Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking.
authorYoshi Huang <allstars.chh@mozilla.com>
Tue, 03 Nov 2015 09:50:54 +0800
changeset 274287 0e4c4db3b90ff45937cc1eab4b7bbd61f4674326
parent 274286 2757a39280f9b07dec0b56e38e1ef6a9f48b4f12
child 274288 6d76991804a50112a8b8be4a16b477ab25879903
push id68546
push usercbook@mozilla.com
push dateThu, 26 Nov 2015 15:56:25 +0000
treeherdermozilla-inbound@a2e18ea18461 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1209162
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking.
caps/BasePrincipal.cpp
caps/BasePrincipal.h
caps/nsJSPrincipals.cpp
caps/nsNullPrincipal.cpp
caps/nsNullPrincipal.h
caps/nsPrincipal.cpp
caps/nsPrincipal.h
caps/nsScriptSecurityManager.cpp
caps/nsScriptSecurityManager.h
caps/tests/gtest/TestOriginAttributes.cpp
docshell/base/LoadContext.cpp
docshell/base/LoadContext.h
docshell/base/SerializedLoadContext.h
docshell/base/nsDocShell.cpp
docshell/base/nsDocShell.h
docshell/base/nsILoadContext.idl
dom/base/ChromeUtils.cpp
dom/base/nsFrameLoader.cpp
dom/base/nsFrameLoader.h
dom/base/nsGlobalWindow.cpp
dom/cache/DBSchema.cpp
dom/datastore/DataStoreService.cpp
dom/ipc/AppProcessChecker.cpp
dom/ipc/ContentChild.cpp
dom/ipc/TabContext.cpp
dom/ipc/TabContext.h
dom/quota/ActorsParent.cpp
dom/webidl/ChromeUtils.webidl
dom/workers/PServiceWorkerManager.ipdl
dom/workers/ServiceWorkerManager.cpp
dom/workers/ServiceWorkerManager.h
dom/workers/ServiceWorkerManagerChild.cpp
dom/workers/ServiceWorkerManagerChild.h
dom/workers/ServiceWorkerManagerParent.cpp
dom/workers/ServiceWorkerManagerParent.h
dom/workers/ServiceWorkerManagerService.cpp
dom/workers/ServiceWorkerManagerService.h
dom/workers/ServiceWorkerPrivate.cpp
dom/workers/ServiceWorkerRegistrar.cpp
dom/workers/test/gtest/TestReadWrite.cpp
extensions/cookie/nsPermission.cpp
extensions/cookie/nsPermissionManager.cpp
gfx/thebes/gfxSVGGlyphs.cpp
ipc/glue/BackgroundUtils.h
ipc/glue/PBackgroundSharedTypes.ipdlh
js/xpconnect/src/Sandbox.cpp
netwerk/base/LoadContextInfo.cpp
netwerk/base/LoadContextInfo.h
netwerk/base/LoadInfo.cpp
netwerk/base/LoadInfo.h
netwerk/base/Predictor.cpp
netwerk/base/nsILoadContextInfo.idl
netwerk/base/nsILoadInfo.idl
netwerk/base/nsNetUtil.cpp
netwerk/base/nsNetUtil.h
netwerk/cache/nsApplicationCacheService.cpp
netwerk/cache/nsDiskCacheDeviceSQL.cpp
netwerk/cache/nsDiskCacheDeviceSQL.h
netwerk/cache2/AppCacheStorage.cpp
netwerk/cache2/CacheFileMetadata.h
netwerk/cache2/CacheFileUtils.cpp
netwerk/cache2/CacheObserver.cpp
netwerk/cache2/OldWrappers.cpp
netwerk/cookie/CookieServiceParent.cpp
netwerk/cookie/CookieServiceParent.h
netwerk/cookie/nsCookieService.cpp
netwerk/cookie/nsCookieService.h
netwerk/ipc/NeckoChannelParams.ipdlh
netwerk/ipc/NeckoParent.cpp
netwerk/ipc/NeckoParent.h
netwerk/protocol/http/HttpChannelParent.cpp
netwerk/protocol/http/PackagedAppService.cpp
netwerk/protocol/http/PackagedAppVerifier.cpp
netwerk/protocol/http/nsHttpAuthCache.cpp
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
netwerk/protocol/wyciwyg/nsWyciwygChannel.h
netwerk/test/mochitests/mochitest.ini
netwerk/test/mochitests/signed_web_packaged_app.sjs
netwerk/test/mochitests/test_origin_attributes_conversion.html
netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
toolkit/components/downloads/ApplicationReputation.cpp
toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
uriloader/prefetch/OfflineCacheUpdateParent.cpp
uriloader/prefetch/OfflineCacheUpdateParent.h
uriloader/prefetch/nsOfflineCacheUpdateService.cpp
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -23,36 +23,84 @@
 #include "mozilla/dom/quota/QuotaManager.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/URLSearchParams.h"
 
 namespace mozilla {
 
 using dom::URLParams;
 
-void OriginAttributes::InheritFromDocShellParent(const OriginAttributes& aParent)
+void
+PrincipalOriginAttributes::InheritFromDocShellToDoc(const DocShellOriginAttributes& aAttrs,
+                                                    const nsIURI* aURI)
 {
-  mAppId = aParent.mAppId;
-  mInBrowser = aParent.mInBrowser;
-  mUserContextId = aParent.mUserContextId;
-  mSignedPkg = aParent.mSignedPkg;
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225349 - PrincipalOriginAttributes should inherit mSignedPkg
+  // accordingly by URI
+  mSignedPkg = aAttrs.mSignedPkg;
+}
+
+void
+PrincipalOriginAttributes::InheritFromNecko(const NeckoOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+  mSignedPkg = aAttrs.mSignedPkg;
 }
 
-bool OriginAttributes::CopyFromLoadContext(nsILoadContext* aLoadContext)
+void
+DocShellOriginAttributes::InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs)
 {
-  OriginAttributes attrs;
-  bool result = aLoadContext->GetOriginAttributes(attrs);
-  NS_ENSURE_TRUE(result, false);
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
+  mSignedPkg = aAttrs.mSignedPkg;
+}
+
+void
+NeckoOriginAttributes::InheritFromDocToNecko(const PrincipalOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
 
-  mAppId = attrs.mAppId;
-  mInBrowser = attrs.mInBrowser;
-  mAddonId = attrs.mAddonId;
-  mUserContextId = attrs.mUserContextId;
-  mSignedPkg = attrs.mSignedPkg;
-  return true;
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
+}
+
+void
+NeckoOriginAttributes::InheritFromDocShellToNecko(const DocShellOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
 }
 
 void
 OriginAttributes::CreateSuffix(nsACString& aStr) const
 {
   UniquePtr<URLParams> params(new URLParams());
   nsAutoString value;
 
@@ -449,17 +497,17 @@ BasePrincipal::GetIsInBrowserElement(boo
 NS_IMETHODIMP
 BasePrincipal::GetUnknownAppId(bool* aUnknownAppId)
 {
   *aUnknownAppId = AppId() == nsIScriptSecurityManager::UNKNOWN_APP_ID;
   return NS_OK;
 }
 
 already_AddRefed<BasePrincipal>
-BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const OriginAttributes& aAttrs)
+BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttributes& aAttrs)
 {
   // If the URI is supposed to inherit the security context of whoever loads it,
   // we shouldn't make a codebase principal for it.
   bool inheritsPrincipal;
   nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
                                     &inheritsPrincipal);
   nsCOMPtr<nsIPrincipal> principal;
   if (NS_FAILED(rv) || inheritsPrincipal) {
@@ -490,17 +538,17 @@ BasePrincipal::CreateCodebasePrincipal(c
 {
   MOZ_ASSERT(!StringBeginsWith(aOrigin, NS_LITERAL_CSTRING("[")),
              "CreateCodebasePrincipal does not support System and Expanded principals");
 
   MOZ_ASSERT(!StringBeginsWith(aOrigin, NS_LITERAL_CSTRING(NS_NULLPRINCIPAL_SCHEME ":")),
              "CreateCodebasePrincipal does not support nsNullPrincipal");
 
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return nullptr;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -9,81 +9,138 @@
 
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsJSPrincipals.h"
 
 #include "mozilla/dom/ChromeUtilsBinding.h"
 
 class nsIContentSecurityPolicy;
-class nsILoadContext;
 class nsIObjectOutputStream;
 class nsIObjectInputStream;
+class nsIURI;
 
 class nsExpandedPrincipal;
 
 namespace mozilla {
 
+// Base OriginAttributes class. This has several subclass flavors, and is not
+// directly constructable itself.
 class OriginAttributes : public dom::OriginAttributesDictionary
 {
 public:
-  OriginAttributes() {}
-  OriginAttributes(uint32_t aAppId, bool aInBrowser)
-  {
-    mAppId = aAppId;
-    mInBrowser = aInBrowser;
-  }
-  explicit OriginAttributes(const OriginAttributesDictionary& aOther)
-    : OriginAttributesDictionary(aOther) {}
-
   bool operator==(const OriginAttributes& aOther) const
   {
     return mAppId == aOther.mAppId &&
            mInBrowser == aOther.mInBrowser &&
            mAddonId == aOther.mAddonId &&
            mUserContextId == aOther.mUserContextId &&
            mSignedPkg == aOther.mSignedPkg;
   }
   bool operator!=(const OriginAttributes& aOther) const
   {
     return !(*this == aOther);
   }
 
-  // The docshell often influences the origin attributes of content loaded
-  // inside of it, and in some cases also influences the origin attributes of
-  // content loaded in child docshells. We say that a given attribute "lives on
-  // the docshell" to indicate that this attribute is specified by the docshell
-  // (if any) associated with a given content document.
-  //
-  // In practice, this usually means that we need to store a copy of those
-  // attributes on each docshell, or provide methods on the docshell to compute
-  // them on-demand.
-  // We could track each of these attributes individually, but since the
-  // majority of the existing origin attributes currently live on the docshell,
-  // it's cleaner to simply store an entire OriginAttributes struct on each
-  // docshell, and selectively copy them to child docshells and content
-  // principals in a manner that implements our desired semantics.
-  //
-  // This method is used to propagate attributes from parent to child
-  // docshells.
-  void InheritFromDocShellParent(const OriginAttributes& aParent);
-
-  // Copy from the origin attributes of the nsILoadContext.
-  bool CopyFromLoadContext(nsILoadContext* aLoadContext);
-
   // Serializes/Deserializes non-default values into the suffix format, i.e.
   // |!key1=value1&key2=value2|. If there are no non-default attributes, this
   // returns an empty string.
   void CreateSuffix(nsACString& aStr) const;
   bool PopulateFromSuffix(const nsACString& aStr);
 
   // Populates the attributes from a string like
   // |uri!key1=value1&key2=value2| and returns the uri without the suffix.
   bool PopulateFromOrigin(const nsACString& aOrigin,
                           nsACString& aOriginNoSuffix);
+
+protected:
+  OriginAttributes() {}
+  explicit OriginAttributes(const OriginAttributesDictionary& aOther)
+    : OriginAttributesDictionary(aOther) {}
+};
+
+class PrincipalOriginAttributes;
+class DocShellOriginAttributes;
+class NeckoOriginAttributes;
+
+// Various classes in Gecko contain OriginAttributes members, and those
+// OriginAttributes get propagated to other classes according to certain rules.
+// For example, the OriginAttributes on the docshell affect the OriginAttributes
+// for the principal of a document loaded inside it, whose OriginAttributes in
+// turn affect those of network loads and child docshells. To codify and
+// centralize these rules, we introduce separate subclasses for the different
+// flavors, and a variety of InheritFrom* methods to implement the transfer
+// behavior.
+
+// For OriginAttributes stored on principals.
+class PrincipalOriginAttributes : public OriginAttributes
+{
+public:
+  PrincipalOriginAttributes() {}
+  PrincipalOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from docshell to document when user navigates.
+  //
+  // @param aAttrs  Origin Attributes of the docshell.
+  // @param aURI    The URI of the document.
+  void InheritFromDocShellToDoc(const DocShellOriginAttributes& aAttrs,
+                                const nsIURI* aURI);
+
+  // Inherit OriginAttributes from Necko.
+  void InheritFromNecko(const NeckoOriginAttributes& aAttrs);
+};
+
+// For OriginAttributes stored on docshells / loadcontexts / browsing contexts.
+class DocShellOriginAttributes : public OriginAttributes
+{
+public:
+  DocShellOriginAttributes() {}
+  DocShellOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from document to child docshell when an
+  // <iframe> is created.
+  //
+  // @param aAttrs  Origin Attributes of the document.
+  void
+  InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs);
+};
+
+// For OriginAttributes stored on Necko.
+class NeckoOriginAttributes : public OriginAttributes
+{
+public:
+  NeckoOriginAttributes() {}
+  NeckoOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from document to necko when a network request
+  // is made.
+  void InheritFromDocToNecko(const PrincipalOriginAttributes& aAttrs);
+
+  void InheritFromDocShellToNecko(const DocShellOriginAttributes& aAttrs);
+};
+
+// For operating on OriginAttributes not associated with any data structure.
+class GenericOriginAttributes : public OriginAttributes
+{
+public:
+  GenericOriginAttributes() {}
+  explicit GenericOriginAttributes(const OriginAttributesDictionary& aOther)
+    : OriginAttributes(aOther) {}
 };
 
 class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary
 {
 public:
   // To convert a JSON string to an OriginAttributesPattern, do the following:
   //
   // OriginAttributesPattern pattern;
@@ -163,20 +220,20 @@ public:
   NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
 
   virtual bool IsOnCSSUnprefixingWhitelist() override { return false; }
 
   virtual bool IsCodebasePrincipal() const { return false; };
 
   static BasePrincipal* Cast(nsIPrincipal* aPrin) { return static_cast<BasePrincipal*>(aPrin); }
   static already_AddRefed<BasePrincipal>
-  CreateCodebasePrincipal(nsIURI* aURI, const OriginAttributes& aAttrs);
+  CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttributes& aAttrs);
   static already_AddRefed<BasePrincipal> CreateCodebasePrincipal(const nsACString& aOrigin);
 
-  const OriginAttributes& OriginAttributesRef() { return mOriginAttributes; }
+  const PrincipalOriginAttributes& OriginAttributesRef() { return mOriginAttributes; }
   uint32_t AppId() const { return mOriginAttributes.mAppId; }
   uint32_t UserContextId() const { return mOriginAttributes.mUserContextId; }
   bool IsInBrowserElement() const { return mOriginAttributes.mInBrowser; }
 
   enum PrincipalKind {
     eNullPrincipal,
     eCodebasePrincipal,
     eExpandedPrincipal,
@@ -198,14 +255,14 @@ protected:
   friend class ::nsExpandedPrincipal;
 
   // Helper to check whether this principal is associated with an addon that
   // allows unprivileged code to load aURI.
   bool AddonAllowsLoad(nsIURI* aURI);
 
   nsCOMPtr<nsIContentSecurityPolicy> mCSP;
   nsCOMPtr<nsIContentSecurityPolicy> mPreloadCSP;
-  OriginAttributes mOriginAttributes;
+  PrincipalOriginAttributes mOriginAttributes;
 };
 
 } // namespace mozilla
 
 #endif /* mozilla_BasePrincipal_h */
--- a/caps/nsJSPrincipals.cpp
+++ b/caps/nsJSPrincipals.cpp
@@ -155,17 +155,17 @@ nsJSPrincipals::ReadKnownPrincipalType(J
         }
 
         nsAutoCString spec;
         spec.SetLength(specLength);
         if (!JS_ReadBytes(aReader, spec.BeginWriting(), specLength)) {
             return false;
         }
 
-        OriginAttributes attrs;
+        PrincipalOriginAttributes attrs;
         attrs.PopulateFromSuffix(suffix);
         info = ContentPrincipalInfo(attrs, spec);
     }
 
     nsresult rv;
     nsCOMPtr<nsIPrincipal> prin = PrincipalInfoToPrincipal(info, &rv);
     if (NS_WARN_IF(NS_FAILED(rv))) {
         xpc::Throw(aCx, NS_ERROR_DOM_DATA_CLONE_ERR);
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -39,27 +39,27 @@ NS_IMPL_CI_INTERFACE_GETTER(nsNullPrinci
 nsNullPrincipal::CreateWithInheritedAttributes(nsIPrincipal* aInheritFrom)
 {
   RefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
   nsresult rv = nullPrin->Init(Cast(aInheritFrom)->OriginAttributesRef());
   return NS_SUCCEEDED(rv) ? nullPrin.forget() : nullptr;
 }
 
 /* static */ already_AddRefed<nsNullPrincipal>
-nsNullPrincipal::Create(const OriginAttributes& aOriginAttributes)
+nsNullPrincipal::Create(const PrincipalOriginAttributes& aOriginAttributes)
 {
   RefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
   nsresult rv = nullPrin->Init(aOriginAttributes);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
   return nullPrin.forget();
 }
 
 nsresult
-nsNullPrincipal::Init(const OriginAttributes& aOriginAttributes)
+nsNullPrincipal::Init(const PrincipalOriginAttributes& aOriginAttributes)
 {
   mOriginAttributes = aOriginAttributes;
 
   mURI = nsNullPrincipalURI::Create();
   NS_ENSURE_TRUE(mURI, NS_ERROR_NOT_AVAILABLE);
 
   return NS_OK;
 }
--- a/caps/nsNullPrincipal.h
+++ b/caps/nsNullPrincipal.h
@@ -47,19 +47,19 @@ public:
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   nsresult GetOriginInternal(nsACString& aOrigin) override;
 
   // Returns null on failure.
   static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal *aInheritFrom);
 
   // Returns null on failure.
   static already_AddRefed<nsNullPrincipal>
-    Create(const mozilla::OriginAttributes& aOriginAttributes = mozilla::OriginAttributes());
+  Create(const mozilla::PrincipalOriginAttributes& aOriginAttributes = mozilla::PrincipalOriginAttributes());
 
-  nsresult Init(const mozilla::OriginAttributes& aOriginAttributes = mozilla::OriginAttributes());
+  nsresult Init(const mozilla::PrincipalOriginAttributes& aOriginAttributes = mozilla::PrincipalOriginAttributes());
 
   virtual void GetScriptLocation(nsACString &aStr) override;
 
   PrincipalKind Kind() override { return eNullPrincipal; }
 
  protected:
   virtual ~nsNullPrincipal() {}
 
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -80,17 +80,17 @@ nsPrincipal::~nsPrincipal()
 { 
   // let's clear the principal within the csp to avoid a tangling pointer
   if (mCSP) {
     static_cast<nsCSPContext*>(mCSP.get())->clearLoadingPrincipal();
   }
 }
 
 nsresult
-nsPrincipal::Init(nsIURI *aCodebase, const OriginAttributes& aOriginAttributes)
+nsPrincipal::Init(nsIURI *aCodebase, const PrincipalOriginAttributes& aOriginAttributes)
 {
   NS_ENSURE_STATE(!mInitialized);
   NS_ENSURE_ARG(aCodebase);
 
   mInitialized = true;
 
   mCodebase = NS_TryToMakeImmutable(aCodebase);
   mCodebaseImmutable = URIIsImmutable(mCodebase);
@@ -386,17 +386,17 @@ nsPrincipal::Read(nsIObjectInputStream* 
   }
 
   domain = do_QueryInterface(supports);
 
   nsAutoCString suffix;
   rv = aStream->ReadCString(suffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   bool ok = attrs.PopulateFromSuffix(suffix);
   NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
 
   rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   NS_ENSURE_SUCCESS(rv, rv);
 
   // This may be null.
   nsCOMPtr<nsIContentSecurityPolicy> csp = do_QueryInterface(supports, &rv);
--- a/caps/nsPrincipal.h
+++ b/caps/nsPrincipal.h
@@ -29,17 +29,17 @@ public:
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   virtual bool IsOnCSSUnprefixingWhitelist() override;
   bool IsCodebasePrincipal() const override { return true; }
   nsresult GetOriginInternal(nsACString& aOrigin) override;
 
   nsPrincipal();
 
   // Init() must be called before the principal is in a usable state.
-  nsresult Init(nsIURI* aCodebase, const mozilla::OriginAttributes& aOriginAttributes);
+  nsresult Init(nsIURI* aCodebase, const mozilla::PrincipalOriginAttributes& aOriginAttributes);
 
   virtual void GetScriptLocation(nsACString& aStr) override;
   void SetURI(nsIURI* aURI);
 
   /**
    * Computes the puny-encoded origin of aURI.
    */
   static nsresult GetOriginForURI(nsIURI* aURI, nsACString& aOrigin);
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -286,17 +286,17 @@ nsScriptSecurityManager::AppStatusForPri
                       nsIPrincipal::APP_STATUS_NOT_INSTALLED);
     nsCOMPtr<nsIURI> appURI;
     NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(appURI), appOrigin),
                       nsIPrincipal::APP_STATUS_NOT_INSTALLED);
 
     // The app could contain a cross-origin iframe - make sure that the content
     // is actually same-origin with the app.
     MOZ_ASSERT(inMozBrowser == false, "Checked this above");
-    OriginAttributes attrs(appId, false);
+    PrincipalOriginAttributes attrs(appId, false);
     nsCOMPtr<nsIPrincipal> appPrin = BasePrincipal::CreateCodebasePrincipal(appURI, attrs);
     NS_ENSURE_TRUE(appPrin, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
     return aPrin->Equals(appPrin) ? status
                                   : nsIPrincipal::APP_STATUS_NOT_INSTALLED;
 }
 
 /*
  * GetChannelResultPrincipal will return the principal that the resource
@@ -357,17 +357,17 @@ nsScriptSecurityManager::GetChannelResul
                 return NS_OK;
             }
         }
     }
     return GetChannelURIPrincipal(aChannel, aPrincipal);
 }
 
 nsresult
-nsScriptSecurityManager::MaybeSetAddonIdFromURI(OriginAttributes& aAttrs, nsIURI* aURI)
+nsScriptSecurityManager::MaybeSetAddonIdFromURI(PrincipalOriginAttributes& aAttrs, nsIURI* aURI)
 {
   nsAutoCString scheme;
   nsresult rv = aURI->GetScheme(scheme);
   NS_ENSURE_SUCCESS(rv, rv);
   if (scheme.EqualsLiteral("moz-extension") && GetAddonPolicyService()) {
     rv = GetAddonPolicyService()->ExtensionURIToAddonId(aURI, aAttrs.mAddonId);
     NS_ENSURE_SUCCESS(rv, rv);
   }
@@ -400,17 +400,18 @@ nsScriptSecurityManager::GetChannelURIPr
 
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(aChannel, loadContext);
 
     if (loadContext) {
         return GetLoadContextCodebasePrincipal(uri, loadContext, aPrincipal);
     }
 
-    OriginAttributes attrs(UNKNOWN_APP_ID, false);
+    //TODO: Bug 1211590. inherit Origin Attributes from LoadInfo.
+    PrincipalOriginAttributes attrs(UNKNOWN_APP_ID, false);
     rv = MaybeSetAddonIdFromURI(attrs, uri);
     NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     prin.forget(aPrincipal);
     return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
@@ -1003,44 +1004,44 @@ nsScriptSecurityManager::GetSystemPrinci
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetSimpleCodebasePrincipal(nsIURI* aURI,
                                                     nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs(UNKNOWN_APP_ID, false);
+  PrincipalOriginAttributes attrs(UNKNOWN_APP_ID, false);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetNoAppCodebasePrincipal(nsIURI* aURI,
                                                    nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs(NO_APP_ID, false);
+  PrincipalOriginAttributes attrs(NO_APP_ID, false);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetCodebasePrincipal(nsIURI* aURI,
                                               nsIPrincipal** aPrincipal)
 {
   return GetNoAppCodebasePrincipal(aURI, aPrincipal);
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, JS::Handle<JS::Value> aOriginAttributes,
                                                  JSContext* aCx, nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
       return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
@@ -1060,17 +1061,17 @@ nsScriptSecurityManager::CreateCodebaseP
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CreateNullPrincipal(JS::Handle<JS::Value> aOriginAttributes,
                                              JSContext* aCx, nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
       return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = nsNullPrincipal::Create(attrs);
   NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
   prin.forget(aPrincipal);
   return NS_OK;
 }
@@ -1094,48 +1095,49 @@ NS_IMETHODIMP
 nsScriptSecurityManager::GetAppCodebasePrincipal(nsIURI* aURI,
                                                  uint32_t aAppId,
                                                  bool aInMozBrowser,
                                                  nsIPrincipal** aPrincipal)
 {
   NS_ENSURE_TRUE(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID,
                  NS_ERROR_INVALID_ARG);
 
-  OriginAttributes attrs(aAppId, aInMozBrowser);
+  PrincipalOriginAttributes attrs(aAppId, aInMozBrowser);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::
   GetLoadContextCodebasePrincipal(nsIURI* aURI,
                                   nsILoadContext* aLoadContext,
                                   nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
-  bool result = attrs.CopyFromLoadContext(aLoadContext);
+  DocShellOriginAttributes docShellAttrs;
+  bool result = aLoadContext->GetOriginAttributes(docShellAttrs);;
   NS_ENSURE_TRUE(result, NS_ERROR_FAILURE);
 
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(docShellAttrs, aURI);
+
   nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetDocShellCodebasePrincipal(nsIURI* aURI,
                                                       nsIDocShell* aDocShell,
                                                       nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
-  nsDocShell* docShell= nsDocShell::Cast(aDocShell);
-  bool result = attrs.CopyFromLoadContext(docShell);
-  NS_ENSURE_TRUE(result, NS_ERROR_FAILURE);
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(nsDocShell::Cast(aDocShell)->GetOriginAttributes(), aURI);
 
   nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -23,17 +23,17 @@
 #include <stdint.h>
 
 class nsCString;
 class nsIIOService;
 class nsIStringBundle;
 class nsSystemPrincipal;
 
 namespace mozilla {
-class OriginAttributes;
+class PrincipalOriginAttributes;
 } // namespace mozilla
 
 /////////////////////////////
 // nsScriptSecurityManager //
 /////////////////////////////
 #define NS_SCRIPTSECURITYMANAGER_CID \
 { 0x7ee2a4c0, 0x4b93, 0x17d3, \
 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
@@ -116,17 +116,17 @@ private:
 
     inline void
     ScriptSecurityPrefChanged();
 
     inline void
     AddSitesToFileURIWhitelist(const nsCString& aSiteList);
 
     // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
-    nsresult MaybeSetAddonIdFromURI(mozilla::OriginAttributes& aAttrs, nsIURI* aURI);
+    nsresult MaybeSetAddonIdFromURI(mozilla::PrincipalOriginAttributes& aAttrs, nsIURI* aURI);
 
     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     bool mPrefInitialized;
     bool mIsJavaScriptEnabled;
     nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;
 
     // This machinery controls new-style domain policies. The old-style
     // policy machinery will be removed soon.
--- a/caps/tests/gtest/TestOriginAttributes.cpp
+++ b/caps/tests/gtest/TestOriginAttributes.cpp
@@ -1,37 +1,37 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "gtest/gtest.h"
 #include "mozilla/BasePrincipal.h"
 
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 
 static void
-TestSuffix(const OriginAttributes& attrs)
+TestSuffix(const PrincipalOriginAttributes& attrs)
 {
   nsAutoCString suffix;
   attrs.CreateSuffix(suffix);
 
-  OriginAttributes attrsFromSuffix;
+  PrincipalOriginAttributes attrsFromSuffix;
   attrsFromSuffix.PopulateFromSuffix(suffix);
 
   EXPECT_EQ(attrs, attrsFromSuffix);
 }
 
-TEST(OriginAttributes, Suffix_default)
+TEST(PrincipalOriginAttributes, Suffix_default)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   TestSuffix(attrs);
 }
 
-TEST(OriginAttributes, Suffix_appId_inBrowser)
+TEST(PrincipalOriginAttributes, Suffix_appId_inBrowser)
 {
-  OriginAttributes attrs(1, true);
+  PrincipalOriginAttributes attrs(1, true);
   TestSuffix(attrs);
 }
 
-TEST(OriginAttributes, Suffix_maxAppId_inBrowser)
+TEST(PrincipalOriginAttributes, Suffix_maxAppId_inBrowser)
 {
-  OriginAttributes attrs(4294967295, true);
+  PrincipalOriginAttributes attrs(4294967295, true);
   TestSuffix(attrs);
 }
--- a/docshell/base/LoadContext.cpp
+++ b/docshell/base/LoadContext.cpp
@@ -18,17 +18,18 @@ LoadContext::LoadContext(nsIPrincipal* a
   , mNestedFrameId(0)
   , mIsContent(true)
   , mUsePrivateBrowsing(false)
   , mUseRemoteTabs(false)
 #ifdef DEBUG
   , mIsNotNull(true)
 #endif
 {
-  mOriginAttributes = BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  PrincipalOriginAttributes poa = BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  mOriginAttributes = DocShellOriginAttributes(poa.mAppId, poa.mInBrowser);
 
   if (!aOptionalBase) {
     return;
   }
 
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aOptionalBase->GetIsContent(&mIsContent)));
   MOZ_ALWAYS_TRUE(
     NS_SUCCEEDED(aOptionalBase->GetUsePrivateBrowsing(&mUsePrivateBrowsing)));
--- a/docshell/base/LoadContext.h
+++ b/docshell/base/LoadContext.h
@@ -38,51 +38,51 @@ public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSILOADCONTEXT
   NS_DECL_NSIINTERFACEREQUESTOR
 
   // AppId/inBrowser arguments override those in SerializedLoadContext provided
   // by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               dom::Element* aTopFrameElement,
-              OriginAttributes& aAttrs)
+              DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(do_GetWeakReference(aTopFrameElement))
     , mNestedFrameId(0)
     , mIsContent(aToCopy.mIsContent)
     , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
     , mUseRemoteTabs(aToCopy.mUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(aToCopy.mIsNotNull)
 #endif
   {
   }
 
   // AppId/inBrowser arguments override those in SerializedLoadContext provided
   // by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               uint64_t aNestedFrameId,
-              OriginAttributes& aAttrs)
+              DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(nullptr)
     , mNestedFrameId(aNestedFrameId)
     , mIsContent(aToCopy.mIsContent)
     , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
     , mUseRemoteTabs(aToCopy.mUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(aToCopy.mIsNotNull)
 #endif
   {
   }
 
   LoadContext(dom::Element* aTopFrameElement,
               bool aIsContent,
               bool aUsePrivateBrowsing,
               bool aUseRemoteTabs,
-              const OriginAttributes& aAttrs)
+              const DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(do_GetWeakReference(aTopFrameElement))
     , mNestedFrameId(0)
     , mIsContent(aIsContent)
     , mUsePrivateBrowsing(aUsePrivateBrowsing)
     , mUseRemoteTabs(aUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(true)
@@ -112,17 +112,17 @@ public:
 private:
   ~LoadContext() {}
 
   nsWeakPtr mTopFrameElement;
   uint64_t mNestedFrameId;
   bool mIsContent;
   bool mUsePrivateBrowsing;
   bool mUseRemoteTabs;
-  OriginAttributes mOriginAttributes;
+  DocShellOriginAttributes mOriginAttributes;
 #ifdef DEBUG
   bool mIsNotNull;
 #endif
 };
 
 } // namespace mozilla
 
 #endif // LoadContext_h
--- a/docshell/base/SerializedLoadContext.h
+++ b/docshell/base/SerializedLoadContext.h
@@ -44,17 +44,17 @@ public:
   // used to indicate if child-side LoadContext * was null.
   bool mIsNotNull;
   // used to indicate if child-side mUsePrivateBrowsing flag is valid, even if
   // mIsNotNull is false, i.e., child LoadContext was null.
   bool mIsPrivateBitValid;
   bool mIsContent;
   bool mUsePrivateBrowsing;
   bool mUseRemoteTabs;
-  mozilla::OriginAttributes mOriginAttributes;
+  mozilla::DocShellOriginAttributes mOriginAttributes;
 };
 
 // Function to serialize over IPDL
 template<>
 struct ParamTraits<SerializedLoadContext>
 {
   typedef SerializedLoadContext paramType;
 
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9457,17 +9457,18 @@ nsDocShell::JustStartedNetworkLoad()
 {
   return mDocumentRequest && mDocumentRequest != GetCurrentDocChannel();
 }
 
 nsresult
 nsDocShell::CreatePrincipalFromReferrer(nsIURI* aReferrer,
                                         nsIPrincipal** aResult)
 {
-  OriginAttributes attrs = GetOriginAttributes();
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(GetOriginAttributes(), aReferrer);
   nsCOMPtr<nsIPrincipal> prin =
     BasePrincipal::CreateCodebasePrincipal(aReferrer, attrs);
   prin.forget(aResult);
 
   return *aResult ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
@@ -13820,47 +13821,49 @@ nsDocShell::GetAppId(uint32_t* aAppId)
   if (!parent) {
     *aAppId = nsIScriptSecurityManager::NO_APP_ID;
     return NS_OK;
   }
 
   return parent->GetAppId(aAppId);
 }
 
-OriginAttributes
+DocShellOriginAttributes
 nsDocShell::GetOriginAttributes()
 {
-  OriginAttributes attrs;
+  DocShellOriginAttributes attrs;
   RefPtr<nsDocShell> parent = GetParentDocshell();
   if (parent) {
-    attrs.InheritFromDocShellParent(parent->GetOriginAttributes());
+    nsCOMPtr<nsIPrincipal> parentPrin = parent->GetDocument()->NodePrincipal();
+    PrincipalOriginAttributes poa = BasePrincipal::Cast(parentPrin)->OriginAttributesRef();
+    attrs.InheritFromDocToChildDocShell(poa);
+  } else {
+    // This is the topmost docshell, so we get the mSignedPkg attribute if it is
+    // set before.
+    attrs.mSignedPkg = mSignedPkg;
   }
 
   if (mOwnOrContainingAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
     attrs.mAppId = mOwnOrContainingAppId;
   }
 
   if (mFrameType == eFrameTypeBrowser) {
     attrs.mInBrowser = true;
   }
 
-  // Bug 1209162 will address the inheritance of each attributes.
-  attrs.mSignedPkg = mSignedPkg;
-
   return attrs;
 }
 
 NS_IMETHODIMP
 nsDocShell::GetOriginAttributes(JS::MutableHandle<JS::Value> aVal)
 {
   JSContext* cx = nsContentUtils::GetCurrentJSContext();
   MOZ_ASSERT(cx);
 
-  OriginAttributes attrs = GetOriginAttributes();
-  bool ok = ToJSValue(cx, attrs, aVal);
+  bool ok = ToJSValue(cx, GetOriginAttributes(), aVal);
   NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDocShell::GetAppManifestURL(nsAString& aAppManifestURL)
 {
   uint32_t appId = nsIDocShell::GetAppId();
@@ -14049,17 +14052,18 @@ nsDocShell::ShouldPrepareForIntercept(ns
 
       if (isThirdPartyURI) {
         return NS_OK;
       }
     }
   }
 
   if (aIsNonSubresourceRequest) {
-    OriginAttributes attrs(GetAppId(), GetIsInBrowserElement());
+    PrincipalOriginAttributes attrs;
+    attrs.InheritFromDocShellToDoc(GetOriginAttributes(), aURI);
     *aShouldIntercept = swm->IsAvailable(attrs, aURI);
     return NS_OK;
   }
 
   nsCOMPtr<nsIDocument> doc = GetDocument();
   if (!doc) {
     return NS_ERROR_NOT_AVAILABLE;
   }
@@ -14140,17 +14144,22 @@ nsDocShell::ChannelIntercepted(nsIInterc
     doc = GetDocument();
     if (!doc) {
       return NS_ERROR_NOT_AVAILABLE;
     }
   }
 
   bool isReload = mLoadType & LOAD_CMD_RELOAD;
 
-  OriginAttributes attrs(GetAppId(), GetIsInBrowserElement());
+  nsCOMPtr<nsIURI> uri;
+  rv = channel->GetURI(getter_AddRefs(uri));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(GetOriginAttributes(), uri);
 
   ErrorResult error;
   nsCOMPtr<nsIRunnable> runnable =
     swm->PrepareFetchEvent(attrs, doc, aChannel, isReload, isSubresourceLoad, error);
   if (NS_WARN_IF(error.Failed())) {
     return error.StealNSResult();
   }
 
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -265,17 +265,17 @@ public:
   void NotifyAsyncPanZoomStopped();
 
   void SetInFrameSwap(bool aInSwap)
   {
     mInFrameSwap = aInSwap;
   }
   bool InFrameSwap();
 
-  mozilla::OriginAttributes GetOriginAttributes();
+  mozilla::DocShellOriginAttributes GetOriginAttributes();
 
 private:
   // An observed docshell wrapper is created when recording markers is enabled.
   mozilla::UniquePtr<mozilla::ObservedDocShell> mObserved;
 
   // It is necessary to allow adding a timeline marker wherever a docshell
   // instance is available. This operation happens frequently and needs to
   // be very fast, so instead of using a Map or having to search for some
--- a/docshell/base/nsILoadContext.idl
+++ b/docshell/base/nsILoadContext.idl
@@ -6,17 +6,17 @@
 
 #include "nsISupports.idl"
 
 interface nsIDOMWindow;
 interface nsIDOMElement;
 
 %{C++
 #ifdef MOZILLA_INTERNAL_API
-#include "mozilla/BasePrincipal.h" // for OriginAttributes
+#include "mozilla/BasePrincipal.h" // for DocShellOriginAttributes
 #include "mozilla/dom/ScriptSettings.h" // for AutoJSAPI
 #include "xpcpublic.h" // for PrivilegedJunkScope
 #include "nsContentUtils.h" // for IsSystemPrincipal
 #endif
 %}
 
 /**
  * An nsILoadContext represents the context of a load.  This interface
@@ -135,33 +135,34 @@ interface nsILoadContext : nsISupports
    */
   readonly attribute jsval originAttributes;
 
 %{C++
 #ifdef MOZILLA_INTERNAL_API
   /**
    * The C++ getter for origin attributes.
    */
-  bool GetOriginAttributes(mozilla::OriginAttributes& aAttrs)
+  bool GetOriginAttributes(mozilla::DocShellOriginAttributes& aAttrs)
   {
     mozilla::dom::AutoJSAPI jsapi;
     bool ok = jsapi.Init(xpc::PrivilegedJunkScope());
     NS_ENSURE_TRUE(ok, false);
     JS::Rooted<JS::Value> v(jsapi.cx());
     nsresult rv = GetOriginAttributes(&v);
     NS_ENSURE_SUCCESS(rv, false);
     NS_ENSURE_TRUE(v.isObject(), false);
     JS::Rooted<JSObject*> obj(jsapi.cx(), &v.toObject());
 
     // If we're JS-implemented, the object will be left in a different (System-Principaled)
     // scope, so we may need to enter its compartment.
     MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(nsContentUtils::ObjectPrincipal(obj)));
     JSAutoCompartment ac(jsapi.cx(), obj);
 
-    mozilla::OriginAttributes attrs;
+    mozilla::DocShellOriginAttributes attrs;
     ok = attrs.Init(jsapi.cx(), v);
     NS_ENSURE_TRUE(ok, false);
     aAttrs = attrs;
     return true;
   }
+
 #endif
 %}
 };
--- a/dom/base/ChromeUtils.cpp
+++ b/dom/base/ChromeUtils.cpp
@@ -51,24 +51,24 @@ ThreadSafeChromeUtils::NondeterministicG
 }
 
   /* static */ void
 ChromeUtils::OriginAttributesToSuffix(dom::GlobalObject& aGlobal,
                                       const dom::OriginAttributesDictionary& aAttrs,
                                       nsCString& aSuffix)
 
 {
-  OriginAttributes attrs(aAttrs);
+  GenericOriginAttributes attrs(aAttrs);
   attrs.CreateSuffix(aSuffix);
 }
 
 /* static */ bool
 ChromeUtils::OriginAttributesMatchPattern(dom::GlobalObject& aGlobal,
                                           const dom::OriginAttributesDictionary& aAttrs,
                                           const dom::OriginAttributesPatternDictionary& aPattern)
 {
-  OriginAttributes attrs(aAttrs);
+  GenericOriginAttributes attrs(aAttrs);
   OriginAttributesPattern pattern(aPattern);
   return pattern.Matches(attrs);
 }
 
 } // namespace dom
 } // namespace mozilla
--- a/dom/base/nsFrameLoader.cpp
+++ b/dom/base/nsFrameLoader.cpp
@@ -277,42 +277,34 @@ nsFrameLoader::LoadURI(nsIURI* aURI)
     mURIToLoad = nullptr;
   }
   return rv;
 }
 
 NS_IMETHODIMP
 nsFrameLoader::SwitchProcessAndLoadURI(nsIURI* aURI, const nsACString& aPackageId)
 {
-  nsCOMPtr<nsIURI> URIToLoad = aURI;
   RefPtr<TabParent> tp = nullptr;
 
-  nsCString signedPkgOrigin;
-  if (!aPackageId.IsEmpty()) {
-    // Only when aPackageId is not empty would signed package origin
-    // be meaningful.
-    nsPrincipal::GetOriginForURI(aURI, signedPkgOrigin);
-  }
-
   MutableTabContext context;
-  nsresult rv = GetNewTabContext(&context, signedPkgOrigin, aPackageId);
+  nsresult rv = GetNewTabContext(&context, aURI, aPackageId);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<Element> ownerElement = mOwnerContent;
   tp = ContentParent::CreateBrowserOrApp(context, ownerElement, nullptr);
   if (!tp) {
     return NS_ERROR_FAILURE;
   }
   mRemoteBrowserShown = false;
 
   rv = SwapRemoteBrowser(tp);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
-  LoadURI(URIToLoad);
+  LoadURI(aURI);
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsFrameLoader::SetIsPrerendered()
 {
   MOZ_ASSERT(!mDocShell, "Please call SetIsPrerendered before docShell is created");
   mIsPrerendered = true;
@@ -3036,38 +3028,45 @@ nsFrameLoader::MaybeUpdatePrimaryTabPare
                                    eIgnoreCase);
       parentTreeOwner->TabParentAdded(mRemoteBrowser, isPrimary);
     }
   }
 }
 
 nsresult
 nsFrameLoader::GetNewTabContext(MutableTabContext* aTabContext,
-                                const nsACString& aSignedPkgOriginNoSuffix,
+                                nsIURI* aURI,
                                 const nsACString& aPackageId)
 {
   nsCOMPtr<mozIApplication> ownApp = GetOwnApp();
   nsCOMPtr<mozIApplication> containingApp = GetContainingApp();
-  OriginAttributes attrs = OriginAttributes();
+  DocShellOriginAttributes attrs;
   attrs.mInBrowser = OwnerIsBrowserFrame();
 
+  nsCString signedPkgOrigin;
+  if (!aPackageId.IsEmpty()) {
+    // Only when aPackageId is not empty would signed package origin
+    // be meaningful.
+    nsPrincipal::GetOriginForURI(aURI, signedPkgOrigin);
+  }
+
   // Get the AppId from ownApp
   uint32_t appId = nsIScriptSecurityManager::NO_APP_ID;
   if (ownApp) {
     nsresult rv = ownApp->GetLocalId(&appId);
     NS_ENSURE_SUCCESS(rv, rv);
     NS_ENSURE_STATE(appId != nsIScriptSecurityManager::NO_APP_ID);
   } else if (containingApp) {
     nsresult rv = containingApp->GetLocalId(&appId);
     NS_ENSURE_SUCCESS(rv, rv);
     NS_ENSURE_STATE(appId != nsIScriptSecurityManager::NO_APP_ID);
   }
   attrs.mAppId = appId;
 
   // Populate packageId to signedPkg.
   attrs.mSignedPkg = NS_ConvertUTF8toUTF16(aPackageId);
 
-  bool tabContextUpdated = aTabContext->SetTabContext(ownApp, containingApp,
-                                                      attrs, aSignedPkgOriginNoSuffix);
+  bool tabContextUpdated =
+    aTabContext->SetTabContext(ownApp, containingApp, attrs, signedPkgOrigin);
   NS_ENSURE_STATE(tabContextUpdated);
 
   return NS_OK;
 }
--- a/dom/base/nsFrameLoader.h
+++ b/dom/base/nsFrameLoader.h
@@ -314,17 +314,17 @@ private:
 
   // Update the permission manager's app-id refcount based on mOwnerContent's
   // own-or-containing-app.
   void ResetPermissionManagerStatus();
 
   void InitializeBrowserAPI();
 
   nsresult GetNewTabContext(mozilla::dom::MutableTabContext* aTabContext,
-                            const nsACString& aSignedPkgNoSuffix = EmptyCString(),
+                            nsIURI* aURI = nullptr,
                             const nsACString& aPackageId = EmptyCString());
 
   enum TabParentChange {
     eTabParentRemoved,
     eTabParentChanged
   };
   void MaybeUpdatePrimaryTabParent(TabParentChange aChange);
 
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -256,17 +256,17 @@ class nsIScriptTimeoutHandler;
 #endif
 
 static const char kStorageEnabled[] = "dom.storage.enabled";
 
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::dom::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::TimeStamp;
 using mozilla::TimeDuration;
 using mozilla::dom::cache::CacheStorage;
 using mozilla::dom::indexedDB::IDBFactory;
 
 static LazyLogModule gDOMLeakPRLog("DOMLeak");
 
 nsGlobalWindow::WindowByIdTable *nsGlobalWindow::sWindowsById = nullptr;
@@ -7893,17 +7893,17 @@ nsGlobalWindow::PostMessageMozOuter(JSCo
     if (NS_FAILED(originURI->SetUserPass(EmptyCString())) ||
         NS_FAILED(originURI->SetPath(EmptyCString()))) {
       return;
     }
 
     nsCOMPtr<nsIPrincipal> principal = nsContentUtils::SubjectPrincipal();
     MOZ_ASSERT(principal);
 
-    OriginAttributes attrs = BasePrincipal::Cast(principal)->OriginAttributesRef();
+    PrincipalOriginAttributes attrs = BasePrincipal::Cast(principal)->OriginAttributesRef();
     // Create a nsIPrincipal inheriting the app/browser attributes from the
     // caller.
     providedPrincipal = BasePrincipal::CreateCodebasePrincipal(originURI, attrs);
     if (NS_WARN_IF(!providedPrincipal)) {
       return;
     }
   }
 
--- a/dom/cache/DBSchema.cpp
+++ b/dom/cache/DBSchema.cpp
@@ -1928,17 +1928,17 @@ ReadResponse(mozIStorageConnection* aCon
 
   nsAutoCString serializedInfo;
   rv = state->GetUTF8String(6, serializedInfo);
   if (NS_WARN_IF(NS_FAILED(rv))) { return rv; }
 
   aSavedResponseOut->mValue.principalInfo() = void_t();
   if (!serializedInfo.IsEmpty()) {
     nsAutoCString originNoSuffix;
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     if (!attrs.PopulateFromOrigin(serializedInfo, originNoSuffix)) {
       NS_WARNING("Something went wrong parsing a serialized principal!");
       return NS_ERROR_FAILURE;
     }
 
     aSavedResponseOut->mValue.principalInfo() =
       mozilla::ipc::ContentPrincipalInfo(attrs, originNoSuffix);
   }
--- a/dom/datastore/DataStoreService.cpp
+++ b/dom/datastore/DataStoreService.cpp
@@ -53,17 +53,17 @@
 
 #define ASSERT_PARENT_PROCESS()                                             \
   MOZ_ASSERT(XRE_IsParentProcess());                                        \
   if (NS_WARN_IF(!XRE_IsParentProcess())) {                                 \
     return NS_ERROR_FAILURE;                                                \
   }
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 
 namespace mozilla {
 namespace dom {
 
 using namespace indexedDB;
 
 // This class contains all the information about a DataStore.
 class DataStoreInfo
@@ -213,17 +213,17 @@ ResetPermission(uint32_t aAppId, const n
 
   nsCOMPtr<nsIURI> uri;
   rv = ioService->NewURI(NS_ConvertUTF16toUTF8(aOriginURL), nullptr, nullptr,
                          getter_AddRefs(uri));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  OriginAttributes attrs(aAppId, false);
+  PrincipalOriginAttributes attrs(aAppId, false);
   nsCOMPtr<nsIPrincipal> principal =
     BasePrincipal::CreateCodebasePrincipal(uri, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   nsCOMPtr<nsIPermissionManager> pm =
     do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
   if (!pm) {
     return NS_ERROR_FAILURE;
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -149,17 +149,17 @@ CheckOriginPermission(const nsACString& 
   return nsIPermissionManager::ALLOW_ACTION == perm;
 }
 
 bool
 AssertAppProcess(TabContext& aContext,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
-  const mozilla::OriginAttributes& attr = aContext.OriginAttributesRef();
+  const mozilla::DocShellOriginAttributes& attr = aContext.OriginAttributesRef();
   nsCString suffix;
   attr.CreateSuffix(suffix);
 
   if (!aContext.SignedPkgOriginNoSuffix().IsEmpty()) {
     LOG("TabContext owning signed package origin: %s, originAttr; %s\n",
         nsCString(aContext.SignedPkgOriginNoSuffix()).get(),
         suffix.get());
   }
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -2406,17 +2406,17 @@ ContentChild::RecvAddPermission(const IP
     nsCOMPtr<nsIPermissionManager> permissionManagerIface =
         services::GetPermissionManager();
     nsPermissionManager* permissionManager =
         static_cast<nsPermissionManager*>(permissionManagerIface.get());
     MOZ_ASSERT(permissionManager,
                "We have no permissionManager in the Content process !");
 
     nsAutoCString originNoSuffix;
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     attrs.PopulateFromOrigin(permission.origin, originNoSuffix);
 
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
     NS_ENSURE_SUCCESS(rv, true);
 
     nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
 
--- a/dom/ipc/TabContext.cpp
+++ b/dom/ipc/TabContext.cpp
@@ -147,32 +147,32 @@ TabContext::SetTabContext(const TabConte
   NS_ENSURE_FALSE(mInitialized, false);
 
   *this = aContext;
   mInitialized = true;
 
   return true;
 }
 
-const OriginAttributes&
+const DocShellOriginAttributes&
 TabContext::OriginAttributesRef() const
 {
   return mOriginAttributes;
 }
 
 const nsACString&
 TabContext::SignedPkgOriginNoSuffix() const
 {
   return mSignedPkgOriginNoSuffix;
 }
 
 bool
 TabContext::SetTabContext(mozIApplication* aOwnApp,
                           mozIApplication* aAppFrameOwnerApp,
-                          const OriginAttributes& aOriginAttributes,
+                          const DocShellOriginAttributes& aOriginAttributes,
                           const nsACString& aSignedPkgOriginNoSuffix)
 {
   NS_ENSURE_FALSE(mInitialized, false);
 
   // Get ids for both apps and only write to our member variables after we've
   // verified that this worked.
   uint32_t ownAppId = NO_APP_ID;
   if (aOwnApp) {
@@ -223,17 +223,17 @@ GetAppForId(uint32_t aAppId)
 
   return app.forget();
 }
 
 MaybeInvalidTabContext::MaybeInvalidTabContext(const IPCTabContext& aParams)
   : mInvalidReason(nullptr)
 {
   uint32_t containingAppId = NO_APP_ID;
-  OriginAttributes originAttributes = OriginAttributes();
+  DocShellOriginAttributes originAttributes;
   nsAutoCString originSuffix;
   nsAutoCString signedPkgOriginNoSuffix;
 
   switch(aParams.type()) {
     case IPCTabContext::TPopupIPCTabContext: {
       const PopupIPCTabContext &ipcContext = aParams.get_PopupIPCTabContext();
 
       TabContext *context;
@@ -264,19 +264,16 @@ MaybeInvalidTabContext::MaybeInvalidTabC
 
       // Browser elements can't nest other browser elements.  So if
       // our opener is browser element, we must be a new DOM window
       // opened by it.  In that case we inherit our containing app ID
       // (if any).
       //
       // Otherwise, we're a new app window and we inherit from our
       // opener app.
-
-      // FIXME bug 1212250 - use InheritFromDocToChildDocshell instead
-      // of copying attributes directly.
       originAttributes = context->mOriginAttributes;
       if (ipcContext.isBrowserElement()) {
         containingAppId = context->OwnOrContainingAppId();
       } else {
         containingAppId = context->mContainingAppId;
       }
       break;
     }
--- a/dom/ipc/TabContext.h
+++ b/dom/ipc/TabContext.h
@@ -99,21 +99,21 @@ public:
    * frame does not have its own app, it gets the ID of the app which contains
    * this frame (i.e., the result of {Browser,App}OwnerAppId(), as applicable).
    */
   uint32_t OwnOrContainingAppId() const;
   already_AddRefed<mozIApplication> GetOwnOrContainingApp() const;
   bool HasOwnOrContainingApp() const;
 
   /**
-   * OriginAttributesRef() returns the OriginAttributes of this frame to the
+   * OriginAttributesRef() returns the DocShellOriginAttributes of this frame to the
    * caller. This is used to store any attribute associated with the frame's
    * docshell, such as the AppId.
    */
-  const OriginAttributes& OriginAttributesRef() const;
+  const DocShellOriginAttributes& OriginAttributesRef() const;
 
   /**
    * Returns the origin associated with the tab (w/o suffix) if this tab owns
    * a signed packaged content.
    */
   const nsACString& SignedPkgOriginNoSuffix() const;
 
 protected:
@@ -137,17 +137,17 @@ protected:
    * Set the TabContext for this frame. This can either be:
    *  - an app frame (with the given own app) inside the given owner app. Either
    *    apps can be null.
    *  - a browser frame inside the given owner app (which may be null).
    *  - a non-browser, non-app frame. Both own app and owner app should be null.
    */
   bool SetTabContext(mozIApplication* aOwnApp,
                      mozIApplication* aAppFrameOwnerApp,
-                     const OriginAttributes& aOriginAttributes,
+                     const DocShellOriginAttributes& aOriginAttributes,
                      const nsACString& aSignedPkgOriginNoSuffix);
 
 private:
   /**
    * Has this TabContext been initialized?  If so, mutator methods will fail.
    */
   bool mInitialized;
 
@@ -165,19 +165,19 @@ private:
   nsCOMPtr<mozIApplication> mContainingApp;
 
   /*
    * Cache of mContainingApp->GetLocalId().
    */
   uint32_t mContainingAppId;
 
   /**
-   * OriginAttributes of the top level tab docShell
+   * DocShellOriginAttributes of the top level tab docShell
    */
-  OriginAttributes mOriginAttributes;
+  DocShellOriginAttributes mOriginAttributes;
 
   /**
    * The signed package origin without suffix. Since the signed packaged
    * web content is always loaded in a separate process, it makes sense
    * that we store this immutable value in TabContext. If the TabContext
    * doesn't own a signed package, this value would be empty.
    */
   nsCString mSignedPkgOriginNoSuffix;
@@ -193,17 +193,17 @@ class MutableTabContext : public TabCont
 public:
   bool SetTabContext(const TabContext& aContext)
   {
     return TabContext::SetTabContext(aContext);
   }
 
   bool SetTabContext(mozIApplication* aOwnApp,
                      mozIApplication* aAppFrameOwnerApp,
-                     const OriginAttributes& aOriginAttributes,
+                     const DocShellOriginAttributes& aOriginAttributes,
                      const nsACString& aSignedPkgOriginNoSuffix = EmptyCString())
   {
     return TabContext::SetTabContext(aOwnApp,
                                      aAppFrameOwnerApp,
                                      aOriginAttributes,
                                      aSignedPkgOriginNoSuffix);
   }
 };
--- a/dom/quota/ActorsParent.cpp
+++ b/dom/quota/ActorsParent.cpp
@@ -5714,17 +5714,17 @@ OriginClearOp::DoInitOnMainThread()
 
   // Figure out which origin we're dealing with.
   nsCString origin;
   rv = QuotaManager::GetInfoFromPrincipal(principal, nullptr, &origin, nullptr);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  const mozilla::OriginAttributes& attrs =
+  const mozilla::PrincipalOriginAttributes& attrs =
     mozilla::BasePrincipal::Cast(principal)->OriginAttributesRef();
 
   nsAutoCString pattern;
   QuotaManager::GetOriginPatternString(attrs.mAppId, attrs.mInBrowser, origin,
                                        pattern);
 
   mOriginScope.SetFromPattern(pattern);
 
@@ -6178,17 +6178,17 @@ StorageDirectoryHelper::RunOnMainThread(
           return rv;
         }
 
         nsCOMPtr<nsIPrincipal> principal;
         if (originProps.mAppId == kUnknownAppId) {
           rv = secMan->GetSimpleCodebasePrincipal(uri,
                                                   getter_AddRefs(principal));
         } else {
-          OriginAttributes attrs(originProps.mAppId, originProps.mInMozBrowser);
+          PrincipalOriginAttributes attrs(originProps.mAppId, originProps.mInMozBrowser);
           principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
           rv = principal ? NS_OK : NS_ERROR_FAILURE;
         }
         if (NS_WARN_IF(NS_FAILED(rv))) {
           return rv;
         }
 
         if (mCreate) {
--- a/dom/webidl/ChromeUtils.webidl
+++ b/dom/webidl/ChromeUtils.webidl
@@ -34,17 +34,17 @@ interface ChromeUtils : ThreadSafeChrome
  * Used by principals and the script security manager to represent origin
  * attributes. The first dictionary is designed to contain the full set of
  * OriginAttributes, the second is used for pattern-matching (i.e. does this
  * OriginAttributesDictionary match the non-empty attributes in this pattern).
  *
  * IMPORTANT: If you add any members here, you need to do the following:
  * (1) Add them to both dictionaries.
  * (2) Update the methods on mozilla::OriginAttributes, including equality,
- *     serialization, and deserialization.
+ *     serialization, deserialization, and inheritance.
  * (3) Update the methods on mozilla::OriginAttributesPattern, including matching.
  */
 dictionary OriginAttributesDictionary {
   unsigned long appId = 0;
   unsigned long userContextId = 0;
   boolean inBrowser = false;
   DOMString addonId = "";
   DOMString signedPkg = "";
--- a/dom/workers/PServiceWorkerManager.ipdl
+++ b/dom/workers/PServiceWorkerManager.ipdl
@@ -2,43 +2,43 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 include protocol PBackground;
 
 include PBackgroundSharedTypes;
 include ServiceWorkerRegistrarTypes;
 
-using mozilla::OriginAttributes from "mozilla/ipc/BackgroundUtils.h";
+using mozilla::PrincipalOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 
 namespace mozilla {
 namespace dom {
 
 protocol PServiceWorkerManager
 {
   manager PBackground;
 
 parent:
   Register(ServiceWorkerRegistrationData data);
 
   Unregister(PrincipalInfo principalInfo, nsString scope);
 
-  PropagateSoftUpdate(OriginAttributes originAttributes,
+  PropagateSoftUpdate(PrincipalOriginAttributes originAttributes,
                       nsString scope);
   PropagateUnregister(PrincipalInfo principalInfo, nsString scope);
 
   PropagateRemove(nsCString host);
 
   PropagateRemoveAll();
 
   Shutdown();
 
 child:
   NotifyRegister(ServiceWorkerRegistrationData data);
-  NotifySoftUpdate(OriginAttributes originAttributes, nsString scope);
+  NotifySoftUpdate(PrincipalOriginAttributes originAttributes, nsString scope);
   NotifyUnregister(PrincipalInfo principalInfo, nsString scope);
   NotifyRemove(nsCString host);
   NotifyRemoveAll();
 
   __delete__();
 };
 
 } // namespace dom
--- a/dom/workers/ServiceWorkerManager.cpp
+++ b/dom/workers/ServiceWorkerManager.cpp
@@ -716,17 +716,17 @@ GetRequiredScopeStringPrefix(nsIURI* aSc
     MOZ_ASSERT_UNREACHABLE("Invalid value for aPrefixMode");
   }
   return NS_OK;
 }
 
 class PropagateSoftUpdateRunnable final : public nsRunnable
 {
 public:
-  PropagateSoftUpdateRunnable(const OriginAttributes& aOriginAttributes,
+  PropagateSoftUpdateRunnable(const PrincipalOriginAttributes& aOriginAttributes,
                               const nsAString& aScope)
     : mOriginAttributes(aOriginAttributes)
     , mScope(aScope)
   {}
 
   NS_IMETHOD Run() override
   {
     AssertIsOnMainThread();
@@ -737,17 +737,17 @@ public:
     swm->PropagateSoftUpdate(mOriginAttributes, mScope);
     return NS_OK;
   }
 
 private:
   ~PropagateSoftUpdateRunnable()
   {}
 
-  const OriginAttributes mOriginAttributes;
+  const PrincipalOriginAttributes mOriginAttributes;
   const nsString mScope;
 };
 
 class PropagateUnregisterRunnable final : public nsRunnable
 {
 public:
   PropagateUnregisterRunnable(nsIPrincipal* aPrincipal,
                               nsIServiceWorkerUnregisterCallback* aCallback,
@@ -1995,17 +1995,17 @@ ServiceWorkerManager::SendPushEvent(cons
                                     const nsACString& aScope,
                                     uint32_t aDataLength,
                                     uint8_t* aDataBytes,
                                     uint8_t optional_argc)
 {
 #ifdef MOZ_SIMPLEPUSH
   return NS_ERROR_NOT_AVAILABLE;
 #else
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* serviceWorker = GetActiveWorkerInfoForScope(attrs, aScope);
   if (NS_WARN_IF(!serviceWorker)) {
     return NS_ERROR_FAILURE;
   }
@@ -2028,17 +2028,17 @@ ServiceWorkerManager::SendPushEvent(cons
 
 NS_IMETHODIMP
 ServiceWorkerManager::SendPushSubscriptionChangeEvent(const nsACString& aOriginAttributes,
                                                       const nsACString& aScope)
 {
 #ifdef MOZ_SIMPLEPUSH
   return NS_ERROR_NOT_AVAILABLE;
 #else
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* info = GetActiveWorkerInfoForScope(attrs, aScope);
   if (!info) {
     return NS_ERROR_FAILURE;
   }
@@ -2054,17 +2054,17 @@ ServiceWorkerManager::SendNotificationCl
                                                  const nsAString& aDir,
                                                  const nsAString& aLang,
                                                  const nsAString& aBody,
                                                  const nsAString& aTag,
                                                  const nsAString& aIcon,
                                                  const nsAString& aData,
                                                  const nsAString& aBehavior)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginSuffix)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* info = GetActiveWorkerInfoForScope(attrs, aScope);
   if (!info) {
     return NS_ERROR_FAILURE;
   }
@@ -2178,17 +2178,17 @@ ServiceWorkerManager::CheckReadyPromise(
     aPromise->MaybeResolve(swr);
     return true;
   }
 
   return false;
 }
 
 ServiceWorkerInfo*
-ServiceWorkerManager::GetActiveWorkerInfoForScope(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::GetActiveWorkerInfoForScope(const PrincipalOriginAttributes& aOriginAttributes,
                                                   const nsACString& aScope)
 {
   AssertIsOnMainThread();
 
   nsCOMPtr<nsIURI> scopeURI;
   nsresult rv = NS_NewURI(getter_AddRefs(scopeURI), aScope, nullptr, nullptr);
   if (NS_FAILED(rv)) {
     return nullptr;
@@ -2824,17 +2824,17 @@ ServiceWorkerManager::GetServiceWorkerRe
   if (NS_FAILED(rv)) {
     return nullptr;
   }
 
   return GetServiceWorkerRegistrationInfo(originAttributesSuffix, aURI);
 }
 
 already_AddRefed<ServiceWorkerRegistrationInfo>
-ServiceWorkerManager::GetServiceWorkerRegistrationInfo(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::GetServiceWorkerRegistrationInfo(const PrincipalOriginAttributes& aOriginAttributes,
                                                        nsIURI* aURI)
 {
   MOZ_ASSERT(aURI);
 
   nsAutoCString originAttributesSuffix;
   aOriginAttributes.CreateSuffix(originAttributesSuffix);
   return GetServiceWorkerRegistrationInfo(originAttributesSuffix, aURI);
 }
@@ -3307,17 +3307,17 @@ public:
 
     return NS_OK;
   }
 };
 
 } // anonymous namespace
 
 already_AddRefed<nsIRunnable>
-ServiceWorkerManager::PrepareFetchEvent(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::PrepareFetchEvent(const PrincipalOriginAttributes& aOriginAttributes,
                                         nsIDocument* aDoc,
                                         nsIInterceptedChannel* aChannel,
                                         bool aIsReload,
                                         bool aIsSubresourceLoad,
                                         ErrorResult& aRv)
 {
   MOZ_ASSERT(aChannel);
   AssertIsOnMainThread();
@@ -3396,17 +3396,17 @@ ServiceWorkerManager::DispatchPreparedFe
     return;
   }
   // Otherwise, ensure the upload stream can be cloned directly.  This may
   // require some async copying, so provide a callback.
   aRv = uploadChannel->EnsureUploadStreamIsCloneable(aPreparedRunnable);
 }
 
 bool
-ServiceWorkerManager::IsAvailable(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::IsAvailable(const PrincipalOriginAttributes& aOriginAttributes,
                                   nsIURI* aURI)
 {
   MOZ_ASSERT(aURI);
 
   RefPtr<ServiceWorkerRegistrationInfo> registration =
     GetServiceWorkerRegistrationInfo(aOriginAttributes, aURI);
   return registration && registration->mActiveWorker;
 }
@@ -3538,17 +3538,17 @@ ServiceWorkerManager::SoftUpdate(nsIPrin
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }
 
   SoftUpdate(scopeKey, aScope, aCallback);
 }
 
 void
-ServiceWorkerManager::SoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::SoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                  const nsACString& aScope,
                                  ServiceWorkerUpdateFinishCallback* aCallback)
 {
   nsAutoCString scopeKey;
   aOriginAttributes.CreateSuffix(scopeKey);
   SoftUpdate(scopeKey, aScope, aCallback);
 }
 
@@ -4063,17 +4063,17 @@ ServiceWorkerManager::PropagateRemoveAll
     AppendPendingOperation(runnable);
     return;
   }
 
   mActor->SendPropagateRemoveAll();
 }
 
 void
-ServiceWorkerManager::RemoveAllRegistrations(OriginAttributes* aParams)
+ServiceWorkerManager::RemoveAllRegistrations(PrincipalOriginAttributes* aParams)
 {
   AssertIsOnMainThread();
 
   MOZ_ASSERT(aParams);
 
   for (auto it1 = mRegistrationInfos.Iter(); !it1.Done(); it1.Next()) {
     ServiceWorkerManager::RegistrationDataPerPrincipal* data = it1.UserData();
 
@@ -4296,17 +4296,17 @@ ServiceWorkerManager::Observe(nsISupport
     MOZ_ASSERT(XRE_IsParentProcess());
     nsAutoString domain(aData);
     RemoveAndPropagate(NS_ConvertUTF16toUTF8(domain));
     return NS_OK;
   }
 
   if (strcmp(aTopic, CLEAR_ORIGIN_DATA) == 0) {
     MOZ_ASSERT(XRE_IsParentProcess());
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     MOZ_ALWAYS_TRUE(attrs.Init(nsAutoString(aData)));
 
     RemoveAllRegistrations(&attrs);
     return NS_OK;
   }
 
   if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
     mShuttingDown = true;
@@ -4339,27 +4339,27 @@ ServiceWorkerManager::Observe(nsISupport
 
 NS_IMETHODIMP
 ServiceWorkerManager::PropagateSoftUpdate(JS::Handle<JS::Value> aOriginAttributes,
                                           const nsAString& aScope,
                                           JSContext* aCx)
 {
   AssertIsOnMainThread();
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   PropagateSoftUpdate(attrs, aScope);
   return NS_OK;
 }
 
 void
-ServiceWorkerManager::PropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::PropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                           const nsAString& aScope)
 {
   AssertIsOnMainThread();
 
   if (!mActor) {
     RefPtr<nsIRunnable> runnable =
       new PropagateSoftUpdateRunnable(aOriginAttributes, aScope);
     AppendPendingOperation(runnable);
--- a/dom/workers/ServiceWorkerManager.h
+++ b/dom/workers/ServiceWorkerManager.h
@@ -30,17 +30,17 @@
 #include "nsRefPtrHashtable.h"
 #include "nsTArrayForwardDeclare.h"
 #include "nsTObserverArray.h"
 
 class mozIApplicationClearPrivateDataParams;
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace dom {
 
 class ServiceWorkerRegistrationListener;
 
 namespace workers {
 
 class ServiceWorker;
@@ -349,23 +349,23 @@ public:
   // Note: Its safe to use weak references here because a RAII-style callback
   //       is registered with the channel before its added to this list.  We
   //       are guaranteed the callback will fire before and remove the ref
   //       from this list before the channel is destroyed.
   typedef nsTArray<nsIInterceptedChannel*> InterceptionList;
   nsClassHashtable<nsCStringHashKey, InterceptionList> mNavigationInterceptions;
 
   bool
-  IsAvailable(const OriginAttributes& aOriginAttributes, nsIURI* aURI);
+  IsAvailable(const PrincipalOriginAttributes& aOriginAttributes, nsIURI* aURI);
 
   bool
   IsControlled(nsIDocument* aDocument, ErrorResult& aRv);
 
   already_AddRefed<nsIRunnable>
-  PrepareFetchEvent(const OriginAttributes& aOriginAttributes,
+  PrepareFetchEvent(const PrincipalOriginAttributes& aOriginAttributes,
                     nsIDocument* aDoc,
                     nsIInterceptedChannel* aChannel,
                     bool aIsReload,
                     bool aIsSubresourceLoad,
                     ErrorResult& aRv);
 
   void
   DispatchPreparedFetchEvent(nsIInterceptedChannel* aChannel,
@@ -373,22 +373,22 @@ public:
                              ErrorResult& aRv);
 
   void
   SoftUpdate(nsIPrincipal* aPrincipal,
              const nsACString& aScope,
              ServiceWorkerUpdateFinishCallback* aCallback = nullptr);
 
   void
-  SoftUpdate(const OriginAttributes& aOriginAttributes,
+  SoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
              const nsACString& aScope,
              ServiceWorkerUpdateFinishCallback* aCallback = nullptr);
 
   void
-  PropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+  PropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                       const nsAString& aScope);
 
   void
   PropagateRemove(const nsACString& aHost);
 
   void
   Remove(const nsACString& aHost);
 
@@ -510,17 +510,17 @@ private:
 
   NS_IMETHODIMP
   GetServiceWorkerForScope(nsIDOMWindow* aWindow,
                            const nsAString& aScope,
                            WhichServiceWorker aWhichWorker,
                            nsISupports** aServiceWorker);
 
   ServiceWorkerInfo*
-  GetActiveWorkerInfoForScope(const OriginAttributes& aOriginAttributes,
+  GetActiveWorkerInfoForScope(const PrincipalOriginAttributes& aOriginAttributes,
                               const nsACString& aScope);
 
   ServiceWorkerInfo*
   GetActiveWorkerInfoForDocument(nsIDocument* aDocument);
 
   void
   InvalidateServiceWorkerRegistrationWorker(ServiceWorkerRegistrationInfo* aRegistration,
                                             WhichServiceWorker aWhichOnes);
@@ -537,17 +537,17 @@ private:
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(nsIDocument* aDoc);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(nsIPrincipal* aPrincipal, nsIURI* aURI);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
-  GetServiceWorkerRegistrationInfo(const OriginAttributes& aOriginAttributes,
+  GetServiceWorkerRegistrationInfo(const PrincipalOriginAttributes& aOriginAttributes,
                                    nsIURI* aURI);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(const nsACString& aScopeKey,
                                    nsIURI* aURI);
 
   // This method generates a key using appId and isInElementBrowser from the
   // principal. We don't use the origin because it can change during the
@@ -620,17 +620,17 @@ private:
   // hashtable and can cleanly remove within the hashtable enumeration
   // function.
   void
   RemoveRegistrationInternal(ServiceWorkerRegistrationInfo* aRegistration);
 
   // Removes all service worker registrations that matches the given
   // mozIApplicationClearPrivateDataParams.
   void
-  RemoveAllRegistrations(OriginAttributes* aParams);
+  RemoveAllRegistrations(PrincipalOriginAttributes* aParams);
 
   RefPtr<ServiceWorkerManagerChild> mActor;
 
   struct PendingOperation;
   nsTArray<PendingOperation> mPendingOperations;
 
   bool mShuttingDown;
 
--- a/dom/workers/ServiceWorkerManagerChild.cpp
+++ b/dom/workers/ServiceWorkerManagerChild.cpp
@@ -27,17 +27,17 @@ ServiceWorkerManagerChild::RecvNotifyReg
   MOZ_ASSERT(swm);
 
   swm->LoadRegistration(aData);
   return true;
 }
 
 bool
 ServiceWorkerManagerChild::RecvNotifySoftUpdate(
-                                      const OriginAttributes& aOriginAttributes,
+                                      const PrincipalOriginAttributes& aOriginAttributes,
                                       const nsString& aScope)
 {
   if (mShuttingDown) {
     return true;
   }
 
   RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
   MOZ_ASSERT(swm);
--- a/dom/workers/ServiceWorkerManagerChild.h
+++ b/dom/workers/ServiceWorkerManagerChild.h
@@ -7,17 +7,17 @@
 #ifndef mozilla_dom_ServiceWorkerManagerChild_h
 #define mozilla_dom_ServiceWorkerManagerChild_h
 
 #include "mozilla/dom/PServiceWorkerManagerChild.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class BackgroundChildImpl;
 } // namespace ipc
 
 namespace dom {
 namespace workers {
 
@@ -31,17 +31,17 @@ public:
   void ManagerShuttingDown()
   {
     mShuttingDown = true;
   }
 
   virtual bool RecvNotifyRegister(const ServiceWorkerRegistrationData& aData)
                                                                        override;
 
-  virtual bool RecvNotifySoftUpdate(const OriginAttributes& aOriginAttributes,
+  virtual bool RecvNotifySoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                     const nsString& aScope) override;
 
   virtual bool RecvNotifyUnregister(const PrincipalInfo& aPrincipalInfo,
                                     const nsString& aScope) override;
 
   virtual bool RecvNotifyRemove(const nsCString& aHost) override;
 
   virtual bool RecvNotifyRemoveAll() override;
--- a/dom/workers/ServiceWorkerManagerParent.cpp
+++ b/dom/workers/ServiceWorkerManagerParent.cpp
@@ -227,17 +227,17 @@ ServiceWorkerManagerParent::RecvUnregist
                                            callback);
   nsresult rv = NS_DispatchToMainThread(runnable);
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(rv));
 
   return true;
 }
 
 bool
-ServiceWorkerManagerParent::RecvPropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManagerParent::RecvPropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                                     const nsString& aScope)
 {
   AssertIsOnBackgroundThread();
 
   if (NS_WARN_IF(!mService)) {
     return false;
   }
 
--- a/dom/workers/ServiceWorkerManagerParent.h
+++ b/dom/workers/ServiceWorkerManagerParent.h
@@ -6,17 +6,17 @@
 
 #ifndef mozilla_dom_ServiceWorkerManagerParent_h
 #define mozilla_dom_ServiceWorkerManagerParent_h
 
 #include "mozilla/dom/PServiceWorkerManagerParent.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class BackgroundParentImpl;
 } // namespace ipc
 
 namespace dom {
 namespace workers {
 
@@ -37,17 +37,17 @@ private:
   ~ServiceWorkerManagerParent();
 
   virtual bool RecvRegister(
                            const ServiceWorkerRegistrationData& aData) override;
 
   virtual bool RecvUnregister(const PrincipalInfo& aPrincipalInfo,
                               const nsString& aScope) override;
 
-  virtual bool RecvPropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+  virtual bool RecvPropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                        const nsString& aScope) override;
 
   virtual bool RecvPropagateUnregister(const PrincipalInfo& aPrincipalInfo,
                                        const nsString& aScope) override;
 
   virtual bool RecvPropagateRemove(const nsCString& aHost) override;
 
   virtual bool RecvPropagateRemoveAll() override;
--- a/dom/workers/ServiceWorkerManagerService.cpp
+++ b/dom/workers/ServiceWorkerManagerService.cpp
@@ -106,17 +106,17 @@ ServiceWorkerManagerService::PropagateRe
 #ifdef DEBUG
   MOZ_ASSERT(parentFound);
 #endif
 }
 
 void
 ServiceWorkerManagerService::PropagateSoftUpdate(
                                       uint64_t aParentID,
-                                      const OriginAttributes& aOriginAttributes,
+                                      const PrincipalOriginAttributes& aOriginAttributes,
                                       const nsAString& aScope)
 {
   AssertIsOnBackgroundThread();
 
   DebugOnly<bool> parentFound = false;
   for (auto iter = mAgents.Iter(); !iter.Done(); iter.Next()) {
     ServiceWorkerManagerParent* parent = iter.Get()->GetKey();
     MOZ_ASSERT(parent);
--- a/dom/workers/ServiceWorkerManagerService.h
+++ b/dom/workers/ServiceWorkerManagerService.h
@@ -8,17 +8,17 @@
 #define mozilla_dom_ServiceWorkerManagerService_h
 
 #include "nsISupportsImpl.h"
 #include "nsHashKeys.h"
 #include "nsTHashtable.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class PrincipalInfo;
 } // namespace ipc
 
 namespace dom {
 
 class ServiceWorkerRegistrationData;
@@ -37,17 +37,17 @@ public:
 
   void RegisterActor(ServiceWorkerManagerParent* aParent);
   void UnregisterActor(ServiceWorkerManagerParent* aParent);
 
   void PropagateRegistration(uint64_t aParentID,
                              ServiceWorkerRegistrationData& aData);
 
   void PropagateSoftUpdate(uint64_t aParentID,
-                           const OriginAttributes& aOriginAttributes,
+                           const PrincipalOriginAttributes& aOriginAttributes,
                            const nsAString& aScope);
 
   void PropagateUnregister(uint64_t aParentID,
                            const mozilla::ipc::PrincipalInfo& aPrincipalInfo,
                            const nsAString& aScope);
 
   void PropagateRemove(uint64_t aParentID, const nsACString& aHost);
 
--- a/dom/workers/ServiceWorkerPrivate.cpp
+++ b/dom/workers/ServiceWorkerPrivate.cpp
@@ -206,17 +206,17 @@ public:
 
   NS_IMETHOD Run()
   {
     AssertIsOnMainThread();
 
     RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
     MOZ_ASSERT(swm);
 
-    OriginAttributes attrs =
+    PrincipalOriginAttributes attrs =
       mozilla::BasePrincipal::Cast(mRegistration->mPrincipal)->OriginAttributesRef();
 
     swm->PropagateSoftUpdate(attrs,
                              NS_ConvertUTF8toUTF16(mRegistration->mScope));
     return NS_OK;
   }
 };
 
--- a/dom/workers/ServiceWorkerRegistrar.cpp
+++ b/dom/workers/ServiceWorkerRegistrar.cpp
@@ -321,17 +321,17 @@ ServiceWorkerRegistrar::ReadData()
     }                                                 \
     if (NS_WARN_IF(!hasMoreLines)) {                  \
       return NS_ERROR_FAILURE;                        \
     }
 
     nsAutoCString suffix;
     GET_LINE(suffix);
 
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     if (!attrs.PopulateFromSuffix(suffix)) {
       return NS_ERROR_INVALID_ARG;
     }
 
     GET_LINE(line);
     entry->principal() =
       mozilla::ipc::ContentPrincipalInfo(attrs, line);
 
--- a/dom/workers/test/gtest/TestReadWrite.cpp
+++ b/dom/workers/test/gtest/TestReadWrite.cpp
@@ -214,17 +214,17 @@ TEST(ServiceWorkerRegistrar, TestWriteDa
 
     nsTArray<ServiceWorkerRegistrationData>& data = swr->TestGetData();
 
     for (int i = 0; i < 10; ++i) {
       ServiceWorkerRegistrationData* d = data.AppendElement();
 
       nsAutoCString spec;
       spec.AppendPrintf("spec write %d", i);
-      d->principal() = mozilla::ipc::ContentPrincipalInfo(mozilla::OriginAttributes(i, i % 2), spec);
+      d->principal() = mozilla::ipc::ContentPrincipalInfo(mozilla::PrincipalOriginAttributes(i, i % 2), spec);
       d->scope().AppendPrintf("scope write %d", i);
       d->scriptSpec().AppendPrintf("scriptSpec write %d", i);
       d->currentWorkerURL().AppendPrintf("currentWorkerURL write %d", i);
       d->activeCacheName().AppendPrintf("activeCacheName write %d", i);
       d->waitingCacheName().AppendPrintf("waitingCacheName write %d", i);
     }
 
     nsresult rv = swr->TestWriteData();
@@ -240,17 +240,17 @@ TEST(ServiceWorkerRegistrar, TestWriteDa
   ASSERT_EQ((uint32_t)10, data.Length()) << "10 entries should be found";
 
   for (int i = 0; i < 10; ++i) {
     nsAutoCString test;
 
     ASSERT_EQ(data[i].principal().type(), mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
     const mozilla::ipc::ContentPrincipalInfo& cInfo = data[i].principal();
 
-    mozilla::OriginAttributes attrs(i, i % 2);
+    mozilla::PrincipalOriginAttributes attrs(i, i % 2);
     nsAutoCString suffix, expectSuffix;
     attrs.CreateSuffix(expectSuffix);
     cInfo.attrs().CreateSuffix(suffix);
 
     ASSERT_STREQ(expectSuffix.get(), suffix.get());
 
     test.AppendPrintf("spec write %d", i);
     ASSERT_STREQ(test.get(), cInfo.spec().get());
--- a/extensions/cookie/nsPermission.cpp
+++ b/extensions/cookie/nsPermission.cpp
@@ -79,18 +79,18 @@ nsPermission::Matches(nsIPrincipal* aPri
 
   // If we are matching with an exact host, we're done now - the permissions don't match
   // otherwise, we need to start comparing subdomains!
   if (aExactHost) {
       return NS_OK;
   }
 
   // Compare their OriginAttributes
-  const mozilla::OriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
-  const mozilla::OriginAttributes& ourAttrs = mozilla::BasePrincipal::Cast(mPrincipal)->OriginAttributesRef();
+  const mozilla::PrincipalOriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  const mozilla::PrincipalOriginAttributes& ourAttrs = mozilla::BasePrincipal::Cast(mPrincipal)->OriginAttributesRef();
 
   if (theirAttrs != ourAttrs) {
       return NS_OK;
   }
 
   nsCOMPtr<nsIURI> theirURI;
   nsresult rv = aPrincipal->GetURI(getter_AddRefs(theirURI));
   NS_ENSURE_SUCCESS(rv, rv);
@@ -162,14 +162,14 @@ nsPermission::Matches(nsIPrincipal* aPri
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsPermission::MatchesURI(nsIURI* aURI, bool aExactHost, bool* aMatches)
 {
   NS_ENSURE_ARG_POINTER(aURI);
 
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   return Matches(principal, aExactHost, aMatches);
 }
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -102,17 +102,17 @@ LogToConsole(const nsAString& aMsg)
 ////////////////////////////////////////////////////////////////////////////////
 
 namespace {
 
 nsresult
 GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal)
 {
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return NS_ERROR_FAILURE;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
@@ -121,28 +121,28 @@ GetPrincipalFromOrigin(const nsACString&
   return NS_OK;
 }
 
 
 nsresult
 GetPrincipal(nsIURI* aURI, uint32_t aAppId, bool aIsInBrowserElement, nsIPrincipal** aPrincipal)
 {
   // TODO: Bug 1165267 - Use OriginAttributes for nsCookieService
-  mozilla::OriginAttributes attrs(aAppId, aIsInBrowserElement);
+  mozilla::PrincipalOriginAttributes attrs(aAppId, aIsInBrowserElement);
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsresult
 GetPrincipal(nsIURI* aURI, nsIPrincipal** aPrincipal)
 {
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsCString
@@ -2172,17 +2172,17 @@ nsPermissionManager::GetPermissionHashKe
     }
 
     rv = newURI->SetHost(domain);
     if (NS_FAILED(rv)) {
       return nullptr;
     }
 
     // Copy the attributes over
-    mozilla::OriginAttributes attrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+    mozilla::PrincipalOriginAttributes attrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
     nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);
 
     return GetPermissionHashKey(principal, aType, aExactHostMatch);
   }
 
   // No entry, really...
   return nullptr;
 }
--- a/gfx/thebes/gfxSVGGlyphs.cpp
+++ b/gfx/thebes/gfxSVGGlyphs.cpp
@@ -342,17 +342,18 @@ gfxSVGGlyphsDocument::ParseDocument(cons
     nsCOMPtr<nsIURI> uri;
     nsHostObjectProtocolHandler::GenerateURIString(NS_LITERAL_CSTRING(FONTTABLEURI_SCHEME),
                                                    nullptr,
                                                    mSVGGlyphsDocumentURI);
  
     rv = NS_NewURI(getter_AddRefs(uri), mSVGGlyphsDocumentURI);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    OriginAttributes attrs;
+    // TODO: Bug 1225053 - gfxSVGGlyphs.cpp should use correct principal
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
     nsCOMPtr<nsIDOMDocument> domDoc;
     rv = NS_NewDOMDocument(getter_AddRefs(domDoc),
                            EmptyString(),   // aNamespaceURI
                            EmptyString(),   // aQualifiedName
--- a/ipc/glue/BackgroundUtils.h
+++ b/ipc/glue/BackgroundUtils.h
@@ -11,35 +11,53 @@
 #include "nsCOMPtr.h"
 #include "nscore.h"
 
 class nsILoadInfo;
 class nsIPrincipal;
 
 namespace IPC {
 
-template<>
-struct ParamTraits<mozilla::OriginAttributes>
+namespace detail {
+template<class ParamType>
+struct OriginAttributesParamTraits
 {
-  typedef mozilla::OriginAttributes paramType;
+  typedef ParamType paramType;
 
   static void Write(Message* aMsg, const paramType& aParam)
   {
     nsAutoCString suffix;
     aParam.CreateSuffix(suffix);
     WriteParam(aMsg, suffix);
   }
 
   static bool Read(const Message* aMsg, void** aIter, paramType* aResult)
   {
     nsAutoCString suffix;
     return ReadParam(aMsg, aIter, &suffix) &&
            aResult->PopulateFromSuffix(suffix);
   }
 };
+} // namespace detail
+
+template<>
+struct ParamTraits<mozilla::PrincipalOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::PrincipalOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::DocShellOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::DocShellOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::NeckoOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::NeckoOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::GenericOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::GenericOriginAttributes> {};
 
 } // namespace IPC
 
 namespace mozilla {
 namespace net {
 class OptionalLoadInfoArgs;
 } // namespace net
 
--- a/ipc/glue/PBackgroundSharedTypes.ipdlh
+++ b/ipc/glue/PBackgroundSharedTypes.ipdlh
@@ -1,21 +1,21 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-using mozilla::OriginAttributes from "mozilla/ipc/BackgroundUtils.h";
+using mozilla::PrincipalOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 using struct mozilla::void_t from "ipc/IPCMessageUtils.h";
 
 namespace mozilla {
 namespace ipc {
 
 struct ContentPrincipalInfo
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   nsCString spec;
 };
 
 struct SystemPrincipalInfo
 { };
 
 struct NullPrincipalInfo
 { };
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -1180,17 +1180,17 @@ ParsePrincipal(JSContext* cx, HandleStri
     if (NS_FAILED(rv)) {
         JS_ReportError(cx, "Creating URI from string failed");
         return false;
     }
 
     // We could allow passing in the app-id and browser-element info to the
     // sandbox constructor. But creating a sandbox based on a string is a
     // deprecated API so no need to add features to it.
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> prin =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     prin.forget(principal);
 
     if (!*principal) {
         JS_ReportError(cx, "Creating Principal from URI failed");
         return false;
     }
--- a/netwerk/base/LoadContextInfo.cpp
+++ b/netwerk/base/LoadContextInfo.cpp
@@ -10,17 +10,17 @@
 
 namespace mozilla {
 namespace net {
 
 // LoadContextInfo
 
 NS_IMPL_ISUPPORTS(LoadContextInfo, nsILoadContextInfo)
 
-LoadContextInfo::LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, OriginAttributes aOriginAttributes)
+LoadContextInfo::LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, NeckoOriginAttributes aOriginAttributes)
   : mIsPrivate(aIsPrivate)
   , mIsAnonymous(aIsAnonymous)
   , mOriginAttributes(aOriginAttributes)
 {
 }
 
 LoadContextInfo::~LoadContextInfo()
 {
@@ -33,17 +33,17 @@ NS_IMETHODIMP LoadContextInfo::GetIsPriv
 }
 
 NS_IMETHODIMP LoadContextInfo::GetIsAnonymous(bool *aIsAnonymous)
 {
   *aIsAnonymous = mIsAnonymous;
   return NS_OK;
 }
 
-OriginAttributes const* LoadContextInfo::OriginAttributesPtr()
+NeckoOriginAttributes const* LoadContextInfo::OriginAttributesPtr()
 {
   return &mOriginAttributes;
 }
 
 NS_IMETHODIMP LoadContextInfo::GetOriginAttributes(JSContext *aCx,
                                                    JS::MutableHandle<JS::Value> aVal)
 {
   if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aVal))) {
@@ -53,40 +53,40 @@ NS_IMETHODIMP LoadContextInfo::GetOrigin
 }
 
 // LoadContextInfoFactory
 
 NS_IMPL_ISUPPORTS(LoadContextInfoFactory, nsILoadContextInfoFactory)
 
 NS_IMETHODIMP LoadContextInfoFactory::GetDefault(nsILoadContextInfo * *aDefault)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, false, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, false, NeckoOriginAttributes());
   info.forget(aDefault);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::GetPrivate(nsILoadContextInfo * *aPrivate)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(true, false, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(true, false, NeckoOriginAttributes());
   info.forget(aPrivate);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::GetAnonymous(nsILoadContextInfo * *aAnonymous)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, true, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, true, NeckoOriginAttributes());
   info.forget(aAnonymous);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::Custom(bool aPrivate, bool aAnonymous,
                                              JS::HandleValue aOriginAttributes, JSContext *cx,
                                              nsILoadContextInfo * *_retval)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool status = attrs.Init(cx, aOriginAttributes);
   NS_ENSURE_TRUE(status, NS_ERROR_FAILURE);
 
   nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(aPrivate, aAnonymous, attrs);
   info.forget(_retval);
   return NS_OK;
 }
 
@@ -117,35 +117,38 @@ GetLoadContextInfo(nsIChannel * aChannel
 
   bool anon = false;
   nsLoadFlags loadFlags;
   rv = aChannel->GetLoadFlags(&loadFlags);
   if (NS_SUCCEEDED(rv)) {
     anon = !!(loadFlags & nsIChannel::LOAD_ANONYMOUS);
   }
 
-  OriginAttributes oa;
+  NeckoOriginAttributes oa;
   NS_GetOriginAttributes(aChannel, oa);
 
   return new LoadContextInfo(pb, anon, oa);
 }
 
 LoadContextInfo *
 GetLoadContextInfo(nsILoadContext *aLoadContext, bool aIsAnonymous)
 {
   if (!aLoadContext) {
     return new LoadContextInfo(false, aIsAnonymous,
-                               OriginAttributes(nsILoadContextInfo::NO_APP_ID, false));
+                               NeckoOriginAttributes(nsILoadContextInfo::NO_APP_ID, false));
   }
 
   bool pb = aLoadContext->UsePrivateBrowsing();
-  OriginAttributes oa;
-  aLoadContext->GetOriginAttributes(oa);
+  DocShellOriginAttributes doa;
+  aLoadContext->GetOriginAttributes(doa);
 
-  return new LoadContextInfo(pb, aIsAnonymous, oa);
+  NeckoOriginAttributes noa;
+  noa.InheritFromDocShellToNecko(doa);
+
+  return new LoadContextInfo(pb, aIsAnonymous, noa);
 }
 
 LoadContextInfo*
 GetLoadContextInfo(nsIDOMWindow *aWindow,
                    bool aIsAnonymous)
 {
   nsCOMPtr<nsIWebNavigation> webNav = do_GetInterface(aWindow);
   nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(webNav);
@@ -159,17 +162,17 @@ GetLoadContextInfo(nsILoadContextInfo *a
   return new LoadContextInfo(aInfo->IsPrivate(),
                              aInfo->IsAnonymous(),
                              *aInfo->OriginAttributesPtr());
 }
 
 LoadContextInfo *
 GetLoadContextInfo(bool const aIsPrivate,
                    bool const aIsAnonymous,
-                   OriginAttributes const &aOriginAttributes)
+                   NeckoOriginAttributes const &aOriginAttributes)
 {
   return new LoadContextInfo(aIsPrivate,
                              aIsAnonymous,
                              aOriginAttributes);
 }
 
 } // namespace net
 } // namespace mozilla
--- a/netwerk/base/LoadContextInfo.h
+++ b/netwerk/base/LoadContextInfo.h
@@ -14,25 +14,25 @@ namespace mozilla {
 namespace net {
 
 class LoadContextInfo : public nsILoadContextInfo
 {
 public:
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSILOADCONTEXTINFO
 
-  LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, OriginAttributes aOriginAttributes);
+  LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, NeckoOriginAttributes aOriginAttributes);
 
 private:
   virtual ~LoadContextInfo();
 
 protected:
   bool mIsPrivate : 1;
   bool mIsAnonymous : 1;
-  OriginAttributes mOriginAttributes;
+  NeckoOriginAttributes mOriginAttributes;
 };
 
 class LoadContextInfoFactory : public nsILoadContextInfoFactory
 {
   virtual ~LoadContextInfoFactory() {}
 public:
   NS_DECL_ISUPPORTS // deliberately not thread-safe
   NS_DECL_NSILOADCONTEXTINFOFACTORY
@@ -50,14 +50,14 @@ GetLoadContextInfo(nsIDOMWindow *aLoadCo
                    bool aIsAnonymous);
 
 LoadContextInfo*
 GetLoadContextInfo(nsILoadContextInfo *aInfo);
 
 LoadContextInfo*
 GetLoadContextInfo(bool const aIsPrivate,
                    bool const aIsAnonymous,
-                   OriginAttributes const &aOriginAttributes);
+                   NeckoOriginAttributes const &aOriginAttributes);
 
 } // namespace net
 } // namespace mozilla
 
 #endif
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -78,17 +78,18 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadin
       nsCOMPtr<nsPIDOMWindow> parent = outerWindow->GetScriptableParent();
       mParentOuterWindowID = parent->WindowID();
     }
 
     mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests();
     mUpgradeInsecurePreloads = aLoadingContext->OwnerDoc()->GetUpgradeInsecurePreloads();
   }
 
-  mOriginAttributes = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
+  const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
+  mOriginAttributes.InheritFromDocToNecko(attrs);
 }
 
 LoadInfo::LoadInfo(const LoadInfo& rhs)
   : mLoadingPrincipal(rhs.mLoadingPrincipal)
   , mTriggeringPrincipal(rhs.mTriggeringPrincipal)
   , mLoadingContext(rhs.mLoadingContext)
   , mSecurityFlags(rhs.mSecurityFlags)
   , mInternalContentPolicyType(rhs.mInternalContentPolicyType)
@@ -113,17 +114,17 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadin
                    nsContentPolicyType aContentPolicyType,
                    bool aUpgradeInsecureRequests,
                    bool aUpgradeInsecurePreloads,
                    uint64_t aInnerWindowID,
                    uint64_t aOuterWindowID,
                    uint64_t aParentOuterWindowID,
                    bool aEnforceSecurity,
                    bool aInitialSecurityCheckDone,
-                   const OriginAttributes& aOriginAttributes,
+                   const NeckoOriginAttributes& aOriginAttributes,
                    nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChainIncludingInternalRedirects,
                    nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain)
   : mLoadingPrincipal(aLoadingPrincipal)
   , mTriggeringPrincipal(aTriggeringPrincipal)
   , mSecurityFlags(aSecurityFlags)
   , mInternalContentPolicyType(aContentPolicyType)
   , mUpgradeInsecureRequests(aUpgradeInsecureRequests)
   , mUpgradeInsecurePreloads(aUpgradeInsecurePreloads)
@@ -342,35 +343,35 @@ LoadInfo::GetScriptableOriginAttributes(
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 LoadInfo::SetScriptableOriginAttributes(JSContext* aCx,
   JS::Handle<JS::Value> aOriginAttributes)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   mOriginAttributes = attrs;
   return NS_OK;
 }
 
 nsresult
-LoadInfo::GetOriginAttributes(mozilla::OriginAttributes* aOriginAttributes)
+LoadInfo::GetOriginAttributes(mozilla::NeckoOriginAttributes* aOriginAttributes)
 {
   NS_ENSURE_ARG(aOriginAttributes);
   *aOriginAttributes = mOriginAttributes;
   return NS_OK;
 }
 
 nsresult
-LoadInfo::SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes)
+LoadInfo::SetOriginAttributes(const mozilla::NeckoOriginAttributes& aOriginAttributes)
 {
   mOriginAttributes = aOriginAttributes;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 LoadInfo::SetEnforceSecurity(bool aEnforceSecurity)
 {
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -71,17 +71,17 @@ private:
            nsContentPolicyType aContentPolicyType,
            bool aUpgradeInsecureRequests,
            bool aUpgradeInsecurePreloads,
            uint64_t aInnerWindowID,
            uint64_t aOuterWindowID,
            uint64_t aParentOuterWindowID,
            bool aEnforceSecurity,
            bool aInitialSecurityCheckDone,
-           const OriginAttributes& aOriginAttributes,
+           const NeckoOriginAttributes& aOriginAttributes,
            nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChainIncludingInternalRedirects,
            nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain);
   LoadInfo(const LoadInfo& rhs);
 
   friend nsresult
   mozilla::ipc::LoadInfoArgsToLoadInfo(
     const mozilla::net::OptionalLoadInfoArgs& aLoadInfoArgs,
     nsILoadInfo** outLoadInfo);
@@ -103,17 +103,17 @@ private:
   LoadTainting                     mTainting;
   bool                             mUpgradeInsecureRequests;
   bool                             mUpgradeInsecurePreloads;
   uint64_t                         mInnerWindowID;
   uint64_t                         mOuterWindowID;
   uint64_t                         mParentOuterWindowID;
   bool                             mEnforceSecurity;
   bool                             mInitialSecurityCheckDone;
-  OriginAttributes                 mOriginAttributes;
+  NeckoOriginAttributes            mOriginAttributes;
   nsTArray<nsCOMPtr<nsIPrincipal>> mRedirectChainIncludingInternalRedirects;
   nsTArray<nsCOMPtr<nsIPrincipal>> mRedirectChain;
 };
 
 } // namespace mozilla
 
 #endif // mozilla_LoadInfo_h
 
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -590,17 +590,17 @@ Predictor::Init()
     mDNSListener = new DNSListener();
   }
 
   nsCOMPtr<nsICacheStorageService> cacheStorageService =
     do_GetService("@mozilla.org/netwerk/cache-storage-service;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   RefPtr<LoadContextInfo> lci =
-    new LoadContextInfo(false, false, OriginAttributes());
+    new LoadContextInfo(false, false, NeckoOriginAttributes());
 
   rv = cacheStorageService->DiskCacheStorage(lci, false,
                                              getter_AddRefs(mCacheDiskStorage));
   NS_ENSURE_SUCCESS(rv, rv);
 
   mIOService = do_GetService("@mozilla.org/network/io-service;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
--- a/netwerk/base/nsILoadContextInfo.idl
+++ b/netwerk/base/nsILoadContextInfo.idl
@@ -3,17 +3,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 %{ C++
 #include "mozilla/BasePrincipal.h"
 %}
-native OriginAttributesNativePtr(const mozilla::OriginAttributes*);
+native OriginAttributesNativePtr(const mozilla::NeckoOriginAttributes*);
 
 interface nsILoadContext;
 interface nsIDOMWindow;
 
 /**
  * Helper interface to carry informatin about the load context
  * encapsulating origin attributes and IsAnonymous, IsPrivite properties.
  * It shall be used where nsILoadContext cannot be used or is not
@@ -32,17 +32,17 @@ interface nsILoadContextInfo : nsISuppor
   readonly attribute boolean isPrivate;
 
   /**
    * Whether the load is initiated as anonymous
    */
   readonly attribute boolean isAnonymous;
 
   /**
-   * OriginAttributes hiding all the security context attributes
+   * NeckoOriginAttributes hiding all the security context attributes
    */
   [implicit_jscontext]
   readonly attribute jsval originAttributes;
   [noscript, notxpcom, nostdcall, binaryname(OriginAttributesPtr)]
   OriginAttributesNativePtr binaryOriginAttributesPtr();
 
 %{C++
   /**
@@ -67,17 +67,17 @@ interface nsILoadContextInfo : nsISuppor
     return IsPrivate() == aOther->IsPrivate() &&
            IsAnonymous() == aOther->IsAnonymous() &&
            *OriginAttributesPtr() == *aOther->OriginAttributesPtr();
   }
 %}
 };
 
 /**
- * Since OriginAttributes struct limits the implementation of
+ * Since NeckoOriginAttributes struct limits the implementation of
  * nsILoadContextInfo (that needs to be thread safe) to C++,
  * we need a scriptable factory to create instances of that
  * interface from JS.
  */
 [scriptable, uuid(c1c7023d-4318-4f99-8307-b5ccf0558793)]
 interface nsILoadContextInfoFactory : nsISupports
 {
   readonly attribute nsILoadContextInfo default;
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -13,18 +13,18 @@ interface nsIPrincipal;
 
 %{C++
 #include "nsTArray.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/LoadTainting.h"
 %}
 
 [ref] native const_nsIPrincipalArray(const nsTArray<nsCOMPtr<nsIPrincipal>>);
-native OriginAttributes(mozilla::OriginAttributes);
-[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+native NeckoOriginAttributes(mozilla::NeckoOriginAttributes);
+[ref] native const_OriginAttributesRef(const mozilla::NeckoOriginAttributes);
 
 typedef unsigned long nsSecurityFlags;
 
 /**
  * An nsILoadOwner represents per-load information about who started the load.
  */
 [scriptable, builtinclass, uuid(c21803eb-ad4f-46bd-b0a5-8081381253f2)]
 interface nsILoadInfo : nsISupports
@@ -330,32 +330,32 @@ interface nsILoadInfo : nsISupports
    * available. parentOuterWindowID will be the same as outerWindowID if the
    * window has no parent.
    */
   [infallible] readonly attribute unsigned long long innerWindowID;
   [infallible] readonly attribute unsigned long long outerWindowID;
   [infallible] readonly attribute unsigned long long parentOuterWindowID;
 
   /**
-   * Customized OriginAttributes within LoadInfo to allow overwriting of the
+   * Customized NeckoOriginAttributes within LoadInfo to allow overwriting of the
    * default originAttributes from the loadingPrincipal.
    */
   [implicit_jscontext, binaryname(ScriptableOriginAttributes)]
   attribute jsval originAttributes;
 
   [noscript, nostdcall, binaryname(GetOriginAttributes)]
-  OriginAttributes binaryGetOriginAttributes();
+  NeckoOriginAttributes binaryGetOriginAttributes();
 
   [noscript, nostdcall, binaryname(SetOriginAttributes)]
   void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
 
 %{ C++
-  inline mozilla::OriginAttributes GetOriginAttributes()
+  inline mozilla::NeckoOriginAttributes GetOriginAttributes()
   {
-    mozilla::OriginAttributes result;
+    mozilla::NeckoOriginAttributes result;
     mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result);
     MOZ_ASSERT(NS_SUCCEEDED(rv));
     return result;
   }
 %}
 
   /**
    * Whenever a channel is openend by asyncOpen2() [or also open2()],
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -1195,25 +1195,27 @@ NS_UsePrivateBrowsing(nsIChannel *channe
     }
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(channel, loadContext);
     return loadContext && loadContext->UsePrivateBrowsing();
 }
 
 bool
 NS_GetOriginAttributes(nsIChannel *aChannel,
-                       mozilla::OriginAttributes &aAttributes)
+                       mozilla::NeckoOriginAttributes &aAttributes)
 {
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(aChannel, loadContext);
     if (!loadContext) {
         return false;
     }
 
-    loadContext->GetOriginAttributes(aAttributes);
+    DocShellOriginAttributes doa;
+    loadContext->GetOriginAttributes(doa);
+    aAttributes.InheritFromDocShellToNecko(doa);
     return true;
 }
 
 bool
 NS_GetAppInfo(nsIChannel *aChannel,
               uint32_t *aAppID,
               bool *aIsInBrowserElement)
 {
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@@ -40,17 +40,17 @@ class nsIPersistentProperties;
 class nsIProxyInfo;
 class nsIRequestObserver;
 class nsIStreamListener;
 class nsIStreamLoader;
 class nsIStreamLoaderObserver;
 class nsIUnicharStreamLoader;
 class nsIUnicharStreamLoaderObserver;
 
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 template <class> class nsCOMPtr;
 template <typename> struct already_AddRefed;
 
 #ifdef MOZILLA_INTERNAL_API
 #include "nsReadableUtils.h"
 #include "nsString.h"
 #else
@@ -676,20 +676,20 @@ NS_QueryNotificationCallbacks(nsIInterfa
 
 /**
  * Returns true if channel is using Private Browsing, or false if not.
  * Returns false if channel's callbacks don't implement nsILoadContext.
  */
 bool NS_UsePrivateBrowsing(nsIChannel *channel);
 
 /**
- * Extract the OriginAttributes from the channel's triggering principal.
+ * Extract the NeckoOriginAttributes from the channel's triggering principal.
  */
 bool NS_GetOriginAttributes(nsIChannel *aChannel,
-                            mozilla::OriginAttributes &aAttributes);
+                            mozilla::NeckoOriginAttributes &aAttributes);
 
 // Constants duplicated from nsIScriptSecurityManager so we avoid having necko
 // know about script security manager.
 #define NECKO_NO_APP_ID 0
 #define NECKO_UNKNOWN_APP_ID UINT32_MAX
 // special app id reserved for separating the safebrowsing cookie
 #define NECKO_SAFEBROWSING_APP_ID UINT32_MAX - 1
 
--- a/netwerk/cache/nsApplicationCacheService.cpp
+++ b/netwerk/cache/nsApplicationCacheService.cpp
@@ -35,34 +35,34 @@ nsApplicationCacheService::~nsApplicatio
 
 NS_IMETHODIMP
 nsApplicationCacheService::BuildGroupID(nsIURI *aManifestURL,
                                         nsILoadContextInfo *aLoadContextInfo,
                                         nsACString &_result)
 {
     nsresult rv;
 
-    mozilla::OriginAttributes const *oa = aLoadContextInfo
+    mozilla::NeckoOriginAttributes const *oa = aLoadContextInfo
         ? aLoadContextInfo->OriginAttributesPtr()
         : nullptr;
 
     rv = nsOfflineCacheDevice::BuildApplicationCacheGroupID(
         aManifestURL, oa, _result);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsApplicationCacheService::BuildGroupIDForApp(nsIURI *aManifestURL,
                                               uint32_t aAppId,
                                               bool aIsInBrowser,
                                               nsACString &_result)
 {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
     oa.mAppId = aAppId;
     oa.mInBrowser = aIsInBrowser;
     nsresult rv = nsOfflineCacheDevice::BuildApplicationCacheGroupID(
         aManifestURL, &oa, _result);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
 }
--- a/netwerk/cache/nsDiskCacheDeviceSQL.cpp
+++ b/netwerk/cache/nsDiskCacheDeviceSQL.cpp
@@ -44,17 +44,17 @@
 
 #include "mozilla/Telemetry.h"
 
 #include "sqlite3.h"
 #include "mozilla/storage.h"
 
 using namespace mozilla;
 using namespace mozilla::storage;
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
 
 static const char OFFLINE_CACHE_DEVICE_ID[] = { "offline" };
 
 #define LOG(args) CACHE_LOG_DEBUG(args)
 
 static uint32_t gNextTemporaryClientID = 0;
 
 /*****************************************************************************
@@ -1299,30 +1299,30 @@ GetGroupForCache(const nsCSubstring &cli
   group.Assign(clientID);
   group.Truncate(group.FindChar('|'));
   NS_UnescapeURL(group);
 
   return NS_OK;
 }
 
 void
-AppendJARIdentifier(nsACString &_result, OriginAttributes const *aOriginAttributes)
+AppendJARIdentifier(nsACString &_result, NeckoOriginAttributes const *aOriginAttributes)
 {
   nsAutoCString suffix;
   aOriginAttributes->CreateSuffix(suffix);
   _result.Append('#');
   _result.Append(suffix);
 }
 
 } // namespace
 
 // static
 nsresult
 nsOfflineCacheDevice::BuildApplicationCacheGroupID(nsIURI *aManifestURL,
-                                                   OriginAttributes const *aOriginAttributes,
+                                                   NeckoOriginAttributes const *aOriginAttributes,
                                                    nsACString &_result)
 {
   nsCOMPtr<nsIURI> newURI;
   nsresult rv = aManifestURL->CloneIgnoringRef(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsAutoCString manifestSpec;
   rv = newURI->GetAsciiSpec(manifestSpec);
@@ -2416,21 +2416,21 @@ nsresult
 nsOfflineCacheDevice::DiscardByAppId(int32_t appID, bool browserEntriesOnly)
 {
   nsresult rv;
 
   nsAutoCString jaridsuffix;
 
   jaridsuffix.Append('%');
 
-  // TODO - this method should accept OriginAttributes* from outside instead.
+  // TODO - this method should accept NeckoOriginAttributes* from outside instead.
   // If passed null, we should then delegate to
   // nsCacheService::GlobalInstance()->EvictEntriesInternal(nsICache::STORE_OFFLINE);
 
-  OriginAttributes oa;
+  NeckoOriginAttributes oa;
   oa.mAppId = appID;
   oa.mInBrowser = browserEntriesOnly;
   AppendJARIdentifier(jaridsuffix, &oa);
 
   {
     AutoResetStatement statement(mStatement_EnumerateApps);
     rv = statement->BindUTF8StringByIndex(0, jaridsuffix);
     NS_ENSURE_SUCCESS(rv, rv);
@@ -2500,17 +2500,17 @@ nsOfflineCacheDevice::CanUseCache(nsIURI
     return false;
   }
 
   // Check the groupID we found is equal to groupID based
   // on the load context demanding load from app cache.
   // This is check of extended origin.
   nsAutoCString demandedGroupID;
 
-  const OriginAttributes *oa = loadContextInfo
+  const NeckoOriginAttributes *oa = loadContextInfo
     ? loadContextInfo->OriginAttributesPtr()
     : nullptr;
   rv = BuildApplicationCacheGroupID(groupURI, oa, demandedGroupID);
   NS_ENSURE_SUCCESS(rv, false);
 
   if (groupID != demandedGroupID) {
     return false;
   }
--- a/netwerk/cache/nsDiskCacheDeviceSQL.h
+++ b/netwerk/cache/nsDiskCacheDeviceSQL.h
@@ -20,17 +20,17 @@
 #include "nsClassHashtable.h"
 #include "nsWeakReference.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/Mutex.h"
 
 class nsIURI;
 class nsOfflineCacheDevice;
 class mozIStorageService;
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 class nsApplicationCacheNamespace final : public nsIApplicationCacheNamespace
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSIAPPLICATIONCACHENAMESPACE
 
   nsApplicationCacheNamespace() : mItemType(0) {}
@@ -136,17 +136,17 @@ public:
                                      const nsACString &       key,
                                      bool *                 isOwned);
 
   nsresult                ClearKeysOwnedByDomain(const char *clientID,
                                                  const nsACString &ownerDomain);
   nsresult                EvictUnownedEntries(const char *clientID);
 
   static nsresult         BuildApplicationCacheGroupID(nsIURI *aManifestURL,
-                                                       mozilla::OriginAttributes const *aOriginAttributes,
+                                                       mozilla::NeckoOriginAttributes const *aOriginAttributes,
                                                        nsACString &_result);
 
   nsresult                ActivateCache(const nsCSubstring &group,
                                         const nsCSubstring &clientID);
   bool                    IsActiveCache(const nsCSubstring &group,
                                         const nsCSubstring &clientID);
   nsresult                CreateApplicationCache(const nsACString &group,
                                                  nsIApplicationCache **out);
--- a/netwerk/cache2/AppCacheStorage.cpp
+++ b/netwerk/cache2/AppCacheStorage.cpp
@@ -121,17 +121,17 @@ NS_IMETHODIMP AppCacheStorage::AsyncEvic
 
   nsCOMPtr<nsIApplicationCacheService> appCacheService =
     do_GetService(NS_APPLICATIONCACHESERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (!mAppCache) {
     // TODO - bug 1165256, have an API on nsIApplicationCacheService that takes
     // optional OAs and decides internally what to do.
-    const OriginAttributes* oa = LoadInfo()->OriginAttributesPtr();
+    const NeckoOriginAttributes* oa = LoadInfo()->OriginAttributesPtr();
     if (oa->mAppId == nsILoadContextInfo::NO_APP_ID && !oa->mInBrowser) {
       // Clear everything.
       nsCOMPtr<nsICacheService> serv =
           do_GetService(NS_CACHESERVICE_CONTRACTID, &rv);
       NS_ENSURE_SUCCESS(rv, rv);
 
       rv = nsCacheService::GlobalInstance()->EvictEntriesInternal(nsICache::STORE_OFFLINE);
       NS_ENSURE_SUCCESS(rv, rv);
--- a/netwerk/cache2/CacheFileMetadata.h
+++ b/netwerk/cache2/CacheFileMetadata.h
@@ -141,17 +141,17 @@ public:
 
   nsresult ReadMetadata(CacheFileMetadataListener *aListener);
   uint32_t CalcMetadataSize(uint32_t aElementsSize, uint32_t aHashCount);
   nsresult WriteMetadata(uint32_t aOffset,
                          CacheFileMetadataListener *aListener);
   nsresult SyncReadMetadata(nsIFile *aFile);
 
   bool     IsAnonymous() const { return mAnonymous; }
-  mozilla::OriginAttributes const & OriginAttributes() const { return mOriginAttributes; }
+  mozilla::NeckoOriginAttributes const & OriginAttributes() const { return mOriginAttributes; }
   bool     Pinned() const      { return !!(mMetaHdr.mFlags & kCacheEntryIsPinned); }
 
   const char * GetElement(const char *aKey);
   nsresult     SetElement(const char *aKey, const char *aValue);
   nsresult     Visit(nsICacheEntryMetaDataVisitor *aVisitor);
 
   CacheHash::Hash16_t GetHash(uint32_t aIndex);
   nsresult            SetHash(uint32_t aIndex, CacheHash::Hash16_t aHash);
@@ -208,17 +208,17 @@ private:
   uint32_t                            mBufSize;
   char                               *mWriteBuf;
   CacheFileMetadataHeader             mMetaHdr;
   uint32_t                            mElementsSize;
   bool                                mIsDirty        : 1;
   bool                                mAnonymous      : 1;
   bool                                mAllocExactSize : 1;
   bool                                mFirstRead      : 1;
-  mozilla::OriginAttributes           mOriginAttributes;
+  mozilla::NeckoOriginAttributes      mOriginAttributes;
   mozilla::TimeStamp                  mReadStart;
   nsCOMPtr<CacheFileMetadataListener> mListener;
 };
 
 
 } // namespace net
 } // namespace mozilla
 
--- a/netwerk/cache2/CacheFileUtils.cpp
+++ b/netwerk/cache2/CacheFileUtils.cpp
@@ -32,17 +32,17 @@ public:
     , isAnonymous(false)
     // Initialize the cache key to a zero length by default
     , lastTag(0)
   {
   }
 
 private:
   // Results
-  OriginAttributes originAttribs;
+  NeckoOriginAttributes originAttribs;
   bool isPrivate;
   bool isAnonymous;
   nsCString idEnhance;
   nsDependentCSubstring cacheKey;
 
   // Keeps the last tag name, used for alphabetical sort checking
   char lastTag;
 
@@ -201,17 +201,17 @@ AppendKeyPrefix(nsILoadContextInfo* aInf
   /**
    * This key is used to salt file hashes.  When form of the key is changed
    * cache entries will fail to find on disk.
    *
    * IMPORTANT NOTE:
    * Keep the attributes list sorted according their ASCII code.
    */
 
-  OriginAttributes const *oa = aInfo->OriginAttributesPtr();
+  NeckoOriginAttributes const *oa = aInfo->OriginAttributesPtr();
   nsAutoCString suffix;
   oa->CreateSuffix(suffix);
   if (!suffix.IsEmpty()) {
     AppendTagWithValue(_retval, 'O', suffix);
   }
 
   if (aInfo->IsAnonymous()) {
     _retval.AppendLiteral("a,");
--- a/netwerk/cache2/CacheObserver.cpp
+++ b/netwerk/cache2/CacheObserver.cpp
@@ -390,17 +390,17 @@ void CacheObserver::ParentDirOverride(ns
   sSelf->mCacheParentDirectoryOverride->Clone(aDir);
 }
 
 namespace {
 namespace CacheStorageEvictHelper {
 
 nsresult ClearStorage(bool const aPrivate,
                       bool const aAnonymous,
-                      OriginAttributes const &aOa)
+                      NeckoOriginAttributes const &aOa)
 {
   nsresult rv;
 
   RefPtr<LoadContextInfo> info = GetLoadContextInfo(aPrivate, aAnonymous, aOa);
 
   nsCOMPtr<nsICacheStorage> storage;
   RefPtr<CacheStorageService> service = CacheStorageService::Self();
   NS_ENSURE_TRUE(service, NS_ERROR_FAILURE);
@@ -415,17 +415,17 @@ nsresult ClearStorage(bool const aPrivat
   rv = service->MemoryCacheStorage(info, getter_AddRefs(storage));
   NS_ENSURE_SUCCESS(rv, rv);
   rv = storage->AsyncEvictStorage(nullptr);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NS_OK;
 }
 
-nsresult Run(OriginAttributes const &aOa)
+nsresult Run(NeckoOriginAttributes const &aOa)
 {
   nsresult rv;
 
   // Clear all [private X anonymous] combinations
   rv = ClearStorage(false, false, aOa);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = ClearStorage(false, true, aOa);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -510,19 +510,19 @@ CacheObserver::Observe(nsISupports* aSub
     RefPtr<CacheStorageService> service = CacheStorageService::Self();
     if (service)
       service->DropPrivateBrowsingEntries();
 
     return NS_OK;
   }
 
   if (!strcmp(aTopic, "clear-origin-data")) {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
     if (!oa.Init(nsDependentString(aData))) {
-      NS_ERROR("Could not parse OriginAttributes JSON in clear-origin-data notification");
+      NS_ERROR("Could not parse NeckoOriginAttributes JSON in clear-origin-data notification");
       return NS_OK;
     }
 
     nsresult rv = CacheStorageEvictHelper::Run(oa);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
   }
--- a/netwerk/cache2/OldWrappers.cpp
+++ b/netwerk/cache2/OldWrappers.cpp
@@ -523,17 +523,17 @@ NS_IMETHODIMP _OldCacheEntryWrapper::Vis
 
 namespace {
 
 nsresult
 GetCacheSessionNameForStoragePolicy(
         nsCSubstring const &scheme,
         nsCacheStoragePolicy storagePolicy,
         bool isPrivate,
-        OriginAttributes const *originAttribs,
+        NeckoOriginAttributes const *originAttribs,
         nsACString& sessionName)
 {
   MOZ_ASSERT(!isPrivate || storagePolicy == nsICache::STORE_IN_MEMORY);
 
   // HTTP
   if (scheme.EqualsLiteral("http") ||
       scheme.EqualsLiteral("https")) {
     switch (storagePolicy) {
--- a/netwerk/cookie/CookieServiceParent.cpp
+++ b/netwerk/cookie/CookieServiceParent.cpp
@@ -14,32 +14,36 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrivateBrowsingChannel.h"
 #include "nsNetCID.h"
 #include "nsPrintfCString.h"
 #include "SerializedLoadContext.h"
 
 using namespace mozilla::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::dom::PContentParent;
 using mozilla::net::NeckoParent;
 
 namespace {
 
 // Ignore failures from this function, as they only affect whether we do or
 // don't show a dialog box in private browsing mode if the user sets a pref.
 void
-CreateDummyChannel(nsIURI* aHostURI, OriginAttributes &aAttrs, bool aIsPrivate,
-                   nsIChannel **aChannel)
+CreateDummyChannel(nsIURI* aHostURI, NeckoOriginAttributes& aAttrs, bool aIsPrivate,
+                   nsIChannel** aChannel)
 {
   MOZ_ASSERT(aAttrs.mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
 
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromNecko(aAttrs);
+
   nsCOMPtr<nsIPrincipal> principal =
-    BasePrincipal::CreateCodebasePrincipal(aHostURI, aAttrs);
+    BasePrincipal::CreateCodebasePrincipal(aHostURI, attrs);
   if (!principal) {
     return;
   }
 
   nsCOMPtr<nsIURI> dummyURI;
   nsresult rv = NS_NewURI(getter_AddRefs(dummyURI), "about:blank");
   if (NS_FAILED(rv)) {
       return;
@@ -61,34 +65,37 @@ CreateDummyChannel(nsIURI* aHostURI, Ori
 }
 
 namespace mozilla {
 namespace net {
 
 MOZ_WARN_UNUSED_RESULT
 bool
 CookieServiceParent::GetOriginAttributesFromParams(const IPC::SerializedLoadContext &aLoadContext,
-                                                   OriginAttributes& aAttrs,
+                                                   NeckoOriginAttributes& aAttrs,
                                                    bool& aIsPrivate)
 {
   aIsPrivate = false;
 
+  DocShellOriginAttributes docShellAttrs;
   const char* error = NeckoParent::GetValidatedAppInfo(aLoadContext,
                                                        Manager()->Manager(),
-                                                       aAttrs);
+                                                       docShellAttrs);
   if (error) {
     NS_WARNING(nsPrintfCString("CookieServiceParent: GetOriginAttributesFromParams: "
                                "FATAL error: %s: KILLING CHILD PROCESS\n",
                                error).get());
     return false;
   }
 
   if (aLoadContext.IsPrivateBitValid()) {
     aIsPrivate = aLoadContext.mUsePrivateBrowsing;
   }
+
+  aAttrs.InheritFromDocShellToNecko(docShellAttrs);
   return true;
 }
 
 CookieServiceParent::CookieServiceParent()
 {
   // Instantiate the cookieservice via the service manager, so it sticks around
   // until shutdown.
   nsCOMPtr<nsICookieService> cs = do_GetService(NS_COOKIESERVICE_CONTRACTID);
@@ -121,17 +128,17 @@ CookieServiceParent::RecvGetCookieString
     return true;
 
   // Deserialize URI. Having a host URI is mandatory and should always be
   // provided by the child; thus we consider failure fatal.
   nsCOMPtr<nsIURI> hostURI = DeserializeURI(aHost);
   if (!hostURI)
     return false;
 
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool isPrivate;
   bool valid = GetOriginAttributesFromParams(aLoadContext, attrs, isPrivate);
   if (!valid) {
     return false;
   }
 
   mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aFromHttp, attrs,
                                           isPrivate, *aResult);
@@ -151,17 +158,17 @@ CookieServiceParent::RecvSetCookieString
     return true;
 
   // Deserialize URI. Having a host URI is mandatory and should always be
   // provided by the child; thus we consider failure fatal.
   nsCOMPtr<nsIURI> hostURI = DeserializeURI(aHost);
   if (!hostURI)
     return false;
 
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool isPrivate;
   bool valid = GetOriginAttributesFromParams(aLoadContext, attrs, isPrivate);
   if (!valid) {
     return false;
   }
 
   // This is a gross hack. We've already computed everything we need to know
   // for whether to set this cookie or not, but we need to communicate all of
--- a/netwerk/cookie/CookieServiceParent.h
+++ b/netwerk/cookie/CookieServiceParent.h
@@ -5,31 +5,31 @@
 
 #ifndef mozilla_net_CookieServiceParent_h
 #define mozilla_net_CookieServiceParent_h
 
 #include "mozilla/net/PCookieServiceParent.h"
 #include "SerializedLoadContext.h"
 
 class nsCookieService;
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 namespace mozilla {
 namespace net {
 
 class CookieServiceParent : public PCookieServiceParent
 {
 public:
   CookieServiceParent();
   virtual ~CookieServiceParent();
 
 protected:
   MOZ_WARN_UNUSED_RESULT bool
   GetOriginAttributesFromParams(const IPC::SerializedLoadContext &aLoadContext,
-                                OriginAttributes& aAttrs,
+                                NeckoOriginAttributes& aAttrs,
                                 bool& aIsPrivate);
 
   virtual void ActorDestroy(ActorDestroyReason aWhy) override;
 
   virtual bool RecvGetCookieString(const URIParams& aHost,
                                    const bool& aIsForeign,
                                    const bool& aFromHttp,
                                    const IPC::SerializedLoadContext&
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -56,17 +56,17 @@
 using namespace mozilla;
 using namespace mozilla::net;
 
 // Create key from baseDomain that will access the default cookie namespace.
 // TODO: When we figure out what the API will look like for nsICookieManager{2}
 // on content processes (see bug 777620), change to use the appropriate app
 // namespace.  For now those IDLs aren't supported on child processes.
 #define DEFAULT_APP_KEY(baseDomain) \
-        nsCookieKey(baseDomain, OriginAttributes())
+        nsCookieKey(baseDomain, NeckoOriginAttributes())
 
 /******************************************************************************
  * nsCookieService impl:
  * useful types & constants
  ******************************************************************************/
 
 static nsCookieService *gCookieService;
 
@@ -568,17 +568,17 @@ public:
 
   // nsIObserver implementation.
   NS_IMETHODIMP
   Observe(nsISupports *aSubject, const char *aTopic, const char16_t *aData) override
   {
     MOZ_ASSERT(!nsCRT::strcmp(aTopic, TOPIC_CLEAR_ORIGIN_DATA));
 
     MOZ_ASSERT(XRE_IsParentProcess());
-    OriginAttributes attrs;
+    NeckoOriginAttributes attrs;
     MOZ_ALWAYS_TRUE(attrs.Init(nsDependentString(aData)));
 
     nsCOMPtr<nsICookieManager2> cookieManager
       = do_GetService(NS_COOKIEMANAGER_CONTRACTID);
     MOZ_ASSERT(cookieManager);
 
     // TODO: We should add a new interface RemoveCookiesForOriginAttributes in
     // nsICookieManager2 and use it instead of RemoveCookiesForApp.
@@ -828,17 +828,17 @@ ConvertAppIdToOriginAttrsSQLFunction::On
 
   rv = aFunctionArguments->GetInt32(0, &appId);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = aFunctionArguments->GetInt32(1, &inBrowser);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Create an originAttributes object by appId and inBrowserElemnt.
   // Then create the originSuffix string from this object.
-  OriginAttributes attrs(appId, (inBrowser ? 1 : 0));
+  NeckoOriginAttributes attrs(appId, (inBrowser ? 1 : 0));
   nsAutoCString suffix;
   attrs.CreateSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsAUTF8String(suffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
   outVar.forget(aResult);
@@ -856,17 +856,17 @@ class SetAppIdFromOriginAttributesSQLFun
 NS_IMPL_ISUPPORTS(SetAppIdFromOriginAttributesSQLFunction, mozIStorageFunction);
 
 NS_IMETHODIMP
 SetAppIdFromOriginAttributesSQLFunction::OnFunctionCall(
   mozIStorageValueArray* aFunctionArguments, nsIVariant** aResult)
 {
   nsresult rv;
   nsAutoCString suffix;
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
 
   rv = aFunctionArguments->GetUTF8String(0, suffix);
   NS_ENSURE_SUCCESS(rv, rv);
   attrs.PopulateFromSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsInt32(attrs.mAppId);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -888,17 +888,17 @@ NS_IMPL_ISUPPORTS(SetInBrowserFromOrigin
                   mozIStorageFunction);
 
 NS_IMETHODIMP
 SetInBrowserFromOriginAttributesSQLFunction::OnFunctionCall(
   mozIStorageValueArray* aFunctionArguments, nsIVariant** aResult)
 {
   nsresult rv;
   nsAutoCString suffix;
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
 
   rv = aFunctionArguments->GetUTF8String(0, suffix);
   NS_ENSURE_SUCCESS(rv, rv);
   attrs.PopulateFromSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsInt32(attrs.mInBrowser);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -1890,17 +1890,17 @@ nsCookieService::GetCookieStringCommon(n
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookie);
 
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
 
   // Get originAttributes.
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
 
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
 
   nsAutoCString result;
   GetCookieStringInternal(aHostURI, isForeign, aHttpBound, attrs,
@@ -1963,17 +1963,17 @@ nsCookieService::SetCookieStringCommon(n
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookieHeader);
 
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
 
   // Get originAttributes.
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
 
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
 
   nsDependentCString cookieString(aCookieHeader);
   nsDependentCString serverTime(aServerTime ? aServerTime : "");
@@ -1984,17 +1984,17 @@ nsCookieService::SetCookieStringCommon(n
 }
 
 void
 nsCookieService::SetCookieStringInternal(nsIURI                 *aHostURI,
                                          bool                    aIsForeign,
                                          nsDependentCString     &aCookieHeader,
                                          const nsCString        &aServerTime,
                                          bool                    aFromHttp,
-                                         const OriginAttributes &aOriginAttrs,
+                                         const NeckoOriginAttributes &aOriginAttrs,
                                          bool                    aIsPrivate,
                                          nsIChannel             *aChannel)
 {
   NS_ASSERTION(aHostURI, "null host!");
 
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
@@ -2295,17 +2295,17 @@ nsCookieService::Add(const nsACString &a
   }
 
   AddInternal(DEFAULT_APP_KEY(baseDomain), cookie, currentTimeInUsec, nullptr, nullptr, true);
   return NS_OK;
 }
 
 
 nsresult
-nsCookieService::Remove(const nsACString& aHost, const OriginAttributes& aAttrs,
+nsCookieService::Remove(const nsACString& aHost, const NeckoOriginAttributes& aAttrs,
                         const nsACString& aName, const nsACString& aPath,
                         bool aBlocked)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
 
@@ -2353,17 +2353,17 @@ nsCookieService::Remove(const nsACString
 }
 
 NS_IMETHODIMP
 nsCookieService::Remove(const nsACString &aHost,
                         const nsACString &aName,
                         const nsACString &aPath,
                         bool             aBlocked)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   return Remove(aHost, attrs, aName, aPath, aBlocked);
 }
 
 /******************************************************************************
  * nsCookieService impl:
  * private file I/O functions
  ******************************************************************************/
 
@@ -2677,17 +2677,17 @@ nsCookieService::EnsureReadComplete()
 
     if (!hasResult)
       break;
 
     // Make sure we haven't already read the data.
     stmt->GetUTF8String(IDX_BASE_DOMAIN, baseDomain);
 
     nsAutoCString suffix;
-    OriginAttributes attrs;
+    NeckoOriginAttributes attrs;
     stmt->GetUTF8String(IDX_ORIGIN_ATTRIBUTES, suffix);
     attrs.PopulateFromSuffix(suffix);
 
     nsCookieKey key(baseDomain, attrs);
     if (mDefaultDBState->readSet.GetEntry(key))
       continue;
 
     CookieDomainTuple* tuple = array.AppendElement();
@@ -2826,17 +2826,17 @@ nsCookieService::ImportCookies(nsIFile *
     }
 
     // compute the baseDomain from the host
     rv = GetBaseDomainFromHost(host, baseDomain);
     if (NS_FAILED(rv))
       continue;
 
     // pre-existing cookies have appId=0, inBrowser=false set by default
-    // constructor of OriginAttributes().
+    // constructor of NeckoOriginAttributes().
     nsCookieKey key = DEFAULT_APP_KEY(baseDomain);
 
     // Create a new nsCookie and assign the data. We don't know the cookie
     // creation time, so just use the current time to generate a unique one.
     RefPtr<nsCookie> newCookie =
       nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
                        Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
                        host,
@@ -2917,17 +2917,17 @@ public:
     return aCookie1->CreationTime() < aCookie2->CreationTime();
   }
 };
 
 void
 nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
                                          bool aIsForeign,
                                          bool aHttpBound,
-                                         const OriginAttributes aOriginAttrs,
+                                         const NeckoOriginAttributes aOriginAttrs,
                                          bool aIsPrivate,
                                          nsCString &aCookieString)
 {
   NS_ASSERTION(aHostURI, "null host!");
 
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
@@ -4325,17 +4325,17 @@ nsCookieService::RemoveCookiesForApp(uin
     // A simple solution is to always ask to remove the cookie with
     // inBrowserElement = true and only ask for the other one to be removed if
     // we happen to be in the case of !aOnlyBrowserElement.
     // Anyway, with this solution, we will likely be looking for unexistant
     // cookies.
     //
     // NOTE: we could make this better by getting nsCookieEntry objects instead
     // of plain nsICookie.
-    OriginAttributes attrs(aAppId, true);
+    NeckoOriginAttributes attrs(aAppId, true);
     Remove(host, attrs, name, path, false);
     if (!aOnlyBrowserElement) {
       attrs.mInBrowser = false;
       Remove(host, attrs, name, path, false);
     }
   }
 
   return NS_OK;
--- a/netwerk/cookie/nsCookieService.h
+++ b/netwerk/cookie/nsCookieService.h
@@ -27,17 +27,17 @@
 #include "mozIStorageStatementCallback.h"
 #include "mozIStorageFunction.h"
 #include "nsIVariant.h"
 #include "nsIFile.h"
 #include "mozilla/BasePrincipal.h"
 
 #include "mozilla/MemoryReporting.h"
 
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
 
 class nsICookiePermission;
 class nsIEffectiveTLDService;
 class nsIIDNService;
 class nsIPrefBranch;
 class nsIObserverService;
 class nsIURI;
 class nsIChannel;
@@ -60,17 +60,17 @@ class nsCookieKey : public PLDHashEntryH
 {
 public:
   typedef const nsCookieKey& KeyType;
   typedef const nsCookieKey* KeyTypePointer;
 
   nsCookieKey()
   {}
 
-  nsCookieKey(const nsCString &baseDomain, const OriginAttributes &attrs)
+  nsCookieKey(const nsCString &baseDomain, const NeckoOriginAttributes &attrs)
     : mBaseDomain(baseDomain)
     , mOriginAttributes(attrs)
   {}
 
   explicit nsCookieKey(KeyTypePointer other)
     : mBaseDomain(other->mBaseDomain)
     , mOriginAttributes(other->mOriginAttributes)
   {}
@@ -105,17 +105,17 @@ public:
     return mozilla::HashString(temp);
   }
 
   size_t SizeOfExcludingThis(mozilla::MallocSizeOf aMallocSizeOf) const;
 
   enum { ALLOW_MEMMOVE = true };
 
   nsCString        mBaseDomain;
-  OriginAttributes mOriginAttributes;
+  NeckoOriginAttributes mOriginAttributes;
 };
 
 // Inherit from nsCookieKey so this can be stored in nsTHashTable
 // TODO: why aren't we using nsClassHashTable<nsCookieKey, ArrayType>?
 class nsCookieEntry : public nsCookieKey
 {
   public:
     // Hash methods
@@ -287,19 +287,19 @@ class nsCookieService final : public nsI
     void                          AsyncReadComplete();
     void                          CancelAsyncRead(bool aPurgeReadSet);
     void                          EnsureReadDomain(const nsCookieKey &aKey);
     void                          EnsureReadComplete();
     nsresult                      NormalizeHost(nsCString &aHost);
     nsresult                      GetBaseDomain(nsIURI *aHostURI, nsCString &aBaseDomain, bool &aRequireHostMatch);
     nsresult                      GetBaseDomainFromHost(const nsACString &aHost, nsCString &aBaseDomain);
     nsresult                      GetCookieStringCommon(nsIURI *aHostURI, nsIChannel *aChannel, bool aHttpBound, char** aCookie);
-  void                            GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aHttpBound, const OriginAttributes aOriginAttrs, bool aIsPrivate, nsCString &aCookie);
+  void                            GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aHttpBound, const NeckoOriginAttributes aOriginAttrs, bool aIsPrivate, nsCString &aCookie);
     nsresult                      SetCookieStringCommon(nsIURI *aHostURI, const char *aCookieHeader, const char *aServerTime, nsIChannel *aChannel, bool aFromHttp);
-  void                            SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, bool aIsPrivate, nsIChannel* aChannel);
+  void                            SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const NeckoOriginAttributes &aOriginAttrs, bool aIsPrivate, nsIChannel* aChannel);
     bool                          SetCookieInternal(nsIURI *aHostURI, const nsCookieKey& aKey, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel);
     void                          AddInternal(const nsCookieKey& aKey, nsCookie *aCookie, int64_t aCurrentTimeInUsec, nsIURI *aHostURI, const char *aCookieHeader, bool aFromHttp);
     void                          RemoveCookieFromList(const nsListIter &aIter, mozIStorageBindingParamsArray *aParamsArray = nullptr);
     void                          AddCookieToList(const nsCookieKey& aKey, nsCookie *aCookie, DBState *aDBState, mozIStorageBindingParamsArray *aParamsArray, bool aWriteToDB = true);
     void                          UpdateCookieInList(nsCookie *aCookie, int64_t aLastAccessed, mozIStorageBindingParamsArray *aParamsArray);
     static bool                   GetTokenValue(nsASingleFragmentCString::const_char_iterator &aIter, nsASingleFragmentCString::const_char_iterator &aEndIter, nsDependentCSubstring &aTokenString, nsDependentCSubstring &aTokenValue, bool &aEqualsFound);
     static bool                   ParseAttributes(nsDependentCString &aCookieHeader, nsCookieAttributes &aCookie);
     bool                          RequireThirdPartyCheck();
@@ -315,20 +315,20 @@ class nsCookieService final : public nsI
     void                          NotifyThirdParty(nsIURI *aHostURI, bool aAccepted, nsIChannel *aChannel);
     void                          NotifyChanged(nsISupports *aSubject, const char16_t *aData);
     void                          NotifyPurged(nsICookie2* aCookie);
     already_AddRefed<nsIArray>    CreatePurgeList(nsICookie2* aCookie);
     void                          UpdateCookieOldestTime(DBState* aDBState, nsCookie* aCookie);
 
     /**
      * This method is a helper that allows calling nsICookieManager::Remove()
-     * with OriginAttributes parameter.
+     * with NeckoOriginAttributes parameter.
      * NOTE: this could be added to a public interface if we happen to need it.
      */
-    nsresult Remove(const nsACString& aHost, const OriginAttributes& aAttrs,
+    nsresult Remove(const nsACString& aHost, const NeckoOriginAttributes& aAttrs,
                     const nsACString& aName, const nsACString& aPath,
                     bool aBlocked);
 
   protected:
     // cached members.
     nsCOMPtr<nsICookiePermission>    mPermissionService;
     nsCOMPtr<mozIThirdPartyUtil>     mThirdPartyUtil;
     nsCOMPtr<nsIEffectiveTLDService> mTLDService;
--- a/netwerk/ipc/NeckoChannelParams.ipdlh
+++ b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -7,16 +7,17 @@
 
 include protocol PHttpChannel;
 include protocol PFTPChannel;
 include protocol PRtspChannel;
 include URIParams;
 include InputStreamParams;
 include PBackgroundSharedTypes;
 
+using mozilla::NeckoOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 using struct mozilla::void_t from "ipc/IPCMessageUtils.h";
 using RequestHeaderTuples from "mozilla/net/PHttpChannelParams.h";
 using struct nsHttpAtom from "nsHttp.h";
 using class nsHttpResponseHead from "nsHttpResponseHead.h";
 
 namespace mozilla {
 namespace net {
 
@@ -32,17 +33,17 @@ struct LoadInfoArgs
   uint32_t         contentPolicyType;
   bool             upgradeInsecureRequests;
   bool             upgradeInsecurePreloads;
   uint64_t         innerWindowID;
   uint64_t         outerWindowID;
   uint64_t         parentOuterWindowID;
   bool             enforceSecurity;
   bool             initialSecurityCheckDone;
-  OriginAttributes originAttributes;
+  NeckoOriginAttributes originAttributes;
   PrincipalInfo[]  redirectChainIncludingInternalRedirects;
   PrincipalInfo[]  redirectChain;
 };
 
 /**
  * Not every channel necessarily has a loadInfo attached.
  */
 union OptionalLoadInfoArgs
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -40,17 +40,18 @@
 #include "nsAuthInformationHolder.h"
 #include "nsIAuthPromptCallback.h"
 #include "nsPrincipal.h"
 #include "nsIOService.h"
 #include "nsINetworkPredictor.h"
 #include "mozilla/net/OfflineObserver.h"
 #include "nsISpeculativeConnect.h"
 
-using mozilla::OriginAttributes;
+using mozilla::DocShellOriginAttributes;
+using mozilla::NeckoOriginAttributes;
 using mozilla::dom::ContentParent;
 using mozilla::dom::TabContext;
 using mozilla::dom::TabParent;
 using mozilla::net::PTCPSocketParent;
 using mozilla::dom::TCPSocketParent;
 using mozilla::net::PTCPServerSocketParent;
 using mozilla::dom::TCPServerSocketParent;
 using mozilla::net::PUDPSocketParent;
@@ -106,17 +107,17 @@ PBOverrideStatusFromLoadContext(const Se
       kPBOverride_NotPrivate;
   }
   return kPBOverride_Unset;
 }
 
 const char*
 NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                                  PContentParent* aContent,
-                                 OriginAttributes& aAttrs)
+                                 DocShellOriginAttributes& aAttrs)
 {
   if (UsingNeckoIPCSecurity()) {
     if (!aSerialized.IsNotNull()) {
       return "SerializedLoadContext from child is null";
     }
   }
 
   nsTArray<TabContext> contextArray =
@@ -143,45 +144,45 @@ NeckoParent::GetValidatedAppInfo(const S
         // namespace if just appID==0)
         continue;
       }
     }
     if (!aSerialized.mOriginAttributes.mSignedPkg.IsEmpty() &&
         aSerialized.mOriginAttributes.mSignedPkg != tabContext.OriginAttributesRef().mSignedPkg) {
       continue;
     }
-    aAttrs = OriginAttributes(appId, inBrowserElement);
+    aAttrs = DocShellOriginAttributes(appId, inBrowserElement);
     aAttrs.mSignedPkg = tabContext.OriginAttributesRef().mSignedPkg;
     return nullptr;
   }
 
   if (contextArray.Length() != 0) {
     return "App does not have permission";
   }
 
   if (!UsingNeckoIPCSecurity()) {
     // We are running xpcshell tests
     if (aSerialized.IsNotNull()) {
       aAttrs = aSerialized.mOriginAttributes;
     } else {
-      aAttrs = OriginAttributes(NECKO_NO_APP_ID, false);
+      aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
     }
     return nullptr;
   }
 
   return "ContentParent does not have any PBrowsers";
 }
 
 const char *
 NeckoParent::CreateChannelLoadContext(const PBrowserOrId& aBrowser,
                                       PContentParent* aContent,
                                       const SerializedLoadContext& aSerialized,
                                       nsCOMPtr<nsILoadContext> &aResult)
 {
-  OriginAttributes attrs;
+  DocShellOriginAttributes attrs;
   const char* error = GetValidatedAppInfo(aSerialized, aContent, attrs);
   if (error) {
     return error;
   }
 
   // if !UsingNeckoIPCSecurity(), we may not have a LoadContext to set. This is
   // the common case for most xpcshell tests.
   if (aSerialized.IsNotNull()) {
@@ -893,17 +894,17 @@ NeckoParent::RecvPredPredict(const ipc::
                              const bool& hasVerifier)
 {
   nsCOMPtr<nsIURI> targetURI = DeserializeURI(aTargetURI);
   nsCOMPtr<nsIURI> sourceURI = DeserializeURI(aSourceURI);
 
   // We only actually care about the loadContext.mPrivateBrowsing, so we'll just
   // pass dummy params for nestFrameId, and originAttributes.
   uint64_t nestedFrameId = 0;
-  OriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
+  DocShellOriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
   nsCOMPtr<nsILoadContext> loadContext;
   if (aLoadContext.IsNotNull()) {
     loadContext = new LoadContext(aLoadContext, nestedFrameId, attrs);
   }
 
   // Get the current predictor
   nsresult rv = NS_OK;
   nsCOMPtr<nsINetworkPredictor> predictor =
@@ -925,17 +926,17 @@ NeckoParent::RecvPredLearn(const ipc::UR
                            const SerializedLoadContext& aLoadContext)
 {
   nsCOMPtr<nsIURI> targetURI = DeserializeURI(aTargetURI);
   nsCOMPtr<nsIURI> sourceURI = DeserializeURI(aSourceURI);
 
   // We only actually care about the loadContext.mPrivateBrowsing, so we'll just
   // pass dummy params for nestFrameId, and originAttributes;
   uint64_t nestedFrameId = 0;
-  OriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
+  DocShellOriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
   nsCOMPtr<nsILoadContext> loadContext;
   if (aLoadContext.IsNotNull()) {
     loadContext = new LoadContext(aLoadContext, nestedFrameId, attrs);
   }
 
   // Get the current predictor
   nsresult rv = NS_OK;
   nsCOMPtr<nsINetworkPredictor> predictor =
--- a/netwerk/ipc/NeckoParent.h
+++ b/netwerk/ipc/NeckoParent.h
@@ -34,17 +34,17 @@ class NeckoParent
 public:
   NeckoParent();
   virtual ~NeckoParent();
 
   MOZ_WARN_UNUSED_RESULT
   static const char *
   GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                       PContentParent* aBrowser,
-                      mozilla::OriginAttributes& aAttrs);
+                      mozilla::DocShellOriginAttributes& aAttrs);
 
   /*
    * Creates LoadContext for parent-side of an e10s channel.
    *
    * PContentParent corresponds to the process that is requesting the load.
    *
    * Returns null if successful, or an error string if failed.
    */
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -36,17 +36,16 @@
 #include "nsQueryObject.h"
 #include "mozilla/BasePrincipal.h"
 #include "nsCORSListenerProxy.h"
 #include "nsIPrompt.h"
 #include "nsIWindowWatcher.h"
 #include "nsIDocument.h"
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
 using namespace mozilla::dom;
 using namespace mozilla::ipc;
 
 namespace mozilla {
 namespace net {
 
 HttpChannelParent::HttpChannelParent(const PBrowserOrId& iframeEmbedding,
                                      nsILoadContext* aLoadContext,
@@ -555,21 +554,28 @@ HttpChannelParent::DoAsyncOpen(  const U
                                                 getter_AddRefs(appCache));
       if (NS_SUCCEEDED(rv)) {
         appCacheChan->SetApplicationCache(appCache);
         setChooseApplicationCache = false;
       }
     }
 
     if (setChooseApplicationCache) {
-      OriginAttributes attrs;
+      DocShellOriginAttributes docShellAttrs;
       if (mLoadContext) {
-        attrs.CopyFromLoadContext(mLoadContext);
+        bool result = mLoadContext->GetOriginAttributes(docShellAttrs);
+        if (!result) {
+          return SendFailedAsyncOpen(NS_ERROR_FAILURE);
+        }
       }
 
+      NeckoOriginAttributes neckoAttrs;
+      neckoAttrs.InheritFromDocShellToNecko(docShellAttrs);
+      PrincipalOriginAttributes attrs;
+      attrs.InheritFromNecko(neckoAttrs);
       nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
 
       bool chooseAppCache = false;
       // This works because we've already called SetNotificationCallbacks and
       // done mPBOverride logic by this point.
       chooseAppCache = NS_ShouldCheckAppCache(principal, NS_UsePrivateBrowsing(mChannel));
 
--- a/netwerk/protocol/http/PackagedAppService.cpp
+++ b/netwerk/protocol/http/PackagedAppService.cpp
@@ -901,17 +901,17 @@ PackagedAppService::PackagedAppDownloade
 
   mRequesters.Clear();
 }
 
 static bool
 AddPackageIdToOrigin(nsACString& aOrigin, const nsACString& aPackageId)
 {
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::NeckoOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return false;
   }
 
   attrs.mSignedPkg = NS_ConvertUTF8toUTF16(aPackageId);
   nsAutoCString suffixWithPackageId;
   attrs.CreateSuffix(suffixWithPackageId);
   aOrigin = originNoSuffix + suffixWithPackageId;
--- a/netwerk/protocol/http/PackagedAppVerifier.cpp
+++ b/netwerk/protocol/http/PackagedAppVerifier.cpp
@@ -76,17 +76,17 @@ NS_IMETHODIMP PackagedAppVerifier::Init(
   mListener = aListener;
   mState = STATE_UNKNOWN;
   mSignature = aSignature;
   mIsPackageSigned = false;
   mPackageCacheEntry = aPackageCacheEntry;
   mIsFirstResource = true;
   mManifest = EmptyCString();
 
-  OriginAttributes().PopulateFromOrigin(aPackageOrigin, mPackageOrigin);
+  NeckoOriginAttributes().PopulateFromOrigin(aPackageOrigin, mPackageOrigin);
   mBypassVerification = (mPackageOrigin ==
       Preferences::GetCString("network.http.signed-packages.trusted-origin"));
 
   LOG(("mBypassVerification = %d\n", mBypassVerification));
   LOG(("mPackageOrigin = %s\n", mPackageOrigin.get()));
 
   nsresult rv;
   mPackagedAppUtils = do_CreateInstance(NS_PACKAGEDAPPUTILS_CONTRACTID, &rv);
--- a/netwerk/protocol/http/nsHttpAuthCache.cpp
+++ b/netwerk/protocol/http/nsHttpAuthCache.cpp
@@ -287,18 +287,18 @@ RemoveEntriesForPattern(PLHashEntry *ent
     nsDependentCString key(static_cast<const char*>(entry->key));
 
     // Extract the origin attributes suffix from the key.
     int32_t colon = key.Find(NS_LITERAL_CSTRING(":"));
     MOZ_ASSERT(colon != kNotFound);
     nsDependentCSubstring oaSuffix;
     oaSuffix.Rebind(key.BeginReading(), colon);
 
-    // Build the OriginAttributes object of it...
-    OriginAttributes oa;
+    // Build the NeckoOriginAttributes object of it...
+    NeckoOriginAttributes oa;
     DebugOnly<bool> rv = oa.PopulateFromSuffix(oaSuffix);
     MOZ_ASSERT(rv);
 
     // ...and match it against the given pattern.
     OriginAttributesPattern const *pattern = static_cast<OriginAttributesPattern const*>(arg);
     if (pattern->Matches(oa)) {
         return HT_ENUMERATE_NEXT | HT_ENUMERATE_REMOVE;
     }
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -38,17 +38,17 @@ namespace net {
 
 #define HTTP_AUTH_DIALOG_TOP_LEVEL_DOC 0
 #define HTTP_AUTH_DIALOG_SAME_ORIGIN_SUBRESOURCE 1
 #define HTTP_AUTH_DIALOG_CROSS_ORIGIN_SUBRESOURCE 2
 
 static void
 GetOriginAttributesSuffix(nsIChannel* aChan, nsACString &aSuffix)
 {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
 
     // Deliberately ignoring the result and going with defaults
     if (aChan) {
         NS_GetOriginAttributes(aChan, oa);
     }
 
     oa.CreateSuffix(aSuffix);
 }
--- a/netwerk/protocol/wyciwyg/nsWyciwygChannel.h
+++ b/netwerk/protocol/wyciwyg/nsWyciwygChannel.h
@@ -82,17 +82,17 @@ protected:
     nsresult                            mStatus;
     bool                                mIsPending;
     bool                                mCharsetAndSourceSet;
     bool                                mNeedToWriteCharset;
     int32_t                             mCharsetSource;
     nsCString                           mCharset;
     int64_t                             mContentLength;
     uint32_t                            mLoadFlags;
-    mozilla::OriginAttributes           mOriginAttributes;
+    mozilla::NeckoOriginAttributes      mOriginAttributes;
     nsCOMPtr<nsIURI>                    mURI;
     nsCOMPtr<nsIURI>                    mOriginalURI;
     nsCOMPtr<nsISupports>               mOwner;
     nsCOMPtr<nsILoadInfo>               mLoadInfo;
     nsCOMPtr<nsIInterfaceRequestor>     mCallbacks;
     nsCOMPtr<nsIProgressEventSink>      mProgressSink;
     nsCOMPtr<nsILoadGroup>              mLoadGroup;
     nsCOMPtr<nsIStreamListener>         mListener;
--- a/netwerk/test/mochitests/mochitest.ini
+++ b/netwerk/test/mochitests/mochitest.ini
@@ -28,8 +28,10 @@ skip-if = e10s
 [test_signed_web_packaged_app.html]
 skip-if = e10s || buildapp != 'browser'
 [test_signed_web_packaged_app_origin.html]
 skip-if = e10s || buildapp != 'browser'
 [test_web_packaged_app.html]
 [test_loadinfo_redirectchain.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_idn_redirect.html]
+[test_origin_attributes_conversion.html]
+skip-if = e10s || buildapp != 'browser'
--- a/netwerk/test/mochitests/signed_web_packaged_app.sjs
+++ b/netwerk/test/mochitests/signed_web_packaged_app.sjs
@@ -1,37 +1,36 @@
 var Cc = Components.classes;
 var Ci = Components.interfaces;
 var Cu = Components.utils;
 
 function handleRequest(request, response)
 {
   response.setHeader("Content-Type", "application/package", false);
   response.write(signedPackage);
-  return;
 }
 
 // The package content
 // getData formats it as described at http://www.w3.org/TR/web-packaging/#streamable-package-format
-var signedPackage = `manifest-signature: MIIF1AYJKoZIhvcNAQcCoIIFxTCCBcECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA54wggOaMIICgqADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbRXhhbXBsZSBUcnVzdGVkIENvcnBvcmF0aW9uMRkwFwYDVQQDExBUcnVzdGVkIFZhbGlkIENBMB4XDTE1MTExOTAzMDEwNVoXDTM1MTExOTAzMDEwNVowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGjAYBgNVBAMTEVRydXN0ZWQgQ29ycCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPback9X7RRxKTc3/5o2vm9Ro6XNiSM9NPsN3djjCIVz50bY0rJkP98zsqpFjnLwqHeJigxyYoqFexRhRLgKrG10CxNl4rxP6CEPENjvj5FfbX/HUZpT/DelNR18F498yD95vSHcSrCc3JrjV3bKA+wgt11E4a0Ba95S1RuwtehZw1+Y4hO8nHpbSGfjD0BpluFY2nDoYAm+aWSrsmLuJsKLO8Xn2I1brZFJUynR3q1ujuDE9EJk1niDLfOeVgXM4AavJS5C0ZBHhAhR2W+K9NN97jpkpmHFqecTwDXB7rEhsyB3185cI7anaaQfHHfH5+4SD+cMDNtYIOSgLO06ZwIDAQABozgwNjAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAlnVyLz5dPhS0ZhZD6qJOUzSo6nFwMxNX1m0oS37mevtuh0b0o1gmEuMw3mVxiAVkC2vPsoxBL2wLlAkcEdBPxGEqhBmtiBY3F3DgvEkf+/sOY1rnr6O1qLZuBAnPzA1Vnco8Jwf0DYF0PxaRd8yT5XSl5qGpM2DItEldZwuKKaL94UEgIeC2c+Uv/IOyrv+EyftX96vcmRwr8ghPFLQ+36H5nuAKEpDD170EvfWl1zs0dUPiqSI6l+hy5V14gl63Woi34L727+FKx8oatbyZtdvbeeOmenfTLifLomnZdx+3WMLkp3TLlHa5xDLwifvZtBP2d3c6zHp7gdrGU1u2WTGCAf4wggH6AgEBMHgwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFRydXN0ZWQgVmFsaWQgQ0ECAQQwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTExOTA2NTUyOFowIwYJKoZIhvcNAQkEMRYEFENKTXRUkdej+EPd/oKRhz0Cp13zMA0GCSqGSIb3DQEBAQUABIIBAGUh2vVwKqidBo7VEaEtjw3Uh1ElXLRPySu5Mmaw3yHgVhq4jAVnqm2Iwpe+C8d3Jb9Vd98NyvZfXFwu+dHKIEmOk0jQFJeO0kShaaWbK0awz08J9tSUz9WTLzNUAHiYgzNlN7j4S6fQ0d1nxW4+I0GSL6ojAsxWyeUW4QbFfuJe01/WlsVSuUBKwU5a1a7enb10OP84cIdXglm+PpKDyzk+sIyj/hyg57QXjvmLT5+QVGLUk4DmLZUGZKwGLeg4ofwGDqAH6Y+6f5wKo/sQkl7/L0n2wl4TsQwDtS7aE6Uu6uswp/du/OwLY6fpTChVfHqn8t96u/swJmMSvF/eq2g=\r
---X3JDIZCX8G\r
+var signedPackage = `manifest-signature: MIIF1AYJKoZIhvcNAQcCoIIFxTCCBcECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA54wggOaMIICgqADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbRXhhbXBsZSBUcnVzdGVkIENvcnBvcmF0aW9uMRkwFwYDVQQDExBUcnVzdGVkIFZhbGlkIENBMB4XDTE1MTExOTAzMDEwNVoXDTM1MTExOTAzMDEwNVowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGjAYBgNVBAMTEVRydXN0ZWQgQ29ycCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPback9X7RRxKTc3/5o2vm9Ro6XNiSM9NPsN3djjCIVz50bY0rJkP98zsqpFjnLwqHeJigxyYoqFexRhRLgKrG10CxNl4rxP6CEPENjvj5FfbX/HUZpT/DelNR18F498yD95vSHcSrCc3JrjV3bKA+wgt11E4a0Ba95S1RuwtehZw1+Y4hO8nHpbSGfjD0BpluFY2nDoYAm+aWSrsmLuJsKLO8Xn2I1brZFJUynR3q1ujuDE9EJk1niDLfOeVgXM4AavJS5C0ZBHhAhR2W+K9NN97jpkpmHFqecTwDXB7rEhsyB3185cI7anaaQfHHfH5+4SD+cMDNtYIOSgLO06ZwIDAQABozgwNjAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAlnVyLz5dPhS0ZhZD6qJOUzSo6nFwMxNX1m0oS37mevtuh0b0o1gmEuMw3mVxiAVkC2vPsoxBL2wLlAkcEdBPxGEqhBmtiBY3F3DgvEkf+/sOY1rnr6O1qLZuBAnPzA1Vnco8Jwf0DYF0PxaRd8yT5XSl5qGpM2DItEldZwuKKaL94UEgIeC2c+Uv/IOyrv+EyftX96vcmRwr8ghPFLQ+36H5nuAKEpDD170EvfWl1zs0dUPiqSI6l+hy5V14gl63Woi34L727+FKx8oatbyZtdvbeeOmenfTLifLomnZdx+3WMLkp3TLlHa5xDLwifvZtBP2d3c6zHp7gdrGU1u2WTGCAf4wggH6AgEBMHgwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFRydXN0ZWQgVmFsaWQgQ0ECAQQwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTEyNTAzMDQzMFowIwYJKoZIhvcNAQkEMRYEFD4ut4oKoYdcGzyfQE6ROeazv+uNMA0GCSqGSIb3DQEBAQUABIIBAFG99dKBSOzQmYVn6lHKWERVDtYXbDTIVF957ID8YH9B5unlX/PdludTNbP5dzn8GWQV08tNRgoXQ5sgxjifHunrpaR1WiR6XqvwOCBeA5NB688jxGNxth6zg6fCGFaynsYMX3FlglfIW+AYwyQUclbv+C4UORJpBjvuknOnK+UDBLVSoP9ivL6KhylYna3oFcs0SMsumc/jf/oQW51LzFHpn61TRUqdDgvGhwcjgphMhKj23KwkjwRspU2oIWNRAuhZgqDD5BJlNniCr9X5Hx1dW6tIVISO91CLAryYkGZKRJYekXctCpIvldUkIDeh2tAw5owr0jtsVd6ovFF3bV4=\r
+--NKWXJUAFXB\r
 Content-Location: manifest.webapp\r
 Content-Type: application/x-web-app-manifest+json\r
 \r
 {
   "moz-package-origin": "http://mochi.test:8888",
   "name": "My App",
   "moz-resources": [
     {
       "src": "page2.html",
       "integrity": "JREF3JbXGvZ+I1KHtoz3f46ZkeIPrvXtG4VyFQrJ7II="
     },
     {
       "src": "index.html",
-      "integrity": "IjQ2S/V9qsC7wW5uv/Niq40M1aivvqH5+1GKRwUnyRg="
+      "integrity": "Jkvco7U8WOY9s0YREsPouX+DWK7FWlgZwA0iYYSrb7Q="
     },
     {
       "src": "scripts/script.js",
       "integrity": "6TqtNArQKrrsXEQWu3D9ZD8xvDRIkhyV6zVdTcmsT5Q="
     },
     {
       "src": "scripts/library.js",
       "integrity": "TN2ByXZiaBiBCvS4MeZ02UyNi44vED+KjdjLInUl4o8="
@@ -45,37 +44,38 @@ Content-Type: application/x-web-app-mani
       "devicestorage:pictures": {
         "description": "Need to load pictures"
       }
     }
   ],
   "package-identifier": "09bc9714-7ab6-4320-9d20-fde4c237522c",
   "description": "A great app!"
 }\r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: page2.html\r
 Content-Type: text/html\r
 \r
 <html>
   page2.html
 </html>
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: index.html\r
 Content-Type: text/html\r
 \r
 <html>
   Last updated: 2015/10/28
+  <iframe id="innerFrame" src="page2.html"></iframe>
 </html>
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: scripts/script.js\r
 Content-Type: text/javascript\r
 \r
 // script.js
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: scripts/library.js\r
 Content-Type: text/javascript\r
 \r
 // library.js
 \r
---X3JDIZCX8G--`;
+--NKWXJUAFXB--`;
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/test_origin_attributes_conversion.html
@@ -0,0 +1,135 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title> Bug 1209162 - Test Origin Attributes Conversion </title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content" style="display: none"></div>
+<pre id="test">
+<script class="testbody" type="application/javascript;version=1.7">
+SimpleTest.waitForExplicitFinish();
+SpecialPowers.pushPrefEnv(
+  { "set": [["network.http.enable-packaged-apps", true],
+            ["network.http.signed-packages.enabled", true],
+            ["network.http.signed-packages.trusted-origin", "http://mochi.test:8888"],
+            ["dom.mozBrowserFramesEnabled", true]] },
+  () => SpecialPowers.pushPermissions([
+    { "type": "browser", "allow": 1, "context": document }
+  ], function() {
+    runTest();
+}));
+
+var Ci = SpecialPowers.Ci;
+
+function runTest() {
+  var iframe = document.createElement("iframe");
+  iframe.setAttribute('mozbrowser', 'true');
+  iframe.setAttribute('remote', 'true');
+  iframe.setAttribute("src", "http://example.org:80");
+
+  iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+    iframe.removeEventListener("mozbrowserloadend", loadend);
+    info("Got mozbrowserloadend");
+    iframe.setAttribute("src", "http://mochi.test:8888/tests/netwerk/test/mochitests/signed_web_packaged_app.sjs!//index.html");
+
+    iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+      iframe.removeEventListener("mozbrowserloadend", loadend);
+      info("Got 2nd mozbrowserloadend");
+
+      // Expected origin attributes for signed package.
+      var expectedSignedOA = {inBrowser: true,
+                              signedPkg: "09bc9714-7ab6-4320-9d20-fde4c237522c"};
+
+      // Expected origin attributes for network request.
+      var expectedOA = {inBrowser: true};
+
+      function checkOriginAttributes(attrs, expected) {
+        for (var p in expected) {
+          is(attrs[p], expected[p]);
+        }
+      }
+
+      var mm = SpecialPowers.wrap(iframe)
+                            .QueryInterface(Ci.nsIFrameLoaderOwner)
+                            .frameLoader
+                            .messageManager;
+      mm.addMessageListener("test-document-origin-attributes", function (message) {
+        info("checking origin attributes from document");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-tabchild-origin-attributes", function (message) {
+        info("checking origin attributes from TabChild");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-child-docshell-origin-attributes", function (message) {
+        info("checking origin attributes from inner iframe");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-necko-origin-attributes", function (message) {
+        checkOriginAttributes(message.data.originAttributes, expectedOA);
+
+        SimpleTest.finish();
+      });
+
+      var scriptLoader = mm.QueryInterface(Ci.nsIFrameScriptLoader);
+      getOriginAttributes(scriptLoader, iframe);
+      sendNetworkRequest(scriptLoader, iframe);
+    });
+  });
+
+  document.body.appendChild(iframe);
+}
+
+function getOriginAttributes(scriptLoader, iframe) {
+  var frameScript =
+    `
+    function sendOA() {
+      sendAsyncMessage("test-document-origin-attributes",
+                       {originAttributes: content.document.nodePrincipal.originAttributes});
+
+      var loadContext = content.QueryInterface(Ci.nsIInterfaceRequestor)
+                               .getInterface(Ci.nsIWebNavigation)
+                               .QueryInterface(Ci.nsIDocShell)
+                               .QueryInterface(Ci.nsILoadContext);
+      sendAsyncMessage("test-tabchild-origin-attributes",
+                       {originAttributes: loadContext.originAttributes});
+
+      var frameWindow = content.document.getElementById("innerFrame").contentWindow;
+      var childLoadContext = frameWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                                        .getInterface(Ci.nsIWebNavigation)
+                                        .QueryInterface(Ci.nsIDocShell)
+                                        .QueryInterface(Ci.nsILoadContext);
+      sendAsyncMessage("test-child-docshell-origin-attributes",
+                       {originAttributes: childLoadContext.originAttributes});
+    }
+    `;
+  scriptLoader.loadFrameScript("data:,(" + frameScript + ")()", true);
+}
+
+function sendNetworkRequest(scriptLoader, iframe) {
+  var frameScript =
+    `
+    function sendNetworkerOA() {
+      var myXHR = new content.XMLHttpRequest();
+      myXHR.open("GET", "http://mochi.test:8888/tests/netwerk/test/mochitests/signed_web_packaged_app.sjs!//page2.html");
+      myXHR.send();
+      myXHR.onload = function() {
+        var loadInfo = myXHR.channel.loadInfo;
+        sendAsyncMessage("test-necko-origin-attributes",
+                         {originAttributes: loadInfo.originAttributes});
+      };
+    }
+    `;
+  scriptLoader.loadFrameScript("data:,(" + frameScript + ")()", true)
+}
+
+</script>
+</pre>
+</body>
+</html>
--- a/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
+++ b/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
@@ -86,9 +86,9 @@ function getNodePrincipalOrigin() {
   });
 
   document.body.appendChild(iframe);
 }
 
 </script>
 </pre>
 </body>
-</html>
\ No newline at end of file
+</html>
--- a/toolkit/components/downloads/ApplicationReputation.cpp
+++ b/toolkit/components/downloads/ApplicationReputation.cpp
@@ -46,17 +46,17 @@
 #include "nsThreadUtils.h"
 #include "nsXPCOMStrings.h"
 
 #include "nsIContentPolicy.h"
 #include "nsILoadInfo.h"
 #include "nsContentUtils.h"
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::Preferences;
 using mozilla::TimeStamp;
 using mozilla::Telemetry::Accumulate;
 using safe_browsing::ClientDownloadRequest;
 using safe_browsing::ClientDownloadRequest_CertificateChain;
 using safe_browsing::ClientDownloadRequest_Resource;
 using safe_browsing::ClientDownloadRequest_SignatureInfo;
 
@@ -290,17 +290,17 @@ PendingDBLookup::LookupSpecInternal(cons
 {
   nsresult rv;
 
   nsCOMPtr<nsIURI> uri;
   nsCOMPtr<nsIIOService> ios = do_GetService(NS_IOSERVICE_CONTRACTID, &rv);
   rv = ios->NewURI(aSpec, nullptr, nullptr, getter_AddRefs(uri));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal =
     BasePrincipal::CreateCodebasePrincipal(uri, attrs);
   if (!principal) {
     return NS_ERROR_FAILURE;
   }
 
   // Check local lists to see if the URI has already been whitelisted or
   // blacklisted.
--- a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
@@ -97,17 +97,17 @@ nsUrlClassifierStreamUpdater::FetchUpdat
                      nsIContentPolicy::TYPE_OTHER,
                      nullptr,  // aLoadGroup
                      this,     // aInterfaceRequestor
                      loadFlags);
 
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
-  loadInfo->SetOriginAttributes(mozilla::OriginAttributes(NECKO_SAFEBROWSING_APP_ID, false));
+  loadInfo->SetOriginAttributes(mozilla::NeckoOriginAttributes(NECKO_SAFEBROWSING_APP_ID, false));
 
   mBeganStream = false;
 
   // If aRequestBody is empty, construct it for the test.
   if (!aRequestBody.IsEmpty()) {
     rv = AddRequestBody(aRequestBody);
     NS_ENSURE_SUCCESS(rv, rv);
   }
--- a/uriloader/prefetch/OfflineCacheUpdateParent.cpp
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.cpp
@@ -12,17 +12,18 @@
 #include "mozilla/unused.h"
 #include "nsOfflineCacheUpdate.h"
 #include "nsIApplicationCache.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
 
 using namespace mozilla::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::DocShellOriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::dom::TabParent;
 
 //
 // To enable logging (see prlog.h for full details):
 //
 //    set NSPR_LOG_MODULES=nsOfflineCacheUpdate:5
 //    set NSPR_LOG_FILE=offlineupdate.log
 //
@@ -47,17 +48,17 @@ namespace docshell {
 NS_IMPL_ISUPPORTS(OfflineCacheUpdateParent,
                   nsIOfflineCacheUpdateObserver,
                   nsILoadContext)
 
 //-----------------------------------------------------------------------------
 // OfflineCacheUpdateParent <public>
 //-----------------------------------------------------------------------------
 
-OfflineCacheUpdateParent::OfflineCacheUpdateParent(const OriginAttributes& aAttrs)
+OfflineCacheUpdateParent::OfflineCacheUpdateParent(const DocShellOriginAttributes& aAttrs)
     : mIPCClosed(false)
     , mOriginAttributes(aAttrs)
 {
     // Make sure the service has been initialized
     nsOfflineCacheUpdateService::EnsureService();
 
     LOG(("OfflineCacheUpdateParent::OfflineCacheUpdateParent [%p]", this));
 }
@@ -88,18 +89,20 @@ OfflineCacheUpdateParent::Schedule(const
 
     nsOfflineCacheUpdateService* service =
         nsOfflineCacheUpdateService::EnsureService();
     if (!service)
         return NS_ERROR_FAILURE;
 
     bool offlinePermissionAllowed = false;
 
+    PrincipalOriginAttributes principalAttrs;
+    principalAttrs.InheritFromDocShellToDoc(mOriginAttributes, manifestURI);
     nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(manifestURI, mOriginAttributes);
+      BasePrincipal::CreateCodebasePrincipal(manifestURI, principalAttrs);
 
     nsresult rv = service->OfflineAppAllowed(
         principal, nullptr, &offlinePermissionAllowed);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (!offlinePermissionAllowed)
         return NS_ERROR_DOM_SECURITY_ERR;
 
--- a/uriloader/prefetch/OfflineCacheUpdateParent.h
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.h
@@ -40,23 +40,23 @@ public:
              const bool& stickDocument);
 
     void
     StopSendingMessagesToChild()
     {
       mIPCClosed = true;
     }
 
-    explicit OfflineCacheUpdateParent(const mozilla::OriginAttributes& aAttrs);
+    explicit OfflineCacheUpdateParent(const mozilla::DocShellOriginAttributes& aAttrs);
 
     virtual void ActorDestroy(ActorDestroyReason aWhy) override;
 private:
     ~OfflineCacheUpdateParent();
 
     bool mIPCClosed;
 
-    mozilla::OriginAttributes mOriginAttributes;
+    mozilla::DocShellOriginAttributes mOriginAttributes;
 };
 
 } // namespace docshell
 } // namespace mozilla
 
 #endif
--- a/uriloader/prefetch/nsOfflineCacheUpdateService.cpp
+++ b/uriloader/prefetch/nsOfflineCacheUpdateService.cpp
@@ -721,28 +721,28 @@ nsOfflineCacheUpdateService::OfflineAppA
     return OfflineAppPermForPrincipal(aPrincipal, aPrefBranch, false, aAllowed);
 }
 
 NS_IMETHODIMP
 nsOfflineCacheUpdateService::OfflineAppAllowedForURI(nsIURI *aURI,
                                                      nsIPrefBranch *aPrefBranch,
                                                      bool *aAllowed)
 {
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
     return OfflineAppPermForPrincipal(principal, aPrefBranch, false, aAllowed);
 }
 
 nsresult
 nsOfflineCacheUpdateService::OfflineAppPinnedForURI(nsIURI *aDocumentURI,
                                                     nsIPrefBranch *aPrefBranch,
                                                     bool *aPinned)
 {
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(aDocumentURI, attrs);
     return OfflineAppPermForPrincipal(principal, aPrefBranch, true, aPinned);
 }
 
 NS_IMETHODIMP
 nsOfflineCacheUpdateService::AllowOfflineApp(nsIDOMWindow *aWindow,
                                              nsIPrincipal *aPrincipal)