Commit 9ee3a8fe authored by Mike Perry's avatar Mike Perry
Browse files

Bug #12974: Disable NTLM and Negotiate HTTP Auth 

This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.

Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.

The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
parent 16472d23

extensions/auth/nsHttpNegotiateAuth.cpp

+4 −0
Original line number Diff line number Diff line
@@ -85,6 +85,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel *authChannel, 
    nsIAuthModule *module = (nsIAuthModule *) *continuationState;



    *identityInvalid = false;



    /* Always fail Negotiate auth for Tor Browser. We don't need it. */

    return NS_ERROR_ABORT;



    if (module)

        return NS_OK;

netwerk/protocol/http/nsHttpNTLMAuth.cpp

+3 −0
Original line number Diff line number Diff line
@@ -239,6 +239,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel *channel, 


    *identityInvalid = false;



    /* Always fail Negotiate auth for Tor Browser. We don't need it. */

    return NS_ERROR_ABORT;



    // Start a new auth sequence if the challenge is exactly "NTLM".

    // If native NTLM auth apis are available and enabled through prefs,

    // try to use them.