commit 9cd914772c16b17de0336f36d36d7da0aa5c00a8
parent 559030a6323dcaf81cd747d0ad4da80612790c36
Author: smayya <smayya@mozilla.com>
Date: Thu, 30 Oct 2025 16:49:53 +0000
Bug 1991917 - enforce LNA checks only for ETP strict users. r=emz,necko-reviewers,jesup,hjones
Our current release strategy for LNA is:
Nightly: Enabled to all our users
Beta and Release: gradually rollout LNA checks for ETP strict users only.
In order to do this, we enable/disable LNA blocking prefs whenever, ETP mode changes. Additionally, we have introduced the pref network.lna.etp.enabled for gradually rolling this out to our ETP strict users.
Differential Revision: https://phabricator.services.mozilla.com/D266999
Diffstat:
7 files changed, 387 insertions(+), 230 deletions(-)
diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
@@ -2494,8 +2494,11 @@ pref("browser.contentblocking.reject-and-isolate-cookies.preferences.ui.enabled"
// Bounce Tracking Protection:
// "btp": BTP enabled
// "-btp": BTP disabled
+// Local Network Access Restrictions:
+// "lna": LNA enabled
+// "-lna": LNA disabled
// One value from each section must be included in the browser.contentblocking.features.strict pref.
-pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cryptoTP,fp,stp,emailTP,emailTPPrivate,-consentmanagerSkip,-consentmanagerSkipPrivate,lvl2,rp,rpTop,ocsp,qps,qpsPBM,fpp,fppPrivate,btp");
+pref("browser.contentblocking.features.strict", "tp,tpPrivate,cookieBehavior5,cookieBehaviorPBM5,cryptoTP,fp,stp,emailTP,emailTPPrivate,-consentmanagerSkip,-consentmanagerSkipPrivate,lvl2,rp,rpTop,ocsp,qps,qpsPBM,fpp,fppPrivate,btp,lna");
// Enable Protections report's Lockwise card by default.
pref("browser.contentblocking.report.lockwise.enabled", true);
diff --git a/browser/components/preferences/tests/browser_contentblocking.js b/browser/components/preferences/tests/browser_contentblocking.js
@@ -40,13 +40,22 @@ const FPP_PBM_PREF = "privacy.fingerprintingProtection.pbmode";
const THIRD_PARTY_COOKIE_DEPRECATION_PREF =
"network.cookie.cookieBehavior.optInPartitioning";
const BTP_PREF = "privacy.bounceTrackingProtection.mode";
+const LNA_PREF = "network.lna.blocking";
+const LNA_ETP_PREF = "network.lna.etp.enabled";
const { EnterprisePolicyTesting, PoliciesPrefTracker } =
ChromeUtils.importESModule(
"resource://testing-common/EnterprisePolicyTesting.sys.mjs"
);
-requestLongerTimeout(2);
+requestLongerTimeout(3);
+
+// Enable LNA ETP integration for all tests so lna rules are processed
+add_setup(async function () {
+ await SpecialPowers.pushPrefEnv({
+ set: [[LNA_ETP_PREF, true]],
+ });
+});
add_task(async function testListUpdate() {
SpecialPowers.pushPrefEnv({ set: [[PREF_TEST_NOTIFICATIONS, true]] });
@@ -350,6 +359,7 @@ add_task(async function testContentBlockingStandardCategory() {
[FPP_PBM_PREF]: null,
[THIRD_PARTY_COOKIE_DEPRECATION_PREF]: null,
[BTP_PREF]: null,
+ [LNA_PREF]: null,
};
for (let pref in prefs) {
@@ -520,6 +530,7 @@ add_task(async function testContentBlockingStrictCategory() {
BTP_PREF,
Ci.nsIBounceTrackingProtection.MODE_ENABLED_DRY_RUN
);
+ Services.prefs.setBoolPref(LNA_PREF, false);
let strict_pref = Services.prefs.getStringPref(STRICT_PREF).split(",");
await openPreferencesViaOpenPreferencesAPI("privacy", { leaveOpen: true });
@@ -886,6 +897,20 @@ add_task(async function testContentBlockingStrictCategory() {
`${BTP_PREF} has been set to MODE_ENABLED_DRY_RUN`
);
break;
+ case "lna":
+ is(
+ Services.prefs.getBoolPref(LNA_PREF),
+ true,
+ `${LNA_PREF} has been set to true`
+ );
+ break;
+ case "-lna":
+ is(
+ Services.prefs.getBoolPref(LNA_PREF),
+ false,
+ `${LNA_PREF} has been set to false`
+ );
+ break;
default:
ok(false, "unknown option was added to the strict pref");
break;
diff --git a/browser/components/preferences/tests/browser_contentblocking_categories.js b/browser/components/preferences/tests/browser_contentblocking_categories.js
@@ -646,3 +646,93 @@ add_task(async function testContentBlockingStrictDefinition() {
defaults.setStringPref(STRICT_DEF_PREF, originalStrictPref);
Services.prefs.setStringPref(CAT_PREF, "standard");
});
+
+// Tests that LNA blocking is controlled by network.lna.etp.enabled pref
+// and is managed by ETP strict/standard categories when enabled.
+add_task(async function testLNABlockingWithETPCategories() {
+ const LNA_BLOCKING_PREF = "network.lna.blocking";
+ const LNA_ETP_ENABLED_PREF = "network.lna.etp.enabled";
+
+ let defaults = Services.prefs.getDefaultBranch("");
+ let originalStrictPref = defaults.getStringPref(STRICT_DEF_PREF);
+
+ let lnaDefault = Services.prefs.getBoolPref(LNA_BLOCKING_PREF);
+ // Test 1: LNA blocking should be disabled when network.lna.etp.enabled is false (default)
+ Services.prefs.setBoolPref(LNA_ETP_ENABLED_PREF, false);
+
+ Services.prefs.setStringPref(CAT_PREF, "strict");
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ lnaDefault,
+ `${LNA_BLOCKING_PREF} should remain unchanged when LNA_ETP_ENABLED_PREF is false`
+ );
+
+ Services.prefs.setStringPref(CAT_PREF, "standard");
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ lnaDefault,
+ `${LNA_BLOCKING_PREF} should remain unchanged when switching to standard with LNA_ETP_ENABLED_PREF false`
+ );
+
+ // Test 2: LNA blocking SHOULD be managed when network.lna.etp.enabled is true
+ Services.prefs.setBoolPref(LNA_ETP_ENABLED_PREF, true);
+
+ // Set strict mode with lna enabled
+ defaults.setStringPref(STRICT_DEF_PREF, "lna");
+ Services.prefs.setStringPref(CAT_PREF, "strict");
+
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ true,
+ `${LNA_BLOCKING_PREF} should be set to true in strict mode with lna feature enabled`
+ );
+
+ // Switch to standard mode - should clear LNA blocking
+ Services.prefs.setStringPref(CAT_PREF, "standard");
+ ok(
+ !Services.prefs.prefHasUserValue(LNA_BLOCKING_PREF),
+ `${LNA_BLOCKING_PREF} should be cleared in standard mode when LNA_ETP_ENABLED_PREF is true`
+ );
+
+ // Test 3: LNA blocking with -lna (disabled) in strict mode
+ defaults.setStringPref(STRICT_DEF_PREF, "-lna");
+ Services.prefs.setStringPref(CAT_PREF, "strict");
+
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ false,
+ `${LNA_BLOCKING_PREF} should be set to false in strict mode with -lna feature`
+ );
+
+ // Test 4: Switching to custom mode should preserve current LNA blocking value
+ Services.prefs.setBoolPref(LNA_BLOCKING_PREF, true);
+ Services.prefs.setStringPref(CAT_PREF, "custom");
+
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ true,
+ `${LNA_BLOCKING_PREF} should be preserved when switching to custom mode`
+ );
+
+ // Test 5: Toggling network.lna.etp.enabled should trigger pref expectations update
+ Services.prefs.setStringPref(CAT_PREF, "strict");
+ defaults.setStringPref(STRICT_DEF_PREF, "lna");
+
+ // Disable LNA ETP integration
+ Services.prefs.setBoolPref(LNA_ETP_ENABLED_PREF, false);
+ Services.prefs.setBoolPref(LNA_BLOCKING_PREF, false);
+
+ // Re-enable LNA ETP integration - should apply strict mode settings
+ Services.prefs.setBoolPref(LNA_ETP_ENABLED_PREF, true);
+ is(
+ Services.prefs.getBoolPref(LNA_BLOCKING_PREF),
+ true,
+ `${LNA_BLOCKING_PREF} should be set to true when re-enabling LNA_ETP_ENABLED_PREF in strict mode`
+ );
+
+ // cleanup
+ defaults.setStringPref(STRICT_DEF_PREF, originalStrictPref);
+ Services.prefs.clearUserPref(LNA_ETP_ENABLED_PREF);
+ Services.prefs.clearUserPref(LNA_BLOCKING_PREF);
+ Services.prefs.setStringPref(CAT_PREF, "standard");
+});
diff --git a/browser/components/protections/ContentBlockingPrefs.sys.mjs b/browser/components/protections/ContentBlockingPrefs.sys.mjs
@@ -29,9 +29,257 @@ export let ContentBlockingPrefs = {
"privacy.trackingprotection.allow_list.baseline.enabled",
PREF_ALLOW_LIST_CONVENIENCE:
"privacy.trackingprotection.allow_list.convenience.enabled",
+ PREF_LNA_ETP_ENABLED: "network.lna.etp.enabled",
switchingCategory: false,
+ /**
+ * Apply a category preference rule to update preference expectations. *
+ *
+ * @param {string} item - The rule to apply (e.g., "tp", "-fp", "lna")
+ * @param {string} type - The category type ("strict", "standard")
+ */
+ // eslint-disable-next-line complexity
+ applyCategoryPref(item, type) {
+ switch (item) {
+ case "tp":
+ this.CATEGORY_PREFS[type]["privacy.trackingprotection.enabled"] = true;
+ break;
+ case "-tp":
+ this.CATEGORY_PREFS[type]["privacy.trackingprotection.enabled"] = false;
+ break;
+ case "tpPrivate":
+ this.CATEGORY_PREFS[type]["privacy.trackingprotection.pbmode.enabled"] =
+ true;
+ break;
+ case "-tpPrivate":
+ this.CATEGORY_PREFS[type]["privacy.trackingprotection.pbmode.enabled"] =
+ false;
+ break;
+ case "fp":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.fingerprinting.enabled"
+ ] = true;
+ break;
+ case "-fp":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.fingerprinting.enabled"
+ ] = false;
+ break;
+ case "cryptoTP":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.cryptomining.enabled"
+ ] = true;
+ break;
+ case "-cryptoTP":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.cryptomining.enabled"
+ ] = false;
+ break;
+ case "stp":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.socialtracking.enabled"
+ ] = true;
+ break;
+ case "-stp":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.socialtracking.enabled"
+ ] = false;
+ break;
+ case "emailTP":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.emailtracking.enabled"
+ ] = true;
+ break;
+ case "-emailTP":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.emailtracking.enabled"
+ ] = false;
+ break;
+ case "emailTPPrivate":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.emailtracking.pbmode.enabled"
+ ] = true;
+ break;
+ case "-emailTPPrivate":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.emailtracking.pbmode.enabled"
+ ] = false;
+ break;
+ case "consentmanagerSkip":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.consentmanager.skip.enabled"
+ ] = true;
+ break;
+ case "-consentmanagerSkip":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.consentmanager.skip.enabled"
+ ] = false;
+ break;
+ case "consentmanagerSkipPrivate":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.consentmanager.skip.pbmode.enabled"
+ ] = true;
+ break;
+ case "-consentmanagerSkipPrivate":
+ this.CATEGORY_PREFS[type][
+ "privacy.trackingprotection.consentmanager.skip.pbmode.enabled"
+ ] = false;
+ break;
+ case "lvl2":
+ this.CATEGORY_PREFS[type][
+ "privacy.annotate_channels.strict_list.enabled"
+ ] = true;
+ break;
+ case "-lvl2":
+ this.CATEGORY_PREFS[type][
+ "privacy.annotate_channels.strict_list.enabled"
+ ] = false;
+ break;
+ case "rp":
+ this.CATEGORY_PREFS[type][
+ "network.http.referer.disallowCrossSiteRelaxingDefault"
+ ] = true;
+ break;
+ case "-rp":
+ this.CATEGORY_PREFS[type][
+ "network.http.referer.disallowCrossSiteRelaxingDefault"
+ ] = false;
+ break;
+ case "rpTop":
+ this.CATEGORY_PREFS[type][
+ "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation"
+ ] = true;
+ break;
+ case "-rpTop":
+ this.CATEGORY_PREFS[type][
+ "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation"
+ ] = false;
+ break;
+ case "ocsp":
+ this.CATEGORY_PREFS[type][
+ "privacy.partition.network_state.ocsp_cache"
+ ] = true;
+ break;
+ case "-ocsp":
+ this.CATEGORY_PREFS[type][
+ "privacy.partition.network_state.ocsp_cache"
+ ] = false;
+ break;
+ case "qps":
+ this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled"] = true;
+ break;
+ case "-qps":
+ this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled"] = false;
+ break;
+ case "qpsPBM":
+ this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled.pbmode"] =
+ true;
+ break;
+ case "-qpsPBM":
+ this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled.pbmode"] =
+ false;
+ break;
+ case "fpp":
+ this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection"] = true;
+ break;
+ case "-fpp":
+ this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection"] = false;
+ break;
+ case "fppPrivate":
+ this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection.pbmode"] =
+ true;
+ break;
+ case "-fppPrivate":
+ this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection.pbmode"] =
+ false;
+ break;
+ case "cookieBehavior0":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_ACCEPT;
+ break;
+ case "cookieBehavior1":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
+ break;
+ case "cookieBehavior2":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT;
+ break;
+ case "cookieBehavior3":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
+ break;
+ case "cookieBehavior4":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
+ break;
+ case "cookieBehavior5":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN;
+ break;
+ case "cookieBehaviorPBM0":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_ACCEPT;
+ break;
+ case "cookieBehaviorPBM1":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
+ break;
+ case "cookieBehaviorPBM2":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT;
+ break;
+ case "cookieBehaviorPBM3":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
+ break;
+ case "cookieBehaviorPBM4":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
+ break;
+ case "cookieBehaviorPBM5":
+ this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
+ Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN;
+ break;
+ case "3pcd":
+ this.CATEGORY_PREFS[type][
+ "network.cookie.cookieBehavior.optInPartitioning"
+ ] = true;
+ break;
+ case "-3pcd":
+ this.CATEGORY_PREFS[type][
+ "network.cookie.cookieBehavior.optInPartitioning"
+ ] = false;
+ break;
+ case "btp":
+ this.CATEGORY_PREFS[type]["privacy.bounceTrackingProtection.mode"] =
+ Ci.nsIBounceTrackingProtection.MODE_ENABLED;
+ break;
+ case "-btp":
+ // We currently consider MODE_ENABLED_DRY_RUN the "off" state. See
+ // nsIBounceTrackingProtection.idl for details.
+ this.CATEGORY_PREFS[type]["privacy.bounceTrackingProtection.mode"] =
+ Ci.nsIBounceTrackingProtection.MODE_ENABLED_DRY_RUN;
+ break;
+ case "lna":
+ // turn on LNA for etp strict only if network.lna.etp.enabled
+ // network.lna.etp.enabled is controlled by nimbus
+ if (Services.prefs.getBoolPref(this.PREF_LNA_ETP_ENABLED, false)) {
+ this.CATEGORY_PREFS[type]["network.lna.blocking"] = true;
+ }
+ break;
+ case "-lna":
+ // currently LNA is only enabled with ETP strict mode with pref network.lna.etp.enabled
+ if (Services.prefs.getBoolPref(this.PREF_LNA_ETP_ENABLED, false)) {
+ this.CATEGORY_PREFS[type]["network.lna.blocking"] = false;
+ }
+ break;
+ default:
+ console.error(`Error: Unknown rule observed ${item}`);
+ }
+ },
+
setPrefExpectations() {
// The prefs inside CATEGORY_PREFS are initial values.
// If the pref remains null, then it will expect the default value.
@@ -62,6 +310,7 @@ export let ContentBlockingPrefs = {
"privacy.fingerprintingProtection.pbmode": null,
"network.cookie.cookieBehavior.optInPartitioning": null,
"privacy.bounceTrackingProtection.mode": null,
+ "network.lna.blocking": null,
[this.PREF_ALLOW_LIST_BASELINE]: true,
[this.PREF_ALLOW_LIST_CONVENIENCE]: false,
},
@@ -88,6 +337,7 @@ export let ContentBlockingPrefs = {
"privacy.fingerprintingProtection.pbmode": null,
"network.cookie.cookieBehavior.optInPartitioning": null,
"privacy.bounceTrackingProtection.mode": null,
+ "network.lna.blocking": null,
[this.PREF_ALLOW_LIST_BASELINE]: null,
[this.PREF_ALLOW_LIST_CONVENIENCE]: null,
},
@@ -97,234 +347,7 @@ export let ContentBlockingPrefs = {
.getStringPref(this.PREF_STRICT_DEF)
.split(",");
for (let item of rulesArray) {
- switch (item) {
- case "tp":
- this.CATEGORY_PREFS[type]["privacy.trackingprotection.enabled"] =
- true;
- break;
- case "-tp":
- this.CATEGORY_PREFS[type]["privacy.trackingprotection.enabled"] =
- false;
- break;
- case "tpPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.pbmode.enabled"
- ] = true;
- break;
- case "-tpPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.pbmode.enabled"
- ] = false;
- break;
- case "fp":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.fingerprinting.enabled"
- ] = true;
- break;
- case "-fp":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.fingerprinting.enabled"
- ] = false;
- break;
- case "cryptoTP":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.cryptomining.enabled"
- ] = true;
- break;
- case "-cryptoTP":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.cryptomining.enabled"
- ] = false;
- break;
- case "stp":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.socialtracking.enabled"
- ] = true;
- break;
- case "-stp":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.socialtracking.enabled"
- ] = false;
- break;
- case "emailTP":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.emailtracking.enabled"
- ] = true;
- break;
- case "-emailTP":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.emailtracking.enabled"
- ] = false;
- break;
- case "emailTPPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.emailtracking.pbmode.enabled"
- ] = true;
- break;
- case "-emailTPPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.emailtracking.pbmode.enabled"
- ] = false;
- break;
- case "consentmanagerSkip":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.consentmanager.skip.enabled"
- ] = true;
- break;
- case "-consentmanagerSkip":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.consentmanager.skip.enabled"
- ] = false;
- break;
- case "consentmanagerSkipPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.consentmanager.skip.pbmode.enabled"
- ] = true;
- break;
- case "-consentmanagerSkipPrivate":
- this.CATEGORY_PREFS[type][
- "privacy.trackingprotection.consentmanager.skip.pbmode.enabled"
- ] = false;
- break;
- case "lvl2":
- this.CATEGORY_PREFS[type][
- "privacy.annotate_channels.strict_list.enabled"
- ] = true;
- break;
- case "-lvl2":
- this.CATEGORY_PREFS[type][
- "privacy.annotate_channels.strict_list.enabled"
- ] = false;
- break;
- case "rp":
- this.CATEGORY_PREFS[type][
- "network.http.referer.disallowCrossSiteRelaxingDefault"
- ] = true;
- break;
- case "-rp":
- this.CATEGORY_PREFS[type][
- "network.http.referer.disallowCrossSiteRelaxingDefault"
- ] = false;
- break;
- case "rpTop":
- this.CATEGORY_PREFS[type][
- "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation"
- ] = true;
- break;
- case "-rpTop":
- this.CATEGORY_PREFS[type][
- "network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation"
- ] = false;
- break;
- case "ocsp":
- this.CATEGORY_PREFS[type][
- "privacy.partition.network_state.ocsp_cache"
- ] = true;
- break;
- case "-ocsp":
- this.CATEGORY_PREFS[type][
- "privacy.partition.network_state.ocsp_cache"
- ] = false;
- break;
- case "qps":
- this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled"] = true;
- break;
- case "-qps":
- this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled"] = false;
- break;
- case "qpsPBM":
- this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled.pbmode"] =
- true;
- break;
- case "-qpsPBM":
- this.CATEGORY_PREFS[type]["privacy.query_stripping.enabled.pbmode"] =
- false;
- break;
- case "fpp":
- this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection"] = true;
- break;
- case "-fpp":
- this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection"] = false;
- break;
- case "fppPrivate":
- this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection.pbmode"] =
- true;
- break;
- case "-fppPrivate":
- this.CATEGORY_PREFS[type]["privacy.fingerprintingProtection.pbmode"] =
- false;
- break;
- case "cookieBehavior0":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_ACCEPT;
- break;
- case "cookieBehavior1":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
- break;
- case "cookieBehavior2":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_REJECT;
- break;
- case "cookieBehavior3":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
- break;
- case "cookieBehavior4":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
- break;
- case "cookieBehavior5":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN;
- break;
- case "cookieBehaviorPBM0":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_ACCEPT;
- break;
- case "cookieBehaviorPBM1":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_FOREIGN;
- break;
- case "cookieBehaviorPBM2":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_REJECT;
- break;
- case "cookieBehaviorPBM3":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_LIMIT_FOREIGN;
- break;
- case "cookieBehaviorPBM4":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER;
- break;
- case "cookieBehaviorPBM5":
- this.CATEGORY_PREFS[type]["network.cookie.cookieBehavior.pbmode"] =
- Ci.nsICookieService.BEHAVIOR_REJECT_TRACKER_AND_PARTITION_FOREIGN;
- break;
- case "3pcd":
- this.CATEGORY_PREFS[type][
- "network.cookie.cookieBehavior.optInPartitioning"
- ] = true;
- break;
- case "-3pcd":
- this.CATEGORY_PREFS[type][
- "network.cookie.cookieBehavior.optInPartitioning"
- ] = false;
- break;
- case "btp":
- this.CATEGORY_PREFS[type]["privacy.bounceTrackingProtection.mode"] =
- Ci.nsIBounceTrackingProtection.MODE_ENABLED;
- break;
- case "-btp":
- // We currently consider MODE_ENABLED_DRY_RUN the "off" state. See
- // nsIBounceTrackingProtection.idl for details.
- this.CATEGORY_PREFS[type]["privacy.bounceTrackingProtection.mode"] =
- Ci.nsIBounceTrackingProtection.MODE_ENABLED_DRY_RUN;
- break;
- default:
- console.error(`Error: Unknown rule observed ${item}`);
- }
+ this.applyCategoryPref(item, type);
}
},
@@ -501,6 +524,9 @@ export let ContentBlockingPrefs = {
this.updateCBCategory();
} else if (data == "browser.contentblocking.features.strict") {
this.setPrefExpectationsAndUpdate();
+ } else if (data == this.PREF_LNA_ETP_ENABLED) {
+ // updates tagging of LNA restrictions with ETP strict mode
+ this.setPrefExpectationsAndUpdate();
}
},
@@ -529,6 +555,7 @@ const PREF_PREFIXES_TO_OBSERVE = new Set([
"privacy.fingerprintingProtection",
ContentBlockingPrefs.PREF_CB_CATEGORY,
ContentBlockingPrefs.PREF_STRICT_DEF,
+ ContentBlockingPrefs.PREF_LNA_ETP_ENABLED,
]);
ContentBlockingPrefs.QueryInterface = ChromeUtils.generateQI([Ci.nsIObserver]);
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
@@ -14434,6 +14434,8 @@
mirror: always
# This preference controls if we need to fail transactions for Local Network Access (LNA) failures.
+# Currently it is enabled only for nightly builds.
+# For beta and release users we will be enabling it only for ETP strict users using network.lna.etp.enabled
- name: network.lna.blocking
type: RelaxedAtomicBool
value: @IS_NIGHTLY_BUILD@
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
@@ -3293,6 +3293,10 @@ pref("network.trr.confirmationNS", "example.com");
pref("network.trr.excluded-domains", "");
pref("network.trr.builtin-excluded-domains", "localhost,local");
+// This preference controls if LNA blocking should be tied to ETP strict modes.
+// Used for progressive rollout of LNA for ETP strict users
+pref("network.lna.etp.enabled", false);
+
pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/canonical.html");
pref("captivedetect.canonicalContent", "<meta http-equiv=\"refresh\" content=\"0;url=https://support.mozilla.org/kb/captive-portal\"/>");
pref("captivedetect.maxWaitingTime", 5000);
diff --git a/toolkit/components/nimbus/FeatureManifest.yaml b/toolkit/components/nimbus/FeatureManifest.yaml
@@ -3113,6 +3113,12 @@ localNetworkAccess:
owner: vgosu@mozilla.com
hasExposure: false
variables:
+ enableLNAWithETPStrict:
+ description: Whether to enable LNA restrictions in ETP Strict Mode
+ type: boolean
+ setPref:
+ branch: default
+ pref: "network.lna.etp.enabled"
blockTrackers:
description: Whether network requests triggered by third party scripts classified as trackers should be blocked when making a localhost request.
type: boolean
