From 61a86e2c510c32dce503e22a9deefd934260edfa Mon Sep 17 00:00:00 2001 From: Fedor Date: Wed, 25 Dec 2019 15:45:23 +0300 Subject: [PATCH] Disable auth confirmation prompts by default. --- modules/libpref/init/all.js | 6 ++++++ .../protocol/http/nsHttpChannelAuthProvider.cpp | 15 ++++++++++++--- netwerk/protocol/http/nsHttpChannelAuthProvider.h | 3 +++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index a50ccbe92..17f3885a6 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2013,6 +2013,12 @@ pref("network.auth.subresource-http-auth-allow", 2); // does not have any effect. pref("network.auth.subresource-http-img-XO-auth", false); +// Whether or not to show anti-spoof confirmation prompts when navigating to a +// URL with user info. +// true - display extra confirmation prompt ("You are about to log in to...") +// false - do not display extra confirmation prompt (default) +pref("network.auth.confirmAuth.enabled", false); + // This preference controls whether to allow sending default credentials (SSO) to // NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them // in a Private Browsing window. diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp index a6681cfc6..1b25afe64 100644 --- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp @@ -96,6 +96,7 @@ uint32_t nsHttpChannelAuthProvider::sAuthAllowPref = SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL; bool nsHttpChannelAuthProvider::sImgCrossOriginAuthAllowPref = false; +bool nsHttpChannelAuthProvider::sConfirmAuthPref = false; void nsHttpChannelAuthProvider::InitializePrefs() @@ -107,6 +108,9 @@ nsHttpChannelAuthProvider::InitializePrefs() mozilla::Preferences::AddBoolVarCache(&sImgCrossOriginAuthAllowPref, "network.auth.subresource-http-img-XO-auth", false); + mozilla::Preferences::AddBoolVarCache(&sConfirmAuthPref, + "network.auth.confirmAuth.enabled", + false); } NS_IMETHODIMP @@ -1450,10 +1454,15 @@ nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt) { // skip prompting the user if - // 1) we've already prompted the user - // 2) we're not a toplevel channel - // 3) the userpass length is less than the "phishy" threshold + // 1) prompts are disabled by preference + // 2) we've already prompted the user + // 3) we're not a toplevel channel + // 4) the userpass length is less than the "phishy" threshold + if (!sConfirmAuthPref) { + return true; + } + uint32_t loadFlags; nsresult rv = mAuthChannel->GetLoadFlags(&loadFlags); if (NS_FAILED(rv)) diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h index 0d6045875..18172e60f 100644 --- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h @@ -185,6 +185,9 @@ private: static uint32_t sAuthAllowPref; static bool sImgCrossOriginAuthAllowPref; nsCOMPtr mGenerateCredentialsCancelable; + + // Variable holding the preference for anti-spoof auth confirmation prompts. + static bool sConfirmAuthPref; }; } // namespace net