Backed out 4 changesets (bug 1603969) for failing at /browser_startup_mainthreadio.js on a CLOSED TREE.

Backed out changeset c4d79087eef1 (bug 1603969) Backed out changeset 2c0198f3506c (bug 1603969) Backed out changeset c5ad252c525b (bug 1603969) Backed out changeset a334451b95eb (bug 1603969)
2019-12-19 02:08:09 +02:00 · 2019-12-19 02:08:09 +02:00 · bed8b9f116
--- a/browser/base/content/browser-siteProtections.js
+++ b/browser/base/content/browser-siteProtections.js
@ -779,7 +779,10 @@ var ThirdPartyCookies = {
    for (let perm of Services.perms.getAllForPrincipal(
      gBrowser.contentPrincipal
    )) {
-      if (perm.type == "3rdPartyStorage^" + origin) {
+      if (
        perm.type == "3rdPartyStorage^" + origin ||
        perm.type.startsWith("3rdPartyStorage^" + origin + "^")
      ) {
        return perm.capability;
      }
    }
@ -796,7 +799,10 @@ var ThirdPartyCookies = {
    for (let perm of Services.perms.getAllForPrincipal(
      gBrowser.contentPrincipal
    )) {
-      if (perm.type == "3rdPartyStorage^" + origin) {
+      if (
        perm.type == "3rdPartyStorage^" + origin ||
        perm.type.startsWith("3rdPartyStorage^" + origin + "^")
      ) {
        Services.perms.removePermission(perm);
      }
    }
--- a/browser/base/content/test/performance/browser_startup_mainthreadio.js
+++ b/browser/base/content/test/performance/browser_startup_mainthreadio.js
@ -267,7 +267,7 @@ const startupPhases = {
      condition: WIN || MAC,
      fsync: 7,
      stat: 26,
-      write: 40,
+      write: 38,
    },
    {
      // bug 975996
--- a/browser/base/content/test/siteProtections/browser.ini
+++ b/browser/base/content/test/siteProtections/browser.ini
@ -1,7 +1,6 @@
 [DEFAULT]
 support-files =
  head.js
  !/browser/base/content/test/trackingUI/trackingPage.html
 [browser_protections_UI.js]
 fail-if = fission # Bug 1590696
--- a/browser/base/content/test/trackingUI/cookieServer.sjs
+++ b/browser/base/content/test/trackingUI/cookieServer.sjs
@ -2,19 +2,8 @@
 * http://creativecommons.org/publicdomain/zero/1.0/
 */
 // A 1x1 PNG image.
 // Source: https://commons.wikimedia.org/wiki/File:1x1.png (Public Domain)
 const IMAGE = atob("iVBORw0KGgoAAAANSUhEUgAAAAEAAAABAQMAAAAl21bKAAAAA1BMVEUAA" +
                   "ACnej3aAAAAAXRSTlMAQObYZgAAAApJREFUCNdjYAAAAAIAAeIhvDMAAAAASUVORK5CYII=");
 function handleRequest(request, response) {
  response.setStatusLine(request.httpVersion, 200);
-  if (request.queryString &&
+  response.setHeader("Set-Cookie", "foopy=1");
-      request.queryString.includes("type=image-no-cookie")) {
+  response.write("cookie served");
    response.setHeader("Content-Type", "image/png", false);
    response.write(IMAGE);
  } else {
    response.setHeader("Set-Cookie", "foopy=1");
    response.write("cookie served");
  }
 }
--- a/browser/base/content/test/trackingUI/trackingAPI.js
+++ b/browser/base/content/test/trackingUI/trackingAPI.js
@ -4,15 +4,6 @@ function createIframe(src) {
  document.body.appendChild(ifr);
 }
 function createImage(src) {
  let img = document.createElement("img");
  img.src = src;
  img.onload = () => {
    parent.postMessage("done", "*");
  };
  document.body.appendChild(img);
 }
 onmessage = event => {
  switch (event.data) {
    case "tracking":
@ -50,11 +41,6 @@ onmessage = event => {
        "https://test1.example.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs"
      );
      break;
    case "image":
      createImage(
        "http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs?type=image-no-cookie"
      );
      break;
    case "window-open":
      window.win = window.open(
        "http://trackertest.org/browser/browser/base/content/test/trackingUI/cookieServer.sjs",
--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@ -5787,11 +5787,13 @@ mozilla::ipc::IPCResult ContentParent::RecvAutomaticStorageAccessCanBeGranted(
 mozilla::ipc::IPCResult
 ContentParent::RecvFirstPartyStorageAccessGrantedForOrigin(
    const Principal& aParentPrincipal, const Principal& aTrackingPrincipal,
-    const nsCString& aTrackingOrigin, const int& aAllowMode,
+    const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
    const int& aAllowMode,
    FirstPartyStorageAccessGrantedForOriginResolver&& aResolver) {
  AntiTrackingCommon::
      SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
-          aParentPrincipal, aTrackingPrincipal, aTrackingOrigin, aAllowMode)
+          aParentPrincipal, aTrackingPrincipal, aTrackingOrigin, aGrantedOrigin,
          aAllowMode)
          ->Then(GetCurrentThreadSerialEventTarget(), __func__,
                 [aResolver = std::move(aResolver)](
                     AntiTrackingCommon::FirstPartyStorageAccessGrantPromise::
--- a/dom/ipc/ContentParent.h
+++ b/dom/ipc/ContentParent.h
@ -1198,7 +1198,8 @@ class ContentParent final
  mozilla::ipc::IPCResult RecvFirstPartyStorageAccessGrantedForOrigin(
      const Principal& aParentPrincipal, const Principal& aTrackingPrincipal,
-      const nsCString& aTrackingOrigin, const int& aAllowMode,
+      const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
      const int& aAllowMode,
      FirstPartyStorageAccessGrantedForOriginResolver&& aResolver);
  mozilla::ipc::IPCResult RecvStoreUserInteractionAsPermission(
--- a/dom/ipc/PContent.ipdl
+++ b/dom/ipc/PContent.ipdl
@ -1490,6 +1490,7 @@ parent:
    async FirstPartyStorageAccessGrantedForOrigin(Principal aParentPrincipal,
                                                  Principal aTrackingPrincipal,
                                                  nsCString aTrackingOrigin,
                                                  nsCString aGrantedOrigin,
                                                  int aAllowMode)
          returns (bool unused);
--- a/extensions/permissions/nsPermissionManager.cpp
+++ b/extensions/permissions/nsPermissionManager.cpp
@ -882,7 +882,7 @@ void nsPermissionManager::Startup() {
 // nsPermissionManager Implementation
 #define PERMISSIONS_FILE_NAME "permissions.sqlite"
-#define HOSTS_SCHEMA_VERSION 11
+#define HOSTS_SCHEMA_VERSION 10
 // Default permissions are read from a URL - this is the preference we read
 // to find that URL. If not set, don't use any default permissions.
@ -1539,25 +1539,6 @@ nsresult nsPermissionManager::InitDB(bool aRemoveFile) {
        MOZ_FALLTHROUGH;
      case 9: {
        rv = mDBConn->SetSchemaVersion(10);
        NS_ENSURE_SUCCESS(rv, rv);
      }
        // fall through to the next upgrade
        MOZ_FALLTHROUGH;
      case 10: {
        // Filter out the rows with storage access API permissions with a
        // granted origin, and remove the granted origin part from the
        // permission type.
        rv = mDBConn->ExecuteSimpleSQL(NS_LITERAL_CSTRING(
            "UPDATE moz_perms "
            "SET type=SUBSTR(type, 0, INSTR(SUBSTR(type, INSTR(type, '^') + "
            "1), '^') + INSTR(type, '^')) "
            "WHERE INSTR(SUBSTR(type, INSTR(type, '^') + 1), '^') AND "
            "SUBSTR(type, 0, 18) == \"storageAccessAPI^\";"));
        NS_ENSURE_SUCCESS(rv, rv);
        rv = mDBConn->SetSchemaVersion(HOSTS_SCHEMA_VERSION);
        NS_ENSURE_SUCCESS(rv, rv);
      }
--- a/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
+++ b/extensions/permissions/test/unit/test_permmanager_load_invalid_entries.js
@ -223,9 +223,9 @@ function run_test() {
  // Initialize the permission manager service
  var pm = Services.perms;
-  // The schema should be upgraded to 11, and a 'modificationTime' column should
+  // The schema should be upgraded to 10, and a 'modificationTime' column should
  // exist with all records having a value of 0.
-  Assert.equal(connection.schemaVersion, 11);
+  Assert.equal(connection.schemaVersion, 10);
  let select = connection.createStatement(
    "SELECT modificationTime FROM moz_perms"
--- a/extensions/permissions/test/unit/test_permmanager_migrate_10-11.js
+++ b/extensions/permissions/test/unit/test_permmanager_migrate_10-11.js
@ -1,193 +0,0 @@
 /* Any copyright is dedicated to the Public Domain.
   http://creativecommons.org/publicdomain/zero/1.0/ */
 ChromeUtils.defineModuleGetter(
  this,
  "PlacesTestUtils",
  "resource://testing-common/PlacesTestUtils.jsm"
 );
 var PERMISSIONS_FILE_NAME = "permissions.sqlite";
 function GetPermissionsFile(profile) {
  let file = profile.clone();
  file.append(PERMISSIONS_FILE_NAME);
  return file;
 }
 add_task(async function test() {
  /* Create and set up the permissions database */
  let profile = do_get_profile();
  Services.prefs.setCharPref("permissions.manager.defaultsUrl", "");
  let db = Services.storage.openDatabase(GetPermissionsFile(profile));
  db.schemaVersion = 10;
  let stmt6Insert = db.createStatement(
    "INSERT INTO moz_perms (" +
      "id, origin, type, permission, expireType, expireTime, modificationTime" +
      ") VALUES (" +
      ":id, :origin, :type, :permission, :expireType, :expireTime, :modificationTime" +
      ")"
  );
  let id = 0;
  function insertOrigin(
    origin,
    type,
    permission,
    expireType,
    expireTime,
    modificationTime
  ) {
    let thisId = id++;
    stmt6Insert.bindByName("id", thisId);
    stmt6Insert.bindByName("origin", origin);
    stmt6Insert.bindByName("type", type);
    stmt6Insert.bindByName("permission", permission);
    stmt6Insert.bindByName("expireType", expireType);
    stmt6Insert.bindByName("expireTime", expireTime);
    stmt6Insert.bindByName("modificationTime", modificationTime);
    try {
      stmt6Insert.execute();
    } finally {
      stmt6Insert.reset();
    }
    return {
      id: thisId,
      origin,
      type,
      permission,
      expireType,
      expireTime,
      modificationTime,
    };
  }
  insertOrigin(
    "https://foo.com",
    "storageAccessAPI^https://foo.com",
    2,
    0,
    0,
    0
  );
  insertOrigin(
    "http://foo.com",
    "storageAccessAPI^https://bar.com^https://foo.com",
    2,
    0,
    0,
    0
  );
  insertOrigin(
    "http://foo.com",
    "storageAccessAPI^https://bar.com^https://baz.com",
    2,
    0,
    0,
    0
  );
  insertOrigin("http://foo.com^inBrowser=1", "A", 2, 0, 0, 0);
  // CLose the db connection
  stmt6Insert.finalize();
  db.close();
  db = null;
  let expected = [
    ["https://foo.com", "storageAccessAPI^https://foo.com", 2, 0, 0, 0],
    ["http://foo.com", "storageAccessAPI^https://bar.com", 2, 0, 0, 0],
    ["http://foo.com", "storageAccessAPI^https://bar.com", 2, 0, 0, 0],
    ["http://foo.com^inBrowser=1", "A", 2, 0, 0, 0],
  ];
  let found = expected.map(it => 0);
  // Add some places to the places database
  await PlacesTestUtils.addVisits(
    Services.io.newURI("https://foo.com/some/other/subdirectory")
  );
  await PlacesTestUtils.addVisits(
    Services.io.newURI("ftp://some.subdomain.of.foo.com:8000/some/subdirectory")
  );
  await PlacesTestUtils.addVisits(Services.io.newURI("ftp://127.0.0.1:8080"));
  await PlacesTestUtils.addVisits(Services.io.newURI("https://localhost:8080"));
  // This will force the permission-manager to reload the data.
  Services.obs.notifyObservers(null, "testonly-reload-permissions-from-disk");
  // Force initialization of the nsPermissionManager
  for (let permission of Services.perms.all) {
    let isExpected = false;
    expected.forEach((it, i) => {
      if (
        permission.principal.origin == it[0] &&
        permission.type == it[1] &&
        permission.capability == it[2] &&
        permission.expireType == it[3] &&
        permission.expireTime == it[4]
      ) {
        isExpected = true;
        found[i]++;
      }
    });
    Assert.ok(
      isExpected,
      "Permission " +
        (isExpected ? "should" : "shouldn't") +
        " be in permission database: " +
        permission.principal.origin +
        ", " +
        permission.type +
        ", " +
        permission.capability +
        ", " +
        permission.expireType +
        ", " +
        permission.expireTime
    );
  }
  found.forEach((count, i) => {
    Assert.ok(
      count == 1,
      "Expected count = 1, got count = " +
        count +
        " for permission " +
        expected[i]
    );
  });
  // Check to make sure that all of the tables which we care about are present
  {
    db = Services.storage.openDatabase(GetPermissionsFile(profile));
    Assert.ok(db.tableExists("moz_perms"));
    Assert.ok(db.tableExists("moz_hosts"));
    Assert.ok(!db.tableExists("moz_perms_v6"));
    let mozHostsCount = db.createStatement("SELECT count(*) FROM moz_hosts");
    try {
      mozHostsCount.executeStep();
      Assert.equal(mozHostsCount.getInt64(0), 0);
    } finally {
      mozHostsCount.finalize();
    }
    let mozPermsCount = db.createStatement("SELECT count(*) FROM moz_perms");
    try {
      mozPermsCount.executeStep();
      Assert.equal(mozPermsCount.getInt64(0), expected.length);
    } finally {
      mozPermsCount.finalize();
    }
    db.close();
  }
 });
--- a/extensions/permissions/test/unit/xpcshell.ini
+++ b/extensions/permissions/test/unit/xpcshell.ini
@ -30,5 +30,4 @@ skip-if = debug == true
 [test_permmanager_migrate_4-7_no_history.js]
 [test_permmanager_migrate_7-8.js]
 [test_permmanager_migrate_9-10.js]
 [test_permmanager_migrate_10-11.js]
 [test_permmanager_oa_strip.js]
--- a/netwerk/locales/en-US/necko.properties
+++ b/netwerk/locales/en-US/necko.properties
@ -44,7 +44,11 @@ CookieBlockedTracker=Request to access cookie or storage on “%1$S” was block
 CookieBlockedAll=Request to access cookie or storage on “%1$S” was blocked because we are blocking all storage access requests.
