Bug 1125916 - Fix code that miss proper flags and originAttributes in LoadInfo. Also fix some tests. r=sicking, r=jduell
authorDragana Damjanovic <dd.mozilla@gmail.com>
Wed, 13 Apr 2016 15:34:36 +0200
changeset 331084 b8b7fa0549657d31f7bdf907683d72dd76b83ba2
parent 331083 1324f1d0dcd0c2730866c171c9e6beed007e17a8
child 331085 e3370e2233f6ac1f72880da995462cde1a0c98e6
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssicking, jduell
bugs1125916
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1125916 - Fix code that miss proper flags and originAttributes in LoadInfo. Also fix some tests. r=sicking, r=jduell
devtools/shared/DevToolsUtils.js
docshell/base/nsDocShell.cpp
dom/apps/Webapps.jsm
dom/html/HTMLMediaElement.cpp
image/imgLoader.cpp
image/test/unit/test_private_channel.js
netwerk/test/unit/test_cache_jar.js
netwerk/test/unit/test_cacheflags.js
netwerk/test/unit/test_cookiejars.js
netwerk/test/unit/test_packaged_app_channel.js
netwerk/test/unit/test_packaged_app_service.js
netwerk/test/unit_ipc/child_app_offline.js
toolkit/components/downloads/ApplicationReputation.cpp
--- a/devtools/shared/DevToolsUtils.js
+++ b/devtools/shared/DevToolsUtils.js
@@ -492,20 +492,43 @@ function mainThreadFetch(aURL, aOptions=
 
 /**
  * Opens a channel for given URL. Tries a bit harder than NetUtil.newChannel.
  *
  * @param {String} url - The URL to open a channel for.
  * @param {Object} options - The options object passed to @method fetch.
  * @return {nsIChannel} - The newly created channel. Throws on failure.
  */
-function newChannelForURL(url, { policy }) {
+function newChannelForURL(url, { policy, window }) {
+  var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+  if (window) {
+    // Respect private browsing.
+    var req = window.QueryInterface(Ci.nsIInterfaceRequestor)
+                    .getInterface(Ci.nsIWebNavigation)
+                    .QueryInterface(Ci.nsIDocumentLoader)
+                    .loadGroup;
+    if (req) {
+      var nc = req.notificationCallbacks;
+      if (nc) {
+        try {
+          var lc = nc.getInterface(Ci.nsILoadContext);
+          if (lc) {
+            if (lc.usePrivateBrowsing) {
+              securityFlags |= Ci.nsILoadInfo.SEC_FORCE_PRIVATE_BROWSING;
+            }
+          }
+        } catch(ex) {}
+      }
+    }
+  }
+
   let channelOptions = {
     contentPolicyType: policy,
     loadUsingSystemPrincipal: true,
+    securityFlags: securityFlags,
     uri: url
   };
 
   try {
     return NetUtil.newChannel(channelOptions);
   } catch (e) {
     // In the xpcshell tests, the script url is the absolute path of the test
     // file, which will make a malformed URI error be thrown. Add the file
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -10683,22 +10683,34 @@ nsDocShell::DoURILoad(nsIURI* aURI,
   nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
   if (inherit) {
     securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
   }
   if (isSandBoxed) {
     securityFlags |= nsILoadInfo::SEC_SANDBOXED;
   }
 
+  if (mInPrivateBrowsing) {
+    securityFlags |= nsILoadInfo::SEC_FORCE_PRIVATE_BROWSING;
+  }
+
   nsCOMPtr<nsILoadInfo> loadInfo =
     (aContentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) ?
       new LoadInfo(loadingWindow, triggeringPrincipal,
                    securityFlags) :
       new LoadInfo(loadingPrincipal, triggeringPrincipal, loadingNode,
                    securityFlags, aContentPolicyType);
+
+  // We have to do this in case our OriginAttributes are different from the
+  // OriginAttributes of the parent document. Or in case there isn't a
+  // parent document.
+  NeckoOriginAttributes neckoAttrs;
+  neckoAttrs.InheritFromDocShellToNecko(GetOriginAttributes());
+  loadInfo->SetOriginAttributes(neckoAttrs);
+
   if (!isSrcdoc) {
     rv = NS_NewChannelInternal(getter_AddRefs(channel),
                                aURI,
                                loadInfo,
                                nullptr,   // loadGroup
                                static_cast<nsIInterfaceRequestor*>(this),
                                loadFlags);
 
@@ -10712,16 +10724,17 @@ nsDocShell::DoURILoad(nsIURI* aURI,
         nsresult rv2 = mContentListener->OnStartURIOpen(aURI, &abort);
         if (NS_SUCCEEDED(rv2) && abort) {
           // Hey, they're handling the load for us!  How convenient!
           return NS_OK;
         }
       }
       return rv;
     }
+
     if (aBaseURI) {
         nsCOMPtr<nsIViewSourceChannel> vsc = do_QueryInterface(channel);
         if (vsc) {
             vsc->SetBaseURI(aBaseURI);
         }
     }
   } else {
     nsAutoCString scheme;
--- a/dom/apps/Webapps.jsm
+++ b/dom/apps/Webapps.jsm
@@ -2282,16 +2282,21 @@ this.DOMApplicationRegistry = {
 
     // Try to download a new manifest.
     function doRequest(oldManifest, headers) {
       headers = headers || [];
       let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
                   .createInstance(Ci.nsIXMLHttpRequest);
       xhr.open("GET", aData.manifestURL, true);
       xhr.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+      if (xhr.channel.loadInfo) {
+        xhr.channel.loadInfo.originAttributes = { appId: app.installerAppId,
+                                                  inIsolatedMozBrowser: app.installerIsBrowser
+                                                };
+      }
       headers.forEach(function(aHeader) {
         debug("Adding header: " + aHeader.name + ": " + aHeader.value);
         xhr.setRequestHeader(aHeader.name, aHeader.value);
       });
       xhr.responseType = "json";
       if (app.etag) {
         debug("adding manifest etag:" + app.etag);
         xhr.setRequestHeader("If-None-Match", app.etag);
@@ -2591,16 +2596,20 @@ this.DOMApplicationRegistry = {
       }
       return;
     }
 
     let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
                 .createInstance(Ci.nsIXMLHttpRequest);
     xhr.open("GET", app.manifestURL, true);
     xhr.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+    if (xhr.channel.loadInfo) {
+      xhr.channel.loadInfo.originAttributes = { appId: aData.appId,
+                                                inIsolatedMozBrowser: aData.isBrowser};
+    }
     xhr.channel.notificationCallbacks = AppsUtils.createLoadContext(aData.appId,
                                                                     aData.isBrowser);
     xhr.responseType = "json";
 
     xhr.addEventListener("load", (function() {
       if (xhr.status == 200) {
         if (!AppsUtils.checkManifestContentType(app.installOrigin, app.origin,
                                                 xhr.getResponseHeader("content-type"))) {
@@ -2706,16 +2715,20 @@ this.DOMApplicationRegistry = {
       }
       return;
     }
 
     let xhr = Cc["@mozilla.org/xmlextras/xmlhttprequest;1"]
                 .createInstance(Ci.nsIXMLHttpRequest);
     xhr.open("GET", app.manifestURL, true);
     xhr.channel.loadFlags |= Ci.nsIRequest.INHIBIT_CACHING;
+    if (xhr.channel.loadInfo) {
+      xhr.channel.loadInfo.originAttributes = { appId: aData.appId,
+                                                inIsolatedMozBrowser: aData.isBrowser};
+    }
     xhr.channel.notificationCallbacks = AppsUtils.createLoadContext(aData.appId,
                                                                     aData.isBrowser);
     xhr.responseType = "json";
 
     xhr.addEventListener("load", (function() {
       if (xhr.status == 200) {
         if (!AppsUtils.checkManifestContentType(app.installOrigin, app.origin,
                                                 xhr.getResponseHeader("content-type"))) {
--- a/dom/html/HTMLMediaElement.cpp
+++ b/dom/html/HTMLMediaElement.cpp
@@ -1302,32 +1302,50 @@ nsresult HTMLMediaElement::LoadResource(
   if (GetCORSMode() == CORS_USE_CREDENTIALS) {
     securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
   }
 
   MOZ_ASSERT(IsAnyOfHTMLElements(nsGkAtoms::audio, nsGkAtoms::video));
   nsContentPolicyType contentPolicyType = IsHTMLElement(nsGkAtoms::audio) ?
     nsIContentPolicy::TYPE_INTERNAL_AUDIO : nsIContentPolicy::TYPE_INTERNAL_VIDEO;
 
+  nsDocShell* docShellPtr;
+  if (docShell) {
+    docShellPtr = nsDocShell::Cast(docShell);
+    bool privateBrowsing;
+    docShellPtr->GetUsePrivateBrowsing(&privateBrowsing);
+    if (privateBrowsing) {
+      securityFlags |= nsILoadInfo::SEC_FORCE_PRIVATE_BROWSING;
+    }
+  }
+
   nsCOMPtr<nsILoadGroup> loadGroup = GetDocumentLoadGroup();
   nsCOMPtr<nsIChannel> channel;
   nsresult rv = NS_NewChannel(getter_AddRefs(channel),
                               mLoadingSrc,
                               static_cast<Element*>(this),
                               securityFlags,
                               contentPolicyType,
                               loadGroup,
                               nullptr,   // aCallbacks
                               nsICachingChannel::LOAD_BYPASS_LOCAL_CACHE_IF_BUSY |
                               nsIChannel::LOAD_MEDIA_SNIFFER_OVERRIDES_CONTENT_TYPE |
                               nsIChannel::LOAD_CLASSIFY_URI |
                               nsIChannel::LOAD_CALL_CONTENT_SNIFFERS);
 
   NS_ENSURE_SUCCESS(rv,rv);
 
+  // This is a workaround and it will be fix in bug 1264230.
+  nsCOMPtr<nsILoadInfo> loadInfo = channel->GetLoadInfo();
+  if (loadInfo) {
+    NeckoOriginAttributes originAttrs;
+    NS_GetOriginAttributes(channel, originAttrs);
+    loadInfo->SetOriginAttributes(originAttrs);
+  }
+
   // The listener holds a strong reference to us.  This creates a
   // reference cycle, once we've set mChannel, which is manually broken
   // in the listener's OnStartRequest method after it is finished with
   // the element. The cycle will also be broken if we get a shutdown
   // notification before OnStartRequest fires.  Necko guarantees that
   // OnStartRequest will eventually fire if we don't shut down first.
   RefPtr<MediaLoadListener> loadListener = new MediaLoadListener(this);
 
--- a/image/imgLoader.cpp
+++ b/image/imgLoader.cpp
@@ -712,17 +712,18 @@ NewImageChannel(nsIChannel** aResult,
                 nsIURI* aInitialDocumentURI,
                 nsIURI* aReferringURI,
                 ReferrerPolicy aReferrerPolicy,
                 nsILoadGroup* aLoadGroup,
                 const nsCString& aAcceptHeader,
                 nsLoadFlags aLoadFlags,
                 nsContentPolicyType aPolicyType,
                 nsIPrincipal* aLoadingPrincipal,
-                nsISupports* aRequestingContext)
+                nsISupports* aRequestingContext,
+                bool aRespectPrivacy)
 {
   MOZ_ASSERT(aResult);
 
   nsresult rv;
   nsCOMPtr<nsIHttpChannel> newHttpChannel;
 
   nsCOMPtr<nsIInterfaceRequestor> callbacks;
 
@@ -759,16 +760,20 @@ NewImageChannel(nsIChannel** aResult,
     triggeringPrincipal = nsContentUtils::GetSystemPrincipal();
   }
   nsCOMPtr<nsINode> requestingNode = do_QueryInterface(aRequestingContext);
   nsSecurityFlags securityFlags = nsILoadInfo::SEC_NORMAL;
   if (inherit) {
     securityFlags |= nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL;
   }
 
+  if (aRespectPrivacy) {
+    securityFlags |= nsILoadInfo::SEC_FORCE_PRIVATE_BROWSING;
+  }
+
   // Note we are calling NS_NewChannelWithTriggeringPrincipal() here with a
   // node and a principal. This is for things like background images that are
   // specified by user stylesheets, where the document is being styled, but
   // the principal is that of the user stylesheet.
   if (requestingNode) {
     rv = NS_NewChannelWithTriggeringPrincipal(aResult,
                                               aURI,
                                               requestingNode,
@@ -835,16 +840,31 @@ NewImageChannel(nsIChannel** aResult,
 
   nsCOMPtr<nsILoadGroup> loadGroup = do_CreateInstance(NS_LOADGROUP_CONTRACTID);
   nsCOMPtr<nsILoadGroupChild> childLoadGroup = do_QueryInterface(loadGroup);
   if (childLoadGroup) {
     childLoadGroup->SetParentLoadGroup(aLoadGroup);
   }
   (*aResult)->SetLoadGroup(loadGroup);
 
+  // This is a workaround and a real fix in bug 1264231.
+  if (callbacks) {
+    nsCOMPtr<nsILoadContext> loadContext = do_GetInterface(callbacks);
+    if (loadContext) {
+      nsCOMPtr<nsILoadInfo> loadInfo;
+      rv = (*aResult)->GetLoadInfo(getter_AddRefs(loadInfo));
+      NS_ENSURE_SUCCESS(rv, rv);
+      DocShellOriginAttributes originAttrs;
+      loadContext->GetOriginAttributes(originAttrs);
+      NeckoOriginAttributes neckoOriginAttrs;
+      neckoOriginAttrs.InheritFromDocShellToNecko(originAttrs);
+      loadInfo->SetOriginAttributes(neckoOriginAttrs);
+    }
+  }
+
   return NS_OK;
 }
 
 static uint32_t
 SecondsFromPRTime(PRTime prTime)
 {
   return uint32_t(int64_t(prTime) / int64_t(PR_USEC_PER_SEC));
 }
@@ -1616,17 +1636,18 @@ imgLoader::ValidateRequestWithNewChannel
                          aInitialDocumentURI,
                          aReferrerURI,
                          aReferrerPolicy,
                          aLoadGroup,
                          mAcceptHeader,
                          aLoadFlags,
                          aLoadPolicyType,
                          aLoadingPrincipal,
-                         aCX);
+                         aCX,
+                         mRespectPrivacy);
     if (NS_FAILED(rv)) {
       return false;
     }
 
     RefPtr<imgRequestProxy> req;
     rv = CreateNewProxyForRequest(request, aLoadGroup, aObserver,
                                   aLoadFlags, getter_AddRefs(req));
     if (NS_FAILED(rv)) {
@@ -2151,17 +2172,18 @@ imgLoader::LoadImage(nsIURI* aURI,
                          aInitialDocumentURI,
                          aReferrerURI,
                          aReferrerPolicy,
                          aLoadGroup,
                          mAcceptHeader,
                          requestFlags,
                          aContentPolicyType,
                          aLoadingPrincipal,
-                         aContext);
+                         aContext,
+                         mRespectPrivacy);
     if (NS_FAILED(rv)) {
       return NS_ERROR_FAILURE;
     }
 
     MOZ_ASSERT(NS_UsePrivateBrowsing(newChannel) == mRespectPrivacy);
 
     NewRequestAndEntry(forcePrincipalCheck, this, key,
                        getter_AddRefs(request),
--- a/image/test/unit/test_private_channel.js
+++ b/image/test/unit/test_private_channel.js
@@ -50,17 +50,22 @@ NotificationCallbacks.prototype = {
   },
   originAttributes: {}
 };
 
 var gImgPath = 'http://localhost:' + server.identity.primaryPort + '/image.png';
 
 function setup_chan(path, isPrivate, callback) {
   var uri = NetUtil.newURI(gImgPath);
-  var chan =  NetUtil.newChannel({uri: uri, loadUsingSystemPrincipal: true});
+  var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+  if (isPrivate) {
+    securityFlags |= Ci.nsILoadInfo.SEC_FORCE_PRIVATE_BROWSING;
+  }
+  var chan =  NetUtil.newChannel({uri: uri, loadUsingSystemPrincipal: true,
+                                  securityFlags: securityFlags});
   chan.notificationCallbacks = new NotificationCallbacks(isPrivate);
   var channelListener = new ChannelListener();
   chan.asyncOpen2(channelListener);
 
   var listener = new ImageListener(null, callback);
   var outlistener = {};
   var loader = isPrivate ? gPrivateLoader : gPublicLoader;
   var outer = Cc["@mozilla.org/image/tools;1"].getService(Ci.imgITools)
--- a/netwerk/test/unit/test_cache_jar.js
+++ b/netwerk/test/unit/test_cache_jar.js
@@ -17,16 +17,19 @@ function cached_handler(metadata, respon
   var body = "0123456789";
   response.bodyOutputStream.write(body, body.length);
   handlers_called++;
 }
 
 function makeChan(url, appId, inIsolatedMozBrowser) {
   var chan = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
                     .QueryInterface(Ci.nsIHttpChannel);
+  chan.loadInfo.originAttributes = { appId: appId,
+                                     inIsolatedMozBrowser: inIsolatedMozBrowser
+                                   };
   chan.notificationCallbacks = {
     appId: appId,
     isInIsolatedMozBrowserElement: inIsolatedMozBrowser,
     originAttributes: {
       appId: appId,
       inIsolatedMozBrowser: inIsolatedMozBrowser,
     },
     QueryInterface: function(iid) {
--- a/netwerk/test/unit/test_cacheflags.js
+++ b/netwerk/test/unit/test_cacheflags.js
@@ -39,20 +39,25 @@ LoadContext.prototype = {
   },
 
   originAttributes: {}
 };
 
 PrivateBrowsingLoadContext = new LoadContext(true);
 
 function make_channel(url, flags, usePrivateBrowsing) {
-  var req = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true});
+  var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+  if (usePrivateBrowsing) {
+    securityFlags |= Ci.nsILoadInfo.SEC_FORCE_PRIVATE_BROWSING;
+  }
+  var req = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true,
+                                securityFlags: securityFlags});
   req.loadFlags = flags;
   if (usePrivateBrowsing) {
-    req.notificationCallbacks = PrivateBrowsingLoadContext;    
+    req.notificationCallbacks = PrivateBrowsingLoadContext;
   }
   return req;
 }
 
 function Test(path, flags, expectSuccess, readFromCache, hitServer, 
               usePrivateBrowsing /* defaults to false */) {
   this.path = path;
   this.flags = flags;
--- a/netwerk/test/unit/test_cookiejars.js
+++ b/netwerk/test/unit/test_cookiejars.js
@@ -46,16 +46,19 @@ var tests = [
 ];
 
 // test number: index into 'tests' array
 var i = 0;
 
 function setupChannel(path)
 {
   var chan = NetUtil.newChannel({uri: URL + path, loadUsingSystemPrincipal: true});
+  chan.loadInfo.originAttributes = { appId: tests[i].loadContext.appId,
+                                     inIsolatedMozBrowser: tests[i].loadContext.isInIsolatedMozBrowserElement
+                                   };
   chan.notificationCallbacks = tests[i].loadContext;
   chan.QueryInterface(Ci.nsIHttpChannel);
   return chan;
 }
 
 function setCookie() {
   var channel = setupChannel(cookieSetPath);
   channel.setRequestHeader("foo-set-cookie", tests[i].cookieName, false);
--- a/netwerk/test/unit/test_packaged_app_channel.js
+++ b/netwerk/test/unit/test_packaged_app_channel.js
@@ -218,49 +218,61 @@ function run_test()
   add_test(test_channel_with_bad_signature);
 
   // run tests
   run_next_test();
 }
 
 function test_channel_with_bad_signature() {
   var channel = make_channel(uri+"/package_with_bad_signature!//index.html");
+  channel.loadInfo.originAttributes = { appId: 1024,
+                                        inIsolatedMozBrowser: false
+                                      };
   channel.notificationCallbacks = new LoadContextCallback(1024, false, false, false);
   channel.asyncOpen2(new Listener(function(l) {
     do_check_true(l.gotFileNotFound);
     run_next_test();
   }));
 }
 
 function test_channel_with_bad_signature_from_trusted_origin() {
   let pref = "network.http.signed-packages.trusted-origin";
   ok(!!Ci.nsISupportsString, "Ci.nsISupportsString");
   let origin = Cc["@mozilla.org/supports-string;1"].createInstance(Ci.nsISupportsString);
   origin.data = uri;
   Services.prefs.setComplexValue(pref, Ci.nsISupportsString, origin);
   var channel = make_channel(uri+"/package_with_bad_signature!//index.html");
+  channel.loadInfo.originAttributes = { appId: 1024,
+                                        inIsolatedMozBrowser: false
+                                      };
   channel.notificationCallbacks = new LoadContextCallback(1024, false, false, false);
   channel.asyncOpen2(new Listener(function(l) {
     do_check_true(l.gotStopRequestOK);
     Services.prefs.clearUserPref(pref);
     run_next_test();
   }));
 }
 
 function test_channel_with_good_signature() {
   var channel = make_channel(uri+"/package_with_good_signature!//index.html");
+  channel.loadInfo.originAttributes = { appId: 1024,
+                                        inIsolatedMozBrowser: false
+                                      };
   channel.notificationCallbacks = new LoadContextCallback(1024, false, false, false);
   channel.asyncOpen2(new Listener(function(l) {
     do_check_true(l.gotStopRequestOK);
     run_next_test();
   }));
 }
 
 function test_channel(aNullNotificationCallbacks) {
   var channel = make_channel(uri+"/package!//index.html");
+  channel.loadInfo.originAttributes = { appId: 1024,
+                                        inIsolatedMozBrowser: false
+                                      };
 
   if (!aNullNotificationCallbacks) {
     channel.notificationCallbacks = new LoadContextCallback(1024, false, false, false);
   }
 
   channel.asyncOpen2(new Listener(function(l) {
     // XXX: no content length available for this resource
     //do_check_true(channel.contentLength > 0);
--- a/netwerk/test/unit/test_packaged_app_service.js
+++ b/netwerk/test/unit/test_packaged_app_service.js
@@ -76,19 +76,25 @@ function getChannelForURL(url, notificat
   let tmpChannel =
     NetUtil.newChannel({
       uri: url,
       loadingPrincipal: principal,
       contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER
     });
 
   if (notificationCallbacks) {
+    tmpChannel.loadInfo.originAttributes = { appId: 1024,
+                                             inIsolatedMozBrowser: false
+                                           };
     // Use custom notificationCallbacks if any.
     tmpChannel.notificationCallbacks = notificationCallbacks;
   } else {
+    tmpChannel.loadInfo.originAttributes = { appId: principal.appId,
+                                             inIsolatedMozBrowser: principal.isInIsolatedMozBrowserElement
+                                           };
     tmpChannel.notificationCallbacks =
       new LoadContextCallback(principal.appId,
                               principal.isInIsolatedMozBrowserElement,
                               false,
                               false);
 
   }
   return tmpChannel;
--- a/netwerk/test/unit_ipc/child_app_offline.js
+++ b/netwerk/test/unit_ipc/child_app_offline.js
@@ -4,16 +4,19 @@ function inChildProcess() {
   return Cc["@mozilla.org/xre/app-info;1"]
            .getService(Ci.nsIXULRuntime)
            .processType != Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT;
 }
 
 function makeChan(url, appId, inIsolatedMozBrowser) {
   var chan = NetUtil.newChannel({uri: url, loadUsingSystemPrincipal: true})
                     .QueryInterface(Ci.nsIHttpChannel);
+  chan.loadInfo.originAttributes = { appId: appId,
+                                     inIsolatedMozBrowser: inIsolatedMozBrowser
+                                   };
   chan.notificationCallbacks = {
     appId: appId,
     isInIsolatedMozBrowserElement: inIsolatedMozBrowser,
     originAttributes: {
       appId: appId,
       inIsolatedMozBrowser: inIsolatedMozBrowser,
     },
     QueryInterface: function(iid) {
--- a/toolkit/components/downloads/ApplicationReputation.cpp
+++ b/toolkit/components/downloads/ApplicationReputation.cpp
@@ -983,16 +983,22 @@ PendingLookup::SendRemoteQueryInternal()
                         nullptr, // aLoadingNode
                         nsContentUtils::GetSystemPrincipal(),
                         nullptr, // aTriggeringPrincipal
                         nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                         nsIContentPolicy::TYPE_OTHER,
                         getter_AddRefs(mChannel));
   NS_ENSURE_SUCCESS(rv, rv);
 
+  nsCOMPtr<nsILoadInfo> loadInfo = mChannel->GetLoadInfo();
+  if (loadInfo) {
+    loadInfo->SetOriginAttributes(
+      mozilla::NeckoOriginAttributes(NECKO_SAFEBROWSING_APP_ID, false));
+  }
+
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel, &rv));
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Upload the protobuf to the application reputation service.
   nsCOMPtr<nsIUploadChannel2> uploadChannel = do_QueryInterface(mChannel, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   rv = uploadChannel->ExplicitSetUploadStream(sstream,