If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Phishing Backoff not working with 400s

RESOLVED FIXED in Firefox 3 beta5

Status

()

Toolkit
Safe Browsing
P1
critical
RESOLVED FIXED
10 years ago
3 years ago

People

(Reporter: Garrett Casto, Assigned: dcamp)

Tracking

Trunk
Firefox 3 beta5
x86
Linux
Points:
---
Bug Flags:
blocking-firefox3 +

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12
Build Identifier: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12

If the phishing server returns 400's, Firefox will make the request every minute, instead of just making 3 requests, and then backing off for an hour.

Reproducible: Always

Steps to Reproduce:
1. Have server return 400.
Summary: Phishing Backoff not working with 400's → Phishing Backoff not working with 400s
Version: unspecified → 2.0 Branch
(Reporter)

Updated

10 years ago
Flags: blocking-firefox3?
Bumping up the priority -- we really need to get this fixed for beta 5, so that Firefox won't hammer the phishing servers if it receives 400's.
Severity: major → critical
Priority: -- → P1
Target Milestone: --- → Firefox 3 beta5
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: 2.0 Branch → Trunk
(Assignee)

Comment 2

10 years ago
The backoff object doesn't consider 400 to be an error.  This should be an easy
fix, I'll attach a patch soon.
(Assignee)

Comment 3

10 years ago
Created attachment 310401 [details] [diff] [review]
trigger backoff for 400s
Assignee: nobody → dcamp
Status: NEW → ASSIGNED
Attachment #310401 - Flags: review?(tony)
(Assignee)

Comment 4

10 years ago
Created attachment 310410 [details] [diff] [review]
slightly better fix

This version avoids scheduling the one-minute reping if the backoff object doesn't consider the server response worth erroring out on.
Attachment #310401 - Attachment is obsolete: true
Attachment #310410 - Flags: review?(tony)
Attachment #310401 - Flags: review?(tony)

Comment 5

10 years ago
Comment on attachment 310410 [details] [diff] [review]
slightly better fix

This is fine, but it's also a dupe of bug 378132.  This fix seems to be slightly better since we're now considering 4xx an error (that's not how we spec'ed it originally).
Attachment #310410 - Flags: review?(tony) → review+

Updated

10 years ago
Duplicate of this bug: 378132
Flags: blocking-firefox3? → blocking-firefox3+
(Assignee)

Updated

10 years ago
Keywords: checkin-needed
(Assignee)

Comment 7

10 years ago
Checking in content/listmanager.js;
/cvsroot/mozilla/toolkit/components/url-classifier/content/listmanager.js,v  <--  listmanager.js
new revision: 1.28; previous revision: 1.27
done
Checking in content/request-backoff.js;
/cvsroot/mozilla/toolkit/components/url-classifier/content/request-backoff.js,v  <--  request-backoff.js
new revision: 1.2; previous revision: 1.1
done
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
Keywords: checkin-needed
(Assignee)

Updated

10 years ago
Flags: blocking1.8.1.15?
(Assignee)

Comment 8

10 years ago
The patch in bug 378132 might be a safer basis for a branch patch, as it changes fewer interfaces (a bit).  You'd want to update it to treat 4xx as errors.
Clearing branch blocking request because we took the patch in bug 378132. If we still need more please re-nominate and explain.
Flags: blocking1.8.1.15?
Dave/Garret, can you verify this bug is fixed, i think its difficult for QA to generate this Error 400 :-) 
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.