Backed out 6 changesets (bug 1145744, bug 536509, bug 1184973, bug 1147821) for B2G test_storagePermissionsAccept.html failures.
authorRyan VanderMeulen <ryanvm@gmail.com>
Wed, 26 Aug 2015 19:09:49 -0400
changeset 259440 5482a856cc1d2fb5d2fac39bfbb975ff89f62dfc
parent 259439 07f5717ac742d2be0f0dadb114148f24e41334e3
child 259487 c1121b67faa0c6f4ded0ad0eb9bcd4dda38e17d5
push id64252
push userryanvm@gmail.com
push dateWed, 26 Aug 2015 23:09:53 +0000
treeherdermozilla-inbound@5482a856cc1d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1145744, 536509, 1184973, 1147821
milestone43.0a1
backs out07f5717ac742d2be0f0dadb114148f24e41334e3
d49d61e97fcbac3b58214f6448911bd0c5777aa7
e056e2d6b7e8251be2ec580d74bde742559da31e
f4806930c16866dde88922e4d1f5e3abf370ff2f
24c808f933e5c8f58d2eb53170c9ad6c47807b27
03dc725619b856a268fd096c1ec2a73341d06024
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 6 changesets (bug 1145744, bug 536509, bug 1184973, bug 1147821) for B2G test_storagePermissionsAccept.html failures. Backed out changeset 07f5717ac742 (bug 1184973) Backed out changeset d49d61e97fcb (bug 1184973) Backed out changeset e056e2d6b7e8 (bug 1145744) Backed out changeset f4806930c168 (bug 1147821) Backed out changeset 24c808f933e5 (bug 536509) Backed out changeset 03dc725619b8 (bug 1184973) CLOSED TREE
dom/base/nsContentUtils.cpp
dom/base/nsContentUtils.h
dom/base/nsGlobalWindow.cpp
dom/cache/CacheStorage.cpp
dom/cache/CacheStorage.h
dom/indexedDB/IDBFactory.cpp
dom/indexedDB/test/test_third_party.html
dom/storage/DOMStorage.cpp
dom/storage/DOMStorage.h
dom/tests/mochitest/general/frameStorageAllowed.html
dom/tests/mochitest/general/frameStorageChrome.html
dom/tests/mochitest/general/frameStorageNullprincipal.sjs
dom/tests/mochitest/general/frameStoragePrevented.html
dom/tests/mochitest/general/mochitest.ini
dom/tests/mochitest/general/storagePermissionsUtils.js
dom/tests/mochitest/general/test_storagePermissionsAccept.html
dom/tests/mochitest/general/test_storagePermissionsLimitForeign.html
dom/tests/mochitest/general/test_storagePermissionsReject.html
dom/tests/mochitest/general/test_storagePermissionsRejectForeign.html
dom/tests/mochitest/general/workerStorageAllowed.js
dom/tests/mochitest/general/workerStoragePrevented.js
dom/tests/mochitest/localstorage/frameLocalStorageCookieSettings.html
dom/tests/mochitest/localstorage/interOriginFrame.js
dom/tests/mochitest/localstorage/mochitest.ini
dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
dom/workers/ServiceWorkerManager.cpp
dom/workers/WorkerPrivate.cpp
dom/workers/WorkerPrivate.h
dom/workers/WorkerScope.cpp
dom/workers/Workers.h
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -187,20 +187,16 @@
 #include "nsViewManager.h"
 #include "nsViewportInfo.h"
 #include "nsWidgetsCID.h"
 #include "nsWrapperCacheInlines.h"
 #include "nsXULPopupManager.h"
 #include "xpcprivate.h" // nsXPConnect
 #include "HTMLSplitOnSpacesTokenizer.h"
 #include "nsContentTypeParser.h"
-#include "nsICookiePermission.h"
-#include "mozIThirdPartyUtil.h"
-#include "nsICookieService.h"
-#include "mozilla/EnumSet.h"
 
 #include "nsIBidiKeyboard.h"
 
 #if defined(XP_WIN)
 // Undefine LoadImage to prevent naming conflict with Windows.
 #undef LoadImage
 #endif
 
@@ -265,19 +261,16 @@ bool nsContentUtils::sIsUserTimingLoggin
 bool nsContentUtils::sIsExperimentalAutocompleteEnabled = false;
 bool nsContentUtils::sEncodeDecodeURLHash = false;
 bool nsContentUtils::sGettersDecodeURLHash = false;
 bool nsContentUtils::sPrivacyResistFingerprinting = false;
 bool nsContentUtils::sSendPerformanceTimingNotifications = false;
 
 uint32_t nsContentUtils::sHandlingInputTimeout = 1000;
 
-uint32_t nsContentUtils::sCookiesLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-uint32_t nsContentUtils::sCookiesBehavior = nsICookieService::BEHAVIOR_ACCEPT;
-
 nsHtml5StringParser* nsContentUtils::sHTMLFragmentParser = nullptr;
 nsIParser* nsContentUtils::sXMLFragmentParser = nullptr;
 nsIFragmentContentSink* nsContentUtils::sXMLFragmentSink = nullptr;
 bool nsContentUtils::sFragmentParsingActive = false;
 
 #if !(defined(DEBUG) || defined(MOZ_ENABLE_JS_DUMP))
 bool nsContentUtils::sDOMWindowDumpEnabled;
 #endif
@@ -561,24 +554,16 @@ nsContentUtils::Init()
 
   Preferences::AddUintVarCache(&sHandlingInputTimeout,
                                "dom.event.handling-user-input-time-limit",
                                1000);
 
   Preferences::AddBoolVarCache(&sSendPerformanceTimingNotifications,
                                "dom.performance.enable_notify_performance_timing", false);
 
-  Preferences::AddUintVarCache(&sCookiesLifetimePolicy,
-                               "network.cookie.lifetimePolicy",
-                               nsICookieService::ACCEPT_NORMALLY);
-
-  Preferences::AddUintVarCache(&sCookiesBehavior,
-                               "network.cookie.cookieBehavior",
-                               nsICookieService::BEHAVIOR_ACCEPT);
-
 #if !(defined(DEBUG) || defined(MOZ_ENABLE_JS_DUMP))
   Preferences::AddBoolVarCache(&sDOMWindowDumpEnabled,
                                "browser.dom.window.dump.enabled");
 #endif
 
   Element::InitCCCallbacks();
 
   nsCOMPtr<nsIUUIDGenerator> uuidGenerator =
@@ -8065,140 +8050,8 @@ nsContentUtils::PushEnabled(JSContext* a
   // Otherwise, check the pref via the WorkerPrivate
   WorkerPrivate* workerPrivate = GetWorkerPrivateFromContext(aCx);
   if (!workerPrivate) {
     return false;
   }
 
   return workerPrivate->PushEnabled();
 }
-
-// static, public
-nsContentUtils::StorageAccess
-nsContentUtils::StorageAllowedForWindow(nsPIDOMWindow* aWindow)
-{
-  MOZ_ASSERT(aWindow->IsInnerWindow());
-
-  nsIDocument* document = aWindow->GetExtantDoc();
-  if (document) {
-    nsCOMPtr<nsIPrincipal> principal = document->NodePrincipal();
-    return InternalStorageAllowedForPrincipal(principal, aWindow);
-  }
-
-  return StorageAccess::eDeny;
-}
-
-// static, public
-nsContentUtils::StorageAccess
-nsContentUtils::StorageAllowedForPrincipal(nsIPrincipal* aPrincipal)
-{
-  return InternalStorageAllowedForPrincipal(aPrincipal, nullptr);
-}
-
-// static, private
-nsContentUtils::StorageAccess
-nsContentUtils::InternalStorageAllowedForPrincipal(nsIPrincipal* aPrincipal,
-                                                   nsPIDOMWindow* aWindow)
-{
-  MOZ_ASSERT(aPrincipal);
-  MOZ_ASSERT(!aWindow || aWindow->IsInnerWindow());
-
-  StorageAccess access = StorageAccess::eAllow;
-
-  // We don't allow storage on the null principal, in general. Even if the
-  // calling context is chrome.
-  bool isNullPrincipal;
-  if (NS_WARN_IF(NS_FAILED(aPrincipal->GetIsNullPrincipal(&isNullPrincipal))) ||
-      isNullPrincipal) {
-    return StorageAccess::eDeny;
-  }
-
-  if (aWindow) {
-    // If the document is sandboxed, then it is not permitted to use storage
-    nsIDocument* document = aWindow->GetExtantDoc();
-    if (document->GetSandboxFlags() & SANDBOXED_ORIGIN) {
-      return StorageAccess::eDeny;
-    }
-
-    // Check if we are in private browsing, and record that fact
-    if (IsInPrivateBrowsing(document)) {
-      access = StorageAccess::ePrivateBrowsing;
-    }
-  }
-
-  // Check if we should only allow storage for the session, and record that fact
-  if (sCookiesLifetimePolicy == nsICookieService::ACCEPT_SESSION) {
-    // Storage could be StorageAccess::ePrivateBrowsing or StorageAccess::eAllow
-    // so perform a std::min comparison to make sure we preserve ePrivateBrowsing
-    // if it has been set.
-    access = std::min(StorageAccess::eSessionScoped, access);
-  }
-
-  // If the caller is chrome privileged, then it is allowed to access any
-  // storage it likes, no matter whether the storage for that window/principal
-  // would normally be permitted.
-  if (IsSystemPrincipal(SubjectPrincipal())) {
-    return access;
-  }
-
-  if (!SubjectPrincipal()->Subsumes(aPrincipal)) {
-    NS_WARNING("A principal is attempting to access storage for a principal "
-               "which it doesn't subsume!");
-    return StorageAccess::eDeny;
-  }
-
-  // About URIs are allowed to access storage, even if they don't have chrome
-  // privileges. If this is not desired, than the consumer will have to
-  // implement their own restriction functionality.
-  nsCOMPtr<nsIURI> uri;
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aPrincipal->GetURI(getter_AddRefs(uri))));
-  bool isAbout = false;
-  MOZ_ALWAYS_TRUE(NS_SUCCEEDED(uri->SchemeIs("about", &isAbout)));
-  if (isAbout) {
-    return access;
-  }
-
-  nsCOMPtr<nsIPermissionManager> permissionManager =
-    services::GetPermissionManager();
-  if (!permissionManager) {
-    return StorageAccess::eDeny;
-  }
-
-  // check the permission manager for any allow or deny permissions
-  // for cookies for the window.
-  uint32_t perm;
-  permissionManager->TestPermissionFromPrincipal(aPrincipal, "cookie", &perm);
-  if (perm == nsIPermissionManager::DENY_ACTION) {
-    return StorageAccess::eDeny;
-  } else if (perm == nsICookiePermission::ACCESS_SESSION) {
-    return std::min(access, StorageAccess::eSessionScoped);
-  } else if (perm == nsIPermissionManager::ALLOW_ACTION) {
-    return access;
-  }
-
-  // We don't want to prompt for every attempt to access permissions, so we
-  // treat the cookie ASK_BEFORE_ACCEPT as though it was a reject.
-  if (sCookiesBehavior == nsICookieService::BEHAVIOR_REJECT ||
-      sCookiesLifetimePolicy == nsICookieService::ASK_BEFORE_ACCEPT) {
-    return StorageAccess::eDeny;
-  }
-
-  // In the absense of a window, we assume that we are first-party.
-  if (aWindow && (sCookiesBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
-                  sCookiesBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN)) {
-    nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
-      do_GetService(THIRDPARTYUTIL_CONTRACTID);
-    MOZ_ASSERT(thirdPartyUtil);
-
-    bool thirdPartyWindow = false;
-    if (NS_SUCCEEDED(thirdPartyUtil->IsThirdPartyWindow(
-          aWindow, nullptr, &thirdPartyWindow)) && thirdPartyWindow) {
-      // XXX For non-cookie forms of storage, we handle BEHAVIOR_LIMIT_FOREIGN by
-      // simply rejecting the request to use the storage. In the future, if we
-      // change the meaning of BEHAVIOR_LIMIT_FOREIGN to be one which makes sense
-      // for non-cookie storage types, this may change.
-
-      return StorageAccess::eDeny;
-    }
-  }
-
-  return access;
-}
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -2471,48 +2471,16 @@ public:
    * https://w3c.github.io/webappsec/specs/referrer-policy/#determine-requests-referrer
    */
   static nsresult SetFetchReferrerURIWithPolicy(nsIPrincipal* aPrincipal,
                                                 nsIDocument* aDoc,
                                                 nsIHttpChannel* aChannel);
 
   static bool PushEnabled(JSContext* aCx, JSObject* aObj);
 
-  // The order of these entries matters, as we use std::min for total ordering
-  // of permissions. Private Browsing is considered to be more limiting
-  // then session scoping
-  enum class StorageAccess {
-    // Don't allow access to the storage
-    eDeny = 0,
-    // Allow access to the storage, but only if it is secure to do so in a
-    // private browsing context.
-    ePrivateBrowsing = 1,
-    // Allow access to the storage, but only persist it for the current session
-    eSessionScoped = 2,
-    // Allow access to the storage
-    eAllow = 3,
-  };
-
-  /*
-   * Checks if storage for the given window is permitted by a combination of
-   * the user's preferences, and whether the window is a third-party iframe.
-   *
-   * This logic is intended to be shared between the different forms of
-   * persistent storage which are available to web pages. Cookies don't use
-   * this logic, and security logic related to them must be updated separately.
-   */
-  static StorageAccess StorageAllowedForWindow(nsPIDOMWindow* aWindow);
-
-  /*
-   * Checks if storage for the given principal is permitted by the user's
-   * preferences. The caller is assumed to not be a third-party iframe.
-   * (if that is possible, the caller should use StorageAllowedForWindow)
-   */
-  static StorageAccess StorageAllowedForPrincipal(nsIPrincipal* aPrincipal);
-
 private:
   static bool InitializeEventTable();
 
   static nsresult EnsureStringBundle(PropertiesFile aFile);
 
   static bool CanCallerAccess(nsIPrincipal* aSubjectPrincipal,
                                 nsIPrincipal* aPrincipal);
 
@@ -2543,28 +2511,16 @@ private:
   // Fills in aInfo with the tokens from the supplied autocomplete attribute.
   static AutocompleteAttrState InternalSerializeAutocompleteAttribute(const nsAttrValue* aAttrVal,
                                                                       mozilla::dom::AutocompleteInfo& aInfo);
 
   static void CallOnAllRemoteChildren(nsIMessageBroadcaster* aManager,
                                       CallOnRemoteChildFunction aCallback,
                                       void* aArg);
 
-  /*
-   * Checks if storage for a given principal is permitted by the user's
-   * preferences. If aWindow is non-null, its principal must be passed as
-   * aPrincipal, and the third-party iframe and sandboxing status of the window
-   * are also checked.
-   *
-   * Used in the implementation of StorageAllowedForWindow and
-   * StorageAllowedForPrincipal.
-   */
-  static StorageAccess InternalStorageAllowedForPrincipal(nsIPrincipal* aPrincipal,
-                                                          nsPIDOMWindow* aWindow);
-
   static nsIXPConnect *sXPConnect;
 
   static nsIScriptSecurityManager *sSecurityManager;
   static nsIPrincipal *sSystemPrincipal;
   static nsIPrincipal *sNullSubjectPrincipal;
 
   static nsIParserService *sParserService;
 
@@ -2620,18 +2576,16 @@ private:
   static bool sIsResourceTimingEnabled;
   static bool sIsUserTimingLoggingEnabled;
   static bool sIsFrameTimingPrefEnabled;
   static bool sIsExperimentalAutocompleteEnabled;
   static bool sEncodeDecodeURLHash;
   static bool sGettersDecodeURLHash;
   static bool sPrivacyResistFingerprinting;
   static bool sSendPerformanceTimingNotifications;
-  static uint32_t sCookiesLifetimePolicy;
-  static uint32_t sCookiesBehavior;
 
   static nsHtml5StringParser* sHTMLFragmentParser;
   static nsIParser* sXMLFragmentParser;
   static nsIFragmentContentSink* sXMLFragmentSink;
 
   /**
    * True if there's a fragment parser activation on the stack.
    */
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -10905,17 +10905,17 @@ nsGlobalWindow::GetLocalStorage(ErrorRes
 {
   MOZ_RELEASE_ASSERT(IsInnerWindow());
 
   if (!Preferences::GetBool(kStorageEnabled)) {
     return nullptr;
   }
 
   if (!mLocalStorage) {
-    if (!DOMStorage::CanUseStorage(this)) {
+    if (!DOMStorage::CanUseStorage()) {
       aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
       return nullptr;
     }
 
     nsIPrincipal *principal = GetPrincipal();
     if (!principal) {
       return nullptr;
     }
@@ -10923,16 +10923,23 @@ nsGlobalWindow::GetLocalStorage(ErrorRes
     nsresult rv;
     nsCOMPtr<nsIDOMStorageManager> storageManager =
       do_GetService("@mozilla.org/dom/localStorage-manager;1", &rv);
     if (NS_FAILED(rv)) {
       aError.Throw(rv);
       return nullptr;
     }
 
+    // If the document has the sandboxed origin flag set
+    // don't allow access to localStorage.
+    if (mDoc && (mDoc->GetSandboxFlags() & SANDBOXED_ORIGIN)) {
+      aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
+      return nullptr;
+    }
+
     nsString documentURI;
     if (mDoc) {
       mDoc->GetDocumentURI(documentURI);
     }
 
     nsCOMPtr<nsIDOMStorage> storage;
     aError = storageManager->CreateStorage(this, principal, documentURI,
                                            IsPrivateBrowsing(),
@@ -11068,26 +11075,19 @@ already_AddRefed<CacheStorage>
 nsGlobalWindow::GetCaches(ErrorResult& aRv)
 {
   MOZ_ASSERT(IsInnerWindow());
 
   if (!mCacheStorage) {
     bool forceTrustedOrigin =
       GetOuterWindowInternal()->GetServiceWorkersTestingEnabled();
 
