Bug 945268 - Modify CSP tests to work on multiprocess (e10s/B2G). r=sstamm, r=rcampbell
authorGarrett Robinson <grobinson@mozilla.com>
Wed, 11 Dec 2013 16:57:19 -0800
changeset 162974 6520037420c15ce13707f03e0eae38bf2bc70bd4
parent 162973 cd76ca8799927284e5d1af528e805b95470a0954
child 162975 e4a784a2c735d1326ecc6338075a838889e1e3ed
push id25977
push userttaubert@mozilla.com
push dateSun, 12 Jan 2014 09:26:17 +0000
treeherdermozilla-central@b029e8d3e130 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssstamm, rcampbell
bugs945268
milestone29.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 945268 - Modify CSP tests to work on multiprocess (e10s/B2G). r=sstamm, r=rcampbell
content/base/test/csp/test_CSP.html
content/base/test/csp/test_CSP_bug909029.html
content/base/test/csp/test_CSP_bug916446.html
content/base/test/csp/test_CSP_bug941404.html
content/base/test/csp/test_CSP_evalscript.html
content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html
content/base/test/csp/test_CSP_frameancestors.html
content/base/test/csp/test_bothCSPheaders.html
content/base/test/csp/test_bug836922_npolicies.html
content/base/test/csp/test_bug886164.html
content/base/test/csp/test_csp_redirects.html
content/base/test/csp/test_nonce_source.html
testing/mochitest/b2g.json
testing/specialpowers/components/SpecialPowersObserver.js
testing/specialpowers/content/specialpowersAPI.js
--- a/content/base/test/csp/test_CSP.html
+++ b/content/base/test/csp/test_CSP.html
@@ -1,29 +1,26 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Content Security Policy Connections</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
-
-  
 </div>
-
 <iframe style="width:200px;height:200px;" id='cspframe'></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe2'></iframe>
 <script class="testbody" type="text/javascript">
 
 var path = "/tests/content/base/test/csp/";
 
-// These are test results: -1 means it hasn't run, 
+// These are test results: -1 means it hasn't run,
 // true/false is the pass/fail result.
 window.tests = {
   img_good: -1,
   img_bad: -1,
   style_good: -1,
   style_bad: -1,
   frame_good: -1,
   frame_bad: -1,
@@ -50,61 +47,58 @@ window.tests = {
   media_spec_compliant_good: -1,
   media_spec_compliant_bad: -1,
   font_spec_compliant_good: -1,
   font_spec_compliant_bad: -1,
   object_spec_compliant_good: -1,
   object_spec_compliant_bad: -1,
 };
 
-
-// This is used to watch the blocked data bounce off CSP and allowed data 
+// This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-      
     var testpat = new RegExp("testid=([a-z0-9_]+)");
 
     //_good things better be allowed!
     //_bad things better be stopped!
 
-    if (topic === "http-on-modify-request") {
-      //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
+    // This is a special observer topic that is proxied from
+    // http-on-modify-request in the parent process to inform us when a URI is
+    // loaded
+    if (topic === "specialpowers-http-notify-request") {
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
 
       window.testResult(testid,
                         /_good/.test(testid),
-                        asciiSpec + " allowed by csp");
+                        uri + " allowed by csp");
     }
 
-    if(topic === "csp-on-violate-policy") {
-      //these were blocked... record that they were blocked
+    if (topic === "csp-on-violate-policy") {
+      // these were blocked... record that they were blocked
       var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
       if (!testpat.test(asciiSpec)) return;
       var testid = testpat.exec(asciiSpec)[1];
       window.testResult(testid,
                         /_bad/.test(testid),
                         asciiSpec + " blocked by \"" + data + "\"");
     }
   },
 
-  // must eventually call this to remove the listener, 
+  // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 
 window.testResult = function(testname, result, msg) {
   //test already complete.... forget it... remember the first result.
   if (window.tests[testname] != -1)
@@ -121,17 +115,23 @@ window.testResult = function(testname, r
   // ... otherwise, finish
   window.examiner.remove();
   SimpleTest.finish();
 }
 
 SimpleTest.waitForExplicitFinish();
 
 SpecialPowers.pushPrefEnv(
-  {'set':[["security.csp.speccompliant", true]]},
+  {'set':[["security.csp.speccompliant", true],
+          // This defaults to 0 ("preload none") on mobile (B2G/Android), which
+          // blocks loading the resource until the user interacts with a
+          // corresponding widget, which breaks the media_* tests. We set it
+          // back to the default used by desktop Firefox to get consistent
+          // behavior.
+          ["media.preload.default", 2]]},
     function() {
       // save this for last so that our listeners are registered.
       // ... this loads the testbed of good and bad requests.
       document.getElementById('cspframe').src = 'file_CSP_main.html';
       document.getElementById('cspframe2').src = 'file_CSP_main_spec_compliant.html';
     });
 </script>
 </pre>
--- a/content/base/test/csp/test_CSP_bug909029.html
+++ b/content/base/test/csp/test_CSP_bug909029.html
@@ -21,32 +21,26 @@ window.tests = {
   starInlineStyleAllowed: -1,
   starInlineScriptBlocked: -1,
   noneInlineStyleAllowed: -1,
   noneInlineScriptBlocked: -1
 }
 
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testpat = new RegExp("testid=([a-zA-Z]+)");
 
-    if (topic === "http-on-modify-request") {
-      //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec))
-        return;
-      var testid = testpat.exec(asciiSpec)[1];
+    if (topic === "specialpowers-http-notify-request") {
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
       window.testResult(testid,
                         /Loaded/.test(testid),
                         "resource loaded");
     }
 
     if(topic === "csp-on-violate-policy") {
       // these were blocked... record that they were blocked
       // try because the subject could be an nsIURI or an nsISupportsCString
@@ -65,17 +59,17 @@ examiner.prototype  = {
       }
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 
 window.testResult = function(testname, result, msg) {
   //dump("in testResult: testname = " + testname + "\n");
 
--- a/content/base/test/csp/test_CSP_bug916446.html
+++ b/content/base/test/csp/test_CSP_bug916446.html
@@ -14,34 +14,30 @@
 <iframe style="width:200px;height:200px;" id='testframe'></iframe>
 
 <script class="testbody" type="text/javascript">
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   completedTests: 0,
   totalTests: 4,
 
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testpat = new RegExp("testid=([a-z0-9_]+)");
 
-    if (topic === "http-on-modify-request") {
-      //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
+    if (topic === "specialpowers-http-notify-request") {
+      // these things were allowed by CSP
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
       if (testid === "img_bad") {
         // img_bad should be *allowed* because the policy is report-only
         ok(true, "Inline scripts should execute (because the policy is report-only)");
         this.completedTests++;
       }
     }
 
     if(topic === "csp-on-violate-policy") {
@@ -64,17 +60,17 @@ examiner.prototype  = {
       }
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 
 function checkInlineScriptExecuted() {
   var green = 'rgb(0, 128, 0)';
   var black = 'rgb(0, 0, 0)';
--- a/content/base/test/csp/test_CSP_bug941404.html
+++ b/content/base/test/csp/test_CSP_bug941404.html
@@ -28,39 +28,35 @@ window.tests = {
 
 
 //csp related
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testpat = new RegExp("testid=([a-z0-9_]+)");
 
     //_good things better be allowed!
     //_bad things better be stopped!
 
-    if (topic === "http-on-modify-request") {
+    if (topic === "specialpowers-http-notify-request") {
       //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
 
       window.testResult(testid,
                         /_good/.test(testid),
-                        asciiSpec + " allowed by csp");
+                        uri + " allowed by csp");
     }
 
     if(topic === "csp-on-violate-policy") {
       //these were blocked... record that they were blocked
       var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
       if (!testpat.test(asciiSpec)) return;
       var testid = testpat.exec(asciiSpec)[1];
       window.testResult(testid,
@@ -68,17 +64,17 @@ examiner.prototype  = {
                         asciiSpec + " blocked by \"" + data + "\"");
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 
 window.testResult = function(testname, result, msg) {
   //test already complete.... forget it... remember the first result.
   if (window.tests[testname] != -1)
--- a/content/base/test/csp/test_CSP_evalscript.html
+++ b/content/base/test/csp/test_CSP_evalscript.html
@@ -1,34 +1,30 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Content Security Policy "no eval" base restriction</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
-
-  
 </div>
-
 <iframe style="width:100%;height:300px;" id='cspframe'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
 <script class="testbody" type="text/javascript">
 
 var path = "/tests/content/base/test/csp/";
 
 var evalScriptsThatRan = 0;
 var evalScriptsBlocked = 0;
 var evalScriptsTotal = 24;
 
