Backed out 4 changesets (bug 1045891) for b2g mochitest 7 failures
authorWes Kocher <wkocher@mozilla.com>
Fri, 06 Nov 2015 09:36:49 -0800
changeset 271621 2d2e821fa20de7c6ee9878eab4c769fbcb74d053
parent 271620 b02ebe7b7721bf0794d5101b01c53e002b170bd3
child 271622 0c5045d56439fee2304de57cdc02484e4810714f
push id29650
push usercbook@mozilla.com
push dateMon, 09 Nov 2015 13:56:12 +0000
treeherdermozilla-central@e1ef2be156de [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1045891
milestone45.0a1
backs outc590b18c5885040d6f2a6c711e9f1a8f87965ec1
14818a2329a4846757098689aa0ef880ce8aee15
e44d41985fed5022c9e745411b885ad137568a99
781a76befe01dfede99024a6ad5262eaf323c2c4
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 4 changesets (bug 1045891) for b2g mochitest 7 failures Backed out changeset c590b18c5885 (bug 1045891) Backed out changeset 14818a2329a4 (bug 1045891) Backed out changeset e44d41985fed (bug 1045891) Backed out changeset 781a76befe01 (bug 1045891)
dom/base/nsContentPolicy.cpp
dom/base/nsContentUtils.cpp
dom/base/nsContentUtils.h
dom/interfaces/security/nsIContentSecurityPolicy.idl
dom/locales/en-US/chrome/security/csp.properties
dom/security/nsCSPContext.cpp
dom/security/nsCSPParser.cpp
dom/security/nsCSPParser.h
dom/security/nsCSPService.cpp
dom/security/nsCSPUtils.cpp
dom/security/nsCSPUtils.h
dom/security/test/csp/file_child-src_iframe.html
dom/security/test/csp/file_child-src_inner_frame.html
dom/security/test/csp/file_child-src_service_worker.html
dom/security/test/csp/file_child-src_service_worker.js
dom/security/test/csp/file_child-src_shared_worker-redirect.html
dom/security/test/csp/file_child-src_shared_worker.html
dom/security/test/csp/file_child-src_shared_worker.js
dom/security/test/csp/file_child-src_shared_worker_data.html
dom/security/test/csp/file_child-src_worker-redirect.html
dom/security/test/csp/file_child-src_worker.html
dom/security/test/csp/file_child-src_worker.js
dom/security/test/csp/file_child-src_worker_data.html
dom/security/test/csp/file_redirect_worker.sjs
dom/security/test/csp/file_redirects_page.sjs
dom/security/test/csp/file_redirects_resource.sjs
dom/security/test/csp/mochitest.ini
dom/security/test/csp/test_child-src_iframe.html
dom/security/test/csp/test_child-src_worker-redirect.html
dom/security/test/csp/test_child-src_worker.html
dom/security/test/csp/test_child-src_worker_data.html
dom/security/test/csp/test_service_worker.html
dom/security/test/csp/test_worker_redirect.html
dom/webidl/CSPDictionaries.webidl
testing/web-platform/meta/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.ini
testing/web-platform/meta/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html.ini
testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
--- a/dom/base/nsContentPolicy.cpp
+++ b/dom/base/nsContentPolicy.cpp
@@ -119,18 +119,18 @@ nsContentPolicy::CheckPolicy(CPMethod   
     }
 
     nsContentPolicyType externalType =
         nsContentUtils::InternalContentPolicyTypeToExternal(contentType);
 
     nsContentPolicyType externalTypeOrScript =
         nsContentUtils::InternalContentPolicyTypeToExternalOrScript(contentType);
 
-    nsContentPolicyType externalTypeOrCSPInternal =
-       nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(contentType);
+    nsContentPolicyType externalTypeOrPreload =
+       nsContentUtils::InternalContentPolicyTypeToExternalOrPreload(contentType);
 
     nsCOMPtr<nsIContentPolicy> mixedContentBlocker =
         do_GetService(NS_MIXEDCONTENTBLOCKER_CONTRACTID);
 
     nsCOMPtr<nsIContentPolicy> cspService =
       do_GetService(CSPSERVICE_CONTRACTID);
 
     /* 
@@ -147,26 +147,23 @@ nsContentPolicy::CheckPolicy(CPMethod   
         // which needs to know about TYPE_INTERNAL_WORKER,
         // TYPE_INTERNAL_SHARED_WORKER and TYPE_INTERNAL_SERVICE_WORKER.
         bool isMixedContentBlocker = mixedContentBlocker == entries[i];
         nsContentPolicyType type = externalType;
         if (isMixedContentBlocker) {
             type = externalTypeOrScript;
         }
         // Send the internal content policy type for CSP which needs to
-        // know about preloads and workers, in particular:
+        // know about preloads, in particular:
         // * TYPE_INTERNAL_SCRIPT_PRELOAD
         // * TYPE_INTERNAL_IMAGE_PRELOAD
         // * TYPE_INTERNAL_STYLESHEET_PRELOAD
-        // * TYPE_INTERNAL_WORKER
-        // * TYPE_INTERNAL_SHARED_WORKER
-        // * TYPE_INTERNAL_SERVICE_WORKER
         bool isCSP = cspService == entries[i];
         if (isCSP) {
-          type = externalTypeOrCSPInternal;
+          type = externalTypeOrPreload;
         }
         rv = (entries[i]->*policyMethod)(type, contentLocation,
                                          requestingLocation, requestingContext,
                                          mimeType, extra, requestPrincipal,
                                          decision);
 
         if (NS_SUCCEEDED(rv) && NS_CP_REJECTED(*decision)) {
             /* policy says no, no point continuing to check */
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -8039,43 +8039,16 @@ nsContentUtils::InternalContentPolicyTyp
   if (aType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD ||
       aType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_PRELOAD ||
       aType == nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD) {
     return aType;
   }
   return InternalContentPolicyTypeToExternal(aType);
 }
 
-
-/* static */
-nsContentPolicyType
-nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(nsContentPolicyType aType)
-{
-  switch (aType) {
-  case nsIContentPolicy::TYPE_INTERNAL_WORKER:
-  case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
-  case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
-    return aType;
-
-  default:
-    return InternalContentPolicyTypeToExternal(aType);
-  }
-}
-
-/* static */
-nsContentPolicyType
-nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(nsContentPolicyType aType)
-{
-  if (aType == InternalContentPolicyTypeToExternalOrWorker(aType) ||
-      aType == InternalContentPolicyTypeToExternalOrPreload(aType)) {
-    return aType;
-  }
-  return InternalContentPolicyTypeToExternal(aType);
-}
-
 nsresult
 nsContentUtils::SetFetchReferrerURIWithPolicy(nsIPrincipal* aPrincipal,
                                               nsIDocument* aDoc,
                                               nsIHttpChannel* aChannel)
 {
   NS_ENSURE_ARG_POINTER(aPrincipal);
   NS_ENSURE_ARG_POINTER(aChannel);
 
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -1009,39 +1009,16 @@ public:
    *   * TYPE_INTERNAL_IMAGE_PRELOAD
    *   * TYPE_INTERNAL_STYLESHEET_PRELOAD
    *
    * Note: DO NOT call this function unless you know what you're doing!
    */
   static nsContentPolicyType InternalContentPolicyTypeToExternalOrPreload(nsContentPolicyType aType);
 
   /**
-   * Map internal content policy types to external ones, worker, or preload types:
-   *   * TYPE_INTERNAL_WORKER
-   *   * TYPE_INTERNAL_SHARED_WORKER
-   *   * TYPE_INTERNAL_SERVICE_WORKER
-   *   * TYPE_INTERNAL_SCRIPT_PRELOAD
-   *   * TYPE_INTERNAL_IMAGE_PRELOAD
-   *   * TYPE_INTERNAL_STYLESHEET_PRELOAD
-   *
-   * Note: DO NOT call this function unless you know what you're doing!
-   */
-  static nsContentPolicyType InternalContentPolicyTypeToExternalOrCSPInternal(nsContentPolicyType aType);
-
-  /**
-   * Map internal content policy types to external ones, worker, or preload types:
-   *   * TYPE_INTERNAL_WORKER
-   *   * TYPE_INTERNAL_SHARED_WORKER
-   *   * TYPE_INTERNAL_SERVICE_WORKER
-   *
-   * Note: DO NOT call this function unless you know what you're doing!
-   */
-  static nsContentPolicyType InternalContentPolicyTypeToExternalOrWorker(nsContentPolicyType aType);
-
-  /**
    * Quick helper to determine whether there are any mutation listeners
    * of a given type that apply to this content or any of its ancestors.
    * The method has the side effect to call document's MayDispatchMutationEvent
    * using aTargetForSubtreeModified as the parameter.
    *
    * @param aNode  The node to search for listeners
    * @param aType  The type of listener (NS_EVENT_BITS_MUTATION_*)
    * @param aTargetForSubtreeModified The node which is the target of the
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -15,17 +15,17 @@ interface nsIURI;
  * nsIContentSecurityPolicy
  * Describes an XPCOM component used to model and enforce CSPs.  Instances of
  * this class may have multiple policies within them, but there should only be
  * one of these per document/principal.
  */
 
 typedef unsigned short CSPDirective;
 
-[scriptable, uuid(36c6d419-24c2-40e8-9adb-11d0b1341770)]
+[scriptable, uuid(fe07ab08-21ba-470c-8b89-78d0e7298c68)]
 interface nsIContentSecurityPolicy : nsISerializable
 {
   /**
    * Directives supported by Content Security Policy.  These are enums for
    * the CSPDirective type.
    * The NO_DIRECTIVE entry is  used for checking default permissions and
    * returning failure when asking CSP which directive to check.
    *
@@ -45,17 +45,16 @@ interface nsIContentSecurityPolicy : nsI
   const unsigned short REPORT_URI_DIRECTIVE           = 10;
   const unsigned short FRAME_ANCESTORS_DIRECTIVE      = 11;
   const unsigned short REFLECTED_XSS_DIRECTIVE        = 12;
   const unsigned short BASE_URI_DIRECTIVE             = 13;
   const unsigned short FORM_ACTION_DIRECTIVE          = 14;
   const unsigned short REFERRER_DIRECTIVE             = 15;
   const unsigned short WEB_MANIFEST_SRC_DIRECTIVE     = 16;
   const unsigned short UPGRADE_IF_INSECURE_DIRECTIVE  = 17;
-  const unsigned short CHILD_SRC_DIRECTIVE            = 18;
 
   /**
    * Accessor method for a read-only string version of the policy at a given
    * index.
    */
   AString getPolicy(in unsigned long index);
 
   /**
--- a/dom/locales/en-US/chrome/security/csp.properties
+++ b/dom/locales/en-US/chrome/security/csp.properties
@@ -77,11 +77,8 @@ couldntParseInvalidHost = Couldn't parse
 # %1$S is the string source
 couldntParseScheme = Couldn't parse scheme in %1$S
 # LOCALIZATION NOTE (couldntParsePort):
 # %1$S is the string source
 couldntParsePort = Couldn't parse port in %1$S
 # LOCALIZATION NOTE (duplicateDirective):
 # %1$S is the name of the duplicate directive
 duplicateDirective = Duplicate %1$S directives detected.  All but the first instance will be ignored.
-# LOCALIZATION NOTE (deprecatedDirective):
-# %1$S is the name of the deprecated directive, %2$S is the name of the replacement.
-deprecatedDirective = Directive '%1$S' has been deprecated. Please use directive '%2$S' instead.
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -108,28 +108,25 @@ nsCSPContext::ShouldLoad(nsContentPolicy
                          const nsACString&   aMimeTypeGuess,
                          nsISupports*        aExtra,
                          int16_t*            outDecision)
 {
   if (CSPCONTEXTLOGENABLED()) {
     nsAutoCString spec;
     aContentLocation->GetSpec(spec);
     CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, aContentLocation: %s", spec.get()));
-    CSPCONTEXTLOG((">>>>                      aContentType: %d", aContentType));
   }
 
   bool isStyleOrScriptPreLoad =
     (aContentType == nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD ||
      aContentType == nsIContentPolicy::TYPE_INTERNAL_STYLESHEET_PRELOAD);
 
   // Since we know whether we are dealing with a preload, we have to convert
   // the internal policytype ot the external policy type before moving on.
-  // We still need to know if this is a worker so child-src can handle that
-  // case correctly.
-  aContentType = nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(aContentType);
+  aContentType = nsContentUtils::InternalContentPolicyTypeToExternal(aContentType);
 
   nsresult rv = NS_OK;
 
   // This ShouldLoad function is called from nsCSPService::ShouldLoad,
   // which already checked a number of things, including:
   // * aContentLocation is not null; we can consume this without further checks
   // * scheme is not a whitelisted scheme (about: chrome:, etc).
   // * CSP is enabled
@@ -185,17 +182,17 @@ nsCSPContext::ShouldLoad(nsContentPolicy
   // Done looping, cache any relevant result
   if (cacheKey.Length() > 0 && !isStyleOrScriptPreLoad) {
     mShouldLoadCache.Put(cacheKey, *outDecision);
   }
 
   if (CSPCONTEXTLOGENABLED()) {
     nsAutoCString spec;
     aContentLocation->GetSpec(spec);
-    CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, decision: %s, aContentLocation: %s", *outDecision > 0 ? "load" : "deny", spec.get()));
+    CSPCONTEXTLOG(("nsCSPContext::ShouldLoad, decision: %s, aContentLocation: %s", *outDecision ? "load" : "deny", spec.get()));
   }
   return NS_OK;
 }
 
 bool
 nsCSPContext::permitsInternal(CSPDirective aDir,
                               nsIURI* aContentLocation,
                               nsIURI* aOriginalURI,
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -120,18 +120,16 @@ nsCSPTokenizer::tokenizeCSPPolicy(const 
 
 /* ===== nsCSPParser ==================== */
 
 nsCSPParser::nsCSPParser(cspTokens& aTokens,
                          nsIURI* aSelfURI,
                          uint64_t aInnerWindowID)
  : mHasHashOrNonce(false)
  , mUnsafeInlineKeywordSrc(nullptr)
- , mChildSrc(nullptr)
- , mFrameSrc(nullptr)
  , mTokens(aTokens)
  , mSelfURI(aSelfURI)
  , mInnerWindowID(aInnerWindowID)
 {
   CSPPARSERLOG(("nsCSPParser::nsCSPParser"));
 }
 
 nsCSPParser::~nsCSPParser()
@@ -991,31 +989,16 @@ nsCSPParser::directiveName()
     return nullptr;
   }
 
   // special case handling for upgrade-insecure-requests
   if (CSP_IsDirective(mCurToken, nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE)) {
     return new nsUpgradeInsecureDirective(CSP_StringToCSPDirective(mCurToken));
   }
 
-  // child-src has it's own class to handle frame-src if necessary
-  if (CSP_IsDirective(mCurToken, nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE)) {
-    mChildSrc = new nsCSPChildSrcDirective(CSP_StringToCSPDirective(mCurToken));
-    return mChildSrc;
-  }
-
-  // if we have a frame-src, cache it so we can decide whether to use child-src
-  if (CSP_IsDirective(mCurToken, nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE)) {
-    const char16_t* params[] = { mCurToken.get(), NS_LITERAL_STRING("child-src").get() };
-    logWarningErrorToConsole(nsIScriptError::warningFlag, "deprecatedDirective",
-                             params, ArrayLength(params));
-    mFrameSrc = new nsCSPDirective(CSP_StringToCSPDirective(mCurToken));
-    return mFrameSrc;
-  }
-
   return new nsCSPDirective(CSP_StringToCSPDirective(mCurToken));
 }
 
 // directive = *WSP [ directive-name [ WSP directive-value ] ]
 void
 nsCSPParser::directive()
 {
   // Set the directiveName to mCurToken
@@ -1098,22 +1081,16 @@ nsCSPParser::policy()
   mPolicy = new nsCSPPolicy();
   for (uint32_t i = 0; i < mTokens.Length(); i++) {
     // All input is already tokenized; set one tokenized array in the form of
     // [ name, src, src, ... ]
     // to mCurDir and call directive which processes the current directive.
     mCurDir = mTokens[i];
     directive();
   }
-
-  if (mChildSrc && !mFrameSrc) {
-    // if we have a child-src, it handles frame-src too, unless frame-src is set
-    mChildSrc->setHandleFrameSrc();
-  }
-
   return mPolicy;
 }
 
 nsCSPPolicy*
 nsCSPParser::parseContentSecurityPolicy(const nsAString& aPolicyString,
                                         nsIURI *aSelfURI,
                                         bool aReportOnly,
                                         uint64_t aInnerWindowID)
--- a/dom/security/nsCSPParser.h
+++ b/dom/security/nsCSPParser.h
@@ -228,24 +228,15 @@ class nsCSPParser {
     nsString           mCurValue;
     nsString           mCurToken;
     nsTArray<nsString> mCurDir;
 
     // cache variables to ignore unsafe-inline if hash or nonce is specified
     bool               mHasHashOrNonce; // false, if no hash or nonce is defined
     nsCSPKeywordSrc*   mUnsafeInlineKeywordSrc; // null, otherwise invlidate()
 
-    // cache variables for child-src and frame-src directive handling.
-    // frame-src is deprecated in favor of child-src, however if we
-    // see a frame-src directive, it takes precedence for frames and iframes.
-    // At the end of parsing, if we have a child-src directive, we need to
-    // decide whether it will handle frames, or if there is a frame-src we
-    // should honor instead.
-    nsCSPChildSrcDirective* mChildSrc;
-    nsCSPDirective*         mFrameSrc;
-
     cspTokens          mTokens;
     nsIURI*            mSelfURI;
     nsCSPPolicy*       mPolicy;
     uint64_t           mInnerWindowID; // used for console reporting
 };
 
 #endif /* nsCSPParser_h___ */
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -101,18 +101,18 @@ CSPService::ShouldLoad(uint32_t aContent
                        nsIURI *aRequestOrigin,
                        nsISupports *aRequestContext,
                        const nsACString &aMimeTypeGuess,
                        nsISupports *aExtra,
                        nsIPrincipal *aRequestPrincipal,
                        int16_t *aDecision)
 {
   MOZ_ASSERT(aContentType ==
-             nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(aContentType),
-             "We should only see external content policy types or CSP special types (preloads or workers) here.");
+             nsContentUtils::InternalContentPolicyTypeToExternalOrPreload(aContentType),
+             "We should only see external content policy types or preloads here.");
 
   if (!aContentLocation) {
     return NS_ERROR_FAILURE;
   }
 
   if (MOZ_LOG_TEST(gCspPRLog, LogLevel::Debug)) {
     nsAutoCString location;
     aContentLocation->GetSpec(location);
@@ -249,17 +249,17 @@ CSPService::ShouldProcess(uint32_t      
                           nsIURI           *aRequestOrigin,
                           nsISupports      *aRequestContext,
                           const nsACString &aMimeTypeGuess,
                           nsISupports      *aExtra,
                           nsIPrincipal     *aRequestPrincipal,
                           int16_t          *aDecision)
 {
   MOZ_ASSERT(aContentType ==
-             nsContentUtils::InternalContentPolicyTypeToExternalOrCSPInternal(aContentType),
+             nsContentUtils::InternalContentPolicyTypeToExternalOrPreload(aContentType),
              "We should only see external content policy types or preloads here.");
 
   if (!aContentLocation)
     return NS_ERROR_FAILURE;
 
   *aDecision = nsIContentPolicy::ACCEPT;
   return NS_OK;
 }
@@ -309,23 +309,17 @@ CSPService::AsyncOnChannelRedirect(nsICh
    * information set in the LoadInfo when channels are created.
    *
    * We check if the CSP permits this host for this type of load, if not,
    * we cancel the load now.
    */
   nsCOMPtr<nsIURI> originalUri;
   rv = oldChannel->GetOriginalURI(getter_AddRefs(originalUri));
   NS_ENSURE_SUCCESS(rv, rv);
-  /* On redirect, if the content policy is a preload type, rejecting the preload
-   * results in the load silently failing, so we convert preloads to the actual
-   * type. See Bug 1219453.
-   */
-  nsContentPolicyType policyType =
-    nsContentUtils::InternalContentPolicyTypeToExternalOrWorker(
-        loadInfo->InternalContentPolicyType());
+  nsContentPolicyType policyType = loadInfo->GetExternalContentPolicyType();
 
   int16_t aDecision = nsIContentPolicy::ACCEPT;
   csp->ShouldLoad(policyType,     // load type per nsIContentPolicy (uint32_t)
                   newUri,         // nsIURI
                   nullptr,        // nsIURI
                   nullptr,        // nsISupports
                   EmptyCString(), // ACString - MIME guess
                   originalUri,    // aMimeTypeGuess
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -133,37 +133,30 @@ CSP_ContentTypeToDirective(nsContentPoli
   switch (aType) {
     case nsIContentPolicy::TYPE_IMAGE:
     case nsIContentPolicy::TYPE_IMAGESET:
       return nsIContentSecurityPolicy::IMG_SRC_DIRECTIVE;
 
     // BLock XSLT as script, see bug 910139
     case nsIContentPolicy::TYPE_XSLT:
     case nsIContentPolicy::TYPE_SCRIPT:
-    case nsIContentPolicy::TYPE_INTERNAL_SCRIPT:
-    case nsIContentPolicy::TYPE_INTERNAL_SCRIPT_PRELOAD:
       return nsIContentSecurityPolicy::SCRIPT_SRC_DIRECTIVE;
 
     case nsIContentPolicy::TYPE_STYLESHEET:
       return nsIContentSecurityPolicy::STYLE_SRC_DIRECTIVE;
 
     case nsIContentPolicy::TYPE_FONT:
       return nsIContentSecurityPolicy::FONT_SRC_DIRECTIVE;
 
     case nsIContentPolicy::TYPE_MEDIA:
       return nsIContentSecurityPolicy::MEDIA_SRC_DIRECTIVE;
 
     case nsIContentPolicy::TYPE_WEB_MANIFEST:
       return nsIContentSecurityPolicy::WEB_MANIFEST_SRC_DIRECTIVE;
 
-    case nsIContentPolicy::TYPE_INTERNAL_WORKER:
-    case nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER:
-    case nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER:
-      return nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE;
-
     case nsIContentPolicy::TYPE_SUBDOCUMENT:
       return nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE;
 
     case nsIContentPolicy::TYPE_WEBSOCKET:
     case nsIContentPolicy::TYPE_XMLHTTPREQUEST:
     case nsIContentPolicy::TYPE_BEACON:
     case nsIContentPolicy::TYPE_FETCH:
       return nsIContentSecurityPolicy::CONNECT_SRC_DIRECTIVE;
@@ -904,21 +897,16 @@ nsCSPDirective::toDomCSPStruct(mozilla::
       outCSP.mForm_action.Value() = mozilla::Move(srcs);
       return;
 
     case nsIContentSecurityPolicy::UPGRADE_IF_INSECURE_DIRECTIVE:
       outCSP.mUpgrade_insecure_requests.Construct();
       // does not have any srcs
       return;
 
-    case nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE:
-      outCSP.mChild_src.Construct();
-      outCSP.mChild_src.Value() = mozilla::Move(srcs);
-      return;
-
     // REFERRER_DIRECTIVE is handled in nsCSPPolicy::toDomCSPStruct()
 
     default:
       NS_ASSERTION(false, "cannot find directive to convert CSP to JSON");
   }
 }
 
 
@@ -941,59 +929,16 @@ nsCSPDirective::getReportURIs(nsTArray<n
   nsString tmpReportURI;
   for (uint32_t i = 0; i < mSrcs.Length(); i++) {
     tmpReportURI.Truncate();
     mSrcs[i]->toString(tmpReportURI);
     outReportURIs.AppendElement(tmpReportURI);
   }
 }
 
-bool nsCSPDirective::equals(CSPDirective aDirective) const
-{
-  return (mDirective == aDirective);
-}
-
-/* =============== nsCSPChildSrcDirective ============= */
-
-nsCSPChildSrcDirective::nsCSPChildSrcDirective(CSPDirective aDirective)
-  : nsCSPDirective(aDirective)
-  , mHandleFrameSrc(false)
-{
-}
-
-nsCSPChildSrcDirective::~nsCSPChildSrcDirective()
-{
-}
-
-void nsCSPChildSrcDirective::setHandleFrameSrc()
-{
-  mHandleFrameSrc = true;
-}
-
-bool nsCSPChildSrcDirective::restrictsContentType(nsContentPolicyType aContentType) const
-{
-  if (aContentType == nsIContentPolicy::TYPE_SUBDOCUMENT) {
-    return mHandleFrameSrc;
-  }
-
-  return (aContentType == nsIContentPolicy::TYPE_INTERNAL_WORKER
-      || aContentType == nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER
-      || aContentType == nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER
-      );
-}
-
-bool nsCSPChildSrcDirective::equals(CSPDirective aDirective) const
-{
-  if (aDirective == nsIContentSecurityPolicy::FRAME_SRC_DIRECTIVE) {
-    return mHandleFrameSrc;
-  }
-
-  return (aDirective == nsIContentSecurityPolicy::CHILD_SRC_DIRECTIVE);
-}
-
 /* =============== nsUpgradeInsecureDirective ============= */
 
 nsUpgradeInsecureDirective::nsUpgradeInsecureDirective(CSPDirective aDirective)
 : nsCSPDirective(aDirective)
 {
 }
 
 nsUpgradeInsecureDirective::~nsUpgradeInsecureDirective()
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@@ -65,35 +65,34 @@ void CSP_LogMessage(const nsAString& aMe
 // these strings map to the CSPDirectives in nsIContentSecurityPolicy
 // NOTE: When implementing a new directive, you will need to add it here but also
 // add a corresponding entry to the constants in nsIContentSecurityPolicy.idl
 // and also create an entry for the new directive in
 // nsCSPDirective::toDomCSPStruct() and add it to CSPDictionaries.webidl.
 // Order of elements below important! Make sure it matches the order as in
 // nsIContentSecurityPolicy.idl
 static const char* CSPStrDirectives[] = {
-  "-error-",                   // NO_DIRECTIVE
-  "default-src",               // DEFAULT_SRC_DIRECTIVE
-  "script-src",                // SCRIPT_SRC_DIRECTIVE
-  "object-src",                // OBJECT_SRC_DIRECTIVE
-  "style-src",                 // STYLE_SRC_DIRECTIVE
-  "img-src",                   // IMG_SRC_DIRECTIVE
-  "media-src",                 // MEDIA_SRC_DIRECTIVE
-  "frame-src",                 // FRAME_SRC_DIRECTIVE
-  "font-src",                  // FONT_SRC_DIRECTIVE
-  "connect-src",               // CONNECT_SRC_DIRECTIVE
-  "report-uri",                // REPORT_URI_DIRECTIVE
-  "frame-ancestors",           // FRAME_ANCESTORS_DIRECTIVE
-  "reflected-xss",             // REFLECTED_XSS_DIRECTIVE
-  "base-uri",                  // BASE_URI_DIRECTIVE
-  "form-action",               // FORM_ACTION_DIRECTIVE
-  "referrer",                  // REFERRER_DIRECTIVE
-  "manifest-src",              // MANIFEST_SRC_DIRECTIVE
-  "upgrade-insecure-requests", // UPGRADE_IF_INSECURE_DIRECTIVE
-  "child-src"                  // CHILD_SRC_DIRECTIVE
+  "-error-",                  // NO_DIRECTIVE
+  "default-src",              // DEFAULT_SRC_DIRECTIVE
+  "script-src",               // SCRIPT_SRC_DIRECTIVE
+  "object-src",               // OBJECT_SRC_DIRECTIVE
+  "style-src",                // STYLE_SRC_DIRECTIVE
+  "img-src",                  // IMG_SRC_DIRECTIVE
+  "media-src",                // MEDIA_SRC_DIRECTIVE
+  "frame-src",                // FRAME_SRC_DIRECTIVE
+  "font-src",                 // FONT_SRC_DIRECTIVE
+  "connect-src",              // CONNECT_SRC_DIRECTIVE
+  "report-uri",               // REPORT_URI_DIRECTIVE
+  "frame-ancestors",          // FRAME_ANCESTORS_DIRECTIVE
+  "reflected-xss",            // REFLECTED_XSS_DIRECTIVE
+  "base-uri",                 // BASE_URI_DIRECTIVE
+  "form-action",              // FORM_ACTION_DIRECTIVE
+  "referrer",                 // REFERRER_DIRECTIVE
+  "manifest-src",             // MANIFEST_SRC_DIRECTIVE
+  "upgrade-insecure-requests" // UPGRADE_IF_INSECURE_DIRECTIVE
 };
 
 inline const char* CSP_CSPDirectiveToString(CSPDirective aDir)
 {
   return CSPStrDirectives[static_cast<uint32_t>(aDir)];
 }
 
 inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir)
@@ -299,55 +298,31 @@ class nsCSPDirective {
                          bool aReportOnly, bool aUpgradeInsecure) const;
     virtual bool allows(enum CSPKeyword aKeyword, const nsAString& aHashOrNonce) const;
     virtual void toString(nsAString& outStr) const;
     void toDomCSPStruct(mozilla::dom::CSP& outCSP) const;
 
     virtual void addSrcs(const nsTArray<nsCSPBaseSrc*>& aSrcs)
       { mSrcs = aSrcs; }
 
-    virtual bool restrictsContentType(nsContentPolicyType aContentType) const;
+    bool restrictsContentType(nsContentPolicyType aContentType) const;
 
     inline bool isDefaultDirective() const
      { return mDirective == nsIContentSecurityPolicy::DEFAULT_SRC_DIRECTIVE; }
 
-    virtual bool equals(CSPDirective aDirective) const;
+    inline bool equals(CSPDirective aDirective) const
+      { return (mDirective == aDirective); }
 
     void getReportURIs(nsTArray<nsString> &outReportURIs) const;
 
   private:
     CSPDirective            mDirective;
     nsTArray<nsCSPBaseSrc*> mSrcs;
 };
 
-/* =============== nsCSPChildSrcDirective ============= */
-
-/*
- * In CSP 2, the child-src directive covers both workers and
- * subdocuments (i.e., frames and iframes). Workers were removed
- * from script-src, but frames can be controlled by either child-src
- * or frame-src directives, so child-src needs to know whether it should
- * also restrict frames. When both are present the frame-src directive
- * takes precedent.
- */
-class nsCSPChildSrcDirective : public nsCSPDirective {
-  public:
-    explicit nsCSPChildSrcDirective(CSPDirective aDirective);
-    virtual ~nsCSPChildSrcDirective();
-
-    void setHandleFrameSrc();
-
-    virtual bool restrictsContentType(nsContentPolicyType aContentType) const;
-
-    virtual bool equals(CSPDirective aDirective) const;
-
-  private:
-    bool mHandleFrameSrc;
-};
-
 /* =============== nsUpgradeInsecureDirective === */
 
 /*
  * Upgrading insecure requests includes the following actors:
  * (1) CSP:
  *     The CSP implementation whitelists the http-request
  *     in case the policy is executed in enforcement mode.
  *     The CSP implementation however does not allow http
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_iframe.html
+++ /dev/null
@@ -1,61 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-    <iframe id="testframe"> </iframe>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-
-    function executeTest(ev) {
-      testframe = document.getElementById('testframe');
-      testframe.contentWindow.postMessage({id:page_id, message:"execute"}, 'http://mochi.test:8888');
-    }
-
-    function reportError(ev) {
-      window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      cleanup();
-    }
-
-    function recvMessage(ev) {
-      if (ev.data.id == page_id) {
-        window.parent.postMessage({id:ev.data.id, message:ev.data.message}, 'http://mochi.test:8888');
-        cleanup();
-      }
-    }
-
-    function cleanup() {
-      testframe = document.getElementById('testframe');
-      window.removeEventListener('message', recvMessage);
-      testframe.removeEventListener('load', executeTest);
-      testframe.removeEventListener('error', reportError);
-    }
-
-
-    window.addEventListener('message', recvMessage, false);
-
-    try {
-      // Please note that file_testserver.sjs?foo does not return a response.
-      // For testing purposes this is not necessary because we only want to check
-      // whether CSP allows or blocks the load.
-      src = "file_testserver.sjs";
-      src += "?file=" + escape("tests/dom/security/test/csp/file_child-src_inner_frame.html");
-      src += "#" + escape(page_id);
-      testframe = document.getElementById('testframe');
-
-      testframe.addEventListener('load', executeTest, false);
-      testframe.addEventListener('error', reportError, false);
-
-      testframe.src = src;
-    }
-    catch (e) {
-      if (e.message.match(/Failed to load script/)) {
-        window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      } else {
-        window.parent.postMessage({id:page_id, message:"exception"}, 'http://mochi.test:8888');
-      }
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_inner_frame.html
+++ /dev/null
@@ -1,21 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-    <iframe id="innermosttestframe"> </iframe>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-
-    function recvMessage(ev) {
-      if (ev.data.id == page_id) {
-        window.parent.postMessage({id:ev.data.id, message:'allowed'}, 'http://mochi.test:8888');
-        window.removeEventListener('message', recvMessage);
-      }
-    }
-
-    window.addEventListener('message', recvMessage, false);
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_service_worker.html
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-    try {
-      if ('serviceWorker' in navigator) {
-        navigator.serviceWorker.register(
-            'file_child-src_service_worker.js'
-            + "#"
-            + page_id
-            ).then(function(reg)
-              {
-                // registration worked
-                window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-              }).catch(function(error) {
-              // registration failed
-              window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-            });
-      };
-    } catch(ex) {
-      window.parent.postMessage({id:page_id, message:"exception"}, 'http://mochi.test:8888');
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_service_worker.js
+++ /dev/null
@@ -1,3 +0,0 @@
-this.addEventListener('install', function(event) {
-  close();
-});
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_shared_worker-redirect.html
+++ /dev/null
@@ -1,41 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-    var redir = 'none';
-
-    page_id.split('_').forEach(function (val) {
-      var [name, value] = val.split('-');
-      if (name  == 'redir') {
-        redir = unescape(value);
-      }
-    });
-
-    try {
-      worker = new SharedWorker('file_redirect_worker.sjs?path='
-          + escape("/tests/dom/security/test/csp/file_child-src_shared_worker.js")
-          + "&redir=" + redir
-          + "&page_id=" + page_id,
-          page_id);
-      worker.port.start();
-
-      worker.port.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-      };
-
-      worker.onerror = function() {
-        window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      };
-
-      worker.port.postMessage('foo');
-    }
-    catch (e) {
-      window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_shared_worker.html
+++ /dev/null
@@ -1,28 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-    try {
-      worker = new SharedWorker(
-          'file_testserver.sjs?file='+
-                escape("tests/dom/security/test/csp/file_child-src_shared_worker.js"),
-          page_id);
-      worker.port.start();
-
-      worker.port.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"},
-            'http://mochi.test:8888');
-      };
-      worker.port.postMessage('foo');
-    }
-    catch (e) {
-      window.parent.postMessage({id:page_id, message:"blocked"},
-          'http://mochi.test:8888');
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_shared_worker.js
+++ /dev/null
@@ -1,8 +0,0 @@
-onconnect = function(e) {
-  var port = e.ports[0];
-  port.addEventListener('message', function(e) {
-    port.postMessage('success');
-  });
-
-  port.start();
-}
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_shared_worker_data.html
+++ /dev/null
@@ -1,32 +0,0 @@
-
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    var page_id = window.location.hash.substring(1);
-    var shared_worker = "onconnect = function(e) { " +
-                        "var port = e.ports[0];" +
-                        "port.addEventListener('message'," +
-                        "function(e) { port.postMessage('success'); });" +
-                        "port.start(); }";
-    
-    try {
-      var worker = new SharedWorker('data:application/javascript;charset=UTF-8,'+
-          escape(shared_worker), page_id);
-      worker.port.start();
-
-      worker.port.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-      };
-      
-      worker.port.postMessage('foo');
-    }
-    catch (e) {
-      window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_worker-redirect.html
+++ /dev/null
@@ -1,49 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    var page_id = window.location.hash.substring(1);
-    var redir = 'none';
-
-    page_id.split('_').forEach(function (val) {
-      var [name, value] = val.split('-');
-      if (name  == 'redir') {
-        redir = unescape(value);
-      }
-    });
-
-    try {
-      worker = new Worker('file_redirect_worker.sjs?path='
-          + escape("/tests/dom/security/test/csp/file_child-src_worker.js")
-          + "&redir=" + redir
-          + "&page_id=" + page_id
-          );
-
-      worker.onerror = function(error) {
-        var msg = error.message;
-        if (msg.match(/^: NetworkError/)) {
-          // this means CSP blocked it
-          msg = "blocked";
-        }
-        window.parent.postMessage({id:page_id, message:msg}, 'http://mochi.test:8888');
-      };
-
-      worker.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-
-      };
-      worker.postMessage('foo');
-    }
-    catch (e) {
-      if (e.message.match(/Failed to load script/)) {
-        window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      } else {
-        window.parent.postMessage({id:page_id, message:"exception"}, 'http://mochi.test:8888');
-      }
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_worker.html
+++ /dev/null
@@ -1,25 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-    try {
-      worker = new Worker('file_testserver.sjs?file='+escape("tests/dom/security/test/csp/file_child-src_worker.js"));
-      worker.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-      };
-      worker.postMessage('foo');
-    }
-    catch (e) {
-      if (e.message.match(/Failed to load script/)) {
-        window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      } else {
-        window.parent.postMessage({id:page_id, message:"exception"}, 'http://mochi.test:8888');
-      }
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_worker.js
+++ /dev/null
@@ -1,4 +0,0 @@
-onmessage = function(e) {
-  postMessage('worker');
-};
-
deleted file mode 100644
--- a/dom/security/test/csp/file_child-src_worker_data.html
+++ /dev/null
@@ -1,26 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-  </head>
-  <body>
-  <script type="text/javascript">
-    page_id = window.location.hash.substring(1);
-    try {
-      worker = new Worker('data:application/javascript;charset=UTF-8,'+escape('onmessage = function(e) { postMessage("worker"); };'));
-      worker.onmessage = function(ev) {
-        window.parent.postMessage({id:page_id, message:"allowed"}, 'http://mochi.test:8888');
-      };
-      worker.postMessage('foo');
-    }
-    catch (e) {
-      if (e.message.match(/Failed to load script/)) {
-        window.parent.postMessage({id:page_id, message:"blocked"}, 'http://mochi.test:8888');
-      } else {
-        console.log(e);
-        window.parent.postMessage({id:page_id, message:"exception"}, 'http://mochi.test:8888');
-      }
-    }
-  </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/file_redirect_worker.sjs
+++ /dev/null
@@ -1,34 +0,0 @@
-// SJS file to serve resources for CSP redirect tests
-// This file redirects to a specified resource.
-const THIS_SITE = "http://mochi.test:8888";
-const OTHER_SITE = "http://example.com";
-
-function handleRequest(request, response)
-{
-  var query = {};
-  request.queryString.split('&').forEach(function (val) {
-    var [name, value] = val.split('=');
-    query[name] = unescape(value);
-  });
-
-  var resource = query['path'];
-
-  response.setHeader("Cache-Control", "no-cache", false);
-  var loc = '';
-
-  // redirect to a resource on this site
-  if (query["redir"] == "same") {
-    loc = THIS_SITE+resource+"#"+query['page_id']
-  }
-
-  // redirect to a resource on a different site
-  else if (query["redir"] == "other") {
-    loc = OTHER_SITE+resource+"#"+query['page_id']
-  }
-
-  response.setStatusLine("1.1", 302, "Found");
-  response.setHeader("Location", loc, false);
-
-  response.write('<html><head><meta http-equiv="refresh" content="0; url='+loc+'">');
-  return;
-}
--- a/dom/security/test/csp/file_redirects_page.sjs
+++ b/dom/security/test/csp/file_redirects_page.sjs
@@ -10,23 +10,17 @@ function handleRequest(request, response
 
   response.setHeader("Cache-Control", "no-cache", false);
   response.setHeader("Content-Type", "text/html", false);
 
   var resource = "/tests/dom/security/test/csp/file_redirects_resource.sjs";
 
   // CSP header value
   if (query["csp"] == 1) {
-    var additional = ""
-    if (query['testid'] == "worker") {
-      additional = "; script-src 'self' 'unsafe-inline'";
-    }
-    response.setHeader("Content-Security-Policy",
-        "default-src 'self' ; style-src 'self' 'unsafe-inline'" + additional,
-        false);
+    response.setHeader("Content-Security-Policy", "default-src 'self' ; style-src 'self' 'unsafe-inline'", false);
   }
 
   // downloadable font that redirects to another site
   if (query["testid"] == "font-src") {
     var resp = '<style type="text/css"> @font-face { font-family:' +
                '"Redirecting Font"; src: url("' + resource +
                '?res=font&redir=other&id=font-src-redir")} #test{font-family:' +
                '"Redirecting Font"}</style></head><body>' +
@@ -62,23 +56,23 @@ function handleRequest(request, response
   // external script that redirects to another site
   if (query["testid"] == "script-src") {
     response.write('<script src="'+resource+'?res=script&redir=other&id=script-src-redir"></script>');
     return;
   }
 
   // external stylesheet that redirects to another site
   if (query["testid"] == "style-src") {
-    response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=style&redir=other&id=style-src-redir"></link>');
+    response.write('<link rel="stylesheet" type="text/css" href="'+resource+'?res=style&redir=other&id=style-src-redir"></script>');
     return;
   }
 
   // worker script resource that redirects to another site
   if (query["testid"] == "worker") {
-    response.write('<script>var worker = new Worker("'+resource+'?res=worker&redir=other&id=worker-redir");</script>');
+    response.write('<script src="'+resource+'?res=worker&redir=other&id=worker-redir"></script>');
     return;
   }
 
   // script that XHR's to a resource that redirects to another site
   if (query["testid"] == "xhr-src") {
     response.write('<script src="'+resource+'?res=xhr"></script>');
     return;
   }
--- a/dom/security/test/csp/file_redirects_resource.sjs
+++ b/dom/security/test/csp/file_redirects_resource.sjs
@@ -117,19 +117,28 @@ function handleRequest(request, response
     let scriptURL = thisSite + resource + "?redir=other&res=script&id=" + query["id"];
     response.setHeader("Content-Type", "application/javascript", false);
     response.write("importScripts('" + scriptURL + "');");
     return;
   }
 
   // script that invokes XHR
   if (query["res"] == "xhr") {
-    response.setHeader("Content-Type", "application/javascript", false);
-    var resp = 'var x = new XMLHttpRequest();x.open("GET", "' + otherSite +
-               resource+'?res=xhr-resp&testid=xhr-src-redir", false);\n' +
+    response.setHeader("Content-Type", "text/html", false);
+    var resp = 'var x = new XMLHttpRequest(); x.open("GET", "' + otherSite +
+               resource+'?res=xhr-resp&testid=xhr-src-redir", false); ' +
+               'x.send(null);';
+    response.write(resp);
+    return;
+  }
+
+  if (query["res"] == "xhr") {
+    response.setHeader("Content-Type", "text/html", false);
+    var resp = 'var x = new XMLHttpRequest(); x.open("GET", "' + otherSite +
+               resource+'?res=xhr-resp&testid=xhr-src-redir", false); ' +
                'x.send(null);';
     response.write(resp);
     return;
   }
 
   // response to XHR
   if (query["res"] == "xhr-resp") {
     response.setHeader("Access-Control-Allow-Origin", "*", false);
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -127,29 +127,16 @@ support-files =
   file_upgrade_insecure_referrer_server.sjs
   file_upgrade_insecure_cors.html
   file_upgrade_insecure_cors_server.sjs
   file_report_for_import.css
   file_report_for_import.html
   file_report_for_import_server.sjs
   file_service_worker.html
   file_service_worker.js
-  file_child-src_iframe.html
-  file_child-src_inner_frame.html
-  file_child-src_worker.html
-  file_child-src_worker_data.html
-  file_child-src_worker-redirect.html
-  file_child-src_worker.js
-  file_child-src_service_worker.html
-  file_child-src_service_worker.js
-  file_child-src_shared_worker.html
-  file_child-src_shared_worker_data.html
-  file_child-src_shared_worker-redirect.html
-  file_child-src_shared_worker.js
-  file_redirect_worker.sjs
 
