From 1bdfd333e31c3d119c0bf5506a56b2026ead3583 Mon Sep 17 00:00:00 2001 From: fxbrit <8320298-fxbrit@users.noreply.gitlab.com> Date: Wed, 5 Oct 2022 11:17:56 +0200 Subject: [PATCH] change autoplay policy, allow svg opentype fonts --- docs/Changelog.md | 10 +++++++--- librewolf.cfg | 13 +++++-------- 2 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 7b499e2..4600604 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,10 +10,12 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl **References**: - [enable APS](https://github.com/arkenfox/user.js/issues/1530#issuecomment-1242850653); -- trim unnecessary or default NTP prefs, tidy existing ones; +- trim unnecessary or default NTP prefs, then tidy existing ones; - stick to default session restore interval for writes; - remove a bunch of default prefs that have been that way for the longest; -- offer accessibility by default. +- offer accessibility by default; +- remove hardcore svg security pref since CVEs are very old and irrelevant, see [this discussion](https://github.com/arkenfox/user.js/issues/1529); +- improve [autoplay behavior](https://gitlab.com/librewolf-community/settings/-/issues/213). #### Added preferences ``` @@ -37,11 +39,13 @@ lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default defaultPref("network.http.referer.XOriginPolicy", 0); // default lockPref("browser.safebrowsing.passwords.enabled", false); // default lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // default +defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts +defaultPref("media.autoplay.blocking_policy", 2); ``` # 6.9 -**target commit**: +**target commit**: 49a705f835e1438372fbdf1a779fbc5846212a68 **base librewolf version**: 104.x diff --git a/librewolf.cfg b/librewolf.cfg index a99f6ac..7c03b95 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -15,7 +15,7 @@ defaultPref("librewolf.cfg.version", "7.0"); * PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING] * NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, OFFLINE] * FINGERPRINTING [RFP, WEBGL] - * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, FONTS, SAFE BROWSING, OTHERS] + * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, SAFE BROWSING, OTHERS] * REGION [LOCATION, LANGUAGE] * BEHAVIOR [DRM, SEARCH AND URLBAR, DOWNLOADS, AUTOPLAY, POP-UPS AND WINDOWS, MOUSE] * EXTENSIONS [USER INSTALLED, SYSTEM, EXTENSION FIREWALL] @@ -204,9 +204,6 @@ defaultPref("browser.xul.error_pages.expert_bad_cert", true); lockPref("permissions.delegation.enabled", false); // force permission request to show real origin lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains -/** [SECTION] FONTS */ -defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts - /** [SECTION] SAFE BROWSING * disable safe browsing, including the fetch of updates. reverting the 7 prefs below * allows to perform local checks and to fetch updated lists from google. @@ -290,10 +287,10 @@ defaultPref("browser.download.manager.addToRecentDocs", false); // do not add do defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction /** [SECTION] AUTOPLAY - * block autoplay unless element is clicked, and apply the policy to all elements - * including muted ones. + * block autoplay unless element is right-clicked. this means background videos, videos in a different tab, + * or media opened while other media is played will not start automatically. + * thumbnails will not autoplay unless hovered. exceptions can be set. */ -defaultPref("media.autoplay.blocking_policy", 2); defaultPref("media.autoplay.default", 5); /** [SECTION] POP-UPS AND WINDOWS @@ -376,7 +373,7 @@ defaultPref("privacy.userContext.ui.enabled", true); * disable chrome and remote debugging. */ defaultPref("devtools.chrome.enabled", false); -defaultPref("devtools.debugger.remote-enabled", false); +defaultPref("devtools.debugger.remote-enabled", false); // default defaultPref("devtools.remote.adb.extensionURL", ""); defaultPref("devtools.selfxss.count", 0); // required for devtools console to work