Bug 1038756: Callsites creating a channel in content/base/ and content/html (r=jst)
authorChristoph Kerschbaumer <mozilla@christophkerschbaumer.com>
Sun, 21 Sep 2014 09:36:25 -0700
changeset 206501 666d31a3753a2edd2c700ad93eb70e12e1e27141
parent 206500 d20696b5c3093fef85944dc4fce2faaad6c57741
child 206502 2e52e838785094b4051da83a99f41a9d8aa634d5
push id1
push userroot
push dateMon, 20 Oct 2014 17:29:22 +0000
reviewersjst
bugs1038756
milestone35.0a1
Bug 1038756: Callsites creating a channel in content/base/ and content/html (r=jst)
content/base/src/DOMParser.cpp
content/base/src/EventSource.cpp
content/base/src/nsCSPContext.cpp
content/base/src/nsCSPContext.h
content/base/src/nsContentUtils.cpp
content/base/src/nsCrossSiteListenerProxy.cpp
content/base/src/nsDocument.cpp
content/base/src/nsFrameMessageManager.cpp
content/base/src/nsHostObjectProtocolHandler.cpp
content/base/src/nsObjectLoadingContent.cpp
content/base/src/nsScriptLoader.cpp
content/base/src/nsSyncLoadService.cpp
content/base/src/nsXMLHttpRequest.cpp
content/base/test/TestCSPParser.cpp
content/html/content/src/HTMLMediaElement.cpp
content/html/content/src/HTMLTrackElement.cpp
content/html/document/src/nsHTMLDocument.cpp
--- a/content/base/src/DOMParser.cpp
+++ b/content/base/src/DOMParser.cpp
@@ -240,18 +240,20 @@ DOMParser::ParseFromStream(nsIInputStrea
   // Create a fake channel 
   nsCOMPtr<nsIChannel> parserChannel;
   NS_NewInputStreamChannel(getter_AddRefs(parserChannel), mDocumentURI, nullptr,
                            nsDependentCString(contentType), nullptr);
   NS_ENSURE_STATE(parserChannel);
 
   // More principal-faking here
   nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(mOriginalPrincipal, LoadInfo::eInheritPrincipal,
-                 LoadInfo::eNotSandboxed);
+    new LoadInfo(mOriginalPrincipal,
+                 nullptr,
+                 nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                 nsIContentPolicy::TYPE_OTHER);
   parserChannel->SetLoadInfo(loadInfo);
 
   if (charset) {
     parserChannel->SetContentCharset(nsDependentCString(charset));
   }
 
   // Tell the document to start loading
   nsCOMPtr<nsIStreamListener> listener;
--- a/content/base/src/EventSource.cpp
+++ b/content/base/src/EventSource.cpp
@@ -365,28 +365,16 @@ EventSource::OnStartRequest(nsIRequest *
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (httpStatus != 200) {
     mInterrupted = true;
     DispatchFailConnection();
     return NS_ERROR_ABORT;
   }
 
-  nsCOMPtr<nsIPrincipal> principal = mPrincipal;
-  if (nsContentUtils::IsSystemPrincipal(principal)) {
-    // Don't give this channel the system principal.
-    principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-  }
-  nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(principal, LoadInfo::eInheritPrincipal,
-                 LoadInfo::eNotSandboxed);
-  rv = httpChannel->SetLoadInfo(loadInfo);
-  NS_ENSURE_SUCCESS(rv, rv);
-
   nsCOMPtr<nsIRunnable> event =
     NS_NewRunnableMethod(this, &EventSource::AnnounceConnection);
   NS_ENSURE_STATE(event);
 
   rv = NS_DispatchToMainThread(event);
   NS_ENSURE_SUCCESS(rv, rv);
 
   mStatus = PARSE_STATE_BEGIN_OF_STREAM;
@@ -756,19 +744,52 @@ EventSource::InitChannelAndRequestEventS
   nsresult rv = mPrincipal->GetCsp(getter_AddRefs(csp));
   NS_ENSURE_SUCCESS(rv, rv);
   if (csp) {
     channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_DATAREQUEST);
   }
 
+  nsIScriptContext* sc = GetContextForEventHandlers(&rv);
+  nsCOMPtr<nsIDocument> doc =
+    nsContentUtils::GetDocumentFromScriptContext(sc);
+
+  nsCOMPtr<nsIPrincipal> principal = mPrincipal;
+  if (nsContentUtils::IsSystemPrincipal(principal)) {
+    // Don't give this channel the system principal.
+    principal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
   nsCOMPtr<nsIChannel> channel;
-  rv = NS_NewChannel(getter_AddRefs(channel), mSrc, nullptr, mLoadGroup,
-                     nullptr, loadFlags, channelPolicy);
+  // If we have the document, use it
+  if (doc) {
+    rv = NS_NewChannel(getter_AddRefs(channel),
+                       mSrc,
+                       doc,
+                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       nsIContentPolicy::TYPE_DATAREQUEST,
+                       channelPolicy,    // aChannelPolicy
+                       mLoadGroup,       // loadGroup
+                       nullptr,          // aCallbacks
+                       loadFlags);       // aLoadFlags
+  } else {
+    // otherwise use the principal
+    rv = NS_NewChannel(getter_AddRefs(channel),
+                       mSrc,
+                       principal,
+                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       nsIContentPolicy::TYPE_DATAREQUEST,
+                       channelPolicy,    // aChannelPolicy
+                       mLoadGroup,       // loadGroup
+                       nullptr,          // aCallbacks
+                       loadFlags);       // aLoadFlags
+  }
+
   NS_ENSURE_SUCCESS(rv, rv);
 
   mHttpChannel = do_QueryInterface(channel);
   NS_ENSURE_TRUE(mHttpChannel, NS_ERROR_NO_INTERFACE);
 
   rv = SetupHttpChannel();
   NS_ENSURE_SUCCESS(rv, rv);
 
--- a/content/base/src/nsCSPContext.cpp
+++ b/content/base/src/nsCSPContext.cpp
@@ -12,31 +12,34 @@
 #include "nsError.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
 #include "nsIChannelPolicy.h"
 #include "nsIClassInfoImpl.h"
 #include "nsIDocShell.h"
 #include "nsIDocShellTreeItem.h"
 #include "nsIDOMHTMLDocument.h"
 #include "nsIDOMHTMLElement.h"
+#include "nsIDOMNode.h"
 #include "nsIDOMWindowUtils.h"
 #include "nsIHttpChannel.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsIObjectInputStream.h"
 #include "nsIObjectOutputStream.h"
 #include "nsIObserver.h"
 #include "nsIObserverService.h"
 #include "nsIPropertyBag2.h"
 #include "nsIStringStream.h"
 #include "nsIUploadChannel.h"
 #include "nsIScriptError.h"
 #include "nsIWebNavigation.h"
 #include "nsIWritablePropertyBag2.h"
 #include "nsNetUtil.h"
+#include "nsNullPrincipal.h"
+#include "nsIContentPolicy.h"
 #include "nsSupportsPrimitives.h"
 #include "nsThreadUtils.h"
 #include "nsString.h"
 #include "prlog.h"
 #include "mozilla/dom/CSPReportBinding.h"
 
 using namespace mozilla;
 
@@ -544,16 +547,27 @@ nsCSPContext::SetRequestContext(nsIURI* 
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   NS_ASSERTION(mSelfURI, "No aSelfURI and no URI available from channel in SetRequestContext, can not translate 'self' into actual URI");
 
   if (aChannel) {
     mInnerWindowID = getInnerWindowID(aChannel);
     aChannel->GetLoadGroup(getter_AddRefs(mCallingChannelLoadGroup));
+
+    // Storing the nsINode from the LoadInfo of the original channel,
+    // so we can reuse that information when sending reports.
+    nsCOMPtr<nsILoadInfo> loadInfo;
+    aChannel->GetLoadInfo(getter_AddRefs(loadInfo));
+    if (loadInfo) {
+      nsINode* loadingNode = loadInfo->LoadingNode();
+      if (loadingNode) {
+        mLoadingContext = do_GetWeakReference(loadingNode);
+      }
+    }
   }
   else {
     NS_WARNING("Channel needed (but null) in SetRequestContext.  Cannot query loadgroup, which means report sending may fail.");
   }
 
   mReferrer = aReferrer;
   if (!mReferrer) {
     nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(aChannel));
@@ -669,33 +683,53 @@ nsCSPContext::SendReports(nsISupports* a
   // ---------- Assembled, now send it to all the report URIs ----------- //
 
   nsTArray<nsString> reportURIs;
   mPolicies[aViolatedPolicyIndex]->getReportURIs(reportURIs);
 
   nsCOMPtr<nsIURI> reportURI;
   nsCOMPtr<nsIChannel> reportChannel;
 
+  nsCOMPtr<nsIDOMNode> loadingContext = do_QueryReferent(mLoadingContext);
+  nsCOMPtr<nsINode> loadingNode = do_QueryInterface(loadingContext);
+
   for (uint32_t r = 0; r < reportURIs.Length(); r++) {
     nsAutoCString reportURICstring = NS_ConvertUTF16toUTF8(reportURIs[r]);
     // try to create a new uri from every report-uri string
     rv = NS_NewURI(getter_AddRefs(reportURI), reportURIs[r]);
     if (NS_FAILED(rv)) {
       const char16_t* params[] = { reportURIs[r].get() };
       CSPCONTEXTLOG(("Could not create nsIURI for report URI %s",
                      reportURICstring.get()));
       CSP_LogLocalizedStr(NS_LITERAL_STRING("triedToSendReport").get(),
                           params, ArrayLength(params),
                           aSourceFile, aScriptSample, aLineNum, 0,
                           nsIScriptError::errorFlag, "CSP", mInnerWindowID);
       continue; // don't return yet, there may be more URIs
     }
 
     // try to create a new channel for every report-uri
-    rv = NS_NewChannel(getter_AddRefs(reportChannel), reportURI);
+    if (loadingNode) {
+      rv = NS_NewChannel(getter_AddRefs(reportChannel),
+                         reportURI,
+                         loadingNode,
+                         nsILoadInfo::SEC_NORMAL,
+                         nsIContentPolicy::TYPE_CSP_REPORT);
+    }
+    else {
+      nsCOMPtr<nsIPrincipal> nullPrincipal =
+        do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
+      NS_ENSURE_SUCCESS(rv, rv);
+      rv = NS_NewChannel(getter_AddRefs(reportChannel),
+                         reportURI,
+                         nullPrincipal,
+                         nsILoadInfo::SEC_NORMAL,
+                         nsIContentPolicy::TYPE_CSP_REPORT);
+    }
+
     if (NS_FAILED(rv)) {
       CSPCONTEXTLOG(("Could not create new channel for report URI %s",
                      reportURICstring.get()));
       continue; // don't return yet, there may be more URIs
     }
 
     // make sure this is an anonymous request (no cookies) so in case the
     // policy URI is injected, it can't be abused for CSRF.
--- a/content/base/src/nsCSPContext.h
+++ b/content/base/src/nsCSPContext.h
@@ -10,16 +10,17 @@
 #include "nsDataHashtable.h"
 #include "nsIChannel.h"
 #include "nsIChannelEventSink.h"
 #include "nsIClassInfo.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIInterfaceRequestor.h"
 #include "nsISerializable.h"
 #include "nsIStreamListener.h"
+#include "nsWeakPtr.h"
 #include "nsXPCOM.h"
 
 #define NS_CSPCONTEXT_CONTRACTID "@mozilla.org/cspcontext;1"
  // 09d9ed1a-e5d4-4004-bfe0-27ceb923d9ac
 #define NS_CSPCONTEXT_CID \
 { 0x09d9ed1a, 0xe5d4, 0x4004, \
   { 0xbf, 0xe0, 0x27, 0xce, 0xb9, 0x23, 0xd9, 0xac } }
 
@@ -61,16 +62,17 @@ class nsCSPContext : public nsIContentSe
                                     bool* outIsAllowed) const;
 
     nsCOMPtr<nsIURI>                           mReferrer;
     uint64_t                                   mInnerWindowID; // used for web console logging
     nsTArray<nsCSPPolicy*>                     mPolicies;
     nsCOMPtr<nsIURI>                           mSelfURI;
     nsDataHashtable<nsCStringHashKey, int16_t> mShouldLoadCache;
     nsCOMPtr<nsILoadGroup>                     mCallingChannelLoadGroup;
+    nsWeakPtr                                  mLoadingContext;
 };
 
 // Class that listens to violation report transmission and logs errors.
 class CSPViolationReportListener : public nsIStreamListener
 {
   public:
     NS_DECL_NSISTREAMLISTENER
     NS_DECL_NSIREQUESTOBSERVER
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -6504,18 +6504,18 @@ nsContentUtils::SetUpChannelOwner(nsIPri
        // One more check here.  CheckMayLoad will always return true for the
        // system principal, but we do NOT want to inherit in that case.
        !IsSystemPrincipal(loadingPrincipal));
   }
 
   nsCOMPtr<nsILoadInfo> loadInfo =
     new LoadInfo(loadingPrincipal,
                  inherit ?
-                   LoadInfo::eInheritPrincipal : LoadInfo::eDontInheritPrincipal,
-                 aIsSandboxed ? LoadInfo::eSandboxed : LoadInfo::eNotSandboxed);
+                   nsILoadInfo::eInheritPrincipal : nsILoadInfo::eDontInheritPrincipal,
+                 aIsSandboxed ? nsILoadInfo::eSandboxed : nsILoadInfo::eNotSandboxed);
   aChannel->SetLoadInfo(loadInfo);
   return inherit && !aIsSandboxed;
 }
 
 /* static */
 bool
 nsContentUtils::IsFullScreenApiEnabled()
 {
--- a/content/base/src/nsCrossSiteListenerProxy.cpp
+++ b/content/base/src/nsCrossSiteListenerProxy.cpp
@@ -25,16 +25,17 @@
 #include "nsClassHashtable.h"
 #include "nsHashKeys.h"
 #include "nsStreamUtils.h"
 #include "mozilla/Preferences.h"
 #include "nsIScriptError.h"
 #include "nsILoadGroup.h"
 #include "nsILoadContext.h"
 #include "nsIConsoleService.h"
+#include "nsIDOMNode.h"
 #include "nsIDOMWindowUtils.h"
 #include "nsIDOMWindow.h"
 #include <algorithm>
 
 using namespace mozilla;
 
 #define PREFLIGHT_CACHE_SIZE 100
 
@@ -1125,19 +1126,42 @@ NS_StartCORSPreflight(nsIChannel* aReque
   nsCOMPtr<nsILoadGroup> loadGroup;
   rv = aRequestChannel->GetLoadGroup(getter_AddRefs(loadGroup));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsLoadFlags loadFlags;
   rv = aRequestChannel->GetLoadFlags(&loadFlags);
   NS_ENSURE_SUCCESS(rv, rv);
 
+  nsCOMPtr<nsILoadInfo> loadInfo;
+  rv = aRequestChannel->GetLoadInfo(getter_AddRefs(loadInfo));
+  NS_ENSURE_SUCCESS(rv, rv);
+
   nsCOMPtr<nsIChannel> preflightChannel;
-  rv = NS_NewChannel(getter_AddRefs(preflightChannel), uri, nullptr,
-                     loadGroup, nullptr, loadFlags);
+  if (loadInfo) {
+    rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
+                               uri,
+                               loadInfo,
+                               nullptr,   // aChannelPolicy
+                               loadGroup,
+                               nullptr,   // aCallbacks
+                               loadFlags);
+  }
+  else {
+    rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
+                               uri,
+                               nullptr, // aRequestingNode,
+                               nsContentUtils::GetSystemPrincipal(),
+                               nsILoadInfo::SEC_NORMAL,
+                               nsIContentPolicy::TYPE_OTHER,
+                               nullptr,   // aChannelPolicy
+                               loadGroup,
+                               nullptr,   // aCallbacks
+                               loadFlags);
+  }
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIHttpChannel> preHttp = do_QueryInterface(preflightChannel);
   NS_ASSERTION(preHttp, "Failed to QI to nsIHttpChannel!");
 
   rv = preHttp->SetRequestMethod(NS_LITERAL_CSTRING("OPTIONS"));
   NS_ENSURE_SUCCESS(rv, rv);
   
--- a/content/base/src/nsDocument.cpp
+++ b/content/base/src/nsDocument.cpp
@@ -1315,17 +1315,25 @@ nsExternalResourceMap::PendingLoad::Star
 
   nsIDocument* doc = aRequestingNode->OwnerDoc();
 
   nsCOMPtr<nsIInterfaceRequestor> req = nsContentUtils::GetSameOriginChecker();
   NS_ENSURE_TRUE(req, NS_ERROR_OUT_OF_MEMORY);
 
   nsCOMPtr<nsILoadGroup> loadGroup = doc->GetDocumentLoadGroup();
   nsCOMPtr<nsIChannel> channel;
-  rv = NS_NewChannel(getter_AddRefs(channel), aURI, nullptr, loadGroup, req);
+  rv = NS_NewChannel(getter_AddRefs(channel),
+                     aURI,
+                     aRequestingNode,
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_OTHER,
+                     nullptr, // aChannelPolicy
+                     loadGroup,
+                     req); // aCallbacks
+
   NS_ENSURE_SUCCESS(rv, rv);
 
   mURI = aURI;
 
   return channel->AsyncOpen(this, nullptr);
 }
 
 NS_IMPL_ISUPPORTS(nsExternalResourceMap::LoadgroupCallbacks,
--- a/content/base/src/nsFrameMessageManager.cpp
+++ b/content/base/src/nsFrameMessageManager.cpp
@@ -1487,17 +1487,22 @@ nsFrameScriptExecutor::TryCacheLoadAndCo
                            nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
                            &hasFlags);
   if (NS_FAILED(rv) || !hasFlags) {
     NS_WARNING("Will not load a frame script!");
     return;
   }
 
   nsCOMPtr<nsIChannel> channel;
-  NS_NewChannel(getter_AddRefs(channel), uri);
+  NS_NewChannel(getter_AddRefs(channel),
+                uri,
+                nsContentUtils::GetSystemPrincipal(),
+                nsILoadInfo::SEC_NORMAL,
+                nsIContentPolicy::TYPE_OTHER);
+
   if (!channel) {
     return;
   }
 
   nsCOMPtr<nsIInputStream> input;
   channel->Open(getter_AddRefs(input));
   nsString dataString;
   char16_t* dataStringBuf = nullptr;
--- a/content/base/src/nsHostObjectProtocolHandler.cpp
+++ b/content/base/src/nsHostObjectProtocolHandler.cpp
@@ -532,18 +532,20 @@ nsHostObjectProtocolHandler::NewChannel(
     channel->SetContentDispositionFilename(filename);
   }
 
   uint64_t size;
   rv = blob->GetSize(&size);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsILoadInfo> loadInfo =
-    new mozilla::LoadInfo(info->mPrincipal, LoadInfo::eInheritPrincipal,
-                          LoadInfo::eNotSandboxed);
+    new mozilla::LoadInfo(info->mPrincipal,
+                          nullptr,
+                          nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                          nsIContentPolicy::TYPE_OTHER);
   channel->SetLoadInfo(loadInfo);
   channel->SetOriginalURI(uri);
   channel->SetContentType(NS_ConvertUTF16toUTF8(type));
   channel->SetContentLength(size);
 
   channel.forget(result);
 
   return NS_OK;
--- a/content/base/src/nsObjectLoadingContent.cpp
+++ b/content/base/src/nsObjectLoadingContent.cpp
@@ -2498,20 +2498,28 @@ nsObjectLoadingContent::OpenChannel()
   NS_ENSURE_SUCCESS(rv, rv);
   if (csp) {
     channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_OBJECT);
   }
   nsRefPtr<ObjectInterfaceRequestorShim> shim =
     new ObjectInterfaceRequestorShim(this);
-  rv = NS_NewChannel(getter_AddRefs(chan), mURI, nullptr, group, shim,
+
+  rv = NS_NewChannel(getter_AddRefs(chan),
+                     mURI,
+                     thisContent,
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_OBJECT,
+                     channelPolicy,
+                     group, // aLoadGroup
+                     shim,  // aCallbacks
                      nsIChannel::LOAD_CALL_CONTENT_SNIFFERS |
-                     nsIChannel::LOAD_CLASSIFY_URI,
-                     channelPolicy);
+                     nsIChannel::LOAD_CLASSIFY_URI);
+
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Referrer
   nsCOMPtr<nsIHttpChannel> httpChan(do_QueryInterface(chan));
   if (httpChan) {
     httpChan->SetReferrer(doc->GetDocumentURI());
 
     // Set the initiator type
--- a/content/base/src/nsScriptLoader.cpp
+++ b/content/base/src/nsScriptLoader.cpp
@@ -314,19 +314,26 @@ nsScriptLoader::StartLoad(nsScriptLoadRe
   if (csp) {
     channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_SCRIPT);
   }
 
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel),
-                     aRequest->mURI, nullptr, loadGroup, prompter,
-                     nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_CLASSIFY_URI,
-                     channelPolicy);
+                     aRequest->mURI,
+                     mDocument,
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_SCRIPT,
+                     channelPolicy,
+                     loadGroup,
+                     prompter,
+                     nsIRequest::LOAD_NORMAL |
+                     nsIChannel::LOAD_CLASSIFY_URI);
+
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsIScriptElement *script = aRequest->mElement;
   nsCOMPtr<nsIHttpChannelInternal>
     internalHttpChannel(do_QueryInterface(channel));
 
   if (internalHttpChannel) {
     if (aScriptFromHead &&
--- a/content/base/src/nsSyncLoadService.cpp
+++ b/content/base/src/nsSyncLoadService.cpp
@@ -305,17 +305,22 @@ nsSyncLoader::GetInterface(const nsIID &
 
 /* static */
 nsresult
 nsSyncLoadService::LoadDocument(nsIURI *aURI, nsIPrincipal *aLoaderPrincipal,
                                 nsILoadGroup *aLoadGroup, bool aForceToXML,
                                 nsIDOMDocument** aResult)
 {
     nsCOMPtr<nsIChannel> channel;
-    nsresult rv = NS_NewChannel(getter_AddRefs(channel), aURI, nullptr,
+    nsresult rv = NS_NewChannel(getter_AddRefs(channel),
+                                aURI,
+                                aLoaderPrincipal,
+                                nsILoadInfo::SEC_NORMAL,
+                                nsIContentPolicy::TYPE_OTHER,
+                                nullptr,   // aChannelPolicy
                                 aLoadGroup);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (!aForceToXML) {
         channel->SetContentType(NS_LITERAL_CSTRING("text/xml"));
     }
 
     bool isChrome = false, isResource = false;
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -1729,23 +1729,53 @@ nsXMLHttpRequest::Open(const nsACString&
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   rv = mPrincipal->GetCsp(getter_AddRefs(csp));
   NS_ENSURE_SUCCESS(rv, rv);
   if (csp) {
     channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_XMLHTTPREQUEST);
   }
-  rv = NS_NewChannel(getter_AddRefs(mChannel),
-                     uri,
-                     nullptr,                    // ioService
-                     loadGroup,
-                     nullptr,                    // callbacks
-                     nsIRequest::LOAD_BACKGROUND,
-                     channelPolicy);
+
+  nsCOMPtr<nsIPrincipal> documentPrincipal;
+  if (IsSystemXHR()) {
+    // Don't give this document the system principal.  We need to keep track of
+    // mPrincipal being system because we use it for various security checks
+    // that should be passing, but the document data shouldn't get a system
+    // principal.
+    documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    documentPrincipal = mPrincipal;
+  }
+
+  // If we have the document, use it
+  if (doc) {
+    rv = NS_NewChannel(getter_AddRefs(mChannel),
+                       uri,
+                       doc,
+                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       nsIContentPolicy::TYPE_XMLHTTPREQUEST,
+                       channelPolicy,
+                       loadGroup,
+                       nullptr,   // aCallbacks
+                       nsIRequest::LOAD_BACKGROUND);
+  } else {
+    //otherwise use the principal
+    rv = NS_NewChannel(getter_AddRefs(mChannel),
+                       uri,
+                       documentPrincipal,
+                       nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                       nsIContentPolicy::TYPE_XMLHTTPREQUEST,
+                       channelPolicy,
+                       loadGroup,
+                       nullptr,   // aCallbacks
+                       nsIRequest::LOAD_BACKGROUND);
+  }
+
   if (NS_FAILED(rv)) return rv;
 
   mState &= ~(XML_HTTP_REQUEST_USE_XSITE_AC |
               XML_HTTP_REQUEST_NEED_AC_PREFLIGHT);
 
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
   if (httpChannel) {
     rv = httpChannel->SetRequestMethod(method);
@@ -1965,21 +1995,16 @@ nsXMLHttpRequest::OnStartRequest(nsIRequ
     // principal.
     nsresult rv;
     documentPrincipal = do_CreateInstance("@mozilla.org/nullprincipal;1", &rv);
     NS_ENSURE_SUCCESS(rv, rv);
   } else {
     documentPrincipal = mPrincipal;
   }
 
-  nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(documentPrincipal, LoadInfo::eInheritPrincipal,
-                 LoadInfo::eNotSandboxed);
-  channel->SetLoadInfo(loadInfo);
-
   nsresult status;
   request->GetStatus(&status);
   mErrorLoad = mErrorLoad || NS_FAILED(status);
 
   if (mUpload && !mUploadComplete && !mErrorLoad &&
       (mState & XML_HTTP_REQUEST_ASYNC)) {
     if (mProgressTimerIsActive) {
       mProgressTimerIsActive = false;
--- a/content/base/test/TestCSPParser.cpp
+++ b/content/base/test/TestCSPParser.cpp
@@ -16,20 +16,21 @@ class nsAString;
 class nsAFlatString;
 class nsAFlatCString;
 class nsAdoptingString;
 class nsAdoptingCString;
 class nsXPIDLString;
 template<class T> class nsReadingIterator;
 #endif
 
-#include "../src/nsCSPContext.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsNetUtil.h"
 #include "TestHarness.h"
+#include "nsIScriptSecurityManager.h"
+#include "../src/nsCSPContext.h"
 
 #ifndef MOZILLA_INTERNAL_API
 #undef nsString_h___
 #undef nsAString_h___
 #undef nsReadableUtils_h___
 #endif
 
 /*
@@ -87,20 +88,31 @@ nsresult runTest(uint32_t aExpectedPolic
                  const char* aPolicy,
                  const char* aExpextedResult) {
 
   // we init the csp with http://www.selfuri.com
   nsCOMPtr<nsIURI> selfURI;
   nsresult rv = NS_NewURI(getter_AddRefs(selfURI), "http://www.selfuri.com");
   NS_ENSURE_SUCCESS(rv, rv);
 
+  nsCOMPtr<nsIScriptSecurityManager> secman =
+    do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+     nsCOMPtr<nsIPrincipal> systemPrincipal;
+  rv = secman->GetSystemPrincipal(getter_AddRefs(systemPrincipal));
+  NS_ENSURE_SUCCESS(rv, rv);
+
   // we also init the csp with a dummyChannel, which is unused
   // for the parser tests but surpresses assertions in SetRequestContext.
   nsCOMPtr<nsIChannel> dummyChannel;
-  rv = NS_NewChannel(getter_AddRefs(dummyChannel), selfURI);
+  rv = NS_NewChannel(getter_AddRefs(dummyChannel),
+                     selfURI,
+                     systemPrincipal,
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_OTHER);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // create a CSP object
   nsCOMPtr<nsIContentSecurityPolicy> csp =
     do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // for testing the parser we only need to set selfURI which is needed
--- a/content/html/content/src/HTMLMediaElement.cpp
+++ b/content/html/content/src/HTMLMediaElement.cpp
@@ -77,16 +77,17 @@
 #include "mozilla/dom/power/PowerManagerService.h"
 #include "mozilla/dom/WakeLock.h"
 
 #include "mozilla/dom/AudioTrack.h"
 #include "mozilla/dom/AudioTrackList.h"
 #include "mozilla/dom/VideoTrack.h"
 #include "mozilla/dom/VideoTrackList.h"
 #include "mozilla/dom/TextTrack.h"
+#include "nsIContentPolicy.h"
 
 #include "ImageContainer.h"
 #include "nsRange.h"
 #include <algorithm>
 
 #ifdef PR_LOGGING
 static PRLogModuleInfo* gMediaElementLog;
 static PRLogModuleInfo* gMediaElementEventsLog;
@@ -1191,23 +1192,26 @@ nsresult HTMLMediaElement::LoadResource(
   if (csp) {
     channelPolicy = do_CreateInstance("@mozilla.org/nschannelpolicy;1");
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
   }
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel),
                      mLoadingSrc,
-                     nullptr,
+                     static_cast<Element*>(this),
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_MEDIA,
+                     channelPolicy,
                      loadGroup,
-                     nullptr,
+                     nullptr,   // aCallbacks
                      nsICachingChannel::LOAD_BYPASS_LOCAL_CACHE_IF_BUSY |
                      nsIChannel::LOAD_MEDIA_SNIFFER_OVERRIDES_CONTENT_TYPE |
-                     nsIChannel::LOAD_CALL_CONTENT_SNIFFERS,
-                     channelPolicy);
+                     nsIChannel::LOAD_CALL_CONTENT_SNIFFERS);
+
   NS_ENSURE_SUCCESS(rv,rv);
 
   // The listener holds a strong reference to us.  This creates a
   // reference cycle, once we've set mChannel, which is manually broken
   // in the listener's OnStartRequest method after it is finished with
   // the element. The cycle will also be broken if we get a shutdown
   // notification before OnStartRequest fires.  Necko guarantees that
   // OnStartRequest will eventually fire if we don't shut down first.
--- a/content/html/content/src/HTMLTrackElement.cpp
+++ b/content/html/content/src/HTMLTrackElement.cpp
@@ -3,16 +3,18 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/dom/Element.h"
 #include "mozilla/dom/HTMLMediaElement.h"
 #include "mozilla/dom/HTMLTrackElement.h"
 #include "mozilla/dom/HTMLTrackElementBinding.h"
 #include "mozilla/dom/HTMLUnknownElement.h"
+#include "nsIContentPolicy.h"
+#include "mozilla/LoadInfo.h"
 #include "WebVTTListener.h"
 #include "nsAttrValueInlines.h"
 #include "nsCOMPtr.h"
 #include "nsContentPolicyUtils.h"
 #include "nsContentUtils.h"
 #include "nsCycleCollectionParticipant.h"
 #include "nsGenericHTMLElement.h"
 #include "nsGkAtoms.h"
@@ -248,21 +250,22 @@ HTMLTrackElement::LoadResource()
     }
     channelPolicy->SetContentSecurityPolicy(csp);
     channelPolicy->SetLoadType(nsIContentPolicy::TYPE_MEDIA);
   }
   nsCOMPtr<nsIChannel> channel;
   nsCOMPtr<nsILoadGroup> loadGroup = OwnerDoc()->GetDocumentLoadGroup();
   rv = NS_NewChannel(getter_AddRefs(channel),
                      uri,
-                     nullptr,
-                     loadGroup,
-                     nullptr,
-                     nsIRequest::LOAD_NORMAL,
-                     channelPolicy);
+                     static_cast<Element*>(this),
+                     nsILoadInfo::SEC_NORMAL,
+                     nsIContentPolicy::TYPE_MEDIA,
+                     channelPolicy,
+                     loadGroup);
+
   NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));
 
   mListener = new WebVTTListener(this);
   rv = mListener->LoadResource();
   NS_ENSURE_TRUE_VOID(NS_SUCCEEDED(rv));
   channel->SetNotificationCallbacks(mListener);
 
   LOG(PR_LOG_DEBUG, ("opening webvtt channel"));
--- a/content/html/document/src/nsHTMLDocument.cpp
+++ b/content/html/document/src/nsHTMLDocument.cpp
@@ -1,16 +1,17 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set sw=2 ts=2 et tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsHTMLDocument.h"
 
+#include "nsIContentPolicy.h"
 #include "mozilla/DebugOnly.h"
 #include "mozilla/dom/HTMLAllCollection.h"
 #include "nsCOMPtr.h"
 #include "nsGlobalWindow.h"
 #include "nsXPIDLString.h"
 #include "nsPrintfCString.h"
 #include "nsReadableUtils.h"
 #include "nsUnicharUtils.h"
@@ -1505,32 +1506,31 @@ nsHTMLDocument::Open(JSContext* cx,
     // count without the onload blocker request being in the loadgroup.
     EnsureOnloadBlocker();
   }
 
   // The open occurred after the document finished loading.
   // So we reset the document and create a new one.
   nsCOMPtr<nsIChannel> channel;
   nsCOMPtr<nsILoadGroup> group = do_QueryReferent(mDocumentLoadGroup);
-
-  rv = NS_NewChannel(getter_AddRefs(channel), uri, nullptr, group);
+  rv = NS_NewChannel(getter_AddRefs(channel),
+                     uri,
+                     callerDoc,
+                     nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                     nsIContentPolicy::TYPE_OTHER,
+                     nullptr,   // aChannelPolicy
+                     group);
 
   if (rv.Failed()) {
     return nullptr;
   }
 
   // We can't depend on channels implementing property bags, so do our
   // base URI manually after reset.
 
-  // Set the caller principal, if any, on the channel so that we'll
-  // make sure to use it when we reset.
-  nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(callerPrincipal, LoadInfo::eInheritPrincipal,
-                 LoadInfo::eNotSandboxed);
-  rv = channel->SetLoadInfo(loadInfo);
   if (rv.Failed()) {
     return nullptr;
   }
 
   if (callerChannel) {
     nsLoadFlags callerLoadFlags;
     rv = callerChannel->GetLoadFlags(&callerLoadFlags);
     if (rv.Failed()) {
@@ -2368,35 +2368,34 @@ nsHTMLDocument::CreateAndAddWyciwygChann
 
   nsCOMPtr<nsIURI> wcwgURI;
   NS_NewURI(getter_AddRefs(wcwgURI), url);
 
   // Create the nsIWyciwygChannel to store out-of-band
   // document.write() script to cache
   nsCOMPtr<nsIChannel> channel;
   // Create a wyciwyg Channel
-  rv = NS_NewChannel(getter_AddRefs(channel), wcwgURI);
+  rv = NS_NewChannel(getter_AddRefs(channel),
+                     wcwgURI,
+                     NodePrincipal(),
+                     nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
+                     nsIContentPolicy::TYPE_OTHER);
+
   NS_ENSURE_SUCCESS(rv, rv);
 
   mWyciwygChannel = do_QueryInterface(channel);
 
   mWyciwygChannel->SetSecurityInfo(mSecurityInfo);
 
   // Note: we want to treat this like a "previous document" hint so that,
   // e.g. a <meta> tag in the document.write content can override it.
   SetDocumentCharacterSetSource(kCharsetFromHintPrevDoc);
   mWyciwygChannel->SetCharsetAndSource(kCharsetFromHintPrevDoc,
                                        GetDocumentCharacterSet());
 
-  // Use our new principal
-  nsCOMPtr<nsILoadInfo> loadInfo =
-    new LoadInfo(NodePrincipal(), LoadInfo::eInheritPrincipal,
-                 LoadInfo::eNotSandboxed);
-  channel->SetLoadInfo(loadInfo);
-
   // Inherit load flags from the original document's channel
   channel->SetLoadFlags(mLoadFlags);
 
   nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
 
   // Use the Parent document's loadgroup to trigger load notifications
   if (loadGroup && channel) {
     rv = channel->SetLoadGroup(loadGroup);