The patch implements using SipHash to generate canvas randomization key.
The implementation is behind a pref
"privacy.resistFingerprinting.randomization.canvas.use_siphash".
Differential Revision: https://phabricator.services.mozilla.com/D216278
Truncating them generally makes sense, but may be unexpected by some
websites, and rounding consistently with other APIs like client* is
probably more important than showing useless scrollbars in some cases.
I checked Chromium and it seems they round both client* / scroll* /
offset* APIs, and inner{Width,Height} (though they seem to round exact
half pixels down instead of up), so this should probably be safe.
This is tested already by
testing/web-platform/mozilla/tests/css/cssom/window_size_rounding.html
Differential Revision: https://phabricator.services.mozilla.com/D228960
This applies for refreshes resulting from either a `<meta>` refresh or
the Refresh header. Referrer Policy is honored.
Because exposing the referrer in a new place could have privacy
implications, this behavior is gated behind a disabled pref until
anti-tracking has been considered in bug 1928294.
Some WPTs that D227450 touches are cleaned up a bit.
Differential Revision: https://phabricator.services.mozilla.com/D227450
Truncating them generally makes sense, but may be unexpected by some
websites, and rounding consistently with other APIs like client* is
probably more important than showing useless scrollbars in some cases.
I checked Chromium and it seems they round both client* / scroll* /
offset* APIs, and inner{Width,Height} (though they seem to round exact
half pixels down instead of up), so this should probably be safe.
This is tested already by
testing/web-platform/mozilla/tests/css/cssom/window_size_rounding.html
Differential Revision: https://phabricator.services.mozilla.com/D228960
This applies for refreshes resulting from either a `<meta>` refresh or
the Refresh header. Referrer Policy is honored.
Because exposing the referrer in a new place could have privacy
implications, this behavior is gated behind a disabled pref until
anti-tracking has been considered in bug 1928294.
Some WPTs that D227450 touches are cleaned up a bit.
Differential Revision: https://phabricator.services.mozilla.com/D227450
This is adding the RemotePermissionService xpcom js service for the purpose of
importing default permission manager entries from remote settings. This service
will be initialized by the permission manager after it has read all its
permissions from disk and is fully initialized.
When being initialized, the service will at first get all the current default
remote permissions from the remote settings client, and add them as default
permissions through the `AddDefaultFromPrincipal` method added in D222650. An
event listener is then also set up to keep the default entries in the permission
manager in sync with remote settings.
All of this is guarded behind a whitelist in the the `ALLOWED_PERMISSION_VALUES`
variable, ensuring only specific permission types and values can be imported
through this mechanism.
Differential Revision: https://phabricator.services.mozilla.com/D222649
For long touch scrolls that change direction, using the start point of
the touch scroll as the origin to calculate the angle of the scroll is
problematic for determine the axis that should be locked. Maintain a
list of recent touch gesture points and calculate the gesture angle from
the most recent touch gesture points.
Differential Revision: https://phabricator.services.mozilla.com/D219228
This is adding the RemotePermissionService xpcom js service for the purpose of
importing default permission manager entries from remote settings. This service
will be initialized by the permission manager after it has read all its
permissions from disk and is fully initialized.
When being initialized, the service will at first get all the current default
remote permissions from the remote settings client, and add them as default
permissions through the `AddDefaultFromPrincipal` method added in D222650. An
event listener is then also set up to keep the default entries in the permission
manager in sync with remote settings.
All of this is guarded behind a whitelist in the the `ALLOWED_PERMISSION_VALUES`
variable, ensuring only specific permission types and values can be imported
through this mechanism.
Differential Revision: https://phabricator.services.mozilla.com/D222649
