From:  Honza Bambas <hbambas@mozilla.com>
Date:  28 Aug 2013 21:07:49 Hong Kong Time
Newsgroup:  news.mozilla.org/mozilla.dev.tech.network
Subject:  

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS

NNTP-Posting-Host:  63.245.216.66

On 8/22/2013 9:17 AM, Mark Hammond wrote:
> What I believe is happening is that this speculative connection is 
> being reused for the connection made by the "anonymous" docShell, and 
> as a result mCaps on the transport isn't getting the 
> NS_HTTP_LOAD_ANONYMOUS flag, which in turn means the nsNSSSocketInfo 
> for the request doesn't get the nsISocketProvider::ANONYMOUS_CONNECT 
> flag, which in turn doesn't suppress the SSL certificate prompt for 
> the request.

This is actually bad.  The non-anonymous connection should not be used 
for anonymous usage.  If that happens, that something is wrong.

Anon and non-anon connections have separete pools.  If those can 
exchanged, it is a bug.

-hb-