[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser/tor-browser-24.6.0esr-4.x-1] Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.



commit d0062623b1cb82844bd83af308515d86ccc610a3
Author: Arthur Edelstein <arthuredelstein@xxxxxxxxx>
Date:   Thu Apr 17 16:39:37 2014 -0700

    Add a pref, "privacy.thirdparty.isolate", to allow the activation or deactivation of isolating DOM storage and image caching by first party URI.
---
 browser/app/profile/firefox.js                     |    8 ++
 content/base/src/ThirdPartyUtil.cpp                |   34 ++++++++
 content/base/src/ThirdPartyUtil.h                  |    1 +
 content/base/src/nsContentUtils.cpp                |   28 +++----
 docshell/base/nsDocShell.cpp                       |   10 +--
 dom/base/nsGlobalWindow.cpp                        |   28 +++----
 dom/base/nsGlobalWindow.h                          |    2 +-
 dom/interfaces/storage/nsIDOMStorageManager.idl    |   14 ++--
 dom/src/storage/DOMStorageCache.cpp                |    4 +-
 dom/src/storage/DOMStorageCache.h                  |    6 +-
 dom/src/storage/DOMStorageManager.cpp              |   44 +++++-----
 dom/src/storage/DOMStorageManager.h                |    4 +-
 embedding/browser/webBrowser/nsContextMenuInfo.cpp |    8 +-
 image/public/imgILoader.idl                        |    4 +-
 image/src/imgLoader.cpp                            |   84 ++++++++------------
 image/src/imgLoader.h                              |    6 +-
 image/src/imgRequest.cpp                           |    8 +-
 image/src/imgRequest.h                             |    4 +-
 layout/generic/nsImageFrame.cpp                    |   22 ++---
 netwerk/base/public/mozIThirdPartyUtil.idl         |   23 ++++++
 widget/cocoa/nsMenuItemIconX.mm                    |    8 +-
 21 files changed, 200 insertions(+), 150 deletions(-)

diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
index 56ae000..ae78798 100644
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -517,6 +517,14 @@ pref("privacy.sanitize.migrateFx3Prefs",    false);
 
 pref("network.proxy.share_proxy_settings",  false); // use the same proxy settings for all protocols
 
+// The privacy.thirdparty.isolate pref determines whether
+// an isolated DOM Storage map and image cache are
+// maintained for each URL bar domain.
+// 0 - No isolation
+// 1 - Enable isolation in private windows
+// 2 - Enable isolation everywhere
+pref("privacy.thirdparty.isolate",          1);
+
 // simple gestures support
 pref("browser.gesture.swipe.left", "Browser:BackOrBackDuplicate");
 pref("browser.gesture.swipe.right", "Browser:ForwardOrForwardDuplicate");
diff --git a/content/base/src/ThirdPartyUtil.cpp b/content/base/src/ThirdPartyUtil.cpp
index 55eb316..06b2a14 100644
--- a/content/base/src/ThirdPartyUtil.cpp
+++ b/content/base/src/ThirdPartyUtil.cpp
@@ -3,6 +3,7 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "ThirdPartyUtil.h"
+#include "mozilla/Preferences.h"
 #include "nsNetUtil.h"
 #include "nsIServiceManager.h"
 #include "nsIHttpChannelInternal.h"
@@ -411,6 +412,39 @@ ThirdPartyUtil::GetBaseDomain(nsIURI* aHostURI,
   return NS_OK;
 }
 
+// Returns true if First Party Isolation is currently active for the given nsIChannel.
+// Depends on Preference setting and possibly the state of Private Browsing mode.
+bool ThirdPartyUtil::IsFirstPartyIsolationActive(nsIChannel *aChannel, nsIDocument *aDoc)
+{
+  int32_t isolationState = mozilla::Preferences::GetInt("privacy.thirdparty.isolate");
+  if (isolationState == 1) {
+    if (!aChannel && aDoc) {
+      // No channel passed directly. Can we get a channel from aDoc?
+      aChannel = aDoc->GetChannel();
+    }
+    return aChannel && NS_UsePrivateBrowsing(aChannel);
+  } else { // (isolationState == 0) || (isolationState == 2)
+    return (isolationState == 2);
+  }
+}
+
+// Produces a URI that uniquely identifies the first party to which
+// image cache and dom storage objects should be isolated. If isolation
+// is deactivated, then aOutput will return null.
+// Not scriptable due to the use of an nsIDocument parameter.
+NS_IMETHODIMP
+ThirdPartyUtil::GetFirstPartyIsolationURI(nsIChannel *aChannel, nsIDocument *aDoc, nsIURI **aOutput)
+{
+  bool isolationActive = IsFirstPartyIsolationActive(aChannel, aDoc);
+  if (isolationActive) {
+    return GetFirstPartyURI(aChannel, aDoc, aOutput);
+  } else {
+    // We return a null pointer when isolation is off.
+    *aOutput = nullptr;
+    return NS_OK;
+  }
+}
+
 // Not scriptable due to the use of an nsIDocument parameter.
 NS_IMETHODIMP
 ThirdPartyUtil::GetFirstPartyURI(nsIChannel *aChannel,
diff --git a/content/base/src/ThirdPartyUtil.h b/content/base/src/ThirdPartyUtil.h
index 8777f44..c90dbad 100644
--- a/content/base/src/ThirdPartyUtil.h
+++ b/content/base/src/ThirdPartyUtil.h
@@ -27,6 +27,7 @@ public:
 private:
   nsresult IsThirdPartyInternal(const nsCString& aFirstDomain,
     nsIURI* aSecondURI, bool* aResult);
+  bool IsFirstPartyIsolationActive(nsIChannel* aChannel, nsIDocument* aDoc);
   bool SchemeIsWhiteListed(nsIURI *aURI);
   static already_AddRefed<nsIURI> GetURIFromWindow(nsIDOMWindow* aWin);
   static nsresult GetOriginatingURI(nsIChannel  *aChannel, nsIURI **aURI);
diff --git a/content/base/src/nsContentUtils.cpp b/content/base/src/nsContentUtils.cpp
index db038bf..308cea8 100644
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -2693,22 +2693,22 @@ nsContentUtils::LoadImage(nsIURI* aURI, nsIDocument* aLoadingDocument,
   // Make the URI immutable so people won't change it under us
   NS_TryToSetImmutable(aURI);
  
