Closed
Bug 1180323
Opened 9 years ago
Closed 9 years ago
Only look at the tracking table when cancelling speculative connections
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla42
Tracking | Status | |
---|---|---|
firefox42 | --- | fixed |
People
(Reporter: francois, Assigned: francois)
References
Details
Attachments
(1 file)
Tracking protection requires us to cancel speculative connections if they are found in the local blocklist. Malware/phishing sites however don't need that kind of protection and it could lead to performance problems if loading URLs whose partial hash conflicts with something in the Safe Browsing list.
We should only look at the tracking table when doing the ClassifyLocal call.
Assignee | ||
Comment 1•9 years ago
|
||
This could help address the regression discussed in https://bugzilla.mozilla.org/show_bug.cgi?id=1122691#c26.
Assignee: nobody → francois
Blocks: 1029886
Assignee | ||
Updated•9 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•9 years ago
|
||
Bug 1180323 - Only look at TP table before cancelling speculative connections. r=sworkman
Attachment #8629555 -
Flags: review?(sworkman)
Assignee | ||
Comment 3•9 years ago
|
||
Comment on attachment 8629555 [details]
MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
Asking gcp for the review instead, since he reviewed the earlier fix (bug 1122691).
Attachment #8629555 -
Flags: review?(sworkman) → review?(gpascutto)
Assignee | ||
Comment 4•9 years ago
|
||
Comment on attachment 8629555 [details]
MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
Bug 1180323 - Only look at TP table before cancelling speculative connections. r=sworkman
Comment 5•9 years ago
|
||
Comment on attachment 8629555 [details]
MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
https://reviewboard.mozilla.org/r/12633/#review11115
::: netwerk/protocol/http/nsHttpChannel.cpp:5004
(Diff revision 1)
> - LOG(("nsHttpChannel::ClassifyLocal found principal on local "
> + rv = classifier->ClassifyLocalWithTables(principal, tables, results);
I think this removes the last external user of ClassifyLocal, so clean up the IDL API: https://dxr.mozilla.org/mozilla-central/source/netwerk/base/nsIURIClassifier.idl#63
::: netwerk/protocol/http/nsHttpChannel.cpp:5006
(Diff revision 1)
> + FindInReadable(NS_LITERAL_CSTRING("-track-"), results)) {
You're already passing in the list of tables you're checking against, and it's only tracking tables. So do you actually need to scan the result? If it's not empty you have hit, right?
::: netwerk/protocol/http/nsHttpChannel.cpp:5002
(Diff revision 1)
> - classifier->ClassifyLocal(principal, tp, &response);
> + Preferences::GetCString("urlclassifier.trackingTable", &tables);
Not sure what the overhead is for grabbing the pref, but we hit this on every URL lookup. Does it make sense to statically cache this somehow?
Attachment #8629555 -
Flags: review?(gpascutto)
Assignee | ||
Comment 6•9 years ago
|
||
Comment on attachment 8629555 [details]
MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
Attachment #8629555 -
Attachment description: MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r=sworkman → MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
Attachment #8629555 -
Flags: review?(gpascutto)
Assignee | ||
Comment 7•9 years ago
|
||
I've addressed your first two comments in the latest revision of my patch.
(In reply to Gian-Carlo Pascutto [:gcp] from comment #5)
> ::: netwerk/protocol/http/nsHttpChannel.cpp:5002
> (Diff revision 1)
> > - classifier->ClassifyLocal(principal, tp, &response);
> > + Preferences::GetCString("urlclassifier.trackingTable", &tables);
>
> Not sure what the overhead is for grabbing the pref, but we hit this on
> every URL lookup. Does it make sense to statically cache this somehow?
Not sure either about the overhead (it's actually better than before though because we only lookup one pref instead of three in BuildTables() which was called by ClassifyLocal()) but if we cache it than it means that add-ons that want to add a table to it will not be able to be restartless.
Updated•9 years ago
|
Attachment #8629555 -
Flags: review?(gpascutto) → review+
Comment 8•9 years ago
|
||
Comment on attachment 8629555 [details]
MozReview Request: Bug 1180323 - Only look at TP table before cancelling speculative connections. r?gcp
https://reviewboard.mozilla.org/r/12633/#review11809
Ship It!
Assignee | ||
Comment 9•9 years ago
|
||
Keywords: checkin-needed
Comment 10•9 years ago
|
||
Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
You need to log in
before you can comment on or make changes to this bug.
Description
•