Bug 1466801 - Flipping disallowInheritPrincipal to be allow. r=ckerschb,Gijs
☠☠ backed out by c2e6d270ea05 ☠ ☠
authorJonathan Kingston <jkt@mozilla.com>
Tue, 24 Jul 2018 20:35:55 +0300
changeset 428005 4cba8b6eb37a007b60485167576b9b435d3cb2ad
parent 428004 26ac31d53e50217dff8829e6d9bae18c7e36b812
child 428006 9cc49c426b6bb447bfbb391452d5e9e230236749
push id105610
push userarchaeopteryx@coole-files.de
push dateTue, 24 Jul 2018 17:37:58 +0000
treeherdermozilla-inbound@4cba8b6eb37a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, Gijs
bugs1466801
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1466801 - Flipping disallowInheritPrincipal to be allow. r=ckerschb,Gijs Reviewers: Gijs, ckerschb Reviewed By: Gijs, ckerschb Subscribers: aryx, smaug, dao, RyanVM, dveditz, Gijs, ckerschb, bzbarsky, jkt Bug #: 1466801 Differential Revision: https://phabricator.services.mozilla.com/D2096
browser/base/content/browser.js
browser/base/content/nsContextMenu.js
browser/base/content/tabbrowser.js
browser/base/content/test/contextMenu/browser.ini
browser/base/content/test/contextMenu/browser_utilityOverlay.js
browser/base/content/test/contextMenu/browser_utilityOverlayPrincipal.js
browser/base/content/test/general/browser.ini
browser/base/content/test/general/browser_utilityOverlay.js
browser/base/content/urlbarBindings.xml
browser/base/content/utilityOverlay.js
browser/components/extensions/parent/ext-tabs.js
browser/components/sessionstore/SessionStore.jsm
browser/modules/ContentClick.jsm
testing/mochitest/BrowserTestUtils/BrowserTestUtils.jsm
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -1692,17 +1692,20 @@ var gBrowserInit = {
         let referrerPolicy = (window.arguments[5] != undefined ?
             window.arguments[5] : Ci.nsIHttpChannel.REFERRER_POLICY_UNSET);
         let userContextId = (window.arguments[6] != undefined ?
             window.arguments[6] : Ci.nsIScriptSecurityManager.DEFAULT_USER_CONTEXT_ID);
         loadURI(uriToLoad, referrerURI, window.arguments[3] || null,
                 window.arguments[4] || false, referrerPolicy, userContextId,
                 // pass the origin principal (if any) and force its use to create
                 // an initial about:blank viewer if present:
-                window.arguments[7], !!window.arguments[7], window.arguments[8]);
+                window.arguments[7], !!window.arguments[7], window.arguments[8],
+                // TODO fix allowInheritPrincipal
+                // (this is required by javascript: drop to the new window) Bug 1475201
+                true);
         window.focus();
       } else {
         // Note: loadOneOrMoreURIs *must not* be called if window.arguments.length >= 3.
         // Such callers expect that window.arguments[0] is handled as a single URI.
         loadOneOrMoreURIs(uriToLoad, Services.scriptSecurityManager.getSystemPrincipal());
       }
     });
   },
@@ -2383,27 +2386,28 @@ function BrowserCloseTabOrWindow(event) 
 
 function BrowserTryToCloseWindow() {
   if (WindowIsClosing())
     window.close(); // WindowIsClosing does all the necessary checks
 }
 
 function loadURI(uri, referrer, postData, allowThirdPartyFixup, referrerPolicy,
                  userContextId, originPrincipal, forceAboutBlankViewerInCurrent,
-                 triggeringPrincipal) {
+                 triggeringPrincipal, allowInheritPrincipal = false) {
   try {
     openLinkIn(uri, "current",
                { referrerURI: referrer,
                  referrerPolicy,
                  postData,
                  allowThirdPartyFixup,
                  userContextId,
                  originPrincipal,
                  triggeringPrincipal,
                  forceAboutBlankViewerInCurrent,
+                 allowInheritPrincipal,
                });
   } catch (e) {}
 }
 
 /**
  * Given a string, will generate a more appropriate urlbar value if a Places
  * keyword or a search alias is found at the beginning of it.
  *
@@ -3585,16 +3589,19 @@ var newTabButtonObserver = {
       }
     }
 
     for (let link of links) {
       if (link.url) {
         let data = await getShortcutOrURIAndPostData(link.url);
         // Allow third-party services to fixup this URL.
         openNewTabWith(data.url, shiftKey, {
+          // TODO fix allowInheritPrincipal
+          // (this is required by javascript: drop to the new window) Bug 1475201
+          allowInheritPrincipal: true,
           postData: data.postData,
           allowThirdPartyFixup: true,
           triggeringPrincipal,
         });
       }
     }
   }
 };
@@ -3617,16 +3624,19 @@ var newWindowButtonObserver = {
       }
     }
 
     for (let link of links) {
       if (link.url) {
         let data = await getShortcutOrURIAndPostData(link.url);
         // Allow third-party services to fixup this URL.
         openNewWindowWith(data.url, {
+          // TODO fix allowInheritPrincipal
+          // (this is required by javascript: drop to the new window) Bug 1475201
+          allowInheritPrincipal: true,
           postData: data.postData,
           allowThirdPartyFixup: true,
           triggeringPrincipal,
         });
       }
     }
   }
 };
@@ -6128,17 +6138,17 @@ function middleMousePaste(event) {
       // but don't let that interfere with the loading of the url.
       Cu.reportError(ex);
     }
 
     if (where != "current" ||
         lastLocationChange == gBrowser.selectedBrowser.lastLocationChange) {
       openUILink(data.url, event,
                  { ignoreButton: true,
-                   disallowInheritPrincipal: !data.mayInheritPrincipal,
+                   allowInheritPrincipal: data.mayInheritPrincipal,
                    triggeringPrincipal: gBrowser.selectedBrowser.contentPrincipal,
                  });
     }
   });
 
   if (event instanceof Event) {
     event.stopPropagation();
   }
--- a/browser/base/content/nsContextMenu.js
+++ b/browser/base/content/nsContextMenu.js
@@ -857,17 +857,16 @@ nsContextMenu.prototype = {
 
   // Open clicked-in frame in the same window.
   showOnlyThisFrame() {
     urlSecurityCheck(gContextMenuContentData.docLocation,
                      this.browser.contentPrincipal,
                      Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
     let referrer = gContextMenuContentData.referrer;
     openWebLinkIn(gContextMenuContentData.docLocation, "current", {
-      disallowInheritPrincipal: true,
       referrerURI: referrer ? makeURI(referrer) : null,
       triggeringPrincipal: this.browser.contentPrincipal,
     });
   },
 
   reload(event) {
     BrowserReloadOrDuplicate(event);
   },
@@ -915,18 +914,17 @@ nsContextMenu.prototype = {
     BrowserPageInfo(gContextMenuContentData.docLocation, "mediaTab",
                     this.imageInfo, null, this.browser);
   },
 
   viewImageDesc(e) {
     urlSecurityCheck(this.imageDescURL,
                      this.principal,
                      Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
-    openUILink(this.imageDescURL, e, { disallowInheritPrincipal: true,
-                                       referrerURI: gContextMenuContentData.documentURIObject,
+    openUILink(this.imageDescURL, e, { referrerURI: gContextMenuContentData.documentURIObject,
                                        triggeringPrincipal: this.principal,
     });
   },
 
   viewFrameInfo() {
     BrowserPageInfo(gContextMenuContentData.docLocation, null, null,
                     this.frameOuterWindowID, this.browser);
   },
@@ -954,26 +952,24 @@ nsContextMenu.prototype = {
   },
 
   // Change current window to the URL of the image, video, or audio.
   viewMedia(e) {
     let referrerURI = gContextMenuContentData.documentURIObject;
     let systemPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
     if (this.onCanvas) {
       this._canvasToBlobURL(this.target).then(function(blobURL) {
-        openUILink(blobURL, e, { disallowInheritPrincipal: true,
-                                 referrerURI,
+        openUILink(blobURL, e, { referrerURI,
                                  triggeringPrincipal: systemPrincipal});
       }, Cu.reportError);
     } else {
       urlSecurityCheck(this.mediaURL,
                        this.principal,
                        Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
-      openUILink(this.mediaURL, e, { disallowInheritPrincipal: true,
-                                     referrerURI,
+      openUILink(this.mediaURL, e, { referrerURI,
                                      forceAllowDataURI: true,
                                      triggeringPrincipal: this.principal,
       });
     }
   },
 
   saveVideoFrameAsImage() {
     let mm = this.browser.messageManager;
@@ -1020,18 +1016,17 @@ nsContextMenu.prototype = {
   },
 
   // Change current window to the URL of the background image.
   viewBGImage(e) {
     urlSecurityCheck(this.bgImageURL,
                      this.principal,
                      Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
 
-    openUILink(this.bgImageURL, e, { disallowInheritPrincipal: true,
-                                     referrerURI: gContextMenuContentData.documentURIObject,
+    openUILink(this.bgImageURL, e, { referrerURI: gContextMenuContentData.documentURIObject,
                                      triggeringPrincipal: this.principal,
     });
   },
 
   setDesktopBackground() {
     let mm = this.browser.messageManager;
 
     mm.sendAsyncMessage("ContextMenu:SetAsDesktopBackground", null,
--- a/browser/base/content/tabbrowser.js
+++ b/browser/base/content/tabbrowser.js
@@ -1323,16 +1323,17 @@ window._gBrowser = {
     return true;
   },
 
   loadOneTab(aURI, aReferrerURI, aCharset, aPostData, aLoadInBackground, aAllowThirdPartyFixup) {
     var aTriggeringPrincipal;
     var aReferrerPolicy;
     var aFromExternal;
     var aRelatedToCurrent;
+    var aAllowInheritPrincipal;
     var aAllowMixedContent;
     var aSkipAnimation;
     var aForceNotRemote;
     var aPreferredRemoteType;
     var aNoReferrer;
     var aUserContextId;
     var aSameProcessAsFrameLoader;
     var aOriginPrincipal;
@@ -1350,16 +1351,17 @@ window._gBrowser = {
       aReferrerURI = params.referrerURI;
       aReferrerPolicy = params.referrerPolicy;
       aCharset = params.charset;
       aPostData = params.postData;
       aLoadInBackground = params.inBackground;
       aAllowThirdPartyFixup = params.allowThirdPartyFixup;
       aFromExternal = params.fromExternal;
       aRelatedToCurrent = params.relatedToCurrent;
+      aAllowInheritPrincipal = !!params.allowInheritPrincipal;
       aAllowMixedContent = params.allowMixedContent;
       aSkipAnimation = params.skipAnimation;
       aForceNotRemote = params.forceNotRemote;
       aPreferredRemoteType = params.preferredRemoteType;
       aNoReferrer = params.noReferrer;
       aUserContextId = params.userContextId;
       aSameProcessAsFrameLoader = params.sameProcessAsFrameLoader;
       aOriginPrincipal = params.originPrincipal;
@@ -1377,16 +1379,17 @@ window._gBrowser = {
 
     var tab = this.addTab(aURI, {
       triggeringPrincipal: aTriggeringPrincipal,
       referrerURI: aReferrerURI,
       referrerPolicy: aReferrerPolicy,
       charset: aCharset,
       postData: aPostData,
       ownerTab: owner,
+      allowInheritPrincipal: aAllowInheritPrincipal,
       allowThirdPartyFixup: aAllowThirdPartyFixup,
       fromExternal: aFromExternal,
       relatedToCurrent: aRelatedToCurrent,
       skipAnimation: aSkipAnimation,
       allowMixedContent: aAllowMixedContent,
       forceNotRemote: aForceNotRemote,
       createLazyBrowser: aCreateLazyBrowser,
       preferredRemoteType: aPreferredRemoteType,
@@ -2127,17 +2130,17 @@ window._gBrowser = {
 
   // eslint-disable-next-line complexity
   addTab(aURI, {
     allowMixedContent,
     allowThirdPartyFixup,
     bulkOrderedOpen,
     charset,
     createLazyBrowser,
-    disallowInheritPrincipal,
+    allowInheritPrincipal,
     eventDetail,
     focusUrlBar,
     forceNotRemote,
     fromExternal,
     index,
     name,
     nextTabParentId,
     noInitialLabel,
@@ -2416,17 +2419,17 @@ window._gBrowser = {
       if (!aURIObject ||
           (doGetProtocolFlags(aURIObject) & URI_INHERITS_SECURITY_CONTEXT)) {
         b.createAboutBlankContentViewer(originPrincipal);
       }
     }
 
     // If we didn't swap docShells with a preloaded browser
     // then let's just continue loading the page normally.
-    if (!usingPreloadedContent && (!uriIsAboutBlank || disallowInheritPrincipal)) {
+    if (!usingPreloadedContent && (!uriIsAboutBlank || !allowInheritPrincipal)) {
       // pretend the user typed this so it'll be available till
       // the document successfully loads
       if (aURI && !gInitialPages.includes(aURI)) {
         b.userTypedValue = aURI;
       }
 
       let flags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
       if (allowThirdPartyFixup) {
@@ -2434,17 +2437,17 @@ window._gBrowser = {
         flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FIXUP_SCHEME_TYPOS;
       }
       if (fromExternal) {
         flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FROM_EXTERNAL;
       }
       if (allowMixedContent) {
         flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_MIXED_CONTENT;
       }
-      if (disallowInheritPrincipal) {
+      if (!allowInheritPrincipal) {
         flags |= Ci.nsIWebNavigation.LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL;
       }
       try {
         b.loadURI(aURI, {
           flags,
           triggeringPrincipal,
           referrerURI: noReferrer ? null : referrerURI,
           referrerPolicy,
--- a/browser/base/content/test/contextMenu/browser.ini
+++ b/browser/base/content/test/contextMenu/browser.ini
@@ -2,8 +2,10 @@
 support-files =
   !/browser/base/content/test/general/contextmenu_common.js
   subtst_contextmenu_webext.html
   test_contextmenu_links.html
 
 [browser_contextmenu_touch.js]
 skip-if = !(os == 'win' && os_version == '10.0')
 [browser_contextmenu_linkopen.js]
+[browser_utilityOverlay.js]
+[browser_utilityOverlayPrincipal.js]
rename from browser/base/content/test/general/browser_utilityOverlay.js
rename to browser/base/content/test/contextMenu/browser_utilityOverlay.js
--- a/browser/base/content/test/general/browser_utilityOverlay.js
+++ b/browser/base/content/test/contextMenu/browser_utilityOverlay.js
@@ -2,17 +2,17 @@
  *  License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 const gTests = [
   test_eventMatchesKey,
   test_getTopWin,
   test_getBoolPref,
   test_openNewTabWith,
-  test_openUILink
+  test_openUILink,
 ];
 
 function test() {
   waitForExplicitFinish();
   executeSoon(runNextTest);
 }
 
 function runNextTest() {
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/contextMenu/browser_utilityOverlayPrincipal.js
@@ -0,0 +1,54 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ *  License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+const gTests = [
+  test_openUILink_checkPrincipal,
+];
+
+function test() {
+  waitForExplicitFinish();
+  executeSoon(runNextTest);
+}
+
+function runNextTest() {
+  if (gTests.length) {
+    let testFun = gTests.shift();
+    info("Running " + testFun.name);
+    testFun();
+  } else {
+    finish();
+  }
+}
+
+function test_openUILink_checkPrincipal() {
+  let tab = gBrowser.selectedTab = BrowserTestUtils.addTab(gBrowser, "http://example.com/"); // remote tab
+  BrowserTestUtils.browserLoaded(tab.linkedBrowser).then(async function() {
+    is(tab.linkedBrowser.currentURI.spec, "http://example.com/", "example.com loaded");
+
+    await ContentTask.spawn(tab.linkedBrowser, null, function() {
+      let channel = content.document.docShell.currentDocumentChannel;
+
+      const loadingPrincipal = channel.loadInfo.loadingPrincipal;
+      is(loadingPrincipal, null, "sanity: correct loadingPrincipal");
+      const triggeringPrincipal = channel.loadInfo.triggeringPrincipal;
+      ok(Services.scriptSecurityManager.isSystemPrincipal(triggeringPrincipal),
+        "sanity: correct triggeringPrincipal");
+      const principalToInherit = channel.loadInfo.principalToInherit;
+      ok(principalToInherit.isNullPrincipal, "sanity: correct principalToInherit");
+      ok(content.document.nodePrincipal.isCodebasePrincipal,
+        "sanity: correct doc.nodePrincipal");
+      is(content.document.nodePrincipal.URI.asciiSpec, "http://example.com/",
+       "sanity: correct doc.nodePrincipal URL");
+    });
+
+    gBrowser.removeCurrentTab();
+    runNextTest();
+
+  });
+
+  // Ensure we get the correct default of "allowInheritPrincipal: false" from openUILink
+  openUILink("http://example.com", null, {
+    triggeringPrincipal: Services.scriptSecurityManager.getSystemPrincipal({}),
+  }); // defaults to "current"
+}
--- a/browser/base/content/test/general/browser.ini
+++ b/browser/base/content/test/general/browser.ini
@@ -469,18 +469,16 @@ support-files =
   trackingPage.html
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_typeAheadFind.js]
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_unknownContentType_title.js]
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_unloaddialogs.js]
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
-[browser_utilityOverlay.js]
-# DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_viewSourceInTabOnViewSource.js]
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_visibleFindSelection.js]
 skip-if = true # Bug 1409184 disabled because interactive find next is not automating properly
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_visibleTabs.js]
 # DO NOT ADD MORE TESTS HERE. USE A TOPICAL DIRECTORY INSTEAD.
 [browser_visibleTabs_bookmarkAllPages.js]
--- a/browser/base/content/urlbarBindings.xml
+++ b/browser/base/content/urlbarBindings.xml
@@ -931,17 +931,17 @@ file, You can obtain one at http://mozil
             postData,
             allowThirdPartyFixup: true,
             triggeringPrincipal,
           };
           if (openUILinkWhere == "current") {
             params.targetBrowser = browser;
             params.indicateErrorPageLoad = true;
             params.allowPinnedTabHostChange = true;
-            params.disallowInheritPrincipal = !mayInheritPrincipal;
+            params.allowInheritPrincipal = mayInheritPrincipal;
             params.allowPopups = url.startsWith("javascript:");
           } else {
             params.initiatingDoc = document;
           }
 
           if (openUILinkParams) {
             for (let key in openUILinkParams) {
               params[key] = openUILinkParams[key];
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -277,20 +277,20 @@ function openLinkIn(url, where, params) 
   var aFromChrome           = params.fromChrome;
   var aAllowThirdPartyFixup = params.allowThirdPartyFixup;
   var aPostData             = params.postData;
   var aCharset              = params.charset;
   var aReferrerURI          = params.referrerURI;
   var aReferrerPolicy       = ("referrerPolicy" in params ?
       params.referrerPolicy : Ci.nsIHttpChannel.REFERRER_POLICY_UNSET);
   var aRelatedToCurrent     = params.relatedToCurrent;
+  var aAllowInheritPrincipal = !!params.allowInheritPrincipal;
   var aAllowMixedContent    = params.allowMixedContent;
   var aForceAllowDataURI    = params.forceAllowDataURI;
   var aInBackground         = params.inBackground;
-  var aDisallowInheritPrincipal = params.disallowInheritPrincipal;
   var aInitiatingDoc        = params.initiatingDoc;
   var aIsPrivate            = params.private;
   var aSkipTabAnimation     = params.skipTabAnimation;
   var aAllowPinnedTabHostChange = !!params.allowPinnedTabHostChange;
   var aNoReferrer           = params.noReferrer;
   var aAllowPopups          = !!params.allowPopups;
   var aUserContextId        = params.userContextId;
   var aIndicateErrorPageLoad = params.indicateErrorPageLoad;
@@ -477,22 +477,20 @@ function openLinkIn(url, where, params) 
   switch (where) {
   case "current":
     let flags = Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
 
     if (aAllowThirdPartyFixup) {
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_THIRD_PARTY_FIXUP;
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_FIXUP_SCHEME_TYPOS;
     }
-
     // LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL isn't supported for javascript URIs,
     // i.e. it causes them not to load at all. Callers should strip
-    // "javascript:" from pasted strings to protect users from malicious URIs
-    // (see stripUnsafeProtocolOnPaste).
-    if (aDisallowInheritPrincipal && !(uriObj && uriObj.schemeIs("javascript"))) {
+    // "javascript:" from pasted strings to prevent blank tabs
+    if (!aAllowInheritPrincipal) {
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_DISALLOW_INHERIT_PRINCIPAL;
     }
 
     if (aAllowPopups) {
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ALLOW_POPUPS;
     }
     if (aIndicateErrorPageLoad) {
       flags |= Ci.nsIWebNavigation.LOAD_FLAGS_ERROR_LOAD_CHANGES_RV;
@@ -540,16 +538,17 @@ function openLinkIn(url, where, params) 
       allowThirdPartyFixup: aAllowThirdPartyFixup,
       relatedToCurrent: aRelatedToCurrent,
       skipAnimation: aSkipTabAnimation,
       allowMixedContent: aAllowMixedContent,
       noReferrer: aNoReferrer,
       userContextId: aUserContextId,
       originPrincipal: aPrincipal,
       triggeringPrincipal: aTriggeringPrincipal,
+      allowInheritPrincipal: aAllowInheritPrincipal,
       focusUrlBar,
     });
     targetBrowser = tabUsedForLoad.linkedBrowser;
 
     if (aResolveOnNewTabCreated) {
       aResolveOnNewTabCreated(targetBrowser);
     }
 
--- a/browser/components/extensions/parent/ext-tabs.js
+++ b/browser/components/extensions/parent/ext-tabs.js
@@ -562,20 +562,16 @@ this.tabs = class extends ExtensionAPI {
                 if (!containerId) {
                   return Promise.reject({message: `No cookie store exists with ID ${createProperties.cookieStoreId}`});
                 }
 
                 options.userContextId = containerId;
               }
             }
 
-            // Make sure things like about:blank and data: URIs never inherit,
-            // and instead always get a NullPrincipal.
-            options.disallowInheritPrincipal = true;
-
             tabListener.initTabReady();
             let currentTab = window.gBrowser.selectedTab;
 
             if (createProperties.openerTabId !== null) {
               options.ownerTab = tabTracker.getTab(createProperties.openerTabId);
               options.openerBrowser = options.ownerTab.linkedBrowser;
               if (options.ownerTab.ownerGlobal !== window) {
                 return Promise.reject({message: "Opener tab must be in the same window as the tab being created"});
--- a/browser/components/sessionstore/SessionStore.jsm
+++ b/browser/components/sessionstore/SessionStore.jsm
@@ -3475,31 +3475,36 @@ var SessionStoreInternal = {
         }
       }
 
       // Add a new tab if needed.
       if (!tab) {
         let createLazyBrowser = restoreTabsLazily && !select && !tabData.pinned;
 
         let url = "about:blank";
+        let triggeringPrincipal;
+
         if (createLazyBrowser && tabData.entries && tabData.entries.length) {
           // Let tabbrowser know the future URI because progress listeners won't
           // get onLocationChange notification before the browser is inserted.
           let activeIndex = (tabData.index || tabData.entries.length) - 1;
           // Ensure the index is in bounds.
           activeIndex = Math.min(activeIndex, tabData.entries.length - 1);
           activeIndex = Math.max(activeIndex, 0);
+          triggeringPrincipal = Utils.deserializePrincipal(tabData.entries[activeIndex].triggeringPrincipal_base64);
           url = tabData.entries[activeIndex].url;
         }
 
         // Setting noInitialLabel is a perf optimization. Rendering tab labels
         // would make resizing the tabs more expensive as we're adding them.
         // Each tab will get its initial label set in restoreTab.
         tab = tabbrowser.addTab(url,
                                 { createLazyBrowser,
+                                  triggeringPrincipal: triggeringPrincipal || Services.scriptSecurityManager.createNullPrincipal({ userContextId }),
+                                  allowInheritPrincipal: true,
                                   skipAnimation: true,
                                   noInitialLabel: true,
                                   userContextId,
                                   skipBackgroundNotify: true,
                                   bulkOrderedOpen: true });
 
         if (select) {
           let leftoverTab = tabbrowser.selectedTab;
--- a/browser/modules/ContentClick.jsm
+++ b/browser/modules/ContentClick.jsm
@@ -73,11 +73,13 @@ var ContentClick = {
       frameOuterWindowID: json.frameOuterWindowID,
     };
 
     // The new tab/window must use the same userContextId.
     if (json.originAttributes.userContextId) {
       params.userContextId = json.originAttributes.userContextId;
     }
 
+    params.allowInheritPrincipal = true;
+
     window.openLinkIn(json.href, where, params);
   }
 };
--- a/testing/mochitest/BrowserTestUtils/BrowserTestUtils.jsm
+++ b/testing/mochitest/BrowserTestUtils/BrowserTestUtils.jsm
@@ -1780,16 +1780,19 @@ var BrowserTestUtils = {
    * @param {function} beforeLoadFunc [optional]
    *        A function to run after that xul:browser has been created but before the URL is
    *        loaded. Can spawn a content task in the tab, for example.
    */
   addTab(tabbrowser, uri, params = {}, beforeLoadFunc = null) {
     if (!params.triggeringPrincipal) {
       params.triggeringPrincipal = Services.scriptSecurityManager.getSystemPrincipal();
     }
+    if (!params.allowInheritPrincipal) {
+      params.allowInheritPrincipal = true;
+    }
     if (beforeLoadFunc) {
       let window = tabbrowser.ownerGlobal;
       window.addEventListener("TabOpen", function(e) {
         beforeLoadFunc(e.target);
       }, {once: true});
     }
     return tabbrowser.addTab(uri, params);
   }