From 9003f029f8fe087cde5bb081d51ab82340948874 Mon Sep 17 00:00:00 2001 From: fabrizio Date: Tue, 7 Dec 2021 11:26:47 +0000 Subject: [PATCH] update settings for next release --- docs/Changelog.md | 39 ++++++++++++++++++++++++++++++++++++++- librewolf.cfg | 45 ++++++++++++++++++++++----------------------- 2 files changed, 60 insertions(+), 24 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 37d6b34..081c994 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1,6 +1,42 @@ This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. +## 4.0 + +**target commit**: + +**base librewolf version**: 95.x + +**References**: +- [review webrtc](https://gitlab.com/librewolf-community/settings/-/issues/108). +- [stop disabling geo api](https://gitlab.com/librewolf-community/settings/-/issues/102). +- [deprecate RFP dark mode](https://gitlab.com/librewolf-community/browser/common/-/issues/56). +- `offlineApps` change in 3.1 did not respect exceptions, so revert it. +- uncomment prefs to enable CRL without OCSP fallback, although they will fully work only when [this issue is closed](https://gitlab.com/librewolf-community/browser/common/-/issues/57). +- we decided to force a larger new window size by default, to improve usability for RFP users while still keeping a rounded value. see [this comment](https://gitlab.com/librewolf-community/settings/-/issues/104#note_752186737). + +#### Added preferences +``` +defaultPref("privacy.window.maxInnerWidth", 1600); +defaultPref("privacy.window.maxInnerHeight", 900); +``` + +#### Removed preferences +``` +defaultPref("media.peerconnection.enabled", false); +lockPref("privacy.override_rfp_for_color_scheme", false); +defaultPref("geo.enabled", false); +defaultPref("permissions.default.geo", 2); +defaultPref("privacy.clearOnShutdown.offlineApps", true); +defaultPref("privacy.cpd.offlineApps", true); +``` + +#### Changed preferences +``` +defaultPref("security.remote_settings.crlite_filters.enabled", true); +defaultPref("security.pki.crlite_mode", 2); +``` + ## 3.2 **target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01 @@ -396,4 +432,5 @@ lockPref("privacy.override_rfp_for_color_scheme", false); **base librewolf version**: 89.x -This is the initial release from which we start tagging and versioning settings. +This is the initial release from which we start tagging and versioning settings. For previous changes see +[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md). \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index ab4ca03..56918a7 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -9,7 +9,7 @@ */ -defaultPref("librewolf.cfg.version", "3.2"); +defaultPref("librewolf.cfg.version", "4.0"); // ------------------------------- // # SANITIZING, TP, SESSIONS @@ -26,7 +26,7 @@ defaultPref("librewolf.cfg.version", "3.2"); pref("browser.contentblocking.category", "strict"); defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce -defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, the clear +defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear // make third party and http cookies session-only defaultPref("network.cookie.thirdparty.sessionOnly", true); @@ -34,13 +34,10 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true); /** this way of sanitizing cookies would override the exceptions set by the users and just delete everything, - we disable it but cookies are still cleared per session unless exceptions are set. - all the cleaning prefs are set to true except for siteSetting and offlineApps. - siteSettings shouldn't be cleared as it stores exceptions set by users. + we disable it but cookies and site data are still cleared per session unless exceptions are set. + all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want. */ defaultPref("privacy.clearOnShutdown.cookies", false); -defaultPref("privacy.clearOnShutdown.offlineApps", true); -defaultPref("privacy.cpd.offlineApps", true); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("privacy.sanitize.timeSpan", 0); @@ -131,13 +128,14 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page // # MEDIA // ---------------------- -// disable webrtc -defaultPref("media.peerconnection.enabled", false); // master switch - -// limit potential IP leaks for webrtc users -defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates -defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users +/** + * limit potential private IP leaks for webrtc users. + * mDNS protects the value on linux, osx and win10+. + * these prefs protect the value when allowing mic and camera access, and for win7/8.x. + * */ +defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate +defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used // autoplay defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked @@ -156,8 +154,12 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default -// librewolf specifc pref that prevents rfp from forcing light theme, review -lockPref("privacy.override_rfp_for_color_scheme", false); +/** + * increase the size of new RFP windows for better usability, while still using a rounded value. + * if the screen resolution is lower it will stretch to the biggest possible rounded value. + * */ +defaultPref("privacy.window.maxInnerWidth", 1600); +defaultPref("privacy.window.maxInnerHeight", 900); defaultPref("webgl.disabled", true); // master switch, disable webgl @@ -170,11 +172,11 @@ defaultPref("fission.autostart", true); // enable fission by default // certificates defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates -defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching +defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching -// crl with no OCSP fallback. commented for now but review -// defaultPref("security.remote_settings.crlite_filters.enabled", true); -// defaultPref("security.pki.crlite_mode", 2); +// crl with no ocsp fallback +defaultPref("security.remote_settings.crlite_filters.enabled", true); +defaultPref("security.pki.crlite_mode", 2); // safe negotiation defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage @@ -236,9 +238,6 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // # LOCATION, LANGUAGE AND REGION // --------------------------------------------- -defaultPref("geo.enabled", false); // block geo api, behind a prompt so review -defaultPref("permissions.default.geo", 2); // review as well - // use mozilla geo service as deault defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");