[NoStatePrefetch] Integrate with SafeBrowsing |
||||
Issue descriptionIt seems that the current behavior is: - if the main resource is unsafe, abort the prefetch with FINAL_STATUS_APP_TERMINATING - if a sub resource is unsafe, do not prefetch that resource We need at least tests: * for main resource (NoStatePrefetchBrowserTest.PrerenderSafeBrowsingTopLevel is currently disabled) * for sub resource (write a new test) Then, we can discuss: - a better final status (FINAL_STATUS_SAFE_BROWSING). This would be better for metrics, but introduces some coupling between SafeBrowsing and Prerendering. A middle ground could be FINAL_STATUS_CANCELLED, because it can be implemented without coupling. - when a suresource is unsafe, cancel the other subresources. Seems hard to do, because these resources are not attached to a WebContents or PrerenderContents and there is no easy way to get at them.
,
Jan 6 2017
,
Jan 6 2017
For non-prefetched pages now, a bad subresource will trigger an interstitial but won't block other (good) subresources on the page -- they'll continue to load. (FYI we're considering a revamp of interstitials in the next two quarters that'd likely change this, maybe with a committed navigation to the interstitial such that subresources would not continue to load.) And I'd agree, less coupling is good.
,
Jan 10 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/316b5bbb9d35045363bd3954f7c3a68951314cd8 commit 316b5bbb9d35045363bd3954f7c3a68951314cd8 Author: droger <droger@chromium.org> Date: Tue Jan 10 09:59:39 2017 [NoStatePrefetch] Implement FINAL_STATUS_SAFEBROWSING This CL plumbs through FINAL_STATUS_SAFEBROWSING for NoStatePrefetch. The SafeBrowsing throttle attempts to destroy the prefetch if the main resource is unsafe. If a subresource is unsafe, it is cancelled, but the network requests for other subresources on the same page will typically NOT be canceled. The issue of subresources will be addressed separately in the future. BUG= 678941 Review-Url: https://codereview.chromium.org/2615883003 Cr-Commit-Position: refs/heads/master@{#442543} [modify] https://crrev.com/316b5bbb9d35045363bd3954f7c3a68951314cd8/chrome/browser/loader/safe_browsing_resource_throttle.cc [modify] https://crrev.com/316b5bbb9d35045363bd3954f7c3a68951314cd8/chrome/browser/prerender/prerender_nostate_prefetch_browsertest.cc
,
Jan 11 2017
The tests have been added. The only question left is what to do with unsafe subresources. The current behavior is to block them, but not cancel the other subresources. This is similar to a normal load (as per comment #3), but different from a prerender (which cancels the whole prerender when a unsafe resource is found). It seems to me that this behavior is acceptable, at least for now, and I'd be tempted to close this bug.
,
Jan 11 2017
> This is similar to a normal load (as per comment #3), but different from a > prerender (which cancels the whole prerender when a unsafe resource is found). But an unknown number of other subresources will still be loaded. What happens to subresource loads that are in-flight when an unsafe subresource is found?
,
Jan 11 2017
Currently with prefetch, if a subresource is unsafe, it will be blocked, but all other subresources are loaded normally. In my understanding (as per comment #3), the same thing happens when doing a normal load: everything but the unsafe resource is loaded. In the case of a normal load, a warning page (interstitial) is displayed in this case.
,
Jan 13 2017
,
Jan 16 2017
Closing, considering the behavior is good enough. |
||||
►
Sign in to add a comment |
||||
Comment 1 by mattcary@chromium.org
, Jan 6 2017