1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=2 sw=2 et tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "ContentPrincipal.h"
9 #include "mozIThirdPartyUtil.h"
10 #include "nsContentUtils.h"
12 #include "nsScriptSecurityManager.h"
14 #include "nsReadableUtils.h"
18 #include "nsIStandardURL.h"
19 #include "nsIURIWithSpecialOrigin.h"
20 #include "nsIURIMutator.h"
21 #include "nsJSPrincipals.h"
22 #include "nsIEffectiveTLDService.h"
23 #include "nsIClassInfoImpl.h"
24 #include "nsIObjectInputStream.h"
25 #include "nsIObjectOutputStream.h"
26 #include "nsIProtocolHandler.h"
28 #include "nsIContentSecurityPolicy.h"
30 #include "js/RealmIterators.h"
31 #include "js/Wrapper.h"
33 #include "mozilla/dom/BlobURLProtocolHandler.h"
34 #include "mozilla/dom/ScriptSettings.h"
35 #include "mozilla/ClearOnShutdown.h"
36 #include "mozilla/ExtensionPolicyService.h"
37 #include "mozilla/Preferences.h"
38 #include "mozilla/HashFunctions.h"
40 #include "nsSerializationHelper.h"
41 #include "json/json.h"
43 using namespace mozilla
;
45 NS_IMPL_CLASSINFO(ContentPrincipal
, nullptr, nsIClassInfo::MAIN_THREAD_ONLY
,
47 NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal
, nsIPrincipal
)
48 NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal
, nsIPrincipal
)
50 ContentPrincipal::ContentPrincipal(nsIURI
* aURI
,
51 const OriginAttributes
& aOriginAttributes
,
52 const nsACString
& aOriginNoSuffix
,
53 nsIURI
* aInitialDomain
)
54 : BasePrincipal(eContentPrincipal
, aOriginNoSuffix
, aOriginAttributes
),
56 mDomain(aInitialDomain
) {
58 // We're just creating the principal, so no need to re-compute wrappers.
59 SetHasExplicitDomain();
62 #ifdef MOZ_DIAGNOSTIC_ASSERT_ENABLED
63 // Assert that the URI we get here isn't any of the schemes that we know we
64 // should not get here. These schemes always either inherit their principal
65 // or fall back to a null principal. These are schemes which return
66 // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
67 // GetProtocolFlags function.
69 MOZ_DIAGNOSTIC_ASSERT(
70 NS_SUCCEEDED(NS_URIChainHasFlags(
71 aURI
, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT
, &hasFlag
)) &&
76 ContentPrincipal::ContentPrincipal(ContentPrincipal
* aOther
,
77 const OriginAttributes
& aOriginAttributes
)
78 : BasePrincipal(aOther
, aOriginAttributes
),
80 mDomain(aOther
->mDomain
),
81 mAddon(aOther
->mAddon
) {}
83 ContentPrincipal::~ContentPrincipal() = default;
85 nsresult
ContentPrincipal::GetScriptLocation(nsACString
& aStr
) {
86 return mURI
->GetSpec(aStr
);
90 nsresult
ContentPrincipal::GenerateOriginNoSuffixFromURI(
91 nsIURI
* aURI
, nsACString
& aOriginNoSuffix
) {
93 return NS_ERROR_FAILURE
;
96 nsCOMPtr
<nsIURI
> origin
= NS_GetInnermostURI(aURI
);
98 return NS_ERROR_FAILURE
;
101 MOZ_ASSERT(!NS_IsAboutBlank(origin
),
102 "The inner URI for about:blank must be moz-safe-about:blank");
104 // Handle non-strict file:// uris.
105 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
106 NS_URIIsLocalFile(origin
)) {
107 // If strict file origin policy is not in effect, all local files are
108 // considered to be same-origin, so return a known dummy origin here.
109 aOriginNoSuffix
.AssignLiteral("file://UNIVERSAL_FILE_URI_ORIGIN");
114 // NB: This is only compiled for Thunderbird/Suite.
