tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

000-tor-browser.js (6781B)

      1 #include 001-base-profile.js
      2 
      3 pref("app.update.notifyDuringDownload", true);
      4 pref("app.update.badgeWaitTime", 0);
      5 // point to our feedback url rather than Mozilla's
      6 pref("app.feedback.baseURL", "https://support.torproject.org/%LOCALE%/misc/bug-or-feedback/");
      7 
      8 pref("browser.shell.checkDefaultBrowser", false);
      9 
     10 // Proxy and proxy security
     11 pref("network.proxy.socks", "127.0.0.1");
     12 pref("network.proxy.socks_port", 9150);
     13 pref("network.proxy.socks_remote_dns", true);
     14 pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419)
     15 pref("network.proxy.allow_hijacking_localhost", true); // Allow proxies for localhost (#31065)
     16 pref("network.proxy.type", 1);
     17 // localhost is already blocked by setting `network.proxy.allow_hijacking_localhost` to
     18 // true, allowing users to explicitly block ports makes them fingerprintable; for details, see
     19 // Bug 41317: Tor Browser leaks banned ports in network.security.ports.banned
     20 pref("network.security.ports.banned", "", locked);
     21 pref("network.dns.disabled", true); // This should cover the #5741 patch for DNS leaks
     22 pref("network.http.max-persistent-connections-per-proxy", 256);
     23 // Disable DNS over HTTPS. Set to explicitly off MODE_TRROFF = 5.
     24 // See tor-browser#41906.
     25 pref("network.trr.mode", 5, locked);
     26 
     27 // Treat .onions as secure
     28 pref("dom.securecontext.allowlist_onions", true);
     29 
     30 // Disable HTTPS-Only mode for .onion domains (tor-browser#19850)
     31 pref("dom.security.https_only_mode.upgrade_onion", false);
     32 
     33 // Bug 40423/41137: Disable http/3
     34 // We should re-enable it as soon as Tor gets UDP support
     35 pref("network.http.http3.enable", false);
     36 
     37 // 0 = do not use a second connection, see all.js and #7656
     38 pref("network.http.connection-retry-timeout", 0);
     39 
     40 // Tor Browser used to be compatible with non-Tor proxies. This feature is not
     41 // available anymore, but this legacy preference can be still used to disable
     42 // first-party domain circuit isolation.
     43 // In general, it should not be used. This use-case is still supported only for
     44 // sites that break with this isolation (and even in that case, its use should
     45 // be reduced to the strictly required time).
     46 pref("extensions.torbutton.use_nontor_proxy", false);
     47 
     48 // Browser home page:
     49 pref("browser.startup.homepage", "about:tor");
     50 
     51 // General browser support url. tor-browser#43864 and tor-browser#40899.
     52 pref("browser.base-browser-support-url", "https://support.torproject.org/tbb");
     53 
     54 // tor-browser#40701: Add new download warning
     55 pref("browser.download.showTorWarning", true);
     56 
     57 
     58 // Tor connection setting preferences.
     59 
     60 pref("torbrowser.settings.quickstart.enabled", false);
     61 pref("torbrowser.settings.bridges.enabled", false);
     62 // TorBridgeSource. Initially TorBridgeSource.Invalid = -1.
     63 pref("torbrowser.settings.bridges.source", -1);
     64 pref("torbrowser.settings.bridges.lox_id", "");
     65 // obfs4|meek|snowflake|etc.
     66 pref("torbrowser.settings.bridges.builtin_type", "");
     67 // torbrowser.settings.bridges.bridge_strings.0
     68 // torbrowser.settings.bridges.bridge_strings.1
     69 // etc hold the bridge lines.
     70 pref("torbrowser.settings.proxy.enabled", false);
     71 // TorProxyType. Initially TorProxyType.Invalid = -1.
     72 pref("torbrowser.settings.proxy.type", -1);
     73 pref("torbrowser.settings.proxy.address", "");
     74 pref("torbrowser.settings.proxy.port", 0);
     75 pref("torbrowser.settings.proxy.username", "");
     76 pref("torbrowser.settings.proxy.password", "");
     77 pref("torbrowser.settings.firewall.enabled", false);
     78 // comma-delimited list of port numbers.
