Backed out changeset e6a9c98d62d0 (bug 927196) for causing bug 939269
authorEd Morley <emorley@mozilla.com>
Mon, 18 Nov 2013 10:59:01 +0000
changeset 155156 beddd6d4bcdfe624010f0c321f4b0903872a54e5
parent 155155 8c20a3bb8b818680e4b8851c67bc67ec4af8f0d8
child 156004 70c5061b0fb9747d0455cd57a7f47924c98f4590
child 156012 411915ff3c7fcbfcdb8984104aece01f741961e6
child 156047 6df57406a9dfd7b79353795d6f4dd952f5eb41b9
child 156111 777db6243c9acf1f412ba4004480f6cf50dfdbb7
push id25665
push useremorley@mozilla.com
push dateMon, 18 Nov 2013 10:59:17 +0000
treeherdermozilla-central@beddd6d4bcdf [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs927196, 939269
milestone28.0a1
backs oute6a9c98d62d05f35dd4c5c03b5024fd1a6721c8c
first release with
nightly linux32
beddd6d4bcdf / 28.0a1 / 20131118030203 / files
nightly linux64
beddd6d4bcdf / 28.0a1 / 20131118030203 / files
nightly mac
beddd6d4bcdf / 28.0a1 / 20131118030203 / files
nightly win32
beddd6d4bcdf / 28.0a1 / 20131118030203 / files
nightly win64
beddd6d4bcdf / 28.0a1 / 20131118030203 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset e6a9c98d62d0 (bug 927196) for causing bug 939269
browser/extensions/shumway/content/shumway.js
content/base/src/nsXMLHttpRequest.cpp
content/base/src/nsXMLHttpRequest.h
content/base/test/file_restrictedEventSource.sjs
content/base/test/mochitest.ini
content/base/test/test_XHR_parameters.html
content/base/test/test_XHR_system.html
content/base/test/test_bug338583.html
content/base/test/test_bug426308.html
content/base/test/test_bug431701.html
content/base/test/test_bug804395.html
content/base/test/test_bug927196.html
content/base/test/test_xhr_forbidden_headers.html
dom/permission/tests/test_systemXHR.html
dom/workers/XMLHttpRequest.cpp
dom/workers/test/test_xhr_system.html
dom/workers/test/test_xhr_system.js
testing/mochitest/manifest.webapp
--- a/browser/extensions/shumway/content/shumway.js
+++ b/browser/extensions/shumway/content/shumway.js
@@ -37087,17 +37087,17 @@ var BinaryFileReader = function binaryFi
             }
             complete(xhr.response);
           }
         };
         xhr.send(null);
       },
       readAsync: function (ondata, onerror, onopen, oncomplete, onhttpstatus) {
         var xhr = new XMLHttpRequest({
-            mozAnon: true, mozSystem: true
+            mozSystem: true
           });
         var url = this.url;
         xhr.open(this.method || 'GET', url, true);
         var isNotProgressive;
         try {
           xhr.responseType = 'moz-chunked-arraybuffer';
           isNotProgressive = xhr.responseType !== 'moz-chunked-arraybuffer';
         } catch (e) {
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -378,17 +378,17 @@ nsXMLHttpRequest::InitParameters(bool aA
   // Check for permissions.
   nsCOMPtr<nsPIDOMWindow> window = do_QueryInterface(GetOwner());
   if (!window || !window->GetDocShell()) {
     return;
   }
 
   // Chrome is always allowed access, so do the permission check only
   // for non-chrome pages.
-  if (!IsSystemXHR() && aSystem) {
+  if (!IsSystemXHR()) {
     nsCOMPtr<nsIDocument> doc = window->GetExtantDoc();
     if (!doc) {
       return;
     }
 
     nsCOMPtr<nsIPrincipal> principal = doc->NodePrincipal();
     nsCOMPtr<nsIPermissionManager> permMgr =
       do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
--- a/content/base/src/nsXMLHttpRequest.h
+++ b/content/base/src/nsXMLHttpRequest.h
@@ -193,21 +193,16 @@ public:
     nsCOMPtr<nsIGlobalObject> global = do_QueryInterface(aGlobal.GetAsSupports());
     nsCOMPtr<nsIScriptObjectPrincipal> principal =
       do_QueryInterface(aGlobal.GetAsSupports());
     if (!global || ! principal) {
       aRv.Throw(NS_ERROR_FAILURE);
       return nullptr;
     }
 
-    if (!aParams.mMozAnon && aParams.mMozSystem) {
-      aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-      return nullptr;
-    }
-
     nsRefPtr<nsXMLHttpRequest> req = new nsXMLHttpRequest();
     req->Construct(principal->GetPrincipal(), global);
     req->InitParameters(aParams.mMozAnon, aParams.mMozSystem);
     return req.forget();
   }
 
   static already_AddRefed<nsXMLHttpRequest>
   Constructor(const mozilla::dom::GlobalObject& aGlobal,
--- a/content/base/test/file_restrictedEventSource.sjs
+++ b/content/base/test/file_restrictedEventSource.sjs
@@ -1,16 +1,18 @@
 function handleRequest(request, response)
 {
   if ((request.queryString == "test=user1_xhr" &&
        request.hasHeader("Authorization") &&
        request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=") ||
       (request.queryString == "test=user1_evtsrc" &&
        request.hasHeader("Authorization") &&
-       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=")) {
+       request.getHeader("Authorization") == "Basic dXNlciAxOnBhc3N3b3JkIDE=" &&
+       request.hasHeader("Cookie") &&
+       request.getHeader("Cookie") == "test=5c")) {
     response.setStatusLine(null, 200, "OK");
     response.setHeader("Content-Type", "text/event-stream", false);
     response.setHeader("Access-Control-Allow-Origin", "http://mochi.test:8888", false);
     response.setHeader("Access-Control-Allow-Credentials", "true", false);
     response.setHeader("Cache-Control", "no-cache, must-revalidate", false);
     if (request.queryString == "test=user1_xhr") {
       response.setHeader("Set-Cookie", "test=5c", false);
     }
--- a/content/base/test/mochitest.ini
+++ b/content/base/test/mochitest.ini
@@ -516,17 +516,16 @@ support-files =
 [test_bug869006.html]
 [test_bug876282.html]
 [test_bug890580.html]
 [test_bug894874.html]
 [test_bug895239.html]
 [test_bug895974.html]
 [test_bug902847.html]
 [test_bug907892.html]
-[test_bug927196.html]
 [test_caretPositionFromPoint.html]
 [test_classList.html]
 [test_copypaste.html]
 [test_copypaste.xhtml]
 [test_createHTMLDocument.html]
 [test_declare_stylesheet_obsolete.html]
 [test_domparser_null_char.html]
 [test_domparsing.html]
--- a/content/base/test/test_XHR_parameters.html
+++ b/content/base/test/test_XHR_parameters.html
@@ -48,21 +48,22 @@ function runTests() {
     try {
       xhr = new XMLHttpRequest(value);
     } catch (ex) {
       ok(false, "Got unexpected exception: " + ex);
       return;
     }
     ok(xhr instanceof XMLHttpRequest, "passed " + JSON.stringify(value));
 
-    // If the page doesnt have privileges to create a system XHR,
-    // this flag will always be false no matter what is passed.
-    let expectedAnon = Boolean(value && value.mozAnon);
+    // If the page doesnt have privileges to create a system or anon XHR,
+    // these flags will always be false no matter what is passed.
+    let expectedAnon = false;
     let expectedSystem = false;
     if (havePrivileges) {
+      expectedAnon = Boolean(value && value.mozAnon);
       expectedSystem = Boolean(value && value.mozSystem);
     }
     is(xhr.mozAnon, expectedAnon, "testing mozAnon");
     is(xhr.mozSystem, expectedSystem, "testing mozSystem");
   }
 
   function testInvalidParameter(value) {
     let expectedError;
@@ -78,20 +79,21 @@ function runTests() {
   }
 
   // Run the tests once without API privileges...
   validParameters.forEach(testValidParameter);
   invalidParameters.forEach(testInvalidParameter);
 
   // ...and once with privileges.
   havePrivileges = true;
-  SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], function() {
-    validParameters.forEach(testValidParameter);
-    invalidParameters.forEach(testInvalidParameter);
+  SpecialPowers.addPermission("systemXHR", true, document);
 
-    SimpleTest.finish();
-  });
+  validParameters.forEach(testValidParameter);
+  invalidParameters.forEach(testInvalidParameter);
+  SpecialPowers.removePermission("systemXHR", document);
+
+  SimpleTest.finish();
 }
 
 </script>
 </pre>
 </body>
 </html>
--- a/content/base/test/test_XHR_system.html
+++ b/content/base/test/test_XHR_system.html
@@ -21,17 +21,17 @@ const PROTECTED_URL = "file:///etc/passw
 const REDIRECT_URL = window.location.protocol + "//" + window.location.host + "/tests/content/base/test/file_XHR_system_redirect.html";
 const CROSSSITE_URL = "http://example.com/tests/content/base/test/test_XHR_system.html";
 
 tests.push(function test_cross_origin() {
   // System XHR can load cross-origin resources.
 
   is(window.location.hostname, "mochi.test", "correct origin");
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", CROSSSITE_URL);
   xhr.onload = function onload() {
     is(xhr.status, 200, "correct HTTP status");
     ok(xhr.responseText != null, "HTTP response non-null");
     ok(xhr.responseText.length, "HTTP response not empty");
     runNextTest();
   };
@@ -40,17 +40,17 @@ tests.push(function test_cross_origin() 
     runNextTest();
   }
   xhr.send();
 });
 
 tests.push(function test_file_uri() {
   // System XHR is not permitted to access file:/// URIs.
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", PROTECTED_URL);
   let error;
   try {
     xhr.send();
   } catch (ex) {
     error = ex;
   }
@@ -59,17 +59,17 @@ tests.push(function test_file_uri() {
   is(error.message, "Access to restricted URI denied");
 
   runNextTest();
 });
 
 tests.push(function test_redirect_to_file_uri() {
   // System XHR won't load file:/// URIs even if an HTTP resource redirects there.
 
-  let xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  let xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", REDIRECT_URL);
   xhr.onload = function onload() {
     ok(false, "Should not have loaded");
     runNextTest();
   };
   xhr.onerror = function onerror(event) {
     ok(true, "Got an error event: " + event);
--- a/content/base/test/test_bug338583.html
+++ b/content/base/test/test_bug338583.html
@@ -459,18 +459,18 @@ https://bugzilla.mozilla.org/show_bug.cg
       ok(gEventSourceObj5_b.hits['fn_onmessage'] == 0, "Test 5.b failed");
       gEventSourceObj5_b.close();
       setTestHasFinished(test_id);
     }, parseInt(3000*stress_factor));
   }
 
   function doTest5_c(test_id)
   {
-    // credentials using the auth cache
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    // credentials using the auth cache and cookies
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     // also, test mixed mode UI
     xhr.open("GET", "https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_xhr", true, "user 1", "password 1");
     xhr.send();
     xhr.onloadend = function() {
       ok(xhr.status == 200, "Failed to set credentials in test 5.c");
 
       gEventSourceObj5_c = new EventSource("https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_evtsrc",
@@ -489,17 +489,17 @@ https://bugzilla.mozilla.org/show_bug.cg
         gEventSourceObj5_c.close();
         doTest5_d(test_id);
       }, parseInt(3000*stress_factor));
     };
   }
 
   function doTest5_d(test_id)
   {
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_xhr", true, "user 2", "password 2");
     xhr.send();
     xhr.onloadend = function() {
       ok(xhr.status == 200, "Failed to set credentials in test 5.d");
   
       gEventSourceObj5_d = new EventSource("https://example.com/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_evtsrc");
       ok(!gEventSourceObj5_d.withCredentials, "Wrong withCredentials in test 5.d");
@@ -516,18 +516,18 @@ https://bugzilla.mozilla.org/show_bug.cg
         gEventSourceObj5_d.close();
         setTestHasFinished(test_id);
       }, parseInt(3000*stress_factor));
     };
   }
 
   function doTest5_e(test_id)
   {
-    // credentials using the auth cache
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    // credentials using the auth cache and cookies
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_xhr", true, "user 1", "password 1");
     xhr.send();
     xhr.onloadend = function() {
       ok(xhr.status == 200, "Failed to set credentials in test 5.e");
 
       gEventSourceObj5_e = new EventSource("http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user1_evtsrc",
                                            { get withCredentials() { return true; } } );
@@ -545,17 +545,17 @@ https://bugzilla.mozilla.org/show_bug.cg
         gEventSourceObj5_e.close();
         doTest5_f(test_id);
       }, parseInt(5000*stress_factor));
     };
   }
 
   function doTest5_f(test_id)
   {
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.withCredentials = true;
     xhr.open("GET", "http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_xhr", true, "user 2", "password 2");
     xhr.send();
     xhr.onloadend = function() {
       ok(xhr.status == 200, "Failed to set credentials in test 5.f");
 
       gEventSourceObj5_f = new EventSource("http://example.org/tests/content/base/test/file_restrictedEventSource.sjs?test=user2_evtsrc",
                                            { });
--- a/content/base/test/test_bug426308.html
+++ b/content/base/test/test_bug426308.html
@@ -17,17 +17,17 @@ https://bugzilla.mozilla.org/show_bug.cg
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 /** Test for Bug 426308 **/
 
 const SJS_URL = "http://example.org:80/tests/content/base/test/bug426308-redirect.sjs";
 
 function startTest() {
-  var req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var req = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   req.open("GET", SJS_URL + "?" + window.location.href, false);
   req.send(null);
 
   is(req.status, 200, "Redirect did not happen");
 