115 #if IS_ORIGIN_IS_FULL_SPEC_DEFINED
116 bool fullSpec
= false;
117 rv
= NS_URIChainHasFlags(origin
, nsIProtocolHandler::ORIGIN_IS_FULL_SPEC
,
119 NS_ENSURE_SUCCESS(rv
, rv
);
121 return origin
->GetAsciiSpec(aOriginNoSuffix
);
125 // We want the invariant that prinA.origin == prinB.origin i.f.f.
126 // prinA.equals(prinB). However, this requires that we impose certain
127 // constraints on the behavior and origin semantics of principals, and in
128 // particular, forbid creating origin strings for principals whose equality
129 // constraints are not expressible as strings (i.e. object equality).
130 // Moreover, we want to forbid URIs containing the magic "^" we use as a
131 // separating character for origin attributes.
133 // These constraints can generally be achieved by restricting .origin to
134 // nsIStandardURL-based URIs, but there are a few other URI schemes that we
136 if (origin
->SchemeIs("about") ||
137 (origin
->SchemeIs("moz-safe-about") &&
138 // We generally consider two about:foo origins to be same-origin, but
139 // about:blank is special since it can be generated from different
140 // sources. We check for moz-safe-about:blank since origin is an
142 !StringBeginsWith(origin
->GetSpecOrDefault(),
143 "moz-safe-about:blank"_ns
))) {
144 rv
= origin
->GetAsciiSpec(aOriginNoSuffix
);
145 NS_ENSURE_SUCCESS(rv
, rv
);
147 int32_t pos
= aOriginNoSuffix
.FindChar('?');
148 int32_t hashPos
= aOriginNoSuffix
.FindChar('#');
150 if (hashPos
!= kNotFound
&& (pos
== kNotFound
|| hashPos
< pos
)) {
154 if (pos
!= kNotFound
) {
155 aOriginNoSuffix
.Truncate(pos
);
158 // These URIs could technically contain a '^', but they never should.
159 if (NS_WARN_IF(aOriginNoSuffix
.FindChar('^', 0) != -1)) {
160 aOriginNoSuffix
.Truncate();
161 return NS_ERROR_FAILURE
;
166 // This URL can be a blobURL. In this case, we should use the 'parent'
167 // principal instead.
168 nsCOMPtr
<nsIPrincipal
> blobPrincipal
;
169 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
170 origin
, getter_AddRefs(blobPrincipal
))) {
171 MOZ_ASSERT(blobPrincipal
);
172 return blobPrincipal
->GetOriginNoSuffix(aOriginNoSuffix
);
175 // If we reached this branch, we can only create an origin if we have a
176 // nsIStandardURL. So, we query to a nsIStandardURL, and fail if we aren't
177 // an instance of an nsIStandardURL nsIStandardURLs have the good property
178 // of escaping the '^' character in their specs, which means that we can be
179 // sure that the caret character (which is reserved for delimiting the end
180 // of the spec, and the beginning of the origin attributes) is not present
181 // in the origin string
182 nsCOMPtr
<nsIStandardURL
> standardURL
= do_QueryInterface(origin
);
184 return NS_ERROR_FAILURE
;
187 // See whether we have a useful hostPort. If we do, use that.
188 nsAutoCString hostPort
;
189 if (!origin
->SchemeIs("chrome")) {
190 rv
= origin
->GetAsciiHostPort(hostPort
);
191 NS_ENSURE_SUCCESS(rv
, rv
);
193 if (!hostPort
.IsEmpty()) {
194 rv
= origin
->GetScheme(aOriginNoSuffix
);
195 NS_ENSURE_SUCCESS(rv
, rv
);
196 aOriginNoSuffix
.AppendLiteral("://");
197 aOriginNoSuffix
.Append(hostPort
);
201 rv
= aURI
->GetAsciiSpec(aOriginNoSuffix
);
202 NS_ENSURE_SUCCESS(rv
, rv
);
204 // The origin, when taken from the spec, should not contain the ref part of
207 int32_t pos
= aOriginNoSuffix
.FindChar('?');
208 int32_t hashPos
= aOriginNoSuffix
.FindChar('#');
210 if (hashPos
!= kNotFound
&& (pos
== kNotFound
|| hashPos
< pos
)) {
214 if (pos
!= kNotFound
) {
215 aOriginNoSuffix
.Truncate(pos
);
221 bool ContentPrincipal::SubsumesInternal(
222 nsIPrincipal
* aOther
,
223 BasePrincipal::DocumentDomainConsideration aConsideration
) {
226 // For ContentPrincipal, Subsumes is equivalent to Equals.
227 if (aOther
== this) {
231 // If either the subject or the object has changed its principal by
232 // explicitly setting document.domain then the other must also have
233 // done so in order to be considered the same origin. This prevents
234 // DNS spoofing based on document.domain (154930)
235 if (aConsideration
== ConsiderDocumentDomain
) {
236 // Get .domain on each principal.
237 nsCOMPtr
<nsIURI
> thisDomain
, otherDomain
;
238 GetDomain(getter_AddRefs(thisDomain
));
239 aOther
->GetDomain(getter_AddRefs(otherDomain
));
241 // If either has .domain set, we have equality i.f.f. the domains match.
242 // Otherwise, we fall through to the non-document-domain-considering case.
243 if (thisDomain
|| otherDomain
) {
245 nsScriptSecurityManager::SecurityCompareURIs(thisDomain
, otherDomain
);
248 nsAutoCString thisSiteOrigin
, otherSiteOrigin
;
249 MOZ_ALWAYS_SUCCEEDS(GetSiteOrigin(thisSiteOrigin
));
250 MOZ_ALWAYS_SUCCEEDS(aOther
->GetSiteOrigin(otherSiteOrigin
));
252 thisSiteOrigin
== otherSiteOrigin
,
253 "SubsumesConsideringDomain passed with mismatched siteOrigin!");
260 // Do a fast check (including origin attributes) or a slow uri comparison.
261 return FastEquals(aOther
) || aOther
->IsSameOrigin(mURI
);
265 ContentPrincipal::GetURI(nsIURI
** aURI
) {
266 *aURI
= do_AddRef(mURI
).take();
270 bool ContentPrincipal::MayLoadInternal(nsIURI
* aURI
) {
273 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
274 nsCOMPtr
<nsIURIWithSpecialOrigin
> uriWithSpecialOrigin
=
275 do_QueryInterface(aURI
);
276 if (uriWithSpecialOrigin
) {
277 nsCOMPtr
<nsIURI
> origin
;
278 nsresult rv
= uriWithSpecialOrigin
->GetOrigin(getter_AddRefs(origin
));
279 if (NS_WARN_IF(NS_FAILED(rv
))) {
283 OriginAttributes attrs
;
284 RefPtr
<BasePrincipal
> principal
=
285 BasePrincipal::CreateContentPrincipal(origin
, attrs
);
286 return nsIPrincipal::Subsumes(principal
);
290 nsCOMPtr
<nsIPrincipal
> blobPrincipal
;
291 if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
292 aURI
, getter_AddRefs(blobPrincipal
))) {
293 MOZ_ASSERT(blobPrincipal
);
294 return nsIPrincipal::Subsumes(blobPrincipal
);
297 // If this principal is associated with an addon, check whether that addon
298 // has been given permission to load from this domain.
299 if (AddonAllowsLoad(aURI
)) {
303 if (nsScriptSecurityManager::SecurityCompareURIs(mURI
, aURI
)) {
307 // If strict file origin policy is in effect, local files will always fail
308 // SecurityCompareURIs unless they are identical. Explicitly check file origin
309 // policy, in that case.
310 if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
311 NS_URIIsLocalFile(aURI
) && NS_RelaxStrictFileOriginPolicy(aURI
, mURI
)) {
318 uint32_t ContentPrincipal::GetHashValue() {
319 MOZ_ASSERT(mURI
, "Need a principal URI");
321 nsCOMPtr
<nsIURI
> uri
;
322 GetDomain(getter_AddRefs(uri
));
324 GetURI(getter_AddRefs(uri
));
326 return NS_SecurityHashURI(uri
);
330 ContentPrincipal::GetDomain(nsIURI
** aDomain
) {
331 if (!GetHasExplicitDomain()) {
336 mozilla::MutexAutoLock
lock(mMutex
);
337 NS_ADDREF(*aDomain
= mDomain
);
342 ContentPrincipal::SetDomain(nsIURI
* aDomain
) {
343 AssertIsOnMainThread();
347 mozilla::MutexAutoLock
lock(mMutex
);
349 SetHasExplicitDomain();
352 // Set the changed-document-domain flag on compartments containing realms
353 // using this principal.
354 auto cb
= [](JSContext
*, void*, JS::Realm
* aRealm
,
355 const JS::AutoRequireNoGC
& nogc
) {
356 JS::Compartment
* comp
= JS::GetCompartmentForRealm(aRealm
);
357 xpc::SetCompartmentChangedDocumentDomain(comp
);
359 JSPrincipals
* principals
=
360 nsJSPrincipals::get(static_cast<nsIPrincipal
*>(this));
362 dom::AutoJSAPI jsapi
;
364 JS::IterateRealmsWithPrincipals(jsapi
.cx(), principals
, nullptr, cb
);
369 static nsresult
GetSpecialBaseDomain(const nsCOMPtr
<nsIURI
>& aURI
,
370 bool* aHandled
, nsACString
& aBaseDomain
) {
373 // Special handling for a file URI.
374 if (NS_URIIsLocalFile(aURI
)) {
375 // If strict file origin policy is not in effect, all local files are
376 // considered to be same-origin, so return a known dummy domain here.
377 if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
379 aBaseDomain
.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
383 // Otherwise, we return the file path.
384 nsCOMPtr
<nsIURL
> url
= do_QueryInterface(aURI
);
388 return url
->GetFilePath(aBaseDomain
);
392 bool hasNoRelativeFlag
;
393 nsresult rv
= NS_URIChainHasFlags(aURI
, nsIProtocolHandler::URI_NORELATIVE
,
395 if (NS_WARN_IF(NS_FAILED(rv
))) {
399 // In case of FTP we want to get base domain via TLD service even if FTP
400 // protocol handler is disabled and the scheme is handled by external protocol
401 // handler which returns URI_NORELATIVE flag.
402 if (hasNoRelativeFlag
&& !aURI
->SchemeIs("ftp")) {
404 return aURI
->GetSpec(aBaseDomain
);
407 if (aURI
->SchemeIs("indexeddb")) {
409 return aURI
->GetSpec(aBaseDomain
);
416 ContentPrincipal::GetBaseDomain(nsACString
& aBaseDomain
) {
417 // Handle some special URIs first.
419 nsresult rv
= GetSpecialBaseDomain(mURI
, &handled
, aBaseDomain
);
420 NS_ENSURE_SUCCESS(rv
, rv
);
426 // For everything else, we ask the TLD service via the ThirdPartyUtil.
427 nsCOMPtr
<mozIThirdPartyUtil
> thirdPartyUtil
=
428 do_GetService(THIRDPARTYUTIL_CONTRACTID
);
429 if (!thirdPartyUtil
) {
430 return NS_ERROR_FAILURE
;
433 return thirdPartyUtil
->GetBaseDomain(mURI
, aBaseDomain
);
437 ContentPrincipal::GetSiteOriginNoSuffix(nsACString
& aSiteOrigin
) {
438 nsresult rv
= GetOriginNoSuffix(aSiteOrigin
);
439 NS_ENSURE_SUCCESS(rv
, rv
);
441 // It is possible for two principals with the same origin to have different
442 // mURI values. In order to ensure that two principals with matching origins
443 // also have matching siteOrigins, we derive the siteOrigin entirely from the
444 // origin string and do not rely on mURI at all here.
445 nsCOMPtr
<nsIURI
> origin
;
446 rv
= NS_NewURI(getter_AddRefs(origin
), aSiteOrigin
);
448 // We got an error parsing the origin as a URI? siteOrigin == origin
449 // aSiteOrigin was already filled with `OriginNoSuffix`
453 // Handle some special URIs first.
454 nsAutoCString baseDomain
;
456 rv
= GetSpecialBaseDomain(origin
, &handled
, baseDomain
);
457 NS_ENSURE_SUCCESS(rv
, rv
);
460 // This is a special URI ("file:", "about:", "view-source:", etc). Just
461 // return the origin.
465 // For everything else, we ask the TLD service. Note that, unlike in
466 // GetBaseDomain, we don't use ThirdPartyUtil.getBaseDomain because if the
467 // host is an IP address that returns the raw address and we can't use it with
468 // SetHost below because SetHost expects '[' and ']' around IPv6 addresses.
