Backed out changeset f29e7cc4d688 (bug 1847599) for causing bustages on nsPresContext.cpp CLOSED TREE

layout/base/nsPresContext.cpp

@@ -748,21 +748,8 @@ nsresult nsPresContext::Init(nsDeviceContext* aDeviceContext) {
 bool nsPresContext::UpdateFontVisibility() {
   FontVisibility oldValue = mFontVisibility;
 
-  /*
-   * Expected behavior in order of precedence:
-   *  1  Chrome Rules give User Level (3)
-   *  2  RFP gives Highest Level (1 aka Base)
-   *  3  An RFPTarget of Base gives Base Level (1)
-   *  4  An RFPTarget of LangPack gives LangPack Level (2)
-   *  5  The value of the Standard Font Visibility Pref
-   *
-   * If the ETP toggle is disabled (aka
-   * ContentBlockingAllowList::Check is true), it will only override 3-5,
-   * not rules 1 or 2.
-   */
-
-  // Rule 1: Allow all font access for privileged contexts, including
-  // chrome and devtools contexts.
+  // Allow all font access for privileged contexts, including chrome and
+  // devtools contexts.
   if (Document()->ChromeRulesEnabled()) {
     mFontVisibility = FontVisibility::User;
     return mFontVisibility != oldValue;
@@ -774,36 +761,33 @@ bool nsPresContext::UpdateFontVisibility() {
     isPrivate = loadContext->UsePrivateBrowsing();
   }
 
+  // Read the relevant pref depending on RFP/trackingProtection state
+  // to determine the visibility level to use.
   int32_t level;
-  // Rule 3
   if (mDocument->ShouldResistFingerprinting(
           RFPTarget::FontVisibilityBaseSystem)) {
-    // Rule 2: Check RFP pref
-    // This is inside Rule 3 in case this document is exempted from RFP.
-    // But if it is not exempted, and RFP is enabled, we return immediately
-    // to prevent the override below from occurring.
-    if (nsRFPService::IsRFPPrefEnabled(isPrivate)) {
-      mFontVisibility = FontVisibility::Base;
-      return mFontVisibility != oldValue;
-    }
-
     level = int32_t(FontVisibility::Base);
-  }
-  // Rule 4
-  else if (mDocument->ShouldResistFingerprinting(
-               RFPTarget::FontVisibilityLangPack)) {
+  } else if (mDocument->ShouldResistFingerprinting(
+                 RFPTarget::FontVisibilityLangPack)) {
     level = int32_t(FontVisibility::LangPack);
-  }
-  // Rule 5
-  else {
-    level = StaticPrefs::layout_css_font_visibility();
+  } else if (StaticPrefs::privacy_trackingprotection_enabled() ||
+             (isPrivate &&
+              StaticPrefs::privacy_trackingprotection_pbmode_enabled())) {
+    level = StaticPrefs::layout_css_font_visibility_trackingprotection();
+  } else {
+    level = StaticPrefs::layout_css_font_visibility_standard();
   }
 
-  // Override Rules 3-5 Only: Determine if the user has exempted the
-  // domain from tracking protections, if so, use the default value.
-  if (level != StaticPrefs::layout_css_font_visibility &&
-      ContentBlockingAllowList::Check(mDocument->CookieJarSettings())) {
-    level = StaticPrefs::layout_css_font_visibility();
+  // For private browsing contexts, apply the private-mode limit.
+  if (isPrivate) {
+    int32_t priv = StaticPrefs::layout_css_font_visibility_private();
+    level = std::max(std::min(level, priv), int32_t(FontVisibility::Base));
+  }
+
+  // Determine if the user has exempted the domain from tracking protections,
+  // if so, use the standard value.
+  if (ContentBlockingAllowList::Check(mDocument->CookieJarSettings())) {
+    level = StaticPrefs::layout_css_font_visibility_standard();
   }
 
   // Clamp result to the valid range of levels.

modules/libpref/init/StaticPrefList.yaml

@@ -8493,11 +8493,30 @@
 #   1 - only base system fonts
 #   2 - also fonts from optional language packs
 #   3 - also user-installed fonts
-- name: layout.css.font-visibility
+- name: layout.css.font-visibility.standard
   type: int32_t
   value: 3
   mirror: always
 
+# font-visibility setting when Tracking Protection is enabled
+- name: layout.css.font-visibility.trackingprotection
+  type: int32_t
+  value: 3
+  mirror: always
+
+# Max font-visibility setting for Private Browsing contexts
+# (The actual value used in a private-browsing context will be the lesser of
+# the appropriate standard/trackingprotection/RFP value from above, and the
+# private-browsing level specified by this pref.)
+- name: layout.css.font-visibility.private
+  type: int32_t
+#if defined(NIGHTLY_BUILD)
+  value: 2
+#else
+  value: 3
+#endif
+  mirror: always
+
 # Is support for GeometryUtils.getBoxQuads enabled?
 - name: layout.css.getBoxQuads.enabled
   type: bool

toolkit/components/resistfingerprinting/nsRFPService.cpp

@@ -100,8 +100,7 @@ static constexpr uint32_t kVideoDroppedRatio = 5;
 // Fingerprinting protections that are enabled by default. This can be
 // overridden using the privacy.fingerprintingProtection.overrides pref.
 const uint64_t kDefaultFingerintingProtections =
-    uint64_t(RFPTarget::CanvasRandomization) |
-    uint64_t(RFPTarget::FontVisibilityLangPack);
+    uint64_t(RFPTarget::CanvasRandomization);
 
 // ============================================================================
 // ============================================================================
@@ -171,16 +170,6 @@ nsresult nsRFPService::Init() {
   return rv;
 }
 
-/* static */
-bool nsRFPService::IsRFPPrefEnabled(bool aIsPrivateMode) {
-  if (StaticPrefs::privacy_resistFingerprinting_DoNotUseDirectly() ||
-      (aIsPrivateMode &&
-       StaticPrefs::privacy_resistFingerprinting_pbmode_DoNotUseDirectly())) {
-    return true;
-  }
-  return false;
-}
-
 /* static */
 bool nsRFPService::IsRFPEnabledFor(RFPTarget aTarget) {
   MOZ_ASSERT(aTarget != RFPTarget::AllTargets);

toolkit/components/resistfingerprinting/nsRFPService.h

@@ -161,10 +161,6 @@ class nsRFPService final : public nsIObserver {
 
   static nsRFPService* GetOrCreate();
 
-  // _Rarely_ you will need to know if RFP is enabled, or if FPP is enabled.
-  // 98% of the time you should use nsContentUtils::ShouldResistFingerprinting
-  // as the difference will not matter to you.
-  static bool IsRFPPrefEnabled(bool aIsPrivateMode);
   static bool IsRFPEnabledFor(RFPTarget aTarget);
 
   // --------------------------------------------------------------------------