Currently a simple change to the manifest file of an OHTTP ping, (the removal of two lines) can cause a metric to be submitted through normal telemetry without tripping any more safety mechanism. Given the extremely bad consequences that could come from this it feels like it would be good to have additional points of failure, one obvious thing I believe we can do is add a runtime check on the ping submission so that the code sending the ping can have an assertion that will trips if something goes wrong with the manifest.
Something along the lines of:
`if (!mozilla::glean_pings::PageloadDomain.isSubmittedOverOHTTP()) {
return false;
}`
Bug 1976033 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Currently a simple change to the manifest file of an OHTTP ping, (the removal of two lines) can cause a metric to be submitted through normal telemetry without tripping any more safety mechanism. Given the extremely bad consequences that could come from this it feels like it would be good to have additional points of failure, one obvious thing I believe we can do is add a runtime check on the ping submission so that the code sending the ping can have an assertion that will trips if something goes wrong with the manifest.
Something along the lines of:
```
if (!mozilla::glean_pings::PageloadDomain.isSubmittedOverOHTTP()) {
return false;
}
```