You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we consume the entity list, we generate safebrowsing hashes of the form http://<property_origin>/?resource=<resource_origin>. We do so by directly passing the origins given in the Disconnect entity list.
When these origins are checked in Firefox, we grab the hostname of the top-level page and the base domain of the third-party resource (i.e., the eTLD+1) and perform a lookup through safebrowsing for this fake URI. Thus, if the Disconnect list contains anything other than the eTLD+1 for the resource_origin, the safebrowsing lookup will fail and we'll fail to whitelist those resources.
The list creation script should ensure that all resource origins are either the eTLD or the eTLD+1 by throwing an error when the resource_origin does not match either of these. An example of the latter is fbsbx.com -- the PSL contains apps.fbsbx.com.
Note that we've chosen to allow resource origins that match an eTLD or an eTLD+1 to give us the ability to fix to the type of breakage documented in Bug 1580416. We should carefully review any resource entry that is an eTLD rather than an eTLD+1
The text was updated successfully, but these errors were encountered:
When we consume the entity list, we generate safebrowsing hashes of the form
http://<property_origin>/?resource=<resource_origin>. We do so by directly passing the origins given in the Disconnect entity list.When these origins are checked in Firefox, we grab the hostname of the top-level page and the base domain of the third-party resource (i.e., the eTLD+1) and perform a lookup through safebrowsing for this fake URI. Thus, if the Disconnect list contains anything other than the eTLD+1 for the
resource_origin, the safebrowsing lookup will fail and we'll fail to whitelist those resources.The list creation script should ensure that all
resourceorigins are either the eTLD or the eTLD+1 by throwing an error when theresource_origindoes not match either of these. An example of the latter isfbsbx.com-- the PSL containsapps.fbsbx.com.Note that we've chosen to allow resource origins that match an eTLD or an eTLD+1 to give us the ability to fix to the type of breakage documented in Bug 1580416. We should carefully review any resource entry that is an eTLD rather than an eTLD+1
The text was updated successfully, but these errors were encountered: