Bug 1909681 - Remove mixed content exception button and permission r=freddyb,devtools-reviewers,nchevobbe

Rationale on this can be found in Bug 1909681.

Differential Revision: https://phabricator.services.mozilla.com/D237065

browser/base/content/browser-siteIdentity.js

@@ -219,12 +219,6 @@ var gIdentityHandler = {
       "identity-popup-remove-cert-exception": () => {
         this.removeCertException();
       },
-      "identity-popup-disable-mixed-content-blocking": () => {
-        this.disableMixedContentProtection();
-      },
-      "identity-popup-enable-mixed-content-blocking": () => {
-        this.enableMixedContentProtection();
-      },
       "identity-popup-more-info": event => {
         this.handleMoreInfoClick(event);
       },
@@ -490,49 +484,6 @@ var gIdentityHandler = {
     Services.focus.clearFocus(window);
   },
 
-  disableMixedContentProtection() {
-    // Use telemetry to measure how often unblocking happens
-    const kMIXED_CONTENT_UNBLOCK_EVENT = 2;
-    Glean.mixedContent.unblockCounter.accumulateSingleSample(
-      kMIXED_CONTENT_UNBLOCK_EVENT
-    );
-
-    SitePermissions.setForPrincipal(
-      gBrowser.contentPrincipal,
-      "mixed-content",
-      SitePermissions.ALLOW,
-      SitePermissions.SCOPE_SESSION
-    );
-
-    // Reload the page with the content unblocked
-    BrowserCommands.reloadWithFlags(
-      Ci.nsIWebNavigation.LOAD_FLAGS_BYPASS_CACHE
-    );
-    if (this._popupInitialized) {
-      PanelMultiView.hidePopup(this._identityPopup);
-    }
-  },
-
-  // This is needed for some tests which need the permission reset, but which
-  // then reuse the browser and would race between the reload and the next
-  // load.
-  enableMixedContentProtectionNoReload() {
-    this.enableMixedContentProtection(false);
-  },
-
-  enableMixedContentProtection(reload = true) {
-    SitePermissions.removeFromPrincipal(
-      gBrowser.contentPrincipal,
-      "mixed-content"
-    );
-    if (reload) {
-      BrowserCommands.reload();
-    }
-    if (this._popupInitialized) {
-      PanelMultiView.hidePopup(this._identityPopup);
-    }
-  },
-
   removeCertException() {
     if (!this._uriHasHost) {
       console.error(

browser/base/content/test/siteIdentity/browser.toml

@@ -9,47 +9,6 @@ support-files = [
 https_first_disabled = true
 support-files = ["open-self-from-frame.html"]
 
-["browser_bug822367.js"]
-tags = "mcb"
-support-files = [
-  "file_bug822367_1.html",
-  "file_bug822367_1.js",
-  "file_bug822367_2.html",
-  "file_bug822367_3.html",
-  "file_bug822367_4.html",
-  "file_bug822367_4.js",
-  "file_bug822367_4B.html",
-  "file_bug822367_5.html",
-  "file_bug822367_6.html",
-]
-
-["browser_bug902156.js"]
-tags = "mcb"
-support-files = [
-  "file_bug902156.js",
-  "file_bug902156_1.html",
-  "file_bug902156_2.html",
-  "file_bug902156_3.html",
-]
-
-["browser_bug906190.js"]
-tags = "mcb"
-support-files = [
-  "file_bug906190_1.html",
-  "file_bug906190_2.html",
-  "file_bug906190_3_4.html",
-  "file_bug906190_redirected.html",
-  "file_bug906190.js",
-  "file_bug906190.sjs",
-]
-
-["browser_bug1045809.js"]
-tags = "mcb"
-support-files = [
-  "file_bug1045809_1.html",
-  "file_bug1045809_2.html",
-]
-
 ["browser_check_identity_state.js"]
 skip-if = ["os == 'win' && !debug && msix"] # Bug 1895285
 https_first_disabled = true
@@ -157,7 +116,7 @@ support-files = ["test-mixedcontent-securityerrors.html"]
 tags = "mcb"
 support-files = [
   "file_mixedPassiveContent.html",
-  "file_bug1045809_1.html",
+  "file_mixedActiveContent_1.html",
 ]
 
 ["browser_mixed_passive_content_indicator.js"]

browser/base/content/test/siteIdentity/browser_bug1045809.js

@@ -1,105 +0,0 @@
-// Test that the Mixed Content Doorhanger Action to re-enable protection works
-
-const PREF_ACTIVE = "security.mixed_content.block_active_content";
-const PREF_INSECURE = "security.insecure_connection_icon.enabled";
-const TEST_URL =
-  getRootDirectory(gTestPath).replace(
-    "chrome://mochitests/content",
-    "https://example.com"
-  ) + "file_bug1045809_1.html";
-
-var origBlockActive;
-
-add_task(async function () {
-  registerCleanupFunction(function () {
-    Services.prefs.setBoolPref(PREF_ACTIVE, origBlockActive);
-    gBrowser.removeCurrentTab();
-  });
-
-  // Store original preferences so we can restore settings after testing
-  origBlockActive = Services.prefs.getBoolPref(PREF_ACTIVE);
-
-  // Make sure mixed content blocking is on
-  Services.prefs.setBoolPref(PREF_ACTIVE, true);
-
-  let tab = (gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser));
-
-  // Check with insecure lock disabled
-  await SpecialPowers.pushPrefEnv({ set: [[PREF_INSECURE, false]] });
-  await runTests(tab);
-
-  // Check with insecure lock disabled
-  await SpecialPowers.pushPrefEnv({ set: [[PREF_INSECURE, true]] });
-  await runTests(tab);
-});
-
-async function runTests(tab) {
-  // Test 1: mixed content must be blocked
-  await promiseTabLoadEvent(tab, TEST_URL);
-  await test1(gBrowser.getBrowserForTab(tab));
-
-  await promiseTabLoadEvent(tab);
-  // Test 2: mixed content must NOT be blocked
-  await test2(gBrowser.getBrowserForTab(tab));
-
-  // Test 3: mixed content must be blocked again
-  await promiseTabLoadEvent(tab);
-  await test3(gBrowser.getBrowserForTab(tab));
-}
-
-async function test1(gTestBrowser) {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  await SpecialPowers.spawn(gTestBrowser, [], function () {
-    let iframe = content.document.getElementsByTagName("iframe")[0];
-
-    SpecialPowers.spawn(iframe, [], () => {
-      let container = content.document.getElementById("mixedContentContainer");
-      is(container, null, "Mixed Content is NOT to be found in Test1");
-    });
-  });
-
-  // Disable Mixed Content Protection for the page (and reload)
-  gIdentityHandler.disableMixedContentProtection();
-}
-
-async function test2(gTestBrowser) {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: true,
-    activeBlocked: false,
-    passiveLoaded: false,
-  });
-
-  await SpecialPowers.spawn(gTestBrowser, [], function () {
-    let iframe = content.document.getElementsByTagName("iframe")[0];
-
-    SpecialPowers.spawn(iframe, [], () => {
-      let container = content.document.getElementById("mixedContentContainer");
-      isnot(container, null, "Mixed Content is to be found in Test2");
-    });
-  });
-
-  // Re-enable Mixed Content Protection for the page (and reload)
-  gIdentityHandler.enableMixedContentProtection();
-}
-
-async function test3(gTestBrowser) {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  await SpecialPowers.spawn(gTestBrowser, [], function () {
-    let iframe = content.document.getElementsByTagName("iframe")[0];
-
-    SpecialPowers.spawn(iframe, [], () => {
-      let container = content.document.getElementById("mixedContentContainer");
-      is(container, null, "Mixed Content is NOT to be found in Test3");
-    });
-  });
-}

browser/base/content/test/siteIdentity/browser_bug822367.js

@@ -1,254 +0,0 @@
-/*
- * User Override Mixed Content Block - Tests for Bug 822367
- */
-
-const PREF_DISPLAY = "security.mixed_content.block_display_content";
-const PREF_DISPLAY_UPGRADE = "security.mixed_content.upgrade_display_content";
-const PREF_ACTIVE = "security.mixed_content.block_active_content";
-
-// We alternate for even and odd test cases to simulate different hosts
-const HTTPS_TEST_ROOT = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://example.com"
-);
-const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://test1.example.com"
-);
-
-var gTestBrowser = null;
-
-add_task(async function test() {
-  await SpecialPowers.pushPrefEnv({
-    set: [
-      [PREF_DISPLAY, true],
-      [PREF_DISPLAY_UPGRADE, false],
-      [PREF_ACTIVE, true],
-    ],
-  });
-
-  var newTab = BrowserTestUtils.addTab(gBrowser);
-  gBrowser.selectedTab = newTab;
-  gTestBrowser = gBrowser.selectedBrowser;
-  newTab.linkedBrowser.stop();
-
-  // Mixed Script Test
-  var url = HTTPS_TEST_ROOT + "file_bug822367_1.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-});
-
-// Mixed Script Test
-add_task(async function MixedTest1A() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-});
-
-add_task(async function MixedTest1B() {
-  await SpecialPowers.spawn(gTestBrowser, [], async function () {
-    await ContentTaskUtils.waitForCondition(
-      () => content.document.getElementById("p1").innerHTML == "hello",
-      "Waited too long for mixed script to run in Test 1"
-    );
-  });
-  gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
-});
-
-// Mixed Display Test - Doorhanger should not appear
