Bug 1122236 - Test CSPs block-all-mixed-content does not affect UI (r=tanvi)

browser/base/content/test/general/browser.ini

@@ -120,6 +120,8 @@ support-files =
   xul_tooltiptext.xhtml
   file_bug1045809_1.html
   file_bug1045809_2.html
+  file_csp_block_all_mixedcontent.html
+  file_csp_block_all_mixedcontent.js
 
 [browser_URLBarSetURI.js]
 skip-if = (os == "linux" || os == "mac") && debug # bug 970052, bug 970053
@@ -555,3 +557,5 @@ skip-if = !e10s || !crashreporter
 skip-if = !e10s || !crashreporter
 [browser_aboutTabCrashed_withoutDump.js]
 skip-if = !e10s
+[browser_csp_block_all_mixedcontent.js]
+tags = mcb

browser/base/content/test/general/browser_csp_block_all_mixedcontent.js

@@ -0,0 +1,55 @@
+/*
+ * Description of the Test:
+ * We load an https page which uses a CSP including block-all-mixed-content.
+ * The page tries to load a script over http. We make sure the UI is not
+ * influenced when blocking the mixed content. In particular the page
+ * should still appear fully encrypted with a green lock.
+ */
+
+const PRE_PATH = "https://example.com/browser/browser/base/content/test/general/";
+var gTestBrowser = null;
+
+//------------------------------------------------------
+function cleanUpAfterTests() {
+  gBrowser.removeCurrentTab();
+  window.focus();
+  finish();
+}
+
+//------------------------------------------------------
+function verifyUInotDegraded() {
+  // make sure that not mixed content is loaded and also not blocked
+  assertMixedContentBlockingState(
+    gTestBrowser,
+    { activeLoaded: false,
+      activeBlocked: false,
+      passiveLoaded: false
+    }
+  );
+  // clean up and finish test
+  cleanUpAfterTests();
+}
+
+//------------------------------------------------------
+function runTests() {
+  var newTab = gBrowser.addTab();
+  gBrowser.selectedTab = newTab;
+  gTestBrowser = gBrowser.selectedBrowser;
+  newTab.linkedBrowser.stop();
+
+  // Starting the test
+  BrowserTestUtils.browserLoaded(gTestBrowser).then(verifyUInotDegraded);
+  var url = PRE_PATH + "file_csp_block_all_mixedcontent.html";
+  gTestBrowser.loadURI(url);
+}
+
+//------------------------------------------------------
+function test() {
+  // Performing async calls, e.g. 'onload', we have to wait till all of them finished
+  waitForExplicitFinish();
+
+  SpecialPowers.pushPrefEnv(
+    { 'set': [["security.mixed_content.block_active_content", true]] },
+    function() { runTests(); }
+  );
+}

browser/base/content/test/general/file_csp_block_all_mixedcontent.html

@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html><head><meta charset="utf-8">
+<title>Bug 1122236 - CSP: Implement block-all-mixed-content</title>
+</head>
+<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+<body>
+<script src="http://example.com/browser/browser/base/content/test/general/file_csp_block_all_mixedcontent.js"/>
+</body>
+</html>

browser/base/content/test/general/file_csp_block_all_mixedcontent.js

@@ -0,0 +1,3 @@
+// empty script file just used for testing Bug 1122236.
+// Making sure the UI is not degraded when blocking
+// mixed content using the CSP directive: block-all-mixed-content.