We're currently fairly vague and inconsistent about the values we provide to
content policy implementations for requestOrigin and requestPrincipal. In some
cases they're the triggering principal, sometimes the loading principal,
sometimes the channel principal.
Our existing content policy implementations which require or expect a
loading principal currently retrieve it from the context node.
Since no current callers require the principal to be the loading
principal, and some already expect it to be the triggering principal
(which there's currently no other way to retrieve), a choice was made
to pass the triggering principal whenever possible, but use the loading
principal to determine the origin URL.
This was added as part of the WebExtension sec issue CVE-2017-5389.
Since we no longer have this interface, it needed to be removed to
prevent errors in the WebRequest channel callback.
Moonchild
Matt A. Tobin
roytam1
wolfbeast
janekptacijarabaci