From 149fcd2c0941e3e06167750f99f1bff033b1c931 Mon Sep 17 00:00:00 2001 From: Gaming4JC Date: Sun, 17 Mar 2019 18:30:53 -0400 Subject: backport uxp #998: Update FE code with HTTP Auth DoS protection. --- base/content/browser.js | 5 +++++ base/content/tabbrowser.xml | 5 ++++- base/content/urlbarBindings.xml | 3 +++ 3 files changed, 12 insertions(+), 1 deletion(-) (limited to 'base') diff --git a/base/content/browser.js b/base/content/browser.js index 169e866..3aa2099 100755 --- a/base/content/browser.js +++ b/base/content/browser.js @@ -3032,6 +3032,11 @@ function getWebNavigation() } function BrowserReloadWithFlags(reloadFlags) { + + // Reset DOS mitigation for auth prompts when user initiates a reload. + let browser = gBrowser.selectedBrowser; + delete browser.authPromptCounter; + let url = gBrowser.currentURI.spec; if (gBrowser.updateBrowserRemotenessByURL(gBrowser.selectedBrowser, url)) { // If the remoteness has changed, the new browser doesn't have any diff --git a/base/content/tabbrowser.xml b/base/content/tabbrowser.xml index 8a6d252..287e402 100644 --- a/base/content/tabbrowser.xml +++ b/base/content/tabbrowser.xml @@ -2947,7 +2947,10 @@ diff --git a/base/content/urlbarBindings.xml b/base/content/urlbarBindings.xml index e89f6fb..b2a1f32 100644 --- a/base/content/urlbarBindings.xml +++ b/base/content/urlbarBindings.xml @@ -540,6 +540,9 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/. Cu.reportError(ex); } + // Reset DOS mitigations for the basic auth prompt. + delete browser.authPromptCounter; + let params = { postData, allowThirdPartyFixup: true, -- cgit v1.2.3