summaryrefslogtreecommitdiffstats
path: root/toolkit
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-03-01 14:01:09 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-03-01 14:01:09 +0100
commitc1ece93c2be6fb571a013f9735dc629d7279f389 (patch)
treedd2502a462e73fdc4941dce6925ea31f96ab8fef /toolkit
parentf227feb6efbfa61c62cba88ab85df3c650311560 (diff)
downloadUXP-c1ece93c2be6fb571a013f9735dc629d7279f389.tar
UXP-c1ece93c2be6fb571a013f9735dc629d7279f389.tar.gz
UXP-c1ece93c2be6fb571a013f9735dc629d7279f389.tar.lz
UXP-c1ece93c2be6fb571a013f9735dc629d7279f389.tar.xz
UXP-c1ece93c2be6fb571a013f9735dc629d7279f389.zip
Make the Auth prompt DOS protection a browser-element opt-in feature.
Diffstat (limited to 'toolkit')
-rw-r--r--toolkit/components/passwordmgr/nsLoginManagerPrompter.js32
-rw-r--r--toolkit/content/widgets/browser.xml4
2 files changed, 26 insertions, 10 deletions
diff --git a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
index 35315110c..c4be39e31 100644
--- a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
+++ b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js
@@ -103,7 +103,7 @@ LoginManagerPromptFactory.prototype = {
// cancel the prompt until we stop showing it.
let browser = prompter._browser;
let baseDomain = null;
- if (browser) {
+ if (browser && browser.isAuthDOSProtected) {
try {
baseDomain = Services.eTLD.getBaseDomainFromHost(hostname);
} catch (e) {
@@ -145,7 +145,7 @@ LoginManagerPromptFactory.prototype = {
prompt.inProgress = false;
self._asyncPromptInProgress = false;
- if (browser) {
+ if (browser && browser.isAuthDOSProtected) {
// Reset the counter state if the user replied to a prompt and actually
// tried to login (vs. simply clicking any button to get out).
if (ok && (prompt.authInfo.username || prompt.authInfo.password)) {
@@ -177,15 +177,27 @@ LoginManagerPromptFactory.prototype = {
var cancelDialogLimit = Services.prefs.getIntPref("prompts.authentication_dialog_abuse_limit");
- let cancelationCounter = browser.authPromptCounter[baseDomain];
- this.log("cancelationCounter =", cancelationCounter);
- if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
- this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
- delete this._asyncPrompts[hashKey];
-
- // just make the runnable cancel all consumers
- runnable.cancel = true;
+ // Block the auth prompt if:
+ // - There is an attached browser element
+ // - The browser element has opted-in to DOS protection
+ // - The dialog cancellation limit is not 0 (= feature disabled)
+ // - The amount of cancellations >= the set abuse limit
+ if (browser && browser.isAuthDOSProtected) {
+ let cancelationCounter = browser.authPromptCounter[baseDomain];
+ this.log("cancelationCounter =", cancelationCounter);
+
+ if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) {
+ this.log("Blocking auth dialog, due to exceeding dialog bloat limit");
+ delete this._asyncPrompts[hashKey];
+
+ // just make the runnable cancel all consumers
+ runnable.cancel = true;
+ } else {
+ this._asyncPromptInProgress = true;
+ prompt.inProgress = true;
+ }
} else {
+ // No DOS protection: prompt
this._asyncPromptInProgress = true;
prompt.inProgress = true;
}
diff --git a/toolkit/content/widgets/browser.xml b/toolkit/content/widgets/browser.xml
index a30ff1c43..5a0a99bf8 100644
--- a/toolkit/content/widgets/browser.xml
+++ b/toolkit/content/widgets/browser.xml
@@ -899,6 +899,10 @@
<field name="mIconURL">null</field>
+ <property name="isAuthDOSProtected"
+ onget="return (this.getAttribute('authdosprotected') == 'true');"
+ readonly="true"/>
+
<!-- This is managed by the tabbrowser -->
<field name="lastURI">null</field>