Backed out 7 changesets (bug 1535697) for causing Bug 1547596. a=backout
authorGurzau Raul <rgurzau@mozilla.com>
Mon, 29 Apr 2019 01:05:24 +0300
changeset 471712 588535ba7633dee062173d41059b403fd3939e4e
parent 471706 54cbb3745cdb9a8aa0a4428d405b3b2e1c7d13c2
child 471715 2a26f848ec318a586ebe478651b0e20d72afc337
push id112942
push usercsabou@mozilla.com
push dateMon, 29 Apr 2019 09:58:27 +0000
treeherdermozilla-inbound@75a329d3bce4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbackout
bugs1535697, 1547596
milestone68.0a1
backs out037390836504bc52a3470027aa3015b476e6147c
ebad998aae7a830bb12a2093118d61c8fa40fb97
969945148b3d02410e597f8b3edce3960d3f20d7
5cbdeb635a3e0cefdcf4c420a05a031c4589f408
c316d49df8c431e91f517df6cb73eafea94137b0
4a5475f6aa49355764baae0ac04d56e6f1ed9f60
9191d987a9e12d16651aef4978cb7b59d6dc9bb8
first release with
nightly linux32
588535ba7633 / 68.0a1 / 20190428221317 / files
nightly linux64
588535ba7633 / 68.0a1 / 20190428221317 / files
nightly mac
588535ba7633 / 68.0a1 / 20190428221317 / files
nightly win32
588535ba7633 / 68.0a1 / 20190428221317 / files
nightly win64
588535ba7633 / 68.0a1 / 20190428221317 / files
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
releases
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out 7 changesets (bug 1535697) for causing Bug 1547596. a=backout Backed out changeset 037390836504 (bug 1535697) Backed out changeset ebad998aae7a (bug 1535697) Backed out changeset 969945148b3d (bug 1535697) Backed out changeset 5cbdeb635a3e (bug 1535697) Backed out changeset c316d49df8c4 (bug 1535697) Backed out changeset 4a5475f6aa49 (bug 1535697) Backed out changeset 9191d987a9e1 (bug 1535697)
netwerk/protocol/http/AlternateServices.cpp
netwerk/protocol/http/AlternateServices.h
netwerk/protocol/http/Http2Session.cpp
netwerk/protocol/http/nsHttpChannel.cpp
netwerk/protocol/http/nsHttpChannel.h
netwerk/protocol/http/nsHttpConnectionInfo.cpp
netwerk/protocol/http/nsHttpConnectionInfo.h
netwerk/protocol/http/nsHttpConnectionMgr.cpp
netwerk/protocol/http/nsHttpHandler.cpp
toolkit/components/antitracking/test/browser/browser_tlsSessionTickets.js
--- a/netwerk/protocol/http/AlternateServices.cpp
+++ b/netwerk/protocol/http/AlternateServices.cpp
@@ -46,18 +46,18 @@ static nsresult SchemeIsHTTPS(const nsAC
 
 bool AltSvcMapping::AcceptableProxy(nsProxyInfo *proxyInfo) {
   return !proxyInfo || proxyInfo->IsDirect() || proxyInfo->IsSOCKS();
 }
 
 void AltSvcMapping::ProcessHeader(
     const nsCString &buf, const nsCString &originScheme,
     const nsCString &originHost, int32_t originPort, const nsACString &username,
-    const nsACString &topWindowOrigin, bool privateBrowsing,
-    nsIInterfaceRequestor *callbacks, nsProxyInfo *proxyInfo, uint32_t caps,
+    bool privateBrowsing, nsIInterfaceRequestor *callbacks,
+    nsProxyInfo *proxyInfo, uint32_t caps,
     const OriginAttributes &originAttributes) {
   MOZ_ASSERT(NS_IsMainThread());
   LOG(("AltSvcMapping::ProcessHeader: %s\n", buf.get()));
   if (!callbacks) {
     return;
   }
 
   if (!AcceptableProxy(proxyInfo)) {
@@ -140,18 +140,18 @@ void AltSvcMapping::ProcessHeader(
           spdyInfo->ProtocolEnabled(spdyIndex))) {
       LOG(("Alt Svc unknown protocol %s, ignoring", npnToken.get()));
       continue;
     }
 
     RefPtr<AltSvcMapping> mapping = new AltSvcMapping(
         gHttpHandler->ConnMgr()->GetStoragePtr(),
         gHttpHandler->ConnMgr()->StorageEpoch(), originScheme, originHost,
-        originPort, username, topWindowOrigin, privateBrowsing,
-        NowInSeconds() + maxage, hostname, portno, npnToken, originAttributes);
+        originPort, username, privateBrowsing, NowInSeconds() + maxage,
+        hostname, portno, npnToken, originAttributes);
     if (mapping->TTL() <= 0) {
       LOG(("Alt Svc invalid map"));
       mapping = nullptr;
       // since this isn't a parse error, let's clear any existing mapping
       // as that would have happened if we had accepted the parameters.
       gHttpHandler->ConnMgr()->ClearHostMapping(originHost, originPort,
                                                 originAttributes);
     } else {
@@ -164,30 +164,28 @@ void AltSvcMapping::ProcessHeader(
     Telemetry::Accumulate(Telemetry::HTTP_ALTSVC_ENTRIES_PER_HEADER,
                           numEntriesInHeader);
   }
 }
 
 AltSvcMapping::AltSvcMapping(DataStorage *storage, int32_t epoch,
                              const nsACString &originScheme,
                              const nsACString &originHost, int32_t originPort,
-                             const nsACString &username,
-                             const nsACString &topWindowOrigin,
-                             bool privateBrowsing, uint32_t expiresAt,
+                             const nsACString &username, bool privateBrowsing,
+                             uint32_t expiresAt,
                              const nsACString &alternateHost,
                              int32_t alternatePort, const nsACString &npnToken,
                              const OriginAttributes &originAttributes)
     : mStorage(storage),
       mStorageEpoch(epoch),
       mAlternateHost(alternateHost),
       mAlternatePort(alternatePort),
       mOriginHost(originHost),
       mOriginPort(originPort),
       mUsername(username),
-      mTopWindowOrigin(topWindowOrigin),
       mPrivate(privateBrowsing),
       mExpiresAt(expiresAt),
       mValidated(false),
       mMixedScheme(false),
       mNPNToken(npnToken),
       mOriginAttributes(originAttributes),
       mSyncOnlyOnSuccess(false) {
   MOZ_ASSERT(NS_IsMainThread());
@@ -307,18 +305,18 @@ bool AltSvcMapping::RouteEquals(AltSvcMa
          (mAlternatePort == map->mAlternatePort) &&
          mNPNToken.Equals(map->mNPNToken);
 }
 
 void AltSvcMapping::GetConnectionInfo(
     nsHttpConnectionInfo **outCI, nsProxyInfo *pi,
     const OriginAttributes &originAttributes) {
   RefPtr<nsHttpConnectionInfo> ci = new nsHttpConnectionInfo(
-      mOriginHost, mOriginPort, mNPNToken, mUsername, mTopWindowOrigin, pi,
-      originAttributes, mAlternateHost, mAlternatePort);
+      mOriginHost, mOriginPort, mNPNToken, mUsername, pi, originAttributes,
+      mAlternateHost, mAlternatePort);
 
   // http:// without the mixed-scheme attribute needs to be segmented in the
   // connection manager connection information hash with this attribute
   if (!mHttps && !mMixedScheme) {
     ci->SetInsecureScheme(true);
   }
   ci->SetPrivate(mPrivate);
   ci.forget(outCI);
@@ -331,18 +329,16 @@ void AltSvcMapping::Serialize(nsCString 
   out.AppendInt(mOriginPort);
   out.Append(':');
   out.Append(mAlternateHost);
   out.Append(':');
   out.AppendInt(mAlternatePort);
   out.Append(':');
   out.Append(mUsername);
   out.Append(':');
-  out.Append(mTopWindowOrigin);
-  out.Append('|');  // Be careful, the top window origin may contain colons!
   out.Append(mPrivate ? 'y' : 'n');
   out.Append(':');
   out.AppendInt(mExpiresAt);
   out.Append(':');
   out.Append(mNPNToken);
   out.Append(':');
   out.Append(mValidated ? 'y' : 'n');
   out.Append(':');
@@ -356,51 +352,44 @@ void AltSvcMapping::Serialize(nsCString 
   out.Append(':');
 }
 
 AltSvcMapping::AltSvcMapping(DataStorage *storage, int32_t epoch,
                              const nsCString &str)
     : mStorage(storage), mStorageEpoch(epoch), mSyncOnlyOnSuccess(false) {
   mValidated = false;
   nsresult code;
-  char separator = ':';
 
   // The the do {} while(0) loop acts like try/catch(e){} with the break in
   // _NS_NEXT_TOKEN
   do {
 #ifdef _NS_NEXT_TOKEN
     COMPILER ERROR
 #endif
-#define _NS_NEXT_TOKEN                  \
-  start = idx + 1;                      \
-  idx = str.FindChar(separator, start); \
+#define _NS_NEXT_TOKEN            \
+  start = idx + 1;                \
+  idx = str.FindChar(':', start); \
   if (idx < 0) break;
         int32_t start = 0;
     int32_t idx;
-    idx = str.FindChar(separator, start);
+    idx = str.FindChar(':', start);
     if (idx < 0) break;
     mHttps = Substring(str, start, idx - start).EqualsLiteral("https");
     _NS_NEXT_TOKEN;
     mOriginHost = Substring(str, start, idx - start);
     _NS_NEXT_TOKEN;
     mOriginPort =
         nsCString(Substring(str, start, idx - start)).ToInteger(&code);
     _NS_NEXT_TOKEN;
     mAlternateHost = Substring(str, start, idx - start);
     _NS_NEXT_TOKEN;
     mAlternatePort =
         nsCString(Substring(str, start, idx - start)).ToInteger(&code);
     _NS_NEXT_TOKEN;
     mUsername = Substring(str, start, idx - start);
-    // The separator after the top window origin is a pipe character since the
-    // origin string can contain colons.
-    separator = '|';
-    _NS_NEXT_TOKEN;
-    mTopWindowOrigin = Substring(str, start, idx - start);
-    separator = ':';
     _NS_NEXT_TOKEN;
     mPrivate = Substring(str, start, idx - start).EqualsLiteral("y");
     _NS_NEXT_TOKEN;
     mExpiresAt = nsCString(Substring(str, start, idx - start)).ToInteger(&code);
     _NS_NEXT_TOKEN;
     mNPNToken = Substring(str, start, idx - start);
     _NS_NEXT_TOKEN;
     mValidated = Substring(str, start, idx - start).EqualsLiteral("y");
--- a/netwerk/protocol/http/AlternateServices.h
+++ b/netwerk/protocol/http/AlternateServices.h
@@ -44,30 +44,28 @@ class WellKnownChecker;
 
 class AltSvcMapping {
   NS_INLINE_DECL_THREADSAFE_REFCOUNTING(AltSvcMapping)
 
  private:  // ctor from ProcessHeader
   AltSvcMapping(DataStorage *storage, int32_t storageEpoch,
                 const nsACString &originScheme, const nsACString &originHost,
                 int32_t originPort, const nsACString &username,
-                const nsACString &topWindowOrigin, bool privateBrowsing,
-                uint32_t expiresAt, const nsACString &alternateHost,
-                int32_t alternatePort, const nsACString &npnToken,
+                bool privateBrowsing, uint32_t expiresAt,
+                const nsACString &alternateHost, int32_t alternatePort,
+                const nsACString &npnToken,
                 const OriginAttributes &originAttributes);
 
  public:
   AltSvcMapping(DataStorage *storage, int32_t storageEpoch,
                 const nsCString &serialized);
 
   static void ProcessHeader(const nsCString &buf, const nsCString &originScheme,
                             const nsCString &originHost, int32_t originPort,
-                            const nsACString &username,
-                            const nsACString &topWindowOrigin,
-                            bool privateBrowsing,
+                            const nsACString &username, bool privateBrowsing,
                             nsIInterfaceRequestor *callbacks,
                             nsProxyInfo *proxyInfo, uint32_t caps,
                             const OriginAttributes &originAttributes);
 
   // AcceptableProxy() decides whether a particular proxy configuration (pi) is
   // suitable for use with Alt-Svc. No proxy (including a null pi) is suitable.
   static bool AcceptableProxy(nsProxyInfo *pi);
 
@@ -112,17 +110,16 @@ class AltSvcMapping {
   // If you change any of these members, update Serialize()
   nsCString mAlternateHost;
   MOZ_INIT_OUTSIDE_CTOR int32_t mAlternatePort;
 
   nsCString mOriginHost;
   MOZ_INIT_OUTSIDE_CTOR int32_t mOriginPort;
 
   nsCString mUsername;
-  nsCString mTopWindowOrigin;
   MOZ_INIT_OUTSIDE_CTOR bool mPrivate;
 
   MOZ_INIT_OUTSIDE_CTOR uint32_t mExpiresAt;  // alt-svc mappping
 
   MOZ_INIT_OUTSIDE_CTOR bool mValidated;
   MOZ_INIT_OUTSIDE_CTOR bool mHttps;  // origin is https://
   MOZ_INIT_OUTSIDE_CTOR bool
       mMixedScheme;  // .wk allows http and https on same con
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -2511,20 +2511,20 @@ class UpdateAltSvcEvent : public Runnabl
     if (NS_FAILED(NS_NewURI(getter_AddRefs(uri), mOrigin))) {
       LOG(("UpdateAltSvcEvent origin does not parse %s\n", mOrigin.get()));
       return NS_OK;
     }
     uri->GetScheme(originScheme);
     uri->GetHost(originHost);
     uri->GetPort(&originPort);
 
-    AltSvcMapping::ProcessHeader(
-        mHeader, originScheme, originHost, originPort, mCI->GetUsername(),
-        mCI->GetTopWindowOrigin(), mCI->GetPrivate(), mCallbacks,
-        mCI->ProxyInfo(), 0, mCI->GetOriginAttributes());
+    AltSvcMapping::ProcessHeader(mHeader, originScheme, originHost, originPort,
+                                 mCI->GetUsername(), mCI->GetPrivate(),
+                                 mCallbacks, mCI->ProxyInfo(), 0,
+                                 mCI->GetOriginAttributes());
     return NS_OK;
   }
 
  private:
   nsCString mHeader;
   nsCString mOrigin;
   RefPtr<nsHttpConnectionInfo> mCI;
   nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -329,19 +329,16 @@ nsHttpChannel::nsHttpChannel()
       mHasAutoRedirectVetoNotifier(0),
       mPinCacheContent(0),
       mIsCorsPreflightDone(0),
       mStronglyFramed(false),
       mUsedNetwork(0),
       mAuthConnectionRestartable(0),
       mChannelClassifierCancellationPending(0),
       mAsyncResumePending(0),
-      mHasBeenIsolatedChecked(0),
-      mIsIsolated(0),
-      mTopWindowOriginComputed(0),
       mPushedStream(nullptr),
       mLocalBlocklist(false),
       mOnTailUnblock(nullptr),
       mWarningReporter(nullptr),
       mIsReadingFromCache(false),
       mFirstResponseSource(RESPONSE_PENDING),
       mRaceCacheWithNetwork(false),
       mRaceDelay(0),
@@ -623,20 +620,23 @@ nsresult nsHttpChannel::ContinueOnBefore
   if (mTRR) {
     mCaps |= NS_HTTP_LARGE_KEEPALIVE | NS_HTTP_DISABLE_TRR;
   }
 
   if (mLoadFlags & LOAD_DISABLE_TRR) {
     mCaps |= NS_HTTP_DISABLE_TRR;
   }
 
+  bool isIsolated = mPrivateBrowsing ||
+                    !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+                        this, mURI, nullptr);
+
   // Finalize ConnectionInfo flags before SpeculativeConnect
   mConnectionInfo->SetAnonymous((mLoadFlags & LOAD_ANONYMOUS) != 0);
-  mConnectionInfo->SetPrivate(mPrivateBrowsing);
-  mConnectionInfo->SetIsolated(IsIsolated());
+  mConnectionInfo->SetPrivate(isIsolated);
   mConnectionInfo->SetNoSpdy(mCaps & NS_HTTP_DISALLOW_SPDY);
   mConnectionInfo->SetBeConservative((mCaps & NS_HTTP_BE_CONSERVATIVE) ||
                                      mBeConservative);
   mConnectionInfo->SetTlsFlags(mTlsFlags);
   mConnectionInfo->SetTrrUsed(mTRR);
   mConnectionInfo->SetTrrDisabled(mCaps & NS_HTTP_DISABLE_TRR);
   mConnectionInfo->SetIPv4Disabled(mCaps & NS_HTTP_DISABLE_IPV4);
   mConnectionInfo->SetIPv6Disabled(mCaps & NS_HTTP_DISABLE_IPV6);
@@ -2363,20 +2363,19 @@ void nsHttpChannel::ProcessAltService() 
                                          getter_AddRefs(callbacks));
   if (mProxyInfo) {
     proxyInfo = do_QueryInterface(mProxyInfo);
   }
 
   OriginAttributes originAttributes;
   NS_GetOriginAttributes(this, originAttributes);
 
-  AltSvcMapping::ProcessHeader(altSvc, scheme, originHost, originPort,
-                               mUsername, GetTopWindowOrigin(),
-                               mPrivateBrowsing, callbacks, proxyInfo,
-                               mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
+  AltSvcMapping::ProcessHeader(
+      altSvc, scheme, originHost, originPort, mUsername, mPrivateBrowsing,
+      callbacks, proxyInfo, mCaps & NS_HTTP_DISALLOW_SPDY, originAttributes);
 }
 
 nsresult nsHttpChannel::ProcessResponse() {
   uint32_t httpStatus = mResponseHead->Status();
 
   LOG(("nsHttpChannel::ProcessResponse [this=%p httpStatus=%u]\n", this,
        httpStatus));
 
@@ -3891,52 +3890,16 @@ nsresult nsHttpChannel::OpenCacheEntry(b
     if (appCacheContainer) {
       appCacheContainer->GetApplicationCache(getter_AddRefs(mApplicationCache));
     }
   }
 
   return OpenCacheEntryInternal(isHttps, mApplicationCache, true);
 }
 
-bool nsHttpChannel::IsIsolated() {
-  if (mHasBeenIsolatedChecked) {
-    return mIsIsolated;
-  }
-  mIsIsolated = IsThirdPartyTrackingResource() &&
-                !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-                    this, mURI, nullptr);
-  mHasBeenIsolatedChecked = true;
-  return mIsIsolated;
-}
-
-const nsCString &nsHttpChannel::GetTopWindowOrigin() {
-  if (mTopWindowOriginComputed) {
-    return mTopWindowOrigin;
-  }
-
-  nsCOMPtr<nsIURI> topWindowURI;
-  nsresult rv = GetTopWindowURI(getter_AddRefs(topWindowURI));
-  bool isDocument = false;
-  if (NS_FAILED(rv) && NS_SUCCEEDED(GetIsMainDocumentChannel(&isDocument)) &&
-      isDocument) {
-    // For top-level documents, use the document channel's origin to compute
-    // the unique storage space identifier instead of the top Window URI.
-    rv = NS_GetFinalChannelURI(this, getter_AddRefs(topWindowURI));
-    NS_ENSURE_SUCCESS(rv, mTopWindowOrigin);
-  }
-
-  rv = nsContentUtils::GetASCIIOrigin(topWindowURI ? topWindowURI : mURI,
-                                      mTopWindowOrigin);
-  NS_ENSURE_SUCCESS(rv, mTopWindowOrigin);
-
-  mTopWindowOriginComputed = true;
-
-  return mTopWindowOrigin;
-}
-
 nsresult nsHttpChannel::OpenCacheEntryInternal(
     bool isHttps, nsIApplicationCache *applicationCache,
     bool allowApplicationCache) {
   MOZ_ASSERT_IF(!allowApplicationCache, !applicationCache);
 
   nsresult rv;
 
   if (mResuming) {
@@ -4046,24 +4009,37 @@ nsresult nsHttpChannel::OpenCacheEntryIn
 
   if (mPostID) {
     extension.Append(nsPrintfCString("%d", mPostID));
   }
   if (mTRR) {
     extension.Append("TRR");
   }
 
-  if (IsIsolated()) {
-    auto &topWindowOrigin = GetTopWindowOrigin();
-    if (topWindowOrigin.IsEmpty()) {
-      return NS_ERROR_FAILURE;
-    }
+  if (IsThirdPartyTrackingResource() &&
+      !AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(this, mURI,
+                                                               nullptr)) {
+    nsCOMPtr<nsIURI> topWindowURI;
+    rv = GetTopWindowURI(getter_AddRefs(topWindowURI));
+    bool isDocument = false;
+    if (NS_FAILED(rv) && NS_SUCCEEDED(GetIsMainDocumentChannel(&isDocument)) &&
+        isDocument) {
+      // For top-level documents, use the document channel's origin to compute
+      // the unique storage space identifier instead of the top Window URI.
+      rv = NS_GetFinalChannelURI(this, getter_AddRefs(topWindowURI));
+      NS_ENSURE_SUCCESS(rv, rv);
+    }
+
+    nsAutoString topWindowOrigin;
+    rv = nsContentUtils::GetUTFOrigin(topWindowURI ? topWindowURI : mURI,
+                                      topWindowOrigin);
+    NS_ENSURE_SUCCESS(rv, rv);
 
     extension.Append("-unique:");
-    extension.Append(topWindowOrigin);
+    extension.Append(NS_ConvertUTF16toUTF8(topWindowOrigin));
   }
 
   mCacheOpenWithPriority = cacheEntryOpenFlags & nsICacheStorage::OPEN_PRIORITY;
   mCacheQueueSizeWhenOpen =
       CacheStorageService::CacheQueueSize(mCacheOpenWithPriority);
 
   if (sRCWNEnabled && maybeRCWN && !mApplicationCacheForWrite) {
     bool hasAltData = false;
@@ -6560,19 +6536,19 @@ nsresult nsHttpChannel::BeginConnect() {
   mRequestHead.SetOrigin(scheme, host, port);
 
   SetOriginHeader();
   SetDoNotTrack();
 
   OriginAttributes originAttributes;
   NS_GetOriginAttributes(this, originAttributes);
 
-  RefPtr<nsHttpConnectionInfo> connInfo = new nsHttpConnectionInfo(
-      host, port, EmptyCString(), mUsername, GetTopWindowOrigin(), proxyInfo,
-      originAttributes, isHttps);
+  RefPtr<nsHttpConnectionInfo> connInfo =
+      new nsHttpConnectionInfo(host, port, EmptyCString(), mUsername, proxyInfo,
+                               originAttributes, isHttps);
   mAllowAltSvc = (mAllowAltSvc && !gHttpHandler->IsSpdyBlacklisted(connInfo));
 
   RefPtr<AltSvcMapping> mapping;
   if (!mConnectionInfo && mAllowAltSvc &&  // per channel
       !(mLoadFlags & LOAD_FRESH_CONNECTION) &&
       AltSvcMapping::AcceptableProxy(proxyInfo) &&
       (scheme.EqualsLiteral("http") || scheme.EqualsLiteral("https")) &&
       (mapping = gHttpHandler->GetAltServiceMapping(
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@@ -541,20 +541,16 @@ class nsHttpChannel final : public HttpB
 
   void MaybeWarnAboutAppCache();
 
   void SetLoadGroupUserAgentOverride();
 
   void SetOriginHeader();
   void SetDoNotTrack();
 
-  bool IsIsolated();
-
-  const nsCString &GetTopWindowOrigin();
-
   already_AddRefed<nsChannelClassifier> GetOrCreateChannelClassifier();
 
   // Start an internal redirect to a new InterceptedHttpChannel which will
   // resolve in firing a ServiceWorker FetchEvent.
   MOZ_MUST_USE nsresult RedirectToInterceptedChannel();
 
   // Determines and sets content type in the cache entry. It's called when
   // writing a new entry. The content type is used in cache internally only.
@@ -717,31 +713,16 @@ class nsHttpChannel final : public HttpB
   // to the safe-browsing classifier rules, but the asynchronous cancellation
   // process hasn't finished yet.
   uint32_t mChannelClassifierCancellationPending : 1;
 
   // True only when we are between Resume and async fire of mCallOnResume.
   // Used to suspend any newly created pumps in mCallOnResume handler.
   uint32_t mAsyncResumePending : 1;
 
-  // True only when we have checked whether this channel has been isolated for
-  // anti-tracking purposes.
-  uint32_t mHasBeenIsolatedChecked : 1;
-  // True only when we have determined this channel should be isolated for
-  // anti-tracking purposes.  Can never ben true unless mHasBeenIsolatedChecked
-  // is true.
-  uint32_t mIsIsolated : 1;
-
-  // True only when we have computed the value of the top window origin.
-  uint32_t mTopWindowOriginComputed : 1;
-
-  // The origin of the top window, only valid when mTopWindowOriginComputed is
-  // true.
-  nsCString mTopWindowOrigin;
-
   nsTArray<nsContinueRedirectionFunc> mRedirectFuncStack;
 
   // Needed for accurate DNS timing
   RefPtr<nsDNSPrefetch> mDNSPrefetch;
 
   Http2PushedStream *mPushedStream;
   // True if the channel's principal was found on a phishing, malware, or
   // tracking (if tracking protection is enabled) blocklist
--- a/netwerk/protocol/http/nsHttpConnectionInfo.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionInfo.cpp
@@ -38,70 +38,48 @@ static nsresult SHA256(const char *aPlai
 }
 
 namespace mozilla {
 namespace net {
 
 nsHttpConnectionInfo::nsHttpConnectionInfo(
     const nsACString &originHost, int32_t originPort,
     const nsACString &npnToken, const nsACString &username,
-    const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
-    const OriginAttributes &originAttributes, bool endToEndSSL, bool isolated)
-    : mRoutedPort(443), mIsolated(isolated), mLessThanTls13(false) {
-  Init(originHost, originPort, npnToken, username, topWindowOrigin, proxyInfo,
-       originAttributes, endToEndSSL);
+    nsProxyInfo *proxyInfo, const OriginAttributes &originAttributes,
+    bool endToEndSSL)
+    : mRoutedPort(443), mLessThanTls13(false) {
+  Init(originHost, originPort, npnToken, username, proxyInfo, originAttributes,
+       endToEndSSL);
 }
 
 nsHttpConnectionInfo::nsHttpConnectionInfo(
     const nsACString &originHost, int32_t originPort,
     const nsACString &npnToken, const nsACString &username,
-    const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
-    const OriginAttributes &originAttributes, bool endToEndSSL)
-    : nsHttpConnectionInfo(originHost, originPort, npnToken, username,
-                           topWindowOrigin, proxyInfo, originAttributes,
-                           endToEndSSL, false) {}
-
-nsHttpConnectionInfo::nsHttpConnectionInfo(
-    const nsACString &originHost, int32_t originPort,
-    const nsACString &npnToken, const nsACString &username,
-    const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
-    const OriginAttributes &originAttributes, const nsACString &routedHost,
-    int32_t routedPort, bool isolated)
-    : mIsolated(isolated), mLessThanTls13(false) {
+    nsProxyInfo *proxyInfo, const OriginAttributes &originAttributes,
+    const nsACString &routedHost, int32_t routedPort)
+    : mLessThanTls13(false) {
   mEndToEndSSL = true;  // so DefaultPort() works
   mRoutedPort = routedPort == -1 ? DefaultPort() : routedPort;
 
   if (!originHost.Equals(routedHost) || (originPort != routedPort)) {
     mRoutedHost = routedHost;
   }
-  Init(originHost, originPort, npnToken, username, topWindowOrigin, proxyInfo,
-       originAttributes, true);
+  Init(originHost, originPort, npnToken, username, proxyInfo, originAttributes,
+       true);
 }
 
-nsHttpConnectionInfo::nsHttpConnectionInfo(
-    const nsACString &originHost, int32_t originPort,
-    const nsACString &npnToken, const nsACString &username,
-    const nsACString &topWindowOrigin, nsProxyInfo *proxyInfo,
-    const OriginAttributes &originAttributes, const nsACString &routedHost,
-    int32_t routedPort)
-    : nsHttpConnectionInfo(originHost, originPort, npnToken, username,
-                           topWindowOrigin, proxyInfo, originAttributes,
-                           routedHost, routedPort, false) {}
-
 void nsHttpConnectionInfo::Init(const nsACString &host, int32_t port,
                                 const nsACString &npnToken,
                                 const nsACString &username,
-                                const nsACString &topWindowOrigin,
                                 nsProxyInfo *proxyInfo,
                                 const OriginAttributes &originAttributes,
                                 bool e2eSSL) {
   LOG(("Init nsHttpConnectionInfo @%p\n", this));
 
   mUsername = username;
-  mTopWindowOrigin = topWindowOrigin;
   mProxyInfo = proxyInfo;
   mEndToEndSSL = e2eSSL;
   mUsingConnect = false;
   mNPNToken = npnToken;
   mOriginAttributes = originAttributes;
   mTlsFlags = 0x0;
   mTrrUsed = false;
   mTrrDisabled = false;
@@ -148,22 +126,18 @@ void nsHttpConnectionInfo::BuildHashKey(
   // The hashkey has 4 fields followed by host connection info
   // byte 0 is P/T/. {P,T} for Plaintext/TLS Proxy over HTTP
   // byte 1 is S/. S is for end to end ssl such as https:// uris
   // byte 2 is A/. A is for an anonymous channel (no cookies, etc..)
   // byte 3 is P/. P is for a private browising channel
   // byte 4 is I/. I is for insecure scheme on TLS for http:// uris
   // byte 5 is X/. X is for disallow_spdy flag
   // byte 6 is C/. C is for be Conservative
-  // byte 7 is i/. i is for isolated
 
-  mHashKey.AssignLiteral("........[tlsflags0x00000000]");
-  if (mIsolated) {
-    mHashKey.SetCharAt('i', 7);
-  }
+  mHashKey.AssignLiteral(".......[tlsflags0x00000000]");
 
   mHashKey.Append(keyHost);
   mHashKey.Append(':');
   mHashKey.AppendInt(keyPort);
   if (!mUsername.IsEmpty()) {
     mHashKey.Append('[');
     mHashKey.Append(mUsername);
     mHashKey.Append(']');
@@ -239,47 +213,39 @@ void nsHttpConnectionInfo::BuildHashKey(
   if (GetIPv4Disabled()) {
     mHashKey.AppendLiteral("[!v4]");
   }
 
   if (GetIPv6Disabled()) {
     mHashKey.AppendLiteral("[!v6]");
   }
 
-  if (mIsolated && !mTopWindowOrigin.IsEmpty()) {
-    mHashKey.Append('{');
-    mHashKey.Append('{');
-    mHashKey.Append(mTopWindowOrigin);
-    mHashKey.Append('}');
-    mHashKey.Append('}');
-  }
-
   nsAutoCString originAttributes;
   mOriginAttributes.CreateSuffix(originAttributes);
   mHashKey.Append(originAttributes);
 }
 
 void nsHttpConnectionInfo::SetOriginServer(const nsACString &host,
                                            int32_t port) {
   mOrigin = host;
   mOriginPort = port == -1 ? DefaultPort() : port;
   BuildHashKey();
 }
 
 already_AddRefed<nsHttpConnectionInfo> nsHttpConnectionInfo::Clone() const {
   RefPtr<nsHttpConnectionInfo> clone;
   if (mRoutedHost.IsEmpty()) {
-    clone = new nsHttpConnectionInfo(
-        mOrigin, mOriginPort, mNPNToken, mUsername, mTopWindowOrigin,
-        mProxyInfo, mOriginAttributes, mEndToEndSSL, mIsolated);
+    clone =
+        new nsHttpConnectionInfo(mOrigin, mOriginPort, mNPNToken, mUsername,
+                                 mProxyInfo, mOriginAttributes, mEndToEndSSL);
   } else {
     MOZ_ASSERT(mEndToEndSSL);
-    clone = new nsHttpConnectionInfo(
-        mOrigin, mOriginPort, mNPNToken, mUsername, mTopWindowOrigin,
-        mProxyInfo, mOriginAttributes, mRoutedHost, mRoutedPort, mIsolated);
+    clone = new nsHttpConnectionInfo(mOrigin, mOriginPort, mNPNToken, mUsername,
+                                     mProxyInfo, mOriginAttributes, mRoutedHost,
+                                     mRoutedPort);
   }
 
   // Make sure the anonymous, insecure-scheme, and private flags are transferred
   clone->SetAnonymous(GetAnonymous());
   clone->SetPrivate(GetPrivate());
   clone->SetInsecureScheme(GetInsecureScheme());
   clone->SetNoSpdy(GetNoSpdy());
   clone->SetBeConservative(GetBeConservative());
@@ -295,19 +261,19 @@ already_AddRefed<nsHttpConnectionInfo> n
 
 void nsHttpConnectionInfo::CloneAsDirectRoute(nsHttpConnectionInfo **outCI) {
   if (mRoutedHost.IsEmpty()) {
     RefPtr<nsHttpConnectionInfo> clone = Clone();
     clone.forget(outCI);
     return;
   }
 
-  RefPtr<nsHttpConnectionInfo> clone = new nsHttpConnectionInfo(
-      mOrigin, mOriginPort, EmptyCString(), mUsername, mTopWindowOrigin,
-      mProxyInfo, mOriginAttributes, mEndToEndSSL, mIsolated);
+  RefPtr<nsHttpConnectionInfo> clone =
+      new nsHttpConnectionInfo(mOrigin, mOriginPort, EmptyCString(), mUsername,
+                               mProxyInfo, mOriginAttributes, mEndToEndSSL);
   // Make sure the anonymous, insecure-scheme, and private flags are transferred
   clone->SetAnonymous(GetAnonymous());
   clone->SetPrivate(GetPrivate());
   clone->SetInsecureScheme(GetInsecureScheme());
   clone->SetNoSpdy(GetNoSpdy());
   clone->SetBeConservative(GetBeConservative());
   clone->SetTlsFlags(GetTlsFlags());
   clone->SetTrrUsed(GetTrrUsed());
@@ -323,19 +289,19 @@ nsresult nsHttpConnectionInfo::CreateWil
   // TS??*:0 (https:proxy.ducksong.com:3128)   [wildcard form]
 
   if (!mUsingHttpsProxy) {
     MOZ_ASSERT(false);
     return NS_ERROR_NOT_IMPLEMENTED;
   }
 
   RefPtr<nsHttpConnectionInfo> clone;
-  clone = new nsHttpConnectionInfo(NS_LITERAL_CSTRING("*"), 0, mNPNToken,
-                                   mUsername, mTopWindowOrigin, mProxyInfo,
-                                   mOriginAttributes, true);
+  clone =
+      new nsHttpConnectionInfo(NS_LITERAL_CSTRING("*"), 0, mNPNToken, mUsername,
+                               mProxyInfo, mOriginAttributes, true);
   // Make sure the anonymous and private flags are transferred!
   clone->SetAnonymous(GetAnonymous());
   clone->SetPrivate(GetPrivate());
   clone.forget(outParam);
   return NS_OK;
 }
 
 void nsHttpConnectionInfo::SetTrrDisabled(bool aNoTrr) {
@@ -357,17 +323,17 @@ void nsHttpConnectionInfo::SetIPv6Disabl
     mIPv6Disabled = aNoIPv6;
     BuildHashKey();
   }
 }
 
 void nsHttpConnectionInfo::SetTlsFlags(uint32_t aTlsFlags) {
   mTlsFlags = aTlsFlags;
 
-  mHashKey.Replace(19, 8, nsPrintfCString("%08x", mTlsFlags));
+  mHashKey.Replace(18, 8, nsPrintfCString("%08x", mTlsFlags));
 }
 
 bool nsHttpConnectionInfo::UsingProxy() {
   if (!mProxyInfo) return false;
   return !mProxyInfo->IsDirect();
 }
 
 bool nsHttpConnectionInfo::HostIsLocalIPLiteral() const {
--- a/netwerk/protocol/http/nsHttpConnectionInfo.h
+++ b/netwerk/protocol/http/nsHttpConnectionInfo.h
@@ -33,27 +33,25 @@ namespace mozilla {
 namespace net {
 
 extern LazyLogModule gHttpLog;
 
 class nsHttpConnectionInfo final : public ARefBase {
  public:
   nsHttpConnectionInfo(const nsACString &originHost, int32_t originPort,
                        const nsACString &npnToken, const nsACString &username,
-                       const nsACString &topWindowOrigin,
                        nsProxyInfo *proxyInfo,
                        const OriginAttributes &originAttributes,
                        bool endToEndSSL = false);
 
   // this version must use TLS and you may supply separate
   // connection (aka routing) information than the authenticated
   // origin information
   nsHttpConnectionInfo(const nsACString &originHost, int32_t originPort,
                        const nsACString &npnToken, const nsACString &username,
-                       const nsACString &topWindowOrigin,
                        nsProxyInfo *proxyInfo,
                        const OriginAttributes &originAttributes,
                        const nsACString &routedHost, int32_t routedPort);
 
  private:
   virtual ~nsHttpConnectionInfo() {
     MOZ_LOG(gHttpLog, LogLevel::Debug,
             ("Destroying nsHttpConnectionInfo @%p\n", this));
@@ -119,22 +117,16 @@ class nsHttpConnectionInfo final : publi
   void SetNoSpdy(bool aNoSpdy) { mHashKey.SetCharAt(aNoSpdy ? 'X' : '.', 5); }
   bool GetNoSpdy() const { return mHashKey.CharAt(5) == 'X'; }
 
   void SetBeConservative(bool aBeConservative) {
     mHashKey.SetCharAt(aBeConservative ? 'C' : '.', 6);
   }
   bool GetBeConservative() const { return mHashKey.CharAt(6) == 'C'; }
 
-  void SetIsolated(bool aIsolated) {
-    mIsolated = aIsolated;
-    BuildHashKey();
-  }
-  bool GetIsolated() const { return mIsolated; }
-
   void SetTlsFlags(uint32_t aTlsFlags);
   uint32_t GetTlsFlags() const { return mTlsFlags; }
 
   // TrrUsed means that this connection is used to send TRR requests over
   void SetTrrUsed(bool aUsed) { mTrrUsed = aUsed; }
   bool GetTrrUsed() const { return mTrrUsed; }
 
   // SetTrrDisabled means don't use TRR to resolve host names for this
@@ -145,17 +137,16 @@ class nsHttpConnectionInfo final : publi
   void SetIPv4Disabled(bool aNoIPv4);
   bool GetIPv4Disabled() const { return mIPv4Disabled; }
 
   void SetIPv6Disabled(bool aNoIPv6);
   bool GetIPv6Disabled() const { return mIPv6Disabled; }
 
   const nsCString &GetNPNToken() { return mNPNToken; }
   const nsCString &GetUsername() { return mUsername; }
-  const nsCString &GetTopWindowOrigin() { return mTopWindowOrigin; }
 
   const OriginAttributes &GetOriginAttributes() { return mOriginAttributes; }
 
   // Returns true for any kind of proxy (http, socks, https, etc..)
   bool UsingProxy();
 
   // Returns true when proxying over HTTP or HTTPS
   bool UsingHttpProxy() const { return mUsingHttpProxy || mUsingHttpsProxy; }
@@ -178,55 +169,37 @@ class nsHttpConnectionInfo final : publi
   bool HostIsLocalIPLiteral() const;
 
   bool GetLessThanTls13() const { return mLessThanTls13; }
   void SetLessThanTls13(bool aLessThanTls13) {
     mLessThanTls13 = aLessThanTls13;
   }
 
  private:
-  // These constructor versions are intended to only be used from Clone().
-  nsHttpConnectionInfo(const nsACString &originHost, int32_t originPort,
-                       const nsACString &npnToken, const nsACString &username,
-                       const nsACString &topWindowOrigin,
-                       nsProxyInfo *proxyInfo,
-                       const OriginAttributes &originAttributes,
-                       bool endToEndSSL, bool isolated);
-  nsHttpConnectionInfo(const nsACString &originHost, int32_t originPort,
-                       const nsACString &npnToken, const nsACString &username,
-                       const nsACString &topWindowOrigin,
-                       nsProxyInfo *proxyInfo,
-                       const OriginAttributes &originAttributes,
-                       const nsACString &routedHost, int32_t routedPort,
-                       bool isolated);
-
   void Init(const nsACString &host, int32_t port, const nsACString &npnToken,
-            const nsACString &username, const nsACString &topWindowOrigin,
-            nsProxyInfo *proxyInfo, const OriginAttributes &originAttributes,
-            bool EndToEndSSL);
+            const nsACString &username, nsProxyInfo *proxyInfo,
+            const OriginAttributes &originAttributes, bool EndToEndSSL);
   void SetOriginServer(const nsACString &host, int32_t port);
 
   nsCString mOrigin;
   int32_t mOriginPort;
   nsCString mRoutedHost;
   int32_t mRoutedPort;
 
   nsCString mHashKey;
   nsCString mUsername;
-  nsCString mTopWindowOrigin;
   nsCOMPtr<nsProxyInfo> mProxyInfo;
   bool mUsingHttpProxy;
   bool mUsingHttpsProxy;
   bool mEndToEndSSL;
   bool mUsingConnect;  // if will use CONNECT with http proxy
   nsCString mNPNToken;
   OriginAttributes mOriginAttributes;
 
   uint32_t mTlsFlags;
-  uint16_t mIsolated : 1;
   uint16_t mTrrUsed : 1;
   uint16_t mTrrDisabled : 1;
   uint16_t mIPv4Disabled : 1;
   uint16_t mIPv6Disabled : 1;
 
   bool mLessThanTls13;  // This will be set to true if we negotiate less than
                         // tls1.3. If the tls version is till not know or it
                         // is 1.3 or greater the value will be false.
--- a/netwerk/protocol/http/nsHttpConnectionMgr.cpp
+++ b/netwerk/protocol/http/nsHttpConnectionMgr.cpp
@@ -4020,19 +4020,17 @@ nsresult nsHttpConnectionMgr::nsHalfOpen
 
   if (mCaps & NS_HTTP_DISABLE_TRR) {
     tmpFlags = nsISocketTransport::DISABLE_TRR;
   }
 
   if (mCaps & NS_HTTP_LOAD_ANONYMOUS)
     tmpFlags |= nsISocketTransport::ANONYMOUS_CONNECT;
 
-  if (ci->GetPrivate() || ci->GetIsolated()) {
-    tmpFlags |= nsISocketTransport::NO_PERMANENT_STORAGE;
-  }
+  if (ci->GetPrivate()) tmpFlags |= nsISocketTransport::NO_PERMANENT_STORAGE;
 
   if (ci->GetLessThanTls13()) {
     tmpFlags |= nsISocketTransport::DONT_TRY_ESNI;
   }
 
   if ((mCaps & NS_HTTP_BE_CONSERVATIVE) || ci->GetBeConservative()) {
     LOG(("Setting Socket to BE_CONSERVATIVE"));
     tmpFlags |= nsISocketTransport::BE_CONSERVATIVE;
--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@@ -2491,23 +2491,19 @@ nsresult nsHttpHandler::SpeculativeConne
 
   int32_t port = -1;
   rv = aURI->GetPort(&port);
   if (NS_FAILED(rv)) return rv;
 
   nsAutoCString username;
   aURI->GetUsername(username);
 
-  // TODO For now pass EmptyCString() for topWindowOrigin for all speculative
-  // connection attempts, but ideally we should pass the accurate top window
-  // origin here.  This would require updating the nsISpeculativeConnect API
-  // and all of its consumers.
-  RefPtr<nsHttpConnectionInfo> ci = new nsHttpConnectionInfo(
-      host, port, EmptyCString(), username, EmptyCString(), nullptr,
-      originAttributes, usingSSL);
+  RefPtr<nsHttpConnectionInfo> ci =
+      new nsHttpConnectionInfo(host, port, EmptyCString(), username, nullptr,
+                               originAttributes, usingSSL);
   ci->SetAnonymous(anonymous);
 
   return SpeculativeConnect(ci, aCallbacks);
 }
 
 NS_IMETHODIMP
 nsHttpHandler::SpeculativeConnect(nsIURI *aURI, nsIPrincipal *aPrincipal,
                                   nsIInterfaceRequestor *aCallbacks) {
--- a/toolkit/components/antitracking/test/browser/browser_tlsSessionTickets.js
+++ b/toolkit/components/antitracking/test/browser/browser_tlsSessionTickets.js
@@ -1,22 +1,8 @@
-function isIsolated(key) {
-  return key.charAt(7) == "i";
-}
-
-function hasTopWindowOrigin(key, origin) {
-  let tokenAtEnd = `{{${origin}}}`;
-  let endPart = key.slice(-tokenAtEnd.length);
-  return endPart == tokenAtEnd;
-}
-
-function hasAnyTopWindowOrigin(key) {
-  return !!key.match(/{{[^}]+}}/);
-}
-
 add_task(async function() {
   info("Starting tlsSessionTickets test");
 
   await SpecialPowers.flushPrefEnv();
   await SpecialPowers.pushPrefEnv({"set": [
     ["browser.cache.disk.enable", false],
     ["browser.cache.memory.enable", false],
     ["browser.contentblocking.allowlist.annotations.enabled", true],
@@ -91,26 +77,16 @@ add_task(async function() {
     // second and third connections are the same.  The reason why this check is
     // done is that the private bit on the connection info object is used to
     // construct the hash key, so when the connection is isolated because it
     // comes from a third-party tracker context, its hash key must be
     // different.
     is(hashKeys.length, 3, "We should have observed 3 loads for " + trackingURL);
     is(hashKeys[1], hashKeys[2], "The second and third hash keys should match");
     isnot(hashKeys[0], hashKeys[1], "The first and second hash keys should not match");
-
-    ok(isIsolated(hashKeys[0]), "The first connection must have been isolated");
-    ok(!isIsolated(hashKeys[1]), "The second connection must not have been isolated");
-    ok(!isIsolated(hashKeys[2]), "The third connection must not have been isolated");
-    ok(hasTopWindowOrigin(hashKeys[0], TEST_DOMAIN.replace(/\/$/, "")),
-       "The first connection must be bound to its top-level window");
-    ok(!hasAnyTopWindowOrigin(hashKeys[1]),
-       "The second connection must not be bound to a top-level window");
-    ok(!hasAnyTopWindowOrigin(hashKeys[2]),
-       "The third connection must not be bound to a top-level window");
   });
 
   info("Removing the tab");
   BrowserTestUtils.removeTab(tab);
 });
 
 add_task(async function() {
   info("Cleaning up.");