librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Merge branch 'v102'

Browse source
This commit is contained in:
ohfp 2022-07-01 16:52:10 +02:00
commit 6e2e56e079
2 changed files with 30 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
docs/Changelog.md
View file

@ -1,10 +1,35 @@
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
# 6.5 # 6.6
**target commit**: **target commit**:
**base librewolf version**: 102.x
**References**:
- sha1 certificates: https://bugzilla.mozilla.org/1767489 and https://bugzilla.mozilla.org/1766687.
- trimming only applies to http websites so it's very minimal.
- crlite: https://bugzilla.mozilla.org/show_bug.cgi?id=1773371, we can stick to default 3 till v103, then the value will be changed to 2 which is the best possible if mozilla feels like it's ready usability wise.
- add more entries to the native query stripping list, to [get in line with brave](https://github.com/brave/brave-core/blob/master/browser/net/brave_site_hacks_network_delegate_helper.cc).
#### Removed preferences
```
defaultPref("security.pki.sha1_enforcement_level", 1); // default
defaultPref("browser.urlbar.trimURLs", false);
defaultPref("security.pki.crlite_mode", 3); // default
defaultPref("security.OCSP.enabled", 1); // default
```
#### Changed preferences
```
defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
```
# 6.5
**target commit**: b10dcbdd84e63787c4f2f6d34d41724b437df5be
**base librewolf version**: 101.x **base librewolf version**: 101.x
**References**: **References**:
@ -12,7 +37,6 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
- session cookie prefs are useless given that we sanitize on close, [more details at arkenfox](https://github.com/arkenfox/user.js/pull/1443/commits/3207478033fefc19e933dab4eef6445125341ec4). - session cookie prefs are useless given that we sanitize on close, [more details at arkenfox](https://github.com/arkenfox/user.js/pull/1443/commits/3207478033fefc19e933dab4eef6445125341ec4).
- fission has been a default for the longest now. - fission has been a default for the longest now.
#### Removed preferences #### Removed preferences
``` ```
defaultPref("privacy.query_stripping.enabled", true); defaultPref("privacy.query_stripping.enabled", true);

12
librewolf.cfg
View file

@ -6,7 +6,7 @@
* *
* WARNING: please make sure the first line of this file is empty. this is a known bug. * WARNING: please make sure the first line of this file is empty. this is a known bug.
*/ */
defaultPref("librewolf.cfg.version", "6.5"); defaultPref("librewolf.cfg.version", "6.6");
/** INDEX /** INDEX
@ -80,7 +80,7 @@ defaultPref("browser.sessionstore.interval", 60000); // increase time between se
* currently we set the same query stripping list that brave uses: * currently we set the same query stripping list that brave uses:
* https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29 * https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29
*/ */
defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
/** /**
* librewolf specific pref that allows to include the query stripping lists in uBO by default. * librewolf specific pref that allows to include the query stripping lists in uBO by default.
* the asset file is fetched every 7 days. * the asset file is fetched every 7 days.
@ -188,7 +188,6 @@ defaultPref("webgl.disabled", true);
/** [SECTION] CERTIFICATES */ /** [SECTION] CERTIFICATES */
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
/** /**
* enable safe negotiation and show warning when it is not supported. might cause breakage. * enable safe negotiation and show warning when it is not supported. might cause breakage.
*/ */
@ -199,10 +198,9 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
* cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
* increase security. * increase security.
* crlite is in mode 3 by default, which allows us to detect false positive with OCSP. * crlite is in mode 3 by default, which allows us to detect false positive with OCSP.
* in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check.
*/ */
defaultPref("security.remote_settings.crlite_filters.enabled", true); defaultPref("security.remote_settings.crlite_filters.enabled", true);
defaultPref("security.pki.crlite_mode", 3); // default
defaultPref("security.OCSP.enabled", 1); // default
defaultPref("security.OCSP.require", true); // set to hard-fail defaultPref("security.OCSP.require", true); // set to hard-fail
/** [SECTION] TLS/SSL */ /** [SECTION] TLS/SSL */
@ -282,13 +280,11 @@ defaultPref("media.gmp-provider.enabled", false);
defaultPref("media.gmp-gmpopenh264.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false);
/** [SECTION] SEARCH AND URLBAR /** [SECTION] SEARCH AND URLBAR
* disable search suggestion and do not update opensearch engines. urls should also be * disable search suggestion and do not update opensearch engines.
* displayed in full instead of trimming them.
*/ */
defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.urlbar.suggest.searches", false);
defaultPref("browser.search.suggest.enabled", false); defaultPref("browser.search.suggest.enabled", false);
defaultPref("browser.search.update", false); defaultPref("browser.search.update", false);
defaultPref("browser.urlbar.trimURLs", false);
/** /**
* the pref disables the whole feature and hide it from the ui * the pref disables the whole feature and hide it from the ui
* (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057). * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).