Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking.
authorYoshi Huang <allstars.chh@mozilla.com>
Tue, 03 Nov 2015 09:50:54 +0800
changeset 295784 0e4c4db3b90ff45937cc1eab4b7bbd61f4674326
parent 295783 2757a39280f9b07dec0b56e38e1ef6a9f48b4f12
child 295785 6d76991804a50112a8b8be4a16b477ab25879903
push id8824
push userraliiev@mozilla.com
push dateMon, 14 Dec 2015 20:18:56 +0000
treeherdermozilla-aurora@e2031358e2a6 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking
bugs1209162
milestone45.0a1
Bug 1209162 - Create OriginAttributes subtypes. IGNORE IDL r=sicking.
caps/BasePrincipal.cpp
caps/BasePrincipal.h
caps/nsJSPrincipals.cpp
caps/nsNullPrincipal.cpp
caps/nsNullPrincipal.h
caps/nsPrincipal.cpp
caps/nsPrincipal.h
caps/nsScriptSecurityManager.cpp
caps/nsScriptSecurityManager.h
caps/tests/gtest/TestOriginAttributes.cpp
docshell/base/LoadContext.cpp
docshell/base/LoadContext.h
docshell/base/SerializedLoadContext.h
docshell/base/nsDocShell.cpp
docshell/base/nsDocShell.h
docshell/base/nsILoadContext.idl
dom/base/ChromeUtils.cpp
dom/base/nsFrameLoader.cpp
dom/base/nsFrameLoader.h
dom/base/nsGlobalWindow.cpp
dom/cache/DBSchema.cpp
dom/datastore/DataStoreService.cpp
dom/ipc/AppProcessChecker.cpp
dom/ipc/ContentChild.cpp
dom/ipc/TabContext.cpp
dom/ipc/TabContext.h
dom/quota/ActorsParent.cpp
dom/webidl/ChromeUtils.webidl
dom/workers/PServiceWorkerManager.ipdl
dom/workers/ServiceWorkerManager.cpp
dom/workers/ServiceWorkerManager.h
dom/workers/ServiceWorkerManagerChild.cpp
dom/workers/ServiceWorkerManagerChild.h
dom/workers/ServiceWorkerManagerParent.cpp
dom/workers/ServiceWorkerManagerParent.h
dom/workers/ServiceWorkerManagerService.cpp
dom/workers/ServiceWorkerManagerService.h
dom/workers/ServiceWorkerPrivate.cpp
dom/workers/ServiceWorkerRegistrar.cpp
dom/workers/test/gtest/TestReadWrite.cpp
extensions/cookie/nsPermission.cpp
extensions/cookie/nsPermissionManager.cpp
gfx/thebes/gfxSVGGlyphs.cpp
ipc/glue/BackgroundUtils.h
ipc/glue/PBackgroundSharedTypes.ipdlh
js/xpconnect/src/Sandbox.cpp
netwerk/base/LoadContextInfo.cpp
netwerk/base/LoadContextInfo.h
netwerk/base/LoadInfo.cpp
netwerk/base/LoadInfo.h
netwerk/base/Predictor.cpp
netwerk/base/nsILoadContextInfo.idl
netwerk/base/nsILoadInfo.idl
netwerk/base/nsNetUtil.cpp
netwerk/base/nsNetUtil.h
netwerk/cache/nsApplicationCacheService.cpp
netwerk/cache/nsDiskCacheDeviceSQL.cpp
netwerk/cache/nsDiskCacheDeviceSQL.h
netwerk/cache2/AppCacheStorage.cpp
netwerk/cache2/CacheFileMetadata.h
netwerk/cache2/CacheFileUtils.cpp
netwerk/cache2/CacheObserver.cpp
netwerk/cache2/OldWrappers.cpp
netwerk/cookie/CookieServiceParent.cpp
netwerk/cookie/CookieServiceParent.h
netwerk/cookie/nsCookieService.cpp
netwerk/cookie/nsCookieService.h
netwerk/ipc/NeckoChannelParams.ipdlh
netwerk/ipc/NeckoParent.cpp
netwerk/ipc/NeckoParent.h
netwerk/protocol/http/HttpChannelParent.cpp
netwerk/protocol/http/PackagedAppService.cpp
netwerk/protocol/http/PackagedAppVerifier.cpp
netwerk/protocol/http/nsHttpAuthCache.cpp
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
netwerk/protocol/wyciwyg/nsWyciwygChannel.h
netwerk/test/mochitests/mochitest.ini
netwerk/test/mochitests/signed_web_packaged_app.sjs
netwerk/test/mochitests/test_origin_attributes_conversion.html
netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
toolkit/components/downloads/ApplicationReputation.cpp
toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
uriloader/prefetch/OfflineCacheUpdateParent.cpp
uriloader/prefetch/OfflineCacheUpdateParent.h
uriloader/prefetch/nsOfflineCacheUpdateService.cpp
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -23,36 +23,84 @@
 #include "mozilla/dom/quota/QuotaManager.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/URLSearchParams.h"
 
 namespace mozilla {
 
 using dom::URLParams;
 
-void OriginAttributes::InheritFromDocShellParent(const OriginAttributes& aParent)
+void
+PrincipalOriginAttributes::InheritFromDocShellToDoc(const DocShellOriginAttributes& aAttrs,
+                                                    const nsIURI* aURI)
 {
-  mAppId = aParent.mAppId;
-  mInBrowser = aParent.mInBrowser;
-  mUserContextId = aParent.mUserContextId;
-  mSignedPkg = aParent.mSignedPkg;
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225349 - PrincipalOriginAttributes should inherit mSignedPkg
+  // accordingly by URI
+  mSignedPkg = aAttrs.mSignedPkg;
+}
+
+void
+PrincipalOriginAttributes::InheritFromNecko(const NeckoOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+  mSignedPkg = aAttrs.mSignedPkg;
 }
 
-bool OriginAttributes::CopyFromLoadContext(nsILoadContext* aLoadContext)
+void
+DocShellOriginAttributes::InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs)
 {
-  OriginAttributes attrs;
-  bool result = aLoadContext->GetOriginAttributes(attrs);
-  NS_ENSURE_TRUE(result, false);
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
+  mSignedPkg = aAttrs.mSignedPkg;
+}
+
+void
+NeckoOriginAttributes::InheritFromDocToNecko(const PrincipalOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
 
-  mAppId = attrs.mAppId;
-  mInBrowser = attrs.mInBrowser;
-  mAddonId = attrs.mAddonId;
-  mUserContextId = attrs.mUserContextId;
-  mSignedPkg = attrs.mSignedPkg;
-  return true;
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
+}
+
+void
+NeckoOriginAttributes::InheritFromDocShellToNecko(const DocShellOriginAttributes& aAttrs)
+{
+  mAppId = aAttrs.mAppId;
+  mInBrowser = aAttrs.mInBrowser;
+
+  // addonId is computed from the principal URI and never propagated
+  mUserContextId = aAttrs.mUserContextId;
+
+  // TODO:
+  // Bug 1225353 - DocShell/NeckoOriginAttributes should inherit
+  // mSignedPkg accordingly by mSignedPkgInBrowser
 }
 
 void
 OriginAttributes::CreateSuffix(nsACString& aStr) const
 {
   UniquePtr<URLParams> params(new URLParams());
   nsAutoString value;
 
@@ -449,17 +497,17 @@ BasePrincipal::GetIsInBrowserElement(boo
 NS_IMETHODIMP
 BasePrincipal::GetUnknownAppId(bool* aUnknownAppId)
 {
   *aUnknownAppId = AppId() == nsIScriptSecurityManager::UNKNOWN_APP_ID;
   return NS_OK;
 }
 
 already_AddRefed<BasePrincipal>
-BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const OriginAttributes& aAttrs)
+BasePrincipal::CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttributes& aAttrs)
 {
   // If the URI is supposed to inherit the security context of whoever loads it,
   // we shouldn't make a codebase principal for it.
   bool inheritsPrincipal;
   nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
                                     &inheritsPrincipal);
   nsCOMPtr<nsIPrincipal> principal;
   if (NS_FAILED(rv) || inheritsPrincipal) {
@@ -490,17 +538,17 @@ BasePrincipal::CreateCodebasePrincipal(c
 {
   MOZ_ASSERT(!StringBeginsWith(aOrigin, NS_LITERAL_CSTRING("[")),
              "CreateCodebasePrincipal does not support System and Expanded principals");
 
   MOZ_ASSERT(!StringBeginsWith(aOrigin, NS_LITERAL_CSTRING(NS_NULLPRINCIPAL_SCHEME ":")),
              "CreateCodebasePrincipal does not support nsNullPrincipal");
 
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return nullptr;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -9,81 +9,138 @@
 
 #include "nsIPrincipal.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsJSPrincipals.h"
 
 #include "mozilla/dom/ChromeUtilsBinding.h"
 
 class nsIContentSecurityPolicy;
-class nsILoadContext;
 class nsIObjectOutputStream;
 class nsIObjectInputStream;
+class nsIURI;
 
 class nsExpandedPrincipal;
 
 namespace mozilla {
 
+// Base OriginAttributes class. This has several subclass flavors, and is not
+// directly constructable itself.
 class OriginAttributes : public dom::OriginAttributesDictionary
 {
 public:
-  OriginAttributes() {}
-  OriginAttributes(uint32_t aAppId, bool aInBrowser)
-  {
-    mAppId = aAppId;
-    mInBrowser = aInBrowser;
-  }
-  explicit OriginAttributes(const OriginAttributesDictionary& aOther)
-    : OriginAttributesDictionary(aOther) {}
-
   bool operator==(const OriginAttributes& aOther) const
   {
     return mAppId == aOther.mAppId &&
            mInBrowser == aOther.mInBrowser &&
            mAddonId == aOther.mAddonId &&
            mUserContextId == aOther.mUserContextId &&
            mSignedPkg == aOther.mSignedPkg;
   }
   bool operator!=(const OriginAttributes& aOther) const
   {
     return !(*this == aOther);
   }
 
-  // The docshell often influences the origin attributes of content loaded
-  // inside of it, and in some cases also influences the origin attributes of
-  // content loaded in child docshells. We say that a given attribute "lives on
-  // the docshell" to indicate that this attribute is specified by the docshell
-  // (if any) associated with a given content document.
-  //
-  // In practice, this usually means that we need to store a copy of those
-  // attributes on each docshell, or provide methods on the docshell to compute
-  // them on-demand.
-  // We could track each of these attributes individually, but since the
-  // majority of the existing origin attributes currently live on the docshell,
-  // it's cleaner to simply store an entire OriginAttributes struct on each
-  // docshell, and selectively copy them to child docshells and content
-  // principals in a manner that implements our desired semantics.
-  //
-  // This method is used to propagate attributes from parent to child
-  // docshells.
-  void InheritFromDocShellParent(const OriginAttributes& aParent);
-
-  // Copy from the origin attributes of the nsILoadContext.
-  bool CopyFromLoadContext(nsILoadContext* aLoadContext);
-
   // Serializes/Deserializes non-default values into the suffix format, i.e.
   // |!key1=value1&key2=value2|. If there are no non-default attributes, this
   // returns an empty string.
   void CreateSuffix(nsACString& aStr) const;
   bool PopulateFromSuffix(const nsACString& aStr);
 
   // Populates the attributes from a string like
   // |uri!key1=value1&key2=value2| and returns the uri without the suffix.
   bool PopulateFromOrigin(const nsACString& aOrigin,
                           nsACString& aOriginNoSuffix);
+
+protected:
+  OriginAttributes() {}
+  explicit OriginAttributes(const OriginAttributesDictionary& aOther)
+    : OriginAttributesDictionary(aOther) {}
+};
+
+class PrincipalOriginAttributes;
+class DocShellOriginAttributes;
+class NeckoOriginAttributes;
+
+// Various classes in Gecko contain OriginAttributes members, and those
+// OriginAttributes get propagated to other classes according to certain rules.
+// For example, the OriginAttributes on the docshell affect the OriginAttributes
+// for the principal of a document loaded inside it, whose OriginAttributes in
+// turn affect those of network loads and child docshells. To codify and
+// centralize these rules, we introduce separate subclasses for the different
+// flavors, and a variety of InheritFrom* methods to implement the transfer
+// behavior.
+
+// For OriginAttributes stored on principals.
+class PrincipalOriginAttributes : public OriginAttributes
+{
+public:
+  PrincipalOriginAttributes() {}
+  PrincipalOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from docshell to document when user navigates.
+  //
+  // @param aAttrs  Origin Attributes of the docshell.
+  // @param aURI    The URI of the document.
+  void InheritFromDocShellToDoc(const DocShellOriginAttributes& aAttrs,
+                                const nsIURI* aURI);
+
+  // Inherit OriginAttributes from Necko.
+  void InheritFromNecko(const NeckoOriginAttributes& aAttrs);
+};
+
+// For OriginAttributes stored on docshells / loadcontexts / browsing contexts.
+class DocShellOriginAttributes : public OriginAttributes
+{
+public:
+  DocShellOriginAttributes() {}
+  DocShellOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from document to child docshell when an
+  // <iframe> is created.
+  //
+  // @param aAttrs  Origin Attributes of the document.
+  void
+  InheritFromDocToChildDocShell(const PrincipalOriginAttributes& aAttrs);
+};
+
+// For OriginAttributes stored on Necko.
+class NeckoOriginAttributes : public OriginAttributes
+{
+public:
+  NeckoOriginAttributes() {}
+  NeckoOriginAttributes(uint32_t aAppId, bool aInBrowser)
+  {
+    mAppId = aAppId;
+    mInBrowser = aInBrowser;
+  }
+
+  // Inheriting OriginAttributes from document to necko when a network request
+  // is made.
+  void InheritFromDocToNecko(const PrincipalOriginAttributes& aAttrs);
+
+  void InheritFromDocShellToNecko(const DocShellOriginAttributes& aAttrs);
+};
+
+// For operating on OriginAttributes not associated with any data structure.
+class GenericOriginAttributes : public OriginAttributes
+{
+public:
+  GenericOriginAttributes() {}
+  explicit GenericOriginAttributes(const OriginAttributesDictionary& aOther)
+    : OriginAttributes(aOther) {}
 };
 
 class OriginAttributesPattern : public dom::OriginAttributesPatternDictionary
 {
 public:
   // To convert a JSON string to an OriginAttributesPattern, do the following:
   //
   // OriginAttributesPattern pattern;
@@ -163,20 +220,20 @@ public:
   NS_IMETHOD GetUserContextId(uint32_t* aUserContextId) final;
 
   virtual bool IsOnCSSUnprefixingWhitelist() override { return false; }
 
   virtual bool IsCodebasePrincipal() const { return false; };
 
   static BasePrincipal* Cast(nsIPrincipal* aPrin) { return static_cast<BasePrincipal*>(aPrin); }
   static already_AddRefed<BasePrincipal>
-  CreateCodebasePrincipal(nsIURI* aURI, const OriginAttributes& aAttrs);
+  CreateCodebasePrincipal(nsIURI* aURI, const PrincipalOriginAttributes& aAttrs);
   static already_AddRefed<BasePrincipal> CreateCodebasePrincipal(const nsACString& aOrigin);
 
-  const OriginAttributes& OriginAttributesRef() { return mOriginAttributes; }
+  const PrincipalOriginAttributes& OriginAttributesRef() { return mOriginAttributes; }
   uint32_t AppId() const { return mOriginAttributes.mAppId; }
   uint32_t UserContextId() const { return mOriginAttributes.mUserContextId; }
   bool IsInBrowserElement() const { return mOriginAttributes.mInBrowser; }
 
   enum PrincipalKind {
     eNullPrincipal,
     eCodebasePrincipal,
     eExpandedPrincipal,
@@ -198,14 +255,14 @@ protected:
   friend class ::nsExpandedPrincipal;
 
   // Helper to check whether this principal is associated with an addon that
   // allows unprivileged code to load aURI.
   bool AddonAllowsLoad(nsIURI* aURI);
 
   nsCOMPtr<nsIContentSecurityPolicy> mCSP;
   nsCOMPtr<nsIContentSecurityPolicy> mPreloadCSP;
-  OriginAttributes mOriginAttributes;
+  PrincipalOriginAttributes mOriginAttributes;
 };
 
 } // namespace mozilla
 
 #endif /* mozilla_BasePrincipal_h */
--- a/caps/nsJSPrincipals.cpp
+++ b/caps/nsJSPrincipals.cpp
@@ -155,17 +155,17 @@ nsJSPrincipals::ReadKnownPrincipalType(J
         }
 
         nsAutoCString spec;
         spec.SetLength(specLength);
         if (!JS_ReadBytes(aReader, spec.BeginWriting(), specLength)) {
             return false;
         }
 
-        OriginAttributes attrs;
+        PrincipalOriginAttributes attrs;
         attrs.PopulateFromSuffix(suffix);
         info = ContentPrincipalInfo(attrs, spec);
     }
 
     nsresult rv;
     nsCOMPtr<nsIPrincipal> prin = PrincipalInfoToPrincipal(info, &rv);
     if (NS_WARN_IF(NS_FAILED(rv))) {
         xpc::Throw(aCx, NS_ERROR_DOM_DATA_CLONE_ERR);
--- a/caps/nsNullPrincipal.cpp
+++ b/caps/nsNullPrincipal.cpp
@@ -39,27 +39,27 @@ NS_IMPL_CI_INTERFACE_GETTER(nsNullPrinci
 nsNullPrincipal::CreateWithInheritedAttributes(nsIPrincipal* aInheritFrom)
 {
   RefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
   nsresult rv = nullPrin->Init(Cast(aInheritFrom)->OriginAttributesRef());
   return NS_SUCCEEDED(rv) ? nullPrin.forget() : nullptr;
 }
 
 /* static */ already_AddRefed<nsNullPrincipal>
-nsNullPrincipal::Create(const OriginAttributes& aOriginAttributes)
+nsNullPrincipal::Create(const PrincipalOriginAttributes& aOriginAttributes)
 {
   RefPtr<nsNullPrincipal> nullPrin = new nsNullPrincipal();
   nsresult rv = nullPrin->Init(aOriginAttributes);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
   return nullPrin.forget();
 }
 
 nsresult
-nsNullPrincipal::Init(const OriginAttributes& aOriginAttributes)
+nsNullPrincipal::Init(const PrincipalOriginAttributes& aOriginAttributes)
 {
   mOriginAttributes = aOriginAttributes;
 
   mURI = nsNullPrincipalURI::Create();
   NS_ENSURE_TRUE(mURI, NS_ERROR_NOT_AVAILABLE);
 
   return NS_OK;
 }
--- a/caps/nsNullPrincipal.h
+++ b/caps/nsNullPrincipal.h
@@ -47,19 +47,19 @@ public:
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   nsresult GetOriginInternal(nsACString& aOrigin) override;
 
   // Returns null on failure.
   static already_AddRefed<nsNullPrincipal> CreateWithInheritedAttributes(nsIPrincipal *aInheritFrom);
 
   // Returns null on failure.
   static already_AddRefed<nsNullPrincipal>
-    Create(const mozilla::OriginAttributes& aOriginAttributes = mozilla::OriginAttributes());
+  Create(const mozilla::PrincipalOriginAttributes& aOriginAttributes = mozilla::PrincipalOriginAttributes());
 
-  nsresult Init(const mozilla::OriginAttributes& aOriginAttributes = mozilla::OriginAttributes());
+  nsresult Init(const mozilla::PrincipalOriginAttributes& aOriginAttributes = mozilla::PrincipalOriginAttributes());
 
   virtual void GetScriptLocation(nsACString &aStr) override;
 
   PrincipalKind Kind() override { return eNullPrincipal; }
 
  protected:
   virtual ~nsNullPrincipal() {}
 
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -80,17 +80,17 @@ nsPrincipal::~nsPrincipal()
 { 
   // let's clear the principal within the csp to avoid a tangling pointer
   if (mCSP) {
     static_cast<nsCSPContext*>(mCSP.get())->clearLoadingPrincipal();
   }
 }
 
 nsresult
-nsPrincipal::Init(nsIURI *aCodebase, const OriginAttributes& aOriginAttributes)
+nsPrincipal::Init(nsIURI *aCodebase, const PrincipalOriginAttributes& aOriginAttributes)
 {
   NS_ENSURE_STATE(!mInitialized);
   NS_ENSURE_ARG(aCodebase);
 
   mInitialized = true;
 
   mCodebase = NS_TryToMakeImmutable(aCodebase);
   mCodebaseImmutable = URIIsImmutable(mCodebase);
@@ -386,17 +386,17 @@ nsPrincipal::Read(nsIObjectInputStream* 
   }
 
   domain = do_QueryInterface(supports);
 
   nsAutoCString suffix;
   rv = aStream->ReadCString(suffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   bool ok = attrs.PopulateFromSuffix(suffix);
   NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
 
   rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   NS_ENSURE_SUCCESS(rv, rv);
 
   // This may be null.
   nsCOMPtr<nsIContentSecurityPolicy> csp = do_QueryInterface(supports, &rv);
--- a/caps/nsPrincipal.h
+++ b/caps/nsPrincipal.h
@@ -29,17 +29,17 @@ public:
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   virtual bool IsOnCSSUnprefixingWhitelist() override;
   bool IsCodebasePrincipal() const override { return true; }
   nsresult GetOriginInternal(nsACString& aOrigin) override;
 
   nsPrincipal();
 
   // Init() must be called before the principal is in a usable state.
-  nsresult Init(nsIURI* aCodebase, const mozilla::OriginAttributes& aOriginAttributes);
+  nsresult Init(nsIURI* aCodebase, const mozilla::PrincipalOriginAttributes& aOriginAttributes);
 
   virtual void GetScriptLocation(nsACString& aStr) override;
   void SetURI(nsIURI* aURI);
 
   /**
    * Computes the puny-encoded origin of aURI.
    */
   static nsresult GetOriginForURI(nsIURI* aURI, nsACString& aOrigin);
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -286,17 +286,17 @@ nsScriptSecurityManager::AppStatusForPri
                       nsIPrincipal::APP_STATUS_NOT_INSTALLED);
     nsCOMPtr<nsIURI> appURI;
     NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(appURI), appOrigin),
                       nsIPrincipal::APP_STATUS_NOT_INSTALLED);
 
     // The app could contain a cross-origin iframe - make sure that the content
     // is actually same-origin with the app.
     MOZ_ASSERT(inMozBrowser == false, "Checked this above");
-    OriginAttributes attrs(appId, false);
+    PrincipalOriginAttributes attrs(appId, false);
     nsCOMPtr<nsIPrincipal> appPrin = BasePrincipal::CreateCodebasePrincipal(appURI, attrs);
     NS_ENSURE_TRUE(appPrin, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
     return aPrin->Equals(appPrin) ? status
                                   : nsIPrincipal::APP_STATUS_NOT_INSTALLED;
 }
 
 /*
  * GetChannelResultPrincipal will return the principal that the resource
@@ -357,17 +357,17 @@ nsScriptSecurityManager::GetChannelResul
                 return NS_OK;
             }
         }
     }
     return GetChannelURIPrincipal(aChannel, aPrincipal);
 }
 
 nsresult
-nsScriptSecurityManager::MaybeSetAddonIdFromURI(OriginAttributes& aAttrs, nsIURI* aURI)
+nsScriptSecurityManager::MaybeSetAddonIdFromURI(PrincipalOriginAttributes& aAttrs, nsIURI* aURI)
 {
   nsAutoCString scheme;
   nsresult rv = aURI->GetScheme(scheme);
   NS_ENSURE_SUCCESS(rv, rv);
   if (scheme.EqualsLiteral("moz-extension") && GetAddonPolicyService()) {
     rv = GetAddonPolicyService()->ExtensionURIToAddonId(aURI, aAttrs.mAddonId);
     NS_ENSURE_SUCCESS(rv, rv);
   }
@@ -400,17 +400,18 @@ nsScriptSecurityManager::GetChannelURIPr
 
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(aChannel, loadContext);
 
     if (loadContext) {
         return GetLoadContextCodebasePrincipal(uri, loadContext, aPrincipal);
     }
 
-    OriginAttributes attrs(UNKNOWN_APP_ID, false);
+    //TODO: Bug 1211590. inherit Origin Attributes from LoadInfo.
+    PrincipalOriginAttributes attrs(UNKNOWN_APP_ID, false);
     rv = MaybeSetAddonIdFromURI(attrs, uri);
     NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     prin.forget(aPrincipal);
     return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
@@ -1003,44 +1004,44 @@ nsScriptSecurityManager::GetSystemPrinci
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetSimpleCodebasePrincipal(nsIURI* aURI,
                                                     nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs(UNKNOWN_APP_ID, false);
+  PrincipalOriginAttributes attrs(UNKNOWN_APP_ID, false);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetNoAppCodebasePrincipal(nsIURI* aURI,
                                                    nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs(NO_APP_ID, false);
+  PrincipalOriginAttributes attrs(NO_APP_ID, false);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetCodebasePrincipal(nsIURI* aURI,
                                               nsIPrincipal** aPrincipal)
 {
   return GetNoAppCodebasePrincipal(aURI, aPrincipal);
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CreateCodebasePrincipal(nsIURI* aURI, JS::Handle<JS::Value> aOriginAttributes,
                                                  JSContext* aCx, nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
       return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
@@ -1060,17 +1061,17 @@ nsScriptSecurityManager::CreateCodebaseP
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CreateNullPrincipal(JS::Handle<JS::Value> aOriginAttributes,
                                              JSContext* aCx, nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
       return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = nsNullPrincipal::Create(attrs);
   NS_ENSURE_TRUE(prin, NS_ERROR_FAILURE);
   prin.forget(aPrincipal);
   return NS_OK;
 }
@@ -1094,48 +1095,49 @@ NS_IMETHODIMP
 nsScriptSecurityManager::GetAppCodebasePrincipal(nsIURI* aURI,
                                                  uint32_t aAppId,
                                                  bool aInMozBrowser,
                                                  nsIPrincipal** aPrincipal)
 {
   NS_ENSURE_TRUE(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID,
                  NS_ERROR_INVALID_ARG);
 
-  OriginAttributes attrs(aAppId, aInMozBrowser);
+  PrincipalOriginAttributes attrs(aAppId, aInMozBrowser);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::
   GetLoadContextCodebasePrincipal(nsIURI* aURI,
                                   nsILoadContext* aLoadContext,
                                   nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
-  bool result = attrs.CopyFromLoadContext(aLoadContext);
+  DocShellOriginAttributes docShellAttrs;
+  bool result = aLoadContext->GetOriginAttributes(docShellAttrs);;
   NS_ENSURE_TRUE(result, NS_ERROR_FAILURE);
 
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(docShellAttrs, aURI);
+
   nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::GetDocShellCodebasePrincipal(nsIURI* aURI,
                                                       nsIDocShell* aDocShell,
                                                       nsIPrincipal** aPrincipal)
 {
-  OriginAttributes attrs;
-  nsDocShell* docShell= nsDocShell::Cast(aDocShell);
-  bool result = attrs.CopyFromLoadContext(docShell);
-  NS_ENSURE_TRUE(result, NS_ERROR_FAILURE);
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(nsDocShell::Cast(aDocShell)->GetOriginAttributes(), aURI);
 
   nsresult rv = MaybeSetAddonIdFromURI(attrs, aURI);
   NS_ENSURE_SUCCESS(rv, rv);
   nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -23,17 +23,17 @@
 #include <stdint.h>
 
 class nsCString;
 class nsIIOService;
 class nsIStringBundle;
 class nsSystemPrincipal;
 
 namespace mozilla {
-class OriginAttributes;
+class PrincipalOriginAttributes;
 } // namespace mozilla
 
 /////////////////////////////
 // nsScriptSecurityManager //
 /////////////////////////////
 #define NS_SCRIPTSECURITYMANAGER_CID \
 { 0x7ee2a4c0, 0x4b93, 0x17d3, \
 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
@@ -116,17 +116,17 @@ private:
 
     inline void
     ScriptSecurityPrefChanged();
 
     inline void
     AddSitesToFileURIWhitelist(const nsCString& aSiteList);
 
     // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
-    nsresult MaybeSetAddonIdFromURI(mozilla::OriginAttributes& aAttrs, nsIURI* aURI);
+    nsresult MaybeSetAddonIdFromURI(mozilla::PrincipalOriginAttributes& aAttrs, nsIURI* aURI);
 
     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     bool mPrefInitialized;
     bool mIsJavaScriptEnabled;
     nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;
 
     // This machinery controls new-style domain policies. The old-style
     // policy machinery will be removed soon.
--- a/caps/tests/gtest/TestOriginAttributes.cpp
+++ b/caps/tests/gtest/TestOriginAttributes.cpp
@@ -1,37 +1,37 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "gtest/gtest.h"
 #include "mozilla/BasePrincipal.h"
 
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 
 static void
-TestSuffix(const OriginAttributes& attrs)
+TestSuffix(const PrincipalOriginAttributes& attrs)
 {
   nsAutoCString suffix;
   attrs.CreateSuffix(suffix);
 
-  OriginAttributes attrsFromSuffix;
+  PrincipalOriginAttributes attrsFromSuffix;
   attrsFromSuffix.PopulateFromSuffix(suffix);
 
   EXPECT_EQ(attrs, attrsFromSuffix);
 }
 
-TEST(OriginAttributes, Suffix_default)
+TEST(PrincipalOriginAttributes, Suffix_default)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   TestSuffix(attrs);
 }
 
-TEST(OriginAttributes, Suffix_appId_inBrowser)
+TEST(PrincipalOriginAttributes, Suffix_appId_inBrowser)
 {
-  OriginAttributes attrs(1, true);
+  PrincipalOriginAttributes attrs(1, true);
   TestSuffix(attrs);
 }
 
-TEST(OriginAttributes, Suffix_maxAppId_inBrowser)
+TEST(PrincipalOriginAttributes, Suffix_maxAppId_inBrowser)
 {
-  OriginAttributes attrs(4294967295, true);
+  PrincipalOriginAttributes attrs(4294967295, true);
   TestSuffix(attrs);
 }
--- a/docshell/base/LoadContext.cpp
+++ b/docshell/base/LoadContext.cpp
@@ -18,17 +18,18 @@ LoadContext::LoadContext(nsIPrincipal* a
   , mNestedFrameId(0)
   , mIsContent(true)
   , mUsePrivateBrowsing(false)
   , mUseRemoteTabs(false)
 #ifdef DEBUG
   , mIsNotNull(true)
 #endif
 {
-  mOriginAttributes = BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  PrincipalOriginAttributes poa = BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  mOriginAttributes = DocShellOriginAttributes(poa.mAppId, poa.mInBrowser);
 
   if (!aOptionalBase) {
     return;
   }
 
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(aOptionalBase->GetIsContent(&mIsContent)));
   MOZ_ALWAYS_TRUE(
     NS_SUCCEEDED(aOptionalBase->GetUsePrivateBrowsing(&mUsePrivateBrowsing)));
--- a/docshell/base/LoadContext.h
+++ b/docshell/base/LoadContext.h
@@ -38,51 +38,51 @@ public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSILOADCONTEXT
   NS_DECL_NSIINTERFACEREQUESTOR
 
   // AppId/inBrowser arguments override those in SerializedLoadContext provided
   // by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               dom::Element* aTopFrameElement,
-              OriginAttributes& aAttrs)
+              DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(do_GetWeakReference(aTopFrameElement))
     , mNestedFrameId(0)
     , mIsContent(aToCopy.mIsContent)
     , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
     , mUseRemoteTabs(aToCopy.mUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(aToCopy.mIsNotNull)
 #endif
   {
   }
 
   // AppId/inBrowser arguments override those in SerializedLoadContext provided
   // by child process.
   LoadContext(const IPC::SerializedLoadContext& aToCopy,
               uint64_t aNestedFrameId,
-              OriginAttributes& aAttrs)
+              DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(nullptr)
     , mNestedFrameId(aNestedFrameId)
     , mIsContent(aToCopy.mIsContent)
     , mUsePrivateBrowsing(aToCopy.mUsePrivateBrowsing)
     , mUseRemoteTabs(aToCopy.mUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(aToCopy.mIsNotNull)
 #endif
   {
   }
 
   LoadContext(dom::Element* aTopFrameElement,
               bool aIsContent,
               bool aUsePrivateBrowsing,
               bool aUseRemoteTabs,
-              const OriginAttributes& aAttrs)
+              const DocShellOriginAttributes& aAttrs)
     : mTopFrameElement(do_GetWeakReference(aTopFrameElement))
     , mNestedFrameId(0)
     , mIsContent(aIsContent)
     , mUsePrivateBrowsing(aUsePrivateBrowsing)
     , mUseRemoteTabs(aUseRemoteTabs)
     , mOriginAttributes(aAttrs)
 #ifdef DEBUG
     , mIsNotNull(true)
@@ -112,17 +112,17 @@ public:
 private:
   ~LoadContext() {}
 
   nsWeakPtr mTopFrameElement;
   uint64_t mNestedFrameId;
   bool mIsContent;
   bool mUsePrivateBrowsing;
   bool mUseRemoteTabs;
-  OriginAttributes mOriginAttributes;
+  DocShellOriginAttributes mOriginAttributes;
 #ifdef DEBUG
   bool mIsNotNull;
 #endif
 };
 
 } // namespace mozilla
 
 #endif // LoadContext_h
--- a/docshell/base/SerializedLoadContext.h
+++ b/docshell/base/SerializedLoadContext.h
@@ -44,17 +44,17 @@ public:
   // used to indicate if child-side LoadContext * was null.
   bool mIsNotNull;
   // used to indicate if child-side mUsePrivateBrowsing flag is valid, even if
   // mIsNotNull is false, i.e., child LoadContext was null.
   bool mIsPrivateBitValid;
   bool mIsContent;
   bool mUsePrivateBrowsing;
   bool mUseRemoteTabs;
-  mozilla::OriginAttributes mOriginAttributes;
+  mozilla::DocShellOriginAttributes mOriginAttributes;
 };
 
 // Function to serialize over IPDL
 template<>
 struct ParamTraits<SerializedLoadContext>
 {
   typedef SerializedLoadContext paramType;
 
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -9457,17 +9457,18 @@ nsDocShell::JustStartedNetworkLoad()
 {
   return mDocumentRequest && mDocumentRequest != GetCurrentDocChannel();
 }
 
 nsresult
 nsDocShell::CreatePrincipalFromReferrer(nsIURI* aReferrer,
                                         nsIPrincipal** aResult)
 {
-  OriginAttributes attrs = GetOriginAttributes();
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(GetOriginAttributes(), aReferrer);
   nsCOMPtr<nsIPrincipal> prin =
     BasePrincipal::CreateCodebasePrincipal(aReferrer, attrs);
   prin.forget(aResult);
 
   return *aResult ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
@@ -13820,47 +13821,49 @@ nsDocShell::GetAppId(uint32_t* aAppId)
   if (!parent) {
     *aAppId = nsIScriptSecurityManager::NO_APP_ID;
     return NS_OK;
   }
 
   return parent->GetAppId(aAppId);
 }
 
-OriginAttributes
+DocShellOriginAttributes
 nsDocShell::GetOriginAttributes()
 {
-  OriginAttributes attrs;
+  DocShellOriginAttributes attrs;
   RefPtr<nsDocShell> parent = GetParentDocshell();
   if (parent) {
-    attrs.InheritFromDocShellParent(parent->GetOriginAttributes());
+    nsCOMPtr<nsIPrincipal> parentPrin = parent->GetDocument()->NodePrincipal();
+    PrincipalOriginAttributes poa = BasePrincipal::Cast(parentPrin)->OriginAttributesRef();
+    attrs.InheritFromDocToChildDocShell(poa);
+  } else {
+    // This is the topmost docshell, so we get the mSignedPkg attribute if it is
+    // set before.
+    attrs.mSignedPkg = mSignedPkg;
   }
 
   if (mOwnOrContainingAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID) {
     attrs.mAppId = mOwnOrContainingAppId;
   }
 
   if (mFrameType == eFrameTypeBrowser) {
     attrs.mInBrowser = true;
   }
 
-  // Bug 1209162 will address the inheritance of each attributes.
-  attrs.mSignedPkg = mSignedPkg;
-
   return attrs;
 }
 
 NS_IMETHODIMP
 nsDocShell::GetOriginAttributes(JS::MutableHandle<JS::Value> aVal)
 {
   JSContext* cx = nsContentUtils::GetCurrentJSContext();
   MOZ_ASSERT(cx);
 
-  OriginAttributes attrs = GetOriginAttributes();
-  bool ok = ToJSValue(cx, attrs, aVal);
+  bool ok = ToJSValue(cx, GetOriginAttributes(), aVal);
   NS_ENSURE_TRUE(ok, NS_ERROR_FAILURE);
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDocShell::GetAppManifestURL(nsAString& aAppManifestURL)
 {
   uint32_t appId = nsIDocShell::GetAppId();
@@ -14049,17 +14052,18 @@ nsDocShell::ShouldPrepareForIntercept(ns
 
       if (isThirdPartyURI) {
         return NS_OK;
       }
     }
   }
 
   if (aIsNonSubresourceRequest) {
-    OriginAttributes attrs(GetAppId(), GetIsInBrowserElement());
+    PrincipalOriginAttributes attrs;
+    attrs.InheritFromDocShellToDoc(GetOriginAttributes(), aURI);
     *aShouldIntercept = swm->IsAvailable(attrs, aURI);
     return NS_OK;
   }
 
   nsCOMPtr<nsIDocument> doc = GetDocument();
   if (!doc) {
     return NS_ERROR_NOT_AVAILABLE;
   }
@@ -14140,17 +14144,22 @@ nsDocShell::ChannelIntercepted(nsIInterc
     doc = GetDocument();
     if (!doc) {
       return NS_ERROR_NOT_AVAILABLE;
     }
   }
 
   bool isReload = mLoadType & LOAD_CMD_RELOAD;
 
-  OriginAttributes attrs(GetAppId(), GetIsInBrowserElement());
+  nsCOMPtr<nsIURI> uri;
+  rv = channel->GetURI(getter_AddRefs(uri));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromDocShellToDoc(GetOriginAttributes(), uri);
 
   ErrorResult error;
   nsCOMPtr<nsIRunnable> runnable =
     swm->PrepareFetchEvent(attrs, doc, aChannel, isReload, isSubresourceLoad, error);
   if (NS_WARN_IF(error.Failed())) {
     return error.StealNSResult();
   }
 
--- a/docshell/base/nsDocShell.h
+++ b/docshell/base/nsDocShell.h
@@ -265,17 +265,17 @@ public:
   void NotifyAsyncPanZoomStopped();
 
   void SetInFrameSwap(bool aInSwap)
   {
     mInFrameSwap = aInSwap;
   }
   bool InFrameSwap();
 
-  mozilla::OriginAttributes GetOriginAttributes();
+  mozilla::DocShellOriginAttributes GetOriginAttributes();
 
 private:
   // An observed docshell wrapper is created when recording markers is enabled.
   mozilla::UniquePtr<mozilla::ObservedDocShell> mObserved;
 
   // It is necessary to allow adding a timeline marker wherever a docshell
   // instance is available. This operation happens frequently and needs to
   // be very fast, so instead of using a Map or having to search for some
--- a/docshell/base/nsILoadContext.idl
+++ b/docshell/base/nsILoadContext.idl
@@ -6,17 +6,17 @@
 
 #include "nsISupports.idl"
 
 interface nsIDOMWindow;
 interface nsIDOMElement;
 
 %{C++
 #ifdef MOZILLA_INTERNAL_API
-#include "mozilla/BasePrincipal.h" // for OriginAttributes
+#include "mozilla/BasePrincipal.h" // for DocShellOriginAttributes
 #include "mozilla/dom/ScriptSettings.h" // for AutoJSAPI
 #include "xpcpublic.h" // for PrivilegedJunkScope
 #include "nsContentUtils.h" // for IsSystemPrincipal
 #endif
 %}
 
 /**
  * An nsILoadContext represents the context of a load.  This interface
@@ -135,33 +135,34 @@ interface nsILoadContext : nsISupports
    */
   readonly attribute jsval originAttributes;
 
 %{C++
 #ifdef MOZILLA_INTERNAL_API
   /**
    * The C++ getter for origin attributes.
    */
-  bool GetOriginAttributes(mozilla::OriginAttributes& aAttrs)
+  bool GetOriginAttributes(mozilla::DocShellOriginAttributes& aAttrs)
   {
     mozilla::dom::AutoJSAPI jsapi;
     bool ok = jsapi.Init(xpc::PrivilegedJunkScope());
     NS_ENSURE_TRUE(ok, false);
     JS::Rooted<JS::Value> v(jsapi.cx());
     nsresult rv = GetOriginAttributes(&v);
     NS_ENSURE_SUCCESS(rv, false);
     NS_ENSURE_TRUE(v.isObject(), false);
     JS::Rooted<JSObject*> obj(jsapi.cx(), &v.toObject());
 
     // If we're JS-implemented, the object will be left in a different (System-Principaled)
     // scope, so we may need to enter its compartment.
     MOZ_ASSERT(nsContentUtils::IsSystemPrincipal(nsContentUtils::ObjectPrincipal(obj)));
     JSAutoCompartment ac(jsapi.cx(), obj);
 
-    mozilla::OriginAttributes attrs;
+    mozilla::DocShellOriginAttributes attrs;
     ok = attrs.Init(jsapi.cx(), v);
     NS_ENSURE_TRUE(ok, false);
     aAttrs = attrs;
     return true;
   }
+
 #endif
 %}
 };
--- a/dom/base/ChromeUtils.cpp
+++ b/dom/base/ChromeUtils.cpp
@@ -51,24 +51,24 @@ ThreadSafeChromeUtils::NondeterministicG
 }
 
   /* static */ void
 ChromeUtils::OriginAttributesToSuffix(dom::GlobalObject& aGlobal,
                                       const dom::OriginAttributesDictionary& aAttrs,
                                       nsCString& aSuffix)
 
 {
-  OriginAttributes attrs(aAttrs);
+  GenericOriginAttributes attrs(aAttrs);
   attrs.CreateSuffix(aSuffix);
 }
 
 /* static */ bool
 ChromeUtils::OriginAttributesMatchPattern(dom::GlobalObject& aGlobal,
                                           const dom::OriginAttributesDictionary& aAttrs,
                                           const dom::OriginAttributesPatternDictionary& aPattern)
 {
-  OriginAttributes attrs(aAttrs);
+  GenericOriginAttributes attrs(aAttrs);
   OriginAttributesPattern pattern(aPattern);
   return pattern.Matches(attrs);
 }
 
 } // namespace dom
 } // namespace mozilla
--- a/dom/base/nsFrameLoader.cpp
+++ b/dom/base/nsFrameLoader.cpp
@@ -277,42 +277,34 @@ nsFrameLoader::LoadURI(nsIURI* aURI)
     mURIToLoad = nullptr;
   }
   return rv;
 }
 
 NS_IMETHODIMP
 nsFrameLoader::SwitchProcessAndLoadURI(nsIURI* aURI, const nsACString& aPackageId)
 {
-  nsCOMPtr<nsIURI> URIToLoad = aURI;
   RefPtr<TabParent> tp = nullptr;
 
-  nsCString signedPkgOrigin;
-  if (!aPackageId.IsEmpty()) {
-    // Only when aPackageId is not empty would signed package origin
-    // be meaningful.
-    nsPrincipal::GetOriginForURI(aURI, signedPkgOrigin);
-  }
-
   MutableTabContext context;
-  nsresult rv = GetNewTabContext(&context, signedPkgOrigin, aPackageId);
+  nsresult rv = GetNewTabContext(&context, aURI, aPackageId);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<Element> ownerElement = mOwnerContent;
   tp = ContentParent::CreateBrowserOrApp(context, ownerElement, nullptr);
   if (!tp) {
     return NS_ERROR_FAILURE;
   }
   mRemoteBrowserShown = false;
 
   rv = SwapRemoteBrowser(tp);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
-  LoadURI(URIToLoad);
+  LoadURI(aURI);
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsFrameLoader::SetIsPrerendered()
 {
   MOZ_ASSERT(!mDocShell, "Please call SetIsPrerendered before docShell is created");
   mIsPrerendered = true;
@@ -3036,38 +3028,45 @@ nsFrameLoader::MaybeUpdatePrimaryTabPare
                                    eIgnoreCase);
       parentTreeOwner->TabParentAdded(mRemoteBrowser, isPrimary);
     }
   }
 }
 
 nsresult
 nsFrameLoader::GetNewTabContext(MutableTabContext* aTabContext,
-                                const nsACString& aSignedPkgOriginNoSuffix,
+                                nsIURI* aURI,
                                 const nsACString& aPackageId)
 {
   nsCOMPtr<mozIApplication> ownApp = GetOwnApp();
   nsCOMPtr<mozIApplication> containingApp = GetContainingApp();
-  OriginAttributes attrs = OriginAttributes();
+  DocShellOriginAttributes attrs;
   attrs.mInBrowser = OwnerIsBrowserFrame();
 
+  nsCString signedPkgOrigin;
+  if (!aPackageId.IsEmpty()) {
+    // Only when aPackageId is not empty would signed package origin
+    // be meaningful.
+    nsPrincipal::GetOriginForURI(aURI, signedPkgOrigin);
+  }
+
   // Get the AppId from ownApp
   uint32_t appId = nsIScriptSecurityManager::NO_APP_ID;
   if (ownApp) {
     nsresult rv = ownApp->GetLocalId(&appId);
     NS_ENSURE_SUCCESS(rv, rv);
     NS_ENSURE_STATE(appId != nsIScriptSecurityManager::NO_APP_ID);
   } else if (containingApp) {
     nsresult rv = containingApp->GetLocalId(&appId);
     NS_ENSURE_SUCCESS(rv, rv);
     NS_ENSURE_STATE(appId != nsIScriptSecurityManager::NO_APP_ID);
   }
   attrs.mAppId = appId;
 
   // Populate packageId to signedPkg.
   attrs.mSignedPkg = NS_ConvertUTF8toUTF16(aPackageId);
 
-  bool tabContextUpdated = aTabContext->SetTabContext(ownApp, containingApp,
-                                                      attrs, aSignedPkgOriginNoSuffix);
+  bool tabContextUpdated =
+    aTabContext->SetTabContext(ownApp, containingApp, attrs, signedPkgOrigin);
   NS_ENSURE_STATE(tabContextUpdated);
 
   return NS_OK;
 }
--- a/dom/base/nsFrameLoader.h
+++ b/dom/base/nsFrameLoader.h
@@ -314,17 +314,17 @@ private:
 
   // Update the permission manager's app-id refcount based on mOwnerContent's
   // own-or-containing-app.
   void ResetPermissionManagerStatus();
 
   void InitializeBrowserAPI();
 
   nsresult GetNewTabContext(mozilla::dom::MutableTabContext* aTabContext,
-                            const nsACString& aSignedPkgNoSuffix = EmptyCString(),
+                            nsIURI* aURI = nullptr,
                             const nsACString& aPackageId = EmptyCString());
 
   enum TabParentChange {
     eTabParentRemoved,
     eTabParentChanged
   };
   void MaybeUpdatePrimaryTabParent(TabParentChange aChange);
 
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -256,17 +256,17 @@ class nsIScriptTimeoutHandler;
 #endif
 
 static const char kStorageEnabled[] = "dom.storage.enabled";
 
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::dom::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::TimeStamp;
 using mozilla::TimeDuration;
 using mozilla::dom::cache::CacheStorage;
 using mozilla::dom::indexedDB::IDBFactory;
 
 static LazyLogModule gDOMLeakPRLog("DOMLeak");
 
 nsGlobalWindow::WindowByIdTable *nsGlobalWindow::sWindowsById = nullptr;
@@ -7893,17 +7893,17 @@ nsGlobalWindow::PostMessageMozOuter(JSCo
     if (NS_FAILED(originURI->SetUserPass(EmptyCString())) ||
         NS_FAILED(originURI->SetPath(EmptyCString()))) {
       return;
     }
 
     nsCOMPtr<nsIPrincipal> principal = nsContentUtils::SubjectPrincipal();
     MOZ_ASSERT(principal);
 
-    OriginAttributes attrs = BasePrincipal::Cast(principal)->OriginAttributesRef();
+    PrincipalOriginAttributes attrs = BasePrincipal::Cast(principal)->OriginAttributesRef();
     // Create a nsIPrincipal inheriting the app/browser attributes from the
     // caller.
     providedPrincipal = BasePrincipal::CreateCodebasePrincipal(originURI, attrs);
     if (NS_WARN_IF(!providedPrincipal)) {
       return;
     }
   }
 
--- a/dom/cache/DBSchema.cpp
+++ b/dom/cache/DBSchema.cpp
@@ -1928,17 +1928,17 @@ ReadResponse(mozIStorageConnection* aCon
 
   nsAutoCString serializedInfo;
   rv = state->GetUTF8String(6, serializedInfo);
   if (NS_WARN_IF(NS_FAILED(rv))) { return rv; }
 
   aSavedResponseOut->mValue.principalInfo() = void_t();
   if (!serializedInfo.IsEmpty()) {
     nsAutoCString originNoSuffix;
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     if (!attrs.PopulateFromOrigin(serializedInfo, originNoSuffix)) {
       NS_WARNING("Something went wrong parsing a serialized principal!");
       return NS_ERROR_FAILURE;
     }
 
     aSavedResponseOut->mValue.principalInfo() =
       mozilla::ipc::ContentPrincipalInfo(attrs, originNoSuffix);
   }
--- a/dom/datastore/DataStoreService.cpp
+++ b/dom/datastore/DataStoreService.cpp
@@ -53,17 +53,17 @@
 
 #define ASSERT_PARENT_PROCESS()                                             \
   MOZ_ASSERT(XRE_IsParentProcess());                                        \
   if (NS_WARN_IF(!XRE_IsParentProcess())) {                                 \
     return NS_ERROR_FAILURE;                                                \
   }
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 
 namespace mozilla {
 namespace dom {
 
 using namespace indexedDB;
 
 // This class contains all the information about a DataStore.
 class DataStoreInfo
@@ -213,17 +213,17 @@ ResetPermission(uint32_t aAppId, const n
 
   nsCOMPtr<nsIURI> uri;
   rv = ioService->NewURI(NS_ConvertUTF16toUTF8(aOriginURL), nullptr, nullptr,
                          getter_AddRefs(uri));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  OriginAttributes attrs(aAppId, false);
+  PrincipalOriginAttributes attrs(aAppId, false);
   nsCOMPtr<nsIPrincipal> principal =
     BasePrincipal::CreateCodebasePrincipal(uri, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   nsCOMPtr<nsIPermissionManager> pm =
     do_GetService(NS_PERMISSIONMANAGER_CONTRACTID);
   if (!pm) {
     return NS_ERROR_FAILURE;
--- a/dom/ipc/AppProcessChecker.cpp
+++ b/dom/ipc/AppProcessChecker.cpp
@@ -149,17 +149,17 @@ CheckOriginPermission(const nsACString& 
   return nsIPermissionManager::ALLOW_ACTION == perm;
 }
 
 bool
 AssertAppProcess(TabContext& aContext,
                  AssertAppProcessType aType,
                  const char* aCapability)
 {
-  const mozilla::OriginAttributes& attr = aContext.OriginAttributesRef();
+  const mozilla::DocShellOriginAttributes& attr = aContext.OriginAttributesRef();
   nsCString suffix;
   attr.CreateSuffix(suffix);
 
   if (!aContext.SignedPkgOriginNoSuffix().IsEmpty()) {
     LOG("TabContext owning signed package origin: %s, originAttr; %s\n",
         nsCString(aContext.SignedPkgOriginNoSuffix()).get(),
         suffix.get());
   }
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -2406,17 +2406,17 @@ ContentChild::RecvAddPermission(const IP
     nsCOMPtr<nsIPermissionManager> permissionManagerIface =
         services::GetPermissionManager();
     nsPermissionManager* permissionManager =
         static_cast<nsPermissionManager*>(permissionManagerIface.get());
     MOZ_ASSERT(permissionManager,
                "We have no permissionManager in the Content process !");
 
     nsAutoCString originNoSuffix;
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     attrs.PopulateFromOrigin(permission.origin, originNoSuffix);
 
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
     NS_ENSURE_SUCCESS(rv, true);
 
     nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
 
--- a/dom/ipc/TabContext.cpp
+++ b/dom/ipc/TabContext.cpp
@@ -147,32 +147,32 @@ TabContext::SetTabContext(const TabConte
   NS_ENSURE_FALSE(mInitialized, false);
 
   *this = aContext;
   mInitialized = true;
 
   return true;
 }
 
-const OriginAttributes&
+const DocShellOriginAttributes&
 TabContext::OriginAttributesRef() const
 {
   return mOriginAttributes;
 }
 
 const nsACString&
 TabContext::SignedPkgOriginNoSuffix() const
 {
   return mSignedPkgOriginNoSuffix;
 }
 
 bool
 TabContext::SetTabContext(mozIApplication* aOwnApp,
                           mozIApplication* aAppFrameOwnerApp,
-                          const OriginAttributes& aOriginAttributes,
+                          const DocShellOriginAttributes& aOriginAttributes,
                           const nsACString& aSignedPkgOriginNoSuffix)
 {
   NS_ENSURE_FALSE(mInitialized, false);
 
   // Get ids for both apps and only write to our member variables after we've
   // verified that this worked.
   uint32_t ownAppId = NO_APP_ID;
   if (aOwnApp) {
@@ -223,17 +223,17 @@ GetAppForId(uint32_t aAppId)
 
   return app.forget();
 }
 
 MaybeInvalidTabContext::MaybeInvalidTabContext(const IPCTabContext& aParams)
   : mInvalidReason(nullptr)
 {
   uint32_t containingAppId = NO_APP_ID;
-  OriginAttributes originAttributes = OriginAttributes();
+  DocShellOriginAttributes originAttributes;
   nsAutoCString originSuffix;
   nsAutoCString signedPkgOriginNoSuffix;
 
   switch(aParams.type()) {
     case IPCTabContext::TPopupIPCTabContext: {
       const PopupIPCTabContext &ipcContext = aParams.get_PopupIPCTabContext();
 
       TabContext *context;
@@ -264,19 +264,16 @@ MaybeInvalidTabContext::MaybeInvalidTabC
 
       // Browser elements can't nest other browser elements.  So if
       // our opener is browser element, we must be a new DOM window
       // opened by it.  In that case we inherit our containing app ID
       // (if any).
       //
       // Otherwise, we're a new app window and we inherit from our
       // opener app.
-
-      // FIXME bug 1212250 - use InheritFromDocToChildDocshell instead
-      // of copying attributes directly.
       originAttributes = context->mOriginAttributes;
       if (ipcContext.isBrowserElement()) {
         containingAppId = context->OwnOrContainingAppId();
       } else {
         containingAppId = context->mContainingAppId;
       }
       break;
     }
--- a/dom/ipc/TabContext.h
+++ b/dom/ipc/TabContext.h
@@ -99,21 +99,21 @@ public:
    * frame does not have its own app, it gets the ID of the app which contains
    * this frame (i.e., the result of {Browser,App}OwnerAppId(), as applicable).
    */
   uint32_t OwnOrContainingAppId() const;
   already_AddRefed<mozIApplication> GetOwnOrContainingApp() const;
   bool HasOwnOrContainingApp() const;
 
   /**
-   * OriginAttributesRef() returns the OriginAttributes of this frame to the
+   * OriginAttributesRef() returns the DocShellOriginAttributes of this frame to the
    * caller. This is used to store any attribute associated with the frame's
    * docshell, such as the AppId.
    */
-  const OriginAttributes& OriginAttributesRef() const;
+  const DocShellOriginAttributes& OriginAttributesRef() const;
 
   /**
    * Returns the origin associated with the tab (w/o suffix) if this tab owns
    * a signed packaged content.
    */
   const nsACString& SignedPkgOriginNoSuffix() const;
 
 protected:
@@ -137,17 +137,17 @@ protected:
    * Set the TabContext for this frame. This can either be:
    *  - an app frame (with the given own app) inside the given owner app. Either
    *    apps can be null.
    *  - a browser frame inside the given owner app (which may be null).
    *  - a non-browser, non-app frame. Both own app and owner app should be null.
    */
   bool SetTabContext(mozIApplication* aOwnApp,
                      mozIApplication* aAppFrameOwnerApp,
-                     const OriginAttributes& aOriginAttributes,
+                     const DocShellOriginAttributes& aOriginAttributes,
                      const nsACString& aSignedPkgOriginNoSuffix);
 
 private:
   /**
    * Has this TabContext been initialized?  If so, mutator methods will fail.
    */
   bool mInitialized;
 
@@ -165,19 +165,19 @@ private:
   nsCOMPtr<mozIApplication> mContainingApp;
 
   /*
    * Cache of mContainingApp->GetLocalId().
    */
   uint32_t mContainingAppId;
 
   /**
-   * OriginAttributes of the top level tab docShell
+   * DocShellOriginAttributes of the top level tab docShell
    */
-  OriginAttributes mOriginAttributes;
+  DocShellOriginAttributes mOriginAttributes;
 
   /**
    * The signed package origin without suffix. Since the signed packaged
    * web content is always loaded in a separate process, it makes sense
    * that we store this immutable value in TabContext. If the TabContext
    * doesn't own a signed package, this value would be empty.
    */
   nsCString mSignedPkgOriginNoSuffix;
@@ -193,17 +193,17 @@ class MutableTabContext : public TabCont
 public:
   bool SetTabContext(const TabContext& aContext)
   {
     return TabContext::SetTabContext(aContext);
   }
 
   bool SetTabContext(mozIApplication* aOwnApp,
                      mozIApplication* aAppFrameOwnerApp,
-                     const OriginAttributes& aOriginAttributes,
+                     const DocShellOriginAttributes& aOriginAttributes,
                      const nsACString& aSignedPkgOriginNoSuffix = EmptyCString())
   {
     return TabContext::SetTabContext(aOwnApp,
                                      aAppFrameOwnerApp,
                                      aOriginAttributes,
                                      aSignedPkgOriginNoSuffix);
   }
 };
--- a/dom/quota/ActorsParent.cpp
+++ b/dom/quota/ActorsParent.cpp
@@ -5714,17 +5714,17 @@ OriginClearOp::DoInitOnMainThread()
 
   // Figure out which origin we're dealing with.
   nsCString origin;
   rv = QuotaManager::GetInfoFromPrincipal(principal, nullptr, &origin, nullptr);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
-  const mozilla::OriginAttributes& attrs =
+  const mozilla::PrincipalOriginAttributes& attrs =
     mozilla::BasePrincipal::Cast(principal)->OriginAttributesRef();
 
   nsAutoCString pattern;
   QuotaManager::GetOriginPatternString(attrs.mAppId, attrs.mInBrowser, origin,
                                        pattern);
 
   mOriginScope.SetFromPattern(pattern);
 
@@ -6178,17 +6178,17 @@ StorageDirectoryHelper::RunOnMainThread(
           return rv;
         }
 
         nsCOMPtr<nsIPrincipal> principal;
         if (originProps.mAppId == kUnknownAppId) {
           rv = secMan->GetSimpleCodebasePrincipal(uri,
                                                   getter_AddRefs(principal));
         } else {
-          OriginAttributes attrs(originProps.mAppId, originProps.mInMozBrowser);
+          PrincipalOriginAttributes attrs(originProps.mAppId, originProps.mInMozBrowser);
           principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
           rv = principal ? NS_OK : NS_ERROR_FAILURE;
         }
         if (NS_WARN_IF(NS_FAILED(rv))) {
           return rv;
         }
 
         if (mCreate) {
--- a/dom/webidl/ChromeUtils.webidl
+++ b/dom/webidl/ChromeUtils.webidl
@@ -34,17 +34,17 @@ interface ChromeUtils : ThreadSafeChrome
  * Used by principals and the script security manager to represent origin
  * attributes. The first dictionary is designed to contain the full set of
  * OriginAttributes, the second is used for pattern-matching (i.e. does this
  * OriginAttributesDictionary match the non-empty attributes in this pattern).
  *
  * IMPORTANT: If you add any members here, you need to do the following:
  * (1) Add them to both dictionaries.
  * (2) Update the methods on mozilla::OriginAttributes, including equality,
- *     serialization, and deserialization.
+ *     serialization, deserialization, and inheritance.
  * (3) Update the methods on mozilla::OriginAttributesPattern, including matching.
  */
 dictionary OriginAttributesDictionary {
   unsigned long appId = 0;
   unsigned long userContextId = 0;
   boolean inBrowser = false;
   DOMString addonId = "";
   DOMString signedPkg = "";
--- a/dom/workers/PServiceWorkerManager.ipdl
+++ b/dom/workers/PServiceWorkerManager.ipdl
@@ -2,43 +2,43 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 include protocol PBackground;
 
 include PBackgroundSharedTypes;
 include ServiceWorkerRegistrarTypes;
 
-using mozilla::OriginAttributes from "mozilla/ipc/BackgroundUtils.h";
+using mozilla::PrincipalOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 
 namespace mozilla {
 namespace dom {
 
 protocol PServiceWorkerManager
 {
   manager PBackground;
 
 parent:
   Register(ServiceWorkerRegistrationData data);
 
   Unregister(PrincipalInfo principalInfo, nsString scope);
 
-  PropagateSoftUpdate(OriginAttributes originAttributes,
+  PropagateSoftUpdate(PrincipalOriginAttributes originAttributes,
                       nsString scope);
   PropagateUnregister(PrincipalInfo principalInfo, nsString scope);
 
   PropagateRemove(nsCString host);
 
   PropagateRemoveAll();
 
   Shutdown();
 
 child:
   NotifyRegister(ServiceWorkerRegistrationData data);
-  NotifySoftUpdate(OriginAttributes originAttributes, nsString scope);
+  NotifySoftUpdate(PrincipalOriginAttributes originAttributes, nsString scope);
   NotifyUnregister(PrincipalInfo principalInfo, nsString scope);
   NotifyRemove(nsCString host);
   NotifyRemoveAll();
 
   __delete__();
 };
 
 } // namespace dom
--- a/dom/workers/ServiceWorkerManager.cpp
+++ b/dom/workers/ServiceWorkerManager.cpp
@@ -716,17 +716,17 @@ GetRequiredScopeStringPrefix(nsIURI* aSc
     MOZ_ASSERT_UNREACHABLE("Invalid value for aPrefixMode");
   }
   return NS_OK;
 }
 
 class PropagateSoftUpdateRunnable final : public nsRunnable
 {
 public:
-  PropagateSoftUpdateRunnable(const OriginAttributes& aOriginAttributes,
+  PropagateSoftUpdateRunnable(const PrincipalOriginAttributes& aOriginAttributes,
                               const nsAString& aScope)
     : mOriginAttributes(aOriginAttributes)
     , mScope(aScope)
   {}
 
   NS_IMETHOD Run() override
   {
     AssertIsOnMainThread();
@@ -737,17 +737,17 @@ public:
     swm->PropagateSoftUpdate(mOriginAttributes, mScope);
     return NS_OK;
   }
 
 private:
   ~PropagateSoftUpdateRunnable()
   {}
 
-  const OriginAttributes mOriginAttributes;
+  const PrincipalOriginAttributes mOriginAttributes;
   const nsString mScope;
 };
 
 class PropagateUnregisterRunnable final : public nsRunnable
 {
 public:
   PropagateUnregisterRunnable(nsIPrincipal* aPrincipal,
                               nsIServiceWorkerUnregisterCallback* aCallback,
@@ -1995,17 +1995,17 @@ ServiceWorkerManager::SendPushEvent(cons
                                     const nsACString& aScope,
                                     uint32_t aDataLength,
                                     uint8_t* aDataBytes,
                                     uint8_t optional_argc)
 {
 #ifdef MOZ_SIMPLEPUSH
   return NS_ERROR_NOT_AVAILABLE;
 #else
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* serviceWorker = GetActiveWorkerInfoForScope(attrs, aScope);
   if (NS_WARN_IF(!serviceWorker)) {
     return NS_ERROR_FAILURE;
   }
@@ -2028,17 +2028,17 @@ ServiceWorkerManager::SendPushEvent(cons
 
 NS_IMETHODIMP
 ServiceWorkerManager::SendPushSubscriptionChangeEvent(const nsACString& aOriginAttributes,
                                                       const nsACString& aScope)
 {
 #ifdef MOZ_SIMPLEPUSH
   return NS_ERROR_NOT_AVAILABLE;
 #else
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* info = GetActiveWorkerInfoForScope(attrs, aScope);
   if (!info) {
     return NS_ERROR_FAILURE;
   }
@@ -2054,17 +2054,17 @@ ServiceWorkerManager::SendNotificationCl
                                                  const nsAString& aDir,
                                                  const nsAString& aLang,
                                                  const nsAString& aBody,
                                                  const nsAString& aTag,
                                                  const nsAString& aIcon,
                                                  const nsAString& aData,
                                                  const nsAString& aBehavior)
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromSuffix(aOriginSuffix)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   ServiceWorkerInfo* info = GetActiveWorkerInfoForScope(attrs, aScope);
   if (!info) {
     return NS_ERROR_FAILURE;
   }
@@ -2178,17 +2178,17 @@ ServiceWorkerManager::CheckReadyPromise(
     aPromise->MaybeResolve(swr);
     return true;
   }
 
   return false;
 }
 
 ServiceWorkerInfo*
-ServiceWorkerManager::GetActiveWorkerInfoForScope(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::GetActiveWorkerInfoForScope(const PrincipalOriginAttributes& aOriginAttributes,
                                                   const nsACString& aScope)
 {
   AssertIsOnMainThread();
 
   nsCOMPtr<nsIURI> scopeURI;
   nsresult rv = NS_NewURI(getter_AddRefs(scopeURI), aScope, nullptr, nullptr);
   if (NS_FAILED(rv)) {
     return nullptr;
@@ -2824,17 +2824,17 @@ ServiceWorkerManager::GetServiceWorkerRe
   if (NS_FAILED(rv)) {
     return nullptr;
   }
 
   return GetServiceWorkerRegistrationInfo(originAttributesSuffix, aURI);
 }
 
 already_AddRefed<ServiceWorkerRegistrationInfo>
-ServiceWorkerManager::GetServiceWorkerRegistrationInfo(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::GetServiceWorkerRegistrationInfo(const PrincipalOriginAttributes& aOriginAttributes,
                                                        nsIURI* aURI)
 {
   MOZ_ASSERT(aURI);
 
   nsAutoCString originAttributesSuffix;
   aOriginAttributes.CreateSuffix(originAttributesSuffix);
   return GetServiceWorkerRegistrationInfo(originAttributesSuffix, aURI);
 }
@@ -3307,17 +3307,17 @@ public:
 
     return NS_OK;
   }
 };
 
 } // anonymous namespace
 
 already_AddRefed<nsIRunnable>
-ServiceWorkerManager::PrepareFetchEvent(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::PrepareFetchEvent(const PrincipalOriginAttributes& aOriginAttributes,
                                         nsIDocument* aDoc,
                                         nsIInterceptedChannel* aChannel,
                                         bool aIsReload,
                                         bool aIsSubresourceLoad,
                                         ErrorResult& aRv)
 {
   MOZ_ASSERT(aChannel);
   AssertIsOnMainThread();
@@ -3396,17 +3396,17 @@ ServiceWorkerManager::DispatchPreparedFe
     return;
   }
   // Otherwise, ensure the upload stream can be cloned directly.  This may
   // require some async copying, so provide a callback.
   aRv = uploadChannel->EnsureUploadStreamIsCloneable(aPreparedRunnable);
 }
 
 bool
-ServiceWorkerManager::IsAvailable(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::IsAvailable(const PrincipalOriginAttributes& aOriginAttributes,
                                   nsIURI* aURI)
 {
   MOZ_ASSERT(aURI);
 
   RefPtr<ServiceWorkerRegistrationInfo> registration =
     GetServiceWorkerRegistrationInfo(aOriginAttributes, aURI);
   return registration && registration->mActiveWorker;
 }
@@ -3538,17 +3538,17 @@ ServiceWorkerManager::SoftUpdate(nsIPrin
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }
 
   SoftUpdate(scopeKey, aScope, aCallback);
 }
 
 void
-ServiceWorkerManager::SoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::SoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                  const nsACString& aScope,
                                  ServiceWorkerUpdateFinishCallback* aCallback)
 {
   nsAutoCString scopeKey;
   aOriginAttributes.CreateSuffix(scopeKey);
   SoftUpdate(scopeKey, aScope, aCallback);
 }
 
@@ -4063,17 +4063,17 @@ ServiceWorkerManager::PropagateRemoveAll
     AppendPendingOperation(runnable);
     return;
   }
 
   mActor->SendPropagateRemoveAll();
 }
 
 void
-ServiceWorkerManager::RemoveAllRegistrations(OriginAttributes* aParams)
+ServiceWorkerManager::RemoveAllRegistrations(PrincipalOriginAttributes* aParams)
 {
   AssertIsOnMainThread();
 
   MOZ_ASSERT(aParams);
 
   for (auto it1 = mRegistrationInfos.Iter(); !it1.Done(); it1.Next()) {
     ServiceWorkerManager::RegistrationDataPerPrincipal* data = it1.UserData();
 
@@ -4296,17 +4296,17 @@ ServiceWorkerManager::Observe(nsISupport
     MOZ_ASSERT(XRE_IsParentProcess());
     nsAutoString domain(aData);
     RemoveAndPropagate(NS_ConvertUTF16toUTF8(domain));
     return NS_OK;
   }
 
   if (strcmp(aTopic, CLEAR_ORIGIN_DATA) == 0) {
     MOZ_ASSERT(XRE_IsParentProcess());
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     MOZ_ALWAYS_TRUE(attrs.Init(nsAutoString(aData)));
 
     RemoveAllRegistrations(&attrs);
     return NS_OK;
   }
 
   if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
     mShuttingDown = true;
@@ -4339,27 +4339,27 @@ ServiceWorkerManager::Observe(nsISupport
 
 NS_IMETHODIMP
 ServiceWorkerManager::PropagateSoftUpdate(JS::Handle<JS::Value> aOriginAttributes,
                                           const nsAString& aScope,
                                           JSContext* aCx)
 {
   AssertIsOnMainThread();
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   PropagateSoftUpdate(attrs, aScope);
   return NS_OK;
 }
 
 void
-ServiceWorkerManager::PropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManager::PropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                           const nsAString& aScope)
 {
   AssertIsOnMainThread();
 
   if (!mActor) {
     RefPtr<nsIRunnable> runnable =
       new PropagateSoftUpdateRunnable(aOriginAttributes, aScope);
     AppendPendingOperation(runnable);
--- a/dom/workers/ServiceWorkerManager.h
+++ b/dom/workers/ServiceWorkerManager.h
@@ -30,17 +30,17 @@
 #include "nsRefPtrHashtable.h"
 #include "nsTArrayForwardDeclare.h"
 #include "nsTObserverArray.h"
 
 class mozIApplicationClearPrivateDataParams;
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace dom {
 
 class ServiceWorkerRegistrationListener;
 
 namespace workers {
 
 class ServiceWorker;
@@ -349,23 +349,23 @@ public:
   // Note: Its safe to use weak references here because a RAII-style callback
   //       is registered with the channel before its added to this list.  We
   //       are guaranteed the callback will fire before and remove the ref
   //       from this list before the channel is destroyed.
   typedef nsTArray<nsIInterceptedChannel*> InterceptionList;
   nsClassHashtable<nsCStringHashKey, InterceptionList> mNavigationInterceptions;
 
   bool
-  IsAvailable(const OriginAttributes& aOriginAttributes, nsIURI* aURI);
+  IsAvailable(const PrincipalOriginAttributes& aOriginAttributes, nsIURI* aURI);
 
   bool
   IsControlled(nsIDocument* aDocument, ErrorResult& aRv);
 
   already_AddRefed<nsIRunnable>
-  PrepareFetchEvent(const OriginAttributes& aOriginAttributes,
+  PrepareFetchEvent(const PrincipalOriginAttributes& aOriginAttributes,
                     nsIDocument* aDoc,
                     nsIInterceptedChannel* aChannel,
                     bool aIsReload,
                     bool aIsSubresourceLoad,
                     ErrorResult& aRv);
 
   void
   DispatchPreparedFetchEvent(nsIInterceptedChannel* aChannel,
@@ -373,22 +373,22 @@ public:
                              ErrorResult& aRv);
 
   void
   SoftUpdate(nsIPrincipal* aPrincipal,
              const nsACString& aScope,
              ServiceWorkerUpdateFinishCallback* aCallback = nullptr);
 
   void
-  SoftUpdate(const OriginAttributes& aOriginAttributes,
+  SoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
              const nsACString& aScope,
              ServiceWorkerUpdateFinishCallback* aCallback = nullptr);
 
   void
-  PropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+  PropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                       const nsAString& aScope);
 
   void
   PropagateRemove(const nsACString& aHost);
 
   void
   Remove(const nsACString& aHost);
 
@@ -510,17 +510,17 @@ private:
 
   NS_IMETHODIMP
   GetServiceWorkerForScope(nsIDOMWindow* aWindow,
                            const nsAString& aScope,
                            WhichServiceWorker aWhichWorker,
                            nsISupports** aServiceWorker);
 
   ServiceWorkerInfo*
-  GetActiveWorkerInfoForScope(const OriginAttributes& aOriginAttributes,
+  GetActiveWorkerInfoForScope(const PrincipalOriginAttributes& aOriginAttributes,
                               const nsACString& aScope);
 
   ServiceWorkerInfo*
   GetActiveWorkerInfoForDocument(nsIDocument* aDocument);
 
   void
   InvalidateServiceWorkerRegistrationWorker(ServiceWorkerRegistrationInfo* aRegistration,
                                             WhichServiceWorker aWhichOnes);
@@ -537,17 +537,17 @@ private:
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(nsIDocument* aDoc);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(nsIPrincipal* aPrincipal, nsIURI* aURI);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
-  GetServiceWorkerRegistrationInfo(const OriginAttributes& aOriginAttributes,
+  GetServiceWorkerRegistrationInfo(const PrincipalOriginAttributes& aOriginAttributes,
                                    nsIURI* aURI);
 
   already_AddRefed<ServiceWorkerRegistrationInfo>
   GetServiceWorkerRegistrationInfo(const nsACString& aScopeKey,
                                    nsIURI* aURI);
 
   // This method generates a key using appId and isInElementBrowser from the
   // principal. We don't use the origin because it can change during the
@@ -620,17 +620,17 @@ private:
   // hashtable and can cleanly remove within the hashtable enumeration
   // function.
   void
   RemoveRegistrationInternal(ServiceWorkerRegistrationInfo* aRegistration);
 
   // Removes all service worker registrations that matches the given
   // mozIApplicationClearPrivateDataParams.
   void
-  RemoveAllRegistrations(OriginAttributes* aParams);
+  RemoveAllRegistrations(PrincipalOriginAttributes* aParams);
 
   RefPtr<ServiceWorkerManagerChild> mActor;
 
   struct PendingOperation;
   nsTArray<PendingOperation> mPendingOperations;
 
   bool mShuttingDown;
 
--- a/dom/workers/ServiceWorkerManagerChild.cpp
+++ b/dom/workers/ServiceWorkerManagerChild.cpp
@@ -27,17 +27,17 @@ ServiceWorkerManagerChild::RecvNotifyReg
   MOZ_ASSERT(swm);
 
   swm->LoadRegistration(aData);
   return true;
 }
 
 bool
 ServiceWorkerManagerChild::RecvNotifySoftUpdate(
-                                      const OriginAttributes& aOriginAttributes,
+                                      const PrincipalOriginAttributes& aOriginAttributes,
                                       const nsString& aScope)
 {
   if (mShuttingDown) {
     return true;
   }
 
   RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
   MOZ_ASSERT(swm);
--- a/dom/workers/ServiceWorkerManagerChild.h
+++ b/dom/workers/ServiceWorkerManagerChild.h
@@ -7,17 +7,17 @@
 #ifndef mozilla_dom_ServiceWorkerManagerChild_h
 #define mozilla_dom_ServiceWorkerManagerChild_h
 
 #include "mozilla/dom/PServiceWorkerManagerChild.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class BackgroundChildImpl;
 } // namespace ipc
 
 namespace dom {
 namespace workers {
 
@@ -31,17 +31,17 @@ public:
   void ManagerShuttingDown()
   {
     mShuttingDown = true;
   }
 
   virtual bool RecvNotifyRegister(const ServiceWorkerRegistrationData& aData)
                                                                        override;
 
-  virtual bool RecvNotifySoftUpdate(const OriginAttributes& aOriginAttributes,
+  virtual bool RecvNotifySoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                     const nsString& aScope) override;
 
   virtual bool RecvNotifyUnregister(const PrincipalInfo& aPrincipalInfo,
                                     const nsString& aScope) override;
 
   virtual bool RecvNotifyRemove(const nsCString& aHost) override;
 
   virtual bool RecvNotifyRemoveAll() override;
--- a/dom/workers/ServiceWorkerManagerParent.cpp
+++ b/dom/workers/ServiceWorkerManagerParent.cpp
@@ -227,17 +227,17 @@ ServiceWorkerManagerParent::RecvUnregist
                                            callback);
   nsresult rv = NS_DispatchToMainThread(runnable);
   MOZ_ALWAYS_TRUE(NS_SUCCEEDED(rv));
 
   return true;
 }
 
 bool
-ServiceWorkerManagerParent::RecvPropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+ServiceWorkerManagerParent::RecvPropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                                     const nsString& aScope)
 {
   AssertIsOnBackgroundThread();
 
   if (NS_WARN_IF(!mService)) {
     return false;
   }
 
--- a/dom/workers/ServiceWorkerManagerParent.h
+++ b/dom/workers/ServiceWorkerManagerParent.h
@@ -6,17 +6,17 @@
 
 #ifndef mozilla_dom_ServiceWorkerManagerParent_h
 #define mozilla_dom_ServiceWorkerManagerParent_h
 
 #include "mozilla/dom/PServiceWorkerManagerParent.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class BackgroundParentImpl;
 } // namespace ipc
 
 namespace dom {
 namespace workers {
 
@@ -37,17 +37,17 @@ private:
   ~ServiceWorkerManagerParent();
 
   virtual bool RecvRegister(
                            const ServiceWorkerRegistrationData& aData) override;
 
   virtual bool RecvUnregister(const PrincipalInfo& aPrincipalInfo,
                               const nsString& aScope) override;
 
-  virtual bool RecvPropagateSoftUpdate(const OriginAttributes& aOriginAttributes,
+  virtual bool RecvPropagateSoftUpdate(const PrincipalOriginAttributes& aOriginAttributes,
                                        const nsString& aScope) override;
 
   virtual bool RecvPropagateUnregister(const PrincipalInfo& aPrincipalInfo,
                                        const nsString& aScope) override;
 
   virtual bool RecvPropagateRemove(const nsCString& aHost) override;
 
   virtual bool RecvPropagateRemoveAll() override;
--- a/dom/workers/ServiceWorkerManagerService.cpp
+++ b/dom/workers/ServiceWorkerManagerService.cpp
@@ -106,17 +106,17 @@ ServiceWorkerManagerService::PropagateRe
 #ifdef DEBUG
   MOZ_ASSERT(parentFound);
 #endif
 }
 
 void
 ServiceWorkerManagerService::PropagateSoftUpdate(
                                       uint64_t aParentID,
-                                      const OriginAttributes& aOriginAttributes,
+                                      const PrincipalOriginAttributes& aOriginAttributes,
                                       const nsAString& aScope)
 {
   AssertIsOnBackgroundThread();
 
   DebugOnly<bool> parentFound = false;
   for (auto iter = mAgents.Iter(); !iter.Done(); iter.Next()) {
     ServiceWorkerManagerParent* parent = iter.Get()->GetKey();
     MOZ_ASSERT(parent);
--- a/dom/workers/ServiceWorkerManagerService.h
+++ b/dom/workers/ServiceWorkerManagerService.h
@@ -8,17 +8,17 @@
 #define mozilla_dom_ServiceWorkerManagerService_h
 
 #include "nsISupportsImpl.h"
 #include "nsHashKeys.h"
 #include "nsTHashtable.h"
 
 namespace mozilla {
 
-class OriginAttributes;
+class PrincipalOriginAttributes;
 
 namespace ipc {
 class PrincipalInfo;
 } // namespace ipc
 
 namespace dom {
 
 class ServiceWorkerRegistrationData;
@@ -37,17 +37,17 @@ public:
 
   void RegisterActor(ServiceWorkerManagerParent* aParent);
   void UnregisterActor(ServiceWorkerManagerParent* aParent);
 
   void PropagateRegistration(uint64_t aParentID,
                              ServiceWorkerRegistrationData& aData);
 
   void PropagateSoftUpdate(uint64_t aParentID,
-                           const OriginAttributes& aOriginAttributes,
+                           const PrincipalOriginAttributes& aOriginAttributes,
                            const nsAString& aScope);
 
   void PropagateUnregister(uint64_t aParentID,
                            const mozilla::ipc::PrincipalInfo& aPrincipalInfo,
                            const nsAString& aScope);
 
   void PropagateRemove(uint64_t aParentID, const nsACString& aHost);
 
--- a/dom/workers/ServiceWorkerPrivate.cpp
+++ b/dom/workers/ServiceWorkerPrivate.cpp
@@ -206,17 +206,17 @@ public:
 
   NS_IMETHOD Run()
   {
     AssertIsOnMainThread();
 
     RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
     MOZ_ASSERT(swm);
 
-    OriginAttributes attrs =
+    PrincipalOriginAttributes attrs =
       mozilla::BasePrincipal::Cast(mRegistration->mPrincipal)->OriginAttributesRef();
 
     swm->PropagateSoftUpdate(attrs,
                              NS_ConvertUTF8toUTF16(mRegistration->mScope));
     return NS_OK;
   }
 };
 
--- a/dom/workers/ServiceWorkerRegistrar.cpp
+++ b/dom/workers/ServiceWorkerRegistrar.cpp
@@ -321,17 +321,17 @@ ServiceWorkerRegistrar::ReadData()
     }                                                 \
     if (NS_WARN_IF(!hasMoreLines)) {                  \
       return NS_ERROR_FAILURE;                        \
     }
 
     nsAutoCString suffix;
     GET_LINE(suffix);
 
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     if (!attrs.PopulateFromSuffix(suffix)) {
       return NS_ERROR_INVALID_ARG;
     }
 
     GET_LINE(line);
     entry->principal() =
       mozilla::ipc::ContentPrincipalInfo(attrs, line);
 
--- a/dom/workers/test/gtest/TestReadWrite.cpp
+++ b/dom/workers/test/gtest/TestReadWrite.cpp
@@ -214,17 +214,17 @@ TEST(ServiceWorkerRegistrar, TestWriteDa
 
     nsTArray<ServiceWorkerRegistrationData>& data = swr->TestGetData();
 
     for (int i = 0; i < 10; ++i) {
       ServiceWorkerRegistrationData* d = data.AppendElement();
 
       nsAutoCString spec;
       spec.AppendPrintf("spec write %d", i);
-      d->principal() = mozilla::ipc::ContentPrincipalInfo(mozilla::OriginAttributes(i, i % 2), spec);
+      d->principal() = mozilla::ipc::ContentPrincipalInfo(mozilla::PrincipalOriginAttributes(i, i % 2), spec);
       d->scope().AppendPrintf("scope write %d", i);
       d->scriptSpec().AppendPrintf("scriptSpec write %d", i);
       d->currentWorkerURL().AppendPrintf("currentWorkerURL write %d", i);
       d->activeCacheName().AppendPrintf("activeCacheName write %d", i);
       d->waitingCacheName().AppendPrintf("waitingCacheName write %d", i);
     }
 
     nsresult rv = swr->TestWriteData();
@@ -240,17 +240,17 @@ TEST(ServiceWorkerRegistrar, TestWriteDa
   ASSERT_EQ((uint32_t)10, data.Length()) << "10 entries should be found";
 
   for (int i = 0; i < 10; ++i) {
     nsAutoCString test;
 
     ASSERT_EQ(data[i].principal().type(), mozilla::ipc::PrincipalInfo::TContentPrincipalInfo);
     const mozilla::ipc::ContentPrincipalInfo& cInfo = data[i].principal();
 
-    mozilla::OriginAttributes attrs(i, i % 2);
+    mozilla::PrincipalOriginAttributes attrs(i, i % 2);
     nsAutoCString suffix, expectSuffix;
     attrs.CreateSuffix(expectSuffix);
     cInfo.attrs().CreateSuffix(suffix);
 
     ASSERT_STREQ(expectSuffix.get(), suffix.get());
 
     test.AppendPrintf("spec write %d", i);
     ASSERT_STREQ(test.get(), cInfo.spec().get());
--- a/extensions/cookie/nsPermission.cpp
+++ b/extensions/cookie/nsPermission.cpp
@@ -79,18 +79,18 @@ nsPermission::Matches(nsIPrincipal* aPri
 
   // If we are matching with an exact host, we're done now - the permissions don't match
   // otherwise, we need to start comparing subdomains!
   if (aExactHost) {
       return NS_OK;
   }
 
   // Compare their OriginAttributes
-  const mozilla::OriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
-  const mozilla::OriginAttributes& ourAttrs = mozilla::BasePrincipal::Cast(mPrincipal)->OriginAttributesRef();
+  const mozilla::PrincipalOriginAttributes& theirAttrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+  const mozilla::PrincipalOriginAttributes& ourAttrs = mozilla::BasePrincipal::Cast(mPrincipal)->OriginAttributesRef();
 
   if (theirAttrs != ourAttrs) {
       return NS_OK;
   }
 
   nsCOMPtr<nsIURI> theirURI;
   nsresult rv = aPrincipal->GetURI(getter_AddRefs(theirURI));
   NS_ENSURE_SUCCESS(rv, rv);
@@ -162,14 +162,14 @@ nsPermission::Matches(nsIPrincipal* aPri
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsPermission::MatchesURI(nsIURI* aURI, bool aExactHost, bool* aMatches)
 {
   NS_ENSURE_ARG_POINTER(aURI);
 
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   return Matches(principal, aExactHost, aMatches);
 }
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -102,17 +102,17 @@ LogToConsole(const nsAString& aMsg)
 ////////////////////////////////////////////////////////////////////////////////
 
 namespace {
 
 nsresult
 GetPrincipalFromOrigin(const nsACString& aOrigin, nsIPrincipal** aPrincipal)
 {
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return NS_ERROR_FAILURE;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
@@ -121,28 +121,28 @@ GetPrincipalFromOrigin(const nsACString&
   return NS_OK;
 }
 
 
 nsresult
 GetPrincipal(nsIURI* aURI, uint32_t aAppId, bool aIsInBrowserElement, nsIPrincipal** aPrincipal)
 {
   // TODO: Bug 1165267 - Use OriginAttributes for nsCookieService
-  mozilla::OriginAttributes attrs(aAppId, aIsInBrowserElement);
+  mozilla::PrincipalOriginAttributes attrs(aAppId, aIsInBrowserElement);
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsresult
 GetPrincipal(nsIURI* aURI, nsIPrincipal** aPrincipal)
 {
-  mozilla::OriginAttributes attrs;
+  mozilla::PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsCString
@@ -2172,17 +2172,17 @@ nsPermissionManager::GetPermissionHashKe
     }
 
     rv = newURI->SetHost(domain);
     if (NS_FAILED(rv)) {
       return nullptr;
     }
 
     // Copy the attributes over
-    mozilla::OriginAttributes attrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
+    mozilla::PrincipalOriginAttributes attrs = mozilla::BasePrincipal::Cast(aPrincipal)->OriginAttributesRef();
     nsCOMPtr<nsIPrincipal> principal = mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);
 
     return GetPermissionHashKey(principal, aType, aExactHostMatch);
   }
 
   // No entry, really...
   return nullptr;
 }
--- a/gfx/thebes/gfxSVGGlyphs.cpp
+++ b/gfx/thebes/gfxSVGGlyphs.cpp
@@ -342,17 +342,18 @@ gfxSVGGlyphsDocument::ParseDocument(cons
     nsCOMPtr<nsIURI> uri;
     nsHostObjectProtocolHandler::GenerateURIString(NS_LITERAL_CSTRING(FONTTABLEURI_SCHEME),
                                                    nullptr,
                                                    mSVGGlyphsDocumentURI);
  
     rv = NS_NewURI(getter_AddRefs(uri), mSVGGlyphsDocumentURI);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    OriginAttributes attrs;
+    // TODO: Bug 1225053 - gfxSVGGlyphs.cpp should use correct principal
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
     nsCOMPtr<nsIDOMDocument> domDoc;
     rv = NS_NewDOMDocument(getter_AddRefs(domDoc),
                            EmptyString(),   // aNamespaceURI
                            EmptyString(),   // aQualifiedName
--- a/ipc/glue/BackgroundUtils.h
+++ b/ipc/glue/BackgroundUtils.h
@@ -11,35 +11,53 @@
 #include "nsCOMPtr.h"
 #include "nscore.h"
 
 class nsILoadInfo;
 class nsIPrincipal;
 
 namespace IPC {
 
-template<>
-struct ParamTraits<mozilla::OriginAttributes>
+namespace detail {
+template<class ParamType>
+struct OriginAttributesParamTraits
 {
-  typedef mozilla::OriginAttributes paramType;
+  typedef ParamType paramType;
 
   static void Write(Message* aMsg, const paramType& aParam)
   {
     nsAutoCString suffix;
     aParam.CreateSuffix(suffix);
     WriteParam(aMsg, suffix);
   }
 
   static bool Read(const Message* aMsg, void** aIter, paramType* aResult)
   {
     nsAutoCString suffix;
     return ReadParam(aMsg, aIter, &suffix) &&
            aResult->PopulateFromSuffix(suffix);
   }
 };
+} // namespace detail
+
+template<>
+struct ParamTraits<mozilla::PrincipalOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::PrincipalOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::DocShellOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::DocShellOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::NeckoOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::NeckoOriginAttributes> {};
+
+template<>
+struct ParamTraits<mozilla::GenericOriginAttributes>
+  : public detail::OriginAttributesParamTraits<mozilla::GenericOriginAttributes> {};
 
 } // namespace IPC
 
 namespace mozilla {
 namespace net {
 class OptionalLoadInfoArgs;
 } // namespace net
 
--- a/ipc/glue/PBackgroundSharedTypes.ipdlh
+++ b/ipc/glue/PBackgroundSharedTypes.ipdlh
@@ -1,21 +1,21 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
-using mozilla::OriginAttributes from "mozilla/ipc/BackgroundUtils.h";
+using mozilla::PrincipalOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 using struct mozilla::void_t from "ipc/IPCMessageUtils.h";
 
 namespace mozilla {
 namespace ipc {
 
 struct ContentPrincipalInfo
 {
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   nsCString spec;
 };
 
 struct SystemPrincipalInfo
 { };
 
 struct NullPrincipalInfo
 { };
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -1180,17 +1180,17 @@ ParsePrincipal(JSContext* cx, HandleStri
     if (NS_FAILED(rv)) {
         JS_ReportError(cx, "Creating URI from string failed");
         return false;
     }
 
     // We could allow passing in the app-id and browser-element info to the
     // sandbox constructor. But creating a sandbox based on a string is a
     // deprecated API so no need to add features to it.
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> prin =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
     prin.forget(principal);
 
     if (!*principal) {
         JS_ReportError(cx, "Creating Principal from URI failed");
         return false;
     }
--- a/netwerk/base/LoadContextInfo.cpp
+++ b/netwerk/base/LoadContextInfo.cpp
@@ -10,17 +10,17 @@
 
 namespace mozilla {
 namespace net {
 
 // LoadContextInfo
 
 NS_IMPL_ISUPPORTS(LoadContextInfo, nsILoadContextInfo)
 
-LoadContextInfo::LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, OriginAttributes aOriginAttributes)
+LoadContextInfo::LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, NeckoOriginAttributes aOriginAttributes)
   : mIsPrivate(aIsPrivate)
   , mIsAnonymous(aIsAnonymous)
   , mOriginAttributes(aOriginAttributes)
 {
 }
 
 LoadContextInfo::~LoadContextInfo()
 {
@@ -33,17 +33,17 @@ NS_IMETHODIMP LoadContextInfo::GetIsPriv
 }
 
 NS_IMETHODIMP LoadContextInfo::GetIsAnonymous(bool *aIsAnonymous)
 {
   *aIsAnonymous = mIsAnonymous;
   return NS_OK;
 }
 
-OriginAttributes const* LoadContextInfo::OriginAttributesPtr()
+NeckoOriginAttributes const* LoadContextInfo::OriginAttributesPtr()
 {
   return &mOriginAttributes;
 }
 
 NS_IMETHODIMP LoadContextInfo::GetOriginAttributes(JSContext *aCx,
                                                    JS::MutableHandle<JS::Value> aVal)
 {
   if (NS_WARN_IF(!ToJSValue(aCx, mOriginAttributes, aVal))) {
@@ -53,40 +53,40 @@ NS_IMETHODIMP LoadContextInfo::GetOrigin
 }
 
 // LoadContextInfoFactory
 
 NS_IMPL_ISUPPORTS(LoadContextInfoFactory, nsILoadContextInfoFactory)
 
 NS_IMETHODIMP LoadContextInfoFactory::GetDefault(nsILoadContextInfo * *aDefault)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, false, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, false, NeckoOriginAttributes());
   info.forget(aDefault);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::GetPrivate(nsILoadContextInfo * *aPrivate)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(true, false, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(true, false, NeckoOriginAttributes());
   info.forget(aPrivate);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::GetAnonymous(nsILoadContextInfo * *aAnonymous)
 {
-  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, true, OriginAttributes());
+  nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(false, true, NeckoOriginAttributes());
   info.forget(aAnonymous);
   return NS_OK;
 }
 
 NS_IMETHODIMP LoadContextInfoFactory::Custom(bool aPrivate, bool aAnonymous,
                                              JS::HandleValue aOriginAttributes, JSContext *cx,
                                              nsILoadContextInfo * *_retval)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool status = attrs.Init(cx, aOriginAttributes);
   NS_ENSURE_TRUE(status, NS_ERROR_FAILURE);
 
   nsCOMPtr<nsILoadContextInfo> info = GetLoadContextInfo(aPrivate, aAnonymous, attrs);
   info.forget(_retval);
   return NS_OK;
 }
 
@@ -117,35 +117,38 @@ GetLoadContextInfo(nsIChannel * aChannel
 
   bool anon = false;
   nsLoadFlags loadFlags;
   rv = aChannel->GetLoadFlags(&loadFlags);
   if (NS_SUCCEEDED(rv)) {
     anon = !!(loadFlags & nsIChannel::LOAD_ANONYMOUS);
   }
 
-  OriginAttributes oa;
+  NeckoOriginAttributes oa;
   NS_GetOriginAttributes(aChannel, oa);
 
   return new LoadContextInfo(pb, anon, oa);
 }
 
 LoadContextInfo *
 GetLoadContextInfo(nsILoadContext *aLoadContext, bool aIsAnonymous)
 {
   if (!aLoadContext) {
     return new LoadContextInfo(false, aIsAnonymous,
-                               OriginAttributes(nsILoadContextInfo::NO_APP_ID, false));
+                               NeckoOriginAttributes(nsILoadContextInfo::NO_APP_ID, false));
   }
 
   bool pb = aLoadContext->UsePrivateBrowsing();
-  OriginAttributes oa;
-  aLoadContext->GetOriginAttributes(oa);
+  DocShellOriginAttributes doa;
+  aLoadContext->GetOriginAttributes(doa);
 
-  return new LoadContextInfo(pb, aIsAnonymous, oa);
+  NeckoOriginAttributes noa;
+  noa.InheritFromDocShellToNecko(doa);
+
+  return new LoadContextInfo(pb, aIsAnonymous, noa);
 }
 
 LoadContextInfo*
 GetLoadContextInfo(nsIDOMWindow *aWindow,
                    bool aIsAnonymous)
 {
   nsCOMPtr<nsIWebNavigation> webNav = do_GetInterface(aWindow);
   nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(webNav);
@@ -159,17 +162,17 @@ GetLoadContextInfo(nsILoadContextInfo *a
   return new LoadContextInfo(aInfo->IsPrivate(),
                              aInfo->IsAnonymous(),
                              *aInfo->OriginAttributesPtr());
 }
 
 LoadContextInfo *
 GetLoadContextInfo(bool const aIsPrivate,
                    bool const aIsAnonymous,
-                   OriginAttributes const &aOriginAttributes)
+                   NeckoOriginAttributes const &aOriginAttributes)
 {
   return new LoadContextInfo(aIsPrivate,
                              aIsAnonymous,
                              aOriginAttributes);
 }
 
 } // namespace net
 } // namespace mozilla
--- a/netwerk/base/LoadContextInfo.h
+++ b/netwerk/base/LoadContextInfo.h
@@ -14,25 +14,25 @@ namespace mozilla {
 namespace net {
 
 class LoadContextInfo : public nsILoadContextInfo
 {
 public:
   NS_DECL_THREADSAFE_ISUPPORTS
   NS_DECL_NSILOADCONTEXTINFO
 
-  LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, OriginAttributes aOriginAttributes);
+  LoadContextInfo(bool aIsPrivate, bool aIsAnonymous, NeckoOriginAttributes aOriginAttributes);
 
 private:
   virtual ~LoadContextInfo();
 
 protected:
   bool mIsPrivate : 1;
   bool mIsAnonymous : 1;
-  OriginAttributes mOriginAttributes;
+  NeckoOriginAttributes mOriginAttributes;
 };
 
 class LoadContextInfoFactory : public nsILoadContextInfoFactory
 {
   virtual ~LoadContextInfoFactory() {}
 public:
   NS_DECL_ISUPPORTS // deliberately not thread-safe
   NS_DECL_NSILOADCONTEXTINFOFACTORY
@@ -50,14 +50,14 @@ GetLoadContextInfo(nsIDOMWindow *aLoadCo
                    bool aIsAnonymous);
 
 LoadContextInfo*
 GetLoadContextInfo(nsILoadContextInfo *aInfo);
 
 LoadContextInfo*
 GetLoadContextInfo(bool const aIsPrivate,
                    bool const aIsAnonymous,
-                   OriginAttributes const &aOriginAttributes);
+                   NeckoOriginAttributes const &aOriginAttributes);
 
 } // namespace net
 } // namespace mozilla
 
 #endif
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -78,17 +78,18 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadin
       nsCOMPtr<nsPIDOMWindow> parent = outerWindow->GetScriptableParent();
       mParentOuterWindowID = parent->WindowID();
     }
 
     mUpgradeInsecureRequests = aLoadingContext->OwnerDoc()->GetUpgradeInsecureRequests();
     mUpgradeInsecurePreloads = aLoadingContext->OwnerDoc()->GetUpgradeInsecurePreloads();
   }
 
-  mOriginAttributes = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
+  const PrincipalOriginAttributes attrs = BasePrincipal::Cast(mLoadingPrincipal)->OriginAttributesRef();
+  mOriginAttributes.InheritFromDocToNecko(attrs);
 }
 
 LoadInfo::LoadInfo(const LoadInfo& rhs)
   : mLoadingPrincipal(rhs.mLoadingPrincipal)
   , mTriggeringPrincipal(rhs.mTriggeringPrincipal)
   , mLoadingContext(rhs.mLoadingContext)
   , mSecurityFlags(rhs.mSecurityFlags)
   , mInternalContentPolicyType(rhs.mInternalContentPolicyType)
@@ -113,17 +114,17 @@ LoadInfo::LoadInfo(nsIPrincipal* aLoadin
                    nsContentPolicyType aContentPolicyType,
                    bool aUpgradeInsecureRequests,
                    bool aUpgradeInsecurePreloads,
                    uint64_t aInnerWindowID,
                    uint64_t aOuterWindowID,
                    uint64_t aParentOuterWindowID,
                    bool aEnforceSecurity,
                    bool aInitialSecurityCheckDone,
-                   const OriginAttributes& aOriginAttributes,
+                   const NeckoOriginAttributes& aOriginAttributes,
                    nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChainIncludingInternalRedirects,
                    nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain)
   : mLoadingPrincipal(aLoadingPrincipal)
   , mTriggeringPrincipal(aTriggeringPrincipal)
   , mSecurityFlags(aSecurityFlags)
   , mInternalContentPolicyType(aContentPolicyType)
   , mUpgradeInsecureRequests(aUpgradeInsecureRequests)
   , mUpgradeInsecurePreloads(aUpgradeInsecurePreloads)
@@ -342,35 +343,35 @@ LoadInfo::GetScriptableOriginAttributes(
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 LoadInfo::SetScriptableOriginAttributes(JSContext* aCx,
   JS::Handle<JS::Value> aOriginAttributes)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
 
   mOriginAttributes = attrs;
   return NS_OK;
 }
 
 nsresult
-LoadInfo::GetOriginAttributes(mozilla::OriginAttributes* aOriginAttributes)
+LoadInfo::GetOriginAttributes(mozilla::NeckoOriginAttributes* aOriginAttributes)
 {
   NS_ENSURE_ARG(aOriginAttributes);
   *aOriginAttributes = mOriginAttributes;
   return NS_OK;
 }
 
 nsresult
-LoadInfo::SetOriginAttributes(const mozilla::OriginAttributes& aOriginAttributes)
+LoadInfo::SetOriginAttributes(const mozilla::NeckoOriginAttributes& aOriginAttributes)
 {
   mOriginAttributes = aOriginAttributes;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 LoadInfo::SetEnforceSecurity(bool aEnforceSecurity)
 {
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -71,17 +71,17 @@ private:
            nsContentPolicyType aContentPolicyType,
            bool aUpgradeInsecureRequests,
            bool aUpgradeInsecurePreloads,
            uint64_t aInnerWindowID,
            uint64_t aOuterWindowID,
            uint64_t aParentOuterWindowID,
            bool aEnforceSecurity,
            bool aInitialSecurityCheckDone,
-           const OriginAttributes& aOriginAttributes,
+           const NeckoOriginAttributes& aOriginAttributes,
            nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChainIncludingInternalRedirects,
            nsTArray<nsCOMPtr<nsIPrincipal>>& aRedirectChain);
   LoadInfo(const LoadInfo& rhs);
 
   friend nsresult
   mozilla::ipc::LoadInfoArgsToLoadInfo(
     const mozilla::net::OptionalLoadInfoArgs& aLoadInfoArgs,
     nsILoadInfo** outLoadInfo);
@@ -103,17 +103,17 @@ private:
   LoadTainting                     mTainting;
   bool                             mUpgradeInsecureRequests;
   bool                             mUpgradeInsecurePreloads;
   uint64_t                         mInnerWindowID;
   uint64_t                         mOuterWindowID;
   uint64_t                         mParentOuterWindowID;
   bool                             mEnforceSecurity;
   bool                             mInitialSecurityCheckDone;
-  OriginAttributes                 mOriginAttributes;
+  NeckoOriginAttributes            mOriginAttributes;
   nsTArray<nsCOMPtr<nsIPrincipal>> mRedirectChainIncludingInternalRedirects;
   nsTArray<nsCOMPtr<nsIPrincipal>> mRedirectChain;
 };
 
 } // namespace mozilla
 
 #endif // mozilla_LoadInfo_h
 
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -590,17 +590,17 @@ Predictor::Init()
     mDNSListener = new DNSListener();
   }
 
   nsCOMPtr<nsICacheStorageService> cacheStorageService =
     do_GetService("@mozilla.org/netwerk/cache-storage-service;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   RefPtr<LoadContextInfo> lci =
-    new LoadContextInfo(false, false, OriginAttributes());
+    new LoadContextInfo(false, false, NeckoOriginAttributes());
 
   rv = cacheStorageService->DiskCacheStorage(lci, false,
                                              getter_AddRefs(mCacheDiskStorage));
   NS_ENSURE_SUCCESS(rv, rv);
 
   mIOService = do_GetService("@mozilla.org/network/io-service;1", &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
--- a/netwerk/base/nsILoadContextInfo.idl
+++ b/netwerk/base/nsILoadContextInfo.idl
@@ -3,17 +3,17 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsISupports.idl"
 
 %{ C++
 #include "mozilla/BasePrincipal.h"
 %}
-native OriginAttributesNativePtr(const mozilla::OriginAttributes*);
+native OriginAttributesNativePtr(const mozilla::NeckoOriginAttributes*);
 
 interface nsILoadContext;
 interface nsIDOMWindow;
 
 /**
  * Helper interface to carry informatin about the load context
  * encapsulating origin attributes and IsAnonymous, IsPrivite properties.
  * It shall be used where nsILoadContext cannot be used or is not
@@ -32,17 +32,17 @@ interface nsILoadContextInfo : nsISuppor
   readonly attribute boolean isPrivate;
 
   /**
    * Whether the load is initiated as anonymous
    */
   readonly attribute boolean isAnonymous;
 
   /**
-   * OriginAttributes hiding all the security context attributes
+   * NeckoOriginAttributes hiding all the security context attributes
    */
   [implicit_jscontext]
   readonly attribute jsval originAttributes;
   [noscript, notxpcom, nostdcall, binaryname(OriginAttributesPtr)]
   OriginAttributesNativePtr binaryOriginAttributesPtr();
 
 %{C++
   /**
@@ -67,17 +67,17 @@ interface nsILoadContextInfo : nsISuppor
     return IsPrivate() == aOther->IsPrivate() &&
            IsAnonymous() == aOther->IsAnonymous() &&
            *OriginAttributesPtr() == *aOther->OriginAttributesPtr();
   }
 %}
 };
 
 /**
- * Since OriginAttributes struct limits the implementation of
+ * Since NeckoOriginAttributes struct limits the implementation of
  * nsILoadContextInfo (that needs to be thread safe) to C++,
  * we need a scriptable factory to create instances of that
  * interface from JS.
  */
 [scriptable, uuid(c1c7023d-4318-4f99-8307-b5ccf0558793)]
 interface nsILoadContextInfoFactory : nsISupports
 {
   readonly attribute nsILoadContextInfo default;
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -13,18 +13,18 @@ interface nsIPrincipal;
 
 %{C++
 #include "nsTArray.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/LoadTainting.h"
 %}
 
 [ref] native const_nsIPrincipalArray(const nsTArray<nsCOMPtr<nsIPrincipal>>);
-native OriginAttributes(mozilla::OriginAttributes);
-[ref] native const_OriginAttributesRef(const mozilla::OriginAttributes);
+native NeckoOriginAttributes(mozilla::NeckoOriginAttributes);
+[ref] native const_OriginAttributesRef(const mozilla::NeckoOriginAttributes);
 
 typedef unsigned long nsSecurityFlags;
 
 /**
  * An nsILoadOwner represents per-load information about who started the load.
  */
 [scriptable, builtinclass, uuid(c21803eb-ad4f-46bd-b0a5-8081381253f2)]
 interface nsILoadInfo : nsISupports
@@ -330,32 +330,32 @@ interface nsILoadInfo : nsISupports
    * available. parentOuterWindowID will be the same as outerWindowID if the
    * window has no parent.
    */
   [infallible] readonly attribute unsigned long long innerWindowID;
   [infallible] readonly attribute unsigned long long outerWindowID;
   [infallible] readonly attribute unsigned long long parentOuterWindowID;
 
   /**
-   * Customized OriginAttributes within LoadInfo to allow overwriting of the
+   * Customized NeckoOriginAttributes within LoadInfo to allow overwriting of the
    * default originAttributes from the loadingPrincipal.
    */
   [implicit_jscontext, binaryname(ScriptableOriginAttributes)]
   attribute jsval originAttributes;
 
   [noscript, nostdcall, binaryname(GetOriginAttributes)]
-  OriginAttributes binaryGetOriginAttributes();
+  NeckoOriginAttributes binaryGetOriginAttributes();
 
   [noscript, nostdcall, binaryname(SetOriginAttributes)]
   void binarySetOriginAttributes(in const_OriginAttributesRef aOriginAttrs);
 
 %{ C++
-  inline mozilla::OriginAttributes GetOriginAttributes()
+  inline mozilla::NeckoOriginAttributes GetOriginAttributes()
   {
-    mozilla::OriginAttributes result;
+    mozilla::NeckoOriginAttributes result;
     mozilla::DebugOnly<nsresult> rv = GetOriginAttributes(&result);
     MOZ_ASSERT(NS_SUCCEEDED(rv));
     return result;
   }
 %}
 
   /**
    * Whenever a channel is openend by asyncOpen2() [or also open2()],
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -1195,25 +1195,27 @@ NS_UsePrivateBrowsing(nsIChannel *channe
     }
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(channel, loadContext);
     return loadContext && loadContext->UsePrivateBrowsing();
 }
 
 bool
 NS_GetOriginAttributes(nsIChannel *aChannel,
-                       mozilla::OriginAttributes &aAttributes)
+                       mozilla::NeckoOriginAttributes &aAttributes)
 {
     nsCOMPtr<nsILoadContext> loadContext;
     NS_QueryNotificationCallbacks(aChannel, loadContext);
     if (!loadContext) {
         return false;
     }
 
-    loadContext->GetOriginAttributes(aAttributes);
+    DocShellOriginAttributes doa;
+    loadContext->GetOriginAttributes(doa);
+    aAttributes.InheritFromDocShellToNecko(doa);
     return true;
 }
 
 bool
 NS_GetAppInfo(nsIChannel *aChannel,
               uint32_t *aAppID,
               bool *aIsInBrowserElement)
 {
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@@ -40,17 +40,17 @@ class nsIPersistentProperties;
 class nsIProxyInfo;
 class nsIRequestObserver;
 class nsIStreamListener;
 class nsIStreamLoader;
 class nsIStreamLoaderObserver;
 class nsIUnicharStreamLoader;
 class nsIUnicharStreamLoaderObserver;
 
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 template <class> class nsCOMPtr;
 template <typename> struct already_AddRefed;
 
 #ifdef MOZILLA_INTERNAL_API
 #include "nsReadableUtils.h"
 #include "nsString.h"
 #else
@@ -676,20 +676,20 @@ NS_QueryNotificationCallbacks(nsIInterfa
 
 /**
  * Returns true if channel is using Private Browsing, or false if not.
  * Returns false if channel's callbacks don't implement nsILoadContext.
  */
 bool NS_UsePrivateBrowsing(nsIChannel *channel);
 
 /**
- * Extract the OriginAttributes from the channel's triggering principal.
+ * Extract the NeckoOriginAttributes from the channel's triggering principal.
  */
 bool NS_GetOriginAttributes(nsIChannel *aChannel,
-                            mozilla::OriginAttributes &aAttributes);
+                            mozilla::NeckoOriginAttributes &aAttributes);
 
 // Constants duplicated from nsIScriptSecurityManager so we avoid having necko
 // know about script security manager.
 #define NECKO_NO_APP_ID 0
 #define NECKO_UNKNOWN_APP_ID UINT32_MAX
 // special app id reserved for separating the safebrowsing cookie
 #define NECKO_SAFEBROWSING_APP_ID UINT32_MAX - 1
 
--- a/netwerk/cache/nsApplicationCacheService.cpp
+++ b/netwerk/cache/nsApplicationCacheService.cpp
@@ -35,34 +35,34 @@ nsApplicationCacheService::~nsApplicatio
 
 NS_IMETHODIMP
 nsApplicationCacheService::BuildGroupID(nsIURI *aManifestURL,
                                         nsILoadContextInfo *aLoadContextInfo,
                                         nsACString &_result)
 {
     nsresult rv;
 
-    mozilla::OriginAttributes const *oa = aLoadContextInfo
+    mozilla::NeckoOriginAttributes const *oa = aLoadContextInfo
         ? aLoadContextInfo->OriginAttributesPtr()
         : nullptr;
 
     rv = nsOfflineCacheDevice::BuildApplicationCacheGroupID(
         aManifestURL, oa, _result);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsApplicationCacheService::BuildGroupIDForApp(nsIURI *aManifestURL,
                                               uint32_t aAppId,
                                               bool aIsInBrowser,
                                               nsACString &_result)
 {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
     oa.mAppId = aAppId;
     oa.mInBrowser = aIsInBrowser;
     nsresult rv = nsOfflineCacheDevice::BuildApplicationCacheGroupID(
         aManifestURL, &oa, _result);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
 }
--- a/netwerk/cache/nsDiskCacheDeviceSQL.cpp
+++ b/netwerk/cache/nsDiskCacheDeviceSQL.cpp
@@ -44,17 +44,17 @@
 
 #include "mozilla/Telemetry.h"
 
 #include "sqlite3.h"
 #include "mozilla/storage.h"
 
 using namespace mozilla;
 using namespace mozilla::storage;
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
 
 static const char OFFLINE_CACHE_DEVICE_ID[] = { "offline" };
 
 #define LOG(args) CACHE_LOG_DEBUG(args)
 
 static uint32_t gNextTemporaryClientID = 0;
 
 /*****************************************************************************
@@ -1299,30 +1299,30 @@ GetGroupForCache(const nsCSubstring &cli
   group.Assign(clientID);
   group.Truncate(group.FindChar('|'));
   NS_UnescapeURL(group);
 
   return NS_OK;
 }
 
 void
-AppendJARIdentifier(nsACString &_result, OriginAttributes const *aOriginAttributes)
+AppendJARIdentifier(nsACString &_result, NeckoOriginAttributes const *aOriginAttributes)
 {
   nsAutoCString suffix;
   aOriginAttributes->CreateSuffix(suffix);
   _result.Append('#');
   _result.Append(suffix);
 }
 
 } // namespace
 
 // static
 nsresult
 nsOfflineCacheDevice::BuildApplicationCacheGroupID(nsIURI *aManifestURL,
-                                                   OriginAttributes const *aOriginAttributes,
+                                                   NeckoOriginAttributes const *aOriginAttributes,
                                                    nsACString &_result)
 {
   nsCOMPtr<nsIURI> newURI;
   nsresult rv = aManifestURL->CloneIgnoringRef(getter_AddRefs(newURI));
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsAutoCString manifestSpec;
   rv = newURI->GetAsciiSpec(manifestSpec);
@@ -2416,21 +2416,21 @@ nsresult
 nsOfflineCacheDevice::DiscardByAppId(int32_t appID, bool browserEntriesOnly)
 {
   nsresult rv;
 
   nsAutoCString jaridsuffix;
 
   jaridsuffix.Append('%');
 
-  // TODO - this method should accept OriginAttributes* from outside instead.
+  // TODO - this method should accept NeckoOriginAttributes* from outside instead.
   // If passed null, we should then delegate to
   // nsCacheService::GlobalInstance()->EvictEntriesInternal(nsICache::STORE_OFFLINE);
 
-  OriginAttributes oa;
+  NeckoOriginAttributes oa;
   oa.mAppId = appID;
   oa.mInBrowser = browserEntriesOnly;
   AppendJARIdentifier(jaridsuffix, &oa);
 
   {
     AutoResetStatement statement(mStatement_EnumerateApps);
     rv = statement->BindUTF8StringByIndex(0, jaridsuffix);
     NS_ENSURE_SUCCESS(rv, rv);
@@ -2500,17 +2500,17 @@ nsOfflineCacheDevice::CanUseCache(nsIURI
     return false;
   }
 
   // Check the groupID we found is equal to groupID based
   // on the load context demanding load from app cache.
   // This is check of extended origin.
   nsAutoCString demandedGroupID;
 
-  const OriginAttributes *oa = loadContextInfo
+  const NeckoOriginAttributes *oa = loadContextInfo
     ? loadContextInfo->OriginAttributesPtr()
     : nullptr;
   rv = BuildApplicationCacheGroupID(groupURI, oa, demandedGroupID);
   NS_ENSURE_SUCCESS(rv, false);
 
   if (groupID != demandedGroupID) {
     return false;
   }
--- a/netwerk/cache/nsDiskCacheDeviceSQL.h
+++ b/netwerk/cache/nsDiskCacheDeviceSQL.h
@@ -20,17 +20,17 @@
 #include "nsClassHashtable.h"
 #include "nsWeakReference.h"
 #include "mozilla/Attributes.h"
 #include "mozilla/Mutex.h"
 
 class nsIURI;
 class nsOfflineCacheDevice;
 class mozIStorageService;
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 class nsApplicationCacheNamespace final : public nsIApplicationCacheNamespace
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSIAPPLICATIONCACHENAMESPACE
 
   nsApplicationCacheNamespace() : mItemType(0) {}
@@ -136,17 +136,17 @@ public:
                                      const nsACString &       key,
                                      bool *                 isOwned);
 
   nsresult                ClearKeysOwnedByDomain(const char *clientID,
                                                  const nsACString &ownerDomain);
   nsresult                EvictUnownedEntries(const char *clientID);
 
   static nsresult         BuildApplicationCacheGroupID(nsIURI *aManifestURL,
-                                                       mozilla::OriginAttributes const *aOriginAttributes,
+                                                       mozilla::NeckoOriginAttributes const *aOriginAttributes,
                                                        nsACString &_result);
 
   nsresult                ActivateCache(const nsCSubstring &group,
                                         const nsCSubstring &clientID);
   bool                    IsActiveCache(const nsCSubstring &group,
                                         const nsCSubstring &clientID);
   nsresult                CreateApplicationCache(const nsACString &group,
                                                  nsIApplicationCache **out);
--- a/netwerk/cache2/AppCacheStorage.cpp
+++ b/netwerk/cache2/AppCacheStorage.cpp
@@ -121,17 +121,17 @@ NS_IMETHODIMP AppCacheStorage::AsyncEvic
 
   nsCOMPtr<nsIApplicationCacheService> appCacheService =
     do_GetService(NS_APPLICATIONCACHESERVICE_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (!mAppCache) {
     // TODO - bug 1165256, have an API on nsIApplicationCacheService that takes
     // optional OAs and decides internally what to do.
-    const OriginAttributes* oa = LoadInfo()->OriginAttributesPtr();
+    const NeckoOriginAttributes* oa = LoadInfo()->OriginAttributesPtr();
     if (oa->mAppId == nsILoadContextInfo::NO_APP_ID && !oa->mInBrowser) {
       // Clear everything.
       nsCOMPtr<nsICacheService> serv =
           do_GetService(NS_CACHESERVICE_CONTRACTID, &rv);
       NS_ENSURE_SUCCESS(rv, rv);
 
       rv = nsCacheService::GlobalInstance()->EvictEntriesInternal(nsICache::STORE_OFFLINE);
       NS_ENSURE_SUCCESS(rv, rv);
--- a/netwerk/cache2/CacheFileMetadata.h
+++ b/netwerk/cache2/CacheFileMetadata.h
@@ -141,17 +141,17 @@ public:
 
   nsresult ReadMetadata(CacheFileMetadataListener *aListener);
   uint32_t CalcMetadataSize(uint32_t aElementsSize, uint32_t aHashCount);
   nsresult WriteMetadata(uint32_t aOffset,
                          CacheFileMetadataListener *aListener);
   nsresult SyncReadMetadata(nsIFile *aFile);
 
   bool     IsAnonymous() const { return mAnonymous; }
-  mozilla::OriginAttributes const & OriginAttributes() const { return mOriginAttributes; }
+  mozilla::NeckoOriginAttributes const & OriginAttributes() const { return mOriginAttributes; }
   bool     Pinned() const      { return !!(mMetaHdr.mFlags & kCacheEntryIsPinned); }
 
   const char * GetElement(const char *aKey);
   nsresult     SetElement(const char *aKey, const char *aValue);
   nsresult     Visit(nsICacheEntryMetaDataVisitor *aVisitor);
 
   CacheHash::Hash16_t GetHash(uint32_t aIndex);
   nsresult            SetHash(uint32_t aIndex, CacheHash::Hash16_t aHash);
@@ -208,17 +208,17 @@ private:
   uint32_t                            mBufSize;
   char                               *mWriteBuf;
   CacheFileMetadataHeader             mMetaHdr;
   uint32_t                            mElementsSize;
   bool                                mIsDirty        : 1;
   bool                                mAnonymous      : 1;
   bool                                mAllocExactSize : 1;
   bool                                mFirstRead      : 1;
-  mozilla::OriginAttributes           mOriginAttributes;
+  mozilla::NeckoOriginAttributes      mOriginAttributes;
   mozilla::TimeStamp                  mReadStart;
   nsCOMPtr<CacheFileMetadataListener> mListener;
 };
 
 
 } // namespace net
 } // namespace mozilla
 
--- a/netwerk/cache2/CacheFileUtils.cpp
+++ b/netwerk/cache2/CacheFileUtils.cpp
@@ -32,17 +32,17 @@ public:
     , isAnonymous(false)
     // Initialize the cache key to a zero length by default
     , lastTag(0)
   {
   }
 
 private:
   // Results
-  OriginAttributes originAttribs;
+  NeckoOriginAttributes originAttribs;
   bool isPrivate;
   bool isAnonymous;
   nsCString idEnhance;
   nsDependentCSubstring cacheKey;
 
   // Keeps the last tag name, used for alphabetical sort checking
   char lastTag;
 
@@ -201,17 +201,17 @@ AppendKeyPrefix(nsILoadContextInfo* aInf
   /**
    * This key is used to salt file hashes.  When form of the key is changed
    * cache entries will fail to find on disk.
    *
    * IMPORTANT NOTE:
    * Keep the attributes list sorted according their ASCII code.
    */
 
-  OriginAttributes const *oa = aInfo->OriginAttributesPtr();
+  NeckoOriginAttributes const *oa = aInfo->OriginAttributesPtr();
   nsAutoCString suffix;
   oa->CreateSuffix(suffix);
   if (!suffix.IsEmpty()) {
     AppendTagWithValue(_retval, 'O', suffix);
   }
 
   if (aInfo->IsAnonymous()) {
     _retval.AppendLiteral("a,");
--- a/netwerk/cache2/CacheObserver.cpp
+++ b/netwerk/cache2/CacheObserver.cpp
@@ -390,17 +390,17 @@ void CacheObserver::ParentDirOverride(ns
   sSelf->mCacheParentDirectoryOverride->Clone(aDir);
 }
 
 namespace {
 namespace CacheStorageEvictHelper {
 
 nsresult ClearStorage(bool const aPrivate,
                       bool const aAnonymous,
-                      OriginAttributes const &aOa)
+                      NeckoOriginAttributes const &aOa)
 {
   nsresult rv;
 
   RefPtr<LoadContextInfo> info = GetLoadContextInfo(aPrivate, aAnonymous, aOa);
 
   nsCOMPtr<nsICacheStorage> storage;
   RefPtr<CacheStorageService> service = CacheStorageService::Self();
   NS_ENSURE_TRUE(service, NS_ERROR_FAILURE);
@@ -415,17 +415,17 @@ nsresult ClearStorage(bool const aPrivat
   rv = service->MemoryCacheStorage(info, getter_AddRefs(storage));
   NS_ENSURE_SUCCESS(rv, rv);
   rv = storage->AsyncEvictStorage(nullptr);
   NS_ENSURE_SUCCESS(rv, rv);
 
   return NS_OK;
 }
 
-nsresult Run(OriginAttributes const &aOa)
+nsresult Run(NeckoOriginAttributes const &aOa)
 {
   nsresult rv;
 
   // Clear all [private X anonymous] combinations
   rv = ClearStorage(false, false, aOa);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = ClearStorage(false, true, aOa);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -510,19 +510,19 @@ CacheObserver::Observe(nsISupports* aSub
     RefPtr<CacheStorageService> service = CacheStorageService::Self();
     if (service)
       service->DropPrivateBrowsingEntries();
 
     return NS_OK;
   }
 
   if (!strcmp(aTopic, "clear-origin-data")) {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
     if (!oa.Init(nsDependentString(aData))) {
-      NS_ERROR("Could not parse OriginAttributes JSON in clear-origin-data notification");
+      NS_ERROR("Could not parse NeckoOriginAttributes JSON in clear-origin-data notification");
       return NS_OK;
     }
 
     nsresult rv = CacheStorageEvictHelper::Run(oa);
     NS_ENSURE_SUCCESS(rv, rv);
 
     return NS_OK;
   }
--- a/netwerk/cache2/OldWrappers.cpp
+++ b/netwerk/cache2/OldWrappers.cpp
@@ -523,17 +523,17 @@ NS_IMETHODIMP _OldCacheEntryWrapper::Vis
 
 namespace {
 
 nsresult
 GetCacheSessionNameForStoragePolicy(
         nsCSubstring const &scheme,
         nsCacheStoragePolicy storagePolicy,
         bool isPrivate,
-        OriginAttributes const *originAttribs,
+        NeckoOriginAttributes const *originAttribs,
         nsACString& sessionName)
 {
   MOZ_ASSERT(!isPrivate || storagePolicy == nsICache::STORE_IN_MEMORY);
 
   // HTTP
   if (scheme.EqualsLiteral("http") ||
       scheme.EqualsLiteral("https")) {
     switch (storagePolicy) {
--- a/netwerk/cookie/CookieServiceParent.cpp
+++ b/netwerk/cookie/CookieServiceParent.cpp
@@ -14,32 +14,36 @@
 #include "nsIScriptSecurityManager.h"
 #include "nsIPrivateBrowsingChannel.h"
 #include "nsNetCID.h"
 #include "nsPrintfCString.h"
 #include "SerializedLoadContext.h"
 
 using namespace mozilla::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::dom::PContentParent;
 using mozilla::net::NeckoParent;
 
 namespace {
 
 // Ignore failures from this function, as they only affect whether we do or
 // don't show a dialog box in private browsing mode if the user sets a pref.
 void
-CreateDummyChannel(nsIURI* aHostURI, OriginAttributes &aAttrs, bool aIsPrivate,
-                   nsIChannel **aChannel)
+CreateDummyChannel(nsIURI* aHostURI, NeckoOriginAttributes& aAttrs, bool aIsPrivate,
+                   nsIChannel** aChannel)
 {
   MOZ_ASSERT(aAttrs.mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID);
 
+  PrincipalOriginAttributes attrs;
+  attrs.InheritFromNecko(aAttrs);
+
   nsCOMPtr<nsIPrincipal> principal =
-    BasePrincipal::CreateCodebasePrincipal(aHostURI, aAttrs);
+    BasePrincipal::CreateCodebasePrincipal(aHostURI, attrs);
   if (!principal) {
     return;
   }
 
   nsCOMPtr<nsIURI> dummyURI;
   nsresult rv = NS_NewURI(getter_AddRefs(dummyURI), "about:blank");
   if (NS_FAILED(rv)) {
       return;
@@ -61,34 +65,37 @@ CreateDummyChannel(nsIURI* aHostURI, Ori
 }
 
 namespace mozilla {
 namespace net {
 
 MOZ_WARN_UNUSED_RESULT
 bool
 CookieServiceParent::GetOriginAttributesFromParams(const IPC::SerializedLoadContext &aLoadContext,
-                                                   OriginAttributes& aAttrs,
+                                                   NeckoOriginAttributes& aAttrs,
                                                    bool& aIsPrivate)
 {
   aIsPrivate = false;
 
+  DocShellOriginAttributes docShellAttrs;
   const char* error = NeckoParent::GetValidatedAppInfo(aLoadContext,
                                                        Manager()->Manager(),
-                                                       aAttrs);
+                                                       docShellAttrs);
   if (error) {
     NS_WARNING(nsPrintfCString("CookieServiceParent: GetOriginAttributesFromParams: "
                                "FATAL error: %s: KILLING CHILD PROCESS\n",
                                error).get());
     return false;
   }
 
   if (aLoadContext.IsPrivateBitValid()) {
     aIsPrivate = aLoadContext.mUsePrivateBrowsing;
   }
+
+  aAttrs.InheritFromDocShellToNecko(docShellAttrs);
   return true;
 }
 
 CookieServiceParent::CookieServiceParent()
 {
   // Instantiate the cookieservice via the service manager, so it sticks around
   // until shutdown.
   nsCOMPtr<nsICookieService> cs = do_GetService(NS_COOKIESERVICE_CONTRACTID);
@@ -121,17 +128,17 @@ CookieServiceParent::RecvGetCookieString
     return true;
 
   // Deserialize URI. Having a host URI is mandatory and should always be
   // provided by the child; thus we consider failure fatal.
   nsCOMPtr<nsIURI> hostURI = DeserializeURI(aHost);
   if (!hostURI)
     return false;
 
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool isPrivate;
   bool valid = GetOriginAttributesFromParams(aLoadContext, attrs, isPrivate);
   if (!valid) {
     return false;
   }
 
   mCookieService->GetCookieStringInternal(hostURI, aIsForeign, aFromHttp, attrs,
                                           isPrivate, *aResult);
@@ -151,17 +158,17 @@ CookieServiceParent::RecvSetCookieString
     return true;
 
   // Deserialize URI. Having a host URI is mandatory and should always be
   // provided by the child; thus we consider failure fatal.
   nsCOMPtr<nsIURI> hostURI = DeserializeURI(aHost);
   if (!hostURI)
     return false;
 
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   bool isPrivate;
   bool valid = GetOriginAttributesFromParams(aLoadContext, attrs, isPrivate);
   if (!valid) {
     return false;
   }
 
   // This is a gross hack. We've already computed everything we need to know
   // for whether to set this cookie or not, but we need to communicate all of
--- a/netwerk/cookie/CookieServiceParent.h
+++ b/netwerk/cookie/CookieServiceParent.h
@@ -5,31 +5,31 @@
 
 #ifndef mozilla_net_CookieServiceParent_h
 #define mozilla_net_CookieServiceParent_h
 
 #include "mozilla/net/PCookieServiceParent.h"
 #include "SerializedLoadContext.h"
 
 class nsCookieService;
-namespace mozilla { class OriginAttributes; }
+namespace mozilla { class NeckoOriginAttributes; }
 
 namespace mozilla {
 namespace net {
 
 class CookieServiceParent : public PCookieServiceParent
 {
 public:
   CookieServiceParent();
   virtual ~CookieServiceParent();
 
 protected:
   MOZ_WARN_UNUSED_RESULT bool
   GetOriginAttributesFromParams(const IPC::SerializedLoadContext &aLoadContext,
-                                OriginAttributes& aAttrs,
+                                NeckoOriginAttributes& aAttrs,
                                 bool& aIsPrivate);
 
   virtual void ActorDestroy(ActorDestroyReason aWhy) override;
 
   virtual bool RecvGetCookieString(const URIParams& aHost,
                                    const bool& aIsForeign,
                                    const bool& aFromHttp,
                                    const IPC::SerializedLoadContext&
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -56,17 +56,17 @@
 using namespace mozilla;
 using namespace mozilla::net;
 
 // Create key from baseDomain that will access the default cookie namespace.
 // TODO: When we figure out what the API will look like for nsICookieManager{2}
 // on content processes (see bug 777620), change to use the appropriate app
 // namespace.  For now those IDLs aren't supported on child processes.
 #define DEFAULT_APP_KEY(baseDomain) \
-        nsCookieKey(baseDomain, OriginAttributes())
+        nsCookieKey(baseDomain, NeckoOriginAttributes())
 
 /******************************************************************************
  * nsCookieService impl:
  * useful types & constants
  ******************************************************************************/
 
 static nsCookieService *gCookieService;
 
@@ -568,17 +568,17 @@ public:
 
   // nsIObserver implementation.
   NS_IMETHODIMP
   Observe(nsISupports *aSubject, const char *aTopic, const char16_t *aData) override
   {
     MOZ_ASSERT(!nsCRT::strcmp(aTopic, TOPIC_CLEAR_ORIGIN_DATA));
 
     MOZ_ASSERT(XRE_IsParentProcess());
-    OriginAttributes attrs;
+    NeckoOriginAttributes attrs;
     MOZ_ALWAYS_TRUE(attrs.Init(nsDependentString(aData)));
 
     nsCOMPtr<nsICookieManager2> cookieManager
       = do_GetService(NS_COOKIEMANAGER_CONTRACTID);
     MOZ_ASSERT(cookieManager);
 
     // TODO: We should add a new interface RemoveCookiesForOriginAttributes in
     // nsICookieManager2 and use it instead of RemoveCookiesForApp.
@@ -828,17 +828,17 @@ ConvertAppIdToOriginAttrsSQLFunction::On
 
   rv = aFunctionArguments->GetInt32(0, &appId);
   NS_ENSURE_SUCCESS(rv, rv);
   rv = aFunctionArguments->GetInt32(1, &inBrowser);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Create an originAttributes object by appId and inBrowserElemnt.
   // Then create the originSuffix string from this object.
-  OriginAttributes attrs(appId, (inBrowser ? 1 : 0));
+  NeckoOriginAttributes attrs(appId, (inBrowser ? 1 : 0));
   nsAutoCString suffix;
   attrs.CreateSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsAUTF8String(suffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
   outVar.forget(aResult);
@@ -856,17 +856,17 @@ class SetAppIdFromOriginAttributesSQLFun
 NS_IMPL_ISUPPORTS(SetAppIdFromOriginAttributesSQLFunction, mozIStorageFunction);
 
 NS_IMETHODIMP
 SetAppIdFromOriginAttributesSQLFunction::OnFunctionCall(
   mozIStorageValueArray* aFunctionArguments, nsIVariant** aResult)
 {
   nsresult rv;
   nsAutoCString suffix;
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
 
   rv = aFunctionArguments->GetUTF8String(0, suffix);
   NS_ENSURE_SUCCESS(rv, rv);
   attrs.PopulateFromSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsInt32(attrs.mAppId);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -888,17 +888,17 @@ NS_IMPL_ISUPPORTS(SetInBrowserFromOrigin
                   mozIStorageFunction);
 
 NS_IMETHODIMP
 SetInBrowserFromOriginAttributesSQLFunction::OnFunctionCall(
   mozIStorageValueArray* aFunctionArguments, nsIVariant** aResult)
 {
   nsresult rv;
   nsAutoCString suffix;
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
 
   rv = aFunctionArguments->GetUTF8String(0, suffix);
   NS_ENSURE_SUCCESS(rv, rv);
   attrs.PopulateFromSuffix(suffix);
 
   RefPtr<nsVariant> outVar(new nsVariant());
   rv = outVar->SetAsInt32(attrs.mInBrowser);
   NS_ENSURE_SUCCESS(rv, rv);
@@ -1890,17 +1890,17 @@ nsCookieService::GetCookieStringCommon(n
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookie);
 
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
 
   // Get originAttributes.
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
 
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
 
   nsAutoCString result;
   GetCookieStringInternal(aHostURI, isForeign, aHttpBound, attrs,
@@ -1963,17 +1963,17 @@ nsCookieService::SetCookieStringCommon(n
   NS_ENSURE_ARG(aHostURI);
   NS_ENSURE_ARG(aCookieHeader);
 
   // Determine whether the request is foreign. Failure is acceptable.
   bool isForeign = true;
   mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
 
   // Get originAttributes.
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   if (aChannel) {
     NS_GetOriginAttributes(aChannel, attrs);
   }
 
   bool isPrivate = aChannel && NS_UsePrivateBrowsing(aChannel);
 
   nsDependentCString cookieString(aCookieHeader);
   nsDependentCString serverTime(aServerTime ? aServerTime : "");
@@ -1984,17 +1984,17 @@ nsCookieService::SetCookieStringCommon(n
 }
 
 void
 nsCookieService::SetCookieStringInternal(nsIURI                 *aHostURI,
                                          bool                    aIsForeign,
                                          nsDependentCString     &aCookieHeader,
                                          const nsCString        &aServerTime,
                                          bool                    aFromHttp,
-                                         const OriginAttributes &aOriginAttrs,
+                                         const NeckoOriginAttributes &aOriginAttrs,
                                          bool                    aIsPrivate,
                                          nsIChannel             *aChannel)
 {
   NS_ASSERTION(aHostURI, "null host!");
 
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
@@ -2295,17 +2295,17 @@ nsCookieService::Add(const nsACString &a
   }
 
   AddInternal(DEFAULT_APP_KEY(baseDomain), cookie, currentTimeInUsec, nullptr, nullptr, true);
   return NS_OK;
 }
 
 
 nsresult
-nsCookieService::Remove(const nsACString& aHost, const OriginAttributes& aAttrs,
+nsCookieService::Remove(const nsACString& aHost, const NeckoOriginAttributes& aAttrs,
                         const nsACString& aName, const nsACString& aPath,
                         bool aBlocked)
 {
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return NS_ERROR_NOT_AVAILABLE;
   }
 
@@ -2353,17 +2353,17 @@ nsCookieService::Remove(const nsACString
 }
 
 NS_IMETHODIMP
 nsCookieService::Remove(const nsACString &aHost,
                         const nsACString &aName,
                         const nsACString &aPath,
                         bool             aBlocked)
 {
-  OriginAttributes attrs;
+  NeckoOriginAttributes attrs;
   return Remove(aHost, attrs, aName, aPath, aBlocked);
 }
 
