Backed out 5 changesets (bug 1525036) for browser_httpCrossOriginHeader.js failures. CLOSED TREE
authorCsoregi Natalia <ncsoregi@mozilla.com>
Sat, 09 Mar 2019 02:39:11 +0200
changeset 521198 9da6e8f78737
parent 521197 d4e6ec91e2c3
child 521199 1823814b5dff
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1525036
milestone67.0a1
backs out6717beb3ac53
0c05686bd62a
502b0bb796cd
fa0363d33dbd
6391f42aaa6d
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 5 changesets (bug 1525036) for browser_httpCrossOriginHeader.js failures. CLOSED TREE Backed out changeset 6717beb3ac53 (bug 1525036) Backed out changeset 0c05686bd62a (bug 1525036) Backed out changeset 502b0bb796cd (bug 1525036) Backed out changeset fa0363d33dbd (bug 1525036) Backed out changeset 6391f42aaa6d (bug 1525036)
docshell/base/BrowsingContext.cpp
docshell/base/BrowsingContext.h
dom/fetch/FetchDriver.cpp
ipc/glue/IPCMessageUtils.h
modules/libpref/init/StaticPrefList.h
netwerk/base/nsILoadInfo.idl
netwerk/protocol/http/nsHttpAtomList.h
netwerk/protocol/http/nsHttpChannel.cpp
netwerk/protocol/http/nsHttpChannel.h
toolkit/components/remotebrowserutils/tests/browser/browser.ini
toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js
toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs
--- a/docshell/base/BrowsingContext.cpp
+++ b/docshell/base/BrowsingContext.cpp
@@ -172,25 +172,22 @@ BrowsingContext::BrowsingContext(Browsin
                                  uint64_t aBrowsingContextId, Type aType)
     : mName(aName),
       mClosed(false),
       mType(aType),
       mBrowsingContextId(aBrowsingContextId),
       mParent(aParent),
       mOpener(aOpener),
       mIsActivatedByUserGesture(false) {
-  mCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
   // Specify our group in our constructor. We will explicitly join the group
   // when we are registered, as doing so will take a reference.
   if (mParent) {
     mGroup = mParent->Group();
-    mCrossOriginPolicy = mParent->CrossOriginPolicy();
   } else if (mOpener) {
     mGroup = mOpener->Group();
-    mCrossOriginPolicy = mOpener->CrossOriginPolicy();
   } else {
     // To ensure the group has a unique ID, we will use our ID, as the founder
     // of this BrowsingContextGroup.
     mGroup = new BrowsingContextGroup();
   }
 }
 
 void BrowsingContext::SetDocShell(nsIDocShell* aDocShell) {
--- a/docshell/base/BrowsingContext.h
+++ b/docshell/base/BrowsingContext.h
@@ -13,17 +13,16 @@
 #include "mozilla/WeakPtr.h"
 #include "mozilla/dom/BindingDeclarations.h"
 #include "nsCOMPtr.h"
 #include "nsCycleCollectionParticipant.h"
 #include "nsIDocShell.h"
 #include "nsString.h"
 #include "nsTArray.h"
 #include "nsWrapperCache.h"
-#include "nsILoadInfo.h"
 
 class nsGlobalWindowOuter;
 class nsIPrincipal;
 class nsOuterWindowProxy;
 class PickleIterator;
 
 namespace IPC {
 class Message;
@@ -65,17 +64,16 @@ class WindowProxyHolder;
 //
 // At all times the last line below should be __VA_ARGS__, since that
 // acts as a sentinel for callers of MOZ_FOR_EACH_SYNCED_FIELD.
 
 // clang-format off
 #define MOZ_FOR_EACH_SYNCED_BC_FIELD(declare, ...)        \
   declare(Name, nsString, nsAString)                   \
   declare(Closed, bool, bool)                          \
-  declare(CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy) \
   __VA_ARGS__
 // clang-format on
 
 #define MOZ_SYNCED_BC_FIELD_NAME(name, ...) m##name
 #define MOZ_SYNCED_BC_FIELD_ARGUMENT(name, type, atype) \
   transaction->MOZ_SYNCED_BC_FIELD_NAME(name),
 #define MOZ_SYNCED_BC_FIELD_GETTER(name, type, atype) \
   const type& Get##name() const { return MOZ_SYNCED_BC_FIELD_NAME(name); }
@@ -285,20 +283,16 @@ class BrowsingContext : public nsWrapper
                       const Sequence<JSObject*>& aTransfer,
                       nsIPrincipal& aSubjectPrincipal, ErrorResult& aError);
   void PostMessageMoz(JSContext* aCx, JS::Handle<JS::Value> aMessage,
                       const WindowPostMessageOptions& aOptions,
                       nsIPrincipal& aSubjectPrincipal, ErrorResult& aError);
 
   JSObject* WrapObject(JSContext* aCx);
 
-  nsILoadInfo::CrossOriginPolicy CrossOriginPolicy() {
-    return mCrossOriginPolicy;
-  }
-
  protected:
   virtual ~BrowsingContext();
   BrowsingContext(BrowsingContext* aParent, BrowsingContext* aOpener,
                   const nsAString& aName, uint64_t aBrowsingContextId,
                   Type aType);
 
  private:
   // Find the special browsing context if aName is '_self', '_parent',
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@@ -419,34 +419,16 @@ nsresult FetchDriver::HttpFetch(
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsAutoCString url;
   mRequest->GetURL(url);
   nsCOMPtr<nsIURI> uri;
   rv = NS_NewURI(getter_AddRefs(uri), url, nullptr, nullptr, ios);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  if (StaticPrefs::browser_tabs_remote_useCrossOriginPolicy()) {
-    // Cross-Origin policy - bug 1525036
-    nsILoadInfo::CrossOriginPolicy corsCredentials =
-        nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-    if (mDocument && mDocument->GetBrowsingContext()) {
-      corsCredentials = mDocument->GetBrowsingContext()->CrossOriginPolicy();
-    }  // TODO Bug 1532287: else use mClientInfo
-
-    if (mRequest->Mode() == RequestMode::No_cors &&
-        corsCredentials != nsILoadInfo::CROSS_ORIGIN_POLICY_NULL) {
-      mRequest->SetMode(RequestMode::Cors);
-      mRequest->SetCredentialsMode(RequestCredentials::Same_origin);
-      if (corsCredentials == nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS) {
-        mRequest->SetCredentialsMode(RequestCredentials::Include);
-      }
-    }
-  }
-
   // Unsafe requests aren't allowed with when using no-core mode.
   if (mRequest->Mode() == RequestMode::No_cors && mRequest->UnsafeRequest() &&
       (!mRequest->HasSimpleMethod() ||
        !mRequest->Headers()->HasOnlySimpleHeaders())) {
     MOZ_ASSERT(false, "The API should have caught this");
     return NS_ERROR_DOM_BAD_URI;
   }
 
--- a/ipc/glue/IPCMessageUtils.h
+++ b/ipc/glue/IPCMessageUtils.h
@@ -1084,24 +1084,11 @@ struct CrossOriginOpenerPolicyValidator 
   }
 };
 
 template <>
 struct ParamTraits<nsILoadInfo::CrossOriginOpenerPolicy>
     : EnumSerializer<nsILoadInfo::CrossOriginOpenerPolicy,
                      CrossOriginOpenerPolicyValidator> {};
 
-struct CrossOriginPolicyValidator {
-  static bool IsLegalValue(nsILoadInfo::CrossOriginPolicy e) {
-    return e == nsILoadInfo::CROSS_ORIGIN_POLICY_NULL ||
-           e == nsILoadInfo::CROSS_ORIGIN_POLICY_ANONYMOUS ||
-           e == nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS;
-  }
-};
-
-template <>
-struct ParamTraits<nsILoadInfo::CrossOriginPolicy>
-    : EnumSerializer<nsILoadInfo::CrossOriginPolicy,
-                     CrossOriginPolicyValidator> {};
-
 } /* namespace IPC */
 
 #endif /* __IPC_GLUE_IPCMESSAGEUTILS_H__ */
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -2084,23 +2084,16 @@ VARCACHE_PREF(
 
 // Blocked plugin content
 VARCACHE_PREF(
   "browser.safebrowsing.blockedURIs.enabled",
    browser_safebrowsing_blockedURIs_enabled,
   bool, true
 )
 
-// When this pref is enabled document loads with a mismatched
-// Cross-Origin header will fail to load
-VARCACHE_PREF("browser.tabs.remote.useCrossOriginPolicy",
-              browser_tabs_remote_useCrossOriginPolicy,
-              bool, false
-)
-
 // Prevent system colors from being exposed to CSS or canvas.
 VARCACHE_PREF(
   "ui.use_standins_for_native_colors",
    ui_use_standins_for_native_colors,
    RelaxedAtomicBool, false
 )
 
 //---------------------------------------------------------------------------
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -1088,15 +1088,9 @@ interface nsILoadInfo : nsISupports
     OPENER_POLICY_SAME_ORIGIN    = 1,
     OPENER_POLICY_SAME_SITE      = 2,
     OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG = 0x80,
     OPENER_POLICY_SAME_ORIGIN_ALLOW_OUTGOING = OPENER_POLICY_SAME_ORIGIN | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG,
     OPENER_POLICY_SAME_SITE_ALLOW_OUTGOING = OPENER_POLICY_SAME_SITE | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG
   };
 
   [infallible] attribute nsILoadInfo_CrossOriginOpenerPolicy openerPolicy;
-
-  cenum CrossOriginPolicy : 8 {
-    CROSS_ORIGIN_POLICY_NULL            = 0,
-    CROSS_ORIGIN_POLICY_ANONYMOUS       = 1,
-    CROSS_ORIGIN_POLICY_USE_CREDENTIALS = 2
-  };
 };
--- a/netwerk/protocol/http/nsHttpAtomList.h
+++ b/netwerk/protocol/http/nsHttpAtomList.h
@@ -36,17 +36,16 @@ HTTP_ATOM(Content_Encoding, "Content-Enc
 HTTP_ATOM(Content_Language, "Content-Language")
 HTTP_ATOM(Content_Length, "Content-Length")
 HTTP_ATOM(Content_Location, "Content-Location")
 HTTP_ATOM(Content_MD5, "Content-MD5")
 HTTP_ATOM(Content_Range, "Content-Range")
 HTTP_ATOM(Content_Type, "Content-Type")
 HTTP_ATOM(Cookie, "Cookie")
 HTTP_ATOM(Cross_Origin_Opener_Policy, "Cross-Origin-Opener-Policy")
-HTTP_ATOM(Cross_Origin, "Cross-Origin")
 HTTP_ATOM(Date, "Date")
 HTTP_ATOM(DAV, "DAV")
 HTTP_ATOM(Depth, "Depth")
 HTTP_ATOM(Destination, "Destination")
 HTTP_ATOM(DoNotTrack, "DNT")
 HTTP_ATOM(ETag, "Etag")
 HTTP_ATOM(Expect, "Expect")
 HTTP_ATOM(Expires, "Expires")
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -2446,23 +2446,16 @@ nsresult nsHttpChannel::ContinueProcessR
     rv = mAuthProvider->Disconnect(NS_ERROR_ABORT);
     if (NS_FAILED(rv)) {
       LOG(("  Disconnect failed (%08x)", static_cast<uint32_t>(rv)));
     }
     mAuthProvider = nullptr;
     LOG(("  continuation state has been reset"));
   }
 
-  rv = ProcessCrossOriginHeader();
-  if (NS_FAILED(rv)) {
-    mStatus = NS_ERROR_BLOCKED_BY_POLICY;
-    HandleAsyncAbort();
-    return NS_OK;
-  }
-
   rv = NS_OK;
   if (!mCanceled) {
     // notify "http-on-may-change-process" observers
     gHttpHandler->OnMayChangeProcess(this);
 
     if (mRedirectTabPromise) {
       MOZ_ASSERT(!mOnStartRequestCalled);
 
@@ -7313,83 +7306,16 @@ nsHttpChannel::HasCrossOriginOpenerPolic
       *aMismatch = true;
       return NS_OK;
     }
   }
 
   return NS_OK;
 }
 
-nsresult nsHttpChannel::GetResponseCrossOriginPolicy(
-    nsILoadInfo::CrossOriginPolicy *aResponseCrossOriginPolicy) {
-  if (!mResponseHead) {
-    return NS_ERROR_NOT_AVAILABLE;
-  }
-
-  nsILoadInfo::CrossOriginPolicy policy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-
-  nsAutoCString content;
-  Unused << mResponseHead->GetHeader(nsHttp::Cross_Origin, content);
-
-  // Cross-Origin = %s"anonymous" / %s"use-credentials" ; case-sensitive
-
-  if (content.EqualsLiteral("anonymous")) {
-    policy = nsILoadInfo::CROSS_ORIGIN_POLICY_ANONYMOUS;
-  } else if (content.EqualsLiteral("use-credentials")) {
-    policy = nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS;
-  }
-
-  *aResponseCrossOriginPolicy = policy;
-  return NS_OK;
-}
-
-nsresult nsHttpChannel::ProcessCrossOriginHeader() {
-  nsresult rv;
-  if (!StaticPrefs::browser_tabs_remote_useCrossOriginPolicy()) {
-    return NS_OK;
-  }
-
-  // Only consider Cross-Origin for document loads.
-  if (mLoadInfo->GetExternalContentPolicyType() !=
-          nsIContentPolicy::TYPE_DOCUMENT &&
-      mLoadInfo->GetExternalContentPolicyType() !=
-          nsIContentPolicy::TYPE_SUBDOCUMENT) {
-    return NS_OK;
-  }
-
-  RefPtr<mozilla::dom::BrowsingContext> ctx;
-  if (mLoadInfo->GetExternalContentPolicyType() ==
-      nsIContentPolicy::TYPE_DOCUMENT) {
-    mLoadInfo->GetBrowsingContext(getter_AddRefs(ctx));
-  } else {
-    mLoadInfo->GetFrameBrowsingContext(getter_AddRefs(ctx));
-  }
-
-  if (!ctx) {
-    return NS_OK;
-  }
-
-  nsILoadInfo::CrossOriginPolicy documentPolicy = ctx->CrossOriginPolicy();
-  nsILoadInfo::CrossOriginPolicy resultPolicy =
-      nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-  rv = GetResponseCrossOriginPolicy(&resultPolicy);
-  if (NS_FAILED(rv)) {
-    return NS_OK;
-  }
-
-  ctx->SetCrossOriginPolicy(resultPolicy);
-
-  if (documentPolicy != nsILoadInfo::CROSS_ORIGIN_POLICY_NULL &&
-      resultPolicy == nsILoadInfo::CROSS_ORIGIN_POLICY_NULL) {
-    return NS_ERROR_BLOCKED_BY_POLICY;
-  }
-
-  return NS_OK;
-}
-
 NS_IMETHODIMP
 nsHttpChannel::OnStartRequest(nsIRequest *request) {
   nsresult rv;
 
   MOZ_ASSERT(mRequestObserversCalled);
 
   AUTO_PROFILER_LABEL("nsHttpChannel::OnStartRequest", NETWORK);
 
@@ -7495,23 +7421,16 @@ nsHttpChannel::OnStartRequest(nsIRequest
   }
 
   // avoid crashing if mListener happens to be null...
   if (!mListener) {
     MOZ_ASSERT_UNREACHABLE("mListener is null");
     return NS_OK;
   }
 
-  rv = ProcessCrossOriginHeader();
-  if (NS_FAILED(rv)) {
-    mStatus = NS_ERROR_BLOCKED_BY_POLICY;
-    HandleAsyncAbort();
-    return NS_OK;
-  }
-
   // before we check for redirects, check if the load should be shifted into a
   // new process.
   rv = NS_OK;
   if (!mCanceled) {
     // notify "http-on-may-change-process" observers
     gHttpHandler->OnMayChangeProcess(this);
 
     if (mRedirectTabPromise) {
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -470,20 +470,16 @@ class nsHttpChannel final : public HttpB
   MOZ_MUST_USE nsresult
   ProcessContentSignatureHeader(nsHttpResponseHead *aResponseHead);
 
   /**
    * A function that will, if the feature is enabled, send security reports.
    */
   void ProcessSecurityReport(nsresult status);
 
-  nsresult GetResponseCrossOriginPolicy(
-      nsILoadInfo::CrossOriginPolicy *aResponseCrossOriginPolicy);
-  nsresult ProcessCrossOriginHeader();
-
   /**
    * A function to process a single security header (STS or PKP), assumes
    * some basic sanity checks have been applied to the channel. Called
    * from ProcessSecurityHeaders.
    */
   MOZ_MUST_USE nsresult ProcessSingleSecurityHeader(
       uint32_t aType, nsITransportSecurityInfo *aSecInfo, uint32_t aFlags);
 
--- a/toolkit/components/remotebrowserutils/tests/browser/browser.ini
+++ b/toolkit/components/remotebrowserutils/tests/browser/browser.ini
@@ -1,15 +1,13 @@
 [DEFAULT]
 run-if = e10s
 support-files =
   dummy_page.html
   print_postdata.sjs
   307redirect.sjs
   head.js
   coop_header.sjs
-  cross_origin_header.sjs
 
 [browser_RemoteWebNavigation.js]
 [browser_httpResponseProcessSelection.js]
 [browser_httpCrossOriginOpenerPolicy.js]
 [browser_httpToFileHistory.js]
-[browser_httpCrossOriginHeader.js]
deleted file mode 100644
--- a/toolkit/components/remotebrowserutils/tests/browser/browser_httpCrossOriginHeader.js
+++ /dev/null
@@ -1,150 +0,0 @@
-"use strict";
-
-const {E10SUtils} = ChromeUtils.import("resource://gre/modules/E10SUtils.jsm");
-
-const PREF_NAME = "browser.tabs.remote.useCrossOriginPolicy";
-
-function httpURL(filename, host = "https://example.com") {
-  let root = getRootDirectory(gTestPath)
-    .replace("chrome://mochitests/content", host);
-  return root + filename;
-}
-
-async function performLoad(browser, opts, action) {
-  let loadedPromise = BrowserTestUtils.browserStopped(
-    browser, opts.url, opts.maybeErrorPage);
-  await action();
-  await loadedPromise;
-}
-
-async function test_policy(start, target, expectError) {
-  return BrowserTestUtils.withNewTab({
-    gBrowser,
-    url: start,
-    waitForStateStop: true,
-  }, async function(browser) {
-    info(`Test tab ready: ${start}`);
-
-    await performLoad(browser, {
-      url: target,
-      maybeErrorPage: expectError,
-    }, async () => {
-      BrowserTestUtils.loadURI(browser, target);
-    });
-
-    info(`Navigated to: ${target}`);
-
-    let isError = await ContentTask.spawn(browser, null, () => {
-      return content.document.documentURI.startsWith("about:neterror");
-    });
-
-    Assert.equal(isError, expectError);
-  });
-}
-
-add_task(async function test_disabled() {
-  await SpecialPowers.pushPrefEnv({set: [[PREF_NAME, false]]});
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.org"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.org"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.com"), false);
-});
-
-
-add_task(async function test_enabled() {
-  await SpecialPowers.pushPrefEnv({set: [[PREF_NAME, true]]});
-  await test_policy(httpURL("cross_origin_header.sjs", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.org"), false);
-  await test_policy(httpURL("cross_origin_header.sjs", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs", "https://example.com"), httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs?use-credentials", "https://example.org"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), false);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.org"), true);
-  await test_policy(httpURL("cross_origin_header.sjs?use-credentials", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.com"), true);
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.org"), true);
-  await test_policy(httpURL("cross_origin_header.sjs?anonymous", "https://example.com"), httpURL("cross_origin_header.sjs", "https://example.com"), true);
-});
-
-// Loading an iframe without the header in a page that does should be an error
