Bug 1843155 - Added secondary partition key to blob urls. r=timhuang

Differential Revision: https://phabricator.services.mozilla.com/D184158
2023-08-24 18:45:26 +00:00 · 2023-08-24 18:45:26 +00:00 · 4eb05bf7b0
--- a/dom/file/uri/BlobURLInputStream.cpp
+++ b/dom/file/uri/BlobURLInputStream.cpp
@ -389,6 +389,12 @@ void BlobURLInputStream::RetrieveBlobData(const MutexAutoLock& aProofOfLock) {
    agentClusterId = clientInfo->AgentClusterId();
  }

+  nsCOMPtr<nsICookieJarSettings> cookieJarSettings;
+  loadInfo->GetCookieJarSettings(getter_AddRefs(cookieJarSettings));
+
+  nsAutoString partKey;
+  cookieJarSettings->GetPartitionKey(partKey);
+
  if (XRE_IsParentProcess() || !BlobURLSchemeIsHTTPOrHTTPS(mBlobURLSpec)) {
    RefPtr<BlobImpl> blobImpl;

@ -398,7 +404,7 @@ void BlobURLInputStream::RetrieveBlobData(const MutexAutoLock& aProofOfLock) {
            mBlobURLSpec, getter_AddRefs(blobImpl), loadingPrincipal,
            triggeringPrincipal, loadInfo->GetOriginAttributes(),
            loadInfo->GetInnerWindowID(), agentClusterId,
-            true /* AlsoIfRevoked */)) {
+            NS_ConvertUTF16toUTF8(partKey), true /* AlsoIfRevoked */)) {
      NS_WARNING("Failed to get data entry principal. URL revoked?");
      return;
    }
@ -428,10 +434,10 @@ void BlobURLInputStream::RetrieveBlobData(const MutexAutoLock& aProofOfLock) {
  cleanupOnEarlyExit.release();

  contentChild
-      ->SendBlobURLDataRequest(mBlobURLSpec, triggeringPrincipal,
-                               loadingPrincipal,
-                               loadInfo->GetOriginAttributes(),
-                               loadInfo->GetInnerWindowID(), agentClusterId)
+      ->SendBlobURLDataRequest(
+          mBlobURLSpec, triggeringPrincipal, loadingPrincipal,
+          loadInfo->GetOriginAttributes(), loadInfo->GetInnerWindowID(),
+          agentClusterId, NS_ConvertUTF16toUTF8(partKey))
      ->Then(
          GetCurrentSerialEventTarget(), __func__,
          [self](const BlobURLDataRequestResult& aResult) {
--- a/dom/file/uri/BlobURLProtocolHandler.cpp
+++ b/dom/file/uri/BlobURLProtocolHandler.cpp
@ -51,21 +51,23 @@ struct DataInfo {
  enum ObjectType { eBlobImpl, eMediaSource };

  DataInfo(mozilla::dom::BlobImpl* aBlobImpl, nsIPrincipal* aPrincipal,
-           const Maybe<nsID>& aAgentClusterId)
+           const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey)
      : mObjectType(eBlobImpl),
        mBlobImpl(aBlobImpl),
        mPrincipal(aPrincipal),
        mAgentClusterId(aAgentClusterId),
+        mPartitionKey(aPartitionKey),
        mRevoked(false) {
    MOZ_ASSERT(aPrincipal);
  }

  DataInfo(MediaSource* aMediaSource, nsIPrincipal* aPrincipal,
-           const Maybe<nsID>& aAgentClusterId)
+           const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey)
      : mObjectType(eMediaSource),
        mMediaSource(aMediaSource),
        mPrincipal(aPrincipal),
        mAgentClusterId(aAgentClusterId),
+        mPartitionKey(aPartitionKey),
        mRevoked(false) {
    MOZ_ASSERT(aPrincipal);
  }
@ -78,6 +80,8 @@ struct DataInfo {
  nsCOMPtr<nsIPrincipal> mPrincipal;
  Maybe<nsID> mAgentClusterId;

+  nsCString mPartitionKey;
+
  nsCString mStack;

  // When a blobURL is revoked, we keep it alive for RELEASING_TIMER
@ -138,14 +142,15 @@ static mozilla::dom::DataInfo* GetDataInfoFromURI(nsIURI* aURI,
 void BroadcastBlobURLRegistration(const nsACString& aURI,
                                  mozilla::dom::BlobImpl* aBlobImpl,
                                  nsIPrincipal* aPrincipal,
-                                  const Maybe<nsID>& aAgentClusterId) {
+                                  const Maybe<nsID>& aAgentClusterId,
+                                  const nsCString& aPartitionKey) {
  MOZ_ASSERT(NS_IsMainThread());
  MOZ_ASSERT(aBlobImpl);
  MOZ_ASSERT(aPrincipal);

  if (XRE_IsParentProcess()) {
    dom::ContentParent::BroadcastBlobURLRegistration(
-        aURI, aBlobImpl, aPrincipal, aAgentClusterId);
+        aURI, aBlobImpl, aPrincipal, aAgentClusterId, aPartitionKey);
    return;
  }

@ -157,7 +162,7 @@ void BroadcastBlobURLRegistration(const nsACString& aURI,

  dom::ContentChild* cc = dom::ContentChild::GetSingleton();
  (void)NS_WARN_IF(!cc->SendStoreAndBroadcastBlobURLRegistration(
-      nsCString(aURI), ipcBlob, aPrincipal, aAgentClusterId));
+      nsCString(aURI), ipcBlob, aPrincipal, aAgentClusterId, aPartitionKey));
 }

 void BroadcastBlobURLUnregistration(const nsCString& aURI,
@ -523,7 +528,8 @@ NS_IMPL_ISUPPORTS_INHERITED(ReleasingTimerHolder, Runnable, nsITimerCallback,
 template <typename T>
 static void AddDataEntryInternal(const nsACString& aURI, T aObject,
                                 nsIPrincipal* aPrincipal,
-                                 const Maybe<nsID>& aAgentClusterId) {
+                                 const Maybe<nsID>& aAgentClusterId,
+                                 const nsCString& aPartitionKey) {
  MOZ_ASSERT(NS_IsMainThread(), "changing gDataTable is main-thread only");
  StaticMutexAutoLock lock(sMutex);
  if (!gDataTable) {
@ -531,8 +537,8 @@ static void AddDataEntryInternal(const nsACString& aURI, T aObject,
  }

  mozilla::UniquePtr<mozilla::dom::DataInfo> info =
-      mozilla::MakeUnique<mozilla::dom::DataInfo>(aObject, aPrincipal,
-                                                  aAgentClusterId);
+      mozilla::MakeUnique<mozilla::dom::DataInfo>(
+          aObject, aPrincipal, aAgentClusterId, aPartitionKey);
  BlobURLsReporter::GetJSStackForBlob(info.get());

  gDataTable->InsertOrUpdate(aURI, std::move(info));
@ -554,7 +560,8 @@ BlobURLProtocolHandler::~BlobURLProtocolHandler() = default;
 /* static */
 nsresult BlobURLProtocolHandler::AddDataEntry(
    mozilla::dom::BlobImpl* aBlobImpl, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId, nsACString& aUri) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+    nsACString& aUri) {
  MOZ_ASSERT(aBlobImpl);
  MOZ_ASSERT(aPrincipal);

@ -563,16 +570,19 @@ nsresult BlobURLProtocolHandler::AddDataEntry(
  nsresult rv = GenerateURIString(aPrincipal, aUri);
  NS_ENSURE_SUCCESS(rv, rv);

-  AddDataEntryInternal(aUri, aBlobImpl, aPrincipal, aAgentClusterId);
+  AddDataEntryInternal(aUri, aBlobImpl, aPrincipal, aAgentClusterId,
+                       aPartitionKey);

-  BroadcastBlobURLRegistration(aUri, aBlobImpl, aPrincipal, aAgentClusterId);
+  BroadcastBlobURLRegistration(aUri, aBlobImpl, aPrincipal, aAgentClusterId,
+                               aPartitionKey);
  return NS_OK;
 }

 /* static */
 nsresult BlobURLProtocolHandler::AddDataEntry(
    MediaSource* aMediaSource, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId, nsACString& aUri) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+    nsACString& aUri) {
  MOZ_ASSERT(aMediaSource);
  MOZ_ASSERT(aPrincipal);

@ -581,7 +591,8 @@ nsresult BlobURLProtocolHandler::AddDataEntry(
  nsresult rv = GenerateURIString(aPrincipal, aUri);
  NS_ENSURE_SUCCESS(rv, rv);

-  AddDataEntryInternal(aUri, aMediaSource, aPrincipal, aAgentClusterId);
+  AddDataEntryInternal(aUri, aMediaSource, aPrincipal, aAgentClusterId,
+                       aPartitionKey);
  return NS_OK;
 }

@ -589,17 +600,19 @@ nsresult BlobURLProtocolHandler::AddDataEntry(
 void BlobURLProtocolHandler::AddDataEntry(const nsACString& aURI,
                                          nsIPrincipal* aPrincipal,
                                          const Maybe<nsID>& aAgentClusterId,
+                                          const nsCString& aPartitionKey,
                                          mozilla::dom::BlobImpl* aBlobImpl) {
  MOZ_ASSERT(aPrincipal);
  MOZ_ASSERT(aBlobImpl);
-  AddDataEntryInternal(aURI, aBlobImpl, aPrincipal, aAgentClusterId);
+  AddDataEntryInternal(aURI, aBlobImpl, aPrincipal, aAgentClusterId,
+                       aPartitionKey);
 }

 /* static */
 bool BlobURLProtocolHandler::ForEachBlobURL(
    std::function<bool(mozilla::dom::BlobImpl*, nsIPrincipal*,
-                       const Maybe<nsID>&, const nsACString&, bool aRevoked)>&&
-        aCb) {
+                       const Maybe<nsID>&, const nsCString&, const nsACString&,
+                       bool aRevoked)>&& aCb) {
  MOZ_ASSERT(NS_IsMainThread());

  if (!gDataTable) {
@ -616,7 +629,7 @@ bool BlobURLProtocolHandler::ForEachBlobURL(

    MOZ_ASSERT(info->mBlobImpl);
    if (!aCb(info->mBlobImpl, info->mPrincipal, info->mAgentClusterId,
-             entry.GetKey(), info->mRevoked)) {
+             info->mPartitionKey, entry.GetKey(), info->mRevoked)) {
      return false;
    }
  }
@ -653,9 +666,10 @@ void BlobURLProtocolHandler::RemoveDataEntry(const nsACString& aUri,
 }

 /*static */
-bool BlobURLProtocolHandler::RemoveDataEntry(
-    const nsACString& aUri, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId) {
+bool BlobURLProtocolHandler::RemoveDataEntry(const nsACString& aUri,
+                                             nsIPrincipal* aPrincipal,
+                                             const Maybe<nsID>& aAgentClusterId,
+                                             const nsCString& aPartitionKey) {
  MOZ_ASSERT(NS_IsMainThread(), "changing gDataTable is main-thread only");
  if (!gDataTable) {
    return false;
@ -676,6 +690,12 @@ bool BlobURLProtocolHandler::RemoveDataEntry(
    return false;
  }

+  if (StaticPrefs::privacy_partition_bloburl_per_partition_key() &&
+      !aPartitionKey.IsEmpty() && !info->mPartitionKey.IsEmpty() &&
+      !aPartitionKey.Equals(info->mPartitionKey)) {
+    return false;
+  }
+
  RemoveDataEntry(aUri, true);
  return true;
 }
@ -736,7 +756,8 @@ bool BlobURLProtocolHandler::GetDataEntry(
    const nsACString& aUri, mozilla::dom::BlobImpl** aBlobImpl,
    nsIPrincipal* aLoadingPrincipal, nsIPrincipal* aTriggeringPrincipal,
    const OriginAttributes& aOriginAttributes, uint64_t aInnerWindowId,
-    const Maybe<nsID>& aAgentClusterId, bool aAlsoIfRevoked) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+    bool aAlsoIfRevoked) {
  MOZ_ASSERT(NS_IsMainThread(),
             "without locking gDataTable is main-thread only");
  MOZ_ASSERT(aTriggeringPrincipal);
@ -791,6 +812,24 @@ bool BlobURLProtocolHandler::GetDataEntry(
    return false;
  }

+  if (StaticPrefs::privacy_partition_bloburl_per_partition_key() &&
+      !aPartitionKey.IsEmpty() && !info->mPartitionKey.IsEmpty() &&
+      !aPartitionKey.Equals(info->mPartitionKey)) {
+    nsAutoString localizedMsg;
+    AutoTArray<nsString, 1> param;
+    CopyUTF8toUTF16(aUri, *param.AppendElement());
+    nsresult rv = nsContentUtils::FormatLocalizedString(
+        nsContentUtils::eDOM_PROPERTIES, "PartitionKeyDifferentError", param,
+        localizedMsg);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+
+    nsContentUtils::ReportToConsoleByWindowID(
+        localizedMsg, nsIScriptError::errorFlag, "DOM"_ns, aInnerWindowId);
+    return false;
+  }
+
  RefPtr<mozilla::dom::BlobImpl> blobImpl = info->mBlobImpl;
  blobImpl.forget(aBlobImpl);

--- a/dom/file/uri/BlobURLProtocolHandler.h
+++ b/dom/file/uri/BlobURLProtocolHandler.h
@ -47,14 +47,16 @@ class BlobURLProtocolHandler final : public nsIProtocolHandler,
  // AddDataEntry creates the URI with the given scheme and returns it in aUri
  static nsresult AddDataEntry(BlobImpl*, nsIPrincipal*,
                               const Maybe<nsID>& aAgentClusterId,
+                               const nsCString& aPartitionKey,
                               nsACString& aUri);
  static nsresult AddDataEntry(MediaSource*, nsIPrincipal*,
                               const Maybe<nsID>& aAgentClusterId,
+                               const nsCString& aPartitionKey,
                               nsACString& aUri);
  // IPC only
  static void AddDataEntry(const nsACString& aURI, nsIPrincipal* aPrincipal,
                           const Maybe<nsID>& aAgentClusterId,
-                           BlobImpl* aBlobImpl);
+                           const nsCString& aPartitionKey, BlobImpl* aBlobImpl);

  // These methods revoke a blobURL. Because some operations could still be in
  // progress, the revoking consists in marking the blobURL as revoked and in
@ -63,7 +65,8 @@ class BlobURLProtocolHandler final : public nsIProtocolHandler,
                              bool aBroadcastToOTherProcesses = true);
  // Returns true if the entry was allowed to be removed.
  static bool RemoveDataEntry(const nsACString& aUri, nsIPrincipal* aPrincipal,
-                              const Maybe<nsID>& aAgentClusterId);
+                              const Maybe<nsID>& aAgentClusterId,
+                              const nsCString& aPartitionKey);

  static void RemoveDataEntries();

@ -75,6 +78,7 @@ class BlobURLProtocolHandler final : public nsIProtocolHandler,
                           const OriginAttributes& aOriginAttributes,
                           uint64_t aInnerWindowId,
                           const Maybe<nsID>& aAgentClusterId,
+                           const nsCString& aPartitionKey,
                           bool aAlsoIfRevoked = false);

  static void Traverse(const nsACString& aUri,
@ -87,7 +91,8 @@ class BlobURLProtocolHandler final : public nsIProtocolHandler,
  // shutdown or if the helper method returns false, true otherwise.
  static bool ForEachBlobURL(
      std::function<bool(BlobImpl*, nsIPrincipal*, const Maybe<nsID>&,
-                         const nsACString&, bool aRevoked)>&& aCb);
+                         const nsCString&, const nsACString&, bool aRevoked)>&&
+          aCb);

  // This method returns false if aURI is not a known BlobURL. Otherwise it
  // returns true.
--- a/dom/ipc/ContentChild.cpp
+++ b/dom/ipc/ContentChild.cpp
@ -2720,7 +2720,7 @@ mozilla::ipc::IPCResult ContentChild::RecvInitBlobURLs(

    BlobURLProtocolHandler::AddDataEntry(
        registration.url(), registration.principal(),
-        registration.agentClusterId(), blobImpl);
+        registration.agentClusterId(), registration.partitionKey(), blobImpl);
    // If we have received an already-revoked blobURL, we have to keep it alive
    // for a while (see BlobURLProtocolHandler) in order to support pending
    // operations such as navigation, download and so on.
@ -3291,12 +3291,12 @@ ContentChild::RecvNotifyPushSubscriptionModifiedObservers(

 mozilla::ipc::IPCResult ContentChild::RecvBlobURLRegistration(
    const nsCString& aURI, const IPCBlob& aBlob, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey) {
  RefPtr<BlobImpl> blobImpl = IPCBlobUtils::Deserialize(aBlob);
  MOZ_ASSERT(blobImpl);

  BlobURLProtocolHandler::AddDataEntry(aURI, aPrincipal, aAgentClusterId,
-                                       blobImpl);
+                                       aPartitionKey, blobImpl);
  return IPC_OK();
 }

--- a/dom/ipc/ContentChild.h
+++ b/dom/ipc/ContentChild.h
@ -496,7 +496,7 @@ class ContentChild final : public PContentChild,

  mozilla::ipc::IPCResult RecvBlobURLRegistration(
      const nsCString& aURI, const IPCBlob& aBlob, nsIPrincipal* aPrincipal,
-      const Maybe<nsID>& aAgentClusterId);
+      const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey);

  mozilla::ipc::IPCResult RecvBlobURLUnregistration(const nsCString& aURI);

--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -3293,8 +3293,8 @@ bool ContentParent::InitInternal(ProcessPriority aInitialPriority) {
    nsTArray<BlobURLRegistrationData> registrations;
    BlobURLProtocolHandler::ForEachBlobURL(
        [&](BlobImpl* aBlobImpl, nsIPrincipal* aPrincipal,
-            const Maybe<nsID>& aAgentClusterId, const nsACString& aURI,
-            bool aRevoked) {
+            const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+            const nsACString& aURI, bool aRevoked) {
          // We send all moz-extension Blob URL's to all content processes
          // because content scripts mean that a moz-extension can live in any
          // process. Same thing for system principal Blob URLs. Content Blob
@ -3312,7 +3312,8 @@ bool ContentParent::InitInternal(ProcessPriority aInitialPriority) {
          }

          registrations.AppendElement(BlobURLRegistrationData(
-              nsCString(aURI), ipcBlob, aPrincipal, aAgentClusterId, aRevoked));
+              nsCString(aURI), ipcBlob, aPrincipal, aAgentClusterId,
+              nsCString(aPartitionKey), aRevoked));

          rv = TransmitPermissionsForPrincipal(aPrincipal);
          Unused << NS_WARN_IF(NS_FAILED(rv));
@ -6163,7 +6164,8 @@ ContentParent::RecvNotifyPushSubscriptionModifiedObservers(
 /* static */
 void ContentParent::BroadcastBlobURLRegistration(
    const nsACString& aURI, BlobImpl* aBlobImpl, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId, ContentParent* aIgnoreThisCP) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+    ContentParent* aIgnoreThisCP) {
  uint64_t originHash = ComputeLoadedOriginHash(aPrincipal);

  bool toBeSent =
@ -6189,7 +6191,7 @@ void ContentParent::BroadcastBlobURLRegistration(
      }

      Unused << cp->SendBlobURLRegistration(uri, ipcBlob, aPrincipal,
-                                            aAgentClusterId);
+                                            aAgentClusterId, aPartitionKey);
    }
  }
 }
@ -6215,7 +6217,7 @@ void ContentParent::BroadcastBlobURLUnregistration(

 mozilla::ipc::IPCResult ContentParent::RecvStoreAndBroadcastBlobURLRegistration(
    const nsACString& aURI, const IPCBlob& aBlob, nsIPrincipal* aPrincipal,
-    const Maybe<nsID>& aAgentClusterId) {
+    const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey) {
  if (!aPrincipal) {
    return IPC_FAIL(this, "No principal");
  }
@ -6229,9 +6231,9 @@ mozilla::ipc::IPCResult ContentParent::RecvStoreAndBroadcastBlobURLRegistration(
  }

  BlobURLProtocolHandler::AddDataEntry(aURI, aPrincipal, aAgentClusterId,
-                                       blobImpl);
+                                       aPartitionKey, blobImpl);
  BroadcastBlobURLRegistration(aURI, blobImpl, aPrincipal, aAgentClusterId,
-                               this);
+                               aPartitionKey, this);

  // We want to store this blobURL, so we can unregister it if the child
  // crashes.
@ -6478,8 +6480,8 @@ void ContentParent::TransmitBlobURLsForPrincipal(nsIPrincipal* aPrincipal) {
    nsTArray<BlobURLRegistrationData> registrations;
    BlobURLProtocolHandler::ForEachBlobURL(
        [&](BlobImpl* aBlobImpl, nsIPrincipal* aBlobPrincipal,
-            const Maybe<nsID>& aAgentClusterId, const nsACString& aURI,
-            bool aRevoked) {
+            const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
+            const nsACString& aURI, bool aRevoked) {
          // This check uses `ComputeLoadedOriginHash` to compare, rather than
          // doing the more accurate `Equals` check, as it needs to match the
          // behaviour of the logic to broadcast new registrations.
@ -6493,9 +6495,9 @@ void ContentParent::TransmitBlobURLsForPrincipal(nsIPrincipal* aPrincipal) {
            return false;
          }

-          registrations.AppendElement(
-              BlobURLRegistrationData(nsCString(aURI), ipcBlob, aBlobPrincipal,
-                                      aAgentClusterId, aRevoked));
+          registrations.AppendElement(BlobURLRegistrationData(
+              nsCString(aURI), ipcBlob, aBlobPrincipal, aAgentClusterId,
+              nsCString(aPartitionKey), aRevoked));

          rv = TransmitPermissionsForPrincipal(aBlobPrincipal);
          Unused << NS_WARN_IF(NS_FAILED(rv));
@ -7749,7 +7751,7 @@ mozilla::ipc::IPCResult ContentParent::RecvBlobURLDataRequest(
    const nsACString& aBlobURL, nsIPrincipal* aTriggeringPrincipal,
    nsIPrincipal* aLoadingPrincipal, const OriginAttributes& aOriginAttributes,
    uint64_t aInnerWindowId, const Maybe<nsID>& aAgentClusterId,
-    BlobURLDataRequestResolver&& aResolver) {
+    const nsCString& aPartitionKey, BlobURLDataRequestResolver&& aResolver) {
  RefPtr<BlobImpl> blobImpl;

  // Since revoked blobs are also retrieved, it is possible that the blob no
@ -7757,7 +7759,7 @@ mozilla::ipc::IPCResult ContentParent::RecvBlobURLDataRequest(
  if (!BlobURLProtocolHandler::GetDataEntry(
          aBlobURL, getter_AddRefs(blobImpl), aLoadingPrincipal,
          aTriggeringPrincipal, aOriginAttributes, aInnerWindowId,
-          aAgentClusterId, true /* AlsoIfRevoked */)) {
+          aAgentClusterId, aPartitionKey, true /* AlsoIfRevoked */)) {
    aResolver(NS_ERROR_DOM_BAD_URI);
    return IPC_OK();
  }
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@ -504,7 +504,7 @@ class ContentParent final : public PContentParent,

  static void BroadcastBlobURLRegistration(
      const nsACString& aURI, BlobImpl* aBlobImpl, nsIPrincipal* aPrincipal,
-      const Maybe<nsID>& aAgentClusterId,
+      const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
      ContentParent* aIgnoreThisCP = nullptr);

  static void BroadcastBlobURLUnregistration(
@ -513,7 +513,7 @@ class ContentParent final : public PContentParent,

  mozilla::ipc::IPCResult RecvStoreAndBroadcastBlobURLRegistration(
      const nsACString& aURI, const IPCBlob& aBlob, nsIPrincipal* aPrincipal,
-      const Maybe<nsID>& aAgentCluster);
+      const Maybe<nsID>& aAgentCluster, const nsCString& aPartitionKey);

  mozilla::ipc::IPCResult RecvUnstoreAndBroadcastBlobURLUnregistration(
      const nsACString& aURI, nsIPrincipal* aPrincipal);
@ -671,7 +671,7 @@ class ContentParent final : public PContentParent,
      const nsACString& aBlobURL, nsIPrincipal* pTriggeringPrincipal,
      nsIPrincipal* pLoadingPrincipal,
      const OriginAttributes& aOriginAttributes, uint64_t aInnerWindowId,
-      const Maybe<nsID>& aAgentClusterId,
+      const Maybe<nsID>& aAgentClusterId, const nsCString& aPartitionKey,
      BlobURLDataRequestResolver&& aResolver);

 protected:
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@ -279,6 +279,7 @@ struct BlobURLRegistrationData
  IPCBlob blob;
  nullable nsIPrincipal principal;
  nsID? agentClusterId;
+  nsCString partitionKey;
  bool revoked;
 };

@ -868,7 +869,7 @@ child:

    async BlobURLRegistration(nsCString aURI, IPCBlob aBlob,
                              nullable nsIPrincipal aPrincipal,
-                              nsID? aAgentClusterId);
+                              nsID? aAgentClusterId, nsCString aPartitionKey);

    async BlobURLUnregistration(nsCString aURI);

@ -1612,7 +1613,7 @@ parent:

     async StoreAndBroadcastBlobURLRegistration(nsCString url, IPCBlob blob,
                                                nullable nsIPrincipal principal,
-                                                nsID? aAgentClusterId);
+                                                nsID? aAgentClusterId, nsCString aPartitionKey);

     async UnstoreAndBroadcastBlobURLUnregistration(nsCString url, nullable nsIPrincipal principal);

@ -1816,7 +1817,8 @@ parent:
                             nullable nsIPrincipal aLoadingPrincipal,
                             OriginAttributes aOriginAttributes,
                             uint64_t aInnerWindowId,
-                             nsID? aAgentClusterId)
+                             nsID? aAgentClusterId,
+                             nsCString aPartitionKey)
      returns (BlobURLDataRequestResult aResult);

    async SetActiveSessionHistoryEntry(MaybeDiscardedBrowsingContext context,
--- a/dom/locales/en-US/chrome/dom/dom.properties
+++ b/dom/locales/en-US/chrome/dom/dom.properties
@ -430,6 +430,8 @@ MultiplePopupsBlockedNoUserActivation=Opening multiple popups was blocked due to
 PreloadIgnoredInvalidAttr=Preload of %S was ignored due to unknown “as” or “type” values, or non-matching “media” attribute.
 # LOCALIZATION NOTE: %S is the blob URL. Don't translate "agent cluster".
 BlobDifferentClusterError=Cannot access blob URL “%S” from a different agent cluster.
+# LOCALIZATION NOTE: %S is the blob URL. Don't translate "partition key".
+PartitionKeyDifferentError=Cannot access blob URL “%S” with a different partition key.
 # LOCALIZATION NOTE: Do not translate "Element.setCapture()" and "Element.setPointerCapture()"".
 ElementSetCaptureWarning=Element.setCapture() is deprecated. Use Element.setPointerCapture() instead. For more help https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
 # LOCALIZATION NOTE: Do not translate "Element.releaseCapture()" and "Element.releasePointerCapture()".
--- a/dom/url/URLMainThread.cpp
+++ b/dom/url/URLMainThread.cpp
@ -13,6 +13,7 @@
 #include "nsContentUtils.h"
 #include "nsNetUtil.h"
 #include "nsThreadUtils.h"
+#include "mozilla/dom/Document.h"

 namespace mozilla::dom {

@ -27,12 +28,23 @@ void URLMainThread::CreateObjectURL(const GlobalObject& aGlobal, Blob& aBlob,
    return;
  }

+  nsAutoString partKey;
+  if (nsCOMPtr<nsPIDOMWindowInner> owner = do_QueryInterface(global)) {
+    if (Document* doc = owner->GetExtantDoc()) {
+      nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
+          doc->CookieJarSettings();
+
+      cookieJarSettings->GetPartitionKey(partKey);
+    }
+  }
+
  nsCOMPtr<nsIPrincipal> principal =
      nsContentUtils::ObjectPrincipal(aGlobal.Get());

  nsAutoCString url;
-  aRv = BlobURLProtocolHandler::AddDataEntry(aBlob.Impl(), principal,
-                                             global->GetAgentClusterId(), url);
+  aRv = BlobURLProtocolHandler::AddDataEntry(
+      aBlob.Impl(), principal, global->GetAgentClusterId(),
+      NS_ConvertUTF16toUTF8(partKey), url);
  if (NS_WARN_IF(aRv.Failed())) {
    return;
  }
@ -53,12 +65,23 @@ void URLMainThread::CreateObjectURL(const GlobalObject& aGlobal,
    return;
  }

+  nsAutoString partKey;
+  if (nsCOMPtr<nsPIDOMWindowInner> owner = do_QueryInterface(global)) {
+    if (Document* doc = owner->GetExtantDoc()) {
+      nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
+          doc->CookieJarSettings();
+
+      cookieJarSettings->GetPartitionKey(partKey);
+    }
+  }
+
  nsCOMPtr<nsIPrincipal> principal =
      nsContentUtils::ObjectPrincipal(aGlobal.Get());

  nsAutoCString url;
-  aRv = BlobURLProtocolHandler::AddDataEntry(&aSource, principal,
-                                             global->GetAgentClusterId(), url);
+  aRv = BlobURLProtocolHandler::AddDataEntry(
+      &aSource, principal, global->GetAgentClusterId(),
+      NS_ConvertUTF16toUTF8(partKey), url);
  if (NS_WARN_IF(aRv.Failed())) {
    return;
  }
@ -82,11 +105,21 @@ void URLMainThread::RevokeObjectURL(const GlobalObject& aGlobal,
    return;
  }

+  nsAutoString partKey;
+  if (nsCOMPtr<nsPIDOMWindowInner> owner = do_QueryInterface(global)) {
+    if (Document* doc = owner->GetExtantDoc()) {
+      nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
+          doc->CookieJarSettings();
+
+      cookieJarSettings->GetPartitionKey(partKey);
+    }
+  }
+
  NS_LossyConvertUTF16toASCII asciiurl(aURL);

  if (BlobURLProtocolHandler::RemoveDataEntry(
          asciiurl, nsContentUtils::ObjectPrincipal(aGlobal.Get()),
-          global->GetAgentClusterId())) {
+          global->GetAgentClusterId(), NS_ConvertUTF16toUTF8(partKey))) {
    global->UnregisterHostObjectURI(asciiurl);
  }
 }
--- a/dom/url/URLWorker.cpp
+++ b/dom/url/URLWorker.cpp
@ -36,9 +36,16 @@ class CreateURLRunnable : public WorkerMainThreadRunnable {

    nsCOMPtr<nsIPrincipal> principal = mWorkerPrivate->GetPrincipal();

+    nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
+        mWorkerPrivate->CookieJarSettings();
+
+    nsAutoString partKey;
+    cookieJarSettings->GetPartitionKey(partKey);
+
    nsAutoCString url;
    nsresult rv = BlobURLProtocolHandler::AddDataEntry(
-        mBlobImpl, principal, Some(mWorkerPrivate->AgentClusterId()), url);
+        mBlobImpl, principal, Some(mWorkerPrivate->AgentClusterId()),
+        NS_ConvertUTF16toUTF8(partKey), url);

    if (NS_FAILED(rv)) {
      NS_WARNING("Failed to add data entry for the blob!");
@ -66,9 +73,15 @@ class RevokeURLRunnable : public WorkerMainThreadRunnable {

    NS_ConvertUTF16toUTF8 url(mURL);

+    nsCOMPtr<nsICookieJarSettings> cookieJarSettings =
+        mWorkerPrivate->CookieJarSettings();
+
+    nsAutoString partKey;
+    cookieJarSettings->GetPartitionKey(partKey);
+
    BlobURLProtocolHandler::RemoveDataEntry(
        url, mWorkerPrivate->GetPrincipal(),
-        Some(mWorkerPrivate->AgentClusterId()));
+        Some(mWorkerPrivate->AgentClusterId()), NS_ConvertUTF16toUTF8(partKey));
    return true;
  }
 };