[tbb-commits] [tor-browser] 11/85: Bug 12974: Disable NTLM and Negotiate HTTP Auth
gitolite role
git at cupani.torproject.org
Fri Jun 10 17:01:02 UTC 2022
This is an automated email from the git hooks/post-receive script.
pierov pushed a commit to branch tor-browser-91.9.0esr-11.5-2
in repository tor-browser.
commit 43b312a25a3c50627019deb39831adc628c1f549
Author: Mike Perry <mikeperry-git at torproject.org>
AuthorDate: Wed Aug 27 15:19:10 2014 -0700
Bug 12974: Disable NTLM and Negotiate HTTP Auth
This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.
Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.
The Mozilla bug was https://bugzilla.mozilla.org/show_bug.cgi?id=1046421,
however we still need to keep this patch because of tor-browser#27602
(which refers https://bugzilla.mozilla.org/show_bug.cgi?id=1261591)
---
extensions/auth/nsHttpNegotiateAuth.cpp | 4 ++++
netwerk/protocol/http/nsHttpNTLMAuth.cpp | 3 +++
2 files changed, 7 insertions(+)
diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
index 496c0b0f8292b..e37d0bc982684 100644
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -155,6 +155,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
*identityInvalid = false;
+
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
if (rawModule) {
return NS_OK;
}
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
index a98093b484faa..e44fc4153e2e7 100644
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -169,6 +169,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
*identityInvalid = false;
+ /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+ return NS_ERROR_ABORT;
+
// Start a new auth sequence if the challenge is exactly "NTLM".
// If native NTLM auth apis are available and enabled through prefs,
// try to use them.
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the tbb-commits
mailing list