We currently only check net error and response code while sending reports. It's possible that there are content filters, firewalls and captive portals that return a canned HTTP 200 response while blocking the actual request at the same time. We'd assume such a report upload to be successful even though it was blocked.
It might be a good idea to check the response headers in addition to the response code. As an example, SafeBrowsing extended reporting server sets X-Google-Service: safebrowsing_csd,safebrowsing-aggregate for cert report uploads, which we test.
We currently only check net error and response code while sending reports. It's possible that there are content filters, firewalls and captive portals that return a canned HTTP 200 response while blocking the actual request at the same time. We'd assume such a report upload to be successful even though it was blocked.
It might be a good idea to check the response headers in addition to the response code. As an example, SafeBrowsing extended reporting server sets X-Google-Service: safebrowsing_csd,safebrowsing-aggregate for cert report uploads, which we could test.
Comment 1 by mea...@chromium.org
, May 4 2017