diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-03-01 14:01:09 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-03-01 14:01:09 +0100 |
commit | c1ece93c2be6fb571a013f9735dc629d7279f389 (patch) | |
tree | dd2502a462e73fdc4941dce6925ea31f96ab8fef | |
parent | f227feb6efbfa61c62cba88ab85df3c650311560 (diff) | |
download | uxp-c1ece93c2be6fb571a013f9735dc629d7279f389.tar.gz |
Make the Auth prompt DOS protection a browser-element opt-in feature.
-rw-r--r-- | application/basilisk/base/content/browser.xul | 3 | ||||
-rw-r--r-- | application/basilisk/base/content/tabbrowser.xml | 6 | ||||
-rw-r--r-- | application/palemoon/base/content/browser.xul | 3 | ||||
-rw-r--r-- | application/palemoon/base/content/tabbrowser.xml | 6 | ||||
-rw-r--r-- | toolkit/components/passwordmgr/nsLoginManagerPrompter.js | 32 | ||||
-rw-r--r-- | toolkit/content/widgets/browser.xml | 4 |
6 files changed, 40 insertions, 14 deletions
diff --git a/application/basilisk/base/content/browser.xul b/application/basilisk/base/content/browser.xul index 3208538c1d..be64f1bac6 100644 --- a/application/basilisk/base/content/browser.xul +++ b/application/basilisk/base/content/browser.xul @@ -997,7 +997,8 @@ contentcontextmenu="contentAreaContextMenu" autocompletepopup="PopupAutoComplete" selectmenulist="ContentSelectDropdown" - datetimepicker="DateTimePickerPanel"/> + datetimepicker="DateTimePickerPanel" + authdosprotected="true" /> </vbox> <vbox id="browser-border-end" hidden="true" layer="true"/> </hbox> diff --git a/application/basilisk/base/content/tabbrowser.xml b/application/basilisk/base/content/tabbrowser.xml index c84c333c46..52c51db690 100644 --- a/application/basilisk/base/content/tabbrowser.xml +++ b/application/basilisk/base/content/tabbrowser.xml @@ -25,7 +25,7 @@ <xul:vbox flex="1" class="browserContainer"> <xul:stack flex="1" class="browserStack" anonid="browserStack"> <xul:browser anonid="initialBrowser" type="content-primary" message="true" messagemanagergroup="browsers" - xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker"/> + xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,selectmenulist,datetimepicker,authdosprotected"/> </xul:stack> </xul:vbox> </xul:hbox> @@ -1936,6 +1936,10 @@ if (this.hasAttribute("datetimepicker")) { b.setAttribute("datetimepicker", this.getAttribute("datetimepicker")); } + + if (this.hasAttribute("authdosprotected")) { + b.setAttribute("authdosprotected", this.getAttribute("authdosprotected")); + } b.setAttribute("autoscrollpopup", this._autoScrollPopup.id); diff --git a/application/palemoon/base/content/browser.xul b/application/palemoon/base/content/browser.xul index ce2a7c5a8f..ddc305a7b8 100644 --- a/application/palemoon/base/content/browser.xul +++ b/application/palemoon/base/content/browser.xul @@ -965,7 +965,8 @@ tabcontainer="tabbrowser-tabs" contentcontextmenu="contentAreaContextMenu" autocompletepopup="PopupAutoComplete" - datetimepicker="DateTimePickerPanel"/> + datetimepicker="DateTimePickerPanel" + authdosprotected="true"/> <chatbar id="pinnedchats" layer="true" mousethrough="always" hidden="true"/> <statuspanel id="statusbar-display" inactive="true"/> </vbox> diff --git a/application/palemoon/base/content/tabbrowser.xml b/application/palemoon/base/content/tabbrowser.xml index c3b4872dbe..cbe029af03 100644 --- a/application/palemoon/base/content/tabbrowser.xml +++ b/application/palemoon/base/content/tabbrowser.xml @@ -30,7 +30,7 @@ <xul:vbox flex="1" class="browserContainer"> <xul:stack flex="1" class="browserStack" anonid="browserStack"> <xul:browser anonid="initialBrowser" type="content-primary" message="true" disablehistory="true" - xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker"/> + xbl:inherits="tooltip=contenttooltip,contextmenu=contentcontextmenu,autocompletepopup,datetimepicker,authdosprotected"/> </xul:stack> </xul:vbox> </xul:hbox> @@ -1588,6 +1588,10 @@ if (this.hasAttribute("datetimepicker")) { b.setAttribute("datetimepicker", this.getAttribute("datetimepicker")); } + + if (this.hasAttribute("authdosprotected")) { + b.setAttribute("authdosprotected", this.getAttribute("authdosprotected")); + } // Create the browserStack container var stack = document.createElementNS(NS_XUL, "stack"); diff --git a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js index 35315110c2..c4be39e318 100644 --- a/toolkit/components/passwordmgr/nsLoginManagerPrompter.js +++ b/toolkit/components/passwordmgr/nsLoginManagerPrompter.js @@ -103,7 +103,7 @@ LoginManagerPromptFactory.prototype = { // cancel the prompt until we stop showing it. let browser = prompter._browser; let baseDomain = null; - if (browser) { + if (browser && browser.isAuthDOSProtected) { try { baseDomain = Services.eTLD.getBaseDomainFromHost(hostname); } catch (e) { @@ -145,7 +145,7 @@ LoginManagerPromptFactory.prototype = { prompt.inProgress = false; self._asyncPromptInProgress = false; - if (browser) { + if (browser && browser.isAuthDOSProtected) { // Reset the counter state if the user replied to a prompt and actually // tried to login (vs. simply clicking any button to get out). if (ok && (prompt.authInfo.username || prompt.authInfo.password)) { @@ -177,15 +177,27 @@ LoginManagerPromptFactory.prototype = { var cancelDialogLimit = Services.prefs.getIntPref("prompts.authentication_dialog_abuse_limit"); - let cancelationCounter = browser.authPromptCounter[baseDomain]; - this.log("cancelationCounter =", cancelationCounter); - if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) { - this.log("Blocking auth dialog, due to exceeding dialog bloat limit"); - delete this._asyncPrompts[hashKey]; - - // just make the runnable cancel all consumers - runnable.cancel = true; + // Block the auth prompt if: + // - There is an attached browser element + // - The browser element has opted-in to DOS protection + // - The dialog cancellation limit is not 0 (= feature disabled) + // - The amount of cancellations >= the set abuse limit + if (browser && browser.isAuthDOSProtected) { + let cancelationCounter = browser.authPromptCounter[baseDomain]; + this.log("cancelationCounter =", cancelationCounter); + + if (cancelDialogLimit && cancelationCounter >= cancelDialogLimit) { + this.log("Blocking auth dialog, due to exceeding dialog bloat limit"); + delete this._asyncPrompts[hashKey]; + + // just make the runnable cancel all consumers + runnable.cancel = true; + } else { + this._asyncPromptInProgress = true; + prompt.inProgress = true; + } } else { + // No DOS protection: prompt this._asyncPromptInProgress = true; prompt.inProgress = true; } diff --git a/toolkit/content/widgets/browser.xml b/toolkit/content/widgets/browser.xml index a30ff1c43c..5a0a99bf86 100644 --- a/toolkit/content/widgets/browser.xml +++ b/toolkit/content/widgets/browser.xml @@ -899,6 +899,10 @@ <field name="mIconURL">null</field> + <property name="isAuthDOSProtected" + onget="return (this.getAttribute('authdosprotected') == 'true');" + readonly="true"/> + <!-- This is managed by the tabbrowser --> <field name="lastURI">null</field> |