Open Bug 1426656 Opened 6 years ago Updated 2 years ago

Add "disable HTTP authentication prompts" for this site to auth prompt dialog


(Toolkit :: Password Manager, enhancement, P3)





(Reporter: mayhemer, Unassigned)



(Whiteboard: [passwords:http-auth] security:passwords)

As we still have reports of bugs like Bug 1425264 it would be good to mitigate this somehow.

We have implemented a limit of content 'alert("foo")' attacks by adding a "disable prompts for this site" in context of a tab.

Something similar could be implemented for authentication, I think binding to TLD+1 could be the right context.

Re-allow should be allowed from the addressbar notification area, probably it could be a permission, to piggyback on the existing model.
Component: Notifications and Alerts → Password Manager
Priority: -- → P2
See Also: → 613785
See Also: → 377496
Whiteboard: [passwords:http-auth] security:passwords

Lowering priority now that we have bug 377496.

Priority: P2 → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.