New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

browser: flags to control iwa enabled server whitelist #5638

Merged
merged 3 commits into from May 23, 2016

Conversation

Projects
None yet
3 participants
@deepak1556
Member

deepak1556 commented May 21, 2016

Since v0.37 there is no URLSecurityManager directly configured by brightray, instead we need to set the whitelist with HttpAuthPreferences. This makes app.allowNTLMCredentialsForAllDomains obsolete, have introduced flags which mimic chromes' behavior. This will be a breaking change. Also should DisableAuthNegotiateCnameLookup and EnableAuthNegotiatePort be added ?

Ref https://www.chromium.org/developers/design-documents/http-authentication

Fixes #4825

Depends on electron-archive/brightray#223

/cc @paulcbetts

@deepak1556

This comment has been minimized.

Member

deepak1556 commented May 21, 2016

Actually could bring back app.AllowNTLMCredentialsForAllDomains by setting auth-server-whitelist=* internally, that way it wouldnt be breaking change. Thoughts ?

@paulcbetts

This comment has been minimized.

Contributor

paulcbetts commented May 22, 2016

@deepak1556 This sounds good, we could just make the allowNTLMCredentialsForAllDomains just add command-line flags and require that you have to move it before ready

@deepak1556

This comment has been minimized.

Member

deepak1556 commented May 22, 2016

Fixed, thanks!

@deepak1556 deepak1556 changed the title from browser: flags to control iwa enabled server whitelist to [WIP] browser: flags to control iwa enabled server whitelist May 23, 2016

@deepak1556 deepak1556 changed the title from [WIP] browser: flags to control iwa enabled server whitelist to browser: flags to control iwa enabled server whitelist May 23, 2016

@deepak1556

This comment has been minimized.

Member

deepak1556 commented May 23, 2016

Have deprecated app.allowNTLMCredentialsForAllDomains and replaced with generic session.allowNTLMCredentialsForDomains. Not sure if this the right way to deprecate.

@zcbenz

This comment has been minimized.

Contributor

zcbenz commented May 23, 2016

👍

@zcbenz zcbenz merged commit c489d6d into electron:master May 23, 2016

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment