diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-29 18:02:36 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-29 18:02:36 +0000 |
| commit | d7f166387b66955c2e5b967a3cc7467fad072e73 (patch) | |
| tree | 7a5c47a5e65f90afb2eca5bbb4c0d6c08f5dc625 /net/http/http_auth_handler.h | |
| parent | 5452d7e80ce2df298e15e6a5e17effcb26a51bf2 (diff) | |
| download | chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.zip chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.tar.gz chromium_src-d7f166387b66955c2e5b967a3cc7467fad072e73.tar.bz2 | |
On Windows, use IInternetSecurityManager to determine if it's OK
to send the default credentials to a server, without prompting the
user for permission, for HTTP NTLM or Negotiate authentication.
It is always OK to send the default credentials to a proxy without
prompting the user.
Rename the AllowDefaultCredentials method of HttpAuthHandler to
SupportsDefaultCredentials and redefine it to simply return if
the authentication scheme supports the use of default credentials,
as opposed to whether we may use the default credentials for a
particular server or proxy.
This CL contains the changes by cbentzel in
http://codereview.chromium.org/1082001.
R=cbentzel,cpu,stoyan
BUG=29596
TEST=none
Review URL: http://codereview.chromium.org/1343003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42960 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_auth_handler.h')
| -rw-r--r-- | net/http/http_auth_handler.h | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/http/http_auth_handler.h b/net/http/http_auth_handler.h index dc0543e..d2eae13 100644 --- a/net/http/http_auth_handler.h +++ b/net/http/http_auth_handler.h @@ -74,10 +74,12 @@ class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> { // single-round schemes. virtual bool IsFinalRound() { return true; } - // Returns whether the default credentials may be used for the |origin| passed - // into |InitFromChallenge|. If true, the user does not need to be prompted - // for username and password to establish credentials. - virtual bool AllowDefaultCredentials() { return false; } + // Returns whether the authentication scheme supports the use of default + // credentials. If true, the user does not need to be prompted for + // username and password to establish credentials. + // NOTE: SSO is a potential security risk. + // TODO(cbentzel): Add a pointer to Firefox documentation about risk. + virtual bool SupportsDefaultCredentials() { return false; } // TODO(cbentzel): Separate providing credentials from generating the // authentication token in the API. @@ -96,7 +98,7 @@ class HttpAuthHandler : public base::RefCounted<HttpAuthHandler> { // The return value is an error code. If the code is not |OK|, the value of // |*auth_token| is unspecified. // |auth_token| is a return value and must be non-NULL. - // This should only be called after |AllowDefaultCredentials| returns true. + // This should only be called if |SupportsDefaultCredentials| returns true. virtual int GenerateDefaultAuthToken(const HttpRequestInfo* request, const ProxyInfo* proxy, std::string* auth_token) = 0; |