diff options
-rw-r--r-- | application/palemoon/app/profile/palemoon.js | 8 | ||||
-rw-r--r-- | modules/libpref/init/all.js | 11 |
2 files changed, 14 insertions, 5 deletions
diff --git a/application/palemoon/app/profile/palemoon.js b/application/palemoon/app/profile/palemoon.js index 43f020f9a..3df5d7194 100644 --- a/application/palemoon/app/profile/palemoon.js +++ b/application/palemoon/app/profile/palemoon.js @@ -1160,6 +1160,14 @@ pref("toolkit.pageThumbs.minHeight", 180); pref("ui.key.menuAccessKeyFocuses", true); #endif +// When a user cancels this number of authentication dialogs coming from +// a single web page (eTLD+1) in a row, all following authentication dialogs +// will be blocked (automatically canceled) for that page. +// This counter is per-tab and per-domain to minimize false positives. +// The counter resets when the page is reloaded from the UI +// (content-reloads do NOT clear this to mitigate reloading tricks). +pref("prompts.authentication_dialog_abuse_limit", 3); + // ****************** s4e prefs ****************** pref("status4evar.addonbar.borderStyle", false); pref("status4evar.addonbar.closeButton", false); diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index f6e90170e..3666ca425 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5451,8 +5451,9 @@ pref("dom.storageManager.enabled", true); pref("dom.storageManager.enabled", false); #endif -// When a user cancels this number of authentication dialogs coming from -// a single web page in a row, all following authentication dialogs will -// be blocked (automatically canceled) for that page. The counter resets -// when the page is reloaded. To turn this feature off, just set the limit to 0. -pref("prompts.authentication_dialog_abuse_limit", 3); +// DoS protection for HTTP Auth prompt spawning. +// -1 = completely disable HTTP Auth prompting. (careful!) +// 0 = disable this DoS protection +// >0 = suppress further prompts after the user has canceled the dialog n times +// See application preferences for appropriate defaults. +pref("prompts.authentication_dialog_abuse_limit", 0); |