Disable auth confirmation prompts by default.

2019-12-25 15:45:23 +03:00 · 2019-12-25 15:45:23 +03:00 · 61a86e2c51
parent 68b5a6fbfe
commit 61a86e2c51
3 changed files with 21 additions and 3 deletions
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -2013,6 +2013,12 @@ pref("network.auth.subresource-http-auth-allow", 2);
 // does not have any effect.
 pref("network.auth.subresource-http-img-XO-auth", false);

+// Whether or not to show anti-spoof confirmation prompts when navigating to a
+// URL with user info.
+// true - display extra confirmation prompt ("You are about to log in to...")
+// false - do not display extra confirmation prompt (default)
+pref("network.auth.confirmAuth.enabled", false);
+
 // This preference controls whether to allow sending default credentials (SSO) to
 // NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them
 // in a Private Browsing window.
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@ -96,6 +96,7 @@ uint32_t nsHttpChannelAuthProvider::sAuthAllowPref =
    SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL;

 bool nsHttpChannelAuthProvider::sImgCrossOriginAuthAllowPref = false;
+bool nsHttpChannelAuthProvider::sConfirmAuthPref = false;

 void
 nsHttpChannelAuthProvider::InitializePrefs()
@ -107,6 +108,9 @@ nsHttpChannelAuthProvider::InitializePrefs()
  mozilla::Preferences::AddBoolVarCache(&sImgCrossOriginAuthAllowPref,
                                        "network.auth.subresource-http-img-XO-auth",
                                        false);
+  mozilla::Preferences::AddBoolVarCache(&sConfirmAuthPref,
+                                        "network.auth.confirmAuth.enabled",
+                                        false);
 }

 NS_IMETHODIMP
@ -1450,10 +1454,15 @@ nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey,
                                       bool            doYesNoPrompt)
 {
    // skip prompting the user if
-    //   1) we've already prompted the user
-    //   2) we're not a toplevel channel
-    //   3) the userpass length is less than the "phishy" threshold
+    //   1) prompts are disabled by preference
+    //   2) we've already prompted the user
+    //   3) we're not a toplevel channel
+    //   4) the userpass length is less than the "phishy" threshold

+    if (!sConfirmAuthPref) {
+      return true;
+    }
+    
    uint32_t loadFlags;
    nsresult rv = mAuthChannel->GetLoadFlags(&loadFlags);
    if (NS_FAILED(rv))
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
@ -185,6 +185,9 @@ private:
    static uint32_t                   sAuthAllowPref;
    static bool                       sImgCrossOriginAuthAllowPref;
    nsCOMPtr<nsICancelable>           mGenerateCredentialsCancelable;
+    
+    // Variable holding the preference for anti-spoof auth confirmation prompts.
+    static bool                       sConfirmAuthPref;
 };

 } // namespace net