-add_task(async function MixedTest2() {
-  var url = HTTPS_TEST_ROOT_2 + "file_bug822367_2.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: false,
-    passiveLoaded: false,
-  });
-});
-
-// Mixed Script and Display Test - User Override should cause both the script and the image to load.
-add_task(async function MixedTest3() {
-  var url = HTTPS_TEST_ROOT + "file_bug822367_3.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-});
-
-add_task(async function MixedTest3A() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-});
-
-add_task(async function MixedTest3B() {
-  await SpecialPowers.spawn(gTestBrowser, [], async function () {
-    let p1 = ContentTaskUtils.waitForCondition(
-      () => content.document.getElementById("p1").innerHTML == "hello",
-      "Waited too long for mixed script to run in Test 3"
-    );
-    let p2 = ContentTaskUtils.waitForCondition(
-      () => content.document.getElementById("p2").innerHTML == "bye",
-      "Waited too long for mixed image to load in Test 3"
-    );
-    await Promise.all([p1, p2]);
-  });
-
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: true,
-    activeBlocked: false,
-    passiveLoaded: true,
-  });
-  gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
-});
-
-// Location change - User override on one page doesn't propagate to another page after location change.
-add_task(async function MixedTest4() {
-  var url = HTTPS_TEST_ROOT_2 + "file_bug822367_4.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-});
-
-let preLocationChangePrincipal = null;
-add_task(async function MixedTest4A() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  preLocationChangePrincipal = gTestBrowser.contentPrincipal;
-  gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-});
-
-add_task(async function MixedTest4B() {
-  let url = HTTPS_TEST_ROOT + "file_bug822367_4B.html";
-  await SpecialPowers.spawn(gTestBrowser, [url], async function (wantedUrl) {
-    await ContentTaskUtils.waitForCondition(
-      () => content.document.location == wantedUrl,
-      "Waited too long for mixed script to run in Test 4"
-    );
-  });
-});
-
-add_task(async function MixedTest4C() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  await SpecialPowers.spawn(gTestBrowser, [], async function () {
-    await ContentTaskUtils.waitForCondition(
-      () => content.document.getElementById("p1").innerHTML == "",
-      "Mixed script loaded in test 4 after location change!"
-    );
-  });
-  SitePermissions.removeFromPrincipal(
-    preLocationChangePrincipal,
-    "mixed-content"
-  );
-});
-
-// Mixed script attempts to load in a document.open()
-add_task(async function MixedTest5() {
-  var url = HTTPS_TEST_ROOT + "file_bug822367_5.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-});
-
-add_task(async function MixedTest5A() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-});
-
-add_task(async function MixedTest5B() {
-  await SpecialPowers.spawn(gTestBrowser, [], async function () {
-    await ContentTaskUtils.waitForCondition(
-      () => content.document.getElementById("p1").innerHTML == "hello",
-      "Waited too long for mixed script to run in Test 5"
-    );
-  });
-  gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
-});
-
-// Mixed script attempts to load in a document.open() that is within an iframe.
-add_task(async function MixedTest6() {
-  var url = HTTPS_TEST_ROOT_2 + "file_bug822367_6.html";
-  BrowserTestUtils.startLoadingURIString(gTestBrowser, url);
-  await BrowserTestUtils.browserLoaded(gTestBrowser, false, url);
-});
-
-add_task(async function MixedTest6A() {
-  gTestBrowser.removeEventListener("load", MixedTest6A, true);
-  let { gIdentityHandler } = gTestBrowser.ownerGlobal;
-
-  await TestUtils.waitForCondition(
-    () =>
-      gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
-    "Waited too long for control center to get mixed active blocked state"
-  );
-});
-
-add_task(async function MixedTest6B() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: false,
-    activeBlocked: true,
-    passiveLoaded: false,
-  });
-
-  gTestBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-});
-
-add_task(async function MixedTest6C() {
-  await SpecialPowers.spawn(gTestBrowser, [], async function () {
-    function test() {
-      try {
-        return (
-          content.document
-            .getElementById("f1")
-            .contentDocument.getElementById("p1").innerHTML == "hello"
-        );
-      } catch (e) {
-        return false;
-      }
-    }
-
-    await ContentTaskUtils.waitForCondition(
-      test,
-      "Waited too long for mixed script to run in Test 6"
-    );
-  });
-});
-
-add_task(async function MixedTest6D() {
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: true,
-    activeBlocked: false,
-    passiveLoaded: false,
-  });
-  gTestBrowser.ownerGlobal.gIdentityHandler.enableMixedContentProtectionNoReload();
-});
-
-add_task(async function cleanup() {
-  gBrowser.removeCurrentTab();
-});

browser/base/content/test/siteIdentity/browser_bug902156.js

@@ -1,171 +0,0 @@
-/*
- * Description of the Tests for
- *  - Bug 902156: Persist "disable protection" option for Mixed Content Blocker
- *
- * 1. Navigate to the same domain via document.location
- *    - Load a html page which has mixed content
- *    - Control Center button to disable protection appears - we disable it
- *    - Load a new page from the same origin using document.location
- *    - Control Center button should not appear anymore!
- *
- * 2. Navigate to the same domain via simulateclick for a link on the page
- *    - Load a html page which has mixed content
- *    - Control Center button to disable protection appears - we disable it
- *    - Load a new page from the same origin simulating a click
- *    - Control Center button should not appear anymore!
- *
- * 3. Navigate to a differnet domain and show the content is still blocked
- *    - Load a different html page which has mixed content
- *    - Control Center button to disable protection should appear again because
- *      we navigated away from html page where we disabled the protection.
- *
- * Note, for all tests we set gHttpTestRoot to use 'https'.
- */
-
-const PREF_ACTIVE = "security.mixed_content.block_active_content";
-
-// We alternate for even and odd test cases to simulate different hosts.
-const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://test1.example.com"
-);
-const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://test2.example.com"
-);
-
-add_setup(async function () {
-  await SpecialPowers.pushPrefEnv({ set: [[PREF_ACTIVE, true]] });
-});
-
-add_task(async function test1() {
-  let url = HTTPS_TEST_ROOT_1 + "file_bug902156_1.html";
-  await BrowserTestUtils.withNewTab(url, async function (browser) {
-    await assertMixedContentBlockingState(browser, {
-      activeLoaded: false,
-      activeBlocked: true,
-      passiveLoaded: false,
-    });
-
-    // Disable Mixed Content Protection for the page (and reload)
-    let browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
-    let { gIdentityHandler } = browser.ownerGlobal;
-    gIdentityHandler.disableMixedContentProtection();
-    await browserLoaded;
-
-    await SpecialPowers.spawn(browser, [], async function () {
-      let expected = "Mixed Content Blocker disabled";
-      await ContentTaskUtils.waitForCondition(
-        () =>
-          content.document.getElementById("mctestdiv").innerHTML == expected,
-        "Error: Waited too long for mixed script to run in Test 1"
-      );
-
-      let actual = content.document.getElementById("mctestdiv").innerHTML;
-      is(
-        actual,
-        "Mixed Content Blocker disabled",
-        "OK: Executed mixed script in Test 1"
-      );
-    });
-
-    // The Script loaded after we disabled the page, now we are going to reload the
-    // page and see if our decision is persistent
-    url = HTTPS_TEST_ROOT_1 + "file_bug902156_2.html";
-    browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
-    BrowserTestUtils.startLoadingURIString(browser, url);
-    await browserLoaded;
-
-    // The Control Center button should appear but isMixedContentBlocked should be NOT true,
-    // because our decision of disabling the mixed content blocker is persistent.
-    await assertMixedContentBlockingState(browser, {
-      activeLoaded: true,
-      activeBlocked: false,
-      passiveLoaded: false,
-    });
-    await SpecialPowers.spawn(browser, [], function () {
-      let actual = content.document.getElementById("mctestdiv").innerHTML;
-      is(
-        actual,
-        "Mixed Content Blocker disabled",
-        "OK: Executed mixed script in Test 1"
-      );
-    });
-    gIdentityHandler.enableMixedContentProtection();
-  });
-});
-
-// ------------------------ Test 2 ------------------------------
-
-add_task(async function test2() {
-  let url = HTTPS_TEST_ROOT_2 + "file_bug902156_2.html";
-  await BrowserTestUtils.withNewTab(url, async function (browser) {
-    await assertMixedContentBlockingState(browser, {
-      activeLoaded: false,
-      activeBlocked: true,
-      passiveLoaded: false,
-    });
-
-    // Disable Mixed Content Protection for the page (and reload)
-    let browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
-    let { gIdentityHandler } = browser.ownerGlobal;
-    gIdentityHandler.disableMixedContentProtection();
-    await browserLoaded;
-
-    await SpecialPowers.spawn(browser, [], async function () {
-      let expected = "Mixed Content Blocker disabled";
-      await ContentTaskUtils.waitForCondition(
-        () =>
-          content.document.getElementById("mctestdiv").innerHTML == expected,
-        "Error: Waited too long for mixed script to run in Test 2"
-      );
-
-      let actual = content.document.getElementById("mctestdiv").innerHTML;
-      is(
-        actual,
-        "Mixed Content Blocker disabled",
-        "OK: Executed mixed script in Test 2"
-      );
-    });
-
-    // The Script loaded after we disabled the page, now we are going to reload the
-    // page and see if our decision is persistent
-    url = HTTPS_TEST_ROOT_2 + "file_bug902156_1.html";
-    browserLoaded = BrowserTestUtils.browserLoaded(browser, false, url);
-    // reload the page using the provided link in the html file
-    await SpecialPowers.spawn(browser, [], function () {
-      let mctestlink = content.document.getElementById("mctestlink");
-      mctestlink.click();
-    });
-    await browserLoaded;
-
-    // The Control Center button should appear but isMixedContentBlocked should be NOT true,
-    // because our decision of disabling the mixed content blocker is persistent.
-    await assertMixedContentBlockingState(browser, {
-      activeLoaded: true,
-      activeBlocked: false,
-      passiveLoaded: false,
-    });
-
-    await SpecialPowers.spawn(browser, [], function () {
-      let actual = content.document.getElementById("mctestdiv").innerHTML;
-      is(
-        actual,
-        "Mixed Content Blocker disabled",
-        "OK: Executed mixed script in Test 2"
-      );
-    });
-    gIdentityHandler.enableMixedContentProtection();
-  });
-});
-
-add_task(async function test3() {
-  let url = HTTPS_TEST_ROOT_1 + "file_bug902156_3.html";
-  await BrowserTestUtils.withNewTab(url, async function (browser) {
-    await assertMixedContentBlockingState(browser, {
-      activeLoaded: false,
-      activeBlocked: true,
-      passiveLoaded: false,
-    });
-  });
-});

