diff --git a/build/pgo/server-locations.txt b/build/pgo/server-locations.txt index 405fac16586c..7257cd7e839a 100644 --- a/build/pgo/server-locations.txt +++ b/build/pgo/server-locations.txt @@ -340,6 +340,9 @@ https://localhost:443 # Bug 1402530 http://localhost:80 privileged +http://localhost:9898 +http://localhost:9899 + # Host for testing APIs whitelisted for mozilla.org https://www.mozilla.org:443 diff --git a/dom/security/SecFetch.cpp b/dom/security/SecFetch.cpp index a1ca10bf3b42..817eb33c2b64 100644 --- a/dom/security/SecFetch.cpp +++ b/dom/security/SecFetch.cpp @@ -209,7 +209,9 @@ bool IsSameSite(nsIChannel* aHTTPChannel) { // if the initial request is not same-site, or not https, we can // return here because we already know it's not a same-site request if (!hostDomain.Equals(channelDomain) || - !loadInfo->TriggeringPrincipal()->SchemeIs("https")) { + (!loadInfo->TriggeringPrincipal()->SchemeIs("https") && + !nsMixedContentBlocker::IsPotentiallyTrustworthyLoopbackHost( + hostDomain))) { return false; } diff --git a/dom/security/test/sec-fetch/file_trustworthy_loopback.html b/dom/security/test/sec-fetch/file_trustworthy_loopback.html new file mode 100644 index 000000000000..88f924265069 --- /dev/null +++ b/dom/security/test/sec-fetch/file_trustworthy_loopback.html @@ -0,0 +1,11 @@ + + +
+