Issue #1275 - Add pref to disable warning prompts for SuperfluousAuth

and AutomaticAuth, and default to not prompting.

This resolves #1275.

modules/libpref/init/all.js

@@ -2006,6 +2006,12 @@ pref("network.auth.subresource-http-auth-allow", 2);
 // does not have any effect.
 pref("network.auth.subresource-http-img-XO-auth", false);
 
+// Whether or not to show anti-spoof confirmation prompts when navigating to a
+// URL with user info.
+// true - display extra confirmation prompt ("You are about to log in to...")
+// false - do not display extra confirmation prompt (default)
+pref("network.auth.confirmAuth.enabled", false);
+
 // This preference controls whether to allow sending default credentials (SSO) to
 // NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them
 // in a Private Browsing window.

netwerk/protocol/http/nsHttpChannelAuthProvider.cpp

@@ -96,6 +96,7 @@ uint32_t nsHttpChannelAuthProvider::sAuthAllowPref =
     SUBRESOURCE_AUTH_DIALOG_ALLOW_ALL;
 
 bool nsHttpChannelAuthProvider::sImgCrossOriginAuthAllowPref = false;
+bool nsHttpChannelAuthProvider::sConfirmAuthPref = false;
 
 void
 nsHttpChannelAuthProvider::InitializePrefs()
@@ -107,6 +108,9 @@ nsHttpChannelAuthProvider::InitializePrefs()
   mozilla::Preferences::AddBoolVarCache(&sImgCrossOriginAuthAllowPref,
                                         "network.auth.subresource-http-img-XO-auth",
                                         false);
+  mozilla::Preferences::AddBoolVarCache(&sConfirmAuthPref,
+                                        "network.auth.confirmAuth.enabled",
+                                        false);
 }
 
 NS_IMETHODIMP
@@ -1450,10 +1454,15 @@ nsHttpChannelAuthProvider::ConfirmAuth(const nsString &bundleKey,
                                        bool            doYesNoPrompt)
 {
     // skip prompting the user if
-    //   1) we've already prompted the user
-    //   2) we're not a toplevel channel
-    //   3) the userpass length is less than the "phishy" threshold
+    //   1) prompts are disabled by preference
+    //   2) we've already prompted the user
+    //   3) we're not a toplevel channel
+    //   4) the userpass length is less than the "phishy" threshold
 
+    if (!sConfirmAuthPref) {
+      return true;
+    }
+    
     uint32_t loadFlags;
     nsresult rv = mAuthChannel->GetLoadFlags(&loadFlags);
     if (NS_FAILED(rv))

netwerk/protocol/http/nsHttpChannelAuthProvider.h

@@ -185,6 +185,9 @@ private:
     static uint32_t                   sAuthAllowPref;
     static bool                       sImgCrossOriginAuthAllowPref;
     nsCOMPtr<nsICancelable>           mGenerateCredentialsCancelable;
+    
+    // Variable holding the preference for anti-spoof auth confirmation prompts.
+    static bool                       sConfirmAuthPref;
 };
 
 } // namespace net