diff options
Diffstat (limited to 'modules/libpref')
66 files changed, 34656 insertions, 0 deletions
diff --git a/modules/libpref/Preferences.cpp b/modules/libpref/Preferences.cpp new file mode 100644 index 0000000000..c04744a8b9 --- /dev/null +++ b/modules/libpref/Preferences.cpp @@ -0,0 +1,6275 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Documentation for libpref is in modules/libpref/docs/index.rst. + +#include <ctype.h> +#include <stdlib.h> +#include <string.h> + +#include "SharedPrefMap.h" + +#include "base/basictypes.h" +#include "MainThreadUtils.h" +#include "mozilla/AppShutdown.h" +#include "mozilla/ArenaAllocatorExtensions.h" +#include "mozilla/ArenaAllocator.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/Attributes.h" +#include "mozilla/Components.h" +#include "mozilla/dom/PContent.h" +#include "mozilla/dom/RemoteType.h" +#include "mozilla/HashFunctions.h" +#include "mozilla/HashTable.h" +#include "mozilla/Logging.h" +#include "mozilla/Maybe.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/Omnijar.h" +#include "mozilla/Preferences.h" +#include "mozilla/ProfilerLabels.h" +#include "mozilla/ProfilerMarkers.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/SchedulerGroup.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/ServoStyleSet.h" +#include "mozilla/SpinEventLoopUntil.h" +#include "mozilla/StaticMutex.h" +#include "mozilla/StaticPrefsAll.h" +#include "mozilla/StaticPtr.h" +#include "mozilla/SyncRunnable.h" +#include "mozilla/Telemetry.h" +#include "mozilla/TelemetryEventEnums.h" +#include "mozilla/UniquePtrExtensions.h" +#include "mozilla/URLPreloader.h" +#include "mozilla/Variant.h" +#include "mozilla/Vector.h" +#include "nsAppDirectoryServiceDefs.h" +#include "nsCategoryManagerUtils.h" +#include "nsClassHashtable.h" +#include "nsCOMArray.h" +#include "nsCOMPtr.h" +#include "nsComponentManagerUtils.h" +#include "nsContentUtils.h" +#include "nsCRT.h" +#include "nsTHashMap.h" +#include "nsDirectoryServiceDefs.h" +#include "nsIConsoleService.h" +#include "nsIFile.h" +#include "nsIMemoryReporter.h" +#include "nsIObserver.h" +#include "nsIObserverService.h" +#include "nsIOutputStream.h" +#include "nsIPrefBranch.h" +#include "nsIPrefLocalizedString.h" +#include "nsIRelativeFilePref.h" +#include "nsISafeOutputStream.h" +#include "nsISimpleEnumerator.h" +#include "nsIStringBundle.h" +#include "nsISupportsImpl.h" +#include "nsISupportsPrimitives.h" +#include "nsIZipReader.h" +#include "nsNetUtil.h" +#include "nsPrintfCString.h" +#include "nsQuickSort.h" +#include "nsReadableUtils.h" +#include "nsRefPtrHashtable.h" +#include "nsRelativeFilePref.h" +#include "nsString.h" +#include "nsTArray.h" +#include "nsThreadUtils.h" +#include "nsUTF8Utils.h" +#include "nsWeakReference.h" +#include "nsXPCOMCID.h" +#include "nsXPCOM.h" +#include "nsXULAppAPI.h" +#include "nsZipArchive.h" +#include "plbase64.h" +#include "PLDHashTable.h" +#include "prdtoa.h" +#include "prlink.h" +#include "xpcpublic.h" +#include "js/RootingAPI.h" +#ifdef MOZ_BACKGROUNDTASKS +# include "mozilla/BackgroundTasks.h" +#endif + +#ifdef DEBUG +# include <map> +#endif + +#ifdef MOZ_MEMORY +# include "mozmemory.h" +#endif + +#ifdef XP_WIN +# include "windows.h" +#endif + +#if defined(MOZ_WIDGET_GTK) +# include "mozilla/WidgetUtilsGtk.h" +#endif // defined(MOZ_WIDGET_GTK) + +using namespace mozilla; + +using ipc::FileDescriptor; + +#ifdef DEBUG + +# define ENSURE_PARENT_PROCESS(func, pref) \ + do { \ + if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { \ + nsPrintfCString msg( \ + "ENSURE_PARENT_PROCESS: called %s on %s in a non-parent process", \ + func, pref); \ + NS_ERROR(msg.get()); \ + return NS_ERROR_NOT_AVAILABLE; \ + } \ + } while (0) + +#else // DEBUG + +# define ENSURE_PARENT_PROCESS(func, pref) \ + if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { \ + return NS_ERROR_NOT_AVAILABLE; \ + } + +#endif // DEBUG + +// Forward declarations. +namespace mozilla::StaticPrefs { + +static void InitAll(); +static void StartObservingAlwaysPrefs(); +static void InitOncePrefs(); +static void InitStaticPrefsFromShared(); +static void RegisterOncePrefs(SharedPrefMapBuilder& aBuilder); +static void ShutdownAlwaysPrefs(); + +} // namespace mozilla::StaticPrefs + +//=========================================================================== +// Low-level types and operations +//=========================================================================== + +Atomic<bool, mozilla::Relaxed> sPrefTelemetryEventEnabled(false); + +typedef nsTArray<nsCString> PrefSaveData; + +// 1 MB should be enough for everyone. +static const uint32_t MAX_PREF_LENGTH = 1 * 1024 * 1024; +// Actually, 4kb should be enough for everyone. +static const uint32_t MAX_ADVISABLE_PREF_LENGTH = 4 * 1024; + +// This is used for pref names and string pref values. We encode the string +// length, then a '/', then the string chars. This encoding means there are no +// special chars that are forbidden or require escaping. +static void SerializeAndAppendString(const nsCString& aChars, nsCString& aStr) { + aStr.AppendInt(uint64_t(aChars.Length())); + aStr.Append('/'); + aStr.Append(aChars); +} + +static char* DeserializeString(char* aChars, nsCString& aStr) { + char* p = aChars; + uint32_t length = strtol(p, &p, 10); + MOZ_ASSERT(p[0] == '/'); + p++; // move past the '/' + aStr.Assign(p, length); + p += length; // move past the string itself + return p; +} + +// Keep this in sync with PrefValue in parser/src/lib.rs. +union PrefValue { + // PrefValues within Pref objects own their chars. PrefValues passed around + // as arguments don't own their chars. + const char* mStringVal; + int32_t mIntVal; + bool mBoolVal; + + PrefValue() = default; + + explicit PrefValue(bool aVal) : mBoolVal(aVal) {} + + explicit PrefValue(int32_t aVal) : mIntVal(aVal) {} + + explicit PrefValue(const char* aVal) : mStringVal(aVal) {} + + bool Equals(PrefType aType, PrefValue aValue) { + switch (aType) { + case PrefType::String: { + if (mStringVal && aValue.mStringVal) { + return strcmp(mStringVal, aValue.mStringVal) == 0; + } + if (!mStringVal && !aValue.mStringVal) { + return true; + } + return false; + } + + case PrefType::Int: + return mIntVal == aValue.mIntVal; + + case PrefType::Bool: + return mBoolVal == aValue.mBoolVal; + + default: + MOZ_CRASH("Unhandled enum value"); + } + } + + template <typename T> + T Get() const; + + void Init(PrefType aNewType, PrefValue aNewValue) { + if (aNewType == PrefType::String) { + MOZ_ASSERT(aNewValue.mStringVal); + aNewValue.mStringVal = moz_xstrdup(aNewValue.mStringVal); + } + *this = aNewValue; + } + + void Clear(PrefType aType) { + if (aType == PrefType::String) { + free(const_cast<char*>(mStringVal)); + } + + // Zero the entire value (regardless of type) via mStringVal. + mStringVal = nullptr; + } + + void Replace(bool aHasValue, PrefType aOldType, PrefType aNewType, + PrefValue aNewValue) { + if (aHasValue) { + Clear(aOldType); + } + Init(aNewType, aNewValue); + } + + void ToDomPrefValue(PrefType aType, dom::PrefValue* aDomValue) { + switch (aType) { + case PrefType::String: + *aDomValue = nsDependentCString(mStringVal); + return; + + case PrefType::Int: + *aDomValue = mIntVal; + return; + + case PrefType::Bool: + *aDomValue = mBoolVal; + return; + + default: + MOZ_CRASH(); + } + } + + PrefType FromDomPrefValue(const dom::PrefValue& aDomValue) { + switch (aDomValue.type()) { + case dom::PrefValue::TnsCString: + mStringVal = aDomValue.get_nsCString().get(); + return PrefType::String; + + case dom::PrefValue::Tint32_t: + mIntVal = aDomValue.get_int32_t(); + return PrefType::Int; + + case dom::PrefValue::Tbool: + mBoolVal = aDomValue.get_bool(); + return PrefType::Bool; + + default: + MOZ_CRASH(); + } + } + + void SerializeAndAppend(PrefType aType, nsCString& aStr) { + switch (aType) { + case PrefType::Bool: + aStr.Append(mBoolVal ? 'T' : 'F'); + break; + + case PrefType::Int: + aStr.AppendInt(mIntVal); + break; + + case PrefType::String: { + SerializeAndAppendString(nsDependentCString(mStringVal), aStr); + break; + } + + case PrefType::None: + default: + MOZ_CRASH(); + } + } + + void ToString(PrefType aType, nsCString& aStr) { + switch (aType) { + case PrefType::Bool: + aStr.Append(mBoolVal ? "true" : "false"); + break; + + case PrefType::Int: + aStr.AppendInt(mIntVal); + break; + + case PrefType::String: { + aStr.Append(nsDependentCString(mStringVal)); + break; + } + + case PrefType::None: + default:; + } + } + + static char* Deserialize(PrefType aType, char* aStr, + Maybe<dom::PrefValue>* aDomValue) { + char* p = aStr; + + switch (aType) { + case PrefType::Bool: + if (*p == 'T') { + *aDomValue = Some(true); + } else if (*p == 'F') { + *aDomValue = Some(false); + } else { + *aDomValue = Some(false); + NS_ERROR("bad bool pref value"); + } + p++; + return p; + + case PrefType::Int: { + *aDomValue = Some(int32_t(strtol(p, &p, 10))); + return p; + } + + case PrefType::String: { + nsCString str; + p = DeserializeString(p, str); + *aDomValue = Some(str); + return p; + } + + default: + MOZ_CRASH(); + } + } +}; + +template <> +bool PrefValue::Get() const { + return mBoolVal; +} + +template <> +int32_t PrefValue::Get() const { + return mIntVal; +} + +template <> +nsDependentCString PrefValue::Get() const { + return nsDependentCString(mStringVal); +} + +#ifdef DEBUG +const char* PrefTypeToString(PrefType aType) { + switch (aType) { + case PrefType::None: + return "none"; + case PrefType::String: + return "string"; + case PrefType::Int: + return "int"; + case PrefType::Bool: + return "bool"; + default: + MOZ_CRASH("Unhandled enum value"); + } +} +#endif + +// Assign to aResult a quoted, escaped copy of aOriginal. +static void StrEscape(const char* aOriginal, nsCString& aResult) { + if (aOriginal == nullptr) { + aResult.AssignLiteral("\"\""); + return; + } + + // JavaScript does not allow quotes, slashes, or line terminators inside + // strings so we must escape them. ECMAScript defines four line terminators, + // but we're only worrying about \r and \n here. We currently feed our pref + // script to the JS interpreter as Latin-1 so we won't encounter \u2028 + // (line separator) or \u2029 (paragraph separator). + // + // WARNING: There are hints that we may be moving to storing prefs as utf8. + // If we ever feed them to the JS compiler as UTF8 then we'll have to worry + // about the multibyte sequences that would be interpreted as \u2028 and + // \u2029. + const char* p; + + aResult.Assign('"'); + + // Paranoid worst case all slashes will free quickly. + for (p = aOriginal; *p; ++p) { + switch (*p) { + case '\n': + aResult.AppendLiteral("\\n"); + break; + + case '\r': + aResult.AppendLiteral("\\r"); + break; + + case '\\': + aResult.AppendLiteral("\\\\"); + break; + + case '\"': + aResult.AppendLiteral("\\\""); + break; + + default: + aResult.Append(*p); + break; + } + } + + aResult.Append('"'); +} + +// Mimic the behaviour of nsTStringRepr::ToFloat before bug 840706 to preserve +// error case handling for parsing pref strings. Many callers do not check error +// codes, so the returned values may be used even if an error is set. +// +// This method should never return NaN, but may return +-inf if the provided +// number is too large to fit in a float. +static float ParsePrefFloat(const nsCString& aString, nsresult* aError) { + if (aString.IsEmpty()) { + *aError = NS_ERROR_ILLEGAL_VALUE; + return 0.f; + } + + // PR_strtod does a locale-independent conversion. + char* stopped = nullptr; + float result = PR_strtod(aString.get(), &stopped); + + // Defensively avoid potential breakage caused by returning NaN into + // unsuspecting code. AFAIK this should never happen as PR_strtod cannot + // return NaN as currently configured. + if (std::isnan(result)) { + MOZ_ASSERT_UNREACHABLE("PR_strtod shouldn't return NaN"); + *aError = NS_ERROR_ILLEGAL_VALUE; + return 0.f; + } + + *aError = (stopped == aString.EndReading()) ? NS_OK : NS_ERROR_ILLEGAL_VALUE; + return result; +} + +struct PreferenceMarker { + static constexpr Span<const char> MarkerTypeName() { + return MakeStringSpan("Preference"); + } + static void StreamJSONMarkerData(baseprofiler::SpliceableJSONWriter& aWriter, + const ProfilerString8View& aPrefName, + const Maybe<PrefValueKind>& aPrefKind, + PrefType aPrefType, + const ProfilerString8View& aPrefValue) { + aWriter.StringProperty("prefName", aPrefName); + aWriter.StringProperty("prefKind", PrefValueKindToString(aPrefKind)); + aWriter.StringProperty("prefType", PrefTypeToString(aPrefType)); + aWriter.StringProperty("prefValue", aPrefValue); + } + static MarkerSchema MarkerTypeDisplay() { + using MS = MarkerSchema; + MS schema{MS::Location::MarkerChart, MS::Location::MarkerTable}; + schema.AddKeyLabelFormatSearchable("prefName", "Name", MS::Format::String, + MS::Searchable::Searchable); + schema.AddKeyLabelFormat("prefKind", "Kind", MS::Format::String); + schema.AddKeyLabelFormat("prefType", "Type", MS::Format::String); + schema.AddKeyLabelFormat("prefValue", "Value", MS::Format::String); + schema.SetTableLabel( + "{marker.name} — {marker.data.prefName}: {marker.data.prefValue} " + "({marker.data.prefType})"); + return schema; + } + + private: + static Span<const char> PrefValueKindToString( + const Maybe<PrefValueKind>& aKind) { + if (aKind) { + return *aKind == PrefValueKind::Default ? MakeStringSpan("Default") + : MakeStringSpan("User"); + } + return "Shared"; + } + + static Span<const char> PrefTypeToString(PrefType type) { + switch (type) { + case PrefType::None: + return "None"; + case PrefType::Int: + return "Int"; + case PrefType::Bool: + return "Bool"; + case PrefType::String: + return "String"; + default: + MOZ_ASSERT_UNREACHABLE("Unknown preference type."); + return "Unknown"; + } + } +}; + +namespace mozilla { +struct PrefsSizes { + PrefsSizes() + : mHashTable(0), + mPrefValues(0), + mStringValues(0), + mRootBranches(0), + mPrefNameArena(0), + mCallbacksObjects(0), + mCallbacksDomains(0), + mMisc(0) {} + + size_t mHashTable; + size_t mPrefValues; + size_t mStringValues; + size_t mRootBranches; + size_t mPrefNameArena; + size_t mCallbacksObjects; + size_t mCallbacksDomains; + size_t mMisc; +}; +} // namespace mozilla + +static StaticRefPtr<SharedPrefMap> gSharedMap; + +// Arena for Pref names. +// Never access sPrefNameArena directly, always use PrefNameArena() +// because it must only be accessed on the Main Thread +typedef ArenaAllocator<4096, 1> NameArena; +static NameArena* sPrefNameArena; + +static inline NameArena& PrefNameArena() { + MOZ_ASSERT(NS_IsMainThread()); + + if (!sPrefNameArena) { + sPrefNameArena = new NameArena(); + } + return *sPrefNameArena; +} + +class PrefWrapper; + +// Three forward declarations for immediately below +class Pref; +static bool IsPreferenceSanitized(const Pref* const aPref); +static bool ShouldSanitizePreference(const Pref* const aPref); + +// Note that this never changes in the parent process, and is only read in +// content processes. +static bool gContentProcessPrefsAreInited = false; + +class Pref { + public: + explicit Pref(const nsACString& aName) + : mName(ArenaStrdup(aName, PrefNameArena()), aName.Length()), + mType(static_cast<uint32_t>(PrefType::None)), + mIsSticky(false), + mIsLocked(false), + mIsSanitized(false), + mHasDefaultValue(false), + mHasUserValue(false), + mIsSkippedByIteration(false), + mDefaultValue(), + mUserValue() {} + + ~Pref() { + // There's no need to free mName because it's allocated in memory owned by + // sPrefNameArena. + + mDefaultValue.Clear(Type()); + mUserValue.Clear(Type()); + } + + const char* Name() const { return mName.get(); } + const nsDependentCString& NameString() const { return mName; } + + // Types. + + PrefType Type() const { return static_cast<PrefType>(mType); } + void SetType(PrefType aType) { mType = static_cast<uint32_t>(aType); } + + bool IsType(PrefType aType) const { return Type() == aType; } + bool IsTypeNone() const { return IsType(PrefType::None); } + bool IsTypeString() const { return IsType(PrefType::String); } + bool IsTypeInt() const { return IsType(PrefType::Int); } + bool IsTypeBool() const { return IsType(PrefType::Bool); } + + // Other properties. + + bool IsLocked() const { return mIsLocked; } + void SetIsLocked(bool aValue) { mIsLocked = aValue; } + bool IsSkippedByIteration() const { return mIsSkippedByIteration; } + void SetIsSkippedByIteration(bool aValue) { mIsSkippedByIteration = aValue; } + + bool IsSticky() const { return mIsSticky; } + + bool IsSanitized() const { return mIsSanitized; } + + bool HasDefaultValue() const { return mHasDefaultValue; } + bool HasUserValue() const { return mHasUserValue; } + + template <typename T> + void AddToMap(SharedPrefMapBuilder& aMap) { + // Sanitized preferences should never be added to the shared pref map + MOZ_ASSERT(!ShouldSanitizePreference(this)); + aMap.Add(NameString(), + {HasDefaultValue(), HasUserValue(), IsSticky(), IsLocked(), + /* isSanitized */ false, IsSkippedByIteration()}, + HasDefaultValue() ? mDefaultValue.Get<T>() : T(), + HasUserValue() ? mUserValue.Get<T>() : T()); + } + + void AddToMap(SharedPrefMapBuilder& aMap) { + if (IsTypeBool()) { + AddToMap<bool>(aMap); + } else if (IsTypeInt()) { + AddToMap<int32_t>(aMap); + } else if (IsTypeString()) { + AddToMap<nsDependentCString>(aMap); + } else { + MOZ_ASSERT_UNREACHABLE("Unexpected preference type"); + } + } + + // Other operations. + +#define CHECK_SANITIZATION() \ + if (IsPreferenceSanitized(this)) { \ + if (!sPrefTelemetryEventEnabled.exchange(true)) { \ + sPrefTelemetryEventEnabled = true; \ + Telemetry::SetEventRecordingEnabled("security"_ns, true); \ + } \ + Telemetry::RecordEvent( \ + Telemetry::EventID::Security_Prefusage_Contentprocess, \ + mozilla::Some(Name()), mozilla::Nothing()); \ + if (sCrashOnBlocklistedPref) { \ + MOZ_CRASH_UNSAFE_PRINTF( \ + "Should not access the preference '%s' in the Content Processes", \ + Name()); \ + } \ + } + + bool GetBoolValue(PrefValueKind aKind = PrefValueKind::User) const { + MOZ_ASSERT(IsTypeBool()); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + CHECK_SANITIZATION(); + + return aKind == PrefValueKind::Default ? mDefaultValue.mBoolVal + : mUserValue.mBoolVal; + } + + int32_t GetIntValue(PrefValueKind aKind = PrefValueKind::User) const { + MOZ_ASSERT(IsTypeInt()); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + CHECK_SANITIZATION(); + + return aKind == PrefValueKind::Default ? mDefaultValue.mIntVal + : mUserValue.mIntVal; + } + + const char* GetBareStringValue( + PrefValueKind aKind = PrefValueKind::User) const { + MOZ_ASSERT(IsTypeString()); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + CHECK_SANITIZATION(); + + return aKind == PrefValueKind::Default ? mDefaultValue.mStringVal + : mUserValue.mStringVal; + } + +#undef CHECK_SANITIZATION + + nsDependentCString GetStringValue( + PrefValueKind aKind = PrefValueKind::User) const { + return nsDependentCString(GetBareStringValue(aKind)); + } + + void ToDomPref(dom::Pref* aDomPref, bool aIsDestinationWebContentProcess) { + MOZ_ASSERT(XRE_IsParentProcess()); + + aDomPref->name() = mName; + + aDomPref->isLocked() = mIsLocked; + + aDomPref->isSanitized() = + aIsDestinationWebContentProcess && ShouldSanitizePreference(this); + + if (mHasDefaultValue) { + aDomPref->defaultValue() = Some(dom::PrefValue()); + mDefaultValue.ToDomPrefValue(Type(), &aDomPref->defaultValue().ref()); + } else { + aDomPref->defaultValue() = Nothing(); + } + + if (mHasUserValue && + !(aDomPref->isSanitized() && sOmitBlocklistedPrefValues)) { + aDomPref->userValue() = Some(dom::PrefValue()); + mUserValue.ToDomPrefValue(Type(), &aDomPref->userValue().ref()); + } else { + aDomPref->userValue() = Nothing(); + } + + MOZ_ASSERT(aDomPref->defaultValue().isNothing() || + aDomPref->userValue().isNothing() || + (mIsSanitized && sOmitBlocklistedPrefValues) || + (aDomPref->defaultValue().ref().type() == + aDomPref->userValue().ref().type())); + } + + void FromDomPref(const dom::Pref& aDomPref, bool* aValueChanged) { + MOZ_ASSERT(!XRE_IsParentProcess()); + MOZ_ASSERT(mName == aDomPref.name()); + + mIsLocked = aDomPref.isLocked(); + mIsSanitized = aDomPref.isSanitized(); + + const Maybe<dom::PrefValue>& defaultValue = aDomPref.defaultValue(); + bool defaultValueChanged = false; + if (defaultValue.isSome()) { + PrefValue value; + PrefType type = value.FromDomPrefValue(defaultValue.ref()); + if (!ValueMatches(PrefValueKind::Default, type, value)) { + // Type() is PrefType::None if it's a newly added pref. This is ok. + mDefaultValue.Replace(mHasDefaultValue, Type(), type, value); + SetType(type); + mHasDefaultValue = true; + defaultValueChanged = true; + } + } + // Note: we never clear a default value. + + const Maybe<dom::PrefValue>& userValue = aDomPref.userValue(); + bool userValueChanged = false; + if (userValue.isSome()) { + PrefValue value; + PrefType type = value.FromDomPrefValue(userValue.ref()); + if (!ValueMatches(PrefValueKind::User, type, value)) { + // Type() is PrefType::None if it's a newly added pref. This is ok. + mUserValue.Replace(mHasUserValue, Type(), type, value); + SetType(type); + mHasUserValue = true; + userValueChanged = true; + } + } else if (mHasUserValue) { + ClearUserValue(); + userValueChanged = true; + } + + if (userValueChanged || (defaultValueChanged && !mHasUserValue)) { + *aValueChanged = true; + } + } + + void FromWrapper(PrefWrapper& aWrapper); + + bool HasAdvisablySizedValues() { + MOZ_ASSERT(XRE_IsParentProcess()); + + if (!IsTypeString()) { + return true; + } + + if (mHasDefaultValue && + strlen(mDefaultValue.mStringVal) > MAX_ADVISABLE_PREF_LENGTH) { + return false; + } + + if (mHasUserValue && + strlen(mUserValue.mStringVal) > MAX_ADVISABLE_PREF_LENGTH) { + return false; + } + + return true; + } + + private: + bool ValueMatches(PrefValueKind aKind, PrefType aType, PrefValue aValue) { + return IsType(aType) && + (aKind == PrefValueKind::Default + ? mHasDefaultValue && mDefaultValue.Equals(aType, aValue) + : mHasUserValue && mUserValue.Equals(aType, aValue)); + } + + public: + void ClearUserValue() { + mUserValue.Clear(Type()); + mHasUserValue = false; + } + + nsresult SetDefaultValue(PrefType aType, PrefValue aValue, bool aIsSticky, + bool aIsLocked, bool* aValueChanged) { + // Types must always match when setting the default value. + if (!IsType(aType)) { + return NS_ERROR_UNEXPECTED; + } + + // Should we set the default value? Only if the pref is not locked, and + // doing so would change the default value. + if (!IsLocked()) { + if (aIsLocked) { + SetIsLocked(true); + } + if (!ValueMatches(PrefValueKind::Default, aType, aValue)) { + mDefaultValue.Replace(mHasDefaultValue, Type(), aType, aValue); + mHasDefaultValue = true; + if (aIsSticky) { + mIsSticky = true; + } + if (!mHasUserValue) { + *aValueChanged = true; + } + // What if we change the default to be the same as the user value? + // Should we clear the user value? Currently we don't. + } + } + return NS_OK; + } + + nsresult SetUserValue(PrefType aType, PrefValue aValue, bool aFromInit, + bool* aValueChanged) { + // If we have a default value, types must match when setting the user + // value. + if (mHasDefaultValue && !IsType(aType)) { + return NS_ERROR_UNEXPECTED; + } + + // Should we clear the user value, if present? Only if the new user value + // matches the default value, and the pref isn't sticky, and we aren't + // force-setting it during initialization. + if (ValueMatches(PrefValueKind::Default, aType, aValue) && !mIsSticky && + !aFromInit) { + if (mHasUserValue) { + ClearUserValue(); + if (!IsLocked()) { + *aValueChanged = true; + } + } + + // Otherwise, should we set the user value? Only if doing so would + // change the user value. + } else if (!ValueMatches(PrefValueKind::User, aType, aValue)) { + mUserValue.Replace(mHasUserValue, Type(), aType, aValue); + SetType(aType); // needed because we may have changed the type + mHasUserValue = true; + if (!IsLocked()) { + *aValueChanged = true; + } + } + return NS_OK; + } + + // Prefs are serialized in a manner that mirrors dom::Pref. The two should be + // kept in sync. E.g. if something is added to one it should also be added to + // the other. (It would be nice to be able to use the code generated from + // IPDL for serializing dom::Pref here instead of writing by hand this + // serialization/deserialization. Unfortunately, that generated code is + // difficult to use directly, outside of the IPDL IPC code.) + // + // The grammar for the serialized prefs has the following form. + // + // <pref> = <type> <locked> <sanitized> ':' <name> ':' <value>? ':' + // <value>? '\n' + // <type> = 'B' | 'I' | 'S' + // <locked> = 'L' | '-' + // <sanitized> = 'S' | '-' + // <name> = <string-value> + // <value> = <bool-value> | <int-value> | <string-value> + // <bool-value> = 'T' | 'F' + // <int-value> = an integer literal accepted by strtol() + // <string-value> = <int-value> '/' <chars> + // <chars> = any char sequence of length dictated by the preceding + // <int-value>. + // + // No whitespace is tolerated between tokens. <type> must match the types of + // the values. + // + // The serialization is text-based, rather than binary, for the following + // reasons. + // + // - The size difference wouldn't be much different between text-based and + // binary. Most of the space is for strings (pref names and string pref + // values), which would be the same in both styles. And other differences + // would be minimal, e.g. small integers are shorter in text but long + // integers are longer in text. + // + // - Likewise, speed differences should be negligible. + // + // - It's much easier to debug a text-based serialization. E.g. you can + // print it and inspect it easily in a debugger. + // + // Examples of unlocked boolean prefs: + // - "B--:8/my.bool1:F:T\n" + // - "B--:8/my.bool2:F:\n" + // - "B--:8/my.bool3::T\n" + // + // Examples of sanitized, unlocked boolean prefs: + // - "B-S:8/my.bool1:F:T\n" + // - "B-S:8/my.bool2:F:\n" + // - "B-S:8/my.bool3::T\n" + // + // Examples of locked integer prefs: + // - "IL-:7/my.int1:0:1\n" + // - "IL-:7/my.int2:123:\n" + // - "IL-:7/my.int3::-99\n" + // + // Examples of unlocked string prefs: + // - "S--:10/my.string1:3/abc:4/wxyz\n" + // - "S--:10/my.string2:5/1.234:\n" + // - "S--:10/my.string3::7/string!\n" + + void SerializeAndAppend(nsCString& aStr, bool aSanitizeUserValue) { + switch (Type()) { + case PrefType::Bool: + aStr.Append('B'); + break; + + case PrefType::Int: + aStr.Append('I'); + break; + + case PrefType::String: { + aStr.Append('S'); + break; + } + + case PrefType::None: + default: + MOZ_CRASH(); + } + + aStr.Append(mIsLocked ? 'L' : '-'); + aStr.Append(aSanitizeUserValue ? 'S' : '-'); + aStr.Append(':'); + + SerializeAndAppendString(mName, aStr); + aStr.Append(':'); + + if (mHasDefaultValue) { + mDefaultValue.SerializeAndAppend(Type(), aStr); + } + aStr.Append(':'); + + if (mHasUserValue && !(aSanitizeUserValue && sOmitBlocklistedPrefValues)) { + mUserValue.SerializeAndAppend(Type(), aStr); + } + aStr.Append('\n'); + } + + static char* Deserialize(char* aStr, dom::Pref* aDomPref) { + char* p = aStr; + + // The type. + PrefType type; + if (*p == 'B') { + type = PrefType::Bool; + } else if (*p == 'I') { + type = PrefType::Int; + } else if (*p == 'S') { + type = PrefType::String; + } else { + NS_ERROR("bad pref type"); + type = PrefType::None; + } + p++; // move past the type char + + // Locked? + bool isLocked; + if (*p == 'L') { + isLocked = true; + } else if (*p == '-') { + isLocked = false; + } else { + NS_ERROR("bad pref locked status"); + isLocked = false; + } + p++; // move past the isLocked char + + // Sanitize? + bool isSanitized; + if (*p == 'S') { + isSanitized = true; + } else if (*p == '-') { + isSanitized = false; + } else { + NS_ERROR("bad pref sanitized status"); + isSanitized = false; + } + p++; // move past the isSanitized char + + MOZ_ASSERT(*p == ':'); + p++; // move past the ':' + + // The pref name. + nsCString name; + p = DeserializeString(p, name); + + MOZ_ASSERT(*p == ':'); + p++; // move past the ':' preceding the default value + + Maybe<dom::PrefValue> maybeDefaultValue; + if (*p != ':') { + dom::PrefValue defaultValue; + p = PrefValue::Deserialize(type, p, &maybeDefaultValue); + } + + MOZ_ASSERT(*p == ':'); + p++; // move past the ':' between the default and user values + + Maybe<dom::PrefValue> maybeUserValue; + if (*p != '\n') { + dom::PrefValue userValue; + p = PrefValue::Deserialize(type, p, &maybeUserValue); + } + + MOZ_ASSERT(*p == '\n'); + p++; // move past the '\n' following the user value + + *aDomPref = dom::Pref(name, isLocked, isSanitized, maybeDefaultValue, + maybeUserValue); + + return p; + } + + void AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, PrefsSizes& aSizes) { + // Note: mName is allocated in sPrefNameArena, measured elsewhere. + aSizes.mPrefValues += aMallocSizeOf(this); + if (IsTypeString()) { + if (mHasDefaultValue) { + aSizes.mStringValues += aMallocSizeOf(mDefaultValue.mStringVal); + } + if (mHasUserValue) { + aSizes.mStringValues += aMallocSizeOf(mUserValue.mStringVal); + } + } + } + + void RelocateName(NameArena* aArena) { + mName.Rebind(ArenaStrdup(mName.get(), *aArena), mName.Length()); + } + + private: + nsDependentCString mName; // allocated in sPrefNameArena + + uint32_t mType : 2; + uint32_t mIsSticky : 1; + uint32_t mIsLocked : 1; + uint32_t mIsSanitized : 1; + uint32_t mHasDefaultValue : 1; + uint32_t mHasUserValue : 1; + uint32_t mIsSkippedByIteration : 1; + + PrefValue mDefaultValue; + PrefValue mUserValue; +}; + +struct PrefHasher { + using Key = UniquePtr<Pref>; + using Lookup = const char*; + + static HashNumber hash(const Lookup aLookup) { return HashString(aLookup); } + + static bool match(const Key& aKey, const Lookup aLookup) { + if (!aLookup || !aKey->Name()) { + return false; + } + + return strcmp(aLookup, aKey->Name()) == 0; + } +}; + +using PrefWrapperBase = Variant<Pref*, SharedPrefMap::Pref>; +class MOZ_STACK_CLASS PrefWrapper : public PrefWrapperBase { + using SharedPref = const SharedPrefMap::Pref; + + public: + MOZ_IMPLICIT PrefWrapper(Pref* aPref) : PrefWrapperBase(AsVariant(aPref)) {} + + MOZ_IMPLICIT PrefWrapper(const SharedPrefMap::Pref& aPref) + : PrefWrapperBase(AsVariant(aPref)) {} + + // Types. + + bool IsType(PrefType aType) const { return Type() == aType; } + bool IsTypeNone() const { return IsType(PrefType::None); } + bool IsTypeString() const { return IsType(PrefType::String); } + bool IsTypeInt() const { return IsType(PrefType::Int); } + bool IsTypeBool() const { return IsType(PrefType::Bool); } + +#define FORWARD(retType, method) \ + retType method() const { \ + struct Matcher { \ + retType operator()(const Pref* aPref) { return aPref->method(); } \ + retType operator()(SharedPref& aPref) { return aPref.method(); } \ + }; \ + return match(Matcher()); \ + } + + FORWARD(bool, IsLocked) + FORWARD(bool, IsSanitized) + FORWARD(bool, IsSticky) + FORWARD(bool, HasDefaultValue) + FORWARD(bool, HasUserValue) + FORWARD(const char*, Name) + FORWARD(nsCString, NameString) + FORWARD(PrefType, Type) +#undef FORWARD + +#define FORWARD(retType, method) \ + retType method(PrefValueKind aKind = PrefValueKind::User) const { \ + struct Matcher { \ + PrefValueKind mKind; \ + \ + retType operator()(const Pref* aPref) { return aPref->method(mKind); } \ + retType operator()(SharedPref& aPref) { return aPref.method(mKind); } \ + }; \ + return match(Matcher{aKind}); \ + } + + FORWARD(bool, GetBoolValue) + FORWARD(int32_t, GetIntValue) + FORWARD(nsCString, GetStringValue) + FORWARD(const char*, GetBareStringValue) +#undef FORWARD + + PrefValue GetValue(PrefValueKind aKind = PrefValueKind::User) const { + switch (Type()) { + case PrefType::Bool: + return PrefValue{GetBoolValue(aKind)}; + case PrefType::Int: + return PrefValue{GetIntValue(aKind)}; + case PrefType::String: + return PrefValue{GetBareStringValue(aKind)}; + case PrefType::None: + // This check will be performed in the above functions; but for NoneType + // we need to do it explicitly, then fall-through. + if (IsPreferenceSanitized(Name())) { + if (!sPrefTelemetryEventEnabled.exchange(true)) { + sPrefTelemetryEventEnabled = true; + Telemetry::SetEventRecordingEnabled("security"_ns, true); + } + + Telemetry::RecordEvent( + Telemetry::EventID::Security_Prefusage_Contentprocess, + mozilla::Some(Name()), mozilla::Nothing()); + + if (sCrashOnBlocklistedPref) { + MOZ_CRASH_UNSAFE_PRINTF( + "Should not access the preference '%s' in the Content " + "Processes", + Name()); + } + } + [[fallthrough]]; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected pref type"); + return PrefValue{}; + } + } + + Result<PrefValueKind, nsresult> WantValueKind(PrefType aType, + PrefValueKind aKind) const { + // WantValueKind may short-circuit GetValue functions and cause them to + // return early, before this check occurs in GetFooValue() + if (this->is<Pref*>() && IsPreferenceSanitized(this->as<Pref*>())) { + if (!sPrefTelemetryEventEnabled.exchange(true)) { + sPrefTelemetryEventEnabled = true; + Telemetry::SetEventRecordingEnabled("security"_ns, true); + } + + Telemetry::RecordEvent( + Telemetry::EventID::Security_Prefusage_Contentprocess, + mozilla::Some(Name()), mozilla::Nothing()); + + if (sCrashOnBlocklistedPref) { + MOZ_CRASH_UNSAFE_PRINTF( + "Should not access the preference '%s' in the Content Processes", + Name()); + } + } else if (!this->is<Pref*>()) { + // While we could use Name() above, and avoid the Variant checks, it + // would less efficient than needed and we can instead do a debug-only + // assert here to limit the inefficientcy + MOZ_ASSERT(!IsPreferenceSanitized(Name()), + "We should never have a sanitized SharedPrefMap::Pref."); + } + + if (Type() != aType) { + return Err(NS_ERROR_UNEXPECTED); + } + + if (aKind == PrefValueKind::Default || IsLocked() || !HasUserValue()) { + if (!HasDefaultValue()) { + return Err(NS_ERROR_UNEXPECTED); + } + return PrefValueKind::Default; + } + return PrefValueKind::User; + } + + nsresult GetValue(PrefValueKind aKind, bool* aResult) const { + PrefValueKind kind; + MOZ_TRY_VAR(kind, WantValueKind(PrefType::Bool, aKind)); + + *aResult = GetBoolValue(kind); + return NS_OK; + } + + nsresult GetValue(PrefValueKind aKind, int32_t* aResult) const { + PrefValueKind kind; + MOZ_TRY_VAR(kind, WantValueKind(PrefType::Int, aKind)); + + *aResult = GetIntValue(kind); + return NS_OK; + } + + nsresult GetValue(PrefValueKind aKind, uint32_t* aResult) const { + return GetValue(aKind, reinterpret_cast<int32_t*>(aResult)); + } + + nsresult GetValue(PrefValueKind aKind, float* aResult) const { + nsAutoCString result; + nsresult rv = GetValue(aKind, result); + if (NS_SUCCEEDED(rv)) { + // ParsePrefFloat() does a locale-independent conversion. + // FIXME: Other `GetValue` overloads don't clobber `aResult` on error. + *aResult = ParsePrefFloat(result, &rv); + } + return rv; + } + + nsresult GetValue(PrefValueKind aKind, nsACString& aResult) const { + PrefValueKind kind; + MOZ_TRY_VAR(kind, WantValueKind(PrefType::String, aKind)); + + aResult = GetStringValue(kind); + return NS_OK; + } + + nsresult GetValue(PrefValueKind aKind, nsACString* aResult) const { + return GetValue(aKind, *aResult); + } + + // Returns false if this pref doesn't have a user value worth saving. + bool UserValueToStringForSaving(nsCString& aStr) { + // Should we save the user value, if present? Only if it does not match the + // default value, or it is sticky. + if (HasUserValue() && + (!ValueMatches(PrefValueKind::Default, Type(), GetValue()) || + IsSticky())) { + if (IsTypeString()) { + StrEscape(GetStringValue().get(), aStr); + + } else if (IsTypeInt()) { + aStr.AppendInt(GetIntValue()); + + } else if (IsTypeBool()) { + aStr = GetBoolValue() ? "true" : "false"; + } + return true; + } + + // Do not save default prefs that haven't changed. + return false; + } + + bool Matches(PrefType aType, PrefValueKind aKind, PrefValue& aValue, + bool aIsSticky, bool aIsLocked) const { + return (ValueMatches(aKind, aType, aValue) && aIsSticky == IsSticky() && + aIsLocked == IsLocked()); + } + + bool ValueMatches(PrefValueKind aKind, PrefType aType, + const PrefValue& aValue) const { + if (!IsType(aType)) { + return false; + } + if (!(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue())) { + return false; + } + switch (aType) { + case PrefType::Bool: + return GetBoolValue(aKind) == aValue.mBoolVal; + case PrefType::Int: + return GetIntValue(aKind) == aValue.mIntVal; + case PrefType::String: + return strcmp(GetBareStringValue(aKind), aValue.mStringVal) == 0; + default: + MOZ_ASSERT_UNREACHABLE("Unexpected preference type"); + return false; + } + } +}; + +void Pref::FromWrapper(PrefWrapper& aWrapper) { + MOZ_ASSERT(aWrapper.is<SharedPrefMap::Pref>()); + auto pref = aWrapper.as<SharedPrefMap::Pref>(); + + MOZ_ASSERT(IsTypeNone()); + MOZ_ASSERT(mName == pref.NameString()); + + mType = uint32_t(pref.Type()); + + mIsLocked = pref.IsLocked(); + mIsSanitized = pref.IsSanitized(); + mIsSticky = pref.IsSticky(); + + mHasDefaultValue = pref.HasDefaultValue(); + mHasUserValue = pref.HasUserValue(); + + if (mHasDefaultValue) { + mDefaultValue.Init(Type(), aWrapper.GetValue(PrefValueKind::Default)); + } + if (mHasUserValue) { + mUserValue.Init(Type(), aWrapper.GetValue(PrefValueKind::User)); + } +} + +class CallbackNode { + public: + CallbackNode(const nsACString& aDomain, PrefChangedFunc aFunc, void* aData, + Preferences::MatchKind aMatchKind) + : mDomain(AsVariant(nsCString(aDomain))), + mFunc(aFunc), + mData(aData), + mNextAndMatchKind(aMatchKind) {} + + CallbackNode(const char** aDomains, PrefChangedFunc aFunc, void* aData, + Preferences::MatchKind aMatchKind) + : mDomain(AsVariant(aDomains)), + mFunc(aFunc), + mData(aData), + mNextAndMatchKind(aMatchKind) {} + + // mDomain is a UniquePtr<>, so any uses of Domain() should only be temporary + // borrows. + const Variant<nsCString, const char**>& Domain() const { return mDomain; } + + PrefChangedFunc Func() const { return mFunc; } + void ClearFunc() { mFunc = nullptr; } + + void* Data() const { return mData; } + + Preferences::MatchKind MatchKind() const { + return static_cast<Preferences::MatchKind>(mNextAndMatchKind & + kMatchKindMask); + } + + bool DomainIs(const nsACString& aDomain) const { + return mDomain.is<nsCString>() && mDomain.as<nsCString>() == aDomain; + } + + bool DomainIs(const char** aPrefs) const { + return mDomain == AsVariant(aPrefs); + } + + bool Matches(const nsACString& aPrefName) const { + auto match = [&](const nsACString& aStr) { + return MatchKind() == Preferences::ExactMatch + ? aPrefName == aStr + : StringBeginsWith(aPrefName, aStr); + }; + + if (mDomain.is<nsCString>()) { + return match(mDomain.as<nsCString>()); + } + for (const char** ptr = mDomain.as<const char**>(); *ptr; ptr++) { + if (match(nsDependentCString(*ptr))) { + return true; + } + } + return false; + } + + CallbackNode* Next() const { + return reinterpret_cast<CallbackNode*>(mNextAndMatchKind & kNextMask); + } + + void SetNext(CallbackNode* aNext) { + uintptr_t matchKind = mNextAndMatchKind & kMatchKindMask; + mNextAndMatchKind = reinterpret_cast<uintptr_t>(aNext); + MOZ_ASSERT((mNextAndMatchKind & kMatchKindMask) == 0); + mNextAndMatchKind |= matchKind; + } + + void AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, PrefsSizes& aSizes) { + aSizes.mCallbacksObjects += aMallocSizeOf(this); + if (mDomain.is<nsCString>()) { + aSizes.mCallbacksDomains += + mDomain.as<nsCString>().SizeOfExcludingThisIfUnshared(aMallocSizeOf); + } + } + + private: + static const uintptr_t kMatchKindMask = uintptr_t(0x1); + static const uintptr_t kNextMask = ~kMatchKindMask; + + Variant<nsCString, const char**> mDomain; + + // If someone attempts to remove the node from the callback list while + // NotifyCallbacks() is running, |func| is set to nullptr. Such nodes will + // be removed at the end of NotifyCallbacks(). + PrefChangedFunc mFunc; + void* mData; + + // Conceptually this is two fields: + // - CallbackNode* mNext; + // - Preferences::MatchKind mMatchKind; + // They are combined into a tagged pointer to save memory. + uintptr_t mNextAndMatchKind; +}; + +using PrefsHashTable = HashSet<UniquePtr<Pref>, PrefHasher>; + +// The main prefs hash table. Inside a function so we can assert it's only +// accessed on the main thread. (That assertion can be avoided but only do so +// with great care!) +static inline PrefsHashTable*& HashTable(bool aOffMainThread = false) { + MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); + static PrefsHashTable* sHashTable = nullptr; + return sHashTable; +} + +#ifdef DEBUG +// This defines the type used to store our `once` mirrors checker. We can't use +// HashMap for now due to alignment restrictions when dealing with +// std::function<void()> (see bug 1557617). +typedef std::function<void()> AntiFootgunCallback; +struct CompareStr { + bool operator()(char const* a, char const* b) const { + return std::strcmp(a, b) < 0; + } +}; +typedef std::map<const char*, AntiFootgunCallback, CompareStr> AntiFootgunMap; +static StaticAutoPtr<AntiFootgunMap> gOnceStaticPrefsAntiFootgun; +#endif + +// The callback list contains all the priority callbacks followed by the +// non-priority callbacks. gLastPriorityNode records where the first part ends. +static CallbackNode* gFirstCallback = nullptr; +static CallbackNode* gLastPriorityNode = nullptr; + +#ifdef DEBUG +# define ACCESS_COUNTS +#endif + +#ifdef ACCESS_COUNTS +using AccessCountsHashTable = nsTHashMap<nsCStringHashKey, uint32_t>; +static StaticAutoPtr<AccessCountsHashTable> gAccessCounts; + +static void AddAccessCount(const nsACString& aPrefName) { + // FIXME: Servo reads preferences from background threads in unsafe ways (bug + // 1474789), and triggers assertions here if we try to add usage count entries + // from background threads. + if (NS_IsMainThread()) { + JS::AutoSuppressGCAnalysis nogc; // Hash functions will not GC. + uint32_t& count = gAccessCounts->LookupOrInsert(aPrefName); + count++; + } +} + +static void AddAccessCount(const char* aPrefName) { + AddAccessCount(nsDependentCString(aPrefName)); +} +#else +static void MOZ_MAYBE_UNUSED AddAccessCount(const nsACString& aPrefName) {} + +static void AddAccessCount(const char* aPrefName) {} +#endif + +// These are only used during the call to NotifyCallbacks(). +static bool gCallbacksInProgress = false; +static bool gShouldCleanupDeadNodes = false; + +class PrefsHashIter { + using Iterator = decltype(HashTable()->modIter()); + using ElemType = Pref*; + + Iterator mIter; + + public: + explicit PrefsHashIter(PrefsHashTable* aTable) : mIter(aTable->modIter()) {} + + class Elem { + friend class PrefsHashIter; + + PrefsHashIter& mParent; + bool mDone; + + Elem(PrefsHashIter& aIter, bool aDone) : mParent(aIter), mDone(aDone) {} + + Iterator& Iter() { return mParent.mIter; } + + public: + Elem& operator*() { return *this; } + + ElemType get() { + if (mDone) { + return nullptr; + } + return Iter().get().get(); + } + ElemType get() const { return const_cast<Elem*>(this)->get(); } + + ElemType operator->() { return get(); } + ElemType operator->() const { return get(); } + + operator ElemType() { return get(); } + + void Remove() { Iter().remove(); } + + Elem& operator++() { + MOZ_ASSERT(!mDone); + Iter().next(); + mDone = Iter().done(); + return *this; + } + + bool operator!=(Elem& other) { + return mDone != other.mDone || this->get() != other.get(); + } + }; + + Elem begin() { return Elem(*this, mIter.done()); } + + Elem end() { return Elem(*this, true); } +}; + +class PrefsIter { + using Iterator = decltype(HashTable()->iter()); + using ElemType = PrefWrapper; + + using HashElem = PrefsHashIter::Elem; + using SharedElem = SharedPrefMap::Pref; + + using ElemTypeVariant = Variant<HashElem, SharedElem>; + + SharedPrefMap* mSharedMap; + PrefsHashTable* mHashTable; + PrefsHashIter mIter; + + ElemTypeVariant mPos; + ElemTypeVariant mEnd; + + Maybe<PrefWrapper> mEntry; + + public: + PrefsIter(PrefsHashTable* aHashTable, SharedPrefMap* aSharedMap) + : mSharedMap(aSharedMap), + mHashTable(aHashTable), + mIter(aHashTable), + mPos(AsVariant(mIter.begin())), + mEnd(AsVariant(mIter.end())) { + if (Done()) { + NextIterator(); + } + } + + private: +#define MATCH(type, ...) \ + do { \ + struct Matcher { \ + PrefsIter& mIter; \ + type operator()(HashElem& pos) { \ + HashElem& end MOZ_MAYBE_UNUSED = mIter.mEnd.as<HashElem>(); \ + __VA_ARGS__; \ + } \ + type operator()(SharedElem& pos) { \ + SharedElem& end MOZ_MAYBE_UNUSED = mIter.mEnd.as<SharedElem>(); \ + __VA_ARGS__; \ + } \ + }; \ + return mPos.match(Matcher{*this}); \ + } while (0); + + bool Done() { MATCH(bool, return pos == end); } + + PrefWrapper MakeEntry() { MATCH(PrefWrapper, return PrefWrapper(pos)); } + + void NextEntry() { + mEntry.reset(); + MATCH(void, ++pos); + } +#undef MATCH + + bool Next() { + NextEntry(); + return !Done() || NextIterator(); + } + + bool NextIterator() { + if (mPos.is<HashElem>() && mSharedMap) { + mPos = AsVariant(mSharedMap->begin()); + mEnd = AsVariant(mSharedMap->end()); + return !Done(); + } + return false; + } + + bool IteratingBase() { return mPos.is<SharedElem>(); } + + PrefWrapper& Entry() { + MOZ_ASSERT(!Done()); + + if (!mEntry.isSome()) { + mEntry.emplace(MakeEntry()); + } + return mEntry.ref(); + } + + public: + class Elem { + friend class PrefsIter; + + PrefsIter& mParent; + bool mDone; + + Elem(PrefsIter& aIter, bool aDone) : mParent(aIter), mDone(aDone) { + SkipDuplicates(); + } + + void Next() { mDone = !mParent.Next(); } + + void SkipDuplicates() { + while (!mDone && + (mParent.IteratingBase() ? mParent.mHashTable->has(ref().Name()) + : ref().IsTypeNone())) { + Next(); + } + } + + public: + Elem& operator*() { return *this; } + + ElemType& ref() { return mParent.Entry(); } + const ElemType& ref() const { return const_cast<Elem*>(this)->ref(); } + + ElemType* operator->() { return &ref(); } + const ElemType* operator->() const { return &ref(); } + + operator ElemType() { return ref(); } + + Elem& operator++() { + MOZ_ASSERT(!mDone); + Next(); + SkipDuplicates(); + return *this; + } + + bool operator!=(Elem& other) { + if (mDone != other.mDone) { + return true; + } + if (mDone) { + return false; + } + return &this->ref() != &other.ref(); + } + }; + + Elem begin() { return {*this, Done()}; } + + Elem end() { return {*this, true}; } +}; + +static Pref* pref_HashTableLookup(const char* aPrefName); + +static void NotifyCallbacks(const nsCString& aPrefName, + const PrefWrapper* aPref = nullptr); + +static void NotifyCallbacks(const nsCString& aPrefName, + const PrefWrapper& aPref) { + NotifyCallbacks(aPrefName, &aPref); +} + +// The approximate number of preferences in the dynamic hashtable for the parent +// and content processes, respectively. These numbers are used to determine the +// initial size of the dynamic preference hashtables, and should be chosen to +// avoid rehashing during normal usage. The actual number of preferences will, +// or course, change over time, but these numbers only need to be within a +// binary order of magnitude of the actual values to remain effective. +// +// The number for the parent process should reflect the total number of +// preferences in the database, since the parent process needs to initially +// build a dynamic hashtable of the entire preference database. The number for +// the child process should reflect the number of preferences which are likely +// to change after the startup of the first content process, since content +// processes only store changed preferences on top of a snapshot of the database +// created at startup. +// +// Note: The capacity of a hashtable doubles when its length reaches an exact +// power of two. A table with an initial length of 64 is twice as large as one +// with an initial length of 63. This is important in content processes, where +// lookup speed is less critical and we pay the price of the additional overhead +// for each content process. So the initial content length should generally be +// *under* the next power-of-two larger than its expected length. +constexpr size_t kHashTableInitialLengthParent = 3000; +constexpr size_t kHashTableInitialLengthContent = 64; + +static PrefSaveData pref_savePrefs() { + MOZ_ASSERT(NS_IsMainThread()); + + PrefSaveData savedPrefs(HashTable()->count()); + + for (auto& pref : PrefsIter(HashTable(), gSharedMap)) { + nsAutoCString prefValueStr; + if (!pref->UserValueToStringForSaving(prefValueStr)) { + continue; + } + + nsAutoCString prefNameStr; + StrEscape(pref->Name(), prefNameStr); + + nsPrintfCString str("user_pref(%s, %s);", prefNameStr.get(), + prefValueStr.get()); + + savedPrefs.AppendElement(str); + } + + return savedPrefs; +} + +static Pref* pref_HashTableLookup(const char* aPrefName) { + MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); + + MOZ_ASSERT_IF(!XRE_IsParentProcess(), gContentProcessPrefsAreInited); + + // We use readonlyThreadsafeLookup() because we often have concurrent lookups + // from multiple Stylo threads. This is safe because those threads cannot + // modify sHashTable, and the main thread is blocked while Stylo threads are + // doing these lookups. + auto p = HashTable()->readonlyThreadsafeLookup(aPrefName); + return p ? p->get() : nullptr; +} + +// While notifying preference callbacks, this holds the wrapper for the +// preference being notified, in order to optimize lookups. +// +// Note: Callbacks and lookups only happen on the main thread, so this is safe +// to use without locking. +static const PrefWrapper* gCallbackPref; + +Maybe<PrefWrapper> pref_SharedLookup(const char* aPrefName) { + MOZ_DIAGNOSTIC_ASSERT(gSharedMap, "gSharedMap must be initialized"); + if (Maybe<SharedPrefMap::Pref> pref = gSharedMap->Get(aPrefName)) { + return Some(*pref); + } + return Nothing(); +} + +Maybe<PrefWrapper> pref_Lookup(const char* aPrefName, + bool aIncludeTypeNone = false) { + MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); + + AddAccessCount(aPrefName); + + if (gCallbackPref && strcmp(aPrefName, gCallbackPref->Name()) == 0) { + return Some(*gCallbackPref); + } + if (Pref* pref = pref_HashTableLookup(aPrefName)) { + if (aIncludeTypeNone || !pref->IsTypeNone() || pref->IsSanitized()) { + return Some(pref); + } + } else if (gSharedMap) { + return pref_SharedLookup(aPrefName); + } + + return Nothing(); +} + +static Result<Pref*, nsresult> pref_LookupForModify( + const nsCString& aPrefName, + const std::function<bool(const PrefWrapper&)>& aCheckFn) { + Maybe<PrefWrapper> wrapper = + pref_Lookup(aPrefName.get(), /* includeTypeNone */ true); + if (wrapper.isNothing()) { + return Err(NS_ERROR_INVALID_ARG); + } + if (!aCheckFn(*wrapper)) { + return nullptr; + } + if (wrapper->is<Pref*>()) { + return wrapper->as<Pref*>(); + } + + Pref* pref = new Pref(aPrefName); + if (!HashTable()->putNew(aPrefName.get(), pref)) { + delete pref; + return Err(NS_ERROR_OUT_OF_MEMORY); + } + pref->FromWrapper(*wrapper); + return pref; +} + +static nsresult pref_SetPref(const nsCString& aPrefName, PrefType aType, + PrefValueKind aKind, PrefValue aValue, + bool aIsSticky, bool aIsLocked, bool aFromInit) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(NS_IsMainThread()); + + if (AppShutdown::IsInOrBeyond(ShutdownPhase::XPCOMShutdownThreads)) { + printf( + "pref_SetPref: Attempt to write pref %s after XPCOMShutdownThreads " + "started.\n", + aPrefName.get()); + if (nsContentUtils::IsInitialized()) { + xpc_DumpJSStack(true, true, false); + } + MOZ_ASSERT(false, "Late preference writes should be avoided."); + return NS_ERROR_ILLEGAL_DURING_SHUTDOWN; + } + + if (!HashTable()) { + return NS_ERROR_OUT_OF_MEMORY; + } + + Pref* pref = nullptr; + if (gSharedMap) { + auto result = + pref_LookupForModify(aPrefName, [&](const PrefWrapper& aWrapper) { + return !aWrapper.Matches(aType, aKind, aValue, aIsSticky, aIsLocked); + }); + if (result.isOk() && !(pref = result.unwrap())) { + // No changes required. + return NS_OK; + } + } + + if (!pref) { + auto p = HashTable()->lookupForAdd(aPrefName.get()); + if (!p) { + pref = new Pref(aPrefName); + pref->SetType(aType); + if (!HashTable()->add(p, pref)) { + delete pref; + return NS_ERROR_OUT_OF_MEMORY; + } + } else { + pref = p->get(); + } + } + + bool valueChanged = false; + nsresult rv; + if (aKind == PrefValueKind::Default) { + rv = pref->SetDefaultValue(aType, aValue, aIsSticky, aIsLocked, + &valueChanged); + } else { + MOZ_ASSERT(!aIsLocked); // `locked` is disallowed in user pref files + rv = pref->SetUserValue(aType, aValue, aFromInit, &valueChanged); + } + if (NS_FAILED(rv)) { + NS_WARNING( + nsPrintfCString("Rejected attempt to change type of pref %s's %s value " + "from %s to %s", + aPrefName.get(), + (aKind == PrefValueKind::Default) ? "default" : "user", + PrefTypeToString(pref->Type()), PrefTypeToString(aType)) + .get()); + + return rv; + } + + if (valueChanged) { + if (!aFromInit && profiler_thread_is_being_profiled_for_markers()) { + nsAutoCString value; + aValue.ToString(aType, value); + profiler_add_marker( + "Preference Write", baseprofiler::category::OTHER_PreferenceRead, {}, + PreferenceMarker{}, aPrefName, Some(aKind), aType, value); + } + + if (aKind == PrefValueKind::User) { + Preferences::HandleDirty(); + } + NotifyCallbacks(aPrefName, PrefWrapper(pref)); + } + + return NS_OK; +} + +// Removes |node| from callback list. Returns the node after the deleted one. +static CallbackNode* pref_RemoveCallbackNode(CallbackNode* aNode, + CallbackNode* aPrevNode) { + MOZ_ASSERT(!aPrevNode || aPrevNode->Next() == aNode); + MOZ_ASSERT(aPrevNode || gFirstCallback == aNode); + MOZ_ASSERT(!gCallbacksInProgress); + + CallbackNode* next_node = aNode->Next(); + if (aPrevNode) { + aPrevNode->SetNext(next_node); + } else { + gFirstCallback = next_node; + } + if (gLastPriorityNode == aNode) { + gLastPriorityNode = aPrevNode; + } + delete aNode; + return next_node; +} + +static void NotifyCallbacks(const nsCString& aPrefName, + const PrefWrapper* aPref) { + bool reentered = gCallbacksInProgress; + + gCallbackPref = aPref; + auto cleanup = MakeScopeExit([]() { gCallbackPref = nullptr; }); + + // Nodes must not be deleted while gCallbacksInProgress is true. + // Nodes that need to be deleted are marked for deletion by nulling + // out the |func| pointer. We release them at the end of this function + // if we haven't reentered. + gCallbacksInProgress = true; + + for (CallbackNode* node = gFirstCallback; node; node = node->Next()) { + if (node->Func()) { + if (node->Matches(aPrefName)) { + (node->Func())(aPrefName.get(), node->Data()); + } + } + } + + gCallbacksInProgress = reentered; + + if (gShouldCleanupDeadNodes && !gCallbacksInProgress) { + CallbackNode* prev_node = nullptr; + CallbackNode* node = gFirstCallback; + + while (node) { + if (!node->Func()) { + node = pref_RemoveCallbackNode(node, prev_node); + } else { + prev_node = node; + node = node->Next(); + } + } + gShouldCleanupDeadNodes = false; + } + +#ifdef DEBUG + if (XRE_IsParentProcess() && + !StaticPrefs::preferences_force_disable_check_once_policy() && + (StaticPrefs::preferences_check_once_policy() || xpc::IsInAutomation())) { + // Check that we aren't modifying a `once`-mirrored pref using that pref + // name. We have about 100 `once`-mirrored prefs. std::map performs a + // search in O(log n), so this is fast enough. + MOZ_ASSERT(gOnceStaticPrefsAntiFootgun); + auto search = gOnceStaticPrefsAntiFootgun->find(aPrefName.get()); + if (search != gOnceStaticPrefsAntiFootgun->end()) { + // Run the callback. + (search->second)(); + } + } +#endif +} + +//=========================================================================== +// Prefs parsing +//=========================================================================== + +extern "C" { + +// Keep this in sync with PrefFn in parser/src/lib.rs. +typedef void (*PrefsParserPrefFn)(const char* aPrefName, PrefType aType, + PrefValueKind aKind, PrefValue aValue, + bool aIsSticky, bool aIsLocked); + +// Keep this in sync with ErrorFn in parser/src/lib.rs. +// +// `aMsg` is just a borrow of the string, and must be copied if it is used +// outside the lifetime of the prefs_parser_parse() call. +typedef void (*PrefsParserErrorFn)(const char* aMsg); + +// Keep this in sync with prefs_parser_parse() in parser/src/lib.rs. +bool prefs_parser_parse(const char* aPath, PrefValueKind aKind, + const char* aBuf, size_t aLen, + PrefsParserPrefFn aPrefFn, PrefsParserErrorFn aErrorFn); +} + +class Parser { + public: + Parser() = default; + ~Parser() = default; + + bool Parse(PrefValueKind aKind, const char* aPath, const nsCString& aBuf) { + MOZ_ASSERT(XRE_IsParentProcess()); + return prefs_parser_parse(aPath, aKind, aBuf.get(), aBuf.Length(), + HandlePref, HandleError); + } + + private: + static void HandlePref(const char* aPrefName, PrefType aType, + PrefValueKind aKind, PrefValue aValue, bool aIsSticky, + bool aIsLocked) { + MOZ_ASSERT(XRE_IsParentProcess()); + pref_SetPref(nsDependentCString(aPrefName), aType, aKind, aValue, aIsSticky, + aIsLocked, + /* fromInit */ true); + } + + static void HandleError(const char* aMsg) { + nsresult rv; + nsCOMPtr<nsIConsoleService> console = + do_GetService("@mozilla.org/consoleservice;1", &rv); + if (NS_SUCCEEDED(rv)) { + console->LogStringMessage(NS_ConvertUTF8toUTF16(aMsg).get()); + } +#ifdef DEBUG + NS_ERROR(aMsg); +#else + printf_stderr("%s\n", aMsg); +#endif + } +}; + +// The following code is test code for the gtest. + +static void TestParseErrorHandlePref(const char* aPrefName, PrefType aType, + PrefValueKind aKind, PrefValue aValue, + bool aIsSticky, bool aIsLocked) {} + +static nsCString gTestParseErrorMsgs; + +static void TestParseErrorHandleError(const char* aMsg) { + gTestParseErrorMsgs.Append(aMsg); + gTestParseErrorMsgs.Append('\n'); +} + +// Keep this in sync with the declaration in test/gtest/Parser.cpp. +void TestParseError(PrefValueKind aKind, const char* aText, + nsCString& aErrorMsg) { + prefs_parser_parse("test", aKind, aText, strlen(aText), + TestParseErrorHandlePref, TestParseErrorHandleError); + + // Copy the error messages into the outparam, then clear them from + // gTestParseErrorMsgs. + aErrorMsg.Assign(gTestParseErrorMsgs); + gTestParseErrorMsgs.Truncate(); +} + +//=========================================================================== +// nsPrefBranch et al. +//=========================================================================== + +namespace mozilla { +class PreferenceServiceReporter; +} // namespace mozilla + +class PrefCallback : public PLDHashEntryHdr { + friend class mozilla::PreferenceServiceReporter; + + public: + typedef PrefCallback* KeyType; + typedef const PrefCallback* KeyTypePointer; + + static const PrefCallback* KeyToPointer(PrefCallback* aKey) { return aKey; } + + static PLDHashNumber HashKey(const PrefCallback* aKey) { + uint32_t hash = HashString(aKey->mDomain); + return AddToHash(hash, aKey->mCanonical); + } + + public: + // Create a PrefCallback with a strong reference to its observer. + PrefCallback(const nsACString& aDomain, nsIObserver* aObserver, + nsPrefBranch* aBranch) + : mDomain(aDomain), + mBranch(aBranch), + mWeakRef(nullptr), + mStrongRef(aObserver) { + MOZ_COUNT_CTOR(PrefCallback); + nsCOMPtr<nsISupports> canonical = do_QueryInterface(aObserver); + mCanonical = canonical; + } + + // Create a PrefCallback with a weak reference to its observer. + PrefCallback(const nsACString& aDomain, nsISupportsWeakReference* aObserver, + nsPrefBranch* aBranch) + : mDomain(aDomain), + mBranch(aBranch), + mWeakRef(do_GetWeakReference(aObserver)), + mStrongRef(nullptr) { + MOZ_COUNT_CTOR(PrefCallback); + nsCOMPtr<nsISupports> canonical = do_QueryInterface(aObserver); + mCanonical = canonical; + } + + // This is explicitly not a copy constructor. + explicit PrefCallback(const PrefCallback*& aCopy) + : mDomain(aCopy->mDomain), + mBranch(aCopy->mBranch), + mWeakRef(aCopy->mWeakRef), + mStrongRef(aCopy->mStrongRef), + mCanonical(aCopy->mCanonical) { + MOZ_COUNT_CTOR(PrefCallback); + } + + PrefCallback(const PrefCallback&) = delete; + PrefCallback(PrefCallback&&) = default; + + MOZ_COUNTED_DTOR(PrefCallback) + + bool KeyEquals(const PrefCallback* aKey) const { + // We want to be able to look up a weakly-referencing PrefCallback after + // its observer has died so we can remove it from the table. Once the + // callback's observer dies, its canonical pointer is stale -- in + // particular, we may have allocated a new observer in the same spot in + // memory! So we can't just compare canonical pointers to determine whether + // aKey refers to the same observer as this. + // + // Our workaround is based on the way we use this hashtable: When we ask + // the hashtable to remove a PrefCallback whose weak reference has expired, + // we use as the key for removal the same object as was inserted into the + // hashtable. Thus we can say that if one of the keys' weak references has + // expired, the two keys are equal iff they're the same object. + + if (IsExpired() || aKey->IsExpired()) { + return this == aKey; + } + + if (mCanonical != aKey->mCanonical) { + return false; + } + + return mDomain.Equals(aKey->mDomain); + } + + PrefCallback* GetKey() const { return const_cast<PrefCallback*>(this); } + + // Get a reference to the callback's observer, or null if the observer was + // weakly referenced and has been destroyed. + already_AddRefed<nsIObserver> GetObserver() const { + if (!IsWeak()) { + nsCOMPtr<nsIObserver> copy = mStrongRef; + return copy.forget(); + } + + nsCOMPtr<nsIObserver> observer = do_QueryReferent(mWeakRef); + return observer.forget(); + } + + const nsCString& GetDomain() const { return mDomain; } + + nsPrefBranch* GetPrefBranch() const { return mBranch; } + + // Has this callback's weak reference died? + bool IsExpired() const { + if (!IsWeak()) return false; + + nsCOMPtr<nsIObserver> observer(do_QueryReferent(mWeakRef)); + return !observer; + } + + size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { + size_t n = aMallocSizeOf(this); + n += mDomain.SizeOfExcludingThisIfUnshared(aMallocSizeOf); + + // All the other fields are non-owning pointers, so we don't measure them. + + return n; + } + + enum { ALLOW_MEMMOVE = true }; + + private: + nsCString mDomain; + nsPrefBranch* mBranch; + + // Exactly one of mWeakRef and mStrongRef should be non-null. + nsWeakPtr mWeakRef; + nsCOMPtr<nsIObserver> mStrongRef; + + // We need a canonical nsISupports pointer, per bug 578392. + nsISupports* mCanonical; + + bool IsWeak() const { return !!mWeakRef; } +}; + +class nsPrefBranch final : public nsIPrefBranch, + public nsIObserver, + public nsSupportsWeakReference { + friend class mozilla::PreferenceServiceReporter; + + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIPREFBRANCH + NS_DECL_NSIOBSERVER + + nsPrefBranch(const char* aPrefRoot, PrefValueKind aKind); + nsPrefBranch() = delete; + + static void NotifyObserver(const char* aNewpref, void* aData); + + size_t SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const; + + private: + using PrefName = nsCString; + + virtual ~nsPrefBranch(); + + int32_t GetRootLength() const { return mPrefRoot.Length(); } + + nsresult GetDefaultFromPropertiesFile(const char* aPrefName, + nsAString& aReturn); + + // As SetCharPref, but without any check on the length of |aValue|. + nsresult SetCharPrefNoLengthCheck(const char* aPrefName, + const nsACString& aValue); + + // Reject strings that are more than 1Mb, warn if strings are more than 16kb. + nsresult CheckSanityOfStringLength(const char* aPrefName, + const nsAString& aValue); + nsresult CheckSanityOfStringLength(const char* aPrefName, + const nsACString& aValue); + nsresult CheckSanityOfStringLength(const char* aPrefName, + const uint32_t aLength); + + void RemoveExpiredCallback(PrefCallback* aCallback); + + PrefName GetPrefName(const char* aPrefName) const { + return GetPrefName(nsDependentCString(aPrefName)); + } + + PrefName GetPrefName(const nsACString& aPrefName) const; + + void FreeObserverList(void); + + const nsCString mPrefRoot; + PrefValueKind mKind; + + bool mFreeingObserverList; + nsClassHashtable<PrefCallback, PrefCallback> mObservers; +}; + +class nsPrefLocalizedString final : public nsIPrefLocalizedString { + public: + nsPrefLocalizedString(); + + NS_DECL_ISUPPORTS + NS_FORWARD_NSISUPPORTSPRIMITIVE(mUnicodeString->) + NS_FORWARD_NSISUPPORTSSTRING(mUnicodeString->) + + nsresult Init(); + + private: + virtual ~nsPrefLocalizedString(); + + nsCOMPtr<nsISupportsString> mUnicodeString; +}; + +//---------------------------------------------------------------------------- +// nsPrefBranch +//---------------------------------------------------------------------------- + +nsPrefBranch::nsPrefBranch(const char* aPrefRoot, PrefValueKind aKind) + : mPrefRoot(aPrefRoot), + mKind(aKind), + mFreeingObserverList(false), + mObservers() { + nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); + if (observerService) { + ++mRefCnt; // must be > 0 when we call this, or we'll get deleted! + + // Add weakly so we don't have to clean up at shutdown. + observerService->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, true); + --mRefCnt; + } +} + +nsPrefBranch::~nsPrefBranch() { FreeObserverList(); } + +NS_IMPL_ISUPPORTS(nsPrefBranch, nsIPrefBranch, nsIObserver, + nsISupportsWeakReference) + +NS_IMETHODIMP +nsPrefBranch::GetRoot(nsACString& aRoot) { + aRoot = mPrefRoot; + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::GetPrefType(const char* aPrefName, int32_t* aRetVal) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& prefName = GetPrefName(aPrefName); + *aRetVal = Preferences::GetType(prefName.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::GetBoolPrefWithDefault(const char* aPrefName, bool aDefaultValue, + uint8_t aArgc, bool* aRetVal) { + nsresult rv = GetBoolPref(aPrefName, aRetVal); + if (NS_FAILED(rv) && aArgc == 1) { + *aRetVal = aDefaultValue; + return NS_OK; + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::GetBoolPref(const char* aPrefName, bool* aRetVal) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::GetBool(pref.get(), aRetVal, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::SetBoolPref(const char* aPrefName, bool aValue) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::SetBool(pref.get(), aValue, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::GetFloatPrefWithDefault(const char* aPrefName, + float aDefaultValue, uint8_t aArgc, + float* aRetVal) { + nsresult rv = GetFloatPref(aPrefName, aRetVal); + + if (NS_FAILED(rv) && aArgc == 1) { + *aRetVal = aDefaultValue; + return NS_OK; + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::GetFloatPref(const char* aPrefName, float* aRetVal) { + NS_ENSURE_ARG(aPrefName); + + nsAutoCString stringVal; + nsresult rv = GetCharPref(aPrefName, stringVal); + if (NS_SUCCEEDED(rv)) { + // ParsePrefFloat() does a locale-independent conversion. + *aRetVal = ParsePrefFloat(stringVal, &rv); + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::GetCharPrefWithDefault(const char* aPrefName, + const nsACString& aDefaultValue, + uint8_t aArgc, nsACString& aRetVal) { + nsresult rv = GetCharPref(aPrefName, aRetVal); + + if (NS_FAILED(rv) && aArgc == 1) { + aRetVal = aDefaultValue; + return NS_OK; + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::GetCharPref(const char* aPrefName, nsACString& aRetVal) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::GetCString(pref.get(), aRetVal, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::SetCharPref(const char* aPrefName, const nsACString& aValue) { + nsresult rv = CheckSanityOfStringLength(aPrefName, aValue); + if (NS_FAILED(rv)) { + return rv; + } + return SetCharPrefNoLengthCheck(aPrefName, aValue); +} + +nsresult nsPrefBranch::SetCharPrefNoLengthCheck(const char* aPrefName, + const nsACString& aValue) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::SetCString(pref.get(), aValue, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::GetStringPref(const char* aPrefName, + const nsACString& aDefaultValue, uint8_t aArgc, + nsACString& aRetVal) { + nsCString utf8String; + nsresult rv = GetCharPref(aPrefName, utf8String); + if (NS_SUCCEEDED(rv)) { + aRetVal = utf8String; + return rv; + } + + if (aArgc == 1) { + aRetVal = aDefaultValue; + return NS_OK; + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::SetStringPref(const char* aPrefName, const nsACString& aValue) { + nsresult rv = CheckSanityOfStringLength(aPrefName, aValue); + if (NS_FAILED(rv)) { + return rv; + } + + return SetCharPrefNoLengthCheck(aPrefName, aValue); +} + +NS_IMETHODIMP +nsPrefBranch::GetIntPrefWithDefault(const char* aPrefName, + int32_t aDefaultValue, uint8_t aArgc, + int32_t* aRetVal) { + nsresult rv = GetIntPref(aPrefName, aRetVal); + + if (NS_FAILED(rv) && aArgc == 1) { + *aRetVal = aDefaultValue; + return NS_OK; + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::GetIntPref(const char* aPrefName, int32_t* aRetVal) { + NS_ENSURE_ARG(aPrefName); + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::GetInt(pref.get(), aRetVal, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::SetIntPref(const char* aPrefName, int32_t aValue) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::SetInt(pref.get(), aValue, mKind); +} + +NS_IMETHODIMP +nsPrefBranch::GetComplexValue(const char* aPrefName, const nsIID& aType, + void** aRetVal) { + NS_ENSURE_ARG(aPrefName); + + nsresult rv; + nsAutoCString utf8String; + + // We have to do this one first because it's different to all the rest. + if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) { + nsCOMPtr<nsIPrefLocalizedString> theString( + do_CreateInstance(NS_PREFLOCALIZEDSTRING_CONTRACTID, &rv)); + if (NS_FAILED(rv)) { + return rv; + } + + const PrefName& pref = GetPrefName(aPrefName); + bool bNeedDefault = false; + + if (mKind == PrefValueKind::Default) { + bNeedDefault = true; + } else { + // if there is no user (or locked) value + if (!Preferences::HasUserValue(pref.get()) && + !Preferences::IsLocked(pref.get())) { + bNeedDefault = true; + } + } + + // if we need to fetch the default value, do that instead, otherwise use the + // value we pulled in at the top of this function + if (bNeedDefault) { + nsAutoString utf16String; + rv = GetDefaultFromPropertiesFile(pref.get(), utf16String); + if (NS_SUCCEEDED(rv)) { + theString->SetData(utf16String); + } + } else { + rv = GetCharPref(aPrefName, utf8String); + if (NS_SUCCEEDED(rv)) { + theString->SetData(NS_ConvertUTF8toUTF16(utf8String)); + } + } + + if (NS_SUCCEEDED(rv)) { + theString.forget(reinterpret_cast<nsIPrefLocalizedString**>(aRetVal)); + } + + return rv; + } + + // if we can't get the pref, there's no point in being here + rv = GetCharPref(aPrefName, utf8String); + if (NS_FAILED(rv)) { + return rv; + } + + if (aType.Equals(NS_GET_IID(nsIFile))) { + ENSURE_PARENT_PROCESS("GetComplexValue(nsIFile)", aPrefName); + + nsCOMPtr<nsIFile> file(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv)); + + if (NS_SUCCEEDED(rv)) { + rv = file->SetPersistentDescriptor(utf8String); + if (NS_SUCCEEDED(rv)) { + file.forget(reinterpret_cast<nsIFile**>(aRetVal)); + return NS_OK; + } + } + return rv; + } + + if (aType.Equals(NS_GET_IID(nsIRelativeFilePref))) { + ENSURE_PARENT_PROCESS("GetComplexValue(nsIRelativeFilePref)", aPrefName); + + nsACString::const_iterator keyBegin, strEnd; + utf8String.BeginReading(keyBegin); + utf8String.EndReading(strEnd); + + // The pref has the format: [fromKey]a/b/c + if (*keyBegin++ != '[') { + return NS_ERROR_FAILURE; + } + + nsACString::const_iterator keyEnd(keyBegin); + if (!FindCharInReadable(']', keyEnd, strEnd)) { + return NS_ERROR_FAILURE; + } + + nsAutoCString key(Substring(keyBegin, keyEnd)); + + nsCOMPtr<nsIFile> fromFile; + nsCOMPtr<nsIProperties> directoryService( + do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); + if (NS_FAILED(rv)) { + return rv; + } + + rv = directoryService->Get(key.get(), NS_GET_IID(nsIFile), + getter_AddRefs(fromFile)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr<nsIFile> theFile; + rv = NS_NewNativeLocalFile(""_ns, true, getter_AddRefs(theFile)); + if (NS_FAILED(rv)) { + return rv; + } + + rv = theFile->SetRelativeDescriptor(fromFile, Substring(++keyEnd, strEnd)); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr<nsIRelativeFilePref> relativePref = new nsRelativeFilePref(); + Unused << relativePref->SetFile(theFile); + Unused << relativePref->SetRelativeToKey(key); + + relativePref.forget(reinterpret_cast<nsIRelativeFilePref**>(aRetVal)); + return NS_OK; + } + + NS_WARNING("nsPrefBranch::GetComplexValue - Unsupported interface type"); + return NS_NOINTERFACE; +} + +nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, + const nsAString& aValue) { + return CheckSanityOfStringLength(aPrefName, aValue.Length()); +} + +nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, + const nsACString& aValue) { + return CheckSanityOfStringLength(aPrefName, aValue.Length()); +} + +nsresult nsPrefBranch::CheckSanityOfStringLength(const char* aPrefName, + const uint32_t aLength) { + if (aLength > MAX_PREF_LENGTH) { + return NS_ERROR_ILLEGAL_VALUE; + } + if (aLength <= MAX_ADVISABLE_PREF_LENGTH) { + return NS_OK; + } + + nsresult rv; + nsCOMPtr<nsIConsoleService> console = + do_GetService("@mozilla.org/consoleservice;1", &rv); + if (NS_FAILED(rv)) { + return rv; + } + + nsAutoCString message(nsPrintfCString( + "Warning: attempting to write %d bytes to preference %s. This is bad " + "for general performance and memory usage. Such an amount of data " + "should rather be written to an external file.", + aLength, GetPrefName(aPrefName).get())); + + rv = console->LogStringMessage(NS_ConvertUTF8toUTF16(message).get()); + if (NS_FAILED(rv)) { + return rv; + } + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::SetComplexValue(const char* aPrefName, const nsIID& aType, + nsISupports* aValue) { + ENSURE_PARENT_PROCESS("SetComplexValue", aPrefName); + NS_ENSURE_ARG(aPrefName); + + nsresult rv = NS_NOINTERFACE; + + if (aType.Equals(NS_GET_IID(nsIFile))) { + nsCOMPtr<nsIFile> file = do_QueryInterface(aValue); + if (!file) { + return NS_NOINTERFACE; + } + + nsAutoCString descriptorString; + rv = file->GetPersistentDescriptor(descriptorString); + if (NS_SUCCEEDED(rv)) { + rv = SetCharPrefNoLengthCheck(aPrefName, descriptorString); + } + return rv; + } + + if (aType.Equals(NS_GET_IID(nsIRelativeFilePref))) { + nsCOMPtr<nsIRelativeFilePref> relFilePref = do_QueryInterface(aValue); + if (!relFilePref) { + return NS_NOINTERFACE; + } + + nsCOMPtr<nsIFile> file; + relFilePref->GetFile(getter_AddRefs(file)); + if (!file) { + return NS_NOINTERFACE; + } + + nsAutoCString relativeToKey; + (void)relFilePref->GetRelativeToKey(relativeToKey); + + nsCOMPtr<nsIFile> relativeToFile; + nsCOMPtr<nsIProperties> directoryService( + do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); + if (NS_FAILED(rv)) { + return rv; + } + + rv = directoryService->Get(relativeToKey.get(), NS_GET_IID(nsIFile), + getter_AddRefs(relativeToFile)); + if (NS_FAILED(rv)) { + return rv; + } + + nsAutoCString relDescriptor; + rv = file->GetRelativeDescriptor(relativeToFile, relDescriptor); + if (NS_FAILED(rv)) { + return rv; + } + + nsAutoCString descriptorString; + descriptorString.Append('['); + descriptorString.Append(relativeToKey); + descriptorString.Append(']'); + descriptorString.Append(relDescriptor); + return SetCharPrefNoLengthCheck(aPrefName, descriptorString); + } + + if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) { + nsCOMPtr<nsISupportsString> theString = do_QueryInterface(aValue); + + if (theString) { + nsString wideString; + + rv = theString->GetData(wideString); + if (NS_SUCCEEDED(rv)) { + // Check sanity of string length before any lengthy conversion + rv = CheckSanityOfStringLength(aPrefName, wideString); + if (NS_FAILED(rv)) { + return rv; + } + rv = SetCharPrefNoLengthCheck(aPrefName, + NS_ConvertUTF16toUTF8(wideString)); + } + } + return rv; + } + + NS_WARNING("nsPrefBranch::SetComplexValue - Unsupported interface type"); + return NS_NOINTERFACE; +} + +NS_IMETHODIMP +nsPrefBranch::ClearUserPref(const char* aPrefName) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::ClearUser(pref.get()); +} + +NS_IMETHODIMP +nsPrefBranch::PrefHasUserValue(const char* aPrefName, bool* aRetVal) { + NS_ENSURE_ARG_POINTER(aRetVal); + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + *aRetVal = Preferences::HasUserValue(pref.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::PrefHasDefaultValue(const char* aPrefName, bool* aRetVal) { + NS_ENSURE_ARG_POINTER(aRetVal); + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + *aRetVal = Preferences::HasDefaultValue(pref.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::LockPref(const char* aPrefName) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::Lock(pref.get()); +} + +NS_IMETHODIMP +nsPrefBranch::PrefIsLocked(const char* aPrefName, bool* aRetVal) { + NS_ENSURE_ARG_POINTER(aRetVal); + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + *aRetVal = Preferences::IsLocked(pref.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::PrefIsSanitized(const char* aPrefName, bool* aRetVal) { + NS_ENSURE_ARG_POINTER(aRetVal); + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + *aRetVal = Preferences::IsSanitized(pref.get()); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::UnlockPref(const char* aPrefName) { + NS_ENSURE_ARG(aPrefName); + + const PrefName& pref = GetPrefName(aPrefName); + return Preferences::Unlock(pref.get()); +} + +NS_IMETHODIMP +nsPrefBranch::ResetBranch(const char* aStartingAt) { + return NS_ERROR_NOT_IMPLEMENTED; +} + +NS_IMETHODIMP +nsPrefBranch::DeleteBranch(const char* aStartingAt) { + ENSURE_PARENT_PROCESS("DeleteBranch", aStartingAt); + NS_ENSURE_ARG(aStartingAt); + + MOZ_ASSERT(NS_IsMainThread()); + + if (!HashTable()) { + return NS_ERROR_NOT_INITIALIZED; + } + + const PrefName& pref = GetPrefName(aStartingAt); + nsAutoCString branchName(pref.get()); + + // Add a trailing '.' if it doesn't already have one. + if (branchName.Length() > 1 && !StringEndsWith(branchName, "."_ns)) { + branchName += '.'; + } + + const nsACString& branchNameNoDot = + Substring(branchName, 0, branchName.Length() - 1); + + for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { + // The first disjunct matches branches: e.g. a branch name "foo.bar." + // matches a name "foo.bar.baz" (but it won't match "foo.barrel.baz"). + // The second disjunct matches leaf nodes: e.g. a branch name "foo.bar." + // matches a name "foo.bar" (by ignoring the trailing '.'). + nsDependentCString name(iter.get()->Name()); + if (StringBeginsWith(name, branchName) || name.Equals(branchNameNoDot)) { + iter.remove(); + // The saved callback pref may be invalid now. + gCallbackPref = nullptr; + } + } + + Preferences::HandleDirty(); + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::GetChildList(const char* aStartingAt, + nsTArray<nsCString>& aChildArray) { + NS_ENSURE_ARG(aStartingAt); + + MOZ_ASSERT(NS_IsMainThread()); + + // This will contain a list of all the pref name strings. Allocated on the + // stack for speed. + AutoTArray<nsCString, 32> prefArray; + + const PrefName& parent = GetPrefName(aStartingAt); + size_t parentLen = parent.Length(); + for (auto& pref : PrefsIter(HashTable(), gSharedMap)) { + if (strncmp(pref->Name(), parent.get(), parentLen) == 0) { + prefArray.AppendElement(pref->NameString()); + } + } + + // Now that we've built up the list, run the callback on all the matching + // elements. + aChildArray.SetCapacity(prefArray.Length()); + for (auto& element : prefArray) { + // we need to lop off mPrefRoot in case the user is planning to pass this + // back to us because if they do we are going to add mPrefRoot again. + aChildArray.AppendElement(Substring(element, mPrefRoot.Length())); + } + + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::AddObserverImpl(const nsACString& aDomain, nsIObserver* aObserver, + bool aHoldWeak) { + UniquePtr<PrefCallback> pCallback; + + NS_ENSURE_ARG(aObserver); + + const nsCString& prefName = GetPrefName(aDomain); + + // Hold a weak reference to the observer if so requested. + if (aHoldWeak) { + nsCOMPtr<nsISupportsWeakReference> weakRefFactory = + do_QueryInterface(aObserver); + if (!weakRefFactory) { + // The caller didn't give us a object that supports weak reference... + // tell them. + return NS_ERROR_INVALID_ARG; + } + + // Construct a PrefCallback with a weak reference to the observer. + pCallback = MakeUnique<PrefCallback>(prefName, weakRefFactory, this); + + } else { + // Construct a PrefCallback with a strong reference to the observer. + pCallback = MakeUnique<PrefCallback>(prefName, aObserver, this); + } + + mObservers.WithEntryHandle(pCallback.get(), [&](auto&& p) { + if (p) { + NS_WARNING("Ignoring duplicate observer."); + } else { + // We must pass a fully qualified preference name to the callback + // aDomain == nullptr is the only possible failure, and we trapped it with + // NS_ENSURE_ARG above. + Preferences::RegisterCallback(NotifyObserver, prefName, pCallback.get(), + Preferences::PrefixMatch, + /* isPriority */ false); + + p.Insert(std::move(pCallback)); + } + }); + + return NS_OK; +} + +NS_IMETHODIMP +nsPrefBranch::RemoveObserverImpl(const nsACString& aDomain, + nsIObserver* aObserver) { + NS_ENSURE_ARG(aObserver); + + nsresult rv = NS_OK; + + // If we're in the middle of a call to FreeObserverList, don't process this + // RemoveObserver call -- the observer in question will be removed soon, if + // it hasn't been already. + // + // It's important that we don't touch mObservers in any way -- even a Get() + // which returns null might cause the hashtable to resize itself, which will + // break the iteration in FreeObserverList. + if (mFreeingObserverList) { + return NS_OK; + } + + // Remove the relevant PrefCallback from mObservers and get an owning pointer + // to it. Unregister the callback first, and then let the owning pointer go + // out of scope and destroy the callback. + const nsCString& prefName = GetPrefName(aDomain); + PrefCallback key(prefName, aObserver, this); + mozilla::UniquePtr<PrefCallback> pCallback; + mObservers.Remove(&key, &pCallback); + if (pCallback) { + rv = Preferences::UnregisterCallback( + NotifyObserver, prefName, pCallback.get(), Preferences::PrefixMatch); + } + + return rv; +} + +NS_IMETHODIMP +nsPrefBranch::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) { + // Watch for xpcom shutdown and free our observers to eliminate any cyclic + // references. + if (!nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID)) { + FreeObserverList(); + } + return NS_OK; +} + +/* static */ +void nsPrefBranch::NotifyObserver(const char* aNewPref, void* aData) { + PrefCallback* pCallback = (PrefCallback*)aData; + + nsCOMPtr<nsIObserver> observer = pCallback->GetObserver(); + if (!observer) { + // The observer has expired. Let's remove this callback. + pCallback->GetPrefBranch()->RemoveExpiredCallback(pCallback); + return; + } + + // Remove any root this string may contain so as to not confuse the observer + // by passing them something other than what they passed us as a topic. + uint32_t len = pCallback->GetPrefBranch()->GetRootLength(); + nsDependentCString suffix(aNewPref + len); + + observer->Observe(static_cast<nsIPrefBranch*>(pCallback->GetPrefBranch()), + NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, + NS_ConvertASCIItoUTF16(suffix).get()); +} + +size_t nsPrefBranch::SizeOfIncludingThis(MallocSizeOf aMallocSizeOf) const { + size_t n = aMallocSizeOf(this); + + n += mPrefRoot.SizeOfExcludingThisIfUnshared(aMallocSizeOf); + + n += mObservers.ShallowSizeOfExcludingThis(aMallocSizeOf); + for (const auto& entry : mObservers) { + const PrefCallback* data = entry.GetWeak(); + n += data->SizeOfIncludingThis(aMallocSizeOf); + } + + return n; +} + +void nsPrefBranch::FreeObserverList() { + // We need to prevent anyone from modifying mObservers while we're iterating + // over it. In particular, some clients will call RemoveObserver() when + // they're removed and destructed via the iterator; we set + // mFreeingObserverList to keep those calls from touching mObservers. + mFreeingObserverList = true; + for (auto iter = mObservers.Iter(); !iter.Done(); iter.Next()) { + auto callback = iter.UserData(); + Preferences::UnregisterCallback(nsPrefBranch::NotifyObserver, + callback->GetDomain(), callback, + Preferences::PrefixMatch); + iter.Remove(); + } + + nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); + if (observerService) { + observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID); + } + + mFreeingObserverList = false; +} + +void nsPrefBranch::RemoveExpiredCallback(PrefCallback* aCallback) { + MOZ_ASSERT(aCallback->IsExpired()); + mObservers.Remove(aCallback); +} + +nsresult nsPrefBranch::GetDefaultFromPropertiesFile(const char* aPrefName, + nsAString& aReturn) { + // The default value contains a URL to a .properties file. + + nsAutoCString propertyFileURL; + nsresult rv = Preferences::GetCString(aPrefName, propertyFileURL, + PrefValueKind::Default); + if (NS_FAILED(rv)) { + return rv; + } + + nsCOMPtr<nsIStringBundleService> bundleService = + components::StringBundle::Service(); + if (!bundleService) { + return NS_ERROR_FAILURE; + } + + nsCOMPtr<nsIStringBundle> bundle; + rv = bundleService->CreateBundle(propertyFileURL.get(), + getter_AddRefs(bundle)); + if (NS_FAILED(rv)) { + return rv; + } + + return bundle->GetStringFromName(aPrefName, aReturn); +} + +nsPrefBranch::PrefName nsPrefBranch::GetPrefName( + const nsACString& aPrefName) const { + if (mPrefRoot.IsEmpty()) { + return PrefName(PromiseFlatCString(aPrefName)); + } + + return PrefName(mPrefRoot + aPrefName); +} + +//---------------------------------------------------------------------------- +// nsPrefLocalizedString +//---------------------------------------------------------------------------- + +nsPrefLocalizedString::nsPrefLocalizedString() = default; + +nsPrefLocalizedString::~nsPrefLocalizedString() = default; + +NS_IMPL_ISUPPORTS(nsPrefLocalizedString, nsIPrefLocalizedString, + nsISupportsString) + +nsresult nsPrefLocalizedString::Init() { + nsresult rv; + mUnicodeString = do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv); + + return rv; +} + +//---------------------------------------------------------------------------- +// nsRelativeFilePref +//---------------------------------------------------------------------------- + +NS_IMPL_ISUPPORTS(nsRelativeFilePref, nsIRelativeFilePref) + +nsRelativeFilePref::nsRelativeFilePref() = default; + +nsRelativeFilePref::~nsRelativeFilePref() = default; + +NS_IMETHODIMP +nsRelativeFilePref::GetFile(nsIFile** aFile) { + NS_ENSURE_ARG_POINTER(aFile); + *aFile = mFile; + NS_IF_ADDREF(*aFile); + return NS_OK; +} + +NS_IMETHODIMP +nsRelativeFilePref::SetFile(nsIFile* aFile) { + mFile = aFile; + return NS_OK; +} + +NS_IMETHODIMP +nsRelativeFilePref::GetRelativeToKey(nsACString& aRelativeToKey) { + aRelativeToKey.Assign(mRelativeToKey); + return NS_OK; +} + +NS_IMETHODIMP +nsRelativeFilePref::SetRelativeToKey(const nsACString& aRelativeToKey) { + mRelativeToKey.Assign(aRelativeToKey); + return NS_OK; +} + +//=========================================================================== +// class Preferences and related things +//=========================================================================== + +namespace mozilla { + +#define INITIAL_PREF_FILES 10 + +void Preferences::HandleDirty() { + MOZ_ASSERT(XRE_IsParentProcess()); + + if (!HashTable() || !sPreferences) { + return; + } + + if (sPreferences->mProfileShutdown) { + NS_WARNING("Setting user pref after profile shutdown."); + return; + } + + if (!sPreferences->mDirty) { + sPreferences->mDirty = true; + + if (sPreferences->mCurrentFile && sPreferences->AllowOffMainThreadSave() && + !sPreferences->mSavePending) { + sPreferences->mSavePending = true; + static const int PREF_DELAY_MS = 500; + NS_DelayedDispatchToCurrentThread( + NewRunnableMethod("Preferences::SavePrefFileAsynchronous", + sPreferences.get(), + &Preferences::SavePrefFileAsynchronous), + PREF_DELAY_MS); + } + } +} + +static nsresult openPrefFile(nsIFile* aFile, PrefValueKind aKind); + +static nsresult parsePrefData(const nsCString& aData, PrefValueKind aKind); + +// clang-format off +static const char kPrefFileHeader[] = + "// Mozilla User Preferences" + NS_LINEBREAK + NS_LINEBREAK + "// DO NOT EDIT THIS FILE." + NS_LINEBREAK + "//" + NS_LINEBREAK + "// If you make changes to this file while the application is running," + NS_LINEBREAK + "// the changes will be overwritten when the application exits." + NS_LINEBREAK + "//" + NS_LINEBREAK + "// To change a preference value, you can either:" + NS_LINEBREAK + "// - modify it via the UI (e.g. via about:config in the browser); or" + NS_LINEBREAK + "// - set it within a user.js file in your profile." + NS_LINEBREAK + NS_LINEBREAK; +// clang-format on + +// Note: if sShutdown is true, sPreferences will be nullptr. +StaticRefPtr<Preferences> Preferences::sPreferences; +bool Preferences::sShutdown = false; + +// This globally enables or disables OMT pref writing, both sync and async. +static int32_t sAllowOMTPrefWrite = -1; + +// Write the preference data to a file. +class PreferencesWriter final { + public: + PreferencesWriter() = default; + + static nsresult Write(nsIFile* aFile, PrefSaveData& aPrefs) { + nsCOMPtr<nsIOutputStream> outStreamSink; + nsCOMPtr<nsIOutputStream> outStream; + uint32_t writeAmount; + nsresult rv; + + // Execute a "safe" save by saving through a tempfile. + rv = NS_NewSafeLocalFileOutputStream(getter_AddRefs(outStreamSink), aFile, + -1, 0600); + if (NS_FAILED(rv)) { + return rv; + } + + rv = NS_NewBufferedOutputStream(getter_AddRefs(outStream), + outStreamSink.forget(), 4096); + if (NS_FAILED(rv)) { + return rv; + } + + struct CharComparator { + bool LessThan(const nsCString& aA, const nsCString& aB) const { + return aA < aB; + } + + bool Equals(const nsCString& aA, const nsCString& aB) const { + return aA == aB; + } + }; + + // Sort the preferences to make a readable file on disk. + aPrefs.Sort(CharComparator()); + + // Write out the file header. + outStream->Write(kPrefFileHeader, sizeof(kPrefFileHeader) - 1, + &writeAmount); + + for (nsCString& pref : aPrefs) { + outStream->Write(pref.get(), pref.Length(), &writeAmount); + outStream->Write(NS_LINEBREAK, NS_LINEBREAK_LEN, &writeAmount); + } + + // Tell the safe output stream to overwrite the real prefs file. + // (It'll abort if there were any errors during writing.) + nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(outStream); + MOZ_ASSERT(safeStream, "expected a safe output stream!"); + if (safeStream) { + rv = safeStream->Finish(); + } + +#ifdef DEBUG + if (NS_FAILED(rv)) { + NS_WARNING("failed to save prefs file! possible data loss"); + } +#endif + + return rv; + } + + static void Flush() { + MOZ_DIAGNOSTIC_ASSERT(sPendingWriteCount >= 0); + // SpinEventLoopUntil is unfortunate, but ultimately it's the best thing + // we can do here given the constraint that we need to ensure that + // the preferences on disk match what we have in memory. We could + // easily perform the write here ourselves by doing exactly what + // happens in PWRunnable::Run. This would be the right thing to do + // if we're stuck here because other unrelated runnables are taking + // a long time, and the wrong thing to do if PreferencesWriter::Write + // is what takes a long time, as we would be trading a SpinEventLoopUntil + // for a synchronous disk write, wherein we could not even spin the + // event loop. Given that PWRunnable generally runs on a thread pool, + // if we're stuck here, it's likely because of PreferencesWriter::Write + // and not some other runnable. Thus, spin away. + mozilla::SpinEventLoopUntil("PreferencesWriter::Flush"_ns, + []() { return sPendingWriteCount <= 0; }); + } + + // This is the data that all of the runnables (see below) will attempt + // to write. It will always have the most up to date version, or be + // null, if the up to date information has already been written out. + static Atomic<PrefSaveData*> sPendingWriteData; + + // This is the number of writes via PWRunnables which have been dispatched + // but not yet completed. This is intended to be used by Flush to ensure + // that there are no outstanding writes left incomplete, and thus our prefs + // on disk are in sync with what we have in memory. + static Atomic<int> sPendingWriteCount; + + // See PWRunnable::Run for details on why we need this lock. + static StaticMutex sWritingToFile MOZ_UNANNOTATED; +}; + +Atomic<PrefSaveData*> PreferencesWriter::sPendingWriteData(nullptr); +Atomic<int> PreferencesWriter::sPendingWriteCount(0); +StaticMutex PreferencesWriter::sWritingToFile; + +class PWRunnable : public Runnable { + public: + explicit PWRunnable(nsIFile* aFile) : Runnable("PWRunnable"), mFile(aFile) {} + + NS_IMETHOD Run() override { + // Preference writes are handled a bit strangely, in that a "newer" + // write is generally regarded as always better. For this reason, + // sPendingWriteData can be overwritten multiple times before anyone + // gets around to actually using it, minimizing writes. However, + // once we've acquired sPendingWriteData we've reached a + // "point of no return" and have to complete the write. + // + // Unfortunately, this design allows the following behaviour: + // + // 1. write1 is queued up + // 2. thread1 acquires write1 + // 3. write2 is queued up + // 4. thread2 acquires write2 + // 5. thread1 and thread2 concurrently clobber each other + // + // To avoid this, we use this lock to ensure that only one thread + // at a time is trying to acquire the write, and when it does, + // all other threads are prevented from acquiring writes until it + // completes the write. New writes are still allowed to be queued + // up in this time. + // + // Although it's atomic, the acquire needs to be guarded by the mutex + // to avoid reordering of writes -- we don't want an older write to + // run after a newer one. To avoid this causing too much waiting, we check + // if sPendingWriteData is already null before acquiring the mutex. If it + // is, then there's definitely no work to be done (or someone is in the + // middle of doing it for us). + // + // Note that every time a new write is queued up, a new write task is + // is also queued up, so there will always be a task that can see the newest + // write. + // + // Ideally this lock wouldn't be necessary, and the PreferencesWriter + // would be used more carefully, but it's hard to untangle all that. + nsresult rv = NS_OK; + if (PreferencesWriter::sPendingWriteData) { + StaticMutexAutoLock lock(PreferencesWriter::sWritingToFile); + // If we get a nullptr on the exchange, it means that somebody + // else has already processed the request, and we can just return. + UniquePtr<PrefSaveData> prefs( + PreferencesWriter::sPendingWriteData.exchange(nullptr)); + if (prefs) { + rv = PreferencesWriter::Write(mFile, *prefs); + // Make a copy of these so we can have them in runnable lambda. + // nsIFile is only there so that we would never release the + // ref counted pointer off main thread. + nsresult rvCopy = rv; + nsCOMPtr<nsIFile> fileCopy(mFile); + SchedulerGroup::Dispatch( + TaskCategory::Other, + NS_NewRunnableFunction("Preferences::WriterRunnable", + [fileCopy, rvCopy] { + MOZ_RELEASE_ASSERT(NS_IsMainThread()); + if (NS_FAILED(rvCopy)) { + Preferences::HandleDirty(); + } + })); + } + } + // We've completed the write to the best of our abilities, whether + // we had prefs to write or another runnable got to them first. If + // PreferencesWriter::Write failed, this is still correct as the + // write is no longer outstanding, and the above HandleDirty call + // will just start the cycle again. + PreferencesWriter::sPendingWriteCount--; + return rv; + } + + protected: + nsCOMPtr<nsIFile> mFile; +}; + +// Although this is a member of Preferences, it measures sPreferences and +// several other global structures. +/* static */ +void Preferences::AddSizeOfIncludingThis(MallocSizeOf aMallocSizeOf, + PrefsSizes& aSizes) { + if (!sPreferences) { + return; + } + + aSizes.mMisc += aMallocSizeOf(sPreferences.get()); + + aSizes.mRootBranches += + static_cast<nsPrefBranch*>(sPreferences->mRootBranch.get()) + ->SizeOfIncludingThis(aMallocSizeOf) + + static_cast<nsPrefBranch*>(sPreferences->mDefaultRootBranch.get()) + ->SizeOfIncludingThis(aMallocSizeOf); +} + +class PreferenceServiceReporter final : public nsIMemoryReporter { + ~PreferenceServiceReporter() {} + + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIMEMORYREPORTER + + protected: + static const uint32_t kSuspectReferentCount = 1000; +}; + +NS_IMPL_ISUPPORTS(PreferenceServiceReporter, nsIMemoryReporter) + +MOZ_DEFINE_MALLOC_SIZE_OF(PreferenceServiceMallocSizeOf) + +NS_IMETHODIMP +PreferenceServiceReporter::CollectReports( + nsIHandleReportCallback* aHandleReport, nsISupports* aData, + bool aAnonymize) { + MOZ_ASSERT(NS_IsMainThread()); + + MallocSizeOf mallocSizeOf = PreferenceServiceMallocSizeOf; + PrefsSizes sizes; + + Preferences::AddSizeOfIncludingThis(mallocSizeOf, sizes); + + if (HashTable()) { + sizes.mHashTable += HashTable()->shallowSizeOfIncludingThis(mallocSizeOf); + for (auto iter = HashTable()->iter(); !iter.done(); iter.next()) { + iter.get()->AddSizeOfIncludingThis(mallocSizeOf, sizes); + } + } + + sizes.mPrefNameArena += PrefNameArena().SizeOfExcludingThis(mallocSizeOf); + + for (CallbackNode* node = gFirstCallback; node; node = node->Next()) { + node->AddSizeOfIncludingThis(mallocSizeOf, sizes); + } + + if (gSharedMap) { + sizes.mMisc += mallocSizeOf(gSharedMap); + } + +#ifdef ACCESS_COUNTS + if (gAccessCounts) { + sizes.mMisc += gAccessCounts->ShallowSizeOfIncludingThis(mallocSizeOf); + } +#endif + + MOZ_COLLECT_REPORT("explicit/preferences/hash-table", KIND_HEAP, UNITS_BYTES, + sizes.mHashTable, "Memory used by libpref's hash table."); + + MOZ_COLLECT_REPORT("explicit/preferences/pref-values", KIND_HEAP, UNITS_BYTES, + sizes.mPrefValues, + "Memory used by PrefValues hanging off the hash table."); + + MOZ_COLLECT_REPORT("explicit/preferences/string-values", KIND_HEAP, + UNITS_BYTES, sizes.mStringValues, + "Memory used by libpref's string pref values."); + + MOZ_COLLECT_REPORT("explicit/preferences/root-branches", KIND_HEAP, + UNITS_BYTES, sizes.mRootBranches, + "Memory used by libpref's root branches."); + + MOZ_COLLECT_REPORT("explicit/preferences/pref-name-arena", KIND_HEAP, + UNITS_BYTES, sizes.mPrefNameArena, + "Memory used by libpref's arena for pref names."); + + MOZ_COLLECT_REPORT("explicit/preferences/callbacks/objects", KIND_HEAP, + UNITS_BYTES, sizes.mCallbacksObjects, + "Memory used by pref callback objects."); + + MOZ_COLLECT_REPORT("explicit/preferences/callbacks/domains", KIND_HEAP, + UNITS_BYTES, sizes.mCallbacksDomains, + "Memory used by pref callback domains (pref names and " + "prefixes)."); + + MOZ_COLLECT_REPORT("explicit/preferences/misc", KIND_HEAP, UNITS_BYTES, + sizes.mMisc, "Miscellaneous memory used by libpref."); + + if (gSharedMap) { + if (XRE_IsParentProcess()) { + MOZ_COLLECT_REPORT("explicit/preferences/shared-memory-map", KIND_NONHEAP, + UNITS_BYTES, gSharedMap->MapSize(), + "The shared memory mapping used to share a " + "snapshot of preference values across processes."); + } + } + + nsPrefBranch* rootBranch = + static_cast<nsPrefBranch*>(Preferences::GetRootBranch()); + if (!rootBranch) { + return NS_OK; + } + + size_t numStrong = 0; + size_t numWeakAlive = 0; + size_t numWeakDead = 0; + nsTArray<nsCString> suspectPreferences; + // Count of the number of referents for each preference. + nsTHashMap<nsCStringHashKey, uint32_t> prefCounter; + + for (const auto& entry : rootBranch->mObservers) { + auto* callback = entry.GetWeak(); + + if (callback->IsWeak()) { + nsCOMPtr<nsIObserver> callbackRef = do_QueryReferent(callback->mWeakRef); + if (callbackRef) { + numWeakAlive++; + } else { + numWeakDead++; + } + } else { + numStrong++; + } + + const uint32_t currentCount = prefCounter.Get(callback->GetDomain()) + 1; + prefCounter.InsertOrUpdate(callback->GetDomain(), currentCount); + + // Keep track of preferences that have a suspiciously large number of + // referents (a symptom of a leak). + if (currentCount == kSuspectReferentCount) { + suspectPreferences.AppendElement(callback->GetDomain()); + } + } + + for (uint32_t i = 0; i < suspectPreferences.Length(); i++) { + nsCString& suspect = suspectPreferences[i]; + const uint32_t totalReferentCount = prefCounter.Get(suspect); + + nsPrintfCString suspectPath( + "preference-service-suspect/" + "referent(pref=%s)", + suspect.get()); + + aHandleReport->Callback( + /* process = */ ""_ns, suspectPath, KIND_OTHER, UNITS_COUNT, + totalReferentCount, + "A preference with a suspiciously large number " + "referents (symptom of a leak)."_ns, + aData); + } + + MOZ_COLLECT_REPORT( + "preference-service/referent/strong", KIND_OTHER, UNITS_COUNT, numStrong, + "The number of strong referents held by the preference service."); + + MOZ_COLLECT_REPORT( + "preference-service/referent/weak/alive", KIND_OTHER, UNITS_COUNT, + numWeakAlive, + "The number of weak referents held by the preference service that are " + "still alive."); + + MOZ_COLLECT_REPORT( + "preference-service/referent/weak/dead", KIND_OTHER, UNITS_COUNT, + numWeakDead, + "The number of weak referents held by the preference service that are " + "dead."); + + return NS_OK; +} + +namespace { + +class AddPreferencesMemoryReporterRunnable : public Runnable { + public: + AddPreferencesMemoryReporterRunnable() + : Runnable("AddPreferencesMemoryReporterRunnable") {} + + NS_IMETHOD Run() override { + return RegisterStrongMemoryReporter(new PreferenceServiceReporter()); + } +}; + +} // namespace + +// A list of changed prefs sent from the parent via shared memory. +static StaticAutoPtr<nsTArray<dom::Pref>> gChangedDomPrefs; + +static const char kTelemetryPref[] = "toolkit.telemetry.enabled"; +static const char kChannelPref[] = "app.update.channel"; + +#ifdef MOZ_WIDGET_ANDROID + +static Maybe<bool> TelemetryPrefValue() { + // Leave it unchanged if it's already set. + // XXX: how could it already be set? + if (Preferences::GetType(kTelemetryPref) != nsIPrefBranch::PREF_INVALID) { + return Nothing(); + } + + // Determine the correct default for toolkit.telemetry.enabled. If this + // build has MOZ_TELEMETRY_ON_BY_DEFAULT *or* we're on the beta channel, + // telemetry is on by default, otherwise not. This is necessary so that + // beta users who are testing final release builds don't flipflop defaults. +# ifdef MOZ_TELEMETRY_ON_BY_DEFAULT + return Some(true); +# else + nsAutoCString channelPrefValue; + Unused << Preferences::GetCString(kChannelPref, channelPrefValue, + PrefValueKind::Default); + return Some(channelPrefValue.EqualsLiteral("beta")); +# endif +} + +/* static */ +void Preferences::SetupTelemetryPref() { + MOZ_ASSERT(XRE_IsParentProcess()); + + Maybe<bool> telemetryPrefValue = TelemetryPrefValue(); + if (telemetryPrefValue.isSome()) { + Preferences::SetBool(kTelemetryPref, *telemetryPrefValue, + PrefValueKind::Default); + } +} + +#else // !MOZ_WIDGET_ANDROID + +static bool TelemetryPrefValue() { + // For platforms with Unified Telemetry (here meaning not-Android), + // toolkit.telemetry.enabled determines whether we send "extended" data. + // We only want extended data from pre-release channels due to size. + + constexpr auto channel = MOZ_STRINGIFY(MOZ_UPDATE_CHANNEL) ""_ns; + + // Easy cases: Nightly, Aurora, Beta. + if (channel.EqualsLiteral("nightly") || channel.EqualsLiteral("aurora") || + channel.EqualsLiteral("beta")) { + return true; + } + +# ifndef MOZILLA_OFFICIAL + // Local developer builds: non-official builds on the "default" channel. + if (channel.EqualsLiteral("default")) { + return true; + } +# endif + + // Release Candidate builds: builds that think they are release builds, but + // are shipped to beta users. + if (channel.EqualsLiteral("release")) { + nsAutoCString channelPrefValue; + Unused << Preferences::GetCString(kChannelPref, channelPrefValue, + PrefValueKind::Default); + if (channelPrefValue.EqualsLiteral("beta")) { + return true; + } + } + + return false; +} + +/* static */ +void Preferences::SetupTelemetryPref() { + MOZ_ASSERT(XRE_IsParentProcess()); + + Preferences::SetBool(kTelemetryPref, TelemetryPrefValue(), + PrefValueKind::Default); + Preferences::Lock(kTelemetryPref); +} + +static void CheckTelemetryPref() { + MOZ_ASSERT(!XRE_IsParentProcess()); + + // Make sure the children got passed the right telemetry pref details. + DebugOnly<bool> value; + MOZ_ASSERT(NS_SUCCEEDED(Preferences::GetBool(kTelemetryPref, &value)) && + value == TelemetryPrefValue()); + MOZ_ASSERT(Preferences::IsLocked(kTelemetryPref)); +} + +#endif // MOZ_WIDGET_ANDROID + +/* static */ +already_AddRefed<Preferences> Preferences::GetInstanceForService() { + if (sPreferences) { + return do_AddRef(sPreferences); + } + + if (sShutdown) { + return nullptr; + } + + sPreferences = new Preferences(); + + MOZ_ASSERT(!HashTable()); + HashTable() = new PrefsHashTable(XRE_IsParentProcess() + ? kHashTableInitialLengthParent + : kHashTableInitialLengthContent); + +#ifdef DEBUG + gOnceStaticPrefsAntiFootgun = new AntiFootgunMap(); +#endif + +#ifdef ACCESS_COUNTS + MOZ_ASSERT(!gAccessCounts); + gAccessCounts = new AccessCountsHashTable(); +#endif + + nsresult rv = InitInitialObjects(/* isStartup */ true); + if (NS_FAILED(rv)) { + sPreferences = nullptr; + return nullptr; + } + + if (!XRE_IsParentProcess()) { + MOZ_ASSERT(gChangedDomPrefs); + for (unsigned int i = 0; i < gChangedDomPrefs->Length(); i++) { + Preferences::SetPreference(gChangedDomPrefs->ElementAt(i)); + } + gChangedDomPrefs = nullptr; + +#ifndef MOZ_WIDGET_ANDROID + CheckTelemetryPref(); +#endif + + } else { + // Check if there is a deployment configuration file. If so, set up the + // pref config machinery, which will actually read the file. + nsAutoCString lockFileName; + nsresult rv = Preferences::GetCString("general.config.filename", + lockFileName, PrefValueKind::User); + if (NS_SUCCEEDED(rv)) { + NS_CreateServicesFromCategory( + "pref-config-startup", + static_cast<nsISupports*>(static_cast<void*>(sPreferences)), + "pref-config-startup"); + } + + nsCOMPtr<nsIObserverService> observerService = + services::GetObserverService(); + if (!observerService) { + sPreferences = nullptr; + return nullptr; + } + + observerService->AddObserver(sPreferences, + "profile-before-change-telemetry", true); + rv = observerService->AddObserver(sPreferences, "profile-before-change", + true); + + observerService->AddObserver(sPreferences, "suspend_process_notification", + true); + + if (NS_FAILED(rv)) { + sPreferences = nullptr; + return nullptr; + } + } + + const char* defaultPrefs = getenv("MOZ_DEFAULT_PREFS"); + if (defaultPrefs) { + parsePrefData(nsCString(defaultPrefs), PrefValueKind::Default); + } + + // Preferences::GetInstanceForService() can be called from GetService(), and + // RegisterStrongMemoryReporter calls GetService(nsIMemoryReporter). To + // avoid a potential recursive GetService() call, we can't register the + // memory reporter here; instead, do it off a runnable. + RefPtr<AddPreferencesMemoryReporterRunnable> runnable = + new AddPreferencesMemoryReporterRunnable(); + NS_DispatchToMainThread(runnable); + + return do_AddRef(sPreferences); +} + +/* static */ +bool Preferences::IsServiceAvailable() { return !!sPreferences; } + +/* static */ +bool Preferences::InitStaticMembers() { + MOZ_ASSERT(NS_IsMainThread() || ServoStyleSet::IsInServoTraversal()); + + if (MOZ_LIKELY(sPreferences)) { + return true; + } + + if (!sShutdown) { + MOZ_ASSERT(NS_IsMainThread()); + nsCOMPtr<nsIPrefService> prefService = + do_GetService(NS_PREFSERVICE_CONTRACTID); + } + + return sPreferences != nullptr; +} + +/* static */ +void Preferences::Shutdown() { + if (!sShutdown) { + sShutdown = true; // Don't create the singleton instance after here. + sPreferences = nullptr; + StaticPrefs::ShutdownAlwaysPrefs(); + } +} + +Preferences::Preferences() + : mRootBranch(new nsPrefBranch("", PrefValueKind::User)), + mDefaultRootBranch(new nsPrefBranch("", PrefValueKind::Default)) {} + +Preferences::~Preferences() { + MOZ_ASSERT(!sPreferences); + + MOZ_ASSERT(!gCallbacksInProgress); + + CallbackNode* node = gFirstCallback; + while (node) { + CallbackNode* next_node = node->Next(); + delete node; + node = next_node; + } + gLastPriorityNode = gFirstCallback = nullptr; + + delete HashTable(); + HashTable() = nullptr; + +#ifdef DEBUG + gOnceStaticPrefsAntiFootgun = nullptr; +#endif + +#ifdef ACCESS_COUNTS + gAccessCounts = nullptr; +#endif + + gSharedMap = nullptr; + + PrefNameArena().Clear(); +} + +NS_IMPL_ISUPPORTS(Preferences, nsIPrefService, nsIObserver, nsIPrefBranch, + nsISupportsWeakReference) + +/* static */ +void Preferences::SerializePreferences(nsCString& aStr, + bool aIsDestinationWebContentProcess) { + MOZ_RELEASE_ASSERT(InitStaticMembers()); + + aStr.Truncate(); + + for (auto iter = HashTable()->iter(); !iter.done(); iter.next()) { + Pref* pref = iter.get().get(); + if (!pref->IsTypeNone() && pref->HasAdvisablySizedValues()) { + pref->SerializeAndAppend(aStr, aIsDestinationWebContentProcess && + ShouldSanitizePreference(pref)); + } + } + + aStr.Append('\0'); +} + +/* static */ +void Preferences::DeserializePreferences(char* aStr, size_t aPrefsLen) { + MOZ_ASSERT(!XRE_IsParentProcess()); + + MOZ_ASSERT(!gChangedDomPrefs); + gChangedDomPrefs = new nsTArray<dom::Pref>(); + + char* p = aStr; + while (*p != '\0') { + dom::Pref pref; + p = Pref::Deserialize(p, &pref); + gChangedDomPrefs->AppendElement(pref); + } + + // We finished parsing on a '\0'. That should be the last char in the shared + // memory. (aPrefsLen includes the '\0'.) + MOZ_ASSERT(p == aStr + aPrefsLen - 1); + + MOZ_ASSERT(!gContentProcessPrefsAreInited); + gContentProcessPrefsAreInited = true; +} + +/* static */ +FileDescriptor Preferences::EnsureSnapshot(size_t* aSize) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(NS_IsMainThread()); + + if (!gSharedMap) { + SharedPrefMapBuilder builder; + + nsTArray<Pref*> toRepopulate; + NameArena* newPrefNameArena = new NameArena(); + for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { + if (!ShouldSanitizePreference(iter.get().get())) { + iter.get()->AddToMap(builder); + } else { + Pref* pref = iter.getMutable().release(); + pref->RelocateName(newPrefNameArena); + toRepopulate.AppendElement(pref); + } + } + + // Store the current value of `once`-mirrored prefs. After this point they + // will be immutable. + StaticPrefs::RegisterOncePrefs(builder); + + gSharedMap = new SharedPrefMap(std::move(builder)); + + // Once we've built a snapshot of the database, there's no need to continue + // storing dynamic copies of the preferences it contains. Once we reset the + // hashtable, preference lookups will fall back to the snapshot for any + // preferences not in the dynamic hashtable. + // + // And since the majority of the database is now contained in the snapshot, + // we can initialize the hashtable with the expected number of per-session + // changed preferences, rather than the expected total number of + // preferences. + HashTable()->clearAndCompact(); + Unused << HashTable()->reserve(kHashTableInitialLengthContent); + + delete sPrefNameArena; + sPrefNameArena = newPrefNameArena; + gCallbackPref = nullptr; + + for (uint32_t i = 0; i < toRepopulate.Length(); i++) { + auto pref = toRepopulate[i]; + auto p = HashTable()->lookupForAdd(pref->Name()); + MOZ_ASSERT(!p.found()); + Unused << HashTable()->add(p, pref); + } + } + + *aSize = gSharedMap->MapSize(); + return gSharedMap->CloneFileDescriptor(); +} + +/* static */ +void Preferences::InitSnapshot(const FileDescriptor& aHandle, size_t aSize) { + MOZ_ASSERT(!XRE_IsParentProcess()); + MOZ_ASSERT(!gSharedMap); + + gSharedMap = new SharedPrefMap(aHandle, aSize); + + StaticPrefs::InitStaticPrefsFromShared(); +} + +/* static */ +void Preferences::InitializeUserPrefs() { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_ASSERT(!sPreferences->mCurrentFile, "Should only initialize prefs once"); + + // Prefs which are set before we initialize the profile are silently + // discarded. This is stupid, but there are various tests which depend on + // this behavior. + sPreferences->ResetUserPrefs(); + + nsCOMPtr<nsIFile> prefsFile = sPreferences->ReadSavedPrefs(); + sPreferences->ReadUserOverridePrefs(); + + sPreferences->mDirty = false; + + // Don't set mCurrentFile until we're done so that dirty flags work properly. + sPreferences->mCurrentFile = std::move(prefsFile); +} + +/* static */ +void Preferences::FinishInitializingUserPrefs() { + sPreferences->NotifyServiceObservers(NS_PREFSERVICE_READ_TOPIC_ID); +} + +NS_IMETHODIMP +Preferences::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* someData) { + if (MOZ_UNLIKELY(!XRE_IsParentProcess())) { + return NS_ERROR_NOT_AVAILABLE; + } + + nsresult rv = NS_OK; + + if (!nsCRT::strcmp(aTopic, "profile-before-change")) { + // Normally prefs aren't written after this point, and so we kick off + // an asynchronous pref save so that I/O can be done in parallel with + // other shutdown. + if (AllowOffMainThreadSave()) { + SavePrefFile(nullptr); + } + + } else if (!nsCRT::strcmp(aTopic, "profile-before-change-telemetry")) { + // It's possible that a profile-before-change observer after ours + // set a pref. A blocking save here re-saves if necessary and also waits + // for any pending saves to complete. + SavePrefFileBlocking(); + MOZ_ASSERT(!mDirty, "Preferences should not be dirty"); + mProfileShutdown = true; + + } else if (!nsCRT::strcmp(aTopic, "reload-default-prefs")) { + // Reload the default prefs from file. + Unused << InitInitialObjects(/* isStartup */ false); + + } else if (!nsCRT::strcmp(aTopic, "suspend_process_notification")) { + // Our process is being suspended. The OS may wake our process later, + // or it may kill the process. In case our process is going to be killed + // from the suspended state, we save preferences before suspending. + rv = SavePrefFileBlocking(); + } + + return rv; +} + +NS_IMETHODIMP +Preferences::ReadDefaultPrefsFromFile(nsIFile* aFile) { + ENSURE_PARENT_PROCESS("Preferences::ReadDefaultPrefsFromFile", "all prefs"); + + if (!aFile) { + NS_ERROR("ReadDefaultPrefsFromFile requires a parameter"); + return NS_ERROR_INVALID_ARG; + } + + return openPrefFile(aFile, PrefValueKind::Default); +} + +NS_IMETHODIMP +Preferences::ReadUserPrefsFromFile(nsIFile* aFile) { + ENSURE_PARENT_PROCESS("Preferences::ReadUserPrefsFromFile", "all prefs"); + + if (!aFile) { + NS_ERROR("ReadUserPrefsFromFile requires a parameter"); + return NS_ERROR_INVALID_ARG; + } + + return openPrefFile(aFile, PrefValueKind::User); +} + +NS_IMETHODIMP +Preferences::ResetPrefs() { + ENSURE_PARENT_PROCESS("Preferences::ResetPrefs", "all prefs"); + + if (gSharedMap) { + return NS_ERROR_NOT_AVAILABLE; + } + + HashTable()->clearAndCompact(); + Unused << HashTable()->reserve(kHashTableInitialLengthParent); + + PrefNameArena().Clear(); + + return InitInitialObjects(/* isStartup */ false); +} + +nsresult Preferences::ResetUserPrefs() { + ENSURE_PARENT_PROCESS("Preferences::ResetUserPrefs", "all prefs"); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + MOZ_ASSERT(NS_IsMainThread()); + + Vector<const char*> prefNames; + for (auto iter = HashTable()->modIter(); !iter.done(); iter.next()) { + Pref* pref = iter.get().get(); + + if (pref->HasUserValue()) { + if (!prefNames.append(pref->Name())) { + return NS_ERROR_OUT_OF_MEMORY; + } + + pref->ClearUserValue(); + if (!pref->HasDefaultValue()) { + iter.remove(); + } + } + } + + for (const char* prefName : prefNames) { + NotifyCallbacks(nsDependentCString(prefName)); + } + + Preferences::HandleDirty(); + return NS_OK; +} + +bool Preferences::AllowOffMainThreadSave() { + // Put in a preference that allows us to disable off main thread preference + // file save. + if (sAllowOMTPrefWrite < 0) { + bool value = false; + Preferences::GetBool("preferences.allow.omt-write", &value); + sAllowOMTPrefWrite = value ? 1 : 0; + } + + return !!sAllowOMTPrefWrite; +} + +nsresult Preferences::SavePrefFileBlocking() { + if (mDirty) { + return SavePrefFileInternal(nullptr, SaveMethod::Blocking); + } + + // If we weren't dirty to start, SavePrefFileInternal will early exit so + // there is no guarantee that we don't have oustanding async saves in the + // pipe. Since the contract of SavePrefFileOnMainThread is that the file on + // disk matches the preferences, we have to make sure those requests are + // completed. + + if (AllowOffMainThreadSave()) { + PreferencesWriter::Flush(); + } + + return NS_OK; +} + +nsresult Preferences::SavePrefFileAsynchronous() { + return SavePrefFileInternal(nullptr, SaveMethod::Asynchronous); +} + +NS_IMETHODIMP +Preferences::SavePrefFile(nsIFile* aFile) { + // This is the method accessible from service API. Make it off main thread. + return SavePrefFileInternal(aFile, SaveMethod::Asynchronous); +} + +/* static */ +void Preferences::SetPreference(const dom::Pref& aDomPref) { + MOZ_ASSERT(!XRE_IsParentProcess()); + NS_ENSURE_TRUE(InitStaticMembers(), (void)0); + + const nsCString& prefName = aDomPref.name(); + + Pref* pref; + auto p = HashTable()->lookupForAdd(prefName.get()); + if (!p) { + pref = new Pref(prefName); + if (!HashTable()->add(p, pref)) { + delete pref; + return; + } + } else { + pref = p->get(); + } + + bool valueChanged = false; + pref->FromDomPref(aDomPref, &valueChanged); + + // When the parent process clears a pref's user value we get a DomPref here + // with no default value and no user value. There are two possibilities. + // + // - There was an existing pref with only a user value. FromDomPref() will + // have just cleared that user value, so the pref can be removed. + // + // - There was no existing pref. FromDomPref() will have done nothing, and + // `pref` will be valueless. We will end up adding and removing the value + // needlessly, but that's ok because this case is rare. + // + if (!pref->HasDefaultValue() && !pref->HasUserValue() && + !pref->IsSanitized()) { + // If the preference exists in the shared map, we need to keep the dynamic + // entry around to mask it. + if (gSharedMap->Has(pref->Name())) { + pref->SetType(PrefType::None); + } else { + HashTable()->remove(prefName.get()); + } + pref = nullptr; + } + + // Note: we don't have to worry about HandleDirty() because we are setting + // prefs in the content process that have come from the parent process. + + if (valueChanged) { + if (pref) { + NotifyCallbacks(prefName, PrefWrapper(pref)); + } else { + NotifyCallbacks(prefName); + } + } +} + +/* static */ +void Preferences::GetPreference(dom::Pref* aDomPref, + const GeckoProcessType aDestinationProcessType, + const nsACString& aDestinationRemoteType) { + MOZ_ASSERT(XRE_IsParentProcess()); + bool destIsWebContent = + aDestinationProcessType == GeckoProcessType_Content && + (StringBeginsWith(aDestinationRemoteType, WEB_REMOTE_TYPE) || + StringBeginsWith(aDestinationRemoteType, PREALLOC_REMOTE_TYPE) || + StringBeginsWith(aDestinationRemoteType, PRIVILEGEDMOZILLA_REMOTE_TYPE)); + + Pref* pref = pref_HashTableLookup(aDomPref->name().get()); + if (pref && pref->HasAdvisablySizedValues()) { + pref->ToDomPref(aDomPref, destIsWebContent); + } +} + +#ifdef DEBUG +bool Preferences::ArePrefsInitedInContentProcess() { + MOZ_ASSERT(!XRE_IsParentProcess()); + return gContentProcessPrefsAreInited; +} +#endif + +NS_IMETHODIMP +Preferences::GetBranch(const char* aPrefRoot, nsIPrefBranch** aRetVal) { + if ((nullptr != aPrefRoot) && (*aPrefRoot != '\0')) { + // TODO: Cache this stuff and allow consumers to share branches (hold weak + // references, I think). + RefPtr<nsPrefBranch> prefBranch = + new nsPrefBranch(aPrefRoot, PrefValueKind::User); + prefBranch.forget(aRetVal); + } else { + // Special case: caching the default root. + nsCOMPtr<nsIPrefBranch> root(sPreferences->mRootBranch); + root.forget(aRetVal); + } + + return NS_OK; +} + +NS_IMETHODIMP +Preferences::GetDefaultBranch(const char* aPrefRoot, nsIPrefBranch** aRetVal) { + if (!aPrefRoot || !aPrefRoot[0]) { + nsCOMPtr<nsIPrefBranch> root(sPreferences->mDefaultRootBranch); + root.forget(aRetVal); + return NS_OK; + } + + // TODO: Cache this stuff and allow consumers to share branches (hold weak + // references, I think). + RefPtr<nsPrefBranch> prefBranch = + new nsPrefBranch(aPrefRoot, PrefValueKind::Default); + if (!prefBranch) { + return NS_ERROR_OUT_OF_MEMORY; + } + + prefBranch.forget(aRetVal); + return NS_OK; +} + +NS_IMETHODIMP +Preferences::ReadStats(nsIPrefStatsCallback* aCallback) { +#ifdef ACCESS_COUNTS + for (const auto& entry : *gAccessCounts) { + aCallback->Visit(entry.GetKey(), entry.GetData()); + } + + return NS_OK; +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +NS_IMETHODIMP +Preferences::ResetStats() { +#ifdef ACCESS_COUNTS + gAccessCounts->Clear(); + return NS_OK; +#else + return NS_ERROR_NOT_IMPLEMENTED; +#endif +} + +// We would much prefer to use C++ lambdas, but we cannot convert +// lambdas that capture (here, the underlying observer) to C pointer +// to functions. So, here we are, with icky C callbacks. Be aware +// that nothing is thread-safe here because there's a single global +// `nsIPrefObserver` instance. Use this from the main thread only. +nsIPrefObserver* PrefObserver = nullptr; + +void HandlePref(const char* aPrefName, PrefType aType, PrefValueKind aKind, + PrefValue aValue, bool aIsSticky, bool aIsLocked) { + MOZ_ASSERT(NS_IsMainThread()); + + if (!PrefObserver) { + return; + } + + const char* kind = aKind == PrefValueKind::Default ? "Default" : "User"; + + switch (aType) { + case PrefType::String: + PrefObserver->OnStringPref(kind, aPrefName, aValue.mStringVal, aIsSticky, + aIsLocked); + break; + case PrefType::Int: + PrefObserver->OnIntPref(kind, aPrefName, aValue.mIntVal, aIsSticky, + aIsLocked); + break; + case PrefType::Bool: + PrefObserver->OnBoolPref(kind, aPrefName, aValue.mBoolVal, aIsSticky, + aIsLocked); + break; + default: + PrefObserver->OnError("Unexpected pref type."); + } +} + +void HandleError(const char* aMsg) { + MOZ_ASSERT(NS_IsMainThread()); + + if (!PrefObserver) { + return; + } + + PrefObserver->OnError(aMsg); +} + +NS_IMETHODIMP +Preferences::ParsePrefsFromBuffer(const nsTArray<uint8_t>& aBytes, + nsIPrefObserver* aObserver, + const char* aPathLabel) { + MOZ_ASSERT(NS_IsMainThread()); + + // We need a null-terminated buffer. + nsTArray<uint8_t> data = aBytes.Clone(); + data.AppendElement(0); + + // Parsing as default handles both `pref` and `user_pref`. + PrefObserver = aObserver; + prefs_parser_parse(aPathLabel ? aPathLabel : "<ParsePrefsFromBuffer data>", + PrefValueKind::Default, (const char*)data.Elements(), + data.Length() - 1, HandlePref, HandleError); + PrefObserver = nullptr; + + return NS_OK; +} + +NS_IMETHODIMP +Preferences::GetDirty(bool* aRetVal) { + *aRetVal = mDirty; + return NS_OK; +} + +nsresult Preferences::NotifyServiceObservers(const char* aTopic) { + nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); + if (!observerService) { + return NS_ERROR_FAILURE; + } + + auto subject = static_cast<nsIPrefService*>(this); + observerService->NotifyObservers(subject, aTopic, nullptr); + + return NS_OK; +} + +already_AddRefed<nsIFile> Preferences::ReadSavedPrefs() { + nsCOMPtr<nsIFile> file; + nsresult rv = + NS_GetSpecialDirectory(NS_APP_PREFS_50_FILE, getter_AddRefs(file)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return nullptr; + } + + rv = openPrefFile(file, PrefValueKind::User); + if (rv == NS_ERROR_FILE_NOT_FOUND) { + // This is a normal case for new users. + rv = NS_OK; + } else if (NS_FAILED(rv)) { + // Save a backup copy of the current (invalid) prefs file, since all prefs + // from the error line to the end of the file will be lost (bug 361102). + // TODO we should notify the user about it (bug 523725). + Telemetry::ScalarSet( + Telemetry::ScalarID::PREFERENCES_PREFS_FILE_WAS_INVALID, true); + MakeBackupPrefFile(file); + } + + return file.forget(); +} + +void Preferences::ReadUserOverridePrefs() { + nsCOMPtr<nsIFile> aFile; + nsresult rv = + NS_GetSpecialDirectory(NS_APP_PREFS_50_DIR, getter_AddRefs(aFile)); + if (NS_WARN_IF(NS_FAILED(rv))) { + return; + } + + aFile->AppendNative("user.js"_ns); + rv = openPrefFile(aFile, PrefValueKind::User); +} + +nsresult Preferences::MakeBackupPrefFile(nsIFile* aFile) { + // Example: this copies "prefs.js" to "Invalidprefs.js" in the same directory. + // "Invalidprefs.js" is removed if it exists, prior to making the copy. + nsAutoString newFilename; + nsresult rv = aFile->GetLeafName(newFilename); + NS_ENSURE_SUCCESS(rv, rv); + + newFilename.InsertLiteral(u"Invalid", 0); + nsCOMPtr<nsIFile> newFile; + rv = aFile->GetParent(getter_AddRefs(newFile)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = newFile->Append(newFilename); + NS_ENSURE_SUCCESS(rv, rv); + + bool exists = false; + newFile->Exists(&exists); + if (exists) { + rv = newFile->Remove(false); + NS_ENSURE_SUCCESS(rv, rv); + } + + rv = aFile->CopyTo(nullptr, newFilename); + NS_ENSURE_SUCCESS(rv, rv); + + return rv; +} + +nsresult Preferences::SavePrefFileInternal(nsIFile* aFile, + SaveMethod aSaveMethod) { + ENSURE_PARENT_PROCESS("Preferences::SavePrefFileInternal", "all prefs"); + + // We allow different behavior here when aFile argument is not null, but it + // happens to be the same as the current file. It is not clear that we + // should, but it does give us a "force" save on the unmodified pref file + // (see the original bug 160377 when we added this.) + + if (nullptr == aFile) { + mSavePending = false; + + // Off main thread writing only if allowed. + if (!AllowOffMainThreadSave()) { + aSaveMethod = SaveMethod::Blocking; + } + + // The mDirty flag tells us if we should write to mCurrentFile. We only + // check this flag when the caller wants to write to the default. + if (!mDirty) { + return NS_OK; + } + + // Check for profile shutdown after mDirty because the runnables from + // HandleDirty() can still be pending. + if (mProfileShutdown) { + NS_WARNING("Cannot save pref file after profile shutdown."); + return NS_ERROR_ILLEGAL_DURING_SHUTDOWN; + } + + // It's possible that we never got a prefs file. + nsresult rv = NS_OK; + if (mCurrentFile) { + rv = WritePrefFile(mCurrentFile, aSaveMethod); + } + + // If we succeeded writing to mCurrentFile, reset the dirty flag. + if (NS_SUCCEEDED(rv)) { + mDirty = false; + } + return rv; + + } else { + // We only allow off main thread writes on mCurrentFile. + return WritePrefFile(aFile, SaveMethod::Blocking); + } +} + +nsresult Preferences::WritePrefFile(nsIFile* aFile, SaveMethod aSaveMethod) { + MOZ_ASSERT(XRE_IsParentProcess()); + + if (!HashTable()) { + return NS_ERROR_NOT_INITIALIZED; + } + + AUTO_PROFILER_LABEL("Preferences::WritePrefFile", OTHER); + + if (AllowOffMainThreadSave()) { + nsresult rv = NS_OK; + UniquePtr<PrefSaveData> prefs = MakeUnique<PrefSaveData>(pref_savePrefs()); + + // Put the newly constructed preference data into sPendingWriteData + // for the next request to pick up + prefs.reset(PreferencesWriter::sPendingWriteData.exchange(prefs.release())); + if (prefs) { + // There was a previous request that hasn't been processed, + // and this is the data it had. + return rv; + } + + // There were no previous requests. Dispatch one since sPendingWriteData has + // the up to date information. + nsCOMPtr<nsIEventTarget> target = + do_GetService(NS_STREAMTRANSPORTSERVICE_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv)) { + bool async = aSaveMethod == SaveMethod::Asynchronous; + + // Increment sPendingWriteCount, even though it's redundant to track this + // in the case of a sync runnable; it just makes it easier to simply + // decrement this inside PWRunnable. We cannot use the constructor / + // destructor for increment/decrement, as on dispatch failure we might + // leak the runnable in order to not destroy it on the wrong thread, which + // would make us get stuck in an infinite SpinEventLoopUntil inside + // PreferencesWriter::Flush. Better that in future code we miss an + // increment of sPendingWriteCount and cause a simple crash due to it + // ending up negative. + PreferencesWriter::sPendingWriteCount++; + if (async) { + rv = target->Dispatch(new PWRunnable(aFile), + nsIEventTarget::DISPATCH_NORMAL); + } else { + rv = + SyncRunnable::DispatchToThread(target, new PWRunnable(aFile), true); + } + if (NS_FAILED(rv)) { + // If our dispatch failed, we should correct our bookkeeping to + // avoid shutdown hangs. + PreferencesWriter::sPendingWriteCount--; + } + return rv; + } + + // If we can't get the thread for writing, for whatever reason, do the main + // thread write after making some noise. + MOZ_ASSERT(false, "failed to get the target thread for OMT pref write"); + } + + // This will do a main thread write. It is safe to do it this way because + // AllowOffMainThreadSave() returns a consistent value for the lifetime of + // the parent process. + PrefSaveData prefsData = pref_savePrefs(); + return PreferencesWriter::Write(aFile, prefsData); +} + +static nsresult openPrefFile(nsIFile* aFile, PrefValueKind aKind) { + MOZ_ASSERT(XRE_IsParentProcess()); + + nsCString data; + MOZ_TRY_VAR(data, URLPreloader::ReadFile(aFile)); + + nsAutoString filenameUtf16; + aFile->GetLeafName(filenameUtf16); + NS_ConvertUTF16toUTF8 filename(filenameUtf16); + + nsAutoString path; + aFile->GetPath(path); + + Parser parser; + if (!parser.Parse(aKind, NS_ConvertUTF16toUTF8(path).get(), data)) { + return NS_ERROR_FILE_CORRUPTED; + } + + return NS_OK; +} + +static nsresult parsePrefData(const nsCString& aData, PrefValueKind aKind) { + const nsCString path = "$MOZ_DEFAULT_PREFS"_ns; + + Parser parser; + if (!parser.Parse(aKind, path.get(), aData)) { + return NS_ERROR_FILE_CORRUPTED; + } + + return NS_OK; +} + +static int pref_CompareFileNames(nsIFile* aFile1, nsIFile* aFile2, + void* /* unused */) { + nsAutoCString filename1, filename2; + aFile1->GetNativeLeafName(filename1); + aFile2->GetNativeLeafName(filename2); + + return Compare(filename2, filename1); +} + +// Load default pref files from a directory. The files in the directory are +// sorted reverse-alphabetically; a set of "special file names" may be +// specified which are loaded after all the others. +static nsresult pref_LoadPrefsInDir(nsIFile* aDir, + char const* const* aSpecialFiles, + uint32_t aSpecialFilesCount) { + MOZ_ASSERT(XRE_IsParentProcess()); + + nsresult rv, rv2; + + nsCOMPtr<nsIDirectoryEnumerator> dirIterator; + + // This may fail in some normal cases, such as embedders who do not use a + // GRE. + rv = aDir->GetDirectoryEntries(getter_AddRefs(dirIterator)); + if (NS_FAILED(rv)) { + // If the directory doesn't exist, then we have no reason to complain. We + // loaded everything (and nothing) successfully. + if (rv == NS_ERROR_FILE_NOT_FOUND) { + rv = NS_OK; + } + return rv; + } + + nsCOMArray<nsIFile> prefFiles(INITIAL_PREF_FILES); + nsCOMArray<nsIFile> specialFiles(aSpecialFilesCount); + nsCOMPtr<nsIFile> prefFile; + + while (NS_SUCCEEDED(dirIterator->GetNextFile(getter_AddRefs(prefFile))) && + prefFile) { + nsAutoCString leafName; + prefFile->GetNativeLeafName(leafName); + MOZ_ASSERT( + !leafName.IsEmpty(), + "Failure in default prefs: directory enumerator returned empty file?"); + + // Skip non-js files. + if (StringEndsWith(leafName, ".js"_ns, + nsCaseInsensitiveCStringComparator)) { + bool shouldParse = true; + + // Separate out special files. + for (uint32_t i = 0; i < aSpecialFilesCount; ++i) { + if (leafName.Equals(nsDependentCString(aSpecialFiles[i]))) { + shouldParse = false; + // Special files should be processed in order. We put them into the + // array by index, which can make the array sparse. + specialFiles.ReplaceObjectAt(prefFile, i); + } + } + + if (shouldParse) { + prefFiles.AppendObject(prefFile); + } + } + } + + if (prefFiles.Count() + specialFiles.Count() == 0) { + NS_WARNING("No default pref files found."); + if (NS_SUCCEEDED(rv)) { + rv = NS_SUCCESS_FILE_DIRECTORY_EMPTY; + } + return rv; + } + + prefFiles.Sort(pref_CompareFileNames, nullptr); + + uint32_t arrayCount = prefFiles.Count(); + uint32_t i; + for (i = 0; i < arrayCount; ++i) { + rv2 = openPrefFile(prefFiles[i], PrefValueKind::Default); + if (NS_FAILED(rv2)) { + NS_ERROR("Default pref file not parsed successfully."); + rv = rv2; + } + } + + arrayCount = specialFiles.Count(); + for (i = 0; i < arrayCount; ++i) { + // This may be a sparse array; test before parsing. + nsIFile* file = specialFiles[i]; + if (file) { + rv2 = openPrefFile(file, PrefValueKind::Default); + if (NS_FAILED(rv2)) { + NS_ERROR("Special default pref file not parsed successfully."); + rv = rv2; + } + } + } + + return rv; +} + +static nsresult pref_ReadPrefFromJar(nsZipArchive* aJarReader, + const char* aName) { + nsCString manifest; + MOZ_TRY_VAR(manifest, + URLPreloader::ReadZip(aJarReader, nsDependentCString(aName))); + + Parser parser; + if (!parser.Parse(PrefValueKind::Default, aName, manifest)) { + return NS_ERROR_FILE_CORRUPTED; + } + + return NS_OK; +} + +static nsresult pref_ReadDefaultPrefs(const RefPtr<nsZipArchive> jarReader, + const char* path) { + UniquePtr<nsZipFind> find; + nsTArray<nsCString> prefEntries; + const char* entryName; + uint16_t entryNameLen; + + nsresult rv = jarReader->FindInit(path, getter_Transfers(find)); + NS_ENSURE_SUCCESS(rv, rv); + + while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { + prefEntries.AppendElement(Substring(entryName, entryNameLen)); + } + + prefEntries.Sort(); + for (uint32_t i = prefEntries.Length(); i--;) { + rv = pref_ReadPrefFromJar(jarReader, prefEntries[i].get()); + if (NS_FAILED(rv)) { + NS_WARNING("Error parsing preferences."); + } + } + + return NS_OK; +} + +static nsCString PrefValueToString(const bool* b) { + return nsCString(*b ? "true" : "false"); +} +static nsCString PrefValueToString(const int* i) { + return nsPrintfCString("%d", *i); +} +static nsCString PrefValueToString(const uint32_t* u) { + return nsPrintfCString("%d", *u); +} +static nsCString PrefValueToString(const float* f) { + return nsPrintfCString("%f", *f); +} +static nsCString PrefValueToString(const nsACString* s) { + return nsCString(*s); +} +static nsCString PrefValueToString(const nsACString& s) { return nsCString(s); } + +// These preference getter wrappers allow us to look up the value for static +// preferences based on their native types, rather than manually mapping them to +// the appropriate Preferences::Get* functions. +// We define these methods in a struct which is made friend of Preferences in +// order to access private members. +struct Internals { + template <typename T> + static nsresult GetPrefValue(const char* aPrefName, T&& aResult, + PrefValueKind aKind) { + nsresult rv = NS_ERROR_UNEXPECTED; + NS_ENSURE_TRUE(Preferences::InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + if (Maybe<PrefWrapper> pref = pref_Lookup(aPrefName)) { + rv = pref->GetValue(aKind, std::forward<T>(aResult)); + + if (profiler_thread_is_being_profiled_for_markers()) { + profiler_add_marker( + "Preference Read", baseprofiler::category::OTHER_PreferenceRead, {}, + PreferenceMarker{}, + ProfilerString8View::WrapNullTerminatedString(aPrefName), + Some(aKind), pref->Type(), PrefValueToString(aResult)); + } + } + + return rv; + } + + template <typename T> + static nsresult GetSharedPrefValue(const char* aName, T* aResult) { + nsresult rv = NS_ERROR_UNEXPECTED; + + if (Maybe<PrefWrapper> pref = pref_SharedLookup(aName)) { + rv = pref->GetValue(PrefValueKind::User, aResult); + + if (profiler_thread_is_being_profiled_for_markers()) { + profiler_add_marker( + "Preference Read", baseprofiler::category::OTHER_PreferenceRead, {}, + PreferenceMarker{}, + ProfilerString8View::WrapNullTerminatedString(aName), + Nothing() /* indicates Shared */, pref->Type(), + PrefValueToString(aResult)); + } + } + + return rv; + } + + template <typename T> + static T GetPref(const char* aPrefName, T aFallback, + PrefValueKind aKind = PrefValueKind::User) { + T result = aFallback; + GetPrefValue(aPrefName, &result, aKind); + return result; + } + + template <typename T, typename V> + static void MOZ_NEVER_INLINE AssignMirror(T& aMirror, V aValue) { + aMirror = aValue; + } + + static void MOZ_NEVER_INLINE AssignMirror(DataMutexString& aMirror, + nsCString&& aValue) { + auto lock = aMirror.Lock(); + lock->Assign(std::move(aValue)); + } + + static void MOZ_NEVER_INLINE AssignMirror(DataMutexString& aMirror, + const nsLiteralCString& aValue) { + auto lock = aMirror.Lock(); + lock->Assign(aValue); + } + + static void ClearMirror(DataMutexString& aMirror) { + auto lock = aMirror.Lock(); + lock->Assign(nsCString()); + } + + template <typename T> + static void UpdateMirror(const char* aPref, void* aMirror) { + StripAtomic<T> value; + + nsresult rv = GetPrefValue(aPref, &value, PrefValueKind::User); + if (NS_SUCCEEDED(rv)) { + AssignMirror(*static_cast<T*>(aMirror), + std::forward<StripAtomic<T>>(value)); + } else { + // GetPrefValue() can fail if the update is caused by the pref being + // deleted or if it fails to make a cast. This assertion is the only place + // where we safeguard these. In this case the mirror variable will be + // untouched, thus keeping the value it had prior to the change. + // (Note that this case won't happen for a deletion via DeleteBranch() + // unless bug 343600 is fixed, but it will happen for a deletion via + // ClearUserPref().) + NS_WARNING(nsPrintfCString("Pref changed failure: %s\n", aPref).get()); + MOZ_ASSERT(false); + } + } + + template <typename T> + static nsresult RegisterCallback(void* aMirror, const nsACString& aPref) { + return Preferences::RegisterCallback(UpdateMirror<T>, aPref, aMirror, + Preferences::ExactMatch, + /* isPriority */ true); + } +}; + +// Initialize default preference JavaScript buffers from appropriate TEXT +// resources. +/* static */ +nsresult Preferences::InitInitialObjects(bool aIsStartup) { + MOZ_ASSERT(NS_IsMainThread()); + + if (!XRE_IsParentProcess()) { + MOZ_DIAGNOSTIC_ASSERT(gSharedMap); + if (aIsStartup) { + StaticPrefs::StartObservingAlwaysPrefs(); + } + return NS_OK; + } + + // Initialize static prefs before prefs from data files so that the latter + // will override the former. + StaticPrefs::InitAll(); + + // In the omni.jar case, we load the following prefs: + // - jar:$gre/omni.jar!/greprefs.js + // - jar:$gre/omni.jar!/defaults/pref/*.js + // + // In the non-omni.jar case, we load: + // - $gre/greprefs.js + // + // In both cases, we also load: + // - $gre/defaults/pref/*.js + // + // This is kept for bug 591866 (channel-prefs.js should not be in omni.jar) + // in the `$app == $gre` case; we load all files instead of channel-prefs.js + // only to have the same behaviour as `$app != $gre`, where this is required + // as a supported location for GRE preferences. + // + // When `$app != $gre`, we additionally load, in the omni.jar case: + // - jar:$app/omni.jar!/defaults/preferences/*.js + // - $app/defaults/preferences/*.js + // + // and in the non-omni.jar case: + // - $app/defaults/preferences/*.js + // + // When `$app == $gre`, we additionally load, in the omni.jar case: + // - jar:$gre/omni.jar!/defaults/preferences/*.js + // + // Thus, in the omni.jar case, we always load app-specific default + // preferences from omni.jar, whether or not `$app == $gre`. + + nsresult rv = NS_ERROR_FAILURE; + UniquePtr<nsZipFind> find; + nsTArray<nsCString> prefEntries; + const char* entryName; + uint16_t entryNameLen; + + RefPtr<nsZipArchive> jarReader = Omnijar::GetReader(Omnijar::GRE); + if (jarReader) { +#ifdef MOZ_WIDGET_ANDROID + // Try to load an architecture-specific greprefs.js first. This will be + // present in FAT AAR builds of GeckoView on Android. + const char* abi = getenv("MOZ_ANDROID_CPU_ABI"); + if (abi) { + nsAutoCString path; + path.AppendPrintf("%s/greprefs.js", abi); + rv = pref_ReadPrefFromJar(jarReader, path.get()); + } + + if (NS_FAILED(rv)) { + // Fallback to toplevel greprefs.js if arch-specific load fails. + rv = pref_ReadPrefFromJar(jarReader, "greprefs.js"); + } +#else + // Load jar:$gre/omni.jar!/greprefs.js. + rv = pref_ReadPrefFromJar(jarReader, "greprefs.js"); +#endif + NS_ENSURE_SUCCESS(rv, rv); + + // Load jar:$gre/omni.jar!/defaults/pref/*.js. + rv = pref_ReadDefaultPrefs(jarReader, "defaults/pref/*.js$"); + NS_ENSURE_SUCCESS(rv, rv); + +#ifdef MOZ_BACKGROUNDTASKS + if (BackgroundTasks::IsBackgroundTaskMode()) { + rv = pref_ReadDefaultPrefs(jarReader, "defaults/backgroundtasks/*.js$"); + NS_ENSURE_SUCCESS(rv, rv); + } +#endif + +#ifdef MOZ_WIDGET_ANDROID + // Load jar:$gre/omni.jar!/defaults/pref/$MOZ_ANDROID_CPU_ABI/*.js. + nsAutoCString path; + path.AppendPrintf("jar:$gre/omni.jar!/defaults/pref/%s/*.js$", abi); + pref_ReadDefaultPrefs(jarReader, path.get()); + NS_ENSURE_SUCCESS(rv, rv); +#endif + } else { + // Load $gre/greprefs.js. + nsCOMPtr<nsIFile> greprefsFile; + rv = NS_GetSpecialDirectory(NS_GRE_DIR, getter_AddRefs(greprefsFile)); + NS_ENSURE_SUCCESS(rv, rv); + + rv = greprefsFile->AppendNative("greprefs.js"_ns); + NS_ENSURE_SUCCESS(rv, rv); + + rv = openPrefFile(greprefsFile, PrefValueKind::Default); + if (NS_FAILED(rv)) { + NS_WARNING( + "Error parsing GRE default preferences. Is this an old-style " + "embedding app?"); + } + } + + // Load $gre/defaults/pref/*.js. + nsCOMPtr<nsIFile> defaultPrefDir; + rv = NS_GetSpecialDirectory(NS_APP_PREF_DEFAULTS_50_DIR, + getter_AddRefs(defaultPrefDir)); + NS_ENSURE_SUCCESS(rv, rv); + + // These pref file names should not be used: we process them after all other + // application pref files for backwards compatibility. + static const char* specialFiles[] = { +#if defined(XP_MACOSX) + "macprefs.js" +#elif defined(XP_WIN) + "winpref.js" +#elif defined(XP_UNIX) + "unix.js" +# if defined(_AIX) + , + "aix.js" +# endif +#endif + }; + + rv = pref_LoadPrefsInDir(defaultPrefDir, specialFiles, + ArrayLength(specialFiles)); + if (NS_FAILED(rv)) { + NS_WARNING("Error parsing application default preferences."); + } + + // Load jar:$app/omni.jar!/defaults/preferences/*.js + // or jar:$gre/omni.jar!/defaults/preferences/*.js. + RefPtr<nsZipArchive> appJarReader = Omnijar::GetReader(Omnijar::APP); + + // GetReader(Omnijar::APP) returns null when `$app == $gre`, in + // which case we look for app-specific default preferences in $gre. + if (!appJarReader) { + appJarReader = Omnijar::GetReader(Omnijar::GRE); + } + + if (appJarReader) { + rv = appJarReader->FindInit("defaults/preferences/*.js$", + getter_Transfers(find)); + NS_ENSURE_SUCCESS(rv, rv); + prefEntries.Clear(); + while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { + prefEntries.AppendElement(Substring(entryName, entryNameLen)); + } + prefEntries.Sort(); + for (uint32_t i = prefEntries.Length(); i--;) { + rv = pref_ReadPrefFromJar(appJarReader, prefEntries[i].get()); + if (NS_FAILED(rv)) { + NS_WARNING("Error parsing preferences."); + } + } + +#ifdef MOZ_BACKGROUNDTASKS + if (BackgroundTasks::IsBackgroundTaskMode()) { + rv = appJarReader->FindInit("defaults/backgroundtasks/*.js$", + getter_Transfers(find)); + NS_ENSURE_SUCCESS(rv, rv); + prefEntries.Clear(); + while (NS_SUCCEEDED(find->FindNext(&entryName, &entryNameLen))) { + prefEntries.AppendElement(Substring(entryName, entryNameLen)); + } + prefEntries.Sort(); + for (uint32_t i = prefEntries.Length(); i--;) { + rv = pref_ReadPrefFromJar(appJarReader, prefEntries[i].get()); + if (NS_FAILED(rv)) { + NS_WARNING("Error parsing preferences."); + } + } + } +#endif + } + + nsCOMPtr<nsIProperties> dirSvc( + do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv)); + NS_ENSURE_SUCCESS(rv, rv); + + nsCOMPtr<nsISimpleEnumerator> list; + dirSvc->Get(NS_APP_PREFS_DEFAULTS_DIR_LIST, NS_GET_IID(nsISimpleEnumerator), + getter_AddRefs(list)); + if (list) { + bool hasMore; + while (NS_SUCCEEDED(list->HasMoreElements(&hasMore)) && hasMore) { + nsCOMPtr<nsISupports> elem; + list->GetNext(getter_AddRefs(elem)); + if (!elem) { + continue; + } + + nsCOMPtr<nsIFile> path = do_QueryInterface(elem); + if (!path) { + continue; + } + + // Do we care if a file provided by this process fails to load? + pref_LoadPrefsInDir(path, nullptr, 0); + } + } + +#if defined(MOZ_WIDGET_GTK) + // To ensure the system-wide preferences are not overwritten by + // firefox/browser/defauts/preferences/*.js we need to load + // the /etc/firefox/defaults/pref/*.js settings as last. + // Under Flatpak, the NS_OS_SYSTEM_CONFIG_DIR points to /app/etc/firefox + nsCOMPtr<nsIFile> defaultSystemPrefDir; + rv = NS_GetSpecialDirectory(NS_OS_SYSTEM_CONFIG_DIR, + getter_AddRefs(defaultSystemPrefDir)); + NS_ENSURE_SUCCESS(rv, rv); + defaultSystemPrefDir->AppendNative("defaults"_ns); + defaultSystemPrefDir->AppendNative("pref"_ns); + + rv = pref_LoadPrefsInDir(defaultSystemPrefDir, nullptr, 0); + if (NS_FAILED(rv)) { + NS_WARNING("Error parsing application default preferences."); + } +#endif + + if (XRE_IsParentProcess()) { + SetupTelemetryPref(); + } + + if (aIsStartup) { + // Now that all prefs have their initial values, install the callbacks for + // `always`-mirrored static prefs. We do this now rather than in + // StaticPrefs::InitAll() so that the callbacks don't need to be traversed + // while we load prefs from data files. + StaticPrefs::StartObservingAlwaysPrefs(); + } + + NS_CreateServicesFromCategory(NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, nullptr, + NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID); + + nsCOMPtr<nsIObserverService> observerService = services::GetObserverService(); + if (NS_WARN_IF(!observerService)) { + return NS_ERROR_FAILURE; + } + + observerService->NotifyObservers(nullptr, NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID, + nullptr); + + return NS_OK; +} + +/* static */ +nsresult Preferences::GetBool(const char* aPrefName, bool* aResult, + PrefValueKind aKind) { + MOZ_ASSERT(aResult); + return Internals::GetPrefValue(aPrefName, aResult, aKind); +} + +/* static */ +nsresult Preferences::GetInt(const char* aPrefName, int32_t* aResult, + PrefValueKind aKind) { + MOZ_ASSERT(aResult); + return Internals::GetPrefValue(aPrefName, aResult, aKind); +} + +/* static */ +nsresult Preferences::GetFloat(const char* aPrefName, float* aResult, + PrefValueKind aKind) { + MOZ_ASSERT(aResult); + return Internals::GetPrefValue(aPrefName, aResult, aKind); +} + +/* static */ +nsresult Preferences::GetCString(const char* aPrefName, nsACString& aResult, + PrefValueKind aKind) { + aResult.SetIsVoid(true); + return Internals::GetPrefValue(aPrefName, aResult, aKind); +} + +/* static */ +nsresult Preferences::GetString(const char* aPrefName, nsAString& aResult, + PrefValueKind aKind) { + nsAutoCString result; + nsresult rv = Preferences::GetCString(aPrefName, result, aKind); + if (NS_SUCCEEDED(rv)) { + CopyUTF8toUTF16(result, aResult); + } + return rv; +} + +/* static */ +nsresult Preferences::GetLocalizedCString(const char* aPrefName, + nsACString& aResult, + PrefValueKind aKind) { + nsAutoString result; + nsresult rv = GetLocalizedString(aPrefName, result, aKind); + if (NS_SUCCEEDED(rv)) { + CopyUTF16toUTF8(result, aResult); + } + return rv; +} + +/* static */ +nsresult Preferences::GetLocalizedString(const char* aPrefName, + nsAString& aResult, + PrefValueKind aKind) { + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + nsCOMPtr<nsIPrefLocalizedString> prefLocalString; + nsresult rv = GetRootBranch(aKind)->GetComplexValue( + aPrefName, NS_GET_IID(nsIPrefLocalizedString), + getter_AddRefs(prefLocalString)); + if (NS_SUCCEEDED(rv)) { + MOZ_ASSERT(prefLocalString, "Succeeded but the result is NULL"); + prefLocalString->GetData(aResult); + } + return rv; +} + +/* static */ +nsresult Preferences::GetComplex(const char* aPrefName, const nsIID& aType, + void** aResult, PrefValueKind aKind) { + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + return GetRootBranch(aKind)->GetComplexValue(aPrefName, aType, aResult); +} + +/* static */ +bool Preferences::GetBool(const char* aPrefName, bool aFallback, + PrefValueKind aKind) { + return Internals::GetPref(aPrefName, aFallback, aKind); +} + +/* static */ +int32_t Preferences::GetInt(const char* aPrefName, int32_t aFallback, + PrefValueKind aKind) { + return Internals::GetPref(aPrefName, aFallback, aKind); +} + +/* static */ +uint32_t Preferences::GetUint(const char* aPrefName, uint32_t aFallback, + PrefValueKind aKind) { + return Internals::GetPref(aPrefName, aFallback, aKind); +} + +/* static */ +float Preferences::GetFloat(const char* aPrefName, float aFallback, + PrefValueKind aKind) { + return Internals::GetPref(aPrefName, aFallback, aKind); +} + +/* static */ +nsresult Preferences::SetCString(const char* aPrefName, + const nsACString& aValue, + PrefValueKind aKind) { + ENSURE_PARENT_PROCESS("SetCString", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + if (aValue.Length() > MAX_PREF_LENGTH) { + return NS_ERROR_ILLEGAL_VALUE; + } + + // It's ok to stash a pointer to the temporary PromiseFlatCString's chars in + // pref because pref_SetPref() duplicates those chars. + PrefValue prefValue; + const nsCString& flat = PromiseFlatCString(aValue); + prefValue.mStringVal = flat.get(); + return pref_SetPref(nsDependentCString(aPrefName), PrefType::String, aKind, + prefValue, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ false); +} + +/* static */ +nsresult Preferences::SetBool(const char* aPrefName, bool aValue, + PrefValueKind aKind) { + ENSURE_PARENT_PROCESS("SetBool", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + PrefValue prefValue; + prefValue.mBoolVal = aValue; + return pref_SetPref(nsDependentCString(aPrefName), PrefType::Bool, aKind, + prefValue, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ false); +} + +/* static */ +nsresult Preferences::SetInt(const char* aPrefName, int32_t aValue, + PrefValueKind aKind) { + ENSURE_PARENT_PROCESS("SetInt", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + PrefValue prefValue; + prefValue.mIntVal = aValue; + return pref_SetPref(nsDependentCString(aPrefName), PrefType::Int, aKind, + prefValue, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ false); +} + +/* static */ +nsresult Preferences::SetComplex(const char* aPrefName, const nsIID& aType, + nsISupports* aValue, PrefValueKind aKind) { + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + return GetRootBranch(aKind)->SetComplexValue(aPrefName, aType, aValue); +} + +/* static */ +nsresult Preferences::Lock(const char* aPrefName) { + ENSURE_PARENT_PROCESS("Lock", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + const auto& prefName = nsDependentCString(aPrefName); + + Pref* pref; + MOZ_TRY_VAR(pref, + pref_LookupForModify(prefName, [](const PrefWrapper& aPref) { + return !aPref.IsLocked(); + })); + + if (pref) { + pref->SetIsLocked(true); + NotifyCallbacks(prefName, PrefWrapper(pref)); + } + + return NS_OK; +} + +/* static */ +nsresult Preferences::Unlock(const char* aPrefName) { + ENSURE_PARENT_PROCESS("Unlock", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + const auto& prefName = nsDependentCString(aPrefName); + + Pref* pref; + MOZ_TRY_VAR(pref, + pref_LookupForModify(prefName, [](const PrefWrapper& aPref) { + return aPref.IsLocked(); + })); + + if (pref) { + pref->SetIsLocked(false); + NotifyCallbacks(prefName, PrefWrapper(pref)); + } + + return NS_OK; +} + +/* static */ +bool Preferences::IsLocked(const char* aPrefName) { + NS_ENSURE_TRUE(InitStaticMembers(), false); + + Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); + return pref.isSome() && pref->IsLocked(); +} + +/* static */ +bool Preferences::IsSanitized(const char* aPrefName) { + NS_ENSURE_TRUE(InitStaticMembers(), false); + + Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); + return pref.isSome() && pref->IsSanitized(); +} + +/* static */ +nsresult Preferences::ClearUser(const char* aPrefName) { + ENSURE_PARENT_PROCESS("ClearUser", aPrefName); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + const auto& prefName = nsDependentCString{aPrefName}; + auto result = pref_LookupForModify( + prefName, [](const PrefWrapper& aPref) { return aPref.HasUserValue(); }); + if (result.isErr()) { + return NS_OK; + } + + if (Pref* pref = result.unwrap()) { + pref->ClearUserValue(); + + if (!pref->HasDefaultValue()) { + MOZ_ASSERT( + !gSharedMap || !pref->IsSanitized() || !gSharedMap->Has(pref->Name()), + "A sanitized pref should never be in the shared pref map."); + if (!pref->IsSanitized() && + (!gSharedMap || !gSharedMap->Has(pref->Name()))) { + HashTable()->remove(aPrefName); + } else { + pref->SetType(PrefType::None); + } + + NotifyCallbacks(prefName); + } else { + NotifyCallbacks(prefName, PrefWrapper(pref)); + } + + Preferences::HandleDirty(); + } + return NS_OK; +} + +/* static */ +bool Preferences::HasUserValue(const char* aPrefName) { + NS_ENSURE_TRUE(InitStaticMembers(), false); + + Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); + return pref.isSome() && pref->HasUserValue(); +} + +/* static */ +bool Preferences::HasDefaultValue(const char* aPrefName) { + NS_ENSURE_TRUE(InitStaticMembers(), false); + + Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); + return pref.isSome() && pref->HasDefaultValue(); +} + +/* static */ +int32_t Preferences::GetType(const char* aPrefName) { + NS_ENSURE_TRUE(InitStaticMembers(), nsIPrefBranch::PREF_INVALID); + + if (!HashTable()) { + return PREF_INVALID; + } + + Maybe<PrefWrapper> pref = pref_Lookup(aPrefName); + if (!pref.isSome()) { + return PREF_INVALID; + } + + switch (pref->Type()) { + case PrefType::String: + return PREF_STRING; + + case PrefType::Int: + return PREF_INT; + + case PrefType::Bool: + return PREF_BOOL; + + case PrefType::None: + if (IsPreferenceSanitized(aPrefName)) { + if (!sPrefTelemetryEventEnabled.exchange(true)) { + sPrefTelemetryEventEnabled = true; + Telemetry::SetEventRecordingEnabled("security"_ns, true); + } + + Telemetry::RecordEvent( + Telemetry::EventID::Security_Prefusage_Contentprocess, + mozilla::Some(aPrefName), mozilla::Nothing()); + + if (sCrashOnBlocklistedPref) { + MOZ_CRASH_UNSAFE_PRINTF( + "Should not access the preference '%s' in the Content Processes", + aPrefName); + } else { + return PREF_INVALID; + } + } + [[fallthrough]]; + + default: + MOZ_CRASH(); + } +} + +/* static */ +nsresult Preferences::AddStrongObserver(nsIObserver* aObserver, + const nsACString& aPref) { + MOZ_ASSERT(aObserver); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + return sPreferences->mRootBranch->AddObserver(aPref, aObserver, false); +} + +/* static */ +nsresult Preferences::AddWeakObserver(nsIObserver* aObserver, + const nsACString& aPref) { + MOZ_ASSERT(aObserver); + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + return sPreferences->mRootBranch->AddObserver(aPref, aObserver, true); +} + +/* static */ +nsresult Preferences::RemoveObserver(nsIObserver* aObserver, + const nsACString& aPref) { + MOZ_ASSERT(aObserver); + if (sShutdown) { + MOZ_ASSERT(!sPreferences); + return NS_OK; // Observers have been released automatically. + } + NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); + return sPreferences->mRootBranch->RemoveObserver(aPref, aObserver); +} + +template <typename T> +static void AssertNotMallocAllocated(T* aPtr) { +#if defined(DEBUG) && defined(MOZ_MEMORY) + jemalloc_ptr_info_t info; + jemalloc_ptr_info((void*)aPtr, &info); + MOZ_ASSERT(info.tag == TagUnknown); +#endif +} + +/* static */ +nsresult Preferences::AddStrongObservers(nsIObserver* aObserver, + const char** aPrefs) { + MOZ_ASSERT(aObserver); + for (uint32_t i = 0; aPrefs[i]; i++) { + AssertNotMallocAllocated(aPrefs[i]); + + nsCString pref; + pref.AssignLiteral(aPrefs[i], strlen(aPrefs[i])); + nsresult rv = AddStrongObserver(aObserver, pref); + NS_ENSURE_SUCCESS(rv, rv); + } + return NS_OK; +} + +/* static */ +nsresult Preferences::AddWeakObservers(nsIObserver* aObserver, + const char** aPrefs) { + MOZ_ASSERT(aObserver); + for (uint32_t i = 0; aPrefs[i]; i++) { + AssertNotMallocAllocated(aPrefs[i]); + + nsCString pref; + pref.AssignLiteral(aPrefs[i], strlen(aPrefs[i])); + nsresult rv = AddWeakObserver(aObserver, pref); + NS_ENSURE_SUCCESS(rv, rv); + } + return NS_OK; +} + +/* static */ +nsresult Preferences::RemoveObservers(nsIObserver* aObserver, + const char** aPrefs) { + MOZ_ASSERT(aObserver); + if (sShutdown) { + MOZ_ASSERT(!sPreferences); + return NS_OK; // Observers have been released automatically. + } + NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); + + for (uint32_t i = 0; aPrefs[i]; i++) { + nsresult rv = RemoveObserver(aObserver, nsDependentCString(aPrefs[i])); + NS_ENSURE_SUCCESS(rv, rv); + } + return NS_OK; +} + +template <typename T> +/* static */ +nsresult Preferences::RegisterCallbackImpl(PrefChangedFunc aCallback, + T& aPrefNode, void* aData, + MatchKind aMatchKind, + bool aIsPriority) { + NS_ENSURE_ARG(aCallback); + + NS_ENSURE_TRUE(InitStaticMembers(), NS_ERROR_NOT_AVAILABLE); + + auto node = new CallbackNode(aPrefNode, aCallback, aData, aMatchKind); + + if (aIsPriority) { + // Add to the start of the list. + node->SetNext(gFirstCallback); + gFirstCallback = node; + if (!gLastPriorityNode) { + gLastPriorityNode = node; + } + } else { + // Add to the start of the non-priority part of the list. + if (gLastPriorityNode) { + node->SetNext(gLastPriorityNode->Next()); + gLastPriorityNode->SetNext(node); + } else { + node->SetNext(gFirstCallback); + gFirstCallback = node; + } + } + + return NS_OK; +} + +/* static */ +nsresult Preferences::RegisterCallback(PrefChangedFunc aCallback, + const nsACString& aPrefNode, void* aData, + MatchKind aMatchKind, bool aIsPriority) { + return RegisterCallbackImpl(aCallback, aPrefNode, aData, aMatchKind, + aIsPriority); +} + +/* static */ +nsresult Preferences::RegisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, void* aData, + MatchKind aMatchKind) { + return RegisterCallbackImpl(aCallback, aPrefs, aData, aMatchKind); +} + +/* static */ +nsresult Preferences::RegisterCallbackAndCall(PrefChangedFunc aCallback, + const nsACString& aPref, + void* aClosure, + MatchKind aMatchKind) { + MOZ_ASSERT(aCallback); + nsresult rv = RegisterCallback(aCallback, aPref, aClosure, aMatchKind); + if (NS_SUCCEEDED(rv)) { + (*aCallback)(PromiseFlatCString(aPref).get(), aClosure); + } + return rv; +} + +/* static */ +nsresult Preferences::RegisterCallbacksAndCall(PrefChangedFunc aCallback, + const char** aPrefs, + void* aClosure) { + MOZ_ASSERT(aCallback); + + nsresult rv = + RegisterCallbacks(aCallback, aPrefs, aClosure, MatchKind::ExactMatch); + if (NS_SUCCEEDED(rv)) { + for (const char** ptr = aPrefs; *ptr; ptr++) { + (*aCallback)(*ptr, aClosure); + } + } + return rv; +} + +template <typename T> +/* static */ +nsresult Preferences::UnregisterCallbackImpl(PrefChangedFunc aCallback, + T& aPrefNode, void* aData, + MatchKind aMatchKind) { + MOZ_ASSERT(aCallback); + if (sShutdown) { + MOZ_ASSERT(!sPreferences); + return NS_OK; // Observers have been released automatically. + } + NS_ENSURE_TRUE(sPreferences, NS_ERROR_NOT_AVAILABLE); + + nsresult rv = NS_ERROR_FAILURE; + CallbackNode* node = gFirstCallback; + CallbackNode* prev_node = nullptr; + + while (node) { + if (node->Func() == aCallback && node->Data() == aData && + node->MatchKind() == aMatchKind && node->DomainIs(aPrefNode)) { + if (gCallbacksInProgress) { + // Postpone the node removal until after callbacks enumeration is + // finished. + node->ClearFunc(); + gShouldCleanupDeadNodes = true; + prev_node = node; + node = node->Next(); + } else { + node = pref_RemoveCallbackNode(node, prev_node); + } + rv = NS_OK; + } else { + prev_node = node; + node = node->Next(); + } + } + return rv; +} + +/* static */ +nsresult Preferences::UnregisterCallback(PrefChangedFunc aCallback, + const nsACString& aPrefNode, + void* aData, MatchKind aMatchKind) { + return UnregisterCallbackImpl<const nsACString&>(aCallback, aPrefNode, aData, + aMatchKind); +} + +/* static */ +nsresult Preferences::UnregisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, void* aData, + MatchKind aMatchKind) { + return UnregisterCallbackImpl(aCallback, aPrefs, aData, aMatchKind); +} + +template <typename T> +static void AddMirrorCallback(T* aMirror, const nsACString& aPref) { + MOZ_ASSERT(NS_IsMainThread()); + + Internals::RegisterCallback<T>(aMirror, aPref); +} + +// Don't inline because it explodes compile times. +template <typename T> +static MOZ_NEVER_INLINE void AddMirror(T* aMirror, const nsACString& aPref, + StripAtomic<T> aDefault) { + *aMirror = Internals::GetPref(PromiseFlatCString(aPref).get(), aDefault); + AddMirrorCallback(aMirror, aPref); +} + +static MOZ_NEVER_INLINE void AddMirror(DataMutexString& aMirror, + const nsACString& aPref) { + auto lock = aMirror.Lock(); + nsCString result(*lock); + Internals::GetPrefValue(PromiseFlatCString(aPref).get(), result, + PrefValueKind::User); + lock->Assign(std::move(result)); + AddMirrorCallback(&aMirror, aPref); +} + +// The InitPref_*() functions below end in a `_<type>` suffix because they are +// used by the PREF macro definition in InitAll() below. + +static void InitPref_bool(const nsCString& aName, bool aDefaultValue) { + MOZ_ASSERT(XRE_IsParentProcess()); + PrefValue value; + value.mBoolVal = aDefaultValue; + pref_SetPref(aName, PrefType::Bool, PrefValueKind::Default, value, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ true); +} + +static void InitPref_int32_t(const nsCString& aName, int32_t aDefaultValue) { + MOZ_ASSERT(XRE_IsParentProcess()); + PrefValue value; + value.mIntVal = aDefaultValue; + pref_SetPref(aName, PrefType::Int, PrefValueKind::Default, value, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ true); +} + +static void InitPref_uint32_t(const nsCString& aName, uint32_t aDefaultValue) { + InitPref_int32_t(aName, int32_t(aDefaultValue)); +} + +static void InitPref_float(const nsCString& aName, float aDefaultValue) { + MOZ_ASSERT(XRE_IsParentProcess()); + PrefValue value; + // Convert the value in a locale-independent way, including a trailing ".0" + // if necessary to distinguish floating-point from integer prefs when viewing + // them in about:config. + nsAutoCString defaultValue; + defaultValue.AppendFloat(aDefaultValue); + if (!defaultValue.Contains('.') && !defaultValue.Contains('e')) { + defaultValue.AppendLiteral(".0"); + } + value.mStringVal = defaultValue.get(); + pref_SetPref(aName, PrefType::String, PrefValueKind::Default, value, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ true); +} + +static void InitPref_String(const nsCString& aName, const char* aDefaultValue) { + MOZ_ASSERT(XRE_IsParentProcess()); + PrefValue value; + value.mStringVal = aDefaultValue; + pref_SetPref(aName, PrefType::String, PrefValueKind::Default, value, + /* isSticky */ false, + /* isLocked */ false, + /* fromInit */ true); +} + +static void InitPref(const nsCString& aName, bool aDefaultValue) { + InitPref_bool(aName, aDefaultValue); +} +static void InitPref(const nsCString& aName, int32_t aDefaultValue) { + InitPref_int32_t(aName, aDefaultValue); +} +static void InitPref(const nsCString& aName, uint32_t aDefaultValue) { + InitPref_uint32_t(aName, aDefaultValue); +} +static void InitPref(const nsCString& aName, float aDefaultValue) { + InitPref_float(aName, aDefaultValue); +} + +template <typename T> +static void InitAlwaysPref(const nsCString& aName, T* aCache, + StripAtomic<T> aDefaultValue) { + // Only called in the parent process. Set/reset the pref value and the + // `always` mirror to the default value. + // `once` mirrors will be initialized lazily in InitOncePrefs(). + InitPref(aName, aDefaultValue); + *aCache = aDefaultValue; +} + +static void InitAlwaysPref(const nsCString& aName, DataMutexString& aCache, + const nsLiteralCString& aDefaultValue) { + // Only called in the parent process. Set/reset the pref value and the + // `always` mirror to the default value. + // `once` mirrors will be initialized lazily in InitOncePrefs(). + InitPref_String(aName, aDefaultValue.get()); + Internals::AssignMirror(aCache, aDefaultValue); +} + +static Atomic<bool> sOncePrefRead(false); +static StaticMutex sOncePrefMutex MOZ_UNANNOTATED; + +namespace StaticPrefs { + +void MaybeInitOncePrefs() { + if (MOZ_LIKELY(sOncePrefRead)) { + // `once`-mirrored prefs have already been initialized to their default + // value. + return; + } + StaticMutexAutoLock lock(sOncePrefMutex); + if (NS_IsMainThread()) { + InitOncePrefs(); + } else { + RefPtr<Runnable> runnable = NS_NewRunnableFunction( + "Preferences::MaybeInitOncePrefs", [&]() { InitOncePrefs(); }); + // This logic needs to run on the main thread + SyncRunnable::DispatchToThread(GetMainThreadSerialEventTarget(), runnable); + } + sOncePrefRead = true; +} + +// For mirrored prefs we generate a variable definition. +#define NEVER_PREF(name, cpp_type, value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, default_value) \ + cpp_type sMirror_##full_id(default_value); +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, default_value) \ + cpp_type sMirror_##full_id("DataMutexString"); +#define ONCE_PREF(name, base_id, full_id, cpp_type, default_value) \ + cpp_type sMirror_##full_id(default_value); +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF + +static void InitAll() { + MOZ_ASSERT(NS_IsMainThread()); + MOZ_ASSERT(XRE_IsParentProcess()); + + // For all prefs we generate some initialization code. + // + // The InitPref_*() functions have a type suffix to avoid ambiguity between + // prefs having int32_t and float default values. That suffix is not needed + // for the InitAlwaysPref() functions because they take a pointer parameter, + // which prevents automatic int-to-float coercion. +#define NEVER_PREF(name, cpp_type, value) \ + InitPref_##cpp_type(name ""_ns, value); +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) \ + InitAlwaysPref(name ""_ns, &sMirror_##full_id, value); +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ + InitAlwaysPref(name ""_ns, sMirror_##full_id, value); +#define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ + InitPref_##cpp_type(name ""_ns, value); +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF +} + +static void StartObservingAlwaysPrefs() { + MOZ_ASSERT(NS_IsMainThread()); + + // Call AddMirror so that our mirrors for `always` prefs will stay updated. + // The call to AddMirror re-reads the current pref value into the mirror, so + // our mirror will now be up-to-date even if some of the prefs have changed + // since the call to InitAll(). +#define NEVER_PREF(name, cpp_type, value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) \ + AddMirror(&sMirror_##full_id, name ""_ns, sMirror_##full_id); +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ + AddMirror(sMirror_##full_id, name ""_ns); +#define ONCE_PREF(name, base_id, full_id, cpp_type, value) +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF +} + +static void InitOncePrefs() { + // For `once`-mirrored prefs we generate some initialization code. This is + // done in case the pref value was updated when reading pref data files. It's + // necessary because we don't have callbacks registered for `once`-mirrored + // prefs. + // + // In debug builds, we also install a mechanism that can check if the + // preference value is modified after `once`-mirrored prefs are initialized. + // In tests this would indicate a likely misuse of a `once`-mirrored pref and + // suggest that it should instead be `always`-mirrored. +#define NEVER_PREF(name, cpp_type, value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) +#ifdef DEBUG +# define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ + { \ + MOZ_ASSERT(gOnceStaticPrefsAntiFootgun); \ + sMirror_##full_id = Internals::GetPref(name, cpp_type(value)); \ + auto checkPref = [&]() { \ + MOZ_ASSERT(sOncePrefRead); \ + cpp_type staticPrefValue = full_id(); \ + cpp_type preferenceValue = \ + Internals::GetPref(GetPrefName_##base_id(), cpp_type(value)); \ + MOZ_ASSERT(staticPrefValue == preferenceValue, \ + "Preference '" name \ + "' got modified since StaticPrefs::" #full_id \ + " was initialized. Consider using an `always` mirror kind " \ + "instead"); \ + }; \ + gOnceStaticPrefsAntiFootgun->insert( \ + std::pair<const char*, AntiFootgunCallback>(GetPrefName_##base_id(), \ + std::move(checkPref))); \ + } +#else +# define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ + sMirror_##full_id = Internals::GetPref(name, cpp_type(value)); +#endif + +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF +} + +static void ShutdownAlwaysPrefs() { + MOZ_ASSERT(NS_IsMainThread()); + + // We may need to do clean up for leak detection for some StaticPrefs. +#define NEVER_PREF(name, cpp_type, value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) \ + Internals::ClearMirror(sMirror_##full_id); +#define ONCE_PREF(name, base_id, full_id, cpp_type, value) +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF +} + +} // namespace StaticPrefs + +static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( + SharedPrefMapBuilder& aBuilder, const nsACString& aName, bool aValue) { + auto oncePref = MakeUnique<Pref>(aName); + oncePref->SetType(PrefType::Bool); + oncePref->SetIsSkippedByIteration(true); + bool valueChanged = false; + MOZ_ALWAYS_SUCCEEDS( + oncePref->SetDefaultValue(PrefType::Bool, PrefValue(aValue), + /* isSticky */ true, + /* isLocked */ true, &valueChanged)); + oncePref->AddToMap(aBuilder); +} + +static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( + SharedPrefMapBuilder& aBuilder, const nsACString& aName, int32_t aValue) { + auto oncePref = MakeUnique<Pref>(aName); + oncePref->SetType(PrefType::Int); + oncePref->SetIsSkippedByIteration(true); + bool valueChanged = false; + MOZ_ALWAYS_SUCCEEDS( + oncePref->SetDefaultValue(PrefType::Int, PrefValue(aValue), + /* isSticky */ true, + /* isLocked */ true, &valueChanged)); + oncePref->AddToMap(aBuilder); +} + +static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( + SharedPrefMapBuilder& aBuilder, const nsACString& aName, uint32_t aValue) { + SaveOncePrefToSharedMap(aBuilder, aName, int32_t(aValue)); +} + +static MOZ_MAYBE_UNUSED void SaveOncePrefToSharedMap( + SharedPrefMapBuilder& aBuilder, const nsACString& aName, float aValue) { + auto oncePref = MakeUnique<Pref>(aName); + oncePref->SetType(PrefType::String); + oncePref->SetIsSkippedByIteration(true); + nsAutoCString value; + value.AppendFloat(aValue); + bool valueChanged = false; + // It's ok to stash a pointer to the temporary PromiseFlatCString's chars in + // pref because pref_SetPref() duplicates those chars. + const nsCString& flat = PromiseFlatCString(value); + MOZ_ALWAYS_SUCCEEDS( + oncePref->SetDefaultValue(PrefType::String, PrefValue(flat.get()), + /* isSticky */ true, + /* isLocked */ true, &valueChanged)); + oncePref->AddToMap(aBuilder); +} + +#define ONCE_PREF_NAME(name) "$$$" name "$$$" + +namespace StaticPrefs { + +static void RegisterOncePrefs(SharedPrefMapBuilder& aBuilder) { + MOZ_ASSERT(XRE_IsParentProcess()); + MOZ_DIAGNOSTIC_ASSERT(!gSharedMap, + "Must be called before gSharedMap has been created"); + MaybeInitOncePrefs(); + + // For `once`-mirrored prefs we generate a save call, which saves the value + // as it was at parent startup. It is stored in a special (hidden and locked) + // entry in the global SharedPreferenceMap. In order for the entry to be + // hidden and not appear in about:config nor ever be stored to disk, we set + // its IsSkippedByIteration flag to true. We also distinguish it by adding a + // "$$$" prefix and suffix to the preference name. +#define NEVER_PREF(name, cpp_type, value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, value) +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, value) +#define ONCE_PREF(name, base_id, full_id, cpp_type, value) \ + SaveOncePrefToSharedMap(aBuilder, ONCE_PREF_NAME(name) ""_ns, \ + cpp_type(sMirror_##full_id)); +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF +} + +// Disable thread safety analysis on this function, because it explodes build +// times and memory usage. +MOZ_NO_THREAD_SAFETY_ANALYSIS +static void InitStaticPrefsFromShared() { + MOZ_ASSERT(!XRE_IsParentProcess()); + MOZ_DIAGNOSTIC_ASSERT(gSharedMap, + "Must be called once gSharedMap has been created"); + + // For mirrored static prefs we generate some initialization code. Each + // mirror variable is already initialized in the binary with the default + // value. If the pref value hasn't changed from the default in the main + // process (the common case) then the overwriting here won't change the + // mirror variable's value. + // + // Note that the MOZ_ASSERT calls below can fail in one obscure case: when a + // Firefox update occurs and we get a main process from the old binary (with + // static prefs {A,B,C,D}) plus a new content process from the new binary + // (with static prefs {A,B,C,D,E}). The content process' call to + // GetSharedPrefValue() for pref E will fail because the shared pref map was + // created by the main process, which doesn't have pref E. + // + // This silent failure is safe. The mirror variable for pref E is already + // initialized to the default value in the content process, and the main + // process cannot have changed pref E because it doesn't know about it! + // + // Nonetheless, it's useful to have the MOZ_ASSERT here for testing of debug + // builds, where this scenario involving inconsistent binaries should not + // occur. +#define NEVER_PREF(name, cpp_type, default_value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, default_value) \ + { \ + StripAtomic<cpp_type> val; \ + if (IsString<cpp_type>::value && IsPreferenceSanitized(name)) { \ + if (!sPrefTelemetryEventEnabled.exchange(true)) { \ + sPrefTelemetryEventEnabled = true; \ + Telemetry::SetEventRecordingEnabled("security"_ns, true); \ + } \ + Telemetry::RecordEvent( \ + Telemetry::EventID::Security_Prefusage_Contentprocess, \ + mozilla::Some(name##_ns), mozilla::Nothing()); \ + MOZ_DIAGNOSTIC_ASSERT(!sCrashOnBlocklistedPref, \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + DebugOnly<nsresult> rv = Internals::GetSharedPrefValue(name, &val); \ + MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ + StaticPrefs::sMirror_##full_id = val; \ + } +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, default_value) \ + { \ + StripAtomic<cpp_type> val; \ + if (IsString<cpp_type>::value && IsPreferenceSanitized(name)) { \ + if (!sPrefTelemetryEventEnabled.exchange(true)) { \ + sPrefTelemetryEventEnabled = true; \ + Telemetry::SetEventRecordingEnabled("security"_ns, true); \ + } \ + Telemetry::RecordEvent( \ + Telemetry::EventID::Security_Prefusage_Contentprocess, \ + mozilla::Some(name##_ns), mozilla::Nothing()); \ + MOZ_DIAGNOSTIC_ASSERT(!sCrashOnBlocklistedPref, \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + DebugOnly<nsresult> rv = Internals::GetSharedPrefValue(name, &val); \ + MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ + Internals::AssignMirror(StaticPrefs::sMirror_##full_id, \ + std::forward<StripAtomic<cpp_type>>(val)); \ + } +#define ONCE_PREF(name, base_id, full_id, cpp_type, default_value) \ + { \ + cpp_type val; \ + if (IsString<cpp_type>::value && IsPreferenceSanitized(name)) { \ + if (!sPrefTelemetryEventEnabled.exchange(true)) { \ + sPrefTelemetryEventEnabled = true; \ + Telemetry::SetEventRecordingEnabled("security"_ns, true); \ + } \ + Telemetry::RecordEvent( \ + Telemetry::EventID::Security_Prefusage_Contentprocess, \ + mozilla::Some(name##_ns), mozilla::Nothing()); \ + MOZ_DIAGNOSTIC_ASSERT(!sCrashOnBlocklistedPref, \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + DebugOnly<nsresult> rv = \ + Internals::GetSharedPrefValue(ONCE_PREF_NAME(name), &val); \ + MOZ_ASSERT(NS_SUCCEEDED(rv), "Failed accessing " name); \ + StaticPrefs::sMirror_##full_id = val; \ + } +#include "mozilla/StaticPrefListAll.h" +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF + + // `once`-mirrored prefs have been set to their value in the step above and + // outside the parent process they are immutable. We set sOncePrefRead so + // that we can directly skip any lazy initializations. + sOncePrefRead = true; +} + +} // namespace StaticPrefs + +} // namespace mozilla + +#undef ENSURE_PARENT_PROCESS + +//=========================================================================== +// Module and factory stuff +//=========================================================================== + +NS_IMPL_COMPONENT_FACTORY(nsPrefLocalizedString) { + auto str = MakeRefPtr<nsPrefLocalizedString>(); + if (NS_SUCCEEDED(str->Init())) { + return str.forget().downcast<nsISupports>(); + } + return nullptr; +} + +namespace mozilla { + +void UnloadPrefsModule() { Preferences::Shutdown(); } + +} // namespace mozilla + +// Preference Sanitization Related Code --------------------------------------- + +#define PREF_LIST_ENTRY(s) \ + { s, (sizeof(s) / sizeof(char)) - 1 } +struct PrefListEntry { + const char* mPrefBranch; + size_t mLen; +}; + +// A preference is 'sanitized' (i.e. not sent to web content processes) if +// one of two criteria are met: +// 1. The pref name matches one of the prefixes in the following list +// 2. The pref is dynamically named (i.e. not specified in all.js or +// StaticPrefList.yml), a string pref, and it is NOT exempted in +// sDynamicPrefOverrideList +// +// This behavior is codified in ShouldSanitizePreference() below +static const PrefListEntry sRestrictFromWebContentProcesses[] = { + // Remove prefs with user data + PREF_LIST_ENTRY("datareporting.policy."), + PREF_LIST_ENTRY("browser.download.lastDir"), + PREF_LIST_ENTRY("browser.newtabpage.pinned"), + PREF_LIST_ENTRY("browser.uiCustomization.state"), + PREF_LIST_ENTRY("browser.urlbar"), + PREF_LIST_ENTRY("devtools.debugger.pending-selected-location"), + PREF_LIST_ENTRY("identity.fxaccounts.account.device.name"), + PREF_LIST_ENTRY("identity.fxaccounts.account.telemetry.sanitized_uid"), + PREF_LIST_ENTRY("identity.fxaccounts.lastSignedInUserHash"), + PREF_LIST_ENTRY("print_printer"), + PREF_LIST_ENTRY("services."), + + // Remove UUIDs + PREF_LIST_ENTRY("app.normandy.user_id"), + PREF_LIST_ENTRY("browser.newtabpage.activity-stream.impressionId"), + PREF_LIST_ENTRY("browser.pageActions.persistedActions"), + PREF_LIST_ENTRY("browser.startup.lastColdStartupCheck"), + PREF_LIST_ENTRY("dom.push.userAgentID"), + PREF_LIST_ENTRY("extensions.webextensions.uuids"), + PREF_LIST_ENTRY("privacy.userContext.extension"), + PREF_LIST_ENTRY("toolkit.telemetry.cachedClientID"), + + // Remove IDs that could be used to correlate across origins + PREF_LIST_ENTRY("app.update.lastUpdateTime."), + PREF_LIST_ENTRY( + "browser.contentblocking.cfr-milestone.milestone-shown-time"), + PREF_LIST_ENTRY("browser.contextual-services.contextId"), + PREF_LIST_ENTRY("browser.laterrun.bookkeeping.profileCreationTime"), + PREF_LIST_ENTRY("browser.newtabpage.activity-stream.discoverystream."), + PREF_LIST_ENTRY("browser.sessionstore.upgradeBackup.latestBuildID"), + PREF_LIST_ENTRY("browser.shell.mostRecentDateSetAsDefault"), + PREF_LIST_ENTRY("idle.lastDailyNotification"), + PREF_LIST_ENTRY("media.gmp-gmpopenh264.lastUpdate"), + PREF_LIST_ENTRY("media.gmp-manager.lastCheck"), + PREF_LIST_ENTRY("places.database.lastMaintenance"), + PREF_LIST_ENTRY("privacy.purge_trackers.last_purge"), + PREF_LIST_ENTRY("storage.vacuum.last.places.sqlite"), + PREF_LIST_ENTRY("toolkit.startup.last_success"), + + // Remove fingerprintable things + PREF_LIST_ENTRY("browser.startup.homepage_override.buildID"), + PREF_LIST_ENTRY("extensions.lastAppBuildId"), + PREF_LIST_ENTRY("media.gmp-manager.buildID"), + PREF_LIST_ENTRY("toolkit.telemetry.previousBuildID"), +}; + +// These prefs are dynamically-named (i.e. not specified in prefs.js or +// StaticPrefList) and would normally by blocklisted but we allow them through +// anyway, so this override list acts as an allowlist +static const PrefListEntry sDynamicPrefOverrideList[]{ + PREF_LIST_ENTRY("app.update.channel"), + PREF_LIST_ENTRY("apz.subtest"), + PREF_LIST_ENTRY("autoadmin.global_config_url"), // Bug 1780575 + PREF_LIST_ENTRY("browser.contentblocking.category"), + PREF_LIST_ENTRY("browser.dom.window.dump.file"), + PREF_LIST_ENTRY("browser.search.region"), + PREF_LIST_ENTRY( + "browser.tabs.remote.testOnly.failPBrowserCreation.browsingContext"), + PREF_LIST_ENTRY("browser.translation.bing.authURL"), + PREF_LIST_ENTRY("browser.translation.bing.clientIdOverride"), + PREF_LIST_ENTRY("browser.translation.bing.translateArrayURL"), + PREF_LIST_ENTRY("browser.translation.bing.apiKeyOverride"), + PREF_LIST_ENTRY("browser.translation.yandex.apiKeyOverride"), + PREF_LIST_ENTRY("browser.translation.yandex.translateURLOverride"), + PREF_LIST_ENTRY("browser.uitour.testingOrigins"), + PREF_LIST_ENTRY("browser.urlbar.loglevel"), + PREF_LIST_ENTRY("browser.urlbar.opencompanionsearch.enabled"), + PREF_LIST_ENTRY("capability.policy"), + PREF_LIST_ENTRY("dom.securecontext.allowlist"), + PREF_LIST_ENTRY("extensions.foobaz"), + PREF_LIST_ENTRY( + "extensions.formautofill.creditCards.heuristics.testConfidence"), + PREF_LIST_ENTRY("general.appname.override"), + PREF_LIST_ENTRY("general.appversion.override"), + PREF_LIST_ENTRY("general.buildID.override"), + PREF_LIST_ENTRY("general.oscpu.override"), + PREF_LIST_ENTRY("general.useragent.override"), + PREF_LIST_ENTRY("general.platform.override"), + PREF_LIST_ENTRY("gfx.blacklist."), + PREF_LIST_ENTRY("font.system.whitelist"), + PREF_LIST_ENTRY("font.name."), + PREF_LIST_ENTRY("intl.date_time.pattern_override."), + PREF_LIST_ENTRY("intl.hyphenation-alias."), + PREF_LIST_ENTRY("logging.config.LOG_FILE"), + PREF_LIST_ENTRY("media.audio_loopback_dev"), + PREF_LIST_ENTRY("media.decoder-doctor."), + PREF_LIST_ENTRY("media.cubeb.output_device"), + PREF_LIST_ENTRY("media.getusermedia.fake-camera-name"), + PREF_LIST_ENTRY("media.hls.server.url"), + PREF_LIST_ENTRY("media.peerconnection.nat_simulator.filtering_type"), + PREF_LIST_ENTRY("media.peerconnection.nat_simulator.mapping_type"), + PREF_LIST_ENTRY("media.peerconnection.nat_simulator.redirect_address"), + PREF_LIST_ENTRY("media.peerconnection.nat_simulator.redirect_targets"), + PREF_LIST_ENTRY("media.video_loopback_dev"), + PREF_LIST_ENTRY("media.webspeech.service.endpoint"), + PREF_LIST_ENTRY("network.gio.supported-protocols"), + PREF_LIST_ENTRY("network.protocol-handler.external."), + PREF_LIST_ENTRY("network.security.ports.banned"), + PREF_LIST_ENTRY("nimbus.syncdatastore."), + PREF_LIST_ENTRY("pdfjs."), + PREF_LIST_ENTRY("print.printer_"), + PREF_LIST_ENTRY("print_printer"), + PREF_LIST_ENTRY("places.interactions.customBlocklist"), + PREF_LIST_ENTRY("remote.log.level"), + PREF_LIST_ENTRY( + "services.settings.preview_enabled"), // This is really a boolean + // dynamic pref, but one Nightly + // user has it set as a string... + PREF_LIST_ENTRY("spellchecker.dictionary"), + PREF_LIST_ENTRY("test.char"), + PREF_LIST_ENTRY("Test.IPC."), + PREF_LIST_ENTRY("exists.thenDoesNot"), + PREF_LIST_ENTRY("type.String."), + PREF_LIST_ENTRY("toolkit.mozprotocol.url"), + PREF_LIST_ENTRY("toolkit.telemetry.log.level"), + PREF_LIST_ENTRY("ui."), +}; + +#undef PREF_LIST_ENTRY + +static bool ShouldSanitizePreference(const Pref* const aPref) { + // In the parent process, we use a heuristic to decide if a pref + // value should be sanitized before sending to subprocesses. + MOZ_DIAGNOSTIC_ASSERT(XRE_IsParentProcess()); + + const char* prefName = aPref->Name(); + + // If a pref starts with this magic string, it is a Once-Initialized pref + // from Static Prefs. It should* not be in the above list and while it looks + // like a dnyamically named pref, it is not. + // * nothing enforces this + if (strncmp(prefName, "$$$", 3) == 0) { + return false; + } + + // First check against the denylist. + // The services pref is an annoying one - it's much easier to blocklist + // the whole branch and then add this one check to let this one annoying + // pref through. + for (const auto& entry : sRestrictFromWebContentProcesses) { + if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { + const auto* p = prefName; // This avoids clang-format doing ugly things. + return !(strncmp("services.settings.clock_skew_seconds", p, 36) == 0 || + strncmp("services.settings.last_update_seconds", p, 37) == 0 || + strncmp("services.settings.server", p, 24) == 0); + } + } + + // Then check if it's a dynamically named string preference and not + // in the override list + if (aPref->Type() == PrefType::String && !aPref->HasDefaultValue()) { + for (const auto& entry : sDynamicPrefOverrideList) { + if (strncmp(entry.mPrefBranch, prefName, entry.mLen) == 0) { + return false; + } + } + return true; + } + + return false; +} + +// Forward Declaration - it's not defined in the .h, because we don't need to; +// it's only used here. +template <class T> +static bool IsPreferenceSanitized_Impl(const T& aPref); + +static bool IsPreferenceSanitized(const Pref* const aPref) { + return IsPreferenceSanitized_Impl(*aPref); +} + +static bool IsPreferenceSanitized(const PrefWrapper& aPref) { + return IsPreferenceSanitized_Impl(aPref); +} + +template <class T> +static bool IsPreferenceSanitized_Impl(const T& aPref) { + if (aPref.IsSanitized()) { + MOZ_DIAGNOSTIC_ASSERT(!XRE_IsParentProcess()); + MOZ_DIAGNOSTIC_ASSERT(XRE_IsContentProcess()); + return true; + } + return false; +} + +namespace mozilla { + +// This is the only Check Sanitization function exposed outside of +// Preferences.cpp, because this is the only one ever called from +// outside this file. +bool IsPreferenceSanitized(const char* aPrefName) { + // Perform this comparison (see notes above) early to avoid a lookup + // if we can avoid it. + if (strncmp(aPrefName, "$$$", 3) == 0) { + return false; + } + + if (!gContentProcessPrefsAreInited) { + return false; + } + + if (Maybe<PrefWrapper> pref = pref_Lookup(aPrefName)) { + if (pref.isNothing()) { + return true; + } + return IsPreferenceSanitized(pref.value()); + } + + return true; +} + +Atomic<bool, Relaxed> sOmitBlocklistedPrefValues(false); +Atomic<bool, Relaxed> sCrashOnBlocklistedPref(false); + +void OnFissionBlocklistPrefChange(const char* aPref, void* aData) { + if (strcmp(aPref, kFissionEnforceBlockList) == 0) { + sCrashOnBlocklistedPref = + StaticPrefs::fission_enforceBlocklistedPrefsInSubprocesses(); + } else if (strcmp(aPref, kFissionOmitBlockListValues) == 0) { + sOmitBlocklistedPrefValues = + StaticPrefs::fission_omitBlocklistedPrefsInSubprocesses(); + } else { + MOZ_CRASH("Unknown pref passed to callback"); + } +} + +} // namespace mozilla + +// This file contains the C wrappers for the C++ static pref getters, as used +// by Rust code. +#include "init/StaticPrefsCGetters.cpp" diff --git a/modules/libpref/Preferences.h b/modules/libpref/Preferences.h new file mode 100644 index 0000000000..7540755422 --- /dev/null +++ b/modules/libpref/Preferences.h @@ -0,0 +1,551 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Documentation for libpref is in modules/libpref/docs/index.rst. + +#ifndef mozilla_Preferences_h +#define mozilla_Preferences_h + +#ifndef MOZILLA_INTERNAL_API +# error "This header is only usable from within libxul (MOZILLA_INTERNAL_API)." +#endif + +#include "mozilla/Atomics.h" +#include "mozilla/MemoryReporting.h" +#include "mozilla/StaticPtr.h" +#include "nsCOMPtr.h" +#include "nsIObserver.h" +#include "nsIPrefBranch.h" +#include "nsIPrefService.h" +#include "nsString.h" +#include "nsTArray.h" +#include "nsWeakReference.h" +#include "nsXULAppAPI.h" +#include <atomic> +#include <functional> + +class nsIFile; + +// The callback function will get passed the pref name which triggered the call +// and the void* data which was passed to the registered callback function. +typedef void (*PrefChangedFunc)(const char* aPref, void* aData); + +class nsPrefBranch; + +namespace mozilla { + +struct RegisterCallbacksInternal; + +void UnloadPrefsModule(); + +class PreferenceServiceReporter; + +namespace dom { +class Pref; +class PrefValue; +} // namespace dom + +namespace ipc { +class FileDescriptor; +} // namespace ipc + +struct PrefsSizes; + +// Xlib.h defines Bool as a macro constant. Don't try to define this enum if +// it's already been included. +#ifndef Bool + +// Keep this in sync with PrefType in parser/src/lib.rs. +enum class PrefType : uint8_t { + None = 0, // only used when neither the default nor user value is set + String = 1, + Int = 2, + Bool = 3, +}; + +#endif + +#ifdef XP_UNIX +// We need to send two shared memory descriptors to every child process: +// +// 1) A read-only/write-protected snapshot of the initial state of the +// preference database. This memory is shared between all processes, and +// therefore cannot be modified once it has been created. +// +// 2) A set of changes on top of the snapshot, containing the current values of +// all preferences which have changed since it was created. +// +// Since the second set will be different for every process, and the first set +// cannot be modified, it is unfortunately not possible to combine them into a +// single file descriptor. +// +// XXX: bug 1440207 is about improving how fixed fds such as this are used. +static const int kPrefsFileDescriptor = 8; +static const int kPrefMapFileDescriptor = 9; +#endif + +// Keep this in sync with PrefType in parser/src/lib.rs. +enum class PrefValueKind : uint8_t { Default, User }; + +class Preferences final : public nsIPrefService, + public nsIObserver, + public nsIPrefBranch, + public nsSupportsWeakReference { + friend class ::nsPrefBranch; + + public: + NS_DECL_THREADSAFE_ISUPPORTS + NS_DECL_NSIPREFSERVICE + NS_FORWARD_NSIPREFBRANCH(mRootBranch->) + NS_DECL_NSIOBSERVER + + Preferences(); + + // Returns true if the Preferences service is available, false otherwise. + static bool IsServiceAvailable(); + + // Initialize user prefs from prefs.js/user.js + static void InitializeUserPrefs(); + static void FinishInitializingUserPrefs(); + + // Returns the singleton instance which is addreffed. + static already_AddRefed<Preferences> GetInstanceForService(); + + // Finallizes global members. + static void Shutdown(); + + // Returns shared pref service instance NOTE: not addreffed. + static nsIPrefService* GetService() { + NS_ENSURE_TRUE(InitStaticMembers(), nullptr); + return sPreferences; + } + + // Returns shared pref branch instance. NOTE: not addreffed. + static nsIPrefBranch* GetRootBranch( + PrefValueKind aKind = PrefValueKind::User) { + NS_ENSURE_TRUE(InitStaticMembers(), nullptr); + return (aKind == PrefValueKind::Default) ? sPreferences->mDefaultRootBranch + : sPreferences->mRootBranch; + } + + // Gets the type of the pref. + static int32_t GetType(const char* aPrefName); + + // Fallible value getters. When `aKind` is `User` they will get the user + // value if possible, and fall back to the default value otherwise. + static nsresult GetBool(const char* aPrefName, bool* aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetInt(const char* aPrefName, int32_t* aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetUint(const char* aPrefName, uint32_t* aResult, + PrefValueKind aKind = PrefValueKind::User) { + return GetInt(aPrefName, reinterpret_cast<int32_t*>(aResult), aKind); + } + static nsresult GetFloat(const char* aPrefName, float* aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetCString(const char* aPrefName, nsACString& aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetString(const char* aPrefName, nsAString& aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetLocalizedCString( + const char* aPrefName, nsACString& aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetLocalizedString(const char* aPrefName, nsAString& aResult, + PrefValueKind aKind = PrefValueKind::User); + static nsresult GetComplex(const char* aPrefName, const nsIID& aType, + void** aResult, + PrefValueKind aKind = PrefValueKind::User); + + // Infallible getters of user or default values, with fallback results on + // failure. When `aKind` is `User` they will get the user value if possible, + // and fall back to the default value otherwise. + static bool GetBool(const char* aPrefName, bool aFallback = false, + PrefValueKind aKind = PrefValueKind::User); + static int32_t GetInt(const char* aPrefName, int32_t aFallback = 0, + PrefValueKind aKind = PrefValueKind::User); + static uint32_t GetUint(const char* aPrefName, uint32_t aFallback = 0, + PrefValueKind aKind = PrefValueKind::User); + static float GetFloat(const char* aPrefName, float aFallback = 0.0f, + PrefValueKind aKind = PrefValueKind::User); + + // Value setters. These fail if run outside the parent process. + + static nsresult SetBool(const char* aPrefName, bool aValue, + PrefValueKind aKind = PrefValueKind::User); + static nsresult SetInt(const char* aPrefName, int32_t aValue, + PrefValueKind aKind = PrefValueKind::User); + static nsresult SetCString(const char* aPrefName, const nsACString& aValue, + PrefValueKind aKind = PrefValueKind::User); + + static nsresult SetUint(const char* aPrefName, uint32_t aValue, + PrefValueKind aKind = PrefValueKind::User) { + return SetInt(aPrefName, static_cast<int32_t>(aValue), aKind); + } + + static nsresult SetFloat(const char* aPrefName, float aValue, + PrefValueKind aKind = PrefValueKind::User) { + nsAutoCString value; + value.AppendFloat(aValue); + return SetCString(aPrefName, value, aKind); + } + + static nsresult SetCString(const char* aPrefName, const char* aValue, + PrefValueKind aKind = PrefValueKind::User) { + return Preferences::SetCString(aPrefName, nsDependentCString(aValue), + aKind); + } + + static nsresult SetString(const char* aPrefName, const char16ptr_t aValue, + PrefValueKind aKind = PrefValueKind::User) { + return Preferences::SetCString(aPrefName, NS_ConvertUTF16toUTF8(aValue), + aKind); + } + + static nsresult SetString(const char* aPrefName, const nsAString& aValue, + PrefValueKind aKind = PrefValueKind::User) { + return Preferences::SetCString(aPrefName, NS_ConvertUTF16toUTF8(aValue), + aKind); + } + + static nsresult SetComplex(const char* aPrefName, const nsIID& aType, + nsISupports* aValue, + PrefValueKind aKind = PrefValueKind::User); + + static nsresult Lock(const char* aPrefName); + static nsresult Unlock(const char* aPrefName); + static bool IsLocked(const char* aPrefName); + static bool IsSanitized(const char* aPrefName); + + // Clears user set pref. Fails if run outside the parent process. + static nsresult ClearUser(const char* aPrefName); + + // Whether the pref has a user value or not. + static bool HasUserValue(const char* aPref); + + // Whether the pref has a user value or not. + static bool HasDefaultValue(const char* aPref); + + // Adds/Removes the observer for the root pref branch. See nsIPrefBranch.idl + // for details. + static nsresult AddStrongObserver(nsIObserver* aObserver, + const nsACString& aPref); + static nsresult AddWeakObserver(nsIObserver* aObserver, + const nsACString& aPref); + static nsresult RemoveObserver(nsIObserver* aObserver, + const nsACString& aPref); + + template <int N> + static nsresult AddStrongObserver(nsIObserver* aObserver, + const char (&aPref)[N]) { + return AddStrongObserver(aObserver, nsLiteralCString(aPref)); + } + template <int N> + static nsresult AddWeakObserver(nsIObserver* aObserver, + const char (&aPref)[N]) { + return AddWeakObserver(aObserver, nsLiteralCString(aPref)); + } + template <int N> + static nsresult RemoveObserver(nsIObserver* aObserver, + const char (&aPref)[N]) { + return RemoveObserver(aObserver, nsLiteralCString(aPref)); + } + + // Adds/Removes two or more observers for the root pref branch. Pass to + // aPrefs an array of const char* whose last item is nullptr. + // Note: All preference strings *must* be statically-allocated string + // literals. + static nsresult AddStrongObservers(nsIObserver* aObserver, + const char** aPrefs); + static nsresult AddWeakObservers(nsIObserver* aObserver, const char** aPrefs); + static nsresult RemoveObservers(nsIObserver* aObserver, const char** aPrefs); + + // Registers/Unregisters the callback function for the aPref. + template <typename T = void> + static nsresult RegisterCallback(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return RegisterCallback(aCallback, aPref, aClosure, ExactMatch); + } + + template <typename T = void> + static nsresult UnregisterCallback(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return UnregisterCallback(aCallback, aPref, aClosure, ExactMatch); + } + + // Like RegisterCallback, but also calls the callback immediately for + // initialization. + template <typename T = void> + static nsresult RegisterCallbackAndCall(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return RegisterCallbackAndCall(aCallback, aPref, aClosure, ExactMatch); + } + + // Like RegisterCallback, but registers a callback for a prefix of multiple + // pref names, not a single pref name. + template <typename T = void> + static nsresult RegisterPrefixCallback(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return RegisterCallback(aCallback, aPref, aClosure, PrefixMatch); + } + + // Like RegisterPrefixCallback, but also calls the callback immediately for + // initialization. + template <typename T = void> + static nsresult RegisterPrefixCallbackAndCall(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return RegisterCallbackAndCall(aCallback, aPref, aClosure, PrefixMatch); + } + + // Unregister a callback registered with RegisterPrefixCallback or + // RegisterPrefixCallbackAndCall. + template <typename T = void> + static nsresult UnregisterPrefixCallback(PrefChangedFunc aCallback, + const nsACString& aPref, + T* aClosure = nullptr) { + return UnregisterCallback(aCallback, aPref, aClosure, PrefixMatch); + } + + // Variants of the above which register a single callback to handle multiple + // preferences. + // + // The array of preference names must be null terminated. It may be + // dynamically allocated, but the caller is responsible for keeping it alive + // until the callback is unregistered. + // + // Also note that the exact same aPrefs pointer must be passed to the + // Unregister call as was passed to the Register call. + template <typename T = void> + static nsresult RegisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, + T* aClosure = nullptr) { + return RegisterCallbacks(aCallback, aPrefs, aClosure, ExactMatch); + } + static nsresult RegisterCallbacksAndCall(PrefChangedFunc aCallback, + const char** aPrefs, + void* aClosure = nullptr); + template <typename T = void> + static nsresult UnregisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, + T* aClosure = nullptr) { + return UnregisterCallbacks(aCallback, aPrefs, aClosure, ExactMatch); + } + template <typename T = void> + static nsresult RegisterPrefixCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, + T* aClosure = nullptr) { + return RegisterCallbacks(aCallback, aPrefs, aClosure, PrefixMatch); + } + template <typename T = void> + static nsresult UnregisterPrefixCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, + T* aClosure = nullptr) { + return UnregisterCallbacks(aCallback, aPrefs, aClosure, PrefixMatch); + } + + template <int N, typename T = void> + static nsresult RegisterCallback(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return RegisterCallback(aCallback, nsLiteralCString(aPref), aClosure, + ExactMatch); + } + + template <int N, typename T = void> + static nsresult UnregisterCallback(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return UnregisterCallback(aCallback, nsLiteralCString(aPref), aClosure, + ExactMatch); + } + + template <int N, typename T = void> + static nsresult RegisterCallbackAndCall(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return RegisterCallbackAndCall(aCallback, nsLiteralCString(aPref), aClosure, + ExactMatch); + } + + template <int N, typename T = void> + static nsresult RegisterPrefixCallback(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return RegisterCallback(aCallback, nsLiteralCString(aPref), aClosure, + PrefixMatch); + } + + template <int N, typename T = void> + static nsresult RegisterPrefixCallbackAndCall(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return RegisterCallbackAndCall(aCallback, nsLiteralCString(aPref), aClosure, + PrefixMatch); + } + + template <int N, typename T = void> + static nsresult UnregisterPrefixCallback(PrefChangedFunc aCallback, + const char (&aPref)[N], + T* aClosure = nullptr) { + return UnregisterCallback(aCallback, nsLiteralCString(aPref), aClosure, + PrefixMatch); + } + + // When a content process is created these methods are used to pass changed + // prefs in bulk from the parent process, via shared memory. + static void SerializePreferences(nsCString& aStr, + bool aIsDestinationWebContentProcess); + static void DeserializePreferences(char* aStr, size_t aPrefsLen); + + static mozilla::ipc::FileDescriptor EnsureSnapshot(size_t* aSize); + static void InitSnapshot(const mozilla::ipc::FileDescriptor&, size_t aSize); + + // When a single pref is changed in the parent process, these methods are + // used to pass the update to content processes. + static void GetPreference(dom::Pref* aPref, + const GeckoProcessType aDestinationProcessType, + const nsACString& aDestinationRemoteType); + static void SetPreference(const dom::Pref& aPref); + +#ifdef DEBUG + static bool ArePrefsInitedInContentProcess(); +#endif + + static void AddSizeOfIncludingThis(mozilla::MallocSizeOf aMallocSizeOf, + PrefsSizes& aSizes); + + static void HandleDirty(); + + // Explicitly choosing synchronous or asynchronous (if allowed) preferences + // file write. Only for the default file. The guarantee for the "blocking" + // is that when it returns, the file on disk reflect the current state of + // preferences. + nsresult SavePrefFileBlocking(); + nsresult SavePrefFileAsynchronous(); + + // If this is false, only blocking writes, on main thread are allowed. + bool AllowOffMainThreadSave(); + + private: + virtual ~Preferences(); + + nsresult NotifyServiceObservers(const char* aSubject); + + // Loads the prefs.js file from the profile, or creates a new one. Returns + // the prefs file if successful, or nullptr on failure. + already_AddRefed<nsIFile> ReadSavedPrefs(); + + // Loads the user.js file from the profile if present. + void ReadUserOverridePrefs(); + + nsresult MakeBackupPrefFile(nsIFile* aFile); + + // Default pref file save can be blocking or not. + enum class SaveMethod { Blocking, Asynchronous }; + + // Off main thread is only respected for the default aFile value (nullptr). + nsresult SavePrefFileInternal(nsIFile* aFile, SaveMethod aSaveMethod); + nsresult WritePrefFile(nsIFile* aFile, SaveMethod aSaveMethod); + + nsresult ResetUserPrefs(); + + // Helpers for implementing + // Register(Prefix)Callback/Unregister(Prefix)Callback. + public: + // Public so the ValueObserver classes can use it. + enum MatchKind { + PrefixMatch, + ExactMatch, + }; + + private: + static void SetupTelemetryPref(); + static nsresult InitInitialObjects(bool aIsStartup); + + friend struct Internals; + + static nsresult RegisterCallback(PrefChangedFunc aCallback, + const nsACString& aPref, void* aClosure, + MatchKind aMatchKind, + bool aIsPriority = false); + static nsresult UnregisterCallback(PrefChangedFunc aCallback, + const nsACString& aPref, void* aClosure, + MatchKind aMatchKind); + static nsresult RegisterCallbackAndCall(PrefChangedFunc aCallback, + const nsACString& aPref, + void* aClosure, MatchKind aMatchKind); + + static nsresult RegisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, void* aClosure, + MatchKind aMatchKind); + static nsresult UnregisterCallbacks(PrefChangedFunc aCallback, + const char** aPrefs, void* aClosure, + MatchKind aMatchKind); + + template <typename T> + static nsresult RegisterCallbackImpl(PrefChangedFunc aCallback, T& aPref, + void* aClosure, MatchKind aMatchKind, + bool aIsPriority = false); + template <typename T> + static nsresult UnregisterCallbackImpl(PrefChangedFunc aCallback, T& aPref, + void* aClosure, MatchKind aMatchKind); + + static nsresult RegisterCallback(PrefChangedFunc aCallback, const char* aPref, + void* aClosure, MatchKind aMatchKind, + bool aIsPriority = false) { + return RegisterCallback(aCallback, nsDependentCString(aPref), aClosure, + aMatchKind, aIsPriority); + } + static nsresult UnregisterCallback(PrefChangedFunc aCallback, + const char* aPref, void* aClosure, + MatchKind aMatchKind) { + return UnregisterCallback(aCallback, nsDependentCString(aPref), aClosure, + aMatchKind); + } + static nsresult RegisterCallbackAndCall(PrefChangedFunc aCallback, + const char* aPref, void* aClosure, + MatchKind aMatchKind) { + return RegisterCallbackAndCall(aCallback, nsDependentCString(aPref), + aClosure, aMatchKind); + } + + private: + nsCOMPtr<nsIFile> mCurrentFile; + bool mDirty = false; + bool mProfileShutdown = false; + // We wait a bit after prefs are dirty before writing them. In this period, + // mDirty and mSavePending will both be true. + bool mSavePending = false; + + nsCOMPtr<nsIPrefBranch> mRootBranch; + nsCOMPtr<nsIPrefBranch> mDefaultRootBranch; + + static StaticRefPtr<Preferences> sPreferences; + static bool sShutdown; + + // Init static members. Returns true on success. + static bool InitStaticMembers(); +}; + +extern Atomic<bool, Relaxed> sOmitBlocklistedPrefValues; +extern Atomic<bool, Relaxed> sCrashOnBlocklistedPref; + +bool IsPreferenceSanitized(const char* aPref); + +const char kFissionEnforceBlockList[] = + "fission.enforceBlocklistedPrefsInSubprocesses"; +const char kFissionOmitBlockListValues[] = + "fission.omitBlocklistedPrefsInSubprocesses"; + +void OnFissionBlocklistPrefChange(const char* aPref, void* aData); + +} // namespace mozilla + +#endif // mozilla_Preferences_h diff --git a/modules/libpref/SharedPrefMap.cpp b/modules/libpref/SharedPrefMap.cpp new file mode 100644 index 0000000000..81f8d92485 --- /dev/null +++ b/modules/libpref/SharedPrefMap.cpp @@ -0,0 +1,236 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "SharedPrefMap.h" + +#include "mozilla/dom/ipc/MemMapSnapshot.h" + +#include "mozilla/BinarySearch.h" +#include "mozilla/ResultExtensions.h" +#include "mozilla/ipc/FileDescriptor.h" + +using namespace mozilla::loader; + +namespace mozilla { + +using namespace ipc; + +static inline size_t GetAlignmentOffset(size_t aOffset, size_t aAlign) { + auto mod = aOffset % aAlign; + return mod ? aAlign - mod : 0; +} + +SharedPrefMap::SharedPrefMap(const FileDescriptor& aMapFile, size_t aMapSize) { + auto result = mMap.initWithHandle(aMapFile, aMapSize); + MOZ_RELEASE_ASSERT(result.isOk()); + // We return literal nsCStrings pointing to the mapped data for preference + // names and string values, which means that we may still have references to + // the mapped data even after this instance is destroyed. That means that we + // need to keep the mapping alive until process shutdown, in order to be safe. + mMap.setPersistent(); +} + +SharedPrefMap::SharedPrefMap(SharedPrefMapBuilder&& aBuilder) { + auto result = aBuilder.Finalize(mMap); + MOZ_RELEASE_ASSERT(result.isOk()); + mMap.setPersistent(); +} + +mozilla::ipc::FileDescriptor SharedPrefMap::CloneFileDescriptor() const { + return mMap.cloneHandle(); +} + +bool SharedPrefMap::Has(const char* aKey) const { + size_t index; + return Find(aKey, &index); +} + +Maybe<const SharedPrefMap::Pref> SharedPrefMap::Get(const char* aKey) const { + Maybe<const Pref> result; + + size_t index; + if (Find(aKey, &index)) { + result.emplace(Pref{this, &Entries()[index]}); + } + + return result; +} + +bool SharedPrefMap::Find(const char* aKey, size_t* aIndex) const { + const auto& keys = KeyTable(); + + return BinarySearchIf( + Entries(), 0, EntryCount(), + [&](const Entry& aEntry) { + return strcmp(aKey, keys.GetBare(aEntry.mKey)); + }, + aIndex); +} + +void SharedPrefMapBuilder::Add(const nsCString& aKey, const Flags& aFlags, + bool aDefaultValue, bool aUserValue) { + mEntries.AppendElement(Entry{ + aKey.get(), + mKeyTable.Add(aKey), + {aDefaultValue, aUserValue}, + uint8_t(PrefType::Bool), + aFlags.mHasDefaultValue, + aFlags.mHasUserValue, + aFlags.mIsSticky, + aFlags.mIsLocked, + aFlags.mIsSanitized, + aFlags.mIsSkippedByIteration, + }); +} + +void SharedPrefMapBuilder::Add(const nsCString& aKey, const Flags& aFlags, + int32_t aDefaultValue, int32_t aUserValue) { + ValueIdx index; + if (aFlags.mHasUserValue) { + index = mIntValueTable.Add(aDefaultValue, aUserValue); + } else { + index = mIntValueTable.Add(aDefaultValue); + } + + mEntries.AppendElement(Entry{ + aKey.get(), + mKeyTable.Add(aKey), + {index}, + uint8_t(PrefType::Int), + aFlags.mHasDefaultValue, + aFlags.mHasUserValue, + aFlags.mIsSticky, + aFlags.mIsLocked, + aFlags.mIsSanitized, + aFlags.mIsSkippedByIteration, + }); +} + +void SharedPrefMapBuilder::Add(const nsCString& aKey, const Flags& aFlags, + const nsCString& aDefaultValue, + const nsCString& aUserValue) { + ValueIdx index; + StringTableEntry defaultVal = mValueStringTable.Add(aDefaultValue); + if (aFlags.mHasUserValue) { + StringTableEntry userVal = mValueStringTable.Add(aUserValue); + index = mStringValueTable.Add(defaultVal, userVal); + } else { + index = mStringValueTable.Add(defaultVal); + } + + mEntries.AppendElement(Entry{ + aKey.get(), + mKeyTable.Add(aKey), + {index}, + uint8_t(PrefType::String), + aFlags.mHasDefaultValue, + aFlags.mHasUserValue, + aFlags.mIsSticky, + aFlags.mIsLocked, + aFlags.mIsSanitized, + aFlags.mIsSkippedByIteration, + }); +} + +Result<Ok, nsresult> SharedPrefMapBuilder::Finalize(loader::AutoMemMap& aMap) { + using Header = SharedPrefMap::Header; + + // Create an array of entry pointers for the entry array, and sort it by + // preference name prior to serialization, so that entries can be looked up + // using binary search. + nsTArray<Entry*> entries(mEntries.Length()); + for (auto& entry : mEntries) { + entries.AppendElement(&entry); + } + entries.Sort([](const Entry* aA, const Entry* aB) { + return strcmp(aA->mKeyString, aB->mKeyString); + }); + + Header header = {uint32_t(entries.Length())}; + + size_t offset = sizeof(header); + offset += GetAlignmentOffset(offset, alignof(Header)); + + offset += entries.Length() * sizeof(SharedPrefMap::Entry); + + header.mKeyStrings.mOffset = offset; + header.mKeyStrings.mSize = mKeyTable.Size(); + offset += header.mKeyStrings.mSize; + + offset += GetAlignmentOffset(offset, mIntValueTable.Alignment()); + header.mUserIntValues.mOffset = offset; + header.mUserIntValues.mSize = mIntValueTable.UserSize(); + offset += header.mUserIntValues.mSize; + + offset += GetAlignmentOffset(offset, mIntValueTable.Alignment()); + header.mDefaultIntValues.mOffset = offset; + header.mDefaultIntValues.mSize = mIntValueTable.DefaultSize(); + offset += header.mDefaultIntValues.mSize; + + offset += GetAlignmentOffset(offset, mStringValueTable.Alignment()); + header.mUserStringValues.mOffset = offset; + header.mUserStringValues.mSize = mStringValueTable.UserSize(); + offset += header.mUserStringValues.mSize; + + offset += GetAlignmentOffset(offset, mStringValueTable.Alignment()); + header.mDefaultStringValues.mOffset = offset; + header.mDefaultStringValues.mSize = mStringValueTable.DefaultSize(); + offset += header.mDefaultStringValues.mSize; + + header.mValueStrings.mOffset = offset; + header.mValueStrings.mSize = mValueStringTable.Size(); + offset += header.mValueStrings.mSize; + + MemMapSnapshot mem; + MOZ_TRY(mem.Init(offset)); + + auto headerPtr = mem.Get<Header>(); + headerPtr[0] = header; + + auto* entryPtr = reinterpret_cast<SharedPrefMap::Entry*>(&headerPtr[1]); + for (auto* entry : entries) { + *entryPtr = { + entry->mKey, + GetValue(*entry), + entry->mType, + entry->mHasDefaultValue, + entry->mHasUserValue, + entry->mIsSticky, + entry->mIsLocked, + entry->mIsSanitized, + entry->mIsSkippedByIteration, + }; + entryPtr++; + } + + auto ptr = mem.Get<uint8_t>(); + + mKeyTable.Write({&ptr[header.mKeyStrings.mOffset], header.mKeyStrings.mSize}); + + mValueStringTable.Write( + {&ptr[header.mValueStrings.mOffset], header.mValueStrings.mSize}); + + mIntValueTable.WriteDefaultValues( + {&ptr[header.mDefaultIntValues.mOffset], header.mDefaultIntValues.mSize}); + mIntValueTable.WriteUserValues( + {&ptr[header.mUserIntValues.mOffset], header.mUserIntValues.mSize}); + + mStringValueTable.WriteDefaultValues( + {&ptr[header.mDefaultStringValues.mOffset], + header.mDefaultStringValues.mSize}); + mStringValueTable.WriteUserValues( + {&ptr[header.mUserStringValues.mOffset], header.mUserStringValues.mSize}); + + mKeyTable.Clear(); + mValueStringTable.Clear(); + mIntValueTable.Clear(); + mStringValueTable.Clear(); + mEntries.Clear(); + + return mem.Finalize(aMap); +} + +} // namespace mozilla diff --git a/modules/libpref/SharedPrefMap.h b/modules/libpref/SharedPrefMap.h new file mode 100644 index 0000000000..7c949e137d --- /dev/null +++ b/modules/libpref/SharedPrefMap.h @@ -0,0 +1,848 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef dom_ipc_SharedPrefMap_h +#define dom_ipc_SharedPrefMap_h + +#include "mozilla/AutoMemMap.h" +#include "mozilla/HashFunctions.h" +#include "mozilla/Preferences.h" +#include "mozilla/Result.h" +#include "mozilla/dom/ipc/StringTable.h" +#include "nsTHashMap.h" + +namespace mozilla { + +// The approximate number of preferences expected to be in an ordinary +// preferences database. +// +// This number is used to determine initial allocation sizes for data structures +// when building the shared preference map, and should be slightly higher than +// the expected number of preferences in an ordinary database to avoid +// unnecessary reallocations/rehashes. +constexpr size_t kExpectedPrefCount = 4000; + +class SharedPrefMapBuilder; + +// This class provides access to a compact, read-only copy of a preference +// database, backed by a shared memory buffer which can be shared between +// processes. All state data for the database is stored in the shared memory +// region, so individual instances require no dynamic memory allocation. +// +// Further, all strings returned from this API are nsLiteralCStrings with +// pointers into the shared memory region, which means that they can be copied +// into new nsCString instances without additional allocations. For instance, +// the following (where `pref` is a Pref object) will not cause any string +// copies, memory allocations, or atomic refcount changes: +// +// nsCString prefName(pref.NameString()); +// +// whereas if we returned a nsDependentCString or a dynamically allocated +// nsCString, it would. +// +// The set of entries is stored in sorted order by preference name, so look-ups +// are done by binary search. This means that look-ups have O(log n) complexity, +// rather than the O(1) complexity of a dynamic hashtable. Consumers should keep +// this in mind when planning their accesses. +// +// Important: The mapped memory created by this class is persistent. Once an +// instance has been initialized, the memory that it allocates can never be +// freed before process shutdown. Do not use it for short-lived mappings. +class SharedPrefMap { + using FileDescriptor = mozilla::ipc::FileDescriptor; + + friend class SharedPrefMapBuilder; + + // Describes a block of memory within the shared memory region. + struct DataBlock { + // The byte offset from the start of the shared memory region to the start + // of the block. + size_t mOffset; + // The size of the block, in bytes. This is typically used only for bounds + // checking in debug builds. + size_t mSize; + }; + + // Describes the contents of the shared memory region, which is laid-out as + // follows: + // + // - The Header struct + // + // - An array of Entry structs with mEntryCount elements, lexicographically + // sorted by preference name. + // + // - A set of data blocks, with offsets and sizes described by the DataBlock + // entries in the header, described below. + // + // Each entry stores its name string and values as indices into these blocks, + // as documented in the Entry struct, but with some important optimizations: + // + // - Boolean values are always stored inline. Both the default and user + // values can be retrieved directly from the entry. Other types have only + // one value index, and their values appear at the same indices in the + // default and user value arrays. + // + // Aside from reducing our memory footprint, this space-efficiency means + // that we can fit more entries in the CPU cache at once, and reduces the + // number of likely cache misses during lookups. + // + // - Key strings are stored in a separate string table from value strings. As + // above, this makes it more likely that the strings we need will be + // available in the CPU cache during lookups by not interleaving them with + // extraneous data. + // + // - Default and user values are stored in separate arrays. Entries with user + // values always appear before entries with default values in the value + // arrays, and entries without user values do not have entries in the user + // array at all. Since the same index is used for both arrays, this means + // that entries with a default value but no user value do not allocate any + // space to store their user value. + // + // - For preferences with no user value, the entries in the default value are + // de-duplicated. All preferences with the same default value (and no user + // value) point to the same index in the default value array. + // + // + // For example, a preference database containing: + // + // +---------+-------------------------------+-------------------------------+ + // | Name | Default Value | User Value | | + // +---------+---------------+---------------+-------------------------------+ + // | string1 | "meh" | "hem" | | + // | string2 | | "b" | | + // | string3 | "a" | | | + // | string4 | "foo" | | | + // | string5 | "foo" | | | + // | string6 | "meh" | | | + // +---------+---------------+---------------+-------------------------------+ + // | bool1 | false | true | | + // | bool2 | | false | | + // | bool3 | true | | | + // +---------+---------------+---------------+-------------------------------+ + // | int1 | 18 | 16 | | + // | int2 | | 24 | | + // | int3 | 42 | | | + // | int4 | 12 | | | + // | int5 | 12 | | | + // | int6 | 18 | | | + // +---------+---------------+---------------+-------------------------------+ + // + // Results in a database that looks like: + // + // +-------------------------------------------------------------------------+ + // | Header: | + // +-------------------------------------------------------------------------+ + // | mEntryCount = 15 | + // | ... | + // +-------------------------------------------------------------------------+ + // + // +-------------------------------------------------------------------------+ + // | Key strings: | + // +--------+----------------------------------------------------------------+ + // | Offset | Value | + // +--------+----------------------------------------------------------------+ + // | 0 | string1\0 | + // | 8 | string2\0 | + // | 16 | string3\0 | + // | 24 | string4\0 | + // | 32 | string5\0 | + // | 40 | string6\0 | + // | 48 | bool1\0 | + // | 54 | bool2\0 | + // | 60 | bool3\0 | + // | 66 | int1\0 | + // | 71 | int2\0 | + // | 76 | int3\0 | + // | 81 | int4\0 | + // | 86 | int6\0 | + // | 91 | int6\0 | + // +--------+----------------------------------------------------------------+ + // + // +-------------------------------------------------------------------------+ + // | Entries: | + // +---------------------+------+------------+------------+------------------+ + // | Key[1] | Type | HasDefault | HasUser | Value | + // +---------------------+------+------------+------------+------------------+ + // | K["bool1", 48, 5] | 3 | true | true | { false, true } | + // | K["bool2", 54, 5] | 3 | false | true | { 0, false } | + // | K["bool3", 60, 5] | 3 | true | false | { true, 0 } | + // | K["int1", 66, 4] | 2 | true | true | 0 | + // | K["int2", 71, 4] | 2 | false | true | 1 | + // | K["int3", 76, 4] | 2 | true | false | 2 | + // | K["int4", 81, 4] | 2 | true | false | 3 | + // | K["int5", 86, 4] | 2 | true | false | 3 | + // | K["int6", 91, 4] | 2 | true | false | 4 | + // | K["string1", 0, 6] | 1 | true | true | 0 | + // | K["string2", 8, 6] | 1 | false | true | 1 | + // | K["string3", 16, 6] | 1 | true | false | 2 | + // | K["string4", 24, 6] | 1 | true | false | 3 | + // | K["string5", 32, 6] | 1 | true | false | 3 | + // | K["string6", 40, 6] | 1 | true | false | 4 | + // +---------------------+------+------------+------------+------------------+ + // | [1]: Encoded as an offset into the key table and a length. Specified | + // | as K[string, offset, length] for clarity. | + // +-------------------------------------------------------------------------+ + // + // +------------------------------------+------------------------------------+ + // | User integer values | Default integer values | + // +-------+----------------------------+-------+----------------------------+ + // | Index | Contents | Index | Contents | + // +-------+----------------------------+-------+----------------------------+ + // | 0 | 16 | 0 | 18 | + // | 1 | 24 | 1 | | + // | | | 2 | 42 | + // | | | 3 | 12 | + // | | | 4 | 18 | + // +-------+----------------------------+-------+----------------------------+ + // | * Note: Tables are laid out sequentially in memory, but displayed | + // | here side-by-side for clarity. | + // +-------------------------------------------------------------------------+ + // + // +------------------------------------+------------------------------------+ + // | User string values | Default string values | + // +-------+----------------------------+-------+----------------------------+ + // | Index | Contents[1] | Index | Contents[1] | + // +-------+----------------------------+-------+----------------------------+ + // | 0 | V["hem", 0, 3] | 0 | V["meh", 4, 3] | + // | 1 | V["b", 8, 1] | 1 | | + // | | | 2 | V["a", 10, 1] | + // | | | 3 | V["foo", 12, 3] | + // | | | 4 | V["meh", 4, 3] | + // |-------+----------------------------+-------+----------------------------+ + // | [1]: Encoded as an offset into the value table and a length. Specified | + // | as V[string, offset, length] for clarity. | + // +-------------------------------------------------------------------------+ + // | * Note: Tables are laid out sequentially in memory, but displayed | + // | here side-by-side for clarity. | + // +-------------------------------------------------------------------------+ + // + // +-------------------------------------------------------------------------+ + // | Value strings: | + // +--------+----------------------------------------------------------------+ + // | Offset | Value | + // +--------+----------------------------------------------------------------+ + // | 0 | hem\0 | + // | 4 | meh\0 | + // | 8 | b\0 | + // | 10 | a\0 | + // | 12 | foo\0 | + // +--------+----------------------------------------------------------------+ + struct Header { + // The number of entries in this map. + uint32_t mEntryCount; + + // The StringTable data block for preference name strings, which act as keys + // in the map. + DataBlock mKeyStrings; + + // The int32_t arrays of user and default int preference values. Entries in + // the map store their values as indices into these arrays. + DataBlock mUserIntValues; + DataBlock mDefaultIntValues; + + // The StringTableEntry arrays of user and default string preference values. + // + // Strings are stored as StringTableEntry structs with character offsets + // into the mValueStrings string table and their corresponding lengths. + // + // Entries in the map, likewise, store their string values as indices into + // these arrays. + DataBlock mUserStringValues; + DataBlock mDefaultStringValues; + + // The StringTable data block for string preference values, referenced by + // the above two data blocks. + DataBlock mValueStrings; + }; + + using StringTableEntry = mozilla::dom::ipc::StringTableEntry; + + // Represents a preference value, as either a pair of boolean values, or an + // index into one of the above value arrays. + union Value { + Value(bool aDefaultValue, bool aUserValue) + : mDefaultBool(aDefaultValue), mUserBool(aUserValue) {} + + MOZ_IMPLICIT Value(uint16_t aIndex) : mIndex(aIndex) {} + + // The index of this entry in the value arrays. + // + // User and default preference values have the same indices in their + // respective arrays. However, entries without a user value are not + // guaranteed to have space allocated for them in the user value array, and + // likewise for preferences without default values in the default value + // array. This means that callers must only access value entries for entries + // which claim to have a value of that type. + uint16_t mIndex; + struct { + bool mDefaultBool; + bool mUserBool; + }; + }; + + // Represents a preference entry in the map, containing its name, type info, + // flags, and a reference to its value. + struct Entry { + // A pointer to the preference name in the KeyTable string table. + StringTableEntry mKey; + + // The preference's value, either as a pair of booleans, or an index into + // the value arrays. Please see the documentation for the Value struct + // above. + Value mValue; + + // The preference's type, as a PrefType enum value. This must *never* be + // PrefType::None for values in a shared array. + uint8_t mType : 2; + // True if the preference has a default value. Callers must not attempt to + // access the entry's default value if this is false. + uint8_t mHasDefaultValue : 1; + // True if the preference has a user value. Callers must not attempt to + // access the entry's user value if this is false. + uint8_t mHasUserValue : 1; + // True if the preference is sticky, as defined by the preference service. + uint8_t mIsSticky : 1; + // True if the preference is locked, as defined by the preference service. + uint8_t mIsLocked : 1; + // True if the preference is sanitized, as defined by the preference + // service. + uint8_t mIsSanitized : 1; + // True if the preference should be skipped while iterating over the + // SharedPrefMap. This is used to internally store Once StaticPrefs. + // This property is not visible to users the way sticky and locked are. + uint8_t mIsSkippedByIteration : 1; + }; + + public: + NS_INLINE_DECL_REFCOUNTING(SharedPrefMap) + + // A temporary wrapper class for accessing entries in the array. Instances of + // this class are valid as long as SharedPrefMap instance is alive, but + // generally should not be stored long term, or allocated on the heap. + // + // The class is implemented as two pointers, one to the SharedPrefMap + // instance, and one to the Entry that corresponds to the preference, and is + // meant to be cheaply returned by value from preference lookups and + // iterators. All property accessors lazily fetch the appropriate values from + // the shared memory region. + class MOZ_STACK_CLASS Pref final { + public: + const char* Name() const { return mMap->KeyTable().GetBare(mEntry->mKey); } + + nsCString NameString() const { return mMap->KeyTable().Get(mEntry->mKey); } + + PrefType Type() const { + MOZ_ASSERT(PrefType(mEntry->mType) != PrefType::None); + return PrefType(mEntry->mType); + } + + bool HasDefaultValue() const { return mEntry->mHasDefaultValue; } + bool HasUserValue() const { return mEntry->mHasUserValue; } + bool IsLocked() const { return mEntry->mIsLocked; } + bool IsSanitized() const { return mEntry->mIsSanitized; } + bool IsSticky() const { return mEntry->mIsSticky; } + bool IsSkippedByIteration() const { return mEntry->mIsSkippedByIteration; } + + bool GetBoolValue(PrefValueKind aKind = PrefValueKind::User) const { + MOZ_ASSERT(Type() == PrefType::Bool); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + return aKind == PrefValueKind::Default ? mEntry->mValue.mDefaultBool + : mEntry->mValue.mUserBool; + } + + int32_t GetIntValue(PrefValueKind aKind = PrefValueKind::User) const { + MOZ_ASSERT(Type() == PrefType::Int); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + return aKind == PrefValueKind::Default + ? mMap->DefaultIntValues()[mEntry->mValue.mIndex] + : mMap->UserIntValues()[mEntry->mValue.mIndex]; + } + + private: + const StringTableEntry& GetStringEntry(PrefValueKind aKind) const { + MOZ_ASSERT(Type() == PrefType::String); + MOZ_ASSERT(aKind == PrefValueKind::Default ? HasDefaultValue() + : HasUserValue()); + + return aKind == PrefValueKind::Default + ? mMap->DefaultStringValues()[mEntry->mValue.mIndex] + : mMap->UserStringValues()[mEntry->mValue.mIndex]; + } + + public: + nsCString GetStringValue(PrefValueKind aKind = PrefValueKind::User) const { + return mMap->ValueTable().Get(GetStringEntry(aKind)); + } + + const char* GetBareStringValue( + PrefValueKind aKind = PrefValueKind::User) const { + return mMap->ValueTable().GetBare(GetStringEntry(aKind)); + } + + // Returns the entry's index in the map, as understood by GetKeyAt() and + // GetValueAt(). + size_t Index() const { return mEntry - mMap->Entries().get(); } + + bool operator==(const Pref& aPref) const { return mEntry == aPref.mEntry; } + bool operator!=(const Pref& aPref) const { return !(*this == aPref); } + + // This is odd, but necessary in order for the C++ range iterator protocol + // to work here. + Pref& operator*() { return *this; } + + // Updates this wrapper to point to the next visible entry in the map. This + // should not be attempted unless Index() is less than the map's Count(). + Pref& operator++() { + do { + mEntry++; + } while (mEntry->mIsSkippedByIteration && Index() < mMap->Count()); + return *this; + } + + Pref(const Pref& aPref) = default; + + protected: + friend class SharedPrefMap; + + Pref(const SharedPrefMap* aPrefMap, const Entry* aEntry) + : mMap(aPrefMap), mEntry(aEntry) {} + + private: + const SharedPrefMap* const mMap; + const Entry* mEntry; + }; + + // Note: These constructors are infallible, because the preference database is + // critical to platform functionality, and we cannot operate without it. + SharedPrefMap(const FileDescriptor&, size_t); + explicit SharedPrefMap(SharedPrefMapBuilder&&); + + // Searches for the given preference in the map, and returns true if it + // exists. + bool Has(const char* aKey) const; + + bool Has(const nsCString& aKey) const { return Has(aKey.get()); } + + // Searches for the given preference in the map, and if it exists, returns + // a Some<Pref> containing its details. + Maybe<const Pref> Get(const char* aKey) const; + + Maybe<const Pref> Get(const nsCString& aKey) const { return Get(aKey.get()); } + + private: + // Searches for an entry for the given key. If found, returns true, and + // places its index in the entry array in aIndex. + bool Find(const char* aKey, size_t* aIndex) const; + + public: + // Returns the number of entries in the map. + uint32_t Count() const { return EntryCount(); } + + // Returns the string entry at the given index. Keys are guaranteed to be + // sorted lexicographically. + // + // The given index *must* be less than the value returned by Count(). + // + // The returned value is a literal string which references the mapped memory + // region. + nsCString GetKeyAt(uint32_t aIndex) const { + MOZ_ASSERT(aIndex < Count()); + return KeyTable().Get(Entries()[aIndex].mKey); + } + + // Returns the value for the entry at the given index. + // + // The given index *must* be less than the value returned by Count(). + // + // The returned value is valid for the lifetime of this map instance. + const Pref GetValueAt(uint32_t aIndex) const { + MOZ_ASSERT(aIndex < Count()); + return UncheckedGetValueAt(aIndex); + } + + private: + // Returns a wrapper with a pointer to an entry without checking its bounds. + // This should only be used by range iterators, to check their end positions. + // + // Note: In debug builds, the RangePtr returned by entries will still assert + // that aIndex is no more than 1 past the last element in the array, since it + // also takes into account the ranged iteration use case. + Pref UncheckedGetValueAt(uint32_t aIndex) const { + return {this, (Entries() + aIndex).get()}; + } + + public: + // C++ range iterator protocol. begin() and end() return references to the + // first (non-skippable) and last entries in the array. The begin wrapper + // can be incremented until it matches the last element in the array, at which + // point it becomes invalid and the iteration is over. + Pref begin() const { + for (uint32_t aIndex = 0; aIndex < Count(); aIndex++) { + Pref pref = UncheckedGetValueAt(aIndex); + if (!pref.IsSkippedByIteration()) { + return pref; + } + } + return end(); + } + Pref end() const { return UncheckedGetValueAt(Count()); } + + // A cosmetic helper for range iteration. Returns a reference value from a + // pointer to this instance so that its .begin() and .end() methods can be + // accessed in a ranged for loop. `map->Iter()` is equivalent to `*map`, but + // makes its purpose slightly clearer. + const SharedPrefMap& Iter() const { return *this; } + + // Returns a copy of the read-only file descriptor which backs the shared + // memory region for this map. The file descriptor may be passed between + // processes, and used to construct new instances of SharedPrefMap with + // the same data as this instance. + FileDescriptor CloneFileDescriptor() const; + + // Returns the size of the mapped memory region. This size must be passed to + // the constructor when mapping the shared region in another process. + size_t MapSize() const { return mMap.size(); } + + protected: + ~SharedPrefMap() = default; + + private: + template <typename T> + using StringTable = mozilla::dom::ipc::StringTable<T>; + + // Type-safe getters for values in the shared memory region: + const Header& GetHeader() const { return mMap.get<Header>()[0]; } + + RangedPtr<const Entry> Entries() const { + return {reinterpret_cast<const Entry*>(&GetHeader() + 1), EntryCount()}; + } + + uint32_t EntryCount() const { return GetHeader().mEntryCount; } + + template <typename T> + RangedPtr<const T> GetBlock(const DataBlock& aBlock) const { + return RangedPtr<uint8_t>(&mMap.get<uint8_t>()[aBlock.mOffset], + aBlock.mSize) + .ReinterpretCast<const T>(); + } + + RangedPtr<const int32_t> DefaultIntValues() const { + return GetBlock<int32_t>(GetHeader().mDefaultIntValues); + } + RangedPtr<const int32_t> UserIntValues() const { + return GetBlock<int32_t>(GetHeader().mUserIntValues); + } + + RangedPtr<const StringTableEntry> DefaultStringValues() const { + return GetBlock<StringTableEntry>(GetHeader().mDefaultStringValues); + } + RangedPtr<const StringTableEntry> UserStringValues() const { + return GetBlock<StringTableEntry>(GetHeader().mUserStringValues); + } + + StringTable<nsCString> KeyTable() const { + auto& block = GetHeader().mKeyStrings; + return {{&mMap.get<uint8_t>()[block.mOffset], block.mSize}}; + } + + StringTable<nsCString> ValueTable() const { + auto& block = GetHeader().mValueStrings; + return {{&mMap.get<uint8_t>()[block.mOffset], block.mSize}}; + } + + loader::AutoMemMap mMap; +}; + +// A helper class which builds the contiguous look-up table used by +// SharedPrefMap. Each preference in the final map is added to the builder, +// before it is finalized and transformed into a read-only snapshot. +class MOZ_RAII SharedPrefMapBuilder { + public: + SharedPrefMapBuilder() = default; + + // The set of flags for the preference, as documented in SharedPrefMap::Entry. + struct Flags { + uint8_t mHasDefaultValue : 1; + uint8_t mHasUserValue : 1; + uint8_t mIsSticky : 1; + uint8_t mIsLocked : 1; + uint8_t mIsSanitized : 1; + uint8_t mIsSkippedByIteration : 1; + }; + + void Add(const nsCString& aKey, const Flags& aFlags, bool aDefaultValue, + bool aUserValue); + + void Add(const nsCString& aKey, const Flags& aFlags, int32_t aDefaultValue, + int32_t aUserValue); + + void Add(const nsCString& aKey, const Flags& aFlags, + const nsCString& aDefaultValue, const nsCString& aUserValue); + + // Finalizes the binary representation of the map, writes it to a shared + // memory region, and then initializes the given AutoMemMap with a reference + // to the read-only copy of it. + // + // This should generally not be used directly by callers. The + // SharedPrefMapBuilder instance should instead be passed to the SharedPrefMap + // constructor as a move reference. + Result<Ok, nsresult> Finalize(loader::AutoMemMap& aMap); + + private: + using StringTableEntry = mozilla::dom::ipc::StringTableEntry; + template <typename T, typename U> + using StringTableBuilder = mozilla::dom::ipc::StringTableBuilder<T, U>; + + // An opaque descriptor of the index of a preference entry in a value array, + // which can be converted numeric index after the ValueTableBuilder is + // finalized. + struct ValueIdx { + // The relative index of the entry, based on its class. Entries for + // preferences with user values appear at the value arrays. Entries with + // only default values begin after the last entry with a user value. + uint16_t mIndex; + bool mHasUserValue; + }; + + // A helper class for building default and user value arrays for preferences. + // + // As described in the SharedPrefMap class, this helper optimizes the way that + // it builds its value arrays, in that: + // + // - It stores value entries for all preferences with user values before + // entries for preferences with only default values, and allocates no + // entries for preferences with only default values in the user value array. + // Since most preferences have only default values, this dramatically + // reduces the space required for value storage. + // + // - For preferences with only default values, it de-duplicates value entries, + // and returns the same indices for all preferences with the same value. + // + // One important complication of this approach is that it means we cannot know + // the final index of any entry with only a default value until all entries + // have been added to the builder, since it depends on the final number of + // user entries in the output. + // + // To deal with this, when entries are added, we return an opaque ValueIndex + // struct, from which we can calculate the final index after the map has been + // finalized. + template <typename HashKey, typename ValueType_> + class ValueTableBuilder { + public: + using ValueType = ValueType_; + + // Adds an entry for a preference with only a default value to the array, + // and returns an opaque descriptor for its index. + ValueIdx Add(const ValueType& aDefaultValue) { + auto index = uint16_t(mDefaultEntries.Count()); + + return mDefaultEntries.WithEntryHandle(aDefaultValue, [&](auto&& entry) { + entry.OrInsertWith([&] { return Entry{index, false, aDefaultValue}; }); + + return ValueIdx{entry->mIndex, false}; + }); + } + + // Adds an entry for a preference with a user value to the array. Regardless + // of whether the preference has a default value, space must be allocated + // for it. For preferences with no default value, the actual value which + // appears in the array at its value index is ignored. + ValueIdx Add(const ValueType& aDefaultValue, const ValueType& aUserValue) { + auto index = uint16_t(mUserEntries.Length()); + + mUserEntries.AppendElement(Entry{index, true, aDefaultValue, aUserValue}); + + return {index, true}; + } + + // Returns the final index for an entry based on its opaque index + // descriptor. This must only be called after the caller has finished adding + // entries to the builder. + uint16_t GetIndex(const ValueIdx& aIndex) const { + uint16_t base = aIndex.mHasUserValue ? 0 : UserCount(); + return base + aIndex.mIndex; + } + + // Writes out the array of default values at the block beginning at the + // given pointer. The block must be at least as large as the value returned + // by DefaultSize(). + void WriteDefaultValues(const RangedPtr<uint8_t>& aBuffer) const { + auto buffer = aBuffer.ReinterpretCast<ValueType>(); + + for (const auto& entry : mUserEntries) { + buffer[entry.mIndex] = entry.mDefaultValue; + } + + size_t defaultsOffset = UserCount(); + for (const auto& data : mDefaultEntries.Values()) { + buffer[defaultsOffset + data.mIndex] = data.mDefaultValue; + } + } + + // Writes out the array of user values at the block beginning at the + // given pointer. The block must be at least as large as the value returned + // by UserSize(). + void WriteUserValues(const RangedPtr<uint8_t>& aBuffer) const { + auto buffer = aBuffer.ReinterpretCast<ValueType>(); + + for (const auto& entry : mUserEntries) { + buffer[entry.mIndex] = entry.mUserValue; + } + } + + // These return the number of entries in the default and user value arrays, + // respectively. + uint32_t DefaultCount() const { + return UserCount() + mDefaultEntries.Count(); + } + uint32_t UserCount() const { return mUserEntries.Length(); } + + // These return the byte sizes of the default and user value arrays, + // respectively. + uint32_t DefaultSize() const { return DefaultCount() * sizeof(ValueType); } + uint32_t UserSize() const { return UserCount() * sizeof(ValueType); } + + void Clear() { + mUserEntries.Clear(); + mDefaultEntries.Clear(); + } + + static constexpr size_t Alignment() { return alignof(ValueType); } + + private: + struct Entry { + uint16_t mIndex; + bool mHasUserValue; + ValueType mDefaultValue; + ValueType mUserValue{}; + }; + + AutoTArray<Entry, 256> mUserEntries; + + nsTHashMap<HashKey, Entry> mDefaultEntries; + }; + + // A special-purpose string table builder for keys which are already + // guaranteed to be unique. Duplicate values will not be detected or + // de-duplicated. + template <typename CharType> + class UniqueStringTableBuilder { + public: + using ElemType = CharType; + + explicit UniqueStringTableBuilder(size_t aCapacity) : mEntries(aCapacity) {} + + StringTableEntry Add(const nsTString<CharType>& aKey) { + auto entry = mEntries.AppendElement( + Entry{mSize, uint32_t(aKey.Length()), aKey.get()}); + + mSize += entry->mLength + 1; + + return {entry->mOffset, entry->mLength}; + } + + void Write(const RangedPtr<uint8_t>& aBuffer) { + auto buffer = aBuffer.ReinterpretCast<ElemType>(); + + for (auto& entry : mEntries) { + memcpy(&buffer[entry.mOffset], entry.mValue, + sizeof(ElemType) * (entry.mLength + 1)); + } + } + + uint32_t Count() const { return mEntries.Length(); } + + uint32_t Size() const { return mSize * sizeof(ElemType); } + + void Clear() { mEntries.Clear(); } + + static constexpr size_t Alignment() { return alignof(ElemType); } + + private: + struct Entry { + uint32_t mOffset; + uint32_t mLength; + const CharType* mValue; + }; + + nsTArray<Entry> mEntries; + uint32_t mSize = 0; + }; + + // A preference value entry, roughly corresponding to the + // SharedPrefMap::Value struct, but with a temporary place-holder value rather + // than a final value index. + union Value { + Value(bool aDefaultValue, bool aUserValue) + : mDefaultBool(aDefaultValue), mUserBool(aUserValue) {} + + MOZ_IMPLICIT Value(const ValueIdx& aIndex) : mIndex(aIndex) {} + + // For Bool preferences, their default and user bool values. + struct { + bool mDefaultBool; + bool mUserBool; + }; + // For Int and String preferences, an opaque descriptor for their entries in + // their value arrays. This must be passed to the appropriate + // ValueTableBuilder to obtain the final index when the entry is serialized. + ValueIdx mIndex; + }; + + // A preference entry, to be converted to a SharedPrefMap::Entry struct during + // serialization. + struct Entry { + // The entry's preference name, as passed to Add(). The caller is + // responsible for keeping this pointer alive until the builder is + // finalized. + const char* mKeyString; + // The entry in mKeyTable corresponding to mKeyString. + StringTableEntry mKey; + Value mValue; + + uint8_t mType : 2; + uint8_t mHasDefaultValue : 1; + uint8_t mHasUserValue : 1; + uint8_t mIsSticky : 1; + uint8_t mIsLocked : 1; + uint8_t mIsSanitized : 1; + uint8_t mIsSkippedByIteration : 1; + }; + + // Converts a builder Value struct to a SharedPrefMap::Value struct for + // serialization. This must not be called before callers have finished adding + // entries to the value array builders. + SharedPrefMap::Value GetValue(const Entry& aEntry) const { + switch (PrefType(aEntry.mType)) { + case PrefType::Bool: + return {aEntry.mValue.mDefaultBool, aEntry.mValue.mUserBool}; + case PrefType::Int: + return {mIntValueTable.GetIndex(aEntry.mValue.mIndex)}; + case PrefType::String: + return {mStringValueTable.GetIndex(aEntry.mValue.mIndex)}; + default: + MOZ_ASSERT_UNREACHABLE("Invalid pref type"); + return {false, false}; + } + } + + UniqueStringTableBuilder<char> mKeyTable{kExpectedPrefCount}; + StringTableBuilder<nsCStringHashKey, nsCString> mValueStringTable; + + ValueTableBuilder<nsUint32HashKey, uint32_t> mIntValueTable; + ValueTableBuilder<nsGenericHashKey<StringTableEntry>, StringTableEntry> + mStringValueTable; + + nsTArray<Entry> mEntries{kExpectedPrefCount}; +}; + +} // namespace mozilla + +#endif // dom_ipc_SharedPrefMap_h diff --git a/modules/libpref/StaticPrefsBase.h b/modules/libpref/StaticPrefsBase.h new file mode 100644 index 0000000000..597a5beda2 --- /dev/null +++ b/modules/libpref/StaticPrefsBase.h @@ -0,0 +1,93 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_StaticPrefsBase_h +#define mozilla_StaticPrefsBase_h + +#include <type_traits> + +#include "mozilla/Atomics.h" +#include "mozilla/DataMutex.h" +#include "nsString.h" + +namespace mozilla { + +class SharedPrefMapBuilder; + +// These typedefs are for use within init/StaticPrefList*.h. + +typedef const char* String; + +using DataMutexString = StaticDataMutex<nsCString>; + +template <typename T> +struct IsString : std::false_type {}; + +template <> +struct IsString<String> : std::true_type {}; + +template <> +struct IsString<DataMutexString> : std::true_type {}; + +typedef Atomic<bool, Relaxed> RelaxedAtomicBool; +typedef Atomic<bool, ReleaseAcquire> ReleaseAcquireAtomicBool; +typedef Atomic<bool, SequentiallyConsistent> SequentiallyConsistentAtomicBool; + +typedef Atomic<int32_t, Relaxed> RelaxedAtomicInt32; +typedef Atomic<int32_t, ReleaseAcquire> ReleaseAcquireAtomicInt32; +typedef Atomic<int32_t, SequentiallyConsistent> + SequentiallyConsistentAtomicInt32; + +typedef Atomic<uint32_t, Relaxed> RelaxedAtomicUint32; +typedef Atomic<uint32_t, ReleaseAcquire> ReleaseAcquireAtomicUint32; +typedef Atomic<uint32_t, SequentiallyConsistent> + SequentiallyConsistentAtomicUint32; + +// XXX: Atomic<float> currently doesn't work (see bug 1552086). Once it's +// supported we will be able to use Atomic<float> here. +typedef std::atomic<float> AtomicFloat; + +template <typename T> +struct StripAtomicImpl { + typedef T Type; +}; + +template <typename T, MemoryOrdering Order> +struct StripAtomicImpl<Atomic<T, Order>> { + typedef T Type; +}; + +template <typename T> +struct StripAtomicImpl<std::atomic<T>> { + typedef T Type; +}; + +template <> +struct StripAtomicImpl<DataMutexString> { + typedef nsCString Type; +}; + +template <typename T> +using StripAtomic = typename StripAtomicImpl<T>::Type; + +template <typename T> +struct IsAtomic : std::false_type {}; + +template <typename T, MemoryOrdering Order> +struct IsAtomic<Atomic<T, Order>> : std::true_type {}; + +template <typename T> +struct IsAtomic<std::atomic<T>> : std::true_type {}; + +namespace StaticPrefs { + +void MaybeInitOncePrefs(); + +} // namespace StaticPrefs + +} // namespace mozilla + +#endif // mozilla_StaticPrefsBase_h diff --git a/modules/libpref/components.conf b/modules/libpref/components.conf new file mode 100644 index 0000000000..25f3aecbb7 --- /dev/null +++ b/modules/libpref/components.conf @@ -0,0 +1,31 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +Headers = [ + 'mozilla/Preferences.h', +] + +UnloadFunc = 'mozilla::UnloadPrefsModule' + +Classes = [ + { + 'name': 'Preferences', + 'js_name': 'prefs', + 'cid': '{91ca2441-050f-4f7c-9df8-75b40ea40156}', + 'contract_ids': ['@mozilla.org/preferences-service;1'], + 'interfaces': ['nsIPrefService', 'nsIPrefBranch'], + 'singleton': True, + 'type': 'mozilla::Preferences', + 'headers': ['mozilla/Preferences.h'], + 'constructor': 'mozilla::Preferences::GetInstanceForService', + 'processes': ProcessSelector.ALLOW_IN_GPU_RDD_VR_SOCKET_AND_UTILITY_PROCESS, + }, + { + 'cid': '{064d9cee-1dd2-11b2-83e3-d25ab0193c26}', + 'contract_ids': ['@mozilla.org/pref-localizedstring;1'], + 'type': 'nsPrefLocalizedString', + }, +] diff --git a/modules/libpref/docs/index.md b/modules/libpref/docs/index.md new file mode 100644 index 0000000000..e7576deb9f --- /dev/null +++ b/modules/libpref/docs/index.md @@ -0,0 +1,462 @@ +# libpref +libpref is a generic key/value store that is used to implement *prefs*, a term +that encompasses a variety of things. + +- Feature enable/disable flags (e.g. `xpinstall.signatures.required`). +- User preferences (e.g. things set from `about:preferences`) +- Internal application parameters (e.g. + `javascript.options.mem.nursery.max_kb`). +- Testing and debugging flags (e.g. `network.dns.native-is-localhost`). +- Things that might need locking in an enterprise installation. +- Application data (e.g. + `browser.onboarding.tour.onboarding-tour-addons.completed`, + `services.sync.clients.lastSync`). +- A cheap and dirty form of IPC(!) (some devtools prefs). + +Some of these (particularly the last two) are not an ideal use of libpref. + +The C++ API is in the `Preferences` class. The XPIDL API is in the +`nsIPrefService` and `nsIPrefBranch` interfaces. + +## High-level design + +### Keys +Keys (a.k.a. *pref names*) are 8-bit strings, and ASCII in practice. The +convention is to use a dotted segmented form, e.g. `foo.bar.baz`, but the +segments have no built-in meaning. + +Naming is inconsistent, e.g. segments have various forms: `foo_bar`, +`foo-bar`, `fooBar`, etc. Pref names for feature flags are likewise +inconsistent: `foo.enabled`, `foo.enable`, `foo.disable`, `fooEnabled`, +`enable-foo`, `foo.enabled.bar`, etc. + +The grouping of prefs into families, via pref name segments, is ad hoc. Some of +these families are closely related, e.g. there are many font prefs that are +present for every language script. + +Some prefs only make sense when considered in combination with other prefs. + +Many pref names are known at compile time, but some are computed at runtime. + +### Basic values +The basic types of pref values are bools, 32-bit ints, and 8-bit C strings. + +Strings are used to encode many types of data: identifiers, alphanumeric IDs, +UUIDs, SHA1 hashes, CSS color hex values, large integers that don't fit into +32-bit ints (e.g. timestamps), directory names, URLs, comma-separated lists, +space-separated lists, JSON blobs, etc. There is a 1 MiB length limit on string +values; longer strings are rejected outright. + +**Problem:** The C string encoding is unclear; some API functions deal with +unrestricted 8-bit strings (i.e. Latin1), but some require UTF-8. + +There is some API support for faking floats, by converting them from/to strings when getting/setting. + +**Problem:** confusion between ints and floats can lead to bugs. + +Each pref consists of a default value and/or a user value. Default values can +be initialized from file at startup, and can be added and modified at runtime +via the API. User values can be initialized from file at startup, and can be +added, modified and removed at runtime via the API and `about:config`. + +If both values are present the user value takes precedence for most operations, +though there are operations that specifically work on the default value. + +If a user value is set to the same value as the default value, the user value +is removed, unless the pref is marked as *sticky* at startup. + +**Problem:** it would be better to have a clear notion of "reset to default", +at least for prefs that have a default value. + +Prefs can be locked. This prevents them from being given a user value, or +hides the existing user value if there is one. + +### Complex values +There is API support for some complex values. + +`nsIFile` objects are handled by storing the filename as a string, similar to +how floats are faked by storing them as strings. + +`nsIPrefLocalizedString` objects are ones for which the default value +specifies a properties file that contains an entry whose name matches the +prefname. When gotten, the value from that entry is put into the user value. +When set, the given value just overwrites the user value, like a string pref. + +**Problem:** this is weird and unlike all the other pref types. + +`nsIRelativeFilePref` objects are only used in comm-central. + +### Pref Branches +XPIDL-based access to prefs is via `nsIPrefBranch`/`nsPrefBranch`, which +lets you specify a branch of the pref tree (e.g. `font.`) and pref names work +relative to that point. + +This API can be used from C++, but for C++ code there is also direct access +through the `Preferences` class, which uses absolute pref names. + +### Threads +For the most part, all the basic API functions only work on the main thread. +However, there are two exceptions to this. + +The narrow exception is that the Servo traversal thread is allowed to get pref +values. This only occurs when the main thread is paused, which makes it safe. +(Note: [bug 1474789](https://bugzilla.mozilla.org/show_bug.cgi?id=1474789) +indicates that this may not be true.) + +The broad exception is that static prefs can have a cached copy of a pref value +that can be accessed from other threads. See below. + +### Notifications +There is a notification API for being told when a pref's value changes. C++ +code can register a callback function and JS code can register an observer (via +`nsIObserver`, which requires XPCOM). In both cases, the registered entity +will be notified when the value of the named pref value changes, or when the +value of any pref matching a given prefix changes. E.g. all font pref changes +can be observed by adding a `font.` prefix-matching observer. + +See also the section on static prefs below. + +### Static prefs +There is a special kind of pref called a static pref. Static prefs are defined +in `StaticPrefList.yaml`. + +If a static pref is defined in both `StaticPrefList.yaml` and a pref data +file, the latter definition will take precedence. A pref shouldn't appear in +both `StaticPrefList.yaml` and `all.js`, but it may make sense for a pref +to appear in both `StaticPrefList.yaml` and an app-specific pref data file +such as `firefox.js`. + +Each static pref has a *mirror* kind. + +* `always`: A C++ *mirror variable* is associated with the pref. The variable + is always kept in sync with the pref value. This kind is common. +* `once`: A C++ mirror variable is associated with the pref. The variable is + synced once with the pref's value at startup, and then does not change. This + kind is less common, and mostly used for graphics prefs. +* `never`: No C++ mirror variable is associated with the pref. This is much + like a normal pref. + +An `always` or `once` static pref can only be used for prefs with +bool/int/float values, not strings or complex values. + +Each mirror variable is read-only, accessible via a getter function. + +Mirror variables have two benefits. First, they allow C++ and Rust code to get +the pref value directly from the variable instead of requiring a slow hash +table lookup, which is important for prefs that are consulted frequently. +Second, they allow C++ and Rust code to get the pref value off the main thread. +The mirror variable must have an atomic type if it is read off the main thread, +and assertions ensure this. + +Note that mirror variables could be implemented via vanilla callbacks without +API support, except for one detail: libpref gives their callbacks higher +priority than normal callbacks, ensuring that any static pref will be +up-to-date if read by a normal callback. + +**Problem:** It is not clear what should happen to a static pref's mirror +variable if the pref is deleted? Currently there is a missing +`NotifyCallbacks()` call so the mirror variable keeps its value from before +the deletion. The cleanest solution is probably to disallow static prefs from +being deleted. + +### Sanitized Prefs +We restrict certain prefs from entering web content subprocesses. In these +processes, a preference may be marked as 'Sanitized' to indicate that it may +or may not have a user value, but that value is not present in this process. +In the parent process no pref is marked as Sanitized. + +Pref Sanitization is used for two purposes: + 1. To protect private user data that may be stored in preferences from a + Spectre adversary. + 2. To reduce IPC use and thread wake-ups for commonly modified preferences. + +A pref is sanitized from entering the web content process if it matches a +denylist _or_ it is a dynamically-named string preference (that is not +exempted via an allowlist), See `ShouldSanitizePreference` in +`Preferences.cpp`. + +### Loading and Saving +Default pref values are initialized from various pref data files. Notable ones +include: + +- `modules/libpref/init/all.js`, used by all products; +- `browser/app/profile/firefox.js`, used by Firefox desktop; +- `mobile/android/app/mobile.js`, used by Firefox mobile; +- `mail/app/profile/all-thunderbird.js`, used by Thunderbird (in comm-central); +- `suite/browser/browser-prefs.js`, used by SeaMonkey (in comm-central). + +In release builds these are all put into `omni.ja`. + +User pref values are initialized from `prefs.js` and (if present) +`user.js`, in the user's profile. This only happens once, in the parent +process. Note that `prefs.js` is managed by Firefox, and regularly +overwritten. `user.js` is created and managed by the user, and Firefox only +reads it. + +These files are not JavaScript; the `.js` suffix is present for historical +reasons. They are read by a custom parser within libpref. + +User pref file syntax is slightly more restrictive than default pref file +syntax. In user pref files `user_pref` definitions are allowed but `pref` and +`sticky_pref` definitions are not, and attributes (such as `locked`) are not +allowed. + +**Problem:** geckodriver has a separate prefs parser in the mozprofile crate. + +**Problem:** there is no versioning of these files, for either the syntax or +the data. This makes changing the file format difficult. + +There are API functions to save modified prefs, either synchronously or +asynchronously (via an off-main-thread runnable), either to the default file +(`prefs.js`) or to a named file. When saving to the default file, no action +will take place if no prefs have been modified. + +Also, whenever a pref is modified, we wait 500ms and then automatically do an +off-main-thread save to `prefs.js`. This provides an approximation of +[durability](https://en.wikipedia.org/wiki/ACID#Durability), but it is still +possible for something to go wrong (e.g. a parent process crash) and end up +with recently changed prefs not being saved. (If such a thing happens, it +compromises [atomicity](https://en.wikipedia.org/wiki/ACID#Atomicity), i.e. a +sequence of multiple related pref changes might only get partially written.) + +Only prefs whose values have changed from the default are saved to `prefs.js.` + +**Problem:** Each time prefs are saved, the entire file is overwritten -- 10s +or even 100s of KiBs -- even if only a single value has changed. This happens +at least every 5 minutes, due to sync. Furthermore, various prefs are changed +during and shortly after startup, which can result in 10s of MiBs of disk +activity. + +### about:support +about:support contains an "Important Modified Preferences" table. It contains +all prefs that (a) have had their value changed from the default, and (b) whose +prefix match a allowlist in `Troubleshoot.sys.mjs`. The allowlist matching is to +avoid exposing pref values that might be privacy-sensitive. + +**Problem:** The allowlist of prefixes is specified separately from the prefs +themselves. Having an attribute on a pref definition would be better. + +### Sync +On desktop, a pref is synced onto a device via Sync if there is an +accompanying `services.sync.prefs.sync.`-prefixed pref. I.e. the pref +`foo.bar` is synced if the pref `services.sync.prefs.sync.foo.bar` exists +and is true. + +Previously, one could push prefs onto a device even if a local +`services.sync.prefs.sync.`-prefixed pref was not present; however this +behavior changed in [bug 1538015](https://bugzilla.mozilla.org/show_bug.cgi?id=1538015) +to require the local prefixed pref to be present. The old (insecure) behavior +can be re-enabled by setting a single pref `services.sync.prefs.dangerously_allow_arbitrary` +to true on the target browser - subsequently any pref can be pushed there by +creating a *remote* `services.sync.prefs.sync.`-prefixed pref. + +In practice, only a small subset of prefs (about 70) have a `services.sync.prefs.sync.`-prefixed +pref by default. + +**Problem:** This is gross. An attribute on the pref definition would be +better, but it might be hard to change that at this point. + +The number of synced prefs is small because prefs are synced across versions; +any pref whose meaning might change shouldn't be synced. Also, we don't sync +prefs that may differ across different devices (such as a desktop machine +vs. a notebook). + +Prefs are not synced on mobile. + +### Rust +Static prefs mirror variables can be accessed from Rust code via the +`static_prefs::pref!` macro. Other prefs currently cannot be accessed. Parts +of libpref's C++ API could be made accessible to Rust code fairly +straightforwardly via C bindings, either hand-made or generated. + +### Cost of a pref +The cost of a single pref is low, but the cost of several thousand prefs is +reasonably high, and includes the following. + +- Parsing and initializing at startup. +- IPC costs at startup and on pref value changes. +- Disk writing costs of pref value changes, especially during startup. +- Memory usage for storing the prefs, callbacks and observers, and C++ mirror + variables. +- Complexity: most pref combinations are untested. Some can be set to a bogus + value by a curious user, which can have [serious effects](https://rejzor.wordpress.com/2015/06/14/improve-firefox-html5-video-playback-performance/) + (read the comments). Prefs can also have bugs. Real-life examples include + mistyped prefnames, `all.js` entries with incorrect types (e.g. confusing + int vs. float), both of which mean changing the pref value via about:config + or the API would have no effect (see [bug 1414150](https://bugzilla.mozilla.org/show_bug.cgi?id=1414150) for examples of + both). +- Sync cost, for synced prefs. + +### Guidelines +We have far too many prefs. This is at least partly because we have had, for a +long time, a culture of "when in doubt, add a pref". Also, we don't have any +system — either technical or cultural — for removing unnecessary prefs. See +[bug 90440] (https://bugzilla.mozilla.org/show_bug.cgi?id=90440) for a pref +that was unused for 17 years. + +In short, prefs are Firefox's equivalent of the Windows Registry: a dumping +ground for anything and everything. We should have guidelines for when to add a +pref. + +Here are some good reasons to add a pref. + +- *A user may genuinely want to change it.* E.g. it controls a feature that is + adjustable in about:preferences. +- *To enable/disable new features.* Once a feature is mature, consider removing + the pref. A pref expiry mechanism would help with this. +- *For certain testing/debugging flags.* Ideally, these would not be visible in + about:config. + +Here are some less good reasons to add a pref. + +- *I'm not confident about this numeric parameter (cache size, timeout, etc.)* + Get confident! In practice, few if any users will change it. Adding a pref + doesn't absolve you of the responsibility of finding a good default. Then + make it a code constant. +- *I need to experiment with different parameters during development.* This is + reasonable, but consider removing the pref before landing or once the feature + has matured. An expiry mechanism would help with this. +- *I sometimes fiddle with this value for debugging or testing.* + Is it worth exposing it to the whole world to save yourself a recompile every + once in a while? Consider making it a code constant. +- *Different values are needed on different platforms.* This can be done in + other ways, e.g. `#ifdef` in C++ code. + +These guidelines do not consider application data prefs (i.e. ones that +typically don't have a default value). They are quite different from the other +kinds. They arguably shouldn't prefs at all, and should be stored via some +other mechanism. + +## Low-level details +The key idea is that the prefs database consists of two pieces. The first is an +initial snapshot of pref values that is created when the first child process is +created. This snapshot is stored in immutable, shared memory, and shared by all +processes. + +Pref value changes that occur after this point are stored in a second hash +table. Each process has its own copy of this hash table. When pref values +change in the parent process, it performs IPC to inform child processes about +the changes, so they can update their copy. + +The motivation for this design is memory usage. It's not tenable for every +child process to have a full copy of the prefs database. + +Not all child processes need access to prefs. Those that do include web content +processes, the GPU process, and the RDD process. + +### Parent process startup +The parent process initially has only a hash table. + +Early in startup, the parent process loads all of the static prefs and default +prefs (mainly from `omni.ja`) into that hash table. The parent process also +registers C++ mirror variables for static prefs, initializes them, and +registers callbacks so they will be updated appropriately for all subsequent +updates. + +Slightly later in startup, the parent process loads all user prefs files, +mainly from the profile directory. + +When the first getter for a `once` static pref is called, all the `once` +static prefs have their mirror variables set and special frozen prefs are put +into the hash table. These frozen prefs are copies of the `once` prefs that +are given `$$$` prefixes and suffixes on their names. They are also marked +specially so they are ignored for all cases except when starting a new child +process. They exist so that all child processes can be given the same `once` +values as the parent process. + +### Child process startup (parent side) +When the first child process is created, the parent process serializes most of +its hash table into a shared, immutable snapshot. This snapshot is stored in a +shared memory region managed by a `SharedPrefMap` instance. + +Sanitized preferences (matching _either_ the denylist of the dynamically named +heuristic) are not included in the shared memory region. After building the +shared memory region, the parent process clears the hash table and then +re-enters sanitized prefs into it. Besides the sanitized prefs, the hash table +is subsequently used only to store changed pref values. + +When any child process is created, the parent process serializes all pref +values present in the hash table (i.e. those that have changed since the +snapshot was made) _except sanitized prefs__ and stores them in a second, +short-lived shared memory region. This represents the set of changes the child +process needs to apply on top of the snapshot, and allows it to build a hash +table which should exactly match the parent's, modulo the sanitized prefs. + +The parent process passes two file descriptors to the child process, one for +each region of memory. The snapshot is the same for all child processes. + +### Child process startup (child side) +Early in child process startup, the prefs service maps in and deserializes both +shared memory regions sent from the parent process, but defers further +initialization until requested by XPCOM initialization. Once that happens, +mirror variables are initialized for static prefs, but no default values are +set in the hash table, and no prefs files are loaded. + +Once the mirror variables have been initialized, we dispatch pref change +callbacks for any prefs in the shared snapshot which have user values or are +locked. This causes the mirror variables to be updated. + +After that, the changed pref values received from the parent process (via +`changedPrefsFd`) are added to the prefs database. Their values override the +values in the snapshot, and pref change callbacks are dispatched for them as +appropriate. `once` mirror variable are initialized from the special frozen +pref values. + +### Pref lookups +Each prefs database has both a hash table and a shared memory snapshot. A given +pref may have an entry in either or both of these. If a pref exists in both, +the hash table entry takes precedence. + +For pref lookups, the hash table is checked first, followed by the shared +snapshot. The entry in the hash table may have the type `None`, in which case +the pref is treated as if it did not exist. The entry in the static snapshot +never has the type `None`. + +For pref enumeration, both maps are enumerated, starting with the hash table. +While iterating over the hash table, any entry with the type `None` is +skipped. While iterating over the shared snapshot, any entry which also exists +in the hash table is skipped. The combined result of the two iterations +represents the full contents of the prefs database. + +### Pref changes +Pref changes can only be initiated in the parent process. All API methods that +modify prefs fail noisily (with `NS_ERROR`) if run outside the parent +process. + +Pref changes that happen before the initial snapshot have been made are simple, +and take place in the hash table. There is no shared snapshot to update, and no +child processes to synchronize with. + +Once a snapshot has been created, any changes need to happen in the hash table. + +If an entry for a changed pref already exists in the hash table, that entry can +be updated directly. Likewise for prefs that do not exist in either the hash +table or the shared snapshot: a new hash table entry can be created. + +More care is needed when a changed pref exists in the snapshot but not in the +hash table. In that case, we create a hash table entry with the same values as +the snapshot entry, and then update it... but *only* if the changes will have +an effect. If a caller attempts to set a pref to its existing value, we do not +want to waste memory creating an unnecessary hash table entry. + +Content processes must be told about any visible pref value changes. (A change +to a default value that is hidden by a user value is unimportant.) When this +happens, `ContentParent` detects the change (via an observer). Sanitized prefs +do not produce an update; and for string prefs it also checks the value(s) +don't exceed 4 KiB. If the checks pass, it sends an IPC message +(`PreferenceUpdate`) to the child process, and the child process updates the +pref (default and user value) accordingly. + +**Problem:** The denylist of prefixes is specified separately from the prefs +themselves. Having an attribute on a pref definition would be better. + +**Problem:** The 4 KiB limit can lead to inconsistencies between the parent +process and child processes. E.g. see +[bug 1303051](https://bugzilla.mozilla.org/show_bug.cgi?id=1303051#c28). + +### Pref deletions +Pref deletion is more complicated. If a pref to be deleted exists only in the +hash table of the parent process, its entry can simply be removed. If it exists +in the shared snapshot, however, its hash table entry needs to be kept (or +created), and its type changed to `None`. The presence of this entry masks +the snapshot entry, causing it to be ignored by pref enumerators. diff --git a/modules/libpref/greprefs.js b/modules/libpref/greprefs.js new file mode 100644 index 0000000000..c18e30b24e --- /dev/null +++ b/modules/libpref/greprefs.js @@ -0,0 +1,5 @@ +#filter dumbComments emptyLines + +// Do not add anything else to this file. Additions should go in all.js. + +#include init/all.js diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml new file mode 100644 index 0000000000..f32cab17d8 --- /dev/null +++ b/modules/libpref/init/StaticPrefList.yaml @@ -0,0 +1,15823 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +# This file defines static prefs, i.e. those that are defined at startup and +# used entirely or mostly from C++ and/or Rust code. +# +# The file is separated into sections, where each section contains a group of +# prefs that all share the same first segment of their name -- all the "gfx.*" +# prefs are together, all the "network.*" prefs are together, etc. Sections +# must be kept in alphabetical order, but prefs within sections need not be. +# +# Basics +# ------ +# Any pref defined in one of the files included here should *not* be defined +# in a data file such as all.js; that would just be useless duplication. +# +# (Except under unusual circumstances where the value defined here must be +# overridden, e.g. for some Thunderbird prefs. In those cases the default +# value from the data file will override the static default value defined +# here.) +# +# Please follow the existing prefs naming convention when considering adding a +# new pref, and don't create a new pref group unless it's appropriate and there +# are likely to be multiple prefs within that group. (If you do, you'll need to +# update the `pref_groups` variable in modules/libpref/moz.build.) +# +# Definitions +# ----------- +# A pref definition looks like this: +# +# - name: <pref-name> # mandatory +# type: <cpp-type> # mandatory +# value: <default-value> # mandatory +# mirror: <never | once | always> # mandatory +# do_not_use_directly: <true | false> # optional +# include: <header-file> # optional +# rust: <true | false> # optional +# +# - `name` is the name of the pref, without double-quotes, as it appears +# in about:config. It is used in most libpref API functions (from both C++ +# and JS code). +# +# - `type` is one of `bool`, `int32_t`, `uint32_t`, `float`, an atomic version +# of one of those, `String` or `DataMutexString`. Note that float prefs are +# stored internally as strings. The C++ preprocessor doesn't like template +# syntax in a macro argument, so use the typedefs defined in +# StaticPrefsBase.h; for example, use `RelaxedAtomicBool` instead of +# `Atomic<bool, Relaxed>`. +# +# - `value` is the default value. Its type should be appropriate for +# <cpp-type>, otherwise the generated code will fail to compile. A complex +# C++ numeric expressions like `60 * 60` (which the YAML parser cannot treat +# as an integer or float) is treated as a string and passed through without +# change, which is useful. +# +# - `mirror` indicates how the pref value is mirrored into a C++ variable. +# +# * `never`: There is no C++ mirror variable. The pref value can only be +# accessed via the standard libpref API functions. +# +# * `once`: The pref value is mirrored into a variable at startup; the +# mirror variable is left unchanged after that. (The exact point at which +# all `once` mirror variables are set is when the first `once` mirror +# variable is accessed, via its getter function.) This is mostly useful for +# graphics prefs where we often don't want a new pref value to apply until +# restart. Otherwise, this update policy is best avoided because its +# behaviour can cause confusion and bugs. +# +# * `always`: The mirror variable is always kept in sync with the pref value. +# This is the most common choice. +# +# When a mirror variable is present, a getter will be created that can access +# it. Using the getter function to read the pref's value has the two +# following advantages over the normal API functions. +# +# * A direct variable access is faster than a hash table lookup. +# +# * A mirror variable can be accessed off the main thread. If a pref *is* +# accessed off the main thread, it should have an atomic type. Assertions +# enforce this. +# +# Note that Rust code must access the mirror variable directly, rather than +# via the getter function. +# +# - `do_not_use_directly` indicates if `_DoNotUseDirectly` should be appended to +# the name of the getter function. This is simply a naming convention +# indicating that there is some other wrapper getter function that should be +# used in preference to the normal static pref getter. Defaults to `false` if +# not present. Cannot be used with a `never` mirror value, because there is +# no getter function in that case. +# +# - `include` names a header file that must be included for the pref value to +# compile correctly, e.g. because it refers to a code constant. System +# headers should be surrounded with angle brackets, e.g. `<cmath>`. +# +# - `rust` indicates if the mirror variable is used by Rust code. If so, it +# will be usable via the `static_prefs::pref!` macro, e.g. +# `static_prefs::pref!("layout.css.font-display.enabled")`. +# +# The getter function's base name is the same as the pref's name, but with +# '.' or '-' chars converted to '_', to make a valid identifier. For example, +# the getter for `foo.bar_baz` is `foo_bar_baz()`. This is ugly but clear, +# and you can search for both the pref name and the getter using the regexp +# /foo.bar.baz/. Suffixes are added as follows: +# +# - If the `mirror` value is `once`, `_AtStartup` is appended, to indicate the +# value was obtained at startup. +# +# - If the `do_not_use_directly` value is true, `_DoNotUseDirectly` is +# appended. +# +# Preprocessor +# ------------ +# Note finally that this file is preprocessed by preprocessor.py, not the C++ +# preprocessor. As a result, the following things may be surprising. +# +# - YAML comments start with a '#', so putting a comment on the same line as a +# preprocessor directive is dubious. E.g. avoid lines like `#define X 3 # +# three` because the ` # three` will be part of `X`. +# +# - '@' use is required for substitutions to occur. E.g. with `#define FOO 1`, +# `FOO` won't be replaced with `1` unless it has '@' chars around it. +# +# - Spaces aren't permitted between the leading '#' and the name of a +# directive, e.g. `#ifdef XYZ` works but `# ifdef XYZ` does not. +# +# Please indent all prefs defined within #ifdef/#ifndef conditions. This +# improves readability, particular for conditional blocks that exceed a single +# screen. But note that the leading '-' in a definition must remain in the +# first column for it to be valid YAML. + +#ifdef RELEASE_OR_BETA +#define IS_NOT_RELEASE_OR_BETA false +#else +#define IS_NOT_RELEASE_OR_BETA true +#endif + +#ifdef NIGHTLY_BUILD +#define IS_NIGHTLY_BUILD true +#define IS_NOT_NIGHTLY_BUILD false +#else +#define IS_NIGHTLY_BUILD false +#define IS_NOT_NIGHTLY_BUILD true +#endif + +#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) +#define IS_NIGHTLY_OR_DEV_EDITION true +#else +#define IS_NIGHTLY_OR_DEV_EDITION false +#endif + +#ifdef MOZILLA_OFFICIAL +#define IS_NOT_MOZILLA_OFFICIAL false +#else +#define IS_NOT_MOZILLA_OFFICIAL true +#endif + +#ifdef EARLY_BETA_OR_EARLIER +#define IS_EARLY_BETA_OR_EARLIER true +#define IS_NOT_EARLY_BETA_OR_EARLIER false +#else +#define IS_EARLY_BETA_OR_EARLIER false +#define IS_NOT_EARLY_BETA_OR_EARLIER true +#endif + +#ifdef ANDROID +#define IS_ANDROID true +#define IS_NOT_ANDROID false +#else +#define IS_ANDROID false +#define IS_NOT_ANDROID true +#endif + +#ifdef XP_WIN +#define IS_XP_WIN true +#define IS_NOT_XP_WIN false +#else +#define IS_XP_WIN false +#define IS_NOT_XP_WIN true +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "accessibility." +#--------------------------------------------------------------------------- + +- name: accessibility.accesskeycausesactivation + type: bool + value: true + mirror: always + +- name: accessibility.monoaudio.enable + type: RelaxedAtomicBool + value: false + mirror: always + +- name: accessibility.browsewithcaret + type: RelaxedAtomicBool + value: false + mirror: always + +- name: accessibility.AOM.enabled + type: bool + value: false + mirror: always + +- name: accessibility.ARIAReflection.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether form controls and images should be focusable with mouse, in content +# documents. +# +# This matches historical macOS / Safari behavior. +# +# * 0: never +# * 1: always +# * 2: on content documents +- name: accessibility.mouse_focuses_formcontrol + type: int32_t +#ifdef XP_MACOSX + value: 2 +#else + value: 1 +#endif + mirror: always + +# Whether to avoid accessibility activation on Windows shortly after clipboard +# copy. +# +# Possible values are: +# * 0: never +# * 1: always +# * 2 (or others): when needed +- name: accessibility.windows.suppress-after-clipboard-copy + type: uint32_t + value: 2 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "alerts." +#--------------------------------------------------------------------------- + +# Whether to use platform-specific backends for showing desktop notifications. +# If no such backend is available, or if the pref is false, then XUL +# notifications are used. +- name: alerts.useSystemBackend + type: bool + value: true + mirror: always + +#if defined(XP_WIN) + # On Windows, a COM Surrogate notification server receives notification events + # and can relaunch the application after it has been closed. +- name: alerts.useSystemBackend.windows.notificationserver.enabled + type: bool + value: true + mirror: never +#endif + +#ifdef ANDROID + #--------------------------------------------------------------------------- + # Prefs starting with "android." + #--------------------------------------------------------------------------- + + # On Android, we want an opaque background to be visible under the page, + # so layout should not force a default background. +- name: android.widget_paints_background + type: RelaxedAtomicBool + value: true + mirror: always + +- name: android.touch_resampling.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "apz." +# The apz prefs are explained in AsyncPanZoomController.cpp +#--------------------------------------------------------------------------- + +# amount we zoom in for a double tap gesture if we couldn't find any content +# based rect to zoom to +- name: apz.doubletapzoom.defaultzoomin + type: AtomicFloat + value: 1.2f + mirror: always + +- name: apz.scrollbarbuttonrepeat.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.scrollend-event.content.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# After a user has executed a pan gesture, we may receive momentum phase pan +# gestures from the OS. This specifies how long we should wait following the +# pan end gesture for possible momentum phase pan gestures before sending the +# TransformEnd notification. +- name: apz.scrollend-event.content.delay_ms + type: RelaxedAtomicInt32 + value: 100 + mirror: always + +- name: apz.wr.activate_all_scroll_frames + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.wr.activate_all_scroll_frames_when_fission + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.prefer_jank_minimal_displayports + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.allow_double_tap_zooming + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.mac.enable_double_tap_zoom_touchpad_gesture + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.allow_immediate_handoff + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.allow_zooming + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.max_zoom + type: AtomicFloat + value: 10.0f + mirror: always + +- name: apz.min_zoom + type: AtomicFloat + value: 0.25f + mirror: always + +- name: apz.allow_zooming_out + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.android.chrome_fling_physics.friction + type: AtomicFloat + value: 0.015f + mirror: always + +- name: apz.android.chrome_fling_physics.inflexion + type: AtomicFloat + value: 0.35f + mirror: always + +- name: apz.android.chrome_fling_physics.stop_threshold + type: AtomicFloat + value: 0.1f + mirror: always + +- name: apz.autoscroll.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.axis_lock.breakout_angle + type: AtomicFloat + value: float(M_PI / 8.0) # 22.5 degrees + mirror: always + include: <cmath> + +- name: apz.axis_lock.breakout_threshold + type: AtomicFloat + value: 1.0f / 32.0f + mirror: always + +- name: apz.axis_lock.direct_pan_angle + type: AtomicFloat + value: float(M_PI / 3.0) # 60 degrees + mirror: always + include: <cmath> + +- name: apz.axis_lock.lock_angle + type: AtomicFloat + value: float(M_PI / 6.0) # 30 degrees + mirror: always + include: <cmath> + +# Whether to lock touch scrolling to one axis at a time. When a new +# axis lock mode is added, the APZCAxisLockCompatTester GTest shoud +# be updated to include the lock mode value. +# 0 = FREE (No locking at all) +# 1 = STANDARD (Once locked, remain locked until scrolling ends) +# 2 = STICKY (Allow lock to be broken, with hysteresis) +# 3 = DOMINANT_AXIS (Only allow movement on one axis at a time, only +# applies to touchpad scrolling) +- name: apz.axis_lock.mode + type: RelaxedAtomicInt32 +#if defined(XP_MACOSX) + value: 3 +#else + value: 2 +#endif + mirror: always + +- name: apz.content_response_timeout + type: RelaxedAtomicInt32 + value: 400 + mirror: always + +- name: apz.danger_zone_x + type: RelaxedAtomicInt32 + value: 50 + mirror: always + +- name: apz.danger_zone_y + type: RelaxedAtomicInt32 + value: 100 + mirror: always + +- name: apz.disable_for_scroll_linked_effects + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.displayport_expiry_ms + type: RelaxedAtomicUint32 + value: 15000 + mirror: always + +- name: apz.drag.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.drag.initial.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.drag.touch.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.enlarge_displayport_when_clipped + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# Test only. +- name: apz.fixed-margin-override.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Test only. +- name: apz.fixed-margin-override.bottom + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# Test only. +- name: apz.fixed-margin-override.top + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: apz.fling_accel_base_mult + type: AtomicFloat + value: 1.0f + mirror: always + +- name: apz.fling_accel_supplemental_mult + type: AtomicFloat + value: 1.0f + mirror: always + +- name: apz.fling_accel_min_fling_velocity + type: AtomicFloat + value: 1.5f + mirror: always + +- name: apz.fling_accel_min_pan_velocity + type: AtomicFloat + value: 0.8f + mirror: always + +- name: apz.fling_accel_max_pause_interval_ms + type: RelaxedAtomicInt32 + value: 50 + mirror: always + +- name: apz.fling_curve_function_x1 + type: float + value: 0.0f + mirror: once + +- name: apz.fling_curve_function_x2 + type: float + value: 1.0f + mirror: once + +- name: apz.fling_curve_function_y1 + type: float + value: 0.0f + mirror: once + +- name: apz.fling_curve_function_y2 + type: float + value: 1.0f + mirror: once + +- name: apz.fling_curve_threshold_inches_per_ms + type: AtomicFloat + value: -1.0f + mirror: always + +- name: apz.fling_friction + type: AtomicFloat + value: 0.002f + mirror: always + +- name: apz.fling_min_velocity_threshold + type: AtomicFloat + value: 0.5f + mirror: always + +- name: apz.fling_stop_on_tap_threshold + type: AtomicFloat + value: 0.05f + mirror: always + +- name: apz.fling_stopped_threshold + type: AtomicFloat + value: 0.01f + mirror: always + +- name: apz.touch_acceleration_factor_x + type: float + value: 1.0f + mirror: always + +- name: apz.touch_acceleration_factor_y + type: float + value: 1.0f + mirror: always + +# new scrollbar code for desktop zooming +- name: apz.force_disable_desktop_zooming_scrollbars + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef MOZ_WIDGET_GTK +- name: apz.gtk.kinetic_scroll.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.gtk.pangesture.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Mode to use when receiving pan gesture input. +# +# * 0: Auto mode (uses the default behavior, subject to change). +# * 1: Page mode: Uses gtk deltas as a percentage of the page size to scroll. This mode matches: +# +# https://gitlab.gnome.org/GNOME/gtk/blob/c734c7e9188b56f56c3a504abee05fa40c5475ac/gtk/gtkrange.c#L3063-3074 +# +# * 2: Pixel mode: Uses gtk deltas as a fixed pixel multiplier. This mode matches e.g. GNOME web. +# +# https://webkit-search.igalia.com/webkit/rev/215039ef09d6bfd6e088175bfe30788d95b9705d/Source/WebKit/Shared/gtk/WebEventFactory.cpp#265-296 +# (multiplied then by pixelsPerLineStep which in GNOME-web is 40). +- name: apz.gtk.pangesture.delta_mode + type: uint32_t + value: 0 + mirror: always + +- name: apz.gtk.pangesture.page_delta_mode_multiplier + type: float + value: 1.0f + mirror: always + +- name: apz.gtk.pangesture.pixel_delta_mode_multiplier + type: float + value: 40.0f + mirror: always + +- name: apz.gtk.touchpad_pinch.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.gtk.touchpad_pinch.three_fingers.enabled + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +- name: apz.keyboard.enabled + type: bool + value: @IS_NOT_ANDROID@ + mirror: once + +- name: apz.keyboard.passive-listeners + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +- name: apz.max_tap_time + type: RelaxedAtomicInt32 + value: 300 + mirror: always + +- name: apz.max_velocity_inches_per_ms + type: AtomicFloat + value: -1.0f + mirror: always + +- name: apz.max_velocity_queue_size + type: uint32_t + value: 5 + mirror: once + +- name: apz.min_skate_speed + type: AtomicFloat + value: 1.0f + mirror: always + +- name: apz.mvm.force-enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.one_touch_pinch.enabled + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +- name: apz.overscroll.enabled + type: RelaxedAtomicBool +#if defined(XP_MACOSX) || defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: always + +# The "test async scroll offset" (used via reftest-async-scroll +# or nsIDOMWindowUtils.setAsyncScrollOffset()) can be used to +# trigger overscroll. Used for tests only. +- name: apz.overscroll.test_async_scroll_offset.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.overscroll.min_pan_distance_ratio + type: AtomicFloat + value: 1.0f + mirror: always + +- name: apz.overscroll.stop_distance_threshold + type: AtomicFloat + value: 5.0f + mirror: always + +- name: apz.overscroll.spring_stiffness + type: AtomicFloat + value: 200 + mirror: always + +- name: apz.overscroll.damping + type: AtomicFloat + value: 1.1 + mirror: always + +- name: apz.overscroll.max_velocity + type: AtomicFloat + value: 10 + mirror: always + +- name: apz.paint_skipping.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Fetch displayport updates early from the message queue. +- name: apz.pinch_lock.mode + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +- name: apz.pinch_lock.scroll_lock_threshold + type: AtomicFloat + value: 1.0f / 16.0f # 1/16 inches + mirror: always + +- name: apz.pinch_lock.span_breakout_threshold + type: AtomicFloat + value: 1.0f / 32.0f # 1/32 inches + mirror: always + +- name: apz.pinch_lock.span_lock_threshold + type: AtomicFloat + value: 1.0f / 32.0f # 1/32 inches + mirror: always + +- name: apz.pinch_lock.buffer_max_age + type: int32_t + value: 80 # milliseconds + mirror: once + +- name: apz.popups.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to print the APZC tree for debugging. +- name: apz.printtree + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.record_checkerboarding + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: apz.second_tap_tolerance + type: AtomicFloat + value: 0.5f + mirror: always + +# If this is true, APZ fully recalculates the scroll thumb size and +# position in the compositor. This leads to the size and position +# being more accurate in scenarios such as async zooming, but the +# recalculation code is error-prone so it's nightly-only for now +# to give it more baking time. +- name: apz.scrollthumb.recalc + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: apz.test.fails_with_native_injection + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.test.logging_enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.touch_move_tolerance + type: AtomicFloat + value: 0.1f + mirror: always + +- name: apz.touch_start_tolerance + type: AtomicFloat + value: 0.1f + mirror: always + +- name: apz.velocity_bias + type: AtomicFloat + value: 0.0f + mirror: always + +- name: apz.velocity_relevance_time_ms + type: RelaxedAtomicUint32 + value: 100 + mirror: always + +- name: apz.windows.force_disable_direct_manipulation + type: RelaxedAtomicBool + value: false + mirror: always + +- name: apz.windows.use_direct_manipulation + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.windows.check_for_pan_gesture_conversion + type: RelaxedAtomicBool + value: true + mirror: always + +- name: apz.x_skate_highmem_adjust + type: AtomicFloat + value: 0.0f + mirror: always + +- name: apz.x_skate_size_multiplier + type: AtomicFloat + value: 1.25f + mirror: always + +- name: apz.x_stationary_size_multiplier + type: AtomicFloat + value: 1.5f + mirror: always + +- name: apz.y_skate_highmem_adjust + type: AtomicFloat + value: 0.0f + mirror: always + +- name: apz.y_skate_size_multiplier + type: AtomicFloat +#if defined(MOZ_WIDGET_ANDROID) + value: 1.5f +#else + value: 3.5f +#endif + mirror: always + +- name: apz.y_stationary_size_multiplier + type: AtomicFloat +#if defined(MOZ_WIDGET_ANDROID) + value: 1.5f +#else + value: 3.5f +#endif + mirror: always + +- name: apz.zoom_animation_duration_ms + type: RelaxedAtomicInt32 +#if defined(MOZ_WIDGET_ANDROID) + value: 250 +#else + value: 350 +#endif + mirror: always + +- name: apz.scale_repaint_delay_ms + type: RelaxedAtomicInt32 + value: 500 + mirror: always + +# Whether to use rounded external scroll offsets. +- name: apz.rounded_external_scroll_offset + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "beacon." +#--------------------------------------------------------------------------- + +# Is support for Navigator.sendBeacon enabled? +- name: beacon.enabled + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "bidi." +#--------------------------------------------------------------------------- + +# Whether delete and backspace should immediately delete characters not +# visually adjacent to the caret, or adjust the visual position of the caret +# on the first keypress and delete the character on a second keypress +- name: bidi.edit.delete_immediately + type: bool + value: true + mirror: always + +# Bidi caret movement style: +# 0 = logical +# 1 = visual +# 2 = visual, but logical during selection +- name: bidi.edit.caret_movement_style + type: int32_t +#if !defined(XP_LINUX) && defined(NIGHTLY_BUILD) + value: 1 +#else + value: 2 # See Bug 1638240 +#endif + mirror: always + +# Bidi numeral style: +# 0 = nominalnumeralBidi * +# 1 = regularcontextnumeralBidi +# 2 = hindicontextnumeralBidi +# 3 = arabicnumeralBidi +# 4 = hindinumeralBidi +# 5 = persiancontextnumeralBidi +# 6 = persiannumeralBidi +- name: bidi.numeral + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Bidi text type +# 1 = charsettexttypeBidi * +# 2 = logicaltexttypeBidi +# 3 = visualtexttypeBidi +- name: bidi.texttype + type: RelaxedAtomicUint32 + value: 1 + mirror: always + +# Bidi direction +# 1 = directionLTRBidi * +# 2 = directionRTLBidi +- name: bidi.direction + type: RelaxedAtomicUint32 + value: 1 + mirror: always + +# Setting this pref to |true| forces Bidi UI menu items and keyboard shortcuts +# to be exposed, and enables the directional caret hook. By default, only +# expose it for bidi-associated system locales. +- name: bidi.browser.ui + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "browser." +#--------------------------------------------------------------------------- + +- name: browser.active_color + type: String + value: "#EE0000" + mirror: never + +- name: browser.active_color.dark + type: String + value: "#FF6666" + mirror: never + +- name: browser.anchor_color + type: String + value: "#0000EE" + mirror: never + +# If you change this, you probably also want to change +# nsXPLookAndFeel::GenericDarkColor for MozNativehyperlinktext. +- name: browser.anchor_color.dark + type: String + value: "#8C8CFF" + mirror: never + +# See http://dev.w3.org/html5/spec/forms.html#attr-fe-autofocus +- name: browser.autofocus + type: bool + value: true + mirror: always + +- name: browser.cache.disk.enable + type: RelaxedAtomicBool + value: true + mirror: always + +- name: browser.cache.memory.enable + type: RelaxedAtomicBool + value: true + mirror: always + +# Limit of recent metadata we keep in memory for faster access, in KB. +- name: browser.cache.disk.metadata_memory_limit + type: RelaxedAtomicUint32 + value: 250 # 0.25 MB + mirror: always + +# Does the user want smart-sizing? +- name: browser.cache.disk.smart_size.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Disk cache capacity in kilobytes. It's used only when +# browser.cache.disk.smart_size.enabled == false +- name: browser.cache.disk.capacity + type: RelaxedAtomicUint32 + value: 256000 + mirror: always + +# -1 = determine dynamically, 0 = none, n = memory capacity in kilobytes. +- name: browser.cache.memory.capacity + type: RelaxedAtomicInt32 + value: -1 + mirror: always + +# When smartsizing is disabled we could potentially fill all disk space by +# cache data when the disk capacity is not set correctly. To avoid that we +# check the free space every time we write some data to the cache. The free +# space is checked against two limits. Once the soft limit is reached we start +# evicting the least useful entries, when we reach the hard limit writing to +# the entry fails. +- name: browser.cache.disk.free_space_soft_limit + type: RelaxedAtomicUint32 + value: 5 * 1024 # 5MB + mirror: always + +- name: browser.cache.disk.free_space_hard_limit + type: RelaxedAtomicUint32 + value: 1024 # 1MB + mirror: always + +# The number of chunks we preload ahead of read. One chunk currently has +# 256kB. +- name: browser.cache.disk.preload_chunk_count + type: RelaxedAtomicUint32 + value: 4 # 1 MB of read ahead + mirror: always + +# Max-size (in KB) for entries in disk cache. Set to -1 for no limit. +# (Note: entries bigger than 1/8 of disk-cache are never cached) +- name: browser.cache.disk.max_entry_size + type: RelaxedAtomicUint32 + value: 50 * 1024 # 50 MB + mirror: always + +# Max-size (in KB) for entries in memory cache. Set to -1 for no limit. +# (Note: entries bigger than than 90% of the mem-cache are never cached.) +- name: browser.cache.memory.max_entry_size + type: RelaxedAtomicInt32 + value: 5 * 1024 + mirror: always + +# Memory limit (in kB) for new cache data not yet written to disk. Writes to +# the cache are buffered and written to disk on background with low priority. +# With a slow persistent storage these buffers may grow when data is coming +# fast from the network. When the amount of unwritten data is exceeded, new +# writes will simply fail. We have two buckets, one for important data +# (priority) like html, css, fonts and js, and one for other data like images, +# video, etc. +# Note: 0 means no limit. +- name: browser.cache.disk.max_chunks_memory_usage + type: RelaxedAtomicUint32 + value: 40 * 1024 + mirror: always +- name: browser.cache.disk.max_priority_chunks_memory_usage + type: RelaxedAtomicUint32 + value: 40 * 1024 + mirror: always + + +# Number of seconds the cache spends writing pending data and closing files +# after shutdown has been signalled. Past that time data is not written and +# files are left open for the OS to clean up. +- name: browser.cache.max_shutdown_io_lag + type: RelaxedAtomicUint32 + value: 2 + mirror: always + +# After the max_shutdown_io_lag has passed, we will attempt to cancel +# blocking IO (on windows). The CacheIOThread may pick up more blocking +# tasks so we want to cancel those too. The main thread will be woken +# up every shutdown_io_time_between_cancellations_ms to cancel the IO +# on the other thread. +- name: browser.cache.shutdown_io_time_between_cancellations_ms + type: RelaxedAtomicUint32 + value: 5 + mirror: always + +# A percentage limit for media content type in the disk cache. When some entries +# need to be evicted and media is over the limit, it's evicted first. +- name: browser.cache.disk.content_type_media_limit + type: RelaxedAtomicInt32 + value: 50 + mirror: always + +# How often to validate document in cache +# 0 = once-per-session, +# 1 = each-time, +# 2 = never, +# 3 = when-appropriate/automatically +- name: browser.cache.check_doc_frequency + type: RelaxedAtomicUint32 + value: 3 + mirror: always + +# Compression level for cached JavaScript bytecode +# 0 = do not compress, +# 1 = minimal compression, +# 9 = maximal compression +- name: browser.cache.jsbc_compression_level + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Whether tooltips are enabled. +- name: browser.chrome.toolbar_tips + type: bool + value: true + mirror: always + +# Whether tooltips are hidden on keydown. +# 0: never +# 1: always +# 2: only on non-modifier keys +- name: browser.chrome.toolbar_tips.hide_on_keydown + type: uint32_t +#if defined(XP_WIN) + value: 0 +#else + value: 2 +#endif + mirror: always + +- name: browser.contentblocking.database.enabled + type: bool + value: false + mirror: always + +# How many recent block/unblock actions per origins we remember in the +# Content Blocking log for each top-level window. +- name: browser.contentblocking.originlog.length + type: uint32_t + value: 32 + mirror: always + +- name: browser.display.background_color + type: String + value: "#FFFFFF" + mirror: never + +- name: browser.display.background_color.dark + type: String + value: "#1C1B22" + mirror: never + +# This preference is a bit confusing because we use the opposite +# string value in the colors dialog to indicate to users how FF HCM +# will behave. +# With resect to document colors, these values mean: +# 0 = "default" = always, except in high contrast mode +# 1 = "always" +# 2 = "never" +# +# On windows, we set this to 0, which means FF HCM will mirror OS HCM. +# Everywhere else, we set this to 1, disabling FF HCM. +- name: browser.display.document_color_use + type: RelaxedAtomicUint32 +#if defined(XP_WIN) + value: 0 +#else + value: 1 +#endif + mirror: always + rust: true + +# 0 = always native +# 1 = never native +# other = default +- name: browser.display.windows.non_native_menus + type: RelaxedAtomicUint32 + value: 2 + mirror: always + rust: true + +# This pref dictates whether or not backplates and background images +# are to be drawn, when in high-contrast mode: +# false: do not draw backplates or render background images +# true: render background images and draw backplates +# This condition is only considered when high-contrast mode is enabled +# in Firefox, ie. when the user has: +# (1) mUseAccessibilityMode set to true (Widows high-contrast mode is on) +# AND browser.display.document_color_use set to 0 +# (only with high-contrast themes) OR +# (2) browser.display.document_color_use set to 2 (always) +- name: browser.display.permit_backplate + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether we should suppress the background-image of the canvas (the root +# frame) if we're in forced colors mode. +# +# This is important because some sites use background-image with a plain color +# and it causes undesirable results in high-contrast mode. +# +# See bug 1614921 for example. +- name: browser.display.suppress_canvas_background_image_on_forced_colors + type: bool + value: true + mirror: always + +- name: browser.display.focus_ring_on_anything + type: bool + value: false + mirror: always + +- name: browser.display.focus_ring_width + type: uint32_t + value: 1 + mirror: always + +- name: browser.display.focus_background_color + type: String + value: "#117722" + mirror: never + +# Focus ring border style. +# 0 = solid border, 1 = dotted border +- name: browser.display.focus_ring_style + type: uint32_t + value: 1 + mirror: always + +- name: browser.display.focus_text_color + type: String + value: "#ffffff" + mirror: never + +- name: browser.display.foreground_color + type: String + value: "#000000" + mirror: never + +- name: browser.display.foreground_color.dark + type: String + value: "#FBFBFE" + mirror: never + +# Determines the behavior of OS zoom settings. +# +# 0: doesn't affect rendering at all +# 1: affects full zoom (dpi, effectively). +# 2: affects text zoom. +# +# Default is (1): Historical behavior on Linux, matches other browsers on +# Windows, and generally creates more consistent rendering. +- name: browser.display.os-zoom-behavior + type: RelaxedAtomicInt32 + value: 1 + mirror: always + rust: true + +# Whether focus rings are always shown by default. +# +# This is the initial value of nsWindowRoot::mShowFocusRings, but it can be +# overridden by system preferences. +- name: browser.display.show_focus_rings + type: bool + value: false + mirror: always + +# Enable showing image placeholders while image is loading or when image is broken. +- name: browser.display.show_image_placeholders + type: bool + value: true + mirror: always + +# Whether we should always enable focus rings after focus was moved by keyboard. +# +# This behavior matches both historical and GTK / Windows focus behavior. +# +# :focus-visible is intended to provide better heuristics than this. +- name: browser.display.always_show_rings_after_key_focus + type: bool + value: false + mirror: always + +# In theory: 0 = never, 1 = quick, 2 = always, though we always just use it as +# a bool! +- name: browser.display.use_document_fonts + type: RelaxedAtomicInt32 + value: 1 + mirror: always + rust: true + +# font-family names for which we'll override use_document_fonts=0, and always +# use the specified font. +# This is to support ligature-icon fonts, which render literal strings like +# "arrow_drop_down" with an icon, even when use_document_fonts is disabled. +# If an author provides & uses such a font, and we decline to use it, we'll end +# up rendering these literal strings where the author intended an icon, which +# can cause all sorts of overlapping/unreadable content. +- name: browser.display.use_document_fonts.icon_font_allowlist + type: String + value: >- + Material Icons, + Material Icons Extended, + Material Icons Outlined, + Material Icons Round, + Material Icons Sharp, + Material Icons Two Tone, + Google Material Icons, + Material Symbols Outlined, + Material Symbols Round, + Material Symbols Rounded, + Material Symbols Sharp + mirror: never + +- name: browser.display.use_focus_colors + type: bool + value: false + mirror: always + +- name: browser.display.use_system_colors + type: RelaxedAtomicBool +#ifdef XP_WIN + value: true +#else + value: false +#endif + mirror: always + +- name: browser.dom.window.dump.enabled + type: RelaxedAtomicBool + value: @IS_NOT_MOZILLA_OFFICIAL@ + mirror: always + +# See bug 1738574 +- name: browser.download.start_downloads_in_tmp_dir + type: bool + value: false + mirror: always + +# See bug 1747343 +- name: browser.download.always_ask_before_handling_new_types + type: bool + value: false + mirror: always + +# See bug 1731668 +- name: browser.download.enable_spam_prevention + type: bool + value: false + mirror: always + +# See bug 1772569 +- name: browser.download.open_pdf_attachments_inline + type: bool + value: false + mirror: always + +# See bug 1811830 +- name: browser.download.force_save_internally_handled_attachments + type: bool + value: false + mirror: always + +- name: browser.download.sanitize_non_media_extensions + type: bool + value: true + mirror: always + +# Image document's automatic image sizing. +- name: browser.enable_automatic_image_resizing + type: bool + value: true + mirror: always + +# Image document's click-to-resize. +- name: browser.enable_click_image_resizing + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +- name: browser.find.ignore_ruby_annotations + type: bool + value: true + mirror: always + +#if defined(XP_MACOSX) +# Whether pressing Esc will exit fullscreen. +- name: browser.fullscreen.exit_on_escape + type: bool + value: true + mirror: always +#endif + +# The max url length we'll store in history. +# +# The default value is mostly a guess based on various facts: +# +# * IE didn't support urls longer than 2083 chars +# * Sitemaps protocol used to support a maximum of 2048 chars +# * Various SEO guides suggest to not go over 2000 chars +# * Various apps/services are known to have issues over 2000 chars +# * RFC 2616 - HTTP/1.1 suggests being cautious about depending +# on URI lengths above 255 bytes +# +- name: browser.history.maxUrlLength + type: uint32_t + value: 2000 + mirror: always + +# Max size of push/replaceState data parameter +- name: browser.history.maxStateObjectSize + type: int32_t + value: 16777216 + mirror: always + +# True to collect wireframes upon navigations / pushState +- name: browser.history.collectWireframes + type: bool + value: false + mirror: always + +# The minimum area for a rect to be included in a wireframe, in CSS pixels. +# +# The current value of 50 is pretty arbitrary, and will be tuned as we refine +# and test the wireframing capability. +- name: browser.history.wireframeAreaThreshold + type: uint32_t + value: 50 + mirror: always + +#if defined(XP_WIN) || defined(XP_LINUX) + # Notify TabUnloader or send the memory pressure if the memory resource + # notification is signaled AND the available commit space is lower than + # this value. +- name: browser.low_commit_space_threshold_mb + type: RelaxedAtomicUint32 + value: 200 + mirror: always +#endif + +#ifdef XP_LINUX + # On Linux we also check available memory in comparison to total memory, + # and use this percent value (out of 100) to determine if we are in a + # low memory scenario. +- name: browser.low_commit_space_threshold_percent + type: RelaxedAtomicUint32 + value: 5 + mirror: always +#endif + +# Render animations and videos as a solid color +- name: browser.measurement.render_anims_and_video_solid + type: RelaxedAtomicBool + value: false + mirror: always + +- name: browser.navigation.requireUserInteraction + type: bool + value: false + mirror: always + +# Indicates if about:newtab shows content (enabled) or just blank. +- name: browser.newtabpage.enabled + type: bool + value: true + mirror: always + +# Open PDFs in Edge with the --app flag if it is the default. +- name: browser.pdf.launchDefaultEdgeAsApp + type: bool + value: true + mirror: always + +# Maximium delay between keystrokes that will be considered typing (milliseconds). +- name: browser.places.interactions.typing_timeout_ms + type: RelaxedAtomicUint32 + value: 3000 + mirror: always + +# Maximum delay between scroll input events that will be considered a scrolling interaction (milliseconds). +- name: browser.places.interactions.scrolling_timeout_ms + type: RelaxedAtomicUint32 + value: 5000 + mirror: always + +# Number of seconds till the sponsored session is timeout. +- name: browser.places.sponsoredSession.timeoutSecs + type: RelaxedAtomicUint32 + value: 3600 + mirror: always + +# Whether to start the private browsing mode at application startup +- name: browser.privatebrowsing.autostart + type: bool + value: false + mirror: always + +# Force usage of in-memory (rather than file on disk) media cache for video streaming when private browsing +- name: browser.privatebrowsing.forceMediaMemoryCache + type: bool + value: false + mirror: always + +# Communicates the toolbar color to platform (for e.g., prefers-color-scheme). +# +# Returns whether the toolbar is dark (0), light (1), or system (2). +# +# Default to "light" on macOS / Windows, and "system" elsewhere. The theming +# code sets it appropriately. +- name: browser.theme.toolbar-theme + type: RelaxedAtomicUint32 +#if defined(XP_WIN) || defined(XP_MACOSX) + value: 1 +#else + value: 2 +#endif + mirror: always + +# Communicates the preferred content theme color to platform (for e.g., +# prefers-color-scheme). +# +# dark (0), light (1), system (2), or toolbar (3). +# +# Default to "toolbar", the theming code sets it appropriately. +- name: browser.theme.content-theme + type: RelaxedAtomicUint32 + value: 2 + mirror: always + rust: true + +# Blocked plugin content +- name: browser.safebrowsing.blockedURIs.enabled + type: bool + value: true + mirror: always + +# Malware protection +- name: browser.safebrowsing.malware.enabled + type: bool + value: true + mirror: always + +# Password protection +- name: browser.safebrowsing.passwords.enabled + type: bool + value: false + mirror: always + +# Phishing protection +- name: browser.safebrowsing.phishing.enabled + type: bool + value: true + mirror: always + +# Maximum size for an array to store the safebrowsing prefixset. +- name: browser.safebrowsing.prefixset_max_array_size + type: RelaxedAtomicUint32 + value: 512*1024 + mirror: always + +# SessionStore prefs +# Maximum number of bytes of DOMSessionStorage data we collect per origin. +- name: browser.sessionstore.dom_storage_limit + type: uint32_t + value: 2048 + mirror: always + +# Maximum number of characters of form field data per field we collect. +- name: browser.sessionstore.dom_form_limit + type: uint32_t + value: 1024*1024*2 + mirror: always + +# Maximum number of characters of form data we collect per origin. +- name: browser.sessionstore.dom_form_max_limit + type: uint32_t + value: 1024*1024*50 + mirror: always + +# Minimal interval between two save operations in milliseconds (while the user is active). +- name: browser.sessionstore.interval + type: RelaxedAtomicUint32 + value: 15000 + mirror: always + +# Platform collection of data for session store +- name: browser.sessionstore.platform_collection + type: bool +#if defined(ANDROID) || defined(MOZ_THUNDERBIRD) + value: false +#else + value: true +#endif + mirror: once + +# Platform collection of session storage data for session store +- name: browser.sessionstore.collect_session_storage + type: bool + value: @IS_NOT_ANDROID@ + mirror: once + +# Platform collection of zoom data for session store +- name: browser.sessionstore.collect_zoom + type: bool + value: @IS_NOT_ANDROID@ + mirror: once + +# Causes SessionStore to ignore non-final update messages from +# browser tabs that were not caused by a flush from the parent. +# This is a testing flag and should not be used by end-users. +- name: browser.sessionstore.debug.no_auto_updates + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we should draw the tabs on top of the titlebar. +# +# no (0), yes (1), or default (2), which is true everywhere except Linux. +- name: browser.tabs.inTitlebar + type: int32_t + value: 2 + mirror: always + +# If set, use DocumentChannel to directly initiate loads entirely +# from parent-process BrowsingContexts +- name: browser.tabs.documentchannel.parent-controlled + type: bool + value: false + mirror: always + +# Testing-only pref which makes data: URIs be loaded in a "web" content process +# instead of within a process based on the URI's loader. +- name: browser.tabs.remote.dataUriInDefaultWebProcess + type: bool + value: false + mirror: always + +# Testing-only pref to force system-triggered about:blank loads to not change +# content processes. This is used for performance tests which load an +# about:blank document between navigations for historical reasons to avoid +# unnecessary process switches. +- name: browser.tabs.remote.systemTriggeredAboutBlankAnywhere + type: bool + value: false + mirror: always + +# Testing-only pref to cause PBrowser creation for a specific BrowsingContext to +# fail, to test the errored codepath. +- name: browser.tabs.remote.testOnly.failPBrowserCreation.enabled + type: bool + value: false + mirror: always + +- name: browser.tabs.remote.desktopbehavior + type: bool + value: false + mirror: always + +- name: browser.tabs.remote.force-paint + type: bool + value: true + mirror: always + +# When this pref is enabled document loads with a mismatched +# Cross-Origin-Embedder-Policy header will fail to load +- name: browser.tabs.remote.useCrossOriginEmbedderPolicy + type: RelaxedAtomicBool + value: true + mirror: always + +# This pref makes `credentialless` a valid value for +# Cross-Origin-Embedder-Policy header +- name: browser.tabs.remote.coep.credentialless + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + do_not_use_directly: true + +# When this pref is enabled top level loads with a mismatched +# Cross-Origin-Opener-Policy header will be loaded in a separate process. +- name: browser.tabs.remote.useCrossOriginOpenerPolicy + type: RelaxedAtomicBool + value: true + mirror: always + +# When this pref is enabled then we use a separate content process for +# top-level load of file:// URIs +- name: browser.tabs.remote.separateFileUriProcess + type: RelaxedAtomicBool +#if !defined(ANDROID) + value: true +#else + value: false +#endif + mirror: always + +# Pref to control whether we use a separate privileged content process +# for certain mozilla webpages (which are listed in the pref +# browser.tabs.remote.separatedMozillaDomains). +- name: browser.tabs.remote.separatePrivilegedMozillaWebContentProcess + type: bool + value: false + mirror: always + +# Whether or not process selection for subframes will prefer re-using an +# existing content process over creating a new one. Enabling this pref should +# reduce the number of processes allocated for non-first-party domains if +# dom.ipc.processCount.webIsolated > 1. +- name: browser.tabs.remote.subframesPreferUsed + type: bool + value: true + mirror: always + +# When this pref is enabled, opaque response is only allowed to enter the +# content process if it's a response for media (audio, image, video), CSS, or +# JavaScript. +- name: browser.opaqueResponseBlocking + type: RelaxedAtomicBool +#if defined(ANDROID) + value: false +#else + value: @IS_EARLY_BETA_OR_EARLIER@ +#endif + mirror: always + +# When this pref is enabled, the JS validator will be enabled for +# ORB. +- name: browser.opaqueResponseBlocking.javascriptValidator + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# This pref controls how filtering of opaque responses for calls to `Window.fetch`. +# (and similar) is performed in the parent process. This is intended to make sure +# that data that would be filtered in a content process never actually reaches that +# content process. +# See https://fetch.spec.whatwg.org/#concept-filtered-response-opaque +# 0) Don't filter in the parent process at all, and let content processes handle +# opaque filtering. Regardless of if ORB is enabled or not. N.B. that if ORB +# is enabled opaque responses will be blocked. +# 1) If ORB is enabled, in the parent process, filter the responses that ORB allows. +# N.B. any responses ORB doesn't allow will not send data to a content process +# since they will return a NetworkError. If the request is allowed by ORB, the +# internal response will be intact and sent to the content process as is. +# 2) If ORB is enabled, in the parent process, filter the responses that ORB blocks, +# when they were issued by `Window.fetch` (and similar). +# 3) Filter all responses in the parent, regardless of if ORB is enabled or not. +# This means that opaque responses coming from `Window.fetch` won't even be +# considered for being blocked by ORB. +- name: browser.opaqueResponseBlocking.filterFetchResponse + type: uint32_t + value: 2 + mirror: always + do_not_use_directly: true + +# This pref controls how exceptions to opaque response blocking for the media MIME types +# `audio/*` and `video/*` are handled. This is because step 8 in the spec that performs +# audio or video type pattern matching cannot handle certain MIME types (yet). +# See https://whatpr.org/fetch/1442.html#orb-algorithm +# 0) No exceptions +# 1) Some exceptions, explicitly hard coded in `IsOpaqueSafeListedSpecBreakingMIMEType` +# 2) Allow all MIME types beginning with `audio/*` or `video/*`. +- name: browser.opaqueResponseBlocking.mediaExceptionsStrategy + type: uint32_t + value: 1 + mirror: always + do_not_use_directly: true + +# When this pref is enabled, <object> and <embed> elements will create +# synthetic documents when the resource type they're loading is an image. +- name: browser.opaqueResponseBlocking.syntheticBrowsingContext + type: bool + value: true + mirror: once + +# When this pref is enabled, <object> and <embed> elements will filter the +# browsing contexts created for the synthetic browsing contexts for the +# synthetic documents when browser.opaqueResponseBlocking.syntheticBrowsingContext +# is enabled from `Window.frames`, `Window.length` and named targeting. +- name: browser.opaqueResponseBlocking.syntheticBrowsingContext.filter + type: bool + value: true + mirror: once + do_not_use_directly: true + +# When true, zooming will be enabled on all sites, even ones that declare +# user-scalable=no. +- name: browser.ui.zoom.force-user-scalable + type: RelaxedAtomicBool + value: false + mirror: always + +- name: browser.underline_anchors + type: bool + value: true + mirror: always + +- name: browser.viewport.desktopWidth + type: RelaxedAtomicInt32 + value: 980 + mirror: always + +- name: browser.visited_color + type: String + value: "#551A8B" + mirror: never + +# If you change this, you probably also want to change +# nsXPLookAndFeel::GenericDarkColor for MozNativevisitedhyperlinktext. +- name: browser.visited_color.dark + type: String + value: "#FFADFF" + mirror: never + +# When true, soft reloads (including location.reload()) +# will only froce validate the top level document, subresources will +# be loaded normally as-if users normally navigated to the page. +- name: browser.soft_reload.only_force_validate_top_level_document + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "canvas." +#--------------------------------------------------------------------------- + +# Limit for the canvas image cache. 0 means unlimited. +- name: canvas.image.cache.limit + type: int32_t + value: 0 + mirror: always + +# Add support for canvas path objects +- name: canvas.path.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: canvas.capturestream.enabled + type: bool + value: true + mirror: always + +# Is support for CanvasRenderingContext2D.filter enabled? +- name: canvas.filters.enabled + type: bool + value: true + mirror: always + +# Provide ability to turn on support for canvas focus rings. +- name: canvas.focusring.enabled + type: bool + value: true + mirror: always + +# Is support for CanvasRenderingContext2D's createConicGradient API enabled? +- name: canvas.createConicGradient.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "channelclassifier." +#--------------------------------------------------------------------------- + +- name: channelclassifier.allowlist_example + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "clipboard." +#--------------------------------------------------------------------------- + +# Clipboard behavior. +- name: clipboard.autocopy + type: bool +#if !defined(ANDROID) && !defined(XP_MACOSX) && defined(XP_UNIX) + value: true +#else + value: false +#endif + mirror: always + +#ifdef XP_WIN + # allow to copy clipboard data to Clipboard History/Cloud + # (used on sensitive data in about:logins and Private Browsing) +- name: clipboard.copyPrivateDataToClipboardCloudOrHistory + type: bool + value: false + mirror: always +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "consoleservice." +#--------------------------------------------------------------------------- + +#if defined(ANDROID) + # Disable sending console to logcat on release builds. +- name: consoleservice.logcat + type: RelaxedAtomicBool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "content." +#--------------------------------------------------------------------------- + +- name: content.cors.disable + type: bool + value: false + mirror: always + +# Back off timer notification after count. +# -1 means never. +- name: content.notify.backoffcount + type: int32_t + value: -1 + mirror: always + +# Notification interval in microseconds. +# The notification interval has a dramatic effect on how long it takes to +# initially display content for slow connections. The current value +# provides good incremental display of content without causing an increase +# in page load time. If this value is set below 1/10 of a second it starts +# to impact page load performance. +# See bugzilla bug 72138 for more info. +- name: content.notify.interval + type: int32_t + value: 120000 + mirror: always + +# Do we notify based on time? +- name: content.notify.ontimer + type: bool + value: true + mirror: always + +# How many times to deflect in interactive mode. +- name: content.sink.interactive_deflect_count + type: int32_t + value: 0 + mirror: always + +# How many times to deflect in perf mode. +- name: content.sink.perf_deflect_count + type: int32_t + value: 200 + mirror: always + +# Parse mode for handling pending events. +# 0 = don't check for pending events +# 1 = don't deflect if there are pending events +# 2 = bail if there are pending events +- name: content.sink.pending_event_mode + type: int32_t +#ifdef XP_WIN + value: 1 +#else + value: 0 +#endif + mirror: always + +# How often to probe for pending events. 1 = every token. +- name: content.sink.event_probe_rate + type: int32_t + value: 1 + mirror: always + +# How long to stay off the event loop in interactive mode (microseconds). +- name: content.sink.interactive_parse_time + type: int32_t + value: 3000 + mirror: always + +# How long to stay off the event loop in perf mode. +- name: content.sink.perf_parse_time + type: int32_t + value: 30000 + mirror: always + +# How long to be in interactive mode after an event. +- name: content.sink.interactive_time + type: uint32_t + value: 750000 + mirror: always + +# How long to stay in perf mode after initial loading. +- name: content.sink.initial_perf_time + type: uint32_t + value: 2000000 + mirror: always + +# Should we switch between perf-mode and interactive-mode? +# 0 = Switch +# 1 = Interactive mode +# 2 = Perf mode +- name: content.sink.enable_perf_mode + type: int32_t + value: 0 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "converter." +#--------------------------------------------------------------------------- + +# Whether we include ruby annotation in the text despite whether it +# is requested. This was true because we didn't explicitly strip out +# annotations. Set false by default to provide a better behavior, but +# we want to be able to pref-off it if user doesn't like it. +- name: converter.html2txt.always_include_ruby + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "cookiebanners." +#--------------------------------------------------------------------------- + +# Controls the cookie banner handling mode in normal browsing. +# 0: Disables all cookie banner handling. +# 1: Reject-all if possible, otherwise do nothing. +# 2: Reject-all if possible, otherwise accept-all. +- name: cookiebanners.service.mode + type: uint32_t + value: 0 + mirror: always + +# When set to true, cookie banners are detected and detection events are +# dispatched, but they will not be handled. Requires the service to be enabled +# for the desired mode via pref cookiebanners.service.mode* +- name: cookiebanners.service.detectOnly + type: bool + value: false + mirror: always + +# Controls the cookie banner handling mode in private browsing. Same mode +# options as the normal browsing pref above. +- name: cookiebanners.service.mode.privateBrowsing + type: uint32_t + value: 0 + mirror: always + +# Enables use of global CookieBannerRules, which apply to all sites. This is +# used for click rules that can handle common Consent Management Providers +# (CMP). +# Enabling this (when the cookie handling feature is enabled) may negatively +# impact site performance since it requires us to run rule-defined query +# selectors for every page. +- name: cookiebanners.service.enableGlobalRules + type: bool + value: false + mirror: always + +# Enables the cookie banner cookie injector. The cookie banner cookie injector +# depends on the `cookiebanners.service.mode` pref above. +- name: cookiebanners.cookieInjector.enabled + type: bool + value: true + mirror: always + + +# By default, how many seconds in the future cookies should expire after they +# have been injected. Defaults to 12 months. Individual cookie rules may +# override this. +- name: cookiebanners.cookieInjector.defaultExpiryRelative + type: uint32_t + value: 31536000 + mirror: always + +# Enables the cookie banner auto clicking. The cookie banner auto clicking +# depends on the `cookiebanners.service.mode` pref above. +- name: cookiebanners.bannerClicking.enabled + type: bool + value: true + mirror: always + +# The maximum time in ms for detecting banner and button elements for cookie +# banner auto clicking. +- name: cookiebanners.bannerClicking.timeout + type: uint32_t + value: 3000 + mirror: always + +# Whether or not banner auto clicking test mode is enabled. +- name: cookiebanners.bannerClicking.testing + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "datareporting." +#--------------------------------------------------------------------------- + +- name: datareporting.healthreport.uploadEnabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +#--------------------------------------------------------------------------- +# Prefs starting with "device." +#--------------------------------------------------------------------------- + +# Is support for the device sensors API enabled? +- name: device.sensors.enabled + type: bool + value: true + mirror: always + +# KaiOS-only, see https://bugzilla.mozilla.org/show_bug.cgi?id=1699707#c10 +- name: device.sensors.ambientLight.enabled + type: bool + value: false + mirror: always + +- name: device.sensors.motion.enabled + type: bool + value: true + mirror: always + +- name: device.sensors.orientation.enabled + type: bool + value: true + mirror: always + +# KaiOS-only, see https://bugzilla.mozilla.org/show_bug.cgi?id=1699707#c10 +- name: device.sensors.proximity.enabled + type: bool + value: false + mirror: always + +- name: device.sensors.test.events + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "devtools." +#--------------------------------------------------------------------------- + +- name: devtools.console.stdout.chrome + type: RelaxedAtomicBool + value: @IS_NOT_MOZILLA_OFFICIAL@ + mirror: always + +- name: devtools.console.stdout.content + type: RelaxedAtomicBool + value: false + mirror: always + +- name: devtools.toolbox.force-chrome-prefs + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "docshell." +#--------------------------------------------------------------------------- + +# Used to indicate whether session history listeners should be notified +# about content viewer eviction. Used only for testing. +- name: docshell.shistory.testing.bfevict + type: bool + value: false + mirror: always + +# If true, pages with an opener won't be bfcached. +- name: docshell.shistory.bfcache.require_no_opener + type: bool + value: @IS_ANDROID@ + mirror: always + +# If true, page with beforeunload or unload event listeners can be bfcached. +- name: docshell.shistory.bfcache.allow_unload_listeners + type: bool + value: @IS_ANDROID@ + mirror: always + +# If true, page with beforeunload event listeners can be bfcached. +# This only works when sessionHistoryInParent is enabled. +- name: docshell.shistory.bfcache.ship_allow_beforeunload_listeners + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "dom." +#--------------------------------------------------------------------------- + +# Allow cut/copy +- name: dom.allow_cut_copy + type: bool + value: true + mirror: always + +- name: dom.allow_XUL_XBL_for_file + type: bool + value: false + mirror: always + +# Checks if offscreen animation throttling is enabled. +- name: dom.animations.offscreen-throttling + type: bool + value: true + mirror: always + +# Is support for automatically removing replaced filling animations enabled? +- name: dom.animations-api.autoremove.enabled + type: bool + value: true + mirror: always + +# Is support for composite operations from the Web Animations API enabled? +- name: dom.animations-api.compositing.enabled + type: bool + value: true + mirror: always + +# Is support for the core interfaces of Web Animations API enabled? +- name: dom.animations-api.core.enabled + type: bool + value: true + mirror: always + +# Is support for Document.getAnimations() and Element.getAnimations() +# supported? +- name: dom.animations-api.getAnimations.enabled + type: bool + value: true + mirror: always + +# Is support for animations from the Web Animations API without 0%/100% +# keyframes enabled? +- name: dom.animations-api.implicit-keyframes.enabled + type: bool + value: true + mirror: always + +# Is support for timelines from the Web Animations API enabled? +- name: dom.animations-api.timelines.enabled + type: bool + value: true + mirror: always + +# Synchronize transform animations with geometric animations on the +# main thread. +- name: dom.animations.mainthread-synchronization-with-geometric-animations + type: bool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + +# Is support for AudioWorklet enabled? +- name: dom.audioworklet.enabled + type: bool + value: true + mirror: always + +# Is support for Navigator.getBattery enabled? +- name: dom.battery.enabled + type: bool + value: true + mirror: always + +# Block multiple external protocol URLs in iframes per single event. +- name: dom.block_external_protocol_in_iframes + type: bool + value: true + mirror: always + +# Block sandboxed BrowsingContexts from navigating to external protocols. +- name: dom.block_external_protocol_navigation_from_sandbox + type: bool + value: true + mirror: always + +# Block Insecure downloads from Secure Origins +- name: dom.block_download_insecure + type: bool + value: true + mirror: always + +# Block all downloads in iframes with the sandboxed attribute +- name: dom.block_download_in_sandboxed_iframes + type: bool + value: true + mirror: always + +# Block multiple window.open() per single event. +- name: dom.block_multiple_popups + type: bool + value: true + mirror: always + +# The maximum number of popup that is allowed to be opened. Set to -1 for no +# limit. +- name: dom.popup_maximum + type: int32_t + value: 20 + mirror: always + +# Whether Window.{inner,outer}{Width,Height} and screen{X,Y} +# behave as replaceable properties unconditionally. +- name: dom.window_position_size_properties_replaceable.enabled + type: bool + value: true + mirror: always + +# Whether window.location.reload() and window.history.go(0) should be blocked +# when called directly from a window resize event handler. +# +# This used to be necessary long ago to prevent terrible UX when using stuff +# like TypeAheadFind (bug 258917), but it also causes compat issues on mobile +# (bug 1570566). +- name: dom.block_reload_from_resize_event_handler + type: bool + value: false + mirror: always + +# SW Cache API +- name: dom.caches.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Exposes window.caches and skips SecureContext check. +# dom.serviceWorkers.testing.enabled also includes the same effect. +- name: dom.caches.testing.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Disable capture attribute for input elements; only supported on GeckoView. +- name: dom.capture.enabled + type: bool + value: false + mirror: always + +# HTML specification says the level should be 5 +# https://html.spec.whatwg.org/#timer-initialisation-steps +- name: dom.clamp.timeout.nesting.level + type: uint32_t + value: 5 + mirror: once + +# Disable custom highlight API; implementation pending. +- name: dom.customHighlightAPI.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Allow control characters appear in composition string. +# When this is false, control characters except +# CHARACTER TABULATION (horizontal tab) are removed from +# both composition string and data attribute of compositionupdate +# and compositionend events. +- name: dom.compositionevent.allow_control_characters + type: bool + value: false + mirror: always + +# Compression Streams (CompressionStream/DecompressionStream) +- name: dom.compression_streams.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.crypto.randomUUID.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for CSSPseudoElement enabled? +- name: dom.css_pseudo_element.enabled + type: bool + value: false + mirror: always + +# After how many seconds we allow external protocol URLs in iframe when not in +# single events +- name: dom.delay.block_external_protocol_in_iframes + type: uint32_t + value: 10 # in seconds + mirror: always + +# Whether the above pref has any effect at all. +# Make sure cases like bug 1795380 work before trying to turn this off. See +# bug 1680721 for some other context that might be relevant. +- name: dom.delay.block_external_protocol_in_iframes.enabled + type: bool + value: true + mirror: always + +# HTML <dialog> element +- name: dom.dialog_element.enabled + type: bool + value: true + mirror: always + +# Only propagate the open window click permission if the setTimeout() is equal +# to or less than this value. +- name: dom.disable_open_click_delay + type: int32_t + value: 1000 + mirror: always + +- name: dom.disable_open_during_load + type: bool + value: false + mirror: always + +- name: dom.disable_beforeunload + type: bool + value: false + mirror: always + +- name: dom.require_user_interaction_for_beforeunload + type: bool + value: true + mirror: always + +# Enable/disable Gecko specific edit commands +- name: dom.document.edit_command.contentReadOnly.enabled + type: bool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + +- name: dom.document.edit_command.insertBrOnReturn.enabled + type: bool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + +# If set this to true, `Document.execCommand` may be performed nestedly. +# Otherwise, nested calls just return false. +- name: dom.document.exec_command.nested_calls_allowed + type: bool + value: false + mirror: always + +- name: dom.enable_window_print + type: bool + value: true + mirror: always + +# Only intended for fuzzing purposes, this will break mozPrintCallback, etc. +- name: dom.window_print.fuzzing.block_while_printing + type: bool + value: false + mirror: always + +- name: dom.element.transform-getters.enabled + type: bool + value: false + mirror: always + +# Whether the popover attribute implementation is enabled, +# see https://html.spec.whatwg.org/#the-popover-attribute +- name: dom.element.popover.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Controls whether the "focus fixup rule" is enabled. Subject to minor changes +# based on https://github.com/whatwg/html/pull/8392 and +# https://github.com/whatwg/html/issues/8225 +- name: dom.focus.fixup + type: bool + value: true + mirror: always + +- name: dom.mouse_capture.enabled + type: bool + value: true + mirror: always + +# Is support for Performance.mozMemory enabled? +- name: dom.enable_memory_stats + type: bool + value: false + mirror: always + +# Enable Performance API +# Whether nonzero values can be returned from performance.timing.* +- name: dom.enable_performance + type: RelaxedAtomicBool + value: true + mirror: always + +# Enable Performance Observer API +- name: dom.enable_performance_observer + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether resource timing will be gathered and returned by performance.GetEntries* +- name: dom.enable_resource_timing + type: bool + value: true + mirror: always + +# Whether event timing will be gathered and returned by performance observer* +- name: dom.enable_event_timing + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the LargestContentfulPaint API will be gathered and returned by performance observer* +- name: dom.enable_largest_contentful_paint + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether performance.GetEntries* will contain an entry for the active document +- name: dom.enable_performance_navigation_timing + type: bool + value: true + mirror: always + +# Whether the scheduler interface will be exposed +- name: dom.enable_web_task_scheduling + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# If this is true, it's allowed to fire "cut", "copy" and "paste" events. +# Additionally, "input" events may expose clipboard content when inputType +# is "insertFromPaste" or something. +- name: dom.event.clipboardevents.enabled + type: bool + value: true + mirror: always + +# Whether touch event listeners are passive by default. +- name: dom.event.default_to_passive_touch_listeners + type: bool + value: true + mirror: always + +# Whether wheel listeners are passive by default. +- name: dom.event.default_to_passive_wheel_listeners + type: bool + value: true + mirror: always + +- name: dom.event.dragexit.enabled + type: bool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + +# Whether wheel event target's should be grouped. When enabled, all wheel +# events that occur in a given wheel transaction have the same event target. +- name: dom.event.wheel-event-groups.enabled + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Whether WheelEvent should return pixels instead of lines for +# WheelEvent.deltaX/Y/Z, when deltaMode hasn't been checked. +# +# Other browsers don't use line deltas and websites forget to check for it, see +# bug 1392460. +- name: dom.event.wheel-deltaMode-lines.disabled + type: bool + value: true + mirror: always + +# Mostly for debugging. Whether we should do the same as +# dom.event.wheel-deltaMode-lines.disabled, but unconditionally rather than +# only when deltaMode hasn't been checked. +- name: dom.event.wheel-deltaMode-lines.always-disabled + type: bool + value: false + mirror: always + +# A blocklist (list of domains) for the +# dom.event.wheel-deltaMode-lines.disabled behavior, in case potential +# unforeseen problems with it arrive. +- name: dom.event.wheel-deltaMode-lines.always-enabled + type: String + value: "" + mirror: never + +#if defined(XP_MACOSX) +# Whether to disable treating ctrl click as right click +- name: dom.event.treat_ctrl_click_as_right_click.disabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always +#endif + +# Whether .offset{X,Y} for events targeted at SVG nodes returns bounds relative +# to the outer SVG. +- name: dom.events.offset-in-svg-relative-to-svg-root + type: bool + value: true + mirror: always + +# Disable clipboard.read(), clipboard.write() and ClipboardItem by default +- name: dom.events.asyncClipboard.clipboardItem + type: bool + value: false + mirror: always + +# Skips checking permission and user activation when accessing the clipboard. +# Should only be enabled in tests. +# Access with Clipboard::IsTestingPrefEnabled(). +- name: dom.events.testing.asyncClipboard + type: bool + value: false + mirror: always + do_not_use_directly: true + +# Control whether `navigator.clipboard.readText()` is exposed to content. +# Currently not supported by GeckoView, see bug 1776829. +- name: dom.events.asyncClipboard.readText + type: bool + value: false + mirror: always + do_not_use_directly: true + +# This pref controls whether or not the `protected` dataTransfer state is +# enabled. If the `protected` dataTransfer stae is disabled, then the +# DataTransfer will be read-only whenever it should be protected, and will not +# be disconnected after a drag event is completed. +- name: dom.events.dataTransfer.protected.enabled + type: bool + value: false + mirror: always + +# Whether to hide normal files (i.e. non-images) in dataTransfer inside +# the content process. +- name: dom.events.dataTransfer.mozFile.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: dom.events.dataTransfer.imageAsFile.enabled + type: bool + value: false + mirror: always + +# User interaction timer interval, in ms +- name: dom.events.user_interaction_interval + type: uint32_t + value: 5000 + mirror: always + +# Whether to try to compress touchmove events on IPC layer. +- name: dom.events.compress.touchmove + type: bool + value: true + mirror: always + +# In addition to the above IPC layer compresison, allow touchmove +# events to be further coalesced in the child side after they +# are sent. +- name: dom.events.coalesce.touchmove + type: bool + value: true + mirror: always + +# Allow mousemove events to be coalesced in the child side after they are sent. +- name: dom.events.coalesce.mousemove + type: bool + value: true + mirror: always + +# Whether to expose test interfaces of various sorts +- name: dom.expose_test_interfaces + type: bool + value: false + mirror: always + +- name: dom.fetchObserver.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Allow the content process to create a File from a path. This is allowed just +# on parent process, on 'file' Content process, or for testing. +- name: dom.file.createInChild + type: RelaxedAtomicBool + value: false + mirror: always + +# Support @autocomplete values for form autofill feature. +- name: dom.forms.autocomplete.formautofill + type: bool + value: false + mirror: always + +# Only trusted submit event could trigger form submission. +- name: dom.forms.submit.trusted_event_only + type: bool + value: false + mirror: always + +# This pref just controls whether we format the number with grouping separator +# characters when the internal value is set or updated. It does not stop the +# user from typing in a number and using grouping separators. +- name: dom.forms.number.grouping + type: bool + value: false + mirror: always + +# Whether fullscreen should make the rest of the document inert. +# This matches other browsers but historically not Gecko. +- name: dom.fullscreen.modal + type: bool + value: true + mirror: always + +# Whether the Gamepad API is enabled +- name: dom.gamepad.enabled + type: bool + value: true + mirror: always + +# Is Gamepad Extension API enabled? +- name: dom.gamepad.extensions.enabled + type: bool + value: true + mirror: always + +# Is LightIndicator API enabled in Gamepad Extension API? +- name: dom.gamepad.extensions.lightindicator + type: bool + value: false + mirror: always + +# Is MultiTouch API enabled in Gamepad Extension API? +- name: dom.gamepad.extensions.multitouch + type: bool + value: false + mirror: always + +# Is Gamepad vibrate haptic feedback function enabled? +- name: dom.gamepad.haptic_feedback.enabled + type: bool + value: true + mirror: always + +- name: dom.gamepad.non_standard_events.enabled + type: bool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always + +- name: dom.gamepad.test.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# W3C draft ImageCapture API +- name: dom.imagecapture.enabled + type: bool + value: false + mirror: always + +# <img loading="lazy"> +# +# See https://github.com/whatwg/html/pull/3752 +- name: dom.image-lazy-loading.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# The root margin for image lazy loading, defined as four (value, percentage) +# pairs. +- name: dom.image-lazy-loading.root-margin.top + type: float + value: 600 + mirror: always + +- name: dom.image-lazy-loading.root-margin.top.percentage + type: bool + value: false + mirror: always + +- name: dom.image-lazy-loading.root-margin.bottom + type: float + value: 600 + mirror: always + +- name: dom.image-lazy-loading.root-margin.bottom.percentage + type: bool + value: false + mirror: always + +- name: dom.image-lazy-loading.root-margin.left + type: float + value: 600 + mirror: always + +- name: dom.image-lazy-loading.root-margin.left.percentage + type: bool + value: false + mirror: always + +- name: dom.image-lazy-loading.root-margin.right + type: float + value: 600 + mirror: always + +- name: dom.image-lazy-loading.root-margin.right.percentage + type: bool + value: false + mirror: always + +# Enable indexedDB in private browsing mode with encryption +- name: dom.indexedDB.privateBrowsing.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether or not indexedDB test mode is enabled. +- name: dom.indexedDB.testing + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether or not indexedDB experimental features are enabled. +- name: dom.indexedDB.experimental + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether or not indexedDB preprocessing is enabled. +- name: dom.indexedDB.preprocessing + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.input_events.beforeinput.enabled + type: bool + value: true + mirror: always + +# Whether innerWidth / innerHeight return rounded or fractional sizes. +# +# NOTE(emilio): Fractional sizes are not web-compatible, see the regressions +# from bug 1676843, but we want to expose the fractional sizes (probably in +# another API) one way or another, see [1], so we're keeping the code for the +# time being. +# +# [1]: https://github.com/w3c/csswg-drafts/issues/5260 +- name: dom.innerSize.rounded + type: bool + value: true + mirror: always + +# Whether we conform to Input Events Level 1 or Input Events Level 2. +# true: conforming to Level 1 +# false: conforming to Level 2 +- name: dom.input_events.conform_to_level_1 + type: bool + value: true + mirror: always + +# Whether we allow BrowsingContextGroup to suspend input events +- name: dom.input_events.canSuspendInBCG.enabled + type: bool + value: false + mirror: always + +# The minimum number of ticks after page navigation +# that need to occur before user input events are allowed to be handled. +- name: dom.input_events.security.minNumTicks + type: uint32_t + value: 3 + mirror: always + +# The minimum elapsed time (in milliseconds) after page navigation +# for user input events are allowed to be handled. +- name: dom.input_events.security.minTimeElapsedInMS + type: uint32_t + value: 100 + mirror: always + +# By default user input handling delay is disabled (mostly) for testing , +# this is used for forcefully enable it for certain tests. +- name: dom.input_events.security.isUserInputHandlingDelayTest + type: bool + value: false + mirror: always + +# The maximum time (milliseconds) we reserve for handling input events in each +# frame. +- name: dom.input_event_queue.duration.max + type: uint32_t + value: 8 + mirror: always + +# Enable not moving the cursor to end when a text input or textarea has .value +# set to the value it already has. By default, enabled. +- name: dom.input.skip_cursor_move_for_same_value_set + type: bool + value: true + mirror: always + +- name: dom.ipc.cancel_content_js_when_navigating + type: bool + value: true + mirror: always + +# How often to check for CPOW timeouts (ms). CPOWs are only timed +# out by the hang monitor. +- name: dom.ipc.cpow.timeout + type: uint32_t + value: 500 + mirror: always + +#ifdef MOZ_ENABLE_FORKSERVER +- name: dom.ipc.forkserver.enable + type: bool + value: false + mirror: once +#endif + +#ifdef MOZ_WIDGET_GTK +# +# Avoid the use of GTK in content processes if possible, by running +# them in headless mode, to conserve resources (e.g., connections to +# the X server). See the usage in `ContentParent.cpp` for the full +# definition of "if possible". +# +# This does not affect sandbox policies; content processes may still +# dynamically connect to the display server for, e.g., WebGL. +- name: dom.ipc.avoid-gtk + type: bool + value: true + mirror: always +#endif + +# Whether or not to collect a paired minidump when force-killing a +# content process. +- name: dom.ipc.tabs.createKillHardCrashReports + type: bool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: once + +# Allow Flash async drawing mode in 64-bit release builds. +- name: dom.ipc.plugins.asyncdrawing.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# How long we wait before unloading an idle plugin process. +- name: dom.ipc.plugins.unloadTimeoutSecs + type: RelaxedAtomicUint32 + value: 30 + mirror: always + +- name: dom.ipc.plugins.allow_dxgi_surface + type: bool + value: true + mirror: always + +# Enable e10s hang monitoring (slow script checking and plugin hang detection). +- name: dom.ipc.processHangMonitor + type: bool + value: true + mirror: once + +# Whether we report such process hangs +- name: dom.ipc.reportProcessHangs + type: RelaxedAtomicBool +# Don't report hangs in DEBUG builds. They're too slow and often a +# debugger is attached. +#ifdef DEBUG + value: false +#else + value: true +#endif + mirror: always + +- name: dom.ipc.tabs.disabled + type: bool + value: false + mirror: always + +# Process launch delay (in milliseconds). +- name: dom.ipc.processPrelaunch.delayMs + type: uint32_t +# This number is fairly arbitrary ... the intention is to put off +# launching another app process until the last one has finished +# loading its content, to reduce CPU/memory/IO contention. + value: 1000 + mirror: always + +- name: dom.ipc.processPrelaunch.startupDelayMs + type: uint32_t +# delay starting content processes for a short time after browser start +# to provide time for the UI to come up + value: 1000 + mirror: always + +# Process preallocation cache +# Only used in fission; in e10s we use 1 always +- name: dom.ipc.processPrelaunch.fission.number + type: uint32_t + value: 3 + mirror: always + +# Limit preallocated processes below this memory size (in MB) +- name: dom.ipc.processPrelaunch.lowmem_mb + type: uint32_t + value: 4096 + mirror: always + +- name: dom.ipc.processPriorityManager.enabled + type: bool + value: false + mirror: always + +- name: dom.ipc.processPriorityManager.testMode + type: bool + value: false + mirror: always + +- name: dom.ipc.processPriorityManager.backgroundPerceivableGracePeriodMS + type: uint32_t +#if defined(MOZ_WIDGET_ANDROID) && defined(NIGHTLY_BUILD) + value: 3000 +#else + value: 0 +#endif + mirror: always + +- name: dom.ipc.processPriorityManager.backgroundGracePeriodMS + type: uint32_t +#if defined(MOZ_WIDGET_ANDROID) && defined(NIGHTLY_BUILD) + value: 3000 +#else + value: 0 +#endif + mirror: always + +#ifdef XP_WIN +- name: dom.ipc.processPriorityManager.backgroundUsesEcoQoS + type: bool + value: false + mirror: always +#endif + +# Is support for HTMLElement.autocapitalize enabled? +- name: dom.forms.autocapitalize + type: bool + value: true + mirror: always + +# Support for input type=month, type=week. By default, disabled. +- name: dom.forms.datetime.others + type: bool + value: @IS_ANDROID@ + mirror: always + +# Is support for HTMLElement.enterKeyHint enabled? +- name: dom.forms.enterkeyhint + type: bool + value: true + mirror: always + +# Is support for HTMLElement.inputMode enabled? +- name: dom.forms.inputmode + type: bool + value: true + mirror: always + +- name: dom.forms.always_allow_pointer_events.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Is support for key events and focus events on disabled elements enabled? +- name: dom.forms.always_allow_key_and_focus_events.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Is support for HTMLInputElement.showPicker enabled? +- name: dom.input.showPicker + type: bool + value: true + mirror: always + +# Whether to allow or disallow web apps to cancel `beforeinput` events caused +# by MozEditableElement#setUserInput() which is used by autocomplete, autofill +# and password manager. +- name: dom.input_event.allow_to_cancel_set_user_input + type: bool + value: false + mirror: always + +# How long a content process can take before closing its IPC channel +# after shutdown is initiated. If the process exceeds the timeout, +# we fear the worst and kill it. +- name: dom.ipc.tabs.shutdownTimeoutSecs + type: RelaxedAtomicUint32 +#if !defined(DEBUG) && !defined(MOZ_ASAN) && !defined(MOZ_VALGRIND) && !defined(MOZ_TSAN) + value: 20 +#else + value: 0 +#endif + mirror: always + +# Whether a native event loop should be used in the content process. +- name: dom.ipc.useNativeEventProcessing.content + type: RelaxedAtomicBool +#if defined(XP_WIN) || defined(XP_MACOSX) + value: false +#else + value: true +#endif + mirror: always + +# If this is true, TextEventDispatcher dispatches keydown and keyup events +# even during composition (keypress events are never fired during composition +# even if this is true). +- name: dom.keyboardevent.dispatch_during_composition + type: bool + value: true + mirror: always + +# Enable/disable KeyboardEvent.initKeyEvent function +- name: dom.keyboardevent.init_key_event.enabled + type: bool + value: false + mirror: always + +# Enable/disable KeyboardEvent.initKeyEvent function in addons even if it's +# disabled. +- name: dom.keyboardevent.init_key_event.enabled_in_addons + type: bool + value: true + mirror: always + +# If this is true, keypress events for non-printable keys are dispatched only +# for event listeners of the system event group in web content. +- name: dom.keyboardevent.keypress.dispatch_non_printable_keys_only_system_group_in_content + type: bool + value: true + mirror: always + +# If this is true, "keypress" event's keyCode value and charCode value always +# become same if the event is not created/initialized by JS. +- name: dom.keyboardevent.keypress.set_keycode_and_charcode_to_same_value + type: bool + value: true + mirror: always + +# Whether "W3C Web Manifest" processing is enabled +- name: dom.manifest.enabled + type: bool + value: true + mirror: always + +# Enable mapped array buffer by default. +- name: dom.mapped_arraybuffer.enabled + type: bool + value: true + mirror: always + +# Autoplay Policy Detection https://w3c.github.io/autoplay/ +- name: dom.media.autoplay-policy-detection.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Media Session API +- name: dom.media.mediasession.enabled + type: bool + value: true + mirror: always + +# Whether HTMLMediaElement.mozPreservesPitch is enabled. +- name: dom.media.mozPreservesPitch.enabled + type: bool + value: false + mirror: always + +# WebCodecs API +- name: dom.media.webcodecs.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Number of seconds of very quiet or silent audio before considering the audio +# inaudible. +- name: dom.media.silence_duration_for_audibility + type: AtomicFloat + value: 2.0f + mirror: always + +# Inform mozjemalloc that the foreground content processes can keep more dirty +# pages in memory. +- name: dom.memory.foreground_content_processes_have_larger_page_cache + type: bool + value: true + mirror: always + +# Enable meta-viewport support in remote APZ-enabled frames. +- name: dom.meta-viewport.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Timeout clamp in ms for timeouts we clamp. +- name: dom.min_timeout_value + type: RelaxedAtomicInt32 + value: 4 + mirror: always + +# Timeout clamp in ms for background windows. +- name: dom.min_background_timeout_value + type: int32_t + value: 1000 + mirror: always + +# Timeout clamp in ms for background windows when throttling isn't enabled. +- name: dom.min_background_timeout_value_without_budget_throttling + type: int32_t + value: 1000 + mirror: always + +# Are missing-property use counters for certain DOM attributes enabled? +- name: dom.missing_prop_counters.enabled + type: bool + value: true + mirror: always + +# Is support for module scripts (<script type="module">) enabled for content? +- name: dom.moduleScripts.enabled + type: bool + value: true + mirror: always + +# Is support for import maps (<script type="importmap">) enabled for content? +- name: dom.importMaps.enabled + type: bool + value: true + mirror: always + +# Whether we disable triggering mutation events for changes to style +# attribute via CSSOM. +# NOTE: This preference is used in unit tests. If it is removed or its default +# value changes, please update test_sharedMap_static_prefs.js accordingly. +- name: dom.mutation-events.cssom.disabled + type: bool + value: true + mirror: always + +# Limit of location change caused by content scripts in a time span per +# BrowsingContext. This includes calls to History and Location APIs. +- name: dom.navigation.locationChangeRateLimit.count + type: uint32_t + value: 200 + mirror: always + +# Time span in seconds for location change rate limit. +- name: dom.navigation.locationChangeRateLimit.timespan + type: uint32_t + value: 10 + mirror: always + +# Network Information API +# This feature is not available on Firefox desktop. It exposes too much +# user information. Let's be consistent and disable it on Android. +# But let's keep it around in case it becomes necessary for webcompat +# reasons +# https://bugzilla.mozilla.org/show_bug.cgi?id=1637922 +- name: dom.netinfo.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we should open noopener links in a new process. +- name: dom.noopener.newprocess.enabled + type: bool + value: true + mirror: always + +# Whether we shouldn't show an error page for unknown protocols (and should +# show a console warning instead). +- name: dom.no_unknown_protocol_error.enabled + type: bool + value: true + mirror: always + +# Whether origin trials are enabled. +- name: dom.origin-trials.enabled + type: bool + value: true + mirror: always + +# Whether we use the test key to verify tokens. +- name: dom.origin-trials.test-key.enabled + type: bool + value: false + mirror: always + +# Origin trial state for "TestTrial". +# 0: normal, 1: always-enabled, 2: always-disabled +- name: dom.origin-trials.test-trial.state + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# Origin trial state for COEP: Credentialless. +# 0: normal, 1: always-enabled, 2: always-disabled +- name: dom.origin-trials.coep-credentialless.state + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# Is support for Window.paintWorklet enabled? +- name: dom.paintWorklet.enabled + type: bool + value: false + mirror: always + +# Enable/disable the PaymentRequest API +- name: dom.payments.request.enabled + type: bool + value: false + mirror: always + +# Whether a user gesture is required to call PaymentRequest.prototype.show(). +- name: dom.payments.request.user_interaction_required + type: bool + value: true + mirror: always + +# Time in milliseconds for PaymentResponse to wait for +# the Web page to call complete(). +- name: dom.payments.response.timeout + type: uint32_t + value: 5000 + mirror: always + +# Enable printing performance marks/measures to log +- name: dom.performance.enable_user_timing_logging + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.performance.children_results_ipc_timeout + type: uint32_t + value: 1000 + mirror: always + +# Enable notification of performance timing +- name: dom.performance.enable_notify_performance_timing + type: bool + value: false + mirror: always + +# Is support for PerformanceTiming.timeToContentfulPaint enabled? +- name: dom.performance.time_to_contentful_paint.enabled + type: bool + value: false + mirror: always + +# Is support for PerformanceTiming.timeToDOMContentFlushed enabled? +- name: dom.performance.time_to_dom_content_flushed.enabled + type: bool + value: false + mirror: always + +# Is support for PerformanceTiming.timeToFirstInteractive enabled? +- name: dom.performance.time_to_first_interactive.enabled + type: bool + value: false + mirror: always + +# Is support for PerformanceTiming.timeToNonBlankPaint enabled? +- name: dom.performance.time_to_non_blank_paint.enabled + type: bool + value: false + mirror: always + +# Is support for Permissions.revoke enabled? +- name: dom.permissions.revoke.enable + type: bool + value: false + mirror: always + +# This enables width and height attributes and map these attributes to img +# element's style. +- name: dom.picture_source_dimension_attributes.enabled + type: bool + value: true + mirror: always + +# Is support for Element.requestPointerLock enabled? +# This is added for accessibility purpose. When user has no way to exit +# pointer lock (e.g. no keyboard available), they can use this pref to +# disable the Pointer Lock API altogether. +- name: dom.pointer-lock.enabled + type: bool + value: true + mirror: always + +# re-SAB: Whether to allow postMessage of a SharedArrayBuffer if various +# preconditions related to COOP and COEP are met +- name: dom.postMessage.sharedArrayBuffer.withCOOP_COEP + type: bool + value: true + mirror: once + +# Overridden in all.js on RELEASE_OR_BETA in order to add the locked attribute. +- name: dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# This currently only affects XHTML. For XUL the cache is always allowed. +- name: dom.prototype_document_cache.enabled + type: bool + value: true + mirror: always + +# Push +- name: dom.push.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# This enables the SVGPathSeg APIs +- name: dom.svg.pathSeg.enabled + type: bool + value: false + mirror: always + +# Preference that is primarily used for testing of problematic file paths. +# It can also be used for switching between different storage directories, but +# such feature is not officially supported. +- name: dom.quotaManager.storageName + type: String + value: "storage" + mirror: never + +# An upper limit for the "age" of an origin. Any origin which is older than the +# threshold is considered as unaccessed. That doesn't necessarily mean that +# such origins will be immediatelly archived. They will be archived only when +# dom.quotaManager.checkQuotaInfoLoadTime is true and loading of quota info +# takes a long time (dom.quotaManager.longQuotaInfoLoadTimeThresholdMs is used +# to decide what is a long quota info load time). +- name: dom.quotaManager.unaccessedForLongTimeThresholdSec + type: RelaxedAtomicUint32 + value: 33696000 # 13 months + mirror: always + +# Should we try to load origin information from the cache? +# See bug 1563023 for more details. +- name: dom.quotaManager.loadQuotaFromCache + type: RelaxedAtomicBool + value: true + mirror: always + +# Should we check build ID as part of the cache validation? +# When enabled, the cache is invalidated on any upgrade (or downgrade), +# ensuring that changes in how quota usage is calculated can't cause +# inconsistencies at the cost of a slower initialization. Currently, this +# should only be set to false in tests using a packaged profile that inherently +# includes a build id different from the building running the tests. In the +# future this may be set to false if we are confident that we have sufficiently +# thorough schema versioning. +- name: dom.quotaManager.caching.checkBuildId + type: RelaxedAtomicBool + value: true + mirror: always + +# Should we check quota info load time and eventually archive some unaccessed +# origins if loading of quota info takes a long time ? +- name: dom.quotaManager.checkQuotaInfoLoadTime + type: RelaxedAtomicBool + value: true + mirror: always + +# An upper limit for quota info load time, anything which takes longer than the +# threshold is considered as long quota info load time. +- name: dom.quotaManager.longQuotaInfoLoadTimeThresholdMs + type: RelaxedAtomicUint32 + value: 21000 # 21 seconds + mirror: always + +# Preference that users can set to override temporary storage smart limit +# calculation. +- name: dom.quotaManager.temporaryStorage.fixedLimit + type: RelaxedAtomicInt32 + value: -1 + mirror: always + +# A pref that is used to enable testing features. +- name: dom.quotaManager.testing + type: SequentiallyConsistentAtomicBool + value: false + mirror: always + +#if defined(XP_WIN) + # Preference that is used to set nsILocalFileWin::useDOSDevicePathSyntax + # attribute for all local file instances created by QuotaManager and its + # clients. The value of this preference is cached so changing the preference + # during runtime has no effect. + # See bug 1626846 for setting this to false by default. +- name: dom.quotaManager.useDOSDevicePathSyntax + type: RelaxedAtomicBool + value: true + mirror: always + do_not_use_directly: true + + # Preference that is used to enable the hack for overrriding xFullPathname in + # QuotaVFS. +- name: dom.quotaManager.overrideXFullPathname + type: RelaxedAtomicBool + value: true + mirror: always +#elif defined(XP_UNIX) + # Preference that is used to enable the overriding of Unix xFullPathname + # implementation in QuotaVFS. +- name: dom.quotaManager.overrideXFullPathnameUnix + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +# How many times we should retry directory removal or renaming if access was +# denied? +- name: dom.quotaManager.directoryRemovalOrRenaming.maxRetries + type: RelaxedAtomicUint32 +#ifdef XP_WIN + value: 10 +#else + value: 0 +#endif + mirror: always + +# How long we should wait between retries (in milliseconds)? +- name: dom.quotaManager.directoryRemovalOrRenaming.delayMs + type: RelaxedAtomicUint32 + value: 200 + mirror: always + +#ifdef MOZ_BACKGROUNDTASKS +# Use a Background Task to delete files at shutdown. +- name: dom.quotaManager.backgroundTask.enabled + type: bool +#ifdef XP_MACOSX +# Needs to figure out how to prevent bug 1827486. + value: false +#else + value: true +#endif + mirror: never +#endif + +# Use to control to dump CheckedUnsafePtr creation stack and assignment stacks. +- name: dom.checkedUnsafePtr.dumpStacks.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Determines within what distance of a tick mark, in pixels, dragging an input +# range range will snap the range's value to that tick mark. By default, this is +# half the default width of the range thumb. +- name: dom.range_element.magnet_effect_threshold + type: float + value: 10.0f + mirror: always + +# Reporting API. +- name: dom.reporting.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.reporting.testing.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.reporting.featurePolicy.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.reporting.crash.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.reporting.header.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# In seconds. The timeout to remove not-active report-to endpoints. +- name: dom.reporting.cleanup.timeout + type: uint32_t + value: 3600 + mirror: always + +# Any X seconds the reports are dispatched to endpoints. +- name: dom.reporting.delivering.timeout + type: uint32_t + value: 5 + mirror: always + +# How many times the delivering of a report should be tried. +- name: dom.reporting.delivering.maxFailures + type: uint32_t + value: 3 + mirror: always + +# How many reports should be stored in the report queue before being delivered. +- name: dom.reporting.delivering.maxReports + type: uint32_t + value: 100 + mirror: always + +# Enable requestIdleCallback API +- name: dom.requestIdleCallback.enabled + type: bool + value: true + mirror: always + +# Enable Screen Orientation lock +- name: dom.screenorientation.allow-lock + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether to enable the JavaScript start-up cache. This causes one of the first +# execution to record the bytecode of the JavaScript function used, and save it +# in the existing cache entry. On the following loads of the same script, the +# bytecode would be loaded from the cache instead of being generated once more. +- name: dom.script_loader.bytecode_cache.enabled + type: bool + value: true + mirror: always + +# Ignore the heuristics of the bytecode cache, and always record on the first +# visit. (used for testing purposes). + +# Choose one strategy to use to decide when the bytecode should be encoded and +# saved. The following strategies are available right now: +# * -2 : (reader mode) The bytecode cache would be read, but it would never +# be saved. +# * -1 : (eager mode) The bytecode would be saved as soon as the script is +# seen for the first time, independently of the size or last access +# time. +# * 0 : (default) The bytecode would be saved in order to minimize the +# page-load time. +# +# Other values might lead to experimental strategies. For more details, have a +# look at: ScriptLoader::ShouldCacheBytecode function. +- name: dom.script_loader.bytecode_cache.strategy + type: int32_t + value: 0 + mirror: always + +# Select which parse/delazification strategy should be used while parsing +# scripts off-main-thread. (see CompileOptions.h, DelazificationOption enum) +# +# 0: On-demand only. Delazification will be triggered only on the main thread +# before the execution of the function. +# +# 1: Compare on-demand delazification (= 0) with concurrent depth-first +# delazification (= 2). +# +# 2: Depth-first. Delazify all functions off-thread in the order of appearance +# in the source. +# +# 3: Large-first. Delazify all functions off-thread starting with the largest +# functions first, and the smallest as the last one to be delazified, where +# the size of function is measured in bytes between the start to the end of +# the function. +# +# 255: Parse everything eagerly, from the first parse. All functions are parsed +# at the same time as the top-level of a file. +- name: dom.script_loader.delazification.strategy + type: uint32_t + value: 255 + mirror: always + +# Maximum total size after which the delazification strategy, specified by +# `dom.script_loader.delazification.strategy`, is no longer applied, and the +# on-demand strategy is used by default. +# +# -1 disable the threshold, and delazification strategy is applied to all +# scripts. +# +# Default value is 10MB for utf8 scripts. +- name: dom.script_loader.delazification.max_size + type: int32_t + value: 10485760 + mirror: always + +# Minimum memory, in GB, required to enable delazification strategy, specified +# by `dom.script_loader.delazification.strategy`. Otherwise, the on-demand +# delazification strategy is used. +- name: dom.script_loader.delazification.min_mem + type: int32_t + value: 2 + mirror: always + +# Is support for decoding external (non-inline) classic or module DOM scripts +# (i.e. anything but workers) as UTF-8, then directly compiling without +# inflating to UTF-16, enabled? +- name: dom.script_loader.external_scripts.utf8_parsing.enabled + type: bool + value: true + mirror: always + +# Enable speculative off main thread parsing of external scripts as +# soon as they are fetched. +- name: dom.script_loader.external_scripts.speculative_omt_parse.enabled + type: bool + value: true + mirror: always + +# Speculatively compile non parser inserted scripts +- name: dom.script_loader.external_scripts.speculate_non_parser_inserted.enabled + type: bool + value: false + mirror: always + +# Speculatively compile async scripts +- name: dom.script_loader.external_scripts.speculate_async.enabled + type: bool + value: false + mirror: always + +# Speculatively compile link preload scripts +- name: dom.script_loader.external_scripts.speculate_link_preload.enabled + type: bool + value: false + mirror: always + +- name: dom.securecontext.allowlist_onions + type: bool + value: false + mirror: always + +# This pref enables the featurePolicy header support. +- name: dom.security.featurePolicy.header.enabled + type: bool + value: false + mirror: always + +- name: dom.security.featurePolicy.experimental.enabled + type: bool + value: false + mirror: always + +# Expose the 'featurePolicy' attribute in document and HTMLIFrameElement +- name: dom.security.featurePolicy.webidl.enabled + type: bool + value: false + mirror: always + +# Perform IPC based Principal vetting in ContentParent +- name: dom.security.enforceIPCBasedPrincipalVetting + type: RelaxedAtomicBool + value: true + mirror: always + +# For testing purposes only: Flipping this pref to true allows +# to skip the allowlist for about: pages and do not ship with a +# CSP and NS_ASSERT right away. +- name: dom.security.skip_about_page_csp_allowlist_and_assert + type: RelaxedAtomicBool + value: false + mirror: always + +# For testing purposes only: Flipping this pref to true allows +# to skip the assertion that every about page ships with a CSP. +- name: dom.security.skip_about_page_has_csp_assert + type: RelaxedAtomicBool + value: false + mirror: always + +# For testing purposes only: Flipping this pref to true allows +# to skip the assertion that HTML fragments (e.g. innerHTML) can +# not be used within chrome code or about: pages. +- name: dom.security.skip_html_fragment_assertion + type: RelaxedAtomicBool + value: false + mirror: always + +# For testing purposes only; Flipping this pref to true allows +# to skip the assertion that remote scripts can not be loaded +# in system privileged contexts. +- name: dom.security.skip_remote_script_assertion_in_system_priv_context + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, all content requests will get upgraded to HTTPS:// +# (some Firefox functionality requests, like OCSP will not be affected) +- name: dom.security.https_only_mode + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, all content requests in Private Browsing Mode will get +# upgraded to HTTPS://. (If dom.security.https_only_mode is set +# to true then this pref has no effect) +- name: dom.security.https_only_mode_pbm + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, sends http background request for top-level sites to +# counter long timeouts. +- name: dom.security.https_only_mode_send_http_background_request + type: RelaxedAtomicBool + value: true + mirror: always + +# Time limit, in milliseconds, before sending the http background +# request for HTTPS-Only and HTTPS-First +- name: dom.security.https_only_fire_http_request_background_timer_ms + type: RelaxedAtomicUint32 + value: 3000 + mirror: always + +# If true, tries to break upgrade downgrade cycles where https-only tries +# to upgrad ethe connection, but the website tries to downgrade again. +- name: dom.security.https_only_mode_break_upgrade_downgrade_endless_loop + type: RelaxedAtomicBool + value: true + mirror: always + +# If true, when checking if it's upgrade downgrade cycles, the URI path will be +# also checked. +- name: dom.security.https_only_check_path_upgrade_downgrade_endless_loop + type: RelaxedAtomicBool + value: true + mirror: always + +# If true and HTTPS-only mode is enabled, requests +# to local IP addresses are also upgraded +- name: dom.security.https_only_mode.upgrade_local + type: RelaxedAtomicBool + value: false + mirror: always + +# If true and HTTPS-only mode is enabled, requests +# to .onion hosts are also upgraded +- name: dom.security.https_only_mode.upgrade_onion + type: RelaxedAtomicBool + value: false + mirror: always + +# WARNING: Don't ever update that pref manually! It is only used +# for telemetry purposes and allows to reason about retention of +# the pref dom.security.https_only_mode from above. +- name: dom.security.https_only_mode_ever_enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# WARNING: Don't ever update that pref manually! It is only used +# for telemetry purposes and allows to reason about retention of +# the pref dom.security.https_only_mode_pbm from above. +- name: dom.security.https_only_mode_ever_enabled_pbm + type: RelaxedAtomicBool + value: false + mirror: always + +# If true checks for secure www connections when https fails +# and gives the user suggestions on the error page +- name: dom.security.https_only_mode_error_page_user_suggestions + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, top-level request will get upgraded to HTTPS and +# downgraded again if the request failed. +- name: dom.security.https_first + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, top-level requests in Private Browsing Mode will get +# upgraded to HTTPS. (If dom.security.https_first +# is set to true then this pref has no effect) +- name: dom.security.https_first_pbm + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.security.unexpected_system_load_telemetry_enabled + type: bool + value: true + mirror: always + +# pref controls `Sanitizer` API being exposed +# https://wicg.github.io/sanitizer-api/ +- name: dom.security.sanitizer.enabled + type: bool + value: false + mirror: always + +# Pref that controls the Element.setHTML API idenpendetly of the sanitizer +# API. +- name: dom.security.setHTML.enabled + type: bool + value: false + mirror: always + +# Logs elements and attributes removed by the Sanitizer API to the console. +- name: dom.security.sanitizer.logging + type: bool + value: false + mirror: always + +# pref controls `identity` credentials being exposed +- name: dom.security.credentialmanagement.identity.enabled + type: bool + value: false + mirror: always + +# pref controls `identity` credential UI for testing. When true, UI is not shown and +# the first option in the account and provider lists are chosen +- name: dom.security.credentialmanagement.identity.select_first_in_ui_lists + type: bool + value: false + mirror: always + +# pref controls `identity` credential platform behavior for testing. When true, +# the .well-known file check is not performed. +- name: dom.security.credentialmanagement.identity.test_ignore_well_known + type: bool + value: false + mirror: always + +# pref controls whether we should delay identity credential rejections at all +- name: dom.security.credentialmanagement.identity.reject_delay.enabled + type: bool + value: true + mirror: always + +# pref controls how long we should delay identity credential rejections if enabled +- name: dom.security.credentialmanagement.identity.reject_delay.duration_ms + type: uint32_t + value: 120000 + mirror: always + +# Whether or not selection events on text controls are enabled. +- name: dom.select_events.textcontrols.selectionchange.enabled + type: bool + value: true + mirror: always + +- name: dom.select_events.textcontrols.selectstart.enabled + type: bool + value: false + mirror: always + +- name: dom.separate_event_queue_for_post_message.enabled + type: bool + value: true + mirror: always + +- name: dom.arena_allocator.enabled + type: bool + value: true + mirror: once + +- name: dom.serviceWorkers.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.serviceWorkers.navigationPreload.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Mitigates ServiceWorker navigation faults by bypassing the ServiceWorker on +# navigation faults. This is more extensive than just resetting interception +# because we also mark the page as uncontrolled so that subresources will not +# go to the ServiceWorker either. +- name: dom.serviceWorkers.mitigations.bypass_on_fault + type: bool + value: true + mirror: always + +# Additional ServiceWorker navigation mitigation control to unregister the +# ServiceWorker after multiple faults are encountered. The mitigation is +# disabled when this is set to zero, otherwise this is the number of faults that +# need to occur for a specific ServiceWorker before it will be unregistered. +- name: dom.serviceWorkers.mitigations.navigation_fault_threshold + type: uint32_t + value: 3 + mirror: always + +# This is the group usage head room for service workers. +# The quota usage mitigation algorithm uses this preference to determine if the +# origin or also group data should be cleared or not. +# The default value is 400 MiB. +- name: dom.serviceWorkers.mitigations.group_usage_headroom_kb + type: uint32_t + value: 400 * 1024 + mirror: always + +- name: dom.serviceWorkers.testing.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether ServiceWorkerManager should persist the service worker +# registered by temporary installed extension (only meant to be used +# for testing purpose, to make it easier to test some particular scenario +# with a temporary installed addon, which doesn't need to be signed to be +# installed on release channel builds). +- name: dom.serviceWorkers.testing.persistTemporarilyInstalledAddons + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.storage.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.workers.pFetch.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.workers.importScripts.enforceStrictMimeType + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Is support for modules (new Worker(..., {type: "module"})) enabled for workers? +- name: dom.workers.modules.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.workers.requestAnimationFrame + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.workers.serialized-sab-access + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.sitepermsaddon-provider.enabled + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +# Whether automatic storage access granting heuristics should be turned on. +- name: dom.storage_access.auto_grants + type: bool + value: true + mirror: always + +- name: dom.storage_access.auto_grants.delayed + type: bool + value: true + mirror: always + +# Storage-access API. +- name: dom.storage_access.enabled + type: bool + value: false + mirror: always + +# Forward-Declared Storage-access API. +- name: dom.storage_access.forward_declared.enabled + type: bool + value: false + mirror: always + +# How long the Forward-Declared Storage-access API allows between pair requests +# in seconds +- name: dom.storage_access.forward_declared.lifetime + type: uint32_t + value: 15 * 60 + mirror: always + +# The maximum number of origins that a given third-party tracker is allowed +# to have concurrent access to before the user is presented with a storage +# access prompt. Only effective when the auto_grants pref is turned on. +- name: dom.storage_access.max_concurrent_auto_grants + type: int32_t + value: 5 + mirror: always + +# Whether the Storage API is enabled. +- name: dom.storageManager.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the File System API is enabled +- name: dom.fs.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the WritableFileStream is enabled or disabled. +- name: dom.fs.writable_file_stream.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# LocalStorage data limit as determined by summing up the lengths of all string +# keys and values. This is consistent with the legacy implementation and other +# browser engines. This value should really only ever change in unit testing +# where being able to lower it makes it easier for us to test certain edge +# cases. Measured in KiBs. +- name: dom.storage.default_quota + type: RelaxedAtomicUint32 + # Only allow relatively small amounts of data since performance of the + # synchronous IO is very bad. We are enforcing simple per-origin quota only. + value: 5 * 1024 + mirror: always + +# Per-site quota for legacy LocalStorage implementation. +- name: dom.storage.default_site_quota + type: RelaxedAtomicUint32 + value: 25 * 1024 + mirror: always + +# Whether or not the unsupported legacy implemenation should be enabled. Please +# don't advertise this pref as a way for disabling LSNG. This pref is intended +# for internal testing only and will be removed in near future. Accidental +# disabling of LSNG can lead to a data loss in a combination with disabled +# shadow writes. Disabling of shadow writes is the initial step towards +# removing legacy implementation and will be done soon. +- name: dom.storage.enable_unsupported_legacy_implementation + type: RelaxedAtomicBool + value: false + mirror: always + do_not_use_directly: true + +# The amount of snapshot peak usage which is attempted to be pre-incremented +# during snapshot creation. +- name: dom.storage.snapshot_peak_usage.initial_preincrement + type: RelaxedAtomicUint32 + value: 16384 + mirror: always + +# The amount of snapshot peak usage which is attempted to be pre-incremented +# during snapshot creation if the LocalStorage usage was already close to the +# limit (a fallback for dom.storage.snapshot_peak_usage.initial_preincrement). +- name: dom.storage.snapshot_peak_usage.reduced_initial_preincrement + type: RelaxedAtomicUint32 + value: 4096 + mirror: always + +# The amount of snapshot peak usage which is attempted to be pre-incremented +# beyond the specific values which are subsequently requested after snapshot +# creation. +- name: dom.storage.snapshot_peak_usage.gradual_preincrement + type: RelaxedAtomicUint32 + value: 4096 + mirror: always + +# The amount of snapshot peak usage which is attempted to be pre-incremented +# beyond the specific values which are subsequently requested after snapshot +# creation if the LocalStorage total usage was already close to the limit +# (a fallback for dom.storage.snapshot_peak_usage.gradual_preincrement). +- name: dom.storage.snapshot_peak_usage.reduced_gradual_preincrement + type: RelaxedAtomicUint32 + value: 1024 + mirror: always + +# How long between a snapshot becomes idle and when we actually finish the +# snapshot. This preference is only used when "dom.storage.snapshot_reusing" +# is true. +- name: dom.storage.snapshot_idle_timeout_ms + type: uint32_t + value: 5000 + mirror: always + +# Is support for Storage test APIs enabled? +- name: dom.storage.testing + type: bool + value: false + mirror: always + +# For area and anchor elements with target=_blank and no rel set to +# opener/noopener. +- name: dom.targetBlankNoOpener.enabled + type: bool + value: true + mirror: always + +# Is support for Selection.GetRangesForInterval enabled? +- name: dom.testing.selection.GetRangesForInterval + type: bool + value: false + mirror: always + +- name: dom.testing.structuredclonetester.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.testing.sync-content-blocking-notifications + type: bool + value: false + mirror: always + +# To enable TestUtils interface on WPT +- name: dom.testing.testutils.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.textMetrics.actualBoundingBox.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.textMetrics.baselines.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.textMetrics.emHeight.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.textMetrics.fontBoundingBox.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Time (in ms) that it takes to regenerate 1ms. +- name: dom.timeout.background_budget_regeneration_rate + type: int32_t + value: 100 + mirror: always + +# Time (in ms) that it takes to regenerate 1ms. +- name: dom.timeout.foreground_budget_regeneration_rate + type: int32_t + value: 1 + mirror: always + +# Maximum value (in ms) for the background budget. Only valid for +# values greater than 0. +- name: dom.timeout.background_throttling_max_budget + type: int32_t + value: 50 + mirror: always + +# Maximum value (in ms) for the foreground budget. Only valid for +# values greater than 0. +- name: dom.timeout.foreground_throttling_max_budget + type: int32_t + value: -1 + mirror: always + +# The maximum amount a timeout can be delayed by budget throttling. +- name: dom.timeout.budget_throttling_max_delay + type: int32_t + value: 15000 + mirror: always + +# Turn on budget throttling by default. +- name: dom.timeout.enable_budget_timer_throttling + type: bool + value: true + mirror: always + +# Should we defer timeouts and intervals while loading a page. Released +# on Idle or when the page is loaded. +- name: dom.timeout.defer_during_load + type: bool + value: true + mirror: always + +# Maximum amount of time in milliseconds consecutive setTimeout()/setInterval() +# callback are allowed to run before yielding the event loop. +- name: dom.timeout.max_consecutive_callbacks_ms + type: uint32_t + value: 4 + mirror: always + +# Maximum deferral time for setTimeout/Interval in milliseconds +- name: dom.timeout.max_idle_defer_ms + type: uint32_t + value: 10*1000 + mirror: always + +# Delay in ms from document load until we start throttling background timeouts. +- name: dom.timeout.throttling_delay + type: int32_t + value: 30000 + mirror: always + +# UDPSocket API +- name: dom.udpsocket.enabled + type: bool + value: false + mirror: always + +# Whether to dump worker use counters +- name: dom.use_counters.dump.worker + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to dump document use counters +- name: dom.use_counters.dump.document + type: bool + value: false + mirror: always + +# Whether to dump page use counters +- name: dom.use_counters.dump.page + type: bool + value: false + mirror: always + +# Time limit, in milliseconds, for user gesture transient activation. +- name: dom.user_activation.transient.timeout + type: uint32_t + value: 5000 + mirror: always + +# Whether to treat the clicks on scrollbars as user interaction with web content. +- name: dom.user_activation.ignore_scrollbars + type: bool + value: true + mirror: always + +# Whether to shim a Components object on untrusted windows. +- name: dom.use_components_shim + type: bool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + +- name: dom.vibrator.enabled + type: bool + value: true + mirror: always + +- name: dom.vibrator.max_vibrate_ms + type: RelaxedAtomicUint32 + value: 10000 + mirror: always + +- name: dom.vibrator.max_vibrate_list_len + type: RelaxedAtomicUint32 + value: 128 + mirror: always + +# Is support for Window.visualViewport enabled? +- name: dom.visualviewport.enabled + type: bool + value: true + mirror: always + +# Is support for WebVR APIs enabled? +# Disabled everywhere, but not removed. +- name: dom.vr.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Should VR sessions always be reported as supported, without first +# checking for VR runtimes? This will prevent permission prompts +# from being suppressed on machines without VR runtimes and cause +# navigator.xr.isSessionSupported to always report that immersive-vr +# is supported. +- name: dom.vr.always_support_vr + type: RelaxedAtomicBool + value: false + mirror: always + +# Should AR sessions always be reported as supported, without first +# checking for AR runtimes? This will prevent permission prompts +# from being suppressed on machines without AR runtimes and cause +# navigator.xr.isSessionSupported to always report that immersive-ar +# is supported. +- name: dom.vr.always_support_ar + type: RelaxedAtomicBool + value: false + mirror: always + +# It is often desirable to automatically start vr presentation when +# a user puts on the VR headset. This is done by emitting the +# Window.vrdisplayactivate event when the headset's sensors detect it +# being worn. This can result in WebVR content taking over the headset +# when the user is using it outside the browser or inadvertent start of +# presentation due to the high sensitivity of the proximity sensor in some +# headsets, so it is off by default. +- name: dom.vr.autoactivate.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Minimum number of milliseconds that the browser will wait before +# attempting to poll again for connected VR controllers. The browser +# will not attempt to poll for VR controllers until it needs to use them. +- name: dom.vr.controller.enumerate.interval + type: RelaxedAtomicInt32 + value: 1000 + mirror: always + +# The threshold value of trigger inputs for VR controllers. +- name: dom.vr.controller_trigger_threshold + type: AtomicFloat + value: 0.1f + mirror: always + +# Minimum number of milliseconds that the browser will wait before +# attempting to poll again for connected VR displays. The browser +# will not attempt to poll for VR displays until it needs to use +# them, such as when detecting a WebVR site. +- name: dom.vr.display.enumerate.interval + type: RelaxedAtomicInt32 + value: 5000 + mirror: always + +# The number of milliseconds since last frame start before triggering a new +# frame. When content is failing to submit frames on time or the lower level +# VR platform APIs are rejecting frames, it determines the rate at which RAF +# callbacks will be called. +- name: dom.vr.display.rafMaxDuration + type: RelaxedAtomicUint32 + value: 50 + mirror: always + +# Minimum number of milliseconds the browser will wait before attempting +# to re-start the VR service after an enumeration returned no devices. +- name: dom.vr.external.notdetected.timeout + type: RelaxedAtomicInt32 + value: 60000 + mirror: always + +# Minimum number of milliseconds the browser will wait before attempting +# to re-start the VR service after a VR API (eg, OpenVR or Oculus) +# requests that we shutdown and unload its libraries. +# To ensure that we don't interfere with VR runtime software auto-updates, +# we will not attempt to re-load the service until this timeout has elapsed. +- name: dom.vr.external.quit.timeout + type: RelaxedAtomicInt32 + value: 10000 + mirror: always + +# Minimum number of milliseconds that the VR session will be kept +# alive after the browser and content no longer are using the +# hardware. If a VR multitasking environment, this should be set +# very low or set to 0. +- name: dom.vr.inactive.timeout + type: RelaxedAtomicInt32 + value: 5000 + mirror: always + +# Maximum number of milliseconds the browser will wait for content to call +# VRDisplay.requestPresent after emitting vrdisplayactivate during VR +# link traversal. This prevents a long running event handler for +# vrdisplayactivate from later calling VRDisplay.requestPresent, which would +# result in a non-responsive browser in the VR headset. +- name: dom.vr.navigation.timeout + type: RelaxedAtomicInt32 + value: 5000 + mirror: always + +# Oculus device +- name: dom.vr.oculus.enabled + type: RelaxedAtomicBool +#if defined(HAVE_64BIT_BUILD) && !defined(ANDROID) + # We are only enabling WebVR by default on 64-bit builds (Bug 1384459). + value: true +#else + # On Android, this pref is irrelevant. + value: false +#endif + mirror: always + +# When enabled, Oculus sessions may be created with the ovrInit_Invisible +# flag if a page is using tracking but not presenting. When a page +# begins presenting VR frames, the session will be re-initialized without +# the flag. This eliminates the "Firefox not responding" warnings in +# the headset, but might not be compatible with all versions of the Oculus +# runtime. +- name: dom.vr.oculus.invisible.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Minimum number of milliseconds after content has stopped VR presentation +# before the Oculus session is re-initialized to an invisible / tracking +# only mode. If this value is too high, users will need to wait longer +# after stopping WebVR presentation before automatically returning to the +# Oculus home interface. (They can immediately return to the Oculus Home +# interface through the Oculus HUD without waiting this duration) +# If this value is too low, the Oculus Home interface may be visible +# momentarily during VR link navigation. +- name: dom.vr.oculus.present.timeout + type: RelaxedAtomicInt32 + value: 500 + mirror: always + +# OpenVR device +- name: dom.vr.openvr.enabled + type: RelaxedAtomicBool +#if !defined(HAVE_64BIT_BUILD) && !defined(ANDROID) + # We are only enabling WebVR by default on 64-bit builds (Bug 1384459). + value: false +#elif defined(XP_WIN) || defined(XP_MACOSX) + # We enable OpenVR by default for Windows and macOS. + value: true +#else + # See Bug 1310663 (Linux). On Android, this pref is irrelevant. + value: false +#endif + mirror: always + +# OSVR device +- name: dom.vr.osvr.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Pose prediction reduces latency effects by returning future predicted HMD +# poses to callers of the WebVR API. This currently only has an effect for +# Oculus Rift on SDK 0.8 or greater. +- name: dom.vr.poseprediction.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Enable a separate process for VR module. +- name: dom.vr.process.enabled + type: bool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: once + +- name: dom.vr.process.startup_timeout_ms + type: int32_t + value: 5000 + mirror: once + +# Puppet device, used for simulating VR hardware within tests and dev tools. +- name: dom.vr.puppet.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Starting VR presentation is only allowed within a user gesture or event such +# as VRDisplayActivate triggered by the system. dom.vr.require-gesture allows +# this requirement to be disabled for special cases such as during automated +# tests or in a headless kiosk system. +- name: dom.vr.require-gesture + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for WebXR APIs enabled? +- name: dom.vr.webxr.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Points in the native bounds geometry are required to be quantized +# sufficiently to prevent fingerprinting. The WebXR spec suggests +# quantizing to the nearest 5 centimeters. +- name: dom.vr.webxr.quantization + type: AtomicFloat + value: 0.05f + mirror: always + +# Whether MouseEvent.region is exposed as a property. +- name: dom.mouse_event.region.enabled + type: bool + value: false + mirror: always + +#ifdef XP_WIN + # Control firing WidgetMouseEvent by handling Windows pointer messages or + # mouse messages. +- name: dom.w3c_pointer_events.dispatch_by_pointer_messages + type: bool + value: true + mirror: always + +- name: dom.w3c_pointer_events.scroll_by_pen.enabled + type: bool + value: true + mirror: always +#endif + +# If the value is >= 0, it will be used for max touch points in child processes. +- name: dom.maxtouchpoints.testing.value + type: int32_t + value: -1 + mirror: always + +# Maximum value of navigator.hardwareConcurrency. +- name: dom.maxHardwareConcurrency + type: RelaxedAtomicUint32 +#ifdef NIGHTLY_BUILD + value: 128 +#else + value: 16 +#endif + mirror: always + +# W3C pointer events draft. +- name: dom.w3c_pointer_events.implicit_capture + type: bool + value: true + mirror: always + +# In case Touch API is enabled, this pref controls whether to support +# ontouch* event handlers, document.createTouch, document.createTouchList and +# document.createEvent("TouchEvent"). +- name: dom.w3c_touch_events.legacy_apis.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +# W3C touch events +# 0 - disabled, 1 - enabled, 2 - autodetect +# Autodetection is currently only supported on Windows and GTK3 (and assumed on +# Android). +- name: dom.w3c_touch_events.enabled + type: int32_t +#if defined(XP_MACOSX) + value: 0 +#else + value: 2 +#endif + mirror: always + +# Is support for the Web Audio API enabled? +- name: dom.webaudio.enabled + type: bool + value: true + mirror: always + +- name: dom.webkitBlink.dirPicker.enabled + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +# Is the 'delegatesFocus' attribute for shadow dom +- name: dom.shadowdom.delegatesFocus.enabled + type: bool + value: true + mirror: always + +# Is the 'assign' API for slot element enabled? +- name: dom.shadowdom.slot.assign.enabled + type: bool + value: true + mirror: always + +# NOTE: This preference is used in unit tests. If it is removed or its default +# value changes, please update test_sharedMap_static_prefs.js accordingly. +- name: dom.webcomponents.shadowdom.report_usage + type: bool + value: false + mirror: always + +# Is support for the Web GPU API enabled? +- name: dom.webgpu.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Are WebGPU indirect draws/dispatches enabled? +- name: dom.webgpu.indirect-dispatch.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Comma-separated list of wgpu backend names to permit in WebGPU adapters. +# +# If non-empty, this is parsed by `wgpu_core::instance::parse_backends_from_comma_list` to +# produce a `wgpu_types::Backends` bitset used to create a `wgpu_core::hub::Global`. As of +# 2023-3-22, recognized names are: +# +# "vulkan" | "vk" => Backends::VULKAN, +# "dx12" | "d3d12" => Backends::DX12, +# "dx11" | "d3d11" => Backends::DX11, +# "metal" | "mtl" => Backends::METAL, +# "opengl" | "gles" | "gl" => Backends::GL, +# "webgpu" => Backends::BROWSER_WEBGPU, +- name: dom.webgpu.wgpu-backend + type: DataMutexString + value: "" + mirror: always + rust: true + +# Is support for HTMLInputElement.webkitEntries enabled? +- name: dom.webkitBlink.filesystem.enabled + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +# Whether the Web Locks API is enabled +- name: dom.weblocks.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the WebMIDI API is enabled +- name: dom.webmidi.enabled + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +# midi permission is addon-gated +- name: dom.webmidi.gated + type: bool + value: true + mirror: always + +- name: dom.webnotifications.allowinsecure + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.webnotifications.allowcrossoriginiframe + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.webnotifications.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.webnotifications.requireuserinteraction + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.webnotifications.requireinteraction.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: dom.webnotifications.silent.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: dom.webnotifications.vibrate.enabled + type: RelaxedAtomicBool +#if defined(MOZ_WIDGET_ANDROID) + value: @IS_NIGHTLY_BUILD@ +#else + value: false +#endif + mirror: always + +- name: dom.webnotifications.serviceworker.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for Window.event enabled? +- name: dom.window.event.enabled + type: bool + value: true + mirror: always + +- name: dom.window.history.async + type: bool + value: true + mirror: always + +# Enable the "noreferrer" feature argument for window.open() +- name: dom.window.open.noreferrer.enabled + type: bool + value: true + mirror: always + +- name: dom.window.content.untrusted.enabled + type: bool + value: false + mirror: always + +- name: dom.window.clientinformation.enabled + type: bool + value: true + mirror: always + +- name: dom.window.sidebar.enabled + type: bool + value: false + mirror: always + +- name: dom.worker.canceling.timeoutMilliseconds + type: RelaxedAtomicUint32 + value: 30000 # 30 seconds + mirror: always + +# Is support for compiling DOM worker scripts directly from UTF-8 (without ever +# inflating to UTF-16) enabled? +- name: dom.worker.script_loader.utf8_parsing.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.worker.use_medium_high_event_queue + type: RelaxedAtomicBool + value: true + mirror: always + +# Enables the dispatching of console log events from worker threads to the +# main-thread. +- name: dom.worker.console.dispatch_events_to_main_thread + type: RelaxedAtomicBool + value: true + mirror: always + +- name: dom.workers.testing.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: dom.worklet.enabled + type: bool + value: true + mirror: always + +# Enable content type normalization of XHR uploads via MIME Sniffing standard +- name: dom.xhr.standard_content_type_normalization + type: RelaxedAtomicBool + value: true + mirror: always + +# When this pref is set, parent documents may consider child iframes have +# loaded while they are still loading. +- name: dom.cross_origin_iframes_loaded_in_background + type: bool + value: false + mirror: always + +# WebIDL test prefs. +- name: dom.webidl.test1 + type: bool + value: true + mirror: always +- name: dom.webidl.test2 + type: bool + value: true + mirror: always + +- name: dom.webidl.crosscontext_hasinstance.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# WebShare API - exposes navigator.share() +- name: dom.webshare.enabled + type: bool +#ifdef XP_WIN + value: @IS_EARLY_BETA_OR_EARLIER@ +#else + value: false +#endif + mirror: always + +# WebShare API - allows WebShare without user interaction (for tests only). +- name: dom.webshare.requireinteraction + type: bool + value: true + mirror: always + +# about:home and about:newtab include remote snippets that contain arbitrarily +# placed anchor tags in their content; we want sanitization to be turned off +# in order to render them correctly +- name: dom.about_newtab_sanitization.enabled + type: bool + value: false + mirror: always + +# Hide the confirm dialog when a POST request is reloaded. +- name: dom.confirm_repost.testing.always_accept + type: bool + value: false + mirror: always + +# Whether we should suspend inactive tabs or not +- name: dom.suspend_inactive.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +# The following three prefs control the maximum script run time before slow +# script warning. + +# Controls the time that a content script can run before showing a +# notification. +- name: dom.max_script_run_time + type: int32_t + value: 10 + mirror: always + +# Controls whether we want to wait for user input before surfacing notifying +# the parent process about a long-running script. +- name: dom.max_script_run_time.require_critical_input + type: bool +# On desktop, we don't want to annoy the user with a notification if they're +# not interacting with the browser. On Android however, we automatically +# terminate long-running scripts, so we want to make sure we don't get in the +# way of that by waiting for input. +#if defined(MOZ_WIDGET_ANDROID) + value: false +#else + value: true +#endif + mirror: always + +# Controls if a content script will be aborted on child process shutdown. +- name: dom.abort_script_on_child_shutdown + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: dom.max_chrome_script_run_time + type: int32_t + value: 0 + mirror: always + +- name: dom.max_ext_content_script_run_time + type: int32_t + value: 5 + mirror: always + +# Initialize Resize Observer's last reported size to -1x-1, and not 0x0, +# as per CSSWG resolution: https://github.com/w3c/csswg-drafts/issues/3664 +- name: dom.resize_observer.last_reported_size_invalid + type: bool + value: true + mirror: always + +# Let Resize Observer report the size of all fragments, and not just the +# first one, as per CSSWG resolution: +# https://github.com/w3c/csswg-drafts/issues/3673#issuecomment-467221565 +- name: dom.resize_observer.support_fragments + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "editor" +#--------------------------------------------------------------------------- + +# Default background color of HTML editor. This is referred only when +# "editor.use_custom_colors" is set to `true`. +- name: editor.background_color + type: String + value: "#FFFFFF" + mirror: never + +# Use compatible range computation when applying inline style. This is used +# for making it possible to backout with Normandy Pref Rollout. +- name: editor.inline_style.range.compatible_with_the_other_browsers + type: bool + value: true + mirror: always + +# Whether use Blink/WebKit compatbile joining nodes and split a node direction. +# false: Left node will be created (at splitting) and deleted (at joining) +# true: Right node will be created (at splitting) and deleted (at joinining) +- name: editor.join_split_direction.compatible_with_the_other_browsers + type: bool + value: true + mirror: always + +# Delay to mask last input character in password fields. +# If negative value, to use platform's default behavior. +# If 0, no delay to mask password. +# Otherwise, password fields unmask last input character(s) during specified +# time (in milliseconds). +- name: editor.password.mask_delay + type: int32_t + value: -1 + mirror: always + +# Set to true when you test mask_delay of password editor. If this is set +# to true, "MozLastInputMasked" is fired when last input characters are +# masked by timeout. +- name: editor.password.testing.mask_delay + type: bool + value: false + mirror: always + +# How line breakers are treated in single line editor: +# * 0: Only remove the leading and trailing newlines. +# * 1: Remove the first newline and all characters following it. +# * 2: Replace newlines with spaces (default of Firefox). +# * 3: Remove newlines from the string. +# * 4: Replace newlines with commas (default of Thunderbird). +# * 5: Collapse newlines and surrounding white space characters and +# remove them from the string. +# Other values are treated as 1. +- name: editor.singleLine.pasteNewlines + type: int32_t + value: 2 + mirror: always + +# Whether user pastes should be truncated. +- name: editor.truncate_user_pastes + type: bool + value: true + mirror: always + +# When this is set to `true`, "editor.background_color" must be set, then, +# the value is treated as default background color of the HTML editor. +# If `false` and "browser.display.use_system_colors" is set to `true`, +# "browser.display.background_color" is used instead. +# Otherwise, no color is used as default background color. +# This pref is for Thunderbird and SeaMonkey. +- name: editor.use_custom_colors + type: bool + value: false + mirror: always + +# If this is set to `true`, CSS mode of style editor is enabled by default +# unless it's a mail editor. +# This pref is for Thunderbird and SeaMonkey. +- name: editor.use_css + type: bool + value: false + mirror: always + +# Whether enabling blink compatible white-space normalizer or keep using +# Gecko's traditional white-space normalizer. +- name: editor.white_space_normalization.blink_compatible + type: bool + value: false + mirror: always + +# General prefs for editor, indicating whether Gecko-specific editing UI is +# enabled by default. Those UIs are not implemented by any other browsers. So, +# only Firefox users can change some styles with them. This means that Firefox +# users may get unexpected result of some web apps if they assume that users +# cannot change such styles. +- name: editor.resizing.enabled_by_default + type: bool + value: false + mirror: always +- name: editor.inline_table_editing.enabled_by_default + type: bool + value: false + mirror: always +- name: editor.positioning.enabled_by_default + type: bool + value: false + mirror: always + +# Controls if a double click word selection also deletes one adjacent whitespace +# (if feasible). This mimics native behaviour on MacOS. +- name: editor.word_select.delete_space_after_doubleclick_selection + type: bool +#ifdef XP_MACOSX + value: true +#else + value: false +#endif + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "extensions." +#--------------------------------------------------------------------------- + +# Pref that enforces the use of web_accessible_resources for content loads. +# This behavior is default for MV3. The pref controls this for MV2. +- name: extensions.content_web_accessible.enabled + type: bool + value: false + mirror: always + +# Whether the InstallTrigger implementation should be enabled (or hidden and +# none of its methods available). +- name: extensions.InstallTriggerImpl.enabled + type: bool + value: false + mirror: always + +# Whether the InstallTrigger implementation should be enabled (or completely +# hidden), separate from InstallTriggerImpl because InstallTrigger is improperly +# used also for UA detection. +- name: extensions.InstallTrigger.enabled + type: bool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + + +# Whether the background.service_worker in the extension manifest.json file +# is enabled. +- name: extensions.backgroundServiceWorker.enabled + type: bool + value: false + mirror: once + +# Maximum number of misspelled words in a text. +- name: extensions.spellcheck.inline.max-misspellings + type: int32_t + value: 500 + mirror: always + +# Whether the extensions can register a service worker on its own. +# NOTE: WebExtensions Framework ability to register a background service worker +# is not controlled by this pref, only the extension code ability to use +# navigator.serviceWorker.register is locked behind this pref. +- name: extensions.serviceWorkerRegister.allowed + type: bool + value: false + mirror: always + +# Legacy behavior on filterResponse calls on intercepted sw script requests. +- name: extensions.filterResponseServiceWorkerScript.disabled + type: bool + value: false + mirror: always + +# This pref governs whether we run webextensions in a separate process (true) +# or the parent/main process (false) +- name: extensions.webextensions.remote + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to expose the MockExtensionAPI test interface in tests. +# The interface MockExtensionAPI doesn't represent a real extension API, +# it is only available in test and does include a series of cases useful +# to test the API request handling without tying the unit test to a +# specific WebExtensions API. +- name: extensions.webidl-api.expose_mock_interface + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to allow acccess to AddonManager to developer sites for testing +# NOTE: We'd like this to be a "hidden" pref once StaticPrefs supports it. +- name: extensions.webapi.testing + type: RelaxedAtomicBool + value: false + mirror: always + +# Automation-only pref to allow AddonManager over insecure protocols. +# NOTE: We'd like this to be a "hidden" pref once StaticPrefs supports it. +- name: extensions.webapi.testing.http + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "fission." +#--------------------------------------------------------------------------- + +# Whether to enable Fission in new windows by default. +# IMPORTANT: This preference should *never* be checked directly, since any +# session can contain a mix of Fission and non-Fission windows. Instead, +# callers should check whether the relevant nsILoadContext has the +# `useRemoteSubframes` flag set. +# Callers which cannot use `useRemoteSubframes` must use +# `Services.appinfo.fissionAutostart` or `mozilla::FissionAutostart()` to check +# whether fission is enabled by default. +- name: fission.autostart + type: bool + value: @IS_NOT_ANDROID@ + mirror: never + +# This pref has no effect within fission windows, it only controls the +# behaviour within non-fission windows. If true, preserve browsing contexts +# between process swaps. +- name: fission.preserve_browsing_contexts + type: bool + value: true + mirror: always + +# Disable storing the session history in the parent process, and accessing it +# over IPC from the child processes. +- name: fission.disableSessionHistoryInParent + type: bool + value: @IS_ANDROID@ + mirror: once + do_not_use_directly: true + +# If session history is stored in the parent process, enable bfcache for it. +- name: fission.bfcacheInParent + type: bool + value: true + mirror: always + do_not_use_directly: true + +# Allow renaming of processes from Private Windows to the eTLD+1 on nightly +# Setting this pref creates a privacy leak, but helps greatly with +# debugging. +- name: fission.processPrivateWindowSiteNames + type: bool + value: false + mirror: always + +# Allow renaming of process names to the eTLD+1 on all versions, NOT +# including processes from Private Windows +# Setting this pref creates a privacy leak, but helps greatly with +# debugging +- name: fission.processSiteNames + type: bool + value: false + mirror: always + +# Allow showing of current profile along with process names, NOT +# including processes from Private Windows +# Setting this pref creates a privacy leak, but helps greatly with +# debugging +- name: fission.processProfileName + type: bool + value: false + mirror: always + +# If true, allow process-switching documents loaded by <object> and <embed> +# elements into a remote process. +# NOTE: This pref has no impact outside of windows with the +# `useRemoteSubframes` flag set. +- name: fission.remoteObjectEmbed + type: bool + value: true + mirror: always + +# The strategy used to control how sites are isolated into separate processes +# when Fisison is enabled. This pref has no effect if Fission is disabled. +# See the `WebContentIsolationStrategy` enum in `ProcessIsolation.cpp`. +- name: fission.webContentIsolationStrategy + type: uint32_t + value: 1 + mirror: always + +# Time in seconds before a site loaded with the Cross-Origin-Opener-Policy +# header is no longer considered high-value and isolated in the "highValueCOOP" +# configuration. +- name: fission.highValue.coop.expiration + type: uint32_t + value: 2592000 # 30 days (in seconds) + mirror: always + +# Time in seconds before a site are considered high-value by the login detection +# service is no longer considered high-value and isolated in the "highValueHasSavedLogin" +# or "highValueIsLoggedIn" configuration. +- name: fission.highValue.login.expiration + type: uint32_t + value: 2592000 # 30 days (in seconds) + mirror: always + +# If true, capture login attemp, and add "highValueIsLoggedIn" permission to +# the permission manager no matter whether fission is enabled and +# WebContentIsolationStrateg is set to IsolateHighvalue. +- name: fission.highValue.login.monitor + type: bool + value: @IS_ANDROID@ + mirror: always + +# If true, do not send blocklisted preference values to the subprocess +- name: fission.omitBlocklistedPrefsInSubprocesses + type: RelaxedAtomicBool + value: true + mirror: always + +# If true, crash when a blocklisted preference is accessed in a subprocess +- name: fission.enforceBlocklistedPrefsInSubprocesses + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "font." +#--------------------------------------------------------------------------- + +# A value greater than zero enables font size inflation for +# pan-and-zoom UIs, so that the fonts in a block are at least the size +# that, if a block's width is scaled to match the device's width, the +# fonts in the block are big enough that at most the pref value ems of +# text fit in *the width of the device*. +# +# When both this pref and the next are set, the larger inflation is used. +- name: font.size.inflation.emPerLine + type: uint32_t + value: 0 + mirror: always + +# A value greater than zero enables font size inflation for +# pan-and-zoom UIs, so that if a block's width is scaled to match the +# device's width, the fonts in a block are at least the given font size. +# The value given is in twips, i.e., 1/20 of a point, or 1/1440 of an inch. +# +# When both this pref and the previous are set, the larger inflation is used. +- name: font.size.inflation.minTwips + type: uint32_t + value: 0 + mirror: always + +# In products with multi-mode pan-and-zoom and non-pan-and-zoom UIs, +# this pref forces font inflation to always be enabled in all modes. +# That is, any heuristics used to detect pan-and-zoom +# vs. non-pan-and-zoom modes are disabled and all content is treated +# as pan-and-zoom mode wrt font inflation. +# +# This pref has no effect if font inflation is not enabled through +# either of the prefs above. It has no meaning in single-mode UIs. +- name: font.size.inflation.forceEnabled + type: bool + value: false + mirror: always + +# In products with multi-mode pan-and-zoom and non-pan-and-zoom UIs, +# this pref disables font inflation in master-process contexts where +# existing heuristics can't be used determine enabled-ness. +# +# This pref has no effect if font inflation is not enabled through +# either of the prefs above. The "forceEnabled" pref above overrides +# this pref. +- name: font.size.inflation.disabledInMasterProcess + type: bool + value: false + mirror: always + +# Defines the font size inflation mapping intercept parameter. +# +# Font size inflation computes a minimum font size, m, based on +# other preferences (see font.size.inflation.minTwips and +# font.size.inflation.emPerLine, above) and the width of the +# frame in which the text resides. Using this minimum, a specified +# font size, s, is mapped to an inflated font size, i, using an +# equation that varies depending on the value of the font size +# inflation mapping intercept parameter, P. +# +# If the intercept parameter is negative, then the following mapping +# function is used: +# +# i = m + s +# +# If the intercept parameter is non-negative, then the mapping function +# is a function such that its graph meets the graph of i = s at the +# point where both i and s are (1 + P/2) * m for values of s that are +# large enough. This means that when s=0, i is always equal to m. +- name: font.size.inflation.mappingIntercept + type: int32_t + value: 1 + mirror: always + +# Since the goal of font size inflation is to avoid having to +# repeatedly scroll side to side to read a block of text, and there are +# a number of page layouts where a relatively small chunk of text is +# better off not being inflated according to the same algorithm we use +# for larger chunks of text, we want a threshold for an amount of text +# that triggers font size inflation. This preference controls that +# threshold. +# +# It controls the threshold used within an *approximation* of the +# number of lines of text we use. In particular, if we assume that +# each character (collapsing collapsible whitespace) has a width the +# same as the em-size of the font (when, normally, it's actually quite +# a bit smaller on average), this preference gives the percentage of a +# number of lines of text we'd need to trigger inflation. This means +# that a percentage of 100 means that we'd need a number of characters +# (we know the font size and the width) equivalent to one line of +# square text (which is actually a lot less than a real line of text). +# +# A value of 0 means there's no character length threshold. +- name: font.size.inflation.lineThreshold + type: uint32_t + value: 400 + mirror: always + +# This controls the percentage that fonts will be inflated, if font +# size inflation is enabled. Essentially, if we have a specified font +# size, s, and an inflated font size, i, this specifies that the ratio +# i/s * 100 should never exceed the value of this preference. In order +# for this preference to have any effect, its value must be greater +# than 100, since font inflation can never decrease the ratio i/s. +- name: font.size.inflation.maxRatio + type: uint32_t + value: 0 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "full-screen-api." +#--------------------------------------------------------------------------- + +- name: full-screen-api.enabled + type: bool + value: false + mirror: always + +- name: full-screen-api.allow-trusted-requests-only + type: bool + value: true + mirror: always + +- name: full-screen-api.mouse-event-allow-left-button-only + type: bool + value: true + mirror: always + +- name: full-screen-api.exit-on.windowOpen + type: bool + value: true + mirror: always + +- name: full-screen-api.exit-on.windowRaise + type: bool + value: true + mirror: always + +- name: full-screen-api.pointer-lock.enabled + type: bool + value: true + mirror: always + +# whether to prevent the top level widget from going fullscreen +- name: full-screen-api.ignore-widgets + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "fuzzing.". It's important that these can only be +# checked in fuzzing builds (when FUZZING is defined), otherwise you could +# enable the fuzzing stuff on your regular build which would be bad :) +#--------------------------------------------------------------------------- + +#ifdef FUZZING +- name: fuzzing.enabled + type: bool +#ifdef FUZZING_SNAPSHOT + value: true +#else + value: false +#endif + mirror: always + +- name: fuzzing.necko.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: fuzzing.necko.http3 + type: RelaxedAtomicBool + value: false + mirror: always + rust: true +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "general." +#--------------------------------------------------------------------------- + +- name: general.aboutConfig.enable + type: bool + value: true + mirror: always + +# Limits the depth of recursive conversion of data when opening +# a content to view. This is mostly intended to prevent infinite +# loops with faulty converters involved. +- name: general.document_open_conversion_depth_limit + type: uint32_t + value: 20 + mirror: always + +- name: general.smoothScroll + type: RelaxedAtomicBool + value: true + mirror: always + +# This pref and general.smoothScroll.stopDecelerationWeighting determine +# the timing function. +- name: general.smoothScroll.currentVelocityWeighting + type: AtomicFloat + value: 0.25 + mirror: always + +# To connect consecutive scroll events into a continuous flow, the animation's +# duration should be longer than scroll events intervals (or else the scroll +# will stop before the next event arrives - we're guessing the next interval +# by averaging recent intervals). +# This defines how much longer the duration is compared to the events +# interval (percentage). +- name: general.smoothScroll.durationToIntervalRatio + type: RelaxedAtomicInt32 + value: 200 + mirror: always + +- name: general.smoothScroll.lines + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.lines.durationMaxMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.lines.durationMinMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.mouseWheel + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.mouseWheel.durationMaxMS + type: RelaxedAtomicInt32 + value: 200 + mirror: always + +- name: general.smoothScroll.mouseWheel.durationMinMS + type: RelaxedAtomicInt32 + value: 50 + mirror: always + +- name: general.smoothScroll.other + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.other.durationMaxMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.other.durationMinMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.pages + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.pages.durationMaxMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.pages.durationMinMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.scrollbars + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.scrollbars.durationMaxMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.scrollbars.durationMinMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.pixels + type: RelaxedAtomicBool + value: true + mirror: always + +- name: general.smoothScroll.pixels.durationMaxMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +- name: general.smoothScroll.pixels.durationMinMS + type: RelaxedAtomicInt32 + value: 150 + mirror: always + +# This pref and general.smoothScroll.currentVelocityWeighting determine +# the timing function. +- name: general.smoothScroll.stopDecelerationWeighting + type: AtomicFloat + value: 0.4f + mirror: always + +# Alternative smooth scroll physics. ("MSD" = Mass-Spring-Damper) +- name: general.smoothScroll.msdPhysics.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: general.smoothScroll.msdPhysics.continuousMotionMaxDeltaMS + type: RelaxedAtomicInt32 + value: 120 + mirror: always + +- name: general.smoothScroll.msdPhysics.motionBeginSpringConstant + type: RelaxedAtomicInt32 + value: 1250 + mirror: always + +- name: general.smoothScroll.msdPhysics.slowdownMinDeltaMS + type: RelaxedAtomicInt32 + value: 12 + mirror: always + +- name: general.smoothScroll.msdPhysics.slowdownMinDeltaRatio + type: AtomicFloat + value: 1.3f + mirror: always + +- name: general.smoothScroll.msdPhysics.slowdownSpringConstant + type: RelaxedAtomicInt32 + value: 2000 + mirror: always + +- name: general.smoothScroll.msdPhysics.regularSpringConstant + type: RelaxedAtomicInt32 + value: 1000 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "geo." +#--------------------------------------------------------------------------- + +# Is support for Navigator.geolocation enabled? +- name: geo.enabled + type: bool + value: true + mirror: always + +# Time, in milliseconds, to wait for the location provider to spin up. +- name: geo.timeout + type: int32_t + value: 6000 + mirror: always + +#ifdef MOZ_ENABLE_DBUS +# Whether to use Geoclue location provider (if available on the system). +- name: geo.provider.use_geoclue + type: bool + value: true + mirror: always + +# Whether to always provide high location accuracy, even if site +# doesn't actually request this level of accuracy. +# Almost no site correctly requests high accuracy so force it by default +# for compatibility with other geolocation providers. +- name: geo.provider.geoclue.always_high_accuracy + type: bool + value: true + mirror: always +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "gfx." +#--------------------------------------------------------------------------- + +- name: gfx.allow-texture-direct-mapping + type: bool + value: true + mirror: once + +# Allow 24-bit colour when the hardware supports it. +- name: gfx.android.rgb16.force + type: bool + value: false + mirror: once + +- name: gfx.apitrace.enabled + type: bool + value: false + mirror: once + +- name: gfx.blithelper.precision + type: RelaxedAtomicUint32 + value: 2 # { 0: lowp, 1: mediump, 2: highp } + mirror: always + +- name: gfx.blithelper.lut-size.rgb.b + type: RelaxedAtomicUint32 + value: 15 + mirror: always +- name: gfx.blithelper.lut-size.rgb.g + type: RelaxedAtomicUint32 + value: 31 + mirror: always +- name: gfx.blithelper.lut-size.rgb.r + type: RelaxedAtomicUint32 + value: 31 + mirror: always + +- name: gfx.blithelper.lut-size.ycbcr.cb + type: RelaxedAtomicUint32 + value: 15 + mirror: always +- name: gfx.blithelper.lut-size.ycbcr.cr + type: RelaxedAtomicUint32 + value: 31 + mirror: always +- name: gfx.blithelper.lut-size.ycbcr.y + type: RelaxedAtomicUint32 + value: 31 + mirror: always + +# Nb: we ignore this pref on release and beta. +- name: gfx.blocklist.all + type: int32_t + value: 0 + mirror: once + +#if defined(XP_MACOSX) +- name: gfx.cairo_quartz_cg_layer.enabled + type: bool + value: true + mirror: always +#endif + +- name: gfx.canvas.accelerated + type: bool +#if defined(XP_MACOSX) || defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: always + +# Whether to attempt to enable Accelerated Canvas2D regardless of blocklisting. +- name: gfx.canvas.accelerated.force-enabled + type: bool + value: false + mirror: always + +- name: gfx.canvas.accelerated.async-present + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.canvas.accelerated.cache-items + type: RelaxedAtomicUint32 + value: 2048 + mirror: always + +- name: gfx.canvas.accelerated.cache-size + type: RelaxedAtomicUint32 + value: 256 + mirror: always + +- name: gfx.canvas.accelerated.reserve-empty-cache + type: RelaxedAtomicUint32 + value: 36 + mirror: always + +- name: gfx.canvas.accelerated.max-size + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: gfx.canvas.accelerated.min-size + type: RelaxedAtomicInt32 + value: 128 + mirror: always + +- name: gfx.canvas.accelerated.max-surface-size + type: RelaxedAtomicUint32 + value: 5280 + mirror: always + +- name: gfx.canvas.accelerated.shared-page-size + type: RelaxedAtomicUint32 + value: 1024 + mirror: always + +# The minimum number of frames before acting on performance profile info +- name: gfx.canvas.accelerated.profile-frames + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# The ratio of failed frames to total frames when to fall back from acceleration +- name: gfx.canvas.accelerated.profile-fallback-ratio + type: AtomicFloat + value: 0.3 + mirror: always + +# The ratio of cache misses at which to fail a profile frame +- name: gfx.canvas.accelerated.profile-cache-miss-ratio + type: AtomicFloat + value: 0.66 + mirror: always + +# The maximum size of the GPU path cache in MB. +- name: gfx.canvas.accelerated.gpu-path-size + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +# The maximum allowed complexity of a GPU path. +- name: gfx.canvas.accelerated.gpu-path-complexity + type: RelaxedAtomicUint32 + value: 4000 + mirror: always + +# Whether to accelerate stroked paths by converting them to fill paths. +- name: gfx.canvas.accelerated.stroke-to-fill-path + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to use aa-stroke to accelerate stroked paths. +- name: gfx.canvas.accelerated.aa-stroke.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Draws an indicator if acceleration is used. +- name: gfx.canvas.accelerated.debug + type: RelaxedAtomicBool + value: false + mirror: always + +# 0x7fff is the maximum supported xlib surface size and is more than enough for canvases. +- name: gfx.canvas.max-size + type: RelaxedAtomicInt32 + value: 0x7fff + mirror: always + +- name: gfx.canvas.remote + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: always + +- name: gfx.color_management.display_profile + type: DataMutexString + value: "" + mirror: always # But be warned: We cache the result. + +- name: gfx.color_management.force_srgb + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.color_management.native_srgb + type: RelaxedAtomicBool +#if defined(XP_MACOSX) + value: true +#else + value: false +#endif + mirror: always + +- name: gfx.color_management.enablev4 + type: RelaxedAtomicBool + value: true + mirror: always + +# 0 = Off, 1 = Full, 2 = Tagged Images Only. +# See CMSMode in gfx/thebes/gfxPlatform.h. +- name: gfx.color_management.mode + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +# The zero default here should match QCMS_INTENT_DEFAULT from qcms.h +- name: gfx.color_management.rendering_intent + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: gfx.color_management.rec709_gamma_as_srgb + type: RelaxedAtomicBool + value: true # Tragic backwards compat. + mirror: always + +- name: gfx.color_management.rec2020_gamma_as_rec709 + type: RelaxedAtomicBool + value: true # Match naive behavior, but hopefully we can stop soon! + mirror: always + +- name: gfx.compositor.clearstate + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether GL contexts can be migrated to a different GPU (to match the one the +# OS is using for composition). +# +# 0 = force disable migration +# 1 = use migration where in safe configurations (the default) +# 2 = force enable migration (for testing) +- name: gfx.compositor.gpu-migration + type: RelaxedAtomicInt32 + value: 1 + mirror: always + +- name: gfx.core-animation.tint-opaque + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef XP_MACOSX + # Create specialized video-only layers for video content in + # fullscreen windows. Consistently works well on Apple Silicon, + # some issues remain on Intel hardware. +- name: gfx.core-animation.specialize-video + type: RelaxedAtomicBool +#if defined(MOZ_AARCH64) + value: true +#else + value: false +#endif + mirror: always +#endif + +#if defined(XP_MACOSX) && defined(NIGHTLY_BUILD) + # Spoof the timing of the video sample instead of marking the untimed + # sample to be displayed immediately. +- name: gfx.core-animation.specialize-video.spoof-timing + type: RelaxedAtomicBool + value: false + mirror: always + + # Check that the sample has a color space and if it doesn't, log that + # and supply the default color space from the main display. +- name: gfx.core-animation.specialize-video.check-color-space + type: RelaxedAtomicBool + value: false + mirror: always + + # Log properties of the video surface, buffer, and format. +- name: gfx.core-animation.specialize-video.log + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +#ifdef XP_MACOSX +- name: gfx.core-animation.low-power-telemetry-frames + type: int32_t + value: 600 + mirror: once +#endif + +#if defined(MOZ_WIDGET_ANDROID) + # Overrides the glClear color used when the surface origin is not (0, 0) + # Used for drawing a border around the content. +- name: gfx.compositor.override.clear-color.r + type: AtomicFloat + value: 0.0f + mirror: always + +- name: gfx.compositor.override.clear-color.g + type: AtomicFloat + value: 0.0f + mirror: always + +- name: gfx.compositor.override.clear-color.b + type: AtomicFloat + value: 0.0f + mirror: always + +- name: gfx.compositor.override.clear-color.a + type: AtomicFloat + value: 0.0f + mirror: always +#endif # defined(MOZ_WIDGET_ANDROID) + +- name: gfx.content.always-paint + type: RelaxedAtomicBool + value: false + mirror: always + +# Size in megabytes +- name: gfx.content.skia-font-cache-size + type: int32_t + value: 5 + mirror: once + +- name: gfx.device-reset.limit + type: int32_t + value: 10 + mirror: once + +- name: gfx.device-reset.threshold-ms + type: int32_t + value: -1 + mirror: once + + +# Whether to disable the automatic detection and use of direct2d. +- name: gfx.direct2d.disabled + type: bool + value: false + mirror: once + +# Whether to attempt to enable Direct2D regardless of automatic detection or +# blacklisting. +- name: gfx.direct2d.force-enabled + type: bool + value: false + mirror: once + +# Whether to defer destruction of Direct2D DrawTargets to the paint thread +# when using OMTP. +- name: gfx.direct2d.destroy-dt-on-paintthread + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.direct2d.target-independent-rasterization.disabled + type: bool + value: false + mirror: once + +- name: gfx.direct3d11.reuse-decoder-device + type: bool + value: true + mirror: once +# Enable reuse decoder device even when it is blocked. +- name: gfx.direct3d11.reuse-decoder-device-force-enabled + type: bool + value: false + mirror: once + +- name: gfx.direct3d11.allow-keyed-mutex + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.direct3d11.use-double-buffering + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.direct3d11.enable-debug-layer + type: bool + value: false + mirror: once + +- name: gfx.direct3d11.break-on-error + type: bool + value: false + mirror: once + +- name: gfx.direct3d11.sleep-on-create-device + type: int32_t + value: 0 + mirror: once + +# Rate by which the frame rate is divided. I.e. at a number higher than 1 we +# will only refresh every <x> frames. +- name: gfx.display.frame-rate-divisor + type: RelaxedAtomicInt32 + value: 1 + mirror: always + +- name: gfx.display.max-frame-rate + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# Whether to preserve color bitmap tables in fonts (bypassing OTS). +# Currently these are supported only on platforms where we use Freetype +# to render fonts (Linux/Gtk and Android). +- name: gfx.downloadable_fonts.keep_color_bitmaps + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether font sanitization is performed on the main thread or not. +- name: gfx.downloadable_fonts.sanitize_omt + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to validate OpenType variation tables in fonts. +- name: gfx.downloadable_fonts.validate_variation_tables + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether OTS validation should be applied to OpenType Layout (OTL) tables. +- name: gfx.downloadable_fonts.otl_validation + type: RelaxedAtomicBool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always + +- name: gfx.draw-color-bars + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.e10s.hide-plugins-for-scroll + type: bool + value: true + mirror: once + +- name: gfx.e10s.font-list.shared + type: bool + value: true + mirror: once + +# Do we fire a notification about missing fonts, so the front-end can decide +# whether to try and do something about it (e.g. download additional fonts)? +- name: gfx.missing_fonts.notify + type: RelaxedAtomicBool + value: false + mirror: always + +#if !defined(MOZ_WIDGET_ANDROID) +- name: gfx.egl.prefer-gles.enabled + type: bool +#if defined(MOZ_WIDGET_GTK) && defined(MOZ_AARCH64) + value: true +#else + value: false +#endif + mirror: once +#endif + +# [Windows] Whether registry FontSubstitutes entries are used unconditionally, +# or only if the original font is not available. +#if defined(XP_WIN) +- name: gfx.windows-font-substitutes.always + type: bool + value: false + mirror: once +#endif + +- name: gfx.font-list-omt.enabled + type: bool +#if defined(XP_MACOSX) + value: true +#else + value: false +#endif + mirror: once + +# [Android] OPPO, realme and OnePlus device seem to crash when using Font +# Match API. We turn off this feature on these devices. Set true if you want to +# turn on it at force. +#if defined(MOZ_WIDGET_ANDROID) +- name: gfx.font-list.use_font_match_api.force-enabled + type: bool + value: false + mirror: once +#endif + +# Whether to load fonts (e.g. Twemoji Mozilla) bundled with the application: +# -1 - Auto behavior based on OS version (currently, disables loading on +# "low-memory" Android devices) +# 0 - Skip loading any bundled fonts +# 1 - Always load bundled fonts +- name: gfx.bundled-fonts.activate + type: int32_t + value: -1 + mirror: once + +- name: gfx.font_loader.delay + type: uint32_t +#if defined(XP_WIN) + value: 60000 +#else + value: 8000 +#endif + mirror: once + +# Disable antialiasing of Ahem, for use in tests. +- name: gfx.font_rendering.ahem_antialias_none + type: RelaxedAtomicBool + value: false + mirror: always + +#if defined(XP_MACOSX) + # Set to true to revert from HarfBuzz AAT shaping to the old Core Text + # backend. +- name: gfx.font_rendering.coretext.enabled + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +- name: gfx.font_rendering.colr_v1.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.font_rendering.opentype_svg.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +- name: gfx.font_rendering.fallback.async + type: RelaxedAtomicBool + value: true + mirror: always + +# whether to always search all font cmaps during system font fallback +- name: gfx.font_rendering.fallback.always_use_cmaps + type: RelaxedAtomicBool + value: false + mirror: always + +# whether to do font fallback for codepoints with General Category = Unassigned +- name: gfx.font_rendering.fallback.unassigned_chars + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef MOZ_WIDGET_GTK +- name: gfx.font_rendering.fontconfig.max_generic_substitutions + type: RelaxedAtomicUint32 + value: 3 + mirror: always +#endif + +#if defined(XP_WIN) +# Whether the DirectWrite bold simulation should be used when a bold font-weight +# is requested but no bold face available in the family. This renders poorly with +# some third-party fonts, so by default we disable it for webfonts and allow it +# only with locally-installed fonts. +# Values: +# 0 - never use DWrite bold simulation; always multi-strike instead +# 1 - use DWrite bold for installed fonts, multi-strike for webfont resources +# 2 - use DWrite bold for all fonts +- name: gfx.font_rendering.directwrite.bold_simulation + type: RelaxedAtomicUint32 + value: 1 + mirror: always +#endif + +- name: gfx.font_rendering.graphite.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Cache shaped word results +- name: gfx.font_rendering.wordcache.charlimit + type: RelaxedAtomicUint32 + value: 32 + mirror: always + +# Cache shaped word results +- name: gfx.font_rendering.wordcache.maxentries + type: RelaxedAtomicUint32 + value: 10000 + mirror: always + +# The level of logging: +# - 0: no logging; +# - 1: adds errors; +# - 2: adds warnings; +# - 3 or 4: adds debug logging. +# If you set the value to 4, you will also need to set the environment +# variable MOZ_LOG to gfx:4. See mozilla/Logging.h for details. +- name: gfx.logging.level + type: RelaxedAtomicInt32 + value: mozilla::gfx::LOG_DEFAULT + mirror: always + include: mozilla/gfx/LoggingConstants.h + +- name: gfx.logging.crash.length + type: uint32_t + value: 16 + mirror: once + +# The maximums here are quite conservative, we can tighten them if problems show up. +- name: gfx.logging.texture-usage.enabled + type: bool + value: false + mirror: once + +- name: gfx.logging.peak-texture-usage.enabled + type: bool + value: false + mirror: once + +- name: gfx.logging.slow-frames.enabled + type: bool + value: false + mirror: once + +# Use gfxPlatform::MaxAllocSize instead of the pref directly. +- name: gfx.max-alloc-size + type: int32_t + value: (int32_t)0x7FFFFFFF + mirror: once + do_not_use_directly: true + +# Use gfxPlatform::MaxTextureSize instead of the pref directly. +- name: gfx.max-texture-size + type: int32_t + value: (int32_t)32767 + mirror: once + do_not_use_directly: true + +# Enable OffscreenCanvas everywhere. +- name: gfx.offscreencanvas.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.omta.background-color + type: bool + value: true + mirror: always + +- name: gfx.partialpresent.force + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# SwapInterval +- name: gfx.swap-interval.glx + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.swap-interval.egl + type: RelaxedAtomicBool + mirror: always +#ifdef MOZ_WIDGET_ANDROID + value: true +#else + value: false +#endif + + +# Log severe performance warnings to the error console and profiles. +# This should be use to quickly find which slow paths are used by test cases. +- name: gfx.perf-warnings.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef MOZ_X11 +# Whether to force using GLX over EGL. +- name: gfx.x11-egl.force-disabled + type: bool + value: false + mirror: once + +# Whether to force using EGL over GLX. +- name: gfx.x11-egl.force-enabled + type: bool + value: false + mirror: once +#endif + +- name: gfx.testing.device-fail + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.testing.device-reset + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: gfx.text.disable-aa + type: bool + value: false + mirror: once + +- name: gfx.text.subpixel-position.force-enabled + type: bool + value: false + mirror: once + +- name: gfx.text.subpixel-position.force-disabled + type: bool + value: false + mirror: once + +- name: gfx.use-iosurface-textures + type: bool + value: false + mirror: once + +- name: gfx.use-mutex-on-present + type: bool + value: false + mirror: once + +# Use SurfaceTextures as preferred backend for TextureClient/Host. +- name: gfx.use-surfacetexture-textures + type: bool + value: false + mirror: once + +- name: gfx.vsync.collect-scroll-transforms + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.vsync.compositor.unobserve-count + type: int32_t + value: 10 + mirror: once + +- name: gfx.vsync.force-disable-waitforvblank + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.will-change.ignore-opacity + type: RelaxedAtomicBool + value: true + mirror: always + +# Should we override the blocklist to enable WebGPU? +- name: gfx.webgpu.ignore-blocklist + type: bool + value: false + mirror: once + +# We expose two prefs: gfx.webrender.all and gfx.webrender.enabled. +# The first enables WR+additional features, and the second just enables WR. +# For developer convenience, building with --enable-webrender=true or just +# --enable-webrender will set gfx.webrender.enabled to true by default. +# +# We also have a pref gfx.webrender.all.qualified which is not exposed via +# about:config. That pref enables WR but only on qualified hardware. This is +# the pref we'll eventually flip to deploy WebRender to the target population. +- name: gfx.webrender.all + type: bool + value: false + mirror: once + +- name: gfx.webrender.enabled + type: bool + value: false + mirror: once + do_not_use_directly: true + +#ifdef XP_WIN +- name: gfx.webrender.force-angle + type: bool + value: true + mirror: once +#endif + +# WebRender is not enabled when there is no GPU process on window when +# WebRender uses ANGLE. It is for avoiding that WebGL and WebRender use ANGLE +# at once. But there is a case that we want to enable WebRender for testing. +#ifdef XP_WIN +- name: gfx.webrender.enabled-no-gpu-process-with-angle-win + type: bool + value: true + mirror: once +#endif + +- name: gfx.webrender.blob-images + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.webrender.svg-images + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.webrender.svg-shapes + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gfx.webrender.debug.blob.paint-flashing + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.webrender.debug.enable-capture + type: bool + value: false + mirror: once + +- name: gfx.webrender.debug.dl.dump-parent + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.webrender.debug.dl.dump-content + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.webrender.debug.dl.dump-content-serialized + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef MOZ_WIDGET_GTK +- name: gfx.webrender.reject-software-driver + type: bool + value: true + mirror: once +#endif + +- name: gfx.webrender.debug.highlight-painted-layers + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gfx.webrender.late-scenebuild-threshold + type: RelaxedAtomicInt32 + value: 4 + mirror: always + +- name: gfx.webrender.max-filter-ops-per-chain + type: RelaxedAtomicUint32 + value: 64 + mirror: always + +- name: gfx.webrender.batching.lookback + type: uint32_t + value: 10 + mirror: always + +- name: gfx.webrender.blob-tile-size + type: uint32_t + value: 256 + mirror: always + +- name: gfx.webrender.batched-upload-threshold + type: int32_t +#if defined(MOZ_WIDGET_ANDROID) + value: 262144 +#else + value: 65536 +#endif + mirror: always + +- name: gfx.webrender.compositor + type: bool +#if defined(XP_WIN) || defined(XP_MACOSX) + value: true +#else + value: false +#endif + mirror: once + +- name: gfx.webrender.scissored-cache-clears.enabled + type: bool + value: true + mirror: once + +- name: gfx.webrender.scissored-cache-clears.force-enabled + type: bool + value: false + mirror: once + +- name: gfx.webrender.compositor.force-enabled + type: bool + value: false + mirror: once + +- name: gfx.webrender.compositor.max_update_rects + type: uint32_t + value: 1 + mirror: once + +- name: gfx.webrender.compositor.surface-pool-size + type: uint32_t + value: 25 + mirror: once + +# Number of damage rects we can give to the compositor for a new frame with +# partial present. This controls whether partial present is used or not. +- name: gfx.webrender.max-partial-present-rects + type: uint32_t +#if defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID) || defined(MOZ_WIDGET_GTK) + value: 1 +#else + value: 0 +#endif + mirror: once + +# Whether or not we can reuse the buffer contents using the GL buffer age +# extension, if supported by the platform. This requires partial present +# to be used. +- name: gfx.webrender.allow-partial-present-buffer-age + type: bool + value: true + mirror: once + +# Whether or not we should force partial present on. +- name: gfx.webrender.force-partial-present + type: bool + value: false + mirror: once + +- name: gfx.webrender.enable-gpu-markers + type: bool +#ifdef DEBUG + value: true +#else + value: false +#endif + mirror: once + +- name: gfx.webrender.enable-item-cache + type: bool + value: true + mirror: once + +# Whether or not to fallback from WebRender to Software WebRender. +- name: gfx.webrender.fallback.software + type: bool + value: true + mirror: once + +#ifdef XP_WIN + # Whether or not to fallback from WebRender to Software WebRender + D3D11. +- name: gfx.webrender.fallback.software-d3d11 + type: bool + value: true + mirror: once + # Whether to use a video overlay layers with DirectComposition +- name: gfx.webrender.dcomp-video-overlay-win + type: bool + value: true + mirror: once + # Enable video overlay even when it is blocked. +- name: gfx.webrender.dcomp-video-overlay-win-force-enabled + type: bool + value: false + mirror: once + # Whether to use a yuv video overlay layers with DirectComposition +- name: gfx.webrender.dcomp-video-yuv-overlay-win + type: bool + value: false + mirror: once +- name: gfx.webrender.dcomp-video-vp-scaling-win + type: bool + value: true + mirror: once + # Whether to use virtual surfaces, as opposed to each tile owning a surface. +- name: gfx.webrender.dcomp-use-virtual-surfaces + type: bool + value: true + mirror: once + # Whether to use a video overlay layers for sw decoded video with DirectComposition +- name: gfx.webrender.dcomp-video-sw-overlay-win + type: bool + value: true + mirror: once +- name: gfx.webrender.dcomp-video-check-slow-present + type: RelaxedAtomicBool + value: true + mirror: always +- name: gfx.video.convert-i420-to-nv12.force-enabled + type: bool + value: false + mirror: once +#endif + +# Whether or not fallback to Software WebRender requires the GPU process. +- name: gfx.webrender.fallback.software.requires-gpu-process + type: bool + value: false + mirror: once + +- name: gfx.webrender.program-binary-disk + type: bool +#if defined(XP_WIN) || defined(ANDROID) + value: true +#else + value: false +#endif + mirror: once + +- name: gfx.webrender.use-optimized-shaders + type: bool + value: true + mirror: once + +- name: gfx.webrender.precache-shaders + type: bool + value: false + mirror: once + +# When gl debug message is a high severity message, forwward it to gfx critical +# note. +- name: gfx.webrender.gl-debug-message-critical-note + type: bool +#if defined(XP_WIN) && defined(NIGHTLY_BUILD) + value: true +#else + value: false +#endif + mirror: once + +# Enable printing gl debug messages +- name: gfx.webrender.gl-debug-message-print + type: bool + value: false + mirror: once + +#ifdef NIGHTLY_BUILD + # Keep this pref hidden on non-nightly builds to avoid people accidentally + # turning it on. +- name: gfx.webrender.panic-on-gl-error + type: bool + value: false + mirror: once +#endif + +#ifdef XP_WIN + # Enables display of performance debugging counters when DirectComposition + # is used. + # Performance counters are displayed on the top-right corner of the screen. +- name: gfx.webrender.debug.dcomp-counter + type: RelaxedAtomicBool + value: false + mirror: always + # Enables highlighting redraw regions of DCompositionVisual +- name: gfx.webrender.debug.dcomp-redraw-regions + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +#ifdef XP_MACOSX + # Files show up in $HOME/Desktop/nativelayerdumps-PID/frame-123.html +- name: gfx.webrender.debug.dump-native-layer-tree-to-file + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +- name: gfx.webrender.enable-low-priority-pool + type: RelaxedAtomicBool +#if defined(ANDROID) + value: false +#else + value: true +#endif + mirror: always + + # Force subpixel anti-aliasing as much as possible, despite performance cost. +- name: gfx.webrender.quality.force-subpixel-aa-where-possible + type: bool + value: false + mirror: always + +#ifdef XP_MACOSX +- name: gfx.webrender.enable-client-storage + type: bool + value: true + mirror: once +#endif + + # Width of WebRender tile size +- name: gfx.webrender.picture-tile-width + type: RelaxedAtomicInt32 + value: 1024 + mirror: always + + # Width of WebRender tile size +- name: gfx.webrender.picture-tile-height + type: RelaxedAtomicInt32 + value: 512 + mirror: always + +# WebRender upper bound for shared surface size +# According to apitrace, textures larger than 2048 break fast clear +# optimizations on some intel drivers. We sometimes need to go larger, but +# we try to avoid it. +- name: gfx.webrender.max-shared-surface-size + type: int32_t + value: 2048 + mirror: once + +# Whether to use EGL robustness or not. +- name: gfx.webrender.prefer-robustness + type: bool +#if defined(XP_WIN) || defined(MOZ_WIDGET_GTK) + value: true +#else + value: false +#endif + mirror: once + +# Whether to use the WebRender software backend +- name: gfx.webrender.software + type: bool + value: false + mirror: once + +# Whether to use the D3D11 RenderCompositor when using WebRender software backend +- name: gfx.webrender.software.d3d11 + type: bool + value: true + mirror: once + +- name: gfx.webrender.software.opengl + type: bool +#if defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: once + +- name: gfx.webrender.software.d3d11.upload-mode + type: RelaxedAtomicInt32 + value: 4 + mirror: always + +# Whether to force widgets to don't support acceleration to use WebRender +# despite that +- name: gfx.webrender.unaccelerated-widget.force + type: RelaxedAtomicBool + value: false + mirror: always + +# Enable a lower quality, but higher performance pinch-zoom mode. Primarily +# for devices with weak GPUs, or when running SWGL. +- name: gfx.webrender.low-quality-pinch-zoom + type: bool +#if defined(MOZ_WIDGET_ANDROID) && defined(NIGHTLY_BUILD) + value: true +#else + value: false +#endif + mirror: once + +# Disable wait of GPU execution completion +- name: gfx.webrender.wait-gpu-finished.disabled + type: bool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: once + +# Enable NVIDIA RTX Video Super Resolution for video overlay on Windows +# Note: This is also a setting in NVIDIA's driver settings, so once this is +# stable, it should default to true +- name: gfx.webrender.super-resolution.nvidia + type: bool + value: false + mirror: once + +# Use vsync events generated by hardware +- name: gfx.work-around-driver-bugs + type: bool + value: true + mirror: once + +- name: gfx.ycbcr.accurate-conversion + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "gl." (OpenGL) +#--------------------------------------------------------------------------- + +- name: gl.allow-high-power + type: RelaxedAtomicBool + value: true + mirror: always + +- name: gl.ignore-dx-interop2-blacklist + type: RelaxedAtomicBool + value: false + mirror: always + +- name: gl.use-tls-is-current + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "html5." +#--------------------------------------------------------------------------- + +# Turn HTML:inert on or off. +- name: html5.inert.enabled + type: bool + value: true + mirror: always + +# Time in milliseconds between the time a network buffer is seen and the timer +# firing when the timer hasn't fired previously in this parse in the +# off-the-main-thread HTML5 parser. +- name: html5.flushtimer.initialdelay + type: RelaxedAtomicInt32 + value: 16 + mirror: always + +# Time in milliseconds between the time a network buffer is seen and the timer +# firing when the timer has already fired previously in this parse. +- name: html5.flushtimer.subsequentdelay + type: RelaxedAtomicInt32 + value: 16 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "idle_period." +#--------------------------------------------------------------------------- + +- name: idle_period.min + type: uint32_t + value: 3 + mirror: always + +- name: idle_period.during_page_load.min + type: uint32_t + value: 12 + mirror: always + +- name: idle_period.cross_process_scheduling + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "image." +#--------------------------------------------------------------------------- + +# The maximum size (in kB) that the aggregate frames of an animation can use +# before it starts to discard already displayed frames and redecode them as +# necessary. +- name: image.animated.decode-on-demand.threshold-kb + type: RelaxedAtomicUint32 + value: 20*1024 + mirror: always + +# The minimum number of frames we want to have buffered ahead of an +# animation's currently displayed frame. +- name: image.animated.decode-on-demand.batch-size + type: RelaxedAtomicUint32 + value: 6 + mirror: always + +# Whether we should recycle already displayed frames instead of discarding +# them. This saves on the allocation itself, and may be able to reuse the +# contents as well. Only applies if generating full frames. +- name: image.animated.decode-on-demand.recycle + type: bool + value: true + mirror: once + +# Resume an animated image from the last displayed frame rather than +# advancing when out of view. +- name: image.animated.resume-from-last-displayed + type: RelaxedAtomicBool + value: true + mirror: always + +# Maximum number of surfaces for an image before entering "factor of 2" mode. +# This in addition to the number of "native" sizes of an image. A native size +# is a size for which we can decode a frame without up or downscaling. Most +# images only have 1, but some (i.e. ICOs) may have multiple frames for the +# same data at different sizes. +- name: image.cache.factor2.threshold-surfaces + type: RelaxedAtomicInt32 + value: 4 + mirror: always + +# Maximum size of a surface in KB we are willing to produce when rasterizing +# an SVG. +- name: image.cache.max-rasterized-svg-threshold-kb + type: RelaxedAtomicInt32 + value: 200*1024 + mirror: always + +# The maximum size, in bytes, of the decoded images we cache. +- name: image.cache.size + type: int32_t + value: 5*1024*1024 + mirror: once + +# A weight, from 0-1000, to place on time when comparing to size. +# Size is given a weight of 1000 - timeweight. +- name: image.cache.timeweight + type: int32_t + value: 500 + mirror: once + +# Decode all images automatically on load, ignoring our normal heuristics. +- name: image.decode-immediately.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Decode all images synchronously +- name: image.decode-sync.enabled + type: bool + value: false + mirror: always + +# Whether we attempt to downscale images during decoding. +- name: image.downscale-during-decode.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we use EXIF metadata for image density. +- name: image.exif-density-correction.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether EXIF density metadata is sanity checked against PixelXDimension and PixelYDimension +- name: image.exif-density-correction.sanity-check.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# The threshold for inferring that changes to an <img> element's |src| +# attribute by JavaScript represent an animation, in milliseconds. If the |src| +# attribute is changing more frequently than this value, then we enter a +# special "animation mode" which is designed to eliminate flicker. Set to 0 to +# disable. +- name: image.infer-src-animation.threshold-ms + type: RelaxedAtomicUint32 + value: 2000 + mirror: always + +# Whether the network request priority should be adjusted according +# the layout and view frame position of each particular image. +- name: image.layout_network_priority + type: RelaxedAtomicBool + value: true + mirror: always + +# Chunk size for calls to the image decoders. +- name: image.mem.decode_bytes_at_a_time + type: uint32_t + value: 16384 + mirror: once + +# Discards inactive image frames and re-decodes them on demand from +# compressed data. +- name: image.mem.discardable + type: RelaxedAtomicBool + value: true + mirror: always + +# Discards inactive image frames of _animated_ images and re-decodes them on +# demand from compressed data. Has no effect if image.mem.discardable is false. +- name: image.mem.animated.discardable + type: bool + value: true + mirror: once + +# Whether the heap should be used for frames from animated images. On Android, +# volatile memory keeps file handles open for each buffer. +- name: image.mem.animated.use_heap + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# Enable extra information for debugging in the image memory reports. +- name: image.mem.debug-reporting + type: RelaxedAtomicBool + value: false + mirror: always + +# Decodes images into shared memory to allow direct use in separate +# rendering processes. Only applicable with WebRender. +- name: image.mem.shared + type: RelaxedAtomicBool + value: true + mirror: always + +# Force unmapping of unused shared surfaces after a timeout period or when we +# encounter virtual memory pressure. By default this is only enabled on 32-bit +# Firefox. +- name: image.mem.shared.unmap.force-enabled + type: bool + value: false + mirror: once + +# Minimum timeout to unmap shared surfaces since they have been last used, +# in milliseconds. +- name: image.mem.shared.unmap.min_expiration_ms + type: uint32_t + value: 60*1000 + mirror: once + +# Mininum size for shared surfaces to consider unmapping, in kilobytes. +- name: image.mem.shared.unmap.min_threshold_kb + type: uint32_t + value: 100 + mirror: once + +# How much of the data in the surface cache is discarded when we get a memory +# pressure notification, as a fraction. The discard factor is interpreted as a +# reciprocal, so a discard factor of 1 means to discard everything in the +# surface cache on memory pressure, a discard factor of 2 means to discard half +# of the data, and so forth. The default should be a good balance for desktop +# and laptop systems, where we never discard visible images. +- name: image.mem.surfacecache.discard_factor + type: uint32_t + value: 1 + mirror: once + +# Maximum size for the surface cache, in kilobytes. +- name: image.mem.surfacecache.max_size_kb + type: uint32_t + value: 2024 * 1024 + mirror: once + +# Minimum timeout for expiring unused images from the surface cache, in +# milliseconds. This controls how long we store cached temporary surfaces. +- name: image.mem.surfacecache.min_expiration_ms + type: uint32_t + value: 60*1000 + mirror: once + +# The surface cache's size, within the constraints of the maximum size set +# above, is determined as a fraction of main memory size. The size factor is +# interpreted as a reciprocal, so a size factor of 4 means to use no more than +# 1/4 of main memory. The default should be a good balance for most systems. +- name: image.mem.surfacecache.size_factor + type: uint32_t + value: 4 + mirror: once + +# Minimum buffer size in KB before using volatile memory over the heap. +- name: image.mem.volatile.min_threshold_kb + type: RelaxedAtomicInt32 +#if defined(ANDROID) + # On Android, volatile memory keeps file handles open for each buffer. + value: 100 +#else + value: -1 +#endif + mirror: always + +# How long in ms before we should start shutting down idle decoder threads. +- name: image.multithreaded_decoding.idle_timeout + type: int32_t + value: 600000 + mirror: once + +# How many threads we'll use for multithreaded decoding. If < 0, will be +# automatically determined based on the system's number of cores. +- name: image.multithreaded_decoding.limit + type: int32_t + value: -1 + mirror: once + +# Whether we record SVG images as blobs or not. +- name: image.svg.blob-image + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we attempt to decode WebP images or not. +- name: image.webp.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we attempt to decode AVIF images or not. +- name: image.avif.enabled + type: RelaxedAtomicBool +#if defined(MOZ_AV1) + value: true +#else + value: false +#endif + mirror: always + +# How strict we are in accepting/rejecting AVIF inputs according to whether they +# conform to the specification +# 0 = Permissive: accept whatever we can simply, unambiguously interpret +# 1 = Normal: reject violations of "shall" specification directives +# 2 = Strict: reject violations of "should" specification directives +- name: image.avif.compliance_strictness + type: RelaxedAtomicInt32 + value: 1 + mirror: always + +# Whether we apply container-level transforms like mirroring and rotation +- name: image.avif.apply_transforms + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we use dav1d (true) or libaom (false) to decode AVIF image +- name: image.avif.use-dav1d + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to allow decoding of animated AVIF sequences. +- name: image.avif.sequence.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether AVIF files containing sequences should be animated even when the +# major brand is set to 'avif'. +- name: image.avif.sequence.animate_avif_major_branded_images + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we attempt to decode JXL images or not. +- name: image.jxl.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "intl." +#--------------------------------------------------------------------------- + +#ifdef XP_WIN + # Whether making Gecko TSF-aware or only working with IMM. TSF is a modern + # IME API set of Windows which replaces IMM APIs. Unless you can avoid the + # problem which you see with enabling TSF, you shouldn't change this pref + # to false since IMM handler is now not maintained nor tested with latest + # Windows. If you need to change this pref to false, please file a bug to + # <https://bugzilla.mozilla.org>. + # Restart required to apply this pref change. +- name: intl.tsf.enabled + type: bool + value: true + mirror: once + + # Whether Gecko creates or does not create native caret for legacy ATOK + # (2011 - 2015). +- name: intl.tsf.hack.atok.create_native_caret + type: bool + value: true + mirror: always + + # Whether Gecko returns available composition string rect or TS_E_NOLAYOUT + # from ITextStoreACP::GetTextExt() when the specified range is same as the + # range of composition string but some character rects in it are still + # dirty if and only if ATOK is active TIP. + # Note that this is ignored if active ATOK is or older than 2016 and + # create_native_caret is true. +- name: intl.tsf.hack.atok.do_not_return_no_layout_error_of_composition_string + type: bool + value: true + mirror: always + + # Whether Gecko sets input scope of ATOK to "search" or never does it. + # When "search" is set to the input scope, ATOK may stop their suggestions. + # To avoid it, turn this pref on, or changing the settings in ATOK. + # Note that if you enable this pref and you use the touch keyboard for touch + # screens, you cannot access some specific features for a "search" input + # field. +- name: intl.tsf.hack.atok.search_input_scope_disabled + type: bool + value: false + mirror: always + + # Whether Gecko returns caret rect before composition string or TS_E_NOLAYOUT + # from ITextStoreACP::GetTextExt() when the specified range is larger than + # composition start offset if and only if Free ChangJie is active TIP. +- name: intl.tsf.hack.free_chang_jie.do_not_return_no_layout_error + type: bool + value: true + mirror: always + + # Whether Gecko returns available composition string rect or TS_E_NOLAYOUT + # from ITextStoreACP::GetTextExt() when the specified range is same as the + # range of composition string but some character rects in it are still + # dirty if and only if Japanist 10 is active TIP. +- name: intl.tsf.hack.japanist10.do_not_return_no_layout_error_of_composition_string + type: bool + value: true + mirror: always + + # Whether Gecko returns previous character rect or TS_E_NOLAYOUT from + # ITfContextView::GetTextExt() when the specified range is the first + # character of selected clause of composition string if and only if Japanese TIP + # of Microsoft is active. +- name: intl.tsf.hack.ms_japanese_ime.do_not_return_no_layout_error_at_first_char + type: bool + value: true + mirror: always + + # Whether Gecko returns previous character rect or TS_E_NOLAYOUT from + # ITfContextView::GetTextExt() when the specified range is the caret of + # composition string if and only if Japanese TIP of Microsoft is active. +- name: intl.tsf.hack.ms_japanese_ime.do_not_return_no_layout_error_at_caret + type: bool + value: true + mirror: always + + # Whether Gecko returns caret rect before composition string or TS_E_NOLAYOUT + # from ITfContextView::GetTextExt() when the specified range is larger than + # composition start offset if and only Simplified Chinese TIP of Microsoft + # is active. +- name: intl.tsf.hack.ms_simplified_chinese.do_not_return_no_layout_error + type: bool + value: true + mirror: always + + # Whether Geckos hacks ITextStoreACP::QueryInsert() or not. The method should + # return new selection after specified length text is inserted at specified + # range. However, Microsoft Pinyin and Microsoft Wubi expect that the result + # is same as specified range. If following prefs are true, + # ITextStoreACP::QueryInsert() returns specified range only when one of the + # TIPs is active. +- name: intl.tsf.hack.ms_simplified_chinese.query_insert_result + type: bool + value: true + mirror: always + + # Whether Gecko returns caret rect before composition string or TS_E_NOLAYOUT + # from ITfContextView::GetTextExt() when the specified range is larger than + # composition start offset if and only Traditional Chinese TIP of Microsoft + # is active. +- name: intl.tsf.hack.ms_traditional_chinese.do_not_return_no_layout_error + type: bool + value: true + mirror: always + + # Whether Geckos hacks ITextStoreACP::QueryInsert() or not. The method should + # return new selection after specified length text is inserted at specified + # range. However, Microsoft ChangJie and Microsoft Quick expect that the + # result is same as specified range. If following prefs are true, + # ITextStoreACP::QueryInsert() returns specified range only when one of the + # TIPs is active. +- name: intl.tsf.hack.ms_traditional_chinese.query_insert_result + type: bool + value: true + mirror: always + + # Whether Gecko sets input scope of the URL bar to IS_DEFAULT when black + # listed IMEs are active or does not. If you use tablet mode mainly and you + # want to use touch keyboard for URL when you set focus to the URL bar, you + # can set this to false. Then, you'll see, e.g., ".com" key on the keyboard. + # However, if you set this to false, such IMEs set its open state to "closed" + # when you set focus to the URL bar. I.e., input mode is automatically + # changed to English input mode. + # Known buggy IME list: + # - Microsoft IME for Japanese + # - Google Japanese Input + # - Microsoft Bopomofo + # - Microsoft ChangJie + # - Microsoft Phonetic + # - Microsoft Quick + # - Microsoft New ChangJie + # - Microsoft New Phonetic + # - Microsoft New Quick + # - Microsoft Pinyin + # - Microsoft Pinyin New Experience Input Style + # - Microsoft Wubi + # - Microsoft IME for Korean (except on Win7) + # - Microsoft Old Hangul +- name: intl.ime.hack.set_input_scope_of_url_bar_to_default + type: bool + value: true + mirror: always + + # On Windows 10 Build 17643 (an Insider Preview build of RS5), Microsoft + # have fixed the caller of ITextACPStore::GetTextExt() to return + # TS_E_NOLAYOUT to TIP as-is, rather than converting to E_FAIL. + # Therefore, if TIP supports asynchronous layout computation perfectly, we + # can return TS_E_NOLAYOUT and TIP waits next OnLayoutChange() + # notification. However, some TIPs still have some bugs of asynchronous + # layout support. We keep hacking the result of GetTextExt() like running + # on Windows 10, however, there could be unknown TIP bugs if we stop + # hacking the result. So, user can stop checking build ID to make Gecko + # hack the result forcibly. +- name: intl.tsf.hack.allow_to_stop_hacking_on_build_17643_or_later + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + + # If true, automatically extend selection to cluster boundaries when + # TSF/TIP requests to select from/by middle of a cluster. +- name: intl.tsf.hack.extend_setting_selection_range_to_cluster_boundaries + type: bool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + + # Whether Gecko supports IMM even if TSF is enabled. This pref exists + # only for check TSF behavior of new versions. Therefore, users should + # not set this to false for daily use. +- name: intl.tsf.support_imm + type: bool + value: true + mirror: once + + # If true, TSF and TIP (IME) can retrieve URL of the document containing + # the focused element. When this is set to true, Gecko exposes the spec + # of the URL. + # And Gecko exposes only "http" and "https" URLs. E.g., "data", "blob", + # "file" URLs are never exposed. +- name: intl.tsf.expose_url.allowed + type: bool + value: true + mirror: always + + # If true, TSF and TIP (IME) can retrieve URL of the document containing + # the focused element in the private browsing mode too. +- name: intl.tsf.expose_url_in_private_browsing.allowed + type: bool + value: false + mirror: always + +#if defined(ENABLE_TESTS) + # If true, NS_GetComplexLineBreaks compares the line breaks produced in the + # content process using the Uniscribe line breaker, with those from a + # brokered call to the parent. +- name: intl.compare_against_brokered_complex_line_breaks + type: bool + value: false + mirror: always +#endif +#endif + +# If you use legacy Chinese IME which puts an ideographic space to composition +# string as placeholder, this pref might be useful. If this is true and when +# web contents forcibly commits composition (e.g., moving focus), the +# ideographic space will be ignored (i.e., commits with empty string). +- name: intl.ime.remove_placeholder_character_at_commit + type: bool + value: false + mirror: always + + +#if defined(XP_MACOSX) || defined(MOZ_WIDGET_GTK) +# Whether text input without keyboard press nor IME composition should cause a +# set of composition events or not. E.g., when you use Emoji picker on macOS, +# it inserts an Emoji character directly. If set to true, `compositionstart`, +# `compositionupdate` and `compositionend` events will be fired, and the +# correspnding `beforeinput` events are not cancelable. Otherwise, if set to +# false, any user input events are not exposed to web apps but only +# `beforeinput` event is fired as "insert text" as a cancelable event. +- name: intl.ime.use_composition_events_for_insert_text + type: bool + value: false + mirror: always +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "javascript." +# +# NOTE: SpiderMonkey starts up before `mirror: once` preferences are sealed and +# we cannot use them (Bug 1698311). Instead, we use `mirror: always` +# prefs but mark as `do_not_use_directly` and `LoadStartupJSPrefs` will +# mirror them into SpiderMonkey. +#--------------------------------------------------------------------------- + +# The JavaScript JIT compilers. These are read once on startup so a browser may +# need to be restarted if toggling them. In general each subsequent JIT depends +# on the ones before it being enabled. +- name: javascript.options.blinterp + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.baselinejit + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.ion + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +# The irregexp JIT for regex evaluation. +- name: javascript.options.native_regexp + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +# Jit Hints Cache - An in-process cache for the +# content process to accelerate repeated baseline +# compilations +- name: javascript.options.jithints + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +# "Warm-up" thresholds at which we attempt to compile a script/function with +# the next JIT tier. +# +# NOTE: These must match JitOptions defaults. +- name: javascript.options.blinterp.threshold + type: int32_t + value: 10 + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.baselinejit.threshold + type: int32_t + value: 100 + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.ion.threshold + type: int32_t + value: 1500 + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +# Enable off-main-thread Warp compilation. +- name: javascript.options.ion.offthread_compilation + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +#ifdef DEBUG + # Enable extra correctness checks in the JITs that are slow and only available + # in debug builds. +- name: javascript.options.jit.full_debug_checks + type: bool + value: false + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true +#endif + +# Heuristic threshold for Warp/Ion to decide that too many bailouts are +# happening and an IonScript should be discarded. +# +# NOTE: This must match JitOptions defaults. +- name: javascript.options.ion.frequent_bailout_threshold + type: int32_t + value: 10 + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +# A threshold for Warp to decide whether a function can be inlined. +# If the size of a function is smaller than this threshold, then it +# may be inlined. +# +# NOTE: These must match JitOptions defaults. +- name: javascript.options.inlining_bytecode_max_length + type: uint32_t + value: 130 + mirror: always + do_not_use_directly: true + +# Whether the megamorphic property lookup cache is enabled. +# +# NOTE: This must match JitOptions defaults. +- name: javascript.options.watchtower.megamorphic + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.compact_on_user_inactive + type: bool + value: true + mirror: always + +# The default amount of time to wait from the user being idle to starting a +# shrinking GC. Measured in milliseconds. +- name: javascript.options.compact_on_user_inactive_delay + type: uint32_t +#ifdef NIGHTLY_BUILD + value: 15000 +#else + value: 300000 +#endif + mirror: always + +# Use better error message when accessing property of null or undefined. +- name: javascript.options.property_error_message_fix + type: bool + value: @IS_NIGHTLY_OR_DEV_EDITION@ + mirror: always + +# Support for weak references in JavaScript (WeakRef and FinalizationRegistry). +- name: javascript.options.weakrefs + type: bool + value: true + mirror: always + +# Whether to expose the FinalizationRegistry.prototype.cleanupSome method. +- name: javascript.options.experimental.weakrefs.expose_cleanupSome + type: bool + value: false + mirror: always + +# ShadowRealms: https://github.com/tc39/proposal-shadowrealm +- name: javascript.options.experimental.shadow_realms + # Atomic, as we assert the preference, and that assertion may happen + # in a worker. + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef NIGHTLY_BUILD + # Experimental support for Iterator Helpers in JavaScript. +- name: javascript.options.experimental.iterator_helpers + type: bool + value: false + mirror: always + + # Experimental support for Array Grouping in JavaScript. +- name: javascript.options.experimental.array_grouping + type: bool + value: false + mirror: always + + # Experimental support for String.prototype.{is,to}WellFormed in JavaScript. +- name: javascript.options.experimental.well_formed_unicode_strings + type: bool + value: false + mirror: always +#endif // NIGHTLY_BUILD + +#ifdef NIGHTLY_BUILD + # Experimental support for Import Assertions in JavaScript. +- name: javascript.options.experimental.import_assertions + type: bool + value: false + mirror: always +#endif // NIGHTLY_BUILD + + # Experimental support for change-array-by-copy methods +- name: javascript.options.experimental.enable_change_array_by_copy + type: bool + value: true + mirror: always + +# Support Array.fromAsync +- name: javascript.options.experimental.enable_array_from_async + type: bool + value: true + mirror: always + +#if defined(ENABLE_NEW_SET_METHODS) + # Experimental support for New Set methods +- name: javascript.options.experimental.enable_new_set_methods + type: bool + value: false + mirror: always +#endif + +- name: javascript.options.wasm_caching + type: bool + value: true + mirror: always + +# The amount of time we wait between a request to GC (due to leaving a page) and doing the actual GC, in ms. +- name: javascript.options.gc_delay + type: uint32_t + value: 4000 + mirror: always + +# The amount of time we wait from the first request to GC to actually doing the first GC, in ms. +- name: javascript.options.gc_delay.first + type: uint32_t + value: 10000 + mirror: always + +# After doing a zonal GC, wait this much time (in ms) and then do a full GC, +# unless one is already pending. +- name: javascript.options.gc_delay.full + type: uint32_t + value: 60000 + mirror: always + +# Maximum amount of time that should elapse between incremental GC slices, in ms. +- name: javascript.options.gc_delay.interslice + type: uint32_t + value: 100 + mirror: always + +# nsJSEnvironmentObserver observes the memory-pressure notifications and +# forces a garbage collection and cycle collection when it happens, if the +# appropriate pref is set. +- name: javascript.options.gc_on_memory_pressure + type: bool + # Disable the JS engine's GC on memory pressure, since we do one in the + # mobile browser (bug 669346). + # XXX: this value possibly should be changed, or the pref removed entirely. + # See bug 1450787. + value: @IS_NOT_ANDROID@ + mirror: always + +# We allow at most MIN(max, MAX(NUM_CPUS / cpu_divisor, 1)) concurrent GCs +# between processes +- name: javascript.options.concurrent_multiprocess_gcs.cpu_divisor + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +# See 'cpu_divisor' above, 0 means UINT_32_MAX. +- name: javascript.options.concurrent_multiprocess_gcs.max + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +- name: javascript.options.mem.log + type: bool + value: false + mirror: always + +- name: javascript.options.mem.notify + type: bool + value: false + mirror: always + +# Whether the Parent process allocates and shares memory with all content +# processes. This is mirrored once, as the parent process will do this +# allocation early on. +- name: javascript.options.self_hosted.use_shared_memory + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.main_thread_stack_quota_cap + type: uint32_t +#if defined(MOZ_ASAN) + value: 6 * 1024 * 1024 +#else + value: 2 * 1024 * 1024 +#endif + mirror: always + +- name: javascript.options.wasm_optimizingjit + type: bool + value: true + mirror: always + +#if defined(ENABLE_WASM_RELAXED_SIMD) +- name: javascript.options.wasm_relaxed_simd + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always +#endif // defined(ENABLE_WASM_RELAXED_SIMD) + +#if defined(ENABLE_WASM_MOZ_INTGEMM) +- name: javascript.options.wasm_moz_intgemm + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always +#endif // defined(ENABLE_WASM_MOZ_INTGEMM) + +#if defined(ENABLE_WASM_EXTENDED_CONST) +- name: javascript.options.wasm_extended_const + type: bool + value: true + mirror: always +#endif // defined(ENABLE_WASM_EXTENDED_CONST) + +- name: javascript.options.wasm_exceptions + type: bool + value: true + mirror: always + +#if defined(ENABLE_WASM_FUNCTION_REFERENCES) +- name: javascript.options.wasm_function_references + type: bool + value: false + mirror: always +#endif // defined(ENABLE_WASM_FUNCTION_REFERENCES) + +#if defined(ENABLE_WASM_GC) +- name: javascript.options.wasm_gc + type: bool + value: false + mirror: always +#endif // defined(ENABLE_WASM_GC) + +#if defined(ENABLE_WASM_MEMORY_CONTROL) +- name: javascript.options.wasm_memory_control + type: bool + value: false + mirror: always +#endif // defined(ENABLE_WASM_MEMORY_CONTROL) + +#if defined(ENABLE_WASM_SIMD) +#if defined(JS_CODEGEN_X64) || defined(JS_CODEGEN_X86) + # Enables AVX instructions support on X86/X64 platforms. + # Changing these prefs requires a restart. +- name: javascript.options.wasm_simd_avx + type: bool + value: true + mirror: always +#endif +#endif + +#if defined(ENABLE_WASM_MEMORY64) +- name: javascript.options.wasm_memory64 + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always +#endif // defined(ENABLE_WASM_MEMORY64) + +# Support for pretenuring allocations based on their allocation site. +- name: javascript.options.site_based_pretenuring + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +#if !defined(JS_CODEGEN_MIPS32) && !defined(JS_CODEGEN_MIPS64) && !defined(JS_CODEGEN_LOONG64) + # Spectre security vulnerability mitigations for the JS JITs. + # + # NOTE: The MIPS and LoongArch backends do not support these mitigations (and generally + # do not need them). In that case, leave the pref unlisted with its + # default value of false. +- name: javascript.options.spectre.index_masking + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.spectre.object_mitigations + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.spectre.string_mitigations + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.spectre.value_masking + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true + +- name: javascript.options.spectre.jit_to_cxx_calls + type: bool + value: true + mirror: always # LoadStartupJSPrefs + do_not_use_directly: true +#endif // !defined(JS_CODEGEN_MIPSXX) && !defined(JS_CODEGEN_LOONG64) + +# Separate pref to override the values of the Spectre-related prefs above for +# isolated web content processes, where we don't need these mitigations. +- name: javascript.options.spectre.disable_for_isolated_content + type: bool + value: false + mirror: always + +# Whether to use the XPCOM thread pool for JS helper tasks. +- name: javascript.options.external_thread_pool + type: bool + value: true + mirror: always + do_not_use_directly: true + +# Whether to use fdlibm for Math.sin, Math.cos, and Math.tan. When +# privacy.resistFingerprinting is true, this pref is ignored and fdlibm is used +# anyway. +- name: javascript.options.use_fdlibm_for_sin_cos_tan + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "layers." +#--------------------------------------------------------------------------- + +# Whether to disable acceleration for all widgets. +- name: layers.acceleration.disabled + type: bool + value: false + mirror: once + do_not_use_directly: true +# Instead, use gfxConfig::IsEnabled(Feature::HW_COMPOSITING). + +# Whether to force acceleration on, ignoring blacklists. + +# bug 838603 -- on Android, accidentally blacklisting OpenGL layers +# means a startup crash for everyone. +# Temporarily force-enable GL compositing. This is default-disabled +# deep within the bowels of the widgetry system. Remove me when GL +# compositing isn't default disabled in widget/android. +- name: layers.acceleration.force-enabled + type: bool + value: @IS_ANDROID@ + mirror: once + do_not_use_directly: true + +# Whether we allow AMD switchable graphics. +- name: layers.amd-switchable-gfx.enabled + type: bool + value: true + mirror: once + +# Whether to use async panning and zooming. +- name: layers.async-pan-zoom.enabled + type: bool + value: true + mirror: once + do_not_use_directly: true + +- name: layers.child-process-shutdown + type: RelaxedAtomicBool + value: true + mirror: always + +- name: layers.d3d11.force-warp + type: bool + value: false + mirror: once + +- name: layers.d3d11.enable-blacklist + type: bool + value: true + mirror: once + +# Enable DEAA antialiasing for transformed layers in the compositor. +- name: layers.deaa.enabled + type: RelaxedAtomicBool +#if defined(MOZ_WIDGET_ANDROID) + value: false +#else + value: true +#endif + mirror: always + +# Force all possible layers to be always active layers. +- name: layers.force-active + type: bool + value: false + mirror: always + +- name: layers.force-shmem-tiles + type: bool + value: false + mirror: once + +- name: layers.draw-mask-debug + type: RelaxedAtomicBool + value: false + mirror: always + +- name: layers.force-synchronous-resize + type: RelaxedAtomicBool +#ifdef MOZ_WAYLAND + # We want to control it by nsWindow::SynchronouslyRepaintOnResize() on Linux/Wayland. + value: false +#else + value: true +#endif + mirror: always + +- name: layers.gpu-process.allow-software + type: bool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: once + +- name: layers.gpu-process.enabled + type: bool +#if defined(XP_WIN) || defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: once + +- name: layers.gpu-process.force-enabled + type: bool + value: false + mirror: once + +- name: layers.gpu-process.ipc_reply_timeout_ms + type: int32_t + value: 10000 + mirror: once + +# How many unstable GPU process restarts we allow for a given configuration. +- name: layers.gpu-process.max_restarts + type: RelaxedAtomicInt32 +#if defined(XP_WIN) || defined(MOZ_WIDGET_GTK) || defined(MOZ_WIDGET_ANDROID) + #if defined(NIGHTLY_BUILD) + value: 6 + #else + value: 3 + #endif +#else + value: 1 +#endif + mirror: always + +# How many frames we must render before declaring the GPU process stable, and +# allow restarts without it counting against our maximum restarts. +- name: layers.gpu-process.stable.frame-threshold + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# How many milliseconds the GPU process must have lived before we accept that +# it is stable, and allow restarts without it counting against our maximum +# restarts. +- name: layers.gpu-process.stable.min-uptime-ms + type: RelaxedAtomicInt32 + value: 4 * 60000 + mirror: always + +# Note: This pref will only be used if it is less than layers.gpu-process.max_restarts. +- name: layers.gpu-process.max_restarts_with_decoder + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: layers.gpu-process.startup_timeout_ms + type: int32_t + value: 5000 + mirror: once + +- name: layers.gpu-process.crash-also-crashes-browser + type: bool + value: false + mirror: always + +# Whether to animate simple opacity and transforms on the compositor. +- name: layers.offmainthreadcomposition.async-animations + type: bool + value: true + mirror: always + +# Whether to log information about off main thread animations to stderr. +- name: layers.offmainthreadcomposition.log-animations + type: bool + value: false + mirror: always + +- name: layers.offmainthreadcomposition.force-disabled + type: bool + value: false + mirror: once + +# Compositor target frame rate. NOTE: If vsync is enabled the compositor +# frame rate will still be capped. +# -1 -> default (match layout.frame_rate or 60 FPS) +# 0 -> full-tilt mode: Recomposite even if not transaction occured. +- name: layers.offmainthreadcomposition.frame-rate + type: RelaxedAtomicInt32 + value: -1 + mirror: always + +#ifdef XP_WIN +- name: layers.prefer-opengl + type: bool + value: false + mirror: once +#endif + +# Copy-on-write canvas. +- name: layers.shared-buffer-provider.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: layers.recycle-allocator-rdd + type: bool + value: true + mirror: once + +- name: layers.iosurfaceimage.recycle-limit + type: RelaxedAtomicUint32 + value: 15 + mirror: always + +- name: layers.iosurfaceimage.use-nv12 + type: bool + value: true + mirror: once + +#--------------------------------------------------------------------------- +# Prefs starting with "layout." +#--------------------------------------------------------------------------- + +# Debug-only pref to force enable the AccessibleCaret. If you want to +# control AccessibleCaret by mouse, you'll need to set +# "layout.accessiblecaret.hide_carets_for_mouse_input" to false. +- name: layout.accessiblecaret.enabled + type: bool + value: false + mirror: always + +# Enable the accessible caret on platforms/devices +# that we detect have touch support. Note that this pref is an +# additional way to enable the accessible carets, rather than +# overriding the layout.accessiblecaret.enabled pref. +- name: layout.accessiblecaret.enabled_on_touch + type: bool + value: true + mirror: always + +# By default, carets become tilt only when they are overlapping. +- name: layout.accessiblecaret.always_tilt + type: bool + value: false + mirror: always + +# Show caret in cursor mode when long tapping on an empty content. This +# also changes the default update behavior in cursor mode, which is based +# on the emptiness of the content, into something more heuristic. See +# AccessibleCaretManager::UpdateCaretsForCursorMode() for the details. +- name: layout.accessiblecaret.caret_shown_when_long_tapping_on_empty_content + type: bool + value: false + mirror: always + +# 0 = by default, always hide carets for selection changes due to JS calls. +# 1 = update any visible carets for selection changes due to JS calls, +# but don't show carets if carets are hidden. +# 2 = always show carets for selection changes due to JS calls. +- name: layout.accessiblecaret.script_change_update_mode + type: int32_t + value: 0 + mirror: always + +# Allow one caret to be dragged across the other caret without any limitation. +# This matches the built-in convention for all desktop platforms. +- name: layout.accessiblecaret.allow_dragging_across_other_caret + type: bool + value: true + mirror: always + +# Optionally provide haptic feedback on long-press selection events. +- name: layout.accessiblecaret.hapticfeedback + type: bool + value: false + mirror: always + +# Smart phone-number selection on long-press is not enabled by default. +- name: layout.accessiblecaret.extend_selection_for_phone_number + type: bool + value: false + mirror: always + +# Keep the accessible carets hidden when the user is using mouse input (as +# opposed to touch/pen/etc.). +- name: layout.accessiblecaret.hide_carets_for_mouse_input + type: bool + value: true + mirror: always + +# CSS attributes (width, height, margin-left) of the AccessibleCaret in CSS +# pixels. +- name: layout.accessiblecaret.width + type: float + value: 34.0f + mirror: always + +- name: layout.accessiblecaret.height + type: float + value: 36.0f + mirror: always + +- name: layout.accessiblecaret.margin-left + type: float + value: -18.5f + mirror: always + +- name: layout.accessiblecaret.transition-duration + type: float + value: 250.0f + mirror: always + +# Simulate long tap events to select words. Mainly used in manual testing +# with mouse. +- name: layout.accessiblecaret.use_long_tap_injector + type: bool + value: false + mirror: always + +# To support magnify glass, whether we dispatch additional chrome event such as +# dragcaret. +- name: layout.accessiblecaret.magnifier.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +# One of several prefs affecting the maximum area to pre-render when animating +# a large element on the compositor. +# This pref enables transform (and transform like properties) animations on a +# large element run on the compositor with rendering partial area of the +# element on the main thread instead of rendering the whole area. Once the +# animation tried to composite out of the partial rendered area, the animation +# is rendered again with the latest visible partial area. +- name: layout.animation.prerender.partial + type: RelaxedAtomicBool + value: false + mirror: always + +# One of several prefs affecting the maximum area to pre-render when animating +# a large element on the compositor. +# This value is applied to both x and y axes and a perfect square contructed +# by the greater axis value which will be capped by the absolute limits is used +# for the partial pre-render area. +- name: layout.animation.prerender.viewport-ratio-limit + type: AtomicFloat + value: 1.125f + mirror: always + +# One of several prefs affecting the maximum area to pre-render when animating +# a large element on the compositor. +- name: layout.animation.prerender.absolute-limit-x + type: RelaxedAtomicUint32 + value: 4096 + mirror: always + +# One of several prefs affecting the maximum area to pre-render when animating +# a large element on the compositor. +- name: layout.animation.prerender.absolute-limit-y + type: RelaxedAtomicUint32 + value: 4096 + mirror: always + +# Test-only pref, if this is true, partial pre-rendered transform animations +# get stuck when it reaches to the pre-rendered boundaries and the pre-render +# region is never updated. +- name: layout.animation.prerender.partial.jank + type: RelaxedAtomicBool + value: false + mirror: always + +# Override DPI. A value of -1 means use the maximum of 96 and the system DPI. +# A value of 0 means use the system DPI. A positive value is used as the DPI. +# This sets the physical size of a device pixel and thus controls the +# interpretation of physical units such as "pt". +- name: layout.css.dpi + type: int32_t + value: -1 + mirror: always + +# Whether Container Queries are enabled +- name: layout.css.container-queries.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether Constructable Stylesheets are enabled in script. +- name: layout.css.constructable-stylesheets.enabled + type: bool + value: true + mirror: always + +# Whether trigonometric constants and functions are enabled in calc(). +- name: layout.css.trig.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether the round() function is enabled in calc(). +- name: layout.css.round.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Whether the mod() / rem() functions are enabled in calc(). +- name: layout.css.mod-rem.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Whether exponential functions are enabled in calc(). +- name: layout.css.exp.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Whether infinity / nan constants are enabled in calc(). +- name: layout.css.nan-inf.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether CSS nesting is enabled. +- name: layout.css.nesting.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Should we look for counter ancestor scopes first? +- name: layout.css.counter-ancestor-scope.enabled + type: bool + value: true + mirror: always + +# Make `zoom` a `transform` + `transform-origin` alias. +- name: layout.css.zoom-transform-hack.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Whether the `-moz-control-character-visibility` property is exposed to +# content. +# +# Only for testing purposes. +- name: layout.css.moz-control-character-visibility.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Whether the `accent-color` css property is enabled. +- name: layout.css.accent-color.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether the `color-scheme` css property and meta tags are enabled. +- name: layout.css.color-scheme.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# This pref controls whether the `prefers-color-scheme` value of iframes images +# reacts to the embedder `color-scheme` in content. +- name: layout.css.iframe-embedder-prefers-color-scheme.content.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# The minimum contrast ratio between the accent color foreground and background +# colors. +# +# We don't use this for text, so we need a contrast of at least AA (for user +# interface components and graphical objects), which per WCAG is 3:1 +- name: layout.css.accent-color.min-contrast-ratio + type: AtomicFloat + value: 3.0 + mirror: always + +# The target contrast ratio between the accent color foreground and background +# colors when darkening. +# +# We aim a bit further than the minimum contrast ratio, which seems to provide +# nice results in practice. +- name: layout.css.accent-color.darkening-target-contrast-ratio + type: AtomicFloat + value: 6.0 + mirror: always + +# Whether the `animation-composition` in css-animations-2 is enabled. +- name: layout.css.animation-composition.enabled + type: bool + value: true + mirror: always + +# Is the codepath for using cached scrollbar styles enabled? +- name: layout.css.cached-scrollbar-styles.enabled + type: bool + value: true + mirror: always + +# Whether we should return an empty style on invalid pseudo-elements starting +# with a colon. +# +# Old behavior is returning an empty style if the string starts with a double +# colon, and return the regular style otherwise. +- name: layout.css.computed-style.new-invalid-pseudo-element-behavior + type: bool + value: true + mirror: always + +# Whether computed local-fragment-only image urls serialize using the same +# rules as filter/mask/etc (not resolving the URL for local refs). +# +# See https://github.com/w3c/csswg-drafts/issues/3195 +- name: layout.css.computed-style.dont-resolve-image-local-refs + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether we should expose all shorthands in getComputedStyle(). +- name: layout.css.computed-style.shorthands + type: bool + value: true + mirror: always + +# Whether we should avoid exposing styles of elements outside the flat tree in getComputedStyle(). +- name: layout.css.computed-style.styles-outside-flat-tree + type: bool + value: false + mirror: always + +# Are implicit tracks in computed grid templates serialized? +- name: layout.css.serialize-grid-implicit-tracks + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the system-ui generic family is enabled. +- name: layout.css.system-ui.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether the rule hash is applied to attribute names too, not +# only classes / id / namespaces / etc. +- name: layout.css.bucket-attribute-names.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Set the number of device pixels per CSS pixel. A value <= 0 means choose +# automatically based on user settings for the platform (e.g., "UI scale factor" +# on Mac). If browser.display.os-zoom-behavior == 1, then a positive value +# will be multiplied by the text scale factor; otherwise a positive value is +# used as-is. This controls the size of a CSS "px" at 100% full-zoom. +# The size of system fonts is also changed in proportion with the change in +# "px" sizes. Use "ui.textScaleFactor" instead to only change the size of "px". +# This is only used for windows on the screen, not for printing. +- name: layout.css.devPixelsPerPx + type: AtomicFloat + value: -1.0f + mirror: always + +# Is support for CSS backdrop-filter enabled? +- name: layout.css.backdrop-filter.enabled + type: bool + value: true + mirror: always + +# Do we override the blocklist for CSS backdrop-filter? +- name: layout.css.backdrop-filter.force-enabled + type: bool + value: false + mirror: always + +# Should stray control characters be rendered visibly? +- name: layout.css.control-characters.visible + type: RelaxedAtomicBool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always + rust: true + +# Whether the `content-visibility` CSS property is enabled +- name: layout.css.content-visibility.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Whether the `contain-intrinsic-size` CSS property is enabled +- name: layout.css.contain-intrinsic-size.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for GeometryUtils.convert*FromNode enabled? +- name: layout.css.convertFromNode.enabled + type: bool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always + +- name: layout.css.cross-fade.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +- name: layout.css.linear-easing-function.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for color-mix on content enabled? +- name: layout.css.color-mix.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for color-mix with non-SRGB color spaces on content enabled? +- name: layout.css.color-mix.color-spaces.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for fit-content() enabled? +- name: layout.css.fit-content-function.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Whether to use tight bounds for floating ::first-letter (legacy Gecko behavior) +# or loose bounds based on overall font metrics (WebKit/Blink-like behavior)? +# Values mean: +# 1 legacy Gecko behavior (tight bounds) +# 0 loose typographic bounds (similar to webkit/blink) +# -1 auto behavior: use loose bounds if reduced line-height (<1em) or negative +# block-start margin is present; otherwise use tight bounds. +- name: layout.css.floating-first-letter.tight-glyph-bounds + type: int32_t +#ifdef NIGHTLY_BUILD + value: -1 +#else + value: 1 +#endif + mirror: always + +# Is support for the font-display @font-face descriptor enabled? +- name: layout.css.font-display.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for document.fonts enabled? +- name: layout.css.font-loading-api.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for workerGlobalScope.fonts enabled? +- name: layout.css.font-loading-api.workers.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for the @font-face metrics override descriptors enabled? +- name: layout.css.font-metrics-overrides.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for the @font-palette-values rule and font-palette property enabled? +- name: layout.css.font-palette.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for variation fonts enabled? +- name: layout.css.font-variations.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for the size-adjust @font-face descriptor enabled? +- name: layout.css.size-adjust.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is the optional adjustment-basis value for font-size-adjust enabled? +- name: layout.css.font-size-adjust.basis.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for the tech() function in the @font-face src descriptor enabled? +- name: layout.css.font-tech.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for font-variant-emoji enabled? +- name: layout.css.font-variant-emoji.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Visibility level of font families available to CSS font-matching: +# 1 - only base system fonts +# 2 - also fonts from optional language packs +# 3 - also user-installed fonts +- name: layout.css.font-visibility.standard + type: int32_t + value: 3 + mirror: always + +# font-visibility setting when Tracking Protection is enabled +- name: layout.css.font-visibility.trackingprotection + type: int32_t + value: 3 + mirror: always + +# font-visibility setting when Resist Fingerprinting is enabled +- name: layout.css.font-visibility.resistFingerprinting + type: int32_t + value: 1 + mirror: always + +# Max font-visibility setting for Private Browsing contexts +# (The actual value used in a private-browsing context will be the lesser of +# the appropriate standard/trackingprotection/RFP value from above, and the +# private-browsing level specified by this pref.) +- name: layout.css.font-visibility.private + type: int32_t +#if defined(NIGHTLY_BUILD) + value: 2 +#else + value: 3 +#endif + mirror: always + +# Is support for GeometryUtils.getBoxQuads enabled? +- name: layout.css.getBoxQuads.enabled + type: bool + value: @IS_NOT_RELEASE_OR_BETA@ + mirror: always + +# Is support for caching an grid item's block axis measurement enabled? +- name: layout.css.grid-item-baxis-measurement.enabled + type: bool + value: true + mirror: always + +# Is support for CSS masonry layout enabled? +- name: layout.css.grid-template-masonry-value.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Is support for :nth-child(An+B of S) and :nth-last-child(An+B of S) enabled? +# Before enabling everywhere, make sure blockers of bug 1808229 are fixed. +- name: layout.css.nth-child-of.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for :has() enabled? +- name: layout.css.has-selector.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Is support for CSS hyphenate-character enabled? +- name: layout.css.hyphenate-character.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Is support for CSS individual transform enabled? +- name: layout.css.individual-transform.enabled + type: bool + value: true + mirror: always + +# Is support for CSS initial-letter property enabled? +- name: layout.css.initial-letter.enabled + type: bool + value: false + mirror: always + +# Pref to control whether line-height: -moz-block-height is exposed to content. +- name: layout.css.line-height-moz-block-height.content.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Is support for motion-path enabled? +- name: layout.css.motion-path.enabled + type: bool + value: true + mirror: always + +# Is support for motion-path ray() enabled? +- name: layout.css.motion-path-ray.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Is support for motion-path offset-position enabled? +- name: layout.css.motion-path-offset-position.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Pref to control whether the ::marker property restrictions defined in [1] +# apply. +# +# [1]: https://drafts.csswg.org/css-pseudo-4/#selectordef-marker +- name: layout.css.marker.restricted + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for math-style enabled? +- name: layout.css.math-style.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Is support for math-depth enabled? +# This must not be enabled until implementation is complete (see bug 1667090). +- name: layout.css.math-depth.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Pref to control whether @-moz-document rules are enabled in content pages. +- name: layout.css.moz-document.content.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Is -moz-osx-font-smoothing enabled? (Only supported in OSX builds) +- name: layout.css.osx-font-smoothing.enabled + type: bool +#if defined(XP_MACOSX) + value: true +#else + value: false +#endif + mirror: always + +# Is support for CSS overflow-clip-box enabled for non-UA sheets? +- name: layout.css.overflow-clip-box.enabled + type: bool + value: false + mirror: always + +# Is support for CSS overflow: -moz-hidden-unscrollable enabled +- name: layout.css.overflow-moz-hidden-unscrollable.enabled + type: RelaxedAtomicBool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Is support for CSS overflow: overlay enabled +- name: layout.css.overflow-overlay.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for overscroll-behavior enabled? +- name: layout.css.overscroll-behavior.enabled + type: bool + value: true + mirror: always + +- name: layout.css.overflow-logical.enabled + type: bool + value: true + mirror: always + +# Enables support for the page-orientation property inside of CSS @page rules. +- name: layout.css.page-orientation.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + rust: true + +# Enables support for the size property inside of CSS @page rules. +- name: layout.css.page-size.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Enables support for different CSS page sizes on each page when printing. +- name: layout.css.allow-mixed-page-sizes + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Whether Properties and Values is enabled +- name: layout.css.properties-and-values.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Dictates whether or not the prefers contrast media query will be +# usable. +# true: prefers-contrast will toggle based on OS and browser settings. +# false: prefers-contrast will only parse and toggle in the browser +# chrome and ua. +- name: layout.css.prefers-contrast.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# An override for prefers-color-scheme for content documents. +# 0: Dark +# 1: Light +# 2: Auto (system color scheme unless overridden by browser theme) +- name: layout.css.prefers-color-scheme.content-override + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +# Dictates whether or not the forced-colors media query is enabled. +- name: layout.css.forced-colors.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Dictates whether or not the prefers-reduced-transparency media query is enabled. +- name: layout.css.prefers-reduced-transparency.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Dictates whether or not the inverted-colors media query is enabled. +- name: layout.css.inverted-colors.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Is support for forced-color-adjust properties enabled? +- name: layout.css.forced-color-adjust.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Is support for -moz-prefixed animation properties enabled? +- name: layout.css.prefixes.animations + type: bool + value: true + mirror: always + +# Is support for -moz-border-image enabled? +- name: layout.css.prefixes.border-image + type: bool + value: true + mirror: always + +# Is support for -moz-box-sizing enabled? +- name: layout.css.prefixes.box-sizing + type: bool + value: true + mirror: always + +# Is support for -moz-prefixed font feature properties enabled? +- name: layout.css.prefixes.font-features + type: bool + value: true + mirror: always + +# Is support for -moz-prefixed transform properties enabled? +- name: layout.css.prefixes.transforms + type: bool + value: true + mirror: always + +# Is support for -moz-prefixed transition properties enabled? +- name: layout.css.prefixes.transitions + type: bool + value: true + mirror: always + +# Is CSS error reporting enabled? +- name: layout.css.report_errors + type: bool + value: true + mirror: always + +# Are inter-character ruby annotations enabled? +- name: layout.css.ruby.intercharacter.enabled + type: bool + value: false + mirror: always + +- name: layout.css.scroll-behavior.damping-ratio + type: AtomicFloat + value: 1.0f + mirror: always + +# Tuning of the smooth scroll motion used by CSSOM-View scroll-behavior. +# Spring-constant controls the strength of the simulated MSD +# (Mass-Spring-Damper). +- name: layout.css.scroll-behavior.spring-constant + type: AtomicFloat + value: 250.0f + mirror: always + +# Whether the scroll-driven animations generated by CSS is enabled. This +# also include animation-timelime property. +- name: layout.css.scroll-driven-animations.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# When selecting the snap point for CSS scroll snapping, the velocity of the +# scroll frame is clamped to this speed, in CSS pixels / s. +- name: layout.css.scroll-snap.prediction-max-velocity + type: RelaxedAtomicInt32 + value: 2000 + mirror: always + +# When selecting the snap point for CSS scroll snapping, the velocity of the +# scroll frame is integrated over this duration, in seconds. The snap point +# best suited for this position is selected, enabling the user to perform fling +# gestures. +- name: layout.css.scroll-snap.prediction-sensitivity + type: AtomicFloat + value: 0.750f + mirror: always + +# Set the threshold distance in CSS pixels below which scrolling will snap to +# an edge, when scroll snapping is set to "proximity". +- name: layout.css.scroll-snap.proximity-threshold + type: RelaxedAtomicInt32 + value: 200 + mirror: always + +# Is steps(jump-*) supported in easing functions? +- name: layout.css.step-position-jump.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Stylo thread-pool size. +# Negative means auto, 0 disables the thread-pool (main-thread styling), other +# numbers override as specified. +# Note that 1 still creates a thread-pool of one thread! +- name: layout.css.stylo-threads + type: int32_t + value: -1 + mirror: once + rust: true + +# Stylo work unit size. This is the amount of nodes we'll process in a single +# unit of work of the thread-pool. +# +# Larger values will increase style sharing cache hits and general DOM locality +# at the expense of decreased opportunities for parallelism. There are some +# measurements in bug 1385982 comments 11, 12, 13 that investigate some +# slightly different values for the work unit size. +# +# If the size is significantly increased, make sure to adjust the condition for +# kicking off a new work unit (stylo-parallelism-threshold), because otherwise +# we're likely to end up doing too much work serially. +- name: layout.css.stylo-work-unit-size + type: RelaxedAtomicUint32 + value: 16 + mirror: always + rust: true + +# The amount of nodes that kick off the initial parallel traversal. See above +# for tweaking. A value of 0 causes the traversal to effectively always be +# serial. +- name: layout.css.stylo-parallelism-threshold + type: RelaxedAtomicUint32 + value: 32 + mirror: always + rust: true + +# Are counters for implemented CSS properties enabled? +- name: layout.css.use-counters.enabled + type: bool + value: true + mirror: always + +# Are counters for unimplemented CSS properties enabled? +- name: layout.css.use-counters-unimplemented.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Should the :visited selector ever match (otherwise :link matches instead)? +- name: layout.css.visited_links_enabled + type: bool + value: true + mirror: always + +# Enable experimental enhanced color CSS color spaces. (lab(), lch(), oklab(), oklch(), color()) +- name: layout.css.more_color_4.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# The margin used for detecting relevancy for `content-visibility: auto`. +- name: layout.css.content-visibility-relevant-content-margin + type: float + value: 50 # 50% + mirror: always + +# Whether the "modern" uppercase mapping of ß to ẞ (rather than SS) is used. +- name: layout.css.text-transform.uppercase-eszett.enabled + type: bool + value: false + mirror: always + +# Whether to block large cursors intersecting UI. +- name: layout.cursor.block.enabled + type: bool + value: true + mirror: always + +# The maximum width or height of the cursor we should allow when intersecting +# the UI, in CSS pixels. +- name: layout.cursor.block.max-size + type: uint32_t + value: 32 + mirror: always + +- name: layout.cursor.disable-for-popups + type: bool + value: true + mirror: always + +- name: layout.display-list.build-twice + type: RelaxedAtomicBool + value: false + mirror: always + +# Toggle retaining display lists between paints. +- name: layout.display-list.retain + type: RelaxedAtomicBool + value: true + mirror: always + +# Toggle retaining display lists between paints. +- name: layout.display-list.retain.chrome + type: RelaxedAtomicBool + value: true + mirror: always + +- name: layout.display-list.retain.sc + type: RelaxedAtomicBool + value: false + mirror: always + +# Set the maximum number of modified frames allowed before doing a full +# display list rebuild. +- name: layout.display-list.rebuild-frame-limit + type: RelaxedAtomicUint32 + value: 500 + mirror: always + +# Pref to dump the display list to the log. Useful for debugging drawing. +- name: layout.display-list.dump + type: RelaxedAtomicBool + value: false + mirror: always + +# Pref to dump the display list to the log. Useful for debugging drawing. +- name: layout.display-list.dump-content + type: RelaxedAtomicBool + value: false + mirror: always + +# Pref to dump the display list to the log. Useful for debugging drawing. +- name: layout.display-list.dump-parent + type: RelaxedAtomicBool + value: false + mirror: always + +- name: layout.display-list.show-rebuild-area + type: RelaxedAtomicBool + value: false + mirror: always + +- name: layout.display-list.flatten-transform + type: RelaxedAtomicBool + value: true + mirror: always + +- name: layout.display-list.improve-fragmentation + type: RelaxedAtomicBool + value: true + mirror: always + +# Are dynamic reflow roots enabled? +- name: layout.dynamic-reflow-roots.enabled + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Enables the mechanism to optimize away flex item's final reflow. +# Warning: Disabling the pref will impact the performance. This is useful only for +# debugging flexbox issues. +- name: layout.flexbox.item-final-reflow-optimization.enabled + type: bool + value: true + mirror: always + +# Enables the <input type=search> custom layout frame with a clear icon. +# Still needs tests and a web-exposed way to remove that icon, see bug 1654288. +- name: layout.forms.input-type-search.enabled + type: bool + value: false + mirror: always + +# Enables the Reveal Password button inside a <input type=password>. +- name: layout.forms.reveal-password-button.enabled + type: bool + value: false + mirror: always + +# Enables the Reveal Password context-menu entry. +- name: layout.forms.reveal-password-context-menu.enabled + type: bool + value: true + mirror: always + +# Pref to control browser frame rate, in Hz. A value <= 0 means choose +# automatically based on knowledge of the platform (or 60Hz if no platform- +# specific information is available). +- name: layout.frame_rate + type: RelaxedAtomicInt32 + value: -1 + mirror: always + +# If it has been this many frame periods since a refresh, assume that painting +# is quiescent (will not happen again soon). +- name: layout.idle_period.required_quiescent_frames + type: uint32_t + value: 2 + mirror: always + +# The amount of time (milliseconds) needed between an idle period's +# end and the start of the next tick to avoid jank. +- name: layout.idle_period.time_limit + type: uint32_t + value: 1 + mirror: always + +# The minimum amount of time (milliseconds) required to be remaining +# in the current vsync interval for us to attempt an extra tick, or +# <0 to disable extra ticks entirely. +- name: layout.extra-tick.minimum-ms + type: int32_t + value: 4 + mirror: always + +# Whether to load the broken image icon eagerly. This is mostly needed for +# reftests, since the broken image icon doesn't block the load event and thus +# there's no easy way to guarantee it's loaded. +- name: layout.image.eager_broken_image_icon + type: bool + value: false + mirror: always + +# Enable/disable interruptible reflow, which allows reflows to stop +# before completion (and display the partial results) when user events +# are pending. +- name: layout.interruptible-reflow.enabled + type: bool + value: true + mirror: always + +- name: layout.min-active-layer-size + type: int32_t + value: 64 + mirror: always + +# On Android, don't synth mouse move events after scrolling, as they cause +# unexpected user-visible behaviour. Can remove this after bug 1633450 is +# satisfactorily resolved. +- name: layout.reflow.synthMouseMove + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +# This pref is to be set by test code only. +- name: layout.scrollbars.always-layerize-track + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether anchor is kept selected. +- name: layout.selectanchor + type: bool + value: false + mirror: always + +# Controls caret style and word-delete during text selection. +# 0: Use platform default +# 1: Caret moves and blinks as when there is no selection; word +# delete deselects the selection and then deletes word. +# 2: Caret moves to selection edge and is not visible during selection; +# word delete deletes the selection (Mac and Linux default). +# 3: Caret moves and blinks as when there is no selection; word delete +# deletes the selection. +# Windows default is 1 for word delete behavior, the rest as for 2. +- name: layout.selection.caret_style + type: int32_t + value: 0 + mirror: always + +# If layout.show_previous_page is true then during loading of a new page we +# will draw the previous page if the new page has painting suppressed. +- name: layout.show_previous_page + type: bool + value: true + mirror: always + +# Pref to stop overlay scrollbars from fading out, for testing purposes. +- name: layout.testing.overlay-scrollbars.always-visible + type: bool + value: false + mirror: always + +# Throttled frame rate, in frames per second. +- name: layout.throttled_frame_rate + type: uint32_t + value: 1 + mirror: always + +# Whether we should throttle in-process iframes in the active tab. +- name: layout.throttle_in_process_iframes + type: bool + value: true + mirror: always + +# Activity granted to out-of-process iframes in the foreground tab, in milliseconds. +- name: layout.oopif_activity_grace_period_ms + type: uint32_t + value: 1000 + mirror: always + +- name: layout.lower_priority_refresh_driver_during_load + type: bool + value: true + mirror: always + +# If > 0, nsRefreshDriver will keep ticking this amount of milliseconds after +# top level page load. +- name: layout.keep_ticking_after_load_ms + type: uint32_t + value: 1000 + mirror: always + +# Pref to control enabling scroll anchoring. +- name: layout.css.scroll-anchoring.enabled + type: bool + value: true + mirror: always + +# Pref to control whether to suspend also RefreshDriver::Tick when the page +# itself is suspended because of some synchronous operation, like sync XHR. +- name: layout.skip_ticks_while_page_suspended + type: bool + value: true + mirror: always + +# Pref to control how many consecutive scroll-anchoring adjustments (since the +# most recent user scroll or timeout) we'll average, before we consider whether +# to automatically turn off scroll anchoring. When we hit this threshold, the +# actual decision to disable also depends on the +# min-average-adjustment-threshold pref, see below for more details. +# +# Zero disables the heuristic. +- name: layout.css.scroll-anchoring.max-consecutive-adjustments + type: uint32_t + value: 10 + mirror: always + +# Whether to reset counting the consecutive scroll-anchoring adjustments during +# running async scrolling by APZ. +- name: layout.css.scroll-anchoring.reset-heuristic-during-animation + type: bool + value: false + mirror: always + +# The time after which we reset the max-consecutive-adjustments period, in +# milliseconds. +# +# This prevents sporadic back-and-forth scroll anchoring to trigger the +# max-consecutive-adjustments heuristic. +- name: layout.css.scroll-anchoring.max-consecutive-adjustments-timeout-ms + type: uint32_t + value: 500 + mirror: always + +# Pref to control whether we should disable scroll anchoring on a scroller +# where at least max-consecutive-adjustments have happened, and which the +# average adjustment ends up being less than this number, in CSS pixels. +# +# So, for example, given max-consecutive-adjustments=10 and +# min-average-adjustment-treshold=3, we'll block scroll anchoring if there have +# been 10 consecutive adjustments without a user scroll or more, and the +# average offset difference between them amount to less than 3 CSS pixels. +- name: layout.css.scroll-anchoring.min-average-adjustment-threshold + type: uint32_t + value: 2 + mirror: always + +# Pref to control disabling scroll anchoring suppression triggers, see +# +# https://drafts.csswg.org/css-scroll-anchoring/#suppression-triggers +# +# Those triggers should be unnecessary after bug 1561450. +- name: layout.css.scroll-anchoring.suppressions.enabled + type: bool + value: true + mirror: always + +- name: layout.css.scroll-anchoring.highlight + type: bool + value: false + mirror: always + +# Pref to control whether we reselect scroll anchors if sub-optimal +# +# See https://github.com/w3c/csswg-drafts/issues/6787 +- name: layout.css.scroll-anchoring.reselect-if-suboptimal + type: bool + value: true + mirror: always + +# Are shared memory User Agent style sheets enabled? +- name: layout.css.shared-memory-ua-sheets.enabled + type: bool + value: true + mirror: always + +# Is support for -webkit-line-clamp on regular blocks enabled? +- name: layout.css.webkit-line-clamp.block.enabled + type: bool + value: false + mirror: always + +# Is 'content:none' supported on (non-pseudo) elements? +- name: layout.css.element-content-none.enabled + type: RelaxedAtomicBool + value: false + mirror: always + rust: true + +# Is 'font-synthesis: small-caps' supported? +- name: layout.css.font-synthesis-small-caps.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether we want scrollbar-width: thin to behave as scrollbar-width: auto. +- name: layout.css.scrollbar-width-thin.disabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether the `scrollbar-gutter` CSS property is enabled. +- name: layout.css.scrollbar-gutter.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether supports() conditions in @import is enabled +- name: layout.css.import-supports.enabled + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Whether frame visibility tracking is enabled globally. +- name: layout.framevisibility.enabled + type: bool + value: true + mirror: always + +# The fraction of the scrollport we allow to horizontally scroll by before we +# schedule an update of frame visibility. +- name: layout.framevisibility.amountscrollbeforeupdatehorizontal + type: int32_t + value: 2 + mirror: always + +# The fraction of the scrollport we allow to vertically scroll by before we +# schedule an update of frame visibility. +- name: layout.framevisibility.amountscrollbeforeupdatevertical + type: int32_t + value: 2 + mirror: always + +# The number of scrollports wide to expand when tracking frame visibility. +- name: layout.framevisibility.numscrollportwidths + type: uint32_t +#ifdef ANDROID + value: 1 +#else + value: 0 +#endif + mirror: always + +# The number of scrollports high to expand when tracking frame visibility. +- name: layout.framevisibility.numscrollportheights + type: uint32_t + value: 1 + mirror: always + +# Test only. +- name: layout.dynamic-toolbar-max-height + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# Whether outlines should include all overflowing descendants, or just the +# border-box of a given element. +# +# Historically we have included descendants but other browsers have not. +- name: layout.outline.include-overflow + type: bool + value: false + mirror: always + +- name: layout.visibility.min-recompute-interval-ms + type: uint32_t + value: 1000 + mirror: always + +# Controls double click and Alt+Arrow word selection behavior. +- name: layout.word_select.eat_space_to_next_word + type: bool +#ifdef XP_WIN + value: true +#else + value: false +#endif + mirror: always + +- name: layout.word_select.stop_at_punctuation + type: bool + value: true + mirror: always + +# Whether underscore should be treated as a word-breaking character for +# word selection/arrow-key movement purposes. +- name: layout.word_select.stop_at_underscore + type: bool + value: false + mirror: always + +# Should deprecated plugin behavior fallback to normal behavior or use +# the experimental design. +- name: layout.use-plugin-fallback + type: bool + value: false + mirror: always + +# Whether to draw images in CSS backgrounds if we only have a partial frame. +- name: layout.display_partial_background_images + type: bool + value: true + mirror: always + +# Controls whether nsRefreshDriver::IsInHighRateMode() may ever return true. +- name: layout.expose_high_rate_mode_from_refreshdriver + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "mathml." +#--------------------------------------------------------------------------- + +# Whether to disable layout of invalid markup as an error message. +- name: mathml.error_message_layout_for_invalid_markup.disabled + type: bool + value: true + mirror: always + +# Whether to disable MathML3 implementations for maction and semantics. +- name: mathml.legacy_maction_and_semantics_implementations.disabled + type: bool + value: true + mirror: always + rust: true + +# Whether to disable the lquote/rquote attributes of the <ms> element. +- name: mathml.ms_lquote_rquote_attributes.disabled + type: bool + value: true + mirror: always + rust: true + +# Whether to disable legacy names "thickmathspace", "mediummathspace", +# "thickmathspace" etc for length attributes. +- name: mathml.mathspace_names.disabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether to disable the scriptminsize attribute. +# Note that this only disables parsing, not the default effect when no attribute +# is unspecified. +- name: mathml.scriptminsize_attribute.disabled + type: bool + value: true + mirror: always + +# Whether to disable the scriptsizemultiplier attribute. +- name: mathml.scriptsizemultiplier_attribute.disabled + type: bool + value: true + mirror: always + +# Whether to disable support for stretching operators with STIXGeneral fonts. +# macos still has the deprecated STIXGeneral font pre-installed. +- name: mathml.stixgeneral_operator_stretching.disabled + type: bool +#if defined(XP_MACOSX) + value: @IS_NIGHTLY_BUILD@ +#else + value: true +#endif + mirror: always + +# Whether to disable fallback for mathvariant=italic/bold/bold-italic via +# styling when lacking proper fonts for Mathematical Alphanumeric Symbols. +# We expect all OSes to have relevant fonts, except Android, see bug 1789083. +- name: mathml.mathvariant_styling_fallback.disabled + type: bool +#if defined(ANDROID) + value: false +#else + value: true +#endif + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "media." +#--------------------------------------------------------------------------- + + +# This pref defines what the blocking policy would be used in blocking autoplay. +# 0 : use sticky activation (default) +# https://html.spec.whatwg.org/multipage/interaction.html#sticky-activation +# 1 : use transient activation (the transient activation duration can be +# adjusted by the pref `dom.user_activation.transient.timeout`) +# https://html.spec.whatwg.org/multipage/interaction.html#transient-activation +# 2 : user input depth (allow autoplay when the play is trigged by user input +# which is determined by the user input depth) +- name: media.autoplay.blocking_policy + type: uint32_t + value: 0 + mirror: always + +# Whether to allow autoplay on extension background pages. +- name: media.autoplay.allow-extension-background-pages + type: bool + value: true + mirror: always + +# Block autoplay, asking for permission by default. +# 0=Allowed, 1=Blocked, 5=All Blocked +- name: media.autoplay.default + type: int32_t + value: 1 + mirror: always + +# Wether to block autoplay for webaudio +- name: media.autoplay.block-webaudio + type: bool + value: true + mirror: always + +# File-backed MediaCache size. +- name: media.cache_size + type: RelaxedAtomicUint32 + value: 512000 # Measured in KiB + mirror: always + +# Size of file backed MediaCache while on a connection which is cellular (3G, +# etc), and thus assumed to be "expensive". +- name: media.cache_size.cellular + type: RelaxedAtomicUint32 + value: 32768 # Measured in KiB + mirror: always + +# Whether cubeb is sandboxed (AudioIPC) +- name: media.cubeb.sandbox + type: bool + mirror: always +#if defined(XP_LINUX) && !defined(MOZ_WIDGET_ANDROID) || defined(XP_WIN) || defined(XP_MACOSX) + value: true +#else + value: false +#endif + +# Whether or not to pass AUDCLNT_STREAMOPTIONS_RAW when initializing audio +# streams when using WASAPI. +# 0 - don't use RAW streams +# 1 - use RAW streams for input streams only +# 2 - use RAW streams for output streams only +# 3 - use RAW streams for input and output streams +#if defined (XP_WIN) +- name: media.cubeb.wasapi-raw + type: RelaxedAtomicUint32 + mirror: always + value: 0 +#endif // XP_WIN + +# Whether to make the start of cubeb stream slower, and by how many +# milliseconds. +- name: media.cubeb.slow_stream_init_ms + type: RelaxedAtomicUint32 + mirror: always + value: 0 + +# ClockDrift desired buffering in milliseconds +- name: media.clockdrift.buffering + type: RelaxedAtomicUint32 + mirror: always + value: 50 + +# If a resource is known to be smaller than this size (in kilobytes), a +# memory-backed MediaCache may be used; otherwise the (single shared global) +# file-backed MediaCache is used. +- name: media.memory_cache_max_size + type: uint32_t + value: 8192 # Measured in KiB + mirror: always + +# Don't create more memory-backed MediaCaches if their combined size would go +# above this absolute size limit. +- name: media.memory_caches_combined_limit_kb + type: uint32_t + value: 524288 + mirror: always + +# Don't create more memory-backed MediaCaches if their combined size would go +# above this relative size limit (a percentage of physical memory). +- name: media.memory_caches_combined_limit_pc_sysmem + type: uint32_t + value: 5 # A percentage + mirror: always + +# When a network connection is suspended, don't resume it until the amount of +# buffered data falls below this threshold (in seconds). +- name: media.cache_resume_threshold + type: RelaxedAtomicUint32 + value: 30 + mirror: always +- name: media.cache_resume_threshold.cellular + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# Stop reading ahead when our buffered data is this many seconds ahead of the +# current playback position. This limit can stop us from using arbitrary +# amounts of network bandwidth prefetching huge videos. +- name: media.cache_readahead_limit + type: RelaxedAtomicUint32 + value: 60 + mirror: always +- name: media.cache_readahead_limit.cellular + type: RelaxedAtomicUint32 + value: 30 + mirror: always + +# MediaCapabilities +- name: media.mediacapabilities.drop-threshold + type: RelaxedAtomicInt32 + value: 95 + mirror: always + +- name: media.mediacapabilities.from-database + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# AudioSink +- name: media.resampling.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# libcubeb backend implements .get_preferred_channel_layout +- name: media.forcestereo.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) || defined(XP_DARWIN) || defined(MOZ_PULSEAUDIO) + value: false +#else + value: true +#endif + mirror: always + +# MediaSource + +# Whether to enable MediaSource support. +- name: media.mediasource.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.mediasource.mp4.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.mediasource.webm.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Check if vp9 is enabled by default in mediasource. False on Android. +# If disabled, vp9 will only be enabled under some conditions: +# - h264 HW decoding is not supported +# - mp4 is not enabled +# - Device was deemed fast enough to decode VP9 via the VP9Benchmark utility +# - A VP9 HW decoder is present. +- name: media.mediasource.vp9.enabled + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +- name: media.mediasource.webm.audio.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to enable MediaSource v2 support. +- name: media.mediasource.experimental.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# VideoSink +- name: media.ruin-av-sync.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Encrypted Media Extensions +- name: media.eme.enabled + type: bool +#if defined(XP_LINUX) && !defined(MOZ_WIDGET_ANDROID) + # On Linux EME is visible but disabled by default. This is so that the "Play + # DRM content" checkbox in the Firefox UI is unchecked by default. DRM + # requires downloading and installing proprietary binaries, which users on an + # open source operating systems didn't opt into. The first time a site using + # EME is encountered, the user will be prompted to enable DRM, whereupon the + # EME plugin binaries will be downloaded if permission is granted. + value: false +#else + value: true +#endif + mirror: always + +# Whether we expose the functionality proposed in +# https://github.com/WICG/encrypted-media-encryption-scheme/blob/master/explainer.md +# I.e. if true, apps calling navigator.requestMediaKeySystemAccess() can pass +# an optional encryption scheme as part of MediaKeySystemMediaCapability +# objects. If a scheme is present when we check for support, we must ensure we +# support that scheme in order to provide key system access. +- name: media.eme.encrypted-media-encryption-scheme.enabled + type: bool + value: false + mirror: always + +# Do we need explicit approval from the application to allow access to EME? +# If true, Gecko will ask for permission before allowing MediaKeySystemAccess. +# At time of writing this is aimed at GeckoView, and setting this to true +# outside of GeckoView or test environments will likely break EME. +- name: media.eme.require-app-approval + type: bool + value: false + mirror: always + +- name: media.eme.audio.blank + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.eme.video.blank + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.eme.chromium-api.video-shmems + type: RelaxedAtomicUint32 + value: 6 + mirror: always + +# Is support for MediaKeys.getStatusForPolicy enabled? +- name: media.eme.hdcp-policy-check.enabled + type: bool + value: false + mirror: always + +- name: media.eme.max-throughput-ms + type: RelaxedAtomicUint32 + value: 500 + mirror: always + +- name: media.clearkey.persistent-license.enabled + type: bool + value: false + mirror: always + +# Are test specific clearkey key systems enabled and exposed? +- name: media.clearkey.test-key-systems.enabled + type: bool + value: false + mirror: always + +- name: media.cloneElementVisually.testing + type: bool + value: false + mirror: always + +#if defined(XP_LINUX) && defined(MOZ_SANDBOX) + # Whether to allow, on a Linux system that doesn't support the necessary + # sandboxing features, loading Gecko Media Plugins unsandboxed. However, EME + # CDMs will not be loaded without sandboxing even if this pref is changed. +- name: media.gmp.insecure.allow + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +# (When reading the next line, know that preprocessor.py doesn't +# understand parentheses, but && is higher precedence than ||.) +#if defined(XP_WIN) && defined(_ARM64_) || defined(XP_MACOSX) + # These prefs control whether or not we will allow x86/x64 plugins + # to run on Windows ARM or Apple Silicon machines. This requires + # launching the GMP child process executable in x86/x64 mode. We + # expect to allow this for Widevine until an arm64 version of + # Widevine and Clearkey is made available. We don't expect to need + # to allow this for OpenH264. + # + # For Apple Silicon and OSX, it will be for universal builds and + # whether or not it can use the x64 Widevine plugin. + # + # For Windows ARM, it will be for ARM builds and whether or not it + # can use x86 Widevine or Clearkey plugins. + + # May a Widevine GMP x64 process be executed on ARM builds. +- name: media.gmp-widevinecdm.allow-x64-plugin-on-arm64 + type: RelaxedAtomicBool + value: true + mirror: always + + # May an OpenH264 GMP x64 process be executed on ARM builds. +- name: media.gmp-gmpopenh264.allow-x64-plugin-on-arm64 + type: RelaxedAtomicBool + value: false + mirror: always + + # May a Clearkey GMP x64 process be executed on ARM builds. +- name: media.gmp-gmpclearkey.allow-x64-plugin-on-arm64 + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +# Specifies whether the PDMFactory can create a test decoder that just outputs +# blank frames/audio instead of actually decoding. The blank decoder works on +# all platforms. +- name: media.use-blank-decoder + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.gpu-process-decoder + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-process.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-retryonfailure.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.rdd-process.startup_timeout_ms + type: RelaxedAtomicInt32 + value: 5000 + mirror: always + +# Specifies how many times we restart RDD process after crash till we give up. +# After first RDD restart we disable HW acceleration on Linux. +- name: media.rdd-process.max-crashes + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +#ifdef MOZ_FFMPEG +- name: media.rdd-ffmpeg.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#ifdef MOZ_FFVPX +- name: media.rdd-ffvpx.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always +#endif + +#ifdef MOZ_WMF +- name: media.rdd-wmf.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#ifdef MOZ_APPLEMEDIA +- name: media.rdd-applemedia.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +- name: media.rdd-theora.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-vorbis.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-vpx.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-wav.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-opus.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(XP_FREEBSD) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +- name: media.rdd-webaudio.batch.size + type: RelaxedAtomicInt32 + value: 100 + mirror: always + +# This pref is here to control whether we want to perform audio decoding by +# using the IPC actor within the Utility process rather than the RDD process. +# When it is set to true, then the utility process will take precedence over RDD +# to perform audio decoding. +# TODO: Enabling for Isolated Processes builds on Android +- name: media.utility-process.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_LINUX) && !defined(ANDROID) + value: true +#elif defined(ANDROID) && !defined(MOZ_ANDROID_CONTENT_SERVICE_ISOLATED_PROCESS) + value: true +#elif defined(XP_OPENBSD) + value: true +#else + value: false +#endif + mirror: always + +# Specifies how many times we restart Utility process after crash till we give +# up. +- name: media.utility-process.max-crashes + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +#ifdef MOZ_FFMPEG +- name: media.utility-ffmpeg.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#ifdef MOZ_FFVPX +- name: media.utility-ffvpx.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#ifdef MOZ_WMF +- name: media.utility-wmf.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#ifdef MOZ_APPLEMEDIA +- name: media.utility-applemedia.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +- name: media.utility-vorbis.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.utility-wav.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.utility-opus.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +#ifdef ANDROID + # Enable the MediaCodec PlatformDecoderModule by default. +- name: media.android-media-codec.enabled + type: RelaxedAtomicBool + value: true + mirror: always + + # Bug 1771196 + # Dont yet enable AndroidDecoderModule on Utility +- name: media.utility-android-media-codec.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.android-media-codec.preferred + type: RelaxedAtomicBool + value: true + mirror: always +#endif # ANDROID + +#ifdef MOZ_OMX +- name: media.omx.enabled + type: bool + value: false + mirror: always +#endif + +# Allow ffmpeg decoder to decode directly onto shmem buffer +- name: media.ffmpeg.customized-buffer-allocation + type: RelaxedAtomicBool + value: true + mirror: always + +#ifdef MOZ_FFMPEG +- name: media.ffmpeg.enabled + type: RelaxedAtomicBool + #if defined(XP_MACOSX) + value: false + #else + value: true + #endif + mirror: always + +- name: media.libavcodec.allow-obsolete + type: bool + value: false + mirror: always +#endif # MOZ_FFMPEG + +#if defined(MOZ_FFMPEG) || defined(MOZ_FFVPX) +# Allow using openh264 decoding with ffmpeg +- name: media.ffmpeg.allow-openh264 + type: RelaxedAtomicBool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always +#endif # MOZ_FFMPEG || MOZ_FFVPX + +#ifdef MOZ_WIDGET_GTK +# Use VA-API for ffmpeg video playback on Linux +- name: media.ffmpeg.vaapi.enabled + type: bool + value: false + mirror: once + +# Force to copy dmabuf video frames +# Used for debugging/troubleshooting only +# 0 - force disable +# 1 - force enable +# 2 - default +- name: media.ffmpeg.vaapi.force-surface-zero-copy + type: uint32_t + value: 2 + mirror: once +#endif # MOZ_WIDGET_GTK + +- name: media.ffvpx.enabled + type: RelaxedAtomicBool +#ifdef MOZ_FFVPX + value: true +#else + value: false +#endif + mirror: always + +- name: media.ffvpx.mp3.enabled + type: RelaxedAtomicBool +#ifdef MOZ_FFVPX + value: true +#else + value: false +#endif + mirror: always + +# Set to true in marionette tests to disable the sanity test +# which would lead to unnecessary start of the RDD process. +- name: media.sanity-test.disabled + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef MOZ_WMF + +- name: media.wmf.enabled + type: RelaxedAtomicBool + value: true + mirror: always + + # Whether DD should consider WMF-disabled a WMF failure, useful for testing. +- name: media.decoder-doctor.wmf-disabled-is-failure + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.dxva.d3d11.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.wmf.dxva.max-videos + type: RelaxedAtomicUint32 + value: 8 + mirror: always + +- name: media.wmf.dxva.d3d9.amd-pre-uvd4.disabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.wmf.use-nv12-format + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.wmf.zero-copy-nv12-textures + type: bool + value: true + mirror: once +# Enable hardware decoded video no copy even when it is blocked. +- name: media.wmf.zero-copy-nv12-textures-force-enabled + type: bool + value: false + mirror: once + +- name: media.wmf.force.allow-p010-format + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.use-sync-texture + type: bool + value: true + mirror: once + +- name: media.wmf.low-latency.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.low-latency.force-disabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.skip-blacklist + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.amd.highres.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.wmf.allow-unsupported-resolutions + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.wmf.vp9.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.wmf.av1.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Using Windows Media Foundation Media Engine for encrypted playback +# 0 : disable, 1 : enable for encrypted and clear, +# 2 : enable for encrypted only, 3 : enable for clear only +- name: media.wmf.media-engine.enabled + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Testing purpose, enable media engine on channel decoder as well. +- name: media.wmf.media-engine.channel-decoder.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# The amount of video raw data the engine stream will queue +- name: media.wmf.media-engine.raw-data-threshold.video + type: RelaxedAtomicInt32 + value: 500000 + mirror: always + +# The amount of audio raw data the engine stream will queue +- name: media.wmf.media-engine.raw-data-threshold.audio + type: RelaxedAtomicInt32 + value: 2000000 + mirror: always + +# Specifies how many times we restart MFCDM process after crash till we give up. +- name: media.wmf.media-engine.max-crashes + type: RelaxedAtomicInt32 + value: 2 + mirror: always + +# Enable PlayReady DRM for EME +- name: media.eme.playready.enabled + type: RelaxedAtomicBool +#if defined(MOZ_WMF_CDM) && defined(NIGHTLY_BUILD) + value: false # TODO: enable this when ready to play. +#else + value: false +#endif + mirror: always + +#endif # MOZ_WMF + +- name: media.decoder-doctor.testing + type: bool + value: false + mirror: always + +- name: media.hardware-video-decoding.enabled + type: bool + value: true + mirror: once + +- name: media.hardware-video-decoding.force-enabled + type: bool + value: false + mirror: once + +# Whether to check the decoder supports recycling. +- name: media.decoder.recycle.enabled + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# Should MFR try to skip to the next key frame? +- name: media.decoder.skip-to-next-key-frame.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# When video continues later than the current media time for this period of +# time, then it will trigger skip-to-next-keyframe mechanism. As this aims to +# solve the drop frames issue where video decoding too slow for high +# resolution videos. eg. 4k+. Therefore, the value is is determined by the +# telemetry probe `video_inter_keyframe_max_ms` in the key of `AV,h>2160` which +# shows that 95% video's key frame interval are less than ~5000. We use its +# half value as a threashold to decide whether we should keep decoding in the +# current video position or jump to the next keyframe in order to decode future +# frames in advance. +- name: media.decoder.skip_when_video_too_slow_ms + type: RelaxedAtomicInt32 + value: 2500 + mirror: always + +# True if we want to decode in batches. +- name: media.gmp.decoder.decode_batch + type: RelaxedAtomicBool + value: false + mirror: always + +# True if we allow use of any decoders found in GMP plugins. +- name: media.gmp.decoder.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# True if we want to request the multithreaded GMP decoder. +- name: media.gmp.decoder.multithreaded + type: RelaxedAtomicBool + value: false + mirror: always + +# True if we want to try using the GMP plugin decoders first. +- name: media.gmp.decoder.preferred + type: RelaxedAtomicBool + value: false + mirror: always + +# True if we want to reorder frames from the decoder based on the timestamp. +- name: media.gmp.decoder.reorder_frames + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to suspend decoding of videos in background tabs. +- name: media.suspend-bkgnd-video.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Delay, in ms, from time window goes to background to suspending +# video decoders. Defaults to 10 seconds. +- name: media.suspend-bkgnd-video.delay-ms + type: RelaxedAtomicUint32 + value: 10000 + mirror: always + +- name: media.dormant-on-pause-timeout-ms + type: RelaxedAtomicInt32 + value: 5000 + mirror: always + +# AudioTrack and VideoTrack support +- name: media.track.enabled + type: bool + value: false + mirror: always + +# This pref disables the reception of RTCP. It is used for testing. +- name: media.webrtc.net.force_disable_rtcp_reception + type: ReleaseAcquireAtomicBool + value: false + mirror: always + +# TextTrack WebVTT Region extension support. +- name: media.webvtt.regions.enabled + type: bool + value: true + mirror: always + +# This pref controls whether dispatch testing-only events. +- name: media.webvtt.testing.events + type: bool + value: true + mirror: always + +- name: media.webspeech.synth.force_global_queue + type: bool + value: false + mirror: always + +- name: media.webspeech.test.enable + type: bool + value: false + mirror: always + +- name: media.webspeech.test.fake_fsm_events + type: bool + value: false + mirror: always + +- name: media.webspeech.test.fake_recognition_service + type: bool + value: false + mirror: always + +#ifdef MOZ_WEBSPEECH +- name: media.webspeech.recognition.enable + type: bool + value: false + mirror: always +#endif + +- name: media.webspeech.recognition.force_enable + type: bool + value: false + mirror: always + +#ifdef MOZ_WEBSPEECH +- name: media.webspeech.synth.enabled + type: bool + value: false + mirror: always +#endif # MOZ_WEBSPEECH + +- name: media.encoder.webm.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.audio-max-decode-error + type: uint32_t +#if defined(RELEASE_OR_BETA) + value: 3 +#else + # Zero tolerance in pre-release builds to detect any decoder regression. + value: 0 +#endif + mirror: always + +- name: media.video-max-decode-error + type: uint32_t +#if defined(RELEASE_OR_BETA) + value: 2 +#else + # Zero tolerance in pre-release builds to detect any decoder regression. + value: 0 +#endif + mirror: always + +# Are video stats enabled? (Disabling can help prevent fingerprinting.) +- name: media.video_stats.enabled + type: bool + value: true + mirror: always + +# forces the number of dropped frames to 0 +- name: media.video.dropped_frame_stats.enabled + type: bool + value: true + mirror: always + +# Opus +- name: media.opus.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Wave +- name: media.wave.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Ogg +- name: media.ogg.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# WebM +- name: media.webm.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# AV1 +- name: media.av1.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) && !defined(_ARM64_) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(MOZ_WIDGET_ANDROID) + value: true +#elif defined(XP_UNIX) + value: true +#else + value: false +#endif + mirror: always + +- name: media.av1.use-dav1d + type: RelaxedAtomicBool +#if defined(XP_WIN) && !defined(_ARM64_) + value: true +#elif defined(XP_MACOSX) + value: true +#elif defined(XP_UNIX) + value: true +#else + value: false +#endif + mirror: always + +- name: media.av1.new-thread-count-strategy + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.av1.force-thread-count + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: media.flac.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Hls +- name: media.hls.enabled + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# Max number of HLS players that can be created concurrently. Used only on +# Android and when "media.hls.enabled" is true. +#ifdef ANDROID +- name: media.hls.max-allocations + type: uint32_t + value: 20 + mirror: always +#endif + +- name: media.mp4.enabled + type: RelaxedAtomicBool +#ifdef MOZ_FMP4 + value: true +#else + value: false +#endif + mirror: always + +- name: media.mp4.sniff_iso_brand + type: RelaxedAtomicBool + value: true + mirror: always + +# Error/warning handling, Decoder Doctor. +# +# Set to true to force demux/decode warnings to be treated as errors. +- name: media.playback.warnings-as-errors + type: RelaxedAtomicBool + value: false + mirror: always + +# Resume video decoding when the cursor is hovering on a background tab to +# reduce the resume latency and improve the user experience. +- name: media.resume-bkgnd-video-on-tabhover + type: bool + value: true + mirror: always + +- name: media.videocontrols.lock-video-orientation + type: bool + value: false + mirror: always + +# Media Seamless Looping +- name: media.seamless-looping + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.seamless-looping-video + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.autoplay.block-event.enabled + type: bool + value: false + mirror: always + +- name: media.media-capabilities.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.media-capabilities.screen.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: media.benchmark.vp9.fps + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +- name: media.benchmark.vp9.threshold + type: RelaxedAtomicUint32 + value: 150 + mirror: always + +- name: media.benchmark.vp9.versioncheck + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +- name: media.benchmark.frames + type: RelaxedAtomicUint32 + value: 300 + mirror: always + +- name: media.benchmark.timeout + type: RelaxedAtomicUint32 + value: 1000 + mirror: always + +- name: media.test.video-suspend + type: RelaxedAtomicBool + value: false + mirror: always + +# MediaCapture prefs follow + +# Enables navigator.mediaDevices and getUserMedia() support. See also +# media.peerconnection.enabled +- name: media.navigator.enabled + type: bool + value: true + mirror: always + +# This pref turns off window-focus checks on the navigator.mediaDevices methods, +# for partner testing frameworks. +# Prefer "focusmanager.testmode", which is already set by default for +# web-platform tests. +- name: media.devices.unfocused.enabled + type: bool + value: false + mirror: always + +# This pref turns off [SecureContext] on the navigator.mediaDevices object, for +# more compatible legacy behavior. +- name: media.devices.insecure.enabled + type: bool + value: false + mirror: always + +# If the above pref is also enabled, this pref enabled getUserMedia() support +# in http, bypassing the instant NotAllowedError you get otherwise. +- name: media.getusermedia.insecure.enabled + type: bool + value: false + mirror: always + +# Enable tab sharing +- name: media.getusermedia.browser.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# The getDisplayMedia method is always SecureContext regardless of the above two +# prefs. But it is not implemented on android, and can be turned off elsewhere. +- name: media.getdisplaymedia.enabled + type: bool + value: @IS_NOT_ANDROID@ + mirror: always + +# Turn off any cameras (but not mics) while in the background. This is desirable +# on mobile. +- name: media.getusermedia.camera.background.mute.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +# Use the libwebrtc AVFoundation camera backend on Mac by default. When +# disabled, an older forked capture module is used. +- name: media.getusermedia.camera.macavf.enabled + type: bool + value: true + mirror: once + +# This pref turns on legacy (non-spec) exposure of camera and microphone +# information from enumerateDevices and devicechange ahead of successful +# getUserMedia calls. Should only be turned on to resolve web compat issues, +# since doing so reveals more user fingerprinting information to trackers. +# +# In this mode, camera and microphone device labels are exposed if the site has a +# persisted permission to either kind, as well as while actively capturing either +# kind (temporary and tab-specific grace-period permissions do not count). +# +# Planned next steps: true → @IS_NOT_NIGHTLY_BUILD@ → false +- name: media.devices.enumerate.legacy.enabled + type: bool + value: true + mirror: always + +# WebRTC prefs follow + +# Enables RTCPeerConnection support. Note that, when true, this pref enables +# navigator.mediaDevices and getUserMedia() support as well. +# See also media.navigator.enabled +- name: media.peerconnection.enabled + type: bool + value: true + mirror: always + +- name: media.peerconnection.dtmf.enabled + type: bool + value: true + mirror: always + +- name: media.peerconnection.identity.enabled + type: bool + value: true + mirror: always + +#ifdef MOZ_WEBRTC + # Use MediaDataDecoder API for VP8/VP9 in WebRTC. This includes hardware + # acceleration for decoding. +- name: media.navigator.mediadatadecoder_vpx_enabled + type: RelaxedAtomicBool +#if defined(NIGHTLY_BUILD) || defined(MOZ_WIDGET_GTK) + value: true +#else + value: false +#endif + mirror: always + + # Use MediaDataDecoder API for H264 in WebRTC. This includes hardware + # acceleration for decoding. +- name: media.navigator.mediadatadecoder_h264_enabled + type: RelaxedAtomicBool + #if defined(_ARM64_) && defined(XP_WIN) + value: false + #else + value: true + #endif + mirror: always + +#if defined(MOZ_WIDGET_GTK) + # Use hardware acceleration for VP8 decoding on Linux. +- name: media.navigator.mediadatadecoder_vp8_hardware_enabled + type: RelaxedAtomicBool + value: false + mirror: always +#endif + + # Interval in milliseconds at which to gather WebRTC stats for use in about:webrtc. +- name: media.aboutwebrtc.hist.poll_interval_ms + type: RelaxedAtomicUint32 + value: 250 + mirror: always + + # History time depth in seconds to keep for webrtc:stats for use in about:webrtc. +- name: media.aboutwebrtc.hist.storage_window_s + type: RelaxedAtomicUint32 + value: 60 + mirror: always + + # Time in minutes to retain peer connection stats after closing. +- name: media.aboutwebrtc.hist.prune_after_m + type: RelaxedAtomicUint32 + value: 60 * 24 * 2 + mirror: always + + # Max number of closed PC stats histories to retain +- name: media.aboutwebrtc.hist.closed_stats_to_retain + type: RelaxedAtomicUint32 + value: 8 + mirror: always + + # Gather PeerConnection stats history for display in about:webrtc. If + # disabled history will only gather when about:webrtc is open. Additionally, + # if disabled and when about:webrtc is not in the foreground history data + # will become sparse. +- name: media.aboutwebrtc.hist.enabled + type: RelaxedAtomicBool +#if defined(MOZ_WIDGET_ANDROID) + value: false +#else + value: @IS_NIGHTLY_BUILD@ +#endif + mirror: always + +#endif # MOZ_WEBRTC + +# HTMLMediaElement.allowedToPlay should be exposed to web content when +# block autoplay rides the trains to release. Until then, Nightly only. +- name: media.allowed-to-play.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Is support for MediaDevices.ondevicechange enabled? +- name: media.ondevicechange.enabled + type: bool + value: true + mirror: always + +# Is support for HTMLMediaElement.seekToNextFrame enabled? +- name: media.seekToNextFrame.enabled + type: bool + value: true + mirror: always + +# setSinkId will be enabled in bug 1498512. Till then the +# implementation will remain hidden behind this pref (Bug 1152401, Bug 934425). +- name: media.setsinkid.enabled + type: bool +#if defined(MOZ_WIDGET_ANDROID) + value: false # bug 1473346 +#else + value: @IS_NIGHTLY_BUILD@ +#endif + mirror: always + +# Turn on this pref can enable test-only events for media element. +- name: media.testing-only-events + type: bool + value: false + mirror: always + +- name: media.useAudioChannelService.testing + type: bool + value: false + mirror: always + +- name: media.audioFocus.management + type: bool +#if defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: always + +- name: media.hardwaremediakeys.enabled + type: bool + value: true + mirror: always + +# If this pref is on, then `media.mediacontrol.stopcontrol.timer.ms` would take +# effect and determine the timing to stop controlling media. +- name: media.mediacontrol.stopcontrol.timer + type: bool + value: true + mirror: always + +# If media is being paused after a certain period, then we would think that +# media doesn't need to be controlled anymore. Therefore, that media would stop +# listening to the media control key events. The value of this pref is how long +# media would stop listening to the event after it's paused. The default value +# is set to 24 hrs (24*60*60*1000) +- name: media.mediacontrol.stopcontrol.timer.ms + type: RelaxedAtomicUint32 + value: 86400000 + mirror: always + +# If this pref is on, we would stop controlling media after it reaches to the +# end. +- name: media.mediacontrol.stopcontrol.aftermediaends + type: bool + value: true + mirror: always + +# We would only use media control to control media which duration is longer +# than this value. +- name: media.mediacontrol.eligible.media.duration.s + type: AtomicFloat + value: 3.0f + mirror: always + +- name: media.webrtc.platformencoder + type: RelaxedAtomicBool +#if defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: @IS_EARLY_BETA_OR_EARLIER@ +#endif + mirror: always + +- name: media.webrtc.platformencoder.sw_only + type: RelaxedAtomicBool +#if defined(MOZ_WIDGET_ANDROID) + value: false +#else + value: true +#endif + mirror: always + +- name: media.webrtc.software_encoder.fallback + type: RelaxedAtomicBool +#if !defined(MOZ_WIDGET_GTK) + value: true +#else + value: false +#endif + mirror: always + +#if defined(XP_MACOSX) +- name: media.webrtc.capture.allow-iosurface + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +#if defined(XP_WIN) +- name: media.webrtc.capture.allow-directx + type: RelaxedAtomicBool + value: true + mirror: always + +- name: media.webrtc.capture.allow-wgc + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always +#endif + +#if defined(MOZ_WIDGET_GTK) +- name: media.webrtc.capture.allow-pipewire + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +- name: media.block-autoplay-until-in-foreground + type: bool +#if !defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: always + +- name: media.webrtc.hw.h264.enabled + type: bool +#if defined(MOZ_WIDGET_ANDROID) + value: true +#else + value: false +#endif + mirror: always + + # If true, then we require explicit approval from the embedding app (ex. Fenix) + # on GeckoView to know if we can allow audible, inaudible media or both kinds + # of media to autoplay. +- name: media.geckoview.autoplay.request + type: bool + value: false + mirror: always + + # This is used in testing only, in order to skip the prompting process. This + # pref works only when enabling the pref `media.geckoview.autoplay.request`. + # 0=prompt as normal, 1=allow all, 2=deny all, 3=allow audible request, + # 4=deny audible request, 5=allow inaudible request, 6=deny inaudible request. + # 7=leave all requests pending. +- name: media.geckoview.autoplay.request.testing + type: uint32_t + value: 0 + mirror: always + +- name: media.mediacontrol.testingevents.enabled + type: bool + value: false + mirror: always + +#if defined(XP_MACOSX) +- name: media.macos.screenrecording.oscheck.enabled + type: bool + value: true + mirror: always +#endif + +# When the playback rate of an HTMLMediaElement is greater than this value, or +# lower than the inverse of this value, the audio is muted. +- name: media.audio.playbackrate.muting_threshold + type: uint32_t + value: 8 + mirror: always + +# Time-stretch algorithm single processing sequence length in milliseconds. +# This determines to how long sequences the original sound is chopped in the +# time-stretch algorithm. +- name: media.audio.playbackrate.soundtouch_sequence_ms + type: RelaxedAtomicInt32 + value: 10 + mirror: always + +# Time-stretch algorithm seeking window length in milliseconds for algorithm +# that finds the best possible overlapping location. This determines from how +# wide window the algorithm may look for an optimal joining location when mixing +# the sound sequences back together. +- name: media.audio.playbackrate.soundtouch_seekwindow_ms + type: RelaxedAtomicInt32 + value: 15 + mirror: always + +# Time-stretch algorithm overlap length in milliseconds. When the chopped sound +# sequences are mixed back together, to form a continuous sound stream, this +# parameter defines over how long period the two consecutive sequences are let +# to overlap each other. +- name: media.audio.playbackrate.soundtouch_overlap_ms + type: RelaxedAtomicInt32 + value: 8 + mirror: always + +# The duration, in milliseconds, of decoded audio to keep around in the +# AudioSink ring-buffer. New decoding operations are started when this limit is +# reached. The total size of the ring-buffer is slightly bigger than this. +- name: media.audio.audiosink.threshold_ms + type: AtomicFloat +#if defined(XP_MACOSX) && defined(MOZ_AARCH64) + value: 1000.0 +#else + value: 200.0 +#endif + mirror: always + +- name: media.video-wakelock + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "midi." +#--------------------------------------------------------------------------- + +- name: midi.testing + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "mousewheel." +#--------------------------------------------------------------------------- + +# This affects how line scrolls from wheel events will be accelerated. +# Factor to be multiplied for constant acceleration. +- name: mousewheel.acceleration.factor + type: RelaxedAtomicInt32 + value: 10 + mirror: always + +# This affects how line scrolls from wheel events will be accelerated. +# Number of mousewheel clicks when acceleration starts. +# Acceleration can be turned off if pref is set to -1. +- name: mousewheel.acceleration.start + type: RelaxedAtomicInt32 + value: -1 + mirror: always + +# Auto-dir is a feature which treats any single-wheel scroll as a scroll in the +# only one scrollable direction if the target has only one scrollable +# direction. For example, if the user scrolls a vertical wheel inside a target +# which is horizontally scrollable but vertical unscrollable, then the vertical +# scroll is converted to a horizontal scroll for that target. +# Note that auto-dir only takes effect for |mousewheel.*.action|s and +# |mousewheel.*.action.override_x|s whose values are 1. +- name: mousewheel.autodir.enabled + type: bool + value: false + mirror: always + +# When a wheel scroll is converted due to auto-dir, which side the converted +# scroll goes towards is decided by one thing called "honoured target". If the +# content of the honoured target horizontally starts from right to left, then +# an upward scroll maps to a rightward scroll and a downward scroll maps to a +# leftward scroll; otherwise, an upward scroll maps to a leftward scroll and a +# downward scroll maps to a rightward scroll. +# If this pref is set to false, then consider the scrolling target as the +# honoured target. +# If set to true, then consider the root element in the document where the +# scrolling target is as the honoured target. But note that there's one +# exception: for targets in an HTML document, the real root element(I.e. the +# <html> element) is typically not considered as a root element, but the <body> +# element is typically considered as a root element. If there is no <body> +# element, then consider the <html> element instead. +- name: mousewheel.autodir.honourroot + type: bool + value: false + mirror: always + +- name: mousewheel.system_scroll_override.enabled + type: RelaxedAtomicBool +#if defined(XP_WIN) || defined(MOZ_WIDGET_GTK) + value: true +#else + value: false +#endif + mirror: always + +# Prefs for overriding the system mouse wheel scrolling speed on +# content of the web pages. When +# "mousewheel.system_scroll_override.enabled" is true and the +# system scrolling speed isn't customized by the user, the content scrolling +# speed is multiplied by the following factors. The value will be used as +# 1/100. E.g., 200 means 2.00. +# NOTE: Even if "mousewheel.system_scroll_override.enabled" is +# true, when Gecko detects the user customized the system scrolling speed +# settings, the override isn't executed. +- name: mousewheel.system_scroll_override.horizontal.factor + type: RelaxedAtomicInt32 + value: 200 + mirror: always +- name: mousewheel.system_scroll_override.vertical.factor + type: RelaxedAtomicInt32 + value: 200 + mirror: always + +# Mouse wheel scroll transaction is held even if the mouse cursor is moved. +- name: mousewheel.transaction.ignoremovedelay + type: RelaxedAtomicInt32 + value: 100 + mirror: always + +# Mouse wheel scroll transaction period of time (in milliseconds). +- name: mousewheel.transaction.timeout + type: RelaxedAtomicInt32 + value: 1500 + mirror: always + +# Mouse wheel scroll position is determined by GetMessagePos rather than +# LPARAM msg value +- name: mousewheel.ignore_cursor_position_in_lparam + type: RelaxedAtomicBool + value: false + mirror: always + +# If line-height is lower than this value (in device pixels), 1 line scroll +# scrolls this height. +- name: mousewheel.min_line_scroll_amount + type: int32_t + value: 5 + mirror: always + +# Timeout period (in milliseconds) when the mouse wheel event is no longer +# handled as the same series. +- name: mousewheel.scroll_series_timeout + type: RelaxedAtomicInt32 + value: 80 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "mozilla." +#--------------------------------------------------------------------------- + +- name: mozilla.widget.raise-on-setfocus + type: bool + value: true + mirror: once + +#--------------------------------------------------------------------------- +# Prefs starting with "network." +#--------------------------------------------------------------------------- + +# Force less-secure NTLMv1 when needed (NTLMv2 is the default). +- name: network.auth.force-generic-ntlm-v1 + type: RelaxedAtomicBool + value: false + mirror: always + +# Sub-resources HTTP-authentication: +# 0 - don't allow sub-resources to open HTTP authentication credentials +# dialogs +# 1 - allow sub-resources to open HTTP authentication credentials dialogs, +# but don't allow it for cross-origin sub-resources +# 2 - allow the cross-origin authentication as well. +- name: network.auth.subresource-http-auth-allow + type: uint32_t + value: 2 + mirror: always + +# Sub-resources HTTP-authentication for cross-origin images: +# - true: It is allowed to present http auth. dialog for cross-origin images. +# - false: It is not allowed. +# If network.auth.subresource-http-auth-allow has values 0 or 1 this pref does +# not have any effect. +- name: network.auth.subresource-img-cross-origin-http-auth-allow + type: bool + value: false + mirror: always + +# Resources that are triggered by some non-web-content: +# - true: They are allow to present http auth. dialog +# - false: They are not allow to present http auth. dialog. +- name: network.auth.non-web-content-triggered-resources-http-auth-allow + type: bool + value: false + mirror: always + +# Whether to show anti-spoof confirmation prompts when navigating to a url +# with userinfo +- name: network.auth.confirmAuth.enabled + type: bool + value: true + mirror: always + +# Whether to display auth prompts if X-Frame-Options header will block loading +# page +- name: network.auth.supress_auth_prompt_for_XFO_failures + type: bool + value: true + mirror: always + +# Whether to use new implementation of ParseReasm +- name: network.auth.use_new_parse_realm + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to use new implementation of ParseReasm +- name: network.auth.allow_multiple_challenges_same_line + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to use challenges in the most secure order. See bug 650091. +- name: network.auth.choose_most_secure_challenge + type: RelaxedAtomicBool + value: true + mirror: always + +# See the full list of values in nsICookieService.idl. +- name: network.cookie.cookieBehavior + type: RelaxedAtomicInt32 + value: 0 # accept all cookies + mirror: always + +# See the full list of values in nsICookieService.idl. +- name: network.cookie.rejectForeignWithExceptions.enabled + type: bool + value: false + mirror: always + +# The cookieBehavior to be used in Private Browsing mode. +- name: network.cookie.cookieBehavior.pbmode + type: RelaxedAtomicInt32 + value: 0 # accept all cookies + mirror: always + +# Stale threshold for cookies in seconds. +- name: network.cookie.staleThreshold + type: uint32_t + value: 60 + mirror: always + +- name: network.cookie.sameSite.laxByDefault + type: RelaxedAtomicBool + value: false + mirror: always + +# lax-by-default 2 minutes tollerance for unsafe methods. The value is in seconds. +- name: network.cookie.sameSite.laxPlusPOST.timeout + type: uint32_t + value: 120 + mirror: always + +# For lax-by-default cookies ignore cross-site redirects when the final +# redirect is same-site again. +# https://github.com/httpwg/http-extensions/issues/2104 +- name: network.cookie.sameSite.laxByDefault.allowBoomerangRedirect + type: bool + value: true + mirror: always + +- name: network.cookie.sameSite.noneRequiresSecure + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +- name: network.cookie.sameSite.schemeful + type: bool + value: false + mirror: always + +- name: network.cookie.thirdparty.sessionOnly + type: bool + value: false + mirror: always + +- name: network.cookie.thirdparty.nonsecureSessionOnly + type: bool + value: false + mirror: always + +# If we should not store "persistent" cookies at all, i.e., make the +# "persistent" storage be like "private" storage. This value is only read when +# instantiating persistent storage for the cookie service, which usually only +# happens when the cookie service singleton is created. +- name: network.cookie.noPersistentStorage + type: bool + value: false + mirror: always + +# If true then any cookies containing unicode will be rejected +- name: network.cookie.blockUnicode + type: RelaxedAtomicBool + value: false + mirror: always + +# If true cookies loaded from the sqlite DB that have a creation or +# last accessed time that is in the future will be fixed and the +# timestamps will be set to the current time. +- name: network.cookie.fixup_on_db_load + type: RelaxedAtomicBool + value: true + mirror: always + +# If true content types of multipart/x-mixed-replace cannot set a cookie +- name: network.cookie.prevent_set_cookie_from_multipart + type: RelaxedAtomicBool + value: true + mirror: always + +# If we should attempt to race the cache and network. +- name: network.http.rcwn.enabled + type: bool + value: true + mirror: always + +- name: network.http.rcwn.cache_queue_normal_threshold + type: uint32_t + value: 8 + mirror: always + +- name: network.http.rcwn.cache_queue_priority_threshold + type: uint32_t + value: 2 + mirror: always + +# We might attempt to race the cache with the network only if a resource +# is smaller than this size. +- name: network.http.rcwn.small_resource_size_kb + type: uint32_t + value: 256 + mirror: always + +- name: network.http.rcwn.min_wait_before_racing_ms + type: uint32_t + value: 0 + mirror: always + +- name: network.http.rcwn.max_wait_before_racing_ms + type: uint32_t + value: 500 + mirror: always + +# false=real referer, true=spoof referer (use target URI as referer). +- name: network.http.referer.spoofSource + type: bool + value: false + mirror: always + +# Check whether we need to hide referrer when leaving a .onion domain. +# false=allow onion referer, true=hide onion referer (use empty referer). +- name: network.http.referer.hideOnionSource + type: bool + value: false + mirror: always + +# Include an origin header on non-GET and non-HEAD requests regardless of CORS. +# 0=never send, 1=send when same-origin only, 2=always send. +- name: network.http.sendOriginHeader + type: uint32_t + value: 2 + mirror: always + +# Whether to respect the redirected-tainted origin flag +# https://fetch.spec.whatwg.org/#concept-request-tainted-origin +- name: network.http.origin.redirectTainted + type: bool + value: true + mirror: always + +# Whether to strip auth headers for redirected fetch/xhr channels +# https://fetch.spec.whatwg.org/#http-redirect-fetch +- name: network.fetch.redirect.stripAuthHeader + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to strip auth headers for redirected http channels +# https://fetch.spec.whatwg.org/#http-redirect-fetch +- name: network.http.redirect.stripAuthHeader + type: RelaxedAtomicBool + value: true + mirror: always + +# Prefs allowing granular control of referers. +# 0=don't send any, 1=send only on clicks, 2=send on image requests as well +- name: network.http.sendRefererHeader + type: uint32_t + value: 2 + mirror: always + do_not_use_directly: true + +# The maximum allowed length for a referrer header - 4096 default. +# 0 means no limit. +- name: network.http.referer.referrerLengthLimit + type: uint32_t + value: 4096 + mirror: always + +# 0=always send, 1=send iff base domains match, 2=send iff hosts match. +- name: network.http.referer.XOriginPolicy + type: uint32_t + value: 0 + mirror: always + do_not_use_directly: true + +# 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port. +- name: network.http.referer.trimmingPolicy + type: uint32_t + value: 0 + mirror: always + do_not_use_directly: true + +# 0=full URI, 1=scheme+host+port+path, 2=scheme+host+port. +- name: network.http.referer.XOriginTrimmingPolicy + type: uint32_t + value: 0 + mirror: always + do_not_use_directly: true + +# Set the default Referrer Policy; to be used unless overriden by the site. +# 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin, +# 3=no-referrer-when-downgrade. +- name: network.http.referer.defaultPolicy + type: uint32_t + value: 2 + mirror: always + +# Set the default Referrer Policy applied to third-party trackers when the +# default cookie policy is set to reject third-party trackers, to be used +# unless overriden by the site. +# 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin, +# 3=no-referrer-when-downgrade. +# Trim referrers from trackers to origins by default. +- name: network.http.referer.defaultPolicy.trackers + type: uint32_t + value: 2 + mirror: always + +# Set the Private Browsing Default Referrer Policy, to be used +# unless overriden by the site. +# 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin, +# 3=no-referrer-when-downgrade. +- name: network.http.referer.defaultPolicy.pbmode + type: uint32_t + value: 2 + mirror: always + +# Set to ignore referrer policies which is less restricted than the default for +# cross-site requests, including 'unsafe-url', 'no-referrer-when-downgrade' and +# 'origin-when-cross-origin'. +- name: network.http.referer.disallowCrossSiteRelaxingDefault + type: bool + value: true + mirror: always + +# Whether we ignore less restricted referrer policies for top navigations. +- name: network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation + type: bool + value: false + mirror: always + + +# Set to ignore referrer policies which is less restricted than the default for +# cross-site requests in the private browsing mode, including 'unsafe-url', +# 'no-referrer-when-downgrade' and 'origin-when-cross-origin'. +- name: network.http.referer.disallowCrossSiteRelaxingDefault.pbmode + type: bool + value: true + mirror: always + +# Whether we ignore less restricted referrer policies for top navigations in the +# private browsing mode. +- name: network.http.referer.disallowCrossSiteRelaxingDefault.pbmode.top_navigation + type: bool + value: true + mirror: always + +# Set the Private Browsing Default Referrer Policy applied to third-party +# trackers when the default cookie policy is set to reject third-party +# trackers, to be used unless overriden by the site. +# 0=no-referrer, 1=same-origin, 2=strict-origin-when-cross-origin, +# 3=no-referrer-when-downgrade. +# No need to change this pref for trimming referrers from trackers since in +# private windows we already trim all referrers to origin only. +- name: network.http.referer.defaultPolicy.trackers.pbmode + type: uint32_t + value: 2 + mirror: always + +# Whether certain http header values should be censored out in logs. +# Specifically filters out "authorization" and "proxy-authorization". +- name: network.http.sanitize-headers-in-logs + type: RelaxedAtomicBool + value: true + mirror: always + +# Set this pref to an integer like 99 to override the User-Agent string's +# Firefox version. The value 0 means use the default Firefox version. If +# enterprise users rely on sites that aren't compatible with Firefox version +# 100's three-digit version number, enterprise admins can set this pref to a +# known-good version (like 99) in an enterprise policy file. +- name: network.http.useragent.forceVersion + type: uint32_t + value: 0 + mirror: always + +# Set this pref to an integer like 99 to override the User-Agent string's +# 'rv' bit. The value 0 means use the default Firefox version. We introduced +# this for Firefox 110 because it turned out websites used user agent parsing +# for "rv:11" to detect IE11. +- name: network.http.useragent.forceRVOnly + type: uint32_t + value: 109 + mirror: always + +# Whether or not we use Windows for SSO to Microsoft sites. +- name: network.http.windows-sso.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether windows-sso is enabled for the default (0) container. +# To enable SSO for additional containers, add a new pref like +# `network.http.windows-sso.container-enabled.${containerId}` = true +- name: network.http.windows-sso.container-enabled.0 + type: bool + value: true + mirror: never + +# The factor by which to increase the keepalive timeout when the +# NS_HTTP_LARGE_KEEPALIVE flag is used for a connection +- name: network.http.largeKeepaliveFactor + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# This preference, if true, causes all UTF-8 domain names to be normalized to +# punycode. The intention is to allow UTF-8 domain names as input, but never +# generate them from punycode. +- name: network.IDN_show_punycode + type: RelaxedAtomicBool + value: false + mirror: always + +# If set to true, IOService.offline depends on IOService.connectivity. +- name: network.offline-mirrors-connectivity + type: RelaxedAtomicBool + value: false + mirror: always + +# If set to true, disallow localhost connections when offline. +- name: network.disable-localhost-when-offline + type: RelaxedAtomicBool + value: false + mirror: always + +# Enables the predictive service. +- name: network.predictor.enabled + type: bool + value: true + mirror: always + +# Set true to allow resolving proxy for localhost +- name: network.proxy.allow_hijacking_localhost + type: RelaxedAtomicBool + value: false + mirror: always + +# This pref will still treat localhost URLs as secure even when hijacked +# during testing. This is necessary for automated testing to check that we +# actually treat localhost as a secure origin. +- name: network.proxy.testing_localhost_is_secure_when_hijacked + type: RelaxedAtomicBool + value: false + mirror: always + +# Allow CookieJarSettings to be unblocked for channels without a document. +# This is for testing only. +- name: network.cookieJarSettings.unblocked_for_testing + type: bool + value: false + mirror: always + +- name: network.predictor.enable-hover-on-ssl + type: bool + value: false + mirror: always + +- name: network.predictor.enable-prefetch + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +- name: network.predictor.page-degradation.day + type: int32_t + value: 0 + mirror: always +- name: network.predictor.page-degradation.week + type: int32_t + value: 5 + mirror: always +- name: network.predictor.page-degradation.month + type: int32_t + value: 10 + mirror: always +- name: network.predictor.page-degradation.year + type: int32_t + value: 25 + mirror: always +- name: network.predictor.page-degradation.max + type: int32_t + value: 50 + mirror: always + +- name: network.predictor.subresource-degradation.day + type: int32_t + value: 1 + mirror: always +- name: network.predictor.subresource-degradation.week + type: int32_t + value: 10 + mirror: always +- name: network.predictor.subresource-degradation.month + type: int32_t + value: 25 + mirror: always +- name: network.predictor.subresource-degradation.year + type: int32_t + value: 50 + mirror: always +- name: network.predictor.subresource-degradation.max + type: int32_t + value: 100 + mirror: always + +- name: network.predictor.prefetch-rolling-load-count + type: int32_t + value: 10 + mirror: always + +- name: network.predictor.prefetch-min-confidence + type: int32_t + value: 100 + mirror: always +- name: network.predictor.preconnect-min-confidence + type: int32_t + value: 90 + mirror: always +- name: network.predictor.preresolve-min-confidence + type: int32_t + value: 60 + mirror: always + +- name: network.predictor.prefetch-force-valid-for + type: int32_t + value: 10 + mirror: always + +- name: network.predictor.max-resources-per-entry + type: int32_t + value: 100 + mirror: always + +# This is selected in concert with max-resources-per-entry to keep memory +# usage low-ish. The default of the combo of the two is ~50k. +- name: network.predictor.max-uri-length + type: uint32_t + value: 500 + mirror: always + +# A testing flag. +- name: network.predictor.doing-tests + type: bool + value: false + mirror: always + +# Enables `<link rel="preload">` tag and `Link: rel=preload` response header +# handling. +- name: network.preload + type: RelaxedAtomicBool + value: true + mirror: always + +# Enables `<link rel="modulepreload">` tag and `Link: rel=modulepreload` +# response header handling. The latter is not yet implemented, see: +# https://bugzilla.mozilla.org/show_bug.cgi?id=1773056. +- name: network.modulepreload + type: RelaxedAtomicBool + value: true + mirror: always + +# Enable 103 Early Hint status code (RFC 8297) +- name: network.early-hints.enabled + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Enable `Link: rel=preconnect` in 103 Early Hint response. +- name: network.early-hints.preconnect.enabled + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# The max number of speculative connections we allow for `Link: rel=preconnect`. +# When 0, the speculative connection created due to `Link: rel=preconnect` will +# be limited by "network.http.speculative-parallel-limit". +- name: network.early-hints.preconnect.max_connections + type: uint32_t + value: 10 + mirror: always + +# How long we should wait for EarlyHintPreloader to be used. +# Under normal circumstances it should be used immidiately. +- name: network.early-hints.parent-connect-timeout + type: uint32_t + value: 10000 + mirror: always + +# Whether to use the network process or not +# Start a separate socket process. Performing networking on the socket process +# is control by a sepparate pref +# ("network.http.network_access_on_socket_process.enabled"). +# Changing these prefs requires a restart. +- name: network.process.enabled + type: RelaxedAtomicBool + mirror: always +#if defined(ANDROID) || defined(MOZ_THUNDERBIRD) + value: false # see bug 1641427 +#else + value: true +#endif + +# Whether we can send OnDataAvailable to content process directly. +- name: network.send_ODA_to_content_directly + type: RelaxedAtomicBool + value: true + mirror: always + +# Perform all network access on the socket process. +# The pref requires "network.process.enabled" to be true. +# Changing these prefs requires a restart. +- name: network.http.network_access_on_socket_process.enabled + type: RelaxedAtomicBool + mirror: always + value: false + +# Telemetry of traffic categories. Whether or not to enable HttpTrafficAnalyzer. +- name: network.traffic_analyzer.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether DNS resolution is limited to literals and cached entries. +- name: network.dns.disabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether DNS resolution is limited to literals and cached entries. +- name: network.dns.skipTRR-when-parental-control-enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.dns.disablePrefetchFromHTTPS + type: bool + value: true + mirror: always + +# Max time to shutdown the resolver threads +- name: network.dns.resolver_shutdown_timeout_ms + type: uint32_t + value: 2000 + mirror: always + +# When true on Windows DNS resolutions for single label domains +# (domains that don't contain a dot) will be resolved using the DnsQuery +# API instead of PR_GetAddrInfoByName +- name: network.dns.dns_query_single_label + type: RelaxedAtomicBool + value: false + mirror: always + +# When this pref is true we enforce a 253 character limit on domains we try to +# resolve. See bug 1264117. If it doesn't cause any web-compat issues we can +# remove it in a few releases +- name: network.dns.limit_253_chars + type: RelaxedAtomicBool + value: true + mirror: always + +# When this pref is true, we copy the host name to a fresh string before +# calling into getaddrinfo. +- name: network.dns.copy_string_before_call + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.dns.max_high_priority_threads + type: RelaxedAtomicUint32 + value: 5 + mirror: always + +- name: network.dns.max_any_priority_threads + type: RelaxedAtomicUint32 + value: 3 + mirror: always + +# The proxy type. See nsIProtocolProxyService.idl +# PROXYCONFIG_DIRECT = 0 +# PROXYCONFIG_MANUAL = 1 +# PROXYCONFIG_PAC = 2 +# PROXYCONFIG_WPAD = 4 +# PROXYCONFIG_SYSTEM = 5 +- name: network.proxy.type + type: RelaxedAtomicUint32 + value: 5 + mirror: always + +# Whether the SOCKS proxy should be in charge of DNS resolution. +- name: network.proxy.socks_remote_dns + type: RelaxedAtomicBool + value: false + mirror: always + +# When receiving a network change event, the time (in ms) we wait to reload the +# PAC url. +- name: network.proxy.reload_pac_delay + type: RelaxedAtomicUint32 + value: 2000 + mirror: always + +# When parsing "SOCKS" in PAC string, the default version of SOCKS that will be +# used. +- name: network.proxy.default_pac_script_socks_version + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +# Whether to force failover to direct for system requests. +#ifdef MOZ_PROXY_DIRECT_FAILOVER +- name: network.proxy.failover_direct + type: bool + value: true + mirror: always +#endif + +# Whether to allow a bypass flag to be set on httpChannel that will +# prevent proxies from being used for that specific request. +- name: network.proxy.allow_bypass + type: bool +#ifdef MOZ_PROXY_BYPASS_PROTECTION + value: false +#else + value: true +#endif + mirror: always + +- name: network.proxy.parse_pac_on_socket_process + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.proxy.detect_system_proxy_changes + type: RelaxedAtomicBool + value: false + mirror: always + +# If all non-direct proxies have failed, we retry all of them in case they +# are online now. +- name: network.proxy.retry_failed_proxies + type: RelaxedAtomicBool + value: true + mirror: always + +# Some requests during a page load are marked as "tail", mainly trackers, but not only. +# This pref controls whether such requests are put to the tail, behind other requests +# emerging during page loading process. +- name: network.http.tailing.enabled + type: bool + value: true + mirror: always + +# Whether to run proxy checks when processing Alt-Svc headers. +- name: network.http.altsvc.proxy_checks + type: bool + value: true + mirror: always + +- name: network.http.stale_while_revalidate.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Capacity of the above cache, in kilobytes. +- name: network.ssl_tokens_cache_capacity + type: RelaxedAtomicUint32 + value: 2048 + mirror: always + +# How many records we store per entry +- name: network.ssl_tokens_cache_records_per_entry + type: RelaxedAtomicUint32 + value: 2 + mirror: always + +# If true, only use the token once +- name: network.ssl_tokens_cache_use_only_once + type: RelaxedAtomicBool + value: true + mirror: always + +# The maximum allowed length for a URL - 1MB default. +- name: network.standard-url.max-length + type: RelaxedAtomicUint32 + value: 1048576 + mirror: always + +# DNS Trusted Recursive Resolver +# 0 - default off, 1 - reserved/off, 2 - TRR first, 3 - TRR only, +# 4 - reserved/off, 5 off by choice +- name: network.trr.mode + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Default global TRR provider +- name: network.trr.default_provider_uri + type: String + value: "https://mozilla.cloudflare-dns.com/dns-query" + mirror: never + +# If true, retry TRR for recoverable errors once. +- name: network.trr.retry_on_recoverable_errors + type: RelaxedAtomicBool + value: true + mirror: always + +# If true, don't fallback to native DNS upon network errors. +- name: network.trr.strict_native_fallback + type: RelaxedAtomicBool + value: false + mirror: always + +# If true, we'll fallback to native if the retry also times out. +- name: network.trr.strict_native_fallback_allow_timeouts + type: RelaxedAtomicBool + value: true + mirror: always + +# Single TRR request timeout (ms) when strict native fallback is enabled. +- name: network.trr.strict_fallback_request_timeout_ms + type: RelaxedAtomicUint32 + value: 6000 + mirror: always + +# If false, the temporary blocklisting feature is disabled. +# This is useful for tests to prevent bleeding extra reqs +# between tasks, since we may attempt to look up the +# parent domain in the background when blocklisting a host. +- name: network.trr.temp_blocklist + type: RelaxedAtomicBool + value: true + mirror: always + +# TRR blocklist entry expire time (in seconds). Default is one minute. +# Meant to survive basically a page load. +- name: network.trr.temp_blocklist_duration_sec + type: RelaxedAtomicUint32 + value: 60 + mirror: always + +# Single TRR request timeout, in milliseconds +- name: network.trr.request_timeout_ms + type: RelaxedAtomicUint32 + value: 1500 + mirror: always + +# Single TRR request timeout, in milliseconds for mode 3 +- name: network.trr.request_timeout_mode_trronly_ms + type: RelaxedAtomicUint32 + value: 30000 + mirror: always + +# Similar to network.http.http2.ping-timeout, but this is used when the +# Http/2 connection is connected to the TRR server. +- name: network.trr.ping_timeout + type: RelaxedAtomicUint32 + value: 3000 + mirror: always + +# The timeout of the TRR confirmation request +- name: network.trr.confirmation_timeout_ms + type: RelaxedAtomicUint32 + value: 6000 + mirror: always + +# The timeout of the TRR confirmation request +- name: network.trr.confirmation_telemetry_enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to send the Accept-Language header for TRR requests +- name: network.trr.send_accept-language_headers + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to send an empty Accept-Encoding header for TRR requests +- name: network.trr.send_empty_accept-encoding_headers + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to send the User-Agent header for TRR requests +- name: network.trr.send_user-agent_headers + type: RelaxedAtomicBool + value: false + mirror: always + +# This pref controls whether to use TRRServiceChannel off main thread. +- name: network.trr.fetch_off_main_thread + type: RelaxedAtomicBool + value: true + mirror: always + +# If we should wait for captive portal confirmation before enabling TRR +- name: network.trr.wait-for-portal + type: RelaxedAtomicBool + value: false + mirror: always + +# If we should wait for TRR service confirmation to complete before enabling +# TRR for lookups when fallback is enabled. Confirmation is always skipped when +# global mode is TRR-only (no fallback). +- name: network.trr.wait-for-confirmation + type: RelaxedAtomicBool + value: false + mirror: always + +# Normally when confirmation fails we wait for the confirmation to succeed +# before attempting to do TRR. When this pref is true, we optimistically +# assume the confirmation will succeed and might attempt TRR anyway. +# If network.trr.wait-for-confirmation is true, this pref is ignored. +- name: network.trr.attempt-when-retrying-confirmation + type: RelaxedAtomicBool + value: false + mirror: always + +# Use GET (rather than POST) +- name: network.trr.useGET + type: RelaxedAtomicBool + value: false + mirror: always + +# Allow RFC1918 address in responses? +- name: network.trr.allow-rfc1918 + type: RelaxedAtomicBool + value: false + mirror: always + +# When true, it only sends AAAA when the system has IPv6 connectivity +- name: network.trr.skip-AAAA-when-not-supported + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to apply split horizon mitigations when using TRR. +# These include adding the DNS suffix to the excluded domains +- name: network.trr.split_horizon_mitigations + type: RelaxedAtomicBool + value: true + mirror: always + +# Explicitly disable ECS (EDNS Client Subnet, RFC 7871) +- name: network.trr.disable-ECS + type: RelaxedAtomicBool + value: true + mirror: always + +# When true, the DNS+TRR cache will be cleared when a relevant TRR pref +# changes. (uri, bootstrapAddress, excluded-domains) +- name: network.trr.clear-cache-on-pref-change + type: RelaxedAtomicBool + value: true + mirror: always + +# After this many failed TRR requests in a row, consider TRR borked +- name: network.trr.max-fails + type: RelaxedAtomicUint32 + value: 15 + mirror: always + +# When the TRR confirmation is set to CONFIRM_FAILED due to many failures in +# a row, we set a timer to retry. This has an exponential backoff up to +# 64 seconds. +- name: network.trr.retry-timeout-ms + type: RelaxedAtomicUint32 + value: 125 + mirror: always + +# Retry with no TRR when the response contained only 0.0.0.0 or :: +- name: network.trr.fallback-on-zero-response + type: RelaxedAtomicBool + value: false + mirror: always + +# If true we parse the /etc/hosts file and exclude any host names from TRR. +# Reading the file is only done once, when TRR is first enabled - this could be +# soon after startup or when the pref is flipped. +- name: network.trr.exclude-etc-hosts + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to add padding in the doh dns queries (rfc 7830) +- name: network.trr.padding + type: RelaxedAtomicBool + value: true + mirror: always + +# The block size to pad to. Capped at 1024 bytes. +# Setting it to 0 doesn't add additional padding, but allows the server to +# respond with padding (RFC7930 Sec 4) +- name: network.trr.padding.length + type: RelaxedAtomicUint32 + value: 128 + mirror: always + +# Whether to skip the NS check for the blocked host. +# Note this is used for test only. +- name: network.trr.skip-check-for-blocked-host + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to use the connection info that is generated asynchronously. +- name: network.trr.async_connInfo + type: RelaxedAtomicBool + value: false + mirror: always + +# The base URL of the `Learn more` button for skip reasons +- name: network.trr_ui.skip_reason_learn_more_url + type: String + value: "https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#" + mirror: never + +# If true, display a warning before fallback to native +- name: network.trr.display_fallback_warning + type: RelaxedAtomicBool + value: false + mirror: always + +# Heuristics in this list will trigger the fallback to native warning +- name: network.trr.fallback_warning_heuristic_list + type: String + value: "canary" + mirror: never + +# Use Oblivious HTTP when making TRR requests. +- name: network.trr.use_ohttp + type: RelaxedAtomicBool + value: false + mirror: always + +# Oblivious HTTP relay URI for TRR requests. +- name: network.trr.ohttp.relay_uri + type: String + value: "" + mirror: never + +# URI from which to fetch the configuration for the Oblivious HTTP gateway for TRR requests. +- name: network.trr.ohttp.config_uri + type: String + value: "" + mirror: never + +# The URI used for the target DoH server when network.trr.use_ohttp is true +- name: network.trr.ohttp.uri + type: String + value: "" + mirror: never + +# Allow the network changed event to get sent when a network topology or setup +# change is noticed while running. +- name: network.notify.changed + type: RelaxedAtomicBool + value: true + mirror: always + +# Allow network detection of IPv6 related changes (bug 1245059) +- name: network.notify.IPv6 + type: RelaxedAtomicBool +#ifdef XP_WIN + value: false +#else + value: true +#endif + mirror: always + +# Whether to check the dnsSuffix on network changes +- name: network.notify.dnsSuffixList + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to check the registry for proxies on network changes that indicate +# that TRR should not be used. +- name: network.notify.checkForProxies + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to check the registry for NRPT rules on network changes that +# indicate that TRR should not be used. +- name: network.notify.checkForNRPT + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether NotifyIpInterfaceChange should be called immediately after +# registration in order to record the initial state of the network adapters. +- name: network.notify.initial_call + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to check for DNS resolvers +- name: network.notify.resolvers + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to use the rust implemented DefaultURI for unknown scheme types +- name: network.url.useDefaultURI + type: RelaxedAtomicBool + value: false + mirror: always + +# The maximum allowed length for a URL - 32MB default. +# If 0 that means no limit. +- name: network.url.max-length + type: RelaxedAtomicUint32 + value: 32 * 1024 * 1024 + mirror: always + +# Should be removed if no breakage occurs. See bug 1797846 +- name: network.url.strip-data-url-whitespace + type: RelaxedAtomicBool + value: false + mirror: always + +# Force remapping of remote port numbers to allow reaching local testing +# servers or port forwarders listening on non-standard ports. Note that +# this is not changing the origin URL in the addressbar, only internally +# the port number used. This is intended to be used along with the +# `network.dns.forceResolve` preference. +# +# The form is: +# "80,443,808-888=8080; 563=8081" +# this will remap ports for HTTP, HTTPS and the range of 808-888 included +# to use port 8080, and port 563 to go to 8081. +- name: network.socket.forcePort + type: String + value: "" + mirror: never + +# Try and use HTTP2 when using SSL +- name: network.http.http2.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.enabled.deps + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.enforce-tls-profile + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.chunk-size + type: RelaxedAtomicInt32 + value: 16000 + mirror: always + +- name: network.http.http2.timeout + type: RelaxedAtomicInt32 + value: 170 + mirror: always + +- name: network.http.http2.coalesce-hostnames + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.persistent-settings + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.http.http2.ping-threshold + type: RelaxedAtomicInt32 + value: 58 + mirror: always + +- name: network.http.http2.ping-timeout + type: RelaxedAtomicInt32 + value: 8 + mirror: always + +- name: network.http.http2.send-buffer-size + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: network.http.http2.allow-push + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.push-allowance + type: RelaxedAtomicInt32 + value: 131072 # 128KB + mirror: always + +- name: network.http.http2.pull-allowance + type: RelaxedAtomicInt32 + value: 12582912 # 12MB + mirror: always + +- name: network.http.http2.default-concurrent + type: RelaxedAtomicInt32 + value: 100 + mirror: always + +- name: network.http.http2.default-hpack-buffer + type: RelaxedAtomicInt32 + value: 65536 # 64K + mirror: always + +- name: network.http.http2.websockets + type: RelaxedAtomicBool + value: true + mirror: always + +- name: network.http.http2.enable-hpack-dump + type: RelaxedAtomicBool + value: false + mirror: always + +# Enable HTTP/3 +- name: network.http.http3.enable + type: RelaxedAtomicBool + value: true + mirror: always + +# Receive buffer size of QUIC socket +- name: network.http.http3.recvBufferSize + type: RelaxedAtomicInt32 + value: 1048576 + mirror: always + +- name: network.http.http3.enable_qlog + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.http.http3.enable_0rtt + type: RelaxedAtomicBool + value: true + mirror: always + +# When a h3 transaction is inserted in the pending queue, the time (ms) we wait +# to create a TCP backup connection. +- name: network.http.http3.backup_timer_delay + type: RelaxedAtomicUint32 + value: 100 + mirror: always + +# The global half open sockets allowed for creating a backup connection. +- name: network.http.http3.parallel_fallback_conn_limit + type: RelaxedAtomicUint32 + value: 32 + mirror: always + +# Receive buffer size of QUIC socket +- name: network.http.http3.max_data + type: RelaxedAtomicUint32 + value: 25165824 + mirror: always + +# Receive buffer size of QUIC socket +- name: network.http.http3.max_stream_data + type: RelaxedAtomicUint32 + value: 12582912 + mirror: always + +# Enable http3 network priority as described in +# https://httpwg.org/http-extensions/draft-ietf-httpbis-priority.html +- name: network.http.http3.priority + type: RelaxedAtomicBool + value: true + mirror: always + +# Depriorizing background tabs notifies websites when switching to or from the +# tab while still loading resources for the website. On one hand it might +# improve performance when switching to an tab with a website using the same +# QUIC connection. On the other hand it sends more data to the website and +# might be a privacy concern. +- name: network.http.http3.send_background_tabs_deprioritization + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.http.http3.version_negotiation.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# When a Http/3 connection failed, whether to retry with a different IP address. +- name: network.http.http3.retry_different_ip_family + type: RelaxedAtomicBool + value: false + mirror: always + +# This is for testing purpose. When true, nsUDPSocket::SendWithAddress will +# return NS_ERROR_CONNECTION_REFUSED for address "::1". +- name: network.http.http3.block_loopback_ipv6_addr + type: RelaxedAtomicBool + value: false + mirror: always + +# When true, a http request will be upgraded to https when HTTPS RR is +# available. +- name: network.dns.upgrade_with_https_rr + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to use HTTPS RR as AltSvc +- name: network.dns.use_https_rr_as_altsvc + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to check for NAT64 using the system resolver +- name: network.connectivity-service.nat64-check + type: bool + value: true + mirror: always + +# Manually enter the NAT64 prefix that will be used if IPv4 is unavailable. +# The value is formatted as IPv6 with the least significant bits to be dropped. +# For example, 64:ff9b:: is a common prefix. This will not disable +# the NAT64 check, although the value of this pref will be prioritized. +- name: network.connectivity-service.nat64-prefix + type: String + value: "" + mirror: never + +# Whether to enable echconfig. +- name: network.dns.echconfig.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether to enable echconfig for http3. +- name: network.dns.http3_echconfig.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# This pref needs to be worked together with network.dns.echconfig.enabled +# being true and there is no record without ECHConfig. +# When we try all records with ECHConfig in HTTPS RRs and still can't connect, +# this pref indicate whether we can fallback to the origin server. +- name: network.dns.echconfig.fallback_to_origin_when_all_failed + type: RelaxedAtomicBool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + +# When true, reset the exclusion list when all records are excluded. +- name: network.dns.httpssvc.reset_exclustion_list + type: RelaxedAtomicBool + value: true + mirror: always + +# If the http3 connection cannot be ready after the timeout value here, the +# transaction will start another non-http3 conneciton. +# Setting this value to 0 indicates this feature is disabled. +- name: network.dns.httpssvc.http3_fast_fallback_timeout + type: RelaxedAtomicUint32 + value: 50 + mirror: always + +# Whether to force a transaction to wait https rr. +- name: network.dns.force_waiting_https_rr + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# The TTL for negative responses of TXT and HTTPS records. +- name: network.dns.negative_ttl_for_type_record + type: RelaxedAtomicUint32 + value: 300 # 5 minutes (in seconds) + mirror: always + +# Whether to use port prefixed QNAME for HTTPS RR +- name: network.dns.port_prefixed_qname_https_rr + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to use HTTPS RR and ignore NS_HTTP_DISALLOW_HTTPS_RR +# This pref is only set when running tests +- name: network.dns.force_use_https_rr + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.cache.frecency_array_check_enabled + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# When this pref is true, AddStorageEntry will return an error if the +# OPEN_READONLY & OPEN_SECRETLY flags are passed and no entry exists. +# If no regressions occur this pref should be removed. +- name: network.cache.bug1708673 + type: RelaxedAtomicBool + value: false + mirror: always + +# When true we will dispatch a background task (separate process) to +# delete the cache folder at shutdown in order to avoid shutdown hangs. +- name: network.cache.shutdown_purge_in_background_task + type: RelaxedAtomicBool +#if defined(XP_WIN) + value: true +#else + value: false +#endif + mirror: always + +# Number of seconds to wait for the cache folder to be renamed before +# the background task forcefully exists. +- name: network.cache.shutdown_purge_folder_wait_seconds + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# This is used for a temporary workaround for a web-compat issue. If pref is +# true CORS preflight requests are allowed to send client certificates. +- name: network.cors_preflight.allow_client_cert + type: RelaxedAtomicBool + value: false + mirror: always + +# If true nsCORSListenerProxy will reject any URL that contains user & password +# regardless if it's a redirect or not. When false nsCORSListenerProxy will +# only reject URLs with a username and password when they happen on a redirected +# channel. +- name: network.cors_preflight.block_userpass_uri + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to record the telemetry event when a JAR channel is failed to load. +- name: network.jar.record_failure_reason + type: RelaxedAtomicBool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# nsJARInputStream::Available returns the size indicated by the archived entry +# so we need a limit so we don't OOM if the archive is corrupted. +- name: network.jar.max_available_size + type: RelaxedAtomicUint32 + value: 256*1024*1024 # 256 Mb + mirror: always + +# Whether JAR entries that defate to a different size than RealSize/orglen +# are considered corrupted or not +- name: network.jar.require_size_match + type: RelaxedAtomicBool + value: true + mirror: always + +# When this pref is true we clear the Content-Encoding header for +# application/x-gzip Content-Type responses, see bug 1030660. +# +# Assuming there are no regressions, this pref and related code should be +# removed. +- name: network.http.clear_bogus_content_encoding + type: RelaxedAtomicBool + value: false + mirror: always + +# When this pref is true, we will use the HTTPS acceptable content encoding +# list for trustworthy domains such as http://localhost +- name: network.http.encoding.trustworthy_is_https + type: RelaxedAtomicBool + value: true + mirror: always + +# Support http3 version1 +- name: network.http.http3.support_version1 + type: RelaxedAtomicBool + value: true + mirror: always + +# Disable early data on an origin if SSL_ERROR_PROTOCOL_VERSION_ALERT is received +- name: network.http.early_data_disable_on_error + type: RelaxedAtomicBool + value: true + mirror: always + +# Disable early data if it fails for more than this number of origins +- name: network.http.early_data_max_error + type: RelaxedAtomicUint32 + value: 5 + mirror: always + + # If true, remove the resumption token when 0RTT failed. +- name: network.http.remove_resumption_token_when_early_data_failed + type: RelaxedAtomicBool + value: true + mirror: always + +# The maximum count that we allow socket prrocess to crash. If this count is +# reached, we won't use networking over socket process. +- name: network.max_socket_process_failed_count + type: RelaxedAtomicUint32 + value: 1 + mirror: always + +- name: network.allow_redirect_to_data + type: RelaxedAtomicBool + value: false + mirror: always + +- name: network.allow_raw_sockets_in_content_processes + type: bool + value: false + mirror: once + +- name: network.allow_large_stack_size_for_socket_thread + type: RelaxedAtomicBool + value: true + mirror: always + +# WebTransport +- name: network.webtransport.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# WebTransport Datagram support +- name: network.webtransport.datagrams.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# WebTransport Datagram size +- name: network.webtransport.datagram_size + type: RelaxedAtomicUint32 + value: 1200 + mirror: always + +# WebTransport Redirect support +- name: network.webtransport.redirect.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Wifi-scan polling period, in ms, when on a mobile network. +# A value of 0 indicates that no polling should be done. +- name: network.wifi.scanning_period + type: RelaxedAtomicUint32 + value: 60000 + mirror: always + +# When the Access-Control-Allow-Headers is wildcard (*), whether to allow +# CORS-protected requests with the Authorization request header. +- name: network.cors_preflight.authorization_covered_by_wildcard + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "nglayout." +#--------------------------------------------------------------------------- + +# Enable/disable display list invalidation logging --- useful for debugging. +- name: nglayout.debug.invalidation + type: bool + value: false + mirror: always + +# Enable/disable widget update area flashing --- only supported with +# BasicLayers (other layer managers always update the entire widget area). +- name: nglayout.debug.widget_update_flashing + type: RelaxedAtomicBool + value: false + mirror: always + +- name: nglayout.debug.disable_xul_cache + type: bool + value: false + mirror: always + +- name: nglayout.initialpaint.delay + type: int32_t + value: 5 + mirror: always + +- name: nglayout.initialpaint.delay_in_oopif + type: int32_t + value: 5 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "page_load." +#--------------------------------------------------------------------------- + +# Time in milliseconds during which certain tasks are deprioritized during +# page load. +- name: page_load.deprioritization_period + type: RelaxedAtomicUint32 + value: 5000 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "pdfjs." +#--------------------------------------------------------------------------- + +- name: pdfjs.disabled + type: bool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "permissions." +#--------------------------------------------------------------------------- + +# 1-Accept, 2-Deny, Any other value: Accept +- name: permissions.default.image + type: RelaxedAtomicUint32 + value: 1 + mirror: always + +- name: permissions.delegation.enabled + type: bool + value: true + mirror: always + +- name: permissions.isolateBy.userContext + type: RelaxedAtomicBool + value: false + mirror: always + +- name: permissions.isolateBy.privateBrowsing + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "places." +#--------------------------------------------------------------------------- + +# Whether pages alternative frecency is enabled. This and the following related +# prefs only apply at restart. +- name: places.frecency.pages.alternative.featureGate + type: bool + value: false + mirror: once + +- name: places.frecency.pages.alternative.highWeight + type: uint32_t + value: 100 + mirror: once + +- name: places.frecency.pages.alternative.mediumWeight + type: uint32_t + value: 50 + mirror: once + +- name: places.frecency.pages.alternative.lowWeight + type: uint32_t + value: 20 + mirror: once + +- name: places.frecency.pages.alternative.halfLifeDays + type: uint32_t + value: 30 + mirror: once + +- name: places.frecency.pages.alternative.numSampledVisits + type: uint32_t + value: 10 + mirror: once + +#--------------------------------------------------------------------------- +# Prefs starting with "plain_text." +#--------------------------------------------------------------------------- + +# When false, text in plaintext documents does not wrap long lines. +- name: plain_text.wrap_long_lines + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "preferences." +#--------------------------------------------------------------------------- + +- name: preferences.allow.omt-write + type: bool + value: true + mirror: never + +#ifdef DEBUG + # If set to true, setting a Preference matched to a `Once` StaticPref will + # assert that the value matches. Such assertion being broken is a clear flag + # that the Once policy shouldn't be used. +- name: preferences.check.once.policy + type: bool + value: false + mirror: always + + # If set to true, StaticPrefs Once policy check will be skipped during + # automation regression test. Use with care. This pref must be set back to + # false as soon as specific test has completed. +- name: preferences.force-disable.check.once.policy + type: bool + value: false + mirror: always +#endif + +#--------------------------------------------------------------------------- +# Prefs starting with "print." +#--------------------------------------------------------------------------- + +# Variation fonts can't always be embedded in certain output formats +# such as PDF. To work around this, draw the variation fonts using +# paths instead of using font embedding. +- name: print.font-variations-as-paths + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we always print silently (without a print dialog). +- name: print.always_print_silent + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we attempt to generate links in Save As PDF output. +- name: print.save_as_pdf.links.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we attempt to generate and use document-internal PDF destinations. +# This currently sometimes results in an internal cairo error, see bug 1725743; +# disabled by default until that is resolved. +- name: print.save_as_pdf.internal_destinations.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we use the CSS @page size as the paper size in PDF output. +- name: print.save_as_pdf.use_page_rule_size_as_paper_size.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# The default DPI for printing. +# +# For PDF-based output, DPI should ideally be irrelevant, but in fact it is not +# for multiple reasons: +# +# * Layout code that tries to respect device pixels (e.g. for snapping glyph +# positions and baselines, and especially for the "GDI Classic" +# rendering-mode threshold for certain fonts). +# +# * The limitations of the PDF format mean that we can't natively represent +# certain effects, such as filters, in PDF output, so we need to rasterize +# the parts of the document with these applied. +# +# * Other rasterized things like images and such are also affected by DPI +# (both in the output, and the images we select via srcset, for example). +# +# Therefore, using a high DPI is preferable. For now, we use 144dpi to match +# physical printer output on Windows, but higher (e.g. 300dpi) might be better, +# but only if it does not lead to issues such as excessive memory use. +- name: print.default_dpi + type: float + value: 144.0f + mirror: always + +# Whether support for monochrome printing is enabled for CUPS. +- name: print.cups.monochrome.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Disabling this will no-op window.print() +- name: print.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# The maximum amount of time CUPS should spend enumerating print destinations +# (in milliseconds). +# The default value chosen here is completely arbitrary. +- name: print.cups.enum_dests_timeout_ms + type: RelaxedAtomicUint32 + value: 150 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "privacy." +#--------------------------------------------------------------------------- + +- name: privacy.fuzzyfox.clockgrainus + type: RelaxedAtomicUint32 + value: 100 + mirror: always + +# Annotate trackers using the strict list. If set to false, the basic list will +# be used instead. +- name: privacy.annotate_channels.strict_list.enabled + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Annotate trackers using the strict list in the private browsing mode. If set +# to false, the basic list will be used instead. +- name: privacy.annotate_channels.strict_list.pbmode.enabled + type: bool + value: true + mirror: always + +# First Party Isolation (double keying), disabled by default. +- name: privacy.firstparty.isolate + type: RelaxedAtomicBool + value: false + mirror: always + +# If false, two windows in the same domain with different first party domains +# (top level URLs) can access resources through window.opener. This pref is +# effective only when "privacy.firstparty.isolate" is true. +- name: privacy.firstparty.isolate.restrict_opener_access + type: RelaxedAtomicBool + value: true + mirror: always + +- name: privacy.firstparty.isolate.block_post_message + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.firstparty.isolate.use_site + type: RelaxedAtomicBool + value: false + mirror: always + +# Enforce tracking protection in all modes. +- name: privacy.trackingprotection.enabled + type: bool + value: false + mirror: always + +# Enforce tracking protection in Private Browsing mode. +- name: privacy.trackingprotection.pbmode.enabled + type: bool + value: true + mirror: always + +# Annotate channels based on the tracking protection list in all modes +- name: privacy.trackingprotection.annotate_channels + type: bool + value: true + mirror: always + +# Block 3rd party fingerprinting resources. +- name: privacy.trackingprotection.fingerprinting.enabled + type: bool + value: false + mirror: always + +# Block 3rd party cryptomining resources. +- name: privacy.trackingprotection.cryptomining.enabled + type: bool + value: false + mirror: always + +# Block 3rd party socialtracking resources. +- name: privacy.trackingprotection.socialtracking.enabled + type: bool + value: false + mirror: always + +# Consider socialtracking annotation as trackers (see ETP). +- name: privacy.socialtracking.block_cookies.enabled + type: bool + value: true + mirror: always + +# Block 3rd party emailtracking resources in all mode. +- name: privacy.trackingprotection.emailtracking.enabled + type: bool + value: false + mirror: always + +# Block 3rd party emailtracking resources in Private Browsing mode. +- name: privacy.trackingprotection.emailtracking.pbmode.enabled + type: bool + value: true + mirror: always + +# Collecting 3rd party emailtracking telemetry. +- name: privacy.trackingprotection.emailtracking.data_collection.enabled + type: bool + value: true + mirror: always + +- name: privacy.trackingprotection.testing.report_blocked_node + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether to spoof user locale to English (used as part of Resist +# Fingerprinting). +# 0 - will prompt +# 1 - don't spoof +# 2 - spoof +- name: privacy.spoof_english + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Send "do not track" HTTP header, disabled by default. +- name: privacy.donottrackheader.enabled + type: bool + value: false + mirror: always + +# Potentially send "global privacy control" HTTP header and set navigator +# property accordingly. Communicates user's desire to opt-out/in of +# websites or services selling or sharing the user's information, false by +# default. +# true - Send the header with a value of 1 to indicate opting-out +# false - Do not send header to indicate opting-in +- name: privacy.globalprivacycontrol.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Controls whether or not GPC signals are sent. Meant to act as a third option +# of 'undecided' by leaving the navigator property undefined and not attaching +# the Sec-GPC HTTP header. +- name: privacy.globalprivacycontrol.functionality.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Lower the priority of network loads for resources on the tracking protection +# list. Note that this requires the +# privacy.trackingprotection.annotate_channels pref to be on in order to have +# any effect. +- name: privacy.trackingprotection.lower_network_priority + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# A subset of Resist Fingerprinting protections focused specifically on timers. +# This affects the Animation API, the performance APIs, Date.getTime, +# Event.timestamp, File.lastModified, audioContext.currentTime, +# canvas.captureStream.currentTime. +- name: privacy.reduceTimerPrecision + type: RelaxedAtomicBool + value: true + mirror: always + +# If privacy.reduceTimerPrecision is false, this pref controls whether or not +# to clamp all timers at a fixed 20 microsconds. It should always be enabled, +# and is only specified as a pref to enable an emergency disabling in the event +# of catastrophic failure. +- name: privacy.reduceTimerPrecision.unconditional + type: RelaxedAtomicBool + value: true + mirror: always + +# The resistFingerprinting variables are marked with 'Relaxed' memory ordering. +# We don't particurally care that threads have a percently consistent view of +# the values of these prefs. They are not expected to change often, and having +# an outdated view is not particurally harmful. They will eventually become +# consistent. +# +# The variables will, however, be read often (specifically .microseconds on +# each timer rounding) so performance is important. +- name: privacy.resistFingerprinting + type: RelaxedAtomicBool + value: false + mirror: always + do_not_use_directly: true + +# When the .pbmode pref is on, RFP or FPP will be enabled in PBM +# When the non-pbm pref is on, they will be enabled in PBM and non-PBM +- name: privacy.resistFingerprinting.pbmode + type: RelaxedAtomicBool + value: false + mirror: always + do_not_use_directly: true + +# privacy.fingerprintingProtection enables a set of fingerprinting protections +# designed to minimize breakage while maximizing protection. +- name: privacy.fingerprintingProtection + type: RelaxedAtomicBool + value: false + mirror: always + do_not_use_directly: true + +- name: privacy.fingerprintingProtection.pbmode + type: RelaxedAtomicBool + value: false + mirror: always + do_not_use_directly: true + +# We automatically decline canvas permission requests if they are not initiated +# from user input. Just in case that breaks something, we allow the user to +# revert this behavior with this obscure pref. We do not intend to support this +# long term. If you do set it, to work around some broken website, please file +# a bug with information so we can understand why it is needed. +- name: privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts + type: bool + value: true + mirror: always + +# This pref can be used to disable mozAddonManager entirely for fingerprinting +# reasons. Someone like Tor browser will use this pref. +# NOTE: We'd like this to be a "hidden" pref once StaticPrefs supports it. +- name: privacy.resistFingerprinting.block_mozAddonManager + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether canvas extraction should result in random data. If false, canvas +# extraction results in all-white, opaque pixel data. +- name: privacy.resistFingerprinting.randomDataOnCanvasExtract + type: RelaxedAtomicBool + value: true + mirror: always + +# The log level for browser console messages logged in RFPHelper.sys.mjs. Change to +# 'All' and restart to see the messages. +- name: privacy.resistFingerprinting.jsmloglevel + type: String + value: "Warn" + mirror: never + +# Enable jittering the clock one precision value forward. +- name: privacy.resistFingerprinting.reduceTimerPrecision.jitter + type: RelaxedAtomicBool + value: true + mirror: always + +# Dynamically tune the resolution of the timer reduction for +# `privacy.reduceTimerPrecision` and `privacy.resistFingerprinting`. +- name: privacy.resistFingerprinting.reduceTimerPrecision.microseconds + type: RelaxedAtomicUint32 + value: 1000 + mirror: always + +- name: privacy.resistFingerprinting.target_video_res + type: uint32_t + value: 480 + mirror: always + +# Setting TZ=UTC ensures that even libc functions use the spoofed time zone. +# We want to remove that override as soon as possible however. +- name: privacy.resistFingerprinting.testing.setTZtoUTC + type: bool + value: false + mirror: always + +# Bitfield for selectively disabling RFP +# 0 for no new behavior +# 1 for disabling RFP if it's a WebExtension +# 2 for disabling RFP if we are not in PBM +# 4 for disabling RFP on specific domains (see privacy.resistFingerprinting.exemptedDomains) +- name: privacy.resistFingerprinting.testGranularityMask + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Enable the fingerprinting randomization. +- name: privacy.resistFingerprinting.randomization.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Enable resetting the fingerprinting randomization key daily for normal windwos. +- name: privacy.resistFingerprinting.randomization.daily_reset.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Enable resetting the fingerprinting randomization key daily for private windwos. +- name: privacy.resistFingerprinting.randomization.daily_reset.private.enabled + type: RelaxedAtomicBool + value: false + mirror: always + + +# Anti-tracking permission expiration. +- name: privacy.restrict3rdpartystorage.expiration + type: uint32_t + value: 2592000 # 30 days (in seconds) + mirror: always + +# Report Anti-tracking warnings to console lazily +- name: privacy.restrict3rdpartystorage.console.lazy + type: bool + value: true + mirror: always + +# Enable the heuristic to allow storage access for windows opened using window.open() after user interaction +- name: privacy.restrict3rdpartystorage.heuristic.opened_window_after_interaction + type: bool + value: true + mirror: always + +# Enable the heuristic to allow storage access for windows opened using window.open() +- name: privacy.restrict3rdpartystorage.heuristic.window_open + type: bool + value: true + mirror: always + +# Enable the heuristic to allow storage access for windows opened using window.open() +- name: privacy.restrict3rdpartystorage.heuristic.redirect + type: bool + value: true + mirror: always + +# Anti-tracking permission expiration. +- name: privacy.restrict3rdpartystorage.expiration_redirect + type: uint32_t + value: 2592000 # 30 days (in seconds) + mirror: always + +# Anti-tracking user-interaction expiration. +- name: privacy.userInteraction.expiration + type: uint32_t + value: 3888000 # 45 days (in seconds) + mirror: always + +# Anti-tracking user-interaction document interval. +- name: privacy.userInteraction.document.interval + type: uint32_t + value: 1800 # 30 minutes (in seconds) + mirror: always + +# Enable Anti-tracking testing. When it enables, it will notify the observers +# when user-interaction permission or storage access permission is added. This +# is for testing only. +- name: privacy.antitracking.testing + type: bool + value: false + mirror: always + +# Controls the anti-tracking webcompat features. This includes: +# - All URL-Classifier and state partitioning skip lists (prefs and remote +# settings) +# - Storage access heuristics (opener, redirect, etc.) +# - StorageAccessAPI automatic grants (skips the prompt) +# - Allowing specific tracking channels on user opt-in (e.g. facebook login +# shim). +- name: privacy.antitracking.enableWebcompat + type: RelaxedAtomicBool + value: true + mirror: always + +# Enable the heuristic to allow storage access for recent visited pages +- name: privacy.restrict3rdpartystorage.heuristic.recently_visited + type: bool + value: true + mirror: always + +# Valid time gap since last visit +- name: privacy.restrict3rdpartystorage.heuristic.recently_visited_time + type: uint32_t + value: 600 # 10 minutes + mirror: always + +# Recent visited pages redirection permission expiration. +- name: privacy.restrict3rdpartystorage.expiration_visited + type: uint32_t + value: 2592000 # 30 days (in seconds) + mirror: always + +# Maximum client-side cookie life-time cap. Measured in seconds, set to 0 to +# disable. +- name: privacy.documentCookies.maxage + type: uint32_t + value: 0 + mirror: always + +- name: privacy.window.maxInnerWidth + type: int32_t + value: 1000 + mirror: always + +- name: privacy.window.maxInnerHeight + type: int32_t + value: 1000 + mirror: always + +- name: privacy.sanitize.sanitizeOnShutdown + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.clearOnShutdown.cache + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.dynamic_firstparty.limitForeign + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.dynamic_firstparty.use_site + type: RelaxedAtomicBool + value: true + mirror: always + +- name: privacy.partition.network_state + type: RelaxedAtomicBool + value: true + mirror: always + +# Partition the OCSP cache by the partitionKey. +- name: privacy.partition.network_state.ocsp_cache + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Partition the OCSP cache by the partitionKey for private browsing mode. +- name: privacy.partition.network_state.ocsp_cache.pbmode + type: RelaxedAtomicBool + value: true + mirror: always + +# Always partition web storage APIs except cookies. +- name: privacy.partition.always_partition_third_party_non_cookie_storage + type: RelaxedAtomicBool + value: true + mirror: always + +# Exclude session storage from the above preference. +- name: privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.partition.bloburl_per_agent_cluster + type: RelaxedAtomicBool + value: false + mirror: always + +- name: privacy.window.name.update.enabled + type: bool + value: true + mirror: always + +# By default, the network state isolation is not active when there is a proxy +# setting. This pref forces the network isolation even in these scenarios. +- name: privacy.partition.network_state.connection_with_proxy + type: bool + value: false + mirror: always + +# Partition the service workers unconditionally when dFPI is enabled. +- name: privacy.partition.serviceWorkers + type: RelaxedAtomicBool + value: true + mirror: always + +# Enables / disables the strip on share feature which strips query parameters +# when copying/sharing in-content links or from the url bar. +- name: privacy.query_stripping.strip_on_share.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Enables / disables the URL query string stripping in normal browsing mode +# which strips query parameters from loading URIs to prevent bounce (redirect) +# tracking. +- name: privacy.query_stripping.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# Same as the pref above, but controls query stripping for private browsing +# mode. +- name: privacy.query_stripping.enabled.pbmode + type: RelaxedAtomicBool + value: false + mirror: always + +# The list which contains query parameters that are needed to be stripped from +# URIs. The query parameters are separated by a space. +- name: privacy.query_stripping.strip_list + type: String + value: "" + mirror: never + +# This controls if we will do the query string stripping for redirects. +- name: privacy.query_stripping.redirect + type: bool + value: true + mirror: always + +# the list which contains sites where should exempt from query stripping +- name: privacy.query_stripping.allow_list + type: String + value: "" + mirror: never + +#--------------------------------------------------------------------------- +# Prefs starting with "prompts." +#--------------------------------------------------------------------------- + +# Prompt modal type prefs +# See nsIPromptService::MODAL_TYPE fields for possible values. + +# Insecure form submit warning. +- name: prompts.modalType.insecureFormSubmit + type: int32_t + value: 2 + mirror: always + +# nsHttpChannelAuthProvider#ConfirmAuth anti-phishing prompts. +- name: prompts.modalType.confirmAuth + type: int32_t + value: 2 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "security." +#--------------------------------------------------------------------------- + +# Mochitests that need to load resource:// URIs not declared content-accessible +# in manifests should set this pref. +- name: security.all_resource_uri_content_accessible + type: bool + value: false + mirror: always + +- name: security.bad_cert_domain_error.url_fix_enabled + type: bool + value: true + mirror: always + +- name: security.csp.reporting.script-sample.max-length + type: int32_t + value: 40 + mirror: always + +- name: security.csp.truncate_blocked_uri_for_frame_navigations + type: bool + value: true + mirror: always + +# If true, all toplevel data: URI navigations will be blocked. +# Please note that manually entering a data: URI in the +# URL-Bar will not be blocked when flipping this pref. +- name: security.data_uri.block_toplevel_data_uri_navigations + type: bool + value: true + mirror: always + +# Whether window A is allowed to navigate cross-origin window B (that is not +# a descendant frame of A) to a URI that loads externally. +- name: security.allow_disjointed_external_uri_loads + type: bool + value: false + mirror: always + +# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but +# not allowed for Firefox Desktop in firefox.js +- name: security.allow_parent_unrestricted_js_loads + type: RelaxedAtomicBool + value: true + mirror: always + +# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but +# not allowed for Firefox Desktop in firefox.js +- name: security.allow_eval_with_system_principal + type: RelaxedAtomicBool + value: true + mirror: always + +# Allowed by default so it doesn't affect Thunderbird/SeaMonkey, but +# not allowed for Firefox Desktop in firefox.js +- name: security.allow_eval_in_parent_process + type: RelaxedAtomicBool + value: true + mirror: always + +# Disallowed by default, ensure not disallowed content is loaded in the parent +# process. +- name: security.allow_unsafe_parent_loads + type: bool + value: false + mirror: always + +# Pref to block mixed scripts (fonts, plugin content, scripts, stylesheets, +# iframes, websockets, XHR). +- name: security.mixed_content.block_active_content + type: bool + value: @IS_ANDROID@ + mirror: always + +# Pref to block sub requests that happen within an object. +- name: security.mixed_content.block_object_subrequest + type: bool + value: false + mirror: always + +# Pref for mixed display content blocking (images, audio, video). +- name: security.mixed_content.block_display_content + type: bool + value: false + mirror: always + +# Pref for mixed display content upgrading (images, audio, video). +- name: security.mixed_content.upgrade_display_content + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether strict file origin policy is in effect. "False" is traditional. +- name: security.fileuri.strict_origin_policy + type: RelaxedAtomicBool + value: true + mirror: always + +# The level to which we sandbox the content process. firefox.js sets the +# default to different values on a per-OS basis, and has documentation +# on what the defaults are and what the numbers mean. +- name: security.sandbox.content.level + type: int32_t + value: 0 + mirror: always + do_not_use_directly: true # Consumers should use SandboxSettings to ask. + +- name: security.sandbox.socket.process.level + type: int32_t + value: 0 + mirror: always + do_not_use_directly: true # Consumers should use SandboxSettings to ask. + +# This controls the strength of the Windows GPU process sandbox. Changes +# will require restart. +# For information on what the level number means, see +# SetSecurityLevelForGPUProcess() in +# security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp +- name: security.sandbox.gpu.level + type: int32_t +#if defined(XP_WIN) + value: 1 +#else + value: 0 +#endif + mirror: always + +# Enrollment preferences for the win32k experiment, set and managed by Normandy +- name: security.sandbox.content.win32k-experiment.enrollmentStatus + type: uint32_t + value: 0 + mirror: never + +- name: security.sandbox.content.win32k-experiment.startupEnrollmentStatus + type: uint32_t + value: 0 + mirror: never + +#if defined(XP_WIN) && defined(MOZ_SANDBOX) + + # Whether win32k is disabled for content processes. + # true means win32k system calls are not permitted. +- name: security.sandbox.content.win32k-disable + type: RelaxedAtomicBool + value: true + mirror: always + + # Note: win32k is currently _not_ disabled for GMP due to intermittent test + # failures, where the GMP process fails very early. See bug 1449348. +- name: security.sandbox.gmp.win32k-disable + type: RelaxedAtomicBool + value: false + mirror: always + + # Whether win32k is disabled for socket processes. + # true means win32k system calls are not permitted. +- name: security.sandbox.socket.win32k-disable + type: RelaxedAtomicBool + value: true + mirror: always + + # Whether CET User Shadow Stack compatible modules only is enabled for the + # relevant process type. +- name: security.sandbox.content.shadow-stack.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.sandbox.rdd.shadow-stack.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.sandbox.socket.shadow-stack.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.sandbox.gpu.shadow-stack.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +- name: security.sandbox.gmp.shadow-stack.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + + # Whether a Low Privilege AppContainer (LPAC) is enabled for the relevant + # process type. + +#if defined(MOZ_WMF_MEDIA_ENGINE) +- name: security.sandbox.utility-wmf-cdm.lpac.enabled + type: RelaxedAtomicBool + value: false + mirror: always +#endif + + # Whether Arbitrary Code Guard is enabled for the RDD process. +- name: security.sandbox.rdd.acg.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +#ifdef MOZ_WMF + # Whether Arbitrary Code Guard is enabled for the utility WMF audio decoder + # process. + +- name: security.sandbox.utility-wmf.acg.enabled + type: RelaxedAtomicBool + value: true + mirror: always +#endif // MOZ_WMF + + # This controls the depth of stack trace that is logged when Windows sandbox + # logging is turned on. This is only currently available for the content + # process because the only other sandbox (for GMP) has too strict a policy to + # allow stack tracing. This does not require a restart to take effect. +- name: security.sandbox.windows.log.stackTraceDepth + type: RelaxedAtomicUint32 + value: 0 + mirror: always +#endif + +#if defined(XP_LINUX) && defined(MOZ_SANDBOX) + # Run content processes in headless mode and disallow + # connections to the X server. Requires: + # * `webgl.out-of-process` (or else WebGL breaks) + # * `widget.non-native-theme.enabled` (scrollbars & form controls) + # Changing it requires a restart because sandbox policy information + # dependent on it is cached. See bug 1640345 for details. +- name: security.sandbox.content.headless + type: bool + value: true + mirror: once +#endif + +# Pref to show warning when submitting from secure to insecure. +- name: security.warn_submit_secure_to_insecure + type: bool + value: true + mirror: always + +# Hardware Origin-bound Second Factor Support +- name: security.webauth.webauthn + type: bool + value: true + mirror: always + +# Navigate-to CSP 3 directive +- name: security.csp.enableNavigateTo + type: bool + value: false + mirror: always + +# wasm-unsafe-eval source keyword +- name: security.csp.wasm-unsafe-eval.enabled + type: bool + value: true + mirror: always + +# unsafe-hashes source keyword +- name: security.csp.unsafe-hashes.enabled + type: bool + value: true + mirror: always + +# The script-src-attr and script-src-elem directive +- name: security.csp.script-src-attr-elem.enabled + type: bool + value: true + mirror: always + +# The style-src-attr and style-src-elem directive +- name: security.csp.style-src-attr-elem.enabled + type: bool + value: true + mirror: always + +# WebAuthn CTAP2 support +- name: security.webauthn.ctap2 + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# Dispatch WebAuthn requests to the software CTAP1 token. +# (mutually exclusive with webauthn_enable_android_fido2, +# and webauthn_enable_usbtoken) +- name: security.webauth.webauthn_enable_softtoken + type: RelaxedAtomicBool + value: false + mirror: always + +# Dispatch WebAuthn requests to the Android platform API +- name: security.webauth.webauthn_enable_android_fido2 + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# residentKey support when using Android platform API +- name: security.webauthn.webauthn_enable_android_fido2.residentkey + type: RelaxedAtomicBool + value: false + mirror: always + +# Dispatch WebAuthn requests to authenticator-rs +- name: security.webauth.webauthn_enable_usbtoken + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +# Skip direct attestation consent prompts (for tests). +- name: security.webauth.webauthn_testing_allow_direct_attestation + type: RelaxedAtomicBool + value: false + mirror: always + +# Global counter for U2F soft token operations +- name: security.webauth.softtoken_counter + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Block Worker/SharedWorker scripts with wrong MIME type. +- name: security.block_Worker_with_wrong_mime + type: bool + value: true + mirror: always + +# Block the execution of scripts using a wrong type as defined by the file extension +# (OS) mapping when loaded via the file:// protocol. +- name: security.block_fileuri_script_with_wrong_mime + type: bool + value: @IS_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Cancel outgoing requests from SystemPrincipal: +# but only with scheme http(s) and contentpolicytype subdocument +- name: security.disallow_privileged_https_subdocuments_loads + type: bool + value: true + mirror: always + +# but only with scheme data and contentpolicytype subdocument +- name: security.disallow_privileged_data_subdocuments_loads + type: bool + value: true + mirror: always + +# Cancel outgoing requests from SystemPrincipal: +# but only with scheme http(s) and contentpolicytype stylesheet +- name: security.disallow_privileged_https_stylesheet_loads + type: bool + value: true + mirror: always + +# Cancel outgoing requests from SystemPrincipal: +# but only with scheme http(s) and contentpolicytype script +- name: security.disallow_privileged_https_script_loads + type: bool + value: true + mirror: always + +# Cancel outgoing requests from SystemPrincipal: +# where there is no finalURI. +- name: security.disallow_privileged_no_finaluri_loads + type: bool + value: true + mirror: always + +# Cancel outgoing requests from privileged about pages: +# but only with scheme http(s) and contentpolicytype script +- name: security.disallow_privilegedabout_remote_script_loads + type: bool + value: true + mirror: always + +# Disable preloaded static key pins by default. +- name: security.cert_pinning.enforcement_level + type: RelaxedAtomicUint32 + value: 0 + mirror: always + do_not_use_directly: true + +# OCSP fetching behavior: +# 0: do not fetch OCSP +# 1: fetch OCSP for DV and EV certificates +# 2: fetch OCSP only for EV certificates +- name: security.OCSP.enabled + type: RelaxedAtomicUint32 +#ifdef ANDROID + value: 2 +#else + value: 1 +#endif + mirror: always + + +# Whether or not OCSP is required. +# true => hard-fail (if an OCSP request times out, stop the connection) +# false => soft-fail (if an OCSP request times out, continue the connection) +- name: security.OCSP.require + type: RelaxedAtomicBool + value: false + mirror: always + +# How many milliseconds to wait for an OCSP response before assuming it failed +# (when fetching for soft-fail). +- name: security.OCSP.timeoutMilliseconds.soft + type: RelaxedAtomicUint32 +#ifdef RELEASE_OR_BETA + value: 2000 +#else + value: 1000 +#endif + mirror: always + +# How many milliseconds to wait for an OCSP response before assuming it failed +# (when fetching for hard-fail). +- name: security.OCSP.timeoutMilliseconds.hard + type: RelaxedAtomicUint32 + value: 10000 + mirror: always + +# Whether or not to enable OCSP must-staple (in other words, TLS-feature with +# status request). +- name: security.ssl.enable_ocsp_must_staple + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether or not to enable OCSP stapling. +- name: security.ssl.enable_ocsp_stapling + type: RelaxedAtomicBool + value: true + mirror: always + +# This is checked at startup to see if NSS should be initialized without the +# user's certificate and key databases. +- name: security.nocertdb + type: bool + value: false + mirror: once + +# On Windows 8.1, if the following preference is 2, we will attempt to detect +# whether the Family Safety TLS interception feature has been enabled. +# If so, we will behave as if the enterprise roots feature has been enabled +# (i.e. import and trust third party root certificates from the OS). +# With any other value of the pref or on any other platform, this does nothing. +# This preference takes precedence over "security.enterprise_roots.enabled". +- name: security.family_safety.mode + type: RelaxedAtomicUint32 + value: 2 + mirror: always + +# Whether or not to import and trust third party root certificates from the OS. +- name: security.enterprise_roots.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.intermediate_preloading_healer.enabled + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +- name: security.intermediate_preloading_healer.timer_interval_ms + type: RelaxedAtomicUint32 + value: 300000 + mirror: always + +# If true, attempt to load the osclientcerts PKCS#11 module at startup on a +# background thread. This module allows Firefox to use client certificates +# stored in OS certificate storage. Currently only available for Windows and +# macOS. +- name: security.osclientcerts.autoload + type: RelaxedAtomicBool + value: true + mirror: always + +# If true, assume tokens accessed via osclientcerts implement RSA-PSS. If a +# given token does not support RSA-PSS, users may see the error +# 'SEC_ERROR_PKCS11_GENERAL_ERROR' if a server indicates it will accept an +# RSA-PSS signature in the client's certificate verify message. +# Setting this to false may allow such connections to succeed, if the server +# also accepts RSA-PKCS1 signatures. +- name: security.osclientcerts.assume_rsa_pss_support + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.pki.cert_short_lifetime_in_days + type: RelaxedAtomicUint32 + value: 10 + mirror: always + +# security.pki.netscape_step_up_policy controls how the platform handles the +# id-Netscape-stepUp OID in extended key usage extensions of CA certificates. +# 0: id-Netscape-stepUp is always considered equivalent to id-kp-serverAuth +# 1: it is considered equivalent when the notBefore is before 23 August 2016 +# 2: similarly, but for 23 August 2015 +# 3: it is never considered equivalent +- name: security.pki.netscape_step_up_policy + type: RelaxedAtomicUint32 +#ifdef RELEASE_OR_BETA + value: 1 +#else + value: 2 +#endif + mirror: always + +# Configures Certificate Transparency support mode: +# 0: Fully disabled. +# 1: Only collect telemetry. CT qualification checks are not performed. +- name: security.pki.certificate_transparency.mode + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# 0: Disable CRLite entirely. +# 1: Consult CRLite but only collect telemetry. +# 2: Consult CRLite and enforce both "Revoked" and "Not Revoked" results. +# 3: Consult CRLite and enforce "Not Revoked" results, but defer to OCSP for "Revoked". +- name: security.pki.crlite_mode + type: RelaxedAtomicUint32 + value: 3 + mirror: always + +- name: security.tls.version.min + type: RelaxedAtomicUint32 + value: 3 + mirror: always + +- name: security.tls.version.max + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +- name: security.tls.version.enable-deprecated + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.tls.version.fallback-limit + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +# Turn off post-handshake authentication for TLS 1.3 by default, +# until the incompatibility with HTTP/2 is resolved: +# https://tools.ietf.org/html/draft-davidben-http2-tls13-00 +- name: security.tls.enable_post_handshake_auth + type: RelaxedAtomicBool + value: false + mirror: always + +# Probability of GREASEing a TLS connection with ECH (0-100) +# 0 means never GREASE, 100 means always GREASE +- name: security.tls.ech.grease_probability + type: RelaxedAtomicUint32 +#ifdef NIGHTLY_BUILD + value: 100 +#else + value: 0 +#endif + mirror: always + +# Whether to apply ECH GREASE settings to HTTP3/QUIC connections +- name: security.tls.ech.grease_http3 + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +# Whether to retry connections without ECH Grease +- name: security.tls.ech.disable_grease_on_fallback + type: RelaxedAtomicBool + value: @IS_NOT_NIGHTLY_BUILD@ + mirror: always + +# ECH GREASE Padding target (1-255) +- name: security.tls.ech.grease_size + type: RelaxedAtomicUint32 + value: 100 + mirror: always + +- name: security.tls.hello_downgrade_check + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.tls.enable_delegated_credentials + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.tls.enable_0rtt_data + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl.treat_unsafe_negotiation_as_broken + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.ssl.require_safe_negotiation + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.ssl.enable_false_start + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl.enable_alpn + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl.disable_session_identifiers + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_rsa_aes_256_gcm_sha384 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_rsa_aes_128_sha + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_ecdsa_aes_128_sha + type: RelaxedAtomicBool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + +- name: security.ssl3.ecdhe_rsa_aes_256_sha + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.ecdhe_ecdsa_aes_256_sha + type: RelaxedAtomicBool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + +- name: security.ssl3.dhe_rsa_aes_128_sha + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.ssl3.dhe_rsa_aes_256_sha + type: RelaxedAtomicBool + value: false + mirror: always + +- name: security.ssl3.rsa_aes_128_sha + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.rsa_aes_256_sha + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.rsa_aes_128_gcm_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.rsa_aes_256_gcm_sha384 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.ssl3.deprecated.rsa_des_ede3_sha + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.tls13.aes_128_gcm_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.tls13.chacha20_poly1305_sha256 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: security.tls13.aes_256_gcm_sha384 + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "signon." +#--------------------------------------------------------------------------- +- name: signon.usernameOnlyForm.enabled + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "slider." +#--------------------------------------------------------------------------- + +# Scrollbar snapping region. +# - 0: off +# - 1 and higher: slider thickness multiple +- name: slider.snapMultiplier + type: int32_t +#ifdef XP_WIN + value: 6 +#else + value: 0 +#endif + mirror: once + +#--------------------------------------------------------------------------- +# Prefs starting with "storage." +#--------------------------------------------------------------------------- + +# Whether to use a non-exclusive VFS. +# By default we use the unix-excl VFS, for the following reasons: +# 1. It improves compatibility with NFS shares, whose implementation +# is incompatible with SQLite's locking requirements (reliable fcntl), and +# in particular with WAL journaling. +# Bug 433129 attempted to automatically identify such file-systems, +# but a reliable way was not found and the fallback locking is slower than +# POSIX locking, so we do not want to do it by default. +# 2. It allows wal mode to avoid the memory mapped -shm file, reducing the +# likelihood of SIGBUS failures when disk space is exhausted. +# 3. It provides some protection from third party database tampering while a +# connection is open. +# Note there's no win32-excl VFS, so this has no effect on Windows. +- name: storage.sqlite.exclusiveLock.enabled + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "svg." +#--------------------------------------------------------------------------- + +# This pref controls whether the 'context-fill' and 'context-stroke' keywords +# can be used in SVG-as-an-image in the content processes to use the fill/ +# stroke specified on the element that embeds the image. (These keywords are +# always enabled in the chrome process, regardless of this pref.) Also, these +# keywords are currently not part of any spec, which is partly why we disable +# them for web content. +- name: svg.context-properties.content.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +# This pref controls whether the `prefers-color-scheme` value of SVG images +# reacts to the embedder `color-scheme` in content. +- name: svg.embedder-prefers-color-scheme.content.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Enables the 'context-fill' and 'context-stroke' keywords for particular +# domains. We expect this list to be Mozilla-controlled properties, since the +# 'context-*' keywords are not part of any spec. We expect to remove this +# preference and the 'context-` keyword support entirely in the +# not-too-distant future when a standardized alternative ships. This preference +# is _not_ for allowing web content to use these keywords. For performance +# reasons, the list of domains in this preference should remain short in +# length. +- name: svg.context-properties.content.allowed-domains + type: String + value: "" + mirror: never + +# Is support for the new getBBox method from SVG 2 enabled? +# See https://svgwg.org/svg2-draft/single-page.html#types-SVGBoundingBoxOptions +- name: svg.new-getBBox.enabled + type: bool + value: false + mirror: always + +# Whether SVGGraphicsElement.nearestViewportElement and SVGGraphicsElement.farthestViewportElement are enabled. +- name: svg.nearestAndFarthestViewportElement.enabled + type: bool + value: @IS_NOT_EARLY_BETA_OR_EARLIER@ + mirror: always + +# Tweak which elements are allowed in <svg:use> subtrees, and in which +# circumstances. See RemoveForbiddenNodes in SVGUseElement.cpp for the spec +# text. +# +# - 0: Don't restrict ever. +# - 1: Restrict only cross-document. +# - 2/other: restrict always. +# +# We allow the behavior to be configurable via this pref. Our chosen default +# value forbids non-graphical content in <svg:use> clones of cross-document +# elements. This is a compromise between our more-permissive pre-existing +# behavior (which SVG 2 seems to call for, and maps to pref value 0) and the +# behavior of other UAs (which SVG 1.1 seems to call for, and maps to pref +# value 2). +- name: svg.use-element.graphics-element-restrictions + type: int32_t + value: 1 + mirror: always + +# Whether to restrict <svg:use> element recursion levels. +# +# - 0: Don't restrict ever. +# - 1: Restrict everywhere +# - 2/other: Restrict only in the parent process. +# +- name: svg.use-element.recursive-clone-limit.enabled + type: int32_t + value: 2 + mirror: always + +# What is the recursion limit for svg use element cloning if enabled. +- name: svg.use-element.recursive-clone-limit + type: uint32_t + value: 8 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "telemetry." +#--------------------------------------------------------------------------- + +- name: telemetry.number_of_site_origin.min_interval + type: uint32_t + value: 300000 + mirror: always + +- name: telemetry.fog.test.localhost_port + type: RelaxedAtomicInt32 + value: 0 + mirror: always + rust: true + +- name: telemetry.fog.test.activity_limit + type: RelaxedAtomicUint32 + value: 120 + mirror: always + rust: true + +- name: telemetry.fog.test.inactivity_limit + type: RelaxedAtomicUint32 + value: 1200 + mirror: always + rust: true + +- name: telemetry.fog.artifact_build + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "test." +#--------------------------------------------------------------------------- + +- name: test.events.async.enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: test.mousescroll + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "thread." +#--------------------------------------------------------------------------- + +- name: threads.medium_high_event_queue.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# If control tasks aren't enabled, they get medium high priority. +- name: threads.control_event_queue.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# If the service is available, set threads to low-power mode when in the background. +- name: threads.use_low_power.enabled + type: RelaxedAtomicBool + value: @IS_NIGHTLY_BUILD@ + mirror: always + + +# If the process priority is set to background, put the main thread in the background. +# Currently off by default. +- name: threads.lower_mainthread_priority_in_background.enabled + type: bool + value: @IS_NIGHTLY_BUILD@ + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "timer." +#--------------------------------------------------------------------------- + +# Since our timestamp on macOS does not increment while the system is asleep, we +# should ignore sleep/wake notifications to make timer thread process timers. +- name: timer.ignore_sleep_wake_notifications + type: RelaxedAtomicBool +#ifdef XP_MACOSX + value: true +#else + value: false +#endif + mirror: always + +# Amount of time by which it is always acceptable to delay the firing of a timer. +# Any timer may be delayed by up to this amount in order to enable timers to be +# bundled together for efficiency. +- name: timer.minimum_firing_delay_tolerance_ms + type: AtomicFloat + value: 1.0 + mirror: always + +# Maximum amount of time by which it is ever acceptable to delay the firing of a timer. +# Setting this to zero will effectively disable timer coalescing. +- name: timer.maximum_firing_delay_tolerance_ms + type: AtomicFloat +#ifdef NIGHTLY_BUILD + value: 10000.0 +#else + value: 0.0 +#endif + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "toolkit." +#--------------------------------------------------------------------------- + +# Makes removeDirectory background task wait for the given milliseconds before removal. +- name: toolkit.background_tasks.remove_directory.testing.sleep_ms + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +# Returns true if BHR is disabled. +- name: toolkit.content-background-hang-monitor.disabled + type: bool + value: false + mirror: always + +- name: toolkit.scrollbox.horizontalScrollDistance + type: RelaxedAtomicInt32 + value: 5 + mirror: always + +- name: toolkit.scrollbox.verticalScrollDistance + type: RelaxedAtomicInt32 + value: 3 + mirror: always + +# The lateWriteChecksStage and fastShutdownStage below represent the stage +# of shutdown after which we (for lateWriteChecksStage) crash / gather +# telemetry data on file writes, or (for fastShutdownStage) we call _exit(0). +# Higher values are earlier during shutdown, and the full enumeration can +# be found in AppShutdown.h in the AppShutdownPhase enum. +- name: toolkit.shutdown.lateWriteChecksStage + type: int32_t +#ifdef MOZ_CODE_COVERAGE + value: 0 +#else + value: 2 +#endif + mirror: always + +# See the comment above toolkit.shutdown.lateWriteChecksStage. A higher value +# for this pref means we call _exit(0) earlier during shutdown. +- name: toolkit.shutdown.fastShutdownStage + type: int32_t +#if !defined(DEBUG) && !defined(MOZ_ASAN) && !defined(MOZ_TSAN) && !defined(MOZ_CODE_COVERAGE) && !defined(MOZ_VALGRIND) && !defined(MOZ_PROFILE_GENERATE) && !defined(JS_STRUCTURED_SPEW) + value: 1 +#else + value: 0 +#endif + mirror: always + +# Sending each remote accumulation immediately places undue strain on the IPC +# subsystem. Batch the remote accumulations for a period of time before sending +# them all at once. This value was chosen as a balance between data timeliness +# and performance (see bug 1218576). +- name: toolkit.telemetry.ipcBatchTimeout + type: uint32_t + value: 2000 + mirror: always + +- name: toolkit.telemetry.geckoview.batchDurationMS + type: RelaxedAtomicUint32 + value: 5000 + mirror: always + +- name: toolkit.telemetry.geckoview.maxBatchStalenessMS + type: RelaxedAtomicUint32 + value: 60000 + mirror: always + +- name: toolkit.telemetry.geckoview.streaming + type: RelaxedAtomicBool + value: false + mirror: always + +- name: toolkit.telemetry.testing.overrideProductsCheck + type: RelaxedAtomicBool + value: false + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "ui." +#--------------------------------------------------------------------------- + +- name: ui.key.generalAccessKey + type: int32_t + value: -1 + mirror: always + +# Use 17 for Ctrl, 18 for Alt, 224 for Meta, 91 for Win, 0 for none. +- name: ui.key.accelKey + type: uint32_t +#ifdef XP_MACOSX + value: 224 +#else + value: 17 +#endif + mirror: always + +# See above for the key codes to use. +- name: ui.key.menuAccessKey + type: uint32_t +#ifdef XP_MACOSX + value: 0 +#else + value: 18 +#endif + mirror: always + +# Only used if generalAccessKey is -1. +- name: ui.key.chromeAccess + type: int32_t +#ifdef XP_MACOSX + # 0 = disabled, 1 = Shift, 2 = Ctrl, 4 = Alt, 3 = ctrl+shift, 8 = Meta + value: 2 +#else + # 0 = disabled, 1 = Shift, 2 = Ctrl, 4 = Alt, 5 = Alt+Shift, + # 8 = Meta, 16 = Win + value: 4 +#endif + mirror: always + +# Only used if generalAccessKey is -1. +- name: ui.key.contentAccess + type: int32_t +#ifdef XP_MACOSX + # 0 = disabled, 1 = Shift, 2 = Ctrl, 4 = Alt, 3 = ctrl+shift, 8 = Meta + value: 6 +#else + # 0 = disabled, 1 = Shift, 2 = Ctrl, 4 = Alt, 5 = Alt+Shift, + # 8 = Meta, 16 = Win + value: 5 +#endif + mirror: always + +# Does the access key by itself focus the menu bar? +- name: ui.key.menuAccessKeyFocuses + type: bool +#if defined(XP_WIN) || defined(MOZ_WIDGET_GTK) + # On Windows and Linux, we now default to showing the menu bar only when alt + # is pressed. + value: true +#else + value: false +#endif + mirror: always + +# Whether native key bindings in the environment or builtin shortcut key +# definitions in Gecko are used first in <input> and <textarea> +- name: ui.key.textcontrol.prefer_native_key_bindings_over_builtin_shortcut_key_definitions + type: bool + value: true + mirror: always + +#ifdef MOZ_WIDGET_GTK +# Only GtkTextView (native multiline text viewer/editor) supports "select-all" +# signal so that we cannot know "select-all" key bindings only with GtkEntry. +# When this pref is set to true, if a key combination does not cause any +# signals in GtkEntry, try to check the key combination is mapped to +# "select-all" in GtkTextView or not. If it's mapped to other commands, they +# are just ignored. +- name: ui.key.use_select_all_in_single_line_editor + type: bool + value: true + mirror: always +#endif + +# Duration of timeout of incremental search in menus (ms). 0 means infinite. +- name: ui.menu.incremental_search.timeout + type: uint32_t + value: 1000 + mirror: always + +# If true, all popups won't hide automatically on blur +- name: ui.popup.disable_autohide + type: RelaxedAtomicBool + value: false + mirror: always + +# Negate scroll, true will make the mouse scroll wheel move the screen the +# same direction as with most desktops or laptops. +- name: ui.scrolling.negate_wheel_scroll + type: RelaxedAtomicBool + value: @IS_ANDROID@ + mirror: always + +# If the user puts a finger down on an element and we think the user might be +# executing a pan gesture, how long do we wait before tentatively deciding the +# gesture is actually a tap and activating the target element? +- name: ui.touch_activation.delay_ms + type: int32_t + value: 100 + mirror: always + +# If the user has clicked an element, how long do we keep the :active state +# before it is cleared by the mouse sequences fired after a +# touchstart/touchend. +- name: ui.touch_activation.duration_ms + type: int32_t + value: 10 + mirror: always + +# Prevent system colors from being exposed to CSS or canvas. +- name: ui.use_standins_for_native_colors + type: RelaxedAtomicBool + value: false + mirror: always + +# Disable page loading activity cursor by default. +- name: ui.use_activity_cursor + type: bool + value: false + mirror: always + +# Whether context menus should only appear on mouseup instead of mousedown, +# on OSes where they normally appear on mousedown (macOS, *nix). +# Note: ignored on Windows (context menus always use mouseup). +- name: ui.context_menus.after_mouseup + type: bool + value: false + mirror: always + +# Whether click-hold context menus are enabled. +- name: ui.click_hold_context_menus + type: RelaxedAtomicBool + value: false + mirror: always + +# How long to wait for a drag gesture before displaying click-hold context menu, +# in milliseconds. +- name: ui.click_hold_context_menus.delay + type: RelaxedAtomicInt32 + value: 500 + mirror: always + +# When enabled, the touch.radius and mouse.radius prefs allow events to be +# dispatched to nearby elements that are sensitive to the event. See +# PositionedEventTargeting.cpp. The 'mm' prefs define a rectangle around the +# nominal event target point within which we will search for suitable elements. +# 'visitedWeight' is a percentage weight; a value > 100 makes a visited link be +# treated as further away from the event target than it really is, while a +# value < 100 makes a visited link be treated as closer to the event target +# than it really is. + +- name: ui.touch.radius.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +- name: ui.touch.radius.topmm + type: uint32_t +#ifdef ANDROID + value: 2 +#else + value: 12 +#endif + mirror: always + +- name: ui.touch.radius.rightmm + type: uint32_t +#ifdef ANDROID + value: 3 +#else + value: 8 +#endif + mirror: always + +- name: ui.touch.radius.bottommm + type: uint32_t +#ifdef ANDROID + value: 2 +#else + value: 4 +#endif + mirror: always + +- name: ui.touch.radius.leftmm + type: uint32_t +#ifdef ANDROID + value: 3 +#else + value: 8 +#endif + mirror: always + +- name: ui.touch.radius.visitedWeight + type: uint32_t + value: 120 + mirror: always + +- name: ui.mouse.radius.enabled + type: bool + value: @IS_ANDROID@ + mirror: always + +- name: ui.mouse.radius.topmm + type: uint32_t +#ifdef ANDROID + value: 2 +#else + value: 12 +#endif + mirror: always + +- name: ui.mouse.radius.rightmm + type: uint32_t +#ifdef ANDROID + value: 3 +#else + value: 8 +#endif + mirror: always + +- name: ui.mouse.radius.bottommm + type: uint32_t +#ifdef ANDROID + value: 2 +#else + value: 4 +#endif + mirror: always + +- name: ui.mouse.radius.leftmm + type: uint32_t +#ifdef ANDROID + value: 3 +#else + value: 8 +#endif + mirror: always + +- name: ui.mouse.radius.visitedWeight + type: uint32_t + value: 120 + mirror: always + +- name: ui.mouse.radius.reposition + type: bool + value: @IS_ANDROID@ + mirror: always + +# When true, the ui.mouse.radius.* prefs will only affect simulated mouse +# events generated by touch input. When false, the prefs will be used for all +# mouse events. +- name: ui.mouse.radius.inputSource.touchOnly + type: bool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "urlclassifier." +#--------------------------------------------------------------------------- + +# Update server response timeout for Safe Browsing. +- name: urlclassifier.update.response_timeout_ms + type: uint32_t + value: 30000 + mirror: always + +# Download update timeout for Safe Browsing. +- name: urlclassifier.update.timeout_ms + type: uint32_t + value: 90000 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "view_source." +#--------------------------------------------------------------------------- + +- name: view_source.editor.external + type: bool + value: false + mirror: always + +- name: view_source.wrap_long_lines + type: bool + value: @IS_ANDROID@ + mirror: always + +- name: view_source.syntax_highlight + type: bool + value: true + mirror: always + +- name: view_source.tab_size + type: int32_t + value: 4 + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "webgl." (for pref access from Worker threads) +#--------------------------------------------------------------------------- + +- name: webgl.1.allow-core-profiles + type: RelaxedAtomicBool +#ifdef XP_MACOSX + value: true +#else + value: false +#endif + mirror: always + +- name: webgl.angle.force-d3d11 + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.angle.try-d3d11 + type: RelaxedAtomicBool +#ifdef XP_WIN + value: true +#else + value: false +#endif + mirror: always + +- name: webgl.angle.force-warp + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.auto-flush + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.auto-flush.gl + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.can-lose-context-in-foreground + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.cgl.multithreaded + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.colorspaces.prototype + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.debug.incomplete-tex-color + type: RelaxedAtomicUint32 + value: 0 + mirror: always + +- name: webgl.default-antialias + type: RelaxedAtomicBool + value: @IS_NOT_ANDROID@ + mirror: always + +- name: webgl.default-no-alpha + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.disable-angle + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.disable-wgl + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.dxgl.enabled + type: RelaxedAtomicBool +#ifdef XP_WIN + value: true +#else + value: false +#endif + mirror: always + +- name: webgl.dxgl.needs-finish + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.disable-fail-if-major-performance-caveat + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.disable-DOM-blit-uploads + type: RelaxedAtomicBool +#if defined(MOZ_AARCH64) && defined(XP_MACOSX) + value: true +#else + value: false +#endif + mirror: always + +- name: webgl.disabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.enable-debug-renderer-info + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.enable-draft-extensions + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.enable-privileged-extensions + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.enable-renderer-query + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.enable-surface-texture + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.enable-webgl2 + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.fake-verts.max + type: RelaxedAtomicUint32 + value: 10*1000*1000 # 10M as vec4 is count*4*4 = 160MB + mirror: always + +# Only works on Mac for now. +- name: webgl.forbid-hardware + type: RelaxedAtomicBool + value: false + mirror: always + +# Only works on Mac for now. +- name: webgl.forbid-software + type: RelaxedAtomicBool + value: true # It's generally better to encourage fallback to e.g. canvas2d. + mirror: always + +- name: webgl.force-enabled + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.force-index-validation + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: webgl.gl_khr_no_error + type: RelaxedAtomicBool +#ifdef XP_WIN + value: false +#else + value: true +#endif + mirror: always + +- name: webgl.lose-context-on-memory-pressure + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.max-contexts + type: RelaxedAtomicUint32 + value: 1000 + mirror: always + +- name: webgl.max-contexts-per-principal + type: RelaxedAtomicUint32 + value: 300 + mirror: always + +- name: webgl.max-size-per-texture-mib + type: RelaxedAtomicUint32 + value: 1024 + mirror: always + +- name: webgl.max-vert-ids-per-draw + type: RelaxedAtomicUint32 + value: 30*1000*1000 + mirror: always + +- name: webgl.max-warnings-per-context + type: RelaxedAtomicUint32 + value: 32 + mirror: always + +- name: webgl.min_capability_mode + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.msaa-force + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.msaa-samples + type: RelaxedAtomicUint32 + value: 4 + mirror: always + +- name: webgl.out-of-process + type: RelaxedAtomicBool +# (When reading the next line, know that preprocessor.py doesn't +# understand parentheses, but && is higher precedence than ||.) + value: true + mirror: always + +- name: webgl.out-of-process.worker + type: RelaxedAtomicBool +# (When reading the next line, know that preprocessor.py doesn't +# understand parentheses, but && is higher precedence than ||.) + value: true + mirror: always + +- name: webgl.out-of-process.force + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.out-of-process.shmem-size + type: RelaxedAtomicUint32 + value: 100000 # 100KB + mirror: always + +- name: webgl.out-of-process.async-present + type: RelaxedAtomicBool + value: true + mirror: always + +# Forces async present to wait for a sync, even while using remote textures. +- name: webgl.out-of-process.async-present.force-sync + type: RelaxedAtomicBool +#if defined(EARLY_BETA_OR_EARLIER) + value: false +#else + value: true +#endif + mirror: always + +#if defined(MOZ_WIDGET_ANDROID) +- name: webgl.out-of-process.enable-ahardwarebuffer + type: bool + value: false + mirror: once +#endif + +# Override the blocklist to assume that GL is threadsafe. +- name: webgl.threadsafe-gl.force-enabled + type: bool + value: false + mirror: once + +# Override the blocklist to assume that GL is not threadsafe. +- name: webgl.threadsafe-gl.force-disabled + type: bool + value: false + mirror: once + +- name: webgl.use-canvas-render-thread + type: bool + value: true + mirror: once + +- name: webgl.override-unmasked-renderer + type: DataMutexString + value: "" + mirror: always + +- name: webgl.override-unmasked-vendor + type: DataMutexString + value: "" + mirror: always + +- name: webgl.power-preference-override + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: webgl.prefer-16bpp + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.sanitize-unmasked-renderer + type: RelaxedAtomicBool + value: true + mirror: always + +- name: webgl.allow-immediate-queries + type: RelaxedAtomicBool + value: false + mirror: always + +- name: webgl.allow-fb-invalidation + type: RelaxedAtomicBool + value: false + mirror: always + + +- name: webgl.perf.max-warnings + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: webgl.perf.max-acceptable-fb-status-invals + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +- name: webgl.perf.spew-frame-allocs + type: RelaxedAtomicBool + value: true + mirror: always + +#--------------------------------------------------------------------------- +# Prefs starting with "widget." +#--------------------------------------------------------------------------- + +# Global user preference for disabling native theme in content processes. +# +# NOTE(emilio): When changing this make sure to update the non_native_theme +# entry in python/mozbuild/mozbuild/mozinfo.py and test_fission_autostart.py +- name: widget.non-native-theme.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the non-native theme should always use system colors. Useful mostly +# for testing forced colors mode. +- name: widget.non-native-theme.always-high-contrast + type: RelaxedAtomicBool + value: false + mirror: always + +# The style of scrollbars to use. Here are the current options: +# +# 0: Default platform scrollbar style. +# 1: macOS scrollbars +# 2: GTK scrollbars +# 3: Android scrollbars +# 4: Windows 10 scrollbars +# 5: Windows 11 scrollbars +# +# Note that switching to non-default scrollbars is experimental and other +# scrollbar-related prefs may interfere with the experience. For example, +# setting the GTK thumb size may have no effect when using non-GTK scrollbars +# on GTK. +- name: widget.non-native-theme.scrollbar.style + type: uint32_t + value: 0 + mirror: always + +# An override that allows to override the default platform size. The size in CSS +# pixels at full zoom of the minimum scrollbar width. +- name: widget.non-native-theme.scrollbar.size.override + type: uint32_t + value: 0 + mirror: always + +# Whether we should use themed values for dark scrollbars. +- name: widget.non-native-theme.scrollbar.dark-themed + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether the active thumb color should always use the themed colors, even if +# dark scrollbars are in use. +- name: widget.non-native-theme.scrollbar.active-always-themed + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we use the Windows CSS scrollbar sizes, or the scrollbar sizes +# defined above. +- name: widget.non-native-theme.win.scrollbar.use-system-size + type: bool + value: true + mirror: always + +# Whether Windows 11 scrollbars are always drawn with the thinner "overlay" +# scrollbar style. +- name: widget.non-native-theme.win11.scrollbar.force-overlay-style + type: bool + value: false + mirror: always + +# The amount of space that the thumb should fill the scrollbar, from zero to +# one. +- name: widget.non-native-theme.gtk.scrollbar.thumb-size + type: float + value: 0.75 + mirror: always + +# The minimum size of the scroll thumb, in the scrollbar direction. +- name: widget.non-native-theme.gtk.scrollbar.thumb-cross-size + type: uint32_t + value: 40 + mirror: always + +# Whether the thumb should be rounded for the non-native scrollbars. +- name: widget.non-native-theme.gtk.scrollbar.round-thumb + type: bool + value: true + mirror: always + +# Whether buttons shouldn't be suppressed for non-native scrollbars. +- name: widget.non-native-theme.gtk.scrollbar.allow-buttons + type: bool + value: false + mirror: always + +# Whether we should use the default accent color or the theme-provided one for +# content (e.g. for form controls and CSS system colors). +# +# Turned off on Windows, for now (we always use the default blue-ish +# accent-color there). We might want to turn this on there, though it's worth +# thinking on what the behavior should be for grey-ish accent colors (which are +# a thing on Windows and can cause confusion with things like disabled form +# controls). Maybe it's just fine. +- name: widget.non-native-theme.use-theme-accent + type: RelaxedAtomicBool +#ifdef XP_WIN + value: false +#else + value: true +#endif + mirror: always + +# Whether we should try to use WebRender to render widgets. +- name: widget.non-native-theme.webrender + type: bool +#if defined(XP_MACOSX) + # Disabled on macOS release / beta because of a suspected AMD driver bug (see + # bug 1715452). + value: @IS_NIGHTLY_BUILD@ +#else + value: true +#endif + mirror: always + +# Whether the outline style should be one big stroke or two contrasting strokes +- name: widget.non-native-theme.solid-outline-style + type: bool + value: false + mirror: always + +# Preference to disable dark scrollbar implementation. +# This is mainly for testing because dark scrollbars have to be semi- +# transparent, but many reftests expect scrollbars to look identical +# among different backgrounds. +# However, some users may want to disable this as well. +- name: widget.disable-dark-scrollbar + type: bool + value: false + mirror: always + +- name: widget.window-transforms.disabled + type: RelaxedAtomicBool + value: false + mirror: always + +#ifdef XP_MACOSX + +# Whether to shift by the menubar height on fullscreen mode. +# 0: never +# 1: always +# 2: auto (tries to detect when it is needed) +- name: widget.macos.shift-by-menubar-on-fullscreen + type: RelaxedAtomicUint32 + value: 2 + mirror: always + +- name: widget.macos.native-context-menus + type: RelaxedAtomicBool + value: true + mirror: always +#endif + +# Whether native GTK context menus are enabled. +# Disabled because at the very least there's missing custom icon support. +- name: widget.gtk.native-context-menus + type: RelaxedAtomicBool + value: false + mirror: always + +# Whether we use overlay scrollbars on GTK. +- name: widget.gtk.overlay-scrollbars.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether we honor the scrollbar colors from the gtk theme. +- name: widget.gtk.theme-scrollbar-colors.enabled + type: bool + value: true + mirror: always + +# Whether selection colors for the non-system theme get passed from the system +# GTK theme. +- name: widget.gtk.alt-theme.selection + type: bool + value: true + mirror: always + +# Whether form control accent colors for the non-system theme get passed from +# the system GTK theme. +- name: widget.gtk.alt-theme.accent + type: bool + value: true + mirror: always + +# Whether the scrollbar thumb active color from the non-system theme gets +# passed from the system GTK theme. +- name: widget.gtk.alt-theme.scrollbar_active + type: bool + value: true + mirror: always + +# Whether we should try to grab the pointer on popups. +# 0: Never +# 1: Always +# 2: Auto (depending on the system) +- name: widget.gtk.grab-pointer + type: int32_t + value: 2 + mirror: always + +# Whether we should try ignore bogus leave-notify events from the window +# manager. +# 0: Never +# 1: Always +# 2: Auto (depending on the system) +- name: widget.gtk.ignore-bogus-leave-notify + type: int32_t + value: 2 + mirror: always + +# Whether to use gtk high contrast themes to disable content styling like on +# windows high contrast mode. +- name: widget.content.gtk-high-contrast.enabled + type: bool + value: true + mirror: always + +# Whether to pause the compositor when a native window is minimized. +- name: widget.pause-compositor-when-minimized + type: bool + value: true + mirror: always + +#ifdef MOZ_WAYLAND +# Whether to override the DMABuf blocklist. +- name: widget.dmabuf.force-enabled + type: bool + value: false + mirror: once + +#ifdef NIGHTLY_BUILD +# Keep those pref hidden on non-nightly builds to avoid people accidentally +# turning it on. + +# Use DMABuf for content textures. +# For testing purposes only. +- name: widget.dmabuf-textures.enabled + type: RelaxedAtomicBool + value: false + mirror: always +#endif + +# Use DMABuf backend for WebGL. +- name: widget.dmabuf-webgl.enabled + type: RelaxedAtomicBool + value: true + mirror: always + +# Force fractional scaling using wp_viewporter. Valid values: 0.5 - 8 +- name: widget.wayland.fractional_buffer_scale + type: float + value: 0.0f + mirror: once + +# Use opaque region for MozContainer wl_surface +- name: widget.wayland.opaque-region.enabled + type: bool + value: true + mirror: once + +# Use frame callback based vsync +- name: widget.wayland.vsync.enabled + type: bool + value: true + mirror: once + +# Whether to keep firing vsync at layout.throttled_frame_rate after we've been +# occluded. +- name: widget.wayland.vsync.keep-firing-at-idle + type: bool + value: false + mirror: always +#endif + +#ifdef MOZ_WIDGET_GTK + +# Use gdk_window_move_to_rect to move Wayland popups when available. +- name: widget.wayland.use-move-to-rect + type: bool + value: true + mirror: once + +# The time we should spend on a DBUS call to the FileManager1 interface before +# giving up and trying an alternative method. +# +# -1 for the default system timeout, INT_MAX for "infinite time". +# +# This happens right now on the main thread so 1 second should be enough, we +# should consider moving it to a background task and just use the default +# timeout. +- name: widget.gtk.file-manager-show-items-timeout-ms + type: int32_t + value: 1000 + mirror: always + +# The timeout we should spend on a DBUS call to the Settings proxy before +# giving up. +# +# -1 for the default system timeout, INT_MAX for "infinite time". +# +# This runs just once, but during startup, so make sure it doesn't take too +# long. Three seconds should be way more than enough, and if we don't get the +# reply on time then the only potential issue is that we use a light instead of +# dark interface or vice versa. +- name: widget.gtk.settings-portal-timeout-ms + type: int32_t + value: 3000 + mirror: always + +# Whether to use gtk portal for the file picker. +# - 0: never +# - 1: always +# - 2: auto (true for flatpak or GTK_USE_PORTAL=1, false otherwise) +- name: widget.use-xdg-desktop-portal.file-picker + type: int32_t + value: 2 + mirror: always + +# Whether to use gtk portal for the mime handler. +# - 0: never +# - 1: always +# - 2: auto (for now only true for flatpak, see bug 1516290) +- name: widget.use-xdg-desktop-portal.mime-handler + type: int32_t + value: 2 + mirror: always + +# Whether to try to use XDG portal for settings / look-and-feel information. +# https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.Settings +# - 0: never +# - 1: always +# - 2: auto +- name: widget.use-xdg-desktop-portal.settings + type: int32_t + value: 2 + mirror: always + +# Whether to use XDG portal for geolocation. +# https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.Location +# - 0: never +# - 1: always +# - 2: auto +- name: widget.use-xdg-desktop-portal.location + type: int32_t + value: 2 + mirror: always +# Whether to use XDG portal for opening to a file. +# https://flatpak.github.io/xdg-desktop-portal/#gdbus-org.freedesktop.portal.OpenURI +# - 0: never +# - 1: always +# - 2: auto (true for flatpak or GTK_USE_PORTAL=1, false otherwise) +- name: widget.use-xdg-desktop-portal.open-uri + type: int32_t + value: 2 + mirror: always +#endif + +#ifdef XP_WIN +# WindowsUIUtils::Share to wait for user action on Windows share dialog +# `true` means the promise resolves when user completes or cancels the share +# action. This can be unsafe since selecting copy action fires no DataPackage +# event as of 21H1. +# `false` means the promise resolves when the share data is passed to +# DataPackage. +# This affects the behavior of `navigator.share()`. +- name: widget.windows.share.wait_action.enabled + type: bool + value: false + mirror: always + +- name: widget.windows.window_occlusion_tracking.enabled + type: bool + value: true + mirror: always + +# Whether overlay scrollbars respect the system settings. +# Note that these can be overridden by the ui.useOverlayScrollbars pref. +- name: widget.windows.overlay-scrollbars.enabled + type: bool + value: true + mirror: always + +# Whether we allow accessing the UWP system color pallete. +- name: widget.windows.uwp-system-colors.enabled + type: bool + value: true + mirror: always + +# Whether we use the accent color for highlight as some other UWP apps do. +# +# false for now since it can cause some contrast-with-background issues +# specially with grey accents, see bug 1776588. +- name: widget.windows.uwp-system-colors.highlight-accent + type: bool + value: false + mirror: always + +- name: widget.windows.window_occlusion_tracking_display_state.enabled + type: bool + value: false + mirror: always + +- name: widget.windows.window_occlusion_tracking_session_lock.enabled + type: bool + value: true + mirror: always + +- name: widget.windows.hide_cursor_when_typing + type: bool + value: false + mirror: always + +# Whether to apply logic intended to improve taskbar behavior involving +# non-foreground fullscreen windows. (See bug 1732517.) +- name: widget.windows.alternate_fullscreen_heuristics + type: RelaxedAtomicBool + value: true + mirror: always + +# Whether to apply a workaround intended to prevent Windows from treating +# non-foreground-marked fullscreen windows as fullscreen on Windows 7 and +# earlier. (See bug 1732517.) +# +# Valid values: +# * -1: the workaround is never used. +# * 1: the workaround is always used. +# * 0: the workaround is used if we think it should be. (Default.) +- name: widget.windows.fullscreen_marking_workaround + type: RelaxedAtomicInt32 + value: 0 + mirror: always + +# The number of messages of each type to keep for display in +# about:windows-messages +- name: widget.windows.messages_to_log + type: RelaxedAtomicUint32 + value: 6 + mirror: always + +# Whether to flush the Ole clipboard synchronously. +# Possible values are: +# * 0: never +# * 1: always +# * 2 (or others): when needed +- name: widget.windows.sync-clipboard-flush + type: uint32_t + value: 2 + mirror: always + +# Whether to apply a hack (adjusting the window height by -1px and back again) +# upon first entering fullscreen intended to work around a bug exhibited under +# on some Windows 11 machines under some configurations. (See bug 1763981.) +# +# Semantics: +# * 0: never +# * 1: always +# * 2: auto +- name: widget.windows.apply-dwm-resize-hack + type: RelaxedAtomicInt32 + value: 2 + mirror: always +#endif + +# Whether to disable SwipeTracker (e.g. swipe-to-nav). +- name: widget.disable-swipe-tracker + type: bool + value: false + mirror: always + +# Various metrics to control SwipeTracker. +- name: widget.swipe.velocity-twitch-tolerance + type: float + value: 0.0000001f + mirror: always + +- name: widget.swipe.success-velocity-contribution + type: float + value: 0.05f + mirror: always + +# The values for this pref are derived from trial and error in an effort to +# match the existing behavior on the respective platforms. +- name: widget.swipe.whole-page-pixel-size + type: float +#if defined(XP_WIN) + value: 1100.0f +#elif defined(XP_MACOSX) + value: 550.0f +#else + value: 40.0f +#endif + mirror: always + +- name: widget.transparent-windows + type: bool + value: true + mirror: once + +#--------------------------------------------------------------------------- +# Prefs starting with "zoom." +#--------------------------------------------------------------------------- + +- name: zoom.maxPercent + type: uint32_t +#ifdef ANDROID + value: 400 +#else + value: 500 +#endif + mirror: always + +- name: zoom.minPercent + type: uint32_t +#ifdef ANDROID + value: 20 +#else + value: 30 +#endif + mirror: always + +#--------------------------------------------------------------------------- +# End of prefs +#--------------------------------------------------------------------------- diff --git a/modules/libpref/init/StaticPrefListBegin.h b/modules/libpref/init/StaticPrefListBegin.h new file mode 100644 index 0000000000..27bd726cc8 --- /dev/null +++ b/modules/libpref/init/StaticPrefListBegin.h @@ -0,0 +1,65 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This file does not make sense on its own. It must be #included along with +// StaticPrefsListEnd.h in all headers that contribute prefs to the StaticPrefs +// namespace. + +#include "StaticPrefsBase.h" +#include "Preferences.h" +#include "MainThreadUtils.h" // for NS_IsMainThread() +#include "nsXULAppAPI.h" // for XRE_IsContentProcess() + +namespace mozilla { +namespace StaticPrefs { + +// For mirrored prefs we generate an extern variable declaration and three +// getter declarations/definitions. +#define NEVER_PREF(name, cpp_type, default_value) +#define ALWAYS_PREF(name, base_id, full_id, cpp_type, default_value) \ + extern cpp_type sMirror_##full_id; \ + inline StripAtomic<cpp_type> full_id() { \ + if (IsString<cpp_type>::value && sCrashOnBlocklistedPref) { \ + MOZ_DIAGNOSTIC_ASSERT(!IsPreferenceSanitized(name), \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + MOZ_DIAGNOSTIC_ASSERT(IsAtomic<cpp_type>::value || NS_IsMainThread(), \ + "Non-atomic static pref '" name \ + "' being accessed on background thread by getter"); \ + return sMirror_##full_id; \ + } \ + inline const char* GetPrefName_##base_id() { return name; } \ + inline StripAtomic<cpp_type> GetPrefDefault_##base_id() { \ + return default_value; \ + } +#define ALWAYS_DATAMUTEX_PREF(name, base_id, full_id, cpp_type, default_value) \ + extern cpp_type sMirror_##full_id; \ + inline cpp_type::ConstAutoLock full_id() { \ + if (IsString<cpp_type>::value && sCrashOnBlocklistedPref) { \ + MOZ_DIAGNOSTIC_ASSERT(!IsPreferenceSanitized(name), \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + return sMirror_##full_id.ConstLock(); \ + } \ + inline const char* GetPrefName_##base_id() { return name; } \ + inline StripAtomic<cpp_type> GetPrefDefault_##base_id() { \ + return default_value; \ + } +#define ONCE_PREF(name, base_id, full_id, cpp_type, default_value) \ + extern cpp_type sMirror_##full_id; \ + inline cpp_type full_id() { \ + MaybeInitOncePrefs(); \ + if (IsString<cpp_type>::value && sCrashOnBlocklistedPref) { \ + MOZ_DIAGNOSTIC_ASSERT(!IsPreferenceSanitized(name), \ + "Should not access the preference '" name \ + "' in Content Processes"); \ + } \ + return sMirror_##full_id; \ + } \ + inline const char* GetPrefName_##base_id() { return name; } \ + inline cpp_type GetPrefDefault_##base_id() { return default_value; } diff --git a/modules/libpref/init/StaticPrefListEnd.h b/modules/libpref/init/StaticPrefListEnd.h new file mode 100644 index 0000000000..d7bf3099ab --- /dev/null +++ b/modules/libpref/init/StaticPrefListEnd.h @@ -0,0 +1,20 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// This file should be #included, along with StaticPrefListStart.h, in all +// headers that contribute prefs to the StaticPrefs namespace. + +// This file does not make sense on its own. It must be #included along with +// StaticPrefsListBegin.h in all headers that contribute prefs to the +// StaticPrefs namespace. + +#undef NEVER_PREF +#undef ALWAYS_PREF +#undef ALWAYS_DATAMUTEX_PREF +#undef ONCE_PREF + +} // namespace StaticPrefs +} // namespace mozilla diff --git a/modules/libpref/init/__init__.py b/modules/libpref/init/__init__.py new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/modules/libpref/init/__init__.py diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js new file mode 100644 index 0000000000..c7c6f0ca82 --- /dev/null +++ b/modules/libpref/init/all.js @@ -0,0 +1,4192 @@ +// -*- indent-tabs-mode: nil; js-indent-level: 2 -*- +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// The prefs in this file are shipped with the GRE and should apply to all +// embedding situations. Application-specific preferences belong somewhere +// else, such as browser/app/profile/firefox.js or +// mobile/android/app/mobile.js. +// +// NOTE: Not all prefs should be defined in this (or any other) data file. +// Static prefs are defined in StaticPrefList.yaml. Those prefs should *not* +// appear in this file. +// +// For the syntax used by this file, consult the comments at the top of +// modules/libpref/parser/src/lib.rs. +// +// Please indent all prefs defined within #ifdef/#ifndef conditions. This +// improves readability, particular for conditional blocks that exceed a single +// screen. + +pref("security.tls.insecure_fallback_hosts", ""); + +pref("security.default_personal_cert", "Ask Every Time"); +pref("security.remember_cert_checkbox_default_setting", true); + +// This preference controls what signature algorithms are accepted for signed +// apps (i.e. add-ons). The number is interpreted as a bit mask with the +// following semantic: +// The lowest order bit determines which PKCS#7 algorithms are accepted. +// xxx_0_: SHA-1 and/or SHA-256 PKCS#7 allowed +// xxx_1_: SHA-256 PKCS#7 allowed +// The next two bits determine whether COSE is required and PKCS#7 is allowed +// x_00_x: COSE disabled, ignore files, PKCS#7 must verify +// x_01_x: COSE is verified if present, PKCS#7 must verify +// x_10_x: COSE is required, PKCS#7 must verify if present +// x_11_x: COSE is required, PKCS#7 disabled (fail when present) +pref("security.signed_app_signatures.policy", 2); + +pref("security.xfocsp.errorReporting.enabled", true); +pref("security.xfocsp.errorReporting.automatic", false); + +// Issuer we use to detect MitM proxies. Set to the issuer of the cert of the +// Firefox update service. The string format is whatever NSS uses to print a DN. +// This value is set and cleared automatically. +pref("security.pki.mitm_canary_issuer", ""); +// Pref to disable the MitM proxy checks. +pref("security.pki.mitm_canary_issuer.enabled", true); + +// It is set to true when a non-built-in root certificate is detected on a +// Firefox update service's connection. +// This value is set automatically. +// The difference between security.pki.mitm_canary_issuer and this pref is that +// here the root is trusted but not a built-in, whereas for +// security.pki.mitm_canary_issuer.enabled, the root is not trusted. +pref("security.pki.mitm_detected", false); + +// Intermediate CA Preloading settings +pref("security.remote_settings.intermediates.enabled", true); +pref("security.remote_settings.intermediates.downloads_per_poll", 5000); +pref("security.remote_settings.intermediates.parallel_downloads", 8); + +#if defined(EARLY_BETA_OR_EARLIER) && !defined(MOZ_WIDGET_ANDROID) + pref("security.remote_settings.crlite_filters.enabled", true); +#else + pref("security.remote_settings.crlite_filters.enabled", false); +#endif + +pref("security.osreauthenticator.blank_password", false); +pref("security.osreauthenticator.password_last_changed_lo", 0); +pref("security.osreauthenticator.password_last_changed_hi", 0); + +pref("security.crash_tracking.js_load_1.prevCrashes", 0); +pref("security.crash_tracking.js_load_1.maxCrashes", 0); + +pref("general.useragent.compatMode.firefox", false); + +pref("general.config.obscure_value", 13); // for MCD .cfg files + +#ifndef MOZ_BUILD_APP_IS_BROWSER +pref("general.warnOnAboutConfig", true); +#endif + +// Whether middle button click with a modifier key starts to autoscroll or +// does nothing. +pref("general.autoscroll.prevent_to_start.shiftKey", true); // Shift +pref("general.autoscroll.prevent_to_start.ctrlKey", false); // Control +pref("general.autoscroll.prevent_to_start.altKey", false); // Alt +pref("general.autoscroll.prevent_to_start.metaKey", false); // Command on macOS +pref("general.autoscroll.prevent_to_start.osKey", false); // Windows key on Windows or Super key on Linux + +// When this pref is set to true, middle click on non-editable content keeps +// selected range rather than collapsing selection at the clicked position. +// This behavior is incompatible with Chrome, so enabling this could cause +// breaking some web apps. +// Note that this pref is ignored when "general.autoScroll" is set to false +// or "middlemouse.paste" is set to true. For the former case, there is no +// reason do be incompatible with Chrome. For the latter case, the selection +// change is important for "paste" event listeners even if it's non-editable +// content. +pref("general.autoscroll.prevent_to_collapse_selection_by_middle_mouse_down", false); + +// maximum number of dated backups to keep at any time +pref("browser.bookmarks.max_backups", 5); + +pref("browser.cache.disk_cache_ssl", true); +// The half life used to re-compute cache entries frecency in hours. +pref("browser.cache.frecency_half_life_hours", 6); + +// offline cache capacity in kilobytes +pref("browser.cache.offline.capacity", 512000); + +// Don't show "Open with" option on download dialog if true. +pref("browser.download.forbid_open_with", false); + +// Enable indexedDB logging. +pref("dom.indexedDB.logging.enabled", true); +// Detailed output in log messages. +pref("dom.indexedDB.logging.details", true); +// Enable profiler marks for indexedDB events. +pref("dom.indexedDB.logging.profiler-marks", false); + +// The number of workers per domain allowed to run concurrently. +// We're going for effectively infinite, while preventing abuse. +pref("dom.workers.maxPerDomain", 512); + +// The amount of time (milliseconds) service workers keep running after each event. +pref("dom.serviceWorkers.idle_timeout", 30000); + +// The amount of time (milliseconds) service workers can be kept running using waitUntil promises +// or executing "long-running" JS after the "idle_timeout" period has expired. +pref("dom.serviceWorkers.idle_extended_timeout", 30000); + +// The amount of time (milliseconds) an update request is delayed when triggered +// by a service worker that doesn't control any clients. +pref("dom.serviceWorkers.update_delay", 1000); + +// Enable test for 24 hours update, service workers will always treat last update check time is over 24 hours +pref("dom.serviceWorkers.testUpdateOverOneDay", false); + +// Blacklist of domains of web apps which are not aware of strict keypress +// dispatching behavior. This is comma separated list. If you need to match +// all sub-domains, you can specify it as "*.example.com". Additionally, you +// can limit the path. E.g., "example.com/foo" means "example.com/foo*". So, +// if you need to limit under a directory, the path should end with "/" like +// "example.com/foo/". Note that this cannot limit port number for now. +pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys", "www.icloud.com"); +// Pref for end-users and policy to add additional values. +pref("dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl", ""); + +// Blacklist of domains of web apps which handle keyCode and charCode of +// keypress events with a path only for Firefox (i.e., broken if we set +// non-zero keyCode or charCode value to the other). The format is exactly +// same as "dom.keyboardevent.keypress.hack.dispatch_non_printable_keys". So, +// check its explanation for the detail. +pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode", "*.collabserv.com,*.gov.online.office365.us,*.officeapps-df.live.com,*.officeapps.live.com,*.online.office.de,*.partner.officewebapps.cn,*.scniris.com"); +// Pref for end-users and policy to add additional values. +pref("dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl", ""); + +// Blacklist of domains of web apps which listen for non-primary click events +// on window global or document. The format is exactly same as +// "dom.keyboardevent.keypress.hack.dispatch_non_printable_keys". So, check its +// explanation for the detail. +pref("dom.mouseevent.click.hack.use_legacy_non-primary_dispatch", ""); + +// Text recognition is a platform dependent feature, so even if this preference is +// enabled here, the feature may not be visible in all browsers. +pref("dom.text-recognition.enabled", true); + +// Fastback caching - if this pref is negative, then we calculate the number +// of content viewers to cache based on the amount of available memory. +pref("browser.sessionhistory.max_total_viewers", -1); + +// min font device pixel size at which to turn on high quality +pref("browser.display.auto_quality_min_font_size", 20); + +// See http://whatwg.org/specs/web-apps/current-work/#ping +pref("browser.send_pings", false); +pref("browser.send_pings.max_per_link", 1); // limit the number of pings that are sent per link click +pref("browser.send_pings.require_same_host", false); // only send pings to the same host if this is true + +pref("browser.helperApps.neverAsk.saveToDisk", ""); +pref("browser.helperApps.neverAsk.openFile", ""); +pref("browser.helperApps.deleteTempFileOnExit", false); + +// max image size for which it is placed in the tab icon for tabbrowser. +// if 0, no images are used for tab icons for image documents. +pref("browser.chrome.image_icons.max_size", 1024); + +pref("browser.triple_click_selects_paragraph", true); + +// Enable fillable forms in the PDF viewer. +pref("pdfjs.annotationMode", 2); + +// Enable editing in the PDF viewer. +pref("pdfjs.annotationEditorMode", 0); + +// Enable JavaScript support in the PDF viewer. +pref("pdfjs.enableScripting", true); + +// Enable XFA form support in the PDF viewer. +pref("pdfjs.enableXfa", true); + +// Disable support for MathML +pref("mathml.disabled", false); + +// Enable scale transform for stretchy MathML operators. See bug 414277. +pref("mathml.scale_stretchy_operators.enabled", true); + +// Used by ChannelMediaResource to run data callbacks from HTTP channel +// off the main thread. +pref("media.omt_data_delivery.enabled", true); + +// We'll throttle the download if the download rate is throttle-factor times +// the estimated playback rate, AND we satisfy the cache readahead_limit +// above. The estimated playback rate is time_duration/length_in_bytes. +// This means we'll only throttle the download if there's no concern that +// throttling would cause us to stop and buffer. +pref("media.throttle-factor", 2); +// By default, we'll throttle media download once we've reached the the +// readahead_limit if the download is fast. This pref toggles the "and the +// download is fast" check off, so that we can always throttle the download +// once the readaheadd limit is reached even on a slow network. +pref("media.throttle-regardless-of-download-rate", false); + +// Master HTML5 media volume scale. +pref("media.volume_scale", "1.0"); + +// Whether we should play videos opened in a "video document", i.e. videos +// opened as top-level documents, as opposed to inside a media element. +pref("media.play-stand-alone", true); + +#ifdef MOZ_WMF + pref("media.wmf.dxva.enabled", true); + pref("media.wmf.play-stand-alone", true); +#endif +pref("media.gmp.decoder.aac", 0); +pref("media.gmp.decoder.h264", 0); + +// GMP storage version number. At startup we check the version against +// media.gmp.storage.version.observed, and if the versions don't match, +// we clear storage and set media.gmp.storage.version.observed=expected. +// This provides a mechanism to clear GMP storage when non-compatible +// changes are made. +pref("media.gmp.storage.version.expected", 1); + +// Filter what triggers user notifications. +// See DecoderDoctorDocumentWatcher::ReportAnalysis for details. +#ifdef NIGHTLY_BUILD + pref("media.decoder-doctor.notifications-allowed", "MediaWMFNeeded,MediaWidevineNoWMF,MediaCannotInitializePulseAudio,MediaCannotPlayNoDecoders,MediaUnsupportedLibavcodec,MediaPlatformDecoderNotFound,MediaDecodeError"); +#else + pref("media.decoder-doctor.notifications-allowed", "MediaWMFNeeded,MediaWidevineNoWMF,MediaCannotInitializePulseAudio,MediaCannotPlayNoDecoders,MediaUnsupportedLibavcodec,MediaPlatformDecoderNotFound"); +#endif +pref("media.decoder-doctor.decode-errors-allowed", ""); +pref("media.decoder-doctor.decode-warnings-allowed", ""); +// Whether we report partial failures. +pref("media.decoder-doctor.verbose", false); +// URL to report decode issues +pref("media.decoder-doctor.new-issue-endpoint", "https://webcompat.com/issues/new"); + +pref("media.videocontrols.picture-in-picture.enabled", false); +pref("media.videocontrols.picture-in-picture.display-text-tracks.enabled", true); +pref("media.videocontrols.picture-in-picture.video-toggle.enabled", false); +pref("media.videocontrols.picture-in-picture.video-toggle.always-show", false); +pref("media.videocontrols.picture-in-picture.video-toggle.min-video-secs", 45); +pref("media.videocontrols.picture-in-picture.video-toggle.position", "right"); +pref("media.videocontrols.picture-in-picture.video-toggle.has-used", false); +pref("media.videocontrols.picture-in-picture.display-text-tracks.toggle.enabled", true); +pref("media.videocontrols.picture-in-picture.display-text-tracks.size", "medium"); +pref("media.videocontrols.picture-in-picture.improved-video-controls.enabled", true); +#ifdef NIGHTLY_BUILD + pref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", true); +#else + pref("media.videocontrols.picture-in-picture.respect-disablePictureInPicture", false); +#endif +pref("media.videocontrols.keyboard-tab-to-all-controls", true); + +#ifdef MOZ_WEBRTC + pref("media.navigator.video.enabled", true); + pref("media.navigator.video.default_fps",30); + pref("media.navigator.video.use_remb", true); + pref("media.navigator.video.use_transport_cc", true); + pref("media.peerconnection.video.use_rtx", true); + pref("media.peerconnection.video.use_rtx.blocklist", "doxy.me,*.doxy.me"); + pref("media.navigator.video.use_tmmbr", false); + pref("media.navigator.audio.use_fec", true); + pref("media.navigator.video.red_ulpfec_enabled", false); + pref("media.navigator.video.offer_rtcp_rsize", true); + + #ifdef NIGHTLY_BUILD + pref("media.peerconnection.sdp.parser", "sipcc"); + pref("media.peerconnection.sdp.alternate_parse_mode", "parallel"); + pref("media.peerconnection.sdp.strict_success", false); + #else + pref("media.peerconnection.sdp.parser", "sipcc"); + pref("media.peerconnection.sdp.alternate_parse_mode", "never"); + pref("media.peerconnection.sdp.strict_success", false); + #endif + + pref("media.peerconnection.sdp.disable_stereo_fmtp", false); + pref("media.webrtc.debug.trace_mask", 0); + pref("media.webrtc.debug.multi_log", false); + pref("media.webrtc.debug.log_file", ""); + pref("media.webrtc.debug.aec_dump_max_size", 4194304); // 4MB + + pref("media.navigator.video.default_width",0); // adaptive default + pref("media.navigator.video.default_height",0); // adaptive default + pref("media.peerconnection.video.enabled", true); + pref("media.navigator.video.max_fs", 12288); // Enough for 2048x1536 + pref("media.navigator.video.max_fr", 60); + pref("media.navigator.video.h264.level", 31); // 0x42E01f - level 3.1 + pref("media.navigator.video.h264.max_br", 0); + pref("media.navigator.video.h264.max_mbps", 0); + pref("media.peerconnection.video.vp9_enabled", true); + pref("media.peerconnection.video.vp9_preferred", false); + pref("media.getusermedia.channels", 0); + #if defined(ANDROID) + pref("media.getusermedia.camera.off_while_disabled.enabled", false); + pref("media.getusermedia.microphone.off_while_disabled.enabled", false); + #else + pref("media.getusermedia.camera.off_while_disabled.enabled", true); + pref("media.getusermedia.microphone.off_while_disabled.enabled", false); + #endif + pref("media.getusermedia.camera.off_while_disabled.delay_ms", 3000); + pref("media.getusermedia.microphone.off_while_disabled.delay_ms", 3000); + // Desktop is typically VGA capture or more; and qm_select will not drop resolution + // below 1/2 in each dimension (or so), so QVGA (320x200) is the lowest here usually. + pref("media.peerconnection.video.min_bitrate", 0); + pref("media.peerconnection.video.start_bitrate", 0); + pref("media.peerconnection.video.max_bitrate", 0); + pref("media.peerconnection.video.min_bitrate_estimate", 0); + pref("media.peerconnection.video.denoising", false); + pref("media.navigator.audio.fake_frequency", 1000); + pref("media.navigator.permission.disabled", false); + pref("media.navigator.streams.fake", false); + pref("media.peerconnection.default_iceservers", "[]"); + pref("media.peerconnection.allow_old_setParameters", true); + pref("media.peerconnection.ice.loopback", false); // Set only for testing in offline environments. + pref("media.peerconnection.ice.tcp", true); + pref("media.peerconnection.ice.tcp_so_sock_count", 0); // Disable SO gathering + pref("media.peerconnection.ice.link_local", false); // Set only for testing IPV6 in networks that don't assign IPV6 addresses + pref("media.peerconnection.ice.force_interface", ""); // Limit to only a single interface + pref("media.peerconnection.ice.relay_only", false); // Limit candidates to TURN + pref("media.peerconnection.use_document_iceservers", true); + + pref("media.peerconnection.identity.timeout", 10000); + pref("media.peerconnection.ice.stun_client_maximum_transmits", 7); + pref("media.peerconnection.ice.trickle_grace_period", 5000); + pref("media.peerconnection.ice.no_host", false); + pref("media.peerconnection.ice.default_address_only", false); + // See Bug 1581947 for Android hostname obfuscation + #if defined(MOZ_WIDGET_ANDROID) + pref("media.peerconnection.ice.obfuscate_host_addresses", false); + #else + pref("media.peerconnection.ice.obfuscate_host_addresses", true); + #endif + pref("media.peerconnection.ice.obfuscate_host_addresses.blocklist", ""); + pref("media.peerconnection.ice.proxy_only_if_behind_proxy", false); + pref("media.peerconnection.ice.proxy_only", false); + pref("media.peerconnection.ice.proxy_only_if_pbmode", false); + pref("media.peerconnection.turn.disable", false); + + // 770 = DTLS 1.0, 771 = DTLS 1.2, 772 = DTLS 1.3 +pref("media.peerconnection.dtls.version.min", 771); +#ifdef NIGHTLY_BUILD + pref("media.peerconnection.dtls.version.max", 772); +#else + pref("media.peerconnection.dtls.version.max", 771); +#endif + + // These values (aec, agc, and noise) are from: + // third_party/libwebrtc/modules/audio_processing/include/audio_processing.h + pref("media.getusermedia.aec_enabled", true); + pref("media.getusermedia.aec", 1); // kModerateSuppression + pref("media.getusermedia.use_aec_mobile", false); + pref("media.getusermedia.residual_echo_enabled", false); + pref("media.getusermedia.noise_enabled", true); + pref("media.getusermedia.noise", 2); // kHigh + pref("media.getusermedia.agc_enabled", true); + pref("media.getusermedia.agc", 1); // kAdaptiveDigital + pref("media.getusermedia.agc2_forced", true); + pref("media.getusermedia.hpf_enabled", true); + pref("media.getusermedia.transient_enabled", true); +#endif // MOZ_WEBRTC + +#if !defined(ANDROID) + pref("media.getusermedia.screensharing.enabled", true); +#endif + +pref("media.getusermedia.audiocapture.enabled", false); + +// WebVTT pseudo element and class support. +pref("media.webvtt.pseudo.enabled", true); + +// WebVTT debug logging. +pref("media.webvtt.debug.logging", false); + +// Whether to allow recording of AudioNodes with MediaRecorder +pref("media.recorder.audio_node.enabled", false); + +// Whether MediaRecorder's video encoder should allow dropping frames in order +// to keep up under load. Useful for tests but beware of memory consumption! +pref("media.recorder.video.frame_drops", true); + +// The default number of decoded video frames that are enqueued in +// MediaDecoderReader's mVideoQueue. +pref("media.video-queue.default-size", 10); + +// The maximum number of queued frames to send to the compositor. +// By default, send all of them. +pref("media.video-queue.send-to-compositor-size", 9999); + +// Log level for cubeb, the audio input/output system. Valid values are +// "verbose", "normal" and "" (log disabled). +pref("media.cubeb.logging_level", ""); + +pref("media.cubeb.output_voice_routing", true); + +// GraphRunner (fixed MediaTrackGraph thread) control +pref("media.audiograph.single_thread.enabled", true); + +// APZ preferences. For documentation/details on what these prefs do, check +// gfx/layers/apz/src/AsyncPanZoomController.cpp. +pref("apz.overscroll.stop_velocity_threshold", "0.01"); +pref("apz.overscroll.stretch_factor", "0.35"); + +pref("apz.zoom-to-focused-input.enabled", true); + +pref("formhelper.autozoom.force-disable.test-only", false); + +#ifdef XP_MACOSX + // Whether to run in native HiDPI mode on machines with "Retina"/HiDPI + // display. + // <= 0 : hidpi mode disabled, display will just use pixel-based upscaling. + // == 1 : hidpi supported if all screens share the same backingScaleFactor. + // >= 2 : hidpi supported even with mixed backingScaleFactors (somewhat + // broken). + pref("gfx.hidpi.enabled", 2); +#endif + +pref("gfx.downloadable_fonts.enabled", true); +pref("gfx.downloadable_fonts.fallback_delay", 3000); +pref("gfx.downloadable_fonts.fallback_delay_short", 100); + +// disable downloadable font cache so that behavior is consistently +// the uncached load behavior across pages (useful for testing reflow problems) +pref("gfx.downloadable_fonts.disable_cache", false); + +#ifdef XP_WIN + pref("gfx.font_rendering.directwrite.use_gdi_table_loading", true); +#endif + +#if defined(XP_WIN) + // comma separated list of backends to use in order of preference + // e.g., pref("gfx.canvas.azure.backends", "direct2d,skia"); + pref("gfx.canvas.azure.backends", "direct2d1.1,skia"); +#elif defined(XP_MACOSX) + pref("gfx.canvas.azure.backends", "skia"); +#else + pref("gfx.canvas.azure.backends", "skia"); +#endif +pref("gfx.content.azure.backends", "skia"); + +#ifdef XP_WIN + pref("gfx.webrender.flip-sequential", false); + pref("gfx.webrender.dcomp-win.enabled", true); + pref("gfx.webrender.triple-buffering.enabled", true); +#endif + +// WebRender debugging utilities. +pref("gfx.webrender.debug.texture-cache", false); +pref("gfx.webrender.debug.texture-cache.clear-evicted", true); +pref("gfx.webrender.debug.render-targets", false); +pref("gfx.webrender.debug.gpu-cache", false); +pref("gfx.webrender.debug.alpha-primitives", false); +pref("gfx.webrender.debug.profiler", false); +pref("gfx.webrender.debug.gpu-time-queries", false); +pref("gfx.webrender.debug.gpu-sample-queries", false); +pref("gfx.webrender.debug.disable-batching", false); +pref("gfx.webrender.debug.epochs", false); +pref("gfx.webrender.debug.echo-driver-messages", false); +pref("gfx.webrender.debug.show-overdraw", false); +pref("gfx.webrender.debug.slow-frame-indicator", false); +pref("gfx.webrender.debug.picture-caching", false); +pref("gfx.webrender.debug.force-picture-invalidation", false); +pref("gfx.webrender.debug.primitives", false); +pref("gfx.webrender.debug.small-screen", false); +pref("gfx.webrender.debug.obscure-images", false); +pref("gfx.webrender.debug.glyph-flashing", false); +pref("gfx.webrender.debug.capture-profiler", false); +pref("gfx.webrender.debug.profiler-ui", "Default"); +pref("gfx.webrender.debug.window-visibility", false); + +pref("gfx.webrender.multithreading", true); +#ifdef XP_WIN +pref("gfx.webrender.pbo-uploads", false); +pref("gfx.webrender.batched-texture-uploads", true); +pref("gfx.webrender.draw-calls-for-texture-copy", true); +#else +pref("gfx.webrender.pbo-uploads", true); +pref("gfx.webrender.batched-texture-uploads", false); +pref("gfx.webrender.draw-calls-for-texture-copy", false); +#endif + + +pref("accessibility.warn_on_browsewithcaret", true); + +pref("accessibility.browsewithcaret_shortcut.enabled", true); + +#ifndef XP_MACOSX + // Tab focus model bit field: + // 1 focuses text controls, 2 focuses other form elements, 4 adds links. + // Most users will want 1, 3, or 7. + // On OS X, we use Full Keyboard Access system preference, + // unless accessibility.tabfocus is set by the user. + pref("accessibility.tabfocus", 7); + pref("accessibility.tabfocus_applies_to_xul", false); +#else + // Only on mac tabfocus is expected to handle UI widgets as well as web + // content. + pref("accessibility.tabfocus_applies_to_xul", true); +#endif + +// We follow the "Click in the scrollbar to:" system preference on OS X and +// "gtk-primary-button-warps-slider" property with GTK (since 2.24 / 3.6), +// unless this preference is explicitly set. +#if !defined(XP_MACOSX) && !defined(MOZ_WIDGET_GTK) + pref("ui.scrollToClick", 0); +#endif + +// These are some selection-related colors which have no per platform +// implementation. +#if !defined(XP_MACOSX) +pref("ui.textSelectDisabledBackground", "#b0b0b0"); +#endif + +// This makes the selection stand out when typeaheadfind is on. +// Used with nsISelectionController::SELECTION_ATTENTION +pref("ui.textSelectAttentionBackground", "#38d878"); +pref("ui.textSelectAttentionForeground", "#ffffff"); + +// This makes the matched text stand out when findbar highlighting is on. +// Used with nsISelectionController::SELECTION_FIND +pref("ui.textHighlightBackground", "#ef0fff"); +// The foreground color for the matched text in findbar highlighting +// Used with nsISelectionController::SELECTION_FIND +pref("ui.textHighlightForeground", "#ffffff"); +// The background color for :autofill-ed inputs. +// +// In the past, we used the following `filter` to paint autofill backgrounds: +// +// grayscale(21%) brightness(88%) contrast(161%) invert(10%) sepia(40%) saturate(206%); +// +// but there are some pages where using `filter` caused issues because it +// changes the z-order (see bug 1687682, bug 1727950). +// +// The color is chosen so that you get the same final color on a white +// background as the filter above (#fffcc8), but with some alpha so as to +// prevent fully illegible text. +pref("ui.-moz-autofill-background", "rgba(255, 249, 145, .5)"); + +// We want the ability to forcibly disable platform a11y, because +// some non-a11y-related components attempt to bring it up. See bug +// 538530 for details about Windows; we have a pref here that allows it +// to be disabled for performance and testing resons. +// See bug 761589 for the crossplatform aspect. +// +// This pref is checked only once, and the browser needs a restart to +// pick up any changes. +// +// Values are -1 always on. 1 always off, 0 is auto as some platform perform +// further checks. +pref("accessibility.force_disabled", 0); + +#ifdef XP_WIN + // Some accessibility tools poke at windows in the plugin process during + // setup which can cause hangs. To hack around this set + // accessibility.delay_plugins to true, you can also try increasing + // accessibility.delay_plugin_time if your machine is slow and you still + // experience hangs. See bug 781791. + pref("accessibility.delay_plugins", false); + pref("accessibility.delay_plugin_time", 10000); + + // The COM handler used for Windows e10s performance and live regions. + pref("accessibility.handler.enabled", true); +#endif + +pref("focusmanager.testmode", false); + +pref("accessibility.usetexttospeech", ""); + +// Type Ahead Find +pref("accessibility.typeaheadfind", true); +// Enable FAYT by pressing / or " +pref("accessibility.typeaheadfind.manual", true); +pref("accessibility.typeaheadfind.autostart", true); +// casesensitive: controls the find bar's case-sensitivity +// 0 - "never" (case-insensitive) +// 1 - "always" (case-sensitive) +// other - "auto" (case-sensitive for mixed-case input, insensitive otherwise) +pref("accessibility.typeaheadfind.casesensitive", 0); +pref("accessibility.typeaheadfind.linksonly", true); +pref("accessibility.typeaheadfind.startlinksonly", false); +// timeout: controls the delay in milliseconds after which the quick-find dialog will close +// if no further keystrokes are pressed +// set to a zero or negative value to keep dialog open until it's manually closed +pref("accessibility.typeaheadfind.timeout", 4000); +pref("accessibility.typeaheadfind.soundURL", "beep"); +pref("accessibility.typeaheadfind.enablesound", true); +#ifdef XP_MACOSX + pref("accessibility.typeaheadfind.prefillwithselection", false); +#else + pref("accessibility.typeaheadfind.prefillwithselection", true); +#endif +pref("accessibility.typeaheadfind.matchesCountLimit", 1000); +pref("findbar.highlightAll", false); +pref("findbar.entireword", false); +pref("findbar.iteratorTimeout", 100); +// matchdiacritics: controls the find bar's diacritic matching +// 0 - "never" (ignore diacritics) +// 1 - "always" (match diacritics) +// other - "auto" (match diacritics if input has diacritics, ignore otherwise) +pref("findbar.matchdiacritics", 0); +pref("findbar.modalHighlight", false); + +// use Mac OS X Appearance panel text smoothing setting when rendering text, disabled by default +pref("gfx.use_text_smoothing_setting", false); + +// Number of characters to consider emphasizing for rich autocomplete results +pref("toolkit.autocomplete.richBoundaryCutoff", 200); + +pref("toolkit.scrollbox.smoothScroll", true); +pref("toolkit.scrollbox.scrollIncrement", 20); +pref("toolkit.scrollbox.clickToScroll.scrollDelay", 150); + +// Controls logging for Sqlite.sys.mjs. +pref("toolkit.sqlitejsm.loglevel", "Error"); + +pref("toolkit.tabbox.switchByScrolling", false); + +// Telemetry settings. +// Server to submit telemetry pings to. +pref("toolkit.telemetry.server", "https://incoming.telemetry.mozilla.org"); +// Telemetry server owner. Please change if you set toolkit.telemetry.server to a different server +pref("toolkit.telemetry.server_owner", "Mozilla"); +// Determines whether full SQL strings are returned when they might contain sensitive info +// i.e. dynamically constructed SQL strings or SQL executed by addons against addon DBs +pref("toolkit.telemetry.debugSlowSql", false); +// Whether to use the unified telemetry behavior, requires a restart. +pref("toolkit.telemetry.unified", true); + +// DAP related preferences +pref("toolkit.telemetry.dap_enabled", false); +// Verification tasks +pref("toolkit.telemetry.dap_task1_enabled", false); +// Leader endpoint for the DAP protocol +pref("toolkit.telemetry.dap_leader", "https://dap-02.api.divviup.org"); +// Not used for anything. Just additional information. +pref("toolkit.telemetry.dap_leader_owner", "ISRG"); +// Second DAP server. Only two are currently supported. +pref("toolkit.telemetry.dap_helper", "https://helper1.dap.cloudflareresearch.com/v02"); +pref("toolkit.telemetry.dap_helper_owner", "Cloudflare"); +pref("toolkit.telemetry.dap.logLevel", "Warn"); + +// AsyncShutdown delay before crashing in case of shutdown freeze +// ASan, TSan and code coverage builds can be considerably slower. Extend the +// grace period for both the asyncshutdown and the terminator. +#if defined(MOZ_ASAN) + pref("toolkit.asyncshutdown.crash_timeout", 300000); // 5 minutes +#elif defined(MOZ_TSAN) + pref("toolkit.asyncshutdown.crash_timeout", 360000); // 6 minutes +#elif defined(MOZ_CODE_COVERAGE) + pref("toolkit.asyncshutdown.crash_timeout", 180000); // 3 minutes +#else + pref("toolkit.asyncshutdown.crash_timeout", 60000); // 1 minute +#endif // !defined(MOZ_ASAN) && !defined(MOZ_TSAN) +// Extra logging for AsyncShutdown barriers and phases +pref("toolkit.asyncshutdown.log", false); + +// Enable JS dump() function. +// IMPORTANT: These prefs must be here even though they're also defined in +// StaticPrefList.yaml. They are required because MOZILLA_OFFICIAL is false in +// local full builds but true in artifact builds. Without these definitions +// here, dumping is disabled in artifact builds (see Bug 1490412). +#ifdef MOZILLA_OFFICIAL + pref("browser.dom.window.dump.enabled", false, sticky); + pref("devtools.console.stdout.chrome", false, sticky); +#else + pref("browser.dom.window.dump.enabled", true, sticky); + pref("devtools.console.stdout.chrome", true, sticky); +#endif + +pref("devtools.console.stdout.content", false, sticky); + +// Controls whether EventEmitter module throws dump message on each emit +pref("toolkit.dump.emit", false); + +// Preferences for the new performance panel. Note that some preferences are duplicated +// with a ".remote" postfix. This is because we have one set of preference for local +// profiling, and a second set for remote profiling. + +// This pref configures the base URL for the profiler.firefox.com instance to +// use. This is useful so that a developer can change it while working on +// profiler.firefox.com, or in tests. This isn't exposed directly to the user. +pref("devtools.performance.recording.ui-base-url", "https://profiler.firefox.com"); +// When gathering profiles from child processes, this is the longest time (in +// seconds) allowed between two responses. 0 = Use internal default. +pref("devtools.performance.recording.child.timeout_s", 0); +// The popup is only enabled by default on Nightly, Dev Edition, and debug buildsd since +// it's a developer focused item. It can still be enabled by going to profiler.firefox.com, +// but by default it is off on Release and Beta. Note that this only adds it to the +// the customization palette, not to the navbar. +#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) || defined(DEBUG) + pref("devtools.performance.popup.feature-flag", true); +#else + pref("devtools.performance.popup.feature-flag", false); +#endif +// The preset to use for the recording settings. If set to "custom" then the pref +// values below will be used. +#if defined(NIGHTLY_BUILD) || !defined(MOZILLA_OFFICIAL) + // Use a more advanced preset on Nightly and local builds. + pref("devtools.performance.recording.preset", "firefox-platform"); + pref("devtools.performance.recording.preset.remote", "firefox-platform"); +#else + pref("devtools.performance.recording.preset", "web-developer"); + pref("devtools.performance.recording.preset.remote", "web-developer"); +#endif +// The profiler's active tab view has a few issues. Disable it in most +// environments until the issues are ironed out. +#if defined(NIGHTLY_BUILD) + pref("devtools.performance.recording.active-tab-view.enabled", true); +#else + pref("devtools.performance.recording.active-tab-view.enabled", false); +#endif +// Profiler buffer size. It is the maximum number of 8-bytes entries in the +// profiler's buffer. 10000000 is ~80mb. +pref("devtools.performance.recording.entries", 10000000); +pref("devtools.performance.recording.entries.remote", 10000000); +// Profiler interval in microseconds. 1000µs is 1ms +pref("devtools.performance.recording.interval", 1000); +pref("devtools.performance.recording.interval.remote", 1000); +// Profiler duration of entries in the profiler's buffer in seconds. +// `0` means no time limit for the markers, they roll off naturally from the +// circular buffer. +pref("devtools.performance.recording.duration", 0); +pref("devtools.performance.recording.duration.remote", 0); +// Profiler feature set. See tools/profiler/core/platform.cpp for features and +// explanations. Remote profiling also includes the java feature by default. +// If the remote debuggee isn't an Android phone, then this feature will +// be ignored. +pref("devtools.performance.recording.features", "[\"js\",\"leaf\",\"stackwalk\",\"cpu\",\"screenshots\"]"); +pref("devtools.performance.recording.features.remote", "[\"js\",\"leaf\",\"stackwalk\",\"cpu\",\"screenshots\",\"java\"]"); +// Threads to be captured by the profiler. +pref("devtools.performance.recording.threads", "[\"GeckoMain\",\"Compositor\",\"Renderer\"]"); +pref("devtools.performance.recording.threads.remote", "[\"GeckoMain\",\"Compositor\",\"Renderer\"]"); +// A JSON array of strings, where each string is a file path to an objdir on +// the host machine. This is used in order to look up symbol information from +// build artifacts of local builds. +pref("devtools.performance.recording.objdirs", "[]"); +// The popup will display some introductory text the first time it is displayed. +pref("devtools.performance.popup.intro-displayed", false); + +// Compatibility preferences +// Stringified array of target browsers that users investigate. +pref("devtools.inspector.compatibility.target-browsers", ""); + +// Storage preferencex +// Force instancing legacy storage actors +pref("devtools.storage.test.forceLegacyActors", false); + +// view source +pref("view_source.editor.path", ""); +// allows to add further arguments to the editor; use the %LINE% placeholder +// for jumping to a specific line (e.g. "/line:%LINE%" or "--goto %LINE%") +pref("view_source.editor.args", ""); + +// whether or not to draw images while dragging +pref("nglayout.enable_drag_images", true); + +// URI fixup prefs +pref("browser.fixup.alternate.enabled", false); +pref("browser.fixup.alternate.prefix", "www."); +pref("browser.fixup.alternate.protocol", "https"); +pref("browser.fixup.alternate.suffix", ".com"); +pref("browser.fixup.fallback-to-https", true); + +// NOTE: On most platforms we save print settins to prefs with the name of the +// printer in the pref name (Android being the notable exception, where prefs +// are saved "globally" without a printer name in the pref name). For those +// platforms, the prefs below simply act as default values for when we +// encounter a printer for the first time, but only a subset of prefs will be +// used in this case. See nsPrintSettingsService::InitPrintSettingsFromPrefs +// for the restrictions on which prefs can act as defaults. + +// Whether we directly use the system print dialog to collect the user's print +// settings rather than using the tab-modal print preview dialog. +// Note: `print.always_print_silent` overrides this. +pref("print.prefer_system_dialog", false); + +// Print/Preview Shrink-To-Fit won't shrink below 20% for text-ish documents. +pref("print.shrink-to-fit.scale-limit-percent", 20); + +// Whether we should display simplify page checkbox on print preview UI +pref("print.use_simplify_page", false); + +// Whether or not to force the Page Setup submenu of the File menu to shown +pref("print.show_page_setup_menu", false); + +// Print header customization +// Use the following codes: +// &T - Title +// &U - Document URL +// &D - Date/Time +// &P - Page Number +// &PT - Page Number "of" Page total +// Set each header to a string containing zero or one of these codes +// and the code will be replaced in that string by the corresponding data +pref("print.print_headerleft", "&T"); +pref("print.print_headercenter", ""); +pref("print.print_headerright", "&U"); +pref("print.print_footerleft", "&PT"); +pref("print.print_footercenter", ""); +pref("print.print_footerright", "&D"); + +// A list of comma separated key:value pairs, so: +// +// key1:value1,key2:value2 +// +// Which allows testing extra CUPS-related printer settings for monochrome +// printing. +pref("print.cups.monochrome.extra_settings", ""); + +// xxxbsmedberg: more toolkit prefs + +// Save the Printings after each print job +pref("print.save_print_settings", true); + +// Enables the "more settings" in Print Preview to match previous +// configuration. +pref("print.more-settings.open", false); + +// Enables you to specify a user unwriteable margin, if a printer's actual +// unwriteable margin is greater than this the printer one will be used. +// This is used by both Printing and Print Preview +// Units are in 1/100ths of an inch. +pref("print.print_edge_top", 0); +pref("print.print_edge_left", 0); +pref("print.print_edge_right", 0); +pref("print.print_edge_bottom", 0); + +// Should this just be checking for MOZ_WIDGET_GTK? +#if defined(ANDROID) || defined(XP_UNIX) && !defined(XP_MACOSX) + pref("print.print_reversed", false); + // This is the default. Probably just remove this. + pref("print.print_in_color", true); +#endif + +// List of domains of web apps which depend on Gecko's traditional join/split +// node(s) behavior or Blink/WebKit compatible one in `contenteditable` or +// `designMode`. +pref("editor.join_split_direction.force_use_traditional_direction", ""); +pref("editor.join_split_direction.force_use_compatible_direction", ""); + +// Scripts & Windows prefs +pref("dom.beforeunload_timeout_ms", 1000); +pref("dom.disable_window_flip", false); +pref("dom.disable_window_move_resize", false); + +pref("dom.allow_scripts_to_close_windows", false); + +pref("dom.popup_allowed_events", "change click dblclick auxclick mousedown mouseup pointerdown pointerup notificationclick reset submit touchend contextmenu"); + +pref("dom.serviceWorkers.disable_open_click_delay", 1000); + +pref("dom.storage.shadow_writes", false); +pref("dom.storage.snapshot_prefill", 16384); +pref("dom.storage.snapshot_gradual_prefill", 4096); +pref("dom.storage.snapshot_reusing", true); +pref("dom.storage.client_validation", true); + +pref("dom.send_after_paint_to_content", false); + +// Enable time picker UI. By default, disabled. +pref("dom.forms.datetime.timepicker", false); + +// Enable search in <select> dropdowns (more than 40 options) +pref("dom.forms.selectSearch", false); +// Allow for webpages to provide custom styling for <select> +// popups. +// +// Disabled on GTK (originally due to bug 1338283, but not enabled since, and +// native appearance might be preferred). +// Disabled on macOS because native appearance is preferred, see bug 1703866. +#if defined(MOZ_WIDGET_GTK) || defined(XP_MACOSX) + pref("dom.forms.select.customstyling", false); +#else + pref("dom.forms.select.customstyling", true); +#endif + +pref("dom.cycle_collector.incremental", true); + +// Disable popups from plugins by default +// 0 = openAllowed +// 1 = openControlled +// 2 = openBlocked +// 3 = openAbused +pref("privacy.popups.disable_from_plugins", 3); + +// If enabled by privacy.resistFingerprinting.testGranularityMask, list of +// domains exempted from RFP. +pref("privacy.resistFingerprinting.exemptedDomains", "*.example.invalid"); + +// If privacy.fingerprintingProtection is enabled, this pref can be used to add +// or remove features from its effects +pref("privacy.fingerprintingProtection.overrides", ""); + +// Fix cookie blocking breakage by providing ephemeral Paritioned LocalStorage +// for a list of hosts when detected as trackers. +// (See nsICookieService::BEHAVIOR_REJECT_TRACKER cookie behavior) +// See: Bug 1505212, Bug 1659394, Bug 1631811, Bug 1665035. +pref("privacy.restrict3rdpartystorage.partitionedHosts", "accounts.google.com/o/oauth2/,d35nw2lg0ahg0v.cloudfront.net/,datastudio.google.com/embed/reporting/,d3qlaywcwingl6.cloudfront.net/"); + +// If a host is contained in this pref list, user-interaction is required +// before granting the storage access permission. +pref("privacy.restrict3rdpartystorage.userInteractionRequiredForHosts", ""); + +// The url decoration tokens used to for stripping document referrers based on. +// A list separated by spaces. This pref isn't meant to be changed by users. +pref("privacy.restrict3rdpartystorage.url_decorations", ""); + +// Excessive reporting of blocked popups can be a DOS vector, +// by overloading the main process as popups get blocked and when +// users try to restore all popups, which is the most visible +// option in our UI at the time of writing. +// We will invisibly drop any popups from a page that has already +// opened more than this number of popups. +pref("privacy.popups.maxReported", 100); + +// Purging first-party tracking cookies. +pref("privacy.purge_trackers.enabled", true); +#ifdef NIGHTLY_BUILD + pref("privacy.purge_trackers.logging.level", "Warn"); +#else + pref("privacy.purge_trackers.logging.level", "Error"); +#endif + +// Allowable amount of cookies to purge in a batch. +pref("privacy.purge_trackers.max_purge_count", 100); + +// Whether purging should not clear data from domains +// that are associated with other domains which have +// user interaction (even if they don't have user +// interaction directly). +pref("privacy.purge_trackers.consider_entity_list", false); + +pref("dom.event.contextmenu.enabled", true); + +pref("javascript.enabled", true); +pref("javascript.options.asmjs", true); +pref("javascript.options.wasm", true); +pref("javascript.options.wasm_trustedprincipals", true); +pref("javascript.options.wasm_verbose", false); +pref("javascript.options.wasm_baselinejit", true); + +pref("javascript.options.parallel_parsing", true); +pref("javascript.options.source_pragmas", true); + +pref("javascript.options.asyncstack", true); +// Broadly capturing async stack data adds overhead that is only advisable for +// developers, so we only enable it when the devtools are open, by default. +pref("javascript.options.asyncstack_capture_debuggee_only", true); + +pref("javascript.options.throw_on_asmjs_validation_failure", false); +// This preference instructs the JS engine to discard the +// source of any privileged JS after compilation. This saves +// memory, but makes things like Function.prototype.toSource() +// fail. +pref("javascript.options.discardSystemSource", false); + +// Many of the the following preferences tune the SpiderMonkey GC, if you +// change the defaults here please also consider changing them in +// js/src/jsgc.cpp. They're documented in js/src/jsapi.h. + +// JSGC_MAX_BYTES +// SpiderMonkey defaults to 2^32-1 bytes, but this is measured in MB so that +// cannot be represented directly in order to show it in about:config. +pref("javascript.options.mem.max", -1); + +// JSGC_MIN_NURSERY_BYTES / JSGC_MAX_NURSERY_BYTES +#if defined(ANDROID) || defined(XP_IOS) + pref("javascript.options.mem.nursery.min_kb", 256); + pref("javascript.options.mem.nursery.max_kb", 4096); +#else + pref("javascript.options.mem.nursery.min_kb", 256); + pref("javascript.options.mem.nursery.max_kb", 16384); +#endif + +// JSGC_MODE +pref("javascript.options.mem.gc_per_zone", true); +pref("javascript.options.mem.gc_incremental", true); + +// JSGC_INCREMENTAL_WEAKMAP_ENABLED +pref("javascript.options.mem.incremental_weakmap", true); + +// JSGC_SLICE_TIME_BUDGET_MS +// Override the shell's default of unlimited slice time. +pref("javascript.options.mem.gc_incremental_slice_ms", 5); + +// JSGC_COMPACTING_ENABLED +pref("javascript.options.mem.gc_compacting", true); + +// JSGC_PARALLEL_MARKING_ENABLED +// This only applies to the main runtime and does not affect workers. +pref("javascript.options.mem.gc_parallel_marking", false); + +// JSGC_HIGH_FREQUENCY_TIME_LIMIT +pref("javascript.options.mem.gc_high_frequency_time_limit_ms", 1000); + +// JSGC_SMALL_HEAP_SIZE_MAX +pref("javascript.options.mem.gc_small_heap_size_max_mb", 100); + +// JSGC_LARGE_HEAP_SIZE_MIN +pref("javascript.options.mem.gc_large_heap_size_min_mb", 500); + +// JSGC_HIGH_FREQUENCY_SMALL_HEAP_GROWTH +pref("javascript.options.mem.gc_high_frequency_small_heap_growth", 300); + +// JSGC_HIGH_FREQUENCY_LARGE_HEAP_GROWTH +pref("javascript.options.mem.gc_high_frequency_large_heap_growth", 150); + +// JSGC_LOW_FREQUENCY_HEAP_GROWTH +pref("javascript.options.mem.gc_low_frequency_heap_growth", 150); + +// JSGC_BALANCED_HEAP_LIMITS_ENABLED +pref("javascript.options.mem.gc_balanced_heap_limits", false); + +// JSGC_HEAP_GROWTH_FACTOR +pref("javascript.options.mem.gc_heap_growth_factor", 50); + +// JSGC_ALLOCATION_THRESHOLD +pref("javascript.options.mem.gc_allocation_threshold_mb", 27); + +// JSGC_MALLOC_THRESHOLD_BASE +pref("javascript.options.mem.gc_malloc_threshold_base_mb", 38); + +// JSGC_SMALL_HEAP_INCREMENTAL_LIMIT +pref("javascript.options.mem.gc_small_heap_incremental_limit", 150); + +// JSGC_LARGE_HEAP_INCREMENTAL_LIMIT +pref("javascript.options.mem.gc_large_heap_incremental_limit", 110); + +// JSGC_URGENT_THRESHOLD_MB +pref("javascript.options.mem.gc_urgent_threshold_mb", 16); + +// JSGC_MIN_EMPTY_CHUNK_COUNT +pref("javascript.options.mem.gc_min_empty_chunk_count", 1); + +// JSGC_MAX_EMPTY_CHUNK_COUNT +pref("javascript.options.mem.gc_max_empty_chunk_count", 30); + +// JSGC_HELPER_THREAD_RATIO +pref("javascript.options.mem.gc_helper_thread_ratio", 50); + +// JSGC_MAX_HELPER_THREADS +pref("javascript.options.mem.gc_max_helper_threads", 8); + +pref("javascript.options.shared_memory", true); + +pref("javascript.options.throw_on_debuggee_would_run", false); +pref("javascript.options.dump_stack_on_debuggee_would_run", false); + +// advanced prefs +pref("image.animation_mode", "normal"); + +// If this pref is true, prefs in the logging.config branch will be cleared on +// startup. This is done so that setting a log-file and log-modules at runtime +// doesn't persist across restarts leading to huge logfile and low disk space. +pref("logging.config.clear_on_startup", true); + +// If there is ever a security firedrill that requires +// us to block certian ports global, this is the pref +// to use. Is is a comma delimited list of port numbers +// for example: +// pref("network.security.ports.banned", "1,2,3,4,5"); +// prevents necko connecting to ports 1-5 unless the protocol +// overrides. + +// Transmit UDP busy-work to the LAN when anticipating low latency +// network reads and on wifi to mitigate 802.11 Power Save Polling delays +pref("network.tickle-wifi.enabled", false); +pref("network.tickle-wifi.duration", 400); +pref("network.tickle-wifi.delay", 16); + +// Default action for unlisted external protocol handlers +pref("network.protocol-handler.external-default", true); // OK to load +pref("network.protocol-handler.warn-external-default", true); // warn before load + +// Prevent using external protocol handlers for these schemes +pref("network.protocol-handler.external.hcp", false); +pref("network.protocol-handler.external.vbscript", false); +pref("network.protocol-handler.external.javascript", false); +pref("network.protocol-handler.external.data", false); +pref("network.protocol-handler.external.ie.http", false); +pref("network.protocol-handler.external.iehistory", false); +pref("network.protocol-handler.external.ierss", false); +pref("network.protocol-handler.external.mk", false); +pref("network.protocol-handler.external.ms-cxh", false); +pref("network.protocol-handler.external.ms-cxh-full", false); +pref("network.protocol-handler.external.ms-help", false); +pref("network.protocol-handler.external.ms-msdt", false); +pref("network.protocol-handler.external.res", false); +pref("network.protocol-handler.external.search", false); +pref("network.protocol-handler.external.search-ms", false); +pref("network.protocol-handler.external.shell", false); +pref("network.protocol-handler.external.vnd.ms.radio", false); +#ifdef XP_MACOSX + pref("network.protocol-handler.external.help", false); +#endif +pref("network.protocol-handler.external.disk", false); +pref("network.protocol-handler.external.disks", false); +pref("network.protocol-handler.external.afp", false); +pref("network.protocol-handler.external.moz-icon", false); + +// Don't allow external protocol handlers for common typos +pref("network.protocol-handler.external.ttp", false); // http +pref("network.protocol-handler.external.htp", false); // http +pref("network.protocol-handler.external.ttps", false); // https +pref("network.protocol-handler.external.tps", false); // https +pref("network.protocol-handler.external.ps", false); // https +pref("network.protocol-handler.external.htps", false); // https +pref("network.protocol-handler.external.ile", false); // file +pref("network.protocol-handler.external.le", false); // file + +// An exposed protocol handler is one that can be used in all contexts. A +// non-exposed protocol handler is one that can only be used internally by the +// application. For example, a non-exposed protocol would not be loaded by the +// application in response to a link click or a X-remote openURL command. +// Instead, it would be deferred to the system's external protocol handler. +// Only internal/built-in protocol handlers can be marked as exposed. + +// This pref controls the default settings. Per protocol settings can be used +// to override this value. +pref("network.protocol-handler.expose-all", true); + +// Example: make IMAP an exposed protocol +// pref("network.protocol-handler.expose.imap", true); + +// Whether IOService.connectivity and NS_IsOffline depends on connectivity status +pref("network.manage-offline-status", true); + +// <http> +pref("network.http.version", "1.1"); // default +// pref("network.http.version", "1.0"); // uncomment this out in case of problems +// pref("network.http.version", "0.9"); // it'll work too if you're crazy +// keep-alive option is effectively obsolete. Nevertheless it'll work with +// some older 1.0 servers: + +pref("network.http.proxy.version", "1.1"); // default +// pref("network.http.proxy.version", "1.0"); // uncomment this out in case of problems + // (required if using junkbuster proxy) + +// Whether we should respect the BE_CONSERVATIVE (aka nsIHttpChannelInternal.beConservative) +// flag when connecting to a proxy. If the configured proxy accepts only TLS 1.3, system +// requests like updates will not pass through. Setting this pref to false will fix that +// problem. +// Default at true to preserve the behavior we had before for backward compat. +pref("network.http.proxy.respect-be-conservative", true); + +// this preference can be set to override the socket type used for normal +// HTTP traffic. an empty value indicates the normal TCP/IP socket type. +pref("network.http.default-socket-type", ""); + +// There is a problem with some IIS7 servers that don't close the connection +// properly after it times out (bug #491541). Default timeout on IIS7 is +// 120 seconds. We need to reuse or drop the connection within this time. +// We set the timeout a little shorter to keep a reserve for cases when +// the packet is lost or delayed on the route. +pref("network.http.keep-alive.timeout", 115); + +// Timeout connections if an initial response is not received after 5 mins. +pref("network.http.response.timeout", 300); + +// Limit the absolute number of http connections. +// Note: the socket transport service will clamp the number below this if the OS +// cannot allocate that many FDs +#ifdef ANDROID + pref("network.http.max-connections", 40); +#else + pref("network.http.max-connections", 900); +#endif + +// If NOT connecting via a proxy, then +// a new connection will only be attempted if the number of active persistent +// connections to the server is less then max-persistent-connections-per-server. +pref("network.http.max-persistent-connections-per-server", 6); + +// Number of connections that we can open beyond the standard parallelism limit defined +// by max-persistent-connections-per-server/-proxy to handle urgent-start marked requests +pref("network.http.max-urgent-start-excessive-connections-per-host", 3); + +// If connecting via a proxy, then a +// new connection will only be attempted if the number of active persistent +// connections to the proxy is less then max-persistent-connections-per-proxy. +pref("network.http.max-persistent-connections-per-proxy", 32); + +// amount of time (in seconds) to suspend pending requests, before spawning a +// new connection, once the limit on the number of persistent connections per +// host has been reached. however, a new connection will not be created if +// max-connections or max-connections-per-server has also been reached. +pref("network.http.request.max-start-delay", 10); + +// If a connection is reset, we will retry it max-attempts times. +pref("network.http.request.max-attempts", 10); + +// Maximum number of consecutive redirects before aborting. +pref("network.http.redirection-limit", 20); + +// Enable http compression: comment this out in case of problems with 1.1 +// NOTE: support for "compress" has been disabled per bug 196406. +// NOTE: separate values with comma+space (", "): see bug 576033 +pref("network.http.accept-encoding", "gzip, deflate"); +pref("network.http.accept-encoding.secure", "gzip, deflate, br"); + +// Prompt for redirects resulting in unsafe HTTP requests +pref("network.http.prompt-temp-redirect", false); + +// If true generate CORRUPTED_CONTENT errors for entities that +// contain an invalid Assoc-Req response header +pref("network.http.assoc-req.enforce", false); + +// On networks deploying QoS, it is recommended that these be lockpref()'d, +// since inappropriate marking can easily overwhelm bandwidth reservations +// for certain services (i.e. EF for VoIP, AF4x for interactive video, +// AF3x for broadcast/streaming video, etc) + +// default value for HTTP +// in a DSCP environment this should be 40 (0x28, or AF11), per RFC-4594, +// Section 4.8 "High-Throughput Data Service Class" +pref("network.http.qos", 0); + +// The number of milliseconds after sending a SYN for an HTTP connection, +// to wait before trying a different connection. 0 means do not use a second +// connection. +pref("network.http.connection-retry-timeout", 250); + +// The number of seconds after sending initial SYN for an HTTP connection +// to give up if the OS does not give up first +pref("network.http.connection-timeout", 90); + +// Close a connection if tls handshake does not finish in given number of +// seconds. +pref("network.http.tls-handshake-timeout", 30); + +// The number of seconds after which we time out a connection of a retry (fallback) +// socket when a certain IP family is already preferred. This shorter connection +// timeout allows us to find out more quickly that e.g. an IPv6 host is no longer +// available and let us try an IPv4 address, if provided for the host name. +// Set to '0' to use the default connection timeout. +pref("network.http.fallback-connection-timeout", 5); + +// The number of seconds to allow active connections to prove that they have +// traffic before considered stalled, after a network change has been detected +// and signalled. +pref("network.http.network-changed.timeout", 5); + +// The maximum number of current global half open sockets allowable +// when starting a new speculative connection. +pref("network.http.speculative-parallel-limit", 6); + +// Whether or not to block requests for non head js/css items (e.g. media) +// while those elements load. +pref("network.http.rendering-critical-requests-prioritization", true); + +// Disable IPv6 for backup connections to workaround problems about broken +// IPv6 connectivity. +pref("network.http.fast-fallback-to-IPv4", true); + +// Http3 qpack table size. +pref("network.http.http3.default-qpack-table-size", 65536); // 64k +// Maximal number of streams that can be blocked on waiting for qpack +// instructions. +pref("network.http.http3.default-max-stream-blocked", 20); + + +// This is only for testing! +// This adds alt-svc mapping and it has a form of <host-name>;<alt-svc-header> +// Example: example1.com;h3-29=":443",example2.com;h3-29=":443" +pref("network.http.http3.alt-svc-mapping-for-testing", ""); + +// alt-svc allows separation of transport routing from +// the origin host without using a proxy. +pref("network.http.altsvc.enabled", true); +pref("network.http.altsvc.oe", false); + +// the origin extension impacts h2 coalescing +pref("network.http.originextension", true); + +pref("network.http.diagnostics", false); + +pref("network.http.pacing.requests.enabled", true); +pref("network.http.pacing.requests.min-parallelism", 6); +pref("network.http.pacing.requests.hz", 80); +pref("network.http.pacing.requests.burst", 10); + +// TCP Keepalive config for HTTP connections. +pref("network.http.tcp_keepalive.short_lived_connections", true); +// Max time from initial request during which conns are considered short-lived. +pref("network.http.tcp_keepalive.short_lived_time", 60); +// Idle time of TCP connection until first keepalive probe sent. +pref("network.http.tcp_keepalive.short_lived_idle_time", 10); + +pref("network.http.tcp_keepalive.long_lived_connections", true); +pref("network.http.tcp_keepalive.long_lived_idle_time", 600); + +pref("network.http.enforce-framing.http1", false); // should be named "strict" +pref("network.http.enforce-framing.soft", true); +pref("network.http.enforce-framing.strict_chunked_encoding", true); + +// Max size, in bytes, for received HTTP response header. +pref("network.http.max_response_header_size", 393216); + +// The ratio of the transaction count for the focused window and the count of +// all available active connections. +pref("network.http.focused_window_transaction_ratio", "0.9"); + +// This is the size of the flow control window (KB) (i.e., the amount of data +// that the parent can send to the child before getting an ack). 0 for disable +// the flow control. +pref("network.http.send_window_size", 1024); + +// Whether or not we give more priority to active tab. +// Note that this requires restart for changes to take effect. +#ifdef ANDROID + // disabled because of bug 1382274 + pref("network.http.active_tab_priority", false); +#else + pref("network.http.active_tab_priority", true); +#endif + +// By default the Accept header sent for documents loaded over HTTP(S) is derived +// by DocumentAcceptHeader() in nsHttpHandler.cpp. If set, this pref overrides it. +// There is also image.http.accept which works in scope of image. +pref("network.http.accept", ""); + +// The max time to spend on xpcom events between two polls in ms. +pref("network.sts.max_time_for_events_between_two_polls", 100); + +// The number of seconds we don't let poll() handing indefinitely after network +// link change has been detected so we can detect breakout of the pollable event. +// Expected in seconds, 0 to disable. +pref("network.sts.poll_busy_wait_period", 50); + +// The number of seconds we cap poll() timeout to during the network link change +// detection period. +// Expected in seconds, 0 to disable. +pref("network.sts.poll_busy_wait_period_timeout", 7); + +// During shutdown we limit PR_Close calls. If time exceeds this pref (in ms) +// let sockets just leak. +pref("network.sts.max_time_for_pr_close_during_shutdown", 5000); + +// When the polling socket pair we use to wake poll() up on demand doesn't +// get signalled (is not readable) within this timeout, we try to repair it. +// This timeout can be disabled by setting this pref to 0. +// The value is expected in seconds. +pref("network.sts.pollable_event_timeout", 6); + +// 2147483647 == PR_INT32_MAX == ~2 GB +pref("network.websocket.max-message-size", 2147483647); + +// Should we automatically follow http 3xx redirects during handshake +pref("network.websocket.auto-follow-http-redirects", false); + +// the number of seconds to wait for websocket connection to be opened +pref("network.websocket.timeout.open", 20); + +// the number of seconds to wait for a clean close after sending the client +// close message +pref("network.websocket.timeout.close", 20); + +// the number of seconds of idle read activity to sustain before sending a +// ping probe. 0 to disable. +pref("network.websocket.timeout.ping.request", 0); + +// the deadline, expressed in seconds, for some read activity to occur after +// generating a ping. If no activity happens then an error and unclean close +// event is sent to the javascript websockets application +pref("network.websocket.timeout.ping.response", 10); + +// Defines whether or not to try to negotiate the permessage compression +// extension with the websocket server. +pref("network.websocket.extensions.permessage-deflate", true); + +// the maximum number of concurrent websocket sessions. By specification there +// is never more than one handshake oustanding to an individual host at +// one time. +pref("network.websocket.max-connections", 200); + +// by default scripts loaded from a https:// origin can only open secure +// (i.e. wss://) websockets. +pref("network.websocket.allowInsecureFromHTTPS", false); + +// by default we delay websocket reconnects to same host/port if previous +// connection failed, per RFC 6455 section 7.2.3 +pref("network.websocket.delay-failed-reconnects", true); + +// </ws> + +// Server-Sent Events +// Equal to the DEFAULT_RECONNECTION_TIME_VALUE value in nsEventSource.cpp +pref("dom.server-events.default-reconnection-time", 5000); // in milliseconds + +// TLDs are treated as IDN-unsafe and punycode will be used for displaying them +// in the UI (e.g. URL bar), unless they conform to one of the profiles +// specified in +// https://www.unicode.org/reports/tr39/#Restriction_Level_Detection +// If "network.IDN.restriction_profile" is "high", the Highly Restrictive +// profile is used. +// If "network.IDN.restriction_profile" is "moderate", the Moderately +// Restrictive profile is used. +// In all other cases, the ASCII-Only profile is used. +// Note that these preferences are referred to ONLY when +// "network.IDN_show_punycode" is false. In other words, all IDNs will be shown +// in punycode if "network.IDN_show_punycode" is true. +pref("network.IDN.restriction_profile", "high"); + +// If a domain includes any of the blocklist characters, it may be a spoof +// attempt and so we always display the domain name as punycode. +// For a complete list of the blocked IDN characters see: +// netwerk/dns/IDNCharacterBlocklist.inc + +// This pref may contain characters that will override the hardcoded blocklist, +// so their presence in a domain name will not cause it to be displayed as +// punycode. +// Note that this only removes the characters from the blocklist, but there may +// be other rules in place that cause it to be displayed as punycode. +pref("network.IDN.extra_allowed_chars", ""); +// This pref may contain additional blocklist characters +pref("network.IDN.extra_blocked_chars", ""); + +// This preference specifies a list of domains for which DNS lookups will be +// IPv4 only. Works around broken DNS servers which can't handle IPv6 lookups +// and/or allows the user to disable IPv6 on a per-domain basis. See bug 68796. +pref("network.dns.ipv4OnlyDomains", ""); + +// This preference can be used to turn off IPv6 name lookups. See bug 68796. +pref("network.dns.disableIPv6", false); + +// This is the number of dns cache entries allowed +pref("network.dnsCacheEntries", 400); + +// In the absence of OS TTLs, the DNS cache TTL value +pref("network.dnsCacheExpiration", 60); + +// Get TTL; not supported on all platforms; nop on the unsupported ones. +pref("network.dns.get-ttl", true); + +// For testing purposes! Makes the native resolver resolve IPv4 "localhost" +// instead of the actual given name. +pref("network.dns.native-is-localhost", false); + +// The grace period allows the DNS cache to use expired entries, while kicking off +// a revalidation in the background. +pref("network.dnsCacheExpirationGracePeriod", 60); + +// This preference can be used to turn off DNS prefetch. +pref("network.dns.disablePrefetch", false); + +// This preference controls whether .onion hostnames are +// rejected before being given to DNS. RFC 7686 +pref("network.dns.blockDotOnion", true); + +// These domains are treated as localhost equivalent +pref("network.dns.localDomains", ""); + +// When non empty all non-localhost DNS queries (including IP addresses) +// resolve to this value. The value can be a name or an IP address. +// domains mapped to localhost with localDomains stay localhost. +pref("network.dns.forceResolve", ""); + +// Contols whether or not "localhost" should resolve when offline +pref("network.dns.offline-localhost", true); + +// Defines how much longer resolver threads should stay idle before are shut down. +// A negative value will keep the thread alive forever. +pref("network.dns.resolver-thread-extra-idle-time-seconds", 60); + +// enables the prefetch service (i.e., prefetching of <link rel="next"> and +// <link rel="prefetch"> URLs). +pref("network.prefetch-next", true); + +// The following prefs pertain to the negotiate-auth extension (see bug 17578), +// which provides transparent Kerberos or NTLM authentication using the SPNEGO +// protocol. Each pref is a comma-separated list of keys, where each key has +// the format: +// [scheme "://"] [host [":" port]] +// For example, "foo.com" would match "http://www.foo.com/bar", etc. + +// This list controls which URIs can use the negotiate-auth protocol. This +// list should be limited to the servers you know you'll need to login to. +pref("network.negotiate-auth.trusted-uris", ""); +// This list controls which URIs can support delegation. +pref("network.negotiate-auth.delegation-uris", ""); + +// Do not allow SPNEGO by default when challenged by a local server. +pref("network.negotiate-auth.allow-non-fqdn", false); + +// Allow SPNEGO by default when challenged by a proxy server. +pref("network.negotiate-auth.allow-proxies", true); + +// Path to a specific gssapi library +pref("network.negotiate-auth.gsslib", ""); + +// Specify if the gss lib comes standard with the OS +pref("network.negotiate-auth.using-native-gsslib", true); + +#ifdef XP_WIN + // Default to using the SSPI intead of GSSAPI on windows + pref("network.auth.use-sspi", true); +#endif + +// Controls which NTLM authentication implementation we default to. True forces +// the use of our generic (internal) NTLM authentication implementation vs. any +// native implementation provided by the os. This pref is for diagnosing issues +// with native NTLM. (See bug 520607 for details.) Using generic NTLM authentication +// can expose the user to reflection attack vulnerabilities. Do not change this +// unless you know what you're doing! +// This pref should be removed 6 months after the release of firefox 3.6. +pref("network.auth.force-generic-ntlm", false); + +// The following prefs are used to enable automatic use of the operating +// system's NTLM implementation to silently authenticate the user with their +// Window's domain logon. The trusted-uris pref follows the format of the +// trusted-uris pref for negotiate authentication. +pref("network.automatic-ntlm-auth.allow-proxies", true); +pref("network.automatic-ntlm-auth.allow-non-fqdn", false); +pref("network.automatic-ntlm-auth.trusted-uris", ""); + +// The string to return to the server as the 'workstation' that the +// user is using. Bug 1046421 notes that the previous default, of the +// system hostname, could be used for user fingerprinting. +// +// However, in some network environments where allowedWorkstations is in use +// to provide a level of host-based access control, it must be set to a string +// that is listed in allowedWorkstations for the user's account in their +// AD Domain. +pref("network.generic-ntlm-auth.workstation", "WORKSTATION"); + +// This preference controls whether to allow sending default credentials (SSO) to +// NTLM/Negotiate servers allowed in the "trusted uri" list when navigating them +// in a Private Browsing window. +// If set to false, Private Browsing windows will not use default credentials and ask +// for credentials from the user explicitly. +// If set to true, and a server URL conforms other conditions for sending default +// credentials, those will be sent automatically in Private Browsing windows. +// +// This preference has no effect when the browser is set to "Never Remember History", +// in that case default credentials will always be used. +pref("network.auth.private-browsing-sso", false); + +// Control how throttling of http responses works - number of ms that each +// suspend and resume period lasts (prefs named appropriately) +// This feature is occasionally causing visible regressions (download too slow for +// too long time, jitter in video/audio in background tabs...) +pref("network.http.throttle.enable", false); +pref("network.http.throttle.version", 1); + +// V1 prefs +pref("network.http.throttle.suspend-for", 900); +pref("network.http.throttle.resume-for", 100); + +// V2 prefs +pref("network.http.throttle.read-limit-bytes", 8000); +pref("network.http.throttle.read-interval-ms", 500); + +// Common prefs +// Delay we resume throttled background responses after the last unthrottled +// response has finished. Prevents resuming too soon during an active page load +// at which sub-resource reqeusts quickly come and go. +pref("network.http.throttle.hold-time-ms", 800); +// After the last transaction activation or last data chunk response we only +// throttle for this period of time. This prevents comet and unresponsive +// http requests to engage long-standing throttling. +pref("network.http.throttle.max-time-ms", 500); + +// Give higher priority to requests resulting from a user interaction event +// like click-to-play, image fancy-box zoom, navigation. +pref("network.http.on_click_priority", true); + +// When the page load has not yet reached DOMContentLoaded point, tail requestes are delayed +// by (non-tailed requests count + 1) * delay-quantum milliseconds. +pref("network.http.tailing.delay-quantum", 600); +// The same as above, but applied after the document load reached DOMContentLoaded event. +pref("network.http.tailing.delay-quantum-after-domcontentloaded", 100); +// Upper limit for the calculated delay, prevents long standing and comet-like requests +// tail forever. This is in milliseconds as well. +pref("network.http.tailing.delay-max", 6000); +// Total limit we delay tailed requests since a page load beginning. +pref("network.http.tailing.total-max", 45000); + +pref("network.proxy.http", ""); +pref("network.proxy.http_port", 0); +pref("network.proxy.ssl", ""); +pref("network.proxy.ssl_port", 0); +pref("network.proxy.socks", ""); +pref("network.proxy.socks_port", 0); +pref("network.proxy.socks_version", 5); +pref("network.proxy.proxy_over_tls", true); +pref("network.proxy.no_proxies_on", ""); +pref("network.proxy.failover_timeout", 1800); // 30 minutes +pref("network.online", true); //online/offline + +// This pref contains the list of hostnames (such as +// "mozilla.org,example.net"). For these hosts, firefox will treat +// SameSite=None if nothing else is specified, even if +// network.cookie.sameSite.laxByDefault if set to true. +// To know the correct syntax, see nsContentUtils::IsURIInList() +pref("network.cookie.sameSite.laxByDefault.disabledHosts", ""); + +pref("network.cookie.maxNumber", 3000); +pref("network.cookie.maxPerHost", 180); +// Cookies quota for each host. If cookies exceed the limit maxPerHost, +// (maxPerHost - quotaPerHost) cookies will be evicted. +pref("network.cookie.quotaPerHost", 150); + +// The PAC file to load. Ignored unless network.proxy.type is 2. +pref("network.proxy.autoconfig_url", ""); +// Strip off paths when sending URLs to PAC scripts +pref("network.proxy.autoconfig_url.include_path", false); + +// If we cannot load the PAC file, then try again (doubling from interval_min +// until we reach interval_max or the PAC file is successfully loaded). +pref("network.proxy.autoconfig_retry_interval_min", 5); // 5 seconds +pref("network.proxy.autoconfig_retry_interval_max", 300); // 5 minutes +pref("network.proxy.enable_wpad_over_dhcp", true); + +// Use the HSTS preload list by default +pref("network.stricttransportsecurity.preloadlist", true); + +// Use JS mDNS as a fallback +pref("network.mdns.use_js_fallback", false); + +pref("converter.html2txt.structs", true); // Output structured phrases (strong, em, code, sub, sup, b, i, u) +pref("converter.html2txt.header_strategy", 1); // 0 = no indention; 1 = indention, increased with header level; 2 = numbering and slight indention + +pref("intl.accept_languages", "chrome://global/locale/intl.properties"); +pref("intl.menuitems.alwaysappendaccesskeys","chrome://global/locale/intl.properties"); +pref("intl.menuitems.insertseparatorbeforeaccesskeys","chrome://global/locale/intl.properties"); +pref("intl.ellipsis", "chrome://global-platform/locale/intl.properties"); +// this pref allows user to request that all internationalization formatters +// like date/time formatting, unit formatting, calendars etc. should use +// OS locale set instead of the app locale set. +pref("intl.regional_prefs.use_os_locales", false); +// fallback charset list for Unicode conversion (converting from Unicode) +// currently used for mail send only to handle symbol characters (e.g Euro, trademark, smartquotes) +// for ISO-8859-1 +pref("intl.fallbackCharsetList.ISO-8859-1", "windows-1252"); +pref("font.language.group", "chrome://global/locale/intl.properties"); +pref("font.cjk_pref_fallback_order", "zh-cn,zh-hk,zh-tw,ja,ko"); + +pref("intl.uidirection", -1); // -1 to set from locale; 0 for LTR; 1 for RTL + +// This pref controls pseudolocales for testing localization. +// See https://firefox-source-docs.mozilla.org/l10n/fluent/tutorial.html#manually-testing-ui-with-pseudolocalization +pref("intl.l10n.pseudo", ""); + +// use en-US hyphenation by default for content tagged with plain lang="en" +pref("intl.hyphenation-alias.en", "en-us"); +// and for other subtags of en-*, if no specific patterns are available +pref("intl.hyphenation-alias.en-*", "en-us"); + +pref("intl.hyphenation-alias.af-*", "af"); +pref("intl.hyphenation-alias.bg-*", "bg"); +pref("intl.hyphenation-alias.bn-*", "bn"); +pref("intl.hyphenation-alias.ca-*", "ca"); +pref("intl.hyphenation-alias.cy-*", "cy"); +pref("intl.hyphenation-alias.da-*", "da"); +pref("intl.hyphenation-alias.eo-*", "eo"); +pref("intl.hyphenation-alias.es-*", "es"); +pref("intl.hyphenation-alias.et-*", "et"); +pref("intl.hyphenation-alias.fi-*", "fi"); +pref("intl.hyphenation-alias.fr-*", "fr"); +pref("intl.hyphenation-alias.gl-*", "gl"); +pref("intl.hyphenation-alias.gu-*", "gu"); +pref("intl.hyphenation-alias.hi-*", "hi"); +pref("intl.hyphenation-alias.hr-*", "hr"); +pref("intl.hyphenation-alias.hsb-*", "hsb"); +pref("intl.hyphenation-alias.hu-*", "hu"); +pref("intl.hyphenation-alias.ia-*", "ia"); +pref("intl.hyphenation-alias.is-*", "is"); +pref("intl.hyphenation-alias.it-*", "it"); +pref("intl.hyphenation-alias.kmr-*", "kmr"); +pref("intl.hyphenation-alias.kn-*", "kn"); +pref("intl.hyphenation-alias.la-*", "la"); +pref("intl.hyphenation-alias.lt-*", "lt"); +pref("intl.hyphenation-alias.ml-*", "ml"); +pref("intl.hyphenation-alias.mn-*", "mn"); +pref("intl.hyphenation-alias.nl-*", "nl"); +pref("intl.hyphenation-alias.or-*", "or"); +pref("intl.hyphenation-alias.pa-*", "pa"); +pref("intl.hyphenation-alias.pl-*", "pl"); +pref("intl.hyphenation-alias.pt-*", "pt"); +pref("intl.hyphenation-alias.ru-*", "ru"); +pref("intl.hyphenation-alias.sl-*", "sl"); +pref("intl.hyphenation-alias.sv-*", "sv"); +pref("intl.hyphenation-alias.ta-*", "ta"); +pref("intl.hyphenation-alias.te-*", "te"); +pref("intl.hyphenation-alias.tr-*", "tr"); +pref("intl.hyphenation-alias.uk-*", "uk"); + +// Assamese and Marathi use the same patterns as Bengali and Hindi respectively +pref("intl.hyphenation-alias.as", "bn"); +pref("intl.hyphenation-alias.as-*", "bn"); +pref("intl.hyphenation-alias.mr", "hi"); +pref("intl.hyphenation-alias.mr-*", "hi"); + +// use reformed (1996) German patterns by default unless specifically tagged as de-1901 +// (these prefs may soon be obsoleted by better BCP47-based tag matching, but for now...) +pref("intl.hyphenation-alias.de", "de-1996"); +pref("intl.hyphenation-alias.de-*", "de-1996"); +pref("intl.hyphenation-alias.de-AT-1901", "de-1901"); +pref("intl.hyphenation-alias.de-DE-1901", "de-1901"); +pref("intl.hyphenation-alias.de-CH-*", "de-CH"); + +// patterns from TeX are tagged as "sh" (Serbo-Croatian) macrolanguage; +// alias "sr" (Serbian) and "bs" (Bosnian) to those patterns +// (Croatian has its own separate patterns). +pref("intl.hyphenation-alias.sr", "sh"); +pref("intl.hyphenation-alias.bs", "sh"); +pref("intl.hyphenation-alias.sh-*", "sh"); +pref("intl.hyphenation-alias.sr-*", "sh"); +pref("intl.hyphenation-alias.bs-*", "sh"); + +// Norwegian has two forms, Bokmål and Nynorsk, with "no" as a macrolanguage encompassing both. +// For "no", we'll alias to "nb" (Bokmål) as that is the more widely used written form. +pref("intl.hyphenation-alias.no", "nb"); +pref("intl.hyphenation-alias.no-*", "nb"); +pref("intl.hyphenation-alias.nb-*", "nb"); +pref("intl.hyphenation-alias.nn-*", "nn"); + +// In German, we allow hyphenation of capitalized words; otherwise not. +pref("intl.hyphenate-capitalized.de-1996", true); +pref("intl.hyphenate-capitalized.de-1901", true); +pref("intl.hyphenate-capitalized.de-CH", true); + +// All prefs of default font should be "auto". +pref("font.name.serif.ar", ""); +pref("font.name.sans-serif.ar", ""); +pref("font.name.monospace.ar", ""); +pref("font.name.cursive.ar", ""); + +pref("font.name.serif.el", ""); +pref("font.name.sans-serif.el", ""); +pref("font.name.monospace.el", ""); +pref("font.name.cursive.el", ""); + +pref("font.name.serif.he", ""); +pref("font.name.sans-serif.he", ""); +pref("font.name.monospace.he", ""); +pref("font.name.cursive.he", ""); + +pref("font.name.serif.ja", ""); +pref("font.name.sans-serif.ja", ""); +pref("font.name.monospace.ja", ""); +pref("font.name.cursive.ja", ""); + +pref("font.name.serif.ko", ""); +pref("font.name.sans-serif.ko", ""); +pref("font.name.monospace.ko", ""); +pref("font.name.cursive.ko", ""); + +pref("font.name.serif.th", ""); +pref("font.name.sans-serif.th", ""); +pref("font.name.monospace.th", ""); +pref("font.name.cursive.th", ""); + +pref("font.name.serif.x-cyrillic", ""); +pref("font.name.sans-serif.x-cyrillic", ""); +pref("font.name.monospace.x-cyrillic", ""); +pref("font.name.cursive.x-cyrillic", ""); + +pref("font.name.serif.x-unicode", ""); +pref("font.name.sans-serif.x-unicode", ""); +pref("font.name.monospace.x-unicode", ""); +pref("font.name.cursive.x-unicode", ""); + +pref("font.name.serif.x-western", ""); +pref("font.name.sans-serif.x-western", ""); +pref("font.name.monospace.x-western", ""); +pref("font.name.cursive.x-western", ""); + +pref("font.name.serif.zh-CN", ""); +pref("font.name.sans-serif.zh-CN", ""); +pref("font.name.monospace.zh-CN", ""); +pref("font.name.cursive.zh-CN", ""); + +pref("font.name.serif.zh-TW", ""); +pref("font.name.sans-serif.zh-TW", ""); +pref("font.name.monospace.zh-TW", ""); +pref("font.name.cursive.zh-TW", ""); + +pref("font.name.serif.zh-HK", ""); +pref("font.name.sans-serif.zh-HK", ""); +pref("font.name.monospace.zh-HK", ""); +pref("font.name.cursive.zh-HK", ""); + +pref("font.name.serif.x-devanagari", ""); +pref("font.name.sans-serif.x-devanagari", ""); +pref("font.name.monospace.x-devanagari", ""); +pref("font.name.cursive.x-devanagari", ""); + +pref("font.name.serif.x-tamil", ""); +pref("font.name.sans-serif.x-tamil", ""); +pref("font.name.monospace.x-tamil", ""); +pref("font.name.cursive.x-tamil", ""); + +pref("font.name.serif.x-armn", ""); +pref("font.name.sans-serif.x-armn", ""); +pref("font.name.monospace.x-armn", ""); +pref("font.name.cursive.x-armn", ""); + +pref("font.name.serif.x-beng", ""); +pref("font.name.sans-serif.x-beng", ""); +pref("font.name.monospace.x-beng", ""); +pref("font.name.cursive.x-beng", ""); + +pref("font.name.serif.x-cans", ""); +pref("font.name.sans-serif.x-cans", ""); +pref("font.name.monospace.x-cans", ""); +pref("font.name.cursive.x-cans", ""); + +pref("font.name.serif.x-ethi", ""); +pref("font.name.sans-serif.x-ethi", ""); +pref("font.name.monospace.x-ethi", ""); +pref("font.name.cursive.x-ethi", ""); + +pref("font.name.serif.x-geor", ""); +pref("font.name.sans-serif.x-geor", ""); +pref("font.name.monospace.x-geor", ""); +pref("font.name.cursive.x-geor", ""); + +pref("font.name.serif.x-gujr", ""); +pref("font.name.sans-serif.x-gujr", ""); +pref("font.name.monospace.x-gujr", ""); +pref("font.name.cursive.x-gujr", ""); + +pref("font.name.serif.x-guru", ""); +pref("font.name.sans-serif.x-guru", ""); +pref("font.name.monospace.x-guru", ""); +pref("font.name.cursive.x-guru", ""); + +pref("font.name.serif.x-khmr", ""); +pref("font.name.sans-serif.x-khmr", ""); +pref("font.name.monospace.x-khmr", ""); +pref("font.name.cursive.x-khmr", ""); + +pref("font.name.serif.x-mlym", ""); +pref("font.name.sans-serif.x-mlym", ""); +pref("font.name.monospace.x-mlym", ""); +pref("font.name.cursive.x-mlym", ""); + +pref("font.name.serif.x-orya", ""); +pref("font.name.sans-serif.x-orya", ""); +pref("font.name.monospace.x-orya", ""); +pref("font.name.cursive.x-orya", ""); + +pref("font.name.serif.x-telu", ""); +pref("font.name.sans-serif.x-telu", ""); +pref("font.name.monospace.x-telu", ""); +pref("font.name.cursive.x-telu", ""); + +pref("font.name.serif.x-knda", ""); +pref("font.name.sans-serif.x-knda", ""); +pref("font.name.monospace.x-knda", ""); +pref("font.name.cursive.x-knda", ""); + +pref("font.name.serif.x-sinh", ""); +pref("font.name.sans-serif.x-sinh", ""); +pref("font.name.monospace.x-sinh", ""); +pref("font.name.cursive.x-sinh", ""); + +pref("font.name.serif.x-tibt", ""); +pref("font.name.sans-serif.x-tibt", ""); +pref("font.name.monospace.x-tibt", ""); +pref("font.name.cursive.x-tibt", ""); + +pref("font.name.serif.x-math", ""); +pref("font.name.sans-serif.x-math", ""); +pref("font.name.monospace.x-math", ""); +pref("font.name.cursive.x-math", ""); + +pref("font.name-list.serif.x-math", "Latin Modern Math, STIX Two Math, XITS Math, Cambria Math, Libertinus Math, DejaVu Math TeX Gyre, TeX Gyre Bonum Math, TeX Gyre Pagella Math, TeX Gyre Schola, TeX Gyre Termes Math, STIX Math, Asana Math, STIXGeneral, DejaVu Serif, DejaVu Sans, serif"); +pref("font.name-list.sans-serif.x-math", "sans-serif"); +pref("font.name-list.monospace.x-math", "monospace"); + +// Some CJK fonts have bad underline offset, their CJK character glyphs are overlapped (or adjoined) to its underline. +// These fonts are ignored the underline offset, instead of it, the underline is lowered to bottom of its em descent. +pref("font.blacklist.underline_offset", "FangSong,Gulim,GulimChe,MingLiU,MingLiU-ExtB,MingLiU_HKSCS,MingLiU-HKSCS-ExtB,MS Gothic,MS Mincho,MS PGothic,MS PMincho,MS UI Gothic,PMingLiU,PMingLiU-ExtB,SimHei,SimSun,SimSun-ExtB,Hei,Kai,Apple LiGothic,Apple LiSung,Osaka"); + +// security-sensitive dialogs should delay button enabling. In milliseconds. +pref("security.dialog_enable_delay", 1000); +pref("security.notification_enable_delay", 500); + +#ifdef EARLY_BETA_OR_EARLIER + // Disallow web documents loaded with the SystemPrincipal + pref("security.disallow_non_local_systemprincipal_in_tests", false); +#endif + +// Insecure Form Field Warning +pref("security.insecure_field_warning.ignore_local_ip_address", true); + +// Remote settings preferences +pref("services.settings.poll_interval", 86400); // 24H + +// The percentage of clients who will report uptake telemetry as +// events instead of just a histogram. This only applies on Release; +// other channels always report events. +pref("services.common.uptake.sampleRate", 1); // 1% + +pref("extensions.abuseReport.enabled", true); +// Allow AMO to handoff reports to the Firefox integrated dialog. +pref("extensions.abuseReport.amWebAPI.enabled", true); +pref("extensions.abuseReport.url", "https://services.addons.mozilla.org/api/v4/abuse/report/addon/"); +pref("extensions.abuseReport.amoDetailsURL", "https://services.addons.mozilla.org/api/v4/addons/addon/"); + +// Blocklist preferences +pref("extensions.blocklist.enabled", true); +pref("extensions.blocklist.detailsURL", "https://blocked.cdn.mozilla.net/"); +pref("extensions.blocklist.itemURL", "https://blocked.cdn.mozilla.net/%blockID%.html"); +pref("extensions.blocklist.addonItemURL", "https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/"); +// Controls what level the blocklist switches from warning about items to forcibly +// blocking them. +pref("extensions.blocklist.level", 2); +// Whether event pages should be enabled for "manifest_version: 2" extensions. +pref("extensions.eventPages.enabled", true); +// Whether MV3 restrictions for actions popup urls should be extended to MV2 extensions +// (only allowing same extension urls to be used as action popup urls). +pref("extensions.manifestV2.actionsPopupURLRestricted", false); +// Whether "manifest_version: 3" extensions should be allowed to install successfully. +pref("extensions.manifestV3.enabled", true); +// Whether to enable the updated openPopup API. +#ifdef NIGHTLY_BUILD + pref("extensions.openPopupWithoutUserGesture.enabled", true); +#else + pref("extensions.openPopupWithoutUserGesture.enabled", false); +#endif +// Install origins restriction. +pref("extensions.install_origins.enabled", false); + +// browser_style deprecation - bug 1827910. +// TODO bug 1830711: set to false. +// TODO bug 1830712: remove pref. +pref("extensions.browser_style_mv3.supported", true); +// TODO bug 1830712: remove pref. +pref("extensions.browser_style_mv3.same_as_mv2", false); + +// Middle-mouse handling +pref("middlemouse.paste", false); +pref("middlemouse.contentLoadURL", false); +pref("middlemouse.scrollbarPosition", false); + +#if defined(XP_WIN) || defined(XP_MACOSX) || defined(MOZ_WIDGET_GTK) + // Setting false you can disable 4th button and/or 5th button of your mouse. + // 4th button is typically mapped to "Back" and 5th button is typically mapped + // to "Forward" button. + pref("mousebutton.4th.enabled", true); + pref("mousebutton.5th.enabled", true); +#endif + +// mousewheel.*.action can specify the action when you use mosue wheel. +// When no modifier keys are pressed or two or more modifires are pressed, +// .default is used. +// 0: Nothing happens +// 1: Scrolling contents +// 2: Go back or go forward, in your history +// 3: Zoom in or out (reflowing zoom). +// 4: Treat vertical wheel as horizontal scroll +// This treats vertical wheel operation (i.e., deltaY) as horizontal +// scroll. deltaX and deltaZ are always ignored. So, only +// "delta_multiplier_y" pref affects the scroll speed. +// 5: Zoom in or out (pinch zoom). +pref("mousewheel.default.action", 1); +pref("mousewheel.with_alt.action", 2); +pref("mousewheel.with_control.action", 3); +pref("mousewheel.with_meta.action", 1); // command key on Mac +pref("mousewheel.with_shift.action", 4); +pref("mousewheel.with_win.action", 1); + +// mousewheel.*.action.override_x will override the action +// when the mouse wheel is rotated along the x direction. +// -1: Don't override the action. +// 0 to 3: Override the action with the specified value. +// Note that 4 isn't available because it doesn't make sense to apply the +// default action only for y direction to this pref. +pref("mousewheel.default.action.override_x", -1); +pref("mousewheel.with_alt.action.override_x", -1); +pref("mousewheel.with_control.action.override_x", -1); +pref("mousewheel.with_meta.action.override_x", -1); // command key on Mac +pref("mousewheel.with_shift.action.override_x", -1); +pref("mousewheel.with_win.action.override_x", -1); + +// mousewheel.*.delta_multiplier_* can specify the value muliplied by the delta +// value. The values will be used after divided by 100. I.e., 100 means 1.0, +// -100 means -1.0. If the values were negative, the direction would be +// reverted. The absolue value must be 100 or larger. +pref("mousewheel.default.delta_multiplier_x", 100); +pref("mousewheel.default.delta_multiplier_y", 100); +pref("mousewheel.default.delta_multiplier_z", 100); +pref("mousewheel.with_alt.delta_multiplier_x", 100); +pref("mousewheel.with_alt.delta_multiplier_y", 100); +pref("mousewheel.with_alt.delta_multiplier_z", 100); +pref("mousewheel.with_control.delta_multiplier_x", 100); +pref("mousewheel.with_control.delta_multiplier_y", 100); +pref("mousewheel.with_control.delta_multiplier_z", 100); +pref("mousewheel.with_meta.delta_multiplier_x", 100); // command key on Mac +pref("mousewheel.with_meta.delta_multiplier_y", 100); // command key on Mac +pref("mousewheel.with_meta.delta_multiplier_z", 100); // command key on Mac +pref("mousewheel.with_shift.delta_multiplier_x", 100); +pref("mousewheel.with_shift.delta_multiplier_y", 100); +pref("mousewheel.with_shift.delta_multiplier_z", 100); +pref("mousewheel.with_win.delta_multiplier_x", 100); +pref("mousewheel.with_win.delta_multiplier_y", 100); +pref("mousewheel.with_win.delta_multiplier_z", 100); + +// We can show it anytime from menus +pref("profile.manage_only_at_launch", false); + +// pref for which side vertical scrollbars should be on +// 0 = end-side in UI direction +// 1 = end-side in document/content direction +// 2 = right +// 3 = left +pref("layout.scrollbar.side", 0); + +// pref to control whether layout warnings that are hit quite often are enabled +pref("layout.spammy_warnings.enabled", false); + +// if true, allow plug-ins to override internal imglib decoder mime types in full-page mode +pref("plugin.override_internal_types", false); + +// enable single finger gesture input (win7+ tablets) +pref("gestures.enable_single_finger_input", true); + +pref("dom.use_watchdog", true); + +// Stop all scripts in a compartment when the "stop script" dialog is used. +pref("dom.global_stop_script", true); + +// Support the input event queue on the main thread of content process +pref("input_event_queue.supported", true); + +// This only supports one hidden ctp plugin, edit nsPluginArray.cpp if adding a second +pref("plugins.navigator.hidden_ctp_plugin", ""); + +// The default value for nsIPluginTag.enabledState (STATE_ENABLED = 2) +pref("plugin.default.state", 2); + +// Set IPC timeouts for plugins and tabs, except in leak-checking and +// dynamic analysis builds. (NS_FREE_PERMANENT_DATA is C++ only, so +// approximate its definition here.) +#if !defined(DEBUG) && !defined(MOZ_ASAN) && !defined(MOZ_VALGRIND) && !defined(MOZ_TSAN) + // How long a plugin is allowed to process a synchronous IPC message + // before we consider it "hung". + pref("dom.ipc.plugins.timeoutSecs", 45); + // How long a plugin process will wait for a response from the parent + // to a synchronous request before terminating itself. After this + // point the child assumes the parent is hung. Currently disabled. + pref("dom.ipc.plugins.parentTimeoutSecs", 0); + // How long a plugin in e10s is allowed to process a synchronous IPC + // message before we notify the chrome process of a hang. + pref("dom.ipc.plugins.contentTimeoutSecs", 10); + // How long a plugin launch is allowed to take before + // we consider it failed. + pref("dom.ipc.plugins.processLaunchTimeoutSecs", 45); + #ifdef XP_WIN + // How long a plugin is allowed to process a synchronous IPC message + // before we display the plugin hang UI + pref("dom.ipc.plugins.hangUITimeoutSecs", 11); + // Minimum time that the plugin hang UI will be displayed + pref("dom.ipc.plugins.hangUIMinDisplaySecs", 10); + #endif +#else + // No timeout in leak-checking builds + pref("dom.ipc.plugins.timeoutSecs", 0); + pref("dom.ipc.plugins.contentTimeoutSecs", 0); + pref("dom.ipc.plugins.processLaunchTimeoutSecs", 0); + pref("dom.ipc.plugins.parentTimeoutSecs", 0); + #ifdef XP_WIN + pref("dom.ipc.plugins.hangUITimeoutSecs", 0); + pref("dom.ipc.plugins.hangUIMinDisplaySecs", 0); + #endif +#endif + +pref("dom.ipc.plugins.reportCrashURL", true); + +// Force the accelerated direct path for a subset of Flash wmode values +pref("dom.ipc.plugins.forcedirect.enabled", true); + +// Enable multi by default. +#if !defined(MOZ_ASAN) && !defined(MOZ_TSAN) + pref("dom.ipc.processCount", 8); +#elif defined(FUZZING_SNAPSHOT) + pref("dom.ipc.processCount", 1); +#else + pref("dom.ipc.processCount", 4); +#endif + +// Default to allow only one file:// URL content process. +pref("dom.ipc.processCount.file", 1); + +// WebExtensions only support a single extension process. +pref("dom.ipc.processCount.extension", 1); + +// The privileged about process only supports a single content process. +pref("dom.ipc.processCount.privilegedabout", 1); + +// Limit the privileged mozilla process to a single instance only +// to avoid multiple of these content processes +pref("dom.ipc.processCount.privilegedmozilla", 1); + +// Maximum number of isolated content processes per-origin. +#ifdef ANDROID +pref("dom.ipc.processCount.webIsolated", 1); +#else +pref("dom.ipc.processCount.webIsolated", 4); +#endif + +// Keep a single privileged about process alive for performance reasons. +// e.g. we do not want to throw content processes out every time we navigate +// away from about:newtab. +pref("dom.ipc.keepProcessesAlive.privilegedabout", 1); + +// Disable support for SVG +pref("svg.disabled", false); + +// Disable e10s for Gecko by default. This is overridden in firefox.js. +pref("browser.tabs.remote.autostart", false); + +// This pref will cause assertions when a remoteType triggers a process switch +// to a new remoteType it should not be able to trigger. +pref("browser.tabs.remote.enforceRemoteTypeRestrictions", false); + +// Pref to control whether we use a separate privileged content process +// for about: pages. This pref name did not age well: we will have multiple +// types of privileged content processes, each with different privileges. +pref("browser.tabs.remote.separatePrivilegedContentProcess", false); + +// The domains we will isolate into the Mozilla Content Process. Comma-separated +// full domains: any subdomains of the domains listed will also be allowed. +pref("browser.tabs.remote.separatedMozillaDomains", "addons.mozilla.org,accounts.firefox.com"); + +// Default font types and sizes by locale +pref("font.default.ar", "sans-serif"); +pref("font.minimum-size.ar", 0); +pref("font.size.variable.ar", 16); +pref("font.size.monospace.ar", 13); + +pref("font.default.el", "serif"); +pref("font.minimum-size.el", 0); +pref("font.size.variable.el", 16); +pref("font.size.monospace.el", 13); + +pref("font.default.he", "sans-serif"); +pref("font.minimum-size.he", 0); +pref("font.size.variable.he", 16); +pref("font.size.monospace.he", 13); + +pref("font.default.ja", "sans-serif"); +pref("font.minimum-size.ja", 0); +pref("font.size.variable.ja", 16); +pref("font.size.monospace.ja", 16); + +pref("font.default.ko", "sans-serif"); +pref("font.minimum-size.ko", 0); +pref("font.size.variable.ko", 16); +pref("font.size.monospace.ko", 16); + +pref("font.default.th", "sans-serif"); +pref("font.minimum-size.th", 0); +pref("font.size.variable.th", 16); +pref("font.size.monospace.th", 13); + +pref("font.default.x-cyrillic", "serif"); +pref("font.minimum-size.x-cyrillic", 0); +pref("font.size.variable.x-cyrillic", 16); +pref("font.size.monospace.x-cyrillic", 13); + +pref("font.default.x-devanagari", "serif"); +pref("font.minimum-size.x-devanagari", 0); +pref("font.size.variable.x-devanagari", 16); +pref("font.size.monospace.x-devanagari", 13); + +pref("font.default.x-tamil", "serif"); +pref("font.minimum-size.x-tamil", 0); +pref("font.size.variable.x-tamil", 16); +pref("font.size.monospace.x-tamil", 13); + +pref("font.default.x-armn", "serif"); +pref("font.minimum-size.x-armn", 0); +pref("font.size.variable.x-armn", 16); +pref("font.size.monospace.x-armn", 13); + +pref("font.default.x-beng", "serif"); +pref("font.minimum-size.x-beng", 0); +pref("font.size.variable.x-beng", 16); +pref("font.size.monospace.x-beng", 13); + +pref("font.default.x-cans", "serif"); +pref("font.minimum-size.x-cans", 0); +pref("font.size.variable.x-cans", 16); +pref("font.size.monospace.x-cans", 13); + +pref("font.default.x-ethi", "serif"); +pref("font.minimum-size.x-ethi", 0); +pref("font.size.variable.x-ethi", 16); +pref("font.size.monospace.x-ethi", 13); + +pref("font.default.x-geor", "serif"); +pref("font.minimum-size.x-geor", 0); +pref("font.size.variable.x-geor", 16); +pref("font.size.monospace.x-geor", 13); + +pref("font.default.x-gujr", "serif"); +pref("font.minimum-size.x-gujr", 0); +pref("font.size.variable.x-gujr", 16); +pref("font.size.monospace.x-gujr", 13); + +pref("font.default.x-guru", "serif"); +pref("font.minimum-size.x-guru", 0); +pref("font.size.variable.x-guru", 16); +pref("font.size.monospace.x-guru", 13); + +pref("font.default.x-khmr", "serif"); +pref("font.minimum-size.x-khmr", 0); +pref("font.size.variable.x-khmr", 16); +pref("font.size.monospace.x-khmr", 13); + +pref("font.default.x-mlym", "serif"); +pref("font.minimum-size.x-mlym", 0); +pref("font.size.variable.x-mlym", 16); +pref("font.size.monospace.x-mlym", 13); + +pref("font.default.x-orya", "serif"); +pref("font.minimum-size.x-orya", 0); +pref("font.size.variable.x-orya", 16); +pref("font.size.monospace.x-orya", 13); + +pref("font.default.x-telu", "serif"); +pref("font.minimum-size.x-telu", 0); +pref("font.size.variable.x-telu", 16); +pref("font.size.monospace.x-telu", 13); + +pref("font.default.x-knda", "serif"); +pref("font.minimum-size.x-knda", 0); +pref("font.size.variable.x-knda", 16); +pref("font.size.monospace.x-knda", 13); + +pref("font.default.x-sinh", "serif"); +pref("font.minimum-size.x-sinh", 0); +pref("font.size.variable.x-sinh", 16); +pref("font.size.monospace.x-sinh", 13); + +pref("font.default.x-tibt", "serif"); +pref("font.minimum-size.x-tibt", 0); +pref("font.size.variable.x-tibt", 16); +pref("font.size.monospace.x-tibt", 13); + +pref("font.default.x-unicode", "serif"); +pref("font.minimum-size.x-unicode", 0); +pref("font.size.variable.x-unicode", 16); +pref("font.size.monospace.x-unicode", 13); + +pref("font.default.x-western", "serif"); +pref("font.minimum-size.x-western", 0); +pref("font.size.variable.x-western", 16); +pref("font.size.monospace.x-western", 13); + +pref("font.default.zh-CN", "sans-serif"); +pref("font.minimum-size.zh-CN", 0); +pref("font.size.variable.zh-CN", 16); +pref("font.size.monospace.zh-CN", 16); + +pref("font.default.zh-HK", "sans-serif"); +pref("font.minimum-size.zh-HK", 0); +pref("font.size.variable.zh-HK", 16); +pref("font.size.monospace.zh-HK", 16); + +pref("font.default.zh-TW", "sans-serif"); +pref("font.minimum-size.zh-TW", 0); +pref("font.size.variable.zh-TW", 16); +pref("font.size.monospace.zh-TW", 16); + +// mathml.css sets font-size to "inherit" and font-family to "serif" so only +// font.name.*.x-math and font.minimum-size.x-math are really relevant. +pref("font.default.x-math", "serif"); +pref("font.minimum-size.x-math", 0); +pref("font.size.variable.x-math", 16); +pref("font.size.monospace.x-math", 13); + +#ifdef XP_WIN + + pref("font.name-list.emoji", "Segoe UI Emoji, Twemoji Mozilla"); + + pref("font.name-list.serif.ar", "Times New Roman"); + pref("font.name-list.sans-serif.ar", "Segoe UI, Tahoma, Arial"); + pref("font.name-list.monospace.ar", "Consolas"); + pref("font.name-list.cursive.ar", "Comic Sans MS"); + + pref("font.name-list.serif.el", "Times New Roman"); + pref("font.name-list.sans-serif.el", "Arial"); + pref("font.name-list.monospace.el", "Consolas"); + pref("font.name-list.cursive.el", "Comic Sans MS"); + + pref("font.name-list.serif.he", "Narkisim, David"); + pref("font.name-list.sans-serif.he", "Arial"); + pref("font.name-list.monospace.he", "Fixed Miriam Transparent, Miriam Fixed, Rod, Consolas, Courier New"); + pref("font.name-list.cursive.he", "Guttman Yad, Ktav, Arial"); + + pref("font.name-list.serif.ja", "Yu Mincho, MS PMincho, MS Mincho, Meiryo, Yu Gothic, MS PGothic, MS Gothic"); + pref("font.name-list.sans-serif.ja", "Meiryo, Yu Gothic, MS PGothic, MS Gothic, Yu Mincho, MS PMincho, MS Mincho"); + pref("font.name-list.monospace.ja", "MS Gothic, MS Mincho, Meiryo, Yu Gothic, Yu Mincho, MS PGothic, MS PMincho"); + + pref("font.name-list.serif.ko", "Batang, Gulim"); + pref("font.name-list.sans-serif.ko", "Malgun Gothic, Gulim"); + pref("font.name-list.monospace.ko", "GulimChe"); + pref("font.name-list.cursive.ko", "Gungsuh"); + + pref("font.name-list.serif.th", "Tahoma"); + pref("font.name-list.sans-serif.th", "Tahoma"); + pref("font.name-list.monospace.th", "Tahoma"); + pref("font.name-list.cursive.th", "Tahoma"); + + pref("font.name-list.serif.x-cyrillic", "Times New Roman"); + pref("font.name-list.sans-serif.x-cyrillic", "Arial"); + pref("font.name-list.monospace.x-cyrillic", "Consolas"); + pref("font.name-list.cursive.x-cyrillic", "Comic Sans MS"); + + pref("font.name-list.serif.x-unicode", "Times New Roman"); + pref("font.name-list.sans-serif.x-unicode", "Arial"); + pref("font.name-list.monospace.x-unicode", "Consolas"); + pref("font.name-list.cursive.x-unicode", "Comic Sans MS"); + + pref("font.name-list.serif.x-western", "Times New Roman"); + pref("font.name-list.sans-serif.x-western", "Arial"); + pref("font.name-list.monospace.x-western", "Consolas"); + pref("font.name-list.cursive.x-western", "Comic Sans MS"); + + pref("font.name-list.serif.zh-CN", "SimSun, MS Song, SimSun-ExtB"); + pref("font.name-list.sans-serif.zh-CN", "Microsoft YaHei, SimHei"); + pref("font.name-list.monospace.zh-CN", "SimSun, MS Song, SimSun-ExtB"); + pref("font.name-list.cursive.zh-CN", "KaiTi, KaiTi_GB2312"); + + // Per Taiwanese users' demand. They don't want to use TC fonts for + // rendering Latin letters. (bug 88579) + pref("font.name-list.serif.zh-TW", "Times New Roman, PMingLiu, MingLiU, MingLiU-ExtB"); + #ifdef EARLY_BETA_OR_EARLIER + pref("font.name-list.sans-serif.zh-TW", "Arial, Microsoft JhengHei, PMingLiU, MingLiU, MingLiU-ExtB"); + #else + pref("font.name-list.sans-serif.zh-TW", "Arial, PMingLiU, MingLiU, MingLiU-ExtB, Microsoft JhengHei"); + #endif + pref("font.name-list.monospace.zh-TW", "MingLiU, MingLiU-ExtB"); + pref("font.name-list.cursive.zh-TW", "DFKai-SB"); + + // hkscsm3u.ttf (HKSCS-2001) : http://www.microsoft.com/hk/hkscs + // Hong Kong users have the same demand about glyphs for Latin letters (bug 88579) + pref("font.name-list.serif.zh-HK", "Times New Roman, MingLiu_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); + pref("font.name-list.sans-serif.zh-HK", "Arial, MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); + pref("font.name-list.monospace.zh-HK", "MingLiU_HKSCS, Ming(for ISO10646), MingLiU, MingLiU_HKSCS-ExtB, Microsoft JhengHei"); + pref("font.name-list.cursive.zh-HK", "DFKai-SB"); + + pref("font.name-list.serif.x-devanagari", "Kokila, Raghindi"); + pref("font.name-list.sans-serif.x-devanagari", "Nirmala UI, Mangal"); + pref("font.name-list.monospace.x-devanagari", "Mangal, Nirmala UI"); + + pref("font.name-list.serif.x-tamil", "Latha"); + pref("font.name-list.monospace.x-tamil", "Latha"); + + // http://www.alanwood.net/unicode/fonts.html + + pref("font.name-list.serif.x-armn", "Sylfaen"); + pref("font.name-list.sans-serif.x-armn", "Arial AMU"); + pref("font.name-list.monospace.x-armn", "Arial AMU"); + + pref("font.name-list.serif.x-beng", "Vrinda, Akaash, Likhan, Ekushey Punarbhaba"); + pref("font.name-list.sans-serif.x-beng", "Vrinda, Akaash, Likhan, Ekushey Punarbhaba"); + pref("font.name-list.monospace.x-beng", "Mitra Mono, Likhan, Mukti Narrow"); + + pref("font.name-list.serif.x-cans", "Aboriginal Serif, BJCree Uni"); + pref("font.name-list.sans-serif.x-cans", "Aboriginal Sans"); + pref("font.name-list.monospace.x-cans", "Aboriginal Sans, OskiDakelh, Pigiarniq, Uqammaq"); + + pref("font.name-list.serif.x-ethi", "Visual Geez Unicode, Visual Geez Unicode Agazian"); + pref("font.name-list.sans-serif.x-ethi", "GF Zemen Unicode"); + pref("font.name-list.monospace.x-ethi", "Ethiopia Jiret"); + pref("font.name-list.cursive.x-ethi", "Visual Geez Unicode Title"); + + pref("font.name-list.serif.x-geor", "Sylfaen, BPG Paata Khutsuri U, TITUS Cyberbit Basic"); + pref("font.name-list.sans-serif.x-geor", "BPG Classic 99U"); + pref("font.name-list.monospace.x-geor", "BPG Classic 99U"); + + pref("font.name-list.serif.x-gujr", "Shruti"); + pref("font.name-list.sans-serif.x-gujr", "Shruti"); + pref("font.name-list.monospace.x-gujr", "Shruti"); + + pref("font.name-list.serif.x-guru", "Raavi, Saab"); + pref("font.name-list.sans-serif.x-guru", ""); + pref("font.name-list.monospace.x-guru", "Raavi, Saab"); + + pref("font.name-list.serif.x-khmr", "PhnomPenh OT,.Mondulkiri U GR 1.5, Khmer OS"); + pref("font.name-list.sans-serif.x-khmr", "Khmer OS"); + pref("font.name-list.monospace.x-khmr", "Khmer OS, Khmer OS System"); + + pref("font.name-list.serif.x-mlym", "Rachana_w01, AnjaliOldLipi, Kartika, ThoolikaUnicode"); + pref("font.name-list.sans-serif.x-mlym", "Rachana_w01, AnjaliOldLipi, Kartika, ThoolikaUnicode"); + pref("font.name-list.monospace.x-mlym", "Rachana_w01, AnjaliOldLipi, Kartika, ThoolikaUnicode"); + + pref("font.name-list.serif.x-orya", "ori1Uni, Kalinga"); + pref("font.name-list.sans-serif.x-orya", "ori1Uni, Kalinga"); + pref("font.name-list.monospace.x-orya", "ori1Uni, Kalinga"); + + pref("font.name-list.serif.x-telu", "Gautami, Akshar Unicode"); + pref("font.name-list.sans-serif.x-telu", "Gautami, Akshar Unicode"); + pref("font.name-list.monospace.x-telu", "Gautami, Akshar Unicode"); + + pref("font.name-list.serif.x-knda", "Tunga, AksharUnicode"); + pref("font.name-list.sans-serif.x-knda", "Tunga, AksharUnicode"); + pref("font.name-list.monospace.x-knda", "Tunga, AksharUnicode"); + + pref("font.name-list.serif.x-sinh", "Iskoola Pota, AksharUnicode"); + pref("font.name-list.sans-serif.x-sinh", "Iskoola Pota, AksharUnicode"); + pref("font.name-list.monospace.x-sinh", "Iskoola Pota, AksharUnicode"); + + pref("font.name-list.serif.x-tibt", "Tibetan Machine Uni, Jomolhari, Microsoft Himalaya"); + pref("font.name-list.sans-serif.x-tibt", "Tibetan Machine Uni, Jomolhari, Microsoft Himalaya"); + pref("font.name-list.monospace.x-tibt", "Tibetan Machine Uni, Jomolhari, Microsoft Himalaya"); + + pref("font.minimum-size.th", 10); + + pref("font.default.x-devanagari", "sans-serif"); + + pref("font.name-list.serif.x-math", "Latin Modern Math, STIX Two Math, XITS Math, Cambria Math, Libertinus Math, DejaVu Math TeX Gyre, TeX Gyre Bonum Math, TeX Gyre Pagella Math, TeX Gyre Schola, TeX Gyre Termes Math, STIX Math, Asana Math, STIXGeneral, DejaVu Serif, DejaVu Sans, Times New Roman"); + pref("font.name-list.sans-serif.x-math", "Arial"); + pref("font.name-list.monospace.x-math", "Consolas"); + pref("font.name-list.cursive.x-math", "Comic Sans MS"); + + // ClearType tuning parameters for directwrite/d2d. + // + // Allows overriding of underlying registry values in: + // HKCU/Software/Microsoft/Avalon.Graphics/<display> (contrast and level) + // HKLM/Software/Microsoft/Avalon.Graphics/<display> (gamma, pixel structure) + // and selection of the ClearType/antialiasing mode. + // + // A value of -1 implies use the default value, otherwise value ranges + // follow registry settings: + // gamma [1000, 2200] default: based on screen, typically 2200 (== 2.2) + // enhanced contrast [0, 1000] default: 50 + // cleartype level [0, 100] default: 100 + // pixel structure [0, 2] default: 0 (flat/RGB/BGR) + // rendering mode [0, 5] default: 0 + // 0 = use default for font & size; + // 1 = aliased; + // 2 = GDI Classic; + // 3 = GDI Natural Widths; + // 4 = Natural; + // 5 = Natural Symmetric + // + // See: + // http://msdn.microsoft.com/en-us/library/aa970267.aspx + // http://msdn.microsoft.com/en-us/library/dd368190%28v=VS.85%29.aspx + // Note: DirectWrite uses the "Enhanced Contrast Level" value rather than the + // "Text Contrast Level" value + + pref("gfx.font_rendering.cleartype_params.gamma", -1); + pref("gfx.font_rendering.cleartype_params.enhanced_contrast", -1); + pref("gfx.font_rendering.cleartype_params.cleartype_level", -1); + pref("gfx.font_rendering.cleartype_params.pixel_structure", -1); + pref("gfx.font_rendering.cleartype_params.rendering_mode", -1); + + // A comma-separated list of font family names. Fonts in these families will + // be forced to use "GDI Classic" ClearType mode, provided the value + // of gfx.font_rendering.cleartype_params.rendering_mode is -1 + // (i.e. a specific rendering_mode has not been explicitly set). + // Currently we apply this setting to the sans-serif Microsoft "core Web fonts". + pref("gfx.font_rendering.cleartype_params.force_gdi_classic_for_families", + "Arial,Consolas,Courier New,Microsoft Sans Serif,Segoe UI,Tahoma,Trebuchet MS,Verdana"); + // The maximum size at which we will force GDI classic mode using + // force_gdi_classic_for_families. + pref("gfx.font_rendering.cleartype_params.force_gdi_classic_max_size", 15); + + // Locate plugins by the directories specified in the Windows registry for PLIDs + // Which is currently HKLM\Software\MozillaPlugins\xxxPLIDxxx\Path + pref("plugin.scan.plid.all", true); + + // Switch the keyboard layout per window + pref("intl.keyboard.per_window_layout", false); + + // If composition_font is set, Gecko sets the font to IME. IME may use + // the fonts on their window like candidate window. If they are empty, + // Gecko uses the system default font which is set to the IM context. + // The font name must not start with '@'. When the writing mode is vertical, + // Gecko inserts '@' to the start of the font name automatically. + // FYI: Changing these prefs requires to restart. + pref("intl.imm.composition_font", ""); + + // Japanist 2003's candidate window is broken if the font is "@System" which + // is default composition font for vertical writing mode. + // You can specify font to use on candidate window of Japanist 2003. + // This value must not start with '@'. + // FYI: Changing this pref requires to restart. + pref("intl.imm.composition_font.japanist_2003", "MS PGothic"); + + // Even if IME claims that they support vertical writing mode but it may not + // support vertical writing mode for its candidate window. This pref allows + // to ignore the claim. + // FYI: Changing this pref requires to restart. + pref("intl.imm.vertical_writing.always_assume_not_supported", false); + + // We cannot retrieve active IME name with IMM32 API if a TIP of TSF is + // active. This pref can specify active IME name when Japanese TIP is active. + // For example: + // Google Japanese Input: "Google 日本語入力 IMM32 モジュール" + // ATOK 2011: "ATOK 2011" (similarly, e.g., ATOK 2013 is "ATOK 2013") + pref("intl.imm.japanese.assume_active_tip_name_as", ""); + + // See bug 448927, on topmost panel, some IMEs are not usable on Windows. + pref("ui.panel.default_level_parent", false); + + // Enable system settings cache for mouse wheel message handling. + // Note that even if this pref is set to true, Gecko may not cache the system + // settings if Gecko detects that the cache won't be refreshed properly when + // the settings are changed. + pref("mousewheel.system_settings_cache.enabled", true); + + // This is a pref to test system settings cache for mouse wheel message + // handling. If this is set to true, Gecko forcibly use the cache. + pref("mousewheel.system_settings_cache.force_enabled", false); + + // High resolution scrolling with supported mouse drivers on Vista or later. + pref("mousewheel.enable_pixel_scrolling", true); + + // If your mouse drive sends WM_*SCROLL messages when you turn your mouse + // wheel, set this to true. Then, gecko processes them as mouse wheel + // messages. + pref("mousewheel.emulate_at_wm_scroll", false); + + // Some odd touchpad utils give focus to window under cursor when user tries + // to scroll. If this is true, Gecko tries to emulate such odd behavior. + // Don't make this true unless you want to debug. Enabling this pref causes + // making damage to the performance. + pref("mousewheel.debug.make_window_under_cursor_foreground", false); + + // Enables or disabled the TrackPoint hack, -1 is autodetect, 0 is off, + // and 1 is on. Set this to 1 if TrackPoint scrolling is not working. + pref("ui.trackpoint_hack.enabled", -1); + + // Setting this to a non-empty string overrides the Win32 "window class" used + // for "normal" windows. Setting this to MozillaUIWindowClass might make + // some trackpad drivers behave better. + pref("ui.window_class_override", ""); + + // Enables or disables the Elantech gesture hacks. -1 is autodetect, 0 is + // off, and 1 is on. Set this to 1 if three-finger swipe gestures do not + // cause page back/forward actions, or if pinch-to-zoom does not work. + pref("ui.elantech_gesture_hacks.enabled", -1); + + // Show the Windows on-screen keyboard (osk.exe) when a text field is focused. + pref("ui.osk.enabled", true); + // Only show the on-screen keyboard if there are no physical keyboards + // attached to the device. + pref("ui.osk.detect_physical_keyboard", true); + // Path to TabTip.exe on local machine. Cached for performance reasons. + pref("ui.osk.on_screen_keyboard_path", ""); + // Only try to show the on-screen keyboard on Windows 10 and later. Setting + // this pref to false will allow the OSK to show on Windows 8 and 8.1. + pref("ui.osk.require_win10", false); + // This pref stores the "reason" that the on-screen keyboard was either + // shown or not shown when focus is moved to an editable text field. It is + // used to help debug why the keyboard is either not appearing when expected + // or appearing when it is not expected. + pref("ui.osk.debug.keyboardDisplayReason", ""); + +#endif // XP_WIN + +#ifdef XP_MACOSX + // Mac specific preference defaults + pref("browser.drag_out_of_frame_style", 1); + pref("ui.key.saveLink.shift", false); // true = shift, false = meta + + // default fonts (in UTF8 and using canonical names) + // to determine canonical font names, use a debug build and + // enable NSPR logging for module fontInfoLog:5 + // canonical names immediately follow '(fontinit) family:' in the log + + // For some scripts there is no commonly-installed monospace font, so we just use + // the same as serif/sans-serif, but we prefix the list with Menlo so that at least + // Latin text will be monospaced if it occurs when that lang code is in effect. + + pref("font.name-list.emoji", "Apple Color Emoji"); + + pref("font.name-list.serif.ar", "Al Bayan"); + pref("font.name-list.sans-serif.ar", "Geeza Pro"); + pref("font.name-list.monospace.ar", "Menlo, Geeza Pro"); + pref("font.name-list.cursive.ar", "DecoType Naskh"); + pref("font.name-list.fantasy.ar", "KufiStandardGK"); + + pref("font.name-list.serif.el", "Times, Times New Roman"); + pref("font.name-list.sans-serif.el", "Helvetica, Lucida Grande"); + pref("font.name-list.monospace.el", "Menlo"); + pref("font.name-list.cursive.el", "Lucida Grande, Times"); + pref("font.name-list.fantasy.el", "Lucida Grande, Times"); + + pref("font.name-list.serif.he", "Times New Roman"); + pref("font.name-list.sans-serif.he", "Arial"); + pref("font.name-list.monospace.he", "Menlo, Courier New"); + pref("font.name-list.cursive.he", "Times New Roman"); + pref("font.name-list.fantasy.he", "Times New Roman"); + + pref("font.name-list.serif.ja", "Hiragino Mincho ProN, Hiragino Mincho Pro"); + pref("font.name-list.sans-serif.ja", "Hiragino Kaku Gothic ProN, Hiragino Kaku Gothic Pro, Hiragino Sans"); + pref("font.name-list.monospace.ja", "Osaka-Mono, Hiragino Kaku Gothic ProN, Hiragino Sans"); + + pref("font.name-list.serif.ko", "AppleMyungjo"); + pref("font.name-list.sans-serif.ko", "Apple SD Gothic Neo, AppleGothic"); + pref("font.name-list.monospace.ko", "Menlo, Apple SD Gothic Neo, AppleGothic"); + + pref("font.name-list.serif.th", "Thonburi"); + pref("font.name-list.sans-serif.th", "Thonburi"); + pref("font.name-list.monospace.th", "Menlo, Ayuthaya"); + + pref("font.name-list.serif.x-armn", "Mshtakan"); + pref("font.name-list.sans-serif.x-armn", "Mshtakan"); + pref("font.name-list.monospace.x-armn", "Menlo, Mshtakan"); + + // SolaimanLipi, Rupali http://ekushey.org/?page/mac_download + pref("font.name-list.serif.x-beng", "Bangla MN"); + pref("font.name-list.sans-serif.x-beng", "Bangla Sangam MN"); + pref("font.name-list.monospace.x-beng", "Menlo, Bangla Sangam MN"); + + pref("font.name-list.serif.x-cans", "Euphemia UCAS"); + pref("font.name-list.sans-serif.x-cans", "Euphemia UCAS"); + pref("font.name-list.monospace.x-cans", "Menlo, Euphemia UCAS"); + + pref("font.name-list.serif.x-cyrillic", "Times, Times New Roman"); + pref("font.name-list.sans-serif.x-cyrillic", "Helvetica, Arial"); + pref("font.name-list.monospace.x-cyrillic", "Menlo"); + pref("font.name-list.cursive.x-cyrillic", "Geneva"); + pref("font.name-list.fantasy.x-cyrillic", "Charcoal CY"); + + pref("font.name-list.serif.x-devanagari", "Devanagari MT"); + pref("font.name-list.sans-serif.x-devanagari", "Devanagari Sangam MN, Devanagari MT"); + pref("font.name-list.monospace.x-devanagari", "Menlo, Devanagari Sangam MN, Devanagari MT"); + + // Abyssinica SIL http://scripts.sil.org/AbyssinicaSIL_Download + pref("font.name-list.serif.x-ethi", "Kefa, Abyssinica SIL"); + pref("font.name-list.sans-serif.x-ethi", "Kefa, Abyssinica SIL"); + pref("font.name-list.monospace.x-ethi", "Menlo, Kefa, Abyssinica SIL"); + + // no suitable fonts for georgian ship with mac os x + // however some can be freely downloaded + // TITUS Cyberbit Basic http://titus.fkidg1.uni-frankfurt.de/unicode/tituut.asp + // Zuzumbo http://homepage.mac.com/rsiradze/FileSharing91.html + pref("font.name-list.serif.x-geor", "TITUS Cyberbit Basic"); + pref("font.name-list.sans-serif.x-geor", "Zuzumbo"); + pref("font.name-list.monospace.x-geor", "Menlo, Zuzumbo"); + + pref("font.name-list.serif.x-gujr", "Gujarati MT"); + pref("font.name-list.sans-serif.x-gujr", "Gujarati Sangam MN, Gujarati MT"); + pref("font.name-list.monospace.x-gujr", "Menlo, Gujarati Sangam MN, Gujarati MT"); + + pref("font.name-list.serif.x-guru", "Gurmukhi MT"); + pref("font.name-list.sans-serif.x-guru", "Gurmukhi MT"); + pref("font.name-list.monospace.x-guru", "Menlo, Gurmukhi MT"); + + pref("font.name-list.serif.x-khmr", "Khmer MN"); + pref("font.name-list.sans-serif.x-khmr", "Khmer Sangam MN"); + pref("font.name-list.monospace.x-khmr", "Menlo, Khmer Sangam MN"); + + pref("font.name-list.serif.x-mlym", "Malayalam MN"); + pref("font.name-list.sans-serif.x-mlym", "Malayalam Sangam MN"); + pref("font.name-list.monospace.x-mlym", "Menlo, Malayalam Sangam MN"); + + pref("font.name-list.serif.x-orya", "Oriya MN"); + pref("font.name-list.sans-serif.x-orya", "Oriya Sangam MN"); + pref("font.name-list.monospace.x-orya", "Menlo, Oriya Sangam MN"); + + // Pothana http://web.nickshanks.com/typography/telugu/ + pref("font.name-list.serif.x-telu", "Telugu MN, Pothana"); + pref("font.name-list.sans-serif.x-telu", "Telugu Sangam MN, Pothana"); + pref("font.name-list.monospace.x-telu", "Menlo, Telugu Sangam MN, Pothana"); + + // Kedage http://web.nickshanks.com/typography/kannada/ + pref("font.name-list.serif.x-knda", "Kannada MN, Kedage"); + pref("font.name-list.sans-serif.x-knda", "Kannada Sangam MN, Kedage"); + pref("font.name-list.monospace.x-knda", "Menlo, Kannada Sangam MN, Kedage"); + + pref("font.name-list.serif.x-sinh", "Sinhala MN"); + pref("font.name-list.sans-serif.x-sinh", "Sinhala Sangam MN"); + pref("font.name-list.monospace.x-sinh", "Menlo, Sinhala Sangam MN"); + + pref("font.name-list.serif.x-tamil", "InaiMathi"); + pref("font.name-list.sans-serif.x-tamil", "InaiMathi"); + pref("font.name-list.monospace.x-tamil", "Menlo, InaiMathi"); + + // Kailasa ships with mac os x >= 10.5 + pref("font.name-list.serif.x-tibt", "Kailasa"); + pref("font.name-list.sans-serif.x-tibt", "Kailasa"); + pref("font.name-list.monospace.x-tibt", "Menlo, Kailasa"); + + pref("font.name-list.serif.x-unicode", "Times"); + pref("font.name-list.sans-serif.x-unicode", "Helvetica"); + pref("font.name-list.monospace.x-unicode", "Menlo"); + pref("font.name-list.cursive.x-unicode", "Apple Chancery"); + pref("font.name-list.fantasy.x-unicode", "Papyrus"); + + pref("font.name-list.serif.x-western", "Times, Times New Roman"); + pref("font.name-list.sans-serif.x-western", "Helvetica, Arial"); + pref("font.name-list.monospace.x-western", "Menlo"); + pref("font.name-list.cursive.x-western", "Apple Chancery"); + pref("font.name-list.fantasy.x-western", "Papyrus"); + + pref("font.name-list.serif.zh-CN", "Times New Roman, Songti SC, STSong, Heiti SC"); + pref("font.name-list.sans-serif.zh-CN", "Arial, PingFang SC, STHeiti, Heiti SC"); + pref("font.name-list.monospace.zh-CN", "Menlo, PingFang SC, STHeiti, Heiti SC"); + pref("font.name-list.cursive.zh-CN", "Kaiti SC"); + + pref("font.name-list.serif.zh-TW", "Times New Roman, Songti TC, LiSong Pro, Heiti TC"); + pref("font.name-list.sans-serif.zh-TW", "Arial, PingFang TC, Heiti TC, LiHei Pro"); + pref("font.name-list.monospace.zh-TW", "Menlo, PingFang TC, Heiti TC, LiHei Pro"); + pref("font.name-list.cursive.zh-TW", "Kaiti TC"); + + pref("font.name-list.serif.zh-HK", "Times New Roman, Songti TC, LiSong Pro, Heiti TC"); + pref("font.name-list.sans-serif.zh-HK", "Arial, PingFang TC, Heiti TC, LiHei Pro"); + pref("font.name-list.monospace.zh-HK", "Menlo, PingFang TC, Heiti TC, LiHei Pro"); + pref("font.name-list.cursive.zh-HK", "Kaiti TC"); + + // XP_MACOSX changes to default font sizes + pref("font.minimum-size.th", 10); + + // Apple's Symbol is Unicode so use it + pref("font.name-list.serif.x-math", "Latin Modern Math, STIX Two Math, XITS Math, Cambria Math, Libertinus Math, DejaVu Math TeX Gyre, TeX Gyre Bonum Math, TeX Gyre Pagella Math, TeX Gyre Schola, TeX Gyre Termes Math, STIX Math, Asana Math, STIXGeneral, DejaVu Serif, DejaVu Sans, Symbol, Times"); + pref("font.name-list.sans-serif.x-math", "Helvetica"); + pref("font.name-list.monospace.x-math", "Menlo"); + pref("font.name-list.cursive.x-math", "Apple Chancery"); + pref("font.name-list.fantasy.x-math", "Papyrus"); + + // Individual font faces to be treated as independent families, + // listed as <Postscript name of face:Owning family name> + pref("font.single-face-list", "Osaka-Mono:Osaka"); + + // optimization hint for fonts with localized names to be read in at startup, otherwise read in at lookup miss + // names are canonical family names (typically English names) + pref("font.preload-names-list", "Hiragino Kaku Gothic ProN,Hiragino Mincho ProN,STSong"); + + // Override font-weight values for some problematic families Apple ships + // (see bug 931426). + // The name here is the font's PostScript name, which can be checked in + // the Font Book utility or other tools. + pref("font.weight-override.AppleSDGothicNeo-Thin", 100); // Ensure Thin < UltraLight < Light + pref("font.weight-override.AppleSDGothicNeo-UltraLight", 200); + pref("font.weight-override.AppleSDGothicNeo-Light", 300); + pref("font.weight-override.AppleSDGothicNeo-Heavy", 900); // Ensure Heavy > ExtraBold (800) + + pref("font.weight-override.Avenir-Book", 300); // Ensure Book < Roman (400) + pref("font.weight-override.Avenir-BookOblique", 300); + pref("font.weight-override.Avenir-MediumOblique", 500); // Harmonize MediumOblique with Medium + pref("font.weight-override.Avenir-Black", 900); // Ensure Black > Heavy (800) + pref("font.weight-override.Avenir-BlackOblique", 900); + + pref("font.weight-override.AvenirNext-MediumItalic", 500); // Harmonize MediumItalic with Medium + pref("font.weight-override.AvenirNextCondensed-MediumItalic", 500); + + pref("font.weight-override.HelveticaNeue-Light", 300); // Ensure Light > Thin (200) + pref("font.weight-override.HelveticaNeue-LightItalic", 300); + pref("font.weight-override.HelveticaNeue-MediumItalic", 500); // Harmonize MediumItalic with Medium + + // See bug 404131, topmost <panel> element wins to Dashboard on MacOSX. + pref("ui.panel.default_level_parent", false); + + // Macbook touchpad two finger pixel scrolling + pref("mousewheel.enable_pixel_scrolling", true); + +#endif // XP_MACOSX + +#ifdef ANDROID + // Handled differently under Mac/Windows + pref("network.protocol-handler.warn-external.file", false); + pref("browser.drag_out_of_frame_style", 1); + + // Middle-mouse handling + pref("middlemouse.paste", true); + pref("middlemouse.openNewWindow", true); + pref("middlemouse.scrollbarPosition", true); + + // Tab focus model bit field: + // 1 focuses text controls, 2 focuses other form elements, 4 adds links. + // Leave this at the default, 7, to match mozilla1.0-era user expectations. + // pref("accessibility.tabfocus", 1); + + pref("helpers.global_mime_types_file", "/etc/mime.types"); + pref("helpers.global_mailcap_file", "/etc/mailcap"); + pref("helpers.private_mime_types_file", "~/.mime.types"); + pref("helpers.private_mailcap_file", "~/.mailcap"); + + // Setting default_level_parent to true makes the default level for popup + // windows "top" instead of "parent". On GTK2 platform, this is implemented + // with override-redirect windows which is the normal way to implement + // temporary popup windows. Setting this to false would make the default + // level "parent" which is implemented with managed windows. + // A problem with using managed windows is that metacity sometimes deactivates + // the parent window when the managed popup is shown. + pref("ui.panel.default_level_parent", true); + + // Forward downloads with known OMA MIME types to Android's download manager + // instead of downloading them in the browser. + pref("browser.download.forward_oma_android_download_manager", false); + +#endif // ANDROID + +#if !defined(ANDROID) && !defined(XP_MACOSX) && defined(XP_UNIX) + // Handled differently under Mac/Windows + pref("network.protocol-handler.warn-external.file", false); + pref("browser.drag_out_of_frame_style", 1); + + // Middle-mouse handling + pref("middlemouse.paste", true); + pref("middlemouse.openNewWindow", true); + pref("middlemouse.scrollbarPosition", true); + + // Tab focus model bit field: + // 1 focuses text controls, 2 focuses other form elements, 4 adds links. + // Leave this at the default, 7, to match mozilla1.0-era user expectations. + // pref("accessibility.tabfocus", 1); + + pref("helpers.global_mime_types_file", "/etc/mime.types"); + pref("helpers.global_mailcap_file", "/etc/mailcap"); + pref("helpers.private_mime_types_file", "~/.mime.types"); + pref("helpers.private_mailcap_file", "~/.mailcap"); + + // font names + + // fontconfig doesn't support emoji yet + // https://lists.freedesktop.org/archives/fontconfig/2016-October/005842.html + pref("font.name-list.emoji", "Twemoji Mozilla"); + + pref("font.name-list.serif.ar", "serif"); + pref("font.name-list.sans-serif.ar", "sans-serif"); + pref("font.name-list.monospace.ar", "monospace"); + pref("font.name-list.cursive.ar", "cursive"); + pref("font.size.monospace.ar", 12); + + pref("font.name-list.serif.el", "serif"); + pref("font.name-list.sans-serif.el", "sans-serif"); + pref("font.name-list.monospace.el", "monospace"); + pref("font.name-list.cursive.el", "cursive"); + pref("font.size.monospace.el", 12); + + pref("font.name-list.serif.he", "serif"); + pref("font.name-list.sans-serif.he", "sans-serif"); + pref("font.name-list.monospace.he", "monospace"); + pref("font.name-list.cursive.he", "cursive"); + pref("font.size.monospace.he", 12); + + pref("font.name-list.serif.ja", "serif"); + pref("font.name-list.sans-serif.ja", "sans-serif"); + pref("font.name-list.monospace.ja", "monospace"); + pref("font.name-list.cursive.ja", "cursive"); + + pref("font.name-list.serif.ko", "serif"); + pref("font.name-list.sans-serif.ko", "sans-serif"); + pref("font.name-list.monospace.ko", "monospace"); + pref("font.name-list.cursive.ko", "cursive"); + + pref("font.name-list.serif.th", "serif"); + pref("font.name-list.sans-serif.th", "sans-serif"); + pref("font.name-list.monospace.th", "monospace"); + pref("font.name-list.cursive.th", "cursive"); + pref("font.minimum-size.th", 13); + + pref("font.name-list.serif.x-armn", "serif"); + pref("font.name-list.sans-serif.x-armn", "sans-serif"); + pref("font.name-list.monospace.x-armn", "monospace"); + pref("font.name-list.cursive.x-armn", "cursive"); + + pref("font.name-list.serif.x-beng", "serif"); + pref("font.name-list.sans-serif.x-beng", "sans-serif"); + pref("font.name-list.monospace.x-beng", "monospace"); + pref("font.name-list.cursive.x-beng", "cursive"); + + pref("font.name-list.serif.x-cans", "serif"); + pref("font.name-list.sans-serif.x-cans", "sans-serif"); + pref("font.name-list.monospace.x-cans", "monospace"); + pref("font.name-list.cursive.x-cans", "cursive"); + + pref("font.name-list.serif.x-cyrillic", "serif"); + pref("font.name-list.sans-serif.x-cyrillic", "sans-serif"); + pref("font.name-list.monospace.x-cyrillic", "monospace"); + pref("font.name-list.cursive.x-cyrillic", "cursive"); + pref("font.size.monospace.x-cyrillic", 12); + + pref("font.name-list.serif.x-devanagari", "serif"); + pref("font.name-list.sans-serif.x-devanagari", "sans-serif"); + pref("font.name-list.monospace.x-devanagari", "monospace"); + pref("font.name-list.cursive.x-devanagari", "cursive"); + + pref("font.name-list.serif.x-ethi", "serif"); + pref("font.name-list.sans-serif.x-ethi", "sans-serif"); + pref("font.name-list.monospace.x-ethi", "monospace"); + pref("font.name-list.cursive.x-ethi", "cursive"); + + pref("font.name-list.serif.x-geor", "serif"); + pref("font.name-list.sans-serif.x-geor", "sans-serif"); + pref("font.name-list.monospace.x-geor", "monospace"); + pref("font.name-list.cursive.x-geor", "cursive"); + + pref("font.name-list.serif.x-gujr", "serif"); + pref("font.name-list.sans-serif.x-gujr", "sans-serif"); + pref("font.name-list.monospace.x-gujr", "monospace"); + pref("font.name-list.cursive.x-gujr", "cursive"); + + pref("font.name-list.serif.x-guru", "serif"); + pref("font.name-list.sans-serif.x-guru", "sans-serif"); + pref("font.name-list.monospace.x-guru", "monospace"); + pref("font.name-list.cursive.x-guru", "cursive"); + + pref("font.name-list.serif.x-khmr", "serif"); + pref("font.name-list.sans-serif.x-khmr", "sans-serif"); + pref("font.name-list.monospace.x-khmr", "monospace"); + pref("font.name-list.cursive.x-khmr", "cursive"); + + pref("font.name-list.serif.x-knda", "serif"); + pref("font.name-list.sans-serif.x-knda", "sans-serif"); + pref("font.name-list.monospace.x-knda", "monospace"); + pref("font.name-list.cursive.x-knda", "cursive"); + + pref("font.name-list.serif.x-mlym", "serif"); + pref("font.name-list.sans-serif.x-mlym", "sans-serif"); + pref("font.name-list.monospace.x-mlym", "monospace"); + pref("font.name-list.cursive.x-mlym", "cursive"); + + pref("font.name-list.serif.x-orya", "serif"); + pref("font.name-list.sans-serif.x-orya", "sans-serif"); + pref("font.name-list.monospace.x-orya", "monospace"); + pref("font.name-list.cursive.x-orya", "cursive"); + + pref("font.name-list.serif.x-sinh", "serif"); + pref("font.name-list.sans-serif.x-sinh", "sans-serif"); + pref("font.name-list.monospace.x-sinh", "monospace"); + pref("font.name-list.cursive.x-sinh", "cursive"); + + pref("font.name-list.serif.x-tamil", "serif"); + pref("font.name-list.sans-serif.x-tamil", "sans-serif"); + pref("font.name-list.monospace.x-tamil", "monospace"); + pref("font.name-list.cursive.x-tamil", "cursive"); + + pref("font.name-list.serif.x-telu", "serif"); + pref("font.name-list.sans-serif.x-telu", "sans-serif"); + pref("font.name-list.monospace.x-telu", "monospace"); + pref("font.name-list.cursive.x-telu", "cursive"); + + pref("font.name-list.serif.x-tibt", "serif"); + pref("font.name-list.sans-serif.x-tibt", "sans-serif"); + pref("font.name-list.monospace.x-tibt", "monospace"); + pref("font.name-list.cursive.x-tibt", "cursive"); + + pref("font.name-list.serif.x-unicode", "serif"); + pref("font.name-list.sans-serif.x-unicode", "sans-serif"); + pref("font.name-list.monospace.x-unicode", "monospace"); + pref("font.name-list.cursive.x-unicode", "cursive"); + pref("font.size.monospace.x-unicode", 12); + + pref("font.name-list.serif.x-western", "serif"); + pref("font.name-list.sans-serif.x-western", "sans-serif"); + pref("font.name-list.monospace.x-western", "monospace"); + pref("font.name-list.cursive.x-western", "cursive"); + pref("font.size.monospace.x-western", 12); + + pref("font.name-list.serif.zh-CN", "serif"); + pref("font.name-list.sans-serif.zh-CN", "sans-serif"); + pref("font.name-list.monospace.zh-CN", "monospace"); + pref("font.name-list.cursive.zh-CN", "cursive"); + + pref("font.name-list.serif.zh-HK", "serif"); + pref("font.name-list.sans-serif.zh-HK", "sans-serif"); + pref("font.name-list.monospace.zh-HK", "monospace"); + pref("font.name-list.cursive.zh-HK", "cursive"); + + pref("font.name-list.serif.zh-TW", "serif"); + pref("font.name-list.sans-serif.zh-TW", "sans-serif"); + pref("font.name-list.monospace.zh-TW", "monospace"); + pref("font.name-list.cursive.zh-TW", "cursive"); + + // On GTK2 platform, we should use topmost window level for the default window + // level of <panel> element of XUL. GTK2 has only two window types. One is + // normal top level window, other is popup window. The popup window is always + // topmost window level, therefore, we are using normal top level window for + // non-topmost panel, but it is pretty hacky. On some Window Managers, we have + // 2 problems: + // 1. The non-topmost panel steals focus from its parent window at showing. + // 2. The parent of non-topmost panel is not activated when the panel is hidden. + // So, we have no reasons we should use non-toplevel window for popup. + pref("ui.panel.default_level_parent", true); + + pref("intl.ime.use_simple_context_on_password_field", false); + + // uim may use key snooper to listen to key events. Unfortunately, we cannot + // know whether it uses or not since it's a build option. So, we need to make + // distribution switchable whether we think uim uses key snooper or not with + // this pref. Debian 9.x still uses uim as their default IM and it uses key + // snooper. So, let's use true for its default value. + pref("intl.ime.hack.uim.using_key_snooper", true); + +#endif // !ANDROID && !XP_MACOSX && XP_UNIX + +#if defined(ANDROID) + + pref("font.size.monospace.ar", 12); + + pref("font.default.el", "sans-serif"); + pref("font.size.monospace.el", 12); + + pref("font.size.monospace.he", 12); + + pref("font.default.x-cyrillic", "sans-serif"); + pref("font.size.monospace.x-cyrillic", 12); + + pref("font.default.x-unicode", "sans-serif"); + pref("font.size.monospace.x-unicode", 12); + + pref("font.default.x-western", "sans-serif"); + pref("font.size.monospace.x-western", 12); + +#endif // ANDROID + +#if defined(ANDROID) + // We use the bundled Charis SIL Compact as serif font for Firefox for Android + + pref("font.name-list.emoji", "Noto Color Emoji"); + + pref("font.name-list.serif.ar", "Noto Naskh Arabic, Noto Serif, Droid Serif"); + pref("font.name-list.sans-serif.ar", "Noto Naskh Arabic, Roboto, Google Sans, Droid Sans"); + pref("font.name-list.monospace.ar", "Noto Naskh Arabic"); + + pref("font.name-list.serif.el", "Droid Serif, Noto Serif"); // not Charis SIL Compact, only has a few Greek chars + pref("font.name-list.sans-serif.el", "Roboto, Google Sans, Droid Sans"); + pref("font.name-list.monospace.el", "Droid Sans Mono"); + + pref("font.name-list.serif.he", "Droid Serif, Noto Serif, Noto Serif Hebrew"); + pref("font.name-list.sans-serif.he", "Roboto, Google Sans, Noto Sans Hebrew, Droid Sans Hebrew, Droid Sans, Arial"); + pref("font.name-list.monospace.he", "Droid Sans Mono"); + + pref("font.name-list.serif.ja", "Charis SIL Compact, Noto Serif CJK JP, Noto Serif, Droid Serif"); + pref("font.name-list.sans-serif.ja", "Roboto, Google Sans, Droid Sans, MotoyaLMaru, MotoyaLCedar, Noto Sans JP, Noto Sans CJK JP, SEC CJK JP, Droid Sans Japanese"); + pref("font.name-list.monospace.ja", "MotoyaLMaru, MotoyaLCedar, Noto Sans Mono CJK JP, SEC Mono CJK JP, Droid Sans Mono"); + + pref("font.name-list.serif.ko", "Charis SIL Compact, Noto Serif CJK KR, Noto Serif, Droid Serif, HYSerif"); + pref("font.name-list.sans-serif.ko", "Roboto, Google Sans, SmartGothic, NanumGothic, Noto Sans KR, Noto Sans CJK KR, SamsungKorean_v2.0, SEC CJK KR, DroidSansFallback, Droid Sans Fallback"); + pref("font.name-list.monospace.ko", "Droid Sans Mono, Noto Sans Mono CJK KR, SEC Mono CJK KR"); + + pref("font.name-list.serif.th", "Charis SIL Compact, Noto Serif, Noto Serif Thai, Droid Serif"); + pref("font.name-list.sans-serif.th", "Roboto, Google Sans, Noto Sans Thai, Droid Sans Thai, Droid Sans"); + pref("font.name-list.monospace.th", "Droid Sans Mono"); + + pref("font.name-list.serif.x-armn", "Noto Serif Armenian"); + pref("font.name-list.sans-serif.x-armn", "Noto Sans Armenian"); + + pref("font.name-list.serif.x-beng", "Noto Serif Bengali"); + pref("font.name-list.sans-serif.x-beng", "Noto Sans Bengali"); + + pref("font.name-list.serif.x-cyrillic", "Charis SIL Compact, Noto Serif, Droid Serif"); + pref("font.name-list.sans-serif.x-cyrillic", "Roboto, Google Sans, Droid Sans"); + pref("font.name-list.monospace.x-cyrillic", "Droid Sans Mono"); + + pref("font.name-list.serif.x-devanagari", "Noto Serif Devanagari"); + pref("font.name-list.sans-serif.x-devanagari", "Noto Sans Devanagari"); + + pref("font.name-list.serif.x-ethi", "Noto Serif Ethiopic"); + pref("font.name-list.sans-serif.x-ethi", "Noto Sans Ethiopic"); + + pref("font.name-list.serif.x-geor", "Noto Serif Georgian"); + pref("font.name-list.sans-serif.x-geor", "Noto Sans Georgian"); + + pref("font.name-list.serif.x-gujr", "Noto Serif Gujarati"); + pref("font.name-list.sans-serif.x-gujr", "Noto Sans Gujarati"); + + pref("font.name-list.serif.x-guru", "Noto Serif Gurmukhi"); + pref("font.name-list.sans-serif.x-guru", "Noto Sans Gurmukhi"); + + pref("font.name-list.serif.x-khmr", "Noto Serif Khmer"); + pref("font.name-list.sans-serif.x-khmr", "Noto Sans Khmer"); + + pref("font.name-list.serif.x-knda", "Noto Serif Kannada"); + pref("font.name-list.sans-serif.x-knda", "Noto Sans Kannada"); + + pref("font.name-list.serif.x-mlym", "Noto Serif Malayalam"); + pref("font.name-list.sans-serif.x-mlym", "Noto Sans Malayalam"); + + pref("font.name-list.sans-serif.x-orya", "Noto Sans Oriya"); + + pref("font.name-list.serif.x-sinh", "Noto Serif Sinhala"); + pref("font.name-list.sans-serif.x-sinh", "Noto Sans Sinhala"); + + pref("font.name-list.serif.x-tamil", "Noto Serif Tamil"); + pref("font.name-list.sans-serif.x-tamil", "Noto Sans Tamil"); + + pref("font.name-list.serif.x-telu", "Noto Serif Telugu"); + pref("font.name-list.sans-serif.x-telu", "Noto Sans Telugu"); + + pref("font.name-list.serif.x-tibt", "Noto Serif Tibetan"); + pref("font.name-list.sans-serif.x-tibt", "Noto Sans Tibetan"); + + pref("font.name-list.serif.x-unicode", "Charis SIL Compact, Noto Serif, Droid Serif"); + pref("font.name-list.sans-serif.x-unicode", "Roboto, Google Sans, Droid Sans"); + pref("font.name-list.monospace.x-unicode", "Droid Sans Mono"); + + pref("font.name-list.serif.x-western", "Charis SIL Compact, Noto Serif, Droid Serif"); + pref("font.name-list.sans-serif.x-western", "Roboto, Google Sans, Droid Sans"); + pref("font.name-list.monospace.x-western", "Droid Sans Mono"); + + pref("font.name-list.serif.zh-CN", "Charis SIL Compact, Noto Serif CJK SC, Noto Serif, Droid Serif, Droid Sans Fallback"); + pref("font.name-list.sans-serif.zh-CN", "Roboto, Google Sans, Droid Sans, Noto Sans SC, Noto Sans CJK SC, SEC CJK SC, Droid Sans Fallback"); + pref("font.name-list.monospace.zh-CN", "Droid Sans Mono, Noto Sans Mono CJK SC, SEC Mono CJK SC, Droid Sans Fallback"); + + pref("font.name-list.serif.zh-HK", "Charis SIL Compact, Noto Serif CJK TC, Noto Serif, Droid Serif, Droid Sans Fallback"); + pref("font.name-list.sans-serif.zh-HK", "Roboto, Google Sans, Droid Sans, Noto Sans TC, Noto Sans SC, Noto Sans CJK TC, SEC CJK TC, Droid Sans Fallback"); + pref("font.name-list.monospace.zh-HK", "Droid Sans Mono, Noto Sans Mono CJK TC, SEC Mono CJK TC, Droid Sans Fallback"); + + pref("font.name-list.serif.zh-TW", "Charis SIL Compact, Noto Serif CJK TC, Noto Serif, Droid Serif, Droid Sans Fallback"); + pref("font.name-list.sans-serif.zh-TW", "Roboto, Google Sans, Droid Sans, Noto Sans TC, Noto Sans SC, Noto Sans CJK TC, SEC CJK TC, Droid Sans Fallback"); + pref("font.name-list.monospace.zh-TW", "Droid Sans Mono, Noto Sans Mono CJK TC, SEC Mono CJK TC, Droid Sans Fallback"); + + pref("font.name-list.serif.x-math", "Latin Modern Math, STIX Two Math, XITS Math, Cambria Math, Libertinus Math, DejaVu Math TeX Gyre, TeX Gyre Bonum Math, TeX Gyre Pagella Math, TeX Gyre Schola, TeX Gyre Termes Math, STIX Math, Asana Math, STIXGeneral, DejaVu Serif, DejaVu Sans, Charis SIL Compact"); + pref("font.name-list.sans-serif.x-math", "Roboto, Google Sans"); + pref("font.name-list.monospace.x-math", "Droid Sans Mono"); + +#endif + +#if OS_ARCH==AIX + + // Override default Japanese fonts + pref("font.name-list.serif.ja", "dt-interface system-jisx0208.1983-0"); + pref("font.name-list.sans-serif.ja", "dt-interface system-jisx0208.1983-0"); + pref("font.name-list.monospace.ja", "dt-interface user-jisx0208.1983-0"); + + // Override default Cyrillic fonts + pref("font.name-list.serif.x-cyrillic", "dt-interface system-iso8859-5"); + pref("font.name-list.sans-serif.x-cyrillic", "dt-interface system-iso8859-5"); + pref("font.name-list.monospace.x-cyrillic", "dt-interface user-iso8859-5"); + + // Override default Unicode fonts + pref("font.name-list.serif.x-unicode", "dt-interface system-ucs2.cjk_japan-0"); + pref("font.name-list.sans-serif.x-unicode", "dt-interface system-ucs2.cjk_japan-0"); + pref("font.name-list.monospace.x-unicode", "dt-interface user-ucs2.cjk_japan-0"); + +#endif // AIX + +// Login Manager prefs +pref("signon.rememberSignons", true); +pref("signon.rememberSignons.visibilityToggle", true); +pref("signon.autofillForms", true); +pref("signon.autofillForms.autocompleteOff", true); +pref("signon.autofillForms.http", false); +pref("signon.autologin.proxy", false); +pref("signon.capture.inputChanges.enabled", true); +pref("signon.formlessCapture.enabled", true); +pref("signon.formRemovalCapture.enabled", true); +pref("signon.generation.available", true); +pref("signon.improvedPasswordRules.enabled", true); +pref("signon.backup.enabled", true); +pref("signon.generation.confidenceThreshold", "0.75"); +pref("signon.generation.enabled", true); +pref("signon.passwordEditCapture.enabled", false); +pref("signon.privateBrowsingCapture.enabled", true); +pref("signon.storeWhenAutocompleteOff", true); +pref("signon.userInputRequiredToCapture.enabled", true); +pref("signon.usernameOnlyForm.lookupThreshold", 5); +pref("signon.debug", false); +pref("signon.recipes.path", "resource://app/defaults/settings/main/password-recipes.json"); +pref("signon.recipes.remoteRecipes.enabled", true); +pref("signon.relatedRealms.enabled", false); +pref("signon.schemeUpgrades", true); +pref("signon.includeOtherSubdomainsInLookup", true); +// This temporarily prevents the primary password to reprompt for autocomplete. +pref("signon.masterPasswordReprompt.timeout_ms", 900000); // 15 Minutes +pref("signon.showAutoCompleteFooter", false); +pref("signon.firefoxRelay.base_url", "https://relay.firefox.com/api/v1/"); +pref("signon.firefoxRelay.learn_more_url", "https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration"); +pref("signon.firefoxRelay.manage_url", "https://relay.firefox.com"); +pref("signon.firefoxRelay.terms_of_service_url", "https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/"); +pref("signon.firefoxRelay.privacy_policy_url", "https://www.mozilla.org/%LOCALE%/privacy/subscription-services/"); +pref("signon.signupDetection.confidenceThreshold", "0.75"); +pref("signon.signupDetection.enabled", true); + +// Satchel (Form Manager) prefs +pref("browser.formfill.debug", false); +pref("browser.formfill.enable", true); +pref("browser.formfill.expire_days", 180); +pref("browser.formfill.agedWeight", 2); +pref("browser.formfill.bucketSize", 1); +pref("browser.formfill.maxTimeGroupings", 25); +pref("browser.formfill.timeGroupingSize", 604800); +pref("browser.formfill.boundaryWeight", 25); +pref("browser.formfill.prefixWeight", 5); + +// Zoom prefs +pref("browser.zoom.full", false); +pref("toolkit.zoomManager.zoomValues", ".3,.5,.67,.8,.9,1,1.1,1.2,1.33,1.5,1.7,2,2.4,3,4,5"); + +// +// Image-related prefs +// + +// By default the Accept header sent for images loaded over HTTP(S) is derived +// by ImageAcceptHeader() in nsHttpHandler.cpp. If set, this pref overrides it. +// There is also network.http.accept which works in scope of document. +pref("image.http.accept", ""); + +// sendbuffer of 0 means use OS default, sendbuffer unset means use +// gecko default which varies depending on windows version and is OS +// default on non windows +// pref("network.tcp.sendbuffer", 0); + +// TCP Keepalive +pref("network.tcp.keepalive.enabled", true); +// Default idle time before first TCP keepalive probe; same time for interval +// between successful probes. Can be overridden in socket transport API. +// Win, Linux and Mac. +pref("network.tcp.keepalive.idle_time", 600); // seconds; 10 mins +// Default timeout for retransmission of unack'd keepalive probes. +// Win and Linux only; not configurable on Mac. +#if defined(XP_UNIX) && !defined(XP_MACOSX) || defined(XP_WIN) + pref("network.tcp.keepalive.retry_interval", 1); // seconds +#endif +// Default maximum probe retransmissions. +// Linux only; not configurable on Win and Mac; fixed at 10 and 8 respectively. +#if defined(XP_UNIX) && !defined(XP_MACOSX) + pref("network.tcp.keepalive.probe_count", 4); +#endif + +// This pref controls if we send the "public-suffix-list-updated" notification +// from PublicSuffixList.onUpdate() - Doing so would cause the PSL graph to +// be updated while Firefox is running which may cause principals to have an +// inconsistent state. See bug 1582647 comment 30 +pref("network.psl.onUpdate_notify", false); + +#ifdef MOZ_WIDGET_GTK + pref("widget.disable-workspace-management", false); + pref("widget.titlebar-x11-use-shape-mask", false); +#endif + +// All the Geolocation preferences are here. +// +#ifndef EARLY_BETA_OR_EARLIER + pref("geo.provider.network.url", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%"); +#else + // Use MLS on Nightly and early Beta. + pref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); +#endif + +// Timeout to wait before sending the location request. +pref("geo.provider.network.timeToWaitBeforeSending", 5000); +// Timeout for outbound network geolocation provider. +pref("geo.provider.network.timeout", 60000); + +#ifdef XP_MACOSX + pref("geo.provider.use_corelocation", true); +#endif + +// Set to false if things are really broken. +#ifdef XP_WIN + pref("geo.provider.ms-windows-location", true); +#endif + +#if defined(MOZ_WIDGET_GTK) && defined(MOZ_GPSD) + pref("geo.provider.use_gpsd", true); +#endif + +// Region +pref("browser.region.log", false); +pref("browser.region.network.url", "https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%"); +// Include wifi data in region request. +pref("browser.region.network.scan", false); +// Timeout for whole region request. +pref("browser.region.timeout", 5000); +pref("browser.region.update.enabled", true); + +// Enable/Disable the device storage API for content +pref("device.storage.enabled", false); + +pref("browser.meta_refresh_when_inactive.disabled", false); + +// XPInstall prefs +pref("xpinstall.whitelist.required", true); +// Only Firefox requires add-on signatures +pref("xpinstall.signatures.required", false); +pref("extensions.langpacks.signatures.required", false); +pref("extensions.webExtensionsMinPlatformVersion", "42.0a1"); +pref("extensions.experiments.enabled", true); + +// Other webextensions prefs +pref("extensions.webextensions.keepStorageOnUninstall", false); +pref("extensions.webextensions.keepUuidOnUninstall", false); +// Redirect basedomain used by identity api +pref("extensions.webextensions.identity.redirectDomain", "extensions.allizom.org"); +pref("extensions.webextensions.restrictedDomains", "accounts-static.cdn.mozilla.net,accounts.firefox.com,addons.cdn.mozilla.net,addons.mozilla.org,api.accounts.firefox.com,content.cdn.mozilla.net,discovery.addons.mozilla.org,install.mozilla.org,oauth.accounts.firefox.com,profile.accounts.firefox.com,support.mozilla.org,sync.services.mozilla.com"); + +// Extensions are prevented from accessing Quarantined Domains by default. +pref("extensions.quarantinedDomains.enabled", true); +pref("extensions.quarantinedDomains.list", ""); + +// Whether or not the moz-extension resource loads are remoted. For debugging +// purposes only. Setting this to false will break moz-extension URI loading +// unless other process sandboxing and extension remoting prefs are changed. +pref("extensions.webextensions.protocol.remote", true); + +// Enable userScripts API by default. +pref("extensions.webextensions.userScripts.enabled", true); + +// Whether or not the installed extensions should be migrated to the storage.local IndexedDB backend. +pref("extensions.webextensions.ExtensionStorageIDB.enabled", true); + +// if enabled, store execution times for API calls +pref("extensions.webextensions.enablePerformanceCounters", true); + +// Maximum age in milliseconds of performance counters in children +// When reached, the counters are sent to the main process and +// reset, so we reduce memory footprint. +pref("extensions.webextensions.performanceCountersMaxAge", 5000); + +// Whether to allow the inline options browser in HTML about:addons page. +pref("extensions.htmlaboutaddons.inline-options.enabled", true); +// Show recommendations on the extension and theme list views. +pref("extensions.htmlaboutaddons.recommendations.enabled", true); + +// The URL for the privacy policy related to recommended add-ons. +pref("extensions.recommendations.privacyPolicyUrl", ""); +// The URL for a recommended theme, shown on the theme page in about:addons. +pref("extensions.recommendations.themeRecommendationUrl", ""); + +// Report Site Issue button +// Note that on enabling the button in other release channels, make sure to +// disable it in problematic tests, see disableNonReleaseActions() inside +// browser/modules/test/browser/head.js +pref("extensions.webcompat-reporter.newIssueEndpoint", "https://webcompat.com/issues/new"); +#if MOZ_UPDATE_CHANNEL != release && MOZ_UPDATE_CHANNEL != esr + pref("extensions.webcompat-reporter.enabled", true); +#else + pref("extensions.webcompat-reporter.enabled", false); +#endif + +// Add-on content security policies. +pref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* http://localhost:* http://127.0.0.1:* moz-extension: blob: filesystem: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';"); +pref("extensions.webextensions.base-content-security-policy.v3", "script-src 'self' 'wasm-unsafe-eval';"); +pref("extensions.webextensions.default-content-security-policy", "script-src 'self' 'wasm-unsafe-eval';"); +pref("extensions.webextensions.default-content-security-policy.v3", "script-src 'self'; upgrade-insecure-requests;"); + + +pref("network.buffer.cache.count", 24); +pref("network.buffer.cache.size", 32768); + +// Web Notification +pref("dom.webnotifications.requireinteraction.count", 3); + +// Show favicons in web notifications. +pref("alerts.showFavicons", false); + +// DOM full-screen API. +#ifdef XP_MACOSX + // Whether to use macOS native full screen for Fullscreen API + pref("full-screen-api.macos-native-full-screen", false); +#endif +// transition duration of fade-to-black and fade-from-black, unit: ms +#ifndef MOZ_WIDGET_GTK + pref("full-screen-api.transition-duration.enter", "200 200"); + pref("full-screen-api.transition-duration.leave", "200 200"); +#else + pref("full-screen-api.transition-duration.enter", "0 0"); + pref("full-screen-api.transition-duration.leave", "0 0"); +#endif +// timeout for black screen in fullscreen transition, unit: ms +pref("full-screen-api.transition.timeout", 1000); +// time for the warning box stays on the screen before sliding out, unit: ms +pref("full-screen-api.warning.timeout", 3000); +// delay for the warning box to show when pointer stays on the top, unit: ms +pref("full-screen-api.warning.delay", 500); + +// DOM pointerlock API +// time for the warning box stays on the screen before sliding out, unit: ms +pref("pointer-lock-api.warning.timeout", 3000); + +// Push + +pref("dom.push.loglevel", "Error"); + +pref("dom.push.serverURL", "wss://push.services.mozilla.com/"); +pref("dom.push.userAgentID", ""); + +// The maximum number of push messages that a service worker can receive +// without user interaction. +pref("dom.push.maxQuotaPerSubscription", 16); + +// The maximum number of recent message IDs to store for each push +// subscription, to avoid duplicates for unacknowledged messages. +pref("dom.push.maxRecentMessageIDsPerSubscription", 10); + +// The delay between receiving a push message and updating the quota for a +// subscription. +pref("dom.push.quotaUpdateDelay", 3000); // 3 seconds + +// Is the network connection allowed to be up? +// This preference should be used in UX to enable/disable push. +pref("dom.push.connection.enabled", true); + +// Exponential back-off start is 5 seconds like in HTTP/1.1. +// Maximum back-off is pingInterval. +pref("dom.push.retryBaseInterval", 5000); + +// Interval at which to ping PushServer to check connection status. In +// milliseconds. If no reply is received within requestTimeout, the connection +// is considered closed. +pref("dom.push.pingInterval", 1800000); // 30 minutes + +// How long before we timeout +pref("dom.push.requestTimeout", 10000); + +// WebPush prefs: +pref("dom.push.http2.reset_retry_count_after_ms", 60000); +pref("dom.push.http2.maxRetries", 2); +pref("dom.push.http2.retryInterval", 5000); + +// How long must we wait before declaring that a window is a "ghost" (i.e., a +// likely leak)? This should be longer than it usually takes for an eligible +// window to be collected via the GC/CC. +pref("memory.ghost_window_timeout_seconds", 60); + +// Don't dump memory reports on OOM, by default. +pref("memory.dump_reports_on_oom", false); + +// Number of stack frames to capture in createObjectURL for about:memory. +pref("memory.blob_report.stack_frames", 0); + +// Activates the activity monitor +pref("io.activity.enabled", false); + +// path to OSVR DLLs +pref("gfx.vr.osvr.utilLibPath", ""); +pref("gfx.vr.osvr.commonLibPath", ""); +pref("gfx.vr.osvr.clientLibPath", ""); +pref("gfx.vr.osvr.clientKitLibPath", ""); + +// nsMemoryInfoDumper can watch a fifo in the temp directory and take various +// actions when the fifo is written to. Disable this in general. +pref("memory_info_dumper.watch_fifo.enabled", false); + +// If minInterval is 0, the check will only happen +// when the service has a strong suspicion we are in a captive portal +pref("network.captive-portal-service.minInterval", 60000); // 60 seconds +pref("network.captive-portal-service.maxInterval", 1500000); // 25 minutes +// Every 10 checks, the delay is increased by a factor of 5 +pref("network.captive-portal-service.backoffFactor", "5.0"); +pref("network.captive-portal-service.enabled", false); + +pref("network.connectivity-service.enabled", true); +pref("network.connectivity-service.DNSv4.domain", "example.org"); +pref("network.connectivity-service.DNSv6.domain", "example.org"); +pref("network.connectivity-service.IPv4.url", "http://detectportal.firefox.com/success.txt?ipv4"); +pref("network.connectivity-service.IPv6.url", "http://detectportal.firefox.com/success.txt?ipv6"); + +pref("network.trr.uri", ""); +// credentials to pass to DOH end-point +pref("network.trr.credentials", ""); +pref("network.trr.custom_uri", ""); +// Before TRR is widely used the NS record for this host is fetched +// from the DOH end point to ensure proper configuration +pref("network.trr.confirmationNS", "example.com"); +// Comma separated list of domains that we should not use TRR for +pref("network.trr.excluded-domains", ""); +pref("network.trr.builtin-excluded-domains", "localhost,local"); +// Whether the checkbox to display a fallback warning error page is visible in about:preferences#privacy +pref("network.trr_ui.show_fallback_warning_option", false); + +pref("captivedetect.canonicalURL", "http://detectportal.firefox.com/canonical.html"); +pref("captivedetect.canonicalContent", "<meta http-equiv=\"refresh\" content=\"0;url=https://support.mozilla.org/kb/captive-portal\"/>"); +pref("captivedetect.maxWaitingTime", 5000); +pref("captivedetect.pollingTime", 3000); +pref("captivedetect.maxRetryCount", 5); + +// The tables used for Safebrowsing phishing and malware checks +pref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,moztest-harmful-simple,moztest-malware-simple,moztest-unwanted-simple"); +#ifdef MOZILLA_OFFICIAL + // In official builds, we are allowed to use Google's private phishing + // list (see bug 1288840). + pref("urlclassifier.phishTable", "goog-phish-proto,moztest-phish-simple"); +#else + pref("urlclassifier.phishTable", "googpub-phish-proto,moztest-phish-simple"); +#endif + +// Tables for application reputation +pref("urlclassifier.downloadAllowTable", "goog-downloadwhite-proto"); +pref("urlclassifier.downloadBlockTable", "goog-badbinurl-proto"); + +// Tables for login reputation +pref("urlclassifier.passwordAllowTable", "goog-passwordwhite-proto"); + +// Tables for anti-tracking features +pref("urlclassifier.trackingAnnotationTable", "moztest-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256,content-track-digest256"); +pref("urlclassifier.trackingAnnotationWhitelistTable", "moztest-trackwhite-simple,mozstd-trackwhite-digest256,google-trackwhite-digest256"); +pref("urlclassifier.trackingTable", "moztest-track-simple,ads-track-digest256,social-track-digest256,analytics-track-digest256"); +pref("urlclassifier.trackingWhitelistTable", "moztest-trackwhite-simple,mozstd-trackwhite-digest256,google-trackwhite-digest256"); + +pref("urlclassifier.features.fingerprinting.blacklistTables", "base-fingerprinting-track-digest256"); +pref("urlclassifier.features.fingerprinting.whitelistTables", "mozstd-trackwhite-digest256,google-trackwhite-digest256"); +pref("urlclassifier.features.fingerprinting.annotate.blacklistTables", "base-fingerprinting-track-digest256"); +pref("urlclassifier.features.fingerprinting.annotate.whitelistTables", "mozstd-trackwhite-digest256,google-trackwhite-digest256"); +pref("urlclassifier.features.cryptomining.blacklistTables", "base-cryptomining-track-digest256"); +pref("urlclassifier.features.cryptomining.whitelistTables", "mozstd-trackwhite-digest256"); +pref("urlclassifier.features.cryptomining.annotate.blacklistTables", "base-cryptomining-track-digest256"); +pref("urlclassifier.features.cryptomining.annotate.whitelistTables", "mozstd-trackwhite-digest256"); +pref("urlclassifier.features.socialtracking.blacklistTables", "social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256"); +pref("urlclassifier.features.socialtracking.whitelistTables", "mozstd-trackwhite-digest256,google-trackwhite-digest256"); +pref("urlclassifier.features.socialtracking.annotate.blacklistTables", "social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256"); +pref("urlclassifier.features.socialtracking.annotate.whitelistTables", "mozstd-trackwhite-digest256,google-trackwhite-digest256"); +pref("urlclassifier.features.emailtracking.blocklistTables", "base-email-track-digest256"); +pref("urlclassifier.features.emailtracking.allowlistTables", "mozstd-trackwhite-digest256"); +pref("urlclassifier.features.emailtracking.datacollection.blocklistTables", "base-email-track-digest256,content-email-track-digest256"); +pref("urlclassifier.features.emailtracking.datacollection.allowlistTables", "mozstd-trackwhite-digest256"); + +// These tables will never trigger a gethash call. +pref("urlclassifier.disallow_completions", "goog-downloadwhite-digest256,base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,goog-passwordwhite-proto,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256,social-tracking-protection-digest256,social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256,base-email-track-digest256,content-email-track-digest256"); + +// Workaround for Google Recaptcha +pref("urlclassifier.trackingAnnotationSkipURLs", "google.com/recaptcha/,*.google.com/recaptcha/"); +pref("privacy.rejectForeign.allowList", ""); + +// The list of email webapp sites +pref("privacy.trackingprotection.emailtracking.webapp.domains", "mail.163.com,mail.aol.com,fastmail.com,webmail.gandi.net,mail.google.com,navigator-bs.gmx.com,app.hey.com,horde.org/apps/webmail,hushmail.com,icloud.com/mail,kolabnow.com,laposte.net/accueil,mail.lycos.com,mail.com/mail/,mail.ru,mailfence.com,outlook.live.com,email-postaci.com/,posteo.de,mail.protonmail.com,app.rackspace.com,mail.rediff.com,emailmg.ipage.com,runbox.com,mail.sina.com.cn,tutanota.com,mail.yahoo.com,mail.yandex.com,mail.zimbra.com,zoho.com/mail/"); + +// Number of random entries to send with a gethash request +pref("urlclassifier.gethashnoise", 4); + +// Gethash timeout for Safe Browsing +pref("urlclassifier.gethash.timeout_ms", 5000); + +// Name of the about: page to display Safe Browsing warnings (bug 399233) +pref("urlclassifier.alternate_error_page", "blocked"); + +// Enable safe-browsing debugging +pref("browser.safebrowsing.debug", false); + +// Allow users to ignore Safe Browsing warnings. +pref("browser.safebrowsing.allowOverride", true); + +// These names are approved by the Google Safe Browsing team. +// Any changes must be coordinated with them. +#ifdef MOZILLA_OFFICIAL + pref("browser.safebrowsing.id", "navclient-auto-ffox"); +#else + pref("browser.safebrowsing.id", "Firefox"); +#endif + +// Download protection +pref("browser.safebrowsing.downloads.enabled", true); +pref("browser.safebrowsing.downloads.remote.enabled", true); +pref("browser.safebrowsing.downloads.remote.timeout_ms", 15000); +pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%"); +pref("browser.safebrowsing.downloads.remote.block_dangerous", true); +pref("browser.safebrowsing.downloads.remote.block_dangerous_host", true); +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", true); +pref("browser.safebrowsing.downloads.remote.block_uncommon", true); + +// Android SafeBrowsing's configuration is in ContentBlocking.java, keep in sync. +#ifndef MOZ_WIDGET_ANDROID + +// Google Safe Browsing provider (legacy) +pref("browser.safebrowsing.provider.google.pver", "2.2"); +pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar"); +pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%"); +pref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2"); +pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); +pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?url="); +pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?url="); +pref("browser.safebrowsing.provider.google.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory"); +pref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing"); + +// Google Safe Browsing provider +pref("browser.safebrowsing.provider.google4.pver", "4"); +pref("browser.safebrowsing.provider.google4.lists", "goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto,goog-harmful-proto,goog-passwordwhite-proto"); +pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST"); +pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST"); +pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?site="); +pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?url="); +pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?url="); +pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory"); +pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing"); +pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST"); +pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); + +#endif // ifndef MOZ_WIDGET_ANDROID + +pref("browser.safebrowsing.reportPhishURL", "https://%LOCALE%.phish-report.mozilla.com/?url="); + +// Mozilla Safe Browsing provider (for tracking protection and plugin blocking) +pref("browser.safebrowsing.provider.mozilla.pver", "2.2"); +pref("browser.safebrowsing.provider.mozilla.lists", "base-track-digest256,mozstd-trackwhite-digest256,google-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256,social-tracking-protection-digest256,social-tracking-protection-facebook-digest256,social-tracking-protection-linkedin-digest256,social-tracking-protection-twitter-digest256,base-email-track-digest256,content-email-track-digest256"); +pref("browser.safebrowsing.provider.mozilla.updateURL", "https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2"); +pref("browser.safebrowsing.provider.mozilla.gethashURL", "https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2"); +// Set to a date in the past to force immediate download in new profiles. +pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1"); +// Block lists for tracking protection. The name values will be used as the keys +// to lookup the localized name in preferences.properties. +pref("browser.safebrowsing.provider.mozilla.lists.base", "moz-std"); +pref("browser.safebrowsing.provider.mozilla.lists.content", "moz-full"); + +// The table and global pref for blocking plugin content +pref("urlclassifier.blockedTable", "moztest-block-simple,mozplugin-block-digest256"); + +// Wakelock is disabled by default. +pref("dom.wakelock.enabled", false); + +#ifdef XP_MACOSX + #if !defined(RELEASE_OR_BETA) || defined(DEBUG) + // In non-release builds we crash by default on insecure text input (when a + // password editor has focus but secure event input isn't enabled). The + // following pref, when turned on, disables this behavior. See bug 1188425. + pref("intl.allow-insecure-text-input", false); + #endif +#endif // XP_MACOSX + +// Search service settings +pref("browser.search.log", false); +pref("browser.search.update", true); +pref("browser.search.suggest.enabled", true); +pref("browser.search.suggest.enabled.private", false); +pref("browser.search.separatePrivateDefault", true); +pref("browser.search.separatePrivateDefault.ui.enabled", false); +pref("browser.search.removeEngineInfobar.enabled", true); + +// GMPInstallManager prefs + +// User-settable override to media.gmp-manager.url for testing purposes. +//pref("media.gmp-manager.url.override", ""); + +// Update service URL for GMP install/updates: +pref("media.gmp-manager.url", "https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml"); + +// When |media.gmp-manager.checkContentSignature| is true, then the reply +// containing the update xml file is expected to provide a content signature +// header. Information from this header will be used to validate the response. +// If this header is not present, is malformed, or cannot be determined as +// valid then the update will fail. +// We should eventually remove this pref and any cert pinning code and make +// the content signature path the sole path. We retain this for now in case +// we need to debug content sig vs cert pin. +pref("media.gmp-manager.checkContentSignature", true); + +// When |media.gmp-manager.cert.requireBuiltIn| is true or not specified the +// final certificate and all certificates the connection is redirected to before +// the final certificate for the url specified in the |media.gmp-manager.url| +// preference must be built-in. The check related to this pref is not done if +// |media.gmp-manager.checkContentSignature| is set to true (the content +// signature check provides protection that supersedes the built in +// requirement). +pref("media.gmp-manager.cert.requireBuiltIn", true); + +// The |media.gmp-manager.certs.| preference branch contains branches that are +// sequentially numbered starting at 1 that contain attribute name / value +// pairs for the certificate used by the server that hosts the update xml file +// as specified in the |media.gmp-manager.url| preference. When these preferences are +// present the following conditions apply for a successful update check: +// 1. the uri scheme must be https +// 2. the preference name must exist as an attribute name on the certificate and +// the value for the name must be the same as the value for the attribute name +// on the certificate. +// If these conditions aren't met it will be treated the same as when there is +// no update available. This validation will not be performed when the +// |media.gmp-manager.url.override| user preference has been set for testing updates or +// when the |media.gmp-manager.cert.checkAttributes| preference is set to false. +// This check will also not be done if the |media.gmp-manager.checkContentSignature| +// pref is set to true. Also, the |media.gmp-manager.url.override| preference should +// ONLY be used for testing. +// IMPORTANT! app.update.certs.* prefs should also be updated if these +// are updated. +pref("media.gmp-manager.cert.checkAttributes", true); +pref("media.gmp-manager.certs.1.issuerName", "CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US"); +pref("media.gmp-manager.certs.1.commonName", "aus5.mozilla.org"); +pref("media.gmp-manager.certs.2.issuerName", "CN=thawte SSL CA - G2,O=\"thawte, Inc.\",C=US"); +pref("media.gmp-manager.certs.2.commonName", "aus5.mozilla.org"); + +// Whether or not to perform reader mode article parsing on page load. +// If this pref is disabled, we will never show a reader mode icon in the toolbar. +pref("reader.parse-on-load.enabled", true); + +// After what size document we don't bother running Readability on it +// because it'd slow things down too much +pref("reader.parse-node-limit", 3000); + +// Whether we include full URLs in browser console errors. This is disabled +// by default because some platforms will persist these, leading to privacy issues. +pref("reader.errors.includeURLs", false); + +// The default relative font size in reader mode (1-9) +pref("reader.font_size", 5); + +// The default relative content width in reader mode (1-9) +pref("reader.content_width", 3); + +// The default relative line height in reader mode (1-9) +pref("reader.line_height", 4); + +// The default color scheme in reader mode (light, dark, sepia, auto) +// auto = color automatically adjusts according to ambient light level +// (auto only works on platforms where the 'devicelight' event is enabled) +pref("reader.color_scheme", "auto"); + +// Color scheme values available in reader mode UI. +pref("reader.color_scheme.values", "[\"light\",\"dark\",\"sepia\",\"auto\"]"); + +// The font type in reader (sans-serif, serif) +pref("reader.font_type", "sans-serif"); + +// Whether or not the user has interacted with the reader mode toolbar. +// This is used to show a first-launch tip in reader mode. +pref("reader.has_used_toolbar", false); + +// Whether to use a vertical or horizontal toolbar. +pref("reader.toolbar.vertical", true); + +#if !defined(ANDROID) + pref("narrate.enabled", true); +#else + pref("narrate.enabled", false); +#endif + +pref("narrate.test", false); +pref("narrate.rate", 0); +pref("narrate.voice", " { \"default\": \"automatic\" }"); +// Only make voices that match content language available. +pref("narrate.filter-voices", true); + +pref("memory.report_concurrency", 10); + +pref("toolkit.pageThumbs.screenSizeDivisor", 7); +pref("toolkit.pageThumbs.minWidth", 0); +pref("toolkit.pageThumbs.minHeight", 0); + +pref("webextensions.tests", false); + +// 16MB default non-parseable upload limit for requestBody.raw.bytes +pref("webextensions.webRequest.requestBodyMaxRawBytes", 16777216); + +pref("webextensions.storage.sync.enabled", true); +// Should we use the old kinto-based implementation of storage.sync? To be removed in bug 1637465. +pref("webextensions.storage.sync.kinto", false); +// Server used by the old kinto-based implementation of storage.sync. +pref("webextensions.storage.sync.serverURL", "https://webextensions.settings.services.mozilla.com/v1"); + +// Allow customization of the fallback directory for file uploads +pref("dom.input.fallbackUploadDir", ""); + +// Turn rewriting of youtube embeds on/off +pref("plugins.rewrite_youtube_embeds", true); + +// Default media volume +pref("media.default_volume", "1.0"); + +pref("dom.storageManager.prompt.testing", false); +pref("dom.storageManager.prompt.testing.allow", false); + + +pref("browser.storageManager.pressureNotification.minIntervalMS", 1200000); +pref("browser.storageManager.pressureNotification.usageThresholdGB", 5); + +pref("browser.sanitizer.loglevel", "Warn"); + +// Enable Firefox translations powered by the Bergamot translations +// engine https://browser.mt/. See Bug 971044. Note that this pref can be turned +// on in different apps like Firefox Desktop, even if it's disabled by default here. +pref("browser.translations.enable", false); + +// Set to "All" to see all logs, which are useful for debugging. Set to "Info" to see +// the application logic logs, and not all of the translated messages, which can be +// slow and overwhelming. +pref("browser.translations.logLevel", "Error"); +// A comma-separated list of BCP-47 language tags that affect the behavior of translations. +// Languages listed in the alwaysTranslateLanguages list will trigger auto-translate on page load. +pref("browser.translations.alwaysTranslateLanguages", ""); +// A comma-separated list of BCP-47 language tags that affect the behavior of translations. +// Languages listed in the neverTranslateLanguages list will signal that the translations button +// and menus should not be displayed automatically when visiting pages in those languages. +pref("browser.translations.neverTranslateLanguages", ""); +// By default the translations engine on about:translations uses text for translation, +// and the full page translations uses HTML. Set this pref to true to use the HTML +// translation behavior on about:translations. Requires a page refresh. +pref("browser.translations.useHTML", false); +// Normally there is a UI to ask the user to translate a page, this pref makes it +// so that the page automatically performs a translation if one is detected as being +// required. +pref("browser.translations.autoTranslate", false); +// Simulate the behavior of using a device that does not support the translations engine. +// Requires restart. +pref("browser.translations.simulateUnsupportedEngine", false); +// The translations code relies on asynchronous network request. Chaos mode simulates +// flaky and slow network connections, so that the UI may be manually tested. The +// "chaos.errors" makes network requests fail, while "timeoutMS" randomly times out +// between 0ms and the timeoutMS provided. +pref("browser.translations.chaos.errors", false); +pref("browser.translations.chaos.timeoutMS", 0); + +// When a user cancels this number of authentication dialogs coming from +// a single web page in a row, all following authentication dialogs will +// be blocked (automatically canceled) for that page. The counter resets +// when the page is reloaded. +// To disable all auth prompting, set the limit to 0. +// To disable blocking of auth prompts, set the limit to -1. +pref("prompts.authentication_dialog_abuse_limit", 2); + +// The prompt type to use for http auth prompts +// content: 1, tab: 2, window: 3 +pref("prompts.modalType.httpAuth", 2); + +// Payment Request API preferences +pref("dom.payments.loglevel", "Warn"); +pref("dom.payments.defaults.saveCreditCard", false); +pref("dom.payments.defaults.saveAddress", true); +pref("dom.payments.request.supportedRegions", "US,CA"); + +#ifdef MOZ_ASAN_REPORTER + pref("asanreporter.apiurl", "https://anf1.fuzzing.mozilla.org/crashproxy/submit/"); + pref("asanreporter.clientid", "unknown"); + pref("toolkit.telemetry.overrideUpdateChannel", "nightly-asan"); +#endif + +// Control whether clients.openWindow() opens windows in the same process +// that called the API vs following our normal multi-process selection +// algorithm. Restricting openWindow to same process improves service worker +// web compat in the short term. Once the SW multi-e10s refactor is complete +// this can be removed. +pref("dom.clients.openwindow_favors_same_process", true); + +#ifdef RELEASE_OR_BETA + pref("toolkit.aboutPerformance.showInternals", false); +#else + pref("toolkit.aboutPerformance.showInternals", true); +#endif + +// If `true`, about:processes shows in-process subframes. +pref("toolkit.aboutProcesses.showAllSubframes", false); +// If `true`, about:processes shows thread information. +#ifdef NIGHTLY_BUILD + pref("toolkit.aboutProcesses.showThreads", true); +#else + pref("toolkit.aboutProcesses.showThreads", false); +#endif +// If `true`, about:processes will offer to profile processes. +pref("toolkit.aboutProcesses.showProfilerIcons", true); +// Time in seconds between when the profiler is started and when the +// profile is captured. +pref("toolkit.aboutProcesses.profileDuration", 5); + +// When a crash happens, whether to include heap regions of the crash context +// in the minidump. Enabled by default on nightly and aurora. +#ifdef RELEASE_OR_BETA + pref("toolkit.crashreporter.include_context_heap", false); +#else + pref("toolkit.crashreporter.include_context_heap", true); +#endif + +// Support for legacy customizations that rely on checking the +// user profile directory for these stylesheets: +// * userContent.css +// * userChrome.css +pref("toolkit.legacyUserProfileCustomizations.stylesheets", false); + +#ifdef MOZ_DATA_REPORTING + pref("datareporting.policy.dataSubmissionEnabled", true); + pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "0"); + pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 0); + pref("datareporting.policy.dataSubmissionPolicyBypassNotification", false); + pref("datareporting.policy.currentPolicyVersion", 2); + pref("datareporting.policy.minimumPolicyVersion", 1); + pref("datareporting.policy.minimumPolicyVersion.channel-beta", 2); + pref("datareporting.policy.firstRunURL", "https://www.mozilla.org/privacy/firefox/"); +#endif + +#ifdef MOZ_SERVICES_HEALTHREPORT + #if !defined(ANDROID) + pref("datareporting.healthreport.infoURL", "https://www.mozilla.org/legal/privacy/firefox.html#health-report"); + + // Health Report is enabled by default on all channels. + pref("datareporting.healthreport.uploadEnabled", true); + #endif +#endif + +pref("services.common.log.logger.rest.request", "Debug"); +pref("services.common.log.logger.rest.response", "Debug"); +pref("services.common.log.logger.tokenserverclient", "Debug"); + +#ifdef MOZ_SERVICES_SYNC + pref("services.sync.lastversion", "firstrun"); + pref("services.sync.sendVersionInfo", true); + + pref("services.sync.scheduler.idleInterval", 3600); // 1 hour + pref("services.sync.scheduler.activeInterval", 600); // 10 minutes + pref("services.sync.scheduler.immediateInterval", 90); // 1.5 minutes + pref("services.sync.scheduler.idleTime", 300); // 5 minutes + + pref("services.sync.scheduler.fxa.singleDeviceInterval", 3600); // 1 hour + + // Note that new engines are typically added with a default of disabled, so + // when an existing sync user gets the Firefox upgrade that supports the engine + // it starts as disabled until the user has explicitly opted in. + // The sync "create account" process typically *will* offer these engines, so + // they may be flipped to enabled at that time. + pref("services.sync.engine.addons", true); + pref("services.sync.engine.addresses", false); + pref("services.sync.engine.bookmarks", true); + pref("services.sync.engine.creditcards", false); + pref("services.sync.engine.history", true); + pref("services.sync.engine.passwords", true); + pref("services.sync.engine.prefs", true); + pref("services.sync.engine.tabs", true); + pref("services.sync.engine.tabs.filteredSchemes", "about|resource|chrome|file|blob|moz-extension|data"); + + // The addresses and CC engines might not actually be available at all. + pref("services.sync.engine.addresses.available", false); + pref("services.sync.engine.creditcards.available", false); + + // If true, add-on sync ignores changes to the user-enabled flag. This + // allows people to have the same set of add-ons installed across all + // profiles while maintaining different enabled states. + pref("services.sync.addons.ignoreUserEnabledChanges", false); + + // Comma-delimited list of hostnames to trust for add-on install. + pref("services.sync.addons.trustedSourceHostnames", "addons.mozilla.org"); + + pref("services.sync.log.appender.console", "Fatal"); + pref("services.sync.log.appender.dump", "Error"); + pref("services.sync.log.appender.file.level", "Trace"); + pref("services.sync.log.appender.file.logOnError", true); + #if defined(NIGHTLY_BUILD) + pref("services.sync.log.appender.file.logOnSuccess", true); + #else + pref("services.sync.log.appender.file.logOnSuccess", false); + #endif + pref("services.sync.log.appender.file.maxErrorAge", 864000); // 10 days + + // The default log level for all "Sync.*" logs. Adjusting this pref will + // adjust the level for *all* Sync logs (except engines, and that's only + // because we supply a default for the engines below.) + pref("services.sync.log.logger", "Debug"); + + // Prefs for Sync engines can be controlled globally or per-engine. + // We only define the global level here, but manually creating prefs + // like "services.sync.log.logger.engine.bookmarks" will control just + // that engine. + pref("services.sync.log.logger.engine", "Debug"); + pref("services.sync.log.cryptoDebug", false); + + pref("services.sync.telemetry.submissionInterval", 43200); // 12 hours in seconds + pref("services.sync.telemetry.maxPayloadCount", 500); + + #ifdef EARLY_BETA_OR_EARLIER + // Enable the (fairly costly) client/server validation through early Beta, but + // not release candidates or Release. + pref("services.sync.engine.bookmarks.validation.enabled", true); + pref("services.sync.engine.passwords.validation.enabled", true); + #endif + + // We consider validation this frequently. After considering validation, even + // if we don't end up validating, we won't try again unless this much time has passed. + pref("services.sync.engine.bookmarks.validation.interval", 86400); // 24 hours in seconds + pref("services.sync.engine.passwords.validation.interval", 86400); // 24 hours in seconds + + // We only run validation `services.sync.validation.percentageChance` percent of + // the time, even if it's been the right amount of time since the last validation, + // and you meet the maxRecord checks. + pref("services.sync.engine.bookmarks.validation.percentageChance", 10); + pref("services.sync.engine.passwords.validation.percentageChance", 10); + + // We won't validate an engine if it has more than this many records on the server. + pref("services.sync.engine.bookmarks.validation.maxRecords", 1000); + pref("services.sync.engine.passwords.validation.maxRecords", 1000); + + // The maximum number of immediate resyncs to trigger for changes made during + // a sync. + pref("services.sync.maxResyncs", 1); + + // The URL of the Firefox Accounts auth server backend + pref("identity.fxaccounts.auth.uri", "https://api.accounts.firefox.com/v1"); + + // Percentage chance we skip an extension storage sync (kinto life support). + pref("services.sync.extension-storage.skipPercentageChance", 50); +#endif // MOZ_SERVICES_SYNC + +#if defined(ENABLE_WEBDRIVER) + // WebDriver is a remote control interface that enables introspection and + // control of user agents. It provides a platform- and language-neutral wire + // protocol as a way for out-of-process programs to remotely instruct the + // behavior of web browsers. + // + // Gecko's implementation is backed by Marionette (WebDriver HTTP) and the + // Remote Agent (WebDriver BiDi). + + // Delay server startup until a modal dialogue has been clicked to allow time + // for user to set breakpoints in the Browser Toolbox. + pref("marionette.debugging.clicktostart", false); + + // Port to start Marionette server on. + pref("marionette.port", 2828); + + // Defines the protocols that will be active for the Remote Agent. + // 1: WebDriver BiDi + // 2: CDP (Chrome DevTools Protocol) + // 3: WebDriver BiDi + CDP + pref("remote.active-protocols", 3); + + // Enable WebDriver BiDi experimental commands and events. + #if defined(NIGHTLY_BUILD) + pref("remote.experimental.enabled", true); + #else + pref("remote.experimental.enabled", false); + #endif + + // Defines the verbosity of the internal logger. + // + // Available levels are, in descending order of severity, "Trace", "Debug", + // "Config", "Info", "Warn", "Error", and "Fatal". The value is treated + // case-sensitively. + pref("remote.log.level", "Info"); + + // Certain log messages that are known to be long are truncated. This + // preference causes them to not be truncated. + pref("remote.log.truncate", true); + + // Sets recommended automation preferences when Remote Agent or Marionette is + // started. + pref("remote.prefs.recommended", true); +#endif + +// Enable the JSON View tool (an inspector for application/json documents). +pref("devtools.jsonview.enabled", true); + +// Default theme ("auto", "dark" or "light"). +pref("devtools.theme", "auto", sticky); + +// Completely disable DevTools entry points, as well as all DevTools command +// line arguments. +pref("devtools.policy.disabled", false); + +// Enable deprecation warnings. +pref("devtools.errorconsole.deprecation_warnings", true); + +#ifdef NIGHTLY_BUILD + // Don't show the Browser Toolbox prompt on local builds / nightly. + pref("devtools.debugger.prompt-connection", false, sticky); +#else + pref("devtools.debugger.prompt-connection", true, sticky); +#endif + +#ifdef MOZILLA_OFFICIAL + // Disable debugging chrome. + pref("devtools.chrome.enabled", false, sticky); + // Disable remote debugging connections. + pref("devtools.debugger.remote-enabled", false, sticky); +#else + // In local builds, enable the browser toolbox by default. + pref("devtools.chrome.enabled", true, sticky); + pref("devtools.debugger.remote-enabled", true, sticky); +#endif + +// Disable service worker debugging on all channels (see Bug 1651605). +pref("devtools.debugger.features.windowless-service-workers", false); + +// Disable remote debugging protocol logging. +pref("devtools.debugger.log", false); +pref("devtools.debugger.log.verbose", false); + +pref("devtools.debugger.remote-port", 6000); +pref("devtools.debugger.remote-websocket", false); +// Force debugger server binding on the loopback interface. +pref("devtools.debugger.force-local", true); + +// Limit for intercepted request and response bodies (1 MB). +// Possible values: +// 0 => the response body has no limit +// n => represents max number of bytes stored +pref("devtools.netmonitor.responseBodyLimit", 1048576); +pref("devtools.netmonitor.requestBodyLimit", 1048576); + +// Limit for WebSocket/EventSource messages (100 KB). +pref("devtools.netmonitor.msg.messageDataLimit", 100000); + +// DevTools default color unit. +pref("devtools.defaultColorUnit", "authored"); + +// Used for devtools debugging. +pref("devtools.dump.emit", false); + +// Disable device discovery logging. +pref("devtools.discovery.log", false); +// Whether to scan for DevTools devices via WiFi. +pref("devtools.remote.wifi.scan", true); + +// The extension ID for devtools-adb-extension. +pref("devtools.remote.adb.extensionID", "adb@mozilla.org"); +// The URL for for devtools-adb-extension (overridden in tests to a local +// path). +pref("devtools.remote.adb.extensionURL", "https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi"); + +// Enable Inactive CSS detection; used both by the client and the server. +pref("devtools.inspector.inactive.css.enabled", true); + +// Should F12 open the Developer Tools toolbox. +pref("devtools.f12_enabled", true); + +#if defined(NIGHTLY_BUILD) || defined(MOZ_DEV_EDITION) +// Define in StaticPrefList.yaml and override here since StaticPrefList.yaml +// doesn't provide a way to lock the pref +pref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false); +#else +pref("dom.postMessage.sharedArrayBuffer.bypassCOOP_COEP.insecure.enabled", false, locked); +#endif + +// Whether sites require the open-protocol-handler permission to open a +//preferred external application for a protocol. If a site doesn't have +// permission we will show a prompt. +pref("security.external_protocol_requires_permission", true); + +// Preferences for the form autofill toolkit component. +// The truthy values of "extensions.formautofill.addresses.available" +// and "extensions.formautofill.creditCards.available" are "on" and "detect", +// any other value means autofill isn't available. +// "detect" means it's enabled if conditions defined in the extension are met. +// Note: "extensions.formautofill.available" and "extensions.formautofill.creditCards.available" +// are not being used in form autofill, but need to exist for migration purposes. +pref("extensions.formautofill.available", "detect"); +pref("extensions.formautofill.addresses.supported", "detect"); +pref("extensions.formautofill.addresses.enabled", true); +pref("extensions.formautofill.addresses.capture.enabled", false); +// This preference should be removed entirely once address capture v2 developing is finished +pref("extensions.formautofill.addresses.capture.v2.enabled", false); +pref("extensions.formautofill.addresses.ignoreAutocompleteOff", true); +// Supported countries need to follow ISO 3166-1 to align with "browser.search.region" +pref("extensions.formautofill.addresses.supportedCountries", "US,CA"); +// Note: this ".available" pref is only used for migration purposes and will be removed/replaced later. +pref("extensions.formautofill.creditCards.available", true); +pref("extensions.formautofill.creditCards.supported", "detect"); +pref("extensions.formautofill.creditCards.enabled", true); +pref("extensions.formautofill.creditCards.ignoreAutocompleteOff", true); +// Supported countries need to follow ISO 3166-1 to align with "browser.search.region" +pref("extensions.formautofill.creditCards.supportedCountries", "US,CA,GB,FR,DE"); + +// Algorithm used by formautofill while determine whether a field is a credit card field +// 0:Heurstics based on regular expression string matching +// 1:Fathom in js implementation +// 2:Fathom in c++ implementation +pref("extensions.formautofill.creditCards.heuristics.mode", 2); +pref("extensions.formautofill.creditCards.heuristics.fathom.types", "cc-number,cc-name"); +// Defines the threshold to identify whether a field is a cc field +pref("extensions.formautofill.creditCards.heuristics.fathom.confidenceThreshold", "0.5"); +// Defineis the threshold to mark fields that are "high-confidence", see `isValidSection` for details +pref("extensions.formautofill.creditCards.heuristics.fathom.highConfidenceThreshold", "0.95"); +// This is Only for testing! Set the confidence value (> 0 && <= 1) after a field is identified by fathom +pref("extensions.formautofill.creditCards.heuristics.fathom.testConfidence", "0"); + +pref("extensions.formautofill.firstTimeUse", true); +pref("extensions.formautofill.loglevel", "Warn"); + +pref("toolkit.osKeyStore.loglevel", "Warn"); + +pref("extensions.formautofill.supportRTL", false); + +// Controls the log level for CookieBannerListService.jsm. +pref("cookiebanners.listService.logLevel", "Error"); + +// Contorls the log level for Cookie Banner Auto Clicking. +pref("cookiebanners.bannerClicking.logLevel", "Error"); + +// Array of test rules for cookie banner handling as a JSON string. They will be +// inserted in addition to regular rules and may override them when setting the +// same domain. Every array item should be a valid CookieBannerRule. See +// CookieBannerRule.schema.json. +pref("cookiebanners.listService.testRules", "[]"); + +// Still fetches rules from RemoteSettings, but discards them. Used in tests. +pref("cookiebanners.listService.testSkipRemoteSettings", false); + +// The domains we will block from installing SitePermsAddons. Comma-separated +// full domains: any subdomains of the domains listed will also be allowed. +pref("dom.sitepermsaddon-provider.separatedBlocklistedDomains", "shopee.co.th,shopee.tw,shopee.co.id,shopee.com.my,shopee.vn,shopee.ph,shopee.sg,shopee.com.br,shopee.com,shopee.cn,shopee.io,shopee.pl,shopee.com.mx,shopee.com.co,shopee.cl,shopee.kr,shopee.es,shopee.in,alipay.com,miravia.es"); + +// Log level for logger in URLQueryStrippingListService +pref("privacy.query_stripping.listService.logLevel", "Error"); diff --git a/modules/libpref/init/generate_static_pref_list.py b/modules/libpref/init/generate_static_pref_list.py new file mode 100644 index 0000000000..2e9cf9d98f --- /dev/null +++ b/modules/libpref/init/generate_static_pref_list.py @@ -0,0 +1,471 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. + +import os +import sys +from collections import defaultdict + +import buildconfig +import yaml +from mozbuild.preprocessor import Preprocessor +from mozbuild.util import FileAvoidWrite, ensureParentDir +from six import StringIO + +VALID_KEYS = { + "name", + "type", + "value", + "mirror", + "do_not_use_directly", + "include", + "rust", +} + +# Each key is a C++ type; its value is the equivalent non-atomic C++ type. +VALID_BOOL_TYPES = { + "bool": "bool", + # These ones are defined in StaticPrefsBase.h. + "RelaxedAtomicBool": "bool", + "ReleaseAcquireAtomicBool": "bool", + "SequentiallyConsistentAtomicBool": "bool", +} + +VALID_TYPES = VALID_BOOL_TYPES.copy() +VALID_TYPES.update( + { + "int32_t": "int32_t", + "uint32_t": "uint32_t", + "float": "float", + # These ones are defined in StaticPrefsBase.h. + "RelaxedAtomicInt32": "int32_t", + "RelaxedAtomicUint32": "uint32_t", + "ReleaseAcquireAtomicInt32": "int32_t", + "ReleaseAcquireAtomicUint32": "uint32_t", + "SequentiallyConsistentAtomicInt32": "int32_t", + "SequentiallyConsistentAtomicUint32": "uint32_t", + "AtomicFloat": "float", + "String": None, + "DataMutexString": "nsACString", + } +) + +# Map non-atomic C++ types to equivalent Rust types. +RUST_TYPES = { + "bool": "bool", + "int32_t": "i32", + "uint32_t": "u32", + "float": "f32", + "DataMutexString": "nsCString", +} + +HEADER_LINE = ( + "// This file was generated by generate_static_pref_list.py from {input_filename}." + " DO NOT EDIT." +) + +MIRROR_TEMPLATES = { + "never": """\ +NEVER_PREF("{name}", {typ}, {value}) +""", + "once": """\ +ONCE_PREF( + "{name}", + {base_id}, + {full_id}, + {typ}, {value} +) +""", + "always": """\ +ALWAYS_PREF( + "{name}", + {base_id}, + {full_id}, + {typ}, {value} +) +""", + "always_datamutex": """\ +ALWAYS_DATAMUTEX_PREF( + "{name}", + {base_id}, + {full_id}, + {typ}, {value} +) +""", +} + +STATIC_PREFS_GROUP_H_TEMPLATE1 = """\ +// Include it to gain access to StaticPrefs::{group}_*. + +#ifndef mozilla_StaticPrefs_{group}_h +#define mozilla_StaticPrefs_{group}_h +""" + +STATIC_PREFS_GROUP_H_TEMPLATE2 = """\ +#include "mozilla/StaticPrefListBegin.h" +#include "mozilla/StaticPrefList_{group}.h" +#include "mozilla/StaticPrefListEnd.h" + +#endif // mozilla_StaticPrefs_{group}_h +""" + +STATIC_PREFS_C_GETTERS_TEMPLATE = """\ +extern "C" {typ} StaticPrefs_{full_id}() {{ + return mozilla::StaticPrefs::{full_id}(); +}} +""" + +STATIC_PREFS_C_GETTERS_NSSTRING_TEMPLATE = """\ +extern "C" void StaticPrefs_{full_id}(nsACString *result) {{ + const auto preflock = mozilla::StaticPrefs::{full_id}(); + result->Append(*preflock); +}} +""" + + +def error(msg): + raise ValueError(msg) + + +def mk_id(name): + "Replace '.' and '-' with '_', e.g. 'foo.bar-baz' becomes 'foo_bar_baz'." + return name.replace(".", "_").replace("-", "_") + + +def mk_group(pref): + name = pref["name"] + return mk_id(name.split(".", 1)[0]) + + +def check_pref_list(pref_list): + # Pref names seen so far. Used to detect any duplicates. + seen_names = set() + + # The previous pref. Used to detect mis-ordered prefs. + prev_pref = None + + for pref in pref_list: + # Check all given keys are known ones. + for key in pref: + if key not in VALID_KEYS: + error("invalid key `{}`".format(key)) + + # 'name' must be present, valid, and in the right section. + if "name" not in pref: + error("missing `name` key") + name = pref["name"] + if type(name) != str: + error("non-string `name` value `{}`".format(name)) + if "." not in name: + error("`name` value `{}` lacks a '.'".format(name)) + if name in seen_names: + error("`{}` pref is defined more than once".format(name)) + seen_names.add(name) + + # Prefs must be ordered appropriately. + if prev_pref: + if mk_group(prev_pref) > mk_group(pref): + error( + "`{}` pref must come before `{}` pref".format( + name, prev_pref["name"] + ) + ) + + # 'type' must be present and valid. + if "type" not in pref: + error("missing `type` key for pref `{}`".format(name)) + typ = pref["type"] + if typ not in VALID_TYPES: + error("invalid `type` value `{}` for pref `{}`".format(typ, name)) + + # 'value' must be present and valid. + if "value" not in pref: + error("missing `value` key for pref `{}`".format(name)) + value = pref["value"] + if typ == "String" or typ == "DataMutexString": + if type(value) != str: + error( + "non-string `value` value `{}` for `{}` pref `{}`; " + "add double quotes".format(value, typ, name) + ) + elif typ in VALID_BOOL_TYPES: + if value not in (True, False): + error("invalid boolean value `{}` for pref `{}`".format(value, name)) + + # 'mirror' must be present and valid. + if "mirror" not in pref: + error("missing `mirror` key for pref `{}`".format(name)) + mirror = pref["mirror"] + if typ.startswith("DataMutex"): + mirror += "_datamutex" + if mirror not in MIRROR_TEMPLATES: + error("invalid `mirror` value `{}` for pref `{}`".format(mirror, name)) + + # Check 'do_not_use_directly' if present. + if "do_not_use_directly" in pref: + do_not_use_directly = pref["do_not_use_directly"] + if type(do_not_use_directly) != bool: + error( + "non-boolean `do_not_use_directly` value `{}` for pref " + "`{}`".format(do_not_use_directly, name) + ) + if do_not_use_directly and mirror == "never": + error( + "`do_not_use_directly` uselessly set with `mirror` value " + "`never` for pref `{}`".format(pref["name"]) + ) + + # Check 'include' if present. + if "include" in pref: + include = pref["include"] + if type(include) != str: + error( + "non-string `include` value `{}` for pref `{}`".format( + include, name + ) + ) + if include.startswith("<") and not include.endswith(">"): + error( + "`include` value `{}` starts with `<` but does not " + "end with `>` for pref `{}`".format(include, name) + ) + + # Check 'rust' if present. + if "rust" in pref: + rust = pref["rust"] + if type(rust) != bool: + error("non-boolean `rust` value `{}` for pref `{}`".format(rust, name)) + if rust and mirror == "never": + error( + "`rust` uselessly set with `mirror` value `never` for " + "pref `{}`".format(pref["name"]) + ) + + prev_pref = pref + + +def generate_code(pref_list, input_filename): + check_pref_list(pref_list) + + first_line = HEADER_LINE.format(input_filename=input_filename) + + # The required includes for StaticPrefs_<group>.h. + includes = defaultdict(set) + + # StaticPrefList_<group>.h contains all the pref definitions for this + # group. + static_pref_list_group_h = defaultdict(lambda: [first_line, ""]) + + # StaticPrefsCGetters.cpp contains C getters for all the mirrored prefs, + # for use by Rust code. + static_prefs_c_getters_cpp = [first_line, ""] + + # static_prefs.rs contains C getter declarations and a macro. + static_prefs_rs_decls = [] + static_prefs_rs_macro = [] + + # Generate the per-pref code (spread across multiple files). + for pref in pref_list: + name = pref["name"] + typ = pref["type"] + value = pref["value"] + mirror = pref["mirror"] + do_not_use_directly = pref.get("do_not_use_directly") + include = pref.get("include") + rust = pref.get("rust") + + base_id = mk_id(pref["name"]) + full_id = base_id + if mirror == "once": + full_id += "_AtStartup" + if do_not_use_directly: + full_id += "_DoNotUseDirectly" + if typ.startswith("DataMutex"): + mirror += "_datamutex" + + group = mk_group(pref) + + if include: + if not include.startswith("<"): + # It's not a system header. Add double quotes. + include = '"{}"'.format(include) + includes[group].add(include) + + if typ == "String": + # Quote string literals, and escape double-quote chars. + value = '"{}"'.format(value.replace('"', '\\"')) + elif typ == "DataMutexString": + # Quote string literals, and escape double-quote chars. + value = '"{}"_ns'.format(value.replace('"', '\\"')) + elif typ in VALID_BOOL_TYPES: + # Convert Python bools to C++ bools. + if value is True: + value = "true" + elif value is False: + value = "false" + + # Append the C++ definition to the relevant output file's code. + static_pref_list_group_h[group].append( + MIRROR_TEMPLATES[mirror].format( + name=name, + base_id=base_id, + full_id=full_id, + typ=typ, + value=value, + ) + ) + + if rust: + passed_type = VALID_TYPES[typ] + if passed_type == "nsACString": + # Generate the C getter. + static_prefs_c_getters_cpp.append( + STATIC_PREFS_C_GETTERS_NSSTRING_TEMPLATE.format(full_id=full_id) + ) + + # Generate the C getter declaration, in Rust. + decl = " pub fn StaticPrefs_{full_id}(result: *mut nsstring::nsACString);" + static_prefs_rs_decls.append(decl.format(full_id=full_id)) + + # Generate the Rust macro entry. + macro = ' ("{name}") => (unsafe {{ let mut result = $crate::nsCString::new(); $crate::StaticPrefs_{full_id}(&mut *result); result }});' + static_prefs_rs_macro.append(macro.format(name=name, full_id=full_id)) + + else: + # Generate the C getter. + static_prefs_c_getters_cpp.append( + STATIC_PREFS_C_GETTERS_TEMPLATE.format( + typ=passed_type, full_id=full_id + ) + ) + + # Generate the C getter declaration, in Rust. + decl = " pub fn StaticPrefs_{full_id}() -> {typ};" + static_prefs_rs_decls.append( + decl.format(full_id=full_id, typ=RUST_TYPES[passed_type]) + ) + + # Generate the Rust macro entry. + macro = ( + ' ("{name}") => (unsafe {{ $crate::StaticPrefs_{full_id}() }});' + ) + static_prefs_rs_macro.append(macro.format(name=name, full_id=full_id)) + + # Delete this so that `group` can be reused below without Flake8 + # complaining. + del group + + # StaticPrefListAll.h contains one `#include "mozilla/StaticPrefList_X.h` + # line per pref group. + static_pref_list_all_h = [first_line, ""] + static_pref_list_all_h.extend( + '#include "mozilla/StaticPrefList_{}.h"'.format(group) + for group in sorted(static_pref_list_group_h) + ) + static_pref_list_all_h.append("") + + # StaticPrefsAll.h contains one `#include "mozilla/StaticPrefs_X.h` line per + # pref group. + static_prefs_all_h = [first_line, ""] + static_prefs_all_h.extend( + '#include "mozilla/StaticPrefs_{}.h"'.format(group) + for group in sorted(static_pref_list_group_h) + ) + static_prefs_all_h.append("") + + # StaticPrefs_<group>.h wraps StaticPrefList_<group>.h. It is the header + # used directly by application code. + static_prefs_group_h = defaultdict(list) + for group in sorted(static_pref_list_group_h): + static_prefs_group_h[group] = [first_line] + static_prefs_group_h[group].append( + STATIC_PREFS_GROUP_H_TEMPLATE1.format(group=group) + ) + if group in includes: + # Add any necessary includes, from 'h_include' values. + for include in sorted(includes[group]): + static_prefs_group_h[group].append("#include {}".format(include)) + static_prefs_group_h[group].append("") + static_prefs_group_h[group].append( + STATIC_PREFS_GROUP_H_TEMPLATE2.format(group=group) + ) + + # static_prefs.rs contains the Rust macro getters. + static_prefs_rs = [first_line, "", "pub use nsstring::nsCString;", 'extern "C" {'] + static_prefs_rs.extend(static_prefs_rs_decls) + static_prefs_rs.extend(["}", "", "#[macro_export]", "macro_rules! pref {"]) + static_prefs_rs.extend(static_prefs_rs_macro) + static_prefs_rs.extend(["}", ""]) + + def fold(lines): + return "\n".join(lines) + + return { + "static_pref_list_all_h": fold(static_pref_list_all_h), + "static_prefs_all_h": fold(static_prefs_all_h), + "static_pref_list_group_h": { + k: fold(v) for k, v in static_pref_list_group_h.items() + }, + "static_prefs_group_h": {k: fold(v) for k, v in static_prefs_group_h.items()}, + "static_prefs_c_getters_cpp": fold(static_prefs_c_getters_cpp), + "static_prefs_rs": fold(static_prefs_rs), + } + + +def emit_code(fd, pref_list_filename): + pp = Preprocessor() + pp.context.update(buildconfig.defines["ALLDEFINES"]) + + # A necessary hack until MOZ_DEBUG_FLAGS are part of buildconfig.defines. + if buildconfig.substs.get("MOZ_DEBUG"): + pp.context["DEBUG"] = "1" + + if buildconfig.substs.get("CPU_ARCH") == "aarch64": + pp.context["MOZ_AARCH64"] = True + + if buildconfig.substs.get("MOZ_ANDROID_CONTENT_SERVICE_ISOLATED_PROCESS"): + pp.context["MOZ_ANDROID_CONTENT_SERVICE_ISOLATED_PROCESS"] = True + + pp.out = StringIO() + pp.do_filter("substitution") + pp.do_include(pref_list_filename) + + try: + pref_list = yaml.safe_load(pp.out.getvalue()) + input_file = os.path.relpath( + pref_list_filename, + os.environ.get("GECKO_PATH", os.environ.get("TOPSRCDIR")), + ) + code = generate_code(pref_list, input_file) + except (IOError, ValueError) as e: + print("{}: error:\n {}\n".format(pref_list_filename, e)) + sys.exit(1) + + # When generating multiple files from a script, the build system treats the + # first named output file (StaticPrefListAll.h in this case) specially -- it + # is created elsewhere, and written to via `fd`. + fd.write(code["static_pref_list_all_h"]) + + # We must create the remaining output files ourselves. This requires + # creating the output directory directly if it doesn't already exist. + ensureParentDir(fd.name) + init_dirname = os.path.dirname(fd.name) + + with FileAvoidWrite("StaticPrefsAll.h") as fd: + fd.write(code["static_prefs_all_h"]) + + for group, text in sorted(code["static_pref_list_group_h"].items()): + filename = "StaticPrefList_{}.h".format(group) + with FileAvoidWrite(os.path.join(init_dirname, filename)) as fd: + fd.write(text) + + for group, text in sorted(code["static_prefs_group_h"].items()): + filename = "StaticPrefs_{}.h".format(group) + with FileAvoidWrite(filename) as fd: + fd.write(text) + + with FileAvoidWrite(os.path.join(init_dirname, "StaticPrefsCGetters.cpp")) as fd: + fd.write(code["static_prefs_c_getters_cpp"]) + + with FileAvoidWrite("static_prefs.rs") as fd: + fd.write(code["static_prefs_rs"]) diff --git a/modules/libpref/init/static_prefs/Cargo.toml b/modules/libpref/init/static_prefs/Cargo.toml new file mode 100644 index 0000000000..061bf92b48 --- /dev/null +++ b/modules/libpref/init/static_prefs/Cargo.toml @@ -0,0 +1,12 @@ +[package] +name = "static_prefs" +version = "0.1.0" +authors = ["Nicholas Nethercote <nnethercote@mozilla.com>"] +edition = "2018" +license = "MPL-2.0" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +mozbuild = "0.1" +nsstring = { path = "../../../../xpcom/rust/nsstring" } diff --git a/modules/libpref/init/static_prefs/src/lib.rs b/modules/libpref/init/static_prefs/src/lib.rs new file mode 100644 index 0000000000..88975798ad --- /dev/null +++ b/modules/libpref/init/static_prefs/src/lib.rs @@ -0,0 +1,11 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +//! This module contains getters for static prefs. +//! +//! The contents of this module are generated by +//! `modules/libpref/init/generate_static_pref_list.py`, from +//! `modules/libpref/init/StaticPrefList.yaml`. + +include!(mozbuild::objdir_path!("modules/libpref/static_prefs.rs")); diff --git a/modules/libpref/moz.build b/modules/libpref/moz.build new file mode 100644 index 0000000000..e8f8b97170 --- /dev/null +++ b/modules/libpref/moz.build @@ -0,0 +1,174 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +with Files("**"): + BUG_COMPONENT = ("Core", "Preferences: Backend") + +if CONFIG["ENABLE_TESTS"]: + DIRS += ["test/gtest"] + +XPCSHELL_TESTS_MANIFESTS += [ + "test/unit/xpcshell.ini", + "test/unit_ipc/xpcshell.ini", +] + +BROWSER_CHROME_MANIFESTS += ["test/browser/browser.ini"] + +XPIDL_SOURCES += [ + "nsIPrefBranch.idl", + "nsIPrefLocalizedString.idl", + "nsIPrefService.idl", + "nsIRelativeFilePref.idl", +] + +XPIDL_MODULE = "pref" + +pref_groups = [ + "accessibility", + "alerts", + "apz", + "beacon", + "bidi", + "browser", + "canvas", + "channelclassifier", + "clipboard", + "content", + "converter", + "cookiebanners", + "datareporting", + "device", + "devtools", + "docshell", + "dom", + "editor", + "extensions", + "fission", + "font", + "full_screen_api", + "general", + "geo", + "gfx", + "gl", + "html5", + "idle_period", + "image", + "intl", + "javascript", + "layers", + "layout", + "mathml", + "media", + "midi", + "mousewheel", + "mozilla", + "network", + "nglayout", + "page_load", + "pdfjs", + "permissions", + "places", + "plain_text", + "preferences", + "print", + "privacy", + "prompts", + "security", + "signon", + "slider", + "storage", + "svg", + "telemetry", + "test", + "threads", + "timer", + "toolkit", + "ui", + "urlclassifier", + "view_source", + "webgl", + "widget", + "zoom", +] +if CONFIG["OS_TARGET"] == "Android": + pref_groups += [ + "android", + "consoleservice", + ] +if CONFIG["FUZZING"]: + pref_groups += ["fuzzing"] +pref_groups = tuple(sorted(pref_groups)) + +# Note: generate_static_pref_list.py relies on StaticPrefListAll.h being first. +gen_h = ["init/StaticPrefListAll.h"] +gen_h += ["StaticPrefsAll.h"] +gen_h += ["init/StaticPrefList_{}.h".format(pg) for pg in pref_groups] +gen_h += ["StaticPrefs_{}.h".format(pg) for pg in pref_groups] + +gen_cpp = ["init/StaticPrefsCGetters.cpp"] + +gen_rs = ["static_prefs.rs"] + +EXPORTS.mozilla += [ + "init/StaticPrefListBegin.h", + "init/StaticPrefListEnd.h", + "nsRelativeFilePref.h", + "Preferences.h", + "StaticPrefsBase.h", +] +EXPORTS.mozilla += sorted(["!" + g for g in gen_h]) + +UNIFIED_SOURCES += [ + "Preferences.cpp", + "SharedPrefMap.cpp", +] + +gen_all_tuple = tuple(gen_h + gen_cpp + gen_rs) + +GeneratedFile( + *gen_all_tuple, + script="init/generate_static_pref_list.py", + entry_point="emit_code", + inputs=["init/StaticPrefList.yaml"] +) + +PYTHON_UNITTEST_MANIFESTS += [ + "test/python.ini", +] + +XPCOM_MANIFESTS += [ + "components.conf", +] + +SPHINX_TREES["/modules/libpref"] = "docs" + +include("/ipc/chromium/chromium-config.mozbuild") + +FINAL_LIBRARY = "xul" + +DEFINES["OS_ARCH"] = CONFIG["OS_ARCH"] +DEFINES["MOZ_WIDGET_TOOLKIT"] = CONFIG["MOZ_WIDGET_TOOLKIT"] + +if CONFIG["MOZ_SERVICES_SYNC"]: + DEFINES["MOZ_SERVICES_SYNC"] = True + +if CONFIG["MOZ_BUILD_APP"] == "browser": + DEFINES["MOZ_BUILD_APP_IS_BROWSER"] = True + +if CONFIG["MOZ_WIDGET_TOOLKIT"] == "android": + if not CONFIG["MOZ_ANDROID_FAT_AAR_ARCHITECTURES"]: + FINAL_TARGET_PP_FILES[CONFIG["ANDROID_CPU_ARCH"]] += [ + "greprefs.js", + ] + else: + for arch in CONFIG["MOZ_ANDROID_FAT_AAR_ARCHITECTURES"]: + FINAL_TARGET_FILES[arch] += [ + "!/dist/fat-aar/output/{arch}/greprefs.js".format(arch=arch), + ] +else: + FINAL_TARGET_PP_FILES += [ + "greprefs.js", + ] diff --git a/modules/libpref/nsIPrefBranch.idl b/modules/libpref/nsIPrefBranch.idl new file mode 100644 index 0000000000..8e45d5d312 --- /dev/null +++ b/modules/libpref/nsIPrefBranch.idl @@ -0,0 +1,519 @@ +/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" + +%{C++ +#include "nsLiteralString.h" +%} + +interface nsIObserver; + +/** + * The nsIPrefBranch interface is used to manipulate the preferences data. This + * object may be obtained from the preferences service (nsIPrefService) and + * used to get and set default and/or user preferences across the application. + * + * This object is created with a "root" value which describes the base point in + * the preferences "tree" from which this "branch" stems. Preferences are + * accessed off of this root by using just the final portion of the preference. + * For example, if this object is created with the root "browser.startup.", + * the preferences "browser.startup.page", "browser.startup.homepage", + * and "browser.startup.homepage_override" can be accessed by simply passing + * "page", "homepage", or "homepage_override" to the various Get/Set methods. + * + * @see nsIPrefService + */ + +[scriptable, builtinclass, uuid(55d25e49-793f-4727-a69f-de8b15f4b985)] +interface nsIPrefBranch : nsISupports +{ + + /** + * Values describing the basic preference types. + * + * @see getPrefType + */ + const long PREF_INVALID = 0; + const long PREF_STRING = 32; + const long PREF_INT = 64; + const long PREF_BOOL = 128; + + /** + * Called to get the root on which this branch is based, such as + * "browser.startup." + */ + readonly attribute ACString root; + + /** + * Called to determine the type of a specific preference. + * + * @param aPrefName The preference to get the type of. + * + * @return long A value representing the type of the preference. This + * value will be PREF_STRING, PREF_INT, or PREF_BOOL. + */ + long getPrefType(in string aPrefName); + + /** + * Called to get the state of an individual boolean preference. + * + * @param aPrefName The boolean preference to get the state of. + * @param aDefaultValue The value to return if the preference is not set. + * + * @return boolean The value of the requested boolean preference. + * + * @see setBoolPref + */ + [optional_argc,binaryname(GetBoolPrefWithDefault)] + boolean getBoolPref(in string aPrefName, [optional] in boolean aDefaultValue); + [noscript,binaryname(GetBoolPref)] + boolean getBoolPrefXPCOM(in string aPrefName); + + /** + * Called to set the state of an individual boolean preference. + * + * @param aPrefName The boolean preference to set the state of. + * @param aValue The boolean value to set the preference to. + * + * @throws Error if setting failed or the preference has a default + value of a type other than boolean. + * + * @see getBoolPref + */ + void setBoolPref(in string aPrefName, in boolean aValue); + + /** + * Called to get the state of an individual floating-point preference. + * "Floating point" preferences are really string preferences that + * are converted to floating point numbers. + * + * @param aPrefName The floating point preference to get the state of. + * @param aDefaultValue The value to return if the preference is not set. + * + * @return float The value of the requested floating point preference. + * + * @see setCharPref + */ + [optional_argc,binaryname(GetFloatPrefWithDefault)] + float getFloatPref(in string aPrefName, [optional] in float aDefaultValue); + [noscript,binaryname(GetFloatPref)] + float getFloatPrefXPCOM(in string aPrefName); + + /** + * Called to get the state of an individual ascii string preference. + * + * @param aPrefName The string preference to retrieve. + * @param aDefaultValue The string to return if the preference is not set. + * + * @return ACString The value of the requested string preference. + * + * @see setCharPref + */ + [optional_argc,binaryname(GetCharPrefWithDefault)] + ACString getCharPref(in string aPrefName, + [optional] in ACString aDefaultValue); + [noscript,binaryname(GetCharPref)] + ACString getCharPrefXPCOM(in string aPrefName); + + /** + * Called to set the state of an individual ascii string preference. + * + * @param aPrefName The string preference to set. + * @param aValue The string value to set the preference to. + * + * @throws Error if setting failed or the preference has a default + value of a type other than string. + * + * @see getCharPref + */ + void setCharPref(in string aPrefName, in ACString aValue); + + /** + * Called to get the state of an individual unicode string preference. + * + * @param aPrefName The string preference to retrieve. + * @param aDefaultValue The string to return if the preference is not set. + * + * @return AUTF8String The value of the requested string preference. + * + * @see setStringPref + */ + [optional_argc] + AUTF8String getStringPref(in string aPrefName, + [optional] in AUTF8String aDefaultValue); + + /** + * Called to set the state of an individual unicode string preference. + * + * @param aPrefName The string preference to set. + * @param aValue The string value to set the preference to. + * + * @throws Error if setting failed or the preference has a default + value of a type other than string. + * + * @see getStringPref + */ + void setStringPref(in string aPrefName, in AUTF8String aValue); + + /** + * Called to get the state of an individual integer preference. + * + * @param aPrefName The integer preference to get the value of. + * @param aDefaultValue The value to return if the preference is not set. + * + * @return long The value of the requested integer preference. + * + * @see setIntPref + */ + [optional_argc,binaryname(GetIntPrefWithDefault)] + long getIntPref(in string aPrefName, [optional] in long aDefaultValue); + [noscript,binaryname(GetIntPref)] + long getIntPrefXPCOM(in string aPrefName); + + /** + * Called to set the state of an individual integer preference. + * + * @param aPrefName The integer preference to set the value of. + * @param aValue The integer value to set the preference to. + * + * @throws Error if setting failed or the preference has a default + value of a type other than integer. + * + * @see getIntPref + */ + void setIntPref(in string aPrefName, in long aValue); + + /** + * Called to get the state of an individual complex preference. A complex + * preference is a preference which represents an XPCOM object that can not + * be easily represented using a standard boolean, integer or string value. + * + * @param aPrefName The complex preference to get the value of. + * @param aType The XPCOM interface that this complex preference + * represents. Interfaces currently supported are: + * - nsIFile + * - nsIPrefLocalizedString (Localized UniChar) + * @param aValue The XPCOM object into which to the complex preference + * value should be retrieved. + * + * @throws Error The value does not exist or is the wrong type. + * + * @see setComplexValue + */ + void getComplexValue(in string aPrefName, in nsIIDRef aType, + [iid_is(aType), retval] out nsQIResult aValue); + + /** + * Called to set the state of an individual complex preference. A complex + * preference is a preference which represents an XPCOM object that can not + * be easily represented using a standard boolean, integer or string value. + * + * @param aPrefName The complex preference to set the value of. + * @param aType The XPCOM interface that this complex preference + * represents. Interfaces currently supported are: + * - nsIFile + * - nsISupportsString (UniChar) + * (deprecated; see setStringPref) + * - nsIPrefLocalizedString (Localized UniChar) + * @param aValue The XPCOM object from which to set the complex preference + * value. + * + * @throws Error if setting failed or the value is the wrong type. + * + * @see getComplexValue + */ + void setComplexValue(in string aPrefName, in nsIIDRef aType, in nsISupports aValue); + + /** + * Called to clear a user set value from a specific preference. This will, in + * effect, reset the value to the default value. If no default value exists + * the preference will cease to exist. + * + * @param aPrefName The preference to be cleared. + * + * @note + * This method does nothing if this object is a default branch. + */ + void clearUserPref(in string aPrefName); + + /** + * Called to lock a specific preference. Locking a preference will cause the + * preference service to always return the default value regardless of + * whether there is a user set value or not. + * + * @param aPrefName The preference to be locked. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the default branch. + * + * @throws Error The preference does not exist or an error occurred. + * + * @see unlockPref + */ + void lockPref(in string aPrefName); + + /** + * Called to check if a specific preference has a user value associated to + * it. + * + * @param aPrefName The preference to be tested. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the user branch. + * + * @note + * If a preference was manually set to a value that equals the default value, + * then the preference no longer has a user set value, i.e. it is + * considered reset to its default value. + * In particular, this method will return false for such a preference and + * the preference will not be saved to a file by nsIPrefService.savePrefFile. + * + * @return boolean true The preference has a user set value. + * false The preference only has a default value. + */ + boolean prefHasUserValue(in string aPrefName); + + /** + * Called to check if a specific preference has a default value associated to + * it. + * + * @param aPrefName The preference to be tested. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the user branch. + * + * @note + * This method can be used to distinguish between a built-in preference and a + * user-added preference. + * + * @return boolean true The preference has a default value. + * false The preference only has a user value. + */ + boolean prefHasDefaultValue(in string aPrefName); + + /** + * Called to check if a specific preference is locked. If a preference is + * locked calling its Get method will always return the default value. + * + * @param aPrefName The preference to be tested. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the default branch. + * + * @return boolean true The preference is locked. + * false The preference is not locked. + * + * @see lockPref + * @see unlockPref + */ + boolean prefIsLocked(in string aPrefName); + + /** + * Called to check if a specific preference has been sanitized. If a + * preference is sanitized, any user value the preference may have will not + * be present in a sub-process. A preference is never sanitized in the + * parent process; it is only marked as sanitized when it is converted + * to a dom::Pref for serialization to a child process. + * + * @param aPrefName The preference to be tested. + * + * @note + * This method can be called on either a default or user branch but it + * makes no difference. + * + * @return boolean true The preference is sanitized. + * false The preference is not sanitized. + */ + boolean prefIsSanitized(in string aPrefName); + + /** + * Called to unlock a specific preference. Unlocking a previously locked + * preference allows the preference service to once again return the user set + * value of the preference. + * + * @param aPrefName The preference to be unlocked. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the default branch. + * + * @throws Error The preference does not exist or an error occurred. + * + * @see lockPref + */ + void unlockPref(in string aPrefName); + + + /** + * Called to remove all of the preferences referenced by this branch. + * + * @param aStartingAt The point on the branch at which to start the deleting + * preferences. Pass in "" to remove all preferences + * referenced by this branch. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on both. + * + * @throws Error The preference(s) do not exist or an error occurred. + */ + void deleteBranch(in string aStartingAt); + + /** + * Returns an array of strings representing the child preferences of the + * root of this branch. + * + * @param aStartingAt The point on the branch at which to start enumerating + * the child preferences. Pass in "" to enumerate all + * preferences referenced by this branch. + * @return The array of child preferences. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on both. + * + * @throws Error The preference(s) do not exist or an error occurred. + */ + Array<ACString> getChildList(in string aStartingAt); + + /** + * Called to reset all of the preferences referenced by this branch to their + * default values. + * + * @param aStartingAt The point on the branch at which to start the resetting + * preferences to their default values. Pass in "" to + * reset all preferences referenced by this branch. + * + * @note + * This method can be called on either a default or user branch but, in + * effect, always operates on the user branch. + * + * @throws Error The preference(s) do not exist or an error occurred. + */ + void resetBranch(in string aStartingAt); + + /** + * Add a preference change observer. On preference changes, the following + * arguments will be passed to the nsIObserver.observe() method: + * aSubject - The nsIPrefBranch object (this) + * aTopic - The string defined by NS_PREFBRANCH_PREFCHANGE_TOPIC_ID + * aData - The name of the preference which has changed, relative to + * the |root| of the aSubject branch. + * + * aSubject.get*Pref(aData) will get the new value of the modified + * preference. For example, if your observer is registered with + * addObserver("bar.", ...) on a branch with root "foo.", modifying + * the preference "foo.bar.baz" will trigger the observer, and aData + * parameter will be "bar.baz". + * + * @param aDomain The preference on which to listen for changes. This can + * be the name of an entire branch to observe. + * e.g. Holding the "root" prefbranch and calling + * addObserver("foo.bar.", ...) will observe changes to + * foo.bar.baz and foo.bar.bzip + * @param aObserver The object to be notified if the preference changes. + * @param aHoldWeak true Hold a weak reference to |aObserver|. The object + * must implement the nsISupportsWeakReference + * interface or this will fail. + * false Hold a strong reference to |aObserver|. + * + * @note + * Registering as a preference observer can open an object to potential + * cyclical references which will cause memory leaks. These cycles generally + * occur because an object both registers itself as an observer (causing the + * branch to hold a reference to the observer) and holds a reference to the + * branch object for the purpose of getting/setting preference values. There + * are 3 approaches which have been implemented in an attempt to avoid these + * situations. + * 1) The nsPrefBranch object supports nsISupportsWeakReference. Any consumer + * may hold a weak reference to it instead of a strong one. + * 2) The nsPrefBranch object listens for xpcom-shutdown and frees all of the + * objects currently in its observer list. This ensures that long lived + * objects (services for example) will be freed correctly. + * 3) The observer can request to be held as a weak reference when it is + * registered. This insures that shorter lived objects (say one tied to an + * open window) will not fall into the cyclical reference trap. + * + * @note + * The list of registered observers may be changed during the dispatch of + * nsPref:changed notification. However, the observers are not guaranteed + * to be notified in any particular order, so you can't be sure whether the + * added/removed observer will be called during the notification when it + * is added/removed. + * + * @note + * It is possible to change preferences during the notification. + * + * @note + * It is not safe to change observers during this callback in Gecko + * releases before 1.9. If you want a safe way to remove a pref observer, + * please use an nsITimer. + * + * @see nsIObserver + * @see removeObserver + */ + [binaryname(AddObserverImpl)] + void addObserver(in ACString aDomain, in nsIObserver aObserver, + [optional] in boolean aHoldWeak); + + /** + * Remove a preference change observer. + * + * @param aDomain The preference which is being observed for changes. + * @param aObserver An observer previously registered with addObserver(). + * + * @note + * Note that you must call removeObserver() on the same nsIPrefBranch + * instance on which you called addObserver() in order to remove aObserver; + * otherwise, the observer will not be removed. + * + * @see nsIObserver + * @see addObserver + */ + [binaryname(RemoveObserverImpl)] + void removeObserver(in ACString aDomain, in nsIObserver aObserver); + + %{C++ + nsresult AddObserver(const nsACString& aDomain, nsIObserver* aObserver, + bool aHoldWeak = false) + { + return AddObserverImpl(aDomain, aObserver, aHoldWeak); + } + + template <int N> + nsresult AddObserver(const char (&aDomain)[N], nsIObserver* aObserver, + bool aHoldWeak = false) + { + return AddObserverImpl(nsLiteralCString(aDomain), aObserver, aHoldWeak); + } + + nsresult RemoveObserver(const nsACString& aDomain, nsIObserver* aObserver) + { + return RemoveObserverImpl(aDomain, aObserver); + } + + template <int N> + nsresult RemoveObserver(const char (&aDomain)[N], nsIObserver* aObserver) + { + return RemoveObserverImpl(nsLiteralCString(aDomain), aObserver); + } + %} +}; + + +%{C++ + +#define NS_PREFBRANCH_CONTRACTID "@mozilla.org/preferencesbranch;1" +/** + * Notification sent when a preference changes. + */ +#define NS_PREFBRANCH_PREFCHANGE_TOPIC_ID "nsPref:changed" + +%} diff --git a/modules/libpref/nsIPrefLocalizedString.idl b/modules/libpref/nsIPrefLocalizedString.idl new file mode 100644 index 0000000000..236ce7acdf --- /dev/null +++ b/modules/libpref/nsIPrefLocalizedString.idl @@ -0,0 +1,34 @@ +/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsISupportsPrimitives.idl" + +/** + * The nsIPrefLocalizedString interface is simply a wrapper interface for + * nsISupportsString so the preferences service can have a unique identifier + * to distinguish between requests for normal wide strings (nsISupportsString) + * and "localized" wide strings, which get their default values from properites + * files. + * + * @see nsIPrefBranch + * @see nsISupportsString + */ +[scriptable, builtinclass, uuid(ae419e24-1dd1-11b2-b39a-d3e5e7073802)] +interface nsIPrefLocalizedString : nsISupportsString {}; + +%{C++ + +#define NS_PREFLOCALIZEDSTRING_CID \ + { /* {064d9cee-1dd2-11b2-83e3-d25ab0193c26} */ \ + 0x064d9cee, \ + 0x1dd2, \ + 0x11b2, \ + { 0x83, 0xe3, 0xd2, 0x5a, 0xb0, 0x19, 0x3c, 0x26 } \ + } + +#define NS_PREFLOCALIZEDSTRING_CONTRACTID "@mozilla.org/pref-localizedstring;1" + +%} diff --git a/modules/libpref/nsIPrefService.idl b/modules/libpref/nsIPrefService.idl new file mode 100644 index 0000000000..5984fa30b7 --- /dev/null +++ b/modules/libpref/nsIPrefService.idl @@ -0,0 +1,206 @@ +/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +#include "nsIPrefBranch.idl" + +interface nsIFile; + +/** + * A helper function for reading access statistics for preferences. + * See nsIPrefService.readStats for more details. + */ +[function, scriptable, uuid(c3f0cedc-e244-4316-b33a-80306a1c35a1)] +interface nsIPrefStatsCallback : nsISupports +{ + void visit(in ACString prefName, in unsigned long accessCount); +}; + +[scriptable, uuid(0a2dbc02-2218-4687-b151-33d890676e00)] +interface nsIPrefObserver : nsISupports +{ + /** + * Invoked when a string preference is witnessed. kind will be "Default" or "User". + */ + void onStringPref(in string kind, in string name, in string value, in boolean isSticky, in boolean isLocked); + + /** + * Invoked when a integer preference is witnessed. kind will be "Default" or "User". + */ + void onIntPref(in string kind, in string name, in long value, in boolean isSticky, in boolean isLocked); + + /** + * Invoked when a boolean preference is witnessed. kind will be "Default" or "User". + */ + void onBoolPref(in string kind, in string name, in boolean value, in boolean isSticky, in boolean isLocked); + + /** + * Invoked when the prefs parser encounters an error. + */ + void onError(in string message); +}; + +/** + * The nsIPrefService interface is the main entry point into the back end + * preferences management library. The preference service is directly + * responsible for the management of the preferences files and also facilitates + * access to the preference branch object which allows the direct manipulation + * of the preferences themselves. + * + * @see nsIPrefBranch + */ + +[scriptable, uuid(1f84fd56-3956-40df-b86a-1ea01402ee96)] +interface nsIPrefService : nsISupports +{ + /** + * Called to completely flush and re-initialize the preferences system. + * + * @throws Error The preference service failed to restart correctly. + */ + void resetPrefs(); + + /** + * Called to write current preferences state to a file. + * + * @param aFile The file to be written. + * + * @note + * If nullptr is passed in for the aFile parameter the preference data is + * written out to the current preferences file (usually prefs.js.) + * + * @throws Error File failed to write. + * + * @see readUserPrefsFromFile + * @see nsIFile + */ + void savePrefFile(in nsIFile aFile); + + /** + * Call to get a Preferences "Branch" which accesses user preference data. + * Using a Set method on this object will always create or set a user + * preference value. When using a Get method a user set value will be + * returned if one exists, otherwise a default value will be returned. + * + * @param aPrefRoot The preference "root" on which to base this "branch". + * For example, if the root "browser.startup." is used, the + * branch will be able to easily access the preferences + * "browser.startup.page", "browser.startup.homepage", or + * "browser.startup.homepage_override" by simply requesting + * "page", "homepage", or "homepage_override". nullptr or "" + * may be used to access to the entire preference "tree". + * + * @return nsIPrefBranch The object representing the requested branch. + * + * @see getDefaultBranch + */ + nsIPrefBranch getBranch(in string aPrefRoot); + + /** + * Call to get a Preferences "Branch" which accesses only the default + * preference data. Using a Set method on this object will always create or + * set a default preference value. When using a Get method a default value + * will always be returned. + * + * @param aPrefRoot The preference "root" on which to base this "branch". + * For example, if the root "browser.startup." is used, the + * branch will be able to easily access the preferences + * "browser.startup.page", "browser.startup.homepage", or + * "browser.startup.homepage_override" by simply requesting + * "page", "homepage", or "homepage_override". nullptr or "" + * may be used to access to the entire preference "tree". + * + * @note + * Few consumers will want to create default branch objects. Many of the + * branch methods do nothing on a default branch because the operations only + * make sense when applied to user set preferences. + * + * @return nsIPrefBranch The object representing the requested default branch. + * + * @see getBranch + */ + nsIPrefBranch getDefaultBranch(in string aPrefRoot); + + /** + * The preference service is 'dirty' if there are changes to user preferences + * that have not been written to disk + */ + readonly attribute boolean dirty; + + /** + * Read in the preferences specified in a default preference file. This + * method does not clear preferences that were already set, but it may + * overwrite existing preferences. + * + * @param aFile The file to be read. + * + * @throws Error File failed to read or contained invalid data. + * @note This method is intended for internal unit testing only! + */ + void readDefaultPrefsFromFile(in nsIFile aFile); + + /** + * Like readDefaultPrefsFromFile, but for a user prefs file. + */ + void readUserPrefsFromFile(in nsIFile aFile); + + /** + * Usage statistics for performance tests. This function takes a function + * that is passed (preferenceName, accessCount) as arguments for every + * recorded preference. You can use this function to build e.g. a JS object + * holding that data. + * + * This is not implemented in non-debug builds and will throw an error. + */ + void readStats(in nsIPrefStatsCallback callback); + + /** + * Reset usage statistics for performance tests. + * + * This is not implemented in non-debug builds and will throw an error. + */ + void resetStats(); + + /** + * Parse the given bytes, invoking callbacks on the given observer. + * + * This method does not modify any preferences. + * + * @param bytes The data to parse. This data may be UTF-8 encoded, but is not + * required to be so: the prefs parser will determine the encoding + * automatically. + * @param observer The observer to invoke callbacks on. Parsing errors will + * be reported via the onError callback. + * @param pathLabel An optional string with which to label errors. + */ + void parsePrefsFromBuffer(in Array<uint8_t> bytes, + in nsIPrefObserver observer, + [optional] in string pathLabel); +}; + +%{C++ + +#define NS_PREFSERVICE_CID \ + { /* {1cd91b88-1dd2-11b2-92e1-ed22ed298000} */ \ + 0x91ca2441, \ + 0x050f, \ + 0x4f7c, \ + { 0x9d, 0xf8, 0x75, 0xb4, 0x0e, 0xa4, 0x01, 0x56 } \ + } + +#define NS_PREFSERVICE_CONTRACTID "@mozilla.org/preferences-service;1" + +/** + * Notification sent before reading the default user preferences files. + */ +#define NS_PREFSERVICE_READ_TOPIC_ID "prefservice:before-read-userprefs" + +/** + * Notification sent when after reading app-provided default + * preferences, but before user profile override defaults are loaded. + */ +#define NS_PREFSERVICE_APPDEFAULTS_TOPIC_ID "prefservice:after-app-defaults" + +%} diff --git a/modules/libpref/nsIRelativeFilePref.idl b/modules/libpref/nsIRelativeFilePref.idl new file mode 100644 index 0000000000..cc542f30a4 --- /dev/null +++ b/modules/libpref/nsIRelativeFilePref.idl @@ -0,0 +1,38 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "nsISupports.idl" +interface nsIFile; + +/** + * The nsIRelativeFilePref interface is a wrapper for an nsIFile and + * and a directory service key. When used as a pref value, it stores a + * relative path to the file from the location pointed to by the directory + * service key. The path has the same syntax across all platforms. + * + * @see nsIPrefBranch::getComplexValue + * @see nsIPrefBranch::setComplexValue + * + */ + +[scriptable, uuid(2f977d4e-5485-11d4-87e2-0010a4e75ef2)] +interface nsIRelativeFilePref : nsISupports +{ + /** + * file + * + * The file whose location is stored or retrieved. + */ + attribute nsIFile file; + + /** + * relativeToKey + * + * A directory service key for the directory + * from which the file path is relative. + */ + attribute ACString relativeToKey; + +}; diff --git a/modules/libpref/nsRelativeFilePref.h b/modules/libpref/nsRelativeFilePref.h new file mode 100644 index 0000000000..a3093c915b --- /dev/null +++ b/modules/libpref/nsRelativeFilePref.h @@ -0,0 +1,33 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_nsRelativeFilePref_h +#define mozilla_nsRelativeFilePref_h + +#include "nsCOMPtr.h" +#include "nsIFile.h" +#include "nsString.h" + +// Note: This class is in its own file because it is needed by Mailnews. + +namespace mozilla { + +class nsRelativeFilePref final : public nsIRelativeFilePref { + public: + NS_DECL_ISUPPORTS + NS_DECL_NSIRELATIVEFILEPREF + + nsRelativeFilePref(); + + private: + virtual ~nsRelativeFilePref(); + + nsCOMPtr<nsIFile> mFile; + nsCString mRelativeToKey; +}; + +} // namespace mozilla + +#endif // mozilla_nsRelativeFilePref_h diff --git a/modules/libpref/parser/Cargo.toml b/modules/libpref/parser/Cargo.toml new file mode 100644 index 0000000000..11f1309347 --- /dev/null +++ b/modules/libpref/parser/Cargo.toml @@ -0,0 +1,7 @@ +[package] +name = "prefs_parser" +version = "0.0.1" +authors = ["Nicholas Nethercote <nnethercote@mozilla.com>"] +license = "MPL-2.0" + +[dependencies] diff --git a/modules/libpref/parser/src/lib.rs b/modules/libpref/parser/src/lib.rs new file mode 100644 index 0000000000..3a0ad2c777 --- /dev/null +++ b/modules/libpref/parser/src/lib.rs @@ -0,0 +1,991 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +//! This crate implements a prefs file parser. +//! +//! Pref files have the following grammar. Note that there are slight +//! differences between the grammar for a default prefs files and a user prefs +//! file. +//! +//! ```text +//! <pref-file> = <pref>* +//! <pref> = <pref-spec> "(" <pref-name> "," <pref-value> <pref-attrs> ")" ";" +//! <pref-spec> = "user_pref" | "pref" | "sticky_pref" // in default pref files +//! <pref-spec> = "user_pref" // in user pref files +//! <pref-name> = <string-literal> +//! <pref-value> = <string-literal> | "true" | "false" | <int-value> +//! <int-value> = <sign>? <int-literal> +//! <sign> = "+" | "-" +//! <int-literal> = [0-9]+ (and cannot be followed by [A-Za-z_]) +//! <string-literal> = +//! A single or double-quoted string, with the following escape sequences +//! allowed: \", \', \\, \n, \r, \xNN, \uNNNN, where \xNN gives a raw byte +//! value that is copied directly into an 8-bit string value, and \uNNNN +//! gives a UTF-16 code unit that is converted to UTF-8 before being copied +//! into an 8-bit string value. \x00 and \u0000 are disallowed because they +//! would cause C++ code handling such strings to misbehave. +//! <pref-attrs> = ("," <pref-attr>)* // in default pref files +//! = <empty> // in user pref files +//! <pref-attr> = "sticky" | "locked" // default pref files only +//! ``` +//! +//! Comments can take three forms: +//! - `# Python-style comments` +//! - `// C++ style comments` +//! - `/* C style comments (non-nested) */` +//! +//! Non-end-of-line whitespace chars are `\t`, `\v`, `\f`, and space. +//! +//! End-of-line sequences can take three forms, each of which is considered as +//! a single EOL: +//! - `\n` +//! - `\r` (without subsequent `\n`) +//! - `\r\n` +//! +//! The valid range for `<int-value>` is -2,147,483,648..2,147,483,647. Values +//! outside that range will result in a parse error. +//! +//! A `\0` char is interpreted as the end of the file. The use of this character +//! in a prefs file is not recommended. Within string literals `\x00` or +//! `\u0000` can be used instead. +//! +//! The parser performs error recovery. On a syntax error, it will scan forward +//! to the next `;` token and then continue parsing. If the syntax error occurs +//! in the middle of a token, it will first finish obtaining the current token +//! in an appropriate fashion. + +// This parser uses several important optimizations. +// +// - Because "`\0` means EOF" is part of the grammar (see above), EOF is +// representable by a u8. If EOF was represented by an out-of-band value such +// as -1 or 256, we'd have to return a larger type such as `u16` or `i16` +// from `get_char()`. +// +// - When starting a new token, it uses a lookup table with the first char, +// which quickly identifies what kind of token it will be. Furthermore, if +// that token is an unambiguous single-char token (e.g. `(`, `)`, `+`, `,`, +// `-`, `;`), the parser will return the appropriate token kind value at +// minimal cost because the single-char tokens have a uniform representation. +// +// - It has a lookup table that identifies chars in string literals that need +// special handling. This means non-special chars (the common case) can be +// handled with a single test, rather than testing for the multiple special +// cases. +// +// - It pre-scans string literals for special chars. If none are present, it +// bulk copies the string literal into a Vec, which is faster than doing a +// char-by-char copy. +// +// - It reuses Vecs to avoid creating a new one for each string literal. + +use std::os::raw::{c_char, c_uchar}; + +//--------------------------------------------------------------------------- +// The public interface +//--------------------------------------------------------------------------- + +/// Keep this in sync with PrefType in Preferences.cpp. +#[derive(Clone, Copy, Debug, PartialEq)] +#[repr(u8)] +pub enum PrefType { + None, + String, + Int, + Bool, +} + +/// Keep this in sync with PrefValueKind in Preferences.h. +#[derive(Clone, Copy, Debug, PartialEq)] +#[repr(u8)] +pub enum PrefValueKind { + Default, + User, +} + +/// Keep this in sync with PrefValue in Preferences.cpp. +#[repr(C)] +pub union PrefValue { + pub string_val: *const c_char, + pub int_val: i32, + pub bool_val: bool, +} + +/// Keep this in sync with PrefsParserPrefFn in Preferences.cpp. +type PrefFn = unsafe extern "C" fn( + pref_name: *const c_char, + pref_type: PrefType, + pref_value_kind: PrefValueKind, + pref_value: PrefValue, + is_sticky: bool, + is_locked: bool, +); + +/// Keep this in sync with PrefsParserErrorFn in Preferences.cpp. +type ErrorFn = unsafe extern "C" fn(msg: *const c_char); + +/// Parse the contents of a prefs file. +/// +/// `buf` is a null-terminated string. `len` is its length, excluding the +/// null terminator. +/// +/// `pref_fn` is called once for each successfully parsed pref. +/// +/// `error_fn` is called once for each parse error detected. +/// +/// Keep this in sync with the prefs_parser_parse() declaration in +/// Preferences.cpp. +#[no_mangle] +pub unsafe extern "C" fn prefs_parser_parse( + path: *const c_char, + kind: PrefValueKind, + buf: *const c_char, + len: usize, + pref_fn: PrefFn, + error_fn: ErrorFn, +) -> bool { + let path = std::ffi::CStr::from_ptr(path) + .to_string_lossy() + .into_owned(); + + // Make sure `buf` ends in a '\0', and include that in the length, because + // it represents EOF. + let buf = std::slice::from_raw_parts(buf as *const c_uchar, len + 1); + assert!(buf.last() == Some(&EOF)); + + let mut parser = Parser::new(&path, kind, &buf, pref_fn, error_fn); + parser.parse() +} + +//--------------------------------------------------------------------------- +// The implementation +//--------------------------------------------------------------------------- + +#[derive(Clone, Copy, Debug, PartialEq)] +enum Token { + // Unambiguous single-char tokens. + SingleChar(u8), + + // Keywords + Pref, // pref + StickyPref, // sticky_pref + UserPref, // user_pref + True, // true + False, // false + Sticky, // sticky + Locked, // locked + + // String literal, e.g. '"string"'. The value is stored elsewhere. + String, + + // Unsigned integer literal, e.g. '123'. Although libpref uses i32 values, + // any '-' and '+' before an integer literal are treated as separate + // tokens, so these token values are always positive. Furthermore, we + // tokenize int literals as u32 so that 2147483648 (which doesn't fit into + // an i32) can be subsequently negated to -2147483648 (which does fit into + // an i32) if a '-' token precedes it. + Int(u32), + + // Malformed token. + Error(&'static str), + + // Malformed token at a particular line number. For use when + // Parser::line_num might not be the right line number when the error is + // reported. E.g. if a multi-line string has a bad escape sequence on the + // first line, we don't report the error until the string's end has been + // reached. + ErrorAtLine(&'static str, u32), +} + +// We categorize every char by what action should be taken when it appears at +// the start of a new token. +#[derive(Clone, Copy, PartialEq)] +enum CharKind { + // These are ordered by frequency. See the comment in GetToken(). + SingleChar, // Unambiguous single-char tokens: [()+,-] or EOF + SpaceNL, // [\t\v\f \n] + Keyword, // [A-Za-z_] + Quote, // ["'] + Slash, // / + Digit, // [0-9] + Hash, // # + CR, // \r + Other, // Everything else; invalid except within strings and comments. +} + +const C_SINGL: CharKind = CharKind::SingleChar; +const C_SPCNL: CharKind = CharKind::SpaceNL; +const C_KEYWD: CharKind = CharKind::Keyword; +const C_QUOTE: CharKind = CharKind::Quote; +const C_SLASH: CharKind = CharKind::Slash; +const C_DIGIT: CharKind = CharKind::Digit; +const C_HASH_: CharKind = CharKind::Hash; +const C_CR___: CharKind = CharKind::CR; +const C______: CharKind = CharKind::Other; + +#[rustfmt::skip] +const CHAR_KINDS: [CharKind; 256] = [ +/* 0 1 2 3 4 5 6 7 8 9 */ +/* 0+ */ C_SINGL, C______, C______, C______, C______, C______, C______, C______, C______, C_SPCNL, +/* 10+ */ C_SPCNL, C_SPCNL, C_SPCNL, C_CR___, C______, C______, C______, C______, C______, C______, +/* 20+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 30+ */ C______, C______, C_SPCNL, C______, C_QUOTE, C_HASH_, C______, C______, C______, C_QUOTE, +/* 40+ */ C_SINGL, C_SINGL, C______, C_SINGL, C_SINGL, C_SINGL, C______, C_SLASH, C_DIGIT, C_DIGIT, +/* 50+ */ C_DIGIT, C_DIGIT, C_DIGIT, C_DIGIT, C_DIGIT, C_DIGIT, C_DIGIT, C_DIGIT, C______, C_SINGL, +/* 60+ */ C______, C______, C______, C______, C______, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, +/* 70+ */ C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, +/* 80+ */ C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, +/* 90+ */ C_KEYWD, C______, C______, C______, C______, C_KEYWD, C______, C_KEYWD, C_KEYWD, C_KEYWD, +/* 100+ */ C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, +/* 110+ */ C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, C_KEYWD, +/* 120+ */ C_KEYWD, C_KEYWD, C_KEYWD, C______, C______, C______, C______, C______, C______, C______, +/* 130+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 140+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 150+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 160+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 170+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 180+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 190+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 200+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 210+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 220+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 230+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 240+ */ C______, C______, C______, C______, C______, C______, C______, C______, C______, C______, +/* 250+ */ C______, C______, C______, C______, C______, C______ +]; + +const _______: bool = false; +#[rustfmt::skip] +const SPECIAL_STRING_CHARS: [bool; 256] = [ +/* 0 1 2 3 4 5 6 7 8 9 */ +/* 0+ */ true, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 10+ */ true, _______, _______, true, _______, _______, _______, _______, _______, _______, +/* 20+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 30+ */ _______, _______, _______, _______, true, _______, _______, _______, _______, true, +/* 40+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 50+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 60+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 70+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 80+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 90+ */ _______, _______, true, _______, _______, _______, _______, _______, _______, _______, +/* 100+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 110+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 120+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 130+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 140+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 150+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 160+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 170+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 180+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 190+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 200+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 210+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 220+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 230+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 240+ */ _______, _______, _______, _______, _______, _______, _______, _______, _______, _______, +/* 250+ */ _______, _______, _______, _______, _______, _______ +]; + +struct KeywordInfo { + string: &'static [u8], + token: Token, +} + +const KEYWORD_INFOS: [KeywordInfo; 7] = [ + // These are ordered by frequency. + KeywordInfo { + string: b"pref", + token: Token::Pref, + }, + KeywordInfo { + string: b"true", + token: Token::True, + }, + KeywordInfo { + string: b"false", + token: Token::False, + }, + KeywordInfo { + string: b"user_pref", + token: Token::UserPref, + }, + KeywordInfo { + string: b"sticky", + token: Token::Sticky, + }, + KeywordInfo { + string: b"locked", + token: Token::Locked, + }, + KeywordInfo { + string: b"sticky_pref", + token: Token::StickyPref, + }, +]; + +struct Parser<'t> { + path: &'t str, // Path to the file being parsed. Used in error messages. + kind: PrefValueKind, // Default prefs file or user prefs file? + buf: &'t [u8], // Text being parsed. + i: usize, // Index of next char to be read. + line_num: u32, // Current line number within the text. + pref_fn: PrefFn, // Callback for processing each pref. + error_fn: ErrorFn, // Callback for parse errors. + has_errors: bool, // Have we encountered errors? +} + +// As described above, we use 0 to represent EOF. +const EOF: u8 = b'\0'; + +impl<'t> Parser<'t> { + fn new( + path: &'t str, + kind: PrefValueKind, + buf: &'t [u8], + pref_fn: PrefFn, + error_fn: ErrorFn, + ) -> Parser<'t> { + // Make sure these tables take up 1 byte per entry. + assert!(std::mem::size_of_val(&CHAR_KINDS) == 256); + assert!(std::mem::size_of_val(&SPECIAL_STRING_CHARS) == 256); + + Parser { + path: path, + kind: kind, + buf: buf, + i: 0, + line_num: 1, + pref_fn: pref_fn, + error_fn: error_fn, + has_errors: false, + } + } + + fn parse(&mut self) -> bool { + // These are reused, because allocating a new Vec for every string is slow. + let mut name_str = Vec::with_capacity(128); // For pref names. + let mut value_str = Vec::with_capacity(512); // For string pref values. + let mut none_str = Vec::with_capacity(0); // For tokens that shouldn't be strings. + + let mut token = self.get_token(&mut none_str); + + // At the top of the loop we already have a token. In a valid input + // this will be either the first token of a new pref, or EOF. + loop { + // <pref-spec> + let (pref_value_kind, mut is_sticky) = match token { + Token::Pref if self.kind == PrefValueKind::Default => { + (PrefValueKind::Default, false) + } + Token::StickyPref if self.kind == PrefValueKind::Default => { + (PrefValueKind::Default, true) + } + Token::UserPref => (PrefValueKind::User, false), + Token::SingleChar(EOF) => return !self.has_errors, + _ => { + token = self.error_and_recover( + token, + if self.kind == PrefValueKind::Default { + "expected pref specifier at start of pref definition" + } else { + "expected 'user_pref' at start of pref definition" + }, + ); + continue; + } + }; + + // "(" + token = self.get_token(&mut none_str); + if token != Token::SingleChar(b'(') { + token = self.error_and_recover(token, "expected '(' after pref specifier"); + continue; + } + + // <pref-name> + token = self.get_token(&mut name_str); + let pref_name = if token == Token::String { + &name_str + } else { + token = self.error_and_recover(token, "expected pref name after '('"); + continue; + }; + + // "," + token = self.get_token(&mut none_str); + if token != Token::SingleChar(b',') { + token = self.error_and_recover(token, "expected ',' after pref name"); + continue; + } + + // <pref-value> + token = self.get_token(&mut value_str); + let (pref_type, pref_value) = match token { + Token::True => (PrefType::Bool, PrefValue { bool_val: true }), + Token::False => (PrefType::Bool, PrefValue { bool_val: false }), + Token::String => ( + PrefType::String, + PrefValue { + string_val: value_str.as_ptr() as *const c_char, + }, + ), + Token::Int(u) => { + // Accept u <= 2147483647; anything larger will overflow i32. + if u <= std::i32::MAX as u32 { + (PrefType::Int, PrefValue { int_val: u as i32 }) + } else { + token = + self.error_and_recover(Token::Error("integer literal overflowed"), ""); + continue; + } + } + Token::SingleChar(b'-') => { + token = self.get_token(&mut none_str); + if let Token::Int(u) = token { + // Accept u <= 2147483648; anything larger will overflow i32 once negated. + if u <= std::i32::MAX as u32 { + ( + PrefType::Int, + PrefValue { + int_val: -(u as i32), + }, + ) + } else if u == std::i32::MAX as u32 + 1 { + ( + PrefType::Int, + PrefValue { + int_val: std::i32::MIN, + }, + ) + } else { + token = self + .error_and_recover(Token::Error("integer literal overflowed"), ""); + continue; + } + } else { + token = self.error_and_recover(token, "expected integer literal after '-'"); + continue; + } + } + Token::SingleChar(b'+') => { + token = self.get_token(&mut none_str); + if let Token::Int(u) = token { + // Accept u <= 2147483647; anything larger will overflow i32. + if u <= std::i32::MAX as u32 { + (PrefType::Int, PrefValue { int_val: u as i32 }) + } else { + token = self + .error_and_recover(Token::Error("integer literal overflowed"), ""); + continue; + } + } else { + token = self.error_and_recover(token, "expected integer literal after '+'"); + continue; + } + } + _ => { + token = self.error_and_recover(token, "expected pref value after ','"); + continue; + } + }; + + // ("," <pref-attr>)* // default pref files only + let mut is_locked = false; + let mut has_attrs = false; + if self.kind == PrefValueKind::Default { + let ok = loop { + // "," + token = self.get_token(&mut none_str); + if token != Token::SingleChar(b',') { + break true; + } + + // <pref-attr> + token = self.get_token(&mut none_str); + match token { + Token::Sticky => is_sticky = true, + Token::Locked => is_locked = true, + _ => { + token = + self.error_and_recover(token, "expected pref attribute after ','"); + break false; + } + } + has_attrs = true; + }; + if !ok { + continue; + } + } else { + token = self.get_token(&mut none_str); + } + + // ")" + if token != Token::SingleChar(b')') { + let expected_msg = if self.kind == PrefValueKind::Default { + if has_attrs { + "expected ',' or ')' after pref attribute" + } else { + "expected ',' or ')' after pref value" + } + } else { + "expected ')' after pref value" + }; + token = self.error_and_recover(token, expected_msg); + continue; + } + + // ";" + token = self.get_token(&mut none_str); + if token != Token::SingleChar(b';') { + token = self.error_and_recover(token, "expected ';' after ')'"); + continue; + } + + unsafe { + (self.pref_fn)( + pref_name.as_ptr() as *const c_char, + pref_type, + pref_value_kind, + pref_value, + is_sticky, + is_locked, + ) + }; + + token = self.get_token(&mut none_str); + } + } + + fn error_and_recover(&mut self, token: Token, msg: &str) -> Token { + self.has_errors = true; + + // If `token` is a Token::{Error,ErrorAtLine}, it's a lexing error and + // the error message is within `token`. Otherwise, it's a parsing error + // and the error message is in `msg`. + let (msg, line_num) = match token { + Token::Error(token_msg) => (token_msg, self.line_num), + Token::ErrorAtLine(token_msg, line_num) => (token_msg, line_num), + _ => (msg, self.line_num), + }; + let msg = format!("{}:{}: prefs parse error: {}", self.path, line_num, msg); + let msg = std::ffi::CString::new(msg).unwrap(); + unsafe { (self.error_fn)(msg.as_ptr() as *const c_char) }; + + // "Panic-mode" recovery: consume tokens until one of the following + // occurs. + // - We hit a semicolon, whereupon we return the following token. + // - We hit EOF, whereupon we return EOF. + // + // For this to work, if the lexing functions hit EOF in an error case + // they must unget it so we can safely reget it here. + // + // If the starting token (passed in above) is EOF we must not get + // another token otherwise we will read past the end of `self.buf`. + let mut dummy_str = Vec::with_capacity(128); + let mut token = token; + loop { + match token { + Token::SingleChar(b';') => return self.get_token(&mut dummy_str), + Token::SingleChar(EOF) => return token, + _ => {} + } + token = self.get_token(&mut dummy_str); + } + } + + #[inline(always)] + fn get_char(&mut self) -> u8 { + // We do the bounds check ourselves so we can return EOF on failure. + // (Although the buffer is guaranteed to end in an EOF char, we might + // go one char past that, whereupon we must return EOF again.) + if self.i < self.buf.len() { + let c = unsafe { *self.buf.get_unchecked(self.i) }; + self.i += 1; + c + } else { + debug_assert!(self.i == self.buf.len()); + EOF + } + } + + // This function skips the bounds check in optimized builds. Using it at + // the hottest two call sites gives a ~15% parsing speed boost. + #[inline(always)] + unsafe fn get_char_unchecked(&mut self) -> u8 { + debug_assert!(self.i < self.buf.len()); + let c = *self.buf.get_unchecked(self.i); + self.i += 1; + c + } + + #[inline(always)] + fn unget_char(&mut self) { + debug_assert!(self.i > 0); + self.i -= 1; + } + + #[inline(always)] + fn match_char(&mut self, c: u8) -> bool { + if self.buf[self.i] == c { + self.i += 1; + return true; + } + false + } + + #[inline(always)] + fn match_single_line_comment(&mut self) { + loop { + // To reach here, the previous char must have been '/' (if this is + // the first loop iteration) or non-special (if this is the second + // or subsequent iteration), and assertions elsewhere ensure that + // there must be at least one subsequent char after those chars + // (the '\0' for EOF). + let c = unsafe { self.get_char_unchecked() }; + + // All the special chars have value <= b'\r'. + if c > b'\r' { + continue; + } + match c { + b'\n' => { + self.line_num += 1; + break; + } + b'\r' => { + self.line_num += 1; + self.match_char(b'\n'); + break; + } + EOF => { + break; + } + _ => continue, + } + } + } + + // Returns false if we hit EOF without closing the comment. + fn match_multi_line_comment(&mut self) -> bool { + loop { + match self.get_char() { + b'*' => { + if self.match_char(b'/') { + return true; + } + } + b'\n' => { + self.line_num += 1; + } + b'\r' => { + self.line_num += 1; + self.match_char(b'\n'); + } + EOF => return false, + _ => continue, + } + } + } + + fn match_hex_digits(&mut self, ndigits: i32) -> Option<u16> { + debug_assert!(ndigits == 2 || ndigits == 4); + let mut value: u16 = 0; + for _ in 0..ndigits { + value = value << 4; + match self.get_char() { + c @ b'0'..=b'9' => value += (c - b'0') as u16, + c @ b'A'..=b'F' => value += (c - b'A') as u16 + 10, + c @ b'a'..=b'f' => value += (c - b'a') as u16 + 10, + _ => { + self.unget_char(); + return None; + } + } + } + Some(value) + } + + #[inline(always)] + fn char_kind(c: u8) -> CharKind { + // Use get_unchecked() because a u8 index cannot exceed this table's + // bounds. + unsafe { *CHAR_KINDS.get_unchecked(c as usize) } + } + + #[inline(always)] + fn is_special_string_char(c: u8) -> bool { + // Use get_unchecked() because a u8 index cannot exceed this table's + // bounds. + unsafe { *SPECIAL_STRING_CHARS.get_unchecked(c as usize) } + } + + // If the obtained Token has a value, it is put within the Token, unless + // it's a string, in which case it's put in `str_buf`. This avoids + // allocating a new Vec for every string, which is slow. + fn get_token(&mut self, str_buf: &mut Vec<u8>) -> Token { + loop { + // Note: the following tests are ordered by frequency when parsing + // greprefs.js: + // - SingleChar 36.7% + // - SpaceNL 27.7% (14.9% for spaces, 12.8% for NL) + // - Keyword 13.4% + // - Quote 11.4% + // - Slash 8.1% + // - Digit 2.7% + // - Hash, CR, Other 0.0% + + let c = self.get_char(); + match Parser::char_kind(c) { + CharKind::SingleChar => { + return Token::SingleChar(c); + } + CharKind::SpaceNL => { + // It's slightly faster to combine the handling of the + // space chars with NL than to handle them separately; we + // have an extra test for this case, but one fewer test for + // all the subsequent CharKinds. + if c == b'\n' { + self.line_num += 1; + } + continue; + } + CharKind::Keyword => { + let start = self.i - 1; + loop { + let c = self.get_char(); + if Parser::char_kind(c) != CharKind::Keyword { + self.unget_char(); + break; + } + } + for info in KEYWORD_INFOS.iter() { + if &self.buf[start..self.i] == info.string { + return info.token; + } + } + return Token::Error("unknown keyword"); + } + CharKind::Quote => { + return self.get_string_token(c, str_buf); + } + CharKind::Slash => { + match self.get_char() { + b'/' => { + self.match_single_line_comment(); + } + b'*' => { + if !self.match_multi_line_comment() { + return Token::Error("unterminated /* comment"); + } + } + c @ _ => { + if c == b'\n' || c == b'\r' { + // Unget the newline char; the outer loop will + // reget it and adjust self.line_num + // appropriately. + self.unget_char(); + } + return Token::Error("expected '/' or '*' after '/'"); + } + } + continue; + } + CharKind::Digit => { + let mut value = Some((c - b'0') as u32); + loop { + let c = self.get_char(); + match Parser::char_kind(c) { + CharKind::Digit => { + fn add_digit(value: Option<u32>, c: u8) -> Option<u32> { + value?.checked_mul(10)?.checked_add((c - b'0') as u32) + } + value = add_digit(value, c); + } + CharKind::Keyword => { + // Reject things like "123foo". Error recovery + // will retokenize from "foo" onward. + self.unget_char(); + return Token::Error("unexpected character in integer literal"); + } + _ => { + self.unget_char(); + break; + } + } + } + return match value { + Some(v) => Token::Int(v), + None => Token::Error("integer literal overflowed"), + }; + } + CharKind::Hash => { + self.match_single_line_comment(); + continue; + } + CharKind::CR => { + self.match_char(b'\n'); + self.line_num += 1; + continue; + } + // Error recovery will retokenize from the next character. + _ => return Token::Error("unexpected character"), + } + } + } + + fn string_error_token(&self, token: &mut Token, msg: &'static str) { + // We only want to capture the first tokenization error within a string. + if *token == Token::String { + *token = Token::ErrorAtLine(msg, self.line_num); + } + } + + // Always inline this because it has a single call site. + #[inline(always)] + fn get_string_token(&mut self, quote_char: u8, str_buf: &mut Vec<u8>) -> Token { + // First scan through the string to see if it contains any chars that + // need special handling. + let start = self.i; + let has_special_chars = loop { + // To reach here, the previous char must have been a quote + // (quote_char), and assertions elsewhere ensure that there must be + // at least one subsequent char (the '\0' for EOF). + let c = unsafe { self.get_char_unchecked() }; + if Parser::is_special_string_char(c) { + break c != quote_char; + } + }; + + // Clear str_buf's contents without changing its capacity. + str_buf.clear(); + + // If there are no special chars (the common case), we can bulk copy it + // to str_buf. This is a lot faster than the char-by-char loop below. + if !has_special_chars { + str_buf.extend(&self.buf[start..self.i - 1]); + str_buf.push(b'\0'); + return Token::String; + } + + // There were special chars. Re-scan the string, filling in str_buf one + // char at a time. + // + // On error, we change `token` to an error token and then keep going to + // the end of the string literal. `str_buf` won't be used in that case. + self.i = start; + let mut token = Token::String; + + loop { + let c = self.get_char(); + let c2 = if !Parser::is_special_string_char(c) { + c + } else if c == quote_char { + break; + } else if c == b'\\' { + match self.get_char() { + b'\"' => b'\"', + b'\'' => b'\'', + b'\\' => b'\\', + b'n' => b'\n', + b'r' => b'\r', + b'x' => { + if let Some(value) = self.match_hex_digits(2) { + debug_assert!(value <= 0xff); + if value != 0 { + value as u8 + } else { + self.string_error_token(&mut token, "\\x00 is not allowed"); + continue; + } + } else { + self.string_error_token(&mut token, "malformed \\x escape sequence"); + continue; + } + } + b'u' => { + if let Some(value) = self.match_hex_digits(4) { + let mut utf16 = vec![value]; + if 0xd800 == (0xfc00 & value) { + // High surrogate value. Look for the low surrogate value. + if self.match_char(b'\\') && self.match_char(b'u') { + if let Some(lo) = self.match_hex_digits(4) { + if 0xdc00 == (0xfc00 & lo) { + // Found a valid low surrogate. + utf16.push(lo); + } else { + self.string_error_token( + &mut token, + "invalid low surrogate after high surrogate", + ); + continue; + } + } + } + if utf16.len() != 2 { + self.string_error_token( + &mut token, + "expected low surrogate after high surrogate", + ); + continue; + } + } else if 0xdc00 == (0xfc00 & value) { + // Unaccompanied low surrogate value. + self.string_error_token( + &mut token, + "expected high surrogate before low surrogate", + ); + continue; + } else if value == 0 { + self.string_error_token(&mut token, "\\u0000 is not allowed"); + continue; + } + + // Insert the UTF-16 sequence as UTF-8. + let utf8 = String::from_utf16(&utf16).unwrap(); + str_buf.extend(utf8.as_bytes()); + } else { + self.string_error_token(&mut token, "malformed \\u escape sequence"); + continue; + } + continue; // We don't want to str_buf.push(c2) below. + } + c @ _ => { + if c == b'\n' || c == b'\r' { + // Unget the newline char; the outer loop will + // reget it and adjust self.line_num appropriately. + self.unget_char(); + } + self.string_error_token( + &mut token, + "unexpected escape sequence character after '\\'", + ); + continue; + } + } + } else if c == b'\n' { + self.line_num += 1; + c + } else if c == b'\r' { + self.line_num += 1; + if self.match_char(b'\n') { + str_buf.push(b'\r'); + b'\n' + } else { + c + } + } else if c == EOF { + self.string_error_token(&mut token, "unterminated string literal"); + break; + } else { + // This case is only hit for the non-closing quote char. + debug_assert!((c == b'\'' || c == b'\"') && c != quote_char); + c + }; + str_buf.push(c2); + } + str_buf.push(b'\0'); + + token + } +} diff --git a/modules/libpref/test/browser/browser.ini b/modules/libpref/test/browser/browser.ini new file mode 100644 index 0000000000..f657000718 --- /dev/null +++ b/modules/libpref/test/browser/browser.ini @@ -0,0 +1,9 @@ +[DEFAULT] + +support-files = + file_access_sanitized_pref.html + +[browser_sanitization_events.js] +skip-if = ccov + tsan + (os == 'linux' && asan) diff --git a/modules/libpref/test/browser/browser_sanitization_events.js b/modules/libpref/test/browser/browser_sanitization_events.js new file mode 100644 index 0000000000..f71bd04879 --- /dev/null +++ b/modules/libpref/test/browser/browser_sanitization_events.js @@ -0,0 +1,89 @@ +"use strict"; + +const { TelemetryTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/TelemetryTestUtils.sys.mjs" +); + +// eslint-disable-next-line +const ROOT = getRootDirectory(gTestPath).replace( + "chrome://mochitests/content", + "https://example.com" +); +const PAGE_URL = ROOT + "file_access_sanitized_pref.html"; + +async function waitForEventCount( + count, + process = "content", + category = "security", + method = "prefUsage" +) { + // eslint-disable-next-line mozilla/no-arbitrary-setTimeout + await new Promise(resolve => setTimeout(resolve, 100)); + let returned_events = await TestUtils.waitForCondition(() => { + let events = Services.telemetry.snapshotEvents( + Ci.nsITelemetry.DATASET_PRERELEASE_CHANNELS, + false + )[process]; + + if (!events) { + return null; + } + + events = events.filter(e => e[1] == category && e[2] == method); + dump(`Waiting for ${count} events, got ${events.length}\n`); + return events.length >= count ? events : null; + }, "waiting for telemetry event count of: " + count); + return returned_events; +} + +add_task(async function sanitized_pref_test() { + await SpecialPowers.pushPrefEnv({ + set: [ + ["fission.omitBlocklistedPrefsInSubprocesses", true], + ["fission.enforceBlocklistedPrefsInSubprocesses", false], + ], + }); + + Services.telemetry.setEventRecordingEnabled("security", true); + Services.telemetry.clearEvents(); + + TelemetryTestUtils.assertNumberOfEvents(0, { process: "content" }); + + await BrowserTestUtils.withNewTab( + { gBrowser, url: PAGE_URL }, + async function (browser) {} + ); + + // Needed because otherwise we advance too quickly + await waitForEventCount(1); + + let events = TelemetryTestUtils.getEvents( + { category: "security", method: "prefUsage", object: "contentProcess" }, + { process: "content" } + ); + + let count = 0, + foundIt = false; + for (let i = 0; i < events.length; i++) { + if (events[i].value == "extensions.webextensions.uuids") { + foundIt = true; + count++; + } + } + + // We may have more than one event entries because we take two paths in the preference code + // in this access pattern, but in other patterns we may only take one of those + // paths, so we happen to count it twice this way. No big deal. Sometimes we even have 4 + // or 6 based on timing + dump( + `We found ${events.length} events, ${count} of which were 'extensions.webextensions.uuids'.` + ); + + // eslint-disable-next-line + Assert.ok( + foundIt, + "We did not find an event for 'extensions.webextensions.uuids'" + ); + + await SpecialPowers.popPrefEnv(); +}); diff --git a/modules/libpref/test/browser/file_access_sanitized_pref.html b/modules/libpref/test/browser/file_access_sanitized_pref.html new file mode 100644 index 0000000000..ae21abb2ad --- /dev/null +++ b/modules/libpref/test/browser/file_access_sanitized_pref.html @@ -0,0 +1,10 @@ + + +<!DOCTYPE HTML> +<html> +<body> + <script> + SpecialPowers.getCharPref("extensions.webextensions.uuids", "<na>"); + </script> +</body> +</html> diff --git a/modules/libpref/test/gtest/Basics.cpp b/modules/libpref/test/gtest/Basics.cpp new file mode 100644 index 0000000000..1bf8561a0d --- /dev/null +++ b/modules/libpref/test/gtest/Basics.cpp @@ -0,0 +1,58 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "mozilla/Preferences.h" + +using namespace mozilla; + +TEST(PrefsBasics, Errors) +{ + Preferences::SetBool("foo.bool", true, PrefValueKind::Default); + Preferences::SetBool("foo.bool", false, PrefValueKind::User); + ASSERT_EQ(Preferences::GetBool("foo.bool", false, PrefValueKind::Default), + true); + ASSERT_EQ(Preferences::GetBool("foo.bool", true, PrefValueKind::User), false); + + Preferences::SetInt("foo.int", -66, PrefValueKind::Default); + Preferences::SetInt("foo.int", -77, PrefValueKind::User); + ASSERT_EQ(Preferences::GetInt("foo.int", 1, PrefValueKind::Default), -66); + ASSERT_EQ(Preferences::GetInt("foo.int", 1, PrefValueKind::User), -77); + + Preferences::SetUint("foo.uint", 88, PrefValueKind::Default); + Preferences::SetUint("foo.uint", 99, PrefValueKind::User); + ASSERT_EQ(Preferences::GetUint("foo.uint", 1, PrefValueKind::Default), 88U); + ASSERT_EQ(Preferences::GetUint("foo.uint", 1, PrefValueKind::User), 99U); + + Preferences::SetFloat("foo.float", 3.33f, PrefValueKind::Default); + Preferences::SetFloat("foo.float", 4.44f, PrefValueKind::User); + ASSERT_FLOAT_EQ( + Preferences::GetFloat("foo.float", 1.0f, PrefValueKind::Default), 3.33f); + ASSERT_FLOAT_EQ(Preferences::GetFloat("foo.float", 1.0f, PrefValueKind::User), + 4.44f); +} + +TEST(PrefsBasics, Serialize) +{ + // Ensure that at least this one preference exists + Preferences::SetBool("foo.bool", true, PrefValueKind::Default); + ASSERT_EQ(Preferences::GetBool("foo.bool", false, PrefValueKind::Default), + true); + + nsCString str; + Preferences::SerializePreferences(str, true); + fprintf(stderr, "%s\n", str.Data()); + // Assert that some prefs were not sanitized + ASSERT_NE(nullptr, strstr(str.Data(), "B--:")); + ASSERT_NE(nullptr, strstr(str.Data(), "I--:")); + ASSERT_NE(nullptr, strstr(str.Data(), "S--:")); + // Assert that something was sanitized + ASSERT_NE( + nullptr, + strstr( + str.Data(), + "I-S:56/datareporting.policy.dataSubmissionPolicyAcceptedVersion")); +} diff --git a/modules/libpref/test/gtest/Parser.cpp b/modules/libpref/test/gtest/Parser.cpp new file mode 100644 index 0000000000..972d32cfca --- /dev/null +++ b/modules/libpref/test/gtest/Parser.cpp @@ -0,0 +1,496 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "gtest/gtest.h" +#include "mozilla/ArrayUtils.h" +#include "Preferences.h" + +using namespace mozilla; + +// Keep this in sync with the declaration in Preferences.cpp. +// +// It's declared here to avoid polluting Preferences.h with test-only stuff. +void TestParseError(PrefValueKind aKind, const char* aText, + nsCString& aErrorMsg); + +TEST(PrefsParser, Errors) +{ + nsAutoCStringN<128> actualErrorMsg; + +// Use a macro rather than a function so that the line number reported by +// gtest on failure is useful. +#define P(kind_, text_, expectedErrorMsg_) \ + do { \ + TestParseError(kind_, text_, actualErrorMsg); \ + ASSERT_STREQ(expectedErrorMsg_, actualErrorMsg.get()); \ + } while (0) + +#define DEFAULT(text_, expectedErrorMsg_) \ + P(PrefValueKind::Default, text_, expectedErrorMsg_) + +#define USER(text_, expectedErrorMsg_) \ + P(PrefValueKind::User, text_, expectedErrorMsg_) + + // clang-format off + + //------------------------------------------------------------------------- + // Valid syntax. (Other testing of more typical valid syntax and semantics is + // done in modules/libpref/test/unit/test_parser.js.) + //------------------------------------------------------------------------- + + // Normal prefs. + DEFAULT(R"( +pref("bool", true); +sticky_pref("int", 123); +user_pref("string", "value"); + )", + "" + ); + + // Totally empty input. + DEFAULT("", ""); + + // Whitespace-only input. + DEFAULT(R"( + + )" "\v \t \v \f", + "" + ); + + // Comment-only inputs. + DEFAULT(R"(// blah)", ""); + DEFAULT(R"(# blah)", ""); + DEFAULT(R"(/* blah */)", ""); + + //------------------------------------------------------------------------- + // All the lexing errors. (To be pedantic, some of the integer literal + // overflows are triggered in the parser, but put them all here so they're all + // in the one spot.) + //------------------------------------------------------------------------- + + // Integer overflow errors. + DEFAULT(R"( +pref("int.ok", 2147483647); +pref("int.overflow", 2147483648); +pref("int.ok", +2147483647); +pref("int.overflow", +2147483648); +pref("int.ok", -2147483648); +pref("int.overflow", -2147483649); +pref("int.overflow", 4294967296); +pref("int.overflow", +4294967296); +pref("int.overflow", -4294967296); +pref("int.overflow", 4294967297); +pref("int.overflow", 1234567890987654321); + )", + "test:3: prefs parse error: integer literal overflowed\n" + "test:5: prefs parse error: integer literal overflowed\n" + "test:7: prefs parse error: integer literal overflowed\n" + "test:8: prefs parse error: integer literal overflowed\n" + "test:9: prefs parse error: integer literal overflowed\n" + "test:10: prefs parse error: integer literal overflowed\n" + "test:11: prefs parse error: integer literal overflowed\n" + "test:12: prefs parse error: integer literal overflowed\n" + ); + + // Other integer errors. + DEFAULT(R"( +pref("int.unexpected", 100foo); +pref("int.ok", 0); + )", + "test:2: prefs parse error: unexpected character in integer literal\n" + ); + + // \x00 is not allowed. + DEFAULT(R"( +pref("string.bad-x-escape", "foo\x00bar"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: \\x00 is not allowed\n" + ); + + // Various bad things after \x: end of string, punctuation, space, newline, + // EOF. + DEFAULT(R"( +pref("string.bad-x-escape", "foo\x"); +pref("string.bad-x-escape", "foo\x,bar"); +pref("string.bad-x-escape", "foo\x 12"); +pref("string.bad-x-escape", "foo\x +12"); +pref("string.bad-x-escape", "foo\x)", + "test:2: prefs parse error: malformed \\x escape sequence\n" + "test:3: prefs parse error: malformed \\x escape sequence\n" + "test:4: prefs parse error: malformed \\x escape sequence\n" + "test:5: prefs parse error: malformed \\x escape sequence\n" + "test:7: prefs parse error: malformed \\x escape sequence\n" + ); + + // Not enough hex digits. + DEFAULT(R"( +pref("string.bad-x-escape", "foo\x1"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: malformed \\x escape sequence\n" + ); + + // Invalid hex digit. + DEFAULT(R"( +pref("string.bad-x-escape", "foo\x1G"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: malformed \\x escape sequence\n" + ); + + // \u0000 is not allowed. + // (The string literal is broken in two so that MSVC doesn't complain about + // an invalid universal-character-name.) + DEFAULT(R"( +pref("string.bad-u-escape", "foo\)" R"(u0000 bar"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: \\u0000 is not allowed\n" + ); + + // Various bad things after \u: end of string, punctuation, space, newline, + // EOF. + DEFAULT(R"( +pref("string.bad-u-escape", "foo\u"); +pref("string.bad-u-escape", "foo\u,bar"); +pref("string.bad-u-escape", "foo\u 1234"); +pref("string.bad-u-escape", "foo\u +1234"); +pref("string.bad-u-escape", "foo\u)", + "test:2: prefs parse error: malformed \\u escape sequence\n" + "test:3: prefs parse error: malformed \\u escape sequence\n" + "test:4: prefs parse error: malformed \\u escape sequence\n" + "test:5: prefs parse error: malformed \\u escape sequence\n" + "test:7: prefs parse error: malformed \\u escape sequence\n" + ); + + // Not enough hex digits. + DEFAULT(R"( +pref("string.bad-u-escape", "foo\u1"); +pref("string.bad-u-escape", "foo\u12"); +pref("string.bad-u-escape", "foo\u123"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: malformed \\u escape sequence\n" + "test:3: prefs parse error: malformed \\u escape sequence\n" + "test:4: prefs parse error: malformed \\u escape sequence\n" + ); + + // Invalid hex digit. + DEFAULT(R"( +pref("string.bad-u-escape", "foo\u1G34"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: malformed \\u escape sequence\n" + ); + + // High surrogate not followed by low surrogate. + // (The string literal is broken in two so that MSVC doesn't complain about + // an invalid universal-character-name.) + DEFAULT(R"( +pref("string.bad-u-surrogate", "foo\)" R"(ud83c,blah"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: expected low surrogate after high surrogate\n" + ); + + // High surrogate followed by invalid low surrogate. + // (The string literal is broken in two so that MSVC doesn't complain about + // an invalid universal-character-name.) + DEFAULT(R"( +pref("string.bad-u-surrogate", "foo\)" R"(ud83c\u1234"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: invalid low surrogate after high surrogate\n" + ); + + // Low surrogate not preceded by high surrogate. + // (The string literal is broken in two so that MSVC doesn't complain about + // an invalid universal-character-name.) + DEFAULT(R"( +pref("string.bad-u-surrogate", "foo\)" R"(udc00"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: expected high surrogate before low surrogate\n" + ); + + // Unlike in JavaScript, \b, \f, \t, \v aren't allowed. + DEFAULT(R"( +pref("string.bad-escape", "foo\b"); +pref("string.bad-escape", "foo\f"); +pref("string.bad-escape", "foo\t"); +pref("string.bad-escape", "foo\v"); +pref("int.ok", 0); + )", + "test:2: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:3: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:4: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:5: prefs parse error: unexpected escape sequence character after '\\'\n" + ); + + // Various bad things after \: non-special letter, number, punctuation, + // space, newline, EOF. + DEFAULT(R"( +pref("string.bad-escape", "foo\Q"); +pref("string.bad-escape", "foo\1"); +pref("string.bad-escape", "foo\,"); +pref("string.bad-escape", "foo\ n"); +pref("string.bad-escape", "foo\ +n"); +pref("string.bad-escape", "foo\)", + "test:2: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:3: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:4: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:5: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:6: prefs parse error: unexpected escape sequence character after '\\'\n" + "test:8: prefs parse error: unexpected escape sequence character after '\\'\n" + ); + + // Unterminated string literals. + + // Simple case. + DEFAULT(R"( +pref("string.unterminated-string", "foo + )", + "test:3: prefs parse error: unterminated string literal\n" + ); + + // Alternative case; `int` comes after the string and is seen as a keyword. + // The parser then skips to the ';', so no error about the unterminated + // string is issued. + DEFAULT(R"( +pref("string.unterminated-string", "foo); +pref("int.ok", 0); + )", + "test:3: prefs parse error: unknown keyword\n" + ); + + // Mismatched quotes (1). + DEFAULT(R"( +pref("string.unterminated-string", "foo'); + )", + "test:3: prefs parse error: unterminated string literal\n" + ); + + // Mismatched quotes (2). + DEFAULT(R"( +pref("string.unterminated-string", 'foo"); + )", + "test:3: prefs parse error: unterminated string literal\n" + ); + + // Unknown keywords. + DEFAULT(R"( +foo; +preff("string.bad-keyword", true); +ticky_pref("string.bad-keyword", true); +User_pref("string.bad-keyword", true); +pref("string.bad-keyword", TRUE); + )", + "test:2: prefs parse error: unknown keyword\n" + "test:3: prefs parse error: unknown keyword\n" + "test:4: prefs parse error: unknown keyword\n" + "test:5: prefs parse error: unknown keyword\n" + "test:6: prefs parse error: unknown keyword\n" + ); + + // Unterminated C-style comment. + DEFAULT(R"( +/* comment + )", + "test:3: prefs parse error: unterminated /* comment\n" + ); + + // Malformed comments (single slashes), followed by whitespace, newline, EOF. + DEFAULT(R"( +/ comment; +/ +; /)", + "test:2: prefs parse error: expected '/' or '*' after '/'\n" + "test:3: prefs parse error: expected '/' or '*' after '/'\n" + "test:4: prefs parse error: expected '/' or '*' after '/'\n" + ); + + // C++-style comment ending in EOF (1). + DEFAULT(R"( +// comment)", + "" + ); + + // C++-style comment ending in EOF (2). + DEFAULT(R"( +//)", + "" + ); + + // Various unexpected characters. + DEFAULT(R"( +pref("unexpected.chars", &true); +pref("unexpected.chars" : true); +@pref("unexpected.chars", true); +pref["unexpected.chars": true]; + )", + "test:2: prefs parse error: unexpected character\n" + "test:3: prefs parse error: unexpected character\n" + "test:4: prefs parse error: unexpected character\n" + "test:5: prefs parse error: unexpected character\n" + ); + + //------------------------------------------------------------------------- + // All the parsing errors. + //------------------------------------------------------------------------- + + DEFAULT(R"( +"pref"("parse.error": true); +pref1("parse.error": true); +pref(123: true); +pref("parse.error" true); +pref("parse.error", pref); +pref("parse.error", -true); +pref("parse.error", +"value"); +pref("parse.error", true,); +pref("parse.error", true; +pref("parse.error", true, sticky, locked; +pref("parse.error", true) +pref("int.ok", 1); +pref("parse.error", true))", + "test:2: prefs parse error: expected pref specifier at start of pref definition\n" + "test:3: prefs parse error: expected '(' after pref specifier\n" + "test:4: prefs parse error: expected pref name after '('\n" + "test:5: prefs parse error: expected ',' after pref name\n" + "test:6: prefs parse error: expected pref value after ','\n" + "test:7: prefs parse error: expected integer literal after '-'\n" + "test:8: prefs parse error: expected integer literal after '+'\n" + "test:9: prefs parse error: expected pref attribute after ','\n" + "test:10: prefs parse error: expected ',' or ')' after pref value\n" + "test:11: prefs parse error: expected ',' or ')' after pref attribute\n" + "test:13: prefs parse error: expected ';' after ')'\n" + "test:14: prefs parse error: expected ';' after ')'\n" + ); + + USER(R"( +pref("parse.error", true); +sticky_pref("parse.error", true); +user_pref("int.ok", 1); + )", + "test:2: prefs parse error: expected 'user_pref' at start of pref definition\n" + "test:3: prefs parse error: expected 'user_pref' at start of pref definition\n" + ); + + USER(R"( +user_pref("parse.error", true; +user_pref("int.ok", 1); + )", + "test:2: prefs parse error: expected ')' after pref value\n" + ); + + // Parse errors involving unexpected EOF. + + DEFAULT(R"( +pref)", + "test:2: prefs parse error: expected '(' after pref specifier\n" + ); + + DEFAULT(R"( +pref()", + "test:2: prefs parse error: expected pref name after '('\n" + ); + + DEFAULT(R"( +pref("parse.error")", + "test:2: prefs parse error: expected ',' after pref name\n" + ); + + DEFAULT(R"( +pref("parse.error",)", + "test:2: prefs parse error: expected pref value after ','\n" + ); + + DEFAULT(R"( +pref("parse.error", -)", + "test:2: prefs parse error: expected integer literal after '-'\n" + ); + + DEFAULT(R"( +pref("parse.error", +)", + "test:2: prefs parse error: expected integer literal after '+'\n" + ); + + DEFAULT(R"( +pref("parse.error", true)", + "test:2: prefs parse error: expected ',' or ')' after pref value\n" + ); + + USER(R"( +user_pref("parse.error", true)", + "test:2: prefs parse error: expected ')' after pref value\n" + ); + + DEFAULT(R"( +pref("parse.error", true,)", + "test:2: prefs parse error: expected pref attribute after ','\n" + ); + + DEFAULT(R"( +pref("parse.error", true, sticky)", + "test:2: prefs parse error: expected ',' or ')' after pref attribute\n" + ); + + DEFAULT(R"( +pref("parse.error", true))", + "test:2: prefs parse error: expected ';' after ')'\n" + ); + + // This is something we saw in practice with the old parser, which allowed + // repeated semicolons. + DEFAULT(R"( +pref("parse.error", true);; +pref("parse.error", true, locked);;; +pref("parse.error", true, sticky, locked);;;; +pref("int.ok", 0); + )", + "test:2: prefs parse error: expected pref specifier at start of pref definition\n" + "test:3: prefs parse error: expected pref specifier at start of pref definition\n" + "test:3: prefs parse error: expected pref specifier at start of pref definition\n" + "test:4: prefs parse error: expected pref specifier at start of pref definition\n" + "test:4: prefs parse error: expected pref specifier at start of pref definition\n" + "test:4: prefs parse error: expected pref specifier at start of pref definition\n" + ); + + //------------------------------------------------------------------------- + // Invalid syntax after various newline combinations, for the purpose of + // testing that line numbers are correct. + //------------------------------------------------------------------------- + + // In all of the following we have a \n, a \r, a \r\n, and then an error, so + // the error is on line 4. (Note: these ones don't use raw string literals + // because MSVC somehow swallows any \r that appears in them.) + + DEFAULT("\n \r \r\n bad", + "test:4: prefs parse error: unknown keyword\n" + ); + + DEFAULT("#\n#\r#\r\n bad", + "test:4: prefs parse error: unknown keyword\n" + ); + + DEFAULT("//\n//\r//\r\n bad", + "test:4: prefs parse error: unknown keyword\n" + ); + + DEFAULT("/*\n \r \r\n*/ bad", + "test:4: prefs parse error: unknown keyword\n" + ); + + // Note: the escape sequences do *not* affect the line number. + DEFAULT("pref(\"foo\\n\n foo\\r\r foo\\r\\n\r\n foo\", bad);", + "test:4: prefs parse error: unknown keyword\n" + ); + + // clang-format on +} diff --git a/modules/libpref/test/gtest/moz.build b/modules/libpref/test/gtest/moz.build new file mode 100644 index 0000000000..d689b382f8 --- /dev/null +++ b/modules/libpref/test/gtest/moz.build @@ -0,0 +1,23 @@ +# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*- +# vim: set filetype=python: +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at http://mozilla.org/MPL/2.0/. + +Library("libpreftests") + +LOCAL_INCLUDES += [ + "../..", +] + +UNIFIED_SOURCES = [ + "Basics.cpp", + "Parser.cpp", +] + +# THE MOCK_METHOD2 macro from gtest triggers this clang warning and it's hard +# to work around, so we just ignore it. +if CONFIG["CC_TYPE"] == "clang": + CXXFLAGS += ["-Wno-inconsistent-missing-override"] + +FINAL_LIBRARY = "xul-gtest" diff --git a/modules/libpref/test/python.ini b/modules/libpref/test