-  nsCOMPtr<nsIURI> firstPartyURI;
+  nsCOMPtr<nsIURI> firstPartyIsolationURI;
   nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
                                = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-  thirdPartySvc->GetFirstPartyURI(nullptr, aLoadingDocument,
-                                  getter_AddRefs(firstPartyURI));
-
-  return imgLoader->LoadImage(aURI,                 /* uri to load */
-                              firstPartyURI,        /* firstPartyURI */
-                              aReferrer,            /* referrer */
-                              aLoadingPrincipal,    /* loading principal */
-                              loadGroup,            /* loadgroup */
-                              aObserver,            /* imgINotificationObserver */
-                              aLoadingDocument,     /* uniquification key */
-                              aLoadFlags,           /* load flags */
-                              nullptr,               /* cache key */
-                              channelPolicy,        /* CSP info */
+  thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aLoadingDocument,
+                                           getter_AddRefs(firstPartyIsolationURI));
+
+  return imgLoader->LoadImage(aURI,                   /* uri to load */
+                              firstPartyIsolationURI, /* firstPartyIsolationURI, NULL if isolation is not active */
+                              aReferrer,              /* referrer */
+                              aLoadingPrincipal,      /* loading principal */
+                              loadGroup,              /* loadgroup */
+                              aObserver,              /* imgINotificationObserver */
+                              aLoadingDocument,       /* uniquification key */
+                              aLoadFlags,             /* load flags */
+                              nullptr,                /* cache key */
+                              channelPolicy,          /* CSP info */
                               aRequest);
 }
 
diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
index 8963ea0..205b197 100644
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -2698,18 +2698,18 @@ nsDocShell::GetSessionStorageForPrincipal(nsIPrincipal* aPrincipal,
       return NS_ERROR_FAILURE;
 
     nsCOMPtr<nsIDocument> doc(do_GetInterface(GetAsSupports(this)));
-    nsCOMPtr<nsIURI> firstPartyURI;
-    nsresult rv = thirdPartyUtil->GetFirstPartyURI(nullptr, doc,
-                                           getter_AddRefs(firstPartyURI));
+    nsCOMPtr<nsIURI> firstPartyIsolationURI;
+    nsresult rv = thirdPartyUtil->GetFirstPartyIsolationURI(nullptr, doc,
+                                           getter_AddRefs(firstPartyIsolationURI));
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (aCreate) {
-        return manager->CreateStorageForFirstParty(firstPartyURI,
+        return manager->CreateStorageForFirstParty(firstPartyIsolationURI,
                                       aPrincipal, aDocumentURI,
                                       mInPrivateBrowsing, aStorage);
     }
 
-    return manager->GetStorageForFirstParty(firstPartyURI, aPrincipal,
+    return manager->GetStorageForFirstParty(firstPartyIsolationURI, aPrincipal,
                                             mInPrivateBrowsing, aStorage);
 }
 
diff --git a/dom/base/nsGlobalWindow.cpp b/dom/base/nsGlobalWindow.cpp
index 5a0998a..7c742b0 100644
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -2604,8 +2604,8 @@ nsGlobalWindow::PreloadLocalStorage()
   }
 
   nsresult rv;
-  nsCOMPtr<nsIURI> firstPartyURI;
-  rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+  nsCOMPtr<nsIURI> firstPartyIsolationURI;
+  rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
   if (NS_FAILED(rv)) {
     return;
   }
@@ -2616,7 +2616,7 @@ nsGlobalWindow::PreloadLocalStorage()
     return;
   }
 
-  storageManager->PrecacheStorageForFirstParty(firstPartyURI, principal);
+  storageManager->PrecacheStorageForFirstParty(firstPartyIsolationURI, principal);
 }
 
 void
@@ -6665,7 +6665,7 @@ nsGlobalWindow::CallerInnerWindow()
 }
 
 nsresult
-nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI)
+nsGlobalWindow::GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI)
 {
   nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
                                do_GetService(THIRDPARTYUTIL_CONTRACTID);
@@ -6673,7 +6673,7 @@ nsGlobalWindow::GetFirstPartyURI(nsIURI** aFirstPartyURI)
     return NS_ERROR_FAILURE;
 
   nsCOMPtr<nsIDocument> doc = do_QueryInterface(mDoc);
-  return thirdPartyUtil->GetFirstPartyURI(NULL, doc, aFirstPartyURI);
+  return thirdPartyUtil->GetFirstPartyIsolationURI(NULL, doc, aFirstPartyIsolationURI);
 }
 
 
@@ -8984,11 +8984,11 @@ nsGlobalWindow::GetSessionStorage(nsIDOMStorage ** aSessionStorage)
 
     nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
 
-    nsCOMPtr<nsIURI> firstPartyURI;
-    rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+    nsCOMPtr<nsIURI> firstPartyIsolationURI;
+    rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
     NS_ENSURE_SUCCESS(rv, rv);
 
-    rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal,
+    rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal,
                                        documentURI,
                                        loadContext && loadContext->UsePrivateBrowsing(),
                                        getter_AddRefs(mSessionStorage));
@@ -9056,14 +9056,14 @@ nsGlobalWindow::GetLocalStorage(nsIDOMStorage ** aLocalStorage)
       mDoc->GetDocumentURI(documentURI);
     }
 
-    nsCOMPtr<nsIURI> firstPartyURI;
-    rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+    nsCOMPtr<nsIURI> firstPartyIsolationURI;
+    rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsIDocShell* docShell = GetDocShell();
     nsCOMPtr<nsILoadContext> loadContext = do_QueryInterface(docShell);
 
-    rv = storageManager->CreateStorageForFirstParty(firstPartyURI, principal,
+    rv = storageManager->CreateStorageForFirstParty(firstPartyIsolationURI, principal,
                                        documentURI,
                                        loadContext && loadContext->UsePrivateBrowsing(),
                                        getter_AddRefs(mLocalStorage));
@@ -9681,11 +9681,11 @@ nsGlobalWindow::Observe(nsISupports* aSubject, const char* aTopic,
       nsCOMPtr<nsIDOMStorageManager> storageManager = do_QueryInterface(GetDocShell());
       if (storageManager) {
         nsresult rv;
-        nsCOMPtr<nsIURI> firstPartyURI;
-        rv = GetFirstPartyURI(getter_AddRefs(firstPartyURI));
+        nsCOMPtr<nsIURI> firstPartyIsolationURI;
+        rv = GetFirstPartyIsolationURI(getter_AddRefs(firstPartyIsolationURI));
         NS_ENSURE_SUCCESS(rv, rv);
 
-        rv = storageManager->CheckStorageForFirstParty(firstPartyURI,
+        rv = storageManager->CheckStorageForFirstParty(firstPartyIsolationURI,
                                           principal, changingStorage, &check);
         NS_ENSURE_SUCCESS(rv, rv);
       }
diff --git a/dom/base/nsGlobalWindow.h b/dom/base/nsGlobalWindow.h
index af012bc..da6b54d 100644
--- a/dom/base/nsGlobalWindow.h
+++ b/dom/base/nsGlobalWindow.h
@@ -1092,7 +1092,7 @@ protected:
   nsresult RequestAnimationFrame(const nsIDocument::FrameRequestCallbackHolder& aCallback,
                                  int32_t* aHandle);
 
-  nsresult GetFirstPartyURI(nsIURI** aFirstPartyURI);
+  nsresult GetFirstPartyIsolationURI(nsIURI** aFirstPartyIsolationURI);
 
   // When adding new member variables, be careful not to create cycles
   // through JavaScript.  If there is any chance that a member variable
diff --git a/dom/interfaces/storage/nsIDOMStorageManager.idl b/dom/interfaces/storage/nsIDOMStorageManager.idl
index 6d1c5fc..ea7246e 100644
--- a/dom/interfaces/storage/nsIDOMStorageManager.idl
+++ b/dom/interfaces/storage/nsIDOMStorageManager.idl
@@ -21,13 +21,13 @@ interface nsIDOMStorageManager : nsISupports
    * This starts async preloading of a storage cache for scope
    * defined by the principal.
    *
-   * @param aFirstPartyURI
+   * @param aFirstPartyIsolationURI
    *    First party URI to bound storage to.
    * @param aPrincipal
    *    Principal to bound storage to.
    */
   void precacheStorage(in nsIPrincipal aPrincipal);
-  void precacheStorageForFirstParty(in nsIURI aFirstPartyURI,
+  void precacheStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
                                     in nsIPrincipal aPrincipal);
 
   /**
@@ -35,7 +35,7 @@ interface nsIDOMStorageManager : nsISupports
    * A new object is always returned and it is ensured there is
    * a storage for the scope created.
    *
-   * @param aFirstPartyURI
+   * @param aFirstPartyIsolationURI
    *    First party URI to bound storage to.
    * @param aPrincipal
    *    Principal to bound storage to.
@@ -47,7 +47,7 @@ interface nsIDOMStorageManager : nsISupports
   nsIDOMStorage createStorage(in nsIPrincipal aPrincipal,
                               in DOMString aDocumentURI,
                               [optional] in bool aPrivate);
-  nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyURI,
+  nsIDOMStorage createStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
                                            in nsIPrincipal aPrincipal,
                                            in DOMString aDocumentURI,
                                            [optional] in bool aPrivate);
@@ -64,7 +64,7 @@ interface nsIDOMStorageManager : nsISupports
    */
   nsIDOMStorage getStorage(in nsIPrincipal aPrincipal,
                            [optional] in bool aPrivate);
-  nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyURI,
+  nsIDOMStorage getStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
                                         in nsIPrincipal aPrincipal,
                                         [optional] in bool aPrivate);
 
@@ -83,7 +83,7 @@ interface nsIDOMStorageManager : nsISupports
    * Returns true if the storage belongs to the given principal and is managed
    * (i.e. has been created and is cached) by this storage manager.
    *
-   * @param aFirstPartyURI
+   * @param aFirstPartyIsolationURI
    *    First party URI to check the storage against.
    * @param aPrincipal
    *    Principal to check the storage against.
@@ -97,7 +97,7 @@ interface nsIDOMStorageManager : nsISupports
    */
   bool checkStorage(in nsIPrincipal aPrincipal,
                     in nsIDOMStorage aStorage);
-  bool checkStorageForFirstParty(in nsIURI aFirstPartyURI,
+  bool checkStorageForFirstParty(in nsIURI aFirstPartyIsolationURI,
                                  in nsIPrincipal aPrincipal,
                                  in nsIDOMStorage aStorage);
 
diff --git a/dom/src/storage/DOMStorageCache.cpp b/dom/src/storage/DOMStorageCache.cpp
index 84ef729..b67a559 100644
--- a/dom/src/storage/DOMStorageCache.cpp
+++ b/dom/src/storage/DOMStorageCache.cpp
@@ -120,7 +120,7 @@ DOMStorageCache::Release(void)
 void
 DOMStorageCache::Init(DOMStorageManager* aManager,
                       bool aPersistent,
-                      nsIURI* aFirstPartyURI,
+                      nsIURI* aFirstPartyIsolationURI,
                       nsIPrincipal* aPrincipal,
                       const nsACString& aQuotaScope)
 {
@@ -130,7 +130,7 @@ DOMStorageCache::Init(DOMStorageManager* aManager,
 
   mManager = aManager;
   mInitialized = true;
-  mFirstPartyURI = aFirstPartyURI;
+  mFirstPartyIsolationURI = aFirstPartyIsolationURI;
   mPrincipal = aPrincipal;
   mPersistent = aPersistent;
   mQuotaScope = aQuotaScope.IsEmpty() ? mScope : aQuotaScope;
diff --git a/dom/src/storage/DOMStorageCache.h b/dom/src/storage/DOMStorageCache.h
index 42836ac..2b892fc 100644
--- a/dom/src/storage/DOMStorageCache.h
+++ b/dom/src/storage/DOMStorageCache.h
@@ -72,7 +72,7 @@ public:
   virtual ~DOMStorageCache();
 
   void Init(DOMStorageManager* aManager, bool aPersistent,
-            nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+            nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
             const nsACString& aQuotaScope);
 
   // Copies all data from the other storage.
@@ -97,7 +97,7 @@ public:
 
   nsTArray<nsString>* GetKeys(const DOMStorage* aStorage);
 
-  nsIURI* FirstPartyURI() const { return mFirstPartyURI; }
+  nsIURI* FirstPartyIsolationURI() const { return mFirstPartyIsolationURI; }
 
   // Whether the principal equals principal the cache was created for
   bool CheckPrincipal(nsIPrincipal* aPrincipal) const;
@@ -177,7 +177,7 @@ private:
   nsCOMPtr<nsITimer> mKeepAliveTimer;
 
   // The first party URI associated with this cache.
-  nsCOMPtr<nsIURI> mFirstPartyURI;
+  nsCOMPtr<nsIURI> mFirstPartyIsolationURI;
 
   // Principal the cache has been initially created for, this is used only
   // for sessionStorage access checks since sessionStorage objects are strictly
diff --git a/dom/src/storage/DOMStorageManager.cpp b/dom/src/storage/DOMStorageManager.cpp
index 9cc5042..4dbe66c 100644
--- a/dom/src/storage/DOMStorageManager.cpp
+++ b/dom/src/storage/DOMStorageManager.cpp
@@ -132,16 +132,16 @@ DOMStorageManager::~DOMStorageManager()
 namespace { // anon
 
 nsresult
-AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey)
+AppendFirstPartyToKey(nsIURI* aFirstPartyIsolationURI, nsACString& aKey)
 {
-  if (aFirstPartyURI) {
+  if (aFirstPartyIsolationURI) {
     nsCOMPtr<mozIThirdPartyUtil> thirdPartyUtil =
                             do_GetService(THIRDPARTYUTIL_CONTRACTID);
     if (!thirdPartyUtil)
       return NS_ERROR_FAILURE;
 
     nsAutoCString firstPartyHost;
-    nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyURI,
+    nsresult rv = thirdPartyUtil->GetFirstPartyHostForIsolation(aFirstPartyIsolationURI,
                                                                 firstPartyHost);
     NS_ENSURE_SUCCESS(rv, rv);
 
