morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
06df4787 by Pier Angelo Vendrame at 2024-09-03T19:51:54+00:00
Revert "Bug 12620: TorBrowser regression tests"
We have not run these tests in years.
It does not make sense to try to modify them.
This reverts commit b8cef53f22fef6486cf05c93834120c4faa1e204.
- - - - -
7bfc300d by Pier Angelo Vendrame at 2024-09-03T19:51:54+00:00
Revert "Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing"
This reverts commit 6f3c0d2f7298bdde1b59d68f99e0d31e91e75f2a.
- - - - -
01127089 by Pier Angelo Vendrame at 2024-09-03T19:51:54+00:00
fixup! Bug 41435: Add a Tor Browser migration function
Bug: Review default search engine options.
Migration code for removing Twitter, Yahoo, and YouTube from the local
extension database.
- - - - -
372410ca by Pier Angelo Vendrame at 2024-09-03T19:51:54+00:00
Bug 42891: Set the bundled search engine for Tor Browser.
After upstream changes between Firefox 115 and 128, we had to
completely rework the way in which we define our search engines.
This commit replaces the old "Omnibox: Add DDG, Startpage, Disconnect,
Youtube, Twitter; remove Amazon, eBay, bing".
With that commit, we customized a list of addons IDs to ship as
built-in search engines, but then upsteam moved to using only
RemoteSettings.
The configuration has many more fields, and it would be quite long to
include it in the source code. Therefore, we use some local JSON files
and load the settings from them.
- - - - -
30 changed files:
- .eslintignore
- .prettierignore
- browser/components/BrowserGlue.sys.mjs
- + browser/components/search/extensions/amazon/_locales/au/messages.json
- + browser/components/search/extensions/amazon/_locales/ca/messages.json
- + browser/components/search/extensions/amazon/_locales/de/messages.json
- + browser/components/search/extensions/amazon/_locales/en-GB/messages.json
- + browser/components/search/extensions/amazon/_locales/france/messages.json
- + browser/components/search/extensions/amazon/_locales/in/messages.json
- + browser/components/search/extensions/amazon/_locales/it/messages.json
- + browser/components/search/extensions/amazon/_locales/jp/messages.json
- + browser/components/search/extensions/amazon/_locales/nl/messages.json
- + browser/components/search/extensions/amazon/_locales/spain/messages.json
- + browser/components/search/extensions/amazon/_locales/sweden/messages.json
- + browser/components/search/extensions/amazondotcn/_locales/default/messages.json
- + browser/components/search/extensions/amazondotcn/_locales/mozillaonline/messages.json
- + browser/components/search/extensions/amazondotcom/_locales/en/messages.json
- + browser/components/search/extensions/amazondotcom/_locales/us/messages.json
- + browser/components/search/extensions/ebay/_locales/at/messages.json
- + browser/components/search/extensions/ebay/_locales/au/messages.json
- + browser/components/search/extensions/ebay/_locales/be/messages.json
- + browser/components/search/extensions/ebay/_locales/ca/messages.json
- + browser/components/search/extensions/ebay/_locales/ch/messages.json
- + browser/components/search/extensions/ebay/_locales/de/messages.json
- + browser/components/search/extensions/ebay/_locales/en/messages.json
- + browser/components/search/extensions/ebay/_locales/es/messages.json
- + browser/components/search/extensions/ebay/_locales/fr/messages.json
- + browser/components/search/extensions/ebay/_locales/ie/messages.json
- + browser/components/search/extensions/ebay/_locales/it/messages.json
- + browser/components/search/extensions/ebay/_locales/nl/messages.json
The diff was not included because it is too large.
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cf7487…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/cf7487…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser
Commits:
e155be94 by Pier Angelo Vendrame at 2024-09-03T19:16:01+00:00
fixup! Bug 40925: Implemented the Security Level component
Bug 42617: Use DDG's plain HTML variant on Safest.
Between 115 and 128 we lost the engine parameter, so we are not given
the search engine's ID anymore.
So, switch to comparing the hostname instead.
- - - - -
1 changed file:
- toolkit/components/search/SearchEngine.sys.mjs
Changes:
=====================================
toolkit/components/search/SearchEngine.sys.mjs
=====================================
@@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs",
SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs",
SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs",
+ SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs",
OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs",
});
@@ -439,6 +440,26 @@ export class EngineURL {
*/
getSubmission(searchTerms, queryCharset, purpose) {
var url = ParamSubstitution(this.template, searchTerms, queryCharset);
+
+ if (
+ lazy.SecurityLevelPrefs?.securityLevel === "safest" &&
+ this.type === lazy.SearchUtils.URL_TYPE.SEARCH
+ ) {
+ let host = this.templateHost;
+ try {
+ host = Services.eTLD.getBaseDomainFromHost(host);
+ } catch (ex) {
+ lazy.logConsole.warn("Failed to get a FPD", ex, host);
+ }
+ if (
+ host === "duckduckgo.com" ||
+ host ===
+ "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion"
+ ) {
+ url += "html";
+ }
+ }
+
// Default to searchbar if the purpose is not provided
var requestPurpose = purpose || "searchbar";
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e15…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/e15…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
f6fce359 by Pier Angelo Vendrame at 2024-09-03T19:15:29+00:00
fixup! Bug 40925: Implemented the Security Level component
Bug 42617: Use DDG's plain HTML variant on Safest.
Between 115 and 128 we lost the engine parameter, so we are not given
the search engine's ID anymore.
So, switch to comparing the hostname instead.
- - - - -
1 changed file:
- toolkit/components/search/SearchEngine.sys.mjs
Changes:
=====================================
toolkit/components/search/SearchEngine.sys.mjs
=====================================
@@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs",
SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs",
SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs",
+ SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs",
OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs",
});
@@ -439,6 +440,26 @@ export class EngineURL {
*/
getSubmission(searchTerms, queryCharset, purpose) {
var url = ParamSubstitution(this.template, searchTerms, queryCharset);
+
+ if (
+ lazy.SecurityLevelPrefs?.securityLevel === "safest" &&
+ this.type === lazy.SearchUtils.URL_TYPE.SEARCH
+ ) {
+ let host = this.templateHost;
+ try {
+ host = Services.eTLD.getBaseDomainFromHost(host);
+ } catch (ex) {
+ lazy.logConsole.warn("Failed to get a FPD", ex, host);
+ }
+ if (
+ host === "duckduckgo.com" ||
+ host ===
+ "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion"
+ ) {
+ url += "html";
+ }
+ }
+
// Default to searchbar if the purpose is not provided
var requestPurpose = purpose || "searchbar";
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/f6fce35…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
cf748728 by Pier Angelo Vendrame at 2024-09-03T19:12:17+00:00
fixup! Bug 40925: Implemented the Security Level component
Bug 42617: Use DDG's plain HTML variant on Safest.
Between 115 and 128 we lost the engine parameter, so we are not given
the search engine's ID anymore.
So, switch to comparing the hostname instead.
- - - - -
1 changed file:
- toolkit/components/search/SearchEngine.sys.mjs
Changes:
=====================================
toolkit/components/search/SearchEngine.sys.mjs
=====================================
@@ -12,6 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
NimbusFeatures: "resource://nimbus/ExperimentAPI.sys.mjs",
SearchSettings: "resource://gre/modules/SearchSettings.sys.mjs",
SearchUtils: "resource://gre/modules/SearchUtils.sys.mjs",
+ SecurityLevelPrefs: "resource://gre/modules/SecurityLevel.sys.mjs",
OpenSearchEngine: "resource://gre/modules/OpenSearchEngine.sys.mjs",
});
@@ -439,6 +440,26 @@ export class EngineURL {
*/
getSubmission(searchTerms, queryCharset, purpose) {
var url = ParamSubstitution(this.template, searchTerms, queryCharset);
+
+ if (
+ lazy.SecurityLevelPrefs?.securityLevel === "safest" &&
+ this.type === lazy.SearchUtils.URL_TYPE.SEARCH
+ ) {
+ let host = this.templateHost;
+ try {
+ host = Services.eTLD.getBaseDomainFromHost(host);
+ } catch (ex) {
+ lazy.logConsole.warn("Failed to get a FPD", ex, host);
+ }
+ if (
+ host === "duckduckgo.com" ||
+ host ===
+ "duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion"
+ ) {
+ url += "html";
+ }
+ }
+
// Default to searchbar if the purpose is not provided
var requestPurpose = purpose || "searchbar";
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/cf74872…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser
Commits:
52751687 by Morgan at 2024-09-03T18:51:16+00:00
fixup! Firefox preference overrides.
added comment about disabling webcompat reporter
- - - - -
1 changed file:
- browser/app/profile/001-base-profile.js
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false);
// Disable the screenshot menu when right-clicking (Bug #40912 and #40007)
pref("extensions.screenshots.disabled", true);
+
+// Disable webcompat reporter
pref("extensions.webcompat-reporter.enabled", false);
// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867)
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/527…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch base-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
7af0953f by Morgan at 2024-09-03T18:50:32+00:00
fixup! Firefox preference overrides.
added comment about disabling webcompat reporter
- - - - -
1 changed file:
- browser/app/profile/001-base-profile.js
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false);
// Disable the screenshot menu when right-clicking (Bug #40912 and #40007)
pref("extensions.screenshots.disabled", true);
+
+// Disable webcompat reporter
pref("extensions.webcompat-reporter.enabled", false);
// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867)
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/7af0953…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
9f472cf0 by Morgan at 2024-09-03T18:49:42+00:00
fixup! Firefox preference overrides.
added comment about disabling webcompat reporter
- - - - -
1 changed file:
- browser/app/profile/001-base-profile.js
Changes:
=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -292,6 +292,8 @@ pref("browser.preferences.moreFromMozilla", false);
// Disable the screenshot menu when right-clicking (Bug #40912 and #40007)
pref("extensions.screenshots.disabled", true);
+
+// Disable webcompat reporter
pref("extensions.webcompat-reporter.enabled", false);
// Disable contentRelevancy component (which itself is gated on Nimbus) (tor-browser#42867)
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/9f472cf…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch mullvad-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser
Commits:
0fb56325 by Morgan at 2024-09-03T18:31:58+00:00
fixup! MB 234: Disable OS spoofing in HTTP User-Agent.
- - - - -
f05617a0 by Pier Angelo Vendrame at 2024-09-03T18:32:13+00:00
Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
This commits makes it possible to disable OS spoofing in the HTTP
User-Agent header, to see if matching header and JS property improve
usability.
- - - - -
ff3f38f0 by Morgan at 2024-09-03T18:34:37+00:00
fixup! MB 38: Mullvad Browser configuration
- - - - -
0 changed files:
Changes:
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/45…
You're receiving this email because of your account on gitlab.torproject.org.
morgan pushed to branch tor-browser-128.2.0esr-14.0-1 at The Tor Project / Applications / Tor Browser
Commits:
7212e70e by Pier Angelo Vendrame at 2024-09-03T17:37:00+00:00
Bug 42647: Make OS HTTP User-Agent OS spoofing configurable by pref
This commits makes it possible to disable OS spoofing in the HTTP
User-Agent header, to see if matching header and JS property improve
usability.
- - - - -
fd5b26f4 by Morgan at 2024-09-03T17:38:32+00:00
fixup! Bug 40562: Added Tor Browser preferences to 000-tor-browser.js
set privacy.resistFingerprinting.spoofOsInUserAgentHeader to true for now
- - - - -
3 changed files:
- browser/app/profile/000-tor-browser.js
- netwerk/protocol/http/nsHttpHandler.cpp
- toolkit/components/resistfingerprinting/nsRFPService.cpp
Changes:
=====================================
browser/app/profile/000-tor-browser.js
=====================================
@@ -52,6 +52,10 @@ pref("network.http.connection-retry-timeout", 0);
// be reduced to the strictly required time).
pref("extensions.torbutton.use_nontor_proxy", false);
+// tor-browser#42647: Make OS HTTP User-Agent OS spoofing configurable by pref
+// TODO: flip to false when we're happy this is not a privacy issue
+pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
+
// Browser home page:
pref("browser.startup.homepage", "about:tor");
=====================================
netwerk/protocol/http/nsHttpHandler.cpp
=====================================
@@ -482,6 +482,9 @@ nsresult nsHttpHandler::Init() {
// obsService->AddObserver(this, "net:failed-to-process-uri-content", true);
}
+ Preferences::AddWeakObserver(
+ this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
+
MakeNewRequestTokenBucket();
mWifiTickler = new Tickler();
if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr;
@@ -2105,6 +2108,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
// Inform nsIOService that network is tearing down.
gIOService->SetHttpHandlerAlreadyShutingDown();
+ Preferences::RemoveObserver(
+ this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
+
ShutdownConnectionManager();
// need to reset the session start time since cache validation may
@@ -2227,6 +2233,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
ShutdownConnectionManager();
mConnMgr = nullptr;
Unused << InitConnectionMgr();
+ } else if (!strcmp(topic, "nsPref:changed") &&
+ !NS_strcmp(
+ data,
+ u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) {
+ nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
}
return NS_OK;
=====================================
toolkit/components/resistfingerprinting/nsRFPService.cpp
=====================================
@@ -904,12 +904,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent,
// https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
+ const bool spoofOs =
+ isForHTTPHeader &&
+ Preferences::GetBool(
+ "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
+
// These magic numbers are the lengths of the UA string literals below.
// Assume three-digit Firefox version numbers so we have room to grow.
size_t preallocatedLength =
13 +
- (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
- : mozilla::ArrayLength(SPOOFED_UA_OS)) -
+ (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
+ : mozilla::ArrayLength(SPOOFED_UA_OS)) -
1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 +
2;
userAgent.SetCapacity(preallocatedLength);
@@ -917,7 +922,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent,
// "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0"
userAgent.AssignLiteral("Mozilla/5.0 (");
- if (isForHTTPHeader) {
+ if (spoofOs) {
userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS);
} else {
userAgent.AppendLiteral(SPOOFED_UA_OS);
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a…
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/compare/7ec83a…
You're receiving this email because of your account on gitlab.torproject.org.