Bug 1635399 - Function PrincipalInfoToPrincipal now returns Result<nsCOMPtr<nsIPrincipal>, nsresult> r=ckerschb

Differential Revision: https://phabricator.services.mozilla.com/D73868

caps/nsJSPrincipals.cpp

@@ -3,6 +3,7 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
+#include "nsIPrincipal.h"
 #include "xpcpublic.h"
 #include "nsString.h"
 #include "nsJSPrincipals.h"
@@ -305,14 +306,15 @@ bool nsJSPrincipals::ReadKnownPrincipalType(JSContext* aCx,
     return false;
   }
 
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(info);
-  nsCOMPtr<nsIPrincipal> prin = PrincipalInfoToPrincipal(info, &rv);
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     xpc::Throw(aCx, NS_ERROR_DOM_DATA_CLONE_ERR);
     return false;
   }
 
-  *aOutPrincipals = get(prin.forget().take());
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
+  *aOutPrincipals = get(principal.forget().take());
   return true;
 }
 

dom/base/nsGlobalWindowInner.cpp

@@ -1679,8 +1679,9 @@ nsresult nsGlobalWindowInner::EnsureClientSource() {
   // an initial content page created that was then immediately replaced.
   // This is pretty close to what we are actually doing.
   if (mClientSource) {
-    nsCOMPtr<nsIPrincipal> clientPrincipal(
+    auto principalOrErr = mClientSource->Info().GetPrincipal();
-        mClientSource->Info().GetPrincipal());
+    nsCOMPtr<nsIPrincipal> clientPrincipal =
+        principalOrErr.isOk() ? principalOrErr.unwrap() : nullptr;
     if (!clientPrincipal || !clientPrincipal->Equals(mDoc->NodePrincipal())) {
       mClientSource.reset();
     }

dom/cache/PrincipalVerifier.cpp

@@ -6,12 +6,14 @@
 
 #include "mozilla/dom/cache/PrincipalVerifier.h"
 
+#include "ErrorList.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/dom/cache/ManagerId.h"
 #include "mozilla/ipc/BackgroundParent.h"
 #include "mozilla/ipc/PBackgroundParent.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/BasePrincipal.h"
+#include "nsCOMPtr.h"
 #include "nsContentUtils.h"
 #include "nsIPrincipal.h"
 #include "nsNetUtil.h"
@@ -104,14 +106,14 @@ void PrincipalVerifier::VerifyOnMainThread() {
   RefPtr<ContentParent> actor;
   actor.swap(mActor);
 
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(mPrincipalInfo);
-  RefPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      PrincipalInfoToPrincipal(mPrincipalInfo, &rv);
+    DispatchToInitiatingThread(principalOrErr.unwrapErr());
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    DispatchToInitiatingThread(rv);
     return;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   // We disallow null principal on the client side, but double-check here.
   if (NS_WARN_IF(principal->GetIsNullPrincipal())) {
     DispatchToInitiatingThread(NS_ERROR_FAILURE);
@@ -128,6 +130,7 @@ void PrincipalVerifier::VerifyOnMainThread() {
   actor = nullptr;
 
 #ifdef DEBUG
+  nsresult rv = NS_OK;
   // Sanity check principal origin by using it to construct a URI and security
   // checking it.  Don't do this for the system principal, though, as its origin
   // is a synthetic [System Principal] string.

dom/clients/manager/ClientChannelHelper.cpp

@@ -264,12 +264,13 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel,
   // Only allow the initial ClientInfo to be set if the current channel
   // principal matches.
   if (initialClientInfo.isSome()) {
-    nsCOMPtr<nsIPrincipal> initialPrincipal = PrincipalInfoToPrincipal(
+    auto initialPrincipalOrErr =
-        initialClientInfo.ref().PrincipalInfo(), nullptr);
+        PrincipalInfoToPrincipal(initialClientInfo.ref().PrincipalInfo());
 
     bool equals = false;
-    rv = initialPrincipal ? initialPrincipal->Equals(channelPrincipal, &equals)
+    rv = initialPrincipalOrErr.isErr() ? initialPrincipalOrErr.unwrapErr()
-                          : NS_ERROR_FAILURE;
+                                       : initialPrincipalOrErr.unwrap()->Equals(
+                                             channelPrincipal, &equals);
     if (NS_FAILED(rv) || !equals) {
       initialClientInfo.reset();
     }
@@ -278,13 +279,14 @@ nsresult AddClientChannelHelperInternal(nsIChannel* aChannel,
   // Only allow the reserved ClientInfo to be set if the current channel
   // principal matches.
   if (reservedClientInfo.isSome()) {
-    nsCOMPtr<nsIPrincipal> reservedPrincipal = PrincipalInfoToPrincipal(
+    auto reservedPrincipalOrErr =
-        reservedClientInfo.ref().PrincipalInfo(), nullptr);
+        PrincipalInfoToPrincipal(reservedClientInfo.ref().PrincipalInfo());
 
     bool equals = false;
-    rv = reservedPrincipal
+    rv = reservedPrincipalOrErr.isErr()
-             ? reservedPrincipal->Equals(channelPrincipal, &equals)
+             ? reservedPrincipalOrErr.unwrapErr()
-             : NS_ERROR_FAILURE;
+             : reservedPrincipalOrErr.unwrap()->Equals(channelPrincipal,
+                                                       &equals);
     if (NS_FAILED(rv) || !equals) {
       reservedClientInfo.reset();
     }

dom/clients/manager/ClientInfo.cpp

@@ -106,10 +106,9 @@ bool ClientInfo::IsPrivateBrowsing() const {
   }
 }
 
-nsCOMPtr<nsIPrincipal> ClientInfo::GetPrincipal() const {
+Result<nsCOMPtr<nsIPrincipal>, nsresult> ClientInfo::GetPrincipal() const {
   MOZ_ASSERT(NS_IsMainThread());
-  nsCOMPtr<nsIPrincipal> ref = PrincipalInfoToPrincipal(PrincipalInfo());
+  return PrincipalInfoToPrincipal(PrincipalInfo());
-  return ref;
 }
 
 const Maybe<mozilla::ipc::CSPInfo>& ClientInfo::GetCspInfo() const {

dom/clients/manager/ClientInfo.h

@@ -94,9 +94,8 @@ class ClientInfo final {
   // Determine if the client is in private browsing mode.
   bool IsPrivateBrowsing() const;
 
-  // Get a main-thread nsIPrincipal for the client.  This may return nullptr
+  // Get a main-thread nsIPrincipal for the client.
-  // if the PrincipalInfo() fails to deserialize for some reason.
+  Result<nsCOMPtr<nsIPrincipal>, nsresult> GetPrincipal() const;
-  nsCOMPtr<nsIPrincipal> GetPrincipal() const;
 
   const Maybe<mozilla::ipc::CSPInfo>& GetCspInfo() const;
   void SetCspInfo(const mozilla::ipc::CSPInfo& aCSPInfo);

dom/clients/manager/ClientOpenWindowUtils.cpp

@@ -202,8 +202,13 @@ void OpenWindow(const ClientOpenWindowArgs& aArgs, BrowsingContext** aBC,
     return;
   }
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr = PrincipalInfoToPrincipal(aArgs.principalInfo());
-      PrincipalInfoToPrincipal(aArgs.principalInfo());
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    nsPrintfCString err("Failed to obtain principal");
+    aRv.ThrowTypeError(err);
+    return;
+  }
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   MOZ_DIAGNOSTIC_ASSERT(principal);
 
   nsCOMPtr<nsIContentSecurityPolicy> csp;

dom/indexedDB/ActorsChild.cpp

@@ -919,13 +919,14 @@ class WorkerPermissionChallenge final : public Runnable {
       return true;
     }
 
-    nsresult rv;
+    auto principalOrErr =
-    const nsCOMPtr<nsIPrincipal> principal =
+        mozilla::ipc::PrincipalInfoToPrincipal(mPrincipalInfo);
-        mozilla::ipc::PrincipalInfoToPrincipal(mPrincipalInfo, &rv);
+    if (NS_WARN_IF(principalOrErr.isErr())) {
-    if (NS_WARN_IF(NS_FAILED(rv))) {
       return true;
     }
 
+    const nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
     if (XRE_IsParentProcess()) {
       const nsCOMPtr<Element> ownerElement =
           do_QueryInterface(window->GetChromeEventHandler());
@@ -1694,12 +1695,11 @@ mozilla::ipc::IPCResult BackgroundFactoryRequestChild::RecvPermissionChallenge(
     return IPC_OK();
   }
 
-  nsresult rv;
+  auto principalOrErr = mozilla::ipc::PrincipalInfoToPrincipal(aPrincipalInfo);
-  nsCOMPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      mozilla::ipc::PrincipalInfoToPrincipal(aPrincipalInfo, &rv);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     return IPC_FAIL_NO_REASON(this);
   }
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
 
   if (XRE_IsParentProcess()) {
     nsCOMPtr<nsIGlobalObject> global = mFactory->GetParentObject();

dom/indexedDB/ActorsParent.cpp

@@ -20857,16 +20857,17 @@ nsresult FactoryOp::CheckPermission(
 
   MOZ_ASSERT(principalInfo.type() == PrincipalInfo::TContentPrincipalInfo);
 
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(principalInfo);
-  nsCOMPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      PrincipalInfoToPrincipal(principalInfo, &rv);
+    return principalOrErr.unwrapErr();
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return rv;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   nsCString suffix;
   nsCString group;
   nsCString origin;
+  nsresult rv;
   rv = QuotaManager::GetInfoFromPrincipal(principal, &suffix, &group, &origin);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return rv;

dom/indexedDB/IDBDatabase.cpp

@@ -881,15 +881,14 @@ nsresult IDBDatabase::GetQuotaInfo(nsACString& aOrigin,
       return NS_OK;
 
     case PrincipalInfo::TContentPrincipalInfo: {
-      nsresult rv;
+      auto principalOrErr = PrincipalInfoToPrincipal(*principalInfo);
-      nsCOMPtr<nsIPrincipal> principal =
+      if (NS_WARN_IF(principalOrErr.isErr())) {
-          PrincipalInfoToPrincipal(*principalInfo, &rv);
+        return principalOrErr.unwrapErr();
-      if (NS_WARN_IF(NS_FAILED(rv))) {
-        return rv;
       }
 
-      rv = QuotaManager::GetInfoFromPrincipal(principal, nullptr, nullptr,
+      nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
-                                              &aOrigin);
+      nsresult rv = QuotaManager::GetInfoFromPrincipal(principal, nullptr,
+                                                       nullptr, &aOrigin);
       if (NS_WARN_IF(NS_FAILED(rv))) {
         return rv;
       }

dom/indexedDB/IDBFactory.cpp

@@ -595,10 +595,11 @@ RefPtr<IDBOpenDBRequest> IDBFactory::OpenInternal(
   if (NS_IsMainThread()) {
     // aPrincipal is passed inconsistently, so even when we are already on
     // the main thread, we may have been passed a null aPrincipal.
-    nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(principalInfo);
+    auto principalOrErr = PrincipalInfoToPrincipal(principalInfo);
-    if (principal) {
+    if (principalOrErr.isOk()) {
       nsAutoString addonId;
-      Unused << NS_WARN_IF(NS_FAILED(principal->GetAddonId(addonId)));
+      Unused << NS_WARN_IF(
+          NS_FAILED(principalOrErr.unwrap()->GetAddonId(addonId)));
       isAddon = !addonId.IsEmpty();
     }
   }

dom/ipc/ContentParent.cpp

@@ -14,6 +14,7 @@
 #include "BrowserParent.h"
 
 #include "chrome/common/process_watcher.h"
+#include "mozilla/Result.h"
 
 #ifdef ACCESSIBILITY
 #  include "mozilla/a11y/PDocAccessible.h"
@@ -2575,9 +2576,9 @@ bool ContentParent::InitInternal(ProcessPriority aInitialPriority) {
     // Send down to the content process the permissions for each of the
     // registered service worker scopes.
     for (auto& registration : registrations) {
-      nsCOMPtr<nsIPrincipal> principal =
+      auto principalOrErr = PrincipalInfoToPrincipal(registration.principal());
-          PrincipalInfoToPrincipal(registration.principal());
+      if (principalOrErr.isOk()) {
-      if (principal) {
+        nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
         TransmitPermissionsForPrincipal(principal);
       }
     }

dom/ipc/PermissionMessageUtils.cpp

@@ -7,6 +7,8 @@
 #include "mozilla/dom/PermissionMessageUtils.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
+#include "nsCOMPtr.h"
+#include "nsIPrincipal.h"
 
 namespace mozilla {
 namespace ipc {
@@ -35,9 +37,19 @@ bool IPDLParamTraits<nsIPrincipal*>::Read(const IPC::Message* aMsg,
     return false;
   }
 
-  nsresult rv = NS_OK;
+  if (info.isNothing()) {
-  *aResult = info ? PrincipalInfoToPrincipal(info.ref(), &rv) : nullptr;
+    return true;
-  return NS_SUCCEEDED(rv);
+  }
+
+  auto principalOrErr = PrincipalInfoToPrincipal(info.ref());
+
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return false;
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+  *aResult = principal;
+  return true;
 }
 
 }  // namespace ipc

dom/localstorage/ActorsChild.cpp

@@ -133,13 +133,13 @@ mozilla::ipc::IPCResult LSObserverChild::RecvObserve(
     return IPC_OK();
   }
 
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
-  nsCOMPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      PrincipalInfoToPrincipal(aPrincipalInfo, &rv);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     return IPC_FAIL_NO_REASON(this);
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   Storage::NotifyChange(/* aStorage */ nullptr, principal, aKey,
                         aOldValue.AsString(), aNewValue.AsString(),
                         /* aStorageType */ kLocalStorageType, aDocumentURI,

dom/reporting/ReportingHeader.cpp

@@ -15,6 +15,7 @@
 #include "mozilla/Services.h"
 #include "mozilla/StaticPrefs_dom.h"
 #include "mozilla/StaticPtr.h"
+#include "nsCOMPtr.h"
 #include "nsContentUtils.h"
 #include "nsIEffectiveTLDService.h"
 #include "nsIHttpChannel.h"
@@ -481,10 +482,12 @@ void ReportingHeader::GetEndpointForReport(
     const nsAString& aGroupName,
     const mozilla::ipc::PrincipalInfo& aPrincipalInfo,
     nsACString& aEndpointURI) {
-  nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(aPrincipalInfo);
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
-  if (NS_WARN_IF(!principal)) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     return;
   }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   GetEndpointForReport(aGroupName, principal, aEndpointURI);
 }
 
@@ -593,13 +596,13 @@ void ReportingHeader::RemoveEndpoint(
     return;
   }
 
-  nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(aPrincipalInfo);
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
-  if (NS_WARN_IF(!principal)) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     return;
   }
 
   nsAutoCString origin;
-  rv = principal->GetOrigin(origin);
+  rv = principalOrErr.unwrap()->GetOrigin(origin);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return;
   }

dom/serviceworkers/ServiceWorkerContainer.cpp

@@ -731,14 +731,14 @@ nsresult FillInOriginNoSuffix(const ServiceWorkerDescriptor& aServiceWorker,
 
   nsresult rv;
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr =
-      PrincipalInfoToPrincipal(aServiceWorker.PrincipalInfo(), &rv);
+      PrincipalInfoToPrincipal(aServiceWorker.PrincipalInfo());
-  if (NS_FAILED(rv) || !principal) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-    return rv;
+    return principalOrErr.unwrapErr();
   }
 
   nsAutoCString originUTF8;
-  rv = principal->GetOriginNoSuffix(originUTF8);
+  rv = principalOrErr.unwrap()->GetOriginNoSuffix(originUTF8);
   if (NS_FAILED(rv)) {
     return rv;
   }

dom/serviceworkers/ServiceWorkerDescriptor.cpp

@@ -93,10 +93,10 @@ const mozilla::ipc::PrincipalInfo& ServiceWorkerDescriptor::PrincipalInfo()
   return mData->principalInfo();
 }
 
-nsCOMPtr<nsIPrincipal> ServiceWorkerDescriptor::GetPrincipal() const {
+Result<nsCOMPtr<nsIPrincipal>, nsresult> ServiceWorkerDescriptor::GetPrincipal()
+    const {
   AssertIsOnMainThread();
-  nsCOMPtr<nsIPrincipal> ref = PrincipalInfoToPrincipal(mData->principalInfo());
+  return PrincipalInfoToPrincipal(mData->principalInfo());
-  return ref;
 }
 
 const nsCString& ServiceWorkerDescriptor::Scope() const {

dom/serviceworkers/ServiceWorkerDescriptor.h

@@ -70,7 +70,7 @@ class ServiceWorkerDescriptor final {
 
   const mozilla::ipc::PrincipalInfo& PrincipalInfo() const;
 
-  nsCOMPtr<nsIPrincipal> GetPrincipal() const;
+  Result<nsCOMPtr<nsIPrincipal>, nsresult> GetPrincipal() const;
 
   const nsCString& Scope() const;
 

dom/serviceworkers/ServiceWorkerInterceptController.cpp

@@ -8,9 +8,11 @@
 
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/StorageAccess.h"
+#include "nsCOMPtr.h"
 #include "nsContentUtils.h"
 #include "nsIChannel.h"
 #include "ServiceWorkerManager.h"
+#include "nsIPrincipal.h"
 
 namespace mozilla {
 namespace dom {
@@ -49,9 +51,10 @@ ServiceWorkerInterceptController::ShouldPrepareForIntercept(
       // Get ServiceWorkerRegistrationInfo by the ServiceWorkerInfo's principal
       // and scope
       if (!*aShouldIntercept && swm) {
+        nsCOMPtr<nsIPrincipal> principal =
+            controller.ref().GetPrincipal().unwrap();
         RefPtr<ServiceWorkerRegistrationInfo> registration =
-            swm->GetRegistration(controller.ref().GetPrincipal().get(),
+            swm->GetRegistration(principal, controller.ref().Scope());
-                                 controller.ref().Scope());
         // Could not get ServiceWorkerRegistration here if unregister is
         // executed before getting here.
         if (NS_WARN_IF(!registration)) {

dom/serviceworkers/ServiceWorkerManager.cpp

@@ -8,12 +8,14 @@
 
 #include <algorithm>
 
+#include "nsCOMPtr.h"
 #include "nsIEffectiveTLDService.h"
 #include "nsIHttpChannel.h"
 #include "nsIHttpChannelInternal.h"
 #include "nsINamed.h"
 #include "nsINetworkInterceptController.h"
 #include "nsIMutableArray.h"
+#include "nsIPrincipal.h"
 #include "nsITimer.h"
 #include "nsIUploadChannel2.h"
 #include "nsServiceManagerUtils.h"
@@ -966,8 +968,14 @@ RefPtr<ServiceWorkerRegistrationPromise> ServiceWorkerManager::Register(
   }
 
   // If the previous validation step passed then we must have a principal.
-  nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
+  auto principalOrErr = aClientInfo.GetPrincipal();
 
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return ServiceWorkerRegistrationPromise::CreateAndReject(
+        CopyableErrorResult(principalOrErr.unwrapErr()), __func__);
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   nsAutoCString scopeKey;
   rv = PrincipalToScopeKey(principal, scopeKey);
   if (NS_WARN_IF(NS_FAILED(rv))) {
@@ -1021,11 +1029,13 @@ class GetRegistrationsRunnable final : public Runnable {
       return NS_OK;
     }
 
-    nsCOMPtr<nsIPrincipal> principal = mClientInfo.GetPrincipal();
+    auto principalOrErr = mClientInfo.GetPrincipal();
-    if (!principal) {
+    if (NS_WARN_IF(principalOrErr.isErr())) {
       return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
     nsTArray<ServiceWorkerRegistrationDescriptor> array;
 
     if (NS_WARN_IF(!BasePrincipal::Cast(principal)->IsContentPrincipal())) {
@@ -1111,12 +1121,13 @@ class GetRegistrationRunnable final : public Runnable {
       return NS_OK;
     }
 
-    nsCOMPtr<nsIPrincipal> principal = mClientInfo.GetPrincipal();
+    auto principalOrErr = mClientInfo.GetPrincipal();
-    if (!principal) {
+    if (NS_WARN_IF(principalOrErr.isErr())) {
       mPromise->Reject(NS_ERROR_DOM_INVALID_STATE_ERR, __func__);
       return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_NewURI(getter_AddRefs(uri), mURL);
     if (NS_WARN_IF(NS_FAILED(rv))) {
@@ -1344,10 +1355,13 @@ void ServiceWorkerManager::NoteInheritedController(
     const ClientInfo& aClientInfo, const ServiceWorkerDescriptor& aController) {
   MOZ_ASSERT(NS_IsMainThread());
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr = PrincipalInfoToPrincipal(aController.PrincipalInfo());
-      PrincipalInfoToPrincipal(aController.PrincipalInfo());
-  NS_ENSURE_TRUE_VOID(principal);
 
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return;
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   nsCOMPtr<nsIURI> scope;
   nsresult rv = NS_NewURI(getter_AddRefs(scope), aController.Scope());
   NS_ENSURE_SUCCESS_VOID(rv);
@@ -1637,11 +1651,11 @@ void ServiceWorkerManager::LoadRegistration(
     const ServiceWorkerRegistrationData& aRegistration) {
   MOZ_ASSERT(NS_IsMainThread());
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr = PrincipalInfoToPrincipal(aRegistration.principal());
-      PrincipalInfoToPrincipal(aRegistration.principal());
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-  if (!principal) {
     return;
   }
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
 
   RefPtr<ServiceWorkerRegistrationInfo> registration =
       GetRegistration(principal, aRegistration.scope());
@@ -1722,9 +1736,12 @@ void ServiceWorkerManager::StoreRegistration(
 already_AddRefed<ServiceWorkerRegistrationInfo>
 ServiceWorkerManager::GetServiceWorkerRegistrationInfo(
     const ClientInfo& aClientInfo) const {
-  nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
+  auto principalOrErr = aClientInfo.GetPrincipal();
-  NS_ENSURE_TRUE(principal, nullptr);
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return nullptr;
+  }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   nsCOMPtr<nsIURI> uri;
   nsresult rv = NS_NewURI(getter_AddRefs(uri), aClientInfo.URL());
   NS_ENSURE_SUCCESS(rv, nullptr);
@@ -1948,9 +1965,14 @@ bool ServiceWorkerManager::StartControlling(
     const ServiceWorkerDescriptor& aServiceWorker) {
   MOZ_ASSERT(NS_IsMainThread());
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr =
       PrincipalInfoToPrincipal(aServiceWorker.PrincipalInfo());
-  NS_ENSURE_TRUE(principal, false);
+
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return false;
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
 
   nsCOMPtr<nsIURI> scope;
   nsresult rv = NS_NewURI(getter_AddRefs(scope), aServiceWorker.Scope());
@@ -2231,8 +2253,13 @@ void ServiceWorkerManager::DispatchFetchEvent(nsIInterceptedChannel* aChannel,
       // here and perform the ClientChannelHelper's replacement of
       // reserved client automatically.
       if (!XRE_IsParentProcess()) {
-        nsCOMPtr<nsIPrincipal> clientPrincipal =
+        auto clientPrincipalOrErr = clientInfo.ref().GetPrincipal();
-            clientInfo.ref().GetPrincipal();
+
+        nsCOMPtr<nsIPrincipal> clientPrincipal;
+        if (clientPrincipalOrErr.isOk()) {
+          clientPrincipal = clientPrincipalOrErr.unwrap();
+        }
+
         if (!clientPrincipal || !clientPrincipal->Equals(principal)) {
           UniquePtr<ClientSource> reservedClient =
               loadInfo->TakeReservedClientSource();
@@ -2601,7 +2628,15 @@ RefPtr<GenericErrorResultPromise> ServiceWorkerManager::MaybeClaimClient(
   }
 
   // Same origin check
-  nsCOMPtr<nsIPrincipal> principal(aClientInfo.GetPrincipal());
+  auto principalOrErr = aClientInfo.GetPrincipal();
+
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    CopyableErrorResult rv;
+    rv.ThrowSecurityError("Could not extract client's principal");
+    return GenericErrorResultPromise::CreateAndReject(rv, __func__);
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   if (!aWorkerRegistration->Principal()->Equals(principal)) {
     CopyableErrorResult rv;
     rv.ThrowSecurityError("Worker is for a different origin");
@@ -2627,11 +2662,13 @@ RefPtr<GenericErrorResultPromise> ServiceWorkerManager::MaybeClaimClient(
 RefPtr<GenericErrorResultPromise> ServiceWorkerManager::MaybeClaimClient(
     const ClientInfo& aClientInfo,
     const ServiceWorkerDescriptor& aServiceWorker) {
-  nsCOMPtr<nsIPrincipal> principal = aServiceWorker.GetPrincipal();
+  auto principalOrErr = aServiceWorker.GetPrincipal();
-  if (!principal) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     return GenericErrorResultPromise::CreateAndResolve(false, __func__);
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   RefPtr<ServiceWorkerRegistrationInfo> registration =
       GetRegistration(principal, aServiceWorker.Scope());
 

dom/serviceworkers/ServiceWorkerManagerChild.cpp

@@ -55,11 +55,13 @@ mozilla::ipc::IPCResult ServiceWorkerManagerChild::RecvNotifyUnregister(
     return IPC_OK();
   }
 
-  nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(aPrincipalInfo);
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
-  if (NS_WARN_IF(!principal)) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     return IPC_OK();
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   nsresult rv = swm->NotifyUnregister(principal, aScope);
   Unused << NS_WARN_IF(NS_FAILED(rv));
   return IPC_OK();

dom/serviceworkers/ServiceWorkerManagerService.cpp

@@ -104,8 +104,9 @@ void ServiceWorkerManagerService::PropagateRegistration(
         nsTArray<ContentParent*> cps;
         ContentParent::GetAll(cps);
         for (auto* cp : cps) {
-          nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(pi);
+          auto principalOrErr = PrincipalInfoToPrincipal(pi);
-          if (principal) {
+          if (principalOrErr.isOk()) {
+            nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
             cp->TransmitPermissionsForPrincipal(principal);
           }
         }

dom/serviceworkers/ServiceWorkerRegistrationDescriptor.cpp

@@ -119,11 +119,10 @@ ServiceWorkerRegistrationDescriptor::PrincipalInfo() const {
   return mData->principalInfo();
 }
 
-nsCOMPtr<nsIPrincipal> ServiceWorkerRegistrationDescriptor::GetPrincipal()
+Result<nsCOMPtr<nsIPrincipal>, nsresult>
-    const {
+ServiceWorkerRegistrationDescriptor::GetPrincipal() const {
   AssertIsOnMainThread();
-  nsCOMPtr<nsIPrincipal> ref = PrincipalInfoToPrincipal(mData->principalInfo());
+  return PrincipalInfoToPrincipal(mData->principalInfo());
-  return ref;
 }
 
 const nsCString& ServiceWorkerRegistrationDescriptor::Scope() const {

dom/serviceworkers/ServiceWorkerRegistrationDescriptor.h

@@ -70,7 +70,7 @@ class ServiceWorkerRegistrationDescriptor final {
 
   const mozilla::ipc::PrincipalInfo& PrincipalInfo() const;
 
-  nsCOMPtr<nsIPrincipal> GetPrincipal() const;
+  Result<nsCOMPtr<nsIPrincipal>, nsresult> GetPrincipal() const;
 
   const nsCString& Scope() const;
 

dom/serviceworkers/ServiceWorkerRegistrationImpl.cpp

@@ -19,6 +19,7 @@
 #include "mozilla/Services.h"
 #include "mozilla/Unused.h"
 #include "nsCycleCollectionParticipant.h"
+#include "nsIPrincipal.h"
 #include "nsNetUtil.h"
 #include "nsServiceManagerUtils.h"
 #include "ServiceWorker.h"
@@ -285,8 +286,8 @@ class SWRUpdateRunnable final : public Runnable {
     MOZ_ASSERT(NS_IsMainThread());
     ErrorResult result;
 
-    nsCOMPtr<nsIPrincipal> principal = mDescriptor.GetPrincipal();
+    auto principalOrErr = mDescriptor.GetPrincipal();
-    if (NS_WARN_IF(!principal)) {
+    if (NS_WARN_IF(principalOrErr.isErr())) {
       mPromise->Reject(NS_ERROR_DOM_INVALID_STATE_ERR, __func__);
       return NS_OK;
     }
@@ -297,6 +298,8 @@ class SWRUpdateRunnable final : public Runnable {
       return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
     // This will delay update jobs originating from a service worker thread.
     // We don't currently handle ServiceWorkerRegistration.update() from other
     // worker types. Also, we assume this registration matches self.registration
@@ -445,12 +448,14 @@ class StartUnregisterRunnable final : public Runnable {
   Run() override {
     MOZ_ASSERT(NS_IsMainThread());
 
-    nsCOMPtr<nsIPrincipal> principal = mDescriptor.GetPrincipal();
+    auto principalOrErr = mDescriptor.GetPrincipal();
-    if (!principal) {
+    if (NS_WARN_IF(principalOrErr.isErr())) {
       mPromise->Reject(NS_ERROR_DOM_INVALID_STATE_ERR, __func__);
       return NS_OK;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
     nsCOMPtr<nsIServiceWorkerManager> swm =
         mozilla::services::GetServiceWorkerManager();
     if (!swm) {
@@ -493,12 +498,14 @@ void ServiceWorkerRegistrationMainThread::Update(
     return;
   }
 
-  nsCOMPtr<nsIPrincipal> principal = mDescriptor.GetPrincipal();
+  auto principalOrErr = mDescriptor.GetPrincipal();
-  if (!principal) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     aFailureCB(CopyableErrorResult(NS_ERROR_DOM_INVALID_STATE_ERR));
     return;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   RefPtr<MainThreadUpdateCallback> cb = new MainThreadUpdateCallback();
   UpdateInternal(principal, NS_ConvertUTF16toUTF8(mScope),
                  aNewestWorkerScriptUrl, cb);
@@ -542,12 +549,14 @@ void ServiceWorkerRegistrationMainThread::Unregister(
     return;
   }
 
-  nsCOMPtr<nsIPrincipal> principal = mDescriptor.GetPrincipal();
+  auto principalOrErr = mDescriptor.GetPrincipal();
-  if (!principal) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     aFailureCB(CopyableErrorResult(NS_ERROR_DOM_INVALID_STATE_ERR));
     return;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   RefPtr<UnregisterCallback> cb = new UnregisterCallback();
 
   nsresult rv = swm->Unregister(principal, cb,

dom/serviceworkers/ServiceWorkerUtils.cpp

@@ -9,6 +9,8 @@
 #include "mozilla/Preferences.h"
 #include "mozilla/dom/ClientInfo.h"
 #include "mozilla/dom/ServiceWorkerRegistrarTypes.h"
+#include "nsCOMPtr.h"
+#include "nsIPrincipal.h"
 #include "nsIURL.h"
 
 namespace mozilla {
@@ -71,8 +73,8 @@ void ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,
   MOZ_DIAGNOSTIC_ASSERT(aScopeURI);
   MOZ_DIAGNOSTIC_ASSERT(aScriptURI);
 
-  nsCOMPtr<nsIPrincipal> principal = aClientInfo.GetPrincipal();
+  auto principalOrErr = aClientInfo.GetPrincipal();
-  if (NS_WARN_IF(!principal)) {
+  if (NS_WARN_IF(principalOrErr.isErr())) {
     aRv.ThrowInvalidStateError("Can't make security decisions about Client");
     return;
   }
@@ -116,6 +118,8 @@ void ServiceWorkerScopeAndScriptAreValid(const ClientInfo& aClientInfo,
     return;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
   // Unfortunately we don't seem to have an obvious window id here; in
   // particular ClientInfo does not have one.
   nsresult rv = principal->CheckMayLoadWithReporting(

dom/simpledb/ActorsParent.cpp

@@ -19,6 +19,7 @@
 #include "mozilla/ipc/PBackgroundSharedTypes.h"
 #include "nsIFileStreams.h"
 #include "nsIDirectoryEnumerator.h"
+#include "nsIPrincipal.h"
 #include "nsStringStream.h"
 #include "prio.h"
 #include "SimpleDBCommon.h"
@@ -1042,15 +1043,15 @@ nsresult OpenOp::Open() {
   } else {
     MOZ_ASSERT(principalInfo.type() == PrincipalInfo::TContentPrincipalInfo);
 
-    nsresult rv;
+    auto principalOrErr = PrincipalInfoToPrincipal(principalInfo);
-    nsCOMPtr<nsIPrincipal> principal =
+    if (NS_WARN_IF(principalOrErr.isErr())) {
-        PrincipalInfoToPrincipal(principalInfo, &rv);
+      return principalOrErr.unwrapErr();
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return rv;
     }
 
-    rv = QuotaManager::GetInfoFromPrincipal(principal, &mSuffix, &mGroup,
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
-                                            &mOrigin);
+
+    nsresult rv = QuotaManager::GetInfoFromPrincipal(principal, &mSuffix,
+                                                     &mGroup, &mOrigin);
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return rv;
     }

dom/storage/StorageActivityService.cpp

@@ -9,7 +9,9 @@
 #include "mozilla/ipc/BackgroundUtils.h"
 #include "mozilla/SchedulerGroup.h"
 #include "mozilla/StaticPtr.h"
+#include "nsCOMPtr.h"
 #include "nsIMutableArray.h"
+#include "nsIPrincipal.h"
 #include "nsSupportsPrimitives.h"
 #include "nsXPCOM.h"
 
@@ -54,10 +56,17 @@ void StorageActivityService::SendActivity(
       "StorageActivityService::SendActivity", [aPrincipalInfo]() {
         MOZ_ASSERT(NS_IsMainThread());
 
-        nsCOMPtr<nsIPrincipal> principal =
+        auto principalOrErr =
             mozilla::ipc::PrincipalInfoToPrincipal(aPrincipalInfo);
 
+        if (principalOrErr.isOk()) {
+          nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
           StorageActivityService::SendActivity(principal);
+        } else {
+          NS_WARNING(
+              "Could not obtain principal from "
+              "mozilla::ipc::PrincipalInfoToPrincipal");
+        }
       });
 
   SchedulerGroup::Dispatch(TaskCategory::Other, r.forget());

dom/storage/StorageIPC.cpp

@@ -14,6 +14,8 @@
 #include "mozilla/ipc/PBackgroundParent.h"
 #include "mozilla/dom/ContentParent.h"
 #include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsIPrincipal.h"
 #include "nsThreadUtils.h"
 
 namespace mozilla {
@@ -76,19 +78,19 @@ mozilla::ipc::IPCResult LocalStorageCacheChild::RecvObserve(
     const nsString& aNewValue) {
   AssertIsOnOwningThread();
 
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
-  nsCOMPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      PrincipalInfoToPrincipal(aPrincipalInfo, &rv);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     return IPC_FAIL_NO_REASON(this);
   }
 
-  nsCOMPtr<nsIPrincipal> cachePrincipal =
+  auto cachePrincipalOrErr = PrincipalInfoToPrincipal(aCachePrincipalInfo);
-      PrincipalInfoToPrincipal(aCachePrincipalInfo, &rv);
+  if (NS_WARN_IF(cachePrincipalOrErr.isErr())) {
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     return IPC_FAIL_NO_REASON(this);
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+  nsCOMPtr<nsIPrincipal> cachePrincipal = cachePrincipalOrErr.unwrap();
+
   if (StorageUtils::PrincipalsEqual(principal, cachePrincipal)) {
     Storage::NotifyChange(/* aStorage */ nullptr, principal, aKey, aOldValue,
                           aNewValue,

dom/webbrowserpersist/WebBrowserPersistRemoteDocument.cpp

@@ -12,6 +12,7 @@
 #include "mozilla/Unused.h"
 #include "mozilla/ipc/BackgroundUtils.h"
 
+#include "nsDebug.h"
 #include "nsIPrincipal.h"
 
 namespace mozilla {
@@ -22,8 +23,12 @@ WebBrowserPersistRemoteDocument ::WebBrowserPersistRemoteDocument(
     WebBrowserPersistDocumentParent* aActor, const Attrs& aAttrs,
     nsIInputStream* aPostData)
     : mActor(aActor), mAttrs(aAttrs), mPostData(aPostData) {
-  nsresult rv;
+  auto principalOrErr = ipc::PrincipalInfoToPrincipal(mAttrs.principal());
-  mPrincipal = ipc::PrincipalInfoToPrincipal(mAttrs.principal(), &rv);
+  if (principalOrErr.isOk()) {
+    mPrincipal = principalOrErr.unwrap();
+  } else {
+    NS_WARNING("Failed to obtain principal!");
+  }
   if (mAttrs.sessionHistoryEntryOrCacheKey().type() ==
       SessionHistoryEntryOrCacheKey::TPSHEntryParent) {
     mSHEntry = static_cast<dom::SHEntryParent*>(

dom/workers/ScriptLoader.cpp

@@ -18,6 +18,7 @@
 #include "nsIInputStreamPump.h"
 #include "nsIIOService.h"
 #include "nsIOService.h"
+#include "nsIPrincipal.h"
 #include "nsIProtocolHandler.h"
 #include "nsIScriptError.h"
 #include "nsIScriptSecurityManager.h"
@@ -1365,9 +1366,8 @@ class ScriptLoaderRunnable final : public nsIRunnable, public nsINamed {
     ScriptLoadInfo& loadInfo = mLoadInfos[aIndex];
     MOZ_ASSERT(loadInfo.mCacheStatus == ScriptLoadInfo::Cached);
 
-    nsCOMPtr<nsIPrincipal> responsePrincipal =
+    auto responsePrincipalOrErr = PrincipalInfoToPrincipal(*aPrincipalInfo);
-        PrincipalInfoToPrincipal(*aPrincipalInfo);
+    MOZ_DIAGNOSTIC_ASSERT(responsePrincipalOrErr.isOk());
-    MOZ_DIAGNOSTIC_ASSERT(responsePrincipal);
 
     nsIPrincipal* principal = mWorkerPrivate->GetPrincipal();
     if (!principal) {
@@ -1376,6 +1376,8 @@ class ScriptLoaderRunnable final : public nsIRunnable, public nsINamed {
       principal = parentWorker->GetPrincipal();
     }
 
+    nsCOMPtr<nsIPrincipal> responsePrincipal = responsePrincipalOrErr.unwrap();
+
     loadInfo.mMutedErrorFlag.emplace(!principal->Subsumes(responsePrincipal));
 
     // May be null.

dom/workers/remoteworkers/RemoteWorkerChild.cpp

@@ -9,6 +9,7 @@
 #include <utility>
 
 #include "MainThreadUtils.h"
+#include "nsCOMPtr.h"
 #include "nsDebug.h"
 #include "nsError.h"
 #include "nsIConsoleReportCollector.h"
@@ -309,26 +310,25 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(RemoteWorkerData&& aData) {
   // Ensure that the IndexedDatabaseManager is initialized
   Unused << NS_WARN_IF(!IndexedDatabaseManager::GetOrCreate());
 
-  nsresult rv = NS_OK;
-
   auto scopeExit = MakeScopeExit([&] { TransitionStateToTerminated(); });
 
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr = PrincipalInfoToPrincipal(aData.principalInfo());
-      PrincipalInfoToPrincipal(aData.principalInfo(), &rv);
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return principalOrErr.unwrapErr();
-    return rv;
   }
 
-  nsCOMPtr<nsIPrincipal> loadingPrincipal =
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
-      PrincipalInfoToPrincipal(aData.loadingPrincipalInfo(), &rv);
+
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+  auto loadingPrincipalOrErr =
-    return rv;
+      PrincipalInfoToPrincipal(aData.loadingPrincipalInfo());
+  if (NS_WARN_IF(loadingPrincipalOrErr.isErr())) {
+    return loadingPrincipalOrErr.unwrapErr();
   }
 
-  nsCOMPtr<nsIPrincipal> storagePrincipal =
+  auto storagePrincipalOrErr =
-      PrincipalInfoToPrincipal(aData.storagePrincipalInfo(), &rv);
+      PrincipalInfoToPrincipal(aData.storagePrincipalInfo());
-  if (NS_WARN_IF(NS_FAILED(rv))) {
+  if (NS_WARN_IF(storagePrincipalOrErr.isErr())) {
-    return rv;
+    return storagePrincipalOrErr.unwrapErr();
   }
 
   WorkerLoadInfo info;
@@ -342,8 +342,8 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(RemoteWorkerData&& aData) {
   info.mReferrerInfo = aData.referrerInfo();
   info.mDomain = aData.domain();
   info.mPrincipal = principal;
-  info.mStoragePrincipal = storagePrincipal;
+  info.mStoragePrincipal = storagePrincipalOrErr.unwrap();
-  info.mLoadingPrincipal = loadingPrincipal;
+  info.mLoadingPrincipal = loadingPrincipalOrErr.unwrap();
   info.mStorageAccess = aData.storageAccess();
   info.mOriginAttributes =
       BasePrincipal::Cast(principal)->OriginAttributesRef();
@@ -368,6 +368,8 @@ nsresult RemoteWorkerChild::ExecWorkerOnMainThread(RemoteWorkerData&& aData) {
     clientInfo.emplace(ClientInfo(aData.clientInfo().ref()));
   }
 
+  nsresult rv = NS_OK;
+
   if (clientInfo.isSome()) {
     Maybe<mozilla::ipc::CSPInfo> cspInfo = clientInfo.ref().GetCspInfo();
     if (cspInfo.isSome()) {

dom/workers/remoteworkers/RemoteWorkerManager.cpp

@@ -54,7 +54,13 @@ void TransmitPermissionsAndBlobURLsForPrincipalInfo(
   AssertIsOnMainThread();
   MOZ_ASSERT(aContentParent);
 
-  nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(aPrincipalInfo);
+  auto principalOrErr = PrincipalInfoToPrincipal(aPrincipalInfo);
+
+  if (NS_WARN_IF(principalOrErr.isErr())) {
+    return;
+  }
+
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
 
   aContentParent->TransmitBlobURLsForPrincipal(principal);
 

dom/workers/sharedworkers/SharedWorkerService.cpp

@@ -9,6 +9,7 @@
 #include "mozilla/ipc/BackgroundParent.h"
 #include "mozilla/SchedulerGroup.h"
 #include "mozilla/StaticMutex.h"
+#include "nsIPrincipal.h"
 #include "nsProxyRelease.h"
 
 namespace mozilla {
@@ -171,23 +172,27 @@ void SharedWorkerService::GetOrCreateWorkerManagerOnMainThread(
   MOZ_ASSERT(aBackgroundEventTarget);
   MOZ_ASSERT(aActor);
 
-  nsresult rv = NS_OK;
+  auto storagePrincipalOrErr =
-  nsCOMPtr<nsIPrincipal> storagePrincipal =
+      PrincipalInfoToPrincipal(aData.storagePrincipalInfo());
-      PrincipalInfoToPrincipal(aData.storagePrincipalInfo(), &rv);
+  if (NS_WARN_IF(storagePrincipalOrErr.isErr())) {
-  if (NS_WARN_IF(!storagePrincipal)) {
+    ErrorPropagationOnMainThread(aBackgroundEventTarget, aActor,
-    ErrorPropagationOnMainThread(aBackgroundEventTarget, aActor, rv);
+                                 storagePrincipalOrErr.unwrapErr());
     return;
   }
 
-  nsCOMPtr<nsIPrincipal> loadingPrincipal =
+  auto loadingPrincipalOrErr =
-      PrincipalInfoToPrincipal(aData.loadingPrincipalInfo(), &rv);
+      PrincipalInfoToPrincipal(aData.loadingPrincipalInfo());
-  if (NS_WARN_IF(!loadingPrincipal)) {
+  if (NS_WARN_IF(loadingPrincipalOrErr.isErr())) {
-    ErrorPropagationOnMainThread(aBackgroundEventTarget, aActor, rv);
+    ErrorPropagationOnMainThread(aBackgroundEventTarget, aActor,
+                                 loadingPrincipalOrErr.unwrapErr());
     return;
   }
 
   RefPtr<SharedWorkerManagerHolder> managerHolder;
 
+  nsCOMPtr<nsIPrincipal> loadingPrincipal = loadingPrincipalOrErr.unwrap();
+  nsCOMPtr<nsIPrincipal> storagePrincipal = storagePrincipalOrErr.unwrap();
+
   // Let's see if there is already a SharedWorker to share.
   nsCOMPtr<nsIURI> resolvedScriptURL =
       DeserializeURI(aData.resolvedScriptURL());

ipc/glue/BackgroundParentImpl.cpp

@@ -864,10 +864,14 @@ class CheckPrincipalRunnable final : public Runnable {
 
     NullifyContentParentRAII raii(mContentParent);
 
-    nsCOMPtr<nsIPrincipal> principal = PrincipalInfoToPrincipal(mPrincipalInfo);
+    auto principalOrErr = PrincipalInfoToPrincipal(mPrincipalInfo);
+    if (NS_WARN_IF(principalOrErr.isErr())) {
+      mContentParent->KillHard(
+          "BroadcastChannel killed: PrincipalInfoToPrincipal failed.");
+    }
 
     nsAutoCString origin;
-    nsresult rv = principal->GetOrigin(origin);
+    nsresult rv = principalOrErr.unwrap()->GetOrigin(origin);
     if (NS_FAILED(rv)) {
       mContentParent->KillHard(
           "BroadcastChannel killed: principal::GetOrigin failed.");

ipc/glue/BackgroundUtils.cpp

@@ -39,30 +39,28 @@ using namespace mozilla::net;
 
 namespace ipc {
 
-already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
+Result<nsCOMPtr<nsIPrincipal>, nsresult> PrincipalInfoToPrincipal(
-    const PrincipalInfo& aPrincipalInfo, nsresult* aOptionalResult) {
+    const PrincipalInfo& aPrincipalInfo) {
   MOZ_ASSERT(NS_IsMainThread());
   MOZ_ASSERT(aPrincipalInfo.type() != PrincipalInfo::T__None);
 
-  nsresult stackResult;
-  nsresult& rv = aOptionalResult ? *aOptionalResult : stackResult;
-
   nsCOMPtr<nsIScriptSecurityManager> secMan =
       nsContentUtils::GetSecurityManager();
   if (!secMan) {
-    return nullptr;
+    return Err(NS_ERROR_NULL_POINTER);
   }
 
   nsCOMPtr<nsIPrincipal> principal;
+  nsresult rv;
 
   switch (aPrincipalInfo.type()) {
     case PrincipalInfo::TSystemPrincipalInfo: {
       rv = secMan->GetSystemPrincipal(getter_AddRefs(principal));
       if (NS_WARN_IF(NS_FAILED(rv))) {
-        return nullptr;
+        return Err(rv);
       }
 
-      return principal.forget();
+      return principal;
     }
 
     case PrincipalInfo::TNullPrincipalInfo: {
@@ -71,11 +69,11 @@ already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
       nsCOMPtr<nsIURI> uri;
       rv = NS_NewURI(getter_AddRefs(uri), info.spec());
       if (NS_WARN_IF(NS_FAILED(rv))) {
-        return nullptr;
+        return Err(rv);
       }
 
       principal = NullPrincipal::Create(info.attrs(), uri);
-      return principal.forget();
+      return principal;
     }
 
     case PrincipalInfo::TContentPrincipalInfo: {
@@ -85,53 +83,50 @@ already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
       nsCOMPtr<nsIURI> uri;
       rv = NS_NewURI(getter_AddRefs(uri), info.spec());
       if (NS_WARN_IF(NS_FAILED(rv))) {
-        return nullptr;
+        return Err(rv);
       }
 
       principal = BasePrincipal::CreateContentPrincipal(uri, info.attrs());
       if (NS_WARN_IF(!principal)) {
-        return nullptr;
+        return Err(NS_ERROR_NULL_POINTER);
       }
 
       // Origin must match what the_new_principal.getOrigin returns.
       nsAutoCString originNoSuffix;
       rv = principal->GetOriginNoSuffix(originNoSuffix);
-      if (NS_WARN_IF(NS_FAILED(rv)) ||
+      if (NS_WARN_IF(NS_FAILED(rv))) {
-          !info.originNoSuffix().Equals(originNoSuffix)) {
+        return Err(rv);
-#ifdef FUZZING
+      }
-        return nullptr;
+
-#else
+      if (NS_WARN_IF(!info.originNoSuffix().Equals(originNoSuffix))) {
-        MOZ_CRASH("Origin must be available when deserialized");
+        return Err(NS_ERROR_FAILURE);
-#endif /* FUZZING */
       }
 
       if (info.domain()) {
         nsCOMPtr<nsIURI> domain;
         rv = NS_NewURI(getter_AddRefs(domain), *info.domain());
         if (NS_WARN_IF(NS_FAILED(rv))) {
-          return nullptr;
+          return Err(rv);
         }
 
         rv = principal->SetDomain(domain);
         if (NS_WARN_IF(NS_FAILED(rv))) {
-          return nullptr;
+          return Err(rv);
         }
       }
 
       if (!info.baseDomain().IsVoid()) {
         nsAutoCString baseDomain;
         rv = principal->GetBaseDomain(baseDomain);
-        if (NS_WARN_IF(NS_FAILED(rv)) ||
+        if (NS_WARN_IF(NS_FAILED(rv))) {
-            !info.baseDomain().Equals(baseDomain)) {
+          return Err(rv);
-#ifdef FUZZING
-          return nullptr;
-#else
-          MOZ_CRASH("Base domain must be available when deserialized");
-#endif /* FUZZING */
-        }
         }
 
-      return principal.forget();
+        if (NS_WARN_IF(!info.baseDomain().Equals(baseDomain))) {
+          return Err(NS_ERROR_FAILURE);
+        }
+      }
+      return principal;
     }
 
     case PrincipalInfo::TExpandedPrincipalInfo: {
@@ -142,30 +137,29 @@ already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
       nsCOMPtr<nsIPrincipal> alPrincipal;
 
       for (uint32_t i = 0; i < info.allowlist().Length(); i++) {
-        alPrincipal = PrincipalInfoToPrincipal(info.allowlist()[i], &rv);
+        auto principalOrErr = PrincipalInfoToPrincipal(info.allowlist()[i]);
-        if (NS_WARN_IF(NS_FAILED(rv))) {
+        if (NS_WARN_IF(principalOrErr.isErr())) {
-          return nullptr;
+          nsresult ret = principalOrErr.unwrapErr();
+          return Err(ret);
         }
         // append that principal to the allowlist
-        allowlist.AppendElement(alPrincipal);
+        allowlist.AppendElement(principalOrErr.unwrap());
       }
 
       RefPtr<ExpandedPrincipal> expandedPrincipal =
           ExpandedPrincipal::Create(allowlist, info.attrs());
       if (!expandedPrincipal) {
-        NS_WARNING("could not instantiate expanded principal");
+        return Err(NS_ERROR_FAILURE);
-        return nullptr;
       }
 
       principal = expandedPrincipal;
-      return principal.forget();
+      return principal;
     }
 
     default:
-      MOZ_CRASH("Unknown PrincipalInfo type!");
+      return Err(NS_ERROR_FAILURE);
   }
-
+  return Err(NS_ERROR_FAILURE);
-  MOZ_CRASH("Should never get here!");
 }
 
 already_AddRefed<nsIContentSecurityPolicy> CSPInfoToCSP(
@@ -184,9 +178,9 @@ already_AddRefed<nsIContentSecurityPolicy> CSPInfoToCSP(
       return nullptr;
     }
   } else {
-    nsCOMPtr<nsIPrincipal> requestingPrincipal =
+    auto principalOrErr =
-        PrincipalInfoToPrincipal(aCSPInfo.requestPrincipalInfo(), &rv);
+        PrincipalInfoToPrincipal(aCSPInfo.requestPrincipalInfo());
-    if (NS_WARN_IF(NS_FAILED(rv))) {
+    if (NS_WARN_IF(principalOrErr.isErr())) {
       return nullptr;
     }
 
@@ -197,9 +191,11 @@ already_AddRefed<nsIContentSecurityPolicy> CSPInfoToCSP(
         return nullptr;
       }
     }
-    rv = csp->SetRequestContextWithPrincipal(requestingPrincipal, selfURI,
+
-                                             aCSPInfo.referrer(),
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
-                                             aCSPInfo.innerWindowID());
+
+    rv = csp->SetRequestContextWithPrincipal(
+        principal, selfURI, aCSPInfo.referrer(), aCSPInfo.innerWindowID());
     if (NS_WARN_IF(NS_FAILED(rv))) {
       return nullptr;
     }
@@ -352,13 +348,12 @@ bool IsPrincipalInfoPrivate(const PrincipalInfo& aPrincipalInfo) {
 
 already_AddRefed<nsIRedirectHistoryEntry> RHEntryInfoToRHEntry(
     const RedirectHistoryEntryInfo& aRHEntryInfo) {
-  nsresult rv;
+  auto principalOrErr = PrincipalInfoToPrincipal(aRHEntryInfo.principalInfo());
-  nsCOMPtr<nsIPrincipal> principal =
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-      PrincipalInfoToPrincipal(aRHEntryInfo.principalInfo(), &rv);
-  if (NS_WARN_IF(NS_FAILED(rv))) {
     return nullptr;
   }
 
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   nsCOMPtr<nsIURI> referrerUri = DeserializeURI(aRHEntryInfo.referrerUri());
 
   nsCOMPtr<nsIRedirectHistoryEntry> entry = new nsRedirectHistoryEntry(
@@ -588,45 +583,63 @@ nsresult LoadInfoArgsToLoadInfo(
 
   const LoadInfoArgs& loadInfoArgs = aOptionalLoadInfoArgs.ref();
 
-  nsresult rv = NS_OK;
   nsCOMPtr<nsIPrincipal> loadingPrincipal;
   if (loadInfoArgs.requestingPrincipalInfo().isSome()) {
-    loadingPrincipal = PrincipalInfoToPrincipal(
+    auto loadingPrincipalOrErr =
-        loadInfoArgs.requestingPrincipalInfo().ref(), &rv);
+        PrincipalInfoToPrincipal(loadInfoArgs.requestingPrincipalInfo().ref());
-    NS_ENSURE_SUCCESS(rv, rv);
+    if (NS_WARN_IF(loadingPrincipalOrErr.isErr())) {
+      return loadingPrincipalOrErr.unwrapErr();
+    }
+    loadingPrincipal = loadingPrincipalOrErr.unwrap();
   }
 
-  NS_ENSURE_SUCCESS(rv, rv);
+  auto triggeringPrincipalOrErr =
+      PrincipalInfoToPrincipal(loadInfoArgs.triggeringPrincipalInfo());
+  if (NS_WARN_IF(triggeringPrincipalOrErr.isErr())) {
+    return triggeringPrincipalOrErr.unwrapErr();
+  }
   nsCOMPtr<nsIPrincipal> triggeringPrincipal =
-      PrincipalInfoToPrincipal(loadInfoArgs.triggeringPrincipalInfo(), &rv);
+      triggeringPrincipalOrErr.unwrap();
-  NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIPrincipal> principalToInherit;
   if (loadInfoArgs.principalToInheritInfo().isSome()) {
-    principalToInherit = PrincipalInfoToPrincipal(
+    auto principalToInheritOrErr =
-        loadInfoArgs.principalToInheritInfo().ref(), &rv);
+        PrincipalInfoToPrincipal(loadInfoArgs.principalToInheritInfo().ref());
-    NS_ENSURE_SUCCESS(rv, rv);
+    if (NS_WARN_IF(principalToInheritOrErr.isErr())) {
+      return principalToInheritOrErr.unwrapErr();
+    }
+    principalToInherit = principalToInheritOrErr.unwrap();
   }
 
   nsCOMPtr<nsIPrincipal> sandboxedLoadingPrincipal;
   if (loadInfoArgs.sandboxedLoadingPrincipalInfo().isSome()) {
-    sandboxedLoadingPrincipal = PrincipalInfoToPrincipal(
+    auto sandboxedLoadingPrincipalOrErr = PrincipalInfoToPrincipal(
-        loadInfoArgs.sandboxedLoadingPrincipalInfo().ref(), &rv);
+        loadInfoArgs.sandboxedLoadingPrincipalInfo().ref());
-    NS_ENSURE_SUCCESS(rv, rv);
+    if (NS_WARN_IF(sandboxedLoadingPrincipalOrErr.isErr())) {
+      return sandboxedLoadingPrincipalOrErr.unwrapErr();
+    }
+    sandboxedLoadingPrincipal = sandboxedLoadingPrincipalOrErr.unwrap();
   }
 
+  nsresult rv = NS_OK;
   nsCOMPtr<nsIPrincipal> topLevelPrincipal;
   if (loadInfoArgs.topLevelPrincipalInfo().isSome()) {
-    topLevelPrincipal = PrincipalInfoToPrincipal(
+    auto topLevelPrincipalOrErr =
-        loadInfoArgs.topLevelPrincipalInfo().ref(), &rv);
+        PrincipalInfoToPrincipal(loadInfoArgs.topLevelPrincipalInfo().ref());
-    NS_ENSURE_SUCCESS(rv, rv);
+    if (NS_WARN_IF(topLevelPrincipalOrErr.isErr())) {
+      return topLevelPrincipalOrErr.unwrapErr();
+    }
+    topLevelPrincipal = topLevelPrincipalOrErr.unwrap();
   }
 
   nsCOMPtr<nsIPrincipal> topLevelStorageAreaPrincipal;
   if (loadInfoArgs.topLevelStorageAreaPrincipalInfo().isSome()) {
-    topLevelStorageAreaPrincipal = PrincipalInfoToPrincipal(
+    auto topLevelStorageAreaPrincipalOrErr = PrincipalInfoToPrincipal(
-        loadInfoArgs.topLevelStorageAreaPrincipalInfo().ref(), &rv);
+        loadInfoArgs.topLevelStorageAreaPrincipalInfo().ref());
-    NS_ENSURE_SUCCESS(rv, rv);
+    if (NS_WARN_IF(topLevelStorageAreaPrincipalOrErr.isErr())) {
+      return topLevelStorageAreaPrincipalOrErr.unwrapErr();
+    }
+    topLevelStorageAreaPrincipal = topLevelStorageAreaPrincipalOrErr.unwrap();
   }
 
   nsCOMPtr<nsIURI> resultPrincipalURI;
@@ -657,9 +670,11 @@ nsresult LoadInfoArgsToLoadInfo(
   nsTArray<nsCOMPtr<nsIPrincipal>> ancestorPrincipals;
   ancestorPrincipals.SetCapacity(loadInfoArgs.ancestorPrincipals().Length());
   for (const PrincipalInfo& principalInfo : loadInfoArgs.ancestorPrincipals()) {
-    nsCOMPtr<nsIPrincipal> ancestorPrincipal =
+    auto ancestorPrincipalOrErr = PrincipalInfoToPrincipal(principalInfo);
-        PrincipalInfoToPrincipal(principalInfo, &rv);
+    if (NS_WARN_IF(ancestorPrincipalOrErr.isErr())) {
-    NS_ENSURE_SUCCESS(rv, rv);
+      return ancestorPrincipalOrErr.unwrapErr();
+    }
+    nsCOMPtr<nsIPrincipal> ancestorPrincipal = ancestorPrincipalOrErr.unwrap();
     ancestorPrincipals.AppendElement(ancestorPrincipal.forget());
   }
 

ipc/glue/BackgroundUtils.h

@@ -65,10 +65,10 @@ class PrincipalInfo;
 /**
  * Convert a PrincipalInfo to an nsIPrincipal.
  *
- * MUST be called on the main thread only.
+ * MUST be called on the main thread.
  */
-already_AddRefed<nsIPrincipal> PrincipalInfoToPrincipal(
+Result<nsCOMPtr<nsIPrincipal>, nsresult> PrincipalInfoToPrincipal(
-    const PrincipalInfo& aPrincipalInfo, nsresult* aOptionalResult = nullptr);
+    const PrincipalInfo& aPrincipalInfo);
 
 /**
  * Convert an nsIPrincipal to a PrincipalInfo.

netwerk/base/nsNetUtil.cpp

@@ -304,11 +304,12 @@ void AssertLoadingPrincipalAndClientInfoMatch(
   }
 
   // Perform a fast comparison for most principal checks.
-  nsCOMPtr<nsIPrincipal> clientPrincipal(aLoadingClientInfo.GetPrincipal());
+  auto clientPrincipalOrErr(aLoadingClientInfo.GetPrincipal());
+  if (clientPrincipalOrErr.isOk()) {
+    nsCOMPtr<nsIPrincipal> clientPrincipal = clientPrincipalOrErr.unwrap();
     if (aLoadingPrincipal->Equals(clientPrincipal)) {
       return;
     }
-
     // Fall back to a slower origin equality test to support null principals.
     nsAutoCString loadingOrigin;
     MOZ_ALWAYS_SUCCEEDS(aLoadingPrincipal->GetOrigin(loadingOrigin));
@@ -317,6 +318,7 @@ void AssertLoadingPrincipalAndClientInfoMatch(
     MOZ_ALWAYS_SUCCEEDS(clientPrincipal->GetOrigin(clientOrigin));
 
     MOZ_DIAGNOSTIC_ASSERT(loadingOrigin == clientOrigin);
+  }
 #endif
 }
 

netwerk/cookie/CookieJarSettings.cpp

@@ -16,6 +16,7 @@
 #include "mozilla/StaticPrefs_network.h"
 #include "mozilla/Unused.h"
 #include "nsGlobalWindowInner.h"
+#include "nsIPrincipal.h"
 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
 #  include "nsIProtocolHandler.h"
 #endif
@@ -286,12 +287,13 @@ void CookieJarSettings::Serialize(CookieJarSettingsArgs& aData) {
 
   CookiePermissionList list;
   for (const CookiePermissionData& data : aData.cookiePermissions()) {
-    nsCOMPtr<nsIPrincipal> principal =
+    auto principalOrErr = PrincipalInfoToPrincipal(data.principalInfo());
-        PrincipalInfoToPrincipal(data.principalInfo());
+    if (NS_WARN_IF(principalOrErr.isErr())) {
-    if (NS_WARN_IF(!principal)) {
       continue;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
+
     nsCOMPtr<nsIPermission> permission =
         Permission::Create(principal, NS_LITERAL_CSTRING("cookie"),
                            data.cookiePermission(), 0, 0, 0);
@@ -347,12 +349,12 @@ void CookieJarSettings::Merge(const CookieJarSettingsArgs& aData) {
   PermissionComparator comparator;
 
   for (const CookiePermissionData& data : aData.cookiePermissions()) {
-    nsCOMPtr<nsIPrincipal> principal =
+    auto principalOrErr = PrincipalInfoToPrincipal(data.principalInfo());
-        PrincipalInfoToPrincipal(data.principalInfo());
+    if (NS_WARN_IF(principalOrErr.isErr())) {
-    if (NS_WARN_IF(!principal)) {
       continue;
     }
 
+    nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
     nsCOMPtr<nsIPermission> permission =
         Permission::Create(principal, NS_LITERAL_CSTRING("cookie"),
                            data.cookiePermission(), 0, 0, 0);

netwerk/ipc/DocumentLoadListener.cpp

@@ -1463,11 +1463,12 @@ DocumentLoadListener::RedirectToRealChannel(
           CreateAndReject(ipc::ResponseRejectReason::SendError, __func__);
     }
 
-    nsresult rv;
+    auto triggeringPrincipalOrErr =
-    nsCOMPtr<nsIPrincipal> triggeringPrincipal =
+        PrincipalInfoToPrincipal(loadInfo.ref().triggeringPrincipalInfo());
-        PrincipalInfoToPrincipal(loadInfo.ref().triggeringPrincipalInfo(), &rv);
 
-    if (NS_SUCCEEDED(rv) && triggeringPrincipal) {
+    if (triggeringPrincipalOrErr.isOk()) {
+      nsCOMPtr<nsIPrincipal> triggeringPrincipal =
+          triggeringPrincipalOrErr.unwrap();
       cp->TransmitBlobDataIfBlobURL(args.uri(), triggeringPrincipal);
     }
 

netwerk/ipc/NeckoParent.cpp

@@ -110,7 +110,8 @@ static already_AddRefed<nsIPrincipal> GetRequestingPrincipal(
 
   const PrincipalInfo& principalInfo = optionalPrincipalInfo.ref();
 
-  return PrincipalInfoToPrincipal(principalInfo);
+  auto principalOrErr = PrincipalInfoToPrincipal(principalInfo);
+  return principalOrErr.isOk() ? principalOrErr.unwrap().forget() : nullptr;
 }
 
 static already_AddRefed<nsIPrincipal> GetRequestingPrincipal(

netwerk/protocol/http/HttpChannelParent.cpp

@@ -1288,11 +1288,11 @@ mozilla::ipc::IPCResult HttpChannelParent::RecvRemoveCorsPreflightCacheEntry(
   if (!deserializedURI) {
     return IPC_FAIL_NO_REASON(this);
   }
-  nsCOMPtr<nsIPrincipal> principal =
+  auto principalOrErr = PrincipalInfoToPrincipal(requestingPrincipal);
-      PrincipalInfoToPrincipal(requestingPrincipal);
+  if (NS_WARN_IF(principalOrErr.isErr())) {
-  if (!principal) {
     return IPC_FAIL_NO_REASON(this);
   }
+  nsCOMPtr<nsIPrincipal> principal = principalOrErr.unwrap();
   nsCORSListenerProxy::RemoveFromCorsPreflightCache(deserializedURI, principal);
   return IPC_OK();
 }

uriloader/prefetch/OfflineCacheUpdateParent.cpp

@@ -12,6 +12,7 @@
 #include "mozilla/ipc/URIUtils.h"
 #include "mozilla/Unused.h"
 #include "nsContentUtils.h"
+#include "nsDebug.h"
 #include "nsOfflineCacheUpdate.h"
 #include "nsIApplicationCache.h"
 #include "nsNetUtil.h"
@@ -75,15 +76,18 @@ nsresult OfflineCacheUpdateParent::Schedule(
     const CookieJarSettingsArgs& aCookieJarSettingsArgs) {
   LOG(("OfflineCacheUpdateParent::RecvSchedule [%p]", this));
 
-  nsresult rv;
-
   RefPtr<nsOfflineCacheUpdate> update;
   if (!aManifestURI) {
     return NS_ERROR_FAILURE;
   }
 
-  mLoadingPrincipal = PrincipalInfoToPrincipal(aLoadingPrincipalInfo, &rv);
+  auto loadingPrincipalOrErr = PrincipalInfoToPrincipal(aLoadingPrincipalInfo);
-  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (NS_WARN_IF(loadingPrincipalOrErr.isErr())) {
+    return loadingPrincipalOrErr.unwrapErr();
+  }
+
+  mLoadingPrincipal = loadingPrincipalOrErr.unwrap();
 
   nsOfflineCacheUpdateService* service =
       nsOfflineCacheUpdateService::EnsureService();
@@ -93,7 +97,8 @@ nsresult OfflineCacheUpdateParent::Schedule(
 
   bool offlinePermissionAllowed = false;
 
-  rv = service->OfflineAppAllowed(mLoadingPrincipal, &offlinePermissionAllowed);
+  nsresult rv =
+      service->OfflineAppAllowed(mLoadingPrincipal, &offlinePermissionAllowed);
   NS_ENSURE_SUCCESS(rv, rv);
 
   if (!offlinePermissionAllowed) {