diff --git a/services/crypto/tests/unit/test_utils_hawk.js b/services/crypto/tests/unit/test_utils_hawk.js
index 7791c2a356c8..0a2cf6c31716 100644
--- a/services/crypto/tests/unit/test_utils_hawk.js
+++ b/services/crypto/tests/unit/test_utils_hawk.js
@@ -228,6 +228,16 @@ add_test(function test_hawk() {
   do_check_eq(result.artifacts.hash, "66DiyapJ0oGgj09IXWdMv8VCg9xk0PL5RqX7bNnQW2k=");
   do_check_eq(result.artifacts.mac, "2B++3x5xfHEZbPZGDiK3IwfPZctkV4DUr2ORg1vIHvk=");
 
+  // the payload "hash" is also non-urlsafe base64 (+/)
+  result = compute(makeURI("http://example.net/path"), method,
+                   { credentials: credentials_sha256,
+                     ts: 1353809207,
+                     nonce: "Ygvqdz",
+                     payload: "something else",
+                   });
+  do_check_eq(result.artifacts.hash, "lERFXr/IKOaAoYw+eBseDUSwmqZTX0uKZpcWLxsdzt8=");
+  do_check_eq(result.artifacts.mac, "jiZuhsac35oD7IdcblhFncBr8tJFHcwWLr8NIYWr9PQ=");
+
   /* Test non-ascii hostname. HAWK (via the node.js "url" module) punycodes
    * "ëxample.net" into "xn--xample-ova.net" before hashing. I still think
    * punycode was a bad joke that got out of the lab and into a spec.