mirror of
https://github.com/ironfox-oss/IronFox.git
synced 2026-06-11 09:44:46 -04:00
263 lines
9.3 KiB
Diff
263 lines
9.3 KiB
Diff
From 41407e87dbe226d690371e4cd2f8bf43b5d0e663 Mon Sep 17 00:00:00 2001
|
|
From: Akash Yadav <itsaky01@gmail.com>
|
|
Date: Mon, 28 Apr 2025 11:35:55 +0530
|
|
Subject: [PATCH] fix(patches): update 'librewolf-rs-blocker.patch' for
|
|
'FIREFOX_138_0_BUILD1'
|
|
|
|
Signed-off-by: Akash Yadav <itsaky01@gmail.com>
|
|
---
|
|
.../settings/RemoteSettingsClient.sys.mjs | 17 ++++
|
|
services/settings/Utils.sys.mjs | 86 ++++++++++++++++++-
|
|
.../mozapps/extensions/AddonManager.sys.mjs | 2 -
|
|
3 files changed, 101 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/services/settings/RemoteSettingsClient.sys.mjs b/services/settings/RemoteSettingsClient.sys.mjs
|
|
index 32dcdd45d8..fc1e8b0de1 100644
|
|
--- a/services/settings/RemoteSettingsClient.sys.mjs
|
|
+++ b/services/settings/RemoteSettingsClient.sys.mjs
|
|
@@ -228,6 +228,11 @@ class AttachmentDownloader extends Downloader {
|
|
* @see Downloader.download
|
|
*/
|
|
async download(record, options) {
|
|
+ if (!lazy.Utils.isCollectionAllowed(this.bucketName, this.collectionName)) {
|
|
+ throw Error(
|
|
+ `Download attempt to RS collection "${this.identifier}" was blocked.`
|
|
+ );
|
|
+ }
|
|
try {
|
|
// Explicitly await here to ensure we catch a network error.
|
|
return await super.download(record, options);
|
|
@@ -620,6 +625,10 @@ export class RemoteSettingsClient extends EventEmitter {
|
|
return;
|
|
}
|
|
|
|
+ if (!lazy.Utils.isCollectionAllowed(this.bucketName, this.collectionName)) {
|
|
+ return;
|
|
+ }
|
|
+
|
|
// We want to know which timestamp we are expected to obtain in order to leverage
|
|
// cache busting. We don't provide ETag because we don't want a 304.
|
|
const { changes } = await lazy.Utils.fetchLatestChanges(
|
|
@@ -981,6 +990,14 @@ export class RemoteSettingsClient extends EventEmitter {
|
|
* Import the JSON files from services/settings/dump into the local DB.
|
|
*/
|
|
async _importJSONDump() {
|
|
+ if (
|
|
+ !lazy.Utils.isCollectionAllowedFromDump(
|
|
+ this.bucketName,
|
|
+ this.collectionName
|
|
+ )
|
|
+ ) {
|
|
+ return 0;
|
|
+ }
|
|
lazy.console.info(`${this.identifier} try to restore dump`);
|
|
const result = await lazy.RemoteSettingsWorker.importJSONDump(
|
|
this.bucketName,
|
|
diff --git a/services/settings/Utils.sys.mjs b/services/settings/Utils.sys.mjs
|
|
index d3643aedf2..f8e67ca365 100644
|
|
--- a/services/settings/Utils.sys.mjs
|
|
+++ b/services/settings/Utils.sys.mjs
|
|
@@ -75,6 +75,18 @@ ChromeUtils.defineLazyGetter(lazy, "allowServerURLOverride", () => {
|
|
return false;
|
|
});
|
|
|
|
+ChromeUtils.defineLazyGetter(lazy, "allowedCollections", () =>
|
|
+ Services.prefs
|
|
+ .getStringPref("browser.ironfox.services.settings.allowedCollections", "")
|
|
+ .split(",")
|
|
+);
|
|
+
|
|
+ChromeUtils.defineLazyGetter(lazy, "allowedCollectionsFromDump", () =>
|
|
+ Services.prefs
|
|
+ .getStringPref("browser.ironfox.services.settings.allowedCollectionsFromDump", "")
|
|
+ .split(",")
|
|
+);
|
|
+
|
|
XPCOMUtils.defineLazyPreferenceGetter(
|
|
lazy,
|
|
"gServerURL",
|
|
@@ -205,12 +217,80 @@ export var Utils = {
|
|
return false;
|
|
},
|
|
|
|
+ /**
|
|
+ * Internal code to determine whether the bucket and collection are allowed to
|
|
+ * be loaded by the remote settings client for a given list of allowed
|
|
+ * bucket/collection combinations.
|
|
+ * @param {string} bucket
|
|
+ * @param {string} collection
|
|
+ * @param {Array<string>} allowedCollections
|
|
+ * @returns {boolean} whether the bucket and collection are allowed to load
|
|
+ */
|
|
+ _isCollectionAllowedInternal(bucket, collection, allowedCollections) {
|
|
+ bucket = this.actualBucketName(bucket);
|
|
+ return (
|
|
+ allowedCollections.includes(`${bucket}/${collection}`) ||
|
|
+ allowedCollections.includes(`${bucket}/*`) ||
|
|
+ allowedCollections.includes("*")
|
|
+ );
|
|
+ },
|
|
+
|
|
+ /**
|
|
+ * Determines whether the bucket and collection are allowed to be loaded by the
|
|
+ * remote settings client.
|
|
+ * @param {string} bucket
|
|
+ * @param {string} collection
|
|
+ * @returns {boolean} whether the bucket and collection are allowed to load
|
|
+ */
|
|
+ isCollectionAllowed(bucket, collection) {
|
|
+ if (
|
|
+ this._isCollectionAllowedInternal(
|
|
+ bucket,
|
|
+ collection,
|
|
+ lazy.allowedCollections
|
|
+ )
|
|
+ ) {
|
|
+ return true;
|
|
+ }
|
|
+ console.warn(
|
|
+ `Connection attempt to RS collection "${bucket}/${collection}" was blocked/filtered.`
|
|
+ );
|
|
+ return false;
|
|
+ },
|
|
+
|
|
+ /**
|
|
+ * Determines whether the bucket and collection are allowed to be loaded from
|
|
+ * an in-tree remote settings dump.
|
|
+ * @param {string} bucket
|
|
+ * @param {string} collection
|
|
+ * @returns {boolean} whether the bucket and collection are allowed to load
|
|
+ */
|
|
+ isCollectionAllowedFromDump(bucket, collection) {
|
|
+ if (
|
|
+ this._isCollectionAllowedInternal(
|
|
+ bucket,
|
|
+ collection,
|
|
+ lazy.allowedCollectionsFromDump
|
|
+ ) ||
|
|
+ this._isCollectionAllowedInternal(
|
|
+ bucket,
|
|
+ collection,
|
|
+ lazy.allowedCollections
|
|
+ )
|
|
+ ) {
|
|
+ return true;
|
|
+ }
|
|
+ console.warn(
|
|
+ `Access attempt to RS collection "${bucket}/${collection}" from local dump was blocked/filtered.`
|
|
+ );
|
|
+ return false;
|
|
+ },
|
|
+
|
|
/**
|
|
* A wrapper around `ServiceRequest` that behaves like `fetch()`.
|
|
*
|
|
* Use this in order to leverage the `beConservative` flag, for
|
|
* example to avoid using HTTP3 to fetch critical data.
|
|
- *
|
|
* @param input a resource
|
|
* @param init request options
|
|
* @returns a Response object
|
|
@@ -483,7 +563,9 @@ export var Utils = {
|
|
}
|
|
|
|
return {
|
|
- changes,
|
|
+ changes: changes.filter(change =>
|
|
+ this.isCollectionAllowed(change.bucket, change.collection)
|
|
+ ),
|
|
currentEtag: `"${timestamp}"`,
|
|
serverTimeMillis,
|
|
backoffSeconds,
|
|
diff --git a/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs b/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs
|
|
index d634f9def5..05e8007f24 100644
|
|
--- a/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs
|
|
+++ b/toolkit/components/crashes/RemoteSettingsCrashPull.sys.mjs
|
|
@@ -12,7 +12,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
|
|
"resource://services-settings/RemoteSettingsClient.sys.mjs",
|
|
});
|
|
|
|
-const REMOTE_SETTINGS_CRASH_COLLECTION = "crash-reports-ondemand";
|
|
+const REMOTE_SETTINGS_CRASH_COLLECTION = "";
|
|
|
|
// Remote Settings collections might want a different limit
|
|
const PENDING_REMOTE_CRASH_REPORT_DAYS = 90;
|
|
diff --git a/toolkit/components/nimbus/ExperimentAPI.sys.mjs b/toolkit/components/nimbus/ExperimentAPI.sys.mjs
|
|
index eeb90eaf0c..f6a10ec3db 100644
|
|
--- a/toolkit/components/nimbus/ExperimentAPI.sys.mjs
|
|
+++ b/toolkit/components/nimbus/ExperimentAPI.sys.mjs
|
|
@@ -32,7 +32,7 @@ const IS_MAIN_PROCESS =
|
|
Services.appinfo.processType === Services.appinfo.PROCESS_TYPE_DEFAULT;
|
|
|
|
const COLLECTION_ID_PREF = "messaging-system.rsexperimentloader.collection_id";
|
|
-const COLLECTION_ID_FALLBACK = "nimbus-desktop-experiments";
|
|
+const COLLECTION_ID_FALLBACK = "";
|
|
XPCOMUtils.defineLazyPreferenceGetter(
|
|
lazy,
|
|
"COLLECTION_ID",
|
|
diff --git a/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs b/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs
|
|
index 06c0045df6..acd3660cb4 100644
|
|
--- a/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs
|
|
+++ b/toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.sys.mjs
|
|
@@ -37,7 +37,7 @@ XPCOMUtils.defineLazyServiceGetter(
|
|
);
|
|
|
|
const COLLECTION_ID_PREF = "messaging-system.rsexperimentloader.collection_id";
|
|
-const COLLECTION_ID_FALLBACK = "nimbus-desktop-experiments";
|
|
+const COLLECTION_ID_FALLBACK = "";
|
|
const TARGETING_CONTEXT_TELEMETRY_ENABLED_PREF =
|
|
"nimbus.telemetry.targetingContextEnabled";
|
|
|
|
@@ -51,10 +51,10 @@ const NIMBUS_APPID_PREF = "nimbus.appId";
|
|
|
|
const STUDIES_ENABLED_CHANGED = "nimbus:studies-enabled-changed";
|
|
|
|
-const SECURE_EXPERIMENTS_COLLECTION_ID = "nimbus-secure-experiments";
|
|
+const SECURE_EXPERIMENTS_COLLECTION_ID = "";
|
|
|
|
-const EXPERIMENTS_COLLECTION = "experiments";
|
|
-const SECURE_EXPERIMENTS_COLLECTION = "secureExperiments";
|
|
+const EXPERIMENTS_COLLECTION = "";
|
|
+const SECURE_EXPERIMENTS_COLLECTION = "";
|
|
|
|
const RS_COLLECTION_OPTIONS = {
|
|
[EXPERIMENTS_COLLECTION]: {
|
|
@@ -82,7 +82,7 @@ XPCOMUtils.defineLazyPreferenceGetter(
|
|
lazy,
|
|
"APP_ID",
|
|
NIMBUS_APPID_PREF,
|
|
- "firefox-desktop"
|
|
+ ""
|
|
);
|
|
XPCOMUtils.defineLazyPreferenceGetter(
|
|
lazy,
|
|
diff --git a/toolkit/components/normandy/lib/RecipeRunner.sys.mjs b/toolkit/components/normandy/lib/RecipeRunner.sys.mjs
|
|
index 087e4ed51e..256972093f 100644
|
|
--- a/toolkit/components/normandy/lib/RecipeRunner.sys.mjs
|
|
+++ b/toolkit/components/normandy/lib/RecipeRunner.sys.mjs
|
|
@@ -36,7 +36,7 @@ ChromeUtils.defineESModuleGetters(lazy, {
|
|
|
|
const log = LogManager.getLogger("recipe-runner");
|
|
const TIMER_NAME = "recipe-client-addon-run";
|
|
-const REMOTE_SETTINGS_COLLECTION = "normandy-recipes-capabilities";
|
|
+const REMOTE_SETTINGS_COLLECTION = "";
|
|
const PREF_CHANGED_TOPIC = "nsPref:changed";
|
|
|
|
const RUN_INTERVAL_PREF = "app.normandy.run_interval_seconds";
|
|
diff --git a/toolkit/mozapps/extensions/AddonManager.sys.mjs b/toolkit/mozapps/extensions/AddonManager.sys.mjs
|
|
index 883e8389ee..ef86a2d1fa 100644
|
|
--- a/toolkit/mozapps/extensions/AddonManager.sys.mjs
|
|
+++ b/toolkit/mozapps/extensions/AddonManager.sys.mjs
|
|
@@ -4588,8 +4588,6 @@ AMRemoteSettings = {
|
|
*/
|
|
RS_ENTRIES_MAP: {
|
|
installTriggerDeprecation: [
|
|
- "extensions.InstallTriggerImpl.enabled",
|
|
- "extensions.InstallTrigger.enabled",
|
|
],
|
|
quarantinedDomains: ["extensions.quarantinedDomains.list"],
|
|
},
|
|
--
|
|
2.49.0
|
|
|