-add_task(async function test_frame_is_blocked() {
-  await SpecialPowers.pushPrefEnv({set: [[PREF_NAME, true]]});
-  let start = httpURL("cross_origin_header.sjs?use-credentials", "https://example.com");
-  return BrowserTestUtils.withNewTab({
-    gBrowser,
-    url: start,
-    waitForStateStop: true,
-  }, async function(browser) {
-    info(`Test tab ready: ${start}`);
-
-    await ContentTask.spawn(browser,
-                            httpURL("cross_origin_header.sjs?anonymous", "https://example.org"),
-                            async (target) => {
-      let subframe = content.document.createElement("iframe");
-      subframe.src = target;
-
-      let loaded = ContentTaskUtils.waitForEvent(content.wrappedJSObject, "DOMFrameContentLoaded");
-      content.document.body.appendChild(subframe);
-      await loaded;
-
-      info(`frame uri: ${subframe.contentDocument.documentURI}`);
-      Assert.ok(!subframe.contentDocument.documentURI.startsWith("about:neterror"), "Loading the frame should work");
-
-      let url = new URL(target);
-      url.search = "";
-
-      loaded = ContentTaskUtils.waitForEvent(content.wrappedJSObject, "DOMFrameContentLoaded");
-      subframe.src = url.href;
-      await loaded;
-
-      Assert.ok(subframe.contentDocument.documentURI.startsWith("about:neterror"), "navigation to page without header should error");
-    });
-
-    await ContentTask.spawn(browser,
-                            httpURL("cross_origin_header.sjs", "https://example.org"),
-                            async (target) => {
-      let subframe = content.document.createElement("iframe");
-      subframe.src = target;
-
-      let loaded = ContentTaskUtils.waitForEvent(content.wrappedJSObject, "DOMFrameContentLoaded");
-      content.document.body.appendChild(subframe);
-      await loaded;
-
-      info(`frame uri: ${subframe.contentDocument.documentURI}`);
-      Assert.ok(subframe.contentDocument.documentURI.startsWith("about:neterror"), "Loading the frame has failed");
-    });
-  });
-});
-
-add_task(async function test_frame2() {
-  await SpecialPowers.pushPrefEnv({set: [[PREF_NAME, true]]});
-  let start = httpURL("cross_origin_header.sjs", "https://example.com");
-  return BrowserTestUtils.withNewTab({
-    gBrowser,
-    url: start,
-    waitForStateStop: true,
-  }, async function(browser) {
-    info(`Test tab ready: ${start}`);
-
-    let iframe_target = httpURL("cross_origin_header.sjs?use-credentials", "https://example.org");
-    await ContentTask.spawn(browser, iframe_target, async (target) => {
-      let subframe = content.document.createElement("iframe");
-      subframe.src = target;
-
-      let loadedPromise = ContentTaskUtils.waitForEvent(subframe, "load");
-      content.document.body.appendChild(subframe);
-      await loadedPromise;
-
-      Assert.ok(!subframe.contentDocument.documentURI.startsWith("about:neterror"), "should not be an error");
-      let url = new URL(target);
-      url.search = "";
-
-      let loaded = ContentTaskUtils.waitForEvent(content.wrappedJSObject, "DOMFrameContentLoaded");
-      subframe.src = url.href;
-      await loaded;
-
-      Assert.ok(subframe.contentDocument.documentURI.startsWith("about:neterror"), "navigation to page without header should error");
-    });
-  });
-});
deleted file mode 100644
--- a/toolkit/components/remotebrowserutils/tests/browser/cross_origin_header.sjs
+++ /dev/null
@@ -1,13 +0,0 @@
-function handleRequest(request, response)
-{
-  response.setStatusLine(request.httpVersion, 200, "OK");
-
-  let coop = request.queryString;
-  if (coop.length > 0) {
-    response.setHeader("Cross-Origin", unescape(coop), false);
-  }
-
-  response.setHeader("Content-Type", "text/html; charset=utf-8", false);
-
-  response.write(`<!DOCTYPE html><html><body><p>Hello world: ${coop}</p></body></html>`);
-}