February 2023 - tor-commits - lists.torproject.org

[Git][tpo/applications/tor-browser] Pushed new tag base-browser-102.8.0esr-12.5-1-build1
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed new tag base-browser-102.8.0esr-12.5-1-build1 at The Tor Project / Applications / Tor Browser -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/tree/base-brow… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] fixup! Bug 31740: Remove some unnecessary RemoteSettings instances
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 93de138c by Pier Angelo Vendrame at 2023-02-15T15:24:47+00:00 fixup! Bug 31740: Remove some unnecessary RemoteSettings instances Bug 41628: Disable Nimbus and Normandy components at compile time (cherry picked from commit 34ed82f6c02a8dc5ed8390fa664e2f63aeadc303) - - - - - 1 changed file: - toolkit/components/moz.build Changes: ===================================== toolkit/components/moz.build ===================================== @@ -122,10 +122,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": "components.conf", ] +# tor-browser#41628: Disable Normandy and Nimbus at compile time if CONFIG["MOZ_BUILD_APP"] == "browser": - DIRS += ["normandy", "messaging-system"] - -DIRS += ["nimbus"] + DIRS += ["messaging-system"] if CONFIG["MOZ_BACKGROUNDTASKS"]: DIRS += ["backgroundtasks"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93de138… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/93de138… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] fixup! Bug 31740: Remove some unnecessary RemoteSettings instances
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 34ed82f6 by Pier Angelo Vendrame at 2023-02-15T15:23:42+00:00 fixup! Bug 31740: Remove some unnecessary RemoteSettings instances Bug 41628: Disable Nimbus and Normandy components at compile time - - - - - 1 changed file: - toolkit/components/moz.build Changes: ===================================== toolkit/components/moz.build ===================================== @@ -123,10 +123,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": "components.conf", ] +# tor-browser#41628: Disable Normandy and Nimbus at compile time if CONFIG["MOZ_BUILD_APP"] == "browser": - DIRS += ["normandy", "messaging-system"] - -DIRS += ["nimbus"] + DIRS += ["messaging-system"] if CONFIG["MOZ_BACKGROUNDTASKS"]: DIRS += ["backgroundtasks"] View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/34ed82f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/34ed82f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] 2 commits: squash! Bug 31575: Disable Firefox Home (Activity Stream)
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 5f04090e by Pier Angelo Vendrame at 2023-02-15T14:46:07+00:00 squash! Bug 31575: Disable Firefox Home (Activity Stream) Bug 41624: Disable about:pocket-* pages and about:firefoxview. - - - - - 783bcb8c by Pier Angelo Vendrame at 2023-02-15T14:46:28+00:00 fixup! Bug 31740: Remove some unnecessary RemoteSettings instances Bug 41624: Disable the about:url-classifier page - - - - - 6 changed files: - browser/components/BrowserGlue.jsm - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - browser/components/moz.build - docshell/base/nsAboutRedirector.cpp - toolkit/modules/RemotePageAccessManager.jsm Changes: ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -237,26 +237,6 @@ let JSWINDOWACTORS = { matches: ["about:plugins"], }, - AboutPocket: { - parent: { - moduleURI: "resource:///actors/AboutPocketParent.jsm", - }, - child: { - moduleURI: "resource:///actors/AboutPocketChild.jsm", - - events: { - DOMDocElementInserted: { capture: true }, - }, - }, - - matches: [ - "about:pocket-saved*", - "about:pocket-signup*", - "about:pocket-home*", - "about:pocket-style-guide*", - ], - }, - AboutPrivateBrowsing: { parent: { moduleURI: "resource:///actors/AboutPrivateBrowsingParent.jsm", ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -70,9 +70,11 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER {"firefoxview", "chrome://browser/content/firefoxview.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#endif {"policies", "chrome://browser/content/policies/aboutPolicies.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, {"privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.html", @@ -106,6 +108,7 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT}, +#ifndef BASE_BROWSER {"pocket-saved", "chrome://pocket/content/panels/saved.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | @@ -122,6 +125,7 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#endif {"preferences", "chrome://browser/content/preferences/preferences.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, {"downloads", ===================================== browser/components/about/components.conf ===================================== @@ -12,12 +12,7 @@ pages = [ 'home', 'logins', 'loginsimportreport', - 'firefoxview', 'newtab', - 'pocket-home', - 'pocket-saved', - 'pocket-signup', - 'pocket-style-guide', 'policies', 'preferences', 'privatebrowsing', ===================================== browser/components/moz.build ===================================== @@ -42,7 +42,6 @@ DIRS += [ "newtab", "originattributes", "places", - "pocket", "preferences", "privatebrowsing", "prompts", @@ -65,7 +64,6 @@ DIRS += ["build"] if CONFIG["NIGHTLY_BUILD"]: DIRS += [ "colorways", - "firefoxview", ] ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -165,8 +165,10 @@ static const RedirEntry kRedirMap[] = { #endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml", nsIAboutModule::ALLOW_SCRIPT}, +#endif {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html", nsIAboutModule::ALLOW_SCRIPT}, {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT}, ===================================== toolkit/modules/RemotePageAccessManager.jsm ===================================== @@ -98,29 +98,6 @@ let RemotePageAccessManager = { "about:plugins": { RPMSendQuery: ["RequestPlugins"], }, - "about:pocket-saved": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-signup": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-home": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-style-guide": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - }, "about:privatebrowsing": { RPMSendAsyncMessage: [ "OpenPrivateWindow", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/926c3f… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/926c3f… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 3 commits: fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 4d0aac78 by Pier Angelo Vendrame at 2023-02-15T14:40:43+00:00 fixup! Bug 11698: Incorporate Tor Browser Manual pages into Tor Browser - - - - - a19c9288 by Pier Angelo Vendrame at 2023-02-15T14:40:43+00:00 squash! Bug 31575: Disable Firefox Home (Activity Stream) Bug 41624: Disable about:pocket-* pages and about:firefoxview. - - - - - bd9cd0a7 by Pier Angelo Vendrame at 2023-02-15T14:40:43+00:00 fixup! Bug 31740: Remove some unnecessary RemoteSettings instances Bug 41624: Disable the about:url-classifier page - - - - - 6 changed files: - browser/components/BrowserGlue.jsm - browser/components/about/AboutRedirector.cpp - browser/components/about/components.conf - browser/components/moz.build - docshell/base/nsAboutRedirector.cpp - toolkit/modules/RemotePageAccessManager.jsm Changes: ===================================== browser/components/BrowserGlue.jsm ===================================== @@ -237,26 +237,6 @@ let JSWINDOWACTORS = { matches: ["about:plugins"], }, - AboutPocket: { - parent: { - moduleURI: "resource:///actors/AboutPocketParent.jsm", - }, - child: { - moduleURI: "resource:///actors/AboutPocketChild.jsm", - - events: { - DOMDocElementInserted: { capture: true }, - }, - }, - - matches: [ - "about:pocket-saved*", - "about:pocket-signup*", - "about:pocket-home*", - "about:pocket-style-guide*", - ], - }, - AboutPrivateBrowsing: { parent: { moduleURI: "resource:///actors/AboutPrivateBrowsingParent.jsm", ===================================== browser/components/about/AboutRedirector.cpp ===================================== @@ -75,9 +75,11 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER {"firefoxview", "chrome://browser/content/firefoxview.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#endif {"policies", "chrome://browser/content/policies/aboutPolicies.html", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, {"privatebrowsing", "chrome://browser/content/aboutPrivateBrowsing.html", @@ -116,6 +118,7 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT}, +#ifndef BASE_BROWSER {"pocket-saved", "chrome://pocket/content/panels/saved.html", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | @@ -132,6 +135,7 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::URI_CAN_LOAD_IN_CHILD | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::HIDE_FROM_ABOUTABOUT}, +#endif {"preferences", "chrome://browser/content/preferences/preferences.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, {"downloads", @@ -156,7 +160,8 @@ static const RedirEntry kRedirMap[] = { nsIAboutModule::HIDE_FROM_ABOUTABOUT | nsIAboutModule::IS_SECURE_CHROME_UI}, // The correct URI must be obtained by GetManualChromeURI - {"manual", "about:blank", nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | + {"manual", "about:blank", + nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT | nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::URI_MUST_LOAD_IN_CHILD | nsIAboutModule::URI_CAN_LOAD_IN_PRIVILEGEDABOUT_PROCESS | nsIAboutModule::IS_SECURE_CHROME_UI}, @@ -176,8 +181,7 @@ static nsAutoCString GetAboutModuleName(nsIURI* aURI) { return path; } -static nsTHashSet<nsCStringHashKey> GetManualLocales() -{ +static nsTHashSet<nsCStringHashKey> GetManualLocales() { nsTHashSet<nsCStringHashKey> locales; RefPtr<nsZipArchive> zip = Omnijar::GetReader(Omnijar::APP); UniquePtr<nsZipFind> find; ===================================== browser/components/about/components.conf ===================================== @@ -12,13 +12,8 @@ pages = [ 'home', 'logins', 'loginsimportreport', - 'firefoxview', 'manual', 'newtab', - 'pocket-home', - 'pocket-saved', - 'pocket-signup', - 'pocket-style-guide', 'policies', 'preferences', 'privatebrowsing', ===================================== browser/components/moz.build ===================================== @@ -43,7 +43,6 @@ DIRS += [ "onionservices", "originattributes", "places", - "pocket", "preferences", "privatebrowsing", "prompts", @@ -69,7 +68,6 @@ DIRS += ["build"] if CONFIG["NIGHTLY_BUILD"]: DIRS += [ "colorways", - "firefoxview", ] ===================================== docshell/base/nsAboutRedirector.cpp ===================================== @@ -165,8 +165,10 @@ static const RedirEntry kRedirMap[] = { #endif {"telemetry", "chrome://global/content/aboutTelemetry.xhtml", nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI}, +#ifndef BASE_BROWSER {"url-classifier", "chrome://global/content/aboutUrlClassifier.xhtml", nsIAboutModule::ALLOW_SCRIPT}, +#endif {"webrtc", "chrome://global/content/aboutwebrtc/aboutWebrtc.html", nsIAboutModule::ALLOW_SCRIPT}, {"crashparent", "about:blank", nsIAboutModule::HIDE_FROM_ABOUTABOUT}, ===================================== toolkit/modules/RemotePageAccessManager.jsm ===================================== @@ -101,29 +101,6 @@ let RemotePageAccessManager = { "about:plugins": { RPMSendQuery: ["RequestPlugins"], }, - "about:pocket-saved": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-signup": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-home": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - RPMGetStringPref: ["extensions.pocket.site"], - }, - "about:pocket-style-guide": { - RPMSendAsyncMessage: ["*"], - RPMAddMessageListener: ["*"], - RPMRemoveMessageListener: ["*"], - }, "about:privatebrowsing": { RPMSendAsyncMessage: [ "OpenPrivateWindow", View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a697a2… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/a697a2… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.0-1] fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 9d3722cd by Richard Pospesel at 2023-02-15T13:55:19+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js bug 41627: Enable network.http.referer.hideOnionSource in base-browser (cherry picked from commit a697a2c0dfb46591f6d497ae7178be3a55d55fc7) - - - - - 1 changed file: - browser/app/profile/000-tor-browser.js Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -38,9 +38,6 @@ pref("dom.securecontext.allowlist_onions", true); // Disable HTTPS-Only mode for .onion domains (tor-browser#19850) pref("dom.security.https_only_mode.upgrade_onion", false); -// tor-browser#22320: Hide referer when comming from a .onion address -pref("network.http.referer.hideOnionSource", true); - // Bug 40423/41137: Disable http/3 // We should re-enable it as soon as Tor gets UDP support pref("network.http.http3.enabled", false); View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9d3722c… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9d3722c… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.0-1] fixup! Firefox preference overrides.
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 8d7cac06 by Richard Pospesel at 2023-02-15T13:54:59+00:00 fixup! Firefox preference overrides. bug 41627: Enable network.http.referer.hideOnionSource in base-browser (cherry picked from commit 90df17dac724c43bbc533a0f449a72ba419d9d67) - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -57,6 +57,12 @@ pref("media.memory_cache_max_size", 16384); pref("dom.security.https_only_mode", true); pref("dom.security.https_only_mode_pbm", true); +// tor-browser#22320: Hide referer when comming from a .onion address +// We enable this here (rather than in Tor Browser) in case users of other +// base-browser derived browsers configure it to use a system Tor daemon +// to visit onion services. +pref("network.http.referer.hideOnionSource", true); + // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 ) // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8d7cac0… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/8d7cac0… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.0-1] fixup! Firefox preference overrides.
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.0-1 at The Tor Project / Applications / Tor Browser Commits: 02bb195d by Richard Pospesel at 2023-02-15T13:54:39+00:00 fixup! Firefox preference overrides. bug 41627: Enable network.http.referer.hideOnionSource in base-browser (cherry picked from commit 90df17dac724c43bbc533a0f449a72ba419d9d67) - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -57,6 +57,12 @@ pref("media.memory_cache_max_size", 16384); pref("dom.security.https_only_mode", true); pref("dom.security.https_only_mode_pbm", true); +// tor-browser#22320: Hide referer when comming from a .onion address +// We enable this here (rather than in Tor Browser) in case users of other +// base-browser derived browsers configure it to use a system Tor daemon +// to visit onion services. +pref("network.http.referer.hideOnionSource", true); + // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 ) // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/02bb195… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/02bb195… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][base-browser-102.8.0esr-12.5-1] fixup! Firefox preference overrides.
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch base-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 926c3f33 by Richard Pospesel at 2023-02-15T13:54:12+00:00 fixup! Firefox preference overrides. bug 41627: Enable network.http.referer.hideOnionSource in base-browser (cherry picked from commit 90df17dac724c43bbc533a0f449a72ba419d9d67) - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -68,6 +68,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); pref("dom.security.https_only_mode", true); pref("dom.security.https_only_mode_pbm", true); +// tor-browser#22320: Hide referer when comming from a .onion address +// We enable this here (rather than in Tor Browser) in case users of other +// base-browser derived browsers configure it to use a system Tor daemon +// to visit onion services. +pref("network.http.referer.hideOnionSource", true); + // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 ) // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/926c3f3… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/926c3f3… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[Git][tpo/applications/tor-browser][tor-browser-102.8.0esr-12.5-1] 2 commits: fixup! Firefox preference overrides.
by Richard Pospesel (＠richard) 15 Feb '23

15 Feb '23

Richard Pospesel pushed to branch tor-browser-102.8.0esr-12.5-1 at The Tor Project / Applications / Tor Browser Commits: 90df17da by Richard Pospesel at 2023-02-15T13:37:32+00:00 fixup! Firefox preference overrides. bug 41627: Enable network.http.referer.hideOnionSource in base-browser - - - - - a697a2c0 by Richard Pospesel at 2023-02-15T13:38:06+00:00 fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js bug 41627: Enable network.http.referer.hideOnionSource in base-browser - - - - - 2 changed files: - browser/app/profile/000-tor-browser.js - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/000-tor-browser.js ===================================== @@ -38,9 +38,6 @@ pref("dom.securecontext.allowlist_onions", true); // Disable HTTPS-Only mode for .onion domains (tor-browser#19850) pref("dom.security.https_only_mode.upgrade_onion", false); -// tor-browser#22320: Hide referer when comming from a .onion address -pref("network.http.referer.hideOnionSource", true); - // Bug 40423/41137: Disable http/3 // We should re-enable it as soon as Tor gets UDP support pref("network.http.http3.enabled", false); ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -68,6 +68,12 @@ pref("browser.pagethumbnails.capturing_disabled", true); pref("dom.security.https_only_mode", true); pref("dom.security.https_only_mode_pbm", true); +// tor-browser#22320: Hide referer when comming from a .onion address +// We enable this here (rather than in Tor Browser) in case users of other +// base-browser derived browsers configure it to use a system Tor daemon +// to visit onion services. +pref("network.http.referer.hideOnionSource", true); + // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 ) // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/33b90e… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/33b90e… You're receiving this email because of your account on gitlab.torproject.org.

1 0