Bug 1558394 - Pass the TriggeringSandboxFlags to nsILoadinfo r=ckerschb,smaug,necko-reviewers,valentin
☠☠ backed out by c6808d59644c ☠ ☠
authorSebastian Streich <sstreich@mozilla.com>
Thu, 14 May 2020 10:04:44 +0000
changeset 593605 80a0ea17c9f8c6db0b01918d5d3e7b2f4b90c3be
parent 593604 4dd20d7e4ed3864c31e5182d458b4d66012ca228
child 593606 5889105bd08941784888442e638829a2561f900c
push id13186
push userffxbld-merge
push dateMon, 01 Jun 2020 09:52:46 +0000
treeherdermozilla-beta@3e7c70a1e4a1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb, smaug, necko-reviewers, valentin
bugs1558394
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1558394 - Pass the TriggeringSandboxFlags to nsILoadinfo r=ckerschb,smaug,necko-reviewers,valentin Add triggering Sandbox flags to loadinfo *** Pass triggering Flags into Loadinfo Differential Revision: https://phabricator.services.mozilla.com/D69588
browser/base/content/browser.js
docshell/base/nsDocShell.cpp
docshell/base/nsDocShellLoadState.cpp
docshell/base/nsDocShellLoadState.h
dom/base/LocationBase.cpp
dom/clients/manager/ClientNavigateOpChild.cpp
dom/ipc/DOMTypes.ipdlh
dom/webidl/LoadURIOptions.webidl
ipc/glue/BackgroundUtils.cpp
netwerk/base/LoadInfo.cpp
netwerk/base/LoadInfo.h
netwerk/base/TRRLoadInfo.cpp
netwerk/base/nsILoadInfo.idl
netwerk/ipc/DocumentLoadListener.cpp
netwerk/ipc/NeckoChannelParams.ipdlh
toolkit/components/windowwatcher/nsWindowWatcher.cpp
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -1501,17 +1501,17 @@ function _loadURI(browser, uri, params =
   }
 
   let { triggeringPrincipal, referrerInfo, postData, userContextId, csp } =
     params || {};
   let loadFlags =
     params.loadFlags || params.flags || Ci.nsIWebNavigation.LOAD_FLAGS_NONE;
   let hasValidUserGestureActivation =
     document.hasValidTransientUserGestureActivation;
-
+  let triggeringSandboxFlags = document.sandboxFlags;
   if (!triggeringPrincipal) {
     throw new Error("Must load with a triggering Principal");
   }
 
   if (userContextId && userContextId != browser.getAttribute("usercontextid")) {
     throw new Error("Cannot load with mismatched userContextId");
   }
 
@@ -1543,16 +1543,17 @@ function _loadURI(browser, uri, params =
   }
   let loadURIOptions = {
     triggeringPrincipal,
     csp,
     loadFlags,
     referrerInfo,
     postData,
     hasValidUserGestureActivation,
+    triggeringSandboxFlags,
   };
   try {
     if (!mustChangeProcess) {
       browser.webNavigation.loadURI(uri, loadURIOptions);
     } else {
       // Check if the current browser is allowed to unload.
       let { permitUnload, timedOut } = browser.permitUnload();
       if (!timedOut && !permitUnload) {
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -3885,23 +3885,25 @@ nsresult nsDocShell::LoadErrorPage(nsIUR
     // Abandon mLSHE's BFCache entry and create a new one.  This way, if
     // we go back or forward to another SHEntry with the same doc
     // identifier, the error page won't persist.
     mLSHE->AbandonBFCacheEntry();
   }
 
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(aErrorURI);
   loadState->SetTriggeringPrincipal(nsContentUtils::GetSystemPrincipal());
+  if (mBrowsingContext) {
+    loadState->SetTriggeringSandboxFlags(mBrowsingContext->GetSandboxFlags());
+  }
   loadState->SetLoadType(LOAD_ERROR_PAGE);
   loadState->SetFirstParty(true);
   loadState->SetSourceBrowsingContext(mBrowsingContext);
   loadState->SetHasValidUserGestureActivation(
       mBrowsingContext &&
       mBrowsingContext->HasValidTransientUserGestureActivation());
-
   return InternalLoad(loadState, nullptr, nullptr);
 }
 
 NS_IMETHODIMP
 nsDocShell::Reload(uint32_t aReloadFlags) {
   if (!IsNavigationAllowed()) {
     return NS_OK;  // JS may not handle returning of an error code
   }
@@ -3944,16 +3946,17 @@ nsDocShell::Reload(uint32_t aReloadFlags
     nsAutoString srcdoc;
     nsIURI* baseURI = nullptr;
     nsCOMPtr<nsIURI> originalURI;
     nsCOMPtr<nsIURI> resultPrincipalURI;
     bool loadReplace = false;
 
     nsIPrincipal* triggeringPrincipal = doc->NodePrincipal();
     nsCOMPtr<nsIContentSecurityPolicy> csp = doc->GetCsp();
+    uint32_t triggeringSandboxFlags = doc->GetSandboxFlags();
 
     nsAutoString contentTypeHint;
     doc->GetContentType(contentTypeHint);
 
     if (doc->IsSrcdocDocument()) {
       doc->GetSrcdocData(srcdoc);
       flags |= INTERNAL_LOAD_FLAGS_IS_SRCDOC;
       baseURI = doc->GetBaseURI();
@@ -3986,16 +3989,17 @@ nsDocShell::Reload(uint32_t aReloadFlags
     emplacedResultPrincipalURI.emplace(std::move(resultPrincipalURI));
 
     RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(currentURI);
     loadState->SetReferrerInfo(mReferrerInfo);
     loadState->SetOriginalURI(originalURI);
     loadState->SetMaybeResultPrincipalURI(emplacedResultPrincipalURI);
     loadState->SetLoadReplace(loadReplace);
     loadState->SetTriggeringPrincipal(triggeringPrincipal);
+    loadState->SetTriggeringSandboxFlags(triggeringSandboxFlags);
     loadState->SetPrincipalToInherit(triggeringPrincipal);
     loadState->SetCsp(csp);
     loadState->SetLoadFlags(flags);
     loadState->SetTypeHint(NS_ConvertUTF16toUTF8(contentTypeHint));
     loadState->SetLoadType(loadType);
     loadState->SetFirstParty(true);
     loadState->SetSrcdocData(srcdoc);
     loadState->SetSourceBrowsingContext(mBrowsingContext);
@@ -5019,16 +5023,17 @@ nsDocShell::ForceRefreshURI(nsIURI* aURI
     }
     principal = doc->NodePrincipal();
   }
   loadState->SetTriggeringPrincipal(principal);
   if (doc) {
     loadState->SetCsp(doc->GetCsp());
     loadState->SetHasValidUserGestureActivation(
         doc->HasValidTransientUserGestureActivation());
+    loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
   }
 
   loadState->SetPrincipalIsExplicit(true);
 
   /* Check if this META refresh causes a redirection
    * to another site.
    */
   bool equalUri = false;
@@ -8156,16 +8161,18 @@ nsresult nsDocShell::PerformRetargeting(
       aLoadState->GetMaybeResultPrincipalURI(resultPrincipalURI);
 
       loadState->SetMaybeResultPrincipalURI(resultPrincipalURI);
       loadState->SetKeepResultPrincipalURIIfSet(
           aLoadState->KeepResultPrincipalURIIfSet());
       // LoadReplace will always be false due to asserts above, skip setting
       // it.
       loadState->SetTriggeringPrincipal(aLoadState->TriggeringPrincipal());
+      loadState->SetTriggeringSandboxFlags(
+          aLoadState->TriggeringSandboxFlags());
       loadState->SetCsp(aLoadState->Csp());
       loadState->SetInheritPrincipal(
           aLoadState->HasLoadFlags(INTERNAL_LOAD_FLAGS_INHERIT_PRINCIPAL));
       // Explicit principal because we do not want any guesses as to what the
       // principal to inherit is: it should be aTriggeringPrincipal.
       loadState->SetPrincipalIsExplicit(true);
       loadState->SetLoadType(LOAD_LINK);
       loadState->SetForceAllowDataURI(
@@ -9628,16 +9635,17 @@ nsresult nsDocShell::DoURILoad(nsDocShel
   // in case this docshell load was triggered by a valid transient user gesture,
   // or also the load originates from external, then we pass that information on
   // to the loadinfo, which allows e.g. setting Sec-Fetch-User request headers.
   if (mBrowsingContext->HasValidTransientUserGestureActivation() ||
       aLoadState->HasValidUserGestureActivation() ||
       aLoadState->HasLoadFlags(LOAD_FLAGS_FROM_EXTERNAL)) {
     loadInfo->SetHasValidUserGestureActivation(true);
   }
+  loadInfo->SetTriggeringSandboxFlags(aLoadState->TriggeringSandboxFlags());
 
   /* Get the cache Key from SH */
   uint32_t cacheKey = 0;
   if (mLSHE) {
     cacheKey = mLSHE->GetCacheKey();
   } else if (mOSHE) {  // for reload cases
     cacheKey = mOSHE->GetCacheKey();
   }
@@ -11878,16 +11886,21 @@ nsresult nsDocShell::OnLinkClickSync(
     }
   }
 
   // if the triggeringPrincipal is not passed explicitly, then we
   // fall back to using doc->NodePrincipal() as the triggeringPrincipal.
   nsCOMPtr<nsIPrincipal> triggeringPrincipal =
       aTriggeringPrincipal ? aTriggeringPrincipal : aContent->NodePrincipal();
 
+  uint32_t triggeringSandboxFlags = 0;
+  if (mBrowsingContext) {
+    triggeringSandboxFlags = mBrowsingContext->GetSandboxFlags();
+  }
+
   nsCOMPtr<nsIContentSecurityPolicy> csp = aCsp;
   if (!csp) {
     // Currently, if no csp is passed explicitly we fall back to querying the
     // CSP from the document.
     csp = aContent->GetCsp();
   }
 
   uint32_t flags = INTERNAL_LOAD_FLAGS_NONE;
@@ -11978,16 +11991,17 @@ nsresult nsDocShell::OnLinkClickSync(
 
   nsCOMPtr<nsIReferrerInfo> referrerInfo =
       isElementAnchorOrArea ? new ReferrerInfo(*aContent->AsElement())
                             : new ReferrerInfo(*referrerDoc);
 
