[ tor-browser ].git.dasho

commit 5fa4a752781edc1cab5e62deb8752b3dd647358b
parent 9d1b72f436513c8f607bb19c78cc948c162ca45f
Author: Pier Angelo Vendrame <pierov@torproject.org>
Date:   Thu, 18 Jul 2024 15:48:46 +0200

TB 40562: Added Tor Browser preferences to 000-tor-browser.js

Before reordering patches, we used to keep the Tor-related patches
(torbutton and tor-launcher) at the beginning.
After that issue, we decided to move them towards the end.

In addition to that, we have decided to move Tor Browser-only
preferences there, too, to make Base Browser-only fixups easier to
apply.

Diffstat:
M .prettierignore  | 2 ++
A browser/app/profile/000-tor-browser.js  | 133 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M browser/installer/package-manifest.in  | 2 +-
M browser/moz.build  | 2 +-
M eslint-ignores.config.mjs  | 2 ++
A mobile/android/app/000-tor-browser-android.js  | 31 +++++++++++++++++++++++++++++++
M mobile/android/app/geckoview-prefs.js  | 2 ++
M mobile/android/app/moz.build  | 4 ++++

8 files changed, 176 insertions(+), 2 deletions(-)
diff --git a/.prettierignore b/.prettierignore
@@ -1797,3 +1797,5 @@ xpcom/idl-parser/xpidl/fixtures/xpctest.d.json
 **/package-lock.json
 
 browser/app/profile/001-base-profile.js
+browser/app/profile/000-tor-browser.js
+mobile/android/app/000-tor-browser-android.js
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
@@ -0,0 +1,133 @@
+#include 001-base-profile.js
+
+pref("app.update.notifyDuringDownload", true);
+pref("app.update.badgeWaitTime", 0);
+// point to our feedback url rather than Mozilla's
+pref("app.feedback.baseURL", "https://support.torproject.org/%LOCALE%/misc/bug-or-feedback/");
+
+pref("browser.shell.checkDefaultBrowser", false);
+
+// Proxy and proxy security
+pref("network.proxy.socks", "127.0.0.1");
+pref("network.proxy.socks_port", 9150);
+pref("network.proxy.socks_remote_dns", true);
+pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
+pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
+pref("network.proxy.type", 1);
+// localhost is already blocked by setting `network.proxy.allow_hijacking_localhost` to
+// true, allowing users to explicitly block ports makes them fingerprintable; for details, see
+// Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned
+pref("network.security.ports.banned", "", locked);
+pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
+pref("network.http.max-persistent-connections-per-proxy", 256);
+// Disable DNS over HTTPS. Set to explicitly off MODE_TRROFF = 5.
+// See tor-browser#41906.
+pref("network.trr.mode", 5, locked);
+
+// Treat .onions as secure
+pref("dom.securecontext.allowlist_onions", true);
+
+// Disable HTTPS-Only mode for .onion domains (tor-browser#19850)
+pref("dom.security.https_only_mode.upgrade_onion", false);
+
+// Bug 40423/41137: Disable http/3
+// We should re-enable it as soon as Tor gets UDP support
+pref("network.http.http3.enable", false);
+
+// 0 = do not use a second connection, see all.js and #7656
+pref("network.http.connection-retry-timeout", 0);
+
+// Tor Browser used to be compatible with non-Tor proxies. This feature is not
+// available anymore, but this legacy preference can be still used to disable
+// first-party domain circuit isolation.
+// In general, it should not be used. This use-case is still supported only for
+// sites that break with this isolation (and even in that case, its use should
+// be reduced to the strictly required time).
+pref("extensions.torbutton.use_nontor_proxy", false);
+
+// Browser home page:
+pref("browser.startup.homepage", "about:tor");
+
+// General browser support url. tor-browser#43864 and tor-browser#40899.
+pref("browser.base-browser-support-url", "https://support.torproject.org/tbb");
+
+// tor-browser#40701: Add new download warning
+pref("browser.download.showTorWarning", true);
+
+
+// Tor connection setting preferences.
+
+pref("torbrowser.settings.quickstart.enabled", false);
+pref("torbrowser.settings.bridges.enabled", false);
+// TorBridgeSource. Initially TorBridgeSource.Invalid = -1.
+pref("torbrowser.settings.bridges.source", -1);
+pref("torbrowser.settings.bridges.lox_id", "");
+// obfs4|meek|snowflake|etc.
+pref("torbrowser.settings.bridges.builtin_type", "");
+// torbrowser.settings.bridges.bridge_strings.0
+// torbrowser.settings.bridges.bridge_strings.1
+// etc hold the bridge lines.
+pref("torbrowser.settings.proxy.enabled", false);
+// TorProxyType. Initially TorProxyType.Invalid = -1.
+pref("torbrowser.settings.proxy.type", -1);
+pref("torbrowser.settings.proxy.address", "");
+pref("torbrowser.settings.proxy.port", 0);
+pref("torbrowser.settings.proxy.username", "");
+pref("torbrowser.settings.proxy.password", "");
+pref("torbrowser.settings.firewall.enabled", false);
+// comma-delimited list of port numbers.
+pref("torbrowser.settings.firewall.allowed_ports", "");
+
+
+// This pref specifies an ad-hoc "version" for various pref update hacks we need to do
+pref("extensions.torbutton.pref_fixup_version", 0);
+
+// Formerly tor-launcher defaults
+
+pref("extensions.torlauncher.start_tor", true);
+pref("extensions.torlauncher.prompt_at_startup", true);
+
+pref("extensions.torlauncher.max_tor_log_entries", 1000);
+
+// By default, Tor Launcher configures a TCP listener for the Tor
+// control port, as defined by control_host and control_port.
+// Set control_port_use_ipc to true to use an IPC object (e.g., a Unix
+// domain socket) instead. You may also modify control_ipc_path to
+// override the default IPC object location. If a relative path is used,
+// it is handled like torrc_path (see below).
+pref("extensions.torlauncher.control_host", "127.0.0.1");
+pref("extensions.torlauncher.control_port", 9151);
+pref("extensions.torlauncher.control_port_use_ipc", false);
+pref("extensions.torlauncher.control_ipc_path", "");
+
+// By default, Tor Launcher configures a TCP listener for the Tor
+// SOCKS port. The host is taken from the network.proxy.socks pref and
+// the port is taken from the network.proxy.socks_port pref.
+// Set socks_port_use_ipc to true to use an IPC object (e.g., a Unix
+// domain socket) instead. You may also modify socks_ipc_path to
+// override the default IPC object location. If a relative path is used,
+// it is handled like torrc_path (see below).
+// Modify socks_port_flags to use a different set of SocksPort flags (but be
+// careful).
+pref("extensions.torlauncher.socks_port_use_ipc", false);
+pref("extensions.torlauncher.socks_ipc_path", "");
+pref("extensions.torlauncher.socks_port_flags", "ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth");
+
+// The tor_path is relative to the application directory. On Linux and
+// Windows this is the Browser/ directory that contains the firefox
+// executables, and on Mac OS it is the TorBrowser.app directory.
+pref("extensions.torlauncher.tor_path", "");
+
+// The torrc_path and tordatadir_path are relative to the data directory,
+// which is TorBrowser-Data/ if it exists as a sibling of the application
+// directory. If TorBrowser-Data/ does not exist, these paths are relative
+// to the TorBrowser/ directory within the application directory.
+pref("extensions.torlauncher.torrc_path", "");
+pref("extensions.torlauncher.tordatadir_path", "");
+
+// BridgeDB-related preferences (used for Moat).
+pref("extensions.torlauncher.bridgedb_front", "vuejs.org");
+pref("extensions.torlauncher.bridgedb_reflector", "https://bespoke-strudel-c243cc.netlify.app");
+pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat");
+
+// Log levels
diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in
@@ -268,7 +268,7 @@
 @RESPATH@/browser/defaults/permissions
 ; Remote Settings JSON dumps
 @RESPATH@/browser/defaults/settings
-@RESPATH@/browser/@PREF_DIR@/001-base-profile.js
+@RESPATH@/browser/@PREF_DIR@/000-tor-browser.js
 
 # channel-prefs.js has been removed on macOS.
 #ifndef XP_MACOSX
diff --git a/browser/moz.build b/browser/moz.build
@@ -54,7 +54,7 @@ if CONFIG["MOZ_ARTIFACT_BUILDS"]:
 # These files are specified in this moz.build to pick up DIST_SUBDIR as set in
 # this directory, which is un-set in browser/app.
 JS_PREFERENCE_PP_FILES += [
-    "app/profile/001-base-profile.js",
+    "app/profile/000-tor-browser.js",
     "app/profile/firefox.js",
 ]
 FINAL_TARGET_FILES.defaults += ["app/permissions"]
diff --git a/eslint-ignores.config.mjs b/eslint-ignores.config.mjs
@@ -314,4 +314,6 @@ export default [
   "dom/base/test/jsmodules/import_circular_1.mjs",
 
   "browser/app/profile/001-base-profile.js",
+  "browser/app/profile/000-tor-browser.js",
+  "mobile/android/app/000-tor-browser-android.js",
 ];
diff --git a/mobile/android/app/000-tor-browser-android.js b/mobile/android/app/000-tor-browser-android.js
@@ -0,0 +1,31 @@
+// Import all prefs from the canonical file
+// We override mobile-specific prefs below
+// Tor Browser for Android
+// Do not edit this file.
+
+#include ../../../browser/app/profile/000-tor-browser.js
+
+// Disable browser auto updaters
+pref("app.update.auto", false);
+pref("browser.startup.homepage_override.mstone", "ignore");
+
+// Clear data on quit
+pref("privacy.clearOnShutdown.cache", true);
+pref("privacy.clearOnShutdown.cookies", true);
+pref("privacy.clearOnShutdown.downloads", true);
+pref("privacy.clearOnShutdown.formdata", true);
+pref("privacy.clearOnShutdown.history", true);
+pref("privacy.clearOnShutdown.offlineApps", true);
+pref("privacy.clearOnShutdown.passwords", true);
+pref("privacy.clearOnShutdown.sessions", true);
+pref("privacy.clearOnShutdown.siteSettings", true);
+
+// controls if we want camera support
+pref("media.realtime_decoder.enabled", false);
+
+// No HLS support for now due to browser freezing, see: #29859.
+pref("media.hls.enabled", false);
+
+// Disable WebAuthn. It requires Google Play Services, so it isn't
+// available, but avoid any potential problems.
+pref("security.webauth.webauthn_enable_android_fido2", false);
diff --git a/mobile/android/app/geckoview-prefs.js b/mobile/android/app/geckoview-prefs.js
@@ -380,3 +380,5 @@ pref("xpinstall.signatures.required", true);
 
 pref("xpinstall.whitelist.add", "https://addons.mozilla.org");
 pref("xpinstall.whitelist.fileRequest", false);
+
+#include 000-tor-browser-android.js
diff --git a/mobile/android/app/moz.build b/mobile/android/app/moz.build
@@ -16,6 +16,10 @@ for var in ("MOZ_APP_UA_NAME", "TARGET_CPU"):
 if CONFIG["MOZ_PKG_SPECIAL"]:
     DEFINES["MOZ_PKG_SPECIAL"] = CONFIG["MOZ_PKG_SPECIAL"]
 
+JS_PREFERENCE_PP_FILES += [
+    "000-tor-browser-android.js",
+]
+
 if not CONFIG["MOZ_ANDROID_FAT_AAR_ARCHITECTURES"]:
     # Equivalent to JS_PREFERENCE_PP_FILES[CONFIG['ANDROID_CPU_ARCH']],
     # which isn't supported out of the box.

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE

M	.prettierignore	\|	2	++
A	browser/app/profile/000-tor-browser.js	\|	133	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
M	browser/installer/package-manifest.in	\|	2	+-
M	browser/moz.build	\|	2	+-
M	eslint-ignores.config.mjs	\|	2	++
A	mobile/android/app/000-tor-browser-android.js	\|	31	+++++++++++++++++++++++++++++++
M	mobile/android/app/geckoview-prefs.js	\|	2	++
M	mobile/android/app/moz.build	\|	4	++++