Unverified Commit 9b03441b authored Aug 27, 2014 by Mike Perry Committed by Matthew Finkel Jul 14, 2021

Bug 12974: Disable NTLM and Negotiate HTTP Auth

This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.

Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.

The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421

parent 0910d77c

extensions/auth/nsHttpNegotiateAuth.cpp

+4 −0

Original line number	Diff line number	Diff line
		@@ -155,6 +155,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
		nsIAuthModule* rawModule = (nsIAuthModule)continuationState;

		*identityInvalid = false;

		/* Always fail Negotiate auth for Tor Browser. We don't need it. */
		return NS_ERROR_ABORT;

		if (rawModule) {
		return NS_OK;
		}

netwerk/protocol/http/nsHttpNTLMAuth.cpp

+3 −0

Original line number	Diff line number	Diff line
		@@ -168,6 +168,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,

		*identityInvalid = false;

		/* Always fail Negotiate auth for Tor Browser. We don't need it. */
		return NS_ERROR_ABORT;

		// Start a new auth sequence if the challenge is exactly "NTLM".
		// If native NTLM auth apis are available and enabled through prefs,
		// try to use them.