Bug 1270219 - Fix the meta-csp mixed-content web platform tests to actually output the <meta> tag with the content policy, so they're testing something useful. r=jgraham, a=test-only
authorBoris Zbarsky <bzbarsky@mit.edu>
Wed, 04 May 2016 20:41:32 -0400
changeset 319127 997a8557995d1aa1a0b0e1c6375c5eb374615004
parent 319126 fcf65f9b9fad4fd143f123c1411a0a1f6b0180a5
child 319128 1dd7b155900eb230dcbbf6e08441f565e60686f6
push id9650
push userryanvm@gmail.com
push dateFri, 03 Jun 2016 19:25:20 +0000
treeherdermozilla-aurora@997a8557995d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjgraham, test-only
bugs1270219
milestone48.0a2
Bug 1270219 - Fix the meta-csp mixed-content web platform tests to actually output the <meta> tag with the content policy, so they're testing something useful. r=jgraham, a=test-only
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
testing/web-platform/tests/mixed-content/generic/template/test.release.html.template
testing/web-platform/tests/mixed-content/generic/tools/generate.py
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
testing/web-platform/tests/mixed-content/spec_json.js
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: audio-tag\n                                 expectation: blocked]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: img-tag\n                                 expectation: blocked]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,23 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: cross-origin-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: video-tag\n                                 expectation: blocked]
-    expected:
-      if not debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and (os == "mac") and (version == "OS X 10.8") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "mac") and (version == "OS X 10.8") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "win") and (version == "6.2.9200") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "win") and (version == "6.2.9200") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "mac") and (version == "OS X 10.10.2") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "mac") and (version == "OS X 10.10.2") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "win") and (version == "6.1.7601") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and (os == "win") and (version == "6.1.7601") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "win") and (version == "10.0.10240") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "win") and (version == "10.0.10240") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and not e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86") and (bits == 32): FAIL
-      if debug and not e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86_64") and (bits == 64): FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: audio-tag\n                                 expectation: blocked]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: img-tag\n                                 expectation: blocked]
-    expected: FAIL
-
deleted file mode 100644
--- a/testing/web-platform/meta/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html.ini
+++ /dev/null
@@ -1,23 +0,0 @@
-[opt-in-blocks.https.html]
-  type: testharness
-  [opt_in_method: meta-csp\n                                 origin: same-host-http\n                                 source_scheme: https\n                                 context_nesting: top-level\n                                 redirection: no-redirect\n                                 subresource: video-tag\n                                 expectation: blocked]
-    expected:
-      if not debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and (os == "mac") and (version == "OS X 10.8") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "linux") and (version == "Ubuntu 12.04") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "mac") and (version == "OS X 10.8") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "win") and (version == "6.2.9200") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "win") and (version == "6.2.9200") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and (os == "mac") and (version == "OS X 10.10.2") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "mac") and (version == "OS X 10.10.2") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "win") and (version == "6.1.7601") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and (os == "win") and (version == "6.1.7601") and (processor == "x86") and (bits == 32): FAIL
-      if debug and (os == "win") and (version == "10.0.10240") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and (os == "win") and (version == "10.0.10240") and (processor == "x86_64") and (bits == 64): FAIL
-      if not debug and not e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86") and (bits == 32): FAIL
-      if not debug and e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86") and (bits == 32): FAIL
-      if debug and not e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86_64") and (bits == 64): FAIL
-      if debug and e10s and (os == "mac") and (version == "OS X 10.10.5") and (processor == "x86_64") and (bits == 64): FAIL
-
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/audio-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: audio-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/fetch-request/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: fetch-request
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/form-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: form-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/iframe-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: iframe-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/img-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: img-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-css-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-css-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/link-prefetch-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-prefetch-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/object-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: object-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/picture-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: picture-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/script-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: script-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/video-tag/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: video-tag
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/worker-request/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: worker-request
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-https/xhr-request/top-level/no-redirect/allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-https
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: xhr-request
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
+++ b/testing/web-platform/tests/mixed-content/allowed/meta-csp/same-host-wss/websocket-request/top-level/no-redirect/websocket-allowed.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-wss
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: websocket-request
                                  expectation: allowed">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: fetch-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: form-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: iframe-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-css-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: object-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: picture-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: script-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: worker-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: xhr-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/cross-origin-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-ws
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: websocket-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/fetch-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: fetch-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/form-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: form-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/iframe-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: iframe-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/link-css-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-css-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/object-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: object-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/picture-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: picture-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/script-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: script-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/worker-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: worker-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-http/xhr-request/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: xhr-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/blockable/meta-csp/same-host-ws/websocket-request/top-level/no-redirect/ws-downgrade-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-ws
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: websocket-request
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template
+++ b/testing/web-platform/tests/mixed-content/generic/template/test.release.html.template
@@ -2,17 +2,17 @@
 %(generated_disclaimer)s
 <html>
   <head>
     <title>Mixed-Content: %(spec_title)s</title>
     <meta charset='utf-8'>
     <meta name="description" content="%(spec_description)s">
     <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
     <link rel="help" href="%(spec_specification_url)s">
-    <meta name="assert" content="%(test_description)s">
+    <meta name="assert" content="%(test_description)s">%(meta_opt_in)s
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>%(test_js)s</script>
     <div id="log"></div>
--- a/testing/web-platform/tests/mixed-content/generic/tools/generate.py
+++ b/testing/web-platform/tests/mixed-content/generic/tools/generate.py
@@ -84,17 +84,17 @@ def generate_selection(selection, spec, 
         os.makedirs(full_path)
     except:
         pass
 
     # TODO(kristijanburnik): Implement the opt-in-method here.
     opt_in_method = selection['opt_in_method']
     selection['meta_opt_in'] = ''
     if opt_in_method == 'meta-csp':
-        selection['meta_opt_in'] = '<meta http-equiv="Content-Security-Policy" ' + \
+        selection['meta_opt_in'] = '\n    <meta http-equiv="Content-Security-Policy" ' + \
                                    'content="block-all-mixed-content">'
     elif opt_in_method == 'http-csp':
         opt_in_headers = "Content-Security-Policy: block-all-mixed-content\n"
         write_file(test_headers_filename, opt_in_headers)
     elif opt_in_method == 'no-opt-in':
         pass
     else:
         raise ValueError("Invalid opt_in_method %s" % opt_in_method)
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: audio-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: img-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-prefetch-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/cross-origin-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: cross-origin-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: video-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/audio-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: audio-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/img-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: img-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/link-prefetch-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: link-prefetch-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
+++ b/testing/web-platform/tests/mixed-content/optionally-blockable/meta-csp/same-host-http/video-tag/top-level/no-redirect/opt-in-blocks.https.html
@@ -9,16 +9,17 @@
     <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-optionally-blockable">
     <meta name="assert" content="opt_in_method: meta-csp
                                  origin: same-host-http
                                  source_scheme: https
                                  context_nesting: top-level
                                  redirection: no-redirect
                                  subresource: video-tag
                                  expectation: blocked">
+    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
     <script src="/mixed-content/generic/common.js"></script>
     <script src="/mixed-content/generic/mixed-content-test-case.js?pipe=sub"></script>
   </head>
   <body>
     <script>
       MixedContentTestCase(
--- a/testing/web-platform/tests/mixed-content/spec_json.js
+++ b/testing/web-platform/tests/mixed-content/spec_json.js
@@ -1,1 +1,1 @@
-var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "subresource": {"blockable": ["iframe-tag", "script-tag", "link-css-tag", "form-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "TODO-subresources-not-supported", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag", "websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]};
+var SPEC_JSON = {"test_expansion_schema": {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http", "same-host-wss", "same-host-ws", "cross-origin-wss", "cross-origin-ws"], "subresource": {"blockable": ["iframe-tag", "script-tag", "link-css-tag", "form-tag", "xhr-request", "worker-request", "fetch-request", "a-tag", "object-tag", "picture-tag", "websocket-request"], "optionally-blockable": ["img-tag", "audio-tag", "video-tag", "link-prefetch-tag"]}, "context_nesting": ["top-level", "sub-level"], "expectation": ["allowed", "blocked"], "expansion": ["default", "override"], "redirection": ["no-redirect", "keep-scheme-redirect", "swap-scheme-redirect"], "opt_in_method": ["no-opt-in", "http-csp", "meta-csp", "img-crossorigin"], "source_scheme": ["http", "https"]}, "specification": [{"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-allows", "redirection": "*", "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": [], "optionally-blockable": "*"}}], "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "name": "optionally-blockable", "title": "Optionally-blockable content"}, {"test_expansion": [{"origin": ["cross-origin-http", "same-host-http"], "name": "opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-http", "same-host-http"], "name": "no-opt-in-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "no-opt-in", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": []}}, {"origin": ["cross-origin-ws", "same-host-ws"], "name": "ws-downgrade-blocks", "redirection": "*", "expectation": "blocked", "expansion": "default", "context_nesting": "top-level", "opt_in_method": ["no-opt-in", "http-csp", "meta-csp"], "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "name": "blockable", "title": "Blockable content"}, {"test_expansion": [{"origin": ["same-host-https"], "name": "allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": ["same-host-wss"], "name": "websocket-allowed", "redirection": ["no-redirect", "keep-scheme-redirect"], "expectation": "allowed", "expansion": "default", "context_nesting": "top-level", "opt_in_method": "*", "source_scheme": "https", "subresource": {"blockable": "websocket-request", "optionally-blockable": []}}], "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "name": "allowed", "title": "Allowed content"}], "excluded_tests": [{"origin": "*", "name": "Redundant-subresources", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["a-tag"], "optionally-blockable": []}}, {"origin": ["same-host-https", "same-host-http", "cross-origin-https", "cross-origin-http"], "name": "Skip-origins-not-applicable-to-websockets", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "*", "source_scheme": "*", "subresource": {"blockable": ["websocket-request"], "optionally-blockable": []}}, {"origin": "*", "name": "TODO-opt-in-method-img-cross-origin", "redirection": "*", "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": "img-crossorigin", "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}, {"origin": "*", "name": "Skip-redundant-for-opt-in-method", "redirection": ["keep-scheme-redirect", "swap-scheme-redirect"], "expectation": "*", "expansion": "*", "context_nesting": "*", "opt_in_method": ["meta-csp", "img-crossorigin"], "source_scheme": "*", "subresource": {"blockable": "*", "optionally-blockable": "*"}}]};