Merge branch 'pre-v95' into 'master'

update settings for next release

See merge request librewolf-community/settings!24

docs/Changelog.md

@@ -1,6 +1,42 @@
 This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
 Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
 
+## 4.0
+
+**target commit**:
+
+**base librewolf version**: 95.x
+
+**References**:
+- [review webrtc](https://gitlab.com/librewolf-community/settings/-/issues/108).
+- [stop disabling geo api](https://gitlab.com/librewolf-community/settings/-/issues/102).
+- [deprecate RFP dark mode](https://gitlab.com/librewolf-community/browser/common/-/issues/56).
+- `offlineApps` change in 3.1 did not respect exceptions, so revert it.
+- uncomment prefs to enable CRL without OCSP fallback, although they will fully work only when [this issue is closed](https://gitlab.com/librewolf-community/browser/common/-/issues/57).
+- we decided to force a larger new window size by default, to improve usability for RFP users while still keeping a rounded value. see [this comment](https://gitlab.com/librewolf-community/settings/-/issues/104#note_752186737).
+
+#### Added preferences
+```
+defaultPref("privacy.window.maxInnerWidth", 1600);
+defaultPref("privacy.window.maxInnerHeight", 900);
+```
+
+#### Removed preferences
+```
+defaultPref("media.peerconnection.enabled", false);
+lockPref("privacy.override_rfp_for_color_scheme", false);
+defaultPref("geo.enabled", false);
+defaultPref("permissions.default.geo", 2);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
+defaultPref("privacy.cpd.offlineApps", true);
+```
+
+#### Changed preferences
+```
+defaultPref("security.remote_settings.crlite_filters.enabled", true);
+defaultPref("security.pki.crlite_mode", 2);
+```
+
 ## 3.2
 
 **target commit**: 19e59813ed483de7ffc8a219da96eb18a942eb01
@@ -396,4 +432,5 @@ lockPref("privacy.override_rfp_for_color_scheme", false);
 
 **base librewolf version**: 89.x
 
-This is the initial release from which we start tagging and versioning settings.
+This is the initial release from which we start tagging and versioning settings. For previous changes see 
+[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).

librewolf.cfg

@@ -9,7 +9,7 @@
  
  */
 
-defaultPref("librewolf.cfg.version", "3.2");
+defaultPref("librewolf.cfg.version", "4.0");
 
 // -------------------------------
 // # SANITIZING, TP, SESSIONS
@@ -26,7 +26,7 @@ defaultPref("librewolf.cfg.version", "3.2");
 pref("browser.contentblocking.category", "strict");
 
 defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce
-defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, the clear
+defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear
 
 // make third party and http cookies session-only
 defaultPref("network.cookie.thirdparty.sessionOnly", true);
@@ -34,13 +34,10 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
 
 /**
  this way of sanitizing cookies would override the exceptions set by the users and just delete everything,
- we disable it but cookies are still cleared per session unless exceptions are set.
- all the cleaning prefs are set to true except for siteSetting and offlineApps.
- siteSettings shouldn't be cleared as it stores exceptions set by users.
+ we disable it but cookies and site data are still cleared per session unless exceptions are set.
+ all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want.
 */
 defaultPref("privacy.clearOnShutdown.cookies", false);
-defaultPref("privacy.clearOnShutdown.offlineApps", true);
-defaultPref("privacy.cpd.offlineApps", true);
 defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
 defaultPref("privacy.sanitize.timeSpan", 0);
 
@@ -131,13 +128,14 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page
 // # MEDIA
 // ----------------------
 
-// disable webrtc
-defaultPref("media.peerconnection.enabled", false); // master switch
-
-// limit potential IP leaks for webrtc users
-defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates
-defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates
-defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users
+/**
+ * limit potential private IP leaks for webrtc users.
+ * mDNS protects the value on linux, osx and win10+.
+ * these prefs protect the value when allowing mic and camera access, and for win7/8.x.
+ * */
+defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate
+defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used
+defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used
 
 // autoplay
 defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
@@ -156,8 +154,12 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced
 
 defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default
 
-// librewolf specifc pref that prevents rfp from forcing light theme, review
-lockPref("privacy.override_rfp_for_color_scheme", false);
+/**
+ * increase the size of new RFP windows for better usability, while still using a rounded value.
+ * if the screen resolution is lower it will stretch to the biggest possible rounded value.
+ * */
+defaultPref("privacy.window.maxInnerWidth", 1600);
+defaultPref("privacy.window.maxInnerHeight", 900);
 
 defaultPref("webgl.disabled", true); // master switch, disable webgl
 
@@ -170,11 +172,11 @@ defaultPref("fission.autostart", true); // enable fission by default
 // certificates
 defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
 defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
-defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching
+defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
 
-// crl with no OCSP fallback. commented for now but review
-// defaultPref("security.remote_settings.crlite_filters.enabled", true);
-// defaultPref("security.pki.crlite_mode", 2);
+// crl with no ocsp fallback
+defaultPref("security.remote_settings.crlite_filters.enabled", true);
+defaultPref("security.pki.crlite_mode", 2);
 
 // safe negotiation
 defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage
@@ -236,9 +238,6 @@ defaultPref("media.gmp-gmpopenh264.enabled", false);
 // # LOCATION, LANGUAGE AND REGION
 // ---------------------------------------------
 
-defaultPref("geo.enabled", false); // block geo api, behind a prompt so review
-defaultPref("permissions.default.geo", 2); // review as well
-
 // use mozilla geo service as deault
 defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");