 CookieBlockedForeign=Request to access cookie or storage on “%1$S” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.
 # LOCALIZATION NOTE (CookieAllowedForOriginOnTrackerByStorageAccessAPI): %3$S, %2$S and %1$S are URLs.
 CookieAllowedForOriginOnTrackerByStorageAccessAPI=Storage access granted for “%3$S” opened by tracker “%2$S” on “%1$S”.
 # LOCALIZATION NOTE (CookieAllowedForTrackerByStorageAccessAPI): %2$S and %1$S are URLs.
 CookieAllowedForTrackerByStorageAccessAPI=Storage access granted for tracker “%2$S” on “%1$S”.
 # LOCALIZATION NOTE (CookieAllowedForOriginOnTrackerByHeuristic): %3$S, %2$S and %1$S are URLs.
 CookieAllowedForOriginOnTrackerByHeuristic=Storage access automatically granted for “%3$S” opened by tracker “%2$S” on “%1$S”.
 # LOCALIZATION NOTE (CookieAllowedForTrackerByHeuristic): %2$S and %1$S are URLs.
 CookieAllowedForTrackerByHeuristic=Storage access automatically granted for tracker “%2$S” on “%1$S”.
--- a/toolkit/components/antitracking/AntiTrackingCommon.cpp
+++ b/toolkit/components/antitracking/AntiTrackingCommon.cpp
@ -128,6 +128,27 @@ void CreatePermissionKey(const nsCString& aTrackingOrigin,
  aPermissionKey.Append(aTrackingOrigin);
 }
 void CreatePermissionKey(const nsCString& aTrackingOrigin,
                         const nsCString& aGrantedOrigin,
                         nsACString& aPermissionKey) {
  MOZ_ASSERT(aPermissionKey.IsEmpty());
  if (aTrackingOrigin == aGrantedOrigin) {
    CreatePermissionKey(aTrackingOrigin, aPermissionKey);
    return;
  }
  static const nsLiteralCString prefix =
      NS_LITERAL_CSTRING(ANTITRACKING_PERM_KEY "^");
  aPermissionKey.SetCapacity(prefix.Length() + 1 + aTrackingOrigin.Length() +
                             aGrantedOrigin.Length());
  aPermissionKey.Append(prefix);
  aPermissionKey.Append(aTrackingOrigin);
  aPermissionKey.AppendLiteral("^");
  aPermissionKey.Append(aGrantedOrigin);
 }
 // This internal method returns ACCESS_DENY if the access is denied,
 // ACCESS_DEFAULT if unknown, some other access code if granted.
 uint32_t CheckCookiePermissionForPrincipal(nsICookieSettings* aCookieSettings,
@ -443,6 +464,7 @@ void ReportBlockingToConsole(nsPIDOMWindowOuter* aWindow, nsIURI* aURI,
 void ReportUnblockingToConsole(
    nsPIDOMWindowInner* aWindow, const nsAString& aTrackingOrigin,
    const nsAString& aGrantedOrigin,
    AntiTrackingCommon::StorageAccessGrantedReason aReason) {
  nsCOMPtr<nsIPrincipal> principal =
      nsGlobalWindowInner::Cast(aWindow)->GetPrincipal();
@ -456,6 +478,7 @@ void ReportUnblockingToConsole(
  }
  nsAutoString trackingOrigin(aTrackingOrigin);
  nsAutoString grantedOrigin(aGrantedOrigin);
  nsAutoString sourceLine;
  uint32_t lineNumber = 0, columnNumber = 0;
@ -466,8 +489,8 @@ void ReportUnblockingToConsole(
  RefPtr<Runnable> runnable = NS_NewRunnableFunction(
      "ReportUnblockingToConsoleDelayed",
-      [doc, principal, trackingOrigin, sourceLine, lineNumber, columnNumber,
+      [doc, principal, trackingOrigin, grantedOrigin, sourceLine, lineNumber,
-       aReason]() {
+       columnNumber, aReason]() {
        nsAutoString origin;
        nsresult rv = nsContentUtils::GetUTFOrigin(principal, origin);
        if (NS_WARN_IF(NS_FAILED(rv))) {
@ -476,24 +499,39 @@ void ReportUnblockingToConsole(
        // Not adding grantedOrigin yet because we may not want it later.
        AutoTArray<nsString, 3> params = {origin, trackingOrigin};
        const char* messageWithDifferentOrigin = nullptr;
        const char* messageWithSameOrigin = nullptr;
        switch (aReason) {
          case AntiTrackingCommon::eStorageAccessAPI:
            messageWithDifferentOrigin =
                "CookieAllowedForOriginOnTrackerByStorageAccessAPI";
            messageWithSameOrigin = "CookieAllowedForTrackerByStorageAccessAPI";
            break;
          case AntiTrackingCommon::eOpenerAfterUserInteraction:
            MOZ_FALLTHROUGH;
          case AntiTrackingCommon::eOpener:
            messageWithDifferentOrigin =
                "CookieAllowedForOriginOnTrackerByHeuristic";
            messageWithSameOrigin = "CookieAllowedForTrackerByHeuristic";
            break;
        }
-        nsContentUtils::ReportToConsole(
+        if (trackingOrigin == grantedOrigin) {
-            nsIScriptError::warningFlag, NS_LITERAL_CSTRING("Content Blocking"),
+          nsContentUtils::ReportToConsole(
-            doc, nsContentUtils::eNECKO_PROPERTIES, messageWithSameOrigin,
+              nsIScriptError::warningFlag,
-            params, nullptr, sourceLine, lineNumber, columnNumber);
+              NS_LITERAL_CSTRING("Content Blocking"), doc,
              nsContentUtils::eNECKO_PROPERTIES, messageWithSameOrigin, params,
              nullptr, sourceLine, lineNumber, columnNumber);
        } else {
          params.AppendElement(grantedOrigin);
          nsContentUtils::ReportToConsole(
              nsIScriptError::warningFlag,
              NS_LITERAL_CSTRING("Content Blocking"), doc,
              nsContentUtils::eNECKO_PROPERTIES, messageWithDifferentOrigin,
              params, nullptr, sourceLine, lineNumber, columnNumber);
        }
      });
  RunConsoleReportingRunnable(runnable.forget());
@ -905,13 +943,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
    return StorageAccessGrantPromise::CreateAndReject(false, __func__);
  }
-  if (MOZ_LOG_TEST(gAntiTrackingLog, mozilla::LogLevel::Debug)) {
+  nsAutoCString origin;
-    nsAutoCString origin;
+  nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
-    Unused << nsContentUtils::GetASCIIOrigin(uri, origin);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
-    LOG(("Adding a first-party storage exception for %s...",
+    LOG(("Can't get the origin from the URI"));
-         PromiseFlatCString(origin).get()));
+    return StorageAccessGrantPromise::CreateAndReject(false, __func__);
  }
  LOG(("Adding a first-party storage exception for %s...",
       PromiseFlatCString(origin).get()));
  Document* parentDoc = aParentWindow->GetExtantDoc();
  if (!parentDoc) {
    LOG(("Parent window has no doc"));
@ -955,13 +996,6 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
  // We are a first party resource.
  if (outerParentWindow->IsTopLevelWindow()) {
    nsAutoCString origin;
    nsresult rv = nsContentUtils::GetASCIIOrigin(uri, origin);
    if (NS_WARN_IF(NS_FAILED(rv))) {
      LOG(("Can't get the origin from the URI"));
      return StorageAccessGrantPromise::CreateAndReject(false, __func__);
    }
    trackingOrigin = origin;
    trackingPrincipal = aPrincipal;
    rv = trackingPrincipal->GetURI(getter_AddRefs(trackingURI));
@ -1064,11 +1098,11 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
  }
  auto storePermission =
-      [pwin, parentWindow, trackingOrigin, trackingPrincipal, trackingURI,
+      [pwin, parentWindow, origin, trackingOrigin, trackingPrincipal,
-       topInnerWindow, topLevelStoragePrincipal,
+       trackingURI, topInnerWindow, topLevelStoragePrincipal,
       aReason](int aAllowMode) -> RefPtr<StorageAccessGrantPromise> {
    nsAutoCString permissionKey;
-    CreatePermissionKey(trackingOrigin, permissionKey);
+    CreatePermissionKey(trackingOrigin, origin, permissionKey);
    // Let's store the permission in the current parent window.
    topInnerWindow->SaveStorageAccessGranted(permissionKey);
@ -1084,14 +1118,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
                                     Some(aReason));
    ReportUnblockingToConsole(parentWindow,
-                              NS_ConvertUTF8toUTF16(trackingOrigin), aReason);
+                              NS_ConvertUTF8toUTF16(trackingOrigin),
                              NS_ConvertUTF8toUTF16(origin), aReason);
    if (XRE_IsParentProcess()) {
-      LOG(("Saving the permission: trackingOrigin=%s", trackingOrigin.get()));
+      LOG(("Saving the permission: trackingOrigin=%s, grantedOrigin=%s",
           trackingOrigin.get(), origin.get()));
      return SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
                 topLevelStoragePrincipal, trackingPrincipal, trackingOrigin,
-                 aAllowMode)
+                 origin, aAllowMode)
          ->Then(GetCurrentThreadSerialEventTarget(), __func__,
                 [](FirstPartyStorageAccessGrantPromise::ResolveOrRejectValue&&
                        aValue) {
@ -1109,15 +1145,16 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
    LOG(
        ("Asking the parent process to save the permission for us: "
-         "trackingOrigin=%s",
+         "trackingOrigin=%s, grantedOrigin=%s",
-         trackingOrigin.get()));
+         trackingOrigin.get(), origin.get()));
    // This is not really secure, because here we have the content process
    // sending the request of storing a permission.
    return cc
        ->SendFirstPartyStorageAccessGrantedForOrigin(
            IPC::Principal(topLevelStoragePrincipal),
-            IPC::Principal(trackingPrincipal), trackingOrigin, aAllowMode)
+            IPC::Principal(trackingPrincipal), trackingOrigin, origin,
            aAllowMode)
        ->Then(GetCurrentThreadSerialEventTarget(), __func__,
               [](const ContentChild::
                      FirstPartyStorageAccessGrantedForOriginPromise::
@ -1149,7 +1186,8 @@ AntiTrackingCommon::AddFirstPartyStorageAccessGrantedFor(
 RefPtr<mozilla::AntiTrackingCommon::FirstPartyStorageAccessGrantPromise>
 AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
    nsIPrincipal* aParentPrincipal, nsIPrincipal* aTrackingPrincipal,
-    const nsCString& aTrackingOrigin, int aAllowMode) {
+    const nsCString& aTrackingOrigin, const nsCString& aGrantedOrigin,
    int aAllowMode) {
  MOZ_ASSERT(XRE_IsParentProcess());
  MOZ_ASSERT(aAllowMode == eAllow || aAllowMode == eAllowAutoGrant);
@ -1162,8 +1200,8 @@ AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
  nsCOMPtr<nsIURI> parentPrincipalURI;
  Unused << aParentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
  LOG_SPEC(("Saving a first-party storage permission on %s for "
-            "trackingOrigin=%s",
+            "trackingOrigin=%s grantedOrigin=%s",
-            _spec, aTrackingOrigin.get()),
+            _spec, aTrackingOrigin.get(), aGrantedOrigin.get()),
           parentPrincipalURI);
  if (NS_WARN_IF(!aParentPrincipal)) {
@ -1198,7 +1236,7 @@ AntiTrackingCommon::SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
  }
  nsAutoCString type;
-  CreatePermissionKey(aTrackingOrigin, type);
+  CreatePermissionKey(aTrackingOrigin, aGrantedOrigin, type);
  LOG(
      ("Computed permission key: %s, expiry: %u, proceeding to save in the "
@ -1461,8 +1499,15 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
  }
  Unused << parentPrincipal->GetURI(getter_AddRefs(parentPrincipalURI));
  nsAutoCString grantedOrigin;
  nsresult rv = nsContentUtils::GetASCIIOrigin(aURI, grantedOrigin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    LOG_SPEC(("Failed to compute the origin from %s", _spec), aURI);
    return false;
  }
  nsAutoCString type;
-  CreatePermissionKey(trackingOrigin, type);
+  CreatePermissionKey(trackingOrigin, grantedOrigin, type);
  if (topInnerWindow->HasStorageAccessGranted(type)) {
    LOG(("Permission stored in the window. All good."));
@ -1728,8 +1773,15 @@ bool AntiTrackingCommon::IsFirstPartyStorageAccessGrantedFor(
    return false;
  }
  nsAutoCString origin;
  rv = nsContentUtils::GetASCIIOrigin(aURI, origin);
  if (NS_WARN_IF(NS_FAILED(rv))) {
    LOG_SPEC(("Failed to compute the origin from %s", _spec), aURI);
    return false;
  }
  nsAutoCString type;
-  CreatePermissionKey(trackingOrigin, type);
+  CreatePermissionKey(trackingOrigin, origin, type);
  uint32_t privateBrowsingId = 0;
  rv = channelPrincipal->GetPrivateBrowsingId(&privateBrowsingId);
--- a/toolkit/components/antitracking/AntiTrackingCommon.h
+++ b/toolkit/components/antitracking/AntiTrackingCommon.h
@ -130,7 +130,8 @@ class AntiTrackingCommon final {
  static RefPtr<FirstPartyStorageAccessGrantPromise>
  SaveFirstPartyStorageAccessGrantedForOriginOnParentProcess(
      nsIPrincipal* aPrincipal, nsIPrincipal* aTrackingPrinciapl,
-      const nsCString& aTrackingOrigin, int aAllowMode);
+      const nsCString& aParentOrigin, const nsCString& aGrantedOrigin,
      int aAllowMode);
  // Check whether a top window principal is on the content blocking allow list.
  static nsresult IsOnContentBlockingAllowList(nsIPrincipal* aTopWinPrincipal,
--- a/toolkit/components/antitracking/test/browser/antitracking_head.js
+++ b/toolkit/components/antitracking/test/browser/antitracking_head.js
@ -696,31 +696,13 @@ this.AntiTracking = {
        is(allMessages.length, 0, "No console messages should be generated");
      } else {
        ok(!!allMessages.length, "Some console message should be generated");
        if (options.errorMessageDomains) {
          is(
            allMessages.length,
            options.errorMessageDomains.length,
            "Enough items provided in errorMessageDomains"
          );
        }
      }
      let index = 0;
      for (let msg of allMessages) {
        is(
          msg.category,
          expectedCategory,
          "Message should be of expected category"
        );
        if (options.errorMessageDomains) {
          ok(
            msg.errorMessage.includes(options.errorMessageDomains[index]),
            `Error message domain ${
              options.errorMessageDomains[index]
            } (${index}) found in "${msg.errorMessage}"`
          );
          index++;
        }
      }
      if (options.allowList) {
--- a/toolkit/components/antitracking/test/browser/browser.ini
+++ b/toolkit/components/antitracking/test/browser/browser.ini
@ -39,9 +39,6 @@ support-files =
  raptor.jpg
  !/browser/modules/test/browser/head.js
  !/browser/base/content/test/general/head.js
  !/browser/base/content/test/trackingUI/cookieServer.sjs
  !/browser/base/content/test/trackingUI/trackingPage.html
  !/browser/base/content/test/trackingUI/trackingAPI.js
 [browser_allowListNotifications.js]
 support-files = subResources.sjs
@ -112,8 +109,6 @@ skip-if = fission
 skip-if = fission
 [browser_storageAccessSandboxed.js]
 skip-if = fission
 [browser_storageAccessThirdPartyChecks.js]
 skip-if = fission
 [browser_storageAccessWithHeuristics.js]
 skip-if = fission
 [browser_networkIsolation.js]
--- a/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js
+++ b/toolkit/components/antitracking/test/browser/browser_storageAccessThirdPartyChecks.js
@ -1,63 +0,0 @@
 /* import-globals-from antitracking_head.js */
 AntiTracking._createTask({
  name:
    "Test that after a storage access grant we have full first-party access",
  cookieBehavior: BEHAVIOR_REJECT_TRACKER,
  blockingByContentBlockingRTUI: true,
  allowList: false,
  callback: async _ => {
    /* import-globals-from storageAccessAPIHelpers.js */
    await noStorageAccessInitially();
    await callRequestStorageAccess();
    const TRACKING_PAGE =
      "http://another-tracking.example.net/browser/browser/base/content/test/trackingUI/trackingPage.html";
    async function runChecks(name) {
      let iframe = document.createElement("iframe");
      iframe.src = TRACKING_PAGE;
      document.body.appendChild(iframe);
      await new Promise(resolve => {
        iframe.onload = resolve;
      });
      await SpecialPowers.spawn(iframe, [name], name => {
        content.postMessage(name, "*");
      });
      await new Promise(resolve => {
        onmessage = e => {
          if (e.data == "done") {
            resolve();
          }
        };
      });
    }
    await runChecks("image");
  },
  extraPrefs: null,
  expectedBlockingNotifications:
    Ci.nsIWebProgressListener.STATE_COOKIES_BLOCKED_TRACKER,
  runInPrivateWindow: false,
  iframeSandbox: null,
  accessRemoval: null,
  callbackAfterRemoval: null,
  thirdPartyPage: TEST_3RD_PARTY_PAGE_HTTP,
  errorMessageDomains: [
    "http://tracking.example.org",
    "http://tracking.example.org",
    "http://tracking.example.org",
    "http://tracking.example.org",
    "http://tracking.example.org",
  ],
 });
 add_task(async _ => {
  await new Promise(resolve => {
    Services.clearData.deleteData(Ci.nsIClearDataService.CLEAR_ALL, value =>
      resolve()
    );
  });
 });
--- a/toolkit/components/antitracking/test/browser/head.js
+++ b/toolkit/components/antitracking/test/browser/head.js
@ -29,8 +29,6 @@ const TEST_TOP_PAGE_6 = TEST_DOMAIN_6 + TEST_PATH + "page.html";
 const TEST_EMBEDDER_PAGE = TEST_DOMAIN + TEST_PATH + "embedder.html";
 const TEST_POPUP_PAGE = TEST_DOMAIN + TEST_PATH + "popup.html";
 const TEST_3RD_PARTY_PAGE = TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdParty.html";
 const TEST_3RD_PARTY_PAGE_HTTP =
  TEST_3RD_PARTY_DOMAIN_HTTP + TEST_PATH + "3rdParty.html";
 const TEST_3RD_PARTY_PAGE_WO =
  TEST_3RD_PARTY_DOMAIN + TEST_PATH + "3rdPartyWO.html";
 const TEST_3RD_PARTY_PAGE_UI =
--- a/toolkit/components/cleardata/ClearDataService.jsm
+++ b/toolkit/components/cleardata/ClearDataService.jsm
@ -879,14 +879,19 @@ const PermissionsCleaner = {
        if (!toBeRemoved && perm.type.startsWith("3rdPartyStorage^")) {
          let parts = perm.type.split("^");
-          let uri;
+          for (let i = 1; i < parts.length; ++i) {
-          try {
+            let uri;
-            uri = Services.io.newURI(parts[1]);
+            try {
-          } catch (ex) {
+              uri = Services.io.newURI(parts[i]);
-            continue;
+            } catch (ex) {
-          }
+              continue;
            }
-          toBeRemoved = Services.eTLD.hasRootDomain(uri.host, aHost);
+            toBeRemoved = Services.eTLD.hasRootDomain(uri.host, aHost);
            if (toBeRemoved) {
              break;
            }
          }
        }
        if (!toBeRemoved) {
--- a/toolkit/components/cleardata/tests/unit/test_permissions.js
+++ b/toolkit/components/cleardata/tests/unit/test_permissions.js
@ -133,6 +133,16 @@ add_task(async function test_3rdpartystorage_permissions() {
    "cookie",
    Services.perms.ALLOW_ACTION
  );
  Services.perms.addFromPrincipal(
    oneMorePrincipal,
    "3rdPartyStorage^https://example.net^https://example.org",
    Services.perms.ALLOW_ACTION
  );
  Services.perms.addFromPrincipal(
    oneMorePrincipal,
    "3rdPartyStorage^https://example.org^https://example.net",
    Services.perms.ALLOW_ACTION
  );
  Assert.ok(
    Services.perms.getPermissionObject(principal, "cookie", true) != null
@ -150,6 +160,20 @@ add_task(async function test_3rdpartystorage_permissions() {
  Assert.ok(
    Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
  );
  Assert.ok(
    Services.perms.getPermissionObject(
      oneMorePrincipal,
      "3rdPartyStorage^https://example.net^https://example.org",
      true
    ) != null
  );
  Assert.ok(
    Services.perms.getPermissionObject(
      oneMorePrincipal,
      "3rdPartyStorage^https://example.org^https://example.net",
      true
    ) != null
  );
  await new Promise(aResolve => {
    Services.clearData.deleteDataFromPrincipal(
@ -179,6 +203,20 @@ add_task(async function test_3rdpartystorage_permissions() {
  Assert.ok(
    Services.perms.getPermissionObject(oneMorePrincipal, "cookie", true) != null
  );
  Assert.ok(
    Services.perms.getPermissionObject(
      oneMorePrincipal,
      "3rdPartyStorage^https://example.net^https://example.org",
      true
    ) == null
  );
  Assert.ok(
    Services.perms.getPermissionObject(
      oneMorePrincipal,
      "3rdPartyStorage^https://example.org^https://example.net",
      true
    ) == null
  );
  await new Promise(aResolve => {
    Services.clearData.deleteData(