diff --git a/.eslintrc.js b/.eslintrc.js
index 1d64db6b42ad..a1404f8309e6 100644
--- a/.eslintrc.js
+++ b/.eslintrc.js
@@ -1492,8 +1492,6 @@ module.exports = {
"dom/security/test/csp/file_bug941404.html",
"dom/security/test/csp/file_frameancestors_main.js",
"dom/security/test/csp/file_main.js",
- "dom/security/test/csp/file_navigate_to.html",
- "dom/security/test/csp/file_navigate_to_request.html",
"dom/security/test/csp/file_null_baseuri.html",
"dom/security/test/csp/file_path_matching_redirect_server.sjs",
"dom/security/test/csp/file_punycode_host_src.sjs",
@@ -1516,7 +1514,6 @@ module.exports = {
"dom/security/test/csp/test_blocked_uri_in_reports.html",
"dom/security/test/csp/test_blocked_uri_in_violation_event_after_redirects.html",
"dom/security/test/csp/test_blocked_uri_redirect_frame_src.html",
- "dom/security/test/csp/test_navigate_to.html",
"dom/security/test/csp/test_null_baseuri.html",
"dom/security/test/csp/test_path_matching.html",
"dom/security/test/csp/test_report_for_import.html",
diff --git a/devtools/client/webconsole/test/browser/_webconsole.ini b/devtools/client/webconsole/test/browser/_webconsole.ini
index a8c8d520f468..5e4dc8e9c87d 100644
--- a/devtools/client/webconsole/test/browser/_webconsole.ini
+++ b/devtools/client/webconsole/test/browser/_webconsole.ini
@@ -134,7 +134,6 @@ support-files =
test-message-categories-workers.html
test-message-categories-workers.js
test-mixedcontent-securityerrors.html
- test-navigate-to-parse-error.html
test-network-exceptions.html
test-network-request.html
test-network.html
@@ -373,7 +372,6 @@ fail-if = a11y_checks # bug 1687728 frame-link-filename is not accessible
[browser_webconsole_multiple_windows_and_tabs.js]
skip-if =
win11_2009 # Bug 1798331
-[browser_webconsole_navigate_to_parse_error.js]
[browser_webconsole_network_attach.js]
[browser_webconsole_network_exceptions.js]
[browser_webconsole_network_message_close_on_escape.js]
diff --git a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js b/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js
deleted file mode 100644
index 61930ed43998..000000000000
--- a/devtools/client/webconsole/test/browser/browser_webconsole_navigate_to_parse_error.js
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Any copyright is dedicated to the Public Domain.
- * http://creativecommons.org/publicdomain/zero/1.0/ */
-
-// Tests that ensure CSP 'navigate-to' does not parse.
-// Bug 1566149
-
-"use strict";
-
-const TEST_URI =
- "data:text/html;charset=utf8,Web Console navigate-to parse error test";
-const TEST_VIOLATION =
- "https://example.com/browser/devtools/client/webconsole/" +
- "test/browser/test-navigate-to-parse-error.html";
-
-const CSP_VIOLATION_MSG =
- "Content-Security-Policy: Couldn\u2019t process unknown directive \u2018navigate-to\u2019";
-
-add_task(async function () {
- const hud = await openNewTabAndConsole(TEST_URI);
- await clearOutput(hud);
-
- const onCSPViolationMessage = waitForMessageByType(
- hud,
- CSP_VIOLATION_MSG,
- ".warn"
- );
- await navigateTo(TEST_VIOLATION);
- await onCSPViolationMessage;
- ok(true, "Received expected violation message");
-});
diff --git a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html b/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html
deleted file mode 100644
index e806ea949897..000000000000
--- a/devtools/client/webconsole/test/browser/test-navigate-to-parse-error.html
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
-
-
- Test for Bug 1566149 - Write test to ensure CSP 'navigate-to' does not parse
-
-
-
-Mozilla Bug 1566149
-
-
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 543fa3af44aa..5caf338389cc 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3544,8 +3544,7 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
CopyUTF8toUTF16(host, *formatStrs.AppendElement());
error = "netTimeout";
} else if (NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION == aError ||
- NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError ||
- NS_ERROR_CSP_NAVIGATE_TO_VIOLATION == aError) {
+ NS_ERROR_CSP_FORM_ACTION_VIOLATION == aError) {
// CSP error
cssClass.AssignLiteral("neterror");
error = "cspBlocked";
@@ -10573,22 +10572,6 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
NS_ADDREF(*aRequest = channel);
}
- nsCOMPtr csp = aLoadState->Csp();
- if (csp) {
- // Check CSP navigate-to
- bool allowsNavigateTo = false;
- rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
- aLoadState->IsFormSubmission(),
- false, /* aWasRedirected */
- false, /* aEnforceWhitelist */
- &allowsNavigateTo);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (!allowsNavigateTo) {
- return NS_ERROR_CSP_NAVIGATE_TO_VIOLATION;
- }
- }
-
const nsACString& typeHint = aLoadState->TypeHint();
if (!typeHint.IsVoid()) {
mContentTypeHint = typeHint;
diff --git a/docshell/base/nsDocShellLoadState.h b/docshell/base/nsDocShellLoadState.h
index a1e0416409e0..c5bbbfc2ec28 100644
--- a/docshell/base/nsDocShellLoadState.h
+++ b/docshell/base/nsDocShellLoadState.h
@@ -469,8 +469,7 @@ class nsDocShellLoadState final {
bool mOriginalFrameSrc;
// If this attribute is true, then the load was initiated by a
- // form submission. This is important to know for the CSP directive
- // navigate-to.
+ // form submission.
bool mIsFormSubmission;
// Contains a load type as specified by the nsDocShellLoadTypes::load*
diff --git a/docshell/base/nsDocShellTelemetryUtils.cpp b/docshell/base/nsDocShellTelemetryUtils.cpp
index cd78e3bce529..bd4ed865bd70 100644
--- a/docshell/base/nsDocShellTelemetryUtils.cpp
+++ b/docshell/base/nsDocShellTelemetryUtils.cpp
@@ -58,10 +58,6 @@ static const LoadErrorTelemetryResult sResult[] = {
NS_ERROR_CSP_FORM_ACTION_VIOLATION,
ErrorLabel::CSP_FORM_ACTION,
},
- {
- NS_ERROR_CSP_NAVIGATE_TO_VIOLATION,
- ErrorLabel::CSP_NAVIGATE_TO,
- },
{
NS_ERROR_XFO_VIOLATION,
ErrorLabel::XFO_VIOLATION,
diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
index 43d081809478..14deb9eb7c09 100644
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -3569,25 +3569,6 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
rv = InitCOEP(aChannel);
NS_ENSURE_SUCCESS(rv, rv);
- // Check CSP navigate-to
- // We need to enforce the CSP of the document that initiated the load,
- // which is the CSP to inherit.
- nsCOMPtr cspToInherit = loadInfo->GetCspToInherit();
- if (cspToInherit) {
- bool allowsNavigateTo = false;
- rv = cspToInherit->GetAllowsNavigateTo(
- mDocumentURI, loadInfo->GetIsFormSubmission(),
- !loadInfo->RedirectChain().IsEmpty(), /* aWasRedirected */
- true, /* aEnforceWhitelist */
- &allowsNavigateTo);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (!allowsNavigateTo) {
- aChannel->Cancel(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
- return NS_OK;
- }
- }
-
rv = InitCSP(aChannel);
NS_ENSURE_SUCCESS(rv, rv);
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
index 827849b77b77..34e68d51597d 100644
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ b/dom/interfaces/security/nsIContentSecurityPolicy.idl
@@ -61,11 +61,10 @@ interface nsIContentSecurityPolicy : nsISerializable
BLOCK_ALL_MIXED_CONTENT = 18,
SANDBOX_DIRECTIVE = 19,
WORKER_SRC_DIRECTIVE = 20,
- NAVIGATE_TO_DIRECTIVE = 21,
- SCRIPT_SRC_ELEM_DIRECTIVE = 22,
- SCRIPT_SRC_ATTR_DIRECTIVE = 23,
- STYLE_SRC_ELEM_DIRECTIVE = 24,
- STYLE_SRC_ATTR_DIRECTIVE = 25,
+ SCRIPT_SRC_ELEM_DIRECTIVE = 21,
+ SCRIPT_SRC_ATTR_DIRECTIVE = 22,
+ STYLE_SRC_ELEM_DIRECTIVE = 23,
+ STYLE_SRC_ATTR_DIRECTIVE = 24,
};
/**
@@ -154,24 +153,6 @@ interface nsIContentSecurityPolicy : nsISerializable
in unsigned long aLineNumber,
in unsigned long aColumnNumber);
- /*
- * Whether this policy allows a navigation subject to the navigate-to
- * policy.
- * @param aURI The target URI
- * @param aIsFormSubmission True if the navigation was initiated by a form submission. This
- * is important since the form-action directive overrides navigate-to in that case.
- * @param aWasRedirect True if a redirect has happened. Important for path-sensitivity.
- * @param aEnforceAllowlist True if the allowlist of allowed targets must be enforced. If
- * this is true, the allowlist must be enforced even if 'unsafe-allow-redirects' is
- * used. If 'unsafe-allow-redirects' is not used then the allowlist is always enforced
- * @return
- * Whether or not the effects of the navigation is allowed
- */
- boolean getAllowsNavigateTo(in nsIURI aURI,
- in boolean aIsFormSubmission,
- in boolean aWasRedirected,
- in boolean aEnforceAllowlist);
-
/**
* Whether this policy allows eval and eval-like functions
* such as setTimeout("code string", time).
diff --git a/dom/security/nsCSPContext.cpp b/dom/security/nsCSPContext.cpp
index d624083ab246..fa24043a1a71 100644
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -671,93 +671,6 @@ nsCSPContext::GetAllowsInline(CSPDirective aDirective, bool aHasUnsafeHash,
return NS_OK;
}
-NS_IMETHODIMP
-nsCSPContext::GetAllowsNavigateTo(nsIURI* aURI, bool aIsFormSubmission,
- bool aWasRedirected, bool aEnforceAllowlist,
- bool* outAllowsNavigateTo) {
- /*
- * The matrix below shows the different values of (aWasRedirect,
- * aEnforceAllowlist) for the three different checks we do.
- *
- * Navigation | Start Loading | Initiate Redirect | Document
- * | (nsDocShell) | (nsCSPService) |
- * -----------------------------------------------------------------
- * A -> B (false,false) - (false,true)
- * A -> ... -> B (false,false) (true,false) (true,true)
- */
- *outAllowsNavigateTo = false;
-
- EnsureIPCPoliciesRead();
- // The 'form-action' directive overrules 'navigate-to' for form submissions.
- // So in case this is a form submission and the directive 'form-action' is
- // present then there is nothing for us to do here, see: 6.3.3.1.2
- // https://www.w3.org/TR/CSP3/#navigate-to-pre-navigate
- if (aIsFormSubmission) {
- for (unsigned long i = 0; i < mPolicies.Length(); i++) {
- if (mPolicies[i]->hasDirective(
- nsIContentSecurityPolicy::FORM_ACTION_DIRECTIVE)) {
- *outAllowsNavigateTo = true;
- return NS_OK;
- }
- }
- }
-
- bool atLeastOneBlock = false;
- for (unsigned long i = 0; i < mPolicies.Length(); i++) {
- if (!mPolicies[i]->allowsNavigateTo(aURI, aWasRedirected,
- aEnforceAllowlist)) {
- if (!mPolicies[i]->getReportOnlyFlag()) {
- atLeastOneBlock = true;
- }
-
- // If the load encountered a server side redirect, the spec suggests to
- // remove the path component from the URI, see:
- // https://www.w3.org/TR/CSP3/#source-list-paths-and-redirects
- nsCOMPtr blockedURIForReporting = aURI;
- if (aWasRedirected) {
- nsAutoCString prePathStr;
- nsCOMPtr prePathURI;
- nsresult rv = aURI->GetPrePath(prePathStr);
- NS_ENSURE_SUCCESS(rv, rv);
- rv = NS_NewURI(getter_AddRefs(blockedURIForReporting), prePathStr);
- NS_ENSURE_SUCCESS(rv, rv);
- }
-
- // Lines numbers and source file for the violation report
- uint32_t lineNumber = 0;
- uint32_t columnNumber = 0;
- nsAutoCString spec;
- JSContext* cx = nsContentUtils::GetCurrentJSContext();
- if (cx) {
- nsJSUtils::GetCallingLocation(cx, spec, &lineNumber, &columnNumber);
- // If GetCallingLocation fails linenumber & columnNumber are set to 0
- // anyway so we can skip checking if that is the case.
- }
-
- // Report the violation
- nsresult rv = AsyncReportViolation(
- nullptr, // aTriggeringElement
- nullptr, // aCSPEventListener
- blockedURIForReporting, // aBlockedURI
- nsCSPContext::BlockedContentSource::eSelf, // aBlockedSource
- nullptr, // aOriginalURI
- u"navigate-to"_ns, // aViolatedDirective
- u"navigate-to"_ns, // aEffectiveDirective
- i, // aViolatedPolicyIndex
- u""_ns, // aObserverSubject
- NS_ConvertUTF8toUTF16(spec), // aSourceFile
- false, // aReportSample
- u""_ns, // aScriptSample
- lineNumber, // aLineNum
- columnNumber); // aColumnNum
- NS_ENSURE_SUCCESS(rv, rv);
- }
- }
-
- *outAllowsNavigateTo = !atLeastOneBlock;
- return NS_OK;
-}
-
/**
* For each policy, log any violation on the Error Console and send a report
* if a report-uri is present in the policy
diff --git a/dom/security/nsCSPParser.cpp b/dom/security/nsCSPParser.cpp
index 556fae8d3617..7624ffc7aacb 100644
--- a/dom/security/nsCSPParser.cpp
+++ b/dom/security/nsCSPParser.cpp
@@ -467,20 +467,6 @@ nsCSPBaseSrc* nsCSPParser::keywordSource() {
return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
}
- if (CSP_IsKeyword(mCurToken, CSP_UNSAFE_ALLOW_REDIRECTS)) {
- if (!CSP_IsDirective(mCurDir[0],
- nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
- // Only allow 'unsafe-allow-redirects' within navigate-to.
- AutoTArray params = {u"unsafe-allow-redirects"_ns,
- u"navigate-to"_ns};
- logWarningErrorToConsole(nsIScriptError::warningFlag,
- "IgnoringSourceWithinDirective", params);
- return nullptr;
- }
-
- return new nsCSPKeywordSrc(CSP_UTF16KeywordToEnum(mCurToken));
- }
-
return nullptr;
}
@@ -886,18 +872,6 @@ nsCSPDirective* nsCSPParser::directiveName() {
return nullptr;
}
- // Bug 1529068: Implement navigate-to directive.
- // Once all corner cases are resolved we can remove that special
- // if-handling here and let the parser just fall through to
- // return new nsCSPDirective.
- if (directive == nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE &&
- !StaticPrefs::security_csp_enableNavigateTo()) {
- AutoTArray params = {mCurToken};
- logWarningErrorToConsole(nsIScriptError::warningFlag,
- "couldNotProcessUnknownDirective", params);
- return nullptr;
- }
-
// Make sure the directive does not already exist
// (see http://www.w3.org/TR/CSP11/#parsing)
if (mPolicy->hasDirective(directive)) {
diff --git a/dom/security/nsCSPService.cpp b/dom/security/nsCSPService.cpp
index c7c58a37dc01..19574ad81949 100644
--- a/dom/security/nsCSPService.cpp
+++ b/dom/security/nsCSPService.cpp
@@ -310,25 +310,6 @@ nsresult CSPService::ConsultCSPForRedirect(nsIURI* aOriginalURI,
nsIURI* aNewURI,
nsILoadInfo* aLoadInfo,
Maybe& aCancelCode) {
- // Check CSP navigate-to
- // We need to enforce the CSP of the document that initiated the load,
- // which is the CSP to inherit.
- nsCOMPtr cspToInherit =
- aLoadInfo->GetCspToInherit();
- if (cspToInherit) {
- bool allowsNavigateTo = false;
- nsresult rv = cspToInherit->GetAllowsNavigateTo(
- aNewURI, aLoadInfo->GetIsFormSubmission(), true, /* aWasRedirected */
- false, /* aEnforceAllowlist */
- &allowsNavigateTo);
- NS_ENSURE_SUCCESS(rv, rv);
-
- if (!allowsNavigateTo) {
- aCancelCode = Some(NS_ERROR_CSP_NAVIGATE_TO_VIOLATION);
- return NS_OK;
- }
- }
-
// No need to continue processing if CSP is disabled or if the protocol
// is *not* subject to CSP.
// Please note, the correct way to opt-out of CSP using a custom
diff --git a/dom/security/nsCSPUtils.cpp b/dom/security/nsCSPUtils.cpp
index a7b02a55a73c..91330ef555c2 100644
--- a/dom/security/nsCSPUtils.cpp
+++ b/dom/security/nsCSPUtils.cpp
@@ -358,7 +358,6 @@ CSPDirective CSP_ContentTypeToDirective(nsContentPolicyType aType) {
return nsIContentSecurityPolicy::NO_DIRECTIVE;
// Fall through to error for all other directives
- // Note that we should never end up here for navigate-to
case nsIContentPolicy::TYPE_INVALID:
case nsIContentPolicy::TYPE_END:
MOZ_ASSERT(false, "Can not map nsContentPolicyType to CSPDirective");
@@ -1664,31 +1663,6 @@ bool nsCSPPolicy::hasDirective(CSPDirective aDir) const {
return false;
}
-bool nsCSPPolicy::allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
- bool aEnforceAllowlist) const {
- bool allowsNavigateTo = true;
-
- for (unsigned long i = 0; i < mDirectives.Length(); i++) {
- if (mDirectives[i]->equals(
- nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE)) {
- // Early return if we can skip the allowlist AND 'unsafe-allow-redirects'
- // is present.
- if (!aEnforceAllowlist &&
- mDirectives[i]->allows(CSP_UNSAFE_ALLOW_REDIRECTS, u""_ns, false)) {
- return true;
- }
- // Otherwise, check against the allowlist.
- if (!mDirectives[i]->permits(
- nsIContentSecurityPolicy::NAVIGATE_TO_DIRECTIVE, nullptr, aURI,
- u""_ns, aWasRedirected, false, false, false)) {
- allowsNavigateTo = false;
- }
- }
- }
-
- return allowsNavigateTo;
-}
-
/*
* Use this function only after ::allows() returned 'false'. Most and
* foremost it's used to get the violated directive before sending reports.
diff --git a/dom/security/nsCSPUtils.h b/dom/security/nsCSPUtils.h
index 064476855793..d8ad5e808f36 100644
--- a/dom/security/nsCSPUtils.h
+++ b/dom/security/nsCSPUtils.h
@@ -89,7 +89,6 @@ static const char* CSPStrDirectives[] = {
"block-all-mixed-content", // BLOCK_ALL_MIXED_CONTENT
"sandbox", // SANDBOX_DIRECTIVE
"worker-src", // WORKER_SRC_DIRECTIVE
- "navigate-to", // NAVIGATE_TO_DIRECTIVE
"script-src-elem", // SCRIPT_SRC_ELEM_DIRECTIVE
"script-src-attr", // SCRIPT_SRC_ATTR_DIRECTIVE
"style-src-elem", // STYLE_SRC_ELEM_DIRECTIVE
@@ -113,16 +112,15 @@ inline CSPDirective CSP_StringToCSPDirective(const nsAString& aDir) {
return nsIContentSecurityPolicy::NO_DIRECTIVE;
}
-#define FOR_EACH_CSP_KEYWORD(MACRO) \
- MACRO(CSP_SELF, "'self'") \
- MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
- MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
- MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
- MACRO(CSP_NONE, "'none'") \
- MACRO(CSP_NONCE, "'nonce-") \
- MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
- MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
- MACRO(CSP_UNSAFE_ALLOW_REDIRECTS, "'unsafe-allow-redirects'") \
+#define FOR_EACH_CSP_KEYWORD(MACRO) \
+ MACRO(CSP_SELF, "'self'") \
+ MACRO(CSP_UNSAFE_INLINE, "'unsafe-inline'") \
+ MACRO(CSP_UNSAFE_EVAL, "'unsafe-eval'") \
+ MACRO(CSP_UNSAFE_HASHES, "'unsafe-hashes'") \
+ MACRO(CSP_NONE, "'none'") \
+ MACRO(CSP_NONCE, "'nonce-") \
+ MACRO(CSP_REPORT_SAMPLE, "'report-sample'") \
+ MACRO(CSP_STRICT_DYNAMIC, "'strict-dynamic'") \
MACRO(CSP_WASM_UNSAFE_EVAL, "'wasm-unsafe-eval'")
enum CSPKeyword {
@@ -692,9 +690,6 @@ class nsCSPPolicy {
bool visitDirectiveSrcs(CSPDirective aDir, nsCSPSrcVisitor* aVisitor) const;
- bool allowsNavigateTo(nsIURI* aURI, bool aWasRedirected,
- bool aEnforceAllowlist) const;
-
private:
nsUpgradeInsecureDirective* mUpgradeInsecDir;
nsTArray mDirectives;
diff --git a/dom/security/test/csp/file_navigate_to.html b/dom/security/test/csp/file_navigate_to.html
deleted file mode 100644
index f6ea36d389f9..000000000000
--- a/dom/security/test/csp/file_navigate_to.html
+++ /dev/null
@@ -1,11 +0,0 @@
-
-
-
- Bug 1529068 Implement CSP 'navigate-to' directive
-
-
-
-
-
diff --git a/dom/security/test/csp/file_navigate_to.sjs b/dom/security/test/csp/file_navigate_to.sjs
deleted file mode 100644
index d1cffb74ccc1..000000000000
--- a/dom/security/test/csp/file_navigate_to.sjs
+++ /dev/null
@@ -1,58 +0,0 @@
-// Custom *.sjs file specifically for the needs of
-// https://bugzilla.mozilla.org/show_bug.cgi?id=1529068
-
-"use strict";
-Components.utils.importGlobalProperties(["URLSearchParams"]);
-
-const TEST_NAVIGATION_HEAD = `
-
-
-
- Bug 1529068 Implement CSP 'navigate-to' directive`;
-
-const TEST_NAVIGATION_AFTER_META = `
-
-
-
-
-
- `;
-
-function handleRequest(request, response) {
- const query = new URLSearchParams(request.queryString);
-
- response.setHeader("Cache-Control", "no-cache", false);
- response.setHeader("Content-Type", "text/html", false);
-
- if (query.get("redir")) {
- response.setStatusLine(request.httpVersion, "302", "Found");
- response.setHeader("Location", query.get("redir"), false);
- return;
- }
-
- response.write(TEST_NAVIGATION_HEAD);
-
- // We need meta to set multiple CSP headers.
- if (query.get("csp")) {
- response.write(
- ''
- );
- }
- if (query.get("csp2")) {
- response.write(
- ''
- );
- }
-
- response.write(
- TEST_NAVIGATION_AFTER_META + query.get("target") + TEST_NAVIGATION_FOOT
- );
-}
diff --git a/dom/security/test/csp/file_navigate_to_request.html b/dom/security/test/csp/file_navigate_to_request.html
deleted file mode 100644
index 4f82525599f3..000000000000
--- a/dom/security/test/csp/file_navigate_to_request.html
+++ /dev/null
@@ -1,17 +0,0 @@
-
-
-
-
-
-
-
-
-
diff --git a/dom/security/test/csp/mochitest.ini b/dom/security/test/csp/mochitest.ini
index 319e7cff7139..bec8f5861268 100644
--- a/dom/security/test/csp/mochitest.ini
+++ b/dom/security/test/csp/mochitest.ini
@@ -723,14 +723,6 @@ support-files =
file_iframe_parent_location_js.html
skip-if =
fission && os == "android" # Bug 1827756
-[test_navigate_to.html]
-support-files =
- file_navigate_to.sjs
- file_navigate_to_request.html
-skip-if =
- http3
- http2
- fission && os == "android" # Bug 1827756
[test_independent_iframe_csp.html]
skip-if =
fission && os == "android" # Bug 1827756
diff --git a/dom/security/test/csp/test_navigate_to.html b/dom/security/test/csp/test_navigate_to.html
deleted file mode 100644
index 357b35bb05f0..000000000000
--- a/dom/security/test/csp/test_navigate_to.html
+++ /dev/null
@@ -1,158 +0,0 @@
-
-
-
- Bug 1529068 Implement CSP 'navigate-to' directive
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/dom/security/test/gtest/TestCSPParser.cpp b/dom/security/test/gtest/TestCSPParser.cpp
index 735a6c7502a5..08eaecaa7cc7 100644
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -150,11 +150,8 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
uint32_t aExpectedPolicyCount) {
nsresult rv;
nsCOMPtr prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
- bool navigateTo = false;
bool wasmUnsafeEval = false;
if (prefs) {
- prefs->GetBoolPref("security.csp.enableNavigateTo", &navigateTo);
- prefs->SetBoolPref("security.csp.enableNavigateTo", true);
prefs->GetBoolPref("security.csp.wasm-unsafe-eval.enabled",
&wasmUnsafeEval);
prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", true);
@@ -167,7 +164,6 @@ nsresult runTestSuite(const PolicyTest* aPolicies, uint32_t aPolicyCount,
}
if (prefs) {
- prefs->SetBoolPref("security.csp.enableNavigateTo", navigateTo);
prefs->SetBoolPref("security.csp.wasm-unsafe-eval.enabled", wasmUnsafeEval);
}
@@ -222,10 +218,6 @@ TEST(CSPParser, Directives)
"worker-src https://example.com" },
{ "worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com",
"worker-src http://worker.com; frame-src http://frame.com; child-src http://child.com" },
- { "navigate-to http://example.com",
- "navigate-to http://example.com"},
- { "navigate-to 'unsafe-allow-redirects' http://example.com",
- "navigate-to 'unsafe-allow-redirects' http://example.com"},
{ "script-src 'unsafe-allow-redirects' http://example.com",
"script-src http://example.com"},
// clang-format on
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
index f5bc90443c0a..45974ce6c371 100644
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@@ -13799,12 +13799,6 @@
value: true
mirror: always
-# Navigate-to CSP 3 directive
-- name: security.csp.enableNavigateTo
- type: bool
- value: false
- mirror: always
-
# wasm-unsafe-eval source keyword
- name: security.csp.wasm-unsafe-eval.enabled
type: bool
diff --git a/netwerk/base/nsILoadInfo.idl b/netwerk/base/nsILoadInfo.idl
index f3f8304a1b88..804767b6eae5 100644
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -673,7 +673,6 @@ interface nsILoadInfo : nsISupports
/**
* True if the load was initiated by a form request.
- * This is important to know to handle the CSP directive navigate-to.
*/
[infallible] attribute boolean isFormSubmission;
diff --git a/netwerk/ipc/DocumentLoadListener.cpp b/netwerk/ipc/DocumentLoadListener.cpp
index 7ce1ef0a864b..b4a6664ca6c1 100644
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@@ -975,19 +975,6 @@ auto DocumentLoadListener::OpenInParent(nsDocShellLoadState* aLoadState,
return nullptr;
}
- if (nsCOMPtr csp = aLoadState->Csp()) {
- // Check CSP navigate-to
- bool allowsNavigateTo = false;
- nsresult rv = csp->GetAllowsNavigateTo(aLoadState->URI(),
- aLoadState->IsFormSubmission(),
- false, /* aWasRedirected */
- false, /* aEnforceWhitelist */
- &allowsNavigateTo);
- if (NS_FAILED(rv) || !allowsNavigateTo) {
- return nullptr;
- }
- }
-
// Clone because this mutates the load flags in the load state, which
// breaks nsDocShells expectations of being able to do it.
RefPtr loadState = new nsDocShellLoadState(*aLoadState);
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
index a2f33529566f..a9157fbc6a9f 100644
--- a/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
+++ b/testing/web-platform/meta/content-security-policy/navigate-to/__dir__.ini
@@ -1,4 +1 @@
-prefs: [security.csp.enableNavigateTo:true]
-disabled:
- if os == "win": https://bugzilla.mozilla.org/show_bug.cgi?id=1450635
-lsan-allowed: [Alloc, AllocateProtoAndIfaceCache, CallFromStack, CallJSNative, CallResolveOp, DelazifyCanonicalScriptedFunction, EnterJit, InternalCall, JS::Call, JSFunction::delazifyLazilyInterpretedFunction, MakeLinearStringForAtomization, ProtoAndIfaceCache, addDataProperty, alloc::raw_vec::finish_grow, applyImpl, js::RunScript, js::frontend::CompilationStencil::instantiateStencilsAfterPreparation, js_new, js_pod_arena_malloc, maybeCreateCacheForLookup, mozilla::EventDispatcher::Dispatch, mozilla::EventListenerManager::HandleEventInternal, mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal, mozilla::detail::HashTable, mozilla::detail::RunnableFunction, mozilla::dom::PContentChild::OnMessageReceived, mozilla::dom::Performance::CreateForMainThread, mozilla::dom::PerformanceMainThread::CreateNavigationTimingEntry, mozilla::dom::ProtoAndIfaceCache::PageTableCache::EntrySlotOrCreate, mozilla::dom::ScriptLoader::CreateLoadRequest, mozilla::dom::ScriptLoader::EvaluateScript, mozilla::intl::FluentBundle::Constructor, mozilla::intl::FluentResource::Constructor, mozilla::ipc::MessageChannel::RunMessage, mozilla::net::nsStandardURL::TemplatedMutator, nsDocumentOpenInfo::TryContentListener, nsDynamicAtom::Create, nsPresContext::NotifyContentfulPaint, nsThread::ProcessNextEvent, operator, search, unknown stack]
+disabled: true
\ No newline at end of file
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
deleted file mode 100644
index d78f9d922d46..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-allowed.html.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[child-navigates-parent-allowed.html]
- disabled:
- if os == "linux": https://bugzilla.mozilla.org/show_bug.cgi?id=1450660
-
- expected: TIMEOUT
-
- [Test that the child can navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child, which has the policy `navigate-to 'self'`)]
- expected: NOTRUN
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
deleted file mode 100644
index 1c5507d9a75e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/child-navigates-parent-blocked.sub.html.ini
+++ /dev/null
@@ -1,8 +0,0 @@
-[child-navigates-parent-blocked.sub.html]
- expected: TIMEOUT
- [Violation report status OK.]
- expected: FAIL
-
- [Test that the child can't navigate the parent because the relevant policy belongs to the navigation initiator (in this case the child which has the policy `navigate-to 'none'`)]
- expected: NOTRUN
-
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
deleted file mode 100644
index 9e2a1d94a307..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-allows.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[form-action-blocks-navigate-to-allows.sub.html]
- [Test that form-action overrides navigate-to when present.]
- expected: FAIL
-
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
deleted file mode 100644
index 60129ed9d57d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-action/form-action-blocks-navigate-to-blocks.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[form-action-blocks-navigate-to-blocks.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
- [Test that form-action overrides navigate-to when present.]
- expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
deleted file mode 100644
index 2f1bbca0b863..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-blocked.sub.html.ini
+++ /dev/null
@@ -1,9 +0,0 @@
-[form-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
- [Test that the child iframe navigation is not allowed]
- expected: FAIL
-
- [Violation report status OK.]
- expected:
- if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 31c50b28804e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[form-cross-origin-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
- [Test that the child iframe navigation is not allowed]
- expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
deleted file mode 100644
index e13832a88048..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/form-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[form-redirected-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
deleted file mode 100644
index 0416d153e3cb..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-allowed.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
deleted file mode 100644
index a5b851165841..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-blocked.sub.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[href-location-blocked.sub.html]
- [Violation report status OK.]
- expected:
- if (os == "android") and debug and swgl: [PASS, FAIL]
- if (os == "android") and debug and not swgl: [FAIL, PASS]
- if (os == "android") and not debug: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 8958f54ddeae..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-cross-origin-allowed.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 809f776856c8..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-cross-origin-blocked.sub.html]
- disabled:
- if os == "android": Passes on debug but fails on optimized
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
deleted file mode 100644
index 56897589aa6d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-redirected-allowed.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
deleted file mode 100644
index e65075322e37..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/href-location-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[href-location-redirected-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
deleted file mode 100644
index 31bdc49265eb..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-allowed.html]
- expected:
- if (os == "android") and fission: [TIMEOUT, OK]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
deleted file mode 100644
index 69decb5e51bf..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-blocked.sub.html.ini
+++ /dev/null
@@ -1,11 +0,0 @@
-[link-click-blocked.sub.html]
- expected:
- if fission and (os == "linux") and not debug: [OK, TIMEOUT]
- if fission and (os == "android"): [OK, TIMEOUT]
- [Test that the child iframe navigation is not allowed]
- expected:
- if (os == "linux") and not debug and fission: [PASS, NOTRUN]
-
- [Violation report status OK.]
- expected:
- if (os == "linux") and not debug and fission: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 13f264797508..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-cross-origin-allowed.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index ce667bffc4e2..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[link-click-cross-origin-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
deleted file mode 100644
index 3d09bedd5718..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-allowed.html.ini
+++ /dev/null
@@ -1,5 +0,0 @@
-[link-click-redirected-allowed.html]
- disabled:
- if os == "win": Bug 1440584
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
deleted file mode 100644
index dead79e0d0fe..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/link-click-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[link-click-redirected-blocked.sub.html]
- [Violation report status OK.]
- expected:
- if debug and (os == "linux") and not fission and not swgl: [PASS, FAIL]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
deleted file mode 100644
index 6398d9b5f824..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-allowed.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
deleted file mode 100644
index d54aa48aafcd..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
deleted file mode 100644
index 6c67fc19ced2..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-allowed.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-cross-origin-allowed.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
deleted file mode 100644
index 07ff849d4d7e..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-cross-origin-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-cross-origin-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
deleted file mode 100644
index 5beb83a1c4e8..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-redirected-allowed.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
deleted file mode 100644
index 35264132b126..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/meta-refresh-redirected-blocked.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[meta-refresh-redirected-blocked.sub.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
deleted file mode 100644
index b169d939dc1d..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-allowed.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[parent-navigates-child-allowed.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
deleted file mode 100644
index d4c0fa1e3c14..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/parent-navigates-child-blocked.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[parent-navigates-child-blocked.html]
- expected:
- if (os == "android") and fission: [OK, TIMEOUT]
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
deleted file mode 100644
index d7d5d787aaf0..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/spv-only-sent-to-initiator.sub.html.ini
+++ /dev/null
@@ -1,17 +0,0 @@
-[spv-only-sent-to-initiator.sub.html]
- expected:
- if fission and (os == "linux") and debug and not swgl: [TIMEOUT, OK]
- if fission and (os == "linux") and debug and swgl: [TIMEOUT, OK]
- if fission and (os == "linux") and not debug and (processor == "x86_64"): [TIMEOUT, OK]
- if fission and (os == "mac") and debug: [TIMEOUT, OK]
- [OK, TIMEOUT]
- [Test that no spv event is raised]
- expected:
- if fission and (os == "linux") and not debug and (processor == "x86_64"): [NOTRUN, FAIL]
- if fission and (os == "linux") and debug and not swgl: [NOTRUN, FAIL]
- if fission and (os == "linux") and debug and swgl: [NOTRUN, FAIL]
- if fission and (os == "mac") and debug: [NOTRUN, FAIL]
- [FAIL, NOTRUN]
-
- [Violation report status OK.]
- expected: FAIL
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
deleted file mode 100644
index 50b69647119b..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/allowed-end-of-chain-because-of-same-origin.sub.html.ini
+++ /dev/null
@@ -1,3 +0,0 @@
-[allowed-end-of-chain-because-of-same-origin.sub.html]
- disabled:
- if (os == "android"): https://bugzilla.mozilla.org/show_bug.cgi?id=1511193
diff --git a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini b/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
deleted file mode 100644
index d912e96f1d4c..000000000000
--- a/testing/web-platform/meta/content-security-policy/navigate-to/unsafe-allow-redirects/blocked-end-of-chain.sub.html.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-[blocked-end-of-chain.sub.html]
- expected: TIMEOUT
-
- [Test that the child iframe navigation is blocked]
- expected: NOTRUN
-
diff --git a/xpcom/base/ErrorList.py b/xpcom/base/ErrorList.py
index 434c3d00565f..8b854fef8bc2 100755
--- a/xpcom/base/ErrorList.py
+++ b/xpcom/base/ErrorList.py
@@ -894,9 +894,8 @@ with modules["SECURITY"]:
errors["NS_ERROR_XFO_VIOLATION"] = FAILURE(96)
# Error code for CSP
- errors["NS_ERROR_CSP_NAVIGATE_TO_VIOLATION"] = FAILURE(97)
- errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(98)
- errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(99)
+ errors["NS_ERROR_CSP_FORM_ACTION_VIOLATION"] = FAILURE(97)
+ errors["NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION"] = FAILURE(98)
# Error code for Sub-Resource Integrity
errors["NS_ERROR_SRI_CORRUPT"] = FAILURE(200)