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(aURI);
   loadState->SetReferrerInfo(referrerInfo);
   loadState->SetTriggeringPrincipal(triggeringPrincipal);
+  loadState->SetTriggeringSandboxFlags(triggeringSandboxFlags);
   loadState->SetPrincipalToInherit(aContent->NodePrincipal());
   loadState->SetCsp(csp);
   loadState->SetLoadFlags(flags);
   loadState->SetTarget(aTargetSpec);
   loadState->SetTypeHint(NS_ConvertUTF16toUTF8(typeHint));
   loadState->SetFileName(aFileName);
   loadState->SetPostDataStream(aPostDataStream);
   loadState->SetHeadersStream(aHeadersDataStream);
--- a/docshell/base/nsDocShellLoadState.cpp
+++ b/docshell/base/nsDocShellLoadState.cpp
@@ -89,16 +89,17 @@ nsDocShellLoadState::nsDocShellLoadState
       mLoadType(LOAD_NORMAL),
       mTarget(),
       mSrcdocData(VoidString()),
       mLoadFlags(0),
       mFirstParty(false),
       mHasValidUserGestureActivation(false),
       mTypeHint(VoidCString()),
       mFileName(VoidString()),
+      mTriggeringSandboxFlags(0),
       mIsFromProcessingFrameAttributes(false),
       mLoadIdentifier(0) {
   MOZ_ASSERT(aURI, "Cannot create a LoadState with a null URI!");
 }
 
 nsDocShellLoadState::nsDocShellLoadState(
     const DocShellLoadStateInit& aLoadState) {
   MOZ_ASSERT(aLoadState.URI(), "Cannot create a LoadState with a null URI!");
@@ -123,16 +124,17 @@ nsDocShellLoadState::nsDocShellLoadState
   mReferrerInfo = aLoadState.ReferrerInfo();
   mURI = aLoadState.URI();
   mOriginalURI = aLoadState.OriginalURI();
   mSourceBrowsingContext = aLoadState.SourceBrowsingContext();
   mBaseURI = aLoadState.BaseURI();
   mTriggeringPrincipal = aLoadState.TriggeringPrincipal();
   mPrincipalToInherit = aLoadState.PrincipalToInherit();
   mStoragePrincipalToInherit = aLoadState.StoragePrincipalToInherit();
+  mTriggeringSandboxFlags = aLoadState.TriggeringSandboxFlags();
   mCsp = aLoadState.Csp();
   mOriginalURIString = aLoadState.OriginalURIString();
   mCancelContentJSEpoch = aLoadState.CancelContentJSEpoch();
   mPostDataStream = aLoadState.PostDataStream();
   mHeadersStream = aLoadState.HeadersStream();
   mSrcdocData = aLoadState.SrcdocData();
   mLoadIdentifier = aLoadState.LoadIdentifier();
   if (!aLoadState.SHEntry() || !StaticPrefs::fission_sessionHistoryInParent()) {
@@ -344,16 +346,17 @@ nsresult nsDocShellLoadState::CreateFrom
   } else {
     loadState->SetLoadType(MAKE_LOAD_TYPE(LOAD_NORMAL, loadFlags));
   }
 
   loadState->SetLoadFlags(extraFlags);
   loadState->SetFirstParty(true);
   loadState->SetHasValidUserGestureActivation(
       aLoadURIOptions.mHasValidUserGestureActivation);
+  loadState->SetTriggeringSandboxFlags(aLoadURIOptions.mTriggeringSandboxFlags);
   loadState->SetPostDataStream(postData);
   loadState->SetHeadersStream(aLoadURIOptions.mHeaders);
   loadState->SetBaseURI(aLoadURIOptions.mBaseURI);
   loadState->SetTriggeringPrincipal(aLoadURIOptions.mTriggeringPrincipal);
   loadState->SetCsp(aLoadURIOptions.mCsp);
   loadState->SetForceAllowDataURI(forceAllowDataURI);
   loadState->SetOriginalURIString(uriString);
   if (aLoadURIOptions.mCancelContentJSEpoch) {
@@ -447,16 +450,24 @@ void nsDocShellLoadState::SetStoragePrin
 }
 
 void nsDocShellLoadState::SetCsp(nsIContentSecurityPolicy* aCsp) {
   mCsp = aCsp;
 }
 
 nsIContentSecurityPolicy* nsDocShellLoadState::Csp() const { return mCsp; }
 
+void nsDocShellLoadState::SetTriggeringSandboxFlags(uint32_t flags) {
+  mTriggeringSandboxFlags = flags;
+}
+
+uint32_t nsDocShellLoadState::TriggeringSandboxFlags() const {
+  return mTriggeringSandboxFlags;
+}
+
 bool nsDocShellLoadState::InheritPrincipal() const { return mInheritPrincipal; }
 
 void nsDocShellLoadState::SetInheritPrincipal(bool aInheritPrincipal) {
   mInheritPrincipal = aInheritPrincipal;
 }
 
 bool nsDocShellLoadState::PrincipalIsExplicit() const {
   return mPrincipalIsExplicit;
@@ -863,16 +874,17 @@ DocShellLoadStateInit nsDocShellLoadStat
       mIsFromProcessingFrameAttributes;
   loadState.URI() = mURI;
   loadState.OriginalURI() = mOriginalURI;
   loadState.SourceBrowsingContext() = mSourceBrowsingContext;
   loadState.BaseURI() = mBaseURI;
   loadState.TriggeringPrincipal() = mTriggeringPrincipal;
   loadState.PrincipalToInherit() = mPrincipalToInherit;
   loadState.StoragePrincipalToInherit() = mStoragePrincipalToInherit;
+  loadState.TriggeringSandboxFlags() = mTriggeringSandboxFlags;
   loadState.Csp() = mCsp;
   loadState.OriginalURIString() = mOriginalURIString;
   loadState.CancelContentJSEpoch() = mCancelContentJSEpoch;
   loadState.ReferrerInfo() = mReferrerInfo;
   loadState.PostDataStream() = mPostDataStream;
   loadState.HeadersStream() = mHeadersStream;
   loadState.SrcdocData() = mSrcdocData;
   loadState.ResultPrincipalURI() = mResultPrincipalURI;
--- a/docshell/base/nsDocShellLoadState.h
+++ b/docshell/base/nsDocShellLoadState.h
@@ -90,16 +90,20 @@ class nsDocShellLoadState final {
   bool LoadReplace() const;
 
   void SetLoadReplace(bool aLoadReplace);
 
   nsIPrincipal* TriggeringPrincipal() const;
 
   void SetTriggeringPrincipal(nsIPrincipal* aTriggeringPrincipal);
 
+  uint32_t TriggeringSandboxFlags() const;
+
+  void SetTriggeringSandboxFlags(uint32_t aTriggeringSandboxFlags);
+
   nsIContentSecurityPolicy* Csp() const;
 
   void SetCsp(nsIContentSecurityPolicy* aCsp);
 
   bool InheritPrincipal() const;
 
   void SetInheritPrincipal(bool aInheritPrincipal);
 
@@ -276,16 +280,21 @@ class nsDocShellLoadState final {
   // load to occur. In most cases the referrer and the triggeringPrincipal's URI
   // will be identical.
   //
   // Please note that this is the principal that is used for security checks. If
   // the argument aURI is provided by the web, then please do not pass a
   // SystemPrincipal as the triggeringPrincipal.
   nsCOMPtr<nsIPrincipal> mTriggeringPrincipal;
 
+  // The SandboxFlags of the load, that are, the SandboxFlags of the entity
+  // responsible for causing the load to occur. Most likely this are the
+  // SandboxFlags of the document that started the load.
+  uint32_t mTriggeringSandboxFlags;
+
   // The CSP of the load, that is, the CSP of the entity responsible for causing
   // the load to occur. Most likely this is the CSP of the document that started
   // the load. In case the entity starting the load did not use a CSP, then mCsp
   // can be null. Please note that this is also the CSP that will be applied to
   // the load in case the load encounters a server side redirect.
   nsCOMPtr<nsIContentSecurityPolicy> mCsp;
 
   // If a refresh is caused by http-equiv="refresh" we want to set
--- a/dom/base/LocationBase.cpp
+++ b/dom/base/LocationBase.cpp
@@ -94,16 +94,17 @@ already_AddRefed<nsDocShellLoadState> Lo
     principal->EqualsURI(docOriginalURI, &urisEqual);
   }
   if (urisEqual) {
     referrerInfo = new ReferrerInfo(docCurrentURI, referrerPolicy);
   } else {
     principal->CreateReferrerInfo(referrerPolicy, getter_AddRefs(referrerInfo));
   }
   loadState->SetTriggeringPrincipal(triggeringPrincipal);
+  loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
   loadState->SetCsp(doc->GetCsp());
   if (referrerInfo) {
     loadState->SetReferrerInfo(referrerInfo);
   }
   loadState->SetHasValidUserGestureActivation(
       doc->HasValidTransientUserGestureActivation());
 
   return loadState.forget();
--- a/dom/clients/manager/ClientNavigateOpChild.cpp
+++ b/dom/clients/manager/ClientNavigateOpChild.cpp
@@ -243,17 +243,17 @@ RefPtr<ClientOpPromise> ClientNavigateOp
     CopyableErrorResult result;
     result.ThrowInvalidStateError(
         "Document's browsing context has been discarded");
     return ClientOpPromise::CreateAndReject(result, __func__);
   }
 
