + ); + dumpn("*** WARNING: actual error was: " + e); + } + + // We've lost a race -- input has been closed, but we're still expecting + // to read more data. available() will throw in this case, and since + // we're dead in the water now, destroy the connection. + dumpn( + "*** onInputStreamReady called on a closed input, destroying " + + "connection" + ); + this._connection.close(); + return; + } + + switch (this._state) { + default: + NS_ASSERT(false, "invalid state: " + this._state); + break; + + case READER_IN_REQUEST_LINE: + if (!this._processRequestLine()) { + break; + } + /* fall through */ + + case READER_IN_HEADERS: + if (!this._processHeaders()) { + break; + } + /* fall through */ + + case READER_IN_BODY: + this._processBody(); + } + + if (this._state != READER_FINISHED) { + input.asyncWait(this, 0, 0, Services.tm.currentThread); + } + }, + + // + // see nsISupports.QueryInterface + // + QueryInterface: ChromeUtils.generateQI(["nsIInputStreamCallback"]), + + // PRIVATE API + + /** + * Processes unprocessed, downloaded data as a request line. + * + * @returns boolean + * true iff the request line has been fully processed + */ + _processRequestLine() { + NS_ASSERT(this._state == READER_IN_REQUEST_LINE); + + // Servers SHOULD ignore any empty line(s) received where a Request-Line + // is expected (section 4.1). + var data = this._data; + var line = {}; + var readSuccess; + while ((readSuccess = data.readLine(line)) && line.value == "") { + dumpn("*** ignoring beginning blank line..."); + } + + // if we don't have a full line, wait until we do + if (!readSuccess) { + return false; + } + + // we have the first non-blank line + try { + this._parseRequestLine(line.value); + this._state = READER_IN_HEADERS; + this._connection.requestStarted(); + return true; + } catch (e) { + this._handleError(e); + return false; + } + }, + + /** + * Processes stored data, assuming it is either at the beginning or in + * the middle of processing request headers. + * + * @returns boolean + * true iff header data in the request has been fully processed + */ + _processHeaders() { + NS_ASSERT(this._state == READER_IN_HEADERS); + + // XXX things to fix here: + // + // - need to support RFC 2047-encoded non-US-ASCII characters + + try { + var done = this._parseHeaders(); + if (done) { + var request = this._metadata; + + // XXX this is wrong for requests with transfer-encodings applied to + // them, particularly chunked (which by its nature can have no + // meaningful Content-Length header)! + this._contentLength = request.hasHeader("Content-Length") + ? parseInt(request.getHeader("Content-Length"), 10) + : 0; + dumpn("_processHeaders, Content-length=" + this._contentLength); + + this._state = READER_IN_BODY; + } + return done; + } catch (e) { + this._handleError(e); + return false; + } + }, + + /** + * Processes stored data, assuming it is either at the beginning or in + * the middle of processing the request body. + * + * @returns boolean + * true iff the request body has been fully processed + */ + _processBody() { + NS_ASSERT(this._state == READER_IN_BODY); + + // XXX handle chunked transfer-coding request bodies! + + try { + if (this._contentLength > 0) { + var data = this._data.purge(); + var count = Math.min(data.length, this._contentLength); + dumpn( + "*** loading data=" + + data + + " len=" + + data.length + + " excess=" + + (data.length - count) + ); + data.length = count; + + var bos = new BinaryOutputStream(this._metadata._bodyOutputStream); + bos.writeByteArray(data); + this._contentLength -= count; + } + + dumpn("*** remaining body data len=" + this._contentLength); + if (this._contentLength == 0) { + this._validateRequest(); + this._state = READER_FINISHED; + this._handleResponse(); + return true; + } + + return false; + } catch (e) { + this._handleError(e); + return false; + } + }, + + /** + * Does various post-header checks on the data in this request. + * + * @throws : HttpError + * if the request was malformed in some way + */ + _validateRequest() { + NS_ASSERT(this._state == READER_IN_BODY); + + dumpn("*** _validateRequest"); + + var metadata = this._metadata; + var headers = metadata._headers; + + // 19.6.1.1 -- servers MUST report 400 to HTTP/1.1 requests w/o Host header + var identity = this._connection.server.identity; + if (metadata._httpVersion.atLeast(nsHttpVersion.HTTP_1_1)) { + if (!headers.hasHeader("Host")) { + dumpn("*** malformed HTTP/1.1 or greater request with no Host header!"); + throw HTTP_400; + } + + // If the Request-URI wasn't absolute, then we need to determine our host. + // We have to determine what scheme was used to access us based on the + // server identity data at this point, because the request just doesn't + // contain enough data on its own to do this, sadly. + if (!metadata._host) { + var host, port; + var hostPort = headers.getHeader("Host"); + var colon = hostPort.lastIndexOf(":"); + if (hostPort.lastIndexOf("]") > colon) { + colon = -1; + } + if (colon < 0) { + host = hostPort; + port = ""; + } else { + host = hostPort.substring(0, colon); + port = hostPort.substring(colon + 1); + } + + // NB: We allow an empty port here because, oddly, a colon may be + // present even without a port number, e.g. "example.com:"; in this + // case the default port applies. + if (!HOST_REGEX.test(host) || !/^\d*$/.test(port)) { + dumpn( + "*** malformed hostname (" + + hostPort + + ") in Host " + + "header, 400 time" + ); + throw HTTP_400; + } + + // If we're not given a port, we're stuck, because we don't know what + // scheme to use to look up the correct port here, in general. Since + // the HTTPS case requires a tunnel/proxy and thus requires that the + // requested URI be absolute (and thus contain the necessary + // information), let's assume HTTP will prevail and use that. + port = +port || 80; + + var scheme = identity.getScheme(host, port); + if (!scheme) { + dumpn( + "*** unrecognized hostname (" + + hostPort + + ") in Host " + + "header, 400 time" + ); + throw HTTP_400; + } + + metadata._scheme = scheme; + metadata._host = host; + metadata._port = port; + } + } else { + NS_ASSERT( + metadata._host === undefined, + "HTTP/1.0 doesn't allow absolute paths in the request line!" + ); + + metadata._scheme = identity.primaryScheme; + metadata._host = identity.primaryHost; + metadata._port = identity.primaryPort; + } + + NS_ASSERT( + identity.has(metadata._scheme, metadata._host, metadata._port), + "must have a location we recognize by now!" + ); + }, + + /** + * Handles responses in case of error, either in the server or in the request. + * + * @param e + * the specific error encountered, which is an HttpError in the case where + * the request is in some way invalid or cannot be fulfilled; if this isn't + * an HttpError we're going to be paranoid and shut down, because that + * shouldn't happen, ever + */ + _handleError(e) { + // Don't fall back into normal processing! + this._state = READER_FINISHED; + + var server = this._connection.server; + if (e instanceof HttpError) { + var code = e.code; + } else { + dumpn( + "!!! UNEXPECTED ERROR: " + + e + + (e.lineNumber ? ", line " + e.lineNumber : "") + ); + + // no idea what happened -- be paranoid and shut down + code = 500; + server._requestQuit(); + } + + // make attempted reuse of data an error + this._data = null; + + this._connection.processError(code, this._metadata); + }, + + /** + * Now that we've read the request line and headers, we can actually hand off + * the request to be handled. + * + * This method is called once per request, after the request line and all + * headers and the body, if any, have been received. + */ + _handleResponse() { + NS_ASSERT(this._state == READER_FINISHED); + + // We don't need the line-based data any more, so make attempted reuse an + // error. + this._data = null; + + this._connection.process(this._metadata); + }, + + // PARSING + + /** + * Parses the request line for the HTTP request associated with this. + * + * @param line : string + * the request line + */ + _parseRequestLine(line) { + NS_ASSERT(this._state == READER_IN_REQUEST_LINE); + + dumpn("*** _parseRequestLine('" + line + "')"); + + var metadata = this._metadata; + + // clients and servers SHOULD accept any amount of SP or HT characters + // between fields, even though only a single SP is required (section 19.3) + var request = line.split(/[ \t]+/); + if (!request || request.length != 3) { + dumpn("*** No request in line"); + throw HTTP_400; + } + + metadata._method = request[0]; + + // get the HTTP version + var ver = request[2]; + var match = ver.match(/^HTTP\/(\d+\.\d+)$/); + if (!match) { + dumpn("*** No HTTP version in line"); + throw HTTP_400; + } + + // determine HTTP version + try { + metadata._httpVersion = new nsHttpVersion(match[1]); + if (!metadata._httpVersion.atLeast(nsHttpVersion.HTTP_1_0)) { + throw new Error("unsupported HTTP version"); + } + } catch (e) { + // we support HTTP/1.0 and HTTP/1.1 only + throw HTTP_501; + } + + var fullPath = request[1]; + + if (metadata._method == "CONNECT") { + metadata._path = "CONNECT"; + metadata._scheme = "https"; + [metadata._host, metadata._port] = fullPath.split(":"); + return; + } + + var serverIdentity = this._connection.server.identity; + var scheme, host, port; + + if (fullPath.charAt(0) != "/") { + // No absolute paths in the request line in HTTP prior to 1.1 + if (!metadata._httpVersion.atLeast(nsHttpVersion.HTTP_1_1)) { + dumpn("*** Metadata version too low"); + throw HTTP_400; + } + + try { + var uri = Services.io.newURI(fullPath); + fullPath = uri.pathQueryRef; + scheme = uri.scheme; + host = uri.asciiHost; + if (host.includes(":")) { + // If the host still contains a ":", then it is an IPv6 address. + // IPv6 addresses-as-host are registered with brackets, so we need to + // wrap the host in brackets because nsIURI's host lacks them. + // This inconsistency in nsStandardURL is tracked at bug 1195459. + host = `[${host}]`; + } + metadata._host = host; + port = uri.port; + if (port === -1) { + if (scheme === "http") { + port = 80; + } else if (scheme === "https") { + port = 443; + } else { + dumpn("*** Unknown scheme: " + scheme); + throw HTTP_400; + } + } + } catch (e) { + // If the host is not a valid host on the server, the response MUST be a + // 400 (Bad Request) error message (section 5.2). Alternately, the URI + // is malformed. + dumpn("*** Threw when dealing with URI: " + e); + throw HTTP_400; + } + + if ( + !serverIdentity.has(scheme, host, port) || + fullPath.charAt(0) != "/" + ) { + dumpn("*** serverIdentity unknown or path does not start with '/'"); + throw HTTP_400; + } + } + + var splitter = fullPath.indexOf("?"); + if (splitter < 0) { + // _queryString already set in ctor + metadata._path = fullPath; + } else { + metadata._path = fullPath.substring(0, splitter); + metadata._queryString = fullPath.substring(splitter + 1); + } + + metadata._scheme = scheme; + metadata._host = host; + metadata._port = port; + }, + + /** + * Parses all available HTTP headers in this until the header-ending CRLFCRLF, + * adding them to the store of headers in the request. + * + * @throws + * HTTP_400 if the headers are malformed + * @returns boolean + * true if all headers have now been processed, false otherwise + */ + _parseHeaders() { + NS_ASSERT(this._state == READER_IN_HEADERS); + + dumpn("*** _parseHeaders"); + + var data = this._data; + + var headers = this._metadata._headers; + var lastName = this._lastHeaderName; + var lastVal = this._lastHeaderValue; + + var line = {}; + while (true) { + dumpn("*** Last name: '" + lastName + "'"); + dumpn("*** Last val: '" + lastVal + "'"); + NS_ASSERT( + !((lastVal === undefined) ^ (lastName === undefined)), + lastName === undefined + ? "lastVal without lastName? lastVal: '" + lastVal + "'" + : "lastName without lastVal? lastName: '" + lastName + "'" + ); + + if (!data.readLine(line)) { + // save any data we have from the header we might still be processing + this._lastHeaderName = lastName; + this._lastHeaderValue = lastVal; + return false; + } + + var lineText = line.value; + dumpn("*** Line text: '" + lineText + "'"); + var firstChar = lineText.charAt(0); + + // blank line means end of headers + if (lineText == "") { + // we're finished with the previous header + if (lastName) { + try { + headers.setHeader(lastName, lastVal, true); + } catch (e) { + dumpn("*** setHeader threw on last header, e == " + e); + throw HTTP_400; + } + } else { + // no headers in request -- valid for HTTP/1.0 requests + } + + // either way, we're done processing headers + this._state = READER_IN_BODY; + return true; + } else if (firstChar == " " || firstChar == "\t") { + // multi-line header if we've already seen a header line + if (!lastName) { + dumpn("We don't have a header to continue!"); + throw HTTP_400; + } + + // append this line's text to the value; starts with SP/HT, so no need + // for separating whitespace + lastVal += lineText; + } else { + // we have a new header, so set the old one (if one existed) + if (lastName) { + try { + headers.setHeader(lastName, lastVal, true); + } catch (e) { + dumpn("*** setHeader threw on a header, e == " + e); + throw HTTP_400; + } + } + + var colon = lineText.indexOf(":"); // first colon must be splitter + if (colon < 1) { + dumpn("*** No colon or missing header field-name"); + throw HTTP_400; + } + + // set header name, value (to be set in the next loop, usually) + lastName = lineText.substring(0, colon); + lastVal = lineText.substring(colon + 1); + } // empty, continuation, start of header + } // while (true) + }, +}; + +/** The character codes for CR and LF. */ +const CR = 0x0d, + LF = 0x0a; + +/** + * Calculates the number of characters before the first CRLF pair in array, or + * -1 if the array contains no CRLF pair. + * + * @param array : Array + * an array of numbers in the range [0, 256), each representing a single + * character; the first CRLF is the lowest index i where + * |array[i] == "\r".charCodeAt(0)| and |array[i+1] == "\n".charCodeAt(0)|, + * if such an |i| exists, and -1 otherwise + * @param start : uint + * start index from which to begin searching in array + * @returns int + * the index of the first CRLF if any were present, -1 otherwise + */ +function findCRLF(array, start) { + for (var i = array.indexOf(CR, start); i >= 0; i = array.indexOf(CR, i + 1)) { + if (array[i + 1] == LF) { + return i; + } + } + return -1; +} + +/** + * A container which provides line-by-line access to the arrays of bytes with + * which it is seeded. + */ +export function LineData() { + /** An array of queued bytes from which to get line-based characters. */ + this._data = []; + + /** Start index from which to search for CRLF. */ + this._start = 0; +} +LineData.prototype = { + /** + * Appends the bytes in the given array to the internal data cache maintained + * by this. + */ + appendBytes(bytes) { + var count = bytes.length; + var quantum = 262144; // just above half SpiderMonkey's argument-count limit + if (count < quantum) { + Array.prototype.push.apply(this._data, bytes); + return; + } + + // Large numbers of bytes may cause Array.prototype.push to be called with + // more arguments than the JavaScript engine supports. In that case append + // bytes in fixed-size amounts until all bytes are appended. + for (var start = 0; start < count; start += quantum) { + var slice = bytes.slice(start, Math.min(start + quantum, count)); + Array.prototype.push.apply(this._data, slice); + } + }, + + /** + * Removes and returns a line of data, delimited by CRLF, from this. + * + * @param out + * an object whose "value" property will be set to the first line of text + * present in this, sans CRLF, if this contains a full CRLF-delimited line + * of text; if this doesn't contain enough data, the value of the property + * is undefined + * @returns boolean + * true if a full line of data could be read from the data in this, false + * otherwise + */ + readLine(out) { + var data = this._data; + var length = findCRLF(data, this._start); + if (length < 0) { + this._start = data.length; + + // But if our data ends in a CR, we have to back up one, because + // the first byte in the next packet might be an LF and if we + // start looking at data.length we won't find it. + if (data.length && data[data.length - 1] === CR) { + --this._start; + } + + return false; + } + + // Reset for future lines. + this._start = 0; + + // + // We have the index of the CR, so remove all the characters, including + // CRLF, from the array with splice, and convert the removed array + // (excluding the trailing CRLF characters) into the corresponding string. + // + var leading = data.splice(0, length + 2); + var quantum = 262144; + var line = ""; + for (var start = 0; start < length; start += quantum) { + var slice = leading.slice(start, Math.min(start + quantum, length)); + line += String.fromCharCode.apply(null, slice); + } + + out.value = line; + return true; + }, + + /** + * Removes the bytes currently within this and returns them in an array. + * + * @returns Array + * the bytes within this when this method is called + */ + purge() { + var data = this._data; + this._data = []; + return data; + }, +}; + +/** + * Creates a request-handling function for an nsIHttpRequestHandler object. + */ +function createHandlerFunc(handler) { + return function (metadata, response) { + handler.handle(metadata, response); + }; +} + +/** + * The default handler for directories; writes an HTML response containing a + * slightly-formatted directory listing. + */ +function defaultIndexHandler(metadata, response) { + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var path = htmlEscape(decodeURI(metadata.path)); + + // + // Just do a very basic bit of directory listings -- no need for too much + // fanciness, especially since we don't have a style sheet in which we can + // stick rules (don't want to pollute the default path-space). + // + + var body = + "\ + \ + " + + path + + "\ + \ + \ +

" + + path + + '

\ +
    '; + + var directory = metadata.getProperty("directory"); + NS_ASSERT(directory && directory.isDirectory()); + + var fileList = []; + var files = directory.directoryEntries; + while (files.hasMoreElements()) { + var f = files.nextFile; + let name = f.leafName; + if ( + !f.isHidden() && + (name.charAt(name.length - 1) != HIDDEN_CHAR || + name.charAt(name.length - 2) == HIDDEN_CHAR) + ) { + fileList.push(f); + } + } + + fileList.sort(fileSort); + + for (var i = 0; i < fileList.length; i++) { + var file = fileList[i]; + try { + let name = file.leafName; + if (name.charAt(name.length - 1) == HIDDEN_CHAR) { + name = name.substring(0, name.length - 1); + } + var sep = file.isDirectory() ? "/" : ""; + + // Note: using " to delimit the attribute here because encodeURIComponent + // passes through '. + var item = + '
  1. ' + + htmlEscape(name) + + sep + + "
    2. "; + + body += item; + } catch (e) { + /* some file system error, ignore the file */ + } + } + + body += + "
\ + \ + "; + + response.bodyOutputStream.write(body, body.length); +} + +/** + * Sorts a and b (nsIFile objects) into an aesthetically pleasing order. + */ +function fileSort(a, b) { + var dira = a.isDirectory(), + dirb = b.isDirectory(); + + if (dira && !dirb) { + return -1; + } + if (dirb && !dira) { + return 1; + } + + var namea = a.leafName.toLowerCase(), + nameb = b.leafName.toLowerCase(); + return nameb > namea ? -1 : 1; +} + +/** + * Converts an externally-provided path into an internal path for use in + * determining file mappings. + * + * @param path + * the path to convert + * @param encoded + * true if the given path should be passed through decodeURI prior to + * conversion + * @throws URIError + * if path is incorrectly encoded + */ +function toInternalPath(path, encoded) { + if (encoded) { + path = decodeURI(path); + } + + var comps = path.split("/"); + for (var i = 0, sz = comps.length; i < sz; i++) { + var comp = comps[i]; + if (comp.charAt(comp.length - 1) == HIDDEN_CHAR) { + comps[i] = comp + HIDDEN_CHAR; + } + } + return comps.join("/"); +} + +const PERMS_READONLY = (4 << 6) | (4 << 3) | 4; + +/** + * Adds custom-specified headers for the given file to the given response, if + * any such headers are specified. + * + * @param file + * the file on the disk which is to be written + * @param metadata + * metadata about the incoming request + * @param response + * the Response to which any specified headers/data should be written + * @throws HTTP_500 + * if an error occurred while processing custom-specified headers + */ +function maybeAddHeadersInternal( + file, + metadata, + response, + informationalResponse +) { + var name = file.leafName; + if (name.charAt(name.length - 1) == HIDDEN_CHAR) { + name = name.substring(0, name.length - 1); + } + + var headerFile = file.parent; + if (!informationalResponse) { + headerFile.append(name + HEADERS_SUFFIX); + } else { + headerFile.append(name + INFORMATIONAL_RESPONSE_SUFFIX); + } + + if (!headerFile.exists()) { + return; + } + + const PR_RDONLY = 0x01; + var fis = new FileInputStream( + headerFile, + PR_RDONLY, + PERMS_READONLY, + Ci.nsIFileInputStream.CLOSE_ON_EOF + ); + + try { + var lis = new ConverterInputStream(fis, "UTF-8", 1024, 0x0); + lis.QueryInterface(Ci.nsIUnicharLineInputStream); + + var line = { value: "" }; + var more = lis.readLine(line); + + if (!more && line.value == "") { + return; + } + + // request line + + var status = line.value; + if (status.indexOf("HTTP ") == 0) { + status = status.substring(5); + var space = status.indexOf(" "); + var code, description; + if (space < 0) { + code = status; + description = ""; + } else { + code = status.substring(0, space); + description = status.substring(space + 1, status.length); + } + + if (!informationalResponse) { + response.setStatusLine( + metadata.httpVersion, + parseInt(code, 10), + description + ); + } else { + response.setInformationalResponseStatusLine( + metadata.httpVersion, + parseInt(code, 10), + description + ); + } + + line.value = ""; + more = lis.readLine(line); + } else if (informationalResponse) { + // An informational response must have a status line. + return; + } + + // headers + while (more || line.value != "") { + var header = line.value; + var colon = header.indexOf(":"); + + if (!informationalResponse) { + response.setHeader( + header.substring(0, colon), + header.substring(colon + 1, header.length), + false + ); // allow overriding server-set headers + } else { + response.setInformationalResponseHeader( + header.substring(0, colon), + header.substring(colon + 1, header.length), + false + ); // allow overriding server-set headers + } + + line.value = ""; + more = lis.readLine(line); + } + } catch (e) { + dumpn("WARNING: error in headers for " + metadata.path + ": " + e); + throw HTTP_500; + } finally { + fis.close(); + } +} + +function maybeAddHeaders(file, metadata, response) { + maybeAddHeadersInternal(file, metadata, response, false); +} + +function maybeAddInformationalResponse(file, metadata, response) { + maybeAddHeadersInternal(file, metadata, response, true); +} + +/** + * An object which handles requests for a server, executing default and + * overridden behaviors as instructed by the code which uses and manipulates it. + * Default behavior includes the paths / and /trace (diagnostics), with some + * support for HTTP error pages for various codes and fallback to HTTP 500 if + * those codes fail for any reason. + * + * @param server : nsHttpServer + * the server in which this handler is being used + */ +function ServerHandler(server) { + // FIELDS + + /** + * The nsHttpServer instance associated with this handler. + */ + this._server = server; + + /** + * A FileMap object containing the set of path->nsIFile mappings for + * all directory mappings set in the server (e.g., "/" for /var/www/html/, + * "/foo/bar/" for /local/path/, and "/foo/bar/baz/" for /local/path2). + * + * Note carefully: the leading and trailing "/" in each path (not file) are + * removed before insertion to simplify the code which uses this. You have + * been warned! + */ + this._pathDirectoryMap = new FileMap(); + + /** + * Custom request handlers for the server in which this resides. Path-handler + * pairs are stored as property-value pairs in this property. + * + * @see ServerHandler.prototype._defaultPaths + */ + this._overridePaths = {}; + + /** + * Custom request handlers for the path prefixes on the server in which this + * resides. Path-handler pairs are stored as property-value pairs in this + * property. + * + * @see ServerHandler.prototype._defaultPaths + */ + this._overridePrefixes = {}; + + /** + * Custom request handlers for the error handlers in the server in which this + * resides. Path-handler pairs are stored as property-value pairs in this + * property. + * + * @see ServerHandler.prototype._defaultErrors + */ + this._overrideErrors = {}; + + /** + * Maps file extensions to their MIME types in the server, overriding any + * mapping that might or might not exist in the MIME service. + */ + this._mimeMappings = {}; + + /** + * The default handler for requests for directories, used to serve directories + * when no index file is present. + */ + this._indexHandler = defaultIndexHandler; + + /** Per-path state storage for the server. */ + this._state = {}; + + /** Entire-server state storage. */ + this._sharedState = {}; + + /** Entire-server state storage for nsISupports values. */ + this._objectState = {}; +} +ServerHandler.prototype = { + // PUBLIC API + + /** + * Handles a request to this server, responding to the request appropriately + * and initiating server shutdown if necessary. + * + * This method never throws an exception. + * + * @param connection : Connection + * the connection for this request + */ + handleResponse(connection) { + var request = connection.request; + var response = new Response(connection); + + var path = request.path; + dumpn("*** path == " + path); + + try { + try { + if (path in this._overridePaths) { + // explicit paths first, then files based on existing directory mappings, + // then (if the file doesn't exist) built-in server default paths + dumpn("calling override for " + path); + this._overridePaths[path](request, response); + } else { + var longestPrefix = ""; + for (let prefix in this._overridePrefixes) { + if ( + prefix.length > longestPrefix.length && + path.substr(0, prefix.length) == prefix + ) { + longestPrefix = prefix; + } + } + if (longestPrefix.length) { + dumpn("calling prefix override for " + longestPrefix); + this._overridePrefixes[longestPrefix](request, response); + } else { + this._handleDefault(request, response); + } + } + } catch (e) { + if (response.partiallySent()) { + response.abort(e); + return; + } + + if (!(e instanceof HttpError)) { + dumpn("*** unexpected error: e == " + e); + throw HTTP_500; + } + if (e.code !== 404) { + throw e; + } + + dumpn("*** default: " + (path in this._defaultPaths)); + + response = new Response(connection); + if (path in this._defaultPaths) { + this._defaultPaths[path](request, response); + } else { + throw HTTP_404; + } + } + } catch (e) { + if (response.partiallySent()) { + response.abort(e); + return; + } + + var errorCode = "internal"; + + try { + if (!(e instanceof HttpError)) { + throw e; + } + + errorCode = e.code; + dumpn("*** errorCode == " + errorCode); + + response = new Response(connection); + if (e.customErrorHandling) { + e.customErrorHandling(response); + } + this._handleError(errorCode, request, response); + return; + } catch (e2) { + dumpn( + "*** error handling " + + errorCode + + " error: " + + "e2 == " + + e2 + + ", shutting down server" + ); + + connection.server._requestQuit(); + response.abort(e2); + return; + } + } + + response.complete(); + }, + + // + // see nsIHttpServer.registerFile + // + registerFile(path, file, handler) { + if (!file) { + dumpn("*** unregistering '" + path + "' mapping"); + delete this._overridePaths[path]; + return; + } + + dumpn("*** registering '" + path + "' as mapping to " + file.path); + file = file.clone(); + + var self = this; + this._overridePaths[path] = function (request, response) { + if (!file.exists()) { + throw HTTP_404; + } + + dumpn("*** responding '" + path + "' as mapping to " + file.path); + + response.setStatusLine(request.httpVersion, 200, "OK"); + if (typeof handler === "function") { + handler(request, response); + } + self._writeFileResponse(request, file, response, 0, file.fileSize); + }; + }, + + // + // see nsIHttpServer.registerPathHandler + // + registerPathHandler(path, handler) { + if (!path.length) { + throw Components.Exception( + "Handler path cannot be empty", + Cr.NS_ERROR_INVALID_ARG + ); + } + + // XXX true path validation! + if (path.charAt(0) != "/" && path != "CONNECT") { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + this._handlerToField(handler, this._overridePaths, path); + }, + + // + // see nsIHttpServer.registerPrefixHandler + // + registerPrefixHandler(path, handler) { + // XXX true path validation! + if (path.charAt(0) != "/" || path.charAt(path.length - 1) != "/") { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + this._handlerToField(handler, this._overridePrefixes, path); + }, + + // + // see nsIHttpServer.registerDirectory + // + registerDirectory(path, directory) { + // strip off leading and trailing '/' so that we can use lastIndexOf when + // determining exactly how a path maps onto a mapped directory -- + // conditional is required here to deal with "/".substring(1, 0) being + // converted to "/".substring(0, 1) per the JS specification + var key = path.length == 1 ? "" : path.substring(1, path.length - 1); + + // the path-to-directory mapping code requires that the first character not + // be "/", or it will go into an infinite loop + if (key.charAt(0) == "/") { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + key = toInternalPath(key, false); + + if (directory) { + dumpn("*** mapping '" + path + "' to the location " + directory.path); + this._pathDirectoryMap.put(key, directory); + } else { + dumpn("*** removing mapping for '" + path + "'"); + this._pathDirectoryMap.put(key, null); + } + }, + + // + // see nsIHttpServer.registerErrorHandler + // + registerErrorHandler(err, handler) { + if (!(err in HTTP_ERROR_CODES)) { + dumpn( + "*** WARNING: registering non-HTTP/1.1 error code " + + "(" + + err + + ") handler -- was this intentional?" + ); + } + + this._handlerToField(handler, this._overrideErrors, err); + }, + + // + // see nsIHttpServer.setIndexHandler + // + setIndexHandler(handler) { + if (!handler) { + handler = defaultIndexHandler; + } else if (typeof handler != "function") { + handler = createHandlerFunc(handler); + } + + this._indexHandler = handler; + }, + + // + // see nsIHttpServer.registerContentType + // + registerContentType(ext, type) { + if (!type) { + delete this._mimeMappings[ext]; + } else { + this._mimeMappings[ext] = headerUtils.normalizeFieldValue(type); + } + }, + + // PRIVATE API + + /** + * Sets or remove (if handler is null) a handler in an object with a key. + * + * @param handler + * a handler, either function or an nsIHttpRequestHandler + * @param dict + * The object to attach the handler to. + * @param key + * The field name of the handler. + */ + _handlerToField(handler, dict, key) { + // for convenience, handler can be a function if this is run from xpcshell + if (typeof handler == "function") { + dict[key] = handler; + } else if (handler) { + dict[key] = createHandlerFunc(handler); + } else { + delete dict[key]; + } + }, + + /** + * Handles a request which maps to a file in the local filesystem (if a base + * path has already been set; otherwise the 404 error is thrown). + * + * @param metadata : Request + * metadata for the incoming request + * @param response : Response + * an uninitialized Response to the given request, to be initialized by a + * request handler + * @throws HTTP_### + * if an HTTP error occurred (usually HTTP_404); note that in this case the + * calling code must handle post-processing of the response + */ + _handleDefault(metadata, response) { + dumpn("*** _handleDefault()"); + + response.setStatusLine(metadata.httpVersion, 200, "OK"); + + var path = metadata.path; + NS_ASSERT(path.charAt(0) == "/", "invalid path: <" + path + ">"); + + // determine the actual on-disk file; this requires finding the deepest + // path-to-directory mapping in the requested URL + var file = this._getFileForPath(path); + + // the "file" might be a directory, in which case we either serve the + // contained index.html or make the index handler write the response + if (file.exists() && file.isDirectory()) { + file.append("index.html"); // make configurable? + if (!file.exists() || file.isDirectory()) { + metadata._ensurePropertyBag(); + metadata._bag.setPropertyAsInterface("directory", file.parent); + this._indexHandler(metadata, response); + return; + } + } + + // alternately, the file might not exist + if (!file.exists()) { + throw HTTP_404; + } + + var start, end; + if ( + metadata._httpVersion.atLeast(nsHttpVersion.HTTP_1_1) && + metadata.hasHeader("Range") && + this._getTypeFromFile(file) !== SJS_TYPE + ) { + var rangeMatch = metadata + .getHeader("Range") + .match(/^bytes=(\d+)?-(\d+)?$/); + if (!rangeMatch) { + dumpn( + "*** Range header bogosity: '" + metadata.getHeader("Range") + "'" + ); + throw HTTP_400; + } + + if (rangeMatch[1] !== undefined) { + start = parseInt(rangeMatch[1], 10); + } + + if (rangeMatch[2] !== undefined) { + end = parseInt(rangeMatch[2], 10); + } + + if (start === undefined && end === undefined) { + dumpn( + "*** More Range header bogosity: '" + + metadata.getHeader("Range") + + "'" + ); + throw HTTP_400; + } + + // No start given, so the end is really the count of bytes from the + // end of the file. + if (start === undefined) { + start = Math.max(0, file.fileSize - end); + end = file.fileSize - 1; + } + + // start and end are inclusive + if (end === undefined || end >= file.fileSize) { + end = file.fileSize - 1; + } + + if (start !== undefined && start >= file.fileSize) { + var HTTP_416 = new HttpError(416, "Requested Range Not Satisfiable"); + HTTP_416.customErrorHandling = function (errorResponse) { + maybeAddHeaders(file, metadata, errorResponse); + }; + throw HTTP_416; + } + + if (end < start) { + response.setStatusLine(metadata.httpVersion, 200, "OK"); + start = 0; + end = file.fileSize - 1; + } else { + response.setStatusLine(metadata.httpVersion, 206, "Partial Content"); + var contentRange = "bytes " + start + "-" + end + "/" + file.fileSize; + response.setHeader("Content-Range", contentRange); + } + } else { + start = 0; + end = file.fileSize - 1; + } + + // finally... + dumpn( + "*** handling '" + + path + + "' as mapping to " + + file.path + + " from " + + start + + " to " + + end + + " inclusive" + ); + this._writeFileResponse(metadata, file, response, start, end - start + 1); + }, + + /** + * Writes an HTTP response for the given file, including setting headers for + * file metadata. + * + * @param metadata : Request + * the Request for which a response is being generated + * @param file : nsIFile + * the file which is to be sent in the response + * @param response : Response + * the response to which the file should be written + * @param offset: uint + * the byte offset to skip to when writing + * @param count: uint + * the number of bytes to write + */ + _writeFileResponse(metadata, file, response, offset, count) { + const PR_RDONLY = 0x01; + + var type = this._getTypeFromFile(file); + if (type === SJS_TYPE) { + let fis = new FileInputStream( + file, + PR_RDONLY, + PERMS_READONLY, + Ci.nsIFileInputStream.CLOSE_ON_EOF + ); + + try { + // If you update the list of imports, please update the list in + // tools/lint/eslint/eslint-plugin-mozilla/lib/environments/sjs.js + // as well. + var s = Cu.Sandbox(Cu.getGlobalForObject({}), { + wantGlobalProperties: [ + "atob", + "btoa", + "ChromeUtils", + "IOUtils", + "PathUtils", + "TextDecoder", + "TextEncoder", + "URLSearchParams", + "URL", + ], + }); + s.importFunction(dump, "dump"); + s.importFunction(Services, "Services"); + + // Define a basic key-value state-preservation API across requests, with + // keys initially corresponding to the empty string. + var self = this; + var path = metadata.path; + s.importFunction(function getState(k) { + return self._getState(path, k); + }); + s.importFunction(function setState(k, v) { + self._setState(path, k, v); + }); + s.importFunction(function getSharedState(k) { + return self._getSharedState(k); + }); + s.importFunction(function setSharedState(k, v) { + self._setSharedState(k, v); + }); + s.importFunction(function getObjectState(k, callback) { + callback(self._getObjectState(k)); + }); + s.importFunction(function setObjectState(k, v) { + self._setObjectState(k, v); + }); + s.importFunction(function registerPathHandler(p, h) { + self.registerPathHandler(p, h); + }); + + // Make it possible for sjs files to access their location + this._setState(path, "__LOCATION__", file.path); + + try { + // Alas, the line number in errors dumped to console when calling the + // request handler is simply an offset from where we load the SJS file. + // Work around this in a reasonably non-fragile way by dynamically + // getting the line number where we evaluate the SJS file. Don't + // separate these two lines! + var line = new Error().lineNumber; + let uri = Services.io.newFileURI(file); + Services.scriptloader.loadSubScript(uri.spec, s); + } catch (e) { + dumpn("*** syntax error in SJS at " + file.path + ": " + e); + throw HTTP_500; + } + + try { + s.handleRequest(metadata, response); + } catch (e) { + dump( + "*** error running SJS at " + + file.path + + ": " + + e + + " on line " + + (e instanceof Error + ? e.lineNumber + " in httpd.js" + : e.lineNumber - line) + + "\n" + ); + throw HTTP_500; + } + } finally { + fis.close(); + } + } else { + try { + response.setHeader( + "Last-Modified", + toDateString(file.lastModifiedTime), + false + ); + } catch (e) { + /* lastModifiedTime threw, ignore */ + } + + response.setHeader("Content-Type", type, false); + maybeAddInformationalResponse(file, metadata, response); + maybeAddHeaders(file, metadata, response); + // Allow overriding Content-Length + try { + response.getHeader("Content-Length"); + } catch (e) { + response.setHeader("Content-Length", "" + count, false); + } + + let fis = new FileInputStream( + file, + PR_RDONLY, + PERMS_READONLY, + Ci.nsIFileInputStream.CLOSE_ON_EOF + ); + + offset = offset || 0; + count = count || file.fileSize; + NS_ASSERT(offset === 0 || offset < file.fileSize, "bad offset"); + NS_ASSERT(count >= 0, "bad count"); + NS_ASSERT(offset + count <= file.fileSize, "bad total data size"); + + try { + if (offset !== 0) { + // Seek (or read, if seeking isn't supported) to the correct offset so + // the data sent to the client matches the requested range. + if (fis instanceof Ci.nsISeekableStream) { + fis.seek(Ci.nsISeekableStream.NS_SEEK_SET, offset); + } else { + new ScriptableInputStream(fis).read(offset); + } + } + } catch (e) { + fis.close(); + throw e; + } + + let writeMore = function () { + Services.tm.currentThread.dispatch( + writeData, + Ci.nsIThread.DISPATCH_NORMAL + ); + }; + + var input = new BinaryInputStream(fis); + var output = new BinaryOutputStream(response.bodyOutputStream); + var writeData = { + run() { + var chunkSize = Math.min(65536, count); + count -= chunkSize; + NS_ASSERT(count >= 0, "underflow"); + + try { + var data = input.readByteArray(chunkSize); + NS_ASSERT( + data.length === chunkSize, + "incorrect data returned? got " + + data.length + + ", expected " + + chunkSize + ); + output.writeByteArray(data); + if (count === 0) { + fis.close(); + response.finish(); + } else { + writeMore(); + } + } catch (e) { + try { + fis.close(); + } finally { + response.finish(); + } + throw e; + } + }, + }; + + writeMore(); + + // Now that we know copying will start, flag the response as async. + response.processAsync(); + } + }, + + /** + * Get the value corresponding to a given key for the given path for SJS state + * preservation across requests. + * + * @param path : string + * the path from which the given state is to be retrieved + * @param k : string + * the key whose corresponding value is to be returned + * @returns string + * the corresponding value, which is initially the empty string + */ + _getState(path, k) { + var state = this._state; + if (path in state && k in state[path]) { + return state[path][k]; + } + return ""; + }, + + /** + * Set the value corresponding to a given key for the given path for SJS state + * preservation across requests. + * + * @param path : string + * the path from which the given state is to be retrieved + * @param k : string + * the key whose corresponding value is to be set + * @param v : string + * the value to be set + */ + _setState(path, k, v) { + if (typeof v !== "string") { + throw new Error("non-string value passed"); + } + var state = this._state; + if (!(path in state)) { + state[path] = {}; + } + state[path][k] = v; + }, + + /** + * Get the value corresponding to a given key for SJS state preservation + * across requests. + * + * @param k : string + * the key whose corresponding value is to be returned + * @returns string + * the corresponding value, which is initially the empty string + */ + _getSharedState(k) { + var state = this._sharedState; + if (k in state) { + return state[k]; + } + return ""; + }, + + /** + * Set the value corresponding to a given key for SJS state preservation + * across requests. + * + * @param k : string + * the key whose corresponding value is to be set + * @param v : string + * the value to be set + */ + _setSharedState(k, v) { + if (typeof v !== "string") { + throw new Error("non-string value passed"); + } + this._sharedState[k] = v; + }, + + /** + * Returns the object associated with the given key in the server for SJS + * state preservation across requests. + * + * @param k : string + * the key whose corresponding object is to be returned + * @returns nsISupports + * the corresponding object, or null if none was present + */ + _getObjectState(k) { + if (typeof k !== "string") { + throw new Error("non-string key passed"); + } + return this._objectState[k] || null; + }, + + /** + * Sets the object associated with the given key in the server for SJS + * state preservation across requests. + * + * @param k : string + * the key whose corresponding object is to be set + * @param v : nsISupports + * the object to be associated with the given key; may be null + */ + _setObjectState(k, v) { + if (typeof k !== "string") { + throw new Error("non-string key passed"); + } + if (typeof v !== "object") { + throw new Error("non-object value passed"); + } + if (v && !("QueryInterface" in v)) { + throw new Error( + "must pass an nsISupports; use wrappedJSObject to ease " + + "pain when using the server from JS" + ); + } + + this._objectState[k] = v; + }, + + /** + * Gets a content-type for the given file, first by checking for any custom + * MIME-types registered with this handler for the file's extension, second by + * asking the global MIME service for a content-type, and finally by failing + * over to application/octet-stream. + * + * @param file : nsIFile + * the nsIFile for which to get a file type + * @returns string + * the best content-type which can be determined for the file + */ + _getTypeFromFile(file) { + try { + var name = file.leafName; + var dot = name.lastIndexOf("."); + if (dot > 0) { + var ext = name.slice(dot + 1); + if (ext in this._mimeMappings) { + return this._mimeMappings[ext]; + } + } + return Cc["@mozilla.org/mime;1"] + .getService(Ci.nsIMIMEService) + .getTypeFromFile(file); + } catch (e) { + return "application/octet-stream"; + } + }, + + /** + * Returns the nsIFile which corresponds to the path, as determined using + * all registered path->directory mappings and any paths which are explicitly + * overridden. + * + * @param path : string + * the server path for which a file should be retrieved, e.g. "/foo/bar" + * @throws HttpError + * when the correct action is the corresponding HTTP error (i.e., because no + * mapping was found for a directory in path, the referenced file doesn't + * exist, etc.) + * @returns nsIFile + * the file to be sent as the response to a request for the path + */ + _getFileForPath(path) { + // decode and add underscores as necessary + try { + path = toInternalPath(path, true); + } catch (e) { + dumpn("*** toInternalPath threw " + e); + throw HTTP_400; // malformed path + } + + // next, get the directory which contains this path + var pathMap = this._pathDirectoryMap; + + // An example progression of tmp for a path "/foo/bar/baz/" might be: + // "foo/bar/baz/", "foo/bar/baz", "foo/bar", "foo", "" + var tmp = path.substring(1); + while (true) { + // do we have a match for current head of the path? + var file = pathMap.get(tmp); + if (file) { + // XXX hack; basically disable showing mapping for /foo/bar/ when the + // requested path was /foo/bar, because relative links on the page + // will all be incorrect -- we really need the ability to easily + // redirect here instead + if ( + tmp == path.substring(1) && + !!tmp.length && + tmp.charAt(tmp.length - 1) != "/" + ) { + file = null; + } else { + break; + } + } + + // if we've finished trying all prefixes, exit + if (tmp == "") { + break; + } + + tmp = tmp.substring(0, tmp.lastIndexOf("/")); + } + + // no mapping applies, so 404 + if (!file) { + throw HTTP_404; + } + + // last, get the file for the path within the determined directory + var parentFolder = file.parent; + var dirIsRoot = parentFolder == null; + + // Strategy here is to append components individually, making sure we + // never move above the given directory; this allows paths such as + // "/foo/../bar" but prevents paths such as "/../base-sibling"; + // this component-wise approach also means the code works even on platforms + // which don't use "/" as the directory separator, such as Windows + var leafPath = path.substring(tmp.length + 1); + var comps = leafPath.split("/"); + for (var i = 0, sz = comps.length; i < sz; i++) { + var comp = comps[i]; + + if (comp == "..") { + file = file.parent; + } else if (comp == "." || comp == "") { + continue; + } else { + file.append(comp); + } + + if (!dirIsRoot && file.equals(parentFolder)) { + throw HTTP_403; + } + } + + return file; + }, + + /** + * Writes the error page for the given HTTP error code over the given + * connection. + * + * @param errorCode : uint + * the HTTP error code to be used + * @param connection : Connection + * the connection on which the error occurred + */ + handleError(errorCode, connection) { + var response = new Response(connection); + + dumpn("*** error in request: " + errorCode); + + this._handleError(errorCode, new Request(connection.port), response); + }, + + /** + * Handles a request which generates the given error code, using the + * user-defined error handler if one has been set, gracefully falling back to + * the x00 status code if the code has no handler, and failing to status code + * 500 if all else fails. + * + * @param errorCode : uint + * the HTTP error which is to be returned + * @param metadata : Request + * metadata for the request, which will often be incomplete since this is an + * error + * @param response : Response + * an uninitialized Response should be initialized when this method + * completes with information which represents the desired error code in the + * ideal case or a fallback code in abnormal circumstances (i.e., 500 is a + * fallback for 505, per HTTP specs) + */ + _handleError(errorCode, metadata, response) { + if (!metadata) { + throw Components.Exception("", Cr.NS_ERROR_NULL_POINTER); + } + + var errorX00 = errorCode - (errorCode % 100); + + try { + if (!(errorCode in HTTP_ERROR_CODES)) { + dumpn("*** WARNING: requested invalid error: " + errorCode); + } + + // RFC 2616 says that we should try to handle an error by its class if we + // can't otherwise handle it -- if that fails, we revert to handling it as + // a 500 internal server error, and if that fails we throw and shut down + // the server + + // actually handle the error + try { + if (errorCode in this._overrideErrors) { + this._overrideErrors[errorCode](metadata, response); + } else { + this._defaultErrors[errorCode](metadata, response); + } + } catch (e) { + if (response.partiallySent()) { + response.abort(e); + return; + } + + // don't retry the handler that threw + if (errorX00 == errorCode) { + throw HTTP_500; + } + + dumpn( + "*** error in handling for error code " + + errorCode + + ", " + + "falling back to " + + errorX00 + + "..." + ); + response = new Response(response._connection); + if (errorX00 in this._overrideErrors) { + this._overrideErrors[errorX00](metadata, response); + } else if (errorX00 in this._defaultErrors) { + this._defaultErrors[errorX00](metadata, response); + } else { + throw HTTP_500; + } + } + } catch (e) { + if (response.partiallySent()) { + response.abort(); + return; + } + + // we've tried everything possible for a meaningful error -- now try 500 + dumpn( + "*** error in handling for error code " + + errorX00 + + ", falling " + + "back to 500..." + ); + + try { + response = new Response(response._connection); + if (500 in this._overrideErrors) { + this._overrideErrors[500](metadata, response); + } else { + this._defaultErrors[500](metadata, response); + } + } catch (e2) { + dumpn("*** multiple errors in default error handlers!"); + dumpn("*** e == " + e + ", e2 == " + e2); + response.abort(e2); + return; + } + } + + response.complete(); + }, + + // FIELDS + + /** + * This object contains the default handlers for the various HTTP error codes. + */ + _defaultErrors: { + 400(metadata, response) { + // none of the data in metadata is reliable, so hard-code everything here + response.setStatusLine("1.1", 400, "Bad Request"); + response.setHeader("Content-Type", "text/plain;charset=utf-8", false); + + var body = "Bad request\n"; + response.bodyOutputStream.write(body, body.length); + }, + 403(metadata, response) { + response.setStatusLine(metadata.httpVersion, 403, "Forbidden"); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + 403 Forbidden\ + \ +

403 Forbidden

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + 404(metadata, response) { + response.setStatusLine(metadata.httpVersion, 404, "Not Found"); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + 404 Not Found\ + \ +

404 Not Found

\ +

\ + " + + htmlEscape(metadata.path) + + " was not found.\ +

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + 416(metadata, response) { + response.setStatusLine( + metadata.httpVersion, + 416, + "Requested Range Not Satisfiable" + ); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + \ + 416 Requested Range Not Satisfiable\ + \ +

416 Requested Range Not Satisfiable

\ +

The byte range was not valid for the\ + requested resource.\ +

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + 500(metadata, response) { + response.setStatusLine( + metadata.httpVersion, + 500, + "Internal Server Error" + ); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + 500 Internal Server Error\ + \ +

500 Internal Server Error

\ +

Something's broken in this server and\ + needs to be fixed.

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + 501(metadata, response) { + response.setStatusLine(metadata.httpVersion, 501, "Not Implemented"); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + 501 Not Implemented\ + \ +

501 Not Implemented

\ +

This server is not (yet) Apache.

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + 505(metadata, response) { + response.setStatusLine("1.1", 505, "HTTP Version Not Supported"); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + 505 HTTP Version Not Supported\ + \ +

505 HTTP Version Not Supported

\ +

This server only supports HTTP/1.0 and HTTP/1.1\ + connections.

\ + \ + "; + response.bodyOutputStream.write(body, body.length); + }, + }, + + /** + * Contains handlers for the default set of URIs contained in this server. + */ + _defaultPaths: { + "/": function (metadata, response) { + response.setStatusLine(metadata.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/html;charset=utf-8", false); + + var body = + "\ + httpd.js\ + \ +

httpd.js

\ +

If you're seeing this page, httpd.js is up and\ + serving requests! Now set a base path and serve some\ + files!

\ + \ + "; + + response.bodyOutputStream.write(body, body.length); + }, + + "/trace": function (metadata, response) { + response.setStatusLine(metadata.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/plain;charset=utf-8", false); + + var body = + "Request-URI: " + + metadata.scheme + + "://" + + metadata.host + + ":" + + metadata.port + + metadata.path + + "\n\n"; + body += "Request (semantically equivalent, slightly reformatted):\n\n"; + body += metadata.method + " " + metadata.path; + + if (metadata.queryString) { + body += "?" + metadata.queryString; + } + + body += " HTTP/" + metadata.httpVersion + "\r\n"; + + var headEnum = metadata.headers; + while (headEnum.hasMoreElements()) { + var fieldName = headEnum + .getNext() + .QueryInterface(Ci.nsISupportsString).data; + body += fieldName + ": " + metadata.getHeader(fieldName) + "\r\n"; + } + + response.bodyOutputStream.write(body, body.length); + }, + }, +}; + +/** + * Maps absolute paths to files on the local file system (as nsILocalFiles). + */ +function FileMap() { + /** Hash which will map paths to nsILocalFiles. */ + this._map = {}; +} +FileMap.prototype = { + // PUBLIC API + + /** + * Maps key to a clone of the nsIFile value if value is non-null; + * otherwise, removes any extant mapping for key. + * + * @param key : string + * string to which a clone of value is mapped + * @param value : nsIFile + * the file to map to key, or null to remove a mapping + */ + put(key, value) { + if (value) { + this._map[key] = value.clone(); + } else { + delete this._map[key]; + } + }, + + /** + * Returns a clone of the nsIFile mapped to key, or null if no such + * mapping exists. + * + * @param key : string + * key to which the returned file maps + * @returns nsIFile + * a clone of the mapped file, or null if no mapping exists + */ + get(key) { + var val = this._map[key]; + return val ? val.clone() : null; + }, +}; + +// Response CONSTANTS + +// token = * +// CHAR = +// CTL = +// separators = "(" | ")" | "<" | ">" | "@" +// | "," | ";" | ":" | "\" | <"> +// | "/" | "[" | "]" | "?" | "=" +// | "{" | "}" | SP | HT +const IS_TOKEN_ARRAY = [ + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, // 0 + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, // 8 + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, // 16 + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, // 24 + + 0, + 1, + 0, + 1, + 1, + 1, + 1, + 1, // 32 + 0, + 0, + 1, + 1, + 0, + 1, + 1, + 0, // 40 + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 48 + 1, + 1, + 0, + 0, + 0, + 0, + 0, + 0, // 56 + + 0, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 64 + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 72 + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 80 + 1, + 1, + 1, + 0, + 0, + 0, + 1, + 1, // 88 + + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 96 + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 104 + 1, + 1, + 1, + 1, + 1, + 1, + 1, + 1, // 112 + 1, + 1, + 1, + 0, + 1, + 0, + 1, +]; // 120 + +/** + * Determines whether the given character code is a CTL. + * + * @param code : uint + * the character code + * @returns boolean + * true if code is a CTL, false otherwise + */ +function isCTL(code) { + return (code >= 0 && code <= 31) || code == 127; +} + +/** + * Represents a response to an HTTP request, encapsulating all details of that + * response. This includes all headers, the HTTP version, status code and + * explanation, and the entity itself. + * + * @param connection : Connection + * the connection over which this response is to be written + */ +function Response(connection) { + /** The connection over which this response will be written. */ + this._connection = connection; + + /** + * The HTTP version of this response; defaults to 1.1 if not set by the + * handler. + */ + this._httpVersion = nsHttpVersion.HTTP_1_1; + + /** + * The HTTP code of this response; defaults to 200. + */ + this._httpCode = 200; + + /** + * The description of the HTTP code in this response; defaults to "OK". + */ + this._httpDescription = "OK"; + + /** + * An nsIHttpHeaders object in which the headers in this response should be + * stored. This property is null after the status line and headers have been + * written to the network, and it may be modified up until it is cleared, + * except if this._finished is set first (in which case headers are written + * asynchronously in response to a finish() call not preceded by + * flushHeaders()). + */ + this._headers = new nsHttpHeaders(); + + /** + * Informational response: + * For example 103 Early Hint + **/ + this._informationalResponseHttpVersion = nsHttpVersion.HTTP_1_1; + this._informationalResponseHttpCode = 0; + this._informationalResponseHttpDescription = ""; + this._informationalResponseHeaders = new nsHttpHeaders(); + this._informationalResponseSet = false; + + /** + * Set to true when this response is ended (completely constructed if possible + * and the connection closed); further actions on this will then fail. + */ + this._ended = false; + + /** + * A stream used to hold data written to the body of this response. + */ + this._bodyOutputStream = null; + + /** + * A stream containing all data that has been written to the body of this + * response so far. (Async handlers make the data contained in this + * unreliable as a way of determining content length in general, but auxiliary + * saved information can sometimes be used to guarantee reliability.) + */ + this._bodyInputStream = null; + + /** + * A stream copier which copies data to the network. It is initially null + * until replaced with a copier for response headers; when headers have been + * fully sent it is replaced with a copier for the response body, remaining + * so for the duration of response processing. + */ + this._asyncCopier = null; + + /** + * True if this response has been designated as being processed + * asynchronously rather than for the duration of a single call to + * nsIHttpRequestHandler.handle. + */ + this._processAsync = false; + + /** + * True iff finish() has been called on this, signaling that no more changes + * to this may be made. + */ + this._finished = false; + + /** + * True iff powerSeized() has been called on this, signaling that this + * response is to be handled manually by the response handler (which may then + * send arbitrary data in response, even non-HTTP responses). + */ + this._powerSeized = false; +} +Response.prototype = { + // PUBLIC CONSTRUCTION API + + // + // see nsIHttpResponse.bodyOutputStream + // + get bodyOutputStream() { + if (this._finished) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + + if (!this._bodyOutputStream) { + var pipe = new Pipe( + true, + false, + Response.SEGMENT_SIZE, + PR_UINT32_MAX, + null + ); + this._bodyOutputStream = pipe.outputStream; + this._bodyInputStream = pipe.inputStream; + if (this._processAsync || this._powerSeized) { + this._startAsyncProcessor(); + } + } + + return this._bodyOutputStream; + }, + + // + // see nsIHttpResponse.write + // + write(data) { + if (this._finished) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + + var dataAsString = String(data); + this.bodyOutputStream.write(dataAsString, dataAsString.length); + }, + + // + // see nsIHttpResponse.setStatusLine + // + setStatusLineInternal(httpVersion, code, description, informationalResponse) { + if (this._finished || this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + + if (!informationalResponse) { + if (!this._headers) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + } else if (!this._informationalResponseHeaders) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + this._ensureAlive(); + + if (!(code >= 0 && code < 1000)) { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + try { + var httpVer; + // avoid version construction for the most common cases + if (!httpVersion || httpVersion == "1.1") { + httpVer = nsHttpVersion.HTTP_1_1; + } else if (httpVersion == "1.0") { + httpVer = nsHttpVersion.HTTP_1_0; + } else { + httpVer = new nsHttpVersion(httpVersion); + } + } catch (e) { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + // Reason-Phrase = * + // TEXT = + // + // XXX this ends up disallowing octets which aren't Unicode, I think -- not + // much to do if description is IDL'd as string + if (!description) { + description = ""; + } + for (var i = 0; i < description.length; i++) { + if (isCTL(description.charCodeAt(i)) && description.charAt(i) != "\t") { + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + } + + // set the values only after validation to preserve atomicity + if (!informationalResponse) { + this._httpDescription = description; + this._httpCode = code; + this._httpVersion = httpVer; + } else { + this._informationalResponseSet = true; + this._informationalResponseHttpDescription = description; + this._informationalResponseHttpCode = code; + this._informationalResponseHttpVersion = httpVer; + } + }, + + // + // see nsIHttpResponse.setStatusLine + // + setStatusLine(httpVersion, code, description) { + this.setStatusLineInternal(httpVersion, code, description, false); + }, + + setInformationalResponseStatusLine(httpVersion, code, description) { + this.setStatusLineInternal(httpVersion, code, description, true); + }, + + // + // see nsIHttpResponse.setHeader + // + setHeader(name, value, merge) { + if (!this._headers || this._finished || this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + this._ensureAlive(); + + this._headers.setHeader(name, value, merge); + }, + + setInformationalResponseHeader(name, value, merge) { + if ( + !this._informationalResponseHeaders || + this._finished || + this._powerSeized + ) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + this._ensureAlive(); + + this._informationalResponseHeaders.setHeader(name, value, merge); + }, + + setHeaderNoCheck(name, value) { + if (!this._headers || this._finished || this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + this._ensureAlive(); + + this._headers.setHeaderNoCheck(name, value); + }, + + setInformationalHeaderNoCheck(name, value) { + if (!this._headers || this._finished || this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + this._ensureAlive(); + + this._informationalResponseHeaders.setHeaderNoCheck(name, value); + }, + + // + // see nsIHttpResponse.processAsync + // + processAsync() { + if (this._finished) { + throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); + } + if (this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + if (this._processAsync) { + return; + } + this._ensureAlive(); + + dumpn("*** processing connection " + this._connection.number + " async"); + this._processAsync = true; + + /* + * Either the bodyOutputStream getter or this method is responsible for + * starting the asynchronous processor and catching writes of data to the + * response body of async responses as they happen, for the purpose of + * forwarding those writes to the actual connection's output stream. + * If bodyOutputStream is accessed first, calling this method will create + * the processor (when it first is clear that body data is to be written + * immediately, not buffered). If this method is called first, accessing + * bodyOutputStream will create the processor. If only this method is + * called, we'll write nothing, neither headers nor the nonexistent body, + * until finish() is called. Since that delay is easily avoided by simply + * getting bodyOutputStream or calling write(""), we don't worry about it. + */ + if (this._bodyOutputStream && !this._asyncCopier) { + this._startAsyncProcessor(); + } + }, + + // + // see nsIHttpResponse.seizePower + // + seizePower() { + if (this._processAsync) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + if (this._finished) { + throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); + } + if (this._powerSeized) { + return; + } + this._ensureAlive(); + + dumpn( + "*** forcefully seizing power over connection " + + this._connection.number + + "..." + ); + + // Purge any already-written data without sending it. We could as easily + // swap out the streams entirely, but that makes it possible to acquire and + // unknowingly use a stale reference, so we require there only be one of + // each stream ever for any response to avoid this complication. + if (this._asyncCopier) { + this._asyncCopier.cancel(Cr.NS_BINDING_ABORTED); + } + this._asyncCopier = null; + if (this._bodyOutputStream) { + var input = new BinaryInputStream(this._bodyInputStream); + var avail; + while ((avail = input.available()) > 0) { + input.readByteArray(avail); + } + } + + this._powerSeized = true; + if (this._bodyOutputStream) { + this._startAsyncProcessor(); + } + }, + + // + // see nsIHttpResponse.finish + // + finish() { + if (!this._processAsync && !this._powerSeized) { + throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED); + } + if (this._finished) { + return; + } + + dumpn("*** finishing connection " + this._connection.number); + this._startAsyncProcessor(); // in case bodyOutputStream was never accessed + if (this._bodyOutputStream) { + this._bodyOutputStream.close(); + } + this._finished = true; + }, + + // NSISUPPORTS + + // + // see nsISupports.QueryInterface + // + QueryInterface: ChromeUtils.generateQI(["nsIHttpResponse"]), + + // POST-CONSTRUCTION API (not exposed externally) + + /** + * The HTTP version number of this, as a string (e.g. "1.1"). + */ + get httpVersion() { + this._ensureAlive(); + return this._httpVersion.toString(); + }, + + /** + * The HTTP status code of this response, as a string of three characters per + * RFC 2616. + */ + get httpCode() { + this._ensureAlive(); + + var codeString = + (this._httpCode < 10 ? "0" : "") + + (this._httpCode < 100 ? "0" : "") + + this._httpCode; + return codeString; + }, + + /** + * The description of the HTTP status code of this response, or "" if none is + * set. + */ + get httpDescription() { + this._ensureAlive(); + + return this._httpDescription; + }, + + /** + * The headers in this response, as an nsHttpHeaders object. + */ + get headers() { + this._ensureAlive(); + + return this._headers; + }, + + // + // see nsHttpHeaders.getHeader + // + getHeader(name) { + this._ensureAlive(); + + return this._headers.getHeader(name); + }, + + /** + * Determines whether this response may be abandoned in favor of a newly + * constructed response. A response may be abandoned only if it is not being + * sent asynchronously and if raw control over it has not been taken from the + * server. + * + * @returns boolean + * true iff no data has been written to the network + */ + partiallySent() { + dumpn("*** partiallySent()"); + return this._processAsync || this._powerSeized; + }, + + /** + * If necessary, kicks off the remaining request processing needed to be done + * after a request handler performs its initial work upon this response. + */ + complete() { + dumpn("*** complete()"); + if (this._processAsync || this._powerSeized) { + NS_ASSERT( + this._processAsync ^ this._powerSeized, + "can't both send async and relinquish power" + ); + return; + } + + NS_ASSERT(!this.partiallySent(), "completing a partially-sent response?"); + + this._startAsyncProcessor(); + + // Now make sure we finish processing this request! + if (this._bodyOutputStream) { + this._bodyOutputStream.close(); + } + }, + + /** + * Abruptly ends processing of this response, usually due to an error in an + * incoming request but potentially due to a bad error handler. Since we + * cannot handle the error in the usual way (giving an HTTP error page in + * response) because data may already have been sent (or because the response + * might be expected to have been generated asynchronously or completely from + * scratch by the handler), we stop processing this response and abruptly + * close the connection. + * + * @param e : Error + * the exception which precipitated this abort, or null if no such exception + * was generated + * @param truncateConnection : Boolean + * ensures that we truncate the connection using an RST packet, so the + * client testing code is aware that an error occurred, otherwise it may + * consider the response as valid. + */ + abort(e, truncateConnection = false) { + dumpn("*** abort(<" + e + ">)"); + + if (truncateConnection) { + dumpn("*** truncate connection"); + this._connection.transport.setLinger(true, 0); + } + + // This response will be ended by the processor if one was created. + var copier = this._asyncCopier; + if (copier) { + // We dispatch asynchronously here so that any pending writes of data to + // the connection will be deterministically written. This makes it easier + // to specify exact behavior, and it makes observable behavior more + // predictable for clients. Note that the correctness of this depends on + // callbacks in response to _waitToReadData in WriteThroughCopier + // happening asynchronously with respect to the actual writing of data to + // bodyOutputStream, as they currently do; if they happened synchronously, + // an event which ran before this one could write more data to the + // response body before we get around to canceling the copier. We have + // tests for this in test_seizepower.js, however, and I can't think of a + // way to handle both cases without removing bodyOutputStream access and + // moving its effective write(data, length) method onto Response, which + // would be slower and require more code than this anyway. + Services.tm.currentThread.dispatch( + { + run() { + dumpn("*** canceling copy asynchronously..."); + copier.cancel(Cr.NS_ERROR_UNEXPECTED); + }, + }, + Ci.nsIThread.DISPATCH_NORMAL + ); + } else { + this.end(); + } + }, + + /** + * Closes this response's network connection, marks the response as finished, + * and notifies the server handler that the request is done being processed. + */ + end() { + NS_ASSERT(!this._ended, "ending this response twice?!?!"); + + this._connection.close(); + if (this._bodyOutputStream) { + this._bodyOutputStream.close(); + } + + this._finished = true; + this._ended = true; + }, + + // PRIVATE IMPLEMENTATION + + /** + * Sends the status line and headers of this response if they haven't been + * sent and initiates the process of copying data written to this response's + * body to the network. + */ + _startAsyncProcessor() { + dumpn("*** _startAsyncProcessor()"); + + // Handle cases where we're being called a second time. The former case + // happens when this is triggered both by complete() and by processAsync(), + // while the latter happens when processAsync() in conjunction with sent + // data causes abort() to be called. + if (this._asyncCopier || this._ended) { + dumpn("*** ignoring second call to _startAsyncProcessor"); + return; + } + + // Send headers if they haven't been sent already and should be sent, then + // asynchronously continue to send the body. + if (this._headers && !this._powerSeized) { + this._sendHeaders(); + return; + } + + this._headers = null; + this._sendBody(); + }, + + /** + * Signals that all modifications to the response status line and headers are + * complete and then sends that data over the network to the client. Once + * this method completes, a different response to the request that resulted + * in this response cannot be sent -- the only possible action in case of + * error is to abort the response and close the connection. + */ + _sendHeaders() { + dumpn("*** _sendHeaders()"); + + NS_ASSERT(this._headers); + NS_ASSERT(this._informationalResponseHeaders); + NS_ASSERT(!this._powerSeized); + + var preambleData = []; + + // Informational response, e.g. 103 + if (this._informationalResponseSet) { + // request-line + let statusLine = + "HTTP/" + + this._informationalResponseHttpVersion + + " " + + this._informationalResponseHttpCode + + " " + + this._informationalResponseHttpDescription + + "\r\n"; + preambleData.push(statusLine); + + // headers + let headEnum = this._informationalResponseHeaders.enumerator; + while (headEnum.hasMoreElements()) { + let fieldName = headEnum + .getNext() + .QueryInterface(Ci.nsISupportsString).data; + let values = + this._informationalResponseHeaders.getHeaderValues(fieldName); + for (let i = 0, sz = values.length; i < sz; i++) { + preambleData.push(fieldName + ": " + values[i] + "\r\n"); + } + } + // end request-line/headers + preambleData.push("\r\n"); + } + + // request-line + var statusLine = + "HTTP/" + + this.httpVersion + + " " + + this.httpCode + + " " + + this.httpDescription + + "\r\n"; + + // header post-processing + + var headers = this._headers; + headers.setHeader("Connection", "close", false); + headers.setHeader("Server", "httpd.js", false); + if (!headers.hasHeader("Date")) { + headers.setHeader("Date", toDateString(Date.now()), false); + } + + // Any response not being processed asynchronously must have an associated + // Content-Length header for reasons of backwards compatibility with the + // initial server, which fully buffered every response before sending it. + // Beyond that, however, it's good to do this anyway because otherwise it's + // impossible to test behaviors that depend on the presence or absence of a + // Content-Length header. + if (!this._processAsync) { + dumpn("*** non-async response, set Content-Length"); + + var bodyStream = this._bodyInputStream; + var avail = bodyStream ? bodyStream.available() : 0; + + // XXX assumes stream will always report the full amount of data available + headers.setHeader("Content-Length", "" + avail, false); + } + + // construct and send response + dumpn("*** header post-processing completed, sending response head..."); + + // request-line + preambleData.push(statusLine); + + // headers + var headEnum = headers.enumerator; + while (headEnum.hasMoreElements()) { + var fieldName = headEnum + .getNext() + .QueryInterface(Ci.nsISupportsString).data; + var values = headers.getHeaderValues(fieldName); + for (var i = 0, sz = values.length; i < sz; i++) { + preambleData.push(fieldName + ": " + values[i] + "\r\n"); + } + } + + // end request-line/headers + preambleData.push("\r\n"); + + var preamble = preambleData.join(""); + + var responseHeadPipe = new Pipe(true, false, 0, PR_UINT32_MAX, null); + responseHeadPipe.outputStream.write(preamble, preamble.length); + + var response = this; + var copyObserver = { + onStartRequest(request) { + dumpn("*** preamble copying started"); + }, + + onStopRequest(request, statusCode) { + dumpn( + "*** preamble copying complete " + + "[status=0x" + + statusCode.toString(16) + + "]" + ); + + if (!Components.isSuccessCode(statusCode)) { + dumpn( + "!!! header copying problems: non-success statusCode, " + + "ending response" + ); + + response.end(); + } else { + response._sendBody(); + } + }, + + QueryInterface: ChromeUtils.generateQI(["nsIRequestObserver"]), + }; + + this._asyncCopier = new WriteThroughCopier( + responseHeadPipe.inputStream, + this._connection.output, + copyObserver, + null + ); + + responseHeadPipe.outputStream.close(); + + // Forbid setting any more headers or modifying the request line. + this._headers = null; + }, + + /** + * Asynchronously writes the body of the response (or the entire response, if + * seizePower() has been called) to the network. + */ + _sendBody() { + dumpn("*** _sendBody"); + + NS_ASSERT(!this._headers, "still have headers around but sending body?"); + + // If no body data was written, we're done + if (!this._bodyInputStream) { + dumpn("*** empty body, response finished"); + this.end(); + return; + } + + var response = this; + var copyObserver = { + onStartRequest(request) { + dumpn("*** onStartRequest"); + }, + + onStopRequest(request, statusCode) { + dumpn("*** onStopRequest [status=0x" + statusCode.toString(16) + "]"); + + if (statusCode === Cr.NS_BINDING_ABORTED) { + dumpn("*** terminating copy observer without ending the response"); + } else { + if (!Components.isSuccessCode(statusCode)) { + dumpn("*** WARNING: non-success statusCode in onStopRequest"); + } + + response.end(); + } + }, + + QueryInterface: ChromeUtils.generateQI(["nsIRequestObserver"]), + }; + + dumpn("*** starting async copier of body data..."); + this._asyncCopier = new WriteThroughCopier( + this._bodyInputStream, + this._connection.output, + copyObserver, + null + ); + }, + + /** Ensures that this hasn't been ended. */ + _ensureAlive() { + NS_ASSERT(!this._ended, "not handling response lifetime correctly"); + }, +}; + +/** + * Size of the segments in the buffer used in storing response data and writing + * it to the socket. + */ +Response.SEGMENT_SIZE = 8192; + +/** Serves double duty in WriteThroughCopier implementation. */ +function notImplemented() { + throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED); +} + +/** Returns true iff the given exception represents stream closure. */ +function streamClosed(e) { + return ( + e === Cr.NS_BASE_STREAM_CLOSED || + (typeof e === "object" && e.result === Cr.NS_BASE_STREAM_CLOSED) + ); +} + +/** Returns true iff the given exception represents a blocked stream. */ +function wouldBlock(e) { + return ( + e === Cr.NS_BASE_STREAM_WOULD_BLOCK || + (typeof e === "object" && e.result === Cr.NS_BASE_STREAM_WOULD_BLOCK) + ); +} + +/** + * Copies data from source to sink as it becomes available, when that data can + * be written to sink without blocking. + * + * @param source : nsIAsyncInputStream + * the stream from which data is to be read + * @param sink : nsIAsyncOutputStream + * the stream to which data is to be copied + * @param observer : nsIRequestObserver + * an observer which will be notified when the copy starts and finishes + * @param context : nsISupports + * context passed to observer when notified of start/stop + * @throws NS_ERROR_NULL_POINTER + * if source, sink, or observer are null + */ +export function WriteThroughCopier(source, sink, observer, context) { + if (!source || !sink || !observer) { + throw Components.Exception("", Cr.NS_ERROR_NULL_POINTER); + } + + /** Stream from which data is being read. */ + this._source = source; + + /** Stream to which data is being written. */ + this._sink = sink; + + /** Observer watching this copy. */ + this._observer = observer; + + /** Context for the observer watching this. */ + this._context = context; + + /** + * True iff this is currently being canceled (cancel has been called, the + * callback may not yet have been made). + */ + this._canceled = false; + + /** + * False until all data has been read from input and written to output, at + * which point this copy is completed and cancel() is asynchronously called. + */ + this._completed = false; + + /** Required by nsIRequest, meaningless. */ + this.loadFlags = 0; + /** Required by nsIRequest, meaningless. */ + this.loadGroup = null; + /** Required by nsIRequest, meaningless. */ + this.name = "response-body-copy"; + + /** Status of this request. */ + this.status = Cr.NS_OK; + + /** Arrays of byte strings waiting to be written to output. */ + this._pendingData = []; + + // start copying + try { + observer.onStartRequest(this); + this._waitToReadData(); + this._waitForSinkClosure(); + } catch (e) { + dumpn( + "!!! error starting copy: " + + e + + ("lineNumber" in e ? ", line " + e.lineNumber : "") + ); + dumpn(e.stack); + this.cancel(Cr.NS_ERROR_UNEXPECTED); + } +} +WriteThroughCopier.prototype = { + /* nsISupports implementation */ + + QueryInterface: ChromeUtils.generateQI([ + "nsIInputStreamCallback", + "nsIOutputStreamCallback", + "nsIRequest", + ]), + + // NSIINPUTSTREAMCALLBACK + + /** + * Receives a more-data-in-input notification and writes the corresponding + * data to the output. + * + * @param input : nsIAsyncInputStream + * the input stream on whose data we have been waiting + */ + onInputStreamReady(input) { + if (this._source === null) { + return; + } + + dumpn("*** onInputStreamReady"); + + // + // Ordinarily we'll read a non-zero amount of data from input, queue it up + // to be written and then wait for further callbacks. The complications in + // this method are the cases where we deviate from that behavior when errors + // occur or when copying is drawing to a finish. + // + // The edge cases when reading data are: + // + // Zero data is read + // If zero data was read, we're at the end of available data, so we can + // should stop reading and move on to writing out what we have (or, if + // we've already done that, onto notifying of completion). + // A stream-closed exception is thrown + // This is effectively a less kind version of zero data being read; the + // only difference is that we notify of completion with that result + // rather than with NS_OK. + // Some other exception is thrown + // This is the least kind result. We don't know what happened, so we + // act as though the stream closed except that we notify of completion + // with the result NS_ERROR_UNEXPECTED. + // + + var bytesWanted = 0, + bytesConsumed = -1; + try { + input = new BinaryInputStream(input); + + bytesWanted = Math.min(input.available(), Response.SEGMENT_SIZE); + dumpn("*** input wanted: " + bytesWanted); + + if (bytesWanted > 0) { + var data = input.readByteArray(bytesWanted); + bytesConsumed = data.length; + this._pendingData.push(String.fromCharCode.apply(String, data)); + } + + dumpn("*** " + bytesConsumed + " bytes read"); + + // Handle the zero-data edge case in the same place as all other edge + // cases are handled. + if (bytesWanted === 0) { + throw Components.Exception("", Cr.NS_BASE_STREAM_CLOSED); + } + } catch (e) { + let rv; + if (streamClosed(e)) { + dumpn("*** input stream closed"); + rv = bytesWanted === 0 ? Cr.NS_OK : Cr.NS_ERROR_UNEXPECTED; + } else { + dumpn("!!! unexpected error reading from input, canceling: " + e); + rv = Cr.NS_ERROR_UNEXPECTED; + } + + this._doneReadingSource(rv); + return; + } + + var pendingData = this._pendingData; + + NS_ASSERT(bytesConsumed > 0); + NS_ASSERT(!!pendingData.length, "no pending data somehow?"); + NS_ASSERT( + !!pendingData[pendingData.length - 1].length, + "buffered zero bytes of data?" + ); + + NS_ASSERT(this._source !== null); + + // Reading has gone great, and we've gotten data to write now. What if we + // don't have a place to write that data, because output went away just + // before this read? Drop everything on the floor, including new data, and + // cancel at this point. + if (this._sink === null) { + pendingData.length = 0; + this._doneReadingSource(Cr.NS_ERROR_UNEXPECTED); + return; + } + + // Okay, we've read the data, and we know we have a place to write it. We + // need to queue up the data to be written, but *only* if none is queued + // already -- if data's already queued, the code that actually writes the + // data will make sure to wait on unconsumed pending data. + try { + if (pendingData.length === 1) { + this._waitToWriteData(); + } + } catch (e) { + dumpn( + "!!! error waiting to write data just read, swallowing and " + + "writing only what we already have: " + + e + ); + this._doneWritingToSink(Cr.NS_ERROR_UNEXPECTED); + return; + } + + // Whee! We successfully read some data, and it's successfully queued up to + // be written. All that remains now is to wait for more data to read. + try { + this._waitToReadData(); + } catch (e) { + dumpn("!!! error waiting to read more data: " + e); + this._doneReadingSource(Cr.NS_ERROR_UNEXPECTED); + } + }, + + // NSIOUTPUTSTREAMCALLBACK + + /** + * Callback when data may be written to the output stream without blocking, or + * when the output stream has been closed. + * + * @param output : nsIAsyncOutputStream + * the output stream on whose writability we've been waiting, also known as + * this._sink + */ + onOutputStreamReady(output) { + if (this._sink === null) { + return; + } + + dumpn("*** onOutputStreamReady"); + + var pendingData = this._pendingData; + if (pendingData.length === 0) { + // There's no pending data to write. The only way this can happen is if + // we're waiting on the output stream's closure, so we can respond to a + // copying failure as quickly as possible (rather than waiting for data to + // be available to read and then fail to be copied). Therefore, we must + // be done now -- don't bother to attempt to write anything and wrap + // things up. + dumpn("!!! output stream closed prematurely, ending copy"); + + this._doneWritingToSink(Cr.NS_ERROR_UNEXPECTED); + return; + } + + NS_ASSERT(!!pendingData[0].length, "queued up an empty quantum?"); + + // + // Write out the first pending quantum of data. The possible errors here + // are: + // + // The write might fail because we can't write that much data + // Okay, we've written what we can now, so re-queue what's left and + // finish writing it out later. + // The write failed because the stream was closed + // Discard pending data that we can no longer write, stop reading, and + // signal that copying finished. + // Some other error occurred. + // Same as if the stream were closed, but notify with the status + // NS_ERROR_UNEXPECTED so the observer knows something was wonky. + // + + try { + var quantum = pendingData[0]; + + // XXX |quantum| isn't guaranteed to be ASCII, so we're relying on + // undefined behavior! We're only using this because writeByteArray + // is unusably broken for asynchronous output streams; see bug 532834 + // for details. + var bytesWritten = output.write(quantum, quantum.length); + if (bytesWritten === quantum.length) { + pendingData.shift(); + } else { + pendingData[0] = quantum.substring(bytesWritten); + } + + dumpn("*** wrote " + bytesWritten + " bytes of data"); + } catch (e) { + if (wouldBlock(e)) { + NS_ASSERT( + !!pendingData.length, + "stream-blocking exception with no data to write?" + ); + NS_ASSERT( + !!pendingData[0].length, + "stream-blocking exception with empty quantum?" + ); + this._waitToWriteData(); + return; + } + + if (streamClosed(e)) { + dumpn("!!! output stream prematurely closed, signaling error..."); + } else { + dumpn("!!! unknown error: " + e + ", quantum=" + quantum); + } + + this._doneWritingToSink(Cr.NS_ERROR_UNEXPECTED); + return; + } + + // The day is ours! Quantum written, now let's see if we have more data + // still to write. + try { + if (pendingData.length) { + this._waitToWriteData(); + return; + } + } catch (e) { + dumpn("!!! unexpected error waiting to write pending data: " + e); + this._doneWritingToSink(Cr.NS_ERROR_UNEXPECTED); + return; + } + + // Okay, we have no more pending data to write -- but might we get more in + // the future? + if (this._source !== null) { + /* + * If we might, then wait for the output stream to be closed. (We wait + * only for closure because we have no data to write -- and if we waited + * for a specific amount of data, we would get repeatedly notified for no + * reason if over time the output stream permitted more and more data to + * be written to it without blocking.) + */ + this._waitForSinkClosure(); + } else { + /* + * On the other hand, if we can't have more data because the input + * stream's gone away, then it's time to notify of copy completion. + * Victory! + */ + this._sink = null; + this._cancelOrDispatchCancelCallback(Cr.NS_OK); + } + }, + + // NSIREQUEST + + /** Returns true if the cancel observer hasn't been notified yet. */ + isPending() { + return !this._completed; + }, + + /** Not implemented, don't use! */ + suspend: notImplemented, + /** Not implemented, don't use! */ + resume: notImplemented, + + /** + * Cancels data reading from input, asynchronously writes out any pending + * data, and causes the observer to be notified with the given error code when + * all writing has finished. + * + * @param status : nsresult + * the status to pass to the observer when data copying has been canceled + */ + cancel(status) { + dumpn("*** cancel(" + status.toString(16) + ")"); + + if (this._canceled) { + dumpn("*** suppressing a late cancel"); + return; + } + + this._canceled = true; + this.status = status; + + // We could be in the middle of absolutely anything at this point. Both + // input and output might still be around, we might have pending data to + // write, and in general we know nothing about the state of the world. We + // therefore must assume everything's in progress and take everything to its + // final steady state (or so far as it can go before we need to finish + // writing out remaining data). + + this._doneReadingSource(status); + }, + + // PRIVATE IMPLEMENTATION + + /** + * Stop reading input if we haven't already done so, passing e as the status + * when closing the stream, and kick off a copy-completion notice if no more + * data remains to be written. + * + * @param e : nsresult + * the status to be used when closing the input stream + */ + _doneReadingSource(e) { + dumpn("*** _doneReadingSource(0x" + e.toString(16) + ")"); + + this._finishSource(e); + if (this._pendingData.length === 0) { + this._sink = null; + } else { + NS_ASSERT(this._sink !== null, "null output?"); + } + + // If we've written out all data read up to this point, then it's time to + // signal completion. + if (this._sink === null) { + NS_ASSERT(this._pendingData.length === 0, "pending data still?"); + this._cancelOrDispatchCancelCallback(e); + } + }, + + /** + * Stop writing output if we haven't already done so, discard any data that + * remained to be sent, close off input if it wasn't already closed, and kick + * off a copy-completion notice. + * + * @param e : nsresult + * the status to be used when closing input if it wasn't already closed + */ + _doneWritingToSink(e) { + dumpn("*** _doneWritingToSink(0x" + e.toString(16) + ")"); + + this._pendingData.length = 0; + this._sink = null; + this._doneReadingSource(e); + }, + + /** + * Completes processing of this copy: either by canceling the copy if it + * hasn't already been canceled using the provided status, or by dispatching + * the cancel callback event (with the originally provided status, of course) + * if it already has been canceled. + * + * @param status : nsresult + * the status code to use to cancel this, if this hasn't already been + * canceled + */ + _cancelOrDispatchCancelCallback(status) { + dumpn("*** _cancelOrDispatchCancelCallback(" + status + ")"); + + NS_ASSERT(this._source === null, "should have finished input"); + NS_ASSERT(this._sink === null, "should have finished output"); + NS_ASSERT(this._pendingData.length === 0, "should have no pending data"); + + if (!this._canceled) { + this.cancel(status); + return; + } + + var self = this; + var event = { + run() { + dumpn("*** onStopRequest async callback"); + + self._completed = true; + try { + self._observer.onStopRequest(self, self.status); + } catch (e) { + NS_ASSERT( + false, + "how are we throwing an exception here? we control " + + "all the callers! " + + e + ); + } + }, + }; + + Services.tm.currentThread.dispatch(event, Ci.nsIThread.DISPATCH_NORMAL); + }, + + /** + * Kicks off another wait for more data to be available from the input stream. + */ + _waitToReadData() { + dumpn("*** _waitToReadData"); + this._source.asyncWait( + this, + 0, + Response.SEGMENT_SIZE, + Services.tm.mainThread + ); + }, + + /** + * Kicks off another wait until data can be written to the output stream. + */ + _waitToWriteData() { + dumpn("*** _waitToWriteData"); + + var pendingData = this._pendingData; + NS_ASSERT(!!pendingData.length, "no pending data to write?"); + NS_ASSERT(!!pendingData[0].length, "buffered an empty write?"); + + this._sink.asyncWait( + this, + 0, + pendingData[0].length, + Services.tm.mainThread + ); + }, + + /** + * Kicks off a wait for the sink to which data is being copied to be closed. + * We wait for stream closure when we don't have any data to be copied, rather + * than waiting to write a specific amount of data. We can't wait to write + * data because the sink might be infinitely writable, and if no data appears + * in the source for a long time we might have to spin quite a bit waiting to + * write, waiting to write again, &c. Waiting on stream closure instead means + * we'll get just one notification if the sink dies. Note that when data + * starts arriving from the sink we'll resume waiting for data to be written, + * dropping this closure-only callback entirely. + */ + _waitForSinkClosure() { + dumpn("*** _waitForSinkClosure"); + + this._sink.asyncWait( + this, + Ci.nsIAsyncOutputStream.WAIT_CLOSURE_ONLY, + 0, + Services.tm.mainThread + ); + }, + + /** + * Closes input with the given status, if it hasn't already been closed; + * otherwise a no-op. + * + * @param status : nsresult + * status code use to close the source stream if necessary + */ + _finishSource(status) { + dumpn("*** _finishSource(" + status.toString(16) + ")"); + + if (this._source !== null) { + this._source.closeWithStatus(status); + this._source = null; + } + }, +}; + +/** + * A container for utility functions used with HTTP headers. + */ +const headerUtils = { + /** + * Normalizes fieldName (by converting it to lowercase) and ensures it is a + * valid header field name (although not necessarily one specified in RFC + * 2616). + * + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not match the field-name production in RFC 2616 + * @returns string + * fieldName converted to lowercase if it is a valid header, for characters + * where case conversion is possible + */ + normalizeFieldName(fieldName) { + if (fieldName == "") { + dumpn("*** Empty fieldName"); + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + + for (var i = 0, sz = fieldName.length; i < sz; i++) { + if (!IS_TOKEN_ARRAY[fieldName.charCodeAt(i)]) { + dumpn(fieldName + " is not a valid header field name!"); + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + } + + return fieldName.toLowerCase(); + }, + + /** + * Ensures that fieldValue is a valid header field value (although not + * necessarily as specified in RFC 2616 if the corresponding field name is + * part of the HTTP protocol), normalizes the value if it is, and + * returns the normalized value. + * + * @param fieldValue : string + * a value to be normalized as an HTTP header field value + * @throws NS_ERROR_INVALID_ARG + * if fieldValue does not match the field-value production in RFC 2616 + * @returns string + * fieldValue as a normalized HTTP header field value + */ + normalizeFieldValue(fieldValue) { + // field-value = *( field-content | LWS ) + // field-content = + // TEXT = + // LWS = [CRLF] 1*( SP | HT ) + // + // quoted-string = ( <"> *(qdtext | quoted-pair ) <"> ) + // qdtext = > + // quoted-pair = "\" CHAR + // CHAR = + + // Any LWS that occurs between field-content MAY be replaced with a single + // SP before interpreting the field value or forwarding the message + // downstream (section 4.2); we replace 1*LWS with a single SP + var val = fieldValue.replace(/(?:(?:\r\n)?[ \t]+)+/g, " "); + + // remove leading/trailing LWS (which has been converted to SP) + val = val.replace(/^ +/, "").replace(/ +$/, ""); + + // that should have taken care of all CTLs, so val should contain no CTLs + dumpn("*** Normalized value: '" + val + "'"); + for (var i = 0, len = val.length; i < len; i++) { + if (isCTL(val.charCodeAt(i))) { + dump("*** Char " + i + " has charcode " + val.charCodeAt(i)); + throw Components.Exception("", Cr.NS_ERROR_INVALID_ARG); + } + } + + // XXX disallows quoted-pair where CHAR is a CTL -- will not invalidly + // normalize, however, so this can be construed as a tightening of the + // spec and not entirely as a bug + return val; + }, +}; + +/** + * Converts the given string into a string which is safe for use in an HTML + * context. + * + * @param str : string + * the string to make HTML-safe + * @returns string + * an HTML-safe version of str + */ +function htmlEscape(str) { + // this is naive, but it'll work + var s = ""; + for (var i = 0; i < str.length; i++) { + s += "&#" + str.charCodeAt(i) + ";"; + } + return s; +} + +/** + * Constructs an object representing an HTTP version (see section 3.1). + * + * @param versionString + * a string of the form "#.#", where # is an non-negative decimal integer with + * or without leading zeros + * @throws + * if versionString does not specify a valid HTTP version number + */ +function nsHttpVersion(versionString) { + var matches = /^(\d+)\.(\d+)$/.exec(versionString); + if (!matches) { + throw new Error("Not a valid HTTP version!"); + } + + /** The major version number of this, as a number. */ + this.major = parseInt(matches[1], 10); + + /** The minor version number of this, as a number. */ + this.minor = parseInt(matches[2], 10); + + if ( + isNaN(this.major) || + isNaN(this.minor) || + this.major < 0 || + this.minor < 0 + ) { + throw new Error("Not a valid HTTP version!"); + } +} +nsHttpVersion.prototype = { + /** + * Returns the standard string representation of the HTTP version represented + * by this (e.g., "1.1"). + */ + toString() { + return this.major + "." + this.minor; + }, + + /** + * Returns true if this represents the same HTTP version as otherVersion, + * false otherwise. + * + * @param otherVersion : nsHttpVersion + * the version to compare against this + */ + equals(otherVersion) { + return this.major == otherVersion.major && this.minor == otherVersion.minor; + }, + + /** True if this >= otherVersion, false otherwise. */ + atLeast(otherVersion) { + return ( + this.major > otherVersion.major || + (this.major == otherVersion.major && this.minor >= otherVersion.minor) + ); + }, +}; + +nsHttpVersion.HTTP_1_0 = new nsHttpVersion("1.0"); +nsHttpVersion.HTTP_1_1 = new nsHttpVersion("1.1"); + +/** + * An object which stores HTTP headers for a request or response. + * + * Note that since headers are case-insensitive, this object converts headers to + * lowercase before storing them. This allows the getHeader and hasHeader + * methods to work correctly for any case of a header, but it means that the + * values returned by .enumerator may not be equal case-sensitively to the + * values passed to setHeader when adding headers to this. + */ +export function nsHttpHeaders() { + /** + * A hash of headers, with header field names as the keys and header field + * values as the values. Header field names are case-insensitive, but upon + * insertion here they are converted to lowercase. Header field values are + * normalized upon insertion to contain no leading or trailing whitespace. + * + * Note also that per RFC 2616, section 4.2, two headers with the same name in + * a message may be treated as one header with the same field name and a field + * value consisting of the separate field values joined together with a "," in + * their original order. This hash stores multiple headers with the same name + * in this manner. + */ + this._headers = {}; +} +nsHttpHeaders.prototype = { + /** + * Sets the header represented by name and value in this. + * + * @param name : string + * the header name + * @param value : string + * the header value + * @throws NS_ERROR_INVALID_ARG + * if name or value is not a valid header component + */ + setHeader(fieldName, fieldValue, merge) { + var name = headerUtils.normalizeFieldName(fieldName); + var value = headerUtils.normalizeFieldValue(fieldValue); + + // The following three headers are stored as arrays because their real-world + // syntax prevents joining individual headers into a single header using + // ",". See also + if (merge && name in this._headers) { + if ( + name === "www-authenticate" || + name === "proxy-authenticate" || + name === "set-cookie" + ) { + this._headers[name].push(value); + } else { + this._headers[name][0] += "," + value; + NS_ASSERT( + this._headers[name].length === 1, + "how'd a non-special header have multiple values?" + ); + } + } else { + this._headers[name] = [value]; + } + }, + + setHeaderNoCheck(fieldName, fieldValue) { + var name = headerUtils.normalizeFieldName(fieldName); + var value = headerUtils.normalizeFieldValue(fieldValue); + if (name in this._headers) { + this._headers[name].push(value); + } else { + this._headers[name] = [value]; + } + }, + + /** + * Returns the value for the header specified by this. + * + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not constitute a valid header field name + * @throws NS_ERROR_NOT_AVAILABLE + * if the given header does not exist in this + * @returns string + * the field value for the given header, possibly with non-semantic changes + * (i.e., leading/trailing whitespace stripped, whitespace runs replaced + * with spaces, etc.) at the option of the implementation; multiple + * instances of the header will be combined with a comma, except for + * the three headers noted in the description of getHeaderValues + */ + getHeader(fieldName) { + return this.getHeaderValues(fieldName).join("\n"); + }, + + /** + * Returns the value for the header specified by fieldName as an array. + * + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not constitute a valid header field name + * @throws NS_ERROR_NOT_AVAILABLE + * if the given header does not exist in this + * @returns [string] + * an array of all the header values in this for the given + * header name. Header values will generally be collapsed + * into a single header by joining all header values together + * with commas, but certain headers (Proxy-Authenticate, + * WWW-Authenticate, and Set-Cookie) violate the HTTP spec + * and cannot be collapsed in this manner. For these headers + * only, the returned array may contain multiple elements if + * that header has been added more than once. + */ + getHeaderValues(fieldName) { + var name = headerUtils.normalizeFieldName(fieldName); + + if (name in this._headers) { + return this._headers[name]; + } + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + }, + + /** + * Returns true if a header with the given field name exists in this, false + * otherwise. + * + * @param fieldName : string + * the field name whose existence is to be determined in this + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not constitute a valid header field name + * @returns boolean + * true if the header's present, false otherwise + */ + hasHeader(fieldName) { + var name = headerUtils.normalizeFieldName(fieldName); + return name in this._headers; + }, + + /** + * Returns a new enumerator over the field names of the headers in this, as + * nsISupportsStrings. The names returned will be in lowercase, regardless of + * how they were input using setHeader (header names are case-insensitive per + * RFC 2616). + */ + get enumerator() { + var headers = []; + for (var i in this._headers) { + var supports = new SupportsString(); + supports.data = i; + headers.push(supports); + } + + return new nsSimpleEnumerator(headers); + }, +}; + +/** + * Constructs an nsISimpleEnumerator for the given array of items. + * + * @param items : Array + * the items, which must all implement nsISupports + */ +function nsSimpleEnumerator(items) { + this._items = items; + this._nextIndex = 0; +} +nsSimpleEnumerator.prototype = { + hasMoreElements() { + return this._nextIndex < this._items.length; + }, + getNext() { + if (!this.hasMoreElements()) { + throw Components.Exception("", Cr.NS_ERROR_NOT_AVAILABLE); + } + + return this._items[this._nextIndex++]; + }, + [Symbol.iterator]() { + return this._items.values(); + }, + QueryInterface: ChromeUtils.generateQI(["nsISimpleEnumerator"]), +}; + +/** + * A representation of the data in an HTTP request. + * + * @param port : uint + * the port on which the server receiving this request runs + */ +function Request(port) { + /** Method of this request, e.g. GET or POST. */ + this._method = ""; + + /** Path of the requested resource; empty paths are converted to '/'. */ + this._path = ""; + + /** Query string, if any, associated with this request (not including '?'). */ + this._queryString = ""; + + /** Scheme of requested resource, usually http, always lowercase. */ + this._scheme = "http"; + + /** Hostname on which the requested resource resides. */ + this._host = undefined; + + /** Port number over which the request was received. */ + this._port = port; + + var bodyPipe = new Pipe(false, false, 0, PR_UINT32_MAX, null); + + /** Stream from which data in this request's body may be read. */ + this._bodyInputStream = bodyPipe.inputStream; + + /** Stream to which data in this request's body is written. */ + this._bodyOutputStream = bodyPipe.outputStream; + + /** + * The headers in this request. + */ + this._headers = new nsHttpHeaders(); + + /** + * For the addition of ad-hoc properties and new functionality without having + * to change nsIHttpRequest every time; currently lazily created, as its only + * use is in directory listings. + */ + this._bag = null; +} +Request.prototype = { + // SERVER METADATA + + // + // see nsIHttpRequest.scheme + // + get scheme() { + return this._scheme; + }, + + // + // see nsIHttpRequest.host + // + get host() { + return this._host; + }, + + // + // see nsIHttpRequest.port + // + get port() { + return this._port; + }, + + // REQUEST LINE + + // + // see nsIHttpRequest.method + // + get method() { + return this._method; + }, + + // + // see nsIHttpRequest.httpVersion + // + get httpVersion() { + return this._httpVersion.toString(); + }, + + // + // see nsIHttpRequest.path + // + get path() { + return this._path; + }, + + // + // see nsIHttpRequest.queryString + // + get queryString() { + return this._queryString; + }, + + // HEADERS + + // + // see nsIHttpRequest.getHeader + // + getHeader(name) { + return this._headers.getHeader(name); + }, + + // + // see nsIHttpRequest.hasHeader + // + hasHeader(name) { + return this._headers.hasHeader(name); + }, + + // + // see nsIHttpRequest.headers + // + get headers() { + return this._headers.enumerator; + }, + + // + // see nsIPropertyBag.enumerator + // + get enumerator() { + this._ensurePropertyBag(); + return this._bag.enumerator; + }, + + // + // see nsIHttpRequest.headers + // + get bodyInputStream() { + return this._bodyInputStream; + }, + + // + // see nsIPropertyBag.getProperty + // + getProperty(name) { + this._ensurePropertyBag(); + return this._bag.getProperty(name); + }, + + // NSISUPPORTS + + // + // see nsISupports.QueryInterface + // + QueryInterface: ChromeUtils.generateQI(["nsIHttpRequest"]), + + // PRIVATE IMPLEMENTATION + + /** Ensures a property bag has been created for ad-hoc behaviors. */ + _ensurePropertyBag() { + if (!this._bag) { + this._bag = new WritablePropertyBag(); + } + }, +}; diff --git a/netwerk/test/httpserver/moz.build b/netwerk/test/httpserver/moz.build new file mode 100644 index 0000000000..f4c978b160 --- /dev/null +++ b/netwerk/test/httpserver/moz.build @@ -0,0 +1,21 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +XPIDL_SOURCES += [ + "nsIHttpServer.idl", +] + +XPIDL_MODULE = "test_necko" + +XPCSHELL_TESTS_MANIFESTS += ["test/xpcshell.toml"] + +EXTRA_COMPONENTS += [ + "httpd.sys.mjs", +] + +TESTING_JS_MODULES += [ + "httpd.sys.mjs", +] diff --git a/netwerk/test/httpserver/nsIHttpServer.idl b/netwerk/test/httpserver/nsIHttpServer.idl new file mode 100644 index 0000000000..83614dbdb0 --- /dev/null +++ b/netwerk/test/httpserver/nsIHttpServer.idl @@ -0,0 +1,649 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +interface nsIInputStream; +interface nsIFile; +interface nsIOutputStream; +interface nsISimpleEnumerator; + +interface nsIHttpServer; +interface nsIHttpServerStoppedCallback; +interface nsIHttpRequestHandler; +interface nsIHttpRequest; +interface nsIHttpResponse; +interface nsIHttpServerIdentity; + +/** + * An interface which represents an HTTP server. + */ +[scriptable, uuid(cea8812e-faa6-4013-9396-f9936cbb74ec)] +interface nsIHttpServer : nsISupports +{ + /** + * Starts up this server, listening upon the given port. + * + * @param port + * the port upon which listening should happen, or -1 if no specific port is + * desired + * @throws NS_ERROR_ALREADY_INITIALIZED + * if this server is already started + * @throws NS_ERROR_NOT_AVAILABLE + * if the server is not started and cannot be started on the desired port + * (perhaps because the port is already in use or because the process does + * not have privileges to do so) + * @note + * Behavior is undefined if this method is called after stop() has been + * called on this but before the provided callback function has been + * called. + */ + void start(in long port); + + /** + * Starts up this server, listening upon the given port on a ipv6 adddress. + * + * @param port + * the port upon which listening should happen, or -1 if no specific port is + * desired + * @throws NS_ERROR_ALREADY_INITIALIZED + * if this server is already started + * @throws NS_ERROR_NOT_AVAILABLE + * if the server is not started and cannot be started on the desired port + * (perhaps because the port is already in use or because the process does + * not have privileges to do so) + * @note + * Behavior is undefined if this method is called after stop() has been + * called on this but before the provided callback function has been + * called. + */ + void start_ipv6(in long port); + + /** + * Like the two functions above, but this server supports both IPv6 and + * IPv4 addresses. + */ + void start_dualStack(in long port); + + /** + * Shuts down this server if it is running (including the period of time after + * stop() has been called but before the provided callback has been called). + * + * @param callback + * an asynchronous callback used to notify the user when this server is + * stopped and all pending requests have been fully served + * @throws NS_ERROR_NULL_POINTER + * if callback is null + * @throws NS_ERROR_UNEXPECTED + * if this server is not running + */ + void stop(in nsIHttpServerStoppedCallback callback); + + /** + * Associates the local file represented by the string file with all requests + * which match request. + * + * @param path + * the path which is to be mapped to the given file; must begin with "/" and + * be a valid URI path (i.e., no query string, hash reference, etc.) + * @param file + * the file to serve for the given path, or null to remove any mapping that + * might exist; this file must exist for the lifetime of the server + * @param handler + * an optional object which can be used to handle any further changes. + */ + void registerFile(in string path, + in nsIFile file, + [optional] in nsIHttpRequestHandler handler); + + /** + * Registers a custom path handler. + * + * @param path + * the path on the server (beginning with a "/") which is to be handled by + * handler; this path must not include a query string or hash component; it + * also should usually be canonicalized, since most browsers will do so + * before sending otherwise-matching requests + * @param handler + * an object which will handle any requests for the given path, or null to + * remove any existing handler; if while the server is running the handler + * throws an exception while responding to a request, an HTTP 500 response + * will be returned + * @throws NS_ERROR_INVALID_ARG + * if path does not begin with a "/" + */ + void registerPathHandler(in string path, in nsIHttpRequestHandler handler); + + /** + * Registers a custom prefix handler. + * + * @param prefix + * the path on the server (beginning and ending with "/") which is to be + * handled by handler; this path must not include a query string or hash + * component. All requests that start with this prefix will be directed to + * the given handler. + * @param handler + * an object which will handle any requests for the given path, or null to + * remove any existing handler; if while the server is running the handler + * throws an exception while responding to a request, an HTTP 500 response + * will be returned + * @throws NS_ERROR_INVALID_ARG + * if path does not begin with a "/" or does not end with a "/" + */ + void registerPrefixHandler(in string prefix, in nsIHttpRequestHandler handler); + + /** + * Registers a custom error page handler. + * + * @param code + * the error code which is to be handled by handler + * @param handler + * an object which will handle any requests which generate the given status + * code, or null to remove any existing handler. If the handler throws an + * exception during server operation, fallback is to the genericized error + * handler (the x00 version), then to 500, using a user-defined error + * handler if one exists or the server default handler otherwise. Fallback + * will never occur from a user-provided handler that throws to the same + * handler as provided by the server, e.g. a throwing user 404 falls back to + * 400, not a server-provided 404 that might not throw. + * @note + * If the error handler handles HTTP 500 and throws, behavior is undefined. + */ + void registerErrorHandler(in unsigned long code, in nsIHttpRequestHandler handler); + + /** + * Maps all requests to paths beneath path to the corresponding file beneath + * dir. + * + * @param path + * the absolute path on the server against which requests will be served + * from dir (e.g., "/", "/foo/", etc.); must begin and end with a forward + * slash + * @param dir + * the directory to be used to serve all requests for paths underneath path + * (except those further overridden by another, deeper path registered with + * another directory); if null, any current mapping for the given path is + * removed + * @throws NS_ERROR_INVALID_ARG + * if dir is non-null and does not exist or is not a directory, or if path + * does not begin with and end with a forward slash + */ + void registerDirectory(in string path, in nsIFile dir); + + /** + * Associates files with the given extension with the given Content-Type when + * served by this server, in the absence of any file-specific information + * about the desired Content-Type. If type is empty, removes any extant + * mapping, if one is present. + * + * @throws NS_ERROR_INVALID_ARG + * if the given type is not a valid header field value, i.e. if it doesn't + * match the field-value production in RFC 2616 + * @note + * No syntax checking is done of the given type, beyond ensuring that it is + * a valid header field value. Behavior when not given a string matching + * the media-type production in RFC 2616 section 3.7 is undefined. + * Implementations may choose to define specific behavior for types which do + * not match the production, such as for CGI functionality. + * @note + * Implementations MAY treat type as a trusted argument; users who fail to + * generate this string from trusted data risk security vulnerabilities. + */ + void registerContentType(in string extension, in string type); + + /** + * Sets the handler used to display the contents of a directory if + * the directory contains no index page. + * + * @param handler + * an object which will handle any requests for directories which + * do not contain index pages, or null to reset to the default + * index handler; if while the server is running the handler + * throws an exception while responding to a request, an HTTP 500 + * response will be returned. An nsIFile corresponding to the + * directory is available from the metadata object passed to the + * handler, under the key "directory". + */ + void setIndexHandler(in nsIHttpRequestHandler handler); + + /** Represents the locations at which this server is reachable. */ + readonly attribute nsIHttpServerIdentity identity; + + /** + * Retrieves the string associated with the given key in this, for the given + * path's saved state. All keys are initially associated with the empty + * string. + */ + AString getState(in AString path, in AString key); + + /** + * Sets the string associated with the given key in this, for the given path's + * saved state. + */ + void setState(in AString path, in AString key, in AString value); + + /** + * Retrieves the string associated with the given key in this, in + * entire-server saved state. All keys are initially associated with the + * empty string. + */ + AString getSharedState(in AString key); + + /** + * Sets the string associated with the given key in this, in entire-server + * saved state. + */ + void setSharedState(in AString key, in AString value); + + /** + * Retrieves the object associated with the given key in this in + * object-valued saved state. All keys are initially associated with null. + */ + nsISupports getObjectState(in AString key); + + /** + * Sets the object associated with the given key in this in object-valued + * saved state. The value may be null. + */ + void setObjectState(in AString key, in nsISupports value); +}; + +/** + * An interface through which a notification of the complete stopping (socket + * closure, in-flight requests all fully served and responded to) of an HTTP + * server may be received. + */ +[scriptable, function, uuid(925a6d33-9937-4c63-abe1-a1c56a986455)] +interface nsIHttpServerStoppedCallback : nsISupports +{ + /** Called when the corresponding server has been fully stopped. */ + void onStopped(); +}; + +/** + * Represents a set of names for a server, one of which is the primary name for + * the server and the rest of which are secondary. By default every server will + * contain ("http", "localhost", port) and ("http", "127.0.0.1", port) as names, + * where port is what was provided to the corresponding server when started; + * however, except for their being removed when the corresponding server stops + * they have no special importance. + */ +[scriptable, uuid(a89de175-ae8e-4c46-91a5-0dba99bbd284)] +interface nsIHttpServerIdentity : nsISupports +{ + /** + * The primary scheme at which the corresponding server is located, defaulting + * to 'http'. This name will be the value of nsIHttpRequest.scheme for + * HTTP/1.0 requests. + * + * This value is always set when the corresponding server is running. If the + * server is not running, this value is set only if it has been set to a + * non-default name using setPrimary. In this case reading this value will + * throw NS_ERROR_NOT_INITIALIZED. + */ + readonly attribute string primaryScheme; + + /** + * The primary name by which the corresponding server is known, defaulting to + * 'localhost'. This name will be the value of nsIHttpRequest.host for + * HTTP/1.0 requests. + * + * This value is always set when the corresponding server is running. If the + * server is not running, this value is set only if it has been set to a + * non-default name using setPrimary. In this case reading this value will + * throw NS_ERROR_NOT_INITIALIZED. + */ + readonly attribute string primaryHost; + + /** + * The primary port on which the corresponding server runs, defaulting to the + * associated server's port. This name will be the value of + * nsIHttpRequest.port for HTTP/1.0 requests. + * + * This value is always set when the corresponding server is running. If the + * server is not running, this value is set only if it has been set to a + * non-default name using setPrimary. In this case reading this value will + * throw NS_ERROR_NOT_INITIALIZED. + */ + readonly attribute long primaryPort; + + /** + * Adds a location at which this server may be accessed. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if scheme or host do not match the scheme or host productions imported + * into RFC 2616 from RFC 2396, or if port is not a valid port number + */ + void add(in string scheme, in string host, in long port); + + /** + * Removes this name from the list of names by which the corresponding server + * is known. If name is also the primary name for the server, the primary + * name reverts to 'http://127.0.0.1' with the associated server's port. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if scheme or host do not match the scheme or host productions imported + * into RFC 2616 from RFC 2396, or if port is not a valid port number + * @returns + * true if the given name was a name for this server, false otherwise + */ + boolean remove(in string scheme, in string host, in long port); + + /** + * Returns true if the given name is in this, false otherwise. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if scheme or host do not match the scheme or host productions imported + * into RFC 2616 from RFC 2396, or if port is not a valid port number + */ + boolean has(in string scheme, in string host, in long port); + + /** + * Returns the scheme for the name with the given host and port, if one is + * present; otherwise returns the empty string. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if host does not match the host production imported into RFC 2616 from + * RFC 2396, or if port is not a valid port number + */ + string getScheme(in string host, in long port); + + /** + * Designates the given name as the primary name in this and adds it to this + * if it is not already present. + * + * @throws NS_ERROR_ILLEGAL_VALUE + * if scheme or host do not match the scheme or host productions imported + * into RFC 2616 from RFC 2396, or if port is not a valid port number + */ + void setPrimary(in string scheme, in string host, in long port); +}; + +/** + * A representation of a handler for HTTP requests. The handler is used by + * calling its .handle method with data for an incoming request; it is the + * handler's job to use that data as it sees fit to make the desired response. + * + * @note + * This interface uses the [function] attribute, so you can pass a + * script-defined function with the functionality of handle() to any + * method which has a nsIHttpRequestHandler parameter, instead of wrapping + * it in an otherwise empty object. + */ +[scriptable, function, uuid(2bbb4db7-d285-42b3-a3ce-142b8cc7e139)] +interface nsIHttpRequestHandler : nsISupports +{ + /** + * Processes an HTTP request and initializes the passed-in response to reflect + * the correct HTTP response. + * + * If this method throws an exception, externally observable behavior depends + * upon whether is being processed asynchronously. If such is the case, the + * output is some prefix (perhaps all, perhaps none, perhaps only some) of the + * data which would have been sent if, instead, the response had been finished + * at that point. If no data has been written, the response has not had + * seizePower() called on it, and it is not being asynchronously created, an + * error handler will be invoked (usually 500 unless otherwise specified). + * + * Some uses of nsIHttpRequestHandler may require this method to never throw + * an exception; in the general case, however, this method may throw an + * exception (causing an HTTP 500 response to occur, if the above conditions + * are met). + * + * @param request + * data representing an HTTP request + * @param response + * an initially-empty response which must be modified to reflect the data + * which should be sent as the response to the request described by metadata + */ + void handle(in nsIHttpRequest request, in nsIHttpResponse response); +}; + + +/** + * A representation of the data included in an HTTP request. + */ +[scriptable, uuid(978cf30e-ad73-42ee-8f22-fe0aaf1bf5d2)] +interface nsIHttpRequest : nsISupports +{ + /** + * The request type for this request (see RFC 2616, section 5.1.1). + */ + readonly attribute string method; + + /** + * The scheme of the requested path, usually 'http' but might possibly be + * 'https' if some form of SSL tunneling is in use. Note that this value + * cannot be accurately determined unless the incoming request used the + * absolute-path form of the request line; it defaults to 'http', so only + * if it is something else can you be entirely certain it's correct. + */ + readonly attribute string scheme; + + /** + * The host of the data being requested (e.g. "localhost" for the + * http://localhost:8080/file resource). Note that the relevant port on the + * host is specified in this.port. This value is in the ASCII character + * encoding. + */ + readonly attribute string host; + + /** + * The port on the server on which the request was received. + */ + readonly attribute unsigned long port; + + /** + * The requested path, without any query string (e.g. "/dir/file.txt"). It is + * guaranteed to begin with a "/". The individual components in this string + * are URL-encoded. + */ + readonly attribute string path; + + /** + * The URL-encoded query string associated with this request, not including + * the initial "?", or "" if no query string was present. + */ + readonly attribute string queryString; + + /** + * A string containing the HTTP version of the request (i.e., "1.1"). Leading + * zeros for either component of the version will be omitted. (In other + * words, if the request contains the version "1.01", this attribute will be + * "1.1"; see RFC 2616, section 3.1.) + */ + readonly attribute string httpVersion; + + /** + * Returns the value for the header in this request specified by fieldName. + * + * @param fieldName + * the name of the field whose value is to be gotten; note that since HTTP + * header field names are case-insensitive, this method produces equivalent + * results for "HeAdER" and "hEADer" as fieldName + * @returns + * The result is a string containing the individual values of the header, + * usually separated with a comma. The headers WWW-Authenticate, + * Proxy-Authenticate, and Set-Cookie violate the HTTP specification, + * however, and for these headers only the separator string is '\n'. + * + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not constitute a valid header field name + * @throws NS_ERROR_NOT_AVAILABLE + * if the given header does not exist in this + */ + string getHeader(in string fieldName); + + /** + * Returns true if a header with the given field name exists in this, false + * otherwise. + * + * @param fieldName + * the field name whose existence is to be determined in this; note that + * since HTTP header field names are case-insensitive, this method produces + * equivalent results for "HeAdER" and "hEADer" as fieldName + * @throws NS_ERROR_INVALID_ARG + * if fieldName does not constitute a valid header field name + */ + boolean hasHeader(in string fieldName); + + /** + * An nsISimpleEnumerator of nsISupportsStrings over the names of the headers + * in this request. The header field names in the enumerator may not + * necessarily have the same case as they do in the request itself. + */ + readonly attribute nsISimpleEnumerator headers; + + /** + * A stream from which data appearing in the body of this request can be read. + */ + readonly attribute nsIInputStream bodyInputStream; +}; + + +/** + * Represents an HTTP response, as described in RFC 2616, section 6. + */ +[scriptable, uuid(1acd16c2-dc59-42fa-9160-4f26c43c1c21)] +interface nsIHttpResponse : nsISupports +{ + /** + * Sets the status line for this. If this method is never called on this, the + * status line defaults to "HTTP/", followed by the server's default HTTP + * version (e.g. "1.1"), followed by " 200 OK". + * + * @param httpVersion + * the HTTP version of this, as a string (e.g. "1.1"); if null, the server + * default is used + * @param code + * the numeric HTTP status code for this + * @param description + * a human-readable description of code; may be null if no description is + * desired + * @throws NS_ERROR_INVALID_ARG + * if httpVersion is not a valid HTTP version string, statusCode is greater + * than 999, or description contains invalid characters + * @throws NS_ERROR_NOT_AVAILABLE + * if this response is being processed asynchronously and data has been + * written to this response's body, or if seizePower() has been called on + * this + */ + void setStatusLine(in string httpVersion, + in unsigned short statusCode, + in string description); + + /** + * Sets the specified header in this. + * + * @param name + * the name of the header; must match the field-name production per RFC 2616 + * @param value + * the value of the header; must match the field-value production per RFC + * 2616 + * @param merge + * when true, if the given header already exists in this, the values passed + * to this function will be merged into the existing header, per RFC 2616 + * header semantics (except for the Set-Cookie, WWW-Authenticate, and + * Proxy-Authenticate headers, which will treat each such merged header as + * an additional instance of the header, for real-world compatibility + * reasons); when false, replaces any existing header of the given name (if + * any exists) with a new header with the specified value + * @throws NS_ERROR_INVALID_ARG + * if name or value is not a valid header component + * @throws NS_ERROR_NOT_AVAILABLE + * if this response is being processed asynchronously and data has been + * written to this response's body, or if seizePower() has been called on + * this + */ + void setHeader(in string name, in string value, in boolean merge); + + /** + * This is used for testing our header handling, so header will be sent out + * without transformation. There can be multiple headers. + */ + void setHeaderNoCheck(in string name, in string value); + + /** + * A stream to which data appearing in the body of this response (or in the + * totality of the response if seizePower() is called) should be written. + * After this response has been designated as being processed asynchronously, + * or after seizePower() has been called on this, subsequent writes will no + * longer be buffered and will be written to the underlying transport without + * delaying until the entire response is constructed. Write-through may or + * may not be synchronous in the implementation, and in any case particular + * behavior may not be observable to the HTTP client as intermediate buffers + * both in the server socket and in the client may delay written data; be + * prepared for delays at any time. + * + * @throws NS_ERROR_NOT_AVAILABLE + * if accessed after this response is fully constructed + */ + readonly attribute nsIOutputStream bodyOutputStream; + + /** + * Writes a string to the response's output stream. This method is merely a + * convenient shorthand for writing the same data to bodyOutputStream + * directly. + * + * @note + * This method is only guaranteed to work with ASCII data. + * @throws NS_ERROR_NOT_AVAILABLE + * if called after this response has been fully constructed + */ + void write(in string data); + + /** + * Signals that this response is being constructed asynchronously. Requests + * are typically completely constructed during nsIHttpRequestHandler.handle; + * however, responses which require significant resources (time, memory, + * processing) to construct can be created and sent incrementally by calling + * this method during the call to nsIHttpRequestHandler.handle. This method + * only has this effect when called during nsIHttpRequestHandler.handle; + * behavior is undefined if it is called at a later time. It may be called + * multiple times with no ill effect, so long as each call occurs before + * finish() is called. + * + * @throws NS_ERROR_UNEXPECTED + * if not initially called within a nsIHttpRequestHandler.handle call or if + * called after this response has been finished + * @throws NS_ERROR_NOT_AVAILABLE + * if seizePower() has been called on this + */ + void processAsync(); + + /** + * Seizes complete control of this response (and its connection) from the + * server, allowing raw and unfettered access to data being sent in the HTTP + * response. Once this method has been called the only property which may be + * accessed without an exception being thrown is bodyOutputStream, and the + * only methods which may be accessed without an exception being thrown are + * write(), finish(), and seizePower() (which may be called multiple times + * without ill effect so long as all calls are otherwise allowed). + * + * After a successful call, all data subsequently written to the body of this + * response is written directly to the corresponding connection. (Previously- + * written data is silently discarded.) No status line or headers are sent + * before doing so; if the response handler wishes to write such data, it must + * do so manually. Data generation completes only when finish() is called; it + * is not enough to simply call close() on bodyOutputStream. + * + * @throws NS_ERROR_NOT_AVAILABLE + * if processAsync() has been called on this + * @throws NS_ERROR_UNEXPECTED + * if finish() has been called on this + */ + void seizePower(); + + /** + * Signals that construction of this response is complete and that it may be + * sent over the network to the client, or if seizePower() has been called + * signals that all data has been written and that the underlying connection + * may be closed. This method may only be called after processAsync() or + * seizePower() has been called. This method is idempotent. + * + * @throws NS_ERROR_UNEXPECTED + * if processAsync() or seizePower() has not already been properly called + */ + void finish(); +}; diff --git a/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^ b/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^ new file mode 100644 index 0000000000..b005a65fd2 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^ @@ -0,0 +1 @@ +If this has goofy headers on it, it's a success. diff --git a/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^headers^ b/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^headers^ new file mode 100644 index 0000000000..66e1522317 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/caret_test.txt^^headers^ @@ -0,0 +1,3 @@ +HTTP 500 This Isn't A Server Error +Foo-RFC: 3092 +Shaving-Cream-Atom: Illudium Phosdex diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_both.html b/netwerk/test/httpserver/test/data/cern_meta/test_both.html new file mode 100644 index 0000000000..db18ea5d7a --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_both.html @@ -0,0 +1,2 @@ +This page is a text file served with status 501. (That's really a lie, tho, +because this is definitely Implemented.) diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_both.html^headers^ b/netwerk/test/httpserver/test/data/cern_meta/test_both.html^headers^ new file mode 100644 index 0000000000..bb3c16a2e2 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_both.html^headers^ @@ -0,0 +1,2 @@ +HTTP 501 Unimplemented +Content-Type: text/plain diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt b/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt new file mode 100644 index 0000000000..7235fa32a5 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt @@ -0,0 +1,9 @@ + + + This is really HTML, not text + + +

This file is really HTML; the test_ctype_override.txt^headers^ file sets a + new header that overwrites the default text/plain header.

+ + diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt^headers^ b/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt^headers^ new file mode 100644 index 0000000000..156209f9c8 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_ctype_override.txt^headers^ @@ -0,0 +1 @@ +Content-Type: text/html diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html b/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html new file mode 100644 index 0000000000..fd243c640e --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html @@ -0,0 +1,9 @@ + + + This is a 404 page + + +

This page has a 404 HTTP status associated with it, via + test_status_override.html^headers^.

+ + diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html^headers^ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html^headers^ new file mode 100644 index 0000000000..f438a05746 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override.html^headers^ @@ -0,0 +1 @@ +HTTP 404 Can't Find This diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt b/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt new file mode 100644 index 0000000000..4718ec282f --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt @@ -0,0 +1 @@ +This page has an HTTP status override without a description (it defaults to ""). diff --git a/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt^headers^ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt^headers^ new file mode 100644 index 0000000000..32da7632f9 --- /dev/null +++ b/netwerk/test/httpserver/test/data/cern_meta/test_status_override_nodesc.txt^headers^ @@ -0,0 +1 @@ +HTTP 732 diff --git a/netwerk/test/httpserver/test/data/name-scheme/bar.html^^ b/netwerk/test/httpserver/test/data/name-scheme/bar.html^^ new file mode 100644 index 0000000000..bed1f34c9f --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/bar.html^^ @@ -0,0 +1,10 @@ + + + Welcome to bar.html^ + + +

This file is named with two trailing carets, so the last is stripped + away, producing bar.html^ as the final name.

+ + + diff --git a/netwerk/test/httpserver/test/data/name-scheme/bar.html^^headers^ b/netwerk/test/httpserver/test/data/name-scheme/bar.html^^headers^ new file mode 100644 index 0000000000..04fbaa08fe --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/bar.html^^headers^ @@ -0,0 +1,2 @@ +HTTP 200 OK +Content-Type: text/html diff --git a/netwerk/test/httpserver/test/data/name-scheme/folder^^/ERROR_IF_SEE_THIS.txt^ b/netwerk/test/httpserver/test/data/name-scheme/folder^^/ERROR_IF_SEE_THIS.txt^ new file mode 100644 index 0000000000..dccee48e34 --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/folder^^/ERROR_IF_SEE_THIS.txt^ @@ -0,0 +1 @@ +This file shouldn't be shown in directory listings. diff --git a/netwerk/test/httpserver/test/data/name-scheme/folder^^/SHOULD_SEE_THIS.txt^^ b/netwerk/test/httpserver/test/data/name-scheme/folder^^/SHOULD_SEE_THIS.txt^^ new file mode 100644 index 0000000000..a8ee35a3b6 --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/folder^^/SHOULD_SEE_THIS.txt^^ @@ -0,0 +1 @@ +This file should show up in directory listings as SHOULD_SEE_THIS.txt^. diff --git a/netwerk/test/httpserver/test/data/name-scheme/folder^^/file.txt b/netwerk/test/httpserver/test/data/name-scheme/folder^^/file.txt new file mode 100644 index 0000000000..2ceca8ca9e --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/folder^^/file.txt @@ -0,0 +1,2 @@ +File in a directory named with a trailing caret (in the virtual FS; on disk it +actually ends with two carets). diff --git a/netwerk/test/httpserver/test/data/name-scheme/foo.html^ b/netwerk/test/httpserver/test/data/name-scheme/foo.html^ new file mode 100644 index 0000000000..a3efe8b5c3 --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/foo.html^ @@ -0,0 +1,9 @@ + + + ERROR + + +

This file should never be served by the web server because its name ends + with a caret not followed by another caret.

