Bug 1571003 - Added pref to disable warning prompts for SuperfluousAuth and AutomaticAuth. r=Gijs

Differential Revision: https://phabricator.services.mozilla.com/D51989 --HG-- extra : moz-landing-system : lando
2019-11-06 22:50:58 +00:00 · 2019-11-06 22:50:58 +00:00 · 4ea3fd0b57
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -6491,6 +6491,13 @@
  value: false
  mirror: always

+# Whether to show anti-spoof confirmation prompts when navigating to a url
+# with userinfo
+- name: network.auth.confirmAuth.enabled
+  type: bool
+  value: false
+  mirror: always
+
 # 0-Accept, 1-dontAcceptForeign, 2-dontAcceptAny, 3-limitForeign,
 # 4-rejectTracker
 # Keep the old default of accepting all cookies
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@ -1429,9 +1429,14 @@ nsresult nsHttpChannelAuthProvider::ContinueOnAuthAvailable(
 bool nsHttpChannelAuthProvider::ConfirmAuth(const char* bundleKey,
                                            bool doYesNoPrompt) {
  // skip prompting the user if
-  //   1) we've already prompted the user
-  //   2) we're not a toplevel channel
-  //   3) the userpass length is less than the "phishy" threshold
+  //   1) prompts are disabled by pref
+  //   2) we've already prompted the user
+  //   3) we're not a toplevel channel
+  //   4) the userpass length is less than the "phishy" threshold
+
+  if (!StaticPrefs::network_auth_confirmAuth_enabled()) {
+    return true;
+  }

  uint32_t loadFlags;
  nsresult rv = mAuthChannel->GetLoadFlags(&loadFlags);