Bug 1517029: Fail favicon requests when encountering an icon that requires credentials. r=Gijs
authorDave Townsend <dtownsend@oxymoronical.com>
Mon, 07 Jan 2019 17:57:46 +0000
changeset 512711 cf3598ee865b
parent 512710 43c43fa35d2a
child 512712 aa39814ffdae
push id1953
push userffxbld-merge
push dateMon, 11 Mar 2019 12:10:20 +0000
treeherdermozilla-release@9c35dcbaa899 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersGijs
bugs1517029
milestone66.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1517029: Fail favicon requests when encountering an icon that requires credentials. r=Gijs Differential Revision: https://phabricator.services.mozilla.com/D15768
browser/base/content/test/favicons/auth_test.html
browser/base/content/test/favicons/auth_test.png
browser/base/content/test/favicons/auth_test.png^headers^
browser/base/content/test/favicons/browser.ini
browser/base/content/test/favicons/browser_favicon_auth.js
browser/modules/FaviconLoader.jsm
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/favicons/auth_test.html
@@ -0,0 +1,11 @@
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <meta charset='utf-8'>
+    <title>Favicon Test for http auth</title>
+    <link rel="icon" type="image/png" href="auth_test.png" />
+  </head>
+  <body>
+    Favicon!!
+  </body>
+</html>
new file mode 100644
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/favicons/auth_test.png^headers^
@@ -0,0 +1,2 @@
+HTTP 401 Unauthorized
+WWW-Authenticate: Basic realm="Favicon auth"
--- a/browser/base/content/test/favicons/browser.ini
+++ b/browser/base/content/test/favicons/browser.ini
@@ -65,12 +65,17 @@ support-files =
 [browser_favicon_cache.js]
 support-files =
   cookie_favicon.sjs
   cookie_favicon.html
 [browser_oversized.js]
 support-files =
   large_favicon.html
   large.png
+[browser_favicon_auth.js]
+support-files =
+  auth_test.html
+  auth_test.png
+  auth_test.png^headers^
 [browser_favicon_accept.js]
 support-files =
   accept.html
   accept.sjs
new file mode 100644
--- /dev/null
+++ b/browser/base/content/test/favicons/browser_favicon_auth.js
@@ -0,0 +1,17 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+const ROOT = getRootDirectory(gTestPath).replace("chrome://mochitests/content/", "http://mochi.test:8888/");
+
+add_task(async () => {
+  await BrowserTestUtils.withNewTab({ gBrowser, url: "about:blank" }, async (browser) => {
+    let faviconPromise = waitForFaviconMessage(true, `${ROOT}auth_test.png`);
+
+    BrowserTestUtils.loadURI(browser, `${ROOT}auth_test.html`);
+    await BrowserTestUtils.browserLoaded(browser);
+
+    await Assert.rejects(faviconPromise, result => {
+      return result.iconURL == `${ROOT}auth_test.png`;
+    }, "Should have failed to load the icon.");
+  });
+});
--- a/browser/modules/FaviconLoader.jsm
+++ b/browser/modules/FaviconLoader.jsm
@@ -112,16 +112,20 @@ class FaviconLoad {
       try {
         let acceptHeader = Services.prefs.getCharPref("image.http.accept");
         this.channel.setRequestHeader("Accept", acceptHeader, false);
       } catch (e) {
         // Failing to get the pref or set the header is ignorable.
       }
     }
 
+    if (this.channel instanceof Ci.nsIHttpChannelInternal) {
+      this.channel.blockAuthPrompt = true;
+    }
+
     if (Services.prefs.getBoolPref("network.http.tailing.enabled", true) &&
         this.channel instanceof Ci.nsIClassOfService) {
       this.channel.addClassFlags(Ci.nsIClassOfService.Tail | Ci.nsIClassOfService.Throttleable);
     }
   }
 
   load() {
     this._deferred = PromiseUtils.defer();