Backed out changeset 510e95767aeb (bug 1490874) for security failures in browser/components/payments/test/mochitest/test_basic_card_form.html CLOSED TREE
authorshindli <shindli@mozilla.com>
Mon, 24 Sep 2018 11:43:30 +0300
changeset 496335 ac12aff1944d591811cb51b0e3d6a104595f5831
parent 496334 d358feec4ca15adec29e47ac85326735578b4287
child 496336 75c91b4728210c806362f6a851cce5eab117bd35
push id1864
push userffxbld-merge
push dateMon, 03 Dec 2018 15:51:40 +0000
treeherdermozilla-release@f040763d99ad [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1490874
milestone64.0a1
backs out510e95767aebe3642fe28d9e507a8b9561e5619e
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset 510e95767aeb (bug 1490874) for security failures in browser/components/payments/test/mochitest/test_basic_card_form.html CLOSED TREE
browser/actors/ClickHandlerChild.jsm
browser/base/content/browser.js
browser/base/content/nsContextMenu.js
browser/components/payments/test/mochitest/payments_common.js
caps/BasePrincipal.cpp
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
caps/nsScriptSecurityManager.h
docshell/base/nsDocShell.cpp
docshell/base/nsPingListener.cpp
dom/base/nsDOMNavigationTiming.cpp
dom/base/nsDataDocumentContentPolicy.cpp
dom/clients/manager/ClientNavigateOpChild.cpp
dom/clients/manager/ClientOpenWindowUtils.cpp
dom/offline/nsDOMOfflineResourceList.cpp
dom/presentation/Presentation.cpp
dom/security/FramingChecker.cpp
netwerk/protocol/http/HttpBaseChannel.cpp
netwerk/protocol/http/nsHttpChannel.cpp
netwerk/test/unit/test_compareURIs.js
toolkit/modules/E10SUtils.jsm
--- a/browser/actors/ClickHandlerChild.jsm
+++ b/browser/actors/ClickHandlerChild.jsm
@@ -75,18 +75,17 @@ class ClickHandlerChild extends ActorChi
       // Only when the owner doc has |mixedContentChannel| and the same origin
       // should we allow mixed content.
       json.allowMixedContent = false;
       let docshell = ownerDoc.defaultView.docShell;
       if (this.mm.docShell.mixedContentChannel) {
         const sm = Services.scriptSecurityManager;
         try {
           let targetURI = Services.io.newURI(href);
-          let isPrivateWin = ownerDoc.nodePrincipal.originAttributes.privateBrowsingId > 0;
-          sm.checkSameOriginURI(docshell.mixedContentChannel.URI, targetURI, false, isPrivateWin);
+          sm.checkSameOriginURI(docshell.mixedContentChannel.URI, targetURI, false);
           json.allowMixedContent = true;
         } catch (e) {}
       }
       json.originPrincipal = ownerDoc.nodePrincipal;
       json.triggeringPrincipal = ownerDoc.nodePrincipal;
 
       this.mm.sendAsyncMessage("Content:Click", json);
       return;
--- a/browser/base/content/browser.js
+++ b/browser/base/content/browser.js
@@ -6136,18 +6136,17 @@ function handleLinkClick(event, href, li
   // a same origin check with the target URI, we can preserve the users
   // decision of disabling MCB on a page for it's child tabs.
   var persistAllowMixedContentInChildTab = false;
 
   if (where == "tab" && gBrowser.docShell.mixedContentChannel) {
     const sm = Services.scriptSecurityManager;
     try {
       var targetURI = makeURI(href);
-      let isPrivateWin = doc.nodePrincipal.originAttributes.privateBrowsingId > 0;
-      sm.checkSameOriginURI(referrerURI, targetURI, false, isPrivateWin);
+      sm.checkSameOriginURI(referrerURI, targetURI, false);
       persistAllowMixedContentInChildTab = true;
     } catch (e) { }
   }
 
   // first get document wide referrer policy, then
   // get referrer attribute from clicked link and parse it and
   // allow per element referrer to overrule the document wide referrer if enabled
   let referrerPolicy = doc.referrerPolicy;
--- a/browser/base/content/nsContextMenu.js
+++ b/browser/base/content/nsContextMenu.js
@@ -801,18 +801,17 @@ nsContextMenu.prototype = {
     // a same origin check with the target URI, we can preserve the users
     // decision of disabling MCB on a page for it's child tabs.
     let persistAllowMixedContentInChildTab = false;
 
     if (gContextMenuContentData.parentAllowsMixedContent) {
       const sm = Services.scriptSecurityManager;
       try {
         let targetURI = this.linkURI;
-        let isPrivateWin = this.browser.contentPrincipal.originAttributes.privateBrowsingId > 0;
-        sm.checkSameOriginURI(referrerURI, targetURI, false, isPrivateWin);
+        sm.checkSameOriginURI(referrerURI, targetURI, false);
         persistAllowMixedContentInChildTab = true;
       } catch (e) { }
     }
 
     let params = {
       allowMixedContent: persistAllowMixedContentInChildTab,
       userContextId: parseInt(event.target.getAttribute("data-usercontextid")),
     };
--- a/browser/components/payments/test/mochitest/payments_common.js
+++ b/browser/components/payments/test/mochitest/payments_common.js
@@ -106,20 +106,16 @@ SpecialPowers.registerConsoleListener(fu
   if (msg.isWarning || !msg.errorMessage || msg.errorMessage == "paymentRequest.xhtml:") {
     // Ignore warnings and non-errors.
     return;
   }
   if (msg.category == "CSP_CSPViolationWithURI" && msg.errorMessage.includes("at inline")) {
     // Ignore unknown CSP error.
     return;
   }
-  if (msg.message.includes("icon-credit-card-generic.svg")) {
-    // Ignoring SOP error
-    return;
-  }
   if (msg.message == "SENTINEL") {
     filterFunction = null;
   }
   if (filterFunction && filterFunction(msg)) {
     return;
   }
   ok(false, msg.message || msg.errorMessage);
 });
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -161,18 +161,18 @@ BasePrincipal::CheckMayLoad(nsIURI* aURI
   if (NS_SUCCEEDED(rv) && fetchableByAnyone) {
     return NS_OK;
   }
 
   if (aReport) {
     nsCOMPtr<nsIURI> prinURI;
     rv = GetURI(getter_AddRefs(prinURI));
     if (NS_SUCCEEDED(rv) && prinURI) {
-      nsScriptSecurityManager::ReportError("CheckSameOriginError", prinURI, aURI,
-                                           mOriginAttributes.mPrivateBrowsingId > 0);
+      nsScriptSecurityManager::ReportError(nullptr, "CheckSameOriginError",
+                                           prinURI, aURI);
     }
   }
 
   return NS_ERROR_DOM_BAD_URI;
 }
 
 NS_IMETHODIMP
 BasePrincipal::GetCsp(nsIContentSecurityPolicy** aCsp)
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -177,23 +177,20 @@ interface nsIScriptSecurityManager : nsI
     [implicit_jscontext]
     nsIPrincipal createNullPrincipal(in jsval originAttributes);
 
     /**
      * Returns OK if aSourceURI and target have the same "origin"
      * (scheme, host, and port).
      * ReportError flag suppresses error reports for functions that
      * don't need reporting.
-     * FromPrivateWindow indicates whether the error occurs in a private
-     * window or not.
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
-                            in boolean reportError,
-                            in boolean fromPrivateWindow);
+                            in boolean reportError);
     /**
      * Get the principal for the given channel.  This will typically be the
      * channel owner if there is one, and the codebase principal for the
      * channel's URI otherwise.  aChannel must not be null.
      */
     nsIPrincipal getChannelResultPrincipal(in nsIChannel aChannel);
 
     /**
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -10,32 +10,30 @@
 
 #include "xpcpublic.h"
 #include "XPCWrapper.h"
 #include "nsIInputStreamChannel.h"
 #include "nsILoadContext.h"
 #include "nsIServiceManager.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIScriptContext.h"
-#include "nsIScriptError.h"
 #include "nsIURL.h"
 #include "nsIURIMutator.h"
 #include "nsINestedURI.h"
 #include "nspr.h"
 #include "nsJSPrincipals.h"
 #include "mozilla/BasePrincipal.h"
 #include "ExpandedPrincipal.h"
 #include "SystemPrincipal.h"
 #include "DomainPolicy.h"
 #include "nsString.h"
 #include "nsCRT.h"
 #include "nsCRTGlue.h"
 #include "nsDocShell.h"
 #include "nsError.h"
-#include "nsGlobalWindowInner.h"
 #include "nsDOMCID.h"
 #include "nsTextFormatter.h"
 #include "nsIStringBundle.h"
 #include "nsNetUtil.h"
 #include "nsIEffectiveTLDService.h"
 #include "nsIProperties.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsIFile.h"
@@ -538,26 +536,23 @@ nsScriptSecurityManager::JSPrincipalsSub
                                              JSPrincipals *second)
 {
     return nsJSPrincipals::get(first)->Subsumes(nsJSPrincipals::get(second));
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CheckSameOriginURI(nsIURI* aSourceURI,
                                             nsIURI* aTargetURI,
-                                            bool reportError,
-                                            bool aFromPrivateWindow)
+                                            bool reportError)
 {
-  // Please note that aFromPrivateWindow is only 100% accurate if
-  // reportError is true.
     if (!SecurityCompareURIs(aSourceURI, aTargetURI))
     {
          if (reportError) {
-            ReportError("CheckSameOriginError",
-                        aSourceURI, aTargetURI, aFromPrivateWindow);
+            ReportError(nullptr, "CheckSameOriginError",
+                        aSourceURI, aTargetURI);
          }
          return NS_ERROR_DOM_BAD_URI;
     }
     return NS_OK;
 }
 
