Bug 1639833 - IntrisincStoragePrincipal should always be partitioned - part 3 - Cleanup storage access methods, r=dimi
authorAndrea Marchesini <amarchesini@mozilla.com>
Wed, 03 Jun 2020 06:10:58 +0000
changeset 597747 08c6e70f7541d7e23ba14d2f0981918bccf6ade5
parent 597746 344054b10c44ef135413b110e2239039b73a80d0
child 597748 399c1423e90adb7647628ea6c97a91d8c9b57edf
push id13310
push userffxbld-merge
push dateMon, 29 Jun 2020 14:50:06 +0000
treeherdermozilla-beta@15a59a0afa5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdimi
bugs1639833
milestone79.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1639833 - IntrisincStoragePrincipal should always be partitioned - part 3 - Cleanup storage access methods, r=dimi Differential Revision: https://phabricator.services.mozilla.com/D76916
dom/base/Document.cpp
dom/base/Document.h
dom/base/nsGlobalWindowInner.cpp
dom/base/nsGlobalWindowInner.h
dom/base/nsGlobalWindowOuter.cpp
dom/base/nsGlobalWindowOuter.h
dom/base/nsPIDOMWindow.h
dom/broadcastchannel/BroadcastChannel.cpp
dom/ipc/WindowGlobalChild.cpp
dom/serviceworkers/ServiceWorkerPrivateImpl.cpp
dom/workers/RuntimeService.cpp
dom/workers/RuntimeService.h
dom/workers/WorkerCommon.h
dom/workers/WorkerLoadInfo.cpp
dom/workers/WorkerLoadInfo.h
dom/workers/WorkerPrivate.cpp
dom/workers/WorkerPrivate.h
dom/workers/WorkerScope.cpp
dom/workers/WorkerScope.h
dom/workers/remoteworkers/RemoteWorkerChild.cpp
dom/workers/remoteworkers/RemoteWorkerTypes.ipdlh
dom/workers/sharedworkers/SharedWorker.cpp
dom/workers/sharedworkers/SharedWorkerManager.cpp
dom/workers/sharedworkers/SharedWorkerManager.h
dom/workers/sharedworkers/SharedWorkerService.cpp
toolkit/components/antitracking/ContentBlocking.cpp
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -15684,17 +15684,17 @@ already_AddRefed<mozilla::dom::Promise> 
       return promise.forget();
     }
   }
 
   nsPIDOMWindowInner* inner = GetInnerWindow();
   nsGlobalWindowOuter* outer = nullptr;
   if (inner) {
     outer = nsGlobalWindowOuter::Cast(inner->GetOuterWindow());
-    promise->MaybeResolve(outer->HasStorageAccess());
+    promise->MaybeResolve(outer->IsStorageAccessPermissionGranted());
   } else {
     promise->MaybeRejectWithUndefined();
   }
   return promise.forget();
 }
 
 RefPtr<Document::GetContentBlockingEventsPromise>
 Document::GetContentBlockingEvents() {
@@ -15746,17 +15746,17 @@ already_AddRefed<mozilla::dom::Promise> 
   // Step 1. If the document already has been granted access, resolve.
   RefPtr<nsGlobalWindowOuter> outer =
       nsGlobalWindowOuter::Cast(inner->GetOuterWindow());
   if (!outer) {
     promise->MaybeRejectWithUndefined();
     return promise.forget();
   }
 
-  if (outer->HasStorageAccess()) {
+  if (outer->IsStorageAccessPermissionGranted()) {
     promise->MaybeResolveWithUndefined();
     return promise.forget();
   }
 
   // Step 2. If the document has a null origin, reject.
   if (NodePrincipal()->GetIsNullPrincipal()) {
     promise->MaybeRejectWithUndefined();
     return promise.forget();
@@ -15823,17 +15823,16 @@ already_AddRefed<mozilla::dom::Promise> 
     promise->MaybeRejectWithUndefined();
     return promise.forget();
   }
 
   // Step 9. Check any additional rules that the browser has.
   //         Examples: Whitelists, blacklists, on-device classification,
   //         user settings, anti-clickjacking heuristics, or prompting the
   //         user for explicit permission. Reject if some rule is not fulfilled.
-
   if (CookieJarSettings()->GetRejectThirdPartyContexts()) {
     // Only do something special for third-party tracking content.
     if (StorageDisabledByAntiTracking(this, nullptr)) {
       // Note: If this has returned true, the top-level document is guaranteed
       // to not be on the Content Blocking allow list.
       MOZ_ASSERT(!CookieJarSettings()->GetIsOnContentBlockingAllowList());
 
       RefPtr<Document> self(this);
@@ -15927,29 +15926,29 @@ already_AddRefed<mozilla::dom::Promise> 
           performFinalChecks)
           ->Then(
               GetCurrentThreadSerialEventTarget(), __func__,
               [outer, promise] {
                 // Step 10. Grant the document access to cookies and store
                 // that fact for
                 //          the purposes of future calls to
                 //          hasStorageAccess() and requestStorageAccess().
-                outer->SetHasStorageAccess(true);
+                outer->SetStorageAccessPermissionGranted(true);
                 promise->MaybeResolveWithUndefined();
               },
               [outer, promise] {
-                outer->SetHasStorageAccess(false);
+                outer->SetStorageAccessPermissionGranted(false);
                 promise->MaybeRejectWithUndefined();
               });
 
       return promise.forget();
     }
   }
 
-  outer->SetHasStorageAccess(true);
+  outer->SetStorageAccessPermissionGranted(true);
   promise->MaybeResolveWithUndefined();
   return promise.forget();
 }
 
 RefPtr<Document::AutomaticStorageAccessGrantPromise>
 Document::AutomaticStorageAccessCanBeGranted() {
   if (XRE_IsContentProcess()) {
     // In the content process, we need to ask the parent process to compute
@@ -16251,22 +16250,22 @@ nsICookieJarSettings* Document::CookieJa
             "WindowGlobalParent");
       }
     }
   }
 
   return mCookieJarSettings;
 }
 
-bool Document::HasStoragePermission() {
+bool Document::HasStorageAccessPermissionGranted() {
   // The HasStoragePermission flag in LoadInfo remains fixed when
   // it is set in the parent process, so we need to check the cache
   // to see if the permission is granted afterwards.
   nsPIDOMWindowInner* inner = GetInnerWindow();
-  if (inner && inner->HasStorageAccessGranted()) {
+  if (inner && inner->HasStorageAccessPermissionGranted()) {
     return true;
   }
 
   if (!mChannel) {
     return false;
   }
 
   nsCOMPtr<nsILoadInfo> loadInfo = mChannel->LoadInfo();
@@ -16434,10 +16433,14 @@ Document::TakePendingFrameStaticClones()
 
 void Document::AddPendingFrameStaticClone(nsFrameLoaderOwner* aElement,
                                           nsFrameLoader* aStaticCloneOf) {
   PendingFrameStaticClone* clone = mPendingFrameStaticClones.AppendElement();
   clone->mElement = aElement;
   clone->mStaticCloneOf = aStaticCloneOf;
 }
 
+bool Document::UseRegularPrincipal() const {
+  return EffectiveStoragePrincipal() == NodePrincipal();
+}
+
 }  // namespace dom
 }  // namespace mozilla
--- a/dom/base/Document.h
+++ b/dom/base/Document.h
@@ -1231,16 +1231,18 @@ class Document : public nsINode,
    */
   Element* GetRootElement() const;
 
   Selection* GetSelection(ErrorResult& aRv);
 
   already_AddRefed<Promise> HasStorageAccess(ErrorResult& aRv);
   already_AddRefed<Promise> RequestStorageAccess(ErrorResult& aRv);
 
+  bool UseRegularPrincipal() const;
+
   /**
    * Gets the event target to dispatch key events to if there is no focused
    * content in the document.
    */
   virtual Element* GetUnfocusedKeyEventTarget();
 
   /**
    * Retrieve information about the viewport as a data structure.
@@ -1383,18 +1385,18 @@ class Document : public nsINode,
 
   // Helper method that returns true if storage access API is enabled and
   // the passed flag has storage-access sandbox flag.
   static bool StorageAccessSandboxed(uint32_t aSandboxFlags);
 
   // Returns the cookie jar settings for this and sub contexts.
   nsICookieJarSettings* CookieJarSettings();
 
-  // Returns whether this document has the storage permission.
-  bool HasStoragePermission();
+  // Returns whether this document has the storage access permission.
+  bool HasStorageAccessPermissionGranted();
 
   // Increments the document generation.
   inline void Changed() { ++mGeneration; }
 
   // Returns the current generation.
   inline int32_t GetGeneration() const { return mGeneration; }
 
   // Adds cached sizes values to aSizes if there's any
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -4341,31 +4341,31 @@ already_AddRefed<nsICSSDeclaration> nsGl
     ErrorResult& aError) {
   FORWARD_TO_OUTER_OR_THROW(GetComputedStyleHelperOuter,
                             (aElt, aPseudoElt, aDefaultStylesOnly), aError,
                             nullptr);
 }
 
 Storage* nsGlobalWindowInner::GetSessionStorage(ErrorResult& aError) {
   nsIPrincipal* principal = GetPrincipal();
-  nsIPrincipal* partitionedPrincipal = PartitionedPrincipal();
+  nsIPrincipal* storagePrincipal = GetEffectiveStoragePrincipal();
   BrowsingContext* browsingContext = GetBrowsingContext();
 
-  if (!principal || !partitionedPrincipal || !browsingContext ||
+  if (!principal || !storagePrincipal || !browsingContext ||
       !Storage::StoragePrefIsEnabled()) {
     return nullptr;
   }
 
   if (mSessionStorage) {
     MOZ_LOG(gDOMLeakPRLogInner, LogLevel::Debug,
             ("nsGlobalWindowInner %p has %p sessionStorage", this,
              mSessionStorage.get()));
     bool canAccess =
         principal->Subsumes(mSessionStorage->Principal()) &&
-        partitionedPrincipal->Subsumes(mSessionStorage->StoragePrincipal());
+        storagePrincipal->Subsumes(mSessionStorage->StoragePrincipal());
     if (!canAccess) {
       mSessionStorage = nullptr;
     }
   }
 
   if (!mSessionStorage) {
     nsString documentURI;
     if (mDoc) {
@@ -4433,19 +4433,19 @@ Storage* nsGlobalWindowInner::GetSession
     const RefPtr<SessionStorageManager> storageManager =
         browsingContext->GetSessionStorageManager();
     if (!storageManager) {
       aError.Throw(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
       return nullptr;
     }
 
     RefPtr<Storage> storage;
-    aError = storageManager->CreateStorage(
-        this, principal, partitionedPrincipal, documentURI, IsPrivateBrowsing(),
-        getter_AddRefs(storage));
+    aError = storageManager->CreateStorage(this, principal, storagePrincipal,
+                                           documentURI, IsPrivateBrowsing(),
+                                           getter_AddRefs(storage));
     if (aError.Failed()) {
       return nullptr;
     }
 
     mSessionStorage = storage;
     MOZ_ASSERT(mSessionStorage);
 
     MOZ_LOG(gDOMLeakPRLogInner, LogLevel::Debug,
@@ -5030,17 +5030,17 @@ void nsGlobalWindowInner::ObserveStorage
   if (!NS_strcmp(aStorageType, u"sessionStorage")) {
     RefPtr<Storage> changingStorage = aEvent->GetStorageArea();
     MOZ_ASSERT(changingStorage);
 
     bool check = false;
 
     if (const RefPtr<SessionStorageManager> storageManager =
             GetBrowsingContext()->GetSessionStorageManager()) {
-      nsresult rv = storageManager->CheckStorage(PartitionedPrincipal(),
+      nsresult rv = storageManager->CheckStorage(GetEffectiveStoragePrincipal(),
                                                  changingStorage, &check);
       if (NS_FAILED(rv)) {
         return;
       }
     }
 
     if (!check) {
       // This storage event is not coming from our storage or is coming
@@ -7178,18 +7178,18 @@ void nsGlobalWindowInner::StoreSharedWor
 
 void nsGlobalWindowInner::ForgetSharedWorker(SharedWorker* aSharedWorker) {
   MOZ_ASSERT(aSharedWorker);
   MOZ_ASSERT(mSharedWorkers.Contains(aSharedWorker));
 
   mSharedWorkers.RemoveElement(aSharedWorker);
 }
 
-void nsGlobalWindowInner::StorageAccessGranted() {
-  PropagateFirstPartyStorageAccessGrantedToWorkers(*this);
+void nsGlobalWindowInner::StorageAccessPermissionGranted() {
+  PropagateStorageAccessPermissionGrantedToWorkers(*this);
 
   // If we have a partitioned localStorage, it's time to replace it with a real
   // one in order to receive notifications.
 
   if (mLocalStorage) {
     IgnoredErrorResult error;
     GetLocalStorage(error);
     if (NS_WARN_IF(error.Failed())) {
@@ -7284,24 +7284,24 @@ nsPIDOMWindowInner::GetBrowsingContextGr
 nsIGlobalObject* nsPIDOMWindowInner::AsGlobal() {
   return nsGlobalWindowInner::Cast(this);
 }
 
 const nsIGlobalObject* nsPIDOMWindowInner::AsGlobal() const {
   return nsGlobalWindowInner::Cast(this);
 }
 
-void nsPIDOMWindowInner::SaveStorageAccessGranted() {
-  mStorageAccessGranted = true;
-
-  nsGlobalWindowInner::Cast(this)->StorageAccessGranted();
-}
-
-bool nsPIDOMWindowInner::HasStorageAccessGranted() {
-  return mStorageAccessGranted;
+void nsPIDOMWindowInner::SaveStorageAccessPermissionGranted() {
+  mStorageAccessPermissionGranted = true;
+
+  nsGlobalWindowInner::Cast(this)->StorageAccessPermissionGranted();
+}
+
+bool nsPIDOMWindowInner::HasStorageAccessPermissionGranted() {
+  return mStorageAccessPermissionGranted;
 }
 
 nsPIDOMWindowInner::nsPIDOMWindowInner(nsPIDOMWindowOuter* aOuterWindow,
                                        WindowGlobalChild* aActor)
     : mMutationBits(0),
       mActivePeerConnections(0),
       mIsDocumentLoaded(false),
       mIsHandlingResizeEvent(false),
@@ -7314,17 +7314,17 @@ nsPIDOMWindowInner::nsPIDOMWindowInner(n
       mOuterWindow(aOuterWindow),
       mWindowID(0),
       mHasNotifiedGlobalCreated(false),
       mMarkedCCGeneration(0),
       mHasTriedToCacheTopInnerWindow(false),
       mNumOfIndexedDBDatabases(0),
       mNumOfOpenWebSockets(0),
       mEvent(nullptr),
-      mStorageAccessGranted(false),
+      mStorageAccessPermissionGranted(false),
       mWindowGlobalChild(aActor) {
   MOZ_ASSERT(aOuterWindow);
   mBrowsingContext = aOuterWindow->GetBrowsingContext();
 
   if (mWindowGlobalChild) {
     mWindowID = aActor->InnerWindowId();
 
     MOZ_ASSERT(mWindowGlobalChild->BrowsingContext() == mBrowsingContext);
--- a/dom/base/nsGlobalWindowInner.h
+++ b/dom/base/nsGlobalWindowInner.h
@@ -1121,17 +1121,17 @@ class nsGlobalWindowInner final : public
   // Get the parent principal, returns null if this or the parent are not a
   // toplevel window. This is mainly used to determine the anti-tracking storage
   // area.
   nsIPrincipal* GetTopLevelStorageAreaPrincipal();
 
   // This method is called if this window loads a 3rd party tracking resource
   // and the storage is just been granted. The window can reset the partitioned
   // storage objects and switch to the first party cookie jar.
-  void StorageAccessGranted();
+  void StorageAccessPermissionGranted();
 
  protected:
   static void NotifyDOMWindowDestroyed(nsGlobalWindowInner* aWindow);
   void NotifyWindowIDDestroyed(const char* aTopic);
 
   static void NotifyDOMWindowFrozen(nsGlobalWindowInner* aWindow);
   static void NotifyDOMWindowThawed(nsGlobalWindowInner* aWindow);
 
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1319,17 +1319,17 @@ nsGlobalWindowOuter::nsGlobalWindowOuter
       mHavePendingClose(false),
       mIsPopupSpam(false),
       mBlockScriptedClosingFlag(false),
       mWasOffline(false),
       mCreatingInnerWindow(false),
       mIsChrome(false),
       mAllowScriptsToClose(false),
       mTopLevelOuterContentWindow(false),
-      mHasStorageAccess(false),
+      mStorageAccessPermissionGranted(false),
 #ifdef DEBUG
       mSerial(0),
       mSetOpenerWindowCalled(false),
 #endif
       mCleanedUp(false),
       mCanSkipCCGeneration(0),
       mAutoActivateVRDisplayID(0) {
   AssertIsOnMainThread();
@@ -2459,54 +2459,61 @@ nsresult nsGlobalWindowOuter::SetNewDocu
 
   PreloadLocalStorage();
 
   // If we have a recorded interesting Large-Allocation header status, report it
   // to the newly attached document.
   ReportLargeAllocStatus();
   mLargeAllocStatus = LargeAllocStatus::NONE;
 
-  bool isThirdPartyTrackingResourceWindow =
-      nsContentUtils::IsThirdPartyTrackingResourceWindow(newInnerWindow);
-
-  mHasStorageAccess = false;
-  nsIURI* uri = aDocument->GetDocumentURI();
-  if (newInnerWindow &&
-      aDocument->CookieJarSettings()->GetRejectThirdPartyContexts() &&
-      nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
-                                                  uri)) {
-    uint32_t cookieBehavior =
-        aDocument->CookieJarSettings()->GetCookieBehavior();
-    // Grant storage access by default if the first-party storage access
-    // permission has been granted already.
-    // Don't notify in this case, since we would be notifying the user
-    // needlessly.
-    bool checkStorageAccess = false;
-    if (net::CookieJarSettings::IsRejectThirdPartyWithExceptions(
-            cookieBehavior)) {
-      checkStorageAccess = true;
-    } else {
-      MOZ_ASSERT(
-          cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
-          cookieBehavior ==
-              nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN);
-      if (isThirdPartyTrackingResourceWindow) {
-        checkStorageAccess = true;
-      }
-    }
-
-    if (checkStorageAccess) {
-      mHasStorageAccess =
-          ContentBlocking::ShouldAllowAccessFor(newInnerWindow, uri, nullptr);
-    }
-  }
+  mStorageAccessPermissionGranted =
+      CheckStorageAccessPermission(aDocument, newInnerWindow);
 
   return NS_OK;
 }
 
+bool nsGlobalWindowOuter::CheckStorageAccessPermission(
+    Document* aDocument, nsGlobalWindowInner* aInnerWindow) {
+  if (!aInnerWindow) {
+    return false;
+  }
+
+  nsIURI* uri = aDocument->GetDocumentURI();
+  if (!aDocument->CookieJarSettings()->GetRejectThirdPartyContexts() ||
+      !nsContentUtils::IsThirdPartyWindowOrChannel(aInnerWindow, nullptr,
+                                                   uri)) {
+    return false;
+  }
+
+  uint32_t cookieBehavior = aDocument->CookieJarSettings()->GetCookieBehavior();
+
+  // Grant storage access by default if the first-party storage access
+  // permission has been granted already.  Don't notify in this case, since we
+  // would be notifying the user needlessly.
+  bool checkStorageAccess = false;
+  if (net::CookieJarSettings::IsRejectThirdPartyWithExceptions(
+          cookieBehavior)) {
+    checkStorageAccess = true;
+  } else {
+    MOZ_ASSERT(
+        cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
+        cookieBehavior ==
+            nsICookieService::BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN);
+    if (nsContentUtils::IsThirdPartyTrackingResourceWindow(aInnerWindow)) {
+      checkStorageAccess = true;
+    }
+  }
+
+  if (checkStorageAccess) {
+    return ContentBlocking::ShouldAllowAccessFor(aInnerWindow, uri, nullptr);
+  }
+
+  return false;
+}
+
 /* static */
 void nsGlobalWindowOuter::PrepareForProcessChange(JSObject* aProxy) {
   JS::Rooted<JSObject*> localProxy(RootingCx(), aProxy);
   MOZ_ASSERT(js::IsWindowProxy(localProxy));
 
   RefPtr<nsGlobalWindowOuter> outerWindow =
       nsOuterWindowProxy::GetOuterWindow(localProxy);
   if (!outerWindow) {
--- a/dom/base/nsGlobalWindowOuter.h
+++ b/dom/base/nsGlobalWindowOuter.h
@@ -670,18 +670,18 @@ class nsGlobalWindowOuter final : public
 
   nsIDOMWindowUtils* WindowUtils();
 
   virtual bool IsInSyncOperation() override {
     return GetExtantDoc() && GetExtantDoc()->IsInSyncOperation();
   }
 
   void ParentWindowChanged() {
-    // Reset our storage access flag when we get reparented.
-    mHasStorageAccess = false;
+    // Reset our storage access permission flag when we get reparented.
+    mStorageAccessPermissionGranted = false;
   }
 
  public:
   int32_t GetInnerWidthOuter(mozilla::ErrorResult& aError);
 
  protected:
   nsresult GetInnerWidth(int32_t* aWidth) override;
   void SetInnerWidthOuter(int32_t aInnerWidth,
@@ -866,19 +866,21 @@ class nsGlobalWindowOuter final : public
   bool WindowExists(const nsAString& aName, bool aForceNoOpener,
                     bool aLookForCallerOnJSStack);
 
   already_AddRefed<nsIWidget> GetMainWidget();
   nsIWidget* GetNearestWidget() const;
 
   bool IsInModalState();
 
-  bool HasStorageAccess() const { return mHasStorageAccess; }
-  void SetHasStorageAccess(bool aHasStorageAccess) {
-    mHasStorageAccess = aHasStorageAccess;
+  bool IsStorageAccessPermissionGranted() const {
+    return mStorageAccessPermissionGranted;
+  }
+  void SetStorageAccessPermissionGranted(bool aStorageAccessPermissionGranted) {
+    mStorageAccessPermissionGranted = aStorageAccessPermissionGranted;
   }
 
   // Convenience functions for the many methods that need to scale
   // from device to CSS pixels.  This computes it with cached scale in
   // PresContext which may be not recent information of the widget.
   // Note: if PresContext is not available, they will assume a 1:1 ratio.
   int32_t DevToCSSIntPixels(int32_t px);
   nsIntSize DevToCSSIntPixels(nsIntSize px);
@@ -1035,16 +1037,19 @@ class nsGlobalWindowOuter final : public
   void SetIsBackgroundInternal(bool aIsBackground);
 
   nsresult GetInterfaceInternal(const nsIID& aIID, void** aSink);
 
   void MaybeAllowStorageForOpenedWindow(nsIURI* aURI);
 
   bool IsOnlyTopLevelDocumentInSHistory();
 
+  bool CheckStorageAccessPermission(Document* aDocument,
+                                    nsGlobalWindowInner* aInnerWindow);
+
  public:
   // Dispatch a runnable related to the global.
   virtual nsresult Dispatch(mozilla::TaskCategory aCategory,
                             already_AddRefed<nsIRunnable>&& aRunnable) override;
 
   virtual nsISerialEventTarget* EventTargetFor(
       mozilla::TaskCategory aCategory) const override;
 
@@ -1078,17 +1083,17 @@ class nsGlobalWindowOuter final : public
 
   // whether scripts may close the window,
   // even if "dom.allow_scripts_to_close_windows" is false.
   bool mAllowScriptsToClose : 1;
 
   bool mTopLevelOuterContentWindow : 1;
 
   // whether storage access has been granted to this frame.
-  bool mHasStorageAccess : 1;
+  bool mStorageAccessPermissionGranted : 1;
 
   nsCOMPtr<nsIScriptContext> mContext;
   nsCOMPtr<nsIControllers> mControllers;
 
   // For |window.arguments|, via |openDialog|.
   nsCOMPtr<nsIArray> mArguments;
 
   RefPtr<nsDOMWindowUtils> mWindowUtils;
--- a/dom/base/nsPIDOMWindow.h
+++ b/dom/base/nsPIDOMWindow.h
@@ -551,19 +551,19 @@ class nsPIDOMWindowInner : public mozIDO
 
   virtual nsresult Focus(mozilla::dom::CallerType aCallerType) = 0;
   virtual nsresult Close() = 0;
 
   mozilla::dom::DocGroup* GetDocGroup() const;
   virtual nsISerialEventTarget* EventTargetFor(
       mozilla::TaskCategory aCategory) const = 0;
 
-  void SaveStorageAccessGranted();
+  void SaveStorageAccessPermissionGranted();
 
-  bool HasStorageAccessGranted();
+  bool HasStorageAccessPermissionGranted();
 
   nsIPrincipal* GetDocumentContentBlockingAllowListPrincipal() const;
 
  protected:
   void CreatePerformanceObjectIfNeeded();
 
   // Lazily instantiate an about:blank document if necessary, and if
   // we have what it takes to do so.
@@ -651,17 +651,17 @@ class nsPIDOMWindowInner : public mozIDO
   // The event dispatch code sets and unsets this while keeping
   // the event object alive.
   mozilla::dom::Event* mEvent;
 
   // A boolean flag indicating whether storage access is granted for the
   // current window. These are also set as permissions, but it could happen
   // that we need to access them synchronously in this context, and for
   // this, we need a copy here.
-  bool mStorageAccessGranted;
+  bool mStorageAccessPermissionGranted;
 
   // The WindowGlobalChild actor for this window.
   //
   // This will be non-null during the full lifetime of the window, initialized
   // during SetNewDocument, and cleared during FreeInnerObjects.
   RefPtr<mozilla::dom::WindowGlobalChild> mWindowGlobalChild;
 };
 
--- a/dom/broadcastchannel/BroadcastChannel.cpp
+++ b/dom/broadcastchannel/BroadcastChannel.cpp
@@ -229,17 +229,17 @@ already_AddRefed<BroadcastChannel> Broad
     // object.
     if (NS_WARN_IF(!workerRef)) {
       aRv.Throw(NS_ERROR_FAILURE);
       return nullptr;
     }
 
     storageAccess = workerPrivate->StorageAccess();
     storagePrincipalInfo = workerPrivate->GetEffectiveStoragePrincipalInfo();
-    origin = workerPrivate->StoragePrincipalOrigin();
+    origin = workerPrivate->EffectiveStoragePrincipalOrigin();
 
     originNoSuffix = workerPrivate->GetLocationInfo().mOrigin;
 
     bc->mWorkerRef = workerRef;
 
     cjs = workerPrivate->CookieJarSettings();
   }
 
--- a/dom/ipc/WindowGlobalChild.cpp
+++ b/dom/ipc/WindowGlobalChild.cpp
@@ -483,23 +483,23 @@ mozilla::ipc::IPCResult WindowGlobalChil
 
   aResolve(result);
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult WindowGlobalChild::RecvSaveStorageAccessGranted() {
   nsCOMPtr<nsPIDOMWindowInner> inner = GetWindowGlobal();
   if (inner) {
-    inner->SaveStorageAccessGranted();
+    inner->SaveStorageAccessPermissionGranted();
   }
 
   nsCOMPtr<nsPIDOMWindowOuter> outer =
       nsPIDOMWindowOuter::GetFromCurrentInner(inner);
   if (outer) {
-    nsGlobalWindowOuter::Cast(outer)->SetHasStorageAccess(true);
+    nsGlobalWindowOuter::Cast(outer)->SetStorageAccessPermissionGranted(true);
   }
 
   return IPC_OK();
 }
 
 mozilla::ipc::IPCResult WindowGlobalChild::RecvDispatchSecurityPolicyViolation(
     const nsString& aViolationEventJSON) {
   nsGlobalWindowInner* window = GetWindowGlobal();
--- a/dom/serviceworkers/ServiceWorkerPrivateImpl.cpp
+++ b/dom/serviceworkers/ServiceWorkerPrivateImpl.cpp
@@ -168,16 +168,20 @@ nsresult ServiceWorkerPrivateImpl::Initi
 
   mRemoteWorkerData.loadingPrincipalInfo() = principalInfo;
   mRemoteWorkerData.principalInfo() = principalInfo;
   // partitionedPrincipalInfo for ServiceWorkers is equal to principalInfo
   // because, at the moment, ServiceWorkers are not exposed in partitioned
   // contexts.
   mRemoteWorkerData.partitionedPrincipalInfo() = principalInfo;
 
+  // ServiceWorkers run as first-party, no storage-access permission needed.
+  mRemoteWorkerData.useRegularPrincipal() = true;
+  mRemoteWorkerData.hasStorageAccessPermissionGranted() = false;
+
   rv = uri->GetHost(mRemoteWorkerData.domain());
   NS_ENSURE_SUCCESS(rv, rv);
   mRemoteWorkerData.isSecureContext() = true;
   mRemoteWorkerData.referrerInfo() = MakeAndAddRef<ReferrerInfo>();
   mRemoteWorkerData.storageAccess() = storageAccess;
   mRemoteWorkerData.serviceWorkerData() = std::move(serviceWorkerData);
 
   mRemoteWorkerData.agentClusterId() = regInfo->AgentClusterId();
--- a/dom/workers/RuntimeService.cpp
+++ b/dom/workers/RuntimeService.cpp
@@ -1937,27 +1937,27 @@ void RuntimeService::ResumeWorkersForWin
   const nsTArray<WorkerPrivate*> workers = GetWorkersForWindow(aWindow);
 
   for (uint32_t index = 0; index < workers.Length(); index++) {
     MOZ_ASSERT(!workers[index]->IsSharedWorker());
     workers[index]->ParentWindowResumed();
   }
 }
 
-void RuntimeService::PropagateFirstPartyStorageAccessGranted(
+void RuntimeService::PropagateStorageAccessPermissionGranted(
     const nsPIDOMWindowInner& aWindow) {
   AssertIsOnMainThread();
   MOZ_ASSERT_IF(aWindow.GetExtantDoc(), aWindow.GetExtantDoc()
                                             ->CookieJarSettings()
                                             ->GetRejectThirdPartyContexts());
 
   const nsTArray<WorkerPrivate*> workers = GetWorkersForWindow(aWindow);
 
   for (uint32_t index = 0; index < workers.Length(); index++) {
-    workers[index]->PropagateFirstPartyStorageAccessGranted();
+    workers[index]->PropagateStorageAccessPermissionGranted();
   }
 }
 
 void RuntimeService::NoteIdleThread(SafeRefPtr<WorkerThread> aThread) {
   AssertIsOnMainThread();
   MOZ_ASSERT(aThread);
 
   bool shutdownThread = mShuttingDown;
@@ -2350,26 +2350,26 @@ void SuspendWorkersForWindow(const nsPID
 void ResumeWorkersForWindow(const nsPIDOMWindowInner& aWindow) {
   AssertIsOnMainThread();
   RuntimeService* runtime = RuntimeService::GetService();
   if (runtime) {
     runtime->ResumeWorkersForWindow(aWindow);
   }
 }
 
-void PropagateFirstPartyStorageAccessGrantedToWorkers(
+void PropagateStorageAccessPermissionGrantedToWorkers(
     const nsPIDOMWindowInner& aWindow) {
   AssertIsOnMainThread();
   MOZ_ASSERT_IF(aWindow.GetExtantDoc(), aWindow.GetExtantDoc()
                                             ->CookieJarSettings()
                                             ->GetRejectThirdPartyContexts());
 
   RuntimeService* runtime = RuntimeService::GetService();
   if (runtime) {
-    runtime->PropagateFirstPartyStorageAccessGranted(aWindow);
+    runtime->PropagateStorageAccessPermissionGranted(aWindow);
   }
 }
 
 WorkerPrivate* GetWorkerPrivateFromContext(JSContext* aCx) {
   MOZ_ASSERT(!NS_IsMainThread());
   MOZ_ASSERT(aCx);
 
   CycleCollectedJSContext* ccjscx = CycleCollectedJSContext::GetFor(aCx);
--- a/dom/workers/RuntimeService.h
+++ b/dom/workers/RuntimeService.h
@@ -112,17 +112,17 @@ class RuntimeService final : public nsIO
   void FreezeWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
   void ThawWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
   void SuspendWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
   void ResumeWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
-  void PropagateFirstPartyStorageAccessGranted(
+  void PropagateStorageAccessPermissionGranted(
       const nsPIDOMWindowInner& aWindow);
 
   const NavigatorProperties& GetNavigatorProperties() const {
     return mNavigatorProperties;
   }
 
   void NoteIdleThread(SafeRefPtr<WorkerThread> aThread);
 
--- a/dom/workers/WorkerCommon.h
+++ b/dom/workers/WorkerCommon.h
@@ -39,17 +39,17 @@ void CancelWorkersForWindow(const nsPIDO
 void FreezeWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
 void ThawWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
 void SuspendWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
 void ResumeWorkersForWindow(const nsPIDOMWindowInner& aWindow);
 
-void PropagateFirstPartyStorageAccessGrantedToWorkers(
+void PropagateStorageAccessPermissionGrantedToWorkers(
     const nsPIDOMWindowInner& aWindow);
 
 // All of these are implemented in WorkerScope.cpp
 
 bool IsWorkerGlobal(JSObject* global);
 
 bool IsWorkerDebuggerGlobal(JSObject* global);
 
--- a/dom/workers/WorkerLoadInfo.cpp
+++ b/dom/workers/WorkerLoadInfo.cpp
@@ -88,17 +88,18 @@ WorkerLoadInfoData::WorkerLoadInfoData()
       mFromWindow(false),
       mEvalAllowed(false),
       mReportCSPViolations(false),
       mXHRParamsAllowed(false),
       mPrincipalIsSystem(false),
       mPrincipalIsAddonOrExpandedAddon(false),
       mWatchedByDevTools(false),
       mStorageAccess(StorageAccess::eDeny),
-      mFirstPartyStorageAccessGranted(false),
+      mUseRegularPrincipal(false),
+      mHasStorageAccessPermissionGranted(false),
       mServiceWorkersTestingInWindow(false),
       mSecureContext(eNotSet) {}
 
 nsresult WorkerLoadInfo::SetPrincipalsAndCSPOnMainThread(
     nsIPrincipal* aPrincipal, nsIPrincipal* aPartitionedPrincipal,
     nsILoadGroup* aLoadGroup, nsIContentSecurityPolicy* aCsp) {
   AssertIsOnMainThread();
   MOZ_ASSERT(NS_LoadGroupMatchesPrincipal(aLoadGroup, aPrincipal));
--- a/dom/workers/WorkerLoadInfo.h
+++ b/dom/workers/WorkerLoadInfo.h
@@ -128,17 +128,18 @@ struct WorkerLoadInfoData {
   bool mFromWindow;
   bool mEvalAllowed;
   bool mReportCSPViolations;
   bool mXHRParamsAllowed;
   bool mPrincipalIsSystem;
   bool mPrincipalIsAddonOrExpandedAddon;
   bool mWatchedByDevTools;
   StorageAccess mStorageAccess;
-  bool mFirstPartyStorageAccessGranted;
+  bool mUseRegularPrincipal;
+  bool mHasStorageAccessPermissionGranted;
   bool mServiceWorkersTestingInWindow;
   OriginAttributes mOriginAttributes;
 
   enum {
     eNotSet,
     eInsecureContext,
     eSecureContext,
   } mSecureContext;
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -463,26 +463,26 @@ class ThawRunnable final : public Worker
 
  private:
   virtual bool WorkerRun(JSContext* aCx,
                          WorkerPrivate* aWorkerPrivate) override {
     return aWorkerPrivate->ThawInternal();
   }
 };
 
-class PropagateFirstPartyStorageAccessGrantedRunnable final
+class PropagateStorageAccessPermissionGrantedRunnable final
     : public WorkerControlRunnable {
  public:
-  explicit PropagateFirstPartyStorageAccessGrantedRunnable(
+  explicit PropagateStorageAccessPermissionGrantedRunnable(
       WorkerPrivate* aWorkerPrivate)
       : WorkerControlRunnable(aWorkerPrivate, WorkerThreadUnchangedBusyCount) {}
 
  private:
   bool WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate) override {
-    aWorkerPrivate->PropagateFirstPartyStorageAccessGrantedInternal();
+    aWorkerPrivate->PropagateStorageAccessPermissionGrantedInternal();
     return true;
   }
 };
 
 class ReportErrorToConsoleRunnable final : public WorkerRunnable {
   const char* mMessage;
   const nsTArray<nsString> mParams;
 
@@ -1740,29 +1740,29 @@ void WorkerPrivate::ParentWindowResumed(
   // if the worker is frozen.
   //
   // This can only fail if the ThrottledEventQueue cannot dispatch its executor
   // to the main thread, in which case the main thread was never going to draw
   // runnables from it anyway, so the failure doesn't matter.
   Unused << mMainThreadDebuggeeEventTarget->SetIsPaused(IsFrozen());
 }
 
-void WorkerPrivate::PropagateFirstPartyStorageAccessGranted() {
+void WorkerPrivate::PropagateStorageAccessPermissionGranted() {
   AssertIsOnParentThread();
 
   {
     MutexAutoLock lock(mMutex);
 
     if (mParentStatus >= Canceling) {
       return;
     }
   }
 
-  RefPtr<PropagateFirstPartyStorageAccessGrantedRunnable> runnable =
-      new PropagateFirstPartyStorageAccessGrantedRunnable(this);
+  RefPtr<PropagateStorageAccessPermissionGrantedRunnable> runnable =
+      new PropagateStorageAccessPermissionGrantedRunnable(this);
   Unused << NS_WARN_IF(!runnable->Dispatch());
 }
 
 bool WorkerPrivate::Close() {
   mMutex.AssertCurrentThreadOwns();
   if (mParentStatus < Closing) {
     mParentStatus = Closing;
   }
@@ -2527,19 +2527,20 @@ nsresult WorkerPrivate::GetLoadInfo(JSCo
       MOZ_ALWAYS_TRUE(loadInfo.ProxyReleaseMainThreadObjects(aParent));
       return NS_ERROR_FAILURE;
     }
 
     loadInfo.mDomain = aParent->Domain();
     loadInfo.mFromWindow = aParent->IsFromWindow();
     loadInfo.mWindowID = aParent->WindowID();
     loadInfo.mStorageAccess = aParent->StorageAccess();
+    loadInfo.mUseRegularPrincipal = aParent->UseRegularPrincipal();
+    loadInfo.mHasStorageAccessPermissionGranted =
+        aParent->HasStorageAccessPermissionGranted();
     loadInfo.mOriginAttributes = aParent->GetOriginAttributes();
-    loadInfo.mFirstPartyStorageAccessGranted =
-        aParent->IsFirstPartyStorageAccessGranted();
     loadInfo.mServiceWorkersTestingInWindow =
         aParent->ServiceWorkersTestingInWindow();
     loadInfo.mParentController = aParent->GlobalScope()->GetController();
     loadInfo.mWatchedByDevTools = aParent->IsWatchedByDevTools();
   } else {
     AssertIsOnMainThread();
 
     // Make sure that the IndexedDatabaseManager is set up
@@ -2663,18 +2664,26 @@ nsresult WorkerPrivate::GetLoadInfo(JSCo
       loadInfo.mWatchedByDevTools =
           browsingContext ? browsingContext->WatchedByDevTools() : false;
 
       loadInfo.mReferrerInfo =
           ReferrerInfo::CreateForFetch(loadInfo.mLoadingPrincipal, document);
       loadInfo.mFromWindow = true;
       loadInfo.mWindowID = globalWindow->WindowID();
       loadInfo.mStorageAccess = StorageAllowedForWindow(globalWindow);
-      loadInfo.mFirstPartyStorageAccessGranted =
-          document->HasStoragePermission();
+      loadInfo.mUseRegularPrincipal = document->UseRegularPrincipal();
+      loadInfo.mHasStorageAccessPermissionGranted =
+          document->HasStorageAccessPermissionGranted();
+
+      // This is an hack to deny the storage-access-permission for workers of
+      // sub-iframes.
+      if (loadInfo.mHasStorageAccessPermissionGranted &&
+          StorageAllowedForDocument(document) != StorageAccess::eAllow) {
+        loadInfo.mHasStorageAccessPermissionGranted = false;
+      }
       loadInfo.mCookieJarSettings = document->CookieJarSettings();
       StoragePrincipalHelper::GetRegularPrincipalOriginAttributes(
           document, loadInfo.mOriginAttributes);
       loadInfo.mParentController = globalWindow->GetController();
       loadInfo.mSecureContext = loadInfo.mWindow->IsSecureContext()
                                     ? WorkerLoadInfo::eSecureContext
                                     : WorkerLoadInfo::eInsecureContext;
     } else {
@@ -2711,17 +2720,18 @@ nsresult WorkerPrivate::GetLoadInfo(JSCo
         if (NS_FAILED(rv)) {
           return rv;
         }
       }
       loadInfo.mXHRParamsAllowed = true;
       loadInfo.mFromWindow = false;
       loadInfo.mWindowID = UINT64_MAX;
       loadInfo.mStorageAccess = StorageAccess::eAllow;
-      loadInfo.mFirstPartyStorageAccessGranted = true;
+      loadInfo.mUseRegularPrincipal = true;
+      loadInfo.mHasStorageAccessPermissionGranted = false;
       loadInfo.mCookieJarSettings = mozilla::net::CookieJarSettings::Create();
       MOZ_ASSERT(loadInfo.mCookieJarSettings);
 
       loadInfo.mOriginAttributes = OriginAttributes();
     }
 
     MOZ_ASSERT(loadInfo.mLoadingPrincipal);
     MOZ_ASSERT(isChrome || !loadInfo.mDomain.IsEmpty());
@@ -2754,17 +2764,17 @@ nsresult WorkerPrivate::GetLoadInfo(JSCo
     // principal for the worker. The channel here won't be opened when we do the
     // check later, so the hasStoragePermission flag is incorrect. To address
     // this, We copy the hasStoragePermission flag from the document if there is
     // a window. The worker is created as the same origin of the window. So, the
     // worker is supposed to have the same storage permission as the window as
     // well as the hasStoragePermission flag.
     nsCOMPtr<nsILoadInfo> channelLoadInfo = loadInfo.mChannel->LoadInfo();
     rv = channelLoadInfo->SetHasStoragePermission(
-        loadInfo.mFirstPartyStorageAccessGranted);
+        loadInfo.mHasStorageAccessPermissionGranted);
     NS_ENSURE_SUCCESS(rv, rv);
 
     rv = loadInfo.SetPrincipalsAndCSPFromChannel(loadInfo.mChannel);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   MOZ_DIAGNOSTIC_ASSERT(loadInfo.mLoadingPrincipal);
   MOZ_DIAGNOSTIC_ASSERT(loadInfo.PrincipalIsValid());
@@ -3614,28 +3624,29 @@ bool WorkerPrivate::ThawInternal() {
   auto& clientSource = data->mScope->GetClientSource();
   if (clientSource) {
     clientSource->Thaw();
   }
 
   return true;
 }
 
-void WorkerPrivate::PropagateFirstPartyStorageAccessGrantedInternal() {
+void WorkerPrivate::PropagateStorageAccessPermissionGrantedInternal() {
   MOZ_ACCESS_THREAD_BOUND(mWorkerThreadAccessible, data);
 
-  mLoadInfo.mFirstPartyStorageAccessGranted = true;
+  mLoadInfo.mUseRegularPrincipal = true;
+  mLoadInfo.mHasStorageAccessPermissionGranted = true;
 
   WorkerGlobalScope* globalScope = GlobalScope();
   if (globalScope) {
-    globalScope->FirstPartyStorageAccessGranted();
+    globalScope->StorageAccessPermissionGranted();
   }
 
   for (uint32_t index = 0; index < data->mChildWorkers.Length(); index++) {
-    data->mChildWorkers[index]->PropagateFirstPartyStorageAccessGranted();
+    data->mChildWorkers[index]->PropagateStorageAccessPermissionGranted();
   }
 }
 
 void WorkerPrivate::TraverseTimeouts(nsCycleCollectionTraversalCallback& cb) {
   MOZ_ACCESS_THREAD_BOUND(mWorkerThreadAccessible, data);
   for (uint32_t i = 0; i < data->mTimeouts.Length(); ++i) {
     // TODO(erahm): No idea what's going on here.
     TimeoutInfo* tmp = data->mTimeouts[i].get();
@@ -5332,26 +5343,30 @@ void WorkerPrivate::EnsureOwnerEmbedderP
         GetWindow()->GetWindowContext()->GetEmbedderPolicy());
   }
 }
 
 const mozilla::ipc::PrincipalInfo&
 WorkerPrivate::GetEffectiveStoragePrincipalInfo() const {
   AssertIsOnWorkerThread();
 
-  if (mLoadInfo.mFirstPartyStorageAccessGranted) {
+  if (mLoadInfo.mUseRegularPrincipal) {
     return *mLoadInfo.mPrincipalInfo;
   }
 
-  // TODO: this is wrong and it will be fixed by the next patch.
   return *mLoadInfo.mPartitionedPrincipalInfo;
 }
 
-const nsACString& WorkerPrivate::StoragePrincipalOrigin() const {
-  // TODO: this is wrong and it will be fixed by the next patch.
+const nsACString& WorkerPrivate::EffectiveStoragePrincipalOrigin() const {
+  AssertIsOnWorkerThread();
+
+  if (mLoadInfo.mUseRegularPrincipal) {
+    return mLoadInfo.mOrigin;
+  }
+
   return mLoadInfo.mPartitionedOrigin;
 }
 
 NS_IMPL_ADDREF(WorkerPrivate::EventTarget)
 NS_IMPL_RELEASE(WorkerPrivate::EventTarget)
 
 NS_INTERFACE_MAP_BEGIN(WorkerPrivate::EventTarget)
   NS_INTERFACE_MAP_ENTRY(nsISerialEventTarget)
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -237,17 +237,17 @@ class WorkerPrivate : public RelativeTim
   bool IsOnCurrentThread();
 
   void CloseInternal();
 
   bool FreezeInternal();
 
   bool ThawInternal();
 
-  void PropagateFirstPartyStorageAccessGrantedInternal();
+  void PropagateStorageAccessPermissionGrantedInternal();
 
   void TraverseTimeouts(nsCycleCollectionTraversalCallback& aCallback);
 
   void UnlinkTimeouts();
 
   bool ModifyBusyCountFromWorker(bool aIncrease);
 
   bool AddChildWorker(WorkerPrivate* aChildWorker);
@@ -698,21 +698,17 @@ class WorkerPrivate : public RelativeTim
     AssertIsOnMainThread();
     return mLoadInfo.mLoadingPrincipal;
   }
 
   const nsAString& OriginNoSuffix() const { return mLoadInfo.mOriginNoSuffix; }
 
   const nsACString& Origin() const { return mLoadInfo.mOrigin; }
 
-  const nsACString& StoragePrincipalOrigin() const;
-
-  const nsACString& PartitionedOrigin() const {
-    return mLoadInfo.mPartitionedOrigin;
-  }
+  const nsACString& EffectiveStoragePrincipalOrigin() const;
 
   nsILoadGroup* GetLoadGroup() const {
     AssertIsOnMainThread();
     return mLoadInfo.mLoadGroup;
   }
 
   bool UsesSystemPrincipal() const { return mLoadInfo.mPrincipalIsSystem; }
   bool UsesAddonOrExpandedAddonPrincipal() const {
@@ -779,26 +775,31 @@ class WorkerPrivate : public RelativeTim
   bool XHRParamsAllowed() const { return mLoadInfo.mXHRParamsAllowed; }
 
   void SetXHRParamsAllowed(bool aAllowed) {
     mLoadInfo.mXHRParamsAllowed = aAllowed;
   }
 
   mozilla::StorageAccess StorageAccess() const {
     AssertIsOnWorkerThread();
-    if (IsFirstPartyStorageAccessGranted()) {
+    if (mLoadInfo.mHasStorageAccessPermissionGranted) {
       return mozilla::StorageAccess::eAllow;
     }
 
     return mLoadInfo.mStorageAccess;
   }
 
-  bool IsFirstPartyStorageAccessGranted() const {
+  bool UseRegularPrincipal() const {
     AssertIsOnWorkerThread();
-    return mLoadInfo.mFirstPartyStorageAccessGranted;
+    return mLoadInfo.mUseRegularPrincipal;
+  }
+
+  bool HasStorageAccessPermissionGranted() const {
+    AssertIsOnWorkerThread();
+    return mLoadInfo.mHasStorageAccessPermissionGranted;
   }
 
   nsICookieJarSettings* CookieJarSettings() const {
     // Any thread.
     MOZ_ASSERT(mLoadInfo.mCookieJarSettings);
     return mLoadInfo.mCookieJarSettings;
   }
 
@@ -835,17 +836,17 @@ class WorkerPrivate : public RelativeTim
   RefPtr<GenericPromise> SetServiceWorkerSkipWaitingFlag();
 
   // We can assume that an nsPIDOMWindow will be available for Freeze, Thaw
   // as these are only used for globals going in and out of the bfcache.
   bool Freeze(const nsPIDOMWindowInner* aWindow);
 
   bool Thaw(const nsPIDOMWindowInner* aWindow);
 
-  void PropagateFirstPartyStorageAccessGranted();
+  void PropagateStorageAccessPermissionGranted();
 
   void EnableDebugger();
 
   void DisableDebugger();
 
   already_AddRefed<WorkerRunnable> MaybeWrapAsWorkerRunnable(
       already_AddRefed<nsIRunnable> aRunnable);
 