-
 // called by scripts that run
 var scriptRan = function(shouldrun, testname, data) {
   evalScriptsThatRan++;
   ok(shouldrun, 'EVAL SCRIPT RAN: ' + testname + '(' + data + ')');
   checkTestResults();
 }
 
 // called when a script is blocked
--- a/content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html
+++ b/content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html
@@ -1,50 +1,45 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Content Security Policy "no eval" in crypto.getCRMFRequest()</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
-
-  
 </div>
-
 <iframe style="width:100%;height:300px;" id='cspframe'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe3'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe4'></iframe>
 <script class="testbody" type="text/javascript">
 
 var path = "/tests/content/base/test/csp/";
 
 var evalScriptsThatRan = 0;
 var evalScriptsBlocked = 0;
 var evalScriptsTotal = 4;
 
-
 // called by scripts that run
 var scriptRan = function(shouldrun, testname, data) {
   evalScriptsThatRan++;
   ok(shouldrun, 'EVAL SCRIPT RAN: ' + testname + '(' + data + ')');
   checkTestResults();
 }
 
 // called when a script is blocked
 var scriptBlocked = function(shouldrun, testname, data) {
   evalScriptsBlocked++;
   ok(!shouldrun, 'EVAL SCRIPT BLOCKED: ' + testname + '(' + data + ')');
   checkTestResults();
 }
 
-
 // Check to see if all the tests have run
 var checkTestResults = function() {
   // if any test is incomplete, keep waiting
   if (evalScriptsTotal - evalScriptsBlocked - evalScriptsThatRan > 0)
     return;
 
   // ... otherwise, finish
   SimpleTest.finish();
--- a/content/base/test/csp/test_CSP_frameancestors.html
+++ b/content/base/test/csp/test_CSP_frameancestors.html
@@ -1,29 +1,26 @@
 <!DOCTYPE HTML>
 <html>
 <head>
   <title>Test for Content Security Policy Frame Ancestors directive</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
-
-  
 </div>
-
 <iframe style="width:100%;height:300px;" id='cspframe'></iframe>
 <iframe style="width:100%;height:300px;" id='cspframe2'></iframe>
 <script class="testbody" type="text/javascript">
 
 var path = "/tests/content/base/test/csp/";
 
-// These are test results: -1 means it hasn't run, 
+// These are test results: -1 means it hasn't run,
 // true/false is the pass/fail result.
 var framesThatShouldLoad = {
   aa_allow: -1,    /* innermost frame allows a */
   //aa_block: -1,    /* innermost frame denies a */
   //aa2_block: -1,    /* innermost frame denies a */
   ab_allow: -1,    /* innermost frame allows a */
   //ab_block: -1,    /* innermost frame denies a */
   aba_allow: -1,   /* innermost frame allows b,a */
@@ -42,35 +39,35 @@ var framesThatShouldLoad = {
   //aba2_block_spec_compliant: -1,  /* innermost frame denies a */
   abb_allow_spec_compliant: -1,   /* innermost frame allows b,a */
   //abb_block_spec_compliant: -1,   /* innermost frame denies b */
   //abb2_block_spec_compliant: -1,  /* innermost frame denies a */
 };
 
 var expectedViolationsLeft = 14;
 
-// This is used to watch the blocked data bounce off CSP and allowed data 
+// This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
     // subject should be an nsURI, and should be either allowed or blocked.
     if (!SpecialPowers.can_QI(subject))
       return;
-      
+
     if (topic === "csp-on-violate-policy") {
       //these were blocked... record that they were blocked
       var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
       window.frameBlocked(asciiSpec, data);
     }
   },
 
-  // must eventually call this to remove the listener, 
+  // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
   }
 }
 
