diff --git a/extensions/cookie/nsPermissionManager.cpp b/extensions/cookie/nsPermissionManager.cpp
index 903c2e407e50..b2ab0cbb4004 100644
--- a/extensions/cookie/nsPermissionManager.cpp
+++ b/extensions/cookie/nsPermissionManager.cpp
@@ -9,7 +9,6 @@
 #include "mozilla/DebugOnly.h"
 
 #include "mozilla/dom/ContentParent.h"
-#include "mozilla/BasePrincipal.h"
 #include "mozilla/ContentPrincipal.h"
 #include "mozilla/Pair.h"
 #include "mozilla/Services.h"
@@ -2280,6 +2279,13 @@ NS_IMETHODIMP
 nsPermissionManager::TestPermissionOriginNoSuffix(
     const nsACString& aOriginNoSuffix, const char* aType,
     uint32_t* aPermission) {
+  auto preparationResult = CommonPrepareToTestPermission(nullptr, aPermission);
+  if (preparationResult.mShouldContinue == eDone) {
+    return NS_OK;
+  }
+
+  MOZ_ASSERT(!preparationResult.mPrincipal);
+
   return CommonTestPermissionInternal(nullptr, nullptr, aOriginNoSuffix, aType,
                                       aPermission, false, true);
 }
@@ -2373,7 +2379,7 @@ nsPermissionManager::GetPermissionObject(nsIPrincipal* aPrincipal,
 }
 
 nsresult nsPermissionManager::CommonTestPermissionInternal(
-    nsIPrincipal* aPrincipal, nsIURI* aURI, const nsACString& aOriginNoSuffix,
+    BasePrincipal* aPrincipal, nsIURI* aURI, const nsACString& aOriginNoSuffix,
     const char* aType, uint32_t* aPermission, bool aExactHostMatch,
     bool aIncludingSession) {
   MOZ_ASSERT(aPrincipal || aURI || !aOriginNoSuffix.IsEmpty());
@@ -2382,11 +2388,6 @@ nsresult nsPermissionManager::CommonTestPermissionInternal(
   NS_ENSURE_ARG_POINTER(aPrincipal || aURI || !aOriginNoSuffix.IsEmpty());
   NS_ENSURE_ARG_POINTER(aType);
 
-  if (aPrincipal && nsContentUtils::IsSystemPrincipal(aPrincipal)) {
-    *aPermission = nsIPermissionManager::ALLOW_ACTION;
-    return NS_OK;
-  }
-
   // Set the default.
   *aPermission = nsIPermissionManager::UNKNOWN_ACTION;
 
@@ -2403,9 +2404,8 @@ nsresult nsPermissionManager::CommonTestPermissionInternal(
 
   // For expanded principals, we want to iterate over the allowlist and see
   // if the permission is granted for any of them.
-  auto* basePrin = BasePrincipal::Cast(aPrincipal);
-  if (basePrin && basePrin->Is<ExpandedPrincipal>()) {
-    auto ep = basePrin->As<ExpandedPrincipal>();
+  if (aPrincipal && aPrincipal->Is<ExpandedPrincipal>()) {
+    auto ep = aPrincipal->As<ExpandedPrincipal>();
     for (auto& prin : ep->AllowList()) {
       uint32_t perm;
       nsresult rv = CommonTestPermission(prin, aType, &perm, aExactHostMatch,
diff --git a/extensions/cookie/nsPermissionManager.h b/extensions/cookie/nsPermissionManager.h
index 563a4e0cb2cc..f7d04a93f897 100644
--- a/extensions/cookie/nsPermissionManager.h
+++ b/extensions/cookie/nsPermissionManager.h
@@ -22,6 +22,7 @@
 #include "nsDataHashtable.h"
 #include "nsIRunnable.h"
 #include "nsRefPtrHashtable.h"
+#include "mozilla/BasePrincipal.h"
 #include "mozilla/MozPromise.h"
 
 namespace mozilla {
@@ -273,27 +274,55 @@ class nsPermissionManager final : public nsIPermissionManager,
                                           const nsACString& aOriginNoSuffix,
                                           uint32_t aType, bool aExactHostMatch);
 
+  enum TestPreparationEnum { eContinue, eDone };
+  struct TestPreparationResult {
+    mozilla::BasePrincipal* mPrincipal;
+    TestPreparationEnum mShouldContinue;
+  };
+  TestPreparationResult CommonPrepareToTestPermission(nsIPrincipal* aPrincipal,
+                                                      uint32_t* aPermission) {
+    auto* basePrin = mozilla::BasePrincipal::Cast(aPrincipal);
+    if (basePrin && basePrin->IsSystemPrincipal()) {
+      *aPermission = nsIPermissionManager::ALLOW_ACTION;
+      return {basePrin, eDone};
+    }
+
+    return {basePrin, eContinue};
+  }
+
   nsresult CommonTestPermission(nsIPrincipal* aPrincipal, const char* aType,
                                 uint32_t* aPermission, bool aExactHostMatch,
                                 bool aIncludingSession) {
-    return CommonTestPermissionInternal(aPrincipal, nullptr, EmptyCString(),
-                                        aType, aPermission, aExactHostMatch,
-                                        aIncludingSession);
+    auto preparationResult =
+        CommonPrepareToTestPermission(aPrincipal, aPermission);
+    if (preparationResult.mShouldContinue == eDone) {
+      return NS_OK;
+    }
+
+    return CommonTestPermissionInternal(preparationResult.mPrincipal, nullptr,
+                                        EmptyCString(), aType, aPermission,
+                                        aExactHostMatch, aIncludingSession);
   }
   nsresult CommonTestPermission(nsIURI* aURI, const char* aType,
                                 uint32_t* aPermission, bool aExactHostMatch,
                                 bool aIncludingSession) {
+    auto preparationResult =
+        CommonPrepareToTestPermission(nullptr, aPermission);
+    if (preparationResult.mShouldContinue == eDone) {
+      return NS_OK;
+    }
+
+    MOZ_ASSERT(!preparationResult.mPrincipal);
+
     return CommonTestPermissionInternal(nullptr, aURI, EmptyCString(), aType,
                                         aPermission, aExactHostMatch,
                                         aIncludingSession);
   }
   // Only one of aPrincipal or aURI is allowed to be passed in.
-  nsresult CommonTestPermissionInternal(nsIPrincipal* aPrincipal, nsIURI* aURI,
-                                        const nsACString& aOriginNoSuffix,
-                                        const char* aType,
-                                        uint32_t* aPermission,
-                                        bool aExactHostMatch,
-                                        bool aIncludingSession);
+  nsresult CommonTestPermissionInternal(
+      mozilla::BasePrincipal* aPrincipal, nsIURI* aURI,
+      const nsACString& aOriginNoSuffix, const char* aType,
+      uint32_t* aPermission, bool aExactHostMatch, bool aIncludingSession);
 
   nsresult OpenDatabase(nsIFile* permissionsFile);
   nsresult InitDB(bool aRemoveFile);