diff --git a/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs
new file mode 100644
index 000000000000..1dc2ac86d984
--- /dev/null
+++ b/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs
@@ -0,0 +1,50 @@
+// Custom *.sjs file specifically for the needs of Bug 1452496
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
+
+const FRAME = `
+
+
+
+ Bug 1452496 - Do not allow same-site cookies in cross site context
+
+
+
+
+ `;
+
+function handleRequest(request, response)
+{
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+
+ if (request.queryString === "setSameSiteCookie") {
+ response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString === "setRegularCookie") {
+ response.setHeader("Set-Cookie", "myKey=regularCookie;", true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ if (request.queryString === "loadFrame") {
+ response.write(FRAME);
+ return;
+ }
+
+ // we should never get here, but just in case return something unexpected
+ response.write("D'oh");
+}
diff --git a/dom/security/test/general/mochitest.ini b/dom/security/test/general/mochitest.ini
index 5f4f197cd3ef..a6e56b071efd 100644
--- a/dom/security/test/general/mochitest.ini
+++ b/dom/security/test/general/mochitest.ini
@@ -10,6 +10,7 @@ support-files =
file_block_subresource_redir_to_data.sjs
file_same_site_cookies_subrequest.sjs
file_same_site_cookies_toplevel_nav.sjs
+ file_same_site_cookies_cross_origin_context.sjs
[test_contentpolicytype_targeted_link_iframe.html]
[test_nosniff.html]
@@ -25,3 +26,4 @@ skip-if = toolkit == 'android'
[test_block_subresource_redir_to_data.html]
[test_same_site_cookies_subrequest.html]
[test_same_site_cookies_toplevel_nav.html]
+[test_same_site_cookies_cross_origin_context.html]
diff --git a/dom/security/test/general/test_same_site_cookies_cross_origin_context.html b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
new file mode 100644
index 000000000000..1f530029c38f
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
@@ -0,0 +1,87 @@
+
+
+
+ Bug 1452496 - Do not allow same-site cookies in cross site context
+
+
+
+
+
+
+
+
+
+