Commit d3262a23 authored by Mike Perry's avatar Mike Perry Committed by Alex Catarineu
Browse files

Bug 12974: Disable NTLM and Negotiate HTTP Auth

This is technically an embargoed Mozilla bug, so I probably shouldn't provide
too many details.

Suffice to say that NTLM and Negotiate auth are bad for Tor users, and I doubt
very many (or any of them) actually need it.

The Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1046421
parent 3977591a
......@@ -152,6 +152,10 @@ nsHttpNegotiateAuth::ChallengeReceived(nsIHttpAuthenticableChannel* authChannel,
nsIAuthModule* rawModule = (nsIAuthModule*)*continuationState;
*identityInvalid = false;
/* Always fail Negotiate auth for Tor Browser. We don't need it. */
return NS_ERROR_ABORT;
if (rawModule) {
return NS_OK;
}
......
......@@ -168,6 +168,9 @@ nsHttpNTLMAuth::ChallengeReceived(nsIHttpAuthenticableChannel* channel,
*identityInvalid = false;
/* Always fail Negotiate auth for Tor Browser. We don't need it. */
return NS_ERROR_ABORT;
// Start a new auth sequence if the challenge is exactly "NTLM".
// If native NTLM auth apis are available and enabled through prefs,
// try to use them.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment