Bug 41729: Fix screen readers on Windows

Before reordering patches, we used to keep the Tor-related patches
(torbutton and tor-launcher) at the beginning.
After that issue, we decided to move them towards the end.

In addition to that, we have decided to move Tor Browser-only
preferences there, too, to make Base Browser-only fixups easier to
apply.

Kathleen Brade authored 6 years ago and Pier Angelo Vendrame committed 1 year ago

Reuse the Firefox onboarding mechanism with minimal changes.
Localizable strings are pulled in from Torbutton (if Torbutton is
  not installed, we lack about:tor and no tour will be shown).
Replace SVG images with PNGs (see bug 27002),
For defense in depth, omit include OnboardingTelemetry.jsm entirely.
Added support for the following UITour page event:
  torBrowserOpenSecuritySettings

Also fix bug 27403: the onboarding bubble is not always displayed.

Arthur suggested to make the onboarding bubble visible on displays with
less than 960px width available, so we choose 200px instead.

Also fix bug 28628: Change onboarding Security panel to open new
Security Level panel.

Also fix bug 27484: Improve navigation within onboarding.

Bug 27082: enable a limited UITour

Disallow access to UITour functionality from all pages other than
  about:home, about:newtab, and about:tor.
Implement a whitelist mechanism for page actions.

Bug 26962 - implement new features onboarding (part 1).

Add an "Explore" button to the "Circuit Display" panel within new user
onboarding which opens the DuckDuckGo .onion and then guides users through
a short circuit display tutorial.

Allow a few additional UITour actions while limiting as much as possible
how it can be used.

Tweak the UITour styles to match the Tor Browser branding.

All user interface strings are retrieved from Torbutton's
browserOnboarding.properties file.

Bug 27486 Avoid about:blank tabs when opening onboarding pages.

Instead of using a simple <a href>, programmatically open onboarding
web pages by using tabBrowser.addTab(). The same technique is now
used for "See My Path", "See FAQs", and "Visit an Onion".

Bug 29768: Introduce new features to users

Add an "update" tour for the Tor Browser 8.5 release that contains two
panels: Toolbar and Security (with appropriate description text and
images).

Display an attention-grabbing dot on the onboarding text bubble when
the update tour is active. The animation lasts for 14 seconds.

Bug 31768: Introduce toolbar and network settings changes in onboarding

Update the "Tor Network" onboarding page to include a note that
settings can now be accessed via the application preferences and
add an "Adjust Your Tor Network Settings" action button which opens
about:preferences#tor.

Replace the Tor Browser 8.5 "update" onboarding tour with a 9.0 one
that includes the revised "Tor Network" page and a revised "Toolbar"
page. The latter explains that Torbutton's toolbar item has been
removed ("Goodbye Onion Button") and explains how to access the
New Identity feature using the hamburger menu and new toolbar item.

Bug 34321 - Add Learn More onboarding item

Bug 40429: Update Onboarding for 10.5

Alex Catarineu authored 5 years ago and Pier Angelo Vendrame committed 1 year ago

Revert "Bug 1462415 - Delete onboarding system add-on r=Standard8,k88hudson"

This reverts commit f7ffd78b.

Revert "Bug 1498378 - Actually remove the old onboarding add-on's prefs r=Gijs"

This reverts commit 057fe36f.

Bug 28822: Convert onboarding to webextension

Partially revert 1564367 (controlCenter in UITour.jsm)

Mike Perry authored 11 years ago and Pier Angelo Vendrame committed 1 year ago

See also Bugs #5194, #7187, #8115, #8219.

This patch does some basic renaming of Firefox to TorBrowser. The rest of the
branding is done by images and icons.

Also fix bug 27905.

Bug 25702: Update Tor Browser icon to follow design guidelines

- Updated all of the branding in /browser/branding/official with new 'stable'
icon series.
- Updated /extensions/onboarding/content/img/tor-watermark.png with new icon and
add the source svg in the same directory
- Copied /browser/branding/official over /browser/branding/nightly and the new
/browser/branding/alpha directories. Replaced content with 'nightly' and
'alpha' icon series.
Updated VisualElements_70.png and VisualElements_150.png with updated icons in
each branding directory (fixes #22654)
- Updated firefox.VisualElementsManfiest.xml with updated colors in each
branding directory
- Added firefox.svg to each branding directory from which all the other icons
are derived (apart from document.icns and document.ico)
- Added default256.png and default512.png icons
- Updated aboutTBUpdate.css to point to branding-aware icon128.png and removed
original icon
- Use the Tor Browser icon within devtools/client/themes/images/.

Bug 30631: Blurry Tor Browser icon on macOS app switcher

It would seem the png2icns tool does not generate correct icns files and
so on macOS the larger icons were missing resulting in blurry icons in
the OS chrome. Regenerated the padded icons in a macOS VM using
iconutil.

Bug 28196: preparations for using torbutton tor-browser-brand.ftl

A small change to Fluent FileSource class is required so that we
can register a new source without its supported locales being
counted as available locales for the browser.

Bug 31803: Replaced about:debugging logo with flat version

Bug 21724: Make Firefox and Tor Browser distinct macOS apps

When macOS opens a document or selects a default browser, it sometimes
uses the CFBundleSignature. Changing from the Firefox MOZB signature to
a different signature TORB allows macOS to distinguish between Firefox
and Tor Browser.

Bug 32092: Fix Tor Browser Support link in preferences

For bug 40562, we moved onionPattern* from bug 27476 to here, as
about:tor needs these files but it is included earlier.

Bug 41278: Create Tor Browser styled pdf logo similar to the vanilla Firefox one

Kathleen Brade authored 8 years ago and Pier Angelo Vendrame committed 1 year ago

Windows: disable "runas" code path in updater (15201).
Windows: avoid writing to the registry (16236).
Also includes fixes for tickets 13047, 13301, 13356, 13594, 15406,
  16014, 16909, 24476, and 25909.

Also fix bug 27221: purge the startup cache if the Base Browser
version changed (even if the Firefox version and build ID did
not change), e.g., after a minor Base Browser update.

Also fix 32616: Disable GetSecureOutputDirectoryPath() functionality.

Bug 26048: potentially confusing "restart to update" message

Within the update doorhanger, remove the misleading message that mentions
that windows will be restored after an update is applied, and replace the
"Restart and Restore" button label with an existing
"Restart to update Tor Browser" string.

Bug 28885: notify users that update is downloading

Add a "Downloading Base Browser update" item which appears in the
hamburger (app) menu while the update service is downloading a MAR
file. Before this change, the browser did not indicate to the user
that an update was in progress, which is especially confusing in
Tor Browser because downloads often take some time. If the user
clicks on the new menu item, the about dialog is opened to allow
the user to see download progress.

As part of this fix, the update service was changed to always show
update-related messages in the hamburger menu, even if the update
was started in the foreground via the about dialog or via the
"Check for Tor Browser Update" toolbar menu item. This change is
consistent with the Tor Browser goal of making sure users are
informed about the update process.

Removed #28885 parts of this patch which have been uplifted to Firefox.

Bug 41732: Use font.system.whitelist also on Linux as a defense-in-depth

Mike Perry authored 11 years ago and Pier Angelo Vendrame committed 1 year ago

This hack directly includes our preference changes in omni.ja.

Bug 18292: Staged updates fail on Windows

Temporarily disable staged updates on Windows.

Bug 18297: Use separate Noto JP,KR,SC,TC fonts

Bug 23404: Add Noto Sans Buginese to the macOS whitelist

Bug 23745: Set dom.indexedDB.enabled = true

Bug 13575: Disable randomised Firefox HTTP cache decay user tests.
(Fernando Fernandez Mancera <ffmancera@riseup.net>)

Bug 17252: Enable session identifiers with FPI

Session tickets and session identifiers were isolated
by OriginAttributes, so we can re-enable them by
allowing the default value (true) of
"security.ssl.disable_session_identifiers".

The pref "security.enable_tls_session_tickets" is obsolete
(removed in https://bugzilla.mozilla.org/917049)

Bug 14952: Enable http/2 and AltSvc

In Firefox, SPDY/HTTP2 now uses Origin Attributes for
isolation of connections, push streams, origin frames, etc.
That means we get first-party isolation provided
"privacy.firstparty.isolate" is true. So in this patch, we
stop overriding "network.http.spdy.enabled" and
"network.http.spdy.enabled.http2".

Alternate Services also use Origin Attributes for isolation.
So we stop overriding
"network.http.altsvc.enabled" and "network.http.altsvc.oe"
as well.

(All 4 of the abovementioned "network.http.*" prefs adopt
Firefox 60ESR's default value of true.)

However, we want to disable HTTP/2 push for now, so we
set "network.http.spdy.allow-push" to false.

"network.http.spdy.enabled.http2draft" was removed in Bug 1132357.
"network.http.sped.enabled.v2" was removed in Bug 912550.
"network.http.sped.enabled.v3" was removed in Bug 1097944.
"network.http.sped.enabled.v3-1" was removed in Bug 1248197.

Bug 26114: addons.mozilla.org is not special
* Don't expose navigator.mozAddonManager on any site
* Don't block NoScript from modifying addons.mozilla.org or other sites

Enable ReaderView mode again (#27281).

Bug 29916: Make sure enterprise policies are disabled

Bug 2874: Block Components.interfaces from content

Bug 26146: Spoof HTTP User-Agent header for desktop platforms

In Tor Browser 8.0, the OS was revealed in both the HTTP User-Agent
header and to JavaScript code via navigator.userAgent. To avoid
leaking the OS inside each HTTP request (which many web servers
log), always use the Windows 7 OS value in the desktop User-Agent
header. We continue to allow access to the actual OS via JavaScript,
since doing so improves compatibility with web applications such
as GitHub and Google Docs.

Bug 12885: Windows Jump Lists fail for Tor Browser

Jumplist entries are stored in a binary file in:
  %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\
and has a name in the form
  [a-f0-9]+.customDestinations-ms

The hex at the front is unique per app, and is ultimately derived from
something called the 'App User Model ID' (AUMID) via some unknown
hashing method. The AUMID is provided as a key when programmatically
creating, updating, and deleting a jumplist. The default behaviour in
firefox is for the installer to define an AUMID for an app, and save it
in the registry so that the jumplist data can be removed by the
uninstaller.

However, the Tor Browser does not set this (or any other) regkey during
installation, so this codepath fails and the app's AUMID is left
undefined. As a result the app's AUMID ends up being defined by
windows, but unknowable by Tor Browser. This unknown AUMID is used to
create and modify the jumplist, but the delete API requires that we
provide the app's AUMID explicitly. Since we don't know what the AUMID
is (since the expected regkey where it is normally stored does not
exist) jumplist deletion will fail and we will leave behind a mostly
empty customDestinations-ms file. The name of the file is derived from
the binary path, so an enterprising person could reverse engineer how
that hex name is calculated, and generate the name for Tor Browser's
default Desktop installation path to determine whether a person had
used Tor Browser in the past.

The 'taskbar.grouping.useprofile' option that is enabled by this patch
works around this AUMID problem by having firefox.exe create it's own
AUMID based on the profile path (rather than looking for a regkey). This
way, if a user goes in and enables and disables jumplist entries, the
backing store is properly deleted.

Unfortunately, all windows users currently have this file lurking in
the above mentioned directory and this patch will not remove it since it
was created with an unknown AUMID. However, another patch could be
written which goes to that directory and deletes any item containing the
'Tor Browser' string.  See bug 28996.

Bug 30845: Make sure default themes and other internal extensions are enabled

Bug 28896: Enable extensions in private browsing by default

Bug 31065: Explicitly allow proxying localhost

Bug 31598: Enable letterboxing

Disable Presentation API everywhere

Bug 21549 - Use Firefox's WASM default pref. It is disabled at safer
security levels.

Bug 32321: Disable Mozilla's MitM pings

Bug 19890: Disable installation of system addons

By setting the URL to "" we make sure that already installed system
addons get deleted as well.

Bug 22548: Firefox downgrades VP9 videos to VP8.

On systems where H.264 is not available or no HWA, VP9 is preferred. But in Tor
Browser 7.0 all youtube videos are degraded to VP8.

This behaviour can be turned off by setting media.benchmark.vp9.threshold to 0.
All clients will get better experience and lower traffic, beause TBB doesn't
use "Use hardware acceleration when available".

Bug 25741 - TBA: Add mobile-override of 000-tor-browser prefs

Bug 16441: Suppress "Reset Tor Browser" prompt.

Bug 29120: Use the in-memory media cache and increase its maximum size.

Bug 33697: use old search config based on list.json

Bug 33855: Ensure that site-specific browser mode is disabled.

Bug 30682: Disable Intermediate CA Preloading.

Bug 40061: Omit the Windows default browser agent from the build

Bug 40322: Consider disabling network.connectivity-service.enabled

Bug 40408: Disallow SVG Context Paint in all web content

Bug 40308: Disable network partitioning until we evaluate dFPI

Bug 40322: Consider disabling network.connectivity-service.enabled

Bug 40383: Disable dom.enable_event_timing

Bug 40423: Disable http/3

Bug 40177: Update prefs for Fx91esr

Bug 40700: Disable addons and features recommendations

Bug 40682: Disable network.proxy.allow_bypass

Bug 40736: Disable third-party cookies in PBM

Bug 19850: Enabled HTTPS-Only by default

Bug 40912: Hide the screenshot menu

Bug 41292: Disable moreFromMozilla in preferences page

Bug 40057: Ensure the CSS4 system colors are not a fingerprinting vector

Bug 24686: Set network.http.tailing.enabled to true

Bug 40183: Disable TLS ciphersuites using SHA-1

Bug 40783: Review 000-tor-browser.js and 001-base-profile.js for 102

We reviewed all the preferences we set for 102, and remove a few old
ones. See the description of that issue to see all the preferences we
believed were still valid for 102, and some brief description for the
reasons to keep them.

Alex Catarineu authored 4 years ago and Pier Angelo Vendrame committed 1 year ago

Bug 40025: Remove Mozilla add-on install permissions

Bug 1752703 - Move the pthread_thread_create() interposer under mozglue and prepare for having a single place where we place interposer functions r=glandium a=RyanVM

Differential Revision: https://phabricator.services.mozilla.com/D164470

Differential Revision: https://phabricator.services.mozilla.com/D170104

Bug 1776760 - Enable dFPI by default for Beta and Release via cookieBehavior pref. r=anti-tracking-reviewers,timhuang, a=dmeehan

Differential Revision: https://phabricator.services.mozilla.com/D150596

Differential Revision: https://phabricator.services.mozilla.com/D146823

Differential Revision: https://phabricator.services.mozilla.com/D146930

Differential Revision: https://phabricator.services.mozilla.com/D146327

Bug 1768533 - Use the finalized query parameter when excluding AMP URLs from appearing as tiles on the new tab page. r=nanj, a=RyanVM

Per Aaron in https://mozilla-hub.atlassian.net/browse/SNT-132, the final query
param is `mfadid=adm`.

Differential Revision: https://phabricator.services.mozilla.com/D146637

Bug 1768533 - Use the finalized query parameter when excluding AMP URLs from appearing as tiles on the new tab page. r=nanj

Per Aaron in https://mozilla-hub.atlassian.net/browse/SNT-132, the final query
param is `mfadid=adm`.

Differential Revision: https://phabricator.services.mozilla.com/D146637

Bug 1769585: Introduce Nimbus variables for autoFillAdaptiveHistoryMinCharsThreshold and autoFillAdaptiveHistoryMinCharsThreshold. r=adw

Differential Revision: https://phabricator.services.mozilla.com/D146757

Bug 1769783 - Disable adaptive history autofill on Nightly until the matching logic is improved. r=mak

Differential Revision: https://phabricator.services.mozilla.com/D146595

Differential Revision: https://phabricator.services.mozilla.com/D143513

Differential Revision: https://phabricator.services.mozilla.com/D142502

Differential Revision: https://phabricator.services.mozilla.com/D146330

Differential Revision: https://phabricator.services.mozilla.com/D144393

Bug 1768529 - Exclude URLs with a particular search param from appearing as tiles on the new-tab page. r=nanj, a=RyanVM

This modifies `ActivityStreamProvider.getTopFrecentSites()` so it excludes URLs
with a given search param. There are two questions I considered when writing
this patch:

* The top-sites code is a little complex and there are multiple places where
  this logic could be implemented. I chose the bottommost layer, where the top
  sites are fetched from Places and some other exclusion logic already exists,
  because we don't want these URLs to appear in any list of top sites in Firefox
  AFAIK -- not on the new-tab page and not in the urlbar.
* How should we encode this new exclusion logic? We don't want to hardcode a
  specific search param. We may not even want to base it on search params at all
  but instead make it more general somehow. For now, I did the simple thing and
  went ahead and based it on a search param, and I added a new option to
  `getTopFrecentSites()` that specifies the param and that falls back to a new
  pref. Callers can override the pref fallback by passing in an option.

The pref value and option to `getTopFrecentSites()` supports the following
forms:

* `""` (empty) - Disable this feature
* `"key"` - Search param named "key" with any or no value
* `"key="` - Search param named "key" with no value
* `"key=value"` - Search param named "key" with value "value"

Differential Revision: https://phabricator.services.mozilla.com/D146139

Bug 1768529 - Exclude URLs with a particular search param from appearing as tiles on the new-tab page. r=nanj

This modifies `ActivityStreamProvider.getTopFrecentSites()` so it excludes URLs
with a given search param. There are two questions I considered when writing
this patch:

* The top-sites code is a little complex and there are multiple places where
  this logic could be implemented. I chose the bottommost layer, where the top
  sites are fetched from Places and some other exclusion logic already exists,
  because we don't want these URLs to appear in any list of top sites in Firefox
  AFAIK -- not on the new-tab page and not in the urlbar.
* How should we encode this new exclusion logic? We don't want to hardcode a
  specific search param. We may not even want to base it on search params at all
  but instead make it more general somehow. For now, I did the simple thing and
  went ahead and based it on a search param, and I added a new option to
  `getTopFrecentSites()` that specifies the param and that falls back to a new
  pref. Callers can override the pref fallback by passing in an option.

The pref value and option to `getTopFrecentSites()` supports the following
forms:

* `""` (empty) - Disable this feature
* `"key"` - Search param named "key" with any or no value
* `"key="` - Search param named "key" with no value
* `"key=value"` - Search param named "key" with value "value"

Differential Revision: https://phabricator.services.mozilla.com/D146139

Differential Revision: https://phabricator.services.mozilla.com/D145848

Depends on D145872

Differential Revision: https://phabricator.services.mozilla.com/D145873

Differential Revision: https://phabricator.services.mozilla.com/D145536

Remove occurences of the pref (except in devtools/client/performance, which
will be removed further in the stack).

Differential Revision: https://phabricator.services.mozilla.com/D145459

Differential Revision: https://phabricator.services.mozilla.com/D145680

Bug 1768014 p2: Default to policy win32k lockdown status if in process check fails. r=gcp,cmartin a=RyanVM

Depends on D145872

Differential Revision: https://phabricator.services.mozilla.com/D145873

Differential Revision: https://phabricator.services.mozilla.com/D139471

Differential Revision: https://phabricator.services.mozilla.com/D145367

Differential Revision: https://phabricator.services.mozilla.com/D144735

Differential Revision: https://phabricator.services.mozilla.com/D145121

Differential Revision: https://phabricator.services.mozilla.com/D145071

browser/app/winlauncher/test/TestCrossProcessWin.cpp(151,26): error: 'const' type qualifier on return type has no effect [-Werror,-Wignored-qualifiers]
        reinterpret_cast<const wchar_t (*)()>(::GetProcAddress(
                         ^~~~~~
widget/windows/nsWindow.h(374,8): error: 'const' type qualifier on return type has no effect [-Werror,-Wignored-qualifiers]
  bool const DestroyCalled() { return mDestroyCalled; }
       ^~~~~~
widget/windows/nsFilePicker.h(93,5): error: 'const' type qualifier on return type has no effect [-Werror,-Wignored-qualifiers]
    const uint32_t Length() { return mSpecList.Length(); }
    ^~~~~~
widget/windows/nsFilePicker.h(95,5): error: 'const' type qualifier on return type has no effect [-Werror,-Wignored-qualifiers]
    const bool IsEmpty() { return (mSpecList.Length() == 0); }
    ^~~~~~

Differential Revision: https://phabricator.services.mozilla.com/D144663