[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser] 09/65: Bug 12974: Disable NTLM and Negotiate HTTP Auth



This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch geckoview-102.3.0esr-12.0-1
in repository tor-browser.

commit 07a1a6695fdebd6118b1d3824ac61ad0ec49b026
Author: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
AuthorDate: Wed Aug 27 15:19:10 2014 -0700

    Bug 12974: Disable NTLM and Negotiate HTTP Auth
    
    This is technically an embargoed Mozilla bug, so I probably shouldn't provide
    too many details.
    
    Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
    very many (or any of them) actually need it.
    
    The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
---
 extensions/auth/nsHttpNegotiateAuth.cpp  | 4 ++++
 netwerk/protocol/http/nsHttpNTLMAuth.cpp | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
index fedf40026e1b..f7d22c41ffbb 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -156,6 +156,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
   nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
 
   *identityInvalid = false;
+
+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
   if (rawModule) {
     return NS_OK;
   }
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index 30de77d7ca19..6e0645a24c1f 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -170,6 +170,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
 
   *identityInvalid = false;
 
+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
   // Start a new auth sequence if the challenge is exactly "NTLM".
   // If native NTLM auth apis are available and enabled through prefs,
   // try to use them.

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits