From:  Honza Bambas <>
Date:  28 Aug 2013 21:07:49 Hong Kong Time

Re: Forcing every request from a docShell to use LOAD_ANONYMOUS


On 8/22/2013 9:17 AM, Mark Hammond wrote:
> What I believe is happening is that this speculative connection is 
> being reused for the connection made by the "anonymous" docShell, and 
> as a result mCaps on the transport isn't getting the 
> NS_HTTP_LOAD_ANONYMOUS flag, which in turn means the nsNSSSocketInfo 
> for the request doesn't get the nsISocketProvider::ANONYMOUS_CONNECT 
> flag, which in turn doesn't suppress the SSL certificate prompt for 
> the request.

This is actually bad.  The non-anonymous connection should not be used 
for anonymous usage.  If that happens, that something is wrong.

Anon and non-anon connections have separete pools.  If those can 
exchanged, it is a bug.