     79 pref("torbrowser.settings.firewall.allowed_ports", "");
     80 
     81 
     82 // This pref specifies an ad-hoc "version" for various pref update hacks we need to do
     83 pref("extensions.torbutton.pref_fixup_version", 0);
     84 
     85 // Formerly tor-launcher defaults
     86 
     87 pref("extensions.torlauncher.start_tor", true);
     88 pref("extensions.torlauncher.prompt_at_startup", true);
     89 
     90 pref("extensions.torlauncher.max_tor_log_entries", 1000);
     91 
     92 // By default, Tor Launcher configures a TCP listener for the Tor
     93 // control port, as defined by control_host and control_port.
     94 // Set control_port_use_ipc to true to use an IPC object (e.g., a Unix
     95 // domain socket) instead. You may also modify control_ipc_path to
     96 // override the default IPC object location. If a relative path is used,
     97 // it is handled like torrc_path (see below).
     98 pref("extensions.torlauncher.control_host", "127.0.0.1");
     99 pref("extensions.torlauncher.control_port", 9151);
    100 pref("extensions.torlauncher.control_port_use_ipc", false);
    101 pref("extensions.torlauncher.control_ipc_path", "");
    102 
    103 // By default, Tor Launcher configures a TCP listener for the Tor
    104 // SOCKS port. The host is taken from the network.proxy.socks pref and
    105 // the port is taken from the network.proxy.socks_port pref.
    106 // Set socks_port_use_ipc to true to use an IPC object (e.g., a Unix
    107 // domain socket) instead. You may also modify socks_ipc_path to
    108 // override the default IPC object location. If a relative path is used,
    109 // it is handled like torrc_path (see below).
    110 // Modify socks_port_flags to use a different set of SocksPort flags (but be
    111 // careful).
    112 pref("extensions.torlauncher.socks_port_use_ipc", false);
    113 pref("extensions.torlauncher.socks_ipc_path", "");
    114 pref("extensions.torlauncher.socks_port_flags", "ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth");
    115 
    116 // The tor_path is relative to the application directory. On Linux and
    117 // Windows this is the Browser/ directory that contains the firefox
    118 // executables, and on Mac OS it is the TorBrowser.app directory.
    119 pref("extensions.torlauncher.tor_path", "");
    120 
    121 // The torrc_path and tordatadir_path are relative to the data directory,
    122 // which is TorBrowser-Data/ if it exists as a sibling of the application
    123 // directory. If TorBrowser-Data/ does not exist, these paths are relative
    124 // to the TorBrowser/ directory within the application directory.
    125 pref("extensions.torlauncher.torrc_path", "");
    126 pref("extensions.torlauncher.tordatadir_path", "");
    127 
    128 // BridgeDB-related preferences (used for Moat).
    129 pref("extensions.torlauncher.bridgedb_front", "vuejs.org");
    130 pref("extensions.torlauncher.bridgedb_reflector", "https://bespoke-strudel-c243cc.netlify.app");
    131 pref("extensions.torlauncher.moat_service", "https://bridges.torproject.org/moat");
    132 
    133 // Log levels
    134 pref("browser.tor_provider.log_level", "Warn");
    135 pref("browser.tor_provider.cp_log_level", "Warn");
    136 pref("lox.log_level", "Warn");
    137 pref("torbrowser.bootstrap.log_level", "Info");
    138 pref("browser.torsettings.log_level", "Warn");
    139 pref("browser.torMoat.loglevel", "Warn");
    140 pref("browser.tordomainisolator.loglevel", "Warn");
    141 pref("browser.torcircuitpanel.loglevel", "Log");
    142 pref("browser.tor_android.log_level", "Info");
    143 pref("browser.dragdropfilter.log_level", "Warn");
    144 pref("browser.onionAuthPrompt.loglevel", "Warn");
    145 pref("browser.onionalias.log_level", "Warn");
    146 pref("browser.torRequestWatch.log_level", "Warn");