 // called when a frame is loaded
 // -- if it's not enumerated above, it should not load!
--- a/content/base/test/csp/test_bothCSPheaders.html
+++ b/content/base/test/csp/test_bothCSPheaders.html
@@ -19,28 +19,24 @@ var prefixedHeaderImgURL = "http://examp
 var unprefixedHeaderImgURL = "http://mochi.test:8888/unprefixed.jpg";
 var testsRun = 0;
 var totalTests = 2;
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if(!SpecialPowers.can_QI(subject))
-      return;
-
-    if (topic === "http-on-modify-request") {
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (asciiSpec == prefixedHeaderImgURL || asciiSpec == unprefixedHeaderImgURL) {
-        is(asciiSpec, unprefixedHeaderImgURL, "Load was allowed - should be allowed by unprefixed header (blocked by prefixed)");
+    if (topic === "specialpowers-http-notify-request") {
+      var allowedUri = data;
+      if (allowedUri == prefixedHeaderImgURL || allowedUri == unprefixedHeaderImgURL) {
+        is(allowedUri, unprefixedHeaderImgURL, "Load was allowed - should be allowed by unprefixed header (blocked by prefixed)");
         testRan();
       }
     }
 
     if (topic === "csp-on-violate-policy") {
       // the load was blocked, this is a pass, the Content-Security-Policy
       // header doesn't allow the load, but the X-Content-Security-Header does
       var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
@@ -50,17 +46,17 @@ examiner.prototype  = {
       }
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 SimpleTest.waitForExplicitFinish();
 
 function testRan() {
   testsRun++;
--- a/content/base/test/csp/test_bug836922_npolicies.html
+++ b/content/base/test/csp/test_bug836922_npolicies.html
@@ -38,43 +38,37 @@ window.violation_reports = {
   script_self:
   {expected: 0, expected_ro: 1},  /* violates report-only */
 };
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.  This also watches for violation reports to go out.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if(!SpecialPowers.can_QI(subject))
-       return;
-
     var testpat = new RegExp("testid=([a-z0-9_]+)");
 
-    if (topic === "http-on-modify-request") {
-      var asciiSpec = SpecialPowers.getPrivilegedProps(
-                        SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"),
-                        "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
+    if (topic === "specialpowers-http-notify-request") {
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
 
       // violation reports don't come through here, but the requested resources do
       // if the test has already finished, move on.  Some things throw multiple
       // requests (preloads and such)
       try {
         if (window.loads[testid].verified) return;
       } catch(e) { return; }
 
       // these are requests that were allowed by CSP
-      var testid = testpat.exec(asciiSpec)[1];
-      window.testResult(testid, 'allowed', asciiSpec + " allowed by csp");
+      var testid = testpat.exec(uri)[1];
+      window.testResult(testid, 'allowed', uri + " allowed by csp");
     }
 
     if(topic === "csp-on-violate-policy") {
       // if the violated policy was report-only, the resource will still be
       // loaded even if this topic is notified.
       var asciiSpec = SpecialPowers.getPrivilegedProps(
                         SpecialPowers.do_QueryInterface(subject, "nsIURI"),
                         "asciiSpec");
@@ -107,17 +101,17 @@ examiner.prototype  = {
     window.bug836922examiner.remove();
     window.resultPoller.pollForFinish();
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 window.bug836922examiner = new examiner();
 
 
 // Poll for results and see if enough reports came in.  Keep trying
 // for a few seconds before failing with lack of reports.
 // Have to do this because there's a race between the async reporting
--- a/content/base/test/csp/test_bug886164.html
+++ b/content/base/test/csp/test_bug886164.html
@@ -4,20 +4,17 @@
   <meta charset="utf-8">
   <title>Bug 886164 - Enforce CSP in sandboxed iframe</title>
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
-
-
 </div>
-
 <iframe style="width:200px;height:200px;" id='cspframe'  sandbox="allow-same-origin"></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe2' sandbox></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe3' sandbox="allow-same-origin"></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe4' sandbox></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe5' sandbox="allow-scripts"></iframe>
 <iframe style="width:200px;height:200px;" id='cspframe6' sandbox="allow-same-origin allow-scripts"></iframe>
 <script class="testbody" type="text/javascript">
 
@@ -91,38 +88,34 @@ function ok_wrapper(result, desc) {
 
 
 //csp related
 
 // This is used to watch the blocked data bounce off CSP and allowed data
 // get sent out to the wire.
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testpat = new RegExp("testid=([a-z0-9_]+)");
 
     //_good things better be allowed!
     //_bad things better be stopped!
 
-    if (topic === "http-on-modify-request") {
+    if (topic === "specialpowers-http-notify-request") {
       //these things were allowed by CSP
-      var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      var testid = testpat.exec(asciiSpec)[1];
+      var uri = data;
+      if (!testpat.test(uri)) return;
+      var testid = testpat.exec(uri)[1];
 
       window.testResult(testid,
                         /_good/.test(testid),
-                        asciiSpec + " allowed by csp");
+                        uri + " allowed by csp");
     }
 
     if(topic === "csp-on-violate-policy") {
       //these were blocked... record that they were blocked
       var asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
       if (!testpat.test(asciiSpec)) return;
       var testid = testpat.exec(asciiSpec)[1];
       window.testResult(testid,
@@ -130,17 +123,17 @@ examiner.prototype  = {
                         asciiSpec + " blocked by \"" + data + "\"");
     }
   },
 
   // must eventually call this to remove the listener,
   // or mochitests might get borked.
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 
 window.examiner = new examiner();
 
 window.testResult = function(testname, result, msg) {
   //test already complete.... forget it... remember the first result.
   if (window.tests[testname] != -1)
--- a/content/base/test/csp/test_csp_redirects.html
+++ b/content/base/test/csp/test_csp_redirects.html
@@ -15,43 +15,40 @@
 <pre id="log"></pre>
 <script class="testbody" type="text/javascript">
 
 var path = "/tests/content/base/test/csp/";
 
 // debugging
 function log(s) {
   return;
+  dump("**" + s + "\n");
   var log = document.getElementById("log");
   log.textContent = log.textContent+s+"\n";
 }
 
 // used to watch if requests are blocked by CSP or allowed through
 function examiner() {
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
 }
 examiner.prototype  = {
   observe: function(subject, topic, data) {
-    // subject should be an nsURI, and should be either allowed or blocked.
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testpat = new RegExp("testid=([a-z0-9-]+)");
     var asciiSpec;
     var testid;
 
-    if (topic === "http-on-modify-request") {
+    if (topic === "specialpowers-http-notify-request") {
       // request was sent
-      asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testpat.test(asciiSpec)) return;
-      testid = testpat.exec(asciiSpec)[1];
+      var allowedUri = data;
+      if (!testpat.test(allowedUri)) return;
+      testid = testpat.exec(allowedUri)[1];
       if (testExpectedResults[testid] == "completed") return;
-      log("allowed: "+asciiSpec);
-      window.testResult(testid, asciiSpec, true);
+      log("allowed: "+allowedUri);
+      window.testResult(testid, allowedUri, true);
     }
 
     else if (topic === "csp-on-violate-policy") {
       // request was blocked
       asciiSpec = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
       if (!testpat.test(asciiSpec)) return;
       testid = testpat.exec(asciiSpec)[1];
       // had to add this check because http-on-modify-request can fire after
@@ -60,17 +57,17 @@ examiner.prototype  = {
       if (testExpectedResults[testid] == "completed") return;
       log("BLOCKED: "+asciiSpec);
       window.testResult(testid, asciiSpec, false);
     }
   },
 
   remove: function() {
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
   }
 }
 window.examiner = new examiner();
 
 // contains { test_frame_id : expected_result }
 var testExpectedResults = { "font-src": true,
                             "font-src-redir": false,
                             "frame-src": true,
@@ -127,17 +124,23 @@ var testResult = function(testName, url,
 
   window.examiner.remove();
   SimpleTest.finish();
 }
 
 SimpleTest.waitForExplicitFinish();
 