-    nsContentUtils::StorageAccess access =
-      nsContentUtils::StorageAllowedForWindow(this);
-
-    // We don't block the cache API when being told to only allow storage for the
-    // current session.
-    bool storageBlocked = access <= nsContentUtils::StorageAccess::ePrivateBrowsing;
-
     mCacheStorage = CacheStorage::CreateOnMainThread(cache::DEFAULT_NAMESPACE,
                                                      this, GetPrincipal(),
-                                                     storageBlocked,
+                                                     IsPrivateBrowsing(),
                                                      forceTrustedOrigin, aRv);
   }
 
   nsRefPtr<CacheStorage> ref = mCacheStorage;
   return ref.forget();
 }
 
 void
--- a/dom/cache/CacheStorage.cpp
+++ b/dom/cache/CacheStorage.cpp
@@ -140,25 +140,25 @@ IsTrusted(const PrincipalInfo& aPrincipa
          hostname.EqualsLiteral("::1");
 }
 
 } // namespace
 
 // static
 already_AddRefed<CacheStorage>
 CacheStorage::CreateOnMainThread(Namespace aNamespace, nsIGlobalObject* aGlobal,
-                                 nsIPrincipal* aPrincipal, bool aStorageDisabled,
+                                 nsIPrincipal* aPrincipal, bool aPrivateBrowsing,
                                  bool aForceTrustedOrigin, ErrorResult& aRv)
 {
   MOZ_ASSERT(aGlobal);
   MOZ_ASSERT(aPrincipal);
   MOZ_ASSERT(NS_IsMainThread());
 
-  if (aStorageDisabled) {
-    NS_WARNING("CacheStorage has been disabled.");
+  if (aPrivateBrowsing) {
+    NS_WARNING("CacheStorage not supported during private browsing.");
     nsRefPtr<CacheStorage> ref = new CacheStorage(NS_ERROR_DOM_SECURITY_ERR);
     return ref.forget();
   }
 
   PrincipalInfo principalInfo;
   nsresult rv = PrincipalToPrincipalInfo(aPrincipal, &principalInfo);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     aRv.Throw(rv);
@@ -184,22 +184,16 @@ CacheStorage::CreateOnMainThread(Namespa
 already_AddRefed<CacheStorage>
 CacheStorage::CreateOnWorker(Namespace aNamespace, nsIGlobalObject* aGlobal,
                              WorkerPrivate* aWorkerPrivate, ErrorResult& aRv)
 {
   MOZ_ASSERT(aGlobal);
   MOZ_ASSERT(aWorkerPrivate);
   aWorkerPrivate->AssertIsOnWorkerThread();
 
-  if (!aWorkerPrivate->IsStorageAllowed()) {
-    NS_WARNING("CacheStorage is not allowed.");
-    nsRefPtr<CacheStorage> ref = new CacheStorage(NS_ERROR_DOM_SECURITY_ERR);
-    return ref.forget();
-  }
-
   if (aWorkerPrivate->IsInPrivateBrowsing()) {
     NS_WARNING("CacheStorage not supported during private browsing.");
     nsRefPtr<CacheStorage> ref = new CacheStorage(NS_ERROR_DOM_SECURITY_ERR);
     return ref.forget();
   }
 
   nsRefPtr<Feature> feature = Feature::Create(aWorkerPrivate);
   if (!feature) {
--- a/dom/cache/CacheStorage.h
+++ b/dom/cache/CacheStorage.h
@@ -44,17 +44,17 @@ class CacheStorage final : public nsIIPC
                          , public nsWrapperCache
                          , public TypeUtils
 {
   typedef mozilla::ipc::PBackgroundChild PBackgroundChild;
 
 public:
   static already_AddRefed<CacheStorage>
   CreateOnMainThread(Namespace aNamespace, nsIGlobalObject* aGlobal,
-                     nsIPrincipal* aPrincipal, bool aStorageDisabled,
+                     nsIPrincipal* aPrincipal, bool aPrivateBrowsing,
                      bool aForceTrustedOrigin, ErrorResult& aRv);
 
   static already_AddRefed<CacheStorage>
   CreateOnWorker(Namespace aNamespace, nsIGlobalObject* aGlobal,
                  workers::WorkerPrivate* aWorkerPrivate, ErrorResult& aRv);
 
   // webidl interface methods
   already_AddRefed<Promise> Match(const RequestOrUSVString& aRequest,
--- a/dom/indexedDB/IDBFactory.cpp
+++ b/dom/indexedDB/IDBFactory.cpp
@@ -357,61 +357,77 @@ IDBFactory::AllowedForWindowInternal(nsP
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(aWindow);
   MOZ_ASSERT(aWindow->IsInnerWindow());
 
   if (NS_WARN_IF(!IndexedDatabaseManager::GetOrCreate())) {
     return NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR;
   }
 
-  nsContentUtils::StorageAccess access =
-    nsContentUtils::StorageAllowedForWindow(aWindow);
-
-  // the factory callsite records whether the browser is in private browsing.
-  // and thus we don't have to respect that setting here. IndexedDB has no
-  // concept of session-local storage, and thus ignores it.
-  if (access == nsContentUtils::StorageAccess::eDeny) {
+  nsIDocument* document = aWindow->GetExtantDoc();
+  if (document->GetSandboxFlags() & SANDBOXED_ORIGIN) {
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
   nsCOMPtr<nsIScriptObjectPrincipal> sop = do_QueryInterface(aWindow);
   MOZ_ASSERT(sop);
 
   nsCOMPtr<nsIPrincipal> principal = sop->GetPrincipal();
   if (NS_WARN_IF(!principal)) {
     return NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR;
-
   }
 
-  if (nsContentUtils::IsSystemPrincipal(principal)) {
+  bool isSystemPrincipal;
+  if (!AllowedForPrincipal(principal, &isSystemPrincipal)) {
+    return NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR;
+  }
+
+  if (isSystemPrincipal) {
     principal.forget(aPrincipal);
     return NS_OK;
   }
 
-  // About URIs shouldn't be able to access IndexedDB unless they have the
-  // nsIAboutModule::ENABLE_INDEXED_DB flag set on them.
+  // Whitelist about:home, since it doesn't have a base domain it would not
+  // pass the ThirdPartyUtil check, though it should be able to use indexedDB.
+  bool skipThirdPartyCheck = false;
+
   nsCOMPtr<nsIURI> uri;
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(principal->GetURI(getter_AddRefs(uri))));
-  MOZ_ASSERT(uri);
 
-  bool isAbout = false;
+  bool isAbout;
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(uri->SchemeIs("about", &isAbout)));
 
   if (isAbout) {
     nsCOMPtr<nsIAboutModule> module;
     if (NS_SUCCEEDED(NS_GetAboutModule(uri, getter_AddRefs(module)))) {
       uint32_t flags;
       if (NS_SUCCEEDED(module->GetURIFlags(uri, &flags))) {
-        if (!(flags & nsIAboutModule::ENABLE_INDEXED_DB)) {
-          return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
-        }
+        skipThirdPartyCheck = flags & nsIAboutModule::ENABLE_INDEXED_DB;
       } else {
-        return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
+        NS_WARNING("GetURIFlags failed!");
       }
     } else {
+      NS_WARNING("NS_GetAboutModule failed!");
+    }
+  }
+
+  if (!skipThirdPartyCheck) {
+    nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
+      do_GetService(THIRDPARTYUTIL_CONTRACTID);
+    MOZ_ASSERT(thirdPartyUtil);
+
+    bool isThirdParty;
+    if (NS_WARN_IF(NS_FAILED(
+          thirdPartyUtil->IsThirdPartyWindow(aWindow,
+                                             nullptr,
+                                             &isThirdParty)))) {
+      return NS_ERROR_DOM_INDEXEDDB_UNKNOWN_ERR;
+    }
+
+    if (isThirdParty) {
       return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
     }
   }
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
--- a/dom/indexedDB/test/test_third_party.html
+++ b/dom/indexedDB/test/test_third_party.html
@@ -5,41 +5,21 @@
 <html>
 <head>
   <title>Indexed Database Test</title>
 
   <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
 
   <script type="text/javascript;version=1.7">
-    const BEHAVIOR_ACCEPT = 0;
-    const BEHAVIOR_REJECTFOREIGN = 1;
-    const BEHAVIOR_REJECT = 2;
-    const BEHAVIOR_LIMITFOREIGN = 3;
-
     const testData = [
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_ACCEPT, expectedResult: true },
-      { host: "http://example.com", cookieBehavior: BEHAVIOR_ACCEPT, expectedResult: true },
-      { host: "http://sub1.test2.example.org:8000", cookieBehavior: BEHAVIOR_ACCEPT, expectedResult: true },
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_ACCEPT, expectedResult: true },
-
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_REJECT, expectedResult: false },
-      { host: "http://example.com", cookieBehavior: BEHAVIOR_REJECT, expectedResult: false },
-      { host: "http://sub1.test2.example.org:8000", cookieBehavior: BEHAVIOR_REJECT, expectedResult: false },
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_REJECT, expectedResult: false },
-
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_REJECTFOREIGN, expectedResult: true },
-      { host: "http://example.com", cookieBehavior: BEHAVIOR_REJECTFOREIGN, expectedResult: false },
-      { host: "http://sub1.test2.example.org:8000", cookieBehavior: BEHAVIOR_REJECTFOREIGN, expectedResult: false },
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_REJECTFOREIGN, expectedResult: true },
-
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_LIMITFOREIGN, expectedResult: true },
-      { host: "http://example.com", cookieBehavior: BEHAVIOR_LIMITFOREIGN, expectedResult: false },
-      { host: "http://sub1.test2.example.org:8000", cookieBehavior: BEHAVIOR_LIMITFOREIGN, expectedResult: false },
-      { host: "http://" + window.location.host, cookieBehavior: BEHAVIOR_LIMITFOREIGN, expectedResult: true }
+      { host: "http://" + window.location.host, expectedResult: true },
+      { host: "http://example.com", expectedResult: false },
+      { host: "http://sub1.test2.example.org:8000", expectedResult: false },
+      { host: "http://" + window.location.host, expectedResult: true }
     ];
 
     const iframe1Path =
       window.location.pathname.replace("test_third_party.html",
                                        "third_party_iframe1.html");
     const iframe2URL =
       "http://" + window.location.host +
       window.location.pathname.replace("test_third_party.html",
@@ -56,22 +36,18 @@
 
     function setiframe() {
       let iframe = document.getElementById("iframe1");
 
       if (!testRunning) {
         testRunning = true;
         iframe.addEventListener("load", iframeLoaded, false);
       }
-      SpecialPowers.pushPrefEnv({
-        'set': [["network.cookie.cookieBehavior", testData[testIndex].cookieBehavior]]
-      }, () => {
-        iframe.src = testData[testIndex].host + iframe1Path;
-      });
-      // SpecialPowers.setIntPref("network.cookie.cookieBehavior", testData[testIndex].cookieBehavior);
+
+      iframe.src = testData[testIndex].host + iframe1Path;
     }
 
     function messageListener(event) {
       let message = eval(event.data);
 
       is(message.source, "iframe", "Good source");
       is(message.result, testData[testIndex].expectedResult, "Good result");
 
--- a/dom/storage/DOMStorage.cpp
+++ b/dom/storage/DOMStorage.cpp
@@ -8,24 +8,23 @@
 #include "DOMStorageCache.h"
 #include "DOMStorageManager.h"
 
 #include "nsIObserverService.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIPermissionManager.h"
 #include "nsIPrincipal.h"
 #include "nsICookiePermission.h"
-#include "nsPIDOMWindow.h"
+#include "nsICookieService.h"
 
 #include "mozilla/dom/StorageBinding.h"
 #include "mozilla/dom/StorageEvent.h"
 #include "mozilla/dom/StorageEventBinding.h"
 #include "mozilla/Services.h"
 #include "mozilla/Preferences.h"
-#include "mozilla/EnumSet.h"
 #include "nsThreadUtils.h"
 #include "nsContentUtils.h"
 #include "nsServiceManagerUtils.h"
 
 namespace mozilla {
 namespace dom {
 
 NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(DOMStorage, mManager, mPrincipal, mWindow)
@@ -66,53 +65,53 @@ DOMStorage::~DOMStorage()
 DOMStorage::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
 {
   return StorageBinding::Wrap(aCx, this, aGivenProto);
 }
 
 uint32_t
 DOMStorage::GetLength(ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return 0;
   }
 
   uint32_t length;
   aRv = mCache->GetLength(this, &length);
   return length;
 }
 
 void
 DOMStorage::Key(uint32_t aIndex, nsAString& aResult, ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
 
   aRv = mCache->GetKey(this, aIndex, aResult);
 }
 
 void
 DOMStorage::GetItem(const nsAString& aKey, nsAString& aResult, ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
 
   aRv = mCache->GetItem(this, aKey, aResult);
 }
 
 void
 DOMStorage::SetItem(const nsAString& aKey, const nsAString& aData,
                     ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
 
   Telemetry::Accumulate(GetType() == LocalStorage
       ? Telemetry::LOCALDOMSTORAGE_KEY_SIZE_BYTES
       : Telemetry::SESSIONDOMSTORAGE_KEY_SIZE_BYTES, aKey.Length());
   Telemetry::Accumulate(GetType() == LocalStorage
@@ -135,17 +134,17 @@ DOMStorage::SetItem(const nsAString& aKe
   if (!aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION)) {
     BroadcastChangeNotification(aKey, old, aData);
   }
 }
 
 void
 DOMStorage::RemoveItem(const nsAString& aKey, ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
 
   nsAutoString old;
   aRv = mCache->RemoveItem(this, aKey, old);
   if (aRv.Failed()) {
     return;
@@ -154,17 +153,17 @@ DOMStorage::RemoveItem(const nsAString& 
   if (!aRv.ErrorCodeIs(NS_SUCCESS_DOM_NO_OPERATION)) {
     BroadcastChangeNotification(aKey, old, NullString());
   }
 }
 
 void
 DOMStorage::Clear(ErrorResult& aRv)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
     return;
   }
 
   aRv = mCache->Clear(this);
   if (NS_WARN_IF(aRv.Failed())) {
     return;
   }
@@ -232,42 +231,70 @@ DOMStorage::BroadcastChangeNotification(
 
 static const char kPermissionType[] = "cookie";
 static const char kStorageEnabled[] = "dom.storage.enabled";
 static const char kCookiesBehavior[] = "network.cookie.cookieBehavior";
 static const char kCookiesLifetimePolicy[] = "network.cookie.lifetimePolicy";
 
 // static, public
 bool
-DOMStorage::CanUseStorage(nsPIDOMWindow* aWindow, DOMStorage* aStorage)
+DOMStorage::CanUseStorage(DOMStorage* aStorage)
 {
   // This method is responsible for correct setting of mIsSessionOnly.
   // It doesn't work with mIsPrivate flag at all, since it is checked
   // regardless mIsSessionOnly flag in DOMStorageCache code.
+  if (aStorage) {
+    aStorage->mIsSessionOnly = false;
+  }
 
   if (!mozilla::Preferences::GetBool(kStorageEnabled)) {
     return false;
   }
 
-  nsContentUtils::StorageAccess access = nsContentUtils::StorageAccess::eDeny;
-  if (aWindow) {
-    access = nsContentUtils::StorageAllowedForWindow(aWindow);
-  } else if (aStorage) {
-    access = nsContentUtils::StorageAllowedForPrincipal(aStorage->mPrincipal);
+  // chrome can always use aStorage regardless of permission preferences
+  nsCOMPtr<nsIPrincipal> subjectPrincipal =
+    nsContentUtils::SubjectPrincipal();
+  if (nsContentUtils::IsSystemPrincipal(subjectPrincipal)) {
+    return true;
   }
 
-  if (access == nsContentUtils::StorageAccess::eDeny) {
+  nsCOMPtr<nsIPermissionManager> permissionManager =
+    services::GetPermissionManager();
+  if (!permissionManager) {
+    return false;
+  }
+
+  uint32_t perm;
+  permissionManager->TestPermissionFromPrincipal(subjectPrincipal,
+                                                 kPermissionType, &perm);
+
+  if (perm == nsIPermissionManager::DENY_ACTION) {
     return false;
   }
 
-  if (aStorage) {
-    aStorage->mIsSessionOnly = access <= nsContentUtils::StorageAccess::eSessionScoped;
+  if (perm == nsICookiePermission::ACCESS_SESSION) {
+    if (aStorage) {
+      aStorage->mIsSessionOnly = true;
+    }
+  } else if (perm != nsIPermissionManager::ALLOW_ACTION) {
+    uint32_t cookieBehavior = Preferences::GetUint(kCookiesBehavior);
+    uint32_t lifetimePolicy = Preferences::GetUint(kCookiesLifetimePolicy);
 
-    nsCOMPtr<nsIPrincipal> subjectPrincipal =
-      nsContentUtils::SubjectPrincipal();
+    // Treat "ask every time" as "reject always".
+    if (cookieBehavior == nsICookieService::BEHAVIOR_REJECT ||
+        lifetimePolicy == nsICookieService::ASK_BEFORE_ACCEPT) {
+      return false;
+    }
+
+    if (lifetimePolicy == nsICookieService::ACCEPT_SESSION && aStorage) {
+      aStorage->mIsSessionOnly = true;
+    }
+  }
+
+  if (aStorage) {
     return aStorage->CanAccess(subjectPrincipal);
   }
 
   return true;
 }
 
 DOMStorage::StorageType
 DOMStorage::GetType() const
@@ -295,17 +322,17 @@ bool
 DOMStorage::CanAccess(nsIPrincipal* aPrincipal)
 {
   return !aPrincipal || aPrincipal->Subsumes(mPrincipal);
 }
 
 void
 DOMStorage::GetSupportedNames(unsigned, nsTArray<nsString>& aKeys)
 {
-  if (!CanUseStorage(nullptr, this)) {
+  if (!CanUseStorage(this)) {
     // return just an empty array
     aKeys.Clear();
     return;
   }
 
   mCache->GetKeys(this, aKeys);
 }
 
--- a/dom/storage/DOMStorage.h
+++ b/dom/storage/DOMStorage.h
@@ -13,17 +13,16 @@
 #include "nsAutoPtr.h"
 #include "nsCycleCollectionParticipant.h"
 #include "nsWeakReference.h"
 #include "nsWrapperCache.h"
 #include "nsISupports.h"
 
 class nsIPrincipal;
 class nsIDOMWindow;
-class nsPIDOMWindow;
 
 namespace mozilla {
 namespace dom {
 
 class DOMStorageManager;
 class DOMStorageCache;
 
 class DOMStorage final
@@ -118,17 +117,17 @@ public:
 
   // The method checks whether the caller can use a storage.
   // CanUseStorage is called before any DOM initiated operation
   // on a storage is about to happen and ensures that the storage's
   // session-only flag is properly set according the current settings.
   // It is an optimization since the privileges check and session only
   // state determination are complex and share the code (comes hand in
   // hand together).
-  static bool CanUseStorage(nsPIDOMWindow* aWindow, DOMStorage* aStorage = nullptr);
+  static bool CanUseStorage(DOMStorage* aStorage = nullptr);
 
   bool IsPrivate() const { return mIsPrivate; }
   bool IsSessionOnly() const { return mIsSessionOnly; }
 
   bool IsForkOf(const DOMStorage* aOther) const
   {
     MOZ_ASSERT(aOther);
     return mCache == aOther->mCache;
deleted file mode 100644
--- a/dom/tests/mochitest/general/frameStorageAllowed.html
+++ /dev/null
@@ -1,22 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>frame for storage allowed test</title>
-
-<script type="text/javascript" src="//example.com/tests/dom/tests/mochitest/general/storagePermissionsUtils.js"></script>
-<script type="text/javascript">
-
-  task(function* () {
-    // We should be able to access storage
-    yield storageAllowed();
-
-    // We should be able to run a web worker which can access storage
-    yield runWorker("workerStorageAllowed.js");
-  });
-
-</script>
-
-</head>
-
-<body>
-</body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/frameStorageChrome.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>frame for storage allowed test</title>
-
-<script type="text/javascript" src="//example.com/tests/dom/tests/mochitest/general/storagePermissionsUtils.js"></script>
-<script type="text/javascript">
-
-  task(function* () {
-    // We just check if we can access storage as chrome using special powers!
-    yield chromePower();
-  });
-
-</script>
-
-</head>
-
-<body>
-</body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/frameStorageNullprincipal.sjs
+++ /dev/null
@@ -1,36 +0,0 @@
-// This is a sjs file which reads in frameStoragePrevented.html, and writes it out as a data: URI, which this page redirects to.
-// This produces a URI with the null principal, which should be unable to access storage.
-// We append the #nullprincipal hash to the end of the data: URI to tell the script that it shouldn't try to spawn a webworker,
-// as it won't be allowed to, as it has a null principal.
-
-function handleRequest(request, response) {
-  // Get the nsIFile for frameStoragePrevented.html
-  var file;
-  getObjectState("SERVER_ROOT", function(serverRoot) {
-    file = serverRoot.getFile("/tests/dom/tests/mochitest/general/frameStoragePrevented.html");
-  });
-
-  // Set up the file streams to read in the file as UTF-8
-  let fstream = Components.classes["@mozilla.org/network/file-input-stream;1"].
-      createInstance(Components.interfaces.nsIFileInputStream);
-  fstream.init(file, -1, 0, 0);
-  let cstream = Components.classes["@mozilla.org/intl/converter-input-stream;1"].
-      createInstance(Components.interfaces.nsIConverterInputStream);
-  cstream.init(fstream, "UTF-8", 0, 0);
-
-  // Read in the file, and concatenate it onto the data string
-  let data = "";
-  let str = {};
-  let read = 0;
-  do {
-    read = cstream.readString(0xffffffff, str);
-    data += str.value;
-  } while (read != 0);
-
-  // No scheme is provided in data URIs, so explicitly provide one
-  data = data.replace('//example.com', 'http://example.com');
-
-  // Write out the file as a data: URI, and redirect to it
-  response.setStatusLine('1.1', 302, 'Found');
-  response.setHeader('Location', 'data:text/html,' + encodeURIComponent(data) + "#nullprincipal");
-}
deleted file mode 100644
--- a/dom/tests/mochitest/general/frameStoragePrevented.html
+++ /dev/null
@@ -1,35 +0,0 @@
-
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>frame for storage prevented test</title>
-
-<script type="text/javascript" src="//example.com/tests/dom/tests/mochitest/general/storagePermissionsUtils.js"></script>
-<script type="text/javascript">
-
-  task(function* () {
-    // We shouldn't be able to access storage
-    yield storagePrevented();
-
-    // This hash of the URI is set to #nullprincipal by the test if the current page has a null principal,
-    // and thus attempting to create a dedicated worker will throw
-    if (location.hash == "#nullprincipal") {
-      try {
-        new Worker("workerStoragePrevented.js");
-        ok(false, "Running workers should not have been allowed");
-      } catch (e) {
-        ok(true, "Running workers was prevented");
-      }
-      return;
-    }
-
-    // Try to run a worker, which shouldn't be able to access storage
-    yield runWorker("workerStoragePrevented.js");
-  });
-
-</script>
-
-</head>
-
-<body>
-</body>
-</html>
--- a/dom/tests/mochitest/general/mochitest.ini
+++ b/dom/tests/mochitest/general/mochitest.ini
@@ -32,23 +32,16 @@ support-files =
   res6.resource^headers^
   res7.resource
   res7.resource^headers^
   res8.resource
   res8.resource^headers^
   resource_timing.js
   navigation_timing.html
   test_bug1012662_common.js
-  frameStorageAllowed.html
-  frameStoragePrevented.html
-  frameStorageChrome.html
-  frameStorageNullprincipal.sjs
-  workerStorageAllowed.js
-  workerStoragePrevented.js
-  storagePermissionsUtils.js
 
 [test_497898.html]
 skip-if = ((buildapp == 'mulet' || buildapp == 'b2g') && toolkit != 'gonk') || toolkit == 'android' #Bug 931116, b2g desktop specific, initial triage
 [test_bug504220.html]
 [test_bug628069_1.html]
 skip-if = (buildapp == 'b2g' && toolkit != 'gonk') #Bug 931116, b2g desktop specific, initial triage
 [test_bug628069_2.html]
 [test_bug631440.html]
@@ -107,12 +100,8 @@ skip-if = (buildapp == 'b2g' && toolkit 
 [test_windowedhistoryframes.html]
 skip-if = (buildapp == 'b2g' && toolkit != 'gonk') #Bug 931116, b2g desktop specific, initial triage
 [test_navigation_timing.html]
 skip-if = buildapp == 'b2g' || buildapp == 'mulet'
 [test_bug1012662_editor.html]
 [test_bug1012662_noeditor.html]
 [test_bug1161721.html]
 [test_bug1170911.html]
-[test_storagePermissionsAccept.html]
-[test_storagePermissionsRejectForeign.html]
-[test_storagePermissionsReject.html]
-[test_storagePermissionsLimitForeign.html]
deleted file mode 100644
--- a/dom/tests/mochitest/general/storagePermissionsUtils.js
+++ /dev/null
@@ -1,256 +0,0 @@
-const BEHAVIOR_ACCEPT = 0;
-const BEHAVIOR_REJECT_FOREIGN = 1;
-const BEHAVIOR_REJECT = 2;
-const BEHAVIOR_LIMIT_FOREIGN = 3;
-
-const kPrefName = "network.cookie.cookieBehavior";
-
-// Check if we are in frame, and declare ok and finishTest appropriately
-const inFrame = ("" + location).match(/frame/);
-if (inFrame) {
-  ok = function(a, message) {
-    if (!a) {
-      parent.postMessage("FAILURE: " + message, "http://mochi.test:8888");
-    } else {
-      parent.postMessage(message, "http://mochi.test:8888");
-    }
-  };
-
-  finishTest = function() {
-    parent.postMessage("done", "http://mochi.test:8888");
-  };
-} else {
-  finishTest = function() {
-    SimpleTest.finish();
-  };
-}
-
-function setCookieBehavior(behavior) {
-    return new Promise((resolve, reject) => {
-        SpecialPowers.pushPrefEnv({"set": [[kPrefName, behavior]]}, resolve);
-    });
-}
-
-function runIFrame(url) {
-  return new Promise((resolve, reject) => {
-    function onMessage(e)  {
-      if (e.data == "done") {
-        resolve();
-        window.removeEventListener('message', onMessage);
-        return;
-      }
-
-      ok(!e.data.match(/^FAILURE/), e.data + " (IFRAME = " + url + ")");
-    }
-    window.addEventListener('message', onMessage, false);
-
-    document.querySelector('iframe').src = url;
-  });
-}
-
-function runWorker(url) {
-  return new Promise((resolve, reject) => {
-    var worker = new Worker(url);
-    worker.addEventListener('message', function(e) {
-      if (e.data == "done") {
-        resolve();
-        return;
-      }
-
-      ok(!e.data.match(/^FAILURE/), e.data + " (WORKER = " + url + ")");
-    });
-  });
-}
-
-function chromePower() {
-  try {
-    SpecialPowers.wrap(window).localStorage.getItem("X");
-    ok(true, "getting localStorage didn't throw");
-  } catch (e) {
-    ok(false, "getting localStorage should not throw");
-  }
-
-  try {
-    SpecialPowers.wrap(window).sessionStorage.getItem("X");
-    ok(true, "getting sessionStorage didn't throw");
-  } catch (e) {
-    ok(false, "getting sessionStorage should not throw");
-  }
-
-  try {
-    SpecialPowers.wrap(window).indexedDB;
-    ok(true, "getting indexedDB didn't throw");
-  } catch (e) {
-    ok(false, "getting indexedDB should not throw");
-  }
-
-  try {
-    var promise = SpecialPowers.wrap(window).caches.keys();
-    ok(true, "getting caches didn't throw");
-
-    return new Promise((resolve, reject) => {
-      promise.then(function() {
-        ok(location.protocol == "https:", "The promise was not rejected");
-        resolve();
-      }, function(e) {
-        ok(location.protocol != "https:", "The promise should not have been rejected: " + e);
-        resolve();
-      });
-    });
-  } catch (e) {
-    ok(false, "getting caches should not have thrown");
-    return Promise.resolve();
-  }
-}
-
-function storageAllowed() {
-  try {
-    localStorage.getItem("X");
-    ok(true, "getting localStorage didn't throw");
-  } catch (e) {
-    ok(false, "getting localStorage should not throw");
-  }
-
-  try {
-    sessionStorage.getItem("X");
-    ok(true, "getting sessionStorage didn't throw");
-  } catch (e) {
-    ok(false, "getting sessionStorage should not throw");
-  }
-
-  try {
-    indexedDB;
-    ok(true, "getting indexedDB didn't throw");
-  } catch (e) {
-    ok(false, "getting indexedDB should not throw");
-  }
-
-  try {
-    var promise = caches.keys();
-    ok(true, "getting caches didn't throw");
-
-    return new Promise((resolve, reject) => {
-      promise.then(function() {
-        ok(location.protocol == "https:", "The promise was not rejected");
-        resolve();
-      }, function() {
-        ok(location.protocol != "https:", "The promise should not have been rejected");
-        resolve();
-      });
-    });
-  } catch (e) {
-    ok(false, "getting caches should not have thrown");
-    return Promise.resolve();
-  }
-}
-
-function storagePrevented() {
-  try {
-    localStorage.getItem("X");
-    ok(false, "getting localStorage should have thrown");
-  } catch (e) {
-    ok(true, "getting localStorage threw");
-  }
-
-  if (location.hash == "#thirdparty") {
-    // No matter what the user's preferences are, we don't block
-    // sessionStorage in 3rd-party iframes. We do block them everywhere
-    // else however.
-    try {
-      sessionStorage.getItem("X");
-      ok(true, "getting sessionStorage didn't throw");
-    } catch (e) {
-      ok(false, "getting sessionStorage should not have thrown");
-    }
-  } else {
-    try {
-      sessionStorage.getItem("X");
-      ok(false, "getting sessionStorage should have thrown");
-    } catch (e) {
-      ok(true, "getting sessionStorage threw");
-    }
-  }
-
-  try {
-    indexedDB;
-    ok(false, "getting indexedDB should have thrown");
-  } catch (e) {
-    ok(true, "getting indexedDB threw");
-  }
-
-  try {
-    var promise = caches.keys();
-    ok(true, "getting caches didn't throw");
-
-    return new Promise((resolve, reject) => {
-      promise.then(function() {
-        ok(false, "The promise should have rejected");
-        resolve();
-      }, function() {
-        ok(true, "The promise was rejected");
-        resolve();
-      });
-    });
-  } catch (e) {
-    ok(false, "getting caches should not have thrown");
-
-    return Promise.resolve();
-  }
-}
-
-function task(fn) {
-  if (!inFrame) {
-    SimpleTest.waitForExplicitFinish();
-  }
-
-  var gen = fn();
-
-  function next_step(val, e) {
-    var it;
-    try {
-      if (typeof e !== "undefined") {
-        it = gen.throw(e);
-      } else {
-        it = gen.next(val);
-      }
-    } catch (e) {
-      ok(false, "An error was thrown while stepping: " + e);
-      ok(false, "Stack: " + e.stack);
-      finishTest();
-    }
-
-    if (it.done) {
-      finishTest();
-      return;
-    }
-    it.value.then(next_step, (e) => next_step(null, e));
-  }
-
-  next_step();
-}
-
-var thirdparty = "https://example.com/tests/dom/tests/mochitest/general/";
-
-// XXX B2G HACK
-
-var b2gOnly = (function() {
-  function pref(name) {
-    try {
-      return SpecialPowers.getBoolPref(name);
-    } catch (e) {
-      // Out of an over-abundance of caution, don't use https
-      // if we can't check the pref
-      return true;
-    }
-  }
-
-  var isAndroid = !!navigator.userAgent.includes("Android");
-  var isMulet = pref("b2g.is_mulet");
-  var isB2g = isMulet || (!isAndroid && /Mobile|Tablet/.test(navigator.userAgent));
-  return isB2g ? true : undefined;
-})();
-
-// Switch to http:// in b2g because https:// in tests isn't supported
-if (b2gOnly) {
-  thirdparty = "http://example.com/tests/dom/tests/mochitest/general/";
-}
deleted file mode 100644
--- a/dom/tests/mochitest/general/test_storagePermissionsAccept.html
+++ /dev/null
@@ -1,42 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Storage Permission Restrictions</title>
-
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <script type="text/javascript" src="storagePermissionsUtils.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <iframe></iframe>
-
-    <script type="text/javascript">
-
-task(function* () {
-  yield setCookieBehavior(BEHAVIOR_ACCEPT);
-
-  // We should be able to access storage
-  yield storageAllowed();
-
-  // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
-  yield runIFrame("frameStorageAllowed.html");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  yield runIFrame("frameStorageChrome.html");
-
-  // Sandboxed iframes should have the null principal, and thus can't access storage
-  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-  yield runIFrame("frameStoragePrevented.html#nullprincipal");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  document.querySelector('iframe').removeAttribute('sandbox');
-
-  // Thirdparty iframes should be allowed, unless they redirect to a URI with the null principal
-  yield runIFrame(thirdparty + "frameStorageAllowed.html");
-  yield runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-  yield runIFrame(thirdparty + "frameStorageChrome.html");
-
-  // Workers should be able to access storage
-  yield runWorker("workerStorageAllowed.js");
-});
-
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/test_storagePermissionsLimitForeign.html
+++ /dev/null
@@ -1,42 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Storage Permission Restrictions</title>
-
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <script type="text/javascript" src="storagePermissionsUtils.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <iframe></iframe>
-
-    <script type="text/javascript">
-
-task(function* () {
-  yield setCookieBehavior(BEHAVIOR_LIMIT_FOREIGN);
-
-  // We should be able to access storage
-  yield storageAllowed();
-
-  // Same origin iframes should be prevented, unless they have chrome privileges
-  yield runIFrame("frameStorageAllowed.html");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  yield runIFrame("frameStorageChrome.html");
-
-  // Sandboxed iframes should have the null principal, and thus can't access storage
-  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-  yield runIFrame("frameStoragePrevented.html#nullprincipal");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  document.querySelector('iframe').removeAttribute('sandbox');
-
-  // Thirdparty iframes should be blocked, unless they have chrome privileges
-  yield runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
-  yield runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-  yield runIFrame(thirdparty + "frameStorageChrome.html");
-
-  // Workers should be unable to access storage
-  yield runWorker("workerStorageAllowed.js");
-});
-
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/test_storagePermissionsReject.html
+++ /dev/null
@@ -1,41 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Storage Permission Restrictions</title>
-
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <script type="text/javascript" src="storagePermissionsUtils.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <iframe></iframe>
-
-    <script type="text/javascript">
-
-task(function* () {
-  yield setCookieBehavior(BEHAVIOR_REJECT);
-
-  // We should be unable to access storage
-  yield storagePrevented();
-
-  // Same origin iframes should be prevented, unless they have chrome privileges
-  yield runIFrame("frameStoragePrevented.html");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  yield runIFrame("frameStorageChrome.html");
-
-  // Sandboxed iframes should have the null principal, and thus can't access storage
-  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-  yield runIFrame("frameStoragePrevented.html#nullprincipal");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  document.querySelector('iframe').removeAttribute('sandbox');
-
-  // thirdparty iframes should be blocked, unless they have chrome privileges
-  yield runIFrame(thirdparty + "frameStoragePrevented.html");
-  yield runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-
-  // Workers should be unable to access storage
-  yield runWorker("workerStoragePrevented.js");
-});
-
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/test_storagePermissionsRejectForeign.html
+++ /dev/null
@@ -1,42 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-  <head>
-    <title>Storage Permission Restrictions</title>
-
-    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-    <script type="text/javascript" src="storagePermissionsUtils.js"></script>
-    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
-  </head>
-  <body>
-    <iframe></iframe>
-
-    <script type="text/javascript">
-
-task(function* () {
-  yield setCookieBehavior(BEHAVIOR_REJECT_FOREIGN);
-
-  // We should be able to access storage
-  yield storageAllowed();
-
-  // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
-  yield runIFrame("frameStorageAllowed.html");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  yield runIFrame("frameStorageChrome.html");
-
-  // Sandboxed iframes should have the null principal, and thus can't access storage
-  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-  yield runIFrame("frameStoragePrevented.html#nullprincipal");
-  yield runIFrame("frameStorageNullprincipal.sjs");
-  document.querySelector('iframe').removeAttribute('sandbox');
-
-  // thirdparty iframes should be blocked, unless they have chrome privileges
-  yield runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
-  yield runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-  yield runIFrame(thirdparty + "frameStorageChrome.html");
-
-  // Workers should be able to access storage
-  yield runWorker("workerStorageAllowed.js");
-});
-
-    </script>
-  </body>
-</html>
deleted file mode 100644
--- a/dom/tests/mochitest/general/workerStorageAllowed.js
+++ /dev/null
@@ -1,61 +0,0 @@
-// Unfortunately, workers can't share the code from storagePermissionsUtils.
-// These are basic mechanisms for communicating to the test runner.
-
-function ok(condition, text) {
-  if (!condition) {
-    self.postMessage("FAILURE: " + text);
-  } else {
-    self.postMessage(text);
-  }
-}
-
-function finishTest() {
-  self.postMessage("done");
-  self.close();
-}
-
-// Workers don't have access to localstorage or sessionstorage
-ok(typeof self.localStorage == "undefined", "localStorage should be undefined");
-ok(typeof self.sessionStorage == "undefined", "sessionStorage should be undefined");
-
-// Make sure that we can access indexedDB
-try {
-  indexedDB;
-  ok(true, "WORKER getting indexedDB didn't throw");
-} catch (e) {
-  ok(false, "WORKER getting indexedDB should not throw");
-}
-
-// Make sure that we can access caches
-try {
-  var promise = caches.keys();
-  ok(true, "WORKER getting caches didn't throw");
-
-  promise.then(function() {
-    ok(location.protocol == "https:", "WORKER The promise was not rejected");
-    workerTest();
-  }, function() {
-    ok(location.protocol != "https:", "WORKER The promise should not have been rejected");
-    workerTest();
-  });
-} catch (e) {
-  ok(false, "WORKER getting caches should not have thrown");
-}
-
-// Try to spawn an inner worker, and make sure that it can also access storage
-function workerTest() {
-  if (location.hash == "#inner") { // Don't recurse infinitely, if we are the inner worker, don't spawn another
-    finishTest();
-    return;
-  }
-  // Create the inner worker, and listen for test messages from it
-  var worker = new Worker("workerStorageAllowed.js#inner");
-  worker.addEventListener('message', function(e) {
-    if (e.data == "done") {
-      finishTest();
-      return;
-    }
-
-    ok(!e.data.match(/^FAILURE/), e.data + " (WORKER = workerStorageAllowed.js#inner)");
-  });
-}
deleted file mode 100644
--- a/dom/tests/mochitest/general/workerStoragePrevented.js
+++ /dev/null
@@ -1,61 +0,0 @@
-// Unfortunately, workers can't share the code from storagePermissionsUtils.
-// These are basic mechanisms for communicating to the test runner.
-
-function ok(condition, text) {
-  if (!condition) {
-    self.postMessage("FAILURE: " + text);
-  } else {
-    self.postMessage(text);
-  }
-}
-
-function finishTest() {
-  self.postMessage("done");
-  self.close();
-}
-
-// Workers don't have access to localstorage or sessionstorage
-ok(typeof self.localStorage == "undefined", "localStorage should be undefined");
-ok(typeof self.sessionStorage == "undefined", "sessionStorage should be undefined");
-
-// Make sure that we can't access indexedDB
-try {
-  indexedDB;
-  ok(false, "WORKER getting indexedDB should have thrown");
-} catch (e) {
-  ok(true, "WORKER getting indexedDB threw");
-}
-
-// Make sure that we can't access caches
-try {
-  var promise = caches.keys();
-  ok(true, "WORKER getting caches didn't throw");
-
-  promise.then(function() {
-    ok(false, "WORKER The promise should have rejected");
-    workerTest();
-  }, function() {
-    ok(true, "WORKER The promise was rejected");
-    workerTest();
-  });
-} catch (e) {
-  ok(false, "WORKER getting caches should not have thrown");
-}
-
-// Try to spawn an inner worker, and make sure that it also can't access storage
-function workerTest() {
-  if (location.hash == "#inner") { // Don't recurse infinitely, if we are the inner worker, don't spawn another
-    finishTest();
-    return;
-  }
-  // Create the inner worker, and listen for test messages from it
-  var worker = new Worker("workerStoragePrevented.js#inner");
-  worker.addEventListener('message', function(e) {
-    if (e.data == "done") {
-      finishTest();
-      return;
-    }
-
-    ok(!e.data.match(/^FAILURE/), e.data + " (WORKER = workerStoragePrevented.js#inner)");
-  });
-}
deleted file mode 100644
--- a/dom/tests/mochitest/localstorage/frameLocalStorageCookieSettings.html
+++ /dev/null
@@ -1,20 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<title>localStorage cookies settings test</title>
-
-<script type="text/javascript" src="interOriginFrame.js"></script>
-
-</head>
-<body>
-<script type="text/javascript">
-  try {
-    localStorage.setItem("contentkey", "test-value");
-    ok(false, "Setting localStorageItem should throw a security exception");
-  } catch(ex) {
-    is(ex.name, "SecurityError");
-  }
-
-  finishTest();
-</script>
-</body>
-</html>
--- a/dom/tests/mochitest/localstorage/interOriginFrame.js
+++ b/dom/tests/mochitest/localstorage/interOriginFrame.js
@@ -44,14 +44,12 @@ function is(a, b, message)
 
 function todo(a, b, message)
 {
   postMsg("TODO: " + message + ", expected "+b+" got "+a);
 }
 
 function finishTest()
 {
-  try {
-    localStorage.clear();
-  } catch (e) {}
+  localStorage.clear();
   postMsg("done");
   return false;
 }
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@@ -1,13 +1,12 @@
 [DEFAULT]
 support-files =
   frameAppIsolation.html
   frameChromeSlave.html
-  frameLocalStorageCookieSettings.html
   frameKeySync.html
   frameMasterEqual.html
   frameMasterNotEqual.html
   frameOrder.html
   frameQuota.html
   frameQuotaSessionOnly.html
   frameReplace.html
   frameSlaveEqual.html
--- a/dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
+++ b/dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
@@ -1,20 +1,15 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>localStorage cookies settings test</title>
 
 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
-<script type="text/javascript" src="interOriginTest.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 
-</head>
-<body>
-<iframe></iframe>
-
 <script type="text/javascript">
 
 SimpleTest.waitForExplicitFinish();
 
 // Set cookies behavior to "always reject".
 SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 2]]},
                           test1);
 
@@ -37,38 +32,16 @@ function test2() {
   try {
     localStorage.setItem("contentkey", "test-value");
     ok(false, "Setting localStorageItem should throw a security exception");
   }
   catch(ex) {
     is(ex.name, "SecurityError");
   }
 
-  // Set cookies behavior to "reject 3rd party"
-  SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 1]],
-                             "clear": [["network.cookie.lifetimePolicy"]]},
-                            test3);
-}
-
-function test3() {
-  try {
-    localStorage.setItem("contentkey", "test-value");
-    ok(true, "Setting localStorageItem should not throw a security exception");
-  }
-  catch(ex) {
-    ok(false, "Setting localStorageItem should not throw a security exception");
-  }
-
-  var fileTest = (location.protocol + "//example.com" + location.pathname)
-                 .replace("test_l", "frameL");
-
-  var myframe = document.querySelector("iframe");
-  myframe.src = fileTest;
-}
-
-// Called by interOriginTest.js
-function doNextTest() {
   SimpleTest.finish();
 }
 
 </script>
+</head>
+<body>
 </body>
 </html>
--- a/dom/workers/ServiceWorkerManager.cpp
+++ b/dom/workers/ServiceWorkerManager.cpp
@@ -41,17 +41,16 @@
 #include "mozilla/dom/NotificationEvent.h"
 #include "mozilla/dom/PromiseNativeHandler.h"
 #include "mozilla/dom/Request.h"
 #include "mozilla/dom/RootedDictionary.h"
 #include "mozilla/ipc/BackgroundChild.h"
 #include "mozilla/ipc/PBackgroundChild.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/unused.h"
-#include "mozilla/EnumSet.h"
 
 #include "nsContentUtils.h"
 #include "nsGlobalWindow.h"
 #include "nsNetUtil.h"
 #include "nsIURL.h"
 #include "nsProxyRelease.h"
 #include "nsQueryObject.h"
 #include "nsTArray.h"
@@ -4053,19 +4052,16 @@ NS_IMETHODIMP
 ServiceWorkerManager::CreateServiceWorker(nsIPrincipal* aPrincipal,
                                           ServiceWorkerInfo* aInfo,
                                           nsIRunnable* aLoadFailedRunnable,
                                           ServiceWorker** aServiceWorker)
 {
   AssertIsOnMainThread();
   MOZ_ASSERT(aPrincipal);
 
-  // Ensure that the IndexedDatabaseManager is initialized
-  NS_WARN_IF(!indexedDB::IndexedDatabaseManager::GetOrCreate());
-
   WorkerLoadInfo info;
   nsresult rv = NS_NewURI(getter_AddRefs(info.mBaseURI), aInfo->ScriptSpec(),
                           nullptr, nullptr);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   info.mResolvedScriptURI = info.mBaseURI;
@@ -4075,22 +4071,19 @@ ServiceWorkerManager::CreateServiceWorke
 
   rv = info.mBaseURI->GetHost(info.mDomain);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   info.mPrincipal = aPrincipal;
 
-  nsContentUtils::StorageAccess access =
-    nsContentUtils::StorageAllowedForPrincipal(aPrincipal);
-  info.mStorageAllowed =
-    access > nsContentUtils::StorageAccess::ePrivateBrowsing;
-
-  info.mPrivateBrowsing = false;
+  info.mIndexedDBAllowed =
+    indexedDB::IDBFactory::AllowedForPrincipal(aPrincipal);
+   info.mPrivateBrowsing = false;
 
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   rv = aPrincipal->GetCsp(getter_AddRefs(csp));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   info.mCSP = csp;
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -2176,17 +2176,17 @@ WorkerLoadInfo::WorkerLoadInfo()
   , mServiceWorkerID(0)
   , mFromWindow(false)
   , mEvalAllowed(false)
   , mReportCSPViolations(false)
   , mXHRParamsAllowed(false)
   , mPrincipalIsSystem(false)
   , mIsInPrivilegedApp(false)
   , mIsInCertifiedApp(false)
-  , mStorageAllowed(false)
+  , mIndexedDBAllowed(false)
   , mPrivateBrowsing(true)
   , mServiceWorkersTestingInWindow(false)
 {
   MOZ_COUNT_CTOR(WorkerLoadInfo);
 }
 
 WorkerLoadInfo::~WorkerLoadInfo()
 {
@@ -2235,17 +2235,17 @@ WorkerLoadInfo::StealFrom(WorkerLoadInfo
   mServiceWorkerID = aOther.mServiceWorkerID;
   mFromWindow = aOther.mFromWindow;
   mEvalAllowed = aOther.mEvalAllowed;
   mReportCSPViolations = aOther.mReportCSPViolations;
   mXHRParamsAllowed = aOther.mXHRParamsAllowed;
   mPrincipalIsSystem = aOther.mPrincipalIsSystem;
   mIsInPrivilegedApp = aOther.mIsInPrivilegedApp;
   mIsInCertifiedApp = aOther.mIsInCertifiedApp;
-  mStorageAllowed = aOther.mStorageAllowed;
+  mIndexedDBAllowed = aOther.mIndexedDBAllowed;
   mPrivateBrowsing = aOther.mPrivateBrowsing;
   mServiceWorkersTestingInWindow = aOther.mServiceWorkersTestingInWindow;
 }
 
 template <class Derived>
 class WorkerPrivateParent<Derived>::EventTarget final
   : public nsIEventTarget
 {
@@ -4802,26 +4802,23 @@ WorkerPrivate::GetLoadInfo(JSContext* aC
         NS_WARNING("Failed to proxy release of channel, leaking instead!");
       }
       return NS_ERROR_FAILURE;
     }
 
     loadInfo.mDomain = aParent->Domain();
     loadInfo.mFromWindow = aParent->IsFromWindow();
     loadInfo.mWindowID = aParent->WindowID();
-    loadInfo.mStorageAllowed = aParent->IsStorageAllowed();
+    loadInfo.mIndexedDBAllowed = aParent->IsIndexedDBAllowed();
     loadInfo.mPrivateBrowsing = aParent->IsInPrivateBrowsing();
     loadInfo.mServiceWorkersTestingInWindow =
       aParent->ServiceWorkersTestingInWindow();
   } else {
     AssertIsOnMainThread();
 
-    // Make sure that the IndexedDatabaseManager is set up
-    NS_WARN_IF(!indexedDB::IndexedDatabaseManager::GetOrCreate());
-
     nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
     MOZ_ASSERT(ssm);
 
     bool isChrome = nsContentUtils::IsCallerChrome();
 
     // First check to make sure the caller has permission to make a privileged
     // worker if they called the ChromeWorker/ChromeSharedWorker constructor.
     if (aIsChromeWorker && !isChrome) {
@@ -4930,19 +4927,17 @@ WorkerPrivate::GetLoadInfo(JSContext* aC
 
       uint16_t appStatus = loadInfo.mPrincipal->GetAppStatus();
       loadInfo.mIsInPrivilegedApp =
         (appStatus == nsIPrincipal::APP_STATUS_CERTIFIED ||
          appStatus == nsIPrincipal::APP_STATUS_PRIVILEGED);
       loadInfo.mIsInCertifiedApp = (appStatus == nsIPrincipal::APP_STATUS_CERTIFIED);
       loadInfo.mFromWindow = true;
       loadInfo.mWindowID = globalWindow->WindowID();
-      nsContentUtils::StorageAccess access =
-        nsContentUtils::StorageAllowedForWindow(globalWindow);
-      loadInfo.mStorageAllowed = access > nsContentUtils::StorageAccess::eDeny;
+      loadInfo.mIndexedDBAllowed = IDBFactory::AllowedForWindow(globalWindow);
       loadInfo.mPrivateBrowsing = nsContentUtils::IsInPrivateBrowsing(document);
     } else {
       // Not a window
       MOZ_ASSERT(isChrome);
 
       // We're being created outside of a window. Need to figure out the script
       // that is creating us in order for us to use relative URIs later on.
       JS::AutoFilename fileName;
@@ -4974,17 +4969,17 @@ WorkerPrivate::GetLoadInfo(JSContext* aC
         }
         if (NS_FAILED(rv)) {
           return rv;
         }
       }
       loadInfo.mXHRParamsAllowed = true;
       loadInfo.mFromWindow = false;
       loadInfo.mWindowID = UINT64_MAX;
-      loadInfo.mStorageAllowed = true;
+      loadInfo.mIndexedDBAllowed = true;
       loadInfo.mPrivateBrowsing = false;
     }
 
     MOZ_ASSERT(loadInfo.mPrincipal);
     MOZ_ASSERT(isChrome || !loadInfo.mDomain.IsEmpty());
 
     if (!nsContentUtils::GetContentSecurityPolicy(getter_AddRefs(loadInfo.mCSP))) {
       NS_WARNING("Failed to get CSP!");
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -764,19 +764,19 @@ public:
   uint64_t
   NextMessagePortSerial()
   {
     AssertIsOnMainThread();
     return mMessagePortSerial++;
   }
 
   bool
-  IsStorageAllowed() const
+  IsIndexedDBAllowed() const
   {
-    return mLoadInfo.mStorageAllowed;
+    return mLoadInfo.mIndexedDBAllowed;
   }
 
   bool
   IsInPrivateBrowsing() const
   {
     return mLoadInfo.mPrivateBrowsing;
   }
 
--- a/dom/workers/WorkerScope.cpp
+++ b/dom/workers/WorkerScope.cpp
@@ -353,19 +353,18 @@ WorkerGlobalScope::Fetch(const RequestOr
 already_AddRefed<IDBFactory>
 WorkerGlobalScope::GetIndexedDB(ErrorResult& aErrorResult)
 {
   mWorkerPrivate->AssertIsOnWorkerThread();
 
   nsRefPtr<IDBFactory> indexedDB = mIndexedDB;
 
   if (!indexedDB) {
-    if (!mWorkerPrivate->IsStorageAllowed()) {
+    if (!mWorkerPrivate->IsIndexedDBAllowed()) {
       NS_WARNING("IndexedDB is not allowed in this worker!");
-      aErrorResult = NS_ERROR_DOM_SECURITY_ERR;
       return nullptr;
     }
 
     JSContext* cx = mWorkerPrivate->GetJSContext();
     MOZ_ASSERT(cx);
 
     JS::Rooted<JSObject*> owningObject(cx, GetGlobalJSObject());
     MOZ_ASSERT(owningObject);
--- a/dom/workers/Workers.h
+++ b/dom/workers/Workers.h
@@ -268,17 +268,17 @@ struct WorkerLoadInfo
 
   bool mFromWindow;
   bool mEvalAllowed;
   bool mReportCSPViolations;
   bool mXHRParamsAllowed;
   bool mPrincipalIsSystem;
   bool mIsInPrivilegedApp;
   bool mIsInCertifiedApp;
-  bool mStorageAllowed;
+  bool mIndexedDBAllowed;
   bool mPrivateBrowsing;
   bool mServiceWorkersTestingInWindow;
 
   WorkerLoadInfo();
   ~WorkerLoadInfo();
 
   void StealFrom(WorkerLoadInfo& aOther);
 };