   SimpleTest.finish();
 }
 
--- a/content/base/test/test_bug431701.html
+++ b/content/base/test/test_bug431701.html
@@ -46,17 +46,17 @@ function frameDoc(id) {
 
 function createDoc() {
   return document.implementation.createDocument('', 'html', null);
 }
 
 function xhrDoc(idx) {
   return function() {
     // Defy same-origin restrictions!
-    var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+    var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
     xhr.open("GET", docSources[idx], false);
     xhr.send();
     return xhr.responseXML;
   };
 }
 
 // Each row has the document getter function, then the characterSet,
 // inputEncoding expected for that document.
--- a/content/base/test/test_bug804395.html
+++ b/content/base/test/test_bug804395.html
@@ -14,41 +14,41 @@ https://bugzilla.mozilla.org/show_bug.cg
 <p id="display"></p>
 <div id="content" style="display: none">
 
 </div>
 <pre id="test">
 <script type="application/javascript">
 
 function test200() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.bar', true);
   xhr.onreadystatechange = function() {
     if (xhr.readyState == 4) {
       ok(xhr.status == 200, "Existing file must have Status 200!");
       runTests();
     }
   }
   xhr.send(null);
 }
 
 function test404() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.do_not_exist', true);
   xhr.onreadystatechange = function() {
     if (xhr.readyState == 4) {
       ok(xhr.status == 404, "Non existing file must have Status 404!");
       runTests();
     }
   }
   xhr.send(null);
 }
 
 function test0() {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   xhr.open('GET', 'jar:http://example.org/tests/content/base/test/file_bug804395.jar!/foo.bar', true);
   ok(xhr.status == 0, "Not Sent request must have status 0");
   runTests();
 }
 
 var tests = [ test200, test404, test0 ];
 function runTests() {
   if (!tests.length) {
deleted file mode 100644
--- a/content/base/test/test_bug927196.html
+++ /dev/null
@@ -1,64 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-https://bugzilla.mozilla.org/show_bug.cgi?id=426308
--->
-<head>
-  <title>Test for Bug 426308</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-</head>
-<body>
-<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=927196">Mozilla Bug 927196</a>
-<p id="display"></p>
-<div id="content" style="display: none">
-  
-</div>
-<pre id="test">
-<script class="testbody" type="text/javascript">
-
-/** Test for Bug 927196 **/
-
-function startTest() {
-  try {
-    req = new XMLHttpRequest({mozSystem: true});
-    ok(false, "Should not be reached");
-  } catch(e) {
-    is(e.name, "SecurityError", "XMLHttpRequest should not be mozSystem");
-  }
-
-  req = new XMLHttpRequest({mozAnon: true});
-  is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-  is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-  req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-  is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-  is(req.mozSystem, true, "XMLHttpRequest should be mozSystem");
-
-  try {
-    req = new XMLHttpRequest({mozAnon: false, mozSystem: true});
-    ok(false, "Should not be reached");
-  } catch(e) {
-    is(e.name, "SecurityError", "XMLHttpRequest should throw SecurityError");
-  }
-
-  SimpleTest.finish();
-}
-
-SimpleTest.waitForExplicitFinish();
-
-var req = new XMLHttpRequest({mozAnon: true});
-is(req.mozAnon, true, "XMLHttpRequest should be mozAnon");
-is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-req = new XMLHttpRequest({mozAnon: true, mozSystem: true});
-is(req.mozAnon, false, "XMLHttpRequest should be mozAnon");
-is(req.mozSystem, false, "XMLHttpRequest should not be mozSystem");
-
-addLoadEvent(function() {
-   SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], startTest);
-});
-</script>
-</pre>
-</body>
-</html>
--- a/content/base/test/test_xhr_forbidden_headers.html
+++ b/content/base/test/test_xhr_forbidden_headers.html
@@ -65,17 +65,17 @@ function  startTest() {
       value = channel.getRequestHeader(headers[i]);
     }
     catch(e) {}
 
     isnot(value, "test" + i, "Setting " + headers[i] + " header in unprivileged context");
   }
 
   // Try setting headers in privileged context
-  request = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  request = new XMLHttpRequest({mozAnon: false, mozSystem: true});
   request.open("GET", window.location.href);
   for (i = 0; i < headers.length; i++)
     request.setRequestHeader(headers[i], "test" + i);
 
