Bug 1967417 - Create a fallible LoadInfo factory. r=smaug,necko-reviewers,places-reviewers,kershaw

Differential Revision: https://phabricator.services.mozilla.com/D250182

docshell/base/nsDocShell.cpp

@@ -10555,15 +10555,17 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
   mBrowsingContext->SetTriggeringAndInheritPrincipals(
       aLoadState->TriggeringPrincipal(), aLoadState->PrincipalToInherit(),
       aLoadState->GetLoadIdentifier());
-  RefPtr<LoadInfo> loadInfo =
+  RefPtr<LoadInfo> loadInfo;
-      (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT)
+  if (contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT) {
-          ? new LoadInfo(loadingWindow, uri, aLoadState->TriggeringPrincipal(),
+    loadInfo =
-                         topLevelLoadingContext, securityFlags, sandboxFlags)
+        new LoadInfo(loadingWindow, uri, aLoadState->TriggeringPrincipal(),
-          : new LoadInfo(loadingPrincipal, aLoadState->TriggeringPrincipal(),
+                     topLevelLoadingContext, securityFlags, sandboxFlags);
-                         loadingNode, securityFlags, contentPolicyType,
+  } else {
-                         Maybe<mozilla::dom::ClientInfo>(),
+    loadInfo = MOZ_TRY(LoadInfo::Create(
-                         Maybe<mozilla::dom::ServiceWorkerDescriptor>(),
+        loadingPrincipal, aLoadState->TriggeringPrincipal(), loadingNode,
-                         sandboxFlags);
+        securityFlags, contentPolicyType, Maybe<mozilla::dom::ClientInfo>(),
+        Maybe<mozilla::dom::ServiceWorkerDescriptor>(), sandboxFlags));
+  }
   RefPtr<WindowContext> context = mBrowsingContext->GetCurrentWindowContext();
 
   if (isAboutBlankLoadOntoInitialAboutBlank) {

dom/base/nsObjectLoadingContent.cpp

@@ -613,11 +613,15 @@ bool nsObjectLoadingContent::CheckLoadPolicy(int16_t* aContentPolicy) {
 
   nsContentPolicyType contentPolicyType = GetContentPolicyType();
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
+  Result<RefPtr<LoadInfo>, nsresult> maybeLoadInfo =
-      new LoadInfo(doc->NodePrincipal(),  // loading principal
+      LoadInfo::Create(doc->NodePrincipal(),  // loading principal
-                   doc->NodePrincipal(),  // triggering principal
+                       doc->NodePrincipal(),  // triggering principal
-                   el, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+                       el, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-                   contentPolicyType);
+                       contentPolicyType);
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return false;
+  }
+  RefPtr<LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
 
   *aContentPolicy = nsIContentPolicy::ACCEPT;
   nsresult rv =
@@ -653,10 +657,14 @@ bool nsObjectLoadingContent::CheckProcessPolicy(int16_t* aContentPolicy) {
       return false;
   }
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new LoadInfo(
+  Result<RefPtr<LoadInfo>, nsresult> maybeLoadInfo = LoadInfo::Create(
       doc->NodePrincipal(),  // loading principal
       doc->NodePrincipal(),  // triggering principal
       el, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, objectType);
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return false;
+  }
+  RefPtr<LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
 
   *aContentPolicy = nsIContentPolicy::ACCEPT;
   nsresult rv = NS_CheckContentProcessPolicy(
@@ -1433,7 +1441,7 @@ nsresult nsObjectLoadingContent::OpenChannel() {
   }
 
   // --- Create LoadInfo
-  RefPtr<LoadInfo> loadInfo = new LoadInfo(
+  RefPtr<LoadInfo> loadInfo = MOZ_TRY(LoadInfo::Create(
       /*aLoadingPrincipal = aLoadingContext->NodePrincipal() */ nullptr,
       /*aTriggeringPrincipal = aLoadingPrincipal */ nullptr,
       /*aLoadingContext = */ el,
@@ -1441,7 +1449,7 @@ nsresult nsObjectLoadingContent::OpenChannel() {
       /*aContentPolicyType = */ contentPolicyType,
       /*aLoadingClientInfo = */ Nothing(),
       /*aController = */ Nothing(),
-      /*aSandboxFlags = */ sandboxFlags);
+      /*aSandboxFlags = */ sandboxFlags));
 
   if (inheritAttrs) {
     loadInfo->SetPrincipalToInherit(el->NodePrincipal());

dom/media/webrtc/jsapi/PeerConnectionImpl.cpp

@@ -4874,10 +4874,14 @@ std::unique_ptr<NrSocketProxyConfig> PeerConnectionImpl::GetProxyConfig()
   }
 
   TabId id = browserChild->GetTabId();
-  nsCOMPtr<nsILoadInfo> loadInfo =
+  Result<RefPtr<net::LoadInfo>, nsresult> maybeLoadInfo = net::LoadInfo::Create(
-      new net::LoadInfo(doc->NodePrincipal(), doc->NodePrincipal(), doc,
+      doc->NodePrincipal(), doc->NodePrincipal(), doc,
-                        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
-                        nsIContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA);
+      nsIContentPolicy::TYPE_PROXIED_WEBRTC_MEDIA);
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return nullptr;
+  }
+  RefPtr<net::LoadInfo> loadInfo = maybeLoadInfo.unwrap();
 
   net::LoadInfoArgs loadInfoArgs;
   MOZ_ALWAYS_SUCCEEDS(

dom/script/ScriptLoader.cpp

@@ -477,11 +477,11 @@ nsresult ScriptLoader::CheckContentPolicy(nsIScriptElement* aElement,
   if (aElement) {
     requestingNode = do_QueryInterface(aElement);
   }
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = MOZ_TRY(net::LoadInfo::Create(
       mDocument->NodePrincipal(),  // loading principal
       mDocument->NodePrincipal(),  // triggering principal
       requestingNode, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-      contentPolicyType);
+      contentPolicyType));
   secCheckLoadInfo->SetParserCreatedScript(aElement &&
                                            aElement->GetParserCreated() !=
                                                mozilla::dom::NOT_FROM_PARSER);

dom/security/nsContentSecurityUtils.cpp

@@ -2220,10 +2220,14 @@ long nsContentSecurityUtils::ClassifyDownload(
     loadingPrincipal = loadInfo->TriggeringPrincipal();
   }
   // Creating a fake Loadinfo that is just used for the MCB check.
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new mozilla::net::LoadInfo(
+  Result<RefPtr<net::LoadInfo>, nsresult> maybeLoadInfo = net::LoadInfo::Create(
       loadingPrincipal, loadInfo->TriggeringPrincipal(), nullptr,
       nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
       nsIContentPolicy::TYPE_FETCH);
+  if (maybeLoadInfo.isErr()) {
+    return nsITransfer::DOWNLOAD_FORBIDDEN;
+  }
+  RefPtr<net::LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
   // Disable HTTPS-Only checks for that loadinfo. This is required because
   // otherwise nsMixedContentBlocker::ShouldLoad would assume that the request
   // is safe, because HTTPS-Only is handling it.

dom/serviceworkers/ServiceWorkerUtils.cpp

@@ -354,12 +354,18 @@ void ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,
     // logic here (and the CheckMayLoad calls above) corresponds to the steps of
     // the register (https://w3c.github.io/ServiceWorker/#register-algorithm)
     // which explicitly throws a SecurityError.
-    nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new mozilla::net::LoadInfo(
+    Result<RefPtr<net::LoadInfo>, nsresult> maybeLoadInfo =
-        principal,  // loading principal
+        net::LoadInfo::Create(
-        principal,  // triggering principal
+            principal,  // loading principal
-        maybeDoc,   // loading node
+            principal,  // triggering principal
-        nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+            maybeDoc,   // loading node
-        nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER, Some(aClientInfo));
+            nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+            nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER, Some(aClientInfo));
+    if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+      aResult.ThrowSecurityError("Script URL is not allowed by policy.");
+      return;
+    }
+    RefPtr<net::LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
 
     if (cspListener) {
       rv = secCheckLoadInfo->SetCspEventListener(cspListener);

dom/websocket/WebSocket.cpp

@@ -1711,11 +1711,11 @@ nsresult WebSocketImpl::Init(nsIGlobalObject* aWindowGlobal, JSContext* aCx,
     // AsyncOpen().
     // Please note that websockets can't follow redirects, hence there is no
     // need to perform a CSP check after redirects.
-    nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+    nsCOMPtr<nsILoadInfo> secCheckLoadInfo = MOZ_TRY(net::LoadInfo::Create(
         aPrincipal,  // loading principal
         aPrincipal,  // triggering principal
         originDoc, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-        nsIContentPolicy::TYPE_WEBSOCKET, aClientInfo);
+        nsIContentPolicy::TYPE_WEBSOCKET, aClientInfo));
 
     if (aCSPEventListener) {
       secCheckLoadInfo->SetCspEventListener(aCSPEventListener);

dom/xml/nsXMLContentSink.cpp

@@ -763,12 +763,12 @@ nsresult nsXMLContentSink::MaybeProcessXSLTLink(
                                          mDocument->InnerWindowID());
   NS_ENSURE_SUCCESS(rv, NS_OK);
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo =
+  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = MOZ_TRY(
-      new net::LoadInfo(mDocument->NodePrincipal(),  // loading principal
+      net::LoadInfo::Create(mDocument->NodePrincipal(),  // loading principal
-                        mDocument->NodePrincipal(),  // triggering principal
+                            mDocument->NodePrincipal(),  // triggering principal
-                        aProcessingInstruction,
+                            aProcessingInstruction,
-                        nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+                            nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-                        nsIContentPolicy::TYPE_XSLT);
+                            nsIContentPolicy::TYPE_XSLT));
 
   // Do content policy check
   int16_t decision = nsIContentPolicy::ACCEPT;

image/imgLoader.cpp

@@ -727,10 +727,13 @@ static bool ShouldLoadCachedImage(imgRequest* aImgRequest,
     loadingPrincipal = NullPrincipal::CreateWithoutOriginAttributes();
   }
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new LoadInfo(
+  Result<RefPtr<LoadInfo>, nsresult> maybeLoadInfo = LoadInfo::Create(
       loadingPrincipal, aTriggeringPrincipal, aLoadingDocument,
       nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, aPolicyType);
-
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return false;
+  }
+  RefPtr<LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
   secCheckLoadInfo->SetSendCSPViolationEvents(aSendCSPViolationReports);
 
   int16_t decision = nsIContentPolicy::REJECT_REQUEST;

layout/style/FontFaceSetDocumentImpl.cpp

@@ -356,11 +356,15 @@ bool FontFaceSetDocumentImpl::IsFontLoadAllowed(const gfxFontFaceSrc& aSrc) {
   nsIPrincipal* principal =
       gfxPrincipal ? gfxPrincipal->NodePrincipal() : nullptr;
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+  Result<RefPtr<net::LoadInfo>, nsresult> maybeLoadInfo = net::LoadInfo::Create(
       mDocument->NodePrincipal(),  // loading principal
       principal,                   // triggering principal
       mDocument, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
       nsIContentPolicy::TYPE_FONT);
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return false;
+  }
+  RefPtr<net::LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
 
   int16_t shouldLoad = nsIContentPolicy::ACCEPT;
   nsresult rv =

layout/style/FontFaceSetWorkerImpl.cpp

@@ -316,11 +316,15 @@ bool FontFaceSetWorkerImpl::IsFontLoadAllowed(const gfxFontFaceSrc& aSrc) {
   nsIPrincipal* principal =
       gfxPrincipal ? gfxPrincipal->NodePrincipal() : nullptr;
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+  Result<RefPtr<net::LoadInfo>, nsresult> maybeLoadInfo = net::LoadInfo::Create(
       mWorkerRef->Private()->GetLoadingPrincipal(),  // loading principal
       principal,                                     // triggering principal
       nullptr, nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
       nsIContentPolicy::TYPE_FONT);
+  if (NS_WARN_IF(maybeLoadInfo.isErr())) {
+    return false;
+  }
+  RefPtr<net::LoadInfo> secCheckLoadInfo = maybeLoadInfo.unwrap();
 
   int16_t shouldLoad = nsIContentPolicy::ACCEPT;
   nsresult rv =

layout/style/Loader.cpp

@@ -828,9 +828,9 @@ nsresult Loader::CheckContentPolicy(nsIPrincipal* aLoadingPrincipal,
   nsContentPolicyType contentPolicyType =
       ComputeContentPolicyType(aPreloadKind);
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = MOZ_TRY(net::LoadInfo::Create(
       aLoadingPrincipal, aTriggeringPrincipal, aRequestingNode,
-      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, contentPolicyType);
+      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, contentPolicyType));
   secCheckLoadInfo->SetCspNonce(aNonce);
 
   int16_t shouldLoad = nsIContentPolicy::ACCEPT;

netwerk/base/LoadInfo.cpp

@@ -75,6 +75,18 @@ static nsContentPolicyType InternalContentPolicyTypeForFrame(
              : nsIContentPolicy::TYPE_INTERNAL_FRAME;
 }
 
+/* static */ Result<already_AddRefed<LoadInfo>, nsresult> LoadInfo::Create(
+    nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
+    nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
+    nsContentPolicyType aContentPolicyType,
+    const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo,
+    const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController,
+    uint32_t aSandboxFlags) {
+  return MakeAndAddRef<LoadInfo>(
+      aLoadingPrincipal, aTriggeringPrincipal, aLoadingContext, aSecurityFlags,
+      aContentPolicyType, aLoadingClientInfo, aController, aSandboxFlags);
+}
+
 /* static */ already_AddRefed<LoadInfo> LoadInfo::CreateForDocument(
     dom::CanonicalBrowsingContext* aBrowsingContext, nsIURI* aURI,
     nsIPrincipal* aTriggeringPrincipal, const nsACString& aTriggeringRemoteType,

netwerk/base/LoadInfo.h

@@ -19,6 +19,7 @@
 #include "nsTArray.h"
 
 #include "mozilla/BasePrincipal.h"
+#include "mozilla/Result.h"
 #include "mozilla/dom/ClientInfo.h"
 #include "mozilla/dom/ServiceWorkerDescriptor.h"
 
@@ -66,6 +67,18 @@ class LoadInfo final : public nsILoadInfo {
   NS_DECL_ISUPPORTS
   NS_DECL_NSILOADINFO
 
+  // Currently used for most load types, but prefer the specialized factories
+  // below when possible. aLoadingPrincipal MUST NOT BE NULL.
+  static mozilla::Result<already_AddRefed<LoadInfo>, nsresult> Create(
+      nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
+      nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
+      nsContentPolicyType aContentPolicyType,
+      const Maybe<mozilla::dom::ClientInfo>& aLoadingClientInfo =
+          Maybe<mozilla::dom::ClientInfo>(),
+      const Maybe<mozilla::dom::ServiceWorkerDescriptor>& aController =
+          Maybe<mozilla::dom::ServiceWorkerDescriptor>(),
+      uint32_t aSandboxFlags = 0);
+
   // Used for TYPE_DOCUMENT load.
   static already_AddRefed<LoadInfo> CreateForDocument(
       dom::CanonicalBrowsingContext* aBrowsingContext, nsIURI* aURI,
@@ -87,6 +100,16 @@ class LoadInfo final : public nsILoadInfo {
       nsContentPolicyType aContentPolicyType, nsSecurityFlags aSecurityFlags,
       uint32_t aSandboxFlags);
 
+  // Constructor used for TYPE_DOCUMENT loads which have a different
+  // loadingContext than other loads. This ContextForTopLevelLoad is
+  // only used for content policy checks.
+  LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIURI* aURI,
+           nsIPrincipal* aTriggeringPrincipal,
+           nsISupports* aContextForTopLevelLoad, nsSecurityFlags aSecurityFlags,
+           uint32_t aSandboxFlags);
+
+ private:
+  // Use factory function Create.
   // aLoadingPrincipal MUST NOT BE NULL.
   LoadInfo(nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
            nsINode* aLoadingContext, nsSecurityFlags aSecurityFlags,
@@ -97,15 +120,6 @@ class LoadInfo final : public nsILoadInfo {
                Maybe<mozilla::dom::ServiceWorkerDescriptor>(),
            uint32_t aSandboxFlags = 0);
 
-  // Constructor used for TYPE_DOCUMENT loads which have a different
-  // loadingContext than other loads. This ContextForTopLevelLoad is
-  // only used for content policy checks.
-  LoadInfo(nsPIDOMWindowOuter* aOuterWindow, nsIURI* aURI,
-           nsIPrincipal* aTriggeringPrincipal,
-           nsISupports* aContextForTopLevelLoad, nsSecurityFlags aSecurityFlags,
-           uint32_t aSandboxFlags);
-
- private:
   // Use factory function CreateForDocument
   // Used for TYPE_DOCUMENT load.
   LoadInfo(dom::CanonicalBrowsingContext* aBrowsingContext, nsIURI* aURI,

netwerk/base/nsIOService.cpp

@@ -1183,9 +1183,9 @@ nsresult nsIOService::NewChannelFromURIWithProxyFlagsInternal(
     const Maybe<ServiceWorkerDescriptor>& aController, uint32_t aSecurityFlags,
     nsContentPolicyType aContentPolicyType, uint32_t aSandboxFlags,
     nsIChannel** result) {
-  nsCOMPtr<nsILoadInfo> loadInfo = new LoadInfo(
+  nsCOMPtr<nsILoadInfo> loadInfo = MOZ_TRY(LoadInfo::Create(
       aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
-      aContentPolicyType, aLoadingClientInfo, aController, aSandboxFlags);
+      aContentPolicyType, aLoadingClientInfo, aController, aSandboxFlags));
   return NewChannelFromURIWithProxyFlagsInternal(aURI, aProxyURI, aProxyFlags,
                                                  loadInfo, result);
 }
@@ -2158,10 +2158,10 @@ nsresult nsIOService::SpeculativeConnectInternal(
   // connection from http to https.
   nsCOMPtr<nsIURI> httpsURI;
   if (aURI->SchemeIs("http")) {
-    nsCOMPtr<nsILoadInfo> httpsOnlyCheckLoadInfo =
+    nsCOMPtr<nsILoadInfo> httpsOnlyCheckLoadInfo = MOZ_TRY(
-        new LoadInfo(loadingPrincipal, loadingPrincipal, nullptr,
+        LoadInfo::Create(loadingPrincipal, loadingPrincipal, nullptr,
-                     nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
+                         nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
-                     nsIContentPolicy::TYPE_SPECULATIVE);
+                         nsIContentPolicy::TYPE_SPECULATIVE));
 
     // Check if https-only, or https-first would upgrade the request
     if (nsHTTPSOnlyUtils::ShouldUpgradeRequest(aURI, httpsOnlyCheckLoadInfo) ||

netwerk/base/nsNetUtil.cpp

@@ -782,9 +782,9 @@ nsresult NS_NewInputStreamChannelInternal(
     const nsACString& aContentCharset, nsINode* aLoadingNode,
     nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
     nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType) {
-  nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> loadInfo = MOZ_TRY(
-      aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
+      LoadInfo::Create(aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode,
-      aContentPolicyType);
+                       aSecurityFlags, aContentPolicyType));
   if (!loadInfo) {
     return NS_ERROR_UNEXPECTED;
   }
@@ -847,9 +847,9 @@ nsresult NS_NewInputStreamChannelInternal(
     nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
     nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
     bool aIsSrcdocChannel /* = false */) {
-  nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> loadInfo = MOZ_TRY(
-      aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
+      net::LoadInfo::Create(aLoadingPrincipal, aTriggeringPrincipal,
-      aContentPolicyType);
+                            aLoadingNode, aSecurityFlags, aContentPolicyType));
   return NS_NewInputStreamChannelInternal(outChannel, aUri, aData, aContentType,
                                           loadInfo, aIsSrcdocChannel);
 }

netwerk/protocol/http/AlternateServices.cpp

@@ -696,10 +696,10 @@ class WellKnownChecker {
 
   nsresult Start() {
     LOG(("WellKnownChecker::Start %p\n", this));
-    nsCOMPtr<nsILoadInfo> loadInfo =
+    nsCOMPtr<nsILoadInfo> loadInfo = MOZ_TRY(LoadInfo::Create(
-        new LoadInfo(nsContentUtils::GetSystemPrincipal(), nullptr, nullptr,
+        nsContentUtils::GetSystemPrincipal(), nullptr, nullptr,
-                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+        nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
-                     nsIContentPolicy::TYPE_OTHER);
+        nsIContentPolicy::TYPE_OTHER));
     loadInfo->SetOriginAttributes(mCI->GetOriginAttributes());
     // allow deprecated HTTP request from SystemPrincipal
     loadInfo->SetAllowDeprecatedSystemRequests(true);

netwerk/protocol/websocket/BaseWebSocketChannel.cpp

@@ -219,10 +219,10 @@ BaseWebSocketChannel::InitLoadInfoNative(
     nsIPrincipal* aTriggeringPrincipal,
     nsICookieJarSettings* aCookieJarSettings, uint32_t aSecurityFlags,
     nsContentPolicyType aContentPolicyType, uint32_t aSandboxFlags) {
-  mLoadInfo = new LoadInfo(
+  mLoadInfo = MOZ_TRY(LoadInfo::Create(
       aLoadingPrincipal, aTriggeringPrincipal, aLoadingNode, aSecurityFlags,
       aContentPolicyType, Maybe<mozilla::dom::ClientInfo>(),
-      Maybe<mozilla::dom::ServiceWorkerDescriptor>(), aSandboxFlags);
+      Maybe<mozilla::dom::ServiceWorkerDescriptor>(), aSandboxFlags));
   if (aCookieJarSettings) {
     mLoadInfo->SetCookieJarSettings(aCookieJarSettings);
   }

netwerk/test/fuzz/TestHttpFuzzing.cpp

@@ -167,13 +167,15 @@ static int FuzzingRunNetworkHttp(const uint8_t* data, size_t size) {
         MOZ_CRASH("do_QueryInterface failed.");
       }
 
-      loadInfo = new LoadInfo(
+      loadInfo =
-          nsContentUtils::GetSystemPrincipal(),  // loading principal
+          LoadInfo::Create(
-          nsContentUtils::GetSystemPrincipal(),  // triggering principal
+              nsContentUtils::GetSystemPrincipal(),  // loading principal
-          nullptr,                               // Context
+              nsContentUtils::GetSystemPrincipal(),  // triggering principal
-          secFlags, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST_ASYNC,
+              nullptr,                               // Context
-          Maybe<mozilla::dom::ClientInfo>(),
+              secFlags, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST_ASYNC,
-          Maybe<mozilla::dom::ServiceWorkerDescriptor>(), sandboxFlags);
+              Maybe<mozilla::dom::ClientInfo>(),
+              Maybe<mozilla::dom::ServiceWorkerDescriptor>(), sandboxFlags)
+              .unwrap();
 
       rv = pph->NewProxiedChannel(url, proxyInfo,
                                   0,        // aProxyResolveFlags

toolkit/components/places/nsFaviconService.cpp

@@ -277,13 +277,13 @@ nsFaviconService::SetFaviconForPage(nsIURI* aPageURI, nsIURI* aFaviconURI,
     return NS_ERROR_NULL_POINTER;
   }
 
-  nsCOMPtr<nsILoadInfo> loadInfo = new mozilla::net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> loadInfo = MOZ_TRY(net::LoadInfo::Create(
       loadingPrincipal,
       nullptr,  // aTriggeringPrincipal
       nullptr,  // aLoadingNode
       nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
           nsILoadInfo::SEC_ALLOW_CHROME | nsILoadInfo::SEC_DISALLOW_SCRIPT,
-      nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON);
+      nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON));
 
   nsCOMPtr<nsIChannel> channel;
   rv = protocolHandler->NewChannel(aDataURL, loadInfo, getter_AddRefs(channel));

uriloader/preload/FetchPreloader.cpp

@@ -154,9 +154,9 @@ nsresult FetchPreloader::CheckContentPolicy(nsIURI* aURI,
     return NS_OK;
   }
 
-  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = new net::LoadInfo(
+  nsCOMPtr<nsILoadInfo> secCheckLoadInfo = MOZ_TRY(net::LoadInfo::Create(
       aDocument->NodePrincipal(), aDocument->NodePrincipal(), aDocument,
-      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, mContentPolicyType);
+      nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, mContentPolicyType));
 
   int16_t shouldLoad = nsIContentPolicy::ACCEPT;
   nsresult rv = NS_CheckContentLoadPolicy(aURI, secCheckLoadInfo, &shouldLoad,