[tor-commits] [tor-browser] branch tor-browser-102.4.0esr-12.0-1 updated: fixup! Firefox preference overrides.

This is an automated email from the git hooks/post-receive script.

richard pushed a commit to branch tor-browser-102.4.0esr-12.0-1 in repository tor-browser.

The following commit(s) were added to refs/heads/tor-browser-102.4.0esr-12.0-1 by this push: new 710112fd464a fixup! Firefox preference overrides. 710112fd464a is described below

commit 710112fd464aadbdc3c52b0aa02667ce9b0549da Author: Richard Pospesel richard@torproject.org AuthorDate: Mon Oct 24 21:24:14 2022 +0000

fixup! Firefox preference overrides.

Bug 27128: Consider homogenizing HTTP/2 Settings prefs --- browser/app/profile/001-base-profile.js | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/browser/app/profile/001-base-profile.js b/browser/app/profile/001-base-profile.js index 4197b1019454..bd85bc010e66 100644 --- a/browser/app/profile/001-base-profile.js +++ b/browser/app/profile/001-base-profile.js @@ -237,7 +237,6 @@ pref("privacy.firstparty.isolate", true); // Always enforce first party isolatio pref("privacy.partition.network_state", false); // Disable for now until audit pref("network.cookie.cookieBehavior", 1); pref("network.cookie.cookieBehavior.pbmode", 1); -pref("network.http.http2.allow-push", false); // Disabled for now. See https://bugs.torproject.org/27127 and tor-browser#41014 pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633 // Bug 40177: Make sure tracker cookie purging is disabled pref("privacy.purge_trackers.enabled", false); @@ -258,6 +257,25 @@ pref("network.proxy.allow_bypass", false, locked); // #40682 // alters content load order in a page. See tor-browser#24686 pref("network.http.tailing.enabled", true, locked);

+// Make sure the varoius http2 settings, buffer sizes, timings, etc are locked to firefox defaults to minimize network performance fingerprinting. See https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27128 +pref("network.http.http2.enabled", true, locked); +pref("network.http.http2.enabled.deps", true, locked); +pref("network.http.http2.enforce-tls-profile", true, locked); +pref("network.http.http2.chunk-size", 16000, locked); +pref("network.http.http2.timeout", 170, locked); +pref("network.http.http2.coalesce-hostnames", true, locked); +pref("network.http.http2.persistent-settings", false, locked); +pref("network.http.http2.ping-threshold", 58, locked); +pref("network.http.http2.ping-timeout", 8, locked); +pref("network.http.http2.send-buffer-size", 131072, locked); +pref("network.http.http2.allow-push", true, locked); +pref("network.http.http2.push-allowance", 131072, locked); +pref("network.http.http2.pull-allowance", 12582912, locked); +pref("network.http.http2.default-concurrent", 100, locked); +pref("network.http.http2.default-hpack-buffer", 65536, locked); +pref("network.http.http2.websockets", false, locked); +pref("network.http.http2.enable-hpack-dump", false, locked); + // Make sure we don't have any GIO supported protocols (defense in depth // measure) pref("network.gio.supported-protocols", "");