| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
|
| |
|
|
|
|
|
|
| |
For compatibility with recent changes to our browser patch, change the
external app blocker module so it implements the new nsIHelperAppWarningDialog
interface. Since the external app blocker module is no longer a service,
split the drag and drop filter into a separate component (which remains a
service).
|
| | |
|
| |
|
|
|
|
|
| |
Automatically adjust the height of the Security Settings window so that
no scrollbar is needed. Also, add 100 pixels to the width and increase
maxheight and maxwidth to give users more flexibility when they choose to
manually resize the window.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rearchitect our implementation so that about:tor pages are always
loaded in a content process. This also fixes:
Bug 22535: Searching brings me to duckduckgo but my query is discarded.
Bug 21948: Going back to about:tor page gives "Address isn't valid" error.
Most of the code that initializes and updates about:tor content has
been moved to a content script. When necessary, IPC is used to pass
data from the chrome process to the content script.
Removed old, no-longer-used m_tb_orig_BrowserOnAboutPageLoad variable
from torbutton.js.
Also, update the about:tor newChannel() implementation to accept an
nsILoadInfo parameter.
|
| |
|
|
|
|
|
|
|
|
| |
In commit 2978978e64fbc9164185564a19d56d5fea0b25d8 we hinted at updating
`privacy.thirdparty.isolate` once we switch to ESR 52. We forgot that
while migrating but replace it now with `privacy.firstparty.isolate` as
expected.
We remove `dom.workers.sharedWorkers.enabled` as this preference is long
gone.
|
| |
|
|
|
|
| |
Mozilla made the Battery API chrome-only
(https://bugzilla.mozilla.org/show_bug.cgi?id=1313580). We therefore
don't need to take care of it anymore in Torbutton.
|
| | |
|
| |
|
|
|
|
| |
Increase the height of the security slider description area to
avoid a scrollbar on macOS 10.12 (previously, the text associated
with the "High" level required a scrollbar).
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Fix problems with missing video playback controls and missing scrollbars.
Use a regex solution to allow access to all png images, svg images,
and css files under chrome://global/skin/media.
|
| |
|
|
|
|
|
| |
Instead of whitelisting single resources for view-source requests that
might allow platform detection we allow all of those that are needed by
requests with a view-source origin. This should be safe now that
https://bugzilla.mozilla.org/show_bug.cgi?id=1172165 landed.
|
| |
|
|
|
|
| |
Avoid noise on the error console when a page is reloaded. Since 304
responses do not have Location headers, it is safe to ignore such
responses inside our http-on-examine-response observer.
|
| |
|
|
|
|
|
|
| |
Load our content policy module as a process script instead of as a component
so that our nsIContentPolicy filter runs in content processes.
Our http-on-examine-response code that blocks redirects to internal URLs
must continue to run in the chrome process only.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that the JIT *.content prefs are gone for a while now. This
happened in https://bugzilla.mozilla.org/show_bug.cgi?id=939562 and the
patch updates the security slider to take this into account. We got the
tip to include `javascript.options.native_regexp` as well.
`javascript.options.typeinference` is gone with
https://bugzilla.mozilla.org/show_bug.cgi?id=972817 and we therefore
remove it. And asm.js is disabled globally until we find a good solution
for #19417.
The tooltip text got updated accordingly.
|
| |
|
|
|
|
|
|
| |
This reverts commit 1b7ce9f53f6a27e8684fdcda0b3be086a914d054. We did
not backport Mozilla's patch which uses the new preference. Thus we need
to stick to the old one for now.
Closes #21885.
|
| | |
|
| |
|
|
|
| |
Also, make sure we renew catchall "--unknown--" domain if user chooses
"New Tor Circuit" for about:addons, for example.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Ignore "not available" errors from appCacheStorage.asyncEvictStorage()
since these can occur if the cache has not been used yet.
Change torbutton_close_tabs_on_new_identity() to use browser.removeTab()
instead of browser.contentWindow.close() since we cannot directly access
the contentWindow when multi-process mode is enabled.
Fix indentation and modernize the torbutton_close_tabs_on_new_identity()
code.
|
| | |
|
| | |
|
| |
|
|
| |
Also, use Cc, Ci, and Cr inside torbutton_resizelistener.
|
| | |
|
| | |
|
| |
|
|
| |
Version bump, and CHANGELOG update
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our work around for https://bugzilla.mozilla.org/show_bug.cgi?id=863246
is filtering content requests to resource:// and chrome:// URIs in a way
that neuters this fingerprinting vector while not breaking standard Tor
Browser functionality.
However, there are extensions like Session Manager that are broken with
this strategy. Users who think having extensions like that one working
is much more important than avoiding the possible information leakage
associated with that get a preference they can toggle now.
'extensions.torbutton.resource_and_chrome_uri_fingerprinting' is by
default 'false' but setting it to 'true' effectively disables our
defense we developed in #8725 and related bugs.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Wait until after the security settings window has finished loading
before enabling the description box's scrollbar.
|
| | |
|
| |
|
|
| |
Changelog update and version bump
|
| |
|
|
|
|
| |
1. Remove double arrow from help menu.
2. Restore localized links inadvertently removed by Transifex.
3. Add localized links for all available manual locales.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We switched to DuckDuckGo as our default search engine recently and this
patch makes sure this is reflected on our about:tor page as well.
While we are at it we are removing the respective Disconnect.me language
strings.
|
| | |
|
