This happens because DISALLOW_INHERIT_PRINCIPAL is ignored when checkLoadURI()'s source principal is the system principal (there's an early return in nsScriptSecurityManager::CheckLoadURIWithPrincipal if aPrincipal == mSystemPrincipal). bz, is there any chance we could change that?
I think so, yes. Specifically, hoisting the DISALLOW_INHERIT_PRINCIPAL check above the mSystemPrincipal check would make a lot of sense to me. I would have thought we had an existing bug on that, but I don't see one....
Created attachment 605884 [details] [diff] [review] patch
Comment on attachment 605884 [details] [diff] [review] patch It's worth adding to the end of that comment that we want to do this even for the system principal. r=me