470 nsCOMPtr
<nsIEffectiveTLDService
> tldService
=
471 do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID
);
473 return NS_ERROR_FAILURE
;
476 bool gotBaseDomain
= false;
477 rv
= tldService
->GetBaseDomain(origin
, 0, baseDomain
);
478 if (NS_SUCCEEDED(rv
)) {
479 gotBaseDomain
= true;
481 // If this is an IP address or something like "localhost", we just continue
482 // with gotBaseDomain = false.
483 if (rv
!= NS_ERROR_HOST_IS_IP_ADDRESS
&&
484 rv
!= NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS
&&
485 rv
!= NS_ERROR_INVALID_ARG
) {
490 // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
491 // the port, so an extra `SetPort` call has to be made.
492 nsCOMPtr
<nsIURI
> siteUri
;
493 NS_MutateURI
mutator(origin
);
494 mutator
.SetUserPass(""_ns
).SetPort(-1);
496 mutator
.SetHost(baseDomain
);
498 rv
= mutator
.Finalize(siteUri
);
499 MOZ_ASSERT(NS_SUCCEEDED(rv
), "failed to create siteUri");
500 NS_ENSURE_SUCCESS(rv
, rv
);
502 aSiteOrigin
.Truncate();
503 rv
= GenerateOriginNoSuffixFromURI(siteUri
, aSiteOrigin
);
504 MOZ_ASSERT(NS_SUCCEEDED(rv
), "failed to create siteOriginNoSuffix");
508 nsresult
ContentPrincipal::GetSiteIdentifier(SiteIdentifier
& aSite
) {
509 nsCString siteOrigin
;
510 nsresult rv
= GetSiteOrigin(siteOrigin
);
511 NS_ENSURE_SUCCESS(rv
, rv
);
513 RefPtr
<BasePrincipal
> principal
= CreateContentPrincipal(siteOrigin
);
515 NS_WARNING("could not instantiate content principal");
516 return NS_ERROR_FAILURE
;
519 aSite
.Init(principal
);
523 RefPtr
<extensions::WebExtensionPolicyCore
> ContentPrincipal::AddonPolicyCore() {
524 mozilla::MutexAutoLock
lock(mMutex
);
525 if (!mAddon
.isSome()) {
526 NS_ENSURE_TRUE(mURI
, nullptr);
528 RefPtr
<extensions::WebExtensionPolicyCore
> core
;
529 if (mURI
->SchemeIs("moz-extension")) {
531 NS_ENSURE_SUCCESS(mURI
->GetHost(host
), nullptr);
532 core
= ExtensionPolicyService::GetCoreByHost(host
);
535 mAddon
.emplace(core
);
541 ContentPrincipal::GetAddonId(nsAString
& aAddonId
) {
542 if (RefPtr
<extensions::WebExtensionPolicyCore
> policy
= AddonPolicyCore()) {
543 policy
->Id()->ToString(aAddonId
);
551 ContentPrincipal::Deserializer::Read(nsIObjectInputStream
* aStream
) {
552 MOZ_ASSERT(!mPrincipal
);
554 nsCOMPtr
<nsISupports
> supports
;
555 nsCOMPtr
<nsIURI
> principalURI
;
556 nsresult rv
= NS_ReadOptionalObject(aStream
, true, getter_AddRefs(supports
));
561 principalURI
= do_QueryInterface(supports
);
562 // Enforce re-parsing about: URIs so that if they change, we continue to use
563 // their new principals correctly.
564 if (principalURI
->SchemeIs("about")) {
566 principalURI
->GetSpec(spec
);
567 NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(principalURI
), spec
),
571 nsCOMPtr
<nsIURI
> domain
;
572 rv
= NS_ReadOptionalObject(aStream
, true, getter_AddRefs(supports
));
577 domain
= do_QueryInterface(supports
);
579 nsAutoCString suffix
;
580 rv
= aStream
->ReadCString(suffix
);
581 NS_ENSURE_SUCCESS(rv
, rv
);
583 OriginAttributes attrs
;
584 bool ok
= attrs
.PopulateFromSuffix(suffix
);
585 NS_ENSURE_TRUE(ok
, NS_ERROR_FAILURE
);
587 // Since Bug 965637 we do not serialize the CSP within the
588 // Principal anymore. Nevertheless there might still be
589 // serialized Principals that do have a serialized CSP.
590 // For now, we just read the CSP here but do not actually
591 // consume it. Please note that we deliberately ignore
592 // the return value to avoid CSP deserialization problems.
593 // After Bug 1508939 we will have a new serialization for
594 // Principals which allows us to update the code here.
595 // Additionally, the format for serialized CSPs changed
596 // within Bug 965637 which also can cause failures within
597 // the CSP deserialization code.
598 Unused
<< NS_ReadOptionalObject(aStream
, true, getter_AddRefs(supports
));
600 nsAutoCString originNoSuffix
;
601 rv
= GenerateOriginNoSuffixFromURI(principalURI
, originNoSuffix
);
602 NS_ENSURE_SUCCESS(rv
, rv
);
605 new ContentPrincipal(principalURI
, attrs
, originNoSuffix
, domain
);
609 nsresult
ContentPrincipal::PopulateJSONObject(Json::Value
& aObject
) {
610 nsAutoCString principalURI
;
611 nsresult rv
= mURI
->GetSpec(principalURI
);
612 NS_ENSURE_SUCCESS(rv
, rv
);
614 // We turn each int enum field into a JSON string key of the object
615 // aObject is the inner JSON object that has stringified enum keys
616 // An example aObject might be:
620 // {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
622 // ----------------------------- |
624 // Key ----------------------
627 aObject
[std::to_string(eURI
)] = principalURI
.get();
629 if (GetHasExplicitDomain()) {
630 nsAutoCString domainStr
;
632 MutexAutoLock
lock(mMutex
);
633 rv
= mDomain
->GetSpec(domainStr
);
634 NS_ENSURE_SUCCESS(rv
, rv
);
636 aObject
[std::to_string(eDomain
)] = domainStr
.get();
639 nsAutoCString suffix
;
640 OriginAttributesRef().CreateSuffix(suffix
);
641 if (suffix
.Length() > 0) {
642 aObject
[std::to_string(eSuffix
)] = suffix
.get();
648 already_AddRefed
<BasePrincipal
> ContentPrincipal::FromProperties(
649 nsTArray
<ContentPrincipal::KeyVal
>& aFields
) {
650 MOZ_ASSERT(aFields
.Length() == eMax
+ 1, "Must have all the keys");
652 nsCOMPtr
<nsIURI
> principalURI
;
653 nsCOMPtr
<nsIURI
> domain
;
654 nsCOMPtr
<nsIContentSecurityPolicy
> csp
;
655 OriginAttributes attrs
;
657 // The odd structure here is to make the code to not compile
658 // if all the switch enum cases haven't been codified
659 for (const auto& field
: aFields
) {
661 case ContentPrincipal::eURI
:
662 if (!field
.valueWasSerialized
) {
665 "Content principals require a principal URI in serialized JSON");
668 rv
= NS_NewURI(getter_AddRefs(principalURI
), field
.value
.get());
669 NS_ENSURE_SUCCESS(rv
, nullptr);
672 // Enforce re-parsing about: URIs so that if they change, we
673 // continue to use their new principals correctly.
674 if (principalURI
->SchemeIs("about")) {
676 principalURI
->GetSpec(spec
);
677 if (NS_FAILED(NS_NewURI(getter_AddRefs(principalURI
), spec
))) {
683 case ContentPrincipal::eDomain
:
684 if (field
.valueWasSerialized
) {
685 rv
= NS_NewURI(getter_AddRefs(domain
), field
.value
.get());
686 NS_ENSURE_SUCCESS(rv
, nullptr);
689 case ContentPrincipal::eSuffix
:
690 if (field
.valueWasSerialized
) {
691 bool ok
= attrs
.PopulateFromSuffix(field
.value
);
699 nsAutoCString originNoSuffix
;
700 rv
= ContentPrincipal::GenerateOriginNoSuffixFromURI(principalURI
,
706 RefPtr
<ContentPrincipal
> principal
=
707 new ContentPrincipal(principalURI
, attrs
, originNoSuffix
, domain
);
709 return principal
.forget();