librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

update settings for next release

Browse source
This commit is contained in:
fabrizio 2021-12-07 11:26:47 +00:00
parent 1d1403fd55
commit 9003f029f8
2 changed files with 60 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
docs/Changelog.md
View file

@ -1,6 +1,42 @@
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
## 4.0
**target commit**:
**base librewolf version**: 95.x
**References**:
- [review webrtc](https://gitlab.com/librewolf-community/settings/-/issues/108).
- [stop disabling geo api](https://gitlab.com/librewolf-community/settings/-/issues/102).
- [deprecate RFP dark mode](https://gitlab.com/librewolf-community/browser/common/-/issues/56).
- `offlineApps` change in 3.1 did not respect exceptions, so revert it.
- uncomment prefs to enable CRL without OCSP fallback, although they will fully work only when [this issue is closed](https://gitlab.com/librewolf-community/browser/common/-/issues/57).
- we decided to force a larger new window size by default, to improve usability for RFP users while still keeping a rounded value. see [this comment](https://gitlab.com/librewolf-community/settings/-/issues/104#note_752186737).
#### Added preferences
```
defaultPref("privacy.window.maxInnerWidth", 1600);
defaultPref("privacy.window.maxInnerHeight", 900);
```
#### Removed preferences
```
defaultPref("media.peerconnection.enabled", false);
lockPref("privacy.override_rfp_for_color_scheme", false);
defaultPref("geo.enabled", false);
defaultPref("permissions.default.geo", 2);
defaultPref("privacy.clearOnShutdown.offlineApps", true);
defaultPref("privacy.cpd.offlineApps", true);
```
#### Changed preferences
```
defaultPref("security.remote_settings.crlite_filters.enabled", true);
defaultPref("security.pki.crlite_mode", 2);
```
## 3.2 ## 3.2
**target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01 **target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01
@ -396,4 +432,5 @@ lockPref("privacy.override_rfp_for_color_scheme", false);
**base librewolf version**: 89.x **base librewolf version**: 89.x
This is the initial release from which we start tagging and versioning settings. This is the initial release from which we start tagging and versioning settings. For previous changes see
[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).

45
librewolf.cfg
View file

@ -9,7 +9,7 @@
*/ */
defaultPref("librewolf.cfg.version", "3.2"); defaultPref("librewolf.cfg.version", "4.0");
// ------------------------------- // -------------------------------
// # SANITIZING, TP, SESSIONS // # SANITIZING, TP, SESSIONS
@ -26,7 +26,7 @@ defaultPref("librewolf.cfg.version", "3.2");
pref("browser.contentblocking.category", "strict"); pref("browser.contentblocking.category", "strict");
defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce
defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, the clear defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear
// make third party and http cookies session-only // make third party and http cookies session-only
defaultPref("network.cookie.thirdparty.sessionOnly", true); defaultPref("network.cookie.thirdparty.sessionOnly", true);
@ -34,13 +34,10 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
/** /**
this way of sanitizing cookies would override the exceptions set by the users and just delete everything, this way of sanitizing cookies would override the exceptions set by the users and just delete everything,
we disable it but cookies are still cleared per session unless exceptions are set. we disable it but cookies and site data are still cleared per session unless exceptions are set.
all the cleaning prefs are set to true except for siteSetting and offlineApps. all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want.
siteSettings shouldn't be cleared as it stores exceptions set by users.
*/ */
defaultPref("privacy.clearOnShutdown.cookies", false); defaultPref("privacy.clearOnShutdown.cookies", false);
defaultPref("privacy.clearOnShutdown.offlineApps", true);
defaultPref("privacy.cpd.offlineApps", true);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("privacy.sanitize.timeSpan", 0); defaultPref("privacy.sanitize.timeSpan", 0);
@ -131,13 +128,14 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page
// # MEDIA // # MEDIA
// ---------------------- // ----------------------
// disable webrtc /**
defaultPref("media.peerconnection.enabled", false); // master switch * limit potential private IP leaks for webrtc users.
* mDNS protects the value on linux, osx and win10+.
// limit potential IP leaks for webrtc users * these prefs protect the value when allowing mic and camera access, and for win7/8.x.
defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates * */
defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used
// autoplay // autoplay
defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
@ -156,8 +154,12 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced
defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default
// librewolf specifc pref that prevents rfp from forcing light theme, review /**
lockPref("privacy.override_rfp_for_color_scheme", false); * increase the size of new RFP windows for better usability, while still using a rounded value.
* if the screen resolution is lower it will stretch to the biggest possible rounded value.
* */
defaultPref("privacy.window.maxInnerWidth", 1600);
defaultPref("privacy.window.maxInnerHeight", 900);
defaultPref("webgl.disabled", true); // master switch, disable webgl defaultPref("webgl.disabled", true); // master switch, disable webgl
@ -170,11 +172,11 @@ defaultPref("fission.autostart", true); // enable fission by default
// certificates // certificates
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
// crl with no OCSP fallback. commented for now but review // crl with no ocsp fallback
// defaultPref("security.remote_settings.crlite_filters.enabled", true); defaultPref("security.remote_settings.crlite_filters.enabled", true);
// defaultPref("security.pki.crlite_mode", 2); defaultPref("security.pki.crlite_mode", 2);
// safe negotiation // safe negotiation
defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage
@ -236,9 +238,6 @@ defaultPref("media.gmp-gmpopenh264.enabled", false);
// # LOCATION, LANGUAGE AND REGION // # LOCATION, LANGUAGE AND REGION
// --------------------------------------------- // ---------------------------------------------
defaultPref("geo.enabled", false); // block geo api, behind a prompt so review
defaultPref("permissions.default.geo", 2); // review as well
// use mozilla geo service as deault // use mozilla geo service as deault
defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");