Improve WebsiteFilter policy implementation




Last year
5 months ago


(Reporter: Felipe, Unassigned)


Firefox Tracking Flags

(Not tracked)


Currently, the implementation of WebsiteFilter uses an http-on-modify-request observer. That has the following disadvantages:

- it's only able to filter http/https accesses
- it uses an observer
- it's in JS

At a minimum, we should try to replace it with a nsIContentPolicy filter. The problem is that we want to return the error code Cr.NS_ERROR_BLOCKED_BY_POLICY, in order to display the proper error message, but that will require some changes to the code that calls the contentpolicy filters.

Ideally we would re-implement this filter in C++, maybe as a C++ impl of an nsIContentPolicy, or even better, directly called from nsChannelClassifier::StartInternal()

Hopefully we can re-use the MatchPattern matcher so we can keep supporting the policy with the same parameter type.
One note is that MatchPattern has a whitelist of protocols that it accepts, which doesn't include data:*, so we should probably add that as a special case
nsIContentPolicy has been rewritten. We might be able to do the error code now.
Priority: -- → P3

From a conversation with Ehsan on IRC we arrived as the best solution being to implement this on Necko, at the same level as where the nsChannelClassifer is called:

You need to log in before you can comment on or make changes to this bug.