The doorhanger is not triggered for certain breached websites even though they are populated in the pref

[CiprianGeorgiu]

[Affected versions]:

• Firefox 62.0
• Firefox 63.0a1
• Firefox Monitor 2.1

[Affected Platforms]:

• Windows 10 x64
• Windows 7 x64
• macOS 10.13
• Ubuntu 16.04 x64

[Prerequisites]: Prefs you'll need to set in about:config:

• (boolean) extensions.fxmonitor.enabled - true
• (string) extensions.fxmonitor.breachListURL - https://haveibeenpwned.com/api/v2/breaches

[Steps to reproduce]:

1. Launch Firefox.
2. Navigate to the following breached website: https://www.wildstar-online.com/en/

[Expected result]:

• The doorhanger is triggered after the website is loaded.

[Actual result]:

• The doorhanger is not displayed after the website is loaded.

[Regression]:

• Not a regression.

[Notes]:

• It seems that the breached website is populated in pref extensions.fxmonitor.warnedHosts but the doorhanger still doesn't show up.
• I'll follow up with a comment in case other websites are affected by this bug

[nhnt11]

I can't reproduce this - the doorhanger shows up for me.

[CiprianGeorgiu]

Hmm... strange. Now, I cannot reproduce the bug either with the https://www.wildstar-online.com/en/ website.

@nhnt11 - can you please try instead with these websites (https://eservices.durban.gov.za/v2/, https://www.malwarebytes.com/) they appear as pawned on https://haveibeenpwned.com/PwnedWebsites, but the door hanger doesn't show up for neither of the websites.

Also the pref extensions.fxmonitor.warnedHosts is not populated for the above 2 websites after accessing them.

Any ideas about this?

[nhnt11]

@CiprianGeorgiu MalwareBytes is recorded in the list of breaches as malwarebytes.org, not malwarebytes.com. So unfortunately, since this site is now redirecting, there's not much we can do from our end. This is something we should talk to Troy about. As for eservices.durban.gov.za, I think the problem is that HIBP's breach list has the domain as "eservices.durban.gov.za", but the addon is only checking the "durban.gov.za" part (the base domain). Again, not sure what to do about this one, base domain is definitely the way to go, we probably need to ask Troy what he thinks.

[nhnt11]

Re. the warnedHosts pref is not populated - this is expected, this pref is only updated when the doorhanger is shown.

[groovecoder]

Should we update this issue to be specific about the door-hanger not showing up on domains that are redirected?

[groovecoder]

@sandysage - can you tell us what the behavior should be for breached domains that are redirected?

[tcinotto]

keep in backlog.