diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-15 14:13:14 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-07-22 12:11:54 +0200 |
commit | 8799198822e5f604d2d80824611fa37cdf72d7cf (patch) | |
tree | 29e927536487e5fd37826815a5f583ceb38bfcbb /modules | |
parent | 96d7912843ba053a44679e993c4d9d10e70969f8 (diff) | |
download | UXP-8799198822e5f604d2d80824611fa37cdf72d7cf.tar UXP-8799198822e5f604d2d80824611fa37cdf72d7cf.tar.gz UXP-8799198822e5f604d2d80824611fa37cdf72d7cf.tar.lz UXP-8799198822e5f604d2d80824611fa37cdf72d7cf.tar.xz UXP-8799198822e5f604d2d80824611fa37cdf72d7cf.zip |
Block http auth prompt for cross-origin image subresources by default.
Still allow this to be bypassed with a pref for those really rare corner
cases where images are loaded cross-origin by design and the session
hasn't been/can't be authenticated ahead of time.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/libpref/init/all.js | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 1aec5f393..38c3ced91 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1988,6 +1988,13 @@ pref("network.generic-ntlm-auth.workstation", "WORKSTATION"); // 2 - allow the cross-origin authentication as well. pref("network.auth.subresource-http-auth-allow", 2); +// Sub-resources HTTP-authentication for cross-origin images: +// true - presenting the http auth. dialog for cross-origin images is allowed. +// false - suppress the http auth. dialog for cross-origin images. +// If network.auth.subresource-http-auth-allow has a value of 0 or 1, this pref +// does not have any effect. +pref("network.auth.subresource-http-img-XO-auth", false); + // This preference controls whether to allow sending default credentials (SSO) to // NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them // in a Private Browsing window. |