Move default-enable pref to application.

4 years ago · c283102a46
parent 54df9f8a30
commit c283102a46
2 changed files with 14 additions and 5 deletions
--- a/application/palemoon/app/profile/palemoon.js
+++ b/application/palemoon/app/profile/palemoon.js
@ -1160,6 +1160,14 @@ pref("toolkit.pageThumbs.minHeight", 180);
 pref("ui.key.menuAccessKeyFocuses", true);
 #endif

+// When a user cancels this number of authentication dialogs coming from
+// a single web page (eTLD+1) in a row, all following authentication dialogs
+// will be blocked (automatically canceled) for that page.
+// This counter is per-tab and per-domain to minimize false positives.
+// The counter resets when the page is reloaded from the UI
+// (content-reloads do NOT clear this to mitigate reloading tricks).
+pref("prompts.authentication_dialog_abuse_limit", 3);
+
 // ****************** s4e prefs ******************
 pref("status4evar.addonbar.borderStyle", false);
 pref("status4evar.addonbar.closeButton", false);
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@ -5459,8 +5459,9 @@ pref("dom.storageManager.enabled", true);
 pref("dom.storageManager.enabled", false);
 #endif

-// When a user cancels this number of authentication dialogs coming from
-// a single web page in a row, all following authentication dialogs will
-// be blocked (automatically canceled) for that page. The counter resets
-// when the page is reloaded. To turn this feature off, just set the limit to 0.
-pref("prompts.authentication_dialog_abuse_limit", 3);
+// DoS protection for HTTP Auth prompt spawning.
+// -1 = completely disable HTTP Auth prompting. (careful!)
+// 0  = disable this DoS protection
+// >0 = suppress further prompts after the user has canceled the dialog n times
+// See application preferences for appropriate defaults.
+pref("prompts.authentication_dialog_abuse_limit", 0);