Closed
Bug 1025358
Opened 10 years ago
Closed 10 years ago
Safe Browsing makes requests when disabled
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: grobinson, Unassigned)
References
Details
Found while attempting to reproduce Bug 1008706. STR: 1. Create a new profile 2. Disable safe browsing (browser.safebrowsing.enable => false in about:config) 3. Visit facebook.com 4. In the browser console, you will see numerous requests made to SafeBrowsing URI's, e.g. POST https://safebrowsing.google.com/safebrowsing/downloads GET https://safebrowsing-cache.google.com/safebrowsing/rd/ChVnb29nLWJhZGJpbnVybC1zaGF2YXIQARjh6QEggOsBKhfwdAAA_____ ... Expected behavior: No requests to any Safe Browsing domains are made when the feature is disabled.
Updated•10 years ago
|
Component: DOM: Security → Phishing Protection
Product: Core → Toolkit
Comment 1•10 years ago
|
||
There are 2 prefs to control Safebrowsing, one for phishing (which you found) and one for malware. You must also turn browser.safebrowsing.malware.enabled to false to disable malware checks. These are exposed in the UI as Prefs > Security > "Block reported attack sites" and "Block reported web forgeries". Are you able to reproduce with both types of safebrowsing disabled?
Flags: needinfo?(grobinson)
Comment 2•10 years ago
|
||
I tried to reproduce just now with a fresh profile in FF Nightly: 1) Go to about:config and turn off browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled 2) Go to facebook.com, turn on network developer tools, wait 30 minutes and see no safebrowsing traffic So I think this is working as intended.
Comment 3•10 years ago
|
||
I think the naming of browser.safebrowsing.enabled isn't ideal given that it implies it is a superset of all enable/disable functionality within browser.safebrowsing.* As such, I've filed bug 1025965 for renaming it to browser.safebrowsing.phishing.enabled, to avoid this confusion.
Reporter | ||
Comment 4•10 years ago
|
||
> Are you able to reproduce with both types of safebrowsing disabled? I was unable to reproduce with both types of safebrowsing disabled. Sorry for not spotting that there were two different flags for the two types of safebrowsing! I agree with Ed in Comment 3 - we should rename the pref to avoid this confusion in the future.
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(grobinson)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•