Commit 6181d02d authored by Mike Perry's avatar Mike Perry Committed by Richard Pospesel
Browse files

Bug 12974: Disable NTLM and Negotiate HTTP Auth

This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.

Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.

The Mozilla bug was https://bugzilla.mozilla.org/show_bug.cgi?id=1046421,
however we still need to keep this patch because of #27602
(which refers https://bugzilla.mozilla.org/show_bug.cgi?id=1261591)
parent 728d34e5
Loading
Loading
Loading
Loading
+4 −0
Original line number Diff line number Diff line
@@ -155,6 +155,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
  nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;

  *identityInvalid = false;

  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
  return NS_ERROR_ABORT;

  if (rawModule) {
    return NS_OK;
  }
+3 −0
Original line number Diff line number Diff line
@@ -169,6 +169,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,

  *identityInvalid = false;

  /* Always fail Negotiate auth for Tor Browser. We don't need it. */
  return NS_ERROR_ABORT;

  // Start a new auth sequence if the challenge is exactly "NTLM".
  // If native NTLM auth apis are available and enabled through prefs,
  // try to use them.