   // Read out headers
   var channel = SpecialPowers.wrap(request).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannel);
   for (i = 0; i < headers.length; i++) {
     var value = channel.getRequestHeader(headers[i]);
--- a/dom/permission/tests/test_systemXHR.html
+++ b/dom/permission/tests/test_systemXHR.html
@@ -12,17 +12,17 @@ https://bugzilla.mozilla.org/show_bug.cg
 <body>
 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=815105">Mozilla Bug 815105 </a>
 <p id="display"></p>
 <div id="content" style="display: none"></div>
 <pre id="test">
 <script type="application/javascript;version=1.8" src="file_framework.js"></script>
 <script type="application/javascript;version=1.8">
 function verifier(success, failure) {
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozSystem: true});
   if (xhr.mozSystem === true) {
     success("systemXHR");
   } else {
     failure("Couldn't create systemXHR");
   }
 }
 
 var gData = [
--- a/dom/workers/XMLHttpRequest.cpp
+++ b/dom/workers/XMLHttpRequest.cpp
@@ -1494,21 +1494,16 @@ already_AddRefed<XMLHttpRequest>
 XMLHttpRequest::Constructor(const GlobalObject& aGlobal,
                             const MozXMLHttpRequestParameters& aParams,
                             ErrorResult& aRv)
 {
   JSContext* cx = aGlobal.GetContext();
   WorkerPrivate* workerPrivate = GetWorkerPrivateFromContext(cx);
   MOZ_ASSERT(workerPrivate);
 
-  if (!aParams.mMozAnon && aParams.mMozSystem) {
-    aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
-    return nullptr;
-  }
-
   nsRefPtr<XMLHttpRequest> xhr = new XMLHttpRequest(workerPrivate);
 
   if (workerPrivate->XHRParamsAllowed()) {
     xhr->mMozAnon = aParams.mMozAnon;
     xhr->mMozSystem = aParams.mMozSystem;
   }
 
   return xhr.forget();
--- a/dom/workers/test/test_xhr_system.html
+++ b/dom/workers/test/test_xhr_system.html
@@ -21,32 +21,34 @@ function message(event) {
   else if(event.data.test == 'is')
     is(event.data.a, event.data.b, event.data.event);
   else if(event.data.test == 'finish') {
     run();
   }
 };
 
 function test1() {
+  // ...and once with privileges.
+  SpecialPowers.addPermission("systemXHR", true, document);
   var worker = new Worker("test_xhr_system.js");
   worker.onmessage = message;
   worker.postMessage(true);
 }
 
 var tests = [ test1 ];
 function run() {
   if (!tests.length) {
+    SpecialPowers.removePermission("systemXHR", document);
     SimpleTest.finish();
     return;
   }
 
   var func = tests.shift();
   func();
 }
 
 SimpleTest.waitForExplicitFinish();
-
-SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], run);
+run();
 
 </script>
 </pre>
 </body>
 </html>
--- a/dom/workers/test/test_xhr_system.js
+++ b/dom/workers/test/test_xhr_system.js
@@ -6,19 +6,19 @@ function is(a, b, msg) {
   postMessage({ event: msg, test: 'is', a: a, b: b });
 }
 
 self.onmessage = function onmessage(event) {
 
   // An XHR with system privileges will be able to do cross-site calls.
 
   const TEST_URL = "http://example.com/tests/content/base/test/test_XHR_system.html";
-  is(location.hostname, "mochi.test", "hostname should be mochi.test");
+  is(location.hostname, "mochi.test", "hostname");
 
-  var xhr = new XMLHttpRequest({mozAnon: true, mozSystem: true});
+  var xhr = new XMLHttpRequest({mozSystem: true});
   is(xhr.mozSystem, true, ".mozSystem == true");
   xhr.open("GET", TEST_URL);
   xhr.onload = function onload() {
     is(xhr.status, 200);
     ok(xhr.responseText != null);
     ok(xhr.responseText.length);
     postMessage({test: "finish"});
   };
--- a/testing/mochitest/manifest.webapp
+++ b/testing/mochitest/manifest.webapp
@@ -22,16 +22,17 @@
     "camera":{},
     "geolocation":{},
     "wifi-manage":{},
     "wifi":{},
     "desktop-notification":{},
     "idle":{},
     "network-events":{},
     "embed-apps":{},
+    "systemXHR":{},
     "audio-channel-content":{},
     "audio-channel-alarm":{}
   },
   "locales": {
     "en-US": {
       "name": "Mochitest",
       "description": "Mochitests"
     }