From 8799198822e5f604d2d80824611fa37cdf72d7cf Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Mon, 15 Jul 2019 14:13:14 +0200
Subject: Block http auth prompt for cross-origin image subresources by
 default.

Still allow this to be bypassed with a pref for those really rare corner
cases where images are loaded cross-origin by design and the session
hasn't been/can't be authenticated ahead of time.
---
 netwerk/protocol/http/nsHttpChannelAuthProvider.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'netwerk/protocol/http/nsHttpChannelAuthProvider.h')

diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
index 44d79b22b..0d6045875 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
@@ -179,10 +179,11 @@ private:
 
     RefPtr<nsHttpHandler>           mHttpHandler;  // keep gHttpHandler alive
 
-    // A variable holding the preference settings to whether to open HTTP
+    // Variables holding the preference settings for whether to open HTTP
     // authentication credentials dialogs for sub-resources and cross-origin
     // sub-resources.
     static uint32_t                   sAuthAllowPref;
+    static bool                       sImgCrossOriginAuthAllowPref;
     nsCOMPtr<nsICancelable>           mGenerateCredentialsCancelable;
 };
 
-- 
cgit v1.2.3