I did some extensive testing and research, this should help to remove further reduce the complexity of our patches
Signed-off-by: celenity <celenity@celenity.dev>
This does NOT impact the initial install of uBlock Origin, and it doesn't impact add-ons installed from local files - it controls installs from websites
We limit the websites allowed to install add-ons to a select few anyways, but we should discourage users from installing add-ons in general unless necessary, due to the privacy and security concerns
So this improves security for users overall, while still providing them with the freedom to re-enable installation of add-ons if desired, right from the UI
Signed-off-by: celenity <celenity@celenity.dev>
Currently, to play DRM-controlled content, users are enabling EME and Widevine from the `about:config` by setting `media.eme.enabled` and `media.mediadrm-widevinecdm.visible` to `true`. This *technically* works, but the problem is that we remove the EME permission UI in `fenix-liberate.patch` - so if a user enables EME with the `media.eme.enabled` pref (which we know users are), it allows *all* websites to use DRM, without prompting.
So for folks who insist on enabling/using DRM (which I will emphasize is NOT supported or recommended), this adds a way for them to enable it at their discretion, while still being able to control which sites can and can't use it, like vanilla Firefox allows.
This adds two hidden/secret settings that function as follows:
- `Enable Encrypted Media Extensions (EME)` - When enabled, this sets `media.eme.enabled` to true, and it exposes the UI for controlling the DRM site permission.
- `Enable Widevine CDM` - This depends on the `Enable Encrypted Media Extensions (EME)` setting. When enabled, it sets `media.mediadrm-widevinecdm.visible` to `true`.
Signed-off-by: celenity <celenity@celenity.dev>
For reference, Mozilla uses this for their Safe Browsing toggle in Firefox Focus - doesn't make sense not to leverage the work they've already done. If/when they add a Safe Browsing toggle to Fenix upstream, this is also likely the same approach they'll use.
Signed-off-by: celenity <celenity@celenity.dev>
After careful consideration, I don't think it's worth disabling these - especially since they're only limited to uBo's internal lists - which are fetched from GitHub anyways, so ex. any rule changes are easily auditable. Some of these rules also improve privacy for users - so in general, I think it's best we leave these on - not even ex. Mullvad Browser disables these
Signed-off-by: celenity <celenity@celenity.dev>
