Bug 1560455 - rename CodebasePrincipal to ContentPrincipal. r=ckerschb
authorJonathan Kingston <jkt@mozilla.com>
Mon, 08 Jul 2019 16:37:45 +0000
changeset 545413 19acdaa55d35e394762897901955c92fd98fb4d8
parent 545412 85fbbb4d71057d5c684e76faf9eaa53c7914cac2
child 545414 4b67dff062c609b1b21398ba1944d2ad68e4baa2
push id2165
push userffxbld-merge
push dateMon, 14 Oct 2019 16:30:58 +0000
treeherdermozilla-release@0eae18af659f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersckerschb
bugs1560455
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1560455 - rename CodebasePrincipal to ContentPrincipal. r=ckerschb Differential Revision: https://phabricator.services.mozilla.com/D35504
browser/base/content/browser-contentblocking.js
browser/base/content/browser.js
browser/base/content/pageinfo/pageInfo.js
browser/base/content/tabbrowser.js
browser/base/content/test/alerts/browser_notification_open_settings.js
browser/base/content/test/caps/browser_principalSerialization_json.js
browser/base/content/test/contextMenu/browser_utilityOverlayPrincipal.js
browser/base/content/test/general/browser_gZipOfflineChild.js
browser/base/content/test/general/browser_offlineQuotaNotification.js
browser/base/content/test/general/browser_web_channel.js
browser/base/content/test/permissions/browser_canvas_fingerprinting_resistance.js
browser/base/content/test/plugins/browser_subframe_access_hidden_plugins.js
browser/base/content/test/sanitize/browser_cookiePermission_aboutURL.js
browser/base/content/test/sanitize/browser_sanitize-offlineData.js
browser/base/content/test/sanitize/browser_sanitizeDialog.js
browser/base/content/test/sanitize/head.js
browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
browser/base/content/utilityOverlay.js
browser/base/content/webext-panels.js
browser/components/contextualidentity/test/browser/browser_forgetAPI_quota_clearStoragesForPrincipal.js
browser/components/extensions/parent/ext-browsingData.js
browser/components/extensions/parent/ext-tabs.js
browser/components/originattributes/test/browser/browser_favicon_firstParty.js
browser/components/originattributes/test/browser/browser_favicon_userContextId.js
browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
browser/components/originattributes/test/browser/browser_firstPartyIsolation_about_newtab.js
browser/components/originattributes/test/browser/head.js
browser/components/preferences/in-content/tests/browser_bug795764_cachedisabled.js
browser/components/preferences/in-content/tests/siteData/browser_siteData.js
browser/components/preferences/in-content/tests/siteData/head.js
browser/components/preferences/permissions.js
browser/components/preferences/translation.js
browser/components/privatebrowsing/test/browser/browser_oa_private_browsing_window.js
browser/components/privatebrowsing/test/browser/browser_privatebrowsing_favicon.js
browser/components/safebrowsing/content/test/head.js
browser/components/sessionstore/SessionStore.jsm
browser/components/uitour/UITour.jsm
browser/extensions/pdfjs/content/PdfStreamConverter.jsm
browser/extensions/webcompat/AboutCompat.jsm
browser/modules/Sanitizer.jsm
browser/modules/SiteDataManager.jsm
browser/modules/SitePermissions.jsm
browser/modules/webrtcUI.jsm
build/win32/orderfile.txt
build/win64/orderfile.txt
caps/BasePrincipal.cpp
caps/BasePrincipal.h
caps/ContentPrincipal.cpp
caps/ContentPrincipal.h
caps/NullPrincipal.cpp
caps/nsIPrincipal.idl
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
caps/tests/gtest/TestPrincipalSerialization.cpp
caps/tests/mochitest/browser_checkloaduri.js
caps/tests/mochitest/test_addonMayLoad.html
caps/tests/unit/test_origin.js
devtools/client/inspector/shared/test/browser_styleinspector_csslogic-content-stylesheets.js
devtools/client/storage/test/head.js
devtools/client/webconsole/test/mochitest/browser_webconsole_trackingprotection_errors.js
devtools/client/webconsole/test/mochitest/browser_webconsole_warning_group_content_blocking.js
devtools/server/actors/storage.js
devtools/shared/DevToolsUtils.js
devtools/shared/indexed-db.js
devtools/shared/tests/unit/test_console_filtering.js
docshell/base/nsDocShell.cpp
docshell/base/nsDocShellLoadState.cpp
docshell/test/browser/browser_loadDisallowInherit.js
dom/base/ContentAreaDropListener.jsm
dom/base/Document.cpp
dom/base/Document.h
dom/base/Navigator.cpp
dom/base/nsContentSink.cpp
dom/base/nsContentUtils.cpp
dom/base/nsGlobalWindowOuter.cpp
dom/base/test/browser_multiple_popups.js
dom/base/test/unit/test_structuredcloneholder.js
dom/browser-element/mochitest/browserElement_Auth.js
dom/html/HTMLIFrameElement.cpp
dom/indexedDB/test/bug839193.js
dom/indexedDB/test/head.js
dom/indexedDB/test/unit/test_bad_origin_directory.js
dom/indexedDB/test/unit/test_idle_maintenance.js
dom/indexedDB/test/unit/test_metadata2Restore.js
dom/indexedDB/test/unit/test_metadataRestore.js
dom/indexedDB/test/unit/test_oldDirectories.js
dom/indexedDB/test/unit/test_open_for_principal.js
dom/indexedDB/test/unit/xpcshell-head-parent-process.js
dom/interfaces/storage/nsIStorageActivityService.idl
dom/ipc/ContentChild.cpp
dom/ipc/ContentParent.cpp
dom/localstorage/test/gtest/TestLocalStorage.cpp
dom/localstorage/test/unit/head.js
dom/media/DOMMediaStream.cpp
dom/media/MediaStreamTrack.cpp
dom/notification/test/mochitest/test_notification_insecure_context.html
dom/plugins/base/nsPluginInstanceOwner.cpp
dom/presentation/PresentationRequest.cpp
dom/push/PushRecord.jsm
dom/push/test/xpcshell/test_permissions.js
dom/push/test/xpcshell/test_quota_observer.js
dom/push/test/xpcshell/test_service_child.js
dom/quota/ActorsParent.cpp
dom/quota/test/head.js
dom/quota/test/unit/head.js
dom/script/ScriptLoader.cpp
dom/script/ScriptLoader.h
dom/security/featurepolicy/FeaturePolicy.cpp
dom/security/featurepolicy/FeaturePolicyParser.cpp
dom/security/featurepolicy/test/gtest/TestFeaturePolicyParser.cpp
dom/security/fuzztest/csp_fuzzer.cpp
dom/security/nsContentSecurityManager.cpp
dom/security/nsMixedContentBlocker.cpp
dom/security/test/general/test_bug1277803.xul
dom/security/test/gtest/TestCSPParser.cpp
dom/security/test/gtest/TestSecureContext.cpp
dom/security/test/unit/test_csp_reports.js
dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
dom/serviceworkers/ServiceWorkerInterceptController.cpp
dom/serviceworkers/ServiceWorkerManager.cpp
dom/serviceworkers/test/browser_storage_recovery.js
dom/serviceworkers/test/test_scopes.html
dom/storage/StorageActivityService.cpp
dom/tests/browser/browser_ConsoleAPI_originAttributes.js
dom/tests/browser/browser_localStorage_e10s.js
dom/tests/browser/browser_localStorage_snapshotting_e10s.js
dom/tests/mochitest/chrome/test_MozDomFullscreen_event.xul
dom/tests/mochitest/localstorage/localStorageCommon.js
dom/tests/mochitest/localstorage/test_localStorageFromChrome.xhtml
dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
extensions/permissions/nsPermission.cpp
extensions/permissions/nsPermission.h
extensions/permissions/nsPermissionManager.cpp
extensions/permissions/test/gtest/PermissionManagerTest.cpp
extensions/permissions/test/unit/test_permmanager_cleardata.js
extensions/permissions/test/unit/test_permmanager_defaults.js
extensions/permissions/test/unit/test_permmanager_expiration.js
extensions/permissions/test/unit/test_permmanager_getPermissionObject.js
extensions/permissions/test/unit/test_permmanager_idn.js
extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
extensions/permissions/test/unit/test_permmanager_local_files.js
extensions/permissions/test/unit/test_permmanager_matches.js
extensions/permissions/test/unit/test_permmanager_matchesuri.js
extensions/permissions/test/unit/test_permmanager_notifications.js
extensions/permissions/test/unit/test_permmanager_removesince.js
extensions/permissions/test/unit/test_permmanager_subdomains.js
image/test/unit/test_private_channel.js
ipc/glue/BackgroundUtils.cpp
js/xpconnect/loader/mozJSSubScriptLoader.cpp
js/xpconnect/src/Sandbox.cpp
js/xpconnect/src/XPCJSRuntime.cpp
js/xpconnect/tests/unit/test_allowedDomainsXHR.js
js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js
js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js
layout/build/nsContentDLF.h
layout/svg/SVGContextPaint.cpp
layout/tools/reftest/manifest.jsm
mobile/android/components/AboutRedirector.js
mobile/android/components/geckoview/GeckoViewPermission.js
mobile/android/extensions/webcompat/AboutCompat.jsm
mobile/android/modules/Sanitizer.jsm
mobile/android/modules/geckoview/GeckoViewNavigation.jsm
netwerk/base/Predictor.cpp
netwerk/base/nsILoadInfo.idl
netwerk/cookie/nsCookieService.cpp
netwerk/cookie/test/unit/test_rawSameSite.js
netwerk/protocol/http/HttpChannelParent.cpp
netwerk/protocol/res/SubstitutingProtocolHandler.h
netwerk/test/TestCookie.cpp
netwerk/test/gtest/TestMozURL.cpp
netwerk/test/unit/test_auth_dialog_permission.js
netwerk/test/unit/test_auth_jar.js
netwerk/test/unit/test_authentication.js
netwerk/test/unit/test_bug1195415.js
netwerk/test/unit/test_bug337744.js
netwerk/test/unit/test_cache2-32-clear-origin.js
netwerk/test/unit/test_cacheflags.js
netwerk/test/unit/test_fallback_no-cache-entry_canceled.js
netwerk/test/unit/test_fallback_no-cache-entry_passing.js
netwerk/test/unit/test_fallback_redirect-to-different-origin_canceled.js
netwerk/test/unit/test_fallback_redirect-to-different-origin_passing.js
netwerk/test/unit/test_fallback_request-error_canceled.js
netwerk/test/unit/test_fallback_request-error_passing.js
netwerk/test/unit/test_fallback_response-error_canceled.js
netwerk/test/unit/test_fallback_response-error_passing.js
netwerk/test/unit/test_offlinecache_custom-directory.js
netwerk/test/unit/test_permmgr.js
netwerk/test/unit/test_referrer.js
netwerk/test/unit/test_referrer_cross_origin.js
netwerk/test/unit/test_speculative_connect.js
netwerk/test/unit/test_suspend_channel_on_authRetry.js
netwerk/test/unit/test_trackingProtection_annotateChannels.js
services/sync/Weave.jsm
testing/specialpowers/content/SpecialPowersAPI.jsm
testing/web-platform/meta/infrastructure/server/__dir__.ini
testing/web-platform/meta/service-workers/service-worker/__dir__.ini
testing/web-platform/meta/websockets/__dir__.ini
testing/web-platform/meta/websockets/binary/__dir__.ini
testing/web-platform/meta/websockets/constructor/__dir__.ini
testing/web-platform/tests/tools/wptrunner/wptrunner/executors/executormarionette.py
toolkit/actors/WebChannelChild.jsm
toolkit/components/alerts/test/test_image.html
toolkit/components/antitracking/AntiTrackingCommon.cpp
toolkit/components/antitracking/ContentBlockingAllowList.jsm
toolkit/components/cleardata/ClearDataService.jsm
toolkit/components/cleardata/SiteDataTestUtils.jsm
toolkit/components/cleardata/tests/browser/browser_serviceworkers.js
toolkit/components/cleardata/tests/unit/test_cookies.js
toolkit/components/cleardata/tests/unit/test_downloads.js
toolkit/components/cleardata/tests/unit/test_network_cache.js
toolkit/components/cleardata/tests/unit/test_passwords.js
toolkit/components/cleardata/tests/unit/test_permissions.js
toolkit/components/cleardata/tests/unit/test_storage_permission.js
toolkit/components/extensions/Extension.jsm
toolkit/components/extensions/ExtensionChild.jsm
toolkit/components/extensions/ExtensionContent.jsm
toolkit/components/extensions/WebExtensionContentScript.h
toolkit/components/extensions/WebExtensionPolicy.cpp
toolkit/components/extensions/test/mochitest/head_unlimitedStorage.js
toolkit/components/extensions/test/xpcshell/head_sync.js
toolkit/components/extensions/test/xpcshell/test_ext_contentscript_triggeringPrincipal.js
toolkit/components/extensions/test/xpcshell/test_ext_contexts.js
toolkit/components/extensions/test/xpcshell/test_ext_trustworthy_origin.js
toolkit/components/extensions/test/xpcshell/test_ext_webRequest_suspend.js
toolkit/components/extensions/webrequest/ChannelWrapper.cpp
toolkit/components/normandy/content/AboutPages.jsm
toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
toolkit/components/passwordmgr/test/browser/browser_hasInsecureLoginForms_streamConverter.js
toolkit/components/passwordmgr/test/unit/test_LoginManagerParent_doAutocompleteSearch.js
toolkit/components/passwordmgr/test/unit/test_LoginManagerParent_getGeneratedPassword.js
toolkit/components/passwordmgr/test/unit/test_LoginManagerParent_onGeneratedPasswordFilled.js
toolkit/components/reader/ReaderMode.jsm
toolkit/components/remotebrowserutils/RemoteWebNavigation.jsm
toolkit/components/reputationservice/ApplicationReputation.cpp
toolkit/components/reputationservice/test/unit/test_app_rep.js
toolkit/components/search/SearchEngine.jsm
toolkit/components/sessionstore/SessionStoreUtils.cpp
toolkit/components/url-classifier/tests/mochitest/test_classifier.html
toolkit/components/url-classifier/tests/mochitest/test_classifier_match.html
toolkit/components/url-classifier/tests/unit/head_urlclassifier.js
toolkit/components/url-classifier/tests/unit/test_dbservice.js
toolkit/components/url-classifier/tests/unit/test_digest256.js
toolkit/components/url-classifier/tests/unit/test_shouldclassify.js
toolkit/components/viewsource/content/viewSourceUtils.js
toolkit/content/contentAreaUtils.js
toolkit/content/widgets/browser-custom-element.js
toolkit/forgetaboutsite/test/unit/test_removeDataFromDomain.js
toolkit/modules/BrowserUtils.jsm
toolkit/modules/E10SUtils.jsm
toolkit/modules/PermissionsUtils.jsm
toolkit/modules/tests/modules/MockDocument.jsm
toolkit/mozapps/extensions/AddonContentPolicy.cpp
toolkit/mozapps/extensions/test/xpcshell/test_permissions.js
toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js
uriloader/prefetch/nsOfflineCacheUpdateService.cpp
widget/android/nsAppShell.cpp
--- a/browser/base/content/browser-contentblocking.js
+++ b/browser/base/content/browser-contentblocking.js
@@ -723,17 +723,17 @@ var ThirdPartyCookies = {
       if (
         perm.type == "3rdPartyStorage^" + origin ||
         perm.type.startsWith("3rdPartyStorage^" + origin + "^")
       ) {
         return true;
       }
     }
 
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       origin
     );
     // Cookie exceptions get "inherited" from parent- to sub-domain, so we need to
     // make sure to include parent domains in the permission check for "cookies".
     return (
       Services.perms.testPermissionFromPrincipal(principal, "cookie") !=
       Services.perms.UNKNOWN_ACTION
     );
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -8309,17 +8309,17 @@ var CanvasPermissionPromptHelper = {
     }
 
     let message = gNavigatorBundle.getFormattedString(
       "canvas.siteprompt",
       ["<>"],
       1
     );
 
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       aData
     );
 
     function setCanvasPermission(aPerm, aPersistent) {
       Services.perms.addFromPrincipal(
         principal,
         "canvas",
         aPerm,
--- a/browser/base/content/pageinfo/pageInfo.js
+++ b/browser/base/content/pageinfo/pageInfo.js
@@ -405,17 +405,17 @@ function loadPageInfo(frameOuterWindowID
       .setAttribute("relatedUrl", docInfo.location);
 
     await makeGeneralTab(pageInfoData.metaViewRows, docInfo);
     if (
       uri.spec.startsWith("about:neterror") ||
       uri.spec.startsWith("about:certerror")
     ) {
       uri = browser.currentURI;
-      principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      principal = Services.scriptSecurityManager.createContentPrincipal(
         uri,
         browser.contentPrincipal.originAttributes
       );
     }
     onLoadPermission(uri, principal);
     securityOnLoad(uri, windowInfo);
   });
 
--- a/browser/base/content/tabbrowser.js
+++ b/browser/base/content/tabbrowser.js
@@ -6390,17 +6390,17 @@ var TabContextMenu = {
       : [this.contextTab];
 
     for (let tab of reopenedTabs) {
       if (tab.getAttribute("usercontextid") == userContextId) {
         continue;
       }
 
       /* Create a triggering principal that is able to load the new tab
-         For codebase principals that are about: chrome: or resource: we need system to load them.
+         For content principals that are about: chrome: or resource: we need system to load them.
          Anything other than system principal needs to have the new userContextId.
       */
       let triggeringPrincipal;
 
       if (tab.linkedPanel) {
         triggeringPrincipal = tab.linkedBrowser.contentPrincipal;
       } else {
         // For lazy tab browsers, get the original principal
@@ -6417,18 +6417,18 @@ var TabContextMenu = {
 
       if (!triggeringPrincipal || triggeringPrincipal.isNullPrincipal) {
         // Ensure that we have a null principal if we couldn't
         // deserialize it (for lazy tab browsers) ...
         // This won't always work however is safe to use.
         triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal(
           { userContextId }
         );
-      } else if (triggeringPrincipal.isCodebasePrincipal) {
-        triggeringPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+      } else if (triggeringPrincipal.isContentPrincipal) {
+        triggeringPrincipal = Services.scriptSecurityManager.createContentPrincipal(
           triggeringPrincipal.URI,
           { userContextId }
         );
       }
 
       let newTab = gBrowser.addTab(tab.linkedBrowser.currentURI.spec, {
         userContextId,
         pinned: tab.pinned,
--- a/browser/base/content/test/alerts/browser_notification_open_settings.js
+++ b/browser/base/content/test/alerts/browser_notification_open_settings.js
@@ -17,17 +17,17 @@ add_task(async function test_settingsOpe
       // Ensure preferences is loaded before removing the tab.
       let syncPaneLoadedPromise = TestUtils.topicObserved(
         "sync-pane-loaded",
         () => true
       );
       let tabPromise = BrowserTestUtils.waitForNewTab(gBrowser, expectedURL);
       info("simulate a notifications-open-settings notification");
       let uri = NetUtil.newURI("https://example.com");
-      let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let principal = Services.scriptSecurityManager.createContentPrincipal(
         uri,
         {}
       );
       Services.obs.notifyObservers(principal, "notifications-open-settings");
       let tab = await tabPromise;
       ok(tab, "The notification settings tab opened");
       await syncPaneLoadedPromise;
       BrowserTestUtils.removeTab(tab);
--- a/browser/base/content/test/caps/browser_principalSerialization_json.js
+++ b/browser/base/content/test/caps/browser_principalSerialization_json.js
@@ -71,55 +71,55 @@ add_task(async function test_nullPrincip
       );
     }
   }
 });
 
 add_task(async function test_contentPrincipal() {
   const contentId = "1";
   // fields
-  const codebase = 0;
+  const content = 0;
   // const domain = 1;
   const suffix = 2;
   // const csp = 3;
 
   /*
    This test should NOT be resilient to changes in versioning,
    however it exists purely to verify the code doesn't unintentionally change without updating versioning and migration code.
   */
   let tests = [
     {
       input: { uri: "http://example.com/", OA: {} },
-      expected: `{"${contentId}":{"${codebase}":"http://example.com/"}}`,
+      expected: `{"${contentId}":{"${content}":"http://example.com/"}}`,
     },
     {
       input: { uri: "http://mozilla1.com/", OA: {} },
-      expected: `{"${contentId}":{"${codebase}":"http://mozilla1.com/"}}`,
+      expected: `{"${contentId}":{"${content}":"http://mozilla1.com/"}}`,
     },
     {
       input: { uri: "http://mozilla2.com/", OA: { userContextId: 0 } },
-      expected: `{"${contentId}":{"${codebase}":"http://mozilla2.com/"}}`,
+      expected: `{"${contentId}":{"${content}":"http://mozilla2.com/"}}`,
     },
     {
       input: { uri: "http://mozilla3.com/", OA: { userContextId: 2 } },
-      expected: `{"${contentId}":{"${codebase}":"http://mozilla3.com/","${suffix}":"^userContextId=2"}}`,
+      expected: `{"${contentId}":{"${content}":"http://mozilla3.com/","${suffix}":"^userContextId=2"}}`,
     },
     {
       input: { uri: "http://mozilla4.com/", OA: { privateBrowsingId: 1 } },
-      expected: `{"${contentId}":{"${codebase}":"http://mozilla4.com/","${suffix}":"^privateBrowsingId=1"}}`,
+      expected: `{"${contentId}":{"${content}":"http://mozilla4.com/","${suffix}":"^privateBrowsingId=1"}}`,
     },
     {
       input: { uri: "http://mozilla5.com/", OA: { privateBrowsingId: 0 } },
-      expected: `{"${contentId}":{"${codebase}":"http://mozilla5.com/"}}`,
+      expected: `{"${contentId}":{"${content}":"http://mozilla5.com/"}}`,
     },
   ];
 
   for (let test of tests) {
     let uri = Services.io.newURI(test.input.uri);
-    let p = Services.scriptSecurityManager.createCodebasePrincipal(
+    let p = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       test.input.OA
     );
     let sp = E10SUtils.serializePrincipal(p);
     is(
       test.expected,
       atob(sp),
       "Expected serialized object for " + test.input.uri
--- a/browser/base/content/test/contextMenu/browser_utilityOverlayPrincipal.js
+++ b/browser/base/content/test/contextMenu/browser_utilityOverlayPrincipal.js
@@ -42,17 +42,17 @@ function test_openUILink_checkPrincipal(
         "sanity: correct triggeringPrincipal"
       );
       const principalToInherit = channel.loadInfo.principalToInherit;
       ok(
         principalToInherit.isNullPrincipal,
         "sanity: correct principalToInherit"
       );
       ok(
-        content.document.nodePrincipal.isCodebasePrincipal,
+        content.document.nodePrincipal.isContentPrincipal,
         "sanity: correct doc.nodePrincipal"
       );
       is(
         content.document.nodePrincipal.URI.asciiSpec,
         "http://example.com/",
         "sanity: correct doc.nodePrincipal URL"
       );
     });
--- a/browser/base/content/test/general/browser_gZipOfflineChild.js
+++ b/browser/base/content/test/general/browser_gZipOfflineChild.js
@@ -4,17 +4,17 @@
  */
 
 const URL =
   "http://mochi.test:8888/browser/browser/base/content/test/general/test_offline_gzip.html";
 
 registerCleanupFunction(function() {
   // Clean up after ourself
   let uri = Services.io.newURI(URL);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
   Services.perms.removeFromPrincipal(principal, "offline-app");
   Services.prefs.clearUserPref("offline-apps.allow_by_default");
 });
 
 //
--- a/browser/base/content/test/general/browser_offlineQuotaNotification.js
+++ b/browser/base/content/test/general/browser_offlineQuotaNotification.js
@@ -7,17 +7,17 @@
 // else the test runner gets in the way of notifications due to bug 857897.
 
 const URL =
   "http://mochi.test:8888/browser/browser/base/content/test/general/offlineQuotaNotification.html";
 
 registerCleanupFunction(function() {
   // Clean up after ourself
   let uri = Services.io.newURI(URL);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
   Services.perms.removeFromPrincipal(principal, "offline-app");
   Services.prefs.clearUserPref("offline-apps.quota.warn");
   Services.prefs.clearUserPref("offline-apps.allow_by_default");
   let { OfflineAppCacheHelper } = ChromeUtils.import(
     "resource://gre/modules/offlineAppCache.jsm"
--- a/browser/base/content/test/general/browser_web_channel.js
+++ b/browser/base/content/test/general/browser_web_channel.js
@@ -298,17 +298,17 @@ var gTests = [
           gBrowser,
           url: HTTP_PATH + HTTP_ENDPOINT + "?unsolicited",
         },
         async function(targetBrowser) {
           channel.send(
             { command: "unsolicited" },
             {
               browser: targetBrowser,
-              principal: Services.scriptSecurityManager.createCodebasePrincipal(
+              principal: Services.scriptSecurityManager.createContentPrincipal(
                 targetURI,
                 {}
               ),
             }
           );
 
           await messagePromise;
           channel.stopListening();
@@ -340,32 +340,32 @@ var gTests = [
 
       await BrowserTestUtils.withNewTab(
         {
           gBrowser,
           url: HTTP_PATH + HTTP_ENDPOINT + "?unsolicited",
         },
         async function(targetBrowser) {
           let mismatchURI = Services.io.newURI(HTTP_MISMATCH_PATH);
-          let mismatchPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+          let mismatchPrincipal = Services.scriptSecurityManager.createContentPrincipal(
             mismatchURI,
             {}
           );
 
           // send a message to the wrong principal. It should not be delivered
           // to content, and should not be echoed back.
           channel.send(
             { command: "unsolicited_no_response_expected" },
             {
               browser: targetBrowser,
               principal: mismatchPrincipal,
             }
           );
 
-          let targetPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+          let targetPrincipal = Services.scriptSecurityManager.createContentPrincipal(
             targetURI,
             {}
           );
 
           // send the `done` message to the correct principal. It
           // should be echoed back.
           channel.send(
             { command: "done" },
--- a/browser/base/content/test/permissions/browser_canvas_fingerprinting_resistance.js
+++ b/browser/base/content/test/permissions/browser_canvas_fingerprinting_resistance.js
@@ -2,17 +2,17 @@
  * When "privacy.resistFingerprinting" is set to true, user permission is
  * required for canvas data extraction.
  * This tests whether the site permission prompt for canvas data extraction
  * works properly.
  */
 "use strict";
 
 const kUrl = "https://example.com/";
-const kPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+const kPrincipal = Services.scriptSecurityManager.createContentPrincipal(
   Services.io.newURI(kUrl),
   {}
 );
 const kPermission = "canvas";
 
 function initTab() {
   let contentWindow = content.wrappedJSObject;
 
--- a/browser/base/content/test/plugins/browser_subframe_access_hidden_plugins.js
+++ b/browser/base/content/test/plugins/browser_subframe_access_hidden_plugins.js
@@ -27,17 +27,17 @@ add_task(async function setup() {
   });
 });
 
 add_task(async function test_plugin_accessible_in_subframe() {
   // Let's make it so that DOMAIN_1 allows the test plugin to
   // be activated. This permission will be cleaned up inside
   // our registerCleanupFunction when the test ends.
   let ssm = Services.scriptSecurityManager;
-  let principal = ssm.createCodebasePrincipalFromOrigin(DOMAIN_1);
+  let principal = ssm.createContentPrincipalFromOrigin(DOMAIN_1);
   let pluginHost = Cc["@mozilla.org/plugin/host;1"].getService(
     Ci.nsIPluginHost
   );
   let permString = pluginHost.getPermissionStringForType("application/x-test");
   Services.perms.addFromPrincipal(
     principal,
     permString,
     Ci.nsIPermissionManager.ALLOW_ACTION,
--- a/browser/base/content/test/sanitize/browser_cookiePermission_aboutURL.js
+++ b/browser/base/content/test/sanitize/browser_cookiePermission_aboutURL.js
@@ -2,17 +2,17 @@ const { Sanitizer } = ChromeUtils.import
 const { SiteDataTestUtils } = ChromeUtils.import(
   "resource://testing-common/SiteDataTestUtils.jsm"
 );
 
 function checkDataForAboutURL() {
   return new Promise(resolve => {
     let data = true;
     let uri = Services.io.newURI("about:newtab");
-    let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       {}
     );
     let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1);
     request.onupgradeneeded = function(e) {
       data = false;
     };
     request.onsuccess = function(e) {
@@ -44,17 +44,17 @@ add_task(async function deleteStorageInA
   // Cleaning up.
   await Sanitizer.runSanitizeOnShutdown();
 
   ok(await checkDataForAboutURL(), "about:newtab data is not deleted.");
 
   // Clean up.
   await Sanitizer.sanitize(["cookies", "offlineApps"]);
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "about:newtab"
   );
   await new Promise(aResolve => {
     let req = Services.qms.clearStoragesForPrincipal(principal);
     req.callback = () => {
       aResolve();
     };
   });
@@ -87,17 +87,17 @@ add_task(async function deleteStorageOnl
   // Cleaning up.
   await Sanitizer.runSanitizeOnShutdown();
 
   ok(await checkDataForAboutURL(), "about:newtab data is not deleted.");
 
   // Clean up.
   await Sanitizer.sanitize(["cookies", "offlineApps"]);
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "about:newtab"
   );
   await new Promise(aResolve => {
     let req = Services.qms.clearStoragesForPrincipal(principal);
     req.callback = () => {
       aResolve();
     };
   });
--- a/browser/base/content/test/sanitize/browser_sanitize-offlineData.js
+++ b/browser/base/content/test/sanitize/browser_sanitize-offlineData.js
@@ -25,17 +25,17 @@ const oneHour = 3600000000;
 const fiveHours = oneHour * 5;
 
 const itemsToClear = ["cookies", "offlineApps"];
 
 function hasIndexedDB(origin) {
   return new Promise(resolve => {
     let hasData = true;
     let uri = Services.io.newURI(origin);
-    let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       {}
     );
     let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1);
     request.onupgradeneeded = function(e) {
       hasData = false;
     };
     request.onsuccess = function(e) {
--- a/browser/base/content/test/sanitize/browser_sanitizeDialog.js
+++ b/browser/base/content/test/sanitize/browser_sanitizeDialog.js
@@ -488,17 +488,17 @@ add_task(async function test_form_entrie
   await wh.promiseClosed;
 });
 
 // Test for offline cache deletion
 add_task(async function test_offline_cache() {
   // Prepare stuff, we will work with www.example.com
   var URL = "http://www.example.com";
   var URI = makeURI(URL);
-  var principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
     URI,
     {}
   );
 
   // Give www.example.com privileges to store offline data
   Services.perms.addFromPrincipal(
     principal,
     "offline-app",
@@ -570,17 +570,17 @@ add_task(async function test_offline_cac
   await wh.promiseClosed;
 });
 
 // Test for offline apps permission deletion
 add_task(async function test_offline_apps_permissions() {
   // Prepare stuff, we will work with www.example.com
   var URL = "http://www.example.com";
   var URI = makeURI(URL);
-  var principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  var principal = Services.scriptSecurityManager.createContentPrincipal(
     URI,
     {}
   );
 
   let promiseSanitized = promiseSanitizationComplete();
 
   // Open the dialog
   let wh = new WindowHelper();
--- a/browser/base/content/test/sanitize/head.js
+++ b/browser/base/content/test/sanitize/head.js
@@ -7,28 +7,28 @@ XPCOMUtils.defineLazyModuleGetters(this,
   FormHistory: "resource://gre/modules/FormHistory.jsm",
   PlacesUtils: "resource://gre/modules/PlacesUtils.jsm",
   Sanitizer: "resource:///modules/Sanitizer.jsm",
   SiteDataTestUtils: "resource://testing-common/SiteDataTestUtils.jsm",
 });
 
 function createIndexedDB(host, originAttributes) {
   let uri = Services.io.newURI("https://" + host);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     originAttributes
   );
   return SiteDataTestUtils.addToIndexedDB(principal.origin);
 }
 
 function checkIndexedDB(host, originAttributes) {
   return new Promise(resolve => {
     let data = true;
     let uri = Services.io.newURI("https://" + host);
-    let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       originAttributes
     );
     let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1);
     request.onupgradeneeded = function(e) {
       data = false;
     };
     request.onsuccess = function(e) {
--- a/browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
+++ b/browser/base/content/test/trackingUI/browser_trackingUI_cookies_subview.js
@@ -285,17 +285,17 @@ add_task(async function testCookiesSubVi
   Services.prefs.clearUserPref(TPC_PREF);
 });
 
 add_task(async function testCookiesSubViewAllowed() {
   Services.prefs.setIntPref(
     TPC_PREF,
     Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER
   );
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "http://trackertest.org/"
   );
   Services.perms.addFromPrincipal(
     principal,
     "cookie",
     Services.perms.ALLOW_ACTION
   );
 
@@ -369,22 +369,22 @@ add_task(async function testCookiesSubVi
   Services.prefs.clearUserPref(TPC_PREF);
 });
 
 add_task(async function testCookiesSubViewAllowedHeuristic() {
   Services.prefs.setIntPref(
     TPC_PREF,
     Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER
   );
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "http://not-tracking.example.com/"
   );
 
   // Pretend that the tracker has already been interacted with
-  let trackerPrincipal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let trackerPrincipal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "http://trackertest.org/"
   );
   Services.perms.addFromPrincipal(
     trackerPrincipal,
     "storageAccessAPI",
     Services.perms.ALLOW_ACTION
   );
 
--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -441,17 +441,17 @@ function openLinkIn(url, where, params) 
   }
 
   // Teach the principal about the right OA to use, e.g. in case when
   // opening a link in a new private window, or in a new container tab.
   // Please note we do not have to do that for SystemPrincipals and we
   // can not do it for NullPrincipals since NullPrincipals are only
   // identical if they actually are the same object (See Bug: 1346759)
   function useOAForPrincipal(principal) {
-    if (principal && principal.isCodebasePrincipal) {
+    if (principal && principal.isContentPrincipal) {
       let attrs = {
         userContextId: aUserContextId,
         privateBrowsingId:
           aIsPrivate || (w && PrivateBrowsingUtils.isWindowPrivate(w)),
         firstPartyDomain: principal.originAttributes.firstPartyDomain,
       };
       return Services.scriptSecurityManager.principalWithOA(principal, attrs);
     }
--- a/browser/base/content/webext-panels.js
+++ b/browser/base/content/webext-panels.js
@@ -143,15 +143,15 @@ function loadPanel(extensionId, extensio
     uri: extensionUrl,
     extension: policy.extension,
     browserStyle,
     viewType: "sidebar",
   };
 
   getBrowser(sidebar).then(browser => {
     let uri = Services.io.newURI(policy.getURL());
-    let triggeringPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let triggeringPrincipal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       {}
     );
     browser.loadURI(extensionUrl, { triggeringPrincipal });
   });
 }
--- a/browser/components/contextualidentity/test/browser/browser_forgetAPI_quota_clearStoragesForPrincipal.js
+++ b/browser/components/contextualidentity/test/browser/browser_forgetAPI_quota_clearStoragesForPrincipal.js
@@ -131,17 +131,17 @@ add_task(async function test_quota_clear
 
   // Using quota manager to clear all indexed DB for a given domain.
   let caUtils = {};
   Services.scriptloader.loadSubScript(
     "chrome://global/content/contentAreaUtils.js",
     caUtils
   );
   let httpURI = caUtils.makeURI("http://" + TEST_HOST);
-  let httpPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal(
     httpURI,
     {}
   );
   let clearRequest = Services.qms.clearStoragesForPrincipal(
     httpPrincipal,
     null,
     null,
     true
--- a/browser/components/extensions/parent/ext-browsingData.js
+++ b/browser/components/extensions/parent/ext-browsingData.js
@@ -108,17 +108,17 @@ const clearIndexedDB = async function(op
   await new Promise((resolve, reject) => {
     quotaManagerService.getUsage(request => {
       if (request.resultCode != Cr.NS_OK) {
         reject({ message: "Clear indexedDB failed" });
         return;
       }
 
       for (let item of request.result) {
-        let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+        let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
           item.origin
         );
         let scheme = principal.URI.scheme;
         if (scheme == "http" || scheme == "https" || scheme == "file") {
           promises.push(
             new Promise((resolve, reject) => {
               let clearRequest = quotaManagerService.clearStoragesForPrincipal(
                 principal,
@@ -177,17 +177,17 @@ const clearLocalStorage = async function
     await new Promise((resolve, reject) => {
       quotaManagerService.getUsage(request => {
         if (request.resultCode != Cr.NS_OK) {
           reject({ message: "Clear localStorage failed" });
           return;
         }
 
         for (let item of request.result) {
-          let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+          let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
             item.origin
           );
           let host = principal.URI.hostPort;
           if (!options.hostnames || options.hostnames.includes(host)) {
             promises.push(
               new Promise((resolve, reject) => {
                 let clearRequest = quotaManagerService.clearStoragesForPrincipal(
                   principal,
--- a/browser/components/extensions/parent/ext-tabs.js
+++ b/browser/components/extensions/parent/ext-tabs.js
@@ -669,18 +669,18 @@ this.tabs = class extends ExtensionAPI {
             // will override creating a lazy browser.  Setting triggeringPrincipal
             // will ensure other cases are handled, but setting it may prevent
             // creating about and data urls.
             let discardable = url && !url.startsWith("about:");
             if (!discardable) {
               // Make sure things like about:blank and data: URIs never inherit,
               // and instead always get a NullPrincipal.
               options.allowInheritPrincipal = false;
-              // Falling back to codebase here as about: requires it, however is safe.
-              principal = Services.scriptSecurityManager.createCodebasePrincipal(
+              // Falling back to content here as about: requires it, however is safe.
+              principal = Services.scriptSecurityManager.createContentPrincipal(
                 Services.io.newURI(url),
                 {
                   userContextId: options.userContextId,
                   privateBrowsingId: PrivateBrowsingUtils.isBrowserPrivate(
                     window.gBrowser
                   )
                     ? 1
                     : 0,
--- a/browser/components/originattributes/test/browser/browser_favicon_firstParty.js
+++ b/browser/components/originattributes/test/browser/browser_favicon_firstParty.js
@@ -63,17 +63,17 @@ function clearAllPlacesFavicons() {
     };
 
     Services.obs.addObserver(observer, "places-favicons-expired");
     faviconService.expireAllFavicons();
   });
 }
 
 function observeFavicon(aFirstPartyDomain, aExpectedCookie, aPageURI) {
-  let expectedPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let expectedPrincipal = Services.scriptSecurityManager.createContentPrincipal(
     aPageURI,
     { firstPartyDomain: aFirstPartyDomain }
   );
 
   return new Promise(resolve => {
     let observer = {
       observe(aSubject, aTopic, aData) {
         // Make sure that the topic is 'http-on-modify-request'.
--- a/browser/components/originattributes/test/browser/browser_favicon_userContextId.js
+++ b/browser/components/originattributes/test/browser/browser_favicon_userContextId.js
@@ -134,17 +134,17 @@ FaviconObserver.prototype = {
     }
 
     this._faviconLoaded.resolve();
   },
 
   reset(aUserContextId, aExpectedCookie, aPageURI, aFaviconURL) {
     this._curUserContextId = aUserContextId;
     this._expectedCookie = aExpectedCookie;
-    this._expectedPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+    this._expectedPrincipal = Services.scriptSecurityManager.createContentPrincipal(
       aPageURI,
       { userContextId: aUserContextId }
     );
     this._faviconURL = aFaviconURL;
     this._faviconLoaded = PromiseUtils.defer();
   },
 
   get promise() {
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation_aboutPages.js
@@ -181,17 +181,17 @@ add_task(async function test_aboutURL() 
     let aboutType = result[1];
     let contract = "@mozilla.org/network/protocol/about;1?what=" + aboutType;
     try {
       let am = Cc[contract].getService(Ci.nsIAboutModule);
       let uri = Services.io.newURI("about:" + aboutType);
       let flags = am.getURIFlags(uri);
 
       // We load pages with URI_SAFE_FOR_UNTRUSTED_CONTENT set, this means they
-      // are not loaded with System Principal but with codebase principal.
+      // are not loaded with System Principal but with content principal.
       // Also we skip pages with HIDE_FROM_ABOUTABOUT, some of them may have
       // errors while loading.
       if (
         flags & Ci.nsIAboutModule.URI_SAFE_FOR_UNTRUSTED_CONTENT &&
         !(flags & Ci.nsIAboutModule.HIDE_FROM_ABOUTABOUT) &&
         !networkURLs.includes(aboutType) &&
         // handle about:newtab in browser_firstPartyIsolation_about_newtab.js
         aboutType !== "newtab"
@@ -222,16 +222,16 @@ add_task(async function test_aboutURL() 
       );
       info("principal " + content.document.nodePrincipal);
       Assert.equal(
         content.document.nodePrincipal.originAttributes.firstPartyDomain,
         args.attrs.firstPartyDomain,
         "The about page should have firstPartyDomain set"
       );
       Assert.ok(
-        content.document.nodePrincipal.isCodebasePrincipal,
-        "The principal should be a codebase principal."
+        content.document.nodePrincipal.isContentPrincipal,
+        "The principal should be a content principal."
       );
     });
 
     gBrowser.removeTab(tab);
   }
 });
--- a/browser/components/originattributes/test/browser/browser_firstPartyIsolation_about_newtab.js
+++ b/browser/components/originattributes/test/browser/browser_firstPartyIsolation_about_newtab.js
@@ -33,16 +33,16 @@ add_task(async function test_aboutNewTab
   await ContentTask.spawn(tab.linkedBrowser, { attrs }, async function(args) {
     info("principal " + content.document.nodePrincipal.origin);
     Assert.equal(
       content.document.nodePrincipal.originAttributes.firstPartyDomain,
       args.attrs.firstPartyDomain,
       "about:newtab should have firstPartyDomain set"
     );
     Assert.ok(
-      content.document.nodePrincipal.isCodebasePrincipal,
-      "The principal should be a codebase principal."
+      content.document.nodePrincipal.isContentPrincipal,
+      "The principal should be a content principal."
     );
   });
 
   gbrowser.removeTab(tab);
   win.close();
 });
--- a/browser/components/originattributes/test/browser/head.js
+++ b/browser/components/originattributes/test/browser/head.js
@@ -34,17 +34,17 @@ let gFirstPartyBasicPage = TEST_URL_PATH
  *
  * @return tab     - The tab object of this tab.
  *         browser - The browser object of this tab.
  */
 async function openTabInUserContext(aURL, aUserContextId) {
   let originAttributes = {
     userContextId: aUserContextId,
   };
-  let triggeringPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let triggeringPrincipal = Services.scriptSecurityManager.createContentPrincipal(
     makeURI(aURL),
     originAttributes
   );
   // Open the tab in the correct userContextId.
   let tab = BrowserTestUtils.addTab(gBrowser, aURL, {
     userContextId: aUserContextId,
     triggeringPrincipal,
   });
--- a/browser/components/preferences/in-content/tests/browser_bug795764_cachedisabled.js
+++ b/browser/components/preferences/in-content/tests/browser_bug795764_cachedisabled.js
@@ -1,17 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/ */
 
 function test() {
   waitForExplicitFinish();
 
   // Adding one fake site so that the SiteDataManager would run.
   // Otherwise, without any site then it would just return so we would end up in not testing SiteDataManager.
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "https://www.foo.com"
   );
   Services.perms.addFromPrincipal(
     principal,
     "persistent-storage",
     Ci.nsIPermissionManager.ALLOW_ACTION
   );
   registerCleanupFunction(function() {
--- a/browser/components/preferences/in-content/tests/siteData/browser_siteData.js
+++ b/browser/components/preferences/in-content/tests/siteData/browser_siteData.js
@@ -1,16 +1,16 @@
 /* Any copyright is dedicated to the Public Domain.
  * http://creativecommons.org/publicdomain/zero/1.0/ */
 
 "use strict";
 
 function getPersistentStoragePermStatus(origin) {
   let uri = Services.io.newURI(origin);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
   return Services.perms.testExactPermissionFromPrincipal(
     principal,
     "persistent-storage"
   );
 }
@@ -52,17 +52,17 @@ add_task(async function() {
   let qoutaUsageSite = frameDoc.querySelector(
     `richlistitem[host="${TEST_QUOTA_USAGE_HOST}"]`
   );
   ok(qoutaUsageSite, "Should list site using quota usage");
 
   // Always remember to clean up
   OfflineAppCacheHelper.clear();
   await new Promise(resolve => {
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       TEST_QUOTA_USAGE_ORIGIN
     );
     let request = Services.qms.clearStoragesForPrincipal(
       principal,
       null,
       null,
       true
     );
--- a/browser/components/preferences/in-content/tests/siteData/head.js
+++ b/browser/components/preferences/in-content/tests/siteData/head.js
@@ -224,17 +224,17 @@ async function addTestData(data) {
     if (site.usage) {
       await SiteDataTestUtils.addToIndexedDB(site.origin, site.usage);
     }
 
     for (let i = 0; i < (site.cookies || 0); i++) {
       SiteDataTestUtils.addToCookies(site.origin, Cu.now());
     }
 
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       site.origin
     );
     hosts.push(principal.URI.host);
   }
 
   return hosts;
 }
 
@@ -268,17 +268,17 @@ function promiseServiceWorkersCleared() 
     }
     return false;
   }, "Should clear all service workers");
 }
 
 function promiseServiceWorkerRegisteredFor(url) {
   return BrowserTestUtils.waitForCondition(() => {
     try {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         url
       );
       let sw = serviceWorkerManager.getRegistrationByPrincipal(
         principal,
         principal.URI.spec
       );
       if (sw) {
         ok(true, `Found the service worker registered for ${url}`);
--- a/browser/components/preferences/permissions.js
+++ b/browser/components/preferences/permissions.js
@@ -206,17 +206,17 @@ var gPermissionManager = {
     } else if (existingPermission.capability != capability) {
       existingPermission.capability = capability;
       this._permissionsToAdd.set(principal.origin, permissionParams);
       this._handleCapabilityChange(existingPermission);
     }
   },
 
   _addNewPrincipalToList(list, uri) {
-    list.push(Services.scriptSecurityManager.createCodebasePrincipal(uri, {}));
+    list.push(Services.scriptSecurityManager.createContentPrincipal(uri, {}));
     // If we have ended up with an unknown scheme, the following will throw.
     list[list.length - 1].origin;
   },
 
   addPermission(capability) {
     let textbox = document.getElementById("url");
     let input_url = textbox.value.trim(); // trim any leading and trailing space
     let principals = [];
@@ -225,17 +225,17 @@ var gPermissionManager = {
       // principal doesn't have a canonical origin representation. This will
       // help catch cases where the URI parser parsed something like
       // `localhost:8080` as having the scheme `localhost`, rather than being
       // an invalid URI. A canonical origin representation is required by the
       // permission manager for storage, so this won't prevent any valid
       // permissions from being entered by the user.
       try {
         let uri = Services.io.newURI(input_url);
-        let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        let principal = Services.scriptSecurityManager.createContentPrincipal(
           uri,
           {}
         );
         if (principal.origin.startsWith("moz-nullprincipal:")) {
           throw new Error("Null principal");
         }
         principals.push(principal);
       } catch (ex) {
--- a/browser/components/preferences/translation.js
+++ b/browser/components/preferences/translation.js
@@ -209,33 +209,33 @@ var gTranslationExceptions = {
 
   onAllLanguagesDeleted() {
     Services.prefs.setCharPref(kLanguagesPref, "");
   },
 
   onSiteDeleted() {
     let removedSites = this._siteTree.getSelectedItems();
     for (let origin of removedSites) {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       Services.perms.removeFromPrincipal(principal, kPermissionType);
     }
   },
 
   onAllSitesDeleted() {
     if (this._siteTree.isEmpty) {
       return;
     }
 
     let removedSites = this._sites.splice(0, this._sites.length);
     this._siteTree.tree.rowCountChanged(0, -removedSites.length);
 
     for (let origin of removedSites) {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       Services.perms.removeFromPrincipal(principal, kPermissionType);
     }
 
     this.onSiteSelected();
   },
 
--- a/browser/components/privatebrowsing/test/browser/browser_oa_private_browsing_window.js
+++ b/browser/components/privatebrowsing/test/browser/browser_oa_private_browsing_window.js
@@ -33,18 +33,18 @@ add_task(
           is(
             channel.URI.spec,
             DUMMY_PAGE,
             "sanity check to ensure we check principal for right URI"
           );
 
           let triggeringPrincipal = channel.loadInfo.triggeringPrincipal;
           ok(
-            triggeringPrincipal.isCodebasePrincipal,
-            "sanity check to ensure principal is a codebasePrincipal"
+            triggeringPrincipal.isContentPrincipal,
+            "sanity check to ensure principal is a contentPrincipal"
           );
           is(
             triggeringPrincipal.URI.spec,
             TEST_PAGE,
             "test page must be the triggering page"
           );
           is(
             triggeringPrincipal.originAttributes.privateBrowsingId,
--- a/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_favicon.js
+++ b/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_favicon.js
@@ -49,17 +49,17 @@ function clearAllPlacesFavicons() {
 
 function observeFavicon(aIsPrivate, aExpectedCookie, aPageURI) {
   let attr = {};
 
   if (aIsPrivate) {
     attr.privateBrowsingId = 1;
   }
 
-  let expectedPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let expectedPrincipal = Services.scriptSecurityManager.createContentPrincipal(
     aPageURI,
     attr
   );
 
   return new Promise(resolve => {
     let observer = {
       observe(aSubject, aTopic, aData) {
         // Make sure that the topic is 'http-on-modify-request'.
--- a/browser/components/safebrowsing/content/test/head.js
+++ b/browser/components/safebrowsing/content/test/head.js
@@ -74,17 +74,17 @@ function waitForDBInit(callback) {
     ok(true, "Received internal event!");
     callbackOnce();
   }
   Services.obs.addObserver(obsFunc, "mozentries-update-finished");
 
   // The second part: we might have missed the event. Just do
   // an internal database lookup to confirm if the url has been
   // added.
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     Services.io.newURI(PHISH_URL),
     {}
   );
 
   let dbService = Cc["@mozilla.org/url-classifier/dbservice;1"].getService(
     Ci.nsIUrlClassifierDBService
   );
   dbService.lookup(principal, PHISH_TABLE, value => {
--- a/browser/components/sessionstore/SessionStore.jsm
+++ b/browser/components/sessionstore/SessionStore.jsm
@@ -5809,20 +5809,20 @@ var SessionStoreInternal = {
     // with it, we need to send down permissions for the domains, as this
     // information will be needed to correctly restore the session.
     if (options.tabData.storage) {
       for (let origin of Object.getOwnPropertyNames(options.tabData.storage)) {
         try {
           let { frameLoader } = browser;
           if (frameLoader.remoteTab) {
             let attrs = browser.contentPrincipal.originAttributes;
-            let dataPrincipal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+            let dataPrincipal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               origin
             );
-            let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+            let principal = Services.scriptSecurityManager.createContentPrincipal(
               dataPrincipal.URI,
               attrs
             );
             frameLoader.remoteTab.transmitPermissionsForPrincipal(principal);
           }
         } catch (e) {
           console.error(e);
         }
--- a/browser/components/uitour/UITour.jsm
+++ b/browser/components/uitour/UITour.jsm
@@ -1625,17 +1625,17 @@ var UITour = {
     }
   },
 
   showNewTab(aWindow, aBrowser) {
     aWindow.gURLBar.focus();
     let url = "about:newtab";
     aWindow.openLinkIn(url, "current", {
       targetBrowser: aBrowser,
-      triggeringPrincipal: Services.scriptSecurityManager.createCodebasePrincipal(
+      triggeringPrincipal: Services.scriptSecurityManager.createContentPrincipal(
         Services.io.newURI(url),
         {}
       ),
     });
   },
 
   _hideAnnotationsForPanel(aEvent, aShouldClosePanel, aTargetPositionCallback) {
     let win = aEvent.target.ownerGlobal;
--- a/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
+++ b/browser/extensions/pdfjs/content/PdfStreamConverter.jsm
@@ -1124,17 +1124,17 @@ PdfStreamConverter.prototype = {
     channel.originalURI = aRequest.URI;
     channel.loadGroup = aRequest.loadGroup;
     channel.loadInfo.originAttributes = aRequest.loadInfo.originAttributes;
 
     // We can use the resource principal when data is fetched by the chrome,
     // e.g. useful for NoScript. Make make sure we reuse the origin attributes
     // from the request channel to keep isolation consistent.
     var uri = NetUtil.newURI(PDF_VIEWER_WEB_PAGE);
-    var resourcePrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+    var resourcePrincipal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       aRequest.loadInfo.originAttributes
     );
     aRequest.owner = resourcePrincipal;
 
     channel.asyncOpen(proxy);
   },
 
--- a/browser/extensions/webcompat/AboutCompat.jsm
+++ b/browser/extensions/webcompat/AboutCompat.jsm
@@ -22,15 +22,15 @@ AboutCompat.prototype = {
     return Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS;
   },
 
   newChannel(aURI, aLoadInfo) {
     const uri = Services.io.newURI(this.chromeURL);
     const channel = Services.io.newChannelFromURIWithLoadInfo(uri, aLoadInfo);
     channel.originalURI = aURI;
 
-    channel.owner = Services.scriptSecurityManager.createCodebasePrincipal(
+    channel.owner = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       aLoadInfo.originAttributes
     );
     return channel;
   },
 };
--- a/browser/modules/Sanitizer.jsm
+++ b/browser/modules/Sanitizer.jsm
@@ -775,17 +775,17 @@ class PrincipalsCollector {
           // We are probably shutting down. We don't want to propagate the
           // error, rejecting the promise.
           resolve([]);
           return;
         }
 
         let list = [];
         for (let item of request.result) {
-          let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+          let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
             item.origin
           );
           let uri = principal.URI;
           if (isSupportedURI(uri)) {
             list.push(principal);
           }
         }
 
@@ -819,17 +819,17 @@ class PrincipalsCollector {
       );
     }
 
     progress.step = "principals-host-cookie";
     hosts.forEach(host => {
       // Cookies and permissions are handled by origin/host. Doesn't matter if we
       // use http: or https: schema here.
       principals.push(
-        Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+        Services.scriptSecurityManager.createContentPrincipalFromOrigin(
           "https://" + host
         )
       );
     });
 
     progress.step = "total-principals:" + principals.length;
     return principals;
   }
--- a/browser/modules/SiteDataManager.jsm
+++ b/browser/modules/SiteDataManager.jsm
@@ -137,17 +137,17 @@ var SiteDataManager = {
       let onUsageResult = request => {
         if (request.resultCode == Cr.NS_OK) {
           let items = request.result;
           for (let item of items) {
             if (!item.persisted && item.usage <= 0) {
               // An non-persistent-storage site with 0 byte quota usage is redundant for us so skip it.
               continue;
             }
-            let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+            let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
               item.origin
             );
             let uri = principal.URI;
             if (uri.scheme == "http" || uri.scheme == "https") {
               let site = this._getOrInsertSite(uri.host);
               // Assume 3 sites:
               //   - Site A (not persisted): https://www.foo.com
               //   - Site B (not persisted): https://www.foo.com^userContextId=2
@@ -207,17 +207,17 @@ var SiteDataManager = {
     }
 
     for (let group of groups) {
       let cache = this._appCache.getActiveCache(group);
       if (cache.usage <= 0) {
         // A site with 0 byte appcache usage is redundant for us so skip it.
         continue;
       }
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         group
       );
       let uri = principal.URI;
       let site = this._getOrInsertSite(uri.host);
       if (!site.principals.some(p => p.origin == principal.origin)) {
         site.principals.push(principal);
       }
       site.appCacheList.push(cache);
@@ -304,17 +304,17 @@ var SiteDataManager = {
         // below we have already removed across OAs so skip the same origin without suffix
         continue;
       }
       removals.add(originNoSuffix);
       promises.push(
         new Promise(resolve => {
           // We are clearing *All* across OAs so need to ensure a principal without suffix here,
           // or the call of `clearStoragesForPrincipal` would fail.
-          principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+          principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
             originNoSuffix
           );
           let request = this._qms.clearStoragesForPrincipal(
             principal,
             null,
             null,
             true
           );
--- a/browser/modules/SitePermissions.jsm
+++ b/browser/modules/SitePermissions.jsm
@@ -287,17 +287,17 @@ var SitePermissions = {
    *            (e.g. SitePermissions.ALLOW)
    */
   getAllByURI(uri) {
     if (!(uri instanceof Ci.nsIURI)) {
       throw new Error("uri parameter should be an nsIURI");
     }
 
     let principal = uri
-      ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {})
+      ? Services.scriptSecurityManager.createContentPrincipal(uri, {})
       : null;
     return this.getAllByPrincipal(principal);
   },
 
   /**
    * Gets all custom permissions for a given principal.
    * Install addon permission is excluded, check bug 1303108.
    *
@@ -567,17 +567,17 @@ var SitePermissions = {
   get(uri, permissionID, browser) {
     if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI))) {
       throw new Error(
         "uri parameter should be an nsIURI or a browser parameter is needed"
       );
     }
 
     let principal = uri
-      ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {})
+      ? Services.scriptSecurityManager.createContentPrincipal(uri, {})
       : null;
     return this.getForPrincipal(principal, permissionID, browser);
   },
 
   /**
    * Returns the state and scope of a particular permission for a given principal.
    *
    * This method will NOT dispatch a "PermissionStateChange" event on the specified
@@ -664,17 +664,17 @@ var SitePermissions = {
   set(uri, permissionID, state, scope = this.SCOPE_PERSISTENT, browser = null) {
     if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI))) {
       throw new Error(
         "uri parameter should be an nsIURI or a browser parameter is needed"
       );
     }
 
     let principal = uri
-      ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {})
+      ? Services.scriptSecurityManager.createContentPrincipal(uri, {})
       : null;
     return this.setForPrincipal(principal, permissionID, state, scope, browser);
   },
 
   /**
    * Sets the state of a particular permission for a given principal or browser.
    * This method will dispatch a "PermissionStateChange" event on the specified
    * browser if a temporary permission was set
@@ -783,17 +783,17 @@ var SitePermissions = {
   remove(uri, permissionID, browser) {
     if ((!uri && !browser) || (uri && !(uri instanceof Ci.nsIURI))) {
       throw new Error(
         "uri parameter should be an nsIURI or a browser parameter is needed"
       );
     }
 
     let principal = uri
-      ? Services.scriptSecurityManager.createCodebasePrincipal(uri, {})
+      ? Services.scriptSecurityManager.createContentPrincipal(uri, {})
       : null;
     return this.removeFromPrincipal(principal, permissionID, browser);
   },
 
   /**
    * Removes the saved state of a particular permission for a given principal and/or browser.
    * This method will dispatch a "PermissionStateChange" event on the specified
    * browser if a temporary permission was removed.
--- a/browser/modules/webrtcUI.jsm
+++ b/browser/modules/webrtcUI.jsm
@@ -470,17 +470,17 @@ function prompt(aBrowser, aRequest) {
   let {
     audioDevices,
     videoDevices,
     sharingScreen,
     sharingAudio,
     requestTypes,
   } = aRequest;
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     aRequest.origin
   );
 
   // If the user has already denied access once in this tab,
   // deny again without even showing the notification icon.
   if (
     (audioDevices.length &&
       SitePermissions.getForPrincipal(principal, "microphone", aBrowser)
--- a/build/win32/orderfile.txt
+++ b/build/win32/orderfile.txt
@@ -3695,25 +3695,25 @@ NS_NewWindowsRegKey
 ?NewURI@ExtensionProtocolHandler@net@mozilla@@UAG?AW4nsresult@@ABV?$nsTSubstring@D@@PBDPAVnsIURI@@PAPAV6@@Z
 ?First@?$nsTStringRepr@D@detail@mozilla@@QBEDXZ
 ?NormalizeIPv4@nsStandardURL@net@mozilla@@SA?AW4nsresult@@ABV?$nsTSubstring@D@@AAV?$nsTString@D@@@Z
 ?ValidateIPv4Number@net@mozilla@@YAHABV?$nsTSubstring@D@@QAH1AA_NAAH@Z
 ?GetSubstitutionInternal@SubstitutingProtocolHandler@net@mozilla@@MAE?AW4nsresult@@ABV?$nsTSubstring@D@@PAPAVnsIURI@@PAI@Z
 ?Construct_nsIScriptSecurityManager@@YA?AW4nsresult@@PAVnsISupports@@ABUnsID@@PAPAX@Z
 ?QueryInterface@nsScriptSecurityManager@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
 ?Release@nsScriptSecurityManager@@UAGKXZ
-?CreateCodebasePrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@V?$Handle@TValue@JS@@@JS@@PAUJSContext@@PAPAVnsIPrincipal@@@Z
+?CreateContentPrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@V?$Handle@TValue@JS@@@JS@@PAUJSContext@@PAPAVnsIPrincipal@@@Z
 ?InitIds@OriginAttributesDictionary@dom@mozilla@@CA_NPAUJSContext@@PAUOriginAttributesDictionaryAtoms@23@@Z
 ??$emplace@AAPAUJSContext@@PAVJSObject@@@?$Maybe@V?$Rooted@PAVJSObject@@@JS@@@mozilla@@QAEXAAPAUJSContext@@$$QAPAVJSObject@@@Z
 ??$emplace@AAPAUJSContext@@@?$Maybe@V?$Rooted@TValue@JS@@@JS@@@mozilla@@QAEXAAPAUJSContext@@@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PAVnsIURI@@ABVOriginAttributes@2@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PAVnsIURI@@ABVOriginAttributes@2@@Z
 ?GenerateOriginNoSuffixFromURI@ContentPrincipal@mozilla@@SA?AW4nsresult@@PAVnsIURI@@AAV?$nsTSubstring@D@@@Z
 ?NS_GetInnermostURI@@YA?AU?$already_AddRefed@VnsIURI@@@@PAVnsIURI@@@Z
 ?GetBlobURLPrincipal@BlobURLProtocolHandler@dom@mozilla@@SA_NPAVnsIURI@@PAPAVnsIPrincipal@@@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@CA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PAVnsIURI@@ABVOriginAttributes@2@ABV?$nsTSubstring@D@@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@CA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PAVnsIURI@@ABVOriginAttributes@2@ABV?$nsTSubstring@D@@@Z
 ?GetFlagsForURI@ExtensionProtocolHandler@net@mozilla@@UAG?AW4nsresult@@PAVnsIURI@@PAI@Z
 ??0URLInfo@extensions@mozilla@@QAE@PAVnsIURI@@@Z
 ?GetByURL@ExtensionPolicyService@mozilla@@QAEPAVWebExtensionPolicy@extensions@2@ABVURLInfo@42@@Z
 ?Scheme@URLInfo@extensions@mozilla@@QBEPAVnsAtom@@XZ
 ??0NS_ConvertASCIItoUTF16@@QAE@ABV?$nsTSubstring@D@@@Z
 ?NS_AtomizeMainThread@@YA?AU?$already_AddRefed@VnsAtom@@@@ABV?$nsTSubstring@_S@@@Z
 ?AtomizeMainThread@nsAtomTable@@QAE?AU?$already_AddRefed@VnsAtom@@@@ABV?$nsTSubstring@_S@@@Z
 ??1URLInfo@extensions@mozilla@@QAE@XZ
@@ -15474,17 +15474,17 @@ Gecko_DestroyAnonymousContentList
 ??_GnsUnblockOnloadEvent@dom@mozilla@@UAEPAXI@Z
 ?GetGeometryBounds@SVGCircleElement@dom@mozilla@@UAE_NPAU?$RectTyped@UUnknownUnits@gfx@mozilla@@M@gfx@3@ABUStrokeOptions@53@ABV?$BaseMatrix@M@53@PBV753@@Z
 ??$AppendElement@AAPAVDocument@dom@mozilla@@UnsTArrayInfallibleAllocator@@@?$nsTArray_Impl@V?$nsCOMPtr@VDocument@dom@mozilla@@@@UnsTArrayInfallibleAllocator@@@@IAEPAV?$nsCOMPtr@VDocument@dom@mozilla@@@@AAPAVDocument@dom@mozilla@@@Z
 ?s_HashKey@?$nsTHashtable@V?$nsRefPtrHashKey@VContentFrameMessageManager@dom@mozilla@@@@@@KAIPBX@Z
 ?s_InitEntry@?$nsTHashtable@V?$nsRefPtrHashKey@VContentFrameMessageManager@dom@mozilla@@@@@@KAXPAUPLDHashEntryHdr@@PBX@Z
 ?SendRpcMessage@nsFrameMessageManager@@QAEXPAUJSContext@@ABV?$nsTSubstring@_S@@V?$Handle@TValue@JS@@@JS@@V?$Handle@PAVJSObject@@@5@PAVnsIPrincipal@@AAV?$nsTArray@TValue@JS@@@@AAVErrorResult@mozilla@@@Z
 ?GetContent@InProcessTabChildMessageManager@dom@mozilla@@UAE?AU?$Nullable@VWindowProxyHolder@dom@mozilla@@@23@AAVErrorResult@3@@Z
 ?MaybeCreateDoc@nsPIDOMWindowOuter@@IAEXXZ
-?GetLoadContextCodebasePrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsILoadContext@@PAPAVnsIPrincipal@@@Z
+?GetLoadContextContentPrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsILoadContext@@PAPAVnsIPrincipal@@@Z
 ?GetNearestWidget@nsView@@QBEPAVnsIWidget@@PAUnsPoint@@@Z
 ?GetNearestWidget@nsView@@QBEPAVnsIWidget@@PAUnsPoint@@H@Z
 ?InvalidateHierarchy@nsView@@AAEXXZ
 ?SetLoading@TimeoutManager@dom@mozilla@@QAEX_N@Z
 ?HttpsStateIsModern@nsContentUtils@@SA_NPAVDocument@dom@mozilla@@@Z
 ?AddRef@nsContentSecurityManager@@UAGKXZ
 ?QueryInterface@nsContentSecurityManager@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
 ?Release@nsContentSecurityManager@@UAGKXZ
@@ -19212,17 +19212,17 @@ Gecko_BeginWritingCString
 ?CanSetCallbacks@?$PrivateBrowsingChannel@VHttpBaseChannel@net@mozilla@@@net@mozilla@@QBE_NPAVnsIInterfaceRequestor@@@Z
 ?UpdatePrivateBrowsing@?$PrivateBrowsingChannel@VHttpBaseChannel@net@mozilla@@@net@mozilla@@QAEXXZ
 ??$NS_QueryNotificationCallbacks@VHttpBaseChannel@net@mozilla@@@@YAXPAVHttpBaseChannel@net@mozilla@@ABUnsID@@PAPAX@Z
 ?GetNotificationCallbacks@nsHttpChannel@net@mozilla@@UAG?AW4nsresult@@PAPAVnsIInterfaceRequestor@@@Z
 ?GetNotificationCallbacks@HttpBaseChannel@net@mozilla@@UAG?AW4nsresult@@PAPAVnsIInterfaceRequestor@@@Z
 ?UpdateAggregateCallbacks@nsHttpChannel@net@mozilla@@AAEXXZ
 ?SetLoadFlags@HttpBaseChannel@net@mozilla@@UAG?AW4nsresult@@I@Z
 ?SetInheritApplicationCache@nsHttpChannel@net@mozilla@@UAG?AW4nsresult@@_N@Z
-?GetDocShellCodebasePrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsIDocShell@@PAPAVnsIPrincipal@@@Z
+?GetDocShellContentPrincipal@nsScriptSecurityManager@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsIDocShell@@PAPAVnsIPrincipal@@@Z
 ?NS_ShouldCheckAppCache@@YA_NPAVnsIPrincipal@@@Z
 ?GetInstance@nsOfflineCacheUpdateService@@SA?AU?$already_AddRefed@VnsOfflineCacheUpdateService@@@@XZ
 ??0nsOfflineCacheUpdateService@@QAE@XZ
 ?Init@nsOfflineCacheUpdateService@@QAE?AW4nsresult@@XZ
 ?QueryInterface@nsOfflineCacheUpdateService@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
 ?AddRef@nsOfflineCacheUpdateService@@UAGKXZ
 ?Release@nsOfflineCacheUpdateService@@UAGKXZ
 ?OfflineAppAllowed@nsOfflineCacheUpdateService@@UAG?AW4nsresult@@PAVnsIPrincipal@@PAVnsIPrefBranch@@PA_N@Z
@@ -19545,17 +19545,17 @@ XPCOMService_GetThirdPartyUtil
 ?IsTrackingResource@HttpBaseChannel@net@mozilla@@UAG?AW4nsresult@@PA_N@Z
 ?IsTrackingClassificationFlag@UrlClassifierCommon@net@mozilla@@SA_NI@Z
 ?DeQueue@nsHostResolver@@AAEXAAV?$LinkedList@V?$RefPtr@VnsHostRecord@@@@@mozilla@@PAPAVAddrHostRecord@@@Z
 ?popFirst@?$LinkedList@V?$RefPtr@VnsHostRecord@@@@@mozilla@@QAE?AV?$RefPtr@VnsHostRecord@@@@XZ
 ?IsFirstPartyStorageAccessGrantedFor@AntiTrackingCommon@mozilla@@SA_NPAVnsIHttpChannel@@PAVnsIURI@@PAI@Z
 ?GetTopLevelPrincipal@LoadInfo@net@mozilla@@UAEPAVnsIPrincipal@@XZ
 ?GetIsMainDocumentChannel@HttpBaseChannel@net@mozilla@@UAG?AW4nsresult@@PA_N@Z
 ?GetAddrInfo@net@mozilla@@YA?AW4nsresult@@ABV?$nsTSubstring@D@@GGPAPAVAddrInfo@12@_N@Z
-?GetIsCodebasePrincipal@BasePrincipal@mozilla@@UAG?AW4nsresult@@PA_N@Z
+?GetIsContentPrincipal@BasePrincipal@mozilla@@UAG?AW4nsresult@@PA_N@Z
 ?CookiePermission@CookieSettings@net@mozilla@@UAG?AW4nsresult@@PAVnsIPrincipal@@PAI@Z
 ?GetInstance@nsPermissionManager@@SAPAV1@XZ
 ?Create@nsPermission@@SA?AU?$already_AddRefed@VnsPermission@@@@PAVnsIPrincipal@@ABV?$nsTSubstring@D@@II_J@Z
 ?CloneStrippingUserContextIdAndFirstPartyDomain@BasePrincipal@mozilla@@QAE?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@XZ
 ??0nsPermission@@IAE@PAVnsIPrincipal@@ABV?$nsTSubstring@D@@II_J@Z
 ?AddRef@nsPermission@@UAGKXZ
 ??$AppendElement@AAV?$nsCOMPtr@VnsIPermission@@@@UnsTArrayInfallibleAllocator@@@?$nsTArray_Impl@V?$RefPtr@VnsIPermission@@@@UnsTArrayInfallibleAllocator@@@@IAEPAV?$RefPtr@VnsIPermission@@@@AAV?$nsCOMPtr@VnsIPermission@@@@@Z
 ?Release@nsPermission@@UAGKXZ
@@ -20977,17 +20977,17 @@ nsEscape
 ?InitFromURI@?$BaseURIMutator@VSubstitutingURL@net@mozilla@@@@IAE?AW4nsresult@@PAVSubstitutingURL@net@mozilla@@@Z
 ?Clone@SubstitutingURL@net@mozilla@@EAE?AW4nsresult@@PAPAVnsIURI@@@Z
 ?StartClone@SubstitutingURL@net@mozilla@@UAEPAVnsStandardURL@23@XZ
 ?SetUserPass@?$TemplatedMutator@VSubstitutingURL@net@mozilla@@@nsStandardURL@net@mozilla@@EAG?AW4nsresult@@ABV?$nsTSubstring@D@@PAPAVnsIURIMutator@@@Z
 ?SetUserPass@nsStandardURL@net@mozilla@@MAE?AW4nsresult@@ABV?$nsTSubstring@D@@@Z
 ?ParseUserInfo@nsAuthURLParser@@UAG?AW4nsresult@@PBDHPAIPAH12@Z
 ?SetPort@?$TemplatedMutator@VSubstitutingURL@net@mozilla@@@nsStandardURL@net@mozilla@@EAG?AW4nsresult@@HPAPAVnsIURIMutator@@@Z
 ?SetPort@nsStandardURL@net@mozilla@@MAE?AW4nsresult@@H@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@ABV?$nsTSubstring@D@@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@ABV?$nsTSubstring@D@@@Z
 ??0?$nsCOMPtr@VnsIBinaryInputStream@@@@QAE@XZ
 ?QueryInterface@nsBinaryInputStream@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
 ?SetInputStream@nsBinaryInputStream@@UAG?AW4nsresult@@PAVnsIInputStream@@@Z
 ?Read64@nsBinaryInputStream@@UAG?AW4nsresult@@PA_K@Z
 ?Read@nsBufferedInputStream@@UAG?AW4nsresult@@PADIPAI@Z
 ?InitializeOrigin@QuotaManager@quota@dom@mozilla@@AAE?AW4nsresult@@W4PersistenceType@234@ABV?$nsTSubstring@D@@1_J_NPAVnsIFile@@@Z
 ?TypeFromText@Client@quota@dom@mozilla@@SA?AW4nsresult@@ABV?$nsTSubstring@_S@@AAW4Type@1234@@Z
 ??4?$StaticAutoPtr@VMutex@mozilla@@@mozilla@@QAEAAV01@PAVMutex@1@@Z
@@ -21151,17 +21151,17 @@ nsEscape
 ??_GLoadLoadableRootsTask@@UAEPAXI@Z
 ?_Reset_copy@?$_Func_class@W4nsresult@@PAVnsHttpChannel@net@mozilla@@@std@@IAEXABV12@@Z
 ?CallOrWaitForResume@nsHttpChannel@net@mozilla@@AAE?AW4nsresult@@ABV?$function@$$A6A?AW4nsresult@@PAVnsHttpChannel@net@mozilla@@@Z@std@@@Z
 ?OnBeforeConnectContinue@nsHttpChannel@net@mozilla@@AAEXXZ
 ?ShouldPrepareForIntercept@nsDocShell@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsIChannel@@PA_N@Z
 ?ShouldPrepareForIntercept@ServiceWorkerInterceptController@dom@mozilla@@UAG?AW4nsresult@@PAVnsIURI@@PAVnsIChannel@@PA_N@Z
 ?IsAvailable@ServiceWorkerManager@dom@mozilla@@QAE_NPAVnsIPrincipal@@PAVnsIURI@@@Z
 ?GetServiceWorkerRegistrationInfo@ServiceWorkerManager@dom@mozilla@@ABE?AU?$already_AddRefed@VServiceWorkerRegistrationInfo@dom@mozilla@@@@PAVnsIPrincipal@@PAVnsIURI@@@Z
-?IsCodebasePrincipal@ContentPrincipal@mozilla@@UBE_NXZ
+?IsContentPrincipal@ContentPrincipal@mozilla@@UBE_NXZ
 ??$?0$0BGL@@?$nsTLiteralString@D@@QAE@AAY0BGL@$$CBD@Z
 ?SetSchemaVersion@Connection@storage@mozilla@@UAG?AW4nsresult@@H@Z
 ?BindStringByName@Statement@storage@mozilla@@UAG?AW4nsresult@@ABV?$nsTSubstring@D@@ABV?$nsTSubstring@_S@@@Z
 ?BindStringByName@BindingParams@storage@mozilla@@UAG?AW4nsresult@@ABV?$nsTSubstring@D@@ABV?$nsTSubstring@_S@@@Z
 ?BindByName@BindingParams@storage@mozilla@@UAG?AW4nsresult@@ABV?$nsTSubstring@D@@PAVnsIVariant@@@Z
 ?GetParameterIndex@Statement@storage@mozilla@@UAG?AW4nsresult@@ABV?$nsTSubstring@D@@PAI@Z
 ?GetDataType@?$Variant@V?$nsTString@_S@@$0A@@storage@mozilla@@UAEGXZ
 ?GetAsAString@?$Variant@V?$nsTString@_S@@$0A@@storage@mozilla@@UAG?AW4nsresult@@AAV?$nsTSubstring@_S@@@Z
--- a/build/win64/orderfile.txt
+++ b/build/win64/orderfile.txt
@@ -3660,25 +3660,25 @@ NS_NewWindowsRegKey
 ?NewURI@ExtensionProtocolHandler@net@mozilla@@UEAA?AW4nsresult@@AEBV?$nsTSubstring@D@@PEBDPEAVnsIURI@@PEAPEAV6@@Z
 ?First@?$nsTStringRepr@D@detail@mozilla@@QEBADXZ
 ?NormalizeIPv4@nsStandardURL@net@mozilla@@SA?AW4nsresult@@AEBV?$nsTSubstring@D@@AEAV?$nsTString@D@@@Z
 ?ValidateIPv4Number@net@mozilla@@YAHAEBV?$nsTSubstring@D@@QEAH1AEA_NAEAH@Z
 ?GetSubstitutionInternal@SubstitutingProtocolHandler@net@mozilla@@MEAA?AW4nsresult@@AEBV?$nsTSubstring@D@@PEAPEAVnsIURI@@PEAI@Z
 ?Construct_nsIScriptSecurityManager@@YA?AW4nsresult@@PEAVnsISupports@@AEBUnsID@@PEAPEAX@Z
 ?QueryInterface@nsScriptSecurityManager@@UEAA?AW4nsresult@@AEBUnsID@@PEAPEAX@Z
 ?Release@nsScriptSecurityManager@@UEAAKXZ
-?CreateCodebasePrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@V?$Handle@TValue@JS@@@JS@@PEAUJSContext@@PEAPEAVnsIPrincipal@@@Z
+?CreateContentPrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@V?$Handle@TValue@JS@@@JS@@PEAUJSContext@@PEAPEAVnsIPrincipal@@@Z
 ?InitIds@OriginAttributesDictionary@dom@mozilla@@CA_NPEAUJSContext@@PEAUOriginAttributesDictionaryAtoms@23@@Z
 ??$emplace@AEAPEAUJSContext@@PEAVJSObject@@@?$Maybe@V?$Rooted@PEAVJSObject@@@JS@@@mozilla@@QEAAXAEAPEAUJSContext@@$$QEAPEAVJSObject@@@Z
 ??$emplace@AEAPEAUJSContext@@@?$Maybe@V?$Rooted@TValue@JS@@@JS@@@mozilla@@QEAAXAEAPEAUJSContext@@@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PEAVnsIURI@@AEBVOriginAttributes@2@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PEAVnsIURI@@AEBVOriginAttributes@2@@Z
 ?GenerateOriginNoSuffixFromURI@ContentPrincipal@mozilla@@SA?AW4nsresult@@PEAVnsIURI@@AEAV?$nsTSubstring@D@@@Z
 ?NS_GetInnermostURI@@YA?AU?$already_AddRefed@VnsIURI@@@@PEAVnsIURI@@@Z
 ?GetBlobURLPrincipal@BlobURLProtocolHandler@dom@mozilla@@SA_NPEAVnsIURI@@PEAPEAVnsIPrincipal@@@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@CA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PEAVnsIURI@@AEBVOriginAttributes@2@AEBV?$nsTSubstring@D@@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@CA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@PEAVnsIURI@@AEBVOriginAttributes@2@AEBV?$nsTSubstring@D@@@Z
 ?GetFlagsForURI@ExtensionProtocolHandler@net@mozilla@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAI@Z
 ??0URLInfo@extensions@mozilla@@QEAA@PEAVnsIURI@@@Z
 ?GetByURL@ExtensionPolicyService@mozilla@@QEAAPEAVWebExtensionPolicy@extensions@2@AEBVURLInfo@42@@Z
 ?Scheme@URLInfo@extensions@mozilla@@QEBAPEAVnsAtom@@XZ
 ??0NS_ConvertASCIItoUTF16@@QEAA@AEBV?$nsTSubstring@D@@@Z
 ?NS_AtomizeMainThread@@YA?AU?$already_AddRefed@VnsAtom@@@@AEBV?$nsTSubstring@_S@@@Z
 ?AtomizeMainThread@nsAtomTable@@QEAA?AU?$already_AddRefed@VnsAtom@@@@AEBV?$nsTSubstring@_S@@@Z
 ??1URLInfo@extensions@mozilla@@QEAA@XZ
@@ -15407,17 +15407,17 @@ Gecko_DestroyAnonymousContentList
 ??_GnsUnblockOnloadEvent@dom@mozilla@@UEAAPEAXI@Z
 ?GetGeometryBounds@SVGCircleElement@dom@mozilla@@UEAA_NPEAU?$RectTyped@UUnknownUnits@gfx@mozilla@@M@gfx@3@AEBUStrokeOptions@53@AEBV?$BaseMatrix@M@53@PEBV753@@Z
 ??$AppendElement@AEAPEAVDocument@dom@mozilla@@UnsTArrayInfallibleAllocator@@@?$nsTArray_Impl@V?$nsCOMPtr@VDocument@dom@mozilla@@@@UnsTArrayInfallibleAllocator@@@@IEAAPEAV?$nsCOMPtr@VDocument@dom@mozilla@@@@AEAPEAVDocument@dom@mozilla@@@Z
 ?s_HashKey@?$nsTHashtable@V?$nsRefPtrHashKey@VContentFrameMessageManager@dom@mozilla@@@@@@KAIPEBX@Z
 ?s_InitEntry@?$nsTHashtable@V?$nsRefPtrHashKey@VContentFrameMessageManager@dom@mozilla@@@@@@KAXPEAUPLDHashEntryHdr@@PEBX@Z
 ?SendRpcMessage@nsFrameMessageManager@@QEAAXPEAUJSContext@@AEBV?$nsTSubstring@_S@@V?$Handle@TValue@JS@@@JS@@V?$Handle@PEAVJSObject@@@5@PEAVnsIPrincipal@@AEAV?$nsTArray@TValue@JS@@@@AEAVErrorResult@mozilla@@@Z
 ?GetContent@InProcessTabChildMessageManager@dom@mozilla@@UEAA?AU?$Nullable@VWindowProxyHolder@dom@mozilla@@@23@AEAVErrorResult@3@@Z
 ?MaybeCreateDoc@nsPIDOMWindowOuter@@IEAAXXZ
-?GetLoadContextCodebasePrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsILoadContext@@PEAPEAVnsIPrincipal@@@Z
+?GetLoadContextContentPrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsILoadContext@@PEAPEAVnsIPrincipal@@@Z
 ?GetNearestWidget@nsView@@QEBAPEAVnsIWidget@@PEAUnsPoint@@@Z
 ?GetNearestWidget@nsView@@QEBAPEAVnsIWidget@@PEAUnsPoint@@H@Z
 ?InvalidateHierarchy@nsView@@AEAAXXZ
 ?SetLoading@TimeoutManager@dom@mozilla@@QEAAX_N@Z
 ?HttpsStateIsModern@nsContentUtils@@SA_NPEAVDocument@dom@mozilla@@@Z
 ?AddRef@nsContentSecurityManager@@UEAAKXZ
 ?QueryInterface@nsContentSecurityManager@@UEAA?AW4nsresult@@AEBUnsID@@PEAPEAX@Z
 ?Release@nsContentSecurityManager@@UEAAKXZ
@@ -19130,17 +19130,17 @@ Gecko_BeginWritingCString
 ?CanSetCallbacks@?$PrivateBrowsingChannel@VHttpBaseChannel@net@mozilla@@@net@mozilla@@QEBA_NPEAVnsIInterfaceRequestor@@@Z
 ?UpdatePrivateBrowsing@?$PrivateBrowsingChannel@VHttpBaseChannel@net@mozilla@@@net@mozilla@@QEAAXXZ
 ??$NS_QueryNotificationCallbacks@VHttpBaseChannel@net@mozilla@@@@YAXPEAVHttpBaseChannel@net@mozilla@@AEBUnsID@@PEAPEAX@Z
 ?GetNotificationCallbacks@nsHttpChannel@net@mozilla@@UEAA?AW4nsresult@@PEAPEAVnsIInterfaceRequestor@@@Z
 ?GetNotificationCallbacks@HttpBaseChannel@net@mozilla@@UEAA?AW4nsresult@@PEAPEAVnsIInterfaceRequestor@@@Z
 ?UpdateAggregateCallbacks@nsHttpChannel@net@mozilla@@AEAAXXZ
 ?SetLoadFlags@HttpBaseChannel@net@mozilla@@UEAA?AW4nsresult@@I@Z
 ?SetInheritApplicationCache@nsHttpChannel@net@mozilla@@UEAA?AW4nsresult@@_N@Z
-?GetDocShellCodebasePrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsIDocShell@@PEAPEAVnsIPrincipal@@@Z
+?GetDocShellContentPrincipal@nsScriptSecurityManager@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsIDocShell@@PEAPEAVnsIPrincipal@@@Z
 ?NS_ShouldCheckAppCache@@YA_NPEAVnsIPrincipal@@@Z
 ?GetInstance@nsOfflineCacheUpdateService@@SA?AU?$already_AddRefed@VnsOfflineCacheUpdateService@@@@XZ
 ??0nsOfflineCacheUpdateService@@QEAA@XZ
 ?Init@nsOfflineCacheUpdateService@@QEAA?AW4nsresult@@XZ
 ?QueryInterface@nsOfflineCacheUpdateService@@UEAA?AW4nsresult@@AEBUnsID@@PEAPEAX@Z
 ?AddRef@nsOfflineCacheUpdateService@@UEAAKXZ
 ?Release@nsOfflineCacheUpdateService@@UEAAKXZ
 ?OfflineAppAllowed@nsOfflineCacheUpdateService@@UEAA?AW4nsresult@@PEAVnsIPrincipal@@PEAVnsIPrefBranch@@PEA_N@Z
@@ -19455,17 +19455,17 @@ XPCOMService_GetThirdPartyUtil
 ?GetThirdPartyFlags@HttpBaseChannel@net@mozilla@@UEAA?AW4nsresult@@PEAI@Z
 ?GetIsInThirdPartyContext@LoadInfo@net@mozilla@@UEAA?AW4nsresult@@PEA_N@Z
 ?IsThirdPartyInternal@ThirdPartyUtil@@AEAA?AW4nsresult@@AEBV?$nsTString@D@@PEAVnsIURI@@PEA_N@Z
 ?IsTrackingResource@HttpBaseChannel@net@mozilla@@UEAA?AW4nsresult@@PEA_N@Z
 ?IsTrackingClassificationFlag@UrlClassifierCommon@net@mozilla@@SA_NI@Z
 ?IsFirstPartyStorageAccessGrantedFor@AntiTrackingCommon@mozilla@@SA_NPEAVnsIHttpChannel@@PEAVnsIURI@@PEAI@Z
 ?GetTopLevelPrincipal@LoadInfo@net@mozilla@@UEAAPEAVnsIPrincipal@@XZ
 ?GetIsMainDocumentChannel@HttpBaseChannel@net@mozilla@@UEAA?AW4nsresult@@PEA_N@Z
-?GetIsCodebasePrincipal@BasePrincipal@mozilla@@UEAA?AW4nsresult@@PEA_N@Z
+?GetIsContentPrincipal@BasePrincipal@mozilla@@UEAA?AW4nsresult@@PEA_N@Z
 ?CookiePermission@CookieSettings@net@mozilla@@UEAA?AW4nsresult@@PEAVnsIPrincipal@@PEAI@Z
 ?GetInstance@nsPermissionManager@@SAPEAV1@XZ
 ?Run@?$RunnableMethodImpl@PEAVnsHostResolver@@P81@EAAXXZ$00$0A@$$V@detail@mozilla@@UEAA?AW4nsresult@@XZ
 ?ThreadFunc@nsHostResolver@@AEAAXXZ
 ?GetHostToLookup@nsHostResolver@@AEAA_NPEAPEAVAddrHostRecord@@@Z
 ?Create@nsPermission@@SA?AU?$already_AddRefed@VnsPermission@@@@PEAVnsIPrincipal@@AEBV?$nsTSubstring@D@@II_J@Z
 ?CloneStrippingUserContextIdAndFirstPartyDomain@BasePrincipal@mozilla@@QEAA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@XZ
 ?DeQueue@nsHostResolver@@AEAAXAEAV?$LinkedList@V?$RefPtr@VnsHostRecord@@@@@mozilla@@PEAPEAVAddrHostRecord@@@Z
@@ -20792,17 +20792,17 @@ nsEscape
 ?InitFromURI@?$BaseURIMutator@VSubstitutingURL@net@mozilla@@@@IEAA?AW4nsresult@@PEAVSubstitutingURL@net@mozilla@@@Z
 ?Clone@SubstitutingURL@net@mozilla@@EEAA?AW4nsresult@@PEAPEAVnsIURI@@@Z
 ?StartClone@SubstitutingURL@net@mozilla@@UEAAPEAVnsStandardURL@23@XZ
 ?SetUserPass@?$TemplatedMutator@VSubstitutingURL@net@mozilla@@@nsStandardURL@net@mozilla@@EEAA?AW4nsresult@@AEBV?$nsTSubstring@D@@PEAPEAVnsIURIMutator@@@Z
 ?SetUserPass@nsStandardURL@net@mozilla@@MEAA?AW4nsresult@@AEBV?$nsTSubstring@D@@@Z
 ?ParseUserInfo@nsAuthURLParser@@UEAA?AW4nsresult@@PEBDHPEAIPEAH12@Z
 ?SetPort@?$TemplatedMutator@VSubstitutingURL@net@mozilla@@@nsStandardURL@net@mozilla@@EEAA?AW4nsresult@@HPEAPEAVnsIURIMutator@@@Z
 ?SetPort@nsStandardURL@net@mozilla@@MEAA?AW4nsresult@@H@Z
-?CreateCodebasePrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@AEBV?$nsTSubstring@D@@@Z
+?CreateContentPrincipal@BasePrincipal@mozilla@@SA?AU?$already_AddRefed@VBasePrincipal@mozilla@@@@AEBV?$nsTSubstring@D@@@Z
 ?flushConsoleMessages@nsCSPContext@@QEAAXXZ
 ?ClearAndRetainStorage@?$nsTArray_Impl@UConsoleMsgQueueElem@@UnsTArrayInfallibleAllocator@@@@QEAAXXZ
 ?PopulateContentSecurityPolicies@ipc@mozilla@@YA?AW4nsresult@@PEAVnsIContentSecurityPolicy@@AEAV?$nsTArray@VContentSecurityPolicy@ipc@mozilla@@@@@Z
 ?GetPolicyCount@nsCSPContext@@UEAA?AW4nsresult@@PEAI@Z
 ?Serialize@nsStandardURL@net@mozilla@@UEAAXAEAVURIParams@ipc@3@@Z
 ??4URIParams@ipc@mozilla@@QEAAAEAV012@AEBVStandardURLParams@12@@Z
 ?Write@?$IPDLParamTraits@VStandardURLParams@ipc@mozilla@@@ipc@mozilla@@SAXPEAVMessage@IPC@@PEAVIProtocol@23@AEBVStandardURLParams@23@@Z
 ?OnStartRequest@nsHtml5StreamListener@@UEAA?AW4nsresult@@PEAVnsIRequest@@@Z
@@ -21049,17 +21049,17 @@ nsEscape
 ??_GLoadLoadableRootsTask@@UEAAPEAXI@Z
 ?_Reset_copy@?$_Func_class@W4nsresult@@PEAVnsHttpChannel@net@mozilla@@@std@@IEAAXAEBV12@@Z
 ?CallOrWaitForResume@nsHttpChannel@net@mozilla@@AEAA?AW4nsresult@@AEBV?$function@$$A6A?AW4nsresult@@PEAVnsHttpChannel@net@mozilla@@@Z@std@@@Z
 ?OnBeforeConnectContinue@nsHttpChannel@net@mozilla@@AEAAXXZ
 ?ShouldPrepareForIntercept@nsDocShell@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsIChannel@@PEA_N@Z
 ?ShouldPrepareForIntercept@ServiceWorkerInterceptController@dom@mozilla@@UEAA?AW4nsresult@@PEAVnsIURI@@PEAVnsIChannel@@PEA_N@Z
 ?IsAvailable@ServiceWorkerManager@dom@mozilla@@QEAA_NPEAVnsIPrincipal@@PEAVnsIURI@@@Z
 ?GetServiceWorkerRegistrationInfo@ServiceWorkerManager@dom@mozilla@@AEBA?AU?$already_AddRefed@VServiceWorkerRegistrationInfo@dom@mozilla@@@@PEAVnsIPrincipal@@PEAVnsIURI@@@Z
-?IsCodebasePrincipal@ContentPrincipal@mozilla@@UEBA_NXZ
+?IsContentPrincipal@ContentPrincipal@mozilla@@UEBA_NXZ
 ?GetServiceWorkerRegistrationInfo@ServiceWorkerManager@dom@mozilla@@AEBA?AU?$already_AddRefed@VServiceWorkerRegistrationInfo@dom@mozilla@@@@AEBV?$nsTSubstring@D@@PEAVnsIURI@@@Z
 ?FindScopeForPath@ServiceWorkerManager@dom@mozilla@@CA_NAEBV?$nsTSubstring@D@@0PEAPEAURegistrationDataPerPrincipal@123@AEAV4@@Z
 ?CacheQueueSize@CacheStorageService@net@mozilla@@SAI_N@Z
 ?QueueSize@CacheIOThread@net@mozilla@@QEAAI_N@Z
 ?GetCacheIndexEntryAttrs@CacheStorage@net@mozilla@@UEAA?AW4nsresult@@PEAVnsIURI@@AEBV?$nsTSubstring@D@@PEA_NPEAI@Z
 ?GetCacheIndexEntryAttrs@CacheStorageService@net@mozilla@@QEAA?AW4nsresult@@PEBVCacheStorage@23@AEBV?$nsTSubstring@D@@1PEA_NPEAI@Z
 ?assign_with_AddRef@?$RefPtr@VCacheEntryHandle@net@mozilla@@@@AEAAXPEAVCacheEntryHandle@net@mozilla@@@Z
 ?MaybeRaceCacheWithNetwork@nsHttpChannel@net@mozilla@@AEAA?AW4nsresult@@XZ
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -62,17 +62,17 @@ BasePrincipal::GetSiteOrigin(nsACString&
 }
 
 // Returns the inner Json::value of the serialized principal
 // Example input and return values:
 // Null principal:
 // {"0":{"0":"moz-nullprincipal:{56cac540-864d-47e7-8e25-1614eab5155e}"}} ->
 // {"0":"moz-nullprincipal:{56cac540-864d-47e7-8e25-1614eab5155e}"}
 //
-// Codebase principal:
+// Content principal:
 // {"1":{"0":"https://mozilla.com"}} -> {"0":"https://mozilla.com"}
 //
 // Expanded principal:
 // {"2":{"0":"<base64principal1>,<base64principal2>"}} ->
 // {"0":"<base64principal1>,<base64principal2>"}
 //
 // System principal:
 // {"3":{}} -> {}
@@ -97,17 +97,17 @@ static const Json::Value* GetPrincipalOb
   int principalKind = std::stoi(stringPrincipalKind);
   MOZ_ASSERT(BasePrincipal::eNullPrincipal == 0,
              "We need to rely on 0 being a bounds check for the first "
              "principal kind.");
   if (principalKind < 0 || principalKind > BasePrincipal::eKindMax) {
     return nullptr;
   }
   MOZ_ASSERT(principalKind == BasePrincipal::eNullPrincipal ||
-             principalKind == BasePrincipal::eCodebasePrincipal ||
+             principalKind == BasePrincipal::eContentPrincipal ||
              principalKind == BasePrincipal::eExpandedPrincipal ||
              principalKind == BasePrincipal::eSystemPrincipal);
   aOutPrincipalKind = principalKind;
 
   if (!aRoot[stringPrincipalKind].isObject()) {
     return nullptr;
   }
 
@@ -125,30 +125,30 @@ static const Json::Value* GetPrincipalOb
 // and string values here for the complete set of serializable keys that the
 // corresponding principal supports.
 //
 // The KeyVal object has the following fields:
 // - valueWasSerialized: is true if the deserialized JSON contained a string
 // value
 // - value: The string that was serialized for this key
 // - key: an SerializableKeys enum value specific to the principal.
-//        For example content principal is an enum of: eCodebase, eDomain,
+//        For example content principal is an enum of: eURI, eDomain,
 //        eSuffix, eCSP
 //
 //
 //  Given an inner content principal:
 //  {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
 //    |                |          |         |
 //    -----------------------------         |
 //         |           |                    |
 //        Key          ----------------------
 //                                |
 //                              Value
 //
-// They Key "0" corresponds to ContentPrincipal::eCodebase
+// They Key "0" corresponds to ContentPrincipal::eURI
 // They Key "1" corresponds to ContentPrincipal::eSuffix
 template <typename T>
 static nsTArray<typename T::KeyVal> GetJSONKeys(const Json::Value* aInput) {
   int size = T::eMax + 1;
   nsTArray<typename T::KeyVal> fields;
   for (int i = 0; i != size; i++) {
     typename T::KeyVal field;
     // field.valueWasSerialized returns if the field was found in the
@@ -223,17 +223,17 @@ already_AddRefed<BasePrincipal> BasePrin
     return principal.forget();
   }
 
   if (principalKind == eNullPrincipal) {
     nsTArray<NullPrincipal::KeyVal> res = GetJSONKeys<NullPrincipal>(value);
     return NullPrincipal::FromProperties(res);
   }
 
-  if (principalKind == eCodebasePrincipal) {
+  if (principalKind == eContentPrincipal) {
     nsTArray<ContentPrincipal::KeyVal> res =
         GetJSONKeys<ContentPrincipal>(value);
     return ContentPrincipal::FromProperties(res);
   }
 
   if (principalKind == eExpandedPrincipal) {
     nsTArray<ExpandedPrincipal::KeyVal> res =
         GetJSONKeys<ExpandedPrincipal>(value);
@@ -271,23 +271,23 @@ nsresult BasePrincipal::ToJSON(nsACStrin
     return NS_ERROR_UNEXPECTED;
   }
   return NS_OK;
 }
 
 bool BasePrincipal::Subsumes(nsIPrincipal* aOther,
                              DocumentDomainConsideration aConsideration) {
   MOZ_ASSERT(aOther);
-  MOZ_ASSERT_IF(Kind() == eCodebasePrincipal, mOriginSuffix);
+  MOZ_ASSERT_IF(Kind() == eContentPrincipal, mOriginSuffix);
 
   // Expanded principals handle origin attributes for each of their
   // sub-principals individually, null principals do only simple checks for
   // pointer equality, and system principals are immune to origin attributes
-  // checks, so only do this check for codebase principals.
-  if (Kind() == eCodebasePrincipal &&
+  // checks, so only do this check for content principals.
+  if (Kind() == eContentPrincipal &&
       mOriginSuffix != Cast(aOther)->mOriginSuffix) {
     return false;
   }
 
   return SubsumesInternal(aOther, aConsideration);
 }
 
 NS_IMETHODIMP
@@ -380,18 +380,18 @@ BasePrincipal::CheckMayLoad(nsIURI* aURI
 
 NS_IMETHODIMP
 BasePrincipal::GetIsNullPrincipal(bool* aResult) {
   *aResult = Kind() == eNullPrincipal;
   return NS_OK;
 }
 
 NS_IMETHODIMP
-BasePrincipal::GetIsCodebasePrincipal(bool* aResult) {
-  *aResult = Kind() == eCodebasePrincipal;
+BasePrincipal::GetIsContentPrincipal(bool* aResult) {
+  *aResult = Kind() == eContentPrincipal;
   return NS_OK;
 }
 
 NS_IMETHODIMP
 BasePrincipal::GetIsExpandedPrincipal(bool* aResult) {
   *aResult = Kind() == eExpandedPrincipal;
   return NS_OK;
 }
@@ -465,40 +465,40 @@ bool BasePrincipal::AddonHasPermission(c
 
 nsIPrincipal* BasePrincipal::PrincipalToInherit(nsIURI* aRequestedURI) {
   if (Is<ExpandedPrincipal>()) {
     return As<ExpandedPrincipal>()->PrincipalToInherit(aRequestedURI);
   }
   return this;
 }
 
-already_AddRefed<BasePrincipal> BasePrincipal::CreateCodebasePrincipal(
+already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
     nsIURI* aURI, const OriginAttributes& aAttrs) {
   MOZ_ASSERT(aURI);
 
   nsAutoCString originNoSuffix;
   nsresult rv =
       ContentPrincipal::GenerateOriginNoSuffixFromURI(aURI, originNoSuffix);
   if (NS_FAILED(rv)) {
     // If the generation of the origin fails, we still want to have a valid
     // principal. Better to return a null principal here.
     return NullPrincipal::Create(aAttrs);
   }
 
-  return CreateCodebasePrincipal(aURI, aAttrs, originNoSuffix);
+  return CreateContentPrincipal(aURI, aAttrs, originNoSuffix);
 }
 
-already_AddRefed<BasePrincipal> BasePrincipal::CreateCodebasePrincipal(
+already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
     nsIURI* aURI, const OriginAttributes& aAttrs,
     const nsACString& aOriginNoSuffix) {
   MOZ_ASSERT(aURI);
   MOZ_ASSERT(!aOriginNoSuffix.IsEmpty());
 
   // If the URI is supposed to inherit the security context of whoever loads it,
-  // we shouldn't make a codebase principal for it.
+  // we shouldn't make a content principal for it.
   bool inheritsPrincipal;
   nsresult rv = NS_URIChainHasFlags(
       aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
       &inheritsPrincipal);
   if (NS_FAILED(rv) || inheritsPrincipal) {
     return NullPrincipal::Create(aAttrs);
   }
 
@@ -509,70 +509,70 @@ already_AddRefed<BasePrincipal> BasePrin
   if (uriWithSpecialOrigin) {
     nsCOMPtr<nsIURI> origin;
     rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return nullptr;
     }
     MOZ_ASSERT(origin);
     OriginAttributes attrs;
-    RefPtr<BasePrincipal> principal = CreateCodebasePrincipal(origin, attrs);
+    RefPtr<BasePrincipal> principal = CreateContentPrincipal(origin, attrs);
     return principal.forget();
   }
 #endif
 
   nsCOMPtr<nsIPrincipal> blobPrincipal;
   if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
           aURI, getter_AddRefs(blobPrincipal))) {
     MOZ_ASSERT(blobPrincipal);
     RefPtr<BasePrincipal> principal = Cast(blobPrincipal);
     return principal.forget();
   }
 
-  // Mint a codebase principal.
-  RefPtr<ContentPrincipal> codebase = new ContentPrincipal();
-  rv = codebase->Init(aURI, aAttrs, aOriginNoSuffix);
+  // Mint a content principal.
+  RefPtr<ContentPrincipal> principal = new ContentPrincipal();
+  rv = principal->Init(aURI, aAttrs, aOriginNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
-  return codebase.forget();
+  return principal.forget();
 }
 
-already_AddRefed<BasePrincipal> BasePrincipal::CreateCodebasePrincipal(
+already_AddRefed<BasePrincipal> BasePrincipal::CreateContentPrincipal(
     const nsACString& aOrigin) {
   MOZ_ASSERT(!StringBeginsWith(aOrigin, NS_LITERAL_CSTRING("[")),
-             "CreateCodebasePrincipal does not support System and Expanded "
+             "CreateContentPrincipal does not support System and Expanded "
              "principals");
 
   MOZ_ASSERT(!StringBeginsWith(aOrigin,
                                NS_LITERAL_CSTRING(NS_NULLPRINCIPAL_SCHEME ":")),
-             "CreateCodebasePrincipal does not support NullPrincipal");
+             "CreateContentPrincipal does not support NullPrincipal");
 
   nsAutoCString originNoSuffix;
   OriginAttributes attrs;
   if (!attrs.PopulateFromOrigin(aOrigin, originNoSuffix)) {
     return nullptr;
   }
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
-  return BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+  return BasePrincipal::CreateContentPrincipal(uri, attrs);
 }
 
 already_AddRefed<BasePrincipal> BasePrincipal::CloneForcingOriginAttributes(
     const OriginAttributes& aOriginAttributes) {
-  if (NS_WARN_IF(!IsCodebasePrincipal())) {
+  if (NS_WARN_IF(!IsContentPrincipal())) {
     return nullptr;
   }
 
   nsAutoCString originNoSuffix;
   nsresult rv = GetOriginNoSuffix(originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
-  nsIURI* uri = static_cast<ContentPrincipal*>(this)->mCodebase;
+  nsIURI* uri = static_cast<ContentPrincipal*>(this)->mURI;
   RefPtr<ContentPrincipal> copy = new ContentPrincipal();
   rv = copy->Init(uri, aOriginAttributes, originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
   return copy.forget();
 }
 
 extensions::WebExtensionPolicy* BasePrincipal::ContentScriptAddonPolicy() {
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -28,17 +28,17 @@ namespace dom {
 class Document;
 }
 namespace extensions {
 class WebExtensionPolicy;
 }
 
 class BasePrincipal;
 
-// Codebase principals (and codebase principals embedded within expanded
+// Content principals (and content principals embedded within expanded
 // principals) stored in SiteIdentifier are guaranteed to contain only the
 // eTLD+1 part of the original domain. This is used to determine whether two
 // origins are same-site: if it's possible for two origins to access each other
 // (maybe after mutating document.domain), then they must have the same site
 // identifier.
 class SiteIdentifier {
  public:
   void Init(BasePrincipal* aPrincipal) {
@@ -69,17 +69,17 @@ class SiteIdentifier {
  * We should merge nsJSPrincipals into this class at some point.
  */
 class BasePrincipal : public nsJSPrincipals {
  public:
   // Warning: this enum impacts Principal serialization into JSON format.
   // Only update if you know exactly what you are doing
   enum PrincipalKind {
     eNullPrincipal = 0,
-    eCodebasePrincipal,
+    eContentPrincipal,
     eExpandedPrincipal,
     eSystemPrincipal,
     eKindMax = eSystemPrincipal
   };
 
   explicit BasePrincipal(PrincipalKind aKind);
 
   template <typename T>
@@ -108,17 +108,17 @@ class BasePrincipal : public nsJSPrincip
   NS_IMETHOD SubsumesConsideringDomain(nsIPrincipal* other,
                                        bool* _retval) final;
   NS_IMETHOD SubsumesConsideringDomainIgnoringFPD(nsIPrincipal* other,
                                                   bool* _retval) final;
   NS_IMETHOD CheckMayLoad(nsIURI* uri, bool report,
                           bool allowIfInheritsPrincipal) final;
   NS_IMETHOD GetAddonPolicy(nsISupports** aResult) final;
   NS_IMETHOD GetIsNullPrincipal(bool* aResult) override;
-  NS_IMETHOD GetIsCodebasePrincipal(bool* aResult) override;
+  NS_IMETHOD GetIsContentPrincipal(bool* aResult) override;
   NS_IMETHOD GetIsExpandedPrincipal(bool* aResult) override;
   NS_IMETHOD GetIsSystemPrincipal(bool* aResult) override;
   NS_IMETHOD GetIsAddonOrExpandedAddonPrincipal(bool* aResult) override;
   NS_IMETHOD GetOriginAttributes(JSContext* aCx,
                                  JS::MutableHandle<JS::Value> aVal) final;
   NS_IMETHOD GetOriginSuffix(nsACString& aOriginSuffix) final;
   NS_IMETHOD GetIsInIsolatedMozBrowserElement(
       bool* aIsInIsolatedMozBrowserElement) final;
@@ -129,34 +129,34 @@ class BasePrincipal : public nsJSPrincip
   nsresult ToJSON(nsACString& aJSON);
   static already_AddRefed<BasePrincipal> FromJSON(const nsACString& aJSON);
   // Method populates a passed Json::Value with serializable fields
   // which represent all of the fields to deserialize the principal
   virtual nsresult PopulateJSONObject(Json::Value& aObject);
 
   virtual bool AddonHasPermission(const nsAtom* aPerm);
 
-  virtual bool IsCodebasePrincipal() const { return false; };
+  virtual bool IsContentPrincipal() const { return false; };
 
   static BasePrincipal* Cast(nsIPrincipal* aPrin) {
     return static_cast<BasePrincipal*>(aPrin);
   }
 
   static const BasePrincipal* Cast(const nsIPrincipal* aPrin) {
     return static_cast<const BasePrincipal*>(aPrin);
   }
 
-  static already_AddRefed<BasePrincipal> CreateCodebasePrincipal(
+  static already_AddRefed<BasePrincipal> CreateContentPrincipal(
       const nsACString& aOrigin);
 
-  // These following method may not create a codebase principal in case it's
+  // These following method may not create a content principal in case it's
   // not possible to generate a correct origin from the passed URI. If this
   // happens, a NullPrincipal is returned.
 
-  static already_AddRefed<BasePrincipal> CreateCodebasePrincipal(
+  static already_AddRefed<BasePrincipal> CreateContentPrincipal(
       nsIURI* aURI, const OriginAttributes& aAttrs);
 
   const OriginAttributes& OriginAttributesRef() final {
     return mOriginAttributes;
   }
   extensions::WebExtensionPolicy* AddonPolicy();
   uint32_t UserContextId() const { return mOriginAttributes.mUserContextId; }
   uint32_t PrivateBrowsingId() const {
@@ -196,17 +196,17 @@ class BasePrincipal : public nsJSPrincip
   //
   // For most principal types, this returns the principal itself. For expanded
   // principals, it returns the first sub-principal which subsumes the given URI
   // (or, if no URI is given, the last allowlist principal).
   nsIPrincipal* PrincipalToInherit(nsIURI* aRequestedURI = nullptr);
 
   /* Returns true if this principal's CSP should override a document's CSP for
    * loads that it triggers. Currently true for expanded principals which
-   * subsume the document principal, and add-on codebase principals regardless
+   * subsume the document principal, and add-on content principals regardless
    * of whether they subsume the document principal.
    */
   bool OverridesCSP(nsIPrincipal* aDocumentPrincipal) {
     // Expanded principals override CSP if and only if they subsume the document
     // principal.
     if (mKind == eExpandedPrincipal) {
       return FastSubsumes(aDocumentPrincipal);
     }
@@ -241,17 +241,17 @@ class BasePrincipal : public nsJSPrincip
   // initialization of the principal objects.  It's typically called as the
   // last step from the Init() method of the child classes.
   void FinishInit(const nsACString& aOriginNoSuffix,
                   const OriginAttributes& aOriginAttributes);
   void FinishInit(BasePrincipal* aOther,
                   const OriginAttributes& aOriginAttributes);
 
  private:
-  static already_AddRefed<BasePrincipal> CreateCodebasePrincipal(
+  static already_AddRefed<BasePrincipal> CreateContentPrincipal(
       nsIURI* aURI, const OriginAttributes& aAttrs,
       const nsACString& aOriginNoSuffix);
 
   inline bool FastSubsumesIgnoringFPD(
       nsIPrincipal* aOther, DocumentDomainConsideration aConsideration);
 
   RefPtr<nsAtom> mOriginNoSuffix;
   RefPtr<nsAtom> mOriginSuffix;
@@ -265,23 +265,23 @@ class BasePrincipal : public nsJSPrincip
 inline bool BasePrincipal::FastEquals(nsIPrincipal* aOther) {
   auto other = Cast(aOther);
   if (Kind() != other->Kind()) {
     // Principals of different kinds can't be equal.
     return false;
   }
 
   // Two principals are considered to be equal if their origins are the same.
-  // If the two principals are codebase principals, their origin attributes
+  // If the two principals are content principals, their origin attributes
   // (aka the origin suffix) must also match.
   if (Kind() == eSystemPrincipal) {
     return this == other;
   }
 
-  if (Kind() == eCodebasePrincipal || Kind() == eNullPrincipal) {
+  if (Kind() == eContentPrincipal || Kind() == eNullPrincipal) {
     return mOriginNoSuffix == other->mOriginNoSuffix &&
            mOriginSuffix == other->mOriginSuffix;
   }
 
   MOZ_ASSERT(Kind() == eExpandedPrincipal);
   return mOriginNoSuffix == other->mOriginNoSuffix;
 }
 
@@ -315,17 +315,17 @@ inline bool BasePrincipal::FastSubsumesC
     return FastSubsumes(aOther);
   }
 
   return Subsumes(aOther, ConsiderDocumentDomain);
 }
 
 inline bool BasePrincipal::FastSubsumesIgnoringFPD(
     nsIPrincipal* aOther, DocumentDomainConsideration aConsideration) {
-  if (Kind() == eCodebasePrincipal &&
+  if (Kind() == eContentPrincipal &&
       !dom::ChromeUtils::IsOriginAttributesEqualIgnoringFPD(
           mOriginAttributes, Cast(aOther)->mOriginAttributes)) {
     return false;
   }
 
   return SubsumesInternal(aOther, aConsideration);
 }
 
--- a/caps/ContentPrincipal.cpp
+++ b/caps/ContentPrincipal.cpp
@@ -48,58 +48,57 @@ static inline ExtensionPolicyService& EP
   return ExtensionPolicyService::GetSingleton();
 }
 
 NS_IMPL_CLASSINFO(ContentPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
                   NS_PRINCIPAL_CID)
 NS_IMPL_QUERY_INTERFACE_CI(ContentPrincipal, nsIPrincipal, nsISerializable)
 NS_IMPL_CI_INTERFACE_GETTER(ContentPrincipal, nsIPrincipal, nsISerializable)
 
-ContentPrincipal::ContentPrincipal() : BasePrincipal(eCodebasePrincipal) {}
+ContentPrincipal::ContentPrincipal() : BasePrincipal(eContentPrincipal) {}
 
 ContentPrincipal::~ContentPrincipal() {}
 
-nsresult ContentPrincipal::Init(nsIURI* aCodebase,
+nsresult ContentPrincipal::Init(nsIURI* aURI,
                                 const OriginAttributes& aOriginAttributes,
                                 const nsACString& aOriginNoSuffix) {
-  NS_ENSURE_ARG(aCodebase);
+  NS_ENSURE_ARG(aURI);
 
   // Assert that the URI we get here isn't any of the schemes that we know we
   // should not get here.  These schemes always either inherit their principal
   // or fall back to a null principal.  These are schemes which return
   // URI_INHERITS_SECURITY_CONTEXT from their protocol handler's
   // GetProtocolFlags function.
   bool hasFlag;
   Unused << hasFlag;  // silence possible compiler warnings.
   MOZ_DIAGNOSTIC_ASSERT(
       NS_SUCCEEDED(NS_URIChainHasFlags(
-          aCodebase, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT,
-          &hasFlag)) &&
+          aURI, nsIProtocolHandler::URI_INHERITS_SECURITY_CONTEXT, &hasFlag)) &&
       !hasFlag);
 
-  mCodebase = aCodebase;
+  mURI = aURI;
   FinishInit(aOriginNoSuffix, aOriginAttributes);
 
   return NS_OK;
 }
 
 nsresult ContentPrincipal::Init(ContentPrincipal* aOther,
                                 const OriginAttributes& aOriginAttributes) {
   NS_ENSURE_ARG(aOther);
 
-  mCodebase = aOther->mCodebase;
+  mURI = aOther->mURI;
   FinishInit(aOther, aOriginAttributes);
 
   mDomain = aOther->mDomain;
   mAddon = aOther->mAddon;
   return NS_OK;
 }
 
 nsresult ContentPrincipal::GetScriptLocation(nsACString& aStr) {
-  return mCodebase->GetSpec(aStr);
+  return mURI->GetSpec(aStr);
 }
 
 /* static */
 nsresult ContentPrincipal::GenerateOriginNoSuffixFromURI(
     nsIURI* aURI, nsACString& aOriginNoSuffix) {
   if (!aURI) {
     return NS_ERROR_FAILURE;
   }
@@ -273,23 +272,23 @@ bool ContentPrincipal::SubsumesInternal(
       return isMatch;
     }
   }
 
   nsCOMPtr<nsIURI> otherURI;
   rv = aOther->GetURI(getter_AddRefs(otherURI));
   NS_ENSURE_SUCCESS(rv, false);
 
-  // Compare codebases.
-  return nsScriptSecurityManager::SecurityCompareURIs(mCodebase, otherURI);
+  // Compare uris.
+  return nsScriptSecurityManager::SecurityCompareURIs(mURI, otherURI);
 }
 
 NS_IMETHODIMP
 ContentPrincipal::GetURI(nsIURI** aURI) {
-  NS_ADDREF(*aURI = mCodebase);
+  NS_ADDREF(*aURI = mURI);
   return NS_OK;
 }
 
 bool ContentPrincipal::MayLoadInternal(nsIURI* aURI) {
   MOZ_ASSERT(aURI);
 
 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
   nsCOMPtr<nsIURIWithSpecialOrigin> uriWithSpecialOrigin =
@@ -298,17 +297,17 @@ bool ContentPrincipal::MayLoadInternal(n
     nsCOMPtr<nsIURI> origin;
     nsresult rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return false;
     }
     MOZ_ASSERT(origin);
     OriginAttributes attrs;
     RefPtr<BasePrincipal> principal =
-        BasePrincipal::CreateCodebasePrincipal(origin, attrs);
+        BasePrincipal::CreateContentPrincipal(origin, attrs);
     return nsIPrincipal::Subsumes(principal);
   }
 #endif
 
   nsCOMPtr<nsIPrincipal> blobPrincipal;
   if (dom::BlobURLProtocolHandler::GetBlobURLPrincipal(
           aURI, getter_AddRefs(blobPrincipal))) {
     MOZ_ASSERT(blobPrincipal);
@@ -316,34 +315,33 @@ bool ContentPrincipal::MayLoadInternal(n
   }
 
   // If this principal is associated with an addon, check whether that addon
   // has been given permission to load from this domain.
   if (AddonAllowsLoad(aURI)) {
     return true;
   }
 
-  if (nsScriptSecurityManager::SecurityCompareURIs(mCodebase, aURI)) {
+  if (nsScriptSecurityManager::SecurityCompareURIs(mURI, aURI)) {
     return true;
   }
 
   // If strict file origin policy is in effect, local files will always fail
   // SecurityCompareURIs unless they are identical. Explicitly check file origin
   // policy, in that case.
   if (nsScriptSecurityManager::GetStrictFileOriginPolicy() &&
-      NS_URIIsLocalFile(aURI) &&
-      NS_RelaxStrictFileOriginPolicy(aURI, mCodebase)) {
+      NS_URIIsLocalFile(aURI) && NS_RelaxStrictFileOriginPolicy(aURI, mURI)) {
     return true;
   }
 
   return false;
 }
 
 uint32_t ContentPrincipal::GetHashValue() {
-  MOZ_ASSERT(mCodebase, "Need a codebase");
+  MOZ_ASSERT(mURI, "Need a principal URI");
 
   return nsScriptSecurityManager::HashPrincipalByOrigin(this);
 }
 
 NS_IMETHODIMP
 ContentPrincipal::GetDomain(nsIURI** aDomain) {
   if (!mDomain) {
     *aDomain = nullptr;
@@ -370,87 +368,87 @@ ContentPrincipal::SetDomain(nsIURI* aDom
   JSPrincipals* principals =
       nsJSPrincipals::get(static_cast<nsIPrincipal*>(this));
   AutoSafeJSContext cx;
   JS::IterateRealmsWithPrincipals(cx, principals, nullptr, cb);
 
   return NS_OK;
 }
 
-static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aCodebase,
+static nsresult GetSpecialBaseDomain(const nsCOMPtr<nsIURI>& aURI,
                                      bool* aHandled, nsACString& aBaseDomain) {
   *aHandled = false;
 
   // Special handling for a file URI.
-  if (NS_URIIsLocalFile(aCodebase)) {
+  if (NS_URIIsLocalFile(aURI)) {
     // If strict file origin policy is not in effect, all local files are
     // considered to be same-origin, so return a known dummy domain here.
     if (!nsScriptSecurityManager::GetStrictFileOriginPolicy()) {
       *aHandled = true;
       aBaseDomain.AssignLiteral("UNIVERSAL_FILE_URI_ORIGIN");
       return NS_OK;
     }
 
     // Otherwise, we return the file path.
-    nsCOMPtr<nsIURL> url = do_QueryInterface(aCodebase);
+    nsCOMPtr<nsIURL> url = do_QueryInterface(aURI);
 
     if (url) {
       *aHandled = true;
       return url->GetFilePath(aBaseDomain);
     }
   }
 
   bool hasNoRelativeFlag;
-  nsresult rv = NS_URIChainHasFlags(
-      aCodebase, nsIProtocolHandler::URI_NORELATIVE, &hasNoRelativeFlag);
+  nsresult rv = NS_URIChainHasFlags(aURI, nsIProtocolHandler::URI_NORELATIVE,
+                                    &hasNoRelativeFlag);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   if (hasNoRelativeFlag) {
     *aHandled = true;
-    return aCodebase->GetSpec(aBaseDomain);
+    return aURI->GetSpec(aBaseDomain);
   }
 
   bool isBehaved;
-  if (NS_SUCCEEDED(aCodebase->SchemeIs("indexeddb", &isBehaved)) && isBehaved) {
+  if (NS_SUCCEEDED(aURI->SchemeIs("indexeddb", &isBehaved)) && isBehaved) {
     *aHandled = true;
-    return aCodebase->GetSpec(aBaseDomain);
+    return aURI->GetSpec(aBaseDomain);
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 ContentPrincipal::GetBaseDomain(nsACString& aBaseDomain) {
   // Handle some special URIs first.
   bool handled;
-  nsresult rv = GetSpecialBaseDomain(mCodebase, &handled, aBaseDomain);
+  nsresult rv = GetSpecialBaseDomain(mURI, &handled, aBaseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (handled) {
     return NS_OK;
   }
 
   // For everything else, we ask the TLD service via the ThirdPartyUtil.
   nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
       do_GetService(THIRDPARTYUTIL_CONTRACTID);
   if (!thirdPartyUtil) {
     return NS_ERROR_FAILURE;
   }
 
-  return thirdPartyUtil->GetBaseDomain(mCodebase, aBaseDomain);
+  return thirdPartyUtil->GetBaseDomain(mURI, aBaseDomain);
 }
 
 NS_IMETHODIMP
 ContentPrincipal::GetSiteOrigin(nsACString& aSiteOrigin) {
   // Handle some special URIs first.
   nsAutoCString baseDomain;
   bool handled;
-  nsresult rv = GetSpecialBaseDomain(mCodebase, &handled, baseDomain);
+  nsresult rv = GetSpecialBaseDomain(mURI, &handled, baseDomain);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (handled) {
     // This is a special URI ("file:", "about:", "view-source:", etc). Just
     // return the origin.
     return GetOrigin(aSiteOrigin);
   }
 
@@ -461,32 +459,32 @@ ContentPrincipal::GetSiteOrigin(nsACStri
   // See bug 1491728.
   nsCOMPtr<nsIEffectiveTLDService> tldService =
       do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
   if (!tldService) {
     return NS_ERROR_FAILURE;
   }
 
   bool gotBaseDomain = false;
-  rv = tldService->GetBaseDomain(mCodebase, 0, baseDomain);
+  rv = tldService->GetBaseDomain(mURI, 0, baseDomain);
   if (NS_SUCCEEDED(rv)) {
     gotBaseDomain = true;
   } else {
     // If this is an IP address or something like "localhost", we just continue
     // with gotBaseDomain = false.
     if (rv != NS_ERROR_HOST_IS_IP_ADDRESS &&
         rv != NS_ERROR_INSUFFICIENT_DOMAIN_LEVELS) {
       return rv;
     }
   }
 
   // NOTE: Calling `SetHostPort` with a portless domain is insufficient to clear
   // the port, so an extra `SetPort` call has to be made.
   nsCOMPtr<nsIURI> siteUri;
-  NS_MutateURI mutator(mCodebase);
+  NS_MutateURI mutator(mURI);
   mutator.SetUserPass(EmptyCString()).SetPort(-1);
   if (gotBaseDomain) {
     mutator.SetHost(baseDomain);
   }
   rv = mutator.Finalize(siteUri);
   MOZ_ASSERT(NS_SUCCEEDED(rv), "failed to create siteUri");
   NS_ENSURE_SUCCESS(rv, rv);
 
@@ -503,34 +501,33 @@ ContentPrincipal::GetSiteOrigin(nsACStri
   return NS_OK;
 }
 
 nsresult ContentPrincipal::GetSiteIdentifier(SiteIdentifier& aSite) {
   nsCString siteOrigin;
   nsresult rv = GetSiteOrigin(siteOrigin);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  RefPtr<BasePrincipal> principal = CreateCodebasePrincipal(siteOrigin);
+  RefPtr<BasePrincipal> principal = CreateContentPrincipal(siteOrigin);
   if (!principal) {
-    NS_WARNING("could not instantiate codebase principal");
+    NS_WARNING("could not instantiate content principal");
     return NS_ERROR_FAILURE;
   }
 
   aSite.Init(principal);
   return NS_OK;
 }
 
 WebExtensionPolicy* ContentPrincipal::AddonPolicy() {
   if (!mAddon.isSome()) {
-    NS_ENSURE_TRUE(mCodebase, nullptr);
+    NS_ENSURE_TRUE(mURI, nullptr);
 
     bool isMozExt;
-    if (NS_SUCCEEDED(mCodebase->SchemeIs("moz-extension", &isMozExt)) &&
-        isMozExt) {
-      mAddon.emplace(EPS().GetByURL(mCodebase.get()));
+    if (NS_SUCCEEDED(mURI->SchemeIs("moz-extension", &isMozExt)) && isMozExt) {
+      mAddon.emplace(EPS().GetByURL(mURI.get()));
     } else {
       mAddon.emplace(nullptr);
     }
   }
 
   return mAddon.value();
 }
 
@@ -543,30 +540,30 @@ ContentPrincipal::GetAddonId(nsAString& 
     aAddonId.Truncate();
   }
   return NS_OK;
 }
 
 NS_IMETHODIMP
 ContentPrincipal::Read(nsIObjectInputStream* aStream) {
   nsCOMPtr<nsISupports> supports;
-  nsCOMPtr<nsIURI> codebase;
+  nsCOMPtr<nsIURI> principalURI;
   nsresult rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
 
-  codebase = do_QueryInterface(supports);
+  principalURI = do_QueryInterface(supports);
   // Enforce re-parsing about: URIs so that if they change, we continue to use
   // their new principals correctly.
   bool isAbout = false;
-  if (NS_SUCCEEDED(codebase->SchemeIs("about", &isAbout)) && isAbout) {
+  if (NS_SUCCEEDED(principalURI->SchemeIs("about", &isAbout)) && isAbout) {
     nsAutoCString spec;
-    codebase->GetSpec(spec);
-    NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(codebase), spec),
+    principalURI->GetSpec(spec);
+    NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(principalURI), spec),
                       NS_ERROR_FAILURE);
   }
 
   nsCOMPtr<nsIURI> domain;
   rv = NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
   if (NS_FAILED(rv)) {
     return rv;
   }
@@ -590,20 +587,20 @@ ContentPrincipal::Read(nsIObjectInputStr
   // After Bug 1508939 we will have a new serialization for
   // Principals which allows us to update the code here.
   // Additionally, the format for serialized CSPs changed
   // within Bug 965637 which also can cause failures within
   // the CSP deserialization code.
   Unused << NS_ReadOptionalObject(aStream, true, getter_AddRefs(supports));
 
   nsAutoCString originNoSuffix;
-  rv = GenerateOriginNoSuffixFromURI(codebase, originNoSuffix);
+  rv = GenerateOriginNoSuffixFromURI(principalURI, originNoSuffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  rv = Init(codebase, attrs, originNoSuffix);
+  rv = Init(principalURI, attrs, originNoSuffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Note: we don't call SetDomain here because we don't need the wrapper
   // recomputation code there (we just created this principal).
   mDomain = domain;
   if (mDomain) {
     SetHasExplicitDomain();
   }
@@ -614,34 +611,34 @@ ContentPrincipal::Read(nsIObjectInputStr
 NS_IMETHODIMP
 ContentPrincipal::Write(nsIObjectOutputStream* aStream) {
   // Read is used still for legacy principals
   MOZ_RELEASE_ASSERT(false, "Old style serialization is removed");
   return NS_OK;
 }
 
 nsresult ContentPrincipal::PopulateJSONObject(Json::Value& aObject) {
-  nsAutoCString codebase;
-  nsresult rv = mCodebase->GetSpec(codebase);
+  nsAutoCString principalURI;
+  nsresult rv = mURI->GetSpec(principalURI);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // We turn each int enum field into a JSON string key of the object
   // aObject is the inner JSON object that has stringified enum keys
   // An example aObject might be:
   //
-  // eCodebase                   eSuffix
+  // eURI                   eSuffix
   //    |                           |
   //  {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}
   //    |                |          |         |
   //    -----------------------------         |
   //         |           |                    |
   //        Key          ----------------------
   //                                |
   //                              Value
-  aObject[std::to_string(eCodebase)] = codebase.get();
+  aObject[std::to_string(eURI)] = principalURI.get();
 
   if (mDomain) {
     nsAutoCString domainStr;
     rv = mDomain->GetSpec(domainStr);
     NS_ENSURE_SUCCESS(rv, rv);
     aObject[std::to_string(eDomain)] = domainStr.get();
   }
 
@@ -653,44 +650,45 @@ nsresult ContentPrincipal::PopulateJSONO
 
   return NS_OK;
 }
 
 already_AddRefed<BasePrincipal> ContentPrincipal::FromProperties(
     nsTArray<ContentPrincipal::KeyVal>& aFields) {
   MOZ_ASSERT(aFields.Length() == eMax + 1, "Must have all the keys");
   nsresult rv;
-  nsCOMPtr<nsIURI> codebaseURI;
+  nsCOMPtr<nsIURI> principalURI;
   nsCOMPtr<nsIURI> domain;
   nsCOMPtr<nsIContentSecurityPolicy> csp;
   OriginAttributes attrs;
 
   // The odd structure here is to make the code to not compile
   // if all the switch enum cases haven't been codified
   for (const auto& field : aFields) {
     switch (field.key) {
-      case ContentPrincipal::eCodebase:
+      case ContentPrincipal::eURI:
         if (!field.valueWasSerialized) {
           MOZ_ASSERT(
               false,
-              "Content principals require a codebase URI in serialized JSON");
+              "Content principals require a principal URI in serialized JSON");
           return nullptr;
         }
-        rv = NS_NewURI(getter_AddRefs(codebaseURI), field.value.get());
+        rv = NS_NewURI(getter_AddRefs(principalURI), field.value.get());
         NS_ENSURE_SUCCESS(rv, nullptr);
 
         {
           // Enforce re-parsing about: URIs so that if they change, we
           // continue to use their new principals correctly.
           bool isAbout =
-              NS_SUCCEEDED(codebaseURI->SchemeIs("about", &isAbout)) && isAbout;
+              NS_SUCCEEDED(principalURI->SchemeIs("about", &isAbout)) &&
+              isAbout;
           if (isAbout) {
             nsAutoCString spec;
-            codebaseURI->GetSpec(spec);
-            if (NS_FAILED(NS_NewURI(getter_AddRefs(codebaseURI), spec))) {
+            principalURI->GetSpec(spec);
+            if (NS_FAILED(NS_NewURI(getter_AddRefs(principalURI), spec))) {
               return nullptr;
             }
           }
         }
         break;
       case ContentPrincipal::eDomain:
         if (field.valueWasSerialized) {
           rv = NS_NewURI(getter_AddRefs(domain), field.value.get());
@@ -703,27 +701,27 @@ already_AddRefed<BasePrincipal> ContentP
           if (!ok) {
             return nullptr;
           }
         }
         break;
     }
   }
   nsAutoCString originNoSuffix;
-  rv = ContentPrincipal::GenerateOriginNoSuffixFromURI(codebaseURI,
+  rv = ContentPrincipal::GenerateOriginNoSuffixFromURI(principalURI,
                                                        originNoSuffix);
   if (NS_FAILED(rv)) {
     return nullptr;
   }
 
-  RefPtr<ContentPrincipal> codebase = new ContentPrincipal();
-  rv = codebase->Init(codebaseURI, attrs, originNoSuffix);
+  RefPtr<ContentPrincipal> principal = new ContentPrincipal();
+  rv = principal->Init(principalURI, attrs, originNoSuffix);
   if (NS_FAILED(rv)) {
     return nullptr;
   }
 
-  codebase->mDomain = domain;
-  if (codebase->mDomain) {
-    codebase->SetHasExplicitDomain();
+  principal->mDomain = domain;
+  if (principal->mDomain) {
+    principal->SetHasExplicitDomain();
   }
 
-  return codebase.forget();
+  return principal.forget();
 }
--- a/caps/ContentPrincipal.h
+++ b/caps/ContentPrincipal.h
@@ -28,43 +28,43 @@ class ContentPrincipal final : public Ba
   NS_IMETHOD QueryInterface(REFNSIID aIID, void** aInstancePtr) override;
   uint32_t GetHashValue() override;
   NS_IMETHOD GetURI(nsIURI** aURI) override;
   NS_IMETHOD GetDomain(nsIURI** aDomain) override;
   NS_IMETHOD SetDomain(nsIURI* aDomain) override;
   NS_IMETHOD GetBaseDomain(nsACString& aBaseDomain) override;
   NS_IMETHOD GetAddonId(nsAString& aAddonId) override;
   NS_IMETHOD GetSiteOrigin(nsACString& aSiteOrigin) override;
-  bool IsCodebasePrincipal() const override { return true; }
+  bool IsContentPrincipal() const override { return true; }
 
   ContentPrincipal();
 
-  static PrincipalKind Kind() { return eCodebasePrincipal; }
+  static PrincipalKind Kind() { return eContentPrincipal; }
 
   // Init() must be called before the principal is in a usable state.
-  nsresult Init(nsIURI* aCodebase, const OriginAttributes& aOriginAttributes,
+  nsresult Init(nsIURI* aURI, const OriginAttributes& aOriginAttributes,
                 const nsACString& aOriginNoSuffix);
   nsresult Init(ContentPrincipal* aOther,
                 const OriginAttributes& aOriginAttributes);
 
   virtual nsresult GetScriptLocation(nsACString& aStr) override;
 
   nsresult GetSiteIdentifier(SiteIdentifier& aSite) override;
 
   static nsresult GenerateOriginNoSuffixFromURI(nsIURI* aURI,
                                                 nsACString& aOrigin);
 
   extensions::WebExtensionPolicy* AddonPolicy();
 
   nsCOMPtr<nsIURI> mDomain;
-  nsCOMPtr<nsIURI> mCodebase;
+  nsCOMPtr<nsIURI> mURI;
 
   virtual nsresult PopulateJSONObject(Json::Value& aObject) override;
   // Serializable keys are the valid enum fields the serialization supports
-  enum SerializableKeys { eCodebase = 0, eDomain, eSuffix, eMax = eSuffix };
+  enum SerializableKeys { eURI = 0, eDomain, eSuffix, eMax = eSuffix };
   // KeyVal is a lightweight storage that passes
   // SerializableKeys and values after JSON parsing in the BasePrincipal to
   // FromProperties
   struct KeyVal {
     bool valueWasSerialized;
     nsCString value;
     SerializableKeys key;
   };
--- a/caps/NullPrincipal.cpp
+++ b/caps/NullPrincipal.cpp
@@ -214,24 +214,24 @@ NullPrincipal::Read(nsIObjectInputStream
 NS_IMETHODIMP
 NullPrincipal::Write(nsIObjectOutputStream* aStream) {
   // Read is used still for legacy principals
   MOZ_RELEASE_ASSERT(false, "Old style serialization is removed");
   return NS_OK;
 }
 
 nsresult NullPrincipal::PopulateJSONObject(Json::Value& aObject) {
-  nsAutoCString codebase;
-  nsresult rv = mURI->GetSpec(codebase);
+  nsAutoCString principalURI;
+  nsresult rv = mURI->GetSpec(principalURI);
   NS_ENSURE_SUCCESS(rv, rv);
-  MOZ_ASSERT(codebase.Length() ==
+  MOZ_ASSERT(principalURI.Length() ==
                  NS_LITERAL_CSTRING(NS_NULLPRINCIPAL_SCHEME ":").Length() +
                      NSID_LENGTH - 1,
              "Length of the URI should be: (scheme, uuid, - nullptr)");
-  aObject[std::to_string(eSpec)] = codebase.get();
+  aObject[std::to_string(eSpec)] = principalURI.get();
 
   nsAutoCString suffix;
   OriginAttributesRef().CreateSuffix(suffix);
   if (suffix.Length() > 0) {
     aObject[std::to_string(eSuffix)] = suffix.get();
   }
 
   return NS_OK;
--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@@ -65,17 +65,17 @@ interface nsIPrincipal : nsISerializable
     %}
 
     /**
      * Returns a hash value for the principal.
      */
     [notxpcom, nostdcall] readonly attribute unsigned long hashValue;
 
     /**
-     * The codebase URI to which this principal pertains.  This is
+     * The principal URI to which this principal pertains.  This is
      * generally the document URI.
      */
     [infallible] readonly attribute nsIURI URI;
 
     /**
      * The domain URI to which this principal pertains.
      * This is null unless script successfully sets document.domain to our URI
      * or a superdomain of our URI.
@@ -117,17 +117,17 @@ interface nsIPrincipal : nsISerializable
       DECL_FAST_INLINE_HELPER(SubsumesConsideringDomain)
       DECL_FAST_INLINE_HELPER(SubsumesConsideringDomainIgnoringFPD)
 #undef DECL_FAST_INLINE_HELPER
     %}
 
     /**
      * Checks whether this principal is allowed to load the network resource
      * located at the given URI under the same-origin policy. This means that
-     * codebase principals are only allowed to load resources from the same
+     * content principals are only allowed to load resources from the same
      * domain, the system principal is allowed to load anything, and null
      * principals can only load URIs where they are the principal. This is
      * changed by the optional flag allowIfInheritsPrincipal (which defaults to
      * false) which allows URIs that inherit their loader's principal.
      *
      * If the load is allowed this function does nothing. If the load is not
      * allowed the function throws NS_ERROR_DOM_BAD_URI.
      *
@@ -165,17 +165,17 @@ interface nsIPrincipal : nsISerializable
     [implicit_jscontext]
     readonly attribute jsval originAttributes;
 
     [noscript, notxpcom, nostdcall, binaryname(OriginAttributesRef)]
     const_OriginAttributes OriginAttributesRef();
 
     /**
      * A canonical representation of the origin for this principal. This
-     * consists of a base string (which, for codebase principals, is of the
+     * consists of a base string (which, for content principals, is of the
      * format scheme://host:port), concatenated with |originAttributes| (see
      * below).
      *
      * We maintain the invariant that principalA.equals(principalB) if and only
      * if principalA.origin == principalB.origin.
      */
     readonly attribute ACString origin;
 
@@ -207,17 +207,17 @@ interface nsIPrincipal : nsISerializable
      * principals which allow mutating |domain|, such as ContentPrincipal,
      * override the default implementation in BasePrincipal.
      *
      * TODO(nika): Use this in DocGroup.
      */
     readonly attribute ACString siteOrigin;
 
     /**
-     * The base domain of the codebase URI to which this principal pertains
+     * The base domain of the principal URI to which this principal pertains
      * (generally the document URI), handling null principals and
      * non-hierarchical schemes correctly.
      */
     readonly attribute ACString baseDomain;
 
     /**
      * Gets the ID of the add-on this principal belongs to.
      */
@@ -250,19 +250,19 @@ interface nsIPrincipal : nsISerializable
 
     /**
      * Returns true iff this is a null principal (corresponding to an
      * unknown, hence assumed minimally privileged, security context).
      */
     [infallible] readonly attribute boolean isNullPrincipal;
 
     /**
-     * Returns true iff this principal corresponds to a codebase origin.
+     * Returns true iff this principal corresponds to a principal origin.
      */
-    [infallible] readonly attribute boolean isCodebasePrincipal;
+    [infallible] readonly attribute boolean isContentPrincipal;
 
     /**
      * Returns true iff this is an expanded principal.
      */
     [infallible] readonly attribute boolean isExpandedPrincipal;
 
     /**
      * Returns true iff this is the system principal.  C++ callers should use
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -139,48 +139,48 @@ interface nsIScriptSecurityManager : nsI
      * Return the all-powerful system principal.
      */
     nsIPrincipal getSystemPrincipal();
 
     /**
      * Returns a principal that has the OriginAttributes of the load context.
      * @param loadContext to get the OriginAttributes from.
      */
-    nsIPrincipal getLoadContextCodebasePrincipal(in nsIURI uri,
+    nsIPrincipal getLoadContextContentPrincipal(in nsIURI uri,
                                                  in nsILoadContext loadContext);
 
     /**
      * Returns a principal that has the OriginAttributes of the docshell.
      * @param docShell to get the OriginAttributes from.
      */
-    nsIPrincipal getDocShellCodebasePrincipal(in nsIURI uri,
+    nsIPrincipal getDocShellContentPrincipal(in nsIURI uri,
                                               in nsIDocShell docShell);
 
     /**
-     * If this is a codebase principal, return a copy with different
+     * If this is a content principal, return a copy with different
      * origin attributes.
      */
     [implicit_jscontext]
     nsIPrincipal principalWithOA(in nsIPrincipal principal,
                                  in jsval originAttributes);
 
     /**
      * Returns a principal whose origin is composed of |uri| and |originAttributes|.
      * See nsIPrincipal.idl for a description of origin attributes, and
      * ChromeUtils.webidl for a list of origin attributes and their defaults.
      */
     [implicit_jscontext]
-    nsIPrincipal createCodebasePrincipal(in nsIURI uri, in jsval originAttributes);
+    nsIPrincipal createContentPrincipal(in nsIURI uri, in jsval originAttributes);
 
     /**
      * Returns a principal whose origin is the one we pass in.
      * See nsIPrincipal.idl for a description of origin attributes, and
      * ChromeUtils.webidl for a list of origin attributes and their defaults.
      */
-    nsIPrincipal createCodebasePrincipalFromOrigin(in ACString origin);
+    nsIPrincipal createContentPrincipalFromOrigin(in ACString origin);
 
     /**
      * Takes a principal and returns a string representation of it or a nullptr if it can't be serialized.
      * Example output: `{"1": {"0": "https://mozilla.com", "2": "^privateBrowsingId=1"}}`
      */
     ACString principalToJSON(in nsIPrincipal principal);
 
     /**
@@ -208,17 +208,17 @@ interface nsIScriptSecurityManager : nsI
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
                             in boolean reportError,
                             in boolean fromPrivateWindow);
 
     /**
      * Get the principal for the given channel.  This will typically be the
-     * channel owner if there is one, and the codebase principal for the
+     * channel owner if there is one, and the content principal for the
      * channel's URI otherwise.  aChannel must not be null.
      */
     nsIPrincipal getChannelResultPrincipal(in nsIChannel aChannel);
 
     /**
      * Get the storage principal for the given channel.  This is basically the
      * same of getChannelResultPrincipal() execept for trackers, where we
      * return a principal with a different OriginAttributes.
@@ -249,17 +249,17 @@ interface nsIScriptSecurityManager : nsI
      * document chain.  The triggering principal itself may still be the null
      * principal due to sandboxing further up a document chain.  In that regard
      * the ignoring of sandboxing is limited.
      */
     [noscript, nostdcall]
     nsIPrincipal getChannelResultPrincipalIfNotSandboxed(in nsIChannel aChannel);
 
     /**
-     * Get the codebase principal for the channel's URI.
+     * Get the content principal for the channel's URI.
      * aChannel must not be null.
      */
     nsIPrincipal getChannelURIPrincipal(in nsIChannel aChannel);
 
     const unsigned long DEFAULT_USER_CONTEXT_ID = 0;
 
     /**
      * Per-domain controls to enable and disable script. This system is designed
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -371,17 +371,17 @@ nsScriptSecurityManager::GetChannelURIPr
   // Inherit the origin attributes from loadInfo.
   // If this is a top-level document load, the origin attributes of the
   // loadInfo will be set from nsDocShell::DoURILoad.
   // For subresource loading, the origin attributes of the loadInfo is from
   // its loadingPrincipal.
   OriginAttributes attrs = loadInfo->GetOriginAttributes();
 
   nsCOMPtr<nsIPrincipal> prin =
-      BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      BasePrincipal::CreateContentPrincipal(uri, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 /////////////////////////////
 // nsScriptSecurityManager //
 /////////////////////////////
 
@@ -1116,42 +1116,42 @@ nsScriptSecurityManager::InFileURIAllowl
 NS_IMETHODIMP
 nsScriptSecurityManager::GetSystemPrincipal(nsIPrincipal** result) {
   NS_ADDREF(*result = mSystemPrincipal);
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::CreateCodebasePrincipal(
+nsScriptSecurityManager::CreateContentPrincipal(
     nsIURI* aURI, JS::Handle<JS::Value> aOriginAttributes, JSContext* aCx,
     nsIPrincipal** aPrincipal) {
   OriginAttributes attrs;
   if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
     return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin =
-      BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+      BasePrincipal::CreateContentPrincipal(aURI, attrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::CreateCodebasePrincipalFromOrigin(
+nsScriptSecurityManager::CreateContentPrincipalFromOrigin(
     const nsACString& aOrigin, nsIPrincipal** aPrincipal) {
   if (StringBeginsWith(aOrigin, NS_LITERAL_CSTRING("["))) {
     return NS_ERROR_INVALID_ARG;
   }
 
   if (StringBeginsWith(aOrigin,
                        NS_LITERAL_CSTRING(NS_NULLPRINCIPAL_SCHEME ":"))) {
     return NS_ERROR_INVALID_ARG;
   }
 
-  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(aOrigin);
+  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateContentPrincipal(aOrigin);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::PrincipalToJSON(nsIPrincipal* aPrincipal,
                                          nsACString& aJSON) {
   aJSON.Truncate();
@@ -1194,45 +1194,45 @@ nsScriptSecurityManager::CreateNullPrinc
     return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = NullPrincipal::Create(attrs);
   prin.forget(aPrincipal);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::GetLoadContextCodebasePrincipal(
+nsScriptSecurityManager::GetLoadContextContentPrincipal(
     nsIURI* aURI, nsILoadContext* aLoadContext, nsIPrincipal** aPrincipal) {
   NS_ENSURE_STATE(aLoadContext);
   OriginAttributes docShellAttrs;
   aLoadContext->GetOriginAttributes(docShellAttrs);
 
   nsCOMPtr<nsIPrincipal> prin =
-      BasePrincipal::CreateCodebasePrincipal(aURI, docShellAttrs);
+      BasePrincipal::CreateContentPrincipal(aURI, docShellAttrs);
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::GetDocShellCodebasePrincipal(
+nsScriptSecurityManager::GetDocShellContentPrincipal(
     nsIURI* aURI, nsIDocShell* aDocShell, nsIPrincipal** aPrincipal) {
-  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateCodebasePrincipal(
+  nsCOMPtr<nsIPrincipal> prin = BasePrincipal::CreateContentPrincipal(
       aURI, nsDocShell::Cast(aDocShell)->GetOriginAttributes());
   prin.forget(aPrincipal);
   return *aPrincipal ? NS_OK : NS_ERROR_FAILURE;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::PrincipalWithOA(
     nsIPrincipal* aPrincipal, JS::Handle<JS::Value> aOriginAttributes,
     JSContext* aCx, nsIPrincipal** aReturnPrincipal) {
   if (!aPrincipal) {
     return NS_OK;
   }
-  if (aPrincipal->GetIsCodebasePrincipal()) {
+  if (aPrincipal->GetIsContentPrincipal()) {
     OriginAttributes attrs;
     if (!aOriginAttributes.isObject() || !attrs.Init(aCx, aOriginAttributes)) {
       return NS_ERROR_INVALID_ARG;
     }
     RefPtr<ContentPrincipal> copy = new ContentPrincipal();
     ContentPrincipal* contentPrincipal =
         static_cast<ContentPrincipal*>(aPrincipal);
     nsresult rv = copy->Init(contentPrincipal, attrs);
--- a/caps/tests/gtest/TestPrincipalSerialization.cpp
+++ b/caps/tests/gtest/TestPrincipalSerialization.cpp
@@ -21,28 +21,27 @@ using mozilla::SystemPrincipal;
 TEST(PrincipalSerialization, ReusedJSONArgument)
 {
   nsCOMPtr<nsIScriptSecurityManager> ssm =
       nsScriptSecurityManager::GetScriptSecurityManager();
 
   nsAutoCString spec("https://mozilla.com");
   nsCOMPtr<nsIPrincipal> principal;
   nsresult rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec, getter_AddRefs(principal));
+      ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
   ASSERT_EQ(rv, NS_OK);
 
   nsAutoCString JSON;
   rv = BasePrincipal::Cast(principal)->ToJSON(JSON);
   ASSERT_EQ(rv, NS_OK);
   ASSERT_TRUE(JSON.EqualsLiteral("{\"1\":{\"0\":\"https://mozilla.com/\"}}"));
 
   nsAutoCString spec2("https://example.com");
   nsCOMPtr<nsIPrincipal> principal2;
-  rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+  rv = ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
   ASSERT_EQ(rv, NS_OK);
 
   // Reuse JSON without truncation to check the code is doing this
   rv = BasePrincipal::Cast(principal2)->ToJSON(JSON);
   ASSERT_EQ(rv, NS_OK);
   ASSERT_TRUE(JSON.EqualsLiteral("{\"1\":{\"0\":\"https://example.com/\"}}"));
 }
 
@@ -77,17 +76,17 @@ TEST(PrincipalSerialization, TwoKeys)
       BasePrincipal::FromJSON(NS_LITERAL_CSTRING("{\"3\":{}}"));
   ASSERT_EQ(BasePrincipal::Cast(systemPrincipal)->Kind(),
             BasePrincipal::eSystemPrincipal);
 
   // Sanity check that this returns a content principal
   nsCOMPtr<nsIPrincipal> contentPrincipal = BasePrincipal::FromJSON(
       NS_LITERAL_CSTRING("{\"1\":{\"0\":\"https://mozilla.com\"}}"));
   ASSERT_EQ(BasePrincipal::Cast(contentPrincipal)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
 
   // Check both combined don't return a principal
   nsCOMPtr<nsIPrincipal> combinedPrincipal = BasePrincipal::FromJSON(
       NS_LITERAL_CSTRING("{\"1\":{\"0\":\"https://mozilla.com\"},\"3\":{}}"));
   ASSERT_EQ(nullptr, combinedPrincipal);
 }
 
 #endif  // ifndef MOZ_DEBUG
@@ -100,29 +99,29 @@ TEST(PrincipalSerialization, ExpandedPri
 
   uint32_t length = 2;
   nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
   allowedDomains.SetLength(length);
 
   nsAutoCString spec("https://mozilla.com");
   nsCOMPtr<nsIPrincipal> principal;
   nsresult rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec, getter_AddRefs(principal));
+      ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
   allowedDomains[0] = principal;
 
   nsAutoCString spec2("https://mozilla.org");
   nsCOMPtr<nsIPrincipal> principal2;
   rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+      ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
   allowedDomains[1] = principal2;
 
   OriginAttributes attrs;
   RefPtr<ExpandedPrincipal> result =
       ExpandedPrincipal::Create(allowedDomains, attrs);
   ASSERT_EQ(BasePrincipal::Cast(result)->Kind(),
             BasePrincipal::eExpandedPrincipal);
 
@@ -137,21 +136,21 @@ TEST(PrincipalSerialization, ExpandedPri
   auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
   ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
 
   ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
   ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
 
   nsAutoCString specDev("https://mozilla.dev");
   nsCOMPtr<nsIPrincipal> principalDev;
-  rv = ssm->CreateCodebasePrincipalFromOrigin(specDev,
+  rv = ssm->CreateContentPrincipalFromOrigin(specDev,
                                               getter_AddRefs(principalDev));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
 
   ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
 }
 
 TEST(PrincipalSerialization, ExpandedPrincipalOA)
 {
   // Check Expandedprincipal works with top level OA
   nsCOMPtr<nsIScriptSecurityManager> ssm =
@@ -159,29 +158,29 @@ TEST(PrincipalSerialization, ExpandedPri
 
   uint32_t length = 2;
   nsTArray<nsCOMPtr<nsIPrincipal> > allowedDomains(length);
   allowedDomains.SetLength(length);
 
   nsAutoCString spec("https://mozilla.com");
   nsCOMPtr<nsIPrincipal> principal;
   nsresult rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec, getter_AddRefs(principal));
+      ssm->CreateContentPrincipalFromOrigin(spec, getter_AddRefs(principal));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principal)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
   allowedDomains[0] = principal;
 
   nsAutoCString spec2("https://mozilla.org");
   nsCOMPtr<nsIPrincipal> principal2;
   rv =
-      ssm->CreateCodebasePrincipalFromOrigin(spec2, getter_AddRefs(principal2));
+      ssm->CreateContentPrincipalFromOrigin(spec2, getter_AddRefs(principal2));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principal2)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
   allowedDomains[1] = principal2;
 
   OriginAttributes attrs;
   nsAutoCString suffix("^userContextId=1");
   bool ok = attrs.PopulateFromSuffix(suffix);
   ASSERT_TRUE(ok);
 
   RefPtr<ExpandedPrincipal> result =
@@ -201,16 +200,16 @@ TEST(PrincipalSerialization, ExpandedPri
   auto outPrincipal = BasePrincipal::Cast(returnedPrincipal);
   ASSERT_EQ(outPrincipal->Kind(), BasePrincipal::eExpandedPrincipal);
 
   ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal));
   ASSERT_TRUE(outPrincipal->FastSubsumesIgnoringFPD(principal2));
 
   nsAutoCString specDev("https://mozilla.dev");
   nsCOMPtr<nsIPrincipal> principalDev;
-  rv = ssm->CreateCodebasePrincipalFromOrigin(specDev,
+  rv = ssm->CreateContentPrincipalFromOrigin(specDev,
                                               getter_AddRefs(principalDev));
   ASSERT_EQ(rv, NS_OK);
   ASSERT_EQ(BasePrincipal::Cast(principalDev)->Kind(),
-            BasePrincipal::eCodebasePrincipal);
+            BasePrincipal::eContentPrincipal);
 
   ASSERT_FALSE(outPrincipal->FastSubsumesIgnoringFPD(principalDev));
 }
--- a/caps/tests/mochitest/browser_checkloaduri.js
+++ b/caps/tests/mochitest/browser_checkloaduri.js
@@ -295,17 +295,17 @@ function testURL(
 add_task(async function() {
   await kAboutPagesRegistered;
   let baseFlags = ssm.STANDARD | ssm.DONT_REPORT_ERRORS;
   for (let [sourceString, targetsAndExpectations] of URLs) {
     let source;
     if (sourceString.startsWith("about:test-chrome-privs")) {
       source = ssm.getSystemPrincipal();
     } else {
-      source = ssm.createCodebasePrincipal(makeURI(sourceString), {});
+      source = ssm.createContentPrincipal(makeURI(sourceString), {});
     }
     for (let [
       target,
       canLoad,
       canLoadWithoutInherit,
       canCreate,
     ] of targetsAndExpectations) {
       testURL(
--- a/caps/tests/mochitest/test_addonMayLoad.html
+++ b/caps/tests/mochitest/test_addonMayLoad.html
@@ -48,19 +48,19 @@ https://bugzilla.mozilla.org/show_bug.cg
               "  xhr.onreadystatechange = function() { if (xhr.readyState == XMLHttpRequest.DONE) { finish(xhr.status == 200); } };" +
               "  xhr.open('GET', '" + uri + "', true);" +
               "  xhr.send();" +
               "})() } catch (e) { error(e); }");
     });
     return p;
   }
 
-  let addonA = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI("moz-extension://addonA/"), {}),
+  let addonA = new Cu.Sandbox(ssm.createContentPrincipal(Services.io.newURI("moz-extension://addonA/"), {}),
                               {wantGlobalProperties: ["XMLHttpRequest"]});
-  let addonB = new Cu.Sandbox(ssm.createCodebasePrincipal(Services.io.newURI("moz-extension://addonB/"), {}),
+  let addonB = new Cu.Sandbox(ssm.createContentPrincipal(Services.io.newURI("moz-extension://addonB/"), {}),
                               {wantGlobalProperties: ["XMLHttpRequest"]});
 
   function uriForDomain(d) { return d + "/tests/caps/tests/mochitest/file_data.txt"; }
 
   tryLoad(addonA, uriForDomain("http://test4.example.org"))
   .then(function(success) {
     ok(!success, "cross-origin load should fail for addon A");
     return tryLoad(addonA, uriForDomain("http://test1.example.org"));
--- a/caps/tests/unit/test_origin.js
+++ b/caps/tests/unit/test_origin.js
@@ -30,19 +30,19 @@ function checkOriginAttributes(prin, att
     attrs.inIsolatedMozBrowser || false
   );
   Assert.equal(prin.originSuffix, suffix || "");
   Assert.equal(ChromeUtils.originAttributesToSuffix(attrs), suffix || "");
   Assert.ok(
     ChromeUtils.originAttributesMatchPattern(prin.originAttributes, attrs)
   );
   if (!prin.isNullPrincipal && !prin.origin.startsWith("[")) {
-    Assert.ok(ssm.createCodebasePrincipalFromOrigin(prin.origin).equals(prin));
+    Assert.ok(ssm.createContentPrincipalFromOrigin(prin.origin).equals(prin));
   } else {
-    checkThrows(() => ssm.createCodebasePrincipalFromOrigin(prin.origin));
+    checkThrows(() => ssm.createContentPrincipalFromOrigin(prin.origin));
   }
 }
 
 function checkSandboxOriginAttributes(arr, attrs, options) {
   options = options || {};
   var sandbox = Cu.Sandbox(arr, options);
   checkOriginAttributes(
     Cu.getObjectPrincipal(sandbox),
@@ -83,40 +83,40 @@ function checkValues(attrs, values) {
   Assert.equal(attrs.privateBrowsingId, values.privateBrowsingId || "");
   Assert.equal(attrs.firstPartyDomain, values.firstPartyDomain || "");
 }
 
 function run_test() {
   // Attributeless origins.
   Assert.equal(ssm.getSystemPrincipal().origin, "[System Principal]");
   checkOriginAttributes(ssm.getSystemPrincipal());
-  var exampleOrg = ssm.createCodebasePrincipal(
+  var exampleOrg = ssm.createContentPrincipal(
     makeURI("http://example.org"),
     {}
   );
   Assert.equal(exampleOrg.origin, "http://example.org");
   checkOriginAttributes(exampleOrg);
-  var exampleCom = ssm.createCodebasePrincipal(
+  var exampleCom = ssm.createContentPrincipal(
     makeURI("https://www.example.com:123"),
     {}
   );
   Assert.equal(exampleCom.origin, "https://www.example.com:123");
   checkOriginAttributes(exampleCom);
   var nullPrin = Cu.getObjectPrincipal(new Cu.Sandbox(null));
   Assert.ok(
     /^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(nullPrin.origin)
   );
   checkOriginAttributes(nullPrin);
-  var ipv6Prin = ssm.createCodebasePrincipal(
+  var ipv6Prin = ssm.createContentPrincipal(
     makeURI("https://[2001:db8::ff00:42:8329]:123"),
     {}
   );
   Assert.equal(ipv6Prin.origin, "https://[2001:db8::ff00:42:8329]:123");
   checkOriginAttributes(ipv6Prin);
-  var ipv6NPPrin = ssm.createCodebasePrincipal(
+  var ipv6NPPrin = ssm.createContentPrincipal(
     makeURI("https://[2001:db8::ff00:42:8329]"),
     {}
   );
   Assert.equal(ipv6NPPrin.origin, "https://[2001:db8::ff00:42:8329]");
   checkOriginAttributes(ipv6NPPrin);
   var ep = Cu.getObjectPrincipal(
     Cu.Sandbox([exampleCom, nullPrin, exampleOrg])
   );
@@ -127,29 +127,29 @@ function run_test() {
   // nsEP origins should be in lexical order.
   Assert.equal(
     ep.origin,
     `[Expanded Principal [${exampleOrg.origin}, ${exampleCom.origin}, ${
       nullPrin.origin
     }]]`
   );
 
-  // Make sure createCodebasePrincipal does what the rest of gecko does.
+  // Make sure createContentPrincipal does what the rest of gecko does.
   Assert.ok(
     exampleOrg.equals(
       Cu.getObjectPrincipal(new Cu.Sandbox("http://example.org"))
     )
   );
 
   //
   // Test origin attributes.
   //
 
   // Just browser.
-  var exampleOrg_browser = ssm.createCodebasePrincipal(
+  var exampleOrg_browser = ssm.createContentPrincipal(
     makeURI("http://example.org"),
     { inIsolatedMozBrowser: true }
   );
   var nullPrin_browser = ssm.createNullPrincipal({
     inIsolatedMozBrowser: true,
   });
   checkOriginAttributes(
     exampleOrg_browser,
@@ -159,32 +159,32 @@ function run_test() {
   checkOriginAttributes(
     nullPrin_browser,
     { inIsolatedMozBrowser: true },
     "^inBrowser=1"
   );
   Assert.equal(exampleOrg_browser.origin, "http://example.org^inBrowser=1");
 
   // First party Uri
-  var exampleOrg_firstPartyDomain = ssm.createCodebasePrincipal(
+  var exampleOrg_firstPartyDomain = ssm.createContentPrincipal(
     makeURI("http://example.org"),
     { firstPartyDomain: "example.org" }
   );
   checkOriginAttributes(
     exampleOrg_firstPartyDomain,
     { firstPartyDomain: "example.org" },
     "^firstPartyDomain=example.org"
   );
   Assert.equal(
     exampleOrg_firstPartyDomain.origin,
     "http://example.org^firstPartyDomain=example.org"
   );
 
   // Just userContext.
-  var exampleOrg_userContext = ssm.createCodebasePrincipal(
+  var exampleOrg_userContext = ssm.createContentPrincipal(
     makeURI("http://example.org"),
     { userContextId: 42 }
   );
   checkOriginAttributes(
     exampleOrg_userContext,
     { userContextId: 42 },
     "^userContextId=42"
   );
@@ -210,29 +210,29 @@ function run_test() {
   // Check that all of the above are cross-origin.
   checkCrossOrigin(exampleOrg_browser, nullPrin_browser);
   checkCrossOrigin(exampleOrg_firstPartyDomain, exampleOrg);
   checkCrossOrigin(exampleOrg_userContext, exampleOrg);
 
   // Check Principal kinds.
   function checkKind(prin, kind) {
     Assert.equal(prin.isNullPrincipal, kind == "nullPrincipal");
-    Assert.equal(prin.isCodebasePrincipal, kind == "codebasePrincipal");
+    Assert.equal(prin.isContentPrincipal, kind == "contentPrincipal");
     Assert.equal(prin.isExpandedPrincipal, kind == "expandedPrincipal");
     Assert.equal(prin.isSystemPrincipal, kind == "systemPrincipal");
   }
   checkKind(ssm.createNullPrincipal({}), "nullPrincipal");
   checkKind(
-    ssm.createCodebasePrincipal(makeURI("http://www.example.com"), {}),
-    "codebasePrincipal"
+    ssm.createContentPrincipal(makeURI("http://www.example.com"), {}),
+    "contentPrincipal"
   );
   checkKind(
     Cu.getObjectPrincipal(
       Cu.Sandbox([
-        ssm.createCodebasePrincipal(makeURI("http://www.example.com"), {}),
+        ssm.createContentPrincipal(makeURI("http://www.example.com"), {}),
       ])
     ),
     "expandedPrincipal"
   );
   checkKind(ssm.getSystemPrincipal(), "systemPrincipal");
 
   //
   // Test Origin Attribute Manipulation
@@ -307,19 +307,19 @@ function run_test() {
 
   var fileURI = makeURI("file:///foo/bar").QueryInterface(Ci.nsIFileURL);
   var fileTests = [
     [true, fileURI.spec],
     [false, "file://UNIVERSAL_FILE_URI_ORIGIN"],
   ];
   fileTests.forEach(t => {
     Services.prefs.setBoolPref("security.fileuri.strict_origin_policy", t[0]);
-    var filePrin = ssm.createCodebasePrincipal(fileURI, {});
+    var filePrin = ssm.createContentPrincipal(fileURI, {});
     Assert.equal(filePrin.origin, t[1]);
   });
   Services.prefs.clearUserPref("security.fileuri.strict_origin_policy");
 
   var aboutBlankURI = makeURI("about:blank");
-  var aboutBlankPrin = ssm.createCodebasePrincipal(aboutBlankURI, {});
+  var aboutBlankPrin = ssm.createContentPrincipal(aboutBlankURI, {});
   Assert.ok(
     /^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(aboutBlankPrin.origin)
   );
 }
--- a/devtools/client/inspector/shared/test/browser_styleinspector_csslogic-content-stylesheets.js
+++ b/devtools/client/inspector/shared/test/browser_styleinspector_csslogic-content-stylesheets.js
@@ -9,17 +9,17 @@
 // FIXME: this test opens the devtools for nothing, it should be changed into a
 // devtools/server/tests/mochitest/test_css-logic-...something...html
 // test
 
 const TEST_URI_HTML = TEST_URL_ROOT + "doc_content_stylesheet.html";
 const TEST_URI_AUTHOR = TEST_URL_ROOT + "doc_author-sheet.html";
 const TEST_URI_XUL = TEST_URL_ROOT + "doc_content_stylesheet.xul";
 const XUL_URI = Services.io.newURI(TEST_URI_XUL);
-const XUL_PRINCIPAL = Services.scriptSecurityManager.createCodebasePrincipal(
+const XUL_PRINCIPAL = Services.scriptSecurityManager.createContentPrincipal(
   XUL_URI,
   {}
 );
 
 add_task(async function() {
   requestLongerTimeout(2);
 
   info("Checking stylesheets on HTML document");
--- a/devtools/client/storage/test/head.js
+++ b/devtools/client/storage/test/head.js
@@ -998,17 +998,17 @@ var focusSearchBoxUsingShortcut = async 
 function getCookieId(name, domain, path) {
   return `${name}${SEPARATOR_GUID}${domain}${SEPARATOR_GUID}${path}`;
 }
 
 function setPermission(url, permission) {
   const nsIPermissionManager = Ci.nsIPermissionManager;
 
   const uri = Services.io.newURI(url);
-  const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  const principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Cc["@mozilla.org/permissionmanager;1"]
     .getService(nsIPermissionManager)
     .addFromPrincipal(principal, permission, nsIPermissionManager.ALLOW_ACTION);
 }
--- a/devtools/client/webconsole/test/mochitest/browser_webconsole_trackingprotection_errors.js
+++ b/devtools/client/webconsole/test/mochitest/browser_webconsole_trackingprotection_errors.js
@@ -146,17 +146,17 @@ add_task(async function testTrackerCooki
   );
   win.close();
 });
 
 add_task(async function testCookieBlockedByPermissionMessage() {
   info("Test cookie blocked by permission message");
   // Turn off tracking protection and add a block permission on the URL.
   await pushPref("privacy.trackingprotection.enabled", false);
-  const p = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  const p = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     TRACKER_URL
   );
   Services.perms.addFromPrincipal(
     p,
     "cookie",
     Ci.nsIPermissionManager.DENY_ACTION
   );
 
--- a/devtools/client/webconsole/test/mochitest/browser_webconsole_warning_group_content_blocking.js
+++ b/devtools/client/webconsole/test/mochitest/browser_webconsole_warning_group_content_blocking.js
@@ -134,17 +134,17 @@ add_task(async function testTrackerCooki
       "enabled."
   );
 });
 
 add_task(async function testCookieBlockedByPermissionMessage() {
   info("Test cookie blocked by permission message");
   // Turn off tracking protection and add a block permission on the URL.
   await pushPref("privacy.trackingprotection.enabled", false);
-  const p = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  const p = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "http://tracking.example.org/"
   );
   Services.perms.addFromPrincipal(
     p,
     "cookie",
     Ci.nsIPermissionManager.DENY_ACTION
   );
 
--- a/devtools/server/actors/storage.js
+++ b/devtools/server/actors/storage.js
@@ -1381,17 +1381,17 @@ StorageActors.createActor(
 StorageActors.createActor(
   {
     typeName: "Cache",
   },
   {
     async getCachesForHost(host) {
       const uri = Services.io.newURI(host);
       const attrs = this.storageActor.document.nodePrincipal.originAttributes;
-      const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      const principal = Services.scriptSecurityManager.createContentPrincipal(
         uri,
         attrs
       );
 
       // The first argument tells if you want to get |content| cache or |chrome|
       // cache.
       // The |content| cache is the cache explicitely named by the web content
       // (service worker or web page).
--- a/devtools/shared/DevToolsUtils.js
+++ b/devtools/shared/DevToolsUtils.js
@@ -491,17 +491,17 @@ DevToolsUtils.defineLazyGetter(this, "Ne
  *        An object with the following optional properties:
  *        - loadFromCache: if false, will bypass the cache and
  *          always load fresh from the network (default: true)
  *        - policy: the nsIContentPolicy type to apply when fetching the URL
  *                  (only works when loading from system principal)
  *        - window: the window to get the loadGroup from
  *        - charset: the charset to use if the channel doesn't provide one
  *        - principal: the principal to use, if omitted, the request is loaded
- *                     with a codebase principal corresponding to the url being
+ *                     with a content principal corresponding to the url being
  *                     loaded, using the origin attributes of the window, if any.
  *        - cacheKey: when loading from cache, use this key to retrieve a cache
  *                    specific to a given SHEntry. (Allows loading POST
  *                    requests from cache)
  * @returns Promise that resolves with an object with the following members on
  *          success:
  *           - content: the document at that URL, as a string,
  *           - contentType: the content type of the document
@@ -708,17 +708,17 @@ function newChannelForURL(
   } else {
     // If a window is not provided, then we must set a loading principal.
 
     // If the caller did not provide a principal, then we use the URI
     // to create one.  Note, it's not clear what use cases require this
     // and it may not be correct.
     let prin = principal;
     if (!prin) {
-      prin = Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
+      prin = Services.scriptSecurityManager.createContentPrincipal(uri, {});
     }
 
     channelOptions.loadingPrincipal = prin;
   }
 
   try {
     return NetUtil.newChannel(channelOptions);
   } catch (e) {
--- a/devtools/shared/indexed-db.js
+++ b/devtools/shared/indexed-db.js
@@ -8,17 +8,17 @@
  * This indexedDB helper is a simplified version of sdk/indexed-db. It creates a DB with
  * a principal dedicated to DevTools.
  */
 
 const Services = require("Services");
 
 const PSEUDOURI = "indexeddb://fx-devtools";
 const principaluri = Services.io.newURI(PSEUDOURI);
-const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+const principal = Services.scriptSecurityManager.createContentPrincipal(
   principaluri,
   {}
 );
 
 /**
  * Create the DevTools dedicated DB, by relying on the real indexedDB object passed as a
  * parameter here.
  *
--- a/devtools/shared/tests/unit/test_console_filtering.js
+++ b/devtools/shared/tests/unit/test_console_filtering.js
@@ -50,17 +50,17 @@ function createFakeAddonWindow({ addonId
     mozExtensionHostname: uuid,
     baseURL: "file:///",
     allowedOrigins: new MatchPatternSet([]),
     localizeCallback() {},
   });
   policy.active = true;
 
   const baseURI = Services.io.newURI(`moz-extension://${uuid}/`);
-  const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  const principal = Services.scriptSecurityManager.createContentPrincipal(
     baseURI,
     {}
   );
   const chromeWebNav = Services.appShell.createWindowlessBrowser(true);
   const { docShell } = chromeWebNav;
   docShell.createAboutBlankContentViewer(principal, principal);
   const addonWindow = docShell.contentViewer.DOMDocument.defaultView;
 
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -6579,18 +6579,18 @@ void nsDocShell::OnRedirectStateChange(n
       // Permission will be checked in the parent process.
       appCacheChannel->SetChooseApplicationCache(true);
     } else {
       nsCOMPtr<nsIScriptSecurityManager> secMan =
           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
 
       if (secMan) {
         nsCOMPtr<nsIPrincipal> principal;
-        secMan->GetDocShellCodebasePrincipal(newURI, this,
-                                             getter_AddRefs(principal));
+        secMan->GetDocShellContentPrincipal(newURI, this,
+                                            getter_AddRefs(principal));
         appCacheChannel->SetChooseApplicationCache(
             NS_ShouldCheckAppCache(principal));
       }
     }
   }
 
   if (!(aRedirectFlags & nsIChannelEventSink::REDIRECT_INTERNAL) &&
       mLoadType & (LOAD_CMD_RELOAD | LOAD_CMD_HISTORY)) {
@@ -9761,23 +9761,23 @@ static bool IsConsideredSameOriginForUIR
   // ----------------------------------------------------------------
   // http://example.com/foo.html  | http://example.com/bar.html  | true
   // https://example.com/foo.html | https://example.com/bar.html | true
   // https://example.com/foo.html | http://example.com/bar.html  | true
   if (aTriggeringPrincipal->Equals(aResultPrincipal)) {
     return true;
   }
 
-  if (!aResultPrincipal->GetIsCodebasePrincipal()) {
+  if (!aResultPrincipal->GetIsContentPrincipal()) {
     return false;
   }
 
   nsCOMPtr<nsIURI> resultURI = aResultPrincipal->GetURI();
 
-  // We know this is a codebase principal, and codebase principals require valid
+  // We know this is a content principal, and content principals require valid
   // URIs, so we shouldn't need to check non-null here.
   if (!SchemeIsHTTP(resultURI)) {
     return false;
   }
 
   nsresult rv;
   nsAutoCString tmpResultSpec;
   rv = resultURI->GetSpec(tmpResultSpec);
@@ -9788,17 +9788,17 @@ static bool IsConsideredSameOriginForUIR
   nsCOMPtr<nsIURI> tmpResultURI;
   rv = NS_NewURI(getter_AddRefs(tmpResultURI), tmpResultSpec);
   NS_ENSURE_SUCCESS(rv, false);
 
   mozilla::OriginAttributes tmpOA =
       BasePrincipal::Cast(aResultPrincipal)->OriginAttributesRef();
 
   nsCOMPtr<nsIPrincipal> tmpResultPrincipal =
-      BasePrincipal::CreateCodebasePrincipal(tmpResultURI, tmpOA);
+      BasePrincipal::CreateContentPrincipal(tmpResultURI, tmpOA);
 
   return aTriggeringPrincipal->Equals(tmpResultPrincipal);
 }
 
 nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
                                bool aLoadFromExternal, nsIDocShell** aDocShell,
                                nsIRequest** aRequest) {
   // Double-check that we're still around to load this URI.
@@ -10167,18 +10167,18 @@ nsresult nsDocShell::DoURILoad(nsDocShel
       // Permission will be checked in the parent process
       appCacheChannel->SetChooseApplicationCache(true);
     } else {
       nsCOMPtr<nsIScriptSecurityManager> secMan =
           do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
 
       if (secMan) {
         nsCOMPtr<nsIPrincipal> principal;
-        secMan->GetDocShellCodebasePrincipal(aLoadState->URI(), this,
-                                             getter_AddRefs(principal));
+        secMan->GetDocShellContentPrincipal(aLoadState->URI(), this,
+                                            getter_AddRefs(principal));
         appCacheChannel->SetChooseApplicationCache(
             NS_ShouldCheckAppCache(principal));
       }
     }
   }
 
   // Make sure to give the caller a channel if we managed to create one
   // This is important for correct error page/session history interaction
--- a/docshell/base/nsDocShellLoadState.cpp
+++ b/docshell/base/nsDocShellLoadState.cpp
@@ -383,17 +383,17 @@ nsresult nsDocShellLoadState::SetupTrigg
   // important to note that this block of code needs to appear *after* the block
   // where we munge the principalToInherit, because otherwise we would never
   // enter code blocks checking if the principalToInherit is null and we will
   // end up with a wrong inheritPrincipal flag.
   if (!mTriggeringPrincipal) {
     if (mReferrerInfo) {
       nsCOMPtr<nsIURI> referrer = mReferrerInfo->GetOriginalReferrer();
       mTriggeringPrincipal =
-          BasePrincipal::CreateCodebasePrincipal(referrer, aOriginAttributes);
+          BasePrincipal::CreateContentPrincipal(referrer, aOriginAttributes);
 
       if (!mTriggeringPrincipal) {
         return NS_ERROR_FAILURE;
       }
     } else {
       mTriggeringPrincipal = nsContentUtils::GetSystemPrincipal();
     }
   }
--- a/docshell/test/browser/browser_loadDisallowInherit.js
+++ b/docshell/test/browser/browser_loadDisallowInherit.js
@@ -33,17 +33,17 @@ function startTest() {
     });
     browser.loadURI(url, { flags, triggeringPrincipal });
   }
 
   // Load a normal http URL
   function testURL(url, func) {
     let secMan = Services.scriptSecurityManager;
     let ios = Services.io;
-    let artificialPrincipal = secMan.createCodebasePrincipal(
+    let artificialPrincipal = secMan.createContentPrincipal(
       ios.newURI("http://example.com/"),
       {}
     );
     loadURL("http://example.com/", 0, artificialPrincipal, function() {
       let pagePrincipal = browser.contentPrincipal;
       ok(pagePrincipal, "got principal for http:// page");
 
       // Now load the URL normally
--- a/dom/base/ContentAreaDropListener.jsm
+++ b/dom/base/ContentAreaDropListener.jsm
@@ -185,17 +185,17 @@ ContentAreaDropListener.prototype =
       } else {
         principalURISpec = "file:///";
       }
     }
     let ioService = Cc["@mozilla.org/network/io-service;1"]
         .getService(Ci.nsIIOService);
     let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].
         getService(Ci.nsIScriptSecurityManager);
-    return secMan.createCodebasePrincipal(ioService.newURI(principalURISpec), {});
+    return secMan.createContentPrincipal(ioService.newURI(principalURISpec), {});
   },
 
   getTriggeringPrincipal: function(aEvent)
   {
     let dataTransfer = aEvent.dataTransfer;
     return this._getTriggeringPrincipalFromDataTransfer(dataTransfer, true);
 
   },
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -2419,17 +2419,17 @@ void Document::ResetToURI(nsIURI* aURI, 
         aLoadGroup->GetNotificationCallbacks(getter_AddRefs(cbs));
         loadContext = do_GetInterface(cbs);
       }
 
       MOZ_ASSERT(loadContext,
                  "must have a load context or pass in an explicit principal");
 
       nsCOMPtr<nsIPrincipal> principal;
-      nsresult rv = securityManager->GetLoadContextCodebasePrincipal(
+      nsresult rv = securityManager->GetLoadContextContentPrincipal(
           mDocumentURI, loadContext, getter_AddRefs(principal));
       if (NS_SUCCEEDED(rv)) {
         SetPrincipals(principal, principal);
       }
     }
   }
 
   if (mFontFaceSet) {
@@ -5424,37 +5424,37 @@ void Document::GetCookie(nsAString& aCoo
     return;
   }
 
   // not having a cookie service isn't an error
   nsCOMPtr<nsICookieService> service =
       do_GetService(NS_COOKIESERVICE_CONTRACTID);
   if (service) {
     // Get a URI from the document principal. We use the original
-    // codebase in case the codebase was changed by SetDomain
-    nsCOMPtr<nsIURI> codebaseURI;
-    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
-
-    if (!codebaseURI) {
-      // Document's principal is not a codebase (may be system), so
+    // content URI in case the domain was changed by SetDomain
+    nsCOMPtr<nsIURI> principalURI;
+    NodePrincipal()->GetURI(getter_AddRefs(principalURI));
+
+    if (!principalURI) {
+      // Document's principal is not a content or null (may be system), so
       // can't set cookies
 
       return;
     }
 
     nsCOMPtr<nsIChannel> channel(mChannel);
     if (!channel) {
-      channel = CreateDummyChannelForCookies(codebaseURI);
+      channel = CreateDummyChannelForCookies(principalURI);
       if (!channel) {
         return;
       }
     }
 
     nsAutoCString cookie;
-    service->GetCookieString(codebaseURI, channel, cookie);
+    service->GetCookieString(principalURI, channel, cookie);
     // CopyUTF8toUTF16 doesn't handle error
     // because it assumes that the input is valid.
     UTF_8_ENCODING->DecodeWithoutBOMHandling(cookie, aCookie);
   }
 }
 
 void Document::SetCookie(const nsAString& aCookie, ErrorResult& rv) {
   if (mDisableCookieAccess) {
@@ -5483,53 +5483,53 @@ void Document::SetCookie(const nsAString
     return;
   }
 
   // not having a cookie service isn't an error
   nsCOMPtr<nsICookieService> service =
       do_GetService(NS_COOKIESERVICE_CONTRACTID);
   if (service && mDocumentURI) {
     // The code for getting the URI matches Navigator::CookieEnabled
-    nsCOMPtr<nsIURI> codebaseURI;
-    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
-
-    if (!codebaseURI) {
-      // Document's principal is not a codebase (may be system), so
+    nsCOMPtr<nsIURI> principalURI;
+    NodePrincipal()->GetURI(getter_AddRefs(principalURI));
+
+    if (!principalURI) {
+      // Document's principal is not a content or null (may be system), so
       // can't set cookies
 
       return;
     }
 
     nsCOMPtr<nsIChannel> channel(mChannel);
     if (!channel) {
-      channel = CreateDummyChannelForCookies(codebaseURI);
+      channel = CreateDummyChannelForCookies(principalURI);
       if (!channel) {
         return;
       }
     }
 
     NS_ConvertUTF16toUTF8 cookie(aCookie);
-    service->SetCookieString(codebaseURI, nullptr, cookie, channel);
+    service->SetCookieString(principalURI, nullptr, cookie, channel);
   }
 }
 
 already_AddRefed<nsIChannel> Document::CreateDummyChannelForCookies(
-    nsIURI* aCodebaseURI) {
+    nsIURI* aContentURI) {
   // The cookie service reads the privacy status of the channel we pass to it in
   // order to determine which cookie database to query.  In some cases we don't
   // have a proper channel to hand it to the cookie service though.  This
   // function creates a dummy channel that is not used to load anything, for the
   // sole purpose of handing it to the cookie service.  DO NOT USE THIS CHANNEL
   // FOR ANY OTHER PURPOSE.
   MOZ_ASSERT(!mChannel);
 
   // The following channel is never openend, so it does not matter what
   // securityFlags we pass; let's follow the principle of least privilege.
   nsCOMPtr<nsIChannel> channel;
-  NS_NewChannel(getter_AddRefs(channel), aCodebaseURI, this,
+  NS_NewChannel(getter_AddRefs(channel), aContentURI, this,
                 nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
                 nsIContentPolicy::TYPE_INVALID);
   nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel = do_QueryInterface(channel);
   nsCOMPtr<nsIDocShell> docShell(mDocumentContainer);
   nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
   if (!pbChannel || !loadContext) {
     return nullptr;
   }
--- a/dom/base/Document.h
+++ b/dom/base/Document.h
@@ -2314,17 +2314,17 @@ class Document : public nsINode,
    * Reset the document using the given channel and loadgroup.  This works
    * like ResetToURI, but also sets the document's channel to aChannel.
    * The principal of the document will be set from the channel.
    */
   virtual void Reset(nsIChannel* aChannel, nsILoadGroup* aLoadGroup);
 
   /**
    * Reset this document to aURI, aLoadGroup, aPrincipal and aStoragePrincipal.
-   * aURI must not be null.  If aPrincipal is null, a codebase principal based
+   * aURI must not be null.  If aPrincipal is null, a content principal based
    * on aURI will be used.
    */
   virtual void ResetToURI(nsIURI* aURI, nsILoadGroup* aLoadGroup,
                           nsIPrincipal* aPrincipal,
                           nsIPrincipal* aStoragePrincipal);
 
   /**
    * Set the container (docshell) for this document. Virtual so that
@@ -2686,25 +2686,25 @@ class Document : public nsINode,
   bool IsCookieAverse() const {
     // If we are a document that "has no browsing context."
     if (!GetInnerWindow()) {
       return true;
     }
 
     // If we are a document "whose URL's scheme is not a network scheme."
     // NB: Explicitly allow file: URIs to store cookies.
-    nsCOMPtr<nsIURI> codebaseURI;
-    NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
-
-    if (!codebaseURI) {
+    nsCOMPtr<nsIURI> contentURI;
+    NodePrincipal()->GetURI(getter_AddRefs(contentURI));
+
+    if (!contentURI) {
       return true;
     }
 
     nsAutoCString scheme;
-    codebaseURI->GetScheme(scheme);
+    contentURI->GetScheme(scheme);
     return !scheme.EqualsLiteral("http") && !scheme.EqualsLiteral("https") &&
            !scheme.EqualsLiteral("ftp") && !scheme.EqualsLiteral("file");
   }
 
   bool IsLoadedAsData() { return mLoadedAsData; }
 
   bool IsLoadedAsInteractiveData() { return mLoadedAsInteractiveData; }
 
@@ -4362,17 +4362,17 @@ class Document : public nsINode,
   static bool MatchNameAttribute(Element* aElement, int32_t aNamespaceID,
                                  nsAtom* aAtom, void* aData);
   static void* UseExistingNameString(nsINode* aRootNode, const nsString* aName);
 
   void MaybeResolveReadyForIdle();
 
   // This should *ONLY* be used in GetCookie/SetCookie.
   already_AddRefed<nsIChannel> CreateDummyChannelForCookies(
-      nsIURI* aCodebaseURI);
+      nsIURI* aContentURI);
 
   nsCOMPtr<nsIReferrerInfo> mPreloadReferrerInfo;
   nsCOMPtr<nsIReferrerInfo> mReferrerInfo;
 
   nsString mLastModified;
 
   nsCOMPtr<nsIURI> mDocumentURI;
   nsCOMPtr<nsIURI> mOriginalURI;
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -493,28 +493,28 @@ bool Navigator::CookieEnabled() {
     return cookieEnabled;
   }
 
   nsCOMPtr<Document> doc = mWindow->GetExtantDoc();
   if (!doc) {
     return cookieEnabled;
   }
 
-  nsCOMPtr<nsIURI> codebaseURI;
-  doc->NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
+  nsCOMPtr<nsIURI> contentURI;
+  doc->NodePrincipal()->GetURI(getter_AddRefs(contentURI));
 
-  if (!codebaseURI) {
-    // Not a codebase, so technically can't set cookies, but let's
+  if (!contentURI) {
+    // Not a content, so technically can't set cookies, but let's
     // just return the default value.
     return cookieEnabled;
   }
 
   uint32_t rejectedReason = 0;
   bool granted = AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
-      mWindow, codebaseURI, &rejectedReason);
+      mWindow, contentURI, &rejectedReason);
 
   AntiTrackingCommon::NotifyBlockingDecision(
       mWindow,
       granted ? AntiTrackingCommon::BlockingDecision::eAllow
               : AntiTrackingCommon::BlockingDecision::eBlock,
       rejectedReason);
   return granted;
 }
--- a/dom/base/nsContentSink.cpp
+++ b/dom/base/nsContentSink.cpp
@@ -305,31 +305,31 @@ nsresult nsContentSink::ProcessHeaderDat
     nsCOMPtr<nsICookieService> cookieServ =
         do_GetService(NS_COOKIESERVICE_CONTRACTID, &rv);
     if (NS_FAILED(rv)) {
       return rv;
     }
 
     // Get a URI from the document principal
 
-    // We use the original codebase in case the codebase was changed
+    // We use the original content URI in case the principal was changed
     // by SetDomain
 
-    // Note that a non-codebase principal (eg the system principal) will return
+    // Note that a non-content principal (eg the system principal) will return
     // a null URI.
-    nsCOMPtr<nsIURI> codebaseURI;
-    rv = mDocument->NodePrincipal()->GetURI(getter_AddRefs(codebaseURI));
-    NS_ENSURE_TRUE(codebaseURI, rv);
+    nsCOMPtr<nsIURI> contentURI;
+    rv = mDocument->NodePrincipal()->GetURI(getter_AddRefs(contentURI));
+    NS_ENSURE_TRUE(contentURI, rv);
 
     nsCOMPtr<nsIChannel> channel;
     if (mParser) {
       mParser->GetChannel(getter_AddRefs(channel));
     }
 
-    rv = cookieServ->SetCookieString(codebaseURI, nullptr,
+    rv = cookieServ->SetCookieString(contentURI, nullptr,
                                      NS_ConvertUTF16toUTF8(aValue), channel);
     if (NS_FAILED(rv)) {
       return rv;
     }
   }
 
   return rv;
 }
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -8986,17 +8986,17 @@ bool nsContentUtils::HttpsStateIsModern(
       }
     }
   }
 
   if (principal->GetIsNullPrincipal()) {
     return false;
   }
 
-  MOZ_ASSERT(principal->GetIsCodebasePrincipal());
+  MOZ_ASSERT(principal->GetIsContentPrincipal());
 
   nsCOMPtr<nsIContentSecurityManager> csm =
       do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
   NS_WARNING_ASSERTION(csm, "csm is null");
   if (csm) {
     bool isTrustworthyOrigin = false;
     csm->IsOriginPotentiallyTrustworthy(principal, &isTrustworthyOrigin);
     if (isTrustworthyOrigin) {
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1676,19 +1676,19 @@ bool nsGlobalWindowOuter::ComputeIsSecur
   }
 
   if (principal->GetIsNullPrincipal()) {
     nsCOMPtr<nsIURI> uri = aDocument->GetOriginalURI();
     // IsOriginPotentiallyTrustworthy doesn't care about origin attributes so
     // it doesn't actually matter what we use here, but reusing the document
     // principal's attributes is convenient.
     const OriginAttributes& attrs = principal->OriginAttributesRef();
-    // CreateCodebasePrincipal correctly gets a useful principal for blob: and
+    // CreateContentPrincipal correctly gets a useful principal for blob: and
     // other URI_INHERITS_SECURITY_CONTEXT URIs.
-    principal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+    principal = BasePrincipal::CreateContentPrincipal(uri, attrs);
     if (NS_WARN_IF(!principal)) {
       return false;
     }
   }
 
   nsCOMPtr<nsIContentSecurityManager> csm =
       do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
   NS_WARNING_ASSERTION(csm, "csm is null");
@@ -5968,17 +5968,17 @@ bool nsGlobalWindowOuter::GetPrincipalFo
 
         attrs = principal->OriginAttributesRef();
       }
     }
 
     // Create a nsIPrincipal inheriting the app/browser attributes from the
     // caller.
     providedPrincipal =
-        BasePrincipal::CreateCodebasePrincipal(aTargetOriginURI, attrs);
+        BasePrincipal::CreateContentPrincipal(aTargetOriginURI, attrs);
     if (NS_WARN_IF(!providedPrincipal)) {
       return false;
     }
   } else {
     // We still need to check the originAttributes if the target origin is '*'.
     // But we will ingore the FPD here since the FPDs are possible to be
     // different.
     auto principal = BasePrincipal::Cast(GetPrincipal());
@@ -7286,17 +7286,17 @@ void nsGlobalWindowOuter::MaybeAllowStor
   if (!nsContentUtils::IsThirdPartyWindowOrChannel(inner, nullptr, aURI)) {
     return;
   }
 
   Document* doc = inner->GetDoc();
   if (!doc) {
     return;
   }
-  nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateCodebasePrincipal(
+  nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal(
       aURI, doc->NodePrincipal()->OriginAttributesRef());
 
   // We don't care when the asynchronous work finishes here.
   Unused << AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
       principal, inner, AntiTrackingCommon::eOpener);
 }
 
 //*****************************************************************************
--- a/dom/base/test/browser_multiple_popups.js
+++ b/dom/base/test/browser_multiple_popups.js
@@ -70,17 +70,17 @@ add_task(async _ => {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["dom.block_multiple_popups", true],
       ["dom.disable_open_during_load", true],
     ],
   });
 
   const uri = Services.io.newURI(TEST_DOMAIN);
-  const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  const principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Services.perms.addFromPrincipal(
     principal,
     "popup",
     Services.perms.ALLOW_ACTION
@@ -133,17 +133,17 @@ add_task(async _ => {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["dom.block_multiple_popups", true],
       ["dom.disable_open_during_load", true],
     ],
   });
 
   const uri = Services.io.newURI(TEST_DOMAIN);
-  const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  const principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Services.perms.addFromPrincipal(
     principal,
     "popup",
     Services.perms.ALLOW_ACTION
@@ -351,17 +351,17 @@ add_task(async _ => {
   await SpecialPowers.pushPrefEnv({
     set: [
       ["dom.block_multiple_popups", true],
       ["dom.disable_open_during_load", true],
     ],
   });
 
   const uri = Services.io.newURI(TEST_DOMAIN);
-  const principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  const principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Services.perms.addFromPrincipal(
     principal,
     "popup",
     Services.perms.ALLOW_ACTION
--- a/dom/base/test/unit/test_structuredcloneholder.js
+++ b/dom/base/test/unit/test_structuredcloneholder.js
@@ -1,14 +1,14 @@
 "use strict";
 
 const global = this;
 
 add_task(async function test_structuredCloneHolder() {
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     Services.io.newURI("http://example.com/"),
     {}
   );
 
   let sandbox = Cu.Sandbox(principal);
 
   const obj = { foo: [{ bar: "baz" }] };
 
@@ -108,17 +108,17 @@ add_task(async function test_structuredC
     err => err.result == Cr.NS_ERROR_NOT_INITIALIZED,
     "Attempting to deserialize neutered holder throws"
   );
 });
 
 // Test that X-rays passed to an exported function are serialized
 // through their exported wrappers.
 add_task(async function test_structuredCloneHolder_xray() {
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     Services.io.newURI("http://example.com/"),
     {}
   );
 
   let sandbox1 = Cu.Sandbox(principal, { wantXrays: true });
 
   let sandbox2 = Cu.Sandbox(principal, { wantXrays: true });
   Cu.evalInSandbox(`this.x = {y: "z", get z() { return "q" }}`, sandbox2);
--- a/dom/browser-element/mochitest/browserElement_Auth.js
+++ b/dom/browser-element/mochitest/browserElement_Auth.js
@@ -219,46 +219,46 @@ function testAuthJarNoInterfere(e) {
   let ioService = SpecialPowers.Services.io;
   var uri = ioService.newURI(
     "http://test/tests/dom/browser-element/mochitest/file_http_401_response.sjs"
   );
 
   // Set a bunch of auth data that should not conflict with the correct auth data already
   // stored in the cache.
   var attrs = { userContextId: 1 };
-  var principal = secMan.createCodebasePrincipal(uri, attrs);
+  var principal = secMan.createContentPrincipal(uri, attrs);
   authMgr.setAuthIdentity(
     "http",
     "test",
     -1,
     "basic",
     "http_realm",
     "tests/dom/browser-element/mochitest/file_http_401_response.sjs",
     "",
     "httpuser",
     "wrongpass",
     false,
     principal
   );
   attrs = { userContextId: 1, inIsolatedMozBrowser: true };
-  principal = secMan.createCodebasePrincipal(uri, attrs);
+  principal = secMan.createContentPrincipal(uri, attrs);
   authMgr.setAuthIdentity(
     "http",
     "test",
     -1,
     "basic",
     "http_realm",
     "tests/dom/browser-element/mochitest/file_http_401_response.sjs",
     "",
     "httpuser",
     "wrongpass",
     false,
     principal
   );
-  principal = secMan.createCodebasePrincipal(uri, {});
+  principal = secMan.createContentPrincipal(uri, {});
   authMgr.setAuthIdentity(
     "http",
     "test",
     -1,
     "basic",
     "http_realm",
     "tests/dom/browser-element/mochitest/file_http_401_response.sjs",
     "",
@@ -296,17 +296,17 @@ function testAuthJarInterfere(e) {
   ].getService(SpecialPowers.Ci.nsIHttpAuthManager);
   let secMan = SpecialPowers.Services.scriptSecurityManager;
   let ioService = SpecialPowers.Services.io;
   var uri = ioService.newURI(
     "http://test/tests/dom/browser-element/mochitest/file_http_401_response.sjs"
   );
 
   // Set some auth data that should overwrite the successful stored details.
-  var principal = secMan.createCodebasePrincipal(uri, {
+  var principal = secMan.createContentPrincipal(uri, {
     inIsolatedMozBrowser: true,
   });
   authMgr.setAuthIdentity(
     "http",
     "test",
     -1,
     "basic",
     "http_realm",
--- a/dom/html/HTMLIFrameElement.cpp
+++ b/dom/html/HTMLIFrameElement.cpp
@@ -234,17 +234,17 @@ HTMLIFrameElement::GetFeaturePolicyDefau
 
   if (HasAttr(kNameSpaceID_None, nsGkAtoms::srcdoc)) {
     principal = NodePrincipal();
     return principal.forget();
   }
 
   nsCOMPtr<nsIURI> nodeURI;
   if (GetURIAttr(nsGkAtoms::src, nullptr, getter_AddRefs(nodeURI)) && nodeURI) {
-    principal = BasePrincipal::CreateCodebasePrincipal(
+    principal = BasePrincipal::CreateContentPrincipal(
         nodeURI, BasePrincipal::Cast(NodePrincipal())->OriginAttributesRef());
   }
 
   if (!principal) {
     principal = NodePrincipal();
   }
 
   return principal.forget();
--- a/dom/indexedDB/test/bug839193.js
+++ b/dom/indexedDB/test/bug839193.js
@@ -9,17 +9,17 @@ const { Services } = ChromeUtils.import(
 var gURI = Services.io.newURI("http://localhost");
 
 function onUsageCallback(request) {}
 
 function onLoad() {
   var quotaManagerService = Cc[
     "@mozilla.org/dom/quota-manager-service;1"
   ].getService(nsIQuotaManagerService);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     gURI,
     {}
   );
   var quotaRequest = quotaManagerService.getUsageForPrincipal(
     principal,
     onUsageCallback
   );
   quotaRequest.cancel();
--- a/dom/indexedDB/test/head.js
+++ b/dom/indexedDB/test/head.js
@@ -119,39 +119,39 @@ function dispatchEvent(eventName) {
   info("dispatching event: " + eventName);
   let event = document.createEvent("Events");
   event.initEvent(eventName, false, false);
   gBrowser.selectedBrowser.contentWindow.dispatchEvent(event);
 }
 
 function setPermission(url, permission) {
   let uri = Services.io.newURI(url);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Services.perms.addFromPrincipal(
     principal,
     permission,
     Ci.nsIPermissionManager.ALLOW_ACTION
   );
 }
 
 function removePermission(url, permission) {
   let uri = Services.io.newURI(url);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   Services.perms.removeFromPrincipal(principal, permission);
 }
 
 function getPermission(url, permission) {
   let uri = Services.io.newURI(url);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   return Services.perms.testPermissionFromPrincipal(principal, permission);
 }
--- a/dom/indexedDB/test/unit/test_bad_origin_directory.js
+++ b/dom/indexedDB/test/unit/test_bad_origin_directory.js
@@ -6,17 +6,17 @@
 var testGenerator = testSteps();
 
 function* testSteps() {
   const url = "ftp://ftp.example.com";
   const name = "test_bad_origin_directory.js";
 
   let uri = Services.io.newURI(url);
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   info("Opening database");
 
   let request = indexedDB.openForPrincipal(principal, name);
   request.onerror = continueToNextStepSync;
--- a/dom/indexedDB/test/unit/test_idle_maintenance.js
+++ b/dom/indexedDB/test/unit/test_idle_maintenance.js
@@ -3,17 +3,17 @@
  * http://creativecommons.org/publicdomain/zero/1.0/
  */
 /* eslint-disable mozilla/no-arbitrary-setTimeout */
 
 var testGenerator = testSteps();
 
 function* testSteps() {
   let uri = Services.io.newURI("https://www.example.com");
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   info("Setting permissions");
 
   Services.perms.add(uri, "indexedDB", Ci.nsIPermissionManager.ALLOW_ACTION);
 
--- a/dom/indexedDB/test/unit/test_metadata2Restore.js
+++ b/dom/indexedDB/test/unit/test_metadata2Restore.js
@@ -293,17 +293,17 @@ function* testSteps() {
       dbOptions: { version: 1, storage: "default" },
     },
   ];
 
   function openDatabase(params) {
     let request;
     if ("url" in params) {
       let uri = Services.io.newURI(params.url);
-      let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let principal = Services.scriptSecurityManager.createContentPrincipal(
         uri,
         params.attrs || {}
       );
       request = indexedDB.openForPrincipal(
         principal,
         params.dbName,
         params.dbOptions
       );
--- a/dom/indexedDB/test/unit/test_metadataRestore.js
+++ b/dom/indexedDB/test/unit/test_metadataRestore.js
@@ -92,17 +92,17 @@ function* testSteps() {
       dbOptions: { version: 1, storage: "default" },
     },
   ];
 
   function openDatabase(params) {
     let request;
     if ("url" in params) {
       let uri = Services.io.newURI(params.url);
-      let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let principal = Services.scriptSecurityManager.createContentPrincipal(
         uri,
         {}
       );
       request = indexedDB.openForPrincipal(
         principal,
         params.dbName,
         params.dbOptions
       );
--- a/dom/indexedDB/test/unit/test_oldDirectories.js
+++ b/dom/indexedDB/test/unit/test_oldDirectories.js
@@ -8,17 +8,17 @@ var testGenerator = testSteps();
 function* testSteps() {
   // This lives in storage/default/http+++www.mozilla.org
   const url = "http://www.mozilla.org";
   const dbName = "dbC";
   const dbVersion = 1;
 
   function openDatabase() {
     let uri = Services.io.newURI(url);
-    let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       {}
     );
     let request = indexedDB.openForPrincipal(principal, dbName, dbVersion);
     return request;
   }
 
   clearAllDatabases(continueToNextStepSync);
--- a/dom/indexedDB/test/unit/test_open_for_principal.js
+++ b/dom/indexedDB/test/unit/test_open_for_principal.js
@@ -41,17 +41,17 @@ function* testSteps() {
 
   request = objectStore.add(data.value, data.key);
   request.onsuccess = grabEventAndContinueHandler;
   event = yield undefined;
 
   is(event.target.result, data.key, "Got correct key");
 
   let uri = Services.io.newURI("http://appdata.example.com");
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   request = indexedDB.openForPrincipal(principal, name, 1);
   request.onerror = errorHandler;
   request.onupgradeneeded = grabEventAndContinueHandler;
   request.onsuccess = grabEventAndContinueHandler;
--- a/dom/indexedDB/test/unit/xpcshell-head-parent-process.js
+++ b/dom/indexedDB/test/unit/xpcshell-head-parent-process.js
@@ -514,17 +514,17 @@ function setDataThreshold(threshold) {
 
 function setMaxSerializedMsgSize(aSize) {
   info("Setting maximal size of a serialized message to " + aSize);
   SpecialPowers.setIntPref("dom.indexedDB.maxSerializedMsgSize", aSize);
 }
 
 function getPrincipal(url) {
   let uri = Services.io.newURI(url);
-  return Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
+  return Services.scriptSecurityManager.createContentPrincipal(uri, {});
 }
 
 function expectingSuccess(request) {
   return new Promise(function(resolve, reject) {
     request.onerror = function(event) {
       ok(false, "indexedDB error, '" + event.target.error.name + "'");
       reject(event);
     };
--- a/dom/interfaces/storage/nsIStorageActivityService.idl
+++ b/dom/interfaces/storage/nsIStorageActivityService.idl
@@ -19,17 +19,17 @@ interface nsIPrincipal;
  * 'writing' operations executed by origins.
  */
 [scriptable, builtinclass, uuid(fd1310ba-d1be-4327-988e-92b39fcff6f4)]
 interface nsIStorageActivityService : nsISupports
 {
   // This returns an array of nsIPrincipals, active between |from| and |to|
   // timestamps. Note activities older than 1 day are forgotten.
   // Activity details are not persisted, so this only covers activity since
-  // Firefox was started.  All codebase principals are logged, which includes
+  // Firefox was started.  All content principals are logged, which includes
   // non-system principals like "moz-extension://ID", "moz-safe-about:home",
   // "about:newtab", so principals may need to be filtered before being used.
   nsIArray getActiveOrigins(in PRTime from, in PRTime to);
 
   // NOTE: This method is meant to be used for testing only.
   // The activity of |origin| is moved to the specified timestamp |when|.
   void moveOriginInTime(in nsIPrincipal origin, in PRTime when);
 
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@@ -2655,17 +2655,17 @@ mozilla::ipc::IPCResult ContentChild::Re
   bool success = attrs.PopulateFromOrigin(permission.origin, originNoSuffix);
   NS_ENSURE_TRUE(success, IPC_FAIL_NO_REASON(this));
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, IPC_OK());
 
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(uri, attrs);
 
   // child processes don't care about modification time.
   int64_t modificationTime = 0;
 
   permissionManager->AddInternal(
       principal, nsCString(permission.type), permission.capability, 0,
       permission.expireType, permission.expireTime, modificationTime,
       nsPermissionManager::eNotify, nsPermissionManager::eNoDBOperation);
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -5405,17 +5405,17 @@ nsresult ContentParent::AboutToLoadHttpF
   if (newLoadFlags & nsIRequest::LOAD_DOCUMENT_NEEDS_COOKIE) {
     UpdateCookieStatus(aChannel);
   }
 
   if (!NextGenLocalStorageEnabled()) {
     return NS_OK;
   }
 
-  if (principal->GetIsCodebasePrincipal()) {
+  if (principal->GetIsContentPrincipal()) {
     nsCOMPtr<nsILocalStorageManager> lsm =
         do_GetService("@mozilla.org/dom/localStorage-manager;1");
     if (NS_WARN_IF(!lsm)) {
       return NS_ERROR_FAILURE;
     }
 
     nsCOMPtr<nsIPrincipal> storagePrincipal;
     rv = ssm->GetChannelResultStoragePrincipal(
--- a/dom/localstorage/test/gtest/TestLocalStorage.cpp
+++ b/dom/localstorage/test/gtest/TestLocalStorage.cpp
@@ -22,27 +22,27 @@ using namespace mozilla::ipc;
 
 namespace {
 
 struct OriginKeyTest {
   const char* mSpec;
   const char* mOriginKey;
 };
 
-already_AddRefed<nsIPrincipal> GetCodebasePrincipal(const char* aSpec) {
+already_AddRefed<nsIPrincipal> GetContentPrincipal(const char* aSpec) {
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), nsDependentCString(aSpec));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
   OriginAttributes attrs;
 
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      BasePrincipal::CreateContentPrincipal(uri, attrs);
 
   return principal.forget();
 }
 
 void CheckGeneratedOriginKey(nsIPrincipal* aPrincipal, const char* aOriginKey) {
   nsCString originAttrSuffix;
   nsCString originKey;
   nsresult rv = GenerateOriginKey(aPrincipal, originAttrSuffix, originKey);
@@ -104,15 +104,15 @@ TEST(LocalStorage, OriginKey)
       {"file:///Users/Joe/Sites?foo", "/eoJ/sresU/.:file"},
       {"moz-extension://53711a8f-65ed-e742-9671-1f02e267c0bc/"
        "_generated_background_page.html",
        "cb0c762e20f1-1769-247e-de56-f8a11735.:moz-extension"},
       {"http://[::1]:8/test.html", "1::.:http:8"},
   };
 
   for (const auto& test : tests) {
-    principal = GetCodebasePrincipal(test.mSpec);
+    principal = GetContentPrincipal(test.mSpec);
     ASSERT_TRUE(principal)
-    << "GetCodebasePrincipal() should not fail";
+    << "GetContentPrincipal() should not fail";
 
     CheckGeneratedOriginKey(principal, test.mOriginKey);
   }
 }
--- a/dom/localstorage/test/unit/head.js
+++ b/dom/localstorage/test/unit/head.js
@@ -256,17 +256,17 @@ function repeatChar(count, ch) {
   return result + result.substring(0, count - result.length);
 }
 
 function getPrincipal(url, attrs) {
   let uri = Services.io.newURI(url);
   if (!attrs) {
     attrs = {};
   }
-  return Services.scriptSecurityManager.createCodebasePrincipal(uri, attrs);
+  return Services.scriptSecurityManager.createContentPrincipal(uri, attrs);
 }
 
 function getCurrentPrincipal() {
   return Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
 }
 
 function getDefaultPrincipal() {
   return getPrincipal("http://example.com");
--- a/dom/media/DOMMediaStream.cpp
+++ b/dom/media/DOMMediaStream.cpp
@@ -727,17 +727,17 @@ void DOMMediaStream::NotifyPrincipalChan
   if (!mPrincipal) {
     // When all tracks are removed, mPrincipal will change to nullptr.
     LOG(LogLevel::Info,
         ("DOMMediaStream %p Principal changed to nothing.", this));
   } else {
     LOG(LogLevel::Info, ("DOMMediaStream %p Principal changed. Now: "
                          "null=%d, codebase=%d, expanded=%d, system=%d",
                          this, mPrincipal->GetIsNullPrincipal(),
-                         mPrincipal->GetIsCodebasePrincipal(),
+                         mPrincipal->GetIsContentPrincipal(),
                          mPrincipal->GetIsExpandedPrincipal(),
                          mPrincipal->IsSystemPrincipal()));
   }
 
   for (uint32_t i = 0; i < mPrincipalChangeObservers.Length(); ++i) {
     mPrincipalChangeObservers[i]->PrincipalChanged(this);
   }
 }
--- a/dom/media/MediaStreamTrack.cpp
+++ b/dom/media/MediaStreamTrack.cpp
@@ -397,17 +397,17 @@ void MediaStreamTrack::SetPrincipal(nsIP
     return;
   }
   mPrincipal = aPrincipal;
 
   LOG(LogLevel::Info,
       ("MediaStreamTrack %p principal changed to %p. Now: "
        "null=%d, codebase=%d, expanded=%d, system=%d",
        this, mPrincipal.get(), mPrincipal->GetIsNullPrincipal(),
-       mPrincipal->GetIsCodebasePrincipal(),
+       mPrincipal->GetIsContentPrincipal(),
        mPrincipal->GetIsExpandedPrincipal(), mPrincipal->IsSystemPrincipal()));
   for (PrincipalChangeObserver<MediaStreamTrack>* observer :
        mPrincipalChangeObservers) {
     observer->PrincipalChanged(this);
   }
 }
 
 void MediaStreamTrack::PrincipalChanged() {
--- a/dom/notification/test/mochitest/test_notification_insecure_context.html
+++ b/dom/notification/test/mochitest/test_notification_insecure_context.html
@@ -15,17 +15,17 @@ https://bugzilla.mozilla.org/show_bug.cg
   </div>
   <pre id="test">
   <script class="testbody" type="text/javascript">
   SimpleTest.waitForExplicitFinish();
 
   // Add an allow permission for the mochitest origin to test this.
   let script = SpecialPowers.loadChromeScript(function() {
     let {Services} = ChromeUtils.import("resource://gre/modules/Services.jsm");
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin("http://mochi.test:8888");
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin("http://mochi.test:8888");
     Services.perms.addFromPrincipal(principal, "desktop-notification", Services.perms.ALLOW_ACTION);
     /* global addMessageListener */
     addMessageListener("destroy", function() {
       Services.perms.removeFromPrincipal(principal, "desktop-notification");
     });
   });
 
   (async function runTest() {
--- a/dom/plugins/base/nsPluginInstanceOwner.cpp
+++ b/dom/plugins/base/nsPluginInstanceOwner.cpp
@@ -425,25 +425,25 @@ NS_IMETHODIMP nsPluginInstanceOwner::Get
   }
 
   int32_t blockPopups =
       Preferences::GetInt("privacy.popups.disable_from_plugins");
   AutoPopupStatePusher popupStatePusher(
       (PopupBlocker::PopupControlState)blockPopups);
 
   // if security checks (in particular CheckLoadURIWithPrincipal) needs
-  // to be skipped we are creating a codebasePrincipal to make sure
+  // to be skipped we are creating a contentPrincipal to make sure
   // that security check succeeds. Please note that we do not want to
   // fall back to using the systemPrincipal, because that would also
   // bypass ContentPolicy checks which should still be enforced.
   nsCOMPtr<nsIPrincipal> triggeringPrincipal;
   if (!aDoCheckLoadURIChecks) {
     mozilla::OriginAttributes attrs =
         BasePrincipal::Cast(content->NodePrincipal())->OriginAttributesRef();
-    triggeringPrincipal = BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+    triggeringPrincipal = BasePrincipal::CreateContentPrincipal(uri, attrs);
   } else {
     triggeringPrincipal =
         NullPrincipal::CreateWithInheritedAttributes(content->NodePrincipal());
   }
 
   nsCOMPtr<nsIContentSecurityPolicy> csp = content->GetCsp();
 
   rv = lh->OnLinkClick(content, uri, unitarget, VoidString(), aPostStream,
--- a/dom/presentation/PresentationRequest.cpp
+++ b/dom/presentation/PresentationRequest.cpp
@@ -499,17 +499,17 @@ bool PresentationRequest::IsPrioriAuthen
 
   if (uriSpec.EqualsLiteral("about:blank") ||
       uriSpec.EqualsLiteral("about:srcdoc")) {
     return true;
   }
 
   OriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      BasePrincipal::CreateContentPrincipal(uri, attrs);
   if (NS_WARN_IF(!principal)) {
     return false;
   }
 
   nsCOMPtr<nsIContentSecurityManager> csm =
       do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
   if (NS_WARN_IF(!csm)) {
     return false;
--- a/dom/push/PushRecord.jsm
+++ b/dom/push/PushRecord.jsm
@@ -301,17 +301,17 @@ Object.defineProperties(PushRecord.proto
       if (this.systemRecord) {
         return Services.scriptSecurityManager.getSystemPrincipal();
       }
       let principal = principals.get(this);
       if (!principal) {
         let uri = Services.io.newURI(this.scope);
         // Allow tests to omit origin attributes.
         let originSuffix = this.originAttributes || "";
-        principal = Services.scriptSecurityManager.createCodebasePrincipal(
+        principal = Services.scriptSecurityManager.createContentPrincipal(
           uri,
           ChromeUtils.createOriginAttributesFromOrigin(originSuffix)
         );
         principals.set(this, principal);
       }
       return principal;
     },
     configurable: true,
--- a/dom/push/test/xpcshell/test_permissions.js
+++ b/dom/push/test/xpcshell/test_permissions.js
@@ -30,17 +30,17 @@ function promiseUnregister(keyID) {
 }
 
 function makePushPermission(url, capability) {
   return {
     QueryInterface: ChromeUtils.generateQI([Ci.nsIPermission]),
     capability: Ci.nsIPermissionManager[capability],
     expireTime: 0,
     expireType: Ci.nsIPermissionManager.EXPIRE_NEVER,
-    principal: Services.scriptSecurityManager.createCodebasePrincipal(
+    principal: Services.scriptSecurityManager.createContentPrincipal(
       Services.io.newURI(url),
       {}
     ),
     type: "desktop-notification",
   };
 }
 
 function promiseObserverNotifications(topic, count) {
--- a/dom/push/test/xpcshell/test_quota_observer.js
+++ b/dom/push/test/xpcshell/test_quota_observer.js
@@ -186,17 +186,17 @@ add_task(async function test_expiration_
     visitDate: Date.now() * 1000,
     transition: Ci.nsINavHistoryService.TRANSITION_LINK,
   });
   subChangePromise = promiseObserverNotification(
     PushServiceComponent.subscriptionChangeTopic,
     (subject, data) => {
       if (data == "https://example.net/sales") {
         ok(
-          subject.isCodebasePrincipal,
+          subject.isContentPrincipal,
           "Should pass subscription principal as the subject"
         );
         return true;
       }
       return false;
     }
   );
   let record = await PushService.registration({
--- a/dom/push/test/xpcshell/test_service_child.js
+++ b/dom/push/test/xpcshell/test_service_child.js
@@ -280,17 +280,17 @@ add_test(function test_unsubscribe_error
       do_test_finished();
       run_next_test();
     }
   );
 });
 
 add_test(function test_subscribe_origin_principal() {
   let scope = "https://example.net/origin-principal";
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     scope
   );
 
   do_test_pending();
   PushServiceComponent.subscribe(scope, principal, (result, subscription) => {
     ok(
       Components.isSuccessCode(result),
       "Expected error creating subscription with origin principal"
--- a/dom/quota/ActorsParent.cpp
+++ b/dom/quota/ActorsParent.cpp
@@ -8768,17 +8768,17 @@ bool PrincipalVerifier::IsPrincipalInfoV
 
       nsCOMPtr<nsIURI> uri;
       nsresult rv = NS_NewURI(getter_AddRefs(uri), info.spec());
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return false;
       }
 
       nsCOMPtr<nsIPrincipal> principal =
-          BasePrincipal::CreateCodebasePrincipal(uri, info.attrs());
+          BasePrincipal::CreateContentPrincipal(uri, info.attrs());
       if (NS_WARN_IF(!principal)) {
         return false;
       }
 
       nsCString originNoSuffix;
       rv = principal->GetOriginNoSuffix(originNoSuffix);
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return false;
--- a/dom/quota/test/head.js
+++ b/dom/quota/test/head.js
@@ -137,31 +137,31 @@ function waitForMessage(aMessage, browse
 
 function removePermission(url, permission) {
   let uri = Cc["@mozilla.org/network/io-service;1"]
     .getService(Ci.nsIIOService)
     .newURI(url);
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
-  let principal = ssm.createCodebasePrincipal(uri, {});
+  let principal = ssm.createContentPrincipal(uri, {});
 
   Cc["@mozilla.org/permissionmanager;1"]
     .getService(Ci.nsIPermissionManager)
     .removeFromPrincipal(principal, permission);
 }
 
 function getPermission(url, permission) {
   let uri = Cc["@mozilla.org/network/io-service;1"]
     .getService(Ci.nsIIOService)
     .newURI(url);
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
-  let principal = ssm.createCodebasePrincipal(uri, {});
+  let principal = ssm.createContentPrincipal(uri, {});
 
   return Cc["@mozilla.org/permissionmanager;1"]
     .getService(Ci.nsIPermissionManager)
     .testPermissionFromPrincipal(principal, permission);
 }
 
 function getCurrentPrincipal() {
   return Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
--- a/dom/quota/test/unit/head.js
+++ b/dom/quota/test/unit/head.js
@@ -322,17 +322,17 @@ function getCurrentUsage(usageHandler) {
 
 function getPrincipal(url) {
   let uri = Cc["@mozilla.org/network/io-service;1"]
     .getService(Ci.nsIIOService)
     .newURI(url);
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
-  return ssm.createCodebasePrincipal(uri, {});
+  return ssm.createContentPrincipal(uri, {});
 }
 
 function getCurrentPrincipal() {
   return Cc["@mozilla.org/systemprincipal;1"].createInstance(Ci.nsIPrincipal);
 }
 
 function getSimpleDatabase(principal) {
   let connection = Cc["@mozilla.org/dom/sdb-connection;1"].createInstance(
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -340,19 +340,19 @@ nsresult ScriptLoader::CheckContentPolic
     return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
   }
 
   return NS_OK;
 }
 
 /* static */
 bool ScriptLoader::IsAboutPageLoadingChromeURI(ScriptLoadRequest* aRequest) {
-  // if we are not dealing with a codebasePrincipal it can not be a
+  // if we are not dealing with a contentPrincipal it can not be a
   // Principal with a scheme of about: and there is nothing left to do
-  if (!aRequest->TriggeringPrincipal()->GetIsCodebasePrincipal()) {
+  if (!aRequest->TriggeringPrincipal()->GetIsContentPrincipal()) {
     return false;
   }
 
   // if the triggering uri is not of scheme about:, there is nothing to do
   nsCOMPtr<nsIURI> triggeringURI;
   nsresult rv =
       aRequest->TriggeringPrincipal()->GetURI(getter_AddRefs(triggeringURI));
   NS_ENSURE_SUCCESS(rv, false);
--- a/dom/script/ScriptLoader.h
+++ b/dom/script/ScriptLoader.h
@@ -416,17 +416,17 @@ class ScriptLoader final : public nsISup
    */
   static nsresult CheckContentPolicy(Document* aDocument, nsISupports* aContext,
                                      const nsAString& aType,
                                      ScriptLoadRequest* aRequest);
 
   /**
    * Helper function to determine whether an about: page loads a chrome: URI.
    * Please note that this function only returns true if:
-   *   * the about: page uses a CodeBasePrincipal with scheme about:
+   *   * the about: page uses a ContentPrincipal with scheme about:
    *   * the about: page is not linkable from content
    *     (e.g. the function will return false for about:blank or about:srcdoc)
    */
   static bool IsAboutPageLoadingChromeURI(ScriptLoadRequest* aRequest);
 
   /**
    * Start a load for aRequest's URI.
    */
--- a/dom/security/featurepolicy/FeaturePolicy.cpp
+++ b/dom/security/featurepolicy/FeaturePolicy.cpp
@@ -97,17 +97,17 @@ bool FeaturePolicy::AllowsFeature(const 
                                   const Optional<nsAString>& aOrigin) const {
   nsCOMPtr<nsIPrincipal> origin;
   if (aOrigin.WasPassed()) {
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_NewURI(getter_AddRefs(uri), aOrigin.Value());
     if (NS_FAILED(rv)) {
       return false;
     }
-    origin = BasePrincipal::CreateCodebasePrincipal(
+    origin = BasePrincipal::CreateContentPrincipal(
         uri, BasePrincipal::Cast(mDefaultOrigin)->OriginAttributesRef());
   } else {
     origin = mDefaultOrigin;
   }
 
   if (NS_WARN_IF(!origin)) {
     return false;
   }
--- a/dom/security/featurepolicy/FeaturePolicyParser.cpp
+++ b/dom/security/featurepolicy/FeaturePolicyParser.cpp
@@ -108,17 +108,17 @@ bool FeaturePolicyParser::ParseString(co
 
         nsCOMPtr<nsIURI> uri;
         nsresult rv = NS_NewURI(getter_AddRefs(uri), curVal);
         if (NS_FAILED(rv)) {
           ReportToConsoleInvalidAllowValue(aDocument, curVal);
           continue;
         }
 
-        nsCOMPtr<nsIPrincipal> origin = BasePrincipal::CreateCodebasePrincipal(
+        nsCOMPtr<nsIPrincipal> origin = BasePrincipal::CreateContentPrincipal(
             uri, BasePrincipal::Cast(aSelfOrigin)->OriginAttributesRef());
         if (NS_WARN_IF(!origin)) {
           ReportToConsoleInvalidAllowValue(aDocument, curVal);
           continue;
         }
 
         feature.AppendToAllowList(origin);
       }
--- a/dom/security/featurepolicy/test/gtest/TestFeaturePolicyParser.cpp
+++ b/dom/security/featurepolicy/test/gtest/TestFeaturePolicyParser.cpp
@@ -17,34 +17,34 @@ using namespace mozilla::dom;
 #define URL_SELF NS_LITERAL_CSTRING("https://example.com")
 #define URL_EXAMPLE_COM NS_LITERAL_CSTRING("http://example.com")
 #define URL_EXAMPLE_NET NS_LITERAL_CSTRING("http://example.net")
 
 void CheckParser(const nsAString& aInput, bool aExpectedResults,
                  uint32_t aExpectedFeatures,
                  nsTArray<Feature>& aParsedFeatures) {
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(URL_SELF);
+      mozilla::BasePrincipal::CreateContentPrincipal(URL_SELF);
   nsTArray<Feature> parsedFeatures;
   ASSERT_TRUE(FeaturePolicyParser::ParseString(aInput, nullptr, principal,
                                                principal, parsedFeatures) ==
               aExpectedResults);
   ASSERT_TRUE(parsedFeatures.Length() == aExpectedFeatures);
 
   parsedFeatures.SwapElements(aParsedFeatures);
 }
 
 TEST(FeaturePolicyParser, Basic)
 {
   nsCOMPtr<nsIPrincipal> selfPrincipal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(URL_SELF);
+      mozilla::BasePrincipal::CreateContentPrincipal(URL_SELF);
   nsCOMPtr<nsIPrincipal> exampleComPrincipal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(URL_EXAMPLE_COM);
+      mozilla::BasePrincipal::CreateContentPrincipal(URL_EXAMPLE_COM);
   nsCOMPtr<nsIPrincipal> exampleNetPrincipal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(URL_EXAMPLE_NET);
+      mozilla::BasePrincipal::CreateContentPrincipal(URL_EXAMPLE_NET);
 
   nsTArray<Feature> parsedFeatures;
 
   // Empty string is a valid policy.
   CheckParser(EmptyString(), true, 0, parsedFeatures);
 
   // Empty string with spaces is still valid.
   CheckParser(NS_LITERAL_STRING("   "), true, 0, parsedFeatures);
--- a/dom/security/fuzztest/csp_fuzzer.cpp
+++ b/dom/security/fuzztest/csp_fuzzer.cpp
@@ -12,17 +12,17 @@
 static int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   nsresult ret;
   nsCOMPtr<nsIURI> selfURI;
   ret = NS_NewURI(getter_AddRefs(selfURI), "http://selfuri.com");
   if (ret != NS_OK) return 0;
 
   mozilla::OriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> selfURIPrincipal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(selfURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs);
   if (!selfURIPrincipal) return 0;
 
   nsCOMPtr<nsIContentSecurityPolicy> csp =
       do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &ret);
   if (ret != NS_OK) return 0;
 
   ret = csp->SetRequestContextWithPrincipal(selfURIPrincipal, selfURI,
                                             EmptyString(), 0);
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -34,22 +34,22 @@ NS_IMPL_ISUPPORTS(nsContentSecurityManag
 
 static mozilla::LazyLogModule sCSMLog("CSMLog");
 
 /* static */
 bool nsContentSecurityManager::AllowTopLevelNavigationToDataURI(
     nsIChannel* aChannel) {
   // Let's block all toplevel document navigations to a data: URI.
   // In all cases where the toplevel document is navigated to a
-  // data: URI the triggeringPrincipal is a codeBasePrincipal, or
+  // data: URI the triggeringPrincipal is a contentPrincipal, or
   // a NullPrincipal. In other cases, e.g. typing a data: URL into
   // the URL-Bar, the triggeringPrincipal is a SystemPrincipal;
   // we don't want to block those loads. Only exception, loads coming
   // from an external applicaton (e.g. Thunderbird) don't load
-  // using a codeBasePrincipal, but we want to block those loads.
+  // using a contentPrincipal, but we want to block those loads.
   if (!mozilla::net::nsIOService::BlockToplevelDataUriNavigations()) {
     return true;
   }
   nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
   if (loadInfo->GetExternalContentPolicyType() !=
       nsIContentPolicy::TYPE_DOCUMENT) {
     return true;
   }
@@ -1108,17 +1108,17 @@ nsContentSecurityManager::IsOriginPotent
     *aIsTrustWorthy = true;
     return NS_OK;
   }
   *aIsTrustWorthy = false;
   if (aPrincipal->GetIsNullPrincipal()) {
     return NS_OK;
   }
 
-  MOZ_ASSERT(aPrincipal->GetIsCodebasePrincipal(),
+  MOZ_ASSERT(aPrincipal->GetIsContentPrincipal(),
              "Nobody is expected to call us with an nsIExpandedPrincipal");
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri));
   NS_ENSURE_SUCCESS(rv, rv);
   *aIsTrustWorthy = nsMixedContentBlocker::IsPotentiallyTrustworthyOrigin(uri);
 
   return NS_OK;
--- a/dom/security/nsMixedContentBlocker.cpp
+++ b/dom/security/nsMixedContentBlocker.cpp
@@ -410,17 +410,17 @@ bool nsMixedContentBlocker::IsPotentiall
 
   nsAutoCString scheme;
   nsresult rv = aURI->GetScheme(scheme);
   if (NS_FAILED(rv)) {
     return false;
   }
 
   // Blobs are expected to inherit their principal so we don't expect to have
-  // a codebase principal with scheme 'blob' here.  We can't assert that though
+  // a content principal with scheme 'blob' here.  We can't assert that though
   // since someone could mess with a non-blob URI to give it that scheme.
   NS_WARNING_ASSERTION(!scheme.EqualsLiteral("blob"),
                        "IsOriginPotentiallyTrustworthy ignoring blob scheme");
 
   // According to the specification, the user agent may choose to extend the
   // trust to other, vendor-specific URL schemes. We use this for "resource:",
   // which is technically a substituting protocol handler that is not limited to
   // local resource mapping, but in practice is never mapped remotely as this
--- a/dom/security/test/general/test_bug1277803.xul
+++ b/dom/security/test/general/test_bug1277803.xul
@@ -19,17 +19,17 @@
 
     const BASE_URI = "http://mochi.test:8888/chrome/dom/security/test/general/";
     const FAVICON_URI = BASE_URI + "favicon_bug1277803.ico";
     const LOADING_URI = BASE_URI + "bug1277803.html";
     let testWindow; //will be used to trigger favicon load
 
     let securityManager = Cc["@mozilla.org/scriptsecuritymanager;1"].
                           getService(Ci.nsIScriptSecurityManager);
-    let expectedPrincipal = securityManager.createCodebasePrincipal(makeURI(LOADING_URI), {});
+    let expectedPrincipal = securityManager.createContentPrincipal(makeURI(LOADING_URI), {});
     let systemPrincipal = Cc["@mozilla.org/systemprincipal;1"].createInstance();
 
     function runTest() {
       // Register our observer to intercept favicon requests.
       let os = Cc["@mozilla.org/observer-service;1"].
                getService(Ci.nsIObserverService);
       let observer = {
         observe: function(aSubject, aTopic, aData)
--- a/dom/security/test/gtest/TestCSPParser.cpp
+++ b/dom/security/test/gtest/TestCSPParser.cpp
@@ -75,17 +75,17 @@ nsresult runTest(
   // we init the csp with http://www.selfuri.com
   nsCOMPtr<nsIURI> selfURI;
   rv = NS_NewURI(getter_AddRefs(selfURI), "http://www.selfuri.com");
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIPrincipal> selfURIPrincipal;
   mozilla::OriginAttributes attrs;
   selfURIPrincipal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(selfURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(selfURI, attrs);
   NS_ENSURE_TRUE(selfURIPrincipal, NS_ERROR_FAILURE);
 
   // create a CSP object
   nsCOMPtr<nsIContentSecurityPolicy> csp =
       do_CreateInstance(NS_CSPCONTEXT_CONTRACTID, &rv);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // for testing the parser we only need to set a principal which is needed
--- a/dom/security/test/gtest/TestSecureContext.cpp
+++ b/dom/security/test/gtest/TestSecureContext.cpp
@@ -21,17 +21,17 @@ static const uint32_t kURIMaxLength = 64
 
 struct TestExpectations {
   char uri[kURIMaxLength];
   bool expectedResult;
 };
 
 // ============================= TestDirectives ========================
 
-TEST(SecureContext, IsOriginPotentiallyTrustworthyWithCodeBasePrincipal)
+TEST(SecureContext, IsOriginPotentiallyTrustworthyWithContentPrincipal)
 {
   // boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
 
   static const TestExpectations uris[] = {
       {"http://example.com/", false},
       {"https://example.com/", true},
       {"ws://example.com/", false},
       {"wss://example.com/", true},
@@ -55,17 +55,17 @@ TEST(SecureContext, IsOriginPotentiallyT
       do_GetService(NS_CONTENTSECURITYMANAGER_CONTRACTID);
   ASSERT_TRUE(!!csManager);
 
   nsresult rv;
   for (uint32_t i = 0; i < numExpectations; i++) {
     nsCOMPtr<nsIPrincipal> prin;
     nsAutoCString uri(uris[i].uri);
     rv = nsScriptSecurityManager::GetScriptSecurityManager()
-             ->CreateCodebasePrincipalFromOrigin(uri, getter_AddRefs(prin));
+             ->CreateContentPrincipalFromOrigin(uri, getter_AddRefs(prin));
     bool isPotentiallyTrustworthy = false;
     rv = csManager->IsOriginPotentiallyTrustworthy(prin,
                                                    &isPotentiallyTrustworthy);
     ASSERT_EQ(NS_OK, rv);
     ASSERT_EQ(isPotentiallyTrustworthy, uris[i].expectedResult);
   }
 }
 
--- a/dom/security/test/unit/test_csp_reports.js
+++ b/dom/security/test/unit/test_csp_reports.js
@@ -88,17 +88,17 @@ function makeTest(id, expectedJSON, useR
     "/test" +
     id;
   var selfuri = NetUtil.newURI(
     REPORT_SERVER_URI + ":" + REPORT_SERVER_PORT + "/foo/self"
   );
 
   dump("Created test " + id + " : " + policy + "\n\n");
 
-  principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  principal = Services.scriptSecurityManager.createContentPrincipal(
     selfuri,
     {}
   );
   csp.setRequestContextWithPrincipal(principal, selfuri, "", 0);
 
   // Load up the policy
   // set as report-only if that's the case
   csp.appendPolicy(policy, useReportOnlyPolicy, false);
--- a/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
+++ b/dom/security/test/unit/test_isOriginPotentiallyTrustworthy.js
@@ -43,24 +43,24 @@ add_task(async function test_isOriginPot
     ["wss://example.com/", true],
     ["about:config", false],
     ["http://example.net/", true],
     ["ws://example.org/", true],
     ["chrome://example.net/content/messenger.xul", false],
     ["http://1234567890abcdef.onion/", false],
   ]) {
     let uri = NetUtil.newURI(uriSpec);
-    let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
+    let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
     Assert.equal(
       gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
       expectedResult
     );
   }
   // And now let's test whether .onion sites are properly treated when
   // whitelisted, see bug 1382359.
   Services.prefs.setBoolPref("dom.securecontext.whitelist_onions", true);
   let uri = NetUtil.newURI("http://1234567890abcdef.onion/");
-  let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
+  let principal = gScriptSecurityManager.createContentPrincipal(uri, {});
   Assert.equal(
     gContentSecurityManager.isOriginPotentiallyTrustworthy(principal),
     true
   );
 });
--- a/dom/serviceworkers/ServiceWorkerInterceptController.cpp
+++ b/dom/serviceworkers/ServiceWorkerInterceptController.cpp
@@ -31,17 +31,17 @@ ServiceWorkerInterceptController::Should
   // window.
   if (!nsContentUtils::IsNonSubresourceRequest(aChannel)) {
     const Maybe<ServiceWorkerDescriptor>& controller =
         loadInfo->GetController();
     *aShouldIntercept = controller.isSome();
     return NS_OK;
   }
 
-  nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateCodebasePrincipal(
+  nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal(
       aURI, loadInfo->GetOriginAttributes());
 
   // First check with the ServiceWorkerManager for a matching service worker.
   RefPtr<ServiceWorkerManager> swm = ServiceWorkerManager::GetInstance();
   if (!swm || !swm->IsAvailable(principal, aURI)) {
     return NS_OK;
   }
 
--- a/dom/serviceworkers/ServiceWorkerManager.cpp
+++ b/dom/serviceworkers/ServiceWorkerManager.cpp
@@ -198,17 +198,17 @@ namespace {
 
 nsresult PopulateRegistrationData(
     nsIPrincipal* aPrincipal,
     const ServiceWorkerRegistrationInfo* aRegistration,
     ServiceWorkerRegistrationData& aData) {
   MOZ_ASSERT(aPrincipal);
   MOZ_ASSERT(aRegistration);
 
-  if (NS_WARN_IF(!BasePrincipal::Cast(aPrincipal)->IsCodebasePrincipal())) {
+  if (NS_WARN_IF(!BasePrincipal::Cast(aPrincipal)->IsContentPrincipal())) {
     return NS_ERROR_FAILURE;
   }
 
   nsresult rv = PrincipalToPrincipalInfo(aPrincipal, &aData.principal());
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
@@ -819,17 +819,17 @@ class GetRegistrationsRunnable final : p
 
     nsCOMPtr<nsIPrincipal> principal = mClientInfo.GetPrincipal();
     if (!principal) {
       return NS_OK;
     }
 
     nsTArray<ServiceWorkerRegistrationDescriptor> array;
 
-    if (NS_WARN_IF(!BasePrincipal::Cast(principal)->IsCodebasePrincipal())) {
+    if (NS_WARN_IF(!BasePrincipal::Cast(principal)->IsContentPrincipal())) {
       return NS_OK;
     }
 
     nsAutoCString scopeKey;
     nsresult rv = swm->PrincipalToScopeKey(principal, scopeKey);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return rv;
     }
@@ -1151,17 +1151,17 @@ ServiceWorkerInfo* ServiceWorkerManager:
   MOZ_ASSERT(NS_IsMainThread());
 
   nsCOMPtr<nsIURI> scopeURI;
   nsresult rv = NS_NewURI(getter_AddRefs(scopeURI), aScope, nullptr, nullptr);
   if (NS_FAILED(rv)) {
     return nullptr;
   }
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(scopeURI, aOriginAttributes);
+      BasePrincipal::CreateContentPrincipal(scopeURI, aOriginAttributes);
   RefPtr<ServiceWorkerRegistrationInfo> registration =
       GetServiceWorkerRegistrationInfo(principal, scopeURI);
   if (!registration) {
     return nullptr;
   }
 
   return registration->GetActive();
 }
@@ -1559,17 +1559,17 @@ ServiceWorkerManager::GetServiceWorkerRe
   return registration.forget();
 }
 
 /* static */
 nsresult ServiceWorkerManager::PrincipalToScopeKey(nsIPrincipal* aPrincipal,
                                                    nsACString& aKey) {
   MOZ_ASSERT(aPrincipal);
 
-  if (!BasePrincipal::Cast(aPrincipal)->IsCodebasePrincipal()) {
+  if (!BasePrincipal::Cast(aPrincipal)->IsContentPrincipal()) {
     return NS_ERROR_FAILURE;
   }
 
   nsresult rv = aPrincipal->GetOrigin(aKey);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
@@ -1970,17 +1970,17 @@ void ServiceWorkerManager::DispatchFetch
   } else {
     nsCOMPtr<nsIURI> uri;
     aRv = aChannel->GetSecureUpgradedChannelURI(getter_AddRefs(uri));
     if (NS_WARN_IF(aRv.Failed())) {
       return;
     }
 
     // non-subresource request means the URI contains the principal
-    nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateCodebasePrincipal(
+    nsCOMPtr<nsIPrincipal> principal = BasePrincipal::CreateContentPrincipal(
         uri, loadInfo->GetOriginAttributes());
 
     RefPtr<ServiceWorkerRegistrationInfo> registration =
         GetServiceWorkerRegistrationInfo(principal, uri);
     if (NS_WARN_IF(!registration)) {
       aRv.Throw(NS_ERROR_FAILURE);
       return;
     }
@@ -2209,17 +2209,17 @@ void ServiceWorkerManager::SoftUpdateInt
 
   nsCOMPtr<nsIURI> scopeURI;
   nsresult rv = NS_NewURI(getter_AddRefs(scopeURI), aScope);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }
 
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(scopeURI, aOriginAttributes);
+      BasePrincipal::CreateContentPrincipal(scopeURI, aOriginAttributes);
   if (NS_WARN_IF(!principal)) {
     return;
   }
 
   nsAutoCString scopeKey;
   rv = PrincipalToScopeKey(principal, scopeKey);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
--- a/dom/serviceworkers/test/browser_storage_recovery.js
+++ b/dom/serviceworkers/test/browser_storage_recovery.js
@@ -23,17 +23,17 @@ async function checkForUpdate(browser) {
 // Delete all of our chrome-namespace Caches for this origin, leaving any
 // content-owned caches in place.  This is exclusively for simulating loss
 // of the origin's storage without loss of the registration and without
 // having to worry that future enhancements to QuotaClients/ServiceWorkerRegistrar
 // will break this test.  If you want to wipe storage for an origin, use
 // QuotaManager APIs
 async function wipeStorage(u) {
   let uri = Services.io.newURI(u);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
   let caches = new CacheStorage("chrome", principal);
   let list = await caches.keys();
   return Promise.all(list.map(c => caches.delete(c)));
 }
 
--- a/dom/serviceworkers/test/test_scopes.html
+++ b/dom/serviceworkers/test/test_scopes.html
@@ -66,17 +66,17 @@
 
   async function testScopes() {
     function chromeScriptSource() {
       let swm = Cc["@mozilla.org/serviceworkers/manager;1"]
                   .getService(Ci.nsIServiceWorkerManager);
       let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"]
                      .getService(Ci.nsIScriptSecurityManager);
       addMessageListener("getScope", (msg) => {
-        let principal = secMan.createCodebasePrincipalFromOrigin(msg.principal);
+        let principal = secMan.createContentPrincipalFromOrigin(msg.principal);
         try {
           return { scope: swm.getScopeForUrl(principal, msg.path) };
         } catch (e) {
           return { exception: e.message };
         }
       });
     }
 
--- a/dom/storage/StorageActivityService.cpp
+++ b/dom/storage/StorageActivityService.cpp
@@ -22,18 +22,18 @@ namespace dom {
 static StaticRefPtr<StorageActivityService> gStorageActivityService;
 static bool gStorageActivityShutdown = false;
 
 /* static */
 void StorageActivityService::SendActivity(nsIPrincipal* aPrincipal) {
   MOZ_ASSERT(NS_IsMainThread());
 
   if (!aPrincipal || BasePrincipal::Cast(aPrincipal)->Kind() !=
-                         BasePrincipal::eCodebasePrincipal) {
-    // Only codebase principals.
+                         BasePrincipal::eContentPrincipal) {
+    // Only content principals.
     return;
   }
 
   RefPtr<StorageActivityService> service = GetOrCreate();
   if (NS_WARN_IF(!service)) {
     return;
   }
 
@@ -121,17 +121,17 @@ StorageActivityService::~StorageActivity
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(!mTimer);
 }
 
 void StorageActivityService::SendActivityInternal(nsIPrincipal* aPrincipal) {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(aPrincipal);
   MOZ_ASSERT(BasePrincipal::Cast(aPrincipal)->Kind() ==
-             BasePrincipal::eCodebasePrincipal);
+             BasePrincipal::eContentPrincipal);
 
   if (!XRE_IsParentProcess()) {
     SendActivityToParent(aPrincipal);
     return;
   }
 
   nsAutoCString origin;
   nsresult rv = aPrincipal->GetOrigin(origin);
@@ -239,17 +239,17 @@ StorageActivityService::GetActiveOrigins
       do_CreateInstance(NS_ARRAY_CONTRACTID, &rv);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;
   }
 
   for (auto iter = mActivities.Iter(); !iter.Done(); iter.Next()) {
     if (iter.UserData() >= aFrom && iter.UserData() <= aTo) {
       RefPtr<BasePrincipal> principal =
-          BasePrincipal::CreateCodebasePrincipal(iter.Key());
+          BasePrincipal::CreateContentPrincipal(iter.Key());
       MOZ_ASSERT(principal);
 
       rv = devices->AppendElement(principal);
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return rv;
       }
     }
   }
--- a/dom/tests/browser/browser_ConsoleAPI_originAttributes.js
+++ b/dom/tests/browser/browser_ConsoleAPI_originAttributes.js
@@ -77,17 +77,17 @@ function test() {
     mozExtensionHostname: uuid,
     baseURL: "file:///",
     allowedOrigins: new MatchPatternSet([]),
     localizeCallback() {},
   });
   policy.active = true;
 
   let baseURI = Services.io.newURI(url);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     baseURI,
     {}
   );
 
   let chromeWebNav = Services.appShell.createWindowlessBrowser(true);
   let docShell = chromeWebNav.docShell;
   docShell.createAboutBlankContentViewer(principal, principal);
 
--- a/dom/tests/browser/browser_localStorage_e10s.js
+++ b/dom/tests/browser/browser_localStorage_e10s.js
@@ -67,17 +67,17 @@ function triggerAndWaitForLocalStorageFl
  * AsyncClearMatchingOriginAttributes will not clear the hashtable entry for
  * the origin.
  *
  * So we explicitly access the cache here in the parent for the origin and issue
  * an explicit clear.  Clearing all storage might be a little easier but seems
  * like asking for intermittent failures.
  */
 function clearOriginStorageEnsuringNoPreload() {
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     HELPER_PAGE_ORIGIN
   );
 
   if (Services.lsm.nextGenLocalStorageEnabled) {
     let request = Services.qms.clearStoragesForPrincipal(
       principal,
       "default",
       "ls"
@@ -106,17 +106,17 @@ function clearOriginStorageEnsuringNoPre
   return triggerAndWaitForLocalStorageFlush();
 }
 
 async function verifyTabPreload(knownTab, expectStorageExists) {
   let storageExists = await ContentTask.spawn(
     knownTab.tab.linkedBrowser,
     HELPER_PAGE_ORIGIN,
     function(origin) {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       if (Services.lsm.nextGenLocalStorageEnabled) {
         return Services.lsm.isPreloaded(principal);
       }
       return !!Services.domStorageManager.getStorage(
         null,
         principal,
--- a/dom/tests/browser/browser_localStorage_snapshotting_e10s.js
+++ b/dom/tests/browser/browser_localStorage_snapshotting_e10s.js
@@ -6,17 +6,17 @@ const HELPER_PAGE_ORIGIN = "http://examp
 
 let testDir = gTestPath.substr(0, gTestPath.lastIndexOf("/"));
 Services.scriptloader.loadSubScript(
   testDir + "/helper_localStorage_e10s.js",
   this
 );
 
 function clearOrigin() {
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     HELPER_PAGE_ORIGIN
   );
   let request = Services.qms.clearStoragesForPrincipal(
     principal,
     "default",
     "ls"
   );
   let promise = new Promise(resolve => {
--- a/dom/tests/mochitest/chrome/test_MozDomFullscreen_event.xul
+++ b/dom/tests/mochitest/chrome/test_MozDomFullscreen_event.xul
@@ -22,17 +22,17 @@ function make_uri(url) {
   return ios.newURI(url);
 }
 
 // Ensure "fullscreen" permissions are not present on the test URI.
 var pm = Cc["@mozilla.org/permissionmanager;1"].getService(Ci.nsIPermissionManager);
 var uri = make_uri("http://mochi.test:8888");
 var ssm = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
                             .getService(Ci.nsIScriptSecurityManager);
-var principal = ssm.createCodebasePrincipal(uri, {});
+var principal = ssm.createContentPrincipal(uri, {});
 pm.removeFromPrincipal(principal, "fullscreen");
 
 SpecialPowers.pushPrefEnv({"set": [
   ['full-screen-api.enabled', true],
   ['full-screen-api.allow-trusted-requests-only', false],
   ['full-screen-api.transition-duration.enter', '0 0'],
   ['full-screen-api.transition-duration.leave', '0 0']
 ]}, setup);
--- a/dom/tests/mochitest/localstorage/localStorageCommon.js
+++ b/dom/tests/mochitest/localstorage/localStorageCommon.js
@@ -62,17 +62,17 @@ function localStorageClearAll(callback) 
       SpecialPowers.wrapCallback(function(request) {
         if (request.resultCode != SpecialPowers.Cr.NS_OK) {
           callback();
           return;
         }
 
         let clearRequestCount = 0;
         for (let item of request.result) {
-          let principal = ssm.createCodebasePrincipalFromOrigin(item.origin);
+          let principal = ssm.createContentPrincipalFromOrigin(item.origin);
           let clearRequest = qms.clearStoragesForPrincipal(
             principal,
             "default",
             "ls"
           );
           clearRequestCount++;
           clearRequest.callback = SpecialPowers.wrapCallback(function() {
             if (--clearRequestCount == 0) {
--- a/dom/tests/mochitest/localstorage/test_localStorageFromChrome.xhtml
+++ b/dom/tests/mochitest/localstorage/test_localStorageFromChrome.xhtml
@@ -15,17 +15,17 @@ async function startTest()
   var ios = Components.classes["@mozilla.org/network/io-service;1"]
     .getService(Components.interfaces.nsIIOService);
   var ssm = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
     .getService(Components.interfaces.nsIScriptSecurityManager);
   var dsm = Components.classes["@mozilla.org/dom/localStorage-manager;1"]
     .getService(Components.interfaces.nsIDOMStorageManager);
 
   var uri = ios.newURI(url);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
   var storage = dsm.createStorage(window, principal, principal, "");
 
   storage.setItem("chromekey", "chromevalue");
 
   var aframe = document.getElementById("aframe");
   aframe.onload = function()
   {
     is(storage.getItem("chromekey"), "chromevalue");
--- a/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
+++ b/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
@@ -367,17 +367,17 @@ nsresult txCompileObserver::loadURI(cons
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIURI> referrerUri;
   rv = NS_NewURI(getter_AddRefs(referrerUri), aReferrerUri);
   NS_ENSURE_SUCCESS(rv, rv);
 
   OriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> referrerPrincipal =
-      BasePrincipal::CreateCodebasePrincipal(referrerUri, attrs);
+      BasePrincipal::CreateContentPrincipal(referrerUri, attrs);
   NS_ENSURE_TRUE(referrerPrincipal, NS_ERROR_FAILURE);
 
   return startLoad(uri, aCompiler, referrerPrincipal, aReferrerPolicy);
 }
 
 void txCompileObserver::onDoneCompiling(txStylesheetCompiler* aCompiler,
                                         nsresult aResult,
                                         const char16_t* aErrorText,
@@ -545,17 +545,17 @@ nsresult txSyncCompileObserver::loadURI(
   nsresult rv = NS_NewURI(getter_AddRefs(uri), aUri);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIURI> referrerUri;
   rv = NS_NewURI(getter_AddRefs(referrerUri), aReferrerUri);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIPrincipal> referrerPrincipal =
-      BasePrincipal::CreateCodebasePrincipal(referrerUri, OriginAttributes());
+      BasePrincipal::CreateContentPrincipal(referrerUri, OriginAttributes());
   NS_ENSURE_TRUE(referrerPrincipal, NS_ERROR_FAILURE);
 
   // This is probably called by js, a loadGroup for the channel doesn't
   // make sense.
   nsCOMPtr<nsINode> source;
   if (mProcessor) {
     source = mProcessor->GetSourceContentModel();
   }
--- a/extensions/permissions/nsPermission.cpp
+++ b/extensions/permissions/nsPermission.cpp
@@ -36,17 +36,17 @@ already_AddRefed<nsIPrincipal> nsPermiss
   nsAutoCString originNoSuffix;
   nsresult rv = aPrincipal->GetOriginNoSuffix(originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
   nsCOMPtr<nsIURI> uri;
   rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, nullptr);
 
-  return mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+  return mozilla::BasePrincipal::CreateContentPrincipal(uri, attrs);
 }
 
 already_AddRefed<nsPermission> nsPermission::Create(
     nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aCapability,
     uint32_t aExpireType, int64_t aExpireTime, int64_t aModificationTime) {
   NS_ENSURE_TRUE(aPrincipal, nullptr);
 
   nsCOMPtr<nsIPrincipal> principal =
@@ -215,13 +215,13 @@ nsPermission::MatchesPrincipalForPermiss
 }
 
 NS_IMETHODIMP
 nsPermission::MatchesURI(nsIURI* aURI, bool aExactHost, bool* aMatches) {
   NS_ENSURE_ARG_POINTER(aURI);
 
   mozilla::OriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   return Matches(principal, aExactHost, aMatches);
 }
--- a/extensions/permissions/nsPermission.h
+++ b/extensions/permissions/nsPermission.h
@@ -18,17 +18,17 @@ class nsPermission : public nsIPermissio
   NS_DECL_ISUPPORTS
   NS_DECL_NSIPERMISSION
 
   static already_AddRefed<nsPermission> Create(
       nsIPrincipal* aPrincipal, const nsACString& aType, uint32_t aCapability,
       uint32_t aExpireType, int64_t aExpireTime, int64_t aModificationTime);
 
   // This method creates a new nsIPrincipal with a stripped OriginAttributes (no
-  // userContextId) and a codebase equal to the origin of 'aPrincipal'.
+  // userContextId) and a content principal equal to the origin of 'aPrincipal'.
   static already_AddRefed<nsIPrincipal> ClonePrincipalForPermission(
       nsIPrincipal* aPrincipal);
 
  protected:
   nsPermission(nsIPrincipal* aPrincipal, const nsACString& aType,
                uint32_t aCapability, uint32_t aExpireType, int64_t aExpireTime,
                int64_t aModificationTime);
 
--- a/extensions/permissions/nsPermissionManager.cpp
+++ b/extensions/permissions/nsPermissionManager.cpp
@@ -187,36 +187,36 @@ nsresult GetPrincipalFromOrigin(const ns
   // Disable userContext for permissions.
   attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
 
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), originNoSuffix);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(uri, attrs);
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsresult GetPrincipal(nsIURI* aURI, bool aIsInIsolatedMozBrowserElement,
                       nsIPrincipal** aPrincipal) {
   mozilla::OriginAttributes attrs(aIsInIsolatedMozBrowserElement);
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsresult GetPrincipal(nsIURI* aURI, nsIPrincipal** aPrincipal) {
   mozilla::OriginAttributes attrs;
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(aURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(aURI, attrs);
   NS_ENSURE_TRUE(principal, NS_ERROR_FAILURE);
 
   principal.forget(aPrincipal);
   return NS_OK;
 }
 
 nsCString GetNextSubDomainForHost(const nsACString& aHost) {
   nsCString subDomain;
@@ -275,17 +275,17 @@ already_AddRefed<nsIPrincipal> GetNextSu
 
   // Copy the attributes over
   mozilla::OriginAttributes attrs = aPrincipal->OriginAttributesRef();
 
   // Disable userContext for permissions.
   attrs.StripAttributes(mozilla::OriginAttributes::STRIP_USER_CONTEXT_ID);
 
   nsCOMPtr<nsIPrincipal> principal =
-      mozilla::BasePrincipal::CreateCodebasePrincipal(newURI, attrs);
+      mozilla::BasePrincipal::CreateContentPrincipal(newURI, attrs);
 
   return principal.forget();
 }
 
 class MOZ_STACK_CLASS UpgradeHostToOriginHelper {
  public:
   virtual nsresult Insert(const nsACString& aOrigin, const nsCString& aType,
                           uint32_t aPermission, uint32_t aExpireType,
@@ -2374,20 +2374,20 @@ nsresult nsPermissionManager::CommonTest
   MOZ_ASSERT_IF(aURI, !aPrincipal && aOriginNoSuffix.IsEmpty());
   NS_ENSURE_ARG_POINTER(aPrincipal || aURI || !aOriginNoSuffix.IsEmpty());
 
 #ifdef DEBUG
   {
     nsCOMPtr<nsIPrincipal> prin = aPrincipal;
     if (!prin) {
       if (aURI) {
-        prin = mozilla::BasePrincipal::CreateCodebasePrincipal(
+        prin = mozilla::BasePrincipal::CreateContentPrincipal(
             aURI, OriginAttributes());
       } else if (!aOriginNoSuffix.IsEmpty()) {
-        prin = mozilla::BasePrincipal::CreateCodebasePrincipal(aOriginNoSuffix);
+        prin = mozilla::BasePrincipal::CreateContentPrincipal(aOriginNoSuffix);
       }
     }
     MOZ_ASSERT(prin);
     MOZ_ASSERT(PermissionAvailable(prin, aType));
   }
 #endif
 
   PermissionHashKey* entry =
@@ -2476,17 +2476,17 @@ nsPermissionManager::GetPermissionHashKe
 #ifdef DEBUG
   {
     nsCOMPtr<nsIPrincipal> principal;
     nsresult rv = NS_OK;
     if (aURI) {
       rv = GetPrincipal(aURI, getter_AddRefs(principal));
     } else {
       principal =
-          mozilla::BasePrincipal::CreateCodebasePrincipal(aOriginNoSuffix);
+          mozilla::BasePrincipal::CreateContentPrincipal(aOriginNoSuffix);
     }
     MOZ_ASSERT_IF(NS_SUCCEEDED(rv),
                   PermissionAvailable(principal, mTypeArray[aType]));
   }
 #endif
 
   nsresult rv;
   RefPtr<PermissionKey> key =
@@ -2513,17 +2513,17 @@ nsPermissionManager::GetPermissionHashKe
       nsCOMPtr<nsIPrincipal> principal;
       if (aURI) {
         nsresult rv = GetPrincipal(aURI, getter_AddRefs(principal));
         if (NS_WARN_IF(NS_FAILED(rv))) {
           return nullptr;
         }
       } else {
         principal =
-            mozilla::BasePrincipal::CreateCodebasePrincipal(aOriginNoSuffix);
+            mozilla::BasePrincipal::CreateContentPrincipal(aOriginNoSuffix);
       }
       RemoveFromPrincipal(principal, mTypeArray[aType]);
     } else if (permEntry.mPermission == nsIPermissionManager::UNKNOWN_ACTION) {
       entry = nullptr;
     }
   }
 
   if (entry) {
--- a/extensions/permissions/test/gtest/PermissionManagerTest.cpp
+++ b/extensions/permissions/test/gtest/PermissionManagerTest.cpp
@@ -21,18 +21,18 @@ class PermissionManager : public ::testi
             NS_LITERAL_CSTRING("permissionTypeThatIsGuaranteedToNeverExist")) {}
   void SetUp() override {
     mPermissionManager = nsPermissionManager::GetInstance();
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_NewURI(
         getter_AddRefs(uri),
         NS_LITERAL_CSTRING("https://test.origin.with.subdomains.example.com"));
     MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
-    mPrincipal = mozilla::BasePrincipal::CreateCodebasePrincipal(
-        uri, OriginAttributes());
+    mPrincipal =
+        mozilla::BasePrincipal::CreateContentPrincipal(uri, OriginAttributes());
   }
 
   void TearDown() override {
     mPermissionManager = nullptr;
     mPrincipal = nullptr;
   }
 
   static const unsigned kNumIterations = 100000;
--- a/extensions/permissions/test/unit/test_permmanager_cleardata.js
+++ b/extensions/permissions/test/unit/test_permmanager_cleardata.js
@@ -1,16 +1,16 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 var pm;
 
 // Create a principal based on the { origin, originAttributes }.
 function createPrincipal(aOrigin, aOriginAttributes) {
-  return Services.scriptSecurityManager.createCodebasePrincipal(
+  return Services.scriptSecurityManager.createContentPrincipal(
     NetUtil.newURI(aOrigin),
     aOriginAttributes
   );
 }
 
 // Return the data required by 'clear-origin-attributes-data' notification.
 function getData(aPattern) {
   return JSON.stringify(aPattern);
--- a/extensions/permissions/test/unit/test_permmanager_defaults.js
+++ b/extensions/permissions/test/unit/test_permmanager_defaults.js
@@ -57,55 +57,55 @@ add_task(async function do_test() {
   // This will force the permission-manager to reload the data.
   Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk");
 
   let pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
 
   // test the default permission was applied.
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN,
     {}
   );
-  let principalHttps = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principalHttps = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN_HTTPS,
     {}
   );
-  let principal2 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal2 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN_2,
     {}
   );
-  let principal3 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal3 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN_3,
     {}
   );
 
   let attrs = { inIsolatedMozBrowser: true };
-  let principal4 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal4 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN,
     attrs
   );
-  let principal5 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal5 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN_3,
     attrs
   );
 
   attrs = { userContextId: 1 };
-  let principal6 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal6 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN,
     attrs
   );
   attrs = { firstPartyDomain: "cnn.com" };
-  let principal7 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal7 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN,
     attrs
   );
   attrs = { userContextId: 1, firstPartyDomain: "cnn.com" };
-  let principal8 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal8 = Services.scriptSecurityManager.createContentPrincipal(
     TEST_ORIGIN,
     attrs
   );
 
   Assert.equal(
     Ci.nsIPermissionManager.ALLOW_ACTION,
     pm.testPermissionFromPrincipal(principal, TEST_PERMISSION)
   );
@@ -388,17 +388,17 @@ function checkCapabilityViaDB(
     do_check();
   });
 }
 
 // use the DB to find the requested permission.   Returns the permission
 // value (ie, the "capability" in nsIPermission parlance) or null if it can't
 // be found.
 function findCapabilityViaDB(origin = TEST_ORIGIN, type = TEST_PERMISSION) {
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     origin,
     {}
   );
   let originStr = principal.origin;
 
   let file = Services.dirsvc.get("ProfD", Ci.nsIFile);
   file.append("permissions.sqlite");
 
--- a/extensions/permissions/test/unit/test_permmanager_expiration.js
+++ b/extensions/permissions/test/unit/test_permmanager_expiration.js
@@ -15,17 +15,17 @@ function continue_test() {
 }
 
 function* do_run_test() {
   // Set up a profile.
   let profile = do_get_profile();
 
   let pm = Services.perms;
   let permURI = NetUtil.newURI("http://example.com");
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     permURI,
     {}
   );
 
   let now = Number(Date.now());
 
   // add a permission with *now* expiration
   pm.addFromPrincipal(
--- a/extensions/permissions/test/unit/test_permmanager_getPermissionObject.js
+++ b/extensions/permissions/test/unit/test_permmanager_getPermissionObject.js
@@ -1,17 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 function getPrincipalFromURI(aURI) {
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   let uri = NetUtil.newURI(aURI);
-  return ssm.createCodebasePrincipal(uri, {});
+  return ssm.createContentPrincipal(uri, {});
 }
 
 function getSystemPrincipal() {
   return Cc["@mozilla.org/scriptsecuritymanager;1"]
     .getService(Ci.nsIScriptSecurityManager)
     .getSystemPrincipal();
 }
 
--- a/extensions/permissions/test/unit/test_permmanager_idn.js
+++ b/extensions/permissions/test/unit/test_permmanager_idn.js
@@ -1,17 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 function getPrincipalFromDomain(aDomain) {
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   let uri = NetUtil.newURI("http://" + aDomain);
-  return ssm.createCodebasePrincipal(uri, {});
+  return ssm.createContentPrincipal(uri, {});
 }
 
 function run_test() {
   let profile = do_get_profile();
   let pm = Services.perms;
   let perm = "test-idn";
 
   // We create three principal linked to IDN.
--- a/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
+++ b/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
@@ -246,14 +246,14 @@ function run_test() {
   // check we found at least 1 record that was migrated.
   Assert.ok(numMigrated > 0, "we found at least 1 record that was migrated");
 
   // This permission should always be there.
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   let uri = NetUtil.newURI("http://example.org");
-  let principal = ssm.createCodebasePrincipal(uri, {});
+  let principal = ssm.createContentPrincipal(uri, {});
   Assert.equal(
     pm.testPermissionFromPrincipal(principal, "test-load-invalid-entries"),
     Ci.nsIPermissionManager.ALLOW_ACTION
   );
 }
--- a/extensions/permissions/test/unit/test_permmanager_local_files.js
+++ b/extensions/permissions/test/unit/test_permmanager_local_files.js
@@ -1,16 +1,16 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 // Test that permissions work for file:// URIs (aka local files).
 
 function getPrincipalFromURIString(uriStr) {
   let uri = NetUtil.newURI(uriStr);
-  return Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
+  return Services.scriptSecurityManager.createContentPrincipal(uri, {});
 }
 
 function run_test() {
   let pm = Services.perms;
 
   // If we add a permission to a file:// URI, the test should return true.
   let principal = getPrincipalFromURIString("file:///foo/bar");
   pm.addFromPrincipal(principal, "test/local-files", pm.ALLOW_ACTION, 0, 0);
--- a/extensions/permissions/test/unit/test_permmanager_matches.js
+++ b/extensions/permissions/test/unit/test_permmanager_matches.js
@@ -53,46 +53,46 @@ function run_test() {
   // Add some permissions
   let uri0 = NetUtil.newURI("http://google.com/search?q=foo#hashtag");
   let uri1 = NetUtil.newURI("http://hangouts.google.com/subdir");
   let uri2 = NetUtil.newURI("http://google.org/");
   let uri3 = NetUtil.newURI("https://google.com/some/random/subdirectory");
   let uri4 = NetUtil.newURI("https://hangouts.google.com/#!/hangout");
   let uri5 = NetUtil.newURI("http://google.com:8096/");
 
-  let uri0_n = secMan.createCodebasePrincipal(uri0, {});
-  let uri1_n = secMan.createCodebasePrincipal(uri1, {});
-  let uri2_n = secMan.createCodebasePrincipal(uri2, {});
-  let uri3_n = secMan.createCodebasePrincipal(uri3, {});
-  let uri4_n = secMan.createCodebasePrincipal(uri4, {});
-  let uri5_n = secMan.createCodebasePrincipal(uri5, {});
+  let uri0_n = secMan.createContentPrincipal(uri0, {});
+  let uri1_n = secMan.createContentPrincipal(uri1, {});
+  let uri2_n = secMan.createContentPrincipal(uri2, {});
+  let uri3_n = secMan.createContentPrincipal(uri3, {});
+  let uri4_n = secMan.createContentPrincipal(uri4, {});
+  let uri5_n = secMan.createContentPrincipal(uri5, {});
 
   attrs = { inIsolatedMozBrowser: true };
-  let uri0_y_ = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri1_y_ = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri2_y_ = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri3_y_ = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri4_y_ = secMan.createCodebasePrincipal(uri4, attrs);
-  let uri5_y_ = secMan.createCodebasePrincipal(uri5, attrs);
+  let uri0_y_ = secMan.createContentPrincipal(uri0, attrs);
+  let uri1_y_ = secMan.createContentPrincipal(uri1, attrs);
+  let uri2_y_ = secMan.createContentPrincipal(uri2, attrs);
+  let uri3_y_ = secMan.createContentPrincipal(uri3, attrs);
+  let uri4_y_ = secMan.createContentPrincipal(uri4, attrs);
+  let uri5_y_ = secMan.createContentPrincipal(uri5, attrs);
 
   attrs = { userContextId: 1 };
-  let uri0_1 = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri1_1 = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri2_1 = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri3_1 = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri4_1 = secMan.createCodebasePrincipal(uri4, attrs);
-  let uri5_1 = secMan.createCodebasePrincipal(uri5, attrs);
+  let uri0_1 = secMan.createContentPrincipal(uri0, attrs);
+  let uri1_1 = secMan.createContentPrincipal(uri1, attrs);
+  let uri2_1 = secMan.createContentPrincipal(uri2, attrs);
+  let uri3_1 = secMan.createContentPrincipal(uri3, attrs);
+  let uri4_1 = secMan.createContentPrincipal(uri4, attrs);
+  let uri5_1 = secMan.createContentPrincipal(uri5, attrs);
 
   attrs = { firstPartyDomain: "cnn.com" };
-  let uri0_cnn = secMan.createCodebasePrincipal(uri0, attrs);
-  let uri1_cnn = secMan.createCodebasePrincipal(uri1, attrs);
-  let uri2_cnn = secMan.createCodebasePrincipal(uri2, attrs);
-  let uri3_cnn = secMan.createCodebasePrincipal(uri3, attrs);
-  let uri4_cnn = secMan.createCodebasePrincipal(uri4, attrs);
-  let uri5_cnn = secMan.createCodebasePrincipal(uri5, attrs);
+  let uri0_cnn = secMan.createContentPrincipal(uri0, attrs);
+  let uri1_cnn = secMan.createContentPrincipal(uri1, attrs);
+  let uri2_cnn = secMan.createContentPrincipal(uri2, attrs);
+  let uri3_cnn = secMan.createContentPrincipal(uri3, attrs);
+  let uri4_cnn = secMan.createContentPrincipal(uri4, attrs);
+  let uri5_cnn = secMan.createContentPrincipal(uri5, attrs);
 
   pm.addFromPrincipal(uri0_n, "test/matches", pm.ALLOW_ACTION);
   let perm_n = pm.getPermissionObject(uri0_n, "test/matches", true);
   pm.addFromPrincipal(uri0_y_, "test/matches", pm.ALLOW_ACTION);
   let perm_y_ = pm.getPermissionObject(uri0_y_, "test/matches", true);
   pm.addFromPrincipal(uri0_1, "test/matches", pm.ALLOW_ACTION);
   let perm_1 = pm.getPermissionObject(uri0_n, "test/matches", true);
   pm.addFromPrincipal(uri0_cnn, "test/matches", pm.ALLOW_ACTION);
--- a/extensions/permissions/test/unit/test_permmanager_matchesuri.js
+++ b/extensions/permissions/test/unit/test_permmanager_matchesuri.js
@@ -45,17 +45,17 @@ function mk_permission(uri) {
     Ci.nsIPermissionManager
   );
 
   let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
 
   // Get the permission from the principal!
-  let principal = secMan.createCodebasePrincipal(uri, {});
+  let principal = secMan.createContentPrincipal(uri, {});
 
   pm.addFromPrincipal(principal, "test/matchesuri", pm.ALLOW_ACTION);
   let permission = pm.getPermissionObject(principal, "test/matchesuri", true);
 
   return permission;
 }
 
 function run_test() {
--- a/extensions/permissions/test/unit/test_permmanager_notifications.js
+++ b/extensions/permissions/test/unit/test_permmanager_notifications.js
@@ -22,17 +22,17 @@ function* do_run_test() {
 
   let pm = Services.perms;
   let now = Number(Date.now());
   let permType = "test/expiration-perm";
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   let uri = NetUtil.newURI("http://example.com");
-  let principal = ssm.createCodebasePrincipal(uri, {});
+  let principal = ssm.createContentPrincipal(uri, {});
 
   let observer = new permission_observer(test_generator, now, permType);
   Services.obs.addObserver(observer, "perm-changed");
 
   // Add a permission, to test the 'add' notification. Note that we use
   // do_execute_soon() so that we can use our generator to continue the test
   // where we left off.
   executeSoon(function() {
--- a/extensions/permissions/test/unit/test_permmanager_removesince.js
+++ b/extensions/permissions/test/unit/test_permmanager_removesince.js
@@ -18,23 +18,23 @@ function* do_run_test() {
   // Set up a profile.
   let profile = do_get_profile();
 
   let pm = Services.perms;
 
   // to help with testing edge-cases, we will arrange for .removeAllSince to
   // remove *all* permissions from one principal and one permission from another.
   let permURI1 = NetUtil.newURI("http://example.com");
-  let principal1 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal1 = Services.scriptSecurityManager.createContentPrincipal(
     permURI1,
     {}
   );
 
   let permURI2 = NetUtil.newURI("http://example.org");
-  let principal2 = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal2 = Services.scriptSecurityManager.createContentPrincipal(
     permURI2,
     {}
   );
 
   // add a permission now - this isn't going to be removed.
   pm.addFromPrincipal(principal1, "test/remove-since", 1);
 
   // sleep briefly, then record the time - we'll remove all since then.
--- a/extensions/permissions/test/unit/test_permmanager_subdomains.js
+++ b/extensions/permissions/test/unit/test_permmanager_subdomains.js
@@ -1,17 +1,17 @@
 /* Any copyright is dedicated to the Public Domain.
    http://creativecommons.org/publicdomain/zero/1.0/ */
 
 function getPrincipalFromURI(aURI) {
   let ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   let uri = NetUtil.newURI(aURI);
-  return ssm.createCodebasePrincipal(uri, {});
+  return ssm.createContentPrincipal(uri, {});
 }
 
 function run_test() {
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
 
   // Adds a permission to a sub-domain. Checks if it is working.
--- a/image/test/unit/test_private_channel.js
+++ b/image/test/unit/test_private_channel.js
@@ -37,17 +37,17 @@ function imageHandler(metadata, response
 var requests = [];
 var listeners = [];
 
 var gImgPath = "http://localhost:" + server.identity.primaryPort + "/image.png";
 
 function setup_chan(path, isPrivate, callback) {
   var uri = NetUtil.newURI(gImgPath);
   var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
-  var principal = Services.scriptSecurityManager.createCodebasePrincipal(uri, {
+  var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
     privateBrowsingId: isPrivate ? 1 : 0,
   });
   var chan = NetUtil.newChannel({
     uri,
     loadingPrincipal: principal,
     securityFlags,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_INTERNAL_IMAGE,
   });
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -80,17 +80,17 @@ already_AddRefed<nsIPrincipal> Principal
           aPrincipalInfo.get_ContentPrincipalInfo();
 
       nsCOMPtr<nsIURI> uri;
       rv = NS_NewURI(getter_AddRefs(uri), info.spec());
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return nullptr;
       }
 
-      principal = BasePrincipal::CreateCodebasePrincipal(uri, info.attrs());
+      principal = BasePrincipal::CreateContentPrincipal(uri, info.attrs());
       if (NS_WARN_IF(!principal)) {
         return nullptr;
       }
 
       // Origin must match what the_new_principal.getOrigin returns.
       nsAutoCString originNoSuffix;
       rv = principal->GetOriginNoSuffix(originNoSuffix);
       if (NS_WARN_IF(NS_FAILED(rv)) ||
--- a/js/xpconnect/loader/mozJSSubScriptLoader.cpp
+++ b/js/xpconnect/loader/mozJSSubScriptLoader.cpp
@@ -419,23 +419,23 @@ nsresult mozJSSubScriptLoader::DoLoadSub
   // blob: URI.
   bool useCompilationScope = false;
   auto* principal = BasePrincipal::Cast(GetObjectPrincipal(targetObj));
   bool isSystem = principal->Is<SystemPrincipal>();
   if (!isSystem && principal->Is<ContentPrincipal>()) {
     auto* content = principal->As<ContentPrincipal>();
 
     nsAutoCString scheme;
-    content->mCodebase->GetScheme(scheme);
+    content->mURI->GetScheme(scheme);
 
     // We want to enable caching for scripts with Activity Stream's
     // codebase URLs.
     if (scheme.EqualsLiteral("about")) {
       nsAutoCString filePath;
-      content->mCodebase->GetFilePath(filePath);
+      content->mURI->GetFilePath(filePath);
 
       useCompilationScope = filePath.EqualsLiteral("home") ||
                             filePath.EqualsLiteral("newtab") ||
                             filePath.EqualsLiteral("welcome");
       isSystem = true;
     }
   }
   bool ignoreCache =
--- a/js/xpconnect/src/Sandbox.cpp
+++ b/js/xpconnect/src/Sandbox.cpp
@@ -1232,36 +1232,36 @@ nsXPCComponents_utils_Sandbox::Construct
                                          JSContext* cx, JSObject* objArg,
                                          const CallArgs& args, bool* _retval) {
   RootedObject obj(cx, objArg);
   return CallOrConstruct(wrapper, cx, obj, args, _retval);
 }
 
 /*
  * For sandbox constructor the first argument can be a URI string in which case
- * we use the related Codebase Principal for the sandbox.
+ * we use the related Content Principal for the sandbox.
  */
-bool ParsePrincipal(JSContext* cx, HandleString codebase,
+bool ParsePrincipal(JSContext* cx, HandleString contentUrl,
                     const OriginAttributes& aAttrs, nsIPrincipal** principal) {
   MOZ_ASSERT(principal);
-  MOZ_ASSERT(codebase);
+  MOZ_ASSERT(contentUrl);
   nsCOMPtr<nsIURI> uri;
-  nsAutoJSString codebaseStr;
-  NS_ENSURE_TRUE(codebaseStr.init(cx, codebase), false);
-  nsresult rv = NS_NewURI(getter_AddRefs(uri), codebaseStr);
+  nsAutoJSString contentStr;
+  NS_ENSURE_TRUE(contentStr.init(cx, contentUrl), false);
+  nsresult rv = NS_NewURI(getter_AddRefs(uri), contentStr);
   if (NS_FAILED(rv)) {
     JS_ReportErrorASCII(cx, "Creating URI from string failed");
     return false;
   }
 
   // We could allow passing in the app-id and browser-element info to the
   // sandbox constructor. But creating a sandbox based on a string is a
   // deprecated API so no need to add features to it.
   nsCOMPtr<nsIPrincipal> prin =
-      BasePrincipal::CreateCodebasePrincipal(uri, aAttrs);
+      BasePrincipal::CreateContentPrincipal(uri, aAttrs);
   prin.forget(principal);
 
   if (!*principal) {
     JS_ReportErrorASCII(cx, "Creating Principal from URI failed");
     return false;
   }
   return true;
 }
@@ -1334,17 +1334,17 @@ static bool GetExpandedPrincipal(JSConte
 
   // Now we go over the array in two passes.  In the first pass, we ignore
   // strings, and only process objects.  Assuming that no originAttributes
   // option has been passed, if we encounter a principal or SOP object, we
   // grab its OA and save it if it's the first OA encountered, otherwise
   // check to make sure that it is the same as the OA found before.
   // In the second pass, we ignore objects, and use the OA found in pass 0
   // (or the previously computed OA if we have obtained it from the options)
-  // to construct codebase principals.
+  // to construct content principals.
   //
   // The effective OA selected above will also be set as the OA of the
   // expanded principal object.
 
   // First pass:
   for (uint32_t i = 0; i < length; ++i) {
     RootedValue allowed(cx);
     if (!JS_GetElement(cx, arrayObj, i, &allowed)) {
@@ -1408,17 +1408,17 @@ static bool GetExpandedPrincipal(JSConte
   for (uint32_t i = 0; i < length; ++i) {
     RootedValue allowed(cx);
     if (!JS_GetElement(cx, arrayObj, i, &allowed)) {
       return false;
     }
 
     nsCOMPtr<nsIPrincipal> principal;
     if (allowed.isString()) {
-      // In case of string let's try to fetch a codebase principal from it.
+      // In case of string let's try to fetch a content principal from it.
       RootedString str(cx, allowed.toString());
 
       // attrs here is either a default OriginAttributes in case the
       // originAttributes option isn't specified, and no object in the array
       // provides a principal.  Otherwise it's either the forced principal, or
       // the principal found before, so we can use it here.
       if (!ParsePrincipal(cx, str, attrs.ref(), getter_AddRefs(principal))) {
         return false;
--- a/js/xpconnect/src/XPCJSRuntime.cpp
+++ b/js/xpconnect/src/XPCJSRuntime.cpp
@@ -463,17 +463,17 @@ void NukeJSStackFrames(JS::Realm* aRealm
 
 Scriptability::Scriptability(JS::Realm* realm)
     : mScriptBlocks(0),
       mDocShellAllowsScript(true),
       mScriptBlockedByPolicy(false) {
   nsIPrincipal* prin = nsJSPrincipals::get(JS::GetRealmPrincipals(realm));
   mImmuneToScriptPolicy = PrincipalImmuneToScriptPolicy(prin);
 
-  // If we're not immune, we should have a real principal with a codebase URI.
+  // If we're not immune, we should have a real principal with a URI.
   // Check the URI against the new-style domain policy.
   if (!mImmuneToScriptPolicy) {
     nsCOMPtr<nsIURI> codebase;
     nsresult rv = prin->GetURI(getter_AddRefs(codebase));
     bool policyAllows;
     if (NS_SUCCEEDED(rv) && codebase &&
         NS_SUCCEEDED(nsXPConnect::SecurityManager()->PolicyAllowsScript(
             codebase, &policyAllows))) {
--- a/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
+++ b/js/xpconnect/tests/unit/test_allowedDomainsXHR.js
@@ -56,17 +56,17 @@ function run_test()
   httpserver3.start(4446);
 
   // Test sync XHR sending
   Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
   var res = Cu.evalInSandbox('var sync = createXHR("4444/simple"); sync.send(null); sync', sb);
   Assert.ok(checkResults(res));
 
   var principal = res.responseXML.nodePrincipal;
-  Assert.ok(principal.isCodebasePrincipal);
+  Assert.ok(principal.isContentPrincipal);
   var requestURL = "http://localhost:4444/simple";
   Assert.equal(principal.URI.spec, requestURL);
 
   // negative test sync XHR sending (to ensure that the xhr do not have chrome caps, see bug 779821)
   try {
     Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
     var res = Cu.evalInSandbox('var sync = createXHR("4445/negative"); sync.send(null); sync', sb);
     Assert.equal(false, true, "XHR created from sandbox should not have chrome caps");
@@ -78,17 +78,17 @@ function run_test()
   // This request bounces to server 2 and then back to server 1.  Neither of
   // these servers support CORS, but if the expanded principal is used as the
   // triggering principal, this should work.
   Cu.evalInSandbox('var createXHR = ' + createXHR.toString(), sb);
   var res = Cu.evalInSandbox('var sync = createXHR("4444/redirect"); sync.send(null); sync', sb);
   Assert.ok(checkResults(res));
 
   var principal = res.responseXML.nodePrincipal;
-  Assert.ok(principal.isCodebasePrincipal);
+  Assert.ok(principal.isContentPrincipal);
   var requestURL = "http://localhost:4444/simple";
   Assert.equal(principal.URI.spec, requestURL);
 
   httpserver2.stop(finishIfDone);
   httpserver3.stop(finishIfDone);
 
   // Test async XHR sending
   sb.finish = function(){
--- a/js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js
+++ b/js/xpconnect/tests/unit/test_nuke_sandbox_event_listeners.js
@@ -9,17 +9,17 @@ const {Services} = ChromeUtils.import("r
 function promiseEvent(target, event) {
   return new Promise(resolve => {
     target.addEventListener(event, resolve, {capture: true, once: true});
   });
 }
 
 add_task(async function() {
   let principal = Services.scriptSecurityManager
-    .createCodebasePrincipalFromOrigin("http://example.com/");
+    .createContentPrincipalFromOrigin("http://example.com/");
 
   let webnav = Services.appShell.createWindowlessBrowser(false);
 
   let docShell = webnav.docShell;
 
   docShell.createAboutBlankContentViewer(principal, principal);
 
   let window = webnav.document.defaultView;
--- a/js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js
+++ b/js/xpconnect/tests/unit/test_nuke_webextension_wrappers.js
@@ -5,17 +5,17 @@ const {NetUtil} = ChromeUtils.import("re
 ChromeUtils.import("resource://gre/modules/Timer.jsm");
 const {TestUtils} = ChromeUtils.import("resource://testing-common/TestUtils.jsm");
 
 function getWindowlessBrowser(url) {
   let ssm = Services.scriptSecurityManager;
 
   let uri = NetUtil.newURI(url);
 
-  let principal = ssm.createCodebasePrincipal(uri, {});
+  let principal = ssm.createContentPrincipal(uri, {});
 
   let webnav = Services.appShell.createWindowlessBrowser(false);
 
   let docShell = webnav.docShell;
 
   docShell.createAboutBlankContentViewer(principal, principal);
 
   return webnav;
--- a/layout/build/nsContentDLF.h
+++ b/layout/build/nsContentDLF.h
@@ -43,17 +43,17 @@ class nsContentDLF final : public nsIDoc
                              nsILoadGroup* aLoadGroup, nsIDocShell* aContainer,
                              nsISupports* aExtraInfo,
                              nsIStreamListener** aDocListener,
                              nsIContentViewer** aContentViewer);
 
   /**
    * Create a blank document using the given loadgroup and given
    * principal.  aPrincipal is allowed to be null, in which case the
-   * new document will get the about:blank codebase principal.
+   * new document will get the about:blank content principal.
    */
   static already_AddRefed<mozilla::dom::Document> CreateBlankDocument(
       nsILoadGroup* aLoadGroup, nsIPrincipal* aPrincipal,
       nsIPrincipal* aStoragePrincipal, nsDocShell* aContainer);
 
  private:
   static nsresult EnsureUAStyleSheet();
   static bool IsImageContentType(const char* aContentType);
--- a/layout/svg/SVGContextPaint.cpp
+++ b/layout/svg/SVGContextPaint.cpp
@@ -64,17 +64,17 @@ bool SVGContextPaint::IsAllowedForImageF
   //
   nsAutoCString scheme;
   if (NS_SUCCEEDED(aURI->GetScheme(scheme)) &&
       (scheme.EqualsLiteral("chrome") || scheme.EqualsLiteral("resource") ||
        scheme.EqualsLiteral("page-icon"))) {
     return true;
   }
   RefPtr<BasePrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(aURI, OriginAttributes());
+      BasePrincipal::CreateContentPrincipal(aURI, OriginAttributes());
   nsString addonId;
   if (NS_SUCCEEDED(principal->GetAddonId(addonId))) {
     if (StringEndsWith(addonId, NS_LITERAL_STRING("@mozilla.org")) ||
         StringEndsWith(addonId, NS_LITERAL_STRING("@mozilla.com"))) {
       return true;
     }
   }
   return false;
--- a/layout/tools/reftest/manifest.jsm
+++ b/layout/tools/reftest/manifest.jsm
@@ -261,17 +261,17 @@ function ReadManifest(aURL, aFilter)
             if (items.length > 1 && !items[1].match(RE_PROTOCOL)) {
                 items[1] = urlprefix + items[1];
             }
             if (items.length > 2 && !items[2].match(RE_PROTOCOL)) {
                 items[2] = urlprefix + items[2];
             }
         }
 
-        var principal = secMan.createCodebasePrincipal(aURL, {});
+        var principal = secMan.createContentPrincipal(aURL, {});
 
         if (items[0] == "include") {
             if (items.length != 2)
                 throw "Error in manifest file " + aURL.spec + " line " + lineNo + ": incorrect number of arguments to include";
             if (runHttp)
                 throw "Error in manifest file " + aURL.spec + " line " + lineNo + ": use of include with http";
 
             // If the expected_status is EXPECTED_PASS (the default) then allow
@@ -662,17 +662,17 @@ function CreateUrls(test) {
     function FileToURI(file)
     {
         if (file === null)
             return file;
 
         var testURI = g.ioService.newURI(file, null, testbase);
         let isChrome = testURI.scheme == "chrome";
         let principal = isChrome ? secMan.getSystemPrincipal() :
-                                   secMan.createCodebasePrincipal(manifestURL, {});
+                                   secMan.createContentPrincipal(manifestURL, {});
         secMan.checkLoadURIWithPrincipal(principal, testURI,
                                          Ci.nsIScriptSecurityManager.DISALLOW_SCRIPT);
         return testURI;
     }
 
     let files = [test.url1, test.url2];
     [test.url1, test.url2] = files.map(FileToURI);
 
--- a/mobile/android/components/AboutRedirector.js
+++ b/mobile/android/components/AboutRedirector.js
@@ -101,17 +101,17 @@ AboutRedirector.prototype = {
     let moduleInfo = this._getModuleInfo(aURI);
 
     var newURI = Services.io.newURI(moduleInfo.uri);
 
     var channel = Services.io.newChannelFromURIWithLoadInfo(newURI, aLoadInfo);
 
     if (!moduleInfo.privileged) {
       // Setting the owner to null means that we'll go through the normal
-      // path in GetChannelPrincipal and create a codebase principal based
+      // path in GetChannelPrincipal and create a content principal based
       // on the channel's originalURI
       channel.owner = null;
     }
 
     channel.originalURI = aURI;
 
     return channel;
   },
--- a/mobile/android/components/geckoview/GeckoViewPermission.js
+++ b/mobile/android/components/geckoview/GeckoViewPermission.js
@@ -48,17 +48,17 @@ GeckoViewPermission.prototype = {
         break;
       }
     }
   },
 
   receiveMessage(aMsg) {
     switch (aMsg.name) {
       case "GeckoView:AddCameraPermission": {
-        let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+        let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
           aMsg.data.origin
         );
 
         // Although the lifetime is "session" it will be removed upon
         // use so it's more of a one-shot.
         Services.perms.addFromPrincipal(
           principal,
           "MediaManagerVideo",
--- a/mobile/android/extensions/webcompat/AboutCompat.jsm
+++ b/mobile/android/extensions/webcompat/AboutCompat.jsm
@@ -22,15 +22,15 @@ AboutCompat.prototype = {
     return Ci.nsIAboutModule.URI_MUST_LOAD_IN_EXTENSION_PROCESS;
   },
 
   newChannel(aURI, aLoadInfo) {
     const uri = Services.io.newURI(this.chromeURL);
     const channel = Services.io.newChannelFromURIWithLoadInfo(uri, aLoadInfo);
     channel.originalURI = aURI;
 
-    channel.owner = Services.scriptSecurityManager.createCodebasePrincipal(
+    channel.owner = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       aLoadInfo.originAttributes
     );
     return channel;
   },
 };
--- a/mobile/android/modules/Sanitizer.jsm
+++ b/mobile/android/modules/Sanitizer.jsm
@@ -223,17 +223,17 @@ Sanitizer.prototype = {
             if (request.resultCode != Cr.NS_OK) {
               // We are probably shutting down. We don't want to propagate the
               // error, rejecting the promise.
               resolve();
               return;
             }
 
             for (let item of request.result) {
-              let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+              let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
                 item.origin
               );
               let uri = principal.URI;
               if (
                 uri.scheme == "http" ||
                 uri.scheme == "https" ||
                 uri.scheme == "file"
               ) {
--- a/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
+++ b/mobile/android/modules/geckoview/GeckoViewNavigation.jsm
@@ -121,17 +121,17 @@ class GeckoViewNavigation extends GeckoV
           if (
             parsedUri.schemeIs("about") ||
             parsedUri.schemeIs("data") ||
             parsedUri.schemeIs("file") ||
             parsedUri.schemeIs("resource") ||
             parsedUri.schemeIs("moz-extension")
           ) {
             // Only allow privileged loading for certain URIs.
-            triggeringPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+            triggeringPrincipal = Services.scriptSecurityManager.createContentPrincipal(
               parsedUri,
               {}
             );
           }
         } catch (ignored) {}
         if (!triggeringPrincipal) {
           triggeringPrincipal = Services.scriptSecurityManager.createNullPrincipal(
             {}
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -844,17 +844,17 @@ void Predictor::PredictForLink(nsIURI* t
     if (isSSL) {
       // We don't want to predict from an HTTPS page, to avoid info leakage
       PREDICTOR_LOG(("    Not predicting for link hover - on an SSL page"));
       return;
     }
   }
 
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(targetURI, originAttributes);
+      BasePrincipal::CreateContentPrincipal(targetURI, originAttributes);
 
   mSpeculativeService->SpeculativeConnect(targetURI, principal, nullptr);
   if (verifier) {
     PREDICTOR_LOG(("    sending verification"));
     verifier->OnPredictPreconnect(targetURI);
   }
 }
 
@@ -1331,17 +1331,17 @@ bool Predictor::RunPredictions(nsIURI* r
 
   len = preconnects.Length();
   for (i = 0; i < len; ++i) {
     PREDICTOR_LOG(("    doing preconnect"));
     nsCOMPtr<nsIURI> uri = preconnects[i];
     ++totalPredictions;
     ++totalPreconnects;
     nsCOMPtr<nsIPrincipal> principal =
-        BasePrincipal::CreateCodebasePrincipal(uri, originAttributes);
+        BasePrincipal::CreateContentPrincipal(uri, originAttributes);
     mSpeculativeService->SpeculativeConnect(uri, principal, this);
     predicted = true;
     if (verifier) {
       PREDICTOR_LOG(("    sending preconnect verification"));
       verifier->OnPredictPreconnect(uri);
     }
   }
 
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -252,17 +252,17 @@ interface nsILoadInfo : nsISupports
    *
    * If the loadingPrincipal is the system principal, no security checks
    * will be done at all. There will be no security checks on the initial
    * load or any subsequent redirects. This means there will be no
    * nsIContentPolicy checks or any CheckLoadURI checks. Because of
    * this, never set the loadingPrincipal to the system principal when
    * the URI to be loaded is controlled by a webpage.
    * If the loadingPrincipal and triggeringPrincipal are both
-   * codebase-principals, then we will always call into
+   * content principals, then we will always call into
    * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
    * and CheckLoadURI happen even if the URI to be loaded is same-origin
    * with the loadingPrincipal or triggeringPrincipal.
    */
   readonly attribute nsIPrincipal loadingPrincipal;
 
   /**
    * A C++-friendly version of loadingPrincipal.
@@ -293,17 +293,17 @@ interface nsILoadInfo : nsISupports
    *
    * If the triggeringPrincipal is the system principal, no security checks
    * will be done at all. There will be no security checks on the initial
    * load or any subsequent redirects. This means there will be no
    * nsIContentPolicy checks or any CheckLoadURI checks. Because of
    * this, never set the triggeringPrincipal to the system principal when
    * the URI to be loaded is controlled by a webpage.
    * If the loadingPrincipal and triggeringPrincipal are both
-   * codebase-principals, then we will always call into
+   * content principals, then we will always call into
    * nsIContentPolicies and CheckLoadURI. The call to nsIContentPolicies
    * and CheckLoadURI happen even if the URI to be loaded is same-origin
    * with the loadingPrincipal or triggeringPrincipal.
    */
   readonly attribute nsIPrincipal triggeringPrincipal;
 
   /**
    * A C++-friendly version of triggeringPrincipal.
--- a/netwerk/cookie/nsCookieService.cpp
+++ b/netwerk/cookie/nsCookieService.cpp
@@ -3999,22 +3999,22 @@ CookieStatus nsCookieService::CheckPrefs
   bool ftp;
   if (NS_SUCCEEDED(aHostURI->SchemeIs("ftp", &ftp)) && ftp) {
     COOKIE_LOGFAILURE(aCookieHeader.IsVoid() ? GET_COOKIE : SET_COOKIE,
                       aHostURI, aCookieHeader, "ftp sites cannot read cookies");
     return STATUS_REJECTED_WITH_ERROR;
   }
 
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(aHostURI, aOriginAttrs);
+      BasePrincipal::CreateContentPrincipal(aHostURI, aOriginAttrs);
 
   if (!principal) {
     COOKIE_LOGFAILURE(aCookieHeader.IsVoid() ? GET_COOKIE : SET_COOKIE,
                       aHostURI, aCookieHeader,
-                      "non-codebase principals cannot get/set cookies");
+                      "non-content principals cannot get/set cookies");
     return STATUS_REJECTED_WITH_ERROR;
   }
 
   // check the permission list first; if we find an entry, it overrides
   // default prefs. see bug 184059.
   uint32_t cookiePermission = nsICookiePermission::ACCESS_DEFAULT;
   rv = aCookieSettings->CookiePermission(principal, &cookiePermission);
   if (NS_SUCCEEDED(rv)) {
--- a/netwerk/cookie/test/unit/test_rawSameSite.js
+++ b/netwerk/cookie/test/unit/test_rawSameSite.js
@@ -54,17 +54,17 @@ add_task(async _ => {
       true
     );
   }
 
   let cs = Cc["@mozilla.org/cookieService;1"].getService(Ci.nsICookieService);
 
   let uri = NetUtil.newURI("http://example.org/");
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   let channel = NetUtil.newChannel({
     uri,
     loadingPrincipal: principal,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
--- a/netwerk/protocol/http/HttpChannelParent.cpp
+++ b/netwerk/protocol/http/HttpChannelParent.cpp
@@ -622,17 +622,17 @@ bool HttpChannelParent::DoAsyncOpen(
       }
     }
 
     if (setChooseApplicationCache) {
       OriginAttributes attrs;
       NS_GetOriginAttributes(httpChannel, attrs);
 
       nsCOMPtr<nsIPrincipal> principal =
-          BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+          BasePrincipal::CreateContentPrincipal(uri, attrs);
 
       bool chooseAppCache = false;
       // This works because we've already called SetNotificationCallbacks and
       // done mPBOverride logic by this point.
       chooseAppCache = NS_ShouldCheckAppCache(principal);
 
       appCacheChan->SetChooseApplicationCache(chooseAppCache);
     }
--- a/netwerk/protocol/res/SubstitutingProtocolHandler.h
+++ b/netwerk/protocol/res/SubstitutingProtocolHandler.h
@@ -117,17 +117,17 @@ class SubstitutingProtocolHandler {
   // notified when substitutions are set or unset.
   nsTArray<nsCOMPtr<nsISubstitutionObserver>> mObservers;
 
   // Returns a SubstitutingJARURI if |aUrl| maps to a |jar:| URI,
   // otherwise will return |aURL|
   nsresult ResolveJARURI(nsIURL* aURL, nsIURI** aResult);
 
   // In general, we expect the principal of a document loaded from a
-  // substituting URI to be a codebase principal for that URI (rather than
+  // substituting URI to be a content principal for that URI (rather than
   // a principal for whatever is underneath). However, this only works if
   // the protocol handler for the underlying URI doesn't set an explicit
   // owner (which chrome:// does, for example). So we want to require that
   // substituting URIs only map to other URIs of the same type, or to
   // file:// and jar:// URIs.
   //
   // Enforcing this for ye olde resource:// URIs could carry compat risks, so
   // we just try to enforce it on new protocols going forward.
--- a/netwerk/test/TestCookie.cpp
+++ b/netwerk/test/TestCookie.cpp
@@ -89,18 +89,18 @@ void SetASameSiteCookie(nsICookieService
 
   // We create a dummy channel using the aSpec1 to simulate same-siteness
   nsresult rv0;
   nsCOMPtr<nsIScriptSecurityManager> ssm =
       do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0);
   ASSERT_TRUE(NS_SUCCEEDED(rv0));
   nsCOMPtr<nsIPrincipal> spec1Principal;
   nsCString tmpString(aSpec1);
-  ssm->CreateCodebasePrincipalFromOrigin(tmpString,
-                                         getter_AddRefs(spec1Principal));
+  ssm->CreateContentPrincipalFromOrigin(tmpString,
+                                        getter_AddRefs(spec1Principal));
 
   nsCOMPtr<nsIChannel> dummyChannel;
   NS_NewChannel(getter_AddRefs(dummyChannel), uri1, spec1Principal,
                 nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
                 nsIContentPolicy::TYPE_OTHER);
 
   nsCOMPtr<nsICookieSettings> cookieSettings =
       aAllowed ? CookieSettings::Create() : CookieSettings::CreateBlockingAll();
--- a/netwerk/test/gtest/TestMozURL.cpp
+++ b/netwerk/test/gtest/TestMozURL.cpp
@@ -278,17 +278,17 @@ void CheckOrigin(const nsACString& aSpec
 
   nsCOMPtr<nsIURI> uri;
   rv = NS_NewURI(getter_AddRefs(uri), aSpec, nullptr, baseUri);
   ASSERT_EQ(rv, NS_OK);
 
   OriginAttributes attrs;
 
   nsCOMPtr<nsIPrincipal> principal =
-      BasePrincipal::CreateCodebasePrincipal(uri, attrs);
+      BasePrincipal::CreateContentPrincipal(uri, attrs);
   ASSERT_TRUE(principal);
 
   nsCString origin;
   rv = principal->GetOriginNoSuffix(origin);
   ASSERT_EQ(rv, NS_OK);
 
   EXPECT_TRUE(OriginMatchesExpectedOrigin(origin, aOrigin));
 
--- a/netwerk/test/unit/test_auth_dialog_permission.js
+++ b/netwerk/test/unit/test_auth_dialog_permission.js
@@ -104,17 +104,17 @@ function make_uri(url) {
   return ios.newURI(url);
 }
 
 function makeChan(loadingUrl, url, contentPolicy) {
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri(loadingUrl);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   return NetUtil.newChannel({
     uri: url,
     loadingPrincipal: principal,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
     contentPolicyType: contentPolicy,
   }).QueryInterface(Ci.nsIHttpChannel);
 }
--- a/netwerk/test/unit/test_auth_jar.js
+++ b/netwerk/test/unit/test_auth_jar.js
@@ -8,18 +8,18 @@ function createURI(s) {
 function run_test() {
   // Set up a profile.
   do_get_profile();
 
   var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   const kURI1 = "http://example.com";
-  var app = secMan.createCodebasePrincipal(createURI(kURI1), {});
-  var appbrowser = secMan.createCodebasePrincipal(createURI(kURI1), {
+  var app = secMan.createContentPrincipal(createURI(kURI1), {});
+  var appbrowser = secMan.createContentPrincipal(createURI(kURI1), {
     inIsolatedMozBrowser: true,
   });
 
   var am = Cc["@mozilla.org/network/http-auth-manager;1"].getService(
     Ci.nsIHttpAuthManager
   );
   am.setAuthIdentity(
     "http",
--- a/netwerk/test/unit/test_authentication.js
+++ b/netwerk/test/unit/test_authentication.js
@@ -279,17 +279,17 @@ var listener = {
   },
 };
 
 function makeChan(url, loadingUrl) {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
-  var principal = ssm.createCodebasePrincipal(ios.newURI(loadingUrl), {});
+  var principal = ssm.createContentPrincipal(ios.newURI(loadingUrl), {});
   return NetUtil.newChannel({
     uri: url,
     loadingPrincipal: principal,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
   });
 }
 
--- a/netwerk/test/unit/test_bug1195415.js
+++ b/netwerk/test/unit/test_bug1195415.js
@@ -8,154 +8,154 @@ function run_test() {
 
   // NON-UNICODE
   var uri = ios.newURI("http://foo.com/file.txt");
   Assert.equal(uri.asciiHostPort, "foo.com");
   uri = uri
     .mutate()
     .setPort(90)
     .finalize();
-  var prin = ssm.createCodebasePrincipal(uri, {});
+  var prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "foo.com:90");
   Assert.equal(prin.origin, "http://foo.com:90");
 
   uri = ios.newURI("http://foo.com:10/file.txt");
   Assert.equal(uri.asciiHostPort, "foo.com:10");
   uri = uri
     .mutate()
     .setPort(500)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "foo.com:500");
   Assert.equal(prin.origin, "http://foo.com:500");
 
   uri = ios.newURI("http://foo.com:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "foo.com:5000");
   uri = uri
     .mutate()
     .setPort(20)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "foo.com:20");
   Assert.equal(prin.origin, "http://foo.com:20");
 
   uri = ios.newURI("http://foo.com:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "foo.com:5000");
   uri = uri
     .mutate()
     .setPort(-1)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "foo.com");
   Assert.equal(prin.origin, "http://foo.com");
 
   uri = ios.newURI("http://foo.com:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "foo.com:5000");
   uri = uri
     .mutate()
     .setPort(80)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "foo.com");
   Assert.equal(prin.origin, "http://foo.com");
 
   // UNICODE
   uri = ios.newURI("http://jos\u00e9.example.net.ch/file.txt");
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
   uri = uri
     .mutate()
     .setPort(90)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:90");
   Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:90");
 
   uri = ios.newURI("http://jos\u00e9.example.net.ch:10/file.txt");
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:10");
   uri = uri
     .mutate()
     .setPort(500)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:500");
   Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:500");
 
   uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
   uri = uri
     .mutate()
     .setPort(20)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:20");
   Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch:20");
 
   uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
   uri = uri
     .mutate()
     .setPort(-1)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
   Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch");
 
   uri = ios.newURI("http://jos\u00e9.example.net.ch:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch:5000");
   uri = uri
     .mutate()
     .setPort(80)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "xn--jos-dma.example.net.ch");
   Assert.equal(prin.origin, "http://xn--jos-dma.example.net.ch");
 
   // ipv6
   uri = ios.newURI("http://[123:45::678]/file.txt");
   Assert.equal(uri.asciiHostPort, "[123:45::678]");
   uri = uri
     .mutate()
     .setPort(90)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "[123:45::678]:90");
   Assert.equal(prin.origin, "http://[123:45::678]:90");
 
   uri = ios.newURI("http://[123:45::678]:10/file.txt");
   Assert.equal(uri.asciiHostPort, "[123:45::678]:10");
   uri = uri
     .mutate()
     .setPort(500)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "[123:45::678]:500");
   Assert.equal(prin.origin, "http://[123:45::678]:500");
 
   uri = ios.newURI("http://[123:45::678]:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
   uri = uri
     .mutate()
     .setPort(20)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "[123:45::678]:20");
   Assert.equal(prin.origin, "http://[123:45::678]:20");
 
   uri = ios.newURI("http://[123:45::678]:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
   uri = uri
     .mutate()
     .setPort(-1)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "[123:45::678]");
   Assert.equal(prin.origin, "http://[123:45::678]");
 
   uri = ios.newURI("http://[123:45::678]:5000/file.txt");
   Assert.equal(uri.asciiHostPort, "[123:45::678]:5000");
   uri = uri
     .mutate()
     .setPort(80)
     .finalize();
-  prin = ssm.createCodebasePrincipal(uri, {});
+  prin = ssm.createContentPrincipal(uri, {});
   Assert.equal(uri.asciiHostPort, "[123:45::678]");
   Assert.equal(prin.origin, "http://[123:45::678]");
 }
--- a/netwerk/test/unit/test_bug337744.js
+++ b/netwerk/test/unit/test_bug337744.js
@@ -22,17 +22,17 @@ const error_specs = [
   "resource://res-test/..\\..\\",
   "resource://res-test/..%5C",
   "resource://res-test/..%5c",
 ];
 
 // Create some fake principal that has not enough
 // privileges to access any resource: uri.
 var uri = NetUtil.newURI("http://www.example.com");
-var principal = Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
+var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
 
 function get_channel(spec) {
   var channelURI = NetUtil.newURI(spec);
 
   var channel = NetUtil.newChannel({
     uri: NetUtil.newURI(spec),
     loadingPrincipal: principal,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
--- a/netwerk/test/unit/test_cache2-32-clear-origin.js
+++ b/netwerk/test/unit/test_cache2-32-clear-origin.js
@@ -24,17 +24,17 @@ function run_test() {
             new OpenCallback(NEW, "f1m", "f1d", function(entry) {
               asyncOpenCacheEntry(
                 URL2 + "/a",
                 "disk",
                 Ci.nsICacheStorage.OPEN_NORMALLY,
                 null,
                 new OpenCallback(NORMAL, "f1m", "f1d", function(entry) {
                   var url = Services.io.newURI(URL);
-                  var principal = Services.scriptSecurityManager.createCodebasePrincipal(
+                  var principal = Services.scriptSecurityManager.createContentPrincipal(
                     url,
                     {}
                   );
 
                   get_cache_service().clearOrigin(principal);
 
                   asyncOpenCacheEntry(
                     URL + "/a",
--- a/netwerk/test/unit/test_cacheflags.js
+++ b/netwerk/test/unit/test_cacheflags.js
@@ -17,17 +17,17 @@ var test410Path = "/test410" + suffix;
 var test404Path = "/test404" + suffix;
 
 var PrivateBrowsingLoadContext = Cu.createPrivateLoadContext();
 
 function make_channel(url, flags, usePrivateBrowsing) {
   var securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
 
   var uri = Services.io.newURI(url);
-  var principal = Services.scriptSecurityManager.createCodebasePrincipal(uri, {
+  var principal = Services.scriptSecurityManager.createContentPrincipal(uri, {
     privateBrowsingId: usePrivateBrowsing ? 1 : 0,
   });
 
   var req = NetUtil.newChannel({
     uri,
     loadingPrincipal: principal,
     securityFlags,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
--- a/netwerk/test/unit/test_fallback_no-cache-entry_canceled.js
+++ b/netwerk/test/unit/test_fallback_no-cache-entry_canceled.js
@@ -59,17 +59,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_no-cache-entry_passing.js
+++ b/netwerk/test/unit/test_fallback_no-cache-entry_passing.js
@@ -59,17 +59,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_redirect-to-different-origin_canceled.js
+++ b/netwerk/test/unit/test_fallback_redirect-to-different-origin_canceled.js
@@ -66,17 +66,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_redirect-to-different-origin_passing.js
+++ b/netwerk/test/unit/test_fallback_redirect-to-different-origin_passing.js
@@ -66,17 +66,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_request-error_canceled.js
+++ b/netwerk/test/unit/test_fallback_request-error_canceled.js
@@ -65,17 +65,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_request-error_passing.js
+++ b/netwerk/test/unit/test_fallback_request-error_passing.js
@@ -66,17 +66,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_response-error_canceled.js
+++ b/netwerk/test/unit/test_fallback_response-error_canceled.js
@@ -66,17 +66,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_fallback_response-error_passing.js
+++ b/netwerk/test/unit/test_fallback_response-error_passing.js
@@ -66,17 +66,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:" + httpServer.identity.primaryPort);
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_offlinecache_custom-directory.js
+++ b/netwerk/test/unit/test_offlinecache_custom-directory.js
@@ -99,17 +99,17 @@ function run_test() {
 
   var pm = Cc["@mozilla.org/permissionmanager;1"].getService(
     Ci.nsIPermissionManager
   );
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var uri = make_uri("http://localhost:4444");
-  var principal = ssm.createCodebasePrincipal(uri, {});
+  var principal = ssm.createContentPrincipal(uri, {});
 
   if (pm.testPermissionFromPrincipal(principal, "offline-app") != 0) {
     dump(
       "Previous test failed to clear offline-app permission!  Expect failures.\n"
     );
   }
   pm.addFromPrincipal(
     principal,
--- a/netwerk/test/unit/test_permmgr.js
+++ b/netwerk/test/unit/test_permmgr.js
@@ -46,25 +46,25 @@ function run_test() {
   // nsIPermissionManager implementation is an extension; don't fail if it's not there
   if (!pm) {
     return;
   }
 
   // put a few hosts in
   for (var i = 0; i < hosts.length; ++i) {
     let uri = ioService.newURI(hosts[i][0]);
-    let principal = secMan.createCodebasePrincipal(uri, {});
+    let principal = secMan.createContentPrincipal(uri, {});
 
     pm.addFromPrincipal(principal, hosts[i][1], hosts[i][2]);
   }
 
   // test the result
   for (var i = 0; i < results.length; ++i) {
     let uri = ioService.newURI(results[i][0]);
-    let principal = secMan.createCodebasePrincipal(uri, {});
+    let principal = secMan.createContentPrincipal(uri, {});
 
     Assert.equal(
       pm.testPermissionFromPrincipal(principal, results[i][1]),
       results[i][2]
     );
     Assert.equal(
       pm.testExactPermissionFromPrincipal(principal, results[i][1]),
       results[i][3]
@@ -110,17 +110,17 @@ function run_test() {
   Assert.equal(enumerator.hasMoreElements(), false);
 
   // test removeAll()
   pm.removeAll();
   Assert.equal(pm.enumerator.hasMoreElements(), false);
 
   uri = ioService.newURI("https://www.example.com");
   pm.add(uri, "offline-app", pm.ALLOW_ACTION);
-  let principal = secMan.createCodebasePrincipalFromOrigin(
+  let principal = secMan.createContentPrincipalFromOrigin(
     "https://www.example.com"
   );
   // Remove existing entry.
   let perm = pm.getPermissionObject(principal, "offline-app", true);
   pm.removePermission(perm);
   // Try to remove already deleted entry.
   perm = pm.getPermissionObject(principal, "offline-app", true);
   pm.removePermission(perm);
--- a/netwerk/test/unit/test_referrer.js
+++ b/netwerk/test/unit/test_referrer.js
@@ -2,17 +2,17 @@ const ReferrerInfo = Components.Construc
   "@mozilla.org/referrer-info;1",
   "nsIReferrerInfo",
   "init"
 );
 
 function getTestReferrer(server_uri, referer_uri, isPrivate = false) {
   var uri = NetUtil.newURI(server_uri);
   let referrer = NetUtil.newURI(referer_uri);
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     referrer,
     { privateBrowsingId: isPrivate ? 1 : 0 }
   );
   var chan = NetUtil.newChannel({
     uri,
     loadingPrincipal: principal,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
--- a/netwerk/test/unit/test_referrer_cross_origin.js
+++ b/netwerk/test/unit/test_referrer_cross_origin.js
@@ -27,17 +27,17 @@ function test_policy(test) {
       "network.http.referer.XOriginTrimmingPolicy",
       test.XOriginTrimmingPolicy
     );
   } else {
     prefs.setIntPref("network.http.referer.XOriginTrimmingPolicy", 0);
   }
 
   let referrer = NetUtil.newURI(test.referrer);
-  let triggeringPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let triggeringPrincipal = Services.scriptSecurityManager.createContentPrincipal(
     referrer,
     {}
   );
   let chan = NetUtil.newChannel({
     uri: test.url,
     loadingPrincipal: Services.scriptSecurityManager.getSystemPrincipal(),
     triggeringPrincipal,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
--- a/netwerk/test/unit/test_speculative_connect.js
+++ b/netwerk/test/unit/test_speculative_connect.js
@@ -148,17 +148,17 @@ TestFailedStreamCallback.prototype = {
 function test_speculative_connect() {
   serv = new TestServer();
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
   var URI = ios.newURI(
     "http://localhost:" + serv.listener.port + "/just/a/test"
   );
-  var principal = ssm.createCodebasePrincipal(URI, {});
+  var principal = ssm.createContentPrincipal(URI, {});
 
   ios
     .QueryInterface(Ci.nsISpeculativeConnect)
     .speculativeConnect(URI, principal, null);
 }
 
 /* Speculative connections should not be allowed for hosts with local IP
  * addresses (Bug 853423). That list includes:
--- a/netwerk/test/unit/test_suspend_channel_on_authRetry.js
+++ b/netwerk/test/unit/test_suspend_channel_on_authRetry.js
@@ -171,17 +171,17 @@ var listener = {
   },
 };
 
 function makeChan(url, loadingUrl) {
   var ios = Cc["@mozilla.org/network/io-service;1"].getService(Ci.nsIIOService);
   var ssm = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(
     Ci.nsIScriptSecurityManager
   );
-  var principal = ssm.createCodebasePrincipal(ios.newURI(loadingUrl), {});
+  var principal = ssm.createContentPrincipal(ios.newURI(loadingUrl), {});
   return NetUtil.newChannel({
     uri: url,
     loadingPrincipal: principal,
     securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
   });
 }
 
--- a/netwerk/test/unit/test_trackingProtection_annotateChannels.js
+++ b/netwerk/test/unit/test_trackingProtection_annotateChannels.js
@@ -194,17 +194,17 @@ var tests = [
         "privacy.trackingprotection.annotate_channels",
         false
       );
       Services.prefs.setBoolPref(
         "privacy.trackingprotection.lower_network_priority",
         false
       );
     }
-    var principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    var principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       normalOrigin
     );
     testPriorityMap = [
       {
         path: normalOrigin + "/innocent.css",
         loadingPrincipal: principal,
         topWindowURI: defaultTopWindowURI,
         expectedTracking: false,
@@ -254,17 +254,17 @@ var tests = [
         "privacy.trackingprotection.annotate_channels",
         true
       );
       Services.prefs.setBoolPref(
         "privacy.trackingprotection.lower_network_priority",
         true
       );
     }
-    var principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    var principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       normalOrigin
     );
     testPriorityMap = [
       {
         path: normalOrigin + "/innocent.css",
         loadingPrincipal: principal,
         topWindowURI: defaultTopWindowURI,
         expectedTracking: false,
--- a/services/sync/Weave.jsm
+++ b/services/sync/Weave.jsm
@@ -164,17 +164,17 @@ AboutWeaveLog.prototype = {
     let channel = Services.io.newChannelFromURIWithLoadInfo(uri, aLoadInfo);
 
     channel.originalURI = aURI;
 
     // Ensure that the about page has the same privileges as a regular directory
     // view. That way links to files can be opened. make sure we use the correct
     // origin attributes when creating the principal for accessing the
     // about:sync-log data.
-    let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+    let principal = Services.scriptSecurityManager.createContentPrincipal(
       uri,
       aLoadInfo.originAttributes
     );
 
     channel.owner = principal;
     return channel;
   },
 };
--- a/testing/specialpowers/content/SpecialPowersAPI.jsm
+++ b/testing/specialpowers/content/SpecialPowersAPI.jsm
@@ -1559,25 +1559,25 @@ class SpecialPowersAPI extends JSWindowA
 
   _getPrincipalFromArg(arg) {
     let principal;
     let secMan = Services.scriptSecurityManager;
 
     if (typeof arg == "string") {
       // It's an URL.
       let uri = Services.io.newURI(arg);
-      principal = secMan.createCodebasePrincipal(uri, {});
+      principal = secMan.createContentPrincipal(uri, {});
     } else if (arg.nodePrincipal) {
       // It's a document.
       // In some tests the arg is a wrapped DOM element, so we unwrap it first.
       principal = WrapPrivileged.unwrap(arg).nodePrincipal;
     } else {
       let uri = Services.io.newURI(arg.url);
       let attrs = arg.originAttributes || {};
-      principal = secMan.createCodebasePrincipal(uri, attrs);
+      principal = secMan.createContentPrincipal(uri, attrs);
     }
 
     return principal;
   }
 
   async addPermission(type, allow, arg, expireType, expireTime) {
     let principal = this._getPrincipalFromArg(arg);
     if (principal.isSystemPrincipal) {
--- a/testing/web-platform/meta/infrastructure/server/__dir__.ini
+++ b/testing/web-platform/meta/infrastructure/server/__dir__.ini
@@ -1,2 +1,2 @@
-lsan-allowed: [Alloc, Create, CreateInner, GetClientInfo, MakeUnique, NewPage, PLDHashTable::ChangeTable, mozilla::BasePrincipal::CreateCodebasePrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::CookieSettings::Create, mozilla::net::LoadInfo::LoadInfo, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsStandardURL::TemplatedMutator, nsSupportsWeakReference::GetWeakReference]
+lsan-allowed: [Alloc, Create, CreateInner, GetClientInfo, MakeUnique, NewPage, PLDHashTable::ChangeTable, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::CookieSettings::Create, mozilla::net::LoadInfo::LoadInfo, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsStandardURL::TemplatedMutator, nsSupportsWeakReference::GetWeakReference]
 leak-threshold: [default:51200, tab:51200]
--- a/testing/web-platform/meta/service-workers/service-worker/__dir__.ini
+++ b/testing/web-platform/meta/service-workers/service-worker/__dir__.ini
@@ -1,3 +1,3 @@
 prefs: [dom.serviceWorkers.enabled:true]
-lsan-allowed: [Alloc, CompareNetwork, Create, EntrySlotOrCreate, GetClientInfo, MakeUnique, Malloc, NS_NewLoadGroup, NewChannelFromURIWithProxyFlagsInternal, NewPage, PLDHashTable::Add, Realloc, SharedMutex, Then, createTable, mozilla::BasePrincipal::CreateCodebasePrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::PerformanceStorageWorker::Create, mozilla::dom::ServiceWorkerJobQueue::RunJob, mozilla::dom::ServiceWorkerManager::Unregister, mozilla::dom::ServiceWorkerRegistrationMainThread::Unregister, mozilla::dom::UnregisterCallback::UnregisterCallback, mozilla::dom::WorkerCSPEventListener::Create, mozilla::dom::WorkerPrivate::EnsurePerformanceCounter, mozilla::dom::WorkerPrivate::WorkerPrivate, mozilla::dom::cache::CacheOpChild::Recv__delete__, mozilla::dom::serviceWorkerScriptCache::, mozilla::net::HttpBaseChannel::HttpBaseChannel, mozilla::net::HttpChannelChild::HttpChannelChild, mozilla::net::nsHttpHandler::NewProxiedChannel, mozilla::net::nsIOService::NewChannelFromURIWithProxyFlagsInternal, mozilla::net::nsStandardURL::TemplatedMutator, nsPermission::Create, nsTimer, nsTimer::WithEventTarget, operator]
+lsan-allowed: [Alloc, CompareNetwork, Create, EntrySlotOrCreate, GetClientInfo, MakeUnique, Malloc, NS_NewLoadGroup, NewChannelFromURIWithProxyFlagsInternal, NewPage, PLDHashTable::Add, Realloc, SharedMutex, Then, createTable, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::PerformanceStorageWorker::Create, mozilla::dom::ServiceWorkerJobQueue::RunJob, mozilla::dom::ServiceWorkerManager::Unregister, mozilla::dom::ServiceWorkerRegistrationMainThread::Unregister, mozilla::dom::UnregisterCallback::UnregisterCallback, mozilla::dom::WorkerCSPEventListener::Create, mozilla::dom::WorkerPrivate::EnsurePerformanceCounter, mozilla::dom::WorkerPrivate::WorkerPrivate, mozilla::dom::cache::CacheOpChild::Recv__delete__, mozilla::dom::serviceWorkerScriptCache::, mozilla::net::HttpBaseChannel::HttpBaseChannel, mozilla::net::HttpChannelChild::HttpChannelChild, mozilla::net::nsHttpHandler::NewProxiedChannel, mozilla::net::nsIOService::NewChannelFromURIWithProxyFlagsInternal, mozilla::net::nsStandardURL::TemplatedMutator, nsPermission::Create, nsTimer, nsTimer::WithEventTarget, operator]
 leak-threshold: [default:51200, tab:51200]
--- a/testing/web-platform/meta/websockets/__dir__.ini
+++ b/testing/web-platform/meta/websockets/__dir__.ini
@@ -1,2 +1,2 @@
-lsan-allowed: [Alloc, Create, GetClientInfo, MakeUnique, NewPage, PLDHashTable::Add, Realloc, SetPropertyAsInterface, mozilla::BasePrincipal::CreateCodebasePrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::WeakPtr, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::extensions::ChannelWrapper::ChannelWrapper, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::CookieSettings::Create, mozilla::net::LoadInfo::LoadInfo, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsHttpTransaction::ParseHead, mozilla::net::nsStandardURL::TemplatedMutator, nsNodeSupportsWeakRefTearoff::GetWeakReference, nsSupportsWeakReference::GetWeakReference]
+lsan-allowed: [Alloc, Create, GetClientInfo, MakeUnique, NewPage, PLDHashTable::Add, Realloc, SetPropertyAsInterface, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::WeakPtr, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::extensions::ChannelWrapper::ChannelWrapper, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::CookieSettings::Create, mozilla::net::LoadInfo::LoadInfo, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsHttpTransaction::ParseHead, mozilla::net::nsStandardURL::TemplatedMutator, nsNodeSupportsWeakRefTearoff::GetWeakReference, nsSupportsWeakReference::GetWeakReference]
 leak-threshold: [default:102400, tab:51200]
--- a/testing/web-platform/meta/websockets/binary/__dir__.ini
+++ b/testing/web-platform/meta/websockets/binary/__dir__.ini
@@ -1,3 +1,3 @@
-lsan-allowed: [MakeUnique, mozilla::dom::WebSocket::ConstructorCommon, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, Alloc, Create, Malloc, NewPage, PLDHashTable::Add, PLDHashTable::ChangeTable, Realloc, RecvOnAcknowledge, RecvOnStop, mozilla::BasePrincipal::CreateCodebasePrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::dom::ScriptElement::MaybeProcessScript, mozilla::dom::WebSocket::WebSocket, mozilla::dom::WorkerCSPEventListener::Create, mozilla::dom::ContentChild::GetConstructedEventTarget, mozilla::net::WebSocketChannelChild::RecvOnServerClose, mozilla::net::nsStandardURL::TemplatedMutator, nsAtomTable::Atomize, nsDocShell::Create]
+lsan-allowed: [MakeUnique, mozilla::dom::WebSocket::ConstructorCommon, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketEventService::GetOrCreate, Alloc, Create, Malloc, NewPage, PLDHashTable::Add, PLDHashTable::ChangeTable, Realloc, RecvOnAcknowledge, RecvOnStop, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::dom::ScriptElement::MaybeProcessScript, mozilla::dom::WebSocket::WebSocket, mozilla::dom::WorkerCSPEventListener::Create, mozilla::dom::ContentChild::GetConstructedEventTarget, mozilla::net::WebSocketChannelChild::RecvOnServerClose, mozilla::net::nsStandardURL::TemplatedMutator, nsAtomTable::Atomize, nsDocShell::Create]
 lsan-max-stack-depth: 7
 leak-threshold: [tab:51200]
--- a/testing/web-platform/meta/websockets/constructor/__dir__.ini
+++ b/testing/web-platform/meta/websockets/constructor/__dir__.ini
@@ -1,3 +1,3 @@
 lsan-max-stack-depth: 7
-lsan-allowed: [Alloc, Create, MakeUnique, Malloc, NewPage, PLDHashTable::Add, PLDHashTable::ChangeTable, Realloc, RecvOnAcknowledge, RecvOnStop, SetPropertyAsInterface, SetSucceededCertChain, allocate, mozilla::BasePrincipal::CreateCodebasePrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::ContentChild::GetConstructedEventTarget, mozilla::dom::ScriptElement::MaybeProcessScript, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::dom::WorkerCSPEventListener::Create, mozilla::extensions::ChannelWrapper::ChannelWrapper, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketChannelChild::RecvOnServerClose, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsHttpTransaction::ParseHead, mozilla::net::nsStandardURL::TemplatedMutator, nsAtomTable::Atomize, nsDocShell::Create, nsNSSCertificate::Create, nsNodeSupportsWeakRefTearoff::GetWeakReference, nsSSLIOLayerAddToSocket]
+lsan-allowed: [Alloc, Create, MakeUnique, Malloc, NewPage, PLDHashTable::Add, PLDHashTable::ChangeTable, Realloc, RecvOnAcknowledge, RecvOnStop, SetPropertyAsInterface, SetSucceededCertChain, allocate, mozilla::BasePrincipal::CreateContentPrincipal, mozilla::SchedulerGroup::CreateEventTargetFor, mozilla::ThrottledEventQueue::Create, mozilla::WeakPtr, mozilla::detail::UniqueSelector, mozilla::dom::ContentChild::GetConstructedEventTarget, mozilla::dom::ScriptElement::MaybeProcessScript, mozilla::dom::WebSocket::ConstructorCommon, mozilla::dom::WebSocket::WebSocket, mozilla::dom::WorkerCSPEventListener::Create, mozilla::extensions::ChannelWrapper::ChannelWrapper, mozilla::net::BaseWebSocketChannel::InitLoadInfo, mozilla::net::BaseWebSocketChannel::InitLoadInfoNative, mozilla::net::WebSocketChannelChild::AsyncOpen, mozilla::net::WebSocketChannelChild::RecvOnServerClose, mozilla::net::WebSocketEventService::GetOrCreate, mozilla::net::nsHttpTransaction::ParseHead, mozilla::net::nsStandardURL::TemplatedMutator, nsAtomTable::Atomize, nsDocShell::Create, nsNSSCertificate::Create, nsNodeSupportsWeakRefTearoff::GetWeakReference, nsSSLIOLayerAddToSocket]
 leak-threshold: [tab:51200]
--- a/testing/web-platform/tests/tools/wptrunner/wptrunner/executors/executormarionette.py
+++ b/testing/web-platform/tests/tools/wptrunner/wptrunner/executors/executormarionette.py
@@ -321,17 +321,17 @@ class MarionetteStorageProtocolPart(Stor
         self.logger.info("Clearing origin %s" % (url))
         script = """
             let url = '%s';
             let uri = Components.classes["@mozilla.org/network/io-service;1"]
                                 .getService(Ci.nsIIOService)
                                 .newURI(url);
             let ssm = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
                                 .getService(Ci.nsIScriptSecurityManager);
-            let principal = ssm.createCodebasePrincipal(uri, {});
+            let principal = ssm.createContentPrincipal(uri, {});
             let qms = Components.classes["@mozilla.org/dom/quota-manager-service;1"]
                                 .getService(Components.interfaces.nsIQuotaManagerService);
             qms.clearStoragesForPrincipal(principal, "default", null, true);
             """ % url
         with self.marionette.using_context(self.marionette.CONTEXT_CHROME):
             self.marionette.execute_script(script)
 
 
--- a/toolkit/actors/WebChannelChild.jsm
+++ b/toolkit/actors/WebChannelChild.jsm
@@ -43,17 +43,17 @@ class WebChannelChild extends ActorChild
     return undefined;
   }
 
   _getWhitelistedPrincipals() {
     let whitelist = Services.prefs.getCharPref(URL_WHITELIST_PREF);
     if (whitelist != _lastWhitelistValue) {
       let urls = whitelist.split(/\s+/);
       _cachedWhitelist = urls.map(origin =>
-        Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(origin)
+        Services.scriptSecurityManager.createContentPrincipalFromOrigin(origin)
       );
     }
     return _cachedWhitelist;
   }
 
   _onMessageToChrome(e) {
     // If target is window then we want the document principal, otherwise fallback to target itself.
     let principal = e.target.nodePrincipal
--- a/toolkit/components/alerts/test/test_image.html
+++ b/toolkit/components/alerts/test/test_image.html
@@ -94,17 +94,17 @@ add_task(async function testCancel() {
     request.cancel(SpecialPowers.Cr.NS_BINDING_ABORTED);
   });
 });
 
 add_task(async function testMixedContent() {
   // Loading principal is HTTPS; image URL is HTTP.
   var origin = "https://mochi.test:8888";
   var principal = Services.scriptSecurityManager
-                          .createCodebasePrincipalFromOrigin(origin);
+                          .createContentPrincipalFromOrigin(origin);
 
   var alert = makeAlert(null, imageServerURL + "?f=image.png",
                         null, null, false, null, null, null,
                         null, principal);
   var [ready, request] = await promiseImage(alert);
   ok(ready, "Should load cross-protocol image");
   is(request.mimeType, "image/png", "Should report correct MIME type");
   is(request.image.width, 32, "Width should be 32px");
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@@ -156,17 +156,17 @@ void CreatePermissionKey(const nsCString
 // This internal method returns ACCESS_DENY if the access is denied,
 // ACCESS_DEFAULT if unknown, some other access code if granted.
 uint32_t CheckCookiePermissionForPrincipal(nsICookieSettings* aCookieSettings,
                                            nsIPrincipal* aPrincipal) {
   MOZ_ASSERT(aCookieSettings);
   MOZ_ASSERT(aPrincipal);
 
   uint32_t cookiePermission = nsICookiePermission::ACCESS_DEFAULT;
-  if (!aPrincipal->GetIsCodebasePrincipal()) {
+  if (!aPrincipal->GetIsContentPrincipal()) {
     return cookiePermission;
   }
 
   nsresult rv =
       aCookieSettings->CookiePermission(aPrincipal, &cookiePermission);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return nsICookiePermission::ACCESS_DEFAULT;
   }
@@ -1620,17 +1620,17 @@ bool AntiTrackingCommon::IsFirstPartySto
 }
 
 bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
     nsIPrincipal* aPrincipal, nsICookieSettings* aCookieSettings) {
   MOZ_ASSERT(aPrincipal);
   MOZ_ASSERT(aCookieSettings);
 
   uint32_t access = nsICookiePermission::ACCESS_DEFAULT;
-  if (aPrincipal->GetIsCodebasePrincipal()) {
+  if (aPrincipal->GetIsContentPrincipal()) {
     nsPermissionManager* permManager = nsPermissionManager::GetInstance();
     if (permManager) {
       Unused << NS_WARN_IF(NS_FAILED(permManager->TestPermissionFromPrincipal(
           aPrincipal, NS_LITERAL_CSTRING("cookie"), &access)));
     }
   }
 
   if (access != nsICookiePermission::ACCESS_DEFAULT) {
--- a/toolkit/components/antitracking/ContentBlockingAllowList.jsm
+++ b/toolkit/components/antitracking/ContentBlockingAllowList.jsm
@@ -57,17 +57,17 @@ const ContentBlockingAllowList = {
   },
 
   _basePrincipalForAntiTrackingCommon(browser) {
     let baseURI = this._baseURIForAntiTrackingCommon(browser);
     if (!baseURI) {
       return null;
     }
     let attrs = browser.contentPrincipal.originAttributes;
-    return Services.scriptSecurityManager.createCodebasePrincipal(
+    return Services.scriptSecurityManager.createContentPrincipal(
       baseURI,
       attrs
     );
   },
 
   _permissionTypeFor(browser) {
     return PrivateBrowsingUtils.isBrowserPrivate(browser)
       ? "trackingprotection-pb"
--- a/toolkit/components/cleardata/ClearDataService.jsm
+++ b/toolkit/components/cleardata/ClearDataService.jsm
@@ -125,21 +125,21 @@ const CertCleaner = {
 };
 
 const NetworkCacheCleaner = {
   deleteByHost(aHost, aOriginAttributes) {
     return new Promise(aResolve => {
       // Delete data from both HTTP and HTTPS sites.
       let httpURI = Services.io.newURI("http://" + aHost);
       let httpsURI = Services.io.newURI("https://" + aHost);
-      let httpPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal(
         httpURI,
         aOriginAttributes
       );
-      let httpsPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal(
         httpsURI,
         aOriginAttributes
       );
 
       Services.cache2.clearOrigin(httpPrincipal);
       Services.cache2.clearOrigin(httpsPrincipal);
       aResolve();
     });
@@ -165,21 +165,21 @@ const ImageCacheCleaner = {
     return new Promise(aResolve => {
       let imageCache = Cc["@mozilla.org/image/tools;1"]
         .getService(Ci.imgITools)
         .getImgCacheForDocument(null);
 
       // Delete data from both HTTP and HTTPS sites.
       let httpURI = Services.io.newURI("http://" + aHost);
       let httpsURI = Services.io.newURI("https://" + aHost);
-      let httpPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal(
         httpURI,
         aOriginAttributes
       );
-      let httpsPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+      let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal(
         httpsURI,
         aOriginAttributes
       );
 
       imageCache.removeEntriesFromPrincipal(httpPrincipal);
       imageCache.removeEntriesFromPrincipal(httpsPrincipal);
       aResolve();
     });
@@ -460,21 +460,21 @@ const QuotaCleaner = {
       )
       .then(exceptionThrown => {
         // QuotaManager: In the event of a failure, we call reject to propagate
         // the error upwards.
 
         // delete data from both HTTP and HTTPS sites
         let httpURI = Services.io.newURI("http://" + aHost);
         let httpsURI = Services.io.newURI("https://" + aHost);
-        let httpPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+        let httpPrincipal = Services.scriptSecurityManager.createContentPrincipal(
           httpURI,
           aOriginAttributes
         );
-        let httpsPrincipal = Services.scriptSecurityManager.createCodebasePrincipal(
+        let httpsPrincipal = Services.scriptSecurityManager.createContentPrincipal(
           httpsURI,
           aOriginAttributes
         );
         let promises = [];
         promises.push(
           new Promise((aResolve, aReject) => {
             let req = Services.qms.clearStoragesForPrincipal(
               httpPrincipal,
@@ -516,17 +516,17 @@ const QuotaCleaner = {
               Services.qms.listInitializedOrigins(aRequest => {
                 if (aRequest.resultCode != Cr.NS_OK) {
                   aReject({ message: "Delete by host failed" });
                   return;
                 }
 
                 let promises = [];
                 for (let item of aRequest.result) {
-                  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+                  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
                     item.origin
                   );
                   let host;
                   try {
                     host = principal.URI.host;
                   } catch (e) {
                     // There is no host for the given principal.
                     continue;
@@ -606,17 +606,17 @@ const QuotaCleaner = {
           Services.qms.getUsage(aRequest => {
             if (aRequest.resultCode != Cr.NS_OK) {
               aReject({ message: "Delete all failed" });
               return;
             }
 
             let promises = [];
             for (let item of aRequest.result) {
-              let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+              let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
                 item.origin
               );
               if (
                 principal.URI.scheme == "http" ||
                 principal.URI.scheme == "https" ||
                 principal.URI.scheme == "file"
               ) {
                 promises.push(
--- a/toolkit/components/cleardata/SiteDataTestUtils.jsm
+++ b/toolkit/components/cleardata/SiteDataTestUtils.jsm
@@ -38,17 +38,17 @@ var SiteDataTestUtils = {
    * Makes an origin have persistent data storage.
    *
    * @param {String} origin - the origin of the site to give persistent storage
    *
    * @returns a Promise that resolves when storage was persisted
    */
   persist(origin, value = Services.perms.ALLOW_ACTION) {
     return new Promise(resolve => {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       Services.perms.addFromPrincipal(principal, "persistent-storage", value);
       Services.qms.persist(principal).callback = () => resolve();
     });
   },
 
   /**
@@ -56,17 +56,17 @@ var SiteDataTestUtils = {
    *
    * @param {String} origin - the origin of the site to add test data for
    * @param {Number} size [optional] - the size of the entry in bytes
    *
    * @returns a Promise that resolves when the data was added successfully.
    */
   addToIndexedDB(origin, size = 1024) {
     return new Promise(resolve => {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       let request = indexedDB.openForPrincipal(principal, "TestDatabase", 1);
       request.onupgradeneeded = function(e) {
         let db = e.target.result;
         db.createObjectStore("TestStore");
       };
       request.onsuccess = function(e) {
@@ -85,17 +85,17 @@ var SiteDataTestUtils = {
    * Adds a new cookie for the specified origin, with the specified contents.
    * The cookie will be valid for one day.
    *
    * @param {String} origin - the origin of the site to add test data for
    * @param {String} name [optional] - the cookie name
    * @param {String} value [optional] - the cookie value
    */
   addToCookies(origin, name = "foo", value = "bar") {
-    let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+    let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
       origin
     );
     Services.cookies.add(
       principal.URI.host,
       principal.URI.pathQueryRef,
       name,
       value,
       false,
@@ -260,17 +260,17 @@ var SiteDataTestUtils = {
   /**
    * Gets the current quota usage for the specified origin.
    *
    * @returns a Promise that resolves to an integer with the total
    *          amount of disk usage by a given origin.
    */
   getQuotaUsage(origin) {
     return new Promise(resolve => {
-      let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+      let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
         origin
       );
       Services.qms.getUsageForPrincipal(principal, request =>
         resolve(request.result.usage)
       );
     });
   },
 
--- a/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js
+++ b/toolkit/components/cleardata/tests/browser/browser_serviceworkers.js
@@ -86,17 +86,17 @@ add_task(async function test_deleteFromH
 
 add_task(async function test_deleteFromPrincipal() {
   await addServiceWorker("https://test1.example.com");
   await addServiceWorker("https://test1.example.org");
 
   let unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered(
     "https://test1.example.com"
   );
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "https://test1.example.com/"
   );
   await new Promise(aResolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true,
       Ci.nsIClearDataService.CLEAR_DOM_QUOTA,
       value => {
@@ -114,17 +114,17 @@ add_task(async function test_deleteFromP
   ok(
     SiteDataTestUtils.hasServiceWorkers("https://test1.example.org"),
     "test1.example.org has a service worker"
   );
 
   unregistered = SiteDataTestUtils.promiseServiceWorkerUnregistered(
     "https://test1.example.org"
   );
-  principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "https://test1.example.org/"
   );
   await new Promise(aResolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true,
       Ci.nsIClearDataService.CLEAR_DOM_QUOTA,
       value => {
--- a/toolkit/components/cleardata/tests/unit/test_cookies.js
+++ b/toolkit/components/cleardata/tests/unit/test_cookies.js
@@ -99,17 +99,17 @@ add_task(async function test_principal_c
     false /* session */,
     expiry,
     {},
     Ci.nsICookie.SAMESITE_NONE
   );
   Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1);
 
   let uri = Services.io.newURI("http://example.com");
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
   await new Promise(aResolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true /* user request */,
       Ci.nsIClearDataService.CLEAR_COOKIES,
@@ -119,17 +119,17 @@ add_task(async function test_principal_c
       }
     );
   });
 
   Assert.equal(Services.cookies.countCookiesFromHost("example.net"), 1);
 
   // Now we delete all.
   uri = Services.io.newURI("http://example.net");
-  principal = Services.scriptSecurityManager.createCodebasePrincipal(uri, {});
+  principal = Services.scriptSecurityManager.createContentPrincipal(uri, {});
   await new Promise(aResolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true /* user request */,
       Ci.nsIClearDataService.CLEAR_COOKIES,
       value => {
         Assert.equal(value, 0);
         aResolve();
--- a/toolkit/components/cleardata/tests/unit/test_downloads.js
+++ b/toolkit/components/cleardata/tests/unit/test_downloads.js
@@ -162,17 +162,17 @@ add_task(async function test_principal_d
         resolve();
       },
     };
   });
 
   await list.addView(view);
 
   let uri = Services.io.newURI("http://example.com");
-  let principal = Services.scriptSecurityManager.createCodebasePrincipal(
+  let principal = Services.scriptSecurityManager.createContentPrincipal(
     uri,
     {}
   );
 
   await new Promise(resolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true /* user request */,
--- a/toolkit/components/cleardata/tests/unit/test_network_cache.js
+++ b/toolkit/components/cleardata/tests/unit/test_network_cache.js
@@ -81,17 +81,17 @@ add_task(async function test_deleteFromP
     SiteDataTestUtils.hasCacheEntry("http://example.org/", "disk"),
     "The disk cache has an entry"
   );
   Assert.ok(
     SiteDataTestUtils.hasCacheEntry("http://example.org/", "memory"),
     "The memory cache has an entry"
   );
 
-  let principal = Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(
+  let principal = Services.scriptSecurityManager.createContentPrincipalFromOrigin(
     "http://example.com/"
   );
   await new Promise(aResolve => {
     Services.clearData.deleteDataFromPrincipal(
       principal,
       true,
       Ci.nsIClearDataService.CLEAR_NETWORK_CACHE,
       value => {
--- a/toolkit/components/cleardata/tests/unit/test_passwords.js
+++ b/toolkit/components/cleardata/tests/unit/test_passwords.js
@@ -20,17 +20,17 @@ add_task(async function test_principal_d
     usernameField: "field_username",
     passwordField: "field_password",
   });
   Services.logins.addLogin(loginInfo);
 
   Assert.equal(countL