1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# HG changeset patch
# User Honza Bambas <honzab.moz@firemni.cz>
# Parent 069612b7e7c93f79394fc40bc24c1e354de7a3e5
Bug 1291700 - Allow negotiate/ntml to work when in the 'Never remember history' mode, r=jduell
diff --git a/extensions/auth/nsHttpNegotiateAuth.cpp b/extensions/auth/nsHttpNegotiateAuth.cpp
--- a/extensions/auth/nsHttpNegotiateAuth.cpp
+++ b/extensions/auth/nsHttpNegotiateAuth.cpp
@@ -60,17 +60,37 @@ static const char kNegotiateAuthSSPI[] =
//-----------------------------------------------------------------------------
// Return false when the channel comes from a Private browsing window.
static bool
TestNotInPBMode(nsIHttpAuthenticableChannel *authChannel)
{
nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(authChannel);
MOZ_ASSERT(bareChannel);
- return !NS_UsePrivateBrowsing(bareChannel);
+
+ if (!NS_UsePrivateBrowsing(bareChannel)) {
+ return true;
+ }
+
+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+ if (!prefs) {
+ return true;
+ }
+
+ // When the "Never remember history" option is set, all channels are
+ // set PB mode flag, but here we want to make an exception, users
+ // want their credentials go out.
+ bool dontRememberHistory;
+ if (NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+ &dontRememberHistory)) &&
+ dontRememberHistory) {
+ return true;
+ }
+
+ return false;
}
NS_IMETHODIMP
nsHttpNegotiateAuth::GetAuthFlags(uint32_t *flags)
{
//
// Negotiate Auth creds should not be reused across multiple requests.
// Only perform the negotiation when it is explicitly requested by the
diff --git a/netwerk/protocol/http/nsHttpNTLMAuth.cpp b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
--- a/netwerk/protocol/http/nsHttpNTLMAuth.cpp
+++ b/netwerk/protocol/http/nsHttpNTLMAuth.cpp
@@ -182,28 +182,38 @@ ForceGenericNTLM()
return flag;
}
// Check to see if we should use default credentials for this host or proxy.
static bool
CanUseDefaultCredentials(nsIHttpAuthenticableChannel *channel,
bool isProxyAuth)
{
+ nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
+
// Prevent using default credentials for authentication when we are in the
// private browsing mode. It would cause a privacy data leak.
nsCOMPtr<nsIChannel> bareChannel = do_QueryInterface(channel);
MOZ_ASSERT(bareChannel);
+
if (NS_UsePrivateBrowsing(bareChannel)) {
+ // But allow when in the "Never remember history" mode.
+ bool dontRememberHistory;
+ if (prefs &&
+ NS_SUCCEEDED(prefs->GetBoolPref("browser.privatebrowsing.autostart",
+ &dontRememberHistory)) &&
+ !dontRememberHistory) {
+ return false;
+ }
+ }
+
+ if (!prefs) {
return false;
}
- nsCOMPtr<nsIPrefBranch> prefs = do_GetService(NS_PREFSERVICE_CONTRACTID);
- if (!prefs)
- return false;
-
if (isProxyAuth) {
bool val;
if (NS_FAILED(prefs->GetBoolPref(kAllowProxies, &val)))
val = false;
LOG(("Default credentials allowed for proxy: %d\n", val));
return val;
}
|