mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-29 15:52:07 +00:00
Bug 647010 - Limit when HTTP authentication dialog is shown. Block cross-origin http auth prompts with pref. r=mayhemer, r=tanvi
This commit is contained in:
parent
d57a0c0e6b
commit
b658f9d97e
@ -11,6 +11,9 @@
|
||||
<script class="testbody" type="text/javascript">
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
|
||||
// Turn off the authentication dialog blocking for this test.
|
||||
SpecialPowers.setIntPref("network.auth.allow-subresource-auth", 2)
|
||||
|
||||
var tests = [
|
||||
// Not the same origin no CORS asked for, should have silence
|
||||
{ url: "http://example.org:80/tests/dom/media/webaudio/test/small-shot.ogg",
|
||||
|
@ -1682,6 +1682,14 @@ pref("network.automatic-ntlm-auth.allow-proxies", true);
|
||||
pref("network.automatic-ntlm-auth.allow-non-fqdn", false);
|
||||
pref("network.automatic-ntlm-auth.trusted-uris", "");
|
||||
|
||||
// Sub-resources HTTP-authentication:
|
||||
// 0 - don't allow sub-resources to open HTTP authentication credentials
|
||||
// dialogs
|
||||
// 1 - allow sub-resources to open HTTP authentication credentials dialogs,
|
||||
// but don't allow it for cross-origin sub-resources
|
||||
// 2 - allow the cross-origin authentication as well.
|
||||
pref("network.auth.allow-subresource-auth", 1);
|
||||
|
||||
pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign
|
||||
|
||||
pref("network.proxy.type", 5);
|
||||
|
@ -7,6 +7,7 @@
|
||||
// HttpLog.h should generally be included first
|
||||
#include "HttpLog.h"
|
||||
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "nsHttpChannelAuthProvider.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsHttpHandler.h"
|
||||
@ -22,10 +23,15 @@
|
||||
#include "netCore.h"
|
||||
#include "nsIHttpAuthenticableChannel.h"
|
||||
#include "nsIURI.h"
|
||||
#include "nsContentUtils.h"
|
||||
|
||||
namespace mozilla {
|
||||
namespace net {
|
||||
|
||||
#define SUBRESOURCE_AUTH_DIALOG_DISALLOW_ALL 0
|
||||
#define SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN 1
|
||||
#define SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL 2
|
||||
|
||||
static void
|
||||
GetAppIdAndBrowserStatus(nsIChannel* aChan, uint32_t* aAppId, bool* aInBrowserElem)
|
||||
{
|
||||
@ -60,6 +66,18 @@ nsHttpChannelAuthProvider::~nsHttpChannelAuthProvider()
|
||||
MOZ_ASSERT(!mAuthChannel, "Disconnect wasn't called");
|
||||
}
|
||||
|
||||
uint32_t nsHttpChannelAuthProvider::sAuthAllowPref =
|
||||
SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN;
|
||||
|
||||
void
|
||||
nsHttpChannelAuthProvider::InitializePrefs()
|
||||
{
|
||||
MOZ_ASSERT(NS_IsMainThread());
|
||||
mozilla::Preferences::AddUintVarCache(&sAuthAllowPref,
|
||||
"network.auth.allow-subresource-auth",
|
||||
SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN);
|
||||
}
|
||||
|
||||
NS_IMETHODIMP
|
||||
nsHttpChannelAuthProvider::Init(nsIHttpAuthenticableChannel *channel)
|
||||
{
|
||||
@ -736,6 +754,14 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
|
||||
else if (authFlags & nsIHttpAuthenticator::IDENTITY_ENCRYPTED)
|
||||
level = nsIAuthPrompt2::LEVEL_PW_ENCRYPTED;
|
||||
|
||||
// Depending on the pref setting, the authentication dialog may be
|
||||
// blocked for all sub-resources, blocked for cross-origin
|
||||
// sub-resources, or always allowed for sub-resources.
|
||||
// For more details look at the bug 647010.
|
||||
if (BlockPrompt()) {
|
||||
return NS_ERROR_ABORT;
|
||||
}
|
||||
|
||||
// at this point we are forced to interact with the user to get
|
||||
// their username and password for this domain.
|
||||
rv = PromptForIdentity(level, proxyAuth, realm.get(),
|
||||
@ -779,6 +805,53 @@ nsHttpChannelAuthProvider::GetCredentialsForChallenge(const char *challenge,
|
||||
return rv;
|
||||
}
|
||||
|
||||
bool
|
||||
nsHttpChannelAuthProvider::BlockPrompt()
|
||||
{
|
||||
nsCOMPtr<nsIChannel> chan = do_QueryInterface(mAuthChannel);
|
||||
nsCOMPtr<nsILoadInfo> loadInfo;
|
||||
chan->GetLoadInfo(getter_AddRefs(loadInfo));
|
||||
if (!loadInfo) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Allow if it is the top-level document or xhr.
|
||||
if ((loadInfo->GetContentPolicyType() == nsIContentPolicy::TYPE_DOCUMENT) ||
|
||||
(loadInfo->GetContentPolicyType() == nsIContentPolicy::TYPE_XMLHTTPREQUEST)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (sAuthAllowPref) {
|
||||
case SUBRESOURCE_AUTH_DIALOG_DISALLOW_ALL:
|
||||
// Do not open the http-authentication credentials dialog for
|
||||
// the sub-resources.
|
||||
return true;
|
||||
break;
|
||||
case SUBRESOURCE_AUTH_DIALOG_DISALLOW_CROSS_ORIGIN:
|
||||
// Do not open the http-authentication credentials dialog for
|
||||
// the sub-resources only if they are not cross-origin.
|
||||
{
|
||||
nsCOMPtr<nsIPrincipal> loadingPrincipal =
|
||||
loadInfo->LoadingPrincipal();
|
||||
if (!loadingPrincipal) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (NS_FAILED(loadingPrincipal->CheckMayLoad(mURI, false, false))) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL:
|
||||
// Allow the http-authentication dialog.
|
||||
return false;
|
||||
default:
|
||||
// This is an invalid value.
|
||||
MOZ_ASSERT(false, "A non valid value!");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
inline void
|
||||
GetAuthType(const char *challenge, nsCString &authType)
|
||||
{
|
||||
|
@ -33,7 +33,7 @@ public:
|
||||
NS_DECL_NSIAUTHPROMPTCALLBACK
|
||||
|
||||
nsHttpChannelAuthProvider();
|
||||
|
||||
static void InitializePrefs();
|
||||
private:
|
||||
virtual ~nsHttpChannelAuthProvider();
|
||||
|
||||
@ -111,6 +111,12 @@ private:
|
||||
*/
|
||||
nsresult ProcessSTSHeader();
|
||||
|
||||
// Depending on the pref setting, the authentication dialog may be blocked
|
||||
// for all sub-resources, blocked for cross-origin sub-resources, or
|
||||
// always allowed for sub-resources.
|
||||
// For more details look at the bug 647010.
|
||||
bool BlockPrompt();
|
||||
|
||||
private:
|
||||
nsIHttpAuthenticableChannel *mAuthChannel; // weak ref
|
||||
|
||||
@ -149,6 +155,11 @@ private:
|
||||
uint32_t mSuppressDefensiveAuth : 1;
|
||||
|
||||
nsRefPtr<nsHttpHandler> mHttpHandler; // keep gHttpHandler alive
|
||||
|
||||
// A variable holding the preference settings to whether to open HTTP
|
||||
// authentication credentials dialogs for sub-resources and cross-origin
|
||||
// sub-resources.
|
||||
static uint32_t sAuthAllowPref;
|
||||
};
|
||||
|
||||
}} // namespace mozilla::net
|
||||
|
@ -48,6 +48,7 @@
|
||||
#include "nsIMemoryReporter.h"
|
||||
#include "nsIParentalControlsService.h"
|
||||
#include "nsINetworkLinkService.h"
|
||||
#include "nsHttpChannelAuthProvider.h"
|
||||
|
||||
#include "mozilla/net/NeckoChild.h"
|
||||
#include "mozilla/ipc/URIUtils.h"
|
||||
@ -286,6 +287,8 @@ nsHttpHandler::Init()
|
||||
PrefsChanged(prefBranch, nullptr);
|
||||
}
|
||||
|
||||
nsHttpChannelAuthProvider::InitializePrefs();
|
||||
|
||||
mMisc.AssignLiteral("rv:" MOZILLA_UAVERSION);
|
||||
|
||||
mCompatFirefox.AssignLiteral("Firefox/" MOZILLA_UAVERSION);
|
||||
|
256
netwerk/test/unit/test_auth_dialog_permission.js
Normal file
256
netwerk/test/unit/test_auth_dialog_permission.js
Normal file
@ -0,0 +1,256 @@
|
||||
// This file tests authentication prompt depending on pref
|
||||
// network.auth.allow-subresource-auth:
|
||||
// 0 - don't allow sub-resources to open HTTP authentication credentials
|
||||
// dialogs
|
||||
// 1 - allow sub-resources to open HTTP authentication credentials dialogs,
|
||||
// but don't allow it for cross-origin sub-resources
|
||||
// 2 - allow the cross-origin authentication as well.
|
||||
|
||||
Cu.import("resource://testing-common/httpd.js");
|
||||
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"].
|
||||
getService(Ci.nsIPrefBranch);
|
||||
|
||||
function authHandler(metadata, response) {
|
||||
// btoa("guest:guest"), but that function is not available here
|
||||
var expectedHeader = "Basic Z3Vlc3Q6Z3Vlc3Q=";
|
||||
|
||||
var body;
|
||||
if (metadata.hasHeader("Authorization") &&
|
||||
metadata.getHeader("Authorization") == expectedHeader) {
|
||||
|
||||
response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
|
||||
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
|
||||
|
||||
body = "success";
|
||||
} else {
|
||||
// didn't know guest:guest, failure
|
||||
response.setStatusLine(metadata.httpVersion, 401, "Unauthorized");
|
||||
response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
|
||||
|
||||
body = "failed";
|
||||
}
|
||||
|
||||
response.bodyOutputStream.write(body, body.length);
|
||||
}
|
||||
|
||||
var httpserv = new HttpServer();
|
||||
httpserv.registerPathHandler("/auth", authHandler);
|
||||
httpserv.start(-1);
|
||||
|
||||
XPCOMUtils.defineLazyGetter(this, "URL", function() {
|
||||
return "http://localhost:" + httpserv.identity.primaryPort;
|
||||
});
|
||||
|
||||
XPCOMUtils.defineLazyGetter(this, "PORT", function() {
|
||||
return httpserv.identity.primaryPort;
|
||||
});
|
||||
|
||||
function AuthPrompt(promptExpected) {
|
||||
this.promptExpected = promptExpected;
|
||||
}
|
||||
|
||||
AuthPrompt.prototype = {
|
||||
user: "guest",
|
||||
pass: "guest",
|
||||
|
||||
QueryInterface: function authprompt_qi(iid) {
|
||||
if (iid.equals(Components.interfaces.nsISupports) ||
|
||||
iid.equals(Components.interfaces.nsIAuthPrompt))
|
||||
return this;
|
||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
|
||||
prompt: function(title, text, realm, save, defaultText, result) {
|
||||
do_throw("unexpected prompt call");
|
||||
},
|
||||
|
||||
promptUsernameAndPassword: function(title, text, realm, savePW, user, pw) {
|
||||
do_check_true(this.promptExpected,
|
||||
"Not expected the authentication prompt.");
|
||||
|
||||
user.value = this.user;
|
||||
pw.value = this.pass;
|
||||
return true;
|
||||
},
|
||||
|
||||
promptPassword: function(title, text, realm, save, pwd) {
|
||||
do_throw("unexpected promptPassword call");
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
function Requestor(promptExpected) {
|
||||
this.promptExpected = promptExpected;
|
||||
}
|
||||
|
||||
Requestor.prototype = {
|
||||
QueryInterface: function(iid) {
|
||||
if (iid.equals(Components.interfaces.nsISupports) ||
|
||||
iid.equals(Components.interfaces.nsIInterfaceRequestor))
|
||||
return this;
|
||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
|
||||
getInterface: function(iid) {
|
||||
if (iid.equals(Components.interfaces.nsIAuthPrompt)) {
|
||||
this.prompter = new AuthPrompt(this.promptExpected);
|
||||
return this.prompter;
|
||||
}
|
||||
|
||||
throw Components.results.NS_ERROR_NO_INTERFACE;
|
||||
},
|
||||
|
||||
prompter: null
|
||||
};
|
||||
|
||||
function make_uri(url) {
|
||||
var ios = Cc["@mozilla.org/network/io-service;1"].
|
||||
getService(Ci.nsIIOService);
|
||||
return ios.newURI(url, null, null);
|
||||
}
|
||||
|
||||
function makeChan(loadingUrl, url, contentPolicy) {
|
||||
var loadingUri = make_uri(loadingUrl);
|
||||
var principal = Components.classes["@mozilla.org/scriptsecuritymanager;1"]
|
||||
.getService(Ci.nsIScriptSecurityManager)
|
||||
.getNoAppCodebasePrincipal(loadingUri);
|
||||
|
||||
var ios = Components.classes["@mozilla.org/network/io-service;1"]
|
||||
.getService(Components.interfaces.nsIIOService);
|
||||
var chan = ios.newChannel2(url,
|
||||
null,
|
||||
null,
|
||||
null,
|
||||
principal,
|
||||
null,
|
||||
Ci.nsILoadInfo.SEC_NORMAL,
|
||||
contentPolicy)
|
||||
.QueryInterface(Components.interfaces.nsIHttpChannel);
|
||||
|
||||
return chan;
|
||||
}
|
||||
|
||||
function Test(allow_subresource_auth_pref, loadingUri, uri, contentPolicy,
|
||||
expectedCode) {
|
||||
this._allow_subresource_auth_pref = allow_subresource_auth_pref;
|
||||
this._loadingUri = loadingUri;
|
||||
this._uri = uri;
|
||||
this._contentPolicy = contentPolicy;
|
||||
this._expectedCode = expectedCode;
|
||||
}
|
||||
|
||||
Test.prototype = {
|
||||
_allow_subresource_auth_pref: 1,
|
||||
_loadingUri: null,
|
||||
_uri: null,
|
||||
_contentPolicy: Ci.nsIContentPolicy.TYPE_OTHER,
|
||||
_expectedCode: 200,
|
||||
|
||||
onStartRequest: function(request, ctx) {
|
||||
try {
|
||||
if (!Components.isSuccessCode(request.status)) {
|
||||
do_throw("Channel should have a success code!");
|
||||
}
|
||||
|
||||
if (!(request instanceof Components.interfaces.nsIHttpChannel)) {
|
||||
do_throw("Expecting an HTTP channel");
|
||||
}
|
||||
|
||||
do_check_eq(request.responseStatus, this._expectedCode);
|
||||
// The request should be succeeded iff we expect 200
|
||||
do_check_eq(request.requestSucceeded, this._expectedCode == 200);
|
||||
|
||||
} catch (e) {
|
||||
do_throw("Unexpected exception: " + e);
|
||||
}
|
||||
|
||||
throw Components.results.NS_ERROR_ABORT;
|
||||
},
|
||||
|
||||
onDataAvailable: function(request, context, stream, offset, count) {
|
||||
do_throw("Should not get any data!");
|
||||
},
|
||||
|
||||
onStopRequest: function(request, ctx, status) {
|
||||
do_check_eq(status, Components.results.NS_ERROR_ABORT);
|
||||
|
||||
// Clear the auth cache.
|
||||
Components.classes["@mozilla.org/network/http-auth-manager;1"]
|
||||
.getService(Components.interfaces.nsIHttpAuthManager)
|
||||
.clearAll();
|
||||
|
||||
do_timeout(0, run_next_test);
|
||||
},
|
||||
|
||||
run: function() {
|
||||
dump("Run test: " + this._allow_subresource_auth_pref
|
||||
+ this._loadingUri
|
||||
+ this._uri
|
||||
+ this._contentPolicy
|
||||
+ this._expectedCode + " \n");
|
||||
|
||||
prefs.setIntPref("network.auth.allow-subresource-auth",
|
||||
this._allow_subresource_auth_pref);
|
||||
let chan = makeChan(this._loadingUri, this._uri, this._contentPolicy);
|
||||
chan.notificationCallbacks = new Requestor(this._expectedCode == 200);
|
||||
chan.asyncOpen(this, null);
|
||||
}
|
||||
};
|
||||
|
||||
var tests = [
|
||||
// For the next 3 tests the preference is set to 2 - allow the cross-origin
|
||||
// authentication as well.
|
||||
|
||||
// A cross-origin request.
|
||||
new Test(2, "https://example.com", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 200),
|
||||
// A non cross-origin sub-resource request.
|
||||
new Test(2, URL + "/", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 200),
|
||||
// A top level document.
|
||||
new Test(2, URL + "/auth", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
|
||||
|
||||
// For the next 3 tests the preference is set to 1 - allow sub-resources to
|
||||
// open HTTP authentication credentials dialogs, but don't allow it for
|
||||
// cross-origin sub-resources
|
||||
|
||||
// A cross-origin request.
|
||||
new Test(1, "https://example.com", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 401),
|
||||
// A non cross-origin sub-resource request.
|
||||
new Test(1, URL + "/", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 200),
|
||||
// A top level document.
|
||||
new Test(1, URL + "/auth", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
|
||||
|
||||
// For the next 3 tests the preference is set to 0 - don't allow sub-resources
|
||||
// to open HTTP authentication credentials dialogs.
|
||||
|
||||
// A cross-origin request.
|
||||
new Test(0, "https://example.com", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 401),
|
||||
// A sub-resource request.
|
||||
new Test(0, URL + "/", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_OTHER, 401),
|
||||
// A top level request.
|
||||
new Test(0, URL + "/auth", URL + "/auth",
|
||||
Ci.nsIContentPolicy.TYPE_DOCUMENT, 200),
|
||||
];
|
||||
|
||||
function run_next_test() {
|
||||
var nextTest = tests.shift();
|
||||
if (!nextTest) {
|
||||
httpserv.stop(do_test_finished);
|
||||
return;
|
||||
}
|
||||
|
||||
nextTest.run();
|
||||
}
|
||||
|
||||
function run_test() {
|
||||
do_test_pending();
|
||||
run_next_test();
|
||||
}
|
@ -244,6 +244,9 @@ function run_test() {
|
||||
prefs.setCharPref("network.proxy.no_proxies_on", "");
|
||||
prefs.setIntPref("network.proxy.type", 1);
|
||||
|
||||
// Turn off the authentication dialog blocking for this test.
|
||||
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
|
||||
|
||||
tests[current_test]();
|
||||
}
|
||||
|
||||
|
@ -4,6 +4,11 @@
|
||||
Cu.import("resource://testing-common/httpd.js");
|
||||
Cu.import("resource://gre/modules/Services.jsm");
|
||||
|
||||
// Turn off the authentication dialog blocking for this test.
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"].
|
||||
getService(Ci.nsIPrefBranch);
|
||||
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
|
||||
|
||||
XPCOMUtils.defineLazyGetter(this, "URL", function() {
|
||||
return "http://localhost:" + httpserv.identity.primaryPort;
|
||||
});
|
||||
|
@ -80,6 +80,7 @@ skip-if = true
|
||||
[test_auth_proxy.js]
|
||||
[test_authentication.js]
|
||||
[test_authpromptwrapper.js]
|
||||
[test_auth_dialog_permission.js]
|
||||
[test_backgroundfilesaver.js]
|
||||
[test_bug203271.js]
|
||||
[test_bug248970_cache.js]
|
||||
|
@ -11,6 +11,9 @@
|
||||
SimpleTest.waitForExplicitFinish();
|
||||
SimpleTest.requestFlakyTimeout("untriaged");
|
||||
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"].
|
||||
getService(Ci.nsIPrefBranch);
|
||||
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
|
||||
// Class monitoring number of open dialog windows
|
||||
// It checks there is always open just a single dialog per application
|
||||
function dialogMonitor() {
|
||||
|
@ -8,6 +8,10 @@ function test() {
|
||||
Harness.installsCompletedCallback = finish_test;
|
||||
Harness.setup();
|
||||
|
||||
var prefs = Cc["@mozilla.org/preferences-service;1"].
|
||||
getService(Ci.nsIPrefBranch);
|
||||
prefs.setIntPref("network.auth.allow-subresource-auth", 2);
|
||||
|
||||
var pm = Services.perms;
|
||||
pm.add(makeURI("http://example.com/"), "install", pm.ALLOW_ACTION);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user