 /*static*/ uint32_t
 nsScriptSecurityManager::HashPrincipalByOrigin(nsIPrincipal* aPrincipal)
@@ -732,18 +727,17 @@ nsScriptSecurityManager::CheckLoadURIWit
                              nsIProtocolHandler::URI_LOADABLE_BY_SUBSUMERS,
                              &hasFlags);
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (hasFlags) {
         // check nothing else in the URI chain has flags that prevent
         // access:
         rv = CheckLoadURIFlags(sourceURI, aTargetURI, sourceBaseURI,
-                               targetBaseURI, aFlags,
-                               aPrincipal->OriginAttributesRef().mPrivateBrowsingId > 0);
+                               targetBaseURI, aFlags);
         NS_ENSURE_SUCCESS(rv, rv);
         // Check the principal is allowed to load the target.
         return aPrincipal->CheckMayLoad(targetBaseURI, true, false);
     }
 
     //-- get the source scheme
     nsAutoCString sourceScheme;
     rv = sourceBaseURI->GetScheme(sourceScheme);
@@ -862,18 +856,17 @@ nsScriptSecurityManager::CheckLoadURIWit
 
         // If schemes are not equal, or they're equal but the target URI
         // is different from the source URI and doesn't always allow linking
         // from the same scheme, check if the URI flags of the current target
         // URI allow the current source URI to link to it.
         // The policy is specified by the protocol flags on both URIs.
         if (!schemesMatch || (denySameSchemeLinks && !isSamePage)) {
             return CheckLoadURIFlags(currentURI, currentOtherURI,
-                                     sourceBaseURI, targetBaseURI, aFlags,
-                                     aPrincipal->OriginAttributesRef().mPrivateBrowsingId > 0);
+                                     sourceBaseURI, targetBaseURI, aFlags);
         }
         // Otherwise... check if we can nest another level:
         nsCOMPtr<nsINestedURI> nestedURI = do_QueryInterface(currentURI);
         nsCOMPtr<nsINestedURI> nestedOtherURI = do_QueryInterface(currentOtherURI);
 
         // If schemes match and neither URI is nested further, we're OK.
         if (!nestedURI && !nestedOtherURI) {
             return NS_OK;
@@ -900,35 +893,34 @@ nsScriptSecurityManager::CheckLoadURIWit
  *
  * @return if success, access is allowed. Otherwise, deny access
  */
 nsresult
 nsScriptSecurityManager::CheckLoadURIFlags(nsIURI *aSourceURI,
                                            nsIURI *aTargetURI,
                                            nsIURI *aSourceBaseURI,
                                            nsIURI *aTargetBaseURI,
-                                           uint32_t aFlags,
-                                           bool aFromPrivateWindow)
+                                           uint32_t aFlags)
 {
     // Note that the order of policy checks here is very important!
     // We start from most restrictive and work our way down.
     bool reportErrors = !(aFlags & nsIScriptSecurityManager::DONT_REPORT_ERRORS);
     const char* errorTag = "CheckLoadURIError";
 
     nsAutoCString targetScheme;
     nsresult rv = aTargetBaseURI->GetScheme(targetScheme);
     if (NS_FAILED(rv)) return rv;
 
     // Check for system target URI
     rv = DenyAccessIfURIHasFlags(aTargetURI,
                                  nsIProtocolHandler::URI_DANGEROUS_TO_LOAD);
     if (NS_FAILED(rv)) {
         // Deny access, since the origin principal is not system
         if (reportErrors) {
-            ReportError(errorTag, aSourceURI, aTargetURI, aFromPrivateWindow);
+            ReportError(nullptr, errorTag, aSourceURI, aTargetURI);
         }
         return rv;
     }
 
