Bug 12974: Disable NTLM and Negotiate HTTP Auth

The Mozilla bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1046421, https://bugzilla.mozilla.org/show_bug.cgi?id=1261591, tor-browser#27602

Bug 12974: Disable NTLM and Negotiate HTTP Auth
43395966 · Mike Perry · Pier Angelo Vendrame · 05e47204 · 43395966 · 43395966
Commit 43395966 authored 10 years ago by Mike Perry Committed by Pier Angelo Vendrame 10 months ago
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -145,6 +145,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
  nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;

  *identityInvalid = false;
+
+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
  if (rawModule) {
    return NS_OK;
  }

--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -167,6 +167,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,

  *identityInvalid = false;

+  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
+  return NS_ERROR_ABORT;
+
  // Start a new auth sequence if the challenge is exactly "NTLM".
  // If native NTLM auth apis are available and enabled through prefs,
  // try to use them.