+ + diff --git a/netwerk/test/httpserver/test/data/name-scheme/normal-file.txt b/netwerk/test/httpserver/test/data/name-scheme/normal-file.txt new file mode 100644 index 0000000000..ab71eabaf0 --- /dev/null +++ b/netwerk/test/httpserver/test/data/name-scheme/normal-file.txt @@ -0,0 +1 @@ +This should be seen. diff --git a/netwerk/test/httpserver/test/data/ranges/empty.txt b/netwerk/test/httpserver/test/data/ranges/empty.txt new file mode 100644 index 0000000000..e69de29bb2 diff --git a/netwerk/test/httpserver/test/data/ranges/headers.txt b/netwerk/test/httpserver/test/data/ranges/headers.txt new file mode 100644 index 0000000000..6cf83528c8 --- /dev/null +++ b/netwerk/test/httpserver/test/data/ranges/headers.txt @@ -0,0 +1 @@ +Hello Kitty diff --git a/netwerk/test/httpserver/test/data/ranges/headers.txt^headers^ b/netwerk/test/httpserver/test/data/ranges/headers.txt^headers^ new file mode 100644 index 0000000000..d0a633f042 --- /dev/null +++ b/netwerk/test/httpserver/test/data/ranges/headers.txt^headers^ @@ -0,0 +1 @@ +X-SJS-Header: customized diff --git a/netwerk/test/httpserver/test/data/ranges/range.txt b/netwerk/test/httpserver/test/data/ranges/range.txt new file mode 100644 index 0000000000..ab71eabaf0 --- /dev/null +++ b/netwerk/test/httpserver/test/data/ranges/range.txt @@ -0,0 +1 @@ +This should be seen. diff --git a/netwerk/test/httpserver/test/data/sjs/cgi.sjs b/netwerk/test/httpserver/test/data/sjs/cgi.sjs new file mode 100644 index 0000000000..a6b987a8b7 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/cgi.sjs @@ -0,0 +1,8 @@ +function handleRequest(request, response) { + if (request.queryString == "throw") { + throw new Error("monkey wrench!"); + } + + response.setHeader("Content-Type", "text/plain", false); + response.write("PASS"); +} diff --git a/netwerk/test/httpserver/test/data/sjs/cgi.sjs^headers^ b/netwerk/test/httpserver/test/data/sjs/cgi.sjs^headers^ new file mode 100644 index 0000000000..a83ff774ab --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/cgi.sjs^headers^ @@ -0,0 +1,2 @@ +HTTP 500 Error +This-Header: SHOULD NOT APPEAR IN CGI.JSC RESPONSES! diff --git a/netwerk/test/httpserver/test/data/sjs/object-state.sjs b/netwerk/test/httpserver/test/data/sjs/object-state.sjs new file mode 100644 index 0000000000..8f027dfedf --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/object-state.sjs @@ -0,0 +1,74 @@ +function parseQueryString(str) { + var paramArray = str.split("&"); + var regex = /^([^=]+)=(.*)$/; + var params = {}; + for (var i = 0, sz = paramArray.length; i < sz; i++) { + var match = regex.exec(paramArray[i]); + if (!match) { + throw new Error("Bad parameter in queryString! '" + paramArray[i] + "'"); + } + params[decodeURIComponent(match[1])] = decodeURIComponent(match[2]); + } + + return params; +} + +/* + * We're relying somewhat dubiously on all data being sent as soon as it's + * available at numerous levels (in Necko in the server-side part of the + * connection, in the OS's outgoing socket buffer, in the OS's incoming socket + * buffer, and in Necko in the client-side part of the connection), but to the + * best of my knowledge there's no way to force data flow at all those levels, + * so this is the best we can do. + */ +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + /* + * NB: A Content-Type header is *necessary* to avoid content-sniffing, which + * will delay onStartRequest past the the point where the entire head of + * the response has been received. + */ + response.setHeader("Content-Type", "text/plain", false); + + var params = parseQueryString(request.queryString); + + switch (params.state) { + case "initial": + response.processAsync(); + response.write("do"); + var state = { + QueryInterface: ChromeUtils.generateQI([]), + end() { + response.write("ne"); + response.finish(); + }, + }; + state.wrappedJSObject = state; + setObjectState("object-state-test", state); + getObjectState("object-state-test", function (obj) { + if (obj !== state) { + response.write("FAIL bad state save"); + response.finish(); + } + }); + break; + + case "intermediate": + response.write("intermediate"); + break; + + case "trigger": + response.write("trigger"); + getObjectState("object-state-test", function (obj) { + obj.wrappedJSObject.end(); + setObjectState("object-state-test", null); + }); + break; + + default: + response.setStatusLine(request.httpVersion, 500, "Unexpected State"); + response.write("Bad state: " + params.state); + break; + } +} diff --git a/netwerk/test/httpserver/test/data/sjs/qi.sjs b/netwerk/test/httpserver/test/data/sjs/qi.sjs new file mode 100644 index 0000000000..ee0fc74a0f --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/qi.sjs @@ -0,0 +1,45 @@ +function handleRequest(request, response) { + var exstr, qid; + + response.setStatusLine(request.httpVersion, 500, "FAIL"); + + var passed = false; + try { + qid = request.QueryInterface(Ci.nsIHttpRequest); + passed = qid === request; + } catch (e) { + // eslint-disable-next-line no-control-regex + exstr = ("" + e).split(/[\x09\x20-\x7f\x81-\xff]+/)[0]; + response.setStatusLine( + request.httpVersion, + 500, + "request doesn't QI: " + exstr + ); + return; + } + if (!passed) { + response.setStatusLine(request.httpVersion, 500, "request QI'd wrongly?"); + return; + } + + passed = false; + try { + qid = response.QueryInterface(Ci.nsIHttpResponse); + passed = qid === response; + } catch (e) { + // eslint-disable-next-line no-control-regex + exstr = ("" + e).split(/[\x09\x20-\x7f\x81-\xff]+/)[0]; + response.setStatusLine( + request.httpVersion, + 500, + "response doesn't QI: " + exstr + ); + return; + } + if (!passed) { + response.setStatusLine(request.httpVersion, 500, "response QI'd wrongly?"); + return; + } + + response.setStatusLine(request.httpVersion, 200, "SJS QI Tests Passed"); +} diff --git a/netwerk/test/httpserver/test/data/sjs/range-checker.sjs b/netwerk/test/httpserver/test/data/sjs/range-checker.sjs new file mode 100644 index 0000000000..4bc447f739 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/range-checker.sjs @@ -0,0 +1 @@ +function handleRequest(request, response) {} diff --git a/netwerk/test/httpserver/test/data/sjs/sjs b/netwerk/test/httpserver/test/data/sjs/sjs new file mode 100644 index 0000000000..374ca41674 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/sjs @@ -0,0 +1,4 @@ +function handleRequest(request, response) +{ + response.write("FAIL"); +} diff --git a/netwerk/test/httpserver/test/data/sjs/state1.sjs b/netwerk/test/httpserver/test/data/sjs/state1.sjs new file mode 100644 index 0000000000..1a2540eca1 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/state1.sjs @@ -0,0 +1,38 @@ +function parseQueryString(str) { + var paramArray = str.split("&"); + var regex = /^([^=]+)=(.*)$/; + var params = {}; + for (var i = 0, sz = paramArray.length; i < sz; i++) { + var match = regex.exec(paramArray[i]); + if (!match) { + throw new Error("Bad parameter in queryString! '" + paramArray[i] + "'"); + } + params[decodeURIComponent(match[1])] = decodeURIComponent(match[2]); + } + + return params; +} + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + var params = parseQueryString(request.queryString); + + var oldShared = getSharedState("shared-value"); + response.setHeader("X-Old-Shared-Value", oldShared, false); + + var newShared = params.newShared; + if (newShared !== undefined) { + setSharedState("shared-value", newShared); + response.setHeader("X-New-Shared-Value", newShared, false); + } + + var oldPrivate = getState("private-value"); + response.setHeader("X-Old-Private-Value", oldPrivate, false); + + var newPrivate = params.newPrivate; + if (newPrivate !== undefined) { + setState("private-value", newPrivate); + response.setHeader("X-New-Private-Value", newPrivate, false); + } +} diff --git a/netwerk/test/httpserver/test/data/sjs/state2.sjs b/netwerk/test/httpserver/test/data/sjs/state2.sjs new file mode 100644 index 0000000000..1a2540eca1 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/state2.sjs @@ -0,0 +1,38 @@ +function parseQueryString(str) { + var paramArray = str.split("&"); + var regex = /^([^=]+)=(.*)$/; + var params = {}; + for (var i = 0, sz = paramArray.length; i < sz; i++) { + var match = regex.exec(paramArray[i]); + if (!match) { + throw new Error("Bad parameter in queryString! '" + paramArray[i] + "'"); + } + params[decodeURIComponent(match[1])] = decodeURIComponent(match[2]); + } + + return params; +} + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + var params = parseQueryString(request.queryString); + + var oldShared = getSharedState("shared-value"); + response.setHeader("X-Old-Shared-Value", oldShared, false); + + var newShared = params.newShared; + if (newShared !== undefined) { + setSharedState("shared-value", newShared); + response.setHeader("X-New-Shared-Value", newShared, false); + } + + var oldPrivate = getState("private-value"); + response.setHeader("X-Old-Private-Value", oldPrivate, false); + + var newPrivate = params.newPrivate; + if (newPrivate !== undefined) { + setState("private-value", newPrivate); + response.setHeader("X-New-Private-Value", newPrivate, false); + } +} diff --git a/netwerk/test/httpserver/test/data/sjs/thrower.sjs b/netwerk/test/httpserver/test/data/sjs/thrower.sjs new file mode 100644 index 0000000000..b34de70e30 --- /dev/null +++ b/netwerk/test/httpserver/test/data/sjs/thrower.sjs @@ -0,0 +1,6 @@ +function handleRequest(request, response) { + if (request.queryString == "throw") { + undefined[5]; + } + response.setHeader("X-Test-Status", "PASS", false); +} diff --git a/netwerk/test/httpserver/test/head_utils.js b/netwerk/test/httpserver/test/head_utils.js new file mode 100644 index 0000000000..3f2fad4940 --- /dev/null +++ b/netwerk/test/httpserver/test/head_utils.js @@ -0,0 +1,605 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const { + dumpn, + LineData, + nsHttpHeaders, + HttpServer, + WriteThroughCopier, + overrideBinaryStreamsForTests, +} = ChromeUtils.importESModule("resource://testing-common/httpd.sys.mjs"); + +// if these tests fail, we'll want the debug output +var linDEBUG = true; + +var { XPCOMUtils } = ChromeUtils.importESModule( + "resource://gre/modules/XPCOMUtils.sys.mjs" +); +var { NetUtil } = ChromeUtils.importESModule( + "resource://gre/modules/NetUtil.sys.mjs" +); + +const CC = Components.Constructor; +const FileInputStream = CC( + "@mozilla.org/network/file-input-stream;1", + "nsIFileInputStream", + "init" +); +var BinaryInputStream = CC( + "@mozilla.org/binaryinputstream;1", + "nsIBinaryInputStream", + "setInputStream" +); +var BinaryOutputStream = CC( + "@mozilla.org/binaryoutputstream;1", + "nsIBinaryOutputStream", + "setOutputStream" +); +const ScriptableInputStream = CC( + "@mozilla.org/scriptableinputstream;1", + "nsIScriptableInputStream", + "init" +); + +/** + * Constructs a new nsHttpServer instance. This function is intended to + * encapsulate construction of a server so that at some point in the future it + * is possible to run these tests (with at most slight modifications) against + * the server when used as an XPCOM component (not as an inline script). + */ +function createServer() { + return new HttpServer(); +} + +/** + * Creates a new HTTP channel. + * + * @param url + * the URL of the channel to create + */ +function makeChannel(url) { + return NetUtil.newChannel({ + uri: url, + loadUsingSystemPrincipal: true, + }).QueryInterface(Ci.nsIHttpChannel); +} + +/** + * Make a binary input stream wrapper for the given stream. + * + * @param stream + * the nsIInputStream to wrap + */ +function makeBIS(stream) { + return new BinaryInputStream(stream); +} + +/** + * Returns the contents of the file as a string. + * + * @param file : nsIFile + * the file whose contents are to be read + * @returns string + * the contents of the file + */ +function fileContents(file) { + const PR_RDONLY = 0x01; + var fis = new FileInputStream( + file, + PR_RDONLY, + 0o444, + Ci.nsIFileInputStream.CLOSE_ON_EOF + ); + var sis = new ScriptableInputStream(fis); + var contents = sis.read(file.fileSize); + sis.close(); + return contents; +} + +/** + * Iterates over the lines, delimited by CRLF, in data, returning each line + * without the trailing line separator. + * + * @param data : string + * a string consisting of lines of data separated by CRLFs + * @returns Iterator + * an Iterator which returns each line from data in turn; note that this + * includes a final empty line if data ended with a CRLF + */ +function* LineIterator(data) { + var index = 0; + do { + index = data.indexOf("\r\n"); + if (index >= 0) { + yield data.substring(0, index); + } else { + yield data; + } + + data = data.substring(index + 2); + } while (index >= 0); +} + +/** + * Throws if iter does not contain exactly the CRLF-separated lines in the + * array expectedLines. + * + * @param iter : Iterator + * an Iterator which returns lines of text + * @param expectedLines : [string] + * an array of the expected lines of text + * @throws an error message if iter doesn't agree with expectedLines + */ +function expectLines(iter, expectedLines) { + var index = 0; + for (var line of iter) { + if (expectedLines.length == index) { + throw new Error( + `Error: got more than ${expectedLines.length} expected lines!` + ); + } + + var expected = expectedLines[index++]; + if (expected !== line) { + throw new Error(`Error on line ${index}! + actual: '${line}', + expect: '${expected}'`); + } + } + + if (expectedLines.length !== index) { + throw new Error( + `Expected more lines! Got ${index}, expected ${expectedLines.length}` + ); + } +} + +/** + * Spew a bunch of HTTP metadata from request into the body of response. + * + * @param request : nsIHttpRequest + * the request whose metadata should be output + * @param response : nsIHttpResponse + * the response to which the metadata is written + */ +function writeDetails(request, response) { + response.write("Method: " + request.method + "\r\n"); + response.write("Path: " + request.path + "\r\n"); + response.write("Query: " + request.queryString + "\r\n"); + response.write("Version: " + request.httpVersion + "\r\n"); + response.write("Scheme: " + request.scheme + "\r\n"); + response.write("Host: " + request.host + "\r\n"); + response.write("Port: " + request.port); +} + +/** + * Advances iter past all non-blank lines and a single blank line, after which + * point the body of the response will be returned next from the iterator. + * + * @param iter : Iterator + * an iterator over the CRLF-delimited lines in an HTTP response, currently + * just after the Request-Line + */ +function skipHeaders(iter) { + var line = iter.next().value; + while (line !== "") { + line = iter.next().value; + } +} + +/** + * Checks that the exception e (which may be an XPConnect-created exception + * object or a raw nsresult number) is the given nsresult. + * + * @param e : Exception or nsresult + * the actual exception + * @param code : nsresult + * the expected exception + */ +function isException(e, code) { + if (e !== code && e.result !== code) { + do_throw("unexpected error: " + e); + } +} + +/** + * Calls the given function at least the specified number of milliseconds later. + * The callback will not undershoot the given time, but it might overshoot -- + * don't expect precision! + * + * @param milliseconds : uint + * the number of milliseconds to delay + * @param callback : function() : void + * the function to call + */ +function callLater(msecs, callback) { + do_timeout(msecs, callback); +} + +/** ***************************************************** + * SIMPLE SUPPORT FOR LOADING/TESTING A SERIES OF URLS * + *******************************************************/ + +/** + * Create a completion callback which will stop the given server and end the + * test, assuming nothing else remains to be done at that point. + */ +function testComplete(srv) { + return function complete() { + do_test_pending(); + srv.stop(function quit() { + do_test_finished(); + }); + }; +} + +/** + * Represents a path to load from the tested HTTP server, along with actions to + * take before, during, and after loading the associated page. + * + * @param path + * the URL to load from the server + * @param initChannel + * a function which takes as a single parameter a channel created for path and + * initializes its state, or null if no additional initialization is needed + * @param onStartRequest + * called during onStartRequest for the load of the URL, with the same + * parameters; the request parameter has been QI'd to nsIHttpChannel and + * nsIHttpChannelInternal for convenience; may be null if nothing needs to be + * done + * @param onStopRequest + * called during onStopRequest for the channel, with the same parameters plus + * a trailing parameter containing an array of the bytes of data downloaded in + * the body of the channel response; the request parameter has been QI'd to + * nsIHttpChannel and nsIHttpChannelInternal for convenience; may be null if + * nothing needs to be done + */ +function Test(path, initChannel, onStartRequest, onStopRequest) { + function nil() {} + + this.path = path; + this.initChannel = initChannel || nil; + this.onStartRequest = onStartRequest || nil; + this.onStopRequest = onStopRequest || nil; +} + +/** + * Runs all the tests in testArray. + * + * @param testArray + * a non-empty array of Tests to run, in order + * @param done + * function to call when all tests have run (e.g. to shut down the server) + */ +function runHttpTests(testArray, done) { + /** Kicks off running the next test in the array. */ + function performNextTest() { + if (++testIndex == testArray.length) { + try { + done(); + } catch (e) { + do_report_unexpected_exception(e, "running test-completion callback"); + } + return; + } + + do_test_pending(); + + var test = testArray[testIndex]; + var ch = makeChannel(test.path); + try { + test.initChannel(ch); + } catch (e) { + try { + do_report_unexpected_exception( + e, + "testArray[" + testIndex + "].initChannel(ch)" + ); + } catch (x) { + /* swallow and let tests continue */ + } + } + + listener._channel = ch; + ch.asyncOpen(listener); + } + + /** Index of the test being run. */ + var testIndex = -1; + + /** Stream listener for the channels. */ + var listener = { + /** Current channel being observed by this. */ + _channel: null, + /** Array of bytes of data in body of response. */ + _data: [], + + onStartRequest(request) { + Assert.ok(request === this._channel); + var ch = request + .QueryInterface(Ci.nsIHttpChannel) + .QueryInterface(Ci.nsIHttpChannelInternal); + + this._data.length = 0; + try { + try { + testArray[testIndex].onStartRequest(ch); + } catch (e) { + do_report_unexpected_exception( + e, + "testArray[" + testIndex + "].onStartRequest" + ); + } + } catch (e) { + do_note_exception( + e, + "!!! swallowing onStartRequest exception so onStopRequest is " + + "called..." + ); + } + }, + onDataAvailable(request, inputStream, offset, count) { + var quantum = 262144; // just above half the argument-count limit + var bis = makeBIS(inputStream); + for (var start = 0; start < count; start += quantum) { + var newData = bis.readByteArray(Math.min(quantum, count - start)); + Array.prototype.push.apply(this._data, newData); + } + }, + onStopRequest(request, status) { + this._channel = null; + + var ch = request + .QueryInterface(Ci.nsIHttpChannel) + .QueryInterface(Ci.nsIHttpChannelInternal); + + // NB: The onStopRequest callback must run before performNextTest here, + // because the latter runs the next test's initChannel callback, and + // we want one test to be sequentially processed before the next + // one. + try { + testArray[testIndex].onStopRequest(ch, status, this._data); + } catch (e) { + do_report_unexpected_exception( + e, + "testArray[" + testIndex + "].onStartRequest" + ); + } finally { + try { + performNextTest(); + } finally { + do_test_finished(); + } + } + }, + QueryInterface: ChromeUtils.generateQI([ + "nsIStreamListener", + "nsIRequestObserver", + ]), + }; + + performNextTest(); +} + +/** ************************************** + * RAW REQUEST FORMAT TESTING FUNCTIONS * + ****************************************/ + +/** + * Sends a raw string of bytes to the given host and port and checks that the + * response is acceptable. + * + * @param host : string + * the host to which a connection should be made + * @param port : PRUint16 + * the port to use for the connection + * @param data : string or [string...] + * either: + * - the raw data to send, as a string of characters with codes in the + * range 0-255, or + * - an array of such strings whose concatenation forms the raw data + * @param responseCheck : function(string) : void + * a function which is provided with the data sent by the remote host which + * conducts whatever tests it wants on that data; useful for tweaking the test + * environment between tests + */ +function RawTest(host, port, data, responseCheck) { + if (0 > port || 65535 < port || port % 1 !== 0) { + throw new Error("bad port"); + } + if (!(data instanceof Array)) { + data = [data]; + } + if (data.length <= 0) { + throw new Error("bad data length"); + } + + if ( + !data.every(function (v) { + // eslint-disable-next-line no-control-regex + return /^[\x00-\xff]*$/.test(v); + }) + ) { + throw new Error("bad data contained non-byte-valued character"); + } + + this.host = host; + this.port = port; + this.data = data; + this.responseCheck = responseCheck; +} + +/** + * Runs all the tests in testArray, an array of RawTests. + * + * @param testArray : [RawTest] + * an array of RawTests to run, in order + * @param done + * function to call when all tests have run (e.g. to shut down the server) + * @param beforeTestCallback + * function to call before each test is run. Gets passed testIndex when called + */ +function runRawTests(testArray, done, beforeTestCallback) { + do_test_pending(); + + var sts = Cc["@mozilla.org/network/socket-transport-service;1"].getService( + Ci.nsISocketTransportService + ); + + var currentThread = + Cc["@mozilla.org/thread-manager;1"].getService().currentThread; + + /** Kicks off running the next test in the array. */ + function performNextTest() { + if (++testIndex == testArray.length) { + do_test_finished(); + try { + done(); + } catch (e) { + do_report_unexpected_exception(e, "running test-completion callback"); + } + return; + } + + if (beforeTestCallback) { + try { + beforeTestCallback(testIndex); + } catch (e) { + /* We don't care if this call fails */ + } + } + + var rawTest = testArray[testIndex]; + + var transport = sts.createTransport( + [], + rawTest.host, + rawTest.port, + null, + null + ); + + var inStream = transport.openInputStream(0, 0, 0); + var outStream = transport.openOutputStream(0, 0, 0); + + // reset + dataIndex = 0; + received = ""; + + waitForMoreInput(inStream); + waitToWriteOutput(outStream); + } + + function waitForMoreInput(stream) { + reader.stream = stream; + stream = stream.QueryInterface(Ci.nsIAsyncInputStream); + stream.asyncWait(reader, 0, 0, currentThread); + } + + function waitToWriteOutput(stream) { + // Do the QueryInterface here, not earlier, because there is no + // guarantee that 'stream' passed in here been QIed to nsIAsyncOutputStream + // since the last GC. + stream = stream.QueryInterface(Ci.nsIAsyncOutputStream); + stream.asyncWait( + writer, + 0, + testArray[testIndex].data[dataIndex].length, + currentThread + ); + } + + /** Index of the test being run. */ + var testIndex = -1; + + /** + * Index of remaining data strings to be written to the socket in current + * test. + */ + var dataIndex = 0; + + /** Data received so far from the server. */ + var received = ""; + + /** Reads data from the socket. */ + var reader = { + onInputStreamReady(stream) { + Assert.ok(stream === this.stream); + try { + var bis = new BinaryInputStream(stream); + + var av = 0; + try { + av = bis.available(); + } catch (e) { + /* default to 0 */ + do_note_exception(e); + } + + if (av > 0) { + var quantum = 262144; + for (var start = 0; start < av; start += quantum) { + var bytes = bis.readByteArray(Math.min(quantum, av - start)); + received += String.fromCharCode.apply(null, bytes); + } + waitForMoreInput(stream); + return; + } + } catch (e) { + do_report_unexpected_exception(e); + } + + var rawTest = testArray[testIndex]; + try { + rawTest.responseCheck(received); + } catch (e) { + do_report_unexpected_exception(e); + } finally { + try { + stream.close(); + performNextTest(); + } catch (e) { + do_report_unexpected_exception(e); + } + } + }, + }; + + /** Writes data to the socket. */ + var writer = { + onOutputStreamReady(stream) { + var str = testArray[testIndex].data[dataIndex]; + + var written = 0; + try { + written = stream.write(str, str.length); + if (written == str.length) { + dataIndex++; + } else { + testArray[testIndex].data[dataIndex] = str.substring(written); + } + } catch (e) { + do_note_exception(e); + /* stream could have been closed, just ignore */ + } + + try { + // Keep writing data while we can write and + // until there's no more data to read + if (written > 0 && dataIndex < testArray[testIndex].data.length) { + waitToWriteOutput(stream); + } else { + stream.close(); + } + } catch (e) { + do_report_unexpected_exception(e); + } + }, + }; + + performNextTest(); +} diff --git a/netwerk/test/httpserver/test/test_async_response_sending.js b/netwerk/test/httpserver/test/test_async_response_sending.js new file mode 100644 index 0000000000..bc025308ae --- /dev/null +++ b/netwerk/test/httpserver/test/test_async_response_sending.js @@ -0,0 +1,1661 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Ensures that data a request handler writes out in response is sent only as + * quickly as the client can receive it, without racing ahead and being forced + * to block while writing that data. + * + * NB: These tests are extremely tied to the current implementation, in terms of + * when and how stream-ready notifications occur, the amount of data which will + * be read or written at each notification, and so on. If the implementation + * changes in any way with respect to stream copying, this test will probably + * have to change a little at the edges as well. + */ + +function run_test() { + do_test_pending(); + tests.push(function testsComplete(_) { + dumpn( + // eslint-disable-next-line no-useless-concat + "******************\n" + "* TESTS COMPLETE *\n" + "******************" + ); + do_test_finished(); + }); + + runNextTest(); +} + +function runNextTest() { + testIndex++; + dumpn("*** runNextTest(), testIndex: " + testIndex); + + try { + var test = tests[testIndex]; + test(runNextTest); + } catch (e) { + var msg = "exception running test " + testIndex + ": " + e; + if (e && "stack" in e) { + msg += "\nstack follows:\n" + e.stack; + } + do_throw(msg); + } +} + +/** *********** + * TEST DATA * + *************/ + +const NOTHING = []; + +const FIRST_SEGMENT = [1, 2, 3, 4]; +const SECOND_SEGMENT = [5, 6, 7, 8]; +const THIRD_SEGMENT = [9, 10, 11, 12]; + +const SEGMENT = FIRST_SEGMENT; +const TWO_SEGMENTS = [1, 2, 3, 4, 5, 6, 7, 8]; +const THREE_SEGMENTS = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]; + +const SEGMENT_AND_HALF = [1, 2, 3, 4, 5, 6]; + +const QUARTER_SEGMENT = [1]; +const HALF_SEGMENT = [1, 2]; +const SECOND_HALF_SEGMENT = [3, 4]; +const EXTRA_HALF_SEGMENT = [5, 6]; +const MIDDLE_HALF_SEGMENT = [2, 3]; +const LAST_QUARTER_SEGMENT = [4]; +const HALF_THIRD_SEGMENT = [9, 10]; +const LATTER_HALF_THIRD_SEGMENT = [11, 12]; + +const TWO_HALF_SEGMENTS = [1, 2, 1, 2]; + +/** ******* + * TESTS * + *********/ + +var tests = [ + sourceClosedWithoutWrite, + writeOneSegmentThenClose, + simpleWriteThenRead, + writeLittleBeforeReading, + writeMultipleSegmentsThenRead, + writeLotsBeforeReading, + writeLotsBeforeReading2, + writeThenReadPartial, + manyPartialWrites, + partialRead, + partialWrite, + sinkClosedImmediately, + sinkClosedWithReadableData, + sinkClosedAfterWrite, + sourceAndSinkClosed, + sinkAndSourceClosed, + sourceAndSinkClosedWithPendingData, + sinkAndSourceClosedWithPendingData, +]; +var testIndex = -1; + +function sourceClosedWithoutWrite(next) { + var t = new CopyTest("sourceClosedWithoutWrite", next); + + t.closeSource(Cr.NS_OK); + t.expect(Cr.NS_OK, [NOTHING]); +} + +function writeOneSegmentThenClose(next) { + var t = new CopyTest("writeLittleBeforeReading", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.closeSource(Cr.NS_OK); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.expect(Cr.NS_OK, [SEGMENT]); +} + +function simpleWriteThenRead(next) { + var t = new CopyTest("simpleWriteThenRead", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.closeSource(Cr.NS_OK); + t.expect(Cr.NS_OK, [SEGMENT]); +} + +function writeLittleBeforeReading(next) { + var t = new CopyTest("writeLittleBeforeReading", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.closeSource(Cr.NS_OK); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.expect(Cr.NS_OK, [SEGMENT, SEGMENT]); +} + +function writeMultipleSegmentsThenRead(next) { + var t = new CopyTest("writeMultipleSegmentsThenRead", next); + + t.addToSource(TWO_SEGMENTS); + t.makeSourceReadable(TWO_SEGMENTS.length); + t.makeSinkWritableAndWaitFor(TWO_SEGMENTS.length, [ + FIRST_SEGMENT, + SECOND_SEGMENT, + ]); + t.closeSource(Cr.NS_OK); + t.expect(Cr.NS_OK, [TWO_SEGMENTS]); +} + +function writeLotsBeforeReading(next) { + var t = new CopyTest("writeLotsBeforeReading", next); + + t.addToSource(TWO_SEGMENTS); + t.makeSourceReadable(TWO_SEGMENTS.length); + t.makeSinkWritableAndWaitFor(FIRST_SEGMENT.length, [FIRST_SEGMENT]); + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableAndWaitFor(SECOND_SEGMENT.length, [SECOND_SEGMENT]); + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.closeSource(Cr.NS_OK); + t.makeSinkWritableAndWaitFor(2 * SEGMENT.length, [SEGMENT, SEGMENT]); + t.expect(Cr.NS_OK, [TWO_SEGMENTS, SEGMENT, SEGMENT]); +} + +function writeLotsBeforeReading2(next) { + var t = new CopyTest("writeLotsBeforeReading", next); + + t.addToSource(THREE_SEGMENTS); + t.makeSourceReadable(THREE_SEGMENTS.length); + t.makeSinkWritableAndWaitFor(FIRST_SEGMENT.length, [FIRST_SEGMENT]); + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableAndWaitFor(SECOND_SEGMENT.length, [SECOND_SEGMENT]); + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableAndWaitFor(THIRD_SEGMENT.length, [THIRD_SEGMENT]); + t.closeSource(Cr.NS_OK); + t.makeSinkWritableAndWaitFor(2 * SEGMENT.length, [SEGMENT, SEGMENT]); + t.expect(Cr.NS_OK, [THREE_SEGMENTS, SEGMENT, SEGMENT]); +} + +function writeThenReadPartial(next) { + var t = new CopyTest("writeThenReadPartial", next); + + t.addToSource(SEGMENT_AND_HALF); + t.makeSourceReadable(SEGMENT_AND_HALF.length); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.closeSource(Cr.NS_OK); + t.makeSinkWritableAndWaitFor(EXTRA_HALF_SEGMENT.length, [EXTRA_HALF_SEGMENT]); + t.expect(Cr.NS_OK, [SEGMENT_AND_HALF]); +} + +function manyPartialWrites(next) { + var t = new CopyTest("manyPartialWrites", next); + + t.addToSource(HALF_SEGMENT); + t.makeSourceReadable(HALF_SEGMENT.length); + + t.addToSource(HALF_SEGMENT); + t.makeSourceReadable(HALF_SEGMENT.length); + t.makeSinkWritableAndWaitFor(2 * HALF_SEGMENT.length, [TWO_HALF_SEGMENTS]); + t.closeSource(Cr.NS_OK); + t.expect(Cr.NS_OK, [TWO_HALF_SEGMENTS]); +} + +function partialRead(next) { + var t = new CopyTest("partialRead", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.addToSource(HALF_SEGMENT); + t.makeSourceReadable(HALF_SEGMENT.length); + t.makeSinkWritableAndWaitFor(SEGMENT.length, [SEGMENT]); + t.closeSourceAndWaitFor(Cr.NS_OK, HALF_SEGMENT.length, [HALF_SEGMENT]); + t.expect(Cr.NS_OK, [SEGMENT, HALF_SEGMENT]); +} + +function partialWrite(next) { + var t = new CopyTest("partialWrite", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableByIncrementsAndWaitFor(SEGMENT.length, [ + QUARTER_SEGMENT, + MIDDLE_HALF_SEGMENT, + LAST_QUARTER_SEGMENT, + ]); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.makeSinkWritableByIncrementsAndWaitFor(SEGMENT.length, [ + HALF_SEGMENT, + SECOND_HALF_SEGMENT, + ]); + + t.addToSource(THREE_SEGMENTS); + t.makeSourceReadable(THREE_SEGMENTS.length); + t.makeSinkWritableByIncrementsAndWaitFor(THREE_SEGMENTS.length, [ + HALF_SEGMENT, + SECOND_HALF_SEGMENT, + SECOND_SEGMENT, + HALF_THIRD_SEGMENT, + LATTER_HALF_THIRD_SEGMENT, + ]); + + t.closeSource(Cr.NS_OK); + t.expect(Cr.NS_OK, [SEGMENT, SEGMENT, THREE_SEGMENTS]); +} + +function sinkClosedImmediately(next) { + var t = new CopyTest("sinkClosedImmediately", next); + + t.closeSink(Cr.NS_OK); + t.expect(Cr.NS_ERROR_UNEXPECTED, [NOTHING]); +} + +function sinkClosedWithReadableData(next) { + var t = new CopyTest("sinkClosedWithReadableData", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + t.closeSink(Cr.NS_OK); + t.expect(Cr.NS_ERROR_UNEXPECTED, [NOTHING]); +} + +function sinkClosedAfterWrite(next) { + var t = new CopyTest("sinkClosedAfterWrite", next); + + t.addToSource(TWO_SEGMENTS); + t.makeSourceReadable(TWO_SEGMENTS.length); + t.makeSinkWritableAndWaitFor(FIRST_SEGMENT.length, [FIRST_SEGMENT]); + t.closeSink(Cr.NS_OK); + t.expect(Cr.NS_ERROR_UNEXPECTED, [FIRST_SEGMENT]); +} + +function sourceAndSinkClosed(next) { + var t = new CopyTest("sourceAndSinkClosed", next); + + t.closeSourceThenSink(Cr.NS_OK, Cr.NS_OK); + t.expect(Cr.NS_OK, []); +} + +function sinkAndSourceClosed(next) { + var t = new CopyTest("sinkAndSourceClosed", next); + + t.closeSinkThenSource(Cr.NS_OK, Cr.NS_OK); + + // sink notify received first, hence error + t.expect(Cr.NS_ERROR_UNEXPECTED, []); +} + +function sourceAndSinkClosedWithPendingData(next) { + var t = new CopyTest("sourceAndSinkClosedWithPendingData", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + + t.closeSourceThenSink(Cr.NS_OK, Cr.NS_OK); + + // not all data from source copied, so error + t.expect(Cr.NS_ERROR_UNEXPECTED, []); +} + +function sinkAndSourceClosedWithPendingData(next) { + var t = new CopyTest("sinkAndSourceClosedWithPendingData", next); + + t.addToSource(SEGMENT); + t.makeSourceReadable(SEGMENT.length); + + t.closeSinkThenSource(Cr.NS_OK, Cr.NS_OK); + + // not all data from source copied, plus sink notify received first, so error + t.expect(Cr.NS_ERROR_UNEXPECTED, []); +} + +/** *********** + * UTILITIES * + *************/ + +/** Returns the sum of the elements in arr. */ +function sum(arr) { + var s = 0; + for (var i = 0, sz = arr.length; i < sz; i++) { + s += arr[i]; + } + return s; +} + +/** + * Returns a constructor for an input or output stream callback that will wrap + * the one provided to it as an argument. + * + * @param wrapperCallback : (nsIInputStreamCallback | nsIOutputStreamCallback) : void + * the original callback object (not a function!) being wrapped + * @param name : string + * either "onInputStreamReady" if we're wrapping an input stream callback or + * "onOutputStreamReady" if we're wrapping an output stream callback + * @returns function(nsIInputStreamCallback | nsIOutputStreamCallback) : (nsIInputStreamCallback | nsIOutputStreamCallback) + * a constructor function which constructs a callback object (not function!) + * which, when called, first calls the original callback provided to it and + * then calls wrapperCallback + */ +function createStreamReadyInterceptor(wrapperCallback, name) { + return function StreamReadyInterceptor(callback) { + this.wrappedCallback = callback; + this[name] = function streamReadyInterceptor(stream) { + dumpn("*** StreamReadyInterceptor." + name); + + try { + dumpn("*** calling original " + name + "..."); + callback[name](stream); + } catch (e) { + dumpn("!!! error running inner callback: " + e); + throw e; + } finally { + dumpn("*** calling wrapper " + name + "..."); + wrapperCallback[name](stream); + } + }; + }; +} + +/** + * Print out a banner with the given message, uppercased, for debugging + * purposes. + */ +function note(m) { + m = m.toUpperCase(); + var asterisks = Array(m.length + 1 + 4).join("*"); + dumpn(asterisks + "\n* " + m + " *\n" + asterisks); +} + +/** ********* + * MOCKERY * + ***********/ + +/* + * Blatantly violate abstractions in the name of testability. THIS IS NOT + * PUBLIC API! If you use any of these I will knowingly break your code by + * changing the names of variables and properties. + */ +// These are used in head.js. +BinaryInputStream = function BIS(stream) { + return stream; +}; +BinaryOutputStream = function BOS(stream) { + return stream; +}; +Response.SEGMENT_SIZE = SEGMENT.length; +// This overrides in httpd.js. +overrideBinaryStreamsForTests( + BinaryInputStream, + BinaryOutputStream, + SEGMENT.length +); + +/** + * Roughly mocks an nsIPipe, presenting non-blocking input and output streams + * that appear to also be binary streams and whose readability and writability + * amounts are configurable. Only the methods used in this test have been + * implemented -- these aren't exact mocks (can't be, actually, because input + * streams have unscriptable methods). + * + * @param name : string + * a name for this pipe, used in debugging output + */ +function CustomPipe(name) { + var self = this; + + /** Data read from input that's buffered until it can be written to output. */ + this._data = []; + + /** + * The status of this pipe, which is to say the error result the ends of this + * pipe will return when attempts are made to use them. This value is always + * an error result when copying has finished, because success codes are + * converted to NS_BASE_STREAM_CLOSED. + */ + this._status = Cr.NS_OK; + + /** The input end of this pipe. */ + var input = (this.inputStream = { + /** A name for this stream, used in debugging output. */ + name: name + " input", + + /** + * The number of bytes of data available to be read from this pipe, or + * Infinity if any amount of data in this pipe is made readable as soon as + * it is written to the pipe output. + */ + _readable: 0, + + /** + * Data regarding a pending stream-ready callback on this, or null if no + * callback is currently waiting to be called. + */ + _waiter: null, + + /** + * The event currently dispatched to make a stream-ready callback, if any + * such callback is currently ready to be made and not already in + * progress, or null when no callback is waiting to happen. + */ + _event: null, + + /** + * A stream-ready constructor to wrap an existing callback to intercept + * stream-ready notifications, or null if notifications shouldn't be + * wrapped at all. + */ + _streamReadyInterceptCreator: null, + + /** + * Registers a stream-ready wrapper creator function so that a + * stream-ready callback made in the future can be wrapped. + */ + interceptStreamReadyCallbacks(streamReadyInterceptCreator) { + dumpn("*** [" + this.name + "].interceptStreamReadyCallbacks"); + + Assert.ok( + this._streamReadyInterceptCreator === null, + "intercepting twice" + ); + this._streamReadyInterceptCreator = streamReadyInterceptCreator; + if (this._waiter) { + this._waiter.callback = new streamReadyInterceptCreator( + this._waiter.callback + ); + } + }, + + /** + * Removes a previously-registered stream-ready wrapper creator function, + * also clearing any current wrapping. + */ + removeStreamReadyInterceptor() { + dumpn("*** [" + this.name + "].removeStreamReadyInterceptor()"); + + Assert.ok( + this._streamReadyInterceptCreator !== null, + "removing interceptor when none present?" + ); + this._streamReadyInterceptCreator = null; + if (this._waiter) { + this._waiter.callback = this._waiter.callback.wrappedCallback; + } + }, + + // + // see nsIAsyncInputStream.asyncWait + // + asyncWait: function asyncWait(callback, flags, requestedCount, target) { + dumpn("*** [" + this.name + "].asyncWait"); + + Assert.ok(callback && typeof callback !== "function"); + + var closureOnly = + (flags & Ci.nsIAsyncInputStream.WAIT_CLOSURE_ONLY) !== 0; + + Assert.ok( + this._waiter === null || (this._waiter.closureOnly && !closureOnly), + "asyncWait already called with a non-closure-only " + + "callback? unexpected!" + ); + + this._waiter = { + callback: this._streamReadyInterceptCreator + ? new this._streamReadyInterceptCreator(callback) + : callback, + closureOnly, + requestedCount, + eventTarget: target, + }; + + if ( + !Components.isSuccessCode(self._status) || + (!closureOnly && + this._readable >= requestedCount && + self._data.length >= requestedCount) + ) { + this._notify(); + } + }, + + // + // see nsIAsyncInputStream.closeWithStatus + // + closeWithStatus: function closeWithStatus(status) { + // eslint-disable-next-line no-useless-concat + dumpn("*** [" + this.name + "].closeWithStatus" + "(" + status + ")"); + + if (!Components.isSuccessCode(self._status)) { + dumpn( + "*** ignoring second closure of [input " + + this.name + + "] " + + "(status " + + self._status + + ")" + ); + return; + } + + if (Components.isSuccessCode(status)) { + status = Cr.NS_BASE_STREAM_CLOSED; + } + + self._status = status; + + if (this._waiter) { + this._notify(); + } + if (output._waiter) { + output._notify(); + } + }, + + // + // see nsIBinaryInputStream.readByteArray + // + readByteArray: function readByteArray(count) { + dumpn("*** [" + this.name + "].readByteArray(" + count + ")"); + + if (self._data.length === 0) { + throw Components.isSuccessCode(self._status) + ? Cr.NS_BASE_STREAM_WOULD_BLOCK + : self._status; + } + + Assert.ok( + this._readable <= self._data.length || this._readable === Infinity, + "consistency check" + ); + + if (this._readable < count || self._data.length < count) { + throw Components.Exception("", Cr.NS_BASE_STREAM_WOULD_BLOCK); + } + this._readable -= count; + return self._data.splice(0, count); + }, + + /** + * Makes the given number of additional bytes of data previously written + * to the pipe's output stream available for reading, triggering future + * notifications when required. + * + * @param count : uint + * the number of bytes of additional data to make available; must not be + * greater than the number of bytes already buffered but not made + * available by previous makeReadable calls + */ + makeReadable: function makeReadable(count) { + dumpn("*** [" + this.name + "].makeReadable(" + count + ")"); + + Assert.ok(Components.isSuccessCode(self._status), "errant call"); + Assert.ok( + this._readable + count <= self._data.length || + this._readable === Infinity, + "increasing readable beyond written amount" + ); + + this._readable += count; + + dumpn("readable: " + this._readable + ", data: " + self._data); + + var waiter = this._waiter; + if (waiter !== null) { + if (waiter.requestedCount <= this._readable && !waiter.closureOnly) { + this._notify(); + } + } + }, + + /** + * Disables the readability limit on this stream, meaning that as soon as + * *any* amount of data is written to output it becomes available from + * this stream and a stream-ready event is dispatched (if any stream-ready + * callback is currently set). + */ + disableReadabilityLimit: function disableReadabilityLimit() { + dumpn("*** [" + this.name + "].disableReadabilityLimit()"); + + this._readable = Infinity; + }, + + // + // see nsIInputStream.available + // + available: function available() { + dumpn("*** [" + this.name + "].available()"); + + if (self._data.length === 0 && !Components.isSuccessCode(self._status)) { + throw self._status; + } + + return Math.min(this._readable, self._data.length); + }, + + /** + * Dispatches a pending stream-ready event ahead of schedule, rather than + * waiting for it to be dispatched in response to normal writes. This is + * useful when writing to the output has completed, and we need to have + * read all data written to this stream. If the output isn't closed and + * the reading of data from this races ahead of the last write to output, + * we need a notification to know when everything that's been written has + * been read. This ordinarily might be supplied by closing output, but + * in some cases it's not desirable to close output, so this supplies an + * alternative method to get notified when the last write has occurred. + */ + maybeNotifyFinally: function maybeNotifyFinally() { + dumpn("*** [" + this.name + "].maybeNotifyFinally()"); + + Assert.ok(this._waiter !== null, "must be waiting now"); + + if (self._data.length) { + dumpn( + "*** data still pending, normal notifications will signal " + + "completion" + ); + return; + } + + // No data waiting to be written, so notify. We could just close the + // stream, but that's less faithful to the server's behavior (it doesn't + // close the stream, and we're pretending to impersonate the server as + // much as we can here), so instead we're going to notify when no data + // can be read. The CopyTest has already been flagged as complete, so + // the stream listener will detect that this is a wrap-it-up notify and + // invoke the next test. + this._notify(); + }, + + /** + * Dispatches an event to call a previously-registered stream-ready + * callback. + */ + _notify: function _notify() { + dumpn("*** [" + this.name + "]._notify()"); + + var waiter = this._waiter; + Assert.ok(waiter !== null, "no waiter?"); + + if (this._event === null) { + var event = (this._event = { + run: function run() { + input._waiter = null; + input._event = null; + try { + Assert.ok( + !Components.isSuccessCode(self._status) || + input._readable >= waiter.requestedCount + ); + waiter.callback.onInputStreamReady(input); + } catch (e) { + do_throw("error calling onInputStreamReady: " + e); + } + }, + }); + waiter.eventTarget.dispatch(event, Ci.nsIThread.DISPATCH_NORMAL); + } + }, + }); + + /** The output end of this pipe. */ + var output = (this.outputStream = { + /** A name for this stream, used in debugging output. */ + name: name + " output", + + /** + * The number of bytes of data which may be written to this pipe without + * blocking. + */ + _writable: 0, + + /** + * The increments in which pending data should be written, rather than + * simply defaulting to the amount requested (which, given that + * input.asyncWait precisely respects the requestedCount argument, will + * ordinarily always be writable in that amount), as an array whose + * elements from start to finish are the number of bytes to write each + * time write() or writeByteArray() is subsequently called. The sum of + * the values in this array, if this array is not empty, is always equal + * to this._writable. + */ + _writableAmounts: [], + + /** + * Data regarding a pending stream-ready callback on this, or null if no + * callback is currently waiting to be called. + */ + _waiter: null, + + /** + * The event currently dispatched to make a stream-ready callback, if any + * such callback is currently ready to be made and not already in + * progress, or null when no callback is waiting to happen. + */ + _event: null, + + /** + * A stream-ready constructor to wrap an existing callback to intercept + * stream-ready notifications, or null if notifications shouldn't be + * wrapped at all. + */ + _streamReadyInterceptCreator: null, + + /** + * Registers a stream-ready wrapper creator function so that a + * stream-ready callback made in the future can be wrapped. + */ + interceptStreamReadyCallbacks(streamReadyInterceptCreator) { + dumpn("*** [" + this.name + "].interceptStreamReadyCallbacks"); + + Assert.ok( + this._streamReadyInterceptCreator !== null, + "intercepting onOutputStreamReady twice" + ); + this._streamReadyInterceptCreator = streamReadyInterceptCreator; + if (this._waiter) { + this._waiter.callback = new streamReadyInterceptCreator( + this._waiter.callback + ); + } + }, + + /** + * Removes a previously-registered stream-ready wrapper creator function, + * also clearing any current wrapping. + */ + removeStreamReadyInterceptor() { + dumpn("*** [" + this.name + "].removeStreamReadyInterceptor()"); + + Assert.ok( + this._streamReadyInterceptCreator !== null, + "removing interceptor when none present?" + ); + this._streamReadyInterceptCreator = null; + if (this._waiter) { + this._waiter.callback = this._waiter.callback.wrappedCallback; + } + }, + + // + // see nsIAsyncOutputStream.asyncWait + // + asyncWait: function asyncWait(callback, flags, requestedCount, target) { + dumpn("*** [" + this.name + "].asyncWait"); + + Assert.ok(callback && typeof callback !== "function"); + + var closureOnly = + (flags & Ci.nsIAsyncInputStream.WAIT_CLOSURE_ONLY) !== 0; + + Assert.ok( + this._waiter === null || (this._waiter.closureOnly && !closureOnly), + "asyncWait already called with a non-closure-only " + + "callback? unexpected!" + ); + + this._waiter = { + callback: this._streamReadyInterceptCreator + ? new this._streamReadyInterceptCreator(callback) + : callback, + closureOnly, + requestedCount, + eventTarget: target, + toString: function toString() { + return ( + "waiter(" + + (closureOnly ? "closure only, " : "") + + "requestedCount: " + + requestedCount + + ", target: " + + target + + ")" + ); + }, + }; + + if ( + (!closureOnly && this._writable >= requestedCount) || + !Components.isSuccessCode(this.status) + ) { + this._notify(); + } + }, + + // + // see nsIAsyncOutputStream.closeWithStatus + // + closeWithStatus: function closeWithStatus(status) { + dumpn("*** [" + this.name + "].closeWithStatus(" + status + ")"); + + if (!Components.isSuccessCode(self._status)) { + dumpn( + "*** ignoring redundant closure of [input " + + this.name + + "] " + + "because it's already closed (status " + + self._status + + ")" + ); + return; + } + + if (Components.isSuccessCode(status)) { + status = Cr.NS_BASE_STREAM_CLOSED; + } + + self._status = status; + + if (input._waiter) { + input._notify(); + } + if (this._waiter) { + this._notify(); + } + }, + + // + // see nsIBinaryOutputStream.writeByteArray + // + writeByteArray: function writeByteArray(bytes) { + dumpn(`*** [${this.name}].writeByteArray([${bytes}])`); + + if (!Components.isSuccessCode(self._status)) { + throw self._status; + } + + Assert.equal( + this._writableAmounts.length, + 0, + "writeByteArray can't support specified-length writes" + ); + + if (this._writable < bytes.length) { + throw Components.Exception("", Cr.NS_BASE_STREAM_WOULD_BLOCK); + } + + self._data.push.apply(self._data, bytes); + this._writable -= bytes.length; + + if ( + input._readable === Infinity && + input._waiter && + !input._waiter.closureOnly + ) { + input._notify(); + } + }, + + // + // see nsIOutputStream.write + // + write: function write(str, length) { + dumpn("*** [" + this.name + "].write"); + + Assert.equal(str.length, length, "sanity"); + if (!Components.isSuccessCode(self._status)) { + throw self._status; + } + if (this._writable === 0) { + throw Components.Exception("", Cr.NS_BASE_STREAM_WOULD_BLOCK); + } + + var actualWritten; + if (this._writableAmounts.length === 0) { + actualWritten = Math.min(this._writable, length); + } else { + Assert.ok( + this._writable >= this._writableAmounts[0], + "writable amounts value greater than writable data?" + ); + Assert.equal( + this._writable, + sum(this._writableAmounts), + "total writable amount not equal to sum of writable increments" + ); + actualWritten = this._writableAmounts.shift(); + } + + var bytes = str + .substring(0, actualWritten) + .split("") + .map(function (v) { + return v.charCodeAt(0); + }); + + self._data.push.apply(self._data, bytes); + this._writable -= actualWritten; + + if ( + input._readable === Infinity && + input._waiter && + !input._waiter.closureOnly + ) { + input._notify(); + } + + return actualWritten; + }, + + /** + * Increase the amount of data that can be written without blocking by the + * given number of bytes, triggering future notifications when required. + * + * @param count : uint + * the number of bytes of additional data to make writable + */ + makeWritable: function makeWritable(count) { + dumpn("*** [" + this.name + "].makeWritable(" + count + ")"); + + Assert.ok(Components.isSuccessCode(self._status)); + + this._writable += count; + + var waiter = this._waiter; + if ( + waiter && + !waiter.closureOnly && + waiter.requestedCount <= this._writable + ) { + this._notify(); + } + }, + + /** + * Increase the amount of data that can be written without blocking, but + * do so by specifying a number of bytes that will be written each time + * a write occurs, even as asyncWait notifications are initially triggered + * as usual. Thus, rather than writes eagerly writing everything possible + * at each step, attempts to write out data by segment devolve into a + * partial segment write, then another, and so on until the amount of data + * specified as permitted to be written, has been written. + * + * Note that the writeByteArray method is incompatible with the previous + * calling of this method, in that, until all increments provided to this + * method have been consumed, writeByteArray cannot be called. Once all + * increments have been consumed, writeByteArray may again be called. + * + * @param increments : [uint] + * an array whose elements are positive numbers of bytes to permit to be + * written each time write() is subsequently called on this, ignoring + * the total amount of writable space specified by the sum of all + * increments + */ + makeWritableByIncrements: function makeWritableByIncrements(increments) { + dumpn( + "*** [" + + this.name + + "].makeWritableByIncrements" + + "([" + + increments.join(", ") + + "])" + ); + + Assert.greater(increments.length, 0, "bad increments"); + Assert.ok( + increments.every(function (v) { + return v > 0; + }), + "zero increment?" + ); + + Assert.ok(Components.isSuccessCode(self._status)); + + this._writable += sum(increments); + this._writableAmounts = increments; + + var waiter = this._waiter; + if ( + waiter && + !waiter.closureOnly && + waiter.requestedCount <= this._writable + ) { + this._notify(); + } + }, + + /** + * Dispatches an event to call a previously-registered stream-ready + * callback. + */ + _notify: function _notify() { + dumpn("*** [" + this.name + "]._notify()"); + + var waiter = this._waiter; + Assert.ok(waiter !== null, "no waiter?"); + + if (this._event === null) { + var event = (this._event = { + run: function run() { + output._waiter = null; + output._event = null; + + try { + waiter.callback.onOutputStreamReady(output); + } catch (e) { + do_throw("error calling onOutputStreamReady: " + e); + } + }, + }); + waiter.eventTarget.dispatch(event, Ci.nsIThread.DISPATCH_NORMAL); + } + }, + }); +} + +/** + * Represents a sequence of interactions to perform with a copier, in a given + * order and at the desired time intervals. + * + * @param name : string + * test name, used in debugging output + */ +function CopyTest(name, next) { + /** Name used in debugging output. */ + this.name = name; + + /** A function called when the test completes. */ + this._done = next; + + var sourcePipe = new CustomPipe(name + "-source"); + + /** The source of data for the copier to copy. */ + this._source = sourcePipe.inputStream; + + /** + * The sink to which to write data which will appear in the copier's source. + */ + this._copyableDataStream = sourcePipe.outputStream; + + var sinkPipe = new CustomPipe(name + "-sink"); + + /** The sink to which the copier copies data. */ + this._sink = sinkPipe.outputStream; + + /** Input stream from which to read data the copier's written to its sink. */ + this._copiedDataStream = sinkPipe.inputStream; + + this._copiedDataStream.disableReadabilityLimit(); + + /** + * True if there's a callback waiting to read data written by the copier to + * its output, from the input end of the pipe representing the copier's sink. + */ + this._waitingForData = false; + + /** + * An array of the bytes of data expected to be written to output by the + * copier when this test runs. + */ + this._expectedData = undefined; + + /** Array of bytes of data received so far. */ + this._receivedData = []; + + /** The expected final status returned by the copier. */ + this._expectedStatus = -1; + + /** The actual final status returned by the copier. */ + this._actualStatus = -1; + + /** The most recent sequence of bytes written to output by the copier. */ + this._lastQuantum = []; + + /** + * True iff we've received the last quantum of data written to the sink by the + * copier. + */ + this._allDataWritten = false; + + /** + * True iff the copier has notified its associated stream listener of + * completion. + */ + this._copyingFinished = false; + + /** Index of the next task to execute while driving the copier. */ + this._currentTask = 0; + + /** Array containing all tasks to run. */ + this._tasks = []; + + /** The copier used by this test. */ + this._copier = new WriteThroughCopier(this._source, this._sink, this, null); + + // Start watching for data written by the copier to the sink. + this._waitForWrittenData(); +} +CopyTest.prototype = { + /** + * Adds the given array of bytes to data in the copier's source. + * + * @param bytes : [uint] + * array of bytes of data to add to the source for the copier + */ + addToSource: function addToSource(bytes) { + var self = this; + this._addToTasks(function addToSourceTask() { + note("addToSourceTask"); + + try { + self._copyableDataStream.makeWritable(bytes.length); + self._copyableDataStream.writeByteArray(bytes); + } finally { + self._stageNextTask(); + } + }); + }, + + /** + * Makes bytes of data previously added to the source available to be read by + * the copier. + * + * @param count : uint + * number of bytes to make available for reading + */ + makeSourceReadable: function makeSourceReadable(count) { + var self = this; + this._addToTasks(function makeSourceReadableTask() { + note("makeSourceReadableTask"); + + self._source.makeReadable(count); + self._stageNextTask(); + }); + }, + + /** + * Increases available space in the sink by the given amount, waits for the + * given series of arrays of bytes to be written to sink by the copier, and + * causes execution to asynchronously continue to the next task when the last + * of those arrays of bytes is received. + * + * @param bytes : uint + * number of bytes of space to make available in the sink + * @param dataQuantums : [[uint]] + * array of byte arrays to expect to be written in sequence to the sink + */ + makeSinkWritableAndWaitFor: function makeSinkWritableAndWaitFor( + bytes, + dataQuantums + ) { + var self = this; + + Assert.equal( + bytes, + dataQuantums.reduce(function (partial, current) { + return partial + current.length; + }, 0), + "bytes/quantums mismatch" + ); + + function increaseSinkSpaceTask() { + /* Now do the actual work to trigger the interceptor. */ + self._sink.makeWritable(bytes); + } + + this._waitForHelper( + "increaseSinkSpaceTask", + dataQuantums, + increaseSinkSpaceTask + ); + }, + + /** + * Increases available space in the sink by the given amount, waits for the + * given series of arrays of bytes to be written to sink by the copier, and + * causes execution to asynchronously continue to the next task when the last + * of those arrays of bytes is received. + * + * @param bytes : uint + * number of bytes of space to make available in the sink + * @param dataQuantums : [[uint]] + * array of byte arrays to expect to be written in sequence to the sink + */ + makeSinkWritableByIncrementsAndWaitFor: + function makeSinkWritableByIncrementsAndWaitFor(bytes, dataQuantums) { + var self = this; + + var desiredAmounts = dataQuantums.map(function (v) { + return v.length; + }); + Assert.equal(bytes, sum(desiredAmounts), "bytes/quantums mismatch"); + + function increaseSinkSpaceByIncrementsTask() { + /* Now do the actual work to trigger the interceptor incrementally. */ + self._sink.makeWritableByIncrements(desiredAmounts); + } + + this._waitForHelper( + "increaseSinkSpaceByIncrementsTask", + dataQuantums, + increaseSinkSpaceByIncrementsTask + ); + }, + + /** + * Close the copier's source stream, then asynchronously continue to the next + * task. + * + * @param status : nsresult + * the status to provide when closing the copier's source stream + */ + closeSource: function closeSource(status) { + var self = this; + + this._addToTasks(function closeSourceTask() { + note("closeSourceTask"); + + self._source.closeWithStatus(status); + self._stageNextTask(); + }); + }, + + /** + * Close the copier's source stream, then wait for the given number of bytes + * and for the given series of arrays of bytes to be written to the sink, then + * asynchronously continue to the next task. + * + * @param status : nsresult + * the status to provide when closing the copier's source stream + * @param bytes : uint + * number of bytes of space to make available in the sink + * @param dataQuantums : [[uint]] + * array of byte arrays to expect to be written in sequence to the sink + */ + closeSourceAndWaitFor: function closeSourceAndWaitFor( + status, + bytes, + dataQuantums + ) { + var self = this; + + Assert.equal( + bytes, + sum( + dataQuantums.map(function (v) { + return v.length; + }) + ), + "bytes/quantums mismatch" + ); + + function closeSourceAndWaitForTask() { + self._sink.makeWritable(bytes); + self._copyableDataStream.closeWithStatus(status); + } + + this._waitForHelper( + "closeSourceAndWaitForTask", + dataQuantums, + closeSourceAndWaitForTask + ); + }, + + /** + * Closes the copier's sink stream, providing the given status, then + * asynchronously continue to the next task. + * + * @param status : nsresult + * the status to provide when closing the copier's sink stream + */ + closeSink: function closeSink(status) { + var self = this; + this._addToTasks(function closeSinkTask() { + note("closeSinkTask"); + + self._sink.closeWithStatus(status); + self._stageNextTask(); + }); + }, + + /** + * Closes the copier's source stream, then immediately closes the copier's + * sink stream, then asynchronously continues to the next task. + * + * @param sourceStatus : nsresult + * the status to provide when closing the copier's source stream + * @param sinkStatus : nsresult + * the status to provide when closing the copier's sink stream + */ + closeSourceThenSink: function closeSourceThenSink(sourceStatus, sinkStatus) { + var self = this; + this._addToTasks(function closeSourceThenSinkTask() { + note("closeSourceThenSinkTask"); + + self._source.closeWithStatus(sourceStatus); + self._sink.closeWithStatus(sinkStatus); + self._stageNextTask(); + }); + }, + + /** + * Closes the copier's sink stream, then immediately closes the copier's + * source stream, then asynchronously continues to the next task. + * + * @param sinkStatus : nsresult + * the status to provide when closing the copier's sink stream + * @param sourceStatus : nsresult + * the status to provide when closing the copier's source stream + */ + closeSinkThenSource: function closeSinkThenSource(sinkStatus, sourceStatus) { + var self = this; + this._addToTasks(function closeSinkThenSourceTask() { + note("closeSinkThenSource"); + + self._sink.closeWithStatus(sinkStatus); + self._source.closeWithStatus(sourceStatus); + self._stageNextTask(); + }); + }, + + /** + * Indicates that the given status is expected to be returned when the stream + * listener for the copy indicates completion, that the expected data copied + * by the copier to sink are the concatenation of the arrays of bytes in + * receivedData, and kicks off the tasks in this test. + * + * @param expectedStatus : nsresult + * the status expected to be returned by the copier at completion + * @param receivedData : [[uint]] + * an array containing arrays of bytes whose concatenation constitutes the + * expected copied data + */ + expect: function expect(expectedStatus, receivedData) { + this._expectedStatus = expectedStatus; + this._expectedData = []; + for (var i = 0, sz = receivedData.length; i < sz; i++) { + this._expectedData.push.apply(this._expectedData, receivedData[i]); + } + + this._stageNextTask(); + }, + + /** + * Sets up a stream interceptor that will verify that each piece of data + * written to the sink by the copier corresponds to the currently expected + * pieces of data, calls the trigger, then waits for those pieces of data to + * be received. Once all have been received, the interceptor is removed and + * the next task is asynchronously executed. + * + * @param name : string + * name of the task created by this, used in debugging output + * @param dataQuantums : [[uint]] + * array of expected arrays of bytes to be written to the sink by the copier + * @param trigger : function() : void + * function to call after setting up the interceptor to wait for + * notifications (which will be generated as a result of this function's + * actions) + */ + _waitForHelper: function _waitForHelper(name, dataQuantums, trigger) { + var self = this; + this._addToTasks(function waitForHelperTask() { + note(name); + + var quantumIndex = 0; + + /* + * Intercept all data-available notifications so we can continue when all + * the ones we expect have been received. + */ + var streamReadyCallback = { + onInputStreamReady: function wrapperOnInputStreamReady(input) { + dumpn( + "*** streamReadyCallback.onInputStreamReady" + + "(" + + input.name + + ")" + ); + + Assert.equal(this, streamReadyCallback, "sanity"); + + try { + if (quantumIndex < dataQuantums.length) { + var quantum = dataQuantums[quantumIndex++]; + var sz = quantum.length; + Assert.equal( + self._lastQuantum.length, + sz, + "different quantum lengths" + ); + for (var i = 0; i < sz; i++) { + Assert.equal( + self._lastQuantum[i], + quantum[i], + "bad data at " + i + ); + } + + dumpn( + "*** waiting to check remaining " + + (dataQuantums.length - quantumIndex) + + " quantums..." + ); + } + } finally { + if (quantumIndex === dataQuantums.length) { + dumpn("*** data checks completed! next task..."); + self._copiedDataStream.removeStreamReadyInterceptor(); + self._stageNextTask(); + } + } + }, + }; + + var interceptor = createStreamReadyInterceptor( + streamReadyCallback, + "onInputStreamReady" + ); + self._copiedDataStream.interceptStreamReadyCallbacks(interceptor); + + /* Do the deed. */ + trigger(); + }); + }, + + /** + * Initiates asynchronous waiting for data written to the copier's sink to be + * available for reading from the input end of the sink's pipe. The callback + * stores the received data for comparison in the interceptor used in the + * callback added by _waitForHelper and signals test completion when it + * receives a zero-data-available notification (if the copier has notified + * that it is finished; otherwise allows execution to continue until that has + * occurred). + */ + _waitForWrittenData: function _waitForWrittenData() { + dumpn("*** _waitForWrittenData (" + this.name + ")"); + + var self = this; + var outputWrittenWatcher = { + onInputStreamReady: function onInputStreamReady(input) { + dumpn( + // eslint-disable-next-line no-useless-concat + "*** outputWrittenWatcher.onInputStreamReady" + "(" + input.name + ")" + ); + + if (self._allDataWritten) { + do_throw( + "ruh-roh! why are we getting notified of more data " + + "after we should have received all of it?" + ); + } + + self._waitingForData = false; + + try { + var avail = input.available(); + } catch (e) { + dumpn("*** available() threw! error: " + e); + if (self._completed) { + dumpn( + "*** NB: this isn't a problem, because we've copied " + + "completely now, and this notify may have been expedited " + + "by maybeNotifyFinally such that we're being called when " + + "we can *guarantee* nothing is available any more" + ); + } + avail = 0; + } + + if (avail > 0) { + var data = input.readByteArray(avail); + Assert.equal( + data.length, + avail, + "readByteArray returned wrong number of bytes?" + ); + self._lastQuantum = data; + self._receivedData.push.apply(self._receivedData, data); + } + + if (avail === 0) { + dumpn("*** all data received!"); + + self._allDataWritten = true; + + if (self._copyingFinished) { + dumpn("*** copying already finished, continuing to next test"); + self._testComplete(); + } else { + dumpn("*** copying not finished, waiting for that to happen"); + } + + return; + } + + self._waitForWrittenData(); + }, + }; + + this._copiedDataStream.asyncWait( + outputWrittenWatcher, + 0, + 1, + Services.tm.currentThread + ); + this._waitingForData = true; + }, + + /** + * Indicates this test is complete, does the final data-received and copy + * status comparisons, and calls the test-completion function provided when + * this test was first created. + */ + _testComplete: function _testComplete() { + dumpn("*** CopyTest(" + this.name + ") complete! On to the next test..."); + + try { + Assert.ok(this._allDataWritten, "expect all data written now!"); + Assert.ok(this._copyingFinished, "expect copying finished now!"); + + Assert.equal( + this._actualStatus, + this._expectedStatus, + "wrong final status" + ); + + var expected = this._expectedData, + received = this._receivedData; + dumpn("received: [" + received + "], expected: [" + expected + "]"); + Assert.equal(received.length, expected.length, "wrong data"); + for (var i = 0, sz = expected.length; i < sz; i++) { + Assert.equal(received[i], expected[i], "bad data at " + i); + } + } catch (e) { + dumpn("!!! ERROR PERFORMING FINAL " + this.name + " CHECKS! " + e); + throw e; + } finally { + dumpn( + "*** CopyTest(" + + this.name + + ") complete! " + + "Invoking test-completion callback..." + ); + this._done(); + } + }, + + /** Dispatches an event at this thread which will run the next task. */ + _stageNextTask: function _stageNextTask() { + dumpn("*** CopyTest(" + this.name + ")._stageNextTask()"); + + if (this._currentTask === this._tasks.length) { + dumpn("*** CopyTest(" + this.name + ") tasks complete!"); + return; + } + + var task = this._tasks[this._currentTask++]; + var event = { + run: function run() { + try { + task(); + } catch (e) { + do_throw("exception thrown running task: " + e); + } + }, + }; + Services.tm.dispatchToMainThread(event); + }, + + /** + * Adds the given function as a task to be run at a later time. + * + * @param task : function() : void + * the function to call as a task + */ + _addToTasks: function _addToTasks(task) { + this._tasks.push(task); + }, + + // + // see nsIRequestObserver.onStartRequest + // + onStartRequest: function onStartRequest(self) { + dumpn("*** CopyTest.onStartRequest (" + self.name + ")"); + + Assert.equal(this._receivedData.length, 0); + Assert.equal(this._lastQuantum.length, 0); + }, + + // + // see nsIRequestObserver.onStopRequest + // + onStopRequest: function onStopRequest(self, status) { + dumpn("*** CopyTest.onStopRequest (" + self.name + ", " + status + ")"); + + this._actualStatus = status; + + this._copyingFinished = true; + + if (this._allDataWritten) { + dumpn("*** all data written, continuing with remaining tests..."); + this._testComplete(); + } else { + /* + * Everything's copied as far as the copier is concerned. However, there + * may be a backup transferring from the output end of the copy sink to + * the input end where we can actually verify that the expected data was + * written as expected, because that transfer occurs asynchronously. If + * we do final data-received checks now, we'll miss still-pending data. + * Therefore, to wrap up this copy test we still need to asynchronously + * wait on the input end of the sink until we hit end-of-stream or some + * error condition. Then we know we're done and can continue with the + * next test. + */ + dumpn("*** not all data copied, waiting for that to happen..."); + + if (!this._waitingForData) { + this._waitForWrittenData(); + } + + this._copiedDataStream.maybeNotifyFinally(); + } + }, +}; diff --git a/netwerk/test/httpserver/test/test_basic_functionality.js b/netwerk/test/httpserver/test/test_basic_functionality.js new file mode 100644 index 0000000000..b8864abd17 --- /dev/null +++ b/netwerk/test/httpserver/test/test_basic_functionality.js @@ -0,0 +1,182 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Basic functionality test, from the client programmer's POV. + */ + +ChromeUtils.defineLazyGetter(this, "port", function () { + return srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + port + "/objHandler", + null, + start_objHandler, + null + ), + new Test( + "http://localhost:" + port + "/functionHandler", + null, + start_functionHandler, + null + ), + new Test( + "http://localhost:" + port + "/nonexistent-path", + null, + start_non_existent_path, + null + ), + new Test( + "http://localhost:" + port + "/lotsOfHeaders", + null, + start_lots_of_headers, + null + ), + ]; +}); + +var srv; + +function run_test() { + srv = createServer(); + + // base path + // XXX should actually test this works with a file by comparing streams! + var path = Services.dirsvc.get("CurWorkD", Ci.nsIFile); + srv.registerDirectory("/", path); + + // register a few test paths + srv.registerPathHandler("/objHandler", objHandler); + srv.registerPathHandler("/functionHandler", functionHandler); + srv.registerPathHandler("/lotsOfHeaders", lotsOfHeadersHandler); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +const HEADER_COUNT = 1000; + +// TEST DATA + +// common properties *always* appended by server +// or invariants for every URL in paths +function commonCheck(ch) { + Assert.ok(ch.contentLength > -1); + Assert.equal(ch.getResponseHeader("connection"), "close"); + Assert.ok(!ch.isNoStoreResponse()); + Assert.ok(!ch.isPrivateResponse()); +} + +function start_objHandler(ch) { + commonCheck(ch); + + Assert.equal(ch.responseStatus, 200); + Assert.ok(ch.requestSucceeded); + Assert.equal(ch.getResponseHeader("content-type"), "text/plain"); + Assert.equal(ch.responseStatusText, "OK"); + + var reqMin = {}, + reqMaj = {}, + respMin = {}, + respMaj = {}; + ch.getRequestVersion(reqMaj, reqMin); + ch.getResponseVersion(respMaj, respMin); + Assert.ok(reqMaj.value == respMaj.value && reqMin.value == respMin.value); +} + +function start_functionHandler(ch) { + commonCheck(ch); + + Assert.equal(ch.responseStatus, 404); + Assert.ok(!ch.requestSucceeded); + Assert.equal(ch.getResponseHeader("foopy"), "quux-baz"); + Assert.equal(ch.responseStatusText, "Page Not Found"); + + var reqMin = {}, + reqMaj = {}, + respMin = {}, + respMaj = {}; + ch.getRequestVersion(reqMaj, reqMin); + ch.getResponseVersion(respMaj, respMin); + Assert.ok(reqMaj.value == 1 && reqMin.value == 1); + Assert.ok(respMaj.value == 1 && respMin.value == 1); +} + +function start_non_existent_path(ch) { + commonCheck(ch); + + Assert.equal(ch.responseStatus, 404); + Assert.ok(!ch.requestSucceeded); +} + +function start_lots_of_headers(ch) { + commonCheck(ch); + + Assert.equal(ch.responseStatus, 200); + Assert.ok(ch.requestSucceeded); + + for (var i = 0; i < HEADER_COUNT; i++) { + Assert.equal(ch.getResponseHeader("X-Header-" + i), "value " + i); + } +} + +// PATH HANDLERS + +// /objHandler +var objHandler = { + handle(metadata, response) { + response.setStatusLine(metadata.httpVersion, 200, "OK"); + response.setHeader("Content-Type", "text/plain", false); + + var body = "Request (slightly reformatted):\n\n"; + body += metadata.method + " " + metadata.path; + + Assert.equal(metadata.port, port); + + if (metadata.queryString) { + body += "?" + metadata.queryString; + } + + body += " HTTP/" + metadata.httpVersion + "\n"; + + var headEnum = metadata.headers; + while (headEnum.hasMoreElements()) { + var fieldName = headEnum + .getNext() + .QueryInterface(Ci.nsISupportsString).data; + body += fieldName + ": " + metadata.getHeader(fieldName) + "\n"; + } + + response.bodyOutputStream.write(body, body.length); + }, + QueryInterface: ChromeUtils.generateQI(["nsIHttpRequestHandler"]), +}; + +// /functionHandler +function functionHandler(metadata, response) { + response.setStatusLine("1.1", 404, "Page Not Found"); + response.setHeader("foopy", "quux-baz", false); + + Assert.equal(metadata.port, port); + Assert.equal(metadata.host, "localhost"); + Assert.equal(metadata.path.charAt(0), "/"); + + var body = "this is text\n"; + response.bodyOutputStream.write(body, body.length); +} + +// /lotsOfHeaders +function lotsOfHeadersHandler(request, response) { + response.setHeader("Content-Type", "text/plain", false); + + for (var i = 0; i < HEADER_COUNT; i++) { + response.setHeader("X-Header-" + i, "value " + i, false); + } +} diff --git a/netwerk/test/httpserver/test/test_body_length.js b/netwerk/test/httpserver/test/test_body_length.js new file mode 100644 index 0000000000..85f35d7441 --- /dev/null +++ b/netwerk/test/httpserver/test/test_body_length.js @@ -0,0 +1,68 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests that the Content-Length header in incoming requests is interpreted as + * a decimal number, even if it has the form (including leading zero) of an + * octal number. + */ + +var srv; + +function run_test() { + srv = createServer(); + srv.registerPathHandler("/content-length", contentLength); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +const REQUEST_DATA = "12345678901234567"; + +function contentLength(request, response) { + Assert.equal(request.method, "POST"); + Assert.equal(request.getHeader("Content-Length"), "017"); + + var body = new ScriptableInputStream(request.bodyInputStream); + + var avail; + var data = ""; + while ((avail = body.available()) > 0) { + data += body.read(avail); + } + + Assert.equal(data, REQUEST_DATA); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/content-length", + init_content_length + ), + ]; +}); + +function init_content_length(ch) { + var content = Cc["@mozilla.org/io/string-input-stream;1"].createInstance( + Ci.nsIStringInputStream + ); + content.data = REQUEST_DATA; + + ch.QueryInterface(Ci.nsIUploadChannel).setUploadStream( + content, + "text/plain", + REQUEST_DATA.length + ); + + // Override the values implicitly set by setUploadStream above. + ch.requestMethod = "POST"; + ch.setRequestHeader("Content-Length", "017", false); // 17 bytes, not 15 +} diff --git a/netwerk/test/httpserver/test/test_byte_range.js b/netwerk/test/httpserver/test/test_byte_range.js new file mode 100644 index 0000000000..ef92824734 --- /dev/null +++ b/netwerk/test/httpserver/test/test_byte_range.js @@ -0,0 +1,272 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// checks if a byte range request and non-byte range request retrieve the +// correct data. + +var srv; +ChromeUtils.defineLazyGetter(this, "PREFIX", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + PREFIX + "/range.txt", + init_byterange, + start_byterange, + stop_byterange + ), + new Test(PREFIX + "/range.txt", init_byterange2, start_byterange2), + new Test( + PREFIX + "/range.txt", + init_byterange3, + start_byterange3, + stop_byterange3 + ), + new Test(PREFIX + "/range.txt", init_byterange4, start_byterange4), + new Test( + PREFIX + "/range.txt", + init_byterange5, + start_byterange5, + stop_byterange5 + ), + new Test( + PREFIX + "/range.txt", + init_byterange6, + start_byterange6, + stop_byterange6 + ), + new Test( + PREFIX + "/range.txt", + init_byterange7, + start_byterange7, + stop_byterange7 + ), + new Test( + PREFIX + "/range.txt", + init_byterange8, + start_byterange8, + stop_byterange8 + ), + new Test( + PREFIX + "/range.txt", + init_byterange9, + start_byterange9, + stop_byterange9 + ), + new Test(PREFIX + "/range.txt", init_byterange10, start_byterange10), + new Test( + PREFIX + "/range.txt", + init_byterange11, + start_byterange11, + stop_byterange11 + ), + new Test(PREFIX + "/empty.txt", null, start_byterange12, stop_byterange12), + new Test( + PREFIX + "/headers.txt", + init_byterange13, + start_byterange13, + null + ), + new Test(PREFIX + "/range.txt", null, start_normal, stop_normal), + ]; +}); + +function run_test() { + srv = createServer(); + var dir = do_get_file("data/ranges/"); + srv.registerDirectory("/", dir); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +function start_normal(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.getResponseHeader("Content-Length"), "21"); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); +} + +function stop_normal(ch, status, data) { + Assert.equal(data.length, 21); + Assert.equal(data[0], 0x54); + Assert.equal(data[20], 0x0a); +} + +function init_byterange(ch) { + ch.setRequestHeader("Range", "bytes=10-", false); +} + +function start_byterange(ch) { + Assert.equal(ch.responseStatus, 206); + Assert.equal(ch.getResponseHeader("Content-Length"), "11"); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); + Assert.equal(ch.getResponseHeader("Content-Range"), "bytes 10-20/21"); +} + +function stop_byterange(ch, status, data) { + Assert.equal(data.length, 11); + Assert.equal(data[0], 0x64); + Assert.equal(data[10], 0x0a); +} + +function init_byterange2(ch) { + ch.setRequestHeader("Range", "bytes=21-", false); +} + +function start_byterange2(ch) { + Assert.equal(ch.responseStatus, 416); +} + +function init_byterange3(ch) { + ch.setRequestHeader("Range", "bytes=10-15", false); +} + +function start_byterange3(ch) { + Assert.equal(ch.responseStatus, 206); + Assert.equal(ch.getResponseHeader("Content-Length"), "6"); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); + Assert.equal(ch.getResponseHeader("Content-Range"), "bytes 10-15/21"); +} + +function stop_byterange3(ch, status, data) { + Assert.equal(data.length, 6); + Assert.equal(data[0], 0x64); + Assert.equal(data[1], 0x20); + Assert.equal(data[2], 0x62); + Assert.equal(data[3], 0x65); + Assert.equal(data[4], 0x20); + Assert.equal(data[5], 0x73); +} + +function init_byterange4(ch) { + ch.setRequestHeader("Range", "xbytes=21-", false); +} + +function start_byterange4(ch) { + Assert.equal(ch.responseStatus, 400); +} + +function init_byterange5(ch) { + ch.setRequestHeader("Range", "bytes=-5", false); +} + +function start_byterange5(ch) { + Assert.equal(ch.responseStatus, 206); +} + +function stop_byterange5(ch, status, data) { + Assert.equal(data.length, 5); + Assert.equal(data[0], 0x65); + Assert.equal(data[1], 0x65); + Assert.equal(data[2], 0x6e); + Assert.equal(data[3], 0x2e); + Assert.equal(data[4], 0x0a); +} + +function init_byterange6(ch) { + ch.setRequestHeader("Range", "bytes=15-12", false); +} + +function start_byterange6(ch) { + Assert.equal(ch.responseStatus, 200); +} + +function stop_byterange6(ch, status, data) { + Assert.equal(data.length, 21); + Assert.equal(data[0], 0x54); + Assert.equal(data[20], 0x0a); +} + +function init_byterange7(ch) { + ch.setRequestHeader("Range", "bytes=0-5", false); +} + +function start_byterange7(ch) { + Assert.equal(ch.responseStatus, 206); + Assert.equal(ch.getResponseHeader("Content-Length"), "6"); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); + Assert.equal(ch.getResponseHeader("Content-Range"), "bytes 0-5/21"); +} + +function stop_byterange7(ch, status, data) { + Assert.equal(data.length, 6); + Assert.equal(data[0], 0x54); + Assert.equal(data[1], 0x68); + Assert.equal(data[2], 0x69); + Assert.equal(data[3], 0x73); + Assert.equal(data[4], 0x20); + Assert.equal(data[5], 0x73); +} + +function init_byterange8(ch) { + ch.setRequestHeader("Range", "bytes=20-21", false); +} + +function start_byterange8(ch) { + Assert.equal(ch.responseStatus, 206); + Assert.equal(ch.getResponseHeader("Content-Range"), "bytes 20-20/21"); +} + +function stop_byterange8(ch, status, data) { + Assert.equal(data.length, 1); + Assert.equal(data[0], 0x0a); +} + +function init_byterange9(ch) { + ch.setRequestHeader("Range", "bytes=020-021", false); +} + +function start_byterange9(ch) { + Assert.equal(ch.responseStatus, 206); +} + +function stop_byterange9(ch, status, data) { + Assert.equal(data.length, 1); + Assert.equal(data[0], 0x0a); +} + +function init_byterange10(ch) { + ch.setRequestHeader("Range", "bytes=-", false); +} + +function start_byterange10(ch) { + Assert.equal(ch.responseStatus, 400); +} + +function init_byterange11(ch) { + ch.setRequestHeader("Range", "bytes=-500", false); +} + +function start_byterange11(ch) { + Assert.equal(ch.responseStatus, 206); +} + +function stop_byterange11(ch, status, data) { + Assert.equal(data.length, 21); + Assert.equal(data[0], 0x54); + Assert.equal(data[20], 0x0a); +} + +function start_byterange12(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.getResponseHeader("Content-Length"), "0"); +} + +function stop_byterange12(ch, status, data) { + Assert.equal(data.length, 0); +} + +function init_byterange13(ch) { + ch.setRequestHeader("Range", "bytes=9999999-", false); +} + +function start_byterange13(ch) { + Assert.equal(ch.responseStatus, 416); + Assert.equal(ch.getResponseHeader("X-SJS-Header"), "customized"); +} diff --git a/netwerk/test/httpserver/test/test_cern_meta.js b/netwerk/test/httpserver/test/test_cern_meta.js new file mode 100644 index 0000000000..3497a88ea7 --- /dev/null +++ b/netwerk/test/httpserver/test/test_cern_meta.js @@ -0,0 +1,79 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// exercises support for mod_cern_meta-style header/status line modification +var srv; + +ChromeUtils.defineLazyGetter(this, "PREFIX", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(PREFIX + "/test_both.html", null, start_testBoth, null), + new Test( + PREFIX + "/test_ctype_override.txt", + null, + start_test_ctype_override_txt, + null + ), + new Test( + PREFIX + "/test_status_override.html", + null, + start_test_status_override_html, + null + ), + new Test( + PREFIX + "/test_status_override_nodesc.txt", + null, + start_test_status_override_nodesc_txt, + null + ), + new Test(PREFIX + "/caret_test.txt^", null, start_caret_test_txt_, null), + ]; +}); + +function run_test() { + srv = createServer(); + + var cernDir = do_get_file("data/cern_meta/"); + srv.registerDirectory("/", cernDir); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function start_testBoth(ch) { + Assert.equal(ch.responseStatus, 501); + Assert.equal(ch.responseStatusText, "Unimplemented"); + + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); +} + +function start_test_ctype_override_txt(ch) { + Assert.equal(ch.getResponseHeader("Content-Type"), "text/html"); +} + +function start_test_status_override_html(ch) { + Assert.equal(ch.responseStatus, 404); + Assert.equal(ch.responseStatusText, "Can't Find This"); +} + +function start_test_status_override_nodesc_txt(ch) { + Assert.equal(ch.responseStatus, 732); + Assert.equal(ch.responseStatusText, ""); +} + +function start_caret_test_txt_(ch) { + Assert.equal(ch.responseStatus, 500); + Assert.equal(ch.responseStatusText, "This Isn't A Server Error"); + + Assert.equal(ch.getResponseHeader("Foo-RFC"), "3092"); + Assert.equal(ch.getResponseHeader("Shaving-Cream-Atom"), "Illudium Phosdex"); +} diff --git a/netwerk/test/httpserver/test/test_default_index_handler.js b/netwerk/test/httpserver/test/test_default_index_handler.js new file mode 100644 index 0000000000..efa02cb6e3 --- /dev/null +++ b/netwerk/test/httpserver/test/test_default_index_handler.js @@ -0,0 +1,248 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// checks for correct output with the default index handler, mostly to do +// escaping checks -- highly dependent on the default index handler output +// format + +var srv, dir, gDirEntries; + +ChromeUtils.defineLazyGetter(this, "BASE_URL", function () { + return "http://localhost:" + srv.identity.primaryPort + "/"; +}); + +function run_test() { + createTestDirectory(); + + srv = createServer(); + srv.registerDirectory("/", dir); + + var nameDir = do_get_file("data/name-scheme/"); + srv.registerDirectory("/bar/", nameDir); + + srv.start(-1); + + function done() { + do_test_pending(); + destroyTestDirectory(); + srv.stop(function () { + do_test_finished(); + }); + } + + runHttpTests(tests, done); +} + +function createTestDirectory() { + dir = Services.dirsvc.get("TmpD", Ci.nsIFile); + dir.append("index_handler_test_" + Math.random()); + dir.createUnique(Ci.nsIFile.DIRECTORY_TYPE, 0o744); + + // populate with test directories, files, etc. + // Files must be in expected order of display on the index page! + + var files = []; + + makeFile("aa_directory", true, dir, files); + makeFile("Ba_directory", true, dir, files); + makeFile("bb_directory", true, dir, files); + makeFile("foo", true, dir, files); + makeFile("a_file", false, dir, files); + makeFile("B_file", false, dir, files); + makeFile("za'z", false, dir, files); + makeFile("zb&z", false, dir, files); + makeFile("zcm", false, dir, files); + + gDirEntries = [files]; + + var subdir = dir.clone(); + subdir.append("foo"); + + files = []; + + makeFile("aa_dir", true, subdir, files); + makeFile("b_dir", true, subdir, files); + makeFile("AA_file.txt", false, subdir, files); + makeFile("test.txt", false, subdir, files); + + gDirEntries.push(files); +} + +function destroyTestDirectory() { + dir.remove(true); +} + +/** *********** + * UTILITIES * + *************/ + +/** Verifies data in bytes for the trailing-caret path above. */ +function hiddenDataCheck(bytes, uri, path) { + var data = String.fromCharCode.apply(null, bytes); + + var parser = new DOMParser(); + + // Note: the index format isn't XML -- it's actually HTML -- but we require + // the index format also be valid XML, albeit XML without namespaces, + // XML declarations, etc. Doing this simplifies output checking. + try { + var doc = parser.parseFromString(data, "application/xml"); + } catch (e) { + do_throw("document failed to parse as XML"); + } + + var body = doc.documentElement.getElementsByTagName("body"); + Assert.equal(body.length, 1); + body = body[0]; + + // header + var header = body.getElementsByTagName("h1"); + Assert.equal(header.length, 1); + + Assert.equal(header[0].textContent, path); + + // files + var lst = body.getElementsByTagName("ol"); + Assert.equal(lst.length, 1); + var items = lst[0].getElementsByTagName("li"); + + var top = Services.io.newURI(uri); + + // N.B. No ERROR_IF_SEE_THIS.txt^ file! + var dirEntries = [ + { name: "file.txt", isDirectory: false }, + { name: "SHOULD_SEE_THIS.txt^", isDirectory: false }, + ]; + + for (var i = 0; i < items.length; i++) { + var link = items[i].childNodes[0]; + var f = dirEntries[i]; + + var sep = f.isDirectory ? "/" : ""; + + Assert.equal(link.textContent, f.name + sep); + + uri = Services.io.newURI(link.getAttribute("href"), null, top); + Assert.equal(decodeURIComponent(uri.pathQueryRef), path + f.name + sep); + } +} + +/** + * Verifies data in bytes (an array of bytes) represents an index page for the + * given URI and path, which should be a page listing the given directory + * entries, in order. + * + * @param bytes + * array of bytes representing the index page's contents + * @param uri + * string which is the URI of the index page + * @param path + * the path portion of uri + * @param dirEntries + * sorted (in the manner the directory entries should be sorted) array of + * objects, each of which has a name property (whose value is the file's name, + * without / if it's a directory) and an isDirectory property (with expected + * value) + */ +function dataCheck(bytes, uri, path, dirEntries) { + var data = String.fromCharCode.apply(null, bytes); + + var parser = new DOMParser(); + + // Note: the index format isn't XML -- it's actually HTML -- but we require + // the index format also be valid XML, albeit XML without namespaces, + // XML declarations, etc. Doing this simplifies output checking. + try { + var doc = parser.parseFromString(data, "application/xml"); + } catch (e) { + do_throw("document failed to parse as XML"); + } + + var body = doc.documentElement.getElementsByTagName("body"); + Assert.equal(body.length, 1); + body = body[0]; + + // header + var header = body.getElementsByTagName("h1"); + Assert.equal(header.length, 1); + + Assert.equal(header[0].textContent, path); + + // files + var lst = body.getElementsByTagName("ol"); + Assert.equal(lst.length, 1); + var items = lst[0].getElementsByTagName("li"); + var top = Services.io.newURI(uri); + + for (var i = 0; i < items.length; i++) { + var link = items[i].childNodes[0]; + var f = dirEntries[i]; + + var sep = f.isDirectory ? "/" : ""; + + Assert.equal(link.textContent, f.name + sep); + + uri = Services.io.newURI(link.getAttribute("href"), null, top); + Assert.equal(decodeURIComponent(uri.pathQueryRef), path + f.name + sep); + } +} + +/** + * Create a file/directory with the given name underneath parentDir, and + * append an object with name/isDirectory properties to lst corresponding + * to it if the file/directory could be created. + */ +function makeFile(name, isDirectory, parentDir, lst) { + var type = Ci.nsIFile[isDirectory ? "DIRECTORY_TYPE" : "NORMAL_FILE_TYPE"]; + var file = parentDir.clone(); + + try { + file.append(name); + file.create(type, 0o755); + lst.push({ name, isDirectory }); + } catch (e) { + /* OS probably doesn't like file name, skip */ + } +} + +/** ******* + * TESTS * + *********/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(BASE_URL, null, start, stopRootDirectory), + new Test(BASE_URL + "foo/", null, start, stopFooDirectory), + new Test( + BASE_URL + "bar/folder^/", + null, + start, + stopTrailingCaretDirectory + ), + ]; +}); + +// check top-level directory listing +function start(ch) { + Assert.equal(ch.getResponseHeader("Content-Type"), "text/html;charset=utf-8"); +} +function stopRootDirectory(ch, status, data) { + dataCheck(data, BASE_URL, "/", gDirEntries[0]); +} + +// check non-top-level, too +function stopFooDirectory(ch, status, data) { + dataCheck(data, BASE_URL + "foo/", "/foo/", gDirEntries[1]); +} + +// trailing-caret leaf with hidden files +function stopTrailingCaretDirectory(ch, status, data) { + hiddenDataCheck(data, BASE_URL + "bar/folder^/", "/bar/folder^/"); +} diff --git a/netwerk/test/httpserver/test/test_empty_body.js b/netwerk/test/httpserver/test/test_empty_body.js new file mode 100644 index 0000000000..fa9b7cbfdc --- /dev/null +++ b/netwerk/test/httpserver/test/test_empty_body.js @@ -0,0 +1,59 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// in its original incarnation, the server didn't like empty response-bodies; +// see the comment in _end for details + +var srv; + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/empty-body-unwritten", + null, + ensureEmpty, + null + ), + new Test( + "http://localhost:" + srv.identity.primaryPort + "/empty-body-written", + null, + ensureEmpty, + null + ), + ]; +}); + +function run_test() { + srv = createServer(); + + // register a few test paths + srv.registerPathHandler("/empty-body-unwritten", emptyBodyUnwritten); + srv.registerPathHandler("/empty-body-written", emptyBodyWritten); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function ensureEmpty(ch) { + Assert.ok(ch.contentLength == 0); +} + +// PATH HANDLERS + +// /empty-body-unwritten +function emptyBodyUnwritten(metadata, response) { + response.setStatusLine("1.1", 200, "OK"); +} + +// /empty-body-written +function emptyBodyWritten(metadata, response) { + response.setStatusLine("1.1", 200, "OK"); + var body = ""; + response.bodyOutputStream.write(body, body.length); +} diff --git a/netwerk/test/httpserver/test/test_errorhandler_exception.js b/netwerk/test/httpserver/test/test_errorhandler_exception.js new file mode 100644 index 0000000000..e9cdb0bf4f --- /dev/null +++ b/netwerk/test/httpserver/test/test_errorhandler_exception.js @@ -0,0 +1,95 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Request handlers may throw exceptions, and those exception should be caught +// by the server and converted into the proper error codes. + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/throws/exception", + null, + start_throws_exception, + succeeded + ), + new Test( + "http://localhost:" + + srv.identity.primaryPort + + "/this/file/does/not/exist/and/404s", + null, + start_nonexistent_404_fails_so_400, + succeeded + ), + new Test( + "http://localhost:" + + srv.identity.primaryPort + + "/attempts/404/fails/so/400/fails/so/500s", + register400Handler, + start_multiple_exceptions_500, + succeeded + ), + ]; +}); + +var srv; + +function run_test() { + srv = createServer(); + + srv.registerErrorHandler(404, throwsException); + srv.registerPathHandler("/throws/exception", throwsException); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function checkStatusLine( + channel, + httpMaxVer, + httpMinVer, + httpCode, + statusText +) { + Assert.equal(channel.responseStatus, httpCode); + Assert.equal(channel.responseStatusText, statusText); + + var respMaj = {}, + respMin = {}; + channel.getResponseVersion(respMaj, respMin); + Assert.equal(respMaj.value, httpMaxVer); + Assert.equal(respMin.value, httpMinVer); +} + +function start_throws_exception(ch) { + checkStatusLine(ch, 1, 1, 500, "Internal Server Error"); +} + +function start_nonexistent_404_fails_so_400(ch) { + checkStatusLine(ch, 1, 1, 400, "Bad Request"); +} + +function start_multiple_exceptions_500(ch) { + checkStatusLine(ch, 1, 1, 500, "Internal Server Error"); +} + +function succeeded(ch, status, data) { + Assert.ok(Components.isSuccessCode(status)); +} + +function register400Handler(ch) { + srv.registerErrorHandler(400, throwsException); +} + +// PATH HANDLERS + +// /throws/exception (and also a 404 and 400 error handler) +function throwsException(metadata, response) { + throw new Error("this shouldn't cause an exit..."); + do_throw("Not reached!"); // eslint-disable-line no-unreachable +} diff --git a/netwerk/test/httpserver/test/test_header_array.js b/netwerk/test/httpserver/test/test_header_array.js new file mode 100644 index 0000000000..1579c5ceeb --- /dev/null +++ b/netwerk/test/httpserver/test/test_header_array.js @@ -0,0 +1,66 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// test that special headers are sent as an array of headers with the same name + +var srv; + +function run_test() { + srv; + + srv = createServer(); + srv.registerPathHandler("/path-handler", pathHandler); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +/** ********** + * HANDLERS * + ************/ + +function pathHandler(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + response.setHeader("Proxy-Authenticate", "First line 1", true); + response.setHeader("Proxy-Authenticate", "Second line 1", true); + response.setHeader("Proxy-Authenticate", "Third line 1", true); + + response.setHeader("WWW-Authenticate", "Not merged line 1", false); + response.setHeader("WWW-Authenticate", "Not merged line 2", true); + + response.setHeader("WWW-Authenticate", "First line 2", false); + response.setHeader("WWW-Authenticate", "Second line 2", true); + response.setHeader("WWW-Authenticate", "Third line 2", true); + + response.setHeader("X-Single-Header-Merge", "Single 1", true); + response.setHeader("X-Single-Header-Merge", "Single 2", true); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/path-handler", + null, + check + ), + ]; +}); + +function check(ch) { + var headerValue; + + headerValue = ch.getResponseHeader("Proxy-Authenticate"); + Assert.equal(headerValue, "First line 1\nSecond line 1\nThird line 1"); + headerValue = ch.getResponseHeader("WWW-Authenticate"); + Assert.equal(headerValue, "First line 2\nSecond line 2\nThird line 2"); + headerValue = ch.getResponseHeader("X-Single-Header-Merge"); + Assert.equal(headerValue, "Single 1,Single 2"); +} diff --git a/netwerk/test/httpserver/test/test_headers.js b/netwerk/test/httpserver/test/test_headers.js new file mode 100644 index 0000000000..8e920c6f2f --- /dev/null +++ b/netwerk/test/httpserver/test/test_headers.js @@ -0,0 +1,169 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests for header storage in httpd.js; nsHttpHeaders is an *internal* data +// structure and is not to be used directly outside of httpd.js itself except +// for testing purposes + +/** + * Ensures that a fieldname-fieldvalue combination is a valid header. + * + * @param fieldName + * the name of the header + * @param fieldValue + * the value of the header + * @param headers + * an nsHttpHeaders object to use to check validity + */ +function assertValidHeader(fieldName, fieldValue, headers) { + try { + headers.setHeader(fieldName, fieldValue, false); + } catch (e) { + do_throw("Unexpected exception thrown: " + e); + } +} + +/** + * Ensures that a fieldname-fieldvalue combination is not a valid header. + * + * @param fieldName + * the name of the header + * @param fieldValue + * the value of the header + * @param headers + * an nsHttpHeaders object to use to check validity + */ +function assertInvalidHeader(fieldName, fieldValue, headers) { + try { + headers.setHeader(fieldName, fieldValue, false); + throw new Error( + `Setting (${fieldName}, ${fieldValue}) as header succeeded!` + ); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw("Unexpected exception thrown: " + e); + } + } +} + +function run_test() { + testHeaderValidity(); + testGetHeader(); + testHeaderEnumerator(); + testHasHeader(); +} + +function testHeaderValidity() { + var headers = new nsHttpHeaders(); + + assertInvalidHeader("f o", "bar", headers); + assertInvalidHeader("f\0n", "bar", headers); + assertInvalidHeader("foo:", "bar", headers); + assertInvalidHeader("f\\o", "bar", headers); + assertInvalidHeader("@xml", "bar", headers); + assertInvalidHeader("fiz(", "bar", headers); + assertInvalidHeader("HTTP/1.1", "bar", headers); + assertInvalidHeader('b"b', "bar", headers); + assertInvalidHeader("ascsd\t", "bar", headers); + assertInvalidHeader("{fds", "bar", headers); + assertInvalidHeader("baz?", "bar", headers); + assertInvalidHeader("a\\b\\c", "bar", headers); + assertInvalidHeader("\0x7F", "bar", headers); + assertInvalidHeader("\0x1F", "bar", headers); + assertInvalidHeader("f\n", "bar", headers); + assertInvalidHeader("foo", "b\nar", headers); + assertInvalidHeader("foo", "b\rar", headers); + assertInvalidHeader("foo", "b\0", headers); + + // request splitting, fwiw -- we're actually immune to this type of attack so + // long as we don't implement persistent connections + assertInvalidHeader("f\r\nGET /badness HTTP/1.1\r\nFoo", "bar", headers); + + assertValidHeader("f'", "baz", headers); + assertValidHeader("f`", "baz", headers); + assertValidHeader("f.", "baz", headers); + assertValidHeader("f---", "baz", headers); + assertValidHeader("---", "baz", headers); + assertValidHeader("~~~", "baz", headers); + assertValidHeader("~~~", "b\r\n bar", headers); + assertValidHeader("~~~", "b\r\n\tbar", headers); +} + +function testGetHeader() { + var headers = new nsHttpHeaders(); + + headers.setHeader("Content-Type", "text/html", false); + var c = headers.getHeader("content-type"); + Assert.equal(c, "text/html"); + + headers.setHeader("test", "FOO", false); + c = headers.getHeader("test"); + Assert.equal(c, "FOO"); + + try { + headers.getHeader(":"); + throw new Error("Failed to throw for invalid header"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw("headers.getHeader(':') must throw invalid arg"); + } + } + + try { + headers.getHeader("valid"); + throw new Error("header doesn't exist"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_NOT_AVAILABLE) { + do_throw("shouldn't be a header named 'valid' in headers!"); + } + } +} + +function testHeaderEnumerator() { + var headers = new nsHttpHeaders(); + + var heads = { + foo: "17", + baz: "two six niner", + decaf: "class Program { int .7; int main(){ .7 = 5; return 7 - .7; } }", + }; + + for (var i in heads) { + headers.setHeader(i, heads[i], false); + } + + var en = headers.enumerator; + while (en.hasMoreElements()) { + var it = en.getNext().QueryInterface(Ci.nsISupportsString).data; + Assert.ok(it.toLowerCase() in heads); + delete heads[it.toLowerCase()]; + } + + if (Object.keys(heads).length) { + do_throw("still have properties in heads!?!?"); + } +} + +function testHasHeader() { + var headers = new nsHttpHeaders(); + + headers.setHeader("foo", "bar", false); + Assert.ok(headers.hasHeader("foo")); + Assert.ok(headers.hasHeader("fOo")); + Assert.ok(!headers.hasHeader("not-there")); + + headers.setHeader("f`'~", "bar", false); + Assert.ok(headers.hasHeader("F`'~")); + + try { + headers.hasHeader(":"); + throw new Error("failed to throw"); + } catch (e) { + if (e.result !== Cr.NS_ERROR_INVALID_ARG) { + do_throw(".hasHeader for an invalid name should throw"); + } + } +} diff --git a/netwerk/test/httpserver/test/test_host.js b/netwerk/test/httpserver/test/test_host.js new file mode 100644 index 0000000000..2f5fadde92 --- /dev/null +++ b/netwerk/test/httpserver/test/test_host.js @@ -0,0 +1,608 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Tests that the scheme, host, and port of the server are correctly recorded + * and used in HTTP requests and responses. + */ + +"use strict"; + +const PORT = 4444; +const FAKE_PORT_ONE = 8888; +const FAKE_PORT_TWO = 8889; + +let srv, id; + +add_task(async function run_test1() { + dump("*** run_test1"); + + srv = createServer(); + + srv.registerPathHandler("/http/1.0-request", http10Request); + srv.registerPathHandler("/http/1.1-good-host", http11goodHost); + srv.registerPathHandler( + "/http/1.1-good-host-wacky-port", + http11goodHostWackyPort + ); + srv.registerPathHandler("/http/1.1-ip-host", http11ipHost); + + srv.start(FAKE_PORT_ONE); + + id = srv.identity; + + // The default location is http://localhost:PORT, where PORT is whatever you + // provided when you started the server. http://127.0.0.1:PORT is also part + // of the default set of locations. + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, FAKE_PORT_ONE); + Assert.ok(id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + // This should be a nop. + id.add("http", "localhost", FAKE_PORT_ONE); + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, FAKE_PORT_ONE); + Assert.ok(id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + // Change the primary location and make sure all the getters work correctly. + id.setPrimary("http", "127.0.0.1", FAKE_PORT_ONE); + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "127.0.0.1"); + Assert.equal(id.primaryPort, FAKE_PORT_ONE); + Assert.ok(id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + // Okay, now remove the primary location -- we fall back to the original + // location. + id.remove("http", "127.0.0.1", FAKE_PORT_ONE); + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, FAKE_PORT_ONE); + Assert.ok(id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + // You can't remove every location -- try this and the original default + // location will be silently readded. + id.remove("http", "localhost", FAKE_PORT_ONE); + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, FAKE_PORT_ONE); + Assert.ok(id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + // Okay, now that we've exercised that behavior, shut down the server and + // restart it on the correct port, to exercise port-changing behaviors at + // server start and stop. + + await new Promise(resolve => srv.stop(resolve)); +}); + +add_task(async function run_test_2() { + dump("*** run_test_2"); + + // Our primary location is gone because it was dependent on the port on which + // the server was running. + checkPrimariesThrow(id); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + + srv.start(FAKE_PORT_TWO); + + // We should have picked up http://localhost:8889 as our primary location now + // that we've restarted. + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, FAKE_PORT_TWO); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + Assert.ok(id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + + // Now we're going to see what happens when we shut down with a primary + // location that wasn't a default. That location should persist, and the + // default we remove should still not be present. + id.setPrimary("http", "example.com", FAKE_PORT_TWO); + Assert.ok(id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + Assert.ok(id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + + id.remove("http", "localhost", FAKE_PORT_TWO); + Assert.ok(id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + id.remove("http", "127.0.0.1", FAKE_PORT_TWO); + Assert.ok(id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + await new Promise(resolve => srv.stop(resolve)); +}); + +add_task(async function run_test_3() { + dump("*** run_test_3"); + + // Only the default added location disappears; any others stay around, + // possibly as the primary location. We may have removed the default primary + // location, but the one we set manually should persist here. + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "example.com"); + Assert.equal(id.primaryPort, FAKE_PORT_TWO); + Assert.ok(id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + + srv.start(PORT); + + // Starting always adds HTTP entries for 127.0.0.1:port and localhost:port. + Assert.ok(id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + Assert.ok(id.has("http", "localhost", PORT)); + Assert.ok(id.has("http", "127.0.0.1", PORT)); + + // Remove the primary location we'd left set from last time. + id.remove("http", "example.com", FAKE_PORT_TWO); + + // Default-port behavior testing requires the server responds to requests + // claiming to be on one such port. + id.add("http", "localhost", 80); + + // Make sure we don't have anything lying around from running on either the + // first or the second port -- all we should have is our generated default, + // plus the additional port to test "portless" hostport variants. + Assert.ok(id.has("http", "localhost", 80)); + Assert.equal(id.primaryScheme, "http"); + Assert.equal(id.primaryHost, "localhost"); + Assert.equal(id.primaryPort, PORT); + Assert.ok(id.has("http", "localhost", PORT)); + Assert.ok(id.has("http", "127.0.0.1", PORT)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_ONE)); + Assert.ok(!id.has("http", "example.com", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "localhost", FAKE_PORT_TWO)); + Assert.ok(!id.has("http", "127.0.0.1", FAKE_PORT_TWO)); + + // Okay, finally done with identity testing. Our primary location is the one + // we want it to be, so we're off! + await new Promise(resolve => + runRawTests(tests, resolve, idx => dump(`running test no ${idx}`)) + ); + + // Finally shut down the server. + await new Promise(resolve => srv.stop(resolve)); +}); + +/** ******************* + * UTILITY FUNCTIONS * + *********************/ + +/** + * Verifies that all .primary* getters on a server identity correctly throw + * NS_ERROR_NOT_INITIALIZED. + * + * @param aId : nsIHttpServerIdentity + * the server identity to test + */ +function checkPrimariesThrow(aId) { + let threw = false; + try { + aId.primaryScheme; + } catch (e) { + threw = e.result === Cr.NS_ERROR_NOT_INITIALIZED; + } + Assert.ok(threw); + + threw = false; + try { + aId.primaryHost; + } catch (e) { + threw = e.result === Cr.NS_ERROR_NOT_INITIALIZED; + } + Assert.ok(threw); + + threw = false; + try { + aId.primaryPort; + } catch (e) { + threw = e.result === Cr.NS_ERROR_NOT_INITIALIZED; + } + Assert.ok(threw); +} + +/** + * Utility function to check for a 400 response. + */ +function check400(aData) { + let iter = LineIterator(aData); + + // Status-Line + let { value: firstLine } = iter.next(); + Assert.equal(firstLine.substring(0, HTTP_400_LEADER_LENGTH), HTTP_400_LEADER); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +const HTTP_400_LEADER = "HTTP/1.1 400 "; +const HTTP_400_LEADER_LENGTH = HTTP_400_LEADER.length; + +var test, data; +var tests = []; + +// HTTP/1.0 request, to ensure we see our default scheme/host/port + +function http10Request(request, response) { + writeDetails(request, response); + response.setStatusLine("1.0", 200, "TEST PASSED"); +} +data = "GET /http/1.0-request HTTP/1.0\r\n\r\n"; +function check10(aData) { + let iter = LineIterator(aData); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.0 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + let body = [ + "Method: GET", + "Path: /http/1.0-request", + "Query: ", + "Version: 1.0", + "Scheme: http", + "Host: localhost", + "Port: 4444", + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, data, check10); +tests.push(test); + +// HTTP/1.1 request, no Host header, expect a 400 response + +// eslint-disable-next-line no-useless-concat +data = "GET /http/1.1-request HTTP/1.1\r\n" + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, wrong host, expect a 400 response + +data = + // eslint-disable-next-line no-useless-concat + "GET /http/1.1-request HTTP/1.1\r\n" + "Host: not-localhost\r\n" + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, wrong host/right port, expect a 400 response + +data = + "GET /http/1.1-request HTTP/1.1\r\n" + + "Host: not-localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, Host header has host but no port, expect a 400 response + +// eslint-disable-next-line no-useless-concat +data = "GET /http/1.1-request HTTP/1.1\r\n" + "Host: 127.0.0.1\r\n" + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, Request-URI has wrong port, expect a 400 response + +data = + "GET http://127.0.0.1/http/1.1-request HTTP/1.1\r\n" + + "Host: 127.0.0.1\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, Request-URI has wrong port, expect a 400 response + +data = + "GET http://localhost:31337/http/1.1-request HTTP/1.1\r\n" + + "Host: localhost:31337\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, Request-URI has wrong scheme, expect a 400 response + +data = + "GET https://localhost:4444/http/1.1-request HTTP/1.1\r\n" + + "Host: localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, correct Host header, expect handler's response + +function http11goodHost(request, response) { + writeDetails(request, response); + response.setStatusLine("1.1", 200, "TEST PASSED"); +} +data = + // eslint-disable-next-line no-useless-concat + "GET /http/1.1-good-host HTTP/1.1\r\n" + "Host: localhost:4444\r\n" + "\r\n"; +function check11goodHost(aData) { + let iter = LineIterator(aData); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + let body = [ + "Method: GET", + "Path: /http/1.1-good-host", + "Query: ", + "Version: 1.1", + "Scheme: http", + "Host: localhost", + "Port: 4444", + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, data, check11goodHost); +tests.push(test); + +// HTTP/1.1 request, Host header is secondary identity + +function http11ipHost(request, response) { + writeDetails(request, response); + response.setStatusLine("1.1", 200, "TEST PASSED"); +} +data = + // eslint-disable-next-line no-useless-concat + "GET /http/1.1-ip-host HTTP/1.1\r\n" + "Host: 127.0.0.1:4444\r\n" + "\r\n"; +function check11ipHost(aData) { + let iter = LineIterator(aData); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + let body = [ + "Method: GET", + "Path: /http/1.1-ip-host", + "Query: ", + "Version: 1.1", + "Scheme: http", + "Host: 127.0.0.1", + "Port: 4444", + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, data, check11ipHost); +tests.push(test); + +// HTTP/1.1 request, absolute path, accurate Host header + +// reusing previous request handler so not defining a new one + +data = + "GET http://localhost:4444/http/1.1-good-host HTTP/1.1\r\n" + + "Host: localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHost); +tests.push(test); + +// HTTP/1.1 request, absolute path, inaccurate Host header + +// reusing previous request handler so not defining a new one + +data = + "GET http://localhost:4444/http/1.1-good-host HTTP/1.1\r\n" + + "Host: localhost:1234\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHost); +tests.push(test); + +// HTTP/1.1 request, absolute path, different inaccurate Host header + +// reusing previous request handler so not defining a new one + +data = + "GET http://localhost:4444/http/1.1-good-host HTTP/1.1\r\n" + + "Host: not-localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHost); +tests.push(test); + +// HTTP/1.1 request, absolute path, yet another inaccurate Host header + +// reusing previous request handler so not defining a new one + +data = + "GET http://localhost:4444/http/1.1-good-host HTTP/1.1\r\n" + + "Host: yippity-skippity\r\n" + + "\r\n"; +function checkInaccurate(aData) { + check11goodHost(aData); + + // dynamism setup + srv.identity.setPrimary("http", "127.0.0.1", 4444); +} +test = new RawTest("localhost", PORT, data, checkInaccurate); +tests.push(test); + +// HTTP/1.0 request, absolute path, different inaccurate Host header + +// reusing previous request handler so not defining a new one + +data = + "GET /http/1.0-request HTTP/1.0\r\n" + + "Host: not-localhost:4444\r\n" + + "\r\n"; +function check10ip(aData) { + let iter = LineIterator(aData); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.0 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + let body = [ + "Method: GET", + "Path: /http/1.0-request", + "Query: ", + "Version: 1.0", + "Scheme: http", + "Host: 127.0.0.1", + "Port: 4444", + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, data, check10ip); +tests.push(test); + +// HTTP/1.1 request, Host header with implied port + +function http11goodHostWackyPort(request, response) { + writeDetails(request, response); + response.setStatusLine("1.1", 200, "TEST PASSED"); +} +data = + "GET /http/1.1-good-host-wacky-port HTTP/1.1\r\n" + + "Host: localhost\r\n" + + "\r\n"; +function check11goodHostWackyPort(aData) { + let iter = LineIterator(aData); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + let body = [ + "Method: GET", + "Path: /http/1.1-good-host-wacky-port", + "Query: ", + "Version: 1.1", + "Scheme: http", + "Host: localhost", + "Port: 80", + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, data, check11goodHostWackyPort); +tests.push(test); + +// HTTP/1.1 request, Host header with wacky implied port + +data = + "GET /http/1.1-good-host-wacky-port HTTP/1.1\r\n" + + "Host: localhost:\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHostWackyPort); +tests.push(test); + +// HTTP/1.1 request, absolute URI with implied port + +data = + "GET http://localhost/http/1.1-good-host-wacky-port HTTP/1.1\r\n" + + "Host: localhost\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHostWackyPort); +tests.push(test); + +// HTTP/1.1 request, absolute URI with wacky implied port + +data = + "GET http://localhost:/http/1.1-good-host-wacky-port HTTP/1.1\r\n" + + "Host: localhost\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHostWackyPort); +tests.push(test); + +// HTTP/1.1 request, absolute URI with explicit implied port, ignored Host + +data = + "GET http://localhost:80/http/1.1-good-host-wacky-port HTTP/1.1\r\n" + + "Host: who-cares\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHostWackyPort); +tests.push(test); + +// HTTP/1.1 request, a malformed Request-URI + +data = + "GET is-this-the-real-life-is-this-just-fantasy HTTP/1.1\r\n" + + "Host: localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, a malformed Host header + +// eslint-disable-next-line no-useless-concat +data = "GET /http/1.1-request HTTP/1.1\r\n" + "Host: la la la\r\n" + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, a malformed Host header but absolute URI, 5.2 sez fine + +data = + "GET http://localhost:4444/http/1.1-good-host HTTP/1.1\r\n" + + "Host: la la la\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check11goodHost); +tests.push(test); + +// HTTP/1.0 request, absolute URI, but those aren't valid in HTTP/1.0 + +data = + "GET http://localhost:4444/http/1.1-request HTTP/1.0\r\n" + + "Host: localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, absolute URI with unrecognized host + +data = + "GET http://not-localhost:4444/http/1.1-request HTTP/1.1\r\n" + + "Host: not-localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); + +// HTTP/1.1 request, absolute URI with unrecognized host (but not in Host) + +data = + "GET http://not-localhost:4444/http/1.1-request HTTP/1.1\r\n" + + "Host: localhost:4444\r\n" + + "\r\n"; +test = new RawTest("localhost", PORT, data, check400); +tests.push(test); diff --git a/netwerk/test/httpserver/test/test_host_identity.js b/netwerk/test/httpserver/test/test_host_identity.js new file mode 100644 index 0000000000..1a1662d8cf --- /dev/null +++ b/netwerk/test/httpserver/test/test_host_identity.js @@ -0,0 +1,115 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Tests that the server accepts requests to custom host names. + * This is commonly used in tests that map custom host names to the server via + * a proxy e.g. by XPCShellContentUtils.createHttpServer. + */ + +var srv = createServer(); +srv.start(-1); +registerCleanupFunction(() => new Promise(resolve => srv.stop(resolve))); +const PORT = srv.identity.primaryPort; +srv.registerPathHandler("/dump-request", dumpRequestLines); + +function dumpRequestLines(request, response) { + writeDetails(request, response); + response.setStatusLine(request.httpVersion, 200, "TEST PASSED"); +} + +function makeRawRequest(requestLinePath, hostHeader) { + return `GET ${requestLinePath} HTTP/1.1\r\nHost: ${hostHeader}\r\n\r\n`; +} + +function verifyResponseHostPort(data, query, expectedHost, expectedPort) { + var iter = LineIterator(data); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + var body = [ + "Method: GET", + "Path: /dump-request", + "Query: " + query, + "Version: 1.1", + "Scheme: http", + "Host: " + expectedHost, + "Port: " + expectedPort, + ]; + + expectLines(iter, body); +} + +function runIdentityTest(host, port) { + srv.identity.add("http", host, port); + + function checkAbsoluteRequestURI(data) { + verifyResponseHostPort(data, "absolute", host, port); + } + function checkHostHeader(data) { + verifyResponseHostPort(data, "relative", host, port); + } + + let tests = []; + let test, data; + let hostport = `${host}:${port}`; + data = makeRawRequest(`http://${hostport}/dump-request?absolute`, hostport); + test = new RawTest("localhost", PORT, data, checkAbsoluteRequestURI); + tests.push(test); + + data = makeRawRequest("/dump-request?relative", hostport); + test = new RawTest("localhost", PORT, data, checkHostHeader); + tests.push(test); + return new Promise(resolve => { + runRawTests(tests, resolve); + }); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +add_task(async function test_basic_example_com() { + await runIdentityTest("example.com", 1234); + await runIdentityTest("example.com", 5432); +}); + +add_task(async function test_fully_qualified_domain_name_aka_fqdn() { + await runIdentityTest("fully-qualified-domain-name.", 1234); +}); + +add_task(async function test_ipv4() { + await runIdentityTest("1.2.3.4", 1234); +}); + +add_task(async function test_ipv6() { + Assert.throws( + () => srv.identity.add("http", "[notipv6]", 1234), + /NS_ERROR_ILLEGAL_VALUE/, + "should reject invalid host, clearly not bracketed IPv6" + ); + Assert.throws( + () => srv.identity.add("http", "[::127.0.0.1]", 1234), + /NS_ERROR_ILLEGAL_VALUE/, + "should reject non-canonical IPv6" + ); + await runIdentityTest("[::123]", 1234); + await runIdentityTest("[1:2:3:a:b:c:d:abcd]", 1234); +}); + +add_task(async function test_internationalized_domain_name() { + Assert.throws( + () => srv.identity.add("http", "δοκιμή", 1234), + /NS_ERROR_ILLEGAL_VALUE/, + "should reject IDN not in punycode" + ); + + await runIdentityTest("xn--jxalpdlp", 1234); +}); diff --git a/netwerk/test/httpserver/test/test_linedata.js b/netwerk/test/httpserver/test/test_linedata.js new file mode 100644 index 0000000000..83fed3e8c0 --- /dev/null +++ b/netwerk/test/httpserver/test/test_linedata.js @@ -0,0 +1,22 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- + */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// test that the LineData internal data structure works correctly + +const CR = 0x0d; +const LF = 0x0a; + +function run_test() { + var data = new LineData(); + data.appendBytes(["a".charCodeAt(0), CR]); + + var out = { value: "" }; + Assert.ok(!data.readLine(out)); + + data.appendBytes([LF]); + Assert.ok(data.readLine(out)); + Assert.equal(out.value, "a"); +} diff --git a/netwerk/test/httpserver/test/test_load_module.js b/netwerk/test/httpserver/test/test_load_module.js new file mode 100644 index 0000000000..38c2ca4170 --- /dev/null +++ b/netwerk/test/httpserver/test/test_load_module.js @@ -0,0 +1,18 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +/** + * Ensure httpd.js can be imported as a module and that a server starts. + */ +function run_test() { + const { HttpServer } = ChromeUtils.importESModule( + "resource://testing-common/httpd.sys.mjs" + ); + + let server = new HttpServer(); + server.start(-1); + + do_test_pending(); + + server.stop(do_test_finished); +} diff --git a/netwerk/test/httpserver/test/test_name_scheme.js b/netwerk/test/httpserver/test/test_name_scheme.js new file mode 100644 index 0000000000..4f9fefe159 --- /dev/null +++ b/netwerk/test/httpserver/test/test_name_scheme.js @@ -0,0 +1,91 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// requests for files ending with a caret (^) are handled specially to enable +// htaccess-like functionality without the need to explicitly disable display +// of such files + +var srv; + +ChromeUtils.defineLazyGetter(this, "PREFIX", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(PREFIX + "/bar.html^", null, start_bar_html_, null), + new Test(PREFIX + "/foo.html^", null, start_foo_html_, null), + new Test(PREFIX + "/normal-file.txt", null, start_normal_file_txt, null), + new Test(PREFIX + "/folder^/file.txt", null, start_folder__file_txt, null), + + new Test(PREFIX + "/foo/bar.html^", null, start_bar_html_, null), + new Test(PREFIX + "/foo/foo.html^", null, start_foo_html_, null), + new Test( + PREFIX + "/foo/normal-file.txt", + null, + start_normal_file_txt, + null + ), + new Test( + PREFIX + "/foo/folder^/file.txt", + null, + start_folder__file_txt, + null + ), + + new Test(PREFIX + "/end-caret^/bar.html^", null, start_bar_html_, null), + new Test(PREFIX + "/end-caret^/foo.html^", null, start_foo_html_, null), + new Test( + PREFIX + "/end-caret^/normal-file.txt", + null, + start_normal_file_txt, + null + ), + new Test( + PREFIX + "/end-caret^/folder^/file.txt", + null, + start_folder__file_txt, + null + ), + ]; +}); + +function run_test() { + srv = createServer(); + + // make sure underscores work in directories "mounted" in directories with + // folders starting with _ + var nameDir = do_get_file("data/name-scheme/"); + srv.registerDirectory("/", nameDir); + srv.registerDirectory("/foo/", nameDir); + srv.registerDirectory("/end-caret^/", nameDir); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function start_bar_html_(ch) { + Assert.equal(ch.responseStatus, 200); + + Assert.equal(ch.getResponseHeader("Content-Type"), "text/html"); +} + +function start_foo_html_(ch) { + Assert.equal(ch.responseStatus, 404); +} + +function start_normal_file_txt(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); +} + +function start_folder__file_txt(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.getResponseHeader("Content-Type"), "text/plain"); +} diff --git a/netwerk/test/httpserver/test/test_processasync.js b/netwerk/test/httpserver/test/test_processasync.js new file mode 100644 index 0000000000..321c9b086f --- /dev/null +++ b/netwerk/test/httpserver/test/test_processasync.js @@ -0,0 +1,272 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests for correct behavior of asynchronous responses. + */ + +ChromeUtils.defineLazyGetter(this, "PREPATH", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +var srv; + +function run_test() { + srv = createServer(); + for (var path in handlers) { + srv.registerPathHandler(path, handlers[path]); + } + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(PREPATH + "/handleSync", null, start_handleSync, null), + new Test( + PREPATH + "/handleAsync1", + null, + start_handleAsync1, + stop_handleAsync1 + ), + new Test( + PREPATH + "/handleAsync2", + init_handleAsync2, + start_handleAsync2, + stop_handleAsync2 + ), + new Test( + PREPATH + "/handleAsyncOrdering", + null, + null, + stop_handleAsyncOrdering + ), + ]; +}); + +var handlers = {}; + +function handleSync(request, response) { + response.setStatusLine(request.httpVersion, 500, "handleSync fail"); + + try { + response.finish(); + do_throw("finish called on sync response"); + } catch (e) { + isException(e, Cr.NS_ERROR_UNEXPECTED); + } + + response.setStatusLine(request.httpVersion, 200, "handleSync pass"); +} +handlers["/handleSync"] = handleSync; + +function start_handleSync(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "handleSync pass"); +} + +function handleAsync1(request, response) { + response.setStatusLine(request.httpVersion, 500, "Old status line!"); + response.setHeader("X-Foo", "old value", false); + + response.processAsync(); + + response.setStatusLine(request.httpVersion, 200, "New status line!"); + response.setHeader("X-Foo", "new value", false); + + response.finish(); + + try { + response.setStatusLine(request.httpVersion, 500, "Too late!"); + do_throw("late setStatusLine didn't throw"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.setHeader("X-Foo", "late value", false); + do_throw("late setHeader didn't throw"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.bodyOutputStream; + do_throw("late bodyOutputStream get didn't throw"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.write("fugly"); + do_throw("late write() didn't throw"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } +} +handlers["/handleAsync1"] = handleAsync1; + +function start_handleAsync1(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "New status line!"); + Assert.equal(ch.getResponseHeader("X-Foo"), "new value"); +} + +function stop_handleAsync1(ch, status, data) { + Assert.equal(data.length, 0); +} + +const startToHeaderDelay = 500; +const startToFinishedDelay = 750; + +function handleAsync2(request, response) { + response.processAsync(); + + response.setStatusLine(request.httpVersion, 200, "Status line"); + response.setHeader("X-Custom-Header", "value", false); + + callLater(startToHeaderDelay, function () { + var preBody = "BO"; + response.bodyOutputStream.write(preBody, preBody.length); + + try { + response.setStatusLine(request.httpVersion, 500, "after body write"); + do_throw("setStatusLine succeeded"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.setHeader("X-Custom-Header", "new 1", false); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + callLater(startToFinishedDelay - startToHeaderDelay, function () { + var postBody = "DY"; + response.bodyOutputStream.write(postBody, postBody.length); + + response.finish(); + response.finish(); // idempotency + + try { + response.setStatusLine(request.httpVersion, 500, "after finish"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.setHeader("X-Custom-Header", "new 2", false); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + try { + response.write("EVIL"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + }); + }); +} +handlers["/handleAsync2"] = handleAsync2; + +var startTime_handleAsync2; + +function init_handleAsync2(ch) { + var now = (startTime_handleAsync2 = Date.now()); + dumpn("*** init_HandleAsync2: start time " + now); +} + +function start_handleAsync2(ch) { + var now = Date.now(); + dumpn( + "*** start_handleAsync2: onStartRequest time " + + now + + ", " + + (now - startTime_handleAsync2) + + "ms after start time" + ); + Assert.ok(now >= startTime_handleAsync2 + startToHeaderDelay); + + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "Status line"); + Assert.equal(ch.getResponseHeader("X-Custom-Header"), "value"); +} + +function stop_handleAsync2(ch, status, data) { + var now = Date.now(); + dumpn( + "*** stop_handleAsync2: onStopRequest time " + + now + + ", " + + (now - startTime_handleAsync2) + + "ms after header time" + ); + Assert.ok(now >= startTime_handleAsync2 + startToFinishedDelay); + + Assert.equal(String.fromCharCode.apply(null, data), "BODY"); +} + +/* + * Tests that accessing output stream *before* calling processAsync() works + * correctly, sending written data immediately as it is written, not buffering + * until finish() is called -- which for this much data would mean we would all + * but certainly deadlock, since we're trying to read/write all this data in one + * process on a single thread. + */ +function handleAsyncOrdering(request, response) { + var out = new BinaryOutputStream(response.bodyOutputStream); + + var data = []; + for (var i = 0; i < 65536; i++) { + data[i] = 0; + } + var count = 20; + + var writeData = { + run() { + if (count-- === 0) { + response.finish(); + return; + } + + try { + out.writeByteArray(data); + step(); + } catch (e) { + try { + do_throw("error writing data: " + e); + } finally { + response.finish(); + } + } + }, + }; + function step() { + // Use gThreadManager here because it's expedient, *not* because it's + // intended for public use! If you do this in client code, expect me to + // knowingly break your code by changing the variable name. :-P + Services.tm.dispatchToMainThread(writeData); + } + step(); + response.processAsync(); +} +handlers["/handleAsyncOrdering"] = handleAsyncOrdering; + +function stop_handleAsyncOrdering(ch, status, data) { + Assert.equal(data.length, 20 * 65536); + data.forEach(function (v, index) { + if (v !== 0) { + do_throw("value " + v + " at index " + index + " should be zero"); + } + }); +} diff --git a/netwerk/test/httpserver/test/test_qi.js b/netwerk/test/httpserver/test/test_qi.js new file mode 100644 index 0000000000..e88e53119e --- /dev/null +++ b/netwerk/test/httpserver/test/test_qi.js @@ -0,0 +1,107 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +/* eslint-disable no-control-regex */ + +/* + * Verify the presence of explicit QueryInterface methods on XPCOM objects + * exposed by httpd.js, rather than allowing QueryInterface to be implicitly + * created by XPConnect. + */ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/test", + null, + start_test, + null + ), + new Test( + "http://localhost:" + srv.identity.primaryPort + "/sjs/qi.sjs", + null, + start_sjs_qi, + null + ), + ]; +}); + +var srv; + +function run_test() { + srv = createServer(); + + try { + srv.identity.QueryInterface(Ci.nsIHttpServerIdentity); + } catch (e) { + var exstr = ("" + e).split(/[\x09\x20-\x7f\x81-\xff]+/)[0]; + do_throw("server identity didn't QI: " + exstr); + return; + } + + srv.registerPathHandler("/test", testHandler); + srv.registerDirectory("/", do_get_file("data/")); + srv.registerContentType("sjs", "sjs"); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function start_test(ch) { + Assert.equal(ch.responseStatusText, "QI Tests Passed"); + Assert.equal(ch.responseStatus, 200); +} + +function start_sjs_qi(ch) { + Assert.equal(ch.responseStatusText, "SJS QI Tests Passed"); + Assert.equal(ch.responseStatus, 200); +} + +function testHandler(request, response) { + var exstr; + var qid; + + response.setStatusLine(request.httpVersion, 500, "FAIL"); + + var passed = false; + try { + qid = request.QueryInterface(Ci.nsIHttpRequest); + passed = qid === request; + } catch (e) { + exstr = ("" + e).split(/[\x09\x20-\x7f\x81-\xff]+/)[0]; + response.setStatusLine( + request.httpVersion, + 500, + "request doesn't QI: " + exstr + ); + return; + } + if (!passed) { + response.setStatusLine(request.httpVersion, 500, "request QI'd wrongly?"); + return; + } + + passed = false; + try { + qid = response.QueryInterface(Ci.nsIHttpResponse); + passed = qid === response; + } catch (e) { + exstr = ("" + e).split(/[\x09\x20-\x7f\x81-\xff]+/)[0]; + response.setStatusLine( + request.httpVersion, + 500, + "response doesn't QI: " + exstr + ); + return; + } + if (!passed) { + response.setStatusLine(request.httpVersion, 500, "response QI'd wrongly?"); + return; + } + + response.setStatusLine(request.httpVersion, 200, "QI Tests Passed"); +} diff --git a/netwerk/test/httpserver/test/test_registerdirectory.js b/netwerk/test/httpserver/test/test_registerdirectory.js new file mode 100644 index 0000000000..84bb032efc --- /dev/null +++ b/netwerk/test/httpserver/test/test_registerdirectory.js @@ -0,0 +1,278 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests the registerDirectory API + +ChromeUtils.defineLazyGetter(this, "BASE", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +function nocache(ch) { + ch.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; // important! +} + +function notFound(ch) { + Assert.equal(ch.responseStatus, 404); + Assert.ok(!ch.requestSucceeded); +} + +function checkOverride(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "OK"); + Assert.ok(ch.requestSucceeded); + Assert.equal(ch.getResponseHeader("Override-Succeeded"), "yes"); +} + +function check200(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "OK"); +} + +function checkFile(ch, status, data) { + Assert.equal(ch.responseStatus, 200); + Assert.ok(ch.requestSucceeded); + + var actualFile = serverBasePath.clone(); + actualFile.append("test_registerdirectory.js"); + Assert.equal( + ch.getResponseHeader("Content-Length"), + actualFile.fileSize.toString() + ); + Assert.equal( + data.map(v => String.fromCharCode(v)).join(""), + fileContents(actualFile) + ); +} + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + /** ********************* + * without a base path * + ***********************/ + new Test(BASE + "/test_registerdirectory.js", nocache, notFound, null), + + /** ****************** + * with a base path * + ********************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + serverBasePath = testsDirectory.clone(); + srv.registerDirectory("/", serverBasePath); + }, + null, + checkFile + ), + + /** *************************** + * without a base path again * + *****************************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + serverBasePath = null; + srv.registerDirectory("/", serverBasePath); + }, + notFound, + null + ), + + /** ************************* + * registered path handler * + ***************************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerPathHandler( + "/test_registerdirectory.js", + override_test_registerdirectory + ); + }, + checkOverride, + null + ), + + /** ********************** + * removed path handler * + ************************/ + new Test( + BASE + "/test_registerdirectory.js", + function init_registerDirectory6(ch) { + nocache(ch); + srv.registerPathHandler("/test_registerdirectory.js", null); + }, + notFound, + null + ), + + /** ****************** + * with a base path * + ********************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + + // set the base path again + serverBasePath = testsDirectory.clone(); + srv.registerDirectory("/", serverBasePath); + }, + null, + checkFile + ), + + /** *********************** + * ...and a path handler * + *************************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerPathHandler( + "/test_registerdirectory.js", + override_test_registerdirectory + ); + }, + checkOverride, + null + ), + + /** ********************** + * removed base handler * + ************************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + serverBasePath = null; + srv.registerDirectory("/", serverBasePath); + }, + checkOverride, + null + ), + + /** ********************** + * removed path handler * + ************************/ + new Test( + BASE + "/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerPathHandler("/test_registerdirectory.js", null); + }, + notFound, + null + ), + + /** *********************** + * mapping set up, works * + *************************/ + new Test( + BASE + "/foo/test_registerdirectory.js", + function (ch) { + nocache(ch); + serverBasePath = testsDirectory.clone(); + srv.registerDirectory("/foo/", serverBasePath); + }, + check200, + null + ), + + /** ******************* + * no mapping, fails * + *********************/ + new Test( + BASE + "/foo/test_registerdirectory.js/test_registerdirectory.js", + nocache, + notFound, + null + ), + + /** **************** + * mapping, works * + ******************/ + new Test( + BASE + "/foo/test_registerdirectory.js/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerDirectory( + "/foo/test_registerdirectory.js/", + serverBasePath + ); + }, + null, + checkFile + ), + + /** ********************************** + * two mappings set up, still works * + ************************************/ + new Test(BASE + "/foo/test_registerdirectory.js", nocache, null, checkFile), + + /** ************************ + * remove topmost mapping * + **************************/ + new Test( + BASE + "/foo/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerDirectory("/foo/", null); + }, + notFound, + null + ), + + /** ************************************ + * lower mapping still present, works * + **************************************/ + new Test( + BASE + "/foo/test_registerdirectory.js/test_registerdirectory.js", + nocache, + null, + checkFile + ), + + /** ***************** + * mapping removed * + *******************/ + new Test( + BASE + "/foo/test_registerdirectory.js/test_registerdirectory.js", + function (ch) { + nocache(ch); + srv.registerDirectory("/foo/test_registerdirectory.js/", null); + }, + notFound, + null + ), + ]; +}); + +var srv; +var serverBasePath; +var testsDirectory; + +function run_test() { + testsDirectory = do_get_cwd(); + + srv = createServer(); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// PATH HANDLERS + +// override of /test_registerdirectory.js +function override_test_registerdirectory(metadata, response) { + response.setStatusLine("1.1", 200, "OK"); + response.setHeader("Override-Succeeded", "yes", false); + + var body = "success!"; + response.bodyOutputStream.write(body, body.length); +} diff --git a/netwerk/test/httpserver/test/test_registerfile.js b/netwerk/test/httpserver/test/test_registerfile.js new file mode 100644 index 0000000000..9b93d62b07 --- /dev/null +++ b/netwerk/test/httpserver/test/test_registerfile.js @@ -0,0 +1,44 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests the registerFile API + +ChromeUtils.defineLazyGetter(this, "BASE", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +var file = do_get_file("test_registerfile.js"); + +function onStart(ch) { + Assert.equal(ch.responseStatus, 200); +} + +function onStop(ch, status, data) { + // not sufficient for equality, but not likely to be wrong! + Assert.equal(data.length, file.fileSize); +} + +ChromeUtils.defineLazyGetter(this, "test", function () { + return new Test(BASE + "/foo", null, onStart, onStop); +}); + +var srv; + +function run_test() { + srv = createServer(); + + try { + srv.registerFile("/foo", do_get_profile()); + throw new Error("registerFile succeeded!"); + } catch (e) { + isException(e, Cr.NS_ERROR_INVALID_ARG); + } + + srv.registerFile("/foo", file); + srv.start(-1); + + runHttpTests([test], testComplete(srv)); +} diff --git a/netwerk/test/httpserver/test/test_registerprefix.js b/netwerk/test/httpserver/test/test_registerprefix.js new file mode 100644 index 0000000000..5edb75225c --- /dev/null +++ b/netwerk/test/httpserver/test/test_registerprefix.js @@ -0,0 +1,130 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests the registerPrefixHandler API + +ChromeUtils.defineLazyGetter(this, "BASE", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +function nocache(ch) { + ch.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; // important! +} + +function notFound(ch) { + Assert.equal(ch.responseStatus, 404); + Assert.ok(!ch.requestSucceeded); +} + +function makeCheckOverride(magic) { + return function checkOverride(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.equal(ch.responseStatusText, "OK"); + Assert.ok(ch.requestSucceeded); + Assert.equal(ch.getResponseHeader("Override-Succeeded"), magic); + }; +} + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + BASE + "/prefix/dummy", + prefixHandler, + null, + makeCheckOverride("prefix") + ), + new Test( + BASE + "/prefix/dummy", + pathHandler, + null, + makeCheckOverride("path") + ), + new Test( + BASE + "/prefix/subpath/dummy", + longerPrefixHandler, + null, + makeCheckOverride("subpath") + ), + new Test(BASE + "/prefix/dummy", removeHandlers, null, notFound), + new Test( + BASE + "/prefix/subpath/dummy", + newPrefixHandler, + null, + makeCheckOverride("subpath") + ), + ]; +}); + +/** ************************* + * registered prefix handler * + ***************************/ + +function prefixHandler(channel) { + nocache(channel); + srv.registerPrefixHandler("/prefix/", makeOverride("prefix")); +} + +/** ****************************** + * registered path handler on top * + ********************************/ + +function pathHandler(channel) { + nocache(channel); + srv.registerPathHandler("/prefix/dummy", makeOverride("path")); +} + +/** ******************************** + * registered longer prefix handler * + **********************************/ + +function longerPrefixHandler(channel) { + nocache(channel); + srv.registerPrefixHandler("/prefix/subpath/", makeOverride("subpath")); +} + +/** ********************** + * removed prefix handler * + ************************/ + +function removeHandlers(channel) { + nocache(channel); + srv.registerPrefixHandler("/prefix/", null); + srv.registerPathHandler("/prefix/dummy", null); +} + +/** *************************** + * re-register shorter handler * + *****************************/ + +function newPrefixHandler(channel) { + nocache(channel); + srv.registerPrefixHandler("/prefix/", makeOverride("prefix")); +} + +var srv; + +function run_test() { + // Ensure the profile exists. + do_get_profile(); + + srv = createServer(); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// PATH HANDLERS + +// generate an override +function makeOverride(magic) { + return function override(metadata, response) { + response.setStatusLine("1.1", 200, "OK"); + response.setHeader("Override-Succeeded", magic, false); + + var body = "success!"; + response.bodyOutputStream.write(body, body.length); + }; +} diff --git a/netwerk/test/httpserver/test/test_request_line_split_in_two_packets.js b/netwerk/test/httpserver/test/test_request_line_split_in_two_packets.js new file mode 100644 index 0000000000..b1d7a7d071 --- /dev/null +++ b/netwerk/test/httpserver/test/test_request_line_split_in_two_packets.js @@ -0,0 +1,137 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Tests that even when an incoming request's data for the Request-Line doesn't + * all fit in a single onInputStreamReady notification, the request is handled + * properly. + */ + +var srv = createServer(); +srv.start(-1); +const PORT = srv.identity.primaryPort; + +function run_test() { + srv.registerPathHandler( + "/lots-of-leading-blank-lines", + lotsOfLeadingBlankLines + ); + srv.registerPathHandler("/very-long-request-line", veryLongRequestLine); + + runRawTests(tests, testComplete(srv)); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +var test, gData, str; +var tests = []; + +function veryLongRequestLine(request, response) { + writeDetails(request, response); + response.setStatusLine(request.httpVersion, 200, "TEST PASSED"); +} + +var reallyLong = "0123456789ABCDEF0123456789ABCDEF"; // 32 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 128 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 512 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 2048 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 8192 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 32768 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 131072 +reallyLong = reallyLong + reallyLong + reallyLong + reallyLong; // 524288 +if (reallyLong.length !== 524288) { + throw new TypeError("generated length not as long as expected"); +} +str = + "GET /very-long-request-line?" + + reallyLong + + " HTTP/1.1\r\n" + + "Host: localhost:" + + PORT + + "\r\n" + + "\r\n"; +gData = []; +for (let i = 0; i < str.length; i += 16384) { + gData.push(str.substr(i, 16384)); +} + +function checkVeryLongRequestLine(data) { + var iter = LineIterator(data); + + print("data length: " + data.length); + print("iter object: " + iter); + + // Status-Line + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + var body = [ + "Method: GET", + "Path: /very-long-request-line", + "Query: " + reallyLong, + "Version: 1.1", + "Scheme: http", + "Host: localhost", + "Port: " + PORT, + ]; + + expectLines(iter, body); +} +test = new RawTest("localhost", PORT, gData, checkVeryLongRequestLine); +tests.push(test); + +function lotsOfLeadingBlankLines(request, response) { + writeDetails(request, response); + response.setStatusLine(request.httpVersion, 200, "TEST PASSED"); +} + +var blankLines = "\r\n"; +for (let i = 0; i < 14; i++) { + blankLines += blankLines; +} +str = + blankLines + + "GET /lots-of-leading-blank-lines HTTP/1.1\r\n" + + "Host: localhost:" + + PORT + + "\r\n" + + "\r\n"; +gData = []; +for (let i = 0; i < str.length; i += 100) { + gData.push(str.substr(i, 100)); +} + +function checkLotsOfLeadingBlankLines(data) { + var iter = LineIterator(data); + + // Status-Line + print("data length: " + data.length); + print("iter object: " + iter); + + Assert.equal(iter.next().value, "HTTP/1.1 200 TEST PASSED"); + + skipHeaders(iter); + + // Okay, next line must be the data we expected to be written + var body = [ + "Method: GET", + "Path: /lots-of-leading-blank-lines", + "Query: ", + "Version: 1.1", + "Scheme: http", + "Host: localhost", + "Port: " + PORT, + ]; + + expectLines(iter, body); +} + +test = new RawTest("localhost", PORT, gData, checkLotsOfLeadingBlankLines); +tests.push(test); diff --git a/netwerk/test/httpserver/test/test_response_write.js b/netwerk/test/httpserver/test/test_response_write.js new file mode 100644 index 0000000000..7f5837419e --- /dev/null +++ b/netwerk/test/httpserver/test/test_response_write.js @@ -0,0 +1,57 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// make sure response.write works for strings, and coerces other args to strings + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + "http://localhost:" + srv.identity.primaryPort + "/writeString", + null, + check_1234, + succeeded + ), + new Test( + "http://localhost:" + srv.identity.primaryPort + "/writeInt", + null, + check_1234, + succeeded + ), + ]; +}); + +var srv; + +function run_test() { + srv = createServer(); + + srv.registerPathHandler("/writeString", writeString); + srv.registerPathHandler("/writeInt", writeInt); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +// TEST DATA + +function succeeded(ch, status, data) { + Assert.ok(Components.isSuccessCode(status)); + Assert.equal(data.map(v => String.fromCharCode(v)).join(""), "1234"); +} + +function check_1234(ch) { + Assert.equal(ch.getResponseHeader("Content-Length"), "4"); +} + +// PATH HANDLERS + +function writeString(metadata, response) { + response.write("1234"); +} + +function writeInt(metadata, response) { + response.write(1234); +} diff --git a/netwerk/test/httpserver/test/test_seizepower.js b/netwerk/test/httpserver/test/test_seizepower.js new file mode 100644 index 0000000000..a74054ea37 --- /dev/null +++ b/netwerk/test/httpserver/test/test_seizepower.js @@ -0,0 +1,180 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests that the seizePower API works correctly. + */ + +ChromeUtils.defineLazyGetter(this, "PORT", function () { + return srv.identity.primaryPort; +}); + +var srv; + +function run_test() { + Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true); + srv = createServer(); + + srv.registerPathHandler("/raw-data", handleRawData); + srv.registerPathHandler("/called-too-late", handleTooLate); + srv.registerPathHandler("/exceptions", handleExceptions); + srv.registerPathHandler("/async-seizure", handleAsyncSeizure); + srv.registerPathHandler("/seize-after-async", handleSeizeAfterAsync); + + srv.start(-1); + + runRawTests(tests, function () { + Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost"); + testComplete(srv)(); + }); +} + +function checkException(fun, err, msg) { + try { + fun(); + } catch (e) { + if (e !== err && e.result !== err) { + do_throw(msg); + } + return; + } + do_throw(msg); +} + +/** *************** + * PATH HANDLERS * + *****************/ + +function handleRawData(request, response) { + response.seizePower(); + response.write("Raw data!"); + response.finish(); +} + +function handleTooLate(request, response) { + response.write("DO NOT WANT"); + var output = response.bodyOutputStream; + + response.seizePower(); + + if (response.bodyOutputStream !== output) { + response.write("bodyOutputStream changed!"); + } else { + response.write("too-late passed"); + } + response.finish(); +} + +function handleExceptions(request, response) { + response.seizePower(); + checkException( + function () { + response.setStatusLine("1.0", 500, "ISE"); + }, + Cr.NS_ERROR_NOT_AVAILABLE, + "setStatusLine should throw not-available after seizePower" + ); + checkException( + function () { + response.setHeader("X-Fail", "FAIL", false); + }, + Cr.NS_ERROR_NOT_AVAILABLE, + "setHeader should throw not-available after seizePower" + ); + checkException( + function () { + response.processAsync(); + }, + Cr.NS_ERROR_NOT_AVAILABLE, + "processAsync should throw not-available after seizePower" + ); + var out = response.bodyOutputStream; + var data = "exceptions test passed"; + out.write(data, data.length); + response.seizePower(); // idempotency test of seizePower + response.finish(); + response.finish(); // idempotency test of finish after seizePower + checkException( + function () { + response.seizePower(); + }, + Cr.NS_ERROR_UNEXPECTED, + "seizePower should throw unexpected after finish" + ); +} + +function handleAsyncSeizure(request, response) { + response.seizePower(); + callLater(1, function () { + response.write("async seizure passed"); + response.bodyOutputStream.close(); + callLater(1, function () { + response.finish(); + }); + }); +} + +function handleSeizeAfterAsync(request, response) { + response.setStatusLine(request.httpVersion, 200, "async seizure pass"); + response.processAsync(); + checkException( + function () { + response.seizePower(); + }, + Cr.NS_ERROR_NOT_AVAILABLE, + "seizePower should throw not-available after processAsync" + ); + callLater(1, function () { + response.finish(); + }); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new RawTest("localhost", PORT, data0, checkRawData), + new RawTest("localhost", PORT, data1, checkTooLate), + new RawTest("localhost", PORT, data2, checkExceptions), + new RawTest("localhost", PORT, data3, checkAsyncSeizure), + new RawTest("localhost", PORT, data4, checkSeizeAfterAsync), + ]; +}); + +// eslint-disable-next-line no-useless-concat +var data0 = "GET /raw-data HTTP/1.0\r\n" + "\r\n"; +function checkRawData(data) { + Assert.equal(data, "Raw data!"); +} + +// eslint-disable-next-line no-useless-concat +var data1 = "GET /called-too-late HTTP/1.0\r\n" + "\r\n"; +function checkTooLate(data) { + Assert.equal(LineIterator(data).next().value, "too-late passed"); +} + +// eslint-disable-next-line no-useless-concat +var data2 = "GET /exceptions HTTP/1.0\r\n" + "\r\n"; +function checkExceptions(data) { + Assert.equal("exceptions test passed", data); +} + +// eslint-disable-next-line no-useless-concat +var data3 = "GET /async-seizure HTTP/1.0\r\n" + "\r\n"; +function checkAsyncSeizure(data) { + Assert.equal(data, "async seizure passed"); +} + +// eslint-disable-next-line no-useless-concat +var data4 = "GET /seize-after-async HTTP/1.0\r\n" + "\r\n"; +function checkSeizeAfterAsync(data) { + Assert.equal( + LineIterator(data).next().value, + "HTTP/1.0 200 async seizure pass" + ); +} diff --git a/netwerk/test/httpserver/test/test_setindexhandler.js b/netwerk/test/httpserver/test/test_setindexhandler.js new file mode 100644 index 0000000000..e65f565673 --- /dev/null +++ b/netwerk/test/httpserver/test/test_setindexhandler.js @@ -0,0 +1,60 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Make sure setIndexHandler works as expected + +var srv, serverBasePath; + +function run_test() { + srv = createServer(); + serverBasePath = do_get_profile(); + srv.registerDirectory("/", serverBasePath); + srv.setIndexHandler(myIndexHandler); + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +ChromeUtils.defineLazyGetter(this, "URL", function () { + return "http://localhost:" + srv.identity.primaryPort + "/"; +}); + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(URL, init, startCustomIndexHandler, stopCustomIndexHandler), + new Test(URL, init, startDefaultIndexHandler, stopDefaultIndexHandler), + ]; +}); + +function init(ch) { + ch.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; // important! +} +function startCustomIndexHandler(ch) { + Assert.equal(ch.getResponseHeader("Content-Length"), "10"); + srv.setIndexHandler(null); +} +function stopCustomIndexHandler(ch, status, data) { + Assert.ok(Components.isSuccessCode(status)); + Assert.equal(String.fromCharCode.apply(null, data), "directory!"); +} + +function startDefaultIndexHandler(ch) { + Assert.equal(ch.responseStatus, 200); +} +function stopDefaultIndexHandler(ch, status, data) { + Assert.ok(Components.isSuccessCode(status)); +} + +// PATH HANDLERS + +function myIndexHandler(metadata, response) { + var dir = metadata.getProperty("directory"); + Assert.ok(dir != null); + Assert.ok(dir instanceof Ci.nsIFile); + Assert.ok(dir.equals(serverBasePath)); + + response.write("directory!"); +} diff --git a/netwerk/test/httpserver/test/test_setstatusline.js b/netwerk/test/httpserver/test/test_setstatusline.js new file mode 100644 index 0000000000..f9cc189a68 --- /dev/null +++ b/netwerk/test/httpserver/test/test_setstatusline.js @@ -0,0 +1,142 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// exercise nsIHttpResponse.setStatusLine, ensure its atomicity, and ensure the +// specified behavior occurs if it's not called + +ChromeUtils.defineLazyGetter(this, "URL", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +var srv; + +function run_test() { + srv = createServer(); + + srv.registerPathHandler("/no/setstatusline", noSetstatusline); + srv.registerPathHandler("/http1_0", http1_0); + srv.registerPathHandler("/http1_1", http1_1); + srv.registerPathHandler("/invalidVersion", invalidVersion); + srv.registerPathHandler("/invalidStatus", invalidStatus); + srv.registerPathHandler("/invalidDescription", invalidDescription); + srv.registerPathHandler("/crazyCode", crazyCode); + srv.registerPathHandler("/nullVersion", nullVersion); + + srv.start(-1); + + runHttpTests(tests, testComplete(srv)); +} + +/** *********** + * UTILITIES * + *************/ + +function checkStatusLine( + channel, + httpMaxVer, + httpMinVer, + httpCode, + statusText +) { + Assert.equal(channel.responseStatus, httpCode); + Assert.equal(channel.responseStatusText, statusText); + + var respMaj = {}, + respMin = {}; + channel.getResponseVersion(respMaj, respMin); + Assert.equal(respMaj.value, httpMaxVer); + Assert.equal(respMin.value, httpMinVer); +} + +/** ******* + * TESTS * + *********/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test(URL + "/no/setstatusline", null, startNoSetStatusLine, stop), + new Test(URL + "/http1_0", null, startHttp1_0, stop), + new Test(URL + "/http1_1", null, startHttp1_1, stop), + new Test(URL + "/invalidVersion", null, startPassedTrue, stop), + new Test(URL + "/invalidStatus", null, startPassedTrue, stop), + new Test(URL + "/invalidDescription", null, startPassedTrue, stop), + new Test(URL + "/crazyCode", null, startCrazy, stop), + new Test(URL + "/nullVersion", null, startNullVersion, stop), + ]; +}); + +// /no/setstatusline +function noSetstatusline(metadata, response) {} +function startNoSetStatusLine(ch) { + checkStatusLine(ch, 1, 1, 200, "OK"); +} +function stop(ch, status, data) { + Assert.ok(Components.isSuccessCode(status)); +} + +// /http1_0 +function http1_0(metadata, response) { + response.setStatusLine("1.0", 200, "OK"); +} +function startHttp1_0(ch) { + checkStatusLine(ch, 1, 0, 200, "OK"); +} + +// /http1_1 +function http1_1(metadata, response) { + response.setStatusLine("1.1", 200, "OK"); +} +function startHttp1_1(ch) { + checkStatusLine(ch, 1, 1, 200, "OK"); +} + +// /invalidVersion +function invalidVersion(metadata, response) { + try { + response.setStatusLine(" 1.0", 200, "FAILED"); + } catch (e) { + response.setHeader("Passed", "true", false); + } +} +function startPassedTrue(ch) { + checkStatusLine(ch, 1, 1, 200, "OK"); + Assert.equal(ch.getResponseHeader("Passed"), "true"); +} + +// /invalidStatus +function invalidStatus(metadata, response) { + try { + response.setStatusLine("1.0", 1000, "FAILED"); + } catch (e) { + response.setHeader("Passed", "true", false); + } +} + +// /invalidDescription +function invalidDescription(metadata, response) { + try { + response.setStatusLine("1.0", 200, "FAILED\x01"); + } catch (e) { + response.setHeader("Passed", "true", false); + } +} + +// /crazyCode +function crazyCode(metadata, response) { + response.setStatusLine("1.1", 617, "Crazy"); +} +function startCrazy(ch) { + checkStatusLine(ch, 1, 1, 617, "Crazy"); +} + +// /nullVersion +function nullVersion(metadata, response) { + response.setStatusLine(null, 255, "NULL"); +} +function startNullVersion(ch) { + // currently, this server implementation defaults to 1.1 + checkStatusLine(ch, 1, 1, 255, "NULL"); +} diff --git a/netwerk/test/httpserver/test/test_sjs.js b/netwerk/test/httpserver/test/test_sjs.js new file mode 100644 index 0000000000..51d92ec4e0 --- /dev/null +++ b/netwerk/test/httpserver/test/test_sjs.js @@ -0,0 +1,243 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// tests support for server JS-generated pages + +var srv = createServer(); + +var sjs = do_get_file("data/sjs/cgi.sjs"); +// NB: The server has no state at this point -- all state is set up and torn +// down in the tests, because we run the same tests twice with only a +// different query string on the requests, followed by the oddball +// test that doesn't care about throwing or not. +srv.start(-1); +const PORT = srv.identity.primaryPort; + +const BASE = "http://localhost:" + PORT; +var test; +var tests = []; + +/** ******************* + * UTILITY FUNCTIONS * + *********************/ + +function bytesToString(bytes) { + return bytes + .map(function (v) { + return String.fromCharCode(v); + }) + .join(""); +} + +function skipCache(ch) { + ch.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE; +} + +/** ****************** + * DEFINE THE TESTS * + ********************/ + +/** + * Adds the set of tests defined in here, differentiating between tests with a + * SJS which throws an exception and creates a server error and tests with a + * normal, successful SJS. + */ +function setupTests(throwing) { + const TEST_URL = BASE + "/cgi.sjs" + (throwing ? "?throw" : ""); + + // registerFile with SJS => raw text + + function setupFile(ch) { + srv.registerFile("/cgi.sjs", sjs); + skipCache(ch); + } + + function verifyRawText(channel, status, bytes) { + dumpn(channel.originalURI.spec); + Assert.equal(bytesToString(bytes), fileContents(sjs)); + } + + test = new Test(TEST_URL, setupFile, null, verifyRawText); + tests.push(test); + + // add mapping, => interpreted + + function addTypeMapping(ch) { + srv.registerContentType("sjs", "sjs"); + skipCache(ch); + } + + function checkType(ch) { + if (throwing) { + Assert.ok(!ch.requestSucceeded); + Assert.equal(ch.responseStatus, 500); + } else { + Assert.equal(ch.contentType, "text/plain"); + } + } + + function checkContents(ch, status, data) { + if (!throwing) { + Assert.equal("PASS", bytesToString(data)); + } + } + + test = new Test(TEST_URL, addTypeMapping, checkType, checkContents); + tests.push(test); + + // remove file/type mapping, map containing directory => raw text + + function setupDirectoryAndRemoveType(ch) { + dumpn("removing type mapping"); + srv.registerContentType("sjs", null); + srv.registerFile("/cgi.sjs", null); + srv.registerDirectory("/", sjs.parent); + skipCache(ch); + } + + test = new Test(TEST_URL, setupDirectoryAndRemoveType, null, verifyRawText); + tests.push(test); + + // add mapping, => interpreted + + function contentAndCleanup(ch, status, data) { + checkContents(ch, status, data); + + // clean up state we've set up + srv.registerDirectory("/", null); + srv.registerContentType("sjs", null); + } + + test = new Test(TEST_URL, addTypeMapping, checkType, contentAndCleanup); + tests.push(test); + + // NB: No remaining state in the server right now! If we have any here, + // either the second run of tests (without ?throw) or the tests added + // after the two sets will almost certainly fail. +} + +/** *************** + * ADD THE TESTS * + *****************/ + +setupTests(true); +setupTests(false); + +// Test that when extension-mappings are used, the entire filename cannot be +// treated as an extension -- there must be at least one dot for a filename to +// match an extension. + +function init(ch) { + // clean up state we've set up + srv.registerDirectory("/", sjs.parent); + srv.registerContentType("sjs", "sjs"); + skipCache(ch); +} + +function checkNotSJS(ch, status, data) { + Assert.notEqual("FAIL", bytesToString(data)); +} + +test = new Test(BASE + "/sjs", init, null, checkNotSJS); +tests.push(test); + +// Test that Range requests are passed through to the SJS file without +// bounds checking. + +function rangeInit(expectedRangeHeader) { + return function setupRangeRequest(ch) { + ch.setRequestHeader("Range", expectedRangeHeader, false); + }; +} + +function checkRangeResult(ch) { + try { + var val = ch.getResponseHeader("Content-Range"); + } catch (e) { + /* IDL doesn't specify a particular exception to require */ + } + if (val !== undefined) { + do_throw( + "should not have gotten a Content-Range header, but got one " + + "with this value: " + + val + ); + } + Assert.equal(200, ch.responseStatus); + Assert.equal("OK", ch.responseStatusText); +} + +test = new Test( + BASE + "/range-checker.sjs", + rangeInit("not-a-bytes-equals-specifier"), + checkRangeResult, + null +); +tests.push(test); +test = new Test( + BASE + "/range-checker.sjs", + rangeInit("bytes=-"), + checkRangeResult, + null +); +tests.push(test); +test = new Test( + BASE + "/range-checker.sjs", + rangeInit("bytes=1000000-"), + checkRangeResult, + null +); +tests.push(test); +test = new Test( + BASE + "/range-checker.sjs", + rangeInit("bytes=1-4"), + checkRangeResult, + null +); +tests.push(test); +test = new Test( + BASE + "/range-checker.sjs", + rangeInit("bytes=-4"), + checkRangeResult, + null +); +tests.push(test); + +// One last test: for file mappings, the content-type is determined by the +// extension of the file on the server, not by the extension of the requested +// path. + +function setupFileMapping(ch) { + srv.registerFile("/script.html", sjs); +} + +function onStart(ch) { + Assert.equal(ch.contentType, "text/plain"); +} + +function onStop(ch, status, data) { + Assert.equal("PASS", bytesToString(data)); +} + +test = new Test(BASE + "/script.html", setupFileMapping, onStart, onStop); +tests.push(test); + +/** *************** + * RUN THE TESTS * + *****************/ + +function run_test() { + // Test for a content-type which isn't a field-value + try { + srv.registerContentType("foo", "bar\nbaz"); + throw new Error( + "this server throws on content-types which aren't field-values" + ); + } catch (e) { + isException(e, Cr.NS_ERROR_INVALID_ARG); + } + runHttpTests(tests, testComplete(srv)); +} diff --git a/netwerk/test/httpserver/test/test_sjs_object_state.js b/netwerk/test/httpserver/test/test_sjs_object_state.js new file mode 100644 index 0000000000..30c1e5c064 --- /dev/null +++ b/netwerk/test/httpserver/test/test_sjs_object_state.js @@ -0,0 +1,305 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests that the object-state-preservation mechanism works correctly. + */ + +ChromeUtils.defineLazyGetter(this, "PATH", function () { + return "http://localhost:" + srv.identity.primaryPort + "/object-state.sjs"; +}); + +var srv; + +function run_test() { + srv = createServer(); + var sjsDir = do_get_file("data/sjs/"); + srv.registerDirectory("/", sjsDir); + srv.registerContentType("sjs", "sjs"); + srv.start(-1); + + do_test_pending(); + + new HTTPTestLoader(PATH + "?state=initial", initialStart, initialStop); +} + +/** ****************** + * OBSERVER METHODS * + ********************/ + +/* + * In practice the current implementation will guarantee an exact ordering of + * all start and stop callbacks. However, in the interests of robustness, this + * test will pass given any valid ordering of callbacks. Any ordering of calls + * which obeys the partial ordering shown by this directed acyclic graph will be + * handled correctly: + * + * initialStart + * | + * V + * intermediateStart + * | + * V + * intermediateStop + * | \ + * | V + * | initialStop + * V + * triggerStart + * | + * V + * triggerStop + * + */ + +var initialStarted = false; +function initialStart(ch) { + dumpn("*** initialStart"); + + if (initialStarted) { + do_throw("initialStart: initialStarted is true?!?!"); + } + + initialStarted = true; + + new HTTPTestLoader( + PATH + "?state=intermediate", + intermediateStart, + intermediateStop + ); +} + +var initialStopped = false; +function initialStop(ch, status, data) { + dumpn("*** initialStop"); + + Assert.equal( + data + .map(function (v) { + return String.fromCharCode(v); + }) + .join(""), + "done" + ); + + Assert.equal(srv.getObjectState("object-state-test"), null); + + if (!initialStarted) { + do_throw("initialStop: initialStarted is false?!?!"); + } + if (initialStopped) { + do_throw("initialStop: initialStopped is true?!?!"); + } + if (!intermediateStarted) { + do_throw("initialStop: intermediateStarted is false?!?!"); + } + if (!intermediateStopped) { + do_throw("initialStop: intermediateStopped is false?!?!"); + } + + initialStopped = true; + + checkForFinish(); +} + +var intermediateStarted = false; +function intermediateStart(ch) { + dumpn("*** intermediateStart"); + + Assert.notEqual(srv.getObjectState("object-state-test"), null); + + if (!initialStarted) { + do_throw("intermediateStart: initialStarted is false?!?!"); + } + if (intermediateStarted) { + do_throw("intermediateStart: intermediateStarted is true?!?!"); + } + + intermediateStarted = true; +} + +var intermediateStopped = false; +function intermediateStop(ch, status, data) { + dumpn("*** intermediateStop"); + + Assert.equal( + data + .map(function (v) { + return String.fromCharCode(v); + }) + .join(""), + "intermediate" + ); + + Assert.notEqual(srv.getObjectState("object-state-test"), null); + + if (!initialStarted) { + do_throw("intermediateStop: initialStarted is false?!?!"); + } + if (!intermediateStarted) { + do_throw("intermediateStop: intermediateStarted is false?!?!"); + } + if (intermediateStopped) { + do_throw("intermediateStop: intermediateStopped is true?!?!"); + } + + intermediateStopped = true; + + new HTTPTestLoader(PATH + "?state=trigger", triggerStart, triggerStop); +} + +var triggerStarted = false; +function triggerStart(ch) { + dumpn("*** triggerStart"); + + if (!initialStarted) { + do_throw("triggerStart: initialStarted is false?!?!"); + } + if (!intermediateStarted) { + do_throw("triggerStart: intermediateStarted is false?!?!"); + } + if (!intermediateStopped) { + do_throw("triggerStart: intermediateStopped is false?!?!"); + } + if (triggerStarted) { + do_throw("triggerStart: triggerStarted is true?!?!"); + } + + triggerStarted = true; +} + +var triggerStopped = false; +function triggerStop(ch, status, data) { + dumpn("*** triggerStop"); + + Assert.equal( + data + .map(function (v) { + return String.fromCharCode(v); + }) + .join(""), + "trigger" + ); + + if (!initialStarted) { + do_throw("triggerStop: initialStarted is false?!?!"); + } + if (!intermediateStarted) { + do_throw("triggerStop: intermediateStarted is false?!?!"); + } + if (!intermediateStopped) { + do_throw("triggerStop: intermediateStopped is false?!?!"); + } + if (!triggerStarted) { + do_throw("triggerStop: triggerStarted is false?!?!"); + } + if (triggerStopped) { + do_throw("triggerStop: triggerStopped is false?!?!"); + } + + triggerStopped = true; + + checkForFinish(); +} + +var finished = false; +function checkForFinish() { + if (finished) { + try { + do_throw("uh-oh, how are we being finished twice?!?!"); + } finally { + // eslint-disable-next-line no-undef + quit(1); + } + } + + if (triggerStopped && initialStopped) { + finished = true; + try { + Assert.equal(srv.getObjectState("object-state-test"), null); + + if (!initialStarted) { + do_throw("checkForFinish: initialStarted is false?!?!"); + } + if (!intermediateStarted) { + do_throw("checkForFinish: intermediateStarted is false?!?!"); + } + if (!intermediateStopped) { + do_throw("checkForFinish: intermediateStopped is false?!?!"); + } + if (!triggerStarted) { + do_throw("checkForFinish: triggerStarted is false?!?!"); + } + } finally { + srv.stop(do_test_finished); + } + } +} + +/** ******************************* + * UTILITY OBSERVABLE URL LOADER * + *********************************/ + +/** Stream listener for the channels. */ +function HTTPTestLoader(path, start, stop) { + /** Path to load. */ + this._path = path; + + /** Array of bytes of data in body of response. */ + this._data = []; + + /** onStartRequest callback. */ + this._start = start; + + /** onStopRequest callback. */ + this._stop = stop; + + var channel = makeChannel(path); + channel.asyncOpen(this); +} +HTTPTestLoader.prototype = { + onStartRequest(request) { + dumpn("*** HTTPTestLoader.onStartRequest for " + this._path); + + var ch = request + .QueryInterface(Ci.nsIHttpChannel) + .QueryInterface(Ci.nsIHttpChannelInternal); + + try { + try { + this._start(ch); + } catch (e) { + do_throw(this._path + ": error in onStartRequest: " + e); + } + } catch (e) { + dumpn( + "!!! swallowing onStartRequest exception so onStopRequest is " + + "called..." + ); + } + }, + onDataAvailable(request, inputStream, offset, count) { + dumpn("*** HTTPTestLoader.onDataAvailable for " + this._path); + + Array.prototype.push.apply( + this._data, + makeBIS(inputStream).readByteArray(count) + ); + }, + onStopRequest(request, status) { + dumpn("*** HTTPTestLoader.onStopRequest for " + this._path); + + var ch = request + .QueryInterface(Ci.nsIHttpChannel) + .QueryInterface(Ci.nsIHttpChannelInternal); + + this._stop(ch, status, this._data); + }, + QueryInterface: ChromeUtils.generateQI([ + "nsIStreamListener", + "nsIRequestObserver", + ]), +}; diff --git a/netwerk/test/httpserver/test/test_sjs_state.js b/netwerk/test/httpserver/test/test_sjs_state.js new file mode 100644 index 0000000000..4d1fc37930 --- /dev/null +++ b/netwerk/test/httpserver/test/test_sjs_state.js @@ -0,0 +1,203 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// exercises the server's state-preservation API + +ChromeUtils.defineLazyGetter(this, "URL", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +var srv; + +function run_test() { + srv = createServer(); + var sjsDir = do_get_file("data/sjs/"); + srv.registerDirectory("/", sjsDir); + srv.registerContentType("sjs", "sjs"); + srv.registerPathHandler("/path-handler", pathHandler); + srv.start(-1); + + function done() { + Assert.equal(srv.getSharedState("shared-value"), "done!"); + Assert.equal( + srv.getState("/path-handler", "private-value"), + "pathHandlerPrivate2" + ); + Assert.equal(srv.getState("/state1.sjs", "private-value"), ""); + Assert.equal(srv.getState("/state2.sjs", "private-value"), "newPrivate5"); + do_test_pending(); + srv.stop(function () { + do_test_finished(); + }); + } + + runHttpTests(tests, done); +} + +/** ********** + * HANDLERS * + ************/ + +var firstTime = true; + +function pathHandler(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + + response.setHeader( + "X-Old-Shared-Value", + srv.getSharedState("shared-value"), + false + ); + response.setHeader( + "X-Old-Private-Value", + srv.getState("/path-handler", "private-value"), + false + ); + + var privateValue, sharedValue; + if (firstTime) { + firstTime = false; + privateValue = "pathHandlerPrivate"; + sharedValue = "pathHandlerShared"; + } else { + privateValue = "pathHandlerPrivate2"; + sharedValue = ""; + } + + srv.setState("/path-handler", "private-value", privateValue); + srv.setSharedState("shared-value", sharedValue); + + response.setHeader("X-New-Private-Value", privateValue, false); + response.setHeader("X-New-Shared-Value", sharedValue, false); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +ChromeUtils.defineLazyGetter(this, "tests", function () { + return [ + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state1.sjs?" + "newShared=newShared&newPrivate=newPrivate", + null, + start_initial, + null + ), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state1.sjs?" + "newShared=newShared2&newPrivate=newPrivate2", + null, + start_overwrite, + null + ), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state1.sjs?" + "newShared=&newPrivate=newPrivate3", + null, + start_remove, + null + ), + new Test(URL + "/path-handler", null, start_handler, null), + new Test(URL + "/path-handler", null, start_handler_again, null), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state2.sjs?" + "newShared=newShared4&newPrivate=newPrivate4", + null, + start_other_initial, + null + ), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state2.sjs?" + "newShared=", + null, + start_other_remove_ignore, + null + ), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state2.sjs?" + "newShared=newShared5&newPrivate=newPrivate5", + null, + start_other_set_new, + null + ), + new Test( + // eslint-disable-next-line no-useless-concat + URL + "/state1.sjs?" + "newShared=done!&newPrivate=", + null, + start_set_remove_original, + null + ), + ]; +}); + +/* Hack around bug 474845 for now. */ +function getHeaderFunction(ch) { + function getHeader(name) { + try { + return ch.getResponseHeader(name); + } catch (e) { + if (e.result !== Cr.NS_ERROR_NOT_AVAILABLE) { + throw e; + } + } + return ""; + } + return getHeader; +} + +function expectValues(ch, oldShared, newShared, oldPrivate, newPrivate) { + var getHeader = getHeaderFunction(ch); + + Assert.equal(ch.responseStatus, 200); + Assert.equal(getHeader("X-Old-Shared-Value"), oldShared); + Assert.equal(getHeader("X-New-Shared-Value"), newShared); + Assert.equal(getHeader("X-Old-Private-Value"), oldPrivate); + Assert.equal(getHeader("X-New-Private-Value"), newPrivate); +} + +function start_initial(ch) { + dumpn("XXX start_initial"); + expectValues(ch, "", "newShared", "", "newPrivate"); +} + +function start_overwrite(ch) { + expectValues(ch, "newShared", "newShared2", "newPrivate", "newPrivate2"); +} + +function start_remove(ch) { + expectValues(ch, "newShared2", "", "newPrivate2", "newPrivate3"); +} + +function start_handler(ch) { + expectValues(ch, "", "pathHandlerShared", "", "pathHandlerPrivate"); +} + +function start_handler_again(ch) { + expectValues( + ch, + "pathHandlerShared", + "", + "pathHandlerPrivate", + "pathHandlerPrivate2" + ); +} + +function start_other_initial(ch) { + expectValues(ch, "", "newShared4", "", "newPrivate4"); +} + +function start_other_remove_ignore(ch) { + expectValues(ch, "newShared4", "", "newPrivate4", ""); +} + +function start_other_set_new(ch) { + expectValues(ch, "", "newShared5", "newPrivate4", "newPrivate5"); +} + +function start_set_remove_original(ch) { + expectValues(ch, "newShared5", "done!", "newPrivate3", ""); +} diff --git a/netwerk/test/httpserver/test/test_sjs_throwing_exceptions.js b/netwerk/test/httpserver/test/test_sjs_throwing_exceptions.js new file mode 100644 index 0000000000..8610dcb7fb --- /dev/null +++ b/netwerk/test/httpserver/test/test_sjs_throwing_exceptions.js @@ -0,0 +1,73 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests that running an SJS a whole lot of times doesn't have any ill effects + * (like exceeding open-file limits due to not closing the SJS file each time, + * then preventing any file from being opened). + */ + +ChromeUtils.defineLazyGetter(this, "URL", function () { + return "http://localhost:" + srv.identity.primaryPort; +}); + +var srv; + +function run_test() { + srv = createServer(); + var sjsDir = do_get_file("data/sjs/"); + srv.registerDirectory("/", sjsDir); + srv.registerContentType("sjs", "sjs"); + srv.start(-1); + + function done() { + do_test_pending(); + srv.stop(function () { + do_test_finished(); + }); + Assert.equal(gStartCount, TEST_RUNS); + Assert.ok(lastPassed); + } + + runHttpTests(tests, done); +} + +/** ************* + * BEGIN TESTS * + ***************/ + +var gStartCount = 0; +var lastPassed = false; + +// This hits the open-file limit for me on OS X; your mileage may vary. +const TEST_RUNS = 250; + +ChromeUtils.defineLazyGetter(this, "tests", function () { + var _tests = new Array(TEST_RUNS + 1); + var _test = new Test(URL + "/thrower.sjs?throw", null, start_thrower); + for (var i = 0; i < TEST_RUNS; i++) { + _tests[i] = _test; + } + // ...and don't forget to stop! + _tests[TEST_RUNS] = new Test(URL + "/thrower.sjs", null, start_last); + return _tests; +}); + +function start_thrower(ch) { + Assert.equal(ch.responseStatus, 500); + Assert.ok(!ch.requestSucceeded); + + gStartCount++; +} + +function start_last(ch) { + Assert.equal(ch.responseStatus, 200); + Assert.ok(ch.requestSucceeded); + + Assert.equal(ch.getResponseHeader("X-Test-Status"), "PASS"); + + lastPassed = true; +} diff --git a/netwerk/test/httpserver/test/test_start_stop.js b/netwerk/test/httpserver/test/test_start_stop.js new file mode 100644 index 0000000000..9dcd7c673a --- /dev/null +++ b/netwerk/test/httpserver/test/test_start_stop.js @@ -0,0 +1,166 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests for correct behavior of the server start() and stop() methods. + */ + +ChromeUtils.defineLazyGetter(this, "PORT", function () { + return srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "PREPATH", function () { + return "http://localhost:" + PORT; +}); + +var srv, srv2; + +function run_test() { + if (mozinfo.os == "win") { + dumpn( + "*** not running test_start_stop.js on Windows for now, because " + + "Windows is dumb" + ); + return; + } + + dumpn("*** run_test"); + + srv = createServer(); + srv.start(-1); + + try { + srv.start(PORT); + do_throw("starting a started server"); + } catch (e) { + isException(e, Cr.NS_ERROR_ALREADY_INITIALIZED); + } + + do_test_pending(); + srv.stop(function () { + try { + do_test_pending(); + run_test_2(); + } finally { + do_test_finished(); + } + }); +} + +function run_test_2() { + dumpn("*** run_test_2"); + + do_test_finished(); + + srv.start(PORT); + srv2 = createServer(); + + try { + srv2.start(PORT); + do_throw("two servers on one port?"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + do_test_pending(); + try { + srv.stop({ + onStopped() { + try { + do_test_pending(); + run_test_3(); + } finally { + do_test_finished(); + } + }, + }); + } catch (e) { + do_throw("error stopping with an object: " + e); + } +} + +function run_test_3() { + dumpn("*** run_test_3"); + + do_test_finished(); + + srv.start(PORT); + + do_test_pending(); + try { + srv.stop().then(function () { + try { + do_test_pending(); + run_test_4(); + } finally { + do_test_finished(); + } + }); + } catch (e) { + do_throw("error stopping with an object: " + e); + } +} + +function run_test_4() { + dumpn("*** run_test_4"); + + do_test_finished(); + + srv.registerPathHandler("/handle", handle); + srv.start(PORT); + + // Don't rely on the exact (but implementation-constant) sequence of events + // as it currently exists by making either run_test_5 or serverStopped handle + // the final shutdown. + do_test_pending(); + + runHttpTests([new Test(PREPATH + "/handle")], run_test_5); +} + +var testsComplete = false; + +function run_test_5() { + dumpn("*** run_test_5"); + + testsComplete = true; + if (stopped) { + do_test_finished(); + } +} + +const INTERVAL = 500; + +function handle(request, response) { + response.processAsync(); + + dumpn("*** stopping server..."); + srv.stop(serverStopped); + + callLater(INTERVAL, function () { + Assert.ok(!stopped); + + callLater(INTERVAL, function () { + Assert.ok(!stopped); + response.finish(); + + try { + response.processAsync(); + do_throw("late processAsync didn't throw?"); + } catch (e) { + isException(e, Cr.NS_ERROR_UNEXPECTED); + } + }); + }); +} + +var stopped = false; +function serverStopped() { + dumpn("*** server really, fully shut down now"); + stopped = true; + if (testsComplete) { + do_test_finished(); + } +} diff --git a/netwerk/test/httpserver/test/test_start_stop_ipv6.js b/netwerk/test/httpserver/test/test_start_stop_ipv6.js new file mode 100644 index 0000000000..060605d0e3 --- /dev/null +++ b/netwerk/test/httpserver/test/test_start_stop_ipv6.js @@ -0,0 +1,166 @@ +/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */ +/* vim:set ts=2 sw=2 sts=2 et: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* + * Tests for correct behavior of the server start_ipv6() and stop() methods. + */ + +ChromeUtils.defineLazyGetter(this, "PORT", function () { + return srv.identity.primaryPort; +}); + +ChromeUtils.defineLazyGetter(this, "PREPATH", function () { + return "http://localhost:" + PORT; +}); + +var srv, srv2; + +function run_test() { + if (mozinfo.os == "win") { + dumpn( + "*** not running test_start_stop.js on Windows for now, because " + + "Windows is dumb" + ); + return; + } + + dumpn("*** run_test"); + + srv = createServer(); + srv.start_ipv6(-1); + + try { + srv.start_ipv6(PORT); + do_throw("starting a started server"); + } catch (e) { + isException(e, Cr.NS_ERROR_ALREADY_INITIALIZED); + } + + do_test_pending(); + srv.stop(function () { + try { + do_test_pending(); + run_test_2(); + } finally { + do_test_finished(); + } + }); +} + +function run_test_2() { + dumpn("*** run_test_2"); + + do_test_finished(); + + srv.start_ipv6(PORT); + srv2 = createServer(); + + try { + srv2.start_ipv6(PORT); + do_throw("two servers on one port?"); + } catch (e) { + isException(e, Cr.NS_ERROR_NOT_AVAILABLE); + } + + do_test_pending(); + try { + srv.stop({ + onStopped() { + try { + do_test_pending(); + run_test_3(); + } finally { + do_test_finished(); + } + }, + }); + } catch (e) { + do_throw("error stopping with an object: " + e); + } +} + +function run_test_3() { + dumpn("*** run_test_3"); + + do_test_finished(); + + srv.start_ipv6(PORT); + + do_test_pending(); + try { + srv.stop().then(function () { + try { + do_test_pending(); + run_test_4(); + } finally { + do_test_finished(); + } + }); + } catch (e) { + do_throw("error stopping with an object: " + e); + } +} + +function run_test_4() { + dumpn("*** run_test_4"); + + do_test_finished(); + + srv.registerPathHandler("/handle", handle); + srv.start_ipv6(PORT); + + // Don't rely on the exact (but implementation-constant) sequence of events + // as it currently exists by making either run_test_5 or serverStopped handle + // the final shutdown. + do_test_pending(); + + runHttpTests([new Test(PREPATH + "/handle")], run_test_5); +} + +var testsComplete = false; + +function run_test_5() { + dumpn("*** run_test_5"); + + testsComplete = true; + if (stopped) { + do_test_finished(); + } +} + +const INTERVAL = 500; + +function handle(request, response) { + response.processAsync(); + + dumpn("*** stopping server..."); + srv.stop(serverStopped); + + callLater(INTERVAL, function () { + Assert.ok(!stopped); + + callLater(INTERVAL, function () { + Assert.ok(!stopped); + response.finish(); + + try { + response.processAsync(); + do_throw("late processAsync didn't throw?"); + } catch (e) { + isException(e, Cr.NS_ERROR_UNEXPECTED); + } + }); + }); +} + +var stopped = false; +function serverStopped() { + dumpn("*** server really, fully shut down now"); + stopped = true; + if (testsComplete) { + do_test_finished(); + } +} diff --git a/netwerk/test/httpserver/test/xpcshell.toml b/netwerk/test/httpserver/test/xpcshell.toml new file mode 100644 index 0000000000..0a687e0363 --- /dev/null +++ b/netwerk/test/httpserver/test/xpcshell.toml @@ -0,0 +1,68 @@ +[DEFAULT] +head = "head_utils.js" +support-files = ["data/**"] + +["test_async_response_sending.js"] + +["test_basic_functionality.js"] + +["test_body_length.js"] + +["test_byte_range.js"] + +["test_cern_meta.js"] + +["test_default_index_handler.js"] + +["test_empty_body.js"] + +["test_errorhandler_exception.js"] + +["test_header_array.js"] + +["test_headers.js"] + +["test_host.js"] +skip-if = ["os == 'mac'"] +run-sequentially = "Reusing same server on different specific ports." + +["test_host_identity.js"] + +["test_linedata.js"] + +["test_load_module.js"] + +["test_name_scheme.js"] + +["test_processasync.js"] + +["test_qi.js"] + +["test_registerdirectory.js"] + +["test_registerfile.js"] + +["test_registerprefix.js"] + +["test_request_line_split_in_two_packets.js"] + +["test_response_write.js"] + +["test_seizepower.js"] +skip-if = ["os == 'mac' && socketprocess_networking"] + +["test_setindexhandler.js"] + +["test_setstatusline.js"] + +["test_sjs.js"] + +["test_sjs_object_state.js"] + +["test_sjs_state.js"] + +["test_sjs_throwing_exceptions.js"] + +["test_start_stop.js"] + +["test_start_stop_ipv6.js"] diff --git a/netwerk/test/marionette/manifest.toml b/netwerk/test/marionette/manifest.toml new file mode 100644 index 0000000000..9c6355f499 --- /dev/null +++ b/netwerk/test/marionette/manifest.toml @@ -0,0 +1,3 @@ +[DEFAULT] + +["test_purge_http_cache_at_shutdown.py"] diff --git a/netwerk/test/marionette/test_purge_http_cache_at_shutdown.py b/netwerk/test/marionette/test_purge_http_cache_at_shutdown.py new file mode 100644 index 0000000000..ee27e29e8d --- /dev/null +++ b/netwerk/test/marionette/test_purge_http_cache_at_shutdown.py @@ -0,0 +1,125 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +import os +from pathlib import Path + +from marionette_driver import Wait +from marionette_harness import MarionetteTestCase + + +class PurgeHTTPCacheAtShutdownTestCase(MarionetteTestCase): + def setUp(self): + super().setUp() + self.marionette.enforce_gecko_prefs( + { + "privacy.sanitize.sanitizeOnShutdown": True, + "privacy.clearOnShutdown.cache": True, + "network.cache.shutdown_purge_in_background_task": True, + } + ) + + self.profile_path = Path(self.marionette.profile_path) + self.cache_path = self.profile_path.joinpath("cache2") + + def tearDown(self): + self.marionette.cleanup() + super().tearDown() + + def cacheDirExists(self): + return self.cache_path.exists() + + def renamedDirExists(self): + return any( + child.name.endswith(".purge.bg_rm") for child in self.profile_path.iterdir() + ) + + def initLockDir(self): + self.lock_dir = None + with self.marionette.using_context("chrome"): + path = self.marionette.execute_script( + """ + return Services.dirsvc.get("UpdRootD", Ci.nsIFile).parent.parent.path; + """ + ) + self.lock_dir = Path(path) + + def assertNoLocks(self): + locks = [ + x + for x in self.lock_dir.iterdir() + if x.is_file() and "-cachePurge" in x.name + ] + self.assertEqual(locks, [], "All locks should have been removed") + + # Tests are run in lexicographical order, so test_a* is run first to + # cleanup locks that may be there from previous runs. + def test_asetup(self): + self.initLockDir() + + self.marionette.quit() + + Wait(self.marionette, timeout=60).until( + lambda _: not self.cacheDirExists() and not self.renamedDirExists(), + message="Cache directory must be removed after orderly shutdown", + ) + + # delete locks from previous runs + locks = [ + x + for x in self.lock_dir.iterdir() + if x.is_file() and "-cachePurge" in x.name + ] + for lock in locks: + os.remove(lock) + # all locks should have been removed successfully. + self.assertNoLocks() + + def test_ensure_cache_purge_after_in_app_quit(self): + self.assertTrue(self.cacheDirExists(), "Cache directory must exist") + self.initLockDir() + + self.marionette.quit() + + Wait(self.marionette, timeout=60).until( + lambda _: not self.cacheDirExists() and not self.renamedDirExists(), + message="Cache directory must be removed after orderly shutdown", + ) + + self.assertNoLocks() + + def test_longstanding_cache_purge_after_in_app_quit(self): + self.assertTrue(self.cacheDirExists(), "Cache directory must exist") + self.initLockDir() + + self.marionette.set_pref( + "toolkit.background_tasks.remove_directory.testing.sleep_ms", 5000 + ) + + self.marionette.quit() + + Wait(self.marionette, timeout=60).until( + lambda _: not self.cacheDirExists() and not self.renamedDirExists(), + message="Cache directory must be removed after orderly shutdown", + ) + + self.assertNoLocks() + + def test_ensure_cache_purge_after_forced_restart(self): + """ + Doing forced restart here to prevent the shutdown phase purging and only allow startup + phase one, via `CacheFileIOManager::OnDelayedStartupFinished`. + """ + self.profile_path.joinpath("foo.purge.bg_rm").mkdir() + self.initLockDir() + + self.marionette.restart(in_app=False) + + Wait(self.marionette, timeout=60).until( + lambda _: not self.renamedDirExists(), + message="Directories with .purge.bg_rm postfix must be removed at startup after" + "disorderly shutdown", + ) + + self.assertNoLocks() diff --git a/netwerk/test/mochitests/beltzner.jpg b/netwerk/test/mochitests/beltzner.jpg new file mode 100644 index 0000000000..75849bc40d Binary files /dev/null and b/netwerk/test/mochitests/beltzner.jpg differ diff --git a/netwerk/test/mochitests/beltzner.jpg^headers^ b/netwerk/test/mochitests/beltzner.jpg^headers^ new file mode 100644 index 0000000000..cb51f27018 --- /dev/null +++ b/netwerk/test/mochitests/beltzner.jpg^headers^ @@ -0,0 +1,3 @@ +Cache-Control: no-store +Set-Cookie: mike=beltzer + diff --git a/netwerk/test/mochitests/empty.html b/netwerk/test/mochitests/empty.html new file mode 100644 index 0000000000..e60f5abdf4 --- /dev/null +++ b/netwerk/test/mochitests/empty.html @@ -0,0 +1,16 @@ + + + + + + + + + + This page does nothing. If the loading page managed to load this, the test + probably succeeded. + + diff --git a/netwerk/test/mochitests/file_1331680.js b/netwerk/test/mochitests/file_1331680.js new file mode 100644 index 0000000000..868d6991ae --- /dev/null +++ b/netwerk/test/mochitests/file_1331680.js @@ -0,0 +1,24 @@ +/* eslint-env mozilla/chrome-script */ + +"use strict"; + +var observer = { + observe(subject, topic) { + if (topic == "cookie-changed") { + let notification = subject.QueryInterface(Ci.nsICookieNotification); + let cookie = notification.cookie.QueryInterface(Ci.nsICookie); + sendAsyncMessage("cookieName", cookie.name + "=" + cookie.value); + sendAsyncMessage("cookieOperation", notification.action); + } + }, +}; + +addMessageListener("createObserver", function (e) { + Services.obs.addObserver(observer, "cookie-changed"); + sendAsyncMessage("createObserver:return"); +}); + +addMessageListener("removeObserver", function (e) { + Services.obs.removeObserver(observer, "cookie-changed"); + sendAsyncMessage("removeObserver:return"); +}); diff --git a/netwerk/test/mochitests/file_1502055.sjs b/netwerk/test/mochitests/file_1502055.sjs new file mode 100644 index 0000000000..71a4ddfa66 --- /dev/null +++ b/netwerk/test/mochitests/file_1502055.sjs @@ -0,0 +1,17 @@ +function handleRequest(request, response) { + var count = parseInt(getState("count")); + if (!count) { + count = 0; + } + + if (count == 0) { + response.setStatusLine(request.httpVersion, "200", "OK"); + response.setHeader("Content-Type", "text/html", false); + response.write("Hello world!"); + setState("count", "1"); + return; + } + + response.setStatusLine(request.httpVersion, "304", "Not Modified"); + response.setHeader("Clear-Site-Data", '"storage"'); +} diff --git a/netwerk/test/mochitests/file_1503201.sjs b/netwerk/test/mochitests/file_1503201.sjs new file mode 100644 index 0000000000..ac5c304103 --- /dev/null +++ b/netwerk/test/mochitests/file_1503201.sjs @@ -0,0 +1,4 @@ +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, 401, "Unauthorized"); + response.setHeader("WWW-Authenticate", 'Bearer realm="foo"'); +} diff --git a/netwerk/test/mochitests/file_chromecommon.js b/netwerk/test/mochitests/file_chromecommon.js new file mode 100644 index 0000000000..986a9d7ef1 --- /dev/null +++ b/netwerk/test/mochitests/file_chromecommon.js @@ -0,0 +1,15 @@ +/* eslint-env mozilla/chrome-script */ + +"use strict"; + +// eslint-disable-next-line mozilla/use-services +let cs = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager); + +addMessageListener("getCookieCountAndClear", () => { + let count = cs.cookies.length; + cs.removeAll(); + + sendAsyncMessage("getCookieCountAndClear:return", { count }); +}); + +cs.removeAll(); diff --git a/netwerk/test/mochitests/file_documentcookie_maxage_chromescript.js b/netwerk/test/mochitests/file_documentcookie_maxage_chromescript.js new file mode 100644 index 0000000000..dc1e8eb05f --- /dev/null +++ b/netwerk/test/mochitests/file_documentcookie_maxage_chromescript.js @@ -0,0 +1,45 @@ +/* eslint-env mozilla/chrome-script */ + +"use strict"; + +function getCookieService() { + // eslint-disable-next-line mozilla/use-services + return Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager); +} + +function getCookies(cs) { + let cookies = []; + for (let cookie of cs.cookies) { + cookies.push({ + host: cookie.host, + path: cookie.path, + name: cookie.name, + value: cookie.value, + expires: cookie.expires, + }); + } + return cookies; +} + +function removeAllCookies(cs) { + cs.removeAll(); +} + +addMessageListener("init", _ => { + let cs = getCookieService(); + removeAllCookies(cs); + sendAsyncMessage("init:return"); +}); + +addMessageListener("getCookies", _ => { + let cs = getCookieService(); + let cookies = getCookies(cs); + removeAllCookies(cs); + sendAsyncMessage("getCookies:return", { cookies }); +}); + +addMessageListener("shutdown", _ => { + let cs = getCookieService(); + removeAllCookies(cs); + sendAsyncMessage("shutdown:return"); +}); diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner.html b/netwerk/test/mochitests/file_domain_hierarchy_inner.html new file mode 100644 index 0000000000..713432196f --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^ b/netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html new file mode 100644 index 0000000000..dfceac2c6c --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^ new file mode 100644 index 0000000000..1ab9133473 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta2=tag2 +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html new file mode 100644 index 0000000000..d306efb1c0 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^ new file mode 100644 index 0000000000..add3336ec9 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_hierarchy_inner_inner_inner.html^headers^ @@ -0,0 +1 @@ +Set-Cookie: meta3=tag3 diff --git a/netwerk/test/mochitests/file_domain_inner.html b/netwerk/test/mochitests/file_domain_inner.html new file mode 100644 index 0000000000..30a0821980 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_domain_inner.html^headers^ b/netwerk/test/mochitests/file_domain_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_domain_inner_inner.html b/netwerk/test/mochitests/file_domain_inner_inner.html new file mode 100644 index 0000000000..5850e3fa0f --- /dev/null +++ b/netwerk/test/mochitests/file_domain_inner_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_domain_inner_inner.html^headers^ b/netwerk/test/mochitests/file_domain_inner_inner.html^headers^ new file mode 100644 index 0000000000..1ab9133473 --- /dev/null +++ b/netwerk/test/mochitests/file_domain_inner_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta2=tag2 +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_iframe_allow_same_origin.html b/netwerk/test/mochitests/file_iframe_allow_same_origin.html new file mode 100644 index 0000000000..c34187bb0a --- /dev/null +++ b/netwerk/test/mochitests/file_iframe_allow_same_origin.html @@ -0,0 +1,8 @@ + + + + diff --git a/netwerk/test/mochitests/file_iframe_allow_scripts.html b/netwerk/test/mochitests/file_iframe_allow_scripts.html new file mode 100644 index 0000000000..01504841a1 --- /dev/null +++ b/netwerk/test/mochitests/file_iframe_allow_scripts.html @@ -0,0 +1,6 @@ + + + + diff --git a/netwerk/test/mochitests/file_image_inner.html b/netwerk/test/mochitests/file_image_inner.html new file mode 100644 index 0000000000..6daf7224da --- /dev/null +++ b/netwerk/test/mochitests/file_image_inner.html @@ -0,0 +1,14 @@ + + + + + + + + + diff --git a/netwerk/test/mochitests/file_image_inner.html^headers^ b/netwerk/test/mochitests/file_image_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_image_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_image_inner_inner.html b/netwerk/test/mochitests/file_image_inner_inner.html new file mode 100644 index 0000000000..1e605f1a25 --- /dev/null +++ b/netwerk/test/mochitests/file_image_inner_inner.html @@ -0,0 +1,19 @@ + + + + + + + + + + + + diff --git a/netwerk/test/mochitests/file_image_inner_inner.html^headers^ b/netwerk/test/mochitests/file_image_inner_inner.html^headers^ new file mode 100644 index 0000000000..1ab9133473 --- /dev/null +++ b/netwerk/test/mochitests/file_image_inner_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta2=tag2 +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_lnk.lnk b/netwerk/test/mochitests/file_lnk.lnk new file mode 100644 index 0000000000..abce7587d2 Binary files /dev/null and b/netwerk/test/mochitests/file_lnk.lnk differ diff --git a/netwerk/test/mochitests/file_loadflags_inner.html b/netwerk/test/mochitests/file_loadflags_inner.html new file mode 100644 index 0000000000..5fc7e8d913 --- /dev/null +++ b/netwerk/test/mochitests/file_loadflags_inner.html @@ -0,0 +1,16 @@ + + + + + + + + + diff --git a/netwerk/test/mochitests/file_loadflags_inner.html^headers^ b/netwerk/test/mochitests/file_loadflags_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_loadflags_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs b/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs new file mode 100644 index 0000000000..0c89f7d538 --- /dev/null +++ b/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs @@ -0,0 +1,109 @@ +/* + * Redirect handler specifically for the needs of: + * Bug 1194052 - Append Principal to RedirectChain within LoadInfo before the channel is succesfully openend + */ + +function createIframeContent(aQuery) { + var content = ` + + + + Bug 1194052 - LoadInfo redirect chain subtest + + + + + `; + + return content; +} + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + var queryString = request.queryString; + + if ( + queryString == "iframe-redir-https-2" || + queryString == "iframe-redir-err-2" + ) { + var query = queryString.replace("iframe-", ""); + // send upgrade-insecure-requests CSP header + response.setHeader("Content-Type", "text/html", false); + response.setHeader( + "Content-Security-Policy", + "upgrade-insecure-requests", + false + ); + response.write(createIframeContent(query)); + return; + } + + // at the end of the redirectchain we return some text + // for sanity checking + if (queryString == "redir-0" || queryString == "redir-https-0") { + response.setHeader("Content-Type", "text/html", false); + response.write("checking redirectchain"); + return; + } + + // special case redir-err-1 and return an error to trigger the fallback + if (queryString == "redir-err-1") { + response.setStatusLine("1.1", 404, "Bad request"); + return; + } + + // must be a redirect + var newLocation = ""; + switch (queryString) { + case "redir-err-2": + newLocation = + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-err-1"; + break; + + case "redir-https-2": + newLocation = + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-1"; + break; + + case "redir-https-1": + newLocation = + "http://example.com/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-https-0"; + break; + + case "redir-2": + newLocation = + "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-1"; + break; + + case "redir-1": + newLocation = + "http://mochi.test:8888/tests/netwerk/test/mochitests/file_loadinfo_redirectchain.sjs?redir-0"; + break; + } + + response.setStatusLine("1.1", 302, "Found"); + response.setHeader("Location", newLocation, false); +} diff --git a/netwerk/test/mochitests/file_localhost_inner.html b/netwerk/test/mochitests/file_localhost_inner.html new file mode 100644 index 0000000000..d291370a47 --- /dev/null +++ b/netwerk/test/mochitests/file_localhost_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_localhost_inner.html^headers^ b/netwerk/test/mochitests/file_localhost_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_localhost_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_loopback_inner.html b/netwerk/test/mochitests/file_loopback_inner.html new file mode 100644 index 0000000000..91aa1d89c5 --- /dev/null +++ b/netwerk/test/mochitests/file_loopback_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_loopback_inner.html^headers^ b/netwerk/test/mochitests/file_loopback_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_loopback_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_subdomain_inner.html b/netwerk/test/mochitests/file_subdomain_inner.html new file mode 100644 index 0000000000..a48f36a7de --- /dev/null +++ b/netwerk/test/mochitests/file_subdomain_inner.html @@ -0,0 +1,13 @@ + + + + + + + + diff --git a/netwerk/test/mochitests/file_subdomain_inner.html^headers^ b/netwerk/test/mochitests/file_subdomain_inner.html^headers^ new file mode 100644 index 0000000000..a56be562a4 --- /dev/null +++ b/netwerk/test/mochitests/file_subdomain_inner.html^headers^ @@ -0,0 +1,4 @@ +Set-Cookie: meta=tag +Cache-Control: no-cache, no-store, must-revalidate +Pragma: no-cache +Expires: 0 diff --git a/netwerk/test/mochitests/file_testcommon.js b/netwerk/test/mochitests/file_testcommon.js new file mode 100644 index 0000000000..4a9b0504e9 --- /dev/null +++ b/netwerk/test/mochitests/file_testcommon.js @@ -0,0 +1,84 @@ +"use strict"; + +const SCRIPT_URL = SimpleTest.getTestFileURL("file_chromecommon.js"); + +var gExpectedCookies; +var gExpectedLoads; + +var gPopup; + +var gScript; + +var gLoads = 0; + +function setupTest(uri, cookies, loads) { + SimpleTest.waitForExplicitFinish(); + + var prefSet = new Promise(resolve => { + SpecialPowers.pushPrefEnv( + { + set: [ + ["network.cookie.cookieBehavior", 1], + // cookieBehavior 1 allows cookies from chrome script if we enable + // exceptions. + // Bug 1617611: Fix all the tests broken by "cookies SameSite=lax by default" + ["network.cookie.sameSite.laxByDefault", false], + ], + }, + resolve + ); + }); + + gScript = SpecialPowers.loadChromeScript(SCRIPT_URL); + gExpectedCookies = cookies; + gExpectedLoads = loads; + + // Listen for MessageEvents. + window.addEventListener("message", messageReceiver); + + prefSet.then(() => { + // load a window which contains an iframe; each will attempt to set + // cookies from their respective domains. + gPopup = window.open(uri, "hai", "width=100,height=100"); + }); +} + +function finishTest() { + gScript.destroy(); + SpecialPowers.clearUserPref("network.cookie.sameSite.laxByDefault"); + SimpleTest.finish(); +} + +/** Receives MessageEvents to this window. */ +// Count and check loads. +function messageReceiver(evt) { + is(evt.data, "message", "message data received from popup"); + if (evt.data != "message") { + gPopup.close(); + window.removeEventListener("message", messageReceiver); + + finishTest(); + return; + } + + // only run the test when all our children are done loading & setting cookies + if (++gLoads == gExpectedLoads) { + gPopup.close(); + window.removeEventListener("message", messageReceiver); + + runTest(); + } +} + +// runTest() is run by messageReceiver(). +// Count and check cookies. +function runTest() { + // set a cookie from a domain of "localhost" + document.cookie = "oh=hai"; + + gScript.addMessageListener("getCookieCountAndClear:return", ({ count }) => { + is(count, gExpectedCookies, "total number of cookies"); + finishTest(); + }); + gScript.sendAsyncMessage("getCookieCountAndClear"); +} diff --git a/netwerk/test/mochitests/file_testloadflags.js b/netwerk/test/mochitests/file_testloadflags.js new file mode 100644 index 0000000000..54374b8b8d --- /dev/null +++ b/netwerk/test/mochitests/file_testloadflags.js @@ -0,0 +1,130 @@ +"use strict"; + +const SCRIPT_URL = SimpleTest.getTestFileURL( + "file_testloadflags_chromescript.js" +); + +let gScript; +var gExpectedCookies; +var gExpectedHeaders; +var gExpectedLoads; + +var gObs; +var gPopup; + +var gHeaders = 0; +var gLoads = 0; + +// setupTest() is run from 'onload='. +function setupTest(iframeUri, domain, cookies, loads, headers) { + info( + "setupTest uri: " + + iframeUri + + " domain: " + + domain + + " cookies: " + + cookies + + " loads: " + + loads + + " headers: " + + headers + ); + + SimpleTest.waitForExplicitFinish(); + + var prefSet = new Promise(resolve => { + SpecialPowers.pushPrefEnv( + { + set: [ + ["network.cookie.cookieBehavior", 1], + ["network.cookie.sameSite.schemeful", false], + ], + }, + resolve + ); + }); + + gExpectedCookies = cookies; + gExpectedLoads = loads; + gExpectedHeaders = headers; + + gScript = SpecialPowers.loadChromeScript(SCRIPT_URL); + gScript.addMessageListener("info", ({ str }) => info(str)); + gScript.addMessageListener("ok", ({ c, m }) => ok(c, m)); + gScript.addMessageListener("observer:gotCookie", ({ cookie, uri }) => { + isnot( + cookie.indexOf("oh=hai"), + -1, + "cookie 'oh=hai' is in header for " + uri + ); + ++gHeaders; + }); + + var scriptReady = new Promise(resolve => { + gScript.addMessageListener("init:return", resolve); + gScript.sendAsyncMessage("init", { domain }); + }); + + // Listen for MessageEvents. + window.addEventListener("message", messageReceiver); + + Promise.all([prefSet, scriptReady]).then(() => { + // load a window which contains an iframe; each will attempt to set + // cookies from their respective domains. + gPopup = window.open(iframeUri, "hai", "width=100,height=100"); + }); +} + +function finishTest() { + gScript.addMessageListener("shutdown:return", () => { + gScript.destroy(); + SimpleTest.finish(); + }); + gScript.sendAsyncMessage("shutdown"); +} + +/** Receives MessageEvents to this window. */ +// Count and check loads. +function messageReceiver(evt) { + ok( + evt.data == "f_lf_i msg data img" || evt.data == "f_lf_i msg data page", + "message data received from popup" + ); + if (evt.data == "f_lf_i msg data img") { + info("message data received from popup for image"); + } + if (evt.data == "f_lf_i msg data page") { + info("message data received from popup for page"); + } + if (evt.data != "f_lf_i msg data img" && evt.data != "f_lf_i msg data page") { + info("got this message but don't know what it is " + evt.data); + gPopup.close(); + window.removeEventListener("message", messageReceiver); + + finishTest(); + return; + } + + // only run the test when all our children are done loading & setting cookies + if (++gLoads == gExpectedLoads) { + gPopup.close(); + window.removeEventListener("message", messageReceiver); + + runTest(); + } +} + +// runTest() is run by messageReceiver(). +// Check headers, and count and check cookies. +function runTest() { + // set a cookie from a domain of "localhost" + document.cookie = "o=noes"; + + is(gHeaders, gExpectedHeaders, "number of observed request headers"); + gScript.addMessageListener("getCookieCount:return", ({ count }) => { + is(count, gExpectedCookies, "total number of cookies"); + finishTest(); + }); + + gScript.sendAsyncMessage("getCookieCount"); +} diff --git a/netwerk/test/mochitests/file_testloadflags_chromescript.js b/netwerk/test/mochitests/file_testloadflags_chromescript.js new file mode 100644 index 0000000000..a74920d2c2 --- /dev/null +++ b/netwerk/test/mochitests/file_testloadflags_chromescript.js @@ -0,0 +1,144 @@ +/* eslint-env mozilla/chrome-script */ +/* eslint-disable mozilla/use-services */ + +"use strict"; + +var gObs; + +function info(s) { + sendAsyncMessage("info", { str: String(s) }); +} + +function ok(c, m) { + sendAsyncMessage("ok", { c, m }); +} + +function is(a, b, m) { + ok(Object.is(a, b), m + " (" + a + " === " + b + ")"); +} + +// Count headers. +function obs() { + info("adding observer"); + + this.os = Cc["@mozilla.org/observer-service;1"].getService( + Ci.nsIObserverService + ); + this.os.addObserver(this, "http-on-modify-request"); +} + +obs.prototype = { + observe(theSubject, theTopic, theData) { + info("theSubject " + theSubject); + info("theTopic " + theTopic); + info("theData " + theData); + + var channel = theSubject.QueryInterface(Ci.nsIHttpChannel); + info("channel " + channel); + try { + info("channel.URI " + channel.URI); + info("channel.URI.spec " + channel.URI.spec); + channel.visitRequestHeaders({ + visitHeader(aHeader, aValue) { + info(aHeader + ": " + aValue); + }, + }); + } catch (err) { + ok(false, "catch error " + err); + } + + // Ignore notifications we don't care about (like favicons) + if ( + !channel.URI.spec.includes( + "http://example.org/tests/netwerk/test/mochitests/" + ) + ) { + info("ignoring this one"); + return; + } + + sendAsyncMessage("observer:gotCookie", { + cookie: channel.getRequestHeader("Cookie"), + uri: channel.URI.spec, + }); + }, + + remove() { + info("removing observer"); + + this.os.removeObserver(this, "http-on-modify-request"); + this.os = null; + }, +}; + +function getCookieCount(cs) { + let count = 0; + for (let cookie of cs.cookies) { + info("cookie: " + cookie); + info( + "cookie host " + + cookie.host + + " path " + + cookie.path + + " name " + + cookie.name + + " value " + + cookie.value + + " isSecure " + + cookie.isSecure + + " expires " + + cookie.expires + ); + ++count; + } + + return count; +} + +addMessageListener("init", ({ domain }) => { + let cs = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager); + + info("we are going to remove these cookies"); + + let count = getCookieCount(cs); + info(count + " cookies"); + + cs.removeAll(); + cs.add( + domain, + "/", + "oh", + "hai", + false, + false, + true, + Math.pow(2, 62), + {}, + Ci.nsICookie.SAMESITE_NONE, + Ci.nsICookie.SCHEME_HTTPS + ); + is( + cs.countCookiesFromHost(domain), + 1, + "number of cookies for domain " + domain + ); + + gObs = new obs(); + sendAsyncMessage("init:return"); +}); + +addMessageListener("getCookieCount", () => { + let cs = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager); + let count = getCookieCount(cs); + + cs.removeAll(); + sendAsyncMessage("getCookieCount:return", { count }); +}); + +addMessageListener("shutdown", () => { + gObs.remove(); + + let cs = Cc["@mozilla.org/cookiemanager;1"].getService(Ci.nsICookieManager); + cs.removeAll(); + sendAsyncMessage("shutdown:return"); +}); diff --git a/netwerk/test/mochitests/iframe_1502055.html b/netwerk/test/mochitests/iframe_1502055.html new file mode 100644 index 0000000000..7f3e915978 --- /dev/null +++ b/netwerk/test/mochitests/iframe_1502055.html @@ -0,0 +1,33 @@ + + + + + + + diff --git a/netwerk/test/mochitests/image1.png b/netwerk/test/mochitests/image1.png new file mode 100644 index 0000000000..272d67c0ce Binary files /dev/null and b/netwerk/test/mochitests/image1.png differ diff --git a/netwerk/test/mochitests/image1.png^headers^ b/netwerk/test/mochitests/image1.png^headers^ new file mode 100644 index 0000000000..2390289e01 --- /dev/null +++ b/netwerk/test/mochitests/image1.png^headers^ @@ -0,0 +1,3 @@ +Cache-Control: no-store +Set-Cookie: foo=bar + diff --git a/netwerk/test/mochitests/image2.png b/netwerk/test/mochitests/image2.png new file mode 100644 index 0000000000..272d67c0ce Binary files /dev/null and b/netwerk/test/mochitests/image2.png differ diff --git a/netwerk/test/mochitests/image2.png^headers^ b/netwerk/test/mochitests/image2.png^headers^ new file mode 100644 index 0000000000..6c0eea5ab6 --- /dev/null +++ b/netwerk/test/mochitests/image2.png^headers^ @@ -0,0 +1,3 @@ +Cache-Control: no-store +Set-Cookie: foo2=bar2 + diff --git a/netwerk/test/mochitests/method.sjs b/netwerk/test/mochitests/method.sjs new file mode 100644 index 0000000000..f29b20aa00 --- /dev/null +++ b/netwerk/test/mochitests/method.sjs @@ -0,0 +1,9 @@ +function handleRequest(request, response) { + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader("Content-Type", "text/plain", false); + response.setHeader("Access-Control-Allow-Origin", "*", false); + + // echo method + response.write(request.method); +} diff --git a/netwerk/test/mochitests/mochitest.toml b/netwerk/test/mochitests/mochitest.toml new file mode 100644 index 0000000000..8d5cb8ff92 --- /dev/null +++ b/netwerk/test/mochitests/mochitest.toml @@ -0,0 +1,217 @@ +[DEFAULT] +support-files = [ + "method.sjs", + "partial_content.sjs", + "rel_preconnect.sjs", + "set_cookie_xhr.sjs", + "reset_cookie_xhr.sjs", + "web_packaged_app.sjs", + "file_documentcookie_maxage_chromescript.js", + "file_loadinfo_redirectchain.sjs", + "file_1331680.js", + "file_1503201.sjs", + "file_iframe_allow_scripts.html", + "file_iframe_allow_same_origin.html", + "redirect_idn.html^headers^", + "redirect_idn.html", + "empty.html", + "redirect.sjs", + "redirect_to.sjs", + "origin_header.sjs", + "origin_header_form_post.html", + "origin_header_form_post_xorigin.html", + "subResources.sjs", + "beltzner.jpg", + "beltzner.jpg^headers^", + "file_chromecommon.js", + "file_domain_hierarchy_inner.html", + "file_domain_hierarchy_inner.html^headers^", + "file_domain_hierarchy_inner_inner.html", + "file_domain_hierarchy_inner_inner.html^headers^", + "file_domain_hierarchy_inner_inner_inner.html", + "file_domain_hierarchy_inner_inner_inner.html^headers^", + "file_domain_inner.html", + "file_domain_inner.html^headers^", + "file_domain_inner_inner.html", + "file_domain_inner_inner.html^headers^", + "file_image_inner.html", + "file_image_inner.html^headers^", + "file_image_inner_inner.html", + "file_image_inner_inner.html^headers^", + "file_lnk.lnk", + "file_loadflags_inner.html", + "file_loadflags_inner.html^headers^", + "file_localhost_inner.html", + "file_localhost_inner.html^headers^", + "file_loopback_inner.html", + "file_loopback_inner.html^headers^", + "file_subdomain_inner.html", + "file_subdomain_inner.html^headers^", + "file_testcommon.js", + "file_testloadflags.js", + "file_testloadflags_chromescript.js", + "image1.png", + "image1.png^headers^", + "image2.png", + "image2.png^headers^", + "test1.css", + "test1.css^headers^", + "test2.css", + "test2.css^headers^", +] +prefs = ["javascript.options.large_arraybuffers=true"] + +["test_1331680.html"] + +["test_1331680_iframe.html"] + +["test_1331680_xhr.html"] +skip-if = ["verify"] + +["test_1396395.html"] +skip-if = [ + "http3", + "http2", +] + +["test_1421324.html"] + +["test_1425031.html"] + +["test_1502055.html"] +support-files = [ + "sw_1502055.js", + "file_1502055.sjs", + "iframe_1502055.html", +] + +["test_1503201.html"] + +["test_accept_header.html"] +support-files = ["test_accept_header.sjs"] + +["test_arraybufferinputstream.html"] + +["test_arraybufferinputstream_large.html"] +# Large ArrayBuffers not supported on 32-bit. TSan shadow memory causes OOMs. +skip-if = [ + "win11_2009 && bits == 32", + "tsan", + "asan", +] + +["test_different_domain_in_hierarchy.html"] +skip-if = [ + "http3", + "http2", +] + +["test_differentdomain.html"] +skip-if = [ + "http3", + "http2", +] + +["test_documentcookies_maxage.html"] +# Bug 1617611: Fix all the tests broken by "cookies SameSite=lax by default" +skip-if = ["xorigin"] + +["test_fetch_lnk.html"] + +["test_idn_redirect.html"] +skip-if = [ + "http3", + "http2", +] + +["test_image.html"] +skip-if = [ + "http3", + "http2", +] + +["test_loadflags.html"] +# Bug 1617611: Fix all the tests broken by "cookies SameSite=lax by default" +skip-if = [ + "xorigin", + "http3", + "http2", +] + +["test_loadinfo_redirectchain.html"] +fail-if = ["xorigin"] +skip-if = [ + "http3", + "http2", +] + +["test_origin_header.html"] +skip-if = [ + "http3", + "http2", +] + +["test_partially_cached_content.html"] + +["test_redirect_ref.html"] +skip-if = [ + "http3", + "http2", +] + +["test_rel_preconnect.html"] + +["test_same_base_domain.html"] +skip-if = [ + "http3", + "http2", +] + +["test_same_base_domain_2.html"] +skip-if = [ + "http3", + "http2", +] + +["test_same_base_domain_3.html"] +skip-if = [ + "http3", + "http2", +] + +["test_same_base_domain_4.html"] +skip-if = [ + "http3", + "http2", +] + +["test_same_base_domain_5.html"] +skip-if = [ + "http3", + "http2", +] + +["test_same_base_domain_6.html"] +skip-if = [ + "http3", + "http2", +] + +["test_samedomain.html"] +skip-if = [ + "http3", + "http2", +] + +["test_uri_scheme.html"] +skip-if = ["verify && debug && os == 'mac'"] + +["test_url_perf.html"] +# test to check the performance of URL parsing. +# No need to run in CI. +skip-if = ["true"] + +["test_viewsource_unlinkable.html"] + +["test_xhr_method_case.html"] +skip-if = ["http2"] diff --git a/netwerk/test/mochitests/origin_header.sjs b/netwerk/test/mochitests/origin_header.sjs new file mode 100644 index 0000000000..72cc4b2ae6 --- /dev/null +++ b/netwerk/test/mochitests/origin_header.sjs @@ -0,0 +1,10 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +function handleRequest(request, response) { + response.setHeader("Content-Type", "text/plain", false); + response.setHeader("Cache-Control", "no-cache", false); + + var origin = request.hasHeader("Origin") ? request.getHeader("Origin") : ""; + response.write("Origin: " + origin); +} diff --git a/netwerk/test/mochitests/origin_header_form_post.html b/netwerk/test/mochitests/origin_header_form_post.html new file mode 100644 index 0000000000..01c2df5ef2 --- /dev/null +++ b/netwerk/test/mochitests/origin_header_form_post.html @@ -0,0 +1,19 @@ + + + + + + + +
+ +
+ + diff --git a/netwerk/test/mochitests/origin_header_form_post_xorigin.html b/netwerk/test/mochitests/origin_header_form_post_xorigin.html new file mode 100644 index 0000000000..52e173747b --- /dev/null +++ b/netwerk/test/mochitests/origin_header_form_post_xorigin.html @@ -0,0 +1,19 @@ + + + + + + + +
+ +
+ + diff --git a/netwerk/test/mochitests/partial_content.sjs b/netwerk/test/mochitests/partial_content.sjs new file mode 100644 index 0000000000..67bfff377a --- /dev/null +++ b/netwerk/test/mochitests/partial_content.sjs @@ -0,0 +1,193 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Debug and Error wrapper functions for dump(). + */ +function ERR(response, responseCode, responseCodeStr, msg) { + // Reset state var. + setState("expectedRequestType", ""); + // Dump to console log and send to client in response. + dump("SERVER ERROR: " + msg + "\n"); + response.write("HTTP/1.1 " + responseCode + " " + responseCodeStr + "\r\n"); + response.write("Content-Type: text/html; charset=UTF-8\r\n"); + response.write("Content-Length: " + msg.length + "\r\n"); + response.write("\r\n"); + response.write(msg); +} + +function DBG(msg) { + // Dump to console only. + dump("SERVER DEBUG: " + msg + "\n"); +} + +/* Delivers content in parts to test partially cached content: requires two + * requests for the same resource. + * + * First call will respond with partial content, but a 200 header and + * Content-Length equal to the full content length. No Range or If-Range + * headers are allowed in the request. + * + * Second call will require Range and If-Range in the request headers, and + * will respond with the range requested. + */ +function handleRequest(request, response) { + DBG("Trying to seize power"); + response.seizePower(); + + DBG("About to check state vars"); + // Get state var to determine if this is the first or second request. + var expectedRequestType; + var lastModified; + if (getState("expectedRequestType") === "") { + DBG("First call: Should be requesting full content."); + expectedRequestType = "fullRequest"; + // Set state var for second request. + setState("expectedRequestType", "partialRequest"); + // Create lastModified variable for responses. + lastModified = new Date().toUTCString(); + setState("lastModified", lastModified); + } else if (getState("expectedRequestType") === "partialRequest") { + DBG("Second call: Should be requesting undelivered content."); + expectedRequestType = "partialRequest"; + // Reset state var for first request. + setState("expectedRequestType", ""); + // Get last modified date and reset state var. + lastModified = getState("lastModified"); + } else { + ERR( + response, + 500, + "Internal Server Error", + 'Invalid expectedRequestType "' + + expectedRequestType + + '"in ' + + "server state db." + ); + return; + } + + // Look for Range and If-Range + var range = request.hasHeader("Range") ? request.getHeader("Range") : ""; + var ifRange = request.hasHeader("If-Range") + ? request.getHeader("If-Range") + : ""; + + if (expectedRequestType === "fullRequest") { + // Should not have Range or If-Range in first request. + if (range && range.length) { + ERR( + response, + 400, + "Bad Request", + 'Should not receive "Range: ' + range + '" for first, full request.' + ); + return; + } + if (ifRange && ifRange.length) { + ERR( + response, + 400, + "Bad Request", + 'Should not receive "Range: ' + range + '" for first, full request.' + ); + return; + } + } else if (expectedRequestType === "partialRequest") { + // Range AND If-Range should both be present in second request. + if (!range) { + ERR( + response, + 400, + "Bad Request", + 'Should receive "Range: " for second, partial request.' + ); + return; + } + if (!ifRange) { + ERR( + response, + 400, + "Bad Request", + 'Should receive "If-Range: " for second, partial request.' + ); + return; + } + } else { + // Somewhat redundant, but a check for errors in this test code. + ERR( + response, + 500, + "Internal Server Error", + 'expectedRequestType not set correctly: "' + expectedRequestType + '"' + ); + return; + } + + // Prepare content in two parts for responses. + var partialContent = + '

First response

'; + var remainderContent = + '

Second response

'; + var totalLength = partialContent.length + remainderContent.length; + + DBG("totalLength: " + totalLength); + + // Prepare common headers for the two responses. + let date = new Date(); + DBG("Date: " + date.toUTCString() + ", Last-Modified: " + lastModified); + var commonHeaders = + "Date: " + + date.toUTCString() + + "\r\n" + + "Last-Modified: " + + lastModified + + "\r\n" + + "Content-Type: text/html; charset=UTF-8\r\n" + + "ETag: abcd0123\r\n" + + "Accept-Ranges: bytes\r\n"; + + // Prepare specific headers and content for first and second responses. + if (expectedRequestType === "fullRequest") { + DBG("First response: Sending partial content with a full header"); + response.write("HTTP/1.1 200 OK\r\n"); + response.write(commonHeaders); + // Set Content-Length to full length of resource. + response.write("Content-Length: " + totalLength + "\r\n"); + response.write("\r\n"); + response.write(partialContent); + } else if (expectedRequestType === "partialRequest") { + DBG("Second response: Sending remaining content with a range header"); + response.write("HTTP/1.1 206 Partial Content\r\n"); + response.write(commonHeaders); + // Set Content-Length to length of bytes transmitted. + response.write("Content-Length: " + remainderContent.length + "\r\n"); + response.write( + "Content-Range: bytes " + + partialContent.length + + "-" + + (totalLength - 1) + + "/" + + totalLength + + "\r\n" + ); + response.write("\r\n"); + response.write(remainderContent); + } else { + // Somewhat redundant, but a check for errors in this test code. + ERR( + response, + 500, + "Internal Server Error", + "Something very bad happened here: expectedRequestType is invalid " + + 'towards the end of handleRequest! - "' + + expectedRequestType + + '"' + ); + return; + } + + response.finish(); +} diff --git a/netwerk/test/mochitests/redirect.sjs b/netwerk/test/mochitests/redirect.sjs new file mode 100644 index 0000000000..73efea59cf --- /dev/null +++ b/netwerk/test/mochitests/redirect.sjs @@ -0,0 +1,4 @@ +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, 301, "Moved Permanently"); + response.setHeader("Location", "empty.html#"); +} diff --git a/netwerk/test/mochitests/redirect_idn.html b/netwerk/test/mochitests/redirect_idn.html new file mode 100644 index 0000000000..e69de29bb2 diff --git a/netwerk/test/mochitests/redirect_idn.html^headers^ b/netwerk/test/mochitests/redirect_idn.html^headers^ new file mode 100644 index 0000000000..753f65db87 --- /dev/null +++ b/netwerk/test/mochitests/redirect_idn.html^headers^ @@ -0,0 +1,3 @@ +HTTP 301 Moved Permanently +Location: http://exämple.test/tests/netwerk/test/mochitests/empty.html +X-Comment: Bug 1142083 - This is a redirect to http://exämple.test diff --git a/netwerk/test/mochitests/redirect_to.sjs b/netwerk/test/mochitests/redirect_to.sjs new file mode 100644 index 0000000000..f090c70849 --- /dev/null +++ b/netwerk/test/mochitests/redirect_to.sjs @@ -0,0 +1,4 @@ +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, 308, "Permanent Redirect"); + response.setHeader("Location", request.queryString); +} diff --git a/netwerk/test/mochitests/rel_preconnect.sjs b/netwerk/test/mochitests/rel_preconnect.sjs new file mode 100644 index 0000000000..5423c877f0 --- /dev/null +++ b/netwerk/test/mochitests/rel_preconnect.sjs @@ -0,0 +1,17 @@ +// Generate response header "Link: ; rel=preconnect" +// HREF is provided by the request header X-Link + +function handleRequest(request, response) { + response.setHeader("Cache-Control", "no-cache", false); + response.setHeader( + "Link", + "<" + + request.queryString + + ">; rel=preconnect" + + ", " + + "<" + + request.queryString + + ">; rel=preconnect; crossOrigin=anonymous" + ); + response.write("check that header"); +} diff --git a/netwerk/test/mochitests/reset_cookie_xhr.sjs b/netwerk/test/mochitests/reset_cookie_xhr.sjs new file mode 100644 index 0000000000..3620958d29 --- /dev/null +++ b/netwerk/test/mochitests/reset_cookie_xhr.sjs @@ -0,0 +1,15 @@ +function handleRequest(request, response) { + var queryString = request.queryString; + switch (queryString) { + case "set_cookie": + response.setHeader("Set-Cookie", "testXHR1=xhr_val1; path=/", false); + break; + case "modify_cookie": + response.setHeader( + "Set-Cookie", + "testXHR1=xhr_val2; path=/; HttpOnly", + false + ); + break; + } +} diff --git a/netwerk/test/mochitests/set_cookie_xhr.sjs b/netwerk/test/mochitests/set_cookie_xhr.sjs new file mode 100644 index 0000000000..19855bfec9 --- /dev/null +++ b/netwerk/test/mochitests/set_cookie_xhr.sjs @@ -0,0 +1,15 @@ +function handleRequest(request, response) { + var queryString = request.queryString; + switch (queryString) { + case "xhr1": + response.setHeader("Set-Cookie", "xhr1=xhr_val1; path=/", false); + break; + case "xhr2": + response.setHeader( + "Set-Cookie", + "xhr2=xhr_val2; path=/; HttpOnly", + false + ); + break; + } +} diff --git a/netwerk/test/mochitests/signed_web_packaged_app.sjs b/netwerk/test/mochitests/signed_web_packaged_app.sjs new file mode 100644 index 0000000000..dc386ad6fe --- /dev/null +++ b/netwerk/test/mochitests/signed_web_packaged_app.sjs @@ -0,0 +1,73 @@ +function handleRequest(request, response) { + response.setHeader("Content-Type", "application/package", false); + response.write(signedPackage); +} + +// The package content +// getData formats it as described at http://www.w3.org/TR/web-packaging/#streamable-package-format +var signedPackage = `manifest-signature: MIIF1AYJKoZIhvcNAQcCoIIFxTCCBcECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA54wggOaMIICgqADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbRXhhbXBsZSBUcnVzdGVkIENvcnBvcmF0aW9uMRkwFwYDVQQDExBUcnVzdGVkIFZhbGlkIENBMB4XDTE1MTExOTAzMDEwNVoXDTM1MTExOTAzMDEwNVowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGjAYBgNVBAMTEVRydXN0ZWQgQ29ycCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPback9X7RRxKTc3/5o2vm9Ro6XNiSM9NPsN3djjCIVz50bY0rJkP98zsqpFjnLwqHeJigxyYoqFexRhRLgKrG10CxNl4rxP6CEPENjvj5FfbX/HUZpT/DelNR18F498yD95vSHcSrCc3JrjV3bKA+wgt11E4a0Ba95S1RuwtehZw1+Y4hO8nHpbSGfjD0BpluFY2nDoYAm+aWSrsmLuJsKLO8Xn2I1brZFJUynR3q1ujuDE9EJk1niDLfOeVgXM4AavJS5C0ZBHhAhR2W+K9NN97jpkpmHFqecTwDXB7rEhsyB3185cI7anaaQfHHfH5+4SD+cMDNtYIOSgLO06ZwIDAQABozgwNjAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAlnVyLz5dPhS0ZhZD6qJOUzSo6nFwMxNX1m0oS37mevtuh0b0o1gmEuMw3mVxiAVkC2vPsoxBL2wLlAkcEdBPxGEqhBmtiBY3F3DgvEkf+/sOY1rnr6O1qLZuBAnPzA1Vnco8Jwf0DYF0PxaRd8yT5XSl5qGpM2DItEldZwuKKaL94UEgIeC2c+Uv/IOyrv+EyftX96vcmRwr8ghPFLQ+36H5nuAKEpDD170EvfWl1zs0dUPiqSI6l+hy5V14gl63Woi34L727+FKx8oatbyZtdvbeeOmenfTLifLomnZdx+3WMLkp3TLlHa5xDLwifvZtBP2d3c6zHp7gdrGU1u2WTGCAf4wggH6AgEBMHgwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFRydXN0ZWQgVmFsaWQgQ0ECAQQwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTEyNTAzMDQzMFowIwYJKoZIhvcNAQkEMRYEFD4ut4oKoYdcGzyfQE6ROeazv+uNMA0GCSqGSIb3DQEBAQUABIIBAFG99dKBSOzQmYVn6lHKWERVDtYXbDTIVF957ID8YH9B5unlX/PdludTNbP5dzn8GWQV08tNRgoXQ5sgxjifHunrpaR1WiR6XqvwOCBeA5NB688jxGNxth6zg6fCGFaynsYMX3FlglfIW+AYwyQUclbv+C4UORJpBjvuknOnK+UDBLVSoP9ivL6KhylYna3oFcs0SMsumc/jf/oQW51LzFHpn61TRUqdDgvGhwcjgphMhKj23KwkjwRspU2oIWNRAuhZgqDD5BJlNniCr9X5Hx1dW6tIVISO91CLAryYkGZKRJYekXctCpIvldUkIDeh2tAw5owr0jtsVd6ovFF3bV4=\r +--NKWXJUAFXB\r +Content-Location: manifest.webapp\r +Content-Type: application/x-web-app-manifest+json\r +\r +{ + "moz-package-origin": "http://mochi.test:8888", + "name": "My App", + "moz-resources": [ + { + "src": "page2.html", + "integrity": "JREF3JbXGvZ+I1KHtoz3f46ZkeIPrvXtG4VyFQrJ7II=" + }, + { + "src": "index.html", + "integrity": "Jkvco7U8WOY9s0YREsPouX+DWK7FWlgZwA0iYYSrb7Q=" + }, + { + "src": "scripts/script.js", + "integrity": "6TqtNArQKrrsXEQWu3D9ZD8xvDRIkhyV6zVdTcmsT5Q=" + }, + { + "src": "scripts/library.js", + "integrity": "TN2ByXZiaBiBCvS4MeZ02UyNi44vED+KjdjLInUl4o8=" + } + ], + "moz-permissions": [ + { + "systemXHR": { + "description": "Needed to download stuff" + } + } + ], + "package-identifier": "09bc9714-7ab6-4320-9d20-fde4c237522c", + "description": "A great app!" +}\r +--NKWXJUAFXB\r +Content-Location: page2.html\r +Content-Type: text/html\r +\r + + page2.html + +\r +--NKWXJUAFXB\r +Content-Location: index.html\r +Content-Type: text/html\r +\r + + Last updated: 2015/10/28 + + +\r +--NKWXJUAFXB\r +Content-Location: scripts/script.js\r +Content-Type: text/javascript\r +\r +// script.js +\r +--NKWXJUAFXB\r +Content-Location: scripts/library.js\r +Content-Type: text/javascript\r +\r +// library.js +\r +--NKWXJUAFXB--`; diff --git a/netwerk/test/mochitests/subResources.sjs b/netwerk/test/mochitests/subResources.sjs new file mode 100644 index 0000000000..ec2cfaa750 --- /dev/null +++ b/netwerk/test/mochitests/subResources.sjs @@ -0,0 +1,78 @@ +const kTwoDays = 2 * 24 * 60 * 60; +const kInTwoDays = new Date().getTime() + kTwoDays * 1000; + +function getDateInTwoDays() { + let date2 = new Date(kInTwoDays); + let days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"]; + let months = [ + "Jan", + "Feb", + "Mar", + "Apr", + "May", + "Jun", + "Jul", + "Aug", + "Sep", + "Oct", + "Nov", + "Dec", + ]; + let day = date2.getUTCDate(); + if (day < 10) { + day = "0" + day; + } + let month = months[date2.getUTCMonth()]; + let year = date2.getUTCFullYear(); + let hour = date2.getUTCHours(); + if (hour < 10) { + hour = "0" + hour; + } + let minute = date2.getUTCMinutes(); + if (minute < 10) { + minute = "0" + minute; + } + let second = date2.getUTCSeconds(); + if (second < 10) { + second = "0" + second; + } + return ( + days[date2.getUTCDay()] + + ", " + + day + + "-" + + month + + "-" + + year + + " " + + hour + + ":" + + minute + + ":" + + second + + " GMT" + ); +} + +function handleRequest(aRequest, aResponse) { + aResponse.setStatusLine(aRequest.httpVersion, 200); + + let suffix = " path=/; domain:.mochi.test"; + + if (aRequest.queryString.includes("3")) { + aResponse.setHeader( + "Set-Cookie", + "test3=value3; expires=Fri, 02-Jan-2037 00:00:01 GMT;" + suffix + ); + } else if (aRequest.queryString.includes("4")) { + let date2 = getDateInTwoDays(); + + aResponse.setHeader( + "Set-Cookie", + "test4=value4; expires=" + date2 + ";" + suffix + ); + } + + aResponse.setHeader("Content-Type", "text/javascript", false); + aResponse.write("42;"); +} diff --git a/netwerk/test/mochitests/sw_1502055.js b/netwerk/test/mochitests/sw_1502055.js new file mode 100644 index 0000000000..40a8c178f1 --- /dev/null +++ b/netwerk/test/mochitests/sw_1502055.js @@ -0,0 +1 @@ +/* empty */ diff --git a/netwerk/test/mochitests/test1.css b/netwerk/test/mochitests/test1.css new file mode 100644 index 0000000000..139597f9cb --- /dev/null +++ b/netwerk/test/mochitests/test1.css @@ -0,0 +1,2 @@ + + diff --git a/netwerk/test/mochitests/test1.css^headers^ b/netwerk/test/mochitests/test1.css^headers^ new file mode 100644 index 0000000000..729babb5a4 --- /dev/null +++ b/netwerk/test/mochitests/test1.css^headers^ @@ -0,0 +1,3 @@ +Cache-Control: no-cache +Set-Cookie: css=bar + diff --git a/netwerk/test/mochitests/test2.css b/netwerk/test/mochitests/test2.css new file mode 100644 index 0000000000..139597f9cb --- /dev/null +++ b/netwerk/test/mochitests/test2.css @@ -0,0 +1,2 @@ + + diff --git a/netwerk/test/mochitests/test2.css^headers^ b/netwerk/test/mochitests/test2.css^headers^ new file mode 100644 index 0000000000..b12d32c72b --- /dev/null +++ b/netwerk/test/mochitests/test2.css^headers^ @@ -0,0 +1,3 @@ +Cache-Control: no-cache +Set-Cookie: css2=bar2 + diff --git a/netwerk/test/mochitests/test_1331680.html b/netwerk/test/mochitests/test_1331680.html new file mode 100644 index 0000000000..30d74de0af --- /dev/null +++ b/netwerk/test/mochitests/test_1331680.html @@ -0,0 +1,87 @@ + + + + + Cookies set in content processes update immediately. + + + + +Mozilla Bug 1331680 +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_1331680_iframe.html b/netwerk/test/mochitests/test_1331680_iframe.html new file mode 100644 index 0000000000..85842332b1 --- /dev/null +++ b/netwerk/test/mochitests/test_1331680_iframe.html @@ -0,0 +1,68 @@ + + + + + Cookies set from iframe in content process + + + + +Mozilla Bug 1331680 +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_1331680_xhr.html b/netwerk/test/mochitests/test_1331680_xhr.html new file mode 100644 index 0000000000..0649d33ff4 --- /dev/null +++ b/netwerk/test/mochitests/test_1331680_xhr.html @@ -0,0 +1,90 @@ + + + + + Cookie changes from XHR requests are observed in content processes. + + + + + + +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_1396395.html b/netwerk/test/mochitests/test_1396395.html new file mode 100644 index 0000000000..dcfb952b3a --- /dev/null +++ b/netwerk/test/mochitests/test_1396395.html @@ -0,0 +1,48 @@ + + + + + + + + + + + + diff --git a/netwerk/test/mochitests/test_1421324.html b/netwerk/test/mochitests/test_1421324.html new file mode 100644 index 0000000000..627a339e0a --- /dev/null +++ b/netwerk/test/mochitests/test_1421324.html @@ -0,0 +1,88 @@ + + + + + Cookie changes from XHR requests are observed in content processes. + + + + + + +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_1425031.html b/netwerk/test/mochitests/test_1425031.html new file mode 100644 index 0000000000..54865501c8 --- /dev/null +++ b/netwerk/test/mochitests/test_1425031.html @@ -0,0 +1,74 @@ + + + + + Cookies set in content processes update immediately. + + + + +Mozilla Bug 1425031 +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_1502055.html b/netwerk/test/mochitests/test_1502055.html new file mode 100644 index 0000000000..472ee204e6 --- /dev/null +++ b/netwerk/test/mochitests/test_1502055.html @@ -0,0 +1,49 @@ + + + + Clear-Site-Data + 304 header. + + + + + + + + diff --git a/netwerk/test/mochitests/test_1503201.html b/netwerk/test/mochitests/test_1503201.html new file mode 100644 index 0000000000..2e724f33ce --- /dev/null +++ b/netwerk/test/mochitests/test_1503201.html @@ -0,0 +1,28 @@ + + + + + A WWW-Authenticate response header with an invalid realm doesn't crash the browser + + + + +Mozilla Bug 1503201 +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_accept_header.html b/netwerk/test/mochitests/test_accept_header.html new file mode 100644 index 0000000000..0acae2a825 --- /dev/null +++ b/netwerk/test/mochitests/test_accept_header.html @@ -0,0 +1,87 @@ + + + + Accept header + + + + + + + diff --git a/netwerk/test/mochitests/test_accept_header.sjs b/netwerk/test/mochitests/test_accept_header.sjs new file mode 100644 index 0000000000..6e73acd293 --- /dev/null +++ b/netwerk/test/mochitests/test_accept_header.sjs @@ -0,0 +1,62 @@ +function handleRequest(request, response) { + response.setStatusLine(request.httpVersion, "200", "OK"); + dump(`test_accept_header ${request.path}?${request.queryString}\n`); + + if (request.queryString == "worker") { + response.setHeader("Content-Type", "text/javascript", false); + response.write("postMessage(42)"); + + setState( + "data", + JSON.stringify({ type: "worker", accept: request.getHeader("Accept") }) + ); + return; + } + + if (request.queryString == "image") { + // A 1x1 PNG image. + // Source: https://commons.wikimedia.org/wiki/File:1x1.png (Public Domain) + const IMAGE = atob( + "iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAA" + + "ACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=" + ); + + response.setHeader("Content-Type", "image/png", false); + response.write(IMAGE); + + setState( + "data", + JSON.stringify({ type: "image", accept: request.getHeader("Accept") }) + ); + return; + } + + if (request.queryString == "style") { + response.setHeader("Content-Type", "text/css", false); + response.write(""); + + setState( + "data", + JSON.stringify({ type: "style", accept: request.getHeader("Accept") }) + ); + return; + } + + if (request.queryString == "iframe") { + response.setHeader("Content-Type", "text/html", false); + response.write("

Hello world!

"); + + setState( + "data", + JSON.stringify({ type: "iframe", accept: request.getHeader("Accept") }) + ); + return; + } + + if (request.queryString == "get") { + response.setHeader("Content-Type", "application/json", false); + response.write(getState("data")); + + setState("data", ""); + } +} diff --git a/netwerk/test/mochitests/test_arraybufferinputstream.html b/netwerk/test/mochitests/test_arraybufferinputstream.html new file mode 100644 index 0000000000..5e3c5faa3e --- /dev/null +++ b/netwerk/test/mochitests/test_arraybufferinputstream.html @@ -0,0 +1,89 @@ + + + + + ArrayBuffer stream test + + + + + + +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_arraybufferinputstream_large.html b/netwerk/test/mochitests/test_arraybufferinputstream_large.html new file mode 100644 index 0000000000..33922d6e37 --- /dev/null +++ b/netwerk/test/mochitests/test_arraybufferinputstream_large.html @@ -0,0 +1,45 @@ + + + + + ArrayBuffer stream with large ArrayBuffer test + + + + + + + + + diff --git a/netwerk/test/mochitests/test_different_domain_in_hierarchy.html b/netwerk/test/mochitests/test_different_domain_in_hierarchy.html new file mode 100644 index 0000000000..0ec6d35d4d --- /dev/null +++ b/netwerk/test/mochitests/test_different_domain_in_hierarchy.html @@ -0,0 +1,15 @@ + + + + Test cookie requests from within a window hierarchy of different base domains + + + + +

+
+
+
+ + diff --git a/netwerk/test/mochitests/test_differentdomain.html b/netwerk/test/mochitests/test_differentdomain.html new file mode 100644 index 0000000000..75cc903758 --- /dev/null +++ b/netwerk/test/mochitests/test_differentdomain.html @@ -0,0 +1,15 @@ + + + + Test for Cross domain access to properties + + + + +

+
+
+
+ + diff --git a/netwerk/test/mochitests/test_documentcookies_maxage.html b/netwerk/test/mochitests/test_documentcookies_maxage.html new file mode 100644 index 0000000000..eb130b2fed --- /dev/null +++ b/netwerk/test/mochitests/test_documentcookies_maxage.html @@ -0,0 +1,149 @@ + + + + + Test for document.cookie max-age pref + + + + + + +

+ +
+
+ + diff --git a/netwerk/test/mochitests/test_fetch_lnk.html b/netwerk/test/mochitests/test_fetch_lnk.html new file mode 100644 index 0000000000..e1154a5951 --- /dev/null +++ b/netwerk/test/mochitests/test_fetch_lnk.html @@ -0,0 +1,17 @@ + + +Downloading .lnk through HTTP should always download the file without parsing it + + + diff --git a/netwerk/test/mochitests/test_idn_redirect.html b/netwerk/test/mochitests/test_idn_redirect.html new file mode 100644 index 0000000000..cc920665b3 --- /dev/null +++ b/netwerk/test/mochitests/test_idn_redirect.html @@ -0,0 +1,35 @@ + + + + + Test for URI Manipulation + + + + + +
+
+
+
+
diff --git a/netwerk/test/mochitests/test_image.html b/netwerk/test/mochitests/test_image.html
new file mode 100644
index 0000000000..db75cdbca5
--- /dev/null
+++ b/netwerk/test/mochitests/test_image.html
@@ -0,0 +1,14 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_loadflags.html b/netwerk/test/mochitests/test_loadflags.html
new file mode 100644
index 0000000000..fba93102ea
--- /dev/null
+++ b/netwerk/test/mochitests/test_loadflags.html
@@ -0,0 +1,21 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+  
+
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_loadinfo_redirectchain.html b/netwerk/test/mochitests/test_loadinfo_redirectchain.html
new file mode 100644
index 0000000000..a657ce678c
--- /dev/null
+++ b/netwerk/test/mochitests/test_loadinfo_redirectchain.html
@@ -0,0 +1,269 @@
+
+
+
+  Bug 1194052 - Append Principal to RedirectChain within LoadInfo before the channel is succesfully openend
+  
+  
+  
+
+
+
+
+
+
+
diff --git a/netwerk/test/mochitests/test_origin_header.html b/netwerk/test/mochitests/test_origin_header.html
new file mode 100644
index 0000000000..f90887ddf0
--- /dev/null
+++ b/netwerk/test/mochitests/test_origin_header.html
@@ -0,0 +1,398 @@
+
+
+
+
+     Bug 446344 - Test Origin Header
+    
+    
+
+
+
+
Mozilla Bug 446344

+
+

+
+
+

+
+
+    
+    
+    
+    
+    
+    
+
+
+    
+    
+    
+
+
+    
+    
+    
+
+

+        
+        

+            
+        

+    		
+        
+        

+            
+        

+    		
+        
+        

+            
+        

+    		
+        
+        

+            
+        

+    		
+        
+        

+            
+        

+    		
+        
+        

+            
+        

+    

+        
+        
Non-sandboxed iframe

+    		
+        
+        
Non-sandboxed cross-origin iframe

+    		
+        
+        
Sandboxed iframe

+    

+        
+        
Srcdoc iframe

+    		
+        
+        
Srcdoc cross-origin iframe

+    		
+        
+        
data: URI iframe

+    

+
+
+
diff --git a/netwerk/test/mochitests/test_partially_cached_content.html b/netwerk/test/mochitests/test_partially_cached_content.html
new file mode 100644
index 0000000000..8b6df555f8
--- /dev/null
+++ b/netwerk/test/mochitests/test_partially_cached_content.html
@@ -0,0 +1,95 @@
+
+
+
+
+  
+  Test for Bug 497003: support sending OnDataAvailable() to other threads
+  
+  
+
+
+  
Mozilla Bug 497003: support sending OnDataAvailable() to other threads

+  

+
+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_redirect_ref.html b/netwerk/test/mochitests/test_redirect_ref.html
new file mode 100644
index 0000000000..0b234695d4
--- /dev/null
+++ b/netwerk/test/mochitests/test_redirect_ref.html
@@ -0,0 +1,29 @@
+
+
+
+   Bug 1234575 - Test redirect ref
+  
+  
+
+
+
+
+
+
+
+
diff --git a/netwerk/test/mochitests/test_rel_preconnect.html b/netwerk/test/mochitests/test_rel_preconnect.html
new file mode 100644
index 0000000000..c7e0bada07
--- /dev/null
+++ b/netwerk/test/mochitests/test_rel_preconnect.html
@@ -0,0 +1,61 @@
+
+
+
+
+  Test for link rel=preconnect
+  
+  
+
+
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain.html b/netwerk/test/mochitests/test_same_base_domain.html
new file mode 100644
index 0000000000..bcf069e8be
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain_2.html b/netwerk/test/mochitests/test_same_base_domain_2.html
new file mode 100644
index 0000000000..5647831c29
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain_2.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain_3.html b/netwerk/test/mochitests/test_same_base_domain_3.html
new file mode 100644
index 0000000000..62a4cfba95
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain_3.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain_4.html b/netwerk/test/mochitests/test_same_base_domain_4.html
new file mode 100644
index 0000000000..87fbb1c720
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain_4.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain_5.html b/netwerk/test/mochitests/test_same_base_domain_5.html
new file mode 100644
index 0000000000..7e4d2e3b1f
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain_5.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_same_base_domain_6.html b/netwerk/test/mochitests/test_same_base_domain_6.html
new file mode 100644
index 0000000000..195c38657b
--- /dev/null
+++ b/netwerk/test/mochitests/test_same_base_domain_6.html
@@ -0,0 +1,26 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+  
+
+

+
+
diff --git a/netwerk/test/mochitests/test_samedomain.html b/netwerk/test/mochitests/test_samedomain.html
new file mode 100644
index 0000000000..82aace8bab
--- /dev/null
+++ b/netwerk/test/mochitests/test_samedomain.html
@@ -0,0 +1,15 @@
+
+
+
+  Test for Cross domain access to properties
+  
+  
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_uri_scheme.html b/netwerk/test/mochitests/test_uri_scheme.html
new file mode 100644
index 0000000000..b0c247f336
--- /dev/null
+++ b/netwerk/test/mochitests/test_uri_scheme.html
@@ -0,0 +1,50 @@
+
+
+
+
+  Test for URI Manipulation
+  
+  
+
+
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_url_perf.html b/netwerk/test/mochitests/test_url_perf.html
new file mode 100644
index 0000000000..c403398f06
--- /dev/null
+++ b/netwerk/test/mochitests/test_url_perf.html
@@ -0,0 +1,75 @@
+
+
+
+  Networking performance test: url parsing
+
+
+
+
+
+
diff --git a/netwerk/test/mochitests/test_viewsource_unlinkable.html b/netwerk/test/mochitests/test_viewsource_unlinkable.html
new file mode 100644
index 0000000000..f4c4064183
--- /dev/null
+++ b/netwerk/test/mochitests/test_viewsource_unlinkable.html
@@ -0,0 +1,25 @@
+
+
+
+
+  Test for view-source linkability
+  
+  
+
+
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/test_xhr_method_case.html b/netwerk/test/mochitests/test_xhr_method_case.html
new file mode 100644
index 0000000000..ddb830328c
--- /dev/null
+++ b/netwerk/test/mochitests/test_xhr_method_case.html
@@ -0,0 +1,65 @@
+
+
+
+
+  Test for XHR Method casing
+  
+  
+
+
+
+
+

+
+
+

+
+
diff --git a/netwerk/test/mochitests/web_packaged_app.sjs b/netwerk/test/mochitests/web_packaged_app.sjs
new file mode 100644
index 0000000000..772b8a0835
--- /dev/null
+++ b/netwerk/test/mochitests/web_packaged_app.sjs
@@ -0,0 +1,47 @@
+function handleRequest(request, response) {
+  response.setHeader("Content-Type", "application/package", false);
+  response.write(octetStreamData.getData());
+}
+
+// The package content
+// getData formats it as described at http://www.w3.org/TR/web-packaging/#streamable-package-format
+var octetStreamData = {
+  content: [
+    {
+      headers: ["Content-Location: /index.html", "Content-Type: text/html"],
+      data: "\r\n  \r\n    \r\n\r\n  Web Packaged App Index\r\n\r\n",
+      type: "text/html",
+    },
+    {
+      headers: [
+        "Content-Location: /scripts/app.js",
+        "Content-Type: text/javascript",
+      ],
+      data: "module Math from '/scripts/helpers/math.js';\r\n...\r\n",
+      type: "text/javascript",
+    },
+    {
+      headers: [
+        "Content-Location: /scripts/helpers/math.js",
+        "Content-Type: text/javascript",
+      ],
+      data: "export function sum(nums) { ... }\r\n...\r\n",
+      type: "text/javascript",
+    },
+  ],
+  token: "gc0pJq0M:08jU534c0p",
+  getData() {
+    var str = "";
+    for (var i in this.content) {
+      str += "--" + this.token + "\r\n";
+      for (var j in this.content[i].headers) {
+        str += this.content[i].headers[j] + "\r\n";
+      }
+      str += "\r\n";
+      str += this.content[i].data + "\r\n";
+    }
+
+    str += "--" + this.token + "--";
+    return str;
+  },
+};
diff --git a/netwerk/test/moz.build b/netwerk/test/moz.build
new file mode 100644
index 0000000000..864d1f5b87
--- /dev/null
+++ b/netwerk/test/moz.build
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += ["httpserver", "gtest", "http3server"]
+
+BROWSER_CHROME_MANIFESTS += [
+    "browser/browser.toml",
+    "useragent/browser_nonsnap.toml",
+    "useragent/browser_snap.toml",
+]
+MOCHITEST_MANIFESTS += ["mochitests/mochitest.toml"]
+
+XPCSHELL_TESTS_MANIFESTS += [
+    "unit/node_execute/xpcshell.toml",
+    "unit/xpcshell.toml",
+    "unit_ipc/xpcshell.toml",
+]
+
+TESTING_JS_MODULES += [
+    "browser/cookie_filtering_helper.sys.mjs",
+    "browser/early_hint_preload_test_helper.sys.mjs",
+    "unit/test_http3_prio_helpers.js",
+]
+
+PERFTESTS_MANIFESTS += ["perf/perftest.toml", "unit/perftest.toml"]
+
+MARIONETTE_MANIFESTS += ["marionette/manifest.toml"]
+
+if CONFIG["FUZZING_INTERFACES"]:
+    TEST_DIRS += ["fuzz"]
diff --git a/netwerk/test/perf/.eslintrc.js b/netwerk/test/perf/.eslintrc.js
new file mode 100644
index 0000000000..f040032509
--- /dev/null
+++ b/netwerk/test/perf/.eslintrc.js
@@ -0,0 +1,12 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+module.exports = {
+  env: {
+    browser: true,
+    node: true,
+  },
+};
diff --git a/netwerk/test/perf/hooks_throttling.py b/netwerk/test/perf/hooks_throttling.py
new file mode 100644
index 0000000000..5f46b3f0d3
--- /dev/null
+++ b/netwerk/test/perf/hooks_throttling.py
@@ -0,0 +1,202 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"""
+Drives the throttling feature when the test calls our
+controlled server.
+"""
+import http.client
+import json
+import os
+import sys
+import time
+from urllib.parse import urlparse
+
+from mozperftest.test.browsertime import add_option
+from mozperftest.utils import get_tc_secret
+
+ENDPOINTS = {
+    "linux": "h3.dev.mozaws.net",
+    "darwin": "h3.mac.dev.mozaws.net",
+    "win32": "h3.win.dev.mozaws.net",
+}
+CTRL_SERVER = ENDPOINTS[sys.platform]
+TASK_CLUSTER = "TASK_ID" in os.environ.keys()
+_SECRET = {
+    "throttler_host": f"https://{CTRL_SERVER}/_throttler",
+    "throttler_key": os.environ.get("WEBNETEM_KEY", ""),
+}
+if TASK_CLUSTER:
+    _SECRET.update(get_tc_secret())
+
+if _SECRET["throttler_key"] == "":
+    if TASK_CLUSTER:
+        raise Exception("throttler_key not found in secret")
+    raise Exception("WEBNETEM_KEY not set")
+
+_TIMEOUT = 30
+WAIT_TIME = 60 * 10
+IDLE_TIME = 10
+BREATHE_TIME = 20
+
+
+class Throttler:
+    def __init__(self, env, host, key):
+        self.env = env
+        self.host = host
+        self.key = key
+        self.verbose = env.get_arg("verbose", False)
+        self.logger = self.verbose and self.env.info or self.env.debug
+
+    def log(self, msg):
+        self.logger("[throttler] " + msg)
+
+    def _request(self, action, data=None):
+        kw = {}
+        headers = {b"X-WEBNETEM-KEY": self.key}
+        verb = data is None and "GET" or "POST"
+        if data is not None:
+            data = json.dumps(data)
+            headers[b"Content-type"] = b"application/json"
+
+        parsed = urlparse(self.host)
+        server = parsed.netloc
+        path = parsed.path
+        if action != "status":
+            path += "/" + action
+
+        self.log(f"Calling {verb} {path}")
+        conn = http.client.HTTPSConnection(server, timeout=_TIMEOUT)
+        conn.request(verb, path, body=data, headers=headers, **kw)
+        resp = conn.getresponse()
+        res = resp.read()
+        if resp.status >= 400:
+            raise Exception(res)
+        res = json.loads(res)
+        return res
+
+    def start(self, data=None):
+        self.log("Starting")
+        now = time.time()
+        acquired = False
+
+        while time.time() - now < WAIT_TIME:
+            status = self._request("status")
+            if status.get("test_running"):
+                # a test is running
+                self.log("A test is already controlling the server")
+                self.log(f"Waiting {IDLE_TIME} seconds")
+            else:
+                try:
+                    self._request("start_test")
+                    acquired = True
+                    break
+                except Exception:
+                    # we got beat in the race
+                    self.log("Someone else beat us")
+            time.sleep(IDLE_TIME)
+
+        if not acquired:
+            raise Exception("Could not acquire the test server")
+
+        if data is not None:
+            self._request("shape", data)
+
+    def stop(self):
+        self.log("Stopping")
+        try:
+            self._request("reset")
+        finally:
+            self._request("stop_test")
+
+
+def get_throttler(env):
+    host = _SECRET["throttler_host"]
+    key = _SECRET["throttler_key"].encode()
+    return Throttler(env, host, key)
+
+
+_PROTOCOL = "h2", "h3"
+_PAGE = "gallery", "news", "shopping", "photoblog"
+
+# set the network condition here.
+# each item has a name and some netem options:
+#
+# loss_ratio: specify percentage of packets that will be lost
+# loss_corr: specify a correlation factor for the random packet loss
+# dup_ratio: specify percentage of packets that will be duplicated
+# delay: specify an overall delay for each packet
+# jitter: specify amount of jitter in milliseconds
+# delay_jitter_corr: specify a correlation factor for the random jitter
+# reorder_ratio: specify percentage of packets that will be reordered
+# reorder_corr: specify a correlation factor for the random reordering
+#
+_THROTTLING = (
+    {"name": "full"},  # no throttling.
+    {"name": "one", "delay": "20"},
+    {"name": "two", "delay": "50"},
+    {"name": "three", "delay": "100"},
+    {"name": "four", "delay": "200"},
+    {"name": "five", "delay": "300"},
+)
+
+
+def get_test():
+    """Iterate on test conditions.
+
+    For each cycle, we return a combination of: protocol, page, throttling
+    settings. Each combination has a name, and that name will be used along with
+    the protocol as a prefix for each metrics.
+    """
+    for proto in _PROTOCOL:
+        for page in _PAGE:
+            url = f"https://{CTRL_SERVER}/{page}.html"
+            for throttler_settings in _THROTTLING:
+                yield proto, page, url, throttler_settings
+
+
+combo = get_test()
+
+
+def before_cycle(metadata, env, cycle, script):
+    global combo
+    if "throttlable" not in script["tags"]:
+        return
+    throttler = get_throttler(env)
+    try:
+        proto, page, url, throttler_settings = next(combo)
+    except StopIteration:
+        combo = get_test()
+        proto, page, url, throttler_settings = next(combo)
+
+    # setting the url for the browsertime script
+    add_option(env, "browsertime.url", url, overwrite=True)
+
+    # enabling http if needed
+    if proto == "h3":
+        add_option(env, "firefox.preference", "network.http.http3.enable:true")
+
+    # prefix used to differenciate metrics
+    name = throttler_settings["name"]
+    script["name"] = f"{name}_{proto}_{page}"
+
+    # throttling the controlled server if needed
+    if throttler_settings != {"name": "full"}:
+        env.info("Calling the controlled server")
+        throttler.start(throttler_settings)
+    else:
+        env.info("No throttling for this call")
+        throttler.start()
+
+
+def after_cycle(metadata, env, cycle, script):
+    if "throttlable" not in script["tags"]:
+        return
+    throttler = get_throttler(env)
+    try:
+        throttler.stop()
+    except Exception:
+        pass
+
+    # give a chance for a competitive job to take over
+    time.sleep(BREATHE_TIME)
diff --git a/netwerk/test/perf/perftest.toml b/netwerk/test/perf/perftest.toml
new file mode 100644
index 0000000000..f15f441465
--- /dev/null
+++ b/netwerk/test/perf/perftest.toml
@@ -0,0 +1,17 @@
+[DEFAULT]
+
+["perftest_http3_cloudflareblog.js"]
+
+["perftest_http3_controlled.js"]
+
+["perftest_http3_facebook_scroll.js"]
+
+["perftest_http3_google_image.js"]
+
+["perftest_http3_google_search.js"]
+
+["perftest_http3_lucasquicfetch.js"]
+
+["perftest_http3_youtube_watch.js"]
+
+["perftest_http3_youtube_watch_scroll.js"]
diff --git a/netwerk/test/perf/perftest_http3_cloudflareblog.js b/netwerk/test/perf/perftest_http3_cloudflareblog.js
new file mode 100644
index 0000000000..4bbea56bbd
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_cloudflareblog.js
@@ -0,0 +1,56 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function test(context, commands) {
+  let rootUrl = "https://blog.cloudflare.com/";
+  let waitTime = 1000;
+
+  if (
+    (typeof context.options.browsertime !== "undefined") &
+    (typeof context.options.browsertime.waitTime !== "undefined")
+  ) {
+    waitTime = context.options.browsertime.waitTime;
+  }
+
+  // Make firefox learn of HTTP/3 server
+  // XXX: Need to build an HTTP/3-specific conditioned profile
+  // to handle these pre-navigations.
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    // Measure initial pageload
+    await commands.measure.start("pageload");
+    await commands.navigate(rootUrl);
+    await commands.measure.stop();
+    commands.measure.result[0].browserScripts.pageinfo.url =
+      "Cloudflare Blog - Main";
+
+    // Wait for X seconds
+    await commands.wait.byTime(waitTime);
+
+    // Measure navigation pageload
+    await commands.measure.start("pageload");
+    await commands.click.byJsAndWait(`
+      document.querySelectorAll("article")[0].querySelector("a")
+    `);
+    await commands.measure.stop();
+    commands.measure.result[1].browserScripts.pageinfo.url =
+      "Cloudflare Blog - Article";
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  name: "cloudflare",
+  component: "netwerk",
+  description: "User-journey live site test for cloudflare blog.",
+};
diff --git a/netwerk/test/perf/perftest_http3_controlled.js b/netwerk/test/perf/perftest_http3_controlled.js
new file mode 100644
index 0000000000..243c314b5b
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_controlled.js
@@ -0,0 +1,32 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function test(context, commands) {
+  let url = context.options.browsertime.url;
+
+  // Make firefox learn of HTTP/3 server
+  // XXX: Need to build an HTTP/3-specific conditioned profile
+  // to handle these pre-navigations.
+  await commands.navigate(url);
+
+  // Measure initial pageload
+  await commands.measure.start("pageload");
+  await commands.navigate(url);
+  await commands.measure.stop();
+  commands.measure.result[0].browserScripts.pageinfo.url = url;
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  name: "controlled",
+  description: "User-journey live site test for controlled server",
+  tags: ["throttlable"],
+};
diff --git a/netwerk/test/perf/perftest_http3_facebook_scroll.js b/netwerk/test/perf/perftest_http3_facebook_scroll.js
new file mode 100644
index 0000000000..7e736a0f5f
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_facebook_scroll.js
@@ -0,0 +1,165 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function captureNetworkRequest(commands) {
+  var capture_network_request = [];
+  var capture_resource = await commands.js.run(`
+    return performance.getEntriesByType("resource");
+  `);
+  for (var i = 0; i < capture_resource.length; i++) {
+    capture_network_request.push(capture_resource[i].name);
+  }
+  return capture_network_request;
+}
+
+async function waitForScrollRequestsEnd(
+  prevCount,
+  maxStableCount,
+  timeout,
+  commands,
+  context
+) {
+  let starttime = await commands.js.run(`return performance.now();`);
+  let endtime = await commands.js.run(`return performance.now();`);
+  let changing = true;
+  let newCount = -1;
+  let stableCount = 0;
+
+  while (
+    ((await commands.js.run(`return performance.now();`)) - starttime <
+      timeout) &
+    changing
+  ) {
+    // Wait a bit before making another round
+    await commands.wait.byTime(100);
+    newCount = (await captureNetworkRequest(commands)).length;
+    context.log.debug(`${newCount}, ${prevCount}, ${stableCount}`);
+
+    // Check if we are approaching stability
+    if (newCount == prevCount) {
+      // Gather the end time now
+      if (stableCount == 0) {
+        endtime = await commands.js.run(`return performance.now();`);
+      }
+      stableCount++;
+    } else {
+      prevCount = newCount;
+      stableCount = 0;
+    }
+
+    if (stableCount >= maxStableCount) {
+      // Stability achieved
+      changing = false;
+    }
+  }
+
+  return {
+    start: starttime,
+    end: endtime,
+    numResources: newCount,
+  };
+}
+
+async function test(context, commands) {
+  let rootUrl = "https://www.facebook.com/lambofgod/";
+  let waitTime = 1000;
+  let numScrolls = 5;
+
+  const average = arr => arr.reduce((p, c) => p + c, 0) / arr.length;
+
+  if (typeof context.options.browsertime !== "undefined") {
+    if (typeof context.options.browsertime.waitTime !== "undefined") {
+      waitTime = context.options.browsertime.waitTime;
+    }
+    if (typeof context.options.browsertime.numScrolls !== "undefined") {
+      numScrolls = context.options.browsertime.numScrolls;
+    }
+  }
+
+  // Make firefox learn of HTTP/3 server
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    // Measure the pageload
+    await commands.measure.start("pageload");
+    await commands.navigate(rootUrl);
+    await commands.measure.stop();
+
+    // Initial scroll to make the new user popup show
+    await commands.js.runAndWait(
+      `window.scrollTo({ top: 1000, behavior: 'smooth' })`
+    );
+    await commands.wait.byTime(1000);
+    await commands.click.byLinkTextAndWait("Not Now");
+
+    let vals = [];
+    let badIterations = 0;
+    for (let iteration = 0; iteration < numScrolls; iteration++) {
+      // Clear old resources
+      await commands.js.run(`performance.clearResourceTimings();`);
+
+      // Get current resource count
+      let currCount = (await captureNetworkRequest(commands)).length;
+
+      // Scroll to a ridiculously high value for "infinite" down-scrolling
+      commands.js.runAndWait(`
+        window.scrollTo({ top: 100000000 })
+      `);
+
+      /*
+      The maxStableCount of 22 was chosen as a trade-off between fast iterations
+      and minimizing the number of bad iterations.
+      */
+      let newInfo = await waitForScrollRequestsEnd(
+        currCount,
+        22,
+        120000,
+        commands,
+        context
+      );
+
+      // Gather metrics
+      let ndiff = newInfo.numResources - currCount;
+      let tdiff = (newInfo.end - newInfo.start) / 1000;
+
+      // Check if we had a bad iteration
+      if (ndiff == 0) {
+        context.log.info("Bad iteration, redoing...");
+        iteration--;
+        badIterations++;
+        if (badIterations == 5) {
+          throw new Error("Too many bad scroll iterations occurred");
+        }
+        continue;
+      }
+
+      vals.push(ndiff / tdiff);
+
+      // Wait X seconds before scrolling again
+      await commands.wait.byTime(waitTime);
+    }
+
+    if (!vals.length) {
+      throw new Error("No requestsPerSecond values were obtained");
+    }
+
+    commands.measure.result[0].browserScripts.pageinfo.requestsPerSecond =
+      average(vals);
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  component: "netwerk",
+  name: "facebook-scroll",
+  description: "Measures the number of requests per second after a scroll.",
+};
diff --git a/netwerk/test/perf/perftest_http3_google_image.js b/netwerk/test/perf/perftest_http3_google_image.js
new file mode 100644
index 0000000000..8d0f788245
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_google_image.js
@@ -0,0 +1,190 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function getNumImagesLoaded(elementSelector, commands) {
+  return commands.js.run(`
+    let sum = 0;
+    document.querySelectorAll(${elementSelector}).forEach(e => {
+      sum += e.complete & e.naturalHeight != 0;
+    });
+    return sum;
+  `);
+}
+
+async function waitForImgLoadEnd(
+  prevCount,
+  maxStableCount,
+  iterationDelay,
+  timeout,
+  commands,
+  context,
+  counter,
+  elementSelector
+) {
+  let starttime = await commands.js.run(`return performance.now();`);
+  let endtime = await commands.js.run(`return performance.now();`);
+  let changing = true;
+  let newCount = -1;
+  let stableCount = 0;
+
+  while (
+    ((await commands.js.run(`return performance.now();`)) - starttime <
+      timeout) &
+    changing
+  ) {
+    // Wait a bit before making another round
+    await commands.wait.byTime(iterationDelay);
+    newCount = await counter(elementSelector, commands);
+    context.log.debug(`${newCount}, ${prevCount}, ${stableCount}`);
+
+    // Check if we are approaching stability
+    if (newCount == prevCount) {
+      // Gather the end time now
+      if (stableCount == 0) {
+        endtime = await commands.js.run(`return performance.now();`);
+      }
+      stableCount++;
+    } else {
+      prevCount = newCount;
+      stableCount = 0;
+    }
+
+    if (stableCount >= maxStableCount) {
+      // Stability achieved
+      changing = false;
+    }
+  }
+
+  return {
+    start: starttime,
+    end: endtime,
+    numResources: newCount,
+  };
+}
+
+async function test(context, commands) {
+  let rootUrl = "https://www.google.com/search?q=kittens&tbm=isch";
+  let waitTime = 1000;
+  let numScrolls = 10;
+
+  const average = arr => arr.reduce((p, c) => p + c, 0) / arr.length;
+
+  if (typeof context.options.browsertime !== "undefined") {
+    if (typeof context.options.browsertime.waitTime !== "undefined") {
+      waitTime = context.options.browsertime.waitTime;
+    }
+    if (typeof context.options.browsertime.numScrolls !== "undefined") {
+      numScrolls = context.options.browsertime.numScrolls;
+    }
+  }
+
+  // Make firefox learn of HTTP/3 server
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    // Measure the pageload
+    await commands.measure.start("pageload");
+    await commands.navigate(rootUrl);
+    await commands.measure.stop();
+
+    async function getHeight() {
+      return commands.js.run(`return document.body.scrollHeight;`);
+    }
+
+    let vals = [];
+    let badIterations = 0;
+    let prevHeight = 0;
+    for (let iteration = 0; iteration < numScrolls; iteration++) {
+      // Get current image count
+      let currCount = await getNumImagesLoaded(`".isv-r img"`, commands);
+      prevHeight = await getHeight();
+
+      // Scroll to a ridiculously high value for "infinite" down-scrolling
+      commands.js.runAndWait(`
+        window.scrollTo({ top: 100000000 })
+      `);
+
+      /*
+      The maxStableCount of 22 was chosen as a trade-off between fast iterations
+      and minimizing the number of bad iterations.
+      */
+      let results = await waitForImgLoadEnd(
+        currCount,
+        22,
+        100,
+        120000,
+        commands,
+        context,
+        getNumImagesLoaded,
+        `".isv-r img"`
+      );
+
+      // Gather metrics
+      let ndiff = results.numResources - currCount;
+      let tdiff = (results.end - results.start) / 1000;
+
+      // Check if we had a bad iteration
+      if (ndiff == 0) {
+        // Check if the end of the search results was reached
+        if (prevHeight == (await getHeight())) {
+          context.log.info("Reached end of page.");
+          break;
+        }
+        context.log.info("Bad iteration, redoing...");
+        iteration--;
+        badIterations++;
+        if (badIterations == 5) {
+          throw new Error("Too many bad scroll iterations occurred");
+        }
+        continue;
+      }
+
+      context.log.info(`${ndiff}, ${tdiff}`);
+      vals.push(ndiff / tdiff);
+
+      // Wait X seconds before scrolling again
+      await commands.wait.byTime(waitTime);
+    }
+
+    if (!vals.length) {
+      throw new Error("No requestsPerSecond values were obtained");
+    }
+
+    commands.measure.result[0].browserScripts.pageinfo.imagesPerSecond =
+      average(vals);
+
+    // Test clicking and and opening an image
+    await commands.wait.byTime(waitTime);
+    commands.click.byJs(`
+      const links = document.querySelectorAll(".islib"); links[links.length-1]
+    `);
+    let results = await waitForImgLoadEnd(
+      0,
+      22,
+      50,
+      120000,
+      commands,
+      context,
+      getNumImagesLoaded,
+      `"#islsp img"`
+    );
+    commands.measure.result[0].browserScripts.pageinfo.imageLoadTime =
+      results.end - results.start;
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  component: "netwerk",
+  name: "g-image",
+  description: "Measures the number of images per second after a scroll.",
+};
diff --git a/netwerk/test/perf/perftest_http3_google_search.js b/netwerk/test/perf/perftest_http3_google_search.js
new file mode 100644
index 0000000000..8183e3a152
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_google_search.js
@@ -0,0 +1,73 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function test(context, commands) {
+  let rootUrl = "https://www.google.com/";
+  let waitTime = 1000;
+  const driver = context.selenium.driver;
+  const webdriver = context.selenium.webdriver;
+
+  if (
+    (typeof context.options.browsertime !== "undefined") &
+    (typeof context.options.browsertime.waitTime !== "undefined")
+  ) {
+    waitTime = context.options.browsertime.waitTime;
+  }
+
+  // Make firefox learn of HTTP/3 server
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    await commands.navigate(rootUrl);
+    await commands.wait.byTime(1000);
+
+    // Set up the search
+    context.log.info("Setting up search");
+    const searchfield = driver.findElement(webdriver.By.name("q"));
+    searchfield.sendKeys("Python\n");
+    await commands.wait.byTime(5000);
+
+    // Measure the search time
+    context.log.info("Start search");
+    await commands.measure.start("pageload");
+    await commands.click.byJs(`document.querySelector("input[name='btnK']")`);
+    await commands.wait.byTime(5000);
+    await commands.measure.stop();
+    context.log.info("Done");
+
+    commands.measure.result[0].browserScripts.pageinfo.url =
+      "Google Search (Python)";
+
+    // Wait for X seconds
+    context.log.info(`Waiting for ${waitTime} milliseconds`);
+    await commands.wait.byTime(waitTime);
+
+    // Go to the next search page and measure
+    context.log.info("Going to second page of search results");
+    await commands.measure.start("pageload");
+    await commands.click.byIdAndWait("pnnext");
+
+    // XXX: Increase wait time when we add latencies
+    await commands.wait.byTime(3000);
+    await commands.measure.stop();
+
+    commands.measure.result[1].browserScripts.pageinfo.url =
+      "Google Search (Python) - Next Page";
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  component: "netwerk",
+  name: "g-search",
+  description: "User-journey live site test for google search",
+};
diff --git a/netwerk/test/perf/perftest_http3_lucasquicfetch.js b/netwerk/test/perf/perftest_http3_lucasquicfetch.js
new file mode 100644
index 0000000000..49a5b4c824
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_lucasquicfetch.js
@@ -0,0 +1,134 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function getNumLoaded(commands) {
+  return commands.js.run(`
+    let sum = 0;
+    document.querySelectorAll("#imgContainer img").forEach(e => {
+      sum += e.complete & e.naturalHeight != 0;
+    });
+    return sum;
+  `);
+}
+
+async function waitForImgLoadEnd(
+  prevCount,
+  maxStableCount,
+  timeout,
+  commands,
+  context
+) {
+  let starttime = await commands.js.run(`return performance.now();`);
+  let endtime = await commands.js.run(`return performance.now();`);
+  let changing = true;
+  let newCount = -1;
+  let stableCount = 0;
+
+  while (
+    ((await commands.js.run(`return performance.now();`)) - starttime <
+      timeout) &
+    changing
+  ) {
+    // Wait a bit before making another round
+    await commands.wait.byTime(100);
+    newCount = await getNumLoaded(commands);
+    context.log.debug(`${newCount}, ${prevCount}, ${stableCount}`);
+
+    // Check if we are approaching stability
+    if (newCount == prevCount) {
+      // Gather the end time now
+      if (stableCount == 0) {
+        endtime = await commands.js.run(`return performance.now();`);
+      }
+      stableCount++;
+    } else {
+      prevCount = newCount;
+      stableCount = 0;
+    }
+
+    if (stableCount >= maxStableCount) {
+      // Stability achieved
+      changing = false;
+    }
+  }
+
+  return {
+    start: starttime,
+    end: endtime,
+    numResources: newCount,
+  };
+}
+
+async function test(context, commands) {
+  let rootUrl = "https://lucaspardue.com/quictilesfetch.html";
+  let cycles = 5;
+
+  if (
+    (typeof context.options.browsertime !== "undefined") &
+    (typeof context.options.browsertime.cycles !== "undefined")
+  ) {
+    cycles = context.options.browsertime.cycles;
+  }
+
+  // Make firefox learn of HTTP/3 server
+  // XXX: Need to build an HTTP/3-specific conditioned profile
+  // to handle these pre-navigations.
+  await commands.navigate(rootUrl);
+
+  let combos = [
+    [100, 1],
+    [100, 100],
+    [300, 300],
+  ];
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    for (let combo = 0; combo < combos.length; combo++) {
+      await commands.measure.start("pageload");
+      await commands.navigate(rootUrl);
+      await commands.measure.stop();
+      let last = commands.measure.result.length - 1;
+      commands.measure.result[
+        last
+      ].browserScripts.pageinfo.url = `LucasQUIC (r=${combos[combo][0]}, p=${combos[combo][1]})`;
+
+      // Set the input fields
+      await commands.js.runAndWait(`
+        document.querySelector("#maxReq").setAttribute(
+          "value",
+          ${combos[combo][0]}
+        )
+      `);
+      await commands.js.runAndWait(`
+        document.querySelector("#reqGroup").setAttribute(
+          "value",
+          ${combos[combo][1]}
+        )
+      `);
+
+      // Start the test and wait for the images to finish loading
+      commands.click.byJs(`document.querySelector("button")`);
+      let results = await waitForImgLoadEnd(0, 40, 120000, commands, context);
+
+      commands.measure.result[last].browserScripts.pageinfo.resourceLoadTime =
+        results.end - results.start;
+      commands.measure.result[last].browserScripts.pageinfo.imagesLoaded =
+        results.numResources;
+      commands.measure.result[last].browserScripts.pageinfo.imagesMissed =
+        combos[combo][0] - results.numResources;
+    }
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  name: "lq-fetch",
+  component: "netwerk",
+  description: "Measures the amount of time it takes to load a set of images.",
+};
diff --git a/netwerk/test/perf/perftest_http3_youtube_watch.js b/netwerk/test/perf/perftest_http3_youtube_watch.js
new file mode 100644
index 0000000000..1fd525941d
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_youtube_watch.js
@@ -0,0 +1,74 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function test(context, commands) {
+  let rootUrl = "https://www.youtube.com/watch?v=COU5T-Wafa4";
+  let waitTime = 20000;
+
+  if (
+    (typeof context.options.browsertime !== "undefined") &
+    (typeof context.options.browsertime.waitTime !== "undefined")
+  ) {
+    waitTime = context.options.browsertime.waitTime;
+  }
+
+  // Make firefox learn of HTTP/3 server
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    await commands.measure.start("pageload");
+    await commands.navigate(rootUrl);
+
+    // Make sure the video is running
+    if (
+      await commands.js.run(`return document.querySelector("video").paused;`)
+    ) {
+      throw new Error("Video should be running but it's paused");
+    }
+
+    // Disable youtube autoplay
+    await commands.click.byIdAndWait("toggleButton");
+
+    // Start playback quality measurements
+    const start = await commands.js.run(`return performance.now();`);
+    while (
+      !(await commands.js.run(`
+          return document.querySelector("video").ended;
+      `)) &
+      !(await commands.js.run(`
+          return document.querySelector("video").paused;
+      `)) &
+      ((await commands.js.run(`return performance.now();`)) - start < waitTime)
+    ) {
+      await commands.wait.byTime(5000);
+      context.log.info("playing...");
+    }
+
+    // Video done, now gather metrics
+    const playbackQuality = await commands.js.run(
+      `return document.querySelector("video").getVideoPlaybackQuality();`
+    );
+    await commands.measure.stop();
+
+    commands.measure.result[0].browserScripts.pageinfo.droppedFrames =
+      playbackQuality.droppedVideoFrames;
+    commands.measure.result[0].browserScripts.pageinfo.decodedFrames =
+      playbackQuality.totalVideoFrames;
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  component: "netwerk",
+  name: "youtube-noscroll",
+  description: "Measures quality of the video being played.",
+};
diff --git a/netwerk/test/perf/perftest_http3_youtube_watch_scroll.js b/netwerk/test/perf/perftest_http3_youtube_watch_scroll.js
new file mode 100644
index 0000000000..8f30fcc5e6
--- /dev/null
+++ b/netwerk/test/perf/perftest_http3_youtube_watch_scroll.js
@@ -0,0 +1,86 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+/* eslint-env node */
+
+/*
+Ensure the `--firefox.preference=network.http.http3.enable:true` is
+set for this test.
+*/
+
+async function test(context, commands) {
+  let rootUrl = "https://www.youtube.com/watch?v=COU5T-Wafa4";
+  let waitTime = 20000;
+
+  if (
+    (typeof context.options.browsertime !== "undefined") &
+    (typeof context.options.browsertime.waitTime !== "undefined")
+  ) {
+    waitTime = context.options.browsertime.waitTime;
+  }
+
+  // Make firefox learn of HTTP/3 server
+  await commands.navigate(rootUrl);
+
+  let cycles = 1;
+  for (let cycle = 0; cycle < cycles; cycle++) {
+    await commands.measure.start("pageload");
+    await commands.navigate(rootUrl);
+
+    // Make sure the video is running
+    // XXX: Should we start the video ourself?
+    if (
+      await commands.js.run(`return document.querySelector("video").paused;`)
+    ) {
+      throw new Error("Video should be running but it's paused");
+    }
+
+    // Disable youtube autoplay
+    await commands.click.byIdAndWait("toggleButton");
+
+    // Start playback quality measurements
+    const start = await commands.js.run(`return performance.now();`);
+    let counter = 1;
+    let direction = 0;
+    while (
+      !(await commands.js.run(`
+          return document.querySelector("video").ended;
+      `)) &
+      !(await commands.js.run(`
+          return document.querySelector("video").paused;
+      `)) &
+      ((await commands.js.run(`return performance.now();`)) - start < waitTime)
+    ) {
+      // Reset the scroll after going down 10 times
+      direction = counter * 1000;
+      if (direction > 10000) {
+        counter = -1;
+      }
+      counter++;
+
+      await commands.js.runAndWait(
+        `window.scrollTo({ top: ${direction}, behavior: 'smooth' })`
+      );
+      context.log.info("playing while scrolling...");
+    }
+
+    // Video done, now gather metrics
+    const playbackQuality = await commands.js.run(
+      `return document.querySelector("video").getVideoPlaybackQuality();`
+    );
+    await commands.measure.stop();
+
+    commands.measure.result[0].browserScripts.pageinfo.droppedFrames =
+      playbackQuality.droppedVideoFrames;
+    commands.measure.result[0].browserScripts.pageinfo.decodedFrames =
+      playbackQuality.totalVideoFrames;
+  }
+}
+
+module.exports = {
+  test,
+  owner: "Network Team",
+  component: "netwerk",
+  name: "youtube-scroll",
+  description: "Measures quality of the video being played.",
+};
diff --git a/netwerk/test/reftest/658949-1-ref.html b/netwerk/test/reftest/658949-1-ref.html
new file mode 100644
index 0000000000..6e6d7e25f6
--- /dev/null
+++ b/netwerk/test/reftest/658949-1-ref.html
@@ -0,0 +1 @@
+
diff --git a/netwerk/test/reftest/658949-1.html b/netwerk/test/reftest/658949-1.html
new file mode 100644
index 0000000000..f61c03a525
--- /dev/null
+++ b/netwerk/test/reftest/658949-1.html
@@ -0,0 +1 @@
+
diff --git a/netwerk/test/reftest/bug565432-1-ref.html b/netwerk/test/reftest/bug565432-1-ref.html
new file mode 100644
index 0000000000..fade48a48d
--- /dev/null
+++ b/netwerk/test/reftest/bug565432-1-ref.html
@@ -0,0 +1,11 @@
+
+Test newlines in href
+
diff --git a/netwerk/test/reftest/bug565432-1.html b/netwerk/test/reftest/bug565432-1.html
new file mode 100644
index 0000000000..26a7270d06
--- /dev/null
+++ b/netwerk/test/reftest/bug565432-1.html
@@ -0,0 +1,17 @@
+
+Test newlines in href
+
diff --git a/netwerk/test/reftest/reftest.list b/netwerk/test/reftest/reftest.list
new file mode 100644
index 0000000000..98b5d4fb9a
--- /dev/null
+++ b/netwerk/test/reftest/reftest.list
@@ -0,0 +1,2 @@
+== bug565432-1.html bug565432-1-ref.html
+== 658949-1.html 658949-1-ref.html
diff --git a/netwerk/test/unit/client-cert.p12 b/netwerk/test/unit/client-cert.p12
new file mode 100644
index 0000000000..0f0fd43eba
Binary files /dev/null and b/netwerk/test/unit/client-cert.p12 differ
diff --git a/netwerk/test/unit/client-cert.p12.pkcs12spec b/netwerk/test/unit/client-cert.p12.pkcs12spec
new file mode 100644
index 0000000000..548c1a6aa6
--- /dev/null
+++ b/netwerk/test/unit/client-cert.p12.pkcs12spec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:example.com
diff --git a/netwerk/test/unit/data/cookies_v10.sqlite b/netwerk/test/unit/data/cookies_v10.sqlite
new file mode 100644
index 0000000000..2301731f8e
Binary files /dev/null and b/netwerk/test/unit/data/cookies_v10.sqlite differ
diff --git a/netwerk/test/unit/data/image.png b/netwerk/test/unit/data/image.png
new file mode 100644
index 0000000000..e0c5d3d6a1
Binary files /dev/null and b/netwerk/test/unit/data/image.png differ
diff --git a/netwerk/test/unit/data/signed_win.exe b/netwerk/test/unit/data/signed_win.exe
new file mode 100644
index 0000000000..de3bb40e84
Binary files /dev/null and b/netwerk/test/unit/data/signed_win.exe differ
diff --git a/netwerk/test/unit/data/system_root.lnk b/netwerk/test/unit/data/system_root.lnk
new file mode 100644
index 0000000000..e5885ce9a5
Binary files /dev/null and b/netwerk/test/unit/data/system_root.lnk differ
diff --git a/netwerk/test/unit/data/test_psl.txt b/netwerk/test/unit/data/test_psl.txt
new file mode 100644
index 0000000000..fa6e0d4cec
--- /dev/null
+++ b/netwerk/test/unit/data/test_psl.txt
@@ -0,0 +1,98 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+
+// null input.
+checkPublicSuffix(null, null);
+// Mixed case.
+checkPublicSuffix('COM', null);
+checkPublicSuffix('example.COM', 'example.com');
+checkPublicSuffix('WwW.example.COM', 'example.com');
+// Leading dot.
+checkPublicSuffix('.com', null);
+checkPublicSuffix('.example', null);
+checkPublicSuffix('.example.com', null);
+checkPublicSuffix('.example.example', null);
+// Unlisted TLD.
+checkPublicSuffix('example', null);
+checkPublicSuffix('example.example', 'example.example');
+checkPublicSuffix('b.example.example', 'example.example');
+checkPublicSuffix('a.b.example.example', 'example.example');
+// Listed, but non-Internet, TLD.
+//checkPublicSuffix('local', null);
+//checkPublicSuffix('example.local', null);
+//checkPublicSuffix('b.example.local', null);
+//checkPublicSuffix('a.b.example.local', null);
+// TLD with only 1 rule.
+checkPublicSuffix('biz', null);
+checkPublicSuffix('domain.biz', 'domain.biz');
+checkPublicSuffix('b.domain.biz', 'domain.biz');
+checkPublicSuffix('a.b.domain.biz', 'domain.biz');
+// TLD with some 2-level rules.
+checkPublicSuffix('com', null);
+checkPublicSuffix('example.com', 'example.com');
+checkPublicSuffix('b.example.com', 'example.com');
+checkPublicSuffix('a.b.example.com', 'example.com');
+checkPublicSuffix('uk.com', null);
+checkPublicSuffix('example.uk.com', 'example.uk.com');
+checkPublicSuffix('b.example.uk.com', 'example.uk.com');
+checkPublicSuffix('a.b.example.uk.com', 'example.uk.com');
+checkPublicSuffix('test.ac', 'test.ac');
+// TLD with only 1 (wildcard) rule.
+checkPublicSuffix('bd', null);
+checkPublicSuffix('c.bd', null);
+checkPublicSuffix('b.c.bd', 'b.c.bd');
+checkPublicSuffix('a.b.c.bd', 'b.c.bd');
+// More complex TLD.
+checkPublicSuffix('jp', null);
+checkPublicSuffix('test.jp', 'test.jp');
+checkPublicSuffix('www.test.jp', 'test.jp');
+checkPublicSuffix('ac.jp', null);
+checkPublicSuffix('test.ac.jp', 'test.ac.jp');
+checkPublicSuffix('www.test.ac.jp', 'test.ac.jp');
+checkPublicSuffix('kyoto.jp', null);
+checkPublicSuffix('test.kyoto.jp', 'test.kyoto.jp');
+checkPublicSuffix('ide.kyoto.jp', null);
+checkPublicSuffix('b.ide.kyoto.jp', 'b.ide.kyoto.jp');
+checkPublicSuffix('a.b.ide.kyoto.jp', 'b.ide.kyoto.jp');
+checkPublicSuffix('c.kobe.jp', null);
+checkPublicSuffix('b.c.kobe.jp', 'b.c.kobe.jp');
+checkPublicSuffix('a.b.c.kobe.jp', 'b.c.kobe.jp');
+checkPublicSuffix('city.kobe.jp', 'city.kobe.jp');
+checkPublicSuffix('www.city.kobe.jp', 'city.kobe.jp');
+// TLD with a wildcard rule and exceptions.
+checkPublicSuffix('ck', null);
+checkPublicSuffix('test.ck', null);
+checkPublicSuffix('b.test.ck', 'b.test.ck');
+checkPublicSuffix('a.b.test.ck', 'b.test.ck');
+checkPublicSuffix('www.ck', 'www.ck');
+checkPublicSuffix('www.www.ck', 'www.ck');
+// US K12.
+checkPublicSuffix('us', null);
+checkPublicSuffix('test.us', 'test.us');
+checkPublicSuffix('www.test.us', 'test.us');
+checkPublicSuffix('ak.us', null);
+checkPublicSuffix('test.ak.us', 'test.ak.us');
+checkPublicSuffix('www.test.ak.us', 'test.ak.us');
+checkPublicSuffix('k12.ak.us', null);
+checkPublicSuffix('test.k12.ak.us', 'test.k12.ak.us');
+checkPublicSuffix('www.test.k12.ak.us', 'test.k12.ak.us');
+// IDN labels.
+checkPublicSuffix('食狮.com.cn', '食狮.com.cn');
+checkPublicSuffix('食狮.公司.cn', '食狮.公司.cn');
+checkPublicSuffix('www.食狮.公司.cn', '食狮.公司.cn');
+checkPublicSuffix('shishi.公司.cn', 'shishi.公司.cn');
+checkPublicSuffix('公司.cn', null);
+checkPublicSuffix('食狮.中国', '食狮.中国');
+checkPublicSuffix('www.食狮.中国', '食狮.中国');
+checkPublicSuffix('shishi.中国', 'shishi.中国');
+checkPublicSuffix('中国', null);
+// Same as above, but punycoded.
+checkPublicSuffix('xn--85x722f.com.cn', 'xn--85x722f.com.cn');
+checkPublicSuffix('xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn');
+checkPublicSuffix('www.xn--85x722f.xn--55qx5d.cn', 'xn--85x722f.xn--55qx5d.cn');
+checkPublicSuffix('shishi.xn--55qx5d.cn', 'shishi.xn--55qx5d.cn');
+checkPublicSuffix('xn--55qx5d.cn', null);
+checkPublicSuffix('xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s');
+checkPublicSuffix('www.xn--85x722f.xn--fiqs8s', 'xn--85x722f.xn--fiqs8s');
+checkPublicSuffix('shishi.xn--fiqs8s', 'shishi.xn--fiqs8s');
+checkPublicSuffix('xn--fiqs8s', null);
diff --git a/netwerk/test/unit/data/test_readline1.txt b/netwerk/test/unit/data/test_readline1.txt
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/netwerk/test/unit/data/test_readline2.txt b/netwerk/test/unit/data/test_readline2.txt
new file mode 100644
index 0000000000..67c3297611
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline2.txt
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/netwerk/test/unit/data/test_readline3.txt b/netwerk/test/unit/data/test_readline3.txt
new file mode 100644
index 0000000000..decdc51878
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline3.txt
@@ -0,0 +1,3 @@
+
+



+
diff --git a/netwerk/test/unit/data/test_readline4.txt b/netwerk/test/unit/data/test_readline4.txt
new file mode 100644
index 0000000000..ca25c36540
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline4.txt
@@ -0,0 +1,3 @@
+1
+
23
456

+78901
diff --git a/netwerk/test/unit/data/test_readline5.txt b/netwerk/test/unit/data/test_readline5.txt
new file mode 100644
index 0000000000..8463b7858e
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline5.txt
@@ -0,0 +1 @@
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE
\ No newline at end of file
diff --git a/netwerk/test/unit/data/test_readline6.txt b/netwerk/test/unit/data/test_readline6.txt
new file mode 100644
index 0000000000..872c40afc4
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline6.txt
@@ -0,0 +1 @@
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE
diff --git a/netwerk/test/unit/data/test_readline7.txt b/netwerk/test/unit/data/test_readline7.txt
new file mode 100644
index 0000000000..59ee122ce1
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline7.txt
@@ -0,0 +1,2 @@
+xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE
+
\ No newline at end of file
diff --git a/netwerk/test/unit/data/test_readline8.txt b/netwerk/test/unit/data/test_readline8.txt
new file mode 100644
index 0000000000..ff6fc09a4a
--- /dev/null
+++ b/netwerk/test/unit/data/test_readline8.txt
@@ -0,0 +1 @@
+zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzSxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE
\ No newline at end of file
diff --git a/netwerk/test/unit/head_cache.js b/netwerk/test/unit/head_cache.js
new file mode 100644
index 0000000000..7ec0e11f97
--- /dev/null
+++ b/netwerk/test/unit/head_cache.js
@@ -0,0 +1,137 @@
+"use strict";
+
+var { XPCOMUtils } = ChromeUtils.importESModule(
+  "resource://gre/modules/XPCOMUtils.sys.mjs"
+);
+
+function evict_cache_entries(where) {
+  var clearDisk = !where || where == "disk" || where == "all";
+  var clearMem = !where || where == "memory" || where == "all";
+
+  var storage;
+
+  if (clearMem) {
+    storage = Services.cache2.memoryCacheStorage(
+      Services.loadContextInfo.default
+    );
+    storage.asyncEvictStorage(null);
+  }
+
+  if (clearDisk) {
+    storage = Services.cache2.diskCacheStorage(
+      Services.loadContextInfo.default
+    );
+    storage.asyncEvictStorage(null);
+  }
+}
+
+function createURI(urispec) {
+  return Services.io.newURI(urispec);
+}
+
+function getCacheStorage(where, lci) {
+  if (!lci) {
+    lci = Services.loadContextInfo.default;
+  }
+  switch (where) {
+    case "disk":
+      return Services.cache2.diskCacheStorage(lci);
+    case "memory":
+      return Services.cache2.memoryCacheStorage(lci);
+    case "pin":
+      return Services.cache2.pinningCacheStorage(lci);
+  }
+  return null;
+}
+
+function asyncOpenCacheEntry(key, where, flags, lci, callback) {
+  key = createURI(key);
+
+  function CacheListener() {}
+  CacheListener.prototype = {
+    QueryInterface: ChromeUtils.generateQI(["nsICacheEntryOpenCallback"]),
+
+    onCacheEntryCheck(entry) {
+      if (typeof callback === "object") {
+        return callback.onCacheEntryCheck(entry);
+      }
+      return Ci.nsICacheEntryOpenCallback.ENTRY_WANTED;
+    },
+
+    onCacheEntryAvailable(entry, isnew, status) {
+      if (typeof callback === "object") {
+        // Root us at the callback
+        callback.__cache_listener_root = this;
+        callback.onCacheEntryAvailable(entry, isnew, status);
+      } else {
+        callback(status, entry);
+      }
+    },
+
+    run() {
+      var storage = getCacheStorage(where, lci);
+      storage.asyncOpenURI(key, "", flags, this);
+    },
+  };
+
+  new CacheListener().run();
+}
+
+function syncWithCacheIOThread(callback, force) {
+  if (force) {
+    asyncOpenCacheEntry(
+      "http://nonexistententry/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_READONLY,
+      null,
+      function (status, entry) {
+        Assert.equal(status, Cr.NS_ERROR_CACHE_KEY_NOT_FOUND);
+        callback();
+      }
+    );
+  } else {
+    callback();
+  }
+}
+
+function get_device_entry_count(where, lci, continuation) {
+  var storage = getCacheStorage(where, lci);
+  if (!storage) {
+    continuation(-1, 0);
+    return;
+  }
+
+  var visitor = {
+    onCacheStorageInfo(entryCount, consumption) {
+      executeSoon(function () {
+        continuation(entryCount, consumption);
+      });
+    },
+  };
+
+  // get the device entry count
+  storage.asyncVisitStorage(visitor, false);
+}
+
+function asyncCheckCacheEntryPresence(key, where, shouldExist, continuation) {
+  asyncOpenCacheEntry(
+    key,
+    where,
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    function (status, entry) {
+      if (shouldExist) {
+        dump("TEST-INFO | checking cache key " + key + " exists @ " + where);
+        Assert.equal(status, Cr.NS_OK);
+        Assert.ok(!!entry);
+      } else {
+        dump(
+          "TEST-INFO | checking cache key " + key + " doesn't exist @ " + where
+        );
+        Assert.equal(status, Cr.NS_ERROR_CACHE_KEY_NOT_FOUND);
+        Assert.equal(null, entry);
+      }
+      continuation();
+    }
+  );
+}
diff --git a/netwerk/test/unit/head_cache2.js b/netwerk/test/unit/head_cache2.js
new file mode 100644
index 0000000000..f7c865872a
--- /dev/null
+++ b/netwerk/test/unit/head_cache2.js
@@ -0,0 +1,429 @@
+/* import-globals-from head_cache.js */
+/* import-globals-from head_channels.js */
+
+"use strict";
+
+var callbacks = [];
+
+// Expect an existing entry
+const NORMAL = 0;
+// Expect a new entry
+const NEW = 1 << 0;
+// Return early from onCacheEntryCheck and set the callback to state it expects onCacheEntryCheck to happen
+const NOTVALID = 1 << 1;
+// Throw from onCacheEntryAvailable
+const THROWAVAIL = 1 << 2;
+// Open entry for reading-only
+const READONLY = 1 << 3;
+// Expect the entry to not be found
+const NOTFOUND = 1 << 4;
+// Return ENTRY_NEEDS_REVALIDATION from onCacheEntryCheck
+const REVAL = 1 << 5;
+// Return ENTRY_PARTIAL from onCacheEntryCheck, in combo with NEW or RECREATE bypasses check for emptiness of the entry
+const PARTIAL = 1 << 6;
+// Expect the entry is doomed, i.e. the output stream should not be possible to open
+const DOOMED = 1 << 7;
+// Don't trigger the go-on callback until the entry is written
+const WAITFORWRITE = 1 << 8;
+// Don't write data (i.e. don't open output stream)
+const METAONLY = 1 << 9;
+// Do recreation of an existing cache entry
+const RECREATE = 1 << 10;
+// Do not give me the entry
+const NOTWANTED = 1 << 11;
+// Tell the cache to wait for the entry to be completely written first
+const COMPLETE = 1 << 12;
+// Don't write meta/data and don't set valid in the callback, consumer will do it manually
+const DONTFILL = 1 << 13;
+// Used in combination with METAONLY, don't call setValid() on the entry after metadata has been set
+const DONTSETVALID = 1 << 14;
+// Notify before checking the data, useful for proper callback ordering checks
+const NOTIFYBEFOREREAD = 1 << 15;
+// It's allowed to not get an existing entry (result of opening is undetermined)
+const MAYBE_NEW = 1 << 16;
+
+var log_c2 = true;
+function LOG_C2(o, m) {
+  if (!log_c2) {
+    return;
+  }
+  if (!m) {
+    dump("TEST-INFO | CACHE2: " + o + "\n");
+  } else {
+    dump(
+      "TEST-INFO | CACHE2: callback #" +
+        o.order +
+        "(" +
+        (o.workingData ? o.workingData.substr(0, 10) : "---") +
+        ") " +
+        m +
+        "\n"
+    );
+  }
+}
+
+function pumpReadStream(inputStream, goon) {
+  if (inputStream.isNonBlocking()) {
+    // non-blocking stream, must read via pump
+    var pump = Cc["@mozilla.org/network/input-stream-pump;1"].createInstance(
+      Ci.nsIInputStreamPump
+    );
+    pump.init(inputStream, 0, 0, true);
+    let data = "";
+    pump.asyncRead({
+      onStartRequest(aRequest) {},
+      onDataAvailable(aRequest, aInputStream, aOffset, aCount) {
+        var wrapper = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+          Ci.nsIScriptableInputStream
+        );
+        wrapper.init(aInputStream);
+        var str = wrapper.read(wrapper.available());
+        LOG_C2("reading data '" + str.substring(0, 5) + "'");
+        data += str;
+      },
+      onStopRequest(aRequest, aStatusCode) {
+        LOG_C2("done reading data: " + aStatusCode);
+        Assert.equal(aStatusCode, Cr.NS_OK);
+        goon(data);
+      },
+    });
+  } else {
+    // blocking stream
+    let data = read_stream(inputStream, inputStream.available());
+    goon(data);
+  }
+}
+
+OpenCallback.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsICacheEntryOpenCallback"]),
+  onCacheEntryCheck(entry) {
+    LOG_C2(this, "onCacheEntryCheck");
+    Assert.ok(!this.onCheckPassed);
+    this.onCheckPassed = true;
+
+    if (this.behavior & NOTVALID) {
+      LOG_C2(this, "onCacheEntryCheck DONE, return ENTRY_WANTED");
+      return Ci.nsICacheEntryOpenCallback.ENTRY_WANTED;
+    }
+
+    if (this.behavior & NOTWANTED) {
+      LOG_C2(this, "onCacheEntryCheck DONE, return ENTRY_NOT_WANTED");
+      return Ci.nsICacheEntryOpenCallback.ENTRY_NOT_WANTED;
+    }
+
+    Assert.equal(entry.getMetaDataElement("meto"), this.workingMetadata);
+
+    // check for sane flag combination
+    Assert.notEqual(this.behavior & (REVAL | PARTIAL), REVAL | PARTIAL);
+
+    if (this.behavior & (REVAL | PARTIAL)) {
+      LOG_C2(this, "onCacheEntryCheck DONE, return ENTRY_NEEDS_REVALIDATION");
+      return Ci.nsICacheEntryOpenCallback.ENTRY_NEEDS_REVALIDATION;
+    }
+
+    if (this.behavior & COMPLETE) {
+      LOG_C2(
+        this,
+        "onCacheEntryCheck DONE, return RECHECK_AFTER_WRITE_FINISHED"
+      );
+      // Specific to the new backend because of concurrent read/write:
+      // when a consumer returns RECHECK_AFTER_WRITE_FINISHED from onCacheEntryCheck
+      // the cache calls this callback again after the entry write has finished.
+      // This gives the consumer a chance to recheck completeness of the entry
+      // again.
+      // Thus, we reset state as onCheck would have never been called.
+      this.onCheckPassed = false;
+      // Don't return RECHECK_AFTER_WRITE_FINISHED on second call of onCacheEntryCheck.
+      this.behavior &= ~COMPLETE;
+      return Ci.nsICacheEntryOpenCallback.RECHECK_AFTER_WRITE_FINISHED;
+    }
+
+    LOG_C2(this, "onCacheEntryCheck DONE, return ENTRY_WANTED");
+    return Ci.nsICacheEntryOpenCallback.ENTRY_WANTED;
+  },
+  onCacheEntryAvailable(entry, isnew, status) {
+    if (this.behavior & MAYBE_NEW && isnew) {
+      this.behavior |= NEW;
+    }
+
+    LOG_C2(this, "onCacheEntryAvailable, " + this.behavior);
+    Assert.ok(!this.onAvailPassed);
+    this.onAvailPassed = true;
+
+    Assert.equal(isnew, !!(this.behavior & NEW));
+
+    if (this.behavior & (NOTFOUND | NOTWANTED)) {
+      Assert.equal(status, Cr.NS_ERROR_CACHE_KEY_NOT_FOUND);
+      Assert.ok(!entry);
+      if (this.behavior & THROWAVAIL) {
+        this.throwAndNotify(entry);
+      }
+      this.goon(entry);
+    } else if (this.behavior & (NEW | RECREATE)) {
+      Assert.ok(!!entry);
+
+      if (this.behavior & RECREATE) {
+        entry = entry.recreate();
+        Assert.ok(!!entry);
+      }
+
+      if (this.behavior & THROWAVAIL) {
+        this.throwAndNotify(entry);
+      }
+
+      if (!(this.behavior & WAITFORWRITE)) {
+        this.goon(entry);
+      }
+
+      if (!(this.behavior & PARTIAL)) {
+        try {
+          entry.getMetaDataElement("meto");
+          Assert.ok(false);
+        } catch (ex) {}
+      }
+
+      if (this.behavior & DONTFILL) {
+        Assert.equal(false, this.behavior & WAITFORWRITE);
+        return;
+      }
+
+      let self = this;
+      executeSoon(function () {
+        // emulate network latency
+        entry.setMetaDataElement("meto", self.workingMetadata);
+        entry.metaDataReady();
+        if (self.behavior & METAONLY) {
+          // Since forcing GC/CC doesn't trigger OnWriterClosed, we have to set the entry valid manually :(
+          if (!(self.behavior & DONTSETVALID)) {
+            entry.setValid();
+          }
+
+          entry.close();
+          if (self.behavior & WAITFORWRITE) {
+            self.goon(entry);
+          }
+
+          return;
+        }
+        executeSoon(function () {
+          // emulate more network latency
+          if (self.behavior & DOOMED) {
+            LOG_C2(self, "checking doom state");
+            try {
+              let os = entry.openOutputStream(0, -1);
+              // Unfortunately, in the undetermined state we cannot even check whether the entry
+              // is actually doomed or not.
+              os.close();
+              Assert.ok(!!(self.behavior & MAYBE_NEW));
+            } catch (ex) {
+              Assert.ok(true);
+            }
+            if (self.behavior & WAITFORWRITE) {
+              self.goon(entry);
+            }
+            return;
+          }
+
+          var offset = self.behavior & PARTIAL ? entry.dataSize : 0;
+          LOG_C2(self, "openOutputStream @ " + offset);
+          let os = entry.openOutputStream(offset, -1);
+          LOG_C2(self, "writing data");
+          var wrt = os.write(self.workingData, self.workingData.length);
+          Assert.equal(wrt, self.workingData.length);
+          os.close();
+          if (self.behavior & WAITFORWRITE) {
+            self.goon(entry);
+          }
+
+          entry.close();
+        });
+      });
+    } else {
+      // NORMAL
+      Assert.ok(!!entry);
+      Assert.equal(entry.getMetaDataElement("meto"), this.workingMetadata);
+      if (this.behavior & THROWAVAIL) {
+        this.throwAndNotify(entry);
+      }
+      if (this.behavior & NOTIFYBEFOREREAD) {
+        this.goon(entry, true);
+      }
+
+      let self = this;
+      pumpReadStream(entry.openInputStream(0), function (data) {
+        Assert.equal(data, self.workingData);
+        self.onDataCheckPassed = true;
+        LOG_C2(self, "entry read done");
+        self.goon(entry);
+        entry.close();
+      });
+    }
+  },
+  selfCheck() {
+    LOG_C2(this, "selfCheck");
+
+    Assert.ok(this.onCheckPassed || this.behavior & MAYBE_NEW);
+    Assert.ok(this.onAvailPassed);
+    Assert.ok(this.onDataCheckPassed || this.behavior & MAYBE_NEW);
+  },
+  throwAndNotify(entry) {
+    LOG_C2(this, "Throwing");
+    var self = this;
+    executeSoon(function () {
+      LOG_C2(self, "Notifying");
+      self.goon(entry);
+    });
+    throw Components.Exception("", Cr.NS_ERROR_FAILURE);
+  },
+};
+
+function OpenCallback(behavior, workingMetadata, workingData, goon) {
+  this.behavior = behavior;
+  this.workingMetadata = workingMetadata;
+  this.workingData = workingData;
+  this.goon = goon;
+  this.onCheckPassed =
+    (!!(behavior & (NEW | RECREATE)) || !workingMetadata) &&
+    !(behavior & NOTVALID);
+  this.onAvailPassed = false;
+  this.onDataCheckPassed =
+    !!(behavior & (NEW | RECREATE | NOTWANTED)) || !workingMetadata;
+  callbacks.push(this);
+  this.order = callbacks.length;
+}
+
+VisitCallback.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
+  onCacheStorageInfo(num, consumption) {
+    LOG_C2(this, "onCacheStorageInfo: num=" + num + ", size=" + consumption);
+    Assert.equal(this.num, num);
+    Assert.equal(this.consumption, consumption);
+    if (!this.entries) {
+      this.notify();
+    }
+  },
+  onCacheEntryInfo(
+    aURI,
+    aIdEnhance,
+    aDataSize,
+    aAltDataSize,
+    aFetchCount,
+    aLastModifiedTime,
+    aExpirationTime,
+    aPinned,
+    aInfo
+  ) {
+    var key = (aIdEnhance ? aIdEnhance + ":" : "") + aURI.asciiSpec;
+    LOG_C2(this, "onCacheEntryInfo: key=" + key);
+
+    function findCacheIndex(element) {
+      if (typeof element === "string") {
+        return element === key;
+      } else if (typeof element === "object") {
+        return (
+          element.uri === key &&
+          element.lci.isAnonymous === aInfo.isAnonymous &&
+          ChromeUtils.isOriginAttributesEqual(
+            element.lci.originAttributes,
+            aInfo.originAttributes
+          )
+        );
+      }
+
+      return false;
+    }
+
+    Assert.ok(!!this.entries);
+
+    var index = this.entries.findIndex(findCacheIndex);
+    Assert.ok(index > -1);
+
+    this.entries.splice(index, 1);
+  },
+  onCacheEntryVisitCompleted() {
+    LOG_C2(this, "onCacheEntryVisitCompleted");
+    if (this.entries) {
+      Assert.equal(this.entries.length, 0);
+    }
+    this.notify();
+  },
+  notify() {
+    Assert.ok(!!this.goon);
+    var goon = this.goon;
+    this.goon = null;
+    executeSoon(goon);
+  },
+  selfCheck() {
+    Assert.ok(!this.entries || !this.entries.length);
+  },
+};
+
+function VisitCallback(num, consumption, entries, goon) {
+  this.num = num;
+  this.consumption = consumption;
+  this.entries = entries;
+  this.goon = goon;
+  callbacks.push(this);
+  this.order = callbacks.length;
+}
+
+EvictionCallback.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsICacheEntryDoomCallback"]),
+  onCacheEntryDoomed(result) {
+    Assert.equal(this.expectedSuccess, result == Cr.NS_OK);
+    this.goon();
+  },
+  selfCheck() {},
+};
+
+function EvictionCallback(success, goon) {
+  this.expectedSuccess = success;
+  this.goon = goon;
+  callbacks.push(this);
+  this.order = callbacks.length;
+}
+
+MultipleCallbacks.prototype = {
+  fired() {
+    if (--this.pending == 0) {
+      var self = this;
+      if (this.delayed) {
+        executeSoon(function () {
+          self.goon();
+        });
+      } else {
+        this.goon();
+      }
+    }
+  },
+  add() {
+    ++this.pending;
+  },
+};
+
+function MultipleCallbacks(number, goon, delayed) {
+  this.pending = number;
+  this.goon = goon;
+  this.delayed = delayed;
+}
+
+function wait_for_cache_index(continue_func) {
+  // This callback will not fire before the index is in the ready state.  nsICacheStorage.exists() will
+  // no longer throw after this point.
+  Services.cache2.asyncGetDiskConsumption({
+    onNetworkCacheDiskConsumption() {
+      continue_func();
+    },
+    // eslint-disable-next-line mozilla/use-chromeutils-generateqi
+    QueryInterface() {
+      return this;
+    },
+  });
+}
+
+function finish_cache2_test() {
+  callbacks.forEach(function (callback, index) {
+    callback.selfCheck();
+  });
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/head_channels.js b/netwerk/test/unit/head_channels.js
new file mode 100644
index 0000000000..140135339a
--- /dev/null
+++ b/netwerk/test/unit/head_channels.js
@@ -0,0 +1,527 @@
+/**
+ * Read count bytes from stream and return as a String object
+ */
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+
+function read_stream(stream, count) {
+  /* assume stream has non-ASCII data */
+  var wrapper = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+    Ci.nsIBinaryInputStream
+  );
+  wrapper.setInputStream(stream);
+  /* JS methods can be called with a maximum of 65535 arguments, and input
+     streams don't have to return all the data they make .available() when
+     asked to .read() that number of bytes. */
+  var data = [];
+  while (count > 0) {
+    var bytes = wrapper.readByteArray(Math.min(65535, count));
+    data.push(String.fromCharCode.apply(null, bytes));
+    count -= bytes.length;
+    if (!bytes.length) {
+      do_throw("Nothing read from input stream!");
+    }
+  }
+  return data.join("");
+}
+
+const CL_EXPECT_FAILURE = 0x1;
+const CL_EXPECT_GZIP = 0x2;
+const CL_EXPECT_3S_DELAY = 0x4;
+const CL_SUSPEND = 0x8;
+const CL_ALLOW_UNKNOWN_CL = 0x10;
+const CL_EXPECT_LATE_FAILURE = 0x20;
+const CL_FROM_CACHE = 0x40; // Response must be from the cache
+const CL_NOT_FROM_CACHE = 0x80; // Response must NOT be from the cache
+const CL_IGNORE_CL = 0x100; // don't bother to verify the content-length
+const CL_IGNORE_DELAYS = 0x200; // don't throw if channel returns after a long delay
+
+const SUSPEND_DELAY = 3000;
+
+/**
+ * A stream listener that calls a callback function with a specified
+ * context and the received data when the channel is loaded.
+ *
+ * Signature of the closure:
+ *   void closure(in nsIRequest request, in ACString data, in JSObject context);
+ *
+ * This listener makes sure that various parts of the channel API are
+ * implemented correctly and that the channel's status is a success code
+ * (you can pass CL_EXPECT_FAILURE or CL_EXPECT_LATE_FAILURE as flags
+ * to allow a failure code)
+ *
+ * Note that it also requires a valid content length on the channel and
+ * is thus not fully generic.
+ */
+function ChannelListener(closure, ctx, flags) {
+  this._closure = closure;
+  this._closurectx = ctx;
+  this._flags = flags;
+  this._isFromCache = false;
+  this._cacheEntryId = undefined;
+}
+ChannelListener.prototype = {
+  _closure: null,
+  _closurectx: null,
+  _buffer: "",
+  _got_onstartrequest: false,
+  _got_onstoprequest: false,
+  _contentLen: -1,
+  _lastEvent: 0,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    try {
+      if (this._got_onstartrequest) {
+        do_throw("Got second onStartRequest event!");
+      }
+      this._got_onstartrequest = true;
+      this._lastEvent = Date.now();
+
+      try {
+        this._isFromCache = request
+          .QueryInterface(Ci.nsICacheInfoChannel)
+          .isFromCache();
+      } catch (e) {}
+
+      var thrown = false;
+      try {
+        this._cacheEntryId = request
+          .QueryInterface(Ci.nsICacheInfoChannel)
+          .getCacheEntryId();
+      } catch (e) {
+        thrown = true;
+      }
+      if (this._isFromCache && thrown) {
+        do_throw("Should get a CacheEntryId");
+      } else if (!this._isFromCache && !thrown) {
+        do_throw("Shouldn't get a CacheEntryId");
+      }
+
+      request.QueryInterface(Ci.nsIChannel);
+      try {
+        this._contentLen = request.contentLength;
+      } catch (ex) {
+        if (!(this._flags & (CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL))) {
+          do_throw("Could not get contentLength");
+        }
+      }
+      if (!request.isPending()) {
+        do_throw("request reports itself as not pending from onStartRequest!");
+      }
+      if (
+        this._contentLen == -1 &&
+        !(this._flags & (CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL))
+      ) {
+        do_throw("Content length is unknown in onStartRequest!");
+      }
+
+      if (this._flags & CL_FROM_CACHE) {
+        request.QueryInterface(Ci.nsICachingChannel);
+        if (!request.isFromCache()) {
+          do_throw("Response is not from the cache (CL_FROM_CACHE)");
+        }
+      }
+      if (this._flags & CL_NOT_FROM_CACHE) {
+        request.QueryInterface(Ci.nsICachingChannel);
+        if (request.isFromCache()) {
+          do_throw("Response is from the cache (CL_NOT_FROM_CACHE)");
+        }
+      }
+
+      if (this._flags & CL_SUSPEND) {
+        request.suspend();
+        do_timeout(SUSPEND_DELAY, function () {
+          request.resume();
+        });
+      }
+    } catch (ex) {
+      do_throw("Error in onStartRequest: " + ex);
+    }
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    try {
+      let current = Date.now();
+
+      if (!this._got_onstartrequest) {
+        do_throw("onDataAvailable without onStartRequest event!");
+      }
+      if (this._got_onstoprequest) {
+        do_throw("onDataAvailable after onStopRequest event!");
+      }
+      if (!request.isPending()) {
+        do_throw("request reports itself as not pending from onDataAvailable!");
+      }
+      if (this._flags & CL_EXPECT_FAILURE) {
+        do_throw("Got data despite expecting a failure");
+      }
+
+      if (
+        !(this._flags & CL_IGNORE_DELAYS) &&
+        current - this._lastEvent >= SUSPEND_DELAY &&
+        !(this._flags & CL_EXPECT_3S_DELAY)
+      ) {
+        do_throw("Data received after significant unexpected delay");
+      } else if (
+        current - this._lastEvent < SUSPEND_DELAY &&
+        this._flags & CL_EXPECT_3S_DELAY
+      ) {
+        do_throw("Data received sooner than expected");
+      } else if (
+        current - this._lastEvent >= SUSPEND_DELAY &&
+        this._flags & CL_EXPECT_3S_DELAY
+      ) {
+        this._flags &= ~CL_EXPECT_3S_DELAY;
+      } // No more delays expected
+
+      this._buffer = this._buffer.concat(read_stream(stream, count));
+      this._lastEvent = current;
+    } catch (ex) {
+      do_throw("Error in onDataAvailable: " + ex);
+    }
+  },
+
+  onStopRequest(request, status) {
+    try {
+      var success = Components.isSuccessCode(status);
+      if (!this._got_onstartrequest) {
+        do_throw("onStopRequest without onStartRequest event!");
+      }
+      if (this._got_onstoprequest) {
+        do_throw("Got second onStopRequest event!");
+      }
+      this._got_onstoprequest = true;
+      if (
+        this._flags & (CL_EXPECT_FAILURE | CL_EXPECT_LATE_FAILURE) &&
+        success
+      ) {
+        do_throw(
+          "Should have failed to load URL (status is " +
+            status.toString(16) +
+            ")"
+        );
+      } else if (
+        !(this._flags & (CL_EXPECT_FAILURE | CL_EXPECT_LATE_FAILURE)) &&
+        !success
+      ) {
+        do_throw("Failed to load URL: " + status.toString(16));
+      }
+      if (status != request.status) {
+        do_throw("request.status does not match status arg to onStopRequest!");
+      }
+      if (request.isPending()) {
+        do_throw("request reports itself as pending from onStopRequest!");
+      }
+      if (
+        !(
+          this._flags &
+          (CL_EXPECT_FAILURE | CL_EXPECT_LATE_FAILURE | CL_IGNORE_CL)
+        ) &&
+        !(this._flags & CL_EXPECT_GZIP) &&
+        this._contentLen != -1
+      ) {
+        Assert.equal(this._buffer.length, this._contentLen);
+      }
+    } catch (ex) {
+      do_throw("Error in onStopRequest: " + ex);
+    }
+    try {
+      this._closure(
+        request,
+        this._buffer,
+        this._closurectx,
+        this._isFromCache,
+        this._cacheEntryId
+      );
+      this._closurectx = null;
+    } catch (ex) {
+      do_throw("Error in closure function: " + ex);
+    }
+  },
+};
+
+var ES_ABORT_REDIRECT = 0x01;
+
+function ChannelEventSink(flags) {
+  this._flags = flags;
+}
+
+ChannelEventSink.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInterfaceRequestor"]),
+
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIChannelEventSink)) {
+      return this;
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  asyncOnChannelRedirect(oldChannel, newChannel, flags, callback) {
+    if (this._flags & ES_ABORT_REDIRECT) {
+      throw Components.Exception("", Cr.NS_BINDING_ABORTED);
+    }
+
+    callback.onRedirectVerifyCallback(Cr.NS_OK);
+  },
+};
+
+/**
+ * A helper class to construct origin attributes.
+ */
+function OriginAttributes(inIsolatedMozBrowser, privateId) {
+  this.inIsolatedMozBrowser = inIsolatedMozBrowser;
+  this.privateBrowsingId = privateId;
+}
+OriginAttributes.prototype = {
+  inIsolatedMozBrowser: false,
+  privateBrowsingId: 0,
+};
+
+function readFile(file) {
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fstream.init(file, -1, 0, 0);
+  let data = NetUtil.readInputStreamToString(fstream, fstream.available());
+  fstream.close();
+  return data;
+}
+
+function addCertFromFile(certdb, filename, trustString) {
+  let certFile = do_get_file(filename, false);
+  let pem = readFile(certFile)
+    .replace(/-----BEGIN CERTIFICATE-----/, "")
+    .replace(/-----END CERTIFICATE-----/, "")
+    .replace(/[\r\n]/g, "");
+  certdb.addCertFromBase64(pem, trustString);
+}
+
+// Helper code to test nsISerializable
+function serialize_to_escaped_string(obj) {
+  let objectOutStream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+    Ci.nsIObjectOutputStream
+  );
+  let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
+  pipe.init(false, false, 0, 0xffffffff, null);
+  objectOutStream.setOutputStream(pipe.outputStream);
+  objectOutStream.writeCompoundObject(obj, Ci.nsISupports, true);
+  objectOutStream.close();
+
+  let objectInStream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+    Ci.nsIObjectInputStream
+  );
+  objectInStream.setInputStream(pipe.inputStream);
+  let data = [];
+  // This reads all the data from the stream until an error occurs.
+  while (true) {
+    try {
+      let bytes = objectInStream.readByteArray(1);
+      data.push(String.fromCharCode.apply(null, bytes));
+    } catch (e) {
+      break;
+    }
+  }
+  return escape(data.join(""));
+}
+
+function deserialize_from_escaped_string(str) {
+  let payload = unescape(str);
+  let data = [];
+  let i = 0;
+  while (i < payload.length) {
+    data.push(payload.charCodeAt(i++));
+  }
+
+  let objectOutStream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+    Ci.nsIObjectOutputStream
+  );
+  let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
+  pipe.init(false, false, 0, 0xffffffff, null);
+  objectOutStream.setOutputStream(pipe.outputStream);
+  objectOutStream.writeByteArray(data);
+  objectOutStream.close();
+
+  let objectInStream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+    Ci.nsIObjectInputStream
+  );
+  objectInStream.setInputStream(pipe.inputStream);
+  return objectInStream.readObject(true);
+}
+
+async function asyncStartTLSTestServer(
+  serverBinName,
+  certsPath,
+  addDefaultRoot = true
+) {
+  const { HttpServer } = ChromeUtils.importESModule(
+    "resource://testing-common/httpd.sys.mjs"
+  );
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  // The trusted CA that is typically used for "good" certificates.
+  if (addDefaultRoot) {
+    addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u");
+  }
+
+  const CALLBACK_PORT = 8444;
+
+  let greBinDir = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  Services.env.set("DYLD_LIBRARY_PATH", greBinDir.path);
+  // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
+  // does not return this path on Android, so hard code it here.
+  Services.env.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
+  Services.env.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3");
+  Services.env.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT);
+
+  let httpServer = new HttpServer();
+  let serverReady = new Promise(resolve => {
+    httpServer.registerPathHandler(
+      "/",
+      function handleServerCallback(aRequest, aResponse) {
+        aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+        aResponse.setHeader("Content-Type", "text/plain");
+        let responseBody = "OK!";
+        aResponse.bodyOutputStream.write(responseBody, responseBody.length);
+        executeSoon(function () {
+          httpServer.stop(resolve);
+        });
+      }
+    );
+    httpServer.start(CALLBACK_PORT);
+  });
+
+  let serverBin = _getBinaryUtil(serverBinName);
+  let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
+  process.init(serverBin);
+  let certDir = do_get_file(certsPath, false);
+  Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
+  // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+  process.run(false, ["sql:" + certDir.path, Services.appinfo.processID], 2);
+
+  registerCleanupFunction(function () {
+    process.kill();
+  });
+
+  await serverReady;
+}
+
+function _getBinaryUtil(binaryUtilName) {
+  let utilBin = Services.dirsvc.get("GreD", Ci.nsIFile);
+  // On macOS, GreD is .../Contents/Resources, and most binary utilities
+  // are located there, but certutil is in GreBinD (or .../Contents/MacOS),
+  // so we have to change the path accordingly.
+  if (binaryUtilName === "certutil") {
+    utilBin = Services.dirsvc.get("GreBinD", Ci.nsIFile);
+  }
+  utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  // If we're testing locally, the above works. If not, the server executable
+  // is in another location.
+  if (!utilBin.exists()) {
+    utilBin = Services.dirsvc.get("CurWorkD", Ci.nsIFile);
+    while (utilBin.path.includes("xpcshell")) {
+      utilBin = utilBin.parent;
+    }
+    utilBin.append("bin");
+    utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  }
+  // But maybe we're on Android, where binaries are in /data/local/xpcb.
+  if (!utilBin.exists()) {
+    utilBin.initWithPath("/data/local/xpcb/");
+    utilBin.append(binaryUtilName);
+  }
+  Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`);
+  return utilBin;
+}
+
+function promiseAsyncOpen(chan) {
+  return new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((req, buf, ctx, isCache, cacheId) => {
+        resolve({ req, buf, ctx, isCache, cacheId });
+      })
+    );
+  });
+}
+
+function hexStringToBytes(hex) {
+  let bytes = [];
+  for (let hexByteStr of hex.split(/(..)/)) {
+    if (hexByteStr.length) {
+      bytes.push(parseInt(hexByteStr, 16));
+    }
+  }
+  return bytes;
+}
+
+function stringToBytes(str) {
+  return Array.from(str, chr => chr.charCodeAt(0));
+}
+
+function BinaryHttpResponse(status, headerNames, headerValues, content) {
+  this.status = status;
+  this.headerNames = headerNames;
+  this.headerValues = headerValues;
+  this.content = content;
+}
+
+BinaryHttpResponse.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIBinaryHttpResponse"]),
+};
+
+function bytesToString(bytes) {
+  return String.fromCharCode.apply(null, bytes);
+}
+
+function check_http_info(request, expected_httpVersion, expected_proxy) {
+  let httpVersion = "";
+  try {
+    httpVersion = request.protocolVersion;
+  } catch (e) {}
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+
+  Assert.equal(expected_httpVersion, httpVersion);
+  if (expected_proxy) {
+    Assert.equal(httpProxyConnectResponseCode, 200);
+  } else {
+    Assert.equal(httpProxyConnectResponseCode, -1);
+  }
+}
+
+function makeHTTPChannel(url, with_proxy) {
+  function createPrincipal(uri) {
+    var ssm = Services.scriptSecurityManager;
+    try {
+      return ssm.createContentPrincipal(Services.io.newURI(uri), {});
+    } catch (e) {
+      return null;
+    }
+  }
+
+  if (with_proxy) {
+    return Services.io
+      .newChannelFromURIWithProxyFlags(
+        Services.io.newURI(url),
+        null,
+        Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL,
+        null,
+        createPrincipal(url),
+        createPrincipal(url),
+        Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+        Ci.nsIContentPolicy.TYPE_OTHER
+      )
+      .QueryInterface(Ci.nsIHttpChannel);
+  }
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
diff --git a/netwerk/test/unit/head_cookies.js b/netwerk/test/unit/head_cookies.js
new file mode 100644
index 0000000000..037068689f
--- /dev/null
+++ b/netwerk/test/unit/head_cookies.js
@@ -0,0 +1,1062 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+/* import-globals-from head_cache.js */
+
+"use strict";
+
+const { NetUtil } = ChromeUtils.importESModule(
+  "resource://gre/modules/NetUtil.sys.mjs"
+);
+const { CookieXPCShellUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/CookieXPCShellUtils.sys.mjs"
+);
+
+// Don't pick up default permissions from profile.
+Services.prefs.setCharPref("permissions.manager.defaultsUrl", "");
+
+CookieXPCShellUtils.init(this);
+
+function do_check_throws(f, result, stack) {
+  if (!stack) {
+    stack = Components.stack.caller;
+  }
+
+  try {
+    f();
+  } catch (exc) {
+    if (exc.result == result) {
+      return;
+    }
+    do_throw("expected result " + result + ", caught " + exc, stack);
+  }
+  do_throw("expected result " + result + ", none thrown", stack);
+}
+
+// Helper to step a generator function and catch a StopIteration exception.
+function do_run_generator(generator) {
+  try {
+    generator.next();
+  } catch (e) {
+    do_throw("caught exception " + e, Components.stack.caller);
+  }
+}
+
+// Helper to finish a generator function test.
+function do_finish_generator_test(generator) {
+  executeSoon(function () {
+    generator.return();
+    do_test_finished();
+  });
+}
+
+function _observer(generator, topic) {
+  Services.obs.addObserver(this, topic);
+
+  this.generator = generator;
+  this.topic = topic;
+}
+
+_observer.prototype = {
+  observe(subject, topic, data) {
+    Assert.equal(this.topic, topic);
+
+    Services.obs.removeObserver(this, this.topic);
+
+    // Continue executing the generator function.
+    if (this.generator) {
+      do_run_generator(this.generator);
+    }
+
+    this.generator = null;
+    this.topic = null;
+  },
+};
+
+// Close the cookie database. If a generator is supplied, it will be invoked
+// once the close is complete.
+function do_close_profile(generator) {
+  // Register an observer for db close.
+  new _observer(generator, "cookie-db-closed");
+
+  // Close the db.
+  let service = Services.cookies.QueryInterface(Ci.nsIObserver);
+  service.observe(null, "profile-before-change", null);
+}
+
+function _promise_observer(topic) {
+  Services.obs.addObserver(this, topic);
+
+  this.topic = topic;
+  return new Promise(resolve => (this.resolve = resolve));
+}
+
+_promise_observer.prototype = {
+  observe(subject, topic, data) {
+    Assert.equal(this.topic, topic);
+
+    Services.obs.removeObserver(this, this.topic);
+    if (this.resolve) {
+      this.resolve();
+    }
+
+    this.resolve = null;
+    this.topic = null;
+  },
+};
+
+// Close the cookie database. And resolve a promise.
+function promise_close_profile() {
+  // Register an observer for db close.
+  let promise = new _promise_observer("cookie-db-closed");
+
+  // Close the db.
+  let service = Services.cookies.QueryInterface(Ci.nsIObserver);
+  service.observe(null, "profile-before-change", null);
+
+  return promise;
+}
+
+// Load the cookie database.
+function promise_load_profile() {
+  // Register an observer for read completion.
+  let promise = new _promise_observer("cookie-db-read");
+
+  // Load the profile.
+  let service = Services.cookies.QueryInterface(Ci.nsIObserver);
+  service.observe(null, "profile-do-change", "");
+
+  return promise;
+}
+
+// Load the cookie database. If a generator is supplied, it will be invoked
+// once the load is complete.
+function do_load_profile(generator) {
+  // Register an observer for read completion.
+  new _observer(generator, "cookie-db-read");
+
+  // Load the profile.
+  let service = Services.cookies.QueryInterface(Ci.nsIObserver);
+  service.observe(null, "profile-do-change", "");
+}
+
+// Set a single session cookie using http and test the cookie count
+// against 'expected'
+function do_set_single_http_cookie(uri, channel, expected) {
+  Services.cookies.setCookieStringFromHttp(uri, "foo=bar", channel);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri.host), expected);
+}
+
+// Set two cookies; via document.channel and via http request.
+async function do_set_cookies(uri, channel, session, expected) {
+  let suffix = session ? "" : "; max-age=1000";
+
+  // via document.cookie
+  const thirdPartyUrl = "http://third.com/";
+  const contentPage = await CookieXPCShellUtils.loadContentPage(thirdPartyUrl);
+  await contentPage.spawn(
+    [
+      {
+        cookie: "can=has" + suffix,
+        url: uri.spec,
+      },
+    ],
+    async function (obj) {
+      await new this.content.Promise(resolve => {
+        let doc = this.content.document;
+        let ifr = doc.createElement("iframe");
+        ifr.src = obj.url;
+        doc.body.appendChild(ifr);
+        ifr.addEventListener("load", async () => {
+          await this.SpecialPowers.spawn(ifr, [obj.cookie], cookie => {
+            this.content.document.cookie = cookie;
+          });
+          resolve();
+        });
+      });
+    }
+  );
+  await contentPage.close();
+
+  Assert.equal(Services.cookies.countCookiesFromHost(uri.host), expected[0]);
+
+  // via http request
+  Services.cookies.setCookieStringFromHttp(uri, "hot=dog" + suffix, channel);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri.host), expected[1]);
+}
+
+function do_count_cookies() {
+  return Services.cookies.cookies.length;
+}
+
+// Helper object to store cookie data.
+function Cookie(
+  name,
+  value,
+  host,
+  path,
+  expiry,
+  lastAccessed,
+  creationTime,
+  isSession,
+  isSecure,
+  isHttpOnly,
+  inBrowserElement = false,
+  originAttributes = {},
+  sameSite = Ci.nsICookie.SAMESITE_NONE,
+  rawSameSite = Ci.nsICookie.SAMESITE_NONE,
+  schemeMap = Ci.nsICookie.SCHEME_UNSET,
+  isPartitioned = false
+) {
+  this.name = name;
+  this.value = value;
+  this.host = host;
+  this.path = path;
+  this.expiry = expiry;
+  this.lastAccessed = lastAccessed;
+  this.creationTime = creationTime;
+  this.isSession = isSession;
+  this.isSecure = isSecure;
+  this.isHttpOnly = isHttpOnly;
+  this.inBrowserElement = inBrowserElement;
+  this.originAttributes = originAttributes;
+  this.sameSite = sameSite;
+  this.rawSameSite = rawSameSite;
+  this.schemeMap = schemeMap;
+  this.isPartitioned = isPartitioned;
+
+  let strippedHost = host.charAt(0) == "." ? host.slice(1) : host;
+
+  try {
+    this.baseDomain = Services.eTLD.getBaseDomainFromHost(strippedHost);
+  } catch (e) {
+    if (
+      e.result == Cr.NS_ERROR_HOST_IS_IP_ADDRESS ||
+      e.result == Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
+    ) {
+      this.baseDomain = strippedHost;
+    }
+  }
+}
+
+// Object representing a database connection and associated statements. The
+// implementation varies depending on schema version.
+function CookieDatabaseConnection(file, schema) {
+  // Manually generate a cookies.sqlite file with appropriate rows, columns,
+  // and schema version. If it already exists, just set up our statements.
+  let exists = file.exists();
+
+  this.db = Services.storage.openDatabase(file);
+  this.schema = schema;
+  if (!exists) {
+    this.db.schemaVersion = schema;
+  }
+
+  switch (schema) {
+    case 1: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (       \
+             id INTEGER PRIMARY KEY,        \
+             name TEXT,                     \
+             value TEXT,                    \
+             host TEXT,                     \
+             path TEXT,                     \
+             expiry INTEGER,                \
+             isSecure INTEGER,              \
+             isHttpOnly INTEGER)"
+        );
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           id,                            \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           isSecure,                      \
+           isHttpOnly)                    \
+           VALUES (                       \
+           :id,                           \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :isSecure,                     \
+           :isHttpOnly)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies WHERE id = :id"
+      );
+
+      break;
+    }
+
+    case 2: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (       \
+             id INTEGER PRIMARY KEY,        \
+             name TEXT,                     \
+             value TEXT,                    \
+             host TEXT,                     \
+             path TEXT,                     \
+             expiry INTEGER,                \
+             lastAccessed INTEGER,          \
+             isSecure INTEGER,              \
+             isHttpOnly INTEGER)"
+        );
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT OR REPLACE INTO moz_cookies ( \
+           id,                            \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           isSecure,                      \
+           isHttpOnly)                    \
+           VALUES (                       \
+           :id,                           \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :isSecure,                     \
+           :isHttpOnly)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies WHERE id = :id"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed WHERE id = :id"
+      );
+
+      break;
+    }
+
+    case 3: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (       \
+            id INTEGER PRIMARY KEY,         \
+            baseDomain TEXT,                \
+            name TEXT,                      \
+            value TEXT,                     \
+            host TEXT,                      \
+            path TEXT,                      \
+            expiry INTEGER,                 \
+            lastAccessed INTEGER,           \
+            isSecure INTEGER,               \
+            isHttpOnly INTEGER)"
+        );
+
+        this.db.executeSimpleSQL(
+          "CREATE INDEX moz_basedomain ON moz_cookies (baseDomain)"
+        );
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           id,                            \
+           baseDomain,                    \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           isSecure,                      \
+           isHttpOnly)                    \
+           VALUES (                       \
+           :id,                           \
+           :baseDomain,                   \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :isSecure,                     \
+           :isHttpOnly)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies WHERE id = :id"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed WHERE id = :id"
+      );
+
+      break;
+    }
+
+    case 4: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (       \
+            id INTEGER PRIMARY KEY,         \
+            baseDomain TEXT,                \
+            name TEXT,                      \
+            value TEXT,                     \
+            host TEXT,                      \
+            path TEXT,                      \
+            expiry INTEGER,                 \
+            lastAccessed INTEGER,           \
+            creationTime INTEGER,           \
+            isSecure INTEGER,               \
+            isHttpOnly INTEGER              \
+            CONSTRAINT moz_uniqueid UNIQUE (name, host, path))"
+        );
+
+        this.db.executeSimpleSQL(
+          "CREATE INDEX moz_basedomain ON moz_cookies (baseDomain)"
+        );
+
+        this.db.executeSimpleSQL("PRAGMA journal_mode = WAL");
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           baseDomain,                    \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           creationTime,                  \
+           isSecure,                      \
+           isHttpOnly)                    \
+           VALUES (                       \
+           :baseDomain,                   \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :creationTime,                 \
+           :isSecure,                     \
+           :isHttpOnly)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies          \
+           WHERE name = :name AND host = :host AND path = :path"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed \
+           WHERE name = :name AND host = :host AND path = :path"
+      );
+
+      break;
+    }
+
+    case 10: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (                  \
+            id INTEGER PRIMARY KEY,                    \
+            baseDomain TEXT,                           \
+            originAttributes TEXT NOT NULL DEFAULT '', \
+            name TEXT,                                 \
+            value TEXT,                                \
+            host TEXT,                                 \
+            path TEXT,                                 \
+            expiry INTEGER,                            \
+            lastAccessed INTEGER,                      \
+            creationTime INTEGER,                      \
+            isSecure INTEGER,                          \
+            isHttpOnly INTEGER,                        \
+            inBrowserElement INTEGER DEFAULT 0,        \
+            sameSite INTEGER DEFAULT 0,                \
+            rawSameSite INTEGER DEFAULT 0,             \
+            CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))"
+        );
+
+        this.db.executeSimpleSQL(
+          "CREATE INDEX moz_basedomain ON moz_cookies (baseDomain)"
+        );
+
+        this.db.executeSimpleSQL("PRAGMA journal_mode = WAL");
+        this.db.executeSimpleSQL("PRAGMA wal_autocheckpoint = 16");
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           name,                          \
+           value,                         \
+           host,                          \
+           baseDomain,                    \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           creationTime,                  \
+           isSecure,                      \
+           isHttpOnly,                    \
+           inBrowserElement,              \
+           originAttributes,              \
+           sameSite,                      \
+           rawSameSite                    \
+         ) VALUES (                       \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :baseDomain,                   \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :creationTime,                 \
+           :isSecure,                     \
+           :isHttpOnly,                   \
+           :inBrowserElement,             \
+           :originAttributes,             \
+           :sameSite,                     \
+           :rawSameSite)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies          \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      break;
+    }
+
+    case 11: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (                  \
+            id INTEGER PRIMARY KEY,                    \
+            originAttributes TEXT NOT NULL DEFAULT '', \
+            name TEXT,                                 \
+            value TEXT,                                \
+            host TEXT,                                 \
+            path TEXT,                                 \
+            expiry INTEGER,                            \
+            lastAccessed INTEGER,                      \
+            creationTime INTEGER,                      \
+            isSecure INTEGER,                          \
+            isHttpOnly INTEGER,                        \
+            inBrowserElement INTEGER DEFAULT 0,        \
+            sameSite INTEGER DEFAULT 0,                \
+            rawSameSite INTEGER DEFAULT 0,             \
+            CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))"
+        );
+
+        this.db.executeSimpleSQL("PRAGMA journal_mode = WAL");
+        this.db.executeSimpleSQL("PRAGMA wal_autocheckpoint = 16");
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           creationTime,                  \
+           isSecure,                      \
+           isHttpOnly,                    \
+           inBrowserElement,              \
+           originAttributes,              \
+           sameSite,                      \
+           rawSameSite                    \
+         ) VALUES (                       \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :creationTime,                 \
+           :isSecure,                     \
+           :isHttpOnly,                   \
+           :inBrowserElement,             \
+           :originAttributes,             \
+           :sameSite,                     \
+           :rawSameSite)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies          \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      break;
+    }
+
+    case 12: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (                  \
+            id INTEGER PRIMARY KEY,                    \
+            originAttributes TEXT NOT NULL DEFAULT '', \
+            name TEXT,                                 \
+            value TEXT,                                \
+            host TEXT,                                 \
+            path TEXT,                                 \
+            expiry INTEGER,                            \
+            lastAccessed INTEGER,                      \
+            creationTime INTEGER,                      \
+            isSecure INTEGER,                          \
+            isHttpOnly INTEGER,                        \
+            inBrowserElement INTEGER DEFAULT 0,        \
+            sameSite INTEGER DEFAULT 0,                \
+            rawSameSite INTEGER DEFAULT 0,             \
+            schemeMap INTEGER DEFAULT 0,               \
+            CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))"
+        );
+
+        this.db.executeSimpleSQL("PRAGMA journal_mode = WAL");
+        this.db.executeSimpleSQL("PRAGMA wal_autocheckpoint = 16");
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           creationTime,                  \
+           isSecure,                      \
+           isHttpOnly,                    \
+           inBrowserElement,              \
+           originAttributes,              \
+           sameSite,                      \
+           rawSameSite,                   \
+           schemeMap                      \
+         ) VALUES (                       \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :creationTime,                 \
+           :isSecure,                     \
+           :isHttpOnly,                   \
+           :inBrowserElement,             \
+           :originAttributes,             \
+           :sameSite,                     \
+           :rawSameSite,                  \
+           :schemeMap)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies          \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      break;
+    }
+
+    case 13: {
+      if (!exists) {
+        this.db.executeSimpleSQL(
+          "CREATE TABLE moz_cookies (                     \
+            id INTEGER PRIMARY KEY,                       \
+            originAttributes TEXT NOT NULL DEFAULT '',    \
+            name TEXT,                                    \
+            value TEXT,                                   \
+            host TEXT,                                    \
+            path TEXT,                                    \
+            expiry INTEGER,                               \
+            lastAccessed INTEGER,                         \
+            creationTime INTEGER,                         \
+            isSecure INTEGER,                             \
+            isHttpOnly INTEGER,                           \
+            inBrowserElement INTEGER DEFAULT 0,           \
+            sameSite INTEGER DEFAULT 0,                   \
+            rawSameSite INTEGER DEFAULT 0,                \
+            schemeMap INTEGER DEFAULT 0,                  \
+            isPartitionedAttributeSet INTEGER DEFAULT 0,  \
+            CONSTRAINT moz_uniqueid UNIQUE (name, host, path, originAttributes))"
+        );
+
+        this.db.executeSimpleSQL("PRAGMA journal_mode = WAL");
+        this.db.executeSimpleSQL("PRAGMA wal_autocheckpoint = 16");
+      }
+
+      this.stmtInsert = this.db.createStatement(
+        "INSERT INTO moz_cookies (        \
+           name,                          \
+           value,                         \
+           host,                          \
+           path,                          \
+           expiry,                        \
+           lastAccessed,                  \
+           creationTime,                  \
+           isSecure,                      \
+           isHttpOnly,                    \
+           inBrowserElement,              \
+           originAttributes,              \
+           sameSite,                      \
+           rawSameSite,                   \
+           schemeMap,                     \
+           isPartitionedAttributeSet      \
+         ) VALUES (                       \
+           :name,                         \
+           :value,                        \
+           :host,                         \
+           :path,                         \
+           :expiry,                       \
+           :lastAccessed,                 \
+           :creationTime,                 \
+           :isSecure,                     \
+           :isHttpOnly,                   \
+           :inBrowserElement,             \
+           :originAttributes,             \
+           :sameSite,                     \
+           :rawSameSite,                  \
+           :schemeMap,                    \
+           :isPartitionedAttributeSet)"
+      );
+
+      this.stmtDelete = this.db.createStatement(
+        "DELETE FROM moz_cookies          \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      this.stmtUpdate = this.db.createStatement(
+        "UPDATE moz_cookies SET lastAccessed = :lastAccessed \
+           WHERE name = :name AND host = :host AND path = :path AND \
+                 originAttributes = :originAttributes"
+      );
+
+      break;
+    }
+
+    default:
+      do_throw("unrecognized schemaVersion!");
+  }
+}
+
+CookieDatabaseConnection.prototype = {
+  insertCookie(cookie) {
+    if (!(cookie instanceof Cookie)) {
+      do_throw("not a cookie");
+    }
+
+    switch (this.schema) {
+      case 1:
+        this.stmtInsert.bindByName("id", cookie.creationTime);
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        break;
+
+      case 2:
+        this.stmtInsert.bindByName("id", cookie.creationTime);
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        break;
+
+      case 3:
+        this.stmtInsert.bindByName("id", cookie.creationTime);
+        this.stmtInsert.bindByName("baseDomain", cookie.baseDomain);
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        break;
+
+      case 4:
+        this.stmtInsert.bindByName("baseDomain", cookie.baseDomain);
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("creationTime", cookie.creationTime);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        break;
+
+      case 10:
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("baseDomain", cookie.baseDomain);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("creationTime", cookie.creationTime);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        this.stmtInsert.bindByName("inBrowserElement", cookie.inBrowserElement);
+        this.stmtInsert.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtInsert.bindByName("sameSite", cookie.sameSite);
+        this.stmtInsert.bindByName("rawSameSite", cookie.rawSameSite);
+        break;
+
+      case 11:
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("creationTime", cookie.creationTime);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        this.stmtInsert.bindByName("inBrowserElement", cookie.inBrowserElement);
+        this.stmtInsert.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtInsert.bindByName("sameSite", cookie.sameSite);
+        this.stmtInsert.bindByName("rawSameSite", cookie.rawSameSite);
+        break;
+
+      case 12:
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("creationTime", cookie.creationTime);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        this.stmtInsert.bindByName("inBrowserElement", cookie.inBrowserElement);
+        this.stmtInsert.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtInsert.bindByName("sameSite", cookie.sameSite);
+        this.stmtInsert.bindByName("rawSameSite", cookie.rawSameSite);
+        this.stmtInsert.bindByName("schemeMap", cookie.schemeMap);
+        break;
+
+      case 13:
+        this.stmtInsert.bindByName("name", cookie.name);
+        this.stmtInsert.bindByName("value", cookie.value);
+        this.stmtInsert.bindByName("host", cookie.host);
+        this.stmtInsert.bindByName("path", cookie.path);
+        this.stmtInsert.bindByName("expiry", cookie.expiry);
+        this.stmtInsert.bindByName("lastAccessed", cookie.lastAccessed);
+        this.stmtInsert.bindByName("creationTime", cookie.creationTime);
+        this.stmtInsert.bindByName("isSecure", cookie.isSecure);
+        this.stmtInsert.bindByName("isHttpOnly", cookie.isHttpOnly);
+        this.stmtInsert.bindByName("inBrowserElement", cookie.inBrowserElement);
+        this.stmtInsert.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtInsert.bindByName("sameSite", cookie.sameSite);
+        this.stmtInsert.bindByName("rawSameSite", cookie.rawSameSite);
+        this.stmtInsert.bindByName("schemeMap", cookie.schemeMap);
+        this.stmtInsert.bindByName(
+          "isPartitionedAttributeSet",
+          cookie.isPartitioned
+        );
+        break;
+
+      default:
+        do_throw("unrecognized schemaVersion!");
+    }
+
+    do_execute_stmt(this.stmtInsert);
+  },
+
+  deleteCookie(cookie) {
+    if (!(cookie instanceof Cookie)) {
+      do_throw("not a cookie");
+    }
+
+    switch (this.db.schemaVersion) {
+      case 1:
+      case 2:
+      case 3:
+        this.stmtDelete.bindByName("id", cookie.creationTime);
+        break;
+
+      case 4:
+        this.stmtDelete.bindByName("name", cookie.name);
+        this.stmtDelete.bindByName("host", cookie.host);
+        this.stmtDelete.bindByName("path", cookie.path);
+        break;
+
+      case 10:
+      case 11:
+      case 12:
+      case 13:
+        this.stmtDelete.bindByName("name", cookie.name);
+        this.stmtDelete.bindByName("host", cookie.host);
+        this.stmtDelete.bindByName("path", cookie.path);
+        this.stmtDelete.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        break;
+
+      default:
+        do_throw("unrecognized schemaVersion!");
+    }
+
+    do_execute_stmt(this.stmtDelete);
+  },
+
+  updateCookie(cookie) {
+    if (!(cookie instanceof Cookie)) {
+      do_throw("not a cookie");
+    }
+
+    switch (this.db.schemaVersion) {
+      case 1:
+        do_throw("can't update a schema 1 cookie!");
+        break;
+      case 2:
+      case 3:
+        this.stmtUpdate.bindByName("id", cookie.creationTime);
+        this.stmtUpdate.bindByName("lastAccessed", cookie.lastAccessed);
+        break;
+
+      case 4:
+        this.stmtDelete.bindByName("name", cookie.name);
+        this.stmtDelete.bindByName("host", cookie.host);
+        this.stmtDelete.bindByName("path", cookie.path);
+        this.stmtUpdate.bindByName("name", cookie.name);
+        this.stmtUpdate.bindByName("host", cookie.host);
+        this.stmtUpdate.bindByName("path", cookie.path);
+        this.stmtUpdate.bindByName("lastAccessed", cookie.lastAccessed);
+        break;
+
+      case 10:
+      case 11:
+      case 12:
+      case 13:
+        this.stmtDelete.bindByName("name", cookie.name);
+        this.stmtDelete.bindByName("host", cookie.host);
+        this.stmtDelete.bindByName("path", cookie.path);
+        this.stmtDelete.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtUpdate.bindByName("name", cookie.name);
+        this.stmtUpdate.bindByName("host", cookie.host);
+        this.stmtUpdate.bindByName("path", cookie.path);
+        this.stmtUpdate.bindByName(
+          "originAttributes",
+          ChromeUtils.originAttributesToSuffix(cookie.originAttributes)
+        );
+        this.stmtUpdate.bindByName("lastAccessed", cookie.lastAccessed);
+        break;
+
+      default:
+        do_throw("unrecognized schemaVersion!");
+    }
+
+    do_execute_stmt(this.stmtUpdate);
+  },
+
+  close() {
+    this.stmtInsert.finalize();
+    this.stmtDelete.finalize();
+    if (this.stmtUpdate) {
+      this.stmtUpdate.finalize();
+    }
+    this.db.close();
+
+    this.stmtInsert = null;
+    this.stmtDelete = null;
+    this.stmtUpdate = null;
+    this.db = null;
+  },
+};
+
+function do_get_cookie_file(profile) {
+  let file = profile.clone();
+  file.append("cookies.sqlite");
+  return file;
+}
+
+// Count the cookies from 'host' in a database. If 'host' is null, count all
+// cookies.
+function do_count_cookies_in_db(connection, host) {
+  let select = null;
+  if (host) {
+    select = connection.createStatement(
+      "SELECT COUNT(1) FROM moz_cookies WHERE host = :host"
+    );
+    select.bindByName("host", host);
+  } else {
+    select = connection.createStatement("SELECT COUNT(1) FROM moz_cookies");
+  }
+
+  select.executeStep();
+  let result = select.getInt32(0);
+  select.reset();
+  select.finalize();
+  return result;
+}
+
+// Execute 'stmt', ensuring that we reset it if it throws.
+function do_execute_stmt(stmt) {
+  try {
+    stmt.executeStep();
+    stmt.reset();
+  } catch (e) {
+    stmt.reset();
+    throw e;
+  }
+}
diff --git a/netwerk/test/unit/head_http3.js b/netwerk/test/unit/head_http3.js
new file mode 100644
index 0000000000..56bc04db14
--- /dev/null
+++ b/netwerk/test/unit/head_http3.js
@@ -0,0 +1,105 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* import-globals-from head_channels.js */
+/* import-globals-from head_cookies.js */
+
+async function http3_setup_tests(http3version) {
+  let h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  let h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    `foo.example.com;${http3version}=:${h3Port}`
+  );
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  // `../unit/` so that unit_ipc tests can use as well
+  addCertFromFile(certdb, "../unit/http2-ca.pem", "CTu,u,u");
+
+  await setup_altsvc("https://foo.example.com/", h3Route, http3version);
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let CheckHttp3Listener = function () {};
+
+CheckHttp3Listener.prototype = {
+  expectedRoute: "",
+  http3version: "",
+
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+
+    if (routed == this.expectedRoute) {
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, this.http3version);
+      this.finish(true);
+    } else {
+      dump("try again to get alt svc mapping\n");
+      this.finish(false);
+    }
+  },
+};
+
+async function setup_altsvc(uri, expectedRoute, http3version) {
+  let result = false;
+  do {
+    let chan = makeChan(uri);
+    let listener = new CheckHttp3Listener();
+    listener.expectedRoute = expectedRoute;
+    listener.http3version = http3version;
+    result = await altsvcSetupPromise(chan, listener);
+    dump("results=" + result);
+  } while (result === false);
+}
+
+function altsvcSetupPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function http3_clear_prefs() {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.dns.disableIPv6");
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+  Services.prefs.clearUserPref("network.http.http3.support_version1");
+  dump("cleanup done\n");
+}
diff --git a/netwerk/test/unit/head_servers.js b/netwerk/test/unit/head_servers.js
new file mode 100644
index 0000000000..d2d449b482
--- /dev/null
+++ b/netwerk/test/unit/head_servers.js
@@ -0,0 +1,925 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+
+const { NodeServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const { AppConstants } = ChromeUtils.importESModule(
+  "resource://gre/modules/AppConstants.sys.mjs"
+);
+
+/* globals require, __dirname, global, Buffer, process */
+
+class BaseNodeHTTPServerCode {
+  static globalHandler(req, resp) {
+    let path = new URL(req.url, "http://example.com").pathname;
+    let handler = global.path_handlers[path];
+    if (handler) {
+      return handler(req, resp);
+    }
+
+    // Didn't find a handler for this path.
+    let response = `
 404 Path not found: ${path}
`;
+    resp.setHeader("Content-Type", "text/html");
+    resp.setHeader("Content-Length", response.length);
+    resp.writeHead(404);
+    resp.end(response);
+    return undefined;
+  }
+}
+
+class ADB {
+  static async stopForwarding(port) {
+    return this.forwardPort(port, true);
+  }
+
+  static async forwardPort(port, remove = false) {
+    if (!process.env.MOZ_ANDROID_DATA_DIR) {
+      // Not android, or we don't know how to do the forwarding
+      return true;
+    }
+    // When creating a server on Android we must make sure that the port
+    // is forwarded from the host machine to the emulator.
+    let adb_path = "adb";
+    if (process.env.MOZ_FETCHES_DIR) {
+      adb_path = `${process.env.MOZ_FETCHES_DIR}/android-sdk-linux/platform-tools/adb`;
+    }
+
+    let command = `${adb_path} reverse tcp:${port} tcp:${port}`;
+    if (remove) {
+      command = `${adb_path} reverse --remove tcp:${port}`;
+      return true;
+    }
+
+    try {
+      await new Promise((resolve, reject) => {
+        const { exec } = require("child_process");
+        exec(command, (error, stdout, stderr) => {
+          if (error) {
+            console.log(`error: ${error.message}`);
+            reject(error);
+          } else if (stderr) {
+            console.log(`stderr: ${stderr}`);
+            reject(stderr);
+          } else {
+            // console.log(`stdout: ${stdout}`);
+            resolve();
+          }
+        });
+      });
+    } catch (error) {
+      console.log(`Command failed: ${error}`);
+      return false;
+    }
+
+    return true;
+  }
+
+  static async listenAndForwardPort(server, port) {
+    let retryCount = 0;
+    const maxRetries = 10;
+
+    while (retryCount < maxRetries) {
+      await server.listen(port);
+      let serverPort = server.address().port;
+      let res = await ADB.forwardPort(serverPort);
+
+      if (res) {
+        return serverPort;
+      }
+
+      retryCount++;
+      console.log(
+        `Port forwarding failed. Retrying (${retryCount}/${maxRetries})...`
+      );
+      server.close();
+      // eslint-disable-next-line no-undef
+      await new Promise(resolve => setTimeout(resolve, 500));
+    }
+
+    return -1;
+  }
+}
+
+class BaseNodeServer {
+  protocol() {
+    return this._protocol;
+  }
+  version() {
+    return this._version;
+  }
+  origin() {
+    return `${this.protocol()}://localhost:${this.port()}`;
+  }
+  port() {
+    return this._port;
+  }
+  domain() {
+    return `localhost`;
+  }
+
+  /// Stops the server
+  async stop() {
+    if (this.processId) {
+      await this.execute(`ADB.stopForwarding(${this.port()})`);
+      await NodeServer.kill(this.processId);
+      this.processId = undefined;
+    }
+  }
+
+  /// Executes a command in the context of the node server
+  async execute(command) {
+    return NodeServer.execute(this.processId, command);
+  }
+
+  /// @path : string - the path on the server that we're handling. ex: /path
+  /// @handler : function(req, resp, url) - function that processes request and
+  ///     emits a response.
+  async registerPathHandler(path, handler) {
+    return this.execute(
+      `global.path_handlers["${path}"] = ${handler.toString()}`
+    );
+  }
+}
+
+// HTTP
+
+class NodeHTTPServerCode extends BaseNodeHTTPServerCode {
+  static async startServer(port) {
+    const http = require("http");
+    global.server = http.createServer(BaseNodeHTTPServerCode.globalHandler);
+
+    let serverPort = await ADB.listenAndForwardPort(global.server, port);
+    return serverPort;
+  }
+}
+
+class NodeHTTPServer extends BaseNodeServer {
+  _protocol = "http";
+  _version = "http/1.1";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseNodeHTTPServerCode);
+    await this.execute(NodeHTTPServerCode);
+    await this.execute(ADB);
+    this._port = await this.execute(`NodeHTTPServerCode.startServer(${port})`);
+    await this.execute(`global.path_handlers = {};`);
+  }
+}
+
+// HTTPS
+
+class NodeHTTPSServerCode extends BaseNodeHTTPServerCode {
+  static async startServer(port) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+    };
+    const https = require("https");
+    global.server = https.createServer(
+      options,
+      BaseNodeHTTPServerCode.globalHandler
+    );
+
+    let serverPort = await ADB.listenAndForwardPort(global.server, port);
+    return serverPort;
+  }
+}
+
+class NodeHTTPSServer extends BaseNodeServer {
+  _protocol = "https";
+  _version = "http/1.1";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseNodeHTTPServerCode);
+    await this.execute(NodeHTTPSServerCode);
+    await this.execute(ADB);
+    this._port = await this.execute(`NodeHTTPSServerCode.startServer(${port})`);
+    await this.execute(`global.path_handlers = {};`);
+  }
+}
+
+// HTTP2
+
+class NodeHTTP2ServerCode extends BaseNodeHTTPServerCode {
+  static async startServer(port) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+    };
+    const http2 = require("http2");
+    global.server = http2.createSecureServer(
+      options,
+      BaseNodeHTTPServerCode.globalHandler
+    );
+
+    global.sessionCount = 0;
+    global.server.on("session", () => {
+      global.sessionCount++;
+    });
+
+    let serverPort = await ADB.listenAndForwardPort(global.server, port);
+    return serverPort;
+  }
+
+  static sessionCount() {
+    return global.sessionCount;
+  }
+}
+
+class NodeHTTP2Server extends BaseNodeServer {
+  _protocol = "https";
+  _version = "h2";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseNodeHTTPServerCode);
+    await this.execute(NodeHTTP2ServerCode);
+    await this.execute(ADB);
+    this._port = await this.execute(`NodeHTTP2ServerCode.startServer(${port})`);
+    await this.execute(`global.path_handlers = {};`);
+  }
+
+  async sessionCount() {
+    let count = this.execute(`NodeHTTP2ServerCode.sessionCount()`);
+    return count;
+  }
+}
+
+// Base HTTP proxy
+
+class BaseProxyCode {
+  static proxyHandler(req, res) {
+    if (req.url.startsWith("/")) {
+      res.writeHead(405);
+      res.end();
+      return;
+    }
+
+    let url = new URL(req.url);
+    const http = require("http");
+    let preq = http
+      .request(
+        {
+          method: req.method,
+          path: url.pathname,
+          port: url.port,
+          host: url.hostname,
+          protocol: url.protocol,
+        },
+        proxyresp => {
+          res.writeHead(
+            proxyresp.statusCode,
+            proxyresp.statusMessage,
+            proxyresp.headers
+          );
+          proxyresp.on("data", chunk => {
+            if (!res.writableEnded) {
+              res.write(chunk);
+            }
+          });
+          proxyresp.on("end", () => {
+            res.end();
+          });
+        }
+      )
+      .on("error", e => {
+        console.log(`sock err: ${e}`);
+      });
+    if (req.method != "POST") {
+      preq.end();
+    } else {
+      req.on("data", chunk => {
+        if (!preq.writableEnded) {
+          preq.write(chunk);
+        }
+      });
+      req.on("end", () => preq.end());
+    }
+  }
+
+  static onConnect(req, clientSocket, head) {
+    if (global.connect_handler) {
+      global.connect_handler(req, clientSocket, head);
+      return;
+    }
+    const net = require("net");
+    // Connect to an origin server
+    const { port, hostname } = new URL(`https://${req.url}`);
+    const serverSocket = net
+      .connect(port || 443, hostname, () => {
+        clientSocket.write(
+          "HTTP/1.1 200 Connection Established\r\n" +
+            "Proxy-agent: Node.js-Proxy\r\n" +
+            "\r\n"
+        );
+        serverSocket.write(head);
+        serverSocket.pipe(clientSocket);
+        clientSocket.pipe(serverSocket);
+      })
+      .on("error", e => {
+        // The socket will error out when we kill the connection
+        // just ignore it.
+      });
+    clientSocket.on("error", e => {
+      // Sometimes we got ECONNRESET error on windows platform.
+      // Ignore it for now.
+    });
+  }
+}
+
+class BaseHTTPProxy extends BaseNodeServer {
+  registerFilter() {
+    const pps =
+      Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+    this.filter = new NodeProxyFilter(
+      this.protocol(),
+      "localhost",
+      this.port(),
+      0
+    );
+    pps.registerFilter(this.filter, 10);
+    registerCleanupFunction(() => {
+      this.unregisterFilter();
+    });
+  }
+
+  unregisterFilter() {
+    const pps =
+      Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+    if (this.filter) {
+      pps.unregisterFilter(this.filter);
+      this.filter = undefined;
+    }
+  }
+
+  /// Stops the server
+  async stop() {
+    this.unregisterFilter();
+    await super.stop();
+  }
+
+  async registerConnectHandler(handler) {
+    return this.execute(`global.connect_handler = ${handler.toString()}`);
+  }
+}
+
+// HTTP1 Proxy
+
+class NodeProxyFilter {
+  constructor(type, host, port, flags) {
+    this._type = type;
+    this._host = host;
+    this._port = port;
+    this._flags = flags;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIProtocolProxyFilter"]);
+  }
+  applyFilter(uri, pi, cb) {
+    const pps =
+      Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+    cb.onProxyFilterResult(
+      pps.newProxyInfo(
+        this._type,
+        this._host,
+        this._port,
+        "",
+        "",
+        this._flags,
+        1000,
+        null
+      )
+    );
+  }
+}
+
+class HTTPProxyCode {
+  static async startServer(port) {
+    const http = require("http");
+    global.proxy = http.createServer(BaseProxyCode.proxyHandler);
+    global.proxy.on("connect", BaseProxyCode.onConnect);
+
+    let proxyPort = await ADB.listenAndForwardPort(global.proxy, port);
+    return proxyPort;
+  }
+}
+
+class NodeHTTPProxyServer extends BaseHTTPProxy {
+  _protocol = "http";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseProxyCode);
+    await this.execute(HTTPProxyCode);
+    await this.execute(ADB);
+    await this.execute(`global.connect_handler = null;`);
+    this._port = await this.execute(`HTTPProxyCode.startServer(${port})`);
+
+    this.registerFilter();
+  }
+}
+
+// HTTPS proxy
+
+class HTTPSProxyCode {
+  static async startServer(port) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/proxy-cert.key"),
+      cert: fs.readFileSync(__dirname + "/proxy-cert.pem"),
+    };
+    const https = require("https");
+    global.proxy = https.createServer(options, BaseProxyCode.proxyHandler);
+    global.proxy.on("connect", BaseProxyCode.onConnect);
+
+    let proxyPort = await ADB.listenAndForwardPort(global.proxy, port);
+    return proxyPort;
+  }
+}
+
+class NodeHTTPSProxyServer extends BaseHTTPProxy {
+  _protocol = "https";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseProxyCode);
+    await this.execute(HTTPSProxyCode);
+    await this.execute(ADB);
+    await this.execute(`global.connect_handler = null;`);
+    this._port = await this.execute(`HTTPSProxyCode.startServer(${port})`);
+
+    this.registerFilter();
+  }
+}
+
+// HTTP2 proxy
+
+class HTTP2ProxyCode {
+  static async startServer(port, auth) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/proxy-cert.key"),
+      cert: fs.readFileSync(__dirname + "/proxy-cert.pem"),
+    };
+    const http2 = require("http2");
+    global.proxy = http2.createSecureServer(options);
+    global.socketCounts = {};
+    this.setupProxy(auth);
+
+    let proxyPort = await ADB.listenAndForwardPort(global.proxy, port);
+    return proxyPort;
+  }
+
+  static setupProxy(auth) {
+    if (!global.proxy) {
+      throw new Error("proxy is null");
+    }
+
+    global.proxy.on("stream", (stream, headers) => {
+      if (headers[":scheme"] === "http") {
+        const http = require("http");
+        let url = new URL(
+          `${headers[":scheme"]}://${headers[":authority"]}${headers[":path"]}`
+        );
+        let req = http
+          .request(
+            {
+              method: headers[":method"],
+              path: headers[":path"],
+              port: url.port,
+              host: url.hostname,
+              protocol: url.protocol,
+            },
+            proxyresp => {
+              let proxyheaders = Object.assign({}, proxyresp.headers);
+              // Filter out some prohibited headers.
+              ["connection", "transfer-encoding", "keep-alive"].forEach(
+                prop => {
+                  delete proxyheaders[prop];
+                }
+              );
+              try {
+                stream.respond(
+                  Object.assign(
+                    { ":status": proxyresp.statusCode },
+                    proxyheaders
+                  )
+                );
+              } catch (e) {
+                // The channel may have been closed already.
+                if (e.message != "The stream has been destroyed") {
+                  throw e;
+                }
+              }
+              proxyresp.on("data", chunk => {
+                if (stream.writable) {
+                  stream.write(chunk);
+                }
+              });
+              proxyresp.on("end", () => {
+                stream.end();
+              });
+            }
+          )
+          .on("error", e => {
+            console.log(`sock err: ${e}`);
+          });
+
+        if (headers[":method"] != "POST") {
+          req.end();
+        } else {
+          stream.on("data", chunk => {
+            if (!req.writableEnded) {
+              req.write(chunk);
+            }
+          });
+          stream.on("end", () => req.end());
+        }
+        return;
+      }
+      if (headers[":method"] !== "CONNECT") {
+        // Only accept CONNECT requests
+        stream.respond({ ":status": 405 });
+        stream.end();
+        return;
+      }
+
+      const authorization_token = headers["proxy-authorization"];
+      if (auth && !authorization_token) {
+        stream.respond({
+          ":status": 407,
+          "proxy-authenticate": "Basic realm='foo'",
+        });
+        stream.end();
+        return;
+      }
+
+      const target = headers[":authority"];
+      const { port } = new URL(`https://${target}`);
+      const net = require("net");
+      const socket = net.connect(port, "127.0.0.1", () => {
+        try {
+          global.socketCounts[socket.remotePort] =
+            (global.socketCounts[socket.remotePort] || 0) + 1;
+          stream.respond({ ":status": 200 });
+          socket.pipe(stream);
+          stream.pipe(socket);
+        } catch (exception) {
+          console.log(exception);
+          stream.close();
+        }
+      });
+      const http2 = require("http2");
+      socket.on("error", error => {
+        const status = error.errno == "ENOTFOUND" ? 404 : 502;
+        try {
+          // If we already sent headers when the socket connected
+          // then sending the status again would throw.
+          if (!stream.sentHeaders) {
+            stream.respond({ ":status": status });
+          }
+          stream.end();
+        } catch (exception) {
+          stream.close(http2.constants.NGHTTP2_CONNECT_ERROR);
+        }
+      });
+      stream.on("close", () => {
+        socket.end();
+      });
+      socket.on("close", () => {
+        stream.close();
+      });
+      stream.on("end", () => {
+        socket.end();
+      });
+      stream.on("aborted", () => {
+        socket.end();
+      });
+      stream.on("error", error => {
+        console.log("RESPONSE STREAM ERROR", error);
+      });
+    });
+  }
+
+  static socketCount(port) {
+    return global.socketCounts[port];
+  }
+}
+
+class NodeHTTP2ProxyServer extends BaseHTTPProxy {
+  _protocol = "https";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0, auth) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseProxyCode);
+    await this.execute(HTTP2ProxyCode);
+    await this.execute(ADB);
+    await this.execute(`global.connect_handler = null;`);
+    this._port = await this.execute(
+      `HTTP2ProxyCode.startServer(${port}, ${auth})`
+    );
+
+    this.registerFilter();
+  }
+
+  async socketCount(port) {
+    let count = this.execute(`HTTP2ProxyCode.socketCount(${port})`);
+    return count;
+  }
+}
+
+// websocket server
+
+class NodeWebSocketServerCode extends BaseNodeHTTPServerCode {
+  static messageHandler(data, ws) {
+    if (global.wsInputHandler) {
+      global.wsInputHandler(data, ws);
+      return;
+    }
+
+    ws.send("test");
+  }
+
+  static async startServer(port) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+    };
+    const https = require("https");
+    global.server = https.createServer(
+      options,
+      BaseNodeHTTPServerCode.globalHandler
+    );
+
+    let node_ws_root = `${__dirname}/../node-ws`;
+    const WebSocket = require(`${node_ws_root}/lib/websocket`);
+    WebSocket.Server = require(`${node_ws_root}/lib/websocket-server`);
+    global.webSocketServer = new WebSocket.Server({ server: global.server });
+    global.webSocketServer.on("connection", function connection(ws) {
+      ws.on("message", data =>
+        NodeWebSocketServerCode.messageHandler(data, ws)
+      );
+    });
+
+    let serverPort = await ADB.listenAndForwardPort(global.server, port);
+    return serverPort;
+  }
+}
+
+class NodeWebSocketServer extends BaseNodeServer {
+  _protocol = "wss";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseNodeHTTPServerCode);
+    await this.execute(NodeWebSocketServerCode);
+    await this.execute(ADB);
+    this._port = await this.execute(
+      `NodeWebSocketServerCode.startServer(${port})`
+    );
+    await this.execute(`global.path_handlers = {};`);
+    await this.execute(`global.wsInputHandler = null;`);
+  }
+
+  async registerMessageHandler(handler) {
+    return this.execute(`global.wsInputHandler = ${handler.toString()}`);
+  }
+}
+
+// websocket http2 server
+// This code is inspired by
+// https://github.com/szmarczak/http2-wrapper/blob/master/examples/ws/server.js
+class NodeWebSocketHttp2ServerCode extends BaseNodeHTTPServerCode {
+  static async startServer(port) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+      settings: {
+        enableConnectProtocol: true,
+      },
+    };
+    const http2 = require("http2");
+    global.h2Server = http2.createSecureServer(options);
+
+    let node_ws_root = `${__dirname}/../node-ws`;
+    const WebSocket = require(`${node_ws_root}/lib/websocket`);
+
+    global.h2Server.on("stream", (stream, headers) => {
+      if (headers[":method"] === "CONNECT") {
+        stream.respond();
+
+        const ws = new WebSocket(null);
+        stream.setNoDelay = () => {};
+        ws.setSocket(stream, Buffer.from(""), 100 * 1024 * 1024);
+
+        ws.on("message", data => {
+          if (global.wsInputHandler) {
+            global.wsInputHandler(data, ws);
+            return;
+          }
+
+          ws.send("test");
+        });
+      } else {
+        stream.respond();
+        stream.end("ok");
+      }
+    });
+
+    let serverPort = await ADB.listenAndForwardPort(global.h2Server, port);
+    return serverPort;
+  }
+}
+
+class NodeWebSocketHttp2Server extends BaseNodeServer {
+  _protocol = "h2ws";
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    this.processId = await NodeServer.fork();
+
+    await this.execute(BaseNodeHTTPServerCode);
+    await this.execute(NodeWebSocketHttp2ServerCode);
+    await this.execute(ADB);
+    this._port = await this.execute(
+      `NodeWebSocketHttp2ServerCode.startServer(${port})`
+    );
+    await this.execute(`global.path_handlers = {};`);
+    await this.execute(`global.wsInputHandler = null;`);
+  }
+
+  async registerMessageHandler(handler) {
+    return this.execute(`global.wsInputHandler = ${handler.toString()}`);
+  }
+}
+
+// Helper functions
+
+async function with_node_servers(arrayOfClasses, asyncClosure) {
+  for (let s of arrayOfClasses) {
+    let server = new s();
+    await server.start();
+    registerCleanupFunction(async () => {
+      await server.stop();
+    });
+    await asyncClosure(server);
+    await server.stop();
+  }
+}
+
+// nsITLSServerSocket needs a certificate with a corresponding private key
+// available. xpcshell tests can import the test file "client-cert.p12" using
+// the password "password", resulting in a certificate with the common name
+// "Test End-entity" being available with a corresponding private key.
+function getTestServerCertificate() {
+  const certDB = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  const certFile = do_get_file("client-cert.p12");
+  certDB.importPKCS12File(certFile, "password");
+  for (const cert of certDB.getCerts()) {
+    if (cert.commonName == "Test End-entity") {
+      return cert;
+    }
+  }
+  return null;
+}
+
+class WebSocketConnection {
+  constructor() {
+    this._openPromise = new Promise(resolve => {
+      this._openCallback = resolve;
+    });
+
+    this._stopPromise = new Promise(resolve => {
+      this._stopCallback = resolve;
+    });
+
+    this._msgPromise = new Promise(resolve => {
+      this._msgCallback = resolve;
+    });
+
+    this._proxyAvailablePromise = new Promise(resolve => {
+      this._proxyAvailCallback = resolve;
+    });
+
+    this._messages = [];
+    this._ws = null;
+  }
+
+  get QueryInterface() {
+    return ChromeUtils.generateQI([
+      "nsIWebSocketListener",
+      "nsIProtocolProxyCallback",
+    ]);
+  }
+
+  onAcknowledge(aContext, aSize) {}
+  onBinaryMessageAvailable(aContext, aMsg) {
+    this._messages.push(aMsg);
+    this._msgCallback();
+  }
+  onMessageAvailable(aContext, aMsg) {}
+  onServerClose(aContext, aCode, aReason) {}
+  onWebSocketListenerStart(aContext) {}
+  onStart(aContext) {
+    this._openCallback();
+  }
+  onStop(aContext, aStatusCode) {
+    this._stopCallback({ status: aStatusCode });
+    this._ws = null;
+  }
+  onProxyAvailable(req, chan, proxyInfo, status) {
+    if (proxyInfo) {
+      this._proxyAvailCallback({ type: proxyInfo.type });
+    } else {
+      this._proxyAvailCallback({});
+    }
+  }
+
+  static makeWebSocketChan() {
+    let chan = Cc["@mozilla.org/network/protocol;1?name=wss"].createInstance(
+      Ci.nsIWebSocketChannel
+    );
+    chan.initLoadInfo(
+      null, // aLoadingNode
+      Services.scriptSecurityManager.getSystemPrincipal(),
+      null, // aTriggeringPrincipal
+      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      Ci.nsIContentPolicy.TYPE_WEBSOCKET
+    );
+    return chan;
+  }
+  // Returns a promise that resolves when the websocket channel is opened.
+  open(url) {
+    this._ws = WebSocketConnection.makeWebSocketChan();
+    let uri = Services.io.newURI(url);
+    this._ws.asyncOpen(uri, url, {}, 0, this, null);
+    return this._openPromise;
+  }
+  // Closes the inner websocket. code and reason arguments are optional.
+  close(code, reason) {
+    this._ws.close(code || Ci.nsIWebSocketChannel.CLOSE_NORMAL, reason || "");
+  }
+  // Sends a message to the server.
+  send(msg) {
+    this._ws.sendMsg(msg);
+  }
+  // Returns a promise that resolves when the channel's onStop is called.
+  // Promise resolves with an `{status}` object, where status is the
+  // result passed to onStop.
+  finished() {
+    return this._stopPromise;
+  }
+  getProxyInfo() {
+    return this._proxyAvailablePromise;
+  }
+
+  // Returned promise resolves with an array of received messages
+  // If messages have been received in the the past before calling
+  // receiveMessages, the promise will immediately resolve. Otherwise
+  // it will resolve when the first message is received.
+  async receiveMessages() {
+    await this._msgPromise;
+    this._msgPromise = new Promise(resolve => {
+      this._msgCallback = resolve;
+    });
+    let messages = this._messages;
+    this._messages = [];
+    return messages;
+  }
+}
diff --git a/netwerk/test/unit/head_telemetry.js b/netwerk/test/unit/head_telemetry.js
new file mode 100644
index 0000000000..c3b1ec66aa
--- /dev/null
+++ b/netwerk/test/unit/head_telemetry.js
@@ -0,0 +1,171 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+"use strict";
+
+const { TelemetryTestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TelemetryTestUtils.sys.mjs"
+);
+
+var HandshakeTelemetryHelpers = {
+  HISTOGRAMS: ["SSL_HANDSHAKE_RESULT", "SSL_TIME_UNTIL_READY"],
+  FLAVORS: ["", "_FIRST_TRY", "_CONSERVATIVE", "_ECH", "_ECH_GREASE"],
+
+  /**
+   * Prints the Histogram to console.
+   *
+   * @param {*} name The identifier of the Histogram.
+   */
+  dumpHistogram(name) {
+    let values = Services.telemetry.getHistogramById(name).snapshot().values;
+    dump(`${name}: ${JSON.stringify(values)}\n`);
+  },
+
+  /**
+   * Counts the number of entries in the histogram, ignoring the bucket value.
+   * e.g. {0: 1, 1: 2, 3: 3} has 6 entries.
+   *
+   * @param {Object} histObject The histogram to count the entries of.
+   * @returns The count of the number of entries in the histogram.
+   */
+  countHistogramEntries(histObject) {
+    Assert.ok(
+      !mozinfo.socketprocess_networking,
+      "Histograms don't populate on network process"
+    );
+    let count = 0;
+    let m = histObject.snapshot().values;
+    for (let k in m) {
+      count += m[k];
+    }
+    return count;
+  },
+
+  /**
+   * Assert that the histogram index is the right value. It expects that
+   * other indexes are all zero.
+   *
+   * @param {Object} histogram The histogram to check.
+   * @param {Number} index The index to check against the expected value.
+   * @param {Number} expected The expected value of the index.
+   */
+  assertHistogramMap(histogram, expectedEntries) {
+    Assert.ok(
+      !mozinfo.socketprocess_networking,
+      "Histograms don't populate on network process"
+    );
+    let snapshot = JSON.parse(JSON.stringify(histogram));
+    for (let [Tk, Tv] of expectedEntries.entries()) {
+      let found = false;
+      for (let [i, val] of Object.entries(snapshot.values)) {
+        if (i == Tk) {
+          found = true;
+          Assert.equal(val, Tv, `expected counts should match at index ${i}`);
+          snapshot.values[i] = 0; // Reset the value
+        }
+      }
+      Assert.ok(found, `Should have found an entry at index ${Tk}`);
+    }
+    for (let k in snapshot.values) {
+      Assert.equal(
+        snapshot.values[k],
+        0,
+        `Should NOT have found an entry at index ${k} of value ${snapshot.values[k]}`
+      );
+    }
+  },
+
+  /**
+   * Generates the pairwise concatonation of histograms and flavors.
+   *
+   * @param {Array} histogramList A subset of HISTOGRAMS.
+   * @param {Array} flavorList  A subset of FLAVORS.
+   * @returns {Array} Valid TLS Histogram identifiers
+   */
+  getHistogramNames(histogramList, flavorList) {
+    let output = [];
+    for (let h of histogramList) {
+      Assert.ok(this.HISTOGRAMS.includes(h), "Histogram name valid");
+      for (let f of flavorList) {
+        Assert.ok(this.FLAVORS.includes(f), "Histogram flavor valid");
+        output.push(h.concat(f));
+      }
+    }
+    return output;
+  },
+
+  /**
+   * getHistogramNames but mapped to Histogram objects.
+   */
+  getHistograms(histogramList, flavorList) {
+    return this.getHistogramNames(histogramList, flavorList).map(x =>
+      Services.telemetry.getHistogramById(x)
+    );
+  },
+
+  /**
+   * Clears TLS Handshake Histograms.
+   */
+  resetHistograms() {
+    let allHistograms = this.getHistograms(this.HISTOGRAMS, this.FLAVORS);
+    for (let h of allHistograms) {
+      h.clear();
+    }
+  },
+
+  /**
+   * Checks that all TLS Handshake Histograms of a particular flavor have
+   * exactly resultCount entries for the resultCode and no other entries.
+   *
+   * @param {Array} flavors An array of strings corresponding to which types
+   *                        of histograms should have entries. See
+   *                        HandshakeTelemetryHelpers.FLAVORS.
+   * @param {number} resultCode The expected result code, see sslerr.h. 0 is success, all others are errors.
+   * @param {number} resultCount The number of handshake results expected.
+   */
+  checkEntry(flavors, resultCode, resultCount) {
+    Assert.ok(
+      !mozinfo.socketprocess_networking,
+      "Histograms don't populate on network process"
+    );
+    // SSL_HANDSHAKE_RESULT_{FLAVOR}
+    for (let h of this.getHistograms(["SSL_HANDSHAKE_RESULT"], flavors)) {
+      TelemetryTestUtils.assertHistogram(h, resultCode, resultCount);
+    }
+
+    // SSL_TIME_UNTIL_READY_{FLAVOR} should only contain values if we expected success.
+    if (resultCode === 0) {
+      for (let h of this.getHistograms(["SSL_TIME_UNTIL_READY"], flavors)) {
+        Assert.ok(
+          this.countHistogramEntries(h) === resultCount,
+          "Timing entry count correct"
+        );
+      }
+    } else {
+      for (let h of this.getHistograms(["SSL_TIME_UNTIL_READY"], flavors)) {
+        Assert.ok(
+          this.countHistogramEntries(h) === 0,
+          "No timing entries expected"
+        );
+      }
+    }
+  },
+
+  checkSuccess(flavors, resultCount = 1) {
+    this.checkEntry(flavors, 0, resultCount);
+  },
+
+  checkEmpty(flavors) {
+    for (let h of this.getHistogramNames(this.HISTOGRAMS, flavors)) {
+      let hObj = Services.telemetry.getHistogramById(h);
+      Assert.ok(
+        this.countHistogramEntries(hObj) === 0,
+        `No entries expected in ${h.name}. Contents: ${JSON.stringify(
+          hObj.snapshot()
+        )}`
+      );
+    }
+  },
+};
diff --git a/netwerk/test/unit/head_trr.js b/netwerk/test/unit/head_trr.js
new file mode 100644
index 0000000000..8262c735de
--- /dev/null
+++ b/netwerk/test/unit/head_trr.js
@@ -0,0 +1,550 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+/* globals require, __dirname, global, Buffer, process */
+
+/// Sets the TRR related prefs and adds the certificate we use for the HTTP2
+/// server.
+function trr_test_setup() {
+  dump("start!\n");
+
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", true);
+  // the TRR server is on 127.0.0.1
+  if (AppConstants.platform == "android") {
+    Services.prefs.setCharPref("network.trr.bootstrapAddr", "10.0.2.2");
+  } else {
+    Services.prefs.setCharPref("network.trr.bootstrapAddr", "127.0.0.1");
+  }
+
+  // make all native resolve calls "secretly" resolve localhost instead
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+
+  Services.prefs.setBoolPref("network.trr.wait-for-portal", false);
+  // don't confirm that TRR is working, just go!
+  Services.prefs.setCharPref("network.trr.confirmationNS", "skip");
+  // some tests rely on the cache not being cleared on pref change.
+  // we specifically test that this works
+  Services.prefs.setBoolPref("network.trr.clear-cache-on-pref-change", false);
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert.  // the foo.example.com domain name.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  // Turn off strict fallback mode and TRR retry for most tests,
+  // it is tested specifically.
+  Services.prefs.setBoolPref("network.trr.strict_native_fallback", false);
+  Services.prefs.setBoolPref("network.trr.retry_on_recoverable_errors", false);
+
+  // Turn off temp blocklist feature in tests. When enabled we may issue a
+  // lookup to resolve a parent name when blocklisting, which may bleed into
+  // and interfere with subsequent tasks.
+  Services.prefs.setBoolPref("network.trr.temp_blocklist", false);
+
+  // We intentionally don't set the TRR mode. Each test should set it
+  // after setup in the first test.
+
+  return h2Port;
+}
+
+/// Clears the prefs that we're likely to set while testing TRR code
+function trr_clear_prefs() {
+  Services.prefs.clearUserPref("network.trr.mode");
+  Services.prefs.clearUserPref("network.trr.uri");
+  Services.prefs.clearUserPref("network.trr.credentials");
+  Services.prefs.clearUserPref("network.trr.wait-for-portal");
+  Services.prefs.clearUserPref("network.trr.allow-rfc1918");
+  Services.prefs.clearUserPref("network.trr.useGET");
+  Services.prefs.clearUserPref("network.trr.confirmationNS");
+  Services.prefs.clearUserPref("network.trr.bootstrapAddr");
+  Services.prefs.clearUserPref("network.trr.temp_blocklist_duration_sec");
+  Services.prefs.clearUserPref("network.trr.request_timeout_ms");
+  Services.prefs.clearUserPref("network.trr.request_timeout_mode_trronly_ms");
+  Services.prefs.clearUserPref("network.trr.disable-ECS");
+  Services.prefs.clearUserPref("network.trr.early-AAAA");
+  Services.prefs.clearUserPref("network.trr.excluded-domains");
+  Services.prefs.clearUserPref("network.trr.builtin-excluded-domains");
+  Services.prefs.clearUserPref("network.trr.clear-cache-on-pref-change");
+  Services.prefs.clearUserPref("network.trr.fetch_off_main_thread");
+  Services.prefs.clearUserPref("captivedetect.canonicalURL");
+
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.dns.native-is-localhost");
+  Services.prefs.clearUserPref(
+    "network.trr.send_empty_accept-encoding_headers"
+  );
+  Services.prefs.clearUserPref("network.trr.strict_native_fallback");
+  Services.prefs.clearUserPref("network.trr.temp_blocklist");
+}
+
+/// This class sends a DNS query and can be awaited as a promise to get the
+/// response.
+class TRRDNSListener {
+  constructor(...args) {
+    if (args.length < 2) {
+      Assert.ok(false, "TRRDNSListener requires at least two arguments");
+    }
+    this.name = args[0];
+    if (typeof args[1] == "object") {
+      this.options = args[1];
+    } else {
+      this.options = {
+        expectedAnswer: args[1],
+        expectedSuccess: args[2] ?? true,
+        delay: args[3],
+        trrServer: args[4] ?? "",
+        expectEarlyFail: args[5] ?? "",
+        flags: args[6] ?? 0,
+        type: args[7] ?? Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+        port: args[8] ?? -1,
+      };
+    }
+    this.expectedAnswer = this.options.expectedAnswer ?? undefined;
+    this.expectedSuccess = this.options.expectedSuccess ?? true;
+    this.delay = this.options.delay;
+    this.promise = new Promise(resolve => {
+      this.resolve = resolve;
+    });
+    this.type = this.options.type ?? Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT;
+    let trrServer = this.options.trrServer || "";
+    let port = this.options.port || -1;
+
+    // This may be called in a child process that doesn't have Services available.
+    // eslint-disable-next-line mozilla/use-services
+    const threadManager = Cc["@mozilla.org/thread-manager;1"].getService(
+      Ci.nsIThreadManager
+    );
+    const currentThread = threadManager.currentThread;
+
+    this.additionalInfo =
+      trrServer == "" && port == -1
+        ? null
+        : Services.dns.newAdditionalInfo(trrServer, port);
+    try {
+      this.request = Services.dns.asyncResolve(
+        this.name,
+        this.type,
+        this.options.flags || 0,
+        this.additionalInfo,
+        this,
+        currentThread,
+        this.options.originAttributes || {} // defaultOriginAttributes
+      );
+      Assert.ok(!this.options.expectEarlyFail, "asyncResolve ok");
+    } catch (e) {
+      Assert.ok(this.options.expectEarlyFail, "asyncResolve fail");
+      this.resolve({ error: e });
+    }
+  }
+
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.ok(
+      inRequest == this.request,
+      "Checking that this is the correct callback"
+    );
+
+    // If we don't expect success here, just resolve and the caller will
+    // decide what to do with the results.
+    if (!this.expectedSuccess) {
+      this.resolve({ inRequest, inRecord, inStatus });
+      return;
+    }
+
+    Assert.equal(inStatus, Cr.NS_OK, "Checking status");
+
+    if (this.type != Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT) {
+      this.resolve({ inRequest, inRecord, inStatus });
+      return;
+    }
+
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    let answer = inRecord.getNextAddrAsString();
+    Assert.equal(
+      answer,
+      this.expectedAnswer,
+      `Checking result for ${this.name}`
+    );
+    inRecord.rewind(); // In case the caller also checks the addresses
+
+    if (this.delay !== undefined) {
+      Assert.greaterOrEqual(
+        inRecord.trrFetchDurationNetworkOnly,
+        this.delay,
+        `the response should take at least ${this.delay}`
+      );
+
+      Assert.greaterOrEqual(
+        inRecord.trrFetchDuration,
+        this.delay,
+        `the response should take at least ${this.delay}`
+      );
+
+      if (this.delay == 0) {
+        // The response timing should be really 0
+        Assert.equal(
+          inRecord.trrFetchDurationNetworkOnly,
+          0,
+          `the response time should be 0`
+        );
+
+        Assert.equal(
+          inRecord.trrFetchDuration,
+          this.delay,
+          `the response time should be 0`
+        );
+      }
+    }
+
+    this.resolve({ inRequest, inRecord, inStatus });
+  }
+
+  QueryInterface(aIID) {
+    if (aIID.equals(Ci.nsIDNSListener) || aIID.equals(Ci.nsISupports)) {
+      return this;
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  }
+
+  // Implement then so we can await this as a promise.
+  then() {
+    return this.promise.then.apply(this.promise, arguments);
+  }
+
+  cancel(aStatus = Cr.NS_ERROR_ABORT) {
+    Services.dns.cancelAsyncResolve(
+      this.name,
+      this.type,
+      this.options.flags || 0,
+      this.resolverInfo,
+      this,
+      aStatus,
+      {}
+    );
+  }
+}
+
+// This is for reteriiving the raw bytes from a DNS answer.
+function answerHandler(req, resp) {
+  let searchParams = new URL(req.url, "http://example.com").searchParams;
+  console.log("req.searchParams:" + searchParams);
+  if (!searchParams.get("host")) {
+    resp.writeHead(400);
+    resp.end("Missing search parameter");
+    return;
+  }
+
+  function processRequest(req1, resp1) {
+    let domain = searchParams.get("host");
+    let type = searchParams.get("type");
+    let response = global.dns_query_answers[`${domain}/${type}`] || {};
+    let buf = global.dnsPacket.encode({
+      type: "response",
+      id: 0,
+      flags: 0,
+      questions: [],
+      answers: response.answers || [],
+      additionals: response.additionals || [],
+    });
+    let writeResponse = (resp2, buf2, context) => {
+      try {
+        let data = buf2.toString("hex");
+        resp2.setHeader("Content-Length", data.length);
+        resp2.writeHead(200, { "Content-Type": "plain/text" });
+        resp2.write(data);
+        resp2.end("");
+      } catch (e) {}
+    };
+
+    writeResponse(resp1, buf, response);
+  }
+
+  processRequest(req, resp);
+}
+
+/// This is the default handler for /dns-query
+/// It implements basic functionality for parsing the DoH packet, then
+/// queries global.dns_query_answers for available answers for the DNS query.
+function trrQueryHandler(req, resp, url) {
+  let requestBody = Buffer.from("");
+  let method = req.headers[global.http2.constants.HTTP2_HEADER_METHOD];
+  let contentLength = req.headers["content-length"];
+
+  if (method == "POST") {
+    req.on("data", chunk => {
+      requestBody = Buffer.concat([requestBody, chunk]);
+      if (requestBody.length == contentLength) {
+        processRequest(req, resp, requestBody);
+      }
+    });
+  } else if (method == "GET") {
+    if (!url.query.dns) {
+      resp.writeHead(400);
+      resp.end("Missing dns parameter");
+      return;
+    }
+
+    requestBody = Buffer.from(url.query.dns, "base64");
+    processRequest(req, resp, requestBody);
+  } else {
+    // unexpected method.
+    resp.writeHead(405);
+    resp.end("Unexpected method");
+  }
+
+  function processRequest(req1, resp1, payload) {
+    let dnsQuery = global.dnsPacket.decode(payload);
+    let domain = dnsQuery.questions[0].name;
+    let type = dnsQuery.questions[0].type;
+    let response = global.dns_query_answers[`${domain}/${type}`] || {};
+
+    if (!global.dns_query_counts[domain]) {
+      global.dns_query_counts[domain] = {};
+    }
+    global.dns_query_counts[domain][type] =
+      global.dns_query_counts[domain][type] + 1 || 1;
+
+    let flags = global.dnsPacket.RECURSION_DESIRED;
+    if (!response.answers && !response.flags) {
+      flags |= 2; // SERVFAIL
+    }
+    flags |= response.flags || 0;
+    let buf = global.dnsPacket.encode({
+      type: "response",
+      id: dnsQuery.id,
+      flags,
+      questions: dnsQuery.questions,
+      answers: response.answers || [],
+      additionals: response.additionals || [],
+    });
+
+    let writeResponse = (resp2, buf2, context) => {
+      try {
+        if (context.error) {
+          // If the error is a valid HTTP response number just write it out.
+          if (context.error < 600) {
+            resp2.writeHead(context.error);
+            resp2.end("Intentional error");
+            return;
+          }
+
+          // Bigger error means force close the session
+          req1.stream.session.close();
+          return;
+        }
+        resp2.setHeader("Content-Length", buf2.length);
+        resp2.writeHead(200, { "Content-Type": "application/dns-message" });
+        resp2.write(buf2);
+        resp2.end("");
+      } catch (e) {}
+    };
+
+    if (response.delay) {
+      // This function is handled within the httpserver where setTimeout is
+      // available.
+      // eslint-disable-next-line no-undef
+      setTimeout(
+        arg => {
+          writeResponse(arg[0], arg[1], arg[2]);
+        },
+        response.delay,
+        [resp1, buf, response]
+      );
+      return;
+    }
+
+    writeResponse(resp1, buf, response);
+  }
+}
+
+function getRequestCount(domain, type) {
+  if (!global.dns_query_counts[domain]) {
+    return 0;
+  }
+  return global.dns_query_counts[domain][type] || 0;
+}
+
+// A convenient wrapper around NodeServer
+class TRRServer extends NodeHTTP2Server {
+  /// Starts the server
+  /// @port - default 0
+  ///    when provided, will attempt to listen on that port.
+  async start(port = 0) {
+    await super.start(port);
+    await this.execute(`( () => {
+      // key: string "name/type"
+      // value: array [answer1, answer2]
+      global.dns_query_answers = {};
+
+      // key: domain
+      // value: a map containing {key: type, value: number of requests}
+      global.dns_query_counts = {};
+
+      global.dnsPacket = require(\`\${__dirname}/../dns-packet\`);
+      global.ip = require(\`\${__dirname}/../node_ip\`);
+      global.http2 = require("http2");
+    })()`);
+    await this.registerPathHandler("/dns-query", trrQueryHandler);
+    await this.registerPathHandler("/dnsAnswer", answerHandler);
+    await this.execute(getRequestCount);
+  }
+
+  /// @name : string - name we're providing answers for. eg: foo.example.com
+  /// @type : string - the DNS query type. eg: "A", "AAAA", "CNAME", etc
+  /// @response : a map containing the response
+  ///   answers: array of answers (hashmap) that dnsPacket can parse
+  ///    eg: [{
+  ///          name: "bar.example.com",
+  ///          ttl: 55,
+  ///          type: "A",
+  ///          flush: false,
+  ///          data: "1.2.3.4",
+  ///        }]
+  ///   additionals - array of answers (hashmap) to be added to the additional section
+  ///   delay: int - if not 0 the response will be sent with after `delay` ms.
+  ///   flags: int - flags to be set on the answer
+  ///   error: int - HTTP status. If truthy then the response will send this status
+  async registerDoHAnswers(name, type, response = {}) {
+    let text = `global.dns_query_answers["${name}/${type}"] = ${JSON.stringify(
+      response
+    )}`;
+    return this.execute(text);
+  }
+
+  async requestCount(domain, type) {
+    return this.execute(`getRequestCount("${domain}", "${type}")`);
+  }
+}
+
+// Implements a basic HTTP2 proxy server
+class TRRProxyCode {
+  static async startServer(endServerPort) {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+    };
+
+    const http2 = require("http2");
+    global.proxy = http2.createSecureServer(options);
+    this.setupProxy();
+    global.endServerPort = endServerPort;
+
+    await global.proxy.listen(0);
+
+    let serverPort = global.proxy.address().port;
+    return serverPort;
+  }
+
+  static closeProxy() {
+    global.proxy.closeSockets();
+    return new Promise(resolve => {
+      global.proxy.close(resolve);
+    });
+  }
+
+  static proxyRequestCount() {
+    return global.proxy_stream_count;
+  }
+
+  static setupProxy() {
+    if (!global.proxy) {
+      throw new Error("proxy is null");
+    }
+
+    global.proxy_stream_count = 0;
+
+    // We need to track active connections so we can forcefully close keep-alive
+    // connections when shutting down the proxy.
+    global.proxy.socketIndex = 0;
+    global.proxy.socketMap = {};
+    global.proxy.on("connection", function (socket) {
+      let index = global.proxy.socketIndex++;
+      global.proxy.socketMap[index] = socket;
+      socket.on("close", function () {
+        delete global.proxy.socketMap[index];
+      });
+    });
+    global.proxy.closeSockets = function () {
+      for (let i in global.proxy.socketMap) {
+        global.proxy.socketMap[i].destroy();
+      }
+    };
+
+    global.proxy.on("stream", (stream, headers) => {
+      if (headers[":method"] !== "CONNECT") {
+        // Only accept CONNECT requests
+        stream.respond({ ":status": 405 });
+        stream.end();
+        return;
+      }
+      global.proxy_stream_count++;
+      const net = require("net");
+      const socket = net.connect(global.endServerPort, "127.0.0.1", () => {
+        try {
+          stream.respond({ ":status": 200 });
+          socket.pipe(stream);
+          stream.pipe(socket);
+        } catch (exception) {
+          console.log(exception);
+          stream.close();
+        }
+      });
+      socket.on("error", error => {
+        throw new Error(
+          `Unxpected error when conneting the HTTP/2 server from the HTTP/2 proxy during CONNECT handling: '${error}'`
+        );
+      });
+    });
+  }
+}
+
+class TRRProxy {
+  // Starts the proxy
+  async start(port) {
+    info("TRRProxy start!");
+    this.processId = await NodeServer.fork();
+    info("processid=" + this.processId);
+    await this.execute(TRRProxyCode);
+    this.port = await this.execute(`TRRProxyCode.startServer(${port})`);
+    Assert.notEqual(this.port, null);
+  }
+
+  // Executes a command in the context of the node server
+  async execute(command) {
+    return NodeServer.execute(this.processId, command);
+  }
+
+  // Stops the server
+  async stop() {
+    if (this.processId) {
+      await NodeServer.execute(this.processId, `TRRProxyCode.closeProxy()`);
+      await NodeServer.kill(this.processId);
+    }
+  }
+
+  async request_count() {
+    let data = await NodeServer.execute(
+      this.processId,
+      `TRRProxyCode.proxyRequestCount()`
+    );
+    return parseInt(data);
+  }
+}
diff --git a/netwerk/test/unit/head_websocket.js b/netwerk/test/unit/head_websocket.js
new file mode 100644
index 0000000000..84c5987f38
--- /dev/null
+++ b/netwerk/test/unit/head_websocket.js
@@ -0,0 +1,71 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+function WebSocketListener(closure, ws, sentMsg) {
+  this._closure = closure;
+  this._ws = ws;
+  this._sentMsg = sentMsg;
+}
+
+WebSocketListener.prototype = {
+  _closure: null,
+  _ws: null,
+  _sentMsg: null,
+  _received: null,
+  QueryInterface: ChromeUtils.generateQI(["nsIWebSocketListener"]),
+
+  onAcknowledge(aContext, aSize) {},
+  onBinaryMessageAvailable(aContext, aMsg) {
+    info("WsListener::onBinaryMessageAvailable");
+    this._received = aMsg;
+    this._ws.close(0, null);
+  },
+  onMessageAvailable(aContext, aMsg) {},
+  onServerClose(aContext, aCode, aReason) {},
+  onWebSocketListenerStart(aContext) {},
+  onStart(aContext) {
+    this._ws.sendMsg(this._sentMsg);
+  },
+  onStop(aContext, aStatusCode) {
+    try {
+      this._closure(aStatusCode, this._received);
+      this._ws = null;
+    } catch (ex) {
+      do_throw("Error in closure function: " + ex);
+    }
+  },
+};
+
+function makeWebSocketChan() {
+  let chan = Cc["@mozilla.org/network/protocol;1?name=wss"].createInstance(
+    Ci.nsIWebSocketChannel
+  );
+  chan.initLoadInfo(
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_WEBSOCKET
+  );
+  return chan;
+}
+
+function openWebSocketChannelPromise(chan, url, msg) {
+  let uri = Services.io.newURI(url);
+  return new Promise(resolve => {
+    function finish(status, result) {
+      resolve([status, result]);
+    }
+    chan.asyncOpen(
+      uri,
+      url,
+      {},
+      0,
+      new WebSocketListener(finish, chan, msg),
+      null
+    );
+  });
+}
diff --git a/netwerk/test/unit/head_webtransport.js b/netwerk/test/unit/head_webtransport.js
new file mode 100644
index 0000000000..99432e950d
--- /dev/null
+++ b/netwerk/test/unit/head_webtransport.js
@@ -0,0 +1,134 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cookies.js */
+
+let WebTransportListener = function () {};
+
+WebTransportListener.prototype = {
+  onSessionReady(sessionId) {
+    info("SessionId " + sessionId);
+    this.ready();
+  },
+  onSessionClosed(errorCode, reason) {
+    info("Error: " + errorCode + " reason: " + reason);
+    if (this.closed) {
+      this.closed();
+    }
+  },
+  onIncomingBidirectionalStreamAvailable(stream) {
+    info("got incoming bidirectional stream");
+    this.streamAvailable(stream);
+  },
+  onIncomingUnidirectionalStreamAvailable(stream) {
+    info("got incoming unidirectional stream");
+    this.streamAvailable(stream);
+  },
+  onDatagramReceived(data) {
+    info("got datagram");
+    if (this.onDatagram) {
+      this.onDatagram(data);
+    }
+  },
+  onMaxDatagramSize(size) {
+    info("max datagram size: " + size);
+    if (this.onMaxDatagramSize) {
+      this.onMaxDatagramSize(size);
+    }
+  },
+  onOutgoingDatagramOutCome(id, outcome) {
+    if (this.onDatagramOutcome) {
+      this.onDatagramOutcome({ id, outcome });
+    }
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["WebTransportSessionEventListener"]),
+};
+
+function WebTransportStreamCallback() {}
+
+WebTransportStreamCallback.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIWebTransportStreamCallback"]),
+
+  onBidirectionalStreamReady(aStream) {
+    Assert.ok(aStream != null);
+    this.finish(aStream);
+  },
+  onUnidirectionalStreamReady(aStream) {
+    Assert.ok(aStream != null);
+    this.finish(aStream);
+  },
+  onError(aError) {
+    this.finish(aError);
+  },
+};
+
+function StreamStatsCallback() {}
+
+StreamStatsCallback.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIWebTransportStreamStatsCallback",
+  ]),
+
+  onSendStatsAvailable(aStats) {
+    Assert.ok(aStats != null);
+    this.finish(aStats);
+  },
+  onReceiveStatsAvailable(aStats) {
+    Assert.ok(aStats != null);
+    this.finish(aStats);
+  },
+};
+
+function inputStreamReader() {}
+
+inputStreamReader.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInputStreamCallback"]),
+
+  onInputStreamReady(input) {
+    let data = NetUtil.readInputStreamToString(input, input.available());
+    this.finish(data);
+  },
+};
+
+function streamCreatePromise(transport, bidi) {
+  return new Promise(resolve => {
+    let listener = new WebTransportStreamCallback().QueryInterface(
+      Ci.nsIWebTransportStreamCallback
+    );
+    listener.finish = resolve;
+
+    if (bidi) {
+      transport.createOutgoingBidirectionalStream(listener);
+    } else {
+      transport.createOutgoingUnidirectionalStream(listener);
+    }
+  });
+}
+
+function sendStreamStatsPromise(stream) {
+  return new Promise(resolve => {
+    let listener = new StreamStatsCallback().QueryInterface(
+      Ci.nsIWebTransportStreamStatsCallback
+    );
+    listener.finish = resolve;
+
+    stream.QueryInterface(Ci.nsIWebTransportSendStream);
+    stream.getSendStreamStats(listener);
+  });
+}
+
+function receiveStreamStatsPromise(stream) {
+  return new Promise(resolve => {
+    let listener = new StreamStatsCallback().QueryInterface(
+      Ci.nsIWebTransportStreamStatsCallback
+    );
+    listener.finish = resolve;
+
+    stream.QueryInterface(Ci.nsIWebTransportReceiveStream);
+    stream.getReceiveStreamStats(listener);
+  });
+}
diff --git a/netwerk/test/unit/http2-ca.pem b/netwerk/test/unit/http2-ca.pem
new file mode 100644
index 0000000000..ef5a801720
--- /dev/null
+++ b/netwerk/test/unit/http2-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAgIURZvN7yVqFNwThGHASoy1OlOGvOMwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOIEhUVFAyIFRlc3QgQ0EwIhgPMjAxNzAxMDEwMDAwMDBa
+GA8yMDI3MDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOIEhUVFAyIFRlc3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADyDiQnKjsvR
+NrOk0aqgJ8XgK/IgJXFLbAVivjBLwnJGEkwxrFtC14mpTrPuXw9AybhroMjinq4Y
+cNYTFuTE34k0fZEU8d60J/Tpfd1i0EB8+oUPuqOn+N29/LeHPAnkDJdOZye3w0U+
+StAI79WqUYQaKIG7qLnt60dQwBte12uvbuPaB3mREIfDXOKcjLBdZHL1waWjtzUX
+z2E91VIdpvJGfEfXC3fIe1uO9Jh/E9NVWci84+njkNsl+OyBfOJ8T+pV3SHfWedp
+Zbjwh6UTukIuc3mW0rS/qZOa2w3HQaO53BMbluo0w1+cscOepsATld2HHvSiHB+0
+K8SWFRHdBOU=
+-----END CERTIFICATE-----
diff --git a/netwerk/test/unit/http2-ca.pem.certspec b/netwerk/test/unit/http2-ca.pem.certspec
new file mode 100644
index 0000000000..46f62e3fbc
--- /dev/null
+++ b/netwerk/test/unit/http2-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer: HTTP2 Test CA
+subject: HTTP2 Test CA
+validity:20170101-20270101
+extension:basicConstraints:cA,
diff --git a/netwerk/test/unit/http2_test_common.js b/netwerk/test/unit/http2_test_common.js
new file mode 100644
index 0000000000..341aa191da
--- /dev/null
+++ b/netwerk/test/unit/http2_test_common.js
@@ -0,0 +1,1504 @@
+// test HTTP/2
+
+"use strict";
+
+/* import-globals-from head_channels.js */
+
+// Generate a small and a large post with known pre-calculated md5 sums
+function generateContent(size) {
+  var content = "";
+  for (var i = 0; i < size; i++) {
+    content += "0";
+  }
+  return content;
+}
+
+var posts = [];
+posts.push(generateContent(10));
+posts.push(generateContent(250000));
+posts.push(generateContent(128000));
+
+// pre-calculated md5sums (in hex) of the above posts
+var md5s = [
+  "f1b708bba17f1ce948dc979f4d7092bc",
+  "2ef8d3b6c8f329318eb1a119b12622b6",
+];
+
+var bigListenerData = generateContent(128 * 1024);
+var bigListenerMD5 = "8f607cfdd2c87d6a7eedb657dafbd836";
+
+function checkIsHttp2(request) {
+  try {
+    if (request.getResponseHeader("X-Firefox-Spdy") == "h2") {
+      if (request.getResponseHeader("X-Connection-Http2") == "yes") {
+        return true;
+      }
+      return false; // Weird case, but the server disagrees with us
+    }
+  } catch (e) {
+    // Nothing to do here
+  }
+  return false;
+}
+
+var Http2CheckListener = function () {};
+
+Http2CheckListener.prototype = {
+  onStartRequestFired: false,
+  onDataAvailableFired: false,
+  isHttp2Connection: false,
+  shouldBeHttp2: true,
+  accum: 0,
+  expected: -1,
+  shouldSucceed: true,
+
+  onStartRequest: function testOnStartRequest(request) {
+    this.onStartRequestFired = true;
+    if (this.shouldSucceed && !Components.isSuccessCode(request.status)) {
+      do_throw("Channel should have a success code! (" + request.status + ")");
+    } else if (
+      !this.shouldSucceed &&
+      Components.isSuccessCode(request.status)
+    ) {
+      do_throw("Channel succeeded unexpectedly!");
+    }
+
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.requestSucceeded, this.shouldSucceed);
+    if (this.shouldSucceed) {
+      Assert.equal(request.responseStatus, 200);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    this.isHttp2Connection = checkIsHttp2(request);
+    this.accum += cnt;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.ok(this.onStartRequestFired);
+    if (this.expected != -1) {
+      Assert.equal(this.accum, this.expected);
+    }
+
+    if (this.shouldSucceed) {
+      Assert.ok(Components.isSuccessCode(status));
+      Assert.ok(this.onDataAvailableFired);
+      Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+    } else {
+      Assert.ok(!Components.isSuccessCode(status));
+    }
+    request.QueryInterface(Ci.nsIProxiedChannel);
+    var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+    this.finish({ httpProxyConnectResponseCode });
+  },
+};
+
+/*
+ * Support for testing valid multiplexing of streams
+ */
+
+var multiplexContent = generateContent(30 * 1024);
+
+/* Listener class to control the testing of multiplexing */
+var Http2MultiplexListener = function () {};
+
+Http2MultiplexListener.prototype = new Http2CheckListener();
+
+Http2MultiplexListener.prototype.streamID = 0;
+Http2MultiplexListener.prototype.buffer = "";
+
+Http2MultiplexListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  this.streamID = parseInt(request.getResponseHeader("X-Http2-StreamID"));
+  var data = read_stream(stream, cnt);
+  this.buffer = this.buffer.concat(data);
+};
+
+Http2MultiplexListener.prototype.onStopRequest = function (request, status) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection);
+  Assert.ok(this.buffer == multiplexContent);
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  // This is what does most of the hard work for us
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  var streamID = this.streamID;
+  this.finish({ httpProxyConnectResponseCode, streamID });
+};
+
+// Does the appropriate checks for header gatewaying
+var Http2HeaderListener = function (name, callback) {
+  this.name = name;
+  this.callback = callback;
+};
+
+Http2HeaderListener.prototype = new Http2CheckListener();
+Http2HeaderListener.prototype.value = "";
+
+Http2HeaderListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  var hvalue = request.getResponseHeader(this.name);
+  Assert.notEqual(hvalue, "");
+  this.callback(hvalue);
+  read_stream(stream, cnt);
+};
+
+var Http2PushListener = function (shouldBePushed) {
+  this.shouldBePushed = shouldBePushed;
+};
+
+Http2PushListener.prototype = new Http2CheckListener();
+
+Http2PushListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  if (
+    request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/push.js` ||
+    request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/push2.js` ||
+    request.originalURI.spec == `https://localhost:${this.serverPort}/push5.js`
+  ) {
+    Assert.equal(
+      request.getResponseHeader("pushed"),
+      this.shouldBePushed ? "yes" : "no"
+    );
+  }
+  read_stream(stream, cnt);
+};
+
+const pushHdrTxt =
+  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
+const pullHdrTxt = pushHdrTxt.split("").reverse().join("");
+
+function checkContinuedHeaders(getHeader, headerPrefix, headerText) {
+  for (var i = 0; i < 265; i++) {
+    Assert.equal(getHeader(headerPrefix + 1), headerText);
+  }
+}
+
+var Http2ContinuedHeaderListener = function () {};
+
+Http2ContinuedHeaderListener.prototype = new Http2CheckListener();
+
+Http2ContinuedHeaderListener.prototype.onStopsLeft = 2;
+
+Http2ContinuedHeaderListener.prototype.QueryInterface = ChromeUtils.generateQI([
+  "nsIHttpPushListener",
+  "nsIStreamListener",
+]);
+
+Http2ContinuedHeaderListener.prototype.getInterface = function (aIID) {
+  return this.QueryInterface(aIID);
+};
+
+Http2ContinuedHeaderListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  if (
+    request.originalURI.spec ==
+    `https://localhost:${this.serverPort}/continuedheaders`
+  ) {
+    // This is the original request, so the only one where we'll have continued response headers
+    checkContinuedHeaders(
+      request.getResponseHeader,
+      "X-Pull-Test-Header-",
+      pullHdrTxt
+    );
+  }
+  read_stream(stream, cnt);
+};
+
+Http2ContinuedHeaderListener.prototype.onStopRequest = function (
+  request,
+  status
+) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(Components.isSuccessCode(status));
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection);
+
+  --this.onStopsLeft;
+  if (this.onStopsLeft === 0) {
+    request.QueryInterface(Ci.nsIProxiedChannel);
+    var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+    this.finish({ httpProxyConnectResponseCode });
+  }
+};
+
+Http2ContinuedHeaderListener.prototype.onPush = function (
+  associatedChannel,
+  pushChannel
+) {
+  Assert.equal(
+    associatedChannel.originalURI.spec,
+    "https://localhost:" + this.serverPort + "/continuedheaders"
+  );
+  Assert.equal(pushChannel.getRequestHeader("x-pushed-request"), "true");
+  checkContinuedHeaders(
+    pushChannel.getRequestHeader,
+    "X-Push-Test-Header-",
+    pushHdrTxt
+  );
+
+  pushChannel.asyncOpen(this);
+};
+
+// Does the appropriate checks for a large GET response
+var Http2BigListener = function () {};
+
+Http2BigListener.prototype = new Http2CheckListener();
+Http2BigListener.prototype.buffer = "";
+
+Http2BigListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  this.buffer = this.buffer.concat(read_stream(stream, cnt));
+  // We know the server should send us the same data as our big post will be,
+  // so the md5 should be the same
+  Assert.equal(bigListenerMD5, request.getResponseHeader("X-Expected-MD5"));
+};
+
+Http2BigListener.prototype.onStopRequest = function (request, status) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection);
+
+  // Don't want to flood output, so don't use do_check_eq
+  Assert.ok(this.buffer == bigListenerData);
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  this.finish({ httpProxyConnectResponseCode });
+};
+
+var Http2HugeSuspendedListener = function () {};
+
+Http2HugeSuspendedListener.prototype = new Http2CheckListener();
+Http2HugeSuspendedListener.prototype.count = 0;
+
+Http2HugeSuspendedListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  this.count += cnt;
+  read_stream(stream, cnt);
+};
+
+Http2HugeSuspendedListener.prototype.onStopRequest = function (
+  request,
+  status
+) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection);
+  Assert.equal(this.count, 1024 * 1024 * 1); // 1mb of data expected
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  this.finish({ httpProxyConnectResponseCode });
+};
+
+// Does the appropriate checks for POSTs
+var Http2PostListener = function (expected_md5) {
+  this.expected_md5 = expected_md5;
+};
+
+Http2PostListener.prototype = new Http2CheckListener();
+Http2PostListener.prototype.expected_md5 = "";
+
+Http2PostListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.isHttp2Connection = checkIsHttp2(request);
+  read_stream(stream, cnt);
+  Assert.equal(
+    this.expected_md5,
+    request.getResponseHeader("X-Calculated-MD5")
+  );
+};
+
+var ResumeStalledChannelListener = function () {};
+
+ResumeStalledChannelListener.prototype = {
+  onStartRequestFired: false,
+  onDataAvailableFired: false,
+  isHttp2Connection: false,
+  shouldBeHttp2: true,
+  resumable: null,
+
+  onStartRequest: function testOnStartRequest(request) {
+    this.onStartRequestFired = true;
+    if (!Components.isSuccessCode(request.status)) {
+      do_throw("Channel should have a success code! (" + request.status + ")");
+    }
+
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.responseStatus, 200);
+    Assert.equal(request.requestSucceeded, true);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    this.isHttp2Connection = checkIsHttp2(request);
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.ok(this.onStartRequestFired);
+    Assert.ok(Components.isSuccessCode(status));
+    Assert.ok(this.onDataAvailableFired);
+    Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+    this.resumable.resume();
+  },
+};
+
+// test a large download that creates stream flow control and
+// confirm we can do another independent stream while the download
+// stream is stuck
+async function test_http2_blocking_download(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/bigdownload`);
+  var internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+  internalChannel.initialRwin = 500000; // make the stream.suspend push back in h2
+  var p = new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    listener.expected = 3 * 1024 * 1024;
+    chan.asyncOpen(listener);
+    chan.suspend();
+  });
+  // wait 5 seconds so that stream flow control kicks in and then see if we
+  // can do a basic transaction (i.e. session not blocked). afterwards resume
+  // channel
+  do_timeout(5000, function () {
+    var simpleChannel = makeHTTPChannel(`https://localhost:${serverPort}/`);
+    var sl = new ResumeStalledChannelListener();
+    sl.resumable = chan;
+    simpleChannel.asyncOpen(sl);
+  });
+  return p;
+}
+
+// Make sure we make a HTTP2 connection and both us and the server mark it as such
+async function test_http2_basic(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/`);
+  var p = new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+  return p;
+}
+
+async function test_http2_basic_unblocked_dep(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/basic_unblocked_dep`
+  );
+  var cos = chan.QueryInterface(Ci.nsIClassOfService);
+  cos.addClassFlags(Ci.nsIClassOfService.Unblocked);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+// make sure we don't use h2 when disallowed
+async function test_http2_nospdy(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/`);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    var internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowSpdy = false;
+    listener.shouldBeHttp2 = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+// Support for making sure XHR works over SPDY
+function checkXhr(xhr, finish) {
+  if (xhr.readyState != 4) {
+    return;
+  }
+
+  Assert.equal(xhr.status, 200);
+  Assert.equal(checkIsHttp2(xhr), true);
+  finish();
+}
+
+// Fires off an XHR request over h2
+async function test_http2_xhr(serverPort) {
+  return new Promise(resolve => {
+    var req = new XMLHttpRequest();
+    req.open("GET", `https://localhost:${serverPort}/`, true);
+    req.addEventListener("readystatechange", function (evt) {
+      checkXhr(req, resolve);
+    });
+    req.send(null);
+  });
+}
+
+var Http2ConcurrentListener = function () {};
+
+Http2ConcurrentListener.prototype = new Http2CheckListener();
+Http2ConcurrentListener.prototype.count = 0;
+Http2ConcurrentListener.prototype.target = 0;
+Http2ConcurrentListener.prototype.reset = 0;
+Http2ConcurrentListener.prototype.recvdHdr = 0;
+
+Http2ConcurrentListener.prototype.onStopRequest = function (request, status) {
+  this.count++;
+  Assert.ok(this.isHttp2Connection);
+  if (this.recvdHdr > 0) {
+    Assert.equal(request.getResponseHeader("X-Recvd"), this.recvdHdr);
+  }
+
+  if (this.count == this.target) {
+    if (this.reset > 0) {
+      Services.prefs.setIntPref(
+        "network.http.http2.default-concurrent",
+        this.reset
+      );
+    }
+    request.QueryInterface(Ci.nsIProxiedChannel);
+    var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+    this.finish({ httpProxyConnectResponseCode });
+  }
+};
+
+async function test_http2_concurrent(concurrent_channels, serverPort) {
+  var p = new Promise(resolve => {
+    var concurrent_listener = new Http2ConcurrentListener();
+    concurrent_listener.finish = resolve;
+    concurrent_listener.target = 201;
+    concurrent_listener.reset = Services.prefs.getIntPref(
+      "network.http.http2.default-concurrent"
+    );
+    Services.prefs.setIntPref("network.http.http2.default-concurrent", 100);
+
+    for (var i = 0; i < concurrent_listener.target; i++) {
+      concurrent_channels[i] = makeHTTPChannel(
+        `https://localhost:${serverPort}/750ms`
+      );
+      concurrent_channels[i].loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+      concurrent_channels[i].asyncOpen(concurrent_listener);
+    }
+  });
+  return p;
+}
+
+async function test_http2_concurrent_post(concurrent_channels, serverPort) {
+  return new Promise(resolve => {
+    var concurrent_listener = new Http2ConcurrentListener();
+    concurrent_listener.finish = resolve;
+    concurrent_listener.target = 8;
+    concurrent_listener.recvdHdr = posts[2].length;
+    concurrent_listener.reset = Services.prefs.getIntPref(
+      "network.http.http2.default-concurrent"
+    );
+    Services.prefs.setIntPref("network.http.http2.default-concurrent", 3);
+
+    for (var i = 0; i < concurrent_listener.target; i++) {
+      concurrent_channels[i] = makeHTTPChannel(
+        `https://localhost:${serverPort}/750msPost`
+      );
+      concurrent_channels[i].loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+      var stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+        Ci.nsIStringInputStream
+      );
+      stream.data = posts[2];
+      var uchan = concurrent_channels[i].QueryInterface(Ci.nsIUploadChannel);
+      uchan.setUploadStream(stream, "text/plain", stream.available());
+      concurrent_channels[i].requestMethod = "POST";
+      concurrent_channels[i].asyncOpen(concurrent_listener);
+    }
+  });
+}
+
+// Test to make sure we get multiplexing right
+async function test_http2_multiplex(serverPort) {
+  let chan1 = makeHTTPChannel(`https://localhost:${serverPort}/multiplex1`);
+  let chan2 = makeHTTPChannel(`https://localhost:${serverPort}/multiplex2`);
+  let listener1 = new Http2MultiplexListener();
+  let listener2 = new Http2MultiplexListener();
+
+  let promises = [];
+  let p1 = new Promise(resolve => {
+    listener1.finish = resolve;
+  });
+  promises.push(p1);
+  let p2 = new Promise(resolve => {
+    listener2.finish = resolve;
+  });
+  promises.push(p2);
+
+  chan1.asyncOpen(listener1);
+  chan2.asyncOpen(listener2);
+  return Promise.all(promises);
+}
+
+// Test to make sure we gateway non-standard headers properly
+async function test_http2_header(serverPort) {
+  let chan = makeHTTPChannel(`https://localhost:${serverPort}/header`);
+  let hvalue = "Headers are fun";
+  chan.setRequestHeader("X-Test-Header", hvalue, false);
+  return new Promise(resolve => {
+    let listener = new Http2HeaderListener("X-Received-Test-Header", function (
+      received_hvalue
+    ) {
+      Assert.equal(received_hvalue, hvalue);
+    });
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+// Test to make sure headers with invalid characters in the name are rejected
+async function test_http2_invalid_response_header(serverPort, invalid_kind) {
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    listener.shouldSucceed = false;
+    var chan = makeHTTPChannel(
+      `https://localhost:${serverPort}/invalid_response_header/${invalid_kind}`
+    );
+    chan.asyncOpen(listener);
+  });
+}
+
+// Test to make sure cookies are split into separate fields before compression
+async function test_http2_cookie_crumbling(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/cookie_crumbling`
+  );
+  var cookiesSent = ["a=b", "c=d01234567890123456789", "e=f"].sort();
+  chan.setRequestHeader("Cookie", cookiesSent.join("; "), false);
+  return new Promise(resolve => {
+    var listener = new Http2HeaderListener("X-Received-Header-Pairs", function (
+      pairsReceived
+    ) {
+      var cookiesReceived = JSON.parse(pairsReceived)
+        .filter(function (pair) {
+          return pair[0] == "cookie";
+        })
+        .map(function (pair) {
+          return pair[1];
+        })
+        .sort();
+      Assert.equal(cookiesReceived.length, cookiesSent.length);
+      cookiesReceived.forEach(function (cookieReceived, index) {
+        Assert.equal(cookiesSent[index], cookieReceived);
+      });
+    });
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push1(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push2(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push.js`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push3(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push2`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push4(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push2.js`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push5(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push5`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push6(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push5.js`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+// this is a basic test where the server sends a simple document with 2 header
+// blocks. bug 1027364
+async function test_http2_doubleheader(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/doubleheader`);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+// Make sure we handle GETs that cover more than 2 frames properly
+async function test_http2_big(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/big`);
+  return new Promise(resolve => {
+    var listener = new Http2BigListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_huge_suspended(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/huge`);
+  return new Promise(resolve => {
+    var listener = new Http2HugeSuspendedListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+    chan.suspend();
+    do_timeout(500, chan.resume);
+  });
+}
+
+// Support for doing a POST
+function do_post(content, chan, listener, method) {
+  var stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = content;
+
+  var uchan = chan.QueryInterface(Ci.nsIUploadChannel);
+  uchan.setUploadStream(stream, "text/plain", stream.available());
+
+  chan.requestMethod = method;
+
+  chan.asyncOpen(listener);
+}
+
+// Make sure we can do a simple POST
+async function test_http2_post(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/post`);
+  var p = new Promise(resolve => {
+    var listener = new Http2PostListener(md5s[0]);
+    listener.finish = resolve;
+    do_post(posts[0], chan, listener, "POST");
+  });
+  return p;
+}
+
+async function test_http2_empty_post(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/post`);
+  var p = new Promise(resolve => {
+    var listener = new Http2PostListener("0");
+    listener.finish = resolve;
+    do_post("", chan, listener, "POST");
+  });
+  return p;
+}
+
+// Make sure we can do a simple PATCH
+async function test_http2_patch(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/patch`);
+  return new Promise(resolve => {
+    var listener = new Http2PostListener(md5s[0]);
+    listener.finish = resolve;
+    do_post(posts[0], chan, listener, "PATCH");
+  });
+}
+
+// Make sure we can do a POST that covers more than 2 frames
+async function test_http2_post_big(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/post`);
+  return new Promise(resolve => {
+    var listener = new Http2PostListener(md5s[1]);
+    listener.finish = resolve;
+    do_post(posts[1], chan, listener, "POST");
+  });
+}
+
+// When a http proxy is used alt-svc is disable. Therefore if withProxy is true,
+// try numberOfTries times to connect and make sure that alt-svc is not use and we never
+// connect to the HTTP/2 server.
+var altsvcClientListener = function (
+  finish,
+  httpserv,
+  httpserv2,
+  withProxy,
+  numberOfTries
+) {
+  this.finish = finish;
+  this.httpserv = httpserv;
+  this.httpserv2 = httpserv2;
+  this.withProxy = withProxy;
+  this.numberOfTries = numberOfTries;
+};
+
+altsvcClientListener.prototype = {
+  onStartRequest: function test_onStartR(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+  },
+
+  onDataAvailable: function test_ODA(request, stream, offset, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    var isHttp2Connection = checkIsHttp2(
+      request.QueryInterface(Ci.nsIHttpChannel)
+    );
+    if (!isHttp2Connection) {
+      dump("/altsvc1 not over h2 yet - retry\n");
+      if (this.withProxy && this.numberOfTries == 0) {
+        request.QueryInterface(Ci.nsIProxiedChannel);
+        var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+        this.finish({ httpProxyConnectResponseCode });
+        return;
+      }
+      let chan = makeHTTPChannel(
+        `http://foo.example.com:${this.httpserv}/altsvc1`,
+        this.withProxy
+      ).QueryInterface(Ci.nsIHttpChannel);
+      // we use this header to tell the server to issue a altsvc frame for the
+      // speficied origin we will use in the next part of the test
+      chan.setRequestHeader(
+        "x-redirect-origin",
+        `http://foo.example.com:${this.httpserv2}`,
+        false
+      );
+      chan.loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+      chan.asyncOpen(
+        new altsvcClientListener(
+          this.finish,
+          this.httpserv,
+          this.httpserv2,
+          this.withProxy,
+          this.numberOfTries - 1
+        )
+      );
+    } else {
+      Assert.ok(isHttp2Connection);
+      let chan = makeHTTPChannel(
+        `http://foo.example.com:${this.httpserv2}/altsvc2`
+      ).QueryInterface(Ci.nsIHttpChannel);
+      chan.loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+      chan.asyncOpen(
+        new altsvcClientListener2(this.finish, this.httpserv, this.httpserv2)
+      );
+    }
+  },
+};
+
+var altsvcClientListener2 = function (finish, httpserv, httpserv2) {
+  this.finish = finish;
+  this.httpserv = httpserv;
+  this.httpserv2 = httpserv2;
+};
+
+altsvcClientListener2.prototype = {
+  onStartRequest: function test_onStartR(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+  },
+
+  onDataAvailable: function test_ODA(request, stream, offset, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    var isHttp2Connection = checkIsHttp2(
+      request.QueryInterface(Ci.nsIHttpChannel)
+    );
+    if (!isHttp2Connection) {
+      dump("/altsvc2 not over h2 yet - retry\n");
+      var chan = makeHTTPChannel(
+        `http://foo.example.com:${this.httpserv2}/altsvc2`
+      ).QueryInterface(Ci.nsIHttpChannel);
+      chan.loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+      chan.asyncOpen(
+        new altsvcClientListener2(this.finish, this.httpserv, this.httpserv2)
+      );
+    } else {
+      Assert.ok(isHttp2Connection);
+      request.QueryInterface(Ci.nsIProxiedChannel);
+      var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+      this.finish({ httpProxyConnectResponseCode });
+    }
+  },
+};
+
+async function test_http2_altsvc(httpserv, httpserv2, withProxy) {
+  var chan = makeHTTPChannel(
+    `http://foo.example.com:${httpserv}/altsvc1`,
+    withProxy
+  ).QueryInterface(Ci.nsIHttpChannel);
+  return new Promise(resolve => {
+    var numberOfTries = 0;
+    if (withProxy) {
+      numberOfTries = 20;
+    }
+    chan.asyncOpen(
+      new altsvcClientListener(
+        resolve,
+        httpserv,
+        httpserv2,
+        withProxy,
+        numberOfTries
+      )
+    );
+  });
+}
+
+var Http2PushApiListener = function (finish, serverPort) {
+  this.finish = finish;
+  this.serverPort = serverPort;
+};
+
+Http2PushApiListener.prototype = {
+  checksPending: 9, // 4 onDataAvailable and 5 onStop
+
+  getInterface(aIID) {
+    return this.QueryInterface(aIID);
+  },
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIHttpPushListener",
+    "nsIStreamListener",
+  ]),
+
+  // nsIHttpPushListener
+  onPush: function onPush(associatedChannel, pushChannel) {
+    Assert.equal(
+      associatedChannel.originalURI.spec,
+      "https://localhost:" + this.serverPort + "/pushapi1"
+    );
+    Assert.equal(pushChannel.getRequestHeader("x-pushed-request"), "true");
+
+    pushChannel.asyncOpen(this);
+    if (
+      pushChannel.originalURI.spec ==
+      "https://localhost:" + this.serverPort + "/pushapi1/2"
+    ) {
+      pushChannel.cancel(Cr.NS_ERROR_ABORT);
+    } else if (
+      pushChannel.originalURI.spec ==
+      "https://localhost:" + this.serverPort + "/pushapi1/3"
+    ) {
+      Assert.ok(pushChannel.getRequestHeader("Accept-Encoding").includes("br"));
+    }
+  },
+
+  // normal Channel listeners
+  onStartRequest: function pushAPIOnStart(request) {},
+
+  onDataAvailable: function pushAPIOnDataAvailable(
+    request,
+    stream,
+    offset,
+    cnt
+  ) {
+    Assert.notEqual(
+      request.originalURI.spec,
+      `https://localhost:${this.serverPort}/pushapi1/2`
+    );
+
+    var data = read_stream(stream, cnt);
+
+    if (
+      request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/pushapi1`
+    ) {
+      Assert.equal(data[0], "0");
+      --this.checksPending;
+    } else if (
+      request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/pushapi1/1`
+    ) {
+      Assert.equal(data[0], "1");
+      --this.checksPending; // twice
+    } else if (
+      request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/pushapi1/3`
+    ) {
+      Assert.equal(data[0], "3");
+      --this.checksPending;
+    } else {
+      Assert.equal(true, false);
+    }
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    if (
+      request.originalURI.spec ==
+      `https://localhost:${this.serverPort}/pushapi1/2`
+    ) {
+      Assert.equal(request.status, Cr.NS_ERROR_ABORT);
+    } else {
+      Assert.equal(request.status, Cr.NS_OK);
+    }
+
+    --this.checksPending; // 5 times - one for each push plus the pull
+    if (!this.checksPending) {
+      request.QueryInterface(Ci.nsIProxiedChannel);
+      var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+      this.finish({ httpProxyConnectResponseCode });
+    }
+  },
+};
+
+// pushAPI testcase 1 expects
+// 1 to pull /pushapi1 with 0
+// 2 to see /pushapi1/1 with 1
+// 3 to see /pushapi1/1 with 1 (again)
+// 4 to see /pushapi1/2 that it will cancel
+// 5 to see /pushapi1/3 with 3 with brotli
+
+async function test_http2_pushapi_1(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/pushapi1`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2PushApiListener(resolve, serverPort);
+    chan.notificationCallbacks = listener;
+    chan.asyncOpen(listener);
+  });
+}
+
+var WrongSuiteListener = function () {};
+
+WrongSuiteListener.prototype = new Http2CheckListener();
+WrongSuiteListener.prototype.shouldBeHttp2 = false;
+WrongSuiteListener.prototype.onStopRequest = function (request, status) {
+  Services.prefs.setBoolPref(
+    "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+    true
+  );
+  Services.prefs.clearUserPref("security.tls.version.max");
+  Http2CheckListener.prototype.onStopRequest.call(this, request, status);
+};
+
+// test that we use h1 without the mandatory cipher suite available when
+// offering at most tls1.2
+async function test_http2_wrongsuite_tls12(serverPort) {
+  Services.prefs.setBoolPref(
+    "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+    false
+  );
+  Services.prefs.setIntPref("security.tls.version.max", 3);
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/wrongsuite`);
+  chan.loadFlags =
+    Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+    Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return new Promise(resolve => {
+    var listener = new WrongSuiteListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+// test that we use h2 when offering tls1.3 or higher regardless of if the
+// mandatory cipher suite is available
+async function test_http2_wrongsuite_tls13(serverPort) {
+  Services.prefs.setBoolPref(
+    "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+    false
+  );
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/wrongsuite`);
+  chan.loadFlags =
+    Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+    Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return new Promise(resolve => {
+    var listener = new WrongSuiteListener();
+    listener.finish = resolve;
+    listener.shouldBeHttp2 = true;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_h11required_stream(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/h11required_stream`
+  );
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    listener.shouldBeHttp2 = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+function H11RequiredSessionListener() {}
+
+H11RequiredSessionListener.prototype = new Http2CheckListener();
+
+H11RequiredSessionListener.prototype.onStopRequest = function (
+  request,
+  status
+) {
+  var streamReused = request.getResponseHeader("X-H11Required-Stream-Ok");
+  Assert.equal(streamReused, "yes");
+
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  this.finish({ httpProxyConnectResponseCode });
+};
+
+async function test_http2_h11required_session(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/h11required_session`
+  );
+  return new Promise(resolve => {
+    var listener = new H11RequiredSessionListener();
+    listener.finish = resolve;
+    listener.shouldBeHttp2 = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_retry_rst(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/rstonce`);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_continuations(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/continuedheaders`
+  );
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2ContinuedHeaderListener();
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.notificationCallbacks = listener;
+    chan.asyncOpen(listener);
+  });
+}
+
+function Http2IllegalHpackValidationListener() {}
+
+Http2IllegalHpackValidationListener.prototype = new Http2CheckListener();
+Http2IllegalHpackValidationListener.prototype.shouldGoAway = false;
+
+Http2IllegalHpackValidationListener.prototype.onStopRequest = function (
+  request,
+  status
+) {
+  var wentAway = request.getResponseHeader("X-Did-Goaway") === "yes";
+  Assert.equal(wentAway, this.shouldGoAway);
+
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  var httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  this.finish({ httpProxyConnectResponseCode });
+};
+
+function Http2IllegalHpackListener() {}
+Http2IllegalHpackListener.prototype = new Http2CheckListener();
+Http2IllegalHpackListener.prototype.shouldGoAway = false;
+
+Http2IllegalHpackListener.prototype.onStopRequest = function (request, status) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${this.serverPort}/illegalhpack_validate`
+  );
+  var listener = new Http2IllegalHpackValidationListener();
+  listener.finish = this.finish;
+  listener.shouldGoAway = this.shouldGoAway;
+  chan.asyncOpen(listener);
+};
+
+async function test_http2_illegalhpacksoft(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/illegalhpacksoft`
+  );
+  return new Promise(resolve => {
+    var listener = new Http2IllegalHpackListener();
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    listener.shouldGoAway = false;
+    listener.shouldSucceed = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_illegalhpackhard(serverPort) {
+  var chan = makeHTTPChannel(
+    `https://localhost:${serverPort}/illegalhpackhard`
+  );
+  return new Promise(resolve => {
+    var listener = new Http2IllegalHpackListener();
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    listener.shouldGoAway = true;
+    listener.shouldSucceed = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_folded_header(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/foldedheader`);
+  chan.loadGroup = loadGroup;
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    listener.shouldSucceed = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_empty_data(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/emptydata`);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_firstparty1(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { firstPartyDomain: "foo.com" };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_firstparty2(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push.js`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { firstPartyDomain: "bar.com" };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(false);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_firstparty3(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push.js`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { firstPartyDomain: "foo.com" };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_userContext1(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { userContextId: 1 };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_userContext2(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push.js`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { userContextId: 2 };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(false);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_push_userContext3(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/push.js`);
+  chan.loadGroup = loadGroup;
+  chan.loadInfo.originAttributes = { userContextId: 1 };
+  return new Promise(resolve => {
+    var listener = new Http2PushListener(true);
+    listener.finish = resolve;
+    listener.serverPort = serverPort;
+    chan.asyncOpen(listener);
+  });
+}
+
+async function test_http2_status_phrase(serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/statusphrase`);
+  return new Promise(resolve => {
+    var listener = new Http2CheckListener();
+    listener.finish = resolve;
+    listener.shouldSucceed = false;
+    chan.asyncOpen(listener);
+  });
+}
+
+var PulledDiskCacheListener = function () {};
+PulledDiskCacheListener.prototype = new Http2CheckListener();
+PulledDiskCacheListener.prototype.EXPECTED_DATA = "this was pulled via h2";
+PulledDiskCacheListener.prototype.readData = "";
+PulledDiskCacheListener.prototype.onDataAvailable =
+  function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    this.isHttp2Connection = checkIsHttp2(request);
+    this.accum += cnt;
+    this.readData += read_stream(stream, cnt);
+  };
+PulledDiskCacheListener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  Assert.equal(this.EXPECTED_DATA, this.readData);
+  Http2CheckListener.prorotype.onStopRequest.call(this, request, status);
+};
+
+const DISK_CACHE_DATA = "this is from disk cache";
+
+var FromDiskCacheListener = function (finish, loadGroup, serverPort) {
+  this.finish = finish;
+  this.loadGroup = loadGroup;
+  this.serverPort = serverPort;
+};
+FromDiskCacheListener.prototype = {
+  onStartRequestFired: false,
+  onDataAvailableFired: false,
+  readData: "",
+
+  onStartRequest: function testOnStartRequest(request) {
+    this.onStartRequestFired = true;
+    if (!Components.isSuccessCode(request.status)) {
+      do_throw("Channel should have a success code! (" + request.status + ")");
+    }
+
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.ok(request.requestSucceeded);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    this.readData += read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.ok(this.onStartRequestFired);
+    Assert.ok(Components.isSuccessCode(status));
+    Assert.ok(this.onDataAvailableFired);
+    Assert.equal(this.readData, DISK_CACHE_DATA);
+
+    evict_cache_entries("disk");
+    syncWithCacheIOThread(() => {
+      // Now that we know the entry is out of the disk cache, check to make sure
+      // we don't have this hiding in the push cache somewhere - if we do, it
+      // didn't get cancelled, and we have a bug.
+      var chan = makeHTTPChannel(
+        `https://localhost:${this.serverPort}/diskcache`
+      );
+      var listener = new PulledDiskCacheListener();
+      listener.finish = this.finish;
+      chan.loadGroup = this.loadGroup;
+      chan.asyncOpen(listener);
+    });
+  },
+};
+
+var Http2DiskCachePushListener = function () {};
+Http2DiskCachePushListener.prototype = new Http2CheckListener();
+
+Http2DiskCachePushListener.onStopRequest = function (request, status) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(Components.isSuccessCode(status));
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+
+  // Now we need to open a channel to ensure we get data from the disk cache
+  // for the pushed item, instead of from the push cache.
+  var chan = makeHTTPChannel(`https://localhost:${this.serverPort}/diskcache`);
+  var listener = new FromDiskCacheListener(
+    this.finish,
+    this.loadGroup,
+    this.serverPort
+  );
+  chan.loadGroup = this.loadGroup;
+  chan.asyncOpen(listener);
+};
+
+function continue_test_http2_disk_cache_push(
+  status,
+  entry,
+  finish,
+  loadGroup,
+  serverPort
+) {
+  // TODO - store stuff in cache entry, then open an h2 channel that will push
+  // this, once that completes, open a channel for the cache entry we made and
+  // ensure it came from disk cache, not the push cache.
+  var outputStream = entry.openOutputStream(0, -1);
+  outputStream.write(DISK_CACHE_DATA, DISK_CACHE_DATA.length);
+
+  // Now we open our URL that will push data for the URL above
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/pushindisk`);
+  var listener = new Http2DiskCachePushListener();
+  listener.finish = finish;
+  listener.loadGroup = loadGroup;
+  listener.serverPort = serverPort;
+  chan.loadGroup = loadGroup;
+  chan.asyncOpen(listener);
+}
+
+async function test_http2_disk_cache_push(loadGroup, serverPort) {
+  return new Promise(resolve => {
+    asyncOpenCacheEntry(
+      `https://localhost:${serverPort}/diskcache`,
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      function (status, entry) {
+        continue_test_http2_disk_cache_push(
+          status,
+          entry,
+          resolve,
+          loadGroup,
+          serverPort
+        );
+      },
+      false
+    );
+  });
+}
+
+var Http2DoublepushListener = function () {};
+Http2DoublepushListener.prototype = new Http2CheckListener();
+Http2DoublepushListener.prototype.onStopRequest = function (request, status) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(Components.isSuccessCode(status));
+  Assert.ok(this.onDataAvailableFired);
+  Assert.ok(this.isHttp2Connection == this.shouldBeHttp2);
+
+  var chan = makeHTTPChannel(
+    `https://localhost:${this.serverPort}/doublypushed`
+  );
+  var listener = new Http2DoublypushedListener();
+  listener.finish = this.finish;
+  chan.loadGroup = this.loadGroup;
+  chan.asyncOpen(listener);
+};
+
+var Http2DoublypushedListener = function () {};
+Http2DoublypushedListener.prototype = new Http2CheckListener();
+Http2DoublypushedListener.prototype.readData = "";
+Http2DoublypushedListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.accum += cnt;
+  this.readData += read_stream(stream, cnt);
+};
+Http2DoublypushedListener.prototype.onStopRequest = function (request, status) {
+  Assert.ok(this.onStartRequestFired);
+  Assert.ok(Components.isSuccessCode(status));
+  Assert.ok(this.onDataAvailableFired);
+  Assert.equal(this.readData, "pushed");
+
+  request.QueryInterface(Ci.nsIProxiedChannel);
+  let httpProxyConnectResponseCode = request.httpProxyConnectResponseCode;
+  this.finish({ httpProxyConnectResponseCode });
+};
+
+function test_http2_doublepush(loadGroup, serverPort) {
+  var chan = makeHTTPChannel(`https://localhost:${serverPort}/doublepush`);
+  return new Promise(resolve => {
+    var listener = new Http2DoublepushListener();
+    listener.finish = resolve;
+    listener.loadGroup = loadGroup;
+    listener.serverPort = serverPort;
+    chan.loadGroup = loadGroup;
+    chan.asyncOpen(listener);
+  });
+}
diff --git a/netwerk/test/unit/node_execute/test_node_execute_loop.js b/netwerk/test/unit/node_execute/test_node_execute_loop.js
new file mode 100644
index 0000000000..10400b8b54
--- /dev/null
+++ b/netwerk/test/unit/node_execute/test_node_execute_loop.js
@@ -0,0 +1,22 @@
+// This test checks that the interaction between NodeServer.execute defined in
+// httpd.js and the node server that we're interacting with defined in
+// moz-http2.js is working properly.
+// This test spawns a node server that loops on while true and makes sure
+// the the process group is killed by runxpcshelltests.py at exit.
+// See bug 1855174
+
+"use strict";
+
+const { NodeServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+add_task(async function killOnEnd() {
+  let id = await NodeServer.fork();
+  await NodeServer.execute(id, `console.log("hello");`);
+  await NodeServer.execute(id, `console.error("hello");`);
+  // Make the forked subprocess hang forever.
+  NodeServer.execute(id, "while (true) {}").catch(e => {});
+  await new Promise(resolve => do_timeout(10, resolve));
+  // Should get killed at the end of the test by the harness.
+});
diff --git a/netwerk/test/unit/node_execute/xpcshell.toml b/netwerk/test/unit/node_execute/xpcshell.toml
new file mode 100644
index 0000000000..7d881a3bda
--- /dev/null
+++ b/netwerk/test/unit/node_execute/xpcshell.toml
@@ -0,0 +1,5 @@
+[DEFAULT]
+
+["test_node_execute_loop.js"]
+run-sequentially = "node server exceptions dont replay well"
+skip-if = ["verify"] # running it once hangs forever so don't run it in a loop.
diff --git a/netwerk/test/unit/perftest.toml b/netwerk/test/unit/perftest.toml
new file mode 100644
index 0000000000..709f6ce7b4
--- /dev/null
+++ b/netwerk/test/unit/perftest.toml
@@ -0,0 +1,3 @@
+[DEFAULT]
+
+["test_http3_perf.js"]
diff --git a/netwerk/test/unit/proxy-ca.pem b/netwerk/test/unit/proxy-ca.pem
new file mode 100644
index 0000000000..5325d8cbd2
--- /dev/null
+++ b/netwerk/test/unit/proxy-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAbygAwIBAgIUW4p+/QPIt/MX8PWl1HdqbTSfjakwDQYJKoZIhvcNAQEL
+BQAwGTEXMBUGA1UEAwwOIFByb3h5IFRlc3QgQ0EwIhgPMjAyMjAxMDEwMDAwMDBa
+GA8yMDMyMDEwMTAwMDAwMFowGTEXMBUGA1UEAwwOIFByb3h5IFRlc3QgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAIeZDX+A8ZhI
+NU+wg2vTMKr5hyd0cOVUgOOWUGmATrgAMuo9Asn29SNcI61nGTrUpDBuDCy8OTQf
+J7Gva5eLmS/c+INpRtLzcCKvkd06bexSKk8naUTuFwtwtS0WQwSV20yUf9mR+UcO
+60U9F2r7dHfgFqXlNhQ1AngXkfMOlrCWw50CyMj7y9fOeJ22Q0JDXzK2UU64tWhi
+e22fSfFCdjRcIPiqdG+BHNQe2M6DYPMgrrEnRqq/3mJsf886FxR1AhqkhYS/tkLZ
+TGSrETajIK62v3qY9LNB8iWv2e0lj0pZlPsTmUWysIXc3fAF6RIu3T8Ypxm5i6sw
+OfmaaMxPV20=
+-----END CERTIFICATE-----
diff --git a/netwerk/test/unit/proxy-ca.pem.certspec b/netwerk/test/unit/proxy-ca.pem.certspec
new file mode 100644
index 0000000000..4e0279143d
--- /dev/null
+++ b/netwerk/test/unit/proxy-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer: Proxy Test CA
+subject: Proxy Test CA
+validity:20220101-20320101
+extension:basicConstraints:cA,
diff --git a/netwerk/test/unit/socks_client_subprocess.js b/netwerk/test/unit/socks_client_subprocess.js
new file mode 100644
index 0000000000..7bd5dc120e
--- /dev/null
+++ b/netwerk/test/unit/socks_client_subprocess.js
@@ -0,0 +1,94 @@
+/* global arguments */
+
+"use strict";
+
+var CC = Components.Constructor;
+
+const BinaryInputStream = CC(
+  "@mozilla.org/binaryinputstream;1",
+  "nsIBinaryInputStream",
+  "setInputStream"
+);
+const ProtocolProxyService = CC(
+  "@mozilla.org/network/protocol-proxy-service;1",
+  "nsIProtocolProxyService"
+);
+var sts = Cc["@mozilla.org/network/socket-transport-service;1"].getService(
+  Ci.nsISocketTransportService
+);
+
+function waitForStream(stream, streamType) {
+  return new Promise((resolve, reject) => {
+    stream = stream.QueryInterface(streamType);
+    if (!stream) {
+      reject("stream didn't implement given stream type");
+    }
+    let currentThread =
+      Cc["@mozilla.org/thread-manager;1"].getService().currentThread;
+    stream.asyncWait(resolve, 0, 0, currentThread);
+  });
+}
+
+async function launchConnection(
+  socks_vers,
+  socks_port,
+  dest_host,
+  dest_port,
+  dns
+) {
+  let pi_flags = 0;
+  if (dns == "remote") {
+    pi_flags = Ci.nsIProxyInfo.TRANSPARENT_PROXY_RESOLVES_HOST;
+  }
+
+  let pps = new ProtocolProxyService();
+  let pi = pps.newProxyInfo(
+    socks_vers,
+    "localhost",
+    socks_port,
+    "",
+    "",
+    pi_flags,
+    -1,
+    null
+  );
+  let trans = sts.createTransport([], dest_host, dest_port, pi, null);
+  let input = trans.openInputStream(0, 0, 0);
+  let output = trans.openOutputStream(0, 0, 0);
+  input = await waitForStream(input, Ci.nsIAsyncInputStream);
+  let bin = new BinaryInputStream(input);
+  let data = bin.readBytes(5);
+  let response;
+  if (data == "PING!") {
+    print("client: got ping, sending pong.");
+    response = "PONG!";
+  } else {
+    print("client: wrong data from server:", data);
+    response = "Error: wrong data received.";
+  }
+  output = await waitForStream(output, Ci.nsIAsyncOutputStream);
+  output.write(response, response.length);
+  output.close();
+  input.close();
+}
+
+async function run(args) {
+  for (let arg of args) {
+    print("client: running test", arg);
+    let test = arg.split("|");
+    await launchConnection(
+      test[0],
+      parseInt(test[1]),
+      test[2],
+      parseInt(test[3]),
+      test[4]
+    );
+  }
+}
+
+var satisfied = false;
+run(arguments).then(() => (satisfied = true));
+var mainThread = Cc["@mozilla.org/thread-manager;1"].getService().mainThread;
+while (!satisfied) {
+  mainThread.processNextEvent(true);
+}
diff --git a/netwerk/test/unit/test_1073747.js b/netwerk/test/unit/test_1073747.js
new file mode 100644
index 0000000000..dd8c597113
--- /dev/null
+++ b/netwerk/test/unit/test_1073747.js
@@ -0,0 +1,42 @@
+// Test based on submitted one from Peter B Shalimoff
+
+"use strict";
+
+var test = function (s, funcName) {
+  function Arg() {}
+  Arg.prototype.toString = function () {
+    info("Testing " + funcName + " with null args");
+    return this.value;
+  };
+  // create a generic arg lits of null, -1, and 10 nulls
+  var args = [s, -1];
+  for (var i = 0; i < 10; ++i) {
+    args.push(new Arg());
+  }
+  var up = Cc["@mozilla.org/network/url-parser;1?auth=maybe"].getService(
+    Ci.nsIURLParser
+  );
+  try {
+    up[funcName].apply(up, args);
+    return args;
+  } catch (x) {
+    Assert.ok(true); // make sure it throws an exception instead of crashing
+    return x;
+  }
+};
+var s = null;
+var funcs = [
+  "parseAuthority",
+  "parseFileName",
+  "parseFilePath",
+  "parsePath",
+  "parseServerInfo",
+  "parseURL",
+  "parseUserInfo",
+];
+
+function run_test() {
+  funcs.forEach(function (f) {
+    test(s, f);
+  });
+}
diff --git a/netwerk/test/unit/test_304_headers.js b/netwerk/test/unit/test_304_headers.js
new file mode 100644
index 0000000000..b3583663bf
--- /dev/null
+++ b/netwerk/test/unit/test_304_headers.js
@@ -0,0 +1,91 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return `http://localhost:${httpServer.identity.primaryPort}/test`;
+});
+
+let httpServer = null;
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function contentHandler(metadata, response) {
+  response.seizePower();
+  let etag = "";
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {}
+
+  if (etag == "test-etag1") {
+    response.write("HTTP/1.1 304 Not Modified\r\n");
+
+    response.write("Link: ; param1=value1\r\n");
+    response.write("Link: ; param2=value2\r\n");
+    response.write("Link: ; param1=value1\r\n");
+    response.write("\r\n");
+    response.finish();
+    return;
+  }
+
+  response.write("HTTP/1.1 200 OK\r\n");
+
+  response.write("ETag: test-etag1\r\n");
+  response.write("Link: ; param1=value1\r\n");
+  response.write("Link: ; param2=value2\r\n");
+  response.write("Link: ; param1=value1\r\n");
+  response.write("\r\n");
+  response.finish();
+}
+
+add_task(async function test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/test", contentHandler);
+  httpServer.start(-1);
+  registerCleanupFunction(async () => {
+    await httpServer.stop();
+  });
+
+  let chan = make_channel(Services.io.newURI(URL));
+  chan.requestMethod = "HEAD";
+  await new Promise(resolve => {
+    chan.asyncOpen({
+      onStopRequest(req, status) {
+        equal(status, Cr.NS_OK);
+        equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+        equal(
+          req.QueryInterface(Ci.nsIHttpChannel).getResponseHeader("Link"),
+          "; param1=value1, ; param2=value2, ; param1=value1"
+        );
+        resolve();
+      },
+      onStartRequest(req) {},
+      onDataAvailable() {},
+    });
+  });
+
+  chan = make_channel(Services.io.newURI(URL));
+  chan.requestMethod = "HEAD";
+  await new Promise(resolve => {
+    chan.asyncOpen({
+      onStopRequest(req, status) {
+        equal(status, Cr.NS_OK);
+        equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+        equal(
+          req.QueryInterface(Ci.nsIHttpChannel).getResponseHeader("Link"),
+          "; param1=value1, ; param2=value2, ; param1=value1"
+        );
+        resolve();
+      },
+      onStartRequest(req) {},
+      onDataAvailable() {},
+    });
+  });
+});
diff --git a/netwerk/test/unit/test_304_responses.js b/netwerk/test/unit/test_304_responses.js
new file mode 100644
index 0000000000..a468eec191
--- /dev/null
+++ b/netwerk/test/unit/test_304_responses.js
@@ -0,0 +1,92 @@
+"use strict";
+// https://bugzilla.mozilla.org/show_bug.cgi?id=761228
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+const testFileName = "test_customConditionalRequest_304";
+const basePath = "/" + testFileName + "/";
+
+ChromeUtils.defineLazyGetter(this, "baseURI", function () {
+  return URL + basePath;
+});
+
+const unexpected304 = "unexpected304";
+const existingCached304 = "existingCached304";
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function alwaysReturn304Handler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+  response.setHeader("Returned-From-Handler", "1");
+}
+
+function run_test() {
+  evict_cache_entries();
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler(
+    basePath + unexpected304,
+    alwaysReturn304Handler
+  );
+  httpServer.registerPathHandler(
+    basePath + existingCached304,
+    alwaysReturn304Handler
+  );
+  httpServer.start(-1);
+  run_next_test();
+}
+
+function consume304(request, buffer) {
+  request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(request.responseStatus, 304);
+  Assert.equal(request.getResponseHeader("Returned-From-Handler"), "1");
+  run_next_test();
+}
+
+// Test that we return a 304 response to the caller when we are not expecting
+// a 304 response (i.e. when the server shouldn't have sent us one).
+add_test(function test_unexpected_304() {
+  var chan = make_channel(baseURI + unexpected304);
+  chan.asyncOpen(new ChannelListener(consume304, null));
+});
+
+// Test that we can cope with a 304 response that was (erroneously) stored in
+// the cache.
+add_test(function test_304_stored_in_cache() {
+  asyncOpenCacheEntry(
+    baseURI + existingCached304,
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    function (entryStatus, cacheEntry) {
+      cacheEntry.setMetaDataElement("request-method", "GET");
+      cacheEntry.setMetaDataElement(
+        "response-head",
+        // eslint-disable-next-line no-useless-concat
+        "HTTP/1.1 304 Not Modified\r\n" + "\r\n"
+      );
+      cacheEntry.metaDataReady();
+      cacheEntry.close();
+
+      var chan = make_channel(baseURI + existingCached304);
+
+      // make it a custom conditional request
+      chan.QueryInterface(Ci.nsIHttpChannel);
+      chan.setRequestHeader("If-None-Match", '"foo"', false);
+
+      chan.asyncOpen(new ChannelListener(consume304, null));
+    }
+  );
+});
diff --git a/netwerk/test/unit/test_307_redirect.js b/netwerk/test/unit/test_307_redirect.js
new file mode 100644
index 0000000000..983884c134
--- /dev/null
+++ b/netwerk/test/unit/test_307_redirect.js
@@ -0,0 +1,95 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+ChromeUtils.defineLazyGetter(this, "uri", function () {
+  return URL + "/redirect";
+});
+
+ChromeUtils.defineLazyGetter(this, "noRedirectURI", function () {
+  return URL + "/content";
+});
+
+var httpserver = null;
+
+function make_channel(url) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const requestBody = "request body";
+
+function redirectHandler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 307, "Moved Temporarily");
+  response.setHeader("Location", noRedirectURI, false);
+}
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.writeFrom(
+    metadata.bodyInputStream,
+    metadata.bodyInputStream.available()
+  );
+}
+
+function noRedirectStreamObserver(request, buffer) {
+  Assert.equal(buffer, requestBody);
+  var chan = make_channel(uri);
+  var uploadStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  uploadStream.setData(requestBody, requestBody.length);
+  chan
+    .QueryInterface(Ci.nsIUploadChannel)
+    .setUploadStream(uploadStream, "text/plain", -1);
+  chan.asyncOpen(new ChannelListener(noHeaderStreamObserver, null));
+}
+
+function noHeaderStreamObserver(request, buffer) {
+  Assert.equal(buffer, requestBody);
+  var chan = make_channel(uri);
+  var uploadStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  var streamBody =
+    "Content-Type: text/plain\r\n" +
+    "Content-Length: " +
+    requestBody.length +
+    "\r\n\r\n" +
+    requestBody;
+  uploadStream.setData(streamBody, streamBody.length);
+  chan
+    .QueryInterface(Ci.nsIUploadChannel)
+    .setUploadStream(uploadStream, "", -1);
+  chan.asyncOpen(new ChannelListener(headerStreamObserver, null));
+}
+
+function headerStreamObserver(request, buffer) {
+  Assert.equal(buffer, requestBody);
+  httpserver.stop(do_test_finished);
+}
+
+function run_test() {
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/redirect", redirectHandler);
+  httpserver.registerPathHandler("/content", contentHandler);
+  httpserver.start(-1);
+
+  Services.prefs.setBoolPref("network.http.prompt-temp-redirect", false);
+
+  var chan = make_channel(noRedirectURI);
+  var uploadStream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  uploadStream.setData(requestBody, requestBody.length);
+  chan
+    .QueryInterface(Ci.nsIUploadChannel)
+    .setUploadStream(uploadStream, "text/plain", -1);
+  chan.asyncOpen(new ChannelListener(noRedirectStreamObserver, null));
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_421.js b/netwerk/test/unit/test_421.js
new file mode 100644
index 0000000000..680973384e
--- /dev/null
+++ b/netwerk/test/unit/test_421.js
@@ -0,0 +1,65 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var testpath = "/421";
+var httpbody = "0123456789";
+var channel;
+
+function run_test() {
+  setup_test();
+  do_test_pending();
+}
+
+function setup_test() {
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.start(-1);
+
+  channel = setupChannel(testpath);
+
+  channel.asyncOpen(new ChannelListener(checkRequestResponse, channel));
+}
+
+function setupChannel(path) {
+  var chan = NetUtil.newChannel({
+    uri: URL + path,
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.requestMethod = "GET";
+  return chan;
+}
+
+var iters = 0;
+
+function serverHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+
+  if (!iters) {
+    response.setStatusLine("1.1", 421, "Not Authoritative " + iters);
+  } else {
+    response.setStatusLine("1.1", 200, "OK");
+  }
+  ++iters;
+
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function checkRequestResponse(request, data, context) {
+  Assert.equal(channel.responseStatus, 200);
+  Assert.equal(channel.responseStatusText, "OK");
+  Assert.ok(channel.requestSucceeded);
+
+  Assert.equal(channel.contentType, "text/plain");
+  Assert.equal(channel.contentLength, httpbody.length);
+  Assert.equal(data, httpbody);
+
+  httpserver.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_MIME_params.js b/netwerk/test/unit/test_MIME_params.js
new file mode 100644
index 0000000000..bebd5cb39b
--- /dev/null
+++ b/netwerk/test/unit/test_MIME_params.js
@@ -0,0 +1,798 @@
+/**
+ * Tests for parsing header fields using the syntax used in
+ * Content-Disposition and Content-Type
+ *
+ * See also https://bugzilla.mozilla.org/show_bug.cgi?id=609667
+ */
+
+"use strict";
+
+var BS = "\\";
+var DQUOTE = '"';
+
+// Test array:
+//  - element 0: "Content-Disposition" header to test
+//  under MIME (email):
+//  - element 1: correct value returned for disposition-type (empty param name)
+//  - element 2: correct value for filename returned
+//  under HTTP:
+// (currently supports continuations; expected results without continuations
+// are commented out for now)
+//  - element 3: correct value returned for disposition-type (empty param name)
+//  - element 4: correct value for filename returned
+//
+// 3 and 4 may be left out if they are identical
+
+var tests = [
+  // No filename parameter: return nothing
+  ["attachment;", "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // basic
+  ["attachment; filename=basic", "attachment", "basic"],
+
+  // extended
+  ["attachment; filename*=UTF-8''extended", "attachment", "extended"],
+
+  // prefer extended to basic (bug 588781)
+  [
+    "attachment; filename=basic; filename*=UTF-8''extended",
+    "attachment",
+    "extended",
+  ],
+
+  // prefer extended to basic (bug 588781)
+  [
+    "attachment; filename*=UTF-8''extended; filename=basic",
+    "attachment",
+    "extended",
+  ],
+
+  // use first basic value (invalid; error recovery)
+  ["attachment; filename=first; filename=wrong", "attachment", "first"],
+
+  // old school bad HTTP servers: missing 'attachment' or 'inline'
+  // (invalid; error recovery)
+  ["filename=old", "filename=old", "old"],
+
+  ["attachment; filename*=UTF-8''extended", "attachment", "extended"],
+
+  // continuations not part of RFC 5987 (bug 610054)
+  [
+    "attachment; filename*0=foo; filename*1=bar",
+    "attachment",
+    "foobar",
+    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
+  ],
+
+  // Return first continuation (invalid; error recovery)
+  [
+    "attachment; filename*0=first; filename*0=wrong; filename=basic",
+    "attachment",
+    "first",
+    /* "attachment", "basic" */
+  ],
+
+  // Only use correctly ordered continuations  (invalid; error recovery)
+  [
+    "attachment; filename*0=first; filename*1=second; filename*0=wrong",
+    "attachment",
+    "firstsecond",
+    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
+  ],
+
+  // prefer continuation to basic (unless RFC 5987)
+  [
+    "attachment; filename=basic; filename*0=foo; filename*1=bar",
+    "attachment",
+    "foobar",
+    /* "attachment", "basic" */
+  ],
+
+  // Prefer extended to basic and/or (broken or not) continuation
+  // (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*0=first; filename*0=wrong; filename*=UTF-8''extended",
+    "attachment",
+    "extended",
+  ],
+
+  // RFC 2231 not clear on correct outcome: we prefer non-continued extended
+  // (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*=UTF-8''extended; filename*0=foo; filename*1=bar",
+    "attachment",
+    "extended",
+  ],
+
+  // Gaps should result in returning only value until gap hit
+  // (invalid; error recovery)
+  [
+    "attachment; filename*0=foo; filename*2=bar",
+    "attachment",
+    "foo",
+    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
+  ],
+
+  // Don't allow leading 0's (*01) (invalid; error recovery)
+  [
+    "attachment; filename*0=foo; filename*01=bar",
+    "attachment",
+    "foo",
+    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
+  ],
+
+  // continuations should prevail over non-extended (unless RFC 5987)
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
+      " filename*1=line;\r\n" +
+      " filename*2*=%20extended",
+    "attachment",
+    "multiline extended",
+    /* "attachment", "basic" */
+  ],
+
+  // Gaps should result in returning only value until gap hit
+  // (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
+      " filename*1=line;\r\n" +
+      " filename*3*=%20extended",
+    "attachment",
+    "multiline",
+    /* "attachment", "basic" */
+  ],
+
+  // First series, only please, and don't slurp up higher elements (*2 in this
+  // case) from later series into earlier one (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''multi;\r\n" +
+      " filename*1=line;\r\n" +
+      " filename*0*=UTF-8''wrong;\r\n" +
+      " filename*1=bad;\r\n" +
+      " filename*2=evil",
+    "attachment",
+    "multiline",
+    /* "attachment", "basic" */
+  ],
+
+  // RFC 2231 not clear on correct outcome: we prefer non-continued extended
+  // (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*0=UTF-8''multi\r\n;" +
+      " filename*=UTF-8''extended;\r\n" +
+      " filename*1=line;\r\n" +
+      " filename*2*=%20extended",
+    "attachment",
+    "extended",
+  ],
+
+  // sneaky: if unescaped, make sure we leave UTF-8'' in value
+  [
+    "attachment; filename*0=UTF-8''unescaped;\r\n" +
+      " filename*1*=%20so%20includes%20UTF-8''%20in%20value",
+    "attachment",
+    "UTF-8''unescaped so includes UTF-8'' in value",
+    /* "attachment", Cr.NS_ERROR_INVALID_ARG */
+  ],
+
+  // sneaky: if unescaped, make sure we leave UTF-8'' in value
+  [
+    "attachment; filename=basic; filename*0=UTF-8''unescaped;\r\n" +
+      " filename*1*=%20so%20includes%20UTF-8''%20in%20value",
+    "attachment",
+    "UTF-8''unescaped so includes UTF-8'' in value",
+    /* "attachment", "basic" */
+  ],
+
+  // Prefer basic over invalid continuation
+  // (invalid; error recovery)
+  [
+    "attachment; filename=basic; filename*1=multi;\r\n" +
+      " filename*2=line;\r\n" +
+      " filename*3*=%20extended",
+    "attachment",
+    "basic",
+  ],
+
+  // support digits over 10
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
+      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
+      " filename*11=b; filename*12=c;filename*13=d;filename*14=e;filename*15=f\r\n",
+    "attachment",
+    "0123456789abcdef",
+    /* "attachment", "basic" */
+  ],
+
+  // support digits over 10 (detect gaps)
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
+      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
+      " filename*11=b; filename*12=c;filename*14=e\r\n",
+    "attachment",
+    "0123456789abc",
+    /* "attachment", "basic" */
+  ],
+
+  // return nothing: invalid
+  // (invalid; error recovery)
+  [
+    "attachment; filename*1=multi;\r\n" +
+      " filename*2=line;\r\n" +
+      " filename*3*=%20extended",
+    "attachment",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+
+  // Bug 272541: Empty disposition type treated as "attachment"
+
+  // sanity check
+  [
+    "attachment; filename=foo.html",
+    "attachment",
+    "foo.html",
+    "attachment",
+    "foo.html",
+  ],
+
+  // the actual bug
+  [
+    "; filename=foo.html",
+    Cr.NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY,
+    "foo.html",
+    Cr.NS_ERROR_FIRST_HEADER_FIELD_COMPONENT_EMPTY,
+    "foo.html",
+  ],
+
+  // regression check, but see bug 671204
+  [
+    "filename=foo.html",
+    "filename=foo.html",
+    "foo.html",
+    "filename=foo.html",
+    "foo.html",
+  ],
+
+  // Bug 384571: RFC 2231 parameters not decoded when appearing in reversed order
+
+  // check ordering
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*1=1; filename*2=2;filename*3=3;filename*4=4;filename*5=5;\r\n" +
+      " filename*6=6; filename*7=7;filename*8=8;filename*9=9;filename*10=a;\r\n" +
+      " filename*11=b; filename*12=c;filename*13=d;filename*15=f;filename*14=e;\r\n",
+    "attachment",
+    "0123456789abcdef",
+    /* "attachment", "basic" */
+  ],
+
+  // check non-digits in sequence numbers
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*1a=1\r\n",
+    "attachment",
+    "0",
+    /* "attachment", "basic" */
+  ],
+
+  // check duplicate sequence numbers
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*0=bad; filename*1=1;\r\n",
+    "attachment",
+    "0",
+    /* "attachment", "basic" */
+  ],
+
+  // check overflow
+  [
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" +
+      " filename*11111111111111111111111111111111111111111111111111111111111=1",
+    "attachment",
+    "0",
+    /* "attachment", "basic" */
+  ],
+
+  // check underflow
+  [
+    // eslint-disable-next-line no-useless-concat
+    "attachment; filename=basic; filename*0*=UTF-8''0;\r\n" + " filename*-1=1",
+    "attachment",
+    "0",
+    /* "attachment", "basic" */
+  ],
+
+  // check mixed token/quoted-string
+  [
+    'attachment; filename=basic; filename*0="0";\r\n' +
+      " filename*1=1;\r\n" +
+      " filename*2*=%32",
+    "attachment",
+    "012",
+    /* "attachment", "basic" */
+  ],
+
+  // check empty sequence number
+  [
+    "attachment; filename=basic; filename**=UTF-8''0\r\n",
+    "attachment",
+    "basic",
+    "attachment",
+    "basic",
+  ],
+
+  // Bug 419157: ensure that a MIME parameter with no charset information
+  // fallbacks to Latin-1
+
+  [
+    "attachment;filename=IT839\x04\xB5(m8)2.pdf;",
+    "attachment",
+    "IT839\u0004\u00b5(m8)2.pdf",
+  ],
+
+  // Bug 588389: unescaping backslashes in quoted string parameters
+
+  // '\"', should be parsed as '"'
+  [
+    "attachment; filename=" + DQUOTE + (BS + DQUOTE) + DQUOTE,
+    "attachment",
+    DQUOTE,
+  ],
+
+  // 'a\"b', should be parsed as 'a"b'
+  [
+    "attachment; filename=" + DQUOTE + "a" + (BS + DQUOTE) + "b" + DQUOTE,
+    "attachment",
+    "a" + DQUOTE + "b",
+  ],
+
+  // '\x', should be parsed as 'x'
+  ["attachment; filename=" + DQUOTE + (BS + "x") + DQUOTE, "attachment", "x"],
+
+  // test empty param (quoted-string)
+  ["attachment; filename=" + DQUOTE + DQUOTE, "attachment", ""],
+
+  // test empty param
+  ["attachment; filename=", "attachment", ""],
+
+  // Bug 601933: RFC 2047 does not apply to parameters (at least in HTTP)
+  [
+    "attachment; filename==?ISO-8859-1?Q?foo-=E4.html?=",
+    "attachment",
+    "foo-\u00e4.html",
+    /* "attachment", "=?ISO-8859-1?Q?foo-=E4.html?=" */
+  ],
+
+  [
+    'attachment; filename="=?ISO-8859-1?Q?foo-=E4.html?="',
+    "attachment",
+    "foo-\u00e4.html",
+    /* "attachment", "=?ISO-8859-1?Q?foo-=E4.html?=" */
+  ],
+
+  // format sent by GMail as of 2012-07-23 (5987 overrides 2047)
+  [
+    "attachment; filename=\"=?ISO-8859-1?Q?foo-=E4.html?=\"; filename*=UTF-8''5987",
+    "attachment",
+    "5987",
+  ],
+
+  // Bug 651185: double quotes around 2231/5987 encoded param
+  // Change reverted to backwards compat issues with various web services,
+  // such as OWA (Bug 703015), plus similar problems in Thunderbird. If this
+  // is tried again in the future, email probably needs to be special-cased.
+
+  // sanity check
+  ["attachment; filename*=utf-8''%41", "attachment", "A"],
+
+  // the actual bug
+  [
+    "attachment; filename*=" + DQUOTE + "utf-8''%41" + DQUOTE,
+    "attachment",
+    "A",
+  ],
+  // previously with the fix for 651185:
+  // "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // Bug 670333: Content-Disposition parser does not require presence of "="
+  // in params
+
+  // sanity check
+  ["attachment; filename*=UTF-8''foo-%41.html", "attachment", "foo-A.html"],
+
+  // the actual bug
+  [
+    "attachment; filename *=UTF-8''foo-%41.html",
+    "attachment",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+
+  // the actual bug, without 2231/5987 encoding
+  ["attachment; filename X", "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // sanity check with WS on both sides
+  ["attachment; filename = foo-A.html", "attachment", "foo-A.html"],
+
+  // Bug 685192: in RFC2231/5987 encoding, a missing charset field should be
+  // treated as error
+
+  // the actual bug
+  ["attachment; filename*=''foo", "attachment", "foo"],
+  // previously with the fix for 692574:
+  // "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // sanity check
+  ["attachment; filename*=a''foo", "attachment", "foo"],
+
+  // Bug 692574: RFC2231/5987 decoding should not tolerate missing single
+  // quotes
+
+  // one missing
+  ["attachment; filename*=UTF-8'foo-%41.html", "attachment", "foo-A.html"],
+  // previously with the fix for 692574:
+  // "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // both missing
+  ["attachment; filename*=foo-%41.html", "attachment", "foo-A.html"],
+  // previously with the fix for 692574:
+  // "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // make sure fallback works
+  [
+    "attachment; filename*=UTF-8'foo-%41.html; filename=bar.html",
+    "attachment",
+    "foo-A.html",
+  ],
+  // previously with the fix for 692574:
+  // "attachment", "bar.html"],
+
+  // Bug 693806: RFC2231/5987 encoding: charset information should be treated
+  // as authoritative
+
+  // UTF-8 labeled ISO-8859-1
+  ["attachment; filename*=ISO-8859-1''%c3%a4", "attachment", "\u00c3\u00a4"],
+
+  // UTF-8 labeled ISO-8859-1, but with octets not allowed in ISO-8859-1
+  // accepts x82, understands it as Win1252, maps it to Unicode \u20a1
+  [
+    "attachment; filename*=ISO-8859-1''%e2%82%ac",
+    "attachment",
+    "\u00e2\u201a\u00ac",
+  ],
+
+  // defective UTF-8
+  ["attachment; filename*=UTF-8''A%e4B", "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // defective UTF-8, with fallback
+  [
+    "attachment; filename*=UTF-8''A%e4B; filename=fallback",
+    "attachment",
+    "fallback",
+  ],
+
+  // defective UTF-8 (continuations), with fallback
+  [
+    "attachment; filename*0*=UTF-8''A%e4B; filename=fallback",
+    "attachment",
+    "fallback",
+  ],
+
+  // check that charsets aren't mixed up
+  [
+    "attachment; filename*0*=ISO-8859-15''euro-sign%3d%a4; filename*=ISO-8859-1''currency-sign%3d%a4",
+    "attachment",
+    "currency-sign=\u00a4",
+  ],
+
+  // same as above, except reversed
+  [
+    "attachment; filename*=ISO-8859-1''currency-sign%3d%a4; filename*0*=ISO-8859-15''euro-sign%3d%a4",
+    "attachment",
+    "currency-sign=\u00a4",
+  ],
+
+  // Bug 704989: add workaround for broken Outlook Web App (OWA)
+  // attachment handling
+
+  ['attachment; filename*="a%20b"', "attachment", "a b"],
+
+  // Bug 717121: crash nsMIMEHeaderParamImpl::DoParameterInternal
+
+  ['attachment; filename="', "attachment", ""],
+
+  // We used to read past string if last param w/o = and ;
+  // Note: was only detected on windows PGO builds
+  ["attachment; filename=foo; trouble", "attachment", "foo"],
+
+  // Same, followed by space, hits another case
+  ["attachment; filename=foo; trouble ", "attachment", "foo"],
+
+  ["attachment", "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // Bug 730574: quoted-string in RFC2231-continuations not handled
+
+  [
+    'attachment; filename=basic; filename*0="foo"; filename*1="\\b\\a\\r.html"',
+    "attachment",
+    "foobar.html",
+    /* "attachment", "basic" */
+  ],
+
+  // unmatched escape char
+  [
+    'attachment; filename=basic; filename*0="foo"; filename*1="\\b\\a\\',
+    "attachment",
+    "fooba\\",
+    /* "attachment", "basic" */
+  ],
+
+  // Bug 732369: Content-Disposition parser does not require presence of ";" between params
+  // optimally, this would not even return the disposition type "attachment"
+
+  [
+    "attachment; extension=bla filename=foo",
+    "attachment",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+
+  // Bug 1440677 - spaces inside filenames ought to be quoted, but too many
+  // servers do the wrong thing and most browsers accept this, so we were
+  // forced to do the same for compat.
+  ["attachment; filename=foo extension=bla", "attachment", "foo extension=bla"],
+
+  ["attachment filename=foo", "attachment", Cr.NS_ERROR_INVALID_ARG],
+
+  // Bug 777687: handling of broken %escapes
+
+  ["attachment; filename*=UTF-8''f%oo; filename=bar", "attachment", "bar"],
+
+  ["attachment; filename*=UTF-8''foo%; filename=bar", "attachment", "bar"],
+
+  // Bug 783502 - xpcshell test netwerk/test/unit/test_MIME_params.js fails on AddressSanitizer
+  ['attachment; filename="\\b\\a\\', "attachment", "ba\\"],
+
+  // Bug 1412213 - do continue to parse, behind an empty parameter
+  ["attachment; ; filename=foo", "attachment", "foo"],
+
+  // Bug 1412213 - do continue to parse, behind a parameter w/o =
+  ["attachment; badparameter; filename=foo", "attachment", "foo"],
+
+  // Bug 1440677 - spaces inside filenames ought to be quoted, but too many
+  // servers do the wrong thing and most browsers accept this, so we were
+  // forced to do the same for compat.
+  ["attachment; filename=foo bar.html", "attachment", "foo bar.html"],
+  // Note: we keep the tab character, but later validation will replace with a space,
+  // as file systems do not like tab characters.
+  ["attachment; filename=foo\tbar.html", "attachment", "foo\tbar.html"],
+  // Newlines get stripped completely (in practice, http header parsing may
+  // munge these into spaces before they get to us, but we should check we deal
+  // with them either way):
+  ["attachment; filename=foo\nbar.html", "attachment", "foobar.html"],
+  ["attachment; filename=foo\r\nbar.html", "attachment", "foobar.html"],
+  ["attachment; filename=foo\rbar.html", "attachment", "foobar.html"],
+
+  // Trailing rubbish shouldn't matter:
+  ["attachment; filename=foo bar; garbage", "attachment", "foo bar"],
+  ["attachment; filename=foo bar; extension=blah", "attachment", "foo bar"],
+
+  // Check that whitespace processing can't crash.
+  ["attachment; filename =      ", "attachment", ""],
+
+  // Bug 1784348
+  [
+    "attachment; filename=foo.exe\0.pdf",
+    Cr.NS_ERROR_ILLEGAL_VALUE,
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    "attachment; filename=\0\0foo\0",
+    Cr.NS_ERROR_ILLEGAL_VALUE,
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  ["attachment; filename=foo\0\0\0", "attachment", "foo"],
+  ["attachment; filename=\0\0\0", "attachment", ""],
+];
+
+var rfc5987paramtests = [
+  [
+    // basic test
+    "UTF-8'language'value",
+    "value",
+    "language",
+    Cr.NS_OK,
+  ],
+  [
+    // percent decoding
+    "UTF-8''1%202",
+    "1 2",
+    "",
+    Cr.NS_OK,
+  ],
+  [
+    // UTF-8
+    "UTF-8''%c2%a3%20and%20%e2%82%ac%20rates",
+    "\u00a3 and \u20ac rates",
+    "",
+    Cr.NS_OK,
+  ],
+  [
+    // missing charset
+    "''abc",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // ISO-8859-1: unsupported
+    "ISO-8859-1''%A3%20rates",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // unknown charset
+    "foo''abc",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // missing component
+    "abc",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // missing component
+    "'abc",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // illegal chars
+    "UTF-8''a b",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // broken % escapes
+    "UTF-8''a%zz",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // broken % escapes
+    "UTF-8''a%b",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // broken % escapes
+    "UTF-8''a%",
+    "",
+    "",
+    Cr.NS_ERROR_INVALID_ARG,
+  ],
+  [
+    // broken UTF-8
+    "UTF-8''%A3%20rates",
+    "",
+    "",
+    0x8050000e /* NS_ERROR_UDEC_ILLEGALINPUT */,
+  ],
+];
+
+function do_tests(whichRFC) {
+  var mhp = Cc["@mozilla.org/network/mime-hdrparam;1"].getService(
+    Ci.nsIMIMEHeaderParam
+  );
+
+  var unused = { value: null };
+
+  for (var i = 0; i < tests.length; ++i) {
+    dump("Testing #" + i + ": " + tests[i] + "\n");
+
+    // check disposition type
+    var expectedDt =
+      tests[i].length == 3 || whichRFC == 0 ? tests[i][1] : tests[i][3];
+
+    try {
+      let result;
+
+      if (whichRFC == 0) {
+        result = mhp.getParameter(tests[i][0], "", "UTF-8", true, unused);
+      } else {
+        result = mhp.getParameterHTTP(tests[i][0], "", "UTF-8", true, unused);
+      }
+
+      Assert.equal(result, expectedDt);
+    } catch (e) {
+      // Tests can also succeed by expecting to fail with given error code
+      if (e.result) {
+        // Allow following tests to run by catching exception from do_check_eq()
+        try {
+          Assert.equal(e.result, expectedDt);
+        } catch (e1) {}
+      }
+      continue;
+    }
+
+    // check filename parameter
+    var expectedFn =
+      tests[i].length == 3 || whichRFC == 0 ? tests[i][2] : tests[i][4];
+
+    try {
+      let result;
+
+      if (whichRFC == 0) {
+        result = mhp.getParameter(
+          tests[i][0],
+          "filename",
+          "UTF-8",
+          true,
+          unused
+        );
+      } else {
+        result = mhp.getParameterHTTP(
+          tests[i][0],
+          "filename",
+          "UTF-8",
+          true,
+          unused
+        );
+      }
+
+      Assert.equal(result, expectedFn);
+    } catch (e) {
+      // Tests can also succeed by expecting to fail with given error code
+      if (e.result) {
+        // Allow following tests to run by catching exception from do_check_eq()
+        try {
+          Assert.equal(e.result, expectedFn);
+        } catch (e1) {}
+      }
+      continue;
+    }
+  }
+}
+
+function test_decode5987Param() {
+  var mhp = Cc["@mozilla.org/network/mime-hdrparam;1"].getService(
+    Ci.nsIMIMEHeaderParam
+  );
+
+  for (var i = 0; i < rfc5987paramtests.length; ++i) {
+    dump("Testing #" + i + ": " + rfc5987paramtests[i] + "\n");
+
+    var lang = {};
+    try {
+      var decoded = mhp.decodeRFC5987Param(rfc5987paramtests[i][0], lang);
+      if (rfc5987paramtests[i][3] == Cr.NS_OK) {
+        Assert.equal(rfc5987paramtests[i][1], decoded);
+        Assert.equal(rfc5987paramtests[i][2], lang.value);
+      } else {
+        Assert.equal(rfc5987paramtests[i][3], "instead got: " + decoded);
+      }
+    } catch (e) {
+      Assert.equal(rfc5987paramtests[i][3], e.result);
+    }
+  }
+}
+
+function run_test() {
+  // Test RFC 2231 (complete header field values)
+  do_tests(0);
+
+  // Test RFC 5987 (complete header field values)
+  do_tests(1);
+
+  // tests for RFC5987 parameter parsing
+  test_decode5987Param();
+}
diff --git a/netwerk/test/unit/test_NetUtil.js b/netwerk/test/unit/test_NetUtil.js
new file mode 100644
index 0000000000..624e35f30e
--- /dev/null
+++ b/netwerk/test/unit/test_NetUtil.js
@@ -0,0 +1,804 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2 et
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This file tests the methods on NetUtil.jsm.
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+// We need the profile directory so the test harness will clean up our test
+// files.
+do_get_profile();
+
+const OUTPUT_STREAM_CONTRACT_ID = "@mozilla.org/network/file-output-stream;1";
+const SAFE_OUTPUT_STREAM_CONTRACT_ID =
+  "@mozilla.org/network/safe-file-output-stream;1";
+
+////////////////////////////////////////////////////////////////////////////////
+//// Helper Methods
+
+/**
+ * Reads the contents of a file and returns it as a string.
+ *
+ * @param aFile
+ *        The file to return from.
+ * @return the contents of the file in the form of a string.
+ */
+function getFileContents(aFile) {
+  "use strict";
+
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fstream.init(aFile, -1, 0, 0);
+
+  let cstream = Cc["@mozilla.org/intl/converter-input-stream;1"].createInstance(
+    Ci.nsIConverterInputStream
+  );
+  cstream.init(fstream, "UTF-8", 0, 0);
+
+  let string = {};
+  cstream.readString(-1, string);
+  cstream.close();
+  return string.value;
+}
+
+/**
+ * Tests asynchronously writing a file using NetUtil.asyncCopy.
+ *
+ * @param aContractId
+ *        The contract ID to use for the output stream
+ * @param aDeferOpen
+ *        Whether to use DEFER_OPEN in the output stream.
+ */
+function async_write_file(aContractId, aDeferOpen) {
+  do_test_pending();
+
+  // First, we need an output file to write to.
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append("NetUtil-async-test-file.tmp");
+  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+  // Then, we need an output stream to our output file.
+  let ostream = Cc[aContractId].createInstance(Ci.nsIFileOutputStream);
+  ostream.init(
+    file,
+    -1,
+    -1,
+    aDeferOpen ? Ci.nsIFileOutputStream.DEFER_OPEN : 0
+  );
+
+  // Finally, we need an input stream to take data from.
+  const TEST_DATA = "this is a test string";
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  istream.setData(TEST_DATA, TEST_DATA.length);
+
+  NetUtil.asyncCopy(istream, ostream, function (aResult) {
+    // Make sure the copy was successful!
+    Assert.ok(Components.isSuccessCode(aResult));
+
+    // Check the file contents.
+    Assert.equal(TEST_DATA, getFileContents(file));
+
+    // Finish the test.
+    do_test_finished();
+    run_next_test();
+  });
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//// Tests
+
+// Test NetUtil.asyncCopy for all possible buffering scenarios
+function test_async_copy() {
+  // Create a data sample
+  function make_sample(text) {
+    let data = [];
+    for (let i = 0; i <= 100; ++i) {
+      data.push(text);
+    }
+    return data.join();
+  }
+
+  // Create an input buffer holding some data
+  function make_input(isBuffered, data) {
+    if (isBuffered) {
+      // String input streams are buffered
+      let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+        Ci.nsIStringInputStream
+      );
+      istream.setData(data, data.length);
+      return istream;
+    }
+
+    // File input streams are not buffered, so let's create a file
+    let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+    file.append("NetUtil-asyncFetch-test-file.tmp");
+    file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+    let ostream = Cc[
+      "@mozilla.org/network/file-output-stream;1"
+    ].createInstance(Ci.nsIFileOutputStream);
+    ostream.init(file, -1, -1, 0);
+    ostream.write(data, data.length);
+    ostream.close();
+
+    let istream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+      Ci.nsIFileInputStream
+    );
+    istream.init(file, -1, 0, 0);
+
+    return istream;
+  }
+
+  // Create an output buffer holding some data
+  function make_output(isBuffered) {
+    let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+    file.append("NetUtil-asyncFetch-test-file.tmp");
+    file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+    let ostream = Cc[
+      "@mozilla.org/network/file-output-stream;1"
+    ].createInstance(Ci.nsIFileOutputStream);
+    ostream.init(file, -1, -1, 0);
+
+    if (!isBuffered) {
+      return { file, sink: ostream };
+    }
+
+    let bstream = Cc[
+      "@mozilla.org/network/buffered-output-stream;1"
+    ].createInstance(Ci.nsIBufferedOutputStream);
+    bstream.init(ostream, 256);
+    return { file, sink: bstream };
+  }
+  (async function () {
+    do_test_pending();
+    for (let bufferedInput of [true, false]) {
+      for (let bufferedOutput of [true, false]) {
+        let text =
+          "test_async_copy with " +
+          (bufferedInput ? "buffered input" : "unbuffered input") +
+          ", " +
+          (bufferedOutput ? "buffered output" : "unbuffered output");
+        info(text);
+        let TEST_DATA = "[" + make_sample(text) + "]";
+        let source = make_input(bufferedInput, TEST_DATA);
+        let { file, sink } = make_output(bufferedOutput);
+        let result = await new Promise(resolve => {
+          NetUtil.asyncCopy(source, sink, resolve);
+        });
+
+        // Make sure the copy was successful!
+        if (!Components.isSuccessCode(result)) {
+          do_throw(new Components.Exception("asyncCopy error", result));
+        }
+
+        // Check the file contents.
+        Assert.equal(TEST_DATA, getFileContents(file));
+      }
+    }
+
+    do_test_finished();
+    run_next_test();
+  })();
+}
+
+function test_async_write_file() {
+  async_write_file(OUTPUT_STREAM_CONTRACT_ID);
+}
+
+function test_async_write_file_deferred() {
+  async_write_file(OUTPUT_STREAM_CONTRACT_ID, true);
+}
+
+function test_async_write_file_safe() {
+  async_write_file(SAFE_OUTPUT_STREAM_CONTRACT_ID);
+}
+
+function test_async_write_file_safe_deferred() {
+  async_write_file(SAFE_OUTPUT_STREAM_CONTRACT_ID, true);
+}
+
+function test_newURI_no_spec_throws() {
+  try {
+    NetUtil.newURI();
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_newURI() {
+  // Check that we get the same URI back from the IO service and the utility
+  // method.
+  const TEST_URI = "http://mozilla.org";
+  let iosURI = Services.io.newURI(TEST_URI);
+  let NetUtilURI = NetUtil.newURI(TEST_URI);
+  Assert.ok(iosURI.equals(NetUtilURI));
+
+  run_next_test();
+}
+
+function test_newURI_takes_nsIFile() {
+  // Create a test file that we can pass into NetUtil.newURI
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append("NetUtil-test-file.tmp");
+
+  // Check that we get the same URI back from the IO service and the utility
+  // method.
+  let iosURI = Services.io.newFileURI(file);
+  let NetUtilURI = NetUtil.newURI(file);
+  Assert.ok(iosURI.equals(NetUtilURI));
+
+  run_next_test();
+}
+
+function test_asyncFetch_no_channel() {
+  try {
+    NetUtil.asyncFetch(null, function () {});
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_asyncFetch_no_callback() {
+  try {
+    NetUtil.asyncFetch({});
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_asyncFetch_with_nsIChannel() {
+  const TEST_DATA = "this is a test string";
+
+  // Start the http server, and register our handler.
+  let server = new HttpServer();
+  server.registerPathHandler("/test", function (aRequest, aResponse) {
+    aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "text/plain", false);
+    aResponse.write(TEST_DATA);
+  });
+  server.start(-1);
+
+  // Create our channel.
+  let channel = NetUtil.newChannel({
+    uri: "http://localhost:" + server.identity.primaryPort + "/test",
+    loadUsingSystemPrincipal: true,
+  });
+
+  // Open our channel asynchronously.
+  NetUtil.asyncFetch(channel, function (aInputStream, aResult) {
+    // Check that we had success.
+    Assert.ok(Components.isSuccessCode(aResult));
+
+    // Check that we got the right data.
+    Assert.equal(aInputStream.available(), TEST_DATA.length);
+    let is = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+      Ci.nsIScriptableInputStream
+    );
+    is.init(aInputStream);
+    let result = is.read(TEST_DATA.length);
+    Assert.equal(TEST_DATA, result);
+
+    server.stop(run_next_test);
+  });
+}
+
+function test_asyncFetch_with_nsIURI() {
+  const TEST_DATA = "this is a test string";
+
+  // Start the http server, and register our handler.
+  let server = new HttpServer();
+  server.registerPathHandler("/test", function (aRequest, aResponse) {
+    aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "text/plain", false);
+    aResponse.write(TEST_DATA);
+  });
+  server.start(-1);
+
+  // Create our URI.
+  let uri = NetUtil.newURI(
+    "http://localhost:" + server.identity.primaryPort + "/test"
+  );
+
+  // Open our URI asynchronously.
+  NetUtil.asyncFetch(
+    {
+      uri,
+      loadUsingSystemPrincipal: true,
+    },
+    function (aInputStream, aResult) {
+      // Check that we had success.
+      Assert.ok(Components.isSuccessCode(aResult));
+
+      // Check that we got the right data.
+      Assert.equal(aInputStream.available(), TEST_DATA.length);
+      let is = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+        Ci.nsIScriptableInputStream
+      );
+      is.init(aInputStream);
+      let result = is.read(TEST_DATA.length);
+      Assert.equal(TEST_DATA, result);
+
+      server.stop(run_next_test);
+    },
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+}
+
+function test_asyncFetch_with_string() {
+  const TEST_DATA = "this is a test string";
+
+  // Start the http server, and register our handler.
+  let server = new HttpServer();
+  server.registerPathHandler("/test", function (aRequest, aResponse) {
+    aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "text/plain", false);
+    aResponse.write(TEST_DATA);
+  });
+  server.start(-1);
+
+  // Open our location asynchronously.
+  NetUtil.asyncFetch(
+    {
+      uri: "http://localhost:" + server.identity.primaryPort + "/test",
+      loadUsingSystemPrincipal: true,
+    },
+    function (aInputStream, aResult) {
+      // Check that we had success.
+      Assert.ok(Components.isSuccessCode(aResult));
+
+      // Check that we got the right data.
+      Assert.equal(aInputStream.available(), TEST_DATA.length);
+      let is = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+        Ci.nsIScriptableInputStream
+      );
+      is.init(aInputStream);
+      let result = is.read(TEST_DATA.length);
+      Assert.equal(TEST_DATA, result);
+
+      server.stop(run_next_test);
+    },
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+}
+
+function test_asyncFetch_with_nsIFile() {
+  const TEST_DATA = "this is a test string";
+
+  // First we need a file to read from.
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append("NetUtil-asyncFetch-test-file.tmp");
+  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+  // Write the test data to the file.
+  let ostream = Cc["@mozilla.org/network/file-output-stream;1"].createInstance(
+    Ci.nsIFileOutputStream
+  );
+  ostream.init(file, -1, -1, 0);
+  ostream.write(TEST_DATA, TEST_DATA.length);
+
+  // Sanity check to make sure the data was written.
+  Assert.equal(TEST_DATA, getFileContents(file));
+
+  // Open our file asynchronously.
+  // Note that this causes main-tread I/O and should be avoided in production.
+  NetUtil.asyncFetch(
+    {
+      uri: NetUtil.newURI(file),
+      loadUsingSystemPrincipal: true,
+    },
+    function (aInputStream, aResult) {
+      // Check that we had success.
+      Assert.ok(Components.isSuccessCode(aResult));
+
+      // Check that we got the right data.
+      Assert.equal(aInputStream.available(), TEST_DATA.length);
+      let is = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+        Ci.nsIScriptableInputStream
+      );
+      is.init(aInputStream);
+      let result = is.read(TEST_DATA.length);
+      Assert.equal(TEST_DATA, result);
+
+      run_next_test();
+    },
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+}
+
+function test_asyncFetch_with_nsIInputString() {
+  const TEST_DATA = "this is a test string";
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  istream.setData(TEST_DATA, TEST_DATA.length);
+
+  // Read the input stream asynchronously.
+  NetUtil.asyncFetch(
+    istream,
+    function (aInputStream, aResult) {
+      // Check that we had success.
+      Assert.ok(Components.isSuccessCode(aResult));
+
+      // Check that we got the right data.
+      Assert.equal(aInputStream.available(), TEST_DATA.length);
+      Assert.equal(
+        NetUtil.readInputStreamToString(aInputStream, TEST_DATA.length),
+        TEST_DATA
+      );
+
+      run_next_test();
+    },
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+}
+
+function test_asyncFetch_does_not_block() {
+  // Create our channel that has no data.
+  let channel = NetUtil.newChannel({
+    uri: "data:text/plain,",
+    loadUsingSystemPrincipal: true,
+  });
+
+  // Open our channel asynchronously.
+  NetUtil.asyncFetch(channel, function (aInputStream, aResult) {
+    // Check that we had success.
+    Assert.ok(Components.isSuccessCode(aResult));
+
+    // Check that reading a byte throws that the stream was closed (as opposed
+    // saying it would block).
+    let is = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+      Ci.nsIScriptableInputStream
+    );
+    is.init(aInputStream);
+    try {
+      is.read(1);
+      do_throw("should throw!");
+    } catch (e) {
+      Assert.equal(e.result, Cr.NS_BASE_STREAM_CLOSED);
+    }
+
+    run_next_test();
+  });
+}
+
+function test_newChannel_no_specifier() {
+  try {
+    NetUtil.newChannel();
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_newChannel_with_string() {
+  const TEST_SPEC = "http://mozilla.org";
+
+  // Check that we get the same URI back from channel the IO service creates and
+  // the channel the utility method creates.
+  let iosChannel = Services.io.newChannel(
+    TEST_SPEC,
+    null,
+    null,
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+  let NetUtilChannel = NetUtil.newChannel({
+    uri: TEST_SPEC,
+    loadUsingSystemPrincipal: true,
+  });
+  Assert.ok(iosChannel.URI.equals(NetUtilChannel.URI));
+
+  run_next_test();
+}
+
+function test_newChannel_with_nsIURI() {
+  const TEST_SPEC = "http://mozilla.org";
+
+  // Check that we get the same URI back from channel the IO service creates and
+  // the channel the utility method creates.
+  let uri = NetUtil.newURI(TEST_SPEC);
+  let iosChannel = Services.io.newChannelFromURI(
+    uri,
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+  let NetUtilChannel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  });
+  Assert.ok(iosChannel.URI.equals(NetUtilChannel.URI));
+
+  run_next_test();
+}
+
+function test_newChannel_with_options() {
+  let uri = "data:text/plain,";
+
+  let iosChannel = Services.io.newChannelFromURI(
+    NetUtil.newURI(uri),
+    null, // aLoadingNode
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+
+  function checkEqualToIOSChannel(channel) {
+    Assert.ok(iosChannel.URI.equals(channel.URI));
+  }
+
+  checkEqualToIOSChannel(
+    NetUtil.newChannel({
+      uri,
+      loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+    })
+  );
+
+  checkEqualToIOSChannel(
+    NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+    })
+  );
+
+  run_next_test();
+}
+
+function test_newChannel_with_wrong_options() {
+  let uri = "data:text/plain,";
+  let systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
+
+  Assert.throws(() => {
+    NetUtil.newChannel({ uri, loadUsingSystemPrincipal: true }, null, null);
+  }, /requires a single object argument/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({ loadUsingSystemPrincipal: true });
+  }, /requires the 'uri' property/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({ uri, loadingNode: true });
+  }, /requires the 'securityFlags'/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({ uri, securityFlags: 0 });
+  }, /requires at least one of the 'loadingNode'/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({
+      uri,
+      loadingPrincipal: systemPrincipal,
+      securityFlags: 0,
+    });
+  }, /requires the 'contentPolicyType'/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: systemPrincipal,
+    });
+  }, /to be 'true' or 'undefined'/);
+
+  Assert.throws(() => {
+    NetUtil.newChannel({
+      uri,
+      loadingPrincipal: systemPrincipal,
+      loadUsingSystemPrincipal: true,
+    });
+  }, /does not accept 'loadUsingSystemPrincipal'/);
+
+  run_next_test();
+}
+
+function test_readInputStreamToString() {
+  const TEST_DATA = "this is a test string\0 with an embedded null";
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsISupportsCString
+  );
+  istream.data = TEST_DATA;
+
+  Assert.equal(
+    NetUtil.readInputStreamToString(istream, TEST_DATA.length),
+    TEST_DATA
+  );
+
+  run_next_test();
+}
+
+function test_readInputStreamToString_no_input_stream() {
+  try {
+    NetUtil.readInputStreamToString("hi", 2);
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_readInputStreamToString_no_bytes_arg() {
+  const TEST_DATA = "this is a test string";
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  istream.setData(TEST_DATA, TEST_DATA.length);
+
+  try {
+    NetUtil.readInputStreamToString(istream);
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INVALID_ARG);
+  }
+
+  run_next_test();
+}
+
+function test_readInputStreamToString_blocking_stream() {
+  let pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
+  pipe.init(true, true, 0, 0, null);
+
+  try {
+    NetUtil.readInputStreamToString(pipe.inputStream, 10);
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_BASE_STREAM_WOULD_BLOCK);
+  }
+  run_next_test();
+}
+
+function test_readInputStreamToString_too_many_bytes() {
+  const TEST_DATA = "this is a test string";
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  istream.setData(TEST_DATA, TEST_DATA.length);
+
+  try {
+    NetUtil.readInputStreamToString(istream, TEST_DATA.length + 10);
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_FAILURE);
+  }
+
+  run_next_test();
+}
+
+function test_readInputStreamToString_with_charset() {
+  const TEST_DATA = "\uff10\uff11\uff12\uff13";
+  const TEST_DATA_UTF8 = "\xef\xbc\x90\xef\xbc\x91\xef\xbc\x92\xef\xbc\x93";
+  const TEST_DATA_SJIS = "\x82\x4f\x82\x50\x82\x51\x82\x52";
+
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+
+  istream.setData(TEST_DATA_UTF8, TEST_DATA_UTF8.length);
+  Assert.equal(
+    NetUtil.readInputStreamToString(istream, TEST_DATA_UTF8.length, {
+      charset: "UTF-8",
+    }),
+    TEST_DATA
+  );
+
+  istream.setData(TEST_DATA_SJIS, TEST_DATA_SJIS.length);
+  Assert.equal(
+    NetUtil.readInputStreamToString(istream, TEST_DATA_SJIS.length, {
+      charset: "Shift_JIS",
+    }),
+    TEST_DATA
+  );
+
+  run_next_test();
+}
+
+function test_readInputStreamToString_invalid_sequence() {
+  const TEST_DATA = "\ufffd\ufffd\ufffd\ufffd";
+  const TEST_DATA_UTF8 = "\xaa\xaa\xaa\xaa";
+
+  let istream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+
+  istream.setData(TEST_DATA_UTF8, TEST_DATA_UTF8.length);
+  try {
+    NetUtil.readInputStreamToString(istream, TEST_DATA_UTF8.length, {
+      charset: "UTF-8",
+    });
+    do_throw("should throw!");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_INPUT);
+  }
+
+  istream.setData(TEST_DATA_UTF8, TEST_DATA_UTF8.length);
+  Assert.equal(
+    NetUtil.readInputStreamToString(istream, TEST_DATA_UTF8.length, {
+      charset: "UTF-8",
+      replacement: Ci.nsIConverterInputStream.DEFAULT_REPLACEMENT_CHARACTER,
+    }),
+    TEST_DATA
+  );
+
+  run_next_test();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//// Test Runner
+
+[
+  test_async_copy,
+  test_async_write_file,
+  test_async_write_file_deferred,
+  test_async_write_file_safe,
+  test_async_write_file_safe_deferred,
+  test_newURI_no_spec_throws,
+  test_newURI,
+  test_newURI_takes_nsIFile,
+  test_asyncFetch_no_channel,
+  test_asyncFetch_no_callback,
+  test_asyncFetch_with_nsIChannel,
+  test_asyncFetch_with_nsIURI,
+  test_asyncFetch_with_string,
+  test_asyncFetch_with_nsIFile,
+  test_asyncFetch_with_nsIInputString,
+  test_asyncFetch_does_not_block,
+  test_newChannel_no_specifier,
+  test_newChannel_with_string,
+  test_newChannel_with_nsIURI,
+  test_newChannel_with_options,
+  test_newChannel_with_wrong_options,
+  test_readInputStreamToString,
+  test_readInputStreamToString_no_input_stream,
+  test_readInputStreamToString_no_bytes_arg,
+  test_readInputStreamToString_blocking_stream,
+  test_readInputStreamToString_too_many_bytes,
+  test_readInputStreamToString_with_charset,
+  test_readInputStreamToString_invalid_sequence,
+].forEach(f => add_test(f));
diff --git a/netwerk/test/unit/test_SuperfluousAuth.js b/netwerk/test/unit/test_SuperfluousAuth.js
new file mode 100644
index 0000000000..2766b00c4c
--- /dev/null
+++ b/netwerk/test/unit/test_SuperfluousAuth.js
@@ -0,0 +1,101 @@
+/*
+
+Create two http requests with the same URL in which has a user name. We allow
+first http request to be loaded and saved in the cache, so the second request
+will be served from the cache. However, we disallow loading by returning 1
+in the prompt service. In the end, the second request will be failed.
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://foo@localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+const gMockPromptService = {
+  firstTimeCalled: false,
+  confirmExBC() {
+    if (!this.firstTimeCalled) {
+      this.firstTimeCalled = true;
+      return 0;
+    }
+
+    return 1;
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIPromptService"]),
+};
+
+var gMockPromptServiceCID = MockRegistrar.register(
+  "@mozilla.org/prompter;1",
+  gMockPromptService
+);
+
+registerCleanupFunction(() => {
+  MockRegistrar.unregister(gMockPromptServiceCID);
+});
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+const responseBody = "body";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  do_get_profile();
+
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = makeChan(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = makeChan(URL + "/content");
+    chan2.asyncOpen(
+      new ChannelListener(secondTimeThrough, null, CL_EXPECT_FAILURE)
+    );
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+  Assert.ok(gMockPromptService.firstTimeCalled, "Prompt service invoked");
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(request.status, Cr.NS_ERROR_SUPERFLUOS_AUTH);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_URIs.js b/netwerk/test/unit/test_URIs.js
new file mode 100644
index 0000000000..548ecd5535
--- /dev/null
+++ b/netwerk/test/unit/test_URIs.js
@@ -0,0 +1,996 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Run by: cd objdir;  make -C netwerk/test/ xpcshell-tests
+// or: cd objdir; make SOLO_FILE="test_URIs.js" -C netwerk/test/ check-one
+
+// See also test_URIs2.js.
+
+// Relevant RFCs: 1738, 1808, 2396, 3986 (newer than the code)
+// http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.5.4
+// http://greenbytes.de/tech/tc/uris/
+
+Services.prefs.setBoolPref("network.url.useDefaultURI", true);
+
+// TEST DATA
+// ---------
+var gTests = [
+  {
+    spec: "about:blank",
+    scheme: "about",
+    prePath: "about:",
+    pathQueryRef: "blank",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: true,
+    immutable: true,
+  },
+  {
+    spec: "about:foobar",
+    scheme: "about",
+    prePath: "about:",
+    pathQueryRef: "foobar",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+    immutable: true,
+  },
+  {
+    spec: "chrome://foobar/somedir/somefile.xml",
+    scheme: "chrome",
+    prePath: "chrome://foobar",
+    pathQueryRef: "/somedir/somefile.xml",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+    immutable: true,
+  },
+  {
+    spec: "data:text/html;charset=utf-8,",
+    scheme: "data",
+    prePath: "data:",
+    pathQueryRef: "text/html;charset=utf-8,",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "data:text/html;charset=utf-8,\r\n\t",
+    scheme: "data",
+    prePath: "data:",
+    pathQueryRef: "text/html;charset=utf-8,",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "data:text/plain,hello%20world",
+    scheme: "data",
+    prePath: "data:",
+    pathQueryRef: "text/plain,hello%20world",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "data:text/plain,hello world",
+    scheme: "data",
+    prePath: "data:",
+    pathQueryRef: "text/plain,hello world",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file:///dir/afile",
+    scheme: "data",
+    prePath: "data:",
+    pathQueryRef: "text/plain,2",
+    ref: "",
+    relativeURI: "data:te\nxt/plain,2",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file://",
+    scheme: "file",
+    prePath: "file://",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file:///",
+    scheme: "file",
+    prePath: "file://",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file:///myFile.html",
+    scheme: "file",
+    prePath: "file://",
+    pathQueryRef: "/myFile.html",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file:///dir/afile",
+    scheme: "file",
+    prePath: "file://",
+    pathQueryRef: "/dir/data/text/plain,2",
+    ref: "",
+    relativeURI: "data/text/plain,2",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "file:///dir/dir2/",
+    scheme: "file",
+    prePath: "file://",
+    pathQueryRef: "/dir/dir2/data/text/plain,2",
+    ref: "",
+    relativeURI: "data/text/plain,2",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "ftp://ftp.mozilla.org/pub/mozilla.org/README",
+    scheme: "ftp",
+    prePath: "ftp://ftp.mozilla.org",
+    pathQueryRef: "/pub/mozilla.org/README",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "ftp://foo:bar@ftp.mozilla.org:100/pub/mozilla.org/README",
+    scheme: "ftp",
+    prePath: "ftp://foo:bar@ftp.mozilla.org:100",
+    port: 100,
+    username: "foo",
+    password: "bar",
+    pathQueryRef: "/pub/mozilla.org/README",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "ftp://foo:@ftp.mozilla.org:100/pub/mozilla.org/README",
+    scheme: "ftp",
+    prePath: "ftp://foo@ftp.mozilla.org:100",
+    port: 100,
+    username: "foo",
+    password: "",
+    pathQueryRef: "/pub/mozilla.org/README",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  //Bug 706249
+  {
+    spec: "gopher://mozilla.org/",
+    scheme: "gopher",
+    prePath: "gopher://mozilla.org",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://www.example.com/",
+    scheme: "http",
+    prePath: "http://www.example.com",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://www.exa\nmple.com/",
+    scheme: "http",
+    prePath: "http://www.example.com",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://10.32.4.239/",
+    scheme: "http",
+    prePath: "http://10.32.4.239",
+    host: "10.32.4.239",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://[::192.9.5.5]/ipng",
+    scheme: "http",
+    prePath: "http://[::c009:505]",
+    host: "::c009:505",
+    pathQueryRef: "/ipng",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://[FEDC:BA98:7654:3210:FEDC:BA98:7654:3210]:8888/index.html",
+    scheme: "http",
+    prePath: "http://[fedc:ba98:7654:3210:fedc:ba98:7654:3210]:8888",
+    host: "fedc:ba98:7654:3210:fedc:ba98:7654:3210",
+    port: 8888,
+    pathQueryRef: "/index.html",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://bar:foo@www.mozilla.org:8080/pub/mozilla.org/README.html",
+    scheme: "http",
+    prePath: "http://bar:foo@www.mozilla.org:8080",
+    port: 8080,
+    username: "bar",
+    password: "foo",
+    host: "www.mozilla.org",
+    pathQueryRef: "/pub/mozilla.org/README.html",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "jar:resource://!/",
+    scheme: "jar",
+    prePath: "jar:",
+    pathQueryRef: "resource:///!/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: true,
+  },
+  {
+    spec: "jar:resource://gre/chrome.toolkit.jar!/",
+    scheme: "jar",
+    prePath: "jar:",
+    pathQueryRef: "resource://gre/chrome.toolkit.jar!/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: true,
+  },
+  {
+    spec: "mailto:webmaster@mozilla.com",
+    scheme: "mailto",
+    prePath: "mailto:",
+    pathQueryRef: "webmaster@mozilla.com",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "javascript:new Date()",
+    scheme: "javascript",
+    prePath: "javascript:",
+    pathQueryRef: "new Date()",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "blob:123456",
+    scheme: "blob",
+    prePath: "blob:",
+    pathQueryRef: "123456",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+    immutable: true,
+  },
+  {
+    spec: "place:sort=8&maxResults=10",
+    scheme: "place",
+    prePath: "place:",
+    pathQueryRef: "sort=8&maxResults=10",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "resource://gre/",
+    scheme: "resource",
+    prePath: "resource://gre",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "resource://gre/components/",
+    scheme: "resource",
+    prePath: "resource://gre",
+    pathQueryRef: "/components/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+
+  // Adding more? Consider adding to test_URIs2.js instead, so that neither
+  // test runs for *too* long, risking timeouts on slow platforms.
+];
+
+var gHashSuffixes = ["#", "#myRef", "#myRef?a=b", "#myRef#", "#myRef#x:yz"];
+
+// TEST HELPER FUNCTIONS
+// ---------------------
+function do_info(text, stack) {
+  if (!stack) {
+    stack = Components.stack.caller;
+  }
+
+  dump(
+    "\n" +
+      "TEST-INFO | " +
+      stack.filename +
+      " | [" +
+      stack.name +
+      " : " +
+      stack.lineNumber +
+      "] " +
+      text +
+      "\n"
+  );
+}
+
+// Checks that the URIs satisfy equals(), in both possible orderings.
+// Also checks URI.equalsExceptRef(), because equal URIs should also be equal
+// when we ignore the ref.
+//
+// The third argument is optional. If the client passes a third argument
+// (e.g. todo_check_true), we'll use that in lieu of ok.
+function do_check_uri_eq(aURI1, aURI2, aCheckTrueFunc = ok) {
+  do_info("(uri equals check: '" + aURI1.spec + "' == '" + aURI2.spec + "')");
+  aCheckTrueFunc(aURI1.equals(aURI2));
+  do_info("(uri equals check: '" + aURI2.spec + "' == '" + aURI1.spec + "')");
+  aCheckTrueFunc(aURI2.equals(aURI1));
+
+  // (Only take the extra step of testing 'equalsExceptRef' when we expect the
+  // URIs to really be equal.  In 'todo' cases, the URIs may or may not be
+  // equal when refs are ignored - there's no way of knowing in general.)
+  if (aCheckTrueFunc == ok) {
+    do_check_uri_eqExceptRef(aURI1, aURI2, aCheckTrueFunc);
+  }
+}
+
+// Checks that the URIs satisfy equalsExceptRef(), in both possible orderings.
+//
+// The third argument is optional. If the client passes a third argument
+// (e.g. todo_check_true), we'll use that in lieu of ok.
+function do_check_uri_eqExceptRef(aURI1, aURI2, aCheckTrueFunc = ok) {
+  do_info(
+    "(uri equalsExceptRef check: '" + aURI1.spec + "' == '" + aURI2.spec + "')"
+  );
+  aCheckTrueFunc(aURI1.equalsExceptRef(aURI2));
+  do_info(
+    "(uri equalsExceptRef check: '" + aURI2.spec + "' == '" + aURI1.spec + "')"
+  );
+  aCheckTrueFunc(aURI2.equalsExceptRef(aURI1));
+}
+
+// Checks that the given property on aURI matches the corresponding property
+// in the test bundle (or matches some function of that corresponding property,
+// if aTestFunctor is passed in).
+function do_check_property(aTest, aURI, aPropertyName, aTestFunctor) {
+  if (aTest[aPropertyName]) {
+    var expectedVal = aTestFunctor
+      ? aTestFunctor(aTest[aPropertyName])
+      : aTest[aPropertyName];
+
+    do_info(
+      "testing " +
+        aPropertyName +
+        " of " +
+        (aTestFunctor ? "modified '" : "'") +
+        aTest.spec +
+        "' is '" +
+        expectedVal +
+        "'"
+    );
+    Assert.equal(aURI[aPropertyName], expectedVal);
+  }
+}
+
+// Test that a given URI parses correctly into its various components.
+function do_test_uri_basic(aTest) {
+  var URI;
+
+  do_info(
+    "Basic tests for " +
+      aTest.spec +
+      " relative URI: " +
+      (aTest.relativeURI === undefined ? "(none)" : aTest.relativeURI)
+  );
+
+  try {
+    URI = NetUtil.newURI(aTest.spec);
+  } catch (e) {
+    do_info("Caught error on parse of" + aTest.spec + " Error: " + e.result);
+    if (aTest.fail) {
+      Assert.equal(e.result, aTest.result);
+      return;
+    }
+    do_throw(e.result);
+  }
+
+  if (aTest.relativeURI) {
+    var relURI;
+
+    try {
+      relURI = Services.io.newURI(aTest.relativeURI, null, URI);
+    } catch (e) {
+      do_info(
+        "Caught error on Relative parse of " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          " Error: " +
+          e.result
+      );
+      if (aTest.relativeFail) {
+        Assert.equal(e.result, aTest.relativeFail);
+        return;
+      }
+      do_throw(e.result);
+    }
+    do_info(
+      "relURI.pathQueryRef = " +
+        relURI.pathQueryRef +
+        ", was " +
+        URI.pathQueryRef
+    );
+    URI = relURI;
+    do_info("URI.pathQueryRef now = " + URI.pathQueryRef);
+  }
+
+  // Sanity-check
+  do_info("testing " + aTest.spec + " equals a clone of itself");
+  do_check_uri_eq(URI, URI.mutate().finalize());
+  do_check_uri_eqExceptRef(URI, URI.mutate().setRef("").finalize());
+  do_info("testing " + aTest.spec + " instanceof nsIURL");
+  Assert.equal(URI instanceof Ci.nsIURL, aTest.nsIURL);
+  do_info("testing " + aTest.spec + " instanceof nsINestedURI");
+  Assert.equal(URI instanceof Ci.nsINestedURI, aTest.nsINestedURI);
+
+  do_info(
+    "testing that " +
+      aTest.spec +
+      " throws or returns false " +
+      "from equals(null)"
+  );
+  // XXXdholbert At some point it'd probably be worth making this behavior
+  // (throwing vs. returning false) consistent across URI implementations.
+  var threw = false;
+  var isEqualToNull;
+  try {
+    isEqualToNull = URI.equals(null);
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw || !isEqualToNull);
+
+  // Check the various components
+  do_check_property(aTest, URI, "scheme");
+  do_check_property(aTest, URI, "prePath");
+  do_check_property(aTest, URI, "pathQueryRef");
+  do_check_property(aTest, URI, "query");
+  do_check_property(aTest, URI, "ref");
+  do_check_property(aTest, URI, "port");
+  do_check_property(aTest, URI, "username");
+  do_check_property(aTest, URI, "password");
+  do_check_property(aTest, URI, "host");
+  do_check_property(aTest, URI, "specIgnoringRef");
+
+  do_info("testing hasRef");
+  Assert.equal(URI.hasRef, !!aTest.ref, "URI.hasRef is correct");
+  do_info("testing hasUserPass");
+  Assert.equal(
+    URI.hasUserPass,
+    !!aTest.username || !!aTest.password,
+    "URI.hasUserPass is correct"
+  );
+}
+
+// Test that a given URI parses correctly when we add a given ref to the end
+function do_test_uri_with_hash_suffix(aTest, aSuffix) {
+  do_info("making sure caller is using suffix that starts with '#'");
+  Assert.equal(aSuffix[0], "#");
+
+  var origURI = NetUtil.newURI(aTest.spec);
+  var testURI;
+
+  if (aTest.relativeURI) {
+    try {
+      origURI = Services.io.newURI(aTest.relativeURI, null, origURI);
+    } catch (e) {
+      do_info(
+        "Caught error on Relative parse of " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          " Error: " +
+          e.result
+      );
+      return;
+    }
+    try {
+      testURI = Services.io.newURI(aSuffix, null, origURI);
+    } catch (e) {
+      do_info(
+        "Caught error adding suffix to " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          ", suffix " +
+          aSuffix +
+          " Error: " +
+          e.result
+      );
+      return;
+    }
+  } else {
+    testURI = NetUtil.newURI(aTest.spec + aSuffix);
+  }
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " with '" +
+      aSuffix +
+      "' appended " +
+      "equals a clone of itself"
+  );
+  do_check_uri_eq(testURI, testURI.mutate().finalize());
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " doesn't equal self with '" +
+      aSuffix +
+      "' appended"
+  );
+
+  Assert.ok(!origURI.equals(testURI));
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " is equalExceptRef to self with '" +
+      aSuffix +
+      "' appended"
+  );
+  do_check_uri_eqExceptRef(origURI, testURI);
+
+  Assert.equal(testURI.hasRef, true);
+
+  if (!origURI.ref) {
+    // These tests fail if origURI has a ref
+    do_info(
+      "testing setRef('') on " +
+        testURI.spec +
+        " is equal to no-ref version but not equal to ref version"
+    );
+    var cloneNoRef = testURI.mutate().setRef("").finalize(); // we used to clone here.
+    do_info("cloneNoRef: " + cloneNoRef.spec + " hasRef: " + cloneNoRef.hasRef);
+    do_info("testURI: " + testURI.spec + " hasRef: " + testURI.hasRef);
+    do_check_uri_eq(cloneNoRef, origURI);
+    Assert.ok(!cloneNoRef.equals(testURI));
+
+    do_info(
+      "testing cloneWithNewRef on " +
+        testURI.spec +
+        " with an empty ref is equal to no-ref version but not equal to ref version"
+    );
+    var cloneNewRef = testURI.mutate().setRef("").finalize();
+    do_check_uri_eq(cloneNewRef, origURI);
+    do_check_uri_eq(cloneNewRef, cloneNoRef);
+    Assert.ok(!cloneNewRef.equals(testURI));
+
+    do_info(
+      "testing cloneWithNewRef on " +
+        origURI.spec +
+        " with the same new ref is equal to ref version and not equal to no-ref version"
+    );
+    cloneNewRef = origURI.mutate().setRef(aSuffix).finalize();
+    do_check_uri_eq(cloneNewRef, testURI);
+    Assert.ok(cloneNewRef.equals(testURI));
+  }
+
+  do_check_property(aTest, testURI, "scheme");
+  do_check_property(aTest, testURI, "prePath");
+  if (!origURI.ref) {
+    // These don't work if it's a ref already because '+' doesn't give the right result
+    do_check_property(aTest, testURI, "pathQueryRef", function (aStr) {
+      return aStr + aSuffix;
+    });
+    do_check_property(aTest, testURI, "ref", function (aStr) {
+      return aSuffix.substr(1);
+    });
+  }
+}
+
+// Tests various ways of setting & clearing a ref on a URI.
+function do_test_mutate_ref(aTest, aSuffix) {
+  do_info("making sure caller is using suffix that starts with '#'");
+  Assert.equal(aSuffix[0], "#");
+
+  var refURIWithSuffix = NetUtil.newURI(aTest.spec + aSuffix);
+  var refURIWithoutSuffix = NetUtil.newURI(aTest.spec);
+
+  var testURI = NetUtil.newURI(aTest.spec);
+
+  // First: Try setting .ref to our suffix
+  do_info(
+    "testing that setting .ref on " +
+      aTest.spec +
+      " to '" +
+      aSuffix +
+      "' does what we expect"
+  );
+  testURI = testURI.mutate().setRef(aSuffix).finalize();
+  do_check_uri_eq(testURI, refURIWithSuffix);
+  do_check_uri_eqExceptRef(testURI, refURIWithoutSuffix);
+
+  // Now try setting .ref but leave off the initial hash (expect same result)
+  var suffixLackingHash = aSuffix.substr(1);
+  if (suffixLackingHash) {
+    // (skip this our suffix was *just* a #)
+    do_info(
+      "testing that setting .ref on " +
+        aTest.spec +
+        " to '" +
+        suffixLackingHash +
+        "' does what we expect"
+    );
+    testURI = testURI.mutate().setRef(suffixLackingHash).finalize();
+    do_check_uri_eq(testURI, refURIWithSuffix);
+    do_check_uri_eqExceptRef(testURI, refURIWithoutSuffix);
+  }
+
+  // Now, clear .ref (should get us back the original spec)
+  do_info(
+    "testing that clearing .ref on " + testURI.spec + " does what we expect"
+  );
+  testURI = testURI.mutate().setRef("").finalize();
+  do_check_uri_eq(testURI, refURIWithoutSuffix);
+  do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+  if (!aTest.relativeURI) {
+    // TODO: These tests don't work as-is for relative URIs.
+
+    // Now try setting .spec directly (including suffix) and then clearing .ref
+    var specWithSuffix = aTest.spec + aSuffix;
+    do_info(
+      "testing that setting spec to " +
+        specWithSuffix +
+        " and then clearing ref does what we expect"
+    );
+
+    testURI = testURI.mutate().setSpec(specWithSuffix).setRef("").finalize();
+    do_check_uri_eq(testURI, refURIWithoutSuffix);
+    do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+    // XXX nsIJARURI throws an exception in SetPath(), so skip it for next part.
+    if (!(testURI instanceof Ci.nsIJARURI)) {
+      // Now try setting .pathQueryRef directly (including suffix) and then clearing .ref
+      // (same as above, but with now with .pathQueryRef instead of .spec)
+      testURI = NetUtil.newURI(aTest.spec);
+
+      var pathWithSuffix = aTest.pathQueryRef + aSuffix;
+      do_info(
+        "testing that setting path to " +
+          pathWithSuffix +
+          " and then clearing ref does what we expect"
+      );
+      testURI = testURI
+        .mutate()
+        .setPathQueryRef(pathWithSuffix)
+        .setRef("")
+        .finalize();
+      do_check_uri_eq(testURI, refURIWithoutSuffix);
+      do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+      // Also: make sure that clearing .pathQueryRef also clears .ref
+      testURI = testURI.mutate().setPathQueryRef(pathWithSuffix).finalize();
+      do_info(
+        "testing that clearing path from " +
+          pathWithSuffix +
+          " also clears .ref"
+      );
+      testURI = testURI.mutate().setPathQueryRef("").finalize();
+      Assert.equal(testURI.ref, "");
+    }
+  }
+}
+
+// Check that changing nested/about URIs works correctly.
+add_task(function check_nested_mutations() {
+  // nsNestedAboutURI
+  let uri1 = Services.io.newURI("about:blank#");
+  let uri2 = Services.io.newURI("about:blank");
+  let uri3 = uri1.mutate().setRef("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setRef("#").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("about:blank?something");
+  uri2 = Services.io.newURI("about:blank");
+  uri3 = uri1.mutate().setQuery("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setQuery("something").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("about:blank?query#ref");
+  uri2 = Services.io.newURI("about:blank");
+  uri3 = uri1.mutate().setPathQueryRef("blank").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setPathQueryRef("blank?query#ref").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  // nsSimpleNestedURI
+  uri1 = Services.io.newURI("view-source:http://example.com/path#");
+  uri2 = Services.io.newURI("view-source:http://example.com/path");
+  uri3 = uri1.mutate().setRef("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setRef("#").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("view-source:http://example.com/path?something");
+  uri2 = Services.io.newURI("view-source:http://example.com/path");
+  uri3 = uri1.mutate().setQuery("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setQuery("something").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("view-source:http://example.com/path?query#ref");
+  uri2 = Services.io.newURI("view-source:http://example.com/path");
+  uri3 = uri1.mutate().setPathQueryRef("path").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setPathQueryRef("path?query#ref").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("view-source:about:blank#");
+  uri2 = Services.io.newURI("view-source:about:blank");
+  uri3 = uri1.mutate().setRef("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setRef("#").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("view-source:about:blank?something");
+  uri2 = Services.io.newURI("view-source:about:blank");
+  uri3 = uri1.mutate().setQuery("").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setQuery("something").finalize();
+  do_check_uri_eq(uri3, uri1);
+
+  uri1 = Services.io.newURI("view-source:about:blank?query#ref");
+  uri2 = Services.io.newURI("view-source:about:blank");
+  uri3 = uri1.mutate().setPathQueryRef("blank").finalize();
+  do_check_uri_eq(uri3, uri2);
+  uri3 = uri2.mutate().setPathQueryRef("blank?query#ref").finalize();
+  do_check_uri_eq(uri3, uri1);
+});
+
+add_task(function check_space_escaping() {
+  let uri = Services.io.newURI("data:text/plain,hello%20world#space hash");
+  Assert.equal(uri.spec, "data:text/plain,hello%20world#space%20hash");
+  uri = Services.io.newURI("data:text/plain,hello%20world#space%20hash");
+  Assert.equal(uri.spec, "data:text/plain,hello%20world#space%20hash");
+  uri = Services.io.newURI("data:text/plain,hello world#space%20hash");
+  Assert.equal(uri.spec, "data:text/plain,hello world#space%20hash");
+  uri = Services.io.newURI("data:text/plain,hello world#space hash");
+  Assert.equal(uri.spec, "data:text/plain,hello world#space%20hash");
+  uri = Services.io.newURI("http://example.com/test path#test path");
+  uri = Services.io.newURI("http://example.com/test%20path#test%20path");
+});
+
+add_task(function check_schemeIsNull() {
+  let uri = Services.io.newURI("data:text/plain,aaa");
+  Assert.ok(!uri.schemeIs(null));
+  uri = Services.io.newURI("http://example.com");
+  Assert.ok(!uri.schemeIs(null));
+  uri = Services.io.newURI("dummyscheme://example.com");
+  Assert.ok(!uri.schemeIs(null));
+  uri = Services.io.newURI("jar:resource://gre/chrome.toolkit.jar!/");
+  Assert.ok(!uri.schemeIs(null));
+  uri = Services.io.newURI("moz-icon://.unknown?size=32");
+  Assert.ok(!uri.schemeIs(null));
+});
+
+// Check that characters in the query of moz-extension aren't improperly unescaped (Bug 1547882)
+add_task(function check_mozextension_query() {
+  let uri = Services.io.newURI(
+    "moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html"
+  );
+  uri = uri
+    .mutate()
+    .setQuery("u=https%3A%2F%2Fnews.ycombinator.com%2F")
+    .finalize();
+  Assert.equal(uri.query, "u=https%3A%2F%2Fnews.ycombinator.com%2F");
+  uri = Services.io.newURI(
+    "moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html?u=https%3A%2F%2Fnews.ycombinator.com%2F"
+  );
+  Assert.equal(
+    uri.spec,
+    "moz-extension://a7d1572e-3beb-4d93-a920-c408fa09e8ea/_source/holding.html?u=https%3A%2F%2Fnews.ycombinator.com%2F"
+  );
+  Assert.equal(uri.query, "u=https%3A%2F%2Fnews.ycombinator.com%2F");
+});
+
+add_task(function check_resolve() {
+  let base = Services.io.newURI("http://example.com");
+  let uri = Services.io.newURI("tel::+371 27028456", "utf-8", base);
+  Assert.equal(uri.spec, "tel::+371 27028456");
+});
+
+add_task(function test_extra_protocols() {
+  // dweb://
+  let url = Services.io.newURI("dweb://example.com/test");
+  Assert.equal(url.host, "example.com");
+
+  // dat://
+  url = Services.io.newURI(
+    "dat://41f8a987cfeba80a037e51cc8357d513b62514de36f2f9b3d3eeec7a8fb3b5a5/"
+  );
+  Assert.equal(
+    url.host,
+    "41f8a987cfeba80a037e51cc8357d513b62514de36f2f9b3d3eeec7a8fb3b5a5"
+  );
+  url = Services.io.newURI("dat://example.com/test");
+  Assert.equal(url.host, "example.com");
+
+  // ipfs://
+  url = Services.io.newURI(
+    "ipfs://bafybeiccfclkdtucu6y4yc5cpr6y3yuinr67svmii46v5cfcrkp47ihehy/frontend/license.txt"
+  );
+  Assert.equal(url.scheme, "ipfs");
+  Assert.equal(
+    url.host,
+    "bafybeiccfclkdtucu6y4yc5cpr6y3yuinr67svmii46v5cfcrkp47ihehy"
+  );
+  Assert.equal(url.filePath, "/frontend/license.txt");
+
+  // ipns://
+  url = Services.io.newURI("ipns://peerdium.gozala.io/index.html");
+  Assert.equal(url.scheme, "ipns");
+  Assert.equal(url.host, "peerdium.gozala.io");
+  Assert.equal(url.filePath, "/index.html");
+
+  // ssb://
+  url = Services.io.newURI("ssb://scuttlebutt.nz/index.html");
+  Assert.equal(url.scheme, "ssb");
+  Assert.equal(url.host, "scuttlebutt.nz");
+  Assert.equal(url.filePath, "/index.html");
+
+  // wtp://
+  url = Services.io.newURI(
+    "wtp://951ead31d09e4049fc1f21f137e233dd0589fcbd/blog/vim-tips/"
+  );
+  Assert.equal(url.scheme, "wtp");
+  Assert.equal(url.host, "951ead31d09e4049fc1f21f137e233dd0589fcbd");
+  Assert.equal(url.filePath, "/blog/vim-tips/");
+});
+
+// TEST MAIN FUNCTION
+// ------------------
+add_task(function mainTest() {
+  // UTF-8 check - From bug 622981
+  // ASCII
+  let base = Services.io.newURI("http://example.org/xenia?");
+  let resolved = Services.io.newURI("?x", null, base);
+  let expected = Services.io.newURI("http://example.org/xenia?x");
+  do_info(
+    "Bug 662981: ACSII - comparing " + resolved.spec + " and " + expected.spec
+  );
+  Assert.ok(resolved.equals(expected));
+
+  // UTF-8 character "è"
+  // Bug 622981 was triggered by an empty query string
+  base = Services.io.newURI("http://example.org/xènia?");
+  resolved = Services.io.newURI("?x", null, base);
+  expected = Services.io.newURI("http://example.org/xènia?x");
+  do_info(
+    "Bug 662981: UTF8 - comparing " + resolved.spec + " and " + expected.spec
+  );
+  Assert.ok(resolved.equals(expected));
+
+  gTests.forEach(function (aTest) {
+    // Check basic URI functionality
+    do_test_uri_basic(aTest);
+
+    if (!aTest.fail) {
+      // Try adding various #-prefixed strings to the ends of the URIs
+      gHashSuffixes.forEach(function (aSuffix) {
+        do_test_uri_with_hash_suffix(aTest, aSuffix);
+        if (!aTest.immutable) {
+          do_test_mutate_ref(aTest, aSuffix);
+        }
+      });
+
+      // For URIs that we couldn't mutate above due to them being immutable:
+      // Now we check that they're actually immutable.
+      if (aTest.immutable) {
+        Assert.ok(aTest.immutable);
+      }
+    }
+  });
+});
+
+function check_round_trip_serialization(spec) {
+  dump(`checking ${spec}\n`);
+  let uri = Services.io.newURI(spec);
+  let str = serialize_to_escaped_string(uri);
+  let other = deserialize_from_escaped_string(str).QueryInterface(Ci.nsIURI);
+  equal(other.spec, uri.spec);
+}
+
+add_task(function test_iconURI_serialization() {
+  // URIs taken from test_moz_icon_uri.js
+
+  let tests = [
+    "moz-icon://foo.html?contentType=bar&size=button&state=normal",
+    "moz-icon://foo.html?size=3",
+    "moz-icon://stock/foo",
+    "moz-icon:file://foo.txt",
+    "moz-icon://file://foo.txt",
+  ];
+
+  tests.forEach(str => check_round_trip_serialization(str));
+});
+
+add_task(function test_jarURI_serialization() {
+  check_round_trip_serialization("jar:http://example.com/bar.jar!/");
+});
+
+add_task(async function round_trip_invalid_ace_label() {
+  // This is well-formed punycode, but an invalid ACE label due to hyphens in
+  // positions 3 & 4 and trailing hyphen. (Punycode-decode yields "xn--d淾-")
+  let uri = Services.io.newURI("http://xn--xn--d--fg4n/");
+  Assert.equal(uri.spec, "http://xn--xn--d--fg4n/");
+
+  // Entirely invalid punycode will throw a MALFORMED error.
+  Assert.throws(() => {
+    uri = Services.io.newURI("http://a.b.c.XN--pokxncvks");
+  }, /NS_ERROR_MALFORMED_URI/);
+});
+
+add_task(async function test_bug1875119() {
+  let uri1 = Services.io.newURI("file:///path");
+  let uri2 = Services.io.newURI("resource://test/bla");
+  // type of uri2 is still SubstitutingURL which overrides the implementation of EnsureFile,
+  // but it's scheme is now file.
+  // See https://bugzilla.mozilla.org/show_bug.cgi?id=1876483 to disallow this
+  uri2 = uri2.mutate().setSpec("file:///path2").finalize();
+  Assert.throws(
+    () => uri1.equals(uri2),
+    /(NS_NOINTERFACE)|(NS_ERROR_FILE_UNRECOGNIZED_PATH)/,
+    "uri2 is in an invalid state and should throw"
+  );
+});
+
+add_task(async function test_bug1843717() {
+  // Make sure file path normalization on windows
+  // doesn't affect the hash of the URL.
+  let base = Services.io.newURI("file:///abc\\def/");
+  let uri = Services.io.newURI("foo\\bar#x\\y", null, base);
+  Assert.equal(uri.spec, "file:///abc/def/foo/bar#x\\y");
+  uri = Services.io.newURI("foo\\bar#xy", null, base);
+  Assert.equal(uri.spec, "file:///abc/def/foo/bar#xy");
+  uri = Services.io.newURI("foo\\bar#", null, base);
+  Assert.equal(uri.spec, "file:///abc/def/foo/bar#");
+});
diff --git a/netwerk/test/unit/test_URIs2.js b/netwerk/test/unit/test_URIs2.js
new file mode 100644
index 0000000000..3ca9706543
--- /dev/null
+++ b/netwerk/test/unit/test_URIs2.js
@@ -0,0 +1,881 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+"use strict";
+
+// Run by: cd objdir;  make -C netwerk/test/ xpcshell-tests
+// or: cd objdir; make SOLO_FILE="test_URIs2.js" -C netwerk/test/ check-one
+
+// This is a clone of test_URIs.js, with a different set of test data in gTests.
+// The original test data in test_URIs.js was split between test_URIs and test_URIs2.js
+// because test_URIs.js was running for too long on slow platforms, causing
+// intermittent timeouts.
+
+// Relevant RFCs: 1738, 1808, 2396, 3986 (newer than the code)
+// http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.5.4
+// http://greenbytes.de/tech/tc/uris/
+
+// TEST DATA
+// ---------
+var gTests = [
+  {
+    spec: "view-source:about:blank",
+    scheme: "view-source",
+    prePath: "view-source:",
+    pathQueryRef: "about:blank",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: true,
+    immutable: true,
+  },
+  {
+    spec: "view-source:http://www.mozilla.org/",
+    scheme: "view-source",
+    prePath: "view-source:",
+    pathQueryRef: "http://www.mozilla.org/",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: true,
+    immutable: true,
+  },
+  {
+    spec: "x-external:",
+    scheme: "x-external",
+    prePath: "x-external:",
+    pathQueryRef: "",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "x-external:abc",
+    scheme: "x-external",
+    prePath: "x-external:",
+    pathQueryRef: "abc",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://www2.example.com/",
+    relativeURI: "a/b/c/d",
+    scheme: "http",
+    prePath: "http://www2.example.com",
+    pathQueryRef: "/a/b/c/d",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  // relative URL testcases from http://greenbytes.de/tech/webdav/rfc3986.html#rfc.section.5.4
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g:h",
+    scheme: "g",
+    prePath: "g:",
+    pathQueryRef: "h",
+    ref: "",
+    nsIURL: false,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "./g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g/",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "/g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "?y",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/d;p?y",
+    ref: "", // fix
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g?y",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g?y",
+    ref: "", // fix
+    specIgnoringRef: "http://a/b/c/g?y",
+    hasRef: false,
+    hasQuery: true,
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "#s",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/d;p?q#s",
+    ref: "s", // fix
+    specIgnoringRef: "http://a/b/c/d;p?q",
+    hasRef: true,
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g#s",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g#s",
+    ref: "s",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g?y#s",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g?y#s",
+    ref: "s",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  /*
+    Bug xxxxxx - we return a path of b/c/;x
+  { spec:    "http://a/b/c/d;p?q",
+    relativeURI: ";x",
+    scheme:  "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/d;x",
+    ref:     "",
+    nsIURL:  true, nsINestedURI: false },
+  */
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g;x",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g;x",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g;x?y#s",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g;x?y#s",
+    ref: "s",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  /*
+    Can't easily specify a relative URI of "" to the test code
+  { spec:    "http://a/b/c/d;p?q",
+    relativeURI: "",
+    scheme:  "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/d",
+    ref:     "",
+    nsIURL:  true, nsINestedURI: false },
+  */
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: ".",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "./",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "..",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../..",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../../",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+
+  // abnormal examples
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../../../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "../../../../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+
+  // coalesce
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "/./g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "/../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g.",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g.",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: ".g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/.g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g..",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g..",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "..g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/..g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: ".",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "./../g",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/g",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "./g/.",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g/",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g/./h",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g/h",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g/../h",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/h",
+    ref: "", // fix
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g;x=1/./y",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/g;x=1/y",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "http://a/b/c/d;p?q",
+    relativeURI: "g;x=1/../y",
+    scheme: "http",
+    prePath: "http://a",
+    pathQueryRef: "/b/c/y",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  // protocol-relative http://tools.ietf.org/html/rfc3986#section-4.2
+  {
+    spec: "http://www2.example.com/",
+    relativeURI: "//www3.example2.com/bar",
+    scheme: "http",
+    prePath: "http://www3.example2.com",
+    pathQueryRef: "/bar",
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+  {
+    spec: "https://www2.example.com/",
+    relativeURI: "//www3.example2.com/bar",
+    scheme: "https",
+    prePath: "https://www3.example2.com",
+    pathQueryRef: "/bar",
+    hasQuery: false,
+    ref: "",
+    nsIURL: true,
+    nsINestedURI: false,
+  },
+];
+
+var gHashSuffixes = ["#", "#myRef", "#myRef?a=b", "#myRef#", "#myRef#x:yz"];
+
+// TEST HELPER FUNCTIONS
+// ---------------------
+function do_info(text, stack) {
+  if (!stack) {
+    stack = Components.stack.caller;
+  }
+
+  dump(
+    "\n" +
+      "TEST-INFO | " +
+      stack.filename +
+      " | [" +
+      stack.name +
+      " : " +
+      stack.lineNumber +
+      "] " +
+      text +
+      "\n"
+  );
+}
+
+// Checks that the URIs satisfy equals(), in both possible orderings.
+// Also checks URI.equalsExceptRef(), because equal URIs should also be equal
+// when we ignore the ref.
+//
+// The third argument is optional. If the client passes a third argument
+// (e.g. todo_check_true), we'll use that in lieu of ok.
+function do_check_uri_eq(aURI1, aURI2, aCheckTrueFunc = ok) {
+  do_info("(uri equals check: '" + aURI1.spec + "' == '" + aURI2.spec + "')");
+  aCheckTrueFunc(aURI1.equals(aURI2));
+  do_info("(uri equals check: '" + aURI2.spec + "' == '" + aURI1.spec + "')");
+  aCheckTrueFunc(aURI2.equals(aURI1));
+
+  // (Only take the extra step of testing 'equalsExceptRef' when we expect the
+  // URIs to really be equal.  In 'todo' cases, the URIs may or may not be
+  // equal when refs are ignored - there's no way of knowing in general.)
+  if (aCheckTrueFunc == ok) {
+    do_check_uri_eqExceptRef(aURI1, aURI2, aCheckTrueFunc);
+  }
+}
+
+// Checks that the URIs satisfy equalsExceptRef(), in both possible orderings.
+//
+// The third argument is optional. If the client passes a third argument
+// (e.g. todo_check_true), we'll use that in lieu of ok.
+function do_check_uri_eqExceptRef(aURI1, aURI2, aCheckTrueFunc = ok) {
+  do_info(
+    "(uri equalsExceptRef check: '" + aURI1.spec + "' == '" + aURI2.spec + "')"
+  );
+  aCheckTrueFunc(aURI1.equalsExceptRef(aURI2));
+  do_info(
+    "(uri equalsExceptRef check: '" + aURI2.spec + "' == '" + aURI1.spec + "')"
+  );
+  aCheckTrueFunc(aURI2.equalsExceptRef(aURI1));
+}
+
+// Checks that the given property on aURI matches the corresponding property
+// in the test bundle (or matches some function of that corresponding property,
+// if aTestFunctor is passed in).
+function do_check_property(aTest, aURI, aPropertyName, aTestFunctor) {
+  if (aTest[aPropertyName]) {
+    var expectedVal = aTestFunctor
+      ? aTestFunctor(aTest[aPropertyName])
+      : aTest[aPropertyName];
+
+    do_info(
+      "testing " +
+        aPropertyName +
+        " of " +
+        (aTestFunctor ? "modified '" : "'") +
+        aTest.spec +
+        "' is '" +
+        expectedVal +
+        "'"
+    );
+    Assert.equal(aURI[aPropertyName], expectedVal);
+  }
+}
+
+// Test that a given URI parses correctly into its various components.
+function do_test_uri_basic(aTest) {
+  var URI;
+
+  do_info(
+    "Basic tests for " + aTest.spec + " relative URI: " + aTest.relativeURI
+  );
+
+  try {
+    URI = NetUtil.newURI(aTest.spec);
+  } catch (e) {
+    do_info("Caught error on parse of" + aTest.spec + " Error: " + e.result);
+    if (aTest.fail) {
+      Assert.equal(e.result, aTest.result);
+      return;
+    }
+    do_throw(e.result);
+  }
+
+  if (aTest.relativeURI) {
+    var relURI;
+
+    try {
+      relURI = Services.io.newURI(aTest.relativeURI, null, URI);
+    } catch (e) {
+      do_info(
+        "Caught error on Relative parse of " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          " Error: " +
+          e.result
+      );
+      if (aTest.relativeFail) {
+        Assert.equal(e.result, aTest.relativeFail);
+        return;
+      }
+      do_throw(e.result);
+    }
+    do_info(
+      "relURI.pathQueryRef = " +
+        relURI.pathQueryRef +
+        ", was " +
+        URI.pathQueryRef
+    );
+    URI = relURI;
+    do_info("URI.pathQueryRef now = " + URI.pathQueryRef);
+  }
+
+  // Sanity-check
+  do_info("testing " + aTest.spec + " equals a clone of itself");
+  do_check_uri_eq(URI, URI.mutate().finalize());
+  do_check_uri_eqExceptRef(URI, URI.mutate().setRef("").finalize());
+  do_info("testing " + aTest.spec + " instanceof nsIURL");
+  Assert.equal(URI instanceof Ci.nsIURL, aTest.nsIURL);
+  do_info("testing " + aTest.spec + " instanceof nsINestedURI");
+  Assert.equal(URI instanceof Ci.nsINestedURI, aTest.nsINestedURI);
+
+  do_info(
+    "testing that " +
+      aTest.spec +
+      " throws or returns false " +
+      "from equals(null)"
+  );
+  // XXXdholbert At some point it'd probably be worth making this behavior
+  // (throwing vs. returning false) consistent across URI implementations.
+  var threw = false;
+  var isEqualToNull;
+  try {
+    isEqualToNull = URI.equals(null);
+  } catch (e) {
+    threw = true;
+  }
+  Assert.ok(threw || !isEqualToNull);
+
+  // Check the various components
+  do_check_property(aTest, URI, "scheme");
+  do_check_property(aTest, URI, "prePath");
+  do_check_property(aTest, URI, "pathQueryRef");
+  do_check_property(aTest, URI, "query");
+  do_check_property(aTest, URI, "ref");
+  do_check_property(aTest, URI, "port");
+  do_check_property(aTest, URI, "username");
+  do_check_property(aTest, URI, "password");
+  do_check_property(aTest, URI, "host");
+  do_check_property(aTest, URI, "specIgnoringRef");
+  if ("hasRef" in aTest) {
+    do_info("testing hasref: " + aTest.hasRef + " vs " + URI.hasRef);
+    Assert.equal(aTest.hasRef, URI.hasRef);
+  }
+  if ("hasQuery" in aTest) {
+    do_info("testing hasQuery: " + aTest.hasQuery + " vs " + URI.hasQuery);
+    Assert.equal(aTest.hasQuery, URI.hasQuery);
+  }
+}
+
+// Test that a given URI parses correctly when we add a given ref to the end
+function do_test_uri_with_hash_suffix(aTest, aSuffix) {
+  do_info("making sure caller is using suffix that starts with '#'");
+  Assert.equal(aSuffix[0], "#");
+
+  var origURI = NetUtil.newURI(aTest.spec);
+  var testURI;
+
+  if (aTest.relativeURI) {
+    try {
+      origURI = Services.io.newURI(aTest.relativeURI, null, origURI);
+    } catch (e) {
+      do_info(
+        "Caught error on Relative parse of " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          " Error: " +
+          e.result
+      );
+      return;
+    }
+    try {
+      testURI = Services.io.newURI(aSuffix, null, origURI);
+    } catch (e) {
+      do_info(
+        "Caught error adding suffix to " +
+          aTest.spec +
+          " + " +
+          aTest.relativeURI +
+          ", suffix " +
+          aSuffix +
+          " Error: " +
+          e.result
+      );
+      return;
+    }
+  } else {
+    testURI = NetUtil.newURI(aTest.spec + aSuffix);
+  }
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " with '" +
+      aSuffix +
+      "' appended " +
+      "equals a clone of itself"
+  );
+  do_check_uri_eq(testURI, testURI.mutate().finalize());
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " doesn't equal self with '" +
+      aSuffix +
+      "' appended"
+  );
+
+  Assert.ok(!origURI.equals(testURI));
+
+  do_info(
+    "testing " +
+      aTest.spec +
+      " is equalExceptRef to self with '" +
+      aSuffix +
+      "' appended"
+  );
+  do_check_uri_eqExceptRef(origURI, testURI);
+
+  Assert.equal(testURI.hasRef, true);
+
+  if (!origURI.ref) {
+    // These tests fail if origURI has a ref
+    do_info(
+      "testing cloneIgnoringRef on " +
+        testURI.spec +
+        " is equal to no-ref version but not equal to ref version"
+    );
+    var cloneNoRef = testURI.mutate().setRef("").finalize();
+    do_check_uri_eq(cloneNoRef, origURI);
+    Assert.ok(!cloneNoRef.equals(testURI));
+  }
+
+  do_check_property(aTest, testURI, "scheme");
+  do_check_property(aTest, testURI, "prePath");
+  if (!origURI.ref) {
+    // These don't work if it's a ref already because '+' doesn't give the right result
+    do_check_property(aTest, testURI, "pathQueryRef", function (aStr) {
+      return aStr + aSuffix;
+    });
+    do_check_property(aTest, testURI, "ref", function (aStr) {
+      return aSuffix.substr(1);
+    });
+  }
+}
+
+// Tests various ways of setting & clearing a ref on a URI.
+function do_test_mutate_ref(aTest, aSuffix) {
+  do_info("making sure caller is using suffix that starts with '#'");
+  Assert.equal(aSuffix[0], "#");
+
+  var refURIWithSuffix = NetUtil.newURI(aTest.spec + aSuffix);
+  var refURIWithoutSuffix = NetUtil.newURI(aTest.spec);
+
+  var testURI = NetUtil.newURI(aTest.spec);
+
+  // First: Try setting .ref to our suffix
+  do_info(
+    "testing that setting .ref on " +
+      aTest.spec +
+      " to '" +
+      aSuffix +
+      "' does what we expect"
+  );
+  testURI = testURI.mutate().setRef(aSuffix).finalize();
+  do_check_uri_eq(testURI, refURIWithSuffix);
+  do_check_uri_eqExceptRef(testURI, refURIWithoutSuffix);
+
+  // Now try setting .ref but leave off the initial hash (expect same result)
+  var suffixLackingHash = aSuffix.substr(1);
+  if (suffixLackingHash) {
+    // (skip this our suffix was *just* a #)
+    do_info(
+      "testing that setting .ref on " +
+        aTest.spec +
+        " to '" +
+        suffixLackingHash +
+        "' does what we expect"
+    );
+    testURI = testURI.mutate().setRef(suffixLackingHash).finalize();
+    do_check_uri_eq(testURI, refURIWithSuffix);
+    do_check_uri_eqExceptRef(testURI, refURIWithoutSuffix);
+  }
+
+  // Now, clear .ref (should get us back the original spec)
+  do_info(
+    "testing that clearing .ref on " + testURI.spec + " does what we expect"
+  );
+  testURI = testURI.mutate().setRef("").finalize();
+  do_check_uri_eq(testURI, refURIWithoutSuffix);
+  do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+  if (!aTest.relativeURI) {
+    // TODO: These tests don't work as-is for relative URIs.
+
+    // Now try setting .spec directly (including suffix) and then clearing .ref
+    var specWithSuffix = aTest.spec + aSuffix;
+    do_info(
+      "testing that setting spec to " +
+        specWithSuffix +
+        " and then clearing ref does what we expect"
+    );
+    testURI = testURI.mutate().setSpec(specWithSuffix).setRef("").finalize();
+    do_check_uri_eq(testURI, refURIWithoutSuffix);
+    do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+    // XXX nsIJARURI throws an exception in SetPath(), so skip it for next part.
+    if (!(testURI instanceof Ci.nsIJARURI)) {
+      // Now try setting .pathQueryRef directly (including suffix) and then clearing .ref
+      // (same as above, but with now with .pathQueryRef instead of .spec)
+      testURI = NetUtil.newURI(aTest.spec);
+
+      var pathWithSuffix = aTest.pathQueryRef + aSuffix;
+      do_info(
+        "testing that setting path to " +
+          pathWithSuffix +
+          " and then clearing ref does what we expect"
+      );
+      testURI = testURI
+        .mutate()
+        .setPathQueryRef(pathWithSuffix)
+        .setRef("")
+        .finalize();
+      do_check_uri_eq(testURI, refURIWithoutSuffix);
+      do_check_uri_eqExceptRef(testURI, refURIWithSuffix);
+
+      // Also: make sure that clearing .pathQueryRef also clears .ref
+      testURI = testURI.mutate().setPathQueryRef(pathWithSuffix).finalize();
+      do_info(
+        "testing that clearing path from " +
+          pathWithSuffix +
+          " also clears .ref"
+      );
+      testURI = testURI.mutate().setPathQueryRef("").finalize();
+      Assert.equal(testURI.ref, "");
+    }
+  }
+}
+
+// TEST MAIN FUNCTION
+// ------------------
+function run_test() {
+  // UTF-8 check - From bug 622981
+  // ASCII
+  let base = Services.io.newURI("http://example.org/xenia?");
+  let resolved = Services.io.newURI("?x", null, base);
+  let expected = Services.io.newURI("http://example.org/xenia?x");
+  do_info(
+    "Bug 662981: ACSII - comparing " + resolved.spec + " and " + expected.spec
+  );
+  Assert.ok(resolved.equals(expected));
+
+  // UTF-8 character "è"
+  // Bug 622981 was triggered by an empty query string
+  base = Services.io.newURI("http://example.org/xènia?");
+  resolved = Services.io.newURI("?x", null, base);
+  expected = Services.io.newURI("http://example.org/xènia?x");
+  do_info(
+    "Bug 662981: UTF8 - comparing " + resolved.spec + " and " + expected.spec
+  );
+  Assert.ok(resolved.equals(expected));
+
+  gTests.forEach(function (aTest) {
+    // Check basic URI functionality
+    do_test_uri_basic(aTest);
+
+    if (!aTest.fail) {
+      // Try adding various #-prefixed strings to the ends of the URIs
+      gHashSuffixes.forEach(function (aSuffix) {
+        do_test_uri_with_hash_suffix(aTest, aSuffix);
+        if (!aTest.immutable) {
+          do_test_mutate_ref(aTest, aSuffix);
+        }
+      });
+
+      // For URIs that we couldn't mutate above due to them being immutable:
+      // Now we check that they're actually immutable.
+      if (aTest.immutable) {
+        Assert.ok(aTest.immutable);
+      }
+    }
+  });
+}
diff --git a/netwerk/test/unit/test_XHR_redirects.js b/netwerk/test/unit/test_XHR_redirects.js
new file mode 100644
index 0000000000..e3bee4c76f
--- /dev/null
+++ b/netwerk/test/unit/test_XHR_redirects.js
@@ -0,0 +1,275 @@
+// This file tests whether XmlHttpRequests correctly handle redirects,
+// including rewriting POSTs to GETs (on 301/302/303), as well as
+// prompting for redirects of other unsafe methods (such as PUTs, DELETEs,
+// etc--see HttpBaseChannel::IsSafeMethod).  Since no prompting is possible
+// in xpcshell, we get an error for prompts, and the request fails.
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const { Preferences } = ChromeUtils.importESModule(
+  "resource://gre/modules/Preferences.sys.mjs"
+);
+
+var sSame;
+var sOther;
+var sRedirectPromptPref;
+
+const BUGID = "676059";
+const OTHERBUGID = "696849";
+
+ChromeUtils.defineLazyGetter(this, "pSame", function () {
+  return sSame.identity.primaryPort;
+});
+ChromeUtils.defineLazyGetter(this, "pOther", function () {
+  return sOther.identity.primaryPort;
+});
+
+function createXHR(async, method, path) {
+  var xhr = new XMLHttpRequest();
+  xhr.open(method, "http://localhost:" + pSame + path, async);
+  return xhr;
+}
+
+function checkResults(xhr, method, status, unsafe) {
+  if (unsafe) {
+    if (sRedirectPromptPref) {
+      // The method is null if we prompt for unsafe redirects
+      method = null;
+    } else {
+      // The status code is 200 when we don't prompt for unsafe redirects
+      status = 200;
+    }
+  }
+
+  if (xhr.readyState != 4) {
+    return false;
+  }
+  Assert.equal(xhr.status, status);
+
+  if (status == 200) {
+    // if followed then check for echoed method name
+    Assert.equal(xhr.getResponseHeader("X-Received-Method"), method);
+  }
+
+  return true;
+}
+
+function run_test() {
+  // start servers
+  sSame = new HttpServer();
+
+  // same-origin redirects
+  sSame.registerPathHandler(
+    "/bug" + BUGID + "-redirect301",
+    bug676059redirect301
+  );
+  sSame.registerPathHandler(
+    "/bug" + BUGID + "-redirect302",
+    bug676059redirect302
+  );
+  sSame.registerPathHandler(
+    "/bug" + BUGID + "-redirect303",
+    bug676059redirect303
+  );
+  sSame.registerPathHandler(
+    "/bug" + BUGID + "-redirect307",
+    bug676059redirect307
+  );
+  sSame.registerPathHandler(
+    "/bug" + BUGID + "-redirect308",
+    bug676059redirect308
+  );
+
+  // cross-origin redirects
+  sSame.registerPathHandler(
+    "/bug" + OTHERBUGID + "-redirect301",
+    bug696849redirect301
+  );
+  sSame.registerPathHandler(
+    "/bug" + OTHERBUGID + "-redirect302",
+    bug696849redirect302
+  );
+  sSame.registerPathHandler(
+    "/bug" + OTHERBUGID + "-redirect303",
+    bug696849redirect303
+  );
+  sSame.registerPathHandler(
+    "/bug" + OTHERBUGID + "-redirect307",
+    bug696849redirect307
+  );
+  sSame.registerPathHandler(
+    "/bug" + OTHERBUGID + "-redirect308",
+    bug696849redirect308
+  );
+
+  // same-origin target
+  sSame.registerPathHandler("/bug" + BUGID + "-target", echoMethod);
+  sSame.start(-1);
+
+  // cross-origin target
+  sOther = new HttpServer();
+  sOther.registerPathHandler("/bug" + OTHERBUGID + "-target", echoMethod);
+  sOther.start(-1);
+
+  // format: redirectType, methodToSend, redirectedMethod, finalStatus
+  //   redirectType sets the URI the initial request goes to
+  //   methodToSend is the HTTP method to send
+  //   redirectedMethod is the method to use for the redirect, if any
+  //   finalStatus is 200 when the redirect takes place, redirectType otherwise
+
+  // Note that unsafe methods should not follow the redirect automatically
+  // Of the methods below, DELETE, POST and PUT are unsafe
+
+  sRedirectPromptPref = Preferences.get("network.http.prompt-temp-redirect");
+  // Following Bug 677754 we don't prompt for unsafe redirects
+
+  // same-origin variant
+  var tests = [
+    // 301: rewrite just POST
+    [301, "DELETE", "DELETE", 301, true],
+    [301, "GET", "GET", 200, false],
+    [301, "HEAD", "HEAD", 200, false],
+    [301, "POST", "GET", 200, false],
+    [301, "PUT", "PUT", 301, true],
+    [301, "PROPFIND", "PROPFIND", 200, false],
+    // 302: see 301
+    [302, "DELETE", "DELETE", 302, true],
+    [302, "GET", "GET", 200, false],
+    [302, "HEAD", "HEAD", 200, false],
+    [302, "POST", "GET", 200, false],
+    [302, "PUT", "PUT", 302, true],
+    [302, "PROPFIND", "PROPFIND", 200, false],
+    // 303: rewrite to GET except HEAD
+    [303, "DELETE", "GET", 200, false],
+    [303, "GET", "GET", 200, false],
+    [303, "HEAD", "HEAD", 200, false],
+    [303, "POST", "GET", 200, false],
+    [303, "PUT", "GET", 200, false],
+    [303, "PROPFIND", "GET", 200, false],
+    // 307: never rewrite
+    [307, "DELETE", "DELETE", 307, true],
+    [307, "GET", "GET", 200, false],
+    [307, "HEAD", "HEAD", 200, false],
+    [307, "POST", "POST", 307, true],
+    [307, "PUT", "PUT", 307, true],
+    [307, "PROPFIND", "PROPFIND", 200, false],
+    // 308: never rewrite
+    [308, "DELETE", "DELETE", 308, true],
+    [308, "GET", "GET", 200, false],
+    [308, "HEAD", "HEAD", 200, false],
+    [308, "POST", "POST", 308, true],
+    [308, "PUT", "PUT", 308, true],
+    [308, "PROPFIND", "PROPFIND", 200, false],
+  ];
+
+  // cross-origin variant
+  var othertests = tests; // for now these have identical results
+
+  var xhr;
+
+  for (let i = 0; i < tests.length; ++i) {
+    dump("Testing " + tests[i] + "\n");
+    xhr = createXHR(
+      false,
+      tests[i][1],
+      "/bug" + BUGID + "-redirect" + tests[i][0]
+    );
+    xhr.send(null);
+    checkResults(xhr, tests[i][2], tests[i][3], tests[i][4]);
+  }
+
+  for (let i = 0; i < othertests.length; ++i) {
+    dump("Testing " + othertests[i] + " (cross-origin)\n");
+    xhr = createXHR(
+      false,
+      othertests[i][1],
+      "/bug" + OTHERBUGID + "-redirect" + othertests[i][0]
+    );
+    xhr.send(null);
+    checkResults(xhr, othertests[i][2], tests[i][3], tests[i][4]);
+  }
+
+  sSame.stop(do_test_finished);
+  sOther.stop(do_test_finished);
+}
+
+function redirect(metadata, response, status, port, bugid) {
+  // set a proper reason string to avoid confusion when looking at the
+  // HTTP messages
+  var reason;
+  if (status == 301) {
+    reason = "Moved Permanently";
+  } else if (status == 302) {
+    reason = "Found";
+  } else if (status == 303) {
+    reason = "See Other";
+  } else if (status == 307) {
+    reason = "Temporary Redirect";
+  } else if (status == 308) {
+    reason = "Permanent Redirect";
+  }
+
+  response.setStatusLine(metadata.httpVersion, status, reason);
+  response.setHeader(
+    "Location",
+    "http://localhost:" + port + "/bug" + bugid + "-target"
+  );
+}
+
+// PATH HANDLER FOR /bug676059-redirect301
+function bug676059redirect301(metadata, response) {
+  redirect(metadata, response, 301, pSame, BUGID);
+}
+
+// PATH HANDLER FOR /bug696849-redirect301
+function bug696849redirect301(metadata, response) {
+  redirect(metadata, response, 301, pOther, OTHERBUGID);
+}
+
+// PATH HANDLER FOR /bug676059-redirect302
+function bug676059redirect302(metadata, response) {
+  redirect(metadata, response, 302, pSame, BUGID);
+}
+
+// PATH HANDLER FOR /bug696849-redirect302
+function bug696849redirect302(metadata, response) {
+  redirect(metadata, response, 302, pOther, OTHERBUGID);
+}
+
+// PATH HANDLER FOR /bug676059-redirect303
+function bug676059redirect303(metadata, response) {
+  redirect(metadata, response, 303, pSame, BUGID);
+}
+
+// PATH HANDLER FOR /bug696849-redirect303
+function bug696849redirect303(metadata, response) {
+  redirect(metadata, response, 303, pOther, OTHERBUGID);
+}
+
+// PATH HANDLER FOR /bug676059-redirect307
+function bug676059redirect307(metadata, response) {
+  redirect(metadata, response, 307, pSame, BUGID);
+}
+
+// PATH HANDLER FOR /bug676059-redirect308
+function bug676059redirect308(metadata, response) {
+  redirect(metadata, response, 308, pSame, BUGID);
+}
+
+// PATH HANDLER FOR /bug696849-redirect307
+function bug696849redirect307(metadata, response) {
+  redirect(metadata, response, 307, pOther, OTHERBUGID);
+}
+
+// PATH HANDLER FOR /bug696849-redirect308
+function bug696849redirect308(metadata, response) {
+  redirect(metadata, response, 308, pOther, OTHERBUGID);
+}
+
+// Echo the request method in "X-Received-Method" header field
+function echoMethod(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("X-Received-Method", metadata.method);
+}
diff --git a/netwerk/test/unit/test_about_networking.js b/netwerk/test/unit/test_about_networking.js
new file mode 100644
index 0000000000..2cbae65058
--- /dev/null
+++ b/netwerk/test/unit/test_about_networking.js
@@ -0,0 +1,120 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const gDashboard = Cc["@mozilla.org/network/dashboard;1"].getService(
+  Ci.nsIDashboard
+);
+
+const gServerSocket = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+  Ci.nsIServerSocket
+);
+const gHttpServer = new HttpServer();
+
+add_test(function test_http() {
+  gDashboard.requestHttpConnections(function (data) {
+    let found = false;
+    for (let i = 0; i < data.connections.length; i++) {
+      if (data.connections[i].host == "localhost") {
+        found = true;
+        break;
+      }
+    }
+    Assert.equal(found, true);
+
+    run_next_test();
+  });
+});
+
+add_test(function test_dns() {
+  gDashboard.requestDNSInfo(function (data) {
+    let found = false;
+    for (let i = 0; i < data.entries.length; i++) {
+      if (data.entries[i].hostname == "localhost") {
+        found = true;
+        break;
+      }
+    }
+    Assert.equal(found, true);
+
+    do_test_pending();
+    gHttpServer.stop(do_test_finished);
+
+    run_next_test();
+  });
+});
+
+add_test(function test_sockets() {
+  // TODO: enable this test in bug 1581892.
+  if (mozinfo.socketprocess_networking) {
+    info("skip test_sockets");
+    run_next_test();
+    return;
+  }
+
+  let sts = Cc["@mozilla.org/network/socket-transport-service;1"].getService(
+    Ci.nsISocketTransportService
+  );
+  let threadManager = Cc["@mozilla.org/thread-manager;1"].getService();
+
+  let transport = sts.createTransport(
+    [],
+    "127.0.0.1",
+    gServerSocket.port,
+    null,
+    null
+  );
+  let listener = {
+    onTransportStatus(aTransport, aStatus, aProgress, aProgressMax) {
+      if (aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        gDashboard.requestSockets(function (data) {
+          gServerSocket.close();
+          let found = false;
+          for (let i = 0; i < data.sockets.length; i++) {
+            if (data.sockets[i].host == "127.0.0.1") {
+              found = true;
+              break;
+            }
+          }
+          Assert.equal(found, true);
+
+          run_next_test();
+        });
+      }
+    },
+  };
+  transport.setEventSink(listener, threadManager.currentThread);
+
+  transport.openOutputStream(Ci.nsITransport.OPEN_BLOCKING, 0, 0);
+});
+
+function run_test() {
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // We always resolve localhost as it's hardcoded without the following pref:
+  Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+
+  gHttpServer.start(-1);
+
+  let uri = Services.io.newURI(
+    "http://localhost:" + gHttpServer.identity.primaryPort
+  );
+  let channel = NetUtil.newChannel({ uri, loadUsingSystemPrincipal: true });
+
+  channel.open();
+
+  gServerSocket.init(-1, true, -1);
+  Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_about_protocol.js b/netwerk/test/unit/test_about_protocol.js
new file mode 100644
index 0000000000..7fc6d63c1e
--- /dev/null
+++ b/netwerk/test/unit/test_about_protocol.js
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var unsafeAboutModule = {
+  QueryInterface: ChromeUtils.generateQI(["nsIAboutModule"]),
+  newChannel(aURI, aLoadInfo) {
+    var uri = Services.io.newURI("about:blank");
+    let chan = Services.io.newChannelFromURIWithLoadInfo(uri, aLoadInfo);
+    chan.owner = Services.scriptSecurityManager.getSystemPrincipal();
+    return chan;
+  },
+  getURIFlags(aURI) {
+    return Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT;
+  },
+};
+
+var factory = {
+  createInstance(aIID) {
+    return unsafeAboutModule.QueryInterface(aIID);
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIFactory"]),
+};
+
+function run_test() {
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  let classID = Services.uuid.generateUUID();
+  registrar.registerFactory(
+    classID,
+    "",
+    "@mozilla.org/network/protocol/about;1?what=unsafe",
+    factory
+  );
+
+  let aboutUnsafeChan = NetUtil.newChannel({
+    uri: "about:unsafe",
+    loadUsingSystemPrincipal: true,
+  });
+
+  Assert.equal(
+    null,
+    aboutUnsafeChan.owner,
+    "URI_SAFE_FOR_UNTRUSTED_CONTENT channel has no owner"
+  );
+
+  registrar.unregisterFactory(classID, factory);
+}
diff --git a/netwerk/test/unit/test_aboutblank.js b/netwerk/test/unit/test_aboutblank.js
new file mode 100644
index 0000000000..2d5c92f095
--- /dev/null
+++ b/netwerk/test/unit/test_aboutblank.js
@@ -0,0 +1,32 @@
+"use strict";
+
+function run_test() {
+  var base = NetUtil.newURI("http://www.example.com");
+  var about1 = NetUtil.newURI("about:blank");
+  var about2 = NetUtil.newURI("about:blank", null, base);
+
+  var chan1 = NetUtil.newChannel({
+    uri: about1,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIPropertyBag2);
+
+  var chan2 = NetUtil.newChannel({
+    uri: about2,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIPropertyBag2);
+
+  var haveProp = false;
+  var propVal = null;
+  try {
+    propVal = chan1.getPropertyAsInterface("baseURI", Ci.nsIURI);
+    haveProp = true;
+  } catch (e) {
+    if (e.result != Cr.NS_ERROR_NOT_AVAILABLE) {
+      throw e;
+    }
+    // Property shouldn't be there.
+  }
+  Assert.equal(propVal, null);
+  Assert.equal(haveProp, false);
+  Assert.equal(chan2.getPropertyAsInterface("baseURI", Ci.nsIURI), base);
+}
diff --git a/netwerk/test/unit/test_addr_in_use_error.js b/netwerk/test/unit/test_addr_in_use_error.js
new file mode 100644
index 0000000000..d25860e896
--- /dev/null
+++ b/netwerk/test/unit/test_addr_in_use_error.js
@@ -0,0 +1,36 @@
+// Opening a second listening socket on the same address as an extant
+// socket should elicit NS_ERROR_SOCKET_ADDRESS_IN_USE on non-Windows
+// machines.
+
+"use strict";
+
+var CC = Components.Constructor;
+
+const ServerSocket = CC(
+  "@mozilla.org/network/server-socket;1",
+  "nsIServerSocket",
+  "init"
+);
+
+function testAddrInUse() {
+  // Windows lets us have as many sockets listening on the same address as
+  // we like, evidently.
+  if (mozinfo.os == "win") {
+    return;
+  }
+
+  // Create listening socket:
+  // any port (-1), loopback only (true), default backlog (-1)
+  let listener = ServerSocket(-1, true, -1);
+  Assert.ok(listener instanceof Ci.nsIServerSocket);
+
+  // Try to create another listening socket on the same port, whatever that was.
+  do_check_throws_nsIException(
+    () => ServerSocket(listener.port, true, -1),
+    "NS_ERROR_SOCKET_ADDRESS_IN_USE"
+  );
+}
+
+function run_test() {
+  testAddrInUse();
+}
diff --git a/netwerk/test/unit/test_alt-data_closeWithStatus.js b/netwerk/test/unit/test_alt-data_closeWithStatus.js
new file mode 100644
index 0000000000..df81419cc2
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_closeWithStatus.js
@@ -0,0 +1,184 @@
+/**
+ * Test for the "alternative data stream" - closing the stream with an error.
+ *
+ * - we load a URL with preference for an alt data (check what we get is the raw data,
+ *   since there was nothing previously cached)
+ * - we store something in alt data (using the asyncWait method)
+ * - then we abort the operation calling closeWithStatus()
+ * - we flush the HTTP cache
+ * - we reload the same URL using a new channel, again prefering the alt data be loaded
+ * - again we receive the data from the server.
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+// needs to be rooted
+var cacheFlushObserver = (cacheFlushObserver = {
+  observe() {
+    cacheFlushObserver = null;
+    readServerContentAgain();
+  },
+});
+
+var currentThread = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+const responseContent = "response body";
+const responseContent2 = "response body 2";
+const altContent = "!@#$%^&*()";
+const altContentType = "text/binary";
+
+var shouldPassRevalidation = true;
+
+var cache_storage = null;
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "no-cache");
+  response.setHeader("ETag", "test-etag1");
+
+  let etag;
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {
+    etag = "";
+  }
+
+  if (etag == "test-etag1" && shouldPassRevalidation) {
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+  } else {
+    var content = shouldPassRevalidation ? responseContent : responseContent2;
+    response.bodyOutputStream.write(content, content.length);
+  }
+}
+
+function check_has_alt_data_in_index(aHasAltData, callback) {
+  if (inChildProcess()) {
+    callback();
+    return;
+  }
+
+  syncWithCacheIOThread(() => {
+    var hasAltData = {};
+    cache_storage.getCacheIndexEntryAttrs(createURI(URL), "", hasAltData, {});
+    Assert.equal(hasAltData.value, aHasAltData);
+    callback();
+  }, true);
+}
+
+function run_test() {
+  do_get_profile();
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+  do_test_pending();
+
+  if (!inChildProcess()) {
+    cache_storage = getCacheStorage("disk");
+    wait_for_cache_index(asyncOpen);
+  } else {
+    asyncOpen();
+  }
+}
+
+function asyncOpen() {
+  var chan = make_channel(URL);
+
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(new ChannelListener(readServerContent, null));
+}
+
+function readServerContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+  check_has_alt_data_in_index(false, () => {
+    if (!inChildProcess()) {
+      currentThread = Services.tm.currentThread;
+    }
+
+    executeSoon(() => {
+      var os = cc.openAlternativeOutputStream(
+        altContentType,
+        altContent.length
+      );
+
+      var aos = os.QueryInterface(Ci.nsIAsyncOutputStream);
+      aos.asyncWait(
+        _ => {
+          os.write(altContent, altContent.length);
+          aos.closeWithStatus(Cr.NS_ERROR_FAILURE);
+          executeSoon(flushAndReadServerContentAgain);
+        },
+        0,
+        0,
+        currentThread
+      );
+    });
+  });
+}
+
+function flushAndReadServerContentAgain() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  gc();
+  if (!inChildProcess()) {
+    Services.cache2
+      .QueryInterface(Ci.nsICacheTesting)
+      .flush(cacheFlushObserver);
+  } else {
+    do_send_remote_message("flush");
+    do_await_remote_message("flushed").then(() => {
+      readServerContentAgain();
+    });
+  }
+}
+
+function readServerContentAgain() {
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    "dummy1",
+    "text/javascript",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+  cc.preferAlternativeDataType(
+    altContentType,
+    "text/plain",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+  cc.preferAlternativeDataType("dummy2", "", Ci.nsICacheInfoChannel.ASYNC);
+
+  chan.asyncOpen(new ChannelListener(readServerContentAgainCB, null));
+}
+
+function readServerContentAgainCB(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+  check_has_alt_data_in_index(false, () => httpServer.stop(do_test_finished));
+}
diff --git a/netwerk/test/unit/test_alt-data_cross_process.js b/netwerk/test/unit/test_alt-data_cross_process.js
new file mode 100644
index 0000000000..e46120f312
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_cross_process.js
@@ -0,0 +1,153 @@
+/**
+ * Test for the "alternative data stream" stored withing a cache entry.
+ *
+ * - we load a URL with preference for an alt data (check what we get is the raw data,
+ *   since there was nothing previously cached)
+ * - we store the alt data along the channel (to the cache entry)
+ * - we flush the HTTP cache
+ * - we reload the same URL using a new channel, again prefering the alt data be loaded
+ * - this time the alt data must arive
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+const responseContent = "response body";
+const responseContent2 = "response body 2";
+const altContent = "!@#$%^&*()";
+const altContentType = "text/binary";
+
+var servedNotModified = false;
+var shouldPassRevalidation = true;
+
+var cache_storage = null;
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "no-cache");
+  response.setHeader("ETag", "test-etag1");
+
+  let etag;
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {
+    etag = "";
+  }
+
+  if (etag == "test-etag1" && shouldPassRevalidation) {
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+    servedNotModified = true;
+  } else {
+    var content = shouldPassRevalidation ? responseContent : responseContent2;
+    response.bodyOutputStream.write(content, content.length);
+  }
+}
+
+function check_has_alt_data_in_index(aHasAltData, callback) {
+  if (inChildProcess()) {
+    callback();
+    return;
+  }
+
+  syncWithCacheIOThread(() => {
+    var hasAltData = {};
+    cache_storage.getCacheIndexEntryAttrs(createURI(URL), "", hasAltData, {});
+    Assert.equal(hasAltData.value, aHasAltData);
+    callback();
+  }, true);
+}
+
+// This file is loaded as part of test_alt-data_cross_process_wrap.js.
+// eslint-disable-next-line no-unused-vars
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+  do_test_pending();
+
+  asyncOpen();
+}
+
+function asyncOpen() {
+  var chan = make_channel(URL);
+
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(new ChannelListener(readServerContent, null));
+}
+
+function readServerContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+  check_has_alt_data_in_index(false, () => {
+    executeSoon(() => {
+      var os = cc.openAlternativeOutputStream(
+        altContentType,
+        altContent.length
+      );
+      os.write(altContent, altContent.length);
+      os.close();
+
+      executeSoon(flushAndOpenAltChannel);
+    });
+  });
+}
+
+function flushAndOpenAltChannel() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  gc();
+  do_send_remote_message("flush");
+  do_await_remote_message("flushed").then(() => {
+    openAltChannel();
+  });
+}
+
+function openAltChannel() {
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(new ChannelListener(readAltContent, null));
+}
+
+function readAltContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(servedNotModified, true);
+  Assert.equal(cc.alternativeDataType, altContentType);
+  Assert.equal(buffer, altContent);
+
+  // FINISH
+  do_send_remote_message("done");
+  do_await_remote_message("finish").then(() => {
+    httpServer.stop(do_test_finished);
+  });
+}
diff --git a/netwerk/test/unit/test_alt-data_overwrite.js b/netwerk/test/unit/test_alt-data_overwrite.js
new file mode 100644
index 0000000000..3a3c1964d2
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_overwrite.js
@@ -0,0 +1,209 @@
+/**
+ * Test for overwriting the alternative data in a cache entry.
+ *
+ * - run_test loads a new channel
+ * - readServerContent checks the content, and saves alt-data
+ * - cacheFlushObserver creates a new channel with "text/binary" alt-data type
+ * - readAltContent checks that it gets back alt-data and creates a channel with the dummy/null alt-data type
+ * - readServerContent2 checks that it gets regular content, from the cache and tries to overwrite the alt-data with the same representation
+ * - cacheFlushObserver2 creates a new channel with "text/binary" alt-data type
+ * - readAltContent2 checks that it gets back alt-data, and tries to overwrite with a kind of alt-data
+ * - cacheFlushObserver3 creates a new channel with "text/binary2" alt-data type
+ * - readAltContent3 checks that it gets back the newly saved alt-data
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+let httpServer = null;
+
+function make_and_open_channel(url, altContentType, callback) {
+  let chan = NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+  if (altContentType) {
+    let cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+    cc.preferAlternativeDataType(
+      altContentType,
+      "",
+      Ci.nsICacheInfoChannel.ASYNC
+    );
+  }
+  chan.asyncOpen(new ChannelListener(callback, null));
+}
+
+const responseContent = "response body";
+const altContent = "!@#$%^&*()";
+const altContentType = "text/binary";
+const altContent2 = "abc";
+const altContentType2 = "text/binary2";
+
+let servedNotModified = false;
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "no-cache");
+  response.setHeader("ETag", "test-etag1");
+  let etag = "";
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {
+    etag = "";
+  }
+
+  if (etag == "test-etag1") {
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+    servedNotModified = true;
+  } else {
+    servedNotModified = false;
+    response.bodyOutputStream.write(responseContent, responseContent.length);
+  }
+}
+
+function run_test() {
+  do_get_profile();
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  do_test_pending();
+  make_and_open_channel(URL, altContentType, readServerContent);
+}
+
+function readServerContent(request, buffer) {
+  let cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+
+  executeSoon(() => {
+    let os = cc.openAlternativeOutputStream(altContentType, altContent.length);
+    os.write(altContent, altContent.length);
+    os.close();
+
+    executeSoon(flushAndOpenAltChannel);
+  });
+}
+
+function flushAndOpenAltChannel() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  Cu.forceShrinkingGC();
+  Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(cacheFlushObserver);
+}
+
+// needs to be rooted
+let cacheFlushObserver = {
+  observe() {
+    if (!cacheFlushObserver) {
+      info("ignoring cacheFlushObserver\n");
+      return;
+    }
+    cacheFlushObserver = null;
+    Cu.forceShrinkingGC();
+    make_and_open_channel(URL, altContentType, readAltContent);
+  },
+};
+
+function readAltContent(request, buffer, closure, fromCache) {
+  Cu.forceShrinkingGC();
+  let cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(fromCache || servedNotModified, true);
+  Assert.equal(cc.alternativeDataType, altContentType);
+  Assert.equal(buffer, altContent);
+
+  make_and_open_channel(URL, "dummy/null", readServerContent2);
+}
+
+function readServerContent2(request, buffer, closure, fromCache) {
+  Cu.forceShrinkingGC();
+  let cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(fromCache || servedNotModified, true);
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+
+  executeSoon(() => {
+    let os = cc.openAlternativeOutputStream(altContentType, altContent.length);
+    os.write(altContent, altContent.length);
+    os.close();
+
+    executeSoon(flushAndOpenAltChannel2);
+  });
+}
+
+function flushAndOpenAltChannel2() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  Cu.forceShrinkingGC();
+  Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(cacheFlushObserver2);
+}
+
+// needs to be rooted
+let cacheFlushObserver2 = {
+  observe() {
+    if (!cacheFlushObserver2) {
+      info("ignoring cacheFlushObserver2\n");
+      return;
+    }
+    cacheFlushObserver2 = null;
+    Cu.forceShrinkingGC();
+    make_and_open_channel(URL, altContentType, readAltContent2);
+  },
+};
+
+function readAltContent2(request, buffer, closure, fromCache) {
+  Cu.forceShrinkingGC();
+  let cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(servedNotModified || fromCache, true);
+  Assert.equal(cc.alternativeDataType, altContentType);
+  Assert.equal(buffer, altContent);
+
+  executeSoon(() => {
+    Cu.forceShrinkingGC();
+    info("writing other content\n");
+    let os = cc.openAlternativeOutputStream(
+      altContentType2,
+      altContent2.length
+    );
+    os.write(altContent2, altContent2.length);
+    os.close();
+
+    executeSoon(flushAndOpenAltChannel3);
+  });
+}
+
+function flushAndOpenAltChannel3() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  Cu.forceShrinkingGC();
+  Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(cacheFlushObserver3);
+}
+
+// needs to be rooted
+let cacheFlushObserver3 = {
+  observe() {
+    if (!cacheFlushObserver3) {
+      info("ignoring cacheFlushObserver3\n");
+      return;
+    }
+
+    cacheFlushObserver3 = null;
+    Cu.forceShrinkingGC();
+    make_and_open_channel(URL, altContentType2, readAltContent3);
+  },
+};
+
+function readAltContent3(request, buffer, closure, fromCache) {
+  let cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(servedNotModified || fromCache, true);
+  Assert.equal(cc.alternativeDataType, altContentType2);
+  Assert.equal(buffer, altContent2);
+
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_alt-data_simple.js b/netwerk/test/unit/test_alt-data_simple.js
new file mode 100644
index 0000000000..d648884e7a
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_simple.js
@@ -0,0 +1,212 @@
+/**
+ * Test for the "alternative data stream" stored withing a cache entry.
+ *
+ * - we load a URL with preference for an alt data (check what we get is the raw data,
+ *   since there was nothing previously cached)
+ * - we store the alt data along the channel (to the cache entry)
+ * - we flush the HTTP cache
+ * - we reload the same URL using a new channel, again prefering the alt data be loaded
+ * - this time the alt data must arive
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+const responseContent = "response body";
+const responseContent2 = "response body 2";
+const altContent = "!@#$%^&*()";
+const altContentType = "text/binary";
+
+var servedNotModified = false;
+var shouldPassRevalidation = true;
+
+var cache_storage = null;
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "no-cache");
+  response.setHeader("ETag", "test-etag1");
+
+  let etag;
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {
+    etag = "";
+  }
+
+  if (etag == "test-etag1" && shouldPassRevalidation) {
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+    servedNotModified = true;
+  } else {
+    var content = shouldPassRevalidation ? responseContent : responseContent2;
+    response.bodyOutputStream.write(content, content.length);
+  }
+}
+
+function check_has_alt_data_in_index(aHasAltData, callback) {
+  if (inChildProcess()) {
+    callback();
+    return;
+  }
+
+  syncWithCacheIOThread(() => {
+    var hasAltData = {};
+    cache_storage.getCacheIndexEntryAttrs(createURI(URL), "", hasAltData, {});
+    Assert.equal(hasAltData.value, aHasAltData);
+    callback();
+  }, true);
+}
+
+function run_test() {
+  do_get_profile();
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+  do_test_pending();
+
+  if (!inChildProcess()) {
+    cache_storage = getCacheStorage("disk");
+    wait_for_cache_index(asyncOpen);
+  } else {
+    asyncOpen();
+  }
+}
+
+function asyncOpen() {
+  var chan = make_channel(URL);
+
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(new ChannelListener(readServerContent, null));
+}
+
+function readServerContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+  check_has_alt_data_in_index(false, () => {
+    executeSoon(() => {
+      var os = cc.openAlternativeOutputStream(
+        altContentType,
+        altContent.length
+      );
+      os.write(altContent, altContent.length);
+      os.close();
+
+      executeSoon(flushAndOpenAltChannel);
+    });
+  });
+}
+
+// needs to be rooted
+var cacheFlushObserver = (cacheFlushObserver = {
+  observe() {
+    cacheFlushObserver = null;
+    openAltChannel();
+  },
+});
+
+function flushAndOpenAltChannel() {
+  // We need to do a GC pass to ensure the cache entry has been freed.
+  gc();
+  if (!inChildProcess()) {
+    Services.cache2
+      .QueryInterface(Ci.nsICacheTesting)
+      .flush(cacheFlushObserver);
+  } else {
+    do_send_remote_message("flush");
+    do_await_remote_message("flushed").then(() => {
+      openAltChannel();
+    });
+  }
+}
+
+function openAltChannel() {
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    "dummy1",
+    "text/javascript",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+  cc.preferAlternativeDataType(
+    altContentType,
+    "text/plain",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+  cc.preferAlternativeDataType("dummy2", "", Ci.nsICacheInfoChannel.ASYNC);
+
+  chan.asyncOpen(new ChannelListener(readAltContent, null));
+}
+
+function readAltContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(servedNotModified, true);
+  Assert.equal(cc.alternativeDataType, altContentType);
+  Assert.equal(buffer, altContent);
+  check_has_alt_data_in_index(true, () => {
+    cc.getOriginalInputStream({
+      onInputStreamReady(aInputStream) {
+        executeSoon(() => readOriginalInputStream(aInputStream));
+      },
+    });
+  });
+}
+
+function readOriginalInputStream(aInputStream) {
+  // We expect the async stream length to match the expected content.
+  // If the test times out, it's probably because of this.
+  try {
+    let originalData = read_stream(aInputStream, responseContent.length);
+    Assert.equal(originalData, responseContent);
+    requestAgain();
+  } catch (e) {
+    equal(e.result, Cr.NS_BASE_STREAM_WOULD_BLOCK);
+    executeSoon(() => readOriginalInputStream(aInputStream));
+  }
+}
+
+function requestAgain() {
+  shouldPassRevalidation = false;
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+  chan.asyncOpen(new ChannelListener(readEmptyAltContent, null));
+}
+
+function readEmptyAltContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  // the cache is overwrite and the alt-data is reset
+  Assert.equal(cc.alternativeDataType, "");
+  Assert.equal(buffer, responseContent2);
+  check_has_alt_data_in_index(false, () => httpServer.stop(do_test_finished));
+}
diff --git a/netwerk/test/unit/test_alt-data_stream.js b/netwerk/test/unit/test_alt-data_stream.js
new file mode 100644
index 0000000000..9b6bfd050a
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_stream.js
@@ -0,0 +1,163 @@
+/**
+ * Test for the "alternative data stream" stored withing a cache entry.
+ *
+ * - we load a URL with preference for an alt data (check what we get is the raw data,
+ *   since there was nothing previously cached)
+ * - we write a big chunk of alt-data to the output stream
+ * - we load the URL again, expecting to get alt-data
+ * - we check that the alt-data is streamed. We should get the first chunk, then
+ *   the rest of the alt-data is written, and we check that it is received in
+ *   the proper order.
+ *
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+function make_channel(url) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const responseContent = "response body";
+// We need a large content in order to make sure that the IPDL stream is cut
+// into several different chunks.
+// We fill each chunk with a different character for easy debugging.
+const altContent =
+  "a".repeat(128 * 1024) +
+  "b".repeat(128 * 1024) +
+  "c".repeat(128 * 1024) +
+  "d".repeat(128 * 1024) +
+  "e".repeat(128 * 1024) +
+  "f".repeat(128 * 1024) +
+  "g".repeat(128 * 1024) +
+  "h".repeat(128 * 1024) +
+  "i".repeat(13); // Just so the chunk size doesn't match exactly.
+
+const firstChunkSize = Math.floor(altContent.length / 4);
+const altContentType = "text/binary";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "max-age=86400");
+
+  response.bodyOutputStream.write(responseContent, responseContent.length);
+}
+
+function run_test() {
+  do_get_profile();
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  var chan = make_channel(URL);
+
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(new ChannelListener(readServerContent, null));
+  do_test_pending();
+}
+
+// Output stream used to write alt-data to the cache entry.
+var os;
+
+function readServerContent(request, buffer) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(buffer, responseContent);
+  Assert.equal(cc.alternativeDataType, "");
+
+  executeSoon(() => {
+    os = cc.openAlternativeOutputStream(altContentType, altContent.length);
+    // Write a quarter of the alt data content
+    os.write(altContent, firstChunkSize);
+
+    executeSoon(openAltChannel);
+  });
+}
+
+function openAltChannel() {
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.ASYNC
+  );
+
+  chan.asyncOpen(altDataListener);
+}
+
+var altDataListener = {
+  buffer: "",
+  onStartRequest(request) {},
+  onDataAvailable(request, stream, offset, count) {
+    let string = NetUtil.readInputStreamToString(stream, count);
+    this.buffer += string;
+
+    // XXX: this condition might be a bit volatile. If this test times out,
+    // it probably means that for some reason, the listener didn't get all the
+    // data in the first chunk.
+    if (this.buffer.length == firstChunkSize) {
+      // write the rest of the content
+      os.write(
+        altContent.substring(firstChunkSize, altContent.length),
+        altContent.length - firstChunkSize
+      );
+      os.close();
+    }
+  },
+  onStopRequest(request, status) {
+    var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+    Assert.equal(cc.alternativeDataType, altContentType);
+    Assert.equal(this.buffer.length, altContent.length);
+    Assert.equal(this.buffer, altContent);
+    openAltChannelWithOriginalContent();
+  },
+};
+
+function openAltChannelWithOriginalContent() {
+  var chan = make_channel(URL);
+  var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+  cc.preferAlternativeDataType(
+    altContentType,
+    "",
+    Ci.nsICacheInfoChannel.SERIALIZE
+  );
+
+  chan.asyncOpen(originalListener);
+}
+
+var originalListener = {
+  buffer: "",
+  onStartRequest(request) {},
+  onDataAvailable(request, stream, offset, count) {
+    let string = NetUtil.readInputStreamToString(stream, count);
+    this.buffer += string;
+  },
+  onStopRequest(request, status) {
+    var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+    Assert.equal(cc.alternativeDataType, altContentType);
+    Assert.equal(this.buffer.length, responseContent.length);
+    Assert.equal(this.buffer, responseContent);
+    testAltDataStream(cc);
+  },
+};
+
+function testAltDataStream(cc) {
+  Assert.ok(!!cc.alternativeDataInputStream);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_alt-data_too_big.js b/netwerk/test/unit/test_alt-data_too_big.js
new file mode 100644
index 0000000000..fc9ca337fa
--- /dev/null
+++ b/netwerk/test/unit/test_alt-data_too_big.js
@@ -0,0 +1,113 @@
+/**
+ * Test for handling too big alternative data
+ *
+ *  - first we try to open an output stream for too big alt-data which must fail
+ *    and leave original data intact
+ *
+ *  - then we open the output stream without passing predicted data size which
+ *    succeeds but writing must fail later at the size limit and the original
+ *    data must be kept
+ */
+
+"use strict";
+
+var data = "data    ";
+var altData = "alt-data";
+
+function run_test() {
+  do_get_profile();
+
+  // Expand both data to 1MB
+  for (let i = 0; i < 17; i++) {
+    data += data;
+    altData += altData;
+  }
+
+  // Set the limit so that the data fits but alt-data doesn't.
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1800);
+
+  write_data();
+
+  do_test_pending();
+}
+
+function write_data() {
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    function (status, entry) {
+      Assert.equal(status, Cr.NS_OK);
+
+      var os = entry.openOutputStream(0, -1);
+      var written = os.write(data, data.length);
+      Assert.equal(written, data.length);
+      os.close();
+
+      open_big_altdata_output(entry);
+    }
+  );
+}
+
+function open_big_altdata_output(entry) {
+  try {
+    entry.openAlternativeOutputStream("text/binary", altData.length);
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_FILE_TOO_BIG);
+  }
+  entry.close();
+
+  check_entry(write_big_altdata);
+}
+
+function write_big_altdata() {
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    function (status, entry) {
+      Assert.equal(status, Cr.NS_OK);
+
+      var os = entry.openAlternativeOutputStream("text/binary", -1);
+      try {
+        os.write(altData, altData.length);
+      } catch (e) {
+        Assert.equal(e.result, Cr.NS_ERROR_FILE_TOO_BIG);
+      }
+      os.close();
+      entry.close();
+
+      check_entry(do_test_finished);
+    }
+  );
+}
+
+function check_entry(cb) {
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    function (status, entry) {
+      Assert.equal(status, Cr.NS_OK);
+
+      var is = null;
+      try {
+        is = entry.openAlternativeInputStream("text/binary");
+      } catch (e) {
+        Assert.equal(e.result, Cr.NS_ERROR_NOT_AVAILABLE);
+      }
+
+      is = entry.openInputStream(0);
+      pumpReadStream(is, function (read) {
+        Assert.equal(read.length, data.length);
+        is.close();
+        entry.close();
+
+        executeSoon(cb);
+      });
+    }
+  );
+}
diff --git a/netwerk/test/unit/test_altsvc.js b/netwerk/test/unit/test_altsvc.js
new file mode 100644
index 0000000000..ea9ac3ade0
--- /dev/null
+++ b/netwerk/test/unit/test_altsvc.js
@@ -0,0 +1,597 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var h2Port;
+var prefs;
+var http2pref;
+var altsvcpref1;
+var altsvcpref2;
+
+// https://foo.example.com:(h2Port)
+// https://bar.example.com:(h2Port) <- invalid for bar, but ok for foo
+var h1Foo; // server http://foo.example.com:(h1Foo.identity.primaryPort)
+var h1Bar; // server http://bar.example.com:(h1bar.identity.primaryPort)
+
+var otherServer; // server socket listening for other connection.
+
+var h2FooRoute; // foo.example.com:H2PORT
+var h2BarRoute; // bar.example.com:H2PORT
+var h2Route; // :H2PORT
+var httpFooOrigin; // http://foo.exmaple.com:PORT/
+var httpsFooOrigin; // https://foo.exmaple.com:PORT/
+var httpBarOrigin; // http://bar.example.com:PORT/
+var httpsBarOrigin; // https://bar.example.com:PORT/
+
+function run_test() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+  prefs = Services.prefs;
+
+  http2pref = prefs.getBoolPref("network.http.http2.enabled");
+  altsvcpref1 = prefs.getBoolPref("network.http.altsvc.enabled");
+  altsvcpref2 = prefs.getBoolPref("network.http.altsvc.oe", true);
+
+  prefs.setBoolPref("network.http.http2.enabled", true);
+  prefs.setBoolPref("network.http.altsvc.enabled", true);
+  prefs.setBoolPref("network.http.altsvc.oe", true);
+  prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert. The same cert is used
+  // for both h2FooRoute and h2BarRoute though it is only valid for
+  // the foo.example.com domain name.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  h1Foo = new HttpServer();
+  h1Foo.registerPathHandler("/altsvc-test", h1Server);
+  h1Foo.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK);
+  h1Foo.start(-1);
+  h1Foo.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    h1Foo.identity.primaryPort
+  );
+
+  h1Bar = new HttpServer();
+  h1Bar.registerPathHandler("/altsvc-test", h1Server);
+  h1Bar.start(-1);
+  h1Bar.identity.setPrimary(
+    "http",
+    "bar.example.com",
+    h1Bar.identity.primaryPort
+  );
+
+  h2FooRoute = "foo.example.com:" + h2Port;
+  h2BarRoute = "bar.example.com:" + h2Port;
+  h2Route = ":" + h2Port;
+
+  httpFooOrigin = "http://foo.example.com:" + h1Foo.identity.primaryPort + "/";
+  httpsFooOrigin = "https://" + h2FooRoute + "/";
+  httpBarOrigin = "http://bar.example.com:" + h1Bar.identity.primaryPort + "/";
+  httpsBarOrigin = "https://" + h2BarRoute + "/";
+  dump(
+    "http foo - " +
+      httpFooOrigin +
+      "\n" +
+      "https foo - " +
+      httpsFooOrigin +
+      "\n" +
+      "http bar - " +
+      httpBarOrigin +
+      "\n" +
+      "https bar - " +
+      httpsBarOrigin +
+      "\n"
+  );
+
+  doTest1();
+}
+
+function h1Server(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  try {
+    var hval = "h2=" + metadata.getHeader("x-altsvc");
+    response.setHeader("Alt-Svc", hval, false);
+  } catch (e) {}
+
+  var body = "Q: What did 0 say to 8? A: Nice Belt!\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  var body = '["http://foo.example.com:' + h1Foo.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function resetPrefs() {
+  prefs.setBoolPref("network.http.http2.enabled", http2pref);
+  prefs.setBoolPref("network.http.altsvc.enabled", altsvcpref1);
+  prefs.setBoolPref("network.http.altsvc.oe", altsvcpref2);
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.security.ports.banned");
+}
+
+function makeChan(origin) {
+  return NetUtil.newChannel({
+    uri: origin + "altsvc-test",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var origin;
+var xaltsvc;
+var loadWithoutClearingMappings = false;
+var disallowH3 = false;
+var disallowH2 = false;
+var nextTest;
+var expectPass = true;
+var waitFor = 0;
+var originAttributes = {};
+
+var Listener = function () {};
+Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    if (expectPass) {
+      if (!Components.isSuccessCode(request.status)) {
+        do_throw(
+          "Channel should have a success code! (" + request.status + ")"
+        );
+      }
+      Assert.equal(request.responseStatus, 200);
+    } else {
+      Assert.equal(Components.isSuccessCode(request.status), false);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    var routed = "";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+    Assert.equal(Components.isSuccessCode(status), expectPass);
+
+    if (waitFor != 0) {
+      Assert.equal(routed, "");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(waitFor, doTest);
+      waitFor = 0;
+      xaltsvc = "NA";
+    } else if (xaltsvc == "NA") {
+      Assert.equal(routed, "");
+      nextTest();
+    } else if (routed == xaltsvc) {
+      Assert.equal(routed, xaltsvc); // always true, but a useful log
+      nextTest();
+    } else {
+      dump("poll later for alt svc mapping\n");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(500, doTest);
+    }
+
+    do_test_finished();
+  },
+};
+
+function testsDone() {
+  dump("testDone\n");
+  resetPrefs();
+  do_test_pending();
+  otherServer.close();
+  do_test_pending();
+  h1Foo.stop(do_test_finished);
+  do_test_pending();
+  h1Bar.stop(do_test_finished);
+}
+
+function doTest() {
+  dump("execute doTest " + origin + "\n");
+  var chan = makeChan(origin);
+  var listener = new Listener();
+  if (xaltsvc != "NA") {
+    chan.setRequestHeader("x-altsvc", xaltsvc, false);
+  }
+  if (loadWithoutClearingMappings) {
+    chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  } else {
+    chan.loadFlags =
+      Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+      Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  }
+  if (disallowH3) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowHttp3 = false;
+    disallowH3 = false;
+  }
+  if (disallowH2) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowSpdy = false;
+    disallowH2 = false;
+  }
+  loadWithoutClearingMappings = false;
+  chan.loadInfo.originAttributes = originAttributes;
+  chan.asyncOpen(listener);
+}
+
+// xaltsvc is overloaded to do two things..
+// 1] it is sent in the x-altsvc request header, and the response uses the value in the Alt-Svc response header
+// 2] the test polls until necko sets Alt-Used to that value (i.e. it uses that route)
+//
+// When xaltsvc is set to h2Route (i.e. :port with the implied hostname) it doesn't match the alt-used,
+// which is always explicit, so it needs to be changed after the channel is created but before the
+// listener is invoked
+
+// http://foo served from h2=:port
+function doTest1() {
+  dump("doTest1()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  nextTest = doTest2;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2FooRoute;
+}
+
+// http://foo served from h2=foo:port
+function doTest2() {
+  dump("doTest2()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2FooRoute;
+  nextTest = doTest3;
+  do_test_pending();
+  doTest();
+}
+
+// http://foo served from h2=bar:port
+// requires cert for foo
+function doTest3() {
+  dump("doTest3()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2BarRoute;
+  nextTest = doTest4;
+  do_test_pending();
+  doTest();
+}
+
+// https://bar should fail because host bar has cert for foo
+function doTest4() {
+  dump("doTest4()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest5;
+  do_test_pending();
+  doTest();
+}
+
+// https://foo no alt-svc (just check cert setup)
+function doTest5() {
+  dump("doTest5()\n");
+  origin = httpsFooOrigin;
+  xaltsvc = "NA";
+  expectPass = true;
+  nextTest = doTest6;
+  do_test_pending();
+  doTest();
+}
+
+// https://foo via bar (bar has cert for foo)
+function doTest6() {
+  dump("doTest6()\n");
+  origin = httpsFooOrigin;
+  xaltsvc = h2BarRoute;
+  nextTest = doTest7;
+  do_test_pending();
+  doTest();
+}
+
+// check again https://bar should fail because host bar has cert for foo
+function doTest7() {
+  dump("doTest7()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest8;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar via h2 on bar
+// should not use TLS/h2 because h2BarRoute is not auth'd for bar
+// however the test ought to PASS (i.e. get a 200) because fallback
+// to plaintext happens.. thus the timeout
+function doTest8() {
+  dump("doTest8()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2BarRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest9;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h2=:port, which is like the bar route in 8
+function doTest9() {
+  dump("doTest9()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2Route;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest10;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2BarRoute;
+}
+
+// check again https://bar should fail because host bar has cert for foo
+function doTest10() {
+  dump("doTest10()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest11;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h2=foo, should fail because host foo only has
+// cert for foo. Fail in this case means alt-svc is not used, but content
+// is served
+function doTest11() {
+  dump("doTest11()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h2FooRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest12;
+  do_test_pending();
+  doTest();
+}
+
+// Test 12-15:
+// Insert a cache of http://foo served from h2=:port with origin attributes.
+function doTest12() {
+  dump("doTest12()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  nextTest = doTest13;
+  do_test_pending();
+  doTest();
+  xaltsvc = h2FooRoute;
+}
+
+// Make sure we get a cache miss with a different userContextId.
+function doTest13() {
+  dump("doTest13()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 2,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest14;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we get a cache miss with a different firstPartyDomain.
+function doTest14() {
+  dump("doTest14()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "b.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest15;
+  do_test_pending();
+  doTest();
+}
+//
+// Make sure we get a cache hit with the same origin attributes.
+function doTest15() {
+  dump("doTest15()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest16;
+  do_test_pending();
+  doTest();
+  // This ensures a cache hit.
+  xaltsvc = h2FooRoute;
+}
+
+// Make sure we do not use H2 if it is disabled on a channel.
+function doTest16() {
+  dump("doTest16()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  disallowH2 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest17;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we use H2 if only Http3 is disabled on a channel.
+function doTest17() {
+  dump("doTest17()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h2Route;
+  disallowH3 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest18;
+  do_test_pending();
+  doTest();
+  // This should ensures a cache hit.
+  xaltsvc = h2FooRoute;
+}
+
+// Check we don't connect to blocked ports
+function doTest18() {
+  dump("doTest18()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  otherServer.init(-1, true, -1);
+  xaltsvc = "localhost:" + otherServer.port;
+  Services.prefs.setCharPref(
+    "network.security.ports.banned",
+    "" + otherServer.port
+  );
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest19;
+  do_test_pending();
+  doTest();
+}
+
+// Check we don't connect to blocked ports
+function doTest19() {
+  dump("doTest19()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const BAD_PORT_U32 = 6667 + 65536;
+  otherServer.init(BAD_PORT_U32, true, -1);
+  Assert.ok(otherServer.port == 6667, "Trying to listen on port 6667");
+  xaltsvc = "localhost:" + BAD_PORT_U32;
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest20;
+  do_test_pending();
+  doTest();
+}
+function doTest20() {
+  dump("doTest20()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const BAD_PORT_U64 = 6666 + 429496729;
+  otherServer.init(6666, true, -1);
+  Assert.ok(otherServer.port == 6666, "Trying to listen on port 6666");
+  xaltsvc = "localhost:" + BAD_PORT_U64;
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  nextTest = doTest21;
+  do_test_pending();
+  doTest();
+}
+// Port 65535 should be OK
+function doTest21() {
+  dump("doTest21()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  const GOOD_PORT = 65535;
+  otherServer.init(65535, true, -1);
+  Assert.ok(otherServer.port == 65535, "Trying to listen on port 65535");
+  xaltsvc = "localhost:" + GOOD_PORT;
+  dump("Allowed port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(true, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  do_test_pending();
+  doTest();
+}
diff --git a/netwerk/test/unit/test_altsvc_http3.js b/netwerk/test/unit/test_altsvc_http3.js
new file mode 100644
index 0000000000..c80afdf116
--- /dev/null
+++ b/netwerk/test/unit/test_altsvc_http3.js
@@ -0,0 +1,494 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var h3Port;
+
+// https://foo.example.com:(h3Port)
+// https://bar.example.com:(h3Port) <- invalid for bar, but ok for foo
+var h1Foo; // server http://foo.example.com:(h1Foo.identity.primaryPort)
+var h1Bar; // server http://bar.example.com:(h1bar.identity.primaryPort)
+
+var otherServer; // server socket listening for other connection.
+
+var h3FooRoute; // foo.example.com:H3PORT
+var h3BarRoute; // bar.example.com:H3PORT
+var h3Route; // :H3PORT
+var httpFooOrigin; // http://foo.exmaple.com:PORT/
+var httpsFooOrigin; // https://foo.exmaple.com:PORT/
+var httpBarOrigin; // http://bar.example.com:PORT/
+var httpsBarOrigin; // https://bar.example.com:PORT/
+
+function run_test() {
+  h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  // Set to allow the cert presented by our H3 server
+  do_get_profile();
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setBoolPref("network.http.altsvc.enabled", true);
+  Services.prefs.setBoolPref("network.http.altsvc.oe", true);
+  Services.prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert. The same cert is used
+  // for both h3FooRoute and h3BarRoute though it is only valid for
+  // the foo.example.com domain name.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  h1Foo = new HttpServer();
+  h1Foo.registerPathHandler("/altsvc-test", h1Server);
+  h1Foo.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK);
+  h1Foo.start(-1);
+  h1Foo.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    h1Foo.identity.primaryPort
+  );
+
+  h1Bar = new HttpServer();
+  h1Bar.registerPathHandler("/altsvc-test", h1Server);
+  h1Bar.start(-1);
+  h1Bar.identity.setPrimary(
+    "http",
+    "bar.example.com",
+    h1Bar.identity.primaryPort
+  );
+
+  h3FooRoute = "foo.example.com:" + h3Port;
+  h3BarRoute = "bar.example.com:" + h3Port;
+  h3Route = ":" + h3Port;
+
+  httpFooOrigin = "http://foo.example.com:" + h1Foo.identity.primaryPort + "/";
+  httpsFooOrigin = "https://" + h3FooRoute + "/";
+  httpBarOrigin = "http://bar.example.com:" + h1Bar.identity.primaryPort + "/";
+  httpsBarOrigin = "https://" + h3BarRoute + "/";
+  dump(
+    "http foo - " +
+      httpFooOrigin +
+      "\n" +
+      "https foo - " +
+      httpsFooOrigin +
+      "\n" +
+      "http bar - " +
+      httpBarOrigin +
+      "\n" +
+      "https bar - " +
+      httpsBarOrigin +
+      "\n"
+  );
+
+  doTest1();
+}
+
+function h1Server(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  try {
+    var hval = "h3-29=" + metadata.getHeader("x-altsvc");
+    response.setHeader("Alt-Svc", hval, false);
+  } catch (e) {}
+
+  var body = "Q: What did 0 say to 8? A: Nice Belt!\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  var body = '["http://foo.example.com:' + h1Foo.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function resetPrefs() {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.http.altsvc.enabled");
+  Services.prefs.clearUserPref("network.http.altsvc.oe");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.security.ports.banned");
+}
+
+function makeChan(origin) {
+  return NetUtil.newChannel({
+    uri: origin + "altsvc-test",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var origin;
+var xaltsvc;
+var loadWithoutClearingMappings = false;
+var disallowH3 = false;
+var disallowH2 = false;
+var testKeepAliveNotSet = false;
+var nextTest;
+var expectPass = true;
+var waitFor = 0;
+var originAttributes = {};
+
+var Listener = function () {};
+Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    if (expectPass) {
+      if (!Components.isSuccessCode(request.status)) {
+        do_throw(
+          "Channel should have a success code! (" + request.status + ")"
+        );
+      }
+      Assert.equal(request.responseStatus, 200);
+    } else {
+      Assert.equal(Components.isSuccessCode(request.status), false);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    var routed = "";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+    Assert.equal(Components.isSuccessCode(status), expectPass);
+
+    if (waitFor != 0) {
+      Assert.equal(routed, "");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(waitFor, doTest);
+      waitFor = 0;
+      xaltsvc = "NA";
+    } else if (xaltsvc == "NA") {
+      Assert.equal(routed, "");
+      nextTest();
+    } else if (routed == xaltsvc) {
+      Assert.equal(routed, xaltsvc); // always true, but a useful log
+      nextTest();
+    } else {
+      dump("poll later for alt svc mapping\n");
+      do_test_pending();
+      loadWithoutClearingMappings = true;
+      do_timeout(500, doTest);
+    }
+
+    do_test_finished();
+  },
+};
+
+function testsDone() {
+  dump("testDone\n");
+  resetPrefs();
+  do_test_pending();
+  otherServer.close();
+  do_test_pending();
+  h1Foo.stop(do_test_finished);
+  do_test_pending();
+  h1Bar.stop(do_test_finished);
+}
+
+function doTest() {
+  dump("execute doTest " + origin + "\n");
+  var chan = makeChan(origin);
+  var listener = new Listener();
+  if (xaltsvc != "NA") {
+    chan.setRequestHeader("x-altsvc", xaltsvc, false);
+  }
+  if (testKeepAliveNotSet) {
+    chan.setRequestHeader("Connection", "close", false);
+    testKeepAliveNotSet = false;
+  }
+  if (loadWithoutClearingMappings) {
+    chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  } else {
+    chan.loadFlags =
+      Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+      Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  }
+  if (disallowH3) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowHttp3 = false;
+    disallowH3 = false;
+  }
+  if (disallowH2) {
+    let internalChannel = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.allowSpdy = false;
+    disallowH2 = false;
+  }
+  loadWithoutClearingMappings = false;
+  chan.loadInfo.originAttributes = originAttributes;
+  chan.asyncOpen(listener);
+}
+
+// xaltsvc is overloaded to do two things..
+// 1] it is sent in the x-altsvc request header, and the response uses the value in the Alt-Svc response header
+// 2] the test polls until necko sets Alt-Used to that value (i.e. it uses that route)
+//
+// When xaltsvc is set to h3Route (i.e. :port with the implied hostname) it doesn't match the alt-used,
+// which is always explicit, so it needs to be changed after the channel is created but before the
+// listener is invoked
+
+// http://foo served from h3-29=:port
+function doTest1() {
+  dump("doTest1()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h3Route;
+  nextTest = doTest2;
+  do_test_pending();
+  doTest();
+  xaltsvc = h3FooRoute;
+}
+
+// http://foo served from h3-29=foo:port
+function doTest2() {
+  dump("doTest2()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h3FooRoute;
+  nextTest = doTest3;
+  do_test_pending();
+  doTest();
+}
+
+// http://foo served from h3-29=bar:port
+// requires cert for foo
+function doTest3() {
+  dump("doTest3()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h3BarRoute;
+  nextTest = doTest4;
+  do_test_pending();
+  doTest();
+}
+
+// https://bar should fail because host bar has cert for foo
+function doTest4() {
+  dump("doTest4()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest5;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar via h3 on bar
+// should not use TLS/h3 because h3BarRoute is not auth'd for bar
+// however the test ought to PASS (i.e. get a 200) because fallback
+// to plaintext happens.. thus the timeout
+function doTest5() {
+  dump("doTest5()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h3BarRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest6;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h3-29=:port, which is like the bar route in 8
+function doTest6() {
+  dump("doTest6()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h3Route;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest7;
+  do_test_pending();
+  doTest();
+  xaltsvc = h3BarRoute;
+}
+
+// check again https://bar should fail because host bar has cert for foo
+function doTest7() {
+  dump("doTest7()\n");
+  origin = httpsBarOrigin;
+  xaltsvc = "";
+  expectPass = false;
+  nextTest = doTest8;
+  do_test_pending();
+  doTest();
+}
+
+// http://bar served from h3-29=foo, should fail because host foo only has
+// cert for foo. Fail in this case means alt-svc is not used, but content
+// is served
+function doTest8() {
+  dump("doTest8()\n");
+  origin = httpBarOrigin;
+  xaltsvc = h3FooRoute;
+  expectPass = true;
+  waitFor = 500;
+  nextTest = doTest9;
+  do_test_pending();
+  doTest();
+}
+
+// Test 9-12:
+// Insert a cache of http://foo served from h3-29=:port with origin attributes.
+function doTest9() {
+  dump("doTest9()\n");
+  origin = httpFooOrigin;
+  xaltsvc = h3Route;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  nextTest = doTest10;
+  do_test_pending();
+  doTest();
+  xaltsvc = h3FooRoute;
+}
+
+// Make sure we get a cache miss with a different userContextId.
+function doTest10() {
+  dump("doTest10()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 2,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest11;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we get a cache miss with a different firstPartyDomain.
+function doTest11() {
+  dump("doTest11()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "b.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest12;
+  do_test_pending();
+  doTest();
+}
+//
+// Make sure we get a cache hit with the same origin attributes.
+function doTest12() {
+  dump("doTest12()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest13;
+  do_test_pending();
+  doTest();
+  // This ensures a cache hit.
+  xaltsvc = h3FooRoute;
+}
+
+// Make sure we do not use H3 if it is disabled on a channel.
+function doTest13() {
+  dump("doTest13()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  disallowH3 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest14;
+  do_test_pending();
+  doTest();
+}
+
+// Make sure we use H3 if only Http2 is disabled on a channel.
+function doTest14() {
+  dump("doTest14()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  disallowH2 = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest15;
+  do_test_pending();
+  doTest();
+  // This should ensures a cache hit.
+  xaltsvc = h3FooRoute;
+}
+
+// Make sure we do not use H3 if NS_HTTP_ALLOW_KEEPALIVE is not set.
+function doTest15() {
+  dump("doTest15()\n");
+  origin = httpFooOrigin;
+  xaltsvc = "NA";
+  testKeepAliveNotSet = true;
+  originAttributes = {
+    userContextId: 1,
+    firstPartyDomain: "a.com",
+  };
+  loadWithoutClearingMappings = true;
+  nextTest = doTest16;
+  do_test_pending();
+  doTest();
+}
+
+// Check we don't connect to blocked ports
+function doTest16() {
+  dump("doTest16()\n");
+  origin = httpFooOrigin;
+  nextTest = testsDone;
+  otherServer = Cc["@mozilla.org/network/server-socket;1"].createInstance(
+    Ci.nsIServerSocket
+  );
+  otherServer.init(-1, true, -1);
+  xaltsvc = "localhost:" + otherServer.port;
+  Services.prefs.setCharPref(
+    "network.security.ports.banned",
+    "" + otherServer.port
+  );
+  dump("Blocked port: " + otherServer.port);
+  waitFor = 500;
+  otherServer.asyncListen({
+    onSocketAccepted() {
+      Assert.ok(false, "Got connection to socket when we didn't expect it!");
+    },
+    onStopListening() {
+      // We get closed when the entire file is done, which guarantees we get the socket accept
+      // if we do connect to the alt-svc header
+      do_test_finished();
+    },
+  });
+  do_test_pending();
+  doTest();
+}
diff --git a/netwerk/test/unit/test_altsvc_pref.js b/netwerk/test/unit/test_altsvc_pref.js
new file mode 100644
index 0000000000..3e6d3289f4
--- /dev/null
+++ b/netwerk/test/unit/test_altsvc_pref.js
@@ -0,0 +1,136 @@
+"use strict";
+
+let h3Port;
+let h3Route;
+let h3AltSvc;
+let prefs;
+let httpsOrigin;
+
+let tests = [
+  // The altSvc storage may not be up imediately, therefore run test_no_altsvc_pref
+  // for a couple times to wait for the storage.
+  test_no_altsvc_pref,
+  test_no_altsvc_pref,
+  test_no_altsvc_pref,
+  test_altsvc_pref,
+  testsDone,
+];
+
+let current_test = 0;
+
+function run_next_test() {
+  if (current_test < tests.length) {
+    dump("starting test number " + current_test + "\n");
+    tests[current_test]();
+    current_test++;
+  }
+}
+
+function run_test() {
+  h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  h3AltSvc = ":" + h3Port;
+
+  h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+  prefs = Services.prefs;
+
+  prefs.setBoolPref("network.http.http3.enable", true);
+  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  prefs.setBoolPref("network.dns.disableIPv6", true);
+
+  // The certificate for the http3server server is for foo.example.com and
+  // is signed by http2-ca.pem so add that cert to the trust list as a
+  // signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  httpsOrigin = "https://foo.example.com/";
+
+  run_next_test();
+}
+
+let Http3CheckListener = function () {};
+
+Http3CheckListener.prototype = {
+  expectedRoute: "",
+  expectedStatus: Cr.NS_OK,
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.status, this.expectedStatus);
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      Assert.equal(request.responseStatus, 200);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, this.expectedStatus);
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      Assert.equal(request.responseStatus, 200);
+      let routed = "NA";
+      try {
+        routed = request.getRequestHeader("Alt-Used");
+      } catch (e) {}
+      dump("routed is " + routed + "\n");
+
+      Assert.equal(routed, this.expectedRoute);
+
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, "h3");
+    }
+
+    do_test_finished();
+  },
+};
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function test_no_altsvc_pref() {
+  dump("test_no_altsvc_pref");
+  do_test_pending();
+
+  let chan = makeChan(httpsOrigin + "http3-test");
+  let listener = new Http3CheckListener();
+  listener.expectedStatus = Cr.NS_ERROR_CONNECTION_REFUSED;
+  chan.asyncOpen(listener);
+}
+
+function test_altsvc_pref() {
+  dump("test_altsvc_pref");
+  do_test_pending();
+
+  prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.example.com;h3-29=" + h3AltSvc
+  );
+
+  let chan = makeChan(httpsOrigin + "http3-test");
+  let listener = new Http3CheckListener();
+  listener.expectedRoute = h3Route;
+  chan.asyncOpen(listener);
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.http.http3.enable");
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.dns.disableIPv6");
+  prefs.clearUserPref("network.http.http3.alt-svc-mapping-for-testing");
+  dump("testDone\n");
+}
diff --git a/netwerk/test/unit/test_anonymous-coalescing.js b/netwerk/test/unit/test_anonymous-coalescing.js
new file mode 100644
index 0000000000..c46dbfe52b
--- /dev/null
+++ b/netwerk/test/unit/test_anonymous-coalescing.js
@@ -0,0 +1,179 @@
+/*
+- test to check we use only a single connection for both onymous and anonymous requests over an existing h2 session
+- request from a domain w/o LOAD_ANONYMOUS flag
+- request again from the same domain, but different URI, with LOAD_ANONYMOUS flag, check the client is using the same conn
+- close all and do it in the opposite way (do an anonymous req first)
+*/
+
+"use strict";
+
+var h2Port;
+var prefs;
+var http2pref;
+var extpref;
+
+function run_test() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+  prefs = Services.prefs;
+
+  http2pref = prefs.getBoolPref("network.http.http2.enabled");
+  extpref = prefs.getBoolPref("network.http.originextension");
+
+  prefs.setBoolPref("network.http.http2.enabled", true);
+  prefs.setBoolPref("network.http.originextension", true);
+  prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, alt1.example.com"
+  );
+
+  // The moz-http2 cert is for {foo, alt1, alt2}.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  doTest1();
+}
+
+function resetPrefs() {
+  prefs.setBoolPref("network.http.http2.enabled", http2pref);
+  prefs.setBoolPref("network.http.originextension", extpref);
+  prefs.clearUserPref("network.dns.localDomains");
+}
+
+function makeChan(origin) {
+  return NetUtil.newChannel({
+    uri: origin,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var nextTest;
+var origin;
+var nextPortExpectedToBeSame = false;
+var currentPort = 0;
+var forceReload = false;
+var anonymous = false;
+
+var Listener = function () {};
+Listener.prototype.clientPort = 0;
+Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    if (!Components.isSuccessCode(request.status)) {
+      do_throw("Channel should have a success code! (" + request.status + ")");
+    }
+    Assert.equal(request.responseStatus, 200);
+    this.clientPort = parseInt(request.getResponseHeader("x-client-port"));
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.ok(Components.isSuccessCode(status));
+    if (nextPortExpectedToBeSame) {
+      Assert.equal(currentPort, this.clientPort);
+    } else {
+      Assert.notEqual(currentPort, this.clientPort);
+    }
+    currentPort = this.clientPort;
+    nextTest();
+    do_test_finished();
+  },
+};
+
+function testsDone() {
+  dump("testsDone\n");
+  resetPrefs();
+}
+
+function doTest() {
+  dump("execute doTest " + origin + "\n");
+
+  var loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  if (anonymous) {
+    loadFlags |= Ci.nsIRequest.LOAD_ANONYMOUS;
+  }
+  anonymous = false;
+  if (forceReload) {
+    loadFlags |= Ci.nsIRequest.LOAD_FRESH_CONNECTION;
+  }
+  forceReload = false;
+
+  var chan = makeChan(origin);
+  chan.loadFlags = loadFlags;
+
+  var listener = new Listener();
+  chan.asyncOpen(listener);
+}
+
+function doTest1() {
+  dump("doTest1()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-1";
+  nextTest = doTest2;
+  nextPortExpectedToBeSame = false;
+  do_test_pending();
+  doTest();
+}
+
+function doTest2() {
+  // Run the same test as above to make sure connection is marked experienced.
+  dump("doTest2()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-1";
+  nextTest = doTest3;
+  nextPortExpectedToBeSame = true;
+  do_test_pending();
+  doTest();
+}
+
+function doTest3() {
+  // connection expected to be reused for an anonymous request
+  dump("doTest3()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-2";
+  nextTest = doTest4;
+  nextPortExpectedToBeSame = true;
+  anonymous = true;
+  do_test_pending();
+  doTest();
+}
+
+function doTest4() {
+  dump("doTest4()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-3";
+  nextTest = doTest5;
+  nextPortExpectedToBeSame = false;
+  forceReload = true;
+  anonymous = true;
+  do_test_pending();
+  doTest();
+}
+
+function doTest5() {
+  // Run the same test as above just without forceReload to make sure connection
+  // is marked experienced.
+  dump("doTest5()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-3";
+  nextTest = doTest6;
+  nextPortExpectedToBeSame = true;
+  anonymous = true;
+  do_test_pending();
+  doTest();
+}
+
+function doTest6() {
+  dump("doTest6()\n");
+  origin = "https://foo.example.com:" + h2Port + "/origin-4";
+  nextTest = testsDone;
+  nextPortExpectedToBeSame = true;
+  do_test_pending();
+  doTest();
+}
diff --git a/netwerk/test/unit/test_auth_dialog_permission.js b/netwerk/test/unit/test_auth_dialog_permission.js
new file mode 100644
index 0000000000..a45b651588
--- /dev/null
+++ b/netwerk/test/unit/test_auth_dialog_permission.js
@@ -0,0 +1,280 @@
+// This file tests authentication prompt depending on pref
+// network.auth.subresource-http-auth-allow:
+//   0 - don't allow sub-resources to open HTTP authentication credentials
+//       dialogs
+//   1 - allow sub-resources to open HTTP authentication credentials dialogs,
+//       but don't allow it for cross-origin sub-resources
+//   2 - allow the cross-origin authentication as well.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var prefs = Services.prefs;
+
+// Since this test creates a TYPE_DOCUMENT channel via javascript, it will
+// end up using the wrong LoadInfo constructor. Setting this pref will disable
+// the ContentPolicyType assertion in the constructor.
+prefs.setBoolPref("network.loadinfo.skip_type_assertion", true);
+
+function authHandler(metadata, response) {
+  // btoa("guest:guest"), but that function is not available here
+  var expectedHeader = "Basic Z3Vlc3Q6Z3Vlc3Q=";
+
+  var body;
+  if (
+    metadata.hasHeader("Authorization") &&
+    metadata.getHeader("Authorization") == expectedHeader
+  ) {
+    response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+    response.setHeader("Content-Type", "text/javascript", false);
+
+    body = "success";
+  } else {
+    // didn't know guest:guest, failure
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+    response.setHeader("Content-Type", "text/javascript", false);
+
+    body = "failed";
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+var httpserv = new HttpServer();
+httpserv.registerPathHandler("/auth", authHandler);
+httpserv.start(-1);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort;
+});
+
+function AuthPrompt(promptExpected) {
+  this.promptExpected = promptExpected;
+}
+
+AuthPrompt.prototype = {
+  user: "guest",
+  pass: "guest",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt"]),
+
+  prompt(title, text, realm, save, defaultText, result) {
+    do_throw("unexpected prompt call");
+  },
+
+  promptUsernameAndPassword(title, text, realm, savePW, user, pw) {
+    Assert.ok(this.promptExpected, "Not expected the authentication prompt.");
+
+    user.value = this.user;
+    pw.value = this.pass;
+    return true;
+  },
+
+  promptPassword(title, text, realm, save, pwd) {
+    do_throw("unexpected promptPassword call");
+  },
+};
+
+function Requestor(promptExpected) {
+  this.promptExpected = promptExpected;
+}
+
+Requestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInterfaceRequestor"]),
+
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt)) {
+      this.prompter = new AuthPrompt(this.promptExpected);
+      return this.prompter;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  prompter: null,
+};
+
+function make_uri(url) {
+  return Services.io.newURI(url);
+}
+
+function makeChan(loadingUrl, url, contentPolicy) {
+  var uri = make_uri(loadingUrl);
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
+    uri,
+    {}
+  );
+
+  return NetUtil.newChannel({
+    uri: url,
+    loadingPrincipal: principal,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    contentPolicyType: contentPolicy,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function Test(
+  subresource_http_auth_allow_pref,
+  loadingUri,
+  uri,
+  contentPolicy,
+  expectedCode
+) {
+  this._subresource_http_auth_allow_pref = subresource_http_auth_allow_pref;
+  this._loadingUri = loadingUri;
+  this._uri = uri;
+  this._contentPolicy = contentPolicy;
+  this._expectedCode = expectedCode;
+}
+
+Test.prototype = {
+  _subresource_http_auth_allow_pref: 1,
+  _loadingUri: null,
+  _uri: null,
+  _contentPolicy: Ci.nsIContentPolicy.TYPE_OTHER,
+  _expectedCode: 200,
+
+  onStartRequest(request) {
+    try {
+      if (!Components.isSuccessCode(request.status)) {
+        do_throw("Channel should have a success code!");
+      }
+
+      if (!(request instanceof Ci.nsIHttpChannel)) {
+        do_throw("Expecting an HTTP channel");
+      }
+
+      Assert.equal(request.responseStatus, this._expectedCode);
+      // The request should be succeeded iff we expect 200
+      Assert.equal(request.requestSucceeded, this._expectedCode == 200);
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_ERROR_ABORT);
+
+    // Clear the auth cache.
+    Cc["@mozilla.org/network/http-auth-manager;1"]
+      .getService(Ci.nsIHttpAuthManager)
+      .clearAll();
+
+    do_timeout(0, run_next_test);
+  },
+
+  run() {
+    dump(
+      "Run test: " +
+        this._subresource_http_auth_allow_pref +
+        this._loadingUri +
+        this._uri +
+        this._contentPolicy +
+        this._expectedCode +
+        " \n"
+    );
+
+    prefs.setIntPref(
+      "network.auth.subresource-http-auth-allow",
+      this._subresource_http_auth_allow_pref
+    );
+    let chan = makeChan(this._loadingUri, this._uri, this._contentPolicy);
+    chan.notificationCallbacks = new Requestor(this._expectedCode == 200);
+    chan.asyncOpen(this);
+  },
+};
+
+var tests = [
+  // For the next 3 tests the preference is set to 2 - allow the cross-origin
+  // authentication as well.
+
+  // A cross-origin request.
+  new Test(
+    2,
+    "http://example.com",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_OTHER,
+    200
+  ),
+  // A non cross-origin sub-resource request.
+  new Test(2, URL + "/", URL + "/auth", Ci.nsIContentPolicy.TYPE_OTHER, 200),
+  // A top level document.
+  new Test(
+    2,
+    URL + "/auth",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    200
+  ),
+
+  // For the next 3 tests the preference is set to 1 - allow sub-resources to
+  // open HTTP authentication credentials dialogs, but don't allow it for
+  // cross-origin sub-resources
+
+  // A cross-origin request.
+  new Test(
+    1,
+    "http://example.com",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_OTHER,
+    401
+  ),
+  // A non cross-origin sub-resource request.
+  new Test(1, URL + "/", URL + "/auth", Ci.nsIContentPolicy.TYPE_OTHER, 200),
+  // A top level document.
+  new Test(
+    1,
+    URL + "/auth",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    200
+  ),
+
+  // For the next 3 tests the preference is set to 0 - don't allow sub-resources
+  // to open HTTP authentication credentials dialogs.
+
+  // A cross-origin request.
+  new Test(
+    0,
+    "http://example.com",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_OTHER,
+    401
+  ),
+  // A sub-resource request.
+  new Test(0, URL + "/", URL + "/auth", Ci.nsIContentPolicy.TYPE_OTHER, 401),
+  // A top level request.
+  new Test(
+    0,
+    URL + "/auth",
+    URL + "/auth",
+    Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    200
+  ),
+];
+
+function run_next_test() {
+  var nextTest = tests.shift();
+  if (!nextTest) {
+    httpserv.stop(do_test_finished);
+    return;
+  }
+
+  nextTest.run();
+}
+
+function run_test() {
+  do_test_pending();
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_auth_jar.js b/netwerk/test/unit/test_auth_jar.js
new file mode 100644
index 0000000000..a6f1ea257c
--- /dev/null
+++ b/netwerk/test/unit/test_auth_jar.js
@@ -0,0 +1,92 @@
+"use strict";
+
+function createURI(s) {
+  return Services.io.newURI(s);
+}
+
+function run_test() {
+  // Set up a profile.
+  do_get_profile();
+
+  var secMan = Services.scriptSecurityManager;
+  const kURI1 = "http://example.com";
+  var app = secMan.createContentPrincipal(createURI(kURI1), {});
+  var appbrowser = secMan.createContentPrincipal(createURI(kURI1), {
+    inIsolatedMozBrowser: true,
+  });
+
+  var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
+    Ci.nsIHttpAuthManager
+  );
+  am.setAuthIdentity(
+    "http",
+    "a.example.com",
+    -1,
+    "basic",
+    "realm",
+    "",
+    "example.com",
+    "user",
+    "pass",
+    false,
+    app
+  );
+  am.setAuthIdentity(
+    "http",
+    "a.example.com",
+    -1,
+    "basic",
+    "realm",
+    "",
+    "example.com",
+    "user3",
+    "pass3",
+    false,
+    appbrowser
+  );
+
+  Services.clearData.deleteDataFromOriginAttributesPattern({
+    inIsolatedMozBrowser: true,
+  });
+
+  var domain = { value: "" },
+    user = { value: "" },
+    pass = { value: "" };
+  try {
+    am.getAuthIdentity(
+      "http",
+      "a.example.com",
+      -1,
+      "basic",
+      "realm",
+      "",
+      domain,
+      user,
+      pass,
+      false,
+      appbrowser
+    );
+    Assert.equal(false, true); // no identity should be present
+  } catch (x) {
+    Assert.equal(domain.value, "");
+    Assert.equal(user.value, "");
+    Assert.equal(pass.value, "");
+  }
+
+  am.getAuthIdentity(
+    "http",
+    "a.example.com",
+    -1,
+    "basic",
+    "realm",
+    "",
+    domain,
+    user,
+    pass,
+    false,
+    app
+  );
+  Assert.equal(domain.value, "example.com");
+  Assert.equal(user.value, "user");
+  Assert.equal(pass.value, "pass");
+}
diff --git a/netwerk/test/unit/test_auth_multiple.js b/netwerk/test/unit/test_auth_multiple.js
new file mode 100644
index 0000000000..3cf039ea7d
--- /dev/null
+++ b/netwerk/test/unit/test_auth_multiple.js
@@ -0,0 +1,464 @@
+// This file tests authentication prompt callbacks
+// TODO NIT use do_check_eq(expected, actual) consistently, not sometimes eq(actual, expected)
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+// Turn off the authentication dialog blocking for this test.
+var prefs = Services.prefs;
+prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);
+
+function URL(domain, path = "") {
+  if (path.startsWith("/")) {
+    path = path.substring(1);
+  }
+  return `http://${domain}:${httpserv.identity.primaryPort}/${path}`;
+}
+
+ChromeUtils.defineLazyGetter(this, "PORT", function () {
+  return httpserv.identity.primaryPort;
+});
+
+const FLAG_RETURN_FALSE = 1 << 0;
+const FLAG_WRONG_PASSWORD = 1 << 1;
+const FLAG_BOGUS_USER = 1 << 2;
+// const FLAG_PREVIOUS_FAILED = 1 << 3;
+const CROSS_ORIGIN = 1 << 4;
+// const FLAG_NO_REALM = 1 << 5;
+const FLAG_NON_ASCII_USER_PASSWORD = 1 << 6;
+
+function AuthPrompt1(flags) {
+  this.flags = flags;
+}
+
+AuthPrompt1.prototype = {
+  user: "guest",
+  pass: "guest",
+
+  expectedRealm: "secret",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt"]),
+
+  prompt: function ap1_prompt(title, text, realm, save, defaultText, result) {
+    do_throw("unexpected prompt call");
+  },
+
+  promptUsernameAndPassword: function ap1_promptUP(
+    title,
+    text,
+    realm,
+    savePW,
+    user,
+    pw
+  ) {
+    if (!(this.flags & CROSS_ORIGIN)) {
+      if (!text.includes(this.expectedRealm)) {
+        do_throw("Text must indicate the realm");
+      }
+    } else if (text.includes(this.expectedRealm)) {
+      do_throw("There should not be realm for cross origin");
+    }
+    if (!text.includes("localhost")) {
+      do_throw("Text must indicate the hostname");
+    }
+    if (!text.includes(String(PORT))) {
+      do_throw("Text must indicate the port");
+    }
+    if (text.includes("-1")) {
+      do_throw("Text must contain negative numbers");
+    }
+
+    if (this.flags & FLAG_RETURN_FALSE) {
+      return false;
+    }
+
+    if (this.flags & FLAG_BOGUS_USER) {
+      this.user = "foo\nbar";
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      this.user = "é";
+    }
+
+    user.value = this.user;
+    if (this.flags & FLAG_WRONG_PASSWORD) {
+      pw.value = this.pass + ".wrong";
+      // Now clear the flag to avoid an infinite loop
+      this.flags &= ~FLAG_WRONG_PASSWORD;
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      pw.value = "é";
+    } else {
+      pw.value = this.pass;
+    }
+    return true;
+  },
+
+  promptPassword: function ap1_promptPW(title, text, realm, save, pwd) {
+    do_throw("unexpected promptPassword call");
+  },
+};
+
+function AuthPrompt2(flags) {
+  this.flags = flags;
+}
+
+AuthPrompt2.prototype = {
+  user: "guest",
+  pass: "guest",
+
+  expectedRealm: "secret",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt2"]),
+
+  promptAuth: function ap2_promptAuth(channel, level, authInfo) {
+    authInfo.username = this.user;
+    authInfo.password = this.pass;
+    return true;
+  },
+
+  asyncPromptAuth: function ap2_async(chan, cb, ctx, lvl, info) {
+    throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
+  },
+};
+
+function Requestor(flags, versions) {
+  this.flags = flags;
+  this.versions = versions;
+}
+
+Requestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInterfaceRequestor"]),
+
+  getInterface: function requestor_gi(iid) {
+    if (this.versions & 1 && iid.equals(Ci.nsIAuthPrompt)) {
+      // Allow the prompt to store state by caching it here
+      if (!this.prompt1) {
+        this.prompt1 = new AuthPrompt1(this.flags);
+      }
+      return this.prompt1;
+    }
+    if (this.versions & 2 && iid.equals(Ci.nsIAuthPrompt2)) {
+      // Allow the prompt to store state by caching it here
+      if (!this.prompt2) {
+        this.prompt2 = new AuthPrompt2(this.flags);
+      }
+      return this.prompt2;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  prompt1: null,
+  prompt2: null,
+};
+
+function RealmTestRequestor() {}
+
+RealmTestRequestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIInterfaceRequestor",
+    "nsIAuthPrompt2",
+  ]),
+
+  getInterface: function realmtest_interface(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt2)) {
+      return this;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  promptAuth: function realmtest_checkAuth(channel, level, authInfo) {
+    Assert.equal(authInfo.realm, '"foo_bar');
+
+    return false;
+  },
+
+  asyncPromptAuth: function realmtest_async(chan, cb, ctx, lvl, info) {
+    throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
+  },
+};
+
+function makeChan(url) {
+  let loadingUrl = Services.io
+    .newURI(url)
+    .mutate()
+    .setPathQueryRef("")
+    .finalize();
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
+    loadingUrl,
+    {}
+  );
+  return NetUtil.newChannel({
+    uri: url,
+    loadingPrincipal: principal,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+  });
+}
+
+function ntlm_auth(metadata, response) {
+  let challenge = metadata.getHeader("Authorization");
+  if (!challenge.startsWith("NTLM ")) {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    return;
+  }
+
+  let decoded = atob(challenge.substring(5));
+  info(decoded);
+
+  if (!decoded.startsWith("NTLMSSP\0")) {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    return;
+  }
+
+  let isNegotiate = decoded.substring(8).startsWith("\x01\x00\x00\x00");
+  let isAuthenticate = decoded.substring(8).startsWith("\x03\x00\x00\x00");
+
+  if (isNegotiate) {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader(
+      "WWW-Authenticate",
+      "NTLM TlRMTVNTUAACAAAAAAAAAAAoAAABggAAASNFZ4mrze8AAAAAAAAAAAAAAAAAAAAA",
+      false
+    );
+    return;
+  }
+
+  if (isAuthenticate) {
+    let body = "OK";
+    response.bodyOutputStream.write(body, body.length);
+    return;
+  }
+
+  // Something else went wrong.
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+}
+
+function basic_auth(metadata, response) {
+  let challenge = metadata.getHeader("Authorization");
+  if (!challenge.startsWith("Basic ")) {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    return;
+  }
+
+  if (challenge == "Basic Z3Vlc3Q6Z3Vlc3Q=") {
+    response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+
+    let body = "success";
+    response.bodyOutputStream.write(body, body.length);
+    return;
+  }
+
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+}
+
+//
+// Digest functions
+//
+function bytesFromString(str) {
+  const encoder = new TextEncoder();
+  return encoder.encode(str);
+}
+
+// return the two-digit hexadecimal code for a byte
+function toHexString(charCode) {
+  return ("0" + charCode.toString(16)).slice(-2);
+}
+
+function H(str) {
+  var data = bytesFromString(str);
+  var ch = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  ch.init(Ci.nsICryptoHash.MD5);
+  ch.update(data, data.length);
+  var hash = ch.finish(false);
+  return Array.from(hash, (c, i) => toHexString(hash.charCodeAt(i))).join("");
+}
+
+const nonce = "6f93719059cf8d568005727f3250e798";
+const opaque = "1234opaque1234";
+const digestChallenge = `Digest realm="secret", domain="/",  qop=auth,algorithm=MD5, nonce="${nonce}" opaque="${opaque}"`;
+//
+// Digest handler
+//
+// /auth/digest
+function authDigest(metadata, response) {
+  var cnonceRE = /cnonce="(\w+)"/;
+  var responseRE = /response="(\w+)"/;
+  var usernameRE = /username="(\w+)"/;
+  var body = "";
+  // check creds if we have them
+  if (metadata.hasHeader("Authorization")) {
+    var auth = metadata.getHeader("Authorization");
+    var cnonce = auth.match(cnonceRE)[1];
+    var clientDigest = auth.match(responseRE)[1];
+    var username = auth.match(usernameRE)[1];
+    var nc = "00000001";
+
+    if (username != "guest") {
+      response.setStatusLine(metadata.httpVersion, 400, "bad request");
+      body = "should never get here";
+    } else {
+      // see RFC2617 for the description of this calculation
+      var A1 = "guest:secret:guest";
+      var A2 = "GET:/path";
+      var noncebits = [nonce, nc, cnonce, "auth", H(A2)].join(":");
+      var digest = H([H(A1), noncebits].join(":"));
+
+      if (clientDigest == digest) {
+        response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+        body = "digest";
+      } else {
+        info(clientDigest);
+        info(digest);
+        handle_unauthorized(metadata, response);
+        return;
+      }
+    }
+  } else {
+    // no header, send one
+    handle_unauthorized(metadata, response);
+    return;
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+let challenges = ["NTLM", `Basic realm="secret"`, digestChallenge];
+
+function handle_unauthorized(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+
+  for (let ch of challenges) {
+    response.setHeader("WWW-Authenticate", ch, true);
+  }
+}
+
+// /path
+function auth_handler(metadata, response) {
+  if (!metadata.hasHeader("Authorization")) {
+    handle_unauthorized(metadata, response);
+    return;
+  }
+
+  let challenge = metadata.getHeader("Authorization");
+  if (challenge.startsWith("NTLM ")) {
+    ntlm_auth(metadata, response);
+    return;
+  }
+
+  if (challenge.startsWith("Basic ")) {
+    basic_auth(metadata, response);
+    return;
+  }
+
+  if (challenge.startsWith("Digest ")) {
+    authDigest(metadata, response);
+    return;
+  }
+
+  handle_unauthorized(metadata, response);
+}
+
+let httpserv;
+add_setup(() => {
+  Services.prefs.setBoolPref("network.auth.force-generic-ntlm", true);
+  Services.prefs.setBoolPref("network.auth.force-generic-ntlm-v1", true);
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+  Services.prefs.setBoolPref("network.http.sanitize-headers-in-logs", false);
+
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/path", auth_handler);
+  httpserv.start(-1);
+
+  registerCleanupFunction(async () => {
+    Services.prefs.clearUserPref("network.auth.force-generic-ntlm");
+    Services.prefs.clearUserPref("network.auth.force-generic-ntlm-v1");
+    Services.prefs.clearUserPref("network.dns.native-is-localhost");
+    Services.prefs.clearUserPref("network.http.sanitize-headers-in-logs");
+
+    await httpserv.stop();
+  });
+});
+
+add_task(async function test_ntlm_first() {
+  Services.prefs.setBoolPref(
+    "network.auth.choose_most_secure_challenge",
+    false
+  );
+  challenges = ["NTLM", `Basic realm="secret"`, digestChallenge];
+  httpserv.identity.add("http", "ntlm.com", httpserv.identity.primaryPort);
+  let chan = makeChan(URL("ntlm.com", "/path"));
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  let [req, buf] = await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => resolve([request, buffer]), null)
+    );
+  });
+  Assert.equal(buf, "OK");
+  Assert.equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+});
+
+add_task(async function test_basic_first() {
+  Services.prefs.setBoolPref(
+    "network.auth.choose_most_secure_challenge",
+    false
+  );
+  challenges = [`Basic realm="secret"`, "NTLM", digestChallenge];
+  httpserv.identity.add("http", "basic.com", httpserv.identity.primaryPort);
+  let chan = makeChan(URL("basic.com", "/path"));
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  let [req, buf] = await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => resolve([request, buffer]), null)
+    );
+  });
+  Assert.equal(buf, "success");
+  Assert.equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+});
+
+add_task(async function test_digest_first() {
+  Services.prefs.setBoolPref(
+    "network.auth.choose_most_secure_challenge",
+    false
+  );
+  challenges = [digestChallenge, `Basic realm="secret"`, "NTLM"];
+  httpserv.identity.add("http", "digest.com", httpserv.identity.primaryPort);
+  let chan = makeChan(URL("digest.com", "/path"));
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  let [req, buf] = await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => resolve([request, buffer]), null)
+    );
+  });
+  Assert.equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+  Assert.equal(buf, "digest");
+});
+
+add_task(async function test_choose_most_secure() {
+  // When the pref is true, we rank the challenges by how secure they are.
+  // In this case, NTLM should be the most secure.
+  Services.prefs.setBoolPref("network.auth.choose_most_secure_challenge", true);
+  challenges = [digestChallenge, `Basic realm="secret"`, "NTLM"];
+  httpserv.identity.add(
+    "http",
+    "ntlmstrong.com",
+    httpserv.identity.primaryPort
+  );
+  let chan = makeChan(URL("ntlmstrong.com", "/path"));
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  let [req, buf] = await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => resolve([request, buffer]), null)
+    );
+  });
+  Assert.equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+  Assert.equal(buf, "OK");
+});
diff --git a/netwerk/test/unit/test_auth_proxy.js b/netwerk/test/unit/test_auth_proxy.js
new file mode 100644
index 0000000000..d49e230922
--- /dev/null
+++ b/netwerk/test/unit/test_auth_proxy.js
@@ -0,0 +1,463 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This tests the automatic login to the proxy with password,
+ * if the password is stored and the browser is restarted.
+ *
+ * 
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const FLAG_RETURN_FALSE = 1 << 0;
+const FLAG_WRONG_PASSWORD = 1 << 1;
+const FLAG_PREVIOUS_FAILED = 1 << 2;
+
+function AuthPrompt2(proxyFlags, hostFlags) {
+  this.proxyCred.flags = proxyFlags;
+  this.hostCred.flags = hostFlags;
+}
+AuthPrompt2.prototype = {
+  proxyCred: {
+    user: "proxy",
+    pass: "guest",
+    realmExpected: "intern",
+    flags: 0,
+  },
+  hostCred: { user: "host", pass: "guest", realmExpected: "extern", flags: 0 },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt2"]),
+
+  promptAuth: function ap2_promptAuth(channel, encryptionLevel, authInfo) {
+    try {
+      // never HOST and PROXY set at the same time in prompt
+      Assert.equal(
+        (authInfo.flags & Ci.nsIAuthInformation.AUTH_HOST) != 0,
+        (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) == 0
+      );
+
+      var isProxy = (authInfo.flags & Ci.nsIAuthInformation.AUTH_PROXY) != 0;
+      var cred = isProxy ? this.proxyCred : this.hostCred;
+
+      dump(
+        "with flags: " +
+          ((cred.flags & FLAG_WRONG_PASSWORD) != 0 ? "wrong password" : "") +
+          " " +
+          ((cred.flags & FLAG_PREVIOUS_FAILED) != 0 ? "previous failed" : "") +
+          " " +
+          ((cred.flags & FLAG_RETURN_FALSE) != 0 ? "return false" : "") +
+          "\n"
+      );
+
+      // PROXY properly set by necko (checked using realm)
+      Assert.equal(cred.realmExpected, authInfo.realm);
+
+      // PREVIOUS_FAILED properly set by necko
+      Assert.equal(
+        (cred.flags & FLAG_PREVIOUS_FAILED) != 0,
+        (authInfo.flags & Ci.nsIAuthInformation.PREVIOUS_FAILED) != 0
+      );
+
+      if (cred.flags & FLAG_RETURN_FALSE) {
+        cred.flags |= FLAG_PREVIOUS_FAILED;
+        cred.flags &= ~FLAG_RETURN_FALSE;
+        return false;
+      }
+
+      authInfo.username = cred.user;
+      if (cred.flags & FLAG_WRONG_PASSWORD) {
+        authInfo.password = cred.pass + ".wrong";
+        cred.flags |= FLAG_PREVIOUS_FAILED;
+        // Now clear the flag to avoid an infinite loop
+        cred.flags &= ~FLAG_WRONG_PASSWORD;
+      } else {
+        authInfo.password = cred.pass;
+        cred.flags &= ~FLAG_PREVIOUS_FAILED;
+      }
+    } catch (e) {
+      do_throw(e);
+    }
+    return true;
+  },
+
+  asyncPromptAuth: function ap2_async(
+    channel,
+    callback,
+    context,
+    encryptionLevel,
+    authInfo
+  ) {
+    var me = this;
+    var allOverAndDead = false;
+    executeSoon(function () {
+      try {
+        if (allOverAndDead) {
+          throw new Error("already canceled");
+        }
+        var ret = me.promptAuth(channel, encryptionLevel, authInfo);
+        if (!ret) {
+          callback.onAuthCancelled(context, true);
+        } else {
+          callback.onAuthAvailable(context, authInfo);
+        }
+        allOverAndDead = true;
+      } catch (e) {
+        do_throw(e);
+      }
+    });
+    return new Cancelable(function () {
+      if (allOverAndDead) {
+        throw new Error("can't cancel, already ran");
+      }
+      callback.onAuthAvailable(context, authInfo);
+      allOverAndDead = true;
+    });
+  },
+};
+
+function Cancelable(onCancelFunc) {
+  this.onCancelFunc = onCancelFunc;
+}
+Cancelable.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsICancelable"]),
+  cancel: function cancel() {
+    try {
+      this.onCancelFunc();
+    } catch (e) {
+      do_throw(e);
+    }
+  },
+};
+
+function Requestor(proxyFlags, hostFlags) {
+  this.proxyFlags = proxyFlags;
+  this.hostFlags = hostFlags;
+}
+Requestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInterfaceRequestor"]),
+
+  getInterface: function requestor_gi(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt)) {
+      dump("authprompt1 not implemented\n");
+      throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+    }
+    if (iid.equals(Ci.nsIAuthPrompt2)) {
+      try {
+        // Allow the prompt to store state by caching it here
+        if (!this.prompt2) {
+          this.prompt2 = new AuthPrompt2(this.proxyFlags, this.hostFlags);
+        }
+        return this.prompt2;
+      } catch (e) {
+        do_throw(e);
+      }
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  prompt2: null,
+};
+
+var listener = {
+  expectedCode: -1, // uninitialized
+
+  onStartRequest: function test_onStartR(request) {
+    try {
+      // Proxy auth cancellation return failures to avoid spoofing
+      if (
+        !Components.isSuccessCode(request.status) &&
+        this.expectedCode != 407
+      ) {
+        do_throw("Channel should have a success code!");
+      }
+
+      if (!(request instanceof Ci.nsIHttpChannel)) {
+        do_throw("Expecting an HTTP channel");
+      }
+
+      Assert.equal(this.expectedCode, request.responseStatus);
+      // If we expect 200, the request should have succeeded
+      Assert.equal(this.expectedCode == 200, request.requestSucceeded);
+
+      var cookie = "";
+      try {
+        cookie = request.getRequestHeader("Cookie");
+      } catch (e) {}
+      Assert.equal(cookie, "");
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    Assert.equal(status, Cr.NS_ERROR_ABORT);
+
+    if (current_test < tests.length - 1) {
+      // First, need to clear the auth cache
+      Cc["@mozilla.org/network/http-auth-manager;1"]
+        .getService(Ci.nsIHttpAuthManager)
+        .clearAll();
+
+      current_test++;
+      tests[current_test]();
+    } else {
+      do_test_pending();
+      httpserv.stop(do_test_finished);
+    }
+
+    do_test_finished();
+  },
+};
+
+function makeChan(url) {
+  if (!url) {
+    url = "http://somesite/";
+  }
+
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var current_test = 0;
+var httpserv = null;
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/", proxyAuthHandler);
+  httpserv.identity.add("http", "somesite", 80);
+  httpserv.start(-1);
+
+  Services.prefs.setCharPref("network.proxy.http", "localhost");
+  Services.prefs.setIntPref(
+    "network.proxy.http_port",
+    httpserv.identity.primaryPort
+  );
+  Services.prefs.setCharPref("network.proxy.no_proxies_on", "");
+  Services.prefs.setIntPref("network.proxy.type", 1);
+
+  // Turn off the authentication dialog blocking for this test.
+  Services.prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);
+  Services.prefs.setBoolPref(
+    "network.auth.non-web-content-triggered-resources-http-auth-allow",
+    true
+  );
+
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("network.proxy.http");
+    Services.prefs.clearUserPref("network.proxy.http_port");
+    Services.prefs.clearUserPref("network.proxy.no_proxies_on");
+    Services.prefs.clearUserPref("network.proxy.type");
+    Services.prefs.clearUserPref("network.auth.subresource-http-auth-allow");
+    Services.prefs.clearUserPref(
+      "network.auth.non-web-content-triggered-resources-http-auth-allow"
+    );
+  });
+
+  tests[current_test]();
+}
+
+function test_proxy_returnfalse() {
+  dump("\ntest: proxy returnfalse\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
+  listener.expectedCode = 407; // Proxy Unauthorized
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function test_proxy_wrongpw() {
+  dump("\ntest: proxy wrongpw\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 0);
+  listener.expectedCode = 200; // Eventually OK
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function test_all_ok() {
+  dump("\ntest: all ok\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(0, 0);
+  listener.expectedCode = 200; // OK
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function test_proxy_407_cookie() {
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 0);
+  chan.setRequestHeader("X-Set-407-Cookie", "1", false);
+  listener.expectedCode = 407; // Proxy Unauthorized
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function test_proxy_200_cookie() {
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(0, 0);
+  chan.setRequestHeader("X-Set-407-Cookie", "1", false);
+  listener.expectedCode = 200; // OK
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function test_host_returnfalse() {
+  dump("\ntest: host returnfalse\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(0, FLAG_RETURN_FALSE);
+  listener.expectedCode = 401; // Host Unauthorized
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function test_host_wrongpw() {
+  dump("\ntest: host wrongpw\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(0, FLAG_WRONG_PASSWORD);
+  listener.expectedCode = 200; // Eventually OK
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function test_proxy_wrongpw_host_wrongpw() {
+  dump("\ntest: proxy wrongpw, host wrongpw\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(
+    FLAG_WRONG_PASSWORD,
+    FLAG_WRONG_PASSWORD
+  );
+  listener.expectedCode = 200; // OK
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function test_proxy_wrongpw_host_returnfalse() {
+  dump("\ntest: proxy wrongpw, host return false\n");
+  var chan = makeChan();
+  chan.notificationCallbacks = new Requestor(
+    FLAG_WRONG_PASSWORD,
+    FLAG_RETURN_FALSE
+  );
+  listener.expectedCode = 401; // Host Unauthorized
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+var tests = [
+  test_proxy_returnfalse,
+  test_proxy_wrongpw,
+  test_all_ok,
+  test_proxy_407_cookie,
+  test_proxy_200_cookie,
+  test_host_returnfalse,
+  test_host_wrongpw,
+  test_proxy_wrongpw_host_wrongpw,
+  test_proxy_wrongpw_host_returnfalse,
+];
+
+// PATH HANDLERS
+
+// Proxy
+function proxyAuthHandler(metadata, response) {
+  try {
+    var realm = "intern";
+    // btoa("proxy:guest"), but that function is not available here
+    var expectedHeader = "Basic cHJveHk6Z3Vlc3Q=";
+
+    var body;
+    if (
+      metadata.hasHeader("Proxy-Authorization") &&
+      metadata.getHeader("Proxy-Authorization") == expectedHeader
+    ) {
+      dump("proxy password ok\n");
+      response.setHeader(
+        "Proxy-Authenticate",
+        'Basic realm="' + realm + '"',
+        false
+      );
+
+      hostAuthHandler(metadata, response);
+    } else {
+      dump("proxy password required\n");
+      response.setStatusLine(
+        metadata.httpVersion,
+        407,
+        "Unauthorized by HTTP proxy"
+      );
+      response.setHeader(
+        "Proxy-Authenticate",
+        'Basic realm="' + realm + '"',
+        false
+      );
+      if (metadata.hasHeader("X-Set-407-Cookie")) {
+        response.setHeader("Set-Cookie", "chewy", false);
+      }
+      body = "failed";
+      response.bodyOutputStream.write(body, body.length);
+    }
+  } catch (e) {
+    do_throw(e);
+  }
+}
+
+// Host /auth
+function hostAuthHandler(metadata, response) {
+  try {
+    var realm = "extern";
+    // btoa("host:guest"), but that function is not available here
+    var expectedHeader = "Basic aG9zdDpndWVzdA==";
+
+    var body;
+    if (
+      metadata.hasHeader("Authorization") &&
+      metadata.getHeader("Authorization") == expectedHeader
+    ) {
+      dump("host password ok\n");
+      response.setStatusLine(
+        metadata.httpVersion,
+        200,
+        "OK, authorized for host"
+      );
+      response.setHeader(
+        "WWW-Authenticate",
+        'Basic realm="' + realm + '"',
+        false
+      );
+      body = "success";
+    } else {
+      dump("host password required\n");
+      response.setStatusLine(
+        metadata.httpVersion,
+        401,
+        "Unauthorized by HTTP server host"
+      );
+      response.setHeader(
+        "WWW-Authenticate",
+        'Basic realm="' + realm + '"',
+        false
+      );
+      body = "failed";
+    }
+    response.bodyOutputStream.write(body, body.length);
+  } catch (e) {
+    do_throw(e);
+  }
+}
diff --git a/netwerk/test/unit/test_authentication.js b/netwerk/test/unit/test_authentication.js
new file mode 100644
index 0000000000..823e2cb36b
--- /dev/null
+++ b/netwerk/test/unit/test_authentication.js
@@ -0,0 +1,1400 @@
+// This file tests authentication prompt callbacks
+// TODO NIT use do_check_eq(expected, actual) consistently, not sometimes eq(actual, expected)
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+// Turn off the authentication dialog blocking for this test.
+Services.prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort;
+});
+
+ChromeUtils.defineLazyGetter(this, "PORT", function () {
+  return httpserv.identity.primaryPort;
+});
+
+const FLAG_RETURN_FALSE = 1 << 0;
+const FLAG_WRONG_PASSWORD = 1 << 1;
+const FLAG_BOGUS_USER = 1 << 2;
+const FLAG_PREVIOUS_FAILED = 1 << 3;
+const CROSS_ORIGIN = 1 << 4;
+const FLAG_NO_REALM = 1 << 5;
+const FLAG_NON_ASCII_USER_PASSWORD = 1 << 6;
+
+const nsIAuthPrompt2 = Ci.nsIAuthPrompt2;
+const nsIAuthInformation = Ci.nsIAuthInformation;
+
+function AuthPrompt1(flags) {
+  this.flags = flags;
+}
+
+var initialChannelId = -1;
+
+AuthPrompt1.prototype = {
+  user: "guest",
+  pass: "guest",
+
+  expectedRealm: "secret",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt"]),
+
+  prompt: function ap1_prompt(title, text, realm, save, defaultText, result) {
+    do_throw("unexpected prompt call");
+  },
+
+  promptUsernameAndPassword: function ap1_promptUP(
+    title,
+    text,
+    realm,
+    savePW,
+    user,
+    pw
+  ) {
+    if (this.flags & FLAG_NO_REALM) {
+      // Note that the realm here isn't actually the realm. it's a pw mgr key.
+      Assert.equal(URL + " (" + this.expectedRealm + ")", realm);
+    }
+    if (!(this.flags & CROSS_ORIGIN)) {
+      if (!text.includes(this.expectedRealm)) {
+        do_throw("Text must indicate the realm");
+      }
+    } else if (text.includes(this.expectedRealm)) {
+      do_throw("There should not be realm for cross origin");
+    }
+    if (!text.includes("localhost")) {
+      do_throw("Text must indicate the hostname");
+    }
+    if (!text.includes(String(PORT))) {
+      do_throw("Text must indicate the port");
+    }
+    if (text.includes("-1")) {
+      do_throw("Text must contain negative numbers");
+    }
+
+    if (this.flags & FLAG_RETURN_FALSE) {
+      return false;
+    }
+
+    if (this.flags & FLAG_BOGUS_USER) {
+      this.user = "foo\nbar";
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      this.user = "é";
+    }
+
+    user.value = this.user;
+    if (this.flags & FLAG_WRONG_PASSWORD) {
+      pw.value = this.pass + ".wrong";
+      // Now clear the flag to avoid an infinite loop
+      this.flags &= ~FLAG_WRONG_PASSWORD;
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      pw.value = "é";
+    } else {
+      pw.value = this.pass;
+    }
+    return true;
+  },
+
+  promptPassword: function ap1_promptPW(title, text, realm, save, pwd) {
+    do_throw("unexpected promptPassword call");
+  },
+};
+
+function AuthPrompt2(flags) {
+  this.flags = flags;
+}
+
+AuthPrompt2.prototype = {
+  user: "guest",
+  pass: "guest",
+
+  expectedRealm: "secret",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt2"]),
+
+  promptAuth: function ap2_promptAuth(channel, level, authInfo) {
+    var isNTLM = channel.URI.pathQueryRef.includes("ntlm");
+    var isDigest = channel.URI.pathQueryRef.includes("digest");
+
+    if (isNTLM || this.flags & FLAG_NO_REALM) {
+      this.expectedRealm = ""; // NTLM knows no realms
+    }
+
+    Assert.equal(this.expectedRealm, authInfo.realm);
+
+    var expectedLevel =
+      isNTLM || isDigest
+        ? nsIAuthPrompt2.LEVEL_PW_ENCRYPTED
+        : nsIAuthPrompt2.LEVEL_NONE;
+    Assert.equal(expectedLevel, level);
+
+    var expectedFlags = nsIAuthInformation.AUTH_HOST;
+
+    if (this.flags & FLAG_PREVIOUS_FAILED) {
+      expectedFlags |= nsIAuthInformation.PREVIOUS_FAILED;
+    }
+
+    if (this.flags & CROSS_ORIGIN) {
+      expectedFlags |= nsIAuthInformation.CROSS_ORIGIN_SUB_RESOURCE;
+    }
+
+    if (isNTLM) {
+      expectedFlags |= nsIAuthInformation.NEED_DOMAIN;
+    }
+
+    const kAllKnownFlags = 127; // Don't fail test for newly added flags
+    Assert.equal(expectedFlags, authInfo.flags & kAllKnownFlags);
+
+    // eslint-disable-next-line no-nested-ternary
+    var expectedScheme = isNTLM ? "ntlm" : isDigest ? "digest" : "basic";
+    Assert.equal(expectedScheme, authInfo.authenticationScheme);
+
+    // No passwords in the URL -> nothing should be prefilled
+    Assert.equal(authInfo.username, "");
+    Assert.equal(authInfo.password, "");
+    Assert.equal(authInfo.domain, "");
+
+    if (this.flags & FLAG_RETURN_FALSE) {
+      this.flags |= FLAG_PREVIOUS_FAILED;
+      return false;
+    }
+
+    if (this.flags & FLAG_BOGUS_USER) {
+      this.user = "foo\nbar";
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      this.user = "é";
+    }
+
+    authInfo.username = this.user;
+    if (this.flags & FLAG_WRONG_PASSWORD) {
+      authInfo.password = this.pass + ".wrong";
+      this.flags |= FLAG_PREVIOUS_FAILED;
+      // Now clear the flag to avoid an infinite loop
+      this.flags &= ~FLAG_WRONG_PASSWORD;
+    } else if (this.flags & FLAG_NON_ASCII_USER_PASSWORD) {
+      authInfo.password = "é";
+    } else {
+      authInfo.password = this.pass;
+      this.flags &= ~FLAG_PREVIOUS_FAILED;
+    }
+    return true;
+  },
+
+  asyncPromptAuth: function ap2_async(chan, cb, ctx, lvl, info) {
+    let self = this;
+    executeSoon(function () {
+      let ret = self.promptAuth(chan, lvl, info);
+      if (ret) {
+        cb.onAuthAvailable(ctx, info);
+      } else {
+        cb.onAuthCancelled(ctx, true);
+      }
+    });
+  },
+};
+
+function Requestor(flags, versions) {
+  this.flags = flags;
+  this.versions = versions;
+}
+
+Requestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIInterfaceRequestor"]),
+
+  getInterface: function requestor_gi(iid) {
+    if (this.versions & 1 && iid.equals(Ci.nsIAuthPrompt)) {
+      // Allow the prompt to store state by caching it here
+      if (!this.prompt1) {
+        this.prompt1 = new AuthPrompt1(this.flags);
+      }
+      return this.prompt1;
+    }
+    if (this.versions & 2 && iid.equals(Ci.nsIAuthPrompt2)) {
+      // Allow the prompt to store state by caching it here
+      if (!this.prompt2) {
+        this.prompt2 = new AuthPrompt2(this.flags);
+      }
+      return this.prompt2;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  prompt1: null,
+  prompt2: null,
+};
+
+function RealmTestRequestor() {
+  this.promptRealm = "";
+}
+
+RealmTestRequestor.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIInterfaceRequestor",
+    "nsIAuthPrompt2",
+  ]),
+
+  getInterface: function realmtest_interface(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt2)) {
+      return this;
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  promptAuth: function realmtest_checkAuth(channel, level, authInfo) {
+    this.promptRealm = authInfo.realm;
+
+    return false;
+  },
+
+  asyncPromptAuth: function realmtest_async(chan, cb, ctx, lvl, info) {
+    throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
+  },
+};
+
+var listener = {
+  expectedCode: -1, // Uninitialized
+  nextTest: undefined,
+  expectRequestFail: false,
+  onStartRequest: function test_onStartR(request) {
+    try {
+      if (
+        !this.expectRequestFail &&
+        !Components.isSuccessCode(request.status)
+      ) {
+        do_throw("Channel should have a success code!");
+      }
+
+      if (!(request instanceof Ci.nsIHttpChannel)) {
+        do_throw("Expecting an HTTP channel");
+      }
+
+      if (
+        Services.prefs.getBoolPref("network.auth.use_redirect_for_retries") &&
+        // we should skip redirect check if we do not expect to succeed
+        this.expectedCode == 200
+      ) {
+        // ensure channel ids are initialized
+        Assert.notEqual(initialChannelId, -1);
+
+        // for each request we must use a unique channel ID.
+        // See Bug 1820807
+        var chan = request.QueryInterface(Ci.nsIIdentChannel);
+        Assert.notEqual(initialChannelId, chan.channelId);
+      }
+
+      Assert.equal(request.responseStatus, this.expectedCode);
+      // The request should be succeeded if we expect 200
+      Assert.equal(request.requestSucceeded, this.expectedCode == 200);
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    Assert.equal(status, Cr.NS_ERROR_ABORT);
+    initialChannelId = -1;
+    this.nextTest();
+  },
+};
+
+let ChannelEventSink1 = {
+  _classDescription: "WebRequest channel event sink",
+  _classID: Components.ID("115062f8-92f1-11e5-8b7f-08001110f7ec"),
+  _contractID: "@mozilla.org/webrequest/channel-event-sink;1",
+
+  QueryInterface: ChromeUtils.generateQI(["nsIChannelEventSink", "nsIFactory"]),
+
+  init() {
+    Components.manager
+      .QueryInterface(Ci.nsIComponentRegistrar)
+      .registerFactory(
+        this._classID,
+        this._classDescription,
+        this._contractID,
+        this
+      );
+  },
+
+  register() {
+    Services.catMan.addCategoryEntry(
+      "net-channel-event-sinks",
+      this._contractID,
+      this._contractID,
+      false,
+      true
+    );
+  },
+
+  unregister() {
+    Services.catMan.deleteCategoryEntry(
+      "net-channel-event-sinks",
+      this._contractID,
+      false
+    );
+  },
+
+  // nsIChannelEventSink implementation
+  asyncOnChannelRedirect(oldChannel, newChannel, flags, redirectCallback) {
+    // Abort the redirection
+    redirectCallback.onRedirectVerifyCallback(Cr.NS_ERROR_ABORT);
+  },
+
+  // nsIFactory implementation
+  createInstance(iid) {
+    return this.QueryInterface(iid);
+  },
+};
+
+function makeChan(
+  url,
+  loadingUrl,
+  securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+  contentPolicyType = Ci.nsIContentPolicy.TYPE_OTHER
+) {
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
+    Services.io.newURI(loadingUrl),
+    {}
+  );
+  return NetUtil.newChannel({
+    uri: url,
+    loadingPrincipal: principal,
+    securityFlags,
+    contentPolicyType,
+  });
+}
+
+var ChannelCreationObserver = {
+  QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+  observe(aSubject, aTopic, aData) {
+    if (aTopic == "http-on-opening-request") {
+      initialChannelId = aSubject.QueryInterface(Ci.nsIIdentChannel).channelId;
+    }
+  },
+};
+
+var httpserv = null;
+
+function setup() {
+  httpserv = new HttpServer();
+
+  httpserv.registerPathHandler("/auth", authHandler);
+  httpserv.registerPathHandler(
+    "/auth/stored/wrong/credentials/",
+    authHandlerWrongStoredCredentials
+  );
+  httpserv.registerPathHandler("/auth/ntlm/simple", authNtlmSimple);
+  httpserv.registerPathHandler("/auth/realm", authRealm);
+  httpserv.registerPathHandler("/auth/non_ascii", authNonascii);
+  httpserv.registerPathHandler("/auth/digest_md5", authDigestMD5);
+  httpserv.registerPathHandler("/auth/digest_md5sess", authDigestMD5sess);
+  httpserv.registerPathHandler("/auth/digest_sha256", authDigestSHA256);
+  httpserv.registerPathHandler("/auth/digest_sha256sess", authDigestSHA256sess);
+  httpserv.registerPathHandler("/auth/digest_sha256_md5", authDigestSHA256_MD5);
+  httpserv.registerPathHandler("/auth/digest_md5_sha256", authDigestMD5_SHA256);
+  httpserv.registerPathHandler(
+    "/auth/digest_md5_sha256_oneline",
+    authDigestMD5_SHA256_oneline
+  );
+  httpserv.registerPathHandler("/auth/short_digest", authShortDigest);
+  httpserv.registerPathHandler("/largeRealm", largeRealm);
+  httpserv.registerPathHandler("/largeDomain", largeDomain);
+
+  httpserv.registerPathHandler("/corp-coep", corpAndCoep);
+
+  httpserv.start(-1);
+
+  registerCleanupFunction(async () => {
+    await httpserv.stop();
+  });
+  Services.obs.addObserver(ChannelCreationObserver, "http-on-opening-request");
+}
+setup();
+
+async function openAndListen(chan) {
+  await new Promise(resolve => {
+    listener.nextTest = resolve;
+    chan.asyncOpen(listener);
+  });
+  Cc["@mozilla.org/network/http-auth-manager;1"]
+    .getService(Ci.nsIHttpAuthManager)
+    .clearAll();
+}
+
+async function test_noauth() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+}
+
+async function test_returnfalse1() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 1);
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+}
+
+async function test_wrongpw1() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 1);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_prompt1() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 1);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_prompt1CrossOrigin() {
+  var chan = makeChan(URL + "/auth", "http://example.org");
+
+  chan.notificationCallbacks = new Requestor(16, 1);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_prompt2CrossOrigin() {
+  var chan = makeChan(URL + "/auth", "http://example.org");
+
+  chan.notificationCallbacks = new Requestor(16, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_returnfalse2() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+}
+
+async function test_wrongpw2() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_WRONG_PASSWORD, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+var requestNum = 0;
+var expectedRequestNum = 0;
+async function test_wrong_stored_passwd() {
+  // tests that we don't retry auth requests for incorrect custom credentials passed during channel creation
+  requestNum = 0;
+  expectedRequestNum = 1;
+  var chan = makeChan(URL + "/auth/stored/wrong/credentials/", URL);
+  chan.nsIHttpChannel.setRequestHeader("Authorization", "wrong_cred", false);
+  chan.notificationCallbacks = new Requestor(0, 1);
+  listener.expectedCode = 401; // Unauthorized
+
+  await openAndListen(chan);
+}
+
+async function test_prompt2() {
+  var chan = makeChan(URL + "/auth", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_ntlm() {
+  var chan = makeChan(URL + "/auth/ntlm/simple", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+}
+
+async function test_basicrealm() {
+  var chan = makeChan(URL + "/auth/realm", URL);
+
+  let requestor = new RealmTestRequestor();
+  chan.notificationCallbacks = requestor;
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+  Assert.equal(requestor.promptRealm, '"foo_bar');
+}
+
+async function test_nonascii() {
+  var chan = makeChan(URL + "/auth/non_ascii", URL);
+
+  chan.notificationCallbacks = new Requestor(FLAG_NON_ASCII_USER_PASSWORD, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_noauth() {
+  var chan = makeChan(URL + "/auth/digest_md5", URL);
+
+  // chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+}
+
+async function test_digest_md5() {
+  var chan = makeChan(URL + "/auth/digest_md5", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+add_task(
+  { pref_set: [["network.auth.use_redirect_for_retries", true]] },
+  async function test_digest_md5_redirect_veto() {
+    ChannelEventSink1.init();
+    ChannelEventSink1.register();
+    var chan = makeChan(URL + "/auth/digest_md5", URL);
+
+    chan.notificationCallbacks = new Requestor(0, 1);
+    listener.expectedCode = 401; // Unauthorized
+    listener.expectRequestFail = true;
+    await openAndListen(chan);
+    ChannelEventSink1.unregister();
+    listener.expectRequestFail = false;
+  }
+);
+
+async function test_digest_md5sess() {
+  var chan = makeChan(URL + "/auth/digest_md5sess", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_sha256() {
+  var chan = makeChan(URL + "/auth/digest_sha256", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_sha256sess() {
+  var chan = makeChan(URL + "/auth/digest_sha256sess", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_sha256_md5() {
+  var chan = makeChan(URL + "/auth/digest_sha256_md5", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_md5_sha256() {
+  var chan = makeChan(URL + "/auth/digest_md5_sha256", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_md5_sha256_oneline() {
+  var chan = makeChan(URL + "/auth/digest_md5_sha256_oneline", URL);
+
+  chan.notificationCallbacks = new Requestor(0, 2);
+  listener.expectedCode = 200; // OK
+  await openAndListen(chan);
+}
+
+async function test_digest_bogus_user() {
+  var chan = makeChan(URL + "/auth/digest_md5", URL);
+  chan.notificationCallbacks = new Requestor(FLAG_BOGUS_USER, 2);
+  listener.expectedCode = 401; // unauthorized
+  await openAndListen(chan);
+}
+
+// Test header "WWW-Authenticate: Digest" - bug 1338876.
+async function test_short_digest() {
+  var chan = makeChan(URL + "/auth/short_digest", URL);
+  chan.notificationCallbacks = new Requestor(FLAG_NO_REALM, 2);
+  listener.expectedCode = 401; // OK
+  await openAndListen(chan);
+}
+
+// Test that COOP/COEP are processed even though asyncPromptAuth is cancelled.
+async function test_corp_coep() {
+  var chan = makeChan(
+    URL + "/corp-coep",
+    URL,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    Ci.nsIContentPolicy.TYPE_DOCUMENT
+  );
+
+  chan.notificationCallbacks = new Requestor(FLAG_RETURN_FALSE, 2);
+  listener.expectedCode = 401; // OK
+  await openAndListen(chan);
+
+  Assert.equal(
+    chan.getResponseHeader("cross-origin-embedder-policy"),
+    "require-corp"
+  );
+  Assert.equal(
+    chan.getResponseHeader("cross-origin-opener-policy"),
+    "same-origin"
+  );
+}
+
+// XXX(valentin): this makes tests fail if it's not run last. Why?
+async function test_nonascii_xhr() {
+  await new Promise(resolve => {
+    let xhr = new XMLHttpRequest();
+    xhr.open("GET", URL + "/auth/non_ascii", true, "é", "é");
+    xhr.onreadystatechange = function (event) {
+      if (xhr.readyState == 4) {
+        Assert.equal(xhr.status, 200);
+        resolve();
+        xhr.onreadystatechange = null;
+      }
+    };
+    xhr.send(null);
+  });
+}
+
+let auth_tests = [
+  test_noauth,
+  test_returnfalse1,
+  test_wrongpw1,
+  test_wrong_stored_passwd,
+  test_prompt1,
+  test_prompt1CrossOrigin,
+  test_prompt2CrossOrigin,
+  test_returnfalse2,
+  test_wrongpw2,
+  test_prompt2,
+  test_ntlm,
+  test_basicrealm,
+  test_nonascii,
+  test_digest_noauth,
+  test_digest_md5,
+  test_digest_md5sess,
+  test_digest_sha256,
+  test_digest_sha256sess,
+  test_digest_sha256_md5,
+  test_digest_md5_sha256,
+  test_digest_md5_sha256_oneline,
+  test_digest_bogus_user,
+  test_short_digest,
+  test_corp_coep,
+  test_nonascii_xhr,
+];
+
+for (let auth_test of auth_tests) {
+  add_task(
+    { pref_set: [["network.auth.use_redirect_for_retries", false]] },
+    auth_test
+  );
+}
+
+for (let auth_test of auth_tests) {
+  add_task(
+    { pref_set: [["network.auth.use_redirect_for_retries", true]] },
+    auth_test
+  );
+}
+
+// PATH HANDLERS
+
+// /auth
+function authHandler(metadata, response) {
+  // btoa("guest:guest"), but that function is not available here
+  var expectedHeader = "Basic Z3Vlc3Q6Z3Vlc3Q=";
+
+  var body;
+  if (
+    metadata.hasHeader("Authorization") &&
+    metadata.getHeader("Authorization") == expectedHeader
+  ) {
+    response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+
+    body = "success";
+  } else {
+    // didn't know guest:guest, failure
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+
+    body = "failed";
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function authHandlerWrongStoredCredentials(metadata, response) {
+  var body;
+  if (++requestNum > expectedRequestNum) {
+    response.setStatusLine(metadata.httpVersion, 500, "");
+  } else {
+    response.setStatusLine(
+      metadata.httpVersion,
+      401,
+      "Unauthorized" + requestNum
+    );
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+  }
+
+  body = "failed";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// /auth/ntlm/simple
+function authNtlmSimple(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader(
+    "WWW-Authenticate",
+    "NTLM" /* + ' realm="secret"' */,
+    false
+  );
+
+  var body =
+    "NOTE: This just sends an NTLM challenge, it never\n" +
+    "accepts the authentication. It also closes\n" +
+    "the connection after sending the challenge\n";
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// /auth/realm
+function authRealm(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader("WWW-Authenticate", 'Basic realm="\\"f\\oo_bar"', false);
+  var body = "success";
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// /auth/nonAscii
+function authNonascii(metadata, response) {
+  // btoa("é:é"), but that function is not available here
+  var expectedHeader = "Basic w6k6w6k=";
+
+  var body;
+  if (
+    metadata.hasHeader("Authorization") &&
+    metadata.getHeader("Authorization") == expectedHeader
+  ) {
+    response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+
+    // Use correct XML syntax since this function is also used for testing XHR.
+    body = "success";
+  } else {
+    // didn't know é:é, failure
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+
+    body = "failed";
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function corpAndCoep(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader("cross-origin-embedder-policy", "require-corp");
+  response.setHeader("cross-origin-opener-policy", "same-origin");
+  response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+}
+
+//
+// Digest functions
+//
+function bytesFromString(str) {
+  return new TextEncoder().encode(str);
+}
+
+// return the two-digit hexadecimal code for a byte
+function toHexString(charCode) {
+  return ("0" + charCode.toString(16)).slice(-2);
+}
+
+function HMD5(str) {
+  var data = bytesFromString(str);
+  var ch = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  ch.init(Ci.nsICryptoHash.MD5);
+  ch.update(data, data.length);
+  var hash = ch.finish(false);
+  return Array.from(hash, (c, i) => toHexString(hash.charCodeAt(i))).join("");
+}
+
+function HSHA256(str) {
+  var data = bytesFromString(str);
+  var ch = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  ch.init(Ci.nsICryptoHash.SHA256);
+  ch.update(data, data.length);
+  var hash = ch.finish(false);
+  return Array.from(hash, (c, i) => toHexString(hash.charCodeAt(i))).join("");
+}
+
+//
+// Digest handler
+//
+// /auth/digest
+function authDigestMD5_helper(metadata, response, test_name) {
+  var nonce = "6f93719059cf8d568005727f3250e798";
+  var opaque = "1234opaque1234";
+  var body;
+  var send_401 = 0;
+  // check creds if we have them
+  if (metadata.hasHeader("Authorization")) {
+    var cnonceRE = /cnonce="(\w+)"/;
+    var responseRE = /response="(\w+)"/;
+    var usernameRE = /username="(\w+)"/;
+    var algorithmRE = /algorithm=([\w-]+)/;
+    var auth = metadata.getHeader("Authorization");
+    var cnonce = auth.match(cnonceRE)[1];
+    var clientDigest = auth.match(responseRE)[1];
+    var username = auth.match(usernameRE)[1];
+    var algorithm = auth.match(algorithmRE)[1];
+    var nc = "00000001";
+
+    if (username != "guest") {
+      response.setStatusLine(metadata.httpVersion, 400, "bad request");
+      body = "should never get here";
+    } else if (
+      algorithm != null &&
+      algorithm != "MD5" &&
+      algorithm != "MD5-sess"
+    ) {
+      response.setStatusLine(metadata.httpVersion, 400, "bad request");
+      body = "Algorithm must be same as provided in WWW-Authenticate header";
+    } else {
+      // see RFC2617 for the description of this calculation
+      var A1 = "guest:secret:guest";
+      if (algorithm == "MD5-sess") {
+        A1 = [HMD5(A1), nonce, cnonce].join(":");
+      }
+      var A2 = "GET:/auth/" + test_name;
+      var noncebits = [nonce, nc, cnonce, "auth", HMD5(A2)].join(":");
+      var digest = HMD5([HMD5(A1), noncebits].join(":"));
+
+      if (clientDigest == digest) {
+        response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+        body = "success";
+      } else {
+        send_401 = 1;
+        body = "auth failed";
+      }
+    }
+  } else {
+    // no header, send one
+    send_401 = 1;
+    body = "failed, no header";
+  }
+
+  if (send_401) {
+    var authenticate_md5 =
+      'Digest realm="secret", domain="/",  qop=auth,' +
+      'algorithm=MD5, nonce="' +
+      nonce +
+      '" opaque="' +
+      opaque +
+      '"';
+    var authenticate_md5sess =
+      'Digest realm="secret", domain="/",  qop=auth,' +
+      'algorithm=MD5, nonce="' +
+      nonce +
+      '" opaque="' +
+      opaque +
+      '"';
+    if (test_name == "digest_md5") {
+      response.setHeader("WWW-Authenticate", authenticate_md5, false);
+    } else if (test_name == "digest_md5sess") {
+      response.setHeader("WWW-Authenticate", authenticate_md5sess, false);
+    }
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function authDigestMD5(metadata, response) {
+  authDigestMD5_helper(metadata, response, "digest_md5");
+}
+
+function authDigestMD5sess(metadata, response) {
+  authDigestMD5_helper(metadata, response, "digest_md5sess");
+}
+
+function authDigestSHA256_helper(metadata, response, test_name) {
+  var nonce = "6f93719059cf8d568005727f3250e798";
+  var opaque = "1234opaque1234";
+  var body;
+  var send_401 = 0;
+  // check creds if we have them
+  if (metadata.hasHeader("Authorization")) {
+    var cnonceRE = /cnonce="(\w+)"/;
+    var responseRE = /response="(\w+)"/;
+    var usernameRE = /username="(\w+)"/;
+    var algorithmRE = /algorithm=([\w-]+)/;
+    var auth = metadata.getHeader("Authorization");
+    var cnonce = auth.match(cnonceRE)[1];
+    var clientDigest = auth.match(responseRE)[1];
+    var username = auth.match(usernameRE)[1];
+    var algorithm = auth.match(algorithmRE)[1];
+    var nc = "00000001";
+
+    if (username != "guest") {
+      response.setStatusLine(metadata.httpVersion, 400, "bad request");
+      body = "should never get here";
+    } else if (algorithm != "SHA-256" && algorithm != "SHA-256-sess") {
+      response.setStatusLine(metadata.httpVersion, 400, "bad request");
+      body = "Algorithm must be same as provided in WWW-Authenticate header";
+    } else {
+      // see RFC7616 for the description of this calculation
+      var A1 = "guest:secret:guest";
+      if (algorithm == "SHA-256-sess") {
+        A1 = [HSHA256(A1), nonce, cnonce].join(":");
+      }
+      var A2 = "GET:/auth/" + test_name;
+      var noncebits = [nonce, nc, cnonce, "auth", HSHA256(A2)].join(":");
+      var digest = HSHA256([HSHA256(A1), noncebits].join(":"));
+
+      if (clientDigest == digest) {
+        response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
+        body = "success";
+      } else {
+        send_401 = 1;
+        body = "auth failed";
+      }
+    }
+  } else {
+    // no header, send one
+    send_401 = 1;
+    body = "failed, no header";
+  }
+
+  if (send_401) {
+    var authenticate_sha256 =
+      'Digest realm="secret", domain="/", qop=auth, ' +
+      'algorithm=SHA-256, nonce="' +
+      nonce +
+      '", opaque="' +
+      opaque +
+      '"';
+    var authenticate_sha256sess =
+      'Digest realm="secret", domain="/", qop=auth, ' +
+      'algorithm=SHA-256-sess, nonce="' +
+      nonce +
+      '", opaque="' +
+      opaque +
+      '"';
+    var authenticate_md5 =
+      'Digest realm="secret", domain="/", qop=auth, ' +
+      'algorithm=MD5, nonce="' +
+      nonce +
+      '", opaque="' +
+      opaque +
+      '"';
+    if (test_name == "digest_sha256") {
+      response.setHeader("WWW-Authenticate", authenticate_sha256, false);
+    } else if (test_name == "digest_sha256sess") {
+      response.setHeader("WWW-Authenticate", authenticate_sha256sess, false);
+    } else if (test_name == "digest_md5_sha256") {
+      response.setHeader("WWW-Authenticate", authenticate_md5, false);
+      response.setHeader("WWW-Authenticate", authenticate_sha256, true);
+    } else if (test_name == "digest_md5_sha256_oneline") {
+      response.setHeader(
+        "WWW-Authenticate",
+        authenticate_md5 + " " + authenticate_sha256,
+        false
+      );
+    } else if (test_name == "digest_sha256_md5") {
+      response.setHeader("WWW-Authenticate", authenticate_sha256, false);
+      response.setHeader("WWW-Authenticate", authenticate_md5, true);
+    }
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  }
+
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function authDigestSHA256(metadata, response) {
+  authDigestSHA256_helper(metadata, response, "digest_sha256");
+}
+
+function authDigestSHA256sess(metadata, response) {
+  authDigestSHA256_helper(metadata, response, "digest_sha256sess");
+}
+
+function authDigestSHA256_MD5(metadata, response) {
+  authDigestSHA256_helper(metadata, response, "digest_sha256_md5");
+}
+
+function authDigestMD5_SHA256(metadata, response) {
+  authDigestSHA256_helper(metadata, response, "digest_md5_sha256");
+}
+
+function authDigestMD5_SHA256_oneline(metadata, response) {
+  authDigestSHA256_helper(metadata, response, "digest_md5_sha256_oneline");
+}
+
+function authShortDigest(metadata, response) {
+  // no header, send one
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader("WWW-Authenticate", "Digest", false);
+}
+
+let buildLargePayload = (function () {
+  let size = 33 * 1024;
+  let ret = "";
+  return function () {
+    // Return cached value.
+    if (ret.length) {
+      return ret;
+    }
+    for (let i = 0; i < size; i++) {
+      ret += "a";
+    }
+    return ret;
+  };
+})();
+
+function largeRealm(metadata, response) {
+  // test > 32KB realm tokens
+  var body;
+
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader(
+    "WWW-Authenticate",
+    'Digest realm="' + buildLargePayload() + '", domain="foo"'
+  );
+
+  body = "need to authenticate";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function largeDomain(metadata, response) {
+  // test > 32KB domain tokens
+  var body;
+
+  response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+  response.setHeader(
+    "WWW-Authenticate",
+    'Digest realm="foo", domain="' + buildLargePayload() + '"'
+  );
+
+  body = "need to authenticate";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+add_task(async function test_large_realm() {
+  var chan = makeChan(URL + "/largeRealm", URL);
+
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+});
+
+add_task(async function test_large_domain() {
+  var chan = makeChan(URL + "/largeDomain", URL);
+
+  listener.expectedCode = 401; // Unauthorized
+  await openAndListen(chan);
+});
+
+async function add_parse_realm_testcase(testcase) {
+  httpserv.registerPathHandler("/parse_realm", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", testcase.input, false);
+
+    let body = "failed";
+    response.bodyOutputStream.write(body, body.length);
+  });
+
+  let chan = makeChan(URL + "/parse_realm", URL);
+  let requestor = new RealmTestRequestor();
+  chan.notificationCallbacks = requestor;
+
+  listener.expectedCode = 401;
+  await openAndListen(chan);
+  Assert.equal(requestor.promptRealm, testcase.realm);
+}
+
+add_task(async function simplebasic() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasiclf() {
+  await add_parse_realm_testcase({
+    input: `Basic\r\n realm="foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicucase() {
+  await add_parse_realm_testcase({
+    input: `BASIC REALM="foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasictok() {
+  await add_parse_realm_testcase({
+    input: `Basic realm=foo`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasictokbs() {
+  await add_parse_realm_testcase({
+    input: `Basic realm=\\f\\o\\o`,
+    scheme: `Basic`,
+    realm: `\\foo`,
+  });
+});
+
+add_task(async function simplebasicsq() {
+  await add_parse_realm_testcase({
+    input: `Basic realm='foo'`,
+    scheme: `Basic`,
+    realm: `'foo'`,
+  });
+});
+
+add_task(async function simplebasicpct() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo%20bar"`,
+    scheme: `Basic`,
+    realm: `foo%20bar`,
+  });
+});
+
+add_task(async function simplebasiccomma() {
+  await add_parse_realm_testcase({
+    input: `Basic , realm="foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasiccomma2() {
+  await add_parse_realm_testcase({
+    input: `Basic, realm="foo"`,
+    scheme: `Basic`,
+    realm: ``,
+  });
+});
+
+add_task(async function simplebasicnorealm() {
+  await add_parse_realm_testcase({
+    input: `Basic`,
+    scheme: `Basic`,
+    realm: ``,
+  });
+});
+
+add_task(async function simplebasic2realms() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo", realm="bar"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicwsrealm() {
+  await add_parse_realm_testcase({
+    input: `Basic realm = "foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicrealmsqc() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="\\f\\o\\o"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicrealmsqc2() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="\\"foo\\""`,
+    scheme: `Basic`,
+    realm: `"foo"`,
+  });
+});
+
+add_task(async function simplebasicnewparam1() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo", bar="xyz",, a=b,,,c=d`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicnewparam2() {
+  await add_parse_realm_testcase({
+    input: `Basic bar="xyz", realm="foo"`,
+    scheme: `Basic`,
+    realm: `foo`,
+  });
+});
+
+add_task(async function simplebasicrealmiso88591() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo-ä"`,
+    scheme: `Basic`,
+    realm: `foo-ä`,
+  });
+});
+
+add_task(async function simplebasicrealmutf8() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="foo-ä"`,
+    scheme: `Basic`,
+    realm: `foo-ä`,
+  });
+});
+
+add_task(async function simplebasicrealmrfc2047() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="=?ISO-8859-1?Q?foo-=E4?="`,
+    scheme: `Basic`,
+    realm: `=?ISO-8859-1?Q?foo-=E4?=`,
+  });
+});
+
+add_task(async function multibasicunknown() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="basic", Newauth realm="newauth"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function multibasicunknownnoparam() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="basic", Newauth`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function multibasicunknown2() {
+  await add_parse_realm_testcase({
+    input: `Newauth realm="newauth", Basic realm="basic"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function multibasicunknown2np() {
+  await add_parse_realm_testcase({
+    input: `Newauth, Basic realm="basic"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function multibasicunknown2mf() {
+  httpserv.registerPathHandler("/parse_realm", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", `Newauth realm="newauth"`, false);
+    response.setHeader("WWW-Authenticate", `Basic realm="basic"`, false);
+
+    let body = "failed";
+    response.bodyOutputStream.write(body, body.length);
+  });
+
+  let chan = makeChan(URL + "/parse_realm", URL);
+  let requestor = new RealmTestRequestor();
+  chan.notificationCallbacks = requestor;
+
+  listener.expectedCode = 401;
+  await openAndListen(chan);
+  Assert.equal(requestor.promptRealm, "basic");
+});
+
+add_task(async function multibasicempty() {
+  await add_parse_realm_testcase({
+    input: `,Basic realm="basic"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function multibasicqs() {
+  await add_parse_realm_testcase({
+    input: `Newauth realm="apps", type=1, title="Login to \"apps\"", Basic realm="simple"`,
+    scheme: `Basic`,
+    realm: `simple`,
+  });
+});
+
+add_task(async function multidisgscheme() {
+  await add_parse_realm_testcase({
+    input: `Newauth realm="Newauth Realm", basic=foo, Basic realm="Basic Realm"`,
+    scheme: `Basic`,
+    realm: `Basic Realm`,
+  });
+});
+
+add_task(async function unknown() {
+  await add_parse_realm_testcase({
+    input: `Newauth param="value"`,
+    scheme: `Basic`,
+    realm: ``,
+  });
+});
+
+add_task(async function parametersnotrequired() {
+  await add_parse_realm_testcase({ input: `A, B`, scheme: `Basic`, realm: `` });
+});
+
+add_task(async function disguisedrealm() {
+  await add_parse_realm_testcase({
+    input: `Basic foo="realm=nottherealm", realm="basic"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function disguisedrealm2() {
+  await add_parse_realm_testcase({
+    input: `Basic nottherealm="nottherealm", realm="basic"`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
+
+add_task(async function missingquote() {
+  await add_parse_realm_testcase({
+    input: `Basic realm="basic`,
+    scheme: `Basic`,
+    realm: `basic`,
+  });
+});
diff --git a/netwerk/test/unit/test_authpromptwrapper.js b/netwerk/test/unit/test_authpromptwrapper.js
new file mode 100644
index 0000000000..69680354ab
--- /dev/null
+++ b/netwerk/test/unit/test_authpromptwrapper.js
@@ -0,0 +1,207 @@
+// NOTE: This tests code outside of Necko. The test still lives here because
+// the contract is part of Necko.
+
+// TODO:
+// - HTTPS
+// - Proxies
+
+"use strict";
+
+const nsIAuthInformation = Ci.nsIAuthInformation;
+const nsIAuthPromptAdapterFactory = Ci.nsIAuthPromptAdapterFactory;
+
+function run_test() {
+  const contractID = "@mozilla.org/network/authprompt-adapter-factory;1";
+  if (!(contractID in Cc)) {
+    print("No adapter factory found, skipping testing");
+    return;
+  }
+  var adapter = Cc[contractID].getService();
+  Assert.equal(adapter instanceof nsIAuthPromptAdapterFactory, true);
+
+  // NOTE: xpconnect lets us get away with passing an empty object here
+  // For this part of the test, we only care that this function returns
+  // success
+  Assert.notEqual(adapter.createAdapter({}), null);
+
+  const host = "www.mozilla.org";
+
+  var info = {
+    username: "",
+    password: "",
+    domain: "",
+
+    flags: nsIAuthInformation.AUTH_HOST,
+    authenticationScheme: "basic",
+    realm: "secretrealm",
+  };
+
+  const CALLED_PROMPT = 1 << 0;
+  const CALLED_PROMPTUP = 1 << 1;
+  const CALLED_PROMPTP = 1 << 2;
+  function Prompt1() {}
+  Prompt1.prototype = {
+    called: 0,
+    rv: true,
+
+    user: "foo\\bar",
+    pw: "bar",
+
+    scheme: "http",
+
+    QueryInterface: ChromeUtils.generateQI(["nsIAuthPrompt"]),
+
+    prompt: function ap1_prompt(title, text, realm, save, defaultText, result) {
+      this.called |= CALLED_PROMPT;
+      this.doChecks(text, realm);
+      return this.rv;
+    },
+
+    promptUsernameAndPassword: function ap1_promptUP(
+      title,
+      text,
+      realm,
+      savePW,
+      user,
+      pw
+    ) {
+      this.called |= CALLED_PROMPTUP;
+      this.doChecks(text, realm);
+      user.value = this.user;
+      pw.value = this.pw;
+      return this.rv;
+    },
+
+    promptPassword: function ap1_promptPW(title, text, realm, save, pwd) {
+      this.called |= CALLED_PROMPTP;
+      this.doChecks(text, realm);
+      pwd.value = this.pw;
+      return this.rv;
+    },
+
+    doChecks: function ap1_check(text, realm) {
+      Assert.equal(this.scheme + "://" + host + " (" + info.realm + ")", realm);
+
+      Assert.notEqual(text.indexOf(host), -1);
+      if (info.flags & nsIAuthInformation.ONLY_PASSWORD) {
+        // Should have the username in the text
+        Assert.notEqual(text.indexOf(info.username), -1);
+      } else {
+        // Make sure that we show the realm if we have one and that we don't
+        // show "" otherwise
+        if (info.realm != "") {
+          Assert.notEqual(text.indexOf(info.realm), -1);
+        } else {
+          Assert.equal(text.indexOf('""'), -1);
+        }
+        // No explicit port in the URL; message should not contain -1
+        // for those cases
+        Assert.equal(text.indexOf("-1"), -1);
+      }
+    },
+  };
+
+  // Also have to make up a channel
+  var uri = NetUtil.newURI("http://" + host);
+  var chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  });
+
+  function do_tests(expectedRV) {
+    var prompt1;
+    var wrapper;
+
+    // 1: The simple case
+    prompt1 = new Prompt1();
+    prompt1.rv = expectedRV;
+    wrapper = adapter.createAdapter(prompt1);
+
+    var rv = wrapper.promptAuth(chan, 0, info);
+    Assert.equal(rv, prompt1.rv);
+    Assert.equal(prompt1.called, CALLED_PROMPTUP);
+
+    if (rv) {
+      Assert.equal(info.domain, "");
+      Assert.equal(info.username, prompt1.user);
+      Assert.equal(info.password, prompt1.pw);
+    }
+
+    info.domain = "";
+    info.username = "";
+    info.password = "";
+
+    // 2: Only ask for a PW
+    prompt1 = new Prompt1();
+    prompt1.rv = expectedRV;
+    info.flags |= nsIAuthInformation.ONLY_PASSWORD;
+
+    // Initialize the username so that the prompt can show it
+    info.username = prompt1.user;
+
+    wrapper = adapter.createAdapter(prompt1);
+    rv = wrapper.promptAuth(chan, 0, info);
+    Assert.equal(rv, prompt1.rv);
+    Assert.equal(prompt1.called, CALLED_PROMPTP);
+
+    if (rv) {
+      Assert.equal(info.domain, "");
+      Assert.equal(info.username, prompt1.user); // we initialized this
+      Assert.equal(info.password, prompt1.pw);
+    }
+
+    info.flags &= ~nsIAuthInformation.ONLY_PASSWORD;
+
+    info.domain = "";
+    info.username = "";
+    info.password = "";
+
+    // 3: user, pw and domain
+    prompt1 = new Prompt1();
+    prompt1.rv = expectedRV;
+    info.flags |= nsIAuthInformation.NEED_DOMAIN;
+
+    wrapper = adapter.createAdapter(prompt1);
+    rv = wrapper.promptAuth(chan, 0, info);
+    Assert.equal(rv, prompt1.rv);
+    Assert.equal(prompt1.called, CALLED_PROMPTUP);
+
+    if (rv) {
+      Assert.equal(info.domain, "foo");
+      Assert.equal(info.username, "bar");
+      Assert.equal(info.password, prompt1.pw);
+    }
+
+    info.flags &= ~nsIAuthInformation.NEED_DOMAIN;
+
+    info.domain = "";
+    info.username = "";
+    info.password = "";
+
+    // 4: username that doesn't contain a domain
+    prompt1 = new Prompt1();
+    prompt1.rv = expectedRV;
+    info.flags |= nsIAuthInformation.NEED_DOMAIN;
+
+    prompt1.user = "foo";
+
+    wrapper = adapter.createAdapter(prompt1);
+    rv = wrapper.promptAuth(chan, 0, info);
+    Assert.equal(rv, prompt1.rv);
+    Assert.equal(prompt1.called, CALLED_PROMPTUP);
+
+    if (rv) {
+      Assert.equal(info.domain, "");
+      Assert.equal(info.username, prompt1.user);
+      Assert.equal(info.password, prompt1.pw);
+    }
+
+    info.flags &= ~nsIAuthInformation.NEED_DOMAIN;
+
+    info.domain = "";
+    info.username = "";
+    info.password = "";
+  }
+  do_tests(true);
+  do_tests(false);
+}
diff --git a/netwerk/test/unit/test_backgroundfilesaver.js b/netwerk/test/unit/test_backgroundfilesaver.js
new file mode 100644
index 0000000000..eeceab9bf8
--- /dev/null
+++ b/netwerk/test/unit/test_backgroundfilesaver.js
@@ -0,0 +1,761 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * This file tests components that implement nsIBackgroundFileSaver.
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+//// Globals
+
+"use strict";
+
+ChromeUtils.defineESModuleGetters(this, {
+  FileTestUtils: "resource://testing-common/FileTestUtils.sys.mjs",
+});
+
+const BackgroundFileSaverOutputStream = Components.Constructor(
+  "@mozilla.org/network/background-file-saver;1?mode=outputstream",
+  "nsIBackgroundFileSaver"
+);
+
+const BackgroundFileSaverStreamListener = Components.Constructor(
+  "@mozilla.org/network/background-file-saver;1?mode=streamlistener",
+  "nsIBackgroundFileSaver"
+);
+
+const StringInputStream = Components.Constructor(
+  "@mozilla.org/io/string-input-stream;1",
+  "nsIStringInputStream",
+  "setData"
+);
+
+const REQUEST_SUSPEND_AT = 1024 * 1024 * 4;
+const TEST_DATA_SHORT = "This test string is written to the file.";
+const TEST_FILE_NAME_1 = "test-backgroundfilesaver-1.txt";
+const TEST_FILE_NAME_2 = "test-backgroundfilesaver-2.txt";
+const TEST_FILE_NAME_3 = "test-backgroundfilesaver-3.txt";
+
+// A map of test data length to the expected SHA-256 hashes
+const EXPECTED_HASHES = {
+  // No data
+  0: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+  // TEST_DATA_SHORT
+  40: "f37176b690e8744ee990a206c086cba54d1502aa2456c3b0c84ef6345d72a192",
+  // TEST_DATA_SHORT + TEST_DATA_SHORT
+  80: "780c0e91f50bb7ec922cc11e16859e6d5df283c0d9470f61772e3d79f41eeb58",
+  // TEST_DATA_LONG
+  4718592: "372cb9e5ce7b76d3e2a5042e78aa72dcf973e659a262c61b7ff51df74b36767b",
+  // TEST_DATA_LONG + TEST_DATA_LONG
+  9437184: "693e4f8c6855a6fed4f5f9370d12cc53105672f3ff69783581e7d925984c41d3",
+};
+
+// Generate a long string of data in a moderately fast way.
+const TEST_256_CHARS = new Array(257).join("-");
+const DESIRED_LENGTH = REQUEST_SUSPEND_AT * 1.125;
+const TEST_DATA_LONG = new Array(1 + DESIRED_LENGTH / 256).join(TEST_256_CHARS);
+Assert.equal(TEST_DATA_LONG.length, DESIRED_LENGTH);
+
+/**
+ * Returns a reference to a temporary file that is guaranteed not to exist and
+ * is cleaned up later. See FileTestUtils.getTempFile for details.
+ */
+function getTempFile(leafName) {
+  return FileTestUtils.getTempFile(leafName);
+}
+
+/**
+ * Helper function for converting a binary blob to its hex equivalent.
+ *
+ * @param str
+ *        String possibly containing non-printable chars.
+ * @return A hex-encoded string.
+ */
+function toHex(str) {
+  var hex = "";
+  for (var i = 0; i < str.length; i++) {
+    hex += ("0" + str.charCodeAt(i).toString(16)).slice(-2);
+  }
+  return hex;
+}
+
+/**
+ * Ensures that the given file contents are equal to the given string.
+ *
+ * @param aFile
+ *        nsIFile whose contents should be verified.
+ * @param aExpectedContents
+ *        String containing the octets that are expected in the file.
+ *
+ * @return {Promise}
+ * @resolves When the operation completes.
+ * @rejects Never.
+ */
+function promiseVerifyContents(aFile, aExpectedContents) {
+  return new Promise(resolve => {
+    NetUtil.asyncFetch(
+      {
+        uri: NetUtil.newURI(aFile),
+        loadUsingSystemPrincipal: true,
+      },
+      function (aInputStream, aStatus) {
+        Assert.ok(Components.isSuccessCode(aStatus));
+        let contents = NetUtil.readInputStreamToString(
+          aInputStream,
+          aInputStream.available()
+        );
+        if (contents.length <= TEST_DATA_SHORT.length * 2) {
+          Assert.equal(contents, aExpectedContents);
+        } else {
+          // Do not print the entire content string to the test log.
+          Assert.equal(contents.length, aExpectedContents.length);
+          Assert.ok(contents == aExpectedContents);
+        }
+        resolve();
+      }
+    );
+  });
+}
+
+/**
+ * Waits for the given saver object to complete.
+ *
+ * @param aSaver
+ *        The saver, with the output stream or a stream listener implementation.
+ * @param aOnTargetChangeFn
+ *        Optional callback invoked with the target file name when it changes.
+ *
+ * @return {Promise}
+ * @resolves When onSaveComplete is called with a success code.
+ * @rejects With an exception, if onSaveComplete is called with a failure code.
+ */
+function promiseSaverComplete(aSaver, aOnTargetChangeFn) {
+  return new Promise((resolve, reject) => {
+    aSaver.observer = {
+      onTargetChange: function BFSO_onSaveComplete(saver, aTarget) {
+        if (aOnTargetChangeFn) {
+          aOnTargetChangeFn(aTarget);
+        }
+      },
+      onSaveComplete: function BFSO_onSaveComplete(saver, aStatus) {
+        if (Components.isSuccessCode(aStatus)) {
+          resolve();
+        } else {
+          reject(new Components.Exception("Saver failed.", aStatus));
+        }
+      },
+    };
+  });
+}
+
+/**
+ * Feeds a string to a BackgroundFileSaverOutputStream.
+ *
+ * @param aSourceString
+ *        The source data to copy.
+ * @param aSaverOutputStream
+ *        The BackgroundFileSaverOutputStream to feed.
+ * @param aCloseWhenDone
+ *        If true, the output stream will be closed when the copy finishes.
+ *
+ * @return {Promise}
+ * @resolves When the copy completes with a success code.
+ * @rejects With an exception, if the copy fails.
+ */
+function promiseCopyToSaver(aSourceString, aSaverOutputStream, aCloseWhenDone) {
+  return new Promise((resolve, reject) => {
+    let inputStream = new StringInputStream(
+      aSourceString,
+      aSourceString.length
+    );
+    let copier = Cc[
+      "@mozilla.org/network/async-stream-copier;1"
+    ].createInstance(Ci.nsIAsyncStreamCopier);
+    copier.init(
+      inputStream,
+      aSaverOutputStream,
+      null,
+      false,
+      true,
+      0x8000,
+      true,
+      aCloseWhenDone
+    );
+    copier.asyncCopy(
+      {
+        onStartRequest() {},
+        onStopRequest(aRequest, aStatusCode) {
+          if (Components.isSuccessCode(aStatusCode)) {
+            resolve();
+          } else {
+            reject(new Components.Exception(aStatusCode));
+          }
+        },
+      },
+      null
+    );
+  });
+}
+
+/**
+ * Feeds a string to a BackgroundFileSaverStreamListener.
+ *
+ * @param aSourceString
+ *        The source data to copy.
+ * @param aSaverStreamListener
+ *        The BackgroundFileSaverStreamListener to feed.
+ * @param aCloseWhenDone
+ *        If true, the output stream will be closed when the copy finishes.
+ *
+ * @return {Promise}
+ * @resolves When the operation completes with a success code.
+ * @rejects With an exception, if the operation fails.
+ */
+function promisePumpToSaver(
+  aSourceString,
+  aSaverStreamListener,
+  aCloseWhenDone
+) {
+  return new Promise((resolve, reject) => {
+    aSaverStreamListener.QueryInterface(Ci.nsIStreamListener);
+    let inputStream = new StringInputStream(
+      aSourceString,
+      aSourceString.length
+    );
+    let pump = Cc["@mozilla.org/network/input-stream-pump;1"].createInstance(
+      Ci.nsIInputStreamPump
+    );
+    pump.init(inputStream, 0, 0, true);
+    pump.asyncRead({
+      onStartRequest: function PPTS_onStartRequest(aRequest) {
+        aSaverStreamListener.onStartRequest(aRequest);
+      },
+      onStopRequest: function PPTS_onStopRequest(aRequest, aStatusCode) {
+        aSaverStreamListener.onStopRequest(aRequest, aStatusCode);
+        if (Components.isSuccessCode(aStatusCode)) {
+          resolve();
+        } else {
+          reject(new Components.Exception(aStatusCode));
+        }
+      },
+      onDataAvailable: function PPTS_onDataAvailable(
+        aRequest,
+        aInputStream,
+        aOffset,
+        aCount
+      ) {
+        aSaverStreamListener.onDataAvailable(
+          aRequest,
+          aInputStream,
+          aOffset,
+          aCount
+        );
+      },
+    });
+  });
+}
+
+var gStillRunning = true;
+
+////////////////////////////////////////////////////////////////////////////////
+//// Tests
+
+add_task(function test_setup() {
+  // Wait 10 minutes, that is half of the external xpcshell timeout.
+  do_timeout(10 * 60 * 1000, function () {
+    if (gStillRunning) {
+      do_throw("Test timed out.");
+    }
+  });
+});
+
+add_task(async function test_normal() {
+  // This test demonstrates the most basic use case.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  // Create the object implementing the output stream.
+  let saver = new BackgroundFileSaverOutputStream();
+
+  // Set up callbacks for completion and target file name change.
+  let receivedOnTargetChange = false;
+  function onTargetChange(aTarget) {
+    Assert.ok(destFile.equals(aTarget));
+    receivedOnTargetChange = true;
+  }
+  let completionPromise = promiseSaverComplete(saver, onTargetChange);
+
+  // Set the target file.
+  saver.setTarget(destFile, false);
+
+  // Write some data and close the output stream.
+  await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+
+  // Indicate that we are ready to finish, and wait for a successful callback.
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+
+  // Only after we receive the completion notification, we can also be sure that
+  // we've received the target file name change notification before it.
+  Assert.ok(receivedOnTargetChange);
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_combinations() {
+  let initialFile = getTempFile(TEST_FILE_NAME_1);
+  let renamedFile = getTempFile(TEST_FILE_NAME_2);
+
+  // Keep track of the current file.
+  let currentFile = null;
+  function onTargetChange(aTarget) {
+    currentFile = null;
+    info("Target file changed to: " + aTarget.leafName);
+    currentFile = aTarget;
+  }
+
+  // Tests various combinations of events and behaviors for both the stream
+  // listener and the output stream implementations.
+  for (let testFlags = 0; testFlags < 32; testFlags++) {
+    let keepPartialOnFailure = !!(testFlags & 1);
+    let renameAtSomePoint = !!(testFlags & 2);
+    let cancelAtSomePoint = !!(testFlags & 4);
+    let useStreamListener = !!(testFlags & 8);
+    let useLongData = !!(testFlags & 16);
+
+    let startTime = Date.now();
+    info(
+      "Starting keepPartialOnFailure = " +
+        keepPartialOnFailure +
+        ", renameAtSomePoint = " +
+        renameAtSomePoint +
+        ", cancelAtSomePoint = " +
+        cancelAtSomePoint +
+        ", useStreamListener = " +
+        useStreamListener +
+        ", useLongData = " +
+        useLongData
+    );
+
+    // Create the object and register the observers.
+    currentFile = null;
+    let saver = useStreamListener
+      ? new BackgroundFileSaverStreamListener()
+      : new BackgroundFileSaverOutputStream();
+    saver.enableSha256();
+    let completionPromise = promiseSaverComplete(saver, onTargetChange);
+
+    // Start feeding the first chunk of data to the saver.  In case we are using
+    // the stream listener, we only write one chunk.
+    let testData = useLongData ? TEST_DATA_LONG : TEST_DATA_SHORT;
+    let feedPromise = useStreamListener
+      ? promisePumpToSaver(testData + testData, saver)
+      : promiseCopyToSaver(testData, saver, false);
+
+    // Set a target output file.
+    saver.setTarget(initialFile, keepPartialOnFailure);
+
+    // Wait for the first chunk of data to be copied.
+    await feedPromise;
+
+    if (renameAtSomePoint) {
+      saver.setTarget(renamedFile, keepPartialOnFailure);
+    }
+
+    if (cancelAtSomePoint) {
+      saver.finish(Cr.NS_ERROR_FAILURE);
+    }
+
+    // Feed the second chunk of data to the saver.
+    if (!useStreamListener) {
+      await promiseCopyToSaver(testData, saver, true);
+    }
+
+    // Wait for completion, and ensure we succeeded or failed as expected.
+    if (!cancelAtSomePoint) {
+      saver.finish(Cr.NS_OK);
+    }
+    try {
+      await completionPromise;
+      if (cancelAtSomePoint) {
+        do_throw("Failure expected.");
+      }
+    } catch (ex) {
+      if (!cancelAtSomePoint || ex.result != Cr.NS_ERROR_FAILURE) {
+        throw ex;
+      }
+    }
+
+    if (!cancelAtSomePoint) {
+      // In this case, the file must exist.
+      Assert.ok(currentFile.exists());
+      let expectedContents = testData + testData;
+      await promiseVerifyContents(currentFile, expectedContents);
+      Assert.equal(
+        EXPECTED_HASHES[expectedContents.length],
+        toHex(saver.sha256Hash)
+      );
+      currentFile.remove(false);
+
+      // If the target was really renamed, the old file should not exist.
+      if (renamedFile.equals(currentFile)) {
+        Assert.ok(!initialFile.exists());
+      }
+    } else if (!keepPartialOnFailure) {
+      // In this case, the file must not exist.
+      Assert.ok(!initialFile.exists());
+      Assert.ok(!renamedFile.exists());
+    } else {
+      // In this case, the file may or may not exist, because canceling can
+      // interrupt the asynchronous operation at any point, even before the file
+      // has been created for the first time.
+      if (initialFile.exists()) {
+        initialFile.remove(false);
+      }
+      if (renamedFile.exists()) {
+        renamedFile.remove(false);
+      }
+    }
+
+    info("Test case completed in " + (Date.now() - startTime) + " ms.");
+  }
+});
+
+add_task(async function test_setTarget_after_close_stream() {
+  // This test checks the case where we close the output stream before we call
+  // the setTarget method.  All the data should be buffered and written anyway.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  // Test the case where the file does not already exists first, then the case
+  // where the file already exists.
+  for (let i = 0; i < 2; i++) {
+    let saver = new BackgroundFileSaverOutputStream();
+    saver.enableSha256();
+    let completionPromise = promiseSaverComplete(saver);
+
+    // Copy some data to the output stream of the file saver.  This data must
+    // be shorter than the internal component's pipe buffer for the test to
+    // succeed, because otherwise the test would block waiting for the write to
+    // complete.
+    await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+
+    // Set the target file and wait for the output to finish.
+    saver.setTarget(destFile, false);
+    saver.finish(Cr.NS_OK);
+    await completionPromise;
+
+    // Verify results.
+    await promiseVerifyContents(destFile, TEST_DATA_SHORT);
+    Assert.equal(
+      EXPECTED_HASHES[TEST_DATA_SHORT.length],
+      toHex(saver.sha256Hash)
+    );
+  }
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_setTarget_fast() {
+  // This test checks a fast rename of the target file.
+  let destFile1 = getTempFile(TEST_FILE_NAME_1);
+  let destFile2 = getTempFile(TEST_FILE_NAME_2);
+  let saver = new BackgroundFileSaverOutputStream();
+  let completionPromise = promiseSaverComplete(saver);
+
+  // Set the initial name after the stream is closed, then rename immediately.
+  await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+  saver.setTarget(destFile1, false);
+  saver.setTarget(destFile2, false);
+
+  // Wait for all the operations to complete.
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+
+  // Verify results and clean up.
+  Assert.ok(!destFile1.exists());
+  await promiseVerifyContents(destFile2, TEST_DATA_SHORT);
+  destFile2.remove(false);
+});
+
+add_task(async function test_setTarget_multiple() {
+  // This test checks multiple renames of the target file.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+  let saver = new BackgroundFileSaverOutputStream();
+  let completionPromise = promiseSaverComplete(saver);
+
+  // Rename both before and after the stream is closed.
+  saver.setTarget(getTempFile(TEST_FILE_NAME_2), false);
+  saver.setTarget(getTempFile(TEST_FILE_NAME_3), false);
+  await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+  saver.setTarget(getTempFile(TEST_FILE_NAME_2), false);
+  saver.setTarget(destFile, false);
+
+  // Wait for all the operations to complete.
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+
+  // Verify results and clean up.
+  Assert.ok(!getTempFile(TEST_FILE_NAME_2).exists());
+  Assert.ok(!getTempFile(TEST_FILE_NAME_3).exists());
+  await promiseVerifyContents(destFile, TEST_DATA_SHORT);
+  destFile.remove(false);
+});
+
+add_task(async function test_enableAppend() {
+  // This test checks append mode with hashing disabled.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  // Test the case where the file does not already exists first, then the case
+  // where the file already exists.
+  for (let i = 0; i < 2; i++) {
+    let saver = new BackgroundFileSaverOutputStream();
+    saver.enableAppend();
+    let completionPromise = promiseSaverComplete(saver);
+
+    saver.setTarget(destFile, false);
+    await promiseCopyToSaver(TEST_DATA_LONG, saver, true);
+
+    saver.finish(Cr.NS_OK);
+    await completionPromise;
+
+    // Verify results.
+    let expectedContents =
+      i == 0 ? TEST_DATA_LONG : TEST_DATA_LONG + TEST_DATA_LONG;
+    await promiseVerifyContents(destFile, expectedContents);
+  }
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_enableAppend_setTarget_fast() {
+  // This test checks a fast rename of the target file in append mode.
+  let destFile1 = getTempFile(TEST_FILE_NAME_1);
+  let destFile2 = getTempFile(TEST_FILE_NAME_2);
+
+  // Test the case where the file does not already exists first, then the case
+  // where the file already exists.
+  for (let i = 0; i < 2; i++) {
+    let saver = new BackgroundFileSaverOutputStream();
+    saver.enableAppend();
+    let completionPromise = promiseSaverComplete(saver);
+
+    await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+
+    // The first time, we start appending to the first file and rename to the
+    // second file.  The second time, we start appending to the second file,
+    // that was created the first time, and rename back to the first file.
+    let firstFile = i == 0 ? destFile1 : destFile2;
+    let secondFile = i == 0 ? destFile2 : destFile1;
+    saver.setTarget(firstFile, false);
+    saver.setTarget(secondFile, false);
+
+    saver.finish(Cr.NS_OK);
+    await completionPromise;
+
+    // Verify results.
+    Assert.ok(!firstFile.exists());
+    let expectedContents =
+      i == 0 ? TEST_DATA_SHORT : TEST_DATA_SHORT + TEST_DATA_SHORT;
+    await promiseVerifyContents(secondFile, expectedContents);
+  }
+
+  // Clean up.
+  destFile1.remove(false);
+});
+
+add_task(async function test_enableAppend_hash() {
+  // This test checks append mode, also verifying that the computed hash
+  // includes the contents of the existing data.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  // Test the case where the file does not already exists first, then the case
+  // where the file already exists.
+  for (let i = 0; i < 2; i++) {
+    let saver = new BackgroundFileSaverOutputStream();
+    saver.enableAppend();
+    saver.enableSha256();
+    let completionPromise = promiseSaverComplete(saver);
+
+    saver.setTarget(destFile, false);
+    await promiseCopyToSaver(TEST_DATA_LONG, saver, true);
+
+    saver.finish(Cr.NS_OK);
+    await completionPromise;
+
+    // Verify results.
+    let expectedContents =
+      i == 0 ? TEST_DATA_LONG : TEST_DATA_LONG + TEST_DATA_LONG;
+    await promiseVerifyContents(destFile, expectedContents);
+    Assert.equal(
+      EXPECTED_HASHES[expectedContents.length],
+      toHex(saver.sha256Hash)
+    );
+  }
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_finish_only() {
+  // This test checks creating the object and doing nothing.
+  let saver = new BackgroundFileSaverOutputStream();
+  function onTargetChange(aTarget) {
+    do_throw("Should not receive the onTargetChange notification.");
+  }
+  let completionPromise = promiseSaverComplete(saver, onTargetChange);
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+});
+
+add_task(async function test_empty() {
+  // This test checks we still create an empty file when no data is fed.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  let saver = new BackgroundFileSaverOutputStream();
+  let completionPromise = promiseSaverComplete(saver);
+
+  saver.setTarget(destFile, false);
+  await promiseCopyToSaver("", saver, true);
+
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+
+  // Verify results.
+  Assert.ok(destFile.exists());
+  Assert.equal(destFile.fileSize, 0);
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_empty_hash() {
+  // This test checks the hash of an empty file, both in normal and append mode.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  // Test normal mode first, then append mode.
+  for (let i = 0; i < 2; i++) {
+    let saver = new BackgroundFileSaverOutputStream();
+    if (i == 1) {
+      saver.enableAppend();
+    }
+    saver.enableSha256();
+    let completionPromise = promiseSaverComplete(saver);
+
+    saver.setTarget(destFile, false);
+    await promiseCopyToSaver("", saver, true);
+
+    saver.finish(Cr.NS_OK);
+    await completionPromise;
+
+    // Verify results.
+    Assert.equal(destFile.fileSize, 0);
+    Assert.equal(EXPECTED_HASHES[0], toHex(saver.sha256Hash));
+  }
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_invalid_hash() {
+  let saver = new BackgroundFileSaverStreamListener();
+  let completionPromise = promiseSaverComplete(saver);
+  // We shouldn't be able to get the hash if hashing hasn't been enabled
+  try {
+    saver.sha256Hash;
+    do_throw("Shouldn't be able to get hash if hashing not enabled");
+  } catch (ex) {
+    if (ex.result != Cr.NS_ERROR_NOT_AVAILABLE) {
+      throw ex;
+    }
+  }
+  // Enable hashing, but don't feed any data to saver
+  saver.enableSha256();
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+  saver.setTarget(destFile, false);
+  // We don't wait on promiseSaverComplete, so the hash getter can run before
+  // or after onSaveComplete is called. However, the expected behavior is the
+  // same in both cases since the hash is only valid when the save completes
+  // successfully.
+  saver.finish(Cr.NS_ERROR_FAILURE);
+  try {
+    saver.sha256Hash;
+    do_throw("Shouldn't be able to get hash if save did not succeed");
+  } catch (ex) {
+    if (ex.result != Cr.NS_ERROR_NOT_AVAILABLE) {
+      throw ex;
+    }
+  }
+  // Wait for completion so that the worker thread finishes dealing with the
+  // target file. We expect it to fail.
+  try {
+    await completionPromise;
+    do_throw("completionPromise should throw");
+  } catch (ex) {
+    if (ex.result != Cr.NS_ERROR_FAILURE) {
+      throw ex;
+    }
+  }
+});
+
+add_task(async function test_signature() {
+  // Check that we get a signature if the saver is finished.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  let saver = new BackgroundFileSaverOutputStream();
+  let completionPromise = promiseSaverComplete(saver);
+
+  try {
+    saver.signatureInfo;
+    do_throw("Can't get signature if saver is not complete");
+  } catch (ex) {
+    if (ex.result != Cr.NS_ERROR_NOT_AVAILABLE) {
+      throw ex;
+    }
+  }
+
+  saver.enableSignatureInfo();
+  saver.setTarget(destFile, false);
+  await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+  await promiseVerifyContents(destFile, TEST_DATA_SHORT);
+
+  // signatureInfo is an empty nsIArray
+  Assert.equal(0, saver.signatureInfo.length);
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(async function test_signature_not_enabled() {
+  // Check that we get a signature if the saver is finished on Windows.
+  let destFile = getTempFile(TEST_FILE_NAME_1);
+
+  let saver = new BackgroundFileSaverOutputStream();
+  let completionPromise = promiseSaverComplete(saver);
+  saver.setTarget(destFile, false);
+  await promiseCopyToSaver(TEST_DATA_SHORT, saver, true);
+
+  saver.finish(Cr.NS_OK);
+  await completionPromise;
+  try {
+    saver.signatureInfo;
+    do_throw("Can't get signature if not enabled");
+  } catch (ex) {
+    if (ex.result != Cr.NS_ERROR_NOT_AVAILABLE) {
+      throw ex;
+    }
+  }
+
+  // Clean up.
+  destFile.remove(false);
+});
+
+add_task(function test_teardown() {
+  gStillRunning = false;
+});
diff --git a/netwerk/test/unit/test_be_conservative.js b/netwerk/test/unit/test_be_conservative.js
new file mode 100644
index 0000000000..af8cf23976
--- /dev/null
+++ b/netwerk/test/unit/test_be_conservative.js
@@ -0,0 +1,256 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+
+"use strict";
+
+// Allow telemetry probes which may otherwise be disabled for some
+// applications (e.g. Thunderbird).
+Services.prefs.setBoolPref(
+  "toolkit.telemetry.testing.overrideProductsCheck",
+  true
+);
+
+// Tests that nsIHttpChannelInternal.beConservative correctly limits the use of
+// advanced TLS features that may cause compatibility issues. Does so by
+// starting a TLS server that requires the advanced features and then ensuring
+// that a client that is set to be conservative will fail when connecting.
+
+// Get a profile directory and ensure PSM initializes NSS.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+class InputStreamCallback {
+  constructor(output) {
+    this.output = output;
+    this.stopped = false;
+  }
+
+  onInputStreamReady(stream) {
+    info("input stream ready");
+    if (this.stopped) {
+      info("input stream callback stopped - bailing");
+      return;
+    }
+    let available = 0;
+    try {
+      available = stream.available();
+    } catch (e) {
+      // onInputStreamReady may fire when the stream has been closed.
+      equal(
+        e.result,
+        Cr.NS_BASE_STREAM_CLOSED,
+        "error should be NS_BASE_STREAM_CLOSED"
+      );
+    }
+    if (available > 0) {
+      let request = NetUtil.readInputStreamToString(stream, available, {
+        charset: "utf8",
+      });
+      ok(
+        request.startsWith("GET / HTTP/1.1\r\n"),
+        "Should get a simple GET / HTTP/1.1 request"
+      );
+      let response =
+        "HTTP/1.1 200 OK\r\n" +
+        "Content-Length: 2\r\n" +
+        "Content-Type: text/plain\r\n" +
+        "\r\nOK";
+      let written = this.output.write(response, response.length);
+      equal(
+        written,
+        response.length,
+        "should have been able to write entire response"
+      );
+    }
+    this.output.close();
+    info("done with input stream ready");
+  }
+
+  stop() {
+    this.stopped = true;
+    this.output.close();
+  }
+}
+
+class TLSServerSecurityObserver {
+  constructor(input, output) {
+    this.input = input;
+    this.output = output;
+    this.callbacks = [];
+    this.stopped = false;
+  }
+
+  onHandshakeDone(socket, status) {
+    info("TLS handshake done");
+    info(`TLS version used: ${status.tlsVersionUsed}`);
+
+    if (this.stopped) {
+      info("handshake done callback stopped - bailing");
+      return;
+    }
+
+    let callback = new InputStreamCallback(this.output);
+    this.callbacks.push(callback);
+    this.input.asyncWait(callback, 0, 0, Services.tm.currentThread);
+  }
+
+  stop() {
+    this.stopped = true;
+    this.input.close();
+    this.output.close();
+    this.callbacks.forEach(callback => {
+      callback.stop();
+    });
+  }
+}
+
+class ServerSocketListener {
+  constructor() {
+    this.securityObservers = [];
+  }
+
+  onSocketAccepted(socket, transport) {
+    info("accepted TLS client connection");
+    let connectionInfo = transport.securityCallbacks.getInterface(
+      Ci.nsITLSServerConnectionInfo
+    );
+    let input = transport.openInputStream(0, 0, 0);
+    let output = transport.openOutputStream(0, 0, 0);
+    let securityObserver = new TLSServerSecurityObserver(input, output);
+    this.securityObservers.push(securityObserver);
+    connectionInfo.setSecurityObserver(securityObserver);
+  }
+
+  // For some reason we get input stream callback events after we've stopped
+  // listening, so this ensures we just drop those events.
+  onStopListening() {
+    info("onStopListening");
+    this.securityObservers.forEach(observer => {
+      observer.stop();
+    });
+  }
+}
+
+function startServer(cert, minServerVersion, maxServerVersion) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
+    Ci.nsITLSServerSocket
+  );
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+  tlsServer.setVersionRange(minServerVersion, maxServerVersion);
+  tlsServer.setSessionTickets(false);
+  tlsServer.asyncListen(new ServerSocketListener());
+  return tlsServer;
+}
+
+const hostname = "example.com";
+
+function storeCertOverride(port, cert) {
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(hostname, port, {}, cert, true);
+}
+
+function startClient(port, beConservative, expectSuccess) {
+  HandshakeTelemetryHelpers.resetHistograms();
+  let flavors = ["", "_FIRST_TRY"];
+  let nonflavors = [];
+  if (beConservative) {
+    flavors.push("_CONSERVATIVE");
+    nonflavors.push("_ECH");
+    nonflavors.push("_ECH_GREASE");
+  } else {
+    nonflavors.push("_CONSERVATIVE");
+  }
+
+  let req = new XMLHttpRequest();
+  req.open("GET", `https://${hostname}:${port}`);
+  let internalChannel = req.channel.QueryInterface(Ci.nsIHttpChannelInternal);
+  internalChannel.beConservative = beConservative;
+  return new Promise((resolve, reject) => {
+    req.onload = () => {
+      ok(
+        expectSuccess,
+        `should ${expectSuccess ? "" : "not "}have gotten load event`
+      );
+      equal(req.responseText, "OK", "response text should be 'OK'");
+
+      // Only check telemetry if network process is disabled.
+      if (!mozinfo.socketprocess_networking) {
+        HandshakeTelemetryHelpers.checkSuccess(flavors);
+        HandshakeTelemetryHelpers.checkEmpty(nonflavors);
+      }
+
+      resolve();
+    };
+    req.onerror = () => {
+      ok(
+        !expectSuccess,
+        `should ${!expectSuccess ? "" : "not "}have gotten an error`
+      );
+
+      // Only check telemetry if network process is disabled.
+      if (!mozinfo.socketprocess_networking) {
+        // 98 is SSL_ERROR_PROTOCOL_VERSION_ALERT (see sslerr.h)
+        HandshakeTelemetryHelpers.checkEntry(flavors, 98, 1);
+        HandshakeTelemetryHelpers.checkEmpty(nonflavors);
+      }
+
+      resolve();
+    };
+
+    req.send();
+  });
+}
+
+add_task(async function () {
+  Services.prefs.setIntPref("security.tls.version.max", 4);
+  Services.prefs.setCharPref("network.dns.localDomains", hostname);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+  let cert = getTestServerCertificate();
+
+  // First run a server that accepts TLS 1.2 and 1.3. A conservative client
+  // should succeed in connecting.
+  let server = startServer(
+    cert,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_2,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3
+  );
+  storeCertOverride(server.port, cert);
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    true /*should succeed*/
+  );
+  server.close();
+
+  // Now run a server that only accepts TLS 1.3. A conservative client will not
+  // succeed in this case.
+  server = startServer(
+    cert,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3
+  );
+  storeCertOverride(server.port, cert);
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    false /*should fail*/
+  );
+
+  // However, a non-conservative client should succeed.
+  await startClient(
+    server.port,
+    false /*don't be conservative*/,
+    true /*should succeed*/
+  );
+  server.close();
+});
+
+registerCleanupFunction(function () {
+  Services.prefs.clearUserPref("security.tls.version.max");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+});
diff --git a/netwerk/test/unit/test_be_conservative_error_handling.js b/netwerk/test/unit/test_be_conservative_error_handling.js
new file mode 100644
index 0000000000..eae3042592
--- /dev/null
+++ b/netwerk/test/unit/test_be_conservative_error_handling.js
@@ -0,0 +1,216 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+
+"use strict";
+
+// Tests that nsIHttpChannelInternal.beConservative correctly limits the use of
+// advanced TLS features that may cause compatibility issues. Does so by
+// starting a TLS server that requires the advanced features and then ensuring
+// that a client that is set to be conservative will fail when connecting.
+
+// Get a profile directory and ensure PSM initializes NSS.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+class InputStreamCallback {
+  constructor(output) {
+    this.output = output;
+    this.stopped = false;
+  }
+
+  onInputStreamReady(stream) {
+    info("input stream ready");
+    if (this.stopped) {
+      info("input stream callback stopped - bailing");
+      return;
+    }
+    let available = 0;
+    try {
+      available = stream.available();
+    } catch (e) {
+      // onInputStreamReady may fire when the stream has been closed.
+      equal(
+        e.result,
+        Cr.NS_BASE_STREAM_CLOSED,
+        "error should be NS_BASE_STREAM_CLOSED"
+      );
+    }
+    if (available > 0) {
+      let request = NetUtil.readInputStreamToString(stream, available, {
+        charset: "utf8",
+      });
+      ok(
+        request.startsWith("GET / HTTP/1.1\r\n"),
+        "Should get a simple GET / HTTP/1.1 request"
+      );
+      let response =
+        "HTTP/1.1 200 OK\r\n" +
+        "Content-Length: 2\r\n" +
+        "Content-Type: text/plain\r\n" +
+        "\r\nOK";
+      let written = this.output.write(response, response.length);
+      equal(
+        written,
+        response.length,
+        "should have been able to write entire response"
+      );
+    }
+    this.output.close();
+    info("done with input stream ready");
+  }
+
+  stop() {
+    this.stopped = true;
+    this.output.close();
+  }
+}
+
+class TLSServerSecurityObserver {
+  constructor(input, output) {
+    this.input = input;
+    this.output = output;
+    this.callbacks = [];
+    this.stopped = false;
+  }
+
+  onHandshakeDone(socket, status) {
+    info("TLS handshake done");
+    info(`TLS version used: ${status.tlsVersionUsed}`);
+
+    if (this.stopped) {
+      info("handshake done callback stopped - bailing");
+      return;
+    }
+
+    let callback = new InputStreamCallback(this.output);
+    this.callbacks.push(callback);
+    this.input.asyncWait(callback, 0, 0, Services.tm.currentThread);
+  }
+
+  stop() {
+    this.stopped = true;
+    this.input.close();
+    this.output.close();
+    this.callbacks.forEach(callback => {
+      callback.stop();
+    });
+  }
+}
+
+class ServerSocketListener {
+  constructor() {
+    this.securityObservers = [];
+  }
+
+  onSocketAccepted(socket, transport) {
+    info("accepted TLS client connection");
+    let connectionInfo = transport.securityCallbacks.getInterface(
+      Ci.nsITLSServerConnectionInfo
+    );
+    let input = transport.openInputStream(0, 0, 0);
+    let output = transport.openOutputStream(0, 0, 0);
+    let securityObserver = new TLSServerSecurityObserver(input, output);
+    this.securityObservers.push(securityObserver);
+    connectionInfo.setSecurityObserver(securityObserver);
+  }
+
+  // For some reason we get input stream callback events after we've stopped
+  // listening, so this ensures we just drop those events.
+  onStopListening() {
+    info("onStopListening");
+    this.securityObservers.forEach(observer => {
+      observer.stop();
+    });
+  }
+}
+
+function startServer(cert, minServerVersion, maxServerVersion) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
+    Ci.nsITLSServerSocket
+  );
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+  tlsServer.setVersionRange(minServerVersion, maxServerVersion);
+  tlsServer.setSessionTickets(false);
+  tlsServer.asyncListen(new ServerSocketListener());
+  return tlsServer;
+}
+
+const hostname = "example.com";
+
+function storeCertOverride(port, cert) {
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(hostname, port, {}, cert, true);
+}
+
+function startClient(port, beConservative, expectSuccess) {
+  let req = new XMLHttpRequest();
+  req.open("GET", `https://${hostname}:${port}`);
+  let internalChannel = req.channel.QueryInterface(Ci.nsIHttpChannelInternal);
+  internalChannel.beConservative = beConservative;
+  return new Promise((resolve, reject) => {
+    req.onload = () => {
+      ok(
+        expectSuccess,
+        `should ${expectSuccess ? "" : "not "}have gotten load event`
+      );
+      equal(req.responseText, "OK", "response text should be 'OK'");
+      resolve();
+    };
+    req.onerror = () => {
+      ok(
+        !expectSuccess,
+        `should ${!expectSuccess ? "" : "not "}have gotten an error`
+      );
+      resolve();
+    };
+
+    req.send();
+  });
+}
+
+add_task(async function () {
+  // Restrict to only TLS 1.3.
+  Services.prefs.setIntPref("security.tls.version.min", 4);
+  Services.prefs.setIntPref("security.tls.version.max", 4);
+  Services.prefs.setCharPref("network.dns.localDomains", hostname);
+  let cert = getTestServerCertificate();
+
+  // Run a server that accepts TLS 1.2 and 1.3. The connection should succeed.
+  let server = startServer(
+    cert,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_2,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3
+  );
+  storeCertOverride(server.port, cert);
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    true /*should succeed*/
+  );
+  server.close();
+
+  // Now run a server that only accepts TLS 1.3. A conservative client will not
+  // succeed in this case.
+  server = startServer(
+    cert,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3,
+    Ci.nsITLSClientStatus.TLS_VERSION_1_3
+  );
+  storeCertOverride(server.port, cert);
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    false /*should fail*/
+  );
+  server.close();
+});
+
+registerCleanupFunction(function () {
+  Services.prefs.clearUserPref("security.tls.version.min");
+  Services.prefs.clearUserPref("security.tls.version.max");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+});
diff --git a/netwerk/test/unit/test_bhttp.js b/netwerk/test/unit/test_bhttp.js
new file mode 100644
index 0000000000..61c8066a79
--- /dev/null
+++ b/netwerk/test/unit/test_bhttp.js
@@ -0,0 +1,220 @@
+/* Any copyright is dedicated to the Public Domain.
+ * https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Unit tests for the binary http bindings.
+// Tests basic encoding and decoding of requests and responses.
+
+function BinaryHttpRequest(
+  method,
+  scheme,
+  authority,
+  path,
+  headerNames,
+  headerValues,
+  content
+) {
+  this.method = method;
+  this.scheme = scheme;
+  this.authority = authority;
+  this.path = path;
+  this.headerNames = headerNames;
+  this.headerValues = headerValues;
+  this.content = content;
+}
+
+BinaryHttpRequest.prototype = {
+  QueryInterface: ChromeUtils.generateQI(["nsIBinaryHttpRequest"]),
+};
+
+function test_encode_request() {
+  let bhttp = Cc["@mozilla.org/network/binary-http;1"].getService(
+    Ci.nsIBinaryHttp
+  );
+  let request = new BinaryHttpRequest(
+    "GET",
+    "https",
+    "",
+    "/hello.txt",
+    ["user-agent", "host", "accept-language"],
+    [
+      "curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3",
+      "www.example.com",
+      "en, mi",
+    ],
+    []
+  );
+  let encoded = bhttp.encodeRequest(request);
+  // This example is from RFC 9292.
+  let expected = hexStringToBytes(
+    "0003474554056874747073000a2f6865" +
+      "6c6c6f2e747874406c0a757365722d61" +
+      "67656e74346375726c2f372e31362e33" +
+      "206c69626375726c2f372e31362e3320" +
+      "4f70656e53534c2f302e392e376c207a" +
+      "6c69622f312e322e3304686f73740f77" +
+      "77772e6578616d706c652e636f6d0f61" +
+      "63636570742d6c616e67756167650665" +
+      "6e2c206d690000"
+  );
+  deepEqual(encoded, expected);
+
+  let mismatchedHeaders = new BinaryHttpRequest(
+    "GET",
+    "https",
+    "",
+    "",
+    ["whoops-only-one-header-name"],
+    ["some-header-value", "some-other-header-value"],
+    []
+  );
+  // The implementation uses "NS_ERROR_INVALID_ARG", because that's an
+  // appropriate description for the error.  However, that is an alias to
+  // "NS_ERROR_ILLEGAL_VALUE", which is what the actual exception uses, so
+  // that's what is tested for here.
+  Assert.throws(
+    () => bhttp.encodeRequest(mismatchedHeaders),
+    /NS_ERROR_ILLEGAL_VALUE/
+  );
+}
+
+function test_decode_request() {
+  let bhttp = Cc["@mozilla.org/network/binary-http;1"].getService(
+    Ci.nsIBinaryHttp
+  );
+
+  // From RFC 9292.
+  let encoded = hexStringToBytes(
+    "0003474554056874747073000a2f6865" +
+      "6c6c6f2e747874406c0a757365722d61" +
+      "67656e74346375726c2f372e31362e33" +
+      "206c69626375726c2f372e31362e3320" +
+      "4f70656e53534c2f302e392e376c207a" +
+      "6c69622f312e322e3304686f73740f77" +
+      "77772e6578616d706c652e636f6d0f61" +
+      "63636570742d6c616e67756167650665" +
+      "6e2c206d690000"
+  );
+  let request = bhttp.decodeRequest(encoded);
+  equal(request.method, "GET");
+  equal(request.scheme, "https");
+  equal(request.authority, "");
+  equal(request.path, "/hello.txt");
+  let expectedHeaderNames = ["user-agent", "host", "accept-language"];
+  deepEqual(request.headerNames, expectedHeaderNames);
+  let expectedHeaderValues = [
+    "curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3",
+    "www.example.com",
+    "en, mi",
+  ];
+  deepEqual(request.headerValues, expectedHeaderValues);
+  deepEqual(request.content, []);
+
+  let garbage = hexStringToBytes("115f00ab64c0fa783fe4cb723eaa87fa78900a0b00");
+  Assert.throws(() => bhttp.decodeRequest(garbage), /NS_ERROR_UNEXPECTED/);
+}
+
+function test_decode_response() {
+  let bhttp = Cc["@mozilla.org/network/binary-http;1"].getService(
+    Ci.nsIBinaryHttp
+  );
+  // From RFC 9292.
+  let encoded = hexStringToBytes(
+    "0340660772756e6e696e670a22736c65" +
+      "657020313522004067046c696e6b233c" +
+      "2f7374796c652e6373733e3b2072656c" +
+      "3d7072656c6f61643b2061733d737479" +
+      "6c65046c696e6b243c2f736372697074" +
+      "2e6a733e3b2072656c3d7072656c6f61" +
+      "643b2061733d7363726970740040c804" +
+      "646174651d4d6f6e2c203237204a756c" +
+      "20323030392031323a32383a35332047" +
+      "4d540673657276657206417061636865" +
+      "0d6c6173742d6d6f6469666965641d57" +
+      "65642c203232204a756c203230303920" +
+      "31393a31353a353620474d5404657461" +
+      "671422333461613338372d642d313536" +
+      "3865623030220d6163636570742d7261" +
+      "6e6765730562797465730e636f6e7465" +
+      "6e742d6c656e67746802353104766172" +
+      "790f4163636570742d456e636f64696e" +
+      "670c636f6e74656e742d747970650a74" +
+      "6578742f706c61696e003348656c6c6f" +
+      "20576f726c6421204d7920636f6e7465" +
+      "6e7420696e636c756465732061207472" +
+      "61696c696e672043524c462e0d0a0000"
+  );
+  let response = bhttp.decodeResponse(encoded);
+  equal(response.status, 200);
+  deepEqual(
+    response.content,
+    stringToBytes("Hello World! My content includes a trailing CRLF.\r\n")
+  );
+  let expectedHeaderNames = [
+    "date",
+    "server",
+    "last-modified",
+    "etag",
+    "accept-ranges",
+    "content-length",
+    "vary",
+    "content-type",
+  ];
+  deepEqual(response.headerNames, expectedHeaderNames);
+  let expectedHeaderValues = [
+    "Mon, 27 Jul 2009 12:28:53 GMT",
+    "Apache",
+    "Wed, 22 Jul 2009 19:15:56 GMT",
+    '"34aa387-d-1568eb00"',
+    "bytes",
+    "51",
+    "Accept-Encoding",
+    "text/plain",
+  ];
+  deepEqual(response.headerValues, expectedHeaderValues);
+
+  let garbage = hexStringToBytes(
+    "0367890084cb0ab03115fa0b4c2ea0fa783f7a87fa00"
+  );
+  Assert.throws(() => bhttp.decodeResponse(garbage), /NS_ERROR_UNEXPECTED/);
+}
+
+function test_encode_response() {
+  let response = new BinaryHttpResponse(
+    418,
+    ["content-type"],
+    ["text/plain"],
+    stringToBytes("I'm a teapot")
+  );
+  let bhttp = Cc["@mozilla.org/network/binary-http;1"].getService(
+    Ci.nsIBinaryHttp
+  );
+  let encoded = bhttp.encodeResponse(response);
+  let expected = hexStringToBytes(
+    "0141a2180c636f6e74656e742d747970650a746578742f706c61696e0c49276d206120746561706f7400"
+  );
+  deepEqual(encoded, expected);
+
+  let mismatchedHeaders = new BinaryHttpResponse(
+    500,
+    ["some-header", "some-other-header"],
+    ["whoops-only-one-header-value"],
+    []
+  );
+  // The implementation uses "NS_ERROR_INVALID_ARG", because that's an
+  // appropriate description for the error.  However, that is an alias to
+  // "NS_ERROR_ILLEGAL_VALUE", which is what the actual exception uses, so
+  // that's what is tested for here.
+  Assert.throws(
+    () => bhttp.encodeResponse(mismatchedHeaders),
+    /NS_ERROR_ILLEGAL_VALUE/
+  );
+}
+
+function run_test() {
+  test_encode_request();
+  test_decode_request();
+  test_encode_response();
+  test_decode_response();
+}
diff --git a/netwerk/test/unit/test_blob_channelname.js b/netwerk/test/unit/test_blob_channelname.js
new file mode 100644
index 0000000000..c1a09272da
--- /dev/null
+++ b/netwerk/test/unit/test_blob_channelname.js
@@ -0,0 +1,42 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_task(async function channelname() {
+  var file = new File(
+    [new Blob(["test"], { type: "text/plain" })],
+    "test-name"
+  );
+  var url = URL.createObjectURL(file);
+  var channel = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+
+  let inputStream = channel.open();
+  ok(inputStream, "Should be able to open channel");
+  ok(
+    inputStream.QueryInterface(Ci.nsIAsyncInputStream),
+    "Stream should support async operations"
+  );
+
+  await new Promise(resolve => {
+    inputStream.asyncWait(
+      () => {
+        let available = inputStream.available();
+        ok(available, "There should be data to read");
+        Assert.equal(
+          channel.contentDispositionFilename,
+          "test-name",
+          "filename matches"
+        );
+        resolve();
+      },
+      0,
+      0,
+      Services.tm.mainThread
+    );
+  });
+
+  inputStream.close();
+  channel.cancel(Cr.NS_ERROR_FAILURE);
+});
diff --git a/netwerk/test/unit/test_brotli_decoding.js b/netwerk/test/unit/test_brotli_decoding.js
new file mode 100644
index 0000000000..55e2869401
--- /dev/null
+++ b/netwerk/test/unit/test_brotli_decoding.js
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+let endChunk2ReceivedInTime = false;
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let channelListener = function (closure) {
+  this._closure = closure;
+  this._start = Date.now();
+};
+
+channelListener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    let data = read_stream(stream, cnt);
+    let current = Date.now();
+    let elapsed = current - this._start;
+    dump("data:" + data.slice(-10) + "\n");
+    dump("elapsed=" + elapsed + "\n");
+    if (elapsed < 2500 && data[data.length - 1] == "E") {
+      endChunk2ReceivedInTime = true;
+    }
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    this._closure();
+  },
+};
+
+add_task(async function test_http2() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  let server = new NodeHTTP2Server();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+  let chan = makeChan(`https://localhost:${server.port()}/test`);
+  let req = await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_ALLOW_UNKNOWN_CL));
+  });
+  equal(req.status, Cr.NS_OK);
+  equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 404);
+  await server.registerPathHandler("/test", (req1, resp) => {
+    resp.writeHead(200, {
+      "content-type": "text/html; charset=utf-8",
+      "content-encoding": "br",
+    });
+    resp.write(
+      Buffer.from([
+        0x8b, 0x2a, 0x80, 0x3c, 0x64, 0x69, 0x76, 0x3e, 0x73, 0x74, 0x61, 0x72,
+        0x74, 0x3c, 0x2f, 0x64, 0x69, 0x76, 0x3e, 0x3c, 0x64, 0x69, 0x76, 0x20,
+        0x73, 0x74, 0x79, 0x6c, 0x65, 0x3d, 0x22, 0x74, 0x65, 0x78, 0x74, 0x2d,
+        0x6f, 0x76, 0x65, 0x72, 0x66, 0x6c, 0x6f, 0x77, 0x3a, 0x20, 0x65, 0x6c,
+        0x6c, 0x69, 0x70, 0x73, 0x69, 0x73, 0x3b, 0x6f, 0x76, 0x65, 0x72, 0x66,
+        0x6c, 0x6f, 0x77, 0x3a, 0x20, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x3b,
+        0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x20, 0x72,
+        0x74, 0x6c, 0x3b, 0x22, 0x3e,
+      ])
+    );
+
+    // This function is handled within the httpserver where setTimeout is
+    // available.
+    // eslint-disable-next-line mozilla/no-arbitrary-setTimeout, no-undef
+    setTimeout(function () {
+      resp.write(
+        Buffer.from([
+          0xfa, 0xff, 0x0b, 0x00, 0x80, 0xaa, 0xaa, 0xaa, 0xea, 0x3f, 0x72,
+          0x59, 0xd6, 0x05, 0x73, 0x5b, 0xb6, 0x75, 0xea, 0xe6, 0xfd, 0xa8,
+          0x54, 0xc7, 0x62, 0xd8, 0x18, 0x86, 0x61, 0x18, 0x86, 0x63, 0xa9,
+          0x86, 0x61, 0x18, 0x86, 0xe1, 0x63, 0x8e, 0x63, 0xa9, 0x86, 0x61,
+          0x18, 0x86, 0x61, 0xd8, 0xe0, 0xbc, 0x85, 0x48, 0x1f, 0xa0, 0x05,
+          0xda, 0x6f, 0xef, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0xaa, 0xaa,
+          0xaa, 0xaa, 0xff, 0xc8, 0x65, 0x59, 0x17, 0xcc, 0x6d, 0xd9, 0xd6,
+          0xa9, 0x9b, 0xf7, 0xff, 0x0d, 0xd5, 0xb1, 0x18, 0xe6, 0x63, 0x18,
+          0x86, 0x61, 0x18, 0x8e, 0xa5, 0x1a, 0x86, 0x61, 0x18, 0x86, 0x61,
+          0x8e, 0xed, 0x57, 0x0d, 0xc3, 0x30, 0x0c, 0xc3, 0xb0, 0xc1, 0x79,
+          0x0b, 0x91, 0x3e, 0x40, 0x6c, 0x1c, 0x00, 0x90, 0xd6, 0x3b, 0x00,
+          0x50, 0x96, 0x31, 0x53, 0xe6, 0x2c, 0x59, 0xb3, 0x65, 0xcf, 0x91,
+          0x33, 0x57, 0x31, 0x03,
+        ])
+      );
+    }, 100);
+
+    // This function is handled within the httpserver where setTimeout is
+    // available.
+    // eslint-disable-next-line mozilla/no-arbitrary-setTimeout, no-undef
+    setTimeout(function () {
+      resp.end(
+        Buffer.from([
+          0x98, 0x00, 0x08, 0x3c, 0x2f, 0x64, 0x69, 0x76, 0x3e, 0x3c, 0x64,
+          0x69, 0x76, 0x3e, 0x65, 0x6e, 0x64, 0x3c, 0x2f, 0x64, 0x69, 0x76,
+          0x3e, 0x03,
+        ])
+      );
+    }, 2500);
+  });
+  chan = makeChan(`https://localhost:${server.port()}/test`);
+  await new Promise(resolve => {
+    chan.asyncOpen(new channelListener(() => resolve()));
+  });
+
+  equal(
+    endChunk2ReceivedInTime,
+    true,
+    "End of chunk 2 not received before chunk 3 was sent"
+  );
+});
diff --git a/netwerk/test/unit/test_brotli_http.js b/netwerk/test/unit/test_brotli_http.js
new file mode 100644
index 0000000000..1207c95012
--- /dev/null
+++ b/netwerk/test/unit/test_brotli_http.js
@@ -0,0 +1,122 @@
+// This test exists mostly as documentation that
+// Firefox can load brotli files over HTTP if we set the proper pref.
+
+"use strict";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Encoding", "br", false);
+  response.write("\x0b\x02\x80hello\x03");
+}
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+add_task(async function check_brotli() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  async function test() {
+    let chan = NetUtil.newChannel({ uri: URL, loadUsingSystemPrincipal: true });
+    let [, buff] = await new Promise(resolve => {
+      chan.asyncOpen(
+        new ChannelListener(
+          (req, buff1) => {
+            resolve([req, buff1]);
+          },
+          null,
+          CL_IGNORE_CL
+        )
+      );
+    });
+    return buff;
+  }
+
+  Services.prefs.setBoolPref(
+    "network.http.encoding.trustworthy_is_https",
+    true
+  );
+  equal(
+    await test(),
+    "hello",
+    "Should decode brotli when trustworthy_is_https=true"
+  );
+  Services.prefs.setBoolPref(
+    "network.http.encoding.trustworthy_is_https",
+    false
+  );
+  equal(
+    await test(),
+    "\x0b\x02\x80hello\x03",
+    "Should not decode brotli when trustworthy_is_https=false"
+  );
+  Services.prefs.setCharPref(
+    "network.http.accept-encoding",
+    "gzip, deflate, br"
+  );
+  equal(
+    await test(),
+    "hello",
+    "Should decode brotli if we set the HTTP accept encoding to include brotli"
+  );
+  Services.prefs.clearUserPref("network.http.accept-encoding");
+  Services.prefs.clearUserPref("network.http.encoding.trustworthy_is_https");
+  await httpServer.stop();
+});
+
+// Make sure we still decode brotli on HTTPS
+// Node server doesn't work on Android yet.
+add_task(
+  { skip_if: () => AppConstants.platform == "android" },
+  async function check_https() {
+    Services.prefs.setBoolPref(
+      "network.http.encoding.trustworthy_is_https",
+      true
+    );
+    let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+      Ci.nsIX509CertDB
+    );
+    addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+    let server = new NodeHTTPSServer();
+    await server.start();
+    registerCleanupFunction(async () => {
+      await server.stop();
+    });
+    await server.registerPathHandler("/brotli", (req, resp) => {
+      resp.setHeader("Content-Type", "text/plain");
+      resp.setHeader("Content-Encoding", "br");
+      let output = "\x0b\x02\x80hello\x03";
+      resp.writeHead(200);
+      resp.end(output, "binary");
+    });
+    equal(
+      Services.prefs.getCharPref("network.http.accept-encoding.secure"),
+      "gzip, deflate, br"
+    );
+    let { req, buff } = await new Promise(resolve => {
+      let chan = NetUtil.newChannel({
+        uri: `${server.origin()}/brotli`,
+        loadUsingSystemPrincipal: true,
+      });
+      chan.asyncOpen(
+        new ChannelListener(
+          (req1, buff1) => resolve({ req: req1, buff: buff1 }),
+          null,
+          CL_ALLOW_UNKNOWN_CL
+        )
+      );
+    });
+    equal(req.status, Cr.NS_OK);
+    equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+    equal(buff, "hello");
+  }
+);
diff --git a/netwerk/test/unit/test_brotli_unknown_content_type.js b/netwerk/test/unit/test_brotli_unknown_content_type.js
new file mode 100644
index 0000000000..7df0d4f847
--- /dev/null
+++ b/netwerk/test/unit/test_brotli_unknown_content_type.js
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This test file makes sure that we can decode brotli files when the
+// Content-Type header is missing (Bug 1715401)
+
+"use strict";
+
+function emptyBrotli(metadata, response) {
+  response.setHeader("Content-Encoding", "br", false);
+  response.write("\x01\x03\x06\x03");
+}
+
+function largeEmptyBrotli(metadata, response) {
+  response.setHeader("Content-Encoding", "br", false);
+  response.write("\x01\x03" + "\x06".repeat(600) + "\x03");
+}
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL_EMPTY_BROTLI", function () {
+  return (
+    "http://localhost:" + httpServer.identity.primaryPort + "/empty-brotli"
+  );
+});
+
+ChromeUtils.defineLazyGetter(this, "URL_LARGE_EMPTY_BROTLI", function () {
+  return (
+    "http://localhost:" +
+    httpServer.identity.primaryPort +
+    "/large-empty-brotli"
+  );
+});
+
+var httpServer = null;
+
+add_task(async function check_brotli() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/empty-brotli", emptyBrotli);
+  httpServer.registerPathHandler("/large-empty-brotli", largeEmptyBrotli);
+  httpServer.start(-1);
+
+  async function test(url) {
+    let chan = NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+    let [, response] = await new Promise(resolve => {
+      chan.asyncOpen(
+        new ChannelListener(
+          (req, buff) => {
+            resolve([req, buff]);
+          },
+          null,
+          CL_IGNORE_CL
+        )
+      );
+    });
+    return response;
+  }
+  equal(
+    await test(URL_EMPTY_BROTLI),
+    "",
+    "Should decode brotli even when brotli output is empty"
+  );
+  equal(
+    await test(URL_LARGE_EMPTY_BROTLI),
+    "",
+    "Should decode brotli even when the nsUnknownDecoder can't get any decoded output"
+  );
+  Services.prefs.clearUserPref("network.http.accept-encoding");
+  Services.prefs.clearUserPref("network.http.encoding.trustworthy_is_https");
+  await httpServer.stop();
+});
diff --git a/netwerk/test/unit/test_bug1064258.js b/netwerk/test/unit/test_bug1064258.js
new file mode 100644
index 0000000000..9be44254b5
--- /dev/null
+++ b/netwerk/test/unit/test_bug1064258.js
@@ -0,0 +1,144 @@
+/**
+ * Check how nsICachingChannel.cacheOnlyMetadata works.
+ * - all channels involved in this test are set cacheOnlyMetadata = true
+ * - do a previously uncached request for a long living content
+ * - check we have downloaded the content from the server (channel provides it)
+ * - check the entry has metadata, but zero-length content
+ * - load the same URL again, now cached
+ * - check the channel is giving no content (no call to OnDataAvailable) but succeeds
+ * - repeat again, but for a different URL that is not cached (immediately expires)
+ * - only difference is that we get a newer version of the content from the server during the second request
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const responseBody1 = "response body 1";
+const responseBody2a = "response body 2a";
+const responseBody2b = "response body 2b";
+
+function contentHandler1(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-control", "max-age=999999");
+  response.bodyOutputStream.write(responseBody1, responseBody1.length);
+}
+
+var content2passCount = 0;
+
+function contentHandler2(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-control", "no-cache");
+  switch (content2passCount++) {
+    case 0:
+      response.setHeader("ETag", "testetag");
+      response.bodyOutputStream.write(responseBody2a, responseBody2a.length);
+      break;
+    case 1:
+      Assert.ok(metadata.hasHeader("If-None-Match"));
+      Assert.equal(metadata.getHeader("If-None-Match"), "testetag");
+      response.bodyOutputStream.write(responseBody2b, responseBody2b.length);
+      break;
+    default:
+      throw new Error("Unexpected request in the test");
+  }
+}
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content1", contentHandler1);
+  httpServer.registerPathHandler("/content2", contentHandler2);
+  httpServer.start(-1);
+
+  run_test_content1a();
+  do_test_pending();
+}
+
+function run_test_content1a() {
+  var chan = make_channel(URL + "/content1");
+  let caching = chan.QueryInterface(Ci.nsICachingChannel);
+  caching.cacheOnlyMetadata = true;
+  chan.asyncOpen(new ChannelListener(contentListener1a, null));
+}
+
+function contentListener1a(request, buffer) {
+  Assert.equal(buffer, responseBody1);
+
+  asyncOpenCacheEntry(URL + "/content1", "disk", 0, null, cacheCheck1);
+}
+
+function cacheCheck1(status, entry) {
+  Assert.equal(status, 0);
+  Assert.equal(entry.dataSize, 0);
+  try {
+    Assert.notEqual(entry.getMetaDataElement("response-head"), null);
+  } catch (ex) {
+    do_throw("Missing response head");
+  }
+
+  var chan = make_channel(URL + "/content1");
+  let caching = chan.QueryInterface(Ci.nsICachingChannel);
+  caching.cacheOnlyMetadata = true;
+  chan.asyncOpen(new ChannelListener(contentListener1b, null, CL_IGNORE_CL));
+}
+
+function contentListener1b(request, buffer) {
+  request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(request.requestMethod, "GET");
+  Assert.equal(request.responseStatus, 200);
+  Assert.equal(request.getResponseHeader("Cache-control"), "max-age=999999");
+
+  Assert.equal(buffer, "");
+  run_test_content2a();
+}
+
+// Now same set of steps but this time for an immediately expiring content.
+
+function run_test_content2a() {
+  var chan = make_channel(URL + "/content2");
+  let caching = chan.QueryInterface(Ci.nsICachingChannel);
+  caching.cacheOnlyMetadata = true;
+  chan.asyncOpen(new ChannelListener(contentListener2a, null));
+}
+
+function contentListener2a(request, buffer) {
+  Assert.equal(buffer, responseBody2a);
+
+  asyncOpenCacheEntry(URL + "/content2", "disk", 0, null, cacheCheck2);
+}
+
+function cacheCheck2(status, entry) {
+  Assert.equal(status, 0);
+  Assert.equal(entry.dataSize, 0);
+  try {
+    Assert.notEqual(entry.getMetaDataElement("response-head"), null);
+    Assert.ok(
+      entry.getMetaDataElement("response-head").match("etag: testetag")
+    );
+  } catch (ex) {
+    do_throw("Missing response head");
+  }
+
+  var chan = make_channel(URL + "/content2");
+  let caching = chan.QueryInterface(Ci.nsICachingChannel);
+  caching.cacheOnlyMetadata = true;
+  chan.asyncOpen(new ChannelListener(contentListener2b, null));
+}
+
+function contentListener2b(request, buffer) {
+  Assert.equal(buffer, responseBody2b);
+
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_bug1177909.js b/netwerk/test/unit/test_bug1177909.js
new file mode 100644
index 0000000000..0fc94f8a2c
--- /dev/null
+++ b/netwerk/test/unit/test_bug1177909.js
@@ -0,0 +1,251 @@
+"use strict";
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+XPCOMUtils.defineLazyServiceGetter(
+  this,
+  "gProxyService",
+  "@mozilla.org/network/protocol-proxy-service;1",
+  "nsIProtocolProxyService"
+);
+
+ChromeUtils.defineLazyGetter(this, "systemSettings", function () {
+  return {
+    QueryInterface: ChromeUtils.generateQI(["nsISystemProxySettings"]),
+
+    mainThreadOnly: true,
+    PACURI: null,
+
+    getProxyForURI(aSpec, aScheme, aHost, aPort) {
+      if (aPort != -1) {
+        return "SOCKS5 http://localhost:9050";
+      }
+      if (aScheme == "http") {
+        return "PROXY http://localhost:8080";
+      }
+      if (aScheme == "https") {
+        return "HTTPS https://localhost:8080";
+      }
+      return "DIRECT";
+    },
+  };
+});
+
+let gMockProxy = MockRegistrar.register(
+  "@mozilla.org/system-proxy-settings;1",
+  systemSettings
+);
+
+registerCleanupFunction(() => {
+  MockRegistrar.unregister(gMockProxy);
+});
+
+function makeChannel(uri) {
+  return NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  });
+}
+
+async function TestProxyType(chan, flags) {
+  Services.prefs.setIntPref(
+    "network.proxy.type",
+    Ci.nsIProtocolProxyService.PROXYCONFIG_SYSTEM
+  );
+
+  return new Promise((resolve, reject) => {
+    gProxyService.asyncResolve(chan, flags, {
+      onProxyAvailable(req, uri, pi, status) {
+        resolve(pi);
+      },
+    });
+  });
+}
+
+async function TestProxyTypeByURI(uri) {
+  return TestProxyType(makeChannel(uri), 0);
+}
+
+add_task(async function testHttpProxy() {
+  let pi = await TestProxyTypeByURI("http://www.mozilla.org/");
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "http", "Expected proxy type to be http");
+});
+
+add_task(async function testHttpsProxy() {
+  let pi = await TestProxyTypeByURI("https://www.mozilla.org/");
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "https", "Expected proxy type to be https");
+});
+
+add_task(async function testSocksProxy() {
+  let pi = await TestProxyTypeByURI("http://www.mozilla.org:1234/");
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 9050, "Expected proxy port to be 8080");
+  equal(pi.type, "socks", "Expected proxy type to be http");
+});
+
+add_task(async function testDirectProxy() {
+  // Do what |WebSocketChannel::AsyncOpen| do, but do not prefer https proxy.
+  let proxyURI = Cc["@mozilla.org/network/standard-url-mutator;1"]
+    .createInstance(Ci.nsIURIMutator)
+    .setSpec("wss://ws.mozilla.org/")
+    .finalize();
+  let uri = proxyURI.mutate().setScheme("https").finalize();
+
+  let chan = Services.io.newChannelFromURIWithProxyFlags(
+    uri,
+    proxyURI,
+    0,
+    null,
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+
+  let pi = await TestProxyType(chan, 0);
+  equal(pi, null, "Expected proxy host to be null");
+});
+
+add_task(async function testWebSocketProxy() {
+  // Do what |WebSocketChannel::AsyncOpen| do
+  let proxyURI = Cc["@mozilla.org/network/standard-url-mutator;1"]
+    .createInstance(Ci.nsIURIMutator)
+    .setSpec("wss://ws.mozilla.org/")
+    .finalize();
+  let uri = proxyURI.mutate().setScheme("https").finalize();
+
+  let proxyFlags =
+    Ci.nsIProtocolProxyService.RESOLVE_PREFER_SOCKS_PROXY |
+    Ci.nsIProtocolProxyService.RESOLVE_PREFER_HTTPS_PROXY |
+    Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
+
+  let chan = Services.io.newChannelFromURIWithProxyFlags(
+    uri,
+    proxyURI,
+    proxyFlags,
+    null,
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+
+  let pi = await TestProxyType(chan, proxyFlags);
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "https", "Expected proxy type to be https");
+});
+
+add_task(async function testPreferHttpsProxy() {
+  let uri = Cc["@mozilla.org/network/standard-url-mutator;1"]
+    .createInstance(Ci.nsIURIMutator)
+    .setSpec("http://mozilla.org/")
+    .finalize();
+  let proxyFlags = Ci.nsIProtocolProxyService.RESOLVE_PREFER_HTTPS_PROXY;
+
+  let chan = Services.io.newChannelFromURIWithProxyFlags(
+    uri,
+    null,
+    proxyFlags,
+    null,
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+
+  let pi = await TestProxyType(chan, proxyFlags);
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "https", "Expected proxy type to be https");
+});
+
+add_task(async function testProxyHttpsToHttpIsBlocked() {
+  // Ensure that regressions of bug 1702417 will be detected by the next test
+  const turnUri = Services.io.newURI("http://turn.example.com/");
+  const proxyFlags =
+    Ci.nsIProtocolProxyService.RESOLVE_PREFER_HTTPS_PROXY |
+    Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
+
+  const fakeContentPrincipal =
+    Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+      "https://example.com"
+    );
+
+  const chan = Services.io.newChannelFromURIWithProxyFlags(
+    turnUri,
+    null,
+    proxyFlags,
+    null,
+    fakeContentPrincipal,
+    fakeContentPrincipal,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+
+  const pi = await TestProxyType(chan, proxyFlags);
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "https", "Expected proxy type to be https");
+
+  const csm = Cc["@mozilla.org/contentsecuritymanager;1"].getService(
+    Ci.nsIContentSecurityManager
+  );
+
+  try {
+    csm.performSecurityCheck(chan, null);
+    Assert.ok(
+      false,
+      "performSecurityCheck should fail (due to mixed content blocking)"
+    );
+  } catch (e) {
+    Assert.equal(
+      e.result,
+      Cr.NS_ERROR_CONTENT_BLOCKED,
+      "performSecurityCheck should throw NS_ERROR_CONTENT_BLOCKED"
+    );
+  }
+});
+
+add_task(async function testProxyHttpsToTurnTcpWorks() {
+  // Test for bug 1702417
+  const turnUri = Services.io.newURI("http://turn.example.com/");
+  const proxyFlags =
+    Ci.nsIProtocolProxyService.RESOLVE_PREFER_HTTPS_PROXY |
+    Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL;
+
+  const fakeContentPrincipal =
+    Services.scriptSecurityManager.createContentPrincipalFromOrigin(
+      "https://example.com"
+    );
+
+  const chan = Services.io.newChannelFromURIWithProxyFlags(
+    turnUri,
+    null,
+    proxyFlags,
+    null,
+    fakeContentPrincipal,
+    fakeContentPrincipal,
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    // This is what allows this to avoid mixed content blocking
+    Ci.nsIContentPolicy.TYPE_PROXIED_WEBRTC_MEDIA
+  );
+
+  const pi = await TestProxyType(chan, proxyFlags);
+  equal(pi.host, "localhost", "Expected proxy host to be localhost");
+  equal(pi.port, 8080, "Expected proxy port to be 8080");
+  equal(pi.type, "https", "Expected proxy type to be https");
+
+  const csm = Cc["@mozilla.org/contentsecuritymanager;1"].getService(
+    Ci.nsIContentSecurityManager
+  );
+
+  csm.performSecurityCheck(chan, null);
+  Assert.ok(true, "performSecurityCheck should succeed");
+});
diff --git a/netwerk/test/unit/test_bug1195415.js b/netwerk/test/unit/test_bug1195415.js
new file mode 100644
index 0000000000..eb312d27be
--- /dev/null
+++ b/netwerk/test/unit/test_bug1195415.js
@@ -0,0 +1,116 @@
+// Test for bug 1195415
+
+"use strict";
+
+function run_test() {
+  var ios = Services.io;
+  var ssm = Services.scriptSecurityManager;
+
+  // NON-UNICODE
+  var uri = ios.newURI("http://foo.com/file.txt");
+  Assert.equal(uri.asciiHostPort, "foo.com");
+  uri = uri.mutate().setPort(90).finalize();
+  var prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "foo.com:90");
+  Assert.equal(prin.origin, "http://foo.com:90");
+
+  uri = ios.newURI("http://foo.com:10/file.txt");
+  Assert.equal(uri.asciiHostPort, "foo.com:10");
+  uri = uri.mutate().setPort(500).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "foo.com:500");
+  Assert.equal(prin.origin, "http://foo.com:500");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "foo.com:5000");
+  uri = uri.mutate().setPort(20).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "foo.com:20");
+  Assert.equal(prin.origin, "http://foo.com:20");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "foo.com:5000");
+  uri = uri.mutate().setPort(-1).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "foo.com");
+  Assert.equal(prin.origin, "http://foo.com");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "foo.com:5000");
+  uri = uri.mutate().setPort(80).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "foo.com");
+  Assert.equal(prin.origin, "http://foo.com");
+
+  // UNICODE
+  uri = ios.newURI("http://jos\u00e9.example.net.ch/file.txt");
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
+  uri = uri.mutate().setPort(90).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:90");
+  Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:90");
+
+  uri = ios.newURI("http://jos\u00e9.example.net.ch:10/file.txt");
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:10");
+  uri = uri.mutate().setPort(500).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:500");
+  Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:500");
+
+  uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
+  uri = uri.mutate().setPort(20).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:20");
+  Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:20");
+
+  uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
+  uri = uri.mutate().setPort(-1).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
+  Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch");
+
+  uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
+  uri = uri.mutate().setPort(80).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
+  Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch");
+
+  // ipv6
+  uri = ios.newURI("http://[123:45::678]/file.txt");
+  Assert.equal(uri.asciiHostPort, "[123:45::678]");
+  uri = uri.mutate().setPort(90).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:90");
+  Assert.equal(prin.origin, "http://[123:45::678]:90");
+
+  uri = ios.newURI("http://[123:45::678]:10/file.txt");
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:10");
+  uri = uri.mutate().setPort(500).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:500");
+  Assert.equal(prin.origin, "http://[123:45::678]:500");
+
+  uri = ios.newURI("http://[123:45::678]:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
+  uri = uri.mutate().setPort(20).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:20");
+  Assert.equal(prin.origin, "http://[123:45::678]:20");
+
+  uri = ios.newURI("http://[123:45::678]:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
+  uri = uri.mutate().setPort(-1).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "[123:45::678]");
+  Assert.equal(prin.origin, "http://[123:45::678]");
+
+  uri = ios.newURI("http://[123:45::678]:5000/file.txt");
+  Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
+  uri = uri.mutate().setPort(80).finalize();
+  prin = ssm.createContentPrincipal(uri, {});
+  Assert.equal(uri.asciiHostPort, "[123:45::678]");
+  Assert.equal(prin.origin, "http://[123:45::678]");
+}
diff --git a/netwerk/test/unit/test_bug1218029.js b/netwerk/test/unit/test_bug1218029.js
new file mode 100644
index 0000000000..48165807bf
--- /dev/null
+++ b/netwerk/test/unit/test_bug1218029.js
@@ -0,0 +1,116 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+var tests = [
+  { data: "", chunks: [], status: Cr.NS_OK, consume: [], dataChunks: [""] },
+  {
+    data: "TWO-PARTS",
+    chunks: [4, 5],
+    status: Cr.NS_OK,
+    consume: [4, 5],
+    dataChunks: ["TWO-", "PARTS", ""],
+  },
+  {
+    data: "TWO-PARTS",
+    chunks: [4, 5],
+    status: Cr.NS_OK,
+    consume: [0, 0],
+    dataChunks: ["TWO-", "TWO-PARTS", "TWO-PARTS"],
+  },
+  {
+    data: "3-PARTS",
+    chunks: [1, 1, 5],
+    status: Cr.NS_OK,
+    consume: [0, 2, 5],
+    dataChunks: ["3", "3-", "PARTS", ""],
+  },
+  {
+    data: "ALL-AT-ONCE",
+    chunks: [11],
+    status: Cr.NS_OK,
+    consume: [0],
+    dataChunks: ["ALL-AT-ONCE", "ALL-AT-ONCE"],
+  },
+  {
+    data: "ALL-AT-ONCE",
+    chunks: [11],
+    status: Cr.NS_OK,
+    consume: [11],
+    dataChunks: ["ALL-AT-ONCE", ""],
+  },
+  {
+    data: "ERROR",
+    chunks: [1],
+    status: Cr.NS_ERROR_OUT_OF_MEMORY,
+    consume: [0],
+    dataChunks: ["E", "E"],
+  },
+];
+
+/**
+ * @typedef TestData
+ * @property {string} data - data for the test.
+ * @property {Array} chunks - lengths of the chunks that are incrementally sent
+ *   to the loader.
+ * @property {number} status - final status sent on onStopRequest.
+ * @property {Array} consume - lengths of consumed data that is reported at
+ *   the onIncrementalData callback.
+ * @property {Array} dataChunks - data chunks that are reported at the
+ *   onIncrementalData and onStreamComplete callbacks.
+ */
+
+function execute_test(test) {
+  let stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = test.data;
+
+  let channel = {
+    contentLength: -1,
+    QueryInterface: ChromeUtils.generateQI(["nsIChannel"]),
+  };
+
+  let chunkIndex = 0;
+
+  let observer = {
+    onStreamComplete(loader, context, status, length, data) {
+      equal(chunkIndex, test.dataChunks.length - 1);
+      var expectedChunk = test.dataChunks[chunkIndex];
+      equal(length, expectedChunk.length);
+      equal(String.fromCharCode.apply(null, data), expectedChunk);
+
+      equal(status, test.status);
+    },
+    onIncrementalData(loader, context, length, data, consumed) {
+      ok(chunkIndex < test.dataChunks.length - 1);
+      var expectedChunk = test.dataChunks[chunkIndex];
+      equal(length, expectedChunk.length);
+      equal(String.fromCharCode.apply(null, data), expectedChunk);
+
+      consumed.value = test.consume[chunkIndex];
+      chunkIndex++;
+    },
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIIncrementalStreamLoaderObserver",
+    ]),
+  };
+
+  let listener = Cc[
+    "@mozilla.org/network/incremental-stream-loader;1"
+  ].createInstance(Ci.nsIIncrementalStreamLoader);
+  listener.init(observer);
+
+  listener.onStartRequest(channel);
+  var offset = 0;
+  test.chunks.forEach(function (chunkLength) {
+    listener.onDataAvailable(channel, stream, offset, chunkLength);
+    offset += chunkLength;
+  });
+  listener.onStopRequest(channel, test.status);
+}
+
+function run_test() {
+  tests.forEach(execute_test);
+}
diff --git a/netwerk/test/unit/test_bug1279246.js b/netwerk/test/unit/test_bug1279246.js
new file mode 100644
index 0000000000..be73dbee14
--- /dev/null
+++ b/netwerk/test/unit/test_bug1279246.js
@@ -0,0 +1,100 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var pass = 0;
+var responseBody = [0x0b, 0x02, 0x80, 0x74, 0x65, 0x73, 0x74, 0x0a, 0x03];
+var responseLen = 5;
+var testUrl = "/test/brotli";
+
+function setupChannel() {
+  return NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + testUrl,
+    loadUsingSystemPrincipal: true,
+  });
+}
+
+function Listener() {}
+
+Listener.prototype = {
+  _buffer: null,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+    this._buffer = "";
+  },
+
+  onDataAvailable(request, stream, offset, cnt) {
+    if (pass == 0) {
+      this._buffer = this._buffer.concat(read_stream(stream, cnt));
+    } else {
+      request.QueryInterface(Ci.nsICachingChannel);
+      if (!request.isFromCache()) {
+        do_throw("Response is not from the cache");
+      }
+
+      request.cancel(Cr.NS_ERROR_ABORT);
+    }
+  },
+
+  onStopRequest(request, status) {
+    if (pass == 0) {
+      Assert.equal(this._buffer.length, responseLen);
+      pass++;
+
+      var channel = setupChannel();
+      channel.loadFlags = Ci.nsIRequest.VALIDATE_NEVER;
+      channel.asyncOpen(new Listener());
+    } else {
+      httpserver.stop(do_test_finished);
+      prefs.setCharPref("network.http.accept-encoding", cePref);
+    }
+  },
+};
+
+var prefs;
+var cePref;
+function run_test() {
+  do_get_profile();
+
+  prefs = Services.prefs;
+  cePref = prefs.getCharPref("network.http.accept-encoding");
+  prefs.setCharPref("network.http.accept-encoding", "gzip, deflate, br");
+
+  // Disable rcwn to make cache behavior deterministic.
+  prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpserver.registerPathHandler(testUrl, handler);
+  httpserver.start(-1);
+
+  var channel = setupChannel();
+  channel.asyncOpen(new Listener());
+
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  Assert.equal(pass, 0); // the second response must be server from the cache
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Encoding", "br", false);
+  response.setHeader("Content-Length", "" + responseBody.length, false);
+
+  var bos = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+    Ci.nsIBinaryOutputStream
+  );
+  bos.setOutputStream(response.bodyOutputStream);
+
+  response.processAsync();
+  bos.writeByteArray(responseBody);
+  response.finish();
+}
diff --git a/netwerk/test/unit/test_bug1312774_http1.js b/netwerk/test/unit/test_bug1312774_http1.js
new file mode 100644
index 0000000000..6f100295ae
--- /dev/null
+++ b/netwerk/test/unit/test_bug1312774_http1.js
@@ -0,0 +1,149 @@
+// test bug 1312774.
+// Create 6 (=network.http.max-persistent-connections-per-server)
+// common Http requests and 2 urgent-start Http requests to a single
+// host and path, in parallel.
+// Let all the requests unanswered by the server handler. (process them
+// async and don't finish)
+// The first 6 pending common requests will fill the limit for per-server
+// parallelism.
+// But the two urgent requests must reach the server despite those 6 common
+// pending requests.
+// The server handler doesn't let the test finish until all 8 expected requests
+// arrive.
+// Note: if the urgent request handling is broken (the urgent-marked requests
+// get blocked by queuing) this test will time out
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+var server = new HttpServer();
+server.start(-1);
+var baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+var maxConnections = 0;
+var urgentRequests = 0;
+var debug = false;
+
+function log(msg) {
+  if (!debug) {
+    return;
+  }
+
+  if (msg) {
+    dump("TEST INFO | " + msg + "\n");
+  }
+}
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+function serverStopListener() {
+  server.stop();
+}
+
+function commonHttpRequest(id) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  var listner = new HttpResponseListener(id);
+  chan.setRequestHeader("X-ID", id, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.asyncOpen(listner);
+  log("Create common http request id=" + id);
+}
+
+function urgentStartHttpRequest(id) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  var listner = new HttpResponseListener(id);
+  var cos = chan.QueryInterface(Ci.nsIClassOfService);
+  cos.addClassFlags(Ci.nsIClassOfService.UrgentStart);
+  chan.setRequestHeader("X-ID", id, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.asyncOpen(listner);
+  log("Create urgent-start http request id=" + id);
+}
+
+function setup_httpRequests() {
+  log("setup_httpRequests");
+  for (var i = 0; i < maxConnections; i++) {
+    commonHttpRequest(i);
+    do_test_pending();
+  }
+}
+
+function setup_urgentStartRequests() {
+  for (var i = 0; i < urgentRequests; i++) {
+    urgentStartHttpRequest(1000 + i);
+    do_test_pending();
+  }
+}
+
+function HttpResponseListener(id) {
+  this.id = id;
+}
+
+HttpResponseListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, off, cnt) {},
+
+  onStopRequest(request, status) {
+    log("STOP id=" + this.id);
+    do_test_finished();
+  },
+};
+
+var responseQueue = [];
+function setup_http_server() {
+  log("setup_http_server");
+  maxConnections = Services.prefs.getIntPref(
+    "network.http.max-persistent-connections-per-server"
+  );
+  urgentRequests = 2;
+  var allCommonHttpRequestReceived = false;
+  // Start server; will be stopped at test cleanup time.
+  server.registerPathHandler("/", function (metadata, response) {
+    var id = metadata.getHeader("X-ID");
+    log("Server recived the response id=" + id);
+    response.processAsync();
+    responseQueue.push(response);
+
+    if (
+      responseQueue.length == maxConnections &&
+      !allCommonHttpRequestReceived
+    ) {
+      allCommonHttpRequestReceived = true;
+      setup_urgentStartRequests();
+    }
+    // Wait for all expected requests to come but don't process then.
+    // Collect them in a queue for later processing.  We don't want to
+    // respond to the client until all the expected requests are made
+    // to the server.
+    if (responseQueue.length == maxConnections + urgentRequests) {
+      processResponse();
+    }
+  });
+
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function processResponse() {
+  while (responseQueue.length) {
+    var resposne = responseQueue.pop();
+    resposne.finish();
+  }
+}
+
+function run_test() {
+  setup_http_server();
+  setup_httpRequests();
+}
diff --git a/netwerk/test/unit/test_bug1312782_http1.js b/netwerk/test/unit/test_bug1312782_http1.js
new file mode 100644
index 0000000000..cf820a4f56
--- /dev/null
+++ b/netwerk/test/unit/test_bug1312782_http1.js
@@ -0,0 +1,197 @@
+// test bug 1312782.
+//
+// Summary:
+// Assume we have 6 http requests in queue, 4 are from the focused window and
+// the other 2 are from the non-focused window. We want to test that the server
+// should receive 4 requests from the focused window first and then receive the
+// rest 2 requests.
+//
+// Test step:
+// 1. Create 6 dummy http requests. Server would not process responses until get
+//    all 6 requests.
+// 2. Once server receive 6 dummy requests, create 4 http requests with the focused
+//    window id and 2 requests with non-focused window id. Note that the requets's
+//    id is a serial number starting from the focused window id.
+// 3. Server starts to process the 6 dummy http requests, so the client can start to
+//    process the pending queue. Server will queue those http requests again and wait
+//    until get all 6 requests.
+// 4. When the server receive all 6 requests, starts to check that the request ids of
+//    the first 4 requests in the queue should be all less than focused window id
+//    plus 4. Also, the request ids of the rest requests should be less than non-focused
+//    window id + 2.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server = new HttpServer();
+server.start(-1);
+var baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+var maxConnections = 0;
+var debug = false;
+const FOCUSED_WINDOW_ID = 123;
+var NON_FOCUSED_WINDOW_ID;
+var FOCUSED_WINDOW_REQUEST_COUNT;
+var NON_FOCUSED_WINDOW_REQUEST_COUNT;
+
+function log(msg) {
+  if (!debug) {
+    return;
+  }
+
+  if (msg) {
+    dump("TEST INFO | " + msg + "\n");
+  }
+}
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+function serverStopListener() {
+  server.stop();
+}
+
+function createHttpRequest(browserId, requestId) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  chan.browserId = browserId;
+  var listner = new HttpResponseListener(requestId);
+  chan.setRequestHeader("X-ID", requestId, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.asyncOpen(listner);
+  log("Create http request id=" + requestId);
+}
+
+function setup_dummyHttpRequests() {
+  log("setup_dummyHttpRequests");
+  for (var i = 0; i < maxConnections; i++) {
+    createHttpRequest(0, i);
+    do_test_pending();
+  }
+}
+
+function setup_focusedWindowHttpRequests() {
+  log("setup_focusedWindowHttpRequests");
+  for (var i = 0; i < FOCUSED_WINDOW_REQUEST_COUNT; i++) {
+    createHttpRequest(FOCUSED_WINDOW_ID, FOCUSED_WINDOW_ID + i);
+    do_test_pending();
+  }
+}
+
+function setup_nonFocusedWindowHttpRequests() {
+  log("setup_nonFocusedWindowHttpRequests");
+  for (var i = 0; i < NON_FOCUSED_WINDOW_REQUEST_COUNT; i++) {
+    createHttpRequest(NON_FOCUSED_WINDOW_ID, NON_FOCUSED_WINDOW_ID + i);
+    do_test_pending();
+  }
+}
+
+function HttpResponseListener(id) {
+  this.id = id;
+}
+
+HttpResponseListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, off, cnt) {},
+
+  onStopRequest(request, status) {
+    log("STOP id=" + this.id);
+    do_test_finished();
+  },
+};
+
+function check_response_id(responses, maxWindowId) {
+  for (var i = 0; i < responses.length; i++) {
+    var id = responses[i].getHeader("X-ID");
+    log("response id=" + id + " maxWindowId=" + maxWindowId);
+    Assert.ok(id < maxWindowId);
+  }
+}
+
+var responseQueue = [];
+function setup_http_server() {
+  log("setup_http_server");
+  maxConnections = Services.prefs.getIntPref(
+    "network.http.max-persistent-connections-per-server"
+  );
+  FOCUSED_WINDOW_REQUEST_COUNT = Math.floor(maxConnections * 0.8);
+  NON_FOCUSED_WINDOW_REQUEST_COUNT =
+    maxConnections - FOCUSED_WINDOW_REQUEST_COUNT;
+  NON_FOCUSED_WINDOW_ID = FOCUSED_WINDOW_ID + FOCUSED_WINDOW_REQUEST_COUNT;
+
+  var allDummyHttpRequestReceived = false;
+  // Start server; will be stopped at test cleanup time.
+  server.registerPathHandler("/", function (metadata, response) {
+    var id = metadata.getHeader("X-ID");
+    log("Server recived the response id=" + id);
+
+    response.processAsync();
+    response.setHeader("X-ID", id);
+    responseQueue.push(response);
+
+    if (
+      responseQueue.length == maxConnections &&
+      !allDummyHttpRequestReceived
+    ) {
+      log("received all dummy http requets");
+      allDummyHttpRequestReceived = true;
+      setup_nonFocusedWindowHttpRequests();
+      setup_focusedWindowHttpRequests();
+      processResponses();
+    } else if (responseQueue.length == maxConnections) {
+      var focusedWindowResponses = responseQueue.slice(
+        0,
+        FOCUSED_WINDOW_REQUEST_COUNT
+      );
+      var nonFocusedWindowResponses = responseQueue.slice(
+        FOCUSED_WINDOW_REQUEST_COUNT,
+        responseQueue.length
+      );
+      check_response_id(
+        focusedWindowResponses,
+        FOCUSED_WINDOW_ID + FOCUSED_WINDOW_REQUEST_COUNT
+      );
+      check_response_id(
+        nonFocusedWindowResponses,
+        NON_FOCUSED_WINDOW_ID + NON_FOCUSED_WINDOW_REQUEST_COUNT
+      );
+      processResponses();
+    }
+  });
+
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function processResponses() {
+  while (responseQueue.length) {
+    var resposne = responseQueue.pop();
+    resposne.finish();
+  }
+}
+
+function run_test() {
+  // Make sure "network.http.active_tab_priority" is true, so we can expect to
+  // receive http requests with focused window id before others.
+  Services.prefs.setBoolPref("network.http.active_tab_priority", true);
+
+  setup_http_server();
+  setup_dummyHttpRequests();
+
+  var windowIdWrapper = Cc["@mozilla.org/supports-PRUint64;1"].createInstance(
+    Ci.nsISupportsPRUint64
+  );
+  windowIdWrapper.data = FOCUSED_WINDOW_ID;
+  var obsvc = Services.obs;
+  obsvc.notifyObservers(windowIdWrapper, "net:current-browser-id");
+}
diff --git a/netwerk/test/unit/test_bug1355539_http1.js b/netwerk/test/unit/test_bug1355539_http1.js
new file mode 100644
index 0000000000..17b2930388
--- /dev/null
+++ b/netwerk/test/unit/test_bug1355539_http1.js
@@ -0,0 +1,206 @@
+// test bug 1355539.
+//
+// Summary:
+// Transactions in one pending queue are splited into two groups:
+// [(Blocking Group)|(Non Blocking Group)]
+// In each group, the transactions are ordered by its priority.
+// This test will check if the transaction's order in pending queue is correct.
+//
+// Test step:
+// 1. Create 6 dummy http requests. Server would not process responses until get
+//    all 6 requests.
+// 2. Once server receive 6 dummy requests, create another 6 http requests with the
+//    defined priority and class flag in |transactionQueue|.
+// 3. Server starts to process the 6 dummy http requests, so the client can start to
+//    process the pending queue. Server will queue those http requests and put them in
+//    |responseQueue|.
+// 4. When the server receive all 6 requests, check if the order in |responseQueue| is
+//    equal to |transactionQueue| by comparing the value of X-ID.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server = new HttpServer();
+server.start(-1);
+var baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+var maxConnections = 0;
+var debug = false;
+var dummyResponseQueue = [];
+var responseQueue = [];
+
+function log(msg) {
+  if (!debug) {
+    return;
+  }
+
+  if (msg) {
+    dump("TEST INFO | " + msg + "\n");
+  }
+}
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+function serverStopListener() {
+  server.stop();
+}
+
+function createHttpRequest(requestId, priority, isBlocking, callback) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  var listner = new HttpResponseListener(requestId, callback);
+  chan.setRequestHeader("X-ID", requestId, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.QueryInterface(Ci.nsISupportsPriority).priority = priority;
+  if (isBlocking) {
+    var cos = chan.QueryInterface(Ci.nsIClassOfService);
+    cos.addClassFlags(Ci.nsIClassOfService.Leader);
+  }
+  chan.asyncOpen(listner);
+  log("Create http request id=" + requestId);
+}
+
+function setup_dummyHttpRequests(callback) {
+  log("setup_dummyHttpRequests");
+  for (var i = 0; i < maxConnections; i++) {
+    createHttpRequest(i, i, false, callback);
+    do_test_pending();
+  }
+}
+
+var transactionQueue = [
+  {
+    requestId: 101,
+    priority: Ci.nsISupportsPriority.PRIORITY_HIGH,
+    isBlocking: true,
+  },
+  {
+    requestId: 102,
+    priority: Ci.nsISupportsPriority.PRIORITY_NORMAL,
+    isBlocking: true,
+  },
+  {
+    requestId: 103,
+    priority: Ci.nsISupportsPriority.PRIORITY_LOW,
+    isBlocking: true,
+  },
+  {
+    requestId: 104,
+    priority: Ci.nsISupportsPriority.PRIORITY_HIGH,
+    isBlocking: false,
+  },
+  {
+    requestId: 105,
+    priority: Ci.nsISupportsPriority.PRIORITY_NORMAL,
+    isBlocking: false,
+  },
+  {
+    requestId: 106,
+    priority: Ci.nsISupportsPriority.PRIORITY_LOW,
+    isBlocking: false,
+  },
+];
+
+function setup_HttpRequests() {
+  log("setup_HttpRequests");
+  // Create channels in reverse order
+  for (var i = transactionQueue.length - 1; i > -1; ) {
+    var e = transactionQueue[i];
+    createHttpRequest(e.requestId, e.priority, e.isBlocking);
+    do_test_pending();
+    --i;
+  }
+}
+
+function check_response_id(responses) {
+  for (var i = 0; i < responses.length; i++) {
+    var id = responses[i].getHeader("X-ID");
+    Assert.equal(id, transactionQueue[i].requestId);
+  }
+}
+
+function HttpResponseListener(id, onStopCallback) {
+  this.id = id;
+  this.stopCallback = onStopCallback;
+}
+
+HttpResponseListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, off, cnt) {},
+
+  onStopRequest(request, status) {
+    log("STOP id=" + this.id);
+    do_test_finished();
+    if (this.stopCallback) {
+      this.stopCallback();
+    }
+  },
+};
+
+function setup_http_server() {
+  log("setup_http_server");
+  maxConnections = Services.prefs.getIntPref(
+    "network.http.max-persistent-connections-per-server"
+  );
+
+  var allDummyHttpRequestReceived = false;
+  // Start server; will be stopped at test cleanup time.
+  server.registerPathHandler("/", function (metadata, response) {
+    var id = metadata.getHeader("X-ID");
+    log("Server recived the response id=" + id);
+
+    response.processAsync();
+    response.setHeader("X-ID", id);
+
+    if (!allDummyHttpRequestReceived) {
+      dummyResponseQueue.push(response);
+    } else {
+      responseQueue.push(response);
+    }
+
+    if (dummyResponseQueue.length == maxConnections) {
+      log("received all dummy http requets");
+      allDummyHttpRequestReceived = true;
+      setup_HttpRequests();
+      processDummyResponse();
+    } else if (responseQueue.length == maxConnections) {
+      log("received all http requets");
+      check_response_id(responseQueue);
+      processResponses();
+    }
+  });
+
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function processDummyResponse() {
+  if (!dummyResponseQueue.length) {
+    return;
+  }
+  var resposne = dummyResponseQueue.pop();
+  resposne.finish();
+}
+
+function processResponses() {
+  while (responseQueue.length) {
+    var resposne = responseQueue.pop();
+    resposne.finish();
+  }
+}
+
+function run_test() {
+  setup_http_server();
+  setup_dummyHttpRequests(processDummyResponse);
+}
diff --git a/netwerk/test/unit/test_bug1378385_http1.js b/netwerk/test/unit/test_bug1378385_http1.js
new file mode 100644
index 0000000000..0e21db3478
--- /dev/null
+++ b/netwerk/test/unit/test_bug1378385_http1.js
@@ -0,0 +1,198 @@
+// test bug 1378385.
+//
+// Summary:
+// Assume we have 6 http requests in queue, 3 are from the focused window with
+// normal priority and the other 3 are from the non-focused window with the
+// highest priority.
+// We want to test that when "network.http.active_tab_priority" is false,
+// the server should receive 3 requests with the highest priority first
+// and then receive the rest 3 requests.
+//
+// Test step:
+// 1. Create 6 dummy http requests. Server would not process responses until told
+//    all 6 requests.
+// 2. Once server receive 6 dummy requests, create 3 http requests with the focused
+//    window id and normal priority and 3 requests with non-focused window id and
+//    the highrst priority.
+//    Note that the requets's id is set to its window id.
+// 3. Server starts to process the 6 dummy http requests, so the client can start to
+//    process the pending queue. Server will queue those http requests again and wait
+//    until get all 6 requests.
+// 4. When the server receive all 6 requests, we want to check if 3 requests with higher
+//    priority are sent before others.
+//    First, we check that if the request id of the first 3 requests in the queue is
+//    equal to non focused window id.
+//    Second, we check if the request id of the rest requests is equal to focused
+//    window id.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server = new HttpServer();
+server.start(-1);
+var baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+var maxConnections = 0;
+var debug = false;
+const FOCUSED_WINDOW_ID = 123;
+var NON_FOCUSED_WINDOW_ID;
+var FOCUSED_WINDOW_REQUEST_COUNT;
+var NON_FOCUSED_WINDOW_REQUEST_COUNT;
+
+function log(msg) {
+  if (!debug) {
+    return;
+  }
+
+  if (msg) {
+    dump("TEST INFO | " + msg + "\n");
+  }
+}
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+function serverStopListener() {
+  server.stop();
+}
+
+function createHttpRequest(browserId, requestId, priority) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  chan.browserId = browserId;
+  chan.QueryInterface(Ci.nsISupportsPriority).priority = priority;
+  var listner = new HttpResponseListener(requestId);
+  chan.setRequestHeader("X-ID", requestId, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.asyncOpen(listner);
+  log("Create http request id=" + requestId);
+}
+
+function setup_dummyHttpRequests() {
+  log("setup_dummyHttpRequests");
+  for (var i = 0; i < maxConnections; i++) {
+    createHttpRequest(0, i, Ci.nsISupportsPriority.PRIORITY_NORMAL);
+    do_test_pending();
+  }
+}
+
+function setup_focusedWindowHttpRequests() {
+  log("setup_focusedWindowHttpRequests");
+  for (var i = 0; i < FOCUSED_WINDOW_REQUEST_COUNT; i++) {
+    createHttpRequest(
+      FOCUSED_WINDOW_ID,
+      FOCUSED_WINDOW_ID,
+      Ci.nsISupportsPriority.PRIORITY_NORMAL
+    );
+    do_test_pending();
+  }
+}
+
+function setup_nonFocusedWindowHttpRequests() {
+  log("setup_nonFocusedWindowHttpRequests");
+  for (var i = 0; i < NON_FOCUSED_WINDOW_REQUEST_COUNT; i++) {
+    createHttpRequest(
+      NON_FOCUSED_WINDOW_ID,
+      NON_FOCUSED_WINDOW_ID,
+      Ci.nsISupportsPriority.PRIORITY_HIGHEST
+    );
+    do_test_pending();
+  }
+}
+
+function HttpResponseListener(id) {
+  this.id = id;
+}
+
+HttpResponseListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, off, cnt) {},
+
+  onStopRequest(request, status) {
+    log("STOP id=" + this.id);
+    do_test_finished();
+  },
+};
+
+function check_response_id(responses, browserId) {
+  for (var i = 0; i < responses.length; i++) {
+    var id = responses[i].getHeader("X-ID");
+    log("response id=" + id + " browserId=" + browserId);
+    Assert.equal(id, browserId);
+  }
+}
+
+var responseQueue = [];
+function setup_http_server() {
+  log("setup_http_server");
+  maxConnections = Services.prefs.getIntPref(
+    "network.http.max-persistent-connections-per-server"
+  );
+  FOCUSED_WINDOW_REQUEST_COUNT = Math.floor(maxConnections * 0.5);
+  NON_FOCUSED_WINDOW_REQUEST_COUNT =
+    maxConnections - FOCUSED_WINDOW_REQUEST_COUNT;
+  NON_FOCUSED_WINDOW_ID = FOCUSED_WINDOW_ID + FOCUSED_WINDOW_REQUEST_COUNT;
+
+  var allDummyHttpRequestReceived = false;
+  // Start server; will be stopped at test cleanup time.
+  server.registerPathHandler("/", function (metadata, response) {
+    var id = metadata.getHeader("X-ID");
+    log("Server recived the response id=" + id);
+
+    response.processAsync();
+    response.setHeader("X-ID", id);
+    responseQueue.push(response);
+
+    if (
+      responseQueue.length == maxConnections &&
+      !allDummyHttpRequestReceived
+    ) {
+      log("received all dummy http requets");
+      allDummyHttpRequestReceived = true;
+      setup_nonFocusedWindowHttpRequests();
+      setup_focusedWindowHttpRequests();
+      processResponses();
+    } else if (responseQueue.length == maxConnections) {
+      var nonFocusedWindowResponses = responseQueue.slice(
+        0,
+        NON_FOCUSED_WINDOW_REQUEST_COUNT
+      );
+      var focusedWindowResponses = responseQueue.slice(
+        NON_FOCUSED_WINDOW_REQUEST_COUNT,
+        responseQueue.length
+      );
+      check_response_id(nonFocusedWindowResponses, NON_FOCUSED_WINDOW_ID);
+      check_response_id(focusedWindowResponses, FOCUSED_WINDOW_ID);
+      processResponses();
+    }
+  });
+
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function processResponses() {
+  while (responseQueue.length) {
+    var resposne = responseQueue.pop();
+    resposne.finish();
+  }
+}
+
+function run_test() {
+  // Set "network.http.active_tab_priority" to false, so we can expect to
+  // receive http requests with higher priority first.
+  Services.prefs.setBoolPref("network.http.active_tab_priority", false);
+
+  setup_http_server();
+  setup_dummyHttpRequests();
+}
diff --git a/netwerk/test/unit/test_bug1411316_http1.js b/netwerk/test/unit/test_bug1411316_http1.js
new file mode 100644
index 0000000000..d1df42afdc
--- /dev/null
+++ b/netwerk/test/unit/test_bug1411316_http1.js
@@ -0,0 +1,116 @@
+// Test bug 1411316.
+//
+// Summary:
+// The purpose of this test is to test whether the HttpConnectionMgr really
+// cancel and close all connecitons when get "net:cancel-all-connections".
+//
+// Test step:
+// 1. Create 6 http requests. Server would not process responses and just put
+//    all requests in its queue.
+// 2. Once server receive all 6 requests, call notifyObservers with the
+//    topic "net:cancel-all-connections".
+// 3. We expect that all 6 active connections should be closed with the status
+//    NS_ERROR_ABORT.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server = new HttpServer();
+server.start(-1);
+var baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+var maxConnections = 0;
+var debug = false;
+var requestId = 0;
+
+function log(msg) {
+  if (!debug) {
+    return;
+  }
+
+  if (msg) {
+    dump("TEST INFO | " + msg + "\n");
+  }
+}
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+function serverStopListener() {
+  server.stop();
+}
+
+function createHttpRequest(status) {
+  let uri = baseURL;
+  var chan = make_channel(uri);
+  var listner = new HttpResponseListener(++requestId, status);
+  chan.setRequestHeader("X-ID", requestId, false);
+  chan.setRequestHeader("Cache-control", "no-store", false);
+  chan.asyncOpen(listner);
+  log("Create http request id=" + requestId);
+}
+
+function setupHttpRequests(status) {
+  log("setupHttpRequests");
+  for (var i = 0; i < maxConnections; i++) {
+    createHttpRequest(status);
+    do_test_pending();
+  }
+}
+
+function HttpResponseListener(id, onStopRequestStatus) {
+  this.id = id;
+  this.onStopRequestStatus = onStopRequestStatus;
+}
+
+HttpResponseListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, off, cnt) {},
+
+  onStopRequest(request, status) {
+    log("STOP id=" + this.id + " status=" + status);
+    Assert.ok(this.onStopRequestStatus == status);
+    do_test_finished();
+  },
+};
+
+var responseQueue = [];
+function setup_http_server() {
+  log("setup_http_server");
+  maxConnections = Services.prefs.getIntPref(
+    "network.http.max-persistent-connections-per-server"
+  );
+
+  // Start server; will be stopped at test cleanup time.
+  server.registerPathHandler("/", function (metadata, response) {
+    var id = metadata.getHeader("X-ID");
+    log("Server recived the response id=" + id);
+
+    response.processAsync();
+    response.setHeader("X-ID", id);
+    responseQueue.push(response);
+
+    if (responseQueue.length == maxConnections) {
+      log("received all http requets");
+      Services.obs.notifyObservers(null, "net:cancel-all-connections");
+    }
+  });
+
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function run_test() {
+  setup_http_server();
+  setupHttpRequests(Cr.NS_ERROR_ABORT);
+}
diff --git a/netwerk/test/unit/test_bug1527293.js b/netwerk/test/unit/test_bug1527293.js
new file mode 100644
index 0000000000..bed2bddec6
--- /dev/null
+++ b/netwerk/test/unit/test_bug1527293.js
@@ -0,0 +1,94 @@
+// Test bug 1527293
+//
+// Summary:
+// The purpose of this test is to check that a cache entry is doomed and not
+// reused when we don't write the content due to max entry size limit.
+//
+// Test step:
+// 1. Create http request for an entry whose size is bigger than we allow to
+//    cache. The response must contain Content-Range header so the content size
+//    is known in advance, but it must not contain Content-Length header because
+//    the bug isn't reproducible with it.
+// 2. After receiving and checking the content do the same request again.
+// 3. Check that the request isn't conditional, i.e. the entry from previous
+//    load was doomed.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+// need something bigger than 1024 bytes
+const responseBody =
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+
+  Assert.throws(
+    () => {
+      metadata.getHeader("If-None-Match");
+    },
+    /NS_ERROR_NOT_AVAILABLE/,
+    "conditional request not expected"
+  );
+
+  response.setHeader("Accept-Ranges", "bytes");
+  let len = responseBody.length;
+  response.setHeader("Content-Range", "0-" + (len - 1) + "/" + len);
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  // Static check
+  Assert.ok(responseBody.length > 1024);
+
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  var chan = make_channel(URL + "/content");
+  chan.asyncOpen(new ChannelListener(firstTimeThrough, null));
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+
+  var chan = make_channel(URL + "/content");
+  chan.asyncOpen(new ChannelListener(secondTimeThrough, null));
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_bug1683176.js b/netwerk/test/unit/test_bug1683176.js
new file mode 100644
index 0000000000..9b0fddf7bd
--- /dev/null
+++ b/netwerk/test/unit/test_bug1683176.js
@@ -0,0 +1,91 @@
+// Test bug 1683176
+//
+// Summary:
+//   Test the case when a channel is cancelled when "negotiate" authentication
+//   is processing.
+//
+
+"use strict";
+
+let prefs;
+let httpserv;
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort;
+});
+
+function makeChan(url, loadingUrl) {
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
+    Services.io.newURI(loadingUrl),
+    {}
+  );
+  return NetUtil.newChannel({
+    uri: url,
+    loadingPrincipal: principal,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+  });
+}
+
+function authHandler(metadata, response) {
+  var body = "blablabla";
+
+  response.seizePower();
+  response.write("HTTP/1.1 401 Unauthorized\r\n");
+  response.write("WWW-Authenticate: Negotiate\r\n");
+  response.write("WWW-Authenticate: Basic realm=test\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function setup() {
+  prefs = Services.prefs;
+
+  prefs.setIntPref("network.auth.subresource-http-auth-allow", 2);
+  prefs.setStringPref("network.negotiate-auth.trusted-uris", "localhost");
+
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/auth", authHandler);
+  httpserv.start(-1);
+}
+
+setup();
+registerCleanupFunction(async () => {
+  prefs.clearUserPref("network.auth.subresource-http-auth-allow");
+  prefs.clearUserPref("network.negotiate-auth.trusted-uris");
+  await httpserv.stop();
+});
+
+function channelOpenPromise(chan) {
+  return new Promise(resolve => {
+    let topic = "http-on-transaction-suspended-authentication";
+    let observer = {
+      QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+      observe(aSubject, aTopic, aData) {
+        if (aTopic == topic) {
+          Services.obs.removeObserver(observer, topic);
+          let channel = aSubject.QueryInterface(Ci.nsIChannel);
+          channel.cancel(Cr.NS_BINDING_ABORTED);
+          resolve();
+        }
+      },
+    };
+    Services.obs.addObserver(observer, topic);
+
+    chan.asyncOpen(new ChannelListener(finish, null, CL_EXPECT_FAILURE));
+    function finish() {
+      resolve();
+    }
+  });
+}
+
+add_task(async function testCancelAuthentication() {
+  let chan = makeChan(URL + "/auth", URL);
+  await channelOpenPromise(chan);
+  Assert.equal(chan.status, Cr.NS_BINDING_ABORTED);
+});
diff --git a/netwerk/test/unit/test_bug1725766.js b/netwerk/test/unit/test_bug1725766.js
new file mode 100644
index 0000000000..7b50a7cbd4
--- /dev/null
+++ b/netwerk/test/unit/test_bug1725766.js
@@ -0,0 +1,85 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+let hserv = Cc["@mozilla.org/uriloader/handler-service;1"].getService(
+  Ci.nsIHandlerService
+);
+let handlerInfo;
+const testScheme = "x-moz-test";
+
+function setup() {
+  var handler = Cc["@mozilla.org/uriloader/web-handler-app;1"].createInstance(
+    Ci.nsIWebHandlerApp
+  );
+  handler.name = testScheme;
+  handler.uriTemplate = "http://test.mozilla.org/%s";
+
+  var extps = Cc[
+    "@mozilla.org/uriloader/external-protocol-service;1"
+  ].getService(Ci.nsIExternalProtocolService);
+  handlerInfo = extps.getProtocolHandlerInfo(testScheme);
+  handlerInfo.possibleApplicationHandlers.appendElement(handler);
+
+  hserv.store(handlerInfo);
+  Assert.ok(extps.externalProtocolHandlerExists(testScheme));
+}
+
+setup();
+registerCleanupFunction(() => {
+  hserv.remove(handlerInfo);
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function viewsourceExternalProtocol() {
+  Assert.throws(
+    () => makeChan(`view-source:${testScheme}:foo.example.com`),
+    /NS_ERROR_MALFORMED_URI/
+  );
+});
+
+add_task(async function viewsourceExternalProtocolRedirect() {
+  let httpserv = new HttpServer();
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
+    response.setHeader("Location", `${testScheme}:foo@bar.com`, false);
+
+    var body = "Moved\n";
+    response.bodyOutputStream.write(body, body.length);
+  });
+  httpserv.start(-1);
+
+  let chan = makeChan(
+    `view-source:http://127.0.0.1:${httpserv.identity.primaryPort}/`
+  );
+  let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE);
+  Assert.equal(req.status, Cr.NS_ERROR_MALFORMED_URI);
+  await httpserv.stop();
+});
diff --git a/netwerk/test/unit/test_bug203271.js b/netwerk/test/unit/test_bug203271.js
new file mode 100644
index 0000000000..da43a1b4aa
--- /dev/null
+++ b/netwerk/test/unit/test_bug203271.js
@@ -0,0 +1,249 @@
+//
+// Tests if a response with an Expires-header in the past
+// and Cache-Control: max-age  in the future works as
+// specified in RFC 2616 section 14.9.3 by letting max-age
+// take precedence
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  // original problem described in bug#203271
+  {
+    url: "/precedence",
+    server: "0",
+    expected: "0",
+    responseheader: [
+      "Expires: " + getDateString(-1),
+      "Cache-Control: max-age=3600",
+    ],
+  },
+
+  {
+    url: "/precedence?0",
+    server: "0",
+    expected: "0",
+    responseheader: [
+      "Cache-Control: max-age=3600",
+      "Expires: " + getDateString(-1),
+    ],
+  },
+
+  // max-age=1s, expires=1 year from now
+  {
+    url: "/precedence?1",
+    server: "0",
+    expected: "0",
+    responseheader: [
+      "Expires: " + getDateString(1),
+      "Cache-Control: max-age=1",
+    ],
+  },
+
+  // expires=now
+  {
+    url: "/precedence?2",
+    server: "0",
+    expected: "0",
+    responseheader: ["Expires: " + getDateString(0)],
+  },
+
+  // max-age=1s
+  {
+    url: "/precedence?3",
+    server: "0",
+    expected: "0",
+    responseheader: ["Cache-Control: max-age=1"],
+  },
+
+  // The test below is the example from
+  //
+  //         https://bugzilla.mozilla.org/show_bug.cgi?id=203271#c27
+  //
+  //  max-age=2592000s (1 month), expires=1 year from now, date=1 year ago
+  {
+    url: "/precedence?4",
+    server: "0",
+    expected: "0",
+    responseheader: [
+      "Cache-Control: private, max-age=2592000",
+      "Expires: " + getDateString(+1),
+    ],
+    explicitDate: getDateString(-1),
+  },
+
+  // The two tests below are also examples of clocks really out of synch
+  // max-age=1s, date=1 year from now
+  {
+    url: "/precedence?5",
+    server: "0",
+    expected: "0",
+    responseheader: ["Cache-Control: max-age=1"],
+    explicitDate: getDateString(1),
+  },
+
+  // max-age=60s, date=1 year from now
+  {
+    url: "/precedence?6",
+    server: "0",
+    expected: "0",
+    responseheader: ["Cache-Control: max-age=60"],
+    explicitDate: getDateString(1),
+  },
+
+  // this is just to get a pause of 3s to allow cache-entries to expire
+  { url: "/precedence?999", server: "0", expected: "0", delay: "3000" },
+
+  // Below are the cases which actually matters
+  { url: "/precedence", server: "1", expected: "0" }, // should be cached
+
+  { url: "/precedence?0", server: "1", expected: "0" }, // should be cached
+
+  { url: "/precedence?1", server: "1", expected: "1" }, // should have expired
+
+  { url: "/precedence?2", server: "1", expected: "1" }, // should have expired
+
+  { url: "/precedence?3", server: "1", expected: "1" }, // should have expired
+
+  { url: "/precedence?4", server: "1", expected: "1" }, // should have expired
+
+  { url: "/precedence?5", server: "1", expected: "1" }, // should have expired
+
+  { url: "/precedence?6", server: "1", expected: "0" }, // should be cached
+];
+
+function logit(i, data, ctx) {
+  dump(
+    "requested [" +
+      tests[i].server +
+      "] " +
+      "got [" +
+      data +
+      "] " +
+      "expected [" +
+      tests[i].expected +
+      "]"
+  );
+
+  if (tests[i].responseheader) {
+    dump("\t[" + tests[i].responseheader + "]");
+  }
+  dump("\n");
+  // Dump all response-headers
+  dump("\n===================================\n");
+  ctx.visitResponseHeaders({
+    visitHeader(key, val) {
+      dump("\t" + key + ":" + val + "\n");
+    },
+  });
+  dump("===================================\n");
+}
+
+function setupChannel(suffix, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET"; // default value, just being paranoid...
+  httpChan.setRequestHeader("x-request", value, false);
+  return httpChan;
+}
+
+function triggerNextTest() {
+  var channel = setupChannel(tests[index].url, tests[index].server);
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, channel));
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  logit(index, data, ctx);
+  Assert.equal(tests[index].expected, data);
+
+  if (index < tests.length - 1) {
+    var delay = tests[index++].delay;
+    if (delay) {
+      do_timeout(delay, triggerNextTest);
+    } else {
+      triggerNextTest();
+    }
+  } else {
+    httpserver.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/precedence", handler);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+
+  triggerNextTest();
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  var body = metadata.getHeader("x-request");
+  response.setHeader("Content-Type", "text/plain", false);
+
+  var date = tests[index].explicitDate;
+  if (date == undefined) {
+    response.setHeader("Date", getDateString(0), false);
+  } else {
+    response.setHeader("Date", date, false);
+  }
+
+  var header = tests[index].responseheader;
+  if (header == undefined) {
+    response.setHeader("Last-Modified", getDateString(-1), false);
+  } else {
+    for (var i = 0; i < header.length; i++) {
+      var splitHdr = header[i].split(": ");
+      response.setHeader(splitHdr[0], splitHdr[1], false);
+    }
+  }
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug248970_cache.js b/netwerk/test/unit/test_bug248970_cache.js
new file mode 100644
index 0000000000..d52d3b88d9
--- /dev/null
+++ b/netwerk/test/unit/test_bug248970_cache.js
@@ -0,0 +1,144 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// names for cache devices
+const kDiskDevice = "disk";
+const kMemoryDevice = "memory";
+
+const kCacheA = "http://cache/A";
+const kCacheA2 = "http://cache/A2";
+const kCacheB = "http://cache/B";
+const kTestContent = "test content";
+
+const entries = [
+  // key       content       device          should exist after leaving PB
+  [kCacheA, kTestContent, kMemoryDevice, true],
+  [kCacheA2, kTestContent, kDiskDevice, false],
+  [kCacheB, kTestContent, kDiskDevice, true],
+];
+
+var store_idx;
+var store_cb = null;
+
+function store_entries(cb) {
+  if (cb) {
+    store_cb = cb;
+    store_idx = 0;
+  }
+
+  if (store_idx == entries.length) {
+    executeSoon(store_cb);
+    return;
+  }
+
+  asyncOpenCacheEntry(
+    entries[store_idx][0],
+    entries[store_idx][2],
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    Services.loadContextInfo.custom(false, {
+      privateBrowsingId: entries[store_idx][3] ? 0 : 1,
+    }),
+    store_data
+  );
+}
+
+var store_data = function (status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var os = entry.openOutputStream(0, entries[store_idx][1].length);
+
+  var written = os.write(entries[store_idx][1], entries[store_idx][1].length);
+  if (written != entries[store_idx][1].length) {
+    do_throw(
+      "os.write has not written all data!\n" +
+        "  Expected: " +
+        entries[store_idx][1].length +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+  os.close();
+  entry.close();
+  store_idx++;
+  executeSoon(store_entries);
+};
+
+var check_idx;
+var check_cb = null;
+var check_pb_exited;
+function check_entries(cb, pbExited) {
+  if (cb) {
+    check_cb = cb;
+    check_idx = 0;
+    check_pb_exited = pbExited;
+  }
+
+  if (check_idx == entries.length) {
+    executeSoon(check_cb);
+    return;
+  }
+
+  asyncOpenCacheEntry(
+    entries[check_idx][0],
+    entries[check_idx][2],
+    Ci.nsICacheStorage.OPEN_READONLY,
+    Services.loadContextInfo.custom(false, {
+      privateBrowsingId: entries[check_idx][3] ? 0 : 1,
+    }),
+    check_data
+  );
+}
+
+var check_data = function (status, entry) {
+  var cont = function () {
+    check_idx++;
+    executeSoon(check_entries);
+  };
+
+  if (!check_pb_exited || entries[check_idx][3]) {
+    Assert.equal(status, Cr.NS_OK);
+    var is = entry.openInputStream(0);
+    pumpReadStream(is, function (read) {
+      entry.close();
+      Assert.equal(read, entries[check_idx][1]);
+      cont();
+    });
+  } else {
+    Assert.equal(status, Cr.NS_ERROR_CACHE_KEY_NOT_FOUND);
+    cont();
+  }
+};
+
+function run_test() {
+  // Simulate a profile dir for xpcshell
+  do_get_profile();
+
+  // Start off with an empty cache
+  evict_cache_entries();
+
+  // Store cache-A, cache-A2, cache-B and cache-C
+  store_entries(run_test2);
+
+  do_test_pending();
+}
+
+function run_test2() {
+  // Check if cache-A, cache-A2, cache-B and cache-C are available
+  check_entries(run_test3, false);
+}
+
+function run_test3() {
+  // Simulate all private browsing instances being closed
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+
+  // Make sure the memory device is not empty
+  get_device_entry_count(kMemoryDevice, null, function (count) {
+    Assert.equal(count, 1);
+    // Check if cache-A is gone, and cache-B and cache-C are still available
+    check_entries(do_test_finished, true);
+  });
+}
diff --git a/netwerk/test/unit/test_bug248970_cookie.js b/netwerk/test/unit/test_bug248970_cookie.js
new file mode 100644
index 0000000000..0dfe34e8e0
--- /dev/null
+++ b/netwerk/test/unit/test_bug248970_cookie.js
@@ -0,0 +1,148 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver;
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+function makeChan(path) {
+  return NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + "/" + path,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function setup_chan(path, isPrivate, callback) {
+  var chan = makeChan(path);
+  chan.QueryInterface(Ci.nsIPrivateBrowsingChannel).setPrivate(isPrivate);
+  chan.asyncOpen(new ChannelListener(callback));
+}
+
+function set_cookie(value, callback) {
+  return setup_chan("set?cookie=" + value, false, callback);
+}
+
+function set_private_cookie(value, callback) {
+  return setup_chan("set?cookie=" + value, true, callback);
+}
+
+function check_cookie_presence(value, isPrivate, expected, callback) {
+  setup_chan(
+    "present?cookie=" + value.replace("=", "|"),
+    isPrivate,
+    function (req) {
+      req.QueryInterface(Ci.nsIHttpChannel);
+      Assert.equal(req.responseStatus, expected ? 200 : 404);
+      callback(req);
+    }
+  );
+}
+
+function presentHandler(metadata, response) {
+  var present = false;
+  var match = /cookie=([^&]*)/.exec(metadata.queryString);
+  if (match) {
+    try {
+      present = metadata
+        .getHeader("Cookie")
+        .includes(match[1].replace("|", "="));
+    } catch (x) {}
+  }
+  response.setStatusLine("1.0", present ? 200 : 404, "");
+}
+
+function setHandler(metadata, response) {
+  response.setStatusLine("1.0", 200, "Cookie set");
+  var match = /cookie=([^&]*)/.exec(metadata.queryString);
+  if (match) {
+    response.setHeader("Set-Cookie", match[1]);
+  }
+}
+
+function run_test() {
+  // Allow all cookies if the pref service is available in this process.
+  if (!inChildProcess()) {
+    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+    Services.prefs.setBoolPref(
+      "network.cookieJarSettings.unblocked_for_testing",
+      true
+    );
+  }
+
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/set", setHandler);
+  httpserver.registerPathHandler("/present", presentHandler);
+  httpserver.start(-1);
+
+  do_test_pending();
+
+  function check_cookie(req) {
+    req.QueryInterface(Ci.nsIHttpChannel);
+    Assert.equal(req.responseStatus, 200);
+    try {
+      Assert.ok(
+        req.getResponseHeader("Set-Cookie") != "",
+        "expected a Set-Cookie header"
+      );
+    } catch (x) {
+      do_throw("missing Set-Cookie header");
+    }
+
+    runNextTest();
+  }
+
+  let tests = [];
+
+  function runNextTest() {
+    executeSoon(tests.shift());
+  }
+
+  tests.push(function () {
+    set_cookie("C1=V1", check_cookie);
+  });
+  tests.push(function () {
+    set_private_cookie("C2=V2", check_cookie);
+  });
+  tests.push(function () {
+    // Check that the first cookie is present in a non-private request
+    check_cookie_presence("C1=V1", false, true, runNextTest);
+  });
+  tests.push(function () {
+    // Check that the second cookie is present in a private request
+    check_cookie_presence("C2=V2", true, true, runNextTest);
+  });
+  tests.push(function () {
+    // Check that the first cookie is not present in a private request
+    check_cookie_presence("C1=V1", true, false, runNextTest);
+  });
+  tests.push(function () {
+    // Check that the second cookie is not present in a non-private request
+    check_cookie_presence("C2=V2", false, false, runNextTest);
+  });
+
+  // The following test only works in a non-e10s situation at the moment,
+  // since the notification needs to run in the parent process but there is
+  // no existing mechanism to make that happen.
+  if (!inChildProcess()) {
+    tests.push(function () {
+      // Simulate all private browsing instances being closed
+      Services.obs.notifyObservers(null, "last-pb-context-exited");
+      // Check that all private cookies are now unavailable in new private requests
+      check_cookie_presence("C2=V2", true, false, runNextTest);
+    });
+  }
+
+  tests.push(function () {
+    httpserver.stop(do_test_finished);
+  });
+
+  runNextTest();
+}
diff --git a/netwerk/test/unit/test_bug261425.js b/netwerk/test/unit/test_bug261425.js
new file mode 100644
index 0000000000..f58ad62e93
--- /dev/null
+++ b/netwerk/test/unit/test_bug261425.js
@@ -0,0 +1,29 @@
+"use strict";
+
+function run_test() {
+  var newURI = Services.io.newURI("http://foo.com");
+
+  var success = false;
+  try {
+    newURI = newURI.mutate().setSpec("http: //foo.com").finalize();
+  } catch (e) {
+    success = e.result == Cr.NS_ERROR_MALFORMED_URI;
+  }
+  if (!success) {
+    do_throw(
+      "We didn't throw NS_ERROR_MALFORMED_URI when a space was passed in the hostname!"
+    );
+  }
+
+  success = false;
+  try {
+    newURI.mutate().setHost(" foo.com").finalize();
+  } catch (e) {
+    success = e.result == Cr.NS_ERROR_MALFORMED_URI;
+  }
+  if (!success) {
+    do_throw(
+      "We didn't throw NS_ERROR_MALFORMED_URI when a space was passed in the hostname!"
+    );
+  }
+}
diff --git a/netwerk/test/unit/test_bug263127.js b/netwerk/test/unit/test_bug263127.js
new file mode 100644
index 0000000000..75dc650980
--- /dev/null
+++ b/netwerk/test/unit/test_bug263127.js
@@ -0,0 +1,58 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server;
+const BUGID = "263127";
+
+var listener = {
+  QueryInterface: ChromeUtils.generateQI(["nsIDownloadObserver"]),
+
+  onDownloadComplete(downloader, request, status, file) {
+    do_test_pending();
+    server.stop(do_test_finished);
+
+    if (!file) {
+      do_throw("Download failed");
+    }
+
+    try {
+      file.remove(false);
+    } catch (e) {
+      do_throw(e);
+    }
+
+    Assert.ok(!file.exists());
+
+    do_test_finished();
+  },
+};
+
+function run_test() {
+  // start server
+  server = new HttpServer();
+  server.start(-1);
+
+  // Initialize downloader
+  var channel = NetUtil.newChannel({
+    uri: "http://localhost:" + server.identity.primaryPort + "/",
+    loadUsingSystemPrincipal: true,
+  });
+  var targetFile = Services.dirsvc.get("TmpD", Ci.nsIFile);
+  targetFile.append("bug" + BUGID + ".test");
+  if (targetFile.exists()) {
+    targetFile.remove(false);
+  }
+
+  var downloader = Cc["@mozilla.org/network/downloader;1"].createInstance(
+    Ci.nsIDownloader
+  );
+  downloader.init(listener, targetFile);
+
+  // Start download
+  channel.asyncOpen(downloader);
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug282432.js b/netwerk/test/unit/test_bug282432.js
new file mode 100644
index 0000000000..5e6e7a19b6
--- /dev/null
+++ b/netwerk/test/unit/test_bug282432.js
@@ -0,0 +1,37 @@
+"use strict";
+
+function run_test() {
+  do_test_pending();
+
+  function StreamListener() {}
+
+  StreamListener.prototype = {
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIStreamListener",
+      "nsIRequestObserver",
+    ]),
+
+    onStartRequest(aRequest) {},
+
+    onStopRequest(aRequest, aStatusCode) {
+      // Make sure we can catch the error NS_ERROR_FILE_NOT_FOUND here.
+      Assert.equal(aStatusCode, Cr.NS_ERROR_FILE_NOT_FOUND);
+      do_test_finished();
+    },
+
+    onDataAvailable(aRequest, aStream, aOffset, aCount) {
+      do_throw("The channel must not call onDataAvailable().");
+    },
+  };
+
+  let listener = new StreamListener();
+
+  // This file does not exist.
+  let file = do_get_file("_NOT_EXIST_.txt", true);
+  Assert.ok(!file.exists());
+  let channel = NetUtil.newChannel({
+    uri: Services.io.newFileURI(file),
+    loadUsingSystemPrincipal: true,
+  });
+  channel.asyncOpen(listener);
+}
diff --git a/netwerk/test/unit/test_bug321706.js b/netwerk/test/unit/test_bug321706.js
new file mode 100644
index 0000000000..a267d6586d
--- /dev/null
+++ b/netwerk/test/unit/test_bug321706.js
@@ -0,0 +1,10 @@
+"use strict";
+
+const url = "http://foo.com/folder/file?/.";
+
+function run_test() {
+  var newURI = Services.io.newURI(url);
+  Assert.equal(newURI.spec, url);
+  Assert.equal(newURI.pathQueryRef, "/folder/file?/.");
+  Assert.equal(newURI.resolve("./file?/."), url);
+}
diff --git a/netwerk/test/unit/test_bug331825.js b/netwerk/test/unit/test_bug331825.js
new file mode 100644
index 0000000000..5a389c74a4
--- /dev/null
+++ b/netwerk/test/unit/test_bug331825.js
@@ -0,0 +1,43 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var server;
+const BUGID = "331825";
+
+function TestListener() {}
+TestListener.prototype.onStartRequest = function (request) {};
+TestListener.prototype.onStopRequest = function (request, status) {
+  var channel = request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(channel.responseStatus, 304);
+
+  server.stop(do_test_finished);
+};
+
+function run_test() {
+  // start server
+  server = new HttpServer();
+
+  server.registerPathHandler("/bug" + BUGID, bug331825);
+
+  server.start(-1);
+
+  // make request
+  var channel = NetUtil.newChannel({
+    uri: "http://localhost:" + server.identity.primaryPort + "/bug" + BUGID,
+    loadUsingSystemPrincipal: true,
+  });
+
+  channel.QueryInterface(Ci.nsIHttpChannel);
+  channel.setRequestHeader("If-None-Match", "foobar", false);
+  channel.asyncOpen(new TestListener());
+
+  do_test_pending();
+}
+
+// PATH HANDLER FOR /bug331825
+function bug331825(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+}
diff --git a/netwerk/test/unit/test_bug336501.js b/netwerk/test/unit/test_bug336501.js
new file mode 100644
index 0000000000..3e15fd42bb
--- /dev/null
+++ b/netwerk/test/unit/test_bug336501.js
@@ -0,0 +1,26 @@
+"use strict";
+
+function run_test() {
+  var f = do_get_file("test_bug336501.js");
+
+  var fis = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fis.init(f, -1, -1, 0);
+
+  var bis = Cc["@mozilla.org/network/buffered-input-stream;1"].createInstance(
+    Ci.nsIBufferedInputStream
+  );
+  bis.init(fis, 32);
+
+  var sis = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+    Ci.nsIScriptableInputStream
+  );
+  sis.init(bis);
+
+  sis.read(45);
+  sis.close();
+
+  var data = sis.read(45);
+  Assert.equal(data.length, 0);
+}
diff --git a/netwerk/test/unit/test_bug337744.js b/netwerk/test/unit/test_bug337744.js
new file mode 100644
index 0000000000..69a99b8765
--- /dev/null
+++ b/netwerk/test/unit/test_bug337744.js
@@ -0,0 +1,126 @@
+/* verify that certain invalid URIs are not parsed by the resource
+   protocol handler */
+
+"use strict";
+
+const specs = [
+  "resource://res-test//",
+  "resource://res-test/?foo=http:",
+  "resource://res-test/?foo=" + encodeURIComponent("http://example.com/"),
+  "resource://res-test/?foo=" + encodeURIComponent("x\\y"),
+  "resource://res-test/..%2F",
+  "resource://res-test/..%2f",
+  "resource://res-test/..%2F..",
+  "resource://res-test/..%2f..",
+  "resource://res-test/../../",
+  "resource://res-test/http://www.mozilla.org/",
+  "resource://res-test/file:///",
+];
+
+const error_specs = [
+  "resource://res-test/..\\",
+  "resource://res-test/..\\..\\",
+  "resource://res-test/..%5C",
+  "resource://res-test/..%5c",
+];
+
+// Create some fake principal that has not enough
+// privileges to access any resource: uri.
+var uri = NetUtil.newURI("http://www.example.com");
+var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+function get_channel(spec) {
+  var channel = NetUtil.newChannel({
+    uri: NetUtil.newURI(spec),
+    loadingPrincipal: principal,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+  });
+
+  Assert.throws(
+    () => {
+      channel.asyncOpen(null);
+    },
+    /NS_ERROR_DOM_BAD_URI/,
+    `asyncOpen() of uri: ${spec} should throw`
+  );
+  Assert.throws(
+    () => {
+      channel.open();
+    },
+    /NS_ERROR_DOM_BAD_URI/,
+    `Open() of uri: ${spec} should throw`
+  );
+
+  return channel;
+}
+
+function check_safe_resolution(spec, rootURI) {
+  info(`Testing URL "${spec}"`);
+
+  let channel = get_channel(spec);
+
+  ok(
+    channel.name.startsWith(rootURI),
+    `URL resolved safely to ${channel.name}`
+  );
+  let startOfQuery = channel.name.indexOf("?");
+  if (startOfQuery == -1) {
+    ok(!/%2f/i.test(channel.name), `URL contains no escaped / characters`);
+  } else {
+    // Escaped slashes are allowed in the query or hash part of the URL
+    ok(
+      !channel.name.replace(/\?.*/, "").includes("%2f"),
+      `URL contains no escaped slashes before the query ${channel.name}`
+    );
+  }
+}
+
+function check_resolution_error(spec) {
+  Assert.throws(
+    () => {
+      get_channel(spec);
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "Expected a malformed URI error"
+  );
+}
+
+function run_test() {
+  // resource:/// and resource://gre/ are resolved specially, so we need
+  // to create a temporary resource package to test the standard logic
+  // with.
+
+  let resProto = Cc["@mozilla.org/network/protocol;1?name=resource"].getService(
+    Ci.nsIResProtocolHandler
+  );
+  let rootFile = Services.dirsvc.get("GreD", Ci.nsIFile);
+  let rootURI = Services.io.newFileURI(rootFile);
+
+  rootFile.append("directory-that-does-not-exist");
+  let inexistentURI = Services.io.newFileURI(rootFile);
+
+  resProto.setSubstitution("res-test", rootURI);
+  resProto.setSubstitution("res-inexistent", inexistentURI);
+  registerCleanupFunction(() => {
+    resProto.setSubstitution("res-test", null);
+    resProto.setSubstitution("res-inexistent", null);
+  });
+
+  let baseRoot = resProto.resolveURI(Services.io.newURI("resource:///"));
+  let greRoot = resProto.resolveURI(Services.io.newURI("resource://gre/"));
+
+  for (let spec of specs) {
+    check_safe_resolution(spec, rootURI.spec);
+    check_safe_resolution(
+      spec.replace("res-test", "res-inexistent"),
+      inexistentURI.spec
+    );
+    check_safe_resolution(spec.replace("res-test", ""), baseRoot);
+    check_safe_resolution(spec.replace("res-test", "gre"), greRoot);
+  }
+
+  for (let spec of error_specs) {
+    check_resolution_error(spec);
+  }
+}
diff --git a/netwerk/test/unit/test_bug368702.js b/netwerk/test/unit/test_bug368702.js
new file mode 100644
index 0000000000..c77f40a71b
--- /dev/null
+++ b/netwerk/test/unit/test_bug368702.js
@@ -0,0 +1,147 @@
+"use strict";
+
+function run_test() {
+  var tld = Services.eTLD;
+  Assert.equal(tld.getPublicSuffixFromHost("localhost"), "localhost");
+  Assert.equal(tld.getPublicSuffixFromHost("localhost."), "localhost.");
+  Assert.equal(tld.getPublicSuffixFromHost("domain.com"), "com");
+  Assert.equal(tld.getPublicSuffixFromHost("domain.com."), "com.");
+  Assert.equal(tld.getPublicSuffixFromHost("domain.co.uk"), "co.uk");
+  Assert.equal(tld.getPublicSuffixFromHost("domain.co.uk."), "co.uk.");
+  Assert.equal(tld.getPublicSuffixFromHost("co.uk"), "co.uk");
+  Assert.equal(tld.getBaseDomainFromHost("domain.co.uk"), "domain.co.uk");
+  Assert.equal(tld.getBaseDomainFromHost("domain.co.uk."), "domain.co.uk.");
+
+  try {
+    tld.getPublicSuffixFromHost("");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
+  }
+
+  try {
+    tld.getBaseDomainFromHost("domain.co.uk", 1);
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
+  }
+
+  try {
+    tld.getBaseDomainFromHost("co.uk");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
+  }
+
+  try {
+    tld.getBaseDomainFromHost("");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("1.2.3.4");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("2010:836B:4179::836B:4179");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("3232235878");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("::ffff:192.9.5.5");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("::1");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  // Check IP addresses with trailing dot as well, Necko sometimes accepts
+  // those (depending on operating system, see bug 380543)
+  try {
+    tld.getPublicSuffixFromHost("127.0.0.1.");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  try {
+    tld.getPublicSuffixFromHost("::ffff:127.0.0.1.");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_HOST_IS_IP_ADDRESS);
+  }
+
+  // check normalization: output should be consistent with
+  // nsIURI::GetAsciiHost(), i.e. lowercased and ASCII/ACE encoded
+  var uri = Services.io.newURI("http://b\u00FCcher.co.uk");
+  Assert.equal(tld.getBaseDomain(uri), "xn--bcher-kva.co.uk");
+  Assert.equal(
+    tld.getBaseDomainFromHost("b\u00FCcher.co.uk"),
+    "xn--bcher-kva.co.uk"
+  );
+  Assert.equal(tld.getPublicSuffix(uri), "co.uk");
+  Assert.equal(tld.getPublicSuffixFromHost("b\u00FCcher.co.uk"), "co.uk");
+
+  // check that malformed hosts are rejected as invalid args
+  try {
+    tld.getBaseDomainFromHost("domain.co.uk..");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+
+  try {
+    tld.getBaseDomainFromHost("domain.co..uk");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+
+  try {
+    tld.getBaseDomainFromHost(".domain.co.uk");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+
+  try {
+    tld.getBaseDomainFromHost(".domain.co.uk");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+
+  try {
+    tld.getBaseDomainFromHost(".");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+
+  try {
+    tld.getBaseDomainFromHost("..");
+    do_throw("this should fail");
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_ILLEGAL_VALUE);
+  }
+}
diff --git a/netwerk/test/unit/test_bug369787.js b/netwerk/test/unit/test_bug369787.js
new file mode 100644
index 0000000000..36cf2472e1
--- /dev/null
+++ b/netwerk/test/unit/test_bug369787.js
@@ -0,0 +1,73 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const BUGID = "369787";
+var server = null;
+var channel = null;
+
+function change_content_type() {
+  var origType = channel.contentType;
+  const newType = "x-foo/x-bar";
+  channel.contentType = newType;
+  Assert.equal(channel.contentType, newType);
+  channel.contentType = origType;
+  Assert.equal(channel.contentType, origType);
+}
+
+function TestListener() {}
+TestListener.prototype.onStartRequest = function (request) {
+  try {
+    // request might be different from channel
+    channel = request.QueryInterface(Ci.nsIChannel);
+
+    change_content_type();
+  } catch (ex) {
+    print(ex);
+    throw ex;
+  }
+};
+TestListener.prototype.onStopRequest = function (request, status) {
+  try {
+    change_content_type();
+  } catch (ex) {
+    print(ex);
+    // don't re-throw ex to avoid hanging the test
+  }
+
+  do_timeout(0, after_channel_closed);
+};
+
+function after_channel_closed() {
+  try {
+    change_content_type();
+  } finally {
+    server.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  // start server
+  server = new HttpServer();
+
+  server.registerPathHandler("/bug" + BUGID, bug369787);
+
+  server.start(-1);
+
+  // make request
+  channel = NetUtil.newChannel({
+    uri: "http://localhost:" + server.identity.primaryPort + "/bug" + BUGID,
+    loadUsingSystemPrincipal: true,
+  });
+  channel.QueryInterface(Ci.nsIHttpChannel);
+  channel.asyncOpen(new TestListener());
+
+  do_test_pending();
+}
+
+// PATH HANDLER FOR /bug369787
+function bug369787(metadata, response) {
+  /* do nothing */
+}
diff --git a/netwerk/test/unit/test_bug371473.js b/netwerk/test/unit/test_bug371473.js
new file mode 100644
index 0000000000..999a6c00cf
--- /dev/null
+++ b/netwerk/test/unit/test_bug371473.js
@@ -0,0 +1,36 @@
+"use strict";
+
+function test_not_too_long() {
+  var spec = "jar:http://example.com/bar.jar!/";
+  try {
+    Services.io.newURI(spec);
+  } catch (e) {
+    do_throw("newURI threw even though it wasn't passed a large nested URI?");
+  }
+}
+
+function test_too_long() {
+  var i;
+  var prefix = "jar:";
+  for (i = 0; i < 16; i++) {
+    prefix = prefix + prefix;
+  }
+  var suffix = "!/";
+  for (i = 0; i < 16; i++) {
+    suffix = suffix + suffix;
+  }
+
+  var spec = prefix + "http://example.com/bar.jar" + suffix;
+  try {
+    // The following will produce a recursive call that if
+    // unchecked would lead to a stack overflow. If we
+    // do not crash here and thus an exception is caught
+    // we have passed the test.
+    Services.io.newURI(spec);
+  } catch (e) {}
+}
+
+function run_test() {
+  test_not_too_long();
+  test_too_long();
+}
diff --git a/netwerk/test/unit/test_bug376844.js b/netwerk/test/unit/test_bug376844.js
new file mode 100644
index 0000000000..5184a30e54
--- /dev/null
+++ b/netwerk/test/unit/test_bug376844.js
@@ -0,0 +1,19 @@
+"use strict";
+
+const testURLs = [
+  ["http://example.com/<", "http://example.com/%3C"],
+  ["http://example.com/>", "http://example.com/%3E"],
+  ["http://example.com/'", "http://example.com/'"],
+  ['http://example.com/"', "http://example.com/%22"],
+  ["http://example.com/?<", "http://example.com/?%3C"],
+  ["http://example.com/?>", "http://example.com/?%3E"],
+  ["http://example.com/?'", "http://example.com/?%27"],
+  ['http://example.com/?"', "http://example.com/?%22"],
+];
+
+function run_test() {
+  for (var i = 0; i < testURLs.length; i++) {
+    var uri = Services.io.newURI(testURLs[i][0]);
+    Assert.equal(uri.spec, testURLs[i][1]);
+  }
+}
diff --git a/netwerk/test/unit/test_bug376865.js b/netwerk/test/unit/test_bug376865.js
new file mode 100644
index 0000000000..260dcbf7e6
--- /dev/null
+++ b/netwerk/test/unit/test_bug376865.js
@@ -0,0 +1,23 @@
+"use strict";
+
+function run_test() {
+  var stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsISupportsCString
+  );
+  stream.data = "foo bar baz";
+
+  var pump = Cc["@mozilla.org/network/input-stream-pump;1"].createInstance(
+    Ci.nsIInputStreamPump
+  );
+  pump.init(stream, 0, 0, false);
+
+  // When we pass a null listener argument too asyncRead we expect it to throw
+  // instead of crashing.
+  try {
+    pump.asyncRead(null);
+  } catch (e) {
+    return;
+  }
+
+  do_throw("asyncRead didn't throw when passed a null listener argument.");
+}
diff --git a/netwerk/test/unit/test_bug379034.js b/netwerk/test/unit/test_bug379034.js
new file mode 100644
index 0000000000..eb28daf51e
--- /dev/null
+++ b/netwerk/test/unit/test_bug379034.js
@@ -0,0 +1,19 @@
+"use strict";
+
+function run_test() {
+  const ios = Services.io;
+
+  var base = ios.newURI("http://localhost/bug379034/index.html");
+
+  var uri = ios.newURI("http:a.html", null, base);
+  Assert.equal(uri.spec, "http://localhost/bug379034/a.html");
+
+  uri = ios.newURI("HtTp:b.html", null, base);
+  Assert.equal(uri.spec, "http://localhost/bug379034/b.html");
+
+  uri = ios.newURI("https:c.html", null, base);
+  Assert.equal(uri.spec, "https://c.html/");
+
+  uri = ios.newURI("./https:d.html", null, base);
+  Assert.equal(uri.spec, "http://localhost/bug379034/https:d.html");
+}
diff --git a/netwerk/test/unit/test_bug380994.js b/netwerk/test/unit/test_bug380994.js
new file mode 100644
index 0000000000..c46d9b29ed
--- /dev/null
+++ b/netwerk/test/unit/test_bug380994.js
@@ -0,0 +1,24 @@
+/* check resource: protocol for traversal problems */
+
+"use strict";
+
+const specs = [
+  "resource:///chrome/../plugins",
+  "resource:///chrome%2f../plugins",
+  "resource:///chrome/..%2fplugins",
+  "resource:///chrome%2f%2e%2e%2fplugins",
+  "resource:///../../../..",
+  "resource:///..%2f..%2f..%2f..",
+  "resource:///%2e%2e",
+];
+
+function run_test() {
+  for (var spec of specs) {
+    var uri = Services.io.newURI(spec);
+    if (uri.spec.includes("..")) {
+      do_throw(
+        "resource: traversal remains: '" + spec + "' ==> '" + uri.spec + "'"
+      );
+    }
+  }
+}
diff --git a/netwerk/test/unit/test_bug388281.js b/netwerk/test/unit/test_bug388281.js
new file mode 100644
index 0000000000..5ded2ad2b5
--- /dev/null
+++ b/netwerk/test/unit/test_bug388281.js
@@ -0,0 +1,25 @@
+"use strict";
+
+function run_test() {
+  const ios = Services.io;
+
+  var uri = ios.newURI("http://foo.com/file.txt");
+  uri = uri.mutate().setPort(90).finalize();
+  Assert.equal(uri.hostPort, "foo.com:90");
+
+  uri = ios.newURI("http://foo.com:10/file.txt");
+  uri = uri.mutate().setPort(500).finalize();
+  Assert.equal(uri.hostPort, "foo.com:500");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  uri = uri.mutate().setPort(20).finalize();
+  Assert.equal(uri.hostPort, "foo.com:20");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  uri = uri.mutate().setPort(-1).finalize();
+  Assert.equal(uri.hostPort, "foo.com");
+
+  uri = ios.newURI("http://foo.com:5000/file.txt");
+  uri = uri.mutate().setPort(80).finalize();
+  Assert.equal(uri.hostPort, "foo.com");
+}
diff --git a/netwerk/test/unit/test_bug396389.js b/netwerk/test/unit/test_bug396389.js
new file mode 100644
index 0000000000..cb71f549a6
--- /dev/null
+++ b/netwerk/test/unit/test_bug396389.js
@@ -0,0 +1,63 @@
+"use strict";
+
+function round_trip(uri) {
+  var objectOutStream = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+    Ci.nsIObjectOutputStream
+  );
+  var pipe = Cc["@mozilla.org/pipe;1"].createInstance(Ci.nsIPipe);
+  pipe.init(false, false, 0, 0xffffffff, null);
+  objectOutStream.setOutputStream(pipe.outputStream);
+  objectOutStream.writeCompoundObject(uri, Ci.nsISupports, true);
+  objectOutStream.close();
+
+  var objectInStream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+    Ci.nsIObjectInputStream
+  );
+  objectInStream.setInputStream(pipe.inputStream);
+  return objectInStream.readObject(true).QueryInterface(Ci.nsIURI);
+}
+
+var prefData = [
+  {
+    name: "network.IDN_show_punycode",
+    newVal: false,
+  },
+];
+
+function run_test() {
+  var uri1 = Services.io.newURI("file:///");
+  Assert.ok(uri1 instanceof Ci.nsIFileURL);
+
+  var uri2 = uri1.mutate().finalize();
+  Assert.ok(uri2 instanceof Ci.nsIFileURL);
+  Assert.ok(uri1.equals(uri2));
+
+  var uri3 = round_trip(uri1);
+  Assert.ok(uri3 instanceof Ci.nsIFileURL);
+  Assert.ok(uri1.equals(uri3));
+
+  // Make sure our prefs are set such that this test actually means something
+  var prefs = Services.prefs;
+  for (let pref of prefData) {
+    prefs.setBoolPref(pref.name, pref.newVal);
+  }
+
+  try {
+    // URI stolen from
+    // http://lists.w3.org/Archives/Public/public-iri/2004Mar/0012.html
+    var uri4 = Services.io.newURI("http://xn--jos-dma.example.net.ch/");
+    Assert.equal(uri4.asciiHost, "xn--jos-dma.example.net.ch");
+    Assert.equal(uri4.displayHost, "jos\u00e9.example.net.ch");
+
+    var uri5 = round_trip(uri4);
+    Assert.ok(uri4.equals(uri5));
+    Assert.equal(uri4.displayHost, uri5.displayHost);
+    Assert.equal(uri4.asciiHost, uri5.asciiHost);
+  } finally {
+    for (let pref of prefData) {
+      if (prefs.prefHasUserValue(pref.name)) {
+        prefs.clearUserPref(pref.name);
+      }
+    }
+  }
+}
diff --git a/netwerk/test/unit/test_bug401564.js b/netwerk/test/unit/test_bug401564.js
new file mode 100644
index 0000000000..7cc52f3965
--- /dev/null
+++ b/netwerk/test/unit/test_bug401564.js
@@ -0,0 +1,42 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = null;
+const noRedirectURI = "/content";
+const acceptType = "application/json";
+
+function redirectHandler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Moved Temporarily");
+  response.setHeader("Location", noRedirectURI, false);
+}
+
+function contentHandler(metadata, response) {
+  Assert.equal(metadata.getHeader("Accept"), acceptType);
+  httpserver.stop(do_test_finished);
+}
+
+function dummyHandler(request, buffer) {}
+
+function run_test() {
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/redirect", redirectHandler);
+  httpserver.registerPathHandler("/content", contentHandler);
+  httpserver.start(-1);
+
+  Services.prefs.setBoolPref("network.http.prompt-temp-redirect", false);
+
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + "/redirect",
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.setRequestHeader("Accept", acceptType, false);
+
+  chan.asyncOpen(new ChannelListener(dummyHandler, null));
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug411952.js b/netwerk/test/unit/test_bug411952.js
new file mode 100644
index 0000000000..4584957188
--- /dev/null
+++ b/netwerk/test/unit/test_bug411952.js
@@ -0,0 +1,53 @@
+"use strict";
+
+function run_test() {
+  try {
+    var cm = Services.cookies;
+    Assert.notEqual(cm, null, "Retrieving the cookie manager failed");
+
+    const time = new Date("Jan 1, 2030").getTime() / 1000;
+    cm.add(
+      "example.com",
+      "/",
+      "C",
+      "V",
+      false,
+      true,
+      false,
+      time,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+    const now = Math.floor(new Date().getTime() / 1000);
+
+    var found = false;
+    for (let cookie of cm.cookies) {
+      if (
+        cookie.host == "example.com" &&
+        cookie.path == "/" &&
+        cookie.name == "C"
+      ) {
+        Assert.ok(
+          "creationTime" in cookie,
+          "creationTime attribute is not accessible on the cookie"
+        );
+        var creationTime = Math.floor(cookie.creationTime / 1000000);
+        // allow the times to slip by one second at most,
+        // which should be fine under normal circumstances.
+        Assert.ok(
+          Math.abs(creationTime - now) <= 1,
+          "Cookie's creationTime is set incorrectly"
+        );
+        found = true;
+        break;
+      }
+    }
+
+    Assert.ok(found, "Didn't find the cookie we were after");
+  } catch (e) {
+    do_throw("Unexpected exception: " + e.toString());
+  }
+
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_bug412457.js b/netwerk/test/unit/test_bug412457.js
new file mode 100644
index 0000000000..30fd2ed3fc
--- /dev/null
+++ b/netwerk/test/unit/test_bug412457.js
@@ -0,0 +1,79 @@
+"use strict";
+
+function run_test() {
+  // check if hostname is unescaped before applying IDNA
+  var newURI = Services.io.newURI("http://\u5341%2ecom/");
+  Assert.equal(newURI.asciiHost, "xn--kkr.com");
+
+  // escaped UTF8
+  newURI = newURI.mutate().setSpec("http://%e5%8d%81.com").finalize();
+  Assert.equal(newURI.asciiHost, "xn--kkr.com");
+
+  // There should be only allowed characters in hostname after
+  // unescaping and attempting to apply IDNA. "\x80" is illegal in
+  // UTF-8, so IDNA fails, and 0x80 is illegal in DNS too.
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://%80.com").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "illegal UTF character"
+  );
+
+  // test parsing URL with all possible host terminators
+  newURI = newURI.mutate().setSpec("http://example.com?foo").finalize();
+  Assert.equal(newURI.asciiHost, "example.com");
+
+  newURI = newURI.mutate().setSpec("http://example.com#foo").finalize();
+  Assert.equal(newURI.asciiHost, "example.com");
+
+  newURI = newURI.mutate().setSpec("http://example.com:80").finalize();
+  Assert.equal(newURI.asciiHost, "example.com");
+
+  newURI = newURI.mutate().setSpec("http://example.com/foo").finalize();
+  Assert.equal(newURI.asciiHost, "example.com");
+
+  // Characters that are invalid in the host
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%3ffoo").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%23foo").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%3bfoo").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%3a80").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%2ffoo").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+  Assert.throws(
+    () => {
+      newURI = newURI.mutate().setSpec("http://example.com%00").finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad escaped character"
+  );
+}
diff --git a/netwerk/test/unit/test_bug412945.js b/netwerk/test/unit/test_bug412945.js
new file mode 100644
index 0000000000..78c48bbf22
--- /dev/null
+++ b/netwerk/test/unit/test_bug412945.js
@@ -0,0 +1,44 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserv;
+
+function TestListener() {}
+
+TestListener.prototype.onStartRequest = function (request) {};
+
+TestListener.prototype.onStopRequest = function (request, status) {
+  httpserv.stop(do_test_finished);
+};
+
+function run_test() {
+  httpserv = new HttpServer();
+
+  httpserv.registerPathHandler("/bug412945", bug412945);
+
+  httpserv.start(-1);
+
+  // make request
+  var channel = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserv.identity.primaryPort + "/bug412945",
+    loadUsingSystemPrincipal: true,
+  });
+
+  channel.QueryInterface(Ci.nsIHttpChannel);
+  channel.requestMethod = "POST";
+  channel.asyncOpen(new TestListener(), null);
+
+  do_test_pending();
+}
+
+function bug412945(metadata, response) {
+  if (
+    !metadata.hasHeader("Content-Length") ||
+    metadata.getHeader("Content-Length") != "0"
+  ) {
+    do_throw("Content-Length header not found!");
+  }
+}
diff --git a/netwerk/test/unit/test_bug414122.js b/netwerk/test/unit/test_bug414122.js
new file mode 100644
index 0000000000..66c2bdf4bd
--- /dev/null
+++ b/netwerk/test/unit/test_bug414122.js
@@ -0,0 +1,59 @@
+"use strict";
+
+const PR_RDONLY = 0x1;
+
+var idn = Cc["@mozilla.org/network/idn-service;1"].getService(Ci.nsIIDNService);
+
+function run_test() {
+  var fis = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fis.init(
+    do_get_file("effective_tld_names.dat"),
+    PR_RDONLY,
+    0o444,
+    Ci.nsIFileInputStream.CLOSE_ON_EOF
+  );
+
+  var lis = Cc["@mozilla.org/intl/converter-input-stream;1"].createInstance(
+    Ci.nsIConverterInputStream
+  );
+  lis.init(fis, "UTF-8", 1024, 0);
+  lis.QueryInterface(Ci.nsIUnicharLineInputStream);
+
+  var out = { value: "" };
+  do {
+    var more = lis.readLine(out);
+    var line = out.value;
+
+    line = line.replace(/^\s+/, "");
+    var firstTwo = line.substring(0, 2); // a misnomer, but whatever
+    if (firstTwo == "" || firstTwo == "//") {
+      continue;
+    }
+
+    var space = line.search(/[ \t]/);
+    line = line.substring(0, space == -1 ? line.length : space);
+
+    if ("*." == firstTwo) {
+      let rest = line.substring(2);
+      checkPublicSuffix(
+        "foo.SUPER-SPECIAL-AWESOME-PREFIX." + rest,
+        "SUPER-SPECIAL-AWESOME-PREFIX." + rest
+      );
+    } else if ("!" == line.charAt(0)) {
+      checkPublicSuffix(
+        line.substring(1),
+        line.substring(line.indexOf(".") + 1)
+      );
+    } else {
+      checkPublicSuffix("SUPER-SPECIAL-AWESOME-PREFIX." + line, line);
+    }
+  } while (more);
+}
+
+function checkPublicSuffix(host, expectedSuffix) {
+  expectedSuffix = idn.convertUTF8toACE(expectedSuffix).toLowerCase();
+  var actualSuffix = Services.eTLD.getPublicSuffixFromHost(host);
+  Assert.equal(actualSuffix, expectedSuffix);
+}
diff --git a/netwerk/test/unit/test_bug427957.js b/netwerk/test/unit/test_bug427957.js
new file mode 100644
index 0000000000..33a2444c9d
--- /dev/null
+++ b/netwerk/test/unit/test_bug427957.js
@@ -0,0 +1,100 @@
+/**
+ * Test for Bidi restrictions on IDNs from RFC 3454
+ */
+
+"use strict";
+
+var idnService;
+
+function expected_pass(inputIDN) {
+  var isASCII = {};
+  var displayIDN = idnService.convertToDisplayIDN(inputIDN, isASCII);
+  Assert.equal(displayIDN, inputIDN);
+}
+
+function expected_fail(inputIDN) {
+  var isASCII = {};
+  var displayIDN = "";
+
+  try {
+    displayIDN = idnService.convertToDisplayIDN(inputIDN, isASCII);
+  } catch (e) {}
+
+  Assert.notEqual(displayIDN, inputIDN);
+}
+
+function run_test() {
+  idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+  /*
+   * In any profile that specifies bidirectional character handling, all
+   * three of the following requirements MUST be met:
+   *
+   * 1) The characters in section 5.8 MUST be prohibited.
+   */
+
+  // 0340; COMBINING GRAVE TONE MARK
+  expected_fail("foo\u0340bar.com");
+  // 0341; COMBINING ACUTE TONE MARK
+  expected_fail("foo\u0341bar.com");
+  // 200E; LEFT-TO-RIGHT MARK
+  expected_fail("foo\u200ebar.com");
+  // 200F; RIGHT-TO-LEFT MARK
+  //  Note: this is an RTL IDN so that it doesn't fail test 2) below
+  expected_fail(
+    "\u200f\u0645\u062B\u0627\u0644.\u0622\u0632\u0645\u0627\u06CC\u0634\u06CC"
+  );
+  // 202A; LEFT-TO-RIGHT EMBEDDING
+  expected_fail("foo\u202abar.com");
+  // 202B; RIGHT-TO-LEFT EMBEDDING
+  expected_fail("foo\u202bbar.com");
+  // 202C; POP DIRECTIONAL FORMATTING
+  expected_fail("foo\u202cbar.com");
+  // 202D; LEFT-TO-RIGHT OVERRIDE
+  expected_fail("foo\u202dbar.com");
+  // 202E; RIGHT-TO-LEFT OVERRIDE
+  expected_fail("foo\u202ebar.com");
+  // 206A; INHIBIT SYMMETRIC SWAPPING
+  expected_fail("foo\u206abar.com");
+  // 206B; ACTIVATE SYMMETRIC SWAPPING
+  expected_fail("foo\u206bbar.com");
+  // 206C; INHIBIT ARABIC FORM SHAPING
+  expected_fail("foo\u206cbar.com");
+  // 206D; ACTIVATE ARABIC FORM SHAPING
+  expected_fail("foo\u206dbar.com");
+  // 206E; NATIONAL DIGIT SHAPES
+  expected_fail("foo\u206ebar.com");
+  // 206F; NOMINAL DIGIT SHAPES
+  expected_fail("foo\u206fbar.com");
+
+  /*
+   * 2) If a string contains any RandALCat character, the string MUST NOT
+   *    contain any LCat character.
+   */
+
+  // www.מיץpetel.com is invalid
+  expected_fail("www.\u05DE\u05D9\u05E5petel.com");
+  // But www.מיץפטל.com is fine because the ltr and rtl characters are in
+  // different labels
+  expected_pass("www.\u05DE\u05D9\u05E5\u05E4\u05D8\u05DC.com");
+
+  /*
+   * 3) If a string contains any RandALCat character, a RandALCat
+   *    character MUST be the first character of the string, and a
+   *    RandALCat character MUST be the last character of the string.
+   */
+
+  // www.1מיץ.com is invalid
+  expected_fail("www.1\u05DE\u05D9\u05E5.com");
+  // www.!מיץ.com is invalid
+  expected_fail("www.!\u05DE\u05D9\u05E5.com");
+  // www.מיץ!.com is invalid
+  expected_fail("www.\u05DE\u05D9\u05E5!.com");
+
+  // XXX TODO: add a test for an RTL label ending with a digit. This was
+  //           invalid in IDNA2003 but became valid in IDNA2008
+
+  // But www.מיץ1פטל.com is fine
+  expected_pass("www.\u05DE\u05D9\u05E51\u05E4\u05D8\u05DC.com");
+}
diff --git a/netwerk/test/unit/test_bug429347.js b/netwerk/test/unit/test_bug429347.js
new file mode 100644
index 0000000000..ad6c508eb6
--- /dev/null
+++ b/netwerk/test/unit/test_bug429347.js
@@ -0,0 +1,39 @@
+"use strict";
+
+function run_test() {
+  var ios = Services.io;
+
+  var uri1 = ios.newURI("http://example.com#bar");
+  var uri2 = ios.newURI("http://example.com/#bar");
+  Assert.ok(uri1.equals(uri2));
+
+  uri1 = uri1.mutate().setSpec("http://example.com?bar").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/?bar").finalize();
+  Assert.ok(uri1.equals(uri2));
+
+  // see https://bugzilla.mozilla.org/show_bug.cgi?id=665706
+  // ";" is not parsed as special anymore and thus ends up
+  // in the authority component (see RFC 3986)
+  uri1 = uri1.mutate().setSpec("http://example.com;bar").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/;bar").finalize();
+  Assert.ok(!uri1.equals(uri2));
+
+  uri1 = uri1.mutate().setSpec("http://example.com#").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/#").finalize();
+  Assert.ok(uri1.equals(uri2));
+
+  uri1 = uri1.mutate().setSpec("http://example.com?").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/?").finalize();
+  Assert.ok(uri1.equals(uri2));
+
+  // see https://bugzilla.mozilla.org/show_bug.cgi?id=665706
+  // ";" is not parsed as special anymore and thus ends up
+  // in the authority component (see RFC 3986)
+  uri1 = uri1.mutate().setSpec("http://example.com;").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/;").finalize();
+  Assert.ok(!uri1.equals(uri2));
+
+  uri1 = uri1.mutate().setSpec("http://example.com").finalize();
+  uri2 = uri2.mutate().setSpec("http://example.com/").finalize();
+  Assert.ok(uri1.equals(uri2));
+}
diff --git a/netwerk/test/unit/test_bug455311.js b/netwerk/test/unit/test_bug455311.js
new file mode 100644
index 0000000000..36e000a174
--- /dev/null
+++ b/netwerk/test/unit/test_bug455311.js
@@ -0,0 +1,128 @@
+"use strict";
+
+function getUrlLinkFile() {
+  if (mozinfo.os == "win") {
+    return do_get_file("test_link.url");
+  }
+  if (mozinfo.os == "linux") {
+    return do_get_file("test_link.desktop");
+  }
+  do_throw("Unexpected platform");
+  return null;
+}
+
+const ios = Services.io;
+
+function NotificationCallbacks(origURI, newURI) {
+  this._origURI = origURI;
+  this._newURI = newURI;
+}
+NotificationCallbacks.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIInterfaceRequestor",
+    "nsIChannelEventSink",
+  ]),
+  getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+  asyncOnChannelRedirect(oldChan, newChan, flags, callback) {
+    Assert.equal(oldChan.URI.spec, this._origURI.spec);
+    Assert.equal(oldChan.URI, this._origURI);
+    Assert.equal(oldChan.originalURI.spec, this._origURI.spec);
+    Assert.equal(oldChan.originalURI, this._origURI);
+    Assert.equal(newChan.originalURI.spec, this._newURI.spec);
+    Assert.equal(newChan.originalURI, newChan.URI);
+    Assert.equal(newChan.URI.spec, this._newURI.spec);
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+};
+
+function RequestObserver(origURI, newURI, nextTest) {
+  this._origURI = origURI;
+  this._newURI = newURI;
+  this._nextTest = nextTest;
+}
+RequestObserver.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIRequestObserver",
+    "nsIStreamListener",
+  ]),
+  onStartRequest(req) {
+    var chan = req.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.URI.spec, this._origURI.spec);
+    Assert.equal(chan.URI, this._origURI);
+    Assert.equal(chan.originalURI.spec, this._origURI.spec);
+    Assert.equal(chan.originalURI, this._origURI);
+  },
+  onDataAvailable(req, stream, offset, count) {
+    do_throw("Unexpected call to onDataAvailable");
+  },
+  onStopRequest(req, status) {
+    var chan = req.QueryInterface(Ci.nsIChannel);
+    try {
+      Assert.equal(chan.URI.spec, this._origURI.spec);
+      Assert.equal(chan.URI, this._origURI);
+      Assert.equal(chan.originalURI.spec, this._origURI.spec);
+      Assert.equal(chan.originalURI, this._origURI);
+      Assert.equal(status, Cr.NS_ERROR_ABORT);
+      Assert.ok(!chan.isPending());
+    } catch (e) {}
+    this._nextTest();
+  },
+};
+
+function test_cancel(linkURI, newURI) {
+  var chan = NetUtil.newChannel({
+    uri: linkURI,
+    loadUsingSystemPrincipal: true,
+  });
+  Assert.equal(chan.URI, linkURI);
+  Assert.equal(chan.originalURI, linkURI);
+  chan.asyncOpen(new RequestObserver(linkURI, newURI, do_test_finished));
+  Assert.ok(chan.isPending());
+  chan.cancel(Cr.NS_ERROR_ABORT);
+  Assert.ok(chan.isPending());
+}
+
+function test_channel(linkURI, newURI) {
+  const chan = NetUtil.newChannel({
+    uri: linkURI,
+    loadUsingSystemPrincipal: true,
+  });
+  Assert.equal(chan.URI, linkURI);
+  Assert.equal(chan.originalURI, linkURI);
+  chan.notificationCallbacks = new NotificationCallbacks(linkURI, newURI);
+  chan.asyncOpen(
+    new RequestObserver(linkURI, newURI, () => test_cancel(linkURI, newURI))
+  );
+  Assert.ok(chan.isPending());
+}
+
+function run_test() {
+  if (mozinfo.os != "win" && mozinfo.os != "linux") {
+    return;
+  }
+
+  let link = getUrlLinkFile();
+  let linkURI;
+  if (link.isSymlink()) {
+    let file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsIFile);
+    file.initWithPath(link.target);
+    linkURI = ios.newFileURI(file);
+  } else {
+    linkURI = ios.newFileURI(link);
+  }
+
+  do_test_pending();
+  test_channel(linkURI, ios.newURI("http://www.mozilla.org/"));
+
+  if (mozinfo.os != "win") {
+    return;
+  }
+
+  link = do_get_file("test_link.lnk");
+  test_channel(
+    ios.newFileURI(link),
+    ios.newURI("file:///Z:/moz-nonexistent/index.html")
+  );
+}
diff --git a/netwerk/test/unit/test_bug464591.js b/netwerk/test/unit/test_bug464591.js
new file mode 100644
index 0000000000..bc2f481a0e
--- /dev/null
+++ b/netwerk/test/unit/test_bug464591.js
@@ -0,0 +1,94 @@
+// 1.percent-encoded IDN that contains blacklisted character should be converted
+//   to punycode, not UTF-8 string
+// 2.only hostname-valid percent encoded ASCII characters should be decoded
+// 3.IDN convertion must not bypassed by %00
+
+"use strict";
+
+let reference = [
+  [
+    "www.example.com%e2%88%95www.mozill%d0%b0.com%e2%81%84www.mozilla.org",
+    "www.example.xn--comwww-re3c.xn--mozill-8nf.xn--comwww-rq0c.mozilla.org",
+  ],
+];
+
+let badURIs = [
+  ["www.mozill%61%2f.org"], // a slash is not valid in the hostname
+  ["www.e%00xample.com%e2%88%95www.mozill%d0%b0.com%e2%81%84www.mozill%61.org"],
+];
+
+let prefData = [
+  {
+    name: "network.enableIDN",
+    newVal: true,
+  },
+  {
+    name: "network.IDN_show_punycode",
+    newVal: false,
+  },
+];
+
+let prefIdnBlackList = {
+  name: "network.IDN.extra_blocked_chars",
+  minimumList: "\u2215\u0430\u2044",
+};
+
+function stringToURL(str) {
+  return Cc["@mozilla.org/network/standard-url-mutator;1"]
+    .createInstance(Ci.nsIStandardURLMutator)
+    .init(Ci.nsIStandardURL.URLTYPE_AUTHORITY, 80, str, "UTF-8", null)
+    .finalize()
+    .QueryInterface(Ci.nsIURL);
+}
+
+function run_test() {
+  // Make sure our prefs are set such that this test actually means something
+  let prefs = Services.prefs;
+  for (let pref of prefData) {
+    prefs.setBoolPref(pref.name, pref.newVal);
+  }
+
+  prefIdnBlackList.set = false;
+  try {
+    prefIdnBlackList.oldVal = prefs.getComplexValue(
+      prefIdnBlackList.name,
+      Ci.nsIPrefLocalizedString
+    ).data;
+    prefs.getComplexValue(
+      prefIdnBlackList.name,
+      Ci.nsIPrefLocalizedString
+    ).data = prefIdnBlackList.minimumList;
+    prefIdnBlackList.set = true;
+  } catch (e) {}
+
+  registerCleanupFunction(function () {
+    for (let pref of prefData) {
+      prefs.clearUserPref(pref.name);
+    }
+    if (prefIdnBlackList.set) {
+      prefs.getComplexValue(
+        prefIdnBlackList.name,
+        Ci.nsIPrefLocalizedString
+      ).data = prefIdnBlackList.oldVal;
+    }
+  });
+
+  for (let i = 0; i < reference.length; ++i) {
+    try {
+      let result = stringToURL("http://" + reference[i][0]).host;
+      equal(result, reference[i][1]);
+    } catch (e) {
+      ok(false, "Error testing " + reference[i][0]);
+    }
+  }
+
+  for (let i = 0; i < badURIs.length; ++i) {
+    Assert.throws(
+      () => {
+        stringToURL("http://" + badURIs[i][0]).host;
+      },
+      /NS_ERROR_MALFORMED_URI/,
+      "bad escaped character"
+    );
+  }
+}
diff --git a/netwerk/test/unit/test_bug468426.js b/netwerk/test/unit/test_bug468426.js
new file mode 100644
index 0000000000..def7041ad8
--- /dev/null
+++ b/netwerk/test/unit/test_bug468426.js
@@ -0,0 +1,131 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  // Initial request. Cached variant will have no cookie
+  { url: "/bug468426", server: "0", expected: "0", cookie: null },
+
+  // Cache now contains a variant with no value for cookie. If we don't
+  // set cookie we expect to receive the cached variant
+  { url: "/bug468426", server: "1", expected: "0", cookie: null },
+
+  // Cache still contains a variant with no value for cookie. If we
+  // set a value for cookie we expect a fresh value
+  { url: "/bug468426", server: "2", expected: "2", cookie: "c=2" },
+
+  // Cache now contains a variant with cookie "c=2". If the request
+  // also set cookie "c=2", we expect to receive the cached variant.
+  { url: "/bug468426", server: "3", expected: "2", cookie: "c=2" },
+
+  // Cache still contains a variant with cookie "c=2". When setting
+  // cookie "c=4" in the request we expect a fresh value
+  { url: "/bug468426", server: "4", expected: "4", cookie: "c=4" },
+
+  // Cache now contains a variant with cookie "c=4". When setting
+  // cookie "c=4" in the request we expect the cached variant
+  { url: "/bug468426", server: "5", expected: "4", cookie: "c=4" },
+
+  // Cache still contains a variant with cookie "c=4". When setting
+  // no cookie in the request we expect a fresh value
+  { url: "/bug468426", server: "6", expected: "6", cookie: null },
+];
+
+function setupChannel(suffix, value, cookie) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET";
+  httpChan.setRequestHeader("x-request", value, false);
+  if (cookie != null) {
+    httpChan.setRequestHeader("Cookie", cookie, false);
+  }
+  return httpChan;
+}
+
+function triggerNextTest() {
+  var channel = setupChannel(
+    tests[index].url,
+    tests[index].server,
+    tests[index].cookie
+  );
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  Assert.equal(tests[index].expected, data);
+
+  if (index < tests.length - 1) {
+    index++;
+    // This call happens in onStopRequest from the channel. Opening a new
+    // channel to the same url here is no good idea!  Post it instead...
+    do_timeout(1, triggerNextTest);
+  } else {
+    httpserver.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/bug468426", handler);
+  httpserver.start(-1);
+
+  // Clear cache and trigger the first test
+  evict_cache_entries();
+  triggerNextTest();
+
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  var body = "unset";
+  try {
+    body = metadata.getHeader("x-request");
+  } catch (e) {}
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Last-Modified", getDateString(-1), false);
+  response.setHeader("Vary", "Cookie", false);
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug468594.js b/netwerk/test/unit/test_bug468594.js
new file mode 100644
index 0000000000..abab980f48
--- /dev/null
+++ b/netwerk/test/unit/test_bug468594.js
@@ -0,0 +1,178 @@
+//
+// This script emulates the test called "Freshness"
+// by Mark Nottingham, located at
+//
+// http://mnot.net/javascript/xmlhttprequest/cache.html
+//
+// The issue with Mr. Nottinghams page is that the server
+// always seems to send an Expires-header in the response,
+// breaking the finer details of the test. This script has
+// full control of response-headers, however, and can perform
+// the intended testing plus some extra stuff.
+//
+// Please see RFC 2616 section 13.2.1 6th paragraph for the
+// definition of "explicit expiration time" being used here.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  { url: "/freshness", server: "0", expected: "0" },
+  { url: "/freshness", server: "1", expected: "0" }, // cached
+
+  // RFC 2616 section 13.9 2nd paragraph says not to heuristically cache
+  // querystring, but we allow it to maintain web compat
+  { url: "/freshness?a", server: "2", expected: "2" },
+  { url: "/freshness?a", server: "3", expected: "2" },
+
+  // explicit expiration dates in the future should be cached
+  {
+    url: "/freshness?b",
+    server: "4",
+    expected: "4",
+    responseheader: "Expires: " + getDateString(1),
+  },
+  { url: "/freshness?b", server: "5", expected: "4" }, // cached due to Expires
+
+  {
+    url: "/freshness?c",
+    server: "6",
+    expected: "6",
+    responseheader: "Cache-Control: max-age=3600",
+  },
+  { url: "/freshness?c", server: "7", expected: "6" }, // cached due to max-age
+
+  // explicit expiration dates in the past should NOT be cached
+  {
+    url: "/freshness?d",
+    server: "8",
+    expected: "8",
+    responseheader: "Expires: " + getDateString(-1),
+  },
+  { url: "/freshness?d", server: "9", expected: "9" },
+
+  {
+    url: "/freshness?e",
+    server: "10",
+    expected: "10",
+    responseheader: "Cache-Control: max-age=0",
+  },
+  { url: "/freshness?e", server: "11", expected: "11" },
+
+  { url: "/freshness", server: "99", expected: "0" }, // cached
+];
+
+function logit(i, data) {
+  dump(
+    tests[i].url +
+      "\t requested [" +
+      tests[i].server +
+      "]" +
+      " got [" +
+      data +
+      "] expected [" +
+      tests[i].expected +
+      "]"
+  );
+  if (tests[i].responseheader) {
+    dump("\t[" + tests[i].responseheader + "]");
+  }
+  dump("\n");
+}
+
+function setupChannel(suffix, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET";
+  httpChan.setRequestHeader("x-request", value, false);
+  return httpChan;
+}
+
+function triggerNextTest() {
+  var channel = setupChannel(tests[index].url, tests[index].server);
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  logit(index, data);
+  Assert.equal(tests[index].expected, data);
+
+  if (index < tests.length - 1) {
+    index++;
+    triggerNextTest();
+  } else {
+    httpserver.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/freshness", handler);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+  triggerNextTest();
+
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  var body = metadata.getHeader("x-request");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Date", getDateString(0), false);
+
+  var header = tests[index].responseheader;
+  if (header == null) {
+    response.setHeader("Last-Modified", getDateString(-1), false);
+  } else {
+    var splitHdr = header.split(": ");
+    response.setHeader(splitHdr[0], splitHdr[1], false);
+  }
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug470716.js b/netwerk/test/unit/test_bug470716.js
new file mode 100644
index 0000000000..009e7eee11
--- /dev/null
+++ b/netwerk/test/unit/test_bug470716.js
@@ -0,0 +1,171 @@
+"use strict";
+
+var CC = Components.Constructor;
+
+const StreamCopier = CC(
+  "@mozilla.org/network/async-stream-copier;1",
+  "nsIAsyncStreamCopier",
+  "init"
+);
+
+const ScriptableInputStream = CC(
+  "@mozilla.org/scriptableinputstream;1",
+  "nsIScriptableInputStream",
+  "init"
+);
+
+const Pipe = CC("@mozilla.org/pipe;1", "nsIPipe", "init");
+
+var pipe1;
+var pipe2;
+var copier;
+var test_result;
+var test_content;
+var test_source_closed;
+var test_sink_closed;
+var test_nr;
+
+var copyObserver = {
+  onStartRequest(request) {},
+
+  onStopRequest(request, statusCode) {
+    // check status code
+    Assert.equal(statusCode, test_result);
+
+    // check number of copied bytes
+    Assert.equal(pipe2.inputStream.available(), test_content.length);
+
+    // check content
+    var scinp = new ScriptableInputStream(pipe2.inputStream);
+    var content = scinp.read(scinp.available());
+    Assert.equal(content, test_content);
+
+    // check closed sink
+    try {
+      pipe2.outputStream.write("closedSinkTest", 14);
+      Assert.ok(!test_sink_closed);
+    } catch (ex) {
+      Assert.ok(test_sink_closed);
+    }
+
+    // check closed source
+    try {
+      pipe1.outputStream.write("closedSourceTest", 16);
+      Assert.ok(!test_source_closed);
+    } catch (ex) {
+      Assert.ok(test_source_closed);
+    }
+
+    do_timeout(0, do_test);
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIRequestObserver"]),
+};
+
+function startCopier(closeSource, closeSink) {
+  pipe1 = new Pipe(
+    true /* nonBlockingInput */,
+    true /* nonBlockingOutput */,
+    0 /* segmentSize */,
+    0xffffffff /* segmentCount */,
+    null /* segmentAllocator */
+  );
+
+  pipe2 = new Pipe(
+    true /* nonBlockingInput */,
+    true /* nonBlockingOutput */,
+    0 /* segmentSize */,
+    0xffffffff /* segmentCount */,
+    null /* segmentAllocator */
+  );
+
+  copier = new StreamCopier(
+    pipe1.inputStream /* aSource */,
+    pipe2.outputStream /* aSink */,
+    null /* aTarget */,
+    true /* aSourceBuffered */,
+    true /* aSinkBuffered */,
+    8192 /* aChunkSize */,
+    closeSource /* aCloseSource */,
+    closeSink /* aCloseSink */
+  );
+
+  copier.asyncCopy(copyObserver, null);
+}
+
+function do_test() {
+  test_nr++;
+  test_content = "test" + test_nr;
+
+  switch (test_nr) {
+    case 1:
+    case 2: // close sink
+    case 3: // close source
+    case 4: // close both
+      // test canceling transfer
+      // use some undefined error code to check if it is successfully passed
+      // to the request observer
+      test_result = 0x87654321;
+
+      test_source_closed = (test_nr - 1) >> 1 != 0;
+      test_sink_closed = (test_nr - 1) % 2 != 0;
+
+      startCopier(test_source_closed, test_sink_closed);
+      pipe1.outputStream.write(test_content, test_content.length);
+      pipe1.outputStream.flush();
+      do_timeout(20, function () {
+        copier.cancel(test_result);
+        pipe1.outputStream.write("a", 1);
+      });
+      break;
+    case 5:
+    case 6: // close sink
+    case 7: // close source
+    case 8: // close both
+      // test copying with EOF on source
+      test_result = 0;
+
+      test_source_closed = (test_nr - 5) >> 1 != 0;
+      test_sink_closed = (test_nr - 5) % 2 != 0;
+
+      startCopier(test_source_closed, test_sink_closed);
+      pipe1.outputStream.write(test_content, test_content.length);
+      // we will close the source
+      test_source_closed = true;
+      pipe1.outputStream.close();
+      break;
+    case 9:
+    case 10: // close sink
+    case 11: // close source
+    case 12: // close both
+      // test copying with error on sink
+      // use some undefined error code to check if it is successfully passed
+      // to the request observer
+      test_result = 0x87654321;
+
+      test_source_closed = (test_nr - 9) >> 1 != 0;
+      test_sink_closed = (test_nr - 9) % 2 != 0;
+
+      startCopier(test_source_closed, test_sink_closed);
+      pipe1.outputStream.write(test_content, test_content.length);
+      pipe1.outputStream.flush();
+      // we will close the sink
+      test_sink_closed = true;
+      do_timeout(20, function () {
+        pipe2.outputStream
+          .QueryInterface(Ci.nsIAsyncOutputStream)
+          .closeWithStatus(test_result);
+        pipe1.outputStream.write("a", 1);
+      });
+      break;
+    case 13:
+      do_test_finished();
+      break;
+  }
+}
+
+function run_test() {
+  test_nr = 0;
+  do_timeout(0, do_test);
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug477578.js b/netwerk/test/unit/test_bug477578.js
new file mode 100644
index 0000000000..c21b1281da
--- /dev/null
+++ b/netwerk/test/unit/test_bug477578.js
@@ -0,0 +1,51 @@
+// test that methods are not normalized
+
+"use strict";
+
+const testMethods = [
+  ["GET"],
+  ["get"],
+  ["Get"],
+  ["gET"],
+  ["gEt"],
+  ["post"],
+  ["POST"],
+  ["head"],
+  ["HEAD"],
+  ["put"],
+  ["PUT"],
+  ["delete"],
+  ["DELETE"],
+  ["connect"],
+  ["CONNECT"],
+  ["options"],
+  ["trace"],
+  ["track"],
+  ["copy"],
+  ["index"],
+  ["lock"],
+  ["m-post"],
+  ["mkcol"],
+  ["move"],
+  ["propfind"],
+  ["proppatch"],
+  ["unlock"],
+  ["link"],
+  ["LINK"],
+  ["foo"],
+  ["foO"],
+  ["fOo"],
+  ["Foo"],
+];
+
+function run_test() {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost/",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+
+  for (var i = 0; i < testMethods.length; i++) {
+    chan.requestMethod = testMethods[i];
+    Assert.equal(chan.requestMethod, testMethods[i]);
+  }
+}
diff --git a/netwerk/test/unit/test_bug479413.js b/netwerk/test/unit/test_bug479413.js
new file mode 100644
index 0000000000..c28f3da412
--- /dev/null
+++ b/netwerk/test/unit/test_bug479413.js
@@ -0,0 +1,48 @@
+/**
+ * Test for unassigned code points in IDNs (RFC 3454 section 7)
+ */
+
+"use strict";
+
+var idnService;
+
+function expected_pass(inputIDN) {
+  var isASCII = {};
+  var displayIDN = idnService.convertToDisplayIDN(inputIDN, isASCII);
+  Assert.equal(displayIDN, inputIDN);
+}
+
+function expected_fail(inputIDN) {
+  var isASCII = {};
+  var displayIDN = "";
+
+  try {
+    displayIDN = idnService.convertToDisplayIDN(inputIDN, isASCII);
+  } catch (e) {}
+
+  Assert.notEqual(displayIDN, inputIDN);
+}
+
+function run_test() {
+  idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+
+  // assigned code point
+  expected_pass("foo\u0101bar.com");
+
+  // assigned code point in punycode. Should *fail* because the URL will be
+  // converted to Unicode for display
+  expected_fail("xn--foobar-5za.com");
+
+  // unassigned code point
+  expected_fail("foo\u3040bar.com");
+
+  // unassigned code point in punycode. Should *pass* because the URL will not
+  // be converted to Unicode
+  expected_pass("xn--foobar-533e.com");
+
+  // code point assigned since Unicode 3.0
+  // XXX This test will unexpectedly pass when we update to IDNAbis
+  expected_fail("foo\u0370bar.com");
+}
diff --git a/netwerk/test/unit/test_bug479485.js b/netwerk/test/unit/test_bug479485.js
new file mode 100644
index 0000000000..30e2e0428d
--- /dev/null
+++ b/netwerk/test/unit/test_bug479485.js
@@ -0,0 +1,65 @@
+"use strict";
+
+function run_test() {
+  var ios = Services.io;
+
+  var test_port = function (port, exception_expected) {
+    dump((port || "no port provided") + "\n");
+    var exception_threw = false;
+    try {
+      var newURI = ios.newURI("http://foo.com" + port);
+    } catch (e) {
+      exception_threw = e.result == Cr.NS_ERROR_MALFORMED_URI;
+    }
+    if (exception_threw != exception_expected) {
+      do_throw(
+        "We did" +
+          (exception_expected ? "n't" : "") +
+          " throw NS_ERROR_MALFORMED_URI when creating a new URI with " +
+          port +
+          " as a port"
+      );
+    }
+    Assert.equal(exception_threw, exception_expected);
+
+    exception_threw = false;
+    newURI = ios.newURI("http://foo.com");
+    try {
+      newURI
+        .mutate()
+        .setSpec("http://foo.com" + port)
+        .finalize();
+    } catch (e) {
+      exception_threw = e.result == Cr.NS_ERROR_MALFORMED_URI;
+    }
+    if (exception_threw != exception_expected) {
+      do_throw(
+        "We did" +
+          (exception_expected ? "n't" : "") +
+          " throw NS_ERROR_MALFORMED_URI when setting a spec of a URI with " +
+          port +
+          " as a port"
+      );
+    }
+    Assert.equal(exception_threw, exception_expected);
+  };
+
+  test_port(":invalid", true);
+  test_port(":-2", true);
+  test_port(":-1", true);
+  test_port(":0", false);
+  test_port(
+    ":185891548721348172817857824356013651809236172635716571865023757816234081723451516780356",
+    true
+  );
+
+  // Following 3 tests are all failing, we do not throw, although we parse the whole string and use only 5870 as a portnumber
+  test_port(":5870:80", true);
+  test_port(":5870-80", true);
+  test_port(":5870+80", true);
+
+  // Just a regression check
+  test_port(":5870", false);
+  test_port(":80", false);
+  test_port("", false);
+}
diff --git a/netwerk/test/unit/test_bug482601.js b/netwerk/test/unit/test_bug482601.js
new file mode 100644
index 0000000000..ae4e848dbf
--- /dev/null
+++ b/netwerk/test/unit/test_bug482601.js
@@ -0,0 +1,264 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserv = null;
+var test_nr = 0;
+var observers_called = "";
+var handlers_called = "";
+var buffer = "";
+
+var observer = {
+  QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+
+  observe(subject, topic, data) {
+    if (observers_called.length) {
+      observers_called += ",";
+    }
+
+    observers_called += topic;
+  },
+};
+
+var listener = {
+  onStartRequest(request) {
+    buffer = "";
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    buffer = buffer.concat(read_stream(stream, count));
+  },
+
+  onStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    Assert.equal(buffer, "0123456789");
+    Assert.equal(observers_called, results[test_nr]);
+    test_nr++;
+    do_timeout(0, do_test);
+  },
+};
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/bug482601/nocache", bug482601_nocache);
+  httpserv.registerPathHandler("/bug482601/partial", bug482601_partial);
+  httpserv.registerPathHandler("/bug482601/cached", bug482601_cached);
+  httpserv.registerPathHandler(
+    "/bug482601/only_from_cache",
+    bug482601_only_from_cache
+  );
+  httpserv.start(-1);
+
+  var obs = Cc["@mozilla.org/observer-service;1"].getService();
+  obs = obs.QueryInterface(Ci.nsIObserverService);
+  obs.addObserver(observer, "http-on-examine-response");
+  obs.addObserver(observer, "http-on-examine-merged-response");
+  obs.addObserver(observer, "http-on-examine-cached-response");
+
+  do_timeout(0, do_test);
+  do_test_pending();
+}
+
+function do_test() {
+  if (test_nr < tests.length) {
+    tests[test_nr]();
+  } else {
+    Assert.equal(handlers_called, "nocache,partial,cached");
+    httpserv.stop(do_test_finished);
+  }
+}
+
+var tests = [test_nocache, test_partial, test_cached, test_only_from_cache];
+
+var results = [
+  "http-on-examine-response",
+  "http-on-examine-response,http-on-examine-merged-response",
+  "http-on-examine-response,http-on-examine-merged-response",
+  "http-on-examine-cached-response",
+];
+
+function makeChan(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function storeCache(aCacheEntry, aResponseHeads, aContent) {
+  aCacheEntry.setMetaDataElement("request-method", "GET");
+  aCacheEntry.setMetaDataElement("response-head", aResponseHeads);
+  aCacheEntry.setMetaDataElement("charset", "ISO-8859-1");
+
+  var oStream = aCacheEntry.openOutputStream(0, aContent.length);
+  var written = oStream.write(aContent, aContent.length);
+  if (written != aContent.length) {
+    do_throw(
+      "oStream.write has not written all data!\n" +
+        "  Expected: " +
+        written +
+        "\n" +
+        "  Actual: " +
+        aContent.length +
+        "\n"
+    );
+  }
+  oStream.close();
+  aCacheEntry.close();
+}
+
+function test_nocache() {
+  observers_called = "";
+
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/bug482601/nocache"
+  );
+  chan.asyncOpen(listener);
+}
+
+function test_partial() {
+  asyncOpenCacheEntry(
+    "http://localhost:" + httpserv.identity.primaryPort + "/bug482601/partial",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    test_partial2
+  );
+}
+
+function test_partial2(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  storeCache(
+    entry,
+    "HTTP/1.1 200 OK\r\n" +
+      "Date: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Server: httpd.js\r\n" +
+      "Last-Modified: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Accept-Ranges: bytes\r\n" +
+      "Content-Length: 10\r\n" +
+      "Content-Type: text/plain\r\n",
+    "0123"
+  );
+
+  observers_called = "";
+
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/bug482601/partial"
+  );
+  chan.asyncOpen(listener);
+}
+
+function test_cached() {
+  asyncOpenCacheEntry(
+    "http://localhost:" + httpserv.identity.primaryPort + "/bug482601/cached",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    test_cached2
+  );
+}
+
+function test_cached2(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  storeCache(
+    entry,
+    "HTTP/1.1 200 OK\r\n" +
+      "Date: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Server: httpd.js\r\n" +
+      "Last-Modified: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Accept-Ranges: bytes\r\n" +
+      "Content-Length: 10\r\n" +
+      "Content-Type: text/plain\r\n",
+    "0123456789"
+  );
+
+  observers_called = "";
+
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/bug482601/cached"
+  );
+  chan.loadFlags = Ci.nsIRequest.VALIDATE_ALWAYS;
+  chan.asyncOpen(listener);
+}
+
+function test_only_from_cache() {
+  asyncOpenCacheEntry(
+    "http://localhost:" +
+      httpserv.identity.primaryPort +
+      "/bug482601/only_from_cache",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    test_only_from_cache2
+  );
+}
+
+function test_only_from_cache2(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  storeCache(
+    entry,
+    "HTTP/1.1 200 OK\r\n" +
+      "Date: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Server: httpd.js\r\n" +
+      "Last-Modified: Thu, 1 Jan 2009 00:00:00 GMT\r\n" +
+      "Accept-Ranges: bytes\r\n" +
+      "Content-Length: 10\r\n" +
+      "Content-Type: text/plain\r\n",
+    "0123456789"
+  );
+
+  observers_called = "";
+
+  var chan = makeChan(
+    "http://localhost:" +
+      httpserv.identity.primaryPort +
+      "/bug482601/only_from_cache"
+  );
+  chan.loadFlags = Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE;
+  chan.asyncOpen(listener);
+}
+
+// PATHS
+
+// /bug482601/nocache
+function bug482601_nocache(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  var body = "0123456789";
+  response.bodyOutputStream.write(body, body.length);
+  handlers_called += "nocache";
+}
+
+// /bug482601/partial
+function bug482601_partial(metadata, response) {
+  Assert.ok(metadata.hasHeader("If-Range"));
+  Assert.equal(metadata.getHeader("If-Range"), "Thu, 1 Jan 2009 00:00:00 GMT");
+  Assert.ok(metadata.hasHeader("Range"));
+  Assert.equal(metadata.getHeader("Range"), "bytes=4-");
+
+  response.setStatusLine(metadata.httpVersion, 206, "Partial Content");
+  response.setHeader("Content-Range", "bytes 4-9/10", false);
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Last-Modified", "Thu, 1 Jan 2009 00:00:00 GMT");
+
+  var body = "456789";
+  response.bodyOutputStream.write(body, body.length);
+  handlers_called += ",partial";
+}
+
+// /bug482601/cached
+function bug482601_cached(metadata, response) {
+  Assert.ok(metadata.hasHeader("If-Modified-Since"));
+  Assert.equal(
+    metadata.getHeader("If-Modified-Since"),
+    "Thu, 1 Jan 2009 00:00:00 GMT"
+  );
+
+  response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+  handlers_called += ",cached";
+}
+
+// /bug482601/only_from_cache
+function bug482601_only_from_cache(metadata, response) {
+  do_throw("This should not be reached");
+}
diff --git a/netwerk/test/unit/test_bug482934.js b/netwerk/test/unit/test_bug482934.js
new file mode 100644
index 0000000000..ee2579b1bb
--- /dev/null
+++ b/netwerk/test/unit/test_bug482934.js
@@ -0,0 +1,190 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var response_code;
+var response_body;
+
+var request_time;
+var response_time;
+
+var cache_storage;
+
+var httpserver = new HttpServer();
+httpserver.start(-1);
+
+var base_url = "http://localhost:" + httpserver.identity.primaryPort;
+var resource = "/resource";
+var resource_url = base_url + resource;
+
+// Test flags
+var hit_server = false;
+
+function make_channel(aUrl) {
+  // Reset test global status
+  hit_server = false;
+
+  var req = NetUtil.newChannel({ uri: aUrl, loadUsingSystemPrincipal: true });
+  req.QueryInterface(Ci.nsIHttpChannel);
+  req.setRequestHeader("If-Modified-Since", request_time, false);
+  return req;
+}
+
+function make_uri(aUrl) {
+  return Services.io.newURI(aUrl);
+}
+
+function resource_handler(aMetadata, aResponse) {
+  hit_server = true;
+  Assert.ok(aMetadata.hasHeader("If-Modified-Since"));
+  Assert.equal(aMetadata.getHeader("If-Modified-Since"), request_time);
+
+  if (response_code == "200") {
+    aResponse.setStatusLine(aMetadata.httpVersion, 200, "OK");
+    aResponse.setHeader("Content-Type", "text/plain", false);
+    aResponse.setHeader("Last-Modified", response_time, false);
+
+    aResponse.bodyOutputStream.write(response_body, response_body.length);
+  } else if (response_code == "304") {
+    aResponse.setStatusLine(aMetadata.httpVersion, 304, "Not Modified");
+    aResponse.setHeader("Returned-From-Handler", "1");
+  }
+}
+
+function check_cached_data(aCachedData, aCallback) {
+  asyncOpenCacheEntry(
+    resource_url,
+    "disk",
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    function (aStatus, aEntry) {
+      Assert.equal(aStatus, Cr.NS_OK);
+      pumpReadStream(aEntry.openInputStream(0), function (aData) {
+        Assert.equal(aData, aCachedData);
+        aCallback();
+      });
+    }
+  );
+}
+
+function run_test() {
+  do_get_profile();
+  evict_cache_entries();
+
+  do_test_pending();
+
+  cache_storage = getCacheStorage("disk");
+  httpserver.registerPathHandler(resource, resource_handler);
+
+  wait_for_cache_index(run_next_test);
+}
+
+// 1. send custom conditional request when we don't have an entry
+//    server returns 304 -> client receives 304
+add_test(() => {
+  response_code = "304";
+  response_body = "";
+  request_time = "Thu, 1 Jan 2009 00:00:00 GMT";
+  response_time = "Thu, 1 Jan 2009 00:00:00 GMT";
+
+  var ch = make_channel(resource_url);
+  ch.asyncOpen(
+    new ChannelListener(function (aRequest, aData) {
+      syncWithCacheIOThread(() => {
+        Assert.ok(hit_server);
+        Assert.equal(
+          aRequest.QueryInterface(Ci.nsIHttpChannel).responseStatus,
+          304
+        );
+        Assert.ok(!cache_storage.exists(make_uri(resource_url), ""));
+        Assert.equal(aRequest.getResponseHeader("Returned-From-Handler"), "1");
+
+        run_next_test();
+      }, true);
+    }, null)
+  );
+});
+
+// 2. send custom conditional request when we don't have an entry
+//    server returns 200 -> result is cached
+add_test(() => {
+  response_code = "200";
+  response_body = "content_body";
+  request_time = "Thu, 1 Jan 2009 00:00:00 GMT";
+  response_time = "Fri, 2 Jan 2009 00:00:00 GMT";
+
+  var ch = make_channel(resource_url);
+  ch.asyncOpen(
+    new ChannelListener(function (aRequest, aData) {
+      syncWithCacheIOThread(() => {
+        Assert.ok(hit_server);
+        Assert.equal(
+          aRequest.QueryInterface(Ci.nsIHttpChannel).responseStatus,
+          200
+        );
+        Assert.ok(cache_storage.exists(make_uri(resource_url), ""));
+
+        check_cached_data(response_body, run_next_test);
+      }, true);
+    }, null)
+  );
+});
+
+// 3. send custom conditional request when we have an entry
+//    server returns 304 -> client receives 304 and cached entry is unchanged
+add_test(() => {
+  response_code = "304";
+  var cached_body = response_body;
+  response_body = "";
+  request_time = "Fri, 2 Jan 2009 00:00:00 GMT";
+  response_time = "Fri, 2 Jan 2009 00:00:00 GMT";
+
+  var ch = make_channel(resource_url);
+  ch.asyncOpen(
+    new ChannelListener(function (aRequest, aData) {
+      syncWithCacheIOThread(() => {
+        Assert.ok(hit_server);
+        Assert.equal(
+          aRequest.QueryInterface(Ci.nsIHttpChannel).responseStatus,
+          304
+        );
+        Assert.ok(cache_storage.exists(make_uri(resource_url), ""));
+        Assert.equal(aRequest.getResponseHeader("Returned-From-Handler"), "1");
+        Assert.equal(aData, "");
+
+        // Check the cache data is not changed
+        check_cached_data(cached_body, run_next_test);
+      }, true);
+    }, null)
+  );
+});
+
+// 4. send custom conditional request when we have an entry
+//    server returns 200 -> result is cached
+add_test(() => {
+  response_code = "200";
+  response_body = "updated_content_body";
+  request_time = "Fri, 2 Jan 2009 00:00:00 GMT";
+  response_time = "Sat, 3 Jan 2009 00:00:00 GMT";
+  var ch = make_channel(resource_url);
+  ch.asyncOpen(
+    new ChannelListener(function (aRequest, aData) {
+      syncWithCacheIOThread(() => {
+        Assert.ok(hit_server);
+        Assert.equal(
+          aRequest.QueryInterface(Ci.nsIHttpChannel).responseStatus,
+          200
+        );
+        Assert.ok(cache_storage.exists(make_uri(resource_url), ""));
+
+        // Check the cache data is updated
+        check_cached_data(response_body, () => {
+          run_next_test();
+          httpserver.stop(do_test_finished);
+        });
+      }, true);
+    }, null)
+  );
+});
diff --git a/netwerk/test/unit/test_bug490095.js b/netwerk/test/unit/test_bug490095.js
new file mode 100644
index 0000000000..4e0a37e450
--- /dev/null
+++ b/netwerk/test/unit/test_bug490095.js
@@ -0,0 +1,160 @@
+//
+// Verify that the VALIDATE_NEVER and LOAD_FROM_CACHE flags override
+// heuristic query freshness as defined in RFC 2616 section 13.9
+//
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  { url: "/freshness?a", server: "0", expected: "0" },
+  { url: "/freshness?a", server: "1", expected: "1" },
+
+  // Setting the VALIDATE_NEVER flag should grab entry from cache
+  {
+    url: "/freshness?a",
+    server: "2",
+    expected: "1",
+    flags: Ci.nsIRequest.VALIDATE_NEVER,
+  },
+
+  // Finally, check that request is validated with no flags set
+  { url: "/freshness?a", server: "99", expected: "99" },
+
+  { url: "/freshness?b", server: "0", expected: "0" },
+  { url: "/freshness?b", server: "1", expected: "1" },
+
+  // Setting the LOAD_FROM_CACHE flag also grab the entry from cache
+  {
+    url: "/freshness?b",
+    server: "2",
+    expected: "1",
+    flags: Ci.nsIRequest.LOAD_FROM_CACHE,
+  },
+
+  // Finally, check that request is validated with no flags set
+  { url: "/freshness?b", server: "99", expected: "99" },
+];
+
+function logit(i, data) {
+  dump(
+    tests[i].url +
+      "\t requested [" +
+      tests[i].server +
+      "]" +
+      " got [" +
+      data +
+      "] expected [" +
+      tests[i].expected +
+      "]"
+  );
+  if (tests[i].responseheader) {
+    dump("\t[" + tests[i].responseheader + "]");
+  }
+  dump("\n");
+}
+
+function setupChannel(suffix, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET";
+  httpChan.setRequestHeader("x-request", value, false);
+  return httpChan;
+}
+
+function triggerNextTest() {
+  var test = tests[index];
+  var channel = setupChannel(test.url, test.server);
+  if (test.flags) {
+    channel.loadFlags = test.flags;
+  }
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  logit(index, data);
+  Assert.equal(tests[index].expected, data);
+
+  if (index < tests.length - 1) {
+    index++;
+    // this call happens in onStopRequest from the channel, and opening a
+    // new channel to the same url here is no good idea...  post it instead
+    do_timeout(1, triggerNextTest);
+  } else {
+    httpserver.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/freshness", handler);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+
+  triggerNextTest();
+
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  var body = metadata.getHeader("x-request");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Date", getDateString(0), false);
+  response.setHeader("Cache-Control", "max-age=0", false);
+
+  var header = tests[index].responseheader;
+  if (header == null) {
+    response.setHeader("Last-Modified", getDateString(-1), false);
+  } else {
+    var splitHdr = header.split(": ");
+    response.setHeader(splitHdr[0], splitHdr[1], false);
+  }
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug504014.js b/netwerk/test/unit/test_bug504014.js
new file mode 100644
index 0000000000..f7e2ed2452
--- /dev/null
+++ b/netwerk/test/unit/test_bug504014.js
@@ -0,0 +1,72 @@
+"use strict";
+
+var valid_URIs = [
+  "http://[::]/",
+  "http://[::1]/",
+  "http://[1::]/",
+  "http://[::]/",
+  "http://[::1]/",
+  "http://[1::]/",
+  "http://[1:2:3:4:5:6:7::]/",
+  "http://[::1:2:3:4:5:6:7]/",
+  "http://[1:2:a:B:c:D:e:F]/",
+  "http://[1::8]/",
+  "http://[1:2::8]/",
+  "http://[0000:0123:4567:89AB:CDEF:abcd:ef00:0000]/",
+  "http://[::192.168.1.1]/",
+  "http://[1::0.0.0.0]/",
+  "http://[1:2::255.255.255.255]/",
+  "http://[1:2:3::255.255.255.255]/",
+  "http://[1:2:3:4::255.255.255.255]/",
+  "http://[1:2:3:4:5::255.255.255.255]/",
+  "http://[1:2:3:4:5:6:255.255.255.255]/",
+];
+
+var invalid_URIs = [
+  "http://[1]/",
+  "http://[192.168.1.1]/",
+  "http://[:::]/",
+  "http://[:::1]/",
+  "http://[1:::]/",
+  "http://[::1::]/",
+  "http://[1:2:3:4:5:6:7:]/",
+  "http://[:2:3:4:5:6:7:8]/",
+  "http://[1:2:3:4:5:6:7:8:]/",
+  "http://[:1:2:3:4:5:6:7:8]/",
+  "http://[1:2:3:4:5:6:7:8::]/",
+  "http://[::1:2:3:4:5:6:7:8]/",
+  "http://[1:2:3:4:5:6:7]/",
+  "http://[1:2:3:4:5:6:7:8:9]/",
+  "http://[00001:2:3:4:5:6:7:8]/",
+  "http://[0001:2:3:4:5:6:7:89abc]/",
+  "http://[A:b:C:d:E:f:G:h]/",
+  "http://[::192.168.1]/",
+  "http://[::192.168.1.]/",
+  "http://[::.168.1.1]/",
+  "http://[::192..1.1]/",
+  "http://[::0192.168.1.1]/",
+  "http://[::256.255.255.255]/",
+  "http://[::1x.255.255.255]/",
+  "http://[::192.4294967464.1.1]/",
+  "http://[1:2:3:4:5:6::255.255.255.255]/",
+  "http://[1:2:3:4:5:6:7:255.255.255.255]/",
+];
+
+function run_test() {
+  for (let i = 0; i < valid_URIs.length; i++) {
+    try {
+      Services.io.newURI(valid_URIs[i]);
+    } catch (e) {
+      do_throw("cannot create URI:" + valid_URIs[i]);
+    }
+  }
+
+  for (let i = 0; i < invalid_URIs.length; i++) {
+    try {
+      Services.io.newURI(invalid_URIs[i]);
+      do_throw("should throw: " + invalid_URIs[i]);
+    } catch (e) {
+      Assert.equal(e.result, Cr.NS_ERROR_MALFORMED_URI);
+    }
+  }
+}
diff --git a/netwerk/test/unit/test_bug510359.js b/netwerk/test/unit/test_bug510359.js
new file mode 100644
index 0000000000..a273cc4710
--- /dev/null
+++ b/netwerk/test/unit/test_bug510359.js
@@ -0,0 +1,104 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  { url: "/bug510359", server: "0", expected: "0" },
+  { url: "/bug510359", server: "1", expected: "1" },
+];
+
+function setupChannel(suffix, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET";
+  httpChan.setRequestHeader("x-request", value, false);
+  httpChan.setRequestHeader("Cookie", "c=" + value, false);
+  return httpChan;
+}
+
+function triggerNextTest() {
+  var channel = setupChannel(tests[index].url, tests[index].server);
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  Assert.equal(tests[index].expected, data);
+
+  if (index < tests.length - 1) {
+    index++;
+    triggerNextTest();
+  } else {
+    httpserver.stop(do_test_finished);
+  }
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/bug510359", handler);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+
+  triggerNextTest();
+
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  try {
+    metadata.getHeader("If-Modified-Since");
+    response.setStatusLine(metadata.httpVersion, 500, "Failed");
+    var msg = "Client should not set If-Modified-Since header";
+    response.bodyOutputStream.write(msg, msg.length);
+  } catch (ex) {
+    response.setStatusLine(metadata.httpVersion, 200, "Ok");
+    response.setHeader("Content-Type", "text/plain", false);
+    response.setHeader("Last-Modified", getDateString(-1), false);
+    response.setHeader("Vary", "Cookie", false);
+    var body = metadata.getHeader("x-request");
+    response.bodyOutputStream.write(body, body.length);
+  }
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug526789.js b/netwerk/test/unit/test_bug526789.js
new file mode 100644
index 0000000000..ec80249a3c
--- /dev/null
+++ b/netwerk/test/unit/test_bug526789.js
@@ -0,0 +1,289 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async () => {
+  var cm = Services.cookies;
+  var expiry = (Date.now() + 1000) * 1000;
+
+  cm.removeAll();
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // test that variants of 'baz.com' get normalized appropriately, but that
+  // malformed hosts are rejected
+  cm.add(
+    "baz.com",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1);
+  Assert.equal(cm.countCookiesFromHost(".baz.com"), 1);
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+  Assert.equal(cm.countCookiesFromHost(".baz.com."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("baz.com..");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("baz..com");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("..baz.com");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  cm.remove("BAZ.com.", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
+  cm.remove("baz.com", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+
+  // Test that 'baz.com' and 'baz.com.' are treated differently
+  cm.add(
+    "baz.com.",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
+  Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0);
+  Assert.equal(cm.countCookiesFromHost(".baz.com"), 0);
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+  Assert.equal(cm.countCookiesFromHost(".baz.com."), 1);
+  cm.remove("baz.com", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
+  cm.remove("baz.com.", "foo", "/", {});
+  Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
+
+  // test that domain cookies are illegal for IP addresses, aliases such as
+  // 'localhost', and eTLD's such as 'co.uk'
+  cm.add(
+    "192.168.0.1",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1);
+  Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".192.168.0.1");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".192.168.0.1.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.add(
+    "localhost",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("localhost"), 1);
+  Assert.equal(cm.countCookiesFromHost("localhost."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".localhost");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".localhost.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.add(
+    "co.uk",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(cm.countCookiesFromHost("co.uk"), 1);
+  Assert.equal(cm.countCookiesFromHost("co.uk."), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".co.uk");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".co.uk.");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.removeAll();
+
+  CookieXPCShellUtils.createServer({
+    hosts: ["baz.com", "192.168.0.1", "localhost", "co.uk", "foo.com"],
+  });
+
+  var uri = NetUtil.newURI("http://baz.com/");
+  Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+  Assert.equal(uri.asciiHost, "baz.com");
+
+  await CookieXPCShellUtils.setCookieToDocument(uri.spec, "foo=bar");
+  const docCookies = await CookieXPCShellUtils.getCookieStringFromDocument(
+    uri.spec
+  );
+  Assert.equal(docCookies, "foo=bar");
+
+  Assert.equal(cm.countCookiesFromHost(""), 0);
+  do_check_throws(function () {
+    cm.countCookiesFromHost(".");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.countCookiesFromHost("..");
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  var cookies = cm.getCookiesFromHost("", {});
+  Assert.ok(!cookies.length);
+  do_check_throws(function () {
+    cm.getCookiesFromHost(".", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.getCookiesFromHost("..", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cookies = cm.getCookiesFromHost("baz.com", {});
+  Assert.equal(cookies.length, 1);
+  Assert.equal(cookies[0].name, "foo");
+  cookies = cm.getCookiesFromHost("", {});
+  Assert.ok(!cookies.length);
+  do_check_throws(function () {
+    cm.getCookiesFromHost(".", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  do_check_throws(function () {
+    cm.getCookiesFromHost("..", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  cm.removeAll();
+
+  // test that an empty host to add() or remove() works,
+  // but a host of '.' doesn't
+  cm.add(
+    "",
+    "/",
+    "foo2",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(getCookieCount(), 1);
+  do_check_throws(function () {
+    cm.add(
+      ".",
+      "/",
+      "foo3",
+      "bar",
+      false,
+      false,
+      true,
+      expiry,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+  Assert.equal(getCookieCount(), 1);
+
+  cm.remove("", "foo2", "/", {});
+  Assert.equal(getCookieCount(), 0);
+  do_check_throws(function () {
+    cm.remove(".", "foo3", "/", {});
+  }, Cr.NS_ERROR_ILLEGAL_VALUE);
+
+  // test that the 'domain' attribute accepts a leading dot for IP addresses,
+  // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
+  // resulting cookie is for the exact host only.
+  await testDomainCookie("http://192.168.0.1/", "192.168.0.1");
+  await testDomainCookie("http://localhost/", "localhost");
+  await testDomainCookie("http://co.uk/", "co.uk");
+
+  // Test that trailing dots are treated differently for purposes of the
+  // 'domain' attribute when using setCookieStringFromDocument.
+  await testTrailingDotCookie("http://localhost/", "localhost");
+  await testTrailingDotCookie("http://foo.com/", "foo.com");
+
+  cm.removeAll();
+});
+
+function getCookieCount() {
+  var cm = Services.cookies;
+  return cm.cookies.length;
+}
+
+async function testDomainCookie(uriString, domain) {
+  var cm = Services.cookies;
+
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=" + domain
+  );
+
+  var cookies = cm.getCookiesFromHost(domain, {});
+  Assert.ok(cookies.length);
+  Assert.equal(cookies[0].host, domain);
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=." + domain
+  );
+
+  cookies = cm.getCookiesFromHost(domain, {});
+  Assert.ok(cookies.length);
+  Assert.equal(cookies[0].host, domain);
+  cm.removeAll();
+}
+
+async function testTrailingDotCookie(uriString, domain) {
+  var cm = Services.cookies;
+
+  cm.removeAll();
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uriString,
+    "foo=bar; domain=" + domain + "/"
+  );
+
+  Assert.equal(cm.countCookiesFromHost(domain), 0);
+  Assert.equal(cm.countCookiesFromHost(domain + "."), 0);
+  cm.removeAll();
+  Services.prefs.clearUserPref("dom.security.https_first");
+}
diff --git a/netwerk/test/unit/test_bug528292.js b/netwerk/test/unit/test_bug528292.js
new file mode 100644
index 0000000000..84449aff71
--- /dev/null
+++ b/netwerk/test/unit/test_bug528292.js
@@ -0,0 +1,87 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const sentCookieVal = "foo=bar";
+const responseBody = "response body";
+
+ChromeUtils.defineLazyGetter(this, "baseURL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+const preRedirectPath = "/528292/pre-redirect";
+
+ChromeUtils.defineLazyGetter(this, "preRedirectURL", function () {
+  return baseURL + preRedirectPath;
+});
+
+const postRedirectPath = "/528292/post-redirect";
+
+ChromeUtils.defineLazyGetter(this, "postRedirectURL", function () {
+  return baseURL + postRedirectPath;
+});
+
+var httpServer = null;
+var receivedCookieVal = null;
+
+function preRedirectHandler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader("Location", postRedirectURL, false);
+}
+
+function postRedirectHandler(metadata, response) {
+  receivedCookieVal = metadata.getHeader("Cookie");
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+add_task(async () => {
+  // Start the HTTP server.
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler(preRedirectPath, preRedirectHandler);
+  httpServer.registerPathHandler(postRedirectPath, postRedirectHandler);
+  httpServer.start(-1);
+
+  if (!inChildProcess()) {
+    // Disable third-party cookies in general.
+    Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
+    Services.prefs.setBoolPref(
+      "network.cookieJarSettings.unblocked_for_testing",
+      true
+    );
+  }
+
+  // Set up a channel with forceAllowThirdPartyCookie set to true.  We'll use
+  // the channel both to set a cookie and then to load the pre-redirect URI.
+  var chan = NetUtil.newChannel({
+    uri: preRedirectURL,
+    loadUsingSystemPrincipal: true,
+  })
+    .QueryInterface(Ci.nsIHttpChannel)
+    .QueryInterface(Ci.nsIHttpChannelInternal);
+  chan.forceAllowThirdPartyCookie = true;
+
+  // Set a cookie on one of the URIs.  It doesn't matter which one, since
+  // they're both from the same host, which is enough for the cookie service
+  // to send the cookie with both requests.
+  var postRedirectURI = Services.io.newURI(postRedirectURL);
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    postRedirectURI.spec,
+    sentCookieVal
+  );
+
+  // Load the pre-redirect URI.
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null));
+  });
+
+  Assert.equal(receivedCookieVal, sentCookieVal);
+  httpServer.stop(do_test_finished);
+});
diff --git a/netwerk/test/unit/test_bug536324_64bit_content_length.js b/netwerk/test/unit/test_bug536324_64bit_content_length.js
new file mode 100644
index 0000000000..7ed8ceca6f
--- /dev/null
+++ b/netwerk/test/unit/test_bug536324_64bit_content_length.js
@@ -0,0 +1,66 @@
+/* Test to ensure our 64-bit content length implementation works, at least for
+   a simple HTTP case */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+// This C-L is significantly larger than (U)INT32_MAX, to make sure we do
+// 64-bit properly.
+const CONTENT_LENGTH = "1152921504606846975";
+
+var httpServer = null;
+
+var listener = {
+  onStartRequest(req) {},
+
+  onDataAvailable(req, stream, off, count) {
+    Assert.equal(req.getResponseHeader("Content-Length"), CONTENT_LENGTH);
+
+    // We're done here, cancel the channel
+    req.cancel(Cr.NS_BINDING_ABORTED);
+  },
+
+  onStopRequest(req, stat) {
+    httpServer.stop(do_test_finished);
+  },
+};
+
+function hugeContentLength(metadata, response) {
+  var text = "abcdefghijklmnopqrstuvwxyz";
+  var bytes_written = 0;
+
+  response.seizePower();
+
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Length: " + CONTENT_LENGTH + "\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+
+  // Write enough data to ensure onDataAvailable gets called
+  while (bytes_written < 4096) {
+    response.write(text);
+    bytes_written += text.length;
+  }
+
+  response.finish();
+}
+
+function test_hugeContentLength() {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpServer.identity.primaryPort + "/",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.asyncOpen(listener);
+}
+
+add_test(test_hugeContentLength);
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/", hugeContentLength);
+  httpServer.start(-1);
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_bug540566.js b/netwerk/test/unit/test_bug540566.js
new file mode 100644
index 0000000000..24260421ad
--- /dev/null
+++ b/netwerk/test/unit/test_bug540566.js
@@ -0,0 +1,24 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/
+ */
+
+"use strict";
+
+function continue_test(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  // TODO - mayhemer: remove this tests completely
+  // entry.deviceID;
+  // if the above line does not crash, the test was successful
+  do_test_finished();
+}
+
+function run_test() {
+  asyncOpenCacheEntry(
+    "http://some.key/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    continue_test
+  );
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug553970.js b/netwerk/test/unit/test_bug553970.js
new file mode 100644
index 0000000000..adb45a2ee9
--- /dev/null
+++ b/netwerk/test/unit/test_bug553970.js
@@ -0,0 +1,50 @@
+"use strict";
+
+function makeURL(spec) {
+  return Services.io.newURI(spec).QueryInterface(Ci.nsIURL);
+}
+
+// Checks that nsIURL::GetRelativeSpec does what it claims to do.
+function run_test() {
+  // Elements of tests have the form [this.spec, aURIToCompare.spec, expectedResult].
+  let tests = [
+    [
+      "http://mozilla.org/",
+      "http://www.mozilla.org/",
+      "http://www.mozilla.org/",
+    ],
+    [
+      "http://mozilla.org/",
+      "http://www.mozilla.org",
+      "http://www.mozilla.org/",
+    ],
+    ["http://foo.com/bar/", "http://foo.com:80/bar/", ""],
+    ["http://foo.com/", "http://foo.com/a.htm#b", "a.htm#b"],
+    ["http://foo.com/a/b/", "http://foo.com/c", "../../c"],
+    ["http://foo.com/a?b/c/", "http://foo.com/c", "c"],
+    ["http://foo.com/a#b/c/", "http://foo.com/c", "c"],
+    ["http://foo.com/a;p?b/c/", "http://foo.com/c", "c"],
+    ["http://foo.com/a/b?c/d/", "http://foo.com/c", "../c"],
+    ["http://foo.com/a/b#c/d/", "http://foo.com/c", "../c"],
+    ["http://foo.com/a/b;p?c/d/", "http://foo.com/c", "../c"],
+    ["http://foo.com/a/b/c?d/e/", "http://foo.com/f", "../../f"],
+    ["http://foo.com/a/b/c#d/e/", "http://foo.com/f", "../../f"],
+    ["http://foo.com/a/b/c;p?d/e/", "http://foo.com/f", "../../f"],
+    ["http://foo.com/a?b/c/", "http://foo.com/c/d", "c/d"],
+    ["http://foo.com/a#b/c/", "http://foo.com/c/d", "c/d"],
+    ["http://foo.com/a;p?b/c/", "http://foo.com/c/d", "c/d"],
+    ["http://foo.com/a/b?c/d/", "http://foo.com/c/d", "../c/d"],
+    ["http://foo.com/a/b#c/d/", "http://foo.com/c/d", "../c/d"],
+    ["http://foo.com/a/b;p?c/d/", "http://foo.com/c/d", "../c/d"],
+    ["http://foo.com/a/b/c?d/e/", "http://foo.com/f/g/", "../../f/g/"],
+    ["http://foo.com/a/b/c#d/e/", "http://foo.com/f/g/", "../../f/g/"],
+    ["http://foo.com/a/b/c;p?d/e/", "http://foo.com/f/g/", "../../f/g/"],
+  ];
+
+  for (var i = 0; i < tests.length; i++) {
+    let url1 = makeURL(tests[i][0]);
+    let url2 = makeURL(tests[i][1]);
+    let expected = tests[i][2];
+    Assert.equal(expected, url1.getRelativeSpec(url2));
+  }
+}
diff --git a/netwerk/test/unit/test_bug561042.js b/netwerk/test/unit/test_bug561042.js
new file mode 100644
index 0000000000..6bdf4d59a6
--- /dev/null
+++ b/netwerk/test/unit/test_bug561042.js
@@ -0,0 +1,44 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const SERVER_PORT = 8080;
+const baseURL = "http://localhost:" + SERVER_PORT + "/";
+
+var cookie = "";
+for (let i = 0; i < 10000; i++) {
+  cookie += " big cookie";
+}
+
+var listener = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream) {},
+
+  onStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    server.stop(do_test_finished);
+  },
+};
+
+var server = new HttpServer();
+function run_test() {
+  server.start(SERVER_PORT);
+  server.registerPathHandler("/", function (metadata, response) {
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("Set-Cookie", "BigCookie=" + cookie, false);
+    response.write("Hello world");
+  });
+  var chan = NetUtil.newChannel({
+    uri: baseURL,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug561276.js b/netwerk/test/unit/test_bug561276.js
new file mode 100644
index 0000000000..9176b7c702
--- /dev/null
+++ b/netwerk/test/unit/test_bug561276.js
@@ -0,0 +1,66 @@
+//
+// Verify that we hit the net if we discover a cycle of redirects
+// coming from cache.
+//
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var iteration = 0;
+
+function setupChannel(suffix) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.requestMethod = "GET";
+  return httpChan;
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  Assert.equal("Ok", data);
+  httpserver.stop(do_test_finished);
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/redirect1", redirectHandler1);
+  httpserver.registerPathHandler("/redirect2", redirectHandler2);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+
+  // load first time
+  var channel = setupChannel("/redirect1");
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+
+  do_test_pending();
+}
+
+function redirectHandler1(metadata, response) {
+  // first time we return a cacheable 302 pointing to next redirect
+  if (iteration < 1) {
+    response.setStatusLine(metadata.httpVersion, 302, "Found");
+    response.setHeader("Cache-Control", "max-age=600", false);
+    response.setHeader("Location", "/redirect2", false);
+
+    // next time called we return 200
+  } else {
+    response.setStatusLine(metadata.httpVersion, 200, "Ok");
+    response.setHeader("Cache-Control", "max-age=600", false);
+    response.setHeader("Content-Type", "text/plain");
+    response.bodyOutputStream.write("Ok", "Ok".length);
+  }
+  iteration += 1;
+}
+
+function redirectHandler2(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader("Cache-Control", "max-age=600", false);
+  response.setHeader("Location", "/redirect1", false);
+}
diff --git a/netwerk/test/unit/test_bug580508.js b/netwerk/test/unit/test_bug580508.js
new file mode 100644
index 0000000000..a17f59b334
--- /dev/null
+++ b/netwerk/test/unit/test_bug580508.js
@@ -0,0 +1,31 @@
+"use strict";
+
+var ioService = Services.io;
+var resProt = ioService
+  .getProtocolHandler("resource")
+  .QueryInterface(Ci.nsIResProtocolHandler);
+
+function run_test() {
+  // Define a resource:// alias that points to another resource:// URI.
+  let greModulesURI = ioService.newURI("resource://gre/modules/");
+  resProt.setSubstitution("my-gre-modules", greModulesURI);
+
+  // When we ask for the alias, we should not get the resource://
+  // URI that we registered it for but the original file URI.
+  let greFileSpec = ioService.newURI(
+    "modules/",
+    null,
+    resProt.getSubstitution("gre")
+  ).spec;
+  let aliasURI = resProt.getSubstitution("my-gre-modules");
+  Assert.equal(aliasURI.spec, greFileSpec);
+
+  // Resolving URIs using the original resource path and the alias
+  // should yield the same result.
+  let greNetUtilURI = ioService.newURI("resource://gre/modules/NetUtil.jsm");
+  let myNetUtilURI = ioService.newURI("resource://my-gre-modules/NetUtil.jsm");
+  Assert.equal(
+    resProt.resolveURI(greNetUtilURI),
+    resProt.resolveURI(myNetUtilURI)
+  );
+}
diff --git a/netwerk/test/unit/test_bug586908.js b/netwerk/test/unit/test_bug586908.js
new file mode 100644
index 0000000000..1d3ab20347
--- /dev/null
+++ b/netwerk/test/unit/test_bug586908.js
@@ -0,0 +1,103 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+var httpserv = null;
+
+ChromeUtils.defineLazyGetter(this, "systemSettings", function () {
+  return {
+    QueryInterface: ChromeUtils.generateQI(["nsISystemProxySettings"]),
+
+    mainThreadOnly: true,
+    PACURI: "http://localhost:" + httpserv.identity.primaryPort + "/redirect",
+    getProxyForURI(aURI) {
+      throw Components.Exception("", Cr.NS_ERROR_NOT_IMPLEMENTED);
+    },
+  };
+});
+
+function checkValue(request, data, ctx) {
+  Assert.ok(called);
+  Assert.equal("ok", data);
+  httpserv.stop(do_test_finished);
+}
+
+function makeChan(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/redirect", redirect);
+  httpserv.registerPathHandler("/pac", pac);
+  httpserv.registerPathHandler("/target", target);
+  httpserv.start(-1);
+
+  MockRegistrar.register(
+    "@mozilla.org/system-proxy-settings;1",
+    systemSettings
+  );
+
+  // Ensure we're using system-properties
+  Services.prefs.setIntPref(
+    "network.proxy.type",
+    Ci.nsIProtocolProxyService.PROXYCONFIG_SYSTEM
+  );
+
+  // clear cache
+  evict_cache_entries();
+
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/target"
+  );
+  chan.asyncOpen(new ChannelListener(checkValue, null));
+
+  do_test_pending();
+}
+
+var called = false,
+  failed = false;
+function redirect(metadata, response) {
+  // If called second time, just return the PAC but set failed-flag
+  if (called) {
+    failed = true;
+    pac(metadata, response);
+    return;
+  }
+
+  called = true;
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader("Location", "/pac", false);
+  var body = "Moved\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function pac(metadata, response) {
+  var PAC = 'function FindProxyForURL(url, host) { return "DIRECT"; }';
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader(
+    "Content-Type",
+    "application/x-ns-proxy-autoconfig",
+    false
+  );
+  response.bodyOutputStream.write(PAC, PAC.length);
+}
+
+function target(metadata, response) {
+  var retval = "ok";
+  if (failed) {
+    retval = "failed";
+  }
+
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(retval, retval.length);
+}
diff --git a/netwerk/test/unit/test_bug596443.js b/netwerk/test/unit/test_bug596443.js
new file mode 100644
index 0000000000..55f9922e07
--- /dev/null
+++ b/netwerk/test/unit/test_bug596443.js
@@ -0,0 +1,117 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+var httpserver = new HttpServer();
+
+var expectedOnStopRequests = 3;
+
+function setupChannel(suffix, xRequest, flags) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  if (flags) {
+    chan.loadFlags |= flags;
+  }
+
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.setRequestHeader("x-request", xRequest, false);
+
+  return httpChan;
+}
+
+function Listener(response) {
+  this._response = response;
+}
+Listener.prototype = {
+  _response: null,
+  _buffer: null,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    this._buffer = "";
+  },
+  onDataAvailable(request, stream, offset, count) {
+    this._buffer = this._buffer.concat(read_stream(stream, count));
+  },
+  onStopRequest(request, status) {
+    Assert.equal(this._buffer, this._response);
+    if (--expectedOnStopRequests == 0) {
+      do_timeout(10, function () {
+        httpserver.stop(do_test_finished);
+      });
+    }
+  },
+};
+
+function run_test() {
+  httpserver.registerPathHandler("/bug596443", handler);
+  httpserver.start(-1);
+
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  // make sure we have a profile so we can use the disk-cache
+  do_get_profile();
+
+  // clear cache
+  evict_cache_entries();
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var ch0 = setupChannel(
+      "/bug596443",
+      "Response0",
+      Ci.nsIRequest.LOAD_BYPASS_CACHE
+    );
+    ch0.asyncOpen(new Listener("Response0"));
+
+    var ch1 = setupChannel(
+      "/bug596443",
+      "Response1",
+      Ci.nsIRequest.LOAD_BYPASS_CACHE
+    );
+    ch1.asyncOpen(new Listener("Response1"));
+
+    var ch2 = setupChannel("/bug596443", "Should not be used");
+    ch2.asyncOpen(new Listener("Response1")); // Note param: we expect this to come from cache
+  });
+
+  do_test_pending();
+}
+
+function triggerHandlers() {
+  do_timeout(100, handlers[1]);
+  do_timeout(100, handlers[0]);
+}
+
+var handlers = [];
+function handler(metadata, response) {
+  var func = function (body) {
+    return function () {
+      response.setStatusLine(metadata.httpVersion, 200, "Ok");
+      response.setHeader("Content-Type", "text/plain", false);
+      response.setHeader("Content-Length", "" + body.length, false);
+      response.setHeader("Cache-Control", "max-age=600", false);
+      response.bodyOutputStream.write(body, body.length);
+      response.finish();
+    };
+  };
+
+  response.processAsync();
+  var request = metadata.getHeader("x-request");
+  handlers.push(func(request));
+
+  if (handlers.length > 1) {
+    triggerHandlers();
+  }
+}
diff --git a/netwerk/test/unit/test_bug618835.js b/netwerk/test/unit/test_bug618835.js
new file mode 100644
index 0000000000..4f4ea8b776
--- /dev/null
+++ b/netwerk/test/unit/test_bug618835.js
@@ -0,0 +1,124 @@
+//
+// If a response to a non-safe HTTP request-method contains the Location- or
+// Content-Location header, we must make sure to invalidate any cached entry
+// representing the URIs pointed to by either header. RFC 2616 section 13.10
+//
+// This test uses 3 URIs: "/post" is the target of a POST-request and always
+// redirects (301) to "/redirect". The URIs "/redirect" and "/cl" both counts
+// the number of loads from the server (handler). The response from "/post"
+// always contains the headers "Location: /redirect" and "Content-Location:
+// /cl", whose cached entries are to be invalidated. The tests verifies that
+// "/redirect" and "/cl" are loaded from server the expected number of times.
+//
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserv;
+
+function setupChannel(path) {
+  return NetUtil.newChannel({
+    uri: path,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+// Verify that Content-Location-URI has been loaded once, load post_target
+function InitialListener() {}
+InitialListener.prototype = {
+  onStartRequest(request) {},
+  onStopRequest(request, status) {
+    Assert.equal(1, numberOfCLHandlerCalls);
+    executeSoon(function () {
+      var channel = setupChannel(
+        "http://localhost:" + httpserv.identity.primaryPort + "/post"
+      );
+      channel.requestMethod = "POST";
+      channel.asyncOpen(new RedirectingListener());
+    });
+  },
+};
+
+// Verify that Location-URI has been loaded once, reload post_target
+function RedirectingListener() {}
+RedirectingListener.prototype = {
+  onStartRequest(request) {},
+  onStopRequest(request, status) {
+    Assert.equal(1, numberOfHandlerCalls);
+    executeSoon(function () {
+      var channel = setupChannel(
+        "http://localhost:" + httpserv.identity.primaryPort + "/post"
+      );
+      channel.requestMethod = "POST";
+      channel.asyncOpen(new VerifyingListener());
+    });
+  },
+};
+
+// Verify that Location-URI has been loaded twice (cached entry invalidated),
+// reload Content-Location-URI
+function VerifyingListener() {}
+VerifyingListener.prototype = {
+  onStartRequest(request) {},
+  onStopRequest(request, status) {
+    Assert.equal(2, numberOfHandlerCalls);
+    var channel = setupChannel(
+      "http://localhost:" + httpserv.identity.primaryPort + "/cl"
+    );
+    channel.asyncOpen(new FinalListener());
+  },
+};
+
+// Verify that Location-URI has been loaded twice (cached entry invalidated),
+// stop test
+function FinalListener() {}
+FinalListener.prototype = {
+  onStartRequest(request) {},
+  onStopRequest(request, status) {
+    Assert.equal(2, numberOfCLHandlerCalls);
+    httpserv.stop(do_test_finished);
+  },
+};
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/cl", content_location);
+  httpserv.registerPathHandler("/post", post_target);
+  httpserv.registerPathHandler("/redirect", redirect_target);
+  httpserv.start(-1);
+
+  // Clear cache
+  evict_cache_entries();
+
+  // Load Content-Location URI into cache and start the chain of loads
+  var channel = setupChannel(
+    "http://localhost:" + httpserv.identity.primaryPort + "/cl"
+  );
+  channel.asyncOpen(new InitialListener());
+
+  do_test_pending();
+}
+
+var numberOfCLHandlerCalls = 0;
+function content_location(metadata, response) {
+  numberOfCLHandlerCalls++;
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Cache-Control", "max-age=360000", false);
+}
+
+function post_target(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
+  response.setHeader("Location", "/redirect", false);
+  response.setHeader("Content-Location", "/cl", false);
+  response.setHeader("Cache-Control", "max-age=360000", false);
+}
+
+var numberOfHandlerCalls = 0;
+function redirect_target(metadata, response) {
+  numberOfHandlerCalls++;
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Cache-Control", "max-age=360000", false);
+}
diff --git a/netwerk/test/unit/test_bug633743.js b/netwerk/test/unit/test_bug633743.js
new file mode 100644
index 0000000000..6e49751c78
--- /dev/null
+++ b/netwerk/test/unit/test_bug633743.js
@@ -0,0 +1,195 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const VALUE_HDR_NAME = "X-HTTP-VALUE-HEADER";
+const VARY_HDR_NAME = "X-HTTP-VARY-HEADER";
+const CACHECTRL_HDR_NAME = "X-CACHE-CONTROL-HEADER";
+
+var httpserver = null;
+
+function make_channel(flags, vary, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + "/bug633743",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan.QueryInterface(Ci.nsIHttpChannel);
+}
+
+function Test(flags, varyHdr, sendValue, expectValue, cacheHdr) {
+  this._flags = flags;
+  this._varyHdr = varyHdr;
+  this._sendVal = sendValue;
+  this._expectVal = expectValue;
+  this._cacheHdr = cacheHdr;
+}
+
+Test.prototype = {
+  _buffer: "",
+  _flags: null,
+  _varyHdr: null,
+  _sendVal: null,
+  _expectVal: null,
+  _cacheHdr: null,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream, offset, count) {
+    this._buffer = this._buffer.concat(read_stream(stream, count));
+  },
+
+  onStopRequest(request, status) {
+    Assert.equal(this._buffer, this._expectVal);
+    do_timeout(0, run_next_test);
+  },
+
+  run() {
+    var channel = make_channel();
+    channel.loadFlags = this._flags;
+    channel.setRequestHeader(VALUE_HDR_NAME, this._sendVal, false);
+    channel.setRequestHeader(VARY_HDR_NAME, this._varyHdr, false);
+    if (this._cacheHdr) {
+      channel.setRequestHeader(CACHECTRL_HDR_NAME, this._cacheHdr, false);
+    }
+
+    channel.asyncOpen(this);
+  },
+};
+
+var gTests = [
+  // Test LOAD_FROM_CACHE: Load cache-entry
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-initial", // hdr-value used to vary
+    "request1", // echoed by handler
+    "request1" // value expected to receive in channel
+  ),
+  // Verify that it was cached
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-initial", // hdr-value used to vary
+    "fresh value with LOAD_NORMAL", // echoed by handler
+    "request1" // value expected to receive in channel
+  ),
+  // Load same entity with LOAD_FROM_CACHE-flag
+  new Test(
+    Ci.nsIRequest.LOAD_FROM_CACHE,
+    "entity-initial", // hdr-value used to vary
+    "fresh value with LOAD_FROM_CACHE", // echoed by handler
+    "request1" // value expected to receive in channel
+  ),
+  // Load different entity with LOAD_FROM_CACHE-flag
+  new Test(
+    Ci.nsIRequest.LOAD_FROM_CACHE,
+    "entity-l-f-c", // hdr-value used to vary
+    "request2", // echoed by handler
+    "request2" // value expected to receive in channel
+  ),
+  // Verify that new value was cached
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-l-f-c", // hdr-value used to vary
+    "fresh value with LOAD_NORMAL", // echoed by handler
+    "request2" // value expected to receive in channel
+  ),
+
+  // Test VALIDATE_NEVER: Note previous cache-entry
+  new Test(
+    Ci.nsIRequest.VALIDATE_NEVER,
+    "entity-v-n", // hdr-value used to vary
+    "request3", // echoed by handler
+    "request3" // value expected to receive in channel
+  ),
+  // Verify that cache-entry was replaced
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-v-n", // hdr-value used to vary
+    "fresh value with LOAD_NORMAL", // echoed by handler
+    "request3" // value expected to receive in channel
+  ),
+
+  // Test combination VALIDATE_NEVER && no-store: Load new cache-entry
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-2", // hdr-value used to vary
+    "request4", // echoed by handler
+    "request4", // value expected to receive in channel
+    "no-store" // set no-store on response
+  ),
+  // Ensure we validate without IMS header in this case (verified in handler)
+  new Test(
+    Ci.nsIRequest.VALIDATE_NEVER,
+    "entity-2-v-n", // hdr-value used to vary
+    "request5", // echoed by handler
+    "request5" // value expected to receive in channel
+  ),
+
+  // Test VALIDATE-ALWAYS: Load new entity
+  new Test(
+    Ci.nsIRequest.LOAD_NORMAL,
+    "entity-3", // hdr-value used to vary
+    "request6", // echoed by handler
+    "request6", // value expected to receive in channel
+    "no-cache" // set no-cache on response
+  ),
+  // Ensure we don't send IMS header also in this case (verified in handler)
+  new Test(
+    Ci.nsIRequest.VALIDATE_ALWAYS,
+    "entity-3-v-a", // hdr-value used to vary
+    "request7", // echoed by handler
+    "request7" // value expected to receive in channel
+  ),
+];
+
+function run_next_test() {
+  if (!gTests.length) {
+    httpserver.stop(do_test_finished);
+    return;
+  }
+
+  var test = gTests.shift();
+  test.run();
+}
+
+function handler(metadata, response) {
+  // None of the tests above should send an IMS
+  Assert.ok(!metadata.hasHeader("If-Modified-Since"));
+
+  // Pick up requested value to echo
+  var hdr = "default value";
+  try {
+    hdr = metadata.getHeader(VALUE_HDR_NAME);
+  } catch (ex) {}
+
+  // Pick up requested cache-control header-value
+  var cctrlVal = "max-age=10000";
+  try {
+    cctrlVal = metadata.getHeader(CACHECTRL_HDR_NAME);
+  } catch (ex) {}
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Cache-Control", cctrlVal, false);
+  response.setHeader("Vary", VARY_HDR_NAME, false);
+  response.setHeader("Last-Modified", "Tue, 15 Nov 1994 12:45:26 GMT", false);
+  response.bodyOutputStream.write(hdr, hdr.length);
+}
+
+function run_test() {
+  // clear the cache
+  evict_cache_entries();
+
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/bug633743", handler);
+  httpserver.start(-1);
+
+  run_next_test();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug650522.js b/netwerk/test/unit/test_bug650522.js
new file mode 100644
index 0000000000..2ffcb5438a
--- /dev/null
+++ b/netwerk/test/unit/test_bug650522.js
@@ -0,0 +1,35 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async () => {
+  Services.prefs.setBoolPref("network.cookie.sameSite.schemeful", false);
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  var expiry = (Date.now() + 1000) * 1000;
+
+  // Test our handling of host names with a single character at the beginning
+  // followed by a dot.
+  Services.cookies.add(
+    "e.com",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTP
+  );
+  Assert.equal(Services.cookies.countCookiesFromHost("e.com"), 1);
+
+  CookieXPCShellUtils.createServer({ hosts: ["e.com"] });
+  const cookies = await CookieXPCShellUtils.getCookieStringFromDocument(
+    "http://e.com/"
+  );
+  Assert.equal(cookies, "foo=bar");
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_bug650995.js b/netwerk/test/unit/test_bug650995.js
new file mode 100644
index 0000000000..d9ccab6540
--- /dev/null
+++ b/netwerk/test/unit/test_bug650995.js
@@ -0,0 +1,187 @@
+//
+// Test that "max_entry_size" prefs for disk- and memory-cache prevents
+// caching resources with size out of bounds
+//
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+do_get_profile();
+
+const prefService = Services.prefs;
+
+const httpserver = new HttpServer();
+
+// Repeats the given data until the total size is larger than 1K
+function repeatToLargerThan1K(data) {
+  while (data.length <= 1024) {
+    data += data;
+  }
+  return data;
+}
+
+function setupChannel(suffix, value) {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  httpChan.setRequestHeader("x-request", value, false);
+
+  return httpChan;
+}
+
+var tests = [
+  new InitializeCacheDevices(true, false), // enable and create mem-device
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.memory.max_entry_size", 1);
+    },
+    "012345",
+    "9876543210",
+    "012345"
+  ), // expect cached value
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.memory.max_entry_size", 1);
+    },
+    "0123456789a",
+    "9876543210",
+    "9876543210"
+  ), // expect fresh value
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.memory.max_entry_size", -1);
+    },
+    "0123456789a",
+    "9876543210",
+    "0123456789a"
+  ), // expect cached value
+
+  new InitializeCacheDevices(false, true), // enable and create disk-device
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.disk.max_entry_size", 1);
+    },
+    "012345",
+    "9876543210",
+    "012345"
+  ), // expect cached value
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.disk.max_entry_size", 1);
+    },
+    "0123456789a",
+    "9876543210",
+    "9876543210"
+  ), // expect fresh value
+  new TestCacheEntrySize(
+    function () {
+      prefService.setIntPref("browser.cache.disk.max_entry_size", -1);
+    },
+    "0123456789a",
+    "9876543210",
+    "0123456789a"
+  ), // expect cached value
+];
+
+function nextTest() {
+  // We really want each test to be self-contained. Make sure cache is
+  // cleared and also let all operations finish before starting a new test
+  syncWithCacheIOThread(function () {
+    Services.cache2.clear();
+    syncWithCacheIOThread(runNextTest);
+  });
+}
+
+function runNextTest() {
+  var aTest = tests.shift();
+  if (!aTest) {
+    httpserver.stop(do_test_finished);
+    return;
+  }
+  executeSoon(function () {
+    aTest.start();
+  });
+}
+
+// Just make sure devices are created
+function InitializeCacheDevices(memDevice, diskDevice) {
+  this.start = function () {
+    prefService.setBoolPref("browser.cache.memory.enable", memDevice);
+    if (memDevice) {
+      let cap = prefService.getIntPref("browser.cache.memory.capacity", 0);
+      if (cap == 0) {
+        prefService.setIntPref("browser.cache.memory.capacity", 1024);
+      }
+    }
+    prefService.setBoolPref("browser.cache.disk.enable", diskDevice);
+    if (diskDevice) {
+      let cap = prefService.getIntPref("browser.cache.disk.capacity", 0);
+      if (cap == 0) {
+        prefService.setIntPref("browser.cache.disk.capacity", 1024);
+      }
+    }
+    var channel = setupChannel("/bug650995", "Initial value");
+    channel.asyncOpen(new ChannelListener(nextTest, null));
+  };
+}
+
+function TestCacheEntrySize(
+  setSizeFunc,
+  firstRequest,
+  secondRequest,
+  secondExpectedReply
+) {
+  // Initially, this test used 10 bytes as the limit for caching entries.
+  // Since we now use 1K granularity we have to extend lengths to be larger
+  // than 1K if it is larger than 10
+  if (firstRequest.length > 10) {
+    firstRequest = repeatToLargerThan1K(firstRequest);
+  }
+  if (secondExpectedReply.length > 10) {
+    secondExpectedReply = repeatToLargerThan1K(secondExpectedReply);
+  }
+
+  this.start = function () {
+    setSizeFunc();
+    var channel = setupChannel("/bug650995", firstRequest);
+    channel.asyncOpen(new ChannelListener(this.initialLoad, this));
+  };
+  this.initialLoad = function (request, data, ctx) {
+    Assert.equal(firstRequest, data);
+    var channel = setupChannel("/bug650995", secondRequest);
+    executeSoon(function () {
+      channel.asyncOpen(new ChannelListener(ctx.testAndTriggerNext, ctx));
+    });
+  };
+  this.testAndTriggerNext = function (request, data, ctx) {
+    Assert.equal(secondExpectedReply, data);
+    executeSoon(nextTest);
+  };
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/bug650995", handler);
+  httpserver.start(-1);
+
+  prefService.setBoolPref("network.http.rcwn.enabled", false);
+
+  nextTest();
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  var body = "BOOM!";
+  try {
+    body = metadata.getHeader("x-request");
+  } catch (e) {}
+
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Cache-Control", "max-age=3600", false);
+  response.bodyOutputStream.write(body, body.length);
+}
diff --git a/netwerk/test/unit/test_bug652761.js b/netwerk/test/unit/test_bug652761.js
new file mode 100644
index 0000000000..030f18a1fd
--- /dev/null
+++ b/netwerk/test/unit/test_bug652761.js
@@ -0,0 +1,19 @@
+// This is just a crashtest for a url that is rejected at parse time (port 80,000)
+
+"use strict";
+
+function run_test() {
+  // Bug 1301621 makes invalid ports throw
+  Assert.throws(
+    () => {
+      NetUtil.newChannel({
+        uri: "http://localhost:80000/",
+        loadUsingSystemPrincipal: true,
+      });
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "invalid port"
+  );
+
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_bug654926.js b/netwerk/test/unit/test_bug654926.js
new file mode 100644
index 0000000000..0f29a3bcf4
--- /dev/null
+++ b/netwerk/test/unit/test_bug654926.js
@@ -0,0 +1,91 @@
+"use strict";
+
+function gen_1MiB() {
+  var i;
+  var data = "x";
+  for (i = 0; i < 20; i++) {
+    data += data;
+  }
+  return data;
+}
+
+function write_and_check(str, data, len) {
+  var written = str.write(data, len);
+  if (written != len) {
+    do_throw(
+      "str.write has not written all data!\n" +
+        "  Expected: " +
+        len +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+}
+
+function write_datafile(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var data = gen_1MiB();
+  var os = entry.openOutputStream(0, data.length);
+
+  // write 2MiB
+  var i;
+  for (i = 0; i < 2; i++) {
+    write_and_check(os, data, data.length);
+  }
+
+  os.close();
+  entry.close();
+
+  // now change max_entry_size so that the existing entry is too big
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1024);
+
+  // append to entry
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    append_datafile
+  );
+}
+
+function append_datafile(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var os = entry.openOutputStream(entry.dataSize, -1);
+  var data = gen_1MiB();
+
+  // append 1MiB
+  try {
+    write_and_check(os, data, data.length);
+    do_throw();
+  } catch (ex) {}
+
+  // closing the ostream should fail in this case
+  try {
+    os.close();
+    do_throw();
+  } catch (ex) {}
+
+  entry.close();
+
+  do_test_finished();
+}
+
+function run_test() {
+  do_get_profile();
+
+  // clear the cache
+  evict_cache_entries();
+
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    write_datafile
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug654926_doom_and_read.js b/netwerk/test/unit/test_bug654926_doom_and_read.js
new file mode 100644
index 0000000000..1ed618e04a
--- /dev/null
+++ b/netwerk/test/unit/test_bug654926_doom_and_read.js
@@ -0,0 +1,82 @@
+"use strict";
+
+function gen_1MiB() {
+  var i;
+  var data = "x";
+  for (i = 0; i < 20; i++) {
+    data += data;
+  }
+  return data;
+}
+
+function write_and_check(str, data, len) {
+  var written = str.write(data, len);
+  if (written != len) {
+    do_throw(
+      "str.write has not written all data!\n" +
+        "  Expected: " +
+        len +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+}
+
+function write_datafile(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var data = gen_1MiB();
+  var os = entry.openOutputStream(0, data.length);
+
+  write_and_check(os, data, data.length);
+
+  os.close();
+  entry.close();
+
+  // open, doom, append, read
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    test_read_after_doom
+  );
+}
+
+function test_read_after_doom(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var data = gen_1MiB();
+  var os = entry.openOutputStream(entry.dataSize, data.length);
+
+  entry.asyncDoom(null);
+  write_and_check(os, data, data.length);
+
+  os.close();
+
+  var is = entry.openInputStream(0);
+  pumpReadStream(is, function (read) {
+    Assert.equal(read.length, 2 * 1024 * 1024);
+    is.close();
+
+    entry.close();
+    do_test_finished();
+  });
+}
+
+function run_test() {
+  do_get_profile();
+
+  // clear the cache
+  evict_cache_entries();
+
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    write_datafile
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug654926_test_seek.js b/netwerk/test/unit/test_bug654926_test_seek.js
new file mode 100644
index 0000000000..148e9f9043
--- /dev/null
+++ b/netwerk/test/unit/test_bug654926_test_seek.js
@@ -0,0 +1,76 @@
+"use strict";
+
+function gen_1MiB() {
+  var i;
+  var data = "x";
+  for (i = 0; i < 20; i++) {
+    data += data;
+  }
+  return data;
+}
+
+function write_and_check(str, data, len) {
+  var written = str.write(data, len);
+  if (written != len) {
+    do_throw(
+      "str.write has not written all data!\n" +
+        "  Expected: " +
+        len +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+}
+
+function write_datafile(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var data = gen_1MiB();
+  var os = entry.openOutputStream(0, data.length);
+
+  write_and_check(os, data, data.length);
+
+  os.close();
+  entry.close();
+
+  // try to open the entry for appending
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    open_for_readwrite
+  );
+}
+
+function open_for_readwrite(status, entry) {
+  Assert.equal(status, Cr.NS_OK);
+  var os = entry.openOutputStream(entry.dataSize, -1);
+
+  // Opening the entry for appending data calls nsDiskCacheStreamIO::Seek()
+  // which initializes mFD. If no data is written then mBufDirty is false and
+  // mFD won't be closed in nsDiskCacheStreamIO::Flush().
+
+  os.close();
+  entry.close();
+
+  do_test_finished();
+}
+
+function run_test() {
+  do_get_profile();
+
+  // clear the cache
+  evict_cache_entries();
+
+  asyncOpenCacheEntry(
+    "http://data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    write_datafile
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug659569.js b/netwerk/test/unit/test_bug659569.js
new file mode 100644
index 0000000000..1bdc61b618
--- /dev/null
+++ b/netwerk/test/unit/test_bug659569.js
@@ -0,0 +1,60 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+
+function setupChannel(suffix) {
+  return NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + suffix,
+    loadUsingSystemPrincipal: true,
+  });
+}
+
+function checkValueAndTrigger(request, data, ctx) {
+  Assert.equal("Ok", data);
+  httpserver.stop(do_test_finished);
+}
+
+function run_test() {
+  // We don't want to have CookieJarSettings blocking this test.
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+
+  httpserver.registerPathHandler("/redirect1", redirectHandler1);
+  httpserver.registerPathHandler("/redirect2", redirectHandler2);
+  httpserver.start(-1);
+
+  // clear cache
+  evict_cache_entries();
+
+  // load first time
+  var channel = setupChannel("/redirect1");
+  channel.asyncOpen(new ChannelListener(checkValueAndTrigger, null));
+  do_test_pending();
+}
+
+function redirectHandler1(metadata, response) {
+  if (!metadata.hasHeader("Cookie")) {
+    response.setStatusLine(metadata.httpVersion, 302, "Found");
+    response.setHeader("Cache-Control", "max-age=600", false);
+    response.setHeader("Location", "/redirect2?query", false);
+    response.setHeader("Set-Cookie", "MyCookie=1", false);
+  } else {
+    response.setStatusLine(metadata.httpVersion, 200, "Ok");
+    response.setHeader("Content-Type", "text/plain");
+    response.bodyOutputStream.write("Ok", "Ok".length);
+  }
+}
+
+function redirectHandler2(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader("Location", "/redirect1", false);
+}
diff --git a/netwerk/test/unit/test_bug660066.js b/netwerk/test/unit/test_bug660066.js
new file mode 100644
index 0000000000..2e7c060135
--- /dev/null
+++ b/netwerk/test/unit/test_bug660066.js
@@ -0,0 +1,53 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+"use strict";
+
+const SIMPLEURI_SPEC = "data:text/plain,hello world";
+const BLOBURI_SPEC = "blob:123456";
+
+function do_info(text, stack) {
+  if (!stack) {
+    stack = Components.stack.caller;
+  }
+
+  dump(
+    "\n" +
+      "TEST-INFO | " +
+      stack.filename +
+      " | [" +
+      stack.name +
+      " : " +
+      stack.lineNumber +
+      "] " +
+      text +
+      "\n"
+  );
+}
+
+function do_check_uri_neq(uri1, uri2) {
+  do_info("Checking equality in forward direction...");
+  Assert.ok(!uri1.equals(uri2));
+  Assert.ok(!uri1.equalsExceptRef(uri2));
+
+  do_info("Checking equality in reverse direction...");
+  Assert.ok(!uri2.equals(uri1));
+  Assert.ok(!uri2.equalsExceptRef(uri1));
+}
+
+function run_test() {
+  var simpleURI = NetUtil.newURI(SIMPLEURI_SPEC);
+  var fileDataURI = NetUtil.newURI(BLOBURI_SPEC);
+
+  do_info("Checking that " + SIMPLEURI_SPEC + " != " + BLOBURI_SPEC);
+  do_check_uri_neq(simpleURI, fileDataURI);
+
+  do_info("Changing the nsSimpleURI spec to match the nsFileDataURI");
+  simpleURI = simpleURI.mutate().setSpec(BLOBURI_SPEC).finalize();
+
+  do_info("Verifying that .spec matches");
+  Assert.equal(simpleURI.spec, fileDataURI.spec);
+
+  do_info(
+    "Checking that nsSimpleURI != nsFileDataURI despite their .spec matching"
+  );
+  do_check_uri_neq(simpleURI, fileDataURI);
+}
diff --git a/netwerk/test/unit/test_bug667087.js b/netwerk/test/unit/test_bug667087.js
new file mode 100644
index 0000000000..79589799e7
--- /dev/null
+++ b/netwerk/test/unit/test_bug667087.js
@@ -0,0 +1,33 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+add_task(async () => {
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+  var expiry = (Date.now() + 1000) * 1000;
+
+  // Test our handling of host names with a single character consisting only
+  // of a single character
+  Services.cookies.add(
+    "a",
+    "/",
+    "foo",
+    "bar",
+    false,
+    false,
+    true,
+    expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTP
+  );
+  Assert.equal(Services.cookies.countCookiesFromHost("a"), 1);
+
+  CookieXPCShellUtils.createServer({ hosts: ["a"] });
+  const cookies = await CookieXPCShellUtils.getCookieStringFromDocument(
+    "http://a/"
+  );
+  Assert.equal(cookies, "foo=bar");
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_bug667818.js b/netwerk/test/unit/test_bug667818.js
new file mode 100644
index 0000000000..9c6e495da0
--- /dev/null
+++ b/netwerk/test/unit/test_bug667818.js
@@ -0,0 +1,49 @@
+"use strict";
+
+function makeURI(str) {
+  return Services.io.newURI(str);
+}
+
+add_task(async () => {
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  var uri = makeURI("http://example.com/");
+  var channel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+  Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+  CookieXPCShellUtils.createServer({ hosts: ["example.com"] });
+
+  // Try an expiration time before the epoch
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uri.spec,
+    "test=test; path=/; domain=example.com; expires=Sun, 31-Dec-1899 16:00:00 GMT;"
+  );
+  Assert.equal(
+    await CookieXPCShellUtils.getCookieStringFromDocument(uri.spec),
+    ""
+  );
+
+  // Now sanity check
+  Services.cookies.setCookieStringFromHttp(
+    uri,
+    "test2=test2; path=/; domain=example.com;",
+    channel
+  );
+
+  Assert.equal(
+    await CookieXPCShellUtils.getCookieStringFromDocument(uri.spec),
+    "test2=test2"
+  );
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_bug667907.js b/netwerk/test/unit/test_bug667907.js
new file mode 100644
index 0000000000..5c6b13d538
--- /dev/null
+++ b/netwerk/test/unit/test_bug667907.js
@@ -0,0 +1,88 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = null;
+var simplePath = "/simple";
+var normalPath = "/normal";
+var httpbody = "";
+
+ChromeUtils.defineLazyGetter(this, "uri1", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort + simplePath;
+});
+
+ChromeUtils.defineLazyGetter(this, "uri2", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort + normalPath;
+});
+
+function make_channel(url) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+var listener_proto = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    Assert.equal(
+      request.QueryInterface(Ci.nsIChannel).contentType,
+      this.contentType
+    );
+    request.cancel(Cr.NS_BINDING_ABORTED);
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    do_throw("Unexpected onDataAvailable");
+  },
+
+  onStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_BINDING_ABORTED);
+    this.termination_func();
+  },
+};
+
+function listener(contentType, termination_func) {
+  this.contentType = contentType;
+  this.termination_func = termination_func;
+}
+listener.prototype = listener_proto;
+
+function run_test() {
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler(simplePath, simpleHandler);
+  httpserver.registerPathHandler(normalPath, normalHandler);
+  httpserver.start(-1);
+
+  var channel = make_channel(uri1);
+  channel.asyncOpen(
+    new listener("text/plain", function () {
+      run_test2();
+    })
+  );
+
+  do_test_pending();
+}
+
+function run_test2() {
+  var channel = make_channel(uri2);
+  channel.asyncOpen(
+    new listener("text/html", function () {
+      httpserver.stop(do_test_finished);
+    })
+  );
+}
+
+function simpleHandler(metadata, response) {
+  response.seizePower();
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+  response.finish();
+}
+
+function normalHandler(metadata, response) {
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+  response.finish();
+}
diff --git a/netwerk/test/unit/test_bug669001.js b/netwerk/test/unit/test_bug669001.js
new file mode 100644
index 0000000000..ebd5998cf1
--- /dev/null
+++ b/netwerk/test/unit/test_bug669001.js
@@ -0,0 +1,178 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpServer = null;
+var path = "/bug699001";
+
+ChromeUtils.defineLazyGetter(this, "URI", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + path;
+});
+
+function make_channel(url) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+var fetched;
+
+// The test loads a resource that expires in one year, has an etag and varies only by User-Agent
+// First we load it, then check we load it only from the cache w/o even checking with the server
+// Then we modify our User-Agent and try it again
+// We have to get a new content (even though with the same etag) and again on next load only from
+// cache w/o accessing the server
+// Goal is to check we've updated User-Agent request header in cache after we've got 304 response
+// from the server
+
+var tests = [
+  {
+    prepare() {},
+    test(response) {
+      Assert.ok(fetched);
+    },
+  },
+  {
+    prepare() {},
+    test(response) {
+      Assert.ok(!fetched);
+    },
+  },
+  {
+    prepare() {
+      setUA("A different User Agent");
+    },
+    test(response) {
+      Assert.ok(fetched);
+    },
+  },
+  {
+    prepare() {},
+    test(response) {
+      Assert.ok(!fetched);
+    },
+  },
+  {
+    prepare() {
+      setUA("And another User Agent");
+    },
+    test(response) {
+      Assert.ok(fetched);
+    },
+  },
+  {
+    prepare() {},
+    test(response) {
+      Assert.ok(!fetched);
+    },
+  },
+];
+
+function handler(metadata, response) {
+  if (metadata.hasHeader("If-None-Match")) {
+    response.setStatusLine(metadata.httpVersion, 304, "Not modified");
+  } else {
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "text/plain");
+
+    var body = "body";
+    response.bodyOutputStream.write(body, body.length);
+  }
+
+  fetched = true;
+
+  response.setHeader("Expires", getDateString(+1));
+  response.setHeader("Cache-Control", "private");
+  response.setHeader("Vary", "User-Agent");
+  response.setHeader("ETag", "1234");
+}
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler(path, handler);
+  httpServer.start(-1);
+
+  do_test_pending();
+
+  nextTest();
+}
+
+function nextTest() {
+  fetched = false;
+  tests[0].prepare();
+
+  dump("Testing with User-Agent: " + getUA() + "\n");
+  var chan = make_channel(URI);
+
+  // Give the old channel a chance to close the cache entry first.
+  // XXX This is actually a race condition that might be considered a bug...
+  executeSoon(function () {
+    chan.asyncOpen(new ChannelListener(checkAndShiftTest, null));
+  });
+}
+
+function checkAndShiftTest(request, response) {
+  tests[0].test(response);
+
+  tests.shift();
+  if (!tests.length) {
+    httpServer.stop(tearDown);
+    return;
+  }
+
+  nextTest();
+}
+
+function tearDown() {
+  setUA("");
+  do_test_finished();
+}
+
+// Helpers
+
+function getUA() {
+  var httphandler = Cc["@mozilla.org/network/protocol;1?name=http"].getService(
+    Ci.nsIHttpProtocolHandler
+  );
+  return httphandler.userAgent;
+}
+
+function setUA(value) {
+  Services.prefs.setCharPref("general.useragent.override", value);
+}
+
+function getDateString(yearDelta) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    (d.getUTCFullYear() + yearDelta) +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_bug770243.js b/netwerk/test/unit/test_bug770243.js
new file mode 100644
index 0000000000..60aa6a07bb
--- /dev/null
+++ b/netwerk/test/unit/test_bug770243.js
@@ -0,0 +1,246 @@
+/* this test does the following:
+ Always requests the same resource, while for each request getting:
+ 1. 200 + ETag: "one"
+ 2. 401 followed by 200 + ETag: "two"
+ 3. 401 followed by 304
+ 4. 407 followed by 200 + ETag: "three"
+ 5. 407 followed by 304
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserv;
+
+function addCreds(scheme, host) {
+  var authMgr = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
+    Ci.nsIHttpAuthManager
+  );
+  authMgr.setAuthIdentity(
+    scheme,
+    host,
+    httpserv.identity.primaryPort,
+    "basic",
+    "secret",
+    "/",
+    "",
+    "user",
+    "pass"
+  );
+}
+
+function clearCreds() {
+  var authMgr = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
+    Ci.nsIHttpAuthManager
+  );
+  authMgr.clearAll();
+}
+
+function makeChan() {
+  return NetUtil.newChannel({
+    uri: "http://localhost:" + httpserv.identity.primaryPort + "/",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+// Array of handlers that are called one by one in response to expected requests
+
+var handlers = [
+  // Test 1
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), false);
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("ETag", '"one"', false);
+    response.setHeader("Cache-control", "no-cache", false);
+    response.setHeader("Content-type", "text/plain", false);
+    var body = "Response body 1";
+    response.bodyOutputStream.write(body, body.length);
+  },
+
+  // Test 2
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), false);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"one"');
+    response.setStatusLine(metadata.httpVersion, 401, "Authenticate");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+    addCreds("http", "localhost");
+  },
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), true);
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("ETag", '"two"', false);
+    response.setHeader("Cache-control", "no-cache", false);
+    response.setHeader("Content-type", "text/plain", false);
+    var body = "Response body 2";
+    response.bodyOutputStream.write(body, body.length);
+    clearCreds();
+  },
+
+  // Test 3
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), false);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"two"');
+    response.setStatusLine(metadata.httpVersion, 401, "Authenticate");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+    addCreds("http", "localhost");
+  },
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), true);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"two"');
+    response.setStatusLine(metadata.httpVersion, 304, "OK");
+    response.setHeader("ETag", '"two"', false);
+    clearCreds();
+  },
+
+  // Test 4
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Authorization"), false);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"two"');
+    response.setStatusLine(metadata.httpVersion, 407, "Proxy Authenticate");
+    response.setHeader("Proxy-Authenticate", 'Basic realm="secret"', false);
+    addCreds("http", "localhost");
+  },
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Proxy-Authorization"), true);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"two"');
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("ETag", '"three"', false);
+    response.setHeader("Cache-control", "no-cache", false);
+    response.setHeader("Content-type", "text/plain", false);
+    var body = "Response body 3";
+    response.bodyOutputStream.write(body, body.length);
+    clearCreds();
+  },
+
+  // Test 5
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Proxy-Authorization"), false);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"three"');
+    response.setStatusLine(metadata.httpVersion, 407, "Proxy Authenticate");
+    response.setHeader("Proxy-Authenticate", 'Basic realm="secret"', false);
+    addCreds("http", "localhost");
+  },
+  function (metadata, response) {
+    Assert.equal(metadata.hasHeader("Proxy-Authorization"), true);
+    Assert.equal(metadata.getHeader("If-None-Match"), '"three"');
+    response.setStatusLine(metadata.httpVersion, 304, "OK");
+    response.setHeader("ETag", '"three"', false);
+    response.setHeader("Cache-control", "no-cache", false);
+    clearCreds();
+  },
+];
+
+function handler(metadata, response) {
+  handlers.shift()(metadata, response);
+}
+
+// Array of tests to run, self-driven
+
+function sync_and_run_next_test() {
+  syncWithCacheIOThread(function () {
+    tests.shift()();
+  });
+}
+
+var tests = [
+  // Test 1: 200 (cacheable)
+  function () {
+    var ch = makeChan();
+    ch.asyncOpen(
+      new ChannelListener(
+        function (req, body) {
+          Assert.equal(body, "Response body 1");
+          sync_and_run_next_test();
+        },
+        null,
+        CL_NOT_FROM_CACHE
+      )
+    );
+  },
+
+  // Test 2: 401 and 200 + new content
+  function () {
+    var ch = makeChan();
+    ch.asyncOpen(
+      new ChannelListener(
+        function (req, body) {
+          Assert.equal(body, "Response body 2");
+          sync_and_run_next_test();
+        },
+        null,
+        CL_NOT_FROM_CACHE
+      )
+    );
+  },
+
+  // Test 3: 401 and 304
+  function () {
+    var ch = makeChan();
+    ch.asyncOpen(
+      new ChannelListener(
+        function (req, body) {
+          Assert.equal(body, "Response body 2");
+          sync_and_run_next_test();
+        },
+        null,
+        CL_FROM_CACHE
+      )
+    );
+  },
+
+  // Test 4: 407 and 200 + new content
+  function () {
+    var ch = makeChan();
+    ch.asyncOpen(
+      new ChannelListener(
+        function (req, body) {
+          Assert.equal(body, "Response body 3");
+          sync_and_run_next_test();
+        },
+        null,
+        CL_NOT_FROM_CACHE
+      )
+    );
+  },
+
+  // Test 5: 407 and 304
+  function () {
+    var ch = makeChan();
+    ch.asyncOpen(
+      new ChannelListener(
+        function (req, body) {
+          Assert.equal(body, "Response body 3");
+          sync_and_run_next_test();
+        },
+        null,
+        CL_FROM_CACHE
+      )
+    );
+  },
+
+  // End of test run
+  function () {
+    httpserv.stop(do_test_finished);
+  },
+];
+
+function run_test() {
+  do_get_profile();
+
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/", handler);
+  httpserv.start(-1);
+
+  const prefs = Services.prefs;
+  prefs.setCharPref("network.proxy.http", "localhost");
+  prefs.setIntPref("network.proxy.http_port", httpserv.identity.primaryPort);
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+  prefs.setIntPref("network.proxy.type", 1);
+  prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  tests.shift()();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug812167.js b/netwerk/test/unit/test_bug812167.js
new file mode 100644
index 0000000000..8f4d1310a0
--- /dev/null
+++ b/netwerk/test/unit/test_bug812167.js
@@ -0,0 +1,143 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+/*
+- get 302 with Cache-control: no-store
+- check cache entry for the 302 response is cached only in memory device
+- get 302 with Expires: -1
+- check cache entry for the 302 response is not cached at all
+*/
+
+var httpserver = null;
+// Need to randomize, because apparently no one clears our cache
+var randomPath1 = "/redirect-no-store/" + Math.random();
+
+ChromeUtils.defineLazyGetter(this, "randomURI1", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort + randomPath1;
+});
+
+var randomPath2 = "/redirect-expires-past/" + Math.random();
+
+ChromeUtils.defineLazyGetter(this, "randomURI2", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort + randomPath2;
+});
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const responseBody = "response body";
+
+var redirectHandler_NoStore_calls = 0;
+function redirectHandler_NoStore(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader(
+    "Location",
+    "http://localhost:" + httpserver.identity.primaryPort + "/content",
+    false
+  );
+  response.setHeader("Cache-control", "no-store");
+  ++redirectHandler_NoStore_calls;
+}
+
+var redirectHandler_ExpiresInPast_calls = 0;
+function redirectHandler_ExpiresInPast(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 302, "Found");
+  response.setHeader(
+    "Location",
+    "http://localhost:" + httpserver.identity.primaryPort + "/content",
+    false
+  );
+  response.setHeader("Expires", "-1");
+  ++redirectHandler_ExpiresInPast_calls;
+}
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function check_response(
+  path,
+  request,
+  buffer,
+  expectedExpiration,
+  continuation
+) {
+  Assert.equal(buffer, responseBody);
+
+  // Entry is always there, old cache wrapping code does session->SetDoomEntriesIfExpired(false),
+  // just check it's not persisted or is expired (dep on the test).
+  asyncOpenCacheEntry(
+    path,
+    "disk",
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    function (status, entry) {
+      Assert.equal(status, 0);
+
+      // Expired entry is on disk, no-store entry is in memory
+      Assert.equal(entry.persistent, expectedExpiration);
+
+      // Do the request again and check the server handler is called appropriately
+      var chan = make_channel(path);
+      chan.asyncOpen(
+        new ChannelListener(function (request1, buffer1) {
+          Assert.equal(buffer1, responseBody);
+
+          if (expectedExpiration) {
+            // Handler had to be called second time
+            Assert.equal(redirectHandler_ExpiresInPast_calls, 2);
+          } else {
+            // Handler had to be called second time (no-store forces validate),
+            // and we are just in memory
+            Assert.equal(redirectHandler_NoStore_calls, 2);
+            Assert.ok(!entry.persistent);
+          }
+
+          continuation();
+        }, null)
+      );
+    }
+  );
+}
+
+function run_test_no_store() {
+  var chan = make_channel(randomURI1);
+  chan.asyncOpen(
+    new ChannelListener(function (request, buffer) {
+      // Cache-control: no-store response should only be found in the memory cache.
+      check_response(randomURI1, request, buffer, false, run_test_expires_past);
+    }, null)
+  );
+}
+
+function run_test_expires_past() {
+  var chan = make_channel(randomURI2);
+  chan.asyncOpen(
+    new ChannelListener(function (request, buffer) {
+      // Expires: -1 response should not be found in any cache.
+      check_response(randomURI2, request, buffer, true, finish_test);
+    }, null)
+  );
+}
+
+function finish_test() {
+  httpserver.stop(do_test_finished);
+}
+
+function run_test() {
+  do_get_profile();
+
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler(randomPath1, redirectHandler_NoStore);
+  httpserver.registerPathHandler(randomPath2, redirectHandler_ExpiresInPast);
+  httpserver.registerPathHandler("/content", contentHandler);
+  httpserver.start(-1);
+
+  run_test_no_store();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug826063.js b/netwerk/test/unit/test_bug826063.js
new file mode 100644
index 0000000000..3e17df6461
--- /dev/null
+++ b/netwerk/test/unit/test_bug826063.js
@@ -0,0 +1,88 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+/**
+ * Test that nsIPrivateBrowsingChannel.isChannelPrivate yields the correct
+ * result for various combinations of .setPrivate() and nsILoadContexts
+ */
+
+"use strict";
+
+var URIs = ["http://example.org", "https://example.org"];
+
+function* getChannels() {
+  for (let u of URIs) {
+    yield NetUtil.newChannel({
+      uri: u,
+      loadUsingSystemPrincipal: true,
+    });
+  }
+}
+
+function checkPrivate(channel, shouldBePrivate) {
+  Assert.equal(
+    channel.QueryInterface(Ci.nsIPrivateBrowsingChannel).isChannelPrivate,
+    shouldBePrivate
+  );
+}
+
+/**
+ * Default configuration
+ * Default is non-private
+ */
+add_test(function test_plain() {
+  for (let c of getChannels()) {
+    checkPrivate(c, false);
+  }
+  run_next_test();
+});
+
+/**
+ * Explicitly setPrivate(true), no load context
+ */
+add_test(function test_setPrivate_private() {
+  for (let c of getChannels()) {
+    c.QueryInterface(Ci.nsIPrivateBrowsingChannel).setPrivate(true);
+    checkPrivate(c, true);
+  }
+  run_next_test();
+});
+
+/**
+ * Explicitly setPrivate(false), no load context
+ */
+add_test(function test_setPrivate_regular() {
+  for (let c of getChannels()) {
+    c.QueryInterface(Ci.nsIPrivateBrowsingChannel).setPrivate(false);
+    checkPrivate(c, false);
+  }
+  run_next_test();
+});
+
+/**
+ * Load context mandates private mode
+ */
+add_test(function test_LoadContextPrivate() {
+  let ctx = Cu.createPrivateLoadContext();
+  for (let c of getChannels()) {
+    c.notificationCallbacks = ctx;
+    checkPrivate(c, true);
+  }
+  run_next_test();
+});
+
+/**
+ * Load context mandates regular mode
+ */
+add_test(function test_LoadContextRegular() {
+  let ctx = Cu.createLoadContext();
+  for (let c of getChannels()) {
+    c.notificationCallbacks = ctx;
+    checkPrivate(c, false);
+  }
+  run_next_test();
+});
+
+// Do not test simultanous uses of .setPrivate and load context.
+// There is little merit in doing so, and combining both will assert in
+// Debug builds anyway.
diff --git a/netwerk/test/unit/test_bug856978.js b/netwerk/test/unit/test_bug856978.js
new file mode 100644
index 0000000000..607b392473
--- /dev/null
+++ b/netwerk/test/unit/test_bug856978.js
@@ -0,0 +1,138 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This test makes sure that the authorization header can get deleted e.g. by
+// extensions if they are observing "http-on-modify-request". In a first step
+// the auth cache is filled with credentials which then get added to the
+// following request. On "http-on-modify-request" it is tested whether the
+// authorization header got added at all and if so it gets removed. This test
+// passes iff both succeeds.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var notification = "http-on-modify-request";
+
+var httpServer = null;
+
+var authCredentials = "guest:guest";
+var authPath = "/authTest";
+var authCredsURL = "http://" + authCredentials + "@localhost:8888" + authPath;
+var authURL = "http://localhost:8888" + authPath;
+
+function authHandler(metadata, response) {
+  if (metadata.hasHeader("Test")) {
+    // Lets see if the auth header got deleted.
+    var noAuthHeader = false;
+    if (!metadata.hasHeader("Authorization")) {
+      noAuthHeader = true;
+    }
+    Assert.ok(noAuthHeader);
+  }
+  // Not our test request yet.
+  else if (!metadata.hasHeader("Authorization")) {
+    response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
+    response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
+  }
+}
+
+function RequestObserver() {
+  this.register();
+}
+
+RequestObserver.prototype = {
+  register() {
+    info("Registering " + notification);
+    Services.obs.addObserver(this, notification, true);
+  },
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIObserver",
+    "nsISupportsWeakReference",
+  ]),
+
+  observe(subject, topic, data) {
+    if (topic == notification) {
+      if (!(subject instanceof Ci.nsIHttpChannel)) {
+        do_throw(notification + " observed a non-HTTP channel.");
+      }
+      try {
+        subject.getRequestHeader("Authorization");
+      } catch (e) {
+        // Throw if there is no header to delete. We should get one iff caching
+        // the auth credentials is working and the header gets added _before_
+        // "http-on-modify-request" gets called.
+        httpServer.stop(do_test_finished);
+        do_throw("No authorization header found, aborting!");
+      }
+      // We are still here. Let's remove the authorization header now.
+      subject.setRequestHeader("Authorization", null, false);
+    }
+  },
+};
+
+var listener = {
+  onStartRequest: function test_onStartR(request) {},
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    if (current_test < tests.length - 1) {
+      current_test++;
+      tests[current_test]();
+    } else {
+      do_test_pending();
+      httpServer.stop(do_test_finished);
+    }
+    do_test_finished();
+  },
+};
+
+function makeChan(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var tests = [startAuthHeaderTest, removeAuthHeaderTest];
+
+var current_test = 0;
+
+// Must create a RequestObserver for the test to pass, we keep it in memory
+// to avoid garbage collection.
+// eslint-disable-next-line no-unused-vars
+var requestObserver = null;
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler(authPath, authHandler);
+  httpServer.start(8888);
+
+  tests[0]();
+}
+
+function startAuthHeaderTest() {
+  var chan = makeChan(authCredsURL);
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function removeAuthHeaderTest() {
+  // After caching the auth credentials in the first test, lets try to remove
+  // the authorization header now...
+  requestObserver = new RequestObserver();
+  var chan = makeChan(authURL);
+  // Indicating that the request is coming from the second test.
+  chan.setRequestHeader("Test", "1", false);
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_bug894586.js b/netwerk/test/unit/test_bug894586.js
new file mode 100644
index 0000000000..bc25731d36
--- /dev/null
+++ b/netwerk/test/unit/test_bug894586.js
@@ -0,0 +1,135 @@
+/*
+ * Tests for bug 894586: nsSyncLoadService::PushSyncStreamToListener
+ * should not fail for channels of unknown size
+ */
+
+"use strict";
+
+var contentSecManager = Cc["@mozilla.org/contentsecuritymanager;1"].getService(
+  Ci.nsIContentSecurityManager
+);
+
+function ProtocolHandler() {
+  this.uri = Cc["@mozilla.org/network/simple-uri-mutator;1"]
+    .createInstance(Ci.nsIURIMutator)
+    .setSpec(this.scheme + ":dummy")
+    .finalize();
+}
+
+ProtocolHandler.prototype = {
+  /** nsIProtocolHandler */
+  get scheme() {
+    return "x-bug894586";
+  },
+  newChannel(aURI, aLoadInfo) {
+    this.loadInfo = aLoadInfo;
+    return this;
+  },
+  allowPort(port, scheme) {
+    return port != -1;
+  },
+
+  /** nsIChannel */
+  get originalURI() {
+    return this.uri;
+  },
+  get URI() {
+    return this.uri;
+  },
+  owner: null,
+  notificationCallbacks: null,
+  get securityInfo() {
+    return null;
+  },
+  get contentType() {
+    return "text/css";
+  },
+  set contentType(val) {},
+  contentCharset: "UTF-8",
+  get contentLength() {
+    return -1;
+  },
+  set contentLength(val) {
+    throw Components.Exception(
+      "Setting content length",
+      Cr.NS_ERROR_NOT_IMPLEMENTED
+    );
+  },
+  open() {
+    // throws an error if security checks fail
+    contentSecManager.performSecurityCheck(this, null);
+
+    var file = do_get_file("test_bug894586.js", false);
+    Assert.ok(file.exists());
+    var url = Services.io.newFileURI(file);
+    return NetUtil.newChannel({
+      uri: url,
+      loadUsingSystemPrincipal: true,
+    }).open();
+  },
+  asyncOpen(aListener, aContext) {
+    throw Components.Exception("Not implemented", Cr.NS_ERROR_NOT_IMPLEMENTED);
+  },
+  contentDisposition: Ci.nsIChannel.DISPOSITION_INLINE,
+  get contentDispositionFilename() {
+    throw Components.Exception("No file name", Cr.NS_ERROR_NOT_AVAILABLE);
+  },
+  get contentDispositionHeader() {
+    throw Components.Exception("No header", Cr.NS_ERROR_NOT_AVAILABLE);
+  },
+
+  /** nsIRequest */
+  get name() {
+    return this.uri.spec;
+  },
+  isPending: () => false,
+  get status() {
+    return Cr.NS_OK;
+  },
+  cancel(status) {},
+  loadGroup: null,
+  loadFlags:
+    Ci.nsIRequest.LOAD_NORMAL |
+    Ci.nsIRequest.INHIBIT_CACHING |
+    Ci.nsIRequest.LOAD_BYPASS_CACHE,
+
+  /** nsISupports */
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIProtocolHandler",
+    "nsIRequest",
+    "nsIChannel",
+  ]),
+};
+
+/**
+ * Attempt a sync load; we use the stylesheet service to do this for us,
+ * based on the knowledge that it forces a sync load under the hood.
+ */
+function run_test() {
+  var handler = new ProtocolHandler();
+
+  Services.io.registerProtocolHandler(
+    handler.scheme,
+    handler,
+    Ci.nsIProtocolHandler.URI_NORELATIVE |
+      Ci.nsIProtocolHandler.URI_NOAUTH |
+      Ci.nsIProtocolHandler.URI_IS_UI_RESOURCE |
+      Ci.nsIProtocolHandler.URI_IS_LOCAL_RESOURCE |
+      Ci.nsIProtocolHandler.URI_NON_PERSISTABLE |
+      Ci.nsIProtocolHandler.URI_SYNC_LOAD_IS_OK,
+    -1
+  );
+  try {
+    var ss = Cc["@mozilla.org/content/style-sheet-service;1"].getService(
+      Ci.nsIStyleSheetService
+    );
+    ss.loadAndRegisterSheet(handler.uri, Ci.nsIStyleSheetService.AGENT_SHEET);
+    Assert.ok(
+      ss.sheetRegistered(handler.uri, Ci.nsIStyleSheetService.AGENT_SHEET)
+    );
+  } finally {
+    Services.io.unregisterProtocolHandler(handler.scheme);
+  }
+}
+
+// vim: set et ts=2 :
diff --git a/netwerk/test/unit/test_bug935499.js b/netwerk/test/unit/test_bug935499.js
new file mode 100644
index 0000000000..2da8168d2d
--- /dev/null
+++ b/netwerk/test/unit/test_bug935499.js
@@ -0,0 +1,10 @@
+"use strict";
+
+function run_test() {
+  var idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+
+  var isASCII = {};
+  Assert.equal(idnService.convertToDisplayIDN("xn--", isASCII), "xn--");
+}
diff --git a/netwerk/test/unit/test_cache-control_request.js b/netwerk/test/unit/test_cache-control_request.js
new file mode 100644
index 0000000000..f0873cba24
--- /dev/null
+++ b/netwerk/test/unit/test_cache-control_request.js
@@ -0,0 +1,448 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+httpserver.start(-1);
+var cache = null;
+
+var base_url = "http://localhost:" + httpserver.identity.primaryPort;
+var resource_age_100 = "/resource_age_100";
+var resource_age_100_url = base_url + resource_age_100;
+var resource_stale_100 = "/resource_stale_100";
+var resource_stale_100_url = base_url + resource_stale_100;
+var resource_fresh_100 = "/resource_fresh_100";
+var resource_fresh_100_url = base_url + resource_fresh_100;
+
+// Test flags
+var hit_server = false;
+
+function make_channel(url, cache_control) {
+  // Reset test global status
+  hit_server = false;
+
+  var req = NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+  req.QueryInterface(Ci.nsIHttpChannel);
+  if (cache_control) {
+    req.setRequestHeader("Cache-control", cache_control, false);
+  }
+
+  return req;
+}
+
+function make_uri(url) {
+  return Services.io.newURI(url);
+}
+
+function resource_age_100_handler(metadata, response) {
+  hit_server = true;
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Age", "100", false);
+  response.setHeader("Last-Modified", date_string_from_now(-100), false);
+  response.setHeader("Expires", date_string_from_now(+9999), false);
+
+  const body = "data1";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function resource_stale_100_handler(metadata, response) {
+  hit_server = true;
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Date", date_string_from_now(-200), false);
+  response.setHeader("Last-Modified", date_string_from_now(-200), false);
+  response.setHeader("Cache-Control", "max-age=100", false);
+  response.setHeader("Expires", date_string_from_now(-100), false);
+
+  const body = "data2";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function resource_fresh_100_handler(metadata, response) {
+  hit_server = true;
+
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Last-Modified", date_string_from_now(0), false);
+  response.setHeader("Cache-Control", "max-age=100", false);
+  response.setHeader("Expires", date_string_from_now(+100), false);
+
+  const body = "data3";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function run_test() {
+  do_get_profile();
+
+  do_test_pending();
+
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpserver.registerPathHandler(resource_age_100, resource_age_100_handler);
+  httpserver.registerPathHandler(
+    resource_stale_100,
+    resource_stale_100_handler
+  );
+  httpserver.registerPathHandler(
+    resource_fresh_100,
+    resource_fresh_100_handler
+  );
+  cache = getCacheStorage("disk");
+
+  wait_for_cache_index(run_next_test);
+}
+
+// Here starts the list of tests
+
+// ============================================================================
+// Cache-Control: no-store
+
+add_test(() => {
+  // Must not create a cache entry
+  var ch = make_channel(resource_age_100_url, "no-store");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(!cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Prepare state only, cache the entry
+  var ch = make_channel(resource_age_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Check the prepared cache entry is used when no special directives are added
+  var ch = make_channel(resource_age_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Try again, while we already keep a cache entry,
+  // the channel must not use it, entry should stay in the cache
+  var ch = make_channel(resource_age_100_url, "no-store");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Cache-Control: no-cache
+
+add_test(() => {
+  // Check the prepared cache entry is used when no special directives are added
+  var ch = make_channel(resource_age_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The existing entry should be revalidated (we expect a server hit)
+  var ch = make_channel(resource_age_100_url, "no-cache");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Cache-Control: max-age
+
+add_test(() => {
+  // Check the prepared cache entry is used when no special directives are added
+  var ch = make_channel(resource_age_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The existing entry's age is greater than the maximum requested,
+  // should hit server
+  var ch = make_channel(resource_age_100_url, "max-age=10");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The existing entry's age is greater than the maximum requested,
+  // but the max-stale directive says to use it when it's fresh enough
+  var ch = make_channel(resource_age_100_url, "max-age=10, max-stale=99999");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The existing entry's age is lesser than the maximum requested,
+  // should go from cache
+  var ch = make_channel(resource_age_100_url, "max-age=1000");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_age_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Cache-Control: max-stale
+
+add_test(() => {
+  // Preprate the entry first
+  var ch = make_channel(resource_stale_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_stale_100_url), ""));
+
+      // Must shift the expiration time set on the entry to |now| be in the past
+      do_timeout(1500, run_next_test);
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Check it's not reused (as it's stale) when no special directives
+  // are provided
+  var ch = make_channel(resource_stale_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_stale_100_url), ""));
+
+      do_timeout(1500, run_next_test);
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Accept cached responses of any stale time
+  var ch = make_channel(resource_stale_100_url, "max-stale");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_stale_100_url), ""));
+
+      do_timeout(1500, run_next_test);
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The entry is stale only by 100 seconds, accept it
+  var ch = make_channel(resource_stale_100_url, "max-stale=1000");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_stale_100_url), ""));
+
+      do_timeout(1500, run_next_test);
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The entry is stale by 100 seconds but we only accept a 10 seconds stale
+  // entry, go from server
+  var ch = make_channel(resource_stale_100_url, "max-stale=10");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_stale_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Cache-Control: min-fresh
+
+add_test(() => {
+  // Preprate the entry first
+  var ch = make_channel(resource_fresh_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Check it's reused when no special directives are provided
+  var ch = make_channel(resource_fresh_100_url);
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // Entry fresh enough to be served from the cache
+  var ch = make_channel(resource_fresh_100_url, "min-fresh=10");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(!hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  // The entry is not fresh enough
+  var ch = make_channel(resource_fresh_100_url, "min-fresh=1000");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Parser test, if the Cache-Control header would not parse correctly, the entry
+// doesn't load from the server.
+
+add_test(() => {
+  var ch = make_channel(
+    resource_fresh_100_url,
+    'unknown1,unknown2 = "a,b",  min-fresh = 1000 '
+  );
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+add_test(() => {
+  var ch = make_channel(resource_fresh_100_url, "no-cache = , min-fresh = 10");
+  ch.asyncOpen(
+    new ChannelListener(function (request, data) {
+      Assert.ok(hit_server);
+      Assert.ok(cache.exists(make_uri(resource_fresh_100_url), ""));
+
+      run_next_test();
+    }, null)
+  );
+});
+
+// ============================================================================
+// Done
+
+add_test(() => {
+  run_next_test();
+  httpserver.stop(do_test_finished);
+});
+
+// ============================================================================
+// Helpers
+
+function date_string_from_now(delta_secs) {
+  var months = [
+    "Jan",
+    "Feb",
+    "Mar",
+    "Apr",
+    "May",
+    "Jun",
+    "Jul",
+    "Aug",
+    "Sep",
+    "Oct",
+    "Nov",
+    "Dec",
+  ];
+  var days = ["Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"];
+
+  var d = new Date();
+  d.setTime(d.getTime() + delta_secs * 1000);
+  return (
+    days[d.getUTCDay()] +
+    ", " +
+    d.getUTCDate() +
+    " " +
+    months[d.getUTCMonth()] +
+    " " +
+    d.getUTCFullYear() +
+    " " +
+    d.getUTCHours() +
+    ":" +
+    d.getUTCMinutes() +
+    ":" +
+    d.getUTCSeconds() +
+    " UTC"
+  );
+}
diff --git a/netwerk/test/unit/test_cache-entry-id.js b/netwerk/test/unit/test_cache-entry-id.js
new file mode 100644
index 0000000000..f0011de47f
--- /dev/null
+++ b/netwerk/test/unit/test_cache-entry-id.js
@@ -0,0 +1,220 @@
+/**
+ * Test for the "CacheEntryId" under several cases.
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort + "/content";
+});
+
+var httpServer = null;
+
+const responseContent = "response body";
+const responseContent2 = "response body 2";
+const altContent = "!@#$%^&*()";
+const altContentType = "text/binary";
+
+function isParentProcess() {
+  let appInfo = Cc["@mozilla.org/xre/app-info;1"];
+  return (
+    !appInfo ||
+    Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT
+  );
+}
+
+var handlers = [
+  (m, r) => {
+    r.bodyOutputStream.write(responseContent, responseContent.length);
+  },
+  (m, r) => {
+    r.setStatusLine(m.httpVersion, 304, "Not Modified");
+  },
+  (m, r) => {
+    r.setStatusLine(m.httpVersion, 304, "Not Modified");
+  },
+  (m, r) => {
+    r.setStatusLine(m.httpVersion, 304, "Not Modified");
+  },
+  (m, r) => {
+    r.setStatusLine(m.httpVersion, 304, "Not Modified");
+  },
+  (m, r) => {
+    r.bodyOutputStream.write(responseContent2, responseContent2.length);
+  },
+  (m, r) => {
+    r.setStatusLine(m.httpVersion, 304, "Not Modified");
+  },
+];
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("Cache-Control", "no-cache");
+
+  var handler = handlers.shift();
+  if (handler) {
+    handler(metadata, response);
+    return;
+  }
+
+  Assert.ok(false, "Should not reach here.");
+}
+
+function fetch(preferredDataType = null) {
+  return new Promise(resolve => {
+    var chan = NetUtil.newChannel({ uri: URL, loadUsingSystemPrincipal: true });
+
+    if (preferredDataType) {
+      var cc = chan.QueryInterface(Ci.nsICacheInfoChannel);
+      cc.preferAlternativeDataType(
+        altContentType,
+        "",
+        Ci.nsICacheInfoChannel.ASYNC
+      );
+    }
+
+    chan.asyncOpen(
+      new ChannelListener((request, buffer, ctx, isFromCache, cacheEntryId) => {
+        resolve({ request, buffer, isFromCache, cacheEntryId });
+      }, null)
+    );
+  });
+}
+
+function check(
+  response,
+  content,
+  preferredDataType,
+  isFromCache,
+  cacheEntryIdChecker
+) {
+  var cc = response.request.QueryInterface(Ci.nsICacheInfoChannel);
+
+  Assert.equal(response.buffer, content);
+  Assert.equal(cc.alternativeDataType, preferredDataType);
+  Assert.equal(response.isFromCache, isFromCache);
+  Assert.ok(!cacheEntryIdChecker || cacheEntryIdChecker(response.cacheEntryId));
+
+  return response;
+}
+
+function writeAltData(request) {
+  var cc = request.QueryInterface(Ci.nsICacheInfoChannel);
+  var os = cc.openAlternativeOutputStream(altContentType, altContent.length);
+  os.write(altContent, altContent.length);
+  os.close();
+  gc(); // We need to do a GC pass to ensure the cache entry has been freed.
+
+  return new Promise(resolve => {
+    if (isParentProcess()) {
+      Services.cache2.QueryInterface(Ci.nsICacheTesting).flush(resolve);
+    } else {
+      do_send_remote_message("flush");
+      do_await_remote_message("flushed").then(resolve);
+    }
+  });
+}
+
+function run_test() {
+  do_get_profile();
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+  do_test_pending();
+
+  var targetCacheEntryId = null;
+
+  return (
+    Promise.resolve()
+      // Setup testing environment: Placing alternative data into HTTP cache.
+      .then(_ => fetch(altContentType))
+      .then(r =>
+        check(
+          r,
+          responseContent,
+          "",
+          false,
+          cacheEntryId => cacheEntryId === undefined
+        )
+      )
+      .then(r => writeAltData(r.request))
+
+      // Start testing.
+      .then(_ => fetch(altContentType))
+      .then(r =>
+        check(
+          r,
+          altContent,
+          altContentType,
+          true,
+          cacheEntryId => cacheEntryId !== undefined
+        )
+      )
+      .then(r => (targetCacheEntryId = r.cacheEntryId))
+
+      .then(_ => fetch())
+      .then(r =>
+        check(
+          r,
+          responseContent,
+          "",
+          true,
+          cacheEntryId => cacheEntryId === targetCacheEntryId
+        )
+      )
+
+      .then(_ => fetch(altContentType))
+      .then(r =>
+        check(
+          r,
+          altContent,
+          altContentType,
+          true,
+          cacheEntryId => cacheEntryId === targetCacheEntryId
+        )
+      )
+
+      .then(_ => fetch())
+      .then(r =>
+        check(
+          r,
+          responseContent,
+          "",
+          true,
+          cacheEntryId => cacheEntryId === targetCacheEntryId
+        )
+      )
+
+      .then(_ => fetch()) // The response is changed here.
+      .then(r =>
+        check(
+          r,
+          responseContent2,
+          "",
+          false,
+          cacheEntryId => cacheEntryId === undefined
+        )
+      )
+
+      .then(_ => fetch())
+      .then(r =>
+        check(
+          r,
+          responseContent2,
+          "",
+          true,
+          cacheEntryId =>
+            cacheEntryId !== undefined && cacheEntryId !== targetCacheEntryId
+        )
+      )
+
+      // Tear down.
+      .catch(e => Assert.ok(false, "Unexpected exception: " + e))
+      .then(_ => Assert.equal(handlers.length, 0))
+      .then(_ => httpServer.stop(do_test_finished))
+  );
+}
diff --git a/netwerk/test/unit/test_cache2-00-service-get.js b/netwerk/test/unit/test_cache2-00-service-get.js
new file mode 100644
index 0000000000..0d348a81de
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-00-service-get.js
@@ -0,0 +1,15 @@
+"use strict";
+
+function run_test() {
+  // Just check the contract ID alias works well.
+  try {
+    var serviceA = Services.cache2;
+    Assert.ok(serviceA);
+    var serviceB = Services.cache2;
+    Assert.ok(serviceB);
+
+    Assert.equal(serviceA, serviceB);
+  } catch (ex) {
+    do_throw("Cannot instantiate cache storage service: " + ex);
+  }
+}
diff --git a/netwerk/test/unit/test_cache2-01-basic.js b/netwerk/test/unit/test_cache2-01-basic.js
new file mode 100644
index 0000000000..6b02bd0d91
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01-basic.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      // Open for read and check
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          // Open for rewrite (truncate), write different meta and data
+          asyncOpenCacheEntry(
+            "http://a/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_TRUNCATE,
+            null,
+            new OpenCallback(NEW, "a2m", "a2d", function () {
+              // Open for read and check
+              asyncOpenCacheEntry(
+                "http://a/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "a2m", "a2d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01a-basic-readonly.js b/netwerk/test/unit/test_cache2-01a-basic-readonly.js
new file mode 100644
index 0000000000..2988651c61
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01a-basic-readonly.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://ro/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      // Open for read and check
+      asyncOpenCacheEntry(
+        "http://ro/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_READONLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          // Open for rewrite (truncate), write different meta and data
+          asyncOpenCacheEntry(
+            "http://ro/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_TRUNCATE,
+            null,
+            new OpenCallback(NEW, "a2m", "a2d", function () {
+              // Open for read and check
+              asyncOpenCacheEntry(
+                "http://ro/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_READONLY,
+                null,
+                new OpenCallback(NORMAL, "a2m", "a2d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01b-basic-datasize.js b/netwerk/test/unit/test_cache2-01b-basic-datasize.js
new file mode 100644
index 0000000000..56b3b8d5f2
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01b-basic-datasize.js
@@ -0,0 +1,51 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | WAITFORWRITE, "a1m", "a1d", function (entry1) {
+      // Open for read and check
+      Assert.equal(entry1.dataSize, 3);
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function (entry2) {
+          // Open for rewrite (truncate), write different meta and data
+          Assert.equal(entry2.dataSize, 3);
+          asyncOpenCacheEntry(
+            "http://a/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_TRUNCATE,
+            null,
+            new OpenCallback(NEW | WAITFORWRITE, "a2m", "a2d", function (
+              entry3
+            ) {
+              // Open for read and check
+              Assert.equal(entry3.dataSize, 3);
+              asyncOpenCacheEntry(
+                "http://a/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "a2m", "a2d", function (entry4) {
+                  Assert.equal(entry4.dataSize, 3);
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01c-basic-hasmeta-only.js b/netwerk/test/unit/test_cache2-01c-basic-hasmeta-only.js
new file mode 100644
index 0000000000..33adb6206c
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01c-basic-hasmeta-only.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://mt/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | METAONLY, "a1m", "a1d", function () {
+      // Open for read and check
+      asyncOpenCacheEntry(
+        "http://mt/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "", function () {
+          // Open for rewrite (truncate), write different meta and data
+          asyncOpenCacheEntry(
+            "http://mt/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_TRUNCATE,
+            null,
+            new OpenCallback(NEW, "a2m", "a2d", function () {
+              // Open for read and check
+              asyncOpenCacheEntry(
+                "http://mt/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "a2m", "a2d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01d-basic-not-wanted.js b/netwerk/test/unit/test_cache2-01d-basic-not-wanted.js
new file mode 100644
index 0000000000..9d2b3f8458
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01d-basic-not-wanted.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      // Open for read and check
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          // Open but don't want the entry
+          asyncOpenCacheEntry(
+            "http://a/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NOTWANTED, "a1m", "a1d", function () {
+              // Open for read again and check the entry is OK
+              asyncOpenCacheEntry(
+                "http://a/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "a1m", "a1d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01e-basic-bypass-if-busy.js b/netwerk/test/unit/test_cache2-01e-basic-bypass-if-busy.js
new file mode 100644
index 0000000000..e77e7afdfc
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01e-basic-bypass-if-busy.js
@@ -0,0 +1,39 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, delay the actual write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | DONTFILL, "a1m", "a1d", function () {
+      var bypassed = false;
+
+      // Open and bypass
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_BYPASS_IF_BUSY,
+        null,
+        new OpenCallback(NOTFOUND, "", "", function () {
+          Assert.ok(!bypassed);
+          bypassed = true;
+        })
+      );
+
+      // do_execute_soon for two reasons:
+      // 1. we want finish_cache2_test call for sure after do_test_pending, but all the callbacks here
+      //    may invoke synchronously
+      // 2. precaution when the OPEN_BYPASS_IF_BUSY invocation become a post one day
+      executeSoon(function () {
+        Assert.ok(bypassed);
+        finish_cache2_test();
+      });
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-01f-basic-openTruncate.js b/netwerk/test/unit/test_cache2-01f-basic-openTruncate.js
new file mode 100644
index 0000000000..9d514f7cc7
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-01f-basic-openTruncate.js
@@ -0,0 +1,24 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var storage = getCacheStorage("disk");
+  var entry = storage.openTruncate(createURI("http://new1/"), "");
+  Assert.ok(!!entry);
+
+  // Fill the entry, and when done, check it's content
+  new OpenCallback(NEW, "meta", "data", function () {
+    asyncOpenCacheEntry(
+      "http://new1/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      new OpenCallback(NORMAL, "meta", "data", function () {
+        finish_cache2_test();
+      })
+    );
+  }).onCacheEntryAvailable(entry, true, 0);
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-02-open-non-existing.js b/netwerk/test/unit/test_cache2-02-open-non-existing.js
new file mode 100644
index 0000000000..2ee0efa687
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-02-open-non-existing.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open non-existing for read, should fail
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    new OpenCallback(NOTFOUND, null, null, function () {
+      // Open the same non-existing for read again, should fail second time
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_READONLY,
+        null,
+        new OpenCallback(NOTFOUND, null, null, function () {
+          // Try it again normally, should go
+          asyncOpenCacheEntry(
+            "http://b/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NEW, "b1m", "b1d", function () {
+              // ...and check
+              asyncOpenCacheEntry(
+                "http://b/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "b1m", "b1d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-02b-open-non-existing-and-doom.js b/netwerk/test/unit/test_cache2-02b-open-non-existing-and-doom.js
new file mode 100644
index 0000000000..d54aeeb9eb
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-02b-open-non-existing-and-doom.js
@@ -0,0 +1,180 @@
+"use strict";
+
+add_task(async function test() {
+  do_get_profile();
+  do_test_pending();
+
+  await new Promise(resolve => {
+    // Open non-existing for read, should fail
+    asyncOpenCacheEntry(
+      "http://b/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_READONLY,
+      null,
+      new OpenCallback(NOTFOUND, null, null, function (entry) {
+        resolve(entry);
+      })
+    );
+  });
+
+  await new Promise(resolve => {
+    // Open the same non-existing for read again, should fail second time
+    asyncOpenCacheEntry(
+      "http://b/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_READONLY,
+      null,
+      new OpenCallback(NOTFOUND, null, null, function (entry) {
+        resolve(entry);
+      })
+    );
+  });
+
+  await new Promise(resolve => {
+    // Try it again normally, should go
+    asyncOpenCacheEntry(
+      "http://b/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      new OpenCallback(NEW, "b1m", "b1d", function (entry) {
+        resolve(entry);
+      })
+    );
+  });
+
+  await new Promise(resolve => {
+    // ...and check
+    asyncOpenCacheEntry(
+      "http://b/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      new OpenCallback(NORMAL, "b1m", "b1d", function (entry) {
+        resolve(entry);
+      })
+    );
+  });
+
+  Services.prefs.setBoolPref("network.cache.bug1708673", true);
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("network.cache.bug1708673");
+  });
+
+  let asyncDoomVisitor = new Promise(resolve => {
+    let doomTasks = [];
+    let visitor = {
+      onCacheStorageInfo() {},
+      async onCacheEntryInfo(
+        aURI,
+        aIdEnhance,
+        aDataSize,
+        aAltDataSize,
+        aFetchCount,
+        aLastModifiedTime,
+        aExpirationTime,
+        aPinned,
+        aInfo
+      ) {
+        doomTasks.push(
+          new Promise(resolve1 => {
+            Services.cache2
+              .diskCacheStorage(aInfo, false)
+              .asyncDoomURI(aURI, aIdEnhance, {
+                onCacheEntryDoomed() {
+                  info("doomed");
+                  resolve1();
+                },
+              });
+          })
+        );
+      },
+      onCacheEntryVisitCompleted() {
+        Promise.allSettled(doomTasks).then(resolve);
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
+    };
+    Services.cache2.asyncVisitAllStorages(visitor, true);
+  });
+
+  let asyncOpenVisitor = new Promise(resolve => {
+    let openTasks = [];
+    let visitor = {
+      onCacheStorageInfo() {},
+      async onCacheEntryInfo(
+        aURI,
+        aIdEnhance,
+        aDataSize,
+        aAltDataSize,
+        aFetchCount,
+        aLastModifiedTime,
+        aExpirationTime,
+        aPinned,
+        aInfo
+      ) {
+        info(`found ${aURI.spec}`);
+        openTasks.push(
+          new Promise(r2 => {
+            Services.cache2
+              .diskCacheStorage(aInfo, false)
+              .asyncOpenURI(
+                aURI,
+                "",
+                Ci.nsICacheStorage.OPEN_READONLY |
+                  Ci.nsICacheStorage.OPEN_SECRETLY,
+                {
+                  onCacheEntryCheck() {
+                    return Ci.nsICacheEntryOpenCallback.ENTRY_WANTED;
+                  },
+                  onCacheEntryAvailable(entry, isnew, status) {
+                    info("opened");
+                    r2();
+                  },
+                  QueryInterface: ChromeUtils.generateQI([
+                    "nsICacheEntryOpenCallback",
+                  ]),
+                }
+              );
+          })
+        );
+      },
+      onCacheEntryVisitCompleted() {
+        Promise.all(openTasks).then(resolve);
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
+    };
+    Services.cache2.asyncVisitAllStorages(visitor, true);
+  });
+
+  await Promise.all([asyncDoomVisitor, asyncOpenVisitor]);
+
+  info("finished visiting");
+
+  await new Promise(resolve => {
+    let entryCount = 0;
+    let visitor = {
+      onCacheStorageInfo() {},
+      async onCacheEntryInfo(
+        aURI,
+        aIdEnhance,
+        aDataSize,
+        aAltDataSize,
+        aFetchCount,
+        aLastModifiedTime,
+        aExpirationTime,
+        aPinned,
+        aInfo
+      ) {
+        entryCount++;
+      },
+      onCacheEntryVisitCompleted() {
+        Assert.equal(entryCount, 0);
+        resolve();
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsICacheStorageVisitor"]),
+    };
+    Services.cache2.asyncVisitAllStorages(visitor, true);
+  });
+
+  finish_cache2_test();
+});
diff --git a/netwerk/test/unit/test_cache2-03-oncacheentryavail-throws.js b/netwerk/test/unit/test_cache2-03-oncacheentryavail-throws.js
new file mode 100644
index 0000000000..2b1e230b1a
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-03-oncacheentryavail-throws.js
@@ -0,0 +1,36 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open but let OCEA throw
+  asyncOpenCacheEntry(
+    "http://c/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | THROWAVAIL, null, null, function () {
+      // Try it again, should go
+      asyncOpenCacheEntry(
+        "http://c/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NEW, "c1m", "c1d", function () {
+          // ...and check
+          asyncOpenCacheEntry(
+            "http://c/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(false, "c1m", "c1d", function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-04-oncacheentryavail-throws2x.js b/netwerk/test/unit/test_cache2-04-oncacheentryavail-throws2x.js
new file mode 100644
index 0000000000..aea4cfdbf3
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-04-oncacheentryavail-throws2x.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open but let OCEA throw
+  asyncOpenCacheEntry(
+    "http://d/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | THROWAVAIL, null, null, function () {
+      // Open but let OCEA throw ones again
+      asyncOpenCacheEntry(
+        "http://d/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NEW | THROWAVAIL, null, null, function () {
+          // Try it again, should go
+          asyncOpenCacheEntry(
+            "http://d/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NEW, "d1m", "d1d", function () {
+              // ...and check
+              asyncOpenCacheEntry(
+                "http://d/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "d1m", "d1d", function () {
+                  finish_cache2_test();
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-05-visit.js b/netwerk/test/unit/test_cache2-05-visit.js
new file mode 100644
index 0000000000..b4ed3ea26e
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-05-visit.js
@@ -0,0 +1,113 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var storage = getCacheStorage("disk");
+  var mc = new MultipleCallbacks(4, function () {
+    // Method asyncVisitStorage() gets the data from index on Cache I/O thread
+    // with INDEX priority, so it is ensured that index contains information
+    // about all pending writes. However, OpenCallback emulates network latency
+    // by postponing the writes using do_execute_soon. We must do the same here
+    // to make sure that all writes are posted to Cache I/O thread before we
+    // visit the storage.
+    executeSoon(function () {
+      syncWithCacheIOThread(function () {
+        var expectedConsumption = 4096;
+
+        storage.asyncVisitStorage(
+          // Test should store 4 entries
+          new VisitCallback(
+            4,
+            expectedConsumption,
+            ["http://a/", "http://b/", "http://c/", "http://d/"],
+            function () {
+              storage.asyncVisitStorage(
+                // Still 4 entries expected, now don't walk them
+                new VisitCallback(4, expectedConsumption, null, function () {
+                  finish_cache2_test();
+                }),
+                false
+              );
+            }
+          ),
+          true
+        );
+      });
+    });
+  });
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "b1m", "b1d", function () {
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "b1m", "b1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://c/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "c1m", "c1d", function () {
+      asyncOpenCacheEntry(
+        "http://c/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "c1m", "c1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://d/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "d1m", "d1d", function () {
+      asyncOpenCacheEntry(
+        "http://d/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "d1m", "d1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-06-pb-mode.js b/netwerk/test/unit/test_cache2-06-pb-mode.js
new file mode 100644
index 0000000000..ddece34276
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-06-pb-mode.js
@@ -0,0 +1,50 @@
+"use strict";
+
+function exitPB() {
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+}
+
+function run_test() {
+  do_get_profile();
+
+  // Store PB entry
+  asyncOpenCacheEntry(
+    "http://p1/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.private,
+    new OpenCallback(NEW, "p1m", "p1d", function () {
+      asyncOpenCacheEntry(
+        "http://p1/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        Services.loadContextInfo.private,
+        new OpenCallback(NORMAL, "p1m", "p1d", function () {
+          // Check it's there
+          syncWithCacheIOThread(function () {
+            var storage = getCacheStorage(
+              "disk",
+              Services.loadContextInfo.private
+            );
+            storage.asyncVisitStorage(
+              new VisitCallback(1, 12, ["http://p1/"], function () {
+                // Simulate PB exit
+                exitPB();
+                // Check the entry is gone
+                storage.asyncVisitStorage(
+                  new VisitCallback(0, 0, [], function () {
+                    finish_cache2_test();
+                  }),
+                  true
+                );
+              }),
+              true
+            );
+          });
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-07-visit-memory.js b/netwerk/test/unit/test_cache2-07-visit-memory.js
new file mode 100644
index 0000000000..11f0f6a2e7
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-07-visit-memory.js
@@ -0,0 +1,123 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Add entry to the memory storage
+  var mc = new MultipleCallbacks(5, function () {
+    // Check it's there by visiting the storage
+    syncWithCacheIOThread(function () {
+      var storage = getCacheStorage("memory");
+      storage.asyncVisitStorage(
+        new VisitCallback(1, 12, ["http://mem1/"], function () {
+          storage = getCacheStorage("disk");
+          storage.asyncVisitStorage(
+            // Previous tests should store 4 disk entries
+            new VisitCallback(
+              4,
+              4096,
+              ["http://a/", "http://b/", "http://c/", "http://d/"],
+              function () {
+                finish_cache2_test();
+              }
+            ),
+            true
+          );
+        }),
+        true
+      );
+    });
+  });
+
+  asyncOpenCacheEntry(
+    "http://mem1/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "m1m", "m1d", function () {
+      asyncOpenCacheEntry(
+        "http://mem1/",
+        "memory",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "m1m", "m1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://c/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://c/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://d/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://d/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-07a-open-memory.js b/netwerk/test/unit/test_cache2-07a-open-memory.js
new file mode 100644
index 0000000000..3392ee33fc
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-07a-open-memory.js
@@ -0,0 +1,81 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // First check how behaves the memory storage.
+
+  asyncOpenCacheEntry(
+    "http://mem-first/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "mem1-meta", "mem1-data", function (entryM1) {
+      Assert.ok(!entryM1.persistent);
+      asyncOpenCacheEntry(
+        "http://mem-first/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "mem1-meta", "mem1-data", function (entryM2) {
+          Assert.ok(!entryM1.persistent);
+          Assert.ok(!entryM2.persistent);
+
+          // Now check the disk storage behavior.
+
+          asyncOpenCacheEntry(
+            "http://disk-first/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            // Must wait for write, since opening the entry as memory-only before the disk one
+            // is written would cause NS_ERROR_NOT_AVAILABLE from openOutputStream when writing
+            // this disk entry since it's doomed during opening of the memory-only entry for the same URL.
+            new OpenCallback(
+              NEW | WAITFORWRITE,
+              "disk1-meta",
+              "disk1-data",
+              function (entryD1) {
+                Assert.ok(entryD1.persistent);
+                // Now open the same URL as a memory-only entry, the disk entry must be doomed.
+                asyncOpenCacheEntry(
+                  "http://disk-first/",
+                  "memory",
+                  Ci.nsICacheStorage.OPEN_NORMALLY,
+                  null,
+                  // This must be recreated
+                  new OpenCallback(NEW, "mem2-meta", "mem2-data", function (
+                    entryD2
+                  ) {
+                    Assert.ok(entryD1.persistent);
+                    Assert.ok(!entryD2.persistent);
+                    // Check we get it back, even when opening via the disk storage
+                    asyncOpenCacheEntry(
+                      "http://disk-first/",
+                      "disk",
+                      Ci.nsICacheStorage.OPEN_NORMALLY,
+                      null,
+                      new OpenCallback(
+                        NORMAL,
+                        "mem2-meta",
+                        "mem2-data",
+                        function (entryD3) {
+                          Assert.ok(entryD1.persistent);
+                          Assert.ok(!entryD2.persistent);
+                          Assert.ok(!entryD3.persistent);
+                          finish_cache2_test();
+                        }
+                      )
+                    );
+                  })
+                );
+              }
+            )
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-08-evict-disk-by-memory-storage.js b/netwerk/test/unit/test_cache2-08-evict-disk-by-memory-storage.js
new file mode 100644
index 0000000000..395c41dd7c
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-08-evict-disk-by-memory-storage.js
@@ -0,0 +1,25 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function (entry) {
+      var storage = getCacheStorage("memory");
+      // Have to fail
+      storage.asyncDoomURI(
+        createURI("http://a/"),
+        "",
+        new EvictionCallback(false, function () {
+          finish_cache2_test();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-09-evict-disk-by-uri.js b/netwerk/test/unit/test_cache2-09-evict-disk-by-uri.js
new file mode 100644
index 0000000000..5b9caa9cfb
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-09-evict-disk-by-uri.js
@@ -0,0 +1,32 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          var storage = getCacheStorage("disk");
+          storage.asyncDoomURI(
+            createURI("http://a/"),
+            "",
+            new EvictionCallback(true, function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-10-evict-direct.js b/netwerk/test/unit/test_cache2-10-evict-direct.js
new file mode 100644
index 0000000000..dc278e17d4
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-10-evict-direct.js
@@ -0,0 +1,29 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "b1m", "b1d", function () {
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "b1m", "b1d", function (entry) {
+          entry.asyncDoom(
+            new EvictionCallback(true, function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-10b-evict-direct-immediate.js b/netwerk/test/unit/test_cache2-10b-evict-direct-immediate.js
new file mode 100644
index 0000000000..83728af20d
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-10b-evict-direct-immediate.js
@@ -0,0 +1,21 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | DOOMED, "b1m", "b1d", function (entry) {
+      entry.asyncDoom(
+        new EvictionCallback(true, function () {
+          finish_cache2_test();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-11-evict-memory.js b/netwerk/test/unit/test_cache2-11-evict-memory.js
new file mode 100644
index 0000000000..b73bf2f5cc
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-11-evict-memory.js
@@ -0,0 +1,89 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var memoryStorage = getCacheStorage("memory");
+  var mc = new MultipleCallbacks(3, function () {
+    memoryStorage.asyncEvictStorage(
+      new EvictionCallback(true, function () {
+        memoryStorage.asyncVisitStorage(
+          new VisitCallback(0, 0, [], function () {
+            var diskStorage = getCacheStorage("disk");
+
+            var expectedConsumption = 2048;
+
+            diskStorage.asyncVisitStorage(
+              new VisitCallback(
+                2,
+                expectedConsumption,
+                ["http://a/", "http://b/"],
+                function () {
+                  finish_cache2_test();
+                }
+              ),
+              true
+            );
+          }),
+          true
+        );
+      })
+    );
+  });
+
+  asyncOpenCacheEntry(
+    "http://mem1/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "m2m", "m2d", function () {
+      asyncOpenCacheEntry(
+        "http://mem1/",
+        "memory",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "m2m", "m2d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-12-evict-disk.js b/netwerk/test/unit/test_cache2-12-evict-disk.js
new file mode 100644
index 0000000000..6b0d31a27b
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-12-evict-disk.js
@@ -0,0 +1,81 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var mc = new MultipleCallbacks(3, function () {
+    var diskStorage = getCacheStorage("disk");
+    diskStorage.asyncEvictStorage(
+      new EvictionCallback(true, function () {
+        diskStorage.asyncVisitStorage(
+          new VisitCallback(0, 0, [], function () {
+            var memoryStorage = getCacheStorage("memory");
+            memoryStorage.asyncVisitStorage(
+              new VisitCallback(0, 0, [], function () {
+                finish_cache2_test();
+              }),
+              true
+            );
+          }),
+          true
+        );
+      })
+    );
+  });
+
+  asyncOpenCacheEntry(
+    "http://mem1/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "m2m", "m2d", function () {
+      asyncOpenCacheEntry(
+        "http://mem1/",
+        "memory",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "m2m", "m2d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "a1m", "a1d", function () {
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://b/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "b1m", "b1d", function () {
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "b1m", "b1d", function () {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-13-evict-non-existing.js b/netwerk/test/unit/test_cache2-13-evict-non-existing.js
new file mode 100644
index 0000000000..a2d40fd153
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-13-evict-non-existing.js
@@ -0,0 +1,16 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var storage = getCacheStorage("disk");
+  storage.asyncDoomURI(
+    createURI("http://non-existing/"),
+    "",
+    new EvictionCallback(false, function () {
+      finish_cache2_test();
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-14-concurent-readers.js b/netwerk/test/unit/test_cache2-14-concurent-readers.js
new file mode 100644
index 0000000000..d2e80582dc
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-14-concurent-readers.js
@@ -0,0 +1,48 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "x1m", "x1d", function (entry) {
+      // nothing to do here, we expect concurent callbacks to get
+      // all notified, then the test finishes
+    })
+  );
+
+  var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NORMAL, "x1m", "x1d", function (entry) {
+      mc.fired();
+    })
+  );
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NORMAL, "x1m", "x1d", function (entry) {
+      mc.fired();
+    })
+  );
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NORMAL, "x1m", "x1d", function (entry) {
+      mc.fired();
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-14b-concurent-readers-complete.js b/netwerk/test/unit/test_cache2-14b-concurent-readers-complete.js
new file mode 100644
index 0000000000..244dca9a3b
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-14b-concurent-readers-complete.js
@@ -0,0 +1,76 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "x1m", "x1d", function (entry) {
+      // nothing to do here, we expect concurent callbacks to get
+      // all notified, then the test finishes
+    })
+  );
+
+  var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+  var order = 0;
+
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(
+      NORMAL | COMPLETE | NOTIFYBEFOREREAD,
+      "x1m",
+      "x1d",
+      function (entry, beforeReading) {
+        if (beforeReading) {
+          ++order;
+          Assert.equal(order, 3);
+        } else {
+          mc.fired();
+        }
+      }
+    )
+  );
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NORMAL | NOTIFYBEFOREREAD, "x1m", "x1d", function (
+      entry,
+      beforeReading
+    ) {
+      if (beforeReading) {
+        ++order;
+        Assert.equal(order, 1);
+      } else {
+        mc.fired();
+      }
+    })
+  );
+  asyncOpenCacheEntry(
+    "http://x/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NORMAL | NOTIFYBEFOREREAD, "x1m", "x1d", function (
+      entry,
+      beforeReading
+    ) {
+      if (beforeReading) {
+        ++order;
+        Assert.equal(order, 2);
+      } else {
+        mc.fired();
+      }
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-15-conditional-304.js b/netwerk/test/unit/test_cache2-15-conditional-304.js
new file mode 100644
index 0000000000..7b672e69a2
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-15-conditional-304.js
@@ -0,0 +1,60 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://304/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "31m", "31d", function () {
+      // Open normally but wait for validation from the server
+      asyncOpenCacheEntry(
+        "http://304/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(REVAL, "31m", "31d", function (entry) {
+          // emulate 304 from the server
+          executeSoon(function () {
+            entry.setValid(); // this will trigger OpenCallbacks bellow
+          });
+        })
+      );
+
+      var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+      asyncOpenCacheEntry(
+        "http://304/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "31m", "31d", function (entry) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://304/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "31m", "31d", function (entry) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://304/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "31m", "31d", function (entry) {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-16-conditional-200.js b/netwerk/test/unit/test_cache2-16-conditional-200.js
new file mode 100644
index 0000000000..beaa3f0dae
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-16-conditional-200.js
@@ -0,0 +1,76 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://200/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "21m", "21d", function () {
+      asyncOpenCacheEntry(
+        "http://200/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "21m", "21d", function () {
+          // Open normally but wait for validation from the server
+          asyncOpenCacheEntry(
+            "http://200/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(REVAL, "21m", "21d", function (entry) {
+              // emulate 200 from server (new content)
+              executeSoon(function () {
+                var entry2 = entry.recreate();
+
+                // now fill the new entry, use OpenCallback directly for it
+                new OpenCallback(
+                  NEW,
+                  "22m",
+                  "22d",
+                  function () {}
+                ).onCacheEntryAvailable(entry2, true, Cr.NS_OK);
+              });
+            })
+          );
+
+          var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+          asyncOpenCacheEntry(
+            "http://200/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NORMAL, "22m", "22d", function (entry) {
+              mc.fired();
+            })
+          );
+          asyncOpenCacheEntry(
+            "http://200/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NORMAL, "22m", "22d", function (entry) {
+              mc.fired();
+            })
+          );
+          asyncOpenCacheEntry(
+            "http://200/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NORMAL, "22m", "22d", function (entry) {
+              mc.fired();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-17-evict-all.js b/netwerk/test/unit/test_cache2-17-evict-all.js
new file mode 100644
index 0000000000..83829c631e
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-17-evict-all.js
@@ -0,0 +1,17 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  Services.cache2.clear();
+
+  var storage = getCacheStorage("disk");
+  storage.asyncVisitStorage(
+    new VisitCallback(0, 0, [], function () {
+      finish_cache2_test();
+    }),
+    true
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-18-not-valid.js b/netwerk/test/unit/test_cache2-18-not-valid.js
new file mode 100644
index 0000000000..8cbe37be4a
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-18-not-valid.js
@@ -0,0 +1,38 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write but expect it to fail, since other callback will recreate (and doom)
+  // the first entry before it opens output stream (note: in case of problems the DOOMED flag
+  // can be removed, it is not the test failure when opening the output stream on recreated entry.
+  asyncOpenCacheEntry(
+    "http://nv/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW | DOOMED, "v1m", "v1d", function () {
+      // Open for rewrite (don't validate), write different meta and data
+      asyncOpenCacheEntry(
+        "http://nv/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NOTVALID | RECREATE, "v2m", "v2d", function () {
+          // And check...
+          asyncOpenCacheEntry(
+            "http://nv/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NORMAL, "v2m", "v2d", function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-19-range-206.js b/netwerk/test/unit/test_cache2-19-range-206.js
new file mode 100644
index 0000000000..f3f9491932
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-19-range-206.js
@@ -0,0 +1,65 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://r206/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "206m", "206part1-", function () {
+      // Open normally but wait for validation from the server
+      asyncOpenCacheEntry(
+        "http://r206/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(PARTIAL, "206m", "206part1-", function (entry) {
+          // emulate 206 from the server, i.e. resume transaction and write content to the output stream
+          new OpenCallback(
+            NEW | WAITFORWRITE | PARTIAL,
+            "206m",
+            "-part2",
+            function (entry1) {
+              entry1.setValid();
+            }
+          ).onCacheEntryAvailable(entry, true, Cr.NS_OK);
+        })
+      );
+
+      var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+      asyncOpenCacheEntry(
+        "http://r206/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "206m", "206part1--part2", function (entry) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://r206/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "206m", "206part1--part2", function (entry) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://r206/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "206m", "206part1--part2", function (entry) {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-20-range-200.js b/netwerk/test/unit/test_cache2-20-range-200.js
new file mode 100644
index 0000000000..31b8223c35
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-20-range-200.js
@@ -0,0 +1,72 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://r200/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "200m1", "200part1a-", function () {
+      // Open normally but wait for validation from the server
+      asyncOpenCacheEntry(
+        "http://r200/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(PARTIAL, "200m1", "200part1a-", function (entry) {
+          // emulate 200 from the server, i.e. recreate the entry, resume transaction and
+          // write new content to the output stream
+          new OpenCallback(
+            NEW | WAITFORWRITE | RECREATE,
+            "200m2",
+            "200part1b--part2b",
+            function (entry1) {
+              entry1.setValid();
+            }
+          ).onCacheEntryAvailable(entry, true, Cr.NS_OK);
+        })
+      );
+
+      var mc = new MultipleCallbacks(3, finish_cache2_test);
+
+      asyncOpenCacheEntry(
+        "http://r200/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "200m2", "200part1b--part2b", function (
+          entry
+        ) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://r200/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "200m2", "200part1b--part2b", function (
+          entry
+        ) {
+          mc.fired();
+        })
+      );
+      asyncOpenCacheEntry(
+        "http://r200/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "200m2", "200part1b--part2b", function (
+          entry
+        ) {
+          mc.fired();
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-21-anon-storage.js b/netwerk/test/unit/test_cache2-21-anon-storage.js
new file mode 100644
index 0000000000..1db0047475
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-21-anon-storage.js
@@ -0,0 +1,52 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Create and check an entry anon disk storage
+  asyncOpenCacheEntry(
+    "http://anon1/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.anonymous,
+    new OpenCallback(NEW, "an1", "an1", function () {
+      asyncOpenCacheEntry(
+        "http://anon1/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        Services.loadContextInfo.anonymous,
+        new OpenCallback(NORMAL, "an1", "an1", function () {
+          // Create and check an entry non-anon disk storage
+          asyncOpenCacheEntry(
+            "http://anon1/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            Services.loadContextInfo.default,
+            new OpenCallback(NEW, "na1", "na1", function () {
+              asyncOpenCacheEntry(
+                "http://anon1/",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                Services.loadContextInfo.default,
+                new OpenCallback(NORMAL, "na1", "na1", function () {
+                  // check the anon entry is still there and intact
+                  asyncOpenCacheEntry(
+                    "http://anon1/",
+                    "disk",
+                    Ci.nsICacheStorage.OPEN_NORMALLY,
+                    Services.loadContextInfo.anonymous,
+                    new OpenCallback(NORMAL, "an1", "an1", function () {
+                      finish_cache2_test();
+                    })
+                  );
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-22-anon-visit.js b/netwerk/test/unit/test_cache2-22-anon-visit.js
new file mode 100644
index 0000000000..1768f142bd
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-22-anon-visit.js
@@ -0,0 +1,43 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var mc = new MultipleCallbacks(2, function () {
+    var storage = getCacheStorage("disk", Services.loadContextInfo.default);
+    storage.asyncVisitStorage(
+      new VisitCallback(1, 1024, ["http://an2/"], function () {
+        storage = getCacheStorage("disk", Services.loadContextInfo.anonymous);
+        storage.asyncVisitStorage(
+          new VisitCallback(1, 1024, ["http://an2/"], function () {
+            finish_cache2_test();
+          }),
+          true
+        );
+      }),
+      true
+    );
+  });
+
+  asyncOpenCacheEntry(
+    "http://an2/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW | WAITFORWRITE, "an2", "an2", function (entry) {
+      mc.fired();
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://an2/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.anonymous,
+    new OpenCallback(NEW | WAITFORWRITE, "an2", "an2", function (entry) {
+      mc.fired();
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-23-read-over-chunk.js b/netwerk/test/unit/test_cache2-23-read-over-chunk.js
new file mode 100644
index 0000000000..89bdb2d963
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-23-read-over-chunk.js
@@ -0,0 +1,34 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  const kChunkSize = 256 * 1024;
+
+  var payload = "";
+  for (var i = 0; i < kChunkSize + 10; ++i) {
+    if (i < kChunkSize - 5) {
+      payload += "0";
+    } else {
+      payload += String.fromCharCode(i + 65);
+    }
+  }
+
+  asyncOpenCacheEntry(
+    "http://read/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW | WAITFORWRITE, "", payload, function (entry) {
+      var is = entry.openInputStream(0);
+      pumpReadStream(is, function (read) {
+        Assert.equal(read.length, kChunkSize + 10);
+        is.close();
+        Assert.ok(read == payload); // not using do_check_eq since logger will fail for the 1/4MB string
+        finish_cache2_test();
+      });
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-24-exists.js b/netwerk/test/unit/test_cache2-24-exists.js
new file mode 100644
index 0000000000..7f7c50e9f0
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-24-exists.js
@@ -0,0 +1,43 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var mc = new MultipleCallbacks(2, function () {
+    var mem = getCacheStorage("memory");
+    var disk = getCacheStorage("disk");
+
+    Assert.ok(disk.exists(createURI("http://m1/"), ""));
+    Assert.ok(mem.exists(createURI("http://m1/"), ""));
+    Assert.ok(!mem.exists(createURI("http://m2/"), ""));
+    Assert.ok(disk.exists(createURI("http://d1/"), ""));
+    do_check_throws_nsIException(
+      () => disk.exists(createURI("http://d2/"), ""),
+      "NS_ERROR_NOT_AVAILABLE"
+    );
+
+    finish_cache2_test();
+  });
+
+  asyncOpenCacheEntry(
+    "http://d1/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW | WAITFORWRITE, "meta", "data", function (entry) {
+      mc.fired();
+    })
+  );
+
+  asyncOpenCacheEntry(
+    "http://m1/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW | WAITFORWRITE, "meta", "data", function (entry) {
+      mc.fired();
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-25-chunk-memory-limit.js b/netwerk/test/unit/test_cache2-25-chunk-memory-limit.js
new file mode 100644
index 0000000000..8c5a383ba6
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-25-chunk-memory-limit.js
@@ -0,0 +1,53 @@
+"use strict";
+
+function gen_200k() {
+  var i;
+  var data = "0123456789ABCDEFGHIJLKMNO";
+  for (i = 0; i < 13; i++) {
+    data += data;
+  }
+  return data;
+}
+
+// Keep the output stream of the first entry in a global variable, so the
+// CacheFile and its buffer isn't released before we write the data to the
+// second entry.
+var oStr;
+
+function run_test() {
+  do_get_profile();
+
+  // set max chunks memory so that only one full chunk fits within the limit
+  Services.prefs.setIntPref("browser.cache.disk.max_chunks_memory_usage", 300);
+
+  asyncOpenCacheEntry(
+    "http://a/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    function (status, entry) {
+      Assert.equal(status, Cr.NS_OK);
+      var data = gen_200k();
+      oStr = entry.openOutputStream(0, data.length);
+      Assert.equal(data.length, oStr.write(data, data.length));
+
+      asyncOpenCacheEntry(
+        "http://b/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        function (status1, entry1) {
+          Assert.equal(status1, Cr.NS_OK);
+          var oStr2 = entry1.openOutputStream(0, data.length);
+          do_check_throws_nsIException(
+            () => oStr2.write(data, data.length),
+            "NS_ERROR_OUT_OF_MEMORY"
+          );
+          finish_cache2_test();
+        }
+      );
+    }
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-26-no-outputstream-open.js b/netwerk/test/unit/test_cache2-26-no-outputstream-open.js
new file mode 100644
index 0000000000..bdb116436c
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-26-no-outputstream-open.js
@@ -0,0 +1,36 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, but never write and never mark valid
+  asyncOpenCacheEntry(
+    "http://no-data/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(
+      NEW | METAONLY | DONTSETVALID | WAITFORWRITE,
+      "meta",
+      "",
+      function () {
+        // Open again, we must get the callback and zero-length data
+        executeSoon(() => {
+          Cu.forceGC(); // invokes OnHandleClosed on the entry
+
+          asyncOpenCacheEntry(
+            "http://no-data/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NORMAL, "meta", "", function () {
+              finish_cache2_test();
+            })
+          );
+        });
+      }
+    )
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-27-force-valid-for.js b/netwerk/test/unit/test_cache2-27-force-valid-for.js
new file mode 100644
index 0000000000..78ac7eb847
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-27-force-valid-for.js
@@ -0,0 +1,35 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var mc = new MultipleCallbacks(2, function () {
+    finish_cache2_test();
+  });
+
+  asyncOpenCacheEntry(
+    "http://m1/",
+    "memory",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW, "meta", "data", function (entry) {
+      // Check the default
+      equal(entry.isForcedValid, false);
+
+      // Forced valid and confirm
+      entry.forceValidFor(2);
+      do_timeout(1000, function () {
+        equal(entry.isForcedValid, true);
+        mc.fired();
+      });
+
+      // Confirm the timeout occurs
+      do_timeout(3000, function () {
+        equal(entry.isForcedValid, false);
+        mc.fired();
+      });
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-28-last-access-attrs.js b/netwerk/test/unit/test_cache2-28-last-access-attrs.js
new file mode 100644
index 0000000000..7450e1998f
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-28-last-access-attrs.js
@@ -0,0 +1,46 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  function NowSeconds() {
+    return parseInt(new Date().getTime() / 1000);
+  }
+  function do_check_time(t, min, max) {
+    Assert.ok(t >= min);
+    Assert.ok(t <= max);
+  }
+
+  var timeStart = NowSeconds();
+
+  asyncOpenCacheEntry(
+    "http://t/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "m", "d", function (entry) {
+      var firstOpen = NowSeconds();
+      Assert.equal(entry.fetchCount, 1);
+      do_check_time(entry.lastFetched, timeStart, firstOpen);
+      do_check_time(entry.lastModified, timeStart, firstOpen);
+
+      do_timeout(2000, () => {
+        asyncOpenCacheEntry(
+          "http://t/",
+          "disk",
+          Ci.nsICacheStorage.OPEN_NORMALLY,
+          null,
+          new OpenCallback(NORMAL, "m", "d", function (entry1) {
+            var secondOpen = NowSeconds();
+            Assert.equal(entry1.fetchCount, 2);
+            do_check_time(entry1.lastFetched, firstOpen, secondOpen);
+            do_check_time(entry1.lastModified, timeStart, firstOpen);
+
+            finish_cache2_test();
+          })
+        );
+      });
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-28a-OPEN_SECRETLY.js b/netwerk/test/unit/test_cache2-28a-OPEN_SECRETLY.js
new file mode 100644
index 0000000000..d30e13af22
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-28a-OPEN_SECRETLY.js
@@ -0,0 +1,42 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  function NowSeconds() {
+    return parseInt(new Date().getTime() / 1000);
+  }
+  function do_check_time(a, b) {
+    Assert.ok(Math.abs(a - b) < 0.5);
+  }
+
+  asyncOpenCacheEntry(
+    "http://t/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "m", "d", function (entry) {
+      var now1 = NowSeconds();
+      Assert.equal(entry.fetchCount, 1);
+      do_check_time(entry.lastFetched, now1);
+      do_check_time(entry.lastModified, now1);
+
+      do_timeout(2000, () => {
+        asyncOpenCacheEntry(
+          "http://t/",
+          "disk",
+          Ci.nsICacheStorage.OPEN_SECRETLY,
+          null,
+          new OpenCallback(NORMAL, "m", "d", function (entry1) {
+            Assert.equal(entry1.fetchCount, 1);
+            do_check_time(entry1.lastFetched, now1);
+            do_check_time(entry1.lastModified, now1);
+
+            finish_cache2_test();
+          })
+        );
+      });
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-29a-concurrent_read_resumable_entry_size_zero.js b/netwerk/test/unit/test_cache2-29a-concurrent_read_resumable_entry_size_zero.js
new file mode 100644
index 0000000000..b97c4b113c
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-29a-concurrent_read_resumable_entry_size_zero.js
@@ -0,0 +1,76 @@
+/*
+
+Checkes if the concurrent cache read/write works when the write is interrupted because of max-entry-size limits
+This test is using a resumable response.
+- with a profile, set max-entry-size to 0
+- first channel makes a request for a resumable response
+- second channel makes a request for the same resource, concurrent read happens
+- first channel sets predicted data size on the entry, it's doomed
+- second channel now must engage interrupted concurrent write algorithm and read the content again from the network
+- both channels must deliver full content w/o errors
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const responseBody = "response body";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Accept-Ranges", "bytes");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  if (metadata.hasHeader("If-Range")) {
+    response.setStatusLine(metadata.httpVersion, 206, "Partial Content");
+    response.setHeader("Content-Range", "0-12/13");
+  }
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 0);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = make_channel(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = make_channel(URL + "/content");
+    chan2.asyncOpen(new ChannelListener(secondTimeThrough, null));
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_cache2-29b-concurrent_read_non-resumable_entry_size_zero.js b/netwerk/test/unit/test_cache2-29b-concurrent_read_non-resumable_entry_size_zero.js
new file mode 100644
index 0000000000..e221be7661
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-29b-concurrent_read_non-resumable_entry_size_zero.js
@@ -0,0 +1,80 @@
+/*
+
+Checkes if the concurrent cache read/write works when the write is interrupted because of max-entry-size limits.
+This test is using a non-resumable response.
+- with a profile, set max-entry-size to 0
+- first channel makes a request for a non-resumable (chunked) response
+- second channel makes a request for the same resource, concurrent read is bypassed (non-resumable response)
+- first channel writes first bytes to the cache output stream, but that fails because of the max-entry-size limit and entry is doomed
+- cache entry output stream is closed
+- second channel gets the entry, opening the input stream must fail
+- second channel must read the content again from the network
+- both channels must deliver full content w/o errors
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+const responseBody = "c\r\ndata reached\r\n3\r\nhej\r\n0\r\n\r\n";
+const responseBodyDecoded = "data reachedhej";
+
+function contentHandler(metadata, response) {
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(responseBody);
+  response.finish();
+}
+
+function run_test() {
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 0);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = make_channel(URL + "/content");
+    chan1.asyncOpen(
+      new ChannelListener(firstTimeThrough, null, CL_ALLOW_UNKNOWN_CL)
+    );
+    var chan2 = make_channel(URL + "/content");
+    chan2.asyncOpen(
+      new ChannelListener(secondTimeThrough, null, CL_ALLOW_UNKNOWN_CL)
+    );
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBodyDecoded);
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBodyDecoded);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_cache2-29c-concurrent_read_half-interrupted.js b/netwerk/test/unit/test_cache2-29c-concurrent_read_half-interrupted.js
new file mode 100644
index 0000000000..706ad894ca
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-29c-concurrent_read_half-interrupted.js
@@ -0,0 +1,95 @@
+/*
+
+Checkes if the concurrent cache read/write works when the write is interrupted because of max-entry-size limits.
+This is enhancement of 29a test, this test checks that cocurrency is resumed when the first channel is interrupted
+in the middle of reading and the second channel already consumed some content from the cache entry.
+This test is using a resumable response.
+- with a profile, set max-entry-size to 1 (=1024 bytes)
+- first channel makes a request for a resumable response
+- second channel makes a request for the same resource, concurrent read happens
+- first channel sets predicted data size on the entry with every chunk, it's doomed on 1024
+- second channel now must engage interrupted concurrent write algorithm and read the rest of the content from the network
+- both channels must deliver full content w/o errors
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+// need something bigger than 1024 bytes
+const responseBody =
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Accept-Ranges", "bytes");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  if (metadata.hasHeader("If-Range")) {
+    response.setStatusLine(metadata.httpVersion, 206, "Partial Content");
+
+    let len = responseBody.length;
+    response.setHeader("Content-Range", "0-" + (len - 1) + "/" + len);
+  }
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  // Static check
+  Assert.ok(responseBody.length > 1024);
+
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = make_channel(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = make_channel(URL + "/content");
+    chan2.asyncOpen(new ChannelListener(secondTimeThrough, null));
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+}
+
+function secondTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_cache2-29d-concurrent_read_half-corrupted-206.js b/netwerk/test/unit/test_cache2-29d-concurrent_read_half-corrupted-206.js
new file mode 100644
index 0000000000..d9886a6fbf
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-29d-concurrent_read_half-corrupted-206.js
@@ -0,0 +1,95 @@
+/*
+
+Checkes if the concurrent cache read/write works when the write is interrupted because of max-entry-size limits.
+This is enhancement of 29c test, this test checks that a corrupted 206 response is correctly handled (no crashes or asserion failures)
+This test is using a resumable response.
+- with a profile, set max-entry-size to 1 (=1024 bytes)
+- first channel makes a request for a resumable response
+- second channel makes a request for the same resource, concurrent read happens
+- first channel sets predicted data size on the entry with every chunk, it's doomed on 1024
+- second channel now must engage interrupted concurrent write algorithm and read the rest of the content from the network
+- the response to the range request is broken (bad Content-Range header)
+- the first must deliver full content w/o errors
+- the second channel must correctly fail
+
+*/
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+// need something bigger than 1024 bytes
+const responseBody =
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Accept-Ranges", "bytes");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  if (metadata.hasHeader("If-Range")) {
+    response.setStatusLine(metadata.httpVersion, 206, "Partial Content");
+    // Deliberately broken response header to trigger corrupted content error on the second channel
+    response.setHeader("Content-Range", "0-1/2");
+  }
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  // Static check
+  Assert.ok(responseBody.length > 1024);
+
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = make_channel(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = make_channel(URL + "/content");
+    chan2.asyncOpen(
+      new ChannelListener(secondTimeThrough, null, CL_EXPECT_FAILURE)
+    );
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+}
+
+function secondTimeThrough(request, buffer) {
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_cache2-29e-concurrent_read_half-non-206-response.js b/netwerk/test/unit/test_cache2-29e-concurrent_read_half-non-206-response.js
new file mode 100644
index 0000000000..7d517d518d
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-29e-concurrent_read_half-non-206-response.js
@@ -0,0 +1,90 @@
+/*
+
+Checkes if the concurrent cache read/write works when the write is interrupted because of max-entry-size limits.
+This is enhancement of 29c test, this test checks that a corrupted 206 response is correctly handled (no crashes or asserion failures)
+This test is using a resumable response.
+- with a profile, set max-entry-size to 1 (=1024 bytes)
+- first channel makes a request for a resumable response
+- second channel makes a request for the same resource, concurrent read happens
+- first channel sets predicted data size on the entry with every chunk, it's doomed on 1024
+- second channel now must engage interrupted concurrent write algorithm and read the rest of the content from the network
+- the response to the range request is plain 200
+- the first must deliver full content w/o errors
+- the second channel must correctly fail
+
+*/
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpServer.identity.primaryPort;
+});
+
+var httpServer = null;
+
+function make_channel(url, callback, ctx) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+// need something bigger than 1024 bytes
+const responseBody =
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" +
+  "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
+
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  response.setHeader("ETag", "Just testing");
+  response.setHeader("Cache-Control", "max-age=99999");
+  response.setHeader("Accept-Ranges", "bytes");
+  response.setHeader("Content-Length", "" + responseBody.length);
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  // Static check
+  Assert.ok(responseBody.length > 1024);
+
+  do_get_profile();
+
+  Services.prefs.setIntPref("browser.cache.disk.max_entry_size", 1);
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/content", contentHandler);
+  httpServer.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var chan1 = make_channel(URL + "/content");
+    chan1.asyncOpen(new ChannelListener(firstTimeThrough, null));
+    var chan2 = make_channel(URL + "/content");
+    chan2.asyncOpen(
+      new ChannelListener(secondTimeThrough, null, CL_EXPECT_FAILURE)
+    );
+  });
+
+  do_test_pending();
+}
+
+function firstTimeThrough(request, buffer) {
+  Assert.equal(buffer, responseBody);
+}
+
+function secondTimeThrough(request, buffer) {
+  httpServer.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_cache2-30a-entry-pinning.js b/netwerk/test/unit/test_cache2-30a-entry-pinning.js
new file mode 100644
index 0000000000..b2541cbf86
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-30a-entry-pinning.js
@@ -0,0 +1,39 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  // Open for write, write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "pin",
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    Services.loadContextInfo.default,
+    new OpenCallback(NEW | WAITFORWRITE, "a1m", "a1d", function () {
+      // Open for read and check
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        Services.loadContextInfo.default,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          // Now clear the whole cache
+          Services.cache2.clear();
+
+          // The pinned entry should be intact
+          asyncOpenCacheEntry(
+            "http://a/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            Services.loadContextInfo.default,
+            new OpenCallback(NORMAL, "a1m", "a1d", function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-30b-pinning-storage-clear.js b/netwerk/test/unit/test_cache2-30b-pinning-storage-clear.js
new file mode 100644
index 0000000000..21f7f02e45
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-30b-pinning-storage-clear.js
@@ -0,0 +1,45 @@
+"use strict";
+
+function run_test() {
+  do_get_profile();
+
+  var lci = Services.loadContextInfo.default;
+
+  // Open a pinned entry for write, write
+  asyncOpenCacheEntry(
+    "http://a/",
+    "pin",
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    lci,
+    new OpenCallback(NEW | WAITFORWRITE, "a1m", "a1d", function () {
+      // Now clear the disk storage, that should leave the pinned  entry in the cache
+      var diskStorage = getCacheStorage("disk", lci);
+      diskStorage.asyncEvictStorage(null);
+
+      // Open for read and check, it should still be there
+      asyncOpenCacheEntry(
+        "http://a/",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        lci,
+        new OpenCallback(NORMAL, "a1m", "a1d", function () {
+          // Now clear the pinning storage, entry should be gone
+          var pinningStorage = getCacheStorage("pin", lci);
+          pinningStorage.asyncEvictStorage(null);
+
+          asyncOpenCacheEntry(
+            "http://a/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NEW, "", "", function () {
+              finish_cache2_test();
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-30c-pinning-deferred-doom.js b/netwerk/test/unit/test_cache2-30c-pinning-deferred-doom.js
new file mode 100644
index 0000000000..73dfee0f6b
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-30c-pinning-deferred-doom.js
@@ -0,0 +1,185 @@
+/*
+
+This is a complex test checking the internal "deferred doom" functionality in both CacheEntry and CacheFileHandle.
+
+- We create a batch of 10 non-pinned and 10 pinned entries, write something to them.
+- Then we purge them from memory, so they have to reload from disk.
+- After that the IO thread is suspended not to process events on the READ (3) level.  This forces opening operation and eviction
+  sync operations happen before we know actual pinning status of already cached entries.
+- We async-open the same batch of the 10+10 entries again, all should open as existing with the expected, previously stored
+  content
+- After all these entries are made to open, we clear the cache.  This does some synchronous operations on the entries
+  being open and also on the handles being in an already open state (but before the entry metadata has started to be read.)
+  Expected is to leave the pinned entries only.
+- Now, we resume the IO thread, so it start reading.  One could say this is a hack, but this can very well happen in reality
+  on slow disk or when a large number of entries is about to be open at once.  Suspending the IO thread is just doing this
+  simulation is a fully deterministic way and actually very easily and elegantly.
+- After the resume we want to open all those 10+10 entries once again (no purgin involved this time.).  It is expected
+  to open all the pinning entries intact and loose all the non-pinned entries (get them as new and empty again.)
+
+*/
+
+"use strict";
+
+const kENTRYCOUNT = 10;
+
+function log_(msg) {
+  if (true) {
+    dump(">>>>>>>>>>>>> " + msg + "\n");
+  }
+}
+
+function run_test() {
+  do_get_profile();
+
+  var lci = Services.loadContextInfo.default;
+  var testingInterface = Services.cache2.QueryInterface(Ci.nsICacheTesting);
+  Assert.ok(testingInterface);
+
+  var mc = new MultipleCallbacks(
+    1,
+    function () {
+      // (2)
+
+      mc = new MultipleCallbacks(1, finish_cache2_test);
+      // Release all references to cache entries so that they can be purged
+      // Calling gc() four times is needed to force it to actually release
+      // entries that are obviously unreferenced.  Yeah, I know, this is wacky...
+      gc();
+      gc();
+      executeSoon(() => {
+        gc();
+        gc();
+        log_("purging");
+
+        // Invokes cacheservice:purge-memory-pools when done.
+        Services.cache2.purgeFromMemory(
+          Ci.nsICacheStorageService.PURGE_EVERYTHING
+        ); // goes to (3)
+      });
+    },
+    true
+  );
+
+  // (1), here we start
+
+  var i;
+  for (i = 0; i < kENTRYCOUNT; ++i) {
+    log_("first set of opens");
+
+    // Callbacks 1-20
+    mc.add();
+    asyncOpenCacheEntry(
+      "http://pinned" + i + "/",
+      "pin",
+      Ci.nsICacheStorage.OPEN_TRUNCATE,
+      lci,
+      new OpenCallback(NEW | WAITFORWRITE, "m" + i, "p" + i, function (entry) {
+        mc.fired();
+      })
+    );
+
+    mc.add();
+    asyncOpenCacheEntry(
+      "http://common" + i + "/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_TRUNCATE,
+      lci,
+      new OpenCallback(NEW | WAITFORWRITE, "m" + i, "d" + i, function (entry) {
+        mc.fired();
+      })
+    );
+  }
+
+  mc.fired(); // Goes to (2)
+
+  Services.obs.addObserver(
+    {
+      observe(subject, topic, data) {
+        // (3)
+
+        log_("after purge, second set of opens");
+        // Prevent the I/O thread from reading the data.  We first want to schedule clear of the cache.
+        // This deterministically emulates a slow hard drive.
+        testingInterface.suspendCacheIOThread(3);
+
+        // All entries should load
+        // Callbacks 21-40
+        for (i = 0; i < kENTRYCOUNT; ++i) {
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://pinned" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NORMAL, "m" + i, "p" + i, function (entry) {
+              mc.fired();
+            })
+          );
+
+          // Unfortunately we cannot ensure that entries existing in the cache will be delivered to the consumer
+          // when soon after are evicted by some cache API call.  It's better to not ensure getting an entry
+          // than allowing to get an entry that was just evicted from the cache.  Entries may be delievered
+          // as new, but are already doomed.  Output stream cannot be openned, or the file handle is already
+          // writing to a doomed file.
+          //
+          // The API now just ensures that entries removed by any of the cache eviction APIs are never more
+          // available to consumers.
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://common" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(MAYBE_NEW | DOOMED, "m" + i, "d" + i, function (
+              entry
+            ) {
+              mc.fired();
+            })
+          );
+        }
+
+        log_("clearing");
+        // Now clear everything except pinned, all entries are in state of reading
+        Services.cache2.clear();
+        log_("cleared");
+
+        // Resume reading the cache data, only now the pinning status on entries will be discovered,
+        // the deferred dooming code will trigger.
+        testingInterface.resumeCacheIOThread();
+
+        log_("third set of opens");
+        // Now open again.  Pinned entries should be there, disk entries should be the renewed entries.
+        // Callbacks 41-60
+        for (i = 0; i < kENTRYCOUNT; ++i) {
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://pinned" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NORMAL, "m" + i, "p" + i, function (entry) {
+              mc.fired();
+            })
+          );
+
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://common" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NEW, "m2" + i, "d2" + i, function (entry) {
+              mc.fired();
+            })
+          );
+        }
+
+        mc.fired(); // Finishes this test
+      },
+    },
+    "cacheservice:purge-memory-pools"
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-30d-pinning-WasEvicted-API.js b/netwerk/test/unit/test_cache2-30d-pinning-WasEvicted-API.js
new file mode 100644
index 0000000000..fd4622f3f4
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-30d-pinning-WasEvicted-API.js
@@ -0,0 +1,148 @@
+/*
+
+This test exercises the CacheFileContextEvictor::WasEvicted API and code using it.
+
+- We store 10+10 (pinned and non-pinned) entries to the cache, wait for them being written.
+- Then we purge the memory pools.
+- Now the IO thread is suspended on the EVICT (7) level to prevent actual deletion of the files.
+- Index is disabled.
+- We do clear() of the cache, this creates the "ce_*" file and posts to the EVICT level
+  the eviction loop mechanics.
+- We open again those 10+10 entries previously stored.
+- IO is resumed
+- We expect to get all the pinned and
+  loose all the non-pinned (common) entries.
+
+*/
+
+"use strict";
+
+const kENTRYCOUNT = 10;
+
+function log_(msg) {
+  if (true) {
+    dump(">>>>>>>>>>>>> " + msg + "\n");
+  }
+}
+
+function run_test() {
+  do_get_profile();
+
+  var lci = Services.loadContextInfo.default;
+  var testingInterface = Services.cache2.QueryInterface(Ci.nsICacheTesting);
+  Assert.ok(testingInterface);
+
+  var mc = new MultipleCallbacks(
+    1,
+    function () {
+      // (2)
+
+      mc = new MultipleCallbacks(1, finish_cache2_test);
+      // Release all references to cache entries so that they can be purged
+      // Calling gc() four times is needed to force it to actually release
+      // entries that are obviously unreferenced.  Yeah, I know, this is wacky...
+      gc();
+      gc();
+      executeSoon(() => {
+        gc();
+        gc();
+        log_("purging");
+
+        // Invokes cacheservice:purge-memory-pools when done.
+        Services.cache2.purgeFromMemory(
+          Ci.nsICacheStorageService.PURGE_EVERYTHING
+        ); // goes to (3)
+      });
+    },
+    true
+  );
+
+  // (1), here we start
+
+  log_("first set of opens");
+  var i;
+  for (i = 0; i < kENTRYCOUNT; ++i) {
+    // Callbacks 1-20
+    mc.add();
+    asyncOpenCacheEntry(
+      "http://pinned" + i + "/",
+      "pin",
+      Ci.nsICacheStorage.OPEN_TRUNCATE,
+      lci,
+      new OpenCallback(NEW | WAITFORWRITE, "m" + i, "p" + i, function (entry) {
+        mc.fired();
+      })
+    );
+
+    mc.add();
+    asyncOpenCacheEntry(
+      "http://common" + i + "/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_TRUNCATE,
+      lci,
+      new OpenCallback(NEW | WAITFORWRITE, "m" + i, "d" + i, function (entry) {
+        mc.fired();
+      })
+    );
+  }
+
+  mc.fired(); // Goes to (2)
+
+  Services.obs.addObserver(
+    {
+      observe(subject, topic, data) {
+        // (3)
+
+        log_("after purge");
+        // Prevent the I/O thread from evicting physically the data.  We first want to re-open the entries.
+        // This deterministically emulates a slow hard drive.
+        testingInterface.suspendCacheIOThread(7);
+
+        log_("clearing");
+        // Now clear everything except pinned.  Stores the "ce_*" file and schedules background eviction.
+        Services.cache2.clear();
+        log_("cleared");
+
+        log_("second set of opens");
+        // Now open again.  Pinned entries should be there, disk entries should be the renewed entries.
+        // Callbacks 21-40
+        for (i = 0; i < kENTRYCOUNT; ++i) {
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://pinned" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NORMAL, "m" + i, "p" + i, function (entry) {
+              mc.fired();
+            })
+          );
+
+          mc.add();
+          asyncOpenCacheEntry(
+            "http://common" + i + "/",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            lci,
+            new OpenCallback(NEW, "m2" + i, "d2" + i, function (entry) {
+              mc.fired();
+            })
+          );
+        }
+
+        // Resume IO, this will just pop-off the CacheFileContextEvictor::EvictEntries() because of
+        // an early check on CacheIOThread::YieldAndRerun() in that method.
+        // CacheFileIOManager::OpenFileInternal should now run and CacheFileContextEvictor::WasEvicted
+        // should be checked on.
+        log_("resuming");
+        testingInterface.resumeCacheIOThread();
+        log_("resumed");
+
+        mc.fired(); // Finishes this test
+      },
+    },
+    "cacheservice:purge-memory-pools"
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-31-visit-all.js b/netwerk/test/unit/test_cache2-31-visit-all.js
new file mode 100644
index 0000000000..3fed10881f
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-31-visit-all.js
@@ -0,0 +1,88 @@
+"use strict";
+
+function run_test() {
+  getCacheStorage("disk");
+  var lcis = [
+    Services.loadContextInfo.default,
+    Services.loadContextInfo.custom(false, { userContextId: 1 }),
+    Services.loadContextInfo.custom(false, { userContextId: 2 }),
+    Services.loadContextInfo.custom(false, { userContextId: 3 }),
+  ];
+
+  do_get_profile();
+
+  var mc = new MultipleCallbacks(
+    8,
+    function () {
+      executeSoon(function () {
+        var expectedConsumption = 8192;
+        var entries = [
+          { uri: "http://a/", lci: lcis[0] }, // default
+          { uri: "http://b/", lci: lcis[0] }, // default
+          { uri: "http://a/", lci: lcis[1] }, // user Context 1
+          { uri: "http://b/", lci: lcis[1] }, // user Context 1
+          { uri: "http://a/", lci: lcis[2] }, // user Context 2
+          { uri: "http://b/", lci: lcis[2] }, // user Context 2
+          { uri: "http://a/", lci: lcis[3] }, // user Context 3
+          { uri: "http://b/", lci: lcis[3] },
+        ]; // user Context 3
+
+        Services.cache2.asyncVisitAllStorages(
+          // Test should store 8 entries across 4 originAttributes
+          new VisitCallback(8, expectedConsumption, entries, function () {
+            Services.cache2.asyncVisitAllStorages(
+              // Still 8 entries expected, now don't walk them
+              new VisitCallback(8, expectedConsumption, null, function () {
+                finish_cache2_test();
+              }),
+              false
+            );
+          }),
+          true
+        );
+      });
+    },
+    true
+  );
+
+  // Add two cache entries for each originAttributes.
+  for (var i = 0; i < lcis.length; i++) {
+    asyncOpenCacheEntry(
+      "http://a/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      lcis[i],
+      new OpenCallback(NEW, "a1m", "a1d", function () {
+        asyncOpenCacheEntry(
+          "http://a/",
+          "disk",
+          Ci.nsICacheStorage.OPEN_NORMALLY,
+          lcis[i],
+          new OpenCallback(NORMAL, "a1m", "a1d", function () {
+            mc.fired();
+          })
+        );
+      })
+    );
+
+    asyncOpenCacheEntry(
+      "http://b/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      lcis[i],
+      new OpenCallback(NEW, "b1m", "b1d", function () {
+        asyncOpenCacheEntry(
+          "http://b/",
+          "disk",
+          Ci.nsICacheStorage.OPEN_NORMALLY,
+          lcis[i],
+          new OpenCallback(NORMAL, "b1m", "b1d", function () {
+            mc.fired();
+          })
+        );
+      })
+    );
+  }
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache2-32-clear-origin.js b/netwerk/test/unit/test_cache2-32-clear-origin.js
new file mode 100644
index 0000000000..2234ccd13d
--- /dev/null
+++ b/netwerk/test/unit/test_cache2-32-clear-origin.js
@@ -0,0 +1,69 @@
+"use strict";
+
+const URL = "http://example.net";
+const URL2 = "http://foo.bar";
+
+function run_test() {
+  do_get_profile();
+
+  asyncOpenCacheEntry(
+    URL + "/a",
+    "disk",
+    Ci.nsICacheStorage.OPEN_NORMALLY,
+    null,
+    new OpenCallback(NEW, "e1m", "e1d", function () {
+      asyncOpenCacheEntry(
+        URL + "/a",
+        "disk",
+        Ci.nsICacheStorage.OPEN_NORMALLY,
+        null,
+        new OpenCallback(NORMAL, "e1m", "e1d", function () {
+          asyncOpenCacheEntry(
+            URL2 + "/a",
+            "disk",
+            Ci.nsICacheStorage.OPEN_NORMALLY,
+            null,
+            new OpenCallback(NEW, "f1m", "f1d", function () {
+              asyncOpenCacheEntry(
+                URL2 + "/a",
+                "disk",
+                Ci.nsICacheStorage.OPEN_NORMALLY,
+                null,
+                new OpenCallback(NORMAL, "f1m", "f1d", function () {
+                  var url = Services.io.newURI(URL);
+                  var principal =
+                    Services.scriptSecurityManager.createContentPrincipal(
+                      url,
+                      {}
+                    );
+
+                  Services.cache2.clearOrigin(principal);
+
+                  asyncOpenCacheEntry(
+                    URL + "/a",
+                    "disk",
+                    Ci.nsICacheStorage.OPEN_NORMALLY,
+                    null,
+                    new OpenCallback(NEW, "e1m", "e1d", function () {
+                      asyncOpenCacheEntry(
+                        URL2 + "/a",
+                        "disk",
+                        Ci.nsICacheStorage.OPEN_NORMALLY,
+                        null,
+                        new OpenCallback(NORMAL, "f1m", "f1d", function () {
+                          finish_cache2_test();
+                        })
+                      );
+                    })
+                  );
+                })
+              );
+            })
+          );
+        })
+      );
+    })
+  );
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cache_204_response.js b/netwerk/test/unit/test_cache_204_response.js
new file mode 100644
index 0000000000..3038b7ed71
--- /dev/null
+++ b/netwerk/test/unit/test_cache_204_response.js
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+Test if 204 response is cached.
+1. Make first http request and return a 204 response.
+2. Check if the first response is not cached.
+3. Make second http request and check if the response is cached.
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+function test_handler(metadata, response) {
+  response.setHeader("Content-Type", "text/html", false);
+  response.setHeader("Cache-control", "max-age=9999", false);
+  response.setStatusLine(metadata.httpVersion, 204, "No Content");
+}
+
+function make_channel(url) {
+  let channel = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return channel;
+}
+
+async function get_response(channel, fromCache) {
+  return new Promise(resolve => {
+    channel.asyncOpen(
+      new ChannelListener((request, buffer, ctx, isFromCache) => {
+        ok(fromCache == isFromCache, `got response from cache = ${fromCache}`);
+        resolve();
+      })
+    );
+  });
+}
+
+async function stop_server(httpserver) {
+  return new Promise(resolve => {
+    httpserver.stop(resolve);
+  });
+}
+
+add_task(async function () {
+  let httpserver = new HttpServer();
+  httpserver.registerPathHandler("/testdir", test_handler);
+  httpserver.start(-1);
+  const PORT = httpserver.identity.primaryPort;
+  const URI = `http://localhost:${PORT}/testdir`;
+
+  await get_response(make_channel(URI, "GET"), false);
+  await get_response(make_channel(URI, "GET"), true);
+
+  await stop_server(httpserver);
+});
diff --git a/netwerk/test/unit/test_cache_jar.js b/netwerk/test/unit/test_cache_jar.js
new file mode 100644
index 0000000000..bedde668b4
--- /dev/null
+++ b/netwerk/test/unit/test_cache_jar.js
@@ -0,0 +1,105 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort + "/cached";
+});
+
+var httpserv = null;
+var handlers_called = 0;
+
+function cached_handler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Cache-Control", "max-age=10000", false);
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  var body = "0123456789";
+  response.bodyOutputStream.write(body, body.length);
+  handlers_called++;
+}
+
+function makeChan(url, inIsolatedMozBrowser, userContextId) {
+  var chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadInfo.originAttributes = { inIsolatedMozBrowser, userContextId };
+  return chan;
+}
+
+// [inIsolatedMozBrowser, userContextId, expected_handlers_called]
+var firstTests = [
+  [false, 0, 1],
+  [true, 0, 1],
+  [false, 1, 1],
+  [true, 1, 1],
+];
+var secondTests = [
+  [false, 0, 0],
+  [true, 0, 0],
+  [false, 1, 1],
+  [true, 1, 0],
+];
+
+async function run_all_tests() {
+  for (let test of firstTests) {
+    handlers_called = 0;
+    await test_channel(...test);
+  }
+
+  // We can't easily cause webapp data to be cleared from the child process, so skip
+  // the rest of these tests.
+  let procType = Services.appinfo.processType;
+  if (procType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT) {
+    return;
+  }
+
+  Services.clearData.deleteDataFromOriginAttributesPattern({
+    userContextId: 1,
+  });
+
+  for (let test of secondTests) {
+    handlers_called = 0;
+    await test_channel(...test);
+  }
+}
+
+function run_test() {
+  do_get_profile();
+
+  do_test_pending();
+
+  Services.prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/cached", cached_handler);
+  httpserv.start(-1);
+  run_all_tests().then(() => {
+    do_test_finished();
+  });
+}
+
+function test_channel(inIsolatedMozBrowser, userContextId, expected) {
+  return new Promise(resolve => {
+    var chan = makeChan(URL, inIsolatedMozBrowser, userContextId);
+    chan.asyncOpen(
+      new ChannelListener(doneFirstLoad.bind(null, resolve), expected)
+    );
+  });
+}
+
+function doneFirstLoad(resolve, req, buffer, expected) {
+  // Load it again, make sure it hits the cache
+  var oa = req.loadInfo.originAttributes;
+  var chan = makeChan(URL, oa.isInIsolatedMozBrowserElement, oa.userContextId);
+  chan.asyncOpen(
+    new ChannelListener(doneSecondLoad.bind(null, resolve), expected)
+  );
+}
+
+function doneSecondLoad(resolve, req, buffer, expected) {
+  Assert.equal(handlers_called, expected);
+  resolve();
+}
diff --git a/netwerk/test/unit/test_cacheflags.js b/netwerk/test/unit/test_cacheflags.js
new file mode 100644
index 0000000000..614f420a5e
--- /dev/null
+++ b/netwerk/test/unit/test_cacheflags.js
@@ -0,0 +1,437 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+httpserver.start(-1);
+
+// Need to randomize, because apparently no one clears our cache
+var suffix = Math.random();
+var httpBase = "http://localhost:" + httpserver.identity.primaryPort;
+var shortexpPath = "/shortexp" + suffix;
+var longexpPath = "/longexp/" + suffix;
+var longexp2Path = "/longexp/2/" + suffix;
+var nocachePath = "/nocache" + suffix;
+var nostorePath = "/nostore" + suffix;
+var test410Path = "/test410" + suffix;
+var test404Path = "/test404" + suffix;
+
+var PrivateBrowsingLoadContext = Cu.createPrivateLoadContext();
+
+function make_channel(url, flags, usePrivateBrowsing) {
+  var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
+
+  var uri = Services.io.newURI(url);
+  var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
+    privateBrowsingId: usePrivateBrowsing ? 1 : 0,
+  });
+
+  var req = NetUtil.newChannel({
+    uri,
+    loadingPrincipal: principal,
+    securityFlags,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+  });
+
+  req.loadFlags = flags;
+  if (usePrivateBrowsing) {
+    req.notificationCallbacks = PrivateBrowsingLoadContext;
+  }
+  return req;
+}
+
+function Test(
+  path,
+  flags,
+  expectSuccess,
+  readFromCache,
+  hitServer,
+  usePrivateBrowsing /* defaults to false */
+) {
+  this.path = path;
+  this.flags = flags;
+  this.expectSuccess = expectSuccess;
+  this.readFromCache = readFromCache;
+  this.hitServer = hitServer;
+  this.usePrivateBrowsing = usePrivateBrowsing;
+}
+
+Test.prototype = {
+  flags: 0,
+  expectSuccess: true,
+  readFromCache: false,
+  hitServer: true,
+  usePrivateBrowsing: false,
+  _buffer: "",
+  _isFromCache: false,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    var cachingChannel = request.QueryInterface(Ci.nsICacheInfoChannel);
+    this._isFromCache = request.isPending() && cachingChannel.isFromCache();
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    this._buffer = this._buffer.concat(read_stream(stream, count));
+  },
+
+  onStopRequest(request, status) {
+    Assert.equal(Components.isSuccessCode(status), this.expectSuccess);
+    Assert.equal(this._isFromCache, this.readFromCache);
+    Assert.equal(gHitServer, this.hitServer);
+
+    do_timeout(0, run_next_test);
+  },
+
+  run() {
+    dump(
+      "Running:" +
+        "\n  " +
+        this.path +
+        "\n  " +
+        this.flags +
+        "\n  " +
+        this.expectSuccess +
+        "\n  " +
+        this.readFromCache +
+        "\n  " +
+        this.hitServer +
+        "\n"
+    );
+    gHitServer = false;
+    var channel = make_channel(this.path, this.flags, this.usePrivateBrowsing);
+    channel.asyncOpen(this);
+  },
+};
+
+var gHitServer = false;
+
+var gTests = [
+  new Test(
+    httpBase + shortexpPath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true, // hit server
+    true
+  ), // USE PRIVATE BROWSING, so not cached for later requests
+  new Test(
+    httpBase + shortexpPath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + shortexpPath,
+    0,
+    true, // expect success
+    true, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + shortexpPath,
+    Ci.nsIRequest.LOAD_BYPASS_CACHE,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + shortexpPath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE,
+    false, // expect success
+    false, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + shortexpPath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE | Ci.nsIRequest.VALIDATE_NEVER,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + shortexpPath,
+    Ci.nsIRequest.LOAD_FROM_CACHE,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+
+  new Test(
+    httpBase + longexpPath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    0,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsIRequest.LOAD_BYPASS_CACHE,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsIRequest.VALIDATE_ALWAYS,
+    true, // expect success
+    true, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE | Ci.nsIRequest.VALIDATE_NEVER,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE | Ci.nsIRequest.VALIDATE_ALWAYS,
+    false, // expect success
+    false, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + longexpPath,
+    Ci.nsIRequest.LOAD_FROM_CACHE,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+
+  new Test(
+    httpBase + longexp2Path,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + longexp2Path,
+    0,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+
+  new Test(
+    httpBase + nocachePath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + nocachePath,
+    0,
+    true, // expect success
+    true, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + nocachePath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE,
+    false, // expect success
+    false, // read from cache
+    false
+  ), // hit server
+
+  // CACHE2: mayhemer - entry is doomed... I think the logic is wrong, we should not doom them
+  // as they are not valid, but take them as they need to reval
+  /*
+  new Test(httpBase + nocachePath, Ci.nsIRequest.LOAD_FROM_CACHE,
+           true,   // expect success
+           true,   // read from cache
+           false), // hit server
+  */
+
+  // LOAD_ONLY_FROM_CACHE would normally fail (because no-cache forces
+  // a validation), but VALIDATE_NEVER should override that.
+  new Test(
+    httpBase + nocachePath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE | Ci.nsIRequest.VALIDATE_NEVER,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+
+  // ... however, no-cache over ssl should act like no-store and force
+  // a validation (and therefore failure) even if VALIDATE_NEVER is
+  // set.
+  /* XXX bug 466524: We can't currently start an ssl server in xpcshell tests,
+                     so this test is currently disabled.
+  new Test(httpsBase + nocachePath,
+           Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE |
+           Ci.nsIRequest.VALIDATE_NEVER,
+           false,  // expect success
+           false,  // read from cache
+           false)  // hit server
+  */
+
+  new Test(
+    httpBase + nostorePath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + nostorePath,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + nostorePath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE,
+    false, // expect success
+    false, // read from cache
+    false
+  ), // hit server
+  new Test(
+    httpBase + nostorePath,
+    Ci.nsIRequest.LOAD_FROM_CACHE,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+  // no-store should force the validation (and therefore failure, with
+  // LOAD_ONLY_FROM_CACHE) even if VALIDATE_NEVER is set.
+  new Test(
+    httpBase + nostorePath,
+    Ci.nsICachingChannel.LOAD_ONLY_FROM_CACHE | Ci.nsIRequest.VALIDATE_NEVER,
+    false, // expect success
+    false, // read from cache
+    false
+  ), // hit server
+
+  new Test(
+    httpBase + test410Path,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + test410Path,
+    0,
+    true, // expect success
+    true, // read from cache
+    false
+  ), // hit server
+
+  new Test(
+    httpBase + test404Path,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+  new Test(
+    httpBase + test404Path,
+    0,
+    true, // expect success
+    false, // read from cache
+    true
+  ), // hit server
+];
+
+function run_next_test() {
+  if (!gTests.length) {
+    httpserver.stop(do_test_finished);
+    return;
+  }
+
+  var test = gTests.shift();
+  test.run();
+}
+
+function handler(httpStatus, metadata, response) {
+  gHitServer = true;
+  let etag;
+  try {
+    etag = metadata.getHeader("If-None-Match");
+  } catch (ex) {
+    etag = "";
+  }
+  if (etag == "testtag") {
+    // Allow using the cached data
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+  } else {
+    response.setStatusLine(metadata.httpVersion, httpStatus, "Useless Phrase");
+    response.setHeader("Content-Type", "text/plain", false);
+    response.setHeader("ETag", "testtag", false);
+    const body = "data";
+    response.bodyOutputStream.write(body, body.length);
+  }
+}
+
+function nocache_handler(metadata, response) {
+  response.setHeader("Cache-Control", "no-cache", false);
+  handler(200, metadata, response);
+}
+
+function nostore_handler(metadata, response) {
+  response.setHeader("Cache-Control", "no-store", false);
+  handler(200, metadata, response);
+}
+
+function test410_handler(metadata, response) {
+  handler(410, metadata, response);
+}
+
+function test404_handler(metadata, response) {
+  handler(404, metadata, response);
+}
+
+function shortexp_handler(metadata, response) {
+  response.setHeader("Cache-Control", "max-age=0", false);
+  handler(200, metadata, response);
+}
+
+function longexp_handler(metadata, response) {
+  response.setHeader("Cache-Control", "max-age=10000", false);
+  handler(200, metadata, response);
+}
+
+// test spaces around max-age value token
+function longexp2_handler(metadata, response) {
+  response.setHeader("Cache-Control", "max-age = 10000", false);
+  handler(200, metadata, response);
+}
+
+function run_test() {
+  httpserver.registerPathHandler(shortexpPath, shortexp_handler);
+  httpserver.registerPathHandler(longexpPath, longexp_handler);
+  httpserver.registerPathHandler(longexp2Path, longexp2_handler);
+  httpserver.registerPathHandler(nocachePath, nocache_handler);
+  httpserver.registerPathHandler(nostorePath, nostore_handler);
+  httpserver.registerPathHandler(test410Path, test410_handler);
+  httpserver.registerPathHandler(test404Path, test404_handler);
+
+  run_next_test();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_captive_portal_service.js b/netwerk/test/unit/test_captive_portal_service.js
new file mode 100644
index 0000000000..d5c951d16c
--- /dev/null
+++ b/netwerk/test/unit/test_captive_portal_service.js
@@ -0,0 +1,325 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+let httpserver = null;
+ChromeUtils.defineLazyGetter(this, "cpURI", function () {
+  return (
+    "http://localhost:" + httpserver.identity.primaryPort + "/captive.html"
+  );
+});
+
+const SUCCESS_STRING =
+  '';
+let cpResponse = SUCCESS_STRING;
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/html");
+  response.bodyOutputStream.write(cpResponse, cpResponse.length);
+}
+
+const PREF_CAPTIVE_ENABLED = "network.captive-portal-service.enabled";
+const PREF_CAPTIVE_TESTMODE = "network.captive-portal-service.testMode";
+const PREF_CAPTIVE_ENDPOINT = "captivedetect.canonicalURL";
+const PREF_CAPTIVE_MINTIME = "network.captive-portal-service.minInterval";
+const PREF_CAPTIVE_MAXTIME = "network.captive-portal-service.maxInterval";
+const PREF_DNS_NATIVE_IS_LOCALHOST = "network.dns.native-is-localhost";
+
+const cps = Cc["@mozilla.org/network/captive-portal-service;1"].getService(
+  Ci.nsICaptivePortalService
+);
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref(PREF_CAPTIVE_ENABLED);
+  Services.prefs.clearUserPref(PREF_CAPTIVE_TESTMODE);
+  Services.prefs.clearUserPref(PREF_CAPTIVE_ENDPOINT);
+  Services.prefs.clearUserPref(PREF_CAPTIVE_MINTIME);
+  Services.prefs.clearUserPref(PREF_CAPTIVE_MAXTIME);
+  Services.prefs.clearUserPref(PREF_DNS_NATIVE_IS_LOCALHOST);
+
+  await new Promise(resolve => {
+    httpserver.stop(resolve);
+  });
+});
+
+function observerPromise(topic) {
+  return new Promise(resolve => {
+    let observer = {
+      QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+      observe(aSubject, aTopic, aData) {
+        if (aTopic == topic) {
+          Services.obs.removeObserver(observer, topic);
+          resolve(aData);
+        }
+      },
+    };
+    Services.obs.addObserver(observer, topic);
+  });
+}
+
+add_task(function setup() {
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/captive.html", contentHandler);
+  httpserver.start(-1);
+
+  Services.prefs.setCharPref(PREF_CAPTIVE_ENDPOINT, cpURI);
+  Services.prefs.setIntPref(PREF_CAPTIVE_MINTIME, 50);
+  Services.prefs.setIntPref(PREF_CAPTIVE_MAXTIME, 100);
+  Services.prefs.setBoolPref(PREF_CAPTIVE_TESTMODE, true);
+  Services.prefs.setBoolPref(PREF_DNS_NATIVE_IS_LOCALHOST, true);
+});
+
+add_task(async function test_simple() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  let notification = observerPromise("network:captive-portal-connectivity");
+  // The service is started by nsIOService when the pref becomes true.
+  // We might want to add a method to do this in the future.
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  let observerPayload = await notification;
+  equal(observerPayload, "clear");
+  equal(cps.state, Ci.nsICaptivePortalService.NOT_CAPTIVE);
+
+  cpResponse = "other";
+  notification = observerPromise("captive-portal-login");
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(cps.state, Ci.nsICaptivePortalService.LOCKED_PORTAL);
+
+  cpResponse = SUCCESS_STRING;
+  notification = observerPromise("captive-portal-login-success");
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(cps.state, Ci.nsICaptivePortalService.UNLOCKED_PORTAL);
+});
+
+// This test redirects to another URL which returns the same content.
+// It should still be interpreted as a captive portal.
+add_task(async function test_redirect_success() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  httpserver.registerPathHandler("/succ.txt", (metadata, response) => {
+    response.setHeader("Content-Type", "text/html");
+    response.bodyOutputStream.write(cpResponse, cpResponse.length);
+  });
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 307, "Moved Temporarily");
+    response.setHeader(
+      "Location",
+      `http://localhost:${httpserver.identity.primaryPort}/succ.txt`
+    );
+  });
+
+  let notification = observerPromise("captive-portal-login").then(
+    () => "login"
+  );
+  let succNotif = observerPromise("network:captive-portal-connectivity").then(
+    () => "connectivity"
+  );
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  let winner = await Promise.race([notification, succNotif]);
+  equal(winner, "login", "This should have been a login, not a success");
+  equal(
+    cps.state,
+    Ci.nsICaptivePortalService.LOCKED_PORTAL,
+    "Should be locked after redirect to same text"
+  );
+});
+
+// This redirects to another URI with a different content.
+// We check that it triggers a captive portal login
+add_task(async function test_redirect_bad() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  httpserver.registerPathHandler("/bad.txt", (metadata, response) => {
+    response.setHeader("Content-Type", "text/html");
+    response.bodyOutputStream.write("bad", "bad".length);
+  });
+
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 307, "Moved Temporarily");
+    response.setHeader(
+      "Location",
+      `http://localhost:${httpserver.identity.primaryPort}/bad.txt`
+    );
+  });
+
+  let notification = observerPromise("captive-portal-login");
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  await notification;
+  equal(
+    cps.state,
+    Ci.nsICaptivePortalService.LOCKED_PORTAL,
+    "Should be locked after redirect to bad text"
+  );
+});
+
+// This redirects to the same URI.
+// We check that it triggers a captive portal login
+add_task(async function test_redirect_loop() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  // This is actually a redirect loop
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 307, "Moved Temporarily");
+    response.setHeader("Location", cpURI);
+  });
+
+  let notification = observerPromise("captive-portal-login");
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  await notification;
+  equal(cps.state, Ci.nsICaptivePortalService.LOCKED_PORTAL);
+});
+
+// This redirects to a https URI.
+// We check that it triggers a captive portal login
+add_task(async function test_redirect_https() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Any kind of redirection should trigger the captive portal login.
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 307, "Moved Temporarily");
+    response.setHeader("Location", `https://foo.example.com:${h2Port}/exit`);
+  });
+
+  let notification = observerPromise("captive-portal-login");
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  await notification;
+  equal(
+    cps.state,
+    Ci.nsICaptivePortalService.LOCKED_PORTAL,
+    "Should be locked after redirect to https"
+  );
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+});
+
+// This test uses a 511 status code to request a captive portal login
+// We check that it triggers a captive portal login
+// See RFC 6585 for details
+add_task(async function test_511_error() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    response.setStatusLine(
+      metadata.httpVersion,
+      511,
+      "Network Authentication Required"
+    );
+    cpResponse = '';
+    contentHandler(metadata, response);
+  });
+
+  let notification = observerPromise("captive-portal-login");
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  await notification;
+  equal(cps.state, Ci.nsICaptivePortalService.LOCKED_PORTAL);
+});
+
+// Any other 5xx HTTP error, is assumed to be an issue with the
+// canonical web server, and should not trigger a captive portal login
+add_task(async function test_generic_5xx_error() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  let requests = 0;
+  httpserver.registerPathHandler("/captive.html", (metadata, response) => {
+    if (requests++ === 0) {
+      // on first attempt, send 503 error
+      response.setStatusLine(
+        metadata.httpVersion,
+        503,
+        "Internal Server Error"
+      );
+      cpResponse = "
Internal Server Error
";
+    } else {
+      // on retry, send canonical reply
+      cpResponse = SUCCESS_STRING;
+    }
+    contentHandler(metadata, response);
+  });
+
+  let notification = observerPromise("network:captive-portal-connectivity");
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+
+  await notification;
+  equal(requests, 2);
+  equal(cps.state, Ci.nsICaptivePortalService.NOT_CAPTIVE);
+});
+
+add_task(async function test_changed_notification() {
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, false);
+  equal(cps.state, Ci.nsICaptivePortalService.UNKNOWN);
+
+  httpserver.registerPathHandler("/captive.html", contentHandler);
+  cpResponse = SUCCESS_STRING;
+
+  let changedNotificationCount = 0;
+  let observer = {
+    QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+    observe(aSubject, aTopic, aData) {
+      changedNotificationCount += 1;
+    },
+  };
+  Services.obs.addObserver(
+    observer,
+    "network:captive-portal-connectivity-changed"
+  );
+
+  let notification = observerPromise(
+    "network:captive-portal-connectivity-changed"
+  );
+  Services.prefs.setBoolPref(PREF_CAPTIVE_ENABLED, true);
+  await notification;
+  equal(changedNotificationCount, 1);
+  equal(cps.state, Ci.nsICaptivePortalService.NOT_CAPTIVE);
+
+  notification = observerPromise("network:captive-portal-connectivity");
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(changedNotificationCount, 1);
+  equal(cps.state, Ci.nsICaptivePortalService.NOT_CAPTIVE);
+
+  notification = observerPromise("captive-portal-login");
+  cpResponse = "you are captive";
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(changedNotificationCount, 1);
+  equal(cps.state, Ci.nsICaptivePortalService.LOCKED_PORTAL);
+
+  notification = observerPromise("captive-portal-login-success");
+  cpResponse = SUCCESS_STRING;
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(changedNotificationCount, 2);
+  equal(cps.state, Ci.nsICaptivePortalService.UNLOCKED_PORTAL);
+
+  notification = observerPromise("captive-portal-login");
+  cpResponse = "you are captive";
+  cps.recheckCaptivePortal();
+  await notification;
+  equal(changedNotificationCount, 2);
+  equal(cps.state, Ci.nsICaptivePortalService.LOCKED_PORTAL);
+
+  Services.obs.removeObserver(
+    observer,
+    "network:captive-portal-connectivity-changed"
+  );
+});
diff --git a/netwerk/test/unit/test_cert_info.js b/netwerk/test/unit/test_cert_info.js
new file mode 100644
index 0000000000..abf5a1d634
--- /dev/null
+++ b/netwerk/test/unit/test_cert_info.js
@@ -0,0 +1,162 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+async function test_cert_failure(server_creator, https_proxy) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
+
+  let server = new server_creator();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+
+  await server.registerPathHandler("/test", (req, resp) => {
+    resp.writeHead(200);
+    resp.end("done");
+  });
+  let url;
+  if (server_creator == NodeHTTPServer) {
+    url = `http://localhost:${server.port()}/test`;
+  } else {
+    url = `https://localhost:${server.port()}/test`;
+  }
+  let chan = makeChan(url);
+  let req = await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_ALLOW_UNKNOWN_CL));
+  });
+  equal(req.status, Cr.NS_OK);
+  equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+  let secinfo = req.securityInfo;
+  if (server_creator == NodeHTTPServer) {
+    if (!https_proxy) {
+      Assert.equal(secinfo, null);
+    } else {
+      // In the case we are connecting to an insecure HTTP server
+      // through a secure proxy, nsHttpChannel will have the security
+      // info from the proxy.
+      // We will discuss this behavir in bug 1785777.
+      secinfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      Assert.equal(secinfo.serverCert.commonName, " Proxy Test Cert");
+    }
+  } else {
+    secinfo.QueryInterface(Ci.nsITransportSecurityInfo);
+    Assert.equal(secinfo.serverCert.commonName, " HTTP2 Test Cert");
+  }
+}
+
+add_task(async function test_http() {
+  await test_cert_failure(NodeHTTPServer, false);
+});
+
+add_task(async function test_https() {
+  await test_cert_failure(NodeHTTPSServer, false);
+});
+
+add_task(async function test_http2() {
+  await test_cert_failure(NodeHTTP2Server, false);
+});
+
+add_task(async function test_http_proxy_http_server() {
+  let proxy = new NodeHTTPProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTPServer, false);
+});
+
+add_task(async function test_http_proxy_https_server() {
+  let proxy = new NodeHTTPProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTPSServer, false);
+});
+
+add_task(async function test_http_proxy_http2_server() {
+  let proxy = new NodeHTTPProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTP2Server, false);
+});
+
+add_task(async function test_https_proxy_http_server() {
+  let proxy = new NodeHTTPSProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTPServer, true);
+});
+
+add_task(async function test_https_proxy_https_server() {
+  let proxy = new NodeHTTPSProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTPSServer, true);
+});
+
+add_task(async function test_https_proxy_http2_server() {
+  let proxy = new NodeHTTPSProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTP2Server, true);
+});
+
+add_task(async function test_http2_proxy_http_server() {
+  let proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+
+  await test_cert_failure(NodeHTTPServer, true);
+});
+
+add_task(async function test_http2_proxy_https_server() {
+  let proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+
+  await test_cert_failure(NodeHTTPSServer, true);
+});
+
+add_task(async function test_http2_proxy_http2_server() {
+  let proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+
+  await test_cert_failure(NodeHTTP2Server, true);
+});
diff --git a/netwerk/test/unit/test_cert_verification_failure.js b/netwerk/test/unit/test_cert_verification_failure.js
new file mode 100644
index 0000000000..11eb575dc1
--- /dev/null
+++ b/netwerk/test/unit/test_cert_verification_failure.js
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+async function test_cert_failure(server_or_proxy, server_cert) {
+  let server = new server_or_proxy();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+  let chan = makeChan(`https://localhost:${server.port()}/test`);
+  let req = await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+  });
+  equal(req.status, 0x805a1ff3); // SEC_ERROR_UNKNOWN_ISSUER
+  let secinfo = req.securityInfo;
+  secinfo.QueryInterface(Ci.nsITransportSecurityInfo);
+  if (server_cert) {
+    Assert.equal(secinfo.serverCert.commonName, " HTTP2 Test Cert");
+  } else {
+    Assert.equal(secinfo.serverCert.commonName, " Proxy Test Cert");
+  }
+}
+
+add_task(async function test_https() {
+  await test_cert_failure(NodeHTTPSServer, true);
+});
+
+add_task(async function test_http2() {
+  await test_cert_failure(NodeHTTP2Server, true);
+});
+
+add_task(async function test_https_proxy() {
+  let proxy = new NodeHTTPSProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+  await test_cert_failure(NodeHTTPSServer, false);
+});
+
+add_task(async function test_http2_proxy() {
+  let proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+  registerCleanupFunction(() => {
+    proxy.stop();
+  });
+
+  await test_cert_failure(NodeHTTPSServer, false);
+});
diff --git a/netwerk/test/unit/test_channel_close.js b/netwerk/test/unit/test_channel_close.js
new file mode 100644
index 0000000000..f8f78fd211
--- /dev/null
+++ b/netwerk/test/unit/test_channel_close.js
@@ -0,0 +1,70 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpProtocolHandler = Cc[
+  "@mozilla.org/network/protocol;1?name=http"
+].getService(Ci.nsIHttpProtocolHandler);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var testpath = "/simple";
+var httpbody = "0123456789";
+
+var live_channels = [];
+
+function run_test() {
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.start(-1);
+
+  httpProtocolHandler.EnsureHSTSDataReady().then(function () {
+    var local_channel;
+
+    // Opened channel that has no remaining references on shutdown
+    local_channel = setupChannel(testpath);
+    local_channel.asyncOpen(new ChannelListener(checkRequest, local_channel));
+
+    // Opened channel that has no remaining references after being opened
+    setupChannel(testpath).asyncOpen(new ChannelListener(function () {}, null));
+
+    // Unopened channel that has remaining references on shutdown
+    live_channels.push(setupChannel(testpath));
+
+    // Opened channel that has remaining references on shutdown
+    live_channels.push(setupChannel(testpath));
+    live_channels[1].asyncOpen(
+      new ChannelListener(checkRequestFinish, live_channels[1])
+    );
+  });
+
+  do_test_pending();
+}
+
+function setupChannel(path) {
+  var chan = NetUtil.newChannel({
+    uri: URL + path,
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.requestMethod = "GET";
+  return chan;
+}
+
+function serverHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function checkRequest(request, data, context) {
+  Assert.equal(data, httpbody);
+}
+
+function checkRequestFinish(request, data, context) {
+  checkRequest(request, data, context);
+  httpserver.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_channel_long_domain.js b/netwerk/test/unit/test_channel_long_domain.js
new file mode 100644
index 0000000000..86dbbed3e3
--- /dev/null
+++ b/netwerk/test/unit/test_channel_long_domain.js
@@ -0,0 +1,14 @@
+// Tests that domains longer than 253 characters fail to load when pref is true
+
+add_task(async function test_long_domain_fails() {
+  let domain = "http://" + "a".repeat(254);
+
+  let req = await new Promise(resolve => {
+    let chan = NetUtil.newChannel({
+      uri: domain,
+      loadUsingSystemPrincipal: true,
+    });
+    chan.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+  });
+  Assert.equal(req.status, Cr.NS_ERROR_UNKNOWN_HOST, "Request should fail");
+});
diff --git a/netwerk/test/unit/test_channel_priority.js b/netwerk/test/unit/test_channel_priority.js
new file mode 100644
index 0000000000..b230042890
--- /dev/null
+++ b/netwerk/test/unit/test_channel_priority.js
@@ -0,0 +1,98 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+let httpserver;
+let port;
+
+function startHttpServer() {
+  httpserver = new HttpServer();
+
+  httpserver.registerPathHandler("/resource", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "text/plain", false);
+    response.setHeader("Cache-Control", "no-cache", false);
+    response.bodyOutputStream.write("data", 4);
+  });
+
+  httpserver.registerPathHandler("/redirect", (metadata, response) => {
+    response.setStatusLine(metadata.httpVersion, 302, "Redirect");
+    response.setHeader("Location", "/resource", false);
+    response.setHeader("Cache-Control", "no-cache", false);
+  });
+
+  httpserver.start(-1);
+  port = httpserver.identity.primaryPort;
+}
+
+function stopHttpServer() {
+  httpserver.stop(() => {});
+}
+
+function makeRequest(uri) {
+  let requestChannel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  });
+  requestChannel.QueryInterface(Ci.nsISupportsPriority);
+  requestChannel.priority = Ci.nsISupportsPriority.PRIORITY_HIGHEST;
+  requestChannel.asyncOpen(new ChannelListener(checkResponse, requestChannel));
+}
+
+function checkResponse(request, buffer, requestChannel) {
+  requestChannel.QueryInterface(Ci.nsISupportsPriority);
+  Assert.equal(
+    requestChannel.priority,
+    Ci.nsISupportsPriority.PRIORITY_HIGHEST
+  );
+
+  // the response channel can be different (if it was redirected)
+  let responseChannel = request.QueryInterface(Ci.nsISupportsPriority);
+  Assert.equal(
+    responseChannel.priority,
+    Ci.nsISupportsPriority.PRIORITY_HIGHEST
+  );
+
+  run_next_test();
+}
+
+add_test(function test_regular_request() {
+  makeRequest(`http://localhost:${port}/resource`);
+});
+
+add_test(function test_redirect() {
+  makeRequest(`http://localhost:${port}/redirect`);
+});
+
+function run_test() {
+  // jshint ignore:line
+  if (!runningInParent) {
+    // add a task to report test finished to parent process at the end of test queue,
+    // since do_register_cleanup is not available in child xpcshell test script.
+    add_test(function () {
+      do_send_remote_message("finished");
+      run_next_test();
+    });
+
+    // waiting for parent process to assign server port via configPort()
+    return;
+  }
+
+  startHttpServer();
+  registerCleanupFunction(stopHttpServer);
+  run_next_test();
+}
+
+// This is used by unit_ipc/test_channel_priority_wrap.js for e10s XPCShell test
+/* exported configPort */
+function configPort(serverPort) {
+  // jshint ignore:line
+  port = serverPort;
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_chunked_responses.js b/netwerk/test/unit/test_chunked_responses.js
new file mode 100644
index 0000000000..c8dee14efe
--- /dev/null
+++ b/netwerk/test/unit/test_chunked_responses.js
@@ -0,0 +1,180 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Test Chunked-Encoded response parsing.
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+// Test infrastructure
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var test_flags = [];
+var testPathBase = "/chunked_hdrs";
+
+function run_test() {
+  httpserver.start(-1);
+
+  do_test_pending();
+  run_test_number(1);
+}
+
+function run_test_number(num) {
+  var testPath = testPathBase + num;
+  // eslint-disable-next-line no-eval
+  httpserver.registerPathHandler(testPath, eval("handler" + num));
+
+  var channel = setupChannel(testPath);
+  var flags = test_flags[num]; // OK if flags undefined for test
+  channel.asyncOpen(
+    // eslint-disable-next-line no-eval
+    new ChannelListener(eval("completeTest" + num), channel, flags)
+  );
+}
+
+function setupChannel(url) {
+  var chan = NetUtil.newChannel({
+    uri: URL + url,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  return httpChan;
+}
+
+function endTests() {
+  httpserver.stop(do_test_finished);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 1: FAIL because of overflowed chunked size. The parser uses long so
+//         the test case uses >64bit to fail on all platforms.
+test_flags[1] = CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler1(metadata, response) {
+  var body = "12345678123456789\r\ndata never reached";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest1(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_UNEXPECTED);
+
+  run_test_number(2);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 2: FAIL because of non-hex in chunked length
+
+test_flags[2] = CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler2(metadata, response) {
+  var body = "junkintheway 123\r\ndata never reached";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest2(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_UNEXPECTED);
+  run_test_number(3);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 3: OK in spite of non-hex digits after size in the length field
+
+test_flags[3] = CL_ALLOW_UNKNOWN_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler3(metadata, response) {
+  var body = "c junkafter\r\ndata reached\r\n0\r\n\r\n";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest3(request, data, ctx) {
+  Assert.equal(request.status, 0);
+  run_test_number(4);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 4: Verify a fully compliant chunked response.
+
+test_flags[4] = CL_ALLOW_UNKNOWN_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler4(metadata, response) {
+  var body = "c\r\ndata reached\r\n3\r\nhej\r\n0\r\n\r\n";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest4(request, data, ctx) {
+  Assert.equal(request.status, 0);
+  run_test_number(5);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 5: A chunk size larger than 32 bit but smaller than 64bit also fails
+// This is probabaly subject to get improved at some point.
+
+test_flags[5] = CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler5(metadata, response) {
+  var body = "123456781\r\ndata never reached";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Transfer-Encoding: chunked\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest5(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_UNEXPECTED);
+  endTests();
+  //  run_test_number(6);
+}
diff --git a/netwerk/test/unit/test_client_auth_with_proxy.js b/netwerk/test/unit/test_client_auth_with_proxy.js
new file mode 100644
index 0000000000..5a205f4db1
--- /dev/null
+++ b/netwerk/test/unit/test_client_auth_with_proxy.js
@@ -0,0 +1,176 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+const { MockRegistrar } = ChromeUtils.importESModule(
+  "resource://testing-common/MockRegistrar.sys.mjs"
+);
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+class SecurityObserver {
+  constructor(input, output) {
+    this.input = input;
+    this.output = output;
+  }
+
+  onHandshakeDone(socket, status) {
+    info("TLS handshake done");
+
+    let output = this.output;
+    this.input.asyncWait(
+      {
+        onInputStreamReady(readyInput) {
+          let request = NetUtil.readInputStreamToString(
+            readyInput,
+            readyInput.available()
+          );
+          ok(
+            request.startsWith("GET /") && request.includes("HTTP/1.1"),
+            "expecting an HTTP/1.1 GET request"
+          );
+          let response =
+            "HTTP/1.1 200 OK\r\nContent-Type:text/plain\r\n" +
+            "Connection:Close\r\nContent-Length:2\r\n\r\nOK";
+          output.write(response, response.length);
+        },
+      },
+      0,
+      0,
+      Services.tm.currentThread
+    );
+  }
+}
+
+function startServer(cert) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
+    Ci.nsITLSServerSocket
+  );
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+
+  let securityObservers = [];
+
+  let listener = {
+    onSocketAccepted(socket, transport) {
+      info("Accepted TLS client connection");
+      let connectionInfo = transport.securityCallbacks.getInterface(
+        Ci.nsITLSServerConnectionInfo
+      );
+      let input = transport.openInputStream(0, 0, 0);
+      let output = transport.openOutputStream(0, 0, 0);
+      connectionInfo.setSecurityObserver(new SecurityObserver(input, output));
+    },
+
+    onStopListening() {
+      info("onStopListening");
+      for (let securityObserver of securityObservers) {
+        securityObserver.input.close();
+        securityObserver.output.close();
+      }
+    },
+  };
+
+  tlsServer.setSessionTickets(false);
+  tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_ALWAYS);
+
+  tlsServer.asyncListen(listener);
+
+  return tlsServer;
+}
+
+// Replace the UI dialog that prompts the user to pick a client certificate.
+const clientAuthDialogService = {
+  chooseCertificate(hostname, certArray, loadContext, callback) {
+    callback.certificateChosen(certArray[0], false);
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIClientAuthDialogService"]),
+};
+
+let server;
+add_setup(async function setup() {
+  do_get_profile();
+
+  let clientAuthDialogServiceCID = MockRegistrar.register(
+    "@mozilla.org/security/ClientAuthDialogService;1",
+    clientAuthDialogService
+  );
+
+  let cert = getTestServerCertificate();
+  ok(!!cert, "Got self-signed cert");
+  server = startServer(cert);
+
+  certOverrideService.rememberValidityOverride(
+    "localhost",
+    server.port,
+    {},
+    cert,
+    true
+  );
+
+  registerCleanupFunction(async function () {
+    MockRegistrar.unregister(clientAuthDialogServiceCID);
+    certOverrideService.clearValidityOverride("localhost", server.port, {});
+    server.close();
+  });
+});
+
+add_task(async function test_client_auth_with_proxy() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
+
+  let proxies = [
+    NodeHTTPProxyServer,
+    NodeHTTPSProxyServer,
+    NodeHTTP2ProxyServer,
+  ];
+
+  for (let p of proxies) {
+    info(`Test with proxy:${p.name}`);
+    let proxy = new p();
+    await proxy.start();
+    registerCleanupFunction(async () => {
+      await proxy.stop();
+    });
+
+    let chan = makeChan(`https://localhost:${server.port}`);
+    let [req, buff] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+    equal(req.status, Cr.NS_OK);
+    equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+    equal(buff, "OK");
+    req.QueryInterface(Ci.nsIProxiedChannel);
+    ok(!!req.proxyInfo);
+    notEqual(req.proxyInfo.type, "direct");
+    await proxy.stop();
+  }
+});
diff --git a/netwerk/test/unit/test_coaleasing_h2_and_h3_connection.js b/netwerk/test/unit/test_coaleasing_h2_and_h3_connection.js
new file mode 100644
index 0000000000..3c998ffe29
--- /dev/null
+++ b/netwerk/test/unit/test_coaleasing_h2_and_h3_connection.js
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let h2Port;
+let h3Port;
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  Services.prefs.setBoolPref("network.http.altsvc.oe", true);
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.http.altsvc.oe");
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function testNotCoaleasingH2Connection() {
+  const host = "foo.example.com";
+  Services.prefs.setCharPref("network.dns.localDomains", host);
+
+  let server = new NodeHTTPSServer();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+
+  await server.execute(`global.h3Port = "${h3Port}";`);
+  await server.registerPathHandler("/altsvc", (req, resp) => {
+    const body = "done";
+    resp.setHeader("Content-Length", body.length);
+    resp.setHeader("Alt-Svc", `h3-29=:${global.h3Port}`);
+    resp.writeHead(200);
+    resp.write(body);
+    resp.end("");
+  });
+
+  let chan = makeChan(`https://${host}:${server.port()}/altsvc`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "http/1.1");
+
+  // Some delay to make sure the H3 speculative connection is created.
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+
+  // To clear the altsvc cache.
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+
+  // Add another alt-svc header to route to moz-http2.js.
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    `${host};h2=:${h2Port}`
+  );
+
+  let start = new Date().getTime();
+  chan = makeChan(`https://${host}:${server.port()}/server-timing`);
+  chan.QueryInterface(Ci.nsIHttpChannelInternal).beConservative = true;
+  [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+
+  // The time this request takes should be way more less than the
+  // neqo idle timeout (30s).
+  let duration = (new Date().getTime() - start) / 1000;
+  Assert.less(duration, 10);
+});
diff --git a/netwerk/test/unit/test_compareURIs.js b/netwerk/test/unit/test_compareURIs.js
new file mode 100644
index 0000000000..e460de1c29
--- /dev/null
+++ b/netwerk/test/unit/test_compareURIs.js
@@ -0,0 +1,61 @@
+"use strict";
+
+function do_info(text, stack) {
+  if (!stack) {
+    stack = Components.stack.caller;
+  }
+
+  dump(
+    "TEST-INFO | " +
+      stack.filename +
+      " | [" +
+      stack.name +
+      " : " +
+      stack.lineNumber +
+      "] " +
+      text +
+      "\n"
+  );
+}
+function run_test() {
+  var tests = [
+    ["http://mozilla.org/", "http://mozilla.org/somewhere/there", true],
+    ["http://mozilla.org/", "http://www.mozilla.org/", false],
+    ["http://mozilla.org/", "http://mozilla.org:80", true],
+    ["http://mozilla.org/", "http://mozilla.org:90", false],
+    ["http://mozilla.org", "https://mozilla.org", false],
+    ["http://mozilla.org", "https://mozilla.org:80", false],
+    ["http://mozilla.org:443", "https://mozilla.org", false],
+    ["https://mozilla.org:443", "https://mozilla.org", true],
+    ["https://mozilla.org:443", "https://mozilla.org/somewhere/", true],
+    ["about:", "about:", false],
+    ["data:text/plain,text", "data:text/plain,text", false],
+    ["about:blank", "about:blank", false],
+    ["about:", "http://mozilla.org/", false],
+    ["about:", "about:config", false],
+    ["about:text/plain,text", "data:text/plain,text", false],
+    ["jar:http://mozilla.org/!/", "http://mozilla.org/", true],
+    ["view-source:http://mozilla.org/", "http://mozilla.org/", true],
+  ];
+
+  tests.forEach(function (aTest) {
+    do_info("Comparing " + aTest[0] + " to " + aTest[1]);
+
+    var uri1 = NetUtil.newURI(aTest[0]);
+    var uri2 = NetUtil.newURI(aTest[1]);
+
+    var equal;
+    try {
+      Services.scriptSecurityManager.checkSameOriginURI(
+        uri1,
+        uri2,
+        false,
+        false
+      );
+      equal = true;
+    } catch (e) {
+      equal = false;
+    }
+    Assert.equal(equal, aTest[2]);
+  });
+}
diff --git a/netwerk/test/unit/test_compressappend.js b/netwerk/test/unit/test_compressappend.js
new file mode 100644
index 0000000000..05f19be4b5
--- /dev/null
+++ b/netwerk/test/unit/test_compressappend.js
@@ -0,0 +1,99 @@
+//
+// Test that data can be appended to a cache entry even when the data is
+// compressed by the cache compression feature - bug 648429.
+//
+
+"use strict";
+
+function write_and_check(str, data, len) {
+  var written = str.write(data, len);
+  if (written != len) {
+    do_throw(
+      "str.write has not written all data!\n" +
+        "  Expected: " +
+        len +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+}
+
+function TestAppend(compress, callback) {
+  this._compress = compress;
+  this._callback = callback;
+  this.run();
+}
+
+TestAppend.prototype = {
+  _compress: false,
+  _callback: null,
+
+  run() {
+    evict_cache_entries();
+    asyncOpenCacheEntry(
+      "http://data/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      this.writeData.bind(this)
+    );
+  },
+
+  writeData(status, entry) {
+    Assert.equal(status, Cr.NS_OK);
+    if (this._compress) {
+      entry.setMetaDataElement("uncompressed-len", "0");
+    }
+    var os = entry.openOutputStream(0, 5);
+    write_and_check(os, "12345", 5);
+    os.close();
+    entry.close();
+    asyncOpenCacheEntry(
+      "http://data/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_NORMALLY,
+      null,
+      this.appendData.bind(this)
+    );
+  },
+
+  appendData(status, entry) {
+    Assert.equal(status, Cr.NS_OK);
+    var os = entry.openOutputStream(entry.storageDataSize, 5);
+    write_and_check(os, "abcde", 5);
+    os.close();
+    entry.close();
+
+    asyncOpenCacheEntry(
+      "http://data/",
+      "disk",
+      Ci.nsICacheStorage.OPEN_READONLY,
+      null,
+      this.checkData.bind(this)
+    );
+  },
+
+  checkData(status, entry) {
+    Assert.equal(status, Cr.NS_OK);
+    var self = this;
+    pumpReadStream(entry.openInputStream(0), function (str) {
+      Assert.equal(str.length, 10);
+      Assert.equal(str, "12345abcde");
+      entry.close();
+
+      executeSoon(self._callback);
+    });
+  },
+};
+
+function run_test() {
+  do_get_profile();
+  new TestAppend(false, run_test2);
+  do_test_pending();
+}
+
+function run_test2() {
+  new TestAppend(true, do_test_finished);
+}
diff --git a/netwerk/test/unit/test_connection_based_auth.js b/netwerk/test/unit/test_connection_based_auth.js
new file mode 100644
index 0000000000..3a21ffcb77
--- /dev/null
+++ b/netwerk/test/unit/test_connection_based_auth.js
@@ -0,0 +1,91 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function test_connection_based_auth() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
+
+  let proxy = new NodeHTTPSProxyServer();
+  await proxy.start();
+
+  await proxy.registerConnectHandler((req, clientSocket, head) => {
+    if (!req.headers["proxy-authorization"]) {
+      clientSocket.write(
+        "HTTP/1.1 407 Unauthorized\r\n" +
+          "Proxy-agent: Node.js-Proxy\r\n" +
+          "Connection: keep-alive\r\n" +
+          "Proxy-Authenticate: mock_auth\r\n" +
+          "Content-Length: 0\r\n" +
+          "\r\n"
+      );
+
+      clientSocket.on("data", data => {
+        let array = data.toString().split("\r\n");
+        let proxyAuthorization = "";
+        for (let line of array) {
+          let pair = line.split(":").map(element => element.trim());
+          if (pair[0] === "Proxy-Authorization") {
+            proxyAuthorization = pair[1];
+          }
+        }
+
+        if (proxyAuthorization === "moz_test_credentials") {
+          // We don't return 200 OK here, because we don't have a server
+          // to connect to.
+          clientSocket.write(
+            "HTTP/1.1 404 Not Found\r\nProxy-agent: Node.js-Proxy\r\n\r\n"
+          );
+        } else {
+          clientSocket.write(
+            "HTTP/1.1 502 Error\r\nProxy-agent: Node.js-Proxy\r\n\r\n"
+          );
+        }
+        clientSocket.destroy();
+      });
+      return;
+    }
+
+    // We should not reach here.
+    clientSocket.write(
+      "HTTP/1.1 502 Error\r\nProxy-agent: Node.js-Proxy\r\n\r\n"
+    );
+    clientSocket.destroy();
+  });
+
+  let chan = makeChan(`https://example.ntlm.com/test`);
+  let [req] = await channelOpenPromise(chan, CL_EXPECT_FAILURE);
+  Assert.equal(req.status, Cr.NS_ERROR_UNKNOWN_HOST);
+  req.QueryInterface(Ci.nsIProxiedChannel);
+  Assert.equal(req.httpProxyConnectResponseCode, 404);
+
+  await proxy.stop();
+});
diff --git a/netwerk/test/unit/test_content_encoding_gzip.js b/netwerk/test/unit/test_content_encoding_gzip.js
new file mode 100644
index 0000000000..48479034b8
--- /dev/null
+++ b/netwerk/test/unit/test_content_encoding_gzip.js
@@ -0,0 +1,163 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var index = 0;
+var tests = [
+  {
+    url: "/test/cegzip1",
+    flags: CL_EXPECT_GZIP,
+    ce: "gzip",
+    body: [
+      0x1f, 0x8b, 0x08, 0x08, 0x5a, 0xa0, 0x31, 0x4f, 0x00, 0x03, 0x74, 0x78,
+      0x74, 0x00, 0x2b, 0xc9, 0xc8, 0x2c, 0x56, 0x00, 0xa2, 0x92, 0xd4, 0xe2,
+      0x12, 0x43, 0x2e, 0x00, 0xb9, 0x23, 0xd7, 0x3b, 0x0e, 0x00, 0x00, 0x00,
+    ],
+    datalen: 14, // the data length of the uncompressed document
+  },
+
+  {
+    url: "/test/cegzip2",
+    flags: CL_EXPECT_GZIP,
+    ce: "gzip, gzip",
+    body: [
+      0x1f, 0x8b, 0x08, 0x00, 0x72, 0xa1, 0x31, 0x4f, 0x00, 0x03, 0x93, 0xef,
+      0xe6, 0xe0, 0x88, 0x5a, 0x60, 0xe8, 0xcf, 0xc0, 0x5c, 0x52, 0x51, 0xc2,
+      0xa0, 0x7d, 0xf2, 0x84, 0x4e, 0x18, 0xc3, 0xa2, 0x49, 0x57, 0x1e, 0x09,
+      0x39, 0xeb, 0x31, 0xec, 0x54, 0xbe, 0x6e, 0xcd, 0xc7, 0xc0, 0xc0, 0x00,
+      0x00, 0x6e, 0x90, 0x7a, 0x85, 0x24, 0x00, 0x00, 0x00,
+    ],
+    datalen: 14, // the data length of the uncompressed document
+  },
+
+  {
+    url: "/test/cebrotli1",
+    flags: CL_EXPECT_GZIP,
+    ce: "br",
+    body: [0x0b, 0x02, 0x80, 0x74, 0x65, 0x73, 0x74, 0x0a, 0x03],
+
+    datalen: 5, // the data length of the uncompressed document
+  },
+
+  // this is a truncated brotli document, producing no output bytes
+  {
+    url: "/test/cebrotli2",
+    flags: CL_EXPECT_GZIP,
+    ce: "br",
+    body: [0x0b, 0x0a, 0x09],
+    datalen: 0,
+  },
+
+  // this is brotli but should come through as identity due to prefs
+  {
+    url: "/test/cebrotli3",
+    flags: 0,
+    ce: "br",
+    body: [0x0b, 0x02, 0x80, 0x74, 0x65, 0x73, 0x74, 0x0a, 0x03],
+
+    datalen: 9,
+  },
+
+  // this is not a brotli document
+  {
+    url: "/test/cebrotli4",
+    flags: CL_EXPECT_GZIP | CL_EXPECT_FAILURE,
+    ce: "br",
+    body: [
+      0x01, 0xe6, 0x00, 0x76, 0x42, 0x10, 0x01, 0x1c, 0x24, 0x24, 0x3c, 0xd7,
+      0xd7, 0xd7, 0x01, 0x1c,
+    ],
+    datalen: 16,
+  },
+
+  // this is a brotli document
+  {
+    url: "/test/cebrotli5",
+    flags: CL_EXPECT_GZIP,
+    ce: "br",
+    body: [0x0b, 0x00, 0x80, 0x4e, 0x03],
+    datalen: 1,
+  },
+
+  // this a truncated brotli document (missing the end marker)
+  // producing one output byte
+  {
+    url: "/test/cebrotli6",
+    flags: CL_EXPECT_GZIP,
+    ce: "br",
+    body: [0x0b, 0x00, 0x80, 0x4e],
+    datalen: 1,
+  },
+];
+
+function setupChannel(url) {
+  return NetUtil.newChannel({
+    uri: "http://localhost:" + httpserver.identity.primaryPort + url,
+    loadUsingSystemPrincipal: true,
+  });
+}
+
+function startIter() {
+  if (tests[index].url === "/test/cebrotli3") {
+    // this test wants to make sure we don't do brotli when not in a-e
+    prefs.setCharPref("network.http.accept-encoding", "gzip, deflate");
+  } else {
+    prefs.setCharPref("network.http.accept-encoding", "gzip, deflate, br");
+  }
+  var channel = setupChannel(tests[index].url);
+  channel.asyncOpen(
+    new ChannelListener(completeIter, channel, tests[index].flags)
+  );
+}
+
+function completeIter(request, data, ctx) {
+  if (!(tests[index].flags & CL_EXPECT_FAILURE)) {
+    Assert.equal(data.length, tests[index].datalen, "test " + index);
+  }
+  if (++index < tests.length) {
+    startIter();
+  } else {
+    httpserver.stop(do_test_finished);
+    prefs.setCharPref("network.http.accept-encoding", cePref);
+  }
+}
+
+var prefs;
+var cePref;
+function run_test() {
+  prefs = Services.prefs;
+  cePref = prefs.getCharPref("network.http.accept-encoding");
+  prefs.setBoolPref("network.http.encoding.trustworthy_is_https", false);
+
+  httpserver.registerPathHandler("/test/cegzip1", handler);
+  httpserver.registerPathHandler("/test/cegzip2", handler);
+  httpserver.registerPathHandler("/test/cebrotli1", handler);
+  httpserver.registerPathHandler("/test/cebrotli2", handler);
+  httpserver.registerPathHandler("/test/cebrotli3", handler);
+  httpserver.registerPathHandler("/test/cebrotli4", handler);
+  httpserver.registerPathHandler("/test/cebrotli5", handler);
+  httpserver.registerPathHandler("/test/cebrotli6", handler);
+  httpserver.start(-1);
+
+  startIter();
+  do_test_pending();
+}
+
+function handler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Encoding", tests[index].ce, false);
+  response.setHeader("Content-Length", "" + tests[index].body.length, false);
+
+  var bos = Cc["@mozilla.org/binaryoutputstream;1"].createInstance(
+    Ci.nsIBinaryOutputStream
+  );
+  bos.setOutputStream(response.bodyOutputStream);
+
+  response.processAsync();
+  bos.writeByteArray(tests[index].body);
+  response.finish();
+}
diff --git a/netwerk/test/unit/test_content_length_underrun.js b/netwerk/test/unit/test_content_length_underrun.js
new file mode 100644
index 0000000000..f5f8e40a8a
--- /dev/null
+++ b/netwerk/test/unit/test_content_length_underrun.js
@@ -0,0 +1,295 @@
+/*
+ * Test Content-Length underrun behavior
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+// Test infrastructure
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var test_flags = [];
+var testPathBase = "/cl_hdrs";
+
+var prefs;
+var enforcePrefStrict;
+var enforcePrefSoft;
+var enforcePrefStrictChunked;
+
+Services.prefs.setBoolPref("security.allow_eval_with_system_principal", true);
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("security.allow_eval_with_system_principal");
+});
+
+function run_test() {
+  prefs = Services.prefs;
+  enforcePrefStrict = prefs.getBoolPref("network.http.enforce-framing.http1");
+  enforcePrefSoft = prefs.getBoolPref("network.http.enforce-framing.soft");
+  enforcePrefStrictChunked = prefs.getBoolPref(
+    "network.http.enforce-framing.strict_chunked_encoding"
+  );
+
+  prefs.setBoolPref("network.http.enforce-framing.http1", true);
+
+  httpserver.start(-1);
+
+  do_test_pending();
+  run_test_number(1);
+}
+
+function run_test_number(num) {
+  let testPath = testPathBase + num;
+  // eslint-disable-next-line no-eval
+  httpserver.registerPathHandler(testPath, eval("handler" + num));
+
+  var channel = setupChannel(testPath);
+  let flags = test_flags[num]; // OK if flags undefined for test
+  channel.asyncOpen(
+    // eslint-disable-next-line no-eval
+    new ChannelListener(eval("completeTest" + num), channel, flags)
+  );
+}
+
+function run_gzip_test(num) {
+  let testPath = testPathBase + num;
+  // eslint-disable-next-line no-eval
+  httpserver.registerPathHandler(testPath, eval("handler" + num));
+
+  var channel = setupChannel(testPath);
+
+  function StreamListener() {}
+
+  StreamListener.prototype = {
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIStreamListener",
+      "nsIRequestObserver",
+    ]),
+
+    onStartRequest(aRequest) {},
+
+    onStopRequest(aRequest, aStatusCode) {
+      // Make sure we catch the error NS_ERROR_NET_PARTIAL_TRANSFER here.
+      Assert.equal(aStatusCode, Cr.NS_ERROR_NET_PARTIAL_TRANSFER);
+      //  do_test_finished();
+      endTests();
+    },
+
+    onDataAvailable(request, stream, offset, count) {},
+  };
+
+  let listener = new StreamListener();
+
+  channel.asyncOpen(listener);
+}
+
+function setupChannel(url) {
+  var chan = NetUtil.newChannel({
+    uri: URL + url,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  return httpChan;
+}
+
+function endTests() {
+  // restore the prefs to pre-test values
+  prefs.setBoolPref("network.http.enforce-framing.http1", enforcePrefStrict);
+  prefs.setBoolPref("network.http.enforce-framing.soft", enforcePrefSoft);
+  prefs.setBoolPref(
+    "network.http.enforce-framing.strict_chunked_encoding",
+    enforcePrefStrictChunked
+  );
+  httpserver.stop(do_test_finished);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 1: FAIL because of Content-Length underrun with HTTP 1.1
+test_flags[1] = CL_EXPECT_LATE_FAILURE;
+
+// eslint-disable-next-line no-unused-vars
+function handler1(metadata, response) {
+  var body = "blablabla";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 556677\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest1(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_NET_PARTIAL_TRANSFER);
+
+  run_test_number(11);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 11: PASS because of Content-Length underrun with HTTP 1.1 but non 2xx
+test_flags[11] = CL_IGNORE_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler11(metadata, response) {
+  var body = "blablabla";
+
+  response.seizePower();
+  response.write("HTTP/1.1 404 NotOK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 556677\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest11(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  run_test_number(2);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 2: Succeed because Content-Length underrun is with HTTP 1.0
+
+test_flags[2] = CL_IGNORE_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler2(metadata, response) {
+  var body = "short content";
+
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 12345678\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest2(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+
+  // test 3 requires the enforce-framing prefs to be false
+  prefs.setBoolPref("network.http.enforce-framing.http1", false);
+  prefs.setBoolPref("network.http.enforce-framing.soft", false);
+  prefs.setBoolPref(
+    "network.http.enforce-framing.strict_chunked_encoding",
+    false
+  );
+  run_test_number(3);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 3: SUCCEED with bad Content-Length because pref allows it
+test_flags[3] = CL_IGNORE_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler3(metadata, response) {
+  var body = "blablabla";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 556677\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest3(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  prefs.setBoolPref("network.http.enforce-framing.soft", true);
+  run_test_number(4);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 4: Succeed because a cut off deflate stream can't be detected
+test_flags[4] = CL_IGNORE_CL;
+
+// eslint-disable-next-line no-unused-vars
+function handler4(metadata, response) {
+  // this is the beginning of a deflate compressed response body
+
+  var body =
+    "\xcd\x57\xcd\x6e\x1b\x37\x10\xbe\x07\xc8\x3b\x0c\x36\x68\x72\xd1" +
+    "\xbf\x92\x22\xb1\x57\x0a\x64\x4b\x6a\x0c\x28\xb6\x61\xa9\x41\x73" +
+    "\x2a\xb8\xbb\x94\x44\x98\xfb\x03\x92\x92\xec\x06\x7d\x97\x1e\xeb" +
+    "\xbe\x86\x5e\xac\xc3\x25\x97\xa2\x64\xb9\x75\x0b\x14\xe8\x69\x87" +
+    "\x33\x9c\x1f\x7e\x33\x9c\xe1\x86\x9f\x66\x9f\x27\xfd\x97\x2f\x20" +
+    "\xfc\x34\x1a\x0c\x35\x01\xa1\x62\x8a\xd3\xfe\xf5\xcd\xd5\xe5\xd5" +
+    "\x6c\x54\x83\x49\xbe\x60\x31\xa3\x1c\x12\x0a\x0b\x2a\x15\xcb\x33" +
+    "\x4d\xae\x19\x05\x19\xe7\x9c\x30\x41\x1b\x61\xd3\x28\x95\xfa\x29" +
+    "\x55\x04\x32\x92\xd2\x5e\x90\x50\x19\x0b\x56\x68\x9d\x00\xe2\x3c" +
+    "\x53\x34\x53\xbd\xc0\x99\x56\xf9\x4a\x51\xe0\x64\xcf\x18\x24\x24" +
+    "\x93\xb0\xca\x40\xd2\x15\x07\x6e\xbd\x37\x60\x82\x3b\x8f\x86\x22" +
+    "\x21\xcb\x15\x95\x35\x20\x91\xa4\x59\xac\xa9\x62\x95\x31\xed\x14" +
+    "\xc9\x98\x2c\x19\x15\x3a\x62\x45\xef\x70\x1b\x50\x05\xa4\x28\xc4" +
+    "\xf6\x21\x66\xa4\xdc\x83\x32\x09\x85\xc8\xe7\x54\xa2\x4b\x81\x74" +
+    "\xbe\x12\xc0\x91\xb9\x7d\x50\x24\xe2\x0c\xd9\x29\x06\x2e\xdd\x79";
+
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 553677\r\n");
+  response.write("Content-Encoding: deflate\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest4(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+
+  prefs.setBoolPref("network.http.enforce-framing.http1", true);
+  run_gzip_test(99);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 99: FAIL because a cut off gzip stream CAN be detected
+
+// Note that test 99 here is run completely different than the other tests in
+// this file so if you add more tests here, consider adding them before this.
+
+// eslint-disable-next-line no-unused-vars
+function handler99(metadata, response) {
+  // this is the beginning of a gzip compressed response body
+
+  var body =
+    "\x1f\x8b\x08\x00\x80\xb9\x25\x53\x00\x03\xd4\xd9\x79\xb8\x8e\xe5" +
+    "\xba\x00\xf0\x65\x19\x33\x24\x15\x29\xf3\x50\x52\xc6\xac\x85\x10" +
+    "\x8b\x12\x22\x45\xe6\xb6\x21\x9a\x96\x84\x4c\x69\x32\xec\x84\x92" +
+    "\xcc\x99\x6a\xd9\x32\xa5\xd0\x40\xd9\xc6\x14\x15\x95\x28\x62\x9b" +
+    "\x09\xc9\x70\x4a\x25\x53\xec\x8e\x9c\xe5\x1c\x9d\xeb\xfe\x9d\x73" +
+    "\x9d\x3f\xf6\x1f\xe7\xbd\xae\xcf\xf3\xbd\xbf\xef\x7e\x9f\xeb\x79" +
+    "\xef\xf7\x99\xde\xe5\xee\x6e\xdd\x3b\x75\xeb\xd1\xb5\x6c\xb3\xd4" +
+    "\x47\x1f\x48\xf8\x17\x1d\x15\xce\x1d\x55\x92\x93\xcf\x97\xe7\x8e" +
+    "\x8b\xca\xe4\xca\x55\x92\x2a\x54\x4e\x4e\x4e\x4a\xa8\x78\x53\xa5" +
+    "\x8a\x15\x2b\x55\x4a\xfa\xe3\x7b\x85\x8a\x37\x55\x48\xae\x92\x50" +
+    "\xb4\xc2\xbf\xaa\x41\x17\x1f\xbd\x7b\xf6\xba\xaf\x47\xd1\xa2\x09" +
+    "\x3d\xba\x75\xeb\xf5\x3f\xc5\xfd\x6f\xbf\xff\x3f\x3d\xfa\xd7\x6d" +
+    "\x74\x7b\x62\x86\x0c\xff\x79\x9e\x98\x50\x33\xe1\x8f\xb3\x01\xef" +
+    "\xb6\x38\x7f\x9e\x92\xee\xf9\xa7\xee\xcb\x74\x21\x26\x25\xa1\x6a" +
+    "\x42\xf6\x73\xff\x96\x4c\x28\x91\x90\xe5\xdc\x79\xa6\x8b\xe2\x52" +
+    "\xd2\xbf\x5d\x28\x2b\x24\x26\xfc\xa9\xcc\x96\x1e\x97\x31\xfd\xba" +
+    "\xee\xe9\xde\x3d\x31\xe5\x4f\x65\xc1\xf4\xb8\x0b\x65\x86\x8b\xca";
+  response.seizePower();
+  response.write("HTTP/1.1 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 553677\r\n");
+  response.write("Content-Encoding: gzip\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
diff --git a/netwerk/test/unit/test_content_sniffer.js b/netwerk/test/unit/test_content_sniffer.js
new file mode 100644
index 0000000000..26fb55cece
--- /dev/null
+++ b/netwerk/test/unit/test_content_sniffer.js
@@ -0,0 +1,157 @@
+// This file tests nsIContentSniffer, introduced in bug 324985
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const unknownType = "application/x-unknown-content-type";
+const sniffedType = "application/x-sniffed";
+
+const snifferCID = Components.ID("{4c93d2db-8a56-48d7-b261-9cf2a8d998eb}");
+const snifferContract = "@mozilla.org/network/unittest/contentsniffer;1";
+const categoryName = "net-content-sniffers";
+
+var sniffing_enabled = true;
+
+var isNosniff = false;
+
+/**
+ * This object is both a factory and an nsIContentSniffer implementation (so, it
+ * is de-facto a service)
+ */
+var sniffer = {
+  QueryInterface: ChromeUtils.generateQI(["nsIFactory", "nsIContentSniffer"]),
+  createInstance: function sniffer_ci(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  getMIMETypeFromContent(request, data, length) {
+    return sniffedType;
+  },
+};
+
+var listener = {
+  onStartRequest: function test_onStartR(request) {
+    try {
+      var chan = request.QueryInterface(Ci.nsIChannel);
+      if (chan.contentType == unknownType) {
+        do_throw("Type should not be unknown!");
+      }
+      if (isNosniff) {
+        if (chan.contentType == sniffedType) {
+          do_throw("Sniffer called for X-Content-Type-Options:nosniff");
+        }
+      } else if (
+        sniffing_enabled &&
+        this._iteration > 2 &&
+        chan.contentType != sniffedType
+      ) {
+        do_throw(
+          "Expecting <" +
+            sniffedType +
+            "> but got <" +
+            chan.contentType +
+            "> for " +
+            chan.URI.spec
+        );
+      } else if (!sniffing_enabled && chan.contentType == sniffedType) {
+        do_throw(
+          "Sniffing not enabled but sniffer called for " + chan.URI.spec
+        );
+      }
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable: function test_ODA() {
+    throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED);
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    run_test_iteration(this._iteration);
+    do_test_finished();
+  },
+
+  _iteration: 1,
+};
+
+function makeChan(url) {
+  var chan = NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+  if (sniffing_enabled) {
+    chan.loadFlags |= Ci.nsIChannel.LOAD_CALL_CONTENT_SNIFFERS;
+  }
+
+  return chan;
+}
+
+var httpserv = null;
+var urls = null;
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/nosniff", nosniffHandler);
+  httpserv.start(-1);
+
+  urls = [
+    // NOTE: First URL here runs without our content sniffer
+    "data:" + unknownType + ", Some text",
+    "data:" + unknownType + ", Text", // Make sure sniffing works even if we
+    // used the unknown content sniffer too
+    "data:text/plain, Some more text",
+    "http://localhost:" + httpserv.identity.primaryPort,
+    "http://localhost:" + httpserv.identity.primaryPort + "/nosniff",
+  ];
+
+  Components.manager.nsIComponentRegistrar.registerFactory(
+    snifferCID,
+    "Unit test content sniffer",
+    snifferContract,
+    sniffer
+  );
+
+  run_test_iteration(1);
+}
+
+function nosniffHandler(request, response) {
+  response.setHeader("X-Content-Type-Options", "nosniff");
+}
+
+function run_test_iteration(index) {
+  if (index > urls.length) {
+    if (sniffing_enabled) {
+      sniffing_enabled = false;
+      index = listener._iteration = 1;
+    } else {
+      do_test_pending();
+      httpserv.stop(do_test_finished);
+      return; // we're done
+    }
+  }
+
+  if (sniffing_enabled && index == 2) {
+    // Register our sniffer only here
+    // This also makes sure that dynamic registration is working
+    var catMan = Services.catMan;
+    catMan.nsICategoryManager.addCategoryEntry(
+      categoryName,
+      "unit test",
+      snifferContract,
+      false,
+      true
+    );
+  } else if (sniffing_enabled && index == 5) {
+    isNosniff = true;
+  }
+
+  var chan = makeChan(urls[index - 1]);
+
+  listener._iteration++;
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cookie_blacklist.js b/netwerk/test/unit/test_cookie_blacklist.js
new file mode 100644
index 0000000000..d6d25927e9
--- /dev/null
+++ b/netwerk/test/unit/test_cookie_blacklist.js
@@ -0,0 +1,43 @@
+"use strict";
+
+const GOOD_COOKIE = "GoodCookie=OMNOMNOM";
+const SPACEY_COOKIE = "Spacey Cookie=Major Tom";
+
+add_task(async () => {
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  var cookieURI = Services.io.newURI(
+    "http://mozilla.org/test_cookie_blacklist.js"
+  );
+  const channel = NetUtil.newChannel({
+    uri: cookieURI,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+
+  Services.cookies.setCookieStringFromHttp(
+    cookieURI,
+    "BadCookie1=\x01",
+    channel
+  );
+  Services.cookies.setCookieStringFromHttp(cookieURI, "BadCookie2=\v", channel);
+  Services.cookies.setCookieStringFromHttp(
+    cookieURI,
+    "Bad\x07Name=illegal",
+    channel
+  );
+  Services.cookies.setCookieStringFromHttp(cookieURI, GOOD_COOKIE, channel);
+  Services.cookies.setCookieStringFromHttp(cookieURI, SPACEY_COOKIE, channel);
+
+  CookieXPCShellUtils.createServer({ hosts: ["mozilla.org"] });
+
+  const storedCookie = await CookieXPCShellUtils.getCookieStringFromDocument(
+    cookieURI.spec
+  );
+  Assert.equal(storedCookie, GOOD_COOKIE + "; " + SPACEY_COOKIE);
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_cookie_header.js b/netwerk/test/unit/test_cookie_header.js
new file mode 100644
index 0000000000..a5326ef25c
--- /dev/null
+++ b/netwerk/test/unit/test_cookie_header.js
@@ -0,0 +1,112 @@
+// This file tests bug 250375
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort + "/";
+});
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+function check_request_header(chan, name, value) {
+  var chanValue;
+  try {
+    chanValue = chan.getRequestHeader(name);
+  } catch (e) {
+    do_throw(
+      "Expected to find header '" +
+        name +
+        "' but didn't find it, got exception: " +
+        e
+    );
+  }
+  dump("Value for header '" + name + "' is '" + chanValue + "'\n");
+  Assert.equal(chanValue, value);
+}
+
+var cookieVal = "C1=V1";
+
+var listener = {
+  onStartRequest: function test_onStartR(request) {
+    try {
+      var chan = request.QueryInterface(Ci.nsIHttpChannel);
+      check_request_header(chan, "Cookie", cookieVal);
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable: function test_ODA() {
+    throw Components.Exception("", Cr.NS_ERROR_UNEXPECTED);
+  },
+
+  onStopRequest: async function test_onStopR(request, status) {
+    if (this._iteration == 1) {
+      await run_test_continued();
+    } else {
+      do_test_pending();
+      httpserv.stop(do_test_finished);
+    }
+    do_test_finished();
+  },
+
+  _iteration: 1,
+};
+
+function makeChan() {
+  return NetUtil.newChannel({
+    uri: URL,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var httpserv = null;
+
+function run_test() {
+  // Allow all cookies if the pref service is available in this process.
+  if (!inChildProcess()) {
+    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+    Services.prefs.setBoolPref(
+      "network.cookieJarSettings.unblocked_for_testing",
+      true
+    );
+  }
+
+  httpserv = new HttpServer();
+  httpserv.start(-1);
+
+  var chan = makeChan();
+
+  chan.setRequestHeader("Cookie", cookieVal, false);
+
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+async function run_test_continued() {
+  var chan = makeChan();
+
+  var cookie2 = "C2=V2";
+
+  await CookieXPCShellUtils.setCookieToDocument(chan.URI.spec, cookie2);
+
+  chan.setRequestHeader("Cookie", cookieVal, false);
+
+  // We expect that the setRequestHeader overrides the
+  // automatically-added one, so insert cookie2 in front
+  cookieVal = cookie2 + "; " + cookieVal;
+
+  listener._iteration++;
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_cookie_ipv6.js b/netwerk/test/unit/test_cookie_ipv6.js
new file mode 100644
index 0000000000..a91b8a6848
--- /dev/null
+++ b/netwerk/test/unit/test_cookie_ipv6.js
@@ -0,0 +1,53 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  Test that channels with different LoadInfo
+ *  are stored in separate namespaces ("cookie jars")
+ */
+
+"use strict";
+
+let ip = "[::1]";
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return `http://${ip}:${httpserver.identity.primaryPort}/`;
+});
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+let httpserver = new HttpServer();
+
+function cookieSetHandler(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader(
+    "Set-Cookie",
+    `Set-Cookie: T1=T2; path=/; SameSite=Lax; domain=${ip}; httponly`,
+    false
+  );
+  response.setHeader("Content-Type", "text/html");
+  response.setHeader("Content-Length", "2");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
+
+add_task(async function test_cookie_ipv6() {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  httpserver.registerPathHandler("/", cookieSetHandler);
+  httpserver._start(-1, ip);
+
+  var chan = NetUtil.newChannel({
+    uri: URL,
+    loadUsingSystemPrincipal: true,
+  });
+  await new Promise(resolve => {
+    chan.asyncOpen(new ChannelListener(resolve));
+  });
+  equal(Services.cookies.cookies.length, 1);
+});
diff --git a/netwerk/test/unit/test_cookie_partitioned_attribute.js b/netwerk/test/unit/test_cookie_partitioned_attribute.js
new file mode 100644
index 0000000000..f1f3744831
--- /dev/null
+++ b/netwerk/test/unit/test_cookie_partitioned_attribute.js
@@ -0,0 +1,80 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+function count_IsPartitioned(bool) {
+  var cookieCountIsPartitioned = 0;
+  Services.cookies.cookies.forEach(cookie => {
+    if (cookie.isPartitioned === bool) {
+      cookieCountIsPartitioned += 1;
+    }
+  });
+  return cookieCountIsPartitioned;
+}
+
+add_task(async function test_IsPartitioned() {
+  let profile = do_get_profile();
+  let dbFile = do_get_cookie_file(profile);
+  Assert.ok(!dbFile.exists());
+
+  let schema13db = new CookieDatabaseConnection(dbFile, 13);
+  let now = Date.now() * 1000; // date in microseconds
+
+  // add some non-partitioned cookies for key
+  let nUnpartitioned = 5;
+  let hostNonPartitioned = "cookie-host-non-partitioned.com";
+  for (let i = 0; i < nUnpartitioned; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostNonPartitioned,
+      "/", // path
+      now, // expiry
+      now, // last accessed
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      {} // OA
+    );
+    schema13db.insertCookie(cookie);
+  }
+
+  // add some partitioned cookies
+  let nPartitioned = 5;
+  let hostPartitioned = "host-partitioned.com";
+  for (let i = 0; i < nPartitioned; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostPartitioned,
+      "/", // path
+      now, // expiry
+      now, // last accessed
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      { partitionKey: "(https,example.com)" }
+    );
+    schema13db.insertCookie(cookie);
+  }
+
+  Assert.equal(do_count_cookies_in_db(schema13db.db), 10);
+
+  // Startup the cookie service and check the cookie counts by OA
+  let cookieCountNonPart =
+    Services.cookies.countCookiesFromHost(hostNonPartitioned); // includes expired cookies
+  Assert.equal(cookieCountNonPart, nUnpartitioned);
+  let cookieCountPart = Services.cookies.getCookiesFromHost(hostPartitioned, {
+    partitionKey: "(https,example.com)",
+  }).length; // includes expired cookies
+  Assert.equal(cookieCountPart, nPartitioned);
+
+  // Startup the cookie service and check the cookie counts by isPartitioned (IsPartitioned())
+  Assert.equal(count_IsPartitioned(false), nUnpartitioned);
+  Assert.equal(count_IsPartitioned(true), nPartitioned);
+
+  schema13db.close();
+});
diff --git a/netwerk/test/unit/test_cookiejars.js b/netwerk/test/unit/test_cookiejars.js
new file mode 100644
index 0000000000..1d78893f8c
--- /dev/null
+++ b/netwerk/test/unit/test_cookiejars.js
@@ -0,0 +1,188 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ *  Test that channels with different LoadInfo
+ *  are stored in separate namespaces ("cookie jars")
+ */
+
+"use strict";
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+
+var cookieSetPath = "/setcookie";
+var cookieCheckPath = "/checkcookie";
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+// Test array:
+//  - element 0: name for cookie, used both to set and later to check
+//  - element 1: loadInfo (determines cookie namespace)
+//
+// TODO: bug 722850: make private browsing work per-app, and add tests.  For now
+// all values are 'false' for PB.
+
+var tests = [
+  {
+    cookieName: "LCC_App0_BrowF_PrivF",
+    originAttributes: new OriginAttributes(0, false, 0),
+  },
+  {
+    cookieName: "LCC_App0_BrowT_PrivF",
+    originAttributes: new OriginAttributes(0, true, 0),
+  },
+  {
+    cookieName: "LCC_App1_BrowF_PrivF",
+    originAttributes: new OriginAttributes(1, false, 0),
+  },
+  {
+    cookieName: "LCC_App1_BrowT_PrivF",
+    originAttributes: new OriginAttributes(1, true, 0),
+  },
+];
+
+// test number: index into 'tests' array
+var i = 0;
+
+function setupChannel(path) {
+  var chan = NetUtil.newChannel({
+    uri: URL + path,
+    loadUsingSystemPrincipal: true,
+  });
+  chan.loadInfo.originAttributes = tests[i].originAttributes;
+  chan.QueryInterface(Ci.nsIHttpChannel);
+
+  let loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(
+    Ci.nsILoadGroup
+  );
+
+  if (chan.loadInfo.originAttributes.privateBrowsingId == 0) {
+    loadGroup.notificationCallbacks = Cu.createLoadContext();
+    chan.loadGroup = loadGroup;
+
+    chan.notificationCallbacks = Cu.createLoadContext();
+  } else {
+    loadGroup.notificationCallbacks = Cu.createPrivateLoadContext();
+    chan.loadGroup = loadGroup;
+
+    chan.notificationCallbacks = Cu.createPrivateLoadContext();
+  }
+
+  return chan;
+}
+
+function setCookie() {
+  var channel = setupChannel(cookieSetPath);
+  channel.setRequestHeader("foo-set-cookie", tests[i].cookieName, false);
+  channel.asyncOpen(new ChannelListener(setNextCookie, null));
+}
+
+function setNextCookie(request, data, context) {
+  if (++i == tests.length) {
+    // all cookies set: switch to checking them
+    i = 0;
+    checkCookie();
+  } else {
+    info("setNextCookie:i=" + i);
+    setCookie();
+  }
+}
+
+// Open channel that should send one and only one correct Cookie: header to
+// server, corresponding to it's namespace
+function checkCookie() {
+  var channel = setupChannel(cookieCheckPath);
+  channel.asyncOpen(new ChannelListener(completeCheckCookie, null));
+}
+
+function completeCheckCookie(request, data, context) {
+  // Look for all cookies in what the server saw: fail if we see any besides the
+  // one expected cookie for each namespace;
+  var expectedCookie = tests[i].cookieName;
+  request.QueryInterface(Ci.nsIHttpChannel);
+  var cookiesSeen = request.getResponseHeader("foo-saw-cookies");
+
+  var j;
+  for (j = 0; j < tests.length; j++) {
+    var cookieToCheck = tests[j].cookieName;
+    let found = cookiesSeen.includes(cookieToCheck);
+    if (found && expectedCookie != cookieToCheck) {
+      do_throw(
+        "test index " +
+          i +
+          ": found unexpected cookie '" +
+          cookieToCheck +
+          "': in '" +
+          cookiesSeen +
+          "'"
+      );
+    } else if (!found && expectedCookie == cookieToCheck) {
+      do_throw(
+        "test index " +
+          i +
+          ": missing expected cookie '" +
+          expectedCookie +
+          "': in '" +
+          cookiesSeen +
+          "'"
+      );
+    }
+  }
+  // If we get here we're good.
+  info("Saw only correct cookie '" + expectedCookie + "'");
+  Assert.ok(true);
+
+  if (++i == tests.length) {
+    // end of tests
+    httpserver.stop(do_test_finished);
+  } else {
+    checkCookie();
+  }
+}
+
+function run_test() {
+  // Allow all cookies if the pref service is available in this process.
+  if (!inChildProcess()) {
+    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+    Services.prefs.setBoolPref(
+      "network.cookieJarSettings.unblocked_for_testing",
+      true
+    );
+  }
+
+  httpserver.registerPathHandler(cookieSetPath, cookieSetHandler);
+  httpserver.registerPathHandler(cookieCheckPath, cookieCheckHandler);
+  httpserver.start(-1);
+
+  setCookie();
+  do_test_pending();
+}
+
+function cookieSetHandler(metadata, response) {
+  var cookieName = metadata.getHeader("foo-set-cookie");
+
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("Set-Cookie", cookieName + "=1; Path=/", false);
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
+
+function cookieCheckHandler(metadata, response) {
+  var cookies = metadata.getHeader("Cookie");
+
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("foo-saw-cookies", cookies, false);
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
diff --git a/netwerk/test/unit/test_cookiejars_safebrowsing.js b/netwerk/test/unit/test_cookiejars_safebrowsing.js
new file mode 100644
index 0000000000..855bacef42
--- /dev/null
+++ b/netwerk/test/unit/test_cookiejars_safebrowsing.js
@@ -0,0 +1,231 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * Description of the test:
+ *   We show that we can separate the safebrowsing cookie by creating a custom
+ *   OriginAttributes using a unique safebrowsing first-party domain. Setting this
+ *   custom OriginAttributes on the loadInfo of the channel allows us to query the
+ *   first-party domain and therefore separate the safebrowsing cookie in its own
+ *   cookie-jar. For testing safebrowsing update we do >> NOT << emulate a response
+ *   in the body, rather we only set the cookies in the header of the response
+ *   and confirm that cookies are separated in their own cookie-jar.
+ *
+ * 1) We init safebrowsing and simulate an update (cookies are set for localhost)
+ *
+ * 2) We open a channel that should send regular cookies, but not the
+ *    safebrowsing cookie.
+ *
+ * 3) We open a channel with a custom callback, simulating a safebrowsing cookie
+ *    that should send this simulated safebrowsing cookie as well as the
+ *    real safebrowsing cookies. (Confirming that the safebrowsing cookies
+ *    actually get stored in the correct jar).
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var setCookiePath = "/setcookie";
+var checkCookiePath = "/checkcookie";
+var safebrowsingUpdatePath = "/safebrowsingUpdate";
+var safebrowsingGethashPath = "/safebrowsingGethash";
+var httpserver;
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+function cookieSetHandler(metadata, response) {
+  var cookieName = metadata.getHeader("set-cookie");
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
+
+function cookieCheckHandler(metadata, response) {
+  var cookies = metadata.getHeader("Cookie");
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("saw-cookies", cookies, false);
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
+
+function safebrowsingUpdateHandler(metadata, response) {
+  var cookieName = "sb-update-cookie";
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
+  response.setHeader("Content-Type", "text/plain");
+  response.bodyOutputStream.write("Ok", "Ok".length);
+}
+
+function safebrowsingGethashHandler(metadata, response) {
+  var cookieName = "sb-gethash-cookie";
+  response.setStatusLine(metadata.httpVersion, 200, "Ok");
+  response.setHeader("set-Cookie", cookieName + "=1; Path=/", false);
+  response.setHeader("Content-Type", "text/plain");
+
+  let msg = "test-phish-simplea:1:32\n" + "a".repeat(32);
+  response.bodyOutputStream.write(msg, msg.length);
+}
+
+function setupChannel(path, originAttributes) {
+  var channel = NetUtil.newChannel({
+    uri: URL + path,
+    loadUsingSystemPrincipal: true,
+  });
+  channel.loadInfo.originAttributes = originAttributes;
+  channel.QueryInterface(Ci.nsIHttpChannel);
+  return channel;
+}
+
+function run_test() {
+  // Set up a profile
+  do_get_profile();
+
+  // Allow all cookies if the pref service is available in this process.
+  if (!inChildProcess()) {
+    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+    Services.prefs.setBoolPref(
+      "network.cookieJarSettings.unblocked_for_testing",
+      true
+    );
+  }
+
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler(setCookiePath, cookieSetHandler);
+  httpserver.registerPathHandler(checkCookiePath, cookieCheckHandler);
+  httpserver.registerPathHandler(
+    safebrowsingUpdatePath,
+    safebrowsingUpdateHandler
+  );
+  httpserver.registerPathHandler(
+    safebrowsingGethashPath,
+    safebrowsingGethashHandler
+  );
+
+  httpserver.start(-1);
+  run_next_test();
+}
+
+// this test does not emulate a response in the body,
+// rather we only set the cookies in the header of response.
+add_test(function test_safebrowsing_update() {
+  var streamUpdater = Cc[
+    "@mozilla.org/url-classifier/streamupdater;1"
+  ].getService(Ci.nsIUrlClassifierStreamUpdater);
+
+  function onSuccess() {
+    run_next_test();
+  }
+  function onUpdateError() {
+    do_throw("ERROR: received onUpdateError!");
+  }
+  function onDownloadError() {
+    do_throw("ERROR: received onDownloadError!");
+  }
+
+  streamUpdater.downloadUpdates(
+    "test-phish-simple,test-malware-simple",
+    "",
+    true,
+    URL + safebrowsingUpdatePath,
+    onSuccess,
+    onUpdateError,
+    onDownloadError
+  );
+});
+
+add_test(function test_safebrowsing_gethash() {
+  var hashCompleter = Cc[
+    "@mozilla.org/url-classifier/hashcompleter;1"
+  ].getService(Ci.nsIUrlClassifierHashCompleter);
+
+  hashCompleter.complete(
+    "aaaa",
+    URL + safebrowsingGethashPath,
+    "test-phish-simple",
+    {
+      completionV2(hash, table, chunkId) {},
+
+      completionFinished(status) {
+        Assert.equal(status, Cr.NS_OK);
+        run_next_test();
+      },
+    }
+  );
+});
+
+add_test(function test_non_safebrowsing_cookie() {
+  var cookieName = "regCookie_id0";
+  var originAttributes = new OriginAttributes(0, false, 0);
+
+  function setNonSafeBrowsingCookie() {
+    var channel = setupChannel(setCookiePath, originAttributes);
+    channel.setRequestHeader("set-cookie", cookieName, false);
+    channel.asyncOpen(new ChannelListener(checkNonSafeBrowsingCookie, null));
+  }
+
+  function checkNonSafeBrowsingCookie() {
+    var channel = setupChannel(checkCookiePath, originAttributes);
+    channel.asyncOpen(
+      new ChannelListener(completeCheckNonSafeBrowsingCookie, null)
+    );
+  }
+
+  function completeCheckNonSafeBrowsingCookie(request, data, context) {
+    // Confirm that only the >> ONE << cookie is sent over the channel.
+    var expectedCookie = cookieName + "=1";
+    request.QueryInterface(Ci.nsIHttpChannel);
+    var cookiesSeen = request.getResponseHeader("saw-cookies");
+    Assert.equal(cookiesSeen, expectedCookie);
+    run_next_test();
+  }
+
+  setNonSafeBrowsingCookie();
+});
+
+add_test(function test_safebrowsing_cookie() {
+  var cookieName = "sbCookie_id4294967294";
+  var originAttributes = new OriginAttributes(0, false, 0);
+  originAttributes.firstPartyDomain =
+    "safebrowsing.86868755-6b82-4842-b301-72671a0db32e.mozilla";
+
+  function setSafeBrowsingCookie() {
+    var channel = setupChannel(setCookiePath, originAttributes);
+    channel.setRequestHeader("set-cookie", cookieName, false);
+    channel.asyncOpen(new ChannelListener(checkSafeBrowsingCookie, null));
+  }
+
+  function checkSafeBrowsingCookie() {
+    var channel = setupChannel(checkCookiePath, originAttributes);
+    channel.asyncOpen(
+      new ChannelListener(completeCheckSafeBrowsingCookie, null)
+    );
+  }
+
+  function completeCheckSafeBrowsingCookie(request, data, context) {
+    // Confirm that all >> THREE << cookies are sent back over the channel:
+    //   a) the safebrowsing cookie set when updating
+    //   b) the safebrowsing cookie set when sending gethash
+    //   c) the regular cookie with custom loadcontext defined in this test.
+    var expectedCookies = "sb-update-cookie=1; ";
+    expectedCookies += "sb-gethash-cookie=1; ";
+    expectedCookies += cookieName + "=1";
+    request.QueryInterface(Ci.nsIHttpChannel);
+    var cookiesSeen = request.getResponseHeader("saw-cookies");
+
+    Assert.equal(cookiesSeen, expectedCookies);
+    httpserver.stop(do_test_finished);
+  }
+
+  setSafeBrowsingCookie();
+});
diff --git a/netwerk/test/unit/test_cookies_async_failure.js b/netwerk/test/unit/test_cookies_async_failure.js
new file mode 100644
index 0000000000..c61da23f99
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_async_failure.js
@@ -0,0 +1,514 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Test the various ways opening a cookie database can fail in an asynchronous
+// (i.e. after synchronous initialization) manner, and that the database is
+// renamed and recreated under each circumstance. These circumstances are, in no
+// particular order:
+//
+// 1) A write operation failing after the database has been read in.
+// 2) Asynchronous read failure due to a corrupt database.
+// 3) Synchronous read failure due to a corrupt database, when reading:
+//    a) a single base domain;
+//    b) the entire database.
+// 4) Asynchronous read failure, followed by another failure during INSERT but
+//    before the database closes for rebuilding. (The additional error should be
+//    ignored.)
+// 5) Asynchronous read failure, followed by an INSERT failure during rebuild.
+//    This should result in an abort of the database rebuild; the partially-
+//    built database should be moved to 'cookies.sqlite.bak-rebuild'.
+
+"use strict";
+
+let profile;
+let cookie;
+
+add_task(async () => {
+  // Set up a profile.
+  profile = do_get_profile();
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
+  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);
+
+  // The server.
+  const hosts = ["foo.com", "hither.com", "haithur.com", "bar.com"];
+  for (let i = 0; i < 3000; ++i) {
+    hosts.push(i + ".com");
+  }
+  CookieXPCShellUtils.createServer({ hosts });
+
+  // Get the cookie file and the backup file.
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Create a cookie object for testing.
+  let now = Date.now() * 1000;
+  let futureExpiry = Math.round(now / 1e6 + 1000);
+  cookie = new Cookie(
+    "oh",
+    "hai",
+    "bar.com",
+    "/",
+    futureExpiry,
+    now,
+    now,
+    false,
+    false,
+    false
+  );
+
+  await run_test_1();
+  await run_test_2();
+  await run_test_3();
+  await run_test_4();
+  await run_test_5();
+  Services.prefs.clearUserPref("dom.security.https_first");
+  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
+});
+
+function do_get_backup_file() {
+  let file = profile.clone();
+  file.append("cookies.sqlite.bak");
+  return file;
+}
+
+function do_get_rebuild_backup_file() {
+  let file = profile.clone();
+  file.append("cookies.sqlite.bak-rebuild");
+  return file;
+}
+
+function do_corrupt_db(file) {
+  // Sanity check: the database size should be larger than 320k, since we've
+  // written about 460k of data. If it's not, let's make it obvious now.
+  let size = file.fileSize;
+  Assert.ok(size > 320e3);
+
+  // Corrupt the database by writing bad data to the end of the file. We
+  // assume that the important metadata -- table structure etc -- is stored
+  // elsewhere, and that doing this will not cause synchronous failure when
+  // initializing the database connection. This is totally empirical --
+  // overwriting between 1k and 100k of live data seems to work. (Note that the
+  // database file will be larger than the actual content requires, since the
+  // cookie service uses a large growth increment. So we calculate the offset
+  // based on the expected size of the content, not just the file size.)
+  let ostream = Cc["@mozilla.org/network/file-output-stream;1"].createInstance(
+    Ci.nsIFileOutputStream
+  );
+  ostream.init(file, 2, -1, 0);
+  let sstream = ostream.QueryInterface(Ci.nsISeekableStream);
+  let n = size - 320e3 + 20e3;
+  sstream.seek(Ci.nsISeekableStream.NS_SEEK_SET, size - n);
+  for (let i = 0; i < n; ++i) {
+    ostream.write("a", 1);
+  }
+  ostream.flush();
+  ostream.close();
+
+  Assert.equal(file.clone().fileSize, size);
+  return size;
+}
+
+async function run_test_1() {
+  // Load the profile and populate it.
+  await CookieXPCShellUtils.setCookieToDocument(
+    "http://foo.com/",
+    "oh=hai; max-age=1000"
+  );
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Open a database connection now, before we load the profile and begin
+  // asynchronous write operations.
+  let db = new CookieDatabaseConnection(do_get_cookie_file(profile), 12);
+  Assert.equal(do_count_cookies_in_db(db.db), 1);
+
+  // Load the profile, and wait for async read completion...
+  await promise_load_profile();
+
+  // Insert a row.
+  db.insertCookie(cookie);
+  db.close();
+
+  // Attempt to insert a cookie with the same (name, host, path) triplet.
+  Services.cookies.add(
+    cookie.host,
+    cookie.path,
+    cookie.name,
+    "hallo",
+    cookie.isSecure,
+    cookie.isHttpOnly,
+    cookie.isSession,
+    cookie.expiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+
+  // Check that the cookie service accepted the new cookie.
+  Assert.equal(Services.cookies.countCookiesFromHost(cookie.host), 1);
+
+  let isRebuildingDone = false;
+  let rebuildingObserve = function (subject, topic, data) {
+    isRebuildingDone = true;
+    Services.obs.removeObserver(rebuildingObserve, "cookie-db-rebuilding");
+  };
+  Services.obs.addObserver(rebuildingObserve, "cookie-db-rebuilding");
+
+  // Crash test: we're going to rebuild the cookie database. Close all the db
+  // connections in the main thread and initialize a new database file in the
+  // cookie thread. Trigger some access of cookies to ensure we won't crash in
+  // the chaos status.
+  for (let i = 0; i < 10; ++i) {
+    Assert.equal(Services.cookies.countCookiesFromHost(cookie.host), 1);
+    await new Promise(resolve => executeSoon(resolve));
+  }
+
+  // Wait for the cookie service to rename the old database and rebuild if not yet.
+  if (!isRebuildingDone) {
+    Services.obs.removeObserver(rebuildingObserve, "cookie-db-rebuilding");
+    await new _promise_observer("cookie-db-rebuilding");
+  }
+
+  await new Promise(resolve => executeSoon(resolve));
+
+  // At this point, the cookies should still be in memory.
+  Assert.equal(Services.cookies.countCookiesFromHost("foo.com"), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost(cookie.host), 1);
+  Assert.equal(do_count_cookies(), 2);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Check that the original database was renamed, and that it contains the
+  // original cookie.
+  Assert.ok(do_get_backup_file().exists());
+  let backupdb = Services.storage.openDatabase(do_get_backup_file());
+  Assert.equal(do_count_cookies_in_db(backupdb, "foo.com"), 1);
+  backupdb.close();
+
+  // Load the profile, and check that it contains the new cookie.
+  do_load_profile();
+
+  Assert.equal(Services.cookies.countCookiesFromHost("foo.com"), 1);
+  let cookies = Services.cookies.getCookiesFromHost(cookie.host, {});
+  Assert.equal(cookies.length, 1);
+  let dbcookie = cookies[0];
+  Assert.equal(dbcookie.value, "hallo");
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Clean up.
+  do_get_cookie_file(profile).remove(false);
+  do_get_backup_file().remove(false);
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+}
+
+async function run_test_2() {
+  // Load the profile and populate it.
+  do_load_profile();
+
+  Services.cookies.runInTransaction(_ => {
+    let uri = NetUtil.newURI("http://foo.com/");
+    const channel = NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+
+    for (let i = 0; i < 3000; ++i) {
+      uri = NetUtil.newURI("http://" + i + ".com/");
+      Services.cookies.setCookieStringFromHttp(
+        uri,
+        "oh=hai; max-age=1000",
+        channel
+      );
+    }
+  });
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Corrupt the database file.
+  let size = do_corrupt_db(do_get_cookie_file(profile));
+
+  // Load the profile.
+  do_load_profile();
+
+  // At this point, the database connection should be open. Ensure that it
+  // succeeded.
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Recreate a new database since it was corrupted
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 0);
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Check that the original database was renamed.
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+  let db = Services.storage.openDatabase(do_get_cookie_file(profile));
+  db.close();
+
+  do_load_profile();
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 0);
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Clean up.
+  do_get_cookie_file(profile).remove(false);
+  do_get_backup_file().remove(false);
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+}
+
+async function run_test_3() {
+  // Set the maximum cookies per base domain limit to a large value, so that
+  // corrupting the database is easier.
+  Services.prefs.setIntPref("network.cookie.maxPerHost", 3000);
+
+  // Load the profile and populate it.
+  do_load_profile();
+  Services.cookies.runInTransaction(_ => {
+    let uri = NetUtil.newURI("http://hither.com/");
+    let channel = NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+    for (let i = 0; i < 10; ++i) {
+      Services.cookies.setCookieStringFromHttp(
+        uri,
+        "oh" + i + "=hai; max-age=1000",
+        channel
+      );
+    }
+    uri = NetUtil.newURI("http://haithur.com/");
+    channel = NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+    for (let i = 10; i < 3000; ++i) {
+      Services.cookies.setCookieStringFromHttp(
+        uri,
+        "oh" + i + "=hai; max-age=1000",
+        channel
+      );
+    }
+  });
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Corrupt the database file.
+  let size = do_corrupt_db(do_get_cookie_file(profile));
+
+  // Load the profile.
+  do_load_profile();
+
+  // At this point, the database connection should be open. Ensure that it
+  // succeeded.
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Recreate a new database since it was corrupted
+  Assert.equal(Services.cookies.countCookiesFromHost("hither.com"), 0);
+  Assert.equal(Services.cookies.countCookiesFromHost("haithur.com"), 0);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  let db = Services.storage.openDatabase(do_get_cookie_file(profile));
+  Assert.equal(do_count_cookies_in_db(db, "hither.com"), 0);
+  Assert.equal(do_count_cookies_in_db(db), 0);
+  db.close();
+
+  // Check that the original database was renamed.
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+
+  // Rename it back, and try loading the entire database synchronously.
+  do_get_backup_file().moveTo(null, "cookies.sqlite");
+  do_load_profile();
+
+  // At this point, the database connection should be open. Ensure that it
+  // succeeded.
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Synchronously read in everything.
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  db = Services.storage.openDatabase(do_get_cookie_file(profile));
+  Assert.equal(do_count_cookies_in_db(db), 0);
+  db.close();
+
+  // Check that the original database was renamed.
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+
+  // Clean up.
+  do_get_cookie_file(profile).remove(false);
+  do_get_backup_file().remove(false);
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+}
+
+async function run_test_4() {
+  // Load the profile and populate it.
+  do_load_profile();
+  Services.cookies.runInTransaction(_ => {
+    let uri = NetUtil.newURI("http://foo.com/");
+    let channel = NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+    for (let i = 0; i < 3000; ++i) {
+      uri = NetUtil.newURI("http://" + i + ".com/");
+      Services.cookies.setCookieStringFromHttp(
+        uri,
+        "oh=hai; max-age=1000",
+        channel
+      );
+    }
+  });
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Corrupt the database file.
+  let size = do_corrupt_db(do_get_cookie_file(profile));
+
+  // Load the profile.
+  do_load_profile();
+
+  // At this point, the database connection should be open. Ensure that it
+  // succeeded.
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Recreate a new database since it was corrupted
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 0);
+
+  // Queue up an INSERT for the same base domain. This should also go into
+  // memory and be written out during database rebuild.
+  await CookieXPCShellUtils.setCookieToDocument(
+    "http://0.com/",
+    "oh2=hai; max-age=1000"
+  );
+
+  // At this point, the cookies should still be in memory.
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 1);
+  Assert.equal(do_count_cookies(), 1);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Check that the original database was renamed.
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+
+  // Load the profile, and check that it contains the new cookie.
+  do_load_profile();
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 1);
+  Assert.equal(do_count_cookies(), 1);
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Clean up.
+  do_get_cookie_file(profile).remove(false);
+  do_get_backup_file().remove(false);
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+}
+
+async function run_test_5() {
+  // Load the profile and populate it.
+  do_load_profile();
+  Services.cookies.runInTransaction(_ => {
+    let uri = NetUtil.newURI("http://bar.com/");
+    const channel = NetUtil.newChannel({
+      uri,
+      loadUsingSystemPrincipal: true,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+    Services.cookies.setCookieStringFromHttp(
+      uri,
+      "oh=hai; path=/; max-age=1000",
+      channel
+    );
+    for (let i = 0; i < 3000; ++i) {
+      uri = NetUtil.newURI("http://" + i + ".com/");
+      Services.cookies.setCookieStringFromHttp(
+        uri,
+        "oh=hai; max-age=1000",
+        channel
+      );
+    }
+  });
+
+  // Close the profile.
+  await promise_close_profile();
+
+  // Corrupt the database file.
+  let size = do_corrupt_db(do_get_cookie_file(profile));
+
+  // Load the profile.
+  do_load_profile();
+
+  // At this point, the database connection should be open. Ensure that it
+  // succeeded.
+  Assert.ok(!do_get_backup_file().exists());
+
+  // Recreate a new database since it was corrupted
+  Assert.equal(Services.cookies.countCookiesFromHost("bar.com"), 0);
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 0);
+  Assert.equal(do_count_cookies(), 0);
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+  Assert.ok(!do_get_rebuild_backup_file().exists());
+
+  // Open a database connection, and write a row that will trigger a constraint
+  // violation.
+  let db = new CookieDatabaseConnection(do_get_cookie_file(profile), 12);
+  db.insertCookie(cookie);
+  Assert.equal(do_count_cookies_in_db(db.db, "bar.com"), 1);
+  Assert.equal(do_count_cookies_in_db(db.db), 1);
+  db.close();
+
+  // Check that the original backup and the database itself are gone.
+  Assert.ok(do_get_backup_file().exists());
+  Assert.equal(do_get_backup_file().fileSize, size);
+
+  Assert.equal(Services.cookies.countCookiesFromHost("bar.com"), 0);
+  Assert.equal(Services.cookies.countCookiesFromHost("0.com"), 0);
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile. We do not need to wait for completion, because the
+  // database has already been closed. Ensure the cookie file is unlocked.
+  await promise_close_profile();
+
+  // Clean up.
+  do_get_cookie_file(profile).remove(false);
+  do_get_backup_file().remove(false);
+  Assert.ok(!do_get_cookie_file(profile).exists());
+  Assert.ok(!do_get_backup_file().exists());
+}
diff --git a/netwerk/test/unit/test_cookies_partition_counting.js b/netwerk/test/unit/test_cookies_partition_counting.js
new file mode 100644
index 0000000000..26bd56e1f6
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_partition_counting.js
@@ -0,0 +1,183 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_setup(function test_setup() {
+  // FOG needs a profile directory to put its data in.
+  do_get_profile();
+
+  // FOG needs to be initialized in order for data to flow.
+  Services.fog.initializeFOG();
+});
+
+add_task(async function test_purge_counting() {
+  let profile = do_get_profile();
+  let dbFile = do_get_cookie_file(profile);
+  Assert.ok(!dbFile.exists());
+
+  let schema12db = new CookieDatabaseConnection(dbFile, 12);
+  let now = Date.now() * 1000; // date in microseconds
+
+  // add some non-partitioned cookies for key
+  let cookieNum1 = 1;
+  let hostNonPartitioned = "cookie-host-non-partitioned.com";
+  for (let i = 0; i < cookieNum1; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostNonPartitioned,
+      "/", // path
+      now, // expiry
+      now, // needed to get the cookie by the db init
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      {} // OA
+    );
+    schema12db.insertCookie(cookie);
+  }
+
+  // add some non-partitioned cookies different key
+  let cookieNum2 = 10;
+  for (let i = 0; i < cookieNum2; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostNonPartitioned,
+      "/", // path
+      now, // expiry
+      now, // needed to get the cookie by the db init
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      { userContextId: 8 } // OA
+    );
+    schema12db.insertCookie(cookie);
+  }
+
+  // add some partitioned cookies
+  let hostPartitioned = "host-partitioned.com";
+  let cookieNum3 = 3;
+  for (let i = 0; i < cookieNum3; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostPartitioned,
+      "/", // path
+      now, // expiry
+      now, // needed to get the cookie by the db init
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      { partitionKey: "(https,example.com)" }
+    );
+    schema12db.insertCookie(cookie);
+  }
+
+  // add some partitioned with different OA
+  let cookieNum4 = 35;
+  for (let i = 0; i < cookieNum4; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      hostPartitioned,
+      "/", // path
+      now, // expiry
+      now, // needed to get the cookie by the db init
+      now, // creation time
+      false, // session
+      false, // secure
+      false, // http-only
+      false, // inBrowserElement
+      { partitionKey: "(https,example.com)", userContextId: 7 }
+    );
+    schema12db.insertCookie(cookie);
+  }
+
+  let allCookieCount = cookieNum1 + cookieNum2 + cookieNum3 + cookieNum4;
+  Assert.equal(do_count_cookies_in_db(schema12db.db), allCookieCount);
+
+  // startup the cookie service and check the cookie counts
+  let cookieCountNonPart =
+    Services.cookies.countCookiesFromHost(hostNonPartitioned); // includes expired cookies
+  Assert.equal(cookieCountNonPart, cookieNum1);
+  let cookieCountNonPartOA = Services.cookies.getCookiesFromHost(
+    hostNonPartitioned,
+    { userContextId: 8 }
+  ).length; // includes expired cookies
+  Assert.equal(cookieCountNonPartOA, cookieNum2);
+  let cookieCountPart = Services.cookies.getCookiesFromHost(hostPartitioned, {
+    partitionKey: "(https,example.com)",
+  }).length; // includes expired cookies
+  Assert.equal(cookieCountPart, cookieNum3);
+  let cookieCountPartOA = Services.cookies.getCookiesFromHost(hostPartitioned, {
+    partitionKey: "(https,example.com)",
+    userContextId: 7,
+  }).length; // includes expired cookies
+  Assert.equal(cookieCountPartOA, cookieNum4);
+
+  // trigger the collection
+  Services.obs.notifyObservers(null, "idle-daily");
+
+  // check telem fired for all cookie count
+  let cct = await Glean.networking.cookieCountTotal.testGetValue();
+  Assert.equal(cct.sum, allCookieCount, "All cookies telem");
+
+  // check telem for all un/partitioned counts
+  let ccp = await Glean.networking.cookieCountPartitioned.testGetValue();
+  Assert.equal(
+    ccp.sum,
+    cookieNum3 + cookieNum4,
+    "All partitioned cookies telem"
+  );
+
+  let ccu = await Glean.networking.cookieCountUnpartitioned.testGetValue();
+  Assert.equal(
+    ccu.sum,
+    cookieNum1 + cookieNum2,
+    "All unpartitioned cookies telem"
+  );
+
+  // check telem for part by key (host+OA)
+  // Note: With the decided histogram layout we see the buckets
+  // (used for indexing the histogram's buckets)
+  let histPartByKey =
+    await Glean.networking.cookieCountPartByKey.testGetValue();
+  Assert.equal(histPartByKey.values[2], 1, "Partitioned bucket 2 has 1 value");
+  Assert.equal(
+    histPartByKey.values[31],
+    1,
+    "Partitioned bucket 31 has 1 value"
+  );
+  Assert.equal(
+    histPartByKey.sum,
+    cookieNum3 + cookieNum4,
+    "Partitioned bucket sums correctly"
+  );
+
+  // check telem for unpart by key (host+OA)
+  let histUnpartByKey =
+    await Glean.networking.cookieCountUnpartByKey.testGetValue();
+  Assert.equal(
+    histUnpartByKey.values[1],
+    1,
+    "Unpartitioned bucket 1 has 1 value"
+  );
+  Assert.equal(
+    histUnpartByKey.values[8],
+    1,
+    "Unpartitioned bucket 8 has 1 value"
+  );
+  Assert.equal(
+    histUnpartByKey.sum,
+    cookieNum1 + cookieNum2,
+    "Unpartitioned bucket sums correctly"
+  );
+
+  schema12db.close();
+});
diff --git a/netwerk/test/unit/test_cookies_privatebrowsing.js b/netwerk/test/unit/test_cookies_privatebrowsing.js
new file mode 100644
index 0000000000..9d3528440a
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_privatebrowsing.js
@@ -0,0 +1,132 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Test private browsing mode.
+
+"use strict";
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function getCookieStringFromPrivateDocument(uriSpec) {
+  return CookieXPCShellUtils.getCookieStringFromDocument(uriSpec, {
+    privateBrowsing: true,
+  });
+}
+
+add_task(async () => {
+  // Set up a profile.
+  do_get_profile();
+
+  // We don't want to have CookieJarSettings blocking this test.
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // Test with cookies enabled.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // Test with https-first-mode disabled in PBM
+  Services.prefs.setBoolPref("dom.security.https_first_pbm", false);
+
+  CookieXPCShellUtils.createServer({ hosts: ["foo.com", "bar.com"] });
+
+  // We need to keep a private-browsing window active, otherwise the
+  // 'last-pb-context-exited' notification will be dispatched.
+  const privateBrowsingHolder = await CookieXPCShellUtils.loadContentPage(
+    "http://bar.com/",
+    { privateBrowsing: true }
+  );
+
+  // Create URIs pointing to foo.com and bar.com.
+  let uri1 = NetUtil.newURI("http://foo.com/foo.html");
+  let uri2 = NetUtil.newURI("http://bar.com/bar.html");
+
+  // Set a cookie for host 1.
+  Services.cookies.setCookieStringFromHttp(
+    uri1,
+    "oh=hai; max-age=1000",
+    make_channel(uri1.spec)
+  );
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 1);
+
+  // Enter private browsing mode, set a cookie for host 2, and check the counts.
+  var chan1 = make_channel(uri1.spec);
+  chan1.QueryInterface(Ci.nsIPrivateBrowsingChannel);
+  chan1.setPrivate(true);
+
+  var chan2 = make_channel(uri2.spec);
+  chan2.QueryInterface(Ci.nsIPrivateBrowsingChannel);
+  chan2.setPrivate(true);
+
+  Services.cookies.setCookieStringFromHttp(uri2, "oh=hai; max-age=1000", chan2);
+  Assert.equal(await getCookieStringFromPrivateDocument(uri1.spec), "");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "oh=hai");
+
+  // Remove cookies and check counts.
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri1.spec), "");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "");
+
+  Services.cookies.setCookieStringFromHttp(uri2, "oh=hai; max-age=1000", chan2);
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "oh=hai");
+
+  // Leave private browsing mode and check counts.
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+
+  // Fake a profile change.
+  await promise_close_profile();
+  do_load_profile();
+
+  // Check that the right cookie persisted.
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+
+  // Enter private browsing mode, set a cookie for host 2, and check the counts.
+  Assert.equal(await getCookieStringFromPrivateDocument(uri1.spec), "");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "");
+  Services.cookies.setCookieStringFromHttp(uri2, "oh=hai; max-age=1000", chan2);
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "oh=hai");
+
+  // Fake a profile change.
+  await promise_close_profile();
+  do_load_profile();
+
+  // We're still in private browsing mode, but should have a new session.
+  // Check counts.
+  Assert.equal(await getCookieStringFromPrivateDocument(uri1.spec), "");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "");
+
+  // Leave private browsing mode and check counts.
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+
+  // Enter private browsing mode.
+
+  // Fake a profile change, but wait for async read completion.
+  await promise_close_profile();
+  await promise_load_profile();
+
+  // We're still in private browsing mode, but should have a new session.
+  // Check counts.
+  Assert.equal(await getCookieStringFromPrivateDocument(uri1.spec), "");
+  Assert.equal(await getCookieStringFromPrivateDocument(uri2.spec), "");
+
+  // Leave private browsing mode and check counts.
+  Services.obs.notifyObservers(null, "last-pb-context-exited");
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+
+  // Let's release the last PB window.
+  privateBrowsingHolder.close();
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_cookies_profile_close.js b/netwerk/test/unit/test_cookies_profile_close.js
new file mode 100644
index 0000000000..6ea9ab23f3
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_profile_close.js
@@ -0,0 +1,114 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Test that the cookie APIs behave sanely after 'profile-before-change'.
+
+"use strict";
+
+add_task(async () => {
+  // Set up a profile.
+  do_get_profile();
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // Start the cookieservice.
+  Services.cookies;
+
+  CookieXPCShellUtils.createServer({ hosts: ["foo.com"] });
+
+  // Set a cookie.
+  let uri = NetUtil.newURI("http://foo.com");
+  let channel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+
+  Services.scriptSecurityManager.createContentPrincipal(uri, {});
+
+  await CookieXPCShellUtils.setCookieToDocument(
+    uri.spec,
+    "oh=hai; max-age=1000"
+  );
+
+  let cookies = Services.cookies.cookies;
+  Assert.ok(cookies.length == 1);
+  let cookie = cookies[0];
+
+  // Fire 'profile-before-change'.
+  do_close_profile();
+
+  let promise = new _promise_observer("cookie-db-closed");
+
+  // Check that the APIs behave appropriately.
+  Assert.equal(
+    await CookieXPCShellUtils.getCookieStringFromDocument("http://foo.com/"),
+    ""
+  );
+
+  Assert.equal(Services.cookies.getCookieStringFromHttp(uri, channel), "");
+
+  await CookieXPCShellUtils.setCookieToDocument(uri.spec, "oh2=hai");
+
+  Services.cookies.setCookieStringFromHttp(uri, "oh3=hai", channel);
+  Assert.equal(
+    await CookieXPCShellUtils.getCookieStringFromDocument("http://foo.com/"),
+    ""
+  );
+
+  do_check_throws(function () {
+    Services.cookies.removeAll();
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.cookies;
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.add(
+      "foo.com",
+      "",
+      "oh4",
+      "hai",
+      false,
+      false,
+      false,
+      0,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.remove("foo.com", "", "oh4", {});
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.cookieExists(cookie.host, cookie.path, cookie.name, {});
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.countCookiesFromHost("foo.com");
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  do_check_throws(function () {
+    Services.cookies.getCookiesFromHost("foo.com", {});
+  }, Cr.NS_ERROR_NOT_AVAILABLE);
+
+  // Wait for the database to finish closing.
+  await promise;
+
+  // Load the profile and check that the API is available.
+  do_load_profile();
+  Assert.ok(
+    Services.cookies.cookieExists(cookie.host, cookie.path, cookie.name, {})
+  );
+  Services.prefs.clearUserPref("dom.security.https_first");
+});
diff --git a/netwerk/test/unit/test_cookies_purge_counting.js b/netwerk/test/unit/test_cookies_purge_counting.js
new file mode 100644
index 0000000000..d92fabfbba
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_purge_counting.js
@@ -0,0 +1,74 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_setup(function test_setup() {
+  // FOG needs a profile directory to put its data in.
+  do_get_profile();
+
+  // FOG needs to be initialized in order for data to flow.
+  Services.fog.initializeFOG();
+});
+
+add_task(async function test_purge_counting() {
+  let profile = do_get_profile();
+  let dbFile = do_get_cookie_file(profile);
+  Assert.ok(!dbFile.exists());
+
+  let schema12db = new CookieDatabaseConnection(dbFile, 12);
+
+  let now = Date.now() * 1000; // date in microseconds
+  let pastExpiry = Math.round(now / 1e6 - 1000);
+  let futureExpiry = Math.round(now / 1e6 + 1000);
+
+  let manyHosts = 50;
+  let manyCookies = 140;
+  let totalCookies = manyHosts * manyCookies;
+
+  // add many expired cookies for each host
+  for (let hostNum = 0; hostNum < manyHosts; hostNum++) {
+    let host = "cookie-host" + hostNum + ".com";
+    for (let i = 0; i < manyCookies; i++) {
+      let cookie = new Cookie(
+        "cookie-name" + i,
+        "cookie-value" + i,
+        host,
+        "/", // path
+        pastExpiry,
+        pastExpiry, // needed to get the cookie by the db init
+        now,
+        false,
+        false,
+        false
+      );
+      schema12db.insertCookie(cookie);
+    }
+  }
+
+  let validCookies = Services.cookies.cookies.length; // includes expired cookies
+  Assert.equal(validCookies, totalCookies);
+
+  // add a valid cookie - this triggers the purge
+  Services.cookies.add(
+    "cookie-host0.com", // any host
+    "/", // path
+    "cookie-name-x",
+    "cookie-value-x",
+    false, // secure
+    true, // http-only
+    true, // isSession
+    futureExpiry,
+    {}, // OA
+    Ci.nsICookie.SAMESITE_NONE, // SameSite
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+
+  // check that we purge all the expired cookies and not the unexpired
+  validCookies = Services.cookies.cookies.length;
+  Assert.equal(validCookies, 1);
+
+  // check that the telemetry fired
+  let cpm = await Glean.networking.cookiePurgeMax.testGetValue();
+  Assert.equal(cpm.sum, totalCookies, "Purge the expected number of cookies");
+
+  schema12db.close();
+});
diff --git a/netwerk/test/unit/test_cookies_purge_counting_per_host.js b/netwerk/test/unit/test_cookies_purge_counting_per_host.js
new file mode 100644
index 0000000000..83a10c75ac
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_purge_counting_per_host.js
@@ -0,0 +1,81 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+add_setup(function test_setup() {
+  // FOG needs a profile directory to put its data in.
+  do_get_profile();
+
+  // FOG needs to be initialized in order for data to flow.
+  Services.fog.initializeFOG();
+});
+
+add_task(async function test_purge_counting_per_host() {
+  let profile = do_get_profile();
+  let dbFile = do_get_cookie_file(profile);
+  Assert.ok(!dbFile.exists());
+
+  let schema12db = new CookieDatabaseConnection(dbFile, 12);
+
+  let now = Date.now() * 1000; // date in microseconds
+  let pastExpiry = Math.round(now / 1e6 - 1000);
+  let futureExpiry = Math.round(now / 1e6 + 1000);
+
+  let host = "cookie-host1.com";
+
+  let manyCookies = 180;
+  let cookieMax = 150;
+  let cookiesPurged = manyCookies - cookieMax;
+
+  // add many expired cookies for a single host
+  for (let i = 0; i < manyCookies; i++) {
+    let cookie = new Cookie(
+      "cookie-name" + i,
+      "cookie-value" + i,
+      host,
+      "/", // path
+      pastExpiry,
+      now, // last accessed
+      now, // creation time
+      false,
+      false,
+      false
+    );
+    schema12db.insertCookie(cookie);
+  }
+
+  // check that the cookies were added to the db
+  Assert.equal(do_count_cookies_in_db(schema12db.db), manyCookies);
+  Assert.equal(
+    do_count_cookies_in_db(schema12db.db, "cookie-host1.com"),
+    manyCookies
+  );
+
+  // startup the cookie service and check the cookie count
+  let validCookies = Services.cookies.countCookiesFromHost(host); // includes expired cookies
+  Assert.equal(validCookies, manyCookies);
+
+  // add a cookie - this will trigger the purge
+  Services.cookies.add(
+    host,
+    "/", // path
+    "cookie-name-x",
+    "cookie-value-x",
+    false, // secure
+    true, // http-only
+    true, // isSession
+    futureExpiry,
+    {}, // OA
+    Ci.nsICookie.SAMESITE_NONE, // SameSite
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+
+  // check that we purge down to the cookieMax (plus the cookie added)
+  validCookies = Services.cookies.countCookiesFromHost(host);
+  Assert.equal(validCookies, cookieMax + 1);
+
+  // check that the telemetry fired
+  let cpem = await Glean.networking.cookiePurgeEntryMax.testGetValue();
+  Assert.equal(cpem.sum, cookiesPurged, "Purge the expected number of cookies");
+
+  schema12db.close();
+});
diff --git a/netwerk/test/unit/test_cookies_read.js b/netwerk/test/unit/test_cookies_read.js
new file mode 100644
index 0000000000..e7e9e84b3e
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_read.js
@@ -0,0 +1,119 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// test cookie database asynchronous read operation.
+
+"use strict";
+
+var CMAX = 1000; // # of cookies to create
+
+add_task(async () => {
+  // Set up a profile.
+  let profile = do_get_profile();
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
+  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);
+
+  // Start the cookieservice, to force creation of a database.
+  // Get the sessionCookies to join the initialization in cookie thread
+  Services.cookies.sessionCookies;
+
+  // Open a database connection now, after synchronous initialization has
+  // completed. We may not be able to open one later once asynchronous writing
+  // begins.
+  Assert.ok(do_get_cookie_file(profile).exists());
+  let db = new CookieDatabaseConnection(do_get_cookie_file(profile), 12);
+
+  let uri = NetUtil.newURI("http://foo.com/");
+  let channel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+  for (let i = 0; i < CMAX; ++i) {
+    uri = NetUtil.newURI("http://" + i + ".com/");
+    Services.cookies.setCookieStringFromHttp(
+      uri,
+      "oh=hai; max-age=1000",
+      channel
+    );
+  }
+
+  Assert.equal(do_count_cookies(), CMAX);
+
+  // Wait until all CMAX cookies have been written out to the database.
+  while (do_count_cookies_in_db(db.db) < CMAX) {
+    await new Promise(resolve => executeSoon(resolve));
+  }
+
+  // Check the WAL file size. We set it to 16 pages of 32k, which means it
+  // should be around 500k.
+  let file = db.db.databaseFile;
+  Assert.ok(file.exists());
+  Assert.ok(file.fileSize < 1e6);
+  db.close();
+
+  // fake a profile change
+  await promise_close_profile();
+  do_load_profile();
+
+  // test a few random cookies
+  Assert.equal(Services.cookies.countCookiesFromHost("999.com"), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost("abc.com"), 0);
+  Assert.equal(Services.cookies.countCookiesFromHost("100.com"), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost("400.com"), 1);
+  Assert.equal(Services.cookies.countCookiesFromHost("xyz.com"), 0);
+
+  // force synchronous load of everything
+  Assert.equal(do_count_cookies(), CMAX);
+
+  // check that everything's precisely correct
+  for (let i = 0; i < CMAX; ++i) {
+    let host = i.toString() + ".com";
+    Assert.equal(Services.cookies.countCookiesFromHost(host), 1);
+  }
+
+  // reload again, to make sure the additions were written correctly
+  await promise_close_profile();
+  do_load_profile();
+
+  // remove some of the cookies, in both reverse and forward order
+  for (let i = 100; i-- > 0; ) {
+    let host = i.toString() + ".com";
+    Services.cookies.remove(host, "oh", "/", {});
+  }
+  for (let i = CMAX - 100; i < CMAX; ++i) {
+    let host = i.toString() + ".com";
+    Services.cookies.remove(host, "oh", "/", {});
+  }
+
+  // check the count
+  Assert.equal(do_count_cookies(), CMAX - 200);
+
+  // reload again, to make sure the removals were written correctly
+  await promise_close_profile();
+  do_load_profile();
+
+  // check the count
+  Assert.equal(do_count_cookies(), CMAX - 200);
+
+  // reload again, but wait for async read completion
+  await promise_close_profile();
+  await promise_load_profile();
+
+  // check that everything's precisely correct
+  Assert.equal(do_count_cookies(), CMAX - 200);
+  for (let i = 100; i < CMAX - 100; ++i) {
+    let host = i.toString() + ".com";
+    Assert.equal(Services.cookies.countCookiesFromHost(host), 1);
+  }
+
+  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
+});
diff --git a/netwerk/test/unit/test_cookies_sync_failure.js b/netwerk/test/unit/test_cookies_sync_failure.js
new file mode 100644
index 0000000000..6c420d1cb0
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_sync_failure.js
@@ -0,0 +1,344 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Test the various ways opening a cookie database can fail in a synchronous
+// (i.e. immediate) manner, and that the database is renamed and recreated
+// under each circumstance. These circumstances are, in no particular order:
+//
+// 1) A corrupt database, such that opening the connection fails.
+// 2) The 'moz_cookies' table doesn't exist.
+// 3) Not all of the expected columns exist, and statement creation fails when:
+//    a) The schema version is larger than the current version.
+//    b) The schema version is less than or equal to the current version.
+// 4) Migration fails. This will have different modes depending on the initial
+//    version:
+//    a) Schema 1: the 'lastAccessed' column already exists.
+//    b) Schema 2: the 'baseDomain' column already exists; or 'baseDomain'
+//       cannot be computed for a particular host.
+//    c) Schema 3: the 'creationTime' column already exists; or the
+//       'moz_uniqueid' index already exists.
+
+"use strict";
+
+let profile;
+let cookieFile;
+let backupFile;
+let sub_generator;
+let now;
+let futureExpiry;
+let cookie;
+
+var COOKIE_DATABASE_SCHEMA_CURRENT = 13;
+
+var test_generator = do_run_test();
+
+function run_test() {
+  do_test_pending();
+  do_run_generator(test_generator);
+}
+
+function finish_test() {
+  executeSoon(function () {
+    test_generator.return();
+    do_test_finished();
+  });
+}
+
+function* do_run_test() {
+  // Set up a profile.
+  profile = do_get_profile();
+
+  // Allow all cookies.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  // Get the cookie file and the backup file.
+  cookieFile = profile.clone();
+  cookieFile.append("cookies.sqlite");
+  backupFile = profile.clone();
+  backupFile.append("cookies.sqlite.bak");
+  Assert.ok(!cookieFile.exists());
+  Assert.ok(!backupFile.exists());
+
+  // Create a cookie object for testing.
+  now = Date.now() * 1000;
+  futureExpiry = Math.round(now / 1e6 + 1000);
+  cookie = new Cookie(
+    "oh",
+    "hai",
+    "bar.com",
+    "/",
+    futureExpiry,
+    now,
+    now,
+    false,
+    false,
+    false
+  );
+
+  sub_generator = run_test_1(test_generator);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_2(test_generator);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_3(test_generator, 99);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_3(test_generator, COOKIE_DATABASE_SCHEMA_CURRENT);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_3(test_generator, 4);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_3(test_generator, 3);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_4_exists(
+    test_generator,
+    1,
+    "ALTER TABLE moz_cookies ADD lastAccessed INTEGER"
+  );
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_4_exists(
+    test_generator,
+    2,
+    "ALTER TABLE moz_cookies ADD baseDomain TEXT"
+  );
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_4_baseDomain(test_generator);
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_4_exists(
+    test_generator,
+    3,
+    "ALTER TABLE moz_cookies ADD creationTime INTEGER"
+  );
+  sub_generator.next();
+  yield;
+
+  sub_generator = run_test_4_exists(
+    test_generator,
+    3,
+    "CREATE UNIQUE INDEX moz_uniqueid ON moz_cookies (name, host, path)"
+  );
+  sub_generator.next();
+  yield;
+
+  finish_test();
+}
+
+const garbage = "hello thar!";
+
+function create_garbage_file(file) {
+  // Create an empty database file.
+  file.create(Ci.nsIFile.NORMAL_FILE_TYPE, -1);
+  Assert.ok(file.exists());
+  Assert.equal(file.fileSize, 0);
+
+  // Write some garbage to it.
+  let ostream = Cc["@mozilla.org/network/file-output-stream;1"].createInstance(
+    Ci.nsIFileOutputStream
+  );
+  ostream.init(file, -1, -1, 0);
+  ostream.write(garbage, garbage.length);
+  ostream.flush();
+  ostream.close();
+
+  file = file.clone(); // Windows maintains a stat cache. It's lame.
+  Assert.equal(file.fileSize, garbage.length);
+}
+
+function check_garbage_file(file) {
+  Assert.ok(file.exists());
+  Assert.equal(file.fileSize, garbage.length);
+  file.remove(false);
+  Assert.ok(!file.exists());
+}
+
+function* run_test_1(generator) {
+  // Create a garbage database file.
+  create_garbage_file(cookieFile);
+
+  let uri = NetUtil.newURI("http://foo.com/");
+  const channel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+
+  // Load the profile and populate it.
+  Services.cookies.setCookieStringFromHttp(
+    uri,
+    "oh=hai; max-age=1000",
+    channel
+  );
+
+  // Fake a profile change.
+  do_close_profile(sub_generator);
+  yield;
+  do_load_profile();
+
+  // Check that the new database contains the cookie, and the old file was
+  // renamed.
+  Assert.equal(do_count_cookies(), 1);
+  check_garbage_file(backupFile);
+
+  // Close the profile.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Clean up.
+  cookieFile.remove(false);
+  Assert.ok(!cookieFile.exists());
+  do_run_generator(generator);
+}
+
+function* run_test_2(generator) {
+  // Load the profile and populate it.
+  do_load_profile();
+  let uri = NetUtil.newURI("http://foo.com/");
+  const channel = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+  Services.cookies.setCookieStringFromHttp(
+    uri,
+    "oh=hai; max-age=1000",
+    channel
+  );
+
+  // Fake a profile change.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Drop the table.
+  let db = Services.storage.openDatabase(cookieFile);
+  db.executeSimpleSQL("DROP TABLE moz_cookies");
+  db.close();
+
+  // Load the profile and check that the table is recreated in-place.
+  do_load_profile();
+  Assert.equal(do_count_cookies(), 0);
+  Assert.ok(!backupFile.exists());
+
+  // Close the profile.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Clean up.
+  cookieFile.remove(false);
+  Assert.ok(!cookieFile.exists());
+  do_run_generator(generator);
+}
+
+function* run_test_3(generator, schema) {
+  // Manually create a schema 2 database, populate it, and set the schema
+  // version to the desired number.
+  let schema2db = new CookieDatabaseConnection(do_get_cookie_file(profile), 2);
+  schema2db.insertCookie(cookie);
+  schema2db.db.schemaVersion = schema;
+  schema2db.close();
+
+  // Load the profile and check that the column existence test fails.
+  do_load_profile();
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Check that the schema version has been reset.
+  let db = Services.storage.openDatabase(cookieFile);
+  Assert.equal(db.schemaVersion, COOKIE_DATABASE_SCHEMA_CURRENT);
+  db.close();
+
+  // Clean up.
+  cookieFile.remove(false);
+  Assert.ok(!cookieFile.exists());
+  do_run_generator(generator);
+}
+
+function* run_test_4_exists(generator, schema, stmt) {
+  // Manually create a database, populate it, and add the desired column.
+  let db = new CookieDatabaseConnection(do_get_cookie_file(profile), schema);
+  db.insertCookie(cookie);
+  db.db.executeSimpleSQL(stmt);
+  db.close();
+
+  // Load the profile and check that migration fails.
+  do_load_profile();
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Check that the schema version has been reset and the backup file exists.
+  db = Services.storage.openDatabase(cookieFile);
+  Assert.equal(db.schemaVersion, COOKIE_DATABASE_SCHEMA_CURRENT);
+  db.close();
+  Assert.ok(backupFile.exists());
+
+  // Clean up.
+  cookieFile.remove(false);
+  backupFile.remove(false);
+  Assert.ok(!cookieFile.exists());
+  Assert.ok(!backupFile.exists());
+  do_run_generator(generator);
+}
+
+function* run_test_4_baseDomain(generator) {
+  // Manually create a database and populate it with a bad host.
+  let db = new CookieDatabaseConnection(do_get_cookie_file(profile), 2);
+  let badCookie = new Cookie(
+    "oh",
+    "hai",
+    ".",
+    "/",
+    futureExpiry,
+    now,
+    now,
+    false,
+    false,
+    false
+  );
+  db.insertCookie(badCookie);
+  db.close();
+
+  // Load the profile and check that migration fails.
+  do_load_profile();
+  Assert.equal(do_count_cookies(), 0);
+
+  // Close the profile.
+  do_close_profile(sub_generator);
+  yield;
+
+  // Check that the schema version has been reset and the backup file exists.
+  db = Services.storage.openDatabase(cookieFile);
+  Assert.equal(db.schemaVersion, COOKIE_DATABASE_SCHEMA_CURRENT);
+  db.close();
+  Assert.ok(backupFile.exists());
+
+  // Clean up.
+  cookieFile.remove(false);
+  backupFile.remove(false);
+  Assert.ok(!cookieFile.exists());
+  Assert.ok(!backupFile.exists());
+  do_run_generator(generator);
+}
diff --git a/netwerk/test/unit/test_cookies_thirdparty.js b/netwerk/test/unit/test_cookies_thirdparty.js
new file mode 100644
index 0000000000..54d03bd709
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_thirdparty.js
@@ -0,0 +1,164 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// test third party cookie blocking, for the cases:
+// 1) with null channel
+// 2) with channel, but with no docshell parent
+
+"use strict";
+
+add_task(async () => {
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
+  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);
+
+  CookieXPCShellUtils.createServer({
+    hosts: ["foo.com", "bar.com", "third.com"],
+  });
+
+  function createChannel(uri, principal = null) {
+    const channel = NetUtil.newChannel({
+      uri,
+      loadingPrincipal:
+        principal ||
+        Services.scriptSecurityManager.createContentPrincipal(uri, {}),
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
+    });
+
+    return channel.QueryInterface(Ci.nsIHttpChannelInternal);
+  }
+
+  // Create URIs and channels pointing to foo.com and bar.com.
+  // We will use these to put foo.com into first and third party contexts.
+  let spec1 = "http://foo.com/foo.html";
+  let spec2 = "http://bar.com/bar.html";
+  let uri1 = NetUtil.newURI(spec1);
+  let uri2 = NetUtil.newURI(spec2);
+
+  // test with cookies enabled
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_ACCEPT
+    );
+
+    let channel1 = createChannel(uri1);
+    let channel2 = createChannel(uri2);
+
+    await do_set_cookies(uri1, channel1, true, [1, 2]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [1, 2]);
+    Services.cookies.removeAll();
+  }
+
+  // test with third party cookies blocked
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
+    );
+
+    let channel1 = createChannel(uri1);
+    let channel2 = createChannel(uri2);
+
+    await do_set_cookies(uri1, channel1, true, [0, 1]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [0, 0]);
+    Services.cookies.removeAll();
+  }
+
+  // test with third party cookies blocked using system principal
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
+    );
+
+    let channel1 = createChannel(
+      uri1,
+      Services.scriptSecurityManager.getSystemPrincipal()
+    );
+    let channel2 = createChannel(
+      uri2,
+      Services.scriptSecurityManager.getSystemPrincipal()
+    );
+
+    await do_set_cookies(uri1, channel1, true, [0, 1]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [0, 0]);
+    Services.cookies.removeAll();
+  }
+
+  // Force the channel URI to be used when determining the originating URI of
+  // the channel.
+  // test with third party cookies blocked
+
+  // test with cookies enabled
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_ACCEPT
+    );
+
+    let channel1 = createChannel(uri1);
+    channel1.forceAllowThirdPartyCookie = true;
+
+    let channel2 = createChannel(uri2);
+    channel2.forceAllowThirdPartyCookie = true;
+
+    await do_set_cookies(uri1, channel1, true, [1, 2]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [1, 2]);
+    Services.cookies.removeAll();
+  }
+
+  // test with third party cookies blocked
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN
+    );
+
+    let channel1 = createChannel(uri1);
+    channel1.forceAllowThirdPartyCookie = true;
+
+    let channel2 = createChannel(uri2);
+    channel2.forceAllowThirdPartyCookie = true;
+
+    await do_set_cookies(uri1, channel1, true, [0, 1]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [0, 0]);
+    Services.cookies.removeAll();
+  }
+
+  // test with third party cookies limited
+  {
+    Services.prefs.setIntPref(
+      "network.cookie.cookieBehavior",
+      Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN
+    );
+
+    let channel1 = createChannel(uri1);
+    channel1.forceAllowThirdPartyCookie = true;
+
+    let channel2 = createChannel(uri2);
+    channel2.forceAllowThirdPartyCookie = true;
+
+    await do_set_cookies(uri1, channel1, true, [0, 1]);
+    Services.cookies.removeAll();
+    await do_set_cookies(uri1, channel2, true, [0, 0]);
+    Services.cookies.removeAll();
+    do_set_single_http_cookie(uri1, channel1, 1);
+    await do_set_cookies(uri1, channel2, true, [1, 2]);
+    Services.cookies.removeAll();
+  }
+  Services.prefs.clearUserPref("dom.security.https_first");
+  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
+});
diff --git a/netwerk/test/unit/test_cookies_thirdparty_session.js b/netwerk/test/unit/test_cookies_thirdparty_session.js
new file mode 100644
index 0000000000..eefd5d87f9
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_thirdparty_session.js
@@ -0,0 +1,77 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// test third party persistence across sessions, for the cases:
+// 1) network.cookie.thirdparty.sessionOnly = false
+// 2) network.cookie.thirdparty.sessionOnly = true
+
+"use strict";
+
+add_task(async () => {
+  // Set up a profile.
+  do_get_profile();
+
+  // We don't want to have CookieJarSettings blocking this test.
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+  Services.prefs.setBoolPref("dom.security.https_first", false);
+
+  // Bug 1617611 - Fix all the tests broken by "cookies SameSite=Lax by default"
+  Services.prefs.setBoolPref("network.cookie.sameSite.laxByDefault", false);
+
+  CookieXPCShellUtils.createServer({
+    hosts: ["foo.com", "bar.com", "third.com"],
+  });
+
+  // Create URIs and channels pointing to foo.com and bar.com.
+  // We will use these to put foo.com into first and third party contexts.
+  var spec1 = "http://foo.com/foo.html";
+  var spec2 = "http://bar.com/bar.html";
+  var uri1 = NetUtil.newURI(spec1);
+  var uri2 = NetUtil.newURI(spec2);
+  var channel1 = NetUtil.newChannel({
+    uri: uri1,
+    loadUsingSystemPrincipal: true,
+  });
+  var channel2 = NetUtil.newChannel({
+    uri: uri2,
+    loadUsingSystemPrincipal: true,
+  });
+
+  // Force the channel URI to be used when determining the originating URI of
+  // the channel.
+  var httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
+  var httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
+  httpchannel1.forceAllowThirdPartyCookie = true;
+  httpchannel2.forceAllowThirdPartyCookie = true;
+
+  // test with cookies enabled, and third party cookies persistent.
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  Services.prefs.setBoolPref("network.cookie.thirdparty.sessionOnly", false);
+  await do_set_cookies(uri1, channel2, false, [1, 2]);
+  await do_set_cookies(uri2, channel1, true, [1, 2]);
+
+  // fake a profile change
+  await promise_close_profile();
+
+  do_load_profile();
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 2);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+
+  // test with third party cookies for session only.
+  Services.prefs.setBoolPref("network.cookie.thirdparty.sessionOnly", true);
+  Services.cookies.removeAll();
+  await do_set_cookies(uri1, channel2, false, [1, 2]);
+  await do_set_cookies(uri2, channel1, true, [1, 2]);
+
+  // fake a profile change
+  await promise_close_profile();
+
+  do_load_profile();
+  Assert.equal(Services.cookies.countCookiesFromHost(uri1.host), 0);
+  Assert.equal(Services.cookies.countCookiesFromHost(uri2.host), 0);
+  Services.prefs.clearUserPref("dom.security.https_first");
+  Services.prefs.clearUserPref("network.cookie.sameSite.laxByDefault");
+});
diff --git a/netwerk/test/unit/test_cookies_upgrade_10.js b/netwerk/test/unit/test_cookies_upgrade_10.js
new file mode 100644
index 0000000000..8d9e595a28
--- /dev/null
+++ b/netwerk/test/unit/test_cookies_upgrade_10.js
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+function getDBVersion(dbfile) {
+  let dbConnection = Services.storage.openDatabase(dbfile);
+  let version = dbConnection.schemaVersion;
+  dbConnection.close();
+
+  return version;
+}
+
+function indexExists(dbfile, indexname) {
+  let dbConnection = Services.storage.openDatabase(dbfile);
+  let result = dbConnection.indexExists(indexname);
+  dbConnection.close();
+
+  return result;
+}
+
+add_task(async function () {
+  try {
+    let testfile = do_get_file("data/cookies_v10.sqlite");
+    let profileDir = do_get_profile();
+
+    // Cleanup from any previous tests or failures.
+    let destFile = profileDir.clone();
+    destFile.append("cookies.sqlite");
+    if (destFile.exists()) {
+      destFile.remove(false);
+    }
+
+    testfile.copyTo(profileDir, "cookies.sqlite");
+    Assert.equal(10, getDBVersion(destFile));
+
+    Assert.ok(destFile.exists());
+
+    // Check that the index exists
+    Assert.ok(indexExists(destFile, "moz_basedomain"));
+
+    // Do something that will cause the cookie service access and upgrade the
+    // database.
+    Services.cookies.cookies;
+
+    // Pretend that we're about to shut down, to tell the cookie manager
+    // to clean up its connection with its database.
+    Services.startup.advanceShutdownPhase(
+      Services.startup.SHUTDOWN_PHASE_APPSHUTDOWN
+    );
+
+    // check for upgraded schema.
+    Assert.equal(13, getDBVersion(destFile));
+
+    // Check that the index was deleted
+    Assert.ok(!indexExists(destFile, "moz_basedomain"));
+  } catch (e) {
+    throw new Error(`FAILED: ${e}`);
+  }
+});
diff --git a/netwerk/test/unit/test_data_protocol.js b/netwerk/test/unit/test_data_protocol.js
new file mode 100644
index 0000000000..484ad469de
--- /dev/null
+++ b/netwerk/test/unit/test_data_protocol.js
@@ -0,0 +1,90 @@
+/* run some tests on the data: protocol handler */
+
+// The behaviour wrt spaces is:
+// - Textual content keeps all spaces
+// - Other content strips unescaped spaces
+// - Base64 content strips escaped and unescaped spaces
+
+"use strict";
+
+var urls = [
+  ["data:,", "text/plain", ""],
+  ["data:,foo", "text/plain", "foo"],
+  [
+    "data:application/octet-stream,foo bar",
+    "application/octet-stream",
+    "foo bar",
+  ],
+  [
+    "data:application/octet-stream,foo%20bar",
+    "application/octet-stream",
+    "foo bar",
+  ],
+  ["data:application/xhtml+xml,foo bar", "application/xhtml+xml", "foo bar"],
+  ["data:application/xhtml+xml,foo%20bar", "application/xhtml+xml", "foo bar"],
+  ["data:text/plain,foo%00 bar", "text/plain", "foo\x00 bar"],
+  ["data:text/plain;x=y,foo%00 bar", "text/plain", "foo\x00 bar"],
+  ["data:;x=y,foo%00 bar", "text/plain", "foo\x00 bar"],
+  ["data:text/plain;base64,Zm9 vI%20GJ%0Dhc%0Ag==", "text/plain", "foo bar"],
+  ["DATA:TEXT/PLAIN;BASE64,Zm9 vI%20GJ%0Dhc%0Ag==", "text/plain", "foo bar"],
+  ["DaTa:;BaSe64,Zm9 vI%20GJ%0Dhc%0Ag==", "text/plain", "foo bar"],
+  ["data:;x=y;base64,Zm9 vI%20GJ%0Dhc%0Ag==", "text/plain", "foo bar"],
+  // Bug 774240
+  [
+    "data:application/octet-stream;base64=y,foobar",
+    "application/octet-stream",
+    "foobar",
+  ],
+  ["data:text/plain;base64;x=y,dGVzdA==", "text/plain", "dGVzdA=="],
+  ["data:text/plain;x=y;base64,dGVzdA==", "text/plain", "test"],
+  ["data:text/plain;x=y;base64,", "text/plain", ""],
+  ["data:  ;charset=x   ;  base64,WA", "text/plain", "X", "x"],
+  ["data:base64,WA", "text/plain", "WA", "US-ASCII"],
+];
+
+function run_test() {
+  dump("*** run_test\n");
+
+  function on_read_complete(request, data, idx) {
+    dump("*** run_test.on_read_complete\n");
+
+    if (request.nsIChannel.contentType != urls[idx][1]) {
+      do_throw(
+        "Type mismatch! Is <" +
+          chan.contentType +
+          ">, should be <" +
+          urls[idx][1] +
+          ">"
+      );
+    }
+
+    if (urls[idx][3] && request.nsIChannel.contentCharset !== urls[idx][3]) {
+      do_throw(
+        `Charset mismatch! Test <${urls[idx][0]}> - Is <${request.nsIChannel.contentCharset}>, should be <${urls[idx][3]}>`
+      );
+    }
+
+    /* read completed successfully.  now compare the data. */
+    if (data != urls[idx][2]) {
+      do_throw(
+        "Stream contents do not match with direct read! Is <" +
+          data +
+          ">, should be <" +
+          urls[idx][2] +
+          ">"
+      );
+    }
+    do_test_finished();
+  }
+
+  for (var i = 0; i < urls.length; ++i) {
+    dump("*** opening channel " + i + "\n");
+    do_test_pending();
+    var chan = NetUtil.newChannel({
+      uri: urls[i][0],
+      loadUsingSystemPrincipal: true,
+    });
+    chan.contentType = "foo/bar"; // should be ignored
+    chan.asyncOpen(new ChannelListener(on_read_complete, i));
+  }
+}
diff --git a/netwerk/test/unit/test_defaultURI.js b/netwerk/test/unit/test_defaultURI.js
new file mode 100644
index 0000000000..36f6432db4
--- /dev/null
+++ b/netwerk/test/unit/test_defaultURI.js
@@ -0,0 +1,186 @@
+"use strict";
+
+function stringToDefaultURI(str) {
+  return Cc["@mozilla.org/network/default-uri-mutator;1"]
+    .createInstance(Ci.nsIURIMutator)
+    .setSpec(str)
+    .finalize();
+}
+
+add_task(function test_getters() {
+  let uri = stringToDefaultURI(
+    "proto://user:password@hostname:123/path/to/file?query#hash"
+  );
+  equal(uri.spec, "proto://user:password@hostname:123/path/to/file?query#hash");
+  equal(uri.prePath, "proto://user:password@hostname:123");
+  equal(uri.scheme, "proto");
+  equal(uri.userPass, "user:password");
+  equal(uri.username, "user");
+  equal(uri.password, "password");
+  equal(uri.hasUserPass, true);
+  equal(uri.hostPort, "hostname:123");
+  equal(uri.host, "hostname");
+  equal(uri.port, 123);
+  equal(uri.pathQueryRef, "/path/to/file?query#hash");
+  equal(uri.asciiSpec, uri.spec);
+  equal(uri.asciiHostPort, uri.hostPort);
+  equal(uri.asciiHost, uri.host);
+  equal(uri.ref, "hash");
+  equal(
+    uri.specIgnoringRef,
+    "proto://user:password@hostname:123/path/to/file?query"
+  );
+  equal(uri.hasRef, true);
+  equal(uri.filePath, "/path/to/file");
+  equal(uri.query, "query");
+  equal(uri.displayHost, uri.host);
+  equal(uri.displayHostPort, uri.hostPort);
+  equal(uri.displaySpec, uri.spec);
+  equal(uri.displayPrePath, uri.prePath);
+});
+
+add_task(function test_methods() {
+  let uri = stringToDefaultURI(
+    "proto://user:password@hostname:123/path/to/file?query#hash"
+  );
+  let uri_same = stringToDefaultURI(
+    "proto://user:password@hostname:123/path/to/file?query#hash"
+  );
+  let uri_different = stringToDefaultURI(
+    "proto://user:password@hostname:123/path/to/file?query"
+  );
+  let uri_very_different = stringToDefaultURI(
+    "proto://user:password@hostname:123/path/to/file?query1#hash"
+  );
+  ok(uri.equals(uri_same));
+  ok(!uri.equals(uri_different));
+  ok(uri.schemeIs("proto"));
+  ok(!uri.schemeIs("proto2"));
+  ok(!uri.schemeIs("proto "));
+  ok(!uri.schemeIs("proto\n"));
+  equal(uri.resolve("/hello"), "proto://user:password@hostname:123/hello");
+  equal(
+    uri.resolve("hello"),
+    "proto://user:password@hostname:123/path/to/hello"
+  );
+  equal(uri.resolve("proto2:otherhost"), "proto2:otherhost");
+  ok(uri.equalsExceptRef(uri_same));
+  ok(uri.equalsExceptRef(uri_different));
+  ok(!uri.equalsExceptRef(uri_very_different));
+});
+
+add_task(function test_mutator() {
+  let uri = stringToDefaultURI(
+    "proto://user:pass@host:123/path/to/file?query#hash"
+  );
+
+  let check = (callSetters, verify) => {
+    let m = uri.mutate();
+    callSetters(m);
+    verify(m.finalize());
+  };
+
+  check(
+    m => m.setSpec("test:bla"),
+    u => equal(u.spec, "test:bla")
+  );
+  check(
+    m => m.setSpec("test:bla"),
+    u => equal(u.spec, "test:bla")
+  );
+  check(
+    m => m.setScheme("some"),
+    u => equal(u.spec, "some://user:pass@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setUserPass("u"),
+    u => equal(u.spec, "proto://u@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setUserPass("u:p"),
+    u => equal(u.spec, "proto://u:p@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setUserPass(":p"),
+    u => equal(u.spec, "proto://:p@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setUserPass(""),
+    u => equal(u.spec, "proto://host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setUsername("u"),
+    u => equal(u.spec, "proto://u:pass@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setPassword("p"),
+    u => equal(u.spec, "proto://user:p@host:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setHostPort("h"),
+    u => equal(u.spec, "proto://user:pass@h:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setHostPort("h:456"),
+    u => equal(u.spec, "proto://user:pass@h:456/path/to/file?query#hash")
+  );
+  check(
+    m => m.setHost("bla"),
+    u => equal(u.spec, "proto://user:pass@bla:123/path/to/file?query#hash")
+  );
+  check(
+    m => m.setPort(987),
+    u => equal(u.spec, "proto://user:pass@host:987/path/to/file?query#hash")
+  );
+  check(
+    m => m.setPathQueryRef("/p?q#r"),
+    u => equal(u.spec, "proto://user:pass@host:123/p?q#r")
+  );
+  check(
+    m => m.setRef("r"),
+    u => equal(u.spec, "proto://user:pass@host:123/path/to/file?query#r")
+  );
+  check(
+    m => m.setFilePath("/my/path"),
+    u => equal(u.spec, "proto://user:pass@host:123/my/path?query#hash")
+  );
+  check(
+    m => m.setQuery("q"),
+    u => equal(u.spec, "proto://user:pass@host:123/path/to/file?q#hash")
+  );
+});
+
+add_task(function test_ipv6() {
+  let uri = stringToDefaultURI("non-special://[2001::1]/");
+  equal(uri.hostPort, "[2001::1]");
+  // Hopefully this will change after bug 1603199.
+  equal(uri.host, "2001::1");
+});
+
+add_task(function test_serialization() {
+  let uri = stringToDefaultURI("http://example.org/path");
+  let str = serialize_to_escaped_string(uri);
+  let other = deserialize_from_escaped_string(str).QueryInterface(Ci.nsIURI);
+  equal(other.spec, uri.spec);
+});
+
+// This test assumes the serialization never changes, which might not be true.
+// It's OK to change the test if we ever make changes to the serialization
+// code and this starts failing.
+add_task(function test_deserialize_from_string() {
+  let payload =
+    "%04DZ%A0%FD%27L%99%BDAk%E61%8A%E9%2C%00%00%00%00%00%00%00" +
+    "%00%C0%00%00%00%00%00%00F%00%00%00%13scheme%3Astuff/to/say";
+  equal(
+    deserialize_from_escaped_string(payload).QueryInterface(Ci.nsIURI).spec,
+    stringToDefaultURI("scheme:stuff/to/say").spec
+  );
+
+  let payload2 =
+    "%04DZ%A0%FD%27L%99%BDAk%E61%8A%E9%2C%00%00%00%00%00%00%00" +
+    "%00%C0%00%00%00%00%00%00F%00%00%00%17http%3A//example.org/path";
+  equal(
+    deserialize_from_escaped_string(payload2).QueryInterface(Ci.nsIURI).spec,
+    stringToDefaultURI("http://example.org/path").spec
+  );
+});
diff --git a/netwerk/test/unit/test_dns_by_type_resolve.js b/netwerk/test/unit/test_dns_by_type_resolve.js
new file mode 100644
index 0000000000..26b087f301
--- /dev/null
+++ b/netwerk/test/unit/test_dns_by_type_resolve.js
@@ -0,0 +1,83 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let h2Port;
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  trr_test_setup();
+  registerCleanupFunction(() => {
+    trr_clear_prefs();
+  });
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
+});
+
+let test_answer = "bXkgdm9pY2UgaXMgbXkgcGFzc3dvcmQ=";
+let test_answer_addr = "127.0.0.1";
+
+add_task(async function testTXTResolve() {
+  // use the h2 server as DOH provider
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    "https://foo.example.com:" + h2Port + "/doh"
+  );
+
+  let { inRecord } = await new TRRDNSListener("_esni.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_TXT,
+  });
+
+  let answer = inRecord
+    .QueryInterface(Ci.nsIDNSTXTRecord)
+    .getRecordsAsOneString();
+  Assert.equal(answer, test_answer, "got correct answer");
+});
+
+// verify TXT record pushed on a A record request
+add_task(async function testTXTRecordPushPart1() {
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    "https://foo.example.com:" + h2Port + "/txt-dns-push"
+  );
+  let { inRecord } = await new TRRDNSListener("_esni_push.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    expectedAnswer: "127.0.0.1",
+  });
+
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  let answer = inRecord.getNextAddrAsString();
+  Assert.equal(answer, test_answer_addr, "got correct answer");
+});
+
+// verify the TXT pushed record
+add_task(async function testTXTRecordPushPart2() {
+  // At this point the second host name should've been pushed and we can resolve it using
+  // cache only. Set back the URI to a path that fails.
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    "https://foo.example.com:" + h2Port + "/404"
+  );
+  let { inRecord } = await new TRRDNSListener("_esni_push.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_TXT,
+  });
+
+  let answer = inRecord
+    .QueryInterface(Ci.nsIDNSTXTRecord)
+    .getRecordsAsOneString();
+  Assert.equal(answer, test_answer, "got correct answer");
+});
diff --git a/netwerk/test/unit/test_dns_cancel.js b/netwerk/test/unit/test_dns_cancel.js
new file mode 100644
index 0000000000..c20e63ae4c
--- /dev/null
+++ b/netwerk/test/unit/test_dns_cancel.js
@@ -0,0 +1,119 @@
+"use strict";
+
+var hostname1 = "";
+var hostname2 = "";
+var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+for (var i = 0; i < 20; i++) {
+  hostname1 += possible.charAt(Math.floor(Math.random() * possible.length));
+  hostname2 += possible.charAt(Math.floor(Math.random() * possible.length));
+}
+
+var requestList1Canceled2;
+var requestList1NotCanceled;
+
+var requestList2Canceled;
+var requestList2NotCanceled;
+
+var listener1 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    // One request should be resolved and two request should be canceled.
+    if (inRequest == requestList1NotCanceled) {
+      // This request should not be canceled.
+      Assert.notEqual(inStatus, Cr.NS_ERROR_ABORT);
+
+      do_test_finished();
+    }
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+};
+
+var listener2 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    // One request should be resolved and the other canceled.
+    if (inRequest == requestList2NotCanceled) {
+      // The request should not be canceled.
+      Assert.notEqual(inStatus, Cr.NS_ERROR_ABORT);
+
+      do_test_finished();
+    }
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+};
+
+const defaultOriginAttributes = {};
+
+function run_test() {
+  var mainThread = Services.tm.currentThread;
+
+  var flags = Ci.nsIDNSService.RESOLVE_BYPASS_CACHE;
+
+  // This one will be canceled with cancelAsyncResolve.
+  Services.dns.asyncResolve(
+    hostname2,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener1,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Services.dns.cancelAsyncResolve(
+    hostname2,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener1,
+    Cr.NS_ERROR_ABORT,
+    defaultOriginAttributes
+  );
+
+  // This one will not be canceled.
+  requestList1NotCanceled = Services.dns.asyncResolve(
+    hostname1,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener1,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  // This one will be canceled with cancel(Cr.NS_ERROR_ABORT).
+  requestList1Canceled2 = Services.dns.asyncResolve(
+    hostname1,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener1,
+    mainThread,
+    defaultOriginAttributes
+  );
+  requestList1Canceled2.cancel(Cr.NS_ERROR_ABORT);
+
+  // This one will not be canceled.
+  requestList2NotCanceled = Services.dns.asyncResolve(
+    hostname1,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener2,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  // This one will be canceled with cancel(Cr.NS_ERROR_ABORT).
+  requestList2Canceled = Services.dns.asyncResolve(
+    hostname2,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    flags,
+    null, // resolverInfo
+    listener2,
+    mainThread,
+    defaultOriginAttributes
+  );
+  requestList2Canceled.cancel(Cr.NS_ERROR_ABORT);
+
+  do_test_pending();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_dns_disable_ipv4.js b/netwerk/test/unit/test_dns_disable_ipv4.js
new file mode 100644
index 0000000000..286964341e
--- /dev/null
+++ b/netwerk/test/unit/test_dns_disable_ipv4.js
@@ -0,0 +1,68 @@
+//
+// Tests that calling asyncResolve with the RESOLVE_DISABLE_IPV4 flag doesn't
+// return any IPv4 addresses.
+//
+
+"use strict";
+
+const gOverride = Cc["@mozilla.org/network/native-dns-override;1"].getService(
+  Ci.nsINativeDNSResolverOverride
+);
+
+const defaultOriginAttributes = {};
+
+add_task(async function test_none() {
+  let [, inRecord] = await new Promise(resolve => {
+    let listener = {
+      onLookupComplete(inRequest, inRecord1, inStatus) {
+        resolve([inRequest, inRecord1, inStatus]);
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+    };
+
+    Services.dns.asyncResolve(
+      "example.org",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      Ci.nsIDNSService.RESOLVE_DISABLE_IPV4,
+      null, // resolverInfo
+      listener,
+      null,
+      defaultOriginAttributes
+    );
+  });
+
+  if (inRecord && inRecord.QueryInterface(Ci.nsIDNSAddrRecord)) {
+    while (inRecord.hasMore()) {
+      let nextIP = inRecord.getNextAddrAsString();
+      ok(nextIP.includes(":"), `${nextIP} should be IPv6`);
+    }
+  }
+});
+
+add_task(async function test_some() {
+  Services.dns.clearCache(true);
+  gOverride.addIPOverride("example.com", "1.1.1.1");
+  gOverride.addIPOverride("example.org", "::1:2:3");
+  let [, inRecord] = await new Promise(resolve => {
+    let listener = {
+      onLookupComplete(inRequest, inRecord1, inStatus) {
+        resolve([inRequest, inRecord1, inStatus]);
+      },
+      QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+    };
+
+    Services.dns.asyncResolve(
+      "example.org",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      Ci.nsIDNSService.RESOLVE_DISABLE_IPV4,
+      null, // resolverInfo
+      listener,
+      null,
+      defaultOriginAttributes
+    );
+  });
+
+  ok(inRecord.QueryInterface(Ci.nsIDNSAddrRecord));
+  equal(inRecord.getNextAddrAsString(), "::1:2:3");
+  equal(inRecord.hasMore(), false);
+});
diff --git a/netwerk/test/unit/test_dns_disable_ipv6.js b/netwerk/test/unit/test_dns_disable_ipv6.js
new file mode 100644
index 0000000000..d05c56091f
--- /dev/null
+++ b/netwerk/test/unit/test_dns_disable_ipv6.js
@@ -0,0 +1,51 @@
+//
+// Tests that calling asyncResolve with the RESOLVE_DISABLE_IPV6 flag doesn't
+// return any IPv6 addresses.
+//
+
+"use strict";
+
+var listener = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    if (inStatus != Cr.NS_OK) {
+      Assert.equal(inStatus, Cr.NS_ERROR_UNKNOWN_HOST);
+      do_test_finished();
+      return;
+    }
+
+    while (true) {
+      try {
+        inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+        var answer = inRecord.getNextAddrAsString();
+        // If there is an answer it should be an IPv4  address
+        dump(answer);
+        Assert.ok(!answer.includes(":"));
+        Assert.ok(answer.includes("."));
+      } catch (e) {
+        break;
+      }
+    }
+    do_test_finished();
+  },
+};
+
+const defaultOriginAttributes = {};
+
+function run_test() {
+  do_test_pending();
+  try {
+    Services.dns.asyncResolve(
+      "example.com",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      Ci.nsIDNSService.RESOLVE_DISABLE_IPV6,
+      null, // resolverInfo
+      listener,
+      null,
+      defaultOriginAttributes
+    );
+  } catch (e) {
+    dump(e);
+    Assert.ok(false);
+    do_test_finished();
+  }
+}
diff --git a/netwerk/test/unit/test_dns_disabled.js b/netwerk/test/unit/test_dns_disabled.js
new file mode 100644
index 0000000000..cfffd5530f
--- /dev/null
+++ b/netwerk/test/unit/test_dns_disabled.js
@@ -0,0 +1,88 @@
+"use strict";
+
+const override = Cc["@mozilla.org/network/native-dns-override;1"].getService(
+  Ci.nsINativeDNSResolverOverride
+);
+const mainThread = Services.tm.currentThread;
+
+function makeListenerBlock(next) {
+  return {
+    onLookupComplete(inRequest, inRecord, inStatus) {
+      Assert.ok(!Components.isSuccessCode(inStatus));
+      next();
+    },
+  };
+}
+
+function makeListenerDontBlock(next, expectedAnswer) {
+  return {
+    onLookupComplete(inRequest, inRecord, inStatus) {
+      Assert.equal(inStatus, Cr.NS_OK);
+      inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+      var answer = inRecord.getNextAddrAsString();
+      if (expectedAnswer) {
+        Assert.equal(answer, expectedAnswer);
+      } else {
+        Assert.ok(answer == "127.0.0.1" || answer == "::1");
+      }
+      next();
+    },
+  };
+}
+
+function do_test({ dnsDisabled, mustBlock, testDomain, expectedAnswer }) {
+  return new Promise(resolve => {
+    Services.prefs.setBoolPref("network.dns.disabled", dnsDisabled);
+    try {
+      Services.dns.asyncResolve(
+        testDomain,
+        Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+        0,
+        null, // resolverInfo
+        mustBlock
+          ? makeListenerBlock(resolve)
+          : makeListenerDontBlock(resolve, expectedAnswer),
+        mainThread,
+        {} // Default origin attributes
+      );
+    } catch (e) {
+      Assert.ok(mustBlock === true);
+      resolve();
+    }
+  });
+}
+
+function setup() {
+  override.addIPOverride("foo.bar", "127.0.0.1");
+  registerCleanupFunction(function () {
+    override.clearOverrides();
+    Services.prefs.clearUserPref("network.dns.disabled");
+  });
+}
+setup();
+
+// IP literals should be resolved even if dns is disabled
+add_task(async function testIPLiteral() {
+  return do_test({
+    dnsDisabled: true,
+    mustBlock: false,
+    testDomain: "0x01010101",
+    expectedAnswer: "1.1.1.1",
+  });
+});
+
+add_task(async function testBlocked() {
+  return do_test({
+    dnsDisabled: true,
+    mustBlock: true,
+    testDomain: "foo.bar",
+  });
+});
+
+add_task(async function testNotBlocked() {
+  return do_test({
+    dnsDisabled: false,
+    mustBlock: false,
+    testDomain: "foo.bar",
+  });
+});
diff --git a/netwerk/test/unit/test_dns_localredirect.js b/netwerk/test/unit/test_dns_localredirect.js
new file mode 100644
index 0000000000..3ca432f477
--- /dev/null
+++ b/netwerk/test/unit/test_dns_localredirect.js
@@ -0,0 +1,59 @@
+"use strict";
+
+var prefs = Services.prefs;
+
+var nextTest;
+
+var listener = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+
+    nextTest();
+    do_test_finished();
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+};
+
+const defaultOriginAttributes = {};
+
+function run_test() {
+  prefs.setCharPref("network.dns.localDomains", "local.vingtetun.org");
+
+  var mainThread = Services.tm.currentThread;
+  nextTest = do_test_2;
+  Services.dns.asyncResolve(
+    "local.vingtetun.org",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  do_test_pending();
+}
+
+function do_test_2() {
+  var mainThread = Services.tm.currentThread;
+  nextTest = testsDone;
+  prefs.setCharPref("network.dns.forceResolve", "localhost");
+  Services.dns.asyncResolve(
+    "www.example.com",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  do_test_pending();
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.dns.forceResolve");
+}
diff --git a/netwerk/test/unit/test_dns_offline.js b/netwerk/test/unit/test_dns_offline.js
new file mode 100644
index 0000000000..db9c436292
--- /dev/null
+++ b/netwerk/test/unit/test_dns_offline.js
@@ -0,0 +1,105 @@
+"use strict";
+
+var ioService = Services.io;
+var prefs = Services.prefs;
+var mainThread = Services.tm.currentThread;
+
+var listener1 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_ERROR_OFFLINE);
+    test2();
+    do_test_finished();
+  },
+};
+
+var listener2 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_OK);
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+    test3();
+    do_test_finished();
+  },
+};
+
+var listener3 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_OK);
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+    cleanup();
+    do_test_finished();
+  },
+};
+
+const defaultOriginAttributes = {};
+
+function run_test() {
+  do_test_pending();
+  prefs.setBoolPref("network.dns.offline-localhost", false);
+  // We always resolve localhost as it's hardcoded without the following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+  ioService.offline = true;
+  try {
+    Services.dns.asyncResolve(
+      "localhost",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      0,
+      null, // resolverInfo
+      listener1,
+      mainThread,
+      defaultOriginAttributes
+    );
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_OFFLINE);
+    test2();
+    do_test_finished();
+  }
+}
+
+function test2() {
+  do_test_pending();
+  prefs.setBoolPref("network.dns.offline-localhost", true);
+  ioService.offline = false;
+  ioService.offline = true;
+  // we need to let the main thread run and apply the changes
+  do_timeout(0, test2Continued);
+}
+
+function test2Continued() {
+  Services.dns.asyncResolve(
+    "localhost",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener2,
+    mainThread,
+    defaultOriginAttributes
+  );
+}
+
+function test3() {
+  do_test_pending();
+  ioService.offline = false;
+  // we need to let the main thread run and apply the changes
+  do_timeout(0, test3Continued);
+}
+
+function test3Continued() {
+  Services.dns.asyncResolve(
+    "localhost",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener3,
+    mainThread,
+    defaultOriginAttributes
+  );
+}
+
+function cleanup() {
+  prefs.clearUserPref("network.dns.offline-localhost");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+}
diff --git a/netwerk/test/unit/test_dns_onion.js b/netwerk/test/unit/test_dns_onion.js
new file mode 100644
index 0000000000..928753f71f
--- /dev/null
+++ b/netwerk/test/unit/test_dns_onion.js
@@ -0,0 +1,76 @@
+"use strict";
+
+var mainThread = Services.tm.currentThread;
+
+var onionPref;
+var localdomainPref;
+var prefs = Services.prefs;
+
+// check that we don't lookup .onion
+var listenerBlock = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.ok(!Components.isSuccessCode(inStatus));
+    do_test_dontBlock();
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+};
+
+// check that we do lookup .onion (via pref)
+var listenerDontBlock = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+    all_done();
+  },
+  QueryInterface: ChromeUtils.generateQI(["nsIDNSListener"]),
+};
+
+const defaultOriginAttributes = {};
+
+function do_test_dontBlock() {
+  prefs.setBoolPref("network.dns.blockDotOnion", false);
+  Services.dns.asyncResolve(
+    "private.onion",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listenerDontBlock,
+    mainThread,
+    defaultOriginAttributes
+  );
+}
+
+function do_test_block() {
+  prefs.setBoolPref("network.dns.blockDotOnion", true);
+  try {
+    Services.dns.asyncResolve(
+      "private.onion",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      0,
+      null, // resolverInfo
+      listenerBlock,
+      mainThread,
+      defaultOriginAttributes
+    );
+  } catch (e) {
+    // it is ok for this negative test to fail fast
+    Assert.ok(true);
+    do_test_dontBlock();
+  }
+}
+
+function all_done() {
+  // reset locally modified prefs
+  prefs.setCharPref("network.dns.localDomains", localdomainPref);
+  prefs.setBoolPref("network.dns.blockDotOnion", onionPref);
+  do_test_finished();
+}
+
+function run_test() {
+  onionPref = prefs.getBoolPref("network.dns.blockDotOnion");
+  localdomainPref = prefs.getCharPref("network.dns.localDomains");
+  prefs.setCharPref("network.dns.localDomains", "private.onion");
+  do_test_block();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_dns_originAttributes.js b/netwerk/test/unit/test_dns_originAttributes.js
new file mode 100644
index 0000000000..39e2a4f0f1
--- /dev/null
+++ b/netwerk/test/unit/test_dns_originAttributes.js
@@ -0,0 +1,93 @@
+"use strict";
+
+var prefs = Services.prefs;
+var mainThread = Services.tm.currentThread;
+
+var listener1 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_OK);
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+    test2();
+    do_test_finished();
+  },
+};
+
+var listener2 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_OK);
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    var answer = inRecord.getNextAddrAsString();
+    Assert.ok(answer == "127.0.0.1" || answer == "::1");
+    test3();
+    do_test_finished();
+  },
+};
+
+var listener3 = {
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    Assert.equal(inStatus, Cr.NS_ERROR_OFFLINE);
+    cleanup();
+    do_test_finished();
+  },
+};
+
+const firstOriginAttributes = { userContextId: 1 };
+const secondOriginAttributes = { userContextId: 2 };
+
+// First, we resolve the address normally for first originAttributes.
+function run_test() {
+  do_test_pending();
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+  Services.dns.asyncResolve(
+    "localhost",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener1,
+    mainThread,
+    firstOriginAttributes
+  );
+}
+
+// Second, we resolve the same address offline to see whether its DNS cache works
+// correctly.
+function test2() {
+  do_test_pending();
+  Services.dns.asyncResolve(
+    "localhost",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_OFFLINE,
+    null, // resolverInfo
+    listener2,
+    mainThread,
+    firstOriginAttributes
+  );
+}
+
+// Third, we resolve the same address offline again with different originAttributes.
+// This resolving should fail since the DNS cache of the given address is not exist
+// for this originAttributes.
+function test3() {
+  do_test_pending();
+  try {
+    Services.dns.asyncResolve(
+      "localhost",
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      Ci.nsIDNSService.RESOLVE_OFFLINE,
+      null, // resolverInfo
+      listener3,
+      mainThread,
+      secondOriginAttributes
+    );
+  } catch (e) {
+    Assert.equal(e.result, Cr.NS_ERROR_OFFLINE);
+    cleanup();
+    do_test_finished();
+  }
+}
+
+function cleanup() {
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+}
diff --git a/netwerk/test/unit/test_dns_override.js b/netwerk/test/unit/test_dns_override.js
new file mode 100644
index 0000000000..f092dd531c
--- /dev/null
+++ b/netwerk/test/unit/test_dns_override.js
@@ -0,0 +1,515 @@
+"use strict";
+
+const override = Cc["@mozilla.org/network/native-dns-override;1"].getService(
+  Ci.nsINativeDNSResolverOverride
+);
+const defaultOriginAttributes = {};
+const mainThread = Services.tm.currentThread;
+
+class Listener {
+  constructor() {
+    this.promise = new Promise(resolve => {
+      this.resolve = resolve;
+    });
+  }
+
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    this.resolve([inRequest, inRecord, inStatus]);
+  }
+
+  async firstAddress() {
+    let all = await this.addresses();
+    if (all.length) {
+      return all[0];
+    }
+
+    return undefined;
+  }
+
+  async addresses() {
+    let [, inRecord] = await this.promise;
+    let addresses = [];
+    if (!inRecord) {
+      return addresses; // returns []
+    }
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    while (inRecord.hasMore()) {
+      addresses.push(inRecord.getNextAddrAsString());
+    }
+    return addresses;
+  }
+
+  then() {
+    return this.promise.then.apply(this.promise, arguments);
+  }
+}
+Listener.prototype.QueryInterface = ChromeUtils.generateQI(["nsIDNSListener"]);
+
+const DOMAIN = "example.org";
+const OTHER = "example.com";
+
+add_setup(async function setup() {
+  trr_test_setup();
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+  });
+});
+
+add_task(async function test_bad_IPs() {
+  Assert.throws(
+    () => override.addIPOverride(DOMAIN, DOMAIN),
+    /NS_ERROR_UNEXPECTED/,
+    "Should throw if input is not an IP address"
+  );
+  Assert.throws(
+    () => override.addIPOverride(DOMAIN, ""),
+    /NS_ERROR_UNEXPECTED/,
+    "Should throw if input is not an IP address"
+  );
+  Assert.throws(
+    () => override.addIPOverride(DOMAIN, " "),
+    /NS_ERROR_UNEXPECTED/,
+    "Should throw if input is not an IP address"
+  );
+  Assert.throws(
+    () => override.addIPOverride(DOMAIN, "1-2-3-4"),
+    /NS_ERROR_UNEXPECTED/,
+    "Should throw if input is not an IP address"
+  );
+});
+
+add_task(async function test_ipv4() {
+  let listener = new Listener();
+  override.addIPOverride(DOMAIN, "1.2.3.4");
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.equal(await listener.firstAddress(), "1.2.3.4");
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_ipv6() {
+  let listener = new Listener();
+  override.addIPOverride(DOMAIN, "fe80::6a99:9b2b:6ccc:6e1b");
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.equal(await listener.firstAddress(), "fe80::6a99:9b2b:6ccc:6e1b");
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_clearOverrides() {
+  let listener = new Listener();
+  override.addIPOverride(DOMAIN, "1.2.3.4");
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.equal(await listener.firstAddress(), "1.2.3.4");
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+
+  listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.notEqual(await listener.firstAddress(), "1.2.3.4");
+
+  await new Promise(resolve => do_timeout(1000, resolve));
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_clearHostOverride() {
+  override.addIPOverride(DOMAIN, "2.2.2.2");
+  override.addIPOverride(OTHER, "2.2.2.2");
+  override.clearHostOverride(DOMAIN);
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  Assert.notEqual(await listener.firstAddress(), "2.2.2.2");
+
+  listener = new Listener();
+  Services.dns.asyncResolve(
+    OTHER,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.equal(await listener.firstAddress(), "2.2.2.2");
+
+  // Note: this test will use the actual system resolver. On windows we do a
+  // second async call to the system libraries to get the TTL values, which
+  // keeps the record alive after the onLookupComplete()
+  // We need to wait for a bit, until the second call is finished before we
+  // can clear the cache to make sure we evict everything.
+  // If the next task ever starts failing, with an IP that is not in this
+  // file, then likely the timeout is too small.
+  await new Promise(resolve => do_timeout(1000, resolve));
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_multiple_IPs() {
+  override.addIPOverride(DOMAIN, "2.2.2.2");
+  override.addIPOverride(DOMAIN, "1.1.1.1");
+  override.addIPOverride(DOMAIN, "::1");
+  override.addIPOverride(DOMAIN, "fe80::6a99:9b2b:6ccc:6e1b");
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.deepEqual(await listener.addresses(), [
+    "2.2.2.2",
+    "1.1.1.1",
+    "::1",
+    "fe80::6a99:9b2b:6ccc:6e1b",
+  ]);
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_address_family_flags() {
+  override.addIPOverride(DOMAIN, "2.2.2.2");
+  override.addIPOverride(DOMAIN, "1.1.1.1");
+  override.addIPOverride(DOMAIN, "::1");
+  override.addIPOverride(DOMAIN, "fe80::6a99:9b2b:6ccc:6e1b");
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_DISABLE_IPV4,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.deepEqual(await listener.addresses(), [
+    "::1",
+    "fe80::6a99:9b2b:6ccc:6e1b",
+  ]);
+
+  listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_DISABLE_IPV6,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  Assert.deepEqual(await listener.addresses(), ["2.2.2.2", "1.1.1.1"]);
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_cname_flag() {
+  override.addIPOverride(DOMAIN, "2.2.2.2");
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  let [, inRecord] = await listener;
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  Assert.throws(
+    () => inRecord.canonicalName,
+    /NS_ERROR_NOT_AVAILABLE/,
+    "No canonical name flag"
+  );
+  Assert.equal(inRecord.getNextAddrAsString(), "2.2.2.2");
+
+  listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  [, inRecord] = await listener;
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  Assert.equal(inRecord.canonicalName, DOMAIN, "No canonical name specified");
+  Assert.equal(inRecord.getNextAddrAsString(), "2.2.2.2");
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+
+  override.addIPOverride(DOMAIN, "2.2.2.2");
+  override.setCnameOverride(DOMAIN, OTHER);
+  listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  [, inRecord] = await listener;
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  Assert.equal(inRecord.canonicalName, OTHER, "Must have correct CNAME");
+  Assert.equal(inRecord.getNextAddrAsString(), "2.2.2.2");
+
+  Services.dns.clearCache(false);
+  override.clearOverrides();
+});
+
+add_task(async function test_nxdomain() {
+  override.addIPOverride(DOMAIN, "N/A");
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+    null,
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+
+  let [, , inStatus] = await listener;
+  equal(inStatus, Cr.NS_ERROR_UNKNOWN_HOST);
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+function hexToUint8Array(hex) {
+  return new Uint8Array(hex.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
+}
+
+add_task(
+  {
+    skip_if: () => mozinfo.os == "win" || mozinfo.os == "android",
+  },
+  async function test_https_record_override() {
+    let trrServer = new TRRServer();
+    await trrServer.start();
+    registerCleanupFunction(async () => {
+      await trrServer.stop();
+    });
+
+    await trrServer.registerDoHAnswers("service.com", "HTTPS", {
+      answers: [
+        {
+          name: "service.com",
+          ttl: 55,
+          type: "HTTPS",
+          flush: false,
+          data: {
+            priority: 1,
+            name: ".",
+            values: [
+              { key: "alpn", value: ["h2", "h3"] },
+              { key: "no-default-alpn" },
+              { key: "port", value: 8888 },
+              { key: "ipv4hint", value: "1.2.3.4" },
+              { key: "echconfig", value: "123..." },
+              { key: "ipv6hint", value: "::1" },
+              { key: "odoh", value: "456..." },
+            ],
+          },
+        },
+        {
+          name: "service.com",
+          ttl: 55,
+          type: "HTTPS",
+          flush: false,
+          data: {
+            priority: 2,
+            name: "test.com",
+            values: [
+              { key: "alpn", value: "h2" },
+              { key: "ipv4hint", value: ["1.2.3.4", "5.6.7.8"] },
+              { key: "echconfig", value: "abc..." },
+              { key: "ipv6hint", value: ["::1", "fe80::794f:6d2c:3d5e:7836"] },
+              { key: "odoh", value: "def..." },
+            ],
+          },
+        },
+      ],
+    });
+
+    let chan = makeChan(
+      `https://foo.example.com:${trrServer.port()}/dnsAnswer?host=service.com&type=HTTPS`
+    );
+    let [, buf] = await channelOpenPromise(chan);
+    let rawBuffer = hexToUint8Array(buf);
+
+    override.addHTTPSRecordOverride("service.com", rawBuffer, rawBuffer.length);
+
+    Services.prefs.setBoolPref("network.dns.native_https_query", true);
+    registerCleanupFunction(async () => {
+      Services.prefs.clearUserPref("network.dns.native_https_query");
+    });
+
+    let listener = new Listener();
+    Services.dns.asyncResolve(
+      "service.com",
+      Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+      0,
+      null,
+      listener,
+      mainThread,
+      defaultOriginAttributes
+    );
+
+    let [, inRecord, inStatus] = await listener;
+    equal(inStatus, Cr.NS_OK);
+    let answer = inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).records;
+    equal(answer[0].priority, 1);
+    equal(answer[0].name, "service.com");
+    Assert.deepEqual(
+      answer[0].values[0].QueryInterface(Ci.nsISVCParamAlpn).alpn,
+      ["h2", "h3"],
+      "got correct answer"
+    );
+    Assert.ok(
+      answer[0].values[1].QueryInterface(Ci.nsISVCParamNoDefaultAlpn),
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[0].values[2].QueryInterface(Ci.nsISVCParamPort).port,
+      8888,
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[0].values[3].QueryInterface(Ci.nsISVCParamIPv4Hint).ipv4Hint[0]
+        .address,
+      "1.2.3.4",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[0].values[4].QueryInterface(Ci.nsISVCParamEchConfig).echconfig,
+      "123...",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[0].values[5].QueryInterface(Ci.nsISVCParamIPv6Hint).ipv6Hint[0]
+        .address,
+      "::1",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[0].values[6].QueryInterface(Ci.nsISVCParamODoHConfig).ODoHConfig,
+      "456...",
+      "got correct answer"
+    );
+
+    Assert.equal(answer[1].priority, 2);
+    Assert.equal(answer[1].name, "test.com");
+    Assert.equal(answer[1].values.length, 5);
+    Assert.deepEqual(
+      answer[1].values[0].QueryInterface(Ci.nsISVCParamAlpn).alpn,
+      ["h2"],
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[1].QueryInterface(Ci.nsISVCParamIPv4Hint).ipv4Hint[0]
+        .address,
+      "1.2.3.4",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[1].QueryInterface(Ci.nsISVCParamIPv4Hint).ipv4Hint[1]
+        .address,
+      "5.6.7.8",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[2].QueryInterface(Ci.nsISVCParamEchConfig).echconfig,
+      "abc...",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[3].QueryInterface(Ci.nsISVCParamIPv6Hint).ipv6Hint[0]
+        .address,
+      "::1",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[3].QueryInterface(Ci.nsISVCParamIPv6Hint).ipv6Hint[1]
+        .address,
+      "fe80::794f:6d2c:3d5e:7836",
+      "got correct answer"
+    );
+    Assert.equal(
+      answer[1].values[4].QueryInterface(Ci.nsISVCParamODoHConfig).ODoHConfig,
+      "def...",
+      "got correct answer"
+    );
+  }
+);
diff --git a/netwerk/test/unit/test_dns_override_for_localhost.js b/netwerk/test/unit/test_dns_override_for_localhost.js
new file mode 100644
index 0000000000..ecd708ee53
--- /dev/null
+++ b/netwerk/test/unit/test_dns_override_for_localhost.js
@@ -0,0 +1,92 @@
+"use strict";
+
+const override = Cc["@mozilla.org/network/native-dns-override;1"].getService(
+  Ci.nsINativeDNSResolverOverride
+);
+const defaultOriginAttributes = {};
+const mainThread = Services.tm.currentThread;
+
+class Listener {
+  constructor() {
+    this.promise = new Promise(resolve => {
+      this.resolve = resolve;
+    });
+  }
+
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    this.resolve([inRequest, inRecord, inStatus]);
+  }
+
+  async addresses() {
+    let [, inRecord] = await this.promise;
+    let addresses = [];
+    if (!inRecord) {
+      return addresses; // returns []
+    }
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    while (inRecord.hasMore()) {
+      addresses.push(inRecord.getNextAddrAsString());
+    }
+    return addresses;
+  }
+
+  then() {
+    return this.promise.then.apply(this.promise, arguments);
+  }
+}
+Listener.prototype.QueryInterface = ChromeUtils.generateQI(["nsIDNSListener"]);
+
+const DOMAINS = [
+  "localhost",
+  "localhost.",
+  "vhost.localhost",
+  "vhost.localhost.",
+];
+DOMAINS.forEach(domain => {
+  add_task(async function test_() {
+    let listener1 = new Listener();
+    const overrides = ["1.2.3.4", "5.6.7.8"];
+    overrides.forEach(ip_address => {
+      override.addIPOverride(domain, ip_address);
+    });
+
+    // Verify that loopback host names are not overridden.
+    Services.dns.asyncResolve(
+      domain,
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      0,
+      null,
+      listener1,
+      mainThread,
+      defaultOriginAttributes
+    );
+    Assert.deepEqual(
+      await listener1.addresses(),
+      ["127.0.0.1", "::1"],
+      `${domain} is not overridden`
+    );
+
+    // Verify that if localhost hijacking is enabled, the overrides
+    // registered above are taken into account.
+    Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+    let listener2 = new Listener();
+    Services.dns.asyncResolve(
+      domain,
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      0,
+      null,
+      listener2,
+      mainThread,
+      defaultOriginAttributes
+    );
+    Assert.deepEqual(
+      await listener2.addresses(),
+      overrides,
+      `${domain} is overridden`
+    );
+    Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+
+    Services.dns.clearCache(false);
+    override.clearOverrides();
+  });
+});
diff --git a/netwerk/test/unit/test_dns_proxy_bypass.js b/netwerk/test/unit/test_dns_proxy_bypass.js
new file mode 100644
index 0000000000..d53efc3dd3
--- /dev/null
+++ b/netwerk/test/unit/test_dns_proxy_bypass.js
@@ -0,0 +1,95 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var prefs = Services.prefs;
+
+function setup() {
+  prefs.setBoolPref("network.dns.notifyResolution", true);
+  prefs.setCharPref("network.proxy.socks", "127.0.0.1");
+  prefs.setIntPref("network.proxy.socks_port", 9000);
+  prefs.setIntPref("network.proxy.type", 1);
+  prefs.setBoolPref("network.proxy.socks_remote_dns", true);
+}
+
+setup();
+registerCleanupFunction(async () => {
+  prefs.clearUserPref("network.proxy.socks");
+  prefs.clearUserPref("network.proxy.socks_port");
+  prefs.clearUserPref("network.proxy.type");
+  prefs.clearUserPref("network.proxy.socks_remote_dns");
+  prefs.clearUserPref("network.dns.notifyResolution");
+});
+
+var url = "ws://dnsleak.example.com";
+
+var dnsRequestObserver = {
+  register() {
+    this.obs = Services.obs;
+    this.obs.addObserver(this, "dns-resolution-request");
+  },
+
+  unregister() {
+    if (this.obs) {
+      this.obs.removeObserver(this, "dns-resolution-request");
+    }
+  },
+
+  observe(subject, topic, data) {
+    if (topic == "dns-resolution-request") {
+      Assert.ok(!data.includes("dnsleak.example.com"), `no dnsleak: ${data}`);
+    }
+  },
+};
+
+function WSListener(closure) {
+  this._closure = closure;
+}
+WSListener.prototype = {
+  onAcknowledge(aContext, aSize) {},
+  onBinaryMessageAvailable(aContext, aMsg) {},
+  onMessageAvailable(aContext, aMsg) {},
+  onServerClose(aContext, aCode, aReason) {},
+  onStart(aContext) {},
+  onStop(aContext, aStatusCode) {
+    dnsRequestObserver.unregister();
+    this._closure();
+  },
+};
+
+add_task(async function test_dns_websocket_channel() {
+  dnsRequestObserver.register();
+
+  var chan = Cc["@mozilla.org/network/protocol;1?name=ws"].createInstance(
+    Ci.nsIWebSocketChannel
+  );
+
+  var uri = Services.io.newURI(url);
+  chan.initLoadInfo(
+    null, // aLoadingNode
+    Services.scriptSecurityManager.createContentPrincipal(uri, {}),
+    null, // aTriggeringPrincipal
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    Ci.nsIContentPolicy.TYPE_WEBSOCKET
+  );
+
+  await new Promise(resolve =>
+    chan.asyncOpen(uri, url, {}, 0, new WSListener(resolve), null)
+  );
+});
+
+add_task(async function test_dns_resolve_proxy() {
+  dnsRequestObserver.register();
+
+  let { error } = await new TRRDNSListener("dnsleak.example.com", {
+    expectEarlyFail: true,
+  });
+  Assert.equal(
+    error.result,
+    Cr.NS_ERROR_UNKNOWN_PROXY_HOST,
+    "error is NS_ERROR_UNKNOWN_PROXY_HOST"
+  );
+  dnsRequestObserver.unregister();
+});
diff --git a/netwerk/test/unit/test_dns_retry.js b/netwerk/test/unit/test_dns_retry.js
new file mode 100644
index 0000000000..24688417fa
--- /dev/null
+++ b/netwerk/test/unit/test_dns_retry.js
@@ -0,0 +1,319 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+trr_test_setup();
+let httpServerIPv4 = new HttpServer();
+let httpServerIPv6 = new HttpServer();
+let trrServer;
+let testpath = "/simple";
+let httpbody = "0123456789";
+let CC_IPV4 = "example_cc_ipv4.com";
+let CC_IPV6 = "example_cc_ipv6.com";
+Services.prefs.clearUserPref("network.dns.native-is-localhost");
+
+ChromeUtils.defineLazyGetter(this, "URL_CC_IPV4", function () {
+  return `http://${CC_IPV4}:${httpServerIPv4.identity.primaryPort}${testpath}`;
+});
+ChromeUtils.defineLazyGetter(this, "URL_CC_IPV6", function () {
+  return `http://${CC_IPV6}:${httpServerIPv6.identity.primaryPort}${testpath}`;
+});
+ChromeUtils.defineLazyGetter(this, "URL6a", function () {
+  return `http://example6a.com:${httpServerIPv6.identity.primaryPort}${testpath}`;
+});
+ChromeUtils.defineLazyGetter(this, "URL6b", function () {
+  return `http://example6b.com:${httpServerIPv6.identity.primaryPort}${testpath}`;
+});
+
+const ncs = Cc[
+  "@mozilla.org/network/network-connectivity-service;1"
+].getService(Ci.nsINetworkConnectivityService);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.captive-portal-service.testMode");
+  Services.prefs.clearUserPref("network.connectivity-service.IPv6.url");
+  Services.prefs.clearUserPref("network.connectivity-service.IPv4.url");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+
+  trr_clear_prefs();
+  await httpServerIPv4.stop();
+  await httpServerIPv6.stop();
+  await trrServer.stop();
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  chan.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+  chan.setTRRMode(Ci.nsIRequest.TRR_DEFAULT_MODE);
+  return chan;
+}
+
+function serverHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+add_task(async function test_setup() {
+  httpServerIPv4.registerPathHandler(testpath, serverHandler);
+  httpServerIPv4.start(-1);
+  httpServerIPv6.registerPathHandler(testpath, serverHandler);
+  httpServerIPv6.start_ipv6(-1);
+  Services.prefs.setCharPref(
+    "network.dns.localDomains",
+    `foo.example.com, ${CC_IPV4}, ${CC_IPV6}`
+  );
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await registerDoHAnswers(true, true);
+});
+
+async function registerDoHAnswers(ipv4, ipv6) {
+  let hosts = ["example6a.com", "example6b.com"];
+  for (const host of hosts) {
+    let ipv4answers = [];
+    if (ipv4) {
+      ipv4answers = [
+        {
+          name: host,
+          ttl: 55,
+          type: "A",
+          flush: false,
+          data: "127.0.0.1",
+        },
+      ];
+    }
+    await trrServer.registerDoHAnswers(host, "A", {
+      answers: ipv4answers,
+    });
+
+    let ipv6answers = [];
+    if (ipv6) {
+      ipv6answers = [
+        {
+          name: host,
+          ttl: 55,
+          type: "AAAA",
+          flush: false,
+          data: "::1",
+        },
+      ];
+    }
+
+    await trrServer.registerDoHAnswers(host, "AAAA", {
+      answers: ipv6answers,
+    });
+  }
+
+  Services.dns.clearCache(true);
+}
+
+let StatusCounter = function () {
+  this._statusCount = {};
+};
+StatusCounter.prototype = {
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIInterfaceRequestor",
+    "nsIProgressEventSink",
+  ]),
+
+  getInterface(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  onProgress(request, progress, progressMax) {},
+  onStatus(request, status, statusArg) {
+    this._statusCount[status] = 1 + (this._statusCount[status] || 0);
+  },
+};
+
+let HttpListener = function (finish, succeeded) {
+  this.finish = finish;
+  this.succeeded = succeeded;
+};
+
+HttpListener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    equal(this.succeeded, status == Cr.NS_OK);
+    this.finish();
+  },
+};
+
+function promiseObserverNotification(aTopic, matchFunc) {
+  return new Promise((resolve, reject) => {
+    Services.obs.addObserver(function observe(subject, topic, data) {
+      let matches = typeof matchFunc != "function" || matchFunc(subject, data);
+      if (!matches) {
+        return;
+      }
+      Services.obs.removeObserver(observe, topic);
+      resolve({ subject, data });
+    }, aTopic);
+  });
+}
+
+async function make_request(uri, check_events, succeeded) {
+  let chan = makeChan(uri);
+  let statusCounter = new StatusCounter();
+  chan.notificationCallbacks = statusCounter;
+  await new Promise(resolve =>
+    chan.asyncOpen(new HttpListener(resolve, succeeded))
+  );
+
+  if (check_events) {
+    equal(
+      statusCounter._statusCount[0x4b000b] || 0,
+      1,
+      "Expecting only one instance of NS_NET_STATUS_RESOLVED_HOST"
+    );
+    equal(
+      statusCounter._statusCount[0x4b0007] || 0,
+      1,
+      "Expecting only one instance of NS_NET_STATUS_CONNECTING_TO"
+    );
+  }
+}
+
+async function setup_connectivity(ipv6, ipv4) {
+  Services.prefs.setBoolPref("network.captive-portal-service.testMode", true);
+
+  if (ipv6) {
+    Services.prefs.setCharPref(
+      "network.connectivity-service.IPv6.url",
+      URL_CC_IPV6 + testpath
+    );
+  } else {
+    Services.prefs.setCharPref(
+      "network.connectivity-service.IPv6.url",
+      "http://donotexist.example.com"
+    );
+  }
+
+  if (ipv4) {
+    Services.prefs.setCharPref(
+      "network.connectivity-service.IPv4.url",
+      URL_CC_IPV4 + testpath
+    );
+  } else {
+    Services.prefs.setCharPref(
+      "network.connectivity-service.IPv4.url",
+      "http://donotexist.example.com"
+    );
+  }
+
+  let topic = "network:connectivity-service:ip-checks-complete";
+  if (mozinfo.socketprocess_networking) {
+    topic += "-from-socket-process";
+  }
+  let observerNotification = promiseObserverNotification(topic);
+  ncs.recheckIPConnectivity();
+  await observerNotification;
+
+  if (!ipv6) {
+    equal(
+      ncs.IPv6,
+      Ci.nsINetworkConnectivityService.NOT_AVAILABLE,
+      "Check IPv6 support"
+    );
+  } else {
+    equal(ncs.IPv6, Ci.nsINetworkConnectivityService.OK, "Check IPv6 support");
+  }
+
+  if (!ipv4) {
+    equal(
+      ncs.IPv4,
+      Ci.nsINetworkConnectivityService.NOT_AVAILABLE,
+      "Check IPv4 support"
+    );
+  } else {
+    equal(ncs.IPv4, Ci.nsINetworkConnectivityService.OK, "Check IPv4 support");
+  }
+}
+
+// This test that we retry to connect using IPv4 when IPv6 connecivity is not
+// present, but a ConnectionEntry have IPv6 prefered set.
+// Speculative connections are disabled.
+add_task(async function test_prefer_address_version_fail_trr3_1() {
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+  await registerDoHAnswers(true, true);
+
+  // Make a request to setup the address version preference to a ConnectionEntry.
+  await make_request(URL6a, true, true);
+
+  // connect again using the address version preference from the ConnectionEntry.
+  await make_request(URL6a, true, true);
+
+  // Make IPv6 connectivity check fail
+  await setup_connectivity(false, true);
+
+  Services.dns.clearCache(true);
+
+  // This will succeed as we query both DNS records
+  await make_request(URL6a, true, true);
+
+  // Now make the DNS server only return IPv4 records
+  await registerDoHAnswers(true, false);
+  // This will fail, because the server is not lisenting to IPv4 address as well,
+  // We should still get NS_NET_STATUS_RESOLVED_HOST and
+  // NS_NET_STATUS_CONNECTING_TO notification.
+  await make_request(URL6a, true, false);
+
+  // Make IPv6 connectivity check succeed again
+  await setup_connectivity(true, true);
+});
+
+// This test that we retry to connect using IPv4 when IPv6 connecivity is not
+// present, but a ConnectionEntry have IPv6 prefered set.
+// Speculative connections are enabled.
+add_task(async function test_prefer_address_version_fail_trr3_2() {
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  await registerDoHAnswers(true, true);
+
+  // Make a request to setup the address version preference to a ConnectionEntry.
+  await make_request(URL6b, false, true);
+
+  // connect again using the address version preference from the ConnectionEntry.
+  await make_request(URL6b, false, true);
+
+  // Make IPv6 connectivity check fail
+  await setup_connectivity(false, true);
+
+  Services.dns.clearCache(true);
+
+  // This will succeed as we query both DNS records
+  await make_request(URL6b, false, true);
+
+  // Now make the DNS server only return IPv4 records
+  await registerDoHAnswers(true, false);
+  // This will fail, because the server is not lisenting to IPv4 address as well,
+  // We should still get NS_NET_STATUS_RESOLVED_HOST and
+  // NS_NET_STATUS_CONNECTING_TO notification.
+  await make_request(URL6b, true, false);
+});
diff --git a/netwerk/test/unit/test_dns_service.js b/netwerk/test/unit/test_dns_service.js
new file mode 100644
index 0000000000..da404c1e7d
--- /dev/null
+++ b/netwerk/test/unit/test_dns_service.js
@@ -0,0 +1,123 @@
+"use strict";
+
+const defaultOriginAttributes = {};
+const mainThread = Services.tm.currentThread;
+
+const overrideService = Cc[
+  "@mozilla.org/network/native-dns-override;1"
+].getService(Ci.nsINativeDNSResolverOverride);
+
+class Listener {
+  constructor() {
+    this.promise = new Promise(resolve => {
+      this.resolve = resolve;
+    });
+  }
+
+  onLookupComplete(inRequest, inRecord, inStatus) {
+    this.resolve([inRequest, inRecord, inStatus]);
+  }
+
+  then() {
+    return this.promise.then.apply(this.promise, arguments);
+  }
+}
+
+Listener.prototype.QueryInterface = ChromeUtils.generateQI(["nsIDNSListener"]);
+
+const DOMAIN_IDN = "bücher.org";
+const ACE_IDN = "xn--bcher-kva.org";
+
+const ADDR1 = "127.0.0.1";
+const ADDR2 = "::1";
+
+add_task(async function test_dns_localhost() {
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    "localhost",
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    0,
+    null, // resolverInfo
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  let [, inRecord] = await listener;
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  let answer = inRecord.getNextAddrAsString();
+  Assert.ok(answer == ADDR1 || answer == ADDR2);
+});
+
+add_task(async function test_idn_cname() {
+  let listener = new Listener();
+  Services.dns.asyncResolve(
+    DOMAIN_IDN,
+    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+    Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+    null, // resolverInfo
+    listener,
+    mainThread,
+    defaultOriginAttributes
+  );
+  let [, inRecord] = await listener;
+  inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+  Assert.equal(inRecord.canonicalName, ACE_IDN, "IDN is returned as punycode");
+});
+
+add_task(
+  {
+    skip_if: () =>
+      Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT,
+  },
+  async function test_long_domain() {
+    let listener = new Listener();
+    let domain = "a".repeat(253);
+    overrideService.addIPOverride(domain, "1.2.3.4");
+    Services.dns.asyncResolve(
+      domain,
+      Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+      Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+      null, // resolverInfo
+      listener,
+      mainThread,
+      defaultOriginAttributes
+    );
+    let [, , inStatus] = await listener;
+    Assert.equal(inStatus, Cr.NS_OK);
+
+    listener = new Listener();
+    domain = "a".repeat(254);
+    overrideService.addIPOverride(domain, "1.2.3.4");
+
+    if (mozinfo.socketprocess_networking) {
+      // When using the socket process, the call fails asynchronously.
+      Services.dns.asyncResolve(
+        domain,
+        Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+        Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+        null, // resolverInfo
+        listener,
+        mainThread,
+        defaultOriginAttributes
+      );
+      let [, , inStatus1] = await listener;
+      Assert.equal(inStatus1, Cr.NS_ERROR_UNKNOWN_HOST);
+    } else {
+      Assert.throws(
+        () => {
+          Services.dns.asyncResolve(
+            domain,
+            Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
+            Ci.nsIDNSService.RESOLVE_CANONICAL_NAME,
+            null, // resolverInfo
+            listener,
+            mainThread,
+            defaultOriginAttributes
+          );
+        },
+        /NS_ERROR_UNKNOWN_HOST/,
+        "Should throw for large domains"
+      );
+    }
+  }
+);
diff --git a/netwerk/test/unit/test_domain_eviction.js b/netwerk/test/unit/test_domain_eviction.js
new file mode 100644
index 0000000000..58520c2daa
--- /dev/null
+++ b/netwerk/test/unit/test_domain_eviction.js
@@ -0,0 +1,182 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+// Test that domain eviction occurs when the cookies per base domain limit is
+// reached, and that expired cookies are evicted before live cookies.
+
+"use strict";
+
+var test_generator = do_run_test();
+
+function run_test() {
+  do_test_pending();
+  do_run_generator(test_generator);
+}
+
+function continue_test() {
+  do_run_generator(test_generator);
+}
+
+function* do_run_test() {
+  // Set quotaPerHost to maxPerHost - 1, so there is only one cookie
+  // will be evicted everytime.
+  Services.prefs.setIntPref("network.cookie.quotaPerHost", 49);
+  // Set the base domain limit to 50 so we have a known value.
+  Services.prefs.setIntPref("network.cookie.maxPerHost", 50);
+
+  let futureExpiry = Math.floor(Date.now() / 1000 + 1000);
+
+  // test eviction under the 50 cookies per base domain limit. this means
+  // that cookies for foo.com and bar.foo.com should count toward this limit,
+  // while cookies for baz.com should not. there are several tests we perform
+  // to make sure the base domain logic is working correctly.
+
+  // 1) simplest case: set 100 cookies for "foo.bar" and make sure 50 survive.
+  setCookies("foo.bar", 100, futureExpiry);
+  Assert.equal(countCookies("foo.bar", "foo.bar"), 50);
+
+  // 2) set cookies for different subdomains of "foo.baz", and an unrelated
+  // domain, and make sure all 50 within the "foo.baz" base domain are counted.
+  setCookies("foo.baz", 10, futureExpiry);
+  setCookies(".foo.baz", 10, futureExpiry);
+  setCookies("bar.foo.baz", 10, futureExpiry);
+  setCookies("baz.bar.foo.baz", 10, futureExpiry);
+  setCookies("unrelated.domain", 50, futureExpiry);
+  Assert.equal(countCookies("foo.baz", "baz.bar.foo.baz"), 40);
+  setCookies("foo.baz", 20, futureExpiry);
+  Assert.equal(countCookies("foo.baz", "baz.bar.foo.baz"), 50);
+
+  // 3) ensure cookies are evicted by order of lastAccessed time, if the
+  // limit on cookies per base domain is reached.
+  setCookies("horse.radish", 10, futureExpiry);
+
+  // Wait a while, to make sure the first batch of cookies is older than
+  // the second (timer resolution varies on different platforms).
+  do_timeout(100, continue_test);
+  yield;
+
+  setCookies("tasty.horse.radish", 50, futureExpiry);
+  Assert.equal(countCookies("horse.radish", "horse.radish"), 50);
+
+  for (let cookie of Services.cookies.cookies) {
+    if (cookie.host == "horse.radish") {
+      do_throw("cookies not evicted by lastAccessed order");
+    }
+  }
+
+  // Test that expired cookies for a domain are evicted before live ones.
+  let shortExpiry = Math.floor(Date.now() / 1000 + 2);
+  setCookies("captchart.com", 49, futureExpiry);
+  Services.cookies.add(
+    "captchart.com",
+    "",
+    "test100",
+    "eviction",
+    false,
+    false,
+    false,
+    shortExpiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  do_timeout(2100, continue_test);
+  yield;
+
+  Assert.equal(countCookies("captchart.com", "captchart.com"), 50);
+  Services.cookies.add(
+    "captchart.com",
+    "",
+    "test200",
+    "eviction",
+    false,
+    false,
+    false,
+    futureExpiry,
+    {},
+    Ci.nsICookie.SAMESITE_NONE,
+    Ci.nsICookie.SCHEME_HTTPS
+  );
+  Assert.equal(countCookies("captchart.com", "captchart.com"), 50);
+
+  for (let cookie of Services.cookies.getCookiesFromHost("captchart.com", {})) {
+    Assert.ok(cookie.expiry == futureExpiry);
+  }
+
+  do_finish_generator_test(test_generator);
+}
+
+// set 'aNumber' cookies with host 'aHost', with distinct names.
+function setCookies(aHost, aNumber, aExpiry) {
+  for (let i = 0; i < aNumber; ++i) {
+    Services.cookies.add(
+      aHost,
+      "",
+      "test" + i,
+      "eviction",
+      false,
+      false,
+      false,
+      aExpiry,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+  }
+}
+
+// count how many cookies are within domain 'aBaseDomain', using three
+// independent interface methods on nsICookieManager:
+// 1) 'cookies', an array of all cookies;
+// 2) 'countCookiesFromHost', which returns the number of cookies within the
+//    base domain of 'aHost',
+// 3) 'getCookiesFromHost', which returns an array of 2).
+function countCookies(aBaseDomain, aHost) {
+  // count how many cookies are within domain 'aBaseDomain' using the cookies
+  // array.
+  let cookies = [];
+  for (let cookie of Services.cookies.cookies) {
+    if (
+      cookie.host.length >= aBaseDomain.length &&
+      cookie.host.slice(cookie.host.length - aBaseDomain.length) == aBaseDomain
+    ) {
+      cookies.push(cookie);
+    }
+  }
+
+  // confirm the count using countCookiesFromHost and getCookiesFromHost.
+  let result = cookies.length;
+  Assert.equal(
+    Services.cookies.countCookiesFromHost(aBaseDomain),
+    cookies.length
+  );
+  Assert.equal(Services.cookies.countCookiesFromHost(aHost), cookies.length);
+
+  for (let cookie of Services.cookies.getCookiesFromHost(aHost, {})) {
+    if (
+      cookie.host.length >= aBaseDomain.length &&
+      cookie.host.slice(cookie.host.length - aBaseDomain.length) == aBaseDomain
+    ) {
+      let found = false;
+      for (let i = 0; i < cookies.length; ++i) {
+        if (cookies[i].host == cookie.host && cookies[i].name == cookie.name) {
+          found = true;
+          cookies.splice(i, 1);
+          break;
+        }
+      }
+
+      if (!found) {
+        do_throw("cookie " + cookie.name + " not found in master cookies");
+      }
+    } else {
+      do_throw(
+        "cookie host " + cookie.host + " not within domain " + aBaseDomain
+      );
+    }
+  }
+
+  Assert.equal(cookies.length, 0);
+
+  return result;
+}
diff --git a/netwerk/test/unit/test_dooh.js b/netwerk/test/unit/test_dooh.js
new file mode 100644
index 0000000000..cab4b3bb02
--- /dev/null
+++ b/netwerk/test/unit/test_dooh.js
@@ -0,0 +1,354 @@
+/* Any copyright is dedicated to the Public Domain.
+ * https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+/* import-globals-from trr_common.js */
+
+const { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let httpServer;
+let ohttpServer;
+let ohttpEncodedConfig = "not a valid config";
+
+// Decapsulate the request, send it to the actual TRR, receive the response,
+// encapsulate it, and send it back through `response`.
+async function forwardToTRR(request, response) {
+  let inputStream = Cc["@mozilla.org/scriptableinputstream;1"].createInstance(
+    Ci.nsIScriptableInputStream
+  );
+  inputStream.init(request.bodyInputStream);
+  let requestBody = inputStream.readBytes(inputStream.available());
+  let ohttpResponse = ohttpServer.decapsulate(stringToBytes(requestBody));
+  let bhttp = Cc["@mozilla.org/network/binary-http;1"].getService(
+    Ci.nsIBinaryHttp
+  );
+  let decodedRequest = bhttp.decodeRequest(ohttpResponse.request);
+  let headers = {};
+  for (
+    let i = 0;
+    i < decodedRequest.headerNames.length && decodedRequest.headerValues.length;
+    i++
+  ) {
+    headers[decodedRequest.headerNames[i]] = decodedRequest.headerValues[i];
+  }
+  let uri = `${decodedRequest.scheme}://${decodedRequest.authority}${decodedRequest.path}`;
+  let body = new Uint8Array(decodedRequest.content.length);
+  for (let i = 0; i < decodedRequest.content.length; i++) {
+    body[i] = decodedRequest.content[i];
+  }
+  try {
+    // Timeout after 10 seconds.
+    let fetchInProgress = true;
+    let controller = new AbortController();
+    // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+    setTimeout(() => {
+      if (fetchInProgress) {
+        controller.abort();
+      }
+    }, 10000);
+    let trrResponse = await fetch(uri, {
+      method: decodedRequest.method,
+      headers,
+      body: decodedRequest.method == "POST" ? body : undefined,
+      credentials: "omit",
+      signal: controller.signal,
+    });
+    fetchInProgress = false;
+    let data = new Uint8Array(await trrResponse.arrayBuffer());
+    let trrResponseContent = [];
+    for (let i = 0; i < data.length; i++) {
+      trrResponseContent.push(data[i]);
+    }
+    let trrResponseHeaderNames = [];
+    let trrResponseHeaderValues = [];
+    for (let header of trrResponse.headers) {
+      trrResponseHeaderNames.push(header[0]);
+      trrResponseHeaderValues.push(header[1]);
+    }
+    let binaryResponse = new BinaryHttpResponse(
+      trrResponse.status,
+      trrResponseHeaderNames,
+      trrResponseHeaderValues,
+      trrResponseContent
+    );
+    let responseBytes = bhttp.encodeResponse(binaryResponse);
+    let encResponse = ohttpResponse.encapsulate(responseBytes);
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "message/ohttp-res", false);
+    response.write(bytesToString(encResponse));
+  } catch (e) {
+    // Some tests involve the responder either timing out or closing the
+    // connection unexpectedly.
+  }
+}
+
+add_setup(async function setup() {
+  h2Port = trr_test_setup();
+  runningOHTTPTests = true;
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRONLY);
+
+  let ohttp = Cc["@mozilla.org/network/oblivious-http;1"].getService(
+    Ci.nsIObliviousHttp
+  );
+  ohttpServer = ohttp.server();
+
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/relay", function (request, response) {
+    response.processAsync();
+    forwardToTRR(request, response).then(() => {
+      response.finish();
+    });
+  });
+  httpServer.registerPathHandler("/config", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ohttp-keys", false);
+    response.write(ohttpEncodedConfig);
+  });
+  httpServer.start(-1);
+
+  Services.prefs.setBoolPref("network.trr.use_ohttp", true);
+  // On windows the TTL fetch will race with clearing the cache
+  // to refresh the cache entry.
+  Services.prefs.setBoolPref("network.dns.get-ttl", false);
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.trr.use_ohttp");
+    Services.prefs.clearUserPref("network.trr.ohttp.config_uri");
+    Services.prefs.clearUserPref("network.trr.ohttp.relay_uri");
+    Services.prefs.clearUserPref("network.trr.ohttp.uri");
+    Services.prefs.clearUserPref("network.dns.get-ttl");
+    await new Promise((resolve, reject) => {
+      httpServer.stop(resolve);
+    });
+  });
+});
+
+// Test that if DNS-over-OHTTP isn't configured, the implementation falls back
+// to platform resolution.
+add_task(async function test_ohttp_not_configured() {
+  Services.dns.clearCache(true);
+  setModeAndURI(2, "doh?responseIP=2.2.2.2");
+  await new TRRDNSListener("example.com", "127.0.0.1");
+});
+
+add_task(async function set_ohttp_invalid_prefs() {
+  let configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.relay_uri",
+    "http://nonexistent.test"
+  );
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.config_uri",
+    "http://nonexistent.test"
+  );
+
+  Cc["@mozilla.org/network/oblivious-http-service;1"].getService(
+    Ci.nsIObliviousHttpService
+  );
+  await configPromise;
+});
+
+// Test that if DNS-over-OHTTP has an invalid configuration, the implementation
+// falls back to platform resolution.
+add_task(async function test_ohttp_invalid_prefs_fallback() {
+  Services.dns.clearCache(true);
+  setModeAndURI(2, "doh?responseIP=2.2.2.2");
+  await new TRRDNSListener("example.com", "127.0.0.1");
+});
+
+add_task(async function set_ohttp_prefs_500_error() {
+  let configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.relay_uri",
+    `http://localhost:${httpServer.identity.primaryPort}/relay`
+  );
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.config_uri",
+    `http://localhost:${httpServer.identity.primaryPort}/500error`
+  );
+  await configPromise;
+});
+
+// Test that if DNS-over-OHTTP has an invalid configuration, the implementation
+// falls back to platform resolution.
+add_task(async function test_ohttp_500_error_fallback() {
+  Services.dns.clearCache(true);
+  setModeAndURI(2, "doh?responseIP=2.2.2.2");
+  await new TRRDNSListener("example.com", "127.0.0.1");
+});
+
+add_task(async function retryConfigOnConnectivityChange() {
+  Services.prefs.setCharPref("network.trr.confirmationNS", "skip");
+  // First we make sure the config is properly loaded
+  setModeAndURI(2, "doh?responseIP=2.2.2.2");
+  let ohttpService = Cc[
+    "@mozilla.org/network/oblivious-http-service;1"
+  ].getService(Ci.nsIObliviousHttpService);
+  ohttpService.clearTRRConfig();
+  ohttpEncodedConfig = bytesToString(ohttpServer.encodedConfig);
+  let configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.relay_uri",
+    `http://localhost:${httpServer.identity.primaryPort}/relay`
+  );
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.config_uri",
+    `http://localhost:${httpServer.identity.primaryPort}/config`
+  );
+  let [, status] = await configPromise;
+  equal(status, "success");
+  info("retryConfigOnConnectivityChange setup complete");
+
+  ohttpService.clearTRRConfig();
+
+  let port = httpServer.identity.primaryPort;
+  // Stop the server so getting the config fails.
+  await httpServer.stop();
+
+  configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.obs.notifyObservers(
+    null,
+    "network:captive-portal-connectivity-changed"
+  );
+  [, status] = await configPromise;
+  equal(status, "failed");
+
+  // Should fallback to native DNS since the config is empty
+  Services.dns.clearCache(true);
+  await new TRRDNSListener("example.com", "127.0.0.1");
+
+  // Start the server back again.
+  httpServer.start(port);
+  Assert.equal(
+    port,
+    httpServer.identity.primaryPort,
+    "server should get the same port"
+  );
+
+  // Still the config hasn't been reloaded.
+  await new TRRDNSListener("example2.com", "127.0.0.1");
+
+  // Signal a connectivity change so we reload the config
+  configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.obs.notifyObservers(
+    null,
+    "network:captive-portal-connectivity-changed"
+  );
+  [, status] = await configPromise;
+  equal(status, "success");
+
+  await new TRRDNSListener("example3.com", "2.2.2.2");
+
+  // Now check that we also reload a missing config if a TRR confirmation fails.
+  ohttpService.clearTRRConfig();
+  configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.obs.notifyObservers(
+    null,
+    "network:trr-confirmation",
+    "CONFIRM_FAILED"
+  );
+  [, status] = await configPromise;
+  equal(status, "success");
+  await new TRRDNSListener("example4.com", "2.2.2.2");
+
+  // set the config to an invalid value and check that as long as the URL
+  // doesn't change, we dont reload it again on connectivity notifications.
+  ohttpEncodedConfig = "not a valid config";
+  configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.obs.notifyObservers(
+    null,
+    "network:captive-portal-connectivity-changed"
+  );
+
+  await new TRRDNSListener("example5.com", "2.2.2.2");
+
+  // The change should not cause any config reload because we already have a config.
+  [, status] = await configPromise;
+  equal(status, "no-changes");
+
+  await new TRRDNSListener("example6.com", "2.2.2.2");
+  // Clear the config_uri pref so it gets set to the proper value in the next test.
+  configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  Services.prefs.setCharPref("network.trr.ohttp.config_uri", ``);
+  await configPromise;
+});
+
+add_task(async function set_ohttp_prefs_valid() {
+  let ohttpService = Cc[
+    "@mozilla.org/network/oblivious-http-service;1"
+  ].getService(Ci.nsIObliviousHttpService);
+  ohttpService.clearTRRConfig();
+  let configPromise = TestUtils.topicObserved("ohttp-service-config-loaded");
+  ohttpEncodedConfig = bytesToString(ohttpServer.encodedConfig);
+  Services.prefs.setCharPref(
+    "network.trr.ohttp.config_uri",
+    `http://localhost:${httpServer.identity.primaryPort}/config`
+  );
+  await configPromise;
+});
+
+add_task(test_A_record);
+
+add_task(test_AAAA_records);
+
+add_task(test_RFC1918);
+
+add_task(test_GET_ECS);
+
+add_task(test_timeout_mode3);
+
+add_task(test_strict_native_fallback);
+
+add_task(test_no_answers_fallback);
+
+add_task(test_404_fallback);
+
+add_task(test_mode_1_and_4);
+
+add_task(test_CNAME);
+
+add_task(test_name_mismatch);
+
+add_task(test_mode_2);
+
+add_task(test_excluded_domains);
+
+add_task(test_captiveportal_canonicalURL);
+
+add_task(test_parentalcontrols);
+
+// TRR-first check that DNS result is used if domain is part of the builtin-excluded-domains pref
+add_task(test_builtin_excluded_domains);
+
+add_task(test_excluded_domains_mode3);
+
+add_task(test25e);
+
+add_task(test_parentalcontrols_mode3);
+
+add_task(test_builtin_excluded_domains_mode3);
+
+add_task(count_cookies);
+
+// This test doesn't work with having a JS httpd server as a relay.
+// add_task(test_connection_closed);
+
+add_task(test_fetch_time);
+
+add_task(test_fqdn);
+
+add_task(test_ipv6_trr_fallback);
+
+add_task(test_ipv4_trr_fallback);
+
+add_task(test_no_retry_without_doh);
diff --git a/netwerk/test/unit/test_doomentry.js b/netwerk/test/unit/test_doomentry.js
new file mode 100644
index 0000000000..07e17a1080
--- /dev/null
+++ b/netwerk/test/unit/test_doomentry.js
@@ -0,0 +1,108 @@
+/**
+ * Test for nsICacheStorage.asyncDoomURI().
+ * It tests dooming
+ *   - an existent inactive entry
+ *   - a non-existent inactive entry
+ *   - an existent active entry
+ */
+
+"use strict";
+
+function doom(url, callback) {
+  Services.cache2
+    .diskCacheStorage(Services.loadContextInfo.default)
+    .asyncDoomURI(createURI(url), "", {
+      onCacheEntryDoomed(result) {
+        callback(result);
+      },
+    });
+}
+
+function write_and_check(str, data, len) {
+  var written = str.write(data, len);
+  if (written != len) {
+    do_throw(
+      "str.write has not written all data!\n" +
+        "  Expected: " +
+        len +
+        "\n" +
+        "  Actual: " +
+        written +
+        "\n"
+    );
+  }
+}
+
+function write_entry() {
+  asyncOpenCacheEntry(
+    "http://testentry/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    null,
+    function (status, entry) {
+      write_entry_cont(entry, entry.openOutputStream(0, -1));
+    }
+  );
+}
+
+function write_entry_cont(entry, ostream) {
+  var data = "testdata";
+  write_and_check(ostream, data, data.length);
+  ostream.close();
+  entry.close();
+  doom("http://testentry/", check_doom1);
+}
+
+function check_doom1(status) {
+  Assert.equal(status, Cr.NS_OK);
+  doom("http://nonexistententry/", check_doom2);
+}
+
+function check_doom2(status) {
+  Assert.equal(status, Cr.NS_ERROR_NOT_AVAILABLE);
+  asyncOpenCacheEntry(
+    "http://testentry/",
+    "disk",
+    Ci.nsICacheStorage.OPEN_TRUNCATE,
+    null,
+    function (stat, entry) {
+      write_entry2(entry, entry.openOutputStream(0, -1));
+    }
+  );
+}
+
+var gEntry;
+var gOstream;
+function write_entry2(entry, ostream) {
+  // write some data and doom the entry while it is active
+  var data = "testdata";
+  write_and_check(ostream, data, data.length);
+  gEntry = entry;
+  gOstream = ostream;
+  doom("http://testentry/", check_doom3);
+}
+
+function check_doom3(status) {
+  Assert.equal(status, Cr.NS_OK);
+  // entry was doomed but writing should still succeed
+  var data = "testdata";
+  write_and_check(gOstream, data, data.length);
+  gOstream.close();
+  gEntry.close();
+  // dooming the same entry again should fail
+  doom("http://testentry/", check_doom4);
+}
+
+function check_doom4(status) {
+  Assert.equal(status, Cr.NS_ERROR_NOT_AVAILABLE);
+  do_test_finished();
+}
+
+function run_test() {
+  do_get_profile();
+
+  // clear the cache
+  evict_cache_entries();
+  write_entry();
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_duplicate_headers.js b/netwerk/test/unit/test_duplicate_headers.js
new file mode 100644
index 0000000000..78d2355d1e
--- /dev/null
+++ b/netwerk/test/unit/test_duplicate_headers.js
@@ -0,0 +1,563 @@
+/*
+ * Tests bugs 597706, 655389: prevent duplicate headers with differing values
+ * for some headers like Content-Length, Location, etc.
+ */
+
+////////////////////////////////////////////////////////////////////////////////
+// Test infrastructure
+
+"use strict";
+
+// The tests in this file use number indexes to run, which can't be detected
+// via ESLint.
+/* eslint-disable no-unused-vars */
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var test_flags = [];
+var testPathBase = "/dupe_hdrs";
+
+function run_test() {
+  httpserver.start(-1);
+
+  do_test_pending();
+  run_test_number(1);
+}
+
+function run_test_number(num) {
+  let testPath = testPathBase + num;
+  httpserver.registerPathHandler(testPath, globalThis["handler" + num]);
+
+  var channel = setupChannel(testPath);
+  let flags = test_flags[num]; // OK if flags undefined for test
+  channel.asyncOpen(
+    new ChannelListener(globalThis["completeTest" + num], channel, flags)
+  );
+}
+
+function setupChannel(url) {
+  var chan = NetUtil.newChannel({
+    uri: URL + url,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  return httpChan;
+}
+
+function endTests() {
+  httpserver.stop(do_test_finished);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 1: FAIL because of conflicting Content-Length headers
+test_flags[1] = CL_EXPECT_FAILURE;
+
+function handler1(metadata, response) {
+  var body = "012345678901234567890123456789";
+  // Comrades!  We must seize power from the petty-bourgeois running dogs of
+  // httpd.js in order to reply with multiple instances of the same header!
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Length: 20\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest1(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(2);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 2: OK to have duplicate same Content-Length headers
+
+function handler2(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest2(request, data, ctx) {
+  Assert.equal(request.status, 0);
+  run_test_number(3);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 3: FAIL: 2nd Content-length is blank
+test_flags[3] = CL_EXPECT_FAILURE;
+
+function handler3(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Length:\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest3(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(4);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 4: ensure that blank C-len header doesn't allow attacker to reset Clen,
+// then insert CRLF attack
+test_flags[4] = CL_EXPECT_FAILURE;
+
+function handler4(metadata, response) {
+  var body = "012345678901234567890123456789";
+
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+
+  // Bad Mr Hacker!  Bad!
+  var evilBody = "We are the Evil bytes, Evil bytes, Evil bytes!";
+  response.write("Content-Length:\r\n");
+  response.write("Content-Length: %s\r\n\r\n%s" % (evilBody.length, evilBody));
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest4(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(5);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 5: ensure that we take 1st instance of duplicate, nonmerged headers that
+// are permitted : (ex: Referrer)
+
+function handler5(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Referer: naive.org\r\n");
+  response.write("Referer: evil.net\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest5(request, data, ctx) {
+  try {
+    let referer = request.getResponseHeader("Referer");
+    Assert.equal(referer, "naive.org");
+  } catch (ex) {
+    do_throw("Referer header should be present");
+  }
+
+  run_test_number(6);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 5: FAIL if multiple, different Location: headers present
+// - needed to prevent CRLF injection attacks
+test_flags[6] = CL_EXPECT_FAILURE;
+
+function handler6(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 301 Moved\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Location: " + URL + "/content\r\n");
+  response.write("Location: http://www.microsoft.com/\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest6(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  //  run_test_number(7);   // Test 7 leaking under e10s: unrelated bug?
+  run_test_number(8);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 7: OK to have multiple Location: headers with same value
+
+function handler7(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 301 Moved\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  // redirect to previous test handler that completes OK: test 5
+  response.write("Location: " + URL + testPathBase + "5\r\n");
+  response.write("Location: " + URL + testPathBase + "5\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest7(request, data, ctx) {
+  // for some reason need this here
+  request.QueryInterface(Ci.nsIHttpChannel);
+
+  try {
+    let referer = request.getResponseHeader("Referer");
+    Assert.equal(referer, "naive.org");
+  } catch (ex) {
+    do_throw("Referer header should be present");
+  }
+
+  run_test_number(8);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// FAIL if 2nd Location: headers blank
+test_flags[8] = CL_EXPECT_FAILURE;
+
+function handler8(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 301 Moved\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  // redirect to previous test handler that completes OK: test 4
+  response.write("Location: " + URL + testPathBase + "4\r\n");
+  response.write("Location:\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest8(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(9);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 9: ensure that blank Location header doesn't allow attacker to reset,
+// then insert an evil one
+test_flags[9] = CL_EXPECT_FAILURE;
+
+function handler9(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 301 Moved\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  // redirect to previous test handler that completes OK: test 2
+  response.write("Location: " + URL + testPathBase + "2\r\n");
+  response.write("Location:\r\n");
+  // redirect to previous test handler that completes OK: test 4
+  response.write("Location: " + URL + testPathBase + "4\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest9(request, data, ctx) {
+  // All redirection should fail:
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(10);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 10: FAIL:  if conflicting values for Content-Dispo
+test_flags[10] = CL_EXPECT_FAILURE;
+
+function handler10(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Disposition: attachment; filename=foo\r\n");
+  response.write("Content-Disposition: attachment; filename=bar\r\n");
+  response.write("Content-Disposition: attachment; filename=baz\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest10(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(11);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 11: OK to have duplicate same Content-Disposition headers
+
+function handler11(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Disposition: attachment; filename=foo\r\n");
+  response.write("Content-Disposition: attachment; filename=foo\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest11(request, data, ctx) {
+  Assert.equal(request.status, 0);
+
+  try {
+    var chan = request.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.contentDisposition, chan.DISPOSITION_ATTACHMENT);
+    Assert.equal(chan.contentDispositionFilename, "foo");
+    Assert.equal(chan.contentDispositionHeader, "attachment; filename=foo");
+  } catch (ex) {
+    do_throw("error parsing Content-Disposition: " + ex);
+  }
+
+  run_test_number(12);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Bug 716801 OK for Location: header to be blank
+
+function handler12(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Location:\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest12(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  Assert.equal(30, data.length);
+
+  run_test_number(13);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Negative content length is ok
+test_flags[13] = CL_ALLOW_UNKNOWN_CL;
+
+function handler13(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: -1\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest13(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  Assert.equal(30, data.length);
+
+  run_test_number(14);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// leading negative content length is not ok if paired with positive one
+
+test_flags[14] = CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+function handler14(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: -1\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest14(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(15);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// trailing negative content length is not ok if paired with positive one
+
+test_flags[15] = CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+function handler15(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Content-Length: -1\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest15(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(16);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// empty content length is ok
+test_flags[16] = CL_ALLOW_UNKNOWN_CL;
+let reran16 = false;
+
+function handler16(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: \r\n");
+  response.write("Cache-Control: max-age=600\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest16(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  Assert.equal(30, data.length);
+
+  if (!reran16) {
+    reran16 = true;
+    run_test_number(16);
+  } else {
+    run_test_number(17);
+  }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// empty content length paired with non empty is not ok
+test_flags[17] = CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL;
+
+function handler17(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: \r\n");
+  response.write("Content-Length: 30\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest17(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  run_test_number(18);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// alpha content-length is just like -1
+test_flags[18] = CL_ALLOW_UNKNOWN_CL;
+
+function handler18(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: seventeen\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest18(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  Assert.equal(30, data.length);
+
+  run_test_number(19);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// semi-colons are ok too in the content-length
+test_flags[19] = CL_ALLOW_UNKNOWN_CL;
+
+function handler19(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 200 OK\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30;\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest19(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_OK);
+  Assert.equal(30, data.length);
+
+  run_test_number(20);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// FAIL if 1st Location: header is blank, followed by non-blank
+test_flags[20] = CL_EXPECT_FAILURE;
+
+function handler20(metadata, response) {
+  var body = "012345678901234567890123456789";
+  response.seizePower();
+  response.write("HTTP/1.0 301 Moved\r\n");
+  response.write("Content-Type: text/plain\r\n");
+  response.write("Content-Length: 30\r\n");
+  // redirect to previous test handler that completes OK: test 4
+  response.write("Location:\r\n");
+  response.write("Location: " + URL + testPathBase + "4\r\n");
+  response.write("Connection: close\r\n");
+  response.write("\r\n");
+  response.write(body);
+  response.finish();
+}
+
+function completeTest20(request, data, ctx) {
+  Assert.equal(request.status, Cr.NS_ERROR_CORRUPTED_CONTENT);
+
+  endTests();
+}
diff --git a/netwerk/test/unit/test_early_hint_listener.js b/netwerk/test/unit/test_early_hint_listener.js
new file mode 100644
index 0000000000..73b95067fe
--- /dev/null
+++ b/netwerk/test/unit/test_early_hint_listener.js
@@ -0,0 +1,170 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+var earlyhintspath = "/earlyhints";
+var multipleearlyhintspath = "/multipleearlyhintspath";
+var otherearlyhintspath = "/otherearlyhintspath";
+var noearlyhintspath = "/noearlyhints";
+var httpbody = "0123456789";
+var hint1 = "; rel=preload; as=style";
+var hint2 = "; rel=preload; as=image";
+
+function earlyHintsResponse(metadata, response) {
+  response.setInformationalResponseStatusLine(
+    metadata.httpVersion,
+    103,
+    "EarlyHints"
+  );
+  response.setInformationalResponseHeader("Link", hint1, false);
+
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function multipleEarlyHintsResponse(metadata, response) {
+  response.setInformationalResponseStatusLine(
+    metadata.httpVersion,
+    103,
+    "EarlyHints"
+  );
+  response.setInformationalResponseHeader("Link", hint1, false);
+  response.setInformationalHeaderNoCheck("Link", hint2);
+
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function otherHeadersEarlyHintsResponse(metadata, response) {
+  response.setInformationalResponseStatusLine(
+    metadata.httpVersion,
+    103,
+    "EarlyHints"
+  );
+  response.setInformationalResponseHeader("Link", hint1, false);
+  response.setInformationalResponseHeader("Something", "something", false);
+
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+function noEarlyHintsResponse(metadata, response) {
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
+
+let EarlyHintsListener = function () {};
+
+EarlyHintsListener.prototype = {
+  _expected_hints: "",
+  earlyHintsReceived: false,
+
+  earlyHint: function testEarlyHint(header) {
+    Assert.equal(header, this._expected_hints);
+    this.earlyHintsReceived = true;
+  },
+};
+
+function chanPromise(uri, listener) {
+  return new Promise(resolve => {
+    var principal = Services.scriptSecurityManager.createContentPrincipal(
+      NetUtil.newURI(uri),
+      {}
+    );
+    var chan = NetUtil.newChannel({
+      uri,
+      loadingPrincipal: principal,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+
+    chan
+      .QueryInterface(Ci.nsIHttpChannelInternal)
+      .setEarlyHintObserver(listener);
+    chan.asyncOpen(new ChannelListener(resolve));
+  });
+}
+
+add_task(async function setup() {
+  httpserver.registerPathHandler(earlyhintspath, earlyHintsResponse);
+  httpserver.registerPathHandler(
+    multipleearlyhintspath,
+    multipleEarlyHintsResponse
+  );
+  httpserver.registerPathHandler(
+    otherearlyhintspath,
+    otherHeadersEarlyHintsResponse
+  );
+  httpserver.registerPathHandler(noearlyhintspath, noEarlyHintsResponse);
+  httpserver.start(-1);
+});
+
+add_task(async function early_hints() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = hint1;
+
+  await chanPromise(
+    "http://localhost:" + httpserver.identity.primaryPort + earlyhintspath,
+    earlyHints
+  );
+  Assert.ok(earlyHints.earlyHintsReceived);
+});
+
+add_task(async function no_early_hints() {
+  let earlyHints = new EarlyHintsListener("");
+
+  await chanPromise(
+    "http://localhost:" + httpserver.identity.primaryPort + noearlyhintspath,
+    earlyHints
+  );
+  Assert.ok(!earlyHints.earlyHintsReceived);
+});
+
+add_task(async function early_hints_multiple() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = hint1 + ", " + hint2;
+
+  await chanPromise(
+    "http://localhost:" +
+      httpserver.identity.primaryPort +
+      multipleearlyhintspath,
+    earlyHints
+  );
+  Assert.ok(earlyHints.earlyHintsReceived);
+});
+
+add_task(async function early_hints_other() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = hint1;
+
+  await chanPromise(
+    "http://localhost:" + httpserver.identity.primaryPort + otherearlyhintspath,
+    earlyHints
+  );
+  Assert.ok(earlyHints.earlyHintsReceived);
+});
+
+add_task(async function early_hints_only_secure_context() {
+  Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+  let earlyHints2 = new EarlyHintsListener();
+  earlyHints2._expected_hints = "";
+
+  await chanPromise(
+    "http://localhost:" + httpserver.identity.primaryPort + earlyhintspath,
+    earlyHints2
+  );
+  Assert.ok(!earlyHints2.earlyHintsReceived);
+});
+
+add_task(async function clean_up() {
+  Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+  await new Promise(resolve => {
+    httpserver.stop(resolve);
+  });
+});
diff --git a/netwerk/test/unit/test_early_hint_listener_http2.js b/netwerk/test/unit/test_early_hint_listener_http2.js
new file mode 100644
index 0000000000..3ea32f0bcc
--- /dev/null
+++ b/netwerk/test/unit/test_early_hint_listener_http2.js
@@ -0,0 +1,110 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The server will always respond with a 103 EarlyHint followed by a
+// 200 response.
+// 103 response contains:
+//  1) a non-link header
+//  2) a link header if a request has a "link-to-set" header. If the
+//     request header is not set, the response will not have Link headers.
+//     A "link-to-set" header may contain multiple link headers
+//     separated with a comma.
+
+var earlyhintspath = "/103_response";
+var hint1 = "; rel=preload; as=style";
+var hint2 = "; rel=preload; as=image";
+
+let EarlyHintsListener = function () {};
+
+EarlyHintsListener.prototype = {
+  _expected_hints: "",
+  earlyHintsReceived: false,
+
+  QueryInterface: ChromeUtils.generateQI(["nsIEarlyHintObserver"]),
+
+  earlyHint: function testEarlyHint(header) {
+    Assert.equal(header, this._expected_hints);
+    this.earlyHintsReceived = true;
+  },
+};
+
+function chanPromise(uri, listener, headers) {
+  return new Promise(resolve => {
+    var principal = Services.scriptSecurityManager.createContentPrincipal(
+      NetUtil.newURI(uri),
+      {}
+    );
+    var chan = NetUtil.newChannel({
+      uri,
+      loadingPrincipal: principal,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+    });
+
+    chan
+      .QueryInterface(Ci.nsIHttpChannel)
+      .setRequestHeader("link-to-set", headers, false);
+    chan
+      .QueryInterface(Ci.nsIHttpChannelInternal)
+      .setEarlyHintObserver(listener);
+    chan.asyncOpen(new ChannelListener(resolve));
+  });
+}
+
+let http2Port;
+
+add_task(async function setup() {
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  http2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(http2Port, null);
+  Assert.notEqual(http2Port, "");
+
+  do_get_profile();
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.dns.localDomains");
+});
+
+add_task(async function early_hints() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = hint1;
+
+  await chanPromise(
+    `https://foo.example.com:${http2Port}${earlyhintspath}`,
+    earlyHints,
+    hint1
+  );
+  Assert.ok(earlyHints.earlyHintsReceived);
+});
+
+// Test when there is no Link header in a 103 response.
+// 103 response will contain non-link headers.
+add_task(async function no_early_hints() {
+  let earlyHints = new EarlyHintsListener("");
+
+  await chanPromise(
+    `https://foo.example.com:${http2Port}${earlyhintspath}`,
+    earlyHints,
+    ""
+  );
+  Assert.ok(!earlyHints.earlyHintsReceived);
+});
+
+add_task(async function early_hints_multiple() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = hint1 + ", " + hint2;
+
+  await chanPromise(
+    `https://foo.example.com:${http2Port}${earlyhintspath}`,
+    earlyHints,
+    hint1 + ", " + hint2
+  );
+  Assert.ok(earlyHints.earlyHintsReceived);
+});
diff --git a/netwerk/test/unit/test_ech_grease.js b/netwerk/test/unit/test_ech_grease.js
new file mode 100644
index 0000000000..bbe9c027b5
--- /dev/null
+++ b/netwerk/test/unit/test_ech_grease.js
@@ -0,0 +1,270 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+
+"use strict";
+
+// Allow telemetry probes which may otherwise be disabled for some
+// applications (e.g. Thunderbird).
+Services.prefs.setBoolPref(
+  "toolkit.telemetry.testing.overrideProductsCheck",
+  true
+);
+
+// Get a profile directory and ensure PSM initializes NSS.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+class InputStreamCallback {
+  constructor(output) {
+    this.output = output;
+    this.stopped = false;
+  }
+
+  onInputStreamReady(stream) {
+    info("input stream ready");
+    if (this.stopped) {
+      info("input stream callback stopped - bailing");
+      return;
+    }
+    let available = 0;
+    try {
+      available = stream.available();
+    } catch (e) {
+      // onInputStreamReady may fire when the stream has been closed.
+      equal(
+        e.result,
+        Cr.NS_BASE_STREAM_CLOSED,
+        "error should be NS_BASE_STREAM_CLOSED"
+      );
+    }
+    if (available > 0) {
+      let request = NetUtil.readInputStreamToString(stream, available, {
+        charset: "utf8",
+      });
+      ok(
+        request.startsWith("GET / HTTP/1.1\r\n"),
+        "Should get a simple GET / HTTP/1.1 request"
+      );
+      let response =
+        "HTTP/1.1 200 OK\r\n" +
+        "Content-Length: 2\r\n" +
+        "Content-Type: text/plain\r\n" +
+        "\r\nOK";
+      let written = this.output.write(response, response.length);
+      equal(
+        written,
+        response.length,
+        "should have been able to write entire response"
+      );
+    }
+    this.output.close();
+    info("done with input stream ready");
+  }
+
+  stop() {
+    this.stopped = true;
+    this.output.close();
+  }
+}
+
+class TLSServerSecurityObserver {
+  constructor(input, output) {
+    this.input = input;
+    this.output = output;
+    this.callbacks = [];
+    this.stopped = false;
+  }
+
+  onHandshakeDone(socket, status) {
+    info("TLS handshake done");
+    info(`TLS version used: ${status.tlsVersionUsed}`);
+
+    if (this.stopped) {
+      info("handshake done callback stopped - bailing");
+      return;
+    }
+
+    let callback = new InputStreamCallback(this.output);
+    this.callbacks.push(callback);
+    this.input.asyncWait(callback, 0, 0, Services.tm.currentThread);
+  }
+
+  stop() {
+    this.stopped = true;
+    this.input.close();
+    this.output.close();
+    this.callbacks.forEach(callback => {
+      callback.stop();
+    });
+  }
+}
+
+class ServerSocketListener {
+  constructor() {
+    this.securityObservers = [];
+  }
+
+  onSocketAccepted(socket, transport) {
+    info("accepted TLS client connection");
+    let connectionInfo = transport.securityCallbacks.getInterface(
+      Ci.nsITLSServerConnectionInfo
+    );
+    let input = transport.openInputStream(0, 0, 0);
+    let output = transport.openOutputStream(0, 0, 0);
+    let securityObserver = new TLSServerSecurityObserver(input, output);
+    this.securityObservers.push(securityObserver);
+    connectionInfo.setSecurityObserver(securityObserver);
+  }
+
+  // For some reason we get input stream callback events after we've stopped
+  // listening, so this ensures we just drop those events.
+  onStopListening() {
+    info("onStopListening");
+    this.securityObservers.forEach(observer => {
+      observer.stop();
+    });
+  }
+}
+
+function startServer(
+  minServerVersion = Ci.nsITLSClientStatus.TLS_VERSION_1_2,
+  maxServerVersion = Ci.nsITLSClientStatus.TLS_VERSION_1_3
+) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"].createInstance(
+    Ci.nsITLSServerSocket
+  );
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = getTestServerCertificate();
+  tlsServer.setVersionRange(minServerVersion, maxServerVersion);
+  tlsServer.setSessionTickets(false);
+  tlsServer.asyncListen(new ServerSocketListener());
+  storeCertOverride(tlsServer.port, tlsServer.serverCert);
+  return tlsServer;
+}
+
+const hostname = "example.com";
+
+function storeCertOverride(port, cert) {
+  let certOverrideService = Cc[
+    "@mozilla.org/security/certoverride;1"
+  ].getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(hostname, port, {}, cert, true);
+}
+
+function startClient(port, useGREASE, beConservative) {
+  HandshakeTelemetryHelpers.resetHistograms();
+  let flavors = ["", "_FIRST_TRY"];
+  let nonflavors = ["_ECH"];
+
+  if (useGREASE) {
+    Services.prefs.setIntPref("security.tls.ech.grease_probability", 100);
+  } else {
+    Services.prefs.setIntPref("security.tls.ech.grease_probability", 0);
+  }
+
+  let req = new XMLHttpRequest();
+  req.open("GET", `https://${hostname}:${port}`);
+
+  if (beConservative) {
+    // We don't have a way to set DONT_TRY_ECH at the moment.
+    let internalChannel = req.channel.QueryInterface(Ci.nsIHttpChannelInternal);
+    internalChannel.beConservative = beConservative;
+    flavors.push("_CONSERVATIVE");
+  } else {
+    nonflavors.push("_CONSERVATIVE");
+  }
+
+  //GREASE is only used if enabled and not in conservative mode.
+  if (useGREASE && !beConservative) {
+    flavors.push("_ECH_GREASE");
+  } else {
+    nonflavors.push("_ECH_GREASE");
+  }
+
+  return new Promise((resolve, reject) => {
+    req.onload = () => {
+      equal(req.responseText, "OK", "response text should be 'OK'");
+
+      // Only check telemetry if network process is disabled.
+      if (!mozinfo.socketprocess_networking) {
+        HandshakeTelemetryHelpers.checkSuccess(flavors);
+        HandshakeTelemetryHelpers.checkEmpty(nonflavors);
+      }
+
+      resolve();
+    };
+    req.onerror = () => {
+      ok(false, `should not have gotten an error`);
+      resolve();
+    };
+
+    req.send();
+  });
+}
+
+function setup() {
+  Services.prefs.setIntPref("security.tls.version.max", 4);
+  Services.prefs.setCharPref("network.dns.localDomains", hostname);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+}
+setup();
+
+add_task(async function GreaseYConservativeN() {
+  // First run a server that accepts TLS 1.2 and 1.3. A conservative client
+  // should succeed in connecting.
+  let server = startServer();
+
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    false /*should succeed*/
+  );
+  server.close();
+});
+
+add_task(async function GreaseNConservativeY() {
+  // First run a server that accepts TLS 1.2 and 1.3. A conservative client
+  // should succeed in connecting.
+  let server = startServer();
+
+  await startClient(
+    server.port,
+    false /*be conservative*/,
+    true /*should succeed*/
+  );
+  server.close();
+});
+
+add_task(async function GreaseYConservativeY() {
+  // First run a server that accepts TLS 1.2 and 1.3. A conservative client
+  // should succeed in connecting.
+  let server = startServer();
+
+  await startClient(
+    server.port,
+    true /*be conservative*/,
+    true /*should succeed*/
+  );
+  server.close();
+});
+
+add_task(async function GreaseNConservativeN() {
+  // First run a server that accepts TLS 1.2 and 1.3. A conservative client
+  // should succeed in connecting.
+  let server = startServer();
+
+  await startClient(
+    server.port,
+    false /*be conservative*/,
+    false /*should succeed*/
+  );
+  server.close();
+});
+
+registerCleanupFunction(function () {
+  Services.prefs.clearUserPref("security.tls.version.max");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.tls.ech.grease_probability");
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+});
diff --git a/netwerk/test/unit/test_event_sink.js b/netwerk/test/unit/test_event_sink.js
new file mode 100644
index 0000000000..e49080c88c
--- /dev/null
+++ b/netwerk/test/unit/test_event_sink.js
@@ -0,0 +1,183 @@
+// This file tests channel event sinks (bug 315598 et al)
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort;
+});
+
+const sinkCID = Components.ID("{14aa4b81-e266-45cb-88f8-89595dece114}");
+const sinkContract = "@mozilla.org/network/unittest/channeleventsink;1";
+
+const categoryName = "net-channel-event-sinks";
+
+/**
+ * This object is both a factory and an nsIChannelEventSink implementation (so, it
+ * is de-facto a service). It's also an interface requestor that gives out
+ * itself when asked for nsIChannelEventSink.
+ */
+var eventsink = {
+  QueryInterface: ChromeUtils.generateQI(["nsIFactory", "nsIChannelEventSink"]),
+  createInstance: function eventsink_ci(iid) {
+    return this.QueryInterface(iid);
+  },
+
+  asyncOnChannelRedirect: function eventsink_onredir(
+    oldChan,
+    newChan,
+    flags,
+    callback
+  ) {
+    // veto
+    this.called = true;
+    throw Components.Exception("", Cr.NS_BINDING_ABORTED);
+  },
+
+  getInterface: function eventsink_gi(iid) {
+    if (iid.equals(Ci.nsIChannelEventSink)) {
+      return this;
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  called: false,
+};
+
+var listener = {
+  expectSinkCall: true,
+
+  onStartRequest: function test_onStartR(request) {
+    try {
+      // Commenting out this check pending resolution of bug 255119
+      //if (Components.isSuccessCode(request.status))
+      //  do_throw("Channel should have a failure code!");
+
+      // The current URI must be the original URI, as all redirects have been
+      // cancelled
+      if (
+        !(request instanceof Ci.nsIChannel) ||
+        !request.URI.equals(request.originalURI)
+      ) {
+        do_throw(
+          "Wrong URI: Is <" +
+            request.URI.spec +
+            ">, should be <" +
+            request.originalURI.spec +
+            ">"
+        );
+      }
+
+      if (request instanceof Ci.nsIHttpChannel) {
+        // As we expect a blocked redirect, verify that we have a 3xx status
+        Assert.equal(Math.floor(request.responseStatus / 100), 3);
+        Assert.equal(request.requestSucceeded, false);
+      }
+
+      Assert.equal(eventsink.called, this.expectSinkCall);
+    } catch (e) {
+      do_throw("Unexpected exception: " + e);
+    }
+
+    throw Components.Exception("", Cr.NS_ERROR_ABORT);
+  },
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    if (this._iteration <= 2) {
+      run_test_continued();
+    } else {
+      do_test_pending();
+      httpserv.stop(do_test_finished);
+    }
+    do_test_finished();
+  },
+
+  _iteration: 1,
+};
+
+function makeChan(url) {
+  return NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+}
+
+var httpserv = null;
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/redirect", redirect);
+  httpserv.registerPathHandler("/redirectfile", redirectfile);
+  httpserv.start(-1);
+
+  Components.manager.nsIComponentRegistrar.registerFactory(
+    sinkCID,
+    "Unit test Event sink",
+    sinkContract,
+    eventsink
+  );
+
+  // Step 1: Set the callbacks on the listener itself
+  var chan = makeChan(URL + "/redirect");
+  chan.notificationCallbacks = eventsink;
+
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function run_test_continued() {
+  eventsink.called = false;
+
+  var chan;
+  if (listener._iteration == 1) {
+    // Step 2: Category entry
+    Services.catMan.addCategoryEntry(
+      categoryName,
+      "unit test",
+      sinkContract,
+      false,
+      true
+    );
+    chan = makeChan(URL + "/redirect");
+  } else {
+    // Step 3: Global contract id
+    Services.catMan.deleteCategoryEntry(categoryName, "unit test", false);
+    listener.expectSinkCall = false;
+    chan = makeChan(URL + "/redirectfile");
+  }
+
+  listener._iteration++;
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+// PATHS
+
+// /redirect
+function redirect(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
+  response.setHeader(
+    "Location",
+    "http://localhost:" + metadata.port + "/",
+    false
+  );
+
+  var body = "Moved\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// /redirectfile
+function redirectfile(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 301, "Moved Permanently");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Location", "file:///etc/", false);
+
+  var body = "Attempted to move to a file URI, but failed.\n";
+  response.bodyOutputStream.write(body, body.length);
+}
diff --git a/netwerk/test/unit/test_eviction.js b/netwerk/test/unit/test_eviction.js
new file mode 100644
index 0000000000..eac7ece5be
--- /dev/null
+++ b/netwerk/test/unit/test_eviction.js
@@ -0,0 +1,252 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+var test_generator = do_run_test();
+
+function run_test() {
+  do_test_pending();
+  do_run_generator(test_generator);
+}
+
+function continue_test() {
+  do_run_generator(test_generator);
+}
+
+function repeat_test() {
+  // The test is probably going to fail because setting a batch of cookies took
+  // a significant fraction of 'gPurgeAge'. Compensate by rerunning the
+  // test with a larger purge age.
+  Assert.ok(gPurgeAge < 64);
+  gPurgeAge *= 2;
+  gShortExpiry *= 2;
+
+  executeSoon(function () {
+    test_generator.return();
+    test_generator = do_run_test();
+    do_run_generator(test_generator);
+  });
+}
+
+// Purge threshold, in seconds.
+var gPurgeAge = 1;
+
+// Short expiry age, in seconds.
+var gShortExpiry = 2;
+
+// Required delay to ensure a purge occurs, in milliseconds. This must be at
+// least gPurgeAge + 10%, and includes a little fuzz to account for timer
+// resolution and possible differences between PR_Now() and Date.now().
+function get_purge_delay() {
+  return gPurgeAge * 1100 + 100;
+}
+
+// Required delay to ensure a cookie set with an expiry time 'gShortExpiry' into
+// the future will have expired.
+function get_expiry_delay() {
+  return gShortExpiry * 1000 + 100;
+}
+
+function* do_run_test() {
+  // Set up a profile.
+  do_get_profile();
+
+  // twiddle prefs to convenient values for this test
+  Services.prefs.setIntPref("network.cookie.purgeAge", gPurgeAge);
+  Services.prefs.setIntPref("network.cookie.maxNumber", 100);
+
+  let expiry = Date.now() / 1000 + 1000;
+
+  // eviction is performed based on two limits: when the total number of cookies
+  // exceeds maxNumber + 10% (110), and when cookies are older than purgeAge
+  // (1 second). purging is done when both conditions are satisfied, and only
+  // those cookies are purged.
+
+  // we test the following cases of eviction:
+  // 1) excess and age are satisfied, but only some of the excess are old enough
+  // to be purged.
+  Services.cookies.removeAll();
+  if (!set_cookies(0, 5, expiry)) {
+    repeat_test();
+    return;
+  }
+  // Sleep a while, to make sure the first batch of cookies is older than
+  // the second (timer resolution varies on different platforms).
+  do_timeout(get_purge_delay(), continue_test);
+  yield;
+  if (!set_cookies(5, 111, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  // Fake a profile change, to ensure eviction affects the database correctly.
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(111, 5, 106));
+
+  // 2) excess and age are satisfied, and all of the excess are old enough
+  // to be purged.
+  Services.cookies.removeAll();
+  if (!set_cookies(0, 10, expiry)) {
+    repeat_test();
+    return;
+  }
+  do_timeout(get_purge_delay(), continue_test);
+  yield;
+  if (!set_cookies(10, 111, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(111, 10, 101));
+
+  // 3) excess and age are satisfied, and more than the excess are old enough
+  // to be purged.
+  Services.cookies.removeAll();
+  if (!set_cookies(0, 50, expiry)) {
+    repeat_test();
+    return;
+  }
+  do_timeout(get_purge_delay(), continue_test);
+  yield;
+  if (!set_cookies(50, 111, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(111, 50, 101));
+
+  // 4) excess but not age are satisfied.
+  Services.cookies.removeAll();
+  if (!set_cookies(0, 120, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(120, 0, 120));
+
+  // 5) age but not excess are satisfied.
+  Services.cookies.removeAll();
+  if (!set_cookies(0, 20, expiry)) {
+    repeat_test();
+    return;
+  }
+  do_timeout(get_purge_delay(), continue_test);
+  yield;
+  if (!set_cookies(20, 110, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(110, 20, 110));
+
+  // 6) Excess and age are satisfied, but the cookie limit can be satisfied by
+  // purging expired cookies.
+  Services.cookies.removeAll();
+  let shortExpiry = Math.floor(Date.now() / 1000) + gShortExpiry;
+  if (!set_cookies(0, 20, shortExpiry)) {
+    repeat_test();
+    return;
+  }
+  do_timeout(get_expiry_delay(), continue_test);
+  yield;
+  if (!set_cookies(20, 110, expiry)) {
+    repeat_test();
+    return;
+  }
+  do_timeout(get_purge_delay(), continue_test);
+  yield;
+  if (!set_cookies(110, 111, expiry)) {
+    repeat_test();
+    return;
+  }
+
+  do_close_profile(test_generator);
+  yield;
+  do_load_profile();
+  Assert.ok(check_remaining_cookies(111, 20, 91));
+
+  do_finish_generator_test(test_generator);
+}
+
+// Set 'end - begin' total cookies, with consecutively increasing hosts numbered
+// 'begin' to 'end'.
+function set_cookies(begin, end, expiry) {
+  Assert.ok(begin != end);
+
+  let beginTime;
+  for (let i = begin; i < end; ++i) {
+    let host = "eviction." + i + ".tests";
+    Services.cookies.add(
+      host,
+      "",
+      "test",
+      "eviction",
+      false,
+      false,
+      false,
+      expiry,
+      {},
+      Ci.nsICookie.SAMESITE_NONE,
+      Ci.nsICookie.SCHEME_HTTPS
+    );
+
+    if (i == begin) {
+      beginTime = get_creationTime(i);
+    }
+  }
+
+  let endTime = get_creationTime(end - 1);
+  Assert.ok(begin == end - 1 || endTime > beginTime);
+  if (endTime - beginTime > gPurgeAge * 1000000) {
+    // Setting cookies took an amount of time very close to the purge threshold.
+    // Retry the test with a larger threshold.
+    return false;
+  }
+
+  return true;
+}
+
+function get_creationTime(i) {
+  let host = "eviction." + i + ".tests";
+  let cookies = Services.cookies.getCookiesFromHost(host, {});
+  Assert.ok(cookies.length);
+  let cookie = cookies[0];
+  return cookie.creationTime;
+}
+
+// Test that 'aNumberToExpect' cookies remain after purging is complete, and
+// that the cookies that remain consist of the set expected given the number of
+// of older and newer cookies -- eviction should occur by order of lastAccessed
+// time, if both the limit on total cookies (maxNumber + 10%) and the purge age
+// + 10% are exceeded.
+function check_remaining_cookies(aNumberTotal, aNumberOld, aNumberToExpect) {
+  let i = 0;
+  for (let cookie of Services.cookies.cookies) {
+    ++i;
+
+    if (aNumberTotal != aNumberToExpect) {
+      // make sure the cookie is one of the batch we expect was purged.
+      var hostNumber = Number(cookie.rawHost.split(".")[1]);
+      if (hostNumber < aNumberOld - aNumberToExpect) {
+        break;
+      }
+    }
+  }
+
+  return i == aNumberToExpect;
+}
diff --git a/netwerk/test/unit/test_extract_charset_from_content_type.js b/netwerk/test/unit/test_extract_charset_from_content_type.js
new file mode 100644
index 0000000000..a90e646048
--- /dev/null
+++ b/netwerk/test/unit/test_extract_charset_from_content_type.js
@@ -0,0 +1,238 @@
+/* -*- tab-width: 2; indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var charset = {};
+var charsetStart = {};
+var charsetEnd = {};
+var hadCharset;
+
+function check(aHadCharset, aCharset, aCharsetStart, aCharsetEnd) {
+  Assert.equal(aHadCharset, hadCharset);
+  Assert.equal(aCharset, charset.value);
+  Assert.equal(aCharsetStart, charsetStart.value);
+  Assert.equal(aCharsetEnd, charsetEnd.value);
+}
+
+function run_test() {
+  var netutil = Services.io;
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "TEXT/HTML",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html, text/html",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html, text/plain",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 21, 21);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html, ",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html, */*",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html, foo",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 9, 9);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html; charset=ISO-8859-1",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 9, 29);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html  ;    charset=ISO-8859-1",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 11, 34);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html  ;    charset=ISO-8859-1  ",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 11, 36);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html  ;    charset=ISO-8859-1 ; ",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 11, 35);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/html; charset="ISO-8859-1"',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 9, 31);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html; charset='ISO-8859-1'",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "'ISO-8859-1'", 9, 31);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/html; charset="ISO-8859-1", text/html',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 9, 31);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/html; charset="ISO-8859-1", text/html; charset=UTF8',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "UTF8", 42, 56);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html; charset=ISO-8859-1, TEXT/HTML",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 9, 29);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/html; charset=ISO-8859-1, TEXT/plain",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 41, 41);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain, TEXT/HTML; charset="ISO-8859-1", text/html, TEXT/HTML',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 21, 43);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain, TEXT/HTML; param="charset=UTF8"; charset="ISO-8859-1"; param2="charset=UTF16", text/html, TEXT/HTML',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 43, 65);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain, TEXT/HTML; param=charset=UTF8; charset="ISO-8859-1"; param2=charset=UTF16, text/html, TEXT/HTML',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(true, "ISO-8859-1", 41, 63);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/plain; param= , text/html",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 30, 30);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain; param=", text/html"',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 10, 10);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain; param=", \\" , text/html"',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 10, 10);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain; param=", \\" , text/html , "',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 10, 10);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain param=", \\" , text/html , "',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 38, 38);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    "text/plain charset=UTF8",
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 23, 23);
+
+  hadCharset = netutil.extractCharsetFromContentType(
+    'text/plain, TEXT/HTML; param="charset=UTF8"; ; param2="charset=UTF16", text/html, TEXT/HTML',
+    charset,
+    charsetStart,
+    charsetEnd
+  );
+  check(false, "", 21, 21);
+}
diff --git a/netwerk/test/unit/test_file_protocol.js b/netwerk/test/unit/test_file_protocol.js
new file mode 100644
index 0000000000..707bddef24
--- /dev/null
+++ b/netwerk/test/unit/test_file_protocol.js
@@ -0,0 +1,277 @@
+/* run some tests on the file:// protocol handler */
+
+"use strict";
+
+const PR_RDONLY = 0x1; // see prio.h
+
+const special_type = "application/x-our-special-type";
+
+[
+  test_read_file,
+  test_read_dir_1,
+  test_read_dir_2,
+  test_upload_file,
+  test_load_shelllink,
+  do_test_finished,
+].forEach(f => add_test(f));
+
+function new_file_input_stream(file, buffered) {
+  var stream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  stream.init(file, PR_RDONLY, 0, 0);
+  if (!buffered) {
+    return stream;
+  }
+
+  var buffer = Cc[
+    "@mozilla.org/network/buffered-input-stream;1"
+  ].createInstance(Ci.nsIBufferedInputStream);
+  buffer.init(stream, 4096);
+  return buffer;
+}
+
+function new_file_channel(file) {
+  let uri = Services.io.newFileURI(file);
+  return NetUtil.newChannel({
+    uri,
+    loadingPrincipal: Services.scriptSecurityManager.createContentPrincipal(
+      uri,
+      {}
+    ),
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+}
+
+/*
+ * stream listener
+ * this listener has some additional file-specific tests, so we can't just use
+ * ChannelListener here.
+ */
+function FileStreamListener(closure) {
+  this._closure = closure;
+}
+FileStreamListener.prototype = {
+  _closure: null,
+  _buffer: "",
+  _got_onstartrequest: false,
+  _got_onstoprequest: false,
+  _contentLen: -1,
+
+  _isDir(request) {
+    request.QueryInterface(Ci.nsIFileChannel);
+    return request.file.isDirectory();
+  },
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    if (this._got_onstartrequest) {
+      do_throw("Got second onStartRequest event!");
+    }
+    this._got_onstartrequest = true;
+
+    if (!this._isDir(request)) {
+      request.QueryInterface(Ci.nsIChannel);
+      this._contentLen = request.contentLength;
+      if (this._contentLen == -1) {
+        do_throw("Content length is unknown in onStartRequest!");
+      }
+    }
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    if (!this._got_onstartrequest) {
+      do_throw("onDataAvailable without onStartRequest event!");
+    }
+    if (this._got_onstoprequest) {
+      do_throw("onDataAvailable after onStopRequest event!");
+    }
+    if (!request.isPending()) {
+      do_throw("request reports itself as not pending from onStartRequest!");
+    }
+
+    this._buffer = this._buffer.concat(read_stream(stream, count));
+  },
+
+  onStopRequest(request, status) {
+    if (!this._got_onstartrequest) {
+      do_throw("onStopRequest without onStartRequest event!");
+    }
+    if (this._got_onstoprequest) {
+      do_throw("Got second onStopRequest event!");
+    }
+    this._got_onstoprequest = true;
+    if (!Components.isSuccessCode(status)) {
+      do_throw("Failed to load file: " + status.toString(16));
+    }
+    if (status != request.status) {
+      do_throw("request.status does not match status arg to onStopRequest!");
+    }
+    if (request.isPending()) {
+      do_throw("request reports itself as pending from onStopRequest!");
+    }
+    if (this._contentLen != -1 && this._buffer.length != this._contentLen) {
+      do_throw("did not read nsIChannel.contentLength number of bytes!");
+    }
+
+    this._closure(this._buffer);
+  },
+};
+
+function test_read_file() {
+  dump("*** test_read_file\n");
+
+  var file = do_get_file("../unit/data/test_readline6.txt");
+  var chan = new_file_channel(file);
+
+  function on_read_complete(data) {
+    dump("*** test_read_file.on_read_complete\n");
+
+    // bug 326693
+    if (chan.contentType != special_type) {
+      do_throw(
+        "Type mismatch! Is <" +
+          chan.contentType +
+          ">, should be <" +
+          special_type +
+          ">"
+      );
+    }
+
+    /* read completed successfully.  now read data directly from file,
+       and compare the result. */
+    var stream = new_file_input_stream(file, false);
+    var result = read_stream(stream, stream.available());
+    if (result != data) {
+      do_throw("Stream contents do not match with direct read!");
+    }
+    run_next_test();
+  }
+
+  chan.contentType = special_type;
+  chan.asyncOpen(new FileStreamListener(on_read_complete));
+}
+
+function do_test_read_dir(set_type, expected_type) {
+  dump("*** test_read_dir(" + set_type + ", " + expected_type + ")\n");
+
+  var file = do_get_tempdir();
+  var chan = new_file_channel(file);
+
+  function on_read_complete(data) {
+    dump(
+      "*** test_read_dir.on_read_complete(" +
+        set_type +
+        ", " +
+        expected_type +
+        ")\n"
+    );
+
+    // bug 326693
+    if (chan.contentType != expected_type) {
+      do_throw(
+        "Type mismatch! Is <" +
+          chan.contentType +
+          ">, should be <" +
+          expected_type +
+          ">"
+      );
+    }
+
+    run_next_test();
+  }
+
+  if (set_type) {
+    chan.contentType = expected_type;
+  }
+  chan.asyncOpen(new FileStreamListener(on_read_complete));
+}
+
+function test_read_dir_1() {
+  return do_test_read_dir(false, "application/http-index-format");
+}
+
+function test_read_dir_2() {
+  return do_test_read_dir(true, special_type);
+}
+
+function test_upload_file() {
+  dump("*** test_upload_file\n");
+
+  var file = do_get_file("../unit/data/test_readline6.txt"); // file to upload
+  var dest = do_get_tempdir(); // file upload destination
+  dest.append("junk.dat");
+  dest.createUnique(dest.NORMAL_FILE_TYPE, 0o600);
+
+  var uploadstream = new_file_input_stream(file, true);
+
+  var chan = new_file_channel(dest);
+  chan.QueryInterface(Ci.nsIUploadChannel);
+  chan.setUploadStream(uploadstream, "", file.fileSize);
+
+  function on_upload_complete(data) {
+    dump("*** test_upload_file.on_upload_complete\n");
+
+    // bug 326693
+    if (chan.contentType != special_type) {
+      do_throw(
+        "Type mismatch! Is <" +
+          chan.contentType +
+          ">, should be <" +
+          special_type +
+          ">"
+      );
+    }
+
+    /* upload of file completed successfully. */
+    if (data.length) {
+      do_throw("Upload resulted in data!");
+    }
+
+    var oldstream = new_file_input_stream(file, false);
+    var newstream = new_file_input_stream(dest, false);
+    var olddata = read_stream(oldstream, oldstream.available());
+    var newdata = read_stream(newstream, newstream.available());
+    if (olddata != newdata) {
+      do_throw("Stream contents do not match after file copy!");
+    }
+    oldstream.close();
+    newstream.close();
+
+    /* cleanup... also ensures that the destination file is not in
+       use when OnStopRequest is called. */
+    try {
+      dest.remove(false);
+    } catch (e) {
+      dump(e + "\n");
+      do_throw("Unable to remove uploaded file!\n");
+    }
+
+    run_next_test();
+  }
+
+  chan.contentType = special_type;
+  chan.asyncOpen(new FileStreamListener(on_upload_complete));
+}
+
+function test_load_shelllink() {
+  // lnk files should not resolve to their targets
+  dump("*** test_load_shelllink\n");
+  let file = do_get_file("data/system_root.lnk", false);
+  var chan = new_file_channel(file);
+
+  // The original URI path should be the same as the URI path
+  Assert.equal(chan.URI.pathQueryRef, chan.originalURI.pathQueryRef);
+
+  // The original URI path should be the same as the lnk file path
+  Assert.equal(
+    chan.originalURI.pathQueryRef,
+    Services.io.newFileURI(file).pathQueryRef
+  );
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_filestreams.js b/netwerk/test/unit/test_filestreams.js
new file mode 100644
index 0000000000..b1edf3d27b
--- /dev/null
+++ b/netwerk/test/unit/test_filestreams.js
@@ -0,0 +1,300 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// We need the profile directory so the test harness will clean up our test
+// files.
+do_get_profile();
+
+const OUTPUT_STREAM_CONTRACT_ID = "@mozilla.org/network/file-output-stream;1";
+const SAFE_OUTPUT_STREAM_CONTRACT_ID =
+  "@mozilla.org/network/safe-file-output-stream;1";
+
+////////////////////////////////////////////////////////////////////////////////
+//// Helper Methods
+
+/**
+ * Generates a leafName for a file that does not exist, but does *not*
+ * create the file. Similar to createUnique except for the fact that createUnique
+ * does create the file.
+ *
+ * @param aFile
+ *        The file to modify in order for it to have a unique leafname.
+ */
+function ensure_unique(aFile) {
+  ensure_unique.fileIndex = ensure_unique.fileIndex || 0;
+
+  var leafName = aFile.leafName;
+  while (aFile.clone().exists()) {
+    aFile.leafName = leafName + "_" + ensure_unique.fileIndex++;
+  }
+}
+
+/**
+ * Tests for files being accessed at the right time. Streams that use
+ * DEFER_OPEN should only open or create the file when an operation is
+ * done, and not during Init().
+ *
+ * Note that for writing, we check for actual writing in test_NetUtil (async)
+ * and in sync_operations in this file (sync), whereas in this function we
+ * just check that the file is *not* created during init.
+ *
+ * @param aContractId
+ *        The contract ID to use for the output stream
+ * @param aDeferOpen
+ *        Whether to check with DEFER_OPEN or not
+ * @param aTrickDeferredOpen
+ *        Whether we try to 'trick' deferred opens by changing the file object before
+ *        the actual open. The stream should have a clone, so changes to the file
+ *        object after Init and before Open should not affect it.
+ */
+function check_access(aContractId, aDeferOpen, aTrickDeferredOpen) {
+  const LEAF_NAME = "filestreams-test-file.tmp";
+  const TRICKY_LEAF_NAME = "BetYouDidNotExpectThat.tmp";
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append(LEAF_NAME);
+
+  // Writing
+
+  ensure_unique(file);
+  let ostream = Cc[aContractId].createInstance(Ci.nsIFileOutputStream);
+  ostream.init(
+    file,
+    -1,
+    -1,
+    aDeferOpen ? Ci.nsIFileOutputStream.DEFER_OPEN : 0
+  );
+  Assert.equal(aDeferOpen, !file.clone().exists()); // If defer, should not exist and vice versa
+  if (aDeferOpen) {
+    // File should appear when we do write to it.
+    if (aTrickDeferredOpen) {
+      // See |@param aDeferOpen| in the JavaDoc comment for this function
+      file.leafName = TRICKY_LEAF_NAME;
+    }
+    ostream.write("data", 4);
+    if (aTrickDeferredOpen) {
+      file.leafName = LEAF_NAME;
+    }
+    // We did a write, so the file should now exist
+    Assert.ok(file.clone().exists());
+  }
+  ostream.close();
+
+  // Reading
+
+  ensure_unique(file);
+  let istream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  var initOk, getOk;
+  try {
+    istream.init(
+      file,
+      -1,
+      0,
+      aDeferOpen ? Ci.nsIFileInputStream.DEFER_OPEN : 0
+    );
+    initOk = true;
+  } catch (e) {
+    initOk = false;
+  }
+  try {
+    let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+      Ci.nsIFileInputStream
+    );
+    fstream.init(file, -1, 0, 0);
+    getOk = true;
+  } catch (e) {
+    getOk = false;
+  }
+
+  // If the open is deferred, then Init should succeed even though the file we
+  // intend to read does not exist, and then trying to read from it should
+  // fail. The other case is where the open is not deferred, and there we should
+  // get an error when we Init (and also when we try to read).
+  Assert.ok(
+    (aDeferOpen && initOk && !getOk) || (!aDeferOpen && !initOk && !getOk)
+  );
+  istream.close();
+}
+
+/**
+ * We test async operations in test_NetUtil.js, and here test for simple sync
+ * operations on input streams.
+ *
+ * @param aDeferOpen
+ *        Whether to use DEFER_OPEN in the streams.
+ */
+function sync_operations(aDeferOpen) {
+  const TEST_DATA = "this is a test string";
+  const LEAF_NAME = "filestreams-test-file.tmp";
+
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append(LEAF_NAME);
+  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+  let ostream = Cc[OUTPUT_STREAM_CONTRACT_ID].createInstance(
+    Ci.nsIFileOutputStream
+  );
+  ostream.init(
+    file,
+    -1,
+    -1,
+    aDeferOpen ? Ci.nsIFileOutputStream.DEFER_OPEN : 0
+  );
+
+  ostream.write(TEST_DATA, TEST_DATA.length);
+  ostream.close();
+
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fstream.init(file, -1, 0, aDeferOpen ? Ci.nsIFileInputStream.DEFER_OPEN : 0);
+
+  let cstream = Cc["@mozilla.org/intl/converter-input-stream;1"].createInstance(
+    Ci.nsIConverterInputStream
+  );
+  cstream.init(fstream, "UTF-8", 0, 0);
+
+  let string = {};
+  cstream.readString(-1, string);
+  cstream.close();
+  fstream.close();
+
+  Assert.equal(string.value, TEST_DATA);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//// Tests
+
+function test_access() {
+  check_access(OUTPUT_STREAM_CONTRACT_ID, false, false);
+}
+
+function test_access_trick() {
+  check_access(OUTPUT_STREAM_CONTRACT_ID, false, true);
+}
+
+function test_access_defer() {
+  check_access(OUTPUT_STREAM_CONTRACT_ID, true, false);
+}
+
+function test_access_defer_trick() {
+  check_access(OUTPUT_STREAM_CONTRACT_ID, true, true);
+}
+
+function test_access_safe() {
+  check_access(SAFE_OUTPUT_STREAM_CONTRACT_ID, false, false);
+}
+
+function test_access_safe_trick() {
+  check_access(SAFE_OUTPUT_STREAM_CONTRACT_ID, false, true);
+}
+
+function test_access_safe_defer() {
+  check_access(SAFE_OUTPUT_STREAM_CONTRACT_ID, true, false);
+}
+
+function test_access_safe_defer_trick() {
+  check_access(SAFE_OUTPUT_STREAM_CONTRACT_ID, true, true);
+}
+
+function test_sync_operations() {
+  sync_operations();
+}
+
+function test_sync_operations_deferred() {
+  sync_operations(true);
+}
+
+function do_test_zero_size_buffered(disableBuffering) {
+  const LEAF_NAME = "filestreams-test-file.tmp";
+  const BUFFERSIZE = 4096;
+
+  let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
+  file.append(LEAF_NAME);
+  file.createUnique(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666);
+
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  fstream.init(
+    file,
+    -1,
+    0,
+    Ci.nsIFileInputStream.CLOSE_ON_EOF | Ci.nsIFileInputStream.REOPEN_ON_REWIND
+  );
+
+  var buffered = Cc[
+    "@mozilla.org/network/buffered-input-stream;1"
+  ].createInstance(Ci.nsIBufferedInputStream);
+  buffered.init(fstream, BUFFERSIZE);
+
+  if (disableBuffering) {
+    buffered.QueryInterface(Ci.nsIStreamBufferAccess).disableBuffering();
+  }
+
+  // Scriptable input streams clamp read sizes to the return value of
+  // available(), so don't quite do what we want here.
+  let cstream = Cc["@mozilla.org/intl/converter-input-stream;1"].createInstance(
+    Ci.nsIConverterInputStream
+  );
+  cstream.init(buffered, "UTF-8", 0, 0);
+
+  Assert.equal(buffered.available(), 0);
+
+  // Now try reading from this stream
+  let string = {};
+  Assert.equal(cstream.readString(BUFFERSIZE, string), 0);
+  Assert.equal(string.value, "");
+
+  // Now check that available() throws
+  var exceptionThrown = false;
+  try {
+    Assert.equal(buffered.available(), 0);
+  } catch (e) {
+    exceptionThrown = true;
+  }
+  Assert.ok(exceptionThrown);
+
+  // OK, now seek back to start
+  buffered.seek(Ci.nsISeekableStream.NS_SEEK_SET, 0);
+
+  // Now check that available() does not throw
+  exceptionThrown = false;
+  try {
+    Assert.equal(buffered.available(), 0);
+  } catch (e) {
+    exceptionThrown = true;
+  }
+  Assert.ok(!exceptionThrown);
+}
+
+function test_zero_size_buffered() {
+  do_test_zero_size_buffered(false);
+  do_test_zero_size_buffered(true);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//// Test Runner
+
+var tests = [
+  test_access,
+  test_access_trick,
+  test_access_defer,
+  test_access_defer_trick,
+  test_access_safe,
+  test_access_safe_trick,
+  test_access_safe_defer,
+  test_access_safe_defer_trick,
+  test_sync_operations,
+  test_sync_operations_deferred,
+  test_zero_size_buffered,
+];
+
+function run_test() {
+  tests.forEach(function (test) {
+    test();
+  });
+}
diff --git a/netwerk/test/unit/test_freshconnection.js b/netwerk/test/unit/test_freshconnection.js
new file mode 100644
index 0000000000..5d0f5bc5b7
--- /dev/null
+++ b/netwerk/test/unit/test_freshconnection.js
@@ -0,0 +1,30 @@
+// This is essentially a debug mode crashtest to make sure everything
+// involved in a reload runs on the right thread. It relies on the
+// assertions in necko.
+
+"use strict";
+
+var listener = {
+  onStartRequest: function test_onStartR(request) {},
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    do_test_finished();
+  },
+};
+
+function run_test() {
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:4444",
+    loadUsingSystemPrincipal: true,
+  });
+  chan.loadFlags =
+    Ci.nsIRequest.LOAD_FRESH_CONNECTION |
+    Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_getHost.js b/netwerk/test/unit/test_getHost.js
new file mode 100644
index 0000000000..c27fc0c028
--- /dev/null
+++ b/netwerk/test/unit/test_getHost.js
@@ -0,0 +1,65 @@
+// Test getLocalHost/getLocalPort and getRemoteHost/getRemotePort.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var httpserver = new HttpServer();
+httpserver.start(-1);
+const PORT = httpserver.identity.primaryPort;
+
+var gotOnStartRequest = false;
+
+function CheckGetHostListener() {}
+
+CheckGetHostListener.prototype = {
+  onStartRequest(request) {
+    dump("*** listener onStartRequest\n");
+
+    gotOnStartRequest = true;
+
+    request.QueryInterface(Ci.nsIHttpChannelInternal);
+    try {
+      Assert.equal(request.localAddress, "127.0.0.1");
+      Assert.equal(request.localPort > 0, true);
+      Assert.notEqual(request.localPort, PORT);
+      Assert.equal(request.remoteAddress, "127.0.0.1");
+      Assert.equal(request.remotePort, PORT);
+    } catch (e) {
+      Assert.ok(0, "Get local/remote host/port throws an error!");
+    }
+  },
+
+  onStopRequest(request, statusCode) {
+    dump("*** listener onStopRequest\n");
+
+    Assert.equal(gotOnStartRequest, true);
+    httpserver.stop(do_test_finished);
+  },
+
+  QueryInterface: ChromeUtils.generateQI(["nsIRequestObserver"]),
+};
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+function test_handler(metadata, response) {
+  response.setHeader("Content-Type", "text/html", false);
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  var responseBody = "blah blah";
+  response.bodyOutputStream.write(responseBody, responseBody.length);
+}
+
+function run_test() {
+  httpserver.registerPathHandler("/testdir", test_handler);
+
+  var channel = make_channel("http://localhost:" + PORT + "/testdir");
+  channel.asyncOpen(new CheckGetHostListener());
+  do_test_pending();
+}
diff --git a/netwerk/test/unit/test_gio_protocol.js b/netwerk/test/unit/test_gio_protocol.js
new file mode 100644
index 0000000000..37ce37abab
--- /dev/null
+++ b/netwerk/test/unit/test_gio_protocol.js
@@ -0,0 +1,201 @@
+/* run some tests on the gvfs/gio protocol handler */
+
+"use strict";
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+const PR_RDONLY = 0x1; // see prio.h
+
+[
+  do_test_read_data_dir,
+  do_test_read_recent,
+  test_read_file,
+  do_test_finished,
+].forEach(f => add_test(f));
+
+function setup() {
+  // Allowing some protocols to get a channel
+  if (!inChildProcess()) {
+    Services.prefs.setCharPref(
+      "network.gio.supported-protocols",
+      "localtest:,recent:"
+    );
+  } else {
+    do_send_remote_message("gio-allow-test-protocols");
+    do_await_remote_message("gio-allow-test-protocols-done");
+  }
+}
+
+setup();
+
+registerCleanupFunction(() => {
+  // Resetting the protocols to None
+  if (!inChildProcess()) {
+    Services.prefs.clearUserPref("network.gio.supported-protocols");
+  }
+});
+
+function new_file_input_stream(file, buffered) {
+  var stream = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  stream.init(file, PR_RDONLY, 0, 0);
+  if (!buffered) {
+    return stream;
+  }
+
+  var buffer = Cc[
+    "@mozilla.org/network/buffered-input-stream;1"
+  ].createInstance(Ci.nsIBufferedInputStream);
+  buffer.init(stream, 4096);
+  return buffer;
+}
+
+function new_file_channel(file) {
+  var chan = NetUtil.newChannel({
+    uri: file,
+    loadUsingSystemPrincipal: true,
+  });
+
+  return chan;
+}
+
+/*
+ * stream listener
+ * this listener has some additional file-specific tests, so we can't just use
+ * ChannelListener here.
+ */
+function FileStreamListener(closure) {
+  this._closure = closure;
+}
+FileStreamListener.prototype = {
+  _closure: null,
+  _buffer: "",
+  _got_onstartrequest: false,
+  _got_onstoprequest: false,
+  _contentLen: -1,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    if (this._got_onstartrequest) {
+      do_throw("Got second onStartRequest event!");
+    }
+    this._got_onstartrequest = true;
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    if (!this._got_onstartrequest) {
+      do_throw("onDataAvailable without onStartRequest event!");
+    }
+    if (this._got_onstoprequest) {
+      do_throw("onDataAvailable after onStopRequest event!");
+    }
+    if (!request.isPending()) {
+      do_throw("request reports itself as not pending from onStartRequest!");
+    }
+
+    this._buffer = this._buffer.concat(read_stream(stream, count));
+  },
+
+  onStopRequest(request, status) {
+    if (!this._got_onstartrequest) {
+      do_throw("onStopRequest without onStartRequest event!");
+    }
+    if (this._got_onstoprequest) {
+      do_throw("Got second onStopRequest event!");
+    }
+    this._got_onstoprequest = true;
+    if (!Components.isSuccessCode(status)) {
+      do_throw("Failed to load file: " + status.toString(16));
+    }
+    if (status != request.status) {
+      do_throw("request.status does not match status arg to onStopRequest!");
+    }
+    if (request.isPending()) {
+      do_throw("request reports itself as pending from onStopRequest!");
+    }
+    if (this._contentLen != -1 && this._buffer.length != this._contentLen) {
+      do_throw("did not read nsIChannel.contentLength number of bytes!");
+    }
+
+    this._closure(this._buffer);
+  },
+};
+
+function test_read_file() {
+  dump("*** test_read_file\n");
+  // Going via parent path, because this is opended from test/unit/ and test/unit_ipc/
+  var file = do_get_file("../unit/data/test_readline4.txt");
+  var chan = new_file_channel("localtest://" + file.path);
+
+  function on_read_complete(data) {
+    dump("*** test_read_file.on_read_complete()\n");
+    /* read completed successfully.  now read data directly from file,
+       and compare the result. */
+    var stream = new_file_input_stream(file, false);
+    var result = read_stream(stream, stream.available());
+    if (result != data) {
+      do_throw("Stream contents do not match with direct read!");
+    }
+    run_next_test();
+  }
+
+  chan.asyncOpen(new FileStreamListener(on_read_complete));
+}
+
+function do_test_read_data_dir() {
+  dump('*** test_read_data_dir("../data/")\n');
+
+  var dir = do_get_file("../unit/data/");
+  var chan = new_file_channel("localtest://" + dir.path);
+
+  function on_read_complete(data) {
+    dump("*** test_read_data_dir.on_read_complete()\n");
+
+    // The data-directory should be listed, containing a header-line and the files therein
+    if (
+      !(
+        data.includes("200: filename content-length last-modified file-type") &&
+        data.includes("201: test_readline1.txt") &&
+        data.includes("201: test_readline2.txt")
+      )
+    ) {
+      do_throw(
+        "test_read_data_dir() - Bad data! Does not contain needles! Is <" +
+          data +
+          ">"
+      );
+    }
+    run_next_test();
+  }
+  chan.asyncOpen(new FileStreamListener(on_read_complete));
+}
+
+function do_test_read_recent() {
+  dump('*** test_read_recent("recent://")\n');
+
+  var chan = new_file_channel("recent:///");
+
+  function on_read_complete(data) {
+    dump("*** test_read_recent.on_read_complete()\n");
+
+    // The data-directory should be listed, containing a header-line and the files therein
+    if (
+      !data.includes("200: filename content-length last-modified file-type")
+    ) {
+      do_throw(
+        "do_test_read_recent() - Bad data! Does not contain header! Is <" +
+          data +
+          ">"
+      );
+    }
+    run_next_test();
+  }
+  chan.asyncOpen(new FileStreamListener(on_read_complete));
+}
diff --git a/netwerk/test/unit/test_gre_resources.js b/netwerk/test/unit/test_gre_resources.js
new file mode 100644
index 0000000000..4ea8d04b95
--- /dev/null
+++ b/netwerk/test/unit/test_gre_resources.js
@@ -0,0 +1,30 @@
+// test that things that are expected to be in gre-resources are still there
+
+"use strict";
+
+function wrapInputStream(input) {
+  var nsIScriptableInputStream = Ci.nsIScriptableInputStream;
+  var factory = Cc["@mozilla.org/scriptableinputstream;1"];
+  var wrapper = factory.createInstance(nsIScriptableInputStream);
+  wrapper.init(input);
+  return wrapper;
+}
+
+function check_file(file) {
+  var channel = NetUtil.newChannel({
+    uri: "resource://gre-resources/" + file,
+    loadUsingSystemPrincipal: true,
+  });
+  try {
+    let instr = wrapInputStream(channel.open());
+    Assert.ok(!!instr.read(1024).length);
+  } catch (e) {
+    do_throw("Failed to read " + file + " from gre-resources:" + e);
+  }
+}
+
+function run_test() {
+  for (let file of ["ua.css"]) {
+    check_file(file);
+  }
+}
diff --git a/netwerk/test/unit/test_h2proxy_connection_limit.js b/netwerk/test/unit/test_h2proxy_connection_limit.js
new file mode 100644
index 0000000000..f326b48b40
--- /dev/null
+++ b/netwerk/test/unit/test_h2proxy_connection_limit.js
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Summary:
+// Test whether the connection limit is honored when http2 proxy is used.
+//
+// Test step:
+// 1. Create 30 http requests.
+// 2. Check if the count of all sockets created by proxy is less than 6.
+
+"use strict";
+
+/* import-globals-from head_cache.js */
+/* import-globals-from head_cookies.js */
+/* import-globals-from head_channels.js */
+/* import-globals-from head_servers.js */
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+add_task(async function test_connection_limit() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
+
+  let proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+  registerCleanupFunction(async () => {
+    await proxy.stop();
+  });
+
+  const maxConnections = 6;
+  Services.prefs.setIntPref(
+    "network.http.max-persistent-connections-per-server",
+    maxConnections
+  );
+  registerCleanupFunction(async () => {
+    Services.prefs.clearUserPref(
+      "network.http.max-persistent-connections-per-server"
+    );
+  });
+
+  await with_node_servers([NodeHTTP2Server], async server => {
+    await server.registerPathHandler("/test", (req, resp) => {
+      resp.writeHead(200);
+      resp.end("All good");
+    });
+
+    let promises = [];
+    for (let i = 0; i < 30; ++i) {
+      let chan = makeChan(`${server.origin()}/test`);
+      promises.push(
+        new Promise(resolve => {
+          chan.asyncOpen(
+            new ChannelListener(resolve, null, CL_ALLOW_UNKNOWN_CL)
+          );
+        })
+      );
+    }
+    await Promise.all(promises);
+    let count = await proxy.socketCount(server.port());
+    Assert.lessOrEqual(
+      count,
+      maxConnections,
+      "socket count should be less than maxConnections"
+    );
+  });
+});
diff --git a/netwerk/test/unit/test_head.js b/netwerk/test/unit/test_head.js
new file mode 100644
index 0000000000..8a6b2a5cd7
--- /dev/null
+++ b/netwerk/test/unit/test_head.js
@@ -0,0 +1,171 @@
+//
+//  HTTP headers test
+//
+
+// Note: sets Cc and Ci variables
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const ReferrerInfo = Components.Constructor(
+  "@mozilla.org/referrer-info;1",
+  "nsIReferrerInfo",
+  "init"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var testpath = "/simple";
+var httpbody = "0123456789";
+var channel;
+
+var dbg = 0;
+if (dbg) {
+  print("============== START ==========");
+}
+
+function run_test() {
+  setup_test();
+  do_test_pending();
+}
+
+function setup_test() {
+  if (dbg) {
+    print("============== setup_test: in");
+  }
+
+  httpserver.registerPathHandler(testpath, serverHandler);
+  httpserver.start(-1);
+
+  channel = setupChannel(testpath);
+
+  channel.setRequestHeader("ReplaceMe", "initial value", true);
+  var setOK = channel.getRequestHeader("ReplaceMe");
+  Assert.equal(setOK, "initial value");
+  channel.setRequestHeader("ReplaceMe", "replaced", false);
+  setOK = channel.getRequestHeader("ReplaceMe");
+  Assert.equal(setOK, "replaced");
+
+  channel.setRequestHeader("MergeMe", "foo1", true);
+  channel.setRequestHeader("MergeMe", "foo2", true);
+  channel.setRequestHeader("MergeMe", "foo3", true);
+  setOK = channel.getRequestHeader("MergeMe");
+  Assert.equal(setOK, "foo1, foo2, foo3");
+
+  channel.setEmptyRequestHeader("Empty");
+  setOK = channel.getRequestHeader("Empty");
+  Assert.equal(setOK, "");
+
+  channel.setRequestHeader("ReplaceWithEmpty", "initial value", true);
+  setOK = channel.getRequestHeader("ReplaceWithEmpty");
+  Assert.equal(setOK, "initial value");
+  channel.setEmptyRequestHeader("ReplaceWithEmpty");
+  setOK = channel.getRequestHeader("ReplaceWithEmpty");
+  Assert.equal(setOK, "");
+
+  channel.setEmptyRequestHeader("MergeWithEmpty");
+  setOK = channel.getRequestHeader("MergeWithEmpty");
+  Assert.equal(setOK, "");
+  channel.setRequestHeader("MergeWithEmpty", "foo", true);
+  setOK = channel.getRequestHeader("MergeWithEmpty");
+  Assert.equal(setOK, "foo");
+
+  var uri = NetUtil.newURI("http://foo1.invalid:80");
+  channel.referrerInfo = new ReferrerInfo(Ci.nsIReferrerInfo.EMPTY, true, uri);
+  setOK = channel.getRequestHeader("Referer");
+  Assert.equal(setOK, "http://foo1.invalid/");
+
+  uri = NetUtil.newURI("http://foo2.invalid:90/bar");
+  channel.referrerInfo = new ReferrerInfo(Ci.nsIReferrerInfo.EMPTY, true, uri);
+  setOK = channel.getRequestHeader("Referer");
+  // No triggering URI inloadInfo, assume load is cross-origin.
+  Assert.equal(setOK, "http://foo2.invalid:90/");
+
+  // ChannelListener defined in head_channels.js
+  channel.asyncOpen(new ChannelListener(checkRequestResponse, channel));
+
+  if (dbg) {
+    print("============== setup_test: out");
+  }
+}
+
+function setupChannel(path) {
+  var chan = NetUtil.newChannel({
+    uri: URL + path,
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  chan.requestMethod = "GET";
+  return chan;
+}
+
+function serverHandler(metadata, response) {
+  if (dbg) {
+    print("============== serverHandler: in");
+  }
+
+  var setOK = metadata.getHeader("ReplaceMe");
+  Assert.equal(setOK, "replaced");
+  setOK = metadata.getHeader("MergeMe");
+  Assert.equal(setOK, "foo1, foo2, foo3");
+  setOK = metadata.getHeader("Empty");
+  Assert.equal(setOK, "");
+  setOK = metadata.getHeader("ReplaceWithEmpty");
+  Assert.equal(setOK, "");
+  setOK = metadata.getHeader("MergeWithEmpty");
+  Assert.equal(setOK, "foo");
+  setOK = metadata.getHeader("Referer");
+  Assert.equal(setOK, "http://foo2.invalid:90/");
+
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setStatusLine("1.1", 200, "OK");
+
+  // note: httpd.js' "Response" class uses ',' (no space) for merge.
+  response.setHeader("httpdMerge", "bar1", false);
+  response.setHeader("httpdMerge", "bar2", true);
+  response.setHeader("httpdMerge", "bar3", true);
+  // Some special headers like Proxy-Authenticate merge with \n
+  response.setHeader("Proxy-Authenticate", "line 1", true);
+  response.setHeader("Proxy-Authenticate", "line 2", true);
+  response.setHeader("Proxy-Authenticate", "line 3", true);
+
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+
+  if (dbg) {
+    print("============== serverHandler: out");
+  }
+}
+
+function checkRequestResponse(request, data, context) {
+  if (dbg) {
+    print("============== checkRequestResponse: in");
+  }
+
+  Assert.equal(channel.responseStatus, 200);
+  Assert.equal(channel.responseStatusText, "OK");
+  Assert.ok(channel.requestSucceeded);
+
+  var response = channel.getResponseHeader("httpdMerge");
+  Assert.equal(response, "bar1,bar2,bar3");
+  channel.setResponseHeader("httpdMerge", "bar", true);
+  Assert.equal(channel.getResponseHeader("httpdMerge"), "bar1,bar2,bar3, bar");
+
+  response = channel.getResponseHeader("Proxy-Authenticate");
+  Assert.equal(response, "line 1\nline 2\nline 3");
+
+  channel.contentCharset = "UTF-8";
+  Assert.equal(channel.contentCharset, "UTF-8");
+  Assert.equal(channel.contentType, "text/plain");
+  Assert.equal(channel.contentLength, httpbody.length);
+  Assert.equal(data, httpbody);
+
+  httpserver.stop(do_test_finished);
+  if (dbg) {
+    print("============== checkRequestResponse: out");
+  }
+}
diff --git a/netwerk/test/unit/test_head_request_no_response_body.js b/netwerk/test/unit/test_head_request_no_response_body.js
new file mode 100644
index 0000000000..852a03040f
--- /dev/null
+++ b/netwerk/test/unit/test_head_request_no_response_body.js
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+
+Test that a response to HEAD method should not have a body.
+1. Create a GET request and write the response into cache.
+2. Create the second GET request with the same URI and see if the response is
+   from cache.
+3. Create a HEAD request and test if we got a response with an empty body.
+
+*/
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const responseContent = "response body";
+
+function test_handler(metadata, response) {
+  response.setHeader("Content-Type", "text/html", false);
+  response.setHeader("Cache-control", "max-age=9999", false);
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  if (metadata.method != "HEAD") {
+    response.bodyOutputStream.write(responseContent, responseContent.length);
+  }
+}
+
+function make_channel(url, method) {
+  let channel = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  channel.requestMethod = method;
+  return channel;
+}
+
+async function get_response(channel, fromCache) {
+  return new Promise(resolve => {
+    channel.asyncOpen(
+      new ChannelListener((request, buffer, ctx, isFromCache) => {
+        ok(fromCache == isFromCache, `got response from cache = ${fromCache}`);
+        resolve(buffer);
+      })
+    );
+  });
+}
+
+async function stop_server(httpserver) {
+  return new Promise(resolve => {
+    httpserver.stop(resolve);
+  });
+}
+
+add_task(async function () {
+  let httpserver = new HttpServer();
+  httpserver.registerPathHandler("/testdir", test_handler);
+  httpserver.start(-1);
+  const PORT = httpserver.identity.primaryPort;
+  const URI = `http://localhost:${PORT}/testdir`;
+
+  let response;
+
+  response = await get_response(make_channel(URI, "GET"), false);
+  ok(response === responseContent, "got response body");
+
+  response = await get_response(make_channel(URI, "GET"), true);
+  ok(response === responseContent, "got response body from cache");
+
+  response = await get_response(make_channel(URI, "HEAD"), false);
+  ok(response === "", "should have empty body");
+
+  await stop_server(httpserver);
+});
diff --git a/netwerk/test/unit/test_header_Accept-Language.js b/netwerk/test/unit/test_header_Accept-Language.js
new file mode 100644
index 0000000000..b00e02d13b
--- /dev/null
+++ b/netwerk/test/unit/test_header_Accept-Language.js
@@ -0,0 +1,99 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+//  HTTP Accept-Language header test
+//
+
+"use strict";
+
+var testpath = "/bug672448";
+
+function run_test() {
+  let intlPrefs = Services.prefs.getBranch("intl.");
+
+  // Save old value of preference for later.
+  let oldPref = intlPrefs.getCharPref("accept_languages");
+
+  // Test different numbers of languages, to test different fractions.
+  let acceptLangTests = [
+    "qaa", // 1
+    "qaa,qab", // 2
+    "qaa,qab,qac,qad", // 4
+    "qaa,qab,qac,qad,qae,qaf,qag,qah", // 8
+    "qaa,qab,qac,qad,qae,qaf,qag,qah,qai,qaj", // 10
+    "qaa,qab,qac,qad,qae,qaf,qag,qah,qai,qaj,qak", // 11
+    "qaa,qab,qac,qad,qae,qaf,qag,qah,qai,qaj,qak,qal,qam,qan,qao,qap,qaq,qar,qas,qat,qau", // 21
+    oldPref, // Restore old value of preference (and test it).
+  ];
+
+  let acceptLangTestsNum = acceptLangTests.length;
+
+  for (let i = 0; i < acceptLangTestsNum; i++) {
+    // Set preference to test value.
+    intlPrefs.setCharPref("accept_languages", acceptLangTests[i]);
+
+    // Test value.
+    test_accepted_languages();
+  }
+}
+
+function test_accepted_languages() {
+  let channel = setupChannel(testpath);
+
+  let AcceptLanguage = channel.getRequestHeader("Accept-Language");
+
+  let acceptedLanguages = AcceptLanguage.split(",");
+
+  let acceptedLanguagesLength = acceptedLanguages.length;
+
+  for (let i = 0; i < acceptedLanguagesLength; i++) {
+    let qualityValue;
+
+    try {
+      // The q-value must conform to the definition in HTTP/1.1 Section 3.9.
+      [, , qualityValue] = acceptedLanguages[i]
+        .trim()
+        .match(/^([a-z0-9_-]*?)(?:;q=(1(?:\.0{0,3})?|0(?:\.[0-9]{0,3})))?$/i);
+    } catch (e) {
+      do_throw("Invalid language tag or quality value: " + e);
+    }
+
+    if (i == 0) {
+      // The first language shouldn't have a quality value.
+      Assert.equal(qualityValue, undefined);
+    } else {
+      let decimalPlaces;
+
+      // When the number of languages is small, we keep the quality value to only one decimal place.
+      // Otherwise, it can be up to two decimal places.
+      if (acceptedLanguagesLength < 10) {
+        Assert.ok(qualityValue.length == 3);
+
+        decimalPlaces = 1;
+      } else {
+        Assert.ok(qualityValue.length >= 3);
+        Assert.ok(qualityValue.length <= 4);
+
+        decimalPlaces = 2;
+      }
+
+      // All the other languages should have an evenly-spaced quality value.
+      Assert.equal(
+        parseFloat(qualityValue).toFixed(decimalPlaces),
+        (1.0 - (1 / acceptedLanguagesLength) * i).toFixed(decimalPlaces)
+      );
+    }
+  }
+}
+
+function setupChannel(path) {
+  let chan = NetUtil.newChannel({
+    uri: "http://localhost:4444" + path,
+    loadUsingSystemPrincipal: true,
+  });
+
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
diff --git a/netwerk/test/unit/test_header_Accept-Language_case.js b/netwerk/test/unit/test_header_Accept-Language_case.js
new file mode 100644
index 0000000000..69d936d74a
--- /dev/null
+++ b/netwerk/test/unit/test_header_Accept-Language_case.js
@@ -0,0 +1,50 @@
+"use strict";
+
+var testpath = "/bug1054739";
+
+function run_test() {
+  let intlPrefs = Services.prefs.getBranch("intl.");
+
+  let oldAcceptLangPref = intlPrefs.getCharPref("accept_languages");
+
+  let testData = [
+    ["en", "en"],
+    ["ast", "ast"],
+    ["fr-ca", "fr-CA"],
+    ["zh-yue", "zh-yue"],
+    ["az-latn", "az-Latn"],
+    ["sl-nedis", "sl-nedis"],
+    ["zh-hant-hk", "zh-Hant-HK"],
+    ["ZH-HANT-HK", "zh-Hant-HK"],
+    ["en-us-x-priv", "en-US-x-priv"],
+    ["en-us-x-twain", "en-US-x-twain"],
+    ["de, en-US, en", "de,en-US;q=0.7,en;q=0.3"],
+    ["de,en-us,en", "de,en-US;q=0.7,en;q=0.3"],
+    ["en-US, en", "en-US,en;q=0.5"],
+    ["EN-US;q=0.2, EN", "en-US,en;q=0.5"],
+    ["en ;q=0.8, de  ", "en,de;q=0.5"],
+    [",en,", "en"],
+  ];
+
+  for (let i = 0; i < testData.length; i++) {
+    let acceptLangPref = testData[i][0];
+    let expectedHeader = testData[i][1];
+
+    intlPrefs.setCharPref("accept_languages", acceptLangPref);
+    let acceptLangHeader =
+      setupChannel(testpath).getRequestHeader("Accept-Language");
+    equal(acceptLangHeader, expectedHeader);
+  }
+
+  intlPrefs.setCharPref("accept_languages", oldAcceptLangPref);
+}
+
+function setupChannel(path) {
+  let uri = NetUtil.newURI("http://localhost:4444" + path);
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
diff --git a/netwerk/test/unit/test_header_Server_Timing.js b/netwerk/test/unit/test_header_Server_Timing.js
new file mode 100644
index 0000000000..0e65cf3ccf
--- /dev/null
+++ b/netwerk/test/unit/test_header_Server_Timing.js
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+//
+//  HTTP Server-Timing header test
+//
+
+"use strict";
+
+function make_and_open_channel(url, callback) {
+  let chan = NetUtil.newChannel({ uri: url, loadUsingSystemPrincipal: true });
+  chan.asyncOpen(new ChannelListener(callback, null, CL_ALLOW_UNKNOWN_CL));
+}
+
+var responseServerTiming = [
+  { metric: "metric", duration: "123.4", description: "description" },
+  { metric: "metric2", duration: "456.78", description: "description1" },
+];
+var trailerServerTiming = [
+  { metric: "metric3", duration: "789.11", description: "description2" },
+  { metric: "metric4", duration: "1112.13", description: "description3" },
+];
+
+function run_test() {
+  do_test_pending();
+
+  // Set up to allow the cert presented by the server
+  do_get_profile();
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  registerCleanupFunction(() => {
+    Services.prefs.clearUserPref("network.dns.localDomains");
+  });
+
+  var serverPort = Services.env.get("MOZHTTP2_PORT");
+  make_and_open_channel(
+    "https://foo.example.com:" + serverPort + "/server-timing",
+    readServerContent
+  );
+}
+
+function checkServerTimingContent(headers) {
+  var expectedResult = responseServerTiming.concat(trailerServerTiming);
+  Assert.equal(headers.length, expectedResult.length);
+
+  for (var i = 0; i < expectedResult.length; i++) {
+    let header = headers.queryElementAt(i, Ci.nsIServerTiming);
+    Assert.equal(header.name, expectedResult[i].metric);
+    Assert.equal(header.description, expectedResult[i].description);
+    Assert.equal(header.duration, parseFloat(expectedResult[i].duration));
+  }
+}
+
+function readServerContent(request, buffer) {
+  let channel = request.QueryInterface(Ci.nsITimedChannel);
+  let headers = channel.serverTiming.QueryInterface(Ci.nsIArray);
+  checkServerTimingContent(headers);
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_headers.js b/netwerk/test/unit/test_headers.js
new file mode 100644
index 0000000000..e1439c6c43
--- /dev/null
+++ b/netwerk/test/unit/test_headers.js
@@ -0,0 +1,184 @@
+//
+//  cleaner HTTP header test infrastructure
+//
+//  tests bugs:  589292, [add more here: see hg log for definitive list]
+//
+//  TO ADD NEW TESTS:
+//  1) Increment up 'lastTest' to new number (say, "99")
+//  2) Add new test 'handler99' and 'completeTest99' functions.
+//  3) If your test should fail the necko channel, set
+//     test_flags[99] = CL_EXPECT_FAILURE.
+//
+// TO DEBUG JUST ONE TEST: temporarily change firstTest and lastTest to equal
+//                         the test # you're interested in.
+//
+//  For tests that need duplicate copies of headers to be sent, see
+//  test_duplicate_headers.js
+
+"use strict";
+
+var firstTest = 1; // set to test of interest when debugging
+var lastTest = 4; // set to test of interest when debugging
+////////////////////////////////////////////////////////////////////////////////
+
+// Note: sets Cc and Ci variables
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = new HttpServer();
+var nextTest = firstTest;
+var test_flags = [];
+var testPathBase = "/test_headers";
+
+function run_test() {
+  httpserver.start(-1);
+
+  do_test_pending();
+  run_test_number(nextTest);
+}
+
+function runNextTest() {
+  if (nextTest == lastTest) {
+    endTests();
+    return;
+  }
+  nextTest++;
+  // Make sure test functions exist
+  if (globalThis["handler" + nextTest] == undefined) {
+    do_throw("handler" + nextTest + " undefined!");
+  }
+  if (globalThis["completeTest" + nextTest] == undefined) {
+    do_throw("completeTest" + nextTest + " undefined!");
+  }
+
+  run_test_number(nextTest);
+}
+
+function run_test_number(num) {
+  let testPath = testPathBase + num;
+  httpserver.registerPathHandler(testPath, globalThis["handler" + num]);
+
+  var channel = setupChannel(testPath);
+  let flags = test_flags[num]; // OK if flags undefined for test
+  channel.asyncOpen(
+    new ChannelListener(globalThis["completeTest" + num], channel, flags)
+  );
+}
+
+function setupChannel(url) {
+  var chan = NetUtil.newChannel({
+    uri: URL + url,
+    loadUsingSystemPrincipal: true,
+  });
+  var httpChan = chan.QueryInterface(Ci.nsIHttpChannel);
+  return httpChan;
+}
+
+function endTests() {
+  httpserver.stop(do_test_finished);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 1: test Content-Disposition channel attributes
+// eslint-disable-next-line no-unused-vars
+function handler1(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Disposition", "attachment; filename=foo");
+  response.setHeader("Content-Type", "text/plain", false);
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest1(request, data, ctx) {
+  try {
+    var chan = request.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.contentDisposition, chan.DISPOSITION_ATTACHMENT);
+    Assert.equal(chan.contentDispositionFilename, "foo");
+    Assert.equal(chan.contentDispositionHeader, "attachment; filename=foo");
+  } catch (ex) {
+    do_throw("error parsing Content-Disposition: " + ex);
+  }
+  runNextTest();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 2: no filename
+// eslint-disable-next-line no-unused-vars
+function handler2(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Disposition", "attachment");
+  var body = "foo";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest2(request, data, ctx) {
+  try {
+    var chan = request.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.contentDisposition, chan.DISPOSITION_ATTACHMENT);
+    Assert.equal(chan.contentDispositionHeader, "attachment");
+    chan.contentDispositionFilename; // should barf
+    do_throw("Should have failed getting Content-Disposition filename");
+  } catch (ex) {
+    info("correctly ate exception");
+  }
+  runNextTest();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 3: filename missing
+// eslint-disable-next-line no-unused-vars
+function handler3(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Disposition", "attachment; filename=");
+  var body = "foo";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest3(request, data, ctx) {
+  try {
+    var chan = request.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.contentDisposition, chan.DISPOSITION_ATTACHMENT);
+    Assert.equal(chan.contentDispositionHeader, "attachment; filename=");
+    chan.contentDispositionFilename; // should barf
+
+    do_throw("Should have failed getting Content-Disposition filename");
+  } catch (ex) {
+    info("correctly ate exception");
+  }
+  runNextTest();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Test 4: inline
+// eslint-disable-next-line no-unused-vars
+function handler4(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Content-Disposition", "inline");
+  var body = "foo";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+// eslint-disable-next-line no-unused-vars
+function completeTest4(request, data, ctx) {
+  try {
+    var chan = request.QueryInterface(Ci.nsIChannel);
+    Assert.equal(chan.contentDisposition, chan.DISPOSITION_INLINE);
+    Assert.equal(chan.contentDispositionHeader, "inline");
+
+    chan.contentDispositionFilename; // should barf
+    do_throw("Should have failed getting Content-Disposition filename");
+  } catch (ex) {
+    info("correctly ate exception");
+  }
+  runNextTest();
+}
diff --git a/netwerk/test/unit/test_hostnameIsLocalIPAddress.js b/netwerk/test/unit/test_hostnameIsLocalIPAddress.js
new file mode 100644
index 0000000000..64d246c633
--- /dev/null
+++ b/netwerk/test/unit/test_hostnameIsLocalIPAddress.js
@@ -0,0 +1,37 @@
+"use strict";
+
+function run_test() {
+  let testURIs = [
+    ["http://example.com", false],
+    ["about:robots", false],
+    // 10/8 prefix (RFC 1918)
+    ["http://9.255.255.255", false],
+    ["http://10.0.0.0", true],
+    ["http://10.0.23.31", true],
+    ["http://10.255.255.255", true],
+    ["http://11.0.0.0", false],
+    // 169.254/16 prefix (Link Local)
+    ["http://169.253.255.255", false],
+    ["http://169.254.0.0", true],
+    ["http://169.254.42.91", true],
+    ["http://169.254.255.255", true],
+    ["http://169.255.0.0", false],
+    // 172.16/12 prefix (RFC 1918)
+    ["http://172.15.255.255", false],
+    ["http://172.16.0.0", true],
+    ["http://172.25.110.0", true],
+    ["http://172.31.255.255", true],
+    ["http://172.32.0.0", false],
+    // 192.168/16 prefix (RFC 1918)
+    ["http://192.167.255.255", false],
+    ["http://192.168.0.0", true],
+    ["http://192.168.127.10", true],
+    ["http://192.168.255.255", true],
+    ["http://192.169.0.0", false],
+  ];
+
+  for (let [uri, isLocal] of testURIs) {
+    let nsuri = Services.io.newURI(uri);
+    equal(isLocal, Services.io.hostnameIsLocalIPAddress(nsuri));
+  }
+}
diff --git a/netwerk/test/unit/test_hostnameIsSharedIPAddress.js b/netwerk/test/unit/test_hostnameIsSharedIPAddress.js
new file mode 100644
index 0000000000..c3eaeabc0e
--- /dev/null
+++ b/netwerk/test/unit/test_hostnameIsSharedIPAddress.js
@@ -0,0 +1,17 @@
+"use strict";
+
+function run_test() {
+  let testURIs = [
+    // 100.64/10 prefix (RFC 6598)
+    ["http://100.63.255.254", false],
+    ["http://100.64.0.0", true],
+    ["http://100.91.63.42", true],
+    ["http://100.127.255.254", true],
+    ["http://100.128.0.0", false],
+  ];
+
+  for (let [uri, isShared] of testURIs) {
+    let nsuri = Services.io.newURI(uri);
+    equal(isShared, Services.io.hostnameIsSharedIPAddress(nsuri));
+  }
+}
diff --git a/netwerk/test/unit/test_hpke_config_manager.js b/netwerk/test/unit/test_hpke_config_manager.js
new file mode 100644
index 0000000000..66d06c3464
--- /dev/null
+++ b/netwerk/test/unit/test_hpke_config_manager.js
@@ -0,0 +1,112 @@
+/* Any copyright is dedicated to the Public Domain.
+http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+let { HPKEConfigManager } = ChromeUtils.importESModule(
+  "resource://gre/modules/HPKEConfigManager.sys.mjs"
+);
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+let gHttpServer;
+let gValidRequestCount = 0;
+let gFickleIsWorking = true;
+
+add_setup(async function () {
+  gHttpServer = new HttpServer();
+  let invalidHandler = (req, res) => {
+    res.setStatusLine(req.httpVersion, 500, "Oh no, it broke");
+    res.write("Uh oh, it broke.");
+  };
+  let validHandler = (req, res) => {
+    res.setHeader("Content-Type", "application/ohttp-keys");
+    res.write("1234");
+    gValidRequestCount++;
+  };
+
+  gHttpServer.registerPathHandler("/.wellknown/invalid", invalidHandler);
+  gHttpServer.registerPathHandler("/.wellknown/valid", validHandler);
+
+  gHttpServer.registerPathHandler("/.wellknown/fickle", (req, res) => {
+    if (gFickleIsWorking) {
+      return validHandler(req, res);
+    }
+    return invalidHandler(req, res);
+  });
+
+  gHttpServer.start(-1);
+});
+
+function getLocalURL(path) {
+  return `http://localhost:${gHttpServer.identity.primaryPort}/.wellknown/${path}`;
+}
+
+add_task(async function test_broken_url_returns_null() {
+  Assert.equal(await HPKEConfigManager.get(getLocalURL("invalid")), null);
+});
+
+add_task(async function test_working_url_returns_data() {
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("valid")),
+    new TextEncoder().encode("1234")
+  );
+});
+
+add_task(async function test_we_only_request_once() {
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("valid")),
+    new TextEncoder().encode("1234")
+  );
+  let oldRequestCount = gValidRequestCount;
+
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("valid")),
+    new TextEncoder().encode("1234")
+  );
+  Assert.equal(
+    oldRequestCount,
+    gValidRequestCount,
+    "Shouldn't have made another request."
+  );
+});
+
+add_task(async function test_maxAge_forces_refresh() {
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("valid")),
+    new TextEncoder().encode("1234")
+  );
+  let oldRequestCount = gValidRequestCount;
+
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("valid"), { maxAge: 0 }),
+    new TextEncoder().encode("1234")
+  );
+  Assert.equal(
+    oldRequestCount + 1,
+    gValidRequestCount,
+    "Should have made another request due to maxAge."
+  );
+});
+
+add_task(async function test_maxAge_handling_of_invalid_requests() {
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("fickle")),
+    new TextEncoder().encode("1234")
+  );
+
+  gFickleIsWorking = false;
+
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("fickle"), { maxAge: 0 }),
+    null
+  );
+
+  Assert.deepEqual(
+    await HPKEConfigManager.get(getLocalURL("fickle")),
+    new TextEncoder().encode("1234"),
+    "Should still have the cached config if no max age is passed."
+  );
+});
diff --git a/netwerk/test/unit/test_http1-proxy.js b/netwerk/test/unit/test_http1-proxy.js
new file mode 100644
index 0000000000..7daa37e368
--- /dev/null
+++ b/netwerk/test/unit/test_http1-proxy.js
@@ -0,0 +1,231 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This test checks following expectations when using HTTP/1 proxy:
+ *
+ * - check we are seeing expected nsresult error codes on channels
+ *   (nsIChannel.status) corresponding to different proxy status code
+ *   responses (502, 504, 407, ...)
+ * - check we don't try to ask for credentials or otherwise authenticate to
+ *   the proxy when 407 is returned and there is no Proxy-Authenticate
+ *   response header sent
+ */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+const pps = Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+
+let server_port;
+let http_server;
+
+class ProxyFilter {
+  constructor(type, host, port, flags) {
+    this._type = type;
+    this._host = host;
+    this._port = port;
+    this._flags = flags;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIProtocolProxyFilter"]);
+  }
+  applyFilter(uri, pi, cb) {
+    if (uri.spec.match(/(\/proxy-session-counter)/)) {
+      cb.onProxyFilterResult(pi);
+      return;
+    }
+    cb.onProxyFilterResult(
+      pps.newProxyInfo(
+        this._type,
+        this._host,
+        this._port,
+        "",
+        "",
+        this._flags,
+        1000,
+        null
+      )
+    );
+  }
+}
+
+class UnxpectedAuthPrompt2 {
+  constructor(signal) {
+    this.signal = signal;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIAuthPrompt2"]);
+  }
+  asyncPromptAuth() {
+    this.signal.triggered = true;
+    throw Components.Exception("", Cr.ERROR_UNEXPECTED);
+  }
+}
+
+class AuthRequestor {
+  constructor(prompt) {
+    this.prompt = prompt;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIInterfaceRequestor"]);
+  }
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt2)) {
+      return this.prompt();
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  }
+}
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    // Using TYPE_DOCUMENT for the authentication dialog test, it'd be blocked for other types
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+}
+
+function get_response(channel, flags = CL_ALLOW_UNKNOWN_CL) {
+  return new Promise(resolve => {
+    channel.asyncOpen(
+      new ChannelListener(
+        (request, data) => {
+          request.QueryInterface(Ci.nsIHttpChannel);
+          const status = request.status;
+          const http_code = status ? undefined : request.responseStatus;
+          request.QueryInterface(Ci.nsIProxiedChannel);
+          const proxy_connect_response_code =
+            request.httpProxyConnectResponseCode;
+          resolve({ status, http_code, data, proxy_connect_response_code });
+        },
+        null,
+        flags
+      )
+    );
+  });
+}
+
+function connect_handler(request, response) {
+  Assert.equal(request.method, "CONNECT");
+
+  switch (request.host) {
+    case "404.example.com":
+      response.setStatusLine(request.httpVersion, 404, "Not found");
+      break;
+    case "407.example.com":
+      response.setStatusLine(request.httpVersion, 407, "Authenticate");
+      // And deliberately no Proxy-Authenticate header
+      break;
+    case "429.example.com":
+      response.setStatusLine(request.httpVersion, 429, "Too Many Requests");
+      break;
+    case "502.example.com":
+      response.setStatusLine(request.httpVersion, 502, "Bad Gateway");
+      break;
+    case "504.example.com":
+      response.setStatusLine(request.httpVersion, 504, "Gateway timeout");
+      break;
+    default:
+      response.setStatusLine(request.httpVersion, 500, "I am dumb");
+  }
+}
+
+add_task(async function setup() {
+  http_server = new HttpServer();
+  http_server.identity.add("https", "404.example.com", 443);
+  http_server.identity.add("https", "407.example.com", 443);
+  http_server.identity.add("https", "429.example.com", 443);
+  http_server.identity.add("https", "502.example.com", 443);
+  http_server.identity.add("https", "504.example.com", 443);
+  http_server.registerPathHandler("CONNECT", connect_handler);
+  http_server.start(-1);
+  server_port = http_server.identity.primaryPort;
+
+  // make all native resolve calls "secretly" resolve localhost instead
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+
+  pps.registerFilter(new ProxyFilter("http", "localhost", server_port, 0), 10);
+});
+
+registerCleanupFunction(() => {
+  Services.prefs.clearUserPref("network.dns.native-is-localhost");
+});
+
+/**
+ * Test series beginning.
+ */
+
+// The proxy responses with 407 instead of 200 Connected, make sure we get a proper error
+// code from the channel and not try to ask for any credentials.
+add_task(async function proxy_auth_failure() {
+  const chan = make_channel(`https://407.example.com/`);
+  const auth_prompt = { triggered: false };
+  chan.notificationCallbacks = new AuthRequestor(
+    () => new UnxpectedAuthPrompt2(auth_prompt)
+  );
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    chan,
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_AUTHENTICATION_FAILED);
+  Assert.equal(proxy_connect_response_code, 407);
+  Assert.equal(http_code, undefined);
+  Assert.equal(auth_prompt.triggered, false, "Auth prompt didn't trigger");
+});
+
+// 502 Bad gateway code returned by the proxy.
+add_task(async function proxy_bad_gateway_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://502.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_BAD_GATEWAY);
+  Assert.equal(proxy_connect_response_code, 502);
+  Assert.equal(http_code, undefined);
+});
+
+// 504 Gateway timeout code returned by the proxy.
+add_task(async function proxy_gateway_timeout_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://504.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_GATEWAY_TIMEOUT);
+  Assert.equal(proxy_connect_response_code, 504);
+  Assert.equal(http_code, undefined);
+});
+
+// 404 Not Found means the proxy could not resolve the host.
+add_task(async function proxy_host_not_found_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://404.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_UNKNOWN_HOST);
+  Assert.equal(proxy_connect_response_code, 404);
+  Assert.equal(http_code, undefined);
+});
+
+// 429 Too Many Requests means we sent too many requests.
+add_task(async function proxy_too_many_requests_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://429.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_TOO_MANY_REQUESTS);
+  Assert.equal(proxy_connect_response_code, 429);
+  Assert.equal(http_code, undefined);
+});
+
+add_task(async function shutdown() {
+  await new Promise(resolve => {
+    http_server.stop(resolve);
+  });
+});
diff --git a/netwerk/test/unit/test_http2-proxy-failing.js b/netwerk/test/unit/test_http2-proxy-failing.js
new file mode 100644
index 0000000000..8530f55373
--- /dev/null
+++ b/netwerk/test/unit/test_http2-proxy-failing.js
@@ -0,0 +1,174 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* Test stream failure on the session to the proxy:
+ *  - Test the case the error closes the affected stream only
+ *  - Test the case the error closes the whole session and cancels existing
+ *    streams.
+ */
+
+/* eslint-env node */
+
+"use strict";
+
+const pps = Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+
+let filter;
+
+class ProxyFilter {
+  constructor(type, host, port, flags) {
+    this._type = type;
+    this._host = host;
+    this._port = port;
+    this._flags = flags;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIProtocolProxyFilter"]);
+  }
+  applyFilter(uri, pi, cb) {
+    cb.onProxyFilterResult(
+      pps.newProxyInfo(
+        this._type,
+        this._host,
+        this._port,
+        null,
+        null,
+        this._flags,
+        1000,
+        null
+      )
+    );
+  }
+}
+
+function createPrincipal(url) {
+  var ssm = Services.scriptSecurityManager;
+  try {
+    return ssm.createContentPrincipal(Services.io.newURI(url), {});
+  } catch (e) {
+    return null;
+  }
+}
+
+function make_channel(url) {
+  return Services.io.newChannelFromURIWithProxyFlags(
+    Services.io.newURI(url),
+    null,
+    16,
+    null,
+    createPrincipal(url),
+    createPrincipal(url),
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    Ci.nsIContentPolicy.TYPE_OTHER
+  );
+}
+
+function get_response(channel, flags = CL_ALLOW_UNKNOWN_CL, delay = 0) {
+  return new Promise(resolve => {
+    var listener = new ChannelListener(
+      (request, data) => {
+        request.QueryInterface(Ci.nsIHttpChannel);
+        const status = request.status;
+        const http_code = status ? undefined : request.responseStatus;
+        request.QueryInterface(Ci.nsIProxiedChannel);
+        const proxy_connect_response_code =
+          request.httpProxyConnectResponseCode;
+        resolve({ status, http_code, data, proxy_connect_response_code });
+      },
+      null,
+      flags
+    );
+    if (delay > 0) {
+      do_timeout(delay, function () {
+        channel.asyncOpen(listener);
+      });
+    } else {
+      channel.asyncOpen(listener);
+    }
+  });
+}
+
+add_task(async function setup() {
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  let proxy_port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(proxy_port, null);
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", true);
+  // make all native resolve calls "secretly" resolve localhost instead
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+
+  filter = new ProxyFilter("https", "localhost", proxy_port, 16);
+  pps.registerFilter(filter, 10);
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  Services.prefs.clearUserPref("network.dns.native-is-localhost");
+
+  pps.unregisterFilter(filter);
+});
+
+add_task(
+  async function proxy_server_stream_soft_failure_multiple_streams_not_affected() {
+    let should_succeed = get_response(make_channel(`http://750.example.com`));
+    const failed = await get_response(
+      make_channel(`http://illegalhpacksoft.example.com`),
+      CL_EXPECT_FAILURE,
+      20
+    );
+
+    const succeeded = await should_succeed;
+
+    Assert.equal(failed.status, Cr.NS_ERROR_ILLEGAL_VALUE);
+    Assert.equal(failed.proxy_connect_response_code, 0);
+    Assert.equal(failed.http_code, undefined);
+    Assert.equal(succeeded.status, Cr.NS_OK);
+    Assert.equal(succeeded.proxy_connect_response_code, 200);
+    Assert.equal(succeeded.http_code, 200);
+  }
+);
+
+add_task(
+  async function proxy_server_stream_hard_failure_multiple_streams_affected() {
+    let should_failed = get_response(
+      make_channel(`http://750.example.com`),
+      CL_EXPECT_FAILURE
+    );
+    const failed1 = await get_response(
+      make_channel(`http://illegalhpackhard.example.com`),
+      CL_EXPECT_FAILURE
+    );
+
+    const failed2 = await should_failed;
+
+    Assert.equal(failed1.status, 0x804b0053);
+    Assert.equal(failed1.proxy_connect_response_code, 0);
+    Assert.equal(failed1.http_code, undefined);
+    Assert.equal(failed2.status, 0x804b0053);
+    Assert.equal(failed2.proxy_connect_response_code, 0);
+    Assert.equal(failed2.http_code, undefined);
+  }
+);
+
+add_task(async function test_http2_h11required_stream() {
+  let should_failed = await get_response(
+    make_channel(`http://h11required.com`),
+    CL_EXPECT_FAILURE
+  );
+
+  // See HTTP/1.1 connect handler in moz-http2.js. The handler returns
+  // "404 Not Found", so the expected error code is NS_ERROR_UNKNOWN_HOST.
+  Assert.equal(should_failed.status, Cr.NS_ERROR_UNKNOWN_HOST);
+  Assert.equal(should_failed.proxy_connect_response_code, 404);
+  Assert.equal(should_failed.http_code, undefined);
+});
diff --git a/netwerk/test/unit/test_http2-proxy.js b/netwerk/test/unit/test_http2-proxy.js
new file mode 100644
index 0000000000..d8aa0019fe
--- /dev/null
+++ b/netwerk/test/unit/test_http2-proxy.js
@@ -0,0 +1,862 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This test checks following expectations when using HTTP/2 proxy:
+ *
+ * - when we request https access, we don't create different sessions for
+ *   different origins, only new tunnels inside a single session
+ * - when the isolation key (`proxy_isolation`) is changed, new single session
+ *   is created for new requests to same origins as before
+ * - error code returned from the tunnel (a proxy error - not end-server
+ *   error!) doesn't kill the existing session
+ * - check we are seeing expected nsresult error codes on channels
+ *   (nsIChannel.status) corresponding to different proxy status code
+ *   responses (502, 504, 407, ...)
+ * - check we don't try to ask for credentials or otherwise authenticate to
+ *   the proxy when 407 is returned and there is no Proxy-Authenticate
+ *   response header sent
+ * - a stream reset for a connect stream to the proxy does not cause session to
+ *   be closed and the request through the proxy will failed.
+ * - a "soft" stream error on a connection to the origin server will close the
+ *   stream, but it will not close niether the HTTP/2 session to the proxy nor
+ *   to the origin server.
+ * - a "hard" stream error on a connection to the origin server will close the
+ *   HTTP/2 session to the origin server, but it will not close the HTTP/2
+ *   session to the proxy.
+ */
+
+/* eslint-env node */
+/* global serverPort */
+
+"use strict";
+
+const pps = Cc["@mozilla.org/network/protocol-proxy-service;1"].getService();
+
+let proxy_port;
+let filter;
+let proxy;
+
+// See moz-http2
+const proxy_auth = "authorization-token";
+let proxy_isolation;
+
+class ProxyFilter {
+  constructor(type, host, port, flags) {
+    this._type = type;
+    this._host = host;
+    this._port = port;
+    this._flags = flags;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIProtocolProxyFilter"]);
+  }
+  applyFilter(uri, pi, cb) {
+    cb.onProxyFilterResult(
+      pps.newProxyInfo(
+        this._type,
+        this._host,
+        this._port,
+        proxy_auth,
+        proxy_isolation,
+        this._flags,
+        1000,
+        null
+      )
+    );
+  }
+}
+
+class UnxpectedAuthPrompt2 {
+  constructor(signal) {
+    this.signal = signal;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIAuthPrompt2"]);
+  }
+  asyncPromptAuth() {
+    this.signal.triggered = true;
+    throw Components.Exception("", Cr.ERROR_UNEXPECTED);
+  }
+}
+
+class SimpleAuthPrompt2 {
+  constructor(signal) {
+    this.signal = signal;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIAuthPrompt2"]);
+  }
+  asyncPromptAuth(channel, callback, context, encryptionLevel, authInfo) {
+    this.signal.triggered = true;
+    executeSoon(function () {
+      authInfo.username = "user";
+      authInfo.password = "pass";
+      callback.onAuthAvailable(context, authInfo);
+    });
+  }
+}
+
+class AuthRequestor {
+  constructor(prompt) {
+    this.prompt = prompt;
+    this.QueryInterface = ChromeUtils.generateQI(["nsIInterfaceRequestor"]);
+  }
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIAuthPrompt2)) {
+      return this.prompt();
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  }
+}
+
+function createPrincipal(url) {
+  var ssm = Services.scriptSecurityManager;
+  try {
+    return ssm.createContentPrincipal(Services.io.newURI(url), {});
+  } catch (e) {
+    return null;
+  }
+}
+
+function make_channel(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadingPrincipal: createPrincipal(url),
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    // Using TYPE_DOCUMENT for the authentication dialog test, it'd be blocked for other types
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+}
+
+function get_response(channel, flags = CL_ALLOW_UNKNOWN_CL, delay = 0) {
+  return new Promise(resolve => {
+    var listener = new ChannelListener(
+      (request, data) => {
+        request.QueryInterface(Ci.nsIHttpChannel);
+        const status = request.status;
+        const http_code = status ? undefined : request.responseStatus;
+        request.QueryInterface(Ci.nsIProxiedChannel);
+        const proxy_connect_response_code =
+          request.httpProxyConnectResponseCode;
+        resolve({ status, http_code, data, proxy_connect_response_code });
+      },
+      null,
+      flags
+    );
+    if (delay > 0) {
+      do_timeout(delay, function () {
+        channel.asyncOpen(listener);
+      });
+    } else {
+      channel.asyncOpen(listener);
+    }
+  });
+}
+
+let initial_session_count = 0;
+
+class http2ProxyCode {
+  static listen(server, envport) {
+    if (!server) {
+      return Promise.resolve(0);
+    }
+
+    let portSelection = 0;
+    if (envport !== undefined) {
+      try {
+        portSelection = parseInt(envport, 10);
+      } catch (e) {
+        portSelection = -1;
+      }
+    }
+    return new Promise(resolve => {
+      server.listen(portSelection, "0.0.0.0", 2000, () => {
+        resolve(server.address().port);
+      });
+    });
+  }
+
+  static startNewProxy() {
+    const fs = require("fs");
+    const options = {
+      key: fs.readFileSync(__dirname + "/http2-cert.key"),
+      cert: fs.readFileSync(__dirname + "/http2-cert.pem"),
+    };
+    const http2 = require("http2");
+    global.proxy = http2.createSecureServer(options);
+    this.setupProxy();
+    return http2ProxyCode.listen(proxy).then(port => {
+      return { port, success: true };
+    });
+  }
+
+  static closeProxy() {
+    proxy.closeSockets();
+    return new Promise(resolve => {
+      proxy.close(resolve);
+    });
+  }
+
+  static proxySessionCount() {
+    if (!proxy) {
+      return 0;
+    }
+    return proxy.proxy_session_count;
+  }
+
+  static proxySessionToOriginServersCount() {
+    if (!proxy) {
+      return 0;
+    }
+    return proxy.sessionToOriginServersCount;
+  }
+
+  static setupProxy() {
+    if (!proxy) {
+      throw new Error("proxy is null");
+    }
+    proxy.proxy_session_count = 0;
+    proxy.sessionToOriginServersCount = 0;
+    proxy.on("session", () => {
+      ++proxy.proxy_session_count;
+    });
+
+    // We need to track active connections so we can forcefully close keep-alive
+    // connections when shutting down the proxy.
+    proxy.socketIndex = 0;
+    proxy.socketMap = {};
+    proxy.on("connection", function (socket) {
+      let index = proxy.socketIndex++;
+      proxy.socketMap[index] = socket;
+      socket.on("close", function () {
+        delete proxy.socketMap[index];
+      });
+    });
+    proxy.closeSockets = function () {
+      for (let i in proxy.socketMap) {
+        proxy.socketMap[i].destroy();
+      }
+    };
+
+    proxy.on("stream", (stream, headers) => {
+      if (headers[":method"] !== "CONNECT") {
+        // Only accept CONNECT requests
+        stream.respond({ ":status": 405 });
+        stream.end();
+        return;
+      }
+
+      const target = headers[":authority"];
+
+      const authorization_token = headers["proxy-authorization"];
+      if (target == "407.example.com:443") {
+        stream.respond({ ":status": 407 });
+        // Deliberately send no Proxy-Authenticate header
+        stream.end();
+        return;
+      }
+      if (target == "407.basic.example.com:443") {
+        // we want to return a different response than 407 to not re-request
+        // credentials (and thus loop) but also not 200 to not let the channel
+        // attempt to waste time connecting a non-existing https server - hence
+        // 418 I'm a teapot :)
+        if ("Basic dXNlcjpwYXNz" == authorization_token) {
+          stream.respond({ ":status": 418 });
+          stream.end();
+          return;
+        }
+        stream.respond({
+          ":status": 407,
+          "proxy-authenticate": "Basic realm='foo'",
+        });
+        stream.end();
+        return;
+      }
+      if (target == "404.example.com:443") {
+        // 404 Not Found, a response code that a proxy should return when the host can't be found
+        stream.respond({ ":status": 404 });
+        stream.end();
+        return;
+      }
+      if (target == "429.example.com:443") {
+        // 429 Too Many Requests, a response code that a proxy should return when receiving too many requests
+        stream.respond({ ":status": 429 });
+        stream.end();
+        return;
+      }
+      if (target == "502.example.com:443") {
+        // 502 Bad Gateway, a response code mostly resembling immediate connection error
+        stream.respond({ ":status": 502 });
+        stream.end();
+        return;
+      }
+      if (target == "504.example.com:443") {
+        // 504 Gateway Timeout, did not receive a timely response from an upstream server
+        stream.respond({ ":status": 504 });
+        stream.end();
+        return;
+      }
+      if (target == "reset.example.com:443") {
+        // always reset the stream.
+        stream.close(0x0);
+        return;
+      }
+
+      ++proxy.sessionToOriginServersCount;
+      const net = require("net");
+      const socket = net.connect(serverPort, "127.0.0.1", () => {
+        try {
+          stream.respond({ ":status": 200 });
+          socket.pipe(stream);
+          stream.pipe(socket);
+        } catch (exception) {
+          console.log(exception);
+          stream.close();
+        }
+      });
+      socket.on("error", error => {
+        throw new Error(
+          `Unexpected error when conneting the HTTP/2 server from the HTTP/2 proxy during CONNECT handling: '${error}'`
+        );
+      });
+    });
+  }
+}
+
+async function proxy_session_counter() {
+  let data = await NodeServer.execute(
+    processId,
+    `http2ProxyCode.proxySessionCount()`
+  );
+  return parseInt(data) - initial_session_count;
+}
+async function proxy_session_to_origin_server_counter() {
+  let data = await NodeServer.execute(
+    processId,
+    `http2ProxyCode.proxySessionToOriginServersCount()`
+  );
+  return parseInt(data) - initial_session_count;
+}
+let processId;
+add_task(async function setup() {
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  let server_port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(server_port, null);
+  processId = await NodeServer.fork();
+  await NodeServer.execute(processId, `serverPort = ${server_port}`);
+  await NodeServer.execute(processId, http2ProxyCode);
+  let newProxy = await NodeServer.execute(
+    processId,
+    `http2ProxyCode.startNewProxy()`
+  );
+  proxy_port = newProxy.port;
+  Assert.notEqual(proxy_port, null);
+
+  Services.prefs.setStringPref(
+    "services.settings.server",
+    `data:,#remote-settings-dummy/v1`
+  );
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", true);
+
+  // Even with network state isolation active, we don't end up using the
+  // partitioned principal.
+  Services.prefs.setBoolPref("privacy.partition.network_state", true);
+
+  // make all native resolve calls "secretly" resolve localhost instead
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+
+  filter = new ProxyFilter("https", "localhost", proxy_port, 0);
+  pps.registerFilter(filter, 10);
+
+  initial_session_count = await proxy_session_counter();
+  info(`Initial proxy session count = ${initial_session_count}`);
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("services.settings.server");
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  Services.prefs.clearUserPref("network.dns.native-is-localhost");
+
+  pps.unregisterFilter(filter);
+
+  await NodeServer.execute(processId, `http2ProxyCode.closeProxy()`);
+  await NodeServer.kill(processId);
+});
+
+/**
+ * Test series beginning.
+ */
+
+// Check we reach the h2 end server and keep only one session with the proxy for two different origin.
+// Here we use the first isolation token.
+add_task(async function proxy_success_one_session() {
+  proxy_isolation = "TOKEN1";
+
+  const foo = await get_response(
+    make_channel(`https://foo.example.com/random-request-1`)
+  );
+  const alt1 = await get_response(
+    make_channel(`https://alt1.example.com/random-request-2`)
+  );
+
+  Assert.equal(foo.status, Cr.NS_OK);
+  Assert.equal(foo.proxy_connect_response_code, 200);
+  Assert.equal(foo.http_code, 200);
+  Assert.ok(foo.data.match("random-request-1"));
+  Assert.ok(foo.data.match("You Win!"));
+  Assert.equal(alt1.status, Cr.NS_OK);
+  Assert.equal(alt1.proxy_connect_response_code, 200);
+  Assert.equal(alt1.http_code, 200);
+  Assert.ok(alt1.data.match("random-request-2"));
+  Assert.ok(alt1.data.match("You Win!"));
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "Created just one session with the proxy"
+  );
+});
+
+// The proxy responses with 407 instead of 200 Connected, make sure we get a proper error
+// code from the channel and not try to ask for any credentials.
+add_task(async function proxy_auth_failure() {
+  const chan = make_channel(`https://407.example.com/`);
+  const auth_prompt = { triggered: false };
+  chan.notificationCallbacks = new AuthRequestor(
+    () => new UnxpectedAuthPrompt2(auth_prompt)
+  );
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    chan,
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_AUTHENTICATION_FAILED);
+  Assert.equal(proxy_connect_response_code, 407);
+  Assert.equal(http_code, undefined);
+  Assert.equal(auth_prompt.triggered, false, "Auth prompt didn't trigger");
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 407"
+  );
+});
+
+// The proxy responses with 407 with Proxy-Authenticate header presence. Make
+// sure that we prompt the auth prompt to ask for credentials.
+add_task(async function proxy_auth_basic() {
+  const chan = make_channel(`https://407.basic.example.com/`);
+  const auth_prompt = { triggered: false };
+  chan.notificationCallbacks = new AuthRequestor(
+    () => new SimpleAuthPrompt2(auth_prompt)
+  );
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    chan,
+    CL_EXPECT_FAILURE
+  );
+
+  // 418 indicates we pass the basic authentication.
+  Assert.equal(status, Cr.NS_ERROR_PROXY_CONNECTION_REFUSED);
+  Assert.equal(proxy_connect_response_code, 418);
+  Assert.equal(http_code, undefined);
+  Assert.equal(auth_prompt.triggered, true, "Auth prompt should trigger");
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 407"
+  );
+});
+
+// 502 Bad gateway code returned by the proxy, still one session only, proper different code
+// from the channel.
+add_task(async function proxy_bad_gateway_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://502.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_BAD_GATEWAY);
+  Assert.equal(proxy_connect_response_code, 502);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 502 after 407"
+  );
+});
+
+// Second 502 Bad gateway code returned by the proxy, still one session only with the proxy.
+add_task(async function proxy_bad_gateway_failure_two() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://502.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_BAD_GATEWAY);
+  Assert.equal(proxy_connect_response_code, 502);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by second 502"
+  );
+});
+
+// 504 Gateway timeout code returned by the proxy, still one session only, proper different code
+// from the channel.
+add_task(async function proxy_gateway_timeout_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://504.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_GATEWAY_TIMEOUT);
+  Assert.equal(proxy_connect_response_code, 504);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 504 after 502"
+  );
+});
+
+// 404 Not Found means the proxy could not resolve the host.  As for other error responses
+// we still expect this not to close the existing session.
+add_task(async function proxy_host_not_found_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://404.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_UNKNOWN_HOST);
+  Assert.equal(proxy_connect_response_code, 404);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 404 after 504"
+  );
+});
+
+add_task(async function proxy_too_many_requests_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://429.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_PROXY_TOO_MANY_REQUESTS);
+  Assert.equal(proxy_connect_response_code, 429);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 429 after 504"
+  );
+});
+
+add_task(async function proxy_stream_reset_failure() {
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://reset.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_NET_INTERRUPT);
+  Assert.equal(proxy_connect_response_code, 0);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session created by 429 after 504"
+  );
+});
+
+// The soft errors are not closing the session.
+add_task(async function origin_server_stream_soft_failure() {
+  var current_num_sessions_to_origin_server =
+    await proxy_session_to_origin_server_counter();
+
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://foo.example.com/illegalhpacksoft`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, Cr.NS_ERROR_ILLEGAL_VALUE);
+  Assert.equal(proxy_connect_response_code, 200);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No session to the proxy closed by soft stream errors"
+  );
+  Assert.equal(
+    await proxy_session_to_origin_server_counter(),
+    current_num_sessions_to_origin_server,
+    "No session to the origin server closed by soft stream errors"
+  );
+});
+
+// The soft errors are not closing the session.
+add_task(
+  async function origin_server_stream_soft_failure_multiple_streams_not_affected() {
+    var current_num_sessions_to_origin_server =
+      await proxy_session_to_origin_server_counter();
+
+    let should_succeed = get_response(
+      make_channel(`https://foo.example.com/750ms`)
+    );
+
+    const failed = await get_response(
+      make_channel(`https://foo.example.com/illegalhpacksoft`),
+      CL_EXPECT_FAILURE,
+      20
+    );
+
+    const succeeded = await should_succeed;
+
+    Assert.equal(failed.status, Cr.NS_ERROR_ILLEGAL_VALUE);
+    Assert.equal(failed.proxy_connect_response_code, 200);
+    Assert.equal(failed.http_code, undefined);
+    Assert.equal(succeeded.status, Cr.NS_OK);
+    Assert.equal(succeeded.proxy_connect_response_code, 200);
+    Assert.equal(succeeded.http_code, 200);
+    Assert.equal(
+      await proxy_session_counter(),
+      1,
+      "No session to the proxy closed by soft stream errors"
+    );
+    Assert.equal(
+      await proxy_session_to_origin_server_counter(),
+      current_num_sessions_to_origin_server,
+      "No session to the origin server closed by soft stream errors"
+    );
+  }
+);
+
+// Make sure that the above error codes don't kill the session to the proxy.
+add_task(async function proxy_success_still_one_session() {
+  const foo = await get_response(
+    make_channel(`https://foo.example.com/random-request-1`)
+  );
+  const alt1 = await get_response(
+    make_channel(`https://alt1.example.com/random-request-2`)
+  );
+
+  Assert.equal(foo.status, Cr.NS_OK);
+  Assert.equal(foo.http_code, 200);
+  Assert.equal(foo.proxy_connect_response_code, 200);
+  Assert.ok(foo.data.match("random-request-1"));
+  Assert.equal(alt1.status, Cr.NS_OK);
+  Assert.equal(alt1.proxy_connect_response_code, 200);
+  Assert.equal(alt1.http_code, 200);
+  Assert.ok(alt1.data.match("random-request-2"));
+  Assert.equal(
+    await proxy_session_counter(),
+    1,
+    "No new session to the proxy created after stream error codes"
+  );
+});
+
+// Have a new isolation key, this means we are expected to create a new, and again one only,
+// session with the proxy to reach the end server.
+add_task(async function proxy_success_isolated_session() {
+  Assert.notEqual(proxy_isolation, "TOKEN2");
+  proxy_isolation = "TOKEN2";
+
+  const foo = await get_response(
+    make_channel(`https://foo.example.com/random-request-1`)
+  );
+  const alt1 = await get_response(
+    make_channel(`https://alt1.example.com/random-request-2`)
+  );
+  const lh = await get_response(
+    make_channel(`https://localhost/random-request-3`)
+  );
+
+  Assert.equal(foo.status, Cr.NS_OK);
+  Assert.equal(foo.proxy_connect_response_code, 200);
+  Assert.equal(foo.http_code, 200);
+  Assert.ok(foo.data.match("random-request-1"));
+  Assert.ok(foo.data.match("You Win!"));
+  Assert.equal(alt1.status, Cr.NS_OK);
+  Assert.equal(alt1.proxy_connect_response_code, 200);
+  Assert.equal(alt1.http_code, 200);
+  Assert.ok(alt1.data.match("random-request-2"));
+  Assert.ok(alt1.data.match("You Win!"));
+  Assert.equal(lh.status, Cr.NS_OK);
+  Assert.equal(lh.proxy_connect_response_code, 200);
+  Assert.equal(lh.http_code, 200);
+  Assert.ok(lh.data.match("random-request-3"));
+  Assert.ok(lh.data.match("You Win!"));
+  Assert.equal(
+    await proxy_session_counter(),
+    2,
+    "Just one new session seen after changing the isolation key"
+  );
+});
+
+// Check that error codes are still handled the same way with new isolation, just in case.
+add_task(async function proxy_bad_gateway_failure_isolated() {
+  const failure1 = await get_response(
+    make_channel(`https://502.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+  const failure2 = await get_response(
+    make_channel(`https://502.example.com/`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(failure1.status, Cr.NS_ERROR_PROXY_BAD_GATEWAY);
+  Assert.equal(failure1.proxy_connect_response_code, 502);
+  Assert.equal(failure1.http_code, undefined);
+  Assert.equal(failure2.status, Cr.NS_ERROR_PROXY_BAD_GATEWAY);
+  Assert.equal(failure2.proxy_connect_response_code, 502);
+  Assert.equal(failure2.http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    2,
+    "No new session created by 502"
+  );
+});
+
+add_task(async function proxy_success_check_number_of_session() {
+  const foo = await get_response(
+    make_channel(`https://foo.example.com/random-request-1`)
+  );
+  const alt1 = await get_response(
+    make_channel(`https://alt1.example.com/random-request-2`)
+  );
+  const lh = await get_response(
+    make_channel(`https://localhost/random-request-3`)
+  );
+
+  Assert.equal(foo.status, Cr.NS_OK);
+  Assert.equal(foo.proxy_connect_response_code, 200);
+  Assert.equal(foo.http_code, 200);
+  Assert.ok(foo.data.match("random-request-1"));
+  Assert.ok(foo.data.match("You Win!"));
+  Assert.equal(alt1.status, Cr.NS_OK);
+  Assert.equal(alt1.proxy_connect_response_code, 200);
+  Assert.equal(alt1.http_code, 200);
+  Assert.ok(alt1.data.match("random-request-2"));
+  Assert.ok(alt1.data.match("You Win!"));
+  Assert.equal(lh.status, Cr.NS_OK);
+  Assert.equal(lh.proxy_connect_response_code, 200);
+  Assert.equal(lh.http_code, 200);
+  Assert.ok(lh.data.match("random-request-3"));
+  Assert.ok(lh.data.match("You Win!"));
+  Assert.equal(
+    await proxy_session_counter(),
+    2,
+    "The number of sessions has not changed"
+  );
+});
+
+// The hard errors are closing the session.
+add_task(async function origin_server_stream_hard_failure() {
+  var current_num_sessions_to_origin_server =
+    await proxy_session_to_origin_server_counter();
+  const { status, http_code, proxy_connect_response_code } = await get_response(
+    make_channel(`https://foo.example.com/illegalhpackhard`),
+    CL_EXPECT_FAILURE
+  );
+
+  Assert.equal(status, 0x804b0053);
+  Assert.equal(proxy_connect_response_code, 200);
+  Assert.equal(http_code, undefined);
+  Assert.equal(
+    await proxy_session_counter(),
+    2,
+    "No new session to the proxy."
+  );
+  Assert.equal(
+    await proxy_session_to_origin_server_counter(),
+    current_num_sessions_to_origin_server,
+    "No new session to the origin server yet."
+  );
+
+  // Check the a new session ill be opened.
+  const foo = await get_response(
+    make_channel(`https://foo.example.com/random-request-1`)
+  );
+
+  Assert.equal(foo.status, Cr.NS_OK);
+  Assert.equal(foo.proxy_connect_response_code, 200);
+  Assert.equal(foo.http_code, 200);
+  Assert.ok(foo.data.match("random-request-1"));
+  Assert.ok(foo.data.match("You Win!"));
+
+  Assert.equal(
+    await proxy_session_counter(),
+    2,
+    "No new session to the proxy is created after a hard stream failure on the session to the origin server."
+  );
+  Assert.equal(
+    await proxy_session_to_origin_server_counter(),
+    current_num_sessions_to_origin_server + 1,
+    "A new session to the origin server after a hard stream error"
+  );
+});
+
+// The hard errors are closing the session.
+add_task(
+  async function origin_server_stream_hard_failure_multiple_streams_affected() {
+    var current_num_sessions_to_origin_server =
+      await proxy_session_to_origin_server_counter();
+    let should_fail = get_response(
+      make_channel(`https://foo.example.com/750msNoData`),
+      CL_EXPECT_FAILURE
+    );
+    const failed1 = await get_response(
+      make_channel(`https://foo.example.com/illegalhpackhard`),
+      CL_EXPECT_FAILURE,
+      10
+    );
+
+    const failed2 = await should_fail;
+
+    Assert.equal(failed1.status, 0x804b0053);
+    Assert.equal(failed1.proxy_connect_response_code, 200);
+    Assert.equal(failed1.http_code, undefined);
+    Assert.equal(failed2.status, 0x804b0053);
+    Assert.equal(failed2.proxy_connect_response_code, 200);
+    Assert.equal(failed2.http_code, undefined);
+    Assert.equal(
+      await proxy_session_counter(),
+      2,
+      "No new session to the proxy"
+    );
+    Assert.equal(
+      await proxy_session_to_origin_server_counter(),
+      current_num_sessions_to_origin_server,
+      "No session to the origin server yet."
+    );
+    // Check the a new session ill be opened.
+    const foo = await get_response(
+      make_channel(`https://foo.example.com/random-request-1`)
+    );
+
+    Assert.equal(foo.status, Cr.NS_OK);
+    Assert.equal(foo.proxy_connect_response_code, 200);
+    Assert.equal(foo.http_code, 200);
+    Assert.ok(foo.data.match("random-request-1"));
+    Assert.ok(foo.data.match("You Win!"));
+
+    Assert.equal(
+      await proxy_session_counter(),
+      2,
+      "No new session to the proxy is created after a hard stream failure on the session to the origin server."
+    );
+
+    Assert.equal(
+      await proxy_session_to_origin_server_counter(),
+      current_num_sessions_to_origin_server + 1,
+      "A new session to the origin server after a hard stream error"
+    );
+  }
+);
diff --git a/netwerk/test/unit/test_http2.js b/netwerk/test/unit/test_http2.js
new file mode 100644
index 0000000000..0b80e99dcc
--- /dev/null
+++ b/netwerk/test/unit/test_http2.js
@@ -0,0 +1,481 @@
+/* import-globals-from http2_test_common.js */
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var concurrent_channels = [];
+var httpserv = null;
+var httpserv2 = null;
+
+var loadGroup;
+var serverPort;
+
+function altsvcHttp1Server(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Alt-Svc", 'h2=":' + serverPort + '"', false);
+  var body = "this is where a cool kid would write something neat.\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+
+  var body = '["http://foo.example.com:' + httpserv.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function altsvcHttp1Server2(metadata, response) {
+  // this server should never be used thanks to an alt svc frame from the
+  // h2 server.. but in case of some async lag in setting the alt svc route
+  // up we have it.
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  var body = "hanging.\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK2(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+
+  var body =
+    '["http://foo.example.com:' + httpserv2.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+add_setup(async function setup() {
+  serverPort = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(serverPort, null);
+  dump("using port " + serverPort + "\n");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert. Some older tests in
+  // this suite use localhost with a TOFU exception, but new ones should use
+  // foo.example.com
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", true);
+  Services.prefs.setBoolPref("network.http.http2.allow-push", true);
+  Services.prefs.setBoolPref("network.http.altsvc.enabled", true);
+  Services.prefs.setBoolPref("network.http.altsvc.oe", true);
+  Services.prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(
+    Ci.nsILoadGroup
+  );
+
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/altsvc1", altsvcHttp1Server);
+  httpserv.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK);
+  httpserv.start(-1);
+  httpserv.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    httpserv.identity.primaryPort
+  );
+
+  httpserv2 = new HttpServer();
+  httpserv2.registerPathHandler("/altsvc2", altsvcHttp1Server2);
+  httpserv2.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK2);
+  httpserv2.start(-1);
+  httpserv2.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    httpserv2.identity.primaryPort
+  );
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  Services.prefs.clearUserPref("network.http.http2.allow-push");
+  Services.prefs.clearUserPref("network.http.altsvc.enabled");
+  Services.prefs.clearUserPref("network.http.altsvc.oe");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref(
+    "network.cookieJarSettings.unblocked_for_testing"
+  );
+  await httpserv.stop();
+  await httpserv2.stop();
+});
+
+// hack - the header test resets the multiplex object on the server,
+// so make sure header is always run before the multiplex test.
+//
+// make sure post_big runs first to test race condition in restarting
+// a stalled stream when a SETTINGS frame arrives
+add_task(async function do_test_http2_post_big() {
+  const { httpProxyConnectResponseCode } = await test_http2_post_big(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_basic() {
+  const { httpProxyConnectResponseCode } = await test_http2_basic(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_concurrent() {
+  const { httpProxyConnectResponseCode } = await test_http2_concurrent(
+    concurrent_channels,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_concurrent_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_concurrent_post(
+    concurrent_channels,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_basic_unblocked_dep() {
+  const { httpProxyConnectResponseCode } = await test_http2_basic_unblocked_dep(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_nospdy() {
+  const { httpProxyConnectResponseCode } = await test_http2_nospdy(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push4() {
+  const { httpProxyConnectResponseCode } = await test_http2_push4(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push5() {
+  const { httpProxyConnectResponseCode } = await test_http2_push5(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push6() {
+  const { httpProxyConnectResponseCode } = await test_http2_push6(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_altsvc() {
+  const { httpProxyConnectResponseCode } = await test_http2_altsvc(
+    httpserv.identity.primaryPort,
+    httpserv2.identity.primaryPort,
+    false
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_doubleheader() {
+  const { httpProxyConnectResponseCode } = await test_http2_doubleheader(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_xhr() {
+  await test_http2_xhr(serverPort);
+});
+
+add_task(async function do_test_http2_header() {
+  const { httpProxyConnectResponseCode } = await test_http2_header(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_invalid_response_header_name_spaces() {
+  const { httpProxyConnectResponseCode } =
+    await test_http2_invalid_response_header(serverPort, "name_spaces");
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(
+  async function do_test_http2_invalid_response_header_value_line_feed() {
+    const { httpProxyConnectResponseCode } =
+      await test_http2_invalid_response_header(serverPort, "value_line_feed");
+    Assert.equal(httpProxyConnectResponseCode, -1);
+  }
+);
+
+add_task(
+  async function do_test_http2_invalid_response_header_value_carriage_return() {
+    const { httpProxyConnectResponseCode } =
+      await test_http2_invalid_response_header(
+        serverPort,
+        "value_carriage_return"
+      );
+    Assert.equal(httpProxyConnectResponseCode, -1);
+  }
+);
+
+add_task(async function do_test_http2_invalid_response_header_value_null() {
+  const { httpProxyConnectResponseCode } =
+    await test_http2_invalid_response_header(serverPort, "value_null");
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_cookie_crumbling() {
+  const { httpProxyConnectResponseCode } = await test_http2_cookie_crumbling(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_multiplex() {
+  var values = await test_http2_multiplex(serverPort);
+  Assert.equal(values[0].httpProxyConnectResponseCode, -1);
+  Assert.equal(values[1].httpProxyConnectResponseCode, -1);
+  Assert.notEqual(values[0].streamID, values[1].streamID);
+});
+
+add_task(async function do_test_http2_big() {
+  const { httpProxyConnectResponseCode } = await test_http2_big(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_huge_suspended() {
+  const { httpProxyConnectResponseCode } = await test_http2_huge_suspended(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_post(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_empty_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_empty_post(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_patch() {
+  const { httpProxyConnectResponseCode } = await test_http2_patch(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_pushapi_1() {
+  const { httpProxyConnectResponseCode } = await test_http2_pushapi_1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_continuations() {
+  const { httpProxyConnectResponseCode } = await test_http2_continuations(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_blocking_download() {
+  const { httpProxyConnectResponseCode } = await test_http2_blocking_download(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_illegalhpacksoft() {
+  const { httpProxyConnectResponseCode } = await test_http2_illegalhpacksoft(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_illegalhpackhard() {
+  const { httpProxyConnectResponseCode } = await test_http2_illegalhpackhard(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_folded_header() {
+  const { httpProxyConnectResponseCode } = await test_http2_folded_header(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_empty_data() {
+  const { httpProxyConnectResponseCode } = await test_http2_empty_data(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_status_phrase() {
+  const { httpProxyConnectResponseCode } = await test_http2_status_phrase(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_doublepush() {
+  const { httpProxyConnectResponseCode } = await test_http2_doublepush(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_disk_cache_push() {
+  const { httpProxyConnectResponseCode } = await test_http2_disk_cache_push(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_h11required_stream() {
+  // Add new tests above here - best to add new tests before h1
+  // streams get too involved
+  // These next two must always come in this order
+  const { httpProxyConnectResponseCode } = await test_http2_h11required_stream(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_h11required_session() {
+  const { httpProxyConnectResponseCode } = await test_http2_h11required_session(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_retry_rst() {
+  const { httpProxyConnectResponseCode } = await test_http2_retry_rst(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_wrongsuite_tls12() {
+  const { httpProxyConnectResponseCode } = await test_http2_wrongsuite_tls12(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_wrongsuite_tls13() {
+  const { httpProxyConnectResponseCode } = await test_http2_wrongsuite_tls13(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_firstparty1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_firstparty2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_firstparty3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_userContext1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_userContext2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
+
+add_task(async function do_test_http2_push_userContext3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, -1);
+});
diff --git a/netwerk/test/unit/test_http2_with_proxy.js b/netwerk/test/unit/test_http2_with_proxy.js
new file mode 100644
index 0000000000..858a0da570
--- /dev/null
+++ b/netwerk/test/unit/test_http2_with_proxy.js
@@ -0,0 +1,425 @@
+// test HTTP/2 with a HTTP/2 prooxy
+
+"use strict";
+
+/* import-globals-from http2_test_common.js */
+/* import-globals-from head_servers.js */
+
+var concurrent_channels = [];
+
+var loadGroup;
+var serverPort;
+var proxy;
+
+add_setup(async function setup() {
+  serverPort = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(serverPort, null);
+  dump("using port " + serverPort + "\n");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert. Some older tests in
+  // this suite use localhost with a TOFU exception, but new ones should use
+  // foo.example.com
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "proxy-ca.pem", "CTu,u,u");
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", true);
+  Services.prefs.setBoolPref("network.http.http2.allow-push", true);
+  Services.prefs.setBoolPref("network.http.altsvc.enabled", true);
+  Services.prefs.setBoolPref("network.http.altsvc.oe", true);
+  Services.prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+  Services.prefs.setBoolPref(
+    "network.cookieJarSettings.unblocked_for_testing",
+    true
+  );
+
+  loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(
+    Ci.nsILoadGroup
+  );
+
+  Services.prefs.setStringPref(
+    "services.settings.server",
+    `data:,#remote-settings-dummy/v1`
+  );
+
+  proxy = new NodeHTTP2ProxyServer();
+  await proxy.start();
+});
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  Services.prefs.clearUserPref("network.http.http2.allow-push");
+  Services.prefs.clearUserPref("network.http.altsvc.enabled");
+  Services.prefs.clearUserPref("network.http.altsvc.oe");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref(
+    "network.cookieJarSettings.unblocked_for_testing"
+  );
+
+  await proxy.stop();
+});
+
+// hack - the header test resets the multiplex object on the server,
+// so make sure header is always run before the multiplex test.
+//
+// make sure post_big runs first to test race condition in restarting
+// a stalled stream when a SETTINGS frame arrives
+add_task(async function do_test_http2_post_big() {
+  const { httpProxyConnectResponseCode } = await test_http2_post_big(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_basic() {
+  const { httpProxyConnectResponseCode } = await test_http2_basic(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_concurrent() {
+  const { httpProxyConnectResponseCode } = await test_http2_concurrent(
+    concurrent_channels,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_concurrent_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_concurrent_post(
+    concurrent_channels,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_basic_unblocked_dep() {
+  const { httpProxyConnectResponseCode } = await test_http2_basic_unblocked_dep(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_nospdy() {
+  const { httpProxyConnectResponseCode } = await test_http2_nospdy(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push4() {
+  const { httpProxyConnectResponseCode } = await test_http2_push4(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push5() {
+  const { httpProxyConnectResponseCode } = await test_http2_push5(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push6() {
+  const { httpProxyConnectResponseCode } = await test_http2_push6(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_doubleheader() {
+  const { httpProxyConnectResponseCode } = await test_http2_doubleheader(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_xhr() {
+  await test_http2_xhr(serverPort);
+});
+
+add_task(async function do_test_http2_header() {
+  const { httpProxyConnectResponseCode } = await test_http2_header(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_invalid_response_header_name_spaces() {
+  const { httpProxyConnectResponseCode } =
+    await test_http2_invalid_response_header(serverPort, "name_spaces");
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(
+  async function do_test_http2_invalid_response_header_value_line_feed() {
+    const { httpProxyConnectResponseCode } =
+      await test_http2_invalid_response_header(serverPort, "value_line_feed");
+    Assert.equal(httpProxyConnectResponseCode, 200);
+  }
+);
+
+add_task(
+  async function do_test_http2_invalid_response_header_value_carriage_return() {
+    const { httpProxyConnectResponseCode } =
+      await test_http2_invalid_response_header(
+        serverPort,
+        "value_carriage_return"
+      );
+    Assert.equal(httpProxyConnectResponseCode, 200);
+  }
+);
+
+add_task(async function do_test_http2_invalid_response_header_value_null() {
+  const { httpProxyConnectResponseCode } =
+    await test_http2_invalid_response_header(serverPort, "value_null");
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_cookie_crumbling() {
+  const { httpProxyConnectResponseCode } = await test_http2_cookie_crumbling(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_multiplex() {
+  var values = await test_http2_multiplex(serverPort);
+  Assert.equal(values[0].httpProxyConnectResponseCode, 200);
+  Assert.equal(values[1].httpProxyConnectResponseCode, 200);
+  Assert.notEqual(values[0].streamID, values[1].streamID);
+});
+
+add_task(async function do_test_http2_big() {
+  const { httpProxyConnectResponseCode } = await test_http2_big(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_huge_suspended() {
+  const { httpProxyConnectResponseCode } = await test_http2_huge_suspended(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_post(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_empty_post() {
+  const { httpProxyConnectResponseCode } = await test_http2_empty_post(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_patch() {
+  const { httpProxyConnectResponseCode } = await test_http2_patch(serverPort);
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_pushapi_1() {
+  const { httpProxyConnectResponseCode } = await test_http2_pushapi_1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 0);
+});
+
+add_task(async function do_test_http2_continuations() {
+  const { httpProxyConnectResponseCode } = await test_http2_continuations(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 0);
+});
+
+add_task(async function do_test_http2_blocking_download() {
+  const { httpProxyConnectResponseCode } = await test_http2_blocking_download(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_illegalhpacksoft() {
+  const { httpProxyConnectResponseCode } = await test_http2_illegalhpacksoft(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_illegalhpackhard() {
+  const { httpProxyConnectResponseCode } = await test_http2_illegalhpackhard(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_folded_header() {
+  const { httpProxyConnectResponseCode } = await test_http2_folded_header(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_empty_data() {
+  const { httpProxyConnectResponseCode } = await test_http2_empty_data(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_status_phrase() {
+  const { httpProxyConnectResponseCode } = await test_http2_status_phrase(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_doublepush() {
+  const { httpProxyConnectResponseCode } = await test_http2_doublepush(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_disk_cache_push() {
+  const { httpProxyConnectResponseCode } = await test_http2_disk_cache_push(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_h11required_stream() {
+  // Add new tests above here - best to add new tests before h1
+  // streams get too involved
+  // These next two must always come in this order
+  const { httpProxyConnectResponseCode } = await test_http2_h11required_stream(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_h11required_session() {
+  const { httpProxyConnectResponseCode } = await test_http2_h11required_session(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_retry_rst() {
+  const { httpProxyConnectResponseCode } = await test_http2_retry_rst(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_wrongsuite_tls12() {
+  // For this test we need to start HTTPS 1.1 proxy because HTTP/2 proxy cannot be used.
+  proxy.unregisterFilter();
+  let proxyHttp1 = new NodeHTTPSProxyServer();
+  await proxyHttp1.start();
+  proxyHttp1.registerFilter();
+  registerCleanupFunction(() => {
+    proxyHttp1.stop();
+  });
+  const { httpProxyConnectResponseCode } = await test_http2_wrongsuite_tls12(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+  proxyHttp1.unregisterFilter();
+  proxy.registerFilter();
+});
+
+add_task(async function do_test_http2_wrongsuite_tls13() {
+  const { httpProxyConnectResponseCode } = await test_http2_wrongsuite_tls13(
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_firstparty1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_firstparty2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_firstparty3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_firstparty3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_userContext1() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext1(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_userContext2() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext2(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
+
+add_task(async function do_test_http2_push_userContext3() {
+  const { httpProxyConnectResponseCode } = await test_http2_push_userContext3(
+    loadGroup,
+    serverPort
+  );
+  Assert.equal(httpProxyConnectResponseCode, 200);
+});
diff --git a/netwerk/test/unit/test_http3.js b/netwerk/test/unit/test_http3.js
new file mode 100644
index 0000000000..7f3f5b118d
--- /dev/null
+++ b/netwerk/test/unit/test_http3.js
@@ -0,0 +1,571 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+// Generate a post with known pre-calculated md5 sum.
+function generateContent(size) {
+  let content = "";
+  for (let i = 0; i < size; i++) {
+    content += "0";
+  }
+  return content;
+}
+
+let post = generateContent(10);
+
+// Max concurent stream number in neqo is 100.
+// Openning 120 streams will test queuing of streams.
+let number_of_parallel_requests = 120;
+let h1Server = null;
+let h3Route;
+let httpsOrigin;
+let httpOrigin;
+let h3AltSvc;
+
+let prefs;
+
+let tests = [
+  // This test must be the first because it setsup alt-svc connection, that
+  // other tests use.
+  test_https_alt_svc,
+  test_multiple_requests,
+  test_request_cancelled_by_server,
+  test_stream_cancelled_by_necko,
+  test_multiple_request_one_is_cancelled,
+  test_multiple_request_one_is_cancelled_by_necko,
+  test_post,
+  test_patch,
+  test_http_alt_svc,
+  test_slow_receiver,
+  // This test should be at the end, because it will close http3
+  // connection and the transaction will switch to already existing http2
+  // connection.
+  // TODO: Bug 1582667 should try to fix issue with connection being closed.
+  test_version_fallback,
+  testsDone,
+];
+
+let current_test = 0;
+
+function run_next_test() {
+  if (current_test < tests.length) {
+    dump("starting test number " + current_test + "\n");
+    tests[current_test]();
+    current_test++;
+  }
+}
+
+function run_test() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+  let h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  h3AltSvc = ":" + h3Port;
+
+  h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+  prefs = Services.prefs;
+
+  prefs.setBoolPref("network.http.http3.enable", true);
+  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+  prefs.setBoolPref("network.http.altsvc.oe", true);
+
+  // The certificate for the http3server server is for foo.example.com and
+  // is signed by http2-ca.pem so add that cert to the trust list as a
+  // signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  httpsOrigin = "https://foo.example.com:" + h2Port + "/";
+
+  h1Server = new HttpServer();
+  h1Server.registerPathHandler("/http3-test", h1Response);
+  h1Server.registerPathHandler("/.well-known/http-opportunistic", h1ServerWK);
+  h1Server.registerPathHandler("/VersionFallback", h1Response);
+  h1Server.start(-1);
+  h1Server.identity.setPrimary(
+    "http",
+    "foo.example.com",
+    h1Server.identity.primaryPort
+  );
+  httpOrigin = "http://foo.example.com:" + h1Server.identity.primaryPort + "/";
+
+  run_next_test();
+}
+
+function h1Response(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "text/plain", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  try {
+    let hval = "h3-29=" + metadata.getHeader("x-altsvc");
+    response.setHeader("Alt-Svc", hval, false);
+  } catch (e) {}
+
+  let body = "Q: What did 0 say to 8? A: Nice Belt!\n";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function h1ServerWK(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/json", false);
+  response.setHeader("Connection", "close", false);
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Access-Control-Allow-Origin", "*", false);
+  response.setHeader("Access-Control-Allow-Method", "GET", false);
+  response.setHeader("Access-Control-Allow-Headers", "x-altsvc", false);
+
+  let body = '["http://foo.example.com:' + h1Server.identity.primaryPort + '"]';
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let Http3CheckListener = function () {};
+
+Http3CheckListener.prototype = {
+  onDataAvailableFired: false,
+  expectedStatus: Cr.NS_OK,
+  expectedRoute: "",
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    Assert.equal(request.status, this.expectedStatus);
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      Assert.equal(request.responseStatus, 200);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, this.expectedStatus);
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+
+    Assert.equal(routed, this.expectedRoute);
+
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, "h3-29");
+      Assert.equal(this.onDataAvailableFired, true);
+      Assert.equal(request.getResponseHeader("X-Firefox-Http3"), "h3-29");
+    }
+    run_next_test();
+    do_test_finished();
+  },
+};
+
+let WaitForHttp3Listener = function () {};
+
+WaitForHttp3Listener.prototype = new Http3CheckListener();
+
+WaitForHttp3Listener.prototype.uri = "";
+WaitForHttp3Listener.prototype.h3AltSvc = "";
+
+WaitForHttp3Listener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  Assert.equal(status, this.expectedStatus);
+
+  let routed = "NA";
+  try {
+    routed = request.getRequestHeader("Alt-Used");
+  } catch (e) {}
+  dump("routed is " + routed + "\n");
+
+  let httpVersion = "";
+  try {
+    httpVersion = request.protocolVersion;
+  } catch (e) {}
+
+  if (routed == this.expectedRoute) {
+    Assert.equal(routed, this.expectedRoute); // always true, but a useful log
+    Assert.equal(httpVersion, "h3-29");
+    run_next_test();
+  } else {
+    dump("poll later for alt svc mapping\n");
+    if (httpVersion == "h2") {
+      request.QueryInterface(Ci.nsIHttpChannelInternal);
+      Assert.ok(request.supportsHTTP3);
+    }
+    do_test_pending();
+    do_timeout(500, () => {
+      doTest(this.uri, this.expectedRoute, this.h3AltSvc);
+    });
+  }
+
+  do_test_finished();
+};
+
+function doTest(uri, expectedRoute, altSvc) {
+  let chan = makeChan(uri);
+  let listener = new WaitForHttp3Listener();
+  listener.uri = uri;
+  listener.expectedRoute = expectedRoute;
+  listener.h3AltSvc = altSvc;
+  chan.setRequestHeader("x-altsvc", altSvc, false);
+  chan.asyncOpen(listener);
+}
+
+// Test Alt-Svc for http3.
+// H2 server returns alt-svc=h3-29=:h3port
+function test_https_alt_svc() {
+  dump("test_https_alt_svc()\n");
+  do_test_pending();
+  doTest(httpsOrigin + "http3-test", h3Route, h3AltSvc);
+}
+
+// Listener for a number of parallel requests. if with_error is set, one of
+// the channels will be cancelled (by the server or in onStartRequest).
+let MultipleListener = function () {};
+
+MultipleListener.prototype = {
+  number_of_parallel_requests: 0,
+  with_error: Cr.NS_OK,
+  count_of_done_requests: 0,
+  error_found_onstart: false,
+  error_found_onstop: false,
+  need_cancel_found: false,
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    let need_cancel = "";
+    try {
+      need_cancel = request.getRequestHeader("CancelMe");
+    } catch (e) {}
+    if (need_cancel != "") {
+      this.need_cancel_found = true;
+      request.cancel(Cr.NS_ERROR_ABORT);
+    } else if (Components.isSuccessCode(request.status)) {
+      Assert.equal(request.responseStatus, 200);
+    } else if (this.error_found_onstart) {
+      do_throw("We should have only one request failing.");
+    } else {
+      Assert.equal(request.status, this.with_error);
+      this.error_found_onstart = true;
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let routed = "";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    Assert.equal(routed, this.expectedRoute);
+
+    if (Components.isSuccessCode(request.status)) {
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, "h3-29");
+    }
+
+    if (!Components.isSuccessCode(request.status)) {
+      if (this.error_found_onstop) {
+        do_throw("We should have only one request failing.");
+      } else {
+        Assert.equal(request.status, this.with_error);
+        this.error_found_onstop = true;
+      }
+    }
+    this.count_of_done_requests++;
+    if (this.count_of_done_requests == this.number_of_parallel_requests) {
+      if (Components.isSuccessCode(this.with_error)) {
+        Assert.equal(this.error_found_onstart, false);
+        Assert.equal(this.error_found_onstop, false);
+      } else {
+        Assert.ok(this.error_found_onstart || this.need_cancel_found);
+        Assert.equal(this.error_found_onstop, true);
+      }
+      run_next_test();
+    }
+    do_test_finished();
+  },
+};
+
+// Multiple requests
+function test_multiple_requests() {
+  dump("test_multiple_requests()\n");
+
+  let listener = new MultipleListener();
+  listener.number_of_parallel_requests = number_of_parallel_requests;
+  listener.expectedRoute = h3Route;
+
+  for (let i = 0; i < number_of_parallel_requests; i++) {
+    let chan = makeChan(httpsOrigin + "20000");
+    chan.asyncOpen(listener);
+    do_test_pending();
+  }
+}
+
+// A request cancelled by a server.
+function test_request_cancelled_by_server() {
+  dump("test_request_cancelled_by_server()\n");
+
+  let listener = new Http3CheckListener();
+  listener.expectedStatus = Cr.NS_ERROR_NET_INTERRUPT;
+  listener.expectedRoute = h3Route;
+  let chan = makeChan(httpsOrigin + "RequestCancelled");
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+let CancelRequestListener = function () {};
+
+CancelRequestListener.prototype = new Http3CheckListener();
+
+CancelRequestListener.prototype.expectedStatus = Cr.NS_ERROR_ABORT;
+
+CancelRequestListener.prototype.onStartRequest = function testOnStartRequest(
+  request
+) {
+  Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+  Assert.equal(Components.isSuccessCode(request.status), true);
+  request.cancel(Cr.NS_ERROR_ABORT);
+};
+
+// Cancel stream after OnStartRequest.
+function test_stream_cancelled_by_necko() {
+  dump("test_stream_cancelled_by_necko()\n");
+
+  let listener = new CancelRequestListener();
+  listener.expectedRoute = h3Route;
+  let chan = makeChan(httpsOrigin + "20000");
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+// Multiple requests, one gets cancelled by the server, the other should finish normally.
+function test_multiple_request_one_is_cancelled() {
+  dump("test_multiple_request_one_is_cancelled()\n");
+
+  let listener = new MultipleListener();
+  listener.number_of_parallel_requests = number_of_parallel_requests;
+  listener.with_error = Cr.NS_ERROR_NET_INTERRUPT;
+  listener.expectedRoute = h3Route;
+
+  for (let i = 0; i < number_of_parallel_requests; i++) {
+    let uri = httpsOrigin + "20000";
+    if (i == 4) {
+      // Add a request that will be cancelled by the server.
+      uri = httpsOrigin + "RequestCancelled";
+    }
+    let chan = makeChan(uri);
+    chan.asyncOpen(listener);
+    do_test_pending();
+  }
+}
+
+// Multiple requests, one gets cancelled by us, the other should finish normally.
+function test_multiple_request_one_is_cancelled_by_necko() {
+  dump("test_multiple_request_one_is_cancelled_by_necko()\n");
+
+  let listener = new MultipleListener();
+  listener.number_of_parallel_requests = number_of_parallel_requests;
+  listener.with_error = Cr.NS_ERROR_ABORT;
+  listener.expectedRoute = h3Route;
+  for (let i = 0; i < number_of_parallel_requests; i++) {
+    let chan = makeChan(httpsOrigin + "20000");
+    if (i == 4) {
+      // MultipleListener will cancel request with this header.
+      chan.setRequestHeader("CancelMe", "true", false);
+    }
+    chan.asyncOpen(listener);
+    do_test_pending();
+  }
+}
+
+let PostListener = function () {};
+
+PostListener.prototype = new Http3CheckListener();
+
+PostListener.prototype.onDataAvailable = function (request, stream, off, cnt) {
+  this.onDataAvailableFired = true;
+  read_stream(stream, cnt);
+};
+
+// Support for doing a POST
+function do_post(content, chan, listener, method) {
+  let stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = content;
+
+  let uchan = chan.QueryInterface(Ci.nsIUploadChannel);
+  uchan.setUploadStream(stream, "text/plain", stream.available());
+
+  chan.requestMethod = method;
+
+  chan.asyncOpen(listener);
+}
+
+// Test a simple POST
+function test_post() {
+  dump("test_post()");
+  let chan = makeChan(httpsOrigin + "post");
+  let listener = new PostListener();
+  listener.expectedRoute = h3Route;
+  do_post(post, chan, listener, "POST");
+  do_test_pending();
+}
+
+// Test a simple PATCH
+function test_patch() {
+  dump("test_patch()");
+  let chan = makeChan(httpsOrigin + "patch");
+  let listener = new PostListener();
+  listener.expectedRoute = h3Route;
+  do_post(post, chan, listener, "PATCH");
+  do_test_pending();
+}
+
+// Test alt-svc for http (without s)
+function test_http_alt_svc() {
+  dump("test_http_alt_svc()\n");
+
+  do_test_pending();
+  doTest(httpOrigin + "http3-test", h3Route, h3AltSvc);
+}
+
+let SlowReceiverListener = function () {};
+
+SlowReceiverListener.prototype = new Http3CheckListener();
+SlowReceiverListener.prototype.count = 0;
+
+SlowReceiverListener.prototype.onDataAvailable = function (
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.onDataAvailableFired = true;
+  this.count += cnt;
+  read_stream(stream, cnt);
+};
+
+SlowReceiverListener.prototype.onStopRequest = function (request, status) {
+  Assert.equal(status, this.expectedStatus);
+  Assert.equal(this.count, 10000000);
+  let routed = "NA";
+  try {
+    routed = request.getRequestHeader("Alt-Used");
+  } catch (e) {}
+  dump("routed is " + routed + "\n");
+
+  Assert.equal(routed, this.expectedRoute);
+
+  if (Components.isSuccessCode(this.expectedStatus)) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    Assert.equal(this.onDataAvailableFired, true);
+  }
+  run_next_test();
+  do_test_finished();
+};
+
+function test_slow_receiver() {
+  dump("test_slow_receiver()\n");
+  let chan = makeChan(httpsOrigin + "10000000");
+  let listener = new SlowReceiverListener();
+  listener.expectedRoute = h3Route;
+  chan.asyncOpen(listener);
+  do_test_pending();
+  chan.suspend();
+  do_timeout(1000, chan.resume);
+}
+
+let CheckFallbackListener = function () {};
+
+CheckFallbackListener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+
+    Assert.equal(routed, "0");
+
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "http/1.1");
+    run_next_test();
+    do_test_finished();
+  },
+};
+
+// Server cancels request with VersionFallback.
+function test_version_fallback() {
+  dump("test_version_fallback()\n");
+
+  let chan = makeChan(httpsOrigin + "VersionFallback");
+  let listener = new CheckFallbackListener();
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.http.http3.enable");
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+  prefs.clearUserPref("network.http.altsvc.oe");
+  dump("testDone\n");
+  do_test_pending();
+  h1Server.stop(do_test_finished);
+}
diff --git a/netwerk/test/unit/test_http3_0rtt.js b/netwerk/test/unit/test_http3_0rtt.js
new file mode 100644
index 0000000000..1002263ed5
--- /dev/null
+++ b/netwerk/test/unit/test_http3_0rtt.js
@@ -0,0 +1,96 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3-29");
+});
+
+let Http3Listener = function () {};
+
+Http3Listener.prototype = {
+  resumed: false,
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+
+    let secinfo = request.securityInfo;
+    Assert.equal(secinfo.resumed, this.resumed);
+    Assert.ok(secinfo.serverCert != null);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+
+    this.finish();
+  },
+};
+
+function chanPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+async function test_first_conn_no_resumed() {
+  let listener = new Http3Listener();
+  listener.resumed = false;
+  let chan = makeChan("https://foo.example.com/30");
+  await chanPromise(chan, listener);
+}
+
+async function test_0RTT(enable_0rtt, resumed) {
+  info(`enable_0rtt=${enable_0rtt} resumed=${resumed}`);
+  Services.prefs.setBoolPref("network.http.http3.enable_0rtt", enable_0rtt);
+
+  // Make sure the h3 connection created by the previous test is cleared.
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+
+  // This connecion should be resumed.
+  let listener = new Http3Listener();
+  listener.resumed = resumed;
+  let chan = makeChan("https://foo.example.com/30");
+  await chanPromise(chan, listener);
+}
+
+add_task(async function test_0RTT_setups() {
+  await test_first_conn_no_resumed();
+
+  // http3.0RTT enabled
+  await test_0RTT(true, true);
+
+  // http3.0RTT disabled
+  await test_0RTT(false, false);
+});
diff --git a/netwerk/test/unit/test_http3_421.js b/netwerk/test/unit/test_http3_421.js
new file mode 100644
index 0000000000..de04babe06
--- /dev/null
+++ b/netwerk/test/unit/test_http3_421.js
@@ -0,0 +1,172 @@
+"use strict";
+
+let h3Route;
+let httpsOrigin;
+let h3AltSvc;
+let prefs;
+
+let tests = [test_https_alt_svc, test_response_421, testsDone];
+let current_test = 0;
+
+function run_next_test() {
+  if (current_test < tests.length) {
+    dump("starting test number " + current_test + "\n");
+    tests[current_test]();
+    current_test++;
+  }
+}
+
+function run_test() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+  let h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  h3AltSvc = ":" + h3Port;
+
+  h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+  prefs = Services.prefs;
+
+  prefs.setBoolPref("network.http.http3.enable", true);
+  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+
+  // The certificate for the http3server server is for foo.example.com and
+  // is signed by http2-ca.pem so add that cert to the trust list as a
+  // signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  httpsOrigin = "https://foo.example.com:" + h2Port + "/";
+
+  run_next_test();
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let Http3Listener = function () {};
+
+Http3Listener.prototype = {
+  onDataAvailableFired: false,
+  buffer: "",
+  routed: "",
+  httpVersion: "",
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    this.buffer = this.buffer.concat(read_stream(stream, cnt));
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    Assert.equal(this.onDataAvailableFired, true);
+    this.routed = "NA";
+    try {
+      this.routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + this.routed + "\n");
+
+    this.httpVersion = "";
+    try {
+      this.httpVersion = request.protocolVersion;
+    } catch (e) {}
+    dump("httpVersion is " + this.httpVersion + "\n");
+  },
+};
+
+let WaitForHttp3Listener = function () {};
+
+WaitForHttp3Listener.prototype = new Http3Listener();
+
+WaitForHttp3Listener.prototype.uri = "";
+
+WaitForHttp3Listener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  Http3Listener.prototype.onStopRequest.call(this, request, status);
+
+  if (this.routed == h3Route) {
+    Assert.equal(this.httpVersion, "h3-29");
+    run_next_test();
+  } else {
+    dump("poll later for alt svc mapping\n");
+    do_test_pending();
+    do_timeout(500, () => {
+      doTest(this.uri);
+    });
+  }
+
+  do_test_finished();
+};
+
+function doTest(uri) {
+  let chan = makeChan(uri);
+  let listener = new WaitForHttp3Listener();
+  listener.uri = uri;
+  chan.setRequestHeader("x-altsvc", h3AltSvc, false);
+  chan.asyncOpen(listener);
+}
+
+// Test Alt-Svc for http3.
+// H2 server returns alt-svc=h3-29=:h3port
+function test_https_alt_svc() {
+  dump("test_https_alt_svc()\n");
+
+  do_test_pending();
+  doTest(httpsOrigin + "http3-test");
+}
+
+let Resp421Listener = function () {};
+
+Resp421Listener.prototype = new Http3Listener();
+
+Resp421Listener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  Http3Listener.prototype.onStopRequest.call(this, request, status);
+
+  Assert.equal(this.routed, "0");
+  Assert.equal(this.httpVersion, "h2");
+  Assert.ok(this.buffer.match("You Win! [(]by requesting/Response421[)]"));
+
+  run_next_test();
+  do_test_finished();
+};
+
+function test_response_421() {
+  dump("test_response_421()\n");
+
+  let listener = new Resp421Listener();
+  let chan = makeChan(httpsOrigin + "Response421");
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.http.http3.enable");
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+  dump("testDone\n");
+  do_test_pending();
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_http3_alt_svc.js b/netwerk/test/unit/test_http3_alt_svc.js
new file mode 100644
index 0000000000..201101eb19
--- /dev/null
+++ b/netwerk/test/unit/test_http3_alt_svc.js
@@ -0,0 +1,136 @@
+"use strict";
+
+let httpsOrigin;
+let h3AltSvc;
+let h3Route;
+let prefs;
+
+let tests = [test_https_alt_svc, testsDone];
+
+let current_test = 0;
+
+function run_next_test() {
+  if (current_test < tests.length) {
+    dump("starting test number " + current_test + "\n");
+    tests[current_test]();
+    current_test++;
+  }
+}
+
+function run_test() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+  let h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  h3AltSvc = ":" + h3Port;
+
+  h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+  prefs = Services.prefs;
+
+  prefs.setBoolPref("network.http.http3.enable", true);
+  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+
+  // The certificate for the http3server server is for foo.example.com and
+  // is signed by http2-ca.pem so add that cert to the trust list as a
+  // signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  httpsOrigin = "https://foo.example.com:" + h2Port + "/";
+
+  run_next_test();
+}
+
+function createPrincipal(url) {
+  var ssm = Services.scriptSecurityManager;
+  try {
+    return ssm.createContentPrincipal(Services.io.newURI(url), {});
+  } catch (e) {
+    return null;
+  }
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadingPrincipal: createPrincipal(uri),
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let WaitForHttp3Listener = function () {};
+
+WaitForHttp3Listener.prototype = {
+  onDataAvailableFired: false,
+  expectedRoute: "",
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+
+    if (routed == this.expectedRoute) {
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, "h3-29");
+      run_next_test();
+    } else {
+      dump("poll later for alt svc mapping\n");
+      do_test_pending();
+      do_timeout(500, () => {
+        doTest(this.uri, this.expectedRoute, this.h3AltSvc);
+      });
+    }
+
+    do_test_finished();
+  },
+};
+
+function doTest(uri, expectedRoute, altSvc) {
+  let chan = makeChan(uri);
+  let listener = new WaitForHttp3Listener();
+  listener.uri = uri;
+  listener.expectedRoute = expectedRoute;
+  listener.h3AltSvc = altSvc;
+  chan.setRequestHeader("x-altsvc", altSvc, false);
+  chan.asyncOpen(listener);
+}
+
+// Test Alt-Svc for http3.
+// H2 server returns alt-svc=h2=foo2.example.com:8000,h3-29=:h3port,h3-30=foo2.example.com:8443
+function test_https_alt_svc() {
+  dump("test_https_alt_svc()\n");
+  do_test_pending();
+  doTest(httpsOrigin + "http3-test2", h3Route, h3AltSvc);
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.http.http3.enable");
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+  dump("testDone\n");
+}
diff --git a/netwerk/test/unit/test_http3_coalescing.js b/netwerk/test/unit/test_http3_coalescing.js
new file mode 100644
index 0000000000..b6c19ef626
--- /dev/null
+++ b/netwerk/test/unit/test_http3_coalescing.js
@@ -0,0 +1,113 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let h2Port;
+let h3Port;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+}
+
+setup();
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+  Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+  Services.prefs.clearUserPref(
+    "network.dns.echconfig.fallback_to_origin_when_all_failed"
+  );
+  Services.prefs.clearUserPref("network.dns.httpssvc.reset_exclustion_list");
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout"
+  );
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+    }
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+async function H3CoalescingTest(host1, host2) {
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    `${host1};h3-29=:${h3Port}`
+  );
+  Services.prefs.setCharPref("network.dns.localDomains", host1);
+
+  let chan = makeChan(`https://${host1}`);
+  let [req] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.protocolVersion, "h3-29");
+  let hash = req.getResponseHeader("x-http3-conn-hash");
+
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    `${host2};h3-29=:${h3Port}`
+  );
+  Services.prefs.setCharPref("network.dns.localDomains", host2);
+
+  chan = makeChan(`https://${host2}`);
+  [req] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.protocolVersion, "h3-29");
+  // The port used by the second connection should be the same as the first one.
+  Assert.equal(req.getResponseHeader("x-http3-conn-hash"), hash);
+}
+
+add_task(async function testH3CoalescingWithSpeculativeConnection() {
+  await http3_setup_tests("h3-29");
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  await H3CoalescingTest("foo.h3_coalescing.org", "bar.h3_coalescing.org");
+});
+
+add_task(async function testH3CoalescingWithoutSpeculativeConnection() {
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+  await H3CoalescingTest("baz.h3_coalescing.org", "qux.h3_coalescing.org");
+});
diff --git a/netwerk/test/unit/test_http3_direct_proxy.js b/netwerk/test/unit/test_http3_direct_proxy.js
new file mode 100644
index 0000000000..74d2b11fc1
--- /dev/null
+++ b/netwerk/test/unit/test_http3_direct_proxy.js
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Test if a HTTP3 connection can be established when a proxy info says
+// to use direct connection
+
+"use strict";
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+  Services.prefs.clearUserPref("network.proxy.type");
+  Services.prefs.clearUserPref("network.proxy.autoconfig_url");
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3-29");
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function testHttp3WithDirectProxy() {
+  var pac =
+    "data:text/plain," +
+    "function FindProxyForURL(url, host) {" +
+    '  return "DIRECT; PROXY foopy:8080;"' +
+    "}";
+
+  // Configure PAC
+  Services.prefs.setIntPref("network.proxy.type", 2);
+  Services.prefs.setCharPref("network.proxy.autoconfig_url", pac);
+
+  let chan = makeChan(`https://foo.example.com`);
+  let [req] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.protocolVersion, "h3-29");
+});
diff --git a/netwerk/test/unit/test_http3_dns_retry.js b/netwerk/test/unit/test_http3_dns_retry.js
new file mode 100644
index 0000000000..facbd4e90b
--- /dev/null
+++ b/netwerk/test/unit/test_http3_dns_retry.js
@@ -0,0 +1,357 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let h2Port;
+let h3Port;
+let trrServer;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  trr_test_setup();
+
+  if (mozinfo.socketprocess_networking) {
+    Cc["@mozilla.org/network/protocol;1?name=http"].getService(
+      Ci.nsIHttpProtocolHandler
+    );
+    Services.dns; // Needed to trigger socket process.
+    // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+    await new Promise(resolve => setTimeout(resolve, 1000));
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", 2); // TRR first
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  Services.prefs.setBoolPref(
+    "network.http.http3.block_loopback_ipv6_addr",
+    true
+  );
+  Services.prefs.setBoolPref(
+    "network.http.http3.retry_different_ip_family",
+    true
+  );
+  Services.prefs.setBoolPref("network.dns.get-ttl", false);
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    true
+  );
+
+  registerCleanupFunction(async () => {
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      false
+    );
+    trr_clear_prefs();
+    Services.prefs.clearUserPref(
+      "network.http.http3.retry_different_ip_family"
+    );
+    Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+    Services.prefs.clearUserPref("network.http.http3.block_loopback_ipv6_addr");
+    Services.prefs.clearUserPref("network.dns.get-ttl");
+    if (trrServer) {
+      await trrServer.stop();
+    }
+  });
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  // eslint-disable-next-line no-async-promise-executor
+  return new Promise(async resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+async function registerDoHAnswers(host, ipv4Answers, ipv6Answers, httpsRecord) {
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers(host, "HTTPS", {
+    answers: httpsRecord,
+  });
+
+  await trrServer.registerDoHAnswers(host, "AAAA", {
+    answers: ipv6Answers,
+  });
+
+  await trrServer.registerDoHAnswers(host, "A", {
+    answers: ipv4Answers,
+  });
+
+  Services.dns.clearCache(true);
+}
+
+// Test if we retry IPv4 address for Http/3 properly.
+add_task(async function test_retry_with_ipv4() {
+  let host = "test.http3_retry.com";
+  let ipv4answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "A",
+      flush: false,
+      data: "127.0.0.1",
+    },
+  ];
+  // The UDP socket will return connection refused error because we set
+  // "network.http.http3.block_loopback_ipv6_addr" to true.
+  let ipv6answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "AAAA",
+      flush: false,
+      data: "::1",
+    },
+  ];
+  let httpsRecord = [
+    {
+      name: host,
+      ttl: 55,
+      type: "HTTPS",
+      flush: false,
+      data: {
+        priority: 1,
+        name: host,
+        values: [
+          { key: "alpn", value: "h3" },
+          { key: "port", value: h3Port },
+        ],
+      },
+    },
+  ];
+
+  await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord);
+
+  let chan = makeChan(`https://${host}`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h3");
+
+  await trrServer.stop();
+});
+
+add_task(async function test_retry_with_ipv4_disabled() {
+  let host = "test.http3_retry_ipv4_blocked.com";
+  let ipv4answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "A",
+      flush: false,
+      data: "127.0.0.1",
+    },
+  ];
+  // The UDP socket will return connection refused error because we set
+  // "network.http.http3.block_loopback_ipv6_addr" to true.
+  let ipv6answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "AAAA",
+      flush: false,
+      data: "::1",
+    },
+  ];
+  let httpsRecord = [
+    {
+      name: host,
+      ttl: 55,
+      type: "HTTPS",
+      flush: false,
+      data: {
+        priority: 1,
+        name: host,
+        values: [
+          { key: "alpn", value: "h3" },
+          { key: "port", value: h3Port },
+        ],
+      },
+    },
+  ];
+
+  await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord);
+
+  let chan = makeChan(`https://${host}`);
+  chan.QueryInterface(Ci.nsIHttpChannelInternal);
+  chan.setIPv4Disabled();
+
+  await channelOpenPromise(chan, CL_EXPECT_FAILURE);
+  await trrServer.stop();
+});
+
+// See bug 1837252. There is no way to observe the outcome of this test, because
+// the crash in bug 1837252 is only triggered by speculative connection.
+// The outcome of this test is no crash.
+add_task(async function test_retry_with_ipv4_failed() {
+  let host = "test.http3_retry_failed.com";
+  // Return a wrong answer intentionally.
+  let ipv4answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "AAAA",
+      flush: false,
+      data: "127.0.0.1",
+    },
+  ];
+  // The UDP socket will return connection refused error because we set
+  // "network.http.http3.block_loopback_ipv6_addr" to true.
+  let ipv6answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "AAAA",
+      flush: false,
+      data: "::1",
+    },
+  ];
+  let httpsRecord = [
+    {
+      name: host,
+      ttl: 55,
+      type: "HTTPS",
+      flush: false,
+      data: {
+        priority: 1,
+        name: host,
+        values: [
+          { key: "alpn", value: "h3" },
+          { key: "port", value: h3Port },
+        ],
+      },
+    },
+  ];
+
+  await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord);
+
+  // This speculative connection is used to trigger the mechanism to retry
+  // Http/3 connection with a IPv4 address.
+  // We want to make the connection entry's IP preference known,
+  // so DnsAndConnectSocket::mRetryWithDifferentIPFamily will be set to true
+  // before the second speculative connection.
+  let uri = Services.io.newURI(`https://test.http3_retry_failed.com`);
+  Services.io.speculativeConnect(
+    uri,
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null,
+    false
+  );
+
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 3000));
+
+  // When this speculative connection is created, the connection entry is
+  // already set to prefer IPv4. Since we provided an invalid A response,
+  // DnsAndConnectSocket::OnLookupComplete is called with an error.
+  // Since DnsAndConnectSocket::mRetryWithDifferentIPFamily is true, we do
+  // retry DNS lookup. During retry, we should not create UDP connection.
+  Services.io.speculativeConnect(
+    uri,
+    Services.scriptSecurityManager.getSystemPrincipal(),
+    null,
+    false
+  );
+
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 3000));
+  await trrServer.stop();
+});
+
+add_task(async function test_retry_with_0rtt() {
+  let host = "test.http3_retry_0rtt.com";
+  let ipv4answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "A",
+      flush: false,
+      data: "127.0.0.1",
+    },
+  ];
+  // The UDP socket will return connection refused error because we set
+  // "network.http.http3.block_loopback_ipv6_addr" to true.
+  let ipv6answers = [
+    {
+      name: host,
+      ttl: 55,
+      type: "AAAA",
+      flush: false,
+      data: "::1",
+    },
+  ];
+  let httpsRecord = [
+    {
+      name: host,
+      ttl: 55,
+      type: "HTTPS",
+      flush: false,
+      data: {
+        priority: 1,
+        name: host,
+        values: [
+          { key: "alpn", value: "h3" },
+          { key: "port", value: h3Port },
+        ],
+      },
+    },
+  ];
+
+  await registerDoHAnswers(host, ipv4answers, ipv6answers, httpsRecord);
+
+  let chan = makeChan(`https://${host}`);
+  chan.QueryInterface(Ci.nsIHttpChannelInternal);
+  chan.setIPv6Disabled();
+
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h3");
+
+  // Make sure the h3 connection created by the previous test is cleared.
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+
+  chan = makeChan(`https://${host}`);
+  chan.QueryInterface(Ci.nsIHttpChannelInternal);
+
+  [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h3");
+
+  await trrServer.stop();
+});
diff --git a/netwerk/test/unit/test_http3_early_hint_listener.js b/netwerk/test/unit/test_http3_early_hint_listener.js
new file mode 100644
index 0000000000..5100ea3151
--- /dev/null
+++ b/netwerk/test/unit/test_http3_early_hint_listener.js
@@ -0,0 +1,92 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The server will always respond with a 103 EarlyHint followed by a
+// 200 response.
+// 103 response contains:
+//  1) a non-link header
+//  2) a link header if a request has a "link-to-set" header. If the
+//     request header is not set, the response will not have Link headers.
+//     A "link-to-set" header may contain multiple link headers
+//     separated with a comma.
+
+const earlyhintspath = "/103_response";
+const hint1 = "; rel=preload; as=style";
+const hint2 = "; rel=preload; as=image";
+
+let EarlyHintsListener = function () {};
+
+EarlyHintsListener.prototype = {
+  _expected_hints: [],
+  earlyHintsReceived: 0,
+
+  QueryInterface: ChromeUtils.generateQI(["nsIEarlyHintObserver"]),
+
+  earlyHint(header) {
+    Assert.ok(this._expected_hints.includes(header));
+    this.earlyHintsReceived += 1;
+  },
+};
+
+function chanPromise(uri, listener, headers) {
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
+    NetUtil.newURI(uri),
+    {}
+  );
+  var chan = NetUtil.newChannel({
+    uri,
+    loadingPrincipal: principal,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  });
+
+  chan
+    .QueryInterface(Ci.nsIHttpChannel)
+    .setRequestHeader("link-to-set", headers, false);
+  chan.QueryInterface(Ci.nsIHttpChannelInternal).setEarlyHintObserver(listener);
+
+  return promiseAsyncOpen(chan);
+}
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3-29");
+});
+
+add_task(async function early_hints() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = [hint1];
+
+  await chanPromise(
+    `https://foo.example.com${earlyhintspath}`,
+    earlyHints,
+    hint1
+  );
+  Assert.equal(earlyHints.earlyHintsReceived, 1);
+});
+
+// Test when there is no Link header in a 103 response.
+// 103 response will contain non-link headers.
+add_task(async function no_early_hints() {
+  let earlyHints = new EarlyHintsListener();
+
+  await chanPromise(`https://foo.example.com${earlyhintspath}`, earlyHints, "");
+  Assert.equal(earlyHints.earlyHintsReceived, 0);
+});
+
+add_task(async function early_hints_multiple() {
+  let earlyHints = new EarlyHintsListener();
+  earlyHints._expected_hints = [hint1, hint2];
+
+  await chanPromise(
+    `https://foo.example.com${earlyhintspath}`,
+    earlyHints,
+    hint1 + ", " + hint2
+  );
+  Assert.equal(earlyHints.earlyHintsReceived, 2);
+});
diff --git a/netwerk/test/unit/test_http3_error_before_connect.js b/netwerk/test/unit/test_http3_error_before_connect.js
new file mode 100644
index 0000000000..72f8d61182
--- /dev/null
+++ b/netwerk/test/unit/test_http3_error_before_connect.js
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+let httpsUri;
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.dns.disableIPv6");
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+  Services.prefs.clearUserPref("network.http.http3.backup_timer_delay");
+  dump("cleanup done\n");
+});
+
+function makeChan() {
+  let chan = NetUtil.newChannel({
+    uri: httpsUri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+add_task(async function test_setup() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  let h3Port = Services.env.get("MOZHTTP3_PORT_NO_RESPONSE");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  // Set AltSvc to point to not existing HTTP3 server on port 443
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.example.com;h3-29=:" + h3Port
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 0);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  httpsUri = "https://foo.example.com:" + h2Port + "/";
+});
+
+add_task(async function test_fatal_stream_error() {
+  let result = 1;
+  // We need to loop here because we need to wait for AltSvc storage to
+  // to be started.
+  // We also do not have a way to verify that HTTP3 has been tried, because
+  // the fallback is automatic, so try a couple of times.
+  do {
+    // We need to close HTTP2 connections, otherwise our connection pooling
+    // will dispatch the request over already existing HTTP2 connection.
+    Services.obs.notifyObservers(null, "net:prune-all-connections");
+    let chan = makeChan();
+    let listener = new CheckOnlyHttp2Listener();
+    await altsvcSetupPromise(chan, listener);
+    result++;
+  } while (result < 5);
+});
+
+let CheckOnlyHttp2Listener = function () {};
+
+CheckOnlyHttp2Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h2");
+
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+    Assert.ok(routed === "0" || routed === "NA");
+    this.finish();
+  },
+};
+
+add_task(async function test_no_http3_after_error() {
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
+
+// also after all connections are closed.
+add_task(async function test_no_http3_after_error2() {
+  Services.obs.notifyObservers(null, "net:prune-all-connections");
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_http3_fast_fallback.js b/netwerk/test/unit/test_http3_fast_fallback.js
new file mode 100644
index 0000000000..ab2b6b7044
--- /dev/null
+++ b/netwerk/test/unit/test_http3_fast_fallback.js
@@ -0,0 +1,908 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let h2Port;
+let h3Port;
+let trrServer;
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  h3Port = Services.env.get("MOZHTTP3_PORT_NO_RESPONSE");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  trr_test_setup();
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", 2); // TRR first
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+    Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+    Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+    Services.prefs.clearUserPref("network.dns.http3_echconfig.enabled");
+    Services.prefs.clearUserPref(
+      "network.dns.echconfig.fallback_to_origin_when_all_failed"
+    );
+    Services.prefs.clearUserPref("network.dns.httpssvc.reset_exclustion_list");
+    Services.prefs.clearUserPref("network.http.http3.enable");
+    Services.prefs.clearUserPref(
+      "network.dns.httpssvc.http3_fast_fallback_timeout"
+    );
+    Services.prefs.clearUserPref(
+      "network.http.http3.alt-svc-mapping-for-testing"
+    );
+    Services.prefs.clearUserPref("network.http.http3.backup_timer_delay");
+    Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+    Services.prefs.clearUserPref(
+      "network.http.http3.parallel_fallback_conn_limit"
+    );
+    if (trrServer) {
+      await trrServer.stop();
+    }
+  });
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags, delay) {
+  // eslint-disable-next-line no-async-promise-executor
+  return new Promise(async resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+    if (delay) {
+      // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+      await new Promise(r => setTimeout(r, delay));
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+let CheckOnlyHttp2Listener = function () {};
+
+CheckOnlyHttp2Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h2");
+
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+    Assert.ok(routed === "0" || routed === "NA");
+    this.finish();
+  },
+};
+
+async function fast_fallback_test() {
+  let result = 1;
+  // We need to loop here because we need to wait for AltSvc storage to
+  // to be started.
+  // We also do not have a way to verify that HTTP3 has been tried, because
+  // the fallback is automatic, so try a couple of times.
+  do {
+    // We need to close HTTP2 connections, otherwise our connection pooling
+    // will dispatch the request over already existing HTTP2 connection.
+    Services.obs.notifyObservers(null, "net:prune-all-connections");
+    let chan = makeChan(`https://foo.example.com:${h2Port}/`);
+    let listener = new CheckOnlyHttp2Listener();
+    await altsvcSetupPromise(chan, listener);
+    result++;
+  } while (result < 3);
+}
+
+// Test the case when speculative connection is enabled. In this case, when the
+// backup connection is ready, the http transaction is still in pending
+// queue because the h3 connection is never ready to accept transactions.
+add_task(async function test_fast_fallback_with_speculative_connection() {
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // Set AltSvc to point to not existing HTTP3 server on port 443
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.example.com;h3-29=:" + h3Port
+  );
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+
+  await fast_fallback_test();
+});
+
+// Test the case when speculative connection is disabled. In this case, when the
+// back connection is ready, the http transaction is already activated,
+// but the socket is not ready to write.
+add_task(async function test_fast_fallback_without_speculative_connection() {
+  // Make sure the h3 connection created by the previous test is cleared.
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+  // Clear the h3 excluded list, otherwise the Alt-Svc mapping will not be used.
+  Services.obs.notifyObservers(null, "network:reset-http3-excluded-list");
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+
+  await fast_fallback_test();
+
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+});
+
+// Test when echConfig is disabled and we have https rr for http3. We use a
+// longer timeout in this test, so when fast fallback timer is triggered, the
+// http transaction is already activated.
+add_task(async function testFastfallback() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    1000
+  );
+
+  await trrServer.registerDoHAnswers("test.fastfallback.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.fastfallback.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.fastfallback1.com",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.fastfallback.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.fastfallback2.com",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.fastfallback1.com", "A", {
+    answers: [
+      {
+        name: "test.fastfallback1.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.fastfallback2.com", "A", {
+    answers: [
+      {
+        name: "test.fastfallback2.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.fastfallback.com/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  await trrServer.stop();
+});
+
+// Like the previous test, but with a shorter timeout, so when fast fallback
+// timer is triggered, the http transaction is still in pending queue.
+add_task(async function testFastfallback1() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    10
+  );
+
+  await trrServer.registerDoHAnswers("test.fastfallback.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.fastfallback.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.fastfallback1.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.fastfallback.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.fastfallback2.org",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.fastfallback1.org", "A", {
+    answers: [
+      {
+        name: "test.fastfallback1.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.fastfallback2.org", "A", {
+    answers: [
+      {
+        name: "test.fastfallback2.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.fastfallback.org/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  await trrServer.stop();
+});
+
+// Test when echConfig is enabled, we can sucessfully fallback to the last
+// record.
+add_task(async function testFastfallbackWithEchConfig() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    50
+  );
+
+  await trrServer.registerDoHAnswers("test.ech.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.ech1.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.ech2.org",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 3,
+          name: "test.ech3.org",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.ech1.org", "A", {
+    answers: [
+      {
+        name: "test.ech1.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.ech3.org", "A", {
+    answers: [
+      {
+        name: "test.ech3.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.ech.org/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  await trrServer.stop();
+});
+
+// Test when echConfig is enabled, the connection should fail when not all
+// records have echConfig.
+add_task(async function testFastfallbackWithpartialEchConfig() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    50
+  );
+
+  await trrServer.registerDoHAnswers("test.partial_ech.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.partial_ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.partial_ech1.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.partial_ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.partial_ech2.org",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.partial_ech1.org", "A", {
+    answers: [
+      {
+        name: "test.partial_ech1.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.partial_ech2.org", "A", {
+    answers: [
+      {
+        name: "test.partial_ech2.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.partial_ech.org/server-timing`);
+  await channelOpenPromise(chan, CL_EXPECT_LATE_FAILURE | CL_ALLOW_UNKNOWN_CL);
+
+  await trrServer.stop();
+});
+
+add_task(async function testFastfallbackWithoutEchConfig() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    50
+  );
+
+  await trrServer.registerDoHAnswers("test.no_ech_h2.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.no_ech_h2.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.no_ech_h3.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.no_ech_h3.org", "A", {
+    answers: [
+      {
+        name: "test.no_ech_h3.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.no_ech_h2.org", "A", {
+    answers: [
+      {
+        name: "test.no_ech_h2.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.no_ech_h2.org:${h2Port}/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  await trrServer.stop();
+});
+
+add_task(async function testH3FallbackWithMultipleTransactions() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  // Disable fast fallback.
+  Services.prefs.setIntPref(
+    "network.http.http3.parallel_fallback_conn_limit",
+    0
+  );
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+
+  await trrServer.registerDoHAnswers("test.multiple_trans.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.multiple_trans.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.multiple_trans.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.multiple_trans.org", "A", {
+    answers: [
+      {
+        name: "test.multiple_trans.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let promises = [];
+  for (let i = 0; i < 2; ++i) {
+    let chan = makeChan(
+      `https://test.multiple_trans.org:${h2Port}/server-timing`
+    );
+    promises.push(channelOpenPromise(chan));
+  }
+
+  let res = await Promise.all(promises);
+  res.forEach(function (e) {
+    let [req] = e;
+    Assert.equal(req.protocolVersion, "h2");
+    let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+    Assert.equal(internal.remotePort, h2Port);
+  });
+
+  await trrServer.stop();
+});
+
+add_task(async function testTwoFastFallbackTimers() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  Services.prefs.clearUserPref(
+    "network.http.http3.parallel_fallback_conn_limit"
+  );
+
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.fallback.org;h3-29=:" + h3Port
+  );
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    10
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 100);
+
+  await trrServer.registerDoHAnswers("foo.fallback.org", "HTTPS", {
+    answers: [
+      {
+        name: "foo.fallback.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "foo.fallback.org",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("foo.fallback.org", "A", {
+    answers: [
+      {
+        name: "foo.fallback.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  // Test the case that http3 backup timer is triggered after
+  // fast fallback timer or HTTPS RR.
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    10
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 100);
+
+  async function createChannelAndStartTest() {
+    let chan = makeChan(`https://foo.fallback.org:${h2Port}/server-timing`);
+    let [req] = await channelOpenPromise(chan);
+    Assert.equal(req.protocolVersion, "h2");
+    let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+    Assert.equal(internal.remotePort, h2Port);
+  }
+
+  await createChannelAndStartTest();
+
+  Services.obs.notifyObservers(null, "net:prune-all-connections");
+  Services.obs.notifyObservers(null, "network:reset-http3-excluded-list");
+  Services.dns.clearCache(true);
+
+  // Do the same test again, but with a different configuration.
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    100
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 10);
+
+  await createChannelAndStartTest();
+
+  await trrServer.stop();
+});
+
+add_task(async function testH3FastFallbackWithMultipleTransactions() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 6);
+  Services.prefs.clearUserPref(
+    "network.http.http3.parallel_fallback_conn_limit"
+  );
+
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 500);
+
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "test.multiple_fallback_trans.org;h3-29=:" + h3Port
+  );
+
+  await trrServer.registerDoHAnswers("test.multiple_fallback_trans.org", "A", {
+    answers: [
+      {
+        name: "test.multiple_fallback_trans.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let promises = [];
+  for (let i = 0; i < 3; ++i) {
+    let chan = makeChan(
+      `https://test.multiple_fallback_trans.org:${h2Port}/server-timing`
+    );
+    if (i == 0) {
+      promises.push(channelOpenPromise(chan));
+    } else {
+      promises.push(channelOpenPromise(chan, null, 500));
+    }
+  }
+
+  let res = await Promise.all(promises);
+  res.forEach(function (e) {
+    let [req] = e;
+    Assert.equal(req.protocolVersion, "h2");
+    let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+    Assert.equal(internal.remotePort, h2Port);
+  });
+
+  await trrServer.stop();
+});
+
+add_task(async function testFastfallbackToTheSameRecord() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+
+  Services.prefs.setIntPref(
+    "network.dns.httpssvc.http3_fast_fallback_timeout",
+    1000
+  );
+
+  await trrServer.registerDoHAnswers("test.ech.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.ech.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.ech1.org",
+          values: [
+            { key: "alpn", value: ["h3-29", "h2"] },
+            { key: "port", value: h2Port },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.ech1.org", "A", {
+    answers: [
+      {
+        name: "test.ech1.org",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  let chan = makeChan(`https://test.ech.org/server-timing`);
+  let [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  await trrServer.stop();
+});
diff --git a/netwerk/test/unit/test_http3_fatal_stream_error.js b/netwerk/test/unit/test_http3_fatal_stream_error.js
new file mode 100644
index 0000000000..4c0b41089a
--- /dev/null
+++ b/netwerk/test/unit/test_http3_fatal_stream_error.js
@@ -0,0 +1,135 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+let httpsUri;
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.dns.disableIPv6");
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+  Services.prefs.clearUserPref("network.http.http3.backup_timer_delay");
+  dump("cleanup done\n");
+});
+
+let Http3FailedListener = function () {};
+
+Http3FailedListener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.amount += cnt;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    if (Components.isSuccessCode(status)) {
+      // This is still HTTP2 connection
+      let httpVersion = "";
+      try {
+        httpVersion = request.protocolVersion;
+      } catch (e) {}
+      Assert.equal(httpVersion, "h2");
+      this.finish(false);
+    } else {
+      Assert.equal(status, Cr.NS_ERROR_NET_PARTIAL_TRANSFER);
+      this.finish(true);
+    }
+  },
+};
+
+function makeChan() {
+  let chan = NetUtil.newChannel({
+    uri: httpsUri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function altsvcSetupPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+add_task(async function test_fatal_error() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+
+  let h3Port = Services.env.get("MOZHTTP3_PORT_FAILED");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.example.com;h3-29=:" + h3Port
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 0);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  httpsUri = "https://foo.example.com:" + h2Port + "/";
+});
+
+add_task(async function test_fatal_stream_error() {
+  let result = false;
+  // We need to loop here because we need to wait for AltSvc storage to
+  // to be started.
+  do {
+    // We need to close HTTP2 connections, otherwise our connection pooling
+    // will dispatch the request over already existing HTTP2 connection.
+    Services.obs.notifyObservers(null, "net:prune-all-connections");
+    let chan = makeChan();
+    let listener = new Http3FailedListener();
+    result = await altsvcSetupPromise(chan, listener);
+  } while (result === false);
+});
+
+let CheckOnlyHttp2Listener = function () {};
+
+CheckOnlyHttp2Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h2");
+    this.finish(false);
+  },
+};
+
+add_task(async function test_no_http3_after_error() {
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
+
+// also after all connections are closed.
+add_task(async function test_no_http3_after_error2() {
+  Services.obs.notifyObservers(null, "net:prune-all-connections");
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_http3_large_post.js b/netwerk/test/unit/test_http3_large_post.js
new file mode 100644
index 0000000000..2ed8e51bb4
--- /dev/null
+++ b/netwerk/test/unit/test_http3_large_post.js
@@ -0,0 +1,165 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3-29");
+});
+
+let Http3Listener = function (amount) {
+  this.amount = amount;
+};
+
+Http3Listener.prototype = {
+  expectedStatus: Cr.NS_OK,
+  amount: 0,
+  onProgressMaxNotificationCount: 0,
+  onProgressNotificationCount: 0,
+
+  QueryInterface: ChromeUtils.generateQI(["nsIProgressEventSink"]),
+
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIProgressEventSink)) {
+      return this;
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  },
+
+  onProgress(request, progress, progressMax) {
+    // we will get notifications for the request and the response.
+    if (progress === progressMax) {
+      this.onProgressMaxNotificationCount += 1;
+    }
+    // For a large upload there should be a multiple notifications.
+    this.onProgressNotificationCount += 1;
+  },
+
+  onStatus(request, status, statusArg) {},
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.equal(request.status, this.expectedStatus);
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      Assert.equal(request.responseStatus, 200);
+    }
+    Assert.equal(
+      this.amount,
+      request.getResponseHeader("x-data-received-length")
+    );
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    // We should get 2 correctOnProgress, i.e. one for request and one for the response.
+    Assert.equal(this.onProgressMaxNotificationCount, 2);
+    if (this.amount > 500000) {
+      // 10 is an arbitrary number, but we cannot calculate exact number
+      // because it depends on timing.
+      Assert.ok(this.onProgressNotificationCount > 10);
+    }
+    this.finish();
+  },
+};
+
+function chanPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function makeChan(uri, amount) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+
+  let stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = generateContent(amount);
+  let uchan = chan.QueryInterface(Ci.nsIUploadChannel);
+  uchan.setUploadStream(stream, "text/plain", stream.available());
+  chan.requestMethod = "POST";
+  return chan;
+}
+
+// Generate a post.
+function generateContent(size) {
+  let content = "";
+  for (let i = 0; i < size; i++) {
+    content += "0";
+  }
+  return content;
+}
+
+// Send a large post that can fit into a neqo stream buffer at once.
+// But the amount of data is larger than the necko's default stream
+// buffer side, therefore ReadSegments will be called multiple times.
+add_task(async function test_large_post() {
+  let amount = 1 << 16;
+  let listener = new Http3Listener(amount);
+  let chan = makeChan("https://foo.example.com/post", amount);
+  chan.notificationCallbacks = listener;
+  await chanPromise(chan, listener);
+});
+
+// Send a large post that cannot fit into a neqo stream buffer at once.
+// StreamWritable events will trigger sending more data when the buffer
+// space is freed
+add_task(async function test_large_post2() {
+  let amount = 1 << 23;
+  let listener = new Http3Listener(amount);
+  let chan = makeChan("https://foo.example.com/post", amount);
+  chan.notificationCallbacks = listener;
+  await chanPromise(chan, listener);
+});
+
+// Send a post in the same way viaduct does in bug 1749957.
+add_task(async function test_bug1749957_bug1750056() {
+  let amount = 200; // Tests the bug as long as it's non-zero.
+  let uri = "https://foo.example.com/post";
+  let listener = new Http3Listener(amount);
+
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+
+  // https://searchfox.org/mozilla-central/rev/1920b17ac5988fcfec4e45e2a94478ebfbfc6f88/toolkit/components/viaduct/ViaductRequest.cpp#120-152
+  {
+    chan.requestMethod = "POST";
+    chan.setRequestHeader("content-length", "" + amount, /* aMerge = */ false);
+
+    let stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+      Ci.nsIStringInputStream
+    );
+    stream.data = generateContent(amount);
+    let uchan = chan.QueryInterface(Ci.nsIUploadChannel2);
+    uchan.explicitSetUploadStream(
+      stream,
+      /* aContentType = */ "",
+      /* aContentLength = */ -1,
+      "POST",
+      /* aStreamHasHeaders = */ false
+    );
+  }
+
+  chan.notificationCallbacks = listener;
+  await chanPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_http3_large_post_telemetry.js b/netwerk/test/unit/test_http3_large_post_telemetry.js
new file mode 100644
index 0000000000..33ad4b7d21
--- /dev/null
+++ b/netwerk/test/unit/test_http3_large_post_telemetry.js
@@ -0,0 +1,151 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const { TelemetryTestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TelemetryTestUtils.sys.mjs"
+);
+
+let indexes_10_100 = [
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 18, 20, 22, 24, 27, 30,
+  33, 37, 41, 46, 51, 57, 63, 70, 78, 87, 97, 108, 120, 133, 148, 165, 184, 205,
+  228, 254, 282, 314, 349, 388, 431, 479, 533, 593, 659, 733, 815, 906, 1008,
+  1121, 1247, 1387, 1542, 1715, 1907, 2121, 2359, 2623, 2917, 3244, 3607, 4011,
+  4460, 4960, 5516, 6134, 6821, 7585, 8435, 9380, 10431, 11600, 12900, 14345,
+  15952, 17739, 19727, 21937, 24395, 27129, 30169, 33549, 37308, 41488, 46137,
+  51307, 57056, 63449, 70559, 78465, 87257, 97035, 107908, 120000,
+];
+
+let indexes_gt_100 = [
+  0, 30000, 30643, 31300, 31971, 32657, 33357, 34072, 34803, 35549, 36311,
+  37090, 37885, 38697, 39527, 40375, 41241, 42125, 43028, 43951, 44894, 45857,
+  46840, 47845, 48871, 49919, 50990, 52084, 53201, 54342, 55507, 56697, 57913,
+  59155, 60424, 61720, 63044, 64396, 65777, 67188, 68629, 70101, 71604, 73140,
+  74709, 76311, 77948, 79620, 81327, 83071, 84853, 86673, 88532, 90431, 92370,
+  94351, 96374, 98441, 100552, 102708, 104911, 107161, 109459, 111806, 114204,
+  116653, 119155, 121710, 124320, 126986, 129709, 132491, 135332, 138234,
+  141199, 144227, 147320, 150479, 153706, 157002, 160369, 163808, 167321,
+  170909, 174574, 178318, 182142, 186048, 190038, 194114, 198277, 202529,
+  206872, 211309, 215841, 220470, 225198, 230028, 234961, 240000,
+];
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+  Services.prefs.clearUserPref(
+    "toolkit.telemetry.testing.overrideProductsCheck"
+  );
+});
+
+add_task(async function setup() {
+  // Enable the collection (during test) for all products so even products
+  // that don't collect the data will be able to run the test without failure.
+  Services.prefs.setBoolPref(
+    "toolkit.telemetry.testing.overrideProductsCheck",
+    true
+  );
+
+  await http3_setup_tests("h3-29");
+});
+
+let Http3Listener = function () {};
+
+Http3Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    this.finish();
+  },
+};
+
+function chanPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function makeChan(uri, amount) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+
+  let stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = generateContent(amount);
+  let uchan = chan.QueryInterface(Ci.nsIUploadChannel);
+  uchan.setUploadStream(stream, "text/plain", stream.available());
+  chan.requestMethod = "POST";
+  return chan;
+}
+
+// Generate a post.
+function generateContent(size) {
+  let content = "";
+  for (let i = 0; i < size; i++) {
+    content += "0";
+  }
+  return content;
+}
+
+async function test_large_post(amount, hist_name, key, indexes) {
+  let hist = TelemetryTestUtils.getAndClearKeyedHistogram(hist_name);
+
+  let listener = new Http3Listener();
+  listener.amount = amount;
+  let chan = makeChan("https://foo.example.com/post", amount);
+  let tchan = chan.QueryInterface(Ci.nsITimedChannel);
+  tchan.timingEnabled = true;
+  await chanPromise(chan, listener);
+
+  let time = (tchan.responseStartTime - tchan.requestStartTime) / 1000;
+  let i = 0;
+  while (i < indexes.length && time > indexes[i + 1]) {
+    i += 1;
+  }
+  TelemetryTestUtils.assertKeyedHistogramValue(hist, key, indexes[i], 1);
+}
+
+add_task(async function test_11M() {
+  await test_large_post(
+    11 * (1 << 20),
+    "HTTP3_UPLOAD_TIME_10M_100M",
+    "uses_http3_10_50",
+    indexes_10_100
+  );
+});
+
+add_task(async function test_51M() {
+  await test_large_post(
+    51 * (1 << 20),
+    "HTTP3_UPLOAD_TIME_10M_100M",
+    "uses_http3_50_100",
+    indexes_10_100
+  );
+});
+
+add_task(async function test_101M() {
+  await test_large_post(
+    101 * (1 << 20),
+    "HTTP3_UPLOAD_TIME_GT_100M",
+    "uses_http3",
+    indexes_gt_100
+  );
+});
diff --git a/netwerk/test/unit/test_http3_perf.js b/netwerk/test/unit/test_http3_perf.js
new file mode 100644
index 0000000000..0a813cdf19
--- /dev/null
+++ b/netwerk/test/unit/test_http3_perf.js
@@ -0,0 +1,262 @@
+"use strict";
+
+// This test is run as part of the perf tests which require the metadata.
+/* exported perfMetadata */
+var perfMetadata = {
+  owner: "Network Team",
+  name: "http3 raw",
+  description:
+    "XPCShell tests that verifies the lib integration against a local server",
+  options: {
+    default: {
+      perfherder: true,
+      perfherder_metrics: [
+        {
+          name: "speed",
+          unit: "bps",
+        },
+      ],
+      xpcshell_cycles: 13,
+      verbose: true,
+      try_platform: ["linux", "mac"],
+    },
+  },
+  tags: ["network", "http3", "quic"],
+};
+
+var performance = performance || {};
+performance.now = (function () {
+  return (
+    performance.now ||
+    performance.mozNow ||
+    performance.msNow ||
+    performance.oNow ||
+    performance.webkitNow ||
+    Date.now
+  );
+})();
+
+let h3Route;
+let httpsOrigin;
+let h3AltSvc;
+
+let prefs;
+
+let tests = [
+  // This test must be the first because it setsup alt-svc connection, that
+  // other tests use.
+  test_https_alt_svc,
+  test_download,
+  testsDone,
+];
+
+let current_test = 0;
+
+function run_next_test() {
+  if (current_test < tests.length) {
+    dump("starting test number " + current_test + "\n");
+    tests[current_test]();
+    current_test++;
+  }
+}
+
+// eslint-disable-next-line no-unused-vars
+function run_test() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+  let h3Port = Services.env.get("MOZHTTP3_PORT");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+  h3AltSvc = ":" + h3Port;
+
+  h3Route = "foo.example.com:" + h3Port;
+  do_get_profile();
+  prefs = Services.prefs;
+
+  prefs.setBoolPref("network.http.http3.enable", true);
+  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+
+  // The certificate for the http3server server is for foo.example.com and
+  // is signed by http2-ca.pem so add that cert to the trust list as a
+  // signing cert.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+  httpsOrigin = "https://foo.example.com:" + h2Port + "/";
+
+  run_next_test();
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let Http3CheckListener = function () {};
+
+Http3CheckListener.prototype = {
+  onDataAvailableFired: false,
+  expectedRoute: "",
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.onDataAvailableFired = true;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    dump("status is " + status + "\n");
+    // Assert.equal(status, Cr.NS_OK);
+    let routed = "NA";
+    try {
+      routed = request.getRequestHeader("Alt-Used");
+    } catch (e) {}
+    dump("routed is " + routed + "\n");
+
+    Assert.equal(routed, this.expectedRoute);
+
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    Assert.equal(this.onDataAvailableFired, true);
+  },
+};
+
+let WaitForHttp3Listener = function () {};
+
+WaitForHttp3Listener.prototype = new Http3CheckListener();
+
+WaitForHttp3Listener.prototype.uri = "";
+WaitForHttp3Listener.prototype.h3AltSvc = "";
+
+WaitForHttp3Listener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  Assert.equal(status, Cr.NS_OK);
+  let routed = "NA";
+  try {
+    routed = request.getRequestHeader("Alt-Used");
+  } catch (e) {}
+  dump("routed is " + routed + "\n");
+
+  if (routed == this.expectedRoute) {
+    Assert.equal(routed, this.expectedRoute); // always true, but a useful log
+
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    run_next_test();
+  } else {
+    dump("poll later for alt svc mapping\n");
+    do_test_pending();
+    do_timeout(500, () => {
+      doTest(this.uri, this.expectedRoute, this.h3AltSvc);
+    });
+  }
+
+  do_test_finished();
+};
+
+function doTest(uri, expectedRoute, altSvc) {
+  let chan = makeChan(uri);
+  let listener = new WaitForHttp3Listener();
+  listener.uri = uri;
+  listener.expectedRoute = expectedRoute;
+  listener.h3AltSvc = altSvc;
+  chan.setRequestHeader("x-altsvc", altSvc, false);
+  chan.asyncOpen(listener);
+}
+
+// Test Alt-Svc for http3.
+// H2 server returns alt-svc=h3-29=:h3port
+function test_https_alt_svc() {
+  dump("test_https_alt_svc()\n");
+
+  do_test_pending();
+  doTest(httpsOrigin + "http3-test", h3Route, h3AltSvc);
+}
+
+let PerfHttp3Listener = function () {};
+
+PerfHttp3Listener.prototype = new Http3CheckListener();
+PerfHttp3Listener.prototype.amount = 0;
+PerfHttp3Listener.prototype.bytesRead = 0;
+PerfHttp3Listener.prototype.startTime = 0;
+
+PerfHttp3Listener.prototype.onStartRequest = function testOnStartRequest(
+  request
+) {
+  this.startTime = performance.now();
+  Http3CheckListener.prototype.onStartRequest.call(this, request);
+};
+
+PerfHttp3Listener.prototype.onDataAvailable = function testOnStopRequest(
+  request,
+  stream,
+  off,
+  cnt
+) {
+  this.bytesRead += cnt;
+  Http3CheckListener.prototype.onDataAvailable.call(
+    this,
+    request,
+    stream,
+    off,
+    cnt
+  );
+};
+
+PerfHttp3Listener.prototype.onStopRequest = function testOnStopRequest(
+  request,
+  status
+) {
+  let stopTime = performance.now();
+  Http3CheckListener.prototype.onStopRequest.call(this, request, status);
+  if (this.bytesRead != this.amount) {
+    dump("Wrong number of bytes...");
+  } else {
+    let speed = (this.bytesRead * 1000) / (stopTime - this.startTime);
+    info("perfMetrics", { speed });
+  }
+  run_next_test();
+  do_test_finished();
+};
+
+function test_download() {
+  dump("test_download()\n");
+
+  let listener = new PerfHttp3Listener();
+  listener.expectedRoute = h3Route;
+  listener.amount = 1024 * 1024;
+  let chan = makeChan(httpsOrigin + listener.amount.toString());
+  chan.asyncOpen(listener);
+  do_test_pending();
+}
+
+function testsDone() {
+  prefs.clearUserPref("network.http.http3.enable");
+  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+  dump("testDone\n");
+  do_test_pending();
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_http3_prio_disabled.js b/netwerk/test/unit/test_http3_prio_disabled.js
new file mode 100644
index 0000000000..b73ca98709
--- /dev/null
+++ b/netwerk/test/unit/test_http3_prio_disabled.js
@@ -0,0 +1,106 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// this test file can be run directly as a part of parent/main process
+// or indirectly from the wrapper test file as a part of child/content process
+
+// need to get access to helper functions/structures
+// load ensures
+// * testing environment is available (ie Assert.ok())
+/*global inChildProcess, test_flag_priority */
+load("../unit/test_http3_prio_helpers.js");
+
+// direct call to this test file should cleanup after itself
+// otherwise the wrapper will handle
+if (!inChildProcess()) {
+  registerCleanupFunction(async () => {
+    Services.prefs.clearUserPref("network.http.http3.priority");
+    http3_clear_prefs();
+  });
+}
+
+// setup once, before tests
+add_task(async function setup() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    await http3_setup_tests("h3-29");
+  }
+});
+
+// tests various flags when priority has been disabled on variable incremental
+// this function should only be called the preferences priority disabled
+async function test_http3_prio_disabled(incremental) {
+  await test_flag_priority("disabled (none)", null, null, null, null); // default-test
+  await test_flag_priority(
+    "disabled (urgent_start)",
+    Ci.nsIClassOfService.UrgentStart,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (leader)",
+    Ci.nsIClassOfService.Leader,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (unblocked)",
+    Ci.nsIClassOfService.Unblocked,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (follower)",
+    Ci.nsIClassOfService.Follower,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (speculative)",
+    Ci.nsIClassOfService.Speculative,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (background)",
+    Ci.nsIClassOfService.Background,
+    null,
+    incremental,
+    null
+  );
+  await test_flag_priority(
+    "disabled (background)",
+    Ci.nsIClassOfService.Tail,
+    null,
+    incremental,
+    null
+  );
+}
+
+// run tests after setup
+
+// test that various urgency flags and incremental=true don't propogate to header
+// when priority setting is disabled
+add_task(async function test_http3_prio_disabled_inc_true() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    Services.prefs.setBoolPref("network.http.http3.priority", false);
+  }
+  await test_http3_prio_disabled(true);
+});
+
+// test that various urgency flags and incremental=false don't propogate to header
+// when priority setting is disabled
+add_task(async function test_http3_prio_disabled_inc_false() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    Services.prefs.setBoolPref("network.http.http3.priority", false);
+  }
+  await test_http3_prio_disabled(false);
+});
diff --git a/netwerk/test/unit/test_http3_prio_enabled.js b/netwerk/test/unit/test_http3_prio_enabled.js
new file mode 100644
index 0000000000..6dd30c590a
--- /dev/null
+++ b/netwerk/test/unit/test_http3_prio_enabled.js
@@ -0,0 +1,108 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// this test file can be run directly as a part of parent/main process
+// or indirectly from the wrapper test file as a part of child/content process
+
+// need to get access to helper functions/structures
+// load ensures
+// * testing environment is available (ie Assert.ok())
+/*global inChildProcess, test_flag_priority */
+load("../unit/test_http3_prio_helpers.js");
+
+// direct call to this test file should cleanup after itself
+// otherwise the wrapper will handle
+if (!inChildProcess()) {
+  registerCleanupFunction(async () => {
+    Services.prefs.clearUserPref("network.http.http3.priority");
+    http3_clear_prefs();
+  });
+}
+
+// setup once, before tests
+add_task(async function setup() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    await http3_setup_tests("h3-29");
+  }
+});
+
+// tests various flags when priority has been enabled on variable incremental
+// this function should only be called the preferences priority disabled
+async function test_http3_prio_enabled(incremental) {
+  await test_flag_priority("enabled (none)", null, "u=4", null, false); // default-test
+  await test_flag_priority(
+    "enabled (urgent_start)",
+    Ci.nsIClassOfService.UrgentStart,
+    "u=1",
+    incremental,
+    incremental
+  );
+  await test_flag_priority(
+    "enabled (leader)",
+    Ci.nsIClassOfService.Leader,
+    "u=2",
+    incremental,
+    incremental
+  );
+
+  // if priority-urgency and incremental are both default values
+  // then we shouldn't expect to see the priority header at all
+  // hence when:
+  //  incremental=true  -> we expect incremental
+  //  incremental=false -> we expect null
+  await test_flag_priority(
+    "enabled (unblocked)",
+    Ci.nsIClassOfService.Unblocked,
+    null,
+    incremental,
+    incremental ? incremental : null
+  );
+
+  await test_flag_priority(
+    "enabled (follower)",
+    Ci.nsIClassOfService.Follower,
+    "u=4",
+    incremental,
+    incremental
+  );
+  await test_flag_priority(
+    "enabled (speculative)",
+    Ci.nsIClassOfService.Speculative,
+    "u=6",
+    incremental,
+    incremental
+  );
+  await test_flag_priority(
+    "enabled (background)",
+    Ci.nsIClassOfService.Background,
+    "u=6",
+    incremental,
+    incremental
+  );
+  await test_flag_priority(
+    "enabled (background)",
+    Ci.nsIClassOfService.Tail,
+    "u=6",
+    incremental,
+    incremental
+  );
+}
+
+// with priority enabled: test urgency flags with both incremental enabled and disabled
+add_task(async function test_http3_prio_enabled_incremental_true() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    Services.prefs.setBoolPref("network.http.http3.priority", true);
+  }
+  await test_http3_prio_enabled(true);
+});
+
+add_task(async function test_http3_prio_enabled_incremental_false() {
+  // wrapper handles when testing as content process for pref change
+  if (!inChildProcess()) {
+    Services.prefs.setBoolPref("network.http.http3.priority", true);
+  }
+  await test_http3_prio_enabled(false);
+});
diff --git a/netwerk/test/unit/test_http3_prio_helpers.js b/netwerk/test/unit/test_http3_prio_helpers.js
new file mode 100644
index 0000000000..c1f6d06bcb
--- /dev/null
+++ b/netwerk/test/unit/test_http3_prio_helpers.js
@@ -0,0 +1,121 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// uses head_http3.js, which uses http2-ca.pem
+"use strict";
+
+/* exported inChildProcess, test_flag_priority */
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+let Http3Listener = function (
+  closure,
+  expected_priority,
+  expected_incremental,
+  context
+) {
+  this._closure = closure;
+  this._expected_priority = expected_priority;
+  this._expected_incremental = expected_incremental;
+  this._context = context;
+};
+
+// string -> [string, bool]
+// "u=3,i" -> ["u=3", true]
+function parse_priority_response_header(priority) {
+  const priority_array = priority.split(",");
+
+  // parse for urgency string
+  const urgency = priority_array.find(element => element.includes("u="));
+
+  // parse for incremental bool
+  const incremental = !!priority_array.find(element => element == "i");
+
+  return [urgency ? urgency : null, incremental];
+}
+
+Http3Listener.prototype = {
+  resumed: false,
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.equal(request.status, Cr.NS_OK);
+    Assert.equal(request.responseStatus, 200);
+
+    let secinfo = request.securityInfo;
+    Assert.equal(secinfo.resumed, this.resumed);
+    Assert.ok(secinfo.serverCert != null);
+
+    // check priority urgency and incremental from response header
+    let priority_urgency = null;
+    let incremental = null;
+    try {
+      const prh = request.getResponseHeader("priority-mirror");
+      [priority_urgency, incremental] = parse_priority_response_header(prh);
+    } catch (e) {
+      console.log("Failed to get priority-mirror from response header");
+    }
+    Assert.equal(priority_urgency, this._expected_priority, this._context);
+    Assert.equal(incremental, this._expected_incremental, this._context);
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+
+    try {
+      this._closure();
+    } catch (ex) {
+      do_throw("Error in closure function: " + ex);
+    }
+  },
+};
+
+function make_channel(url) {
+  var request = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  });
+  request.QueryInterface(Ci.nsIHttpChannel);
+  return request;
+}
+
+async function test_flag_priority(
+  context,
+  flag,
+  expected_priority,
+  incremental,
+  expected_incremental
+) {
+  var chan = make_channel("https://foo.example.com/priority_mirror");
+  var cos = chan.QueryInterface(Ci.nsIClassOfService);
+
+  // configure the channel with flags
+  if (flag != null) {
+    cos.addClassFlags(flag);
+  }
+
+  // configure the channel with incremental
+  if (incremental != null) {
+    cos.incremental = incremental;
+  }
+
+  await new Promise(resolve =>
+    chan.asyncOpen(
+      new Http3Listener(
+        resolve,
+        expected_priority,
+        expected_incremental,
+        context
+      )
+    )
+  );
+}
diff --git a/netwerk/test/unit/test_http3_server.js b/netwerk/test/unit/test_http3_server.js
new file mode 100644
index 0000000000..3daf9cfa3c
--- /dev/null
+++ b/netwerk/test/unit/test_http3_server.js
@@ -0,0 +1,168 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let h2Port;
+let h3Port;
+let trrServer;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  h3Port = Services.env.get("MOZHTTP3_PORT_PROXY");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  trr_test_setup();
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+    Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+    Services.prefs.clearUserPref("network.dns.disablePrefetch");
+    await trrServer.stop();
+  });
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns;
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+      resolve([req, buffer]);
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+// Use NodeHTTPServer to create an HTTP server and test if the Http/3 server
+// can act as a reverse proxy.
+add_task(async function testHttp3ServerAsReverseProxy() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.dns.clearCache(true);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.h3_example.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.h3_example.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.h3_example.com",
+          values: [
+            { key: "alpn", value: "h3-29" },
+            { key: "port", value: h3Port },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("test.h3_example.com", "A", {
+    answers: [
+      {
+        name: "test.h3_example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("test.h3_example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  let server = new NodeHTTPServer();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+
+  await server.registerPathHandler("/test", (req, resp) => {
+    if (req.method === "GET") {
+      resp.writeHead(200);
+      resp.end("got GET request");
+    } else if (req.method === "POST") {
+      let received = "";
+      req.on("data", function receivePostData(chunk) {
+        received += chunk.toString();
+      });
+      req.on("end", function finishPost() {
+        resp.writeHead(200);
+        resp.end(received);
+      });
+    }
+  });
+
+  // Tell the Http/3 server which port to forward requests.
+  let chan = makeChan(`https://test.h3_example.com/port?${server.port()}`);
+  await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+
+  // Test GET method.
+  chan = makeChan(`https://test.h3_example.com/test`);
+  let [req, buf] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  Assert.equal(req.protocolVersion, "h3-29");
+  Assert.equal(buf, "got GET request");
+
+  var stream = Cc["@mozilla.org/io/string-input-stream;1"].createInstance(
+    Ci.nsIStringInputStream
+  );
+  stream.data = "b".repeat(500);
+
+  // Test POST method.
+  chan = makeChan(`https://test.h3_example.com/test`);
+  chan
+    .QueryInterface(Ci.nsIUploadChannel)
+    .setUploadStream(stream, "text/plain", stream.available());
+  chan.requestMethod = "POST";
+
+  [req, buf] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  Assert.equal(req.protocolVersion, "h3-29");
+  Assert.equal(buf, stream.data);
+
+  await trrServer.stop();
+});
diff --git a/netwerk/test/unit/test_http3_server_not_existing.js b/netwerk/test/unit/test_http3_server_not_existing.js
new file mode 100644
index 0000000000..b2b5518974
--- /dev/null
+++ b/netwerk/test/unit/test_http3_server_not_existing.js
@@ -0,0 +1,109 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+let httpsUri;
+
+registerCleanupFunction(async () => {
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("network.dns.disableIPv6");
+  Services.prefs.clearUserPref(
+    "network.http.http3.alt-svc-mapping-for-testing"
+  );
+  Services.prefs.clearUserPref("network.http.http3.backup_timer_delay");
+  dump("cleanup done\n");
+});
+
+function makeChan() {
+  let chan = NetUtil.newChannel({
+    uri: httpsUri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+function altsvcSetupPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+add_task(async function test_fatal_error() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  Services.prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  // Set AltSvc to point to not existing HTTP3 server on port 443
+  Services.prefs.setCharPref(
+    "network.http.http3.alt-svc-mapping-for-testing",
+    "foo.example.com;h3-29=:443"
+  );
+  Services.prefs.setIntPref("network.http.http3.backup_timer_delay", 0);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  httpsUri = "https://foo.example.com:" + h2Port + "/";
+});
+
+add_task(async function test_fatal_stream_error() {
+  let result = 1;
+  // We need to loop here because we need to wait for AltSvc storage to
+  // to be started.
+  // We also do not have a way to verify that HTTP3 has been tried, because
+  // the fallback is automatic, so try a couple of times.
+  do {
+    // We need to close HTTP2 connections, otherwise our connection pooling
+    // will dispatch the request over already existing HTTP2 connection.
+    Services.obs.notifyObservers(null, "net:prune-all-connections");
+    let chan = makeChan();
+    let listener = new CheckOnlyHttp2Listener();
+    await altsvcSetupPromise(chan, listener);
+    result++;
+  } while (result < 5);
+});
+
+let CheckOnlyHttp2Listener = function () {};
+
+CheckOnlyHttp2Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    Assert.equal(status, Cr.NS_OK);
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h2");
+    this.finish();
+  },
+};
+
+add_task(async function test_no_http3_after_error() {
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
+
+// also after all connections are closed.
+add_task(async function test_no_http3_after_error2() {
+  Services.obs.notifyObservers(null, "net:prune-all-connections");
+  let chan = makeChan();
+  let listener = new CheckOnlyHttp2Listener();
+  await altsvcSetupPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_http3_trans_close.js b/netwerk/test/unit/test_http3_trans_close.js
new file mode 100644
index 0000000000..0bbb183aab
--- /dev/null
+++ b/netwerk/test/unit/test_http3_trans_close.js
@@ -0,0 +1,84 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3-29");
+});
+
+let Http3Listener = function () {};
+
+Http3Listener.prototype = {
+  expectedAmount: 0,
+  expectedStatus: Cr.NS_OK,
+  amount: 0,
+
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.equal(request.status, this.expectedStatus);
+    if (Components.isSuccessCode(this.expectedStatus)) {
+      Assert.equal(request.responseStatus, 200);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    this.amount += cnt;
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    Assert.equal(httpVersion, "h3-29");
+    Assert.equal(this.amount, this.expectedAmount);
+
+    this.finish();
+  },
+};
+
+function chanPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish(result) {
+      resolve(result);
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function makeChan(uri) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+add_task(async function test_response_without_body() {
+  let chan = makeChan("https://foo.example.com/no_body");
+  let listener = new Http3Listener();
+  listener.expectedAmount = 0;
+  await chanPromise(chan, listener);
+});
+
+add_task(async function test_response_without_content_length() {
+  let chan = makeChan("https://foo.example.com/no_content_length");
+  let listener = new Http3Listener();
+  listener.expectedAmount = 4000;
+  await chanPromise(chan, listener);
+});
+
+add_task(async function test_content_length_smaller_than_data_len() {
+  let chan = makeChan("https://foo.example.com/content_length_smaller");
+  let listener = new Http3Listener();
+  // content-lentgth is 4000, but data length is 8000.
+  // We should return an error here - bug 1670086.
+  listener.expectedAmount = 4000;
+  await chanPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_http3_version1.js b/netwerk/test/unit/test_http3_version1.js
new file mode 100644
index 0000000000..65f4eef906
--- /dev/null
+++ b/netwerk/test/unit/test_http3_version1.js
@@ -0,0 +1,93 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+registerCleanupFunction(async () => {
+  http3_clear_prefs();
+});
+
+let httpsUri;
+
+add_task(async function pre_setup() {
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+  httpsUri = "https://foo.example.com:" + h2Port + "/";
+  Services.prefs.setBoolPref("network.http.http3.support_version1", true);
+});
+
+add_task(async function setup() {
+  await http3_setup_tests("h3");
+});
+
+function chanPromise(chan, listener) {
+  return new Promise(resolve => {
+    function finish() {
+      resolve();
+    }
+    listener.finish = finish;
+    chan.asyncOpen(listener);
+  });
+}
+
+function makeH2Chan() {
+  let chan = NetUtil.newChannel({
+    uri: httpsUri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+  return chan;
+}
+
+let Http3Listener = function () {};
+
+Http3Listener.prototype = {
+  version1enabled: "",
+
+  onStartRequest: function testOnStartRequest(request) {},
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    let httpVersion = "";
+    try {
+      httpVersion = request.protocolVersion;
+    } catch (e) {}
+    if (this.version1enabled) {
+      Assert.equal(httpVersion, "h3");
+    } else {
+      Assert.equal(httpVersion, "h2");
+    }
+
+    this.finish();
+  },
+};
+
+add_task(async function test_version1_enabled_1() {
+  Services.prefs.setBoolPref("network.http.http3.support_version1", true);
+  let listener = new Http3Listener();
+  listener.version1enabled = true;
+  let chan = makeH2Chan("https://foo.example.com/");
+  await chanPromise(chan, listener);
+});
+
+add_task(async function test_version1_disabled() {
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  Services.prefs.setBoolPref("network.http.http3.support_version1", false);
+  let listener = new Http3Listener();
+  listener.version1enabled = false;
+  let chan = makeH2Chan("https://foo.example.com/");
+  await chanPromise(chan, listener);
+});
+
+add_task(async function test_version1_enabled_2() {
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  Services.prefs.setBoolPref("network.http.http3.support_version1", true);
+  let listener = new Http3Listener();
+  listener.version1enabled = true;
+  let chan = makeH2Chan("https://foo.example.com/");
+  await chanPromise(chan, listener);
+});
diff --git a/netwerk/test/unit/test_httpResponseTimeout.js b/netwerk/test/unit/test_httpResponseTimeout.js
new file mode 100644
index 0000000000..c689abc2b5
--- /dev/null
+++ b/netwerk/test/unit/test_httpResponseTimeout.js
@@ -0,0 +1,162 @@
+/* -*- Mode: javascript; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var baseURL;
+const kResponseTimeoutPref = "network.http.response.timeout";
+const kResponseTimeout = 1;
+const kShortLivedKeepalivePref =
+  "network.http.tcp_keepalive.short_lived_connections";
+const kLongLivedKeepalivePref =
+  "network.http.tcp_keepalive.long_lived_connections";
+
+const prefService = Services.prefs;
+
+var server = new HttpServer();
+
+function TimeoutListener(expectResponse) {
+  this.expectResponse = expectResponse;
+}
+
+TimeoutListener.prototype = {
+  onStartRequest(request) {},
+
+  onDataAvailable(request, stream) {},
+
+  onStopRequest(request, status) {
+    if (this.expectResponse) {
+      Assert.equal(status, Cr.NS_OK);
+    } else {
+      Assert.equal(status, Cr.NS_ERROR_NET_TIMEOUT);
+    }
+
+    run_next_test();
+  },
+};
+
+function serverStopListener() {
+  do_test_finished();
+}
+
+function testTimeout(timeoutEnabled, expectResponse) {
+  // Set timeout pref.
+  if (timeoutEnabled) {
+    prefService.setIntPref(kResponseTimeoutPref, kResponseTimeout);
+  } else {
+    prefService.setIntPref(kResponseTimeoutPref, 0);
+  }
+
+  var chan = NetUtil.newChannel({
+    uri: baseURL,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  var listener = new TimeoutListener(expectResponse);
+  chan.asyncOpen(listener);
+}
+
+function testTimeoutEnabled() {
+  // Set a timeout value; expect a timeout and no response.
+  testTimeout(true, false);
+}
+
+function testTimeoutDisabled() {
+  // Set a timeout value of 0; expect a response.
+  testTimeout(false, true);
+}
+
+function testTimeoutDisabledByShortLivedKeepalives() {
+  // Enable TCP Keepalives for short lived HTTP connections.
+  prefService.setBoolPref(kShortLivedKeepalivePref, true);
+  prefService.setBoolPref(kLongLivedKeepalivePref, false);
+
+  // Try to set a timeout value, but expect a response without timeout.
+  testTimeout(true, true);
+}
+
+function testTimeoutDisabledByLongLivedKeepalives() {
+  // Enable TCP Keepalives for long lived HTTP connections.
+  prefService.setBoolPref(kShortLivedKeepalivePref, false);
+  prefService.setBoolPref(kLongLivedKeepalivePref, true);
+
+  // Try to set a timeout value, but expect a response without timeout.
+  testTimeout(true, true);
+}
+
+function testTimeoutDisabledByBothKeepalives() {
+  // Enable TCP Keepalives for short and long lived HTTP connections.
+  prefService.setBoolPref(kShortLivedKeepalivePref, true);
+  prefService.setBoolPref(kLongLivedKeepalivePref, true);
+
+  // Try to set a timeout value, but expect a response without timeout.
+  testTimeout(true, true);
+}
+
+function setup_tests() {
+  // Start tests with timeout enabled, i.e. disable TCP keepalives for HTTP.
+  // Reset pref in cleanup.
+  if (prefService.getBoolPref(kShortLivedKeepalivePref)) {
+    prefService.setBoolPref(kShortLivedKeepalivePref, false);
+    registerCleanupFunction(function () {
+      prefService.setBoolPref(kShortLivedKeepalivePref, true);
+    });
+  }
+  if (prefService.getBoolPref(kLongLivedKeepalivePref)) {
+    prefService.setBoolPref(kLongLivedKeepalivePref, false);
+    registerCleanupFunction(function () {
+      prefService.setBoolPref(kLongLivedKeepalivePref, true);
+    });
+  }
+
+  var tests = [
+    // Enable with a timeout value >0;
+    testTimeoutEnabled,
+    // Disable with a timeout value of 0;
+    testTimeoutDisabled,
+    // Disable by enabling TCP keepalive for short-lived HTTP connections.
+    testTimeoutDisabledByShortLivedKeepalives,
+    // Disable by enabling TCP keepalive for long-lived HTTP connections.
+    testTimeoutDisabledByLongLivedKeepalives,
+    // Disable by enabling TCP keepalive for both HTTP connection types.
+    testTimeoutDisabledByBothKeepalives,
+  ];
+
+  for (var i = 0; i < tests.length; i++) {
+    add_test(tests[i]);
+  }
+}
+
+function setup_http_server() {
+  // Start server; will be stopped at test cleanup time.
+  server.start(-1);
+  baseURL = "http://localhost:" + server.identity.primaryPort + "/";
+  info("Using baseURL: " + baseURL);
+  server.registerPathHandler("/", function (metadata, response) {
+    // Wait until the timeout should have passed, then respond.
+    response.processAsync();
+
+    do_timeout((kResponseTimeout + 1) * 1000 /* ms */, function () {
+      response.setStatusLine(metadata.httpVersion, 200, "OK");
+      response.write("Hello world");
+      response.finish();
+    });
+  });
+  registerCleanupFunction(function () {
+    server.stop(serverStopListener);
+  });
+}
+
+function run_test() {
+  setup_http_server();
+
+  setup_tests();
+
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_http_408_retry.js b/netwerk/test/unit/test_http_408_retry.js
new file mode 100644
index 0000000000..16392ab4bf
--- /dev/null
+++ b/netwerk/test/unit/test_http_408_retry.js
@@ -0,0 +1,92 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+async function loadURL(uri, flags) {
+  let chan = NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags = Ci.nsIChannel.LOAD_INITIAL_DOCUMENT_URI;
+
+  return new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((req, buff) => resolve({ req, buff }), null, flags)
+    );
+  });
+}
+
+add_task(async function test() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  async function check408retry(server) {
+    info(`Testing ${server.constructor.name}`);
+    await server.execute(`global.server_name = "${server.constructor.name}";`);
+    if (
+      server.constructor.name == "NodeHTTPServer" ||
+      server.constructor.name == "NodeHTTPSServer"
+    ) {
+      await server.registerPathHandler("/test", (req, resp) => {
+        let oldSock = global.socket;
+        global.socket = resp.socket;
+        if (global.socket == oldSock) {
+          // This function is handled within the httpserver where setTimeout is
+          // available.
+          // eslint-disable-next-line mozilla/no-arbitrary-setTimeout, no-undef
+          setTimeout(
+            arg => {
+              arg.writeHead(408);
+              arg.end("stuff");
+            },
+            1100,
+            resp
+          );
+          return;
+        }
+        resp.writeHead(200);
+        resp.end(global.server_name);
+      });
+    } else {
+      await server.registerPathHandler("/test", (req, resp) => {
+        global.socket = resp.socket;
+        if (!global.sent408) {
+          global.sent408 = true;
+          resp.writeHead(408);
+          resp.end("stuff");
+          return;
+        }
+        resp.writeHead(200);
+        resp.end(global.server_name);
+      });
+    }
+
+    async function load() {
+      let { req, buff } = await loadURL(
+        `${server.origin()}/test`,
+        CL_ALLOW_UNKNOWN_CL
+      );
+      equal(req.status, Cr.NS_OK);
+      equal(req.QueryInterface(Ci.nsIHttpChannel).responseStatus, 200);
+      equal(buff, server.constructor.name);
+      equal(
+        req.QueryInterface(Ci.nsIHttpChannel).protocolVersion,
+        server.constructor.name == "NodeHTTP2Server" ? "h2" : "http/1.1"
+      );
+    }
+
+    info("first load");
+    await load();
+    info("second load");
+    await load();
+  }
+
+  await with_node_servers(
+    [NodeHTTPServer, NodeHTTPSServer, NodeHTTP2Server],
+    check408retry
+  );
+});
diff --git a/netwerk/test/unit/test_http_headers.js b/netwerk/test/unit/test_http_headers.js
new file mode 100644
index 0000000000..b43cebea1f
--- /dev/null
+++ b/netwerk/test/unit/test_http_headers.js
@@ -0,0 +1,75 @@
+"use strict";
+
+function check_request_header(chan, name, value) {
+  var chanValue;
+  try {
+    chanValue = chan.getRequestHeader(name);
+  } catch (e) {
+    do_throw("Expected to find header '" + name + "' but didn't find it");
+  }
+  Assert.equal(chanValue, value);
+}
+
+function run_test() {
+  var chan = NetUtil.newChannel({
+    uri: "http://www.mozilla.org/",
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+
+  check_request_header(chan, "host", "www.mozilla.org");
+  check_request_header(chan, "Host", "www.mozilla.org");
+
+  chan.setRequestHeader("foopy", "bar", false);
+  check_request_header(chan, "foopy", "bar");
+
+  chan.setRequestHeader("foopy", "baz", true);
+  check_request_header(chan, "foopy", "bar, baz");
+
+  for (let i = 0; i < 100; ++i) {
+    chan.setRequestHeader("foopy" + i, i, false);
+  }
+
+  for (let i = 0; i < 100; ++i) {
+    check_request_header(chan, "foopy" + i, i);
+  }
+
+  var x = false;
+  try {
+    chan.setRequestHeader("foo:py", "baz", false);
+  } catch (e) {
+    x = true;
+  }
+  if (!x) {
+    do_throw("header with colon not rejected");
+  }
+
+  x = false;
+  try {
+    chan.setRequestHeader("foopy", "b\naz", false);
+  } catch (e) {
+    x = true;
+  }
+  if (!x) {
+    do_throw("header value with newline not rejected");
+  }
+
+  x = false;
+  try {
+    chan.setRequestHeader("foopy\u0080", "baz", false);
+  } catch (e) {
+    x = true;
+  }
+  if (!x) {
+    do_throw("header name with non-ASCII not rejected");
+  }
+
+  x = false;
+  try {
+    chan.setRequestHeader("foopy", "b\u0000az", false);
+  } catch (e) {
+    x = true;
+  }
+  if (!x) {
+    do_throw("header value with null-byte not rejected");
+  }
+}
diff --git a/netwerk/test/unit/test_http_server_timing.js b/netwerk/test/unit/test_http_server_timing.js
new file mode 100644
index 0000000000..c9d46797f3
--- /dev/null
+++ b/netwerk/test/unit/test_http_server_timing.js
@@ -0,0 +1,97 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* vim:set ts=2 sw=2 sts=2 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* eslint-env node */
+
+"use strict";
+
+const responseServerTiming = [
+  { metric: "metric", duration: "123.4", description: "description" },
+  { metric: "metric2", duration: "456.78", description: "description1" },
+];
+const trailerServerTiming = [
+  { metric: "metric3", duration: "789.11", description: "description2" },
+  { metric: "metric4", duration: "1112.13", description: "description3" },
+];
+
+let port;
+
+let server;
+add_task(async function setup() {
+  server = new NodeHTTPServer();
+  await server.start();
+  registerCleanupFunction(async () => {
+    await server.stop();
+  });
+  server.registerPathHandler("/", (req, res) => {
+    res.setHeader("Content-Type", "text/plain");
+    res.setHeader("Content-Length", "12");
+    res.setHeader("Transfer-Encoding", "chunked");
+    res.setHeader("Trailer", "Server-Timing");
+    res.setHeader(
+      "Server-Timing",
+      "metric; dur=123.4; desc=description, metric2; dur=456.78; desc=description1"
+    );
+    res.write("data reached");
+    res.addTrailers({
+      "Server-Timing":
+        "metric3; dur=789.11; desc=description2, metric4; dur=1112.13; desc=description3",
+    });
+    res.end();
+  });
+  port = server.port();
+});
+
+// Test that secure origins can use server-timing, even with plain http
+add_task(async function test_localhost_origin() {
+  let chan = NetUtil.newChannel({
+    uri: `http://localhost:${port}/`,
+    loadUsingSystemPrincipal: true,
+  });
+  await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => {
+        let channel = request.QueryInterface(Ci.nsITimedChannel);
+        let headers = channel.serverTiming.QueryInterface(Ci.nsIArray);
+        ok(headers.length);
+
+        let expectedResult = responseServerTiming.concat(trailerServerTiming);
+        Assert.equal(headers.length, expectedResult.length);
+
+        for (let i = 0; i < expectedResult.length; i++) {
+          let header = headers.queryElementAt(i, Ci.nsIServerTiming);
+          Assert.equal(header.name, expectedResult[i].metric);
+          Assert.equal(header.description, expectedResult[i].description);
+          Assert.equal(header.duration, parseFloat(expectedResult[i].duration));
+        }
+        resolve();
+      }, null)
+    );
+  });
+});
+
+// Test that insecure origins can't use server timing.
+add_task(async function test_http_non_localhost() {
+  Services.prefs.setBoolPref("network.dns.native-is-localhost", true);
+  registerCleanupFunction(async () => {
+    Services.prefs.clearUserPref("network.dns.native-is-localhost");
+  });
+
+  let chan = NetUtil.newChannel({
+    uri: `http://example.org:${port}/`,
+    loadUsingSystemPrincipal: true,
+  });
+  await new Promise(resolve => {
+    chan.asyncOpen(
+      new ChannelListener((request, buffer) => {
+        let channel = request.QueryInterface(Ci.nsITimedChannel);
+        let headers = channel.serverTiming.QueryInterface(Ci.nsIArray);
+        Assert.equal(headers.length, 0);
+        resolve();
+      }, null)
+    );
+  });
+});
diff --git a/netwerk/test/unit/test_http_sfv.js b/netwerk/test/unit/test_http_sfv.js
new file mode 100644
index 0000000000..4b7ec9893c
--- /dev/null
+++ b/netwerk/test/unit/test_http_sfv.js
@@ -0,0 +1,597 @@
+"use strict";
+
+const gService = Cc["@mozilla.org/http-sfv-service;1"].getService(
+  Ci.nsISFVService
+);
+
+add_task(async function test_sfv_bare_item() {
+  // tests bare item
+  let item_int = gService.newInteger(19);
+  Assert.equal(item_int.value, 19, "check bare item value");
+
+  let item_bool = gService.newBool(true);
+  Assert.equal(item_bool.value, true, "check bare item value");
+  item_bool.value = false;
+  Assert.equal(item_bool.value, false, "check bare item value");
+
+  let item_float = gService.newDecimal(145.45);
+  Assert.equal(item_float.value, 145.45);
+
+  let item_str = gService.newString("some_string");
+  Assert.equal(item_str.value, "some_string", "check bare item value");
+
+  let item_byte_seq = gService.newByteSequence("aGVsbG8=");
+  Assert.equal(item_byte_seq.value, "aGVsbG8=", "check bare item value");
+
+  let item_token = gService.newToken("*a");
+  Assert.equal(item_token.value, "*a", "check bare item value");
+});
+
+add_task(async function test_sfv_params() {
+  // test params
+  let params = gService.newParameters();
+  let bool_param = gService.newBool(false);
+  let int_param = gService.newInteger(15);
+  let decimal_param = gService.newDecimal(15.45);
+
+  params.set("bool_param", bool_param);
+  params.set("int_param", int_param);
+  params.set("decimal_param", decimal_param);
+
+  Assert.throws(
+    () => {
+      params.get("some_param");
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "must throw exception as key does not exist in parameters"
+  );
+  Assert.equal(
+    params.get("bool_param").QueryInterface(Ci.nsISFVBool).value,
+    false,
+    "get parameter by key and check its value"
+  );
+  Assert.equal(
+    params.get("int_param").QueryInterface(Ci.nsISFVInteger).value,
+    15,
+    "get parameter by key and check its value"
+  );
+  Assert.equal(
+    params.get("decimal_param").QueryInterface(Ci.nsISFVDecimal).value,
+    15.45,
+    "get parameter by key and check its value"
+  );
+  Assert.deepEqual(
+    params.keys(),
+    ["bool_param", "int_param", "decimal_param"],
+    "check that parameters contain all the expected keys"
+  );
+
+  params.delete("int_param");
+  Assert.deepEqual(
+    params.keys(),
+    ["bool_param", "decimal_param"],
+    "check that parameter has been deleted"
+  );
+
+  Assert.throws(
+    () => {
+      params.delete("some_param");
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "must throw exception upon attempt to delete by non-existing key"
+  );
+});
+
+add_task(async function test_sfv_inner_list() {
+  // create primitives for inner list
+  let item1_params = gService.newParameters();
+  item1_params.set("param_1", gService.newToken("*smth"));
+  let item1 = gService.newItem(gService.newDecimal(172.145865), item1_params);
+
+  let item2_params = gService.newParameters();
+  item2_params.set("param_1", gService.newBool(true));
+  item2_params.set("param_2", gService.newInteger(145454));
+  let item2 = gService.newItem(
+    gService.newByteSequence("weather"),
+    item2_params
+  );
+
+  // create inner list
+  let inner_list_params = gService.newParameters();
+  inner_list_params.set("inner_param", gService.newByteSequence("tests"));
+  let inner_list = gService.newInnerList([item1, item2], inner_list_params);
+
+  // check inner list members & params
+  let inner_list_members = inner_list.QueryInterface(Ci.nsISFVInnerList).items;
+  let inner_list_parameters = inner_list
+    .QueryInterface(Ci.nsISFVInnerList)
+    .params.QueryInterface(Ci.nsISFVParams);
+  Assert.equal(inner_list_members.length, 2, "check inner list length");
+
+  let inner_item1 = inner_list_members[0].QueryInterface(Ci.nsISFVItem);
+  Assert.equal(
+    inner_item1.value.QueryInterface(Ci.nsISFVDecimal).value,
+    172.145865,
+    "check inner list member value"
+  );
+
+  let inner_item2 = inner_list_members[1].QueryInterface(Ci.nsISFVItem);
+  Assert.equal(
+    inner_item2.value.QueryInterface(Ci.nsISFVByteSeq).value,
+    "weather",
+    "check inner list member value"
+  );
+
+  Assert.equal(
+    inner_list_parameters.get("inner_param").QueryInterface(Ci.nsISFVByteSeq)
+      .value,
+    "tests",
+    "get inner list parameter by key and check its value"
+  );
+});
+
+add_task(async function test_sfv_item() {
+  // create parameters for item
+  let params = gService.newParameters();
+  let param1 = gService.newBool(false);
+  let param2 = gService.newString("str_value");
+  let param3 = gService.newBool(true);
+  params.set("param_1", param1);
+  params.set("param_2", param2);
+  params.set("param_3", param3);
+
+  // create item field
+  let item = gService.newItem(gService.newToken("*abc"), params);
+
+  Assert.equal(
+    item.value.QueryInterface(Ci.nsISFVToken).value,
+    "*abc",
+    "check items's value"
+  );
+  Assert.equal(
+    item.params.get("param_1").QueryInterface(Ci.nsISFVBool).value,
+    false,
+    "get item parameter by key and check its value"
+  );
+  Assert.equal(
+    item.params.get("param_2").QueryInterface(Ci.nsISFVString).value,
+    "str_value",
+    "get item parameter by key and check its value"
+  );
+  Assert.equal(
+    item.params.get("param_3").QueryInterface(Ci.nsISFVBool).value,
+    true,
+    "get item parameter by key and check its value"
+  );
+
+  // check item field serialization
+  let serialized = item.serialize();
+  Assert.equal(
+    serialized,
+    `*abc;param_1=?0;param_2="str_value";param_3`,
+    "serialized output must match expected one"
+  );
+});
+
+add_task(async function test_sfv_list() {
+  // create primitives for List
+  let item1_params = gService.newParameters();
+  item1_params.set("param_1", gService.newToken("*smth"));
+  let item1 = gService.newItem(gService.newDecimal(145454.14568), item1_params);
+
+  let item2_params = gService.newParameters();
+  item2_params.set("param_1", gService.newBool(true));
+  let item2 = gService.newItem(
+    gService.newByteSequence("weather"),
+    item2_params
+  );
+
+  let inner_list = gService.newInnerList(
+    [item1, item2],
+    gService.newParameters()
+  );
+
+  // create list field
+  let list = gService.newList([item1, inner_list]);
+
+  // check list's members
+  let list_members = list.members;
+  Assert.equal(list_members.length, 2, "check list length");
+
+  // check list's member of item type
+  let member1 = list_members[0].QueryInterface(Ci.nsISFVItem);
+  Assert.equal(
+    member1.value.QueryInterface(Ci.nsISFVDecimal).value,
+    145454.14568,
+    "check list member's value"
+  );
+  let member1_parameters = member1.params;
+  Assert.equal(
+    member1_parameters.get("param_1").QueryInterface(Ci.nsISFVToken).value,
+    "*smth",
+    "get list member's parameter by key and check its value"
+  );
+
+  // check list's member of inner list type
+  let inner_list_members = list_members[1].QueryInterface(
+    Ci.nsISFVInnerList
+  ).items;
+  Assert.equal(inner_list_members.length, 2, "check inner list length");
+
+  let inner_item1 = inner_list_members[0].QueryInterface(Ci.nsISFVItem);
+  Assert.equal(
+    inner_item1.value.QueryInterface(Ci.nsISFVDecimal).value,
+    145454.14568,
+    "check inner list member's value"
+  );
+
+  let inner_item2 = inner_list_members[1].QueryInterface(Ci.nsISFVItem);
+  Assert.equal(
+    inner_item2.value.QueryInterface(Ci.nsISFVByteSeq).value,
+    "weather",
+    "check inner list member's value"
+  );
+
+  // check inner list member's params
+  list_members[1]
+    .QueryInterface(Ci.nsISFVInnerList)
+    .params.QueryInterface(Ci.nsISFVParams);
+
+  // check serialization of list field
+  let expected_serialized =
+    "145454.146;param_1=*smth, (145454.146;param_1=*smth :d2VhdGhlcg==:;param_1)";
+  let actual_serialized = list.serialize();
+  Assert.equal(
+    actual_serialized,
+    expected_serialized,
+    "serialized output must match expected one"
+  );
+});
+
+add_task(async function test_sfv_dictionary() {
+  // create primitives for dictionary field
+
+  // dict member1
+  let params1 = gService.newParameters();
+  params1.set("mp_1", gService.newBool(true));
+  params1.set("mp_2", gService.newDecimal(68.758602));
+  let member1 = gService.newItem(gService.newString("member_1"), params1);
+
+  // dict member2
+  let params2 = gService.newParameters();
+  let inner_item1 = gService.newItem(
+    gService.newString("inner_item_1"),
+    gService.newParameters()
+  );
+  let inner_item2 = gService.newItem(
+    gService.newToken("tok"),
+    gService.newParameters()
+  );
+  let member2 = gService.newInnerList([inner_item1, inner_item2], params2);
+
+  // dict member3
+  let params_3 = gService.newParameters();
+  params_3.set("mp_1", gService.newInteger(6586));
+  let member3 = gService.newItem(gService.newString("member_3"), params_3);
+
+  // create dictionary field
+  let dict = gService.newDictionary();
+  dict.set("key_1", member1);
+  dict.set("key_2", member2);
+  dict.set("key_3", member3);
+
+  // check dictionary keys
+  let expected = ["key_1", "key_2", "key_3"];
+  Assert.deepEqual(
+    expected,
+    dict.keys(),
+    "check dictionary contains all the expected keys"
+  );
+
+  // check dictionary members
+  Assert.throws(
+    () => {
+      dict.get("key_4");
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "must throw exception as key does not exist in dictionary"
+  );
+
+  // let dict_member1 = dict.get("key_1").QueryInterface(Ci.nsISFVItem);
+  let dict_member2 = dict.get("key_2").QueryInterface(Ci.nsISFVInnerList);
+  let dict_member3 = dict.get("key_3").QueryInterface(Ci.nsISFVItem);
+
+  // Assert.equal(
+  //   dict_member1.value.QueryInterface(Ci.nsISFVString).value,
+  //   "member_1",
+  //   "check dictionary member's value"
+  // );
+  // Assert.equal(
+  //   dict_member1.params.get("mp_1").QueryInterface(Ci.nsISFVBool).value,
+  //   true,
+  //   "get dictionary member's parameter by key and check its value"
+  // );
+  // Assert.equal(
+  //   dict_member1.params.get("mp_2").QueryInterface(Ci.nsISFVDecimal).value,
+  //   "68.758602",
+  //   "get dictionary member's parameter by key and check its value"
+  // );
+
+  let dict_member2_items = dict_member2.QueryInterface(
+    Ci.nsISFVInnerList
+  ).items;
+  let dict_member2_params = dict_member2
+    .QueryInterface(Ci.nsISFVInnerList)
+    .params.QueryInterface(Ci.nsISFVParams);
+  Assert.equal(
+    dict_member2_items[0]
+      .QueryInterface(Ci.nsISFVItem)
+      .value.QueryInterface(Ci.nsISFVString).value,
+    "inner_item_1",
+    "get dictionary member of inner list type, and check inner list member's value"
+  );
+  Assert.equal(
+    dict_member2_items[1]
+      .QueryInterface(Ci.nsISFVItem)
+      .value.QueryInterface(Ci.nsISFVToken).value,
+    "tok",
+    "get dictionary member of inner list type, and check inner list member's value"
+  );
+  Assert.throws(
+    () => {
+      dict_member2_params.get("some_param");
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "must throw exception as dict member's parameters are empty"
+  );
+
+  Assert.equal(
+    dict_member3.value.QueryInterface(Ci.nsISFVString).value,
+    "member_3",
+    "check dictionary member's value"
+  );
+  Assert.equal(
+    dict_member3.params.get("mp_1").QueryInterface(Ci.nsISFVInteger).value,
+    6586,
+    "get dictionary member's parameter by key and check its value"
+  );
+
+  // check serialization of Dictionary field
+  let expected_serialized = `key_1="member_1";mp_1;mp_2=68.759, key_2=("inner_item_1" tok), key_3="member_3";mp_1=6586`;
+  let actual_serialized = dict.serialize();
+  Assert.equal(
+    actual_serialized,
+    expected_serialized,
+    "serialized output must match expected one"
+  );
+
+  // check deleting dict member
+  dict.delete("key_2");
+  Assert.deepEqual(
+    dict.keys(),
+    ["key_1", "key_3"],
+    "check that dictionary member has been deleted"
+  );
+
+  Assert.throws(
+    () => {
+      dict.delete("some_key");
+    },
+    /NS_ERROR_UNEXPECTED/,
+    "must throw exception upon attempt to delete by non-existing key"
+  );
+});
+
+add_task(async function test_sfv_item_parsing() {
+  Assert.ok(gService.parseItem(`"str"`), "input must be parsed into Item");
+  Assert.ok(gService.parseItem("12.35;a "), "input must be parsed into Item");
+  Assert.ok(gService.parseItem("12.35;  a "), "input must be parsed into Item");
+  Assert.ok(gService.parseItem("12.35    "), "input must be parsed into Item");
+
+  Assert.throws(
+    () => {
+      gService.parseItem("12.35;\ta ");
+    },
+    /NS_ERROR_FAILURE/,
+    "item parsing must fail: invalid parameters delimiter"
+  );
+
+  Assert.throws(
+    () => {
+      gService.parseItem("125666.3565648855455");
+    },
+    /NS_ERROR_FAILURE/,
+    "item parsing must fail: decimal too long"
+  );
+});
+
+add_task(async function test_sfv_list_parsing() {
+  Assert.ok(
+    gService.parseList(
+      "(?1;param_1=*smth   :d2VhdGhlcg==:;param_1;param_2=145454);inner_param=:d2VpcmR0ZXN0cw==:"
+    ),
+    "input must be parsed into List"
+  );
+  Assert.ok("a, (b c)", "input must be parsed into List");
+
+  Assert.throws(() => {
+    gService.parseList("?tok", "list parsing must fail");
+  }, /NS_ERROR_FAILURE/);
+
+  Assert.throws(() => {
+    gService.parseList(
+      "a, (b, c)",
+      "list parsing must fail: invalid delimiter within inner list"
+    );
+  }, /NS_ERROR_FAILURE/);
+
+  Assert.throws(
+    () => {
+      gService.parseList("a, b c");
+    },
+    /NS_ERROR_FAILURE/,
+    "list parsing must fail: invalid delimiter"
+  );
+});
+
+add_task(async function test_sfv_dict_parsing() {
+  Assert.ok(
+    gService.parseDictionary(`abc=123;a=1;b=2, def=456, ghi=789;q=9;r="+w"`),
+    "input must be parsed into Dictionary"
+  );
+  Assert.ok(
+    gService.parseDictionary("a=1\t,\t\t\t   c=*"),
+    "input must be parsed into Dictionary"
+  );
+  Assert.ok(
+    gService.parseDictionary("a=1\t,\tc=*    \t\t"),
+    "input must be parsed into Dictionary"
+  );
+
+  Assert.throws(
+    () => {
+      gService.parseDictionary("a=1\t,\tc=*,");
+    },
+    /NS_ERROR_FAILURE/,
+    "dictionary parsing must fail: trailing comma"
+  );
+
+  Assert.throws(
+    () => {
+      gService.parseDictionary("a=1 c=*");
+    },
+    /NS_ERROR_FAILURE/,
+    "dictionary parsing must fail: invalid delimiter"
+  );
+
+  Assert.throws(
+    () => {
+      gService.parseDictionary("INVALID_key=1, c=*");
+    },
+    /NS_ERROR_FAILURE/,
+    "dictionary parsing must fail: invalid key format, can't be in uppercase"
+  );
+});
+
+add_task(async function test_sfv_list_parse_serialize() {
+  let list_field = gService.parseList("1  ,  42, (42 43)");
+  Assert.equal(
+    list_field.serialize(),
+    "1, 42, (42 43)",
+    "serialized output must match expected one"
+  );
+
+  // create new inner list with parameters
+  function params() {
+    let inner_list_params = gService.newParameters();
+    inner_list_params.set("key1", gService.newString("value1"));
+    inner_list_params.set("key2", gService.newBool(true));
+    inner_list_params.set("key3", gService.newBool(false));
+    return inner_list_params;
+  }
+
+  function changeMembers() {
+    // set one of list members to inner list and check it's serialized as expected
+    let members = list_field.members;
+    members[1] = gService.newInnerList(
+      [
+        gService.newItem(
+          gService.newDecimal(-1865.75653),
+          gService.newParameters()
+        ),
+        gService.newItem(gService.newToken("token"), gService.newParameters()),
+        gService.newItem(
+          gService.newString(`no"yes`),
+          gService.newParameters()
+        ),
+      ],
+      params()
+    );
+    return members;
+  }
+
+  list_field.members = changeMembers();
+
+  Assert.equal(
+    list_field.serialize(),
+    `1, (-1865.757 token "no\\"yes");key1="value1";key2;key3=?0, (42 43)`,
+    "update list member and check list is serialized as expected"
+  );
+});
+
+add_task(async function test_sfv_dict_parse_serialize() {
+  let dict_field = gService.parseDictionary(
+    "a=1,     b; foo=*, \tc=3, \t     \tabc=123;a=1;b=2\t"
+  );
+  Assert.equal(
+    dict_field.serialize(),
+    "a=1, b;foo=*, c=3, abc=123;a=1;b=2",
+    "serialized output must match expected one"
+  );
+
+  // set new value for existing dict's key
+  dict_field.set(
+    "a",
+    gService.newItem(gService.newInteger(165), gService.newParameters())
+  );
+
+  // add new member to dict
+  dict_field.set(
+    "key",
+    gService.newItem(gService.newDecimal(45.0), gService.newParameters())
+  );
+
+  // check dict is serialized properly after the above changes
+  Assert.equal(
+    dict_field.serialize(),
+    "a=165, b;foo=*, c=3, abc=123;a=1;b=2, key=45.0",
+    "update dictionary members and dictionary list is serialized as expected"
+  );
+});
+
+add_task(async function test_sfv_list_parse_more() {
+  // check parsing of multiline header of List type
+  let list_field = gService.parseList("(12 abc), 12.456\t\t   ");
+  list_field.parseMore("11, 15, tok");
+  Assert.equal(
+    list_field.serialize(),
+    "(12 abc), 12.456, 11, 15, tok",
+    "multi-line field value parsed and serialized successfully"
+  );
+
+  // should fail parsing one more line
+  Assert.throws(
+    () => {
+      list_field.parseMore("(tk\t1)");
+    },
+    /NS_ERROR_FAILURE/,
+    "line parsing must fail: invalid delimiter in inner list"
+  );
+  Assert.equal(
+    list_field.serialize(),
+    "(12 abc), 12.456, 11, 15, tok",
+    "parsed value must not change if parsing one more line of header fails"
+  );
+});
+
+add_task(async function test_sfv_dict_parse_more() {
+  // check parsing of multiline header of Dictionary type
+  let dict_field = gService.parseDictionary("");
+  dict_field.parseMore("key2=?0, key3=?1, key4=itm");
+  dict_field.parseMore("key1,    key5=11, key4=45");
+
+  Assert.equal(
+    dict_field.serialize(),
+    "key2=?0, key3, key4=45, key1, key5=11",
+    "multi-line field value parsed and serialized successfully"
+  );
+
+  // should fail parsing one more line
+  Assert.throws(
+    () => {
+      dict_field.parseMore("c=12, _k=13");
+    },
+    /NS_ERROR_FAILURE/,
+    "line parsing must fail: invalid key format"
+  );
+});
diff --git a/netwerk/test/unit/test_httpauth.js b/netwerk/test/unit/test_httpauth.js
new file mode 100644
index 0000000000..9c9de82618
--- /dev/null
+++ b/netwerk/test/unit/test_httpauth.js
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This test makes sure the HTTP authenticated sessions are correctly cleared
+// when entering and leaving the private browsing mode.
+
+"use strict";
+
+function run_test() {
+  var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
+    Ci.nsIHttpAuthManager
+  );
+
+  const kHost1 = "pbtest3.example.com";
+  const kHost2 = "pbtest4.example.com";
+  const kPort = 80;
+  const kHTTP = "http";
+  const kBasic = "basic";
+  const kRealm = "realm";
+  const kDomain = "example.com";
+  const kUser = "user";
+  const kUser2 = "user2";
+  const kPassword = "pass";
+  const kPassword2 = "pass2";
+  const kEmpty = "";
+
+  const PRIVATE = true;
+  const NOT_PRIVATE = false;
+
+  try {
+    var domain = { value: kEmpty },
+      user = { value: kEmpty },
+      pass = { value: kEmpty };
+    // simulate a login via HTTP auth outside of the private mode
+    am.setAuthIdentity(
+      kHTTP,
+      kHost1,
+      kPort,
+      kBasic,
+      kRealm,
+      kEmpty,
+      kDomain,
+      kUser,
+      kPassword
+    );
+    // make sure the recently added auth entry is available outside the private browsing mode
+    am.getAuthIdentity(
+      kHTTP,
+      kHost1,
+      kPort,
+      kBasic,
+      kRealm,
+      kEmpty,
+      domain,
+      user,
+      pass,
+      NOT_PRIVATE
+    );
+    Assert.equal(domain.value, kDomain);
+    Assert.equal(user.value, kUser);
+    Assert.equal(pass.value, kPassword);
+
+    // make sure the added auth entry is no longer accessible in private
+    domain = { value: kEmpty };
+    user = { value: kEmpty };
+    pass = { value: kEmpty };
+    try {
+      // should throw
+      am.getAuthIdentity(
+        kHTTP,
+        kHost1,
+        kPort,
+        kBasic,
+        kRealm,
+        kEmpty,
+        domain,
+        user,
+        pass,
+        PRIVATE
+      );
+      do_throw(
+        "Auth entry should not be retrievable after entering the private browsing mode"
+      );
+    } catch (e) {
+      Assert.equal(domain.value, kEmpty);
+      Assert.equal(user.value, kEmpty);
+      Assert.equal(pass.value, kEmpty);
+    }
+
+    // simulate a login via HTTP auth inside of the private mode
+    am.setAuthIdentity(
+      kHTTP,
+      kHost2,
+      kPort,
+      kBasic,
+      kRealm,
+      kEmpty,
+      kDomain,
+      kUser2,
+      kPassword2,
+      PRIVATE
+    );
+    // make sure the recently added auth entry is available inside the private browsing mode
+    domain = { value: kEmpty };
+    user = { value: kEmpty };
+    pass = { value: kEmpty };
+    am.getAuthIdentity(
+      kHTTP,
+      kHost2,
+      kPort,
+      kBasic,
+      kRealm,
+      kEmpty,
+      domain,
+      user,
+      pass,
+      PRIVATE
+    );
+    Assert.equal(domain.value, kDomain);
+    Assert.equal(user.value, kUser2);
+    Assert.equal(pass.value, kPassword2);
+
+    try {
+      // make sure the recently added auth entry is not available outside the private browsing mode
+      domain = { value: kEmpty };
+      user = { value: kEmpty };
+      pass = { value: kEmpty };
+      am.getAuthIdentity(
+        kHTTP,
+        kHost2,
+        kPort,
+        kBasic,
+        kRealm,
+        kEmpty,
+        domain,
+        user,
+        pass,
+        NOT_PRIVATE
+      );
+      do_throw(
+        "Auth entry should not be retrievable outside of private browsing mode"
+      );
+    } catch (x) {
+      Assert.equal(domain.value, kEmpty);
+      Assert.equal(user.value, kEmpty);
+      Assert.equal(pass.value, kEmpty);
+    }
+
+    // simulate leaving private browsing mode
+    Services.obs.notifyObservers(null, "last-pb-context-exited");
+
+    // make sure the added auth entry is no longer accessible in any privacy state
+    domain = { value: kEmpty };
+    user = { value: kEmpty };
+    pass = { value: kEmpty };
+    try {
+      // should throw (not available in public mode)
+      am.getAuthIdentity(
+        kHTTP,
+        kHost2,
+        kPort,
+        kBasic,
+        kRealm,
+        kEmpty,
+        domain,
+        user,
+        pass,
+        NOT_PRIVATE
+      );
+      do_throw(
+        "Auth entry should not be retrievable after exiting the private browsing mode"
+      );
+    } catch (e) {
+      Assert.equal(domain.value, kEmpty);
+      Assert.equal(user.value, kEmpty);
+      Assert.equal(pass.value, kEmpty);
+    }
+    try {
+      // should throw (no longer available in private mode)
+      am.getAuthIdentity(
+        kHTTP,
+        kHost2,
+        kPort,
+        kBasic,
+        kRealm,
+        kEmpty,
+        domain,
+        user,
+        pass,
+        PRIVATE
+      );
+      do_throw(
+        "Auth entry should not be retrievable in private mode after exiting the private browsing mode"
+      );
+    } catch (x) {
+      Assert.equal(domain.value, kEmpty);
+      Assert.equal(user.value, kEmpty);
+      Assert.equal(pass.value, kEmpty);
+    }
+  } catch (e) {
+    do_throw("Unexpected exception while testing HTTP auth manager: " + e);
+  }
+}
diff --git a/netwerk/test/unit/test_httpcancel.js b/netwerk/test/unit/test_httpcancel.js
new file mode 100644
index 0000000000..04958ffd2b
--- /dev/null
+++ b/netwerk/test/unit/test_httpcancel.js
@@ -0,0 +1,261 @@
+// This file ensures that canceling a channel early does not
+// send the request to the server (bug 350790)
+//
+// I've also shoehorned in a test that ENSURE_CALLED_BEFORE_CONNECT works as
+// expected: see comments that start with ENSURE_CALLED_BEFORE_CONNECT:
+//
+// This test also checks that cancelling a channel before asyncOpen, after
+// onStopRequest, or during onDataAvailable works as expected.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const reason = "testing";
+
+function inChildProcess() {
+  return Services.appinfo.processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
+}
+
+var ios = Services.io;
+var ReferrerInfo = Components.Constructor(
+  "@mozilla.org/referrer-info;1",
+  "nsIReferrerInfo",
+  "init"
+);
+var observer = {
+  QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+
+  observe(subject, topic, data) {
+    subject = subject.QueryInterface(Ci.nsIRequest);
+    subject.cancelWithReason(Cr.NS_BINDING_ABORTED, reason);
+
+    // ENSURE_CALLED_BEFORE_CONNECT: setting values should still work
+    try {
+      subject.QueryInterface(Ci.nsIHttpChannel);
+      let currentReferrer = subject.getRequestHeader("Referer");
+      Assert.equal(currentReferrer, "http://site1.com/");
+      var uri = ios.newURI("http://site2.com");
+      subject.referrerInfo = new ReferrerInfo(
+        Ci.nsIReferrerInfo.EMPTY,
+        true,
+        uri
+      );
+    } catch (ex) {
+      do_throw("Exception: " + ex);
+    }
+  },
+};
+
+let cancelDuringOnStartListener = {
+  onStartRequest: function test_onStartR(request) {
+    Assert.equal(request.status, Cr.NS_BINDING_ABORTED);
+    // We didn't sync the reason to child process.
+    if (!inChildProcess()) {
+      Assert.equal(request.canceledReason, reason);
+    }
+
+    // ENSURE_CALLED_BEFORE_CONNECT: setting referrer should now fail
+    try {
+      request.QueryInterface(Ci.nsIHttpChannel);
+      let currentReferrer = request.getRequestHeader("Referer");
+      Assert.equal(currentReferrer, "http://site2.com/");
+      var uri = ios.newURI("http://site3.com/");
+
+      // Need to set NECKO_ERRORS_ARE_FATAL=0 else we'll abort process
+      Services.env.set("NECKO_ERRORS_ARE_FATAL", "0");
+      // we expect setting referrer to fail
+      try {
+        request.referrerInfo = new ReferrerInfo(
+          Ci.nsIReferrerInfo.EMPTY,
+          true,
+          uri
+        );
+        do_throw("Error should have been thrown before getting here");
+      } catch (ex) {}
+    } catch (ex) {
+      do_throw("Exception: " + ex);
+    }
+  },
+
+  onDataAvailable: function test_ODA() {
+    do_throw("Should not get any data!");
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    this.resolved();
+  },
+};
+
+var cancelDuringOnDataListener = {
+  data: "",
+  channel: null,
+  receivedSomeData: null,
+  onStartRequest: function test_onStartR(request, ctx) {
+    Assert.equal(request.status, Cr.NS_OK);
+  },
+
+  onDataAvailable: function test_ODA(request, stream, offset, count) {
+    let string = NetUtil.readInputStreamToString(stream, count);
+    Assert.ok(!string.includes("b"));
+    this.data += string;
+    this.channel.cancel(Cr.NS_BINDING_ABORTED);
+    if (this.receivedSomeData) {
+      this.receivedSomeData();
+    }
+  },
+
+  onStopRequest: function test_onStopR(request, ctx, status) {
+    Assert.ok(this.data.includes("a"), `data: ${this.data}`);
+    Assert.equal(request.status, Cr.NS_BINDING_ABORTED);
+    this.resolved();
+  },
+};
+
+function makeChan(url) {
+  var chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+
+  // ENSURE_CALLED_BEFORE_CONNECT: set original value
+  var uri = ios.newURI("http://site1.com");
+  chan.referrerInfo = new ReferrerInfo(Ci.nsIReferrerInfo.EMPTY, true, uri);
+  return chan;
+}
+
+var httpserv = null;
+
+add_task(async function setup() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/failtest", failtest);
+  httpserv.registerPathHandler("/cancel_middle", cancel_middle);
+  httpserv.registerPathHandler("/normal_response", normal_response);
+  httpserv.start(-1);
+
+  registerCleanupFunction(async () => {
+    await new Promise(resolve => httpserv.stop(resolve));
+  });
+});
+
+add_task(async function test_cancel_during_onModifyRequest() {
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/failtest"
+  );
+
+  if (!inChildProcess()) {
+    Services.obs.addObserver(observer, "http-on-modify-request");
+  } else {
+    do_send_remote_message("register-observer");
+    await do_await_remote_message("register-observer-done");
+  }
+
+  await new Promise(resolve => {
+    cancelDuringOnStartListener.resolved = resolve;
+    chan.asyncOpen(cancelDuringOnStartListener);
+  });
+
+  if (!inChildProcess()) {
+    Services.obs.removeObserver(observer, "http-on-modify-request");
+  } else {
+    do_send_remote_message("unregister-observer");
+    await do_await_remote_message("unregister-observer-done");
+  }
+});
+
+add_task(async function test_cancel_before_asyncOpen() {
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/failtest"
+  );
+
+  chan.cancel(Cr.NS_BINDING_ABORTED);
+
+  Assert.throws(
+    () => {
+      chan.asyncOpen(cancelDuringOnStartListener);
+    },
+    /NS_BINDING_ABORTED/,
+    "cannot open if already cancelled"
+  );
+});
+
+add_task(async function test_cancel_during_onData() {
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/cancel_middle"
+  );
+
+  await new Promise(resolve => {
+    cancelDuringOnDataListener.resolved = resolve;
+    cancelDuringOnDataListener.channel = chan;
+    chan.asyncOpen(cancelDuringOnDataListener);
+  });
+});
+
+var cancelAfterOnStopListener = {
+  data: "",
+  channel: null,
+  onStartRequest: function test_onStartR(request, ctx) {
+    Assert.equal(request.status, Cr.NS_OK);
+  },
+
+  onDataAvailable: function test_ODA(request, stream, offset, count) {
+    let string = NetUtil.readInputStreamToString(stream, count);
+    this.data += string;
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    info("onStopRequest");
+    Assert.equal(request.status, Cr.NS_OK);
+    this.resolved();
+  },
+};
+
+add_task(async function test_cancel_after_onStop() {
+  var chan = makeChan(
+    "http://localhost:" + httpserv.identity.primaryPort + "/normal_response"
+  );
+
+  await new Promise(resolve => {
+    cancelAfterOnStopListener.resolved = resolve;
+    cancelAfterOnStopListener.channel = chan;
+    chan.asyncOpen(cancelAfterOnStopListener);
+  });
+  Assert.equal(chan.status, Cr.NS_OK);
+
+  // For now it's unclear if cancelling after onStop should throw,
+  // silently fail, or overwrite the channel's status as we currently do.
+  // See discussion in bug 1553083
+  chan.cancel(Cr.NS_BINDING_ABORTED);
+  Assert.equal(chan.status, Cr.NS_BINDING_ABORTED);
+});
+
+// PATHS
+
+// /failtest
+function failtest(metadata, response) {
+  do_throw("This should not be reached");
+}
+
+function cancel_middle(metadata, response) {
+  response.processAsync();
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  let str1 = "a".repeat(128 * 1024);
+  response.write(str1, str1.length);
+  response.bodyOutputStream.flush();
+
+  let p = new Promise(resolve => {
+    cancelDuringOnDataListener.receivedSomeData = resolve;
+  });
+  p.then(() => {
+    let str2 = "b".repeat(128 * 1024);
+    response.write(str2, str2.length);
+    response.finish();
+  });
+}
+
+function normal_response(metadata, response) {
+  response.setStatusLine(metadata.httpVersion, 200, "OK");
+  let str1 = "Is this normal?";
+  response.write(str1, str1.length);
+}
diff --git a/netwerk/test/unit/test_https_rr_ech_prefs.js b/netwerk/test/unit/test_https_rr_ech_prefs.js
new file mode 100644
index 0000000000..f70c672dde
--- /dev/null
+++ b/netwerk/test/unit/test_https_rr_ech_prefs.js
@@ -0,0 +1,535 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let trrServer;
+
+function setup() {
+  trr_test_setup();
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+}
+
+setup();
+registerCleanupFunction(async () => {
+  trr_clear_prefs();
+  Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+  Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+  Services.prefs.clearUserPref("network.dns.http3_echconfig.enabled");
+  Services.prefs.clearUserPref("network.http.http3.enable");
+  Services.prefs.clearUserPref("network.http.http2.enabled");
+  if (trrServer) {
+    await trrServer.stop();
+  }
+});
+
+function checkResult(inRecord, noHttp2, noHttp3, result) {
+  if (!result) {
+    Assert.throws(
+      () => {
+        inRecord
+          .QueryInterface(Ci.nsIDNSHTTPSSVCRecord)
+          .GetServiceModeRecord(noHttp2, noHttp3);
+      },
+      /NS_ERROR_NOT_AVAILABLE/,
+      "Should get an error"
+    );
+    return;
+  }
+
+  let record = inRecord
+    .QueryInterface(Ci.nsIDNSHTTPSSVCRecord)
+    .GetServiceModeRecord(noHttp2, noHttp3);
+  Assert.equal(record.priority, result.expectedPriority);
+  Assert.equal(record.name, result.expectedName);
+  Assert.equal(record.selectedAlpn, result.expectedAlpn);
+}
+
+// Test configuration:
+//   There are two records: one has a echConfig and the other doesn't.
+// We want to test if the record with echConfig is preferred.
+add_task(async function testEchConfigEnabled() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+
+  await trrServer.registerDoHAnswers("test.bar.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.bar.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.bar_1.com",
+          values: [{ key: "alpn", value: ["h3-29"] }],
+        },
+      },
+      {
+        name: "test.bar.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.bar_2.com",
+          values: [
+            { key: "alpn", value: ["h2"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.bar.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.bar_1.com",
+    expectedAlpn: "h3-29",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.bar_2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.bar_1.com",
+    expectedAlpn: "h3-29",
+  });
+  checkResult(inRecord, true, true);
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.dns.clearCache(true);
+
+  ({ inRecord } = await new TRRDNSListener("test.bar.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 2,
+    expectedName: "test.bar_2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.bar_2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.bar_1.com",
+    expectedAlpn: "h3-29",
+  });
+  checkResult(inRecord, true, true);
+
+  await trrServer.stop();
+  trrServer = null;
+});
+
+// Test configuration:
+//   There are two records: both have echConfigs, and only one supports h3.
+// This test is about testing which record should we get when
+// network.dns.http3_echconfig.enabled is true and false.
+// When network.dns.http3_echconfig.enabled is false, we should try to
+// connect with h2 and echConfig.
+add_task(async function testTwoRecordsHaveEchConfig() {
+  Services.dns.clearCache(true);
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.foo.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.foo_h3.com",
+          values: [
+            { key: "alpn", value: ["h3"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.foo_h2.com",
+          values: [
+            { key: "alpn", value: ["h2"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true);
+
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+  Services.dns.clearCache(true);
+  ({ inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true);
+
+  await trrServer.stop();
+  trrServer = null;
+});
+
+// Test configuration:
+//   There are two records: both have echConfigs, and one supports h3 and h2.
+// When network.dns.http3_echconfig.enabled is false, we should use the record
+// that supports h3 and h2 (the alpn is h2).
+add_task(async function testTwoRecordsHaveEchConfig1() {
+  Services.dns.clearCache(true);
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.foo.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.foo_h3.com",
+          values: [
+            { key: "alpn", value: ["h3", "h2"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.foo_h2.com",
+          values: [
+            { key: "alpn", value: ["h2", "http/1.1"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "http/1.1",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "http/1.1",
+  });
+
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+  Services.dns.clearCache(true);
+  ({ inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "http/1.1",
+  });
+
+  await trrServer.stop();
+  trrServer = null;
+});
+
+// Test configuration:
+//   There are two records: only one support h3 and only one has echConfig.
+// This test is about never usng the record without echConfig.
+add_task(async function testOneRecordsHasEchConfig() {
+  Services.dns.clearCache(true);
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.foo.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.foo_h3.com",
+          values: [
+            { key: "alpn", value: ["h3"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.foo_h2.com",
+          values: [{ key: "alpn", value: ["h2"] }],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true);
+
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+  Services.dns.clearCache(true);
+  ({ inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 2,
+    expectedName: "test.foo_h2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true);
+
+  await trrServer.stop();
+  trrServer = null;
+});
+
+// Test the case that "network.http.http3.enable" and
+// "network.http.http2.enabled" are true/false.
+add_task(async function testHttp3AndHttp2Pref() {
+  Services.dns.clearCache(true);
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setBoolPref("network.http.http3.enable", false);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.foo.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.foo_h3.com",
+          values: [
+            { key: "alpn", value: ["h3", "h2"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+      {
+        name: "test.foo.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.foo_h2.com",
+          values: [
+            { key: "alpn", value: ["h2"] },
+            { key: "echconfig", value: "456..." },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.foo.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false);
+  checkResult(inRecord, true, true);
+
+  Services.prefs.setBoolPref("network.http.http2.enabled", false);
+  checkResult(inRecord, false, false);
+
+  Services.prefs.setBoolPref("network.http.http3.enable", true);
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true);
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.foo_h3.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true);
+
+  await trrServer.stop();
+  trrServer = null;
+});
diff --git a/netwerk/test/unit/test_https_rr_sorted_alpn.js b/netwerk/test/unit/test_https_rr_sorted_alpn.js
new file mode 100644
index 0000000000..95284de0c3
--- /dev/null
+++ b/netwerk/test/unit/test_https_rr_sorted_alpn.js
@@ -0,0 +1,226 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let trrServer;
+
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+add_setup(async function setup() {
+  trr_test_setup();
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.http.http3.support_version1");
+    Services.prefs.clearUserPref("security.tls.version.max");
+    if (trrServer) {
+      await trrServer.stop();
+    }
+  });
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+});
+
+function checkResult(inRecord, noHttp2, noHttp3, result) {
+  if (!result) {
+    Assert.throws(
+      () => {
+        inRecord
+          .QueryInterface(Ci.nsIDNSHTTPSSVCRecord)
+          .GetServiceModeRecord(noHttp2, noHttp3);
+      },
+      /NS_ERROR_NOT_AVAILABLE/,
+      "Should get an error"
+    );
+    return;
+  }
+
+  let record = inRecord
+    .QueryInterface(Ci.nsIDNSHTTPSSVCRecord)
+    .GetServiceModeRecord(noHttp2, noHttp3);
+  Assert.equal(record.priority, result.expectedPriority);
+  Assert.equal(record.name, result.expectedName);
+  Assert.equal(record.selectedAlpn, result.expectedAlpn);
+}
+
+add_task(async function testSortedAlpnH3() {
+  Services.dns.clearCache(true);
+
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.http.http3.support_version1", true);
+  await trrServer.registerDoHAnswers("test.alpn.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.alpn.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.alpn.com",
+          values: [{ key: "alpn", value: ["h2", "http/1.1", "h3-30", "h3"] }],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.alpn.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "http/1.1",
+  });
+
+  Services.prefs.setBoolPref("network.http.http3.support_version1", false);
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3-30",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3-30",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "http/1.1",
+  });
+  Services.prefs.setBoolPref("network.http.http3.support_version1", true);
+
+  // Disable TLS1.3
+  Services.prefs.setIntPref("security.tls.version.max", 3);
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "http/1.1",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "http/1.1",
+  });
+
+  // Enable TLS1.3
+  Services.prefs.setIntPref("security.tls.version.max", 4);
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "h3",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn.com",
+    expectedAlpn: "http/1.1",
+  });
+});
+
+add_task(async function testSortedAlpnH2() {
+  Services.dns.clearCache(true);
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  await trrServer.registerDoHAnswers("test.alpn_2.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.alpn_2.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.alpn_2.com",
+          values: [{ key: "alpn", value: ["http/1.1", "h2"] }],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.alpn_2.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  checkResult(inRecord, false, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn_2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, false, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn_2.com",
+    expectedAlpn: "h2",
+  });
+  checkResult(inRecord, true, false, {
+    expectedPriority: 1,
+    expectedName: "test.alpn_2.com",
+    expectedAlpn: "http/1.1",
+  });
+  checkResult(inRecord, true, true, {
+    expectedPriority: 1,
+    expectedName: "test.alpn_2.com",
+    expectedAlpn: "http/1.1",
+  });
+
+  await trrServer.stop();
+  trrServer = null;
+});
diff --git a/netwerk/test/unit/test_httpssvc_ech_with_alpn.js b/netwerk/test/unit/test_httpssvc_ech_with_alpn.js
new file mode 100644
index 0000000000..fbd9768daf
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_ech_with_alpn.js
@@ -0,0 +1,246 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let trrServer;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+add_setup(async function setup() {
+  // Allow telemetry probes which may otherwise be disabled for some
+  // applications (e.g. Thunderbird).
+  Services.prefs.setBoolPref(
+    "toolkit.telemetry.testing.overrideProductsCheck",
+    true
+  );
+
+  trr_test_setup();
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", false);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRONLY);
+
+  // Set the server to always select http/1.1
+  Services.env.set("MOZ_TLS_ECH_ALPN_FLAG", 1);
+
+  await asyncStartTLSTestServer(
+    "EncryptedClientHelloServer",
+    "../../../security/manager/ssl/tests/unit/test_encrypted_client_hello"
+  );
+});
+
+registerCleanupFunction(async () => {
+  trr_clear_prefs();
+  Services.prefs.clearUserPref("network.trr.mode");
+  Services.prefs.clearUserPref("network.trr.uri");
+  Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+  Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+  Services.prefs.clearUserPref("network.dns.http3_echconfig.enabled");
+  Services.prefs.clearUserPref(
+    "network.dns.echconfig.fallback_to_origin_when_all_failed"
+  );
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.dns.port_prefixed_qname_https_rr");
+  Services.env.set("MOZ_TLS_ECH_ALPN_FLAG", "");
+  if (trrServer) {
+    await trrServer.stop();
+  }
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+      resolve([req, buffer]);
+    }
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+function ActivityObserver() {}
+
+ActivityObserver.prototype = {
+  activites: [],
+  observeConnectionActivity(
+    aHost,
+    aPort,
+    aSSL,
+    aHasECH,
+    aIsHttp3,
+    aActivityType,
+    aActivitySubtype,
+    aTimestamp,
+    aExtraStringData
+  ) {
+    dump(
+      "*** Connection Activity 0x" +
+        aActivityType.toString(16) +
+        " 0x" +
+        aActivitySubtype.toString(16) +
+        " " +
+        aExtraStringData +
+        "\n"
+    );
+    this.activites.push({ host: aHost, subType: aActivitySubtype });
+  },
+};
+
+function checkHttpActivities(activites) {
+  let foundDNSAndSocket = false;
+  let foundSettingECH = false;
+  let foundConnectionCreated = false;
+  for (let activity of activites) {
+    switch (activity.subType) {
+      case Ci.nsIHttpActivityObserver.ACTIVITY_SUBTYPE_DNSANDSOCKET_CREATED:
+      case Ci.nsIHttpActivityObserver
+        .ACTIVITY_SUBTYPE_SPECULATIVE_DNSANDSOCKET_CREATED:
+        foundDNSAndSocket = true;
+        break;
+      case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_ECH_SET:
+        foundSettingECH = true;
+        break;
+      case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_CONNECTION_CREATED:
+        foundConnectionCreated = true;
+        break;
+      default:
+        break;
+    }
+  }
+
+  Assert.equal(foundDNSAndSocket, true, "Should have one DnsAndSock created");
+  Assert.equal(foundSettingECH, true, "Should have echConfig");
+  Assert.equal(
+    foundConnectionCreated,
+    true,
+    "Should have one connection created"
+  );
+}
+
+async function testWrapper(alpnAdvertisement) {
+  const ECH_CONFIG_FIXED =
+    "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  let observerService = Cc[
+    "@mozilla.org/network/http-activity-distributor;1"
+  ].getService(Ci.nsIHttpActivityDistributor);
+  let observer = new ActivityObserver();
+  observerService.addObserver(observer);
+  observerService.observeConnection = true;
+
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  // Only the last record is valid to use.
+  await trrServer.registerDoHAnswers("ech-private.example.com", "HTTPS", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "ech-private.example.com",
+          values: [
+            { key: "alpn", value: alpnAdvertisement },
+            { key: "port", value: 8443 },
+            {
+              key: "echconfig",
+              value: ECH_CONFIG_FIXED,
+              needBase64Decode: true,
+            },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("ech-private.example.com", "A", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("ech-private.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  HandshakeTelemetryHelpers.resetHistograms();
+  let chan = makeChan(`https://ech-private.example.com`);
+  await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  let securityInfo = chan.securityInfo;
+  Assert.ok(securityInfo.isAcceptedEch, "This host should have accepted ECH");
+
+  // Only check telemetry if network process is disabled.
+  if (!mozinfo.socketprocess_networking) {
+    HandshakeTelemetryHelpers.checkSuccess(["", "_ECH", "_FIRST_TRY"]);
+    HandshakeTelemetryHelpers.checkEmpty(["_CONSERVATIVE", "_ECH_GREASE"]);
+  }
+
+  await trrServer.stop();
+  observerService.removeObserver(observer);
+  observerService.observeConnection = false;
+
+  let filtered = observer.activites.filter(
+    activity => activity.host === "ech-private.example.com"
+  );
+  checkHttpActivities(filtered);
+}
+
+add_task(async function h1Advertised() {
+  await testWrapper(["http/1.1"]);
+});
+
+add_task(async function h2Advertised() {
+  await testWrapper(["h2"]);
+});
+
+add_task(async function h3Advertised() {
+  await testWrapper(["h3"]);
+});
+
+add_task(async function h1h2Advertised() {
+  await testWrapper(["http/1.1", "h2"]);
+});
+
+add_task(async function h2h3Advertised() {
+  await testWrapper(["h3", "h2"]);
+});
+
+add_task(async function unknownAdvertised() {
+  await testWrapper(["foo"]);
+});
diff --git a/netwerk/test/unit/test_httpssvc_https_upgrade.js b/netwerk/test/unit/test_httpssvc_https_upgrade.js
new file mode 100644
index 0000000000..837006767c
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_https_upgrade.js
@@ -0,0 +1,352 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+const ReferrerInfo = Components.Constructor(
+  "@mozilla.org/referrer-info;1",
+  "nsIReferrerInfo",
+  "init"
+);
+
+add_setup(async function setup() {
+  trr_test_setup();
+
+  let h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    "https://foo.example.com:" + h2Port + "/httpssvc_as_altsvc"
+  );
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+
+  Services.prefs.setBoolPref(
+    "network.dns.use_https_rr_for_speculative_connection",
+    true
+  );
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+    Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+    Services.prefs.clearUserPref(
+      "network.dns.use_https_rr_for_speculative_connection"
+    );
+    Services.prefs.clearUserPref("network.dns.notifyResolution");
+    Services.prefs.clearUserPref("network.dns.disablePrefetch");
+  });
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+// When observer is specified, the channel will be suspended when receiving
+// "http-on-modify-request".
+function channelOpenPromise(chan, flags, observer) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+      resolve([req, buffer]);
+    }
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+
+    if (observer) {
+      let topic = "http-on-modify-request";
+      Services.obs.addObserver(observer, topic);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+class EventSinkListener {
+  getInterface(iid) {
+    if (iid.equals(Ci.nsIChannelEventSink)) {
+      return this;
+    }
+    throw Components.Exception("", Cr.NS_ERROR_NO_INTERFACE);
+  }
+  asyncOnChannelRedirect(oldChan, newChan, flags, callback) {
+    Assert.equal(oldChan.URI.hostPort, newChan.URI.hostPort);
+    Assert.equal(oldChan.URI.scheme, "http");
+    Assert.equal(newChan.URI.scheme, "https");
+    callback.onRedirectVerifyCallback(Cr.NS_OK);
+  }
+}
+
+EventSinkListener.prototype.QueryInterface = ChromeUtils.generateQI([
+  "nsIInterfaceRequestor",
+  "nsIChannelEventSink",
+]);
+
+// Test if the request is upgraded to https with a HTTPSSVC record.
+add_task(async function testUseHTTPSSVCAsHSTS() {
+  Services.dns.clearCache(true);
+  // Do DNS resolution before creating the channel, so the HTTPSSVC record will
+  // be resolved from the cache.
+  await new TRRDNSListener("test.httpssvc.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  // Since the HTTPS RR should be served from cache, the DNS record is available
+  // before nsHttpChannel::MaybeUseHTTPSRRForUpgrade() is called.
+  let chan = makeChan(`http://test.httpssvc.com:80/server-timing`);
+  let listener = new EventSinkListener();
+  chan.notificationCallbacks = listener;
+
+  let [req] = await channelOpenPromise(chan);
+
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
+
+  chan = makeChan(`http://test.httpssvc.com:80/server-timing`);
+  listener = new EventSinkListener();
+  chan.notificationCallbacks = listener;
+
+  [req] = await channelOpenPromise(chan);
+
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
+});
+
+// Test the case that we got an invalid DNS response. In this case,
+// nsHttpChannel::OnHTTPSRRAvailable is called after
+// nsHttpChannel::MaybeUseHTTPSRRForUpgrade.
+add_task(async function testInvalidDNSResult() {
+  Services.dns.clearCache(true);
+
+  let httpserv = new HttpServer();
+  let content = "ok";
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    response.setHeader("Content-Length", `${content.length}`);
+    response.bodyOutputStream.write(content, content.length);
+  });
+  httpserv.start(-1);
+  httpserv.identity.setPrimary(
+    "http",
+    "foo.notexisted.com",
+    httpserv.identity.primaryPort
+  );
+
+  let chan = makeChan(
+    `http://foo.notexisted.com:${httpserv.identity.primaryPort}/`
+  );
+  let [, response] = await channelOpenPromise(chan);
+  Assert.equal(response, content);
+  await new Promise(resolve => httpserv.stop(resolve));
+});
+
+// The same test as above, but nsHttpChannel::MaybeUseHTTPSRRForUpgrade is
+// called after nsHttpChannel::OnHTTPSRRAvailable.
+add_task(async function testInvalidDNSResult1() {
+  Services.dns.clearCache(true);
+
+  let httpserv = new HttpServer();
+  let content = "ok";
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    response.setHeader("Content-Length", `${content.length}`);
+    response.bodyOutputStream.write(content, content.length);
+  });
+  httpserv.start(-1);
+  httpserv.identity.setPrimary(
+    "http",
+    "foo.notexisted.com",
+    httpserv.identity.primaryPort
+  );
+
+  let chan = makeChan(
+    `http://foo.notexisted.com:${httpserv.identity.primaryPort}/`
+  );
+
+  let topic = "http-on-modify-request";
+  let observer = {
+    QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+    observe(aSubject, aTopic, aData) {
+      if (aTopic == topic) {
+        Services.obs.removeObserver(observer, topic);
+        let channel = aSubject.QueryInterface(Ci.nsIChannel);
+        channel.suspend();
+
+        new TRRDNSListener("foo.notexisted.com", {
+          type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+          expectedSuccess: false,
+        }).then(() => channel.resume());
+      }
+    },
+  };
+
+  let [, response] = await channelOpenPromise(chan, 0, observer);
+  Assert.equal(response, content);
+  await new Promise(resolve => httpserv.stop(resolve));
+});
+
+add_task(async function testLiteralIP() {
+  let httpserv = new HttpServer();
+  let content = "ok";
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    response.setHeader("Content-Length", `${content.length}`);
+    response.bodyOutputStream.write(content, content.length);
+  });
+  httpserv.start(-1);
+
+  let chan = makeChan(`http://127.0.0.1:${httpserv.identity.primaryPort}/`);
+  let [, response] = await channelOpenPromise(chan);
+  Assert.equal(response, content);
+  await new Promise(resolve => httpserv.stop(resolve));
+});
+
+// Test the case that an HTTPS RR is available and the server returns a 307
+// for redirecting back to http.
+add_task(async function testEndlessUpgradeDowngrade() {
+  Services.dns.clearCache(true);
+
+  let httpserv = new HttpServer();
+  let content = "okok";
+  httpserv.start(-1);
+  let port = httpserv.identity.primaryPort;
+  httpserv.registerPathHandler(
+    `/redirect_to_http`,
+    function handler(metadata, response) {
+      response.setHeader("Content-Length", `${content.length}`);
+      response.bodyOutputStream.write(content, content.length);
+    }
+  );
+  httpserv.identity.setPrimary("http", "test.httpsrr.redirect.com", port);
+
+  let chan = makeChan(
+    `http://test.httpsrr.redirect.com:${port}/redirect_to_http?port=${port}`
+  );
+
+  let [, response] = await channelOpenPromise(chan);
+  Assert.equal(response, content);
+  await new Promise(resolve => httpserv.stop(resolve));
+});
+
+add_task(async function testHttpRequestBlocked() {
+  Services.dns.clearCache(true);
+
+  let dnsRequestObserver = {
+    register() {
+      this.obs = Services.obs;
+      this.obs.addObserver(this, "dns-resolution-request");
+    },
+    unregister() {
+      if (this.obs) {
+        this.obs.removeObserver(this, "dns-resolution-request");
+      }
+    },
+    observe(subject, topic, data) {
+      if (topic == "dns-resolution-request") {
+        Assert.ok(false, "unreachable");
+      }
+    },
+  };
+
+  dnsRequestObserver.register();
+  Services.prefs.setBoolPref("network.dns.notifyResolution", true);
+  Services.prefs.setBoolPref("network.dns.disablePrefetch", true);
+
+  let httpserv = new HttpServer();
+  httpserv.registerPathHandler("/", function handler(metadata, response) {
+    Assert.ok(false, "unreachable");
+  });
+  httpserv.start(-1);
+  httpserv.identity.setPrimary(
+    "http",
+    "foo.blocked.com",
+    httpserv.identity.primaryPort
+  );
+
+  let chan = makeChan(
+    `http://foo.blocked.com:${httpserv.identity.primaryPort}/`
+  );
+
+  let topic = "http-on-modify-request";
+  let observer = {
+    QueryInterface: ChromeUtils.generateQI(["nsIObserver"]),
+    observe(aSubject, aTopic, aData) {
+      if (aTopic == topic) {
+        Services.obs.removeObserver(observer, topic);
+        let channel = aSubject.QueryInterface(Ci.nsIChannel);
+        channel.cancel(Cr.NS_BINDING_ABORTED);
+      }
+    },
+  };
+
+  let [request] = await channelOpenPromise(chan, CL_EXPECT_FAILURE, observer);
+  request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(request.status, Cr.NS_BINDING_ABORTED);
+  dnsRequestObserver.unregister();
+  await new Promise(resolve => httpserv.stop(resolve));
+});
+
+function createPrincipal(url) {
+  return Services.scriptSecurityManager.createContentPrincipal(
+    Services.io.newURI(url),
+    {}
+  );
+}
+
+// Test if the Origin header stays the same after an internal HTTPS upgrade
+// caused by HTTPS RR.
+add_task(async function testHTTPSRRUpgradeWithOriginHeader() {
+  Services.dns.clearCache(true);
+
+  const url = "http://test.httpssvc.com:80/origin_header";
+  const originURL = "http://example.com";
+  let chan = Services.io
+    .newChannelFromURIWithProxyFlags(
+      Services.io.newURI(url),
+      null,
+      Ci.nsIProtocolProxyService.RESOLVE_ALWAYS_TUNNEL,
+      null,
+      createPrincipal(originURL),
+      createPrincipal(url),
+      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      Ci.nsIContentPolicy.TYPE_DOCUMENT
+    )
+    .QueryInterface(Ci.nsIHttpChannel);
+  chan.referrerInfo = new ReferrerInfo(
+    Ci.nsIReferrerInfo.EMPTY,
+    true,
+    NetUtil.newURI(url)
+  );
+  chan.setRequestHeader("Origin", originURL, false);
+
+  let [req, buf] = await channelOpenPromise(chan);
+
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
+  Assert.equal(buf, originURL);
+});
diff --git a/netwerk/test/unit/test_httpssvc_iphint.js b/netwerk/test/unit/test_httpssvc_iphint.js
new file mode 100644
index 0000000000..13d9a7e648
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_iphint.js
@@ -0,0 +1,350 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let h2Port;
+let trrServer;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+const { TestUtils } = ChromeUtils.importESModule(
+  "resource://testing-common/TestUtils.sys.mjs"
+);
+
+add_setup(async function setup() {
+  h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  trr_test_setup();
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+
+  registerCleanupFunction(async () => {
+    trr_clear_prefs();
+    Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+    Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+    Services.prefs.clearUserPref("network.dns.disablePrefetch");
+    await trrServer.stop();
+  });
+
+  if (mozinfo.socketprocess_networking) {
+    Services.dns; // Needed to trigger socket process.
+    await TestUtils.waitForCondition(() => Services.io.socketProcessLaunched);
+  }
+});
+
+// Test if IP hint addresses can be accessed as regular A/AAAA records.
+add_task(async function testStoreIPHint() {
+  trrServer = new TRRServer();
+  registerCleanupFunction(async () => {
+    await trrServer.stop();
+  });
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.IPHint.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.IPHint.com",
+        ttl: 999,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.IPHint.com",
+          values: [
+            { key: "alpn", value: ["h2", "h3"] },
+            { key: "port", value: 8888 },
+            { key: "ipv4hint", value: ["1.2.3.4", "5.6.7.8"] },
+            { key: "ipv6hint", value: ["::1", "fe80::794f:6d2c:3d5e:7836"] },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.IPHint.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  let answer = inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).records;
+  Assert.equal(inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).ttl, 999);
+  Assert.equal(answer[0].priority, 1);
+  Assert.equal(answer[0].name, "test.IPHint.com");
+  Assert.equal(answer[0].values.length, 4);
+  Assert.deepEqual(
+    answer[0].values[0].QueryInterface(Ci.nsISVCParamAlpn).alpn,
+    ["h2", "h3"],
+    "got correct answer"
+  );
+  Assert.equal(
+    answer[0].values[1].QueryInterface(Ci.nsISVCParamPort).port,
+    8888,
+    "got correct answer"
+  );
+  Assert.equal(
+    answer[0].values[2].QueryInterface(Ci.nsISVCParamIPv4Hint).ipv4Hint[0]
+      .address,
+    "1.2.3.4",
+    "got correct answer"
+  );
+  Assert.equal(
+    answer[0].values[2].QueryInterface(Ci.nsISVCParamIPv4Hint).ipv4Hint[1]
+      .address,
+    "5.6.7.8",
+    "got correct answer"
+  );
+  Assert.equal(
+    answer[0].values[3].QueryInterface(Ci.nsISVCParamIPv6Hint).ipv6Hint[0]
+      .address,
+    "::1",
+    "got correct answer"
+  );
+  Assert.equal(
+    answer[0].values[3].QueryInterface(Ci.nsISVCParamIPv6Hint).ipv6Hint[1]
+      .address,
+    "fe80::794f:6d2c:3d5e:7836",
+    "got correct answer"
+  );
+
+  async function verifyAnswer(domain, flags, expectedAddresses) {
+    // eslint-disable-next-line no-shadow
+    let { inRecord } = await new TRRDNSListener(domain, {
+      flags,
+      expectedSuccess: false,
+    });
+    Assert.ok(inRecord);
+    inRecord.QueryInterface(Ci.nsIDNSAddrRecord);
+    let addresses = [];
+    while (inRecord.hasMore()) {
+      addresses.push(inRecord.getNextAddrAsString());
+    }
+    Assert.deepEqual(addresses, expectedAddresses);
+    Assert.equal(inRecord.ttl, 999);
+  }
+
+  await verifyAnswer("test.IPHint.com", Ci.nsIDNSService.RESOLVE_IP_HINT, [
+    "1.2.3.4",
+    "5.6.7.8",
+    "::1",
+    "fe80::794f:6d2c:3d5e:7836",
+  ]);
+
+  await verifyAnswer(
+    "test.IPHint.com",
+    Ci.nsIDNSService.RESOLVE_IP_HINT | Ci.nsIDNSService.RESOLVE_DISABLE_IPV4,
+    ["::1", "fe80::794f:6d2c:3d5e:7836"]
+  );
+
+  await verifyAnswer(
+    "test.IPHint.com",
+    Ci.nsIDNSService.RESOLVE_IP_HINT | Ci.nsIDNSService.RESOLVE_DISABLE_IPV6,
+    ["1.2.3.4", "5.6.7.8"]
+  );
+
+  info("checking that IPv6 hints are ignored when disableIPv6 is true");
+  Services.prefs.setBoolPref("network.dns.disableIPv6", true);
+  await trrServer.registerDoHAnswers("testv6.IPHint.com", "HTTPS", {
+    answers: [
+      {
+        name: "testv6.IPHint.com",
+        ttl: 999,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "testv6.IPHint.com",
+          values: [
+            { key: "alpn", value: ["h2", "h3"] },
+            { key: "port", value: 8888 },
+            { key: "ipv4hint", value: ["1.2.3.4", "5.6.7.8"] },
+            { key: "ipv6hint", value: ["::1", "fe80::794f:6d2c:3d5e:7836"] },
+          ],
+        },
+      },
+    ],
+  });
+
+  ({ inRecord } = await new TRRDNSListener("testv6.IPHint.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+  Services.prefs.setBoolPref("network.dns.disableIPv6", false);
+
+  await verifyAnswer("testv6.IPHint.com", Ci.nsIDNSService.RESOLVE_IP_HINT, [
+    "1.2.3.4",
+    "5.6.7.8",
+  ]);
+
+  await verifyAnswer(
+    "testv6.IPHint.com",
+    Ci.nsIDNSService.RESOLVE_IP_HINT | Ci.nsIDNSService.RESOLVE_DISABLE_IPV6,
+    ["1.2.3.4", "5.6.7.8"]
+  );
+
+  await trrServer.stop();
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+// Test if we can connect to the server with the IP hint address.
+add_task(async function testConnectionWithIPHint() {
+  Services.dns.clearCache(true);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    "https://127.0.0.1:" + h2Port + "/httpssvc_use_iphint"
+  );
+
+  // Resolving test.iphint.com should be failed.
+  let { inStatus } = await new TRRDNSListener("test.iphint.com", {
+    expectedSuccess: false,
+  });
+  Assert.equal(
+    inStatus,
+    Cr.NS_ERROR_UNKNOWN_HOST,
+    "status is NS_ERROR_UNKNOWN_HOST"
+  );
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    true
+  );
+
+  // The connection should be succeeded since the IP hint is 127.0.0.1.
+  let chan = makeChan(`http://test.iphint.com:8080/server-timing`);
+  // Note that the partitionKey stored in DNS cache would be
+  // "%28https%2Ciphint.com%29". The http request to test.iphint.com will be
+  // upgraded to https and the ip hint address will be used by the https
+  // request in the end.
+  let [req] = await channelOpenPromise(chan);
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.getResponseHeader("x-connection-http2"), "yes");
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    false
+  );
+
+  await trrServer.stop();
+});
+
+// Test the case that we failed to use IP Hint address because DNS cache
+// is bypassed.
+add_task(async function testIPHintWithFreshDNS() {
+  trrServer = new TRRServer();
+  await trrServer.start();
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  // To make sure NS_HTTP_REFRESH_DNS not be cleared.
+  Services.prefs.setBoolPref("network.dns.disablePrefetch", true);
+
+  await trrServer.registerDoHAnswers("test.iphint.org", "HTTPS", {
+    answers: [
+      {
+        name: "test.iphint.org",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 0,
+          name: "svc.iphint.net",
+          values: [],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("svc.iphint.net", "HTTPS", {
+    answers: [
+      {
+        name: "svc.iphint.net",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "svc.iphint.net",
+          values: [
+            { key: "alpn", value: "h2" },
+            { key: "port", value: h2Port },
+            { key: "ipv4hint", value: "127.0.0.1" },
+          ],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.iphint.org", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  let answer = inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).records;
+  Assert.equal(answer[0].priority, 1);
+  Assert.equal(answer[0].name, "svc.iphint.net");
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    true
+  );
+
+  let chan = makeChan(`https://test.iphint.org/server-timing`);
+  chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  let [req] = await channelOpenPromise(
+    chan,
+    CL_EXPECT_FAILURE | CL_ALLOW_UNKNOWN_CL
+  );
+  // Failed because there no A record for "svc.iphint.net".
+  Assert.equal(req.status, Cr.NS_ERROR_UNKNOWN_HOST);
+
+  await trrServer.registerDoHAnswers("svc.iphint.net", "A", {
+    answers: [
+      {
+        name: "svc.iphint.net",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  chan = makeChan(`https://test.iphint.org/server-timing`);
+  chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  [req] = await channelOpenPromise(chan);
+  Assert.equal(req.protocolVersion, "h2");
+  let internal = req.QueryInterface(Ci.nsIHttpChannelInternal);
+  Assert.equal(internal.remotePort, h2Port);
+
+  certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+    false
+  );
+  await trrServer.stop();
+});
diff --git a/netwerk/test/unit/test_httpssvc_priority.js b/netwerk/test/unit/test_httpssvc_priority.js
new file mode 100644
index 0000000000..401e23f85c
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_priority.js
@@ -0,0 +1,125 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+trr_test_setup();
+registerCleanupFunction(async () => {
+  trr_clear_prefs();
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+});
+
+add_task(async function testPriorityAndECHConfig() {
+  let trrServer = new TRRServer();
+  registerCleanupFunction(async () => {
+    await trrServer.stop();
+  });
+  await trrServer.start();
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", false);
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  await trrServer.registerDoHAnswers("test.priority.com", "HTTPS", {
+    answers: [
+      {
+        name: "test.priority.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "test.p1.com",
+          values: [{ key: "alpn", value: ["h2", "h3"] }],
+        },
+      },
+      {
+        name: "test.priority.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 4,
+          name: "test.p4.com",
+          values: [{ key: "echconfig", value: "456..." }],
+        },
+      },
+      {
+        name: "test.priority.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 3,
+          name: "test.p3.com",
+          values: [{ key: "ipv4hint", value: "1.2.3.4" }],
+        },
+      },
+      {
+        name: "test.priority.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 2,
+          name: "test.p2.com",
+          values: [{ key: "echconfig", value: "123..." }],
+        },
+      },
+    ],
+  });
+
+  let { inRecord } = await new TRRDNSListener("test.priority.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  let answer = inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).records;
+  Assert.equal(answer.length, 4);
+
+  Assert.equal(answer[0].priority, 1);
+  Assert.equal(answer[0].name, "test.p1.com");
+
+  Assert.equal(answer[1].priority, 2);
+  Assert.equal(answer[1].name, "test.p2.com");
+
+  Assert.equal(answer[2].priority, 3);
+  Assert.equal(answer[2].name, "test.p3.com");
+
+  Assert.equal(answer[3].priority, 4);
+  Assert.equal(answer[3].name, "test.p4.com");
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.dns.clearCache(true);
+  ({ inRecord } = await new TRRDNSListener("test.priority.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  }));
+
+  answer = inRecord.QueryInterface(Ci.nsIDNSHTTPSSVCRecord).records;
+  Assert.equal(answer.length, 4);
+
+  Assert.equal(answer[0].priority, 2);
+  Assert.equal(answer[0].name, "test.p2.com");
+  Assert.equal(
+    answer[0].values[0].QueryInterface(Ci.nsISVCParamEchConfig).echconfig,
+    "123...",
+    "got correct answer"
+  );
+
+  Assert.equal(answer[1].priority, 4);
+  Assert.equal(answer[1].name, "test.p4.com");
+  Assert.equal(
+    answer[1].values[0].QueryInterface(Ci.nsISVCParamEchConfig).echconfig,
+    "456...",
+    "got correct answer"
+  );
+
+  Assert.equal(answer[2].priority, 1);
+  Assert.equal(answer[2].name, "test.p1.com");
+
+  Assert.equal(answer[3].priority, 3);
+  Assert.equal(answer[3].name, "test.p3.com");
+});
diff --git a/netwerk/test/unit/test_httpssvc_retry_with_ech.js b/netwerk/test/unit/test_httpssvc_retry_with_ech.js
new file mode 100644
index 0000000000..c261e29c70
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_retry_with_ech.js
@@ -0,0 +1,511 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+var { setTimeout } = ChromeUtils.importESModule(
+  "resource://gre/modules/Timer.sys.mjs"
+);
+
+let trrServer;
+let h3Port;
+let h3EchConfig;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+function checkSecurityInfo(chan, expectPrivateDNS, expectAcceptedECH) {
+  let securityInfo = chan.securityInfo;
+  Assert.equal(
+    securityInfo.isAcceptedEch,
+    expectAcceptedECH,
+    "ECH Status == Expected Status"
+  );
+  Assert.equal(
+    securityInfo.usedPrivateDNS,
+    expectPrivateDNS,
+    "Private DNS Status == Expected Status"
+  );
+}
+
+add_setup(async function setup() {
+  // Allow telemetry probes which may otherwise be disabled for some
+  // applications (e.g. Thunderbird).
+  Services.prefs.setBoolPref(
+    "toolkit.telemetry.testing.overrideProductsCheck",
+    true
+  );
+
+  trr_test_setup();
+
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+  Services.prefs.setBoolPref("network.dns.http3_echconfig.enabled", true);
+  Services.prefs.setIntPref("network.http.speculative-parallel-limit", 0);
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRONLY);
+
+  await asyncStartTLSTestServer(
+    "EncryptedClientHelloServer",
+    "../../../security/manager/ssl/tests/unit/test_encrypted_client_hello"
+  );
+
+  h3Port = Services.env.get("MOZHTTP3_PORT_ECH");
+  Assert.notEqual(h3Port, null);
+  Assert.notEqual(h3Port, "");
+
+  h3EchConfig = Services.env.get("MOZHTTP3_ECH");
+  Assert.notEqual(h3EchConfig, null);
+  Assert.notEqual(h3EchConfig, "");
+});
+
+registerCleanupFunction(async () => {
+  trr_clear_prefs();
+  Services.prefs.clearUserPref("network.trr.mode");
+  Services.prefs.clearUserPref("network.trr.uri");
+  Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+  Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+  Services.prefs.clearUserPref("network.dns.http3_echconfig.enabled");
+  Services.prefs.clearUserPref(
+    "network.dns.echconfig.fallback_to_origin_when_all_failed"
+  );
+  Services.prefs.clearUserPref("network.http.speculative-parallel-limit");
+  Services.prefs.clearUserPref("network.dns.port_prefixed_qname_https_rr");
+  Services.prefs.clearUserPref("security.tls.ech.grease_http3");
+  Services.prefs.clearUserPref("security.tls.ech.grease_probability");
+  if (trrServer) {
+    await trrServer.stop();
+  }
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+      resolve([req, buffer]);
+    }
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      true
+    );
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+function ActivityObserver() {}
+
+ActivityObserver.prototype = {
+  activites: [],
+  observeConnectionActivity(
+    aHost,
+    aPort,
+    aSSL,
+    aHasECH,
+    aIsHttp3,
+    aActivityType,
+    aActivitySubtype,
+    aTimestamp,
+    aExtraStringData
+  ) {
+    dump(
+      "*** Connection Activity 0x" +
+        aActivityType.toString(16) +
+        " 0x" +
+        aActivitySubtype.toString(16) +
+        " " +
+        aExtraStringData +
+        "\n"
+    );
+    this.activites.push({ host: aHost, subType: aActivitySubtype });
+  },
+};
+
+function checkHttpActivities(activites, expectECH) {
+  let foundDNSAndSocket = false;
+  let foundSettingECH = false;
+  let foundConnectionCreated = false;
+  for (let activity of activites) {
+    switch (activity.subType) {
+      case Ci.nsIHttpActivityObserver.ACTIVITY_SUBTYPE_DNSANDSOCKET_CREATED:
+      case Ci.nsIHttpActivityObserver
+        .ACTIVITY_SUBTYPE_SPECULATIVE_DNSANDSOCKET_CREATED:
+        foundDNSAndSocket = true;
+        break;
+      case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_ECH_SET:
+        foundSettingECH = true;
+        break;
+      case Ci.nsIHttpActivityDistributor.ACTIVITY_SUBTYPE_CONNECTION_CREATED:
+        foundConnectionCreated = true;
+        break;
+      default:
+        break;
+    }
+  }
+
+  Assert.equal(foundDNSAndSocket, true, "Should have one DnsAndSock created");
+  Assert.equal(foundSettingECH, expectECH, "Should have echConfig");
+  Assert.equal(
+    foundConnectionCreated,
+    true,
+    "Should have one connection created"
+  );
+}
+
+add_task(async function testConnectWithECH() {
+  const ECH_CONFIG_FIXED =
+    "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  let observerService = Cc[
+    "@mozilla.org/network/http-activity-distributor;1"
+  ].getService(Ci.nsIHttpActivityDistributor);
+  let observer = new ActivityObserver();
+  observerService.addObserver(observer);
+  observerService.observeConnection = true;
+
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  // Only the last record is valid to use.
+  await trrServer.registerDoHAnswers("ech-private.example.com", "HTTPS", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "ech-private.example.com",
+          values: [
+            { key: "alpn", value: "http/1.1" },
+            { key: "port", value: 8443 },
+            {
+              key: "echconfig",
+              value: ECH_CONFIG_FIXED,
+              needBase64Decode: true,
+            },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("ech-private.example.com", "A", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("ech-private.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  HandshakeTelemetryHelpers.resetHistograms();
+  let chan = makeChan(`https://ech-private.example.com`);
+  await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  checkSecurityInfo(chan, true, true);
+  // Only check telemetry if network process is disabled.
+  if (!mozinfo.socketprocess_networking) {
+    HandshakeTelemetryHelpers.checkSuccess(["", "_ECH", "_FIRST_TRY"]);
+    HandshakeTelemetryHelpers.checkEmpty(["_CONSERVATIVE", "_ECH_GREASE"]);
+  }
+
+  await trrServer.stop();
+  observerService.removeObserver(observer);
+  observerService.observeConnection = false;
+
+  let filtered = observer.activites.filter(
+    activity => activity.host === "ech-private.example.com"
+  );
+  checkHttpActivities(filtered, true);
+});
+
+add_task(async function testEchRetry() {
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+
+  Services.dns.clearCache(true);
+
+  const ECH_CONFIG_TRUSTED_RETRY =
+    "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAMAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+
+  // Only the last record is valid to use.
+  await trrServer.registerDoHAnswers("ech-private.example.com", "HTTPS", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: "ech-private.example.com",
+          values: [
+            { key: "alpn", value: "http/1.1" },
+            { key: "port", value: 8443 },
+            {
+              key: "echconfig",
+              value: ECH_CONFIG_TRUSTED_RETRY,
+              needBase64Decode: true,
+            },
+          ],
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("ech-private.example.com", "A", {
+    answers: [
+      {
+        name: "ech-private.example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("ech-private.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+
+  HandshakeTelemetryHelpers.resetHistograms();
+  let chan = makeChan(`https://ech-private.example.com`);
+  await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  checkSecurityInfo(chan, true, true);
+  // Only check telemetry if network process is disabled.
+  if (!mozinfo.socketprocess_networking) {
+    for (let hName of ["SSL_HANDSHAKE_RESULT", "SSL_HANDSHAKE_RESULT_ECH"]) {
+      let h = Services.telemetry.getHistogramById(hName);
+      HandshakeTelemetryHelpers.assertHistogramMap(
+        h.snapshot(),
+        new Map([
+          ["0", 1],
+          ["188", 1],
+        ])
+      );
+    }
+    HandshakeTelemetryHelpers.checkEntry(["_FIRST_TRY"], 188, 1);
+    HandshakeTelemetryHelpers.checkEmpty(["_CONSERVATIVE", "_ECH_GREASE"]);
+  }
+
+  await trrServer.stop();
+});
+
+async function H3ECHTest(
+  echConfig,
+  expectedHistKey,
+  expectedHistEntries,
+  advertiseECH
+) {
+  Services.dns.clearCache(true);
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  /* eslint-disable mozilla/no-arbitrary-setTimeout */
+  await new Promise(resolve => setTimeout(resolve, 1000));
+  resetEchTelemetry();
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref("network.dns.port_prefixed_qname_https_rr", true);
+
+  let observerService = Cc[
+    "@mozilla.org/network/http-activity-distributor;1"
+  ].getService(Ci.nsIHttpActivityDistributor);
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  let observer = new ActivityObserver();
+  observerService.addObserver(observer);
+  observerService.observeConnection = true;
+  // Clear activities for past connections
+  observer.activites = [];
+
+  let portPrefixedName = `_${h3Port}._https.public.example.com`;
+  let vals = [
+    { key: "alpn", value: "h3-29" },
+    { key: "port", value: h3Port },
+  ];
+  if (advertiseECH) {
+    vals.push({
+      key: "echconfig",
+      value: echConfig,
+      needBase64Decode: true,
+    });
+  }
+  // Only the last record is valid to use.
+
+  await trrServer.registerDoHAnswers(portPrefixedName, "HTTPS", {
+    answers: [
+      {
+        name: portPrefixedName,
+        ttl: 55,
+        type: "HTTPS",
+        flush: false,
+        data: {
+          priority: 1,
+          name: ".",
+          values: vals,
+        },
+      },
+    ],
+  });
+
+  await trrServer.registerDoHAnswers("public.example.com", "A", {
+    answers: [
+      {
+        name: "public.example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("public.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+    port: h3Port,
+  });
+
+  let chan = makeChan(`https://public.example.com:${h3Port}`);
+  let [req] = await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.protocolVersion, "h3-29");
+  checkSecurityInfo(chan, true, advertiseECH);
+
+  await trrServer.stop();
+
+  observerService.removeObserver(observer);
+  observerService.observeConnection = false;
+
+  let filtered = observer.activites.filter(
+    activity => activity.host === "public.example.com"
+  );
+  checkHttpActivities(filtered, advertiseECH);
+  await checkEchTelemetry(expectedHistKey, expectedHistEntries);
+}
+
+function resetEchTelemetry() {
+  Services.telemetry.getKeyedHistogramById("HTTP3_ECH_OUTCOME").clear();
+}
+
+async function checkEchTelemetry(histKey, histEntries) {
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  /* eslint-disable mozilla/no-arbitrary-setTimeout */
+  await new Promise(resolve => setTimeout(resolve, 1000));
+  let values = Services.telemetry
+    .getKeyedHistogramById("HTTP3_ECH_OUTCOME")
+    .snapshot()[histKey];
+  if (!mozinfo.socketprocess_networking) {
+    HandshakeTelemetryHelpers.assertHistogramMap(values, histEntries);
+  }
+}
+
+add_task(async function testH3WithNoEch() {
+  Services.prefs.setBoolPref("security.tls.ech.grease_http3", false);
+  Services.prefs.setIntPref("security.tls.ech.grease_probability", 0);
+  await H3ECHTest(
+    h3EchConfig,
+    "NONE",
+    new Map([
+      ["0", 1],
+      ["1", 0],
+    ]),
+    false
+  );
+});
+
+add_task(async function testH3WithECH() {
+  await H3ECHTest(
+    h3EchConfig,
+    "REAL",
+    new Map([
+      ["0", 1],
+      ["1", 0],
+    ]),
+    true
+  );
+});
+
+add_task(async function testH3WithGreaseEch() {
+  Services.prefs.setBoolPref("security.tls.ech.grease_http3", true);
+  Services.prefs.setIntPref("security.tls.ech.grease_probability", 100);
+  await H3ECHTest(
+    h3EchConfig,
+    "GREASE",
+    new Map([
+      ["0", 1],
+      ["1", 0],
+    ]),
+    false
+  );
+});
+
+add_task(async function testH3WithECHRetry() {
+  Services.dns.clearCache(true);
+  Services.obs.notifyObservers(null, "net:cancel-all-connections");
+  // eslint-disable-next-line mozilla/no-arbitrary-setTimeout
+  await new Promise(resolve => setTimeout(resolve, 1000));
+
+  function base64ToArray(base64) {
+    var binary_string = atob(base64);
+    var len = binary_string.length;
+    var bytes = new Uint8Array(len);
+    for (var i = 0; i < len; i++) {
+      bytes[i] = binary_string.charCodeAt(i);
+    }
+    return bytes;
+  }
+
+  let decodedConfig = base64ToArray(h3EchConfig);
+  decodedConfig[6] ^= 0x94;
+  let encoded = btoa(String.fromCharCode.apply(null, decodedConfig));
+  await H3ECHTest(
+    encoded,
+    "REAL",
+    new Map([
+      ["0", 1],
+      ["1", 1],
+    ]),
+    true
+  );
+});
diff --git a/netwerk/test/unit/test_httpssvc_retry_without_ech.js b/netwerk/test/unit/test_httpssvc_retry_without_ech.js
new file mode 100644
index 0000000000..4503c00504
--- /dev/null
+++ b/netwerk/test/unit/test_httpssvc_retry_without_ech.js
@@ -0,0 +1,138 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+let trrServer;
+
+const certOverrideService = Cc[
+  "@mozilla.org/security/certoverride;1"
+].getService(Ci.nsICertOverrideService);
+
+add_setup(async function setup() {
+  trr_test_setup();
+
+  Services.prefs.setIntPref("network.trr.mode", Ci.nsIDNSService.MODE_TRRFIRST);
+  Services.prefs.setBoolPref("network.dns.upgrade_with_https_rr", true);
+  Services.prefs.setBoolPref("network.dns.use_https_rr_as_altsvc", true);
+  Services.prefs.setBoolPref("network.dns.echconfig.enabled", true);
+
+  // An arbitrary, non-ECH server.
+  await asyncStartTLSTestServer(
+    "DelegatedCredentialsServer",
+    "../../../security/manager/ssl/tests/unit/test_delegated_credentials"
+  );
+
+  let nssComponent = Cc["@mozilla.org/psm;1"].getService(Ci.nsINSSComponent);
+  await nssComponent.asyncClearSSLExternalAndInternalSessionCache();
+});
+
+registerCleanupFunction(async () => {
+  trr_clear_prefs();
+  Services.prefs.clearUserPref("network.dns.upgrade_with_https_rr");
+  Services.prefs.clearUserPref("network.dns.use_https_rr_as_altsvc");
+  Services.prefs.clearUserPref("network.dns.echconfig.enabled");
+  Services.prefs.clearUserPref(
+    "network.dns.echconfig.fallback_to_origin_when_all_failed"
+  );
+  if (trrServer) {
+    await trrServer.stop();
+  }
+});
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+    contentPolicyType: Ci.nsIContentPolicy.TYPE_DOCUMENT,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+        false
+      );
+      resolve([req, buffer]);
+    }
+    certOverrideService.setDisableAllSecurityChecksAndLetAttackersInterceptMyData(
+      false
+    );
+    let internal = chan.QueryInterface(Ci.nsIHttpChannelInternal);
+    internal.setWaitForHTTPSSVCRecord();
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+add_task(async function testRetryWithoutECH() {
+  const ECH_CONFIG_FIXED =
+    "AEn+DQBFTQAgACCKB1Y5SfrGIyk27W82xPpzWTDs3q72c04xSurDWlb9CgAEAAEAA2QWZWNoLXB1YmxpYy5leGFtcGxlLmNvbQAA";
+  trrServer = new TRRServer();
+  await trrServer.start();
+
+  Services.prefs.setIntPref("network.trr.mode", 3);
+  Services.prefs.setCharPref(
+    "network.trr.uri",
+    `https://foo.example.com:${trrServer.port()}/dns-query`
+  );
+  Services.prefs.setBoolPref(
+    "network.dns.echconfig.fallback_to_origin_when_all_failed",
+    true
+  );
+
+  // Only the last record is valid to use.
+  await trrServer.registerDoHAnswers(
+    "delegated-disabled.example.com",
+    "HTTPS",
+    {
+      answers: [
+        {
+          name: "delegated-disabled.example.com",
+          ttl: 55,
+          type: "HTTPS",
+          flush: false,
+          data: {
+            priority: 1,
+            name: "delegated-disabled.example.com",
+            values: [
+              {
+                key: "echconfig",
+                value: ECH_CONFIG_FIXED,
+                needBase64Decode: true,
+              },
+            ],
+          },
+        },
+      ],
+    }
+  );
+
+  await trrServer.registerDoHAnswers("delegated-disabled.example.com", "A", {
+    answers: [
+      {
+        name: "delegated-disabled.example.com",
+        ttl: 55,
+        type: "A",
+        flush: false,
+        data: "127.0.0.1",
+      },
+    ],
+  });
+
+  await new TRRDNSListener("delegated-disabled.example.com", {
+    type: Ci.nsIDNSService.RESOLVE_TYPE_HTTPSSVC,
+  });
+
+  let chan = makeChan(`https://delegated-disabled.example.com:8443`);
+  await channelOpenPromise(chan, CL_ALLOW_UNKNOWN_CL);
+  let securityInfo = chan.securityInfo;
+
+  Assert.ok(
+    !securityInfo.isAcceptedEch,
+    "This host should not have accepted ECH"
+  );
+  await trrServer.stop();
+});
diff --git a/netwerk/test/unit/test_httpsuspend.js b/netwerk/test/unit/test_httpsuspend.js
new file mode 100644
index 0000000000..581caf906e
--- /dev/null
+++ b/netwerk/test/unit/test_httpsuspend.js
@@ -0,0 +1,86 @@
+// This file ensures that suspending a channel directly after opening it
+// suspends future notifications correctly.
+
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+ChromeUtils.defineLazyGetter(this, "URL", function () {
+  return "http://localhost:" + httpserv.identity.primaryPort;
+});
+
+const MIN_TIME_DIFFERENCE = 3000;
+const RESUME_DELAY = 5000;
+
+var listener = {
+  _lastEvent: 0,
+  _gotData: false,
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest(request) {
+    this._lastEvent = Date.now();
+    request.QueryInterface(Ci.nsIRequest);
+
+    // Insert a delay between this and the next callback to ensure message buffering
+    // works correctly
+    request.suspend();
+    request.suspend();
+    do_timeout(RESUME_DELAY, function () {
+      request.resume();
+    });
+    do_timeout(RESUME_DELAY + 1000, function () {
+      request.resume();
+    });
+  },
+
+  onDataAvailable(request, stream, offset, count) {
+    Assert.ok(Date.now() - this._lastEvent >= MIN_TIME_DIFFERENCE);
+    read_stream(stream, count);
+
+    // Ensure that suspending and resuming inside a callback works correctly
+    request.suspend();
+    request.suspend();
+    request.resume();
+    request.resume();
+
+    this._gotData = true;
+  },
+
+  onStopRequest(request, status) {
+    Assert.ok(this._gotData);
+    httpserv.stop(do_test_finished);
+  },
+};
+
+function makeChan(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var httpserv = null;
+
+function run_test() {
+  httpserv = new HttpServer();
+  httpserv.registerPathHandler("/woo", data);
+  httpserv.start(-1);
+
+  var chan = makeChan(URL + "/woo");
+  chan.QueryInterface(Ci.nsIRequest);
+  chan.asyncOpen(listener);
+
+  do_test_pending();
+}
+
+function data(metadata, response) {
+  let httpbody = "0123456789";
+  response.setHeader("Content-Type", "text/plain", false);
+  response.bodyOutputStream.write(httpbody, httpbody.length);
+}
diff --git a/netwerk/test/unit/test_idn_blacklist.js b/netwerk/test/unit/test_idn_blacklist.js
new file mode 100644
index 0000000000..565407ac3b
--- /dev/null
+++ b/netwerk/test/unit/test_idn_blacklist.js
@@ -0,0 +1,168 @@
+// Test that URLs containing characters in the IDN blacklist are
+// always displayed as punycode
+
+"use strict";
+
+const testcases = [
+  //  Original  Punycode or
+  //            normalized form
+  //
+  ["\u00BC", "xn--14-c6t"],
+  ["\u00BD", "xn--12-c6t"],
+  ["\u00BE", "xn--34-c6t"],
+  ["\u01C3", "xn--ija"],
+  ["\u02D0", "xn--6qa"],
+  ["\u0337", "xn--4ta"],
+  ["\u0338", "xn--5ta"],
+  ["\u0589", "xn--3bb"],
+  ["\u05C3", "xn--rdb"],
+  ["\u05F4", "xn--5eb"],
+  ["\u0609", "xn--rfb"],
+  ["\u060A", "xn--sfb"],
+  ["\u066A", "xn--jib"],
+  ["\u06D4", "xn--klb"],
+  ["\u0701", "xn--umb"],
+  ["\u0702", "xn--vmb"],
+  ["\u0703", "xn--wmb"],
+  ["\u0704", "xn--xmb"],
+  ["\u115F", "xn--osd"],
+  ["\u1160", "xn--psd"],
+  ["\u1735", "xn--d0e"],
+  ["\u2027", "xn--svg"],
+  ["\u2028", "xn--tvg"],
+  ["\u2029", "xn--uvg"],
+  ["\u2039", "xn--bwg"],
+  ["\u203A", "xn--cwg"],
+  ["\u2041", "xn--jwg"],
+  ["\u2044", "xn--mwg"],
+  ["\u2052", "xn--0wg"],
+  ["\u2153", "xn--13-c6t"],
+  ["\u2154", "xn--23-c6t"],
+  ["\u2155", "xn--15-c6t"],
+  ["\u2156", "xn--25-c6t"],
+  ["\u2157", "xn--35-c6t"],
+  ["\u2158", "xn--45-c6t"],
+  ["\u2159", "xn--16-c6t"],
+  ["\u215A", "xn--56-c6t"],
+  ["\u215B", "xn--18-c6t"],
+  ["\u215C", "xn--38-c6t"],
+  ["\u215D", "xn--58-c6t"],
+  ["\u215E", "xn--78-c6t"],
+  ["\u215F", "xn--1-zjn"],
+  ["\u2215", "xn--w9g"],
+  ["\u2236", "xn--ubh"],
+  ["\u23AE", "xn--lmh"],
+  ["\u2571", "xn--hzh"],
+  ["\u29F6", "xn--jxi"],
+  ["\u29F8", "xn--lxi"],
+  ["\u2AFB", "xn--z4i"],
+  ["\u2AFD", "xn--14i"],
+  ["\u2FF0", "xn--85j"],
+  ["\u2FF1", "xn--95j"],
+  ["\u2FF2", "xn--b6j"],
+  ["\u2FF3", "xn--c6j"],
+  ["\u2FF4", "xn--d6j"],
+  ["\u2FF5", "xn--e6j"],
+  ["\u2FF6", "xn--f6j"],
+  ["\u2FF7", "xn--g6j"],
+  ["\u2FF8", "xn--h6j"],
+  ["\u2FF9", "xn--i6j"],
+  ["\u2FFA", "xn--j6j"],
+  ["\u2FFB", "xn--k6j"],
+  ["\u3014", "xn--96j"],
+  ["\u3015", "xn--b7j"],
+  ["\u3033", "xn--57j"],
+  ["\u3164", "xn--psd"],
+  ["\u321D", "xn--()-357j35d"],
+  ["\u321E", "xn--()-357jf36c"],
+  ["\u33AE", "xn--rads-id9a"],
+  ["\u33AF", "xn--rads2-4d6b"],
+  ["\u33C6", "xn--ckg-tc2a"],
+  ["\u33DF", "xn--am-6bv"],
+  ["\uA789", "xn--058a"],
+  ["\uFE3F", "xn--x6j"],
+  ["\uFE5D", "xn--96j"],
+  ["\uFE5E", "xn--b7j"],
+  ["\uFFA0", "xn--psd"],
+  ["\uFFF9", "xn--vn7c"],
+  ["\uFFFA", "xn--wn7c"],
+  ["\uFFFB", "xn--xn7c"],
+  ["\uFFFC", "xn--yn7c"],
+  ["\uFFFD", "xn--zn7c"],
+
+  // Characters from the IDN blacklist that normalize to ASCII
+  // If we start using STD3ASCIIRules these will be blocked (bug 316444)
+  ["\u00A0", " "],
+  ["\u2000", " "],
+  ["\u2001", " "],
+  ["\u2002", " "],
+  ["\u2003", " "],
+  ["\u2004", " "],
+  ["\u2005", " "],
+  ["\u2006", " "],
+  ["\u2007", " "],
+  ["\u2008", " "],
+  ["\u2009", " "],
+  ["\u200A", " "],
+  ["\u2024", "."],
+  ["\u202F", " "],
+  ["\u205F", " "],
+  ["\u3000", " "],
+  ["\u3002", "."],
+  ["\uFE14", ";"],
+  ["\uFE15", "!"],
+  ["\uFF0E", "."],
+  ["\uFF0F", "/"],
+  ["\uFF61", "."],
+
+  // Characters from the IDN blacklist that are stripped by Nameprep
+  ["\u200B", ""],
+  ["\uFEFF", ""],
+];
+
+function run_test() {
+  var pbi = Services.prefs;
+  var oldProfile = pbi.getCharPref(
+    "network.IDN.restriction_profile",
+    "moderate"
+  );
+  var idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+
+  pbi.setCharPref("network.IDN.restriction_profile", "moderate");
+
+  for (var j = 0; j < testcases.length; ++j) {
+    var test = testcases[j];
+    var URL = test[0] + ".com";
+    var punycodeURL = test[1] + ".com";
+    var isASCII = {};
+
+    var result;
+    try {
+      result = idnService.convertToDisplayIDN(URL, isASCII);
+    } catch (e) {
+      result = ".com";
+    }
+    // If the punycode URL is equivalent to \ufffd.com (i.e. the
+    // blacklisted character has been replaced by a unicode
+    // REPLACEMENT CHARACTER, skip the test
+    if (result != "xn--zn7c.com") {
+      if (punycodeURL.substr(0, 4) == "xn--") {
+        // test convertToDisplayIDN with a Unicode URL and with a
+        //  Punycode URL if we have one
+        equal(escape(result), escape(punycodeURL));
+
+        result = idnService.convertToDisplayIDN(punycodeURL, isASCII);
+        equal(escape(result), escape(punycodeURL));
+      } else {
+        // The "punycode" URL isn't punycode. This happens in testcases
+        // where the Unicode URL has become normalized to an ASCII URL,
+        // so, even though expectedUnicode is true, the expected result
+        // is equal to punycodeURL
+        equal(escape(result), escape(punycodeURL));
+      }
+    }
+  }
+  pbi.setCharPref("network.IDN.restriction_profile", oldProfile);
+}
diff --git a/netwerk/test/unit/test_idn_spoof.js b/netwerk/test/unit/test_idn_spoof.js
new file mode 100644
index 0000000000..8512d3272e
--- /dev/null
+++ b/netwerk/test/unit/test_idn_spoof.js
@@ -0,0 +1,1052 @@
+// Copyright 2015 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+// https://source.chromium.org/chromium/chromium/src/+/main:LICENSE
+
+// Tests nsIIDNService
+// Imported from https://source.chromium.org/chromium/chromium/src/+/main:components/url_formatter/spoof_checks/idn_spoof_checker_unittest.cc;drc=e544837967287f956ba69af3b228b202e8e7cf1a
+
+"use strict";
+
+const idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+  Ci.nsIIDNService
+);
+
+const kSafe = 1;
+const kUnsafe = 2;
+const kInvalid = 3;
+
+// prettier-ignore
+let testCases = [
+  // No IDN
+  ["www.google.com", "www.google.com", kSafe],
+  ["www.google.com.", "www.google.com.", kSafe],
+  [".", ".", kSafe],
+  ["", "", kSafe],
+  // Invalid IDN
+  ["xn--example-.com", "xn--example-.com", kInvalid],
+  // IDN
+  // Hanzi (Traditional Chinese)
+  ["xn--1lq90ic7f1rc.cn", "\u5317\u4eac\u5927\u5b78.cn", kSafe],
+  // Hanzi ('video' in Simplified Chinese)
+  ["xn--cy2a840a.com", "\u89c6\u9891.com", kSafe],
+  // Hanzi + '123'
+  ["www.xn--123-p18d.com", "www.\u4e00123.com", kSafe],
+  // Hanzi + Latin : U+56FD is simplified
+  ["www.xn--hello-9n1hm04c.com", "www.hello\u4e2d\u56fd.com", kSafe],
+  // Kanji + Kana (Japanese)
+  ["xn--l8jvb1ey91xtjb.jp", "\u671d\u65e5\u3042\u3055\u3072.jp", kSafe],
+  // Katakana including U+30FC
+  ["xn--tckm4i2e.jp", "\u30b3\u30de\u30fc\u30b9.jp", kSafe],
+  ["xn--3ck7a7g.jp", "\u30ce\u30f3\u30bd.jp", kSafe],
+  // Katakana + Latin (Japanese)
+  ["xn--e-efusa1mzf.jp", "e\u30b3\u30de\u30fc\u30b9.jp", kSafe],
+  ["xn--3bkxe.jp", "\u30c8\u309a.jp", kSafe],
+  // Hangul (Korean)
+  ["www.xn--or3b17p6jjc.kr", "www.\uc804\uc790\uc815\ubd80.kr", kSafe],
+  // bcher (German)
+  ["xn--bcher-kva.de", "b\u00fccher.de", kSafe],
+  // a with diaeresis
+  ["www.xn--frgbolaget-q5a.se", "www.f\u00e4rgbolaget.se", kSafe],
+  // c-cedilla (French)
+  ["www.xn--alliancefranaise-npb.fr", "www.alliancefran\u00e7aise.fr", kSafe],
+  // caf'e with acute accent (French)
+  ["xn--caf-dma.fr", "caf\u00e9.fr", kSafe],
+  // c-cedillla and a with tilde (Portuguese)
+  ["xn--poema-9qae5a.com.br", "p\u00e3oema\u00e7\u00e3.com.br", kSafe],
+  // s with caron
+  ["xn--achy-f6a.com", "\u0161achy.com", kSafe],
+  ["xn--kxae4bafwg.gr", "\u03bf\u03c5\u03c4\u03bf\u03c0\u03af\u03b1.gr", kSafe],
+  // Eutopia + 123 (Greek)
+  ["xn---123-pldm0haj2bk.gr",     "\u03bf\u03c5\u03c4\u03bf\u03c0\u03af\u03b1-123.gr", kSafe],
+  // Cyrillic (Russian)
+  ["xn--n1aeec9b.r", "\u0442\u043e\u0440\u0442\u044b.r", kSafe],
+  // Cyrillic + 123 (Russian)
+  ["xn---123-45dmmc5f.r", "\u0442\u043e\u0440\u0442\u044b-123.r", kSafe],
+  // 'president' in Russian. Is a wholescript confusable, but allowed.
+  ["xn--d1abbgf6aiiy.xn--p1ai",     "\u043f\u0440\u0435\u0437\u0438\u0434\u0435\u043d\u0442.\u0440\u0444", kSafe],
+  // Arabic
+  ["xn--mgba1fmg.eg", "\u0627\u0641\u0644\u0627\u0645.eg", kSafe],
+  // Hebrew
+  ["xn--4dbib.he", "\u05d5\u05d0\u05d4.he", kSafe],
+  // Hebrew + Common
+  ["xn---123-ptf2c5c6bt.il", "\u05e2\u05d1\u05e8\u05d9\u05ea-123.il", kSafe],
+  // Thai
+  ["xn--12c2cc4ag3b4ccu.th",     "\u0e2a\u0e32\u0e22\u0e01\u0e32\u0e23\u0e1a\u0e34\u0e19.th", kSafe],
+  // Thai + Common
+  ["xn---123-9goxcp8c9db2r.th",     "\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22-123.th", kSafe],
+  // Devangari (Hindi)
+  ["www.xn--l1b6a9e1b7c.in", "www.\u0905\u0915\u094b\u0932\u093e.in", kSafe],
+  // Devanagari + Common
+  ["xn---123-kbjl2j0bl2k.in", "\u0939\u093f\u0928\u094d\u0926\u0940-123.in", kSafe],
+
+  // Block mixed numeric + numeric lookalike (12.com, using U+0577).
+  ["xn--1-xcc.com", "1\u0577.com", kUnsafe, "DISABLED"],
+
+  // Block mixed numeric lookalike + numeric (੨0.com, uses U+0A68).
+  ["xn--0-6ee.com", "\u0a680.com", kUnsafe],
+  // Block fully numeric lookalikes (৪੨.com using U+09EA and U+0A68).
+  ["xn--47b6w.com", "\u09ea\u0a68.com", kUnsafe],
+  // Block single script digit lookalikes (using three U+0A68 characters).
+  ["xn--qccaa.com", "\u0a68\u0a68\u0a68.com", kUnsafe, "DISABLED"],
+
+  // URL test with mostly numbers and one confusable character
+  // Georgian 'd' 4000.com
+  ["xn--4000-pfr.com", "\u10eb4000.com", kUnsafe, "DISABLED"],
+
+  // What used to be 5 Aspirational scripts in the earlier versions of UAX 31.
+  // UAX 31 does not define aspirational scripts any more.
+  // See http://www.unicode.org/reports/tr31/#Aspirational_Use_Scripts .
+  // Unified Canadian Syllabary
+  ["xn--dfe0tte.ca", "\u1456\u14c2\u14ef.ca", kUnsafe],
+  // Tifinagh
+  ["xn--4ljxa2bb4a6bxb.ma", "\u2d5c\u2d49\u2d3c\u2d49\u2d4f\u2d30\u2d56.ma", kUnsafe],
+  // Tifinagh with a disallowed character(U+2D6F)
+  ["xn--hmjzaby5d5f.ma", "\u2d5c\u2d49\u2d3c\u2d6f\u2d49\u2d4f.ma", kInvalid],
+
+  // Yi
+  ["xn--4o7a6e1x64c.cn", "\ua188\ua320\ua071\ua0b7.cn", kUnsafe],
+  // Mongolian - 'ordu' (place, camp)
+  ["xn--56ec8bp.cn", "\u1823\u1837\u1833\u1824.cn", kUnsafe],
+  // Mongolian with a disallowed character
+  ["xn--95e5de3ds.cn", "\u1823\u1837\u1804\u1833\u1824.cn", kUnsafe],
+  // Miao/Pollad
+  ["xn--2u0fpf0a.cn", "\U00016f04\U00016f62\U00016f59.cn", kUnsafe],
+
+  // Script mixing tests
+  // The following script combinations are allowed.
+  // HIGHLY_RESTRICTIVE with Latin limited to ASCII-Latin.
+  // ASCII-Latin + Japn (Kana + Han)
+  // ASCII-Latin + Kore (Hangul + Han)
+  // ASCII-Latin + Han + Bopomofo
+  // "paypl.com"
+  ["xn--paypl-g9d.com", "payp\u03b1l.com", kUnsafe],
+  // google.gr with Greek omicron and epsilon
+  ["xn--ggl-6xc1ca.gr", "g\u03bf\u03bfgl\u03b5.gr", kUnsafe],
+  // google.ru with Cyrillic o
+  ["xn--ggl-tdd6ba.r", "g\u043e\u043egl\u0435.r", kUnsafe],
+  // hllo.cn
+  ["xn--hllo-bpa7979ih5m.cn", "h\u00e9llo\u4e2d\u56fd.cn", kUnsafe, "DISABLED"],
+  // .ru
+  ["xn--2xa6t2b.r", "\u03c1\u0430\u0443.r", kUnsafe],
+  // Georgian + Latin
+  ["xn--abcef-vuu.test", "abc\u10ebef.test", kUnsafe],
+  // Hangul + Latin
+  ["xn--han-eb9ll88m.kr", "\ud55c\uae00han.kr", kSafe],
+  // Hangul + Latin + Han with IDN ccTLD
+  ["xn--han-or0kq92gkm3c.xn--3e0b707e", "\ud55c\uae00han\u97d3.\ud55c\uad6d", kSafe],
+  // non-ASCII Latin + Hangul
+  ["xn--caf-dma9024xvpg.kr", "caf\u00e9\uce74\ud398.kr", kUnsafe, "DISABLED"],
+  // Hangul + Hiragana
+  ["xn--y9j3b9855e.kr", "\ud55c\u3072\u3089.kr", kUnsafe],
+  // . is allowed because script mixing check is per label.
+  ["xn--y9j3b.xn--3e0b707e", "\u3072\u3089.\ud55c\uad6d", kSafe],
+  //  Traditional Han + Latin
+  ["xn--hanzi-u57ii69i.tw", "\u6f22\u5b57hanzi.tw", kSafe],
+  //  Simplified Han + Latin
+  ["xn--hanzi-u57i952h.cn", "\u6c49\u5b57hanzi.cn", kSafe],
+  // Simplified Han + Traditonal Han
+  ["xn--hanzi-if9kt8n.cn", "\u6c49\u6f22hanzi.cn", kSafe],
+  //  Han + Hiragana + Katakana + Latin
+  ["xn--kanji-ii4dpizfq59yuykqr4b.jp",     "\u632f\u308a\u4eee\u540d\u30ab\u30bfkanji.jp", kSafe],
+  // Han + Bopomofo
+  ["xn--5ekcde0577e87tc.tw", "\u6ce8\u97f3\u3105\u3106\u3107\u3108.tw", kSafe],
+  // Han + Latin + Bopomofo
+  ["xn--bopo-ty4cghi8509kk7xd.tw",     "\u6ce8\u97f3bopo\u3105\u3106\u3107\u3108.tw", kSafe],
+  // Latin + Bopomofo
+  ["xn--bopomofo-hj5gkalm.tw", "bopomofo\u3105\u3106\u3107\u3108.tw", kSafe],
+  // Bopomofo + Katakana
+  ["xn--lcka3d1bztghi.tw",     "\u3105\u3106\u3107\u3108\u30ab\u30bf\u30ab\u30ca.tw", kUnsafe],
+  //  Bopomofo + Hangul
+  ["xn--5ekcde4543qbec.tw", "\u3105\u3106\u3107\u3108\uc8fc\uc74c.tw", kUnsafe],
+  // Devanagari + Latin
+  ["xn--ab-3ofh8fqbj6h.in", "ab\u0939\u093f\u0928\u094d\u0926\u0940.in", kUnsafe],
+  // Thai + Latin
+  ["xn--ab-jsi9al4bxdb6n.th", "ab\u0e20\u0e32\u0e29\u0e32\u0e44\u0e17\u0e22.th", kUnsafe],
+  // Armenian + Latin
+  ["xn--bs-red.com", "b\u057ds.com", kUnsafe],
+  // Tibetan + Latin
+  ["xn--foo-vkm.com", "foo\u0f37.com", kUnsafe],
+  // Oriya + Latin
+  ["xn--fo-h3g.com", "fo\u0b66.com", kUnsafe],
+  // Gujarati + Latin
+  ["xn--fo-isg.com", "fo\u0ae6.com", kUnsafe],
+  // b1.com
+  ["xn--b1-xi4a7cvc9f.com", "\u30d3\u30bf\u30df\u30f3b1.com", kSafe],
+  // Devanagari + Han
+  ["xn--t2bes3ds6749n.com", "\u0930\u094b\u0932\u0947\u76e7\u0938.com", kUnsafe],
+  // Devanagari + Bengali
+  ["xn--11b0x.in", "\u0915\u0995.in", kUnsafe],
+  // Canadian Syllabary + Latin
+  ["xn--ab-lym.com", "ab\u14bf.com", kUnsafe],
+  ["xn--ab1-p6q.com", "ab1\u14bf.com", kUnsafe],
+  ["xn--1ab-m6qd.com", "\u14bf1ab\u14bf.com", kUnsafe],
+  ["xn--ab-jymc.com", "\u14bfab\u14bf.com", kUnsafe],
+  // Tifinagh + Latin
+  ["xn--liy-bq1b.com", "li\u2d4fy.com", kUnsafe],
+  ["xn--rol-cq1b.com", "rol\u2d4f.com", kUnsafe],
+  ["xn--ily-8p1b.com", "\u2d4fily.com", kUnsafe],
+  ["xn--1ly-8p1b.com", "\u2d4f1ly.com", kUnsafe],
+
+  // Invisibility check
+  // Thai tone mark malek(U+0E48) repeated
+  ["xn--03c0b3ca.th", "\u0e23\u0e35\u0e48\u0e48.th", kUnsafe],
+  // Accute accent repeated
+  ["xn--a-xbba.com", "a\u0301\u0301.com", kInvalid],
+  // 'a' with acuted accent + another acute accent
+  ["xn--1ca20i.com", "\u00e1\u0301.com", kUnsafe, "DISABLED"],
+  // Combining mark at the beginning
+  ["xn--abc-fdc.jp", "\u0300abc.jp", kInvalid],
+
+  // The following three are detected by |dangerous_pattern| regex, but
+  // can be regarded as an extension of blocking repeated diacritic marks.
+  // i followed by U+0307 (combining dot above)
+  ["xn--pixel-8fd.com", "pi\u0307xel.com", kUnsafe],
+  // U+0131 (dotless i) followed by U+0307
+  ["xn--pxel-lza43z.com", "p\u0131\u0307xel.com", kUnsafe],
+  // j followed by U+0307 (combining dot above)
+  ["xn--jack-qwc.com", "j\u0307ack.com", kUnsafe],
+  // l followed by U+0307
+  ["xn--lace-qwc.com", "l\u0307ace.com", kUnsafe],
+
+  // Do not allow a combining mark after dotless i/j.
+  ["xn--pxel-lza29y.com", "p\u0131\u0300xel.com", kUnsafe],
+  ["xn--ack-gpb42h.com", "\u0237\u0301ack.com", kUnsafe],
+
+  // Mixed script confusable
+  // google with Armenian Small Letter Oh(U+0585)
+  ["xn--gogle-lkg.com", "g\u0585ogle.com", kUnsafe],
+  ["xn--range-kkg.com", "\u0585range.com", kUnsafe],
+  ["xn--cucko-pkg.com", "cucko\u0585.com", kUnsafe],
+  // Latin 'o' in Armenian.
+  ["xn--o-ybcg0cu0cq.com", "o\u0580\u0574\u0578\u0582\u0566\u0568.com", kUnsafe],
+  // Hiragana HE(U+3078) mixed with Katakana
+  ["xn--49jxi3as0d0fpc.com", "\u30e2\u30d2\u30fc\u30c8\u3078\u30d6\u30f3.com", kUnsafe, "DISABLED"],
+
+  // U+30FC should be preceded by a Hiragana/Katakana.
+  // Katakana + U+30FC + Han
+  ["xn--lck0ip02qw5ya.jp", "\u30ab\u30fc\u91ce\u7403.jp", kSafe],
+  // Hiragana + U+30FC + Han
+  ["xn--u8j5tr47nw5ya.jp", "\u304b\u30fc\u91ce\u7403.jp", kSafe],
+  // U+30FC + Han
+  ["xn--weka801xo02a.com", "\u30fc\u52d5\u753b\u30fc.com", kUnsafe],
+  // Han + U+30FC + Han
+  ["xn--wekz60nb2ay85atj0b.jp", "\u65e5\u672c\u30fc\u91ce\u7403.jp", kUnsafe],
+  // U+30FC at the beginning
+  ["xn--wek060nb2a.jp", "\u30fc\u65e5\u672c.jp", kUnsafe],
+  // Latin + U+30FC + Latin
+  ["xn--abcdef-r64e.jp", "abc\u30fcdef.jp", kUnsafe],
+
+  // U+30FB (・) is not allowed next to Latin, but allowed otherwise.
+  // U+30FB + Han
+  ["xn--vekt920a.jp", "\u30fb\u91ce.jp", kSafe],
+  // Han + U+30FB + Han
+  ["xn--vek160nb2ay85atj0b.jp", "\u65e5\u672c\u30fb\u91ce\u7403.jp", kSafe],
+  // Latin + U+30FB + Latin
+  ["xn--abcdef-k64e.jp", "abc\u30fbdef.jp", kUnsafe, "DISABLED"],
+  // U+30FB + Latin
+  ["xn--abc-os4b.jp", "\u30fbabc.jp", kUnsafe, "DISABLED"],
+
+  // U+30FD (ヽ) is allowed only after Katakana.
+  // Katakana + U+30FD
+  ["xn--lck2i.jp", "\u30ab\u30fd.jp", kSafe],
+  // Hiragana + U+30FD
+  ["xn--u8j7t.jp", "\u304b\u30fd.jp", kUnsafe, "DISABLED"],
+  // Han + U+30FD
+  ["xn--xek368f.jp", "\u4e00\u30fd.jp", kUnsafe, "DISABLED"],
+  ["xn--a-mju.jp", "a\u30fd.jp", kUnsafe, "DISABLED"],
+  ["xn--a1-bo4a.jp", "a1\u30fd.jp", kUnsafe, "DISABLED"],
+
+  // U+30FE (ヾ) is allowed only after Katakana.
+  // Katakana + U+30FE
+  ["xn--lck4i.jp", "\u30ab\u30fe.jp", kSafe],
+  // Hiragana + U+30FE
+  ["xn--u8j9t.jp", "\u304b\u30fe.jp", kUnsafe, "DISABLED"],
+  // Han + U+30FE
+  ["xn--yek168f.jp", "\u4e00\u30fe.jp", kUnsafe, "DISABLED"],
+  ["xn--a-oju.jp", "a\u30fe.jp", kUnsafe, "DISABLED"],
+  ["xn--a1-eo4a.jp", "a1\u30fe.jp", kUnsafe, "DISABLED"],
+
+  // Cyrillic labels made of Latin-look-alike Cyrillic letters.
+  // 1) ѕсоре.com with ѕсоре in Cyrillic.
+  ["xn--e1argc3h.com", "\u0455\u0441\u043e\u0440\u0435.com", kUnsafe, "DISABLED"],
+  // 2) ѕсоре123.com with ѕсоре in Cyrillic.
+  ["xn--123-qdd8bmf3n.com", "\u0455\u0441\u043e\u0440\u0435123.com", kUnsafe, "DISABLED"],
+  // 3) ѕсоре-рау.com with ѕсоре and рау in Cyrillic.
+  ["xn----8sbn9akccw8m.com",     "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.com", kUnsafe, "DISABLED"],
+  // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
+  // them.
+  ["xn--1-8sbn9akccw8m.com",     "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.com", kUnsafe, "DISABLED"],
+
+  // The same as above three, but in IDN TLD (рф).
+  // 1) ѕсоре.рф with ѕсоре in Cyrillic.
+  ["xn--e1argc3h.xn--p1ai", "\u0455\u0441\u043e\u0440\u0435.\u0440\u0444", kSafe],
+  // 2) ѕсоре123.рф with ѕсоре in Cyrillic.
+  ["xn--123-qdd8bmf3n.xn--p1ai",     "\u0455\u0441\u043e\u0440\u0435123.\u0440\u0444", kSafe],
+  // 3) ѕсоре-рау.рф with ѕсоре and рау in Cyrillic.
+  ["xn----8sbn9akccw8m.xn--p1ai",     "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.\u0440\u0444", kSafe],
+  // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
+  // them.
+  ["xn--1-8sbn9akccw8m.xn--p1ai",     "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.\u0440\u0444", kSafe],
+
+  // Same as above three, but in .ru TLD.
+  // 1) ѕсоре.ru  with ѕсоре in Cyrillic.
+  ["xn--e1argc3h.r", "\u0455\u0441\u043e\u0440\u0435.r", kSafe],
+  // 2) ѕсоре123.ru with ѕсоре in Cyrillic.
+  ["xn--123-qdd8bmf3n.r", "\u0455\u0441\u043e\u0440\u0435123.r", kSafe],
+  // 3) ѕсоре-рау.ru with ѕсоре and рау in Cyrillic.
+  ["xn----8sbn9akccw8m.r",     "\u0455\u0441\u043e\u0440\u0435-\u0440\u0430\u0443.r", kSafe],
+  // 4) ѕсоре1рау.com with scope and pay in Cyrillic and a non-letter between
+  // them.
+  ["xn--1-8sbn9akccw8m.r",     "\u0455\u0441\u043e\u0440\u0435\u0031\u0440\u0430\u0443.r", kSafe],
+
+  // ѕсоре-рау.한국 with ѕсоре and рау in Cyrillic. The label will remain
+  // punycode while the TLD will be decoded.
+  ["xn----8sbn9akccw8m.xn--3e0b707e", "xn----8sbn9akccw8m.\ud55c\uad6d", kSafe, "DISABLED"],
+
+  // музей (museum in Russian) has characters without a Latin-look-alike.
+  ["xn--e1adhj9a.com", "\u043c\u0443\u0437\u0435\u0439.com", kSafe],
+
+  // ѕсоԗе.com is Cyrillic with Latin lookalikes.
+  ["xn--e1ari3f61c.com", "\u0455\u0441\u043e\u0517\u0435.com", kUnsafe, "DISABLED"],
+
+  // ыоԍ.com is Cyrillic with Latin lookalikes.
+  ["xn--n1az74c.com", "\u044b\u043e\u050d.com", kUnsafe],
+
+  // сю.com is Cyrillic with Latin lookalikes.
+  ["xn--q1a0a.com", "\u0441\u044e.com", kUnsafe, "DISABLED"],
+
+  // Regression test for lowercase letters in whole script confusable
+  // lookalike character lists.
+  ["xn--80a8a6a.com", "\u0430\u044c\u0441.com", kUnsafe, "DISABLED"],
+
+  // googlе.한국 where е is Cyrillic. This tests the generic case when one
+  // label is not allowed but  other labels in the domain name are still
+  // decoded. Here, googlе is left in punycode but the TLD is decoded.
+  ["xn--googl-3we.xn--3e0b707e", "xn--googl-3we.\ud55c\uad6d", kSafe],
+
+  // Combining Diacritic marks after a script other than Latin-Greek-Cyrillic
+  ["xn--rsa2568fvxya.com", "\ud55c\u0307\uae00.com", kUnsafe, "DISABLED"],  // 한́글.com
+  ["xn--rsa0336bjom.com", "\u6f22\u0307\u5b57.com", kUnsafe, "DISABLED"],  // 漢̇字.com
+  // नागरी́.com
+  ["xn--lsa922apb7a6do.com", "\u0928\u093e\u0917\u0930\u0940\u0301.com", kUnsafe, "DISABLED"],
+
+  // Similarity checks against the list of top domains. "digklmo68.com" and
+  // 'digklmo68.co.uk" are listed for unittest in the top domain list.
+  // đigklmo68.com:
+  ["xn--igklmo68-kcb.com", "\u0111igklmo68.com", kUnsafe, "DISABLED"],
+  // www.đigklmo68.com:
+  ["www.xn--igklmo68-kcb.com", "www.\u0111igklmo68.com", kUnsafe, "DISABLED"],
+  // foo.bar.đigklmo68.com:
+  ["foo.bar.xn--igklmo68-kcb.com", "foo.bar.\u0111igklmo68.com", kUnsafe, "DISABLED"],
+  // đigklmo68.co.uk:
+  ["xn--igklmo68-kcb.co.uk", "\u0111igklmo68.co.uk", kUnsafe, "DISABLED"],
+  // mail.đigklmo68.co.uk:
+  ["mail.xn--igklmo68-kcb.co.uk", "mail.\u0111igklmo68.co.uk", kUnsafe, "DISABLED"],
+  // di̇gklmo68.com:
+  ["xn--digklmo68-6jf.com", "di\u0307gklmo68.com", kUnsafe],
+  // dig̱klmo68.com:
+  ["xn--digklmo68-7vf.com", "dig\u0331klmo68.com", kUnsafe, "DISABLED"],
+  // digĸlmo68.com:
+  ["xn--diglmo68-omb.com", "dig\u0138lmo68.com", kUnsafe],
+  // digkłmo68.com:
+  ["xn--digkmo68-9ob.com", "digk\u0142mo68.com", kUnsafe, "DISABLED"],
+  // digklṃo68.com:
+  ["xn--digklo68-l89c.com", "digkl\u1e43o68.com", kUnsafe, "DISABLED"],
+  // digklmø68.com:
+  ["xn--digklm68-b5a.com", "digklm\u00f868.com", kUnsafe, "DISABLED"],
+  // digklmoб8.com:
+  ["xn--digklmo8-h7g.com", "digklmo\u04318.com", kUnsafe],
+  // digklmo6৪.com:
+  ["xn--digklmo6-7yr.com", "digklmo6\u09ea.com", kUnsafe],
+
+  // 'islkpx123.com' is in the test domain list.
+  // 'іѕӏкрх123' can look like 'islkpx123' in some fonts.
+  ["xn--123-bed4a4a6hh40i.com",     "\u0456\u0455\u04cf\u043a\u0440\u0445123.com", kUnsafe, "DISABLED"],
+
+  // 'o2.com', '28.com', '39.com', '43.com', '89.com', 'oo.com' and 'qq.com'
+  // are all explicitly added to the test domain list to aid testing of
+  // Latin-lookalikes that are numerics in other character sets and similar
+  // edge cases.
+  //
+  // Bengali:
+  ["xn--07be.com", "\u09e6\u09e8.com", kUnsafe, "DISABLED"],
+  ["xn--27be.com", "\u09e8\u09ea.com", kUnsafe, "DISABLED"],
+  ["xn--77ba.com", "\u09ed\u09ed.com", kUnsafe, "DISABLED"],
+  // Gurmukhi:
+  ["xn--qcce.com", "\u0a68\u0a6a.com", kUnsafe, "DISABLED"],
+  ["xn--occe.com", "\u0a66\u0a68.com", kUnsafe, "DISABLED"],
+  ["xn--rccd.com", "\u0a6b\u0a69.com", kUnsafe, "DISABLED"],
+  ["xn--pcca.com", "\u0a67\u0a67.com", kUnsafe, "DISABLED"],
+  // Telugu:
+  ["xn--drcb.com", "\u0c69\u0c68.com", kUnsafe, "DISABLED"],
+  // Devanagari:
+  ["xn--d4be.com", "\u0966\u0968.com", kUnsafe, "DISABLED"],
+  // Kannada:
+  ["xn--yucg.com", "\u0ce6\u0ce9.com", kUnsafe, "DISABLED"],
+  ["xn--yuco.com", "\u0ce6\u0ced.com", kUnsafe, "DISABLED"],
+  // Oriya:
+  ["xn--1jcf.com", "\u0b6b\u0b68.com", kUnsafe, "DISABLED"],
+  ["xn--zjca.com", "\u0b66\u0b66.com", kUnsafe, "DISABLED"],
+  // Gujarati:
+  ["xn--cgce.com", "\u0ae6\u0ae8.com", kUnsafe, "DISABLED"],
+  ["xn--fgci.com", "\u0ae9\u0aed.com", kUnsafe, "DISABLED"],
+  ["xn--dgca.com", "\u0ae7\u0ae7.com", kUnsafe, "DISABLED"],
+
+  // wmhtb.com
+  ["xn--l1acpvx.com", "\u0448\u043c\u043d\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // щмнть.com
+  ["xn--l1acpzs.com", "\u0449\u043c\u043d\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // шмнтв.com
+  ["xn--b1atdu1a.com", "\u0448\u043c\u043d\u0442\u0432.com", kUnsafe, "DISABLED"],
+  // шмԋтв.com
+  ["xn--b1atsw09g.com", "\u0448\u043c\u050b\u0442\u0432.com", kUnsafe],
+  // шмԧтв.com
+  ["xn--b1atsw03i.com", "\u0448\u043c\u0527\u0442\u0432.com", kUnsafe, "DISABLED"],
+  // шмԋԏв.com
+  ["xn--b1at9a12dua.com", "\u0448\u043c\u050b\u050f\u0432.com", kUnsafe],
+  // ഠട345.com
+  ["xn--345-jtke.com", "\u0d20\u0d1f345.com", kUnsafe, "DISABLED"],
+
+  // Test additional confusable LGC characters (most of them without
+  // decomposition into base + diacritc mark). The corresponding ASCII
+  // domain names are in the test top domain list.
+  // ϼκαωχ.com
+  ["xn--mxar4bh6w.com", "\u03fc\u03ba\u03b1\u03c9\u03c7.com", kUnsafe, "DISABLED"],
+  // þħĸŧƅ.com
+  ["xn--vda6f3b2kpf.com", "\u00fe\u0127\u0138\u0167\u0185.com", kUnsafe],
+  // þhktb.com
+  ["xn--hktb-9ra.com", "\u00fehktb.com", kUnsafe, "DISABLED"],
+  // pħktb.com
+  ["xn--pktb-5xa.com", "p\u0127ktb.com", kUnsafe, "DISABLED"],
+  // phĸtb.com
+  ["xn--phtb-m0a.com", "ph\u0138tb.com", kUnsafe],
+  // phkŧb.com
+  ["xn--phkb-d7a.com", "phk\u0167b.com", kUnsafe, "DISABLED"],
+  // phktƅ.com
+  ["xn--phkt-ocb.com", "phkt\u0185.com", kUnsafe],
+  // ҏнкть.com
+  ["xn--j1afq4bxw.com", "\u048f\u043d\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏћкть.com
+  ["xn--j1aq4a7cvo.com", "\u048f\u045b\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏңкть.com
+  ["xn--j1aq4azund.com", "\u048f\u04a3\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏҥкть.com
+  ["xn--j1aq4azuxd.com", "\u048f\u04a5\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏӈкть.com
+  ["xn--j1aq4azuyj.com", "\u048f\u04c8\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏԧкть.com
+  ["xn--j1aq4azu9z.com", "\u048f\u0527\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏԩкть.com
+  ["xn--j1aq4azuq0a.com", "\u048f\u0529\u043a\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнқть.com
+  ["xn--m1ak4azu6b.com", "\u048f\u043d\u049b\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнҝть.com
+  ["xn--m1ak4azunc.com", "\u048f\u043d\u049d\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнҟть.com
+  ["xn--m1ak4azuxc.com", "\u048f\u043d\u049f\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнҡть.com
+  ["xn--m1ak4azu7c.com", "\u048f\u043d\u04a1\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнӄть.com
+  ["xn--m1ak4azu8i.com", "\u048f\u043d\u04c4\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнԟть.com
+  ["xn--m1ak4azuzy.com", "\u048f\u043d\u051f\u0442\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнԟҭь.com
+  ["xn--m1a4a4nnery.com", "\u048f\u043d\u051f\u04ad\u044c.com", kUnsafe, "DISABLED"],
+  // ҏнԟҭҍ.com
+  ["xn--m1a4ne5jry.com", "\u048f\u043d\u051f\u04ad\u048d.com", kUnsafe, "DISABLED"],
+  // ҏнԟҭв.com
+  ["xn--b1av9v8dry.com", "\u048f\u043d\u051f\u04ad\u0432.com", kUnsafe, "DISABLED"],
+  // ҏӊԟҭв.com
+  ["xn--b1a9p8c1e8r.com", "\u048f\u04ca\u051f\u04ad\u0432.com", kUnsafe, "DISABLED"],
+  // wmŋr.com
+  ["xn--wmr-jxa.com", "wm\u014br.com", kUnsafe, "DISABLED"],
+  // шмпґ.com
+  ["xn--l1agz80a.com", "\u0448\u043c\u043f\u0491.com", kUnsafe, "DISABLED"],
+  // щмпґ.com
+  ["xn--l1ag2a0y.com", "\u0449\u043c\u043f\u0491.com", kUnsafe, "DISABLED"],
+  // щӎпґ.com
+  ["xn--o1at1tsi.com", "\u0449\u04ce\u043f\u0491.com", kUnsafe, "DISABLED"],
+  // ґғ.com
+  ["xn--03ae.com", "\u0491\u0493.com", kUnsafe, "DISABLED"],
+  // ґӻ.com
+  ["xn--03a6s.com", "\u0491\u04fb.com", kUnsafe, "DISABLED"],
+  // ҫұҳҽ.com
+  ["xn--r4amg4b.com", "\u04ab\u04b1\u04b3\u04bd.com", kUnsafe, "DISABLED"],
+  // ҫұӽҽ.com
+  ["xn--r4am0b8r.com", "\u04ab\u04b1\u04fd\u04bd.com", kUnsafe, "DISABLED"],
+  // ҫұӿҽ.com
+  ["xn--r4am0b3s.com", "\u04ab\u04b1\u04ff\u04bd.com", kUnsafe, "DISABLED"],
+  // ҫұӿҿ.com
+  ["xn--r4am6b4p.com", "\u04ab\u04b1\u04ff\u04bf.com", kUnsafe, "DISABLED"],
+  // ҫұӿє.com
+  ["xn--91a7osa62a.com", "\u04ab\u04b1\u04ff\u0454.com", kUnsafe, "DISABLED"],
+  // ӏԃԍ.com
+  ["xn--s5a8h4a.com", "\u04cf\u0503\u050d.com", kUnsafe],
+
+  // U+04CF(ӏ) is mapped to multiple characters, lowercase L(l) and
+  // lowercase I(i). Lowercase L is also regarded as similar to digit 1.
+  // The test domain list has {ig, ld, 1gd}.com for Cyrillic.
+  // ӏԍ.com
+  ["xn--s5a8j.com", "\u04cf\u050d.com", kUnsafe],
+  // ӏԃ.com
+  ["xn--s5a8h.com", "\u04cf\u0503.com", kUnsafe],
+  // ӏԍԃ.com
+  ["xn--s5a8h3a.com", "\u04cf\u050d\u0503.com", kUnsafe],
+
+  // 1շ34567890.com
+  ["xn--134567890-gnk.com", "1\u057734567890.com", kUnsafe, "DISABLED"],
+  // ꓲ2345б7890.com
+  ["xn--23457890-e7g93622b.com", "\ua4f22345\u04317890.com", kUnsafe],
+  // 1ᒿ345б7890.com
+  ["xn--13457890-e7g0943b.com", "1\u14bf345\u04317890.com", kUnsafe],
+  // 12з4567890.com
+  ["xn--124567890-10h.com", "12\u04374567890.com", kUnsafe, "DISABLED"],
+  // 12ҙ4567890.com
+  ["xn--124567890-1ti.com", "12\u04994567890.com", kUnsafe, "DISABLED"],
+  // 12ӡ4567890.com
+  ["xn--124567890-mfj.com", "12\u04e14567890.com", kUnsafe, "DISABLED"],
+  // 12उ4567890.com
+  ["xn--124567890-m3r.com", "12\u09094567890.com", kUnsafe, "DISABLED"],
+  // 12ও4567890.com
+  ["xn--124567890-17s.com", "12\u09934567890.com", kUnsafe, "DISABLED"],
+  // 12ਤ4567890.com
+  ["xn--124567890-hfu.com", "12\u0a244567890.com", kUnsafe, "DISABLED"],
+  // 12ဒ4567890.com
+  ["xn--124567890-6s6a.com", "12\u10124567890.com", kUnsafe, "DISABLED"],
+  // 12ვ4567890.com
+  ["xn--124567890-we8a.com", "12\u10D54567890.com", kUnsafe, "DISABLED"],
+  // 12პ4567890.com
+  ["xn--124567890-hh8a.com", "12\u10DE4567890.com", kUnsafe, "DISABLED"],
+  // 123ㄐ567890.com
+  ["xn--123567890-dr5h.com", "123ㄐ567890.com", kUnsafe, "DISABLED"],
+  // 123Ꮞ567890.com
+  ["xn--123567890-dm4b.com", "123\u13ce567890.com", kUnsafe],
+  // 12345б7890.com
+  ["xn--123457890-fzh.com", "12345\u04317890.com", kUnsafe, "DISABLED"],
+  // 12345ճ7890.com
+  ["xn--123457890-fmk.com", "12345ճ7890.com", kUnsafe, "DISABLED"],
+  // 1234567ȣ90.com
+  ["xn--123456790-6od.com", "1234567\u022390.com", kUnsafe],
+  // 12345678୨0.com
+  ["xn--123456780-71w.com", "12345678\u0b680.com", kUnsafe],
+  // 123456789ଠ.com
+  ["xn--123456789-ohw.com", "123456789\u0b20.com", kUnsafe, "DISABLED"],
+  // 123456789ꓳ.com
+  ["xn--123456789-tx75a.com", "123456789\ua4f3.com", kUnsafe],
+
+  // aeœ.com
+  ["xn--ae-fsa.com", "ae\u0153.com", kUnsafe, "DISABLED"],
+  // æce.com
+  ["xn--ce-0ia.com", "\u00e6ce.com", kUnsafe, "DISABLED"],
+  // æœ.com
+  ["xn--6ca2t.com", "\u00e6\u0153.com", kUnsafe, "DISABLED"],
+  // ӕԥ.com
+  ["xn--y5a4n.com", "\u04d5\u0525.com", kUnsafe, "DISABLED"],
+
+  // ငၔဌ၂ဝ.com (entirely made of Myanmar characters)
+  ["xn--ridq5c9hnd.com", "\u1004\u1054\u100c\u1042\u101d.com", kUnsafe, "DISABLED"],
+
+  // ฟรฟร.com (made of two Thai characters. similar to wsws.com in
+  // some fonts)
+  ["xn--w3calb.com", "\u0e1f\u0e23\u0e1f\u0e23.com", kUnsafe, "DISABLED"],
+  // พรบ.com
+  ["xn--r3chp.com", "\u0e1e\u0e23\u0e1a.com", kUnsafe, "DISABLED"],
+  // ฟรบ.com
+  ["xn--r3cjm.com", "\u0e1f\u0e23\u0e1a.com", kUnsafe, "DISABLED"],
+
+  // Lao characters that look like w, s, o, and u.
+  // ພຣບ.com
+  ["xn--f7chp.com", "\u0e9e\u0ea3\u0e9a.com", kUnsafe, "DISABLED"],
+  // ຟຣບ.com
+  ["xn--f7cjm.com", "\u0e9f\u0ea3\u0e9a.com", kUnsafe, "DISABLED"],
+  // ຟຮບ.com
+  ["xn--f7cj9b.com", "\u0e9f\u0eae\u0e9a.com", kUnsafe, "DISABLED"],
+  // ຟຮ໐ບ.com
+  ["xn--f7cj9b5h.com", "\u0e9f\u0eae\u0ed0\u0e9a.com", kUnsafe, "DISABLED"],
+
+  // Lao character that looks like n.
+  // ก11.com
+  ["xn--11-lqi.com", "\u0e0111.com", kUnsafe, "DISABLED"],
+
+  // At one point the skeleton of 'w' was 'vv', ensure that
+  // that it's treated as 'w'.
+  ["xn--wder-qqa.com", "w\u00f3der.com", kUnsafe, "DISABLED"],
+
+  // Mixed digits: the first two will also fail mixed script test
+  // Latin + ASCII digit + Deva digit
+  ["xn--asc1deva-j0q.co.in", "asc1deva\u0967.co.in", kUnsafe],
+  // Latin + Deva digit + Beng digit
+  ["xn--devabeng-f0qu3f.co.in", "deva\u0967beng\u09e7.co.in", kUnsafe],
+  // ASCII digit + Deva digit
+  ["xn--79-v5f.co.in", "7\u09ea9.co.in", kUnsafe],
+  //  Deva digit + Beng digit
+  ["xn--e4b0x.co.in", "\u0967\u09e7.co.in", kUnsafe],
+  // U+4E00 (CJK Ideograph One) is not a digit, but it's not allowed next to
+  // non-Kana scripts including numbers.
+  ["xn--d12-s18d.cn", "d12\u4e00.cn", kUnsafe, "DISABLED"],
+  // One that's really long that will force a buffer realloc
+  ["aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",     "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", kSafe],
+
+  // Not allowed; characters outside [:Identifier_Status=Allowed:]
+  // Limited Use Scripts: UTS 31 Table 7.
+  // Vai
+  ["xn--sn8a.com", "\ua50b.com", kUnsafe],
+  // 'CARD' look-alike in Cherokee
+  ["xn--58db0a9q.com", "\u13df\u13aa\u13a1\u13a0.com", kUnsafe],
+  // Scripts excluded from Identifiers: UTS 31 Table 4
+  // Coptic
+  ["xn--5ya.com", "\u03e7.com", kUnsafe],
+  // Old Italic
+  ["xn--097cc.com", "\U00010300\U00010301.com", kUnsafe],
+
+  // U+115F (Hangul Filler)
+  ["xn--osd3820f24c.kr", "\uac00\ub098\u115f.kr", kInvalid],
+  ["www.xn--google-ho0coa.com", "www.\u2039google\u203a.com", kUnsafe],
+  // Latin small capital w: hardᴡare.com
+  ["xn--hardare-l41c.com", "hard\u1d21are.com", kUnsafe],
+  // Minus Sign(U+2212)
+  ["xn--t9g238xc2a.jp", "\u65e5\u2212\u672c.jp", kUnsafe],
+  // Latin Small Letter Script G: ɡɡ.com
+  ["xn--0naa.com", "\u0261\u0261.com", kUnsafe],
+  // Hangul Jamo(U+11xx)
+  ["xn--0pdc3b.com", "\u1102\u1103\u1110.com", kUnsafe],
+  // degree sign: 36°c.com
+  ["xn--36c-tfa.com", "36\u00b0c.com", kUnsafe],
+  // Pound sign
+  ["xn--5free-fga.com", "5free\u00a3.com", kUnsafe],
+  // Hebrew points (U+05B0, U+05B6)
+  ["xn--7cbl2kc2a.com", "\u05e1\u05b6\u05e7\u05b0\u05e1.com", kUnsafe],
+  // Danda(U+0964)
+  ["xn--81bp1b6ch8s.com", "\u0924\u093f\u091c\u0964\u0930\u0940.com", kUnsafe],
+  // Small letter script G(U+0261)
+  ["xn--oogle-qmc.com", "\u0261oogle.com", kUnsafe],
+  // Small Katakana Extension(U+31F1)
+  ["xn--wlk.com", "\u31f1.com", kUnsafe],
+  // Heart symbol: ♥
+  ["xn--ab-u0x.com", "ab\u2665.com", kUnsafe],
+  // Emoji
+  ["xn--vi8hiv.xyz", "\U0001f355\U0001f4a9.xyz", kUnsafe],
+  // Registered trade mark
+  ["xn--egistered-fna.com", "\u00aeegistered.com", kUnsafe],
+  // Latin Letter Retroflex Click
+  ["xn--registered-25c.com", "registered\u01c3.com", kUnsafe],
+  // ASCII '!' not allowed in IDN
+  ["xn--!-257eu42c.kr", "\uc548\ub155!.kr", kUnsafe],
+  // 'GOOGLE' in IPA extension: ɢᴏᴏɢʟᴇ
+  ["xn--1naa7pn51hcbaa.com", "\u0262\u1d0f\u1d0f\u0262\u029f\u1d07.com", kUnsafe],
+  // Padlock icon spoof.
+  ["xn--google-hj64e.com", "\U0001f512google.com", kUnsafe],
+
+  // Custom block list
+  // Combining Long Solidus Overlay
+  ["google.xn--comabc-k8d", "google.com\u0338abc", kUnsafe],
+  // Hyphenation Point instead of Katakana Middle dot
+  ["xn--svgy16dha.jp", "\u30a1\u2027\u30a3.jp", kUnsafe],
+  // Gershayim with other Hebrew characters is allowed.
+  ["xn--5db6bh9b.il", "\u05e9\u05d1\u05f4\u05e6.il", kSafe, "DISABLED"],
+  // Hebrew Gershayim with Latin is invalid according to Python's idna
+  // package.
+  ["xn--ab-yod.com", "a\u05f4b.com", kInvalid],
+  // Hebrew Gershayim with Arabic is disallowed.
+  ["xn--5eb7h.eg", "\u0628\u05f4.eg", kUnsafe],
+// #if BUILDFLAG(IS_APPLE)
+  // These characters are blocked due to a font issue on Mac.
+  // Tibetan transliteration characters.
+  ["xn--com-lum.test.pl", "com\u0f8c.test.pl", kUnsafe],
+  // Arabic letter KASHMIRI YEH
+  ["xn--fgb.com", "\u0620.com", kUnsafe, "DISABLED"],
+// #endif
+
+  // Hyphens (http://unicode.org/cldr/utility/confusables.jsp?a=-)
+  // Hyphen-Minus (the only hyphen allowed)
+  // abc-def
+  ["abc-def.com", "abc-def.com", kSafe],
+  // Modifier Letter Minus Sign
+  ["xn--abcdef-5od.com", "abc\u02d7def.com", kUnsafe],
+  // Hyphen
+  ["xn--abcdef-dg0c.com", "abc\u2010def.com", kUnsafe],
+  // Non-Breaking Hyphen
+  // This is actually an invalid IDNA domain (U+2011 normalizes to U+2010),
+  // but it is included to ensure that we do not inadvertently allow this
+  // character to be displayed as Unicode.
+  ["xn--abcdef-kg0c.com", "abc\u2011def.com", kInvalid],
+  // Figure Dash.
+  // Python's idna package refuses to decode the minus signs and dashes. ICU
+  // decodes them but treats them as unsafe in spoof checks, so these test
+  // cases are marked as unsafe instead of invalid.
+  ["xn--abcdef-rg0c.com", "abc\u2012def.com", kUnsafe],
+  // En Dash
+  ["xn--abcdef-yg0c.com", "abc\u2013def.com", kUnsafe],
+  // Hyphen Bullet
+  ["xn--abcdef-kq0c.com", "abc\u2043def.com", kUnsafe],
+  // Minus Sign
+  ["xn--abcdef-5d3c.com", "abc\u2212def.com", kUnsafe],
+  // Heavy Minus Sign
+  ["xn--abcdef-kg1d.com", "abc\u2796def.com", kUnsafe],
+  // Em Dash
+  // Small Em Dash (U+FE58) is normalized to Em Dash.
+  ["xn--abcdef-5g0c.com", "abc\u2014def.com", kUnsafe],
+  // Coptic Small Letter Dialect-P Ni. Looks like dash.
+  // Coptic Capital Letter Dialect-P Ni is normalized to small letter.
+  ["xn--abcdef-yy8d.com", "abc\u2cbbdef.com", kUnsafe],
+
+  // Block NV8 (Not valid in IDN 2008) characters.
+  // U+058A (֊)
+  ["xn--ab-vfd.com", "a\u058ab.com", kUnsafe],
+  ["xn--y9ac3j.com", "\u0561\u058a\u0562.com", kUnsafe],
+  // U+2019 (’)
+  ["xn--ab-n2t.com", "a\u2019b.com", kUnsafe],
+  // U+2027 (‧)
+  ["xn--ab-u3t.com", "a\u2027b.com", kUnsafe],
+  // U+30A0 (゠)
+  ["xn--ab-bg4a.com", "a\u30a0b.com", kUnsafe],
+  ["xn--9bk3828aea.com", "\uac00\u30a0\uac01.com", kUnsafe],
+  ["xn--9bk279fba.com", "\u4e00\u30a0\u4e00.com", kUnsafe],
+  ["xn--n8jl2x.com", "\u304a\u30a0\u3044.com", kUnsafe],
+  ["xn--fbke7f.com", "\u3082\u30a0\u3084.com", kUnsafe],
+
+  // Block single/double-quote-like characters.
+  // U+02BB (ʻ)
+  ["xn--ab-8nb.com", "a\u02bbb.com", kUnsafe, "DISABLED"],
+  // U+02BC (ʼ)
+  ["xn--ab-cob.com", "a\u02bcb.com", kUnsafe, "DISABLED"],
+  // U+144A: Not allowed to mix with scripts other than Canadian Syllabics.
+  ["xn--ab-jom.com", "a\u144ab.com", kUnsafe],
+  ["xn--xcec9s.com", "\u1401\u144a\u1402.com", kUnsafe],
+
+  // Custom dangerous patterns
+  // Two Katakana-Hiragana combining mark in a row
+  ["google.xn--com-oh4ba.evil.jp", "google.com\u309a\u309a.evil.jp", kUnsafe],
+  // Katakana Letter No not enclosed by {Han,Hiragana,Katakana}.
+  ["google.xn--comevil-v04f.jp", "google.com\u30ceevil.jp", kUnsafe, "DISABLED"],
+  // TODO(jshin): Review the danger of allowing the following two.
+  // Hiragana 'No' by itself is allowed.
+  ["xn--ldk.jp", "\u30ce.jp", kSafe],
+  // Hebrew Gershayim used by itself is allowed.
+  ["xn--5eb.il", "\u05f4.il", kSafe, "DISABLED"],
+
+  // Block RTL nonspacing marks (NSM) after unrelated scripts.
+  ["xn--foog-ycg.com", "foog\u0650.com", kUnsafe],    // Latin + Arabic N]M
+  ["xn--foog-jdg.com", "foog\u0654.com", kUnsafe],    // Latin + Arabic N]M
+  ["xn--foog-jhg.com", "foog\u0670.com", kUnsafe],    // Latin + Arbic N]M
+  ["xn--foog-opf.com", "foog\u05b4.com", kUnsafe],    // Latin + Hebrew N]M
+  ["xn--shb5495f.com", "\uac00\u0650.com", kUnsafe],  // Hang + Arabic N]M
+
+  // 4 Deviation characters between IDNA 2003 and IDNA 2008
+  // When entered in Unicode, the first two are mapped to 'ss' and Greek sigma
+  // and the latter two are mapped away. However, the punycode form should
+  // remain in punycode.
+  // U+00DF(sharp-s)
+  ["xn--fu-hia.de", "fu\u00df.de", kUnsafe, "DISABLED"],
+  // U+03C2(final-sigma)
+  ["xn--mxac2c.gr", "\u03b1\u03b2\u03c2.gr", kUnsafe, "DISABLED"],
+  // U+200C(ZWNJ)
+  ["xn--h2by8byc123p.in", "\u0924\u094d\u200c\u0930\u093f.in", kUnsafe],
+  // U+200C(ZWJ)
+  ["xn--11b6iy14e.in", "\u0915\u094d\u200d.in", kUnsafe],
+
+  // Math Monospace Small A. When entered in Unicode, it's canonicalized to
+  // 'a'. The punycode form should remain in punycode.
+  ["xn--bc-9x80a.xyz", "\U0001d68abc.xyz", kInvalid],
+  // Math Sans Bold Capital Alpha
+  ["xn--bc-rg90a.xyz", "\U0001d756bc.xyz", kInvalid],
+  // U+3000 is canonicalized to a space(U+0020), but the punycode form
+  // should remain in punycode.
+  ["xn--p6j412gn7f.cn", "\u4e2d\u56fd\u3000", kInvalid],
+  // U+3002 is canonicalized to ASCII fullstop(U+002E), but the punycode form
+  // should remain in punycode.
+  ["xn--r6j012gn7f.cn", "\u4e2d\u56fd\u3002", kInvalid],
+  // Invalid punycode
+  // Has a codepoint beyond U+10FFFF.
+  ["xn--krank-kg706554a", "", kInvalid],
+  // '?' in punycode.
+  ["xn--hello?world.com", "", kInvalid],
+
+  // Not allowed in UTS46/IDNA 2008
+  // Georgian Capital Letter(U+10BD)
+  ["xn--1nd.com", "\u10bd.com", kInvalid],
+  // 3rd and 4th characters are '-'.
+  ["xn-----8kci4dhsd", "\u0440\u0443--\u0430\u0432\u0442\u043e", kInvalid],
+  // Leading combining mark
+  ["xn--72b.com", "\u093e.com", kInvalid],
+  // BiDi check per IDNA 2008/UTS 46
+  // Cannot starts with AN(Arabic-Indic Number)
+  ["xn--8hbae.eg", "\u0662\u0660\u0660.eg", kInvalid],
+  // Cannot start with a RTL character and ends with a LTR
+  ["xn--x-ymcov.eg", "\u062c\u0627\u0631x.eg", kInvalid],
+  // Can start with a RTL character and ends with EN(European Number)
+  ["xn--2-ymcov.eg", "\u062c\u0627\u06312.eg", kSafe],
+  // Can start with a RTL and end with AN
+  ["xn--mgbjq0r.eg", "\u062c\u0627\u0631\u0662.eg", kSafe],
+
+  // Extremely rare Latin letters
+  // Latin Ext B - Pinyin: ǔnion.com
+  ["xn--nion-unb.com", "\u01d4nion.com", kUnsafe, "DISABLED"],
+  // Latin Ext C: ⱴase.com
+  ["xn--ase-7z0b.com", "\u2c74ase.com", kUnsafe],
+  // Latin Ext D: ꝴode.com
+  ["xn--ode-ut3l.com", "\ua774ode.com", kUnsafe],
+  // Latin Ext Additional: ḷily.com
+  ["xn--ily-n3y.com", "\u1e37ily.com", kUnsafe, "DISABLED"],
+  // Latin Ext E: ꬺove.com
+  ["xn--ove-8y6l.com", "\uab3aove.com", kUnsafe],
+  // Greek Ext: ᾳβγ.com
+  ["xn--nxac616s.com", "\u1fb3\u03b2\u03b3.com", kInvalid],
+  // Cyrillic Ext A (label cannot begin with an illegal combining character).
+  ["xn--lrj.com", "\u2def.com", kInvalid],
+  // Cyrillic Ext B: ꙡ.com
+  ["xn--kx8a.com", "\ua661.com", kUnsafe],
+  // Cyrillic Ext C: ᲂ.com (Narrow o)
+  ["xn--43f.com", "\u1c82.com", kInvalid],
+
+  // The skeleton of Extended Arabic-Indic Digit Zero (۰) is a dot. Check that
+  // this is handled correctly (crbug/877045).
+  ["xn--dmb", "\u06f0", kSafe],
+
+  // Test that top domains whose skeletons are the same as the domain name are
+  // handled properly. In this case, tést.net should match test.net top
+  // domain and not be converted to unicode.
+  ["xn--tst-bma.net", "t\u00e9st.net", kUnsafe, "DISABLED"],
+  // Variations of the above, for testing crbug.com/925199.
+  // some.tést.net should match test.net.
+  ["some.xn--tst-bma.net", "some.t\u00e9st.net", kUnsafe, "DISABLED"],
+  // The following should not match test.net, so should be converted to
+  // unicode.
+  // ést.net (a suffix of tést.net).
+  ["xn--st-9ia.net", "\u00e9st.net", kSafe],
+  // some.ést.net
+  ["some.xn--st-9ia.net", "some.\u00e9st.net", kSafe],
+  // atést.net (tést.net is a suffix of atést.net)
+  ["xn--atst-cpa.net", "at\u00e9st.net", kSafe],
+  // some.atést.net
+  ["some.xn--atst-cpa.net", "some.at\u00e9st.net", kSafe],
+
+  // Modifier-letter-voicing should be blocked (wwwˬtest.com).
+  ["xn--wwwtest-2be.com", "www\u02ectest.com", kUnsafe, "DISABLED"],
+
+  // oĸ.com: Not a top domain, should be blocked because of Kra.
+  ["xn--o-tka.com", "o\u0138.com", kUnsafe],
+
+  // U+4E00 and U+3127 should be blocked when next to non-CJK.
+  ["xn--ipaddress-w75n.com", "ip\u4e00address.com", kUnsafe, "DISABLED"],
+  ["xn--ipaddress-wx5h.com", "ip\u3127address.com", kUnsafe, "DISABLED"],
+  // U+4E00 and U+3127 at the beginning and end of a string.
+  ["xn--google-gg5e.com", "google\u3127.com", kUnsafe, "DISABLED"],
+  ["xn--google-9f5e.com", "\u3127google.com", kUnsafe, "DISABLED"],
+  ["xn--google-gn7i.com", "google\u4e00.com", kUnsafe, "DISABLED"],
+  ["xn--google-9m7i.com", "\u4e00google.com", kUnsafe, "DISABLED"],
+  // These are allowed because U+4E00 and U+3127 are not immediately next to
+  // non-CJK.
+  ["xn--gamer-fg1hz05u.com", "\u4e00\u751fgamer.com", kSafe],
+  ["xn--gamer-kg1hy05u.com", "gamer\u751f\u4e00.com", kSafe],
+  ["xn--gamer-f94d4426b.com", "\u3127\u751fgamer.com", kSafe],
+  ["xn--gamer-k94d3426b.com", "gamer\u751f\u3127.com", kSafe],
+  ["xn--4gqz91g.com", "\u4e00\u732b.com", kSafe],
+  ["xn--4fkv10r.com", "\u3127\u732b.com", kSafe],
+  // U+4E00 with another ideograph.
+  ["xn--4gqc.com", "\u4e00\u4e01.com", kSafe],
+
+  // CJK ideographs looking like slashes should be blocked when next to
+  // non-CJK.
+  ["example.xn--comtest-k63k", "example.com\u4e36test", kUnsafe, "DISABLED"],
+  ["example.xn--comtest-u83k", "example.com\u4e40test", kUnsafe, "DISABLED"],
+  ["example.xn--comtest-283k", "example.com\u4e41test", kUnsafe, "DISABLED"],
+  ["example.xn--comtest-m83k", "example.com\u4e3ftest", kUnsafe, "DISABLED"],
+  // This is allowed because the ideographs are not immediately next to
+  // non-CJK.
+  ["xn--oiqsace.com", "\u4e36\u4e40\u4e41\u4e3f.com", kSafe],
+
+  // Kana voiced sound marks are not allowed.
+  ["xn--google-1m4e.com", "google\u3099.com", kUnsafe],
+  ["xn--google-8m4e.com", "google\u309A.com", kUnsafe],
+
+  // Small letter theta looks like a zero.
+  ["xn--123456789-yzg.com", "123456789\u03b8.com", kUnsafe, "DISABLED"],
+
+  ["xn--est-118d.net", "\u4e03est.net", kUnsafe, "DISABLED"],
+  ["xn--est-918d.net", "\u4e05est.net", kUnsafe, "DISABLED"],
+  ["xn--est-e28d.net", "\u4e06est.net", kUnsafe, "DISABLED"],
+  ["xn--est-t18d.net", "\u4e01est.net", kUnsafe, "DISABLED"],
+  ["xn--3-cq6a.com", "\u4e293.com", kUnsafe, "DISABLED"],
+  ["xn--cxe-n68d.com", "c\u4e2bxe.com", kUnsafe, "DISABLED"],
+  ["xn--cye-b98d.com", "cy\u4e42e.com", kUnsafe, "DISABLED"],
+
+  // U+05D7 can look like Latin n in many fonts.
+  ["xn--ceba.com", "\u05d7\u05d7.com", kUnsafe, "DISABLED"],
+
+  // U+00FE (þ) and U+00F0 (ð) are only allowed under the .is TLD.
+  ["xn--acdef-wva.com", "a\u00fecdef.com", kUnsafe, "DISABLED"],
+  ["xn--mnpqr-jta.com", "mn\u00f0pqr.com", kUnsafe, "DISABLED"],
+  ["xn--acdef-wva.is", "a\u00fecdef.is", kSafe],
+  ["xn--mnpqr-jta.is", "mn\u00f0pqr.is", kSafe],
+
+  // U+0259 (ə) is only allowed under the .az TLD.
+  ["xn--xample-vyc.com", "\u0259xample.com", kUnsafe, "DISABLED"],
+  ["xn--xample-vyc.az", "\u0259xample.az", kSafe],
+
+  // U+00B7 is only allowed on Catalan domains between two l's.
+  ["xn--googlecom-5pa.com", "google\u00b7com.com", kUnsafe, "DISABLED"],
+  ["xn--ll-0ea.com", "l\u00b7l.com", kUnsafe, "DISABLED"],
+  ["xn--ll-0ea.cat", "l\u00b7l.cat", kSafe],
+  ["xn--al-0ea.cat", "a\u00b7l.cat", kUnsafe, "DISABLED"],
+  ["xn--la-0ea.cat", "l\u00b7a.cat", kUnsafe, "DISABLED"],
+  ["xn--l-fda.cat", "\u00b7l.cat", kUnsafe, "DISABLED"],
+  ["xn--l-gda.cat", "l\u00b7.cat", kUnsafe, "DISABLED"],
+
+  ["xn--googlecom-gk6n.com", "google\u4e28com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-0y6n.com", "google\u4e5bcom.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-v85n.com", "google\u4e03com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-g95n.com", "google\u4e05com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-go6n.com", "google\u4e36com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-b76o.com", "google\u5341com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-ql3h.com", "google\u3007com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-0r5h.com", "google\u3112com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-bu5h.com", "google\u311acom.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-qv5h.com", "google\u311fcom.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-0x5h.com", "google\u3127com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-by5h.com", "google\u3128com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-ly5h.com", "google\u3129com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-5o5h.com", "google\u3108com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-075n.com", "google\u4e00com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-046h.com", "google\u31bacom.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-026h.com", "google\u31b3com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-lg9q.com", "google\u5de5com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-g040a.com", "google\u8ba0com.com", kUnsafe, "DISABLED"],
+  ["xn--googlecom-b85n.com", "google\u4e01com.com", kUnsafe, "DISABLED"],
+
+  // Whole-script-confusables. Cyrillic is sufficiently handled in cases above
+  // so it's not included here.
+  // Armenian:
+  ["xn--mbbkpm.com", "\u0578\u057d\u0582\u0585.com", kUnsafe, "DISABLED"],
+  ["xn--mbbkpm.am", "\u0578\u057d\u0582\u0585.am", kSafe],
+  ["xn--mbbkpm.xn--y9a3aq", "\u0578\u057d\u0582\u0585.\u0570\u0561\u0575", kSafe],
+  // Ethiopic:
+  ["xn--6xd66aa62c.com", "\u1220\u12d0\u12d0\u1350.com", kUnsafe, "DISABLED"],
+  ["xn--6xd66aa62c.et", "\u1220\u12d0\u12d0\u1350.et", kSafe],
+  ["xn--6xd66aa62c.xn--m0d3gwjla96a",     "\u1220\u12d0\u12d0\u1350.\u12a2\u1275\u12ee\u1335\u12eb", kSafe],
+  // Greek:
+  ["xn--mxapd.com", "\u03b9\u03ba\u03b1.com", kUnsafe, "DISABLED"],
+  ["xn--mxapd.gr", "\u03b9\u03ba\u03b1.gr", kSafe],
+  ["xn--mxapd.xn--qxam", "\u03b9\u03ba\u03b1.\u03b5\u03bb", kSafe],
+  // Georgian:
+  ["xn--gpd3ag.com", "\u10fd\u10ff\u10ee.com", kUnsafe, "DISABLED"],
+  ["xn--gpd3ag.ge", "\u10fd\u10ff\u10ee.ge", kSafe],
+  ["xn--gpd3ag.xn--node", "\u10fd\u10ff\u10ee.\u10d2\u10d4", kSafe],
+  // Hebrew:
+  ["xn--7dbh4a.com", "\u05d7\u05e1\u05d3.com", kUnsafe, "DISABLED"],
+  ["xn--7dbh4a.il", "\u05d7\u05e1\u05d3.il", kSafe],
+  ["xn--9dbq2a.xn--7dbh4a", "\u05e7\u05d5\u05dd.\u05d7\u05e1\u05d3", kSafe],
+  // Myanmar:
+  ["xn--oidbbf41a.com", "\u1004\u1040\u1002\u1001\u1002.com", kUnsafe, "DISABLED"],
+  ["xn--oidbbf41a.mm", "\u1004\u1040\u1002\u1001\u1002.mm", kSafe],
+  ["xn--oidbbf41a.xn--7idjb0f4ck",     "\u1004\u1040\u1002\u1001\u1002.\u1019\u103c\u1014\u103a\u1019\u102c", kSafe],
+  // Myanmar Shan digits:
+  ["xn--rmdcmef.com", "\u1090\u1091\u1095\u1096\u1097.com", kUnsafe, "DISABLED"],
+  ["xn--rmdcmef.mm", "\u1090\u1091\u1095\u1096\u1097.mm", kSafe],
+  ["xn--rmdcmef.xn--7idjb0f4ck",     "\u1090\u1091\u1095\u1096\u1097.\u1019\u103c\u1014\u103a\u1019\u102c", kSafe],
+// Thai:
+// #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
+  ["xn--o3cedqz2c.com", "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.com", kUnsafe, "DISABLED"],
+  ["xn--o3cedqz2c.th", "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.th", kSafe],
+  ["xn--o3cedqz2c.xn--o3cw4h",     "\u0e17\u0e19\u0e1a\u0e1e\u0e23\u0e2b.\u0e44\u0e17\u0e22", kSafe],
+// #else
+  ["xn--r3ch7hsc.com", "\u0e1e\u0e1a\u0e40\u0e50.com", kUnsafe, "DISABLED"],
+  ["xn--r3ch7hsc.th", "\u0e1e\u0e1a\u0e40\u0e50.th", kSafe],
+  ["xn--r3ch7hsc.xn--o3cw4h", "\u0e1e\u0e1a\u0e40\u0e50.\u0e44\u0e17\u0e22", kSafe],
+// #endif
+
+  // Indic scripts:
+  // Bengali:
+  ["xn--07baub.com", "\u09e6\u09ed\u09e6\u09ed.com", kUnsafe, "DISABLED"],
+  // Devanagari:
+  ["xn--62ba6j.com", "\u093d\u0966\u093d.com", kUnsafe, "DISABLED"],
+  // Gujarati:
+  ["xn--becd.com", "\u0aa1\u0a9f.com", kUnsafe, "DISABLED"],
+  // Gurmukhi:
+  ["xn--occacb.com", "\u0a66\u0a67\u0a66\u0a67.com", kUnsafe, "DISABLED"],
+  // Kannada:
+  ["xn--stca6jf.com", "\u0cbd\u0ce6\u0cbd\u0ce7.com", kUnsafe, "DISABLED"],
+  // Malayalam:
+  ["xn--lwccv.com", "\u0d1f\u0d20\u0d27.com", kUnsafe, "DISABLED"],
+  // Oriya:
+  ["xn--zhca6ub.com", "\u0b6e\u0b20\u0b6e\u0b20.com", kUnsafe, "DISABLED"],
+  // Tamil:
+  ["xn--mlca6ab.com", "\u0b9f\u0baa\u0b9f\u0baa.com", kUnsafe, "DISABLED"],
+  // Telugu:
+  ["xn--brcaabbb.com", "\u0c67\u0c66\u0c67\u0c66\u0c67\u0c66.com", kUnsafe, "DISABLED"],
+
+  // IDN domain matching an IDN top-domain (f\u00f3\u00f3.com)
+  ["xn--fo-5ja.com", "f\u00f3o.com", kUnsafe, "DISABLED"],
+
+  // crbug.com/769547: Subdomains of top domains should be allowed.
+  ["xn--xample-9ua.test.net", "\u00e9xample.test.net", kSafe],
+  // Skeleton of the eTLD+1 matches a top domain, but the eTLD+1 itself is
+  // not a top domain. Should not be decoded to unicode.
+  ["xn--xample-9ua.test.xn--nt-bja", "\u00e9xample.test.n\u00e9t", kUnsafe, "DISABLED"],
+
+  // Digit lookalike check of 16კ.com with character “კ” (U+10D9)
+  // Test case for https://crbug.com/1156531
+  ["xn--16-1ik.com", "16\u10d9.com", kUnsafe, "DISABLED"],
+
+  // Skeleton generator check of officeკ65.com with character “კ” (U+10D9)
+  // Test case for https://crbug.com/1156531
+  ["xn--office65-l04a.com", "office\u10d965.com", kUnsafe],
+
+  // Digit lookalike check of 16ੜ.com with character “ੜ” (U+0A5C)
+  // Test case for https://crbug.com/1156531 (missed skeleton map)
+  ["xn--16-ogg.com", "16\u0a5c.com", kUnsafe, "DISABLED"],
+
+  // Skeleton generator check of officeੜ65.com with character “ੜ” (U+0A5C)
+  // Test case for https://crbug.com/1156531 (missed skeleton map)
+  ["xn--office65-hts.com", "office\u0a5c65.com", kUnsafe],
+
+  // New test cases go ↑↑ above.
+
+  // /!\ WARNING: You MUST use tools/security/idn_test_case_generator.py to
+  // generate new test cases, as specified by the comment at the top of this
+  // test list. Why must you use that python script?
+  // 1. It is easy to get things wrong. There were several hand-crafted
+  //    incorrect test cases committed that was later fixed.
+  // 2. This test _also_ is a test of Chromium's IDN encoder/decoder, so using
+  //    Chromium's IDN encoder/decoder to generate test files loses an
+  //    advantage of having Python's IDN encode/decode the tests.
+];
+
+function checkEquals(a, b, message, expectedFail) {
+  if (!expectedFail) {
+    Assert.equal(a, b, message);
+  } else {
+    Assert.notEqual(a, b, `EXPECTED-FAIL: ${message}`);
+  }
+}
+
+add_task(async function test_chrome_spoofs() {
+  for (let test of testCases) {
+    let isAscii = {};
+    let result = idnService.convertToDisplayIDN(test[0], isAscii);
+    let expectedFail = test.length == 4 && test[3] == "DISABLED";
+    if (test[2] == kSafe) {
+      checkEquals(
+        result,
+        test[1],
+        `kSafe label ${test[0]} should convert to ${test[1]}`,
+        expectedFail
+      );
+    } else if (test[2] == kUnsafe) {
+      checkEquals(
+        result,
+        test[0],
+        `kUnsafe label ${test[0]} should not convert to ${test[1]}`,
+        expectedFail
+      );
+    } else if (test[2] == kInvalid) {
+      checkEquals(
+        result,
+        test[0],
+        `kInvalid label ${test[0]} should stay the same`,
+        expectedFail
+      );
+    }
+  }
+});
diff --git a/netwerk/test/unit/test_idn_urls.js b/netwerk/test/unit/test_idn_urls.js
new file mode 100644
index 0000000000..0059b133c0
--- /dev/null
+++ b/netwerk/test/unit/test_idn_urls.js
@@ -0,0 +1,436 @@
+// Test algorithm for unicode display of IDNA URL (bug 722299)
+
+"use strict";
+
+const testcases = [
+  //  Original             Punycode or         Expected UTF-8 by profile
+  //    URL              normalized form      ASCII-Only, High, Moderate
+  //
+  // Latin script
+  ["cuillère", "xn--cuillre-6xa", false, true, true],
+
+  // repeated non-spacing marks
+  ["gruz̀̀ere", "xn--gruzere-ogea", false, false, false],
+
+  // non-XID character
+  ["I♥NY", "xn--iny-zx5a", false, false, false],
+
+  /*
+  Behaviour of this test changed in IDNA2008, replacing the non-XID
+  character with U+FFFD replacement character - when all platforms use
+  IDNA2008 it can be uncommented and the punycode URL changed to
+   "xn--mgbl3eb85703a"
+
+    // new non-XID character in Unicode 6.3
+    ["حلا\u061cل", "xn--bgbvr6gc",                    false, false, false],
+*/
+
+  // U+30FB KATAKANA MIDDLE DOT is excluded from non-XID characters (bug 857490)
+  ["乾燥肌・石けん", "xn--08j4gylj12hz80b0uhfup", false, true, true],
+
+  // Cyrillic alone
+  ["толсто́й", "xn--lsa83dealbred", false, true, true],
+
+  // Mixed script Cyrillic/Latin
+  [
+    "толсто́й-in-Russian",
+    "xn---in-russian-1jg071b0a8bb4cpd",
+    false,
+    false,
+    false,
+  ],
+
+  // Mixed script Latin/Cyrillic
+  ["war-and-миръ", "xn--war-and--b9g3b7b3h", false, false, false],
+
+  // Cherokee (Restricted script)
+  ["ᏣᎳᎩ", "xn--f9dt7l", false, false, false],
+
+  // Yi (former Aspirational script, now Restricted per Unicode 10.0 update to UAX 31)
+  ["ꆈꌠꁱꂷ", "xn--4o7a6e1x64c", false, false, false],
+
+  // Greek alone
+  ["πλάτων", "xn--hxa3ahjw4a", false, true, true],
+
+  // Mixed script Greek/Latin
+  [
+    "πλάτωνicrelationship",
+    "xn--icrelationship-96j4t9a3cwe2e",
+    false,
+    false,
+    false,
+  ],
+
+  // Mixed script Latin/Greek
+  ["spaceὈδύσσεια", "xn--space-h9dui0b0ga2j1562b", false, false, false],
+
+  // Devanagari alone
+  ["मराठी", "xn--d2b1ag0dl", false, true, true],
+
+  // Devanagari with Armenian
+  ["मराठीՀայաստան", "xn--y9aaa1d0ai1cq964f8dwa2o1a", false, false, false],
+
+  // Devanagari with common
+  ["मराठी123", "xn--123-mhh3em2hra", false, true, true],
+
+  // Common with Devanagari
+  ["123मराठी", "xn--123-phh3em2hra", false, true, true],
+
+  // Latin with Han
+  ["chairman毛", "xn--chairman-k65r", false, true, true],
+
+  // Han with Latin
+  ["山葵sauce", "xn--sauce-6j9ii40v", false, true, true],
+
+  // Latin with Han, Hiragana and Katakana
+  ["van語ではドイ", "xn--van-ub4bpb6w0in486d", false, true, true],
+
+  // Latin with Han, Katakana and Hiragana
+  ["van語ドイでは", "xn--van-ub4bpb4w0ip486d", false, true, true],
+
+  // Latin with Hiragana, Han and Katakana
+  ["vanでは語ドイ", "xn--van-ub4bpb6w0ip486d", false, true, true],
+
+  // Latin with Hiragana, Katakana and Han
+  ["vanではドイ語", "xn--van-ub4bpb6w0ir486d", false, true, true],
+
+  // Latin with Katakana, Han and Hiragana
+  ["vanドイ語では", "xn--van-ub4bpb4w0ir486d", false, true, true],
+
+  // Latin with Katakana, Hiragana and Han
+  ["vanドイでは語", "xn--van-ub4bpb4w0it486d", false, true, true],
+
+  // Han with Latin, Hiragana and Katakana
+  ["語vanではドイ", "xn--van-ub4bpb6w0ik486d", false, true, true],
+
+  // Han with Latin, Katakana and Hiragana
+  ["語vanドイでは", "xn--van-ub4bpb4w0im486d", false, true, true],
+
+  // Han with Hiragana, Latin and Katakana
+  ["語ではvanドイ", "xn--van-rb4bpb9w0ik486d", false, true, true],
+
+  // Han with Hiragana, Katakana and Latin
+  ["語ではドイvan", "xn--van-rb4bpb6w0in486d", false, true, true],
+
+  // Han with Katakana, Latin and Hiragana
+  ["語ドイvanでは", "xn--van-ub4bpb1w0ip486d", false, true, true],
+
+  // Han with Katakana, Hiragana and Latin
+  ["語ドイではvan", "xn--van-rb4bpb4w0ip486d", false, true, true],
+
+  // Hiragana with Latin, Han and Katakana
+  ["イツvan語ではド", "xn--van-ub4bpb1wvhsbx330n", false, true, true],
+
+  // Hiragana with Latin, Katakana and Han
+  ["ではvanドイ語", "xn--van-rb4bpb9w0ir486d", false, true, true],
+
+  // Hiragana with Han, Latin and Katakana
+  ["では語vanドイ", "xn--van-rb4bpb9w0im486d", false, true, true],
+
+  // Hiragana with Han, Katakana and Latin
+  ["では語ドイvan", "xn--van-rb4bpb6w0ip486d", false, true, true],
+
+  // Hiragana with Katakana, Latin and Han
+  ["ではドイvan語", "xn--van-rb4bpb6w0iu486d", false, true, true],
+
+  // Hiragana with Katakana, Han and Latin
+  ["ではドイ語van", "xn--van-rb4bpb6w0ir486d", false, true, true],
+
+  // Katakana with Latin, Han and Hiragana
+  ["ドイvan語では", "xn--van-ub4bpb1w0iu486d", false, true, true],
+
+  // Katakana with Latin, Hiragana and Han
+  ["ドイvanでは語", "xn--van-ub4bpb1w0iw486d", false, true, true],
+
+  // Katakana with Han, Latin and Hiragana
+  ["ドイ語vanでは", "xn--van-ub4bpb1w0ir486d", false, true, true],
+
+  // Katakana with Han, Hiragana and Latin
+  ["ドイ語ではvan", "xn--van-rb4bpb4w0ir486d", false, true, true],
+
+  // Katakana with Hiragana, Latin and Han
+  ["ドイではvan語", "xn--van-rb4bpb4w0iw486d", false, true, true],
+
+  // Katakana with Hiragana, Han and Latin
+  ["ドイでは語van", "xn--van-rb4bpb4w0it486d", false, true, true],
+
+  // Han with common
+  ["中国123", "xn--123-u68dy61b", false, true, true],
+
+  // common with Han
+  ["123中国", "xn--123-x68dy61b", false, true, true],
+
+  // Characters that normalize to permitted characters
+  //  (also tests Plane 1 supplementary characters)
+  ["super𝟖", "super8", true, true, true],
+
+  // Han from Plane 2
+  ["𠀀𠀁𠀂", "xn--j50icd", false, true, true],
+
+  // Han from Plane 2 with js (UTF-16) escapes
+  ["\uD840\uDC00\uD840\uDC01\uD840\uDC02", "xn--j50icd", false, true, true],
+
+  // Same with a lone high surrogate at the end
+  ["\uD840\uDC00\uD840\uDC01\uD840", "xn--zn7c0336bda", false, false, false],
+
+  // Latin text and Bengali digits
+  ["super৪", "xn--super-k2l", false, false, true],
+
+  // Bengali digits and Latin text
+  ["৫ab", "xn--ab-x5f", false, false, true],
+
+  // Bengali text and Latin digits
+  ["অঙ্কুর8", "xn--8-70d2cp0j6dtd", false, true, true],
+
+  // Latin digits and Bengali text
+  ["5াব", "xn--5-h3d7c", false, true, true],
+
+  // Mixed numbering systems
+  ["٢٠۰٠", "xn--8hbae38c", false, false, false],
+
+  // Traditional Chinese
+  ["萬城", "xn--uis754h", false, true, true],
+
+  // Simplified Chinese
+  ["万城", "xn--chq31v", false, true, true],
+
+  // Simplified-only and Traditional-only Chinese in the same label
+  ["万萬城", "xn--chq31vsl1b", false, true, true],
+
+  // Traditional-only and Simplified-only Chinese in the same label
+  ["萬万城", "xn--chq31vrl1b", false, true, true],
+
+  // Han and Latin and Bopomofo
+  [
+    "注音符号bopomofoㄅㄆㄇㄈ",
+    "xn--bopomofo-hj5gkalm1637i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Han, bopomofo, Latin
+  [
+    "注音符号ㄅㄆㄇㄈbopomofo",
+    "xn--bopomofo-8i5gkalm9637i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Latin, Han, Bopomofo
+  [
+    "bopomofo注音符号ㄅㄆㄇㄈ",
+    "xn--bopomofo-hj5gkalm9637i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Latin, Bopomofo, Han
+  [
+    "bopomofoㄅㄆㄇㄈ注音符号",
+    "xn--bopomofo-hj5gkalm3737i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Bopomofo, Han, Latin
+  [
+    "ㄅㄆㄇㄈ注音符号bopomofo",
+    "xn--bopomofo-8i5gkalm3737i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Bopomofo, Latin, Han
+  [
+    "ㄅㄆㄇㄈbopomofo注音符号",
+    "xn--bopomofo-8i5gkalm1837i876cuw0brk5f",
+    false,
+    true,
+    true,
+  ],
+
+  // Han, bopomofo and katakana
+  [
+    "注音符号ㄅㄆㄇㄈボポモフォ",
+    "xn--jckteuaez1shij0450gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // Han, katakana, bopomofo
+  [
+    "注音符号ボポモフォㄅㄆㄇㄈ",
+    "xn--jckteuaez6shij5350gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // bopomofo, han, katakana
+  [
+    "ㄅㄆㄇㄈ注音符号ボポモフォ",
+    "xn--jckteuaez1shij4450gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // bopomofo, katakana, han
+  [
+    "ㄅㄆㄇㄈボポモフォ注音符号",
+    "xn--jckteuaez1shij9450gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // katakana, Han, bopomofo
+  [
+    "ボポモフォ注音符号ㄅㄆㄇㄈ",
+    "xn--jckteuaez6shij0450gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // katakana, bopomofo, Han
+  [
+    "ボポモフォㄅㄆㄇㄈ注音符号",
+    "xn--jckteuaez6shij4450gylvccz9asi4e",
+    false,
+    false,
+    false,
+  ],
+
+  // Han, Hangul and Latin
+  ["韓한글hangul", "xn--hangul-2m5ti09k79ze", false, true, true],
+
+  // Han, Latin and Hangul
+  ["韓hangul한글", "xn--hangul-2m5to09k79ze", false, true, true],
+
+  // Hangul, Han and Latin
+  ["한글韓hangul", "xn--hangul-2m5th09k79ze", false, true, true],
+
+  // Hangul, Latin and Han
+  ["한글hangul韓", "xn--hangul-8m5t898k79ze", false, true, true],
+
+  // Latin, Han and Hangul
+  ["hangul韓한글", "xn--hangul-8m5ti09k79ze", false, true, true],
+
+  // Latin, Hangul and Han
+  ["hangul한글韓", "xn--hangul-8m5th09k79ze", false, true, true],
+
+  // Hangul and katakana
+  ["한글ハングル", "xn--qck1c2d4a9266lkmzb", false, false, false],
+
+  // Katakana and Hangul
+  ["ハングル한글", "xn--qck1c2d4a2366lkmzb", false, false, false],
+
+  // Thai (also tests that node with over 63 UTF-8 octets doesn't fail)
+  [
+    "เครื่องทําน้ําทําน้ําแข็ง",
+    "xn--22cdjb2fanb9fyepcbbb9dwh4a3igze4fdcd",
+    false,
+    true,
+    true,
+  ],
+
+  // Effect of adding valid or invalid subdomains (bug 1399540)
+  ["䕮䕵䕶䕱.ascii", "xn--google.ascii", false, true, true],
+  ["ascii.䕮䕵䕶䕱", "ascii.xn--google", false, true, true],
+  ["中国123.䕮䕵䕶䕱", "xn--123-u68dy61b.xn--google", false, true, true],
+  ["䕮䕵䕶䕱.中国123", "xn--google.xn--123-u68dy61b", false, true, true],
+  [
+    "xn--accountlogin.䕮䕵䕶䕱",
+    "xn--accountlogin.xn--google",
+    false,
+    true,
+    true,
+  ],
+  [
+    "䕮䕵䕶䕱.xn--accountlogin",
+    "xn--google.xn--accountlogin",
+    false,
+    true,
+    true,
+  ],
+
+  // Arabic diacritic not allowed in Latin text (bug 1370497)
+  ["goo\u0650gle", "xn--google-yri", false, false, false],
+  // ...but Arabic diacritics are allowed on Arabic text
+  ["العَرَبِي", "xn--mgbc0a5a6cxbzabt", false, true, true],
+
+  // Hebrew diacritic also not allowed in Latin text (bug 1404349)
+  ["goo\u05b4gle", "xn--google-rvh", false, false, false],
+
+  // Accents above dotless-i are not allowed
+  ["na\u0131\u0308ve", "xn--nave-mza04z", false, false, false],
+  ["d\u0131\u0302ner", "xn--dner-lza40z", false, false, false],
+  // but the corresponding accented-i (based on dotted i) is OK
+  ["na\u00efve.com", "xn--nave-6pa.com", false, true, true],
+  ["d\u00eener.com", "xn--dner-0pa.com", false, true, true],
+];
+
+const profiles = ["ASCII", "high", "moderate"];
+
+function run_test() {
+  var pbi = Services.prefs;
+  var oldProfile = pbi.getCharPref(
+    "network.IDN.restriction_profile",
+    "moderate"
+  );
+  var idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+
+  for (var i = 0; i < profiles.length; ++i) {
+    pbi.setCharPref("network.IDN.restriction_profile", profiles[i]);
+
+    dump("testing " + profiles[i] + " profile");
+
+    for (var j = 0; j < testcases.length; ++j) {
+      var test = testcases[j];
+      var URL = test[0] + ".com";
+      var punycodeURL = test[1] + ".com";
+      var expectedUnicode = test[2 + i];
+      var isASCII = {};
+
+      var result;
+      try {
+        result = idnService.convertToDisplayIDN(URL, isASCII);
+      } catch (e) {
+        result = ".com";
+      }
+      if (
+        punycodeURL.substr(0, 4) == "xn--" ||
+        punycodeURL.indexOf(".xn--") > 0
+      ) {
+        // test convertToDisplayIDN with a Unicode URL and with a
+        //  Punycode URL if we have one
+        Assert.equal(
+          escape(result),
+          expectedUnicode ? escape(URL) : escape(punycodeURL)
+        );
+
+        result = idnService.convertToDisplayIDN(punycodeURL, isASCII);
+        Assert.equal(
+          escape(result),
+          expectedUnicode ? escape(URL) : escape(punycodeURL)
+        );
+      } else {
+        // The "punycode" URL isn't punycode. This happens in testcases
+        // where the Unicode URL has become normalized to an ASCII URL,
+        // so, even though expectedUnicode is true, the expected result
+        // is equal to punycodeURL
+        Assert.equal(escape(result), escape(punycodeURL));
+      }
+    }
+  }
+  pbi.setCharPref("network.IDN.restriction_profile", oldProfile);
+}
diff --git a/netwerk/test/unit/test_idna2008.js b/netwerk/test/unit/test_idna2008.js
new file mode 100644
index 0000000000..0e0290ce79
--- /dev/null
+++ b/netwerk/test/unit/test_idna2008.js
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const kTransitionalProcessing = false;
+
+// Four characters map differently under non-transitional processing:
+const labels = [
+  // U+00DF LATIN SMALL LETTER SHARP S to "ss"
+  "stra\u00dfe",
+  // U+03C2 GREEK SMALL LETTER FINAL SIGMA to U+03C3 GREEK SMALL LETTER SIGMA
+  "\u03b5\u03bb\u03bb\u03ac\u03c2",
+  // U+200C ZERO WIDTH NON-JOINER in Indic script
+  "\u0646\u0627\u0645\u0647\u200c\u0627\u06cc",
+  // U+200D ZERO WIDTH JOINER in Arabic script
+  "\u0dc1\u0dca\u200d\u0dbb\u0dd3",
+
+  // But CONTEXTJ rules prohibit ZWJ and ZWNJ in non-Arabic or Indic scripts
+  // U+200C ZERO WIDTH NON-JOINER in Latin script
+  "m\u200cn",
+  // U+200D ZERO WIDTH JOINER in Latin script
+  "p\u200dq",
+];
+
+const transitionalExpected = [
+  "strasse",
+  "xn--hxarsa5b",
+  "xn--mgba3gch31f",
+  "xn--10cl1a0b",
+  "",
+  "",
+];
+
+const nonTransitionalExpected = [
+  "xn--strae-oqa",
+  "xn--hxarsa0b",
+  "xn--mgba3gch31f060k",
+  "xn--10cl1a0b660p",
+  "",
+  "",
+];
+
+// Test options for converting IDN URLs under IDNA2008
+function run_test() {
+  var idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+    Ci.nsIIDNService
+  );
+
+  for (var i = 0; i < labels.length; ++i) {
+    var result;
+    try {
+      result = idnService.convertUTF8toACE(labels[i]);
+    } catch (e) {
+      result = "";
+    }
+
+    if (kTransitionalProcessing) {
+      equal(result, transitionalExpected[i]);
+    } else {
+      equal(result, nonTransitionalExpected[i]);
+    }
+  }
+}
diff --git a/netwerk/test/unit/test_idnservice.js b/netwerk/test/unit/test_idnservice.js
new file mode 100644
index 0000000000..0c52f300e3
--- /dev/null
+++ b/netwerk/test/unit/test_idnservice.js
@@ -0,0 +1,39 @@
+// Tests nsIIDNService
+
+"use strict";
+
+const idnService = Cc["@mozilla.org/network/idn-service;1"].getService(
+  Ci.nsIIDNService
+);
+
+add_task(async function test_simple() {
+  let reference = [
+    // The 3rd element indicates whether the second element
+    // is ACE-encoded
+    ["asciihost", "asciihost", false],
+    ["b\u00FCcher", "xn--bcher-kva", true],
+  ];
+
+  for (var i = 0; i < reference.length; ++i) {
+    dump("Testing " + reference[i] + "\n");
+    // We test the following:
+    // - Converting UTF-8 to ACE and back gives us the expected answer
+    // - Converting the ASCII string UTF-8 -> ACE leaves the string unchanged
+    // - isACE returns true when we expect it to (third array elem true)
+    Assert.equal(idnService.convertUTF8toACE(reference[i][0]), reference[i][1]);
+    Assert.equal(idnService.convertUTF8toACE(reference[i][1]), reference[i][1]);
+    Assert.equal(idnService.convertACEtoUTF8(reference[i][1]), reference[i][0]);
+    Assert.equal(idnService.isACE(reference[i][1]), reference[i][2]);
+  }
+});
+
+add_task(async function test_extra_blocked() {
+  let isAscii = {};
+  equal(idnService.convertToDisplayIDN("xn--gou-2lb.ro", isAscii), "goșu.ro");
+  Services.prefs.setStringPref("network.IDN.extra_blocked_chars", "ș");
+  equal(
+    idnService.convertToDisplayIDN("xn--gou-2lb.ro", isAscii),
+    "xn--gou-2lb.ro"
+  );
+  Services.prefs.clearUserPref("network.IDN.extra_blocked_chars");
+});
diff --git a/netwerk/test/unit/test_immutable.js b/netwerk/test/unit/test_immutable.js
new file mode 100644
index 0000000000..f2b07c7114
--- /dev/null
+++ b/netwerk/test/unit/test_immutable.js
@@ -0,0 +1,206 @@
+"use strict";
+
+var prefs;
+var http2pref;
+var origin;
+var rcwnpref;
+
+function run_test() {
+  var h2Port = Services.env.get("MOZHTTP2_PORT");
+  Assert.notEqual(h2Port, null);
+  Assert.notEqual(h2Port, "");
+
+  // Set to allow the cert presented by our H2 server
+  do_get_profile();
+  prefs = Services.prefs;
+
+  http2pref = prefs.getBoolPref("network.http.http2.enabled");
+  rcwnpref = prefs.getBoolPref("network.http.rcwn.enabled");
+
+  prefs.setBoolPref("network.http.http2.enabled", true);
+  prefs.setCharPref(
+    "network.dns.localDomains",
+    "foo.example.com, bar.example.com"
+  );
+  // Disable rcwn to make cache behavior deterministic.
+  prefs.setBoolPref("network.http.rcwn.enabled", false);
+
+  // The moz-http2 cert is for foo.example.com and is signed by http2-ca.pem
+  // so add that cert to the trust list as a signing cert.  // the foo.example.com domain name.
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(
+    Ci.nsIX509CertDB
+  );
+  addCertFromFile(certdb, "http2-ca.pem", "CTu,u,u");
+
+  origin = "https://foo.example.com:" + h2Port;
+  dump("origin - " + origin + "\n");
+  doTest1();
+}
+
+function resetPrefs() {
+  prefs.setBoolPref("network.http.http2.enabled", http2pref);
+  prefs.setBoolPref("network.http.rcwn.enabled", rcwnpref);
+  prefs.clearUserPref("network.dns.localDomains");
+}
+
+function makeChan(path) {
+  return NetUtil.newChannel({
+    uri: origin + path,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+var nextTest;
+var expectPass = true;
+var expectConditional = false;
+
+var Listener = function () {};
+Listener.prototype = {
+  onStartRequest: function testOnStartRequest(request) {
+    Assert.ok(request instanceof Ci.nsIHttpChannel);
+
+    if (expectPass) {
+      if (!Components.isSuccessCode(request.status)) {
+        do_throw(
+          "Channel should have a success code! (" + request.status + ")"
+        );
+      }
+      Assert.equal(request.responseStatus, 200);
+    } else {
+      Assert.equal(Components.isSuccessCode(request.status), false);
+    }
+  },
+
+  onDataAvailable: function testOnDataAvailable(request, stream, off, cnt) {
+    read_stream(stream, cnt);
+  },
+
+  onStopRequest: function testOnStopRequest(request, status) {
+    if (expectConditional) {
+      Assert.equal(request.getResponseHeader("x-conditional"), "true");
+    } else {
+      try {
+        Assert.notEqual(request.getResponseHeader("x-conditional"), "true");
+      } catch (e) {
+        Assert.ok(true);
+      }
+    }
+    nextTest();
+    do_test_finished();
+  },
+};
+
+function testsDone() {
+  dump("testDone\n");
+  resetPrefs();
+}
+
+function doTest1() {
+  dump("execute doTest1 - resource without immutable. initial request\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-without-attribute");
+  var listener = new Listener();
+  nextTest = doTest2;
+  chan.asyncOpen(listener);
+}
+
+function doTest2() {
+  dump("execute doTest2 - resource without immutable. reload\n");
+  do_test_pending();
+  expectConditional = true;
+  var chan = makeChan("/immutable-test-without-attribute");
+  var listener = new Listener();
+  nextTest = doTest3;
+  chan.loadFlags = Ci.nsIRequest.VALIDATE_ALWAYS;
+  chan.asyncOpen(listener);
+}
+
+function doTest3() {
+  dump("execute doTest3 - resource without immutable. shift reload\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-without-attribute");
+  var listener = new Listener();
+  nextTest = doTest4;
+  chan.loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  chan.asyncOpen(listener);
+}
+
+function doTest4() {
+  dump("execute doTest4 - resource with immutable. initial request\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-with-attribute");
+  var listener = new Listener();
+  nextTest = doTest5;
+  chan.asyncOpen(listener);
+}
+
+function doTest5() {
+  dump("execute doTest5 - resource with immutable. reload\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-with-attribute");
+  var listener = new Listener();
+  nextTest = doTest6;
+  chan.loadFlags = Ci.nsIRequest.VALIDATE_ALWAYS;
+  chan.asyncOpen(listener);
+}
+
+function doTest6() {
+  dump("execute doTest6 - resource with immutable. shift reload\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-with-attribute");
+  var listener = new Listener();
+  nextTest = doTest7;
+  chan.loadFlags = Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  chan.asyncOpen(listener);
+}
+
+function doTest7() {
+  dump("execute doTest7 - expired resource with immutable. initial request\n");
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-expired-with-Expires-header");
+  var listener = new Listener();
+  nextTest = doTest8;
+  chan.asyncOpen(listener);
+}
+
+function doTest8() {
+  dump("execute doTest8 - expired resource with immutable. reload\n");
+  do_test_pending();
+  expectConditional = true;
+  var chan = makeChan("/immutable-test-expired-with-Expires-header");
+  var listener = new Listener();
+  nextTest = doTest9;
+  chan.loadFlags = Ci.nsIRequest.VALIDATE_ALWAYS;
+  chan.asyncOpen(listener);
+}
+
+function doTest9() {
+  dump(
+    "execute doTest9 - expired resource with immutable cache extension and Last modified header. initial request\n"
+  );
+  do_test_pending();
+  expectConditional = false;
+  var chan = makeChan("/immutable-test-expired-with-last-modified-header");
+  var listener = new Listener();
+  nextTest = doTest10;
+  chan.asyncOpen(listener);
+}
+
+function doTest10() {
+  dump(
+    "execute doTest10 - expired resource with immutable cache extension and Last modified heder. reload\n"
+  );
+  do_test_pending();
+  expectConditional = true;
+  var chan = makeChan("/immutable-test-expired-with-last-modified-header");
+  var listener = new Listener();
+  nextTest = testsDone;
+  chan.loadFlags = Ci.nsIRequest.VALIDATE_ALWAYS;
+  chan.asyncOpen(listener);
+}
diff --git a/netwerk/test/unit/test_inhibit_caching.js b/netwerk/test/unit/test_inhibit_caching.js
new file mode 100644
index 0000000000..330e0f632f
--- /dev/null
+++ b/netwerk/test/unit/test_inhibit_caching.js
@@ -0,0 +1,94 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+var first = true;
+function contentHandler(metadata, response) {
+  response.setHeader("Content-Type", "text/plain");
+  var body = "first";
+  if (!first) {
+    body = "second";
+  }
+  first = false;
+  response.bodyOutputStream.write(body, body.length);
+}
+
+ChromeUtils.defineLazyGetter(this, "uri", function () {
+  return "http://localhost:" + httpserver.identity.primaryPort;
+});
+
+var httpserver = null;
+
+function run_test() {
+  // setup test
+  httpserver = new HttpServer();
+  httpserver.registerPathHandler("/test", contentHandler);
+  httpserver.start(-1);
+
+  add_test(test_first_response);
+  add_test(test_inhibit_caching);
+
+  run_next_test();
+}
+
+// Makes a regular request
+function test_first_response() {
+  var chan = NetUtil.newChannel({
+    uri: uri + "/test",
+    loadUsingSystemPrincipal: true,
+  });
+  chan.asyncOpen(new ChannelListener(check_first_response, null));
+}
+
+// Checks that we got the appropriate response
+function check_first_response(request, buffer) {
+  request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(request.responseStatus, 200);
+  Assert.equal(buffer, "first");
+  // Open the cache entry to check its contents
+  asyncOpenCacheEntry(
+    uri + "/test",
+    "disk",
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    cache_entry_callback
+  );
+}
+
+// Checks that the cache entry has the correct contents
+function cache_entry_callback(status, entry) {
+  equal(status, Cr.NS_OK);
+  var inputStream = entry.openInputStream(0);
+  pumpReadStream(inputStream, function (read) {
+    inputStream.close();
+    equal(read, "first");
+    run_next_test();
+  });
+}
+
+// Makes a request with the INHIBIT_CACHING load flag
+function test_inhibit_caching() {
+  var chan = NetUtil.newChannel({
+    uri: uri + "/test",
+    loadUsingSystemPrincipal: true,
+  });
+  chan.QueryInterface(Ci.nsIRequest).loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+  chan.asyncOpen(new ChannelListener(check_second_response, null));
+}
+
+// Checks that we got a different response from the first request
+function check_second_response(request, buffer) {
+  request.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(request.responseStatus, 200);
+  Assert.equal(buffer, "second");
+  // Checks that the cache entry still contains the content from the first request
+  asyncOpenCacheEntry(
+    uri + "/test",
+    "disk",
+    Ci.nsICacheStorage.OPEN_READONLY,
+    null,
+    cache_entry_callback
+  );
+}
diff --git a/netwerk/test/unit/test_ioservice.js b/netwerk/test/unit/test_ioservice.js
new file mode 100644
index 0000000000..d218d77a7a
--- /dev/null
+++ b/netwerk/test/unit/test_ioservice.js
@@ -0,0 +1,19 @@
+"use strict";
+
+add_task(function test_extractScheme() {
+  equal(Services.io.extractScheme("HtTp://example.com"), "http");
+  Assert.throws(
+    () => {
+      Services.io.extractScheme("://example.com");
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "missing scheme"
+  );
+  Assert.throws(
+    () => {
+      Services.io.extractScheme("ht%tp://example.com");
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "bad scheme"
+  );
+});
diff --git a/netwerk/test/unit/test_large_port.js b/netwerk/test/unit/test_large_port.js
new file mode 100644
index 0000000000..a0dd0a19cf
--- /dev/null
+++ b/netwerk/test/unit/test_large_port.js
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Ensure that non-16-bit URIs are rejected
+
+"use strict";
+
+function run_test() {
+  let mutator = Cc[
+    "@mozilla.org/network/standard-url-mutator;1"
+  ].createInstance(Ci.nsIURIMutator);
+  Assert.ok(mutator, "Mutator constructor works");
+
+  let url = Cc["@mozilla.org/network/standard-url-mutator;1"]
+    .createInstance(Ci.nsIStandardURLMutator)
+    .init(
+      Ci.nsIStandardURL.URLTYPE_AUTHORITY,
+      65535,
+      "http://localhost",
+      "UTF-8",
+      null
+    )
+    .finalize();
+
+  // Bug 1301621 makes invalid ports throw
+  Assert.throws(
+    () => {
+      url = Cc["@mozilla.org/network/standard-url-mutator;1"]
+        .createInstance(Ci.nsIStandardURLMutator)
+        .init(
+          Ci.nsIStandardURL.URLTYPE_AUTHORITY,
+          65536,
+          "http://localhost",
+          "UTF-8",
+          null
+        )
+        .finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "invalid port during creation"
+  );
+
+  Assert.throws(
+    () => {
+      url = url
+        .mutate()
+        .QueryInterface(Ci.nsIStandardURLMutator)
+        .setDefaultPort(65536)
+        .finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "invalid port in setDefaultPort"
+  );
+  Assert.throws(
+    () => {
+      url = url.mutate().setPort(65536).finalize();
+    },
+    /NS_ERROR_MALFORMED_URI/,
+    "invalid port in port setter"
+  );
+
+  Assert.equal(url.port, -1);
+  do_test_finished();
+}
diff --git a/netwerk/test/unit/test_link.desktop b/netwerk/test/unit/test_link.desktop
new file mode 100644
index 0000000000..b1798202e3
--- /dev/null
+++ b/netwerk/test/unit/test_link.desktop
@@ -0,0 +1,3 @@
+[Desktop Entry]
+Type=Link
+URL=http://www.mozilla.org/
diff --git a/netwerk/test/unit/test_link.lnk b/netwerk/test/unit/test_link.lnk
new file mode 100644
index 0000000000..125d859f43
Binary files /dev/null and b/netwerk/test/unit/test_link.lnk differ
diff --git a/netwerk/test/unit/test_link.url b/netwerk/test/unit/test_link.url
new file mode 100644
index 0000000000..05f8275544
--- /dev/null
+++ b/netwerk/test/unit/test_link.url
@@ -0,0 +1,5 @@
+[InternetShortcut]
+URL=http://www.mozilla.org/
+IDList=
+[{000214A0-0000-0000-C000-000000000046}]
+Prop3=19,2
diff --git a/netwerk/test/unit/test_loadgroup_cancel.js b/netwerk/test/unit/test_loadgroup_cancel.js
new file mode 100644
index 0000000000..9d5779437f
--- /dev/null
+++ b/netwerk/test/unit/test_loadgroup_cancel.js
@@ -0,0 +1,96 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+function makeChan(url) {
+  return NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+}
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+
+function request_handler(metadata, response) {
+  response.processAsync();
+  do_timeout(500, () => {
+    const body = "some body once told me...";
+    response.setStatusLine(metadata.httpVersion, 200, "Ok");
+    response.setHeader("Content-Type", "text/plain", false);
+    response.setHeader("Content-Length", "" + body.length, false);
+    response.bodyOutputStream.write(body, body.length);
+    response.finish();
+  });
+}
+
+// This test checks that when canceling a loadgroup by the time the loadgroup's
+// groupObserver is sent OnStopRequest for a request, that request has been
+// canceled.
+add_task(async function test_cancelledInOnStop() {
+  let http_server = new HttpServer();
+  http_server.registerPathHandler("/test1", request_handler);
+  http_server.registerPathHandler("/test2", request_handler);
+  http_server.registerPathHandler("/test3", request_handler);
+  http_server.start(-1);
+  const port = http_server.identity.primaryPort;
+
+  let loadGroup = Cc["@mozilla.org/network/load-group;1"].createInstance(
+    Ci.nsILoadGroup
+  );
+
+  let loadListener = {
+    onStartRequest: aRequest => {
+      info("onStartRequest");
+    },
+    onStopRequest: (aRequest, aStatusCode) => {
+      equal(
+        aStatusCode,
+        Cr.NS_ERROR_ABORT,
+        "aStatusCode must be the cancellation code"
+      );
+      equal(
+        aRequest.status,
+        Cr.NS_ERROR_ABORT,
+        "aRequest.status must be the cancellation code"
+      );
+    },
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIRequestObserver",
+      "nsISupportsWeakReference",
+    ]),
+  };
+  loadGroup.groupObserver = loadListener;
+
+  let chan1 = makeChan(`http://localhost:${port}/test1`);
+  chan1.loadGroup = loadGroup;
+  let chan2 = makeChan(`http://localhost:${port}/test2`);
+  chan2.loadGroup = loadGroup;
+  let chan3 = makeChan(`http://localhost:${port}/test3`);
+  chan3.loadGroup = loadGroup;
+
+  await new Promise(resolve => do_timeout(500, resolve));
+
+  let promises = [
+    new Promise(resolve => {
+      chan1.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+    }),
+    new Promise(resolve => {
+      chan2.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+    }),
+    new Promise(resolve => {
+      chan3.asyncOpen(new ChannelListener(resolve, null, CL_EXPECT_FAILURE));
+    }),
+  ];
+
+  loadGroup.cancel(Cr.NS_ERROR_ABORT);
+
+  await Promise.all(promises);
+
+  await new Promise(resolve => {
+    http_server.stop(resolve);
+  });
+});
diff --git a/netwerk/test/unit/test_localhost_offline.js b/netwerk/test/unit/test_localhost_offline.js
new file mode 100644
index 0000000000..a1f157944b
--- /dev/null
+++ b/netwerk/test/unit/test_localhost_offline.js
@@ -0,0 +1,77 @@
+"use strict";
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+var httpServer = null;
+const body = "Hello";
+
+function makeChan(url) {
+  let chan = NetUtil.newChannel({
+    uri: url,
+    loadUsingSystemPrincipal: true,
+  }).QueryInterface(Ci.nsIHttpChannel);
+  chan.loadFlags |= Ci.nsIRequest.LOAD_BYPASS_CACHE;
+  chan.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+  return chan;
+}
+
+function channelOpenPromise(chan, flags) {
+  return new Promise(resolve => {
+    function finish(req, buffer) {
+      resolve([req, buffer]);
+    }
+    chan.asyncOpen(new ChannelListener(finish, null, flags));
+  });
+}
+
+function makeURL(host) {
+  return `http://${host}:${httpServer.identity.primaryPort}/`;
+}
+
+add_task(async function test_localhost_offline() {
+  Services.io.offline = true;
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", false);
+  let chan = makeChan(makeURL("127.0.0.1"));
+  let [, resp] = await channelOpenPromise(chan);
+  Assert.equal(resp, body, "Should get correct response");
+
+  chan = makeChan(makeURL("localhost"));
+  [, resp] = await channelOpenPromise(chan);
+  Assert.equal(resp, body, "Should get response");
+
+  Services.prefs.setBoolPref("network.disable-localhost-when-offline", true);
+
+  chan = makeChan(makeURL("127.0.0.1"));
+  let [req] = await channelOpenPromise(
+    chan,
+    CL_ALLOW_UNKNOWN_CL | CL_EXPECT_FAILURE
+  );
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.status, Cr.NS_ERROR_OFFLINE);
+
+  chan = makeChan(makeURL("localhost"));
+  [req] = await channelOpenPromise(
+    chan,
+    CL_ALLOW_UNKNOWN_CL | CL_EXPECT_FAILURE
+  );
+  req.QueryInterface(Ci.nsIHttpChannel);
+  Assert.equal(req.status, Cr.NS_ERROR_OFFLINE);
+
+  Services.prefs.clearUserPref("network.disable-localhost-when-offline");
+  Services.io.offline = false;
+});
+
+function run_test() {
+  httpServer = new HttpServer();
+  httpServer.registerPathHandler("/", (request, response) => {
+    response.seizePower();
+    response.write("HTTP/1.1 200 OK\r\n");
+    response.write("Content-Length: " + body.length + "\r\n");
+    response.write("\r\n");
+    response.write(body);
+    response.finish();
+  });
+  httpServer.start(-1);
+  run_next_test();
+}
diff --git a/netwerk/test/unit/test_localstreams.js b/netwerk/test/unit/test_localstreams.js
new file mode 100644
index 0000000000..3e9c26b111
--- /dev/null
+++ b/netwerk/test/unit/test_localstreams.js
@@ -0,0 +1,89 @@
+// Tests bug 304414
+
+"use strict";
+
+const PR_RDONLY = 0x1; // see prio.h
+
+// Does some sanity checks on the stream and returns the number of bytes read
+// when the checks passed.
+function test_stream(stream) {
+  // This test only handles blocking streams; that's desired for file streams
+  // anyway.
+  Assert.equal(stream.isNonBlocking(), false);
+
+  // Check that the stream is not buffered
+  Assert.equal(
+    Cc["@mozilla.org/io-util;1"]
+      .getService(Ci.nsIIOUtil)
+      .inputStreamIsBuffered(stream),
+    false
+  );
+
+  // Wrap it in a binary stream (to avoid wrong results that
+  // scriptablestream would produce with binary content)
+  var binstream = Cc["@mozilla.org/binaryinputstream;1"].createInstance(
+    Ci.nsIBinaryInputStream
+  );
+  binstream.setInputStream(stream);
+
+  var numread = 0;
+  for (;;) {
+    Assert.equal(stream.available(), binstream.available());
+    var avail = stream.available();
+    Assert.notEqual(avail, -1);
+
+    // PR_UINT32_MAX and PR_INT32_MAX; the files we're testing with aren't that
+    // large.
+    Assert.notEqual(avail, Math.pow(2, 32) - 1);
+    Assert.notEqual(avail, Math.pow(2, 31) - 1);
+
+    if (!avail) {
+      // For blocking streams, available() only returns 0 on EOF
+      // Make sure that there is really no data left
+      var could_read = false;
+      try {
+        binstream.readByteArray(1);
+        could_read = true;
+      } catch (e) {
+        // We expect the exception, so do nothing here
+      }
+      if (could_read) {
+        do_throw("Data readable when available indicated EOF!");
+      }
+      return numread;
+    }
+
+    dump("Trying to read " + avail + " bytes\n");
+    // Note: Verification that this does return as much bytes as we asked for is
+    // done in the binarystream implementation
+    binstream.readByteArray(avail);
+
+    numread += avail;
+  }
+}
+
+function stream_for_file(file) {
+  var str = Cc["@mozilla.org/network/file-input-stream;1"].createInstance(
+    Ci.nsIFileInputStream
+  );
+  str.init(file, PR_RDONLY, 0, 0);
+  return str;
+}
+
+function stream_from_channel(file) {
+  var uri = Services.io.newFileURI(file);
+  return NetUtil.newChannel({
+    uri,
+    loadUsingSystemPrincipal: true,
+  }).open();
+}
+
+function run_test() {
+  // Get a file and a directory in order to do some testing
+  var file = do_get_file("../unit/data/test_readline6.txt");
+  var len = file.fileSize;
+  Assert.equal(test_stream(stream_for_file(file)), len);
+  Assert.equal(test_stream(stream_from_channel(file)), len);
+  var dir = file.parent;
+  test_stream(stream_from_channel(dir)); // Can't do size checking
+}
diff --git a/netwerk/test/unit/test_mismatch_last-modified.js b/netwerk/test/unit/test_mismatch_last-modified.js
new file mode 100644
index 0000000000..010d5d1178
--- /dev/null
+++ b/netwerk/test/unit/test_mismatch_last-modified.js
@@ -0,0 +1,154 @@
+"use strict";
+
+const BinaryInputStream = Components.Constructor(
+  "@mozilla.org/binaryinputstream;1",
+  "nsIBinaryInputStream",
+  "setInputStream"
+);
+
+const { HttpServer } = ChromeUtils.importESModule(
+  "resource://testing-common/httpd.sys.mjs"
+);
+var httpserver = new HttpServer();
+
+// Test the handling of a cache revalidation with mismatching last-modified
+// headers. If we get such a revalidation the cache entry should be purged.
+// see bug 717350
+
+// In this test the wrong data is from 11-16-1994 with a value of 'A',
+// and the right data is from 11-15-1994 with a value of 'B'.
+
+// the same URL is requested 3 times. the first time the wrong data comes
+// back, the second time that wrong data is revalidated with a 304 but
+// a L-M header of the right data (this triggers a cache purge), and
+// the third time the right data is returned.
+
+var listener_3 = {
+  // this listener is used to process the the request made after
+  // the cache invalidation. it expects to see the 'right data'
+
+  QueryInterface: ChromeUtils.generateQI([
+    "nsIStreamListener",
+    "nsIRequestObserver",
+  ]),
+
+  onStartRequest: function test_onStartR(request) {},
+
+  onDataAvailable: function test_ODA(request, inputStream, offset, count) {
+    var data = new BinaryInputStream(inputStream).readByteArray(count);
+
+    Assert.equal(data[0], "B".charCodeAt(0));
+  },
+
+  onStopRequest: function test_onStopR(request, status) {
+    httpserver.stop(do_test_finished);
+  },
+};
+
+ChromeUtils.defineLazyGetter(this, "listener_2", function () {
+  return {
+    // this listener is used to process the revalidation of the
+    // corrupted cache entry. its revalidation prompts it to be cleaned
+
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIStreamListener",
+      "nsIRequestObserver",
+    ]),
+
+    onStartRequest: function test_onStartR(request) {},
+
+    onDataAvailable: function test_ODA(request, inputStream, offset, count) {
+      var data = new BinaryInputStream(inputStream).readByteArray(count);
+
+      // This is 'A' from a cache revalidation, but that reval will clean the cache
+      // because of mismatched last-modified response headers
+
+      Assert.equal(data[0], "A".charCodeAt(0));
+    },
+
+    onStopRequest: function test_onStopR(request, status) {
+      request.QueryInterface(Ci.nsIHttpChannel);
+      var chan = NetUtil.newChannel({
+        uri: "http://localhost:" + httpserver.identity.primaryPort + "/test1",
+        loadUsingSystemPrincipal: true,
+      });
+      chan.asyncOpen(listener_3);
+    },
+  };
+});
+
+ChromeUtils.defineLazyGetter(this, "listener_1", function () {
+  return {
+    // this listener processes the initial request from a empty cache.
+    // the server responds with the wrong data ('A')
+
+    QueryInterface: ChromeUtils.generateQI([
+      "nsIStreamListener",
+      "nsIRequestObserver",
+    ]),
+
+    onStartRequest: function test_onStartR(request) {},
+
+    onDataAvailable: function test_ODA(request, inputStream, offset, count) {
+      var data = new BinaryInputStream(inputStream).readByteArray(count);
+      Assert.equal(data[0], "A".charCodeAt(0));
+    },
+
+    onStopRequest: function test_onStopR(request, status) {
+      request.QueryInterface(Ci.nsIHttpChannel);
+      var chan = NetUtil.newChannel({
+        uri: "http://localhost:" + httpserver.identity.primaryPort + "/test1",
+        loadUsingSystemPrincipal: true,
+      });
+      chan.asyncOpen(listener_2);
+    },
+  };
+});
+
+function run_test() {
+  do_get_profile();
+
+  evict_cache_entries();
+
+  httpserver.registerPathHandler("/test1", handler);
+  httpserver.start(-1);
+
+  var port = httpserver.identity.primaryPort;
+  var chan = NetUtil.newChannel({
+    uri: "http://localhost:" + port + "/test1",
+    loadUsingSystemPrincipal: true,
+  });
+  chan.asyncOpen(listener_1);
+
+  do_test_pending();
+}
+
+var iter = 0;
+function handler(metadata, response) {
+  iter++;
+  if (metadata.hasHeader("If-Modified-Since")) {
+    response.setStatusLine(metadata.httpVersion, 304, "Not Modified");
+    response.setHeader("Last-Modified", "Tue, 15 Nov 1994 12:45:26 GMT", false);
+  } else {
+    response.setStatusLine(metadata.httpVersion, 200, "OK");
+    response.setHeader("Cache-Control", "max-age=0", false);
+    if (iter == 1) {
+      // simulated wrong response
+      response.setHeader(
+        "Last-Modified",
+        "Wed, 16 Nov 1994 00:00:00 GMT",
+        false
+      );
+      response.bodyOutputStream.write("A", 1);
+    }
+    if (iter == 3) {
+      // 'correct' response
+      response.setHeader(
+        "Last-Modified",
+        "Tue, 15 Nov 1994 12:45:26 GMT",
+        false
+      );
+      response.bodyOutputStream.write("B", 1);
+    }
+  }
+}
diff --git a/netwerk/test/unit/test_mozTXTToHTMLConv.js b/netwerk/test/unit/test_mozTXTToHTMLConv.js
new file mode 100644
index 0000000000..1e93a440ad
--- /dev/null
+++ b/netwerk/test/unit/test_mozTXTToHTMLConv.js
@@ -0,0 +1,394 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * Test that mozITXTToHTMLConv works properly.
+ */
+
+"use strict";
+
+function run_test() {
+  let converter = Cc["@mozilla.org/txttohtmlconv;1"].getService(
+    Ci.mozITXTToHTMLConv
+  );
+
+  const scanTXTtests = [
+    // -- RFC1738
+    {
+      input: "RFC1738:  then",
+      url: "http://mozilla.org",
+    },
+    {
+      input: "RFC1738:  then",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    // -- RFC2396E
+    {
+      input: "RFC2396E:  then",
+      url: "http://mozilla.org/",
+    },
+    {
+      input: "RFC2396E:  then",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    // -- abbreviated
+    {
+      input: "see www.mozilla.org maybe",
+      url: "http://www.mozilla.org",
+    },
+    {
+      input: "mail john.doe+test@mozilla.org maybe",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    // -- delimiters
+    {
+      input: "see http://www.mozilla.org/maybe today", // Spaces
+      url: "http://www.mozilla.org/maybe",
+    },
+    {
+      input: 'see "http://www.mozilla.org/maybe today"', // Double quotes
+      url: "http://www.mozilla.org/maybetoday", // spaces ignored
+    },
+    {
+      input: "see ", // Angle brackets
+      url: "http://www.mozilla.org/maybetoday", // spaces ignored
+    },
+    // -- freetext
+    {
+      input: "I mean http://www.mozilla.org/.",
+      url: "http://www.mozilla.org/",
+    },
+    {
+      input: "you mean http://mozilla.org:80, right?",
+      url: "http://mozilla.org:80",
+    },
+    {
+      input: "go to http://mozilla.org; then go home",
+      url: "http://mozilla.org",
+    },
+    {
+      input: "http://mozilla.org! yay!",
+      url: "http://mozilla.org",
+    },
+    {
+      input: "er, http://mozilla.com?",
+      url: "http://mozilla.com",
+    },
+    {
+      input: "http://example.org- where things happen",
+      url: "http://example.org",
+    },
+    {
+      input: "see http://mozilla.org: front page",
+      url: "http://mozilla.org",
+    },
+    {
+      input: "'http://mozilla.org/': that's the url",
+      url: "http://mozilla.org/",
+    },
+    {
+      input: "some special http://mozilla.org/?x=.,;!-:x",
+      url: "http://mozilla.org/?x=.,;!-:x",
+    },
+    {
+      // escape & when producing html
+      input: "'http://example.org/?test=true&success=true': ok",
+      url: "http://example.org/?test=true&success=true",
+    },
+    {
+      input: "bracket: http://localhost/[1] etc.",
+      url: "http://localhost/",
+    },
+    {
+      input: "bracket: john.doe+test@mozilla.org[1] etc.",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    {
+      input: "parenthesis: (http://localhost/) etc.",
+      url: "http://localhost/",
+    },
+    {
+      input: "parenthesis: (john.doe+test@mozilla.org) etc.",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    {
+      input: "(thunderbird)http://mozilla.org/thunderbird",
+      url: "http://mozilla.org/thunderbird",
+    },
+    {
+      input: "(mail)john.doe+test@mozilla.org",
+      url: "mailto:john.doe+test@mozilla.org",
+    },
+    {
+      input: "()http://mozilla.org",
+      url: "http://mozilla.org",
+    },
+    {
+      input:
+        "parenthesis included: http://kb.mozillazine.org/Performance_(Thunderbird) etc.",
+      url: "http://kb.mozillazine.org/Performance_(Thunderbird)",
+    },
+    {
+      input: "parenthesis slash bracket: (http://localhost/)[1] etc.",
+      url: "http://localhost/",
+    },
+    {
+      input: "parenthesis bracket: (http://example.org[1]) etc.",
+      url: "http://example.org",
+    },
+    {
+      input: "ipv6 1: https://[1080::8:800:200C:417A]/foo?bar=x test",
+      url: "https://[1080::8:800:200C:417A]/foo?bar=x",
+    },
+    {
+      input: "ipv6 2: http://[::ffff:127.0.0.1]/#yay test",
+      url: "http://[::ffff:127.0.0.1]/#yay",
+    },
+    {
+      input: "ipv6 parenthesis port: (http://[2001:db8::1]:80/) test",
+      url: "http://[2001:db8::1]:80/",
+    },
+    {
+      input:
+        "test http://www.map.com/map.php?t=Nova_Scotia&markers=//Not_a_survey||description=plm2 test",
+      url: "http://www.map.com/map.php?t=Nova_Scotia&markers=//Not_a_survey||description=plm2",
+    },
+    {
+      input: "bug#1509493 (john@mozilla.org)john@mozilla.org test",
+      url: "mailto:john@mozilla.org",
+      text: "john@mozilla.org",
+    },
+    {
+      input: "bug#1509493 {john@mozilla.org}john@mozilla.org test",
+      url: "mailto:john@mozilla.org",
+      text: "john@mozilla.org",
+    },
+  ];
+
+  const scanTXTglyph = [
+    // Some "glyph" testing (not exhaustive, the system supports 16 different
+    // smiley types).
+    {
+      input: "this is superscript: x^2",
+      results: [""],
+    },
+    {
+      input: "this is plus-minus: +/-",
+      results: ["±"],
+    },
+    {
+      input: "this is a smiley :)",
+      results: ["🙂"],
+    },
+    {
+      input: "this is a smiley :-)",
+      results: ["🙂"],
+    },
+    {
+      input: "this is a smiley :-(",
+      results: ["🙁"],
+    },
+  ];
+
+  const scanTXTstrings = [
+    "underline", // ASCII
+    "äöüßáéíóúî", // Latin-1
+    "a\u0301c\u0327c\u030Ce\u0309n\u0303t\u0326e\u0308d\u0323",
+    // áçčẻñțëḍ Latin
+    "\u016B\u00F1\u0257\u0119\u0211\u0142\u00ED\u00F1\u0119",
+    // Pseudo-ese ūñɗęȑłíñę
+    "\u01DDu\u0131\u0283\u0279\u01DDpun", // Upside down ǝuıʃɹǝpun
+    "\u03C5\u03C0\u03BF\u03B3\u03C1\u03AC\u03BC\u03BC\u03B9\u03C3\u03B7",
+    // Greek υπογράμμιση
+    "\u0441\u0438\u043B\u044C\u043D\u0443\u044E", // Russian сильную
+    "\u0C2C\u0C32\u0C2E\u0C46\u0C56\u0C28", // Telugu బలమైన
+    "\u508D\u7DDA\u3059\u308B", // Japanese 傍線する
+    "\uD841\uDF0E\uD841\uDF31\uD841\uDF79\uD843\uDC53\uD843\uDC78",
+    // Chinese (supplementary plane)
+    "\uD801\uDC14\uD801\uDC2F\uD801\uDC45\uD801\uDC28\uD801\uDC49\uD801\uDC2F\uD801\uDC3B",
+    // Deseret 𐐔𐐯𐑅𐐨𐑉𐐯𐐻
+  ];
+
+  const scanTXTstructs = [
+    {
+      delimiter: "/",
+      tag: "i",
+      class: "moz-txt-slash",
+    },
+    {
+      delimiter: "*",
+      tag: "b",
+      class: "moz-txt-star",
+    },
+    {
+      delimiter: "_",
+      tag: "span",
+      class: "moz-txt-underscore",
+    },
+    {
+      delimiter: "|",
+      tag: "code",
+      class: "moz-txt-verticalline",
+    },
+  ];
+
+  const scanHTMLtests = [
+    {
+      input: "http://foo.example.com",
+      shouldChange: true,
+    },
+    {
+      input: " foo",
+      shouldChange: false,
+    },
+    {
+      input: "see http://abbr.example.com",
+      shouldChange: true,
+    },
+    {
+      input: "",
+      shouldChange: false,
+    },
+    {
+      input: "",
+      shouldChange: false,
+    },
+    {
+      input: "",
+      shouldChange: false,
+    },
+    {
+      input:
+        "",
+      shouldChange: false,
+    },
+    {
+      input: "",
+      shouldChange: false,
+    },
+    {
+      input: "",
+      shouldChange: false,
+    },
+    {
+      input: "http://head.example.com/",
+      shouldChange: false,
+    },
+    {
+      input: "
see http://header.example.com
",
+      shouldChange: true,
+    },
+    {
+      input: "