 SpecialPowers.pushPrefEnv(
-  {'set':[["security.csp.speccompliant", true]]},
+  {'set':[["security.csp.speccompliant", true],
+          // This defaults to 0 ("preload none") on mobile (B2G/Android), which
+          // blocks loading the resource until the user interacts with a
+          // corresponding widget, which breaks the media_* tests. We set it
+          // back to the default used by desktop Firefox to get consistent
+          // behavior.
+          ["media.preload.default", 2]]},
   function() {
     // save this for last so that our listeners are registered.
     // ... this loads the testbed of good and bad requests.
     document.getElementById("harness").src = "file_csp_redirects_main.html";
   });
 </script>
 </pre>
 
--- a/content/base/test/csp/test_nonce_source.html
+++ b/content/base/test/csp/test_nonce_source.html
@@ -21,64 +21,61 @@ var totalInlineScriptTests = 4;
 
 var scriptNonceViolations = 0;
 var expectedScriptNonceViolations = 2;
 var scriptInlineViolations = 0;
 var expectedScriptInlineViolations = 1;
 
 // This is used to watch the blocked data bounce off CSP
 function examiner() {
-  SpecialPowers.addObserver(this, "http-on-modify-request", false);
+  SpecialPowers.addObserver(this, "specialpowers-http-notify-request", false);
   SpecialPowers.addObserver(this, "csp-on-violate-policy", false);
 }
 
 examiner.prototype = {
   observe: function(subject, topic, data) {
-    if (!SpecialPowers.can_QI(subject))
-      return;
-
     var testid_re = new RegExp("testid=([a-z0-9_]+)");
 
     //_good things better be allowed!
     //_bad things better be blocked!
 
-    if (topic === "http-on-modify-request") {
-      // these things were allowed by CSP
-      var allowed_uri = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIHttpChannel"), "URI.asciiSpec");
-      if (!testid_re.test(allowed_uri)) return;
-      var testid = testid_re.exec(allowed_uri)[1];
+    if (topic === "specialpowers-http-notify-request") {
+      var uri = data;
+      if (!testid_re.test(uri)) return;
+      var testid = testid_re.exec(uri)[1];
       ok(/_good/.test(testid), "Allowed URI with testid " + testid);
       ranTests(1);
     }
 
     if (topic === "csp-on-violate-policy") {
       try {
         // if it is an blocked external load, subject will be the URI of the resource
         var blocked_uri = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsIURI"), "asciiSpec");
         if (!testid_re.test(blocked_uri)) return;
         var testid = testid_re.exec(blocked_uri)[1];
         ok(/_bad/.test(testid), "Blocked URI with testid " + testid);
         ranTests(1);
       } catch (e) {
         // if the subject is blocked inline, data will be a violation msg (defined at the top of contentSecurityPolicy.js)
+        //dump("** exception in csp-on-violate-policy: " + e + "\n");
         var violation_msg = SpecialPowers.getPrivilegedProps(SpecialPowers.do_QueryInterface(subject, "nsISupportsCString"), "data");
         if (/Inline Script/.test(violation_msg)) {
           if (/Inline Script had invalid nonce/.test(violation_msg))
             scriptNonceViolations++;
           if (/Inline Scripts will not execute/.test(violation_msg))
             scriptInlineViolations++;
           window.inlineScriptTestResult("blocked", "blocked",
                                         "Blocked because " + violation_msg);
         }
       }
     }
   },
   // must eventually call this to remove the listener, or mochitests might get borked.
   remove: function() {
-    SpecialPowers.removeObserver(this, "http-on-modify-request");
+    SpecialPowers.removeObserver(this, "specialpowers-http-notify-request");
     SpecialPowers.removeObserver(this, "csp-on-violate-policy");
   }
 }
 
 var inlineScriptTestResult = function(testIs, testShouldBe, description) {
   if (testIs !== testShouldBe) {
     ok(false, description);
   } else {
--- a/testing/mochitest/b2g.json
+++ b/testing/mochitest/b2g.json
@@ -200,41 +200,28 @@
     "dom/devicestorage/ipc/test_ipc.html":"nested ipc not working",
 
     "dom/indexedDB/ipc/test_ipc.html":"nested ipc not working",
     "dom/indexedDB/test/test_lowDiskSpace.html":"this needs probably modification for notifyObserversInParentProcess to be similar as pushPermissions",
 
     "content/base/test/test_object.html":"needs plugin support",
     "content/base/test/test_bug827160.html": "needs plugin support",
 
-    "content/base/test/csp/test_CSP_evalscript.html":"observer not working",
-    "content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html":"observer not working",
-    "content/base/test/csp/test_CSP_frameancestors.html":"observer not working",
-    "content/base/test/csp/test_CSP.html":"observer not working",
-    "content/base/test/csp/test_bug836922_npolicies.html":"observer not working",
-    "content/base/test/csp/test_bug886164.html":"observer not working",
-    "content/base/test/csp/test_CSP_bug916446.html":"observer not working",
-    "content/base/test/csp/test_CSP_bug909029.html":"observer not working",
-    "content/base/test/csp/test_policyuri_regression_from_multipolicy.html":"observer not working",
-    "content/base/test/csp/test_nonce_source.html":"observer not working",
-    "content/base/test/csp/test_CSP_bug941404.html":"observer not working",
-
     "content/base/test/test_CrossSiteXHR_origin.html":"https not working, bug 907770",
     "content/base/test/test_plugin_freezing.html":"",
     "content/base/test/test_bug466409.html":"",
     "content/base/test/test_bug482935.html":"",
     "content/base/test/test_bug498433.html":"",
     "content/base/test/test_bug650386_redirect_301.html":"",
     "content/base/test/test_bug650386_redirect_302.html":"",
     "content/base/test/test_bug650386_redirect_303.html":"",
     "content/base/test/test_bug650386_redirect_307.html":"",
     "content/base/test/test_bug717511.html":"",
     "content/base/test/test_copypaste.xhtml":"bug 904183",
     "content/base/test/test_copypaste.xul":"bug 904183",
-    "content/base/test/csp/test_csp_redirects.html":"",
     "content/base/test/test_fileapi_slice.html":"",
     "content/base/test/test_mixed_content_blocker.html":"",
     "content/base/test/test_mixed_content_blocker_bug803225.html":"",
     "content/base/test/test_mixed_content_blocker_frameNavigation.html":"",
     "content/base/test/test_mozfiledataurl.html":"",
     "content/base/test/test_websocket.html":"",
     "content/base/test/test_websocket_basic.html":"",
     "content/base/test/test_websocket_hello.html":"",
@@ -250,17 +237,16 @@
     "content/events/test/test_bug574663.html":"",
     "content/events/test/test_bug607464.html":"",
     "content/events/test/test_wheel_default_action.html":"",
     "content/base/test/test_bug682592.html":"",	
     "content/html/document/test/test_bug369370.html":"",
     "content/svg/content/test/test_text_selection.html":"Mouse selection not workin on b2g",
     "content/svg/content/test/test_SVGAnimatedImageSMILDisabled.html":"",
     "content/xml/document/test/test_bug392338.html":"",
-    "content/base/test/csp/test_bothCSPheaders.html":"",
     "content/base/test/test_bug383430.html":"",
     "content/base/test/test_bug422403-2.xhtml":"",
     "content/base/test/test_bug424359-1.html":"",
     "content/base/test/test_bug424359-2.html":"",
     "content/base/test/test_mixed_content_blocker_bug803225.html":"",
     "content/html/document/test/test_non-ascii-cookie.html":"",
     "content/html/document/test/test_document.watch.html":"expects document.cookie setting to work",
 
@@ -428,11 +414,13 @@
     "content/html/content/test/test_bug481335.xhtml":"timed out, bug 870262, :visited support",
     "layout/style/test/test_visited_image_loading.html":"bug 870262, :visited support",
     "layout/style/test/test_visited_image_loading_empty.html":"bug 870262, :visited support",
     "layout/style/test/test_visited_lying.html" : "bug 870262, :visited support",
     "layout/style/test/test_visited_pref.html" : "bug 870262, :visited support",
     "layout/style/test/test_visited_reftests.html":"bug 870262, :visited support",
 
