Note: This is the "reference sheet" version. The details and the big picture are covered in Understanding Web Security Checks in Firefox (Part 1).
A security context is always using one of these four kinds of Principals:
- ContentPrincipal: This principal is used for typical web pages and can be serialized to an origin URL, e.g., https://example.com/
- NullPrincipal: Some pages are never same-origin with anything else. E.g.,
<iframes sandbox>
or documents loaded with a data: URI. The standard calls this an opaque origin. - SystemPrincipal: The SystemPrincipal is used for the browser's user interface, commonly referred to as "browser chrome". Pages like
about:preferences
use the SystemPrincipal.