Backed out 4 changesets (bug 1424076) for mochitests failures in test_iframe_sandbox_navigation.html on a CLOSED TREE

Backed out changeset 67239c7df87c (bug 1424076)
Backed out changeset 2b4487c6403d (bug 1424076)
Backed out changeset c002ddb976e9 (bug 1424076)
Backed out changeset 50fbc0cec01a (bug 1424076)

devtools/client/netmonitor/test/browser_net_copy_as_curl.js

@@ -48,7 +48,6 @@ add_task(async function() {
     "--data " + quote(POST_PAYLOAD),
     header("Content-Type: text/plain;charset=UTF-8"),
   ];
-  const ORIGIN_RESULT = [header("Origin: http://example.com")];
 
   const HEAD_PARTIAL_RESULT = ["-I"];
 
@@ -86,7 +85,6 @@ add_task(async function() {
     ...BASE_RESULT,
     ...COOKIE_PARTIAL_RESULT,
     ...POST_PARTIAL_RESULT,
-    ...ORIGIN_RESULT,
   ]);
 
   // HEAD request

dom/tests/mochitest/beacon/test_beaconOriginHeader.html

@@ -1,7 +1,7 @@
 <!DOCTYPE HTML>
 <html>
 <head>
-  <title>Bug 1280692 - navigator.sendBeacon() should send origin header</title>
+  <title>Bug 1280692 - navigator.sendBeacon() should not send origin header</title>
   <!-- Including SimpleTest.js so we can use waitForExplicitFinish !-->
   <script src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
@@ -17,12 +17,13 @@
 SimpleTest.waitForExplicitFinish();
 
 const BEACON_URL = "http://example.com/tests/dom/tests/mochitest/beacon/beacon-originheader-handler.sjs";
+// no origin header should be sent with sendBeacon request;
 // server returns any origin-header or 'no-header' if there is no header sent.
-const ORIGIN_HEADER = "http://mochi.test:8888";
+const ORIGIN_HEADER = "no-header";
 
 /* Description of the test:
  *   We call sendBeacon() cross origin and make sure that the
- *   origin header is actually set in the request.
+ *   origin header is actually *not* set in the request.
  *
  * Since sendBeacon() does not expect any response, we are storing any
  * header on the server (*.sjs) and use an XMLHttpRequest to actually
@@ -40,7 +41,7 @@ function queryHeaderFromServer() {
   var xhr = new XMLHttpRequest();
   xhr.open("GET", "beacon-originheader-handler.sjs?queryheader", true);
   xhr.onload = function() {
-    is(xhr.responseText, ORIGIN_HEADER, "SendBeacon should send origin header");
+    is(xhr.responseText, ORIGIN_HEADER, "SendBeacon should not send origin header");
     SimpleTest.finish();
   };
   xhr.onerror = function() {

modules/libpref/init/all.js

@@ -1611,7 +1611,7 @@ pref("network.http.referer.referrerLengthLimit", 4096);
 
 // Include an origin header on non-GET and non-HEAD requests regardless of CORS
 // 0=never send, 1=send when same-origin only, 2=always send
-pref("network.http.sendOriginHeader", 2);
+pref("network.http.sendOriginHeader", 0);
 
 // Maximum number of consecutive redirects before aborting.
 pref("network.http.redirection-limit", 20);

testing/web-platform/meta/xhr/access-control-basic-post-with-non-cors-safelisted-content-type.htm.ini

@@ -0,0 +1,4 @@
+[access-control-basic-post-with-non-cors-safelisted-content-type.htm]
+  [Same-origin request with non-safelisted content type succeeds]
+    expected: FAIL
+