@@ -153,7 +153,7 @@ AppendFirstPartyToKey(nsIURI* aFirstPartyURI, nsACString& aKey)
 }
 
 nsresult
-CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+CreateScopeKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
                nsACString& aKey)
 {
   nsCOMPtr<nsIURI> uri;
@@ -231,11 +231,11 @@ CreateScopeKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
 
   // Isolate scope keys to the URL bar domain by appending &firstPartyHost
   // if available.
-  return AppendFirstPartyToKey(aFirstPartyURI, aKey);
+  return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey);
 }
 
 nsresult
-CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
+CreateQuotaDBKey(nsIURI* aFirstPartyIsolationURI, nsIPrincipal* aPrincipal,
                  nsACString& aKey)
 {
   nsresult rv;
@@ -286,7 +286,7 @@ CreateQuotaDBKey(nsIURI* aFirstPartyURI, nsIPrincipal* aPrincipal,
 
   // Isolate scope keys to the URL bar domain by appending &firstPartyHost
   // if available.
-  return AppendFirstPartyToKey(aFirstPartyURI, aKey);
+  return AppendFirstPartyToKey(aFirstPartyIsolationURI, aKey);
 }
 
 } // anon
@@ -304,14 +304,14 @@ DOMStorageManager::GetCache(const nsACString& aScope) const
 
 already_AddRefed<DOMStorageCache>
 DOMStorageManager::PutCache(const nsACString& aScope,
-                            nsIURI* aFirstPartyURI,
+                            nsIURI* aFirstPartyIsolationURI,
                             nsIPrincipal* aPrincipal)
 {
   DOMStorageCacheHashKey* entry = mCaches.PutEntry(aScope);
   nsRefPtr<DOMStorageCache> cache = entry->cache();
 
   nsAutoCString quotaScope;
-  CreateQuotaDBKey(aFirstPartyURI, aPrincipal, quotaScope);
+  CreateQuotaDBKey(aFirstPartyIsolationURI, aPrincipal, quotaScope);
 
   // To avoid ever persisting session storage to disk, initialize LocalStorage
   // like SessionStorage.
@@ -320,7 +320,7 @@ DOMStorageManager::PutCache(const nsACString& aScope,
   case LocalStorage:
     // Lifetime handled by the manager, don't persist
     entry->HardRef();
-    cache->Init(nullptr, false, aFirstPartyURI, aPrincipal, quotaScope);
+    cache->Init(nullptr, false, aFirstPartyIsolationURI, aPrincipal, quotaScope);
     break;
 
   default:
@@ -342,7 +342,7 @@ DOMStorageManager::DropCache(DOMStorageCache* aCache)
 
 nsresult
 DOMStorageManager::GetStorageInternal(bool aCreate,
-                                      nsIURI* aFirstPartyURI,
+                                      nsIURI* aFirstPartyIsolationURI,
                                       nsIPrincipal* aPrincipal,
                                       const nsAString& aDocumentURI,
                                       bool aPrivate,
@@ -351,7 +351,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate,
   nsresult rv;
 
   nsAutoCString scope;
-  rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope);
+  rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope);
   if (NS_FAILED(rv)) {
     return NS_ERROR_NOT_AVAILABLE;
   }
@@ -382,7 +382,7 @@ DOMStorageManager::GetStorageInternal(bool aCreate,
 
     // There is always a single instance of a cache per scope
     // in a single instance of a DOM storage manager.
-    cache = PutCache(scope, aFirstPartyURI, aPrincipal);
+    cache = PutCache(scope, aFirstPartyIsolationURI, aPrincipal);
   } else if (mType == SessionStorage) {
     if (!cache->CheckPrincipal(aPrincipal)) {
       return NS_ERROR_DOM_SECURITY_ERR;
@@ -405,10 +405,10 @@ DOMStorageManager::PrecacheStorage(nsIPrincipal* aPrincipal)
 }
 
 NS_IMETHODIMP
-DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::PrecacheStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
                                                 nsIPrincipal* aPrincipal)
 {
-  return GetStorageInternal(true, aFirstPartyURI, aPrincipal, EmptyString(),
+  return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, EmptyString(),
                             false, nullptr);
 }
 
@@ -423,13 +423,13 @@ DOMStorageManager::CreateStorage(nsIPrincipal* aPrincipal,
 }
 
 NS_IMETHODIMP
-DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::CreateStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
                                               nsIPrincipal* aPrincipal,
                                               const nsAString& aDocumentURI,
                                               bool aPrivate,
                                               nsIDOMStorage** aRetval)
 {
-  return GetStorageInternal(true, aFirstPartyURI, aPrincipal, aDocumentURI,
+  return GetStorageInternal(true, aFirstPartyIsolationURI, aPrincipal, aDocumentURI,
                             aPrivate, aRetval);
 }
 
@@ -443,12 +443,12 @@ DOMStorageManager::GetStorage(nsIPrincipal* aPrincipal,
 }
 
 NS_IMETHODIMP
-DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::GetStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
                                            nsIPrincipal* aPrincipal,
                                            bool aPrivate,
                                            nsIDOMStorage** aRetval)
 {
-  return GetStorageInternal(false, aFirstPartyURI, aPrincipal,
+  return GetStorageInternal(false, aFirstPartyIsolationURI, aPrincipal,
                             EmptyString(), aPrivate, aRetval);
 }
 
@@ -476,7 +476,7 @@ DOMStorageManager::CloneStorage(nsIDOMStorage* aStorage)
   // Since this manager is sessionStorage manager, PutCache hard references
   // the cache in our hashtable.
   nsRefPtr<DOMStorageCache> newCache = PutCache(origCache->Scope(),
-                                                origCache->FirstPartyURI(),
+                                                origCache->FirstPartyIsolationURI(),
                                                 origCache->Principal());
 
   newCache->CloneFrom(origCache);
@@ -492,7 +492,7 @@ DOMStorageManager::CheckStorage(nsIPrincipal* aPrincipal,
 }
 
 NS_IMETHODIMP
-DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI,
+DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyIsolationURI,
                                              nsIPrincipal* aPrincipal,
                                              nsIDOMStorage* aStorage,
                                              bool* aRetval)
@@ -509,7 +509,7 @@ DOMStorageManager::CheckStorageForFirstParty(nsIURI* aFirstPartyURI,
   }
 
   nsAutoCString scope;
-  nsresult rv = CreateScopeKey(aFirstPartyURI, aPrincipal, scope);
+  nsresult rv = CreateScopeKey(aFirstPartyIsolationURI, aPrincipal, scope);
   NS_ENSURE_SUCCESS(rv, rv);
 
   DOMStorageCache* cache = GetCache(scope);
diff --git a/dom/src/storage/DOMStorageManager.h b/dom/src/storage/DOMStorageManager.h
index 5e044b5..6ed9a70 100644
--- a/dom/src/storage/DOMStorageManager.h
+++ b/dom/src/storage/DOMStorageManager.h
@@ -74,12 +74,12 @@ private:
   // Ensures cache for a scope, when it doesn't exist it is created and initalized,
   // this also starts preload of persistent data.
   already_AddRefed<DOMStorageCache> PutCache(const nsACString& aScope,
-                                             nsIURI* aFirstPartyURI,
+                                             nsIURI* aFirstPartyIsolationURI,
                                              nsIPrincipal* aPrincipal);
 
   // Helper for creation of DOM storage objects
   nsresult GetStorageInternal(bool aCreate,
-                              nsIURI* aFirstPartyURI,
+                              nsIURI* aFirstPartyIsolationURI,
                               nsIPrincipal* aPrincipal,
                               const nsAString& aDocumentURI,
                               bool aPrivate,
diff --git a/embedding/browser/webBrowser/nsContextMenuInfo.cpp b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
index 8cca3e3..092e619 100644
--- a/embedding/browser/webBrowser/nsContextMenuInfo.cpp
+++ b/embedding/browser/webBrowser/nsContextMenuInfo.cpp
@@ -306,13 +306,13 @@ nsContextMenuInfo::GetBackgroundImageRequestInternal(nsIDOMNode *aDOMNode, imgRe
 
           nsRefPtr<imgLoader> il = imgLoader::GetInstance();
           NS_ENSURE_TRUE(il, NS_ERROR_FAILURE);
-          nsCOMPtr<nsIURI> firstPartyURI;
+          nsCOMPtr<nsIURI> firstPartyIsolationURI;
           nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
               = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-          thirdPartySvc->GetFirstPartyURI(nullptr, doc,
-                                          getter_AddRefs(firstPartyURI));
+          thirdPartySvc->GetFirstPartyIsolationURI(nullptr, doc,
+                                                   getter_AddRefs(firstPartyIsolationURI));
 
-          return il->LoadImage(bgUri, firstPartyURI, nullptr, principal, nullptr,
+          return il->LoadImage(bgUri, firstPartyIsolationURI, nullptr, principal, nullptr,
                                nullptr, nullptr, nsIRequest::LOAD_NORMAL,
                                nullptr, channelPolicy, aRequest);
         }
diff --git a/image/public/imgILoader.idl b/image/public/imgILoader.idl
index c16a30a..e6e7727 100644
--- a/image/public/imgILoader.idl
+++ b/image/public/imgILoader.idl
@@ -38,7 +38,7 @@ interface imgILoader : nsISupports
   /**
    * Start the load and decode of an image.
    * @param aURI the URI to load
-   * @param aFirstPartyURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking
+   * @param aFirstPartyIsolationURI the urlbar URI that 'initiated' the load -- used for 3rd party blocking
    * @param aReferrerURI the 'referring' URI
    * @param aLoadingPrincipal the principal of the loading document
    * @param aLoadGroup Loadgroup to put the image load into
@@ -55,7 +55,7 @@ interface imgILoader : nsISupports
    * goes away.
    */
   imgIRequest loadImageXPCOM(in nsIURI aURI,
-                             in nsIURI aFirstPartyURI,
+                             in nsIURI aFirstPartyIsolationURI,
                              in nsIURI aReferrerURI,
                              in nsIPrincipal aLoadingPrincipal,
                              in nsILoadGroup aLoadGroup,
diff --git a/image/src/imgLoader.cpp b/image/src/imgLoader.cpp
index 7e20aba..60a6b6d 100644
--- a/image/src/imgLoader.cpp
+++ b/image/src/imgLoader.cpp
@@ -427,7 +427,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
                                 // aLoadingPrincipal and false otherwise.
                                 bool *aForcePrincipalCheckForCacheEntry,
                                 nsIURI *aURI,
-                                nsIURI *aFirstPartyURI,
+                                nsIURI *aFirstPartyIsolationURI,
                                 nsIURI *aReferringURI,
                                 nsILoadGroup *aLoadGroup,
                                 const nsCString& aAcceptHeader,
@@ -479,7 +479,7 @@ static nsresult NewImageChannel(nsIChannel **aResult,
 
     nsCOMPtr<nsIHttpChannelInternal> httpChannelInternal = do_QueryInterface(newHttpChannel);
     NS_ENSURE_TRUE(httpChannelInternal, NS_ERROR_UNEXPECTED);
-    httpChannelInternal->SetDocumentURI(aFirstPartyURI);
+    httpChannelInternal->SetDocumentURI(aFirstPartyIsolationURI);
     newHttpChannel->SetReferrer(aReferringURI);
   }
 
@@ -1107,7 +1107,7 @@ bool imgLoader::SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry)
   return true;
 }
 
-bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI)
+bool imgLoader::SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI)
 {
   VerifyCacheSizes();
 
@@ -1118,7 +1118,7 @@ bool imgLoader::SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI)
 
   LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::SetHasProxies", "uri", spec.get());
 
-  nsAutoCString key = GetCacheKey(firstPartyURI, imgURI, nullptr);
+  nsAutoCString key = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr);
   nsRefPtr<imgCacheEntry> entry;
   if (cache.Get(key, getter_AddRefs(entry)) && entry && entry->HasNoProxies()) {
     imgCacheQueue &queue = GetCacheQueue(imgURI);
@@ -1173,7 +1173,7 @@ void imgLoader::CheckCacheLimits(imgCacheTable &cache, imgCacheQueue &queue)
 
 bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
                                                 nsIURI *aURI,
-                                                nsIURI *aFirstPartyURI,
+                                                nsIURI *aFirstPartyIsolationURI,
                                                 nsIURI *aReferrerURI,
                                                 nsILoadGroup *aLoadGroup,
                                                 imgINotificationObserver *aObserver,
@@ -1223,7 +1223,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
     rv = NewImageChannel(getter_AddRefs(newChannel),
                          &forcePrincipalCheck,
                          aURI,
-                         aFirstPartyURI,
+                         aFirstPartyIsolationURI,
                          aReferrerURI,
                          aLoadGroup,
                          mAcceptHeader,
@@ -1293,7 +1293,7 @@ bool imgLoader::ValidateRequestWithNewChannel(imgRequest *request,
 
 bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
                                 nsIURI *aURI,
-                                nsIURI *aFirstPartyURI,
+                                nsIURI *aFirstPartyIsolationURI,
                                 nsIURI *aReferrerURI,
                                 nsILoadGroup *aLoadGroup,
                                 imgINotificationObserver *aObserver,
@@ -1404,7 +1404,7 @@ bool imgLoader::ValidateEntry(imgCacheEntry *aEntry,
   if (validateRequest && aCanMakeNewChannel) {
     LOG_SCOPE(GetImgLog(), "imgLoader::ValidateRequest |cache hit| must validate");
 