   RefPtr<nsDocShellLoadState> loadState = new nsDocShellLoadState(url);
   loadState->SetTriggeringPrincipal(principal);
-
+  loadState->SetTriggeringSandboxFlags(doc->GetSandboxFlags());
   loadState->SetCsp(doc->GetCsp());
 
   auto referrerInfo = MakeRefPtr<ReferrerInfo>(*doc);
   loadState->SetReferrerInfo(referrerInfo);
   loadState->SetLoadType(LOAD_STOP_CONTENT);
   loadState->SetSourceBrowsingContext(docShell->GetBrowsingContext());
   loadState->SetLoadFlags(nsIWebNavigation::LOAD_FLAGS_NONE);
   loadState->SetFirstParty(true);
--- a/dom/ipc/DOMTypes.ipdlh
+++ b/dom/ipc/DOMTypes.ipdlh
@@ -266,16 +266,20 @@ struct DocShellLoadStateInit
   // of the document that started the load. In case the entity starting the
   // load did not use a CSP, then Csp can be null. Please note that this is
   // also the CSP that will be applied to the load in case the load
   // encounters a server side redirect.
   nsIContentSecurityPolicy Csp;
 
   MaybeDiscardedBrowsingContext SourceBrowsingContext;
 
+  // The TriggineringSandboxFlags are the SandboxFlags of the entity
+  // responsible for causing the load to occur.
+  uint32_t TriggeringSandboxFlags;
+
   nsCString? OriginalURIString;
   int32_t? CancelContentJSEpoch;
 
   nsIInputStream PostDataStream;
   nsIInputStream HeadersStream;
 
   nsString SrcdocData; // useless without sourcedocshell
   // This might be missing if serialization of session history entries is
--- a/dom/webidl/LoadURIOptions.webidl
+++ b/dom/webidl/LoadURIOptions.webidl
@@ -64,13 +64,18 @@ dictionary LoadURIOptions {
 
   /**
    * Set to indicate that the URI to be loaded was triggered by a user
    * action. (Mostly used in the context of Sec-Fetch-User).
    */
   boolean hasValidUserGestureActivation = false;
 
   /**
+   * The SandboxFlags of the entity thats
+   * responsible for causing the load.
+   */
+  long triggeringSandboxFlags = 0;
+  /**
    * If non-0, a value to pass to nsIDocShell::setCancelContentJSEpoch
    * when initiating the load.
    */
   long cancelContentJSEpoch = 0;
 };
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -507,16 +507,17 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadI
     maybeCspToInheritInfo.emplace(cspToInheritInfo);
   }
 
   *aOptionalLoadInfoArgs = Some(LoadInfoArgs(
       loadingPrincipalInfo, triggeringPrincipalInfo, principalToInheritInfo,
       sandboxedLoadingPrincipalInfo, topLevelPrincipalInfo,
       topLevelStorageAreaPrincipalInfo, optionalResultPrincipalURI,
       aLoadInfo->GetSecurityFlags(), aLoadInfo->GetSandboxFlags(),
+      aLoadInfo->GetTriggeringSandboxFlags(),
       aLoadInfo->InternalContentPolicyType(),
       static_cast<uint32_t>(aLoadInfo->GetTainting()),
       aLoadInfo->GetBlockAllMixedContent(),
       aLoadInfo->GetUpgradeInsecureRequests(),
       aLoadInfo->GetBrowserUpgradeInsecureRequests(),
       aLoadInfo->GetBrowserWouldUpgradeInsecureRequests(),
       aLoadInfo->GetForceAllowDataURI(),
       aLoadInfo->GetAllowInsecureRedirectToDataURI(),
@@ -732,17 +733,17 @@ nsresult LoadInfoArgsToLoadInfo(
   }
 
   RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(
       loadingPrincipal, triggeringPrincipal, principalToInherit,
       sandboxedLoadingPrincipal, topLevelPrincipal,
       topLevelStorageAreaPrincipal, resultPrincipalURI, cookieJarSettings,
       cspToInherit, clientInfo, reservedClientInfo, initialClientInfo,
       controller, loadInfoArgs.securityFlags(), loadInfoArgs.sandboxFlags(),
-      loadInfoArgs.contentPolicyType(),
+      loadInfoArgs.triggeringSandboxFlags(), loadInfoArgs.contentPolicyType(),
       static_cast<LoadTainting>(loadInfoArgs.tainting()),
       loadInfoArgs.blockAllMixedContent(),
       loadInfoArgs.upgradeInsecureRequests(),
       loadInfoArgs.browserUpgradeInsecureRequests(),
       loadInfoArgs.browserWouldUpgradeInsecureRequests(),
       loadInfoArgs.forceAllowDataURI(),
       loadInfoArgs.allowInsecureRedirectToDataURI(),
       loadInfoArgs.bypassCORSChecks(),
@@ -805,16 +806,17 @@ void LoadInfoToParentLoadInfoForwarder(
 
   *aForwarderArgsOut = ParentLoadInfoForwarderArgs(
       aLoadInfo->GetAllowInsecureRedirectToDataURI(),
       aLoadInfo->GetBypassCORSChecks(), ipcController, tainting,
       aLoadInfo->GetSkipContentSniffing(), aLoadInfo->GetHttpsOnlyStatus(),
       aLoadInfo->GetHasValidUserGestureActivation(),
       aLoadInfo->GetAllowDeprecatedSystemRequests(),
       aLoadInfo->GetParserCreatedScript(),
+      aLoadInfo->GetTriggeringSandboxFlags(),
       aLoadInfo->GetServiceWorkerTaintingSynthesized(),
       aLoadInfo->GetDocumentHasUserInteracted(),
       aLoadInfo->GetDocumentHasLoaded(),
       aLoadInfo->GetAllowListFutureDocumentsCreatedFromThisRedirectChain(),
       cookieJarSettingsArgs, aLoadInfo->GetRequestBlockingReason(),
       aLoadInfo->GetHasStoragePermission(),
       aLoadInfo->GetIsThirdPartyContextToTopWindow());
 }
@@ -844,16 +846,20 @@ nsresult MergeParentLoadInfoForwarder(
   }
 
   rv = aLoadInfo->SetSkipContentSniffing(aForwarderArgs.skipContentSniffing());
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = aLoadInfo->SetHttpsOnlyStatus(aForwarderArgs.httpsOnlyStatus());
   NS_ENSURE_SUCCESS(rv, rv);
 
+  rv = aLoadInfo->SetTriggeringSandboxFlags(
+      aForwarderArgs.triggeringSandboxFlags());
+  NS_ENSURE_SUCCESS(rv, rv);
+
   rv = aLoadInfo->SetHasValidUserGestureActivation(
       aForwarderArgs.hasValidUserGestureActivation());
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = aLoadInfo->SetAllowDeprecatedSystemRequests(
       aForwarderArgs.allowDeprecatedSystemRequests());
   NS_ENSURE_SUCCESS(rv, rv);
 
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -68,16 +68,17 @@ LoadInfo::LoadInfo(
                                                 : mLoadingPrincipal.get()),
       mPrincipalToInherit(nullptr),
       mClientInfo(aLoadingClientInfo),
       mController(aController),
       mLoadingContext(do_GetWeakReference(aLoadingContext)),
       mContextForTopLevelLoad(nullptr),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
+      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(aContentPolicyType),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
       mUpgradeInsecureRequests(false),
       mBrowserUpgradeInsecureRequests(false),
       mBrowserWouldUpgradeInsecureRequests(false),
       mForceAllowDataURI(false),
       mAllowInsecureRedirectToDataURI(false),
@@ -345,16 +346,17 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* a
                    nsISupports* aContextForTopLevelLoad,
                    nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags)
     : mLoadingPrincipal(nullptr),
       mTriggeringPrincipal(aTriggeringPrincipal),
       mPrincipalToInherit(nullptr),
       mContextForTopLevelLoad(do_GetWeakReference(aContextForTopLevelLoad)),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
+      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
       mUpgradeInsecureRequests(false),
       mBrowserUpgradeInsecureRequests(false),
       mBrowserWouldUpgradeInsecureRequests(false),
       mForceAllowDataURI(false),
       mAllowInsecureRedirectToDataURI(false),
@@ -451,16 +453,17 @@ LoadInfo::LoadInfo(dom::CanonicalBrowsin
                    uint64_t aOuterWindowID, nsSecurityFlags aSecurityFlags,
                    uint32_t aSandboxFlags)
     : mLoadingPrincipal(nullptr),
       mTriggeringPrincipal(aTriggeringPrincipal),
       mPrincipalToInherit(nullptr),
       mContextForTopLevelLoad(nullptr),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
+      mTriggeringSandboxFlags(0),
       mInternalContentPolicyType(nsIContentPolicy::TYPE_DOCUMENT),
       mTainting(LoadTainting::Basic),
       mBlockAllMixedContent(false),
       mUpgradeInsecureRequests(false),
       mBrowserUpgradeInsecureRequests(false),
       mBrowserWouldUpgradeInsecureRequests(false),
       mForceAllowDataURI(false),
       mAllowInsecureRedirectToDataURI(false),
@@ -732,16 +735,17 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
       // mReservedClientInfo must be handled specially during redirect
       // mInitialClientInfo must be handled specially during redirect
       mController(rhs.mController),
       mPerformanceStorage(rhs.mPerformanceStorage),
       mLoadingContext(rhs.mLoadingContext),
       mContextForTopLevelLoad(rhs.mContextForTopLevelLoad),
       mSecurityFlags(rhs.mSecurityFlags),
       mSandboxFlags(rhs.mSandboxFlags),
+      mTriggeringSandboxFlags(rhs.mTriggeringSandboxFlags),
       mInternalContentPolicyType(rhs.mInternalContentPolicyType),
       mTainting(rhs.mTainting),
       mBlockAllMixedContent(rhs.mBlockAllMixedContent),
       mUpgradeInsecureRequests(rhs.mUpgradeInsecureRequests),
       mBrowserUpgradeInsecureRequests(rhs.mBrowserUpgradeInsecureRequests),
       mBrowserWouldUpgradeInsecureRequests(
           rhs.mBrowserWouldUpgradeInsecureRequests),
       mForceAllowDataURI(rhs.mForceAllowDataURI),
@@ -797,19 +801,19 @@ LoadInfo::LoadInfo(
     nsIPrincipal* aTopLevelStorageAreaPrincipal, nsIURI* aResultPrincipalURI,
     nsICookieJarSettings* aCookieJarSettings,
     nsIContentSecurityPolicy* aCspToInherit,
     const Maybe<ClientInfo>& aClientInfo,
     const Maybe<ClientInfo>& aReservedClientInfo,
     const Maybe<ClientInfo>& aInitialClientInfo,
     const Maybe<ServiceWorkerDescriptor>& aController,
     nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
-    nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
-    bool aBlockAllMixedContent, bool aUpgradeInsecureRequests,
-    bool aBrowserUpgradeInsecureRequests,
+    uint32_t aTriggeringSandboxFlags, nsContentPolicyType aContentPolicyType,
+    LoadTainting aTainting, bool aBlockAllMixedContent,
+    bool aUpgradeInsecureRequests, bool aBrowserUpgradeInsecureRequests,
     bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
     bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
     bool aSkipContentPolicyCheckForWebRequest,
     bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
     uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
     uint64_t aTopOuterWindowID, uint64_t aFrameOuterWindowID,
     uint64_t aBrowsingContextID, uint64_t aFrameBrowsingContextID,
     bool aInitialSecurityCheckDone, bool aIsThirdPartyContext,
@@ -839,16 +843,17 @@ LoadInfo::LoadInfo(
       mCspToInherit(aCspToInherit),
       mClientInfo(aClientInfo),
       mReservedClientInfo(aReservedClientInfo),
       mInitialClientInfo(aInitialClientInfo),
       mController(aController),
       mLoadingContext(do_GetWeakReference(aLoadingContext)),
       mSecurityFlags(aSecurityFlags),
       mSandboxFlags(aSandboxFlags),
+      mTriggeringSandboxFlags(aTriggeringSandboxFlags),
       mInternalContentPolicyType(aContentPolicyType),
       mTainting(aTainting),
       mBlockAllMixedContent(aBlockAllMixedContent),
       mUpgradeInsecureRequests(aUpgradeInsecureRequests),
       mBrowserUpgradeInsecureRequests(aBrowserUpgradeInsecureRequests),
       mBrowserWouldUpgradeInsecureRequests(
           aBrowserWouldUpgradeInsecureRequests),
       mForceAllowDataURI(aForceAllowDataURI),
@@ -1078,16 +1083,28 @@ LoadInfo::GetSecurityFlags(nsSecurityFla
 
 NS_IMETHODIMP
 LoadInfo::GetSandboxFlags(uint32_t* aResult) {
   *aResult = mSandboxFlags;
   return NS_OK;
 }
 
 NS_IMETHODIMP
+LoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
+  *aResult = mTriggeringSandboxFlags;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+LoadInfo::SetTriggeringSandboxFlags(uint32_t aFlags) {
+  mTriggeringSandboxFlags = aFlags;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
 LoadInfo::GetSecurityMode(uint32_t* aFlags) {
   *aFlags =
       (mSecurityFlags & (nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS |
                          nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED |
                          nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
                          nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL |
                          nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS));
   return NS_OK;
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -141,16 +141,17 @@ class LoadInfo final : public nsILoadInf
            nsIURI* aResultPrincipalURI,
            nsICookieJarSettings* aCookieJarSettings,
            nsIContentSecurityPolicy* aCspToInherit,
            const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
            const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
            const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
            const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
            nsSecurityFlags aSecurityFlags, uint32_t aSandboxFlags,
+           uint32_t aTriggeringSandboxFlags,
            nsContentPolicyType aContentPolicyType, LoadTainting aTainting,
            bool aBlockAllMixedContent, bool aUpgradeInsecureRequests,
            bool aBrowserUpgradeInsecureRequests,
            bool aBrowserWouldUpgradeInsecureRequests, bool aForceAllowDataURI,
            bool aAllowInsecureRedirectToDataURI, bool aBypassCORSChecks,
            bool aSkipContentPolicyCheckForWebRequest,
            bool aForceInheritPrincipalDropped, uint64_t aInnerWindowID,
            uint64_t aOuterWindowID, uint64_t aParentOuterWindowID,
@@ -225,16 +226,17 @@ class LoadInfo final : public nsILoadInf
   Maybe<mozilla::dom::ClientInfo> mInitialClientInfo;
   Maybe<mozilla::dom::ServiceWorkerDescriptor> mController;
   RefPtr<mozilla::dom::PerformanceStorage> mPerformanceStorage;
 
   nsWeakPtr mLoadingContext;
   nsWeakPtr mContextForTopLevelLoad;
   nsSecurityFlags mSecurityFlags;
   uint32_t mSandboxFlags;
+  uint32_t mTriggeringSandboxFlags;
   nsContentPolicyType mInternalContentPolicyType;
   LoadTainting mTainting;
   bool mBlockAllMixedContent;
   bool mUpgradeInsecureRequests;
   bool mBrowserUpgradeInsecureRequests;
   bool mBrowserWouldUpgradeInsecureRequests;
   bool mForceAllowDataURI;
   bool mAllowInsecureRedirectToDataURI;
--- a/netwerk/base/TRRLoadInfo.cpp
+++ b/netwerk/base/TRRLoadInfo.cpp
@@ -87,16 +87,24 @@ NS_IMETHODIMP
 TRRLoadInfo::GetSecurityFlags(nsSecurityFlags* aResult) {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
 TRRLoadInfo::GetSandboxFlags(uint32_t* aResult) {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
+NS_IMETHODIMP
+TRRLoadInfo::GetTriggeringSandboxFlags(uint32_t* aResult) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+NS_IMETHODIMP
+TRRLoadInfo::SetTriggeringSandboxFlags(uint32_t aResult) {
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
 
 NS_IMETHODIMP
 TRRLoadInfo::GetSecurityMode(uint32_t* aFlags) {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP
 TRRLoadInfo::GetIsInThirdPartyContext(bool* aIsInThirdPartyContext) {
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -407,16 +407,22 @@ interface nsILoadInfo : nsISupports
 %}
 
   /**
    * The sandboxFlags of that channel.
    */
   [infallible] readonly attribute unsigned long sandboxFlags;
 
   /**
+  *   The TriggingSandboxFlags are the SandboxFlags of the entity
+  *   responsible for causing the load to occur.
+  */
+  [infallible] attribute unsigned long triggeringSandboxFlags;
+
+  /**
    * Allows to query only the security mode bits from above.
    */
   [infallible] readonly attribute unsigned long securityMode;
 
   /**
    * This flag is used for any browsing context where we should not sniff
    * the content type. E.g if an iframe has the XCTO nosniff header, then
    * that flag is set to true so we skip content sniffing for that browsing
--- a/netwerk/ipc/DocumentLoadListener.cpp
+++ b/netwerk/ipc/DocumentLoadListener.cpp
@@ -351,16 +351,17 @@ already_AddRefed<LoadInfo> DocumentLoadL
     OriginAttributes attrs;
     aBrowsingContext->GetOriginAttributes(attrs);
     loadInfo = new LoadInfo(aBrowsingContext, aLoadState->TriggeringPrincipal(),
                             attrs, aOuterWindowId, securityFlags, sandboxFlags);
   }
 
   loadInfo->SetHasValidUserGestureActivation(
       aLoadState->HasValidUserGestureActivation());
+  loadInfo->SetTriggeringSandboxFlags(aLoadState->TriggeringSandboxFlags());
 
   return loadInfo.forget();
 }
 
 CanonicalBrowsingContext* DocumentLoadListener::GetBrowsingContext() {
   if (!mParentChannelListener) {
     return nullptr;
   }
--- a/netwerk/ipc/NeckoChannelParams.ipdlh
+++ b/netwerk/ipc/NeckoChannelParams.ipdlh
@@ -74,16 +74,17 @@ struct LoadInfoArgs
   PrincipalInfo               triggeringPrincipalInfo;
   PrincipalInfo?              principalToInheritInfo;
   PrincipalInfo?              sandboxedLoadingPrincipalInfo;
   PrincipalInfo?              topLevelPrincipalInfo;
   PrincipalInfo?              topLevelStorageAreaPrincipalInfo;
   URIParams?                  resultPrincipalURI;
   uint32_t                    securityFlags;
   uint32_t                    sandboxFlags;
+  uint32_t                    triggeringSandboxFlags;
   uint32_t                    contentPolicyType;
   uint32_t                    tainting;
   bool                        blockAllMixedContent;
   bool                        upgradeInsecureRequests;
   bool                        browserUpgradeInsecureRequests;
   bool                        browserWouldUpgradeInsecureRequests;
   bool                        forceAllowDataURI;
   bool                        allowInsecureRedirectToDataURI;
@@ -201,16 +202,19 @@ struct ParentLoadInfoForwarderArgs
   // and all requests will be cancelled. Setting this flag to true prevents
   // the request from being cancelled.
   bool allowDeprecatedSystemRequests;
 
   // Only ever returns true if the loadinfo is of TYPE_SCRIPT and
   // the script was created by the HTML parser.
   bool parserCreatedScript;
 
+  // Sandbox Flags of the Document that triggered the load
+  uint32_t triggeringSandboxFlags;
+
   // We must also note that the tainting value was explicitly set
   // by the service worker.
   bool serviceWorkerTaintingSynthesized;
 
   bool documentHasUserInteracted;
   bool documentHasLoaded;
   bool allowListFutureDocumentsCreatedFromThisRedirectChain;
 
--- a/toolkit/components/windowwatcher/nsWindowWatcher.cpp
+++ b/toolkit/components/windowwatcher/nsWindowWatcher.cpp
@@ -1147,16 +1147,19 @@ nsresult nsWindowWatcher::OpenWindowInte
     // the original LoadState. See Bug 1515433.
     loadState->SetURI(uriToLoad);
   } else if (uriToLoad && aNavigate && !loadState) {
     loadState = new nsDocShellLoadState(uriToLoad);
 
     loadState->SetSourceBrowsingContext(parentBC);
     loadState->SetHasValidUserGestureActivation(
         parentBC && parentBC->HasValidTransientUserGestureActivation());
+    if (parentBC) {
+      loadState->SetTriggeringSandboxFlags(parentBC->GetSandboxFlags());
+    }
 
     if (subjectPrincipal) {
       loadState->SetTriggeringPrincipal(subjectPrincipal);
     }
 #ifndef ANDROID
     MOZ_ASSERT(subjectPrincipal,
                "nsWindowWatcher: triggeringPrincipal required");
 #endif