Bug 1525458 - Part 1: Only emit the loaded events for various content blocking categories in the presence of an allow-list entry for the top-level document when content would have been blocked otherwise; r=baku,dimi
authorEhsan Akhgari <ehsan@mozilla.com>
Tue, 26 Feb 2019 18:51:14 -0500
changeset 519751 d32503125d279a4729ddd5f2e62dd9a1a2f04d65
parent 519750 08157bb630a6626773395db07862b7de3d43a3db
child 519752 03f6a90e46bd71ce3f8827c4dfedba6abd509867
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbaku, dimi
bugs1525458
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1525458 - Part 1: Only emit the loaded events for various content blocking categories in the presence of an allow-list entry for the top-level document when content would have been blocked otherwise; r=baku,dimi Previously the code here used to emit the loaded events for every resource examined by the URL Classifier Features (in other words, every third party resource). But we only need to emit the events in cases where without the presence of the allow-list we would have blocked the content. Differential Revision: https://phabricator.services.mozilla.com/D20874
netwerk/url-classifier/UrlClassifierCommon.cpp
netwerk/url-classifier/UrlClassifierCommon.h
netwerk/url-classifier/UrlClassifierFeatureBase.cpp
netwerk/url-classifier/UrlClassifierFeatureBase.h
netwerk/url-classifier/UrlClassifierFeatureCryptomining.cpp
netwerk/url-classifier/UrlClassifierFeatureFingerprinting.cpp
netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
netwerk/url-classifier/UrlClassifierFeatureTrackingProtection.cpp
--- a/netwerk/url-classifier/UrlClassifierCommon.cpp
+++ b/netwerk/url-classifier/UrlClassifierCommon.cpp
@@ -83,120 +83,54 @@ UrlClassifierCommon::NotifyChannelClassi
   NS_ENSURE_TRUE_VOID(doc);
 
   nsCOMPtr<nsIURI> uri;
   aChannel->GetURI(getter_AddRefs(uri));
   pwin->NotifyContentBlockingEvent(aBlockedReason, aChannel, true, uri);
 }
 
 /* static */ bool UrlClassifierCommon::ShouldEnableClassifier(
-    nsIChannel* aChannel,
-    AntiTrackingCommon::ContentBlockingAllowListPurpose aBlockingPurpose) {
+    nsIChannel* aChannel) {
   MOZ_ASSERT(aChannel);
-  MOZ_ASSERT(aBlockingPurpose == AntiTrackingCommon::eTrackingProtection ||
-             aBlockingPurpose == AntiTrackingCommon::eTrackingAnnotations ||
-             aBlockingPurpose == AntiTrackingCommon::eFingerprinting ||
-             aBlockingPurpose == AntiTrackingCommon::eCryptomining);
-
-  nsCOMPtr<nsIHttpChannelInternal> channel = do_QueryInterface(aChannel);
-  if (!channel) {
-    UC_LOG(("nsChannelClassifier: Not an HTTP channel"));
-    return false;
-  }
 
   nsCOMPtr<nsIURI> chanURI;
   nsresult rv = aChannel->GetURI(getter_AddRefs(chanURI));
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return false;
   }
 
   if (UrlClassifierCommon::AddonMayLoad(aChannel, chanURI)) {
     return false;
   }
 
-  nsCOMPtr<nsIIOService> ios = services::GetIOService();
-  if (NS_WARN_IF(!ios)) {
-    return false;
-  }
-
-  nsCOMPtr<nsIURI> topWinURI;
-  rv = channel->GetTopWindowURI(getter_AddRefs(topWinURI));
-  if (NS_WARN_IF(NS_FAILED(rv))) {
-    return false;
-  }
-
-  if (!topWinURI && StaticPrefs::channelclassifier_allowlist_example()) {
-    UC_LOG(("nsChannelClassifier: Allowlisting test domain"));
-    rv = ios->NewURI(NS_LITERAL_CSTRING("http://allowlisted.example.com"),
-                     nullptr, nullptr, getter_AddRefs(topWinURI));
-    if (NS_WARN_IF(NS_FAILED(rv))) {
-      return false;
-    }
-  }
-
-  bool isAllowListed;
-  rv = AntiTrackingCommon::IsOnContentBlockingAllowList(
-      topWinURI, NS_UsePrivateBrowsing(aChannel), aBlockingPurpose,
-      isAllowListed);
-  if (NS_FAILED(rv)) {  // normal for some loads, no need to print a warning
-    return false;
-  }
-
-  if (isAllowListed) {
-    if (UC_LOG_ENABLED()) {
-      nsCString chanSpec = chanURI->GetSpecOrDefault();
-      chanSpec.Truncate(
-          std::min(chanSpec.Length(), UrlClassifierCommon::sMaxSpecLength));
-      UC_LOG(("nsChannelClassifier: User override on channel[%p] (%s)",
-              aChannel, chanSpec.get()));
-    }
-
-    // Channel classifier protection will be disabled so update the security
-    // state of the document and fire a secure change event. If we can't get the
-    // window for the channel, then the shield won't show up so we can't send an
-    // event to the securityUI anyway.
-
-    uint32_t event = 0;
-    switch (aBlockingPurpose) {
-      case AntiTrackingCommon::eTrackingProtection:
-        MOZ_FALLTHROUGH;
-      case AntiTrackingCommon::eTrackingAnnotations:
-        event = nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT;
-        break;
-
-      case AntiTrackingCommon::eFingerprinting:
-        event = nsIWebProgressListener::STATE_LOADED_FINGERPRINTING_CONTENT;
-        break;
-
-      case AntiTrackingCommon::eCryptomining:
-        event = nsIWebProgressListener::STATE_LOADED_CRYPTOMINING_CONTENT;
-        break;
-
-      default:
-        MOZ_CRASH("Invalidate blocking purpose.");
-    }
-
-    UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(aChannel,
-                                                                   event);
-
-    return false;
-  }
-
   // Tracking protection will be enabled so return without updating
   // the security state. If any channels are subsequently cancelled
   // (page elements blocked) the state will be then updated.
   if (UC_LOG_ENABLED()) {
+    nsCOMPtr<nsIURI> topWinURI;
+    nsCOMPtr<nsIHttpChannelInternal> channel = do_QueryInterface(aChannel);
+    if (!channel) {
+      UC_LOG(("nsChannelClassifier: Not an HTTP channel"));
+      return false;
+    }
+
+    nsresult rv = channel->GetTopWindowURI(getter_AddRefs(topWinURI));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+
     nsCString chanSpec = chanURI->GetSpecOrDefault();
     chanSpec.Truncate(
         std::min(chanSpec.Length(), UrlClassifierCommon::sMaxSpecLength));
-    nsCString topWinSpec = topWinURI->GetSpecOrDefault();
+    nsCString topWinSpec = topWinURI ? topWinURI->GetSpecOrDefault()
+                                     : NS_LITERAL_CSTRING("(null)");
     topWinSpec.Truncate(
         std::min(topWinSpec.Length(), UrlClassifierCommon::sMaxSpecLength));
     UC_LOG(
-        ("nsChannelClassifier: Enabling tracking protection checks on "
+        ("nsChannelClassifier: Enabling url classifier checks on "
          "channel[%p] with uri %s for toplevel window uri %s",
          aChannel, chanSpec.get(), topWinSpec.get()));
   }
 
   return true;
 }
 
 /* static */ nsresult UrlClassifierCommon::SetBlockedContent(
--- a/netwerk/url-classifier/UrlClassifierCommon.h
+++ b/netwerk/url-classifier/UrlClassifierCommon.h
@@ -25,19 +25,17 @@ class UrlClassifierCommon final {
 
   static LazyLogModule sLog;
 
   static bool AddonMayLoad(nsIChannel* aChannel, nsIURI* aURI);
 
   static void NotifyChannelClassifierProtectionDisabled(
       nsIChannel* aChannel, uint32_t aAcceptedReason);
 
-  static bool ShouldEnableClassifier(
-      nsIChannel* aChannel,
-      AntiTrackingCommon::ContentBlockingAllowListPurpose aBlockingPurpose);
+  static bool ShouldEnableClassifier(nsIChannel* aChannel);
 
   static nsresult SetBlockedContent(nsIChannel* channel, nsresult aErrorCode,
                                     const nsACString& aList,
                                     const nsACString& aProvider,
                                     const nsACString& aFullHash);
 
   // Use this function only when you are looking for a pairwise whitelist uri
   // with the format: http://toplevel.page/?resource=channel.uri.domain
--- a/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureBase.cpp
@@ -154,10 +154,70 @@ UrlClassifierFeatureBase::HasHostInPrefe
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureBase::GetSkipHostList(nsACString& aList) {
   aList = mSkipHosts;
   return NS_OK;
 }
 
+bool UrlClassifierFeatureBase::IsAllowListed(
+    nsIChannel* aChannel,
+    AntiTrackingCommon::ContentBlockingAllowListPurpose aPurpose) {
+  MOZ_ASSERT(aPurpose == AntiTrackingCommon::eTrackingProtection ||
+             aPurpose == AntiTrackingCommon::eTrackingAnnotations ||
+             aPurpose == AntiTrackingCommon::eFingerprinting ||
+             aPurpose == AntiTrackingCommon::eCryptomining);
+
+  nsCOMPtr<nsIHttpChannelInternal> channel = do_QueryInterface(aChannel);
+  if (!channel) {
+    UC_LOG(("nsChannelClassifier: Not an HTTP channel"));
+    return false;
+  }
+
+  nsCOMPtr<nsIURI> topWinURI;
+  nsresult rv = channel->GetTopWindowURI(getter_AddRefs(topWinURI));
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return false;
+  }
+
+  if (!topWinURI && StaticPrefs::channelclassifier_allowlist_example()) {
+    UC_LOG(("nsChannelClassifier: Allowlisting test domain"));
+    nsCOMPtr<nsIIOService> ios = services::GetIOService();
+    if (NS_WARN_IF(!ios)) {
+      return false;
+    }
+
+    rv = ios->NewURI(NS_LITERAL_CSTRING("http://allowlisted.example.com"),
+                     nullptr, nullptr, getter_AddRefs(topWinURI));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return false;
+    }
+  }
+
+  bool isAllowListed = false;
+  rv = AntiTrackingCommon::IsOnContentBlockingAllowList(
+      topWinURI, NS_UsePrivateBrowsing(aChannel), aPurpose, isAllowListed);
+  if (NS_FAILED(rv)) {  // normal for some loads, no need to print a warning
+    return false;
+  }
+
+  if (isAllowListed) {
+    if (UC_LOG_ENABLED()) {
+      nsCOMPtr<nsIURI> chanURI;
+      nsresult rv = aChannel->GetURI(getter_AddRefs(chanURI));
+      if (NS_WARN_IF(NS_FAILED(rv))) {
+        return isAllowListed;
+      }
+
+      nsCString chanSpec = chanURI->GetSpecOrDefault();
+      chanSpec.Truncate(
+          std::min(chanSpec.Length(), UrlClassifierCommon::sMaxSpecLength));
+      UC_LOG(("nsChannelClassifier: User override on channel[%p] (%s)",
+              aChannel, chanSpec.get()));
+    }
+  }
+
+  return isAllowListed;
+}
+
 }  // namespace net
 }  // namespace mozilla
--- a/netwerk/url-classifier/UrlClassifierFeatureBase.h
+++ b/netwerk/url-classifier/UrlClassifierFeatureBase.h
@@ -5,16 +5,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_net_UrlClassifierFeatureBase_h
 #define mozilla_net_UrlClassifierFeatureBase_h
 
 #include "nsIUrlClassifierFeature.h"
 #include "nsTArray.h"
 #include "nsString.h"
+#include "mozilla/AntiTrackingCommon.h"
 
 namespace mozilla {
 namespace net {
 
 class UrlClassifierFeatureBase : public nsIUrlClassifierFeature {
  public:
   NS_DECL_ISUPPORTS
 
@@ -47,16 +48,20 @@ class UrlClassifierFeatureBase : public 
                            const nsACString& aPrefWhitelistTableName,
                            const nsACString& aPrefSkipHosts);
 
   virtual ~UrlClassifierFeatureBase();
 
   void InitializePreferences();
   void ShutdownPreferences();
 
+  bool IsAllowListed(
+      nsIChannel* aChannel,
+      AntiTrackingCommon::ContentBlockingAllowListPurpose aPurpose);
+
  private:
   nsCString mName;
 
   nsCString mPrefSkipHosts;
 
   // 2: blacklist and whitelist.
   nsCString mPrefTables[2];
   nsTArray<nsCString> mTables[2];
--- a/netwerk/url-classifier/UrlClassifierFeatureCryptomining.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureCryptomining.cpp
@@ -96,18 +96,17 @@ UrlClassifierFeatureCryptomining::MaybeC
            "for first party or top-level load channel[%p] "
            "with uri %s",
            aChannel, spec.get()));
     }
 
     return nullptr;
   }
 
-  if (!UrlClassifierCommon::ShouldEnableClassifier(
-          aChannel, AntiTrackingCommon::eCryptomining)) {
+  if (!UrlClassifierCommon::ShouldEnableClassifier(aChannel)) {
     return nullptr;
   }
 
   MaybeInitialize();
   MOZ_ASSERT(gFeatureCryptomining);
 
   RefPtr<UrlClassifierFeatureCryptomining> self = gFeatureCryptomining;
   return self.forget();
@@ -128,32 +127,47 @@ UrlClassifierFeatureCryptomining::GetIfN
 
 NS_IMETHODIMP
 UrlClassifierFeatureCryptomining::ProcessChannel(nsIChannel* aChannel,
                                                  const nsACString& aList,
                                                  bool* aShouldContinue) {
   NS_ENSURE_ARG_POINTER(aChannel);
   NS_ENSURE_ARG_POINTER(aShouldContinue);
 
-  // This is a blocking feature.
-  *aShouldContinue = false;
+  bool isAllowListed =
+      IsAllowListed(aChannel, AntiTrackingCommon::eCryptomining);
 
-  UrlClassifierCommon::SetBlockedContent(aChannel, NS_ERROR_CRYPTOMINING_URI,
-                                         aList, EmptyCString(), EmptyCString());
+  // This is a blocking feature.
+  *aShouldContinue = isAllowListed;
 
-  UC_LOG(
-      ("UrlClassifierFeatureCryptomining::ProcessChannel, cancelling "
-       "channel[%p]",
-       aChannel));
-  nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
+  if (isAllowListed) {
+    // Even with cryptomining blocking disabled, we still want to show the user
+    // that there are unblocked cryptominers on the site, so notify the UI that
+    // we loaded cryptomining content.  UI code can treat this notification
+    // differently depending on whether cryptomining blocking is enabled or
+    // disabled.
+    UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(
+        aChannel, nsIWebProgressListener::STATE_LOADED_CRYPTOMINING_CONTENT);
+  } else {
+    UrlClassifierCommon::SetBlockedContent(aChannel, NS_ERROR_CRYPTOMINING_URI,
+                                           aList, EmptyCString(),
+                                           EmptyCString());
 
-  if (httpChannel) {
-    Unused << httpChannel->CancelByChannelClassifier(NS_ERROR_CRYPTOMINING_URI);
-  } else {
-    Unused << aChannel->Cancel(NS_ERROR_CRYPTOMINING_URI);
+    UC_LOG(
+        ("UrlClassifierFeatureCryptomining::ProcessChannel, cancelling "
+         "channel[%p]",
+         aChannel));
+    nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
+
+    if (httpChannel) {
+      Unused << httpChannel->CancelByChannelClassifier(
+          NS_ERROR_CRYPTOMINING_URI);
+    } else {
+      Unused << aChannel->Cancel(NS_ERROR_CRYPTOMINING_URI);
+    }
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureCryptomining::GetURIByListType(
     nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType,
--- a/netwerk/url-classifier/UrlClassifierFeatureFingerprinting.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureFingerprinting.cpp
@@ -98,18 +98,17 @@ UrlClassifierFeatureFingerprinting::Mayb
            "for first party or top-level load channel[%p] "
            "with uri %s",
            aChannel, spec.get()));
     }
 
     return nullptr;
   }
 
-  if (!UrlClassifierCommon::ShouldEnableClassifier(
-          aChannel, AntiTrackingCommon::eFingerprinting)) {
+  if (!UrlClassifierCommon::ShouldEnableClassifier(aChannel)) {
     return nullptr;
   }
 
   MaybeInitialize();
   MOZ_ASSERT(gFeatureFingerprinting);
 
   RefPtr<UrlClassifierFeatureFingerprinting> self = gFeatureFingerprinting;
   return self.forget();
@@ -130,33 +129,47 @@ UrlClassifierFeatureFingerprinting::GetI
 
 NS_IMETHODIMP
 UrlClassifierFeatureFingerprinting::ProcessChannel(nsIChannel* aChannel,
                                                    const nsACString& aList,
                                                    bool* aShouldContinue) {
   NS_ENSURE_ARG_POINTER(aChannel);
   NS_ENSURE_ARG_POINTER(aShouldContinue);
 
-  // This is a blocking feature.
-  *aShouldContinue = false;
+  bool isAllowListed =
+      IsAllowListed(aChannel, AntiTrackingCommon::eFingerprinting);
 
-  UrlClassifierCommon::SetBlockedContent(aChannel, NS_ERROR_FINGERPRINTING_URI,
-                                         aList, EmptyCString(), EmptyCString());
+  // This is a blocking feature.
+  *aShouldContinue = isAllowListed;
 
-  UC_LOG(
-      ("UrlClassifierFeatureFingerprinting::ProcessChannel, cancelling "
-       "channel[%p]",
-       aChannel));
-  nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
+  if (isAllowListed) {
+    // Even with fingerprinting blocking disabled, we still want to show the
+    // user that there are unblocked trackers on the site, so notify the UI that
+    // we loaded tracking content.  UI code can treat this notification
+    // differently depending on whether fingerprinting blocking is enabled or
+    // not.
+    UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(
+        aChannel, nsIWebProgressListener::STATE_LOADED_FINGERPRINTING_CONTENT);
+  } else {
+    UrlClassifierCommon::SetBlockedContent(aChannel,
+                                           NS_ERROR_FINGERPRINTING_URI, aList,
+                                           EmptyCString(), EmptyCString());
 
-  if (httpChannel) {
-    Unused << httpChannel->CancelByChannelClassifier(
-        NS_ERROR_FINGERPRINTING_URI);
-  } else {
-    Unused << aChannel->Cancel(NS_ERROR_FINGERPRINTING_URI);
+    UC_LOG(
+        ("UrlClassifierFeatureFingerprinting::ProcessChannel, cancelling "
+         "channel[%p]",
+         aChannel));
+    nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
+
+    if (httpChannel) {
+      Unused << httpChannel->CancelByChannelClassifier(
+          NS_ERROR_FINGERPRINTING_URI);
+    } else {
+      Unused << aChannel->Cancel(NS_ERROR_FINGERPRINTING_URI);
+    }
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureFingerprinting::GetURIByListType(
     nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType,
--- a/netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp
@@ -149,18 +149,17 @@ UrlClassifierFeatureTrackingAnnotation::
 
   UC_LOG(("UrlClassifierFeatureTrackingAnnotation: MaybeCreate for channel %p",
           aChannel));
 
   if (!StaticPrefs::privacy_trackingprotection_annotate_channels()) {
     return nullptr;
   }
 
-  if (!UrlClassifierCommon::ShouldEnableClassifier(
-          aChannel, AntiTrackingCommon::eTrackingAnnotations)) {
+  if (!UrlClassifierCommon::ShouldEnableClassifier(aChannel)) {
     return nullptr;
   }
 
   MaybeInitialize();
   MOZ_ASSERT(gFeatureTrackingAnnotation);
 
   RefPtr<UrlClassifierFeatureTrackingAnnotation> self =
       gFeatureTrackingAnnotation;
@@ -200,34 +199,38 @@ UrlClassifierFeatureTrackingAnnotation::
          "nsIChannel::GetURI(%p) failed",
          (void*)aChannel));
     return NS_OK;
   }
 
   bool isThirdPartyWithTopLevelWinURI =
       nsContentUtils::IsThirdPartyWindowOrChannel(nullptr, aChannel, chanURI);
 
+  bool isAllowListed =
+      IsAllowListed(aChannel, AntiTrackingCommon::eTrackingAnnotations);
+
   UC_LOG(
       ("UrlClassifierFeatureTrackingAnnotation::ProcessChannel, annotating "
        "channel[%p]",
        aChannel));
 
   SetIsTrackingResourceHelper(aChannel, isThirdPartyWithTopLevelWinURI);
 
-  if (isThirdPartyWithTopLevelWinURI) {
+  if (isThirdPartyWithTopLevelWinURI || isAllowListed) {
     // Even with TP disabled, we still want to show the user that there
     // are unblocked trackers on the site, so notify the UI that we loaded
     // tracking content. UI code can treat this notification differently
     // depending on whether TP is enabled or disabled.
     UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled(
         aChannel, nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT);
+  }
 
-    if (StaticPrefs::privacy_trackingprotection_lower_network_priority()) {
-      LowerPriorityHelper(aChannel);
-    }
+  if (isThirdPartyWithTopLevelWinURI &&
+      StaticPrefs::privacy_trackingprotection_lower_network_priority()) {
+    LowerPriorityHelper(aChannel);
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureTrackingAnnotation::GetURIByListType(
     nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType,
--- a/netwerk/url-classifier/UrlClassifierFeatureTrackingProtection.cpp
+++ b/netwerk/url-classifier/UrlClassifierFeatureTrackingProtection.cpp
@@ -96,18 +96,17 @@ UrlClassifierFeatureTrackingProtection::
            "protection checks for first party or top-level load channel[%p] "
            "with uri %s",
            aChannel, spec.get()));
     }
 
     return nullptr;
   }
 
-  if (!UrlClassifierCommon::ShouldEnableClassifier(
-          aChannel, AntiTrackingCommon::eTrackingProtection)) {
+  if (!UrlClassifierCommon::ShouldEnableClassifier(aChannel)) {
     return nullptr;
   }
 
   MaybeInitialize();
   MOZ_ASSERT(gFeatureTrackingProtection);
 
   RefPtr<UrlClassifierFeatureTrackingProtection> self =
       gFeatureTrackingProtection;
@@ -131,31 +130,36 @@ UrlClassifierFeatureTrackingProtection::
 
 NS_IMETHODIMP
 UrlClassifierFeatureTrackingProtection::ProcessChannel(nsIChannel* aChannel,
                                                        const nsACString& aList,
                                                        bool* aShouldContinue) {
   NS_ENSURE_ARG_POINTER(aChannel);
   NS_ENSURE_ARG_POINTER(aShouldContinue);
 
-  // This is a blocking feature.
-  *aShouldContinue = false;
+  bool isAllowListed =
+      IsAllowListed(aChannel, AntiTrackingCommon::eTrackingProtection);
 
-  UrlClassifierCommon::SetBlockedContent(aChannel, NS_ERROR_TRACKING_URI, aList,
-                                         EmptyCString(), EmptyCString());
+  // This is a blocking feature.
+  *aShouldContinue = isAllowListed;
+
+  if (!isAllowListed) {
+    UrlClassifierCommon::SetBlockedContent(
+        aChannel, NS_ERROR_TRACKING_URI, aList, EmptyCString(), EmptyCString());
 
-  UC_LOG(
-      ("UrlClassifierFeatureTrackingProtection::ProcessChannel, cancelling "
-       "channel[%p]",
-       aChannel));
-  nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
-  if (httpChannel) {
-    Unused << httpChannel->CancelByChannelClassifier(NS_ERROR_TRACKING_URI);
-  } else {
-    Unused << aChannel->Cancel(NS_ERROR_TRACKING_URI);
+    UC_LOG(
+        ("UrlClassifierFeatureTrackingProtection::ProcessChannel, cancelling "
+         "channel[%p]",
+         aChannel));
+    nsCOMPtr<nsIHttpChannelInternal> httpChannel = do_QueryInterface(aChannel);
+    if (httpChannel) {
+      Unused << httpChannel->CancelByChannelClassifier(NS_ERROR_TRACKING_URI);
+    } else {
+      Unused << aChannel->Cancel(NS_ERROR_TRACKING_URI);
+    }
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 UrlClassifierFeatureTrackingProtection::GetURIByListType(
     nsIChannel* aChannel, nsIUrlClassifierFeature::listType aListType,