--- a/dom/workers/WorkerScope.cpp
+++ b/dom/workers/WorkerScope.cpp
@@ -611,17 +611,17 @@ WorkerGlobalScope::GetOrCreateServiceWor
       GetServiceWorkerRegistration(aDescriptor);
   if (!ref) {
     ref = ServiceWorkerRegistration::CreateForWorker(mWorkerPrivate, this,
                                                      aDescriptor);
   }
   return ref;
 }
 
-void WorkerGlobalScope::FirstPartyStorageAccessGranted() {
+void WorkerGlobalScope::StorageAccessPermissionGranted() {
   // Reset the IndexedDB factory.
   mIndexedDB = nullptr;
 
   // Reset DOM Cache
   mCacheStorage = nullptr;
 }
 
 bool WorkerGlobalScope::WindowInteractionAllowed() const {
--- a/dom/workers/WorkerScope.h
+++ b/dom/workers/WorkerScope.h
@@ -276,17 +276,17 @@ class WorkerGlobalScope : public WorkerG
   already_AddRefed<cache::CacheStorage> GetCaches(ErrorResult& aRv);
 
   bool WindowInteractionAllowed() const;
 
   void AllowWindowInteraction();
 
   void ConsumeWindowInteraction();
 
-  void FirstPartyStorageAccessGranted();
+  void StorageAccessPermissionGranted();
 
  protected:
   ~WorkerGlobalScope() = default;
 
  private:
   MOZ_CAN_RUN_SCRIPT
   int32_t SetTimeoutOrInterval(JSContext* aCx, Function& aHandler,
                                int32_t aTimeout,
--- a/dom/workers/remoteworkers/RemoteWorkerChild.cpp
+++ b/dom/workers/remoteworkers/RemoteWorkerChild.cpp
@@ -340,16 +340,19 @@ nsresult RemoteWorkerChild::ExecWorkerOn
       MakeUnique<PrincipalInfo>(aData.partitionedPrincipalInfo());
 
   info.mReferrerInfo = aData.referrerInfo();
   info.mDomain = aData.domain();
   info.mPrincipal = principal;
   info.mPartitionedPrincipal = partitionedPrincipalOrErr.unwrap();
   info.mLoadingPrincipal = loadingPrincipalOrErr.unwrap();
   info.mStorageAccess = aData.storageAccess();
+  info.mUseRegularPrincipal = aData.useRegularPrincipal();
+  info.mHasStorageAccessPermissionGranted =
+      aData.hasStorageAccessPermissionGranted();
   info.mOriginAttributes =
       BasePrincipal::Cast(principal)->OriginAttributesRef();
   info.mCookieJarSettings = net::CookieJarSettings::Create();
 
   // Default CSP permissions for now.  These will be overrided if necessary
   // based on the script CSP headers during load in ScriptLoader.
   info.mEvalAllowed = true;
   info.mReportCSPViolations = false;
--- a/dom/workers/remoteworkers/RemoteWorkerTypes.ipdlh
+++ b/dom/workers/remoteworkers/RemoteWorkerTypes.ipdlh
@@ -46,16 +46,19 @@ struct RemoteWorkerData
   URIParams resolvedScriptURL;
 
   nsString name;
 
   PrincipalInfo loadingPrincipalInfo;
   PrincipalInfo principalInfo;
   PrincipalInfo partitionedPrincipalInfo;
 
+  bool useRegularPrincipal;
+  bool hasStorageAccessPermissionGranted;
+
   nsCString domain;
 
   bool isSecureContext;
 
   IPCClientInfo? clientInfo;
 
   nsIReferrerInfo referrerInfo;
 
--- a/dom/workers/sharedworkers/SharedWorker.cpp
+++ b/dom/workers/sharedworkers/SharedWorker.cpp
@@ -191,18 +191,20 @@ already_AddRefed<SharedWorker> SharedWor
     ipcClientInfo.emplace(clientInfo.value().ToIPC());
   }
 
   nsID agentClusterId = nsContentUtils::GenerateUUID();
 
   RemoteWorkerData remoteWorkerData(
       nsString(aScriptURL), baseURL, resolvedScriptURL, name,
       loadingPrincipalInfo, principalInfo, partitionedPrincipalInfo,
-      loadInfo.mDomain, isSecureContext, ipcClientInfo, loadInfo.mReferrerInfo,
-      storageAllowed, void_t() /* OptionalServiceWorkerData */, agentClusterId);
+      loadInfo.mUseRegularPrincipal,
+      loadInfo.mHasStorageAccessPermissionGranted, loadInfo.mDomain,
+      isSecureContext, ipcClientInfo, loadInfo.mReferrerInfo, storageAllowed,
+      void_t() /* OptionalServiceWorkerData */, agentClusterId);
 
   PSharedWorkerChild* pActor = actorChild->SendPSharedWorkerConstructor(
       remoteWorkerData, loadInfo.mWindowID, portIdentifier.release());
 
   RefPtr<SharedWorkerChild> actor = static_cast<SharedWorkerChild*>(pActor);
   MOZ_ASSERT(actor);
 
   RefPtr<SharedWorker> sharedWorker =
--- a/dom/workers/sharedworkers/SharedWorkerManager.cpp
+++ b/dom/workers/sharedworkers/SharedWorkerManager.cpp
@@ -17,36 +17,36 @@
 
 namespace mozilla {
 namespace dom {
 
 // static
 already_AddRefed<SharedWorkerManagerHolder> SharedWorkerManager::Create(
     SharedWorkerService* aService, nsIEventTarget* aPBackgroundEventTarget,
     const RemoteWorkerData& aData, nsIPrincipal* aLoadingPrincipal,
-    const OriginAttributes& aPartitionedPrincipalAttrs) {
+    const OriginAttributes& aEffectiveStoragePrincipalAttrs) {
   MOZ_ASSERT(NS_IsMainThread());
 
   RefPtr<SharedWorkerManager> manager =
       new SharedWorkerManager(aPBackgroundEventTarget, aData, aLoadingPrincipal,
-                              aPartitionedPrincipalAttrs);
+                              aEffectiveStoragePrincipalAttrs);
 
   RefPtr<SharedWorkerManagerHolder> holder =
       new SharedWorkerManagerHolder(manager, aService);
   return holder.forget();
 }
 
 SharedWorkerManager::SharedWorkerManager(
     nsIEventTarget* aPBackgroundEventTarget, const RemoteWorkerData& aData,
     nsIPrincipal* aLoadingPrincipal,
-    const OriginAttributes& aPartitionedPrincipalAttrs)
+    const OriginAttributes& aEffectiveStoragePrincipalAttrs)
     : mPBackgroundEventTarget(aPBackgroundEventTarget),
       mLoadingPrincipal(aLoadingPrincipal),
       mDomain(aData.domain()),
-      mPartitionedPrincipalAttrs(aPartitionedPrincipalAttrs),
+      mEffectiveStoragePrincipalAttrs(aEffectiveStoragePrincipalAttrs),
       mResolvedScriptURL(DeserializeURI(aData.resolvedScriptURL())),
       mName(aData.name()),
       mIsSecureContext(aData.isSecureContext()),
       mSuspended(false),
       mFrozen(false) {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(aLoadingPrincipal);
 }
@@ -78,30 +78,31 @@ bool SharedWorkerManager::MaybeCreateRem
   mRemoteWorkerController->AddPortIdentifier(aPortIdentifier.release());
   return true;
 }
 
 already_AddRefed<SharedWorkerManagerHolder>
 SharedWorkerManager::MatchOnMainThread(
     SharedWorkerService* aService, const nsACString& aDomain,
     nsIURI* aScriptURL, const nsAString& aName, nsIPrincipal* aLoadingPrincipal,
-    const OriginAttributes& aPartitionedPrincipalAttrs) {
+    const OriginAttributes& aEffectiveStoragePrincipalAttrs) {
   MOZ_ASSERT(NS_IsMainThread());
 
   bool urlEquals;
   if (NS_FAILED(aScriptURL->Equals(mResolvedScriptURL, &urlEquals))) {
     return nullptr;
   }
 
-  bool match = aDomain == mDomain && urlEquals && aName == mName &&
-               // We want to be sure that the window's principal subsumes the
-               // SharedWorker's loading principal and vice versa.
-               mLoadingPrincipal->Subsumes(aLoadingPrincipal) &&
-               aLoadingPrincipal->Subsumes(mLoadingPrincipal) &&
-               mPartitionedPrincipalAttrs == aPartitionedPrincipalAttrs;
+  bool match =
+      aDomain == mDomain && urlEquals && aName == mName &&
+      // We want to be sure that the window's principal subsumes the
+      // SharedWorker's loading principal and vice versa.
+      mLoadingPrincipal->Subsumes(aLoadingPrincipal) &&
+      aLoadingPrincipal->Subsumes(mLoadingPrincipal) &&
+      mEffectiveStoragePrincipalAttrs == aEffectiveStoragePrincipalAttrs;
   if (!match) {
     return nullptr;
   }
 
   RefPtr<SharedWorkerManagerHolder> holder =
       new SharedWorkerManagerHolder(this, aService);
   return holder.forget();
 }
--- a/dom/workers/sharedworkers/SharedWorkerManager.h
+++ b/dom/workers/sharedworkers/SharedWorkerManager.h
@@ -65,25 +65,25 @@ class SharedWorkerManager final : public
  public:
   NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedWorkerManager, override);
 
   // Called on main-thread thread methods
 
   static already_AddRefed<SharedWorkerManagerHolder> Create(
       SharedWorkerService* aService, nsIEventTarget* aPBackgroundEventTarget,
       const RemoteWorkerData& aData, nsIPrincipal* aLoadingPrincipal,
-      const OriginAttributes& aPartitionedPrincipalAttrs);
+      const OriginAttributes& aEffectiveStoragePrincipalAttrs);
 
   // Returns a holder if this manager matches. The holder blocks the shutdown of
   // the manager.
   already_AddRefed<SharedWorkerManagerHolder> MatchOnMainThread(
       SharedWorkerService* aService, const nsACString& aDomain,
       nsIURI* aScriptURL, const nsAString& aName,
       nsIPrincipal* aLoadingPrincipal,
-      const OriginAttributes& aPartitionedPrincipalAttrs);
+      const OriginAttributes& aEffectiveStoragePrincipalAttrs);
 
   // RemoteWorkerObserver
 
   void CreationFailed() override;
 
   void CreationSucceeded() override;
 
   void ErrorReceived(const ErrorValue& aValue) override;
@@ -114,25 +114,25 @@ class SharedWorkerManager final : public
   void RegisterHolder(SharedWorkerManagerHolder* aHolder);
 
   void UnregisterHolder(SharedWorkerManagerHolder* aHolder);
 
  private:
   SharedWorkerManager(nsIEventTarget* aPBackgroundEventTarget,
                       const RemoteWorkerData& aData,
                       nsIPrincipal* aLoadingPrincipal,
-                      const OriginAttributes& aPartitionedPrincipalAttrs);
+                      const OriginAttributes& aEffectiveStoragePrincipalAttrs);
 
   ~SharedWorkerManager();
 
   nsCOMPtr<nsIEventTarget> mPBackgroundEventTarget;
 
   nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
   const nsCString mDomain;
-  const OriginAttributes mPartitionedPrincipalAttrs;
+  const OriginAttributes mEffectiveStoragePrincipalAttrs;
   const nsCOMPtr<nsIURI> mResolvedScriptURL;
   const nsString mName;
   const bool mIsSecureContext;
   bool mSuspended;
   bool mFrozen;
 
   // Raw pointers because SharedWorkerParent unregisters itself in
   // ActorDestroy().
--- a/dom/workers/sharedworkers/SharedWorkerService.cpp
+++ b/dom/workers/sharedworkers/SharedWorkerService.cpp
@@ -183,33 +183,38 @@ void SharedWorkerService::GetOrCreateWor
   }
 
   RefPtr<SharedWorkerManagerHolder> managerHolder;
 
   nsCOMPtr<nsIPrincipal> loadingPrincipal = loadingPrincipalOrErr.unwrap();
   nsCOMPtr<nsIPrincipal> partitionedPrincipal =
       partitionedPrincipalOrErr.unwrap();
 
+  nsCOMPtr<nsIPrincipal> effectiveStoragePrincipal = partitionedPrincipal;
+  if (aData.useRegularPrincipal()) {
+    effectiveStoragePrincipal = loadingPrincipal;
+  }
+
   // Let's see if there is already a SharedWorker to share.
   nsCOMPtr<nsIURI> resolvedScriptURL =
       DeserializeURI(aData.resolvedScriptURL());
   for (SharedWorkerManager* workerManager : mWorkerManagers) {
     managerHolder = workerManager->MatchOnMainThread(
         this, aData.domain(), resolvedScriptURL, aData.name(), loadingPrincipal,
-        BasePrincipal::Cast(partitionedPrincipal)->OriginAttributesRef());
+        BasePrincipal::Cast(effectiveStoragePrincipal)->OriginAttributesRef());
     if (managerHolder) {
       break;
     }
   }
 
   // Let's create a new one.
   if (!managerHolder) {
     managerHolder = SharedWorkerManager::Create(
         this, aBackgroundEventTarget, aData, loadingPrincipal,
-        BasePrincipal::Cast(partitionedPrincipal)->OriginAttributesRef());
+        BasePrincipal::Cast(effectiveStoragePrincipal)->OriginAttributesRef());
 
     mWorkerManagers.AppendElement(managerHolder->Manager());
   } else {
     // We are attaching the actor to an existing one.
     if (managerHolder->Manager()->IsSecureContext() !=
         aData.isSecureContext()) {
       ErrorPropagationOnMainThread(aBackgroundEventTarget, aActor,
                                    NS_ERROR_DOM_SECURITY_ERR);
--- a/toolkit/components/antitracking/ContentBlocking.cpp
+++ b/toolkit/components/antitracking/ContentBlocking.cpp
@@ -715,23 +715,24 @@ void ContentBlocking::UpdateAllowAccessO
            !AntiTrackingUtils::IsFirstLevelSubContext(aContext))) {
         return;
       }
 
       if (aTrackingOrigin == origin) {
         nsCOMPtr<nsPIDOMWindowInner> inner =
             AntiTrackingUtils::GetInnerWindow(aContext);
         if (inner) {
-          inner->SaveStorageAccessGranted();
+          inner->SaveStorageAccessPermissionGranted();
         }
 
         nsCOMPtr<nsPIDOMWindowOuter> outer =
             nsPIDOMWindowOuter::GetFromCurrentInner(inner);
         if (outer) {
-          nsGlobalWindowOuter::Cast(outer)->SetHasStorageAccess(true);
+          nsGlobalWindowOuter::Cast(outer)->SetStorageAccessPermissionGranted(
+              true);
         }
       }
     }
   });
 }
 
 /* static */
 void ContentBlocking::UpdateAllowAccessOnParentProcess(
@@ -927,23 +928,23 @@ bool ContentBlocking::ShouldAllowAccessF
           aWindow->GetBrowsingContext())) {
     *aRejectedReason = blockedReason;
     return false;
   }
 
   // Document::HasStoragePermission first checks if storage access granted is
   // cached in the inner window, if no, it then checks the storage permission
   // flag in the channel's loadinfo
-  bool allowed = document->HasStoragePermission();
+  bool allowed = document->HasStorageAccessPermissionGranted();
 
   if (!allowed) {
     *aRejectedReason = blockedReason;
   } else {
     if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug) &&
-        aWindow->HasStorageAccessGranted()) {
+        aWindow->HasStorageAccessPermissionGranted()) {
       LOG(("Permission stored in the window. All good."));
     }
   }
 
   return allowed;
 }
 
 bool ContentBlocking::ShouldAllowAccessFor(nsIChannel* aChannel, nsIURI* aURI,
@@ -1140,25 +1141,25 @@ bool ContentBlocking::ShouldAllowAccessF
 
   nsAutoCString trackingOrigin;
   rv = nsContentUtils::GetASCIIOrigin(trackingURI, trackingOrigin);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     LOG_SPEC(("Failed to compute the origin from %s", _spec), trackingURI);
     return false;
   }
 
-  // HasStorageAccessGranted only applies to channels that load documents,
-  // for sub-resources loads, just returns the result from loadInfo.
+  // HasStorageAccessPermissionGranted only applies to channels that load
+  // documents, for sub-resources loads, just returns the result from loadInfo.
   bool isDocument = false;
   aChannel->GetIsDocument(&isDocument);
 
   if (isDocument) {
     nsCOMPtr<nsPIDOMWindowInner> inner =
         AntiTrackingUtils::GetInnerWindow(targetBC);
-    if (inner && inner->HasStorageAccessGranted()) {
+    if (inner && inner->HasStorageAccessPermissionGranted()) {
       LOG(("Permission stored in the window. All good."));
       return true;
     }
   }
 
   bool allowed = loadInfo->GetHasStoragePermission();
   if (!allowed) {
     *aRejectedReason = blockedReason;