summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-07-15 14:13:14 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-15 14:13:14 +0200
commit45cb5ab7291f44d3e06de4e71e5b0a9e80f6a0b6 (patch)
tree9430091e5deb3f29a9a2ec262964e4d249687faf
parent4491ec5eacd5ed501737c0db2c134fe1815c50a8 (diff)
downloaduxp-45cb5ab7291f44d3e06de4e71e5b0a9e80f6a0b6.tar.gz
Block http auth prompt for cross-origin image subresources by default.
Still allow this to be bypassed with a pref for those really rare corner cases where images are loaded cross-origin by design and the session hasn't been/can't be authenticated ahead of time.
-rw-r--r--modules/libpref/init/all.js7
-rw-r--r--netwerk/protocol/http/nsHttpChannelAuthProvider.cpp25
-rw-r--r--netwerk/protocol/http/nsHttpChannelAuthProvider.h3
3 files changed, 28 insertions, 7 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 1aec5f393f..38c3ced917 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1988,6 +1988,13 @@ pref("network.generic-ntlm-auth.workstation", "WORKSTATION");
// 2 - allow the cross-origin authentication as well.
pref("network.auth.subresource-http-auth-allow", 2);
+// Sub-resources HTTP-authentication for cross-origin images:
+// true - presenting the http auth. dialog for cross-origin images is allowed.
+// false - suppress the http auth. dialog for cross-origin images.
+// If network.auth.subresource-http-auth-allow has a value of 0 or 1, this pref
+// does not have any effect.
+pref("network.auth.subresource-http-img-XO-auth", false);
+
// This preference controls whether to allow sending default credentials (SSO) to
// NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them
// in a Private Browsing window.
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
index 0e7eb55c3b..a6681cfc64 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -95,6 +95,8 @@ nsHttpChannelAuthProvider::~nsHttpChannelAuthProvider()
uint32_t nsHttpChannelAuthProvider::sAuthAllowPref =
SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL;
+bool nsHttpChannelAuthProvider::sImgCrossOriginAuthAllowPref = false;
+
void
nsHttpChannelAuthProvider::InitializePrefs()
{
@@ -102,6 +104,9 @@ nsHttpChannelAuthProvider::InitializePrefs()
mozilla::Preferences::AddUintVarCache(&sAuthAllowPref,
"network.auth.subresource-http-auth-allow",
SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL);
+ mozilla::Preferences::AddBoolVarCache(&sImgCrossOriginAuthAllowPref,
+ "network.auth.subresource-http-img-XO-auth",
+ false);
}
NS_IMETHODIMP
@@ -867,15 +872,15 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
else if (authFlags & nsIHttpAuthenticator::IDENTITY_ENCRYPTED)
level = nsIAuthPrompt2::LEVEL_PW_ENCRYPTED;
- // Depending on the pref setting, the authentication dialog may be
+ // Depending on the pref settings, the authentication dialog may be
// blocked for all sub-resources, blocked for cross-origin
// sub-resources, or always allowed for sub-resources.
- // For more details look at the bug 647010.
- // BlockPrompt will set mCrossOrigin parameter as well.
+ // If always allowed, image prompts may still be blocked by pref.
+ // BlockPrompt() will set the mCrossOrigin parameter as well.
if (BlockPrompt()) {
LOG(("nsHttpChannelAuthProvider::GetCredentialsForChallenge: "
- "Prompt is blocked [this=%p pref=%d]\n",
- this, sAuthAllowPref));
+ "Prompt is blocked [this=%p pref=%d img-pref=%d]\n",
+ this, sAuthAllowPref, sImgCrossOriginAuthAllowPref));
return NS_ERROR_ABORT;
}
@@ -983,7 +988,15 @@ nsHttpChannelAuthProvider::BlockPrompt()
// the sub-resources only if they are not cross-origin.
return !topDoc && !xhr && mCrossOrigin;
case SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL:
- // Allow the http-authentication dialog.
+ // Allow the http-authentication dialog for subresources.
+ // If the pref network.auth.subresource-http-img-XO-auth is set to false,
+ // the http authentication dialog for image subresources is still blocked.
+ if (!sImgCrossOriginAuthAllowPref &&
+ loadInfo &&
+ ((loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_IMAGE) ||
+ (loadInfo->GetExternalContentPolicyType() == nsIContentPolicy::TYPE_IMAGESET))) {
+ return true;
+ }
return false;
default:
// This is an invalid value.
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
index 44d79b22b7..0d60458751 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
@@ -179,10 +179,11 @@ private:
RefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
- // A variable holding the preference settings to whether to open HTTP
+ // Variables holding the preference settings for whether to open HTTP
// authentication credentials dialogs for sub-resources and cross-origin
// sub-resources.
static uint32_t sAuthAllowPref;
+ static bool sImgCrossOriginAuthAllowPref;
nsCOMPtr<nsICancelable> mGenerateCredentialsCancelable;
};