diff --git a/atom/browser/api/atom_api_app.cc b/atom/browser/api/atom_api_app.cc index b4c0fb6f21..195cf84a65 100644 --- a/atom/browser/api/atom_api_app.cc +++ b/atom/browser/api/atom_api_app.cc @@ -375,12 +375,6 @@ void App::SetDesktopName(const std::string& desktop_name) { #endif } -void App::AllowNTLMCredentialsForAllDomains(bool should_allow) { - auto browser_context = static_cast( - AtomBrowserMainParts::Get()->browser_context()); - browser_context->AllowNTLMCredentialsForAllDomains(should_allow); -} - std::string App::GetLocale() { return l10n_util::GetApplicationLocale(""); } @@ -482,8 +476,6 @@ void App::BuildPrototype( .SetMethod("setPath", &App::SetPath) .SetMethod("getPath", &App::GetPath) .SetMethod("setDesktopName", &App::SetDesktopName) - .SetMethod("allowNTLMCredentialsForAllDomains", - &App::AllowNTLMCredentialsForAllDomains) .SetMethod("getLocale", &App::GetLocale) #if defined(USE_NSS_CERTS) .SetMethod("importCertificate", &App::ImportCertificate) diff --git a/atom/browser/api/atom_api_app.h b/atom/browser/api/atom_api_app.h index 1c6406c54b..41aef0ac39 100644 --- a/atom/browser/api/atom_api_app.h +++ b/atom/browser/api/atom_api_app.h @@ -106,7 +106,6 @@ class App : public AtomBrowserClient::Delegate, const base::FilePath& path); void SetDesktopName(const std::string& desktop_name); - void AllowNTLMCredentialsForAllDomains(bool should_allow); bool MakeSingleInstance( const ProcessSingleton::NotificationCallback& callback); std::string GetLocale(); diff --git a/atom/browser/api/atom_api_session.cc b/atom/browser/api/atom_api_session.cc index 61b34e1de9..15aa2afe9c 100644 --- a/atom/browser/api/atom_api_session.cc +++ b/atom/browser/api/atom_api_session.cc @@ -36,6 +36,8 @@ #include "net/base/load_flags.h" #include "net/disk_cache/disk_cache.h" #include "net/dns/host_cache.h" +#include "net/http/http_auth_handler_factory.h" +#include "net/http/http_auth_preferences.h" #include "net/proxy/proxy_service.h" #include "net/proxy/proxy_config_service_fixed.h" #include "net/url_request/url_request_context.h" @@ -284,6 +286,19 @@ void ClearHostResolverCacheInIO( } } +void AllowNTLMCredentialsForDomainsInIO( + const scoped_refptr& context_getter, + const std::string& domains) { + auto request_context = context_getter->GetURLRequestContext(); + auto auth_handler = request_context->http_auth_handler_factory(); + if (auth_handler) { + auto auth_preferences = const_cast( + auth_handler->http_auth_preferences()); + if (auth_preferences) + auth_preferences->set_server_whitelist(domains); + } +} + } // namespace Session::Session(v8::Isolate* isolate, AtomBrowserContext* browser_context) @@ -432,6 +447,13 @@ void Session::ClearHostResolverCache(mate::Arguments* args) { callback)); } +void Session::AllowNTLMCredentialsForDomains(const std::string& domains) { + BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, + base::Bind(&AllowNTLMCredentialsForDomainsInIO, + make_scoped_refptr(browser_context_->GetRequestContext()), + domains)); +} + v8::Local Session::Cookies(v8::Isolate* isolate) { if (cookies_.IsEmpty()) { auto handle = atom::api::Cookies::Create(isolate, browser_context()); @@ -487,6 +509,8 @@ void Session::BuildPrototype(v8::Isolate* isolate, .SetMethod("setPermissionRequestHandler", &Session::SetPermissionRequestHandler) .SetMethod("clearHostResolverCache", &Session::ClearHostResolverCache) + .SetMethod("allowNTLMCredentialsForDomains", + &Session::AllowNTLMCredentialsForDomains) .SetProperty("cookies", &Session::Cookies) .SetProperty("webRequest", &Session::WebRequest); } diff --git a/atom/browser/api/atom_api_session.h b/atom/browser/api/atom_api_session.h index 5e08a85aa7..0cebf09ea1 100644 --- a/atom/browser/api/atom_api_session.h +++ b/atom/browser/api/atom_api_session.h @@ -79,6 +79,7 @@ class Session: public mate::TrackableObject, void SetPermissionRequestHandler(v8::Local val, mate::Arguments* args); void ClearHostResolverCache(mate::Arguments* args); + void AllowNTLMCredentialsForDomains(const std::string& domains); v8::Local Cookies(v8::Isolate* isolate); v8::Local WebRequest(v8::Isolate* isolate); diff --git a/atom/browser/atom_browser_context.cc b/atom/browser/atom_browser_context.cc index 63da86f441..6f28cf6df7 100644 --- a/atom/browser/atom_browser_context.cc +++ b/atom/browser/atom_browser_context.cc @@ -67,8 +67,7 @@ AtomBrowserContext::AtomBrowserContext(const std::string& partition, : brightray::BrowserContext(partition, in_memory), cert_verifier_(new AtomCertVerifier), job_factory_(new AtomURLRequestJobFactory), - network_delegate_(new AtomNetworkDelegate), - allow_ntlm_everywhere_(false) { + network_delegate_(new AtomNetworkDelegate) { } AtomBrowserContext::~AtomBrowserContext() { @@ -195,16 +194,6 @@ void AtomBrowserContext::RegisterPrefs(PrefRegistrySimple* pref_registry) { pref_registry->RegisterDictionaryPref(prefs::kDevToolsFileSystemPaths); } -bool AtomBrowserContext::AllowNTLMCredentialsForDomain(const GURL& origin) { - if (allow_ntlm_everywhere_) - return true; - return Delegate::AllowNTLMCredentialsForDomain(origin); -} - -void AtomBrowserContext::AllowNTLMCredentialsForAllDomains(bool should_allow) { - allow_ntlm_everywhere_ = should_allow; -} - } // namespace atom namespace brightray { diff --git a/atom/browser/atom_browser_context.h b/atom/browser/atom_browser_context.h index b208ca97cc..028f5d1e79 100644 --- a/atom/browser/atom_browser_context.h +++ b/atom/browser/atom_browser_context.h @@ -33,7 +33,6 @@ class AtomBrowserContext : public brightray::BrowserContext { const base::FilePath& base_path) override; std::unique_ptr CreateCertVerifier() override; net::SSLConfigService* CreateSSLConfigService() override; - bool AllowNTLMCredentialsForDomain(const GURL& auth_origin) override; // content::BrowserContext: content::DownloadManagerDelegate* GetDownloadManagerDelegate() override; @@ -43,8 +42,6 @@ class AtomBrowserContext : public brightray::BrowserContext { // brightray::BrowserContext: void RegisterPrefs(PrefRegistrySimple* pref_registry) override; - void AllowNTLMCredentialsForAllDomains(bool should_allow); - AtomCertVerifier* cert_verifier() const { return cert_verifier_; } AtomURLRequestJobFactory* job_factory() const { return job_factory_; } @@ -61,8 +58,6 @@ class AtomBrowserContext : public brightray::BrowserContext { AtomURLRequestJobFactory* job_factory_; AtomNetworkDelegate* network_delegate_; - bool allow_ntlm_everywhere_; - DISALLOW_COPY_AND_ASSIGN(AtomBrowserContext); }; diff --git a/atom/browser/native_window.h b/atom/browser/native_window.h index a9b5ffc3f7..0846fbde4a 100644 --- a/atom/browser/native_window.h +++ b/atom/browser/native_window.h @@ -191,7 +191,7 @@ class NativeWindow : public base::SupportsUserData, // Set the aspect ratio when resizing window. double GetAspectRatio(); gfx::Size GetAspectRatioExtraSize(); - void SetAspectRatio(double aspect_ratio, const gfx::Size& extra_size); + virtual void SetAspectRatio(double aspect_ratio, const gfx::Size& extra_size); base::WeakPtr GetWeakPtr() { return weak_factory_.GetWeakPtr(); diff --git a/atom/browser/native_window_mac.h b/atom/browser/native_window_mac.h index cfb3141ede..c1694c3c78 100644 --- a/atom/browser/native_window_mac.h +++ b/atom/browser/native_window_mac.h @@ -49,6 +49,8 @@ class NativeWindowMac : public NativeWindow { void SetResizable(bool resizable) override; bool IsResizable() override; void SetMovable(bool movable) override; + void SetAspectRatio(double aspect_ratio, const gfx::Size& extra_size) + override; bool IsMovable() override; void SetMinimizable(bool minimizable) override; bool IsMinimizable() override; diff --git a/atom/browser/native_window_mac.mm b/atom/browser/native_window_mac.mm index 10dd17785c..cc31d308d1 100644 --- a/atom/browser/native_window_mac.mm +++ b/atom/browser/native_window_mac.mm @@ -141,22 +141,9 @@ bool ScopedDisableResize::disable_resize_ = false; newSize.width = roundf((frameSize.height - extraHeightPlusFrame) * aspectRatio + extraWidthPlusFrame); - - // If the new width is less than the frame size use it as the primary - // constraint. This ensures that the value returned by this method will - // never be larger than the users requested window size. - if (newSize.width <= frameSize.width) { - newSize.height = - roundf((newSize.width - extraWidthPlusFrame) / aspectRatio + - extraHeightPlusFrame); - } else { - newSize.height = - roundf((frameSize.width - extraWidthPlusFrame) / aspectRatio + - extraHeightPlusFrame); - newSize.width = - roundf((newSize.height - extraHeightPlusFrame) * aspectRatio + - extraWidthPlusFrame); - } + newSize.height = + roundf((newSize.width - extraWidthPlusFrame) / aspectRatio + + extraHeightPlusFrame); } return newSize; @@ -721,6 +708,20 @@ bool NativeWindowMac::IsResizable() { return [window_ styleMask] & NSResizableWindowMask; } +void NativeWindowMac::SetAspectRatio(double aspect_ratio, + const gfx::Size& extra_size) { + NativeWindow::SetAspectRatio(aspect_ratio, extra_size); + + // We can't just pass the aspect ratio to Cocoa, since our API receives + // it as a float, and Cocoa expects an NSRect with explicit width & height + // arguments. Instead we derive those args ourselves from the given aspect + // ratio. + double width = roundf([window_ frame].size.height * aspect_ratio); + double height = roundf(width / aspect_ratio); + + [window_ setAspectRatio:NSMakeSize(width, height)]; +} + void NativeWindowMac::SetMovable(bool movable) { [window_ setMovable:movable]; } diff --git a/docs/api/app.md b/docs/api/app.md index f00b498d30..eddd4147db 100644 --- a/docs/api/app.md +++ b/docs/api/app.md @@ -443,16 +443,6 @@ Adds `tasks` to the [Tasks][tasks] category of the JumpList on Windows. consists of two or more icons, set this value to identify the icon. If an icon file consists of one icon, this value is 0. -### `app.allowNTLMCredentialsForAllDomains(allow)` - -* `allow` Boolean - -Dynamically sets whether to always send credentials for HTTP NTLM or Negotiate -authentication - normally, Electron will only send NTLM/Kerberos credentials for -URLs that fall under "Local Intranet" sites (i.e. are in the same domain as you). -However, this detection often fails when corporate networks are badly configured, -so this lets you co-opt this behavior and enable it for all URLs. - ### `app.makeSingleInstance(callback)` * `callback` Function diff --git a/docs/api/chrome-command-line-switches.md b/docs/api/chrome-command-line-switches.md index bd16c00b09..4fe6d136da 100644 --- a/docs/api/chrome-command-line-switches.md +++ b/docs/api/chrome-command-line-switches.md @@ -95,6 +95,24 @@ connection, and the endpoint host in a `SOCKS` proxy connection). Like `--host-rules` but these `rules` only apply to the host resolver. +## --auth-server-whitelist=`url` + +A comma-separated list of servers for which integrated authentication is enabled. + +For example: + +``` +--auth-server-whitelist='*example.com, *foobar.com, *baz' +``` + +then any `url` ending with `example.com`, `foobar.com`, `baz` will be considered +for integrated authentication. Without `*` prefix the url has to match exactly. + +## --auth-negotiate-delegate-whitelist=`url` + +A comma-separated list of servers for which delegation of user credentials is required. +Without `*` prefix the url has to match exactly. + ## --ignore-certificate-errors Ignores certificate related errors. diff --git a/docs/api/session.md b/docs/api/session.md index 33a53df584..2d950ddd47 100644 --- a/docs/api/session.md +++ b/docs/api/session.md @@ -323,6 +323,23 @@ session.fromPartition(partition).setPermissionRequestHandler((webContents, permi Clears the host resolver cache. +#### `ses.allowNTLMCredentialsForDomains(domains)` + +* `domains` String - A comma-seperated list of servers for which + integrated authentication is enabled. + +Dynamically sets whether to always send credentials for HTTP NTLM or Negotiate +authentication. + +```javascript +// consider any url ending with `example.com`, `foobar.com`, `baz` +// for integrated authentication. +session.defaultSession.allowNTLMCredentialsForDomains('*example.com, *foobar.com, *baz') + +// consider all urls for integrated authentication. +session.defaultSession.allowNTLMCredentialsForDomains('*') +``` + #### `ses.webRequest` The `webRequest` API set allows to intercept and modify contents of a request at diff --git a/lib/browser/api/app.js b/lib/browser/api/app.js index 66ee0ac1e4..f8a531626b 100644 --- a/lib/browser/api/app.js +++ b/lib/browser/api/app.js @@ -1,6 +1,6 @@ 'use strict' -const {Menu} = require('electron') +const {deprecate, Menu, session} = require('electron') const {EventEmitter} = require('events') const bindings = process.atomBinding('app') @@ -41,6 +41,18 @@ if (process.platform === 'darwin') { } } +app.allowNTLMCredentialsForAllDomains = function (allow) { + if (!process.noDeprecations) { + deprecate.warn('app.allowNTLMCredentialsForAllDomains', 'session.allowNTLMCredentialsForDomains') + } + let domains = allow ? '*' : '' + if (!this.isReady()) { + this.commandLine.appendSwitch('auth-server-whitelist', domains) + } else { + session.defaultSession.allowNTLMCredentialsForDomains(domains) + } +} + // Routes the events to webContents. const events = ['login', 'certificate-error', 'select-client-certificate'] for (let name of events) {