| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
| |
This change should make the indexedDB failure mode for pref checks equivalent
to the private browsing failure mode. Sites that use Modernizr are accustomed
to the failure modes for Private Browsing usage of IndexedDB, but not for when
the pref is disabled.
This patch may cause serious issues with e10s in the future. We'll need to
keep an eye on it for FF45.
|
| |
|
|
| |
Amazon, eBay, bing
|
| |
|
|
| |
Disable the old version of webide as well (since it is still supported).
|
| |
|
|
|
| |
This allows us to set the newtiles pref to 'classic' mode for the default
value.
|
| |
|
|
| |
Bug #16316: Set the fetch URLs to blank data URIs.
|
| |
|
|
| |
Bug #16510: Remove "Share this page" from toolbar.
|
| |
|
|
|
|
| |
Our app display name, "Tor Browser", was truncated to "Tor" within Windows
resources (FileDescription, InternalName, and ProductName fields). Fixed by
adding quotes around parameters passed to the version_win.pl program.
|
| |
|
|
| |
Remove old .mozconfig cruft
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Use min values from a 2013 Moto E and a 2009 laptop with integrated graphics.
|
| |
|
|
|
|
| |
Note that when the privacy.thirdparty.isolate pref. is set to 1 or 2,
we disable use of Broadcast Channels by SharedWorkers since we cannot
obtain the isolation host.
|
| |
|
|
|
|
|
| |
Screencasting is disabled in desktop browsers because
browser.casting.enabled = false. However, to avoid including
code that could lead to proxy bypass, we exclude the related
JS modules from Tor Browser.
|
| |
|
|
|
|
|
| |
Disabling the EME related preferences is currently more a user interface/
possible user irritation related thing: On Windows no GMPs are downloaded
at all as the aus4 server does not know about our mingw-w64 build. And on
Linux and OS X there is no EME CDM yet.
|
| |
|
|
|
|
|
| |
processes to parent process. Add nsServiceManagerUtils.h include to WMFDecoderModule.cpp.
--HG--
extra : rebase_source : 4285384ce5c38bd296ba065adf4f057c5e12dced
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Until there are GMPs that can get built reproducible AND whose source
code is inspectable we disable the underlying install and update
mechanisms.
We can't use OpenH264 and Adobe's CDM in Tor Browser anyway
as the former is currently only used for WebRTC which we disable for
content and the latter is neither available for Linux nor OS X and does
not run on Windows as we can't compile the sandbox for it yet which is a
hard requirement.
|
| |
|
|
|
|
| |
Upgrading to GCC 5.1.0 is hitting an NSS version detection bug (see:
https://bugzilla.mozilla.org/show_bug.cgi?id=1167200. This patch is the
backport of Jacek's not yet landed one.
|
| |
|
|
|
|
|
| |
--HG--
extra : amend_source : 2e31431e4227fdf3f88d31a8efa14aab8e793cd2
This is actually bug 913827.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We are not building the uninstall helper.exe for Windows (#9387) and
omit ICU on Windows as well (#13419). We avoid packaging the respective
binaries then as not doing this breaks our builds.
|
| |
|
|
|
|
|
|
| |
Prevent user tracking via HTTP Basic Authentication by
removing Authorization headers from third party requests.
This is a port of a piece of the Stanford SafeCache code that
previously was included in Torbutton.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This test ensures that if first-party isolation is enabled
("privacy.thirdparty.isolate" pref is set to 2) then when a loaded file is cached,
it is indexed by the URL-bar domain.
In this test, a number of files are loaded (via IFRAME, LINK, SCRIPT, IMG, OBJECT,
EMBED, AUDIO, VIDEO, TRACK and XMLHttpRequest) by parent pages with different URL bar
domains. When isolation is active, we test to confirm that a separate copy of each file
is cached for each different parent domain. We also test to make sure that when
isolation is inactive, a single copy of the child page is cached and reused for all
parent domains.
|
| |
|
|
| |
Also prevent DOM storage from ever writing to disk.
|
| |
|
|
|
| |
The image cache maintains its own table outside of the main cache, and does
not obey cacheKeys by default.
|
| | |
|
| |
|
|
| |
activation or deactivation of isolating DOM storage and image caching by first party URI.
|
| |
|
|
| |
Logs the URI of the source doc/channel that failed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace Mozilla's MAR signing certificates with our own.
Configure with --enable-signmar (build the signmar tool).
Configure with --enable-verify-mar (when updating, require a valid signature
on the MAR file before it is applied).
Use the Tor Browser version instead of the Firefox version inside the
MAR file info block (necessary to prevent downgrade attacks).
Use NSS on all platforms for checking MAR signatures (Mozilla plans to use
OS-native APIs on Mac OS and they already do so on Windows). So that the
NSS and NSPR libraries the updater depends on can be found at runtime, we
add the firefox directory to the shared library search path on all platforms.
Use SHA512-based MAR signatures instead of the SHA1-based ones that Mozilla
uses. This is implemented inside MAR_USE_SHA512_RSA_SIG #ifdef's and with
a signature algorithm ID of 512 to help avoid collisions with future work
Mozilla might do in this area.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=1105689
|
| | |
|
| |
|
|
|
| |
--HG--
extra : amend_source : 27417e9f4e775cded600fae95f17faad4bb73b47
|
| | |
|
| |
|
|
|
| |
Conflicts:
browser/confvars.sh
|
| |
|
|
|
| |
Conflicts:
toolkit/mozapps/update/tests/chrome/utils.js
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a rollup of recent work. Changes include:
- Creating an xpcshell only updater binary. This binary has an embedded xpcshell only cert for verifying test only mars. It is only used by tests and is not signed w/ authenticode certs.
- Modifying tests to use that new binary
- Adding a check-cert option to the maintenance service
- Using that new cert-check option in new tests to test the authenticode path
- No longer doing an authenticode check during service updater tests on the xpcshell binary.
- Enables more tests for other platforms
--HG--
rename : toolkit/mozapps/update/updater/moz.build => toolkit/mozapps/update/updater/updater-common.build
Conflicts:
toolkit/mozapps/update/tests/data/xpcshellUtilsAUS.js
toolkit/mozapps/update/tests/unit_base_updater/xpcshell.ini
|
| |
|
|
| |
r=smichaud,rstrong
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Conflicts:
browser/confvars.sh
|
| |
|
|
| |
verification. r=bbondy
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New configure options:
--with-tor-browser-version=VERSION # Pass TB version throughout build.
--enable-tor-browser-update # Enable bundle update behavior.
The following files are never updated:
TorBrowser/Data/Browser/profiles.ini
TorBrowser/Data/Browser/profile.default/bookmarks.html
TorBrowser/Data/Tor/torrc
Mac OS: Store update metadata under TorBrowser/UpdateInfo.
Removed the %OS_VERSION% component from the update URL (13047) and
added support for minSupportedOSVersion, an attribute of the
<update> element that may be used to trigger Firefox's
"unsupported platform" behavior.
Windows: disable "runas" code path in updater (15201).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
and 16014.
|
