[tor-commits] [tor-browser] 04/06: fixup! Firefox preference overrides.

gitolite role git at cupani.torproject.org
Thu Nov 17 13:07:48 UTC 2022


This is an automated email from the git hooks/post-receive script.

pierov pushed a commit to branch tor-browser-102.4.0esr-12.0-2
in repository tor-browser.

commit a24ee90bbd3f1198617d626ef1e7bb56a20ef786
Author: Pier Angelo Vendrame <pierov at torproject.org>
AuthorDate: Wed Nov 16 12:50:41 2022 +0100

    fixup! Firefox preference overrides.
    
    Trivial-lish preferences from Arkenfox.
---
 browser/app/profile/001-base-profile.js | 41 +++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/browser/app/profile/001-base-profile.js b/browser/app/profile/001-base-profile.js
index 038fb91a2c11..3f27d1ba410c 100644
--- a/browser/app/profile/001-base-profile.js
+++ b/browser/app/profile/001-base-profile.js
@@ -55,6 +55,7 @@ pref("media.memory_cache_max_size", 16384);
 
 // Enable HTTPS-Only mode (tor-browser#19850)
 pref("dom.security.https_only_mode", true);
+pref("dom.security.https_only_mode_pbm", true);
 
 // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 )
 // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
@@ -84,7 +85,14 @@ pref("security.ssl3.rsa_aes_256_sha", false, locked);
 pref("browser.send_pings", false);
 pref("geo.enabled", false);
 pref("geo.provider.network.url", "");
+pref("geo.provider.ms-windows-location", false);
+pref("geo.provider.use_corelocation", false);
+pref("geo.provider.use_gpsd", false);
+pref("geo.provider.use_geoclue", false);
 pref("browser.search.suggest.enabled", false);
+pref("browser.urlbar.suggest.searches", false);
+pref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
+pref("browser.urlbar.suggest.quicksuggest.sponsored", false);
 pref("browser.safebrowsing.malware.enabled", false);
 pref("browser.safebrowsing.phishing.enabled", false);
 pref("browser.safebrowsing.downloads.enabled", false);
@@ -103,8 +111,16 @@ pref("datareporting.policy.dataSubmissionEnabled", false);
 // Make sure Unified Telemetry is really disabled, see: #18738.
 pref("toolkit.telemetry.unified", false);
 pref("toolkit.telemetry.enabled", false);
+pref("toolkit.telemetry.server", "data:,");
 pref("toolkit.telemetry.archive.enabled", false);
 pref("toolkit.telemetry.updatePing.enabled", false); // Make sure updater telemetry is disabled; see #25909.
+pref("toolkit.telemetry.bhrPing.enabled", false);
+pref("toolkit.telemetry.coverage.opt-out", true);
+pref("toolkit.coverage.opt-out", true);
+pref("toolkit.coverage.endpoint.base", "");
+pref("browser.ping-centre.telemetry", false);
+pref("browser.tabs.crashReporting.sendReport", false);
+pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
 #ifdef XP_WIN
 // Defense-in-depth: ensure that the Windows default browser agent will
 // not ping Mozilla if it is somehow present (we omit it at build time).
@@ -142,6 +158,11 @@ pref("extensions.pocket.enabled", false);
 // Disable activity stream/"Recommended by Pocket" in about:home (Bug #41029)
 pref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
 pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
+pref("browser.newtabpage.activity-stream.showSponsored", false);
+pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
+pref("browser.newtabpage.activity-stream.default.sites", "");
+pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
+pref("browser.newtabpage.activity-stream.telemetry", false);
 
 // Disable moreFromMozilla pane in the preferences/settings (tor-browser#41292).
 pref("browser.preferences.moreFromMozilla", false);
@@ -167,6 +188,9 @@ pref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
 pref("messaging-system.rsexperimentloader.enabled", false);
 // true means that you are *not* opting out. See its usage in various file.
 pref("app.shield.optoutstudies.enabled", false);
+// Disable Normandy/Shield
+pref("app.normandy.enabled", false);
+pref("app.normandy.api_url", "");
 
 // [SETTING] General>Browsing>Recommend extensions as you browse (Bug #40700)
 pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // disable CFR [FF67+]
@@ -183,6 +207,7 @@ pref("network.trr.default_provider_uri", "");
 pref("network.trr.exclude-etc-hosts", false);
 
 // Disable crlite
+pref("security.remote_settings.crlite_filters.enabled", false);
 pref("security.pki.crlite_mode", 0);
 
 // Disable website password breach alerts
@@ -201,6 +226,8 @@ pref("webgl.disable-fail-if-major-performance-caveat", true);
 pref("webgl.enable-webgl2", false);
 pref("browser.startup.homepage_override.buildID", "20100101");
 pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups)
+// Prevent scripts from moving and resizing open windows
+pref("dom.disable_window_move_resize", true);
 // Set video VP9 to 0 for everyone (bug 22548)
 pref("media.benchmark.vp9.threshold", 0);
 pref("dom.enable_resource_timing", false); // Bug 13024: To hell with this API
@@ -245,8 +272,18 @@ pref("privacy.partition.network_state", false); // Disable for now until audit
 pref("network.cookie.cookieBehavior", 1);
 pref("network.cookie.cookieBehavior.pbmode", 1);
 pref("network.predictor.enabled", false); // Temporarily disabled. See https://bugs.torproject.org/16633
+pref("network.predictor.enable-prefetch", false);
+pref("network.http.speculative-parallel-limit", 0);
+pref("browser.places.speculativeConnect.enabled", false);
+pref("network.prefetch-next", false);
+pref("browser.urlbar.speculativeConnect.enabled", false);
 // Bug 40220: Make sure tracker cookie purging is disabled
 pref("privacy.purge_trackers.enabled", false);
+// Do not allow cross-origin sub-resources to open HTTP authentication
+// credentials dialogs. Hardens against potential credentials phishing.
+pref("network.auth.subresource-http-auth-allow", 1);
+// Disable sending additional analytics to web servers
+pref("beacon.enabled", false);
 
 pref("network.dns.disablePrefetch", true);
 pref("network.dns.disablePrefetchFromHTTPS", true);
@@ -335,6 +372,7 @@ pref("network.manage-offline-status", false);
 // No need to leak things to Mozilla, see bug 21790 and tor-browser#40322
 pref("network.captive-portal-service.enabled", false);
 pref("network.connectivity-service.enabled", false);
+pref("captivedetect.canonicalURL", "");
 // As a "defense in depth" measure, configure an empty push server URL (the
 // DOM Push features are disabled by default via other prefs).
 // See tor-browser#18801.
@@ -350,6 +388,9 @@ pref("extensions.pendingOperations", false);
 // about:addons page, see bug 22073, 22900 and 31601.
 pref("extensions.getAddons.showPane", false);
 pref("extensions.htmlaboutaddons.recommendations.enabled", false);
+// Disable personalized Extension Recommendations in about:addons and
+// addons.mozilla.org
+pref("browser.discovery.enabled", false);
 // Bug 26114: Allow NoScript to access addons.mozilla.org etc.
 // TODO: Audit again (tor-browser#41445)
 pref("extensions.webextensions.restrictedDomains", "");

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the tor-commits mailing list