 [test_base-uri.html]
 [test_blob_data_schemes.html]
 [test_connect-src.html]
 [test_CSP.html]
 [test_allow_https_schemes.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_bug663567.html]
@@ -209,12 +196,8 @@ skip-if = buildapp == 'b2g' || buildapp 
 skip-if = buildapp == 'b2g' || buildapp == 'mulet' || toolkit == 'gonk' || toolkit == 'android'
 [test_upgrade_insecure_cors.html]
 skip-if = buildapp == 'b2g' || buildapp == 'mulet' || toolkit == 'gonk' || toolkit == 'android'
 [test_report_for_import.html]
 [test_blocked_uri_in_reports.html]
 skip-if = e10s || buildapp == 'b2g' # http-on-opening-request observer not supported in child process (bug 1009632)
 [test_service_worker.html]
 skip-if = buildapp == 'b2g' #no ssl support
-[test_child-src_worker.html]
-[test_child-src_worker_data.html]
-[test_child-src_worker-redirect.html]
-[test_child-src_iframe.html]
deleted file mode 100644
--- a/dom/security/test/csp/test_child-src_iframe.html
+++ /dev/null
@@ -1,114 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1045891</title>
-  <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-  <p id="display"></p>
-  <div id="content" style="visibility: hidden">
-  </div>
-
-<script class="testbody" type="text/javascript">
-
-/*
- * Description of the test:
- *   We load a page with a given CSP and verify that child frames and workers are correctly
- *   evaluated through the "child-src" directive.
- */
-
-SimpleTest.waitForExplicitFinish();
-
-var IFRAME_SRC="file_child-src_iframe.html"
-
-var tests = {
-  'same-src': {
-    id: "same-src",
-    file: IFRAME_SRC,
-    result : "allowed",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888"
-  },
-  'star-src': {
-    id: "star-src",
-    file: IFRAME_SRC,
-    result : "allowed",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-  },
-  'other-src': {
-    id: "other-src",
-    file: IFRAME_SRC,
-    result : "blocked",
-    policy : "default-src http://mochi.test:8888; script-src 'unsafe-inline'; child-src http://www.example.com"
-  },
-  'same-src-by-frame-src': {
-    id: "same-src-by-frame-src",
-    file: IFRAME_SRC,
-    result : "allowed",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src http://mochi.test:8888"
-  },
-  'star-src-by-frame-src': {
-    id: "star-src-by-frame-src",
-    file: IFRAME_SRC,
-    result : "allowed",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'none'; frame-src *"
-  },
-  'other-src-by-frame-src': {
-    id: "other-src-by-frame-src",
-    file: IFRAME_SRC,
-    result : "blocked",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src http://www.example.com"
-  },
-  'none-src-by-frame-src': {
-    id: "none-src-by-frame-src",
-    file: "file_child-src_iframe.html",
-    file: IFRAME_SRC,
-    result : "blocked",
-    policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888; frame-src 'none'"
-  }
-};
-
-finished = {};
-
-function checkFinished() {
-  if (Object.keys(finished).length == Object.keys(tests).length) {
-    window.removeEventListener('message', recvMessage);
-    SimpleTest.finish();
-  }
-}
-
-function recvMessage(ev) {
-  is(ev.data.message, tests[ev.data.id].result, "CSP child-src test " + ev.data.id);
-  finished[ev.data.id] = ev.data.message;
-
-  checkFinished();
-}
-
-window.addEventListener('message', recvMessage, false);
-
-function loadNextTest() {
-  for (item in tests) {
-    test = tests[item];
-    var src = "file_testserver.sjs";
-    // append the file that should be served
-    src += "?file=" + escape("tests/dom/security/test/csp/" + test.file);
-    // append the CSP that should be used to serve the file
-    src += "&csp=" + escape(test.policy);
-    // add our identifier
-    src += "#" + escape(test.id);
-
-    content = document.getElementById('content');
-    testframe = document.createElement("iframe");
-    testframe.setAttribute('id', test.id);
-    content.appendChild(testframe);
-    testframe.src = src;
-  }
-}
-
-// start running the tests
-loadNextTest();
-
-</script>
-</body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/test_child-src_worker-redirect.html
+++ /dev/null
@@ -1,125 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-    <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <p id="display"></p>
-    <div id="content" style="visibility: hidden">
-    </div>
-
-    <script class="testbody" type="text/javascript">
-      /*
-       * Description of the test:
-       *   We load a page with a given CSP and verify that child frames and workers are correctly
-       *   evaluated through the "child-src" directive.
-       */
-
-      SimpleTest.waitForExplicitFinish();
-
-      var WORKER_REDIRECT_TEST_FILE = "file_child-src_worker-redirect.html";
-      var SHARED_WORKER_REDIRECT_TEST_FILE = "file_child-src_shared_worker-redirect.html";
-
-      var tests = {
-        'same-src-worker_redir-same': {
-          id: "same-src-worker_redir-same",
-          file: WORKER_REDIRECT_TEST_FILE,
-          result : "allowed",
-          redir: "same",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'same-src-worker_redir-other': {
-          id: "same-src-worker_redir-other",
-          file: WORKER_REDIRECT_TEST_FILE,
-          result : "blocked",
-          redir: "other",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'star-src-worker_redir-same': {
-          id: "star-src-worker_redir-same",
-          file: WORKER_REDIRECT_TEST_FILE,
-          redir: "same",
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src *"
-        },
-        'other-src-worker_redir-same': {
-          id: "other-src-worker_redir-same",
-          file: WORKER_REDIRECT_TEST_FILE,
-          redir: "same",
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src https://www.example.org"
-        },
-        /* shared workers */
-        'same-src-shared_worker_redir-same': {
-          id: "same-src-shared_worker_redir-same",
-          file: SHARED_WORKER_REDIRECT_TEST_FILE,
-          result : "allowed",
-          redir: "same",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'same-src-shared_worker_redir-other': {
-          id: "same-src-shared_worker_redir-other",
-          file: SHARED_WORKER_REDIRECT_TEST_FILE,
-          result : "blocked",
-          redir: "other",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'star-src-shared_worker_redir-same': {
-          id: "star-src-shared_worker_redir-same",
-          file: SHARED_WORKER_REDIRECT_TEST_FILE,
-          redir: "same",
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src *"
-        },
-        'other-src-shared_worker_redir-same': {
-          id: "other-src-shared_worker_redir-same",
-          file: SHARED_WORKER_REDIRECT_TEST_FILE,
-          redir: "same",
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'self' 'unsafe-inline'; child-src https://www.example.org"
-        },
-      };
-
-      finished = {};
-
-      function recvMessage(ev) {
-        is(ev.data.message, tests[ev.data.id].result, "CSP child-src worker test " + ev.data.id);
-        finished[ev.data.id] = ev.data.message;
-
-        if (Object.keys(finished).length == Object.keys(tests).length) {
-          window.removeEventListener('message', recvMessage);
-          SimpleTest.finish();
-        }
-      }
-
-      window.addEventListener('message', recvMessage, false);
-
-      function loadNextTest() {
-        for (item in tests) {
-          test = tests[item];
-          var src = "file_testserver.sjs";
-          // append the file that should be served
-          src += "?file=" + escape("tests/dom/security/test/csp/" + test.file);
-          // append the CSP that should be used to serve the file
-          src += "&csp=" + escape(test.policy);
-          // add whether redirect is to same or different
-          src += "&redir=" + escape(test.policy);
-          // add our identifier
-          src += "#" + escape(test.id);
-
-          content = document.getElementById('content');
-          testframe = document.createElement("iframe");
-          testframe.setAttribute('id', test.id);
-          content.appendChild(testframe);
-          testframe.src = src;
-        }
-      }
-
-      // start running the tests
-      loadNextTest();
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/test_child-src_worker.html
+++ /dev/null
@@ -1,131 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-    <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <p id="display"></p>
-    <div id="content" style="visibility: hidden">
-    </div>
-
-    <script class="testbody" type="text/javascript">
-      /*
-       * Description of the test:
-       *   We load a page with a given CSP and verify that child frames and workers are correctly
-       *   evaluated through the "child-src" directive.
-       */
-
-      SimpleTest.waitForExplicitFinish();
-
-      var WORKER_TEST_FILE = "file_child-src_worker.html";
-      var SERVICE_WORKER_TEST_FILE = "file_child-src_service_worker.html";
-      var SHARED_WORKER_TEST_FILE = "file_child-src_shared_worker.html";
-
-      var tests = {
-        'same-src-worker': {
-          id: "same-src-worker",
-          file: WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'same-src-service_worker': {
-          id: "same-src-service_worker",
-          file: SERVICE_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'same-src-shared_worker': {
-          id: "same-src-shared_worker",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src http://mochi.test:8888"
-        },
-        'star-src-worker': {
-          id: "star-src-worker",
-          file: WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-        },
-        'star-src-service_worker': {
-          id: "star-src-service_worker",
-          file: SERVICE_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-        },
-        'star-src-shared_worker': {
-          id: "star-src-shared_worker",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-        },
-        'other-src-worker': {
-          id: "other-src-worker",
-          file: WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org"
-        },
-        'other-src-service_worker': {
-          id: "other-src-service_worker",
-          file: SERVICE_WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org"
-        },
-        'other-src-shared_worker': {
-          id: "other-src-shared_worker",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org"
-        },
-      };
-
-      finished = {};
-
-      function recvMessage(ev) {
-        is(ev.data.message, tests[ev.data.id].result, "CSP child-src worker test " + ev.data.id);
-        finished[ev.data.id] = ev.data.message;
-
-        if (Object.keys(finished).length == Object.keys(tests).length) {
-          window.removeEventListener('message', recvMessage);
-          SimpleTest.finish();
-        }
-      }
-
-      window.addEventListener('message', recvMessage, false);
-
-      function loadNextTest() {
-        for (item in tests) {
-          test = tests[item];
-          var src = "file_testserver.sjs";
-          // append the file that should be served
-          src += "?file=" + escape("tests/dom/security/test/csp/" + test.file);
-          // append the CSP that should be used to serve the file
-          src += "&csp=" + escape(test.policy);
-          // add our identifier
-          src += "#" + escape(test.id);
-
-          content = document.getElementById('content');
-          testframe = document.createElement("iframe");
-          testframe.setAttribute('id', test.id);
-          content.appendChild(testframe);
-          testframe.src = src;
-        }
-      }
-
-      onload = function() {
-        SpecialPowers.pushPrefEnv({"set": [
-          ["dom.serviceWorkers.exemptFromPerDomainMax", true],
-          ["dom.serviceWorkers.interception.enabled", true],
-          ["dom.serviceWorkers.enabled", true],
-          ["dom.serviceWorkers.testing.enabled", true],
-          ["dom.caches.enabled", true]
-        ]}, loadNextTest);
-      };
-
-      // start running the tests
-      //loadNextTest();
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/security/test/csp/test_child-src_worker_data.html
+++ /dev/null
@@ -1,126 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-  <head>
-    <title>Bug 1045891</title>
-    <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <p id="display"></p>
-    <div id="content" style="visibility: hidden">
-    </div>
-
-    <script class="testbody" type="text/javascript">
-      /*
-       * Description of the test:
-       *   We load a page with a given CSP and verify that child frames and workers are correctly
-       *   evaluated through the "child-src" directive.
-       */
-
-      SimpleTest.waitForExplicitFinish();
-
-      var WORKER_TEST_FILE = "file_child-src_worker_data.html";
-      var SHARED_WORKER_TEST_FILE = "file_child-src_shared_worker_data.html";
-
-      var tests = {
-        'same-src-worker-no-data': {
-          id: "same-src-worker-no-data",
-          file: WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self'"
-        },
-        'same-src-worker': {
-          id: "same-src-worker",
-          file: WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self' data:"
-        },
-        'same-src-shared_worker-no-data': {
-          id: "same-src-shared_worker-no-data",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self'"
-        },
-        'same-src-shared_worker': {
-          id: "same-src-shared_worker",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src 'self' data:"
-        },
-        'star-src-worker': {
-          id: "star-src-worker",
-          file: WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src * data:"
-        },
-        'star-src-worker-no-data': {
-          id: "star-src-worker-no-data",
-          file: WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-        },
-        'star-src-shared_worker-no-data': {
-          id: "star-src-shared_worker-no-data",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src *"
-        },
-        'star-src-shared_worker': {
-          id: "star-src-shared_worker",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "allowed",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src * data:"
-        },
-        'other-src-worker-no-data': {
-          id: "other-src-worker-no-data",
-          file: WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org"
-        },
-        'other-src-shared_worker-no-data': {
-          id: "other-src-shared_worker-no-data",
-          file: SHARED_WORKER_TEST_FILE,
-          result : "blocked",
-          policy : "default-src 'none'; script-src 'unsafe-inline'; child-src https://www.example.org"
-        },
-      };
-
-      finished = {};
-
-      function recvMessage(ev) {
-        is(ev.data.message, tests[ev.data.id].result, "CSP child-src worker test " + ev.data.id);
-        finished[ev.data.id] = ev.data.message;
-
-        if (Object.keys(finished).length == Object.keys(tests).length) {
-          window.removeEventListener('message', recvMessage);
-          SimpleTest.finish();
-        }
-      }
-
-      window.addEventListener('message', recvMessage, false);
-
-      function loadNextTest() {
-        for (item in tests) {
-          test = tests[item];
-          var src = "file_testserver.sjs";
-          // append the file that should be served
-          src += "?file=" + escape("tests/dom/security/test/csp/" + test.file);
-          // append the CSP that should be used to serve the file
-          src += "&csp=" + escape(test.policy);
-          // add our identifier
-          src += "#" + escape(test.id);
-
-          content = document.getElementById('content');
-          testframe = document.createElement("iframe");
-          testframe.setAttribute('id', test.id);
-          content.appendChild(testframe);
-          testframe.src = src;
-        }
-      }
-
-      // start running the tests
-      loadNextTest();
-    </script>
-  </body>
-</html>
--- a/dom/security/test/csp/test_service_worker.html
+++ b/dom/security/test/csp/test_service_worker.html
@@ -14,17 +14,17 @@
 /* Description of the test:
  * Spawning a worker from https://example.com but script-src is 'test1.example.com'
  * CSP is not consulted
  */
 SimpleTest.waitForExplicitFinish();
 
 var tests = [
   {
-    policy: "default-src 'self'; script-src 'unsafe-inline'; child-src test1.example.com;",
+    policy: "default-src 'self'; script-src test1.example.com 'unsafe-inline'",
     expected: "blocked"
   },
 ];
 
 var counter = 0;
 var curTest;
 
 window.addEventListener("message", receiveMessage, false);
--- a/dom/security/test/csp/test_worker_redirect.html
+++ b/dom/security/test/csp/test_worker_redirect.html
@@ -32,21 +32,21 @@
  * The main test is loaded using:
  *   http://mochi.test:8888
  * where the imported script gets redirected to:
  *   http://test1.example.com
  */
 
 var tests = [
   {
-    policy: "default-src 'self'; script-src 'self' 'unsafe-eval'; child-src 'self' http://test1.example.com;",
+    policy: "default-src 'self'; script-src 'self' 'unsafe-eval' http://test1.example.com;",
     expected: "allowed"
   },
   {
-    policy: "default-src 'self'; script-src 'self' 'unsafe-eval'; child-src 'self';",
+    policy: "default-src 'self'; script-src 'self' 'unsafe-eval';",
     expected: "blocked",
   },
 ];
 
 var counter = 0;
 var curTest;
 
 function checkResult(aResult) {
--- a/dom/webidl/CSPDictionaries.webidl
+++ b/dom/webidl/CSPDictionaries.webidl
@@ -21,14 +21,13 @@ dictionary CSP {
   sequence<DOMString> report-uri;
   sequence<DOMString> frame-ancestors;
   // sequence<DOMString> reflected-xss; // not suppored in Firefox
   sequence<DOMString> base-uri;
   sequence<DOMString> form-action;
   sequence<DOMString> referrer;
   sequence<DOMString> manifest-src;
   sequence<DOMString> upgrade-insecure-requests;
-  sequence<DOMString> child-src;
 };
 
 dictionary CSPPolicies {
   sequence<CSP> csp-policies;
 };
--- a/testing/web-platform/meta/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/blink-contrib/self-doesnt-match-blob.sub.html.ini
@@ -1,5 +1,5 @@
 [self-doesnt-match-blob.sub.html]
   type: testharness
   [Violation report status OK.]
-    expected: PASS
+    expected: FAIL
 
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/meta/content-security-policy/blink-contrib/star-doesnt-match-blob.sub.html.ini
@@ -0,0 +1,5 @@
+[star-doesnt-match-blob.sub.html]
+  type: testharness
+  [Violation report status OK.]
+    expected: FAIL
+
--- a/testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-blocked.sub.html.ini
@@ -1,9 +1,8 @@
 [child-src-blocked.sub.html]
   type: testharness
-
   [Expecting logs: ["PASS IFrame #1 generated a load event."\]]
     expected: FAIL
 
   [Violation report status OK.]
-    expected: PASS
+    expected: FAIL
 
--- a/testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-cross-origin-load.sub.html.ini
@@ -1,14 +1,14 @@
 [child-src-cross-origin-load.sub.html]
   type: testharness
   disabled:
     if e10s: https://bugzilla.mozilla.org/show_bug.cgi?id=1209756
+  [Expecting alerts: ["PASS","PASS"\]]
+    expected:
+      if debug and not e10s and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
+      if not debug and not e10s and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
+      if not debug and not e10s and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
+      if debug and not e10s and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
 
-  [Expecting logs: ["PASS IFrame #1 generated a load event.","PASS IFrame #2 generated a load event.","PASS IFrame #3 generated a load event."\]]
+  [Violation report status OK.]
     expected: FAIL
 
-  [Expecting alerts: ["PASS","PASS"\]]
-    expected: PASS
-
-  [Violation report status OK.]
-    expected: PASS
-
--- a/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
+++ b/testing/web-platform/meta/content-security-policy/child-src/child-src-worker-blocked.sub.html.ini
@@ -1,8 +1,8 @@
 [child-src-worker-blocked.sub.html]
   type: testharness
   [Expecting alerts: ["PASS"\]]
-    expected: PASS
+    expected: FAIL
 
   [Violation report status OK.]
-    expected: PASS
+    expected: FAIL