Backed out 16 changesets (bug 1525245) for Android failures. CLOSED TREE

Backed out changeset 9f8a1b410320 (bug 1525245) Backed out changeset 0ef284a9a1d5 (bug 1525245) Backed out changeset 835e5f642a03 (bug 1525245) Backed out changeset 362f5a8d033c (bug 1525245) Backed out changeset 9da3ab33cf67 (bug 1525245) Backed out changeset 6aacd2d6e835 (bug 1525245) Backed out changeset 8ff9e8f45e02 (bug 1525245) Backed out changeset 2020227181cc (bug 1525245) Backed out changeset fc3c64c330b9 (bug 1525245) Backed out changeset 2762bf88e050 (bug 1525245) Backed out changeset ffc10fdc50a6 (bug 1525245) Backed out changeset bb6ade1207d7 (bug 1525245) Backed out changeset 1875eb5085e4 (bug 1525245) Backed out changeset 7e4f67a6d6f1 (bug 1525245) Backed out changeset e671fc9581eb (bug 1525245) Backed out changeset b89f5def8d0d (bug 1525245)
2019-03-06 21:07:49 +02:00
parent d252cdd39a
commit 9a275b4283
149 changed files with 1246 additions and 2907 deletions
--- a/browser/components/enterprisepolicies/tests/browser/browser_policy_cookie_settings.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policy_cookie_settings.js
@@ -13,9 +13,7 @@ XPCOMUtils.defineLazyServiceGetter(Services, "cookiemgr",
 function restore_prefs() {
  Services.prefs.clearUserPref("network.cookie.cookieBehavior");
  Services.prefs.clearUserPref("network.cookie.lifetimePolicy");
  Services.prefs.clearUserPref("network.cookieSettings.unblocked_for_testing");
 }
 registerCleanupFunction(restore_prefs);
 async function fake_profile_change() {
@@ -134,7 +132,6 @@ add_task(async function prepare_tracker_tables() {
 });
 add_task(async function test_initial_state() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await test_cookie_settings({
    cookiesEnabled: true,
    thirdPartyCookiesEnabled: true,
@@ -147,7 +144,6 @@ add_task(async function test_initial_state() {
 add_task(async function test_undefined_unlocked() {
  Services.prefs.setIntPref("network.cookie.cookieBehavior", 3);
  Services.prefs.setIntPref("network.cookie.lifetimePolicy", 2);
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -162,7 +158,6 @@ add_task(async function test_undefined_unlocked() {
 });
 add_task(async function test_disabled() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -181,7 +176,6 @@ add_task(async function test_disabled() {
 });
 add_task(async function test_third_party_disabled() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -200,7 +194,6 @@ add_task(async function test_third_party_disabled() {
 });
 add_task(async function test_disabled_and_third_party_disabled() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -220,7 +213,6 @@ add_task(async function test_disabled_and_third_party_disabled() {
 });
 add_task(async function test_disabled_and_third_party_disabled_locked() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -241,7 +233,6 @@ add_task(async function test_disabled_and_third_party_disabled_locked() {
 });
 add_task(async function test_undefined_locked() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -260,7 +251,6 @@ add_task(async function test_undefined_locked() {
 });
 add_task(async function test_cookie_expire() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -279,7 +269,6 @@ add_task(async function test_cookie_expire() {
 });
 add_task(async function test_cookie_reject_trackers() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -299,7 +288,6 @@ add_task(async function test_cookie_reject_trackers() {
 });
 add_task(async function test_cookie_expire_locked() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
@@ -319,7 +307,6 @@ add_task(async function test_cookie_expire_locked() {
 });
 add_task(async function test_disabled_cookie_expire_locked() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  await setupPolicyEngineWithJson({
    "policies": {
      "Cookies": {
--- a/dom/base/Document.cpp
+++ b/dom/base/Document.cpp
@@ -78,7 +78,6 @@
 #include "mozilla/dom/ShadowIncludingTreeIterator.h"
 #include "mozilla/dom/StyleSheetList.h"
 #include "mozilla/dom/SVGUseElement.h"
 #include "mozilla/net/CookieSettings.h"
 #include "nsGenericHTMLElement.h"
 #include "mozilla/dom/CDATASection.h"
 #include "mozilla/dom/ProcessingInstruction.h"
@@ -129,7 +128,6 @@
 #include "nsIDOMWindow.h"
 #include "nsPIDOMWindow.h"
 #include "nsFocusManager.h"
 #include "nsICookiePermission.h"
 #include "nsICookieService.h"
 #include "nsBidiUtils.h"
@@ -2561,18 +2559,6 @@ nsresult Document::StartDocumentLoad(const char* aCommand, nsIChannel* aChannel,
    aChannel->Cancel(NS_ERROR_CSP_FRAME_ANCESTOR_VIOLATION);
  }
  // Let's take the CookieSettings from the loadInfo or from the parent
  // document.
  if (loadInfo) {
    rv = loadInfo->GetCookieSettings(getter_AddRefs(mCookieSettings));
    NS_ENSURE_SUCCESS(rv, rv);
  } else {
    nsCOMPtr<Document> parentDocument = GetParentDocument();
    if (parentDocument) {
      mCookieSettings = parentDocument->CookieSettings();
    }
  }
  return NS_OK;
 }
@@ -11805,7 +11791,7 @@ DocumentAutoplayPolicy Document::AutoplayPolicy() const {
 }
 void Document::MaybeAllowStorageForOpenerAfterUserInteraction() {
-  if (mCookieSettings->GetCookieBehavior() !=
+  if (StaticPrefs::network_cookie_cookieBehavior() !=
      nsICookieService::BEHAVIOR_REJECT_TRACKER) {
    return;
  }
@@ -12321,8 +12307,8 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
  }
  // Only enforce third-party checks when there is a reason to enforce them.
-  if (mCookieSettings->GetCookieBehavior() !=
+  if (StaticPrefs::network_cookie_cookieBehavior() !=
-      nsICookieService::BEHAVIOR_REJECT_TRACKER) {
+      nsICookieService::BEHAVIOR_ACCEPT) {
    // Step 3. If the document's frame is the main frame, resolve.
    if (IsTopLevelContentDocument()) {
      promise->MaybeResolveWithUndefined();
@@ -12374,7 +12360,7 @@ already_AddRefed<mozilla::dom::Promise> Document::RequestStorageAccess(
    return promise.forget();
  }
-  if (mCookieSettings->GetCookieBehavior() ==
+  if (StaticPrefs::network_cookie_cookieBehavior() ==
          nsICookieService::BEHAVIOR_REJECT_TRACKER &&
      inner) {
    // Only do something special for third-party tracking content.
@@ -12632,15 +12618,5 @@ void Document::RecomputeLanguageFromCharset() {
  mLanguageFromCharset = language.forget();
 }
 nsICookieSettings* Document::CookieSettings() {
  // If we are here, this is probably a javascript: URL document. In any case,
  // we must have a nsCookieSettings. Let's create it.
  if (!mCookieSettings) {
    mCookieSettings = net::CookieSettings::Create();
  }
  return mCookieSettings;
 }
 }  // namespace dom
 }  // namespace mozilla
--- a/dom/base/Document.h
+++ b/dom/base/Document.h
@@ -12,8 +12,7 @@
 #include "nsCOMArray.h"         // for member
 #include "nsCompatibility.h"    // for member
 #include "nsCOMPtr.h"           // for member
-#include "nsICookieSettings.h"
+#include "nsGkAtoms.h"          // for static class members
 #include "nsGkAtoms.h"  // for static class members
 #include "nsIApplicationCache.h"
 #include "nsIApplicationCacheContainer.h"
 #include "nsIContentViewer.h"
@@ -1489,9 +1488,6 @@ class Document : public nsINode,
  // flag.
  bool StorageAccessSandboxed() const;
  // Returns the cookie settings for this and sub contexts.
  nsICookieSettings* CookieSettings();
  // Increments the document generation.
  inline void Changed() { ++mGeneration; }
@@ -4694,8 +4690,6 @@ class Document : public nsINode,
  bool mPendingInitialTranslation;
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  // Document generation. Gets incremented everytime it changes.
  int32_t mGeneration;
--- a/dom/base/EventSource.cpp
+++ b/dom/base/EventSource.cpp
@@ -82,8 +82,7 @@ class EventSourceImpl final : public nsIObserver,
  NS_DECL_NSIEVENTTARGET_FULL
  NS_DECL_NSITHREADRETARGETABLESTREAMLISTENER
-  EventSourceImpl(EventSource* aEventSource,
+  explicit EventSourceImpl(EventSource* aEventSource);
                  nsICookieSettings* aCookieSettings);
  enum { CONNECTING = 0U, OPEN = 1U, CLOSED = 2U };
@@ -292,8 +291,6 @@ class EventSourceImpl final : public nsIObserver,
  uint64_t mInnerWindowID;
 private:
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  // Pointer to the target thread for checking whether we are
  // on the target thread. This is intentionally a non-owning
  // pointer in order not to affect the thread destruction
@@ -319,8 +316,7 @@ NS_IMPL_ISUPPORTS(EventSourceImpl, nsIObserver, nsIStreamListener,
                  nsIInterfaceRequestor, nsISupportsWeakReference,
                  nsIEventTarget, nsIThreadRetargetableStreamListener)
-EventSourceImpl::EventSourceImpl(EventSource* aEventSource,
+EventSourceImpl::EventSourceImpl(EventSource* aEventSource)
                                 nsICookieSettings* aCookieSettings)
    : mEventSource(aEventSource),
      mReconnectionTime(0),
      mStatus(PARSE_STATE_OFF),
@@ -332,7 +328,6 @@ EventSourceImpl::EventSourceImpl(EventSource* aEventSource,
      mScriptLine(0),
      mScriptColumn(0),
      mInnerWindowID(0),
      mCookieSettings(aCookieSettings),
      mTargetThread(NS_GetCurrentThread()) {
  MOZ_ASSERT(mEventSource);
  if (!mIsMainThread) {
@@ -976,8 +971,6 @@ nsresult EventSourceImpl::InitChannelAndRequestEventSource() {
  nsCOMPtr<nsIChannel> channel;
  // If we have the document, use it
  if (doc) {
    MOZ_ASSERT(mCookieSettings == doc->CookieSettings());
    nsCOMPtr<nsILoadGroup> loadGroup = doc->GetDocumentLoadGroup();
    rv = NS_NewChannel(getter_AddRefs(channel), mSrc, doc, securityFlags,
                       nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE,
@@ -989,7 +982,6 @@ nsresult EventSourceImpl::InitChannelAndRequestEventSource() {
    // otherwise use the principal
    rv = NS_NewChannel(getter_AddRefs(channel), mSrc, mPrincipal, securityFlags,
                       nsIContentPolicy::TYPE_INTERNAL_EVENTSOURCE,
                       mCookieSettings,
                       nullptr,     // aPerformanceStorage
                       nullptr,     // loadGroup
                       nullptr,     // aCallbacks
@@ -1785,14 +1777,12 @@ EventSourceImpl::CheckListenerChain() {
 ////////////////////////////////////////////////////////////////////////////////
 EventSource::EventSource(nsPIDOMWindowInner* aOwnerWindow,
                         nsICookieSettings* aCookieSettings,
                         bool aWithCredentials)
    : DOMEventTargetHelper(aOwnerWindow),
      mWithCredentials(aWithCredentials),
      mIsMainThread(true),
      mKeepingAlive(false) {
-  MOZ_ASSERT(aCookieSettings);
+  mImpl = new EventSourceImpl(this);
  mImpl = new EventSourceImpl(this, aCookieSettings);
 }
 EventSource::~EventSource() {}
@@ -1816,24 +1806,8 @@ already_AddRefed<EventSource> EventSource::Constructor(
  MOZ_ASSERT(!NS_IsMainThread() || ownerWindow);
-  nsCOMPtr<nsICookieSettings> cookieSettings;
+  RefPtr<EventSource> eventSource =
-  if (ownerWindow) {
+      new EventSource(ownerWindow, aEventSourceInitDict.mWithCredentials);
    Document* doc = ownerWindow->GetExtantDoc();
    if (NS_WARN_IF(!doc)) {
      aRv.Throw(NS_ERROR_FAILURE);
      return nullptr;
    }
    cookieSettings = doc->CookieSettings();
  } else {
    // Worker side.
    WorkerPrivate* workerPrivate = GetCurrentThreadWorkerPrivate();
    MOZ_ASSERT(workerPrivate);
    cookieSettings = workerPrivate->CookieSettings();
  }
  RefPtr<EventSource> eventSource = new EventSource(
      ownerWindow, cookieSettings, aEventSourceInitDict.mWithCredentials);
  RefPtr<EventSourceImpl> eventSourceImp = eventSource->mImpl;
  if (NS_IsMainThread()) {
--- a/dom/base/EventSource.h
+++ b/dom/base/EventSource.h
@@ -25,7 +25,6 @@
 #include "nsDeque.h"
 class nsPIDOMWindowInner;
 class nsICookieSettings;
 namespace mozilla {
@@ -81,8 +80,7 @@ class EventSource final : public DOMEventTargetHelper {
  void Close();
 private:
-  EventSource(nsPIDOMWindowInner* aOwnerWindow,
+  EventSource(nsPIDOMWindowInner* aOwnerWindow, bool aWithCredentials);
              nsICookieSettings* aCookieSettings, bool aWithCredentials);
  virtual ~EventSource();
  // prevent bad usage
  EventSource(const EventSource& x) = delete;
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -8226,30 +8226,31 @@ nsContentUtils::StorageAccess nsContentUtils::StorageAllowedForServiceWorker(
 }
 // static, private
-void nsContentUtils::GetCookieLifetimePolicyFromCookieSettings(
+void nsContentUtils::GetCookieLifetimePolicyForPrincipal(
-    nsICookieSettings* aCookieSettings, nsIPrincipal* aPrincipal,
+    nsIPrincipal* aPrincipal, uint32_t* aLifetimePolicy) {
    uint32_t* aLifetimePolicy) {
  *aLifetimePolicy = sCookiesLifetimePolicy;
-  if (aCookieSettings) {
+  // Any permissions set for the given principal will override our default
-    uint32_t cookiePermission = 0;
+  // settings from preferences.
-    nsresult rv =
+  nsCOMPtr<nsIPermissionManager> permissionManager =
-        aCookieSettings->CookiePermission(aPrincipal, &cookiePermission);
+      services::GetPermissionManager();
-    if (NS_WARN_IF(NS_FAILED(rv))) {
+  if (!permissionManager) {
-      return;
+    return;
-    }
+  }
-    switch (cookiePermission) {
+  uint32_t perm;
-      case nsICookiePermission::ACCESS_ALLOW:
+  permissionManager->TestPermissionFromPrincipal(
-        *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+      aPrincipal, NS_LITERAL_CSTRING("cookie"), &perm);
-        break;
+  switch (perm) {
-      case nsICookiePermission::ACCESS_DENY:
+    case nsICookiePermission::ACCESS_ALLOW:
-        *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
+      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-        break;
+      break;
-      case nsICookiePermission::ACCESS_SESSION:
+    case nsICookiePermission::ACCESS_DENY:
-        *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
+      *aLifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
-        break;
+      break;
-    }
+    case nsICookiePermission::ACCESS_SESSION:
      *aLifetimePolicy = nsICookieService::ACCEPT_SESSION;
      break;
  }
 }
@@ -8420,7 +8421,6 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
  aRejectedReason = 0;
  StorageAccess access = StorageAccess::eAllow;
  nsCOMPtr<nsICookieSettings> cookieSettings;
  // We don't allow storage on the null principal, in general. Even if the
  // calling context is chrome.
@@ -8439,15 +8439,6 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
    if (IsInPrivateBrowsing(document)) {
      access = StorageAccess::ePrivateBrowsing;
    }
    if (document) {
      cookieSettings = document->CookieSettings();
    }
  }
  if (aChannel) {
    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
    loadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
  }
  uint32_t lifetimePolicy;
@@ -8459,8 +8450,7 @@ nsContentUtils::StorageAccess nsContentUtils::InternalStorageAllowedCheck(
  if (policy) {
    lifetimePolicy = nsICookieService::ACCEPT_NORMALLY;
  } else {
-    GetCookieLifetimePolicyFromCookieSettings(cookieSettings, aPrincipal,
+    GetCookieLifetimePolicyForPrincipal(aPrincipal, &lifetimePolicy);
                                              &lifetimePolicy);
  }
  // Check if we should only allow storage for the session, and record that fact
--- a/dom/base/nsContentUtils.h
+++ b/dom/base/nsContentUtils.h
@@ -3383,14 +3383,13 @@ class nsContentUtils {
      CallOnRemoteChildFunction aCallback, void* aArg);
  /**
-   * Gets the cookie lifetime policy for a given cookieSettings and a given
+   * Gets the current cookie lifetime policy for a given principal by checking
-   * principal by checking the permission value.
+   * with preferences and the permission manager.
   *
   * Used in the implementation of InternalStorageAllowedCheck.
   */
-  static void GetCookieLifetimePolicyFromCookieSettings(
+  static void GetCookieLifetimePolicyForPrincipal(nsIPrincipal* aPrincipal,
-      nsICookieSettings* aCookieSettings, nsIPrincipal* aPrincipal,
+                                                  uint32_t* aLifetimePolicy);
      uint32_t* aLifetimePolicy);
  /*
   * Checks if storage for a given principal is permitted by the user's
--- a/dom/base/nsGlobalWindowInner.cpp
+++ b/dom/base/nsGlobalWindowInner.cpp
@@ -4265,48 +4265,6 @@ Storage* nsGlobalWindowInner::GetSessionStorage(ErrorResult& aError) {
      return nullptr;
    }
    uint32_t rejectedReason = 0;
    nsContentUtils::StorageAccess access =
        nsContentUtils::StorageAllowedForWindow(this, &rejectedReason);
    // SessionStorage is an ephemeral per-tab per-origin storage that only lives
    // as long as the tab is open, although it may survive browser restarts
    // thanks to the session store. So we interpret storage access differently
    // than we would for persistent per-origin storage like LocalStorage and so
    // it may be okay to provide SessionStorage even when we receive a value of
    // eDeny.
    //
    // AntiTrackingCommon::IsFirstPartyStorageAccessGranted will return false
    // for 3 main reasons.
    //
    // 1. Cookies are entirely blocked due to a per-origin permission
    // (nsICookiePermission::ACCESS_DENY for the top-level principal or this
    // window's principal) or the very broad BEHAVIOR_REJECT. This will return
    // eDeny with a reason of STATE_COOKIES_BLOCKED_BY_PERMISSION or
    // STATE_COOKIES_BLOCKED_ALL.
    //
    // 2. Third-party cookies are limited via BEHAVIOR_REJECT_FOREIGN and
    // BEHAVIOR_LIMIT_FOREIGN and this is a third-party window. This will return
    // eDeny with a reason of STATE_COOKIES_BLOCKED_FOREIGN.
    //
    // 3. Tracking protection (BEHAVIOR_REJECT_TRACKER) is in effect and
    // IsThirdPartyTrackingResourceWindow() returned true and there wasn't a
    // permission that allows it. This will return ePartitionedOrDeny with a
    // reason of STATE_COOKIES_BLOCKED_TRACKER.
    //
    // In the 1st case, the user has explicitly indicated that they don't want
    // to allow any storage to the origin or all origins and so we throw an
    // error and deny access to SessionStorage. In the 2nd case, a legacy
    // decision reasoned that there's no harm in providing SessionStorage
    // because the information is not durable and cannot escape the current tab.
    // The rationale is similar for the 3rd case.
    if (access == nsContentUtils::StorageAccess::eDeny &&
        rejectedReason !=
            nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN) {
      aError.Throw(NS_ERROR_DOM_SECURITY_ERR);
      return nullptr;
    }
    nsresult rv;
    nsCOMPtr<nsIDOMStorageManager> storageManager =
--- a/dom/base/nsGlobalWindowOuter.cpp
+++ b/dom/base/nsGlobalWindowOuter.cpp
@@ -1258,6 +1258,10 @@ nsGlobalWindowOuter::~nsGlobalWindowOuter() {
  if (obs) {
    obs->RemoveObserver(this, PERM_CHANGE_NOTIFICATION);
  }
  nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
  if (prefBranch) {
    prefBranch->RemoveObserver("network.cookie.cookieBehavior", this);
  }
  nsLayoutStatics::Release();
 }
@@ -2287,18 +2291,20 @@ nsresult nsGlobalWindowOuter::SetNewDocument(Document* aDocument,
  mHasStorageAccess = false;
  nsIURI* uri = aDocument->GetDocumentURI();
-  if (newInnerWindow &&
+  if (newInnerWindow) {
-      aDocument->CookieSettings()->GetCookieBehavior() ==
+    if (StaticPrefs::network_cookie_cookieBehavior() ==
-          nsICookieService::BEHAVIOR_REJECT_TRACKER &&
+            nsICookieService::BEHAVIOR_REJECT_TRACKER &&
-      nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
+        nsContentUtils::IsThirdPartyWindowOrChannel(newInnerWindow, nullptr,
-                                                  uri) &&
+                                                    uri) &&
-      nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
+        nsContentUtils::IsTrackingResourceWindow(newInnerWindow)) {
-    // Grant storage access by default if the first-party storage access
+      // Grant storage access by default if the first-party storage access
-    // permission has been granted already.
+      // permission has been granted already.
-    // Don't notify in this case, since we would be notifying the user
+      // Don't notify in this case, since we would be notifying the user
-    // needlessly.
+      // needlessly.
-    mHasStorageAccess = AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
+      mHasStorageAccess =
-        newInnerWindow, uri, nullptr);
+          AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
              newInnerWindow, uri, nullptr);
    }
  }
  return NS_OK;
@@ -6938,6 +6944,11 @@ NS_IMETHODIMP
 nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
                             const char16_t* aData) {
  if (!nsCRT::strcmp(aTopic, PERM_CHANGE_NOTIFICATION)) {
    if (!nsCRT::strcmp(aData, u"cleared") && !aSupports) {
      // All permissions have been cleared.
      mHasStorageAccess = false;
      return NS_OK;
    }
    nsCOMPtr<nsIPermission> permission = do_QueryInterface(aSupports);
    if (!permission) {
      return NS_OK;
@@ -6969,6 +6980,10 @@ nsGlobalWindowOuter::Observe(nsISupports* aSupports, const char* aTopic,
        return NS_OK;
      }
    }
  } else if (!nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID)) {
    // Reset the storage access permission when our cookie policy changes.
    mHasStorageAccess = false;
    return NS_OK;
  }
  return NS_OK;
 }
@@ -7766,6 +7781,10 @@ already_AddRefed<nsGlobalWindowOuter> nsGlobalWindowOuter::Create(
          obs->AddObserver(window, PERM_CHANGE_NOTIFICATION, true);
        }));
  }
  nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
  if (prefBranch) {
    prefBranch->AddObserver("network.cookie.cookieBehavior", window, true);
  }
  return window.forget();
 }
--- a/dom/base/nsSyncLoadService.cpp
+++ b/dom/base/nsSyncLoadService.cpp
@@ -279,14 +279,13 @@ nsSyncLoader::GetInterface(const nsIID &aIID, void **aResult) {
 nsresult nsSyncLoadService::LoadDocument(
    nsIURI *aURI, nsContentPolicyType aContentPolicyType,
    nsIPrincipal *aLoaderPrincipal, nsSecurityFlags aSecurityFlags,
-    nsILoadGroup *aLoadGroup, nsICookieSettings *aCookieSettings,
+    nsILoadGroup *aLoadGroup, bool aForceToXML, ReferrerPolicy aReferrerPolicy,
-    bool aForceToXML, ReferrerPolicy aReferrerPolicy, Document **aResult) {
+    Document **aResult) {
  nsCOMPtr<nsIChannel> channel;
-  nsresult rv =
+  nsresult rv = NS_NewChannel(getter_AddRefs(channel), aURI, aLoaderPrincipal,
-      NS_NewChannel(getter_AddRefs(channel), aURI, aLoaderPrincipal,
+                              aSecurityFlags, aContentPolicyType,
-                    aSecurityFlags, aContentPolicyType, aCookieSettings,
+                              nullptr,  // PerformanceStorage
-                    nullptr,  // PerformanceStorage
+                              aLoadGroup);
                    aLoadGroup);
  NS_ENSURE_SUCCESS(rv, rv);
  if (!aForceToXML) {
--- a/dom/base/nsSyncLoadService.h
+++ b/dom/base/nsSyncLoadService.h
@@ -15,7 +15,6 @@
 #include "nscore.h"
 #include "mozilla/net/ReferrerPolicy.h"
 class nsICookieSettings;
 class nsIInputStream;
 class nsILoadGroup;
 class nsIStreamListener;
@@ -45,12 +44,13 @@ class nsSyncLoadService {
   * @param referrerPolicy Referrer policy.
   * @param aResult [out] The document loaded from the URI.
   */
-  static nsresult LoadDocument(
+  static nsresult LoadDocument(nsIURI* aURI,
-      nsIURI* aURI, nsContentPolicyType aContentPolicyType,
+                               nsContentPolicyType aContentPolicyType,
-      nsIPrincipal* aLoaderPrincipal, nsSecurityFlags aSecurityFlags,
+                               nsIPrincipal* aLoaderPrincipal,
-      nsILoadGroup* aLoadGroup, nsICookieSettings* aCookieSettings,
+                               nsSecurityFlags aSecurityFlags,
-      bool aForceToXML, mozilla::net::ReferrerPolicy aReferrerPolicy,
+                               nsILoadGroup* aLoadGroup, bool aForceToXML,
-      mozilla::dom::Document** aResult);
+                               mozilla::net::ReferrerPolicy aReferrerPolicy,
                               mozilla::dom::Document** aResult);
  /**
   * Read input stream aIn in chunks and deliver synchronously to aListener.
--- a/dom/broadcastchannel/BroadcastChannel.cpp
+++ b/dom/broadcastchannel/BroadcastChannel.cpp
@@ -67,13 +67,15 @@ nsIPrincipal* GetPrincipalFromThreadSafeWorkerRef(
 class InitializeRunnable final : public WorkerMainThreadRunnable {
 public:
  InitializeRunnable(ThreadSafeWorkerRef* aWorkerRef, nsACString& aOrigin,
-                     PrincipalInfo& aPrincipalInfo, ErrorResult& aRv)
+                     PrincipalInfo& aPrincipalInfo, bool* aThirdPartyWindow,
                     ErrorResult& aRv)
      : WorkerMainThreadRunnable(
            aWorkerRef->Private(),
            NS_LITERAL_CSTRING("BroadcastChannel :: Initialize")),
        mWorkerRef(aWorkerRef),
        mOrigin(aOrigin),
        mPrincipalInfo(aPrincipalInfo),
        mThirdPartyWindow(aThirdPartyWindow),
        mRv(aRv) {
    MOZ_ASSERT(mWorkerRef);
  }
@@ -109,6 +111,9 @@ class InitializeRunnable final : public WorkerMainThreadRunnable {
      return true;
    }
    *mThirdPartyWindow =
        nsContentUtils::IsThirdPartyWindowOrChannel(window, nullptr, nullptr);
    return true;
  }
@@ -116,6 +121,7 @@ class InitializeRunnable final : public WorkerMainThreadRunnable {
  RefPtr<ThreadSafeWorkerRef> mWorkerRef;
  nsACString& mOrigin;
  PrincipalInfo& mPrincipalInfo;
  bool* mThirdPartyWindow;
  ErrorResult& mRv;
 };
@@ -242,14 +248,6 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
      return nullptr;
    }
    // We want to allow opaque origins.
    if (!principal->GetIsNullPrincipal() &&
        nsContentUtils::StorageAllowedForWindow(window) <=
            nsContentUtils::StorageAccess::eDeny) {
      aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
      return nullptr;
    }
    aRv = principal->GetOrigin(origin);
    if (NS_WARN_IF(aRv.Failed())) {
      return nullptr;
@@ -259,6 +257,13 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
    if (NS_WARN_IF(aRv.Failed())) {
      return nullptr;
    }
    if (nsContentUtils::IsThirdPartyWindowOrChannel(window, nullptr, nullptr) &&
        nsContentUtils::StorageAllowedForWindow(window) !=
            nsContentUtils::StorageAccess::eAllow) {
      aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
      return nullptr;
    }
  } else {
    JSContext* cx = aGlobal.Context();
@@ -276,15 +281,16 @@ already_AddRefed<BroadcastChannel> BroadcastChannel::Constructor(
    RefPtr<ThreadSafeWorkerRef> tsr = new ThreadSafeWorkerRef(workerRef);
-    RefPtr<InitializeRunnable> runnable =
+    bool thirdPartyWindow = false;
-        new InitializeRunnable(tsr, origin, principalInfo, aRv);
+
    RefPtr<InitializeRunnable> runnable = new InitializeRunnable(
        tsr, origin, principalInfo, &thirdPartyWindow, aRv);
    runnable->Dispatch(Canceling, aRv);
    if (aRv.Failed()) {
      return nullptr;
    }
-    if (principalInfo.type() != PrincipalInfo::TNullPrincipalInfo &&
+    if (thirdPartyWindow && !workerPrivate->IsStorageAllowed()) {
        !workerPrivate->IsStorageAllowed()) {
      aRv.Throw(NS_ERROR_DOM_SECURITY_ERR);
      return nullptr;
    }
--- a/dom/fetch/Fetch.cpp
+++ b/dom/fetch/Fetch.cpp
@@ -38,7 +38,6 @@
 #include "mozilla/dom/Response.h"
 #include "mozilla/dom/ScriptSettings.h"
 #include "mozilla/dom/URLSearchParams.h"
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/Telemetry.h"
 #include "BodyExtractor.h"
@@ -390,7 +389,6 @@ class MainThreadFetchRunnable : public Runnable {
      // so pass false as the last argument to FetchDriver().
      fetch = new FetchDriver(mRequest, principal, loadGroup,
                              workerPrivate->MainThreadEventTarget(),
                              workerPrivate->CookieSettings(),
                              workerPrivate->GetPerformanceStorage(), false);
      nsAutoCString spec;
      if (proxy->GetWorkerPrivate()->GetBaseURI()) {
@@ -464,7 +462,6 @@ already_AddRefed<Promise> FetchRequest(nsIGlobalObject* aGlobal,
    nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(aGlobal);
    nsCOMPtr<Document> doc;
    nsCOMPtr<nsILoadGroup> loadGroup;
    nsCOMPtr<nsICookieSettings> cookieSettings;
    nsIPrincipal* principal;
    bool isTrackingFetch = false;
    if (window) {
@@ -475,7 +472,6 @@ already_AddRefed<Promise> FetchRequest(nsIGlobalObject* aGlobal,
      }
      principal = doc->NodePrincipal();
      loadGroup = doc->GetDocumentLoadGroup();
      cookieSettings = doc->CookieSettings();
      nsAutoCString fileNameString;
      if (nsJSUtils::GetCallingLocation(cx, fileNameString)) {
@@ -492,8 +488,6 @@ already_AddRefed<Promise> FetchRequest(nsIGlobalObject* aGlobal,
        aRv.Throw(rv);
        return nullptr;
      }
      cookieSettings = mozilla::net::CookieSettings::Create();
    }
    Telemetry::Accumulate(Telemetry::FETCH_IS_MAINTHREAD, 1);
@@ -502,7 +496,7 @@ already_AddRefed<Promise> FetchRequest(nsIGlobalObject* aGlobal,
        p, observer, signalImpl, request->MozErrors());
    RefPtr<FetchDriver> fetch = new FetchDriver(
        r, principal, loadGroup, aGlobal->EventTargetFor(TaskCategory::Other),
-        cookieSettings, nullptr,  // PerformanceStorage
+        nullptr,  // PerformanceStorage
        isTrackingFetch);
    fetch->SetDocument(doc);
    resolver->SetLoadGroup(loadGroup);
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@@ -323,14 +323,12 @@ NS_IMPL_ISUPPORTS(FetchDriver, nsIStreamListener, nsIChannelEventSink,
 FetchDriver::FetchDriver(InternalRequest* aRequest, nsIPrincipal* aPrincipal,
                         nsILoadGroup* aLoadGroup,
                         nsIEventTarget* aMainThreadEventTarget,
                         nsICookieSettings* aCookieSettings,
                         PerformanceStorage* aPerformanceStorage,
                         bool aIsTrackingFetch)
    : mPrincipal(aPrincipal),
      mLoadGroup(aLoadGroup),
      mRequest(aRequest),
      mMainThreadEventTarget(aMainThreadEventTarget),
      mCookieSettings(aCookieSettings),
      mPerformanceStorage(aPerformanceStorage),
      mNeedToObserveOnDataAvailable(false),
      mIsTrackingFetch(aIsTrackingFetch),
@@ -511,24 +509,22 @@ nsresult FetchDriver::HttpFetch(
      nsIRequest::LOAD_BACKGROUND | bypassFlag | nsIChannel::LOAD_CLASSIFY_URI;
  if (mDocument) {
    MOZ_ASSERT(mDocument->NodePrincipal() == mPrincipal);
    MOZ_ASSERT(mDocument->CookieSettings() == mCookieSettings);
    rv = NS_NewChannel(getter_AddRefs(chan), uri, mDocument, secFlags,
                       mRequest->ContentPolicyType(),
                       nullptr,             /* aPerformanceStorage */
                       mLoadGroup, nullptr, /* aCallbacks */
                       loadFlags, ios);
  } else if (mClientInfo.isSome()) {
    rv = NS_NewChannel(getter_AddRefs(chan), uri, mPrincipal, mClientInfo.ref(),
                       mController, secFlags, mRequest->ContentPolicyType(),
                       mCookieSettings, mPerformanceStorage, mLoadGroup,
                       nullptr, /* aCallbacks */
                       loadFlags, ios);
  } else {
    rv =
-        NS_NewChannel(getter_AddRefs(chan), uri, mPrincipal, secFlags,
+        NS_NewChannel(getter_AddRefs(chan), uri, mPrincipal, mClientInfo.ref(),
-                      mRequest->ContentPolicyType(), mCookieSettings,
+                      mController, secFlags, mRequest->ContentPolicyType(),
                      mPerformanceStorage, mLoadGroup, nullptr, /* aCallbacks */
                      loadFlags, ios);
  } else {
    rv = NS_NewChannel(getter_AddRefs(chan), uri, mPrincipal, secFlags,
                       mRequest->ContentPolicyType(), mPerformanceStorage,
                       mLoadGroup, nullptr, /* aCallbacks */
                       loadFlags, ios);
  }
  NS_ENSURE_SUCCESS(rv, rv);
--- a/dom/fetch/FetchDriver.h
+++ b/dom/fetch/FetchDriver.h
@@ -21,7 +21,6 @@
 #include "mozilla/net/ReferrerPolicy.h"
 class nsIConsoleReportCollector;
 class nsICookieSettings;
 class nsICSPEventListener;
 class nsIEventTarget;
 class nsIOutputStream;
@@ -102,7 +101,6 @@ class FetchDriver final : public nsIStreamListener,
  FetchDriver(InternalRequest* aRequest, nsIPrincipal* aPrincipal,
              nsILoadGroup* aLoadGroup, nsIEventTarget* aMainThreadEventTarget,
              nsICookieSettings* aCookieSettings,
              PerformanceStorage* aPerformanceStorage, bool aIsTrackingFetch);
  nsresult Fetch(AbortSignalImpl* aSignalImpl, FetchDriverObserver* aObserver);
@@ -138,8 +136,6 @@ class FetchDriver final : public nsIStreamListener,
  nsAutoPtr<SRICheckDataVerifier> mSRIDataVerifier;
  nsCOMPtr<nsIEventTarget> mMainThreadEventTarget;
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  // This is set only when Fetch is used in workers.
  RefPtr<PerformanceStorage> mPerformanceStorage;
--- a/dom/indexedDB/test/mochitest.ini
+++ b/dom/indexedDB/test/mochitest.ini
@@ -16,6 +16,8 @@ support-files =
  file.js
  helpers.js
  leaving_page_iframe.html
  third_party_iframe1.html
  third_party_iframe2.html
  unit/test_abort_deleted_index.js
  unit/test_abort_deleted_objectStore.js
  unit/test_add_put.js
@@ -254,10 +256,6 @@ scheme=https
 [test_table_locks.html]
 [test_table_rollback.html]
 [test_third_party.html]
 support-files =
  third_party_window.html
  third_party_iframe1.html
  third_party_iframe2.html
 skip-if = (os == 'android' && debug) # Bug 1311590
 [test_traffic_jam.html]
 [test_transaction_abort.html]
--- a/dom/indexedDB/test/test_third_party.html
+++ b/dom/indexedDB/test/test_third_party.html
@@ -46,25 +46,29 @@
                                       "third_party_iframe2.html");
    let testIndex = 0;
-    let openedWindow;
+    let testRunning = false;
-    // Cookie preference changes are only applied to top-level tabs/windows
+    function iframeLoaded() {
-    // when they are loaded. We need a window-proxy to continue the test.
+      let message = { source: "parent", href: iframe2URL };
-    function openWindow() {
+      let iframe = document.getElementById("iframe1");
      iframe.contentWindow.postMessage(message.toSource(), "*");
    }
    function setiframe() {
      let iframe = document.getElementById("iframe1");
      if (!testRunning) {
        testRunning = true;
        iframe.addEventListener("load", iframeLoaded);
      }
      SpecialPowers.pushPrefEnv({
        "set": [
          ["network.cookie.cookieBehavior", testData[testIndex].cookieBehavior],
        ],
      }, () => {
-        openedWindow = window.open("third_party_window.html");
+        iframe.src = testData[testIndex].host + iframe1Path;
        openedWindow.onload = _ => {
          openedWindow.postMessage({
            source: "parent",
            href: iframe2URL,
            iframeUrl: testData[testIndex].host + iframe1Path,
          }, "*");
        };
      });
      // SpecialPowers.setIntPref("network.cookie.cookieBehavior", testData[testIndex].cookieBehavior);
    }
    function messageListener(event) {
@@ -74,11 +78,9 @@
      is(message.source, "iframe", "Good source");
      is(message.result, testData[testIndex].expectedResult, "Good result");
      openedWindow.close();
      if (testIndex < testData.length - 1) {
        testIndex++;
-        openWindow();
+        setiframe();
        return;
      }
@@ -91,13 +93,14 @@
      SpecialPowers.addPermission("indexedDB", true, document);
      window.addEventListener("message", messageListener);
-      openWindow();
+      setiframe();
    }
  </script>
 </head>
 <body onload="runTest();">
  <iframe id="iframe1"></iframe>
 </body>
 </html>
--- a/dom/indexedDB/test/third_party_window.html
+++ b/dom/indexedDB/test/third_party_window.html
@@ -1,33 +0,0 @@
 <!--
  Any copyright is dedicated to the Public Domain.
  http://creativecommons.org/publicdomain/zero/1.0/
 -->
 <html>
 <head>
  <title>Indexed Database Test</title>
  <script type="text/javascript">
    let init = false;
    onmessage = evt => {
      if (!init) {
        init = true;
        let iframe = document.getElementById("iframe1");
        iframe.src = evt.data.iframeUrl;
        iframe.addEventListener("load", e => {
          iframe.contentWindow.postMessage(evt.data.toSource(), "*");
        });
        return;
      }
      opener.postMessage(evt.data, "*");
    };
  </script>
 </head>
 <body>
  <iframe id="iframe1"></iframe>
 </body>
 </html>
--- a/dom/security/nsCSPContext.cpp
+++ b/dom/security/nsCSPContext.cpp
@@ -1016,7 +1016,6 @@ nsresult nsCSPContext::SendReports(
                         mLoadingPrincipal,
                         nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                         nsIContentPolicy::TYPE_CSP_REPORT,
                         nullptr,  // nsICookieSettings
                         nullptr,  // PerformanceStorage
                         nullptr,  // aLoadGroup
                         nullptr,  // aCallbacks
--- a/dom/serviceworkers/ServiceWorkerPrivate.cpp
+++ b/dom/serviceworkers/ServiceWorkerPrivate.cpp
@@ -40,7 +40,6 @@
 #include "mozilla/dom/WorkerRunnable.h"
 #include "mozilla/dom/WorkerScope.h"
 #include "mozilla/dom/ipc/StructuredCloneData.h"
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/NeckoChannelParams.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozilla/Unused.h"
@@ -1728,10 +1727,6 @@ nsresult ServiceWorkerPrivate::SpawnWorkerIfNeeded(WakeUpReason aWhy,
      nsContentUtils::StorageAllowedForServiceWorker(info.mPrincipal);
  info.mStorageAllowed =
      access > nsContentUtils::StorageAccess::ePrivateBrowsing;
  info.mCookieSettings = mozilla::net::CookieSettings::Create();
  MOZ_ASSERT(info.mCookieSettings);
  info.mOriginAttributes = mInfo->GetOriginAttributes();
  // Verify that we don't have any CSP on pristine principal.
--- a/dom/serviceworkers/ServiceWorkerScriptCache.cpp
+++ b/dom/serviceworkers/ServiceWorkerScriptCache.cpp
@@ -16,7 +16,6 @@
 #include "mozilla/dom/WorkerCommon.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/net/CookieSettings.h"
 #include "nsICacheInfoChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsIStreamLoader.h"
@@ -658,17 +657,12 @@ nsresult CompareNetwork::Initialize(nsIPrincipal* aPrincipal,
      mIsMainScript ? nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER
                    : nsIContentPolicy::TYPE_INTERNAL_WORKER_IMPORT_SCRIPTS;
  // Create a new cookieSettings.
  nsCOMPtr<nsICookieSettings> cookieSettings =
      mozilla::net::CookieSettings::Create();
  // Note that because there is no "serviceworker" RequestContext type, we can
  // use the TYPE_INTERNAL_SCRIPT content policy types when loading a service
  // worker.
  rv = NS_NewChannel(getter_AddRefs(mChannel), uri, aPrincipal, secFlags,
-                     contentPolicyType, cookieSettings,
+                     contentPolicyType, nullptr, /* aPerformanceStorage */
-                     nullptr /* aPerformanceStorage */, loadGroup,
+                     loadGroup, nullptr /* aCallbacks */, mLoadFlags);
                     nullptr /* aCallbacks */, mLoadFlags);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return rv;
  }
--- a/dom/serviceworkers/test/mochitest.ini
+++ b/dom/serviceworkers/test/mochitest.ini
@@ -308,8 +308,6 @@ skip-if = serviceworker_e10s
 [test_skip_waiting.html]
 [test_strict_mode_warning.html]
 [test_third_party_iframes.html]
 support-files =
  window_party_iframes.html
 [test_unregister.html]
 [test_unresolved_fetch_interception.html]
 skip-if = verify || serviceworker_e10s
--- a/dom/serviceworkers/test/test_third_party_iframes.html
+++ b/dom/serviceworkers/test/test_third_party_iframes.html
@@ -11,6 +11,11 @@
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <p id="display"></p>
 <div id="content" style="display: none">
 <iframe></iframe>
 </div>
 <pre id="test"></pre>
 <script class="testbody" type="text/javascript">
 SimpleTest.waitForExplicitFinish();
@@ -34,7 +39,6 @@ function next() {
 onload = next;
 let iframe;
 let proxyWindow;
 let basePath = "/tests/dom/serviceworkers/test/thirdparty/";
 let origin = window.location.protocol + "//" + window.location.host;
 let thirdPartyOrigin = "https://example.com";
@@ -58,26 +62,22 @@ function loadThirdPartyIframe() {
 }
 function runTest(aExpectedResponses) {
-  // Let's use a proxy window to have the new cookie policy applied.
+  iframe = document.querySelector("iframe");
-  proxyWindow = window.open("window_party_iframes.html");
+  iframe.src = thirdPartyOrigin + basePath + "register.html";
-  proxyWindow.onload = _ => {
+  let responsesIndex = 0;
-    iframe = proxyWindow.document.querySelector("iframe");
+  window.onmessage = function(e) {
-    iframe.src = thirdPartyOrigin + basePath + "register.html";
+    let status = e.data.status;
-    let responsesIndex = 0;
+    let expected = aExpectedResponses[responsesIndex];
-    window.onmessage = function(e) {
+    if (status == expected.status) {
-      let status = e.data.status;
+      ok(true, "Received expected " + expected.status);
-      let expected = aExpectedResponses[responsesIndex];
+      if (expected.next) {
-      if (status == expected.status) {
+        expected.next();
        ok(true, "Received expected " + expected.status);
        if (expected.next) {
          expected.next();
        }
      } else {
        ok(false, "Expected " + expected.status + " got " + status);
      }
-      responsesIndex++;
+    } else {
-    };
+      ok(false, "Expected " + expected.status + " got " + status);
-  }
+    }
    responsesIndex++;
  };
 }
 // Verify that we can register and intercept a 3rd party iframe with
@@ -113,7 +113,6 @@ function testShouldIntercept(behavior, lifetime, done) {
      status: "unregistrationdone",
      next: function() {
        window.onmessage = null;
        proxyWindow.close();
        ok(true, "Test finished successfully");
        done();
      }
@@ -145,7 +144,6 @@ function testShouldNotRegister(behavior, lifetime, done) {
      status: "worker-networkresponse",
      next: function() {
        window.onmessage = null;
        proxyWindow.close();
        ok(true, "Test finished successfully");
        done();
      }
@@ -166,17 +164,12 @@ function testShouldNotIntercept(behavior, lifetime, done) {
    }, {
      status: "registrationdone",
      next: function() {
        iframe.addEventListener("load", testIframeLoaded);
        SpecialPowers.pushPrefEnv({"set": [
            ["network.cookie.cookieBehavior", behavior],
            ["network.cookie.lifetimePolicy", lifetime],
          ]}, function() {
-            proxyWindow.close();
+            iframe.src = origin + basePath + "iframe1.html";
            proxyWindow = window.open("window_party_iframes.html");
            proxyWindow.onload = _ => {
              iframe = proxyWindow.document.querySelector("iframe");
              iframe.addEventListener("load", testIframeLoaded);
              iframe.src = origin + basePath + "iframe1.html";
            }
          });
      }
    }, {
@@ -200,13 +193,7 @@ function testShouldNotIntercept(behavior, lifetime, done) {
            ["network.cookie.cookieBehavior", BEHAVIOR_ACCEPT],
            ["network.cookie.lifetimePolicy", LIFETIME_EXPIRE],
          ]}, function() {
-            proxyWindow.close();
+            iframe.src = thirdPartyOrigin + basePath + "unregister.html";
            proxyWindow = window.open("window_party_iframes.html");
            proxyWindow.onload = _ => {
              iframe = proxyWindow.document.querySelector("iframe");
              iframe.addEventListener("load", testIframeLoaded);
              iframe.src = thirdPartyOrigin + basePath + "unregister.html";
            }
          });
      }
    }, {
@@ -215,7 +202,6 @@ function testShouldNotIntercept(behavior, lifetime, done) {
      status: "unregistrationdone",
      next: function() {
        window.onmessage = null;
        proxyWindow.close();
        ok(true, "Test finished successfully");
        done();
      }
--- a/dom/serviceworkers/test/window_party_iframes.html
+++ b/dom/serviceworkers/test/window_party_iframes.html
@@ -1,18 +0,0 @@
 <!--
  Any copyright is dedicated to the Public Domain.
  http://creativecommons.org/publicdomain/zero/1.0/
 -->
 <!DOCTYPE HTML>
 <html>
 <head>
  <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
 </head>
 <body>
 <iframe></iframe>
 <script>
 window.onmessage = e => {
  opener.postMessage(e.data, "*");
 }
 </script>
 </body>
 </html>
--- a/dom/storage/LocalStorageCache.cpp
+++ b/dom/storage/LocalStorageCache.cpp
@@ -77,6 +77,7 @@ LocalStorageCache::LocalStorageCache(const nsACString* aOriginNoSuffix)
      mLoadResult(NS_OK),
      mInitialized(false),
      mPersistent(false),
      mSessionOnlyDataSetActive(false),
      mPreloadTelemetryRecorded(false) {
  MOZ_COUNT_CTOR(LocalStorageCache);
 }
@@ -182,7 +183,29 @@ const nsCString LocalStorageCache::Origin() const {
 LocalStorageCache::Data& LocalStorageCache::DataSet(
    const LocalStorage* aStorage) {
-  return mData[GetDataSetIndex(aStorage)];
+  uint32_t index = GetDataSetIndex(aStorage);
  if (index == kSessionSet && !mSessionOnlyDataSetActive) {
    // Session only data set is demanded but not filled with
    // current data set, copy to session only set now.
    WaitForPreload(Telemetry::LOCALDOMSTORAGE_SESSIONONLY_PRELOAD_BLOCKING_MS);
    Data& defaultSet = mData[kDefaultSet];
    Data& sessionSet = mData[kSessionSet];
    for (auto iter = defaultSet.mKeys.Iter(); !iter.Done(); iter.Next()) {
      sessionSet.mKeys.Put(iter.Key(), iter.UserData());
    }
    mSessionOnlyDataSetActive = true;
    // This updates sessionSet.mOriginQuotaUsage and also updates global usage
    // for all session only data
    ProcessUsageDelta(kSessionSet, defaultSet.mOriginQuotaUsage);
  }
  return mData[index];
 }
 bool LocalStorageCache::ProcessUsageDelta(const LocalStorage* aStorage,
@@ -518,6 +541,7 @@ void LocalStorageCache::UnloadItems(uint32_t aUnloadFlags) {
  if (aUnloadFlags & kUnloadSession) {
    mData[kSessionSet].mKeys.Clear();
    ProcessUsageDelta(kSessionSet, -mData[kSessionSet].mOriginQuotaUsage);
    mSessionOnlyDataSetActive = false;
  }
 #ifdef DOM_STORAGE_TESTS
--- a/dom/storage/LocalStorageCache.h
+++ b/dom/storage/LocalStorageCache.h
@@ -267,6 +267,12 @@ class LocalStorageCache : public LocalStorageCacheBridge {
  // default data set.)
  bool mPersistent : 1;
  // - False when the session-only data set was never used.
  // - True after access to session-only data has been made for the first time.
  // We also fill session-only data set with the default one at that moment.
  // Drops back to false when session-only data are cleared from chrome.
  bool mSessionOnlyDataSetActive : 1;
  // Whether we have already captured state of the cache preload on our first
  // access.
  bool mPreloadTelemetryRecorded : 1;
--- a/dom/storage/SessionStorage.cpp
+++ b/dom/storage/SessionStorage.cpp
@@ -164,5 +164,11 @@ bool SessionStorage::IsForkOf(const Storage* aOther) const {
  return mCache == static_cast<const SessionStorage*>(aOther)->mCache;
 }
 bool SessionStorage::ShouldThrowWhenStorageAccessDenied(
    uint32_t aRejectedReason) {
  return aRejectedReason !=
         nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN;
 }
 }  // namespace dom
 }  // namespace mozilla
--- a/dom/storage/SessionStorage.h
+++ b/dom/storage/SessionStorage.h
@@ -65,6 +65,8 @@ class SessionStorage final : public Storage {
                                   const nsAString& aOldValue,
                                   const nsAString& aNewValue);
  bool ShouldThrowWhenStorageAccessDenied(uint32_t aRejectedReason) override;
  RefPtr<SessionStorageCache> mCache;
  RefPtr<SessionStorageManager> mManager;
--- a/dom/storage/SessionStorageCache.cpp
+++ b/dom/storage/SessionStorageCache.cpp
@@ -9,7 +9,7 @@
 namespace mozilla {
 namespace dom {
-SessionStorageCache::SessionStorageCache() = default;
+SessionStorageCache::SessionStorageCache() : mSessionDataSetActive(false) {}
 SessionStorageCache::DataSet* SessionStorageCache::Set(
    DataSetType aDataSetType) {
@@ -19,6 +19,16 @@ SessionStorageCache::DataSet* SessionStorageCache::Set(
  MOZ_ASSERT(aDataSetType == eSessionSetType);
  if (!mSessionDataSetActive) {
    mSessionSet.mOriginQuotaUsage = mDefaultSet.mOriginQuotaUsage;
    for (auto iter = mDefaultSet.mKeys.ConstIter(); !iter.Done(); iter.Next()) {
      mSessionSet.mKeys.Put(iter.Key(), iter.Data());
    }
    mSessionDataSetActive = true;
  }
  return &mSessionSet;
 }
@@ -111,11 +121,17 @@ void SessionStorageCache::Clear(DataSetType aDataSetType,
  DataSet* dataSet = Set(aDataSetType);
  dataSet->ProcessUsageDelta(-dataSet->mOriginQuotaUsage);
  dataSet->mKeys.Clear();
  if (!aByUserInteraction && aDataSetType == eSessionSetType) {
    mSessionDataSetActive = false;
  }
 }
 already_AddRefed<SessionStorageCache> SessionStorageCache::Clone() const {
  RefPtr<SessionStorageCache> cache = new SessionStorageCache();
  cache->mSessionDataSetActive = mSessionDataSetActive;
  cache->mDefaultSet.mOriginQuotaUsage = mDefaultSet.mOriginQuotaUsage;
  for (auto iter = mDefaultSet.mKeys.ConstIter(); !iter.Done(); iter.Next()) {
    cache->mDefaultSet.mKeys.Put(iter.Key(), iter.Data());
--- a/dom/storage/SessionStorageCache.h
+++ b/dom/storage/SessionStorageCache.h
@@ -60,6 +60,7 @@ class SessionStorageCache final {
  DataSet mDefaultSet;
  DataSet mSessionSet;
  bool mSessionDataSetActive;
 };
 }  // namespace dom
--- a/dom/storage/Storage.cpp
+++ b/dom/storage/Storage.cpp
@@ -29,20 +29,6 @@ NS_INTERFACE_MAP_END
 Storage::Storage(nsPIDOMWindowInner* aWindow, nsIPrincipal* aPrincipal)
    : mWindow(aWindow), mPrincipal(aPrincipal), mIsSessionOnly(false) {
  MOZ_ASSERT(aPrincipal);
  if (nsContentUtils::IsSystemPrincipal(mPrincipal)) {
    mIsSessionOnly = false;
  } else if (mWindow) {
    uint32_t rejectedReason = 0;
    nsContentUtils::StorageAccess access =
        nsContentUtils::StorageAllowedForWindow(mWindow, &rejectedReason);
    MOZ_ASSERT(access != nsContentUtils::StorageAccess::eDeny ||
               rejectedReason ==
                   nsIWebProgressListener::STATE_COOKIES_BLOCKED_FOREIGN);
    mIsSessionOnly = access <= nsContentUtils::StorageAccess::eSessionScoped;
  }
 }
 Storage::~Storage() {}
@@ -53,10 +39,28 @@ bool Storage::StoragePrefIsEnabled() {
 }
 bool Storage::CanUseStorage(nsIPrincipal& aSubjectPrincipal) {
  // This method is responsible for correct setting of mIsSessionOnly.
  if (!StoragePrefIsEnabled()) {
    return false;
  }
  if (nsContentUtils::IsSystemPrincipal(mPrincipal)) {
    mIsSessionOnly = false;
  } else if (mWindow) {
    uint32_t rejectedReason = 0;
    nsContentUtils::StorageAccess access =
        nsContentUtils::StorageAllowedForWindow(mWindow, &rejectedReason);
    // Note that we allow StorageAccess::ePartitionedOrDeny because we want
    // tracker to have access to their sessionStorage.
    if (access == nsContentUtils::StorageAccess::eDeny &&
        ShouldThrowWhenStorageAccessDenied(rejectedReason)) {
      return false;
    }
    mIsSessionOnly = access <= nsContentUtils::StorageAccess::eSessionScoped;
  }
  return aSubjectPrincipal.Subsumes(mPrincipal);
 }
--- a/dom/storage/Storage.h
+++ b/dom/storage/Storage.h
@@ -134,10 +134,23 @@ class Storage : public nsISupports, public nsWrapperCache {
  virtual ~Storage();
  // The method checks whether the caller can use a storage.
  // CanUseStorage is called before any DOM initiated operation
  // on a storage is about to happen and ensures that the storage's
  // session-only flag is properly set according the current settings.
  // It is an optimization since the privileges check and session only
  // state determination are complex and share the code (comes hand in
  // hand together).
  bool CanUseStorage(nsIPrincipal& aSubjectPrincipal);
  virtual void LastRelease() {}
  // This method is called when StorageAccess is not granted for the owning
  // window. aRejectedReason is one of the possible blocking states from
  // nsIWebProgressListener.
  virtual bool ShouldThrowWhenStorageAccessDenied(uint32_t aRejectedReason) {
    return true;
  }
 private:
  nsCOMPtr<nsPIDOMWindowInner> mWindow;
  nsCOMPtr<nsIPrincipal> mPrincipal;
--- a/dom/tests/mochitest/bugs/mochitest.ini
+++ b/dom/tests/mochitest/bugs/mochitest.ini
@@ -149,7 +149,6 @@ skip-if = toolkit == 'android'
 [test_bug1112040.html]
 [test_bug1160342_marquee.html]
 [test_bug1171215.html]
 support-files = window_bug1171215.html
 [test_bug1530292.html]
 [test_no_find_showDialog.html]
 skip-if = toolkit == 'android' # Bug 1358633 - window.find doesn't work for Android
--- a/dom/tests/mochitest/bugs/test_bug1171215.html
+++ b/dom/tests/mochitest/bugs/test_bug1171215.html
@@ -9,8 +9,11 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
  <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
  <script type="application/javascript" src="/tests/SimpleTest/AddTask.js"></script>
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
  <iframe src="about:blank"></iframe>
  <script type="text/javascript">
  var f = document.getElementsByTagName("iframe")[0];
  SimpleTest.waitForExplicitFinish();
  /** Test for Bug 1022869 **/
@@ -18,32 +21,69 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
    // Initialize our cookie.
    document.cookie = "a=b";
-    SpecialPowers.pushPrefEnv({ set: [["network.cookie.cookieBehavior", 1]] }).then(_ => {
+    // Set a cookie in example.org so we can test that we can't read it in
-      let w = window.open("window_bug1171215.html");
+    // third-party cases.
-      onmessage = e => {
+    f.contentWindow.location =
-        if (e.data.type == "finish") {
+        "http://example.org/tests/dom/tests/mochitest/bugs/file_prime_cookie.html";
-          w.close();
+    waitForLoad().then(function() {
-          SimpleTest.finish();
+        // Cookies are set up, disallow third-party cookies and start the test.
-          return;
+        SpecialPowers.pushPrefEnv({ set: [
-        }
+            ["network.cookie.cookieBehavior", 1],
          ]}, () => { continueTest(); });
    }).catch((e) => { ok(false, `Got exception: ${e}`) });
  }
-        if (e.data.type == "info") {
+  function waitForLoad() {
-          info(e.data.msg);
+    return new Promise((resolve) => {
-          return;
+      window.addEventListener("message", function(msg) {
-        }
+        info(`got message ${msg.data}`);
-
+        resolve(msg.data);
-        if (e.data.type == "test") {
+      }, {once: true});
          ok(e.data.test, e.data.msg);
          return;
        }
        ok(false, "Unknown message");
      };
    });
  }
  async function continueTest() {
    var sameOrigin = "http://mochi.test:8888";
    var thirdParty = "http://example.org";
    var page = "tests/dom/tests/mochitest/bugs/file_cookieOutputter.html"
    var redirect = "tests/dom/tests/mochitest/bugs/file_redirector.sjs";
    function createRedirect(firstOrigin, secondOrigin) {
      return `${firstOrigin}/${redirect}?${secondOrigin}/${page}`;
    }
    info("starting test");
    // Same origin to same origin.
    f.contentWindow.location = createRedirect(sameOrigin, sameOrigin);
    let cookie = await waitForLoad();
    is(cookie, "a=b", "got the cookie");
    // Cross origin to cross origin.
    f.contentWindow.location = createRedirect(thirdParty, thirdParty);
    cookie = await waitForLoad();
    is(cookie, "", "no third-party cookies");
    // Same origin to cross origin.
    f.contentWindow.location = createRedirect(sameOrigin, thirdParty);
    cookie = await waitForLoad();
    is(cookie, "", "no third-party cookies");
    // Cross origin to same origin
    f.contentWindow.location = createRedirect(thirdParty, sameOrigin);
    cookie = await waitForLoad();
    is(cookie, "a=b", "got the cookie");
    SimpleTest.finish();
  }
  </script>
 </head>
 <body onload="startTest()">
 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1022869">Mozilla Bug 1022869</a>
 <p id="display"></p>
 <div id="content" style="display: none">
 </div>
 <pre id="test">
 </pre>
 </body>
 </html>
--- a/dom/tests/mochitest/bugs/window_bug1171215.html
+++ b/dom/tests/mochitest/bugs/window_bug1171215.html
@@ -1,86 +0,0 @@
 <!DOCTYPE html>
 <html>
 <!--
 https://bugzilla.mozilla.org/show_bug.cgi?id=1022869
 -->
 <head>
  <meta charset="utf-8">
  <title>Test for Bug 1022869</title>
  <iframe src="about:blank"></iframe>
  <script type="text/javascript">
  function finish() {
    opener.postMessage({type: "finish" });
  }
  function info(msg) {
    opener.postMessage({type: "info", msg });
  }
  function ok(a, msg) {
    opener.postMessage({type: "test", test: !!a, msg });
  }
  function is(a, b, msg) {
    ok(a === b, msg);
  }
  var f = document.getElementsByTagName("iframe")[0];
  /** Test for Bug 1022869 **/
  function startTest() {
    // Set a cookie in example.org so we can test that we can't read it in
    // third-party cases.
    f.contentWindow.location =
        "http://example.org/tests/dom/tests/mochitest/bugs/file_prime_cookie.html";
    waitForLoad().then(continueTest).catch((e) => { ok(false, `Got exception: ${e}`) });
  }
  function waitForLoad() {
    return new Promise((resolve) => {
      window.addEventListener("message", function(msg) {
        info(`got message ${msg.data}`);
        resolve(msg.data);
      }, {once: true});
    });
  }
  async function continueTest() {
    var sameOrigin = "http://mochi.test:8888";
    var thirdParty = "http://example.org";
    var page = "tests/dom/tests/mochitest/bugs/file_cookieOutputter.html"
    var redirect = "tests/dom/tests/mochitest/bugs/file_redirector.sjs";
    function createRedirect(firstOrigin, secondOrigin) {
      return `${firstOrigin}/${redirect}?${secondOrigin}/${page}`;
    }
    info("starting test");
    // Same origin to same origin.
    f.contentWindow.location = createRedirect(sameOrigin, sameOrigin);
    let cookie = await waitForLoad();
    is(cookie, "a=b", "got the cookie");
    // Cross origin to cross origin.
    f.contentWindow.location = createRedirect(thirdParty, thirdParty);
    cookie = await waitForLoad();
    is(cookie, "", "no third-party cookies");
    // Same origin to cross origin.
    f.contentWindow.location = createRedirect(sameOrigin, thirdParty);
    cookie = await waitForLoad();
    is(cookie, "", "no third-party cookies");
    // Cross origin to same origin
    f.contentWindow.location = createRedirect(thirdParty, sameOrigin);
    cookie = await waitForLoad();
    is(cookie, "a=b", "got the cookie");
    finish();
  }
  </script>
 </head>
 <body onload="startTest()">
 </body>
 </html>
--- a/dom/tests/mochitest/general/mochitest.ini
+++ b/dom/tests/mochitest/general/mochitest.ini
@@ -50,7 +50,6 @@ support-files =
  workerStorageAllowed.js
  workerStoragePrevented.js
  storagePermissionsUtils.js
  window_storagePermissions.html
  frameSelectEvents.html
  !/image/test/mochitest/big.png
  !/image/test/mochitest/blue.png
--- a/dom/tests/mochitest/general/storagePermissionsUtils.js
+++ b/dom/tests/mochitest/general/storagePermissionsUtils.js
@@ -242,33 +242,4 @@ function task(fn) {
  }
 }
 // The test will run on a separate window in order to apply the new cookie settings.
 async function runTestInWindow(test) {
  let w = window.open("window_storagePermissions.html");
  await new Promise(resolve => {
    w.onload = e => {
     resolve();
    }
  });
  await new Promise(resolve => {
    onmessage = e => {
      if (e.data.type == "finish") {
        w.close();
        resolve();
        return;
      }
      if (e.data.type == "check") {
        ok(e.data.test, e.data.msg);
        return;
      }
      ok(false, "Unknown message");
    };
    w.postMessage(test.toString(), "*");
  });
 }
 var thirdparty = "https://example.com/tests/dom/tests/mochitest/general/";
--- a/dom/tests/mochitest/general/test_storagePermissionsAccept.html
+++ b/dom/tests/mochitest/general/test_storagePermissionsAccept.html
@@ -14,29 +14,27 @@
 task(async function() {
  await setCookieBehavior(BEHAVIOR_ACCEPT);
-  await runTestInWindow(async function() {
+  // We should be able to access storage
-    // We should be able to access storage
+  await storageAllowed();
    await storageAllowed();
-    // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
+  // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
-    await runIFrame("frameStorageAllowed.html");
+  await runIFrame("frameStorageAllowed.html");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    await runIFrame("frameStorageChrome.html?allowed=yes");
+  await runIFrame("frameStorageChrome.html?allowed=yes");
-    // Sandboxed iframes should have the null principal, and thus can't access storage
+  // Sandboxed iframes should have the null principal, and thus can't access storage
-    document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
+  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-    await runIFrame("frameStoragePrevented.html#nullprincipal");
+  await runIFrame("frameStoragePrevented.html#nullprincipal");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    document.querySelector('iframe').removeAttribute('sandbox');
+  document.querySelector('iframe').removeAttribute('sandbox');
-    // Thirdparty iframes should be allowed, unless they redirect to a URI with the null principal
+  // Thirdparty iframes should be allowed, unless they redirect to a URI with the null principal
-    await runIFrame(thirdparty + "frameStorageAllowed.html");
+  await runIFrame(thirdparty + "frameStorageAllowed.html");
-    await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
+  await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-    await runIFrame(thirdparty + "frameStorageChrome.html?allowed=yes");
+  await runIFrame(thirdparty + "frameStorageChrome.html?allowed=yes");
-    // Workers should be able to access storage
+  // Workers should be able to access storage
-    await runWorker("workerStorageAllowed.js");
+  await runWorker("workerStorageAllowed.js");
  });
 });
    </script>
--- a/dom/tests/mochitest/general/test_storagePermissionsLimitForeign.html
+++ b/dom/tests/mochitest/general/test_storagePermissionsLimitForeign.html
@@ -14,31 +14,29 @@
 task(async function() {
  await setCookieBehavior(BEHAVIOR_LIMIT_FOREIGN);
-  await runTestInWindow(async function() {
+  // We should be able to access storage
-    // We should be able to access storage
+  await storageAllowed();
    await storageAllowed();
-    // Same origin iframes should be allowed.
+  // Same origin iframes should be allowed.
-    await runIFrame("frameStorageAllowed.html");
+  await runIFrame("frameStorageAllowed.html");
-    await runIFrame("frameStorageChrome.html?allowed=yes");
+  await runIFrame("frameStorageChrome.html?allowed=yes");
-    // Null principal iframes should not.
+  // Null principal iframes should not.
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    // Sandboxed iframes should have the null principal, and thus can't access storage
+  // Sandboxed iframes should have the null principal, and thus can't access storage
-    document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
+  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-    await runIFrame("frameStoragePrevented.html#nullprincipal");
+  await runIFrame("frameStoragePrevented.html#nullprincipal");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    document.querySelector('iframe').removeAttribute('sandbox');
+  document.querySelector('iframe').removeAttribute('sandbox');
-    // Thirdparty iframes should be blocked, even when accessed from chrome over Xrays.
+  // Thirdparty iframes should be blocked, even when accessed from chrome over Xrays.
-    await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
+  await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
-    await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
+  await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-    await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
+  await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
-    // Workers should be unable to access storage
+  // Workers should be unable to access storage
-    await runWorker("workerStorageAllowed.js");
+  await runWorker("workerStorageAllowed.js");
  });
 });
    </script>
--- a/dom/tests/mochitest/general/test_storagePermissionsReject.html
+++ b/dom/tests/mochitest/general/test_storagePermissionsReject.html
@@ -14,29 +14,27 @@
 task(async function() {
  await setCookieBehavior(BEHAVIOR_REJECT);
-  await runTestInWindow(async function() {
+  // We should be unable to access storage
-    // We should be unable to access storage
+  await storagePrevented();
    await storagePrevented();
-    // Same origin iframes should be blocked.
+  // Same origin iframes should be blocked.
-    await runIFrame("frameStoragePrevented.html");
+  await runIFrame("frameStoragePrevented.html");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    await runIFrame("frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
+  await runIFrame("frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
-    // Sandboxed iframes should have the null principal, and thus can't access storage
+  // Sandboxed iframes should have the null principal, and thus can't access storage
-    document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
+  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-    await runIFrame("frameStoragePrevented.html#nullprincipal");
+  await runIFrame("frameStoragePrevented.html#nullprincipal");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    document.querySelector('iframe').removeAttribute('sandbox');
+  document.querySelector('iframe').removeAttribute('sandbox');
-    // thirdparty iframes should be blocked.
+  // thirdparty iframes should be blocked.
-    await runIFrame(thirdparty + "frameStoragePrevented.html");
+  await runIFrame(thirdparty + "frameStoragePrevented.html");
-    await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
+  await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-    await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
+  await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no&blockSessionStorage=yes");
-    // Workers should be unable to access storage
+  // Workers should be unable to access storage
-    await runWorker("workerStoragePrevented.js");
+  await runWorker("workerStoragePrevented.js");
  });
 });
    </script>
--- a/dom/tests/mochitest/general/test_storagePermissionsRejectForeign.html
+++ b/dom/tests/mochitest/general/test_storagePermissionsRejectForeign.html
@@ -14,29 +14,27 @@
 task(async function() {
  await setCookieBehavior(BEHAVIOR_REJECT_FOREIGN);
-  await runTestInWindow(async function() {
+  // We should be able to access storage
-    // We should be able to access storage
+  await storageAllowed();
    await storageAllowed();
-    // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
+  // Same origin iframes should be allowed, unless they redirect to a URI with the null principal
-    await runIFrame("frameStorageAllowed.html");
+  await runIFrame("frameStorageAllowed.html");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    await runIFrame("frameStorageChrome.html?allowed=yes");
+  await runIFrame("frameStorageChrome.html?allowed=yes");
-    // Sandboxed iframes should have the null principal, and thus can't access storage
+  // Sandboxed iframes should have the null principal, and thus can't access storage
-    document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
+  document.querySelector('iframe').setAttribute('sandbox', 'allow-scripts');
-    await runIFrame("frameStoragePrevented.html#nullprincipal");
+  await runIFrame("frameStoragePrevented.html#nullprincipal");
-    await runIFrame("frameStorageNullprincipal.sjs");
+  await runIFrame("frameStorageNullprincipal.sjs");
-    document.querySelector('iframe').removeAttribute('sandbox');
+  document.querySelector('iframe').removeAttribute('sandbox');
-    // thirdparty iframes should be blocked.
+  // thirdparty iframes should be blocked.
-    await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
+  await runIFrame(thirdparty + "frameStoragePrevented.html#thirdparty");
-    await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
+  await runIFrame(thirdparty + "frameStorageNullprincipal.sjs");
-    await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
+  await runIFrame(thirdparty + "frameStorageChrome.html?allowed=no");
-    // Workers should be able to access storage
+  // Workers should be able to access storage
-    await runWorker("workerStorageAllowed.js");
+  await runWorker("workerStorageAllowed.js");
  });
 });
    </script>
--- a/dom/tests/mochitest/general/window_storagePermissions.html
+++ b/dom/tests/mochitest/general/window_storagePermissions.html
@@ -1,38 +0,0 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Storage Permission Restrictions</title>
    <script type="text/javascript" src="storagePermissionsUtils.js"></script>
  </head>
  <body>
    <iframe></iframe>
    <script type="text/javascript">
 function ok(a, msg) {
  opener.postMessage({type: "check", test: !!a, msg }, "*");
 }
 function is(a, b, msg) {
  ok(a === b , msg);
 }
 let init = false;
 onmessage = e => {
  if (!init) {
    init = true;
    let runnableStr = `(() => {return (${e.data});})();`;
    let runnable = eval(runnableStr); // eslint-disable-line no-eval
    runnable.call(this).then(_ => {
      opener.postMessage({ type: "finish" }, "*");
    });
    return;
  }
  parent.postMessage(e.data, "*");
 }
    </script>
  </body>
 </html>
--- a/dom/tests/mochitest/localstorage/frameLocalStorageCookieSettings.html
+++ b/dom/tests/mochitest/localstorage/frameLocalStorageCookieSettings.html
@@ -2,6 +2,8 @@
 <head>
 <title>localStorage cookies settings test</title>
 <script type="text/javascript" src="interOriginFrame.js"></script>
 </head>
 <body>
 <script type="text/javascript">
@@ -11,6 +13,8 @@
  } catch(ex) {
    is(ex.name, "TypeError");
  }
  finishTest();
 </script>
 </body>
 </html>
--- a/dom/tests/mochitest/localstorage/mochitest.ini
+++ b/dom/tests/mochitest/localstorage/mochitest.ini
@@ -17,7 +17,6 @@ support-files =
  localStorageCommon.js
  frameLocalStorageSessionOnly.html
  file_tryAccessSessionStorage.html
  windowProxy.html
 [test_brokenUTF-16.html]
 [test_bug600307-DBOps.html]
@@ -25,6 +24,7 @@ support-files =
 [test_bug746272-2.html]
 skip-if = os == "android" || verify # bug 962029
 [test_cookieBlock.html]
 [test_cookieSession.html]
 [test_embededNulls.html]
 [test_keySync.html]
 [test_localStorageBase.html]
@@ -49,3 +49,4 @@ skip-if = true # bug 1347690
 [test_localStorageReplace.html]
 skip-if = toolkit == 'android'
 [test_storageConstructor.html]
 [test_localStorageSessionPrefOverride.html]
--- a/dom/tests/mochitest/localstorage/test_cookieBlock.html
+++ b/dom/tests/mochitest/localstorage/test_cookieBlock.html
@@ -9,28 +9,23 @@
 function startTest()
 {
-  // Let's use a new window to have the cookie permission applied.
+  try {
-  let w = window.open("windowProxy.html");
+    localStorage.setItem("blocked", "blockedvalue");
-  w.onload = _ => {
+    ok(false, "Exception for localStorage.setItem, ACCESS_DENY");
    try {
      w.localStorage.setItem("blocked", "blockedvalue");
      ok(false, "Exception for localStorage.setItem, ACCESS_DENY");
    }
    catch (ex) {
      ok(true, "Exception for localStorage.setItem, ACCESS_DENY");
    }
    try {
      w.localStorage.getItem("blocked");
      ok(false, "Exception for localStorage.getItem, ACCESS_DENY");
    }
    catch (ex) {
      ok(true, "Exception for localStorage.getItem, ACCESS_DENY");
    }
    w.close();
    SimpleTest.finish();
  }
  catch (ex) {
    ok(true, "Exception for localStorage.setItem, ACCESS_DENY");
  }
  try {
    localStorage.getItem("blocked");
    ok(false, "Exception for localStorage.getItem, ACCESS_DENY");
  }
  catch (ex) {
    ok(true, "Exception for localStorage.getItem, ACCESS_DENY");
  }
  SimpleTest.finish();
 }
 SimpleTest.waitForExplicitFinish();
--- a/dom/tests/mochitest/localstorage/test_cookieSession.html
+++ b/dom/tests/mochitest/localstorage/test_cookieSession.html
@@ -0,0 +1,139 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>cookie per-session only test</title>
 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 <script type="text/javascript">
 /*
  Set cookie access to be just per session and store to the localStorage.
  Content stored must prevail only for session of the browser, so it must
  be accessible in another window we try to access that key in the same
  storage.
 */
 function pushCookie(aPermission, aNext) {
  SpecialPowers.pushPermissions([{'type': 'cookie', 'allow': aPermission, 'context': document}], aNext);
 }
 function test1() {
  localStorage.setItem("persistent1", "persistent value 1");
  localStorage.setItem("persistent2", "persistent value 2");
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION, test1_b);
 }
 function test1_b() {
  localStorage.setItem("session only", "session value");
  parent.is(localStorage.getItem("session only"), "session value");
  parent.is(localStorage.getItem("persistent1"), "persistent value 1");
  parent.is(localStorage.getItem("persistent2"), "persistent value 2");
  window.location.search = '?2';
 }
 function test2()
 {
  parent.is(localStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
  parent.is(localStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
  parent.is(localStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
  localStorage.setItem("persistent1", "changed persistent value 1");
  localStorage.removeItem("persistent2");
  parent.is(localStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
  parent.is(localStorage.getItem("persistent1"), "changed persistent value 1", "Persistent value present");
  parent.is(localStorage.getItem("persistent2"), null, "Persistent value removed");
  // This clear has to delete only changes made in session only mode
  localStorage.clear();
  parent.is(localStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
  parent.is(localStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
  parent.is(localStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
  localStorage.setItem("session only 2", "must be deleted on drop of session-only cookies permissions");
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT, function() { window.location.search = '?3'; });
 }
 function test3() {
  parent.is(localStorage.getItem("session only"), null, "No value when cookies are in default mode");
  parent.is(localStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
  parent.is(localStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
  parent.is(localStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION, function() { window.location.search = '?4'; });
 }
 function test4() {
  parent.is(localStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
  parent.is(localStorage.getItem("session only 2"), null, "Value not present when cookies in session-only mode after delete");
  parent.is(localStorage.getItem("persistent1"), "persistent value 1", "Persistent value present again");
  parent.is(localStorage.getItem("persistent2"), "persistent value 2", "Persistent value present again");
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT, function() { window.location.search = '?5'; });
 }
 function test5() {
  localStorage.clear();
  parent.is(localStorage.getItem("session only"), null, "No value when cookies are in default mode");
  parent.is(localStorage.getItem("persistent1"), null, "Persistent value not present after delete");
  parent.is(localStorage.getItem("persistent2"), null, "Persistent value not present after delete");
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION, function() { window.location.search = '?6'; });
 }
 function test6() {
  parent.is(localStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
  parent.is(localStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
  parent.is(localStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
  parent.is(localStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
  parent.SimpleTest.finish();
 }
 function startTest() {
  switch (location.search) {
    case '?1':
      test1();
      break;
    case '?2':
      test2();
      break;
    case '?3':
      test3();
      break;
    case '?4':
      test4();
      break;
    case '?5':
      test5();
      break;
    case '?6':
      test6();
      break;
    default:
      SimpleTest.waitForExplicitFinish();
      if (SpecialPowers.Services.lsm.nextGenLocalStorageEnabled) {
        ok(true, "Test ignored when the next gen local storage is enabled.");
        SimpleTest.finish();
        return;
      }
      var iframe = document.createElement('iframe');
      iframe.src = 'test_cookieSession.html?1';
      document.body.appendChild(iframe);
  }
 }
 </script>
 </head>
 <body onload="startTest()">
 </body>
 </html>
--- a/dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
+++ b/dom/tests/mochitest/localstorage/test_localStorageCookieSettings.html
@@ -8,6 +8,7 @@
 </head>
 <body>
 <iframe></iframe>
 <script type="text/javascript">
@@ -19,47 +20,39 @@ SpecialPowers.pushPrefEnv({"set": [
 ]}, test1);
 function test1() {
-  let w = window.open("windowProxy.html");
+  try {
-  w.onload = _ => {
+    localStorage.setItem("contentkey", "test-value");
-    try {
+    ok(false, "Setting localStorageItem should throw a type error exception");
      w.localStorage.setItem("contentkey", "test-value");
      ok(false, "Setting localStorageItem should throw a security exception");
    }
    catch(ex) {
      is(ex.name, "TypeError");
    }
    w.close();
    // Set cookies behavior to "reject 3rd party"
    SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 1]],
                               "clear": [["network.cookie.lifetimePolicy"]]},
                              test2);
  }
  catch(ex) {
    is(ex.name, "TypeError");
  }
  // Set cookies behavior to "reject 3rd party"
  SpecialPowers.pushPrefEnv({"set": [["network.cookie.cookieBehavior", 1]],
                             "clear": [["network.cookie.lifetimePolicy"]]},
                            test3);
 }
-function test2() {
+function test3() {
-  let w = window.open("windowProxy.html");
+  try {
-  w.onload = _ => {
+    localStorage.setItem("contentkey", "test-value");
-    try {
+    ok(true, "Setting localStorageItem should not throw a type error exception");
      w.localStorage.setItem("contentkey", "test-value");
      ok(true, "Setting localStorageItem should not throw a security exception");
    }
    catch(ex) {
      ok(false, "Setting localStorageItem should not throw a security exception");
    }
    var fileTest = (location.protocol + "//example.com" + location.pathname)
                   .replace("test_l", "frameL");
    var myframe = w.document.createElement("iframe");
    w.document.body.appendChild(myframe);
    myframe.src = fileTest;
    myframe.onload = _ => {
      w.close();
      SimpleTest.finish();
    }
  }
  catch(ex) {
    ok(false, "Setting localStorageItem should not throw a type error exception");
  }
  var fileTest = (location.protocol + "//example.com" + location.pathname)
                 .replace("test_l", "frameL");
  var myframe = document.querySelector("iframe");
  myframe.src = fileTest;
 }
 // Called by interOriginTest.js
 function doNextTest() {
  SimpleTest.finish();
 }
 </script>
--- a/dom/tests/mochitest/localstorage/test_localStorageSessionPrefOverride.html
+++ b/dom/tests/mochitest/localstorage/test_localStorageSessionPrefOverride.html
@@ -0,0 +1,56 @@
 <html>
  <head>
    <title>Local Storage Session Pref Override</title>
    <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
    <script type="text/javascript" src="/tests/SimpleTest/AddTask.js"></script>
    <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
    <script>
      const ACCEPT_SESSION = 2;
      add_task(async function() {
        if (SpecialPowers.Services.lsm.nextGenLocalStorageEnabled) {
          ok(true, "Test ignored when the next gen local storage is enabled.");
          return;
        }
        await SpecialPowers.pushPrefEnv({"set": [["network.cookie.lifetimePolicy",
                                                  ACCEPT_SESSION]]});
        // Before setting permission
        await new Promise((resolve) => {
          var frame = document.createElement('iframe');
          frame.src = "frameLocalStorageSessionOnly.html";
          var listener = (e) => {
            is(e.data, true, "Before adding permission should be session only");
            window.removeEventListener('message', listener);
            resolve();
          };
          window.addEventListener('message', listener);
          document.body.appendChild(frame);
        });
        // After setting permission
        await new Promise((resolve) => {
          SpecialPowers.pushPermissions([{"type": "cookie", "allow": 1, "context": document}],
                                        resolve);
        });
        await new Promise((resolve) => {
          var frame = document.createElement('iframe');
          frame.src = "frameLocalStorageSessionOnly.html";
          var listener = (e) => {
            is(e.data, false, "After adding permission should not be session only");
            window.removeEventListener('message', listener);
            resolve();
          };
          window.addEventListener('message', listener);
          document.body.appendChild(frame);
        });
      });
    </script>
  </head>
  <body>
  </body>
 </html>
--- a/dom/tests/mochitest/localstorage/windowProxy.html
+++ b/dom/tests/mochitest/localstorage/windowProxy.html
@@ -1,3 +0,0 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <body></body>
 </html>
--- a/dom/tests/mochitest/sessionstorage/mochitest.ini
+++ b/dom/tests/mochitest/sessionstorage/mochitest.ini
@@ -8,6 +8,7 @@ support-files =
  interOriginSlave.js
  interOriginTest.js
 [test_cookieSession.html]
 [test_sessionStorageBase.html]
 [test_sessionStorageBaseSessionOnly.html]
 [test_sessionStorageClone.html]
--- a/dom/tests/mochitest/sessionstorage/test_cookieSession.html
+++ b/dom/tests/mochitest/sessionstorage/test_cookieSession.html
@@ -0,0 +1,124 @@
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>cookie per-session only test</title>
 <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 <script type="text/javascript">
 /*
  Set cookie access to be just per session and store to the sessionStorage.
  Content stored must prevail only for session of the browser, so it must
  be accessible in another window we try to access that key in the same
  storage.
 */
 function pushCookie(aValue, aNext) {
  SpecialPowers.pushPermissions([{'type': 'cookie', 'allow': aValue, 'context': document}], pushPermissionAndTest);
 }
 function pushPermissionAndTest() {
  var test = tests.shift();
  if (test) {
    document.getElementById('testframe').onload = test;
    /* After every permission change, an iframe has to be reloaded,
       otherwise this test causes failures in b2g (oop) mochitest, because
       the permission changes don't seem to be always picked up
       by the code that excercises it */
    document.getElementById('testframe').contentWindow.location.reload();
  } else {
    ok(false, 'should not be reached');
    SimpleTest.finish();
  }
 }
 function startTest() {
  pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
 }
 var tests = [
  function test1() {
    sessionStorage.setItem("persistent1", "persistent value 1");
    sessionStorage.setItem("persistent2", "persistent value 2");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
  },
  function test2() {
    sessionStorage.setItem("session only", "session value");
    is(sessionStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
    is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
    is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
    sessionStorage.setItem("persistent1", "changed persistent value 1");
    sessionStorage.removeItem("persistent2");
    is(sessionStorage.getItem("session only"), "session value", "Value present when cookies in session-only mode");
    is(sessionStorage.getItem("persistent1"), "changed persistent value 1", "Persistent value present");
    is(sessionStorage.getItem("persistent2"), null, "Persistent value removed");
    // This clear has to delete only changes made in session only mode
    sessionStorage.clear();
    is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
    is(sessionStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
    is(sessionStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
    sessionStorage.setItem("session only 2", "must be deleted on drop of session-only cookies permissions");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
  },
  function test3() {
    is(sessionStorage.getItem("session only"), null, "No value when cookies are in default mode");
    is(sessionStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
    is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present");
    is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
  },
  function test4() {
    is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
    is(sessionStorage.getItem("session only 2"), null, "Value not present when cookies in session-only mode after delete");
    is(sessionStorage.getItem("persistent1"), "persistent value 1", "Persistent value present again");
    is(sessionStorage.getItem("persistent2"), "persistent value 2", "Persistent value present again");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
  },
  function test5() {
    sessionStorage.clear();
    is(sessionStorage.getItem("session only"), null, "No value when cookies are in default mode");
    is(sessionStorage.getItem("persistent1"), null, "Persistent value not present after delete");
    is(sessionStorage.getItem("persistent2"), null, "Persistent value not present after delete");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_SESSION);
  },
  function test6() {
    is(sessionStorage.getItem("session only"), null, "Value not present when cookies in session-only mode after delete");
    is(sessionStorage.getItem("session only 2"), null, "No value when cookies are in default mode");
    is(sessionStorage.getItem("persistent1"), null, "Persistent value not present in session only after delete");
    is(sessionStorage.getItem("persistent2"), null, "Persistent value not present in session only after delete");
    pushCookie(SpecialPowers.Ci.nsICookiePermission.ACCESS_DEFAULT);
  },
  function test7() {
    SimpleTest.finish();
  }
 ];
 SimpleTest.waitForExplicitFinish();
 </script>
 </head>
 <body onload="startTest();">
 <iframe id="testframe" srcdoc="<meta charset=utf-8>"></iframe>
 </body>
 </html>
--- a/dom/webbrowserpersist/nsWebBrowserPersist.cpp
+++ b/dom/webbrowserpersist/nsWebBrowserPersist.cpp
@@ -62,7 +62,6 @@
 #include "nsIMIMEInfo.h"
 #include "mozilla/dom/HTMLInputElement.h"
 #include "mozilla/dom/HTMLSharedElement.h"
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/Printf.h"
 using namespace mozilla;
@@ -1235,16 +1234,11 @@ nsresult nsWebBrowserPersist::SaveURIInternal(
    loadFlags |= nsIRequest::LOAD_FROM_CACHE;
  }
  // Create a new cookieSettings for this download in order to send cookies
  // based on the current state of the prefs/permissions.
  nsCOMPtr<nsICookieSettings> cookieSettings =
      mozilla::net::CookieSettings::Create();
  // Open a channel to the URI
  nsCOMPtr<nsIChannel> inputChannel;
  rv = NS_NewChannel(getter_AddRefs(inputChannel), aURI, aTriggeringPrincipal,
                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
-                     nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD, cookieSettings,
+                     nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD,
                     nullptr,  // aPerformanceStorage
                     nullptr,  // aLoadGroup
                     static_cast<nsIInterfaceRequestor *>(this), loadFlags);
--- a/dom/workers/RuntimeService.cpp
+++ b/dom/workers/RuntimeService.cpp
@@ -2019,10 +2019,8 @@ void RuntimeService::PropagateFirstPartyStorageAccessGranted(
    nsPIDOMWindowInner* aWindow) {
  AssertIsOnMainThread();
  MOZ_ASSERT(aWindow);
-  MOZ_ASSERT_IF(
+  MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
-      aWindow->GetExtantDoc(),
+             nsICookieService::BEHAVIOR_REJECT_TRACKER);
      aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
          nsICookieService::BEHAVIOR_REJECT_TRACKER);
  nsTArray<WorkerPrivate*> workers;
  GetWorkersForWindow(aWindow, workers);
@@ -2403,10 +2401,8 @@ void ResumeWorkersForWindow(nsPIDOMWindowInner* aWindow) {
 void PropagateFirstPartyStorageAccessGrantedToWorkers(
    nsPIDOMWindowInner* aWindow) {
  AssertIsOnMainThread();
-  MOZ_ASSERT_IF(
+  MOZ_ASSERT(StaticPrefs::network_cookie_cookieBehavior() ==
-      aWindow->GetExtantDoc(),
+             nsICookieService::BEHAVIOR_REJECT_TRACKER);
      aWindow->GetExtantDoc()->CookieSettings()->GetCookieBehavior() ==
          nsICookieService::BEHAVIOR_REJECT_TRACKER);
  RuntimeService* runtime = RuntimeService::GetService();
  if (runtime) {
--- a/dom/workers/ScriptLoader.cpp
+++ b/dom/workers/ScriptLoader.cpp
@@ -125,15 +125,17 @@ nsresult ConstructURI(const nsAString& aScriptURL, nsIURI* baseURI,
  return NS_OK;
 }
-nsresult ChannelFromScriptURL(
+nsresult ChannelFromScriptURL(nsIPrincipal* principal, Document* parentDoc,
-    nsIPrincipal* principal, Document* parentDoc, WorkerPrivate* aWorkerPrivate,
+                              WorkerPrivate* aWorkerPrivate,
-    nsILoadGroup* loadGroup, nsIIOService* ios,
+                              nsILoadGroup* loadGroup, nsIIOService* ios,
-    nsIScriptSecurityManager* secMan, nsIURI* aScriptURL,
+                              nsIScriptSecurityManager* secMan,
-    const Maybe<ClientInfo>& aClientInfo,
+                              nsIURI* aScriptURL,
-    const Maybe<ServiceWorkerDescriptor>& aController, bool aIsMainScript,
+                              const Maybe<ClientInfo>& aClientInfo,
-    WorkerScriptType aWorkerScriptType,
+                              const Maybe<ServiceWorkerDescriptor>& aController,
-    nsContentPolicyType aMainScriptContentPolicyType, nsLoadFlags aLoadFlags,
+                              bool aIsMainScript,
-    nsICookieSettings* aCookieSettings, nsIChannel** aChannel) {
+                              WorkerScriptType aWorkerScriptType,
                              nsContentPolicyType aMainScriptContentPolicyType,
                              nsLoadFlags aLoadFlags, nsIChannel** aChannel) {
  AssertIsOnMainThread();
  nsresult rv;
@@ -204,7 +206,11 @@ nsresult ChannelFromScriptURL(
                        nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER);
  nsCOMPtr<nsIChannel> channel;
-  if (parentDoc) {
+  // If we have the document, use it. Unfortunately, for dedicated workers
  // 'parentDoc' ends up being the parent document, which is not the document
  // that we want to use. So make sure to avoid using 'parentDoc' in that
  // situation.
  if (parentDoc && parentDoc->NodePrincipal() == principal) {
    rv = NS_NewChannel(getter_AddRefs(channel), uri, parentDoc, secFlags,
                       contentPolicyType,
                       nullptr,  // aPerformanceStorage
@@ -228,13 +234,13 @@ nsresult ChannelFromScriptURL(
    if (aClientInfo.isSome()) {
      rv = NS_NewChannel(getter_AddRefs(channel), uri, principal,
                         aClientInfo.ref(), aController, secFlags,
-                         contentPolicyType, aCookieSettings, performanceStorage,
+                         contentPolicyType, performanceStorage, loadGroup,
-                         loadGroup, nullptr,  // aCallbacks
+                         nullptr,  // aCallbacks
                         aLoadFlags, ios);
    } else {
      rv = NS_NewChannel(getter_AddRefs(channel), uri, principal, secFlags,
-                         contentPolicyType, aCookieSettings, performanceStorage,
+                         contentPolicyType, performanceStorage, loadGroup,
-                         loadGroup, nullptr,  // aCallbacks
+                         nullptr,  // aCallbacks
                         aLoadFlags, ios);
    }
@@ -954,11 +960,11 @@ class ScriptLoaderRunnable final : public nsIRunnable, public nsINamed {
        return rv;
      }
-      rv = ChannelFromScriptURL(
+      rv = ChannelFromScriptURL(principal, parentDoc, mWorkerPrivate, loadGroup,
-          principal, parentDoc, mWorkerPrivate, loadGroup, ios, secMan, url,
+                                ios, secMan, url, mClientInfo, mController,
-          mClientInfo, mController, IsMainWorkerScript(), mWorkerScriptType,
+                                IsMainWorkerScript(), mWorkerScriptType,
-          mWorkerPrivate->ContentPolicyType(), loadFlags,
+                                mWorkerPrivate->ContentPolicyType(), loadFlags,
-          mWorkerPrivate->CookieSettings(), getter_AddRefs(channel));
+                                getter_AddRefs(channel));
      if (NS_WARN_IF(NS_FAILED(rv))) {
        return rv;
      }
@@ -1823,7 +1829,6 @@ class ChannelGetterRunnable final : public WorkerMainThreadRunnable {
    nsCOMPtr<Document> parentDoc = mWorkerPrivate->GetDocument();
    mLoadInfo.mLoadGroup = mWorkerPrivate->GetLoadGroup();
    mLoadInfo.mCookieSettings = mWorkerPrivate->CookieSettings();
    // Nested workers use default uri encoding.
    nsCOMPtr<nsIURI> url;
@@ -1839,8 +1844,7 @@ class ChannelGetterRunnable final : public WorkerMainThreadRunnable {
        mLoadInfo.mLoadingPrincipal, parentDoc, mLoadInfo.mLoadGroup, url,
        clientInfo,
        // Nested workers are always dedicated.
-        nsIContentPolicy::TYPE_INTERNAL_WORKER, mLoadInfo.mCookieSettings,
+        nsIContentPolicy::TYPE_INTERNAL_WORKER, getter_AddRefs(channel));
        getter_AddRefs(channel));
    NS_ENSURE_SUCCESS(mResult, true);
    mResult = mLoadInfo.SetPrincipalFromChannel(channel);
@@ -2155,8 +2159,7 @@ namespace workerinternals {
 nsresult ChannelFromScriptURLMainThread(
    nsIPrincipal* aPrincipal, Document* aParentDoc, nsILoadGroup* aLoadGroup,
    nsIURI* aScriptURL, const Maybe<ClientInfo>& aClientInfo,
-    nsContentPolicyType aMainScriptContentPolicyType,
+    nsContentPolicyType aMainScriptContentPolicyType, nsIChannel** aChannel) {
    nsICookieSettings* aCookieSettings, nsIChannel** aChannel) {
  AssertIsOnMainThread();
  nsCOMPtr<nsIIOService> ios(do_GetIOService());
@@ -2167,8 +2170,7 @@ nsresult ChannelFromScriptURLMainThread(
  return ChannelFromScriptURL(
      aPrincipal, aParentDoc, nullptr, aLoadGroup, ios, secMan, aScriptURL,
      aClientInfo, Maybe<ServiceWorkerDescriptor>(), true, WorkerScript,
-      aMainScriptContentPolicyType, nsIRequest::LOAD_NORMAL, aCookieSettings,
+      aMainScriptContentPolicyType, nsIRequest::LOAD_NORMAL, aChannel);
      aChannel);
 }
 nsresult ChannelFromScriptURLWorkerThread(JSContext* aCx,
--- a/dom/workers/ScriptLoader.h
+++ b/dom/workers/ScriptLoader.h
@@ -16,7 +16,6 @@ class nsIURI;
 class nsILoadGroup;
 class nsIChannel;
 class nsICookieSettings;
 namespace mozilla {
@@ -34,8 +33,7 @@ namespace workerinternals {
 nsresult ChannelFromScriptURLMainThread(
    nsIPrincipal* aPrincipal, Document* aParentDoc, nsILoadGroup* aLoadGroup,
    nsIURI* aScriptURL, const Maybe<ClientInfo>& aClientInfo,
-    nsContentPolicyType aContentPolicyType, nsICookieSettings* aCookieSettings,
+    nsContentPolicyType aContentPolicyType, nsIChannel** aChannel);
    nsIChannel** aChannel);
 nsresult ChannelFromScriptURLWorkerThread(JSContext* aCx,
                                          WorkerPrivate* aParent,
--- a/dom/workers/WorkerLoadInfo.h
+++ b/dom/workers/WorkerLoadInfo.h
@@ -19,7 +19,6 @@
 class nsIChannel;
 class nsIContentSecurityPolicy;
 class nsICookieSettings;
 class nsILoadGroup;
 class nsIPrincipal;
 class nsIRunnable;
@@ -51,9 +50,6 @@ struct WorkerLoadInfoData {
  nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
  nsCOMPtr<nsIPrincipal> mPrincipal;
  // Taken from the parent context.
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  nsCOMPtr<nsIScriptContext> mScriptContext;
  nsCOMPtr<nsPIDOMWindowInner> mWindow;
  nsCOMPtr<nsIContentSecurityPolicy> mCSP;
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -59,7 +59,6 @@
 #include "ScriptLoader.h"
 #include "mozilla/dom/ServiceWorkerEvents.h"
 #include "mozilla/dom/ServiceWorkerManager.h"
 #include "mozilla/net/CookieSettings.h"
 #include "WorkerCSPEventListener.h"
 #include "WorkerDebugger.h"
 #include "WorkerDebuggerManager.h"
@@ -2476,7 +2475,6 @@ nsresult WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindowInner* aWindow,
      nsContentUtils::StorageAccess access =
          nsContentUtils::StorageAllowedForWindow(globalWindow);
      loadInfo.mStorageAllowed = access > nsContentUtils::StorageAccess::eDeny;
      loadInfo.mCookieSettings = document->CookieSettings();
      loadInfo.mOriginAttributes =
          nsContentUtils::GetOriginAttributes(document);
      loadInfo.mParentController = globalWindow->GetController();
@@ -2522,9 +2520,6 @@ nsresult WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindowInner* aWindow,
      loadInfo.mFromWindow = false;
      loadInfo.mWindowID = UINT64_MAX;
      loadInfo.mStorageAllowed = true;
      loadInfo.mCookieSettings = mozilla::net::CookieSettings::Create();
      MOZ_ASSERT(loadInfo.mCookieSettings);
      loadInfo.mOriginAttributes = OriginAttributes();
    }
@@ -2544,10 +2539,10 @@ nsresult WorkerPrivate::GetLoadInfo(JSContext* aCx, nsPIDOMWindowInner* aWindow,
        getter_AddRefs(url), aScriptURL, document, loadInfo.mBaseURI);
    NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_SYNTAX_ERR);
-    rv = ChannelFromScriptURLMainThread(
+    rv = ChannelFromScriptURLMainThread(loadInfo.mLoadingPrincipal, document,
-        loadInfo.mLoadingPrincipal, document, loadInfo.mLoadGroup, url,
+                                        loadInfo.mLoadGroup, url, clientInfo,
-        clientInfo, ContentPolicyType(aWorkerType), loadInfo.mCookieSettings,
+                                        ContentPolicyType(aWorkerType),
-        getter_AddRefs(loadInfo.mChannel));
+                                        getter_AddRefs(loadInfo.mChannel));
    NS_ENSURE_SUCCESS(rv, rv);
    rv = NS_GetFinalChannelURI(loadInfo.mChannel,
--- a/dom/workers/WorkerPrivate.h
+++ b/dom/workers/WorkerPrivate.h
@@ -730,12 +730,6 @@ class WorkerPrivate : public RelativeTimeline {
           mLoadInfo.mFirstPartyStorageAccessGranted;
  }
  nsICookieSettings* CookieSettings() const {
    // Any thread.
    MOZ_ASSERT(mLoadInfo.mCookieSettings);
    return mLoadInfo.mCookieSettings;
  }
  const OriginAttributes& GetOriginAttributes() const {
    return mLoadInfo.mOriginAttributes;
  }
--- a/dom/workers/remoteworkers/RemoteWorkerChild.cpp
+++ b/dom/workers/remoteworkers/RemoteWorkerChild.cpp
@@ -18,7 +18,6 @@
 #include "mozilla/dom/WorkerRunnable.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/net/CookieSettings.h"
 #include "nsIConsoleReportCollector.h"
 #include "nsIPrincipal.h"
 #include "nsNetUtil.h"
@@ -270,7 +269,6 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(
  info.mStorageAllowed = aData.isStorageAccessAllowed();
  info.mOriginAttributes =
      BasePrincipal::Cast(principal)->OriginAttributesRef();
  info.mCookieSettings = net::CookieSettings::Create();
  // Default CSP permissions for now.  These will be overrided if necessary
  // based on the script CSP headers during load in ScriptLoader.
@@ -303,7 +301,7 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(
      info.mResolvedScriptURI, clientInfo,
      aData.isSharedWorker() ? nsIContentPolicy::TYPE_INTERNAL_SHARED_WORKER
                             : nsIContentPolicy::TYPE_INTERNAL_SERVICE_WORKER,
-      info.mCookieSettings, getter_AddRefs(info.mChannel));
+      getter_AddRefs(info.mChannel));
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return rv;
  }
--- a/dom/workers/test/mochitest.ini
+++ b/dom/workers/test/mochitest.ini
@@ -55,6 +55,7 @@ support-files =
  redirect_to_foreign.sjs
  rvals_worker.js
  sharedWorker_sharedWorker.js
  sharedWorker_thirdparty_frame.html
  simpleThread_worker.js
  suspend_window.html
  suspend_worker.js
@@ -172,9 +173,6 @@ skip-if = toolkit == 'android'
 [test_rvals.html]
 [test_sharedWorker.html]
 [test_sharedWorker_thirdparty.html]
 support-files =
  sharedWorker_thirdparty_frame.html
  sharedWorker_thirdparty_window.html
 [test_simpleThread.html]
 [test_suspend.html]
 [test_terminate.html]
--- a/dom/workers/test/sharedWorker_thirdparty_window.html
+++ b/dom/workers/test/sharedWorker_thirdparty_window.html
@@ -1,26 +0,0 @@
 <!--
  Any copyright is dedicated to the Public Domain.
  http://creativecommons.org/publicdomain/zero/1.0/
 -->
 <!DOCTYPE HTML>
 <html>
 <head>
  <title>Test for SharedWorker in 3rd Party Iframes</title>
 </head>
 <body>
  <script>
  let url = new URL(window.location);
  let frame = document.createElement('iframe');
  frame.src =
    'http://example.org/tests/dom/workers/test/sharedWorker_thirdparty_frame.html?name=' + url.searchParams.get('name');
  document.body.appendChild(frame);
  window.addEventListener('message', evt => {
    frame.remove();
    opener.postMessage(evt.data, "*");
  }, {once: true});
  </script>
 </body>
 </html>
--- a/dom/workers/test/test_sharedWorker_thirdparty.html
+++ b/dom/workers/test/test_sharedWorker_thirdparty.html
@@ -11,18 +11,22 @@
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css">
 </head>
 <body>
  <p id="display"></p>
  <div id="content" style="display: none"></div>
  <pre id="test">
  <script class="testbody">
  function testThirdPartyFrame(name) {
    return new Promise(resolve => {
-      // Let's use a window, loading the same origin, in order to have the new
+      let frame = document.createElement('iframe');
-      // cookie-policy applied.
+      frame.src =
-      let w = window.open("sharedWorker_thirdparty_window.html?name=" + name);
+        'http://example.org/tests/dom/workers/test/sharedWorker_thirdparty_frame.html?name=' + name;
      document.body.appendChild(frame);
      window.addEventListener('message', function messageListener(evt) {
        if (evt.data.name !== name) {
          return;
        }
-        w.close();
+        frame.remove();
        window.removeEventListener('message', messageListener);
        resolve(evt.data.result);
      });
@@ -51,5 +55,6 @@
  });
  </script>
  </pre>
 </body>
 </html>
--- a/dom/xbl/nsXBLService.cpp
+++ b/dom/xbl/nsXBLService.cpp
@@ -1047,7 +1047,6 @@ nsresult nsXBLService::FetchBindingDocument(
                       nsContentUtils::GetSystemPrincipal(),
                       nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
                       nsIContentPolicy::TYPE_XBL,
                       nullptr,  // nsICookieSettings
                       nullptr,  // PerformanceStorage
                       loadGroup);
  }
--- a/dom/xhr/XMLHttpRequest.cpp
+++ b/dom/xhr/XMLHttpRequest.cpp
@@ -7,8 +7,6 @@
 #include "XMLHttpRequest.h"
 #include "XMLHttpRequestMainThread.h"
 #include "XMLHttpRequestWorker.h"
 #include "mozilla/net/CookieSettings.h"
 #include "nsGlobalWindowInner.h"
 namespace mozilla {
 namespace dom {
@@ -27,23 +25,8 @@ already_AddRefed<XMLHttpRequest> XMLHttpRequest::Constructor(
      return nullptr;
    }
    nsCOMPtr<nsICookieSettings> cookieSettings;
    nsCOMPtr<nsPIDOMWindowInner> window = do_QueryInterface(global);
    if (window) {
      Document* document = window->GetExtantDoc();
      if (NS_WARN_IF(!document)) {
        aRv.Throw(NS_ERROR_FAILURE);
        return nullptr;
      }
      cookieSettings = document->CookieSettings();
    } else {
      // We are here because this is a sandbox.
      cookieSettings = net::CookieSettings::Create();
    }
    RefPtr<XMLHttpRequestMainThread> req = new XMLHttpRequestMainThread();
-    req->Construct(principal->GetPrincipal(), global, cookieSettings);
+    req->Construct(principal->GetPrincipal(), global);
    req->InitParameters(aParams.mMozAnon, aParams.mMozSystem);
    return req.forget();
  }
--- a/dom/xhr/XMLHttpRequestMainThread.cpp
+++ b/dom/xhr/XMLHttpRequestMainThread.cpp
@@ -2334,7 +2334,6 @@ nsresult XMLHttpRequestMainThread::CreateChannel() {
    rv = NS_NewChannel(getter_AddRefs(mChannel), mRequestURL, mPrincipal,
                       mClientInfo.ref(), mController, secFlags,
                       nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST,
                       mCookieSettings,
                       mPerformanceStorage,  // aPerformanceStorage
                       loadGroup,
                       nullptr,  // aCallbacks
@@ -2343,7 +2342,6 @@ nsresult XMLHttpRequestMainThread::CreateChannel() {
    // Otherwise use the principal.
    rv = NS_NewChannel(getter_AddRefs(mChannel), mRequestURL, mPrincipal,
                       secFlags, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST,
                       mCookieSettings,
                       mPerformanceStorage,  // aPerformanceStorage
                       loadGroup,
                       nullptr,  // aCallbacks
--- a/dom/xhr/XMLHttpRequestMainThread.h
+++ b/dom/xhr/XMLHttpRequestMainThread.h
@@ -199,8 +199,7 @@ class XMLHttpRequestMainThread final : public XMLHttpRequest,
  XMLHttpRequestMainThread();
  void Construct(nsIPrincipal* aPrincipal, nsIGlobalObject* aGlobalObject,
-                 nsICookieSettings* aCookieSettings, nsIURI* aBaseURI = nullptr,
+                 nsIURI* aBaseURI = nullptr, nsILoadGroup* aLoadGroup = nullptr,
                 nsILoadGroup* aLoadGroup = nullptr,
                 PerformanceStorage* aPerformanceStorage = nullptr,
                 nsICSPEventListener* aCSPEventListener = nullptr) {
    MOZ_ASSERT(aPrincipal);
@@ -208,7 +207,6 @@ class XMLHttpRequestMainThread final : public XMLHttpRequest,
    BindToOwner(aGlobalObject);
    mBaseURI = aBaseURI;
    mLoadGroup = aLoadGroup;
    mCookieSettings = aCookieSettings;
    mPerformanceStorage = aPerformanceStorage;
    mCSPEventListener = aCSPEventListener;
  }
@@ -496,8 +494,6 @@ class XMLHttpRequestMainThread final : public XMLHttpRequest,
  nsCOMPtr<nsIStreamListener> mXMLParserStreamListener;
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  RefPtr<PerformanceStorage> mPerformanceStorage;
  nsCOMPtr<nsICSPEventListener> mCSPEventListener;
--- a/dom/xhr/XMLHttpRequestWorker.cpp
+++ b/dom/xhr/XMLHttpRequestWorker.cpp
@@ -779,7 +779,6 @@ bool Proxy::Init() {
  mXHR = new XMLHttpRequestMainThread();
  mXHR->Construct(mWorkerPrivate->GetPrincipal(),
                  ownerWindow ? ownerWindow->AsGlobal() : nullptr,
                  mWorkerPrivate->CookieSettings(),
                  mWorkerPrivate->GetBaseURI(), mWorkerPrivate->GetLoadGroup(),
                  mWorkerPrivate->GetPerformanceStorage(),
                  mWorkerPrivate->CSPEventListener());
--- a/dom/xhr/tests/mochitest.ini
+++ b/dom/xhr/tests/mochitest.ini
@@ -79,7 +79,6 @@ skip-if = toolkit == 'android'
 [test_worker_xhr.html]
 [test_worker_xhr2.html]
 [test_worker_xhr_3rdparty.html]
 support-files = window_worker_xhr_3rdparty.html
 [test_worker_xhr_cors_redirect.html]
 [test_worker_xhr_headers.html]
 [test_worker_xhr_implicit_cancel.html]
--- a/dom/xhr/tests/test_worker_xhr_3rdparty.html
+++ b/dom/xhr/tests/test_worker_xhr_3rdparty.html
@@ -14,32 +14,57 @@ Tests of DOM Worker Threads XHR(Bug 450452 )
 </head>
 <body>
 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=450452">DOM Worker Threads XHR (Bug 450452)</a>
 <p id="display"></p>
 <div id="content" style="display: none">
 </div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
-  document.cookie = "a=cookie_is_set";
+  var worker = new Worker("xhr_worker.js");
-  SpecialPowers.pushPrefEnv({ set: [[ "network.cookie.cookieBehavior", 1 ]] },
+  var gotUploadLoad = false, gotLoadend = false;
                            () => {
    let w = window.open("window_worker_xhr_3rdparty.html");
-    onmessage = e => {
+  worker.onmessage = function(event) {
-      if (e.data.type == "finish") {
+    is(event.target, worker);
-        w.close();
+    var args = event.data;
    switch (args.type) {
      case "progress": {
        ok(parseInt(args.current) <= parseInt(args.total));
      } break;
      case "error": {
        ok(false, "XHR error: " + args.error);
      } break;
      case "upload.load": {
        gotUploadLoad = true;
      } break;
      case "load": {
        ok(gotUploadLoad, "Should have gotten upload load event");
        gotLoadend = true;
        is(args.data, "a=cookie_is_set", "correct data");
        document.getElementById("content").textContent = args.data;
      } break;
      case "loadend": {
        ok(gotLoadend, "Should have gotten load.");
        SimpleTest.finish();
-        return;
+        break;
      }
-
+      default: {
-      if (e.data.type == "test") {
+        ok(false, "Unexpected message");
-        ok(e.data.test, e.data.msg);
+        SimpleTest.finish();
        return;
      }
      ok(false, "Invalid message.");
    }
-  });
+  };
  worker.onerror = function(event) {
    is(event.target, worker);
    ok(false, "Worker had an error:" + event.message);
    SimpleTest.finish();
  }
  document.cookie = "a=cookie_is_set";
  SpecialPowers.pushPrefEnv({ set: [[ "network.cookie.cookieBehavior", 1 ]] },
                            () => worker.postMessage("worker_file_getcookie.sjs"));
  SimpleTest.waitForExplicitFinish();
--- a/dom/xhr/tests/window_worker_xhr_3rdparty.html
+++ b/dom/xhr/tests/window_worker_xhr_3rdparty.html
@@ -1,71 +0,0 @@
 <!--
  Any copyright is dedicated to the Public Domain.
  http://creativecommons.org/publicdomain/zero/1.0/
 -->
 <!DOCTYPE HTML>
 <html>
 <!--
 Tests of DOM Worker Threads XHR(Bug 450452 )
 -->
 <body>
 <div id="content" style="display: none"></div>
 <script class="testbody" type="text/javascript">
  function ok(a, msg) {
    opener.postMessage({type: "test", test: !!a, msg }, "*");
  }
  function is(a, b, msg) {
    ok(a === b, msg);
  }
  function finish() {
    opener.postMessage({type: "finish" }, "*");
  }
  var worker = new Worker("xhr_worker.js");
  var gotUploadLoad = false, gotLoadend = false;
  worker.onmessage = function(event) {
    is(event.target, worker);
    var args = event.data;
    switch (args.type) {
      case "progress": {
        ok(parseInt(args.current) <= parseInt(args.total));
      } break;
      case "error": {
        ok(false, "XHR error: " + args.error);
      } break;
      case "upload.load": {
        gotUploadLoad = true;
      } break;
      case "load": {
        ok(gotUploadLoad, "Should have gotten upload load event");
        gotLoadend = true;
        is(args.data, "a=cookie_is_set", "correct data");
        document.getElementById("content").textContent = args.data;
      } break;
      case "loadend": {
        ok(gotLoadend, "Should have gotten load.");
        finish();
        break;
      }
      default: {
        ok(false, "Unexpected message");
        finish();
      }
    }
  };
  worker.onerror = function(event) {
    is(event.target, worker);
    ok(false, "Worker had an error:" + event.message);
    finish();
  }
  worker.postMessage("worker_file_getcookie.sjs");
 </script>
 </body>
 </html>
--- a/dom/xml/nsXMLPrettyPrinter.cpp
+++ b/dom/xml/nsXMLPrettyPrinter.cpp
@@ -68,9 +68,8 @@ nsresult nsXMLPrettyPrinter::PrettyPrint(Document* aDocument,
  nsCOMPtr<Document> xslDocument;
  rv = nsSyncLoadService::LoadDocument(
      xslUri, nsIContentPolicy::TYPE_XSLT, nsContentUtils::GetSystemPrincipal(),
-      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nullptr,
+      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL, nullptr, true,
-      aDocument->CookieSettings(), true, mozilla::net::RP_Unset,
+      mozilla::net::RP_Unset, getter_AddRefs(xslDocument));
      getter_AddRefs(xslDocument));
  NS_ENSURE_SUCCESS(rv, rv);
  // Transform the document
--- a/dom/xslt/xml/txXMLParser.cpp
+++ b/dom/xslt/xml/txXMLParser.cpp
@@ -38,8 +38,7 @@ nsresult txParseDocumentFromURI(const nsAString& aHref,
  rv = nsSyncLoadService::LoadDocument(
      documentURI, nsIContentPolicy::TYPE_INTERNAL_XMLHTTPREQUEST,
      loaderDocument->NodePrincipal(),
-      nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, loadGroup,
+      nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, loadGroup, true,
      loaderDocument->CookieSettings(), true,
      loaderDocument->GetReferrerPolicy(), &theDocument);
  if (NS_FAILED(rv)) {
--- a/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
+++ b/dom/xslt/xslt/txMozillaStylesheetCompiler.cpp
@@ -563,8 +563,7 @@ nsresult txSyncCompileObserver::loadURI(const nsAString& aUri,
  rv = nsSyncLoadService::LoadDocument(
      uri, nsIContentPolicy::TYPE_XSLT, referrerPrincipal,
-      nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, nullptr,
+      nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS, nullptr, false,
      source ? source->OwnerDoc()->CookieSettings() : nullptr, false,
      aReferrerPolicy, getter_AddRefs(document));
  NS_ENSURE_SUCCESS(rv, rv);
--- a/extensions/cookie/test/unit/test_cookies_privatebrowsing.js
+++ b/extensions/cookie/test/unit/test_cookies_privatebrowsing.js
@@ -26,9 +26,6 @@ function* do_run_test() {
  // Set up a profile.
  let profile = do_get_profile();
  // We don't want to have CookieSettings blocking this test.
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  // Test with cookies enabled.
  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
--- a/extensions/cookie/test/unit/test_cookies_thirdparty.js
+++ b/extensions/cookie/test/unit/test_cookies_thirdparty.js
@@ -6,99 +6,57 @@
 // 2) with channel, but with no docshell parent
 function run_test() {
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  // Create URIs and channels pointing to foo.com and bar.com.
  // We will use these to put foo.com into first and third party contexts.
-  let spec1 = "http://foo.com/foo.html";
+  var spec1 = "http://foo.com/foo.html";
-  let spec2 = "http://bar.com/bar.html";
+  var spec2 = "http://bar.com/bar.html";
-  let uri1 = NetUtil.newURI(spec1);
+  var uri1 = NetUtil.newURI(spec1);
-  let uri2 = NetUtil.newURI(spec2);
+  var uri2 = NetUtil.newURI(spec2);
  var channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
  var channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
-    // test with cookies enabled
+  // test with cookies enabled
-  {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
-    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
-
+  Services.cookies.removeAll();
-    let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
+  do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
-    let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
+  Services.cookies.removeAll();
    do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
    Services.cookies.removeAll();
    do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
    Services.cookies.removeAll();
  }
  // test with third party cookies blocked
-  {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
-    Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
+  do_set_cookies(uri1, channel1, true, [0, 0, 0, 0]);
-
+  Services.cookies.removeAll();
-    let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
+  do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
-    let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
+  Services.cookies.removeAll();
    do_set_cookies(uri1, channel1, true, [0, 0, 0, 0]);
    Services.cookies.removeAll();
    do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
    Services.cookies.removeAll();
  }
  // Force the channel URI to be used when determining the originating URI of
  // the channel.
-  // test with third party cookies blocked
+  var httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
  var httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
  httpchannel1.forceAllowThirdPartyCookie = true;
  httpchannel2.forceAllowThirdPartyCookie = true;
  // test with cookies enabled
-  {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
-    Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
+  do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
-
+  Services.cookies.removeAll();
-    let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
+  do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
-    let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
+  Services.cookies.removeAll();
    httpchannel1.forceAllowThirdPartyCookie = true;
    let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
    let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
    httpchannel2.forceAllowThirdPartyCookie = true;
    do_set_cookies(uri1, channel1, true, [1, 2, 3, 4]);
    Services.cookies.removeAll();
    do_set_cookies(uri1, channel2, true, [1, 2, 3, 4]);
    Services.cookies.removeAll();
  }
  // test with third party cookies blocked
-  {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
-    Services.prefs.setIntPref("network.cookie.cookieBehavior", 1);
+  do_set_cookies(uri1, channel1, true, [0, 1, 1, 2]);
-
+  Services.cookies.removeAll();
-    let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
+  do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
-    let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
+  Services.cookies.removeAll();
    httpchannel1.forceAllowThirdPartyCookie = true;
    let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
    let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
    httpchannel2.forceAllowThirdPartyCookie = true;
    do_set_cookies(uri1, channel1, true, [0, 1, 1, 2]);
    Services.cookies.removeAll();
    do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
    Services.cookies.removeAll();
  }
  // test with third party cookies limited
-  {
+  Services.prefs.setIntPref("network.cookie.cookieBehavior", 3);
-    Services.prefs.setIntPref("network.cookie.cookieBehavior", 3);
+  do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
-
+  Services.cookies.removeAll();
-    let channel1 = NetUtil.newChannel({uri: uri1, loadUsingSystemPrincipal: true});
+  do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
-    let httpchannel1 = channel1.QueryInterface(Ci.nsIHttpChannelInternal);
+  Services.cookies.removeAll();
-    httpchannel1.forceAllowThirdPartyCookie = true;
+  do_set_single_http_cookie(uri1, channel1, 1);
-
+  do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
-    let channel2 = NetUtil.newChannel({uri: uri2, loadUsingSystemPrincipal: true});
+  Services.cookies.removeAll();
    let httpchannel2 = channel2.QueryInterface(Ci.nsIHttpChannelInternal);
    httpchannel2.forceAllowThirdPartyCookie = true;
    do_set_cookies(uri1, channel1, true, [0, 1, 2, 3]);
    Services.cookies.removeAll();
    do_set_cookies(uri1, channel2, true, [0, 0, 0, 0]);
    Services.cookies.removeAll();
    do_set_single_http_cookie(uri1, channel1, 1);
    do_set_cookies(uri1, channel2, true, [2, 3, 4, 5]);
    Services.cookies.removeAll();
  }
 }
--- a/extensions/cookie/test/unit/test_cookies_thirdparty_nonsecure_session.js
+++ b/extensions/cookie/test/unit/test_cookies_thirdparty_nonsecure_session.js
@@ -25,9 +25,6 @@ function* do_run_test() {
  // Set up a profile.
  let profile = do_get_profile();
  // We don't want to have CookieSettings blocking this test.
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  // Create URIs and channels pointing to foo.com and bar.com.
  // We will use these to put foo.com into first and third party contexts.
  var spec1 = "http://foo.com/foo.html";
--- a/extensions/cookie/test/unit/test_cookies_thirdparty_session.js
+++ b/extensions/cookie/test/unit/test_cookies_thirdparty_session.js
@@ -23,9 +23,6 @@ function* do_run_test() {
  // Set up a profile.
  let profile = do_get_profile();
  // We don't want to have CookieSettings blocking this test.
  Services.prefs.setBoolPref("network.cookieSettings.unblocked_for_testing", true);
  // Create URIs and channels pointing to foo.com and bar.com.
  // We will use these to put foo.com into first and third party contexts.
  var spec1 = "http://foo.com/foo.html";
--- a/extensions/pref/autoconfig/src/nsAutoConfig.cpp
+++ b/extensions/pref/autoconfig/src/nsAutoConfig.cpp
@@ -249,7 +249,6 @@ nsresult nsAutoConfig::downloadAutoConfig() {
      getter_AddRefs(channel), url, nsContentUtils::GetSystemPrincipal(),
      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
      nsIContentPolicy::TYPE_OTHER,
      nullptr,  // nsICookieSettings
      nullptr,  // PerformanceStorage
      nullptr,  // loadGroup
      nullptr,  // aCallbacks
--- a/image/imgLoader.cpp
+++ b/image/imgLoader.cpp
@@ -835,11 +835,10 @@ static nsresult NewImageChannel(
    // outside a document, in which case the triggeringPrincipal and
    // triggeringPrincipal should always be the systemPrincipal.
    // However, there are exceptions: one is Notifications which create a
-    // channel in the parent process in which case we can't get a
+    // channel in the parent prcoess in which case we can't get a
    // requestingNode.
    rv = NS_NewChannel(aResult, aURI, nsContentUtils::GetSystemPrincipal(),
                       securityFlags, aPolicyType,
                       nullptr,  // nsICookieSettings
                       nullptr,  // PerformanceStorage
                       nullptr,  // loadGroup
                       callbacks, aLoadFlags);
--- a/ipc/glue/BackgroundUtils.cpp
+++ b/ipc/glue/BackgroundUtils.cpp
@@ -12,7 +12,6 @@
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/net/NeckoChannelParams.h"
 #include "ExpandedPrincipal.h"
 #include "nsIScriptSecurityManager.h"
@@ -487,14 +486,6 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
  nsAutoString cspNonce;
  Unused << NS_WARN_IF(NS_FAILED(aLoadInfo->GetCspNonce(cspNonce)));
  nsCOMPtr<nsICookieSettings> cookieSettings;
  rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
  NS_ENSURE_SUCCESS(rv, rv);
  CookieSettingsArgs cookieSettingsArgs;
  static_cast<CookieSettings*>(cookieSettings.get())
      ->Serialize(cookieSettingsArgs);
  *aOptionalLoadInfoArgs = Some(LoadInfoArgs(
      loadingPrincipalInfo, triggeringPrincipalInfo, principalToInheritInfo,
      sandboxedLoadingPrincipalInfo, topLevelPrincipalInfo,
@@ -525,7 +516,7 @@ nsresult LoadInfoToLoadInfoArgs(nsILoadInfo* aLoadInfo,
      aLoadInfo->GetDocumentHasUserInteracted(),
      aLoadInfo->GetDocumentHasLoaded(), cspNonce,
      aLoadInfo->GetIsFromProcessingFrameAttributes(),
-      aLoadInfo->GetOpenerPolicy(), cookieSettingsArgs));
+      aLoadInfo->GetOpenerPolicy()));
  return NS_OK;
 }
@@ -649,15 +640,11 @@ nsresult LoadInfoArgsToLoadInfo(
        loadInfoArgs.controller().get_IPCServiceWorkerDescriptor()));
  }
  nsCOMPtr<nsICookieSettings> cookieSettings;
  CookieSettings::Deserialize(loadInfoArgs.cookieSettings(),
                              getter_AddRefs(cookieSettings));
  RefPtr<mozilla::LoadInfo> loadInfo = new mozilla::LoadInfo(
      loadingPrincipal, triggeringPrincipal, principalToInherit,
      sandboxedLoadingPrincipal, topLevelPrincipal,
-      topLevelStorageAreaPrincipal, resultPrincipalURI, cookieSettings,
+      topLevelStorageAreaPrincipal, resultPrincipalURI, clientInfo,
-      clientInfo, reservedClientInfo, initialClientInfo, controller,
+      reservedClientInfo, initialClientInfo, controller,
      loadInfoArgs.securityFlags(), loadInfoArgs.contentPolicyType(),
      static_cast<LoadTainting>(loadInfoArgs.tainting()),
      loadInfoArgs.upgradeInsecureRequests(),
@@ -700,7 +687,7 @@ void LoadInfoToParentLoadInfoForwarder(
        false,  // serviceWorkerTaintingSynthesized
        false,  // documentHasUserInteracted
        false,  // documentHasLoaded
-        nsILoadInfo::OPENER_POLICY_NULL, Maybe<CookieSettingsArgs>());
+        nsILoadInfo::OPENER_POLICY_NULL);
    return;
  }
@@ -716,21 +703,11 @@ void LoadInfoToParentLoadInfoForwarder(
  nsILoadInfo::CrossOriginOpenerPolicy openerPolicy =
      aLoadInfo->GetOpenerPolicy();
  Maybe<CookieSettingsArgs> cookieSettingsArgs;
  nsCOMPtr<nsICookieSettings> cookieSettings;
  nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
  if (NS_SUCCEEDED(rv) && cookieSettings) {
    CookieSettingsArgs args;
    static_cast<CookieSettings*>(cookieSettings.get())->Serialize(args);
    cookieSettingsArgs = Some(args);
  }
  *aForwarderArgsOut = ParentLoadInfoForwarderArgs(
      aLoadInfo->GetAllowInsecureRedirectToDataURI(), ipcController, tainting,
      aLoadInfo->GetServiceWorkerTaintingSynthesized(),
      aLoadInfo->GetDocumentHasUserInteracted(),
-      aLoadInfo->GetDocumentHasLoaded(), openerPolicy, cookieSettingsArgs);
+      aLoadInfo->GetDocumentHasLoaded(), openerPolicy);
 }
 nsresult MergeParentLoadInfoForwarder(
@@ -767,17 +744,6 @@ nsresult MergeParentLoadInfoForwarder(
  MOZ_ALWAYS_SUCCEEDS(
      aLoadInfo->SetDocumentHasLoaded(aForwarderArgs.documentHasLoaded()));
  const Maybe<CookieSettingsArgs>& cookieSettingsArgs =
      aForwarderArgs.cookieSettings();
  if (cookieSettingsArgs.isSome()) {
    nsCOMPtr<nsICookieSettings> cookieSettings;
    nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
    if (NS_SUCCEEDED(rv) && cookieSettings) {
      static_cast<CookieSettings*>(cookieSettings.get())
          ->Merge(cookieSettingsArgs.ref());
    }
  }
  return NS_OK;
 }
--- a/js/xpconnect/loader/mozJSComponentLoader.cpp
+++ b/js/xpconnect/loader/mozJSComponentLoader.cpp
@@ -238,7 +238,6 @@ class MOZ_STACK_CLASS ComponentLoaderInfo {
                         nsContentUtils::GetSystemPrincipal(),
                         nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                         nsIContentPolicy::TYPE_SCRIPT,
                         nullptr,  // nsICookieSettings
                         nullptr,  // aPerformanceStorage
                         nullptr,  // aLoadGroup
                         nullptr,  // aCallbacks
--- a/js/xpconnect/loader/mozJSSubScriptLoader.cpp
+++ b/js/xpconnect/loader/mozJSSubScriptLoader.cpp
@@ -417,7 +417,6 @@ nsresult mozJSSubScriptLoader::ReadScriptAsync(nsIURI* uri,
                     nsContentUtils::GetSystemPrincipal(),
                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                     nsIContentPolicy::TYPE_OTHER,
                     nullptr,  // nsICookieSettings
                     nullptr,  // aPerformanceStorage
                     nullptr,  // aLoadGroup
                     nullptr,  // aCallbacks
@@ -457,7 +456,6 @@ bool mozJSSubScriptLoader::ReadScript(nsIURI* uri, JSContext* cx,
                     nsContentUtils::GetSystemPrincipal(),
                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                     nsIContentPolicy::TYPE_OTHER,
                     nullptr,  // nsICookieSettings
                     nullptr,  // PerformanceStorage
                     nullptr,  // aLoadGroup
                     nullptr,  // aCallbacks
--- a/layout/style/Loader.cpp
+++ b/layout/style/Loader.cpp
@@ -1393,7 +1393,6 @@ nsresult Loader::LoadSheet(SheetLoadData* aLoadData,
  }
  nsCOMPtr<nsILoadGroup> loadGroup;
  nsCOMPtr<nsICookieSettings> cookieSettings;
  if (mDocument) {
    loadGroup = mDocument->GetDocumentLoadGroup();
    // load for a document with no loadgrup indicates that something is
@@ -1403,8 +1402,6 @@ nsresult Loader::LoadSheet(SheetLoadData* aLoadData,
      SheetComplete(aLoadData, NS_ERROR_UNEXPECTED);
      return NS_ERROR_UNEXPECTED;
    }
    cookieSettings = mDocument->CookieSettings();
  }
 #ifdef DEBUG
  mSyncCallback = true;
@@ -1446,7 +1443,7 @@ nsresult Loader::LoadSheet(SheetLoadData* aLoadData,
    // triggeringPrincipal should always be the systemPrincipal.
    rv = NS_NewChannel(getter_AddRefs(channel), aLoadData->mURI,
                       nsContentUtils::GetSystemPrincipal(), securityFlags,
-                       contentPolicyType, cookieSettings,
+                       contentPolicyType,
                       nullptr,  // aPerformanceStorage
                       loadGroup,
                       nullptr,  // aCallbacks
--- a/modules/libpref/init/StaticPrefList.h
+++ b/modules/libpref/init/StaticPrefList.h
@@ -1752,14 +1752,6 @@ VARCACHE_PREF(
  bool, true
 )
 // Allow CookieSettings to be unblocked for channels without a document.
 // This is for testing only.
 VARCACHE_PREF(
  "network.cookieSettings.unblocked_for_testing",
   network_cookieSettings_unblocked_for_testing,
  bool, false
 )
 VARCACHE_PREF(
  "network.predictor.enable-hover-on-ssl",
   network_predictor_enable_hover_on_ssl,
--- a/netwerk/base/LoadInfo.cpp
+++ b/netwerk/base/LoadInfo.cpp
@@ -13,17 +13,13 @@
 #include "mozilla/dom/TabChild.h"
 #include "mozilla/dom/ToJSValue.h"
 #include "mozilla/dom/BrowsingContext.h"
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/NullPrincipal.h"
 #include "mozilla/StaticPrefs.h"
 #include "mozIThirdPartyUtil.h"
 #include "nsFrameLoader.h"
 #include "nsFrameLoaderOwner.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIDocShell.h"
 #include "mozilla/dom/Document.h"
 #include "nsCookiePermission.h"
 #include "nsICookieService.h"
 #include "nsIInterfaceRequestorUtils.h"
 #include "nsISupportsImpl.h"
 #include "nsISupportsUtils.h"
@@ -209,10 +205,6 @@ LoadInfo::LoadInfo(
          }
        }
      }
      // Let's inherit the cookie behavior and permission from the parent
      // document.
      mCookieSettings = aLoadingContext->OwnerDoc()->CookieSettings();
    }
    mInnerWindowID = aLoadingContext->OwnerDoc()->InnerWindowID();
@@ -434,11 +426,6 @@ LoadInfo::LoadInfo(nsPIDOMWindowOuter* aOuterWindow,
               "chrome docshell shouldn't have mPrivateBrowsingId set.");
  }
 #endif
  // Let's take the current cookie behavior and current cookie permission
  // for the documents' loadInfo. Note that for any other loadInfos,
  // cookieBehavior will be BEHAVIOR_REJECT for security reasons.
  mCookieSettings = CookieSettings::Create();
 }
 LoadInfo::LoadInfo(const LoadInfo& rhs)
@@ -449,7 +436,6 @@ LoadInfo::LoadInfo(const LoadInfo& rhs)
      mTopLevelPrincipal(rhs.mTopLevelPrincipal),
      mTopLevelStorageAreaPrincipal(rhs.mTopLevelStorageAreaPrincipal),
      mResultPrincipalURI(rhs.mResultPrincipalURI),
      mCookieSettings(rhs.mCookieSettings),
      mClientInfo(rhs.mClientInfo),
      // mReservedClientSource must be handled specially during redirect
      // mReservedClientInfo must be handled specially during redirect
@@ -508,7 +494,7 @@ LoadInfo::LoadInfo(
    nsIPrincipal* aPrincipalToInherit, nsIPrincipal* aSandboxedLoadingPrincipal,
    nsIPrincipal* aTopLevelPrincipal,
    nsIPrincipal* aTopLevelStorageAreaPrincipal, nsIURI* aResultPrincipalURI,
-    nsICookieSettings* aCookieSettings, const Maybe<ClientInfo>& aClientInfo,
+    const Maybe<ClientInfo>& aClientInfo,
    const Maybe<ClientInfo>& aReservedClientInfo,
    const Maybe<ClientInfo>& aInitialClientInfo,
    const Maybe<ServiceWorkerDescriptor>& aController,
@@ -540,7 +526,6 @@ LoadInfo::LoadInfo(
      mTopLevelPrincipal(aTopLevelPrincipal),
      mTopLevelStorageAreaPrincipal(aTopLevelStorageAreaPrincipal),
      mResultPrincipalURI(aResultPrincipalURI),
      mCookieSettings(aCookieSettings),
      mClientInfo(aClientInfo),
      mReservedClientInfo(aReservedClientInfo),
      mInitialClientInfo(aInitialClientInfo),
@@ -786,46 +771,6 @@ LoadInfo::GetCookiePolicy(uint32_t* aResult) {
  return NS_OK;
 }
 namespace {
 already_AddRefed<nsICookieSettings> CreateCookieSettings(
    nsContentPolicyType aContentPolicyType) {
  if (StaticPrefs::network_cookieSettings_unblocked_for_testing()) {
    return CookieSettings::Create();
  }
  // These contentPolictTypes require a real CookieSettings because favicon and
  // save-as requests must send cookies. Anything else should not send/receive
  // cookies.
  if (aContentPolicyType == nsIContentPolicy::TYPE_INTERNAL_IMAGE_FAVICON ||
      aContentPolicyType == nsIContentPolicy::TYPE_SAVEAS_DOWNLOAD) {
    return CookieSettings::Create();
  }
  return CookieSettings::CreateBlockingAll();
 }
 }  // namespace
 NS_IMETHODIMP
 LoadInfo::GetCookieSettings(nsICookieSettings** aCookieSettings) {
  if (!mCookieSettings) {
    mCookieSettings = CreateCookieSettings(mInternalContentPolicyType);
  }
  nsCOMPtr<nsICookieSettings> cookieSettings = mCookieSettings;
  cookieSettings.forget(aCookieSettings);
  return NS_OK;
 }
 NS_IMETHODIMP
 LoadInfo::SetCookieSettings(nsICookieSettings* aCookieSettings) {
  MOZ_ASSERT(aCookieSettings);
  // We allow the overwrite of CookieSettings.
  mCookieSettings = aCookieSettings;
  return NS_OK;
 }
 void LoadInfo::SetIncludeCookiesSecFlag() {
  MOZ_ASSERT((mSecurityFlags & sCookiePolicyMask) ==
             nsILoadInfo::SEC_COOKIES_DEFAULT);
--- a/netwerk/base/LoadInfo.h
+++ b/netwerk/base/LoadInfo.h
@@ -19,7 +19,6 @@
 #include "mozilla/dom/ClientInfo.h"
 #include "mozilla/dom/ServiceWorkerDescriptor.h"
 class nsICookieSettings;
 class nsINode;
 class nsPIDOMWindowOuter;
@@ -71,7 +70,6 @@ class LoadInfo final : public nsILoadInfo {
  // create an exact copy of the loadinfo
  already_AddRefed<nsILoadInfo> Clone() const;
  // hands off!!! don't use CloneWithNewSecFlags unless you know
  // exactly what you are doing - it should only be used within
  // nsBaseChannel::Redirect()
@@ -98,7 +96,7 @@ class LoadInfo final : public nsILoadInfo {
           nsIPrincipal* aSandboxedLoadingPrincipal,
           nsIPrincipal* aTopLevelPrincipal,
           nsIPrincipal* aTopLevelStorageAreaPrincipal,
-           nsIURI* aResultPrincipalURI, nsICookieSettings* aCookieSettings,
+           nsIURI* aResultPrincipalURI,
           const Maybe<mozilla::dom::ClientInfo>& aClientInfo,
           const Maybe<mozilla::dom::ClientInfo>& aReservedClientInfo,
           const Maybe<mozilla::dom::ClientInfo>& aInitialClientInfo,
@@ -157,7 +155,6 @@ class LoadInfo final : public nsILoadInfo {
  nsCOMPtr<nsIPrincipal> mTopLevelStorageAreaPrincipal;
  nsCOMPtr<nsIURI> mResultPrincipalURI;
  nsCOMPtr<nsICSPEventListener> mCSPEventListener;
  nsCOMPtr<nsICookieSettings> mCookieSettings;
  Maybe<mozilla::dom::ClientInfo> mClientInfo;
  UniquePtr<mozilla::dom::ClientSource> mReservedClientSource;
--- a/netwerk/base/NetworkConnectivityService.cpp
+++ b/netwerk/base/NetworkConnectivityService.cpp
@@ -191,7 +191,6 @@ static inline already_AddRefed<nsIChannel> SetupIPCheckChannel(bool ipv4) {
      getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(),
      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
      nsIContentPolicy::TYPE_OTHER,
      nullptr,  // nsICookieSettings
      nullptr,  // aPerformanceStorage
      nullptr,  // aLoadGroup
      nullptr,
--- a/netwerk/base/Predictor.cpp
+++ b/netwerk/base/Predictor.cpp
@@ -1246,8 +1246,7 @@ nsresult Predictor::Prefetch(nsIURI *uri, nsIURI *referrer,
  nsresult rv = NS_NewChannel(
      getter_AddRefs(channel), uri, nsContentUtils::GetSystemPrincipal(),
      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
-      nsIContentPolicy::TYPE_OTHER, nullptr, /* nsICookieSettings */
+      nsIContentPolicy::TYPE_OTHER, nullptr, /* aPerformanceStorage */
      nullptr,                               /* aPerformanceStorage */
      nullptr,                               /* aLoadGroup */
      nullptr,                               /* aCallbacks */
      nsIRequest::LOAD_BACKGROUND);
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@@ -8,7 +8,6 @@
 #include "nsIContentPolicy.idl"
 interface nsIChannel;
 interface nsICookieSettings;
 interface nsICSPEventListener;
 interface nsINode;
 interface nsIPrincipal;
@@ -427,12 +426,6 @@ interface nsILoadInfo : nsISupports
   */
  [infallible] readonly attribute unsigned long cookiePolicy;
  /**
   * The cookie settings inherited from the top-level document's loadInfo.
   * It cannot be null.
   */
  attribute nsICookieSettings cookieSettings;
  /**
   * If forceInheritPrincipal is true, the data coming from the channel should
   * inherit its principal, even when the data is loaded over http:// or another
--- a/netwerk/base/nsIncrementalDownload.cpp
+++ b/netwerk/base/nsIncrementalDownload.cpp
@@ -220,7 +220,6 @@ nsresult nsIncrementalDownload::ProcessTimeout() {
                              nsContentUtils::GetSystemPrincipal(),
                              nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                              nsIContentPolicy::TYPE_OTHER,
                              nullptr,  // nsICookieSettings
                              nullptr,  // PerformanceStorage
                              nullptr,  // loadGroup
                              this,     // aCallbacks
--- a/netwerk/base/nsNetUtil.cpp
+++ b/netwerk/base/nsNetUtil.cpp
@@ -298,20 +298,19 @@ nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
                       nsIPrincipal *aLoadingPrincipal,
                       nsSecurityFlags aSecurityFlags,
                       nsContentPolicyType aContentPolicyType,
-                       nsICookieSettings *aCookieSettings /* = nullptr */,
+                       PerformanceStorage *aPerformanceStorage /* nullptr */,
                       PerformanceStorage *aPerformanceStorage /* = nullptr */,
                       nsILoadGroup *aLoadGroup /* = nullptr */,
                       nsIInterfaceRequestor *aCallbacks /* = nullptr */,
                       nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
                       nsIIOService *aIoService /* = nullptr */) {
-  return NS_NewChannelInternal(
+  return NS_NewChannelInternal(outChannel, aUri,
-      outChannel, aUri,
+                               nullptr,  // aLoadingNode,
-      nullptr,  // aLoadingNode,
+                               aLoadingPrincipal,
-      aLoadingPrincipal,
+                               nullptr,  // aTriggeringPrincipal
-      nullptr,  // aTriggeringPrincipal
+                               Maybe<ClientInfo>(),
-      Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
+                               Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
-      aContentPolicyType, aCookieSettings, aPerformanceStorage, aLoadGroup,
+                               aContentPolicyType, aPerformanceStorage,
-      aCallbacks, aLoadFlags, aIoService);
+                               aLoadGroup, aCallbacks, aLoadFlags, aIoService);
 }
 nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
@@ -320,8 +319,7 @@ nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
                       const Maybe<ServiceWorkerDescriptor> &aController,
                       nsSecurityFlags aSecurityFlags,
                       nsContentPolicyType aContentPolicyType,
-                       nsICookieSettings *aCookieSettings /* = nullptr */,
+                       PerformanceStorage *aPerformanceStorage /* nullptr */,
                       PerformanceStorage *aPerformanceStorage /* = nullptr */,
                       nsILoadGroup *aLoadGroup /* = nullptr */,
                       nsIInterfaceRequestor *aCallbacks /* = nullptr */,
                       nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
@@ -337,9 +335,8 @@ nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
                               aLoadingPrincipal,
                               nullptr,  // aTriggeringPrincipal
                               loadingClientInfo, aController, aSecurityFlags,
-                               aContentPolicyType, aCookieSettings,
+                               aContentPolicyType, aPerformanceStorage,
-                               aPerformanceStorage, aLoadGroup, aCallbacks,
+                               aLoadGroup, aCallbacks, aLoadFlags, aIoService);
                               aLoadFlags, aIoService);
 }
 nsresult NS_NewChannelInternal(
@@ -348,8 +345,7 @@ nsresult NS_NewChannelInternal(
    const Maybe<ClientInfo> &aLoadingClientInfo,
    const Maybe<ServiceWorkerDescriptor> &aController,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
-    nsICookieSettings *aCookieSettings /* = nullptr */,
+    PerformanceStorage *aPerformanceStorage /* nullptr */,
    PerformanceStorage *aPerformanceStorage /* = nullptr */,
    nsILoadGroup *aLoadGroup /* = nullptr */,
    nsIInterfaceRequestor *aCallbacks /* = nullptr */,
    nsLoadFlags aLoadFlags /* = nsIRequest::LOAD_NORMAL */,
@@ -393,16 +389,9 @@ nsresult NS_NewChannelInternal(
    NS_ENSURE_SUCCESS(rv, rv);
  }
-  if (aPerformanceStorage || aCookieSettings) {
+  if (aPerformanceStorage) {
    nsCOMPtr<nsILoadInfo> loadInfo = channel->LoadInfo();
-
+    loadInfo->SetPerformanceStorage(aPerformanceStorage);
    if (aPerformanceStorage) {
      loadInfo->SetPerformanceStorage(aPerformanceStorage);
    }
    if (aCookieSettings) {
      loadInfo->SetCookieSettings(aCookieSettings);
    }
  }
  channel.forget(outChannel);
@@ -426,8 +415,7 @@ NS_NewChannelWithTriggeringPrincipal(
      outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
      aTriggeringPrincipal, Maybe<ClientInfo>(),
      Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
-      aLoadingNode->OwnerDoc()->CookieSettings(), aPerformanceStorage,
+      aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
      aLoadGroup, aCallbacks, aLoadFlags, aIoService);
 }
 // See NS_NewChannelInternal for usage and argument description
@@ -435,7 +423,6 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
    nsIChannel **outChannel, nsIURI *aUri, nsIPrincipal *aLoadingPrincipal,
    nsIPrincipal *aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
    nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings /* = nullptr */,
    PerformanceStorage *aPerformanceStorage /* = nullptr */,
    nsILoadGroup *aLoadGroup /* = nullptr */,
    nsIInterfaceRequestor *aCallbacks /* = nullptr */,
@@ -448,8 +435,7 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
      nullptr,  // aLoadingNode
      aLoadingPrincipal, aTriggeringPrincipal, Maybe<ClientInfo>(),
      Maybe<ServiceWorkerDescriptor>(), aSecurityFlags, aContentPolicyType,
-      aCookieSettings, aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags,
+      aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
      aIoService);
 }
 // See NS_NewChannelInternal for usage and argument description
@@ -458,7 +444,6 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
    nsIPrincipal *aTriggeringPrincipal, const ClientInfo &aLoadingClientInfo,
    const Maybe<ServiceWorkerDescriptor> &aController,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings /* = nullptr */,
    PerformanceStorage *aPerformanceStorage /* = nullptr */,
    nsILoadGroup *aLoadGroup /* = nullptr */,
    nsIInterfaceRequestor *aCallbacks /* = nullptr */,
@@ -470,12 +455,12 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
  Maybe<ClientInfo> loadingClientInfo;
  loadingClientInfo.emplace(aLoadingClientInfo);
-  return NS_NewChannelInternal(
+  return NS_NewChannelInternal(outChannel, aUri,
-      outChannel, aUri,
+                               nullptr,  // aLoadingNode
-      nullptr,  // aLoadingNode
+                               aLoadingPrincipal, aTriggeringPrincipal,
-      aLoadingPrincipal, aTriggeringPrincipal, loadingClientInfo, aController,
+                               loadingClientInfo, aController, aSecurityFlags,
-      aSecurityFlags, aContentPolicyType, aCookieSettings, aPerformanceStorage,
+                               aContentPolicyType, aPerformanceStorage,
-      aLoadGroup, aCallbacks, aLoadFlags, aIoService);
+                               aLoadGroup, aCallbacks, aLoadFlags, aIoService);
 }
 nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
@@ -491,8 +476,8 @@ nsresult NS_NewChannel(nsIChannel **outChannel, nsIURI *aUri,
      outChannel, aUri, aLoadingNode, aLoadingNode->NodePrincipal(),
      nullptr,  // aTriggeringPrincipal
      Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
-      aContentPolicyType, aLoadingNode->OwnerDoc()->CookieSettings(),
+      aContentPolicyType, aPerformanceStorage, aLoadGroup, aCallbacks,
-      aPerformanceStorage, aLoadGroup, aCallbacks, aLoadFlags, aIoService);
+      aLoadFlags, aIoService);
 }
 nsresult NS_GetIsDocumentChannel(nsIChannel *aChannel, bool *aIsDocument) {
@@ -924,7 +909,6 @@ nsresult NS_NewStreamLoaderInternal(
      nullptr,  // aTriggeringPrincipal
      Maybe<ClientInfo>(), Maybe<ServiceWorkerDescriptor>(), aSecurityFlags,
      aContentPolicyType,
      nullptr,  // nsICookieSettings
      nullptr,  // PerformanceStorage
      aLoadGroup, aCallbacks, aLoadFlags);
--- a/netwerk/base/nsNetUtil.h
+++ b/netwerk/base/nsNetUtil.h
@@ -32,7 +32,6 @@ class nsIAuthPrompt;
 class nsIAuthPrompt2;
 class nsIChannel;
 class nsIChannelPolicy;
 class nsICookieSettings;
 class nsIDownloadObserver;
 class nsIEventTarget;
 class nsIFileProtocolHandler;
@@ -167,7 +166,6 @@ nsresult NS_NewChannelInternal(
    const mozilla::Maybe<mozilla::dom::ClientInfo> &aLoadingClientInfo,
    const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor> &aController,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings = nullptr,
    mozilla::dom::PerformanceStorage *aPerformanceStorage = nullptr,
    nsILoadGroup *aLoadGroup = nullptr,
    nsIInterfaceRequestor *aCallbacks = nullptr,
@@ -200,7 +198,6 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
    nsIChannel **outChannel, nsIURI *aUri, nsIPrincipal *aLoadingPrincipal,
    nsIPrincipal *aTriggeringPrincipal, nsSecurityFlags aSecurityFlags,
    nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings = nullptr,
    mozilla::dom::PerformanceStorage *aPerformanceStorage = nullptr,
    nsILoadGroup *aLoadGroup = nullptr,
    nsIInterfaceRequestor *aCallbacks = nullptr,
@@ -214,7 +211,6 @@ nsresult NS_NewChannelWithTriggeringPrincipal(
    const mozilla::dom::ClientInfo &aLoadingClientInfo,
    const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor> &aController,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings = nullptr,
    mozilla::dom::PerformanceStorage *aPerformanceStorage = nullptr,
    nsILoadGroup *aLoadGroup = nullptr,
    nsIInterfaceRequestor *aCallbacks = nullptr,
@@ -235,7 +231,6 @@ nsresult NS_NewChannel(
 nsresult NS_NewChannel(
    nsIChannel **outChannel, nsIURI *aUri, nsIPrincipal *aLoadingPrincipal,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings = nullptr,
    mozilla::dom::PerformanceStorage *aPerformanceStorage = nullptr,
    nsILoadGroup *aLoadGroup = nullptr,
    nsIInterfaceRequestor *aCallbacks = nullptr,
@@ -248,7 +243,6 @@ nsresult NS_NewChannel(
    const mozilla::dom::ClientInfo &aLoadingClientInfo,
    const mozilla::Maybe<mozilla::dom::ServiceWorkerDescriptor> &aController,
    nsSecurityFlags aSecurityFlags, nsContentPolicyType aContentPolicyType,
    nsICookieSettings *aCookieSettings = nullptr,
    mozilla::dom::PerformanceStorage *aPerformanceStorage = nullptr,
    nsILoadGroup *aLoadGroup = nullptr,
    nsIInterfaceRequestor *aCallbacks = nullptr,
--- a/netwerk/base/nsPACMan.cpp
+++ b/netwerk/base/nsPACMan.cpp
@@ -637,8 +637,7 @@ void nsPACMan::ContinueLoadingAfterPACUriKnown() {
                      nsContentUtils::GetSystemPrincipal(),
                      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
                      nsIContentPolicy::TYPE_OTHER,
-                      nullptr,  // nsICookieSettings
+                      nullptr,  // PerformanceStorage,
                      nullptr,  // PerformanceStorage
                      nullptr,  // aLoadGroup
                      nullptr,  // aCallbacks
                      nsIRequest::LOAD_NORMAL, ios);
--- a/netwerk/cookie/CookieServiceChild.cpp
+++ b/netwerk/cookie/CookieServiceChild.cpp
@@ -27,7 +27,6 @@
 #include "nsServiceManagerUtils.h"
 #include "mozilla/Telemetry.h"
 #include "mozilla/TimeStamp.h"
 #include "ThirdPartyUtil.h"
 using namespace mozilla::ipc;
 using mozilla::OriginAttributes;
@@ -36,6 +35,7 @@ namespace mozilla {
 namespace net {
 // Pref string constants
 static const char kPrefCookieBehavior[] = "network.cookie.cookieBehavior";
 static const char kPrefThirdPartySession[] =
    "network.cookie.thirdparty.sessionOnly";
 static const char kPrefThirdPartyNonsecureSession[] =
@@ -59,7 +59,8 @@ NS_IMPL_ISUPPORTS(CookieServiceChild, nsICookieService, nsIObserver,
                  nsITimerCallback, nsISupportsWeakReference)
 CookieServiceChild::CookieServiceChild()
-    : mThirdPartySession(false),
+    : mCookieBehavior(nsICookieService::BEHAVIOR_ACCEPT),
      mThirdPartySession(false),
      mThirdPartyNonsecureSession(false),
      mIPCOpen(false) {
  NS_ASSERTION(IsNeckoChild(), "not a child process");
@@ -80,9 +81,6 @@ CookieServiceChild::CookieServiceChild()
  mIPCOpen = true;
  mThirdPartyUtil = ThirdPartyUtil::GetInstance();
  NS_ASSERTION(mThirdPartyUtil, "couldn't get ThirdPartyUtil service");
  mTLDService = do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
  NS_ASSERTION(mTLDService, "couldn't get TLDService");
@@ -90,6 +88,7 @@ CookieServiceChild::CookieServiceChild()
  nsCOMPtr<nsIPrefBranch> prefBranch = do_GetService(NS_PREFSERVICE_CONTRACTID);
  NS_WARNING_ASSERTION(prefBranch, "no prefservice");
  if (prefBranch) {
    prefBranch->AddObserver(kPrefCookieBehavior, this, true);
    prefBranch->AddObserver(kPrefThirdPartySession, this, true);
    prefBranch->AddObserver(kPrefThirdPartyNonsecureSession, this, true);
    prefBranch->AddObserver(kCookieMoveIntervalSecs, this, true);
@@ -149,8 +148,7 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
  bool firstPartyStorageAccessGranted = false;
  nsCOMPtr<nsIURI> uri;
  aChannel->GetURI(getter_AddRefs(uri));
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
+  if (RequireThirdPartyCheck()) {
  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, uri, &isForeign);
  }
  nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aChannel);
@@ -174,6 +172,7 @@ void CookieServiceChild::TrackCookieLoad(nsIChannel *aChannel) {
          rejectedReason);
    }
  }
  nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
  mozilla::OriginAttributes attrs = loadInfo->GetOriginAttributes();
  URIParams uriParams;
  SerializeURI(uri, uriParams);
@@ -253,6 +252,13 @@ mozilla::ipc::IPCResult CookieServiceChild::RecvTrackCookiesLoad(
 }
 void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
  int32_t val;
  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kPrefCookieBehavior, &val)))
    mCookieBehavior = val >= nsICookieService::BEHAVIOR_ACCEPT &&
                              val <= nsICookieService::BEHAVIOR_LAST
                          ? val
                          : nsICookieService::BEHAVIOR_ACCEPT;
  bool boolval;
  if (NS_SUCCEEDED(aPrefBranch->GetBoolPref(kPrefThirdPartySession, &boolval)))
    mThirdPartySession = !!boolval;
@@ -261,7 +267,11 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
          aPrefBranch->GetBoolPref(kPrefThirdPartyNonsecureSession, &boolval)))
    mThirdPartyNonsecureSession = boolval;
-  int32_t val;
+  if (!mThirdPartyUtil && RequireThirdPartyCheck()) {
    mThirdPartyUtil = do_GetService(THIRDPARTYUTIL_CONTRACTID);
    NS_ASSERTION(mThirdPartyUtil, "require ThirdPartyUtil service");
  }
  if (NS_SUCCEEDED(aPrefBranch->GetIntPref(kCookieMoveIntervalSecs, &val))) {
    gMoveCookiesIntervalSeconds = clamped<uint32_t>(val, 0, 3600);
    if (gMoveCookiesIntervalSeconds && !mCookieTimer) {
@@ -282,23 +292,16 @@ void CookieServiceChild::PrefChanged(nsIPrefBranch *aPrefBranch) {
 void CookieServiceChild::GetCookieStringFromCookieHashTable(
    nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
    bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
-    bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString) {
+    bool aIsSameSiteForeign, const OriginAttributes &aOriginAttrs,
    nsCString &aCookieString) {
  nsCOMPtr<nsIEffectiveTLDService> TLDService =
      do_GetService(NS_EFFECTIVETLDSERVICE_CONTRACTID);
  NS_ASSERTION(TLDService, "Can't get TLDService");
  bool requireHostMatch;
  nsAutoCString baseDomain;
  nsCOMPtr<nsILoadInfo> loadInfo;
  mozilla::OriginAttributes attrs;
  if (aChannel) {
    loadInfo = aChannel->LoadInfo();
    attrs = loadInfo->GetOriginAttributes();
  }
  nsCookieService::GetBaseDomain(TLDService, aHostURI, baseDomain,
                                 requireHostMatch);
-  nsCookieKey key(baseDomain, attrs);
+  nsCookieKey key(baseDomain, aOriginAttrs);
  CookiesList *cookiesList = nullptr;
  mCookiesMap.Get(key, &cookiesList);
@@ -314,13 +317,14 @@ void CookieServiceChild::GetCookieStringFromCookieHashTable(
  int64_t currentTimeInUsec = PR_Now();
  int64_t currentTime = currentTimeInUsec / PR_USEC_PER_SEC;
-  nsCOMPtr<nsICookieSettings> cookieSettings =
+  nsCOMPtr<nsICookiePermission> permissionService =
-      nsCookieService::GetCookieSettings(aChannel);
+      nsCookiePermission::GetOrCreate();
  CookieStatus cookieStatus = nsCookieService::CheckPrefs(
-      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      permissionService, mCookieBehavior, mThirdPartySession,
-      aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted, nullptr,
+      mThirdPartyNonsecureSession, aHostURI, aIsForeign, aIsTrackingResource,
-      CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);
+      aFirstPartyStorageAccessGranted, nullptr,
      CountCookiesFromHashTable(baseDomain, aOriginAttrs), aOriginAttrs,
      nullptr);
  if (cookieStatus != STATUS_ACCEPTED &&
      cookieStatus != STATUS_ACCEPT_SESSION) {
@@ -405,17 +409,10 @@ void CookieServiceChild::SetCookieInternal(
  RecordDocumentCookie(cookie, aAttrs);
 }
-bool CookieServiceChild::RequireThirdPartyCheck(nsILoadInfo *aLoadInfo) {
+bool CookieServiceChild::RequireThirdPartyCheck() {
-  nsCOMPtr<nsICookieSettings> cookieSettings;
+  return mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
-  nsresult rv = aLoadInfo->GetCookieSettings(getter_AddRefs(cookieSettings));
+         mCookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+         mCookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
    return false;
  }
  uint32_t cookieBehavior = cookieSettings->GetCookieBehavior();
  return cookieBehavior == nsICookieService::BEHAVIOR_REJECT_FOREIGN ||
         cookieBehavior == nsICookieService::BEHAVIOR_LIMIT_FOREIGN ||
         cookieBehavior == nsICookieService::BEHAVIOR_REJECT_TRACKER ||
         mThirdPartySession || mThirdPartyNonsecureSession;
 }
@@ -473,12 +470,17 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
  aHostURI->GetScheme(scheme);
  if (scheme.EqualsLiteral("moz-nullprincipal")) return NS_OK;
  nsCOMPtr<nsILoadInfo> loadInfo;
  mozilla::OriginAttributes attrs;
  if (aChannel) {
    loadInfo = aChannel->LoadInfo();
    attrs = loadInfo->GetOriginAttributes();
  }
  // Asynchronously call the parent.
  bool isForeign = true;
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
+  if (RequireThirdPartyCheck())
  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
  }
  bool isTrackingResource = false;
  bool firstPartyStorageAccessGranted = false;
@@ -500,7 +502,7 @@ nsresult CookieServiceChild::GetCookieStringInternal(nsIURI *aHostURI,
  nsAutoCString result;
  GetCookieStringFromCookieHashTable(
      aHostURI, isForeign, isTrackingResource, firstPartyStorageAccessGranted,
-      isSafeTopLevelNav, isSameSiteForeign, aChannel, result);
+      isSafeTopLevelNav, isSameSiteForeign, attrs, result);
  if (!result.IsEmpty()) *aCookieString = ToNewCString(result);
@@ -523,10 +525,8 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
  // Determine whether the request is foreign. Failure is acceptable.
  bool isForeign = true;
-  nsCOMPtr<nsILoadInfo> loadInfo = aChannel ? aChannel->LoadInfo() : nullptr;
+  if (RequireThirdPartyCheck())
  if (RequireThirdPartyCheck(loadInfo)) {
    mThirdPartyUtil->IsThirdPartyChannel(aChannel, aHostURI, &isForeign);
  }
  bool isTrackingResource = false;
  bool firstPartyStorageAccessGranted = false;
@@ -556,21 +556,17 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
    aChannel->GetURI(getter_AddRefs(channelURI));
    SerializeURI(channelURI, channelURIParams);
-    MOZ_ASSERT(loadInfo);
+    nsCOMPtr<nsILoadInfo> loadInfo = aChannel->LoadInfo();
    attrs = loadInfo->GetOriginAttributes();
  } else {
    SerializeURI(nullptr, channelURIParams);
  }
  Maybe<LoadInfoArgs> optionalLoadInfoArgs;
  LoadInfoToLoadInfoArgs(loadInfo, &optionalLoadInfoArgs);
  // Asynchronously call the parent.
  if (mIPCOpen) {
-    SendSetCookieString(hostURIParams, channelURIParams, optionalLoadInfoArgs,
+    SendSetCookieString(hostURIParams, channelURIParams, isForeign,
-                        isForeign, isTrackingResource,
+                        isTrackingResource, firstPartyStorageAccessGranted,
-                        firstPartyStorageAccessGranted, cookieString,
+                        cookieString, stringServerTime, attrs, aFromHttp);
                        stringServerTime, aFromHttp);
  }
  bool requireHostMatch;
@@ -578,14 +574,14 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
  nsCookieService::GetBaseDomain(mTLDService, aHostURI, baseDomain,
                                 requireHostMatch);
-  nsCOMPtr<nsICookieSettings> cookieSettings =
+  nsCOMPtr<nsICookiePermission> permissionService =
-      nsCookieService::GetCookieSettings(aChannel);
+      nsCookiePermission::GetOrCreate();
  CookieStatus cookieStatus = nsCookieService::CheckPrefs(
-      cookieSettings, mThirdPartySession, mThirdPartyNonsecureSession, aHostURI,
+      permissionService, mCookieBehavior, mThirdPartySession,
-      isForeign, isTrackingResource, firstPartyStorageAccessGranted,
+      mThirdPartyNonsecureSession, aHostURI, isForeign, isTrackingResource,
-      aCookieString, CountCookiesFromHashTable(baseDomain, attrs), attrs,
+      firstPartyStorageAccessGranted, aCookieString,
-      nullptr);
+      CountCookiesFromHashTable(baseDomain, attrs), attrs, nullptr);
  if (cookieStatus != STATUS_ACCEPTED &&
      cookieStatus != STATUS_ACCEPT_SESSION) {
@@ -624,8 +620,6 @@ nsresult CookieServiceChild::SetCookieStringInternal(nsIURI *aHostURI,
    }
    if (canSetCookie) {
      nsCOMPtr<nsICookiePermission> permissionService =
          nsCookiePermission::GetOrCreate();
      SetCookieInternal(cookieAttributes, attrs, aChannel, aFromHttp,
                        permissionService);
    }
--- a/netwerk/cookie/CookieServiceChild.h
+++ b/netwerk/cookie/CookieServiceChild.h
@@ -19,7 +19,6 @@
 class nsCookie;
 class nsICookiePermission;
 class nsIEffectiveTLDService;
 class nsILoadInfo;
 struct nsCookieAttributes;
@@ -61,10 +60,13 @@ class CookieServiceChild : public PCookieServiceChild,
  nsresult GetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
                                   char **aCookieString);
-  void GetCookieStringFromCookieHashTable(
+  void GetCookieStringFromCookieHashTable(nsIURI *aHostURI, bool aIsForeign,
-      nsIURI *aHostURI, bool aIsForeign, bool aIsTrackingResource,
+                                          bool aIsTrackingResource,
-      bool aFirstPartyStorageAccessGranted, bool aIsSafeTopLevelNav,
+                                          bool aFirstPartyStorageAccessGranted,
-      bool aIsSameSiteForeign, nsIChannel *aChannel, nsCString &aCookieString);
+                                          bool aIsSafeTopLevelNav,
                                          bool aIsSameSiteForeign,
                                          const OriginAttributes &aAttrs,
                                          nsCString &aCookieString);
  nsresult SetCookieStringInternal(nsIURI *aHostURI, nsIChannel *aChannel,
                                   const char *aCookieString,
@@ -82,7 +84,7 @@ class CookieServiceChild : public PCookieServiceChild,
  void PrefChanged(nsIPrefBranch *aPrefBranch);
-  bool RequireThirdPartyCheck(nsILoadInfo *aLoadInfo);
+  bool RequireThirdPartyCheck();
  mozilla::ipc::IPCResult RecvTrackCookiesLoad(
      nsTArray<CookieStruct> &&aCookiesList, const OriginAttributes &aAttrs);
@@ -105,6 +107,7 @@ class CookieServiceChild : public PCookieServiceChild,
  nsCOMPtr<nsITimer> mCookieTimer;
  nsCOMPtr<mozIThirdPartyUtil> mThirdPartyUtil;
  nsCOMPtr<nsIEffectiveTLDService> mTLDService;
  uint8_t mCookieBehavior;
  bool mThirdPartySession;
  bool mThirdPartyNonsecureSession;
  bool mIPCOpen;
--- a/netwerk/cookie/CookieServiceParent.cpp
+++ b/netwerk/cookie/CookieServiceParent.cpp
@@ -28,17 +28,28 @@ namespace {
 // Ignore failures from this function, as they only affect whether we do or
 // don't show a dialog box in private browsing mode if the user sets a pref.
-nsresult CreateDummyChannel(nsIURI *aHostURI, nsILoadInfo *aLoadInfo,
+void CreateDummyChannel(nsIURI *aHostURI, nsIURI *aChannelURI,
-                            nsIChannel **aChannel) {
+                        OriginAttributes &aAttrs, nsIChannel **aChannel) {
-  nsCOMPtr<nsIChannel> dummyChannel;
+  nsCOMPtr<nsIPrincipal> principal =
-  nsresult rv =
+      BasePrincipal::CreateCodebasePrincipal(aHostURI, aAttrs);
-      NS_NewChannelInternal(getter_AddRefs(dummyChannel), aHostURI, aLoadInfo);
+  if (!principal) {
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return;
    return rv;
  }
  // The following channel is never openend, so it does not matter what
  // securityFlags we pass; let's follow the principle of least privilege.
  nsCOMPtr<nsIChannel> dummyChannel;
  NS_NewChannel(getter_AddRefs(dummyChannel), aChannelURI, principal,
                nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED,
                nsIContentPolicy::TYPE_INVALID);
  nsCOMPtr<nsIPrivateBrowsingChannel> pbChannel =
      do_QueryInterface(dummyChannel);
  if (!pbChannel) {
    return;
  }
  pbChannel->SetPrivate(aAttrs.mPrivateBrowsingId > 0);
  dummyChannel.forget(aChannel);
  return NS_OK;
 }
 }  // namespace
@@ -205,10 +216,10 @@ void CookieServiceParent::ActorDestroy(ActorDestroyReason aWhy) {
 mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
    const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
-    const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
+    const bool &aIsForeign, const bool &aIsTrackingResource,
    const bool &aIsTrackingResource,
    const bool &aFirstPartyStorageAccessGranted, const nsCString &aCookieString,
-    const nsCString &aServerTime, const bool &aFromHttp) {
+    const nsCString &aServerTime, const OriginAttributes &aAttrs,
    const bool &aFromHttp) {
  if (!mCookieService) return IPC_OK();
  // Deserialize URI. Having a host URI is mandatory and should always be
@@ -218,10 +229,6 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
  nsCOMPtr<nsIURI> channelURI = DeserializeURI(aChannelURI);
  nsCOMPtr<nsILoadInfo> loadInfo;
  Unused << NS_WARN_IF(NS_FAILED(
      LoadInfoArgsToLoadInfo(aLoadInfoArgs, getter_AddRefs(loadInfo))));
  // This is a gross hack. We've already computed everything we need to know
  // for whether to set this cookie or not, but we need to communicate all of
  // this information through to nsICookiePermission, which indirectly
@@ -230,27 +237,19 @@ mozilla::ipc::IPCResult CookieServiceParent::RecvSetCookieString(
  // with aIsForeign before we have to worry about nsCookiePermission trying
  // to use the channel to inspect it.
  nsCOMPtr<nsIChannel> dummyChannel;
-  nsresult rv =
+  CreateDummyChannel(hostURI, channelURI,
-      CreateDummyChannel(channelURI, loadInfo, getter_AddRefs(dummyChannel));
+                     const_cast<OriginAttributes &>(aAttrs),
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+                     getter_AddRefs(dummyChannel));
    // No reason to kill the content process.
    return IPC_OK();
  }
  // NB: dummyChannel could be null if something failed in CreateDummyChannel.
  nsDependentCString cookieString(aCookieString, 0);
  OriginAttributes attrs;
  if (loadInfo) {
    attrs = loadInfo->GetOriginAttributes();
  }
  // We set this to true while processing this cookie update, to make sure
  // we don't send it back to the same content process.
  mProcessingCookie = true;
  mCookieService->SetCookieStringInternal(
      hostURI, aIsForeign, aIsTrackingResource, aFirstPartyStorageAccessGranted,
-      cookieString, aServerTime, aFromHttp, attrs, dummyChannel);
+      cookieString, aServerTime, aFromHttp, aAttrs, dummyChannel);
  mProcessingCookie = false;
  return IPC_OK();
 }
--- a/netwerk/cookie/CookieServiceParent.h
+++ b/netwerk/cookie/CookieServiceParent.h
@@ -46,12 +46,10 @@ class CookieServiceParent : public PCookieServiceParent {
  mozilla::ipc::IPCResult RecvSetCookieString(
      const URIParams &aHost, const Maybe<URIParams> &aChannelURI,
-      const Maybe<LoadInfoArgs> &aLoadInfoArgs, const bool &aIsForeign,
+      const bool &aIsForeign, const bool &aIsTrackingResource,
      const bool &aIsTrackingResource,
      const bool &aFirstPartyStorageAccessGranted,
      const nsCString &aCookieString, const nsCString &aServerTime,
-      const bool &aFromHttp);
+      const OriginAttributes &aAttrs, const bool &aFromHttp);
  mozilla::ipc::IPCResult RecvPrepareCookieList(
      const URIParams &aHost, const bool &aIsForeign,
      const bool &aIsTackingResource,
--- a/netwerk/cookie/CookieSettings.cpp
+++ b/netwerk/cookie/CookieSettings.cpp
@@ -1,246 +0,0 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #include "mozilla/net/CookieSettings.h"
 #include "mozilla/Unused.h"
 #include "nsGlobalWindowInner.h"
 #include "nsPermission.h"
 #include "nsPermissionManager.h"
 namespace mozilla {
 namespace net {
 namespace {
 class PermissionComparator {
 public:
  bool Equals(nsIPermission* aA, nsIPermission* aB) const {
    nsCOMPtr<nsIPrincipal> principalA;
    nsresult rv = aA->GetPrincipal(getter_AddRefs(principalA));
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return false;
    }
    nsCOMPtr<nsIPrincipal> principalB;
    rv = aB->GetPrincipal(getter_AddRefs(principalB));
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return false;
    }
    bool equals = false;
    rv = principalA->Equals(principalB, &equals);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return false;
    }
    return equals;
  }
 };
 class ReleaseCookiePermissions final : public Runnable {
 public:
  explicit ReleaseCookiePermissions(nsTArray<RefPtr<nsIPermission>>& aArray)
      : Runnable("ReleaseCookiePermissions") {
    mArray.SwapElements(aArray);
  }
  NS_IMETHOD Run() override {
    MOZ_ASSERT(NS_IsMainThread());
    mArray.Clear();
    return NS_OK;
  }
 private:
  nsTArray<RefPtr<nsIPermission>> mArray;
 };
 }  // namespace
 // static
 already_AddRefed<nsICookieSettings> CookieSettings::CreateBlockingAll() {
  MOZ_ASSERT(NS_IsMainThread());
  RefPtr<CookieSettings> cookieSettings =
      new CookieSettings(nsICookieService::BEHAVIOR_REJECT, eFixed);
  return cookieSettings.forget();
 }
 // static
 already_AddRefed<nsICookieSettings> CookieSettings::Create() {
  MOZ_ASSERT(NS_IsMainThread());
  RefPtr<CookieSettings> cookieSettings = new CookieSettings(
      StaticPrefs::network_cookie_cookieBehavior(), eProgressive);
  return cookieSettings.forget();
 }
 CookieSettings::CookieSettings(uint32_t aCookieBehavior, State aState)
    : mCookieBehavior(aCookieBehavior), mState(aState) {
  MOZ_ASSERT(NS_IsMainThread());
 }
 CookieSettings::~CookieSettings() {
  if (!NS_IsMainThread() && !mCookiePermissions.IsEmpty()) {
    nsCOMPtr<nsIEventTarget> systemGroupEventTarget =
        mozilla::SystemGroup::EventTargetFor(mozilla::TaskCategory::Other);
    MOZ_ASSERT(systemGroupEventTarget);
    RefPtr<Runnable> r = new ReleaseCookiePermissions(mCookiePermissions);
    MOZ_ASSERT(mCookiePermissions.IsEmpty());
    systemGroupEventTarget->Dispatch(r.forget());
  }
 }
 NS_IMETHODIMP
 CookieSettings::GetCookieBehavior(uint32_t* aCookieBehavior) {
  *aCookieBehavior = mCookieBehavior;
  return NS_OK;
 }
 NS_IMETHODIMP
 CookieSettings::CookiePermission(nsIPrincipal* aPrincipal,
                                 uint32_t* aCookiePermission) {
  MOZ_ASSERT(NS_IsMainThread());
  NS_ENSURE_ARG_POINTER(aPrincipal);
  NS_ENSURE_ARG_POINTER(aCookiePermission);
  *aCookiePermission = nsIPermissionManager::UNKNOWN_ACTION;
  nsresult rv;
  // Let's see if we know this permission.
  for (const RefPtr<nsIPermission>& permission : mCookiePermissions) {
    bool match = false;
    rv = permission->Matches(aPrincipal, false, &match);
    if (NS_WARN_IF(NS_FAILED(rv)) || !match) {
      continue;
    }
    rv = permission->GetCapability(aCookiePermission);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      return rv;
    }
    return NS_OK;
  }
  // Let's ask the permission manager.
  nsPermissionManager* pm = nsPermissionManager::GetInstance();
  if (NS_WARN_IF(!pm)) {
    return NS_ERROR_FAILURE;
  }
  rv = pm->TestPermissionFromPrincipal(aPrincipal, NS_LITERAL_CSTRING("cookie"),
                                       aCookiePermission);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    return rv;
  }
  // Let's store the permission, also if the result is UNKNOWN in order to avoid
  // race conditions.
  nsCOMPtr<nsIPermission> permission = nsPermission::Create(
      aPrincipal, NS_LITERAL_CSTRING("cookie"), *aCookiePermission, 0, 0);
  if (permission) {
    mCookiePermissions.AppendElement(permission);
  }
  return NS_OK;
 }
 void CookieSettings::Serialize(CookieSettingsArgs& aData) {
  MOZ_ASSERT(NS_IsMainThread());
  aData.isFixed() = mState == eFixed;
  aData.cookieBehavior() = mCookieBehavior;
  for (const RefPtr<nsIPermission>& permission : mCookiePermissions) {
    nsCOMPtr<nsIPrincipal> principal;
    nsresult rv = permission->GetPrincipal(getter_AddRefs(principal));
    if (NS_WARN_IF(NS_FAILED(rv))) {
      continue;
    }
    PrincipalInfo principalInfo;
    rv = PrincipalToPrincipalInfo(principal, &principalInfo);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      continue;
    }
    uint32_t cookiePermission = 0;
    rv = permission->GetCapability(&cookiePermission);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      continue;
    }
    aData.cookiePermissions().AppendElement(
        CookiePermissionData(principalInfo, cookiePermission));
  }
 }
 /* static */ void CookieSettings::Deserialize(
    const CookieSettingsArgs& aData, nsICookieSettings** aCookieSettings) {
  MOZ_ASSERT(NS_IsMainThread());
  CookiePermissionList list;
  for (const CookiePermissionData& data : aData.cookiePermissions()) {
    nsCOMPtr<nsIPrincipal> principal =
        PrincipalInfoToPrincipal(data.principalInfo());
    if (NS_WARN_IF(!principal)) {
      continue;
    }
    nsCOMPtr<nsIPermission> permission = nsPermission::Create(
        principal, NS_LITERAL_CSTRING("cookie"), data.cookiePermission(), 0, 0);
    if (NS_WARN_IF(!permission)) {
      continue;
    }
    list.AppendElement(permission);
  }
  RefPtr<CookieSettings> cookieSettings = new CookieSettings(
      aData.cookieBehavior(), aData.isFixed() ? eFixed : eProgressive);
  cookieSettings->mCookiePermissions.SwapElements(list);
  cookieSettings.forget(aCookieSettings);
 }
 void CookieSettings::Merge(const CookieSettingsArgs& aData) {
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(mCookieBehavior == aData.cookieBehavior());
  if (mState == eFixed) {
    return;
  }
  PermissionComparator comparator;
  for (const CookiePermissionData& data : aData.cookiePermissions()) {
    nsCOMPtr<nsIPrincipal> principal =
        PrincipalInfoToPrincipal(data.principalInfo());
    if (NS_WARN_IF(!principal)) {
      continue;
    }
    nsCOMPtr<nsIPermission> permission = nsPermission::Create(
        principal, NS_LITERAL_CSTRING("cookie"), data.cookiePermission(), 0, 0);
    if (NS_WARN_IF(!permission)) {
      continue;
    }
    if (!mCookiePermissions.Contains(permission, comparator)) {
      mCookiePermissions.AppendElement(permission);
    }
  }
 }
 NS_IMPL_ISUPPORTS(CookieSettings, nsICookieSettings)
 }  // namespace net
 }  // namespace mozilla
--- a/netwerk/cookie/CookieSettings.h
+++ b/netwerk/cookie/CookieSettings.h
@@ -1,145 +0,0 @@
 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 #ifndef mozilla_net_CookieSettings_h
 #define mozilla_net_CookieSettings_h
 #include "nsICookieSettings.h"
 #include "nsDataHashtable.h"
 class nsIPermission;
 namespace mozilla {
 namespace net {
 class CookieSettingsArgs;
 /**
 * CookieSettings
 * ~~~~~~~~~~~~~~
 *
 * CookieSettings is a snapshot of cookie policy and cookie permissions in a
 * precise moment of time. This object is used by top-level documents to have a
 * consistent cookie configuration also in case the user changes it. New cookie
 * configurations will apply only to new top-level documents.
 *
 * CookieSettings creation
 * ~~~~~~~~~~~~~~~~~~~~~~~
 *
 * CookieSettings is created when the top-level document's nsIChannel's
 * nsILoadInfo is constructed. Any sub-resource and any sub-document inherits it
 * from that nsILoadInfo. Also dedicated workers and their resources inherit it
 * from the parent document.
 *
 * SharedWorkers and ServiceWorkers have their own CookieSettings because they
 * don't have a single parent document (SharedWorkers could have more than one,
 * ServiceWorkers have none).
 *
 * In Chrome code, we have a new CookieSettings when we download resources via
 * 'Save-as...' and we also have a new CookieSettings for favicon downloading.
 *
 * Content-scripts WebExtensions also have their own CookieSettings because they
 * don't have a direct access to the document they are running into.
 *
 * Anything else will have a special CookieSettings which blocks everything
 * (CookieSettings::CreateBlockingAll()) by forcing BEHAVIOR_REJECT as policy.
 * When this happens, that context will not have access to the cookie jar and no
 * cookies are sent or received.
 *
 * Propagation of CookieSettings
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * CookieSettings are shared inside the same top-level document via its
 * nsIChannel's nsILoadInfo.  This is done automatically if you pass a nsINode
 * to NS_NewChannel(), and it must be done manually if you use a different
 * channel constructor. For instance, this happens for any worker networking
 * operation.
 *
 * We use the same CookieSettings for any resource belonging to the top-level
 * document even if cross-origin. This makes the browser behave consistently a
 * scenario where A loads B which loads A again, and cookie policy/permission
 * changes in the meantime.
 *
 * Cookie Permissions propagation
 * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 *
 * CookieSettings populates the known cookie permissions only when required.
 * Initially the list is empty, but when CookieSettings::CookiePermission() is
 * called, the requested permission is stored in the internal list if it doesn't
 * exist yet.
 *
 * This is actually nice because it relies on the permission propagation from
 * parent to content process. No extra IPC is required.
 *
 * Note that we store permissions with UNKNOWN_ACTION values too because they
 * can be set after the loading of the top-level document and we don't want to
 * return a different value when this happens.
 *
 * Use of CookieSettings
 * ~~~~~~~~~~~~~~~~~~~~~
 *
 * In theory, there should not be direct access to cookie permissions or
 * cookieBehavior pref. Everything should pass through CookieSettings.
 *
 * A reference to CookieSettings can be obtained from
 * nsILoadInfo::GetCookieSettings(), from Document::CookieSettings() and from
 * the WorkerPrivate::CookieSettings().
 *
 * CookieSettings is thread-safe, but the permission list must be touched only
 * on the main-thread.
 *
 * Testing
 * ~~~~~~~
 *
 * If you need to test the changing of cookie policy or a cookie permission, you
 * need to workaround CookieSettings. This can be done opening a new window and
 * running the test into that new global.
 */
 /**
 * Class that provides an nsICookieSettings implementation.
 */
 class CookieSettings final : public nsICookieSettings {
 public:
  typedef nsTArray<RefPtr<nsIPermission>> CookiePermissionList;
  NS_DECL_THREADSAFE_ISUPPORTS
  NS_DECL_NSICOOKIESETTINGS
  static already_AddRefed<nsICookieSettings> CreateBlockingAll();
  static already_AddRefed<nsICookieSettings> Create();
  void Serialize(CookieSettingsArgs& aData);
  static void Deserialize(const CookieSettingsArgs& aData,
                          nsICookieSettings** aCookieSettings);
  void Merge(const CookieSettingsArgs& aData);
 private:
  enum State {
    // No cookie permissions are allowed to be stored in this object.
    eFixed,
    // Cookie permissions can be stored in case they are unknown when they are
    // asked or when they are sent from the parent process.
    eProgressive,
  };
  CookieSettings(uint32_t aCookieBehavior, State aState);
  ~CookieSettings();
  uint32_t mCookieBehavior;
  CookiePermissionList mCookiePermissions;
  State mState;
 };
 }  // namespace net
 }  // namespace mozilla
 #endif  // mozilla_net_CookieSettings_h
--- a/netwerk/cookie/PCookieService.ipdl
+++ b/netwerk/cookie/PCookieService.ipdl
@@ -40,8 +40,6 @@ parent:
   *        Same as the 'aURI' argument to nsICookieService.setCookieString.
   * @param channelURI
   *        The URI of the request.
   * @param loadInfoArgs
   *        The optional serialization of nsILoadInfo.
   * @param isForeign
   *        True if the the request is third party, for purposes of allowing
   *        access to cookies. This should be obtained from
@@ -64,6 +62,9 @@ parent:
   *        Whether the result is for an HTTP request header. This should be
   *        true for nsICookieService.setCookieStringFromHttp calls, false
   *        otherwise.
   * @param attrs
   *        The origin attributes from the HTTP channel or document that the
   *        cookie is being set on.
   *
   * @see nsICookieService.setCookieString
   * @see nsICookieService.setCookieStringFromHttp
@@ -71,12 +72,12 @@ parent:
   */
  nested(inside_cpow) async SetCookieString(URIParams host,
                                            URIParams? channelURI,
                                            LoadInfoArgs? loadInfoArgs,
                                            bool isForeign,
                                            bool isTrackingResource,
                                            bool firstPartyStorageAccessGranted,
                                            nsCString cookieString,
                                            nsCString serverTime,
                                            OriginAttributes attrs,
                                            bool aFromHttp);
  async PrepareCookieList(URIParams host,
--- a/Show More
+++ b/Show More