     "Harness_sanity/test_sanityEventUtils.html": "bug 688052",
-    "Harness_sanity/test_sanitySimpletest.html": "bug 688052"
+    "Harness_sanity/test_sanitySimpletest.html": "bug 688052",
+
+    "content/base/test/csp/test_CSP_evalscript_getCRMFRequest.html":"no window.crypto support in multiprocess"
   }
 }
--- a/testing/specialpowers/components/SpecialPowersObserver.js
+++ b/testing/specialpowers/components/SpecialPowersObserver.js
@@ -65,16 +65,23 @@ SpecialPowersObserver.prototype = new Sp
 
           this._messageManager.loadFrameScript(CHILD_LOGGER_SCRIPT, true);
           this._messageManager.loadFrameScript(CHILD_SCRIPT_API, true);
           this._messageManager.loadFrameScript(CHILD_SCRIPT, true);
           this._isFrameScriptLoaded = true;
         }
         break;
 
+      case "http-on-modify-request":
+        if (aSubject instanceof Ci.nsIChannel) {
+          let uri = aSubject.URI.spec;
+          this._sendAsyncMessage("specialpowers-http-notify-request", { uri: uri });
+        }
+        break;
+
       case "xpcom-shutdown":
         this.uninit();
         break;
 
       default:
         this._observe(aSubject, aTopic, aData);
         break;
     }
@@ -94,27 +101,29 @@ SpecialPowersObserver.prototype = new Sp
     return this._receiveMessageAPI(aMessage);
   };
 
   SpecialPowersObserver.prototype.init = function(messageManager)
   {
     var obs = Services.obs;
     obs.addObserver(this, "xpcom-shutdown", false);
     obs.addObserver(this, "chrome-document-global-created", false);
+    obs.addObserver(this, "http-on-modify-request", false);
 
     if (messageManager) {
       this._messageManager = messageManager;
       this._mmIsGlobal = false;
     }
   };
 
   SpecialPowersObserver.prototype.uninit = function()
   {
     var obs = Services.obs;
     obs.removeObserver(this, "chrome-document-global-created");
+    obs.removeObserver(this, "http-on-modify-request");
     this._removeProcessCrashObservers();
   };
 
   SpecialPowersObserver.prototype._addProcessCrashObservers = function() {
     if (this._processCrashObserversRegistered) {
       return;
     }
 
--- a/testing/specialpowers/content/specialpowersAPI.js
+++ b/testing/specialpowers/content/specialpowersAPI.js
@@ -968,24 +968,45 @@ SpecialPowersAPI.prototype = {
   setAllAppsLaunchable: function(launchable) {
     var message = {
       op: "set-launchable",
       launchable: launchable
     };
     return this._sendSyncMessage("SPWebAppService", message);
   },
 
+  _proxiedObservers: {
+    "specialpowers-http-notify-request": function(aMessage) {
+      let uri = aMessage.json.uri;
+      Services.obs.notifyObservers(null, "specialpowers-http-notify-request", uri);
+    },
+  },
+
+  _addObserverProxy: function(notification) {
+    if (notification in this._proxiedObservers) {
+      this._addMessageListener(notification, this._proxiedObservers[notification]);
+    }
+  },
+
+  _removeObserverProxy: function(notification) {
+    if (notification in this._proxiedObservers) {
+      this._removeMessageListener(notification, this._proxiedObservers[notification]);
+    }
+  },
+
   addObserver: function(obs, notification, weak) {
+    this._addObserverProxy(notification);
     if (typeof obs == 'object' && obs.observe.name != 'SpecialPowersCallbackWrapper')
       obs.observe = wrapCallback(obs.observe);
     var obsvc = Cc['@mozilla.org/observer-service;1']
                    .getService(Ci.nsIObserverService);
     obsvc.addObserver(obs, notification, weak);
   },
   removeObserver: function(obs, notification) {
+    this._removeObserverProxy(notification);
     var obsvc = Cc['@mozilla.org/observer-service;1']
                    .getService(Ci.nsIObserverService);
     obsvc.removeObserver(obs, notification);
   },
   notifyObservers: function(subject, topic, data) {
     var obsvc = Cc['@mozilla.org/observer-service;1']
                    .getService(Ci.nsIObserverService);
     obsvc.notifyObservers(subject, topic, data);