Bug 1220810 - Hardcode localhost to loopback, r=ckerschb,necko-reviewers,dragana

This patch make localhost addresses resolve to a loopback address, thereby ensuring that we can safely treat http://localhost/ and http://*.localhost/ as "Potentially Trustworthy". This addresses various bug reports from developers and aligns with specifications. See https://groups.google.com/g/mozilla.dev.platform/c/sZdEYTiEBdE Differential Revision: https://phabricator.services.mozilla.com/D92716
2020-10-22 07:36:15 +00:00 · 2020-10-22 07:36:15 +00:00 · 70d15af587
--- a/docshell/test/browser/browser_badCertDomainFixup.js
+++ b/docshell/test/browser/browser_badCertDomainFixup.js
@ -9,6 +9,8 @@

 const PREF_BAD_CERT_DOMAIN_FIX_ENABLED =
  "security.bad_cert_domain_error.url_fix_enabled";
+const PREF_ALLOW_HIJACKING_LOCALHOST =
+  "network.proxy.allow_hijacking_localhost";

 const BAD_CERT_DOMAIN_ERROR_URL = "https://badcertdomain.example.com:443";
 const FIXED_URL = "https://www.badcertdomain.example.com/";
@ -77,7 +79,9 @@ add_task(async function ignoreBadCertDomain() {
  info("Certificate error was shown as expected");

  // Test that urls with IP addresses are not fixed.
+  Services.prefs.setBoolPref(PREF_ALLOW_HIJACKING_LOCALHOST, true);
  await verifyErrorPage(IPV4_ADDRESS);
+  Services.prefs.clearUserPref(PREF_ALLOW_HIJACKING_LOCALHOST);
  info("Certificate error was shown as expected for an IP address");

  // Test that urls with ports are not fixed.
--- a/dom/base/test/unit/test_error_codes.js
+++ b/dom/base/test/unit/test_error_codes.js
@ -38,6 +38,8 @@ function run_test_pt1() {
  } catch (e) {}
  Services.io.offline = true;
  prefs.setBoolPref("network.dns.offline-localhost", false);
+  // We always resolve localhost as it's hardcoded without the following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  gExpectedStatus = Cr.NS_ERROR_OFFLINE;
  gNextTestFunc = run_test_pt2;
@ -49,6 +51,7 @@ function run_test_pt1() {
 function run_test_pt2() {
  Services.io.offline = false;
  prefs.clearUserPref("network.dns.offline-localhost");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");

  gExpectedStatus = Cr.NS_ERROR_CONNECTION_REFUSED;
  gNextTestFunc = end_test;
--- a/dom/media/webrtc/tests/mochitests/mochitest.ini
+++ b/dom/media/webrtc/tests/mochitests/mochitest.ini
@ -27,7 +27,9 @@ support-files =
  !/dom/media/test/bug461281.ogg
  !/dom/media/test/seek.webm
  !/dom/media/test/gizmo.mp4
-prefs = privacy.partition.network_state=false
+prefs =
+  privacy.partition.network_state=false
+  network.proxy.allow_hijacking_localhost=true

 [test_1488832.html]
 [test_a_noOp.html]
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@ -229,8 +229,7 @@ nsMixedContentBlocker::ShouldLoad(nsIURI* aContentLocation,

 bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(
    const nsACString& aAsciiHost) {
-  if (aAsciiHost.EqualsLiteral("::1") ||
-      aAsciiHost.EqualsLiteral("localhost")) {
+  if (mozilla::net::IsLoopbackHostname(aAsciiHost)) {
    return true;
  }

@ -249,9 +248,8 @@ bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(
  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy says
  // we should only consider [::1]/128 as a potentially trustworthy IPv6
  // address, whereas for IPv4 127.0.0.1/8 are considered as potentially
-  // trustworthy.  We already handled "[::1]" above, so all that's remained to
-  // handle here are IPv4 loopback addresses.
-  return addr.IsIPAddrV4() && addr.IsLoopbackAddr();
+  // trustworthy.
+  return addr.IsLoopBackAddressWithoutIPv6Mapping();
 }

 bool nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackURL(nsIURI* aURL) {
--- a/dom/security/nsMixedContentBlocker.h
+++ b/dom/security/nsMixedContentBlocker.h
@ -34,6 +34,11 @@ enum MixedContentTypes {
 using mozilla::OriginAttributes;

 class nsILoadInfo;  // forward declaration
+namespace mozilla {
+namespace net {
+class nsProtocolProxyService;  // forward declaration
+}
+}  // namespace mozilla

 class nsMixedContentBlocker : public nsIContentPolicy,
                              public nsIChannelEventSink {
--- a/dom/security/test/gtest/TestSecureContext.cpp
+++ b/dom/security/test/gtest/TestSecureContext.cpp
@ -24,12 +24,29 @@ struct TestExpectations {
  bool expectedResult;
 };

+class MOZ_RAII AutoRestoreBoolPref final {
+ public:
+  AutoRestoreBoolPref(const char* aPref, bool aValue) : mPref(aPref) {
+    Preferences::GetBool(mPref, &mOldValue);
+    Preferences::SetBool(mPref, aValue);
+  }
+
+  ~AutoRestoreBoolPref() { Preferences::SetBool(mPref, mOldValue); }
+
+ private:
+  const char* mPref = nullptr;
+  bool mOldValue = false;
+};
+
 // ============================= TestDirectives ========================

 TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
 {
  // boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);

+  AutoRestoreBoolPref savedPref("network.proxy.allow_hijacking_localhost",
+                                false);
+
  static const TestExpectations uris[] = {
      {"http://example.com/", false},
      {"https://example.com/", true},
@ -39,7 +56,9 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
      {"ftp://example.com", false},
      {"about:config", false},
      {"http://localhost", true},
-      {"http://xyzzy.localhost", false},
+      {"http://localhost.localhost", true},
+      {"http://a.b.c.d.e.localhost", true},
+      {"http://xyzzy.localhost", true},
      {"http://127.0.0.1", true},
      {"http://127.0.0.2", true},
      {"http://127.1.0.1", true},
@ -71,7 +90,8 @@ TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
             ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
    ASSERT_EQ(rv, NS_OK);
    bool isPotentiallyTrustworthy = prin->GetIsOriginPotentiallyTrustworthy();
-    ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
+    ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult)
+        << uris[i].uri << uris[i].expectedResult;
  }
 }

--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@ -38,6 +38,7 @@ add_task(async function test_isOriginPotentiallyTrustworthy() {
    ["http://example.com/", false],
    ["https://example.com/", true],
    ["http://localhost/", true],
+    ["http://localhost.localhost/", true],
    ["http://127.0.0.1/", true],
    ["file:///", true],
    ["resource:///", true],
--- a/dom/webauthn/tests/browser/browser_webauthn_ipaddress.js
+++ b/dom/webauthn/tests/browser/browser_webauthn_ipaddress.js
@ -21,6 +21,7 @@ add_task(function test_setup() {
    "security.webauth.webauthn_enable_usbtoken",
    false
  );
+  Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
 });

 registerCleanupFunction(async function() {
@ -31,6 +32,7 @@ registerCleanupFunction(async function() {
  );
  Services.prefs.clearUserPref("security.webauth.webauthn_enable_softtoken");
  Services.prefs.clearUserPref("security.webauth.webauthn_enable_usbtoken");
+  Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
 });

 add_task(async function test_appid() {
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -8213,6 +8213,12 @@
  value: true
  mirror: always

+# Set true to allow resolving proxy for localhost
+- name: network.proxy.allow_hijacking_localhost
+  type: RelaxedAtomicBool
+  value: false
+  mirror: always
+
 # Allow CookieJarSettings to be unblocked for channels without a document.
 # This is for testing only.
 - name: network.cookieJarSettings.unblocked_for_testing
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -1947,8 +1947,6 @@ pref("network.proxy.socks_port",            0);
 pref("network.proxy.socks_version",         5);
 pref("network.proxy.proxy_over_tls",        true);
 pref("network.proxy.no_proxies_on",         "");
-// Set true to allow resolving proxy for localhost
-pref("network.proxy.allow_hijacking_localhost", false);
 pref("network.proxy.failover_timeout",      1800); // 30 minutes
 pref("network.online",                      true); //online/offline

--- a/netwerk/base/nsProtocolProxyService.cpp
+++ b/netwerk/base/nsProtocolProxyService.cpp
@ -36,7 +36,9 @@
 #include "nsISystemProxySettings.h"
 #include "nsINetworkLinkService.h"
 #include "nsIHttpChannelInternal.h"
+#include "mozilla/dom/nsMixedContentBlocker.h"
 #include "mozilla/Logging.h"
+#include "mozilla/StaticPrefs_network.h"
 #include "mozilla/Tokenizer.h"
 #include "mozilla/Unused.h"

