Merge branch 'v105' into 'master'

v105 See merge request librewolf-community/settings!46
2022-10-05 09:18:30 +00:00 · 2022-10-05 09:18:30 +00:00 · b08da09294
commit b08da09294
parent 49a705f835 1bdfd333e3
2 changed files with 61 additions and 31 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -1,10 +1,52 @@
 This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
 Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
-# 6.9
+# 7.0
 **target commit**:
 **base librewolf version**: 105.x
 **References**:
 - [enable APS](https://github.com/arkenfox/user.js/issues/1530#issuecomment-1242850653);
 - trim unnecessary or default NTP prefs, then tidy existing ones;
 - stick to default session restore interval for writes;
 - remove a bunch of default prefs that have been that way for the longest;
 - offer accessibility by default;
 - remove hardcore svg security pref since CVEs are very old and irrelevant, see [this discussion](https://github.com/arkenfox/user.js/issues/1529);
 - improve [autoplay behavior](https://gitlab.com/librewolf-community/settings/-/issues/213).
 #### Added preferences
 ```
 defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
 defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);
 ```
 #### Removed preferences
 ```
 defaultPref("browser.newtab.preload", false);
 lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
 lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
 lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // default
 lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false);
 defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves
 defaultPref("network.http.windows-sso.enabled", false); // default
 defaultPref("privacy.partition.serviceWorkers", true); // default v105+
 defaultPref("accessibility.force_disabled", 1); // block accessibility services
 lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // default
 lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
 defaultPref("network.http.referer.XOriginPolicy", 0); // default
 lockPref("browser.safebrowsing.passwords.enabled", false); // default
 lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // default
 defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts
 defaultPref("media.autoplay.blocking_policy", 2);
 ```
 # 6.9
 **target commit**: 49a705f835e1438372fbdf1a779fbc5846212a68
 **base librewolf version**: 104.x
 **References**:
--- a/librewolf.cfg
+++ b/librewolf.cfg
@ -6,7 +6,7 @@
 * 
 * WARNING: please make sure the first line of this file is empty. this is a known bug.
 */
-defaultPref("librewolf.cfg.version", "6.9");
+defaultPref("librewolf.cfg.version", "7.0");
 /** INDEX
@ -15,7 +15,7 @@ defaultPref("librewolf.cfg.version", "6.9");
 * PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING]
 * NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, OFFLINE]
 * FINGERPRINTING [RFP, WEBGL]
- * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, FONTS, SAFE BROWSING, OTHERS]
+ * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, SAFE BROWSING, OTHERS]
 * REGION [LOCATION, LANGUAGE]
 * BEHAVIOR [DRM, SEARCH AND URLBAR, DOWNLOADS, AUTOPLAY, POP-UPS AND WINDOWS, MOUSE]
 * EXTENSIONS [USER INSTALLED, SYSTEM, EXTENSION FIREWALL]
@ -42,7 +42,9 @@ defaultPref("librewolf.cfg.version", "6.9");
 * the UI that allows to change mode manually is hidden.
 */
 pref("browser.contentblocking.category", "strict");
-defaultPref("privacy.partition.serviceWorkers", true); // isolate service workers, default v105+
+// enable APS
 defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage", true);
 defaultPref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false);  
 /** [SECTION] SANITIZING 
 * all the cleaning prefs true by default except for siteSetting and offlineApps,
@ -71,7 +73,6 @@ pref("privacy.history.custom", true);
 pref("browser.privatebrowsing.autostart", false);
 defaultPref("browser.formfill.enable", false); // disable form history
 defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms
 defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves
 /** [SECTION] QUERY STRIPPING
 * currently we set the same query stripping list that brave uses:
@ -99,7 +100,6 @@ defaultPref("security.mixed_content.block_display_content", true); // block inse
 * as a general rule, the behavior of referes which are not cross-origin should not
 * be changed.
 */
 defaultPref("network.http.referer.XOriginPolicy", 0); // default, might be worth changing to 2 to stop sending them completely
 defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); // trim referer to only send scheme, host and port
 /** [SECTION] WEBRTC
@ -159,7 +159,7 @@ defaultPref("privacy.resistFingerprinting", true);
 // rfp related settings
 defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prevents rfp from breaking AMO
 defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
-defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP
+defaultPref("browser.display.use_system_colors", false); // default except Windows
 /**
 * increase the size of new RFP windows for better usability, while still using a rounded value.
 * if the screen resolution is lower it will stretch to the biggest possible rounded value.
@ -204,9 +204,6 @@ defaultPref("browser.xul.error_pages.expert_bad_cert", true);
 lockPref("permissions.delegation.enabled", false); // force permission request to show real origin
 lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains
 /** [SECTION] FONTS */
 defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts
 /** [SECTION] SAFE BROWSING
 * disable safe browsing, including the fetch of updates. reverting the 7 prefs below
 * allows to perform local checks and to fetch updated lists from google.
@ -227,10 +224,7 @@ lockPref("browser.safebrowsing.downloads.remote.enabled", false);
 lockPref("browser.safebrowsing.downloads.remote.url", "");
 lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
 lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
-// other safe browsing options, all default but enforce
+lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); // empty for defense in depth
 lockPref("browser.safebrowsing.passwords.enabled", false);
 lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
 lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 /** [SECTION] OTHERS */
 defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing
@ -293,10 +287,10 @@ defaultPref("browser.download.manager.addToRecentDocs", false); // do not add do
 defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction
 /** [SECTION] AUTOPLAY
- * block autoplay unless element is clicked, and apply the policy to all elements
+ * block autoplay unless element is right-clicked. this means background videos, videos in a different tab,
- * including muted ones.
+ * or media opened while other media is played will not start automatically.
 * thumbnails will not autoplay unless hovered. exceptions can be set.
 */
 defaultPref("media.autoplay.blocking_policy", 2);
 defaultPref("media.autoplay.default", 5);
 /** [SECTION] POP-UPS AND WINDOWS
@ -379,13 +373,12 @@ defaultPref("privacy.userContext.ui.enabled", true);
 * disable chrome and remote debugging.
 */
 defaultPref("devtools.chrome.enabled", false);
-defaultPref("devtools.debugger.remote-enabled", false);
+defaultPref("devtools.debugger.remote-enabled", false); // default
 defaultPref("devtools.remote.adb.extensionURL", "");
 defaultPref("devtools.selfxss.count", 0); // required for devtools console to work
 /** [SECTION] OTHERS */
 lockPref("browser.translation.engine", ""); // remove translation engine
 defaultPref("accessibility.force_disabled", 1); // block accessibility services
 defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels
 defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
@ -419,24 +412,22 @@ lockPref("browser.uitour.url", "");
 defaultPref("browser.shell.checkDefaultBrowser", false);
 /** [SECTION] NEW TAB PAGE
- * we want the new tab page to display nothing but the search bar without anything distracting.
+ * we want NTP to display nothing but the search bar without anything distracting.
 * the three prefs below are just for minimalism and they should be easy to revert for users.
 */
 defaultPref("browser.newtab.preload", false);
 defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false);
 defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false);
 defaultPref("browser.newtabpage.activity-stream.feeds.topsites", false);
-// hide pocket and sponsored content, from new tab page and search bar
+// hide stories and sponsored content from Firefox Home
 lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
 lockPref("browser.newtabpage.activity-stream.feeds.system.topstories", false);
 lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}"); // hide buggy pocket section from about:preferences#home
 lockPref("browser.newtabpage.activity-stream.showSponsored", false);
 lockPref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
 // disable telemetry in Firefox Home
 lockPref("browser.newtabpage.activity-stream.feeds.telemetry", false);
 lockPref("browser.newtabpage.activity-stream.telemetry", false);
 // hide stories UI in about:preferences#home, empty highlights list
 lockPref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "{\"hidden\":true}");
 lockPref("browser.newtabpage.activity-stream.default.sites", "");
 lockPref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
 lockPref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
 lockPref("browser.newtabpage.activity-stream.feeds.snippets", false); // default
 /** [SECTION] ABOUT
 * remove annoying ui elements from the about pages, including about:protections
@ -479,9 +470,7 @@ lockPref("toolkit.telemetry.newProfilePing.enabled", false);
 lockPref("toolkit.telemetry.updatePing.enabled", false);
 lockPref("toolkit.telemetry.firstShutdownPing.enabled", false);
 lockPref("toolkit.telemetry.shutdownPingSender.enabled", false);
 lockPref("toolkit.telemetry.shutdownPingSender.enabledFirstSession", false); // default
 lockPref("toolkit.telemetry.bhrPing.enabled", false);
 lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
 lockPref("toolkit.telemetry.cachedClientID", "");
 lockPref("toolkit.telemetry.previousBuildID", "");
 lockPref("toolkit.telemetry.server_owner", "");
@ -529,7 +518,6 @@ lockPref("default-browser-agent.enabled", false); // disable windows specific te
 defaultPref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store
 lockPref("toolkit.winRegisterApplicationRestart", false); // disable automatic start and session restore after reboot
 lockPref("security.family_safety.mode", 0); // disable win8.1 family safety cert
 defaultPref("network.http.windows-sso.enabled", false); // disable MS auto authentication via sso