From 83d927b5f07d5934d571e46c0e17dda9cc007c58 Mon Sep 17 00:00:00 2001
From: Narcis Beleuzu <nbeleuzu@mozilla.com>
Date: Mon, 9 Jan 2023 22:51:57 +0200
Subject: [PATCH] Backed out changeset 30d7636620f8 (bug 1804684) as req by
 smaug

---
 docshell/base/nsDocShell.cpp                      | 9 ---------
 docshell/base/nsDocShell.h                        | 3 ---
 dom/security/test/https-first/file_fragment.html  | 5 ++---
 dom/security/test/https-first/test_fragment.html  | 3 +--
 dom/security/test/https-only/browser_hsts_host.js | 8 +-------
 dom/security/test/https-only/file_fragment.html   | 3 +--
 dom/security/test/https-only/test_fragment.html   | 6 ++----
 7 files changed, 7 insertions(+), 30 deletions(-)

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 190d03720dee..bc6748031181 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -8746,15 +8746,6 @@ bool nsDocShell::IsSameDocumentNavigation(nsDocShellLoadState* aLoadState,
           if (!docLoadInfo->GetLoadErrorPage()) {
             if (nsHTTPSOnlyUtils::IsEqualURIExceptSchemeAndRef(
                     currentExposableURI, aLoadState->URI(), docLoadInfo)) {
-              // At this point the requested URI is for sure a fragment
-              // navigation via HTTP and HTTPS-Only mode or HTTPS-First is
-              // enabled. Since we are on an HTTPS site the fragment
-              // navigation should also be an HTTPS.
-              // For that reason we upgrade the URI to HTTPS.
-              nsCOMPtr<nsIURI> upgradedURI;
-              NS_GetSecureUpgradedURI(aLoadState->URI(),
-                                      getter_AddRefs(upgradedURI));
-              aLoadState->SetURI(upgradedURI);
               aState.mSameExceptHashes = true;
             }
           }
diff --git a/docshell/base/nsDocShell.h b/docshell/base/nsDocShell.h
index b3b735131d51..293bfeee6e07 100644
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -1067,9 +1067,6 @@ class nsDocShell final : public nsDocLoader,
 
   // Check to see if we're loading a prior history entry or doing a fragment
   // navigation in the same document.
-  // NOTE: In case we are doing a fragment navigation, and HTTPS-Only/ -First
-  // mode is enabled and upgraded the underlying document, we update the URI of
-  // aLoadState from HTTP to HTTPS (if neccessary).
   bool IsSameDocumentNavigation(nsDocShellLoadState* aLoadState,
                                 SameDocumentNavigationState& aState);
 
diff --git a/dom/security/test/https-first/file_fragment.html b/dom/security/test/https-first/file_fragment.html
index 441ec80b525c..4d042ebc15d4 100644
--- a/dom/security/test/https-first/file_fragment.html
+++ b/dom/security/test/https-first/file_fragment.html
@@ -5,7 +5,7 @@
 function beforeunload(){
   window.opener.postMessage({
     info: "before-unload",
-    result: window.location.href,
+    result: window.location.hash,
     button: false,
   }, "*");
 }
@@ -26,9 +26,8 @@ window.onload = function (){
 window.onscroll = function(){
   window.opener.postMessage({
     info: "scrolled-to-foo",
-    result: window.location.href,
+    result: window.location.hash,
     button: true,
-    documentURI: document.documentURI,
   }, "*");
  }
 
diff --git a/dom/security/test/https-first/test_fragment.html b/dom/security/test/https-first/test_fragment.html
index 4a27f198e1f7..63a7affee202 100644
--- a/dom/security/test/https-first/test_fragment.html
+++ b/dom/security/test/https-first/test_fragment.html
@@ -35,9 +35,8 @@ async function receiveMessage(event) {
 
   // Once the button was clicked we know the tast has finished
   ok(data.button, "button is clicked");
-  is(data.result, EXPECT_URL + "#foo", "location (hash) is correct");
+  ok(data.result == "#foo", "location (hash) is correct");
   ok(data.info == "scrolled-to-foo","Scrolled successfully without reloading!");
-  is(data.documentURI, EXPECT_URL + "#foo", "Document URI is correct");
   window.removeEventListener("message",receiveMessage);
   winTest.close();
   SimpleTest.finish();
diff --git a/dom/security/test/https-only/browser_hsts_host.js b/dom/security/test/https-only/browser_hsts_host.js
index b0bd1b5a1120..67c8cf66016f 100644
--- a/dom/security/test/https-only/browser_hsts_host.js
+++ b/dom/security/test/https-only/browser_hsts_host.js
@@ -16,7 +16,6 @@ add_task(async function see_hsts_header() {
       "https://example.com"
     ) + "hsts_headers.sjs";
   Services.obs.addObserver(observer, "http-on-examine-response");
-  info("Load first time with HSTS header");
   await BrowserTestUtils.loadURI(gBrowser.selectedBrowser, setHstsUrl);
 
   await BrowserTestUtils.waitForCondition(() => readMessage);
@@ -42,16 +41,12 @@ add_task(async function() {
     ) + "hsts_headers.sjs";
 
   // 1. Upgrade page to https://
-  let tab = await BrowserTestUtils.openNewForegroundTab(
-    gBrowser,
-    RESOURCE_LINK
-  );
+  await BrowserTestUtils.loadURI(gBrowser.selectedBrowser, RESOURCE_LINK);
 
   await BrowserTestUtils.waitForCondition(() => testFinished);
 
   // Clean up
   Services.console.unregisterListener(onNewMessage);
-  BrowserTestUtils.removeTab(tab);
 });
 
 add_task(async function() {
@@ -65,7 +60,6 @@ add_task(async function() {
 
   Services.obs.addObserver(observer, "http-on-examine-response");
   // reset hsts header
-  info("RESET HSTS header");
   await BrowserTestUtils.loadURI(gBrowser.selectedBrowser, clearHstsUrl);
   await BrowserTestUtils.waitForCondition(() => readMessage);
   // Clean up
diff --git a/dom/security/test/https-only/file_fragment.html b/dom/security/test/https-only/file_fragment.html
index 8764957e9f46..10a9973a37fd 100644
--- a/dom/security/test/https-only/file_fragment.html
+++ b/dom/security/test/https-only/file_fragment.html
@@ -31,9 +31,8 @@ window.onload = function (){
 window.onscroll = function(){
   window.opener.postMessage({
     info: "scrolled-to-foo",
-    result: window.location.href,
+    result: window.location.hash,
     button: true,
-    documentURI: document.documentURI,
   }, "*");
  }
 
diff --git a/dom/security/test/https-only/test_fragment.html b/dom/security/test/https-only/test_fragment.html
index 52a63764fb49..445905c55087 100644
--- a/dom/security/test/https-only/test_fragment.html
+++ b/dom/security/test/https-only/test_fragment.html
@@ -27,7 +27,6 @@
 SimpleTest.waitForExplicitFinish();
 
 const REQUEST_URL = "http://example.com/tests/dom/security/test/https-only/file_fragment.html";
-const EXPECT_URL = REQUEST_URL.replace("http://", "https://");
 let winTest = null;
 let checkButtonClicked = false;
 
@@ -36,7 +35,7 @@ async function receiveMessage(event) {
   // checks if click was successful
   if (!checkButtonClicked){
     // expected window location ( expected URL)
-    ok(data.result == EXPECT_URL, "location is correct");
+    ok(data.result == "https://example.com/tests/dom/security/test/https-only/file_fragment.html", "location is correct");
     ok(data.button, "button is clicked");
     // checks if loading was successful
     ok(data.info == "onload", "Onloading worked");
@@ -47,10 +46,9 @@ async function receiveMessage(event) {
   // if Button was clicked once -> test finished
   // check if hash exist and if hash of location is correct
   ok(data.button, "button is clicked");
-  ok(data.result == EXPECT_URL + "#foo", "location (hash) is correct");
+  ok(data.result == "#foo", "location (hash) is correct");
   // check that page is scrolled not reloaded
   ok(data.info == "scrolled-to-foo","Scrolled successfully without reloading!");
-  is(data.documentURI, EXPECT_URL + "#foo", "Document URI is correct");
   // complete test and close window
   window.removeEventListener("message",receiveMessage);
   winTest.close();