Closed Bug 1815738 Opened 1 year ago Closed 1 year ago

Add telemetry to record the type of resource that requests auth

Categories

(Core :: Networking: HTTP, enhancement, P2)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
112 Branch
Tracking Flags:
Tracking Status
firefox112 --- fixed

People

(Reporter: h.sofie.p, Assigned: h.sofie.p)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(2 files, 1 obsolete file)

Bug 1815738 - record type of 401 request.r=pbz!
48 bytes, text/x-phabricator-request
Details | Review
data_review_request.md
2.74 KB, text/plain
willkg
: data-review+
Details

As a follow up of Bug 791594 - 401 password prompt spoofing thing we would like to get telemetry on what resources request http authentication, special attention will go to top level requests from a cross domain resource because this will be the case that the patch applies to. Also, subresource cross domain requests are interesting, to see if it would be beneficial to apply the auth spoofing protections to those as well.
Our idea is to enable AUTH_DIALOG_STATS_3 again and adjust it so that it also catches the top level cross domain requests.

Severity: -- → N/A
QA Whiteboard: [necko-triage]
Priority: -- → P2
QA Whiteboard: [necko-triage] → [necko-triaged]
QA Whiteboard: [necko-triaged]
Whiteboard: [necko-triaged]
Attached file data_rewiew_request.md (obsolete) —
Attachment #9318140 - Flags: data-review?(willkg)
Attachment #9317821 - Attachment description: WIP: Bug 1815738 - record type of 401 request.r=pbz! → Bug 1815738 - record type of 401 request.r=pbz!

Comment on attachment 9318140 [details]
data_rewiew_request.md

For a renewal, we need the links to the original data review. So I think either someone needs to find links or we need to do a full data review request.

Flags: needinfo?(hpeuckmann)
Attachment #9318140 - Flags: data-review?(willkg) → data-review-
Flags: needinfo?(hpeuckmann)
Summary: Revive AUTH_DIALOG_STATS_3 telemetry → Add telemetry to record the tye of resource that requests auth
Attachment #9318140 - Attachment is obsolete: true
Attached file data_review_request.md
Attachment #9318986 - Flags: data-review?(willkg)

Thank you, I filled out a request for a full data review now.

Summary: Add telemetry to record the tye of resource that requests auth → Add telemetry to record the type of resource that requests auth

Comment on attachment 9318986 [details]
data_review_request.md

Data Review Form

  1. Is there or will there be documentation that describes the schema for the ultimate data set in a public, complete, and accurate way?

Yes. The metrics are documented in toolkit/components/telemetry/Histograms.json .

  1. Is there a control mechanism that allows the user to turn the data collection on and off?

Standard Telemetry mechanisms.

  1. If the request is for permanent data collection, is there someone who will monitor the data over time?

N/A

  1. Using the category system of data types on the Mozilla wiki, what collection type of data do the requested measurements fall under?

Category 1.

  1. Is the data collection request for default-on or default-off?

Standard Telemetry default-on.

  1. Does the instrumentation include the addition of any new identifiers (whether anonymous or otherwise; e.g., username, random IDs, etc. See the appendix for more details)?

No.

  1. Is the data collection covered by the existing Firefox privacy notice?

Yes.

  1. Does the data collection use a third-party collection tool?

No.

Attachment #9318986 - Flags: data-review?(willkg) → data-review+
Pushed by hpeuckmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5912bbda2937
record type of 401 request.r=necko-reviewers,pbz,valentin

Backed out for causing xpcshell failures in netwerk/test/unit/test_auth_dialog_permission.js.

  • Backout link
  • Push with failures
  • Failure Log
  • Failure line 1: TEST-UNEXPECTED-FAIL | netwerk/test/unit/test_auth_dialog_permission.js | xpcshell return code: -11
  • Failure line 2: PROCESS-CRASH | netwerk/test/unit/test_auth_dialog_permission.js | application crashed [@ RefPtr<mozilla::dom::WindowContext>::get() const]
Flags: needinfo?(hpeuckmann)
Pushed by hpeuckmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c3df33bafd47
record type of 401 request.r=necko-reviewers,pbz,valentin

https://hg.mozilla.org/mozilla-central/rev/c3df33bafd47

Status: NEW → RESOLVED
Closed: 1 year ago
status-firefox112: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
Flags: needinfo?(hpeuckmann)

(In reply to Pulsebot from comment #9)

Pushed by hpeuckmann@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c3df33bafd47
record type of 401 request.r=necko-reviewers,pbz,valentin

== Change summary for alert #37539 (as of Mon, 06 Mar 2023 20:51:06 GMT) ==

Improvements:

Ratio Test Platform Options Absolute values (old vs new)
12% perf_reftest_singletons style-attr-1.html windows10-64-shippable-qr e10s fission stylo webrender 3.22 -> 2.83

For up to date results, see: https://treeherder.mozilla.org/perfherder/alerts?id=37539

See Also: → 1832456
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: