import changes from `dev' branch of rmottola/Arctic-Fox:

- Bug 1190574 - make test.chain.replace and cohorts throw on unknown test name + fix broken tests. r=drno, r=jib (9288da531a)
- Bug 1190574 - added missing calls to release stored ICE candidates. r=jib (590e1f2769)
- Bug 1241948 - Update web-platform-tests expected data to revision 967dfa72eaa149af854c6c38cb64e28b4961a480, a=testonly (67bfe4dc02)
- Bug 1209744 - Implement canTrickleIceCandidates attribute, r=bwc,khuey (56f7db7415)
- Bug 1181768 - Make already-defined pc.getConfiguration() work. r=mt (d621edf192)
- Bug 1254839 - include file and line number in RTCPeerConnection warnings. r=bz (1f914d83b0)
- Bug 1243607: make webrtc bitrate prefs take precedence over automatic bitrate selection r=pkerr (655a6ebf1a)
- Bug 1242199: Add lower-limit WebRTC bandwidth pref for testing r=pkerr (40895a6821)
- Bug 1244913 - change SelectBandwidth to SelectBitrates. r=jesup (4952cb9143)
- Bug 1244913 - resolution-based bitrates for each simulcast layer, scaleResolutionDownBy, and working maxBitrate in unicast. r=bwc,jesup (cf40bb9c9f)
- Bug 1166832 - Add test to verify video (using capture stream) after renegotiation. r=bwc (adb0cd89cb)
- Bug 1250990 - Make RTCRtpEncodingParameters.scaleResolutionDownBy work with H.264 unicast. r=jesup (83eca85bb4)
- Bug 1237224: Check sending framesize is set before calculating max fps when max-mbps is negotiated r=pkerr (6910dbb65f)
- Bug 1198345 - Split moar Hello Telemetry values from general WebRTC. r=jesup (cc9b0c8059)
- Bug 1217677: increase UDP socket receive buffer for <= Win7. r=jesup, mcmanus (bd096afc64)
- Bug 1244638 - Part 3: Rename method from NotifyTimingUpdate to PostSpecifiedTimingUpdated. r=birtles (71fe98e0b2)
- Bug 1122236 - CSP: Implement block-all-mixed-content (r=tanvi,kate,mrbkap) (3fddc3166d)
- Bug 1229222 - add chromeutils for the creation of origin attributes with the correct default values. r=sicking (bf1e5673c0)
- Bug 1240651 - Annotate addonId into crash report (r=bholley) (4be5ef9e5e)
- Bug 1254906 - Change the annotation on JSPrincipals::dump's definition to match that of its declaration. r=bz (2e46a62057)
- Bug 1211590 - Inherits OriginAttributes from loading principal for GetChannelURIPrincipal. r=sicking (838147dbce)
- Bug 1251311. JS::DescribeScriptedCaller can't throw JS exceptions. Adjust some callers accordingly. r=khuey (2f3f111d74)
- Bug 1210703 - followup: fix test file used in caps and fix assertions to have actual/expected value in the right order, rs=bustage on a CLOSED TREE (548ddafc98)
- Bug 1208756 - Tests. r=billm (6b803253f2)
- Bug 1238160 - Test frame principal when toggling isolation. r=bz (a1954c14dd)
- Bug 1237141 - Make this test pass in e10s. r=felipe (32b8c1479f)
- var-let (1bb1fe779e)
- Bug 1207494 - Part 10: Remove use of expression closure from dom/json/. r=jst (668bf3efa8)
- Bug 1207494 - Part 9: Remove use of expression closure from dom/indexedDB/. r=khuey (8bf68b9afe)
- Bug 1043562 - Hide the Contacts API from the contexts that lack sufficient privileges, such as Firefox desktop and Android; r=smaug (dd78b59dda)
- Bug 1152114 - Ignore webapps with localId 0 (r=fabrice) (dbd208872b)

dom/base/nsDocument.cpp

@@ -1426,6 +1426,8 @@ nsIDocument::nsIDocument()
   : nsINode(nullNodeInfo),
     mReferrerPolicySet(false),
     mReferrerPolicy(mozilla::net::RP_Default),
+    mBlockAllMixedContent(false),
+    mBlockAllMixedContentPreloads(false),
     mUpgradeInsecureRequests(false),
     mUpgradeInsecurePreloads(false),
     mCharacterSet(NS_LITERAL_CSTRING("ISO-8859-1")),
@@ -2581,13 +2583,18 @@ nsDocument::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
     nsCOMPtr<nsIDocShellTreeItem> sameTypeParent;
     treeItem->GetSameTypeParent(getter_AddRefs(sameTypeParent));
     if (sameTypeParent) {
-      mUpgradeInsecureRequests =
-        sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(false);
+      nsIDocument* doc = sameTypeParent->GetDocument();
+      mBlockAllMixedContent = doc->GetBlockAllMixedContent(false);
+      // if the parent document makes use of block-all-mixed-content
+      // then subdocument preloads should always be blocked.
+      mBlockAllMixedContentPreloads =
+        mBlockAllMixedContent || doc->GetBlockAllMixedContent(true);
+
+      mUpgradeInsecureRequests = doc->GetUpgradeInsecureRequests(false);
       // if the parent document makes use of upgrade-insecure-requests
       // then subdocument preloads should always be upgraded.
       mUpgradeInsecurePreloads =
-        mUpgradeInsecureRequests ||
-        sameTypeParent->GetDocument()->GetUpgradeInsecureRequests(true);
+        mUpgradeInsecureRequests || doc->GetUpgradeInsecureRequests(true);
     }
   }
 
@@ -2686,6 +2693,16 @@ nsDocument::ApplySettingsFromCSP(bool aSpeculative)
         mReferrerPolicy = static_cast<ReferrerPolicy>(referrerPolicy);
         mReferrerPolicySet = true;
       }
+ 
+      // Set up 'block-all-mixed-content' if not already inherited
+      // from the parent context or set by any other CSP.
+      if (!mBlockAllMixedContent) {
+        rv = csp->GetBlockAllMixedContent(&mBlockAllMixedContent);
+        NS_ENSURE_SUCCESS_VOID(rv);
+      }
+      if (!mBlockAllMixedContentPreloads) {
+        mBlockAllMixedContentPreloads = mBlockAllMixedContent;
+     }
 
       // Set up 'upgrade-insecure-requests' if not already inherited
       // from the parent context or set by any other CSP.
@@ -2701,12 +2718,17 @@ nsDocument::ApplySettingsFromCSP(bool aSpeculative)
   }
 
   // 2) apply settings from speculative csp
-  if (!mUpgradeInsecurePreloads) {
-    nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
-    rv = NodePrincipal()->GetPreloadCsp(getter_AddRefs(preloadCsp));
-    NS_ENSURE_SUCCESS_VOID(rv);
-    if (preloadCsp) {
-      preloadCsp->GetUpgradeInsecureRequests(&mUpgradeInsecurePreloads);
+  nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
+  rv = NodePrincipal()->GetPreloadCsp(getter_AddRefs(preloadCsp));
+  NS_ENSURE_SUCCESS_VOID(rv);
+  if (preloadCsp) {
+    if (!mBlockAllMixedContentPreloads) {
+      rv = preloadCsp->GetBlockAllMixedContent(&mBlockAllMixedContentPreloads);
+      NS_ENSURE_SUCCESS_VOID(rv);
+    }
+    if (!mUpgradeInsecurePreloads) {
+      rv = preloadCsp->GetUpgradeInsecureRequests(&mUpgradeInsecurePreloads);
+      NS_ENSURE_SUCCESS_VOID(rv);
     }
   }
 }