Merge branch 'v5.6' into 'master'
Draft: v5.6 See merge request librewolf-community/settings!32
This commit is contained in:
fabrizio
commit
e271fa123c
2 changed files with 58 additions and 19 deletions
|
|
@ -1,10 +1,49 @@
|
|||
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
|
||||
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
|
||||
|
||||
# 5.5
|
||||
# 6.0
|
||||
|
||||
**target commit**:
|
||||
|
||||
**base librewolf version**: 98.x
|
||||
|
||||
**References**:
|
||||
- we are going to force history to custom mode and hide the UI for always on PB mode, a bunch of pointers are collected in [this MR](https://gitlab.com/librewolf-community/browser/source/-/merge_requests/21).
|
||||
- [handlers prefs are deprecated](https://bugzilla.mozilla.org/show_bug.cgi?id=1733497).
|
||||
- for OCSP see [this issue](https://gitlab.com/librewolf-community/settings/-/issues/150).
|
||||
|
||||
#### Added preferences
|
||||
```
|
||||
pref("privacy.history.custom", true);
|
||||
pref("browser.privatebrowsing.autostart", false);
|
||||
defaultPref("browser.preferences.moreFromMozilla", false); // hide about:preferences#moreFromMozilla
|
||||
defaultPref("security.OCSP.require", true); // set to hard-fail
|
||||
```
|
||||
|
||||
#### Removed preferences
|
||||
```
|
||||
/** [SECTION] HANDLERS
|
||||
* remove the default handlers for several tipe of files and services.
|
||||
*/
|
||||
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
|
||||
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.irc.0.name", "");
|
||||
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
|
||||
```
|
||||
|
||||
#### Changed preferences
|
||||
```
|
||||
defaultPref("security.OCSP.enabled", 1);
|
||||
```
|
||||
|
||||
# 5.5
|
||||
|
||||
**target commit**: 0fc1ff53c99379d9d4625de65ea51287d57a0a3a
|
||||
|
||||
**base librewolf version**: 97.x
|
||||
|
||||
**References**:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
*
|
||||
* WARNING: please make sure the first line of this file is empty. this is a known bug.
|
||||
*/
|
||||
defaultPref("librewolf.cfg.version", "5.5");
|
||||
defaultPref("librewolf.cfg.version", "6.0");
|
||||
|
||||
|
||||
/** INDEX
|
||||
|
|
@ -38,6 +38,7 @@ defaultPref("librewolf.cfg.version", "5.5");
|
|||
* 5. dFPI specific cookie cleaning mechanism
|
||||
*
|
||||
* the desired category must be set with pref() otherwise it won't stick.
|
||||
* the UI that allows to change mode manually is hidden.
|
||||
*/
|
||||
pref("browser.contentblocking.category", "strict");
|
||||
defaultPref("network.cookie.cookieBehavior", 5); // enforce dFPI
|
||||
|
|
@ -67,7 +68,12 @@ defaultPref("browser.shell.shortcutFavicons", false);
|
|||
defaultPref("browser.pagethumbnails.capturing_disabled", true);
|
||||
defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps
|
||||
|
||||
/** [SECTION] HISTORY AND SESSION RESTORE */
|
||||
/** [SECTION] HISTORY AND SESSION RESTORE
|
||||
* since we hide the UI for modes other than custom we want to reset it for
|
||||
* everyone. same thing for always on PB mode.
|
||||
*/
|
||||
pref("privacy.history.custom", true);
|
||||
pref("browser.privatebrowsing.autostart", false);
|
||||
defaultPref("browser.formfill.enable", false); // disable form history
|
||||
defaultPref("browser.sessionstore.privacy_level", 2); // prevent websites from storing session data like cookies and forms
|
||||
defaultPref("browser.sessionstore.interval", 60000); // increase time between session saves
|
||||
|
|
@ -186,6 +192,7 @@ defaultPref("webgl.disabled", true);
|
|||
|
||||
/** [SECTION] SITE ISOLATION
|
||||
* https://wiki.mozilla.org/Project_Fission
|
||||
* this has been rolled out and is now a default on most FF releases
|
||||
*/
|
||||
defaultPref("fission.autostart", true);
|
||||
|
||||
|
|
@ -198,12 +205,15 @@ defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certific
|
|||
defaultPref("security.ssl.require_safe_negotiation", true);
|
||||
defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
|
||||
/**
|
||||
* our strategy with revocation is to disable OCSP as it is slower and less privacy minded, and to use
|
||||
* CRL instead, particularly the CRLite solution with no OCSP fallback.
|
||||
* our strategy with revocation is to perform all possible checks with CRL, but when a cert
|
||||
* cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
|
||||
* increase security.
|
||||
* switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP.
|
||||
*/
|
||||
defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
|
||||
defaultPref("security.remote_settings.crlite_filters.enabled", true);
|
||||
defaultPref("security.pki.crlite_mode", 2); // mode 2 means no fallback
|
||||
defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks
|
||||
defaultPref("security.OCSP.enabled", 1); // default
|
||||
defaultPref("security.OCSP.require", true); // set to hard-fail
|
||||
|
||||
/** [SECTION] TLS/SSL */
|
||||
lockPref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security
|
||||
|
|
@ -425,18 +435,6 @@ defaultPref("app.releaseNotesURL.aboutDialog", "https://gitlab.com/librewolf-com
|
|||
defaultPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
|
||||
defaultPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
|
||||
|
||||
/** [SECTION] HANDLERS
|
||||
* remove the default handlers for several tipe of files and services.
|
||||
*/
|
||||
lockPref("gecko.handlerService.schemes.mailto.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.0.name", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.1.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.mailto.1.name", "");
|
||||
lockPref("gecko.handlerService.schemes.irc.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.irc.0.name", "");
|
||||
lockPref("gecko.handlerService.schemes.ircs.0.uriTemplate", "");
|
||||
lockPref("gecko.handlerService.schemes.ircs.0.name", "");
|
||||
|
||||
/** [SECTION] FIRST LAUNCH
|
||||
* disable what's new and ui tour on first start and updates. the browser
|
||||
* should also not stress user about being the default one.
|
||||
|
|
@ -487,6 +485,8 @@ defaultPref("lightweightThemes.getMoreURL", ""); // disable button to get more t
|
|||
defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button
|
||||
// ...and about:config
|
||||
defaultPref("browser.aboutConfig.showWarning", false);
|
||||
// hide about:preferences#moreFromMozilla
|
||||
defaultPref("browser.preferences.moreFromMozilla", false);
|
||||
|
||||
/** [SECTION] RECOMMENDED
|
||||
* disable all "recommend as you browse" activity.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue