librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

update settings to v6.0

Browse source 
closes #149, #147, #150
This commit is contained in:
fabrizio 2022-03-09 14:25:28 +00:00
parent 50c28044f4
commit 0822d491d2
2 changed files with 58 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
docs/Changelog.md
View file

@ -1,10 +1,49 @@
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
# 5.5 # 6.0
**target commit**: **target commit**:
**base librewolf version**: 98.x
**References**:
- we are going to force history to custom mode and hide the UI for always on PB mode, a bunch of pointers are collected in [this MR](https://gitlab.com/librewolf-community/browser/source/-/merge_requests/21).
- [handlers prefs are deprecated](https://bugzilla.mozilla.org/show_bug.cgi?id=1733497).
- for OCSP see [this issue](https://gitlab.com/librewolf-community/settings/-/issues/150).
#### Added preferences
```
pref("privacy.history.custom", true);
pref("browser.privatebrowsing.autostart", false);
defaultPref("browser.preferences.moreFromMozilla", false); // hide about:preferences#moreFromMozilla
defaultPref("security.OCSP.require", true); // set to hard-fail
```
#### Removed preferences
```
/** [SECTION] HANDLERS
* remove the default handlers for several tipe of files and services.
*/
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.irc.0.name", "");
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
```
#### Changed preferences
```
defaultPref("security.OCSP.enabled", 1);
```
# 5.5
**target commit**: 0fc1ff53c99379d9d4625de65ea51287d57a0a3a
**base librewolf version**: 97.x **base librewolf version**: 97.x
**References**: **References**:

36
librewolf.cfg
View file

@ -6,7 +6,7 @@
* *
* WARNING: please make sure the first line of this file is empty. this is a known bug. * WARNING: please make sure the first line of this file is empty. this is a known bug.
*/ */
defaultPref("librewolf.cfg.version", "5.5"); defaultPref("librewolf.cfg.version", "6.0");
/** INDEX /** INDEX
@ -38,6 +38,7 @@ defaultPref("librewolf.cfg.version", "5.5");
* 5. dFPI specific cookie cleaning mechanism * 5. dFPI specific cookie cleaning mechanism
* *
* the desired category must be set with pref() otherwise it won't stick. * the desired category must be set with pref() otherwise it won't stick.
* the UI that allows to change mode manually is hidden.
*/ */
pref("browser.contentblocking.category", "strict"); pref("browser.contentblocking.category", "strict");
defaultPref("network.cookie.cookieBehavior", 5); // enforce dFPI defaultPref("network.cookie.cookieBehavior", 5); // enforce dFPI
@ -67,7 +68,12 @@ defaultPref("browser.shell.shortcutFavicons", false);
defaultPref("browser.pagethumbnails.capturing_disabled", true); defaultPref("browser.pagethumbnails.capturing_disabled", true);
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps
/** [SECTION] HISTORY AND SESSION RESTORE */ /** [SECTION] HISTORY AND SESSION RESTORE
* since we hide the UI for modes other than custom we want to reset it for
* everyone. same thing for always on PB mode.
*/
pref("privacy.history.custom", true);
pref("browser.privatebrowsing.autostart", false);
defaultPref("browser.formfill.enable", false); // disable form history defaultPref("browser.formfill.enable", false); // disable form history
defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms
defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves
@ -186,6 +192,7 @@ defaultPref("webgl.disabled", true);
/** [SECTION] SITE ISOLATION /** [SECTION] SITE ISOLATION
* https://wiki.mozilla.org/Project_Fission * https://wiki.mozilla.org/Project_Fission
* this has been rolled out and is now a default on most FF releases
*/ */
defaultPref("fission.autostart", true); defaultPref("fission.autostart", true);
@ -198,12 +205,15 @@ defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certific
defaultPref("security.ssl.require_safe_negotiation", true); defaultPref("security.ssl.require_safe_negotiation", true);
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
/** /**
* our strategy with revocation is to disable OCSP as it is slower and less privacy minded, and to use * our strategy with revocation is to perform all possible checks with CRL, but when a cert
* CRL instead, particularly the CRLite solution with no OCSP fallback. * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
* increase security.
* switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP.
*/ */
defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
defaultPref("security.remote_settings.crlite_filters.enabled", true); defaultPref("security.remote_settings.crlite_filters.enabled", true);
defaultPref("security.pki.crlite_mode", 2); // mode 2 means no fallback defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks
defaultPref("security.OCSP.enabled", 1); // default
defaultPref("security.OCSP.require", true); // set to hard-fail
/** [SECTION] TLS/SSL */ /** [SECTION] TLS/SSL */
lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
@ -425,18 +435,6 @@ defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-com
defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser"); defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser"); defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
/** [SECTION] HANDLERS
* remove the default handlers for several tipe of files and services.
*/
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.irc.0.name", "");
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
/** [SECTION] FIRST LAUNCH /** [SECTION] FIRST LAUNCH
* disable what's new and ui tour on first start and updates. the browser * disable what's new and ui tour on first start and updates. the browser
* should also not stress user about being the default one. * should also not stress user about being the default one.
@ -487,6 +485,8 @@ defaultPref("lightweightThemes.getMoreURL", ""); // disable button to get more t
defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button
// ...and about:config // ...and about:config
defaultPref("browser.aboutConfig.showWarning", false); defaultPref("browser.aboutConfig.showWarning", false);
// hide about:preferences#moreFromMozilla
defaultPref("browser.preferences.moreFromMozilla", false);
/** [SECTION] RECOMMENDED /** [SECTION] RECOMMENDED
* disable all "recommend as you browse" activity. * disable all "recommend as you browse" activity.