diff options
| -rw-r--r-- | modules/libpref/init/all.js | 6 | ||||
| -rw-r--r-- | netwerk/protocol/http/nsHttpChannelAuthProvider.cpp | 15 | ||||
| -rw-r--r-- | netwerk/protocol/http/nsHttpChannelAuthProvider.h | 3 |
3 files changed, 21 insertions, 3 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index ea76c30e5..2e3d2aecf 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -2006,6 +2006,12 @@ pref("network.auth.subresource-http-auth-allow", 2); // does not have any effect. pref("network.auth.subresource-http-img-XO-auth", false); +// Whether or not to show anti-spoof confirmation prompts when navigating to a +// URL with user info. +// true - display extra confirmation prompt ("You are about to log in to...") +// false - do not display extra confirmation prompt (default) +pref("network.auth.confirmAuth.enabled", false); + // This preference controls whether to allow sending default credentials (SSO) to // NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them // in a Private Browsing window. diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp index a6681cfc6..1b25afe64 100644 --- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp @@ -96,6 +96,7 @@ uint32_t nsHttpChannelAuthProvider::sAuthAllowPref = SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL; bool nsHttpChannelAuthProvider::sImgCrossOriginAuthAllowPref = false; +bool nsHttpChannelAuthProvider::sConfirmAuthPref = false; void nsHttpChannelAuthProvider::InitializePrefs() @@ -107,6 +108,9 @@ nsHttpChannelAuthProvider::InitializePrefs() mozilla::Preferences::AddBoolVarCache(&sImgCrossOriginAuthAllowPref, "network.auth.subresource-http-img-XO-auth", false); + mozilla::Preferences::AddBoolVarCache(&sConfirmAuthPref, + "network.auth.confirmAuth.enabled", + false); } NS_IMETHODIMP @@ -1450,10 +1454,15 @@ nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey, bool doYesNoPrompt) { // skip prompting the user if - // 1) we've already prompted the user - // 2) we're not a toplevel channel - // 3) the userpass length is less than the "phishy" threshold + // 1) prompts are disabled by preference + // 2) we've already prompted the user + // 3) we're not a toplevel channel + // 4) the userpass length is less than the "phishy" threshold + if (!sConfirmAuthPref) { + return true; + } + uint32_t loadFlags; nsresult rv = mAuthChannel->GetLoadFlags(&loadFlags); if (NS_FAILED(rv)) diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h index 0d6045875..18172e60f 100644 --- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h +++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h @@ -185,6 +185,9 @@ private: static uint32_t sAuthAllowPref; static bool sImgCrossOriginAuthAllowPref; nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable; + + // Variable holding the preference for anti-spoof auth confirmation prompts. + static bool sConfirmAuthPref; }; } // namespace net |