Merge branch 'cleanup' into 'master'

v7.1 See merge request librewolf-community/settings!47
2022-10-08 14:37:27 +00:00 · 2022-10-08 14:37:27 +00:00 · 839c9644b5
commit 839c9644b5
parent 1bdfd333e3 33e1ec1cb9
2 changed files with 62 additions and 47 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -1,9 +1,28 @@
 This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
 Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.

+# 7.1
+
+**target commit**: 
+
+**base librewolf version**: 
+
+**References**:
+
+- change most `lockPref()` to `pref()` or `defaultPref()`, see https://gitlab.com/librewolf-community/settings/-/issues/204;
+- offline autodetection is mature enough and it is used by some APIs;
+- if someone wants to get the mozilla extension for USB debugging, that's fine.
+
+#### Removed preferences
+```
+defaultPref("network.manage-offline-status", false);
+defaultPref("devtools.remote.adb.extensionURL", "");
+defaultPref("devtools.chrome.enabled", false); // default
+```
+
 # 7.0

-**target commit**:
+**target commit**: from ed9334d258d20830deafe1a02b87b0cea678236d to 1bdfd333e31c3d119c0bf5506a56b2026ead3583

 **base librewolf version**: 105.x

--- a/librewolf.cfg
+++ b/librewolf.cfg
@ -1,19 +1,19 @@

 /** LIBREWOLF SETTINGS
 * 
- * please take the time to read and understand, but also to customize the settings to find your own setup.
- * the answers to the most common questions are at this link https://librewolf.net/docs/faq/
+ * take the time to read and understand, but also to customize the settings to find your own setup.
+ * the answers to the most common questions can be found at https://librewolf.net/docs/faq/.
 * 
- * WARNING: please make sure the first line of this file is empty. this is a known bug.
+ * WARNING: make sure the first line of this file is empty. this is a known bug.
 */
-defaultPref("librewolf.cfg.version", "7.0");
+lockpref("librewolf.cfg.version", "7.1");


 /** INDEX
 * the file is organized in categories, and each one has a number of sections:
 * 
 * PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING]
- * NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, OFFLINE]
+ * NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS]
 * FINGERPRINTING [RFP, WEBGL]
 * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, SAFE BROWSING, OTHERS]
 * REGION [LOCATION, LANGUAGE]
@ -96,11 +96,11 @@ defaultPref("security.mixed_content.block_display_content", true); // block inse

 /** [SECTION] REFERERS
 * to enhance privacy but keep a certain level of usability we trim cross-origin
- * referers, instead of completely avoid sending them.
+ * referers to only send scheme, host and port, instead of completely avoid sending them.
 * as a general rule, the behavior of referes which are not cross-origin should not
 * be changed.
 */
-defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port
+defaultPref("network.http.referer.XOriginTrimmingPolicy", 2);

 /** [SECTION] WEBRTC
 * there's no point in disabling webrtc as mDNS protects the private IP on linux, osx and win10+.
@ -120,7 +120,7 @@ defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // for
 defaultPref("network.trr.confirmationNS", "skip"); // skip undesired doh test connection
 defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching
 /**
- * librewolf doesn't use DoH, but it can be enabled with the following prefs:
+ * librewolf does not use DoH, but it can be enabled with the following prefs:
 * pref("network.trr.mode", 2);
 * pref("network.trr.uri", "https://dns.quad9.net/dns-query");
 * 
@ -133,20 +133,15 @@ defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching
 */

 /** [SECTION] PREFETCHING AND SPECULATIVE CONNECTIONS
- * disable prefecthing for different things such as links, bookmarks and predictors.
+ * disable prefecthing for different things such as links, bookmarks and predictions.
 */
-lockPref("network.predictor.enabled", false);
-lockPref("network.prefetch-next", false);
-lockPref("network.http.speculative-parallel-limit", 0);
+pref("network.predictor.enabled", false);
+pref("network.prefetch-next", false);
+pref("network.http.speculative-parallel-limit", 0);
 defaultPref("browser.places.speculativeConnect.enabled", false);
 // disable speculative connections and domain guessing from the urlbar
 defaultPref("browser.urlbar.speculativeConnect.enabled", false);

-/** [SECTION] OFFLINE
- * let users set the browser as offline, without the browser trying to guess.
- */
-defaultPref("network.manage-offline-status", false);
-


 /** [CATEGORY] FINGERPRINTING */
@ -159,7 +154,7 @@ defaultPref("privacy.resistFingerprinting", true);
 // rfp related settings
 defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO
 defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
-defaultPref("browser.display.use_system_colors", false); // default except Windows
+defaultPref("browser.display.use_system_colors", false); // default, except Win
 /**
 * increase the size of new RFP windows for better usability, while still using a rounded value.
 * if the screen resolution is lower it will stretch to the biggest possible rounded value.
@ -179,7 +174,9 @@ defaultPref("webgl.disabled", true);
 /** [SECTION] CERTIFICATES */
 defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs
 /**
- * enable safe negotiation and show warning when it is not supported. might cause breakage.
+ * enable safe negotiation and show warning when it is not supported. might cause breakage
+ * if the the server does not support RFC 5746, in tha case SSL_ERROR_UNSAFE_NEGOTIATION
+ * will be shown.
 */
 defaultPref("security.ssl.require_safe_negotiation", true);
 defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
@ -191,18 +188,18 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
 * in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check.
 */
 defaultPref("security.remote_settings.crlite_filters.enabled", true);
-defaultPref("security.OCSP.require", true); // set to hard-fail
+defaultPref("security.OCSP.require", true); // set to hard-fail, might cause SEC_ERROR_OCSP_SERVER_ERROR

 /** [SECTION] TLS/SSL */
-lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
+pref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
 pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only by enforcing it with pref()
 // show relevant and advanced issues on warnings and error screens
 defaultPref("browser.ssl_override_behavior", 1);
 defaultPref("browser.xul.error_pages.expert_bad_cert", true);

 /** [SECTION] PERMISSIONS */
-lockPref("permissions.delegation.enabled", false); // force permission request to show real origin
-lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains
+pref("permissions.delegation.enabled", false); // force permission request to show real origin
+pref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains

 /** [SECTION] SAFE BROWSING
 * disable safe browsing, including the fetch of updates. reverting the 7 prefs below
@ -216,15 +213,16 @@ defaultPref("browser.safebrowsing.provider.google4.updateURL", "");
 defaultPref("browser.safebrowsing.provider.google.gethashURL", "");
 defaultPref("browser.safebrowsing.provider.google.updateURL", "");
 /**
- * disable safe browsing checks on downloads, both local and remote. the locked prefs
+ * disable safe browsing checks on downloads, both local and remote. the resetting prefs
 * control remote checks, while the first one is for local checks only.
 */
 defaultPref("browser.safebrowsing.downloads.enabled", false);
-lockPref("browser.safebrowsing.downloads.remote.enabled", false);
-lockPref("browser.safebrowsing.downloads.remote.url", "");
-lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
-lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); // empty for defense in depth
+pref("browser.safebrowsing.downloads.remote.enabled", false);
+pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
+pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
+ // empty for defense in depth
+pref("browser.safebrowsing.downloads.remote.url", "");
+pref("browser.safebrowsing.provider.google4.dataSharingURL", "");

 /** [SECTION] OTHERS */
 defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing
@ -238,9 +236,9 @@ defaultPref("pdfjs.enableScripting", false); // disable js scripting in the buil
 * replace google with mozilla as the default geolocation provide and prevent use of OS location services
 */
 defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
-lockPref("geo.provider.ms-windows-location", false); // [WINDOWS]
-lockPref("geo.provider.use_corelocation", false); // [MAC]
-lockPref("geo.provider.use_gpsd", false); // [LINUX]
+defaultPref("geo.provider.ms-windows-location", false); // [WINDOWS]
+defaultPref("geo.provider.use_corelocation", false); // [MAC]
+defaultPref("geo.provider.use_gpsd", false); // [LINUX]
 defaultPref("geo.provider.use_geoclue", false); // [LINUX]

 /** [SECTION] LANGUAGE
@ -250,8 +248,8 @@ defaultPref("geo.provider.use_geoclue", false); // [LINUX]
 pref("javascript.use_us_english_locale", true);
 pref("intl.accept_languages", "en-US, en");
 // disable region specific updates from mozilla
-lockPref("browser.region.network.url", "");
-lockPref("browser.region.update.enabled", false);
+pref("browser.region.network.url", "");
+pref("browser.region.update.enabled", false);



@ -289,7 +287,7 @@ defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar
 /** [SECTION] AUTOPLAY
 * block autoplay unless element is right-clicked. this means background videos, videos in a different tab,
 * or media opened while other media is played will not start automatically.
- * thumbnails will not autoplay unless hovered. exceptions can be set.
+ * thumbnails will not autoplay unless hovered. exceptions can be set from the UI.
 */
 defaultPref("media.autoplay.default", 5);

@ -370,16 +368,14 @@ defaultPref("privacy.userContext.enabled", true);
 defaultPref("privacy.userContext.ui.enabled", true);

 /** [SECTION] DEVTOOLS
- * disable chrome and remote debugging.
+ * disable remote debugging.
 */
-defaultPref("devtools.chrome.enabled", false);
-defaultPref("devtools.debugger.remote-enabled", false); // default
-defaultPref("devtools.remote.adb.extensionURL", "");
+pref("devtools.debugger.remote-enabled", false); // default, but subject to branding so keep it
 defaultPref("devtools.selfxss.count", 0); // required for devtools console to work

 /** [SECTION] OTHERS */
-lockPref("browser.translation.engine", ""); // remove translation engine
-defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels
+pref("browser.translation.engine", ""); // remove translation engine
+pref("webchannel.allowObject.urlWhitelist", ""); // remove web channel whitelist
 defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)


@ -495,12 +491,12 @@ lockPref("browser.discovery.sites", "");
 lockPref("browser.tabs.crashReporting.sendReport", false);
 lockPref("breakpad.reportURL", "");
 // disable connectivity checks
-lockPref("network.connectivity-service.enabled", false);
+pref("network.connectivity-service.enabled", false);
 // disable captive portal
-lockPref("network.captive-portal-service.enabled", false);
-lockPref("captivedetect.canonicalURL", "");
+pref("network.captive-portal-service.enabled", false);
+pref("captivedetect.canonicalURL", "");
 // prevent sending server side analytics
-lockPref("beacon.enabled", false);
+pref("beacon.enabled", false);

 /** [CATEGORY] WINDOWS
 * the prefs in this section only apply to windows installations and they don't have any
@ -516,7 +512,7 @@ defaultPref("app.update.background.scheduling.enabled", false);
 /** [SECTION] OTHERS */
 lockPref("default-browser-agent.enabled", false); // disable windows specific telemetry
 defaultPref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store
-lockPref("toolkit.winRegisterApplicationRestart", false); // disable automatic start and session restore after reboot
+pref("toolkit.winRegisterApplicationRestart", false); // disable automatic start and session restore after reboot
 lockPref("security.family_safety.mode", 0); // disable win8.1 family safety cert