search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
10.12k stars 515 forks source link

ToDo: diffs FF99-FF100 #1439

Closed earthlng closed 2 years ago

earthlng commented 2 years ago

FF100 is scheduled for release May 3rd

FF100 release notes FF100 for developers FF100 security advisories

104 diffs ( 46 new, 36 gone, 22 different )

new in v100.0:

removed, renamed or hidden in v100.0:

changed in v100.0:

ignore

click me for details

==NEW ```js pref("browser.history.wireframeAreaThreshold", 50); pref("browser.promo.focus.disallowed_regions", "cn"); pref("browser.promo.focus.enabled", true); pref("browser.shell.setDefaultPDFHandler.onlyReplaceBrowsers", true); pref("dom.origin-trials.enabled", false); pref("dom.origin-trials.test-key.enabled", false); pref("editor.initialize_element_before_connect", true); pref("extensions.formautofill.creditCards.heuristics.confidenceThreshold", "0.5"); pref("extensions.formautofill.creditCards.heuristics.mode", 0); pref("extensions.InstallTrigger.enabled", true); pref("extensions.InstallTriggerImpl.enabled", true); pref("gfx.webgpu.force-enabled", false); pref("gfx.webrender.dcomp-video-overlay-win-force-enabled", false); pref("gfx.webrender.dcomp-video-vp-scaling-win", true); pref("javascript.options.wasm_exceptions", true); // ^ https://github.com/WebAssembly/exception-handling pref("layout.css.container-queries.enabled", false); pref("layout.css.content-visibility.enabled", false); // ^ https://www.w3.org/TR/css-contain-2/#content-visibility pref("layout.css.overflow-moz-hidden-unscrollable.enabled", true); pref("layout.selectanchor", false); pref("media.rdd-process.max-crashes", 2); pref("media.webrtc.platformencoder.sw_mft", false); pref("media.wmf.av1.enabled", true); pref("media.wmf.no-copy-nv12-textures", false); pref("network.dns.port_prefixed_qname_https_rr", false); pref("network.http.http2.allow-push", true); pref("network.http.http2.chunk-size", 16000); pref("network.http.http2.coalesce-hostnames", true); pref("network.http.http2.default-concurrent", 100); pref("network.http.http2.default-hpack-buffer", 65536); pref("network.http.http2.enable-hpack-dump", false); pref("network.http.http2.enabled", true); pref("network.http.http2.enabled.deps", true); pref("network.http.http2.enforce-tls-profile", true); pref("network.http.http2.persistent-settings", false); pref("network.http.http2.ping-threshold", 58); pref("network.http.http2.ping-timeout", 8); pref("network.http.http2.pull-allowance", 12582912); pref("network.http.http2.push-allowance", 131072); pref("network.http.http2.send-buffer-size", 131072); pref("network.http.http2.timeout", 170); pref("network.http.http2.websockets", true); pref("network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation", true); pref("widget.windows.hide_cursor_when_typing", false); ``` ==REMOVED, RENAMED or HIDDEN ```js pref("browser.contentblocking.state-partitioning.mvp.ui.enabled", true); pref("browser.sessionstore.max_write_failures", 5); pref("devtools.enabled", true); pref("devtools.theme.show-auto-theme-info", true); pref("dom.events.asyncClipboard", true); pref("dom.IntersectionObserver.enabled", true); pref("dom.IntersectionObserverExplicitDocumentRoot.enabled", true); pref("dom.ipc.processCount.webLargeAllocation", 10); pref("dom.largeAllocation.forceEnable", false); pref("dom.largeAllocationHeader.enabled", true); pref("general.useragent.forceVersion100", false); pref("general.useragent.handledVersionExperimentEnrollment", false); pref("layout.css.moz-locale-dir.content.enabled", false); pref("layout.css.moz-lwtheme.content.enabled", false); pref("mathml.xlink.disabled", true); pref("network.http.spdy.allow-push", true); pref("network.http.spdy.chunk-size", 16000); pref("network.http.spdy.coalesce-hostnames", true); pref("network.http.spdy.default-concurrent", 100); pref("network.http.spdy.default-hpack-buffer", 65536); pref("network.http.spdy.enable-hpack-dump", false); pref("network.http.spdy.enforce-tls-profile", true); pref("network.http.spdy.persistent-settings", false); pref("network.http.spdy.ping-threshold", 58); pref("network.http.spdy.ping-timeout", 8); pref("network.http.spdy.pull-allowance", 12582912); pref("network.http.spdy.push-allowance", 131072); pref("network.http.spdy.send-buffer-size", 131072); pref("network.http.spdy.timeout", 170); pref("security.onecrl.maximum_staleness_in_seconds", 108000); pref("security.secure_connection_icon_color_gray", true); pref("widget.windows.overlay_scrollbars.enabled", false); ``` ==CHANGED ```js pref("browser.contentblocking.report.vpn_regions", "as,at,be,ca,ch,de,es,fi,fr,gb,gg,ie,im,io,it,je,mp,my,nl,nz,pr,se,sg,uk,um,us,vg,vi"); // prev: "at,be,ca,ch,de,fr,ie,it,my,nl,nz,sg,es,gb,us" pref("browser.soft_reload.only_force_validate_top_level_document", true); // prev: false // ^ nice: https://bugzilla.mozilla.org/show_bug.cgi?id=1468476#c56 pref("browser.startup.upgradeDialog.enabled", true); // prev: false pref("dom.streams.pipeTo.enabled", true); // prev: false pref("dom.streams.readable_stream_default_controller.enabled", true); // prev: false pref("dom.streams.readable_stream_default_reader.enabled", true); // prev: false pref("dom.streams.writable_streams.enabled", true); // prev: false // ^ https://developer.mozilla.org/en-US/docs/Web/API/Streams_API pref("extensions.formautofill.creditCards.supportedCountries", "US,CA,GB,FR,DE"); // prev: "US,CA,UK,FR,DE" pref("gfx.offscreencanvas.domain-allowlist", "*.zoom.us,zoom.us"); // prev: "*.zoom.us" pref("gfx.webrender.dcomp-video-overlay-win", true); // prev: false pref("gfx.webrender.dcomp-video-yuv-overlay-win", true); // prev: false pref("javascript.options.wasm_caching", false); // prev: true pref("layout.css.grid-item-baxis-measurement.enabled", true); // prev: false pref("media.ffmpeg.customized-buffer-allocation", true); // prev: false pref("media.peerconnection.mtransport_process", true); // prev: false ```

earthlng commented 2 years ago
some bugzilla tickets

* browser.contentblocking.features.strict Bug [1734328](https://bugzilla.mozilla.org/show_bug.cgi?id=1734328) - Part 4: Add disallow relaxing referrer policies for top navigation to the ETP strict list. Bug [1664995](https://bugzilla.mozilla.org/show_bug.cgi?id=1664995) - Part 4: Enable OCSP partiitoning in strict mode. * browser.contentblocking.report.vpn_regions Bug [1759476](https://bugzilla.mozilla.org/show_bug.cgi?id=1759476) - Add Sweden and Finland to default list of VPN supported regions preference Bug [1747149](https://bugzilla.mozilla.org/show_bug.cgi?id=1747149) - Consolidate logic for when to show VPN promo and add BrowserUtils test Bug [1747149](https://bugzilla.mozilla.org/show_bug.cgi?id=1747149) - Consolidate logic for when to show VPN promo and add BrowserUtils tests * browser.contentblocking.state-partitioning.mvp.ui.enabled Bug [1685575](https://bugzilla.mozilla.org/show_bug.cgi?id=1685575) - Removing browser.contentblocking.state-partitioning.mvp.ui.enabled because it’s always set to true. * browser.history.wireframeAreaThreshold Bug [1749576](https://bugzilla.mozilla.org/show_bug.cgi?id=1749576) - Make the wireframe structure more space efficient and add a versioning member. * browser.promo.focus.disallowed_regions Bug [1760364](https://bugzilla.mozilla.org/show_bug.cgi?id=1760364) - implement shouldShowFocusPromo, * browser.promo.focus.enabled Bug [1760364](https://bugzilla.mozilla.org/show_bug.cgi?id=1760364) - implement shouldShowFocusPromo, * browser.sessionstore.max_write_failures Bug [1752853](https://bugzilla.mozilla.org/show_bug.cgi?id=1752853) - Stop using a worker to write session store. * browser.shell.setDefaultPDFHandler.onlyReplaceBrowsers Bug [1761504](https://bugzilla.mozilla.org/show_bug.cgi?id=1761504) - Add `setDefaultPDFHandlerOnlyReplaceBrowsers` Nimbus feature. * browser.soft_reload.only_force_validate_top_level_document Bug [1752558](https://bugzilla.mozilla.org/show_bug.cgi?id=1752558) - Enable browser.soft_reload.only_force_validate_top_level_document in all channels Bug [1752152](https://bugzilla.mozilla.org/show_bug.cgi?id=1752152) - Enable browser.soft_reload.only_force_validate_top_level_document in EARLY_BETA_OR_EARLIER * browser.startup.upgradeDialog.enabled Bug [1762263](https://bugzilla.mozilla.org/show_bug.cgi?id=1762263) - Add upgrade message on 100 major upgrade with single thank you (3 potential actions) Bug [1738073](https://bugzilla.mozilla.org/show_bug.cgi?id=1738073) - Remove Colorways onboarding when MR2 Colorways expire Bug [1740623](https://bugzilla.mozilla.org/show_bug.cgi?id=1740623) - Adjust MR2 upgrade spotlight content Bug [1740819](https://bugzilla.mozilla.org/show_bug.cgi?id=1740819) - Turn off MR2 onboarding in Fx95 * devtools.theme.show-auto-theme-info Bug [1761356](https://bugzilla.mozilla.org/show_bug.cgi?id=1761356) - Remove devtools auto theme notification. Bug [1735359](https://bugzilla.mozilla.org/show_bug.cgi?id=1735359) - [devtools] Enable DevTools auto theme by default * dom.events.asyncClipboard Bug [1761978](https://bugzilla.mozilla.org/show_bug.cgi?id=1761978) - Get rid of pref dom.events.asyncClipboard; * dom.IntersectionObserver.enabled Bug [1760965](https://bugzilla.mozilla.org/show_bug.cgi?id=1760965) - Remove IntersectionObserver prefs that have been enabled by default for a long time. * dom.IntersectionObserverExplicitDocumentRoot.enabled Bug [1760965](https://bugzilla.mozilla.org/show_bug.cgi?id=1760965) - Remove IntersectionObserver prefs that have been enabled by default for a long time. * dom.ipc.processCount.webLargeAllocation Bug [1598759](https://bugzilla.mozilla.org/show_bug.cgi?id=1598759) - Remove support for Large-Allocation HTTP header. * dom.origin-trials.enabled Bug [1759421](https://bugzilla.mozilla.org/show_bug.cgi?id=1759421) - Disable origin trials for now. Bug [1756500](https://bugzilla.mozilla.org/show_bug.cgi?id=1756500) - Implement key verification for origin trials. * dom.origin-trials.test-key.enabled Bug [1759421](https://bugzilla.mozilla.org/show_bug.cgi?id=1759421) - Disable origin trials for now. Bug [1756500](https://bugzilla.mozilla.org/show_bug.cgi?id=1756500) - Implement key verification for origin trials. * dom.streams.pipeTo.enabled Bug [1759597](https://bugzilla.mozilla.org/show_bug.cgi?id=1759597) - Enable WritableStreams and pipeTo by default Bug [1734241](https://bugzilla.mozilla.org/show_bug.cgi?id=1734241) - Implement ReadableStream.pipeTo. * dom.streams.readable_stream_default_controller.enabled Bug [1759605](https://bugzilla.mozilla.org/show_bug.cgi?id=1759605) - Expose missing ReadableStream interfaces (as defined by WebIDL) Bug [1750284](https://bugzilla.mozilla.org/show_bug.cgi?id=1750284) - Rename stream feature exposure prefs * dom.streams.readable_stream_default_reader.enabled Bug [1759605](https://bugzilla.mozilla.org/show_bug.cgi?id=1759605) - Expose missing ReadableStream interfaces (as defined by WebIDL) Bug [1750284](https://bugzilla.mozilla.org/show_bug.cgi?id=1750284) - Rename stream feature exposure prefs * dom.streams.writable_streams.enabled Bug [1759597](https://bugzilla.mozilla.org/show_bug.cgi?id=1759597) - Enable WritableStreams and pipeTo by default * editor.initialize_element_before_connect Bug [1742933](https://bugzilla.mozilla.org/show_bug.cgi?id=1742933) - part 11: Create a pref to get back the traditional behavior * extensions.formautofill.creditCards.heuristics.confidenceThreshold Bug [1681985](https://bugzilla.mozilla.org/show_bug.cgi?id=1681985) - P5. Support calling fathom ruleset in both c++ and js * extensions.formautofill.creditCards.heuristics.mode Bug [1681985](https://bugzilla.mozilla.org/show_bug.cgi?id=1681985) - P5. Support calling fathom ruleset in both c++ and js * extensions.formautofill.creditCards.supportedCountries Bug [1762649](https://bugzilla.mozilla.org/show_bug.cgi?id=1762649) - Fix credit card supported countries to use 'GB' code instead of 'UK'. Bug [1745973](https://bugzilla.mozilla.org/show_bug.cgi?id=1745973) - Add UK, FR, DE to credit card autofill supported countries pref. Bug [1745248](https://bugzilla.mozilla.org/show_bug.cgi?id=1745248) - Allow each autofill feature to detect if it should be enabled depending on search region. * extensions.InstallTrigger.enabled Bug [1754441](https://bugzilla.mozilla.org/show_bug.cgi?id=1754441) - Add prefs to control InstallTrigger/InstallTriggerImpl visibility. * extensions.InstallTriggerImpl.enabled Bug [1754441](https://bugzilla.mozilla.org/show_bug.cgi?id=1754441) - Add prefs to control InstallTrigger/InstallTriggerImpl visibility. * general.useragent.forceVersion100 Bug [1731523](https://bugzilla.mozilla.org/show_bug.cgi?id=1731523) - Part 2: Remove "Firefox 100" Nimbus experiment code. Bug [1748798](https://bugzilla.mozilla.org/show_bug.cgi?id=1748798) - Add 'forceVersion100' pref to make user testing of Firefox 100 UA string easier. * general.useragent.handledVersionExperimentEnrollment Bug [1731523](https://bugzilla.mozilla.org/show_bug.cgi?id=1731523) - Part 2: Remove "Firefox 100" Nimbus experiment code. Bug [1748798](https://bugzilla.mozilla.org/show_bug.cgi?id=1748798) - Add 'forceVersion100' pref to make user testing of Firefox 100 UA string easier. * gfx.offscreencanvas.domain-allowlist Bug [1763801](https://bugzilla.mozilla.org/show_bug.cgi?id=1763801) - Enable OffscreenCanvas on zoom.us without subdomains. Bug [1751721](https://bugzilla.mozilla.org/show_bug.cgi?id=1751721) - Add Zoom to the OffscreenCanvas domain allowlist and turn it on for users. * gfx.webgpu.force-enabled Bug [1760663](https://bugzilla.mozilla.org/show_bug.cgi?id=1760663) - Add blocklist support for WebGPU. * gfx.webrender.dcomp-video-overlay-win Bug [1760724](https://bugzilla.mozilla.org/show_bug.cgi?id=1760724) - Let video overlay ride the trains to release on intel GPU on Windows Bug [1758601](https://bugzilla.mozilla.org/show_bug.cgi?id=1758601) - Enable YUV video overlay on Window on nightly * gfx.webrender.dcomp-video-overlay-win-force-enabled Bug [1760724](https://bugzilla.mozilla.org/show_bug.cgi?id=1760724) - Let video overlay ride the trains to release on intel GPU on Windows * gfx.webrender.dcomp-video-vp-scaling-win Bug [1667303](https://bugzilla.mozilla.org/show_bug.cgi?id=1667303) - video scaling at VideoProcessor for overlay video if possible * gfx.webrender.dcomp-video-yuv-overlay-win Bug [1758601](https://bugzilla.mozilla.org/show_bug.cgi?id=1758601) - Enable YUV video overlay on Window on nightly * intl.multilingual.aboutWelcome.languageMismatchEnabled Bug [62174](https://bugzilla.mozilla.org/show_bug.cgi?id=62174) - Enable preferences for live language reloading; Bug [62174](https://bugzilla.mozilla.org/show_bug.cgi?id=62174) - Refactor and document the preferences for multi-lingual; Bug [1755519](https://bugzilla.mozilla.org/show_bug.cgi?id=1755519) - Add language switching to about:welcome; * intl.multilingual.liveReload Bug [62174](https://bugzilla.mozilla.org/show_bug.cgi?id=62174) - Enable preferences for live language reloading; Bug [62174](https://bugzilla.mozilla.org/show_bug.cgi?id=62174) - Refactor and document the preferences for multi-lingual; Bug [1740067](https://bugzilla.mozilla.org/show_bug.cgi?id=1740067) - Add live language reloading; * javascript.options.wasm_caching Bug [1762619](https://bugzilla.mozilla.org/show_bug.cgi?id=1762619) - wasm: Disable code caching. * javascript.options.wasm_exceptions Bug [1759217](https://bugzilla.mozilla.org/show_bug.cgi?id=1759217) - wasm: Let exception-handling ride the trains. Bug [1750040](https://bugzilla.mozilla.org/show_bug.cgi?id=1750040) - wasm: Enable wasm exception handling in nightly. * layout.css.container-queries.enabled Bug [1762088](https://bugzilla.mozilla.org/show_bug.cgi?id=1762088) - Implement parsing / serialization for container{,-type,-name} CSS properties. * layout.css.content-visibility.enabled Bug [1759130](https://bugzilla.mozilla.org/show_bug.cgi?id=1759130) - Add support for parsing the `content-visibility` property from the CSS Contain specification * layout.css.grid-item-baxis-measurement.enabled Bug [1732082](https://bugzilla.mozilla.org/show_bug.cgi?id=1732082) - Enable layout.css.grid-item-baxis-measurement.enabled in all channels Bug [1757025](https://bugzilla.mozilla.org/show_bug.cgi?id=1757025) - Enable layout.css.grid-item-baxis-measurement.enabled in EARLY_BETA_OR_EARLIER * layout.css.moz-locale-dir.content.enabled Bug [1760579](https://bugzilla.mozilla.org/show_bug.cgi?id=1760579) - layout.css.moz-locale-dir.content.enabled. * layout.css.moz-lwtheme.content.enabled Bug [1760342](https://bugzilla.mozilla.org/show_bug.cgi?id=1760342) - Remove :-moz-lwtheme-{brighttext,darktext}. * layout.css.overflow-moz-hidden-unscrollable.enabled Bug [1760734](https://bugzilla.mozilla.org/show_bug.cgi?id=1760734) - Put overflow: -moz-hidden-unscrollable behind a pref on Nightly. * layout.selectanchor Bug [277178](https://bugzilla.mozilla.org/show_bug.cgi?id=277178) - Move focus to a fragment identifier (#fragment) if it's focusable. * mathml.xlink.disabled Bug [1762109](https://bugzilla.mozilla.org/show_bug.cgi?id=1762109) - Make the XLink setup a bit saner. * media.ffmpeg.customized-buffer-allocation Bug [1757436](https://bugzilla.mozilla.org/show_bug.cgi?id=1757436) - turn on the pref 'media.ffmpeg.customized-buffer-allocation' by default. * media.peerconnection.mtransport_process Bug [1763207](https://bugzilla.mozilla.org/show_bug.cgi?id=1763207): Enable webrtc socket process by default on release. * media.rdd-process.max-crashes Bug [1761942](https://bugzilla.mozilla.org/show_bug.cgi?id=1761942) [RDD] Limit maximal number of RDD process restarts * media.webrtc.platformencoder.sw_mft Bug [1741244](https://bugzilla.mozilla.org/show_bug.cgi?id=1741244) - p1: support software MFT video encoders. * media.wmf.av1.enabled Bug [1652945](https://bugzilla.mozilla.org/show_bug.cgi?id=1652945) - Added support for the Windows Media Foundation AV1 decoder for hardware decoding. * media.wmf.no-copy-nv12-textures Bug [1723207](https://bugzilla.mozilla.org/show_bug.cgi?id=1723207) - Avoid copying hardware decoded video data if possible on Windows * network.cookie.noPersistentStorage Bug [1675829](https://bugzilla.mozilla.org/show_bug.cgi?id=1675829) - Allow disabling the cookie database in the profile with `network.cookie.noPersistentStorage`. * network.dns.port_prefixed_qname_https_rr Bug [1755902](https://bugzilla.mozilla.org/show_bug.cgi?id=1755902) - P2: Support port-prefixed query for HTTPS RR, * network.http.http2.allow-push Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.http2.default-concurrent Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.http2.default-hpack-buffer Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.http2.enabled Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.http2.push-allowance Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.referer.disallowCrossSiteRelaxingDefault Bug [1761826](https://bugzilla.mozilla.org/show_bug.cgi?id=1761826) - Enable disallowing relaxing referrer policies. Bug [1734328](https://bugzilla.mozilla.org/show_bug.cgi?id=1734328) - Part 1: Add prefs to control whether we ignore the less restricted referrer policies for top navigations. Bug [1727505](https://bugzilla.mozilla.org/show_bug.cgi?id=1727505) - Part 1: Enable restrict relaxing default referrer policy in ETP strict mode and private browsing mode. * network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation Bug [1734328](https://bugzilla.mozilla.org/show_bug.cgi?id=1734328) - Part 1: Add prefs to control whether we ignore the less restricted referrer policies for top navigations. * network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation Bug [1734328](https://bugzilla.mozilla.org/show_bug.cgi?id=1734328) - Part 1: Add prefs to control whether we ignore the less restricted referrer policies for top navigations. * network.http.spdy.allow-push Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.chunk-size Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.coalesce-hostnames Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.default-concurrent Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.default-hpack-buffer Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.enabled Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.enabled.deps Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.enabled.http2 Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.enable-hpack-dump Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.enforce-tls-profile Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.persistent-settings Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.ping-threshold Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.ping-timeout Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.pull-allowance Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.push-allowance Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.send-buffer-size Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.timeout Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * network.http.spdy.websockets Bug [1752621](https://bugzilla.mozilla.org/show_bug.cgi?id=1752621) - Improve http/2 prefs: changing spdy prefs to http2, making them static prefs and updating the tests. * security.onecrl.maximum_staleness_in_seconds Bug [1735386](https://bugzilla.mozilla.org/show_bug.cgi?id=1735386) - adjust revocation checking for EV certificate intermediates to match Baseline Requirements * security.pki.crlite_mode Bug [1761109](https://bugzilla.mozilla.org/show_bug.cgi?id=1761109) - Make check-revocations mode the default CRLite mode. Bug [1747320](https://bugzilla.mozilla.org/show_bug.cgi?id=1747320) - Only query CRLite on covered certificates. Bug [1683525](https://bugzilla.mozilla.org/show_bug.cgi?id=1683525) - set CRLite back to telemetry-only mode * security.secure_connection_icon_color_gray Bug [1756609](https://bugzilla.mozilla.org/show_bug.cgi?id=1756609) - Remove security.secure_connection_icon_color_gray pref. * widget.gtk.overlay-scrollbars.enabled Bug [1761690](https://bugzilla.mozilla.org/show_bug.cgi?id=1761690) - Let overlay scrollbars on GTK ride the trains. Bug [1755457](https://bugzilla.mozilla.org/show_bug.cgi?id=1755457) - Fix build bustage related to StaticPrefList.yaml. Bug [1147847](https://bugzilla.mozilla.org/show_bug.cgi?id=1147847) - Enable GTK overlay scrollbars on Nightly and Early Beta. Bug [1147847](https://bugzilla.mozilla.org/show_bug.cgi?id=1147847) - Allow users to enable overlay scrollbars on Linux from about:preferences. * widget.windows.hide_cursor_when_typing Bug [1757463](https://bugzilla.mozilla.org/show_bug.cgi?id=1757463): Support "Hide pointer while typing" on Windows * widget.windows.overlay_scrollbars.enabled Bug [1761690](https://bugzilla.mozilla.org/show_bug.cgi?id=1761690) - Let Windows 11 overlay scrollbars ride the trains. Bug [1757647](https://bugzilla.mozilla.org/show_bug.cgi?id=1757647) - Implement Windows 11 overlay scrollbars. * widget.windows.overlay-scrollbars.enabled Bug [1761690](https://bugzilla.mozilla.org/show_bug.cgi?id=1761690) - Let Windows 11 overlay scrollbars ride the trains.

rusty-snake commented 2 years ago

edited for readability

pref("browser.contentblocking.features.strict",
   "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp,rpTop,ocsp");
// prev: "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cm,fp,stp,lvl2,rp,ocsp"

New: rpTop Description: Restrict relaxing default referrer policy for top navigation

fxbrit commented 2 years ago 
pref("security.pki.crlite_mode", 3); // prev: 1

finally crlite is a default for everyone (🥳) plus they're doing double checks to avoid false positives, maybe worth uniforming in AF as well?

pref("intl.multilingual.liveReload", true); // prev: false

more good stuff.

Thorin-Oakenpants commented 2 years ago

maybe worth uniforming in AF as well?

uniforming? I am more than happy to stick with mode 2. Plus FF101 now sanitizes entries older than 10 days.

fxbrit commented 2 years ago

I am more than happy to stick with mode 2.

why tho? it would be one less flip and it's doing double checks on revoked certs only. there's also possibly some usability to gain here but I guess false positives are kinda rare, so that doesn't count much.

Thorin-Oakenpants commented 2 years ago

so it doesn't count much, good, we're in agreement.

Is it doing "double revoked checks" - I mean if it's not revoked in crlite, in mode 2 does it fall back to OSCP to check it? You're the network nerd ... test it for us

And if crlite returns revoked, does this not save contacting an OSCP (which can be a privacy gain IMO)?

fxbrit commented 2 years ago

I mean if it's not revoked in crlite, in mode 2 does it fall back to OSCP to check it?

nope, mode 2 and 3 do not fall back to ocsp if crlite can verify that the website is good (meaning it covers the entry and the cert is not revoked).

And if crlite returns revoked, does this not save contacting an OSCP (which can be a privacy gain IMO)?

yes, but since there were some issues with certs that appeared revoked in crlite when they actually weren't (1683525#c21), they decided to go for cooperation to keep privacy and speed for most checks, while keeping usability for the corner cases.

Thorin-Oakenpants commented 2 years ago

^ "but I guess false positives are kinda rare, so that doesn't count much"

make up your mind :) I am happy with mode 2. This is right up AF's alley ... improved privacy gain (by removing a third party, but unlikely that it's being used against you) vs some possible breakage (not seen any yet) and it reduces all those OSCP errors people get when the observatory is down or their ISP is an ass (or whatever it is that triggers that shit) - because we hard fail

Thorin-Oakenpants commented 2 years ago

bugzillas for network.process.enabled added as FYI

@earthlng in case you want to tweak your data grabbing script, you got the pref flip but there was no bugzilla listed - IDK what/how you parse - patch = https://phabricator.services.mozilla.com/D142988

Thorin-Oakenpants commented 2 years ago

FYI: marked for visibility + fingerprinting

note: there is also an old macOS pref which can be forced or respect OS settings. And of course android uses overlay scrollbars

not exactly the right prefs (at least on windows), and we can await RFP to enforce overlay scrollbars on all platforms - mainly to reduce the plethora of results on linux - I think the pref to use is ui.useOverlayScrollbars