 /******************************************************************************
  * nsCookieService impl:
  * private file I/O functions
  ******************************************************************************/
 
@@ -2677,17 +2677,17 @@ nsCookieService::EnsureReadComplete()
 
     if (!hasResult)
       break;
 
     // Make sure we haven't already read the data.
     stmt->GetUTF8String(IDX_BASE_DOMAIN, baseDomain);
 
     nsAutoCString suffix;
-    OriginAttributes attrs;
+    NeckoOriginAttributes attrs;
     stmt->GetUTF8String(IDX_ORIGIN_ATTRIBUTES, suffix);
     attrs.PopulateFromSuffix(suffix);
 
     nsCookieKey key(baseDomain, attrs);
     if (mDefaultDBState->readSet.GetEntry(key))
       continue;
 
     CookieDomainTuple* tuple = array.AppendElement();
@@ -2826,17 +2826,17 @@ nsCookieService::ImportCookies(nsIFile *
     }
 
     // compute the baseDomain from the host
     rv = GetBaseDomainFromHost(host, baseDomain);
     if (NS_FAILED(rv))
       continue;
 
     // pre-existing cookies have appId=0, inBrowser=false set by default
-    // constructor of OriginAttributes().
+    // constructor of NeckoOriginAttributes().
     nsCookieKey key = DEFAULT_APP_KEY(baseDomain);
 
     // Create a new nsCookie and assign the data. We don't know the cookie
     // creation time, so just use the current time to generate a unique one.
     RefPtr<nsCookie> newCookie =
       nsCookie::Create(Substring(buffer, nameIndex, cookieIndex - nameIndex - 1),
                        Substring(buffer, cookieIndex, buffer.Length() - cookieIndex),
                        host,
@@ -2917,17 +2917,17 @@ public:
     return aCookie1->CreationTime() < aCookie2->CreationTime();
   }
 };
 
 void
 nsCookieService::GetCookieStringInternal(nsIURI *aHostURI,
                                          bool aIsForeign,
                                          bool aHttpBound,
-                                         const OriginAttributes aOriginAttrs,
+                                         const NeckoOriginAttributes aOriginAttrs,
                                          bool aIsPrivate,
                                          nsCString &aCookieString)
 {
   NS_ASSERTION(aHostURI, "null host!");
 
   if (!mDBState) {
     NS_WARNING("No DBState! Profile already closed?");
     return;
@@ -4325,17 +4325,17 @@ nsCookieService::RemoveCookiesForApp(uin
     // A simple solution is to always ask to remove the cookie with
     // inBrowserElement = true and only ask for the other one to be removed if
     // we happen to be in the case of !aOnlyBrowserElement.
     // Anyway, with this solution, we will likely be looking for unexistant
     // cookies.
     //
     // NOTE: we could make this better by getting nsCookieEntry objects instead
     // of plain nsICookie.
-    OriginAttributes attrs(aAppId, true);
+    NeckoOriginAttributes attrs(aAppId, true);
     Remove(host, attrs, name, path, false);
     if (!aOnlyBrowserElement) {
       attrs.mInBrowser = false;
       Remove(host, attrs, name, path, false);
     }
   }
 
   return NS_OK;
--- a/netwerk/cookie/nsCookieService.h
+++ b/netwerk/cookie/nsCookieService.h
@@ -27,17 +27,17 @@
 #include "mozIStorageStatementCallback.h"
 #include "mozIStorageFunction.h"
 #include "nsIVariant.h"
 #include "nsIFile.h"
 #include "mozilla/BasePrincipal.h"
 
 #include "mozilla/MemoryReporting.h"
 
-using mozilla::OriginAttributes;
+using mozilla::NeckoOriginAttributes;
 
 class nsICookiePermission;
 class nsIEffectiveTLDService;
 class nsIIDNService;
 class nsIPrefBranch;
 class nsIObserverService;
 class nsIURI;
 class nsIChannel;
@@ -60,17 +60,17 @@ class nsCookieKey : public PLDHashEntryH
 {
 public:
   typedef const nsCookieKey& KeyType;
   typedef const nsCookieKey* KeyTypePointer;
 
   nsCookieKey()
   {}
 
-  nsCookieKey(const nsCString &baseDomain, const OriginAttributes &attrs)
+  nsCookieKey(const nsCString &baseDomain, const NeckoOriginAttributes &attrs)
     : mBaseDomain(baseDomain)
     , mOriginAttributes(attrs)
   {}
 
   explicit nsCookieKey(KeyTypePointer other)
     : mBaseDomain(other->mBaseDomain)
     , mOriginAttributes(other->mOriginAttributes)
   {}
@@ -105,17 +105,17 @@ public:
     return mozilla::HashString(temp);
   }
 
   size_t SizeOfExcludingThis(mozilla::MallocSizeOf aMallocSizeOf) const;
 
   enum { ALLOW_MEMMOVE = true };
 
   nsCString        mBaseDomain;
-  OriginAttributes mOriginAttributes;
+  NeckoOriginAttributes mOriginAttributes;
 };
 
 // Inherit from nsCookieKey so this can be stored in nsTHashTable
 // TODO: why aren't we using nsClassHashTable<nsCookieKey, ArrayType>?
 class nsCookieEntry : public nsCookieKey
 {
   public:
     // Hash methods
@@ -287,19 +287,19 @@ class nsCookieService final : public nsI
     void                          AsyncReadComplete();
     void                          CancelAsyncRead(bool aPurgeReadSet);
     void                          EnsureReadDomain(const nsCookieKey &aKey);
     void                          EnsureReadComplete();
     nsresult                      NormalizeHost(nsCString &aHost);
     nsresult                      GetBaseDomain(nsIURI *aHostURI, nsCString &aBaseDomain, bool &aRequireHostMatch);
     nsresult                      GetBaseDomainFromHost(const nsACString &aHost, nsCString &aBaseDomain);
     nsresult                      GetCookieStringCommon(nsIURI *aHostURI, nsIChannel *aChannel, bool aHttpBound, char** aCookie);
-  void                            GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aHttpBound, const OriginAttributes aOriginAttrs, bool aIsPrivate, nsCString &aCookie);
+  void                            GetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, bool aHttpBound, const NeckoOriginAttributes aOriginAttrs, bool aIsPrivate, nsCString &aCookie);
     nsresult                      SetCookieStringCommon(nsIURI *aHostURI, const char *aCookieHeader, const char *aServerTime, nsIChannel *aChannel, bool aFromHttp);
-  void                            SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const OriginAttributes &aOriginAttrs, bool aIsPrivate, nsIChannel* aChannel);
+  void                            SetCookieStringInternal(nsIURI *aHostURI, bool aIsForeign, nsDependentCString &aCookieHeader, const nsCString &aServerTime, bool aFromHttp, const NeckoOriginAttributes &aOriginAttrs, bool aIsPrivate, nsIChannel* aChannel);
     bool                          SetCookieInternal(nsIURI *aHostURI, const nsCookieKey& aKey, bool aRequireHostMatch, CookieStatus aStatus, nsDependentCString &aCookieHeader, int64_t aServerTime, bool aFromHttp, nsIChannel* aChannel);
     void                          AddInternal(const nsCookieKey& aKey, nsCookie *aCookie, int64_t aCurrentTimeInUsec, nsIURI *aHostURI, const char *aCookieHeader, bool aFromHttp);
     void                          RemoveCookieFromList(const nsListIter &aIter, mozIStorageBindingParamsArray *aParamsArray = nullptr);
     void                          AddCookieToList(const nsCookieKey& aKey, nsCookie *aCookie, DBState *aDBState, mozIStorageBindingParamsArray *aParamsArray, bool aWriteToDB = true);
     void                          UpdateCookieInList(nsCookie *aCookie, int64_t aLastAccessed, mozIStorageBindingParamsArray *aParamsArray);
     static bool                   GetTokenValue(nsASingleFragmentCString::const_char_iterator &aIter, nsASingleFragmentCString::const_char_iterator &aEndIter, nsDependentCSubstring &aTokenString, nsDependentCSubstring &aTokenValue, bool &aEqualsFound);
     static bool                   ParseAttributes(nsDependentCString &aCookieHeader, nsCookieAttributes &aCookie);
     bool                          RequireThirdPartyCheck();
@@ -315,20 +315,20 @@ class nsCookieService final : public nsI
     void                          NotifyThirdParty(nsIURI *aHostURI, bool aAccepted, nsIChannel *aChannel);
     void                          NotifyChanged(nsISupports *aSubject, const char16_t *aData);
     void                          NotifyPurged(nsICookie2* aCookie);
     already_AddRefed<nsIArray>    CreatePurgeList(nsICookie2* aCookie);
     void                          UpdateCookieOldestTime(DBState* aDBState, nsCookie* aCookie);
 
     /**
      * This method is a helper that allows calling nsICookieManager::Remove()
-     * with OriginAttributes parameter.
+     * with NeckoOriginAttributes parameter.
      * NOTE: this could be added to a public interface if we happen to need it.
      */
-    nsresult Remove(const nsACString& aHost, const OriginAttributes& aAttrs,
+    nsresult Remove(const nsACString& aHost, const NeckoOriginAttributes& aAttrs,
                     const nsACString& aName, const nsACString& aPath,
                     bool aBlocked);
 
   protected:
     // cached members.
     nsCOMPtr<nsICookiePermission>    mPermissionService;
     nsCOMPtr<mozIThirdPartyUtil>     mThirdPartyUtil;
     nsCOMPtr<nsIEffectiveTLDService> mTLDService;
--- a/netwerk/ipc/NeckoChannelParams.ipdlh
+++ b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -7,16 +7,17 @@
 
 include protocol PHttpChannel;
 include protocol PFTPChannel;
 include protocol PRtspChannel;
 include URIParams;
 include InputStreamParams;
 include PBackgroundSharedTypes;
 
+using mozilla::NeckoOriginAttributes from "mozilla/ipc/BackgroundUtils.h";
 using struct mozilla::void_t from "ipc/IPCMessageUtils.h";
 using RequestHeaderTuples from "mozilla/net/PHttpChannelParams.h";
 using struct nsHttpAtom from "nsHttp.h";
 using class nsHttpResponseHead from "nsHttpResponseHead.h";
 
 namespace mozilla {
 namespace net {
 
@@ -32,17 +33,17 @@ struct LoadInfoArgs
   uint32_t         contentPolicyType;
   bool             upgradeInsecureRequests;
   bool             upgradeInsecurePreloads;
   uint64_t         innerWindowID;
   uint64_t         outerWindowID;
   uint64_t         parentOuterWindowID;
   bool             enforceSecurity;
   bool             initialSecurityCheckDone;
-  OriginAttributes originAttributes;
+  NeckoOriginAttributes originAttributes;
   PrincipalInfo[]  redirectChainIncludingInternalRedirects;
   PrincipalInfo[]  redirectChain;
 };
 
 /**
  * Not every channel necessarily has a loadInfo attached.
  */
 union OptionalLoadInfoArgs
--- a/netwerk/ipc/NeckoParent.cpp
+++ b/netwerk/ipc/NeckoParent.cpp
@@ -40,17 +40,18 @@
 #include "nsAuthInformationHolder.h"
 #include "nsIAuthPromptCallback.h"
 #include "nsPrincipal.h"
 #include "nsIOService.h"
 #include "nsINetworkPredictor.h"
 #include "mozilla/net/OfflineObserver.h"
 #include "nsISpeculativeConnect.h"
 
-using mozilla::OriginAttributes;
+using mozilla::DocShellOriginAttributes;
+using mozilla::NeckoOriginAttributes;
 using mozilla::dom::ContentParent;
 using mozilla::dom::TabContext;
 using mozilla::dom::TabParent;
 using mozilla::net::PTCPSocketParent;
 using mozilla::dom::TCPSocketParent;
 using mozilla::net::PTCPServerSocketParent;
 using mozilla::dom::TCPServerSocketParent;
 using mozilla::net::PUDPSocketParent;
@@ -106,17 +107,17 @@ PBOverrideStatusFromLoadContext(const Se
       kPBOverride_NotPrivate;
   }
   return kPBOverride_Unset;
 }
 
 const char*
 NeckoParent::GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                                  PContentParent* aContent,
-                                 OriginAttributes& aAttrs)
+                                 DocShellOriginAttributes& aAttrs)
 {
   if (UsingNeckoIPCSecurity()) {
     if (!aSerialized.IsNotNull()) {
       return "SerializedLoadContext from child is null";
     }
   }
 
   nsTArray<TabContext> contextArray =
@@ -143,45 +144,45 @@ NeckoParent::GetValidatedAppInfo(const S
         // namespace if just appID==0)
         continue;
       }
     }
     if (!aSerialized.mOriginAttributes.mSignedPkg.IsEmpty() &&
         aSerialized.mOriginAttributes.mSignedPkg != tabContext.OriginAttributesRef().mSignedPkg) {
       continue;
     }
-    aAttrs = OriginAttributes(appId, inBrowserElement);
+    aAttrs = DocShellOriginAttributes(appId, inBrowserElement);
     aAttrs.mSignedPkg = tabContext.OriginAttributesRef().mSignedPkg;
     return nullptr;
   }
 
   if (contextArray.Length() != 0) {
     return "App does not have permission";
   }
 
   if (!UsingNeckoIPCSecurity()) {
     // We are running xpcshell tests
     if (aSerialized.IsNotNull()) {
       aAttrs = aSerialized.mOriginAttributes;
     } else {
-      aAttrs = OriginAttributes(NECKO_NO_APP_ID, false);
+      aAttrs = DocShellOriginAttributes(NECKO_NO_APP_ID, false);
     }
     return nullptr;
   }
 
   return "ContentParent does not have any PBrowsers";
 }
 
 const char *
 NeckoParent::CreateChannelLoadContext(const PBrowserOrId& aBrowser,
                                       PContentParent* aContent,
                                       const SerializedLoadContext& aSerialized,
                                       nsCOMPtr<nsILoadContext> &aResult)
 {
-  OriginAttributes attrs;
+  DocShellOriginAttributes attrs;
   const char* error = GetValidatedAppInfo(aSerialized, aContent, attrs);
   if (error) {
     return error;
   }
 
   // if !UsingNeckoIPCSecurity(), we may not have a LoadContext to set. This is
   // the common case for most xpcshell tests.
   if (aSerialized.IsNotNull()) {
@@ -893,17 +894,17 @@ NeckoParent::RecvPredPredict(const ipc::
                              const bool& hasVerifier)
 {
   nsCOMPtr<nsIURI> targetURI = DeserializeURI(aTargetURI);
   nsCOMPtr<nsIURI> sourceURI = DeserializeURI(aSourceURI);
 
   // We only actually care about the loadContext.mPrivateBrowsing, so we'll just
   // pass dummy params for nestFrameId, and originAttributes.
   uint64_t nestedFrameId = 0;
-  OriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
+  DocShellOriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
   nsCOMPtr<nsILoadContext> loadContext;
   if (aLoadContext.IsNotNull()) {
     loadContext = new LoadContext(aLoadContext, nestedFrameId, attrs);
   }
 
   // Get the current predictor
   nsresult rv = NS_OK;
   nsCOMPtr<nsINetworkPredictor> predictor =
@@ -925,17 +926,17 @@ NeckoParent::RecvPredLearn(const ipc::UR
                            const SerializedLoadContext& aLoadContext)
 {
   nsCOMPtr<nsIURI> targetURI = DeserializeURI(aTargetURI);
   nsCOMPtr<nsIURI> sourceURI = DeserializeURI(aSourceURI);
 
   // We only actually care about the loadContext.mPrivateBrowsing, so we'll just
   // pass dummy params for nestFrameId, and originAttributes;
   uint64_t nestedFrameId = 0;
-  OriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
+  DocShellOriginAttributes attrs(NECKO_UNKNOWN_APP_ID, false);
   nsCOMPtr<nsILoadContext> loadContext;
   if (aLoadContext.IsNotNull()) {
     loadContext = new LoadContext(aLoadContext, nestedFrameId, attrs);
   }
 
   // Get the current predictor
   nsresult rv = NS_OK;
   nsCOMPtr<nsINetworkPredictor> predictor =
--- a/netwerk/ipc/NeckoParent.h
+++ b/netwerk/ipc/NeckoParent.h
@@ -34,17 +34,17 @@ class NeckoParent
 public:
   NeckoParent();
   virtual ~NeckoParent();
 
   MOZ_WARN_UNUSED_RESULT
   static const char *
   GetValidatedAppInfo(const SerializedLoadContext& aSerialized,
                       PContentParent* aBrowser,
-                      mozilla::OriginAttributes& aAttrs);
+                      mozilla::DocShellOriginAttributes& aAttrs);
 
   /*
    * Creates LoadContext for parent-side of an e10s channel.
    *
    * PContentParent corresponds to the process that is requesting the load.
    *
    * Returns null if successful, or an error string if failed.
    */
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -36,17 +36,16 @@
 #include "nsQueryObject.h"
 #include "mozilla/BasePrincipal.h"
 #include "nsCORSListenerProxy.h"
 #include "nsIPrompt.h"
 #include "nsIWindowWatcher.h"
 #include "nsIDocument.h"
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
 using namespace mozilla::dom;
 using namespace mozilla::ipc;
 
 namespace mozilla {
 namespace net {
 
 HttpChannelParent::HttpChannelParent(const PBrowserOrId& iframeEmbedding,
                                      nsILoadContext* aLoadContext,
@@ -555,21 +554,28 @@ HttpChannelParent::DoAsyncOpen(  const U
                                                 getter_AddRefs(appCache));
       if (NS_SUCCEEDED(rv)) {
         appCacheChan->SetApplicationCache(appCache);
         setChooseApplicationCache = false;
       }
     }
 
     if (setChooseApplicationCache) {
-      OriginAttributes attrs;
+      DocShellOriginAttributes docShellAttrs;
       if (mLoadContext) {
-        attrs.CopyFromLoadContext(mLoadContext);
+        bool result = mLoadContext->GetOriginAttributes(docShellAttrs);
+        if (!result) {
+          return SendFailedAsyncOpen(NS_ERROR_FAILURE);
+        }
       }
 
+      NeckoOriginAttributes neckoAttrs;
+      neckoAttrs.InheritFromDocShellToNecko(docShellAttrs);
+      PrincipalOriginAttributes attrs;
+      attrs.InheritFromNecko(neckoAttrs);
       nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(uri, attrs);
 
       bool chooseAppCache = false;
       // This works because we've already called SetNotificationCallbacks and
       // done mPBOverride logic by this point.
       chooseAppCache = NS_ShouldCheckAppCache(principal, NS_UsePrivateBrowsing(mChannel));
 
--- a/netwerk/protocol/http/PackagedAppService.cpp
+++ b/netwerk/protocol/http/PackagedAppService.cpp
@@ -901,17 +901,17 @@ PackagedAppService::PackagedAppDownloade
 
   mRequesters.Clear();
 }
 
 static bool
 AddPackageIdToOrigin(nsACString& aOrigin, const nsACString& aPackageId)
 {
   nsAutoCString originNoSuffix;
-  mozilla::OriginAttributes attrs;
+  mozilla::NeckoOriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return false;
   }
 
   attrs.mSignedPkg = NS_ConvertUTF8toUTF16(aPackageId);
   nsAutoCString suffixWithPackageId;
   attrs.CreateSuffix(suffixWithPackageId);
   aOrigin = originNoSuffix + suffixWithPackageId;
--- a/netwerk/protocol/http/PackagedAppVerifier.cpp
+++ b/netwerk/protocol/http/PackagedAppVerifier.cpp
@@ -76,17 +76,17 @@ NS_IMETHODIMP PackagedAppVerifier::Init(
   mListener = aListener;
   mState = STATE_UNKNOWN;
   mSignature = aSignature;
   mIsPackageSigned = false;
   mPackageCacheEntry = aPackageCacheEntry;
   mIsFirstResource = true;
   mManifest = EmptyCString();
 
-  OriginAttributes().PopulateFromOrigin(aPackageOrigin, mPackageOrigin);
+  NeckoOriginAttributes().PopulateFromOrigin(aPackageOrigin, mPackageOrigin);
   mBypassVerification = (mPackageOrigin ==
       Preferences::GetCString("network.http.signed-packages.trusted-origin"));
 
   LOG(("mBypassVerification = %d\n", mBypassVerification));
   LOG(("mPackageOrigin = %s\n", mPackageOrigin.get()));
 
   nsresult rv;
   mPackagedAppUtils = do_CreateInstance(NS_PACKAGEDAPPUTILS_CONTRACTID, &rv);
--- a/netwerk/protocol/http/nsHttpAuthCache.cpp
+++ b/netwerk/protocol/http/nsHttpAuthCache.cpp
@@ -287,18 +287,18 @@ RemoveEntriesForPattern(PLHashEntry *ent
     nsDependentCString key(static_cast<const char*>(entry->key));
 
     // Extract the origin attributes suffix from the key.
     int32_t colon = key.Find(NS_LITERAL_CSTRING(":"));
     MOZ_ASSERT(colon != kNotFound);
     nsDependentCSubstring oaSuffix;
     oaSuffix.Rebind(key.BeginReading(), colon);
 
-    // Build the OriginAttributes object of it...
-    OriginAttributes oa;
+    // Build the NeckoOriginAttributes object of it...
+    NeckoOriginAttributes oa;
     DebugOnly<bool> rv = oa.PopulateFromSuffix(oaSuffix);
     MOZ_ASSERT(rv);
 
     // ...and match it against the given pattern.
     OriginAttributesPattern const *pattern = static_cast<OriginAttributesPattern const*>(arg);
     if (pattern->Matches(oa)) {
         return HT_ENUMERATE_NEXT | HT_ENUMERATE_REMOVE;
     }
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -38,17 +38,17 @@ namespace net {
 
 #define HTTP_AUTH_DIALOG_TOP_LEVEL_DOC 0
 #define HTTP_AUTH_DIALOG_SAME_ORIGIN_SUBRESOURCE 1
 #define HTTP_AUTH_DIALOG_CROSS_ORIGIN_SUBRESOURCE 2
 
 static void
 GetOriginAttributesSuffix(nsIChannel* aChan, nsACString &aSuffix)
 {
-    OriginAttributes oa;
+    NeckoOriginAttributes oa;
 
     // Deliberately ignoring the result and going with defaults
     if (aChan) {
         NS_GetOriginAttributes(aChan, oa);
     }
 
     oa.CreateSuffix(aSuffix);
 }
--- a/netwerk/protocol/wyciwyg/nsWyciwygChannel.h
+++ b/netwerk/protocol/wyciwyg/nsWyciwygChannel.h
@@ -82,17 +82,17 @@ protected:
     nsresult                            mStatus;
     bool                                mIsPending;
     bool                                mCharsetAndSourceSet;
     bool                                mNeedToWriteCharset;
     int32_t                             mCharsetSource;
     nsCString                           mCharset;
     int64_t                             mContentLength;
     uint32_t                            mLoadFlags;
-    mozilla::OriginAttributes           mOriginAttributes;
+    mozilla::NeckoOriginAttributes      mOriginAttributes;
     nsCOMPtr<nsIURI>                    mURI;
     nsCOMPtr<nsIURI>                    mOriginalURI;
     nsCOMPtr<nsISupports>               mOwner;
     nsCOMPtr<nsILoadInfo>               mLoadInfo;
     nsCOMPtr<nsIInterfaceRequestor>     mCallbacks;
     nsCOMPtr<nsIProgressEventSink>      mProgressSink;
     nsCOMPtr<nsILoadGroup>              mLoadGroup;
     nsCOMPtr<nsIStreamListener>         mListener;
--- a/netwerk/test/mochitests/mochitest.ini
+++ b/netwerk/test/mochitests/mochitest.ini
@@ -28,8 +28,10 @@ skip-if = e10s
 [test_signed_web_packaged_app.html]
 skip-if = e10s || buildapp != 'browser'
 [test_signed_web_packaged_app_origin.html]
 skip-if = e10s || buildapp != 'browser'
 [test_web_packaged_app.html]
 [test_loadinfo_redirectchain.html]
 skip-if = buildapp == 'b2g' #no ssl support
 [test_idn_redirect.html]
+[test_origin_attributes_conversion.html]
+skip-if = e10s || buildapp != 'browser'
--- a/netwerk/test/mochitests/signed_web_packaged_app.sjs
+++ b/netwerk/test/mochitests/signed_web_packaged_app.sjs
@@ -1,37 +1,36 @@
 var Cc = Components.classes;
 var Ci = Components.interfaces;
 var Cu = Components.utils;
 
 function handleRequest(request, response)
 {
   response.setHeader("Content-Type", "application/package", false);
   response.write(signedPackage);
-  return;
 }
 
 // The package content
 // getData formats it as described at http://www.w3.org/TR/web-packaging/#streamable-package-format
-var signedPackage = `manifest-signature: MIIF1AYJKoZIhvcNAQcCoIIFxTCCBcECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA54wggOaMIICgqADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbRXhhbXBsZSBUcnVzdGVkIENvcnBvcmF0aW9uMRkwFwYDVQQDExBUcnVzdGVkIFZhbGlkIENBMB4XDTE1MTExOTAzMDEwNVoXDTM1MTExOTAzMDEwNVowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGjAYBgNVBAMTEVRydXN0ZWQgQ29ycCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPback9X7RRxKTc3/5o2vm9Ro6XNiSM9NPsN3djjCIVz50bY0rJkP98zsqpFjnLwqHeJigxyYoqFexRhRLgKrG10CxNl4rxP6CEPENjvj5FfbX/HUZpT/DelNR18F498yD95vSHcSrCc3JrjV3bKA+wgt11E4a0Ba95S1RuwtehZw1+Y4hO8nHpbSGfjD0BpluFY2nDoYAm+aWSrsmLuJsKLO8Xn2I1brZFJUynR3q1ujuDE9EJk1niDLfOeVgXM4AavJS5C0ZBHhAhR2W+K9NN97jpkpmHFqecTwDXB7rEhsyB3185cI7anaaQfHHfH5+4SD+cMDNtYIOSgLO06ZwIDAQABozgwNjAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAlnVyLz5dPhS0ZhZD6qJOUzSo6nFwMxNX1m0oS37mevtuh0b0o1gmEuMw3mVxiAVkC2vPsoxBL2wLlAkcEdBPxGEqhBmtiBY3F3DgvEkf+/sOY1rnr6O1qLZuBAnPzA1Vnco8Jwf0DYF0PxaRd8yT5XSl5qGpM2DItEldZwuKKaL94UEgIeC2c+Uv/IOyrv+EyftX96vcmRwr8ghPFLQ+36H5nuAKEpDD170EvfWl1zs0dUPiqSI6l+hy5V14gl63Woi34L727+FKx8oatbyZtdvbeeOmenfTLifLomnZdx+3WMLkp3TLlHa5xDLwifvZtBP2d3c6zHp7gdrGU1u2WTGCAf4wggH6AgEBMHgwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFRydXN0ZWQgVmFsaWQgQ0ECAQQwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTExOTA2NTUyOFowIwYJKoZIhvcNAQkEMRYEFENKTXRUkdej+EPd/oKRhz0Cp13zMA0GCSqGSIb3DQEBAQUABIIBAGUh2vVwKqidBo7VEaEtjw3Uh1ElXLRPySu5Mmaw3yHgVhq4jAVnqm2Iwpe+C8d3Jb9Vd98NyvZfXFwu+dHKIEmOk0jQFJeO0kShaaWbK0awz08J9tSUz9WTLzNUAHiYgzNlN7j4S6fQ0d1nxW4+I0GSL6ojAsxWyeUW4QbFfuJe01/WlsVSuUBKwU5a1a7enb10OP84cIdXglm+PpKDyzk+sIyj/hyg57QXjvmLT5+QVGLUk4DmLZUGZKwGLeg4ofwGDqAH6Y+6f5wKo/sQkl7/L0n2wl4TsQwDtS7aE6Uu6uswp/du/OwLY6fpTChVfHqn8t96u/swJmMSvF/eq2g=\r
---X3JDIZCX8G\r
+var signedPackage = `manifest-signature: MIIF1AYJKoZIhvcNAQcCoIIFxTCCBcECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCCA54wggOaMIICgqADAgECAgEEMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEkMCIGA1UEChMbRXhhbXBsZSBUcnVzdGVkIENvcnBvcmF0aW9uMRkwFwYDVQQDExBUcnVzdGVkIFZhbGlkIENBMB4XDTE1MTExOTAzMDEwNVoXDTM1MTExOTAzMDEwNVowdDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGjAYBgNVBAMTEVRydXN0ZWQgQ29ycCBDZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzPback9X7RRxKTc3/5o2vm9Ro6XNiSM9NPsN3djjCIVz50bY0rJkP98zsqpFjnLwqHeJigxyYoqFexRhRLgKrG10CxNl4rxP6CEPENjvj5FfbX/HUZpT/DelNR18F498yD95vSHcSrCc3JrjV3bKA+wgt11E4a0Ba95S1RuwtehZw1+Y4hO8nHpbSGfjD0BpluFY2nDoYAm+aWSrsmLuJsKLO8Xn2I1brZFJUynR3q1ujuDE9EJk1niDLfOeVgXM4AavJS5C0ZBHhAhR2W+K9NN97jpkpmHFqecTwDXB7rEhsyB3185cI7anaaQfHHfH5+4SD+cMDNtYIOSgLO06ZwIDAQABozgwNjAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAlnVyLz5dPhS0ZhZD6qJOUzSo6nFwMxNX1m0oS37mevtuh0b0o1gmEuMw3mVxiAVkC2vPsoxBL2wLlAkcEdBPxGEqhBmtiBY3F3DgvEkf+/sOY1rnr6O1qLZuBAnPzA1Vnco8Jwf0DYF0PxaRd8yT5XSl5qGpM2DItEldZwuKKaL94UEgIeC2c+Uv/IOyrv+EyftX96vcmRwr8ghPFLQ+36H5nuAKEpDD170EvfWl1zs0dUPiqSI6l+hy5V14gl63Woi34L727+FKx8oatbyZtdvbeeOmenfTLifLomnZdx+3WMLkp3TLlHa5xDLwifvZtBP2d3c6zHp7gdrGU1u2WTGCAf4wggH6AgEBMHgwczELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MSQwIgYDVQQKExtFeGFtcGxlIFRydXN0ZWQgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFRydXN0ZWQgVmFsaWQgQ0ECAQQwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MTEyNTAzMDQzMFowIwYJKoZIhvcNAQkEMRYEFD4ut4oKoYdcGzyfQE6ROeazv+uNMA0GCSqGSIb3DQEBAQUABIIBAFG99dKBSOzQmYVn6lHKWERVDtYXbDTIVF957ID8YH9B5unlX/PdludTNbP5dzn8GWQV08tNRgoXQ5sgxjifHunrpaR1WiR6XqvwOCBeA5NB688jxGNxth6zg6fCGFaynsYMX3FlglfIW+AYwyQUclbv+C4UORJpBjvuknOnK+UDBLVSoP9ivL6KhylYna3oFcs0SMsumc/jf/oQW51LzFHpn61TRUqdDgvGhwcjgphMhKj23KwkjwRspU2oIWNRAuhZgqDD5BJlNniCr9X5Hx1dW6tIVISO91CLAryYkGZKRJYekXctCpIvldUkIDeh2tAw5owr0jtsVd6ovFF3bV4=\r
+--NKWXJUAFXB\r
 Content-Location: manifest.webapp\r
 Content-Type: application/x-web-app-manifest+json\r
 \r
 {
   "moz-package-origin": "http://mochi.test:8888",
   "name": "My App",
   "moz-resources": [
     {
       "src": "page2.html",
       "integrity": "JREF3JbXGvZ+I1KHtoz3f46ZkeIPrvXtG4VyFQrJ7II="
     },
     {
       "src": "index.html",
-      "integrity": "IjQ2S/V9qsC7wW5uv/Niq40M1aivvqH5+1GKRwUnyRg="
+      "integrity": "Jkvco7U8WOY9s0YREsPouX+DWK7FWlgZwA0iYYSrb7Q="
     },
     {
       "src": "scripts/script.js",
       "integrity": "6TqtNArQKrrsXEQWu3D9ZD8xvDRIkhyV6zVdTcmsT5Q="
     },
     {
       "src": "scripts/library.js",
       "integrity": "TN2ByXZiaBiBCvS4MeZ02UyNi44vED+KjdjLInUl4o8="
@@ -45,37 +44,38 @@ Content-Type: application/x-web-app-mani
       "devicestorage:pictures": {
         "description": "Need to load pictures"
       }
     }
   ],
   "package-identifier": "09bc9714-7ab6-4320-9d20-fde4c237522c",
   "description": "A great app!"
 }\r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: page2.html\r
 Content-Type: text/html\r
 \r
 <html>
   page2.html
 </html>
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: index.html\r
 Content-Type: text/html\r
 \r
 <html>
   Last updated: 2015/10/28
+  <iframe id="innerFrame" src="page2.html"></iframe>
 </html>
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: scripts/script.js\r
 Content-Type: text/javascript\r
 \r
 // script.js
 \r
---X3JDIZCX8G\r
+--NKWXJUAFXB\r
 Content-Location: scripts/library.js\r
 Content-Type: text/javascript\r
 \r
 // library.js
 \r
---X3JDIZCX8G--`;
+--NKWXJUAFXB--`;
new file mode 100644
--- /dev/null
+++ b/netwerk/test/mochitests/test_origin_attributes_conversion.html
@@ -0,0 +1,135 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title> Bug 1209162 - Test Origin Attributes Conversion </title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<p id="display"></p>
+<div id="content" style="display: none"></div>
+<pre id="test">
+<script class="testbody" type="application/javascript;version=1.7">
+SimpleTest.waitForExplicitFinish();
+SpecialPowers.pushPrefEnv(
+  { "set": [["network.http.enable-packaged-apps", true],
+            ["network.http.signed-packages.enabled", true],
+            ["network.http.signed-packages.trusted-origin", "http://mochi.test:8888"],
+            ["dom.mozBrowserFramesEnabled", true]] },
+  () => SpecialPowers.pushPermissions([
+    { "type": "browser", "allow": 1, "context": document }
+  ], function() {
+    runTest();
+}));
+
+var Ci = SpecialPowers.Ci;
+
+function runTest() {
+  var iframe = document.createElement("iframe");
+  iframe.setAttribute('mozbrowser', 'true');
+  iframe.setAttribute('remote', 'true');
+  iframe.setAttribute("src", "http://example.org:80");
+
+  iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+    iframe.removeEventListener("mozbrowserloadend", loadend);
+    info("Got mozbrowserloadend");
+    iframe.setAttribute("src", "http://mochi.test:8888/tests/netwerk/test/mochitests/signed_web_packaged_app.sjs!//index.html");
+
+    iframe.addEventListener("mozbrowserloadend", function loadend(e) {
+      iframe.removeEventListener("mozbrowserloadend", loadend);
+      info("Got 2nd mozbrowserloadend");
+
+      // Expected origin attributes for signed package.
+      var expectedSignedOA = {inBrowser: true,
+                              signedPkg: "09bc9714-7ab6-4320-9d20-fde4c237522c"};
+
+      // Expected origin attributes for network request.
+      var expectedOA = {inBrowser: true};
+
+      function checkOriginAttributes(attrs, expected) {
+        for (var p in expected) {
+          is(attrs[p], expected[p]);
+        }
+      }
+
+      var mm = SpecialPowers.wrap(iframe)
+                            .QueryInterface(Ci.nsIFrameLoaderOwner)
+                            .frameLoader
+                            .messageManager;
+      mm.addMessageListener("test-document-origin-attributes", function (message) {
+        info("checking origin attributes from document");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-tabchild-origin-attributes", function (message) {
+        info("checking origin attributes from TabChild");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-child-docshell-origin-attributes", function (message) {
+        info("checking origin attributes from inner iframe");
+        checkOriginAttributes(message.data.originAttributes, expectedSignedOA);
+      });
+
+      mm.addMessageListener("test-necko-origin-attributes", function (message) {
+        checkOriginAttributes(message.data.originAttributes, expectedOA);
+
+        SimpleTest.finish();
+      });
+
+      var scriptLoader = mm.QueryInterface(Ci.nsIFrameScriptLoader);
+      getOriginAttributes(scriptLoader, iframe);
+      sendNetworkRequest(scriptLoader, iframe);
+    });
+  });
+
+  document.body.appendChild(iframe);
+}
+
+function getOriginAttributes(scriptLoader, iframe) {
+  var frameScript =
+    `
+    function sendOA() {
+      sendAsyncMessage("test-document-origin-attributes",
+                       {originAttributes: content.document.nodePrincipal.originAttributes});
+
+      var loadContext = content.QueryInterface(Ci.nsIInterfaceRequestor)
+                               .getInterface(Ci.nsIWebNavigation)
+                               .QueryInterface(Ci.nsIDocShell)
+                               .QueryInterface(Ci.nsILoadContext);
+      sendAsyncMessage("test-tabchild-origin-attributes",
+                       {originAttributes: loadContext.originAttributes});
+
+      var frameWindow = content.document.getElementById("innerFrame").contentWindow;
+      var childLoadContext = frameWindow.QueryInterface(Ci.nsIInterfaceRequestor)
+                                        .getInterface(Ci.nsIWebNavigation)
+                                        .QueryInterface(Ci.nsIDocShell)
+                                        .QueryInterface(Ci.nsILoadContext);
+      sendAsyncMessage("test-child-docshell-origin-attributes",
+                       {originAttributes: childLoadContext.originAttributes});
+    }
+    `;
+  scriptLoader.loadFrameScript("data:,(" + frameScript + ")()", true);
+}
+
+function sendNetworkRequest(scriptLoader, iframe) {
+  var frameScript =
+    `
+    function sendNetworkerOA() {
+      var myXHR = new content.XMLHttpRequest();
+      myXHR.open("GET", "http://mochi.test:8888/tests/netwerk/test/mochitests/signed_web_packaged_app.sjs!//page2.html");
+      myXHR.send();
+      myXHR.onload = function() {
+        var loadInfo = myXHR.channel.loadInfo;
+        sendAsyncMessage("test-necko-origin-attributes",
+                         {originAttributes: loadInfo.originAttributes});
+      };
+    }
+    `;
+  scriptLoader.loadFrameScript("data:,(" + frameScript + ")()", true)
+}
+
+</script>
+</pre>
+</body>
+</html>
--- a/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
+++ b/netwerk/test/mochitests/test_signed_web_packaged_app_origin.html
@@ -86,9 +86,9 @@ function getNodePrincipalOrigin() {
   });
 
   document.body.appendChild(iframe);
 }
 
 </script>
 </pre>
 </body>
-</html>
\ No newline at end of file
+</html>
--- a/toolkit/components/downloads/ApplicationReputation.cpp
+++ b/toolkit/components/downloads/ApplicationReputation.cpp
@@ -46,17 +46,17 @@
 #include "nsThreadUtils.h"
 #include "nsXPCOMStrings.h"
 
 #include "nsIContentPolicy.h"
 #include "nsILoadInfo.h"
 #include "nsContentUtils.h"
 
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::Preferences;
 using mozilla::TimeStamp;
 using mozilla::Telemetry::Accumulate;
 using safe_browsing::ClientDownloadRequest;
 using safe_browsing::ClientDownloadRequest_CertificateChain;
 using safe_browsing::ClientDownloadRequest_Resource;
 using safe_browsing::ClientDownloadRequest_SignatureInfo;
 
@@ -290,17 +290,17 @@ PendingDBLookup::LookupSpecInternal(cons
 {
   nsresult rv;
 
   nsCOMPtr<nsIURI> uri;
   nsCOMPtr<nsIIOService> ios = do_GetService(NS_IOSERVICE_CONTRACTID, &rv);
   rv = ios->NewURI(aSpec, nullptr, nullptr, getter_AddRefs(uri));
   NS_ENSURE_SUCCESS(rv, rv);
 
-  OriginAttributes attrs;
+  PrincipalOriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal =
     BasePrincipal::CreateCodebasePrincipal(uri, attrs);
   if (!principal) {
     return NS_ERROR_FAILURE;
   }
 
   // Check local lists to see if the URI has already been whitelisted or
   // blacklisted.
--- a/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
+++ b/toolkit/components/url-classifier/nsUrlClassifierStreamUpdater.cpp
@@ -97,17 +97,17 @@ nsUrlClassifierStreamUpdater::FetchUpdat
                      nsIContentPolicy::TYPE_OTHER,
                      nullptr,  // aLoadGroup
                      this,     // aInterfaceRequestor
                      loadFlags);
 
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
-  loadInfo->SetOriginAttributes(mozilla::OriginAttributes(NECKO_SAFEBROWSING_APP_ID, false));
+  loadInfo->SetOriginAttributes(mozilla::NeckoOriginAttributes(NECKO_SAFEBROWSING_APP_ID, false));
 
   mBeganStream = false;
 
   // If aRequestBody is empty, construct it for the test.
   if (!aRequestBody.IsEmpty()) {
     rv = AddRequestBody(aRequestBody);
     NS_ENSURE_SUCCESS(rv, rv);
   }
--- a/uriloader/prefetch/OfflineCacheUpdateParent.cpp
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.cpp
@@ -12,17 +12,18 @@
 #include "mozilla/unused.h"
 #include "nsOfflineCacheUpdate.h"
 #include "nsIApplicationCache.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsNetUtil.h"
 
 using namespace mozilla::ipc;
 using mozilla::BasePrincipal;
-using mozilla::OriginAttributes;
+using mozilla::DocShellOriginAttributes;
+using mozilla::PrincipalOriginAttributes;
 using mozilla::dom::TabParent;
 
 //
 // To enable logging (see prlog.h for full details):
 //
 //    set NSPR_LOG_MODULES=nsOfflineCacheUpdate:5
 //    set NSPR_LOG_FILE=offlineupdate.log
 //
@@ -47,17 +48,17 @@ namespace docshell {
 NS_IMPL_ISUPPORTS(OfflineCacheUpdateParent,
                   nsIOfflineCacheUpdateObserver,
                   nsILoadContext)
 
 //-----------------------------------------------------------------------------
 // OfflineCacheUpdateParent <public>
 //-----------------------------------------------------------------------------
 
-OfflineCacheUpdateParent::OfflineCacheUpdateParent(const OriginAttributes& aAttrs)
+OfflineCacheUpdateParent::OfflineCacheUpdateParent(const DocShellOriginAttributes& aAttrs)
     : mIPCClosed(false)
     , mOriginAttributes(aAttrs)
 {
     // Make sure the service has been initialized
     nsOfflineCacheUpdateService::EnsureService();
 
     LOG(("OfflineCacheUpdateParent::OfflineCacheUpdateParent [%p]", this));
 }
@@ -88,18 +89,20 @@ OfflineCacheUpdateParent::Schedule(const
 
     nsOfflineCacheUpdateService* service =
         nsOfflineCacheUpdateService::EnsureService();
     if (!service)
         return NS_ERROR_FAILURE;
 
     bool offlinePermissionAllowed = false;
 
+    PrincipalOriginAttributes principalAttrs;
+    principalAttrs.InheritFromDocShellToDoc(mOriginAttributes, manifestURI);
     nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(manifestURI, mOriginAttributes);
+      BasePrincipal::CreateCodebasePrincipal(manifestURI, principalAttrs);
 
     nsresult rv = service->OfflineAppAllowed(
         principal, nullptr, &offlinePermissionAllowed);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (!offlinePermissionAllowed)
         return NS_ERROR_DOM_SECURITY_ERR;
 
--- a/uriloader/prefetch/OfflineCacheUpdateParent.h
+++ b/uriloader/prefetch/OfflineCacheUpdateParent.h
@@ -40,23 +40,23 @@ public:
              const bool& stickDocument);
 
     void
     StopSendingMessagesToChild()
     {
       mIPCClosed = true;
     }
 
-    explicit OfflineCacheUpdateParent(const mozilla::OriginAttributes& aAttrs);
+    explicit OfflineCacheUpdateParent(const mozilla::DocShellOriginAttributes& aAttrs);
 
     virtual void ActorDestroy(ActorDestroyReason aWhy) override;
 private:
     ~OfflineCacheUpdateParent();
 
     bool mIPCClosed;
 
-    mozilla::OriginAttributes mOriginAttributes;
+    mozilla::DocShellOriginAttributes mOriginAttributes;
 };
 
 } // namespace docshell
 } // namespace mozilla
 
 #endif
--- a/uriloader/prefetch/nsOfflineCacheUpdateService.cpp
+++ b/uriloader/prefetch/nsOfflineCacheUpdateService.cpp
@@ -721,28 +721,28 @@ nsOfflineCacheUpdateService::OfflineAppA
     return OfflineAppPermForPrincipal(aPrincipal, aPrefBranch, false, aAllowed);
 }
 
 NS_IMETHODIMP
 nsOfflineCacheUpdateService::OfflineAppAllowedForURI(nsIURI *aURI,
                                                      nsIPrefBranch *aPrefBranch,
                                                      bool *aAllowed)
 {
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
     return OfflineAppPermForPrincipal(principal, aPrefBranch, false, aAllowed);
 }
 
 nsresult
 nsOfflineCacheUpdateService::OfflineAppPinnedForURI(nsIURI *aDocumentURI,
                                                     nsIPrefBranch *aPrefBranch,
                                                     bool *aPinned)
 {
-    OriginAttributes attrs;
+    PrincipalOriginAttributes attrs;
     nsCOMPtr<nsIPrincipal> principal =
         BasePrincipal::CreateCodebasePrincipal(aDocumentURI, attrs);
     return OfflineAppPermForPrincipal(principal, aPrefBranch, true, aPinned);
 }
 
 NS_IMETHODIMP
 nsOfflineCacheUpdateService::AllowOfflineApp(nsIDOMWindow *aWindow,
                                              nsIPrincipal *aPrincipal)