Bug 1839920 - Rename Get{ASCII,UTF}Origin to GetWebExposedOriginSerialization, r=smaug,necko-reviewers,anti-tracking-reviewers,bvandersloot,jesup

This should make uses of the type more clearly indicating where the origin came from, and should help avoid potential confusion between this origin and nsIPrincipal::origin in new code. This new name is long, but explicit. The string returned from this function corresponds to the "serialization of an origin" from the WHATWG html spec: https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin Differential Revision: https://phabricator.services.mozilla.com/D181794
2023-06-27 19:59:15 +00:00
parent a01396e3d9
commit 30c48eac49
35 changed files with 115 additions and 81 deletions
--- a/caps/BasePrincipal.cpp
+++ b/caps/BasePrincipal.cpp
@@ -86,14 +86,14 @@ BasePrincipal::GetOrigin(nsACString& aOrigin) {
 }

 NS_IMETHODIMP
-BasePrincipal::GetAsciiOrigin(nsACString& aOrigin) {
+BasePrincipal::GetWebExposedOriginSerialization(nsACString& aOrigin) {
  aOrigin.Truncate();
  nsCOMPtr<nsIURI> prinURI;
  nsresult rv = GetURI(getter_AddRefs(prinURI));
  if (NS_FAILED(rv) || !prinURI) {
    return NS_ERROR_NOT_AVAILABLE;
  }
-  return nsContentUtils::GetASCIIOrigin(prinURI, aOrigin);
+  return nsContentUtils::GetWebExposedOriginSerialization(prinURI, aOrigin);
 }

 NS_IMETHODIMP
--- a/caps/BasePrincipal.h
+++ b/caps/BasePrincipal.h
@@ -110,7 +110,7 @@ class BasePrincipal : public nsJSPrincipals {
                DocumentDomainConsideration aConsideration);

  NS_IMETHOD GetOrigin(nsACString& aOrigin) final;
-  NS_IMETHOD GetAsciiOrigin(nsACString& aOrigin) override;
+  NS_IMETHOD GetWebExposedOriginSerialization(nsACString& aOrigin) override;
  NS_IMETHOD GetOriginNoSuffix(nsACString& aOrigin) final;
  NS_IMETHOD Equals(nsIPrincipal* other, bool* _retval) final;
  NS_IMETHOD EqualsConsideringDomain(nsIPrincipal* other, bool* _retval) final;
--- a/caps/nsIPrincipal.idl
+++ b/caps/nsIPrincipal.idl
@@ -271,12 +271,19 @@ interface nsIPrincipal : nsISupports
    readonly attribute ACString origin;

    /**
-     * Returns an ASCII compatible representation
-     * of the principals Origin
+     * Returns an ASCII compatible serialization of the principal's origin, as
+     * specified by the whatwg HTML specification. If the principal does not
+     * have a host, the origin will be "null".
+     *
+     * https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
+     *
+     * Note that this is different from `origin`, does not contain
+     * gecko-specific metadata like origin attributes, and should not be used
+     * for permissions or security checks.
     *
     * May be called from any thread.
     */
-    [noscript] readonly attribute ACString asciiOrigin;
+    [noscript] readonly attribute ACString webExposedOriginSerialization;

    /**
     * Returns the "host:port" portion of the
--- a/dom/base/EventSource.cpp
+++ b/dom/base/EventSource.cpp
@@ -572,7 +572,7 @@ nsresult EventSourceImpl::ParseURL(const nsAString& aURL) {
  NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SYNTAX_ERR);

  nsAutoString origin;
-  rv = nsContentUtils::GetUTFOrigin(srcURI, origin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(srcURI, origin);
  NS_ENSURE_SUCCESS(rv, rv);

  nsAutoCString spec;
--- a/dom/base/Link.cpp
+++ b/dom/base/Link.cpp
@@ -313,7 +313,7 @@ void Link::GetOrigin(nsAString& aOrigin) {
  }

  nsString origin;
-  nsContentUtils::GetUTFOrigin(uri, origin);
+  nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
  aOrigin.Assign(origin);
 }

--- a/dom/base/Location.cpp
+++ b/dom/base/Location.cpp
@@ -295,7 +295,7 @@ void Location::GetOrigin(nsAString& aOrigin, nsIPrincipal& aSubjectPrincipal,
  }

  nsAutoString origin;
-  aRv = nsContentUtils::GetUTFOrigin(uri, origin);
+  aRv = nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
  if (NS_WARN_IF(aRv.Failed())) {
    return;
  }
--- a/dom/base/PostMessageEvent.cpp
+++ b/dom/base/PostMessageEvent.cpp
@@ -120,9 +120,11 @@ MOZ_CAN_RUN_SCRIPT_BOUNDARY NS_IMETHODIMP PostMessageEvent::Run() {
          "Target and source should have the same userContextId attribute.");

      nsAutoString providedOrigin, targetOrigin;
-      nsresult rv = nsContentUtils::GetUTFOrigin(targetPrin, targetOrigin);
+      nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(
+          targetPrin, targetOrigin);
      NS_ENSURE_SUCCESS(rv, rv);
-      rv = nsContentUtils::GetUTFOrigin(mProvidedPrincipal, providedOrigin);
+      rv = nsContentUtils::GetWebExposedOriginSerialization(mProvidedPrincipal,
+                                                            providedOrigin);
      NS_ENSURE_SUCCESS(rv, rv);

      nsAutoString errorText;
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -2457,7 +2457,7 @@ bool nsContentUtils::ShouldResistFingerprinting_dangerous(
  if (MOZ_LOG_TEST(nsContentUtils::ResistFingerprintingLog(),
                   mozilla::LogLevel::Debug)) {
    nsAutoCString origin;
-    aPrincipal->GetAsciiOrigin(origin);
+    aPrincipal->GetWebExposedOriginSerialization(origin);
    LogDomainAndPrefList(kExemptedDomainsPrefName, origin, isExemptDomain);
  }

@@ -6509,7 +6509,8 @@ SameOriginCheckerImpl::GetInterface(const nsIID& aIID, void** aResult) {
 }

 /* static */
-nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
+nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
+                                                          nsACString& aOrigin) {
  MOZ_ASSERT(aURI, "missing uri");

  // For Blob URI, the path is the URL of the owning page.
@@ -6525,7 +6526,7 @@ nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
      return NS_OK;
    }

-    return GetASCIIOrigin(uri, aOrigin);
+    return GetWebExposedOriginSerialization(uri, aOrigin);
  }

  aOrigin.Truncate();
@@ -6558,24 +6559,26 @@ nsresult nsContentUtils::GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin) {
 }

 /* static */
-nsresult nsContentUtils::GetUTFOrigin(nsIPrincipal* aPrincipal,
-                                      nsAString& aOrigin) {
+nsresult nsContentUtils::GetWebExposedOriginSerialization(
+    nsIPrincipal* aPrincipal, nsAString& aOrigin) {
  MOZ_ASSERT(aPrincipal, "missing principal");

  aOrigin.Truncate();
-  nsAutoCString asciiOrigin;
+  nsAutoCString webExposedOriginSerialization;

-  nsresult rv = aPrincipal->GetAsciiOrigin(asciiOrigin);
+  nsresult rv = aPrincipal->GetWebExposedOriginSerialization(
+      webExposedOriginSerialization);
  if (NS_FAILED(rv)) {
-    asciiOrigin.AssignLiteral("null");
+    webExposedOriginSerialization.AssignLiteral("null");
  }

-  CopyUTF8toUTF16(asciiOrigin, aOrigin);
+  CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
  return NS_OK;
 }

 /* static */
-nsresult nsContentUtils::GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin) {
+nsresult nsContentUtils::GetWebExposedOriginSerialization(nsIURI* aURI,
+                                                          nsAString& aOrigin) {
  MOZ_ASSERT(aURI, "missing uri");
  nsresult rv;

@@ -6588,15 +6591,15 @@ nsresult nsContentUtils::GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin) {
    rv = uriWithSpecialOrigin->GetOrigin(getter_AddRefs(origin));
    NS_ENSURE_SUCCESS(rv, rv);

-    return GetUTFOrigin(origin, aOrigin);
+    return GetWebExposedOriginSerialization(origin, aOrigin);
  }
 #endif

-  nsAutoCString asciiOrigin;
-  rv = GetASCIIOrigin(aURI, asciiOrigin);
+  nsAutoCString webExposedOriginSerialization;
+  rv = GetWebExposedOriginSerialization(aURI, webExposedOriginSerialization);
  NS_ENSURE_SUCCESS(rv, rv);

-  CopyUTF8toUTF16(asciiOrigin, aOrigin);
+  CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
  return NS_OK;
 }

--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -2254,24 +2254,30 @@ class nsContentUtils {
  static nsIInterfaceRequestor* SameOriginChecker();

  /**
-   * Get the Origin of the passed in nsIPrincipal or nsIURI. If the passed in
-   * nsIURI or the URI of the passed in nsIPrincipal does not have a host, the
-   * origin is set to 'null'.
+   * Returns an ASCII compatible serialization of the nsIPrincipal or nsIURI's
+   * origin, as specified by the whatwg HTML specification.  If the principal
+   * does not have a host, the origin will be "null".
   *
-   * The ASCII versions return a ASCII strings that are puny-code encoded,
-   * suitable for, for example, header values. The UTF versions return strings
-   * containing international characters.
+   * https://html.spec.whatwg.org/multipage/browsers.html#ascii-serialisation-of-an-origin
   *
-   * The thread-safe versions return NS_ERROR_UNKNOWN_PROTOCOL if the
-   * operation cannot be completed on the current thread.
+   * Note that this is different from nsIPrincipal::GetOrigin, does not contain
+   * gecko-specific metadata like origin attributes, and should not be used for
+   * permissions or security checks.
   *
-   * @pre aPrincipal/aOrigin must not be null.
+   * See also `nsIPrincipal::GetWebExposedOriginSerialization`.
+   *
+   * These methods are thread-safe.
+   *
+   * @pre aPrincipal/aURI must not be null.
   *
   * @note this should be used for HTML5 origin determination.
   */
-  static nsresult GetASCIIOrigin(nsIURI* aURI, nsACString& aOrigin);
-  static nsresult GetUTFOrigin(nsIPrincipal* aPrincipal, nsAString& aOrigin);
-  static nsresult GetUTFOrigin(nsIURI* aURI, nsAString& aOrigin);
+  static nsresult GetWebExposedOriginSerialization(nsIURI* aURI,
+                                                   nsACString& aOrigin);
+  static nsresult GetWebExposedOriginSerialization(nsIPrincipal* aPrincipal,
+                                                   nsAString& aOrigin);
+  static nsresult GetWebExposedOriginSerialization(nsIURI* aURI,
+                                                   nsAString& aOrigin);

  /**
   * This method creates and dispatches "command" event, which implements
--- a/dom/base/nsDOMDataChannel.cpp
+++ b/dom/base/nsDOMDataChannel.cpp
@@ -102,7 +102,7 @@ nsresult nsDOMDataChannel::Init(nsPIDOMWindowInner* aDOMWindow) {
  rv = CheckCurrentGlobalCorrectness();
  NS_ENSURE_SUCCESS(rv, rv);

-  rv = nsContentUtils::GetUTFOrigin(principal, mOrigin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(principal, mOrigin);
  DC_DEBUG(("%s: origin = %s\n", __FUNCTION__,
            NS_LossyConvertUTF16toASCII(mOrigin).get()));
  return rv;
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -4147,7 +4147,7 @@ bool nsGlobalWindowInner::Find(const nsAString& aString, bool aCaseSensitive,
 }

 void nsGlobalWindowInner::GetOrigin(nsAString& aOrigin) {
-  nsContentUtils::GetUTFOrigin(GetPrincipal(), aOrigin);
+  nsContentUtils::GetWebExposedOriginSerialization(GetPrincipal(), aOrigin);
 }

 // See also AutoJSAPI::ReportException
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -2616,7 +2616,7 @@ void nsGlobalWindowOuter::DispatchDOMWindowCreated() {
  if (observerService && mDoc) {
    nsAutoString origin;
    nsIPrincipal* principal = mDoc->NodePrincipal();
-    nsContentUtils::GetUTFOrigin(principal, origin);
+    nsContentUtils::GetWebExposedOriginSerialization(principal, origin);
    observerService->NotifyObservers(static_cast<nsIDOMWindow*>(this),
                                     principal->IsSystemPrincipal()
                                         ? "chrome-document-global-created"
@@ -5652,15 +5652,15 @@ bool nsGlobalWindowOuter::GatherPostMessageData(

  // if the principal has a URI, use that to generate the origin
  if (!callerPrin->IsSystemPrincipal()) {
-    nsAutoCString asciiOrigin;
-    callerPrin->GetAsciiOrigin(asciiOrigin);
-    CopyUTF8toUTF16(asciiOrigin, aOrigin);
+    nsAutoCString webExposedOriginSerialization;
+    callerPrin->GetWebExposedOriginSerialization(webExposedOriginSerialization);
+    CopyUTF8toUTF16(webExposedOriginSerialization, aOrigin);
  } else if (callerInnerWin) {
    if (!*aCallerURI) {
      return false;
    }
    // otherwise use the URI of the document to generate origin
-    nsContentUtils::GetUTFOrigin(*aCallerURI, aOrigin);
+    nsContentUtils::GetWebExposedOriginSerialization(*aCallerURI, aOrigin);
  } else {
    // in case of a sandbox with a system principal origin can be empty
    if (!callerPrin->IsSystemPrincipal()) {
--- a/dom/broadcastchannel/BroadcastChannel.cpp
+++ b/dom/broadcastchannel/BroadcastChannel.cpp
@@ -241,7 +241,8 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
  }

  nsString originForEvents;
-  aRv = nsContentUtils::GetUTFOrigin(storagePrincipal, originForEvents);
+  aRv = nsContentUtils::GetWebExposedOriginSerialization(storagePrincipal,
+                                                         originForEvents);
  if (NS_WARN_IF(aRv.Failed())) {
    return nullptr;
  }
--- a/dom/file/uri/BlobURLProtocolHandler.cpp
+++ b/dom/file/uri/BlobURLProtocolHandler.cpp
@@ -717,7 +717,7 @@ nsresult BlobURLProtocolHandler::GenerateURIString(nsIPrincipal* aPrincipal,

  if (aPrincipal) {
    nsAutoCString origin;
-    rv = aPrincipal->GetAsciiOrigin(origin);
+    rv = aPrincipal->GetWebExposedOriginSerialization(origin);
    if (NS_FAILED(rv)) {
      origin.AssignLiteral("null");
    }
--- a/dom/midi/MIDIPort.cpp
+++ b/dom/midi/MIDIPort.cpp
@@ -65,7 +65,7 @@ MIDIPort::~MIDIPort() {
 bool MIDIPort::Initialize(const MIDIPortInfo& aPortInfo, bool aSysexEnabled) {
  nsIURI* uri = GetDocumentIfCurrent()->GetDocumentURI();
  nsAutoCString origin;
-  nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
+  nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
  if (NS_FAILED(rv)) {
    return false;
  }
--- a/dom/notification/Notification.cpp
+++ b/dom/notification/Notification.cpp
@@ -1880,7 +1880,8 @@ nsresult Notification::GetOrigin(nsIPrincipal* aPrincipal, nsString& aOrigin) {
    return NS_ERROR_FAILURE;
  }

-  nsresult rv = nsContentUtils::GetUTFOrigin(aPrincipal, aOrigin);
+  nsresult rv =
+      nsContentUtils::GetWebExposedOriginSerialization(aPrincipal, aOrigin);
  NS_ENSURE_SUCCESS(rv, rv);

  return NS_OK;
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -1763,7 +1763,7 @@ void nsContentSecurityManager::GetSerializedOrigin(
  // have a redirect-tainted origin, so we return the origin of the request
  // here.
  if (!lastOrigin) {
-    aOrigin->GetAsciiOrigin(aSerializedOrigin);
+    aOrigin->GetWebExposedOriginSerialization(aSerializedOrigin);
    return;
  }

@@ -1773,7 +1773,7 @@ void nsContentSecurityManager::GetSerializedOrigin(
    return;
  }

-  aOrigin->GetAsciiOrigin(aSerializedOrigin);
+  aOrigin->GetWebExposedOriginSerialization(aSerializedOrigin);
 }

 // https://html.spec.whatwg.org/multipage/browsers.html#compatible-with-cross-origin-isolation
--- a/dom/url/URL.cpp
+++ b/dom/url/URL.cpp
@@ -219,7 +219,8 @@ void URL::SetHref(const nsAString& aHref, ErrorResult& aRv) {
 }

 void URL::GetOrigin(nsAString& aOrigin) const {
-  nsresult rv = nsContentUtils::GetUTFOrigin(URI(), aOrigin);
+  nsresult rv =
+      nsContentUtils::GetWebExposedOriginSerialization(URI(), aOrigin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    aOrigin.Truncate();
  }
--- a/dom/webauthn/WebAuthnManager.cpp
+++ b/dom/webauthn/WebAuthnManager.cpp
@@ -93,7 +93,8 @@ nsresult GetOrigin(nsPIDOMWindowInner* aParent,
  MOZ_ASSERT(doc);

  nsCOMPtr<nsIPrincipal> principal = doc->NodePrincipal();
-  nsresult rv = nsContentUtils::GetUTFOrigin(principal, aOrigin);
+  nsresult rv =
+      nsContentUtils::GetWebExposedOriginSerialization(principal, aOrigin);
  if (NS_WARN_IF(NS_FAILED(rv)) || NS_WARN_IF(aOrigin.IsEmpty())) {
    return NS_ERROR_FAILURE;
  }
--- a/dom/websocket/WebSocket.cpp
+++ b/dom/websocket/WebSocket.cpp
@@ -1771,10 +1771,11 @@ nsresult WebSocketImpl::AsyncOpen(
  MOZ_ASSERT(NS_IsMainThread(), "Not running on main thread");
  MOZ_ASSERT_IF(!aTransportProvider, aNegotiatedExtensions.IsEmpty());

-  nsCString asciiOrigin;
-  nsresult rv = aPrincipal->GetAsciiOrigin(asciiOrigin);
+  nsCString webExposedOriginSerialization;
+  nsresult rv = aPrincipal->GetWebExposedOriginSerialization(
+      webExposedOriginSerialization);
  if (NS_FAILED(rv)) {
-    asciiOrigin.AssignLiteral("null");
+    webExposedOriginSerialization.AssignLiteral("null");
  }

  if (aTransportProvider) {
@@ -1783,7 +1784,7 @@ nsresult WebSocketImpl::AsyncOpen(
    NS_ENSURE_SUCCESS(rv, rv);
  }

-  ToLowerCase(asciiOrigin);
+  ToLowerCase(webExposedOriginSerialization);

  nsCOMPtr<nsIURI> uri;
  if (!aTransportProvider) {
@@ -1791,7 +1792,7 @@ nsresult WebSocketImpl::AsyncOpen(
    MOZ_ASSERT(NS_SUCCEEDED(rv));
  }

-  rv = mChannel->AsyncOpenNative(uri, asciiOrigin,
+  rv = mChannel->AsyncOpenNative(uri, webExposedOriginSerialization,
                                 aPrincipal->OriginAttributesRef(),
                                 aInnerWindowID, this, nullptr);
  if (NS_WARN_IF(NS_FAILED(rv))) {
@@ -2120,7 +2121,8 @@ nsresult WebSocketImpl::ParseURL(const nsAString& aURL) {
    return NS_ERROR_DOM_SYNTAX_ERR;
  }

-  rv = nsContentUtils::GetUTFOrigin(parsedURL, mUTF16Origin);
+  rv =
+      nsContentUtils::GetWebExposedOriginSerialization(parsedURL, mUTF16Origin);
  NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SYNTAX_ERR);

  mAsciiHost = host;
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -2220,7 +2220,8 @@ void WorkerPrivate::SetBaseURI(nsIURI* aBaseURI) {
    mLocationInfo.mHost.Assign(mLocationInfo.mHostname);
  }

-  nsContentUtils::GetUTFOrigin(aBaseURI, mLocationInfo.mOrigin);
+  nsContentUtils::GetWebExposedOriginSerialization(aBaseURI,
+                                                   mLocationInfo.mOrigin);
 }

 nsresult WorkerPrivate::SetPrincipalsAndCSPOnMainThread(
--- a/dom/workers/WorkerScope.cpp
+++ b/dom/workers/WorkerScope.cpp
@@ -665,7 +665,8 @@ int32_t WorkerGlobalScope::SetTimeoutOrInterval(JSContext* aCx,

 void WorkerGlobalScope::GetOrigin(nsAString& aOrigin) const {
  AssertIsOnWorkerThread();
-  nsContentUtils::GetUTFOrigin(mWorkerPrivate->GetPrincipal(), aOrigin);
+  nsContentUtils::GetWebExposedOriginSerialization(
+      mWorkerPrivate->GetPrincipal(), aOrigin);
 }

 bool WorkerGlobalScope::CrossOriginIsolated() const {
--- a/image/imgLoader.cpp
+++ b/image/imgLoader.cpp
@@ -1412,7 +1412,8 @@ nsresult imgLoader::RemoveEntriesInternal(nsIPrincipal* aPrincipal,

  nsAutoString origin;
  if (aPrincipal) {
-    nsresult rv = nsContentUtils::GetUTFOrigin(aPrincipal, origin);
+    nsresult rv =
+        nsContentUtils::GetWebExposedOriginSerialization(aPrincipal, origin);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return rv;
    }
@@ -1433,7 +1434,8 @@ nsresult imgLoader::RemoveEntriesInternal(nsIPrincipal* aPrincipal,
        }

        nsAutoString imageOrigin;
-        nsresult rv = nsContentUtils::GetUTFOrigin(key.URI(), imageOrigin);
+        nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(
+            key.URI(), imageOrigin);
        if (NS_WARN_IF(NS_FAILED(rv))) {
          return false;
        }
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -95,7 +95,7 @@ static const uint32_t kFlagsMask = ((1 << kRollingLoadOffset) - 1);
 // of nsIURI instead?)
 static nsresult ExtractOrigin(nsIURI* uri, nsIURI** originUri) {
  nsAutoCString s;
-  nsresult rv = nsContentUtils::GetASCIIOrigin(uri, s);
+  nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(uri, s);
  NS_ENSURE_SUCCESS(rv, rv);

  return NS_NewURI(originUri, s);
--- a/netwerk/cache2/CacheFileContextEvictor.cpp
+++ b/netwerk/cache2/CacheFileContextEvictor.cpp
@@ -686,7 +686,7 @@ void CacheFileContextEvictor::EvictEntries() {
      }

      nsAutoString urlOrigin;
-      rv = nsContentUtils::GetUTFOrigin(uri, urlOrigin);
+      rv = nsContentUtils::GetWebExposedOriginSerialization(uri, urlOrigin);
      if (NS_FAILED(rv)) {
        LOG(
            ("CacheFileContextEvictor::EvictEntries() - Skipping entry since "
--- a/netwerk/cache2/CacheStorageService.cpp
+++ b/netwerk/cache2/CacheStorageService.cpp
@@ -691,7 +691,7 @@ NS_IMETHODIMP CacheStorageService::ClearOrigin(nsIPrincipal* aPrincipal) {
  }

  nsAutoString origin;
-  rv = nsContentUtils::GetUTFOrigin(aPrincipal, origin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(aPrincipal, origin);
  NS_ENSURE_SUCCESS(rv, rv);

  rv = ClearOriginInternal(origin, aPrincipal->OriginAttributesRef(), true);
@@ -855,7 +855,7 @@ nsresult CacheStorageService::ClearOriginInternal(
        NS_ENSURE_SUCCESS(rv, rv);

        nsAutoString origin;
-        rv = nsContentUtils::GetUTFOrigin(uri, origin);
+        rv = nsContentUtils::GetWebExposedOriginSerialization(uri, origin);
        NS_ENSURE_SUCCESS(rv, rv);

        if (origin != aOrigin) {
--- a/netwerk/protocol/http/nsCORSListenerProxy.cpp
+++ b/netwerk/protocol/http/nsCORSListenerProxy.cpp
@@ -642,7 +642,7 @@ nsresult nsCORSListenerProxy::CheckRequestApproved(nsIRequest* aRequest) {
  if (mWithCredentials || !allowedOriginHeader.EqualsLiteral("*")) {
    MOZ_ASSERT(!mOriginHeaderPrincipal->GetIsExpandedPrincipal());
    nsAutoCString origin;
-    mOriginHeaderPrincipal->GetAsciiOrigin(origin);
+    mOriginHeaderPrincipal->GetWebExposedOriginSerialization(origin);

    if (!allowedOriginHeader.Equals(origin)) {
      LogBlockedRequest(
@@ -1029,7 +1029,7 @@ nsresult nsCORSListenerProxy::UpdateChannel(nsIChannel* aChannel,

  // Add the Origin header
  nsAutoCString origin;
-  rv = mOriginHeaderPrincipal->GetAsciiOrigin(origin);
+  rv = mOriginHeaderPrincipal->GetWebExposedOriginSerialization(origin);
  NS_ENSURE_SUCCESS(rv, rv);

  nsCOMPtr<nsIHttpChannel> http = do_QueryInterface(aChannel);
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@@ -9208,7 +9208,7 @@ void nsHttpChannel::SetOriginHeader() {
    } else if (HasNullRequestOrigin(this, uri, isAddonRequest)) {
      serializedOrigin.AssignLiteral("null");
    } else {
-      nsContentUtils::GetASCIIOrigin(uri, serializedOrigin);
+      nsContentUtils::GetWebExposedOriginSerialization(uri, serializedOrigin);
    }
  }

@@ -9235,7 +9235,7 @@ void nsHttpChannel::SetOriginHeader() {
    } else if (StaticPrefs::network_http_sendOriginHeader() == 1) {
      // Non-standard: Restrict Origin to same-origin loads if requested by user
      nsAutoCString currentOrigin;
-      nsContentUtils::GetASCIIOrigin(mURI, currentOrigin);
+      nsContentUtils::GetWebExposedOriginSerialization(mURI, currentOrigin);
      if (!serializedOrigin.EqualsIgnoreCase(currentOrigin.get())) {
        // Origin header suppressed by user setting.
        serializedOrigin.AssignLiteral("null");
--- a/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
+++ b/netwerk/protocol/webtransport/WebTransportSessionProxy.cpp
@@ -134,7 +134,8 @@ nsresult WebTransportSessionProxy::AsyncConnectWithClient(
  // isomorphic encoded, as the `Origin` header of the request.
  // https://www.w3.org/TR/webtransport/#protocol-concepts
  nsAutoCString serializedOrigin;
-  if (NS_FAILED(aPrincipal->GetAsciiOrigin(serializedOrigin))) {
+  if (NS_FAILED(
+          aPrincipal->GetWebExposedOriginSerialization(serializedOrigin))) {
    // origin/URI will be missing for system principals
    // assign null origin
    serializedOrigin = "null"_ns;
--- a/toolkit/components/antitracking/AntiTrackingRedirectHeuristic.cpp
+++ b/toolkit/components/antitracking/AntiTrackingRedirectHeuristic.cpp
@@ -388,7 +388,7 @@ void FinishAntiTrackingRedirectHeuristic(nsIChannel* aNewChannel,
  }

  nsAutoCString newOrigin;
-  rv = nsContentUtils::GetASCIIOrigin(aNewURI, newOrigin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(aNewURI, newOrigin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    LOG(("Can't get the origin from the URI"));
    return;
--- a/toolkit/components/antitracking/AntiTrackingUtils.cpp
+++ b/toolkit/components/antitracking/AntiTrackingUtils.cpp
@@ -476,14 +476,16 @@ AntiTrackingUtils::GetStoragePermissionStateInParent(nsIChannel* aChannel) {
  }

  nsAutoCString trackingOrigin;
-  rv = nsContentUtils::GetASCIIOrigin(trackingURI, trackingOrigin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(trackingURI,
+                                                        trackingOrigin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return nsILoadInfo::NoStoragePermission;
  }

  if (IsThirdPartyChannel(aChannel)) {
    nsAutoCString targetOrigin;
-    if (NS_FAILED(targetPrincipal->GetAsciiOrigin(targetOrigin))) {
+    if (NS_FAILED(
+            targetPrincipal->GetWebExposedOriginSerialization(targetOrigin))) {
      return nsILoadInfo::NoStoragePermission;
    }

--- a/toolkit/components/antitracking/ContentBlockingNotifier.cpp
+++ b/toolkit/components/antitracking/ContentBlockingNotifier.cpp
@@ -88,7 +88,8 @@ void ReportUnblockingToConsole(
        }

        nsAutoString origin;
-        nsresult rv = nsContentUtils::GetUTFOrigin(principal, origin);
+        nsresult rv =
+            nsContentUtils::GetWebExposedOriginSerialization(principal, origin);
        if (NS_WARN_IF(NS_FAILED(rv))) {
          return;
        }
@@ -285,7 +286,8 @@ void NotifyBlockingDecision(nsIChannel* aTrackingChannel,

  nsAutoCString trackingOrigin;
  if (aURI) {
-    Unused << nsContentUtils::GetASCIIOrigin(aURI, trackingOrigin);
+    Unused << nsContentUtils::GetWebExposedOriginSerialization(aURI,
+                                                               trackingOrigin);
  }

  if (aDecision == ContentBlockingNotifier::BlockingDecision::eBlock) {
@@ -545,7 +547,8 @@ void ContentBlockingNotifier::OnEvent(nsIChannel* aTrackingChannel,

  nsAutoCString trackingOrigin;
  if (uri) {
-    Unused << nsContentUtils::GetASCIIOrigin(uri, trackingOrigin);
+    Unused << nsContentUtils::GetWebExposedOriginSerialization(uri,
+                                                               trackingOrigin);
  }

  return ContentBlockingNotifier::OnEvent(aTrackingChannel, aBlocked,
--- a/toolkit/components/antitracking/DynamicFpiRedirectHeuristic.cpp
+++ b/toolkit/components/antitracking/DynamicFpiRedirectHeuristic.cpp
@@ -307,7 +307,7 @@ void DynamicFpiRedirectHeuristic(nsIChannel* aOldChannel, nsIURI* aOldURI,
  }

  nsAutoCString newOrigin;
-  rv = nsContentUtils::GetASCIIOrigin(aNewURI, newOrigin);
+  rv = nsContentUtils::GetWebExposedOriginSerialization(aNewURI, newOrigin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    LOG(("Can't get the origin from the URI"));
    return;
--- a/toolkit/components/antitracking/StorageAccess.cpp
+++ b/toolkit/components/antitracking/StorageAccess.cpp
@@ -898,7 +898,7 @@ bool ApproximateAllowAccessForWithoutChannel(
  }

  nsAutoCString origin;
-  nsresult rv = nsContentUtils::GetASCIIOrigin(aURI, origin);
+  nsresult rv = nsContentUtils::GetWebExposedOriginSerialization(aURI, origin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    LOG_SPEC(("Failed to compute the origin from %s", _spec), aURI);
    return false;
--- a/toolkit/components/antitracking/StorageAccessAPIHelper.cpp
+++ b/toolkit/components/antitracking/StorageAccessAPIHelper.cpp
@@ -106,7 +106,7 @@ StorageAccessAPIHelper::AllowAccessFor(

  if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug)) {
    nsAutoCString origin;
-    aPrincipal->GetAsciiOrigin(origin);
+    aPrincipal->GetWebExposedOriginSerialization(origin);
    LOG(("Adding a first-party storage exception for %s, triggered by %s",
         PromiseFlatCString(origin).get(),
         AntiTrackingUtils::GrantedReasonToString(aReason).get()));
@@ -172,7 +172,7 @@ StorageAccessAPIHelper::AllowAccessFor(
  // We are a first party resource.
  if (!isParentThirdParty) {
    nsAutoCString origin;
-    nsresult rv = aPrincipal->GetAsciiOrigin(origin);
+    nsresult rv = aPrincipal->GetWebExposedOriginSerialization(origin);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      LOG(("Can't get the origin from the URI"));
      return StorageAccessPermissionGrantPromise::CreateAndReject(false,