@ -771,7 +773,6 @@ nsProtocolProxyService::nsProtocolProxyService()
      mSOCKSProxyRemoteDNS(false),
      mProxyOverTLS(true),
      mWPADOverDHCPEnabled(false),
-      mAllowHijackingLocalhost(false),
      mPACMan(nullptr),
      mSessionStart(PR_Now()),
      mFailedProxyTimeout(30 * 60)  // 30 minute default
@ -1019,11 +1020,6 @@ void nsProtocolProxyService::PrefsChanged(nsIPrefBranch* prefBranch,
    reloadPAC = reloadPAC || mProxyConfig == PROXYCONFIG_WPAD;
  }

-  if (!pref || !strcmp(pref, PROXY_PREF("allow_hijacking_localhost"))) {
-    proxy_GetBoolPref(prefBranch, PROXY_PREF("allow_hijacking_localhost"),
-                      mAllowHijackingLocalhost);
-  }
-
  if (!pref || !strcmp(pref, PROXY_PREF("failover_timeout")))
    proxy_GetIntPref(prefBranch, PROXY_PREF("failover_timeout"),
                     mFailedProxyTimeout);
@ -1097,9 +1093,12 @@ bool nsProtocolProxyService::CanUseProxy(nsIURI* aURI, int32_t defaultPort) {

  // Don't use proxy for local hosts (plain hostname, no dots)
  if ((!is_ipaddr && mFilterLocalHosts && !host.Contains('.')) ||
-      (!mAllowHijackingLocalhost &&
-       (host.EqualsLiteral("127.0.0.1") || host.EqualsLiteral("::1") ||
-        host.EqualsLiteral("localhost")))) {
+      // This method detects if we have network.proxy.allow_hijacking_localhost
+      // pref enabled. If it's true then this method will always return false
+      // otherwise it returns true if the host matches an address that's
+      // hardcoded to the loopback address.
+      (!StaticPrefs::network_proxy_allow_hijacking_localhost() &&
+       nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost(host))) {
    LOG(("Not using proxy for this local host [%s]!\n", host.get()));
    return false;  // don't allow proxying
  }
--- a/netwerk/base/nsProtocolProxyService.h
+++ b/netwerk/base/nsProtocolProxyService.h
@ -388,7 +388,6 @@ class nsProtocolProxyService final : public nsIProtocolProxyService2,
  bool mSOCKSProxyRemoteDNS;
  bool mProxyOverTLS;
  bool mWPADOverDHCPEnabled;
-  bool mAllowHijackingLocalhost;

  RefPtr<nsPACMan> mPACMan;  // non-null if we are using PAC
  nsCOMPtr<nsISystemProxySettings> mSystemProxySettings;
--- a/netwerk/dns/DNS.cpp
+++ b/netwerk/dns/DNS.cpp
@ -6,9 +6,11 @@

 #include "mozilla/net/DNS.h"

+#include "mozilla/ArrayUtils.h"
 #include "mozilla/Assertions.h"
 #include "mozilla/mozalloc.h"
-#include "mozilla/ArrayUtils.h"
+#include "mozilla/StaticPrefs_network.h"
+#include "nsContentUtils.h"
 #include "nsString.h"
 #include <string.h>

@ -140,25 +142,43 @@ bool NetAddr::ToStringBuffer(char* buf, uint32_t bufSize) const {
 }

 bool NetAddr::IsLoopbackAddr() const {
+  if (IsLoopBackAddressWithoutIPv6Mapping()) {
+    return true;
+  }
+  const NetAddr* addr = this;
+  if (addr->raw.family != AF_INET6) {
+    return false;
+  }
+
+  return IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip) &&
+         IPv6ADDR_V4MAPPED_TO_IPADDR(&addr->inet6.ip) == htonl(INADDR_LOOPBACK);
+}
+
+bool NetAddr::IsLoopBackAddressWithoutIPv6Mapping() const {
  const NetAddr* addr = this;
  if (addr->raw.family == AF_INET) {
    // Consider 127.0.0.1/8 as loopback
    uint32_t ipv4Addr = ntohl(addr->inet.ip);
    return (ipv4Addr >> 24) == 127;
  }
-  if (addr->raw.family == AF_INET6) {
-    if (IPv6ADDR_IS_LOOPBACK(&addr->inet6.ip)) {
-      return true;
-    }
-    if (IPv6ADDR_IS_V4MAPPED(&addr->inet6.ip) &&
-        IPv6ADDR_V4MAPPED_TO_IPADDR(&addr->inet6.ip) ==
-            htonl(INADDR_LOOPBACK)) {
-      return true;
-    }
+
+  return addr->raw.family == AF_INET6 && IPv6ADDR_IS_LOOPBACK(&addr->inet6.ip);
 }
+
+bool IsLoopbackHostname(const nsACString& aAsciiHost) {
+  // If the user has configured to proxy localhost addresses don't consider them
+  // to be secure
+  if (StaticPrefs::network_proxy_allow_hijacking_localhost()) {
    return false;
  }

+  nsAutoCString host;
+  nsContentUtils::ASCIIToLower(aAsciiHost, host);
+
+  return host.EqualsLiteral("localhost") ||
+         StringEndsWith(host, ".localhost"_ns);
+}
+
 bool NetAddr::IsIPAddrAny() const {
  if (this->raw.family == AF_INET) {
    if (this->inet.ip == htonl(INADDR_ANY)) {
--- a/netwerk/dns/DNS.h
+++ b/netwerk/dns/DNS.h
@ -137,6 +137,7 @@ union NetAddr {

  bool IsIPAddrAny() const;
  bool IsLoopbackAddr() const;
+  bool IsLoopBackAddressWithoutIPv6Mapping() const;
  bool IsIPAddrV4() const;
  bool IsIPAddrV4Mapped() const;
  bool IsIPAddrLocal() const;
@ -233,6 +234,8 @@ void PRNetAddrToNetAddr(const PRNetAddr* prAddr, NetAddr* addr);
 // Does not do a ptr safety check!
 void NetAddrToPRNetAddr(const NetAddr* addr, PRNetAddr* prAddr);

+bool IsLoopbackHostname(const nsACString& aAsciiHost);
+
 }  // namespace net
 }  // namespace mozilla

--- a/netwerk/dns/nsHostResolver.cpp
+++ b/netwerk/dns/nsHostResolver.cpp
@ -916,11 +916,7 @@ nsresult nsHostResolver::GetHostRecord(const nsACString& host,

  RefPtr<nsHostRecord>& entry = mRecordDB.GetOrInsert(key);
  if (!entry) {
-    if (IS_ADDR_TYPE(type)) {
-      entry = new AddrHostRecord(key);
-    } else {
-      entry = new TypeHostRecord(key);
-    }
+    entry = InitRecord(key);
  }

  RefPtr<nsHostRecord> rec = entry;
@ -939,6 +935,48 @@ nsresult nsHostResolver::GetHostRecord(const nsACString& host,
  return NS_OK;
 }

+nsHostRecord* nsHostResolver::InitRecord(const nsHostKey& key) {
+  if (IS_ADDR_TYPE(key.type)) {
+    return new AddrHostRecord(key);
+  }
+  return new TypeHostRecord(key);
+}
+
+already_AddRefed<nsHostRecord> nsHostResolver::InitLoopbackRecord(
+    const nsHostKey& key, nsresult* aRv) {
+  MOZ_ASSERT(aRv);
+  MOZ_ASSERT(IS_ADDR_TYPE(key.type));
+
+  *aRv = NS_ERROR_FAILURE;
+  RefPtr<nsHostRecord> rec = InitRecord(key);
+
+  RefPtr<AddrHostRecord> addrRec = do_QueryObject(rec);
+  MutexAutoLock lock(addrRec->addr_info_lock);
+
+  PRNetAddr prAddr;
+
+  if (key.af == PR_AF_INET) {
+    MOZ_RELEASE_ASSERT(PR_StringToNetAddr("127.0.0.1", &prAddr) == PR_SUCCESS);
+  } else {
+    MOZ_RELEASE_ASSERT(PR_StringToNetAddr("::1", &prAddr) == PR_SUCCESS);
+  }
+
+  RefPtr<AddrInfo> ai;
+  *aRv = GetAddrInfo(rec->host, rec->af, addrRec->flags, getter_AddRefs(ai),
+                     addrRec->mGetTtl);
+  if (NS_WARN_IF(NS_FAILED(*aRv))) {
+    return nullptr;
+  }
+
+  addrRec->addr_info = ai;
+  addrRec->SetExpiration(TimeStamp::NowLoRes(), mDefaultCacheLifetime,
+                         mDefaultGracePeriod);
+  addrRec->negative = false;
+
+  *aRv = NS_OK;
+  return rec.forget();
+}
+
 nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
                                     const nsACString& aTrrServer,
                                     uint16_t type,
@ -988,8 +1026,9 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
    MutexAutoLock lock(mLock);

    if (mShutdown) {
-      rv = NS_ERROR_NOT_INITIALIZED;
-    } else {
+      return NS_ERROR_NOT_INITIALIZED;
+    }
+
    // check to see if there is already an entry for this |host|
    // in the hash table.  if so, then check to see if we can't
    // just reuse the lookup result.  otherwise, if there are
@ -998,6 +1037,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
    // callback, and proceed to do the lookup.

    bool excludedFromTRR = false;
+
    if (gTRRService && gTRRService->IsExcludedFromTRR(host)) {
      flags |= RES_DISABLE_TRR;
      excludedFromTRR = true;
@ -1009,13 +1049,22 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,

    nsHostKey key(host, aTrrServer, type, flags, af,
                  (aOriginAttributes.mPrivateBrowsingId > 0), originSuffix);
+
+    // Check if we have a localhost domain, if so hardcode to loopback
+    if (IS_ADDR_TYPE(type) && IsLoopbackHostname(host)) {
+      nsresult rv;
+      RefPtr<nsHostRecord> result = InitLoopbackRecord(key, &rv);
+      if (NS_WARN_IF(NS_FAILED(rv))) {
+        return rv;
+      }
+      MOZ_ASSERT(result);
+      aCallback->OnResolveHostComplete(this, result, NS_OK);
+      return NS_OK;
+    }
+
    RefPtr<nsHostRecord>& entry = mRecordDB.GetOrInsert(key);
    if (!entry) {
-        if (IS_ADDR_TYPE(type)) {
-          entry = new AddrHostRecord(key);
-        } else {
-          entry = new TypeHostRecord(key);
-        }
+      entry = InitRecord(key);
    }

    RefPtr<nsHostRecord> rec = entry;
@ -1028,7 +1077,6 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
      rec->RecordReason(nsHostRecord::TRR_EXCLUDED);
    }

-      // Check if the entry is vaild.
    if (!(flags & RES_BYPASS_CACHE) &&
        rec->HasUsableResult(TimeStamp::NowLoRes(), flags)) {
      LOG(("  Using cached record for host [%s].\n", host.get()));
@ -1070,7 +1118,8 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,

      // ok, just copy the result into the host record, and be
      // done with it! ;-)
-        addrRec->addr = MakeUnique<NetAddr>(&tempAddr);
+      addrRec->addr = MakeUnique<NetAddr>();
+      PRNetAddrToNetAddr(&tempAddr, addrRec->addr.get());
      // put reference to host record on stack...
      Telemetry::Accumulate(Telemetry::DNS_LOOKUP_METHOD2, METHOD_LITERAL);
      result = rec;
@ -1130,7 +1179,7 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
          if (unspecRec->negative) {
            rec->negative = unspecRec->negative;
            rec->CopyExpirationTimesAndFlagsFrom(unspecRec);
-            } else {
+          } else if (addrUnspecRec->addr_info) {
            MutexAutoLock lock(addrUnspecRec->addr_info_lock);
            if (addrUnspecRec->addr_info) {
              // Search for any valid address in the AF_UNSPEC entry
@ -1256,7 +1305,6 @@ nsresult nsHostResolver::ResolveHost(const nsACString& aHost,
        }
      }
    }
-    }

    if (result && callback->isInList()) {
      callback->remove();
--- a/netwerk/dns/nsHostResolver.h
+++ b/netwerk/dns/nsHostResolver.h
@ -494,6 +494,14 @@ class nsHostResolver : public nsISupports, public AHostResolver {
                       uint16_t flags, uint16_t af,
                       nsResolveHostCallback* callback);

+  nsHostRecord* InitRecord(const nsHostKey& key);
+
+  /**
+   * return a resolved hard coded loopback dns record for the specified key
+   */
+  already_AddRefed<nsHostRecord> InitLoopbackRecord(const nsHostKey& key,
+                                                    nsresult* aRv);
+
  /**
   * removes the specified callback from the nsHostRecord for the given
   * hostname, originAttributes, flags, and address family.  these parameters
--- a/netwerk/test/httpserver/test/test_seizepower.js
+++ b/netwerk/test/httpserver/test/test_seizepower.js
@ -15,6 +15,7 @@ XPCOMUtils.defineLazyGetter(this, "PORT", function() {
 var srv;

 function run_test() {
+  Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
  srv = createServer();

  srv.registerPathHandler("/raw-data", handleRawData);
@ -25,7 +26,10 @@ function run_test() {

  srv.start(-1);

-  runRawTests(tests, testComplete(srv));
+  runRawTests(tests, function() {
+    Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+    testComplete(srv)();
+  });
 }

 function checkException(fun, err, msg) {
--- a/netwerk/test/unit/test_about_networking.js
+++ b/netwerk/test/unit/test_about_networking.js
@ -98,6 +98,9 @@ function run_test() {
    true
  );

+  // We always resolve localhost as it's hardcoded without the following pref:
+  Services.prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
+
  let ioService = Cc["@mozilla.org/network/io-service;1"].getService(
    Ci.nsIIOService
  );
@ -112,6 +115,7 @@ function run_test() {
  channel.open();

  gServerSocket.init(-1, true, -1);
+  Services.prefs.clearUserPref("network.proxy.allow_hijacking_localhost");

  run_next_test();
 }
--- a/netwerk/test/unit/test_dns_offline.js
+++ b/netwerk/test/unit/test_dns_offline.js
@ -47,6 +47,8 @@ const defaultOriginAttributes = {};
 function run_test() {
  do_test_pending();
  prefs.setBoolPref("network.dns.offline-localhost", false);
+  // We always resolve localhost as it's hardcoded without the following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
  ioService.offline = true;
  try {
    dns.asyncResolve(
@ -107,4 +109,5 @@ function test3Continued() {

 function cleanup() {
  prefs.clearUserPref("network.dns.offline-localhost");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
 }
--- a/netwerk/test/unit/test_dns_originAttributes.js
+++ b/netwerk/test/unit/test_dns_originAttributes.js
@ -4,6 +4,9 @@ var dns = Cc["@mozilla.org/network/dns-service;1"].getService(Ci.nsIDNSService);
 var threadManager = Cc["@mozilla.org/thread-manager;1"].getService(
  Ci.nsIThreadManager
 );
+var prefs = Cc["@mozilla.org/preferences-service;1"].getService(
+  Ci.nsIPrefBranch
+);
 var mainThread = threadManager.currentThread;

 var listener1 = {
@ -31,6 +34,7 @@ var listener2 = {
 var listener3 = {
  onLookupComplete(inRequest, inRecord, inStatus) {
    Assert.equal(inStatus, Cr.NS_ERROR_OFFLINE);
+    cleanup();
    do_test_finished();
  },
 };
@ -41,6 +45,7 @@ const secondOriginAttributes = { userContextId: 2 };
 // First, we resolve the address normally for first originAttributes.
 function run_test() {
  do_test_pending();
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);
  dns.asyncResolve(
    "localhost",
    Ci.nsIDNSService.RESOLVE_TYPE_DEFAULT,
@ -84,6 +89,11 @@ function test3() {
    );
  } catch (e) {
    Assert.equal(e.result, Cr.NS_ERROR_OFFLINE);
+    cleanup();
    do_test_finished();
  }
 }
+
+function cleanup() {
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
+}
--- a/netwerk/test/unit/test_http3.js
+++ b/netwerk/test/unit/test_http3.js
@ -71,6 +71,9 @@ function run_test() {

  prefs.setBoolPref("network.http.http3.enabled", true);
  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  // The certificate for the http3server server is for foo.example.com and
  // is signed by http2-ca.pem so add that cert to the trust list as a
@ -553,6 +556,7 @@ function test_version_fallback() {
 function testsDone() {
  prefs.clearUserPref("network.http.http3.enabled");
  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
  dump("testDone\n");
  do_test_pending();
  h1Server.stop(do_test_finished);
--- a/netwerk/test/unit/test_http3_421.js
+++ b/netwerk/test/unit/test_http3_421.js
@ -34,6 +34,9 @@ function run_test() {

  prefs.setBoolPref("network.http.http3.enabled", true);
  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  // The certificate for the http3server server is for foo.example.com and
  // is signed by http2-ca.pem so add that cert to the trust list as a
@ -165,6 +168,7 @@ function test_response_421() {
 function testsDone() {
  prefs.clearUserPref("network.http.http3.enabled");
  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
  dump("testDone\n");
  do_test_pending();
  do_test_finished();
--- a/netwerk/test/unit/test_http3_alt_svc.js
+++ b/netwerk/test/unit/test_http3_alt_svc.js
@ -36,6 +36,9 @@ function run_test() {

  prefs.setBoolPref("network.http.http3.enabled", true);
  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  // The certificate for the http3server server is for foo.example.com and
  // is signed by http2-ca.pem so add that cert to the trust list as a
@ -121,5 +124,6 @@ function test_https_alt_svc() {
 function testsDone() {
  prefs.clearUserPref("network.http.http3.enabled");
  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
  dump("testDone\n");
 }
--- a/netwerk/test/unit/test_http3_perf.js
+++ b/netwerk/test/unit/test_http3_perf.js
@ -76,6 +76,9 @@ function run_test() {

  prefs.setBoolPref("network.http.http3.enabled", true);
  prefs.setCharPref("network.dns.localDomains", "foo.example.com");
+  // We always resolve elements of localDomains as it's hardcoded without the
+  // following pref:
+  prefs.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  // The certificate for the http3server server is for foo.example.com and
  // is signed by http2-ca.pem so add that cert to the trust list as a
@ -252,6 +255,7 @@ function test_download() {
 function testsDone() {
  prefs.clearUserPref("network.http.http3.enabled");
  prefs.clearUserPref("network.dns.localDomains");
+  prefs.clearUserPref("network.proxy.allow_hijacking_localhost");
  dump("testDone\n");
  do_test_pending();
  do_test_finished();
--- a/netwerk/test/unit/test_ping_aboutnetworking.js
+++ b/netwerk/test/unit/test_ping_aboutnetworking.js
@ -58,9 +58,12 @@ function run_test() {
  // disable network changed events to avoid the the risk of having the dns
  // cache getting flushed behind our back
  ps.setBoolPref("network.notify.changed", false);
+  // Localhost is hardcoded to loopback and isn't cached, disable that with this pref
+  ps.setBoolPref("network.proxy.allow_hijacking_localhost", true);

  registerCleanupFunction(function() {
    ps.clearUserPref("network.notify.changed");
+    ps.clearUserPref("network.proxy.allow_hijacking_localhost");
  });

  let serverSocket = Cc["@mozilla.org/network/server-socket;1"].createInstance(
--- a/netwerk/test/unit/xpcshell.ini
+++ b/netwerk/test/unit/xpcshell.ini
@ -201,8 +201,10 @@ skip-if = true # Bug 863738
 [test_data_protocol.js]
 [test_dns_service.js]
 [test_dns_offline.js]
+skip-if = socketprocess_networking # Bug 1640105
 [test_dns_onion.js]
 [test_dns_originAttributes.js]
+skip-if = socketprocess_networking # Bug 1640105
 [test_dns_localredirect.js]
 [test_dns_proxy_bypass.js]
 [test_dns_disabled.js]
--- a/testing/web-platform/meta/css/css-font-loading/fontface-override-descriptor-getter-setter.sub.html.ini
+++ b/testing/web-platform/meta/css/css-font-loading/fontface-override-descriptor-getter-setter.sub.html.ini
@ -3,7 +3,7 @@
    if (os == "win") and ccov: [OK, TIMEOUT]
    if (os == "win") and debug and not webrender and (processor == "x86"): ["OK", "TIMEOUT"]
    if (os == "win") and debug and not webrender and (processor == "x86_64"): ["OK", "TIMEOUT"]
-    if (os == "win") and not debug and webrender and not fission: ["OK", "TIMEOUT"]
+    if (os == "win") and not debug and webrender: ["OK", "TIMEOUT"]
    if (os == "win") and debug and webrender: ["TIMEOUT", "OK"]
  [Initialize lineGapOverride with 'normal' should succeed]
    expected: FAIL
@ -70,7 +70,7 @@
      if (os == "win") and ccov: [PASS, NOTRUN]
      if (os == "win") and debug and not webrender and (processor == "x86_64"): ["FAIL", "NOTRUN"]
      if (os == "win") and debug and not webrender and (processor == "x86"): ["FAIL", "NOTRUN"]
-      if (os == "win") and not debug and webrender and not fission: ["FAIL", "TIMEOUT"]
+      if (os == "win") and not debug and webrender: ["FAIL", "TIMEOUT"]
      if (os == "win") and debug and webrender: ["NOTRUN", "FAIL"]
      FAIL