     // Check for chrome target URI
     bool hasFlags = false;
     rv = NS_URIChainHasFlags(aTargetURI,
                              nsIProtocolHandler::URI_IS_UI_RESOURCE,
@@ -997,17 +989,17 @@ nsScriptSecurityManager::CheckLoadURIFla
                     if (accessAllowed) {
                         return NS_OK;
                     }
                 }
             }
         }
 
         if (reportErrors) {
-            ReportError(errorTag, aSourceURI, aTargetURI, aFromPrivateWindow);
+            ReportError(nullptr, errorTag, aSourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // Check for target URI pointing to a file
     rv = NS_URIChainHasFlags(aTargetURI,
                              nsIProtocolHandler::URI_IS_LOCAL_FILE,
                              &hasFlags);
@@ -1024,17 +1016,17 @@ nsScriptSecurityManager::CheckLoadURIFla
         // Allow chrome://
         bool isChrome = false;
         if (NS_SUCCEEDED(aSourceBaseURI->SchemeIs("chrome", &isChrome)) && isChrome) {
             return NS_OK;
         }
 
         // Nothing else.
         if (reportErrors) {
-            ReportError(errorTag, aSourceURI, aTargetURI, aFromPrivateWindow);
+            ReportError(nullptr, errorTag, aSourceURI, aTargetURI);
         }
         return NS_ERROR_DOM_BAD_URI;
     }
 
     // OK, everyone is allowed to load this, since unflagged handlers are
     // deprecated but treated as URI_LOADABLE_BY_ANYONE.  But check whether we
     // need to warn.  At some point we'll want to make this warning into an
     // error and treat unflagged handlers as URI_DANGEROUS_TO_LOAD.
@@ -1069,18 +1061,18 @@ nsScriptSecurityManager::CheckLoadURIFla
             }
         }
     }
 
     return NS_OK;
 }
 
 nsresult
-nsScriptSecurityManager::ReportError(const char* aMessageTag, nsIURI* aSource,
-                                     nsIURI* aTarget, bool aFromPrivateWindow)
+nsScriptSecurityManager::ReportError(JSContext* cx, const char* aMessageTag,
+                                     nsIURI* aSource, nsIURI* aTarget)
 {
     nsresult rv;
     NS_ENSURE_TRUE(aSource && aTarget, NS_ERROR_NULL_POINTER);
 
     // Get the source URL spec
     nsAutoCString sourceSpec;
     rv = aSource->GetAsciiSpec(sourceSpec);
     NS_ENSURE_SUCCESS(rv, rv);
@@ -1101,28 +1093,31 @@ nsScriptSecurityManager::ReportError(con
     NS_ConvertASCIItoUTF16 ucsTargetSpec(targetSpec);
     const char16_t *formatStrings[] = { ucsSourceSpec.get(), ucsTargetSpec.get() };
     rv = bundle->FormatStringFromName(aMessageTag,
                                       formatStrings,
                                       ArrayLength(formatStrings),
                                       message);
     NS_ENSURE_SUCCESS(rv, rv);
 
-    nsCOMPtr<nsIConsoleService> console(do_GetService(NS_CONSOLESERVICE_CONTRACTID));
-    NS_ENSURE_TRUE(console, NS_ERROR_FAILURE);
-    nsCOMPtr<nsIScriptError> error(do_CreateInstance(NS_SCRIPTERROR_CONTRACTID));
-    NS_ENSURE_TRUE(error, NS_ERROR_FAILURE);
+    // If a JS context was passed in, set a JS exception.
+    // Otherwise, print the error message directly to the JS console
+    // and to standard output
+    if (cx)
+    {
+        SetPendingException(cx, message.get());
+    }
+    else // Print directly to the console
+    {
+        nsCOMPtr<nsIConsoleService> console(
+            do_GetService("@mozilla.org/consoleservice;1"));
+        NS_ENSURE_TRUE(console, NS_ERROR_FAILURE);
 
-    // using category of "SOP" so we can link to MDN
-    rv = error->Init(message, EmptyString(), 
-                     EmptyString(), 0, 0,
-                     nsIScriptError::errorFlag,
-                    "SOP", aFromPrivateWindow);
-    NS_ENSURE_SUCCESS(rv, rv);
-    console->LogMessage(error);
+        console->LogStringMessage(message.get());
+    }
     return NS_OK;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CheckLoadURIStrWithPrincipal(nsIPrincipal* aPrincipal,
                                                       const nsACString& aTargetURIStr,
                                                       uint32_t aFlags)
 {
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -58,18 +58,18 @@ public:
      * are equivalent if their schemes, hosts, and ports (if any) match.  This
      * method returns true if aSubjectURI and aObjectURI have the same origin,
      * false otherwise.
      */
     static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
     static uint32_t SecurityHashURI(nsIURI* aURI);
 
     static nsresult
-    ReportError(const char* aMessageTag, nsIURI* aSource,
-                nsIURI* aTarget, bool aFromPrivateWindow);
+    ReportError(JSContext* cx, const char* aMessageTag,
+                nsIURI* aSource, nsIURI* aTarget);
 
     static uint32_t
     HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
 
     static bool
     GetStrictFileOriginPolicy()
     {
         return sStrictFileOriginPolicy;
@@ -103,17 +103,17 @@ private:
     AddSitesToFileURIWhitelist(const nsCString& aSiteList);
 
     nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
                                        nsIPrincipal** aPrincipal,
                                        bool aIgnoreSandboxing);
 
     nsresult
     CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI,
-                      nsIURI* aTargetBaseURI, uint32_t aFlags, bool aFromPrivateWindow);
+                      nsIURI* aTargetBaseURI, uint32_t aFlags);
 
     // Returns the file URI whitelist, initializing it if it has not been
     // initialized.
     const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIWhitelist();
 
     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     bool mPrefInitialized;
     bool mIsJavaScriptEnabled;
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -11600,19 +11600,17 @@ nsDocShell::AddState(JS::Handle<JS::Valu
 
       // It's very important that we check that newURI is of the same
       // origin as currentURI, not docBaseURI, because a page can
       // set docBaseURI arbitrarily to any domain.
       nsAutoCString currentUserPass, newUserPass;
       NS_ENSURE_SUCCESS(currentURI->GetUserPass(currentUserPass),
                         NS_ERROR_FAILURE);
       NS_ENSURE_SUCCESS(newURI->GetUserPass(newUserPass), NS_ERROR_FAILURE);
-      bool isPrivateWin =
-        document->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-      if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true, isPrivateWin)) ||
+      if (NS_FAILED(secMan->CheckSameOriginURI(currentURI, newURI, true)) ||
           !currentUserPass.Equals(newUserPass)) {
         return NS_ERROR_DOM_SECURITY_ERR;
       }
     } else {
       // It's a file:// URI
       nsCOMPtr<nsIScriptObjectPrincipal> docScriptObj =
         do_QueryInterface(document);
 
@@ -12967,28 +12965,20 @@ nsDocShell::IsOKToLoadURI(nsIURI* aURI)
   if (!mFiredUnloadEvent) {
     return true;
   }
 
   if (!mLoadingURI) {
     return false;
   }
 
-
-  bool isPrivateWin = false;
-  nsIDocument *doc = GetDocument();
-  if (doc) {
-    isPrivateWin =
-      doc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-  }
-
   nsCOMPtr<nsIScriptSecurityManager> secMan =
     do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
   return secMan &&
-         NS_SUCCEEDED(secMan->CheckSameOriginURI(aURI, mLoadingURI, false, isPrivateWin));
+         NS_SUCCEEDED(secMan->CheckSameOriginURI(aURI, mLoadingURI, false));
 }
 
 //
 // Routines for selection and clipboard
 //
 nsresult
 nsDocShell::GetControllerForCommand(const char* aCommand,
                                     nsIController** aResult)
--- a/docshell/base/nsPingListener.cpp
+++ b/docshell/base/nsPingListener.cpp
@@ -163,24 +163,18 @@ SendPing(void* aClosure, nsIContent* aCo
   if (sm && info->referrer) {
     bool referrerIsSecure;
     uint32_t flags = nsIProtocolHandler::URI_IS_POTENTIALLY_TRUSTWORTHY;
     rv = NS_URIChainHasFlags(info->referrer, flags, &referrerIsSecure);
 
     // Default to sending less data if NS_URIChainHasFlags() fails.
     referrerIsSecure = NS_FAILED(rv) || referrerIsSecure;
 
-    bool isPrivateWin = false;
-    if (doc) {
-      isPrivateWin =
-        doc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-    }
-
     bool sameOrigin =
-      NS_SUCCEEDED(sm->CheckSameOriginURI(info->referrer, aURI, false, isPrivateWin));
+      NS_SUCCEEDED(sm->CheckSameOriginURI(info->referrer, aURI, false));
 
     // If both the address of the document containing the hyperlink being
     // audited and "ping URL" have the same origin or the document containing
     // the hyperlink being audited was not retrieved over an encrypted
     // connection, send a Ping-From header.
     if (sameOrigin || !referrerIsSecure) {
       nsAutoCString pingFrom;
       if (NS_SUCCEEDED(info->referrer->GetSpec(pingFrom))) {
--- a/dom/base/nsDOMNavigationTiming.cpp
+++ b/dom/base/nsDOMNavigationTiming.cpp
@@ -329,32 +329,28 @@ nsDOMNavigationTiming::NotifyDocShellSta
   mDocShellHasBeenActiveSinceNavigationStart &=
     (aDocShellState == DocShellState::eActive);
 }
 
 mozilla::TimeStamp
 nsDOMNavigationTiming::GetUnloadEventStartTimeStamp() const
 {
   nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-  // todo: if you intend to update CheckSameOriginURI to log the error to the
-  // console you also need to update the 'aFromPrivateWindow' argument.
-  nsresult rv = ssm->CheckSameOriginURI(mLoadedURI, mUnloadedURI, false, false);
+  nsresult rv = ssm->CheckSameOriginURI(mLoadedURI, mUnloadedURI, false);
   if (NS_SUCCEEDED(rv)) {
     return mUnloadStart;
   }
   return mozilla::TimeStamp();
 }
 
 mozilla::TimeStamp
 nsDOMNavigationTiming::GetUnloadEventEndTimeStamp() const
 {
   nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-  // todo: if you intend to update CheckSameOriginURI to log the error to the
-  // console you also need to update the 'aFromPrivateWindow' argument.
-  nsresult rv = ssm->CheckSameOriginURI(mLoadedURI, mUnloadedURI, false, false);
+  nsresult rv = ssm->CheckSameOriginURI(mLoadedURI, mUnloadedURI, false);
   if (NS_SUCCEEDED(rv)) {
     return mUnloadEnd;
   }
   return mozilla::TimeStamp();
 }
 
 bool
 nsDOMNavigationTiming::IsTopLevelContentDocumentInContentProcess() const
--- a/dom/base/nsDataDocumentContentPolicy.cpp
+++ b/dom/base/nsDataDocumentContentPolicy.cpp
@@ -97,18 +97,17 @@ nsDataDocumentContentPolicy::ShouldLoad(
       // Report error, if we can.
       if (node) {
         nsIPrincipal* requestingPrincipal = node->NodePrincipal();
         RefPtr<nsIURI> principalURI;
         nsresult rv =
           requestingPrincipal->GetURI(getter_AddRefs(principalURI));
         if (NS_SUCCEEDED(rv) && principalURI) {
           nsScriptSecurityManager::ReportError(
-            "ExternalDataError", principalURI, aContentLocation,
-            requestingPrincipal->OriginAttributesRef().mPrivateBrowsingId > 0);
+            nullptr, "ExternalDataError", principalURI, aContentLocation);
         }
       }
     } else if ((contentType == nsIContentPolicy::TYPE_IMAGE ||
                 contentType == nsIContentPolicy::TYPE_IMAGESET) &&
                doc->GetDocumentURI()) {
       // Check for (& disallow) recursive image-loads
       bool isRecursiveLoad;
       nsresult rv = aContentLocation->EqualsExceptRef(doc->GetDocumentURI(),
--- a/dom/clients/manager/ClientNavigateOpChild.cpp
+++ b/dom/clients/manager/ClientNavigateOpChild.cpp
@@ -68,19 +68,17 @@ public:
     }
 
     nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
     MOZ_DIAGNOSTIC_ASSERT(ssm);
 
     // If the resulting window is not same origin, then resolve immediately
     // without returning any information about the new Client.  This is
     // step 6.10 in the Client.navigate(url) spec.
-    // todo: if you intend to update CheckSameOriginURI to log the error to the
-    // console you also need to update the 'aFromPrivateWindow' argument.
-    rv = ssm->CheckSameOriginURI(mBaseURL, channelURL, false, false);
+    rv = ssm->CheckSameOriginURI(mBaseURL, channelURL, false);
     if (NS_FAILED(rv)) {
       mPromise->Resolve(NS_OK, __func__);
       return NS_OK;
     }
 
     nsPIDOMWindowInner* innerWindow = mOuterWindow->GetCurrentInnerWindow();
     MOZ_DIAGNOSTIC_ASSERT(innerWindow);
 
--- a/dom/clients/manager/ClientOpenWindowUtils.cpp
+++ b/dom/clients/manager/ClientOpenWindowUtils.cpp
@@ -68,20 +68,18 @@ public:
       mPromise->Reject(NS_ERROR_FAILURE, __func__);
       mPromise = nullptr;
       return NS_OK;
     }
 
     // Check same origin.
     nsCOMPtr<nsIScriptSecurityManager> securityManager =
       nsContentUtils::GetSecurityManager();
-    bool isPrivateWin =
-      doc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
     nsresult rv = securityManager->CheckSameOriginURI(doc->GetOriginalURI(),
-                                                      mBaseURI, false, isPrivateWin);
+                                                      mBaseURI, false);
     if (NS_FAILED(rv)) {
       mPromise->Resolve(NS_OK, __func__);
       mPromise = nullptr;
       return NS_OK;
     }
 
     Maybe<ClientInfo> info(doc->GetClientInfo());
     Maybe<ClientState> state(doc->GetClientState());
--- a/dom/offline/nsDOMOfflineResourceList.cpp
+++ b/dom/offline/nsDOMOfflineResourceList.cpp
@@ -105,22 +105,19 @@ nsDOMOfflineResourceList::Init()
     return NS_OK;
   }
 
   if (!mManifestURI) {
     return NS_ERROR_DOM_INVALID_STATE_ERR;
   }
 
   mManifestURI->GetAsciiSpec(mManifestSpec);
-  bool isPrivateWin = mLoadingPrincipal
-    ? mLoadingPrincipal->OriginAttributesRef().mPrivateBrowsingId > 0
-    : false;
 
   nsresult rv = nsContentUtils::GetSecurityManager()->
-                   CheckSameOriginURI(mManifestURI, mDocumentURI, true, isPrivateWin);
+                   CheckSameOriginURI(mManifestURI, mDocumentURI, true);
   NS_ENSURE_SUCCESS(rv, rv);
 
   // Dynamically-managed resources are stored as a separate ownership list
   // from the manifest.
   nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(mDocumentURI);
   if (!innerURI)
     return NS_ERROR_FAILURE;
 
--- a/dom/presentation/Presentation.cpp
+++ b/dom/presentation/Presentation.cpp
@@ -163,28 +163,20 @@ Presentation::HasReceiverSupport() const
   }
 
   nsCOMPtr<nsIURI> presentationURI;
   nsresult rv = NS_NewURI(getter_AddRefs(presentationURI), presentationURL);
   if (NS_FAILED(rv)) {
     return false;
   }
 
-  bool isPrivateWin = false;
-  nsCOMPtr<nsIDocument> doc = mWindow->GetExtantDoc();
-  if (doc) {
-    isPrivateWin =
-      doc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-  }
-
   nsCOMPtr<nsIURI> docURI = mWindow->GetDocumentURI();
   return NS_SUCCEEDED(securityManager->CheckSameOriginURI(presentationURI,
                                                           docURI,
-                                                          false,
-                                                          isPrivateWin));
+                                                          false));
 }
 
 bool
 Presentation::IsInPresentedContent() const
 {
   if (!mWindow) {
     return false;
   }
--- a/dom/security/FramingChecker.cpp
+++ b/dom/security/FramingChecker.cpp
@@ -102,19 +102,17 @@ FramingChecker::CheckOneFrameOptionsPoli
             ssm->IsSystemPrincipal(topDoc->NodePrincipal(), &system)) &&
           system) {
         // Found a system-principled doc: last docshell was top.
         break;
       }
 
       if (checkSameOrigin) {
         topDoc->NodePrincipal()->GetURI(getter_AddRefs(topUri));
-        bool isPrivateWin =
-          topDoc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-        rv = ssm->CheckSameOriginURI(uri, topUri, true, isPrivateWin);
+        rv = ssm->CheckSameOriginURI(uri, topUri, true);
 
         // one of the ancestors is not same origin as this document
         if (NS_FAILED(rv)) {
           ReportXFOViolation(curDocShellItem, uri, eSAMEORIGIN);
           return false;
         }
       }
     } else {
@@ -148,19 +146,18 @@ FramingChecker::CheckOneFrameOptionsPoli
          aPolicy[allowFromLen] != '\t')) {
       ReportXFOViolation(curDocShellItem, uri, eALLOWFROM);
       return false;
     }
     rv = NS_NewURI(getter_AddRefs(uri), Substring(aPolicy, allowFromLen));
     if (NS_FAILED(rv)) {
       return false;
     }
-    bool isPrivateWin =
-      topDoc->NodePrincipal()->OriginAttributesRef().mPrivateBrowsingId > 0;
-    rv = ssm->CheckSameOriginURI(uri, topUri, true, isPrivateWin);
+
+    rv = ssm->CheckSameOriginURI(uri, topUri, true);
     if (NS_FAILED(rv)) {
       ReportXFOViolation(curDocShellItem, uri, eALLOWFROM);
       return false;
     }
   }
 
   return true;
 }
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@@ -1686,18 +1686,17 @@ HttpBaseChannel::IsCrossOriginWithReferr
   }
   if (triggeringURI) {
     if (LOG_ENABLED()) {
       nsAutoCString triggeringURISpec;
       triggeringURI->GetAsciiSpec(triggeringURISpec);
       LOG(("triggeringURI=%s\n", triggeringURISpec.get()));
     }
     nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-    bool isPrivateWin = mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-    rv = ssm->CheckSameOriginURI(triggeringURI, mURI, false, isPrivateWin);
+    rv = ssm->CheckSameOriginURI(triggeringURI, mURI, false);
     return (NS_FAILED(rv));
   }
 
