From 6faa3298a56035bdccc076cb06f34814ff812f78 Mon Sep 17 00:00:00 2001
From: Dragana Damjanovic
Date: Wed, 6 Dec 2017 14:13:32 +0100
Subject: [PATCH] Bug 1423522 - We should not block http-authentication prompts
for proxies. r=ckerschb
---
netwerk/protocol/http/nsHttpChannelAuthProvider.cpp | 9 +++++++--
netwerk/protocol/http/nsHttpChannelAuthProvider.h | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
index 92abed30355a..26bd6752525a 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.cpp
@@ -910,7 +910,7 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
// sub-resources, or always allowed for sub-resources.
// For more details look at the bug 647010.
// BlockPrompt will set mCrossOrigin parameter as well.
- if (BlockPrompt()) {
+ if (BlockPrompt(proxyAuth)) {
LOG(("nsHttpChannelAuthProvider::GetCredentialsForChallenge: "
"Prompt is blocked [this=%p pref=%d img-pref=%d]\n",
this, sAuthAllowPref, sImgCrossOriginAuthAllowPref));
@@ -962,7 +962,7 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
}
bool
-nsHttpChannelAuthProvider::BlockPrompt()
+nsHttpChannelAuthProvider::BlockPrompt(bool proxyAuth)
{
// Verify that it's ok to prompt for credentials here, per spec
// http://xhr.spec.whatwg.org/#the-send%28%29-method
@@ -976,6 +976,11 @@ nsHttpChannelAuthProvider::BlockPrompt()
return true;
}
+ if (proxyAuth) {
+ // Do not block auth-dialog if this is a proxy authentication.
+ return false;
+ }
+
nsCOMPtr chan = do_QueryInterface(mAuthChannel);
nsCOMPtr loadInfo;
chan->GetLoadInfo(getter_AddRefs(loadInfo));
diff --git a/netwerk/protocol/http/nsHttpChannelAuthProvider.h b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
index 4cf61c5a5881..7dcbede0a386 100644
--- a/netwerk/protocol/http/nsHttpChannelAuthProvider.h
+++ b/netwerk/protocol/http/nsHttpChannelAuthProvider.h
@@ -122,7 +122,7 @@ private:
// for all sub-resources, blocked for cross-origin sub-resources, or
// always allowed for sub-resources.
// For more details look at the bug 647010.
- bool BlockPrompt();
+ bool BlockPrompt(bool proxyAuth);
// Store credentials to the cache when appropriate aFlags are set.
MOZ_MUST_USE nsresult UpdateCache(nsIHttpAuthenticator *aAuth,