diff --git a/dom/security/nsCORSListenerProxy.cpp b/dom/security/nsCORSListenerProxy.cpp
index e126454fda82..5e167cc9c621 100644
--- a/dom/security/nsCORSListenerProxy.cpp
+++ b/dom/security/nsCORSListenerProxy.cpp
@@ -1181,7 +1181,24 @@ nsCORSPreflightListener::OnStartRequest(nsIRequest *aRequest,
     // Everything worked, try to cache and then fire off the actual request.
     AddResultToCache(aRequest);
 
-    rv = mOuterChannel->AsyncOpen(mOuterListener, mOuterContext);
+    nsCOMPtr<nsILoadInfo> loadInfo = mOuterChannel->GetLoadInfo();
+    MOZ_ASSERT(loadInfo, "can not perform CORS preflight without a loadInfo");
+    if (!loadInfo) {
+      return NS_ERROR_FAILURE;
+    }
+    nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
+
+    MOZ_ASSERT(securityMode == 0 ||
+               securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS,
+               "how did we end up here?");
+
+    if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
+      MOZ_ASSERT(!mOuterContext, "AsyncOpen(2) does not take context as a second arg");
+      rv = mOuterChannel->AsyncOpen2(mOuterListener);
+    }
+    else {
+      rv = mOuterChannel->AsyncOpen(mOuterListener, mOuterContext);
+    }
   }
 
   if (NS_FAILED(rv)) {
@@ -1260,6 +1277,18 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
   nsresult rv = NS_GetFinalChannelURI(aRequestChannel, getter_AddRefs(uri));
   NS_ENSURE_SUCCESS(rv, rv);
 
+  nsCOMPtr<nsILoadInfo> loadInfo = aRequestChannel->GetLoadInfo();
+  MOZ_ASSERT(loadInfo, "can not perform CORS preflight without a loadInfo");
+  if (!loadInfo) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsSecurityFlags securityMode = loadInfo->GetSecurityMode();
+
+  MOZ_ASSERT(securityMode == 0 ||
+             securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS,
+             "how did we end up here?");
+
   nsPreflightCache::CacheEntry* entry =
     sPreflightCache ?
     sPreflightCache->GetEntry(uri, aPrincipal, aWithCredentials, false) :
@@ -1267,6 +1296,9 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
 
   if (entry && entry->CheckRequest(method, aUnsafeHeaders)) {
     // We have a cached preflight result, just start the original channel
+    if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
+      return aRequestChannel->AsyncOpen2(aListener);
+    }
     return aRequestChannel->AsyncOpen(aListener, nullptr);
   }
 
@@ -1281,29 +1313,13 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
   rv = aRequestChannel->GetLoadFlags(&loadFlags);
   NS_ENSURE_SUCCESS(rv, rv);
 
-  nsCOMPtr<nsILoadInfo> loadInfo;
-  rv = aRequestChannel->GetLoadInfo(getter_AddRefs(loadInfo));
-  NS_ENSURE_SUCCESS(rv, rv);
-
   nsCOMPtr<nsIChannel> preflightChannel;
-  if (loadInfo) {
-    rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
-                               uri,
-                               loadInfo,
-                               loadGroup,
-                               nullptr,   // aCallbacks
-                               loadFlags);
-  }
-  else {
-    rv = NS_NewChannel(getter_AddRefs(preflightChannel),
-                       uri,
-                       nsContentUtils::GetSystemPrincipal(),
-                       nsILoadInfo::SEC_NORMAL,
-                       nsIContentPolicy::TYPE_OTHER,
-                       loadGroup,
-                       nullptr,   // aCallbacks
-                       loadFlags);
-  }
+  rv = NS_NewChannelInternal(getter_AddRefs(preflightChannel),
+                             uri,
+                             loadInfo,
+                             loadGroup,
+                             nullptr,   // aCallbacks
+                             loadFlags);
   NS_ENSURE_SUCCESS(rv, rv);
 
   nsCOMPtr<nsIHttpChannel> preHttp = do_QueryInterface(preflightChannel);
@@ -1324,16 +1340,19 @@ NS_StartCORSPreflight(nsIChannel* aRequestChannel,
                                 method, aWithCredentials);
   NS_ENSURE_TRUE(preflightListener, NS_ERROR_OUT_OF_MEMORY);
 
-  nsRefPtr<nsCORSListenerProxy> corsListener =
-    new nsCORSListenerProxy(preflightListener, aPrincipal,
-                            aWithCredentials, method,
-                            aUnsafeHeaders);
-  rv = corsListener->Init(preflightChannel, DataURIHandling::Disallow);
-  NS_ENSURE_SUCCESS(rv, rv);
-  preflightListener = corsListener;
-
   // Start preflight
-  rv = preflightChannel->AsyncOpen(preflightListener, nullptr);
+  if (securityMode == nsILoadInfo::SEC_REQUIRE_CORS_DATA_INHERITS) {
+    rv = preflightChannel->AsyncOpen2(preflightListener);
+  }
+  else {
+    nsRefPtr<nsCORSListenerProxy> corsListener =
+      new nsCORSListenerProxy(preflightListener, aPrincipal,
+                              aWithCredentials, method,
+                              aUnsafeHeaders);
+    rv = corsListener->Init(preflightChannel, DataURIHandling::Disallow);
+    NS_ENSURE_SUCCESS(rv, rv);
+    rv = preflightChannel->AsyncOpen(corsListener, nullptr);
+  }
   NS_ENSURE_SUCCESS(rv, rv);
   
   // Return newly created preflight channel