(In reply to Valentin Gosu [:valentin] from comment #2) > The channel is only sent to a preset URL, but sometimes it may use GET parameters with base64 encoded values. Could those get incorrectly classified? If yes, then we should add the flag. No > It's sent with the system principal, so it probably shouldn't be a problem, right? Yes, we don't classify channel send via system principal, so in general, TRR request will not be classified The reason we are still talking about whether we should add LOAD_BYPASS_URL_ClASSIFIER flag to this channel is because we want to identify channels that if it is blocked, it has a serious consequence. For example, if somehow, there is a bug, the channel is not sent with system principal, and at the same time, safebrowsing database is polluted with an entry "mozilla.cloudflare-dns.com", then the channel will be blocked(I know it sounds the chance is pretty low :) ) But in case this happened to firefox update channel, we won't be able to recover from that because the channel will always be blocked. But for channels with the load flag, we won't use the system principal, top-level document...etc criteria to determine if it should be classified, hence reduce the possibility that misclassified it because of a bug. So the question is more like what happens if TRR::SendHTTPRequest? How serious it could be? Also, if there is any network channel you think of that it has serious consequence if get blocked, please let me know :) Thank you!
Bug 1549405 Comment 3 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Valentin Gosu [:valentin] from comment #2) > The channel is only sent to a preset URL, but sometimes it may use GET parameters with base64 encoded values. Could those get incorrectly classified? If yes, then we should add the flag. No > It's sent with the system principal, so it probably shouldn't be a problem, right? Yes, we don't classify channels send via system principal, so in general, TRR request will not be classified The reason we are still talking about whether we should add LOAD_BYPASS_URL_ClASSIFIER flag to this channel is because we want to identify channels that if it is blocked, it has a serious consequence. For example, if somehow, there is a bug, the channel is not sent with system principal, and at the same time, safebrowsing database is polluted with an entry "mozilla.cloudflare-dns.com", then the channel will be blocked(I know it sounds the chance is pretty low :) ) But in case this happened to firefox update channel, we won't be able to recover from that because the channel will always be blocked. But for channels with the load flag, we won't use the system principal, top-level document...etc criteria to determine if it should be classified, hence reduce the possibility that misclassified it because of a bug. So the question is more like what happens if TRR::SendHTTPRequest? How serious it could be? Also, if there is any network channel you think of that it has serious consequence if get blocked, please let me know :) Thank you!