Add "disable HTTP authentication prompts" for this site to auth prompt dialog

NEW
Unassigned

Status

()

enhancement
P3
normal
2 years ago
4 months ago

People

(Reporter: mayhemer, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [passwords:http-auth] security:passwords)

As we still have reports of bugs like Bug 1425264 it would be good to mitigate this somehow.

We have implemented a limit of content 'alert("foo")' attacks by adding a "disable prompts for this site" in context of a tab.

Something similar could be implemented for authentication, I think binding to TLD+1 could be the right context.

Re-allow should be allowed from the addressbar notification area, probably it could be a permission, to piggyback on the existing model.
Component: Notifications and Alerts → Password Manager
Priority: -- → P2
See Also: → 377496
Whiteboard: [passwords:http-auth] security:passwords

Lowering priority now that we have bug 377496.

Priority: P2 → P3
You need to log in before you can comment on or make changes to this bug.