From 1c728fbeacd05546ce1f28f783965044bdd26ccc Mon Sep 17 00:00:00 2001 From: Dave Townsend Date: Mon, 7 Jan 2019 17:57:46 +0000 Subject: [PATCH] Bug 1517029: Fail favicon requests when encountering an icon that requires credentials. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D15768 --HG-- extra : moz-landing-system : lando --- .../base/content/test/favicons/auth_test.html | 11 +++++++++++ .../base/content/test/favicons/auth_test.png | 0 .../test/favicons/auth_test.png^headers^ | 2 ++ browser/base/content/test/favicons/browser.ini | 5 +++++ .../test/favicons/browser_favicon_auth.js | 17 +++++++++++++++++ browser/modules/FaviconLoader.jsm | 4 ++++ 6 files changed, 39 insertions(+) create mode 100644 browser/base/content/test/favicons/auth_test.html create mode 100644 browser/base/content/test/favicons/auth_test.png create mode 100644 browser/base/content/test/favicons/auth_test.png^headers^ create mode 100644 browser/base/content/test/favicons/browser_favicon_auth.js diff --git a/browser/base/content/test/favicons/auth_test.html b/browser/base/content/test/favicons/auth_test.html new file mode 100644 index 000000000000..90b78432f8db --- /dev/null +++ b/browser/base/content/test/favicons/auth_test.html @@ -0,0 +1,11 @@ + + + + + Favicon Test for http auth + + + + Favicon!! + + diff --git a/browser/base/content/test/favicons/auth_test.png b/browser/base/content/test/favicons/auth_test.png new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/browser/base/content/test/favicons/auth_test.png^headers^ b/browser/base/content/test/favicons/auth_test.png^headers^ new file mode 100644 index 000000000000..5024ae1c4b81 --- /dev/null +++ b/browser/base/content/test/favicons/auth_test.png^headers^ @@ -0,0 +1,2 @@ +HTTP 401 Unauthorized +WWW-Authenticate: Basic realm="Favicon auth" diff --git a/browser/base/content/test/favicons/browser.ini b/browser/base/content/test/favicons/browser.ini index 462e5a8e2bdf..0edeedd8720a 100644 --- a/browser/base/content/test/favicons/browser.ini +++ b/browser/base/content/test/favicons/browser.ini @@ -70,6 +70,11 @@ support-files = support-files = large_favicon.html large.png +[browser_favicon_auth.js] +support-files = + auth_test.html + auth_test.png + auth_test.png^headers^ [browser_favicon_accept.js] support-files = accept.html diff --git a/browser/base/content/test/favicons/browser_favicon_auth.js b/browser/base/content/test/favicons/browser_favicon_auth.js new file mode 100644 index 000000000000..ada476c34507 --- /dev/null +++ b/browser/base/content/test/favicons/browser_favicon_auth.js @@ -0,0 +1,17 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +const ROOT = getRootDirectory(gTestPath).replace("chrome://mochitests/content/", "http://mochi.test:8888/"); + +add_task(async () => { + await BrowserTestUtils.withNewTab({ gBrowser, url: "about:blank" }, async (browser) => { + let faviconPromise = waitForFaviconMessage(true, `${ROOT}auth_test.png`); + + BrowserTestUtils.loadURI(browser, `${ROOT}auth_test.html`); + await BrowserTestUtils.browserLoaded(browser); + + await Assert.rejects(faviconPromise, result => { + return result.iconURL == `${ROOT}auth_test.png`; + }, "Should have failed to load the icon."); + }); +}); diff --git a/browser/modules/FaviconLoader.jsm b/browser/modules/FaviconLoader.jsm index 4872c04b491c..38c7246f839b 100644 --- a/browser/modules/FaviconLoader.jsm +++ b/browser/modules/FaviconLoader.jsm @@ -117,6 +117,10 @@ class FaviconLoad { } } + if (this.channel instanceof Ci.nsIHttpChannelInternal) { + this.channel.blockAuthPrompt = true; + } + if (Services.prefs.getBoolPref("network.http.tailing.enabled", true) && this.channel instanceof Ci.nsIClassOfService) { this.channel.addClassFlags(Ci.nsIClassOfService.Tail | Ci.nsIClassOfService.Throttleable);