Remove support and tests for HSTS priming from the tree. Fixes #384

22 files changed, 8 insertions, 948 deletions

diff --git a/dom/security/nsContentSecurityManager.cpp b/dom/security/nsContentSecurityManager.cpp
index c6558fc93..f329aa723 100644
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -8,8 +8,6 @@
 #include "nsContentUtils.h"
 #include "nsCORSListenerProxy.h"
 #include "nsIStreamListener.h"
-#include "nsIDocument.h"
-#include "nsMixedContentBlocker.h"
 #include "nsCDefaultURIFixup.h"
 #include "nsIURIFixup.h"
 
@@ -507,13 +505,6 @@ DoContentSecurityChecks(nsIChannel* aChannel, nsILoadInfo* aLoadInfo)
     return NS_ERROR_CONTENT_BLOCKED;
   }
 
-  if (nsMixedContentBlocker::sSendHSTSPriming) {
-    rv = nsMixedContentBlocker::MarkLoadInfoForPriming(uri,
-                                                       requestingContext,
-                                                       aLoadInfo);
-    return rv;
-  }
-
   return NS_OK;
 }
 
diff --git a/dom/security/nsMixedContentBlocker.cpp b/dom/security/nsMixedContentBlocker.cpp
index 4e80dce3f..7d50a43a3 100644
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -54,13 +54,6 @@ bool nsMixedContentBlocker::sBlockMixedScript = false;
 // Is mixed display content blocking (images, audio, video, <a ping>) enabled?
 bool nsMixedContentBlocker::sBlockMixedDisplay = false;
 
-// Do we move HSTS before mixed-content
-bool nsMixedContentBlocker::sUseHSTS = false;
-// Do we send an HSTS priming request
-bool nsMixedContentBlocker::sSendHSTSPriming = false;
-// Default HSTS Priming failure timeout to 7 days, in seconds
-uint32_t nsMixedContentBlocker::sHSTSPrimingCacheTimeout = (60 * 24 * 7);
-
 // Fired at the document that attempted to load mixed content.  The UI could
 // handle this event, for example, by displaying an info bar that offers the
 // choice to reload the page with mixed content permitted.
@@ -202,18 +195,6 @@ nsMixedContentBlocker::nsMixedContentBlocker()
   // Cache the pref for mixed display blocking
   Preferences::AddBoolVarCache(&sBlockMixedDisplay,
                                "security.mixed_content.block_display_content");
-
-  // Cache the pref for HSTS
-  Preferences::AddBoolVarCache(&sUseHSTS,
-                               "security.mixed_content.use_hsts");
-
-  // Cache the pref for sending HSTS priming
-  Preferences::AddBoolVarCache(&sSendHSTSPriming,
-                               "security.mixed_content.send_hsts_priming");
-
-  // Cache the pref for HSTS priming failure cache time
-  Preferences::AddUintVarCache(&sHSTSPrimingCacheTimeout,
-                               "security.mixed_content.hsts_priming_cache_timeout");
 }
 
 nsMixedContentBlocker::~nsMixedContentBlocker()
@@ -343,22 +324,6 @@ nsMixedContentBlocker::AsyncOnChannelRedirect(nsIChannel* aOldChannel,
     return NS_BINDING_FAILED;
   }
 
-  if (nsMixedContentBlocker::sSendHSTSPriming) {
-    // The LoadInfo passed in is for the original channel, HSTS priming needs to
-    // be set on the new channel, if required. If the redirect changes
-    // http->https, or vice-versa, the need for priming may change.
-    nsCOMPtr<nsILoadInfo> newLoadInfo;
-    rv = aNewChannel->GetLoadInfo(getter_AddRefs(newLoadInfo));
-    NS_ENSURE_SUCCESS(rv, rv);
-    rv = nsMixedContentBlocker::MarkLoadInfoForPriming(newUri,
-                                                       requestingContext,
-                                                       newLoadInfo);
-    if (NS_FAILED(rv)) {
-      decision = REJECT_REQUEST;
-      newLoadInfo->ClearHSTSPriming();
-    }
-  }
-
   // If the channel is about to load mixed content, abort the channel
   if (!NS_CP_ACCEPTED(decision)) {
     autoCallback.DontCallback();
@@ -691,12 +656,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
     // the parent is https, and the protocol associated with innerContentLocation
     // doesn't map to the secure URI flags checked above.  Assert this for
     // sanity's sake
-#ifdef DEBUG
-    bool isHttpsScheme = false;
-    rv = innerContentLocation->SchemeIs("https", &isHttpsScheme);
-    NS_ENSURE_SUCCESS(rv, rv);
-    MOZ_ASSERT(!isHttpsScheme);
-#endif
     *aDecision = REJECT_REQUEST;
     return NS_OK;
   }
@@ -836,34 +795,6 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   }
   nsresult stateRV = securityUI->GetState(&state);
 
-  bool doHSTSPriming = false;
-  if (isHttpScheme) {
-    bool hsts = false;
-    bool cached = false;
-    nsCOMPtr<nsISiteSecurityService> sss =
-      do_GetService(NS_SSSERVICE_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-    rv = sss->IsSecureURI(nsISiteSecurityService::HEADER_HSTS, aContentLocation,
-        0, &cached, &hsts);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    if (hsts && sUseHSTS) {
-      // assume we will be upgraded later
-      *aDecision = ACCEPT;
-      return NS_OK;
-    }
-
-    // Send a priming request if the result is not already cached and priming
-    // requests are allowed
-    if (!cached && sSendHSTSPriming) {
-      // add this URI as a priming location
-      doHSTSPriming = true;
-      document->AddHSTSPrimingLocation(innerContentLocation,
-          HSTSPrimingState::eHSTS_PRIMING_ALLOW);
-      *aDecision = ACCEPT;
-    }
-  }
-
   // At this point we know that the request is mixed content, and the only
   // question is whether we block it.  Record telemetry at this point as to
   // whether HSTS would have fixed things by making the content location
@@ -879,14 +810,14 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
   bool active = (classification == eMixedScript);
   if (!aHadInsecureImageRedirect) {
     if (XRE_IsParentProcess()) {
-      AccumulateMixedContentHSTS(innerContentLocation, active, doHSTSPriming);
+      AccumulateMixedContentHSTS(innerContentLocation, active);
     } else {
       // Ask the parent process to do the same call
       mozilla::dom::ContentChild* cc = mozilla::dom::ContentChild::GetSingleton();
       if (cc) {
         mozilla::ipc::URIParams uri;
         SerializeURI(innerContentLocation, uri);
-        cc->SendAccumulateMixedContentHSTS(uri, active, doHSTSPriming);
+        cc->SendAccumulateMixedContentHSTS(uri, active);
       }
     }
   }
@@ -929,13 +860,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
         }
       }
     } else {
-      if (doHSTSPriming) {
-        document->AddHSTSPrimingLocation(innerContentLocation,
-            HSTSPrimingState::eHSTS_PRIMING_BLOCK);
-        *aDecision = nsIContentPolicy::ACCEPT;
-      } else {
-        *aDecision = nsIContentPolicy::REJECT_REQUEST;
-      }
+      *aDecision = nsIContentPolicy::REJECT_REQUEST;
       LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked);
       if (!rootDoc->GetHasMixedDisplayContentBlocked() && NS_SUCCEEDED(stateRV)) {
         rootDoc->SetHasMixedDisplayContentBlocked(true);
@@ -981,13 +906,7 @@ nsMixedContentBlocker::ShouldLoad(bool aHadInsecureImageRedirect,
       }
     } else {
       //User has not overriden the pref by Disabling protection. Reject the request and update the security state.
-      if (doHSTSPriming) {
-        document->AddHSTSPrimingLocation(innerContentLocation,
-            HSTSPrimingState::eHSTS_PRIMING_BLOCK);
-        *aDecision = nsIContentPolicy::ACCEPT;
-      } else {
-        *aDecision = nsIContentPolicy::REJECT_REQUEST;
-      }
+      *aDecision = nsIContentPolicy::REJECT_REQUEST;
       LogMixedContentMessage(classification, aContentLocation, rootDoc, eBlocked);
       // See if the pref will change here. If it will, only then do we need to call OnSecurityChange() to update the UI.
       if (rootDoc->GetHasMixedActiveContentBlocked()) {
@@ -1052,24 +971,10 @@ enum MixedContentHSTSState {
   MCB_HSTS_ACTIVE_WITH_HSTS  = 3
 };
 
-// Similar to the existing mixed-content HSTS, except MCB_HSTS_*_NO_HSTS is
-// broken into two distinct states, indicating whether we plan to send a priming
-// request or not. If we decided not go send a priming request, it could be
-// because it is a type we do not support, or because we cached a previous
-// negative response.
-enum MixedContentHSTSPrimingState {
-  eMCB_HSTS_PASSIVE_WITH_HSTS  = 0,
-  eMCB_HSTS_ACTIVE_WITH_HSTS   = 1,
-  eMCB_HSTS_PASSIVE_NO_PRIMING = 2,
-  eMCB_HSTS_PASSIVE_DO_PRIMING = 3,
-  eMCB_HSTS_ACTIVE_NO_PRIMING  = 4,
-  eMCB_HSTS_ACTIVE_DO_PRIMING  = 5
-};
-
 // Record information on when HSTS would have made mixed content not mixed
 // content (regardless of whether it was actually blocked)
 void
-nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bool aHasHSTSPriming)
+nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive)
 {
   // This method must only be called in the parent, because
   // nsSiteSecurityService is only available in the parent
@@ -1089,108 +994,26 @@ nsMixedContentBlocker::AccumulateMixedContentHSTS(nsIURI* aURI, bool aActive, bo
     return;
   }
 
-  // states: would upgrade, would prime, hsts info cached
+  // states: would upgrade, hsts info cached
   // active, passive
   //
   if (!aActive) {
     if (!hsts) {
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_PASSIVE_NO_HSTS);
-      if (aHasHSTSPriming) {
-        Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                              eMCB_HSTS_PASSIVE_DO_PRIMING);
-      } else {
-        Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                              eMCB_HSTS_PASSIVE_NO_PRIMING);
-      }
     }
     else {
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_PASSIVE_WITH_HSTS);
-      Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                            eMCB_HSTS_PASSIVE_WITH_HSTS);
     }
   } else {
     if (!hsts) {
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_ACTIVE_NO_HSTS);
-      if (aHasHSTSPriming) {
-        Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                              eMCB_HSTS_ACTIVE_DO_PRIMING);
-      } else {
-        Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                              eMCB_HSTS_ACTIVE_NO_PRIMING);
-      }
     }
     else {
       Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS,
                             MCB_HSTS_ACTIVE_WITH_HSTS);
-      Telemetry::Accumulate(Telemetry::MIXED_CONTENT_HSTS_PRIMING,
-                            eMCB_HSTS_ACTIVE_WITH_HSTS);
     }
   }
-}
-
-//static
-nsresult
-nsMixedContentBlocker::MarkLoadInfoForPriming(nsIURI* aURI,
-                                              nsISupports* aRequestingContext,
-                                              nsILoadInfo* aLoadInfo)
-{
-  nsresult rv;
-  bool sendPriming = false;
-  bool mixedContentWouldBlock = false;
-  rv = GetHSTSPrimingFromRequestingContext(aURI,
-                                           aRequestingContext,
-                                           &sendPriming,
-                                           &mixedContentWouldBlock);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  if (sendPriming) {
-    aLoadInfo->SetHSTSPriming(mixedContentWouldBlock);
-  }
-
-  return NS_OK;
-}
-
-//static
-nsresult
-nsMixedContentBlocker::GetHSTSPrimingFromRequestingContext(nsIURI* aURI,
-    nsISupports* aRequestingContext,
-    bool* aSendPrimingRequest,
-    bool* aMixedContentWouldBlock)
-{
-  *aSendPrimingRequest = false;
-  *aMixedContentWouldBlock = false;
-  // If we marked for priming, we used the innermost URI, so get that
-  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
-  if (!innerURI) {
-    NS_ERROR("Can't get innerURI from aContentLocation");
-    return NS_ERROR_CONTENT_BLOCKED;
-  }
-
-  bool isHttp = false;
-  innerURI->SchemeIs("http", &isHttp);
-  if (!isHttp) {
-    // there is nothign to do
-    return NS_OK;
-  }
-
-  // If the DocShell was marked for HSTS priming, propagate that to the LoadInfo
-  nsCOMPtr<nsIDocShell> docShell = NS_CP_GetDocShellFromContext(aRequestingContext);
-  if (!docShell) {
-    return NS_OK;
-  }
-  nsCOMPtr<nsIDocument> document = docShell->GetDocument();
-  if (!document) {
-    return NS_OK;
-  }
-
-  HSTSPrimingState status = document->GetHSTSPrimingStateForLocation(innerURI);
-  if (status != HSTSPrimingState::eNO_HSTS_PRIMING) {
-    *aSendPrimingRequest = (status != HSTSPrimingState::eNO_HSTS_PRIMING);
-    *aMixedContentWouldBlock = (status == HSTSPrimingState::eHSTS_PRIMING_BLOCK);
-  }
-
-  return NS_OK;
-}
+}
\ No newline at end of file
diff --git a/dom/security/nsMixedContentBlocker.h b/dom/security/nsMixedContentBlocker.h
index 539c3ebbb..56ab9621f 100644
--- a/dom/security/nsMixedContentBlocker.h
+++ b/dom/security/nsMixedContentBlocker.h
@@ -62,44 +62,11 @@ public:
                              nsIPrincipal* aRequestPrincipal,
                              int16_t* aDecision);
   static void AccumulateMixedContentHSTS(nsIURI* aURI,
-                                         bool aActive,
-                                         bool aHasHSTSPriming);
-  /* If the document associated with aRequestingContext requires priming for
-   * aURI, propagate that to the LoadInfo so the HttpChannel will find out about
-   * it.
-   *
-   * @param aURI The URI associated with the load
-   * @param aRequestingContext the requesting context passed to ShouldLoad
-   * @param aLoadInfo the LoadInfo for the load
-   */
-  static nsresult MarkLoadInfoForPriming(nsIURI* aURI,
-                                         nsISupports* aRequestingContext,
-                                         nsILoadInfo* aLoadInfo);
-
-  /* Given a context, return whether HSTS was marked on the document associated
-   * with the load for the given URI. This is used by MarkLoadInfoForPriming and
-   * directly by the image loader to determine whether to allow a load to occur
-   * from the cache.
-   *
-   * @param aURI The URI associated with the load
-   * @param aRequestingContext the requesting context passed to ShouldLoad
-   * @param aSendPrimingRequest out true if priming is required on the channel
-   * @param aMixedContentWouldBlock out true if mixed content would block
-   */
-  static nsresult GetHSTSPrimingFromRequestingContext(nsIURI* aURI,
-                                                      nsISupports* aRequestingContext,
-                                                      bool* aSendPrimingRequest,
-                                                      bool* aMixedContentWouldBlock);
+                                         bool aActive);
 
 
   static bool sBlockMixedScript;
   static bool sBlockMixedDisplay;
-  // Do we move HSTS before mixed-content
-  static bool sUseHSTS;
-  // Do we send an HSTS priming request
-  static bool sSendHSTSPriming;
-  // Default HSTS Priming failure timeout in seconds
-  static uint32_t sHSTSPrimingCacheTimeout;
 };
 
 #endif /* nsMixedContentBlocker_h___ */
diff --git a/dom/security/test/csp/test_referrerdirective.html b/dom/security/test/csp/test_referrerdirective.html
index 770fcc40b..f590460a0 100644
--- a/dom/security/test/csp/test_referrerdirective.html
+++ b/dom/security/test/csp/test_referrerdirective.html
@@ -116,8 +116,6 @@ SimpleTest.waitForExplicitFinish();
 SpecialPowers.pushPrefEnv({
     'set': [['security.mixed_content.block_active_content',   false],
             ['security.mixed_content.block_display_content',  false],
-            ['security.mixed_content.send_hsts_priming',  false],
-            ['security.mixed_content.use_hsts',  false],
     ]
     },
     function() {
diff --git a/dom/security/test/hsts/browser.ini b/dom/security/test/hsts/browser.ini
deleted file mode 100644
index ae75031df..000000000
--- a/dom/security/test/hsts/browser.ini
+++ /dev/null
@@ -1,19 +0,0 @@
-[DEFAULT]
-skip-if = debug # bug 1311599, bug 1311239, etc
-support-files =
-  head.js
-  file_priming-top.html
-  file_testserver.sjs
-  file_1x1.png
-  file_priming.js
-  file_stylesheet.css
-
-[browser_hsts-priming_allow_active.js]
-[browser_hsts-priming_block_active.js]
-[browser_hsts-priming_hsts_after_mixed.js]
-[browser_hsts-priming_allow_display.js]
-[browser_hsts-priming_block_display.js]
-[browser_hsts-priming_block_active_css.js]
-[browser_hsts-priming_block_active_with_redir_same.js]
-[browser_hsts-priming_no-duplicates.js]
-[browser_hsts-priming_cache-timeout.js]
diff --git a/dom/security/test/hsts/browser_hsts-priming_allow_active.js b/dom/security/test/hsts/browser_hsts-priming_allow_active.js
deleted file mode 100644
index a932b31b3..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_allow_active.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when active
- *   content is allowed.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "allow_active";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_allow_display.js b/dom/security/test/hsts/browser_hsts-priming_allow_display.js
deleted file mode 100644
index 06546ca65..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_allow_display.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when display
- *   content is allowed.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "allow_display";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_block_active.js b/dom/security/test/hsts/browser_hsts-priming_block_active.js
deleted file mode 100644
index a5478b185..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_block_active.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when active
- *   content is blocked.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_active";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_block_active_css.js b/dom/security/test/hsts/browser_hsts-priming_block_active_css.js
deleted file mode 100644
index 340d11483..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_block_active_css.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when active
- *   content is blocked for css.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_active_css";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_block_active_with_redir_same.js b/dom/security/test/hsts/browser_hsts-priming_block_active_with_redir_same.js
deleted file mode 100644
index 130a3d5ec..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_block_active_with_redir_same.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when active
- *   content is blocked and redirect to the same host should still upgrade.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_active_with_redir_same";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_block_display.js b/dom/security/test/hsts/browser_hsts-priming_block_display.js
deleted file mode 100644
index 4eca62718..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_block_display.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when display
- *   content is blocked.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_display";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_cache-timeout.js b/dom/security/test/hsts/browser_hsts-priming_cache-timeout.js
deleted file mode 100644
index 5416a71d2..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_cache-timeout.js
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Description of the test:
- * Test that the network.hsts_priming.cache_timeout preferene causes the cache
- * to timeout
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Observer.add_observers(Services);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_display";
-
-  SetupPrefTestEnvironment(which, [["security.mixed_content.hsts_priming_cache_timeout", 1]]);
-
-  yield execute_test("no-ssl", test_settings[which].mimetype);
-
-  let pre_promise = performance.now();
-
-  while ((performance.now() - pre_promise) < 2000) {
-    yield new Promise(function (resolve) {
-      setTimeout(resolve, 2000);
-    });
-  }
-
-  // clear the fact that we saw a priming request
-  test_settings[which].priming = {};
-
-  yield execute_test("no-ssl", test_settings[which].mimetype);
-  is(test_settings[which].priming["no-ssl"], true,
-    "Correctly send a priming request after expiration.");
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js b/dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js
deleted file mode 100644
index 89ea6fbeb..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_hsts_after_mixed.js
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Description of the test:
- *   Check that HSTS priming occurs correctly with mixed content when the
- *   mixed-content blocks before HSTS.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Services.obs.addObserver(Observer, "console-api-log-event", false);
-  Services.obs.addObserver(Observer, "http-on-examine-response", false);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "hsts_after_mixed";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/browser_hsts-priming_no-duplicates.js b/dom/security/test/hsts/browser_hsts-priming_no-duplicates.js
deleted file mode 100644
index 3846fe4f0..000000000
--- a/dom/security/test/hsts/browser_hsts-priming_no-duplicates.js
+++ /dev/null
@@ -1,30 +0,0 @@
-/*
- * Description of the test:
- *   Only one request should be sent per host, even if we run the test more
- *   than once.
- */
-'use strict';
-
-//jscs:disable
-add_task(function*() {
-  //jscs:enable
-  Observer.add_observers(Services);
-  registerCleanupFunction(do_cleanup);
-
-  let which = "block_display";
-
-  SetupPrefTestEnvironment(which);
-
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  test_settings[which].priming = {};
-
-  // run the tests twice to validate the cache is being used
-  for (let server of Object.keys(test_servers)) {
-    yield execute_test(server, test_settings[which].mimetype);
-  }
-
-  SpecialPowers.popPrefEnv();
-});
diff --git a/dom/security/test/hsts/file_1x1.png b/dom/security/test/hsts/file_1x1.png
deleted file mode 100644
index 1ba31ba1a..000000000
--- a/dom/security/test/hsts/file_1x1.png
+++ /dev/null
diff --git a/dom/security/test/hsts/file_priming-top.html b/dom/security/test/hsts/file_priming-top.html
deleted file mode 100644
index b1d1bfa40..000000000
--- a/dom/security/test/hsts/file_priming-top.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<!DOCTYPE HTML>
-<html>
-<head>
-  <title>Bug 1246540</title>
-  <meta http-equiv='content-type' content="text/html;charset=utf-8" />
-</head>
-<body>
-  <p id="display"></p>
-  <div id="content" style="visibility: hidden">
-  </div>
-
-<script type="text/javascript">
-/*
- * Description of the test:
- * Attempt to load an insecure resource. If the resource responds to HSTS
- * priming with an STS header, the load should continue securely.
- * If it does not, the load should continue be blocked or continue insecurely.
- */
-
-function parse_query_string() {
-  var q = {};
-  document.location.search.substr(1).
-    split('&').forEach(function (item, idx, ar) {
-      let [k, v] = item.split('=');
-      q[k] = unescape(v);
-    });
-  return q;
-}
-
-var args = parse_query_string();
-
-var subresources = {
-  css: { mimetype: 'text/css', file: 'file_stylesheet.css' },
-  img: { mimetype: 'image/png', file: 'file_1x1.png' },
-  script: { mimetype: 'text/javascript', file: 'file_priming.js' },
-};
-
-function handler(ev) {
-  console.log("HSTS_PRIMING: Blocked "+args.id);
-}
-
-function loadCss(src) {
-  let head = document.getElementsByTagName("head")[0];
-  let link = document.createElement("link");
-  link.setAttribute("rel", "stylesheet");
-  link.setAttribute("type", subresources[args.type].mimetype);
-  link.setAttribute("href", src);
-  head.appendChild(link);
-}
-
-function loadResource(src) {
-  let content = document.getElementById("content");
-  let testElem = document.createElement(args.type);
-  testElem.setAttribute("id", args.id);
-  testElem.setAttribute("charset", "UTF-8");
-  testElem.onerror = handler;
-  content.appendChild(testElem);
-  testElem.src = src;
-}
-
-function loadTest() {
-  let subresource = subresources[args.type];
-
-  let src = "http://"
-    + args.host
-    + "/browser/dom/security/test/hsts/file_testserver.sjs"
-    + "?file=" +escape("browser/dom/security/test/hsts/" + subresource.file)
-    + "&primer=" + escape(args.id)
-    + "&mimetype=" + escape(subresource.mimetype)
-    ;
-  if (args.type == 'css') {
-    loadCss(src);
-    return;
-  }
-
-  loadResource(src);
-}
-
-// start running the tests
-loadTest();
-
-</script>
-</body>
-</html>
diff --git a/dom/security/test/hsts/file_priming.js b/dom/security/test/hsts/file_priming.js
deleted file mode 100644
index 023022da6..000000000
--- a/dom/security/test/hsts/file_priming.js
+++ /dev/null
@@ -1,4 +0,0 @@
-function completed() {
-  return;
-}
-completed();
diff --git a/dom/security/test/hsts/file_stylesheet.css b/dom/security/test/hsts/file_stylesheet.css
deleted file mode 100644
index e69de29bb..000000000
--- a/dom/security/test/hsts/file_stylesheet.css
+++ /dev/null
diff --git a/dom/security/test/hsts/file_testserver.sjs b/dom/security/test/hsts/file_testserver.sjs
deleted file mode 100644
index d5cd6b17a..000000000
--- a/dom/security/test/hsts/file_testserver.sjs
+++ /dev/null
@@ -1,66 +0,0 @@
-// SJS file for HSTS mochitests
-
-Components.utils.import("resource://gre/modules/NetUtil.jsm");
-Components.utils.importGlobalProperties(["URLSearchParams"]);
-
-function loadFromFile(path) {
-  // Load the HTML to return in the response from file.
-  // Since it's relative to the cwd of the test runner, we start there and
-  // append to get to the actual path of the file.
-  var testFile =
-    Components.classes["@mozilla.org/file/directory_service;1"].
-    getService(Components.interfaces.nsIProperties).
-    get("CurWorkD", Components.interfaces.nsILocalFile);
-  var dirs = path.split("/");
-  for (var i = 0; i < dirs.length; i++) {
-    testFile.append(dirs[i]);
-  }
-  var testFileStream =
-    Components.classes["@mozilla.org/network/file-input-stream;1"].
-    createInstance(Components.interfaces.nsIFileInputStream);
-  testFileStream.init(testFile, -1, 0, 0);
-  var test = NetUtil.readInputStreamToString(testFileStream, testFileStream.available());
-  return test;
-}
-
-function handleRequest(request, response)
-{
-  const query = new URLSearchParams(request.queryString);
-
-  redir = query.get('redir');
-  if (redir == 'same') {
-    query.delete("redir");
-    response.setStatus(302);
-    let newURI = request.uri;
-    newURI.queryString = query.serialize();
-    response.setHeader("Location", newURI.spec)
-  }
-
-  // avoid confusing cache behaviors
-  response.setHeader("Cache-Control", "no-cache", false);
-
-  // if we have a priming header, check for required behavior
-  // and set header appropriately
-  if (request.hasHeader('Upgrade-Insecure-Requests')) {
-    var expected = query.get('primer');
-    if (expected == 'prime-hsts') {
-      // set it for 5 minutes
-      response.setHeader("Strict-Transport-Security", "max-age="+(60*5), false);
-    } else if (expected == 'reject-upgrade') {
-      response.setHeader("Strict-Transport-Security", "max-age=0", false);
-    }
-    response.write('');
-    return;
-  }
-
-  var file = query.get('file');
-  if (file) {
-    var mimetype = unescape(query.get('mimetype'));
-    response.setHeader("Content-Type", mimetype, false);
-    response.write(loadFromFile(unescape(file)));
-    return;
-  }
-
-  response.setHeader("Content-Type", "application/json", false);
-  response.write('{}');
-}
diff --git a/dom/security/test/hsts/head.js b/dom/security/test/hsts/head.js
deleted file mode 100644
index 362b36444..000000000
--- a/dom/security/test/hsts/head.js
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * Description of the tests:
- *   Check that HSTS priming occurs correctly with mixed content
- *
- *   This test uses three hostnames, each of which treats an HSTS priming
- *   request differently.
- *   * no-ssl never returns an ssl response
- *   * reject-upgrade returns an ssl response, but with no STS header
- *   * prime-hsts returns an ssl response with the appropriate STS header
- *
- *   For each server, test that it response appropriately when the we allow
- *   or block active or display content, as well as when we send an hsts priming
- *   request, but do not change the order of mixed-content and HSTS.
- *
- *   Test use http-on-examine-response, so must be run in browser context.
- */
-'use strict';
-
-var TOP_URI = "https://example.com/browser/dom/security/test/hsts/file_priming-top.html";
-
-var test_servers = {
-  // a test server that does not support TLS
-  'no-ssl': {
-    host: 'example.co.jp',
-    response: false,
-    id: 'no-ssl',
-  },
-  // a test server which does not support STS upgrade
-  'reject-upgrade': {
-    host: 'example.org',
-    response: true,
-    id: 'reject-upgrade',
-  },
-  // a test server when sends an STS header when priming
-  'prime-hsts': {
-    host: 'test1.example.com',
-    response: true,
-    id: 'prime-hsts'
-  },
-};
-
-var test_settings = {
-  // mixed active content is allowed, priming will upgrade
-  allow_active: {
-    block_active: false,
-    block_display: false,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'script',
-    result: {
-      'no-ssl': 'insecure',
-      'reject-upgrade': 'insecure',
-      'prime-hsts': 'secure',
-    },
-  },
-  // mixed active content is blocked, priming will upgrade
-  block_active: {
-    block_active: true,
-    block_display: false,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'script',
-    result: {
-      'no-ssl': 'blocked',
-      'reject-upgrade': 'blocked',
-      'prime-hsts': 'secure',
-    },
-  },
-  // keep the original order of mixed-content and HSTS, but send
-  // priming requests
-  hsts_after_mixed: {
-    block_active: true,
-    block_display: false,
-    use_hsts: false,
-    send_hsts_priming: true,
-    type: 'script',
-    result: {
-      'no-ssl': 'blocked',
-      'reject-upgrade': 'blocked',
-      'prime-hsts': 'blocked',
-    },
-  },
-  // mixed display content is allowed, priming will upgrade
-  allow_display: {
-    block_active: true,
-    block_display: false,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'img',
-    result: {
-      'no-ssl': 'insecure',
-      'reject-upgrade': 'insecure',
-      'prime-hsts': 'secure',
-    },
-  },
-  // mixed display content is blocked, priming will upgrade
-  block_display: {
-    block_active: true,
-    block_display: true,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'img',
-    result: {
-      'no-ssl': 'blocked',
-      'reject-upgrade': 'blocked',
-      'prime-hsts': 'secure',
-    },
-  },
-  // mixed active content is blocked, priming will upgrade (css)
-  block_active_css: {
-    block_active: true,
-    block_display: false,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'css',
-    result: {
-      'no-ssl': 'blocked',
-      'reject-upgrade': 'blocked',
-      'prime-hsts': 'secure',
-    },
-  },
-  // mixed active content is blocked, priming will upgrade
-  // redirect to the same host
-  block_active_with_redir_same: {
-    block_active: true,
-    block_display: false,
-    use_hsts: true,
-    send_hsts_priming: true,
-    type: 'script',
-    redir: 'same',
-    result: {
-      'no-ssl': 'blocked',
-      'reject-upgrade': 'blocked',
-      'prime-hsts': 'secure',
-    },
-  },
-}
-// track which test we are on
-var which_test = "";
-
-const Observer = {
-  observe: function (subject, topic, data) {
-    switch (topic) {
-      case 'console-api-log-event':
-        return Observer.console_api_log_event(subject, topic, data);
-      case 'http-on-examine-response':
-        return Observer.http_on_examine_response(subject, topic, data);
-      case 'http-on-modify-request':
-        return Observer.http_on_modify_request(subject, topic, data);
-    }
-    throw "Can't handle topic "+topic;
-  },
-  add_observers: function (services) {
-    services.obs.addObserver(Observer, "console-api-log-event", false);
-    services.obs.addObserver(Observer, "http-on-examine-response", false);
-    services.obs.addObserver(Observer, "http-on-modify-request", false);
-  },
-  // When a load is blocked which results in an error event within a page, the
-  // test logs to the console.
-  console_api_log_event: function (subject, topic, data) {
-    var message = subject.wrappedJSObject.arguments[0];
-    // when we are blocked, this will match the message we sent to the console,
-    // ignore everything else.
-    var re = RegExp(/^HSTS_PRIMING: Blocked ([-\w]+).*$/);
-    if (!re.test(message)) {
-      return;
-    }
-
-    let id = message.replace(re, '$1');
-    let curTest =test_servers[id];
-
-    if (!curTest) {
-      ok(false, "HSTS priming got a console message blocked, "+
-          "but doesn't match expectations "+id+" (msg="+message);
-      return;
-    }
-
-    is("blocked", test_settings[which_test].result[curTest.id], "HSTS priming "+
-        which_test+":"+curTest.id+" expected "+
-        test_settings[which_test].result[curTest.id]+", got blocked");
-    test_settings[which_test].finished[curTest.id] = "blocked";
-  },
-  get_current_test: function(uri) {
-    for (let item in test_servers) {
-      let re = RegExp('https?://'+test_servers[item].host);
-      if (re.test(uri)) {
-        return test_servers[item];
-      }
-    }
-    return null;
-  },
-  http_on_modify_request: function (subject, topic, data) {
-    let channel = subject.QueryInterface(Ci.nsIHttpChannel);
-    if (channel.requestMethod != 'HEAD') {
-      return;
-    }
-
-    let curTest = this.get_current_test(channel.URI.asciiSpec);
-
-    if (!curTest) {
-      return;
-    }
-
-    ok(!(curTest.id in test_settings[which_test].priming), "Already saw a priming request for " + curTest.id);
-    test_settings[which_test].priming[curTest.id] = true;
-  },
-  // When we see a response come back, peek at the response and test it is secure
-  // or insecure as needed. Addtionally, watch the response for priming requests.
-  http_on_examine_response: function (subject, topic, data) {
-    let channel = subject.QueryInterface(Ci.nsIHttpChannel);
-    let curTest = this.get_current_test(channel.URI.asciiSpec);
-
-    if (!curTest) {
-      return;
-    }
-
-    let result = (channel.URI.asciiSpec.startsWith('https:')) ? "secure" : "insecure";
-
-    // This is a priming request, go ahead and validate we were supposed to see
-    // a response from the server
-    if (channel.requestMethod == 'HEAD') {
-      is(true, curTest.response, "HSTS priming response found " + curTest.id);
-      return;
-    }
-
-    // This is the response to our query, make sure it matches
-    is(result, test_settings[which_test].result[curTest.id],
-        "HSTS priming result " + which_test + ":" + curTest.id);
-    test_settings[which_test].finished[curTest.id] = result;
-  },
-};
-
-// opens `uri' in a new tab and focuses it.
-// returns the newly opened tab
-function openTab(uri) {
-  let tab = gBrowser.addTab(uri);
-
-  // select tab and make sure its browser is focused
-  gBrowser.selectedTab = tab;
-  tab.ownerDocument.defaultView.focus();
-
-  return tab;
-}
-
-function clear_sts_data() {
-  for (let test in test_servers) {
-    SpecialPowers.cleanUpSTSData('http://'+test_servers[test].host);
-  }
-}
-
-function do_cleanup() {
-  clear_sts_data();
-
-  Services.obs.removeObserver(Observer, "console-api-log-event");
-  Services.obs.removeObserver(Observer, "http-on-examine-response");
-}
-
-function SetupPrefTestEnvironment(which, additional_prefs) {
-  which_test = which;
-  clear_sts_data();
-
-  var settings = test_settings[which];
-  // priming counts how many priming requests we saw
-  settings.priming = {};
-  // priming counts how many tests were finished
-  settings.finished= {};
-
-  var prefs = [["security.mixed_content.block_active_content",
-                settings.block_active],
-               ["security.mixed_content.block_display_content",
-                settings.block_display],
-               ["security.mixed_content.use_hsts",
-                settings.use_hsts],
-               ["security.mixed_content.send_hsts_priming",
-                settings.send_hsts_priming]];
-
-  if (additional_prefs) {
-    for (let idx in additional_prefs) {
-      prefs.push(additional_prefs[idx]);
-    }
-  }
-
-  console.log("prefs=%s", prefs);
-
-  SpecialPowers.pushPrefEnv({'set': prefs});
-}
-
-// make the top-level test uri
-function build_test_uri(base_uri, host, test_id, type) {
-  return base_uri +
-          "?host=" + escape(host) +
-          "&id=" + escape(test_id) +
-          "&type=" + escape(type);
-}
-
-// open a new tab, load the test, and wait for it to finish
-function execute_test(test, mimetype) {
-  var src = build_test_uri(TOP_URI, test_servers[test].host,
-      test, test_settings[which_test].type);
-
-  let tab = openTab(src);
-  test_servers[test]['tab'] = tab;
-
-  let browser = gBrowser.getBrowserForTab(tab);
-  yield BrowserTestUtils.browserLoaded(browser);
-
-  yield BrowserTestUtils.removeTab(tab);
-}
diff --git a/dom/security/test/mixedcontentblocker/test_main.html b/dom/security/test/mixedcontentblocker/test_main.html
index d2bc9dc7e..bb9536939 100644
--- a/dom/security/test/mixedcontentblocker/test_main.html
+++ b/dom/security/test/mixedcontentblocker/test_main.html
@@ -162,9 +162,6 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=62178
   }
 
   function startTest() {
-    // Set prefs to use mixed-content before HSTS
-    SpecialPowers.pushPrefEnv({'set': [["security.mixed_content.use_hsts", false],
-                                       ["security.mixed_content.send_hsts_priming", false]]});
     //Set the first set of mixed content settings and increment the counter.
     changePrefs([], function() {
       //listen for a messages from the mixed content test harness
diff --git a/dom/security/test/moz.build b/dom/security/test/moz.build
index 946959dee..759e76c73 100644
--- a/dom/security/test/moz.build
+++ b/dom/security/test/moz.build
@@ -28,5 +28,4 @@ BROWSER_CHROME_MANIFESTS += [
     'contentverifier/browser.ini',
     'csp/browser.ini',
     'general/browser.ini',
-    'hsts/browser.ini',
 ]