browser/base/content/test/siteIdentity/browser_bug906190.js

@@ -1,339 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-/*
- * Tests the persistence of the "disable protection" option for Mixed Content
- * Blocker in child tabs (bug 906190).
- */
-
-requestLongerTimeout(2);
-
-// We use the different urls for testing same origin checks before allowing
-// mixed content on child tabs.
-const HTTPS_TEST_ROOT_1 = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://test1.example.com"
-);
-const HTTPS_TEST_ROOT_2 = getRootDirectory(gTestPath).replace(
-  "chrome://mochitests/content",
-  "https://test2.example.com"
-);
-
-/**
- * For all tests, we load the pages over HTTPS and test both:
- *   - |CTRL+CLICK|
- *   - |RIGHT CLICK -> OPEN LINK IN TAB|
- */
-async function doTest(
-  parentTabSpec,
-  childTabSpec,
-  testTaskFn,
-  waitForMetaRefresh
-) {
-  await BrowserTestUtils.withNewTab(
-    {
-      gBrowser,
-      url: parentTabSpec,
-    },
-    async function (browser) {
-      // As a sanity check, test that active content has been blocked as expected.
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: false,
-        activeBlocked: true,
-        passiveLoaded: false,
-      });
-
-      // Disable the Mixed Content Blocker for the page, which reloads it.
-      let promiseReloaded = BrowserTestUtils.browserLoaded(browser);
-      let principal = gBrowser.contentPrincipal;
-      gIdentityHandler.disableMixedContentProtection();
-      await promiseReloaded;
-
-      // Wait for the script in the page to update the contents of the test div.
-      await SpecialPowers.spawn(
-        browser,
-        [childTabSpec],
-        async childTabSpecContent => {
-          let testDiv = content.document.getElementById("mctestdiv");
-          await ContentTaskUtils.waitForCondition(
-            () => testDiv.innerHTML == "Mixed Content Blocker disabled"
-          );
-
-          // Add the link for the child tab to the page.
-          let mainDiv = content.document.createElement("div");
-
-          mainDiv.innerHTML =
-            '<p><a id="linkToOpenInNewTab" href="' +
-            childTabSpecContent +
-            '">Link</a></p>';
-          content.document.body.appendChild(mainDiv);
-        }
-      );
-
-      // Execute the test in the child tabs with the two methods to open it.
-      for (let openFn of [simulateCtrlClick, simulateContextMenuOpenInTab]) {
-        let promiseTabLoaded = waitForSomeTabToLoad();
-        openFn(browser);
-        await promiseTabLoaded;
-        gBrowser.selectTabAtIndex(2);
-
-        if (waitForMetaRefresh) {
-          await waitForSomeTabToLoad();
-        }
-
-        await testTaskFn();
-
-        gBrowser.removeCurrentTab();
-      }
-
-      SitePermissions.removeFromPrincipal(principal, "mixed-content");
-    }
-  );
-}
-
-function simulateCtrlClick(browser) {
-  BrowserTestUtils.synthesizeMouseAtCenter(
-    "#linkToOpenInNewTab",
-    { ctrlKey: true, metaKey: true },
-    browser
-  );
-}
-
-function simulateContextMenuOpenInTab(browser) {
-  BrowserTestUtils.waitForEvent(document, "popupshown", false, event => {
-    // These are operations that must be executed synchronously with the event.
-    document.getElementById("context-openlinkintab").doCommand();
-    event.target.hidePopup();
-    return true;
-  });
-  BrowserTestUtils.synthesizeMouseAtCenter(
-    "#linkToOpenInNewTab",
-    { type: "contextmenu", button: 2 },
-    browser
-  );
-}
-
-// Waits for a load event somewhere in the browser but ignore events coming
-// from <xul:browser>s without a tab assigned. That are most likely browsers
-// that preload the new tab page.
-function waitForSomeTabToLoad() {
-  return BrowserTestUtils.firstBrowserLoaded(window, true, browser => {
-    let tab = gBrowser.getTabForBrowser(browser);
-    return !!tab;
-  });
-}
-
-/**
- * Ensure the Mixed Content Blocker is enabled.
- */
-add_task(async function test_initialize() {
-  await SpecialPowers.pushPrefEnv({
-    set: [
-      ["security.mixed_content.block_active_content", true],
-      // We need to disable the dFPI heuristic. So, we won't have unnecessary
-      // 3rd party cookie permission that could affect following tests because
-      // it will create a permission icon on the URL bar.
-      ["privacy.restrict3rdpartystorage.heuristic.recently_visited", false],
-    ],
-  });
-});
-
-/**
- * 1. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a subpage from the same origin in a new tab simulating a click
- *    - Doorhanger should >> NOT << appear anymore!
- */
-add_task(async function test_same_origin() {
-  await doTest(
-    HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_1 + "file_bug906190_2.html",
-    async function () {
-      // The doorhanger should appear but activeBlocked should be >> NOT << true,
-      // because our decision of disabling the mixed content blocker is persistent
-      // across tabs.
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: true,
-        activeBlocked: false,
-        passiveLoaded: false,
-      });
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker disabled",
-          "OK: Executed mixed script"
-        );
-      });
-    }
-  );
-});
-
-/**
- * 2. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a new page from a different origin in a new tab simulating a click
- *    - Doorhanger >> SHOULD << appear again!
- */
-add_task(async function test_different_origin() {
-  await doTest(
-    HTTPS_TEST_ROOT_1 + "file_bug906190_2.html",
-    HTTPS_TEST_ROOT_2 + "file_bug906190_2.html",
-    async function () {
-      // The doorhanger should appear and activeBlocked should be >> TRUE <<,
-      // because our decision of disabling the mixed content blocker should only
-      // persist if pages are from the same domain.
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: false,
-        activeBlocked: true,
-        passiveLoaded: false,
-      });
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker enabled",
-          "OK: Blocked mixed script"
-        );
-      });
-    }
-  );
-});
-
-/**
- * 3. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a new page from the same origin in a new tab simulating a click
- *    - Redirect to another page from the same origin using meta-refresh
- *    - Doorhanger should >> NOT << appear again!
- */
-add_task(async function test_same_origin_metarefresh_same_origin() {
-  // file_bug906190_3_4.html redirects to page test1.example.com/* using meta-refresh
-  await doTest(
-    HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_1 + "file_bug906190_3_4.html",
-    async function () {
-      // The doorhanger should appear but activeBlocked should be >> NOT << true!
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: true,
-        activeBlocked: false,
-        passiveLoaded: false,
-      });
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker disabled",
-          "OK: Executed mixed script"
-        );
-      });
-    },
-    true
-  );
-});
-
-/**
- * 4. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a new page from the same origin in a new tab simulating a click
- *    - Redirect to another page from a different origin using meta-refresh
- *    - Doorhanger >> SHOULD << appear again!
- */
-add_task(async function test_same_origin_metarefresh_different_origin() {
-  await doTest(
-    HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_2 + "file_bug906190_3_4.html",
-    async function () {
-      // The doorhanger should appear and activeBlocked should be >> TRUE <<.
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: false,
-        activeBlocked: true,
-        passiveLoaded: false,
-      });
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker enabled",
-          "OK: Blocked mixed script"
-        );
-      });
-    },
-    true
-  );
-});
-
-/**
- * 5. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a new page from the same origin in a new tab simulating a click
- *    - Redirect to another page from the same origin using 302 redirect
- */
-add_task(async function test_same_origin_302redirect_same_origin() {
-  // the sjs files returns a 302 redirect- note, same origins
-  await doTest(
-    HTTPS_TEST_ROOT_1 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_1 + "file_bug906190.sjs",
-    async function () {
-      // The doorhanger should appear but activeBlocked should be >> NOT << true.
-      // Currently it is >> TRUE << - see follow up bug 914860
-      ok(
-        !gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
-        "OK: Mixed Content is NOT being blocked"
-      );
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker disabled",
-          "OK: Executed mixed script"
-        );
-      });
-    }
-  );
-});
-
-/**
- * 6. - Load a html page which has mixed content
- *    - Doorhanger to disable protection appears - we disable it
- *    - Load a new page from the same origin in a new tab simulating a click
- *    - Redirect to another page from a different origin using 302 redirect
- */
-add_task(async function test_same_origin_302redirect_different_origin() {
-  // the sjs files returns a 302 redirect - note, different origins
-  await doTest(
-    HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_2 + "file_bug906190.sjs",
-    async function () {
-      // The doorhanger should appear and activeBlocked should be >> TRUE <<.
-      await assertMixedContentBlockingState(gBrowser, {
-        activeLoaded: false,
-        activeBlocked: true,
-        passiveLoaded: false,
-      });
-
-      await SpecialPowers.spawn(gBrowser.selectedBrowser, [], async () => {
-        Assert.equal(
-          content.document.getElementById("mctestdiv").innerHTML,
-          "Mixed Content Blocker enabled",
-          "OK: Blocked mixed script"
-        );
-      });
-    }
-  );
-});
-
-/**
- * 7. - Test memory leak issue on redirection error. See Bug 1269426.
- */
-add_task(async function test_bad_redirection() {
-  // the sjs files returns a 302 redirect - note, different origins
-  await doTest(
-    HTTPS_TEST_ROOT_2 + "file_bug906190_1.html",
-    HTTPS_TEST_ROOT_2 + "file_bug906190.sjs?bad-redirection=1",
-    function () {
-      // Nothing to do. Just see if memory leak is reported in the end.
-      ok(true, "Nothing to do");
-    }
-  );
-});

browser/base/content/test/siteIdentity/browser_mixed_content_cert_override.js

@@ -45,12 +45,6 @@ add_task(async function () {
   await loadBadCertPage(MIXED_CONTENT_URL);
   checkIdentityPopup("security-warning.svg");
 
-  // check that the crossed out icon is shown when disabling mixed content protection
-  gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
-
-  checkIdentityPopup("security-broken.svg");
-
   // check that a warning is shown even without mixed content
   BrowserTestUtils.startLoadingURIString(
     gBrowser.selectedBrowser,

browser/base/content/test/siteIdentity/browser_mixed_content_with_navigation.js

@@ -22,7 +22,7 @@ const kTestcases = [
     expectedIdentityMode: "mixedDisplayContent",
   },
   {
-    uri: kBaseURI + "file_bug1045809_1.html",
+    uri: kBaseURI + "file_mixedActiveContent_1.html",
     expectErrorPage: false,
     expectedIdentityMode: "mixedActiveBlocked",
   },

browser/base/content/test/siteIdentity/browser_mixedcontent_securityflags.js

@@ -7,8 +7,6 @@
 //   loaded) we load the page and check the flags.
 // * We change the about:config prefs (mixed active blocked, mixed display
 //   blocked), reload the page, and check the flags again.
-// * We override protection so all mixed content can load and check the
-//   flags again.
 
 const TEST_URI =
   getRootDirectory(gTestPath).replace(
@@ -56,16 +54,3 @@ add_task(async function blockMixedActiveContentTest() {
     passiveLoaded: false,
   });
 });
-
-add_task(async function overrideMCB() {
-  // Disable mixed content blocking (reloads page) and retest
-  let { gIdentityHandler } = gTestBrowser.ownerGlobal;
-  gIdentityHandler.disableMixedContentProtection();
-  await BrowserTestUtils.browserLoaded(gTestBrowser);
-
-  await assertMixedContentBlockingState(gTestBrowser, {
-    activeLoaded: true,
-    activeBlocked: false,
-    passiveLoaded: true,
-  });
-});

browser/base/content/test/siteIdentity/file_bug822367_1.html

@@ -1,18 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 1 for Mixed Content Blocker User Override - Mixed Script
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 1 for Bug 822367</title>
-</head>
-<body>
-  <div id="testContent">
-    <p id="p1"></p>
-  </div>
-  <script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
-  </script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_1.js

@@ -1 +0,0 @@
-document.getElementById("p1").innerHTML = "hello";

browser/base/content/test/siteIdentity/file_bug822367_2.html

@@ -1,16 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 2 for Mixed Content Blocker User Override - Mixed Display
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 2 for Bug 822367 - Mixed Display</title>
-</head>
-<body>
-  <div id="testContent">
-    <img src="http://example.com/tests/image/test/mochitest/blue.png">
-  </div>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_3.html

@@ -1,27 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 3 for Mixed Content Blocker User Override - Mixed Script and Display
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 3 for Bug 822367</title>
-  <script>
-  function foo() {
-    var x = document.createElement("p");
-    x.setAttribute("id", "p2");
-    x.innerHTML = "bye";
-    document.getElementById("testContent").appendChild(x);
-  }
-  </script>
-</head>
-<body>
-  <div id="testContent">
-    <p id="p1"></p>
-    <img src="http://example.com/tests/image/test/mochitest/blue.png" onload="foo()">
-  </div>
-  <script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
-  </script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_4.html

@@ -1,18 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 4 for Mixed Content Blocker User Override - Mixed Script and Display
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 4 for Bug 822367</title>
-</head>
-<body>
-  <div id="testContent">
-    <p id="p1"></p>
-  </div>
-  <script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_4.js">
-  </script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_4.js

@@ -1,2 +0,0 @@
-document.location =
-  "https://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_4B.html";

browser/base/content/test/siteIdentity/file_bug822367_4B.html

@@ -1,18 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 4B for Mixed Content Blocker User Override - Location Changed
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 4B Location Change for Bug 822367</title>
-</head>
-<body>
-  <div id="testContent">
-    <p id="p1"></p>
-  </div>
-  <script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">
-  </script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_5.html

@@ -1,23 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 5 for Mixed Content Blocker User Override - Mixed Script in document.open()
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 5 for Bug 822367</title>
-  <script>
-    function createDoc() {
-      var doc = document.open("text/html", "replace");
-      doc.write('<!DOCTYPE html><html><body><p id="p1">This is some content</p><script src="http://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_1.js">\<\/script\>\<\/body>\<\/html>');
-      doc.close();
-    }
-  </script>
-</head>
-<body>
-  <div id="testContent">
-    <img src="https://example.com/tests/image/test/mochitest/blue.png" onload="createDoc()">
-  </div>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug822367_6.html

@@ -1,16 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-Test 6 for Mixed Content Blocker User Override - Mixed Script in document.open() within an iframe
-https://bugzilla.mozilla.org/show_bug.cgi?id=822367
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 6 for Bug 822367</title>
-</head>
-<body>
-  <div id="testContent">
-    <iframe name="f1" id="f1" src="https://example.com/browser/browser/base/content/test/siteIdentity/file_bug822367_5.html"></iframe>
-  </div>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug902156.js

@@ -1,6 +0,0 @@
-/*
- * Once the mixed content blocker is disabled for the page, this scripts loads
- * and updates the text inside the div container.
- */
-document.getElementById("mctestdiv").innerHTML =
-  "Mixed Content Blocker disabled";

browser/base/content/test/siteIdentity/file_bug902156_1.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 1 for Bug 902156 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=902156
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 1 for Bug 902156</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug902156_2.html

@@ -1,17 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 2 for Bug 902156 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=902156
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 2 for Bug 902156</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <a href="https://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156_1.html"
-     id="mctestlink" target="_top">Go to http site</a>
-  <script src="http://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug902156_3.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 3 for Bug 902156 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=902156
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 3 for Bug 902156</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug902156.js" ></script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug906190.js

@@ -1,6 +0,0 @@
-/*
- * Once the mixed content blocker is disabled for the page, this scripts loads
- * and updates the text inside the div container.
- */
-document.getElementById("mctestdiv").innerHTML =
-  "Mixed Content Blocker disabled";

browser/base/content/test/siteIdentity/file_bug906190.sjs

@@ -1,18 +0,0 @@
-function handleRequest(request, response) {
-  var page = "<!DOCTYPE html><html><body>bug 906190</body></html>";
-  var path =
-    "https://test1.example.com/browser/browser/base/content/test/siteIdentity/";
-  var url;
-
-  if (request.queryString.includes("bad-redirection=1")) {
-    url = path + "this_page_does_not_exist.html";
-  } else {
-    url = path + "file_bug906190_redirected.html";
-  }
-
-  response.setHeader("Cache-Control", "no-cache", false);
-  response.setHeader("Content-Type", "text/html", false);
-  response.setStatusLine(request.httpVersion, "302", "Found");
-  response.setHeader("Location", url, false);
-  response.write(page);
-}

browser/base/content/test/siteIdentity/file_bug906190_1.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 1 for Bug 906190 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=906190
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 1 for Bug 906190</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug906190_2.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 2 for Bug 906190 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=906190
--->
-<head>
-  <meta charset="utf-8">
-  <title>Test 2 for Bug 906190</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <script src="http://test2.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug906190_3_4.html

@@ -1,14 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Test 3 and 4 for Bug 906190 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=906190
--->
-<head>
-  <meta charset="utf-8">
-  <meta http-equiv="refresh" content="0; url=https://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190_redirected.html">
-  <title>Test 3 and 4 for Bug 906190</title>
-</head>
-<body>
-</body>
-</html>

browser/base/content/test/siteIdentity/file_bug906190_redirected.html

@@ -1,15 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<!--
-  Redirected Page of Test 3 to 6 for Bug 906190 - See file browser_bug902156.js for description.
-  https://bugzilla.mozilla.org/show_bug.cgi?id=906190
--->
-<head>
-  <meta charset="utf-8">
-  <title>Redirected Page for Bug 906190</title>
-</head>
-<body>
-  <div id="mctestdiv">Mixed Content Blocker enabled</div>
-  <script src="http://test1.example.com/browser/browser/base/content/test/siteIdentity/file_bug906190.js" ></script>
-</body>
-</html>

browser/components/controlcenter/content/identityPanel.inc.xhtml

@@ -179,17 +179,6 @@
             <html:a is="moz-support-link" when-mixedcontent="active-loaded"
                        and-when-loginforms="secure" class="identity-popup-mcb-learn-more" support-page="mixed-content"/>
           </hbox>
-
-
-          <!-- Buttons to enable/disable mixed content blocking. -->
-          <button id="identity-popup-disable-mixed-content-blocking"
-                  when-mixedcontent="active-blocked"
-                  data-l10n-id="identity-disable-mixed-content-blocking"
-                  class="panel-button"/>
-          <button id="identity-popup-enable-mixed-content-blocking"
-                  when-mixedcontent="active-loaded"
-                  data-l10n-id="identity-enable-mixed-content-blocking"
-                  class="panel-button"/>
         </vbox>
       </vbox>
 

browser/locales/en-US/browser/browser.ftl

@@ -454,12 +454,6 @@ identity-description-passive-loaded-insecure2 = This website contains content th
 identity-description-passive-loaded-mixed2 = Although { -brand-short-name } has blocked some content, there is still content on the page that is not secure (such as images).
 identity-description-active-loaded = This website contains content that is not secure (such as scripts) and your connection to it is not private.
 identity-description-active-loaded-insecure = Information you share with this site could be viewed by others (like passwords, messages, credit cards, etc.).
-identity-disable-mixed-content-blocking =
-    .label = Disable protection for now
-    .accesskey = D
-identity-enable-mixed-content-blocking =
-    .label = Enable protection
-    .accesskey = E
 identity-more-info-link-text =
     .label = More information
 

browser/tools/mozscreenshots/mozscreenshots/extension/configurations/ControlCenter.sys.mjs

@@ -179,40 +179,6 @@ export var ControlCenter = {
       },
     },
 
-    mixedActiveUnblocked: {
-      selectors: CC_SELECTORS,
-      async applyConfig() {
-        let browserWindow =
-          Services.wm.getMostRecentWindow("navigator:browser");
-        let gBrowser = browserWindow.gBrowser;
-        await loadPage(MIXED_ACTIVE_CONTENT_URL);
-        gBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-        await BrowserTestUtils.browserLoaded(
-          gBrowser.selectedBrowser,
-          false,
-          MIXED_ACTIVE_CONTENT_URL
-        );
-        await openIdentityPopup();
-      },
-    },
-
-    mixedActiveUnblockedSubView: {
-      selectors: CC_SELECTORS,
-      async applyConfig() {
-        let browserWindow =
-          Services.wm.getMostRecentWindow("navigator:browser");
-        let gBrowser = browserWindow.gBrowser;
-        await loadPage(MIXED_ACTIVE_CONTENT_URL);
-        gBrowser.ownerGlobal.gIdentityHandler.disableMixedContentProtection();
-        await BrowserTestUtils.browserLoaded(
-          gBrowser.selectedBrowser,
-          false,
-          MIXED_ACTIVE_CONTENT_URL
-        );
-        await openIdentityPopup(true);
-      },
-    },
-
     httpPassword: {
       selectors: CC_SELECTORS,
       async applyConfig() {

devtools/client/webconsole/test/browser/browser_webconsole_block_mixedcontent_securityerrors.js

@@ -6,9 +6,9 @@
 // It then checks that the blocked mixed content warning messages
 // are logged to the console and have the correct "Learn More"
 // url appended to them. After the first test finishes, it invokes
-// a second test that overrides the mixed content blocker settings
+// a second test that disables the mixed content blocker by prefs
-// by clicking on the doorhanger shield and validates that the
+// and validates that the appropriate messages are logged to
-// appropriate messages are logged to console.
+// console.
 // Bug 875456 - Log mixed content messages from the Mixed Content
 // Blocker to the Security Pane in the Web Console.
 
@@ -35,7 +35,13 @@ const displayContentText =
   "secure page";
 
 add_task(async function () {
-  await pushPrefEnv();
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["security.mixed_content.block_active_content", true],
+      ["security.mixed_content.block_display_content", true],
+      ["security.mixed_content.upgrade_display_content", false],
+    ],
+  });
 
   const hud = await openNewTabAndConsole(TEST_URI);
 
@@ -68,8 +74,15 @@ add_task(async function () {
     gIdentityHandler._identityBox.classList.contains("mixedActiveBlocked"),
     "Mixed Active Content state appeared on identity box"
   );
+
   // Disabe mixed content protection.
-  gIdentityHandler.disableMixedContentProtection();
+  await SpecialPowers.pushPrefEnv({
+    set: [
+      ["security.mixed_content.block_active_content", false],
+      ["security.mixed_content.block_display_content", false],
+      ["security.mixed_content.upgrade_display_content", false],
+    ],
+  });
 
   const waitForWarningMessage = text =>
     waitFor(() => findWarningMessage(hud, text), undefined, 100);
@@ -77,6 +90,8 @@ add_task(async function () {
   const onMixedActiveContent = waitForWarningMessage(activeContentText);
   const onMixedDisplayContent = waitForWarningMessage(displayContentText);
 
+  gBrowser.reload();
+
   await onMixedDisplayContent;
   ok(true, "Mixed display content warning message is visible");
 
@@ -91,16 +106,4 @@ add_task(async function () {
     LEARN_MORE_URI,
     `Clicking the provided link opens ${response.link}`
   );
-
-  gIdentityHandler.enableMixedContentProtectionNoReload();
 });
-
-function pushPrefEnv() {
-  const prefs = [
-    ["security.mixed_content.block_active_content", true],
-    ["security.mixed_content.block_display_content", true],
-    ["security.mixed_content.upgrade_display_content", false],
-  ];
-
-  return Promise.all(prefs.map(([pref, value]) => pushPref(pref, value)));
-}

docshell/base/WindowContext.cpp

@@ -239,12 +239,6 @@ bool WindowContext::CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
   return CheckOnlyOwningProcessCanSet(aSource);
 }
 
-bool WindowContext::CanSet(FieldIndex<IDX_AllowMixedContent>,
-                           const bool& aAllowMixedContent,
-                           ContentParent* aSource) {
-  return CheckOnlyOwningProcessCanSet(aSource);
-}
-
 bool WindowContext::CanSet(FieldIndex<IDX_HasBeforeUnload>,
                            const bool& aHasBeforeUnload,
                            ContentParent* aSource) {

docshell/base/WindowContext.h

@@ -62,9 +62,6 @@ class BrowsingContextGroup;
   /* Mixed-Content: If the corresponding documentURI is https,           \
    * then this flag is true. */                                          \
   FIELD(IsSecure, bool)                                                  \
-  /* Whether the user has overriden the mixed content blocker to allow   \
-   * mixed content loads to happen */                                    \
-  FIELD(AllowMixedContent, bool)                                         \
   /* Whether this window has registered a "beforeunload" event           \
    * handler */                                                          \
   FIELD(HasBeforeUnload, bool)                                           \
@@ -274,8 +271,6 @@ class WindowContext : public nsISupports, public nsWrapperCache {
   // Overload `CanSet` to get notifications for a particular field being set.
   bool CanSet(FieldIndex<IDX_IsSecure>, const bool& aIsSecure,
               ContentParent* aSource);
-  bool CanSet(FieldIndex<IDX_AllowMixedContent>, const bool& aAllowMixedContent,
-              ContentParent* aSource);
 
   bool CanSet(FieldIndex<IDX_HasBeforeUnload>, const bool& aHasBeforeUnload,
               ContentParent* aSource);

dom/ipc/WindowGlobalActor.cpp

@@ -121,19 +121,6 @@ WindowGlobalInit WindowGlobalActor::WindowInitializer(
 
   // Initialize top level permission fields
   if (aWindow->GetBrowsingContext()->IsTop()) {
-    fields.Get<Indexes::IDX_AllowMixedContent>() = [&] {
-      uint32_t permit = nsIPermissionManager::UNKNOWN_ACTION;
-      nsCOMPtr<nsIPermissionManager> permissionManager =
-          components::PermissionManager::Service();
-
-      if (permissionManager) {
-        permissionManager->TestPermissionFromPrincipal(
-            init.principal(), "mixed-content"_ns, &permit);
-      }
-
-      return permit == nsIPermissionManager::ALLOW_ACTION;
-    }();
-
     fields.Get<Indexes::IDX_ShortcutsPermission>() =
         nsGlobalWindowInner::GetShortcutsPermission(init.principal());
   }

dom/security/nsMixedContentBlocker.cpp

@@ -824,7 +824,6 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   // Content
   WindowContext* topWC = requestingWindow->TopWindowContext();
   bool rootHasSecureConnection = topWC->GetIsSecure();
-  bool allowMixedContent = topWC->GetAllowMixedContent();
 
   // When navigating an iframe, the iframe may be https but its parents may not
   // be. Check the parents to see if any of them are https. If none of the
@@ -897,8 +896,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   // If the content is display content, and the pref says display content should
   // be blocked, block it.
   if (classification == eMixedDisplay) {
-    if (!StaticPrefs::security_mixed_content_block_display_content() ||
+    if (!StaticPrefs::security_mixed_content_block_display_content()) {
-        allowMixedContent) {
       *aDecision = nsIContentPolicy::ACCEPT;
       // User has overriden the pref and the root is not https;
       // mixed display content was allowed on an https subframe.
@@ -916,8 +914,7 @@ nsresult nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
     MOZ_ASSERT(classification == eMixedScript);
     // If the content is active content, and the pref says active content should
     // be blocked, block it unless the user has choosen to override the pref
-    if (!StaticPrefs::security_mixed_content_block_active_content() ||
+    if (!StaticPrefs::security_mixed_content_block_active_content()) {
-        allowMixedContent) {
       *aDecision = nsIContentPolicy::ACCEPT;
       // User has already overriden the pref and the root is not https;
       // mixed active content was allowed on an https subframe.