   LOG(("no triggering principal available via loadInfo, assuming load is cross-origin"));
   return true;
 }
 
 NS_IMETHODIMP
@@ -3915,18 +3914,17 @@ HttpBaseChannel::SetupReplacementChannel
   return NS_OK;
 }
 
 // Redirect Tracking
 bool
 HttpBaseChannel::SameOriginWithOriginalUri(nsIURI *aURI)
 {
   nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-  bool isPrivateWin = mLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-  nsresult rv = ssm->CheckSameOriginURI(aURI, mOriginalURI, false, isPrivateWin);
+  nsresult rv = ssm->CheckSameOriginURI(aURI, mOriginalURI, false);
   return (NS_SUCCEEDED(rv));
 }
 
 
 //-----------------------------------------------------------------------------
 // HttpBaseChannel::nsIClassifiedChannel
 
 NS_IMETHODIMP
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -1519,34 +1519,32 @@ EnsureMIMEOfScript(nsIURI* aURI, nsHttpR
         AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::javaScript);
         return NS_OK;
     }
 
     nsCOMPtr<nsIURI> requestURI;
     aLoadInfo->LoadingPrincipal()->GetURI(getter_AddRefs(requestURI));
 
     nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-    bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-    nsresult rv = ssm->CheckSameOriginURI(requestURI, aURI, false, isPrivateWin);
+    nsresult rv = ssm->CheckSameOriginURI(requestURI, aURI, false);
     if (NS_SUCCEEDED(rv)) {
         //same origin
         AccumulateCategorical(Telemetry::LABELS_SCRIPT_BLOCK_INCORRECT_MIME_2::same_origin);
     } else {
         bool cors = false;
         nsAutoCString corsOrigin;
         rv = aResponseHead->GetHeader(nsHttp::ResolveAtom("Access-Control-Allow-Origin"), corsOrigin);
         if (NS_SUCCEEDED(rv)) {
             if (corsOrigin.Equals("*")) {
                 cors = true;
             } else {
                 nsCOMPtr<nsIURI> corsOriginURI;
                 rv = NS_NewURI(getter_AddRefs(corsOriginURI), corsOrigin);
                 if (NS_SUCCEEDED(rv)) {
-                    bool isPrivateWin = aLoadInfo->GetOriginAttributes().mPrivateBrowsingId > 0;
-                    rv = ssm->CheckSameOriginURI(requestURI, corsOriginURI, false, isPrivateWin);
+                    rv = ssm->CheckSameOriginURI(requestURI, corsOriginURI, false);
                     if (NS_SUCCEEDED(rv)) {
                         cors = true;
                     }
                 }
             }
         }
         if (cors) {
             //cors origin
--- a/netwerk/test/unit/test_compareURIs.js
+++ b/netwerk/test/unit/test_compareURIs.js
@@ -34,16 +34,16 @@ function run_test()
     tests.forEach(function(aTest) {
         do_info("Comparing " + aTest[0] + " to " + aTest[1]);
 
 	var uri1 = NetUtil.newURI(aTest[0]);
 	var uri2 = NetUtil.newURI(aTest[1]);
 
 	var equal;
 	try {
-	    secman.checkSameOriginURI(uri1, uri2, false, false);
+	    secman.checkSameOriginURI(uri1, uri2, false);
 	    equal = true;
 	} catch (e) {
 	    equal = false
 	}
 	Assert.equal(equal, aTest[2]);
     });
 }
--- a/toolkit/modules/E10SUtils.jsm
+++ b/toolkit/modules/E10SUtils.jsm
@@ -61,19 +61,17 @@ function validatedWebRemoteType(aPreferr
 
   if (allowLinkedWebInFileUriProcess &&
       aPreferredRemoteType == FILE_REMOTE_TYPE) {
     // If aCurrentUri is passed then we should only allow FILE_REMOTE_TYPE
     // when it is same origin as target.
     if (aCurrentUri) {
       try {
         // checkSameOriginURI throws when not same origin.
-        // todo: if you intend to update CheckSameOriginURI to log the error to the
-        // console you also need to update the 'aFromPrivateWindow' argument.
-        sm.checkSameOriginURI(aCurrentUri, aTargetUri, false, false);
+        sm.checkSameOriginURI(aCurrentUri, aTargetUri, false);
         return FILE_REMOTE_TYPE;
       } catch (e) {
         return WEB_REMOTE_TYPE;
       }
     }
 
     return FILE_REMOTE_TYPE;
   }