Bug 1366973: Rename security flags to not contain DATA anymore r=geck…

…oview-reviewers,ckerschb,snorp Differential Revision: https://phabricator.services.mozilla.com/D83490
dothq · Jul 15, 2020 · a715398 · a715398
1 parent b769a57
commit a715398
Show file tree

Hide file tree

Showing 136 changed files with 338 additions and 306 deletions.
diff --git a/browser/base/content/nsContextMenu.js b/browser/base/content/nsContextMenu.js
@@ -1535,7 +1535,7 @@ class nsContextMenu {
       uri: makeURI(linkURL),
       loadingPrincipal: this.principal,
       contentPolicyType: Ci.nsIContentPolicy.TYPE_SAVEAS_DOWNLOAD,
-      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
     });
 
     if (linkDownload) {

diff --git a/browser/modules/FaviconLoader.jsm b/browser/modules/FaviconLoader.jsm
@@ -112,7 +112,7 @@ class FaviconLoad {
       iconInfo.node,
       iconInfo.node.nodePrincipal,
       iconInfo.node.nodePrincipal,
-      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
+      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
         Ci.nsILoadInfo.SEC_ALLOW_CHROME |
         Ci.nsILoadInfo.SEC_DISALLOW_SCRIPT,
       Ci.nsIContentPolicy.TYPE_INTERNAL_IMAGE_FAVICON

diff --git a/caps/nsScriptSecurityManager.cpp b/caps/nsScriptSecurityManager.cpp
@@ -328,9 +328,11 @@ nsresult nsScriptSecurityManager::GetChannelResultPrincipal(
   // The data: inheritance flags should only apply to the initial load,
   // not to loads that it might have redirected to.
   if (loadInfo->RedirectChain().IsEmpty() &&
-      (securityMode == nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS ||
-       securityMode == nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS ||
-       securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS)) {
+      (securityMode ==
+           nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT ||
+       securityMode ==
+           nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT ||
+       securityMode == nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT)) {
     nsCOMPtr<nsIURI> uri;
     nsresult rv = NS_GetFinalChannelURI(aChannel, getter_AddRefs(uri));
     NS_ENSURE_SUCCESS(rv, rv);

diff --git a/devtools/client/jsonview/test/browser_jsonview_data_blocking.js b/devtools/client/jsonview/test/browser_jsonview_data_blocking.js
@@ -66,7 +66,7 @@ add_task(async function test_converter_abort_should_stop_data_sending() {
   const loadInfo = NetUtil.newChannel({
     uri: Services.io.newURI("data:text/plain,"),
     loadingPrincipal: nullP,
-    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
   }).loadInfo;
   // Stub all the things.
@@ -124,7 +124,7 @@ add_task(async function test_converter_principal_needs_matching() {
   const loadInfo = NetUtil.newChannel({
     uri: Services.io.newURI("data:text/plain,"),
     loadingPrincipal: nullP,
-    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+    securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
     contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
   }).loadInfo;
   // Stub all the things.

diff --git a/devtools/client/styleeditor/StyleEditorUI.jsm b/devtools/client/styleeditor/StyleEditorUI.jsm
@@ -460,7 +460,8 @@ StyleEditorUI.prototype = {
         {
           uri: NetUtil.newURI(selectedFile),
           loadingNode: this._window.document,
-          securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS,
+          securityFlags:
+            Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT,
           contentPolicyType: Ci.nsIContentPolicy.TYPE_OTHER,
         },
         async (stream, status) => {

diff --git a/devtools/server/actors/webconsole.js b/devtools/server/actors/webconsole.js
@@ -1779,7 +1779,7 @@ const WebConsoleActor = ActorClassWithSpec(webconsoleSpec, {
     const channel = NetUtil.newChannel({
       uri: NetUtil.newURI(url),
       loadingNode: doc,
-      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
       contentPolicyType:
         stringToCauseType(cause.type) || Ci.nsIContentPolicy.TYPE_OTHER,
     });

diff --git a/devtools/shared/DevToolsUtils.js b/devtools/shared/DevToolsUtils.js
@@ -677,7 +677,8 @@ function newChannelForURL(
   { policy, window, principal },
   recursing = false
 ) {
-  const securityFlags = Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+  const securityFlags =
+    Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
 
   let uri;
   try {

diff --git a/docshell/base/nsDocShell.cpp b/docshell/base/nsDocShell.cpp
@@ -9495,7 +9495,7 @@ nsresult nsDocShell::DoURILoad(nsDocShellLoadState* aLoadState,
 
   uint32_t sandboxFlags = mBrowsingContext->GetSandboxFlags();
   nsSecurityFlags securityFlags =
-      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
 
   if (mLoadType == LOAD_ERROR_PAGE) {
     securityFlags |= nsILoadInfo::SEC_LOAD_ERROR_PAGE;

diff --git a/docshell/base/nsPingListener.cpp b/docshell/base/nsPingListener.cpp
@@ -97,7 +97,7 @@ static void SendPing(void* aClosure, nsIContent* aContent, nsIURI* aURI,
   NS_NewChannel(getter_AddRefs(chan), aURI, doc,
                 info->requireSameHost
                     ? nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED
-                    : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                    : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                 nsIContentPolicy::TYPE_PING,
                 nullptr,                  // PerformanceStorage
                 nullptr,                  // aLoadGroup

diff --git a/dom/base/Document.cpp b/dom/base/Document.cpp
@@ -1044,7 +1044,7 @@ nsresult ExternalResourceMap::PendingLoad::StartLoad(
   nsresult rv = NS_OK;
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel), aURI, aRequestingNode,
-                     nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
+                     nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
                      nsIContentPolicy::TYPE_OTHER,
                      nullptr,  // aPerformanceStorage
                      loadGroup);

diff --git a/dom/base/EventSource.cpp b/dom/base/EventSource.cpp
@@ -1029,7 +1029,8 @@ nsresult EventSourceImpl::InitChannelAndRequestEventSource() {
 
   nsCOMPtr<Document> doc = mEventSource->GetDocumentIfCurrent();
 
-  nsSecurityFlags securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+  nsSecurityFlags securityFlags =
+      nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
 
   if (mEventSource->mWithCredentials) {
     securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;

diff --git a/dom/base/Navigator.cpp b/dom/base/Navigator.cpp
@@ -1187,9 +1187,9 @@ bool Navigator::SendBeaconInternal(const nsAString& aUrl,
   if (aBody && !contentTypeWithCharset.IsVoid() &&
       !nsContentUtils::IsCORSSafelistedRequestHeader("content-type"_ns,
                                                      contentTypeWithCharset)) {
-    securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    securityFlags |= nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
   } else {
-    securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
+    securityFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
   }
 
   nsCOMPtr<nsIChannel> channel;

diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp
@@ -7271,7 +7271,7 @@ nsresult nsContentUtils::SlurpFileToString(nsIFile* aFile,
   nsCOMPtr<nsIChannel> channel;
   rv = NS_NewChannel(getter_AddRefs(channel), fileURI,
                      nsContentUtils::GetSystemPrincipal(),
-                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                      nsIContentPolicy::TYPE_OTHER);
   if (NS_FAILED(rv)) {
     return rv;

diff --git a/dom/base/nsFrameMessageManager.cpp b/dom/base/nsFrameMessageManager.cpp
@@ -1212,7 +1212,7 @@ void nsMessageManagerScriptExecutor::TryCacheLoadAndCompileScript(
     nsCOMPtr<nsIChannel> channel;
     NS_NewChannel(getter_AddRefs(channel), uri,
                   nsContentUtils::GetSystemPrincipal(),
-                  nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                  nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                   nsIContentPolicy::TYPE_OTHER);
 
     if (!channel) {

diff --git a/dom/base/nsObjectLoadingContent.cpp b/dom/base/nsObjectLoadingContent.cpp
@@ -2272,7 +2272,7 @@ nsresult nsObjectLoadingContent::OpenChannel() {
       true,    // aInheritForAboutBlank
       false);  // aForceInherit
   nsSecurityFlags securityFlags =
-      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
 
   bool isURIUniqueOrigin =
       StaticPrefs::security_data_uri_unique_opaque_origin() &&

diff --git a/dom/base/nsSyncLoadService.cpp b/dom/base/nsSyncLoadService.cpp
@@ -296,7 +296,7 @@ nsresult nsSyncLoadService::LoadDocument(
 
   // if the load needs to enforce CORS, then force the load to be async
   bool isSync =
-      !(aSecurityFlags & nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) &&
+      !(aSecurityFlags & nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT) &&
       (aURI->SchemeIs("chrome") || aURI->SchemeIs("resource"));
   RefPtr<nsSyncLoader> loader = new nsSyncLoader();
   return loader->LoadDocument(channel, isSync, aForceToXML, aReferrerPolicy,

diff --git a/dom/base/test/test_bug422403-1.html b/dom/base/test/test_bug422403-1.html
@@ -37,7 +37,7 @@
                                null,      // aLoadingNode
                                SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
                                null,      // aTriggeringPrincipal
-                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                                SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
 
     var cis = SpecialPowers.Ci.nsIConverterInputStream;

diff --git a/dom/base/test/test_bug422403-2.xhtml b/dom/base/test/test_bug422403-2.xhtml
@@ -36,7 +36,7 @@ function loadFileContent(aFile, aCharset) {
                                null,      // aLoadingNode
                                SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
                                null,      // aTriggeringPrincipal
-                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                                SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
 
     var cis = SpecialPowers.Ci.nsIConverterInputStream;

diff --git a/dom/base/test/test_bug424359-1.html b/dom/base/test/test_bug424359-1.html
@@ -37,7 +37,7 @@
                                null,      // aLoadingNode
                                SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
                                null,      // aTriggeringPrincipal
-                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                                SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
 
     var cis = SpecialPowers.Ci.nsIConverterInputStream;

diff --git a/dom/base/test/test_bug424359-2.html b/dom/base/test/test_bug424359-2.html
@@ -36,7 +36,7 @@
                                null,      // aLoadingNode
                                SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
                                null,      // aTriggeringPrincipal
-                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                                SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
 
     var cis = SpecialPowers.Ci.nsIConverterInputStream;

diff --git a/dom/base/test/test_bug498433.html b/dom/base/test/test_bug498433.html
@@ -35,7 +35,7 @@
                                null,      // aLoadingNode
                                SpecialPowers.Services.scriptSecurityManager.getSystemPrincipal(),
                                null,      // aTriggeringPrincipal
-                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                               SpecialPowers.Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
                                SpecialPowers.Ci.nsIContentPolicy.TYPE_OTHER);
 
     var cis = SpecialPowers.Ci.nsIConverterInputStream;

diff --git a/dom/fetch/FetchDriver.cpp b/dom/fetch/FetchDriver.cpp
@@ -574,12 +574,12 @@ nsresult FetchDriver::HttpFetch(
 
   nsSecurityFlags secFlags = 0;
   if (mRequest->Mode() == RequestMode::Cors) {
-    secFlags |= nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    secFlags |= nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
   } else if (mRequest->Mode() == RequestMode::Same_origin ||
              mRequest->Mode() == RequestMode::Navigate) {
-    secFlags |= nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
+    secFlags |= nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
   } else if (mRequest->Mode() == RequestMode::No_cors) {
-    secFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
+    secFlags |= nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
   } else {
     MOZ_ASSERT_UNREACHABLE("Unexpected request mode!");
     return NS_ERROR_UNEXPECTED;

diff --git a/dom/fetch/InternalRequest.cpp b/dom/fetch/InternalRequest.cpp
@@ -382,13 +382,13 @@ RequestMode InternalRequest::MapChannelToRequestMode(nsIChannel* aChannel) {
   uint32_t securityMode = loadInfo->GetSecurityMode();
 
   switch (securityMode) {
-    case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS:
+    case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT:
     case nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_IS_BLOCKED:
       return RequestMode::Same_origin;
-    case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS:
-    case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL:
+    case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT:
+    case nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL:
       return RequestMode::No_cors;
-    case nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS:
+    case nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT:
       // TODO: Check additional flag force-preflight after bug 1199693 (bug
       // 1189945)
       return RequestMode::Cors;

diff --git a/dom/html/HTMLMediaElement.cpp b/dom/html/HTMLMediaElement.cpp
@@ -1710,8 +1710,8 @@ class HTMLMediaElement::ChannelLoader final {
     // determine what security checks need to be performed in AsyncOpen().
     nsSecurityFlags securityFlags =
         aElement->ShouldCheckAllowOrigin()
-            ? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
-            : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
+            ? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
+            : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
 
     if (aElement->GetCORSMode() == CORS_USE_CREDENTIALS) {
       securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;

diff --git a/dom/html/HTMLTrackElement.cpp b/dom/html/HTMLTrackElement.cpp
@@ -314,16 +314,16 @@ void HTMLTrackElement::LoadResource(RefPtr<WebVTTListener>&& aWebVTTListener) {
   nsSecurityFlags secFlags;
   if (CORS_NONE == corsMode) {
     // Same-origin is required for track element.
-    secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
+    secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
   } else {
-    secFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    secFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
     if (CORS_ANONYMOUS == corsMode) {
       secFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
     } else if (CORS_USE_CREDENTIALS == corsMode) {
       secFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
     } else {
       NS_WARNING("Unknown CORS mode.");
-      secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS;
+      secFlags = nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT;
     }
   }
 

diff --git a/dom/media/ChannelMediaResource.cpp b/dom/media/ChannelMediaResource.cpp
@@ -735,8 +735,8 @@ nsresult ChannelMediaResource::RecreateChannel() {
 
   nsSecurityFlags securityFlags =
       element->ShouldCheckAllowOrigin()
-          ? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
-          : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
+          ? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
+          : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
 
   if (element->GetCORSMode() == CORS_USE_CREDENTIALS) {
     securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;

diff --git a/dom/media/IdpSandbox.jsm b/dom/media/IdpSandbox.jsm
@@ -40,7 +40,7 @@ ResourceLoader.load = function(uri, doc) {
     let ioChannel = NetUtil.newChannel({
       uri,
       loadingNode: doc,
-      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+      securityFlags: Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
       contentPolicyType: Ci.nsIContentPolicy.TYPE_INTERNAL_SCRIPT,
     });
 

diff --git a/dom/media/hls/HLSDecoder.cpp b/dom/media/hls/HLSDecoder.cpp
@@ -289,8 +289,8 @@ already_AddRefed<nsIPrincipal> HLSDecoder::GetContentPrincipal(
   NS_ENSURE_SUCCESS(rv, nullptr);
   nsSecurityFlags securityFlags =
       element->ShouldCheckAllowOrigin()
-          ? nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS
-          : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS;
+          ? nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT
+          : nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT;
   if (element->GetCORSMode() == CORS_USE_CREDENTIALS) {
     securityFlags |= nsILoadInfo::SEC_COOKIES_INCLUDE;
   }

diff --git a/dom/media/mediacontrol/FetchImageHelper.cpp b/dom/media/mediacontrol/FetchImageHelper.cpp
@@ -100,9 +100,10 @@ nsresult FetchImageHelper::ImageFetchListener::FetchDecodedImageFromURI(
   RefPtr<nsIPrincipal> nullPrincipal =
       NullPrincipal::CreateWithoutOriginAttributes();
   nsCOMPtr<nsIChannel> channel;
-  nsresult rv = NS_NewChannel(getter_AddRefs(channel), aURI, nullPrincipal,
-                              nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
-                              nsIContentPolicy::TYPE_INTERNAL_IMAGE);
+  nsresult rv =
+      NS_NewChannel(getter_AddRefs(channel), aURI, nullPrincipal,
+                    nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
+                    nsIContentPolicy::TYPE_INTERNAL_IMAGE);
   if (NS_FAILED(rv)) {
     return rv;
   }

diff --git a/dom/media/webspeech/recognition/OnlineSpeechRecognitionService.cpp b/dom/media/webspeech/recognition/OnlineSpeechRecognitionService.cpp
@@ -313,7 +313,7 @@ void OnlineSpeechRecognitionService::DoSTT() {
     return;
   }
 
-  nsSecurityFlags secFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+  nsSecurityFlags secFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
   nsLoadFlags loadFlags =
       nsIRequest::LOAD_NORMAL | nsIChannel::LOAD_BYPASS_SERVICE_WORKER;
   nsContentPolicyType contentPolicy =

diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp
@@ -2263,7 +2263,7 @@ nsresult nsPluginHost::NewPluginURLStream(
   // form |nsDocShell::OnLinkClickSync| bug 166613
   rv = NS_NewChannel(
       getter_AddRefs(channel), url, element,
-      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_INHERITS |
+      nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_INHERITS_SEC_CONTEXT |
           nsILoadInfo::SEC_FORCE_INHERIT_PRINCIPAL,
       nsIContentPolicy::TYPE_OBJECT_SUBREQUEST,
       nullptr,  // aPerformanceStorage

diff --git a/dom/prototype/PrototypeDocumentContentSink.cpp b/dom/prototype/PrototypeDocumentContentSink.cpp
@@ -733,11 +733,12 @@ nsresult PrototypeDocumentContentSink::LoadScript(
 
     // Note: the loader will keep itself alive while it's loading.
     nsCOMPtr<nsIStreamLoader> loader;
-    rv = NS_NewStreamLoader(getter_AddRefs(loader), aScriptProto->mSrcURI,
-                            this,       // aObserver
-                            mDocument,  // aRequestingContext
-                            nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_DATA_INHERITS,
-                            nsIContentPolicy::TYPE_INTERNAL_SCRIPT, group);
+    rv = NS_NewStreamLoader(
+        getter_AddRefs(loader), aScriptProto->mSrcURI,
+        this,       // aObserver
+        mDocument,  // aRequestingContext
+        nsILoadInfo::SEC_REQUIRE_SAME_ORIGIN_INHERITS_SEC_CONTEXT,
+        nsIContentPolicy::TYPE_INTERNAL_SCRIPT, group);
 
     if (NS_FAILED(rv)) {
       mCurrentScriptProto = nullptr;

diff --git a/dom/push/PushServiceWebSocket.jsm b/dom/push/PushServiceWebSocket.jsm
@@ -497,7 +497,7 @@ var PushServiceWebSocket = {
       null, // aLoadingNode
       Services.scriptSecurityManager.getSystemPrincipal(),
       null, // aTriggeringPrincipal
-      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+      Ci.nsILoadInfo.SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL,
       Ci.nsIContentPolicy.TYPE_WEBSOCKET
     );
     // Allow deprecated HTTP request from SystemPrincipal

diff --git a/dom/script/ScriptLoader.cpp b/dom/script/ScriptLoader.cpp
@@ -1343,9 +1343,9 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
     // scripts and always use CORS. Only exception: Non linkable about: pages
     // which load local module scripts.
     if (IsAboutPageLoadingChromeURI(aRequest)) {
-      securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL;
+      securityFlags = nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL;
     } else {
-      securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+      securityFlags = nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
       if (aRequest->CORSMode() == CORS_NONE ||
           aRequest->CORSMode() == CORS_ANONYMOUS) {
         securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
@@ -1355,9 +1355,10 @@ nsresult ScriptLoader::StartLoad(ScriptLoadRequest* aRequest) {
       }
     }
   } else {
-    securityFlags = aRequest->CORSMode() == CORS_NONE
-                        ? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL
-                        : nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS;
+    securityFlags =
+        aRequest->CORSMode() == CORS_NONE
+            ? nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_SEC_CONTEXT_IS_NULL
+            : nsILoadInfo::SEC_REQUIRE_CORS_INHERITS_SEC_CONTEXT;
     if (aRequest->CORSMode() == CORS_ANONYMOUS) {
       securityFlags |= nsILoadInfo::SEC_COOKIES_SAME_ORIGIN;
     } else if (aRequest->CORSMode() == CORS_USE_CREDENTIALS) {