-    return ValidateRequestWithNewChannel(request, aURI, aFirstPartyURI,
+    return ValidateRequestWithNewChannel(request, aURI, aFirstPartyIsolationURI,
                                          aReferrerURI, aLoadGroup, aObserver,
                                          aCX, aLoadFlags, aProxyRequest, aPolicy,
                                          aLoadingPrincipal, aCORSMode);
@@ -1475,12 +1475,12 @@ bool imgLoader::RemoveFromCache(imgCacheEntry *entry)
   nsRefPtr<imgRequest> request(getter_AddRefs(entry->GetRequest()));
   if (request) {
     nsCOMPtr<nsIURI> imgURI = request->mURI;
-    nsCOMPtr<nsIURI> firstPartyURI = request->mFirstPartyURI;
+    nsCOMPtr<nsIURI> firstPartyIsolationURI = request->mFirstPartyIsolationURI;
 
     if (imgURI) {
       imgCacheTable &cache = GetCache(imgURI);
       imgCacheQueue &queue = GetCacheQueue(imgURI);
-      nsAutoCString spec = GetCacheKey(firstPartyURI, imgURI, nullptr);
+      nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, imgURI, nullptr);
 
       LOG_STATIC_FUNC_WITH_PARAM(GetImgLog(), "imgLoader::RemoveFromCache", "entry's uri", spec.get());
 
@@ -1576,7 +1576,7 @@ NS_IMETHODIMP imgLoader::LoadImageXPCOM(nsIURI *aURI,
 /* imgIRequest loadImage (in nsIURI aURI, in nsIURI aUrlBarURI, in nsIPrincipal loadingPrincipal, in nsILoadGroup aLoadGroup, in imgIDecoderObserver aObserver, in nsISupports aCX, in nsLoadFlags aLoadFlags, in nsISupports cacheKey, in imgIRequest aRequest); */
 
 nsresult imgLoader::LoadImage(nsIURI *aURI,
-			      nsIURI *aFirstPartyURI,
+			      nsIURI *aFirstPartyIsolationURI,
 			      nsIURI *aReferrerURI,
 			      nsIPrincipal* aLoadingPrincipal,
 			      nsILoadGroup *aLoadGroup,
@@ -1595,7 +1595,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
     return NS_ERROR_NULL_POINTER;
 
   bool isIsolated = false;
-  nsAutoCString spec = GetCacheKey(aFirstPartyURI, aURI, &isIsolated);
+  nsAutoCString spec = GetCacheKey(aFirstPartyIsolationURI, aURI, &isIsolated);
 
   LOG_SCOPE_WITH_PARAM(GetImgLog(), "imgLoader::LoadImage", "aURI", spec.get());
 
@@ -1662,7 +1662,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
   imgCacheTable &cache = GetCache(aURI);
 
   if (cache.Get(spec, getter_AddRefs(entry)) && entry) {
-    if (ValidateEntry(entry, aURI, aFirstPartyURI, aReferrerURI,
+    if (ValidateEntry(entry, aURI, aFirstPartyIsolationURI, aReferrerURI,
                       aLoadGroup, aObserver, aCX, requestFlags, true,
                       _retval, aPolicy, aLoadingPrincipal, corsmode)) {
       request = getter_AddRefs(entry->GetRequest());
@@ -1701,7 +1701,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
     rv = NewImageChannel(getter_AddRefs(newChannel),
                          &forcePrincipalCheck,
                          aURI,
-                         aFirstPartyURI,
+                         aFirstPartyIsolationURI,
                          aReferrerURI,
                          aLoadGroup,
                          mAcceptHeader,
@@ -1729,7 +1729,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
       childLoadGroup->SetParentLoadGroup(aLoadGroup);
     newChannel->SetLoadGroup(loadGroup);
 
-    request->Init(aURI, aURI, aFirstPartyURI, loadGroup, newChannel, entry,
+    request->Init(aURI, aURI, aFirstPartyIsolationURI, loadGroup, newChannel, entry,
                   aCX, aLoadingPrincipal, corsmode);
 
     // Pass the inner window ID of the loading document, if possible.
@@ -1838,7 +1838,7 @@ nsresult imgLoader::LoadImage(nsIURI *aURI,
   return NS_OK;
 }
 
-nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI,
+nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyIsolationURI, nsIURI *imgURI,
                                      bool *isIsolated)
 {
   NS_ASSERTION(imgURI, "imgLoader::GetCacheKey -- NULL imgURI");
@@ -1850,37 +1850,21 @@ nsAutoCString imgLoader::GetCacheKey(nsIURI *firstPartyURI, nsIURI *imgURI,
     imgURI->GetSpec(spec);
 
   nsAutoCString hostKey;
-  if (firstPartyURI && sThirdPartyUtilSvc)
-    sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyURI, hostKey);
+  if (firstPartyIsolationURI && sThirdPartyUtilSvc)
+    sThirdPartyUtilSvc->GetFirstPartyHostForIsolation(firstPartyIsolationURI, hostKey);
 
   if (hostKey.Length() > 0) {
     if (isIsolated)
       *isIsolated = true;
+    // Make a new key using host
+    // FIXME: This might involve a couple more copies than necessary.. 
+    // But man, 18 string types? Who knows which one I need to use to do
+    // this cheaply..
+    return hostKey + nsAutoCString("&") + spec;    
   } else {
-    hostKey = "--NoFirstParty--";
-    nsCOMPtr<nsIConsoleService> consoleSvc =
-                                do_GetService(NS_CONSOLESERVICE_CONTRACTID);
-    if (consoleSvc) {
-      nsAutoString msg(NS_LITERAL_STRING(
-                       "imgLoader::GetCacheKey: NULL firstPartyURI for ")
-                       .get());
-      if (!spec.IsEmpty())
-        msg.AppendASCII(spec.get());
-      else
-        msg.Append(NS_LITERAL_STRING("Unknown URI!").get());
-      consoleSvc->LogStringMessage(msg.get());
-    }
-
-#ifdef DEBUG
-    printf("imgLoader::GetCacheKey: NULL firstPartyURI for %s\n", spec.get());
-#endif
+    // No hostKey found, so don't isolate image to a first party.
+    return spec;
   }
-
-  // Make a new key using host
-  // FIXME: This might involve a couple more copies than necessary.. 
-  // But man, 18 string types? Who knows which one I need to use to do
-  // this cheaply..
-  return hostKey + nsAutoCString("&") + spec;
 }
 
 /* imgIRequest loadImageWithChannelXPCOM(in nsIChannel channel, in imgINotificationObserver aObserver, in nsISupports cx, out nsIStreamListener); */
@@ -1911,16 +1895,16 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
   nsCOMPtr<nsIURI> uri;
   channel->GetURI(getter_AddRefs(uri));
 
-  nsCOMPtr<nsIURI> firstPartyURI;
-  sThirdPartyUtilSvc->GetFirstPartyURI(channel, nullptr,
-                                       getter_AddRefs(firstPartyURI));
+  nsCOMPtr<nsIURI> firstPartyIsolationURI;
+  sThirdPartyUtilSvc->GetFirstPartyIsolationURI(channel, nullptr,
+                                                getter_AddRefs(firstPartyIsolationURI));
 
   nsLoadFlags requestFlags = nsIRequest::LOAD_NORMAL;
   channel->GetLoadFlags(&requestFlags);
 
   nsRefPtr<imgCacheEntry> entry;
   imgCacheTable &cache = GetCache(uri);
-  nsAutoCString spec = GetCacheKey(firstPartyURI, uri, nullptr);
+  nsAutoCString spec = GetCacheKey(firstPartyIsolationURI, uri, nullptr);
 
   if (requestFlags & nsIRequest::LOAD_BYPASS_CACHE) {
     imgCacheQueue &queue = GetCacheQueue(uri);
@@ -2001,7 +1985,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
     channel->GetOriginalURI(getter_AddRefs(originalURI));
 
     // No principal specified here, because we're not passed one.
-    request->Init(originalURI, uri, firstPartyURI, channel, channel, entry,
+    request->Init(originalURI, uri, firstPartyIsolationURI, channel, channel, entry,
                   aCX, nullptr, imgIRequest::CORS_NONE);
 
     ProxyListener *pl = new ProxyListener(static_cast<nsIStreamListener *>(request.get()));
@@ -2013,7 +1997,7 @@ nsresult imgLoader::LoadImageWithChannel(nsIChannel *channel, imgINotificationOb
     NS_RELEASE(pl);
 
     bool isIsolated = false;
-    nsAutoCString key = GetCacheKey(firstPartyURI, originalURI, &isIsolated);
+    nsAutoCString key = GetCacheKey(firstPartyIsolationURI, originalURI, &isIsolated);
     if (isIsolated) // Try to add the new request into the cache.
       PutIntoCache(key, entry);
 
@@ -2301,7 +2285,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
 
   int32_t corsmode = mRequest->GetCORSMode();
   nsCOMPtr<nsIPrincipal> loadingPrincipal = mRequest->GetLoadingPrincipal();
-  nsCOMPtr<nsIURI> firstPartyURI = mRequest->mFirstPartyURI;
+  nsCOMPtr<nsIURI> firstPartyIsolationURI = mRequest->mFirstPartyIsolationURI;
 
   // Doom the old request's cache entry
   mRequest->RemoveFromCache();
@@ -2312,7 +2296,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
   // We use originalURI here to fulfil the imgIRequest contract on GetURI.
   nsCOMPtr<nsIURI> originalURI;
   channel->GetOriginalURI(getter_AddRefs(originalURI));
-  mNewRequest->Init(originalURI, uri, firstPartyURI, aRequest, channel,
+  mNewRequest->Init(originalURI, uri, firstPartyIsolationURI, aRequest, channel,
                     mNewEntry, mContext, loadingPrincipal, corsmode);
 
   mDestListener = new ProxyListener(mNewRequest);
@@ -2321,7 +2305,7 @@ NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest, nsISupport
   // the cache before the proxies' ownership changes, because adding a proxy
   // changes the caching behaviour for imgRequests.
   bool isIsolated = false;
-  nsAutoCString key = mImgLoader->GetCacheKey(firstPartyURI, originalURI,
+  nsAutoCString key = mImgLoader->GetCacheKey(firstPartyIsolationURI, originalURI,
                                              &isIsolated);
   if (isIsolated)
     mImgLoader->PutIntoCache(key, mNewEntry);
diff --git a/image/src/imgLoader.h b/image/src/imgLoader.h
index 0ab4a5e..3a31ecd 100644
--- a/image/src/imgLoader.h
+++ b/image/src/imgLoader.h
@@ -267,7 +267,7 @@ public:
 
   nsresult InitCache();
 
-  nsAutoCString GetCacheKey(nsIURI *firstPartyURI,
+  nsAutoCString GetCacheKey(nsIURI *firstPartyIsolationURI,
                             nsIURI *imgURI,
                             bool *isIsolated);
   bool RemoveFromCache(imgCacheEntry *entry);
@@ -312,12 +312,12 @@ public:
   // happens, by calling imgRequest::SetCacheEntry() when an entry with no
   // observers is re-requested.
   bool SetHasNoProxies(nsIURI *imgURI, imgCacheEntry *entry);
-  bool SetHasProxies(nsIURI *firstPartyURI, nsIURI *imgURI);
+  bool SetHasProxies(nsIURI *firstPartyIsolationURI, nsIURI *imgURI);
 
 private: // methods
 
   bool ValidateEntry(imgCacheEntry *aEntry, nsIURI *aURI,
-                       nsIURI *aFirstPartyURI, nsIURI *aReferrerURI,
+                       nsIURI *aFirstPartyIsolationURI, nsIURI *aReferrerURI,
                        nsILoadGroup *aLoadGroup,
                        imgINotificationObserver *aObserver, nsISupports *aCX,
                        nsLoadFlags aLoadFlags, bool aCanMakeNewChannel,
diff --git a/image/src/imgRequest.cpp b/image/src/imgRequest.cpp
index 9040679..5758d62 100644
--- a/image/src/imgRequest.cpp
+++ b/image/src/imgRequest.cpp
@@ -89,7 +89,7 @@ imgRequest::~imgRequest()
 
 nsresult imgRequest::Init(nsIURI *aURI,
                           nsIURI *aCurrentURI,
-                          nsIURI *aFirstPartyURI,
+                          nsIURI *aFirstPartyIsolationURI,
                           nsIRequest *aRequest,
                           nsIChannel *aChannel,
                           imgCacheEntry *aCacheEntry,
@@ -109,7 +109,7 @@ nsresult imgRequest::Init(nsIURI *aURI,
 
   mURI = aURI;
   mCurrentURI = aCurrentURI;
-  mFirstPartyURI = aFirstPartyURI;
+  mFirstPartyIsolationURI = aFirstPartyIsolationURI;
   mRequest = aRequest;
   mChannel = aChannel;
   mTimedChannel = do_QueryInterface(mChannel);
@@ -171,7 +171,7 @@ void imgRequest::AddProxy(imgRequestProxy *proxy)
   // proxies.
   if (GetStatusTracker().ConsumerCount() == 0) {
     NS_ABORT_IF_FALSE(mURI, "Trying to SetHasProxies without key uri.");
-    mLoader->SetHasProxies(mFirstPartyURI, mURI);
+    mLoader->SetHasProxies(mFirstPartyIsolationURI, mURI);
   }
 
   GetStatusTracker().AddConsumer(proxy);
@@ -301,7 +301,7 @@ void imgRequest::RemoveFromCache()
     else {
       mLoader->RemoveKeyFromCache(mLoader->GetCache(mURI),
                                   mLoader->GetCacheQueue(mURI),
-                                  mLoader->GetCacheKey(mFirstPartyURI, mURI, nullptr));
+                                  mLoader->GetCacheKey(mFirstPartyIsolationURI, mURI, nullptr));
     }
   }
 
diff --git a/image/src/imgRequest.h b/image/src/imgRequest.h
index 240a33b..f80af17 100644
--- a/image/src/imgRequest.h
+++ b/image/src/imgRequest.h
@@ -51,7 +51,7 @@ public:
 
   nsresult Init(nsIURI *aURI,
                 nsIURI *aCurrentURI,
-                nsIURI *aFirstPartyURI,
+                nsIURI *aFirstPartyIsolationURI,
                 nsIRequest *aRequest,
                 nsIChannel *aChannel,
                 imgCacheEntry *aCacheEntry,
@@ -195,7 +195,7 @@ private:
   // The URI of the resource we ended up loading after all redirects, etc.
   nsCOMPtr<nsIURI> mCurrentURI;
   // The first party that triggered the load -- for cookie + cache isolation
-  nsCOMPtr<nsIURI> mFirstPartyURI;
+  nsCOMPtr<nsIURI> mFirstPartyIsolationURI;
   // The principal of the document which loaded this image. Used when validating for CORS.
   nsCOMPtr<nsIPrincipal> mLoadingPrincipal;
   // The principal of this image.
diff --git a/layout/generic/nsImageFrame.cpp b/layout/generic/nsImageFrame.cpp
index 8f4bf25..6daa959 100644
--- a/layout/generic/nsImageFrame.cpp
+++ b/layout/generic/nsImageFrame.cpp
@@ -1810,26 +1810,26 @@ nsImageFrame::LoadIcon(const nsAString& aSpec,
   // For icon loads, we don't need to merge with the loadgroup flags
   nsLoadFlags loadFlags = nsIRequest::LOAD_NORMAL;
 
-  nsCOMPtr<nsIURI> firstPartyURI;
+  nsCOMPtr<nsIURI> firstPartyIsolationURI;
   nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
       = do_GetService(THIRDPARTYUTIL_CONTRACTID);
   // XXX: Should we pass the loadgroup, too? Is document ever likely
   // to be unset?
-  thirdPartySvc->GetFirstPartyURI(nullptr, aPresContext->Document(),
-                                 getter_AddRefs(firstPartyURI));
+  thirdPartySvc->GetFirstPartyIsolationURI(nullptr, aPresContext->Document(),
+                                           getter_AddRefs(firstPartyIsolationURI));
  
-  return il->LoadImage(realURI,     /* icon URI */
-                       firstPartyURI, /* initial document URI; this is only
-                                       relevant for cookies, so does not
-                                       apply to icons. */
-                       nullptr,      /* referrer (not relevant for icons) */
-                       nullptr,      /* principal (not relevant for icons) */
+  return il->LoadImage(realURI,                /* icon URI */
+                       firstPartyIsolationURI, /* initial document URI; this is only
+                                                  relevant for cookies, so does not
+                                                  apply to icons. */
+                       nullptr,                /* referrer (not relevant for icons) */
+                       nullptr,                /* principal (not relevant for icons) */
                        loadGroup,
                        gIconLoad,
-                       nullptr,      /* Not associated with any particular document */
+                       nullptr,                /* Not associated with any particular document */
                        loadFlags,
                        nullptr,
-                       nullptr,      /* channel policy not needed */
+                       nullptr,                /* channel policy not needed */
                        aRequest);
 }
 
diff --git a/netwerk/base/public/mozIThirdPartyUtil.idl b/netwerk/base/public/mozIThirdPartyUtil.idl
index 6137274..87fb630 100644
--- a/netwerk/base/public/mozIThirdPartyUtil.idl
+++ b/netwerk/base/public/mozIThirdPartyUtil.idl
@@ -165,6 +165,29 @@ interface mozIThirdPartyUtil : nsISupports
                                      in nsIDocument aDoc);
 
   /**
+   * getFirstPartyIsolationURI
+   *
+   * If first-party isolation is active, then
+   * obtains the top-level url bar URI for either a channel or a document.
+   * Otherwise returns null.
+   * Either parameter may be null (but not both).
+   *
+   * @param aChannel
+   *        An arbitrary channel for some content element of a first party
+   *        load. Can be null.
+   *
+   * @param aDoc
+   *        An arbitrary third party document. Can be null.
+   *
+   * @return the first party url bar URI for the load.
+   *
+   * @throws if the URI cannot be obtained or the URI lacks a hostname and the
+   *         URI's scheme is not white listed.
+   */
+  [noscript] nsIURI getFirstPartyIsolationURI(in nsIChannel aChannel,
+                                     in nsIDocument aDoc);
+
+  /**
    * getFirstPartyURIFromChannel
    *
    * Obtain the top-level url bar URI for a channel.
diff --git a/widget/cocoa/nsMenuItemIconX.mm b/widget/cocoa/nsMenuItemIconX.mm
index bd1f2f3..397239e 100644
--- a/widget/cocoa/nsMenuItemIconX.mm
+++ b/widget/cocoa/nsMenuItemIconX.mm
@@ -314,15 +314,15 @@ nsMenuItemIconX::LoadIcon(nsIURI* aIconURI)
       [mNativeMenuItem setImage:sPlaceholderIconImage];
   }
 
-  nsCOMPtr<nsIURI> firstPartyURI;
+  nsCOMPtr<nsIURI> firstPartyIsolationURI;
   nsCOMPtr<mozIThirdPartyUtil> thirdPartySvc
                                = do_GetService(THIRDPARTYUTIL_CONTRACTID);
-  thirdPartySvc->GetFirstPartyURI(nullptr, document,
-                                  getter_AddRefs(firstPartyURI));
+  thirdPartySvc->GetFirstPartyIsolationURI(nullptr, document,
+                                           getter_AddRefs(firstPartyIsolationURI));
 
   // Passing in null for channelPolicy here since nsMenuItemIconX::LoadIcon is
   // not exposed to web content
-  nsresult rv = loader->LoadImage(aIconURI, firstPartyURI, nullptr, nullptr, loadGroup, this,
+  nsresult rv = loader->LoadImage(aIconURI, firstPartyIsolationURI, nullptr, nullptr, loadGroup, this,
                                    nullptr, nsIRequest::LOAD_NORMAL, nullptr,
                                    nullptr, getter_AddRefs(mIconRequest));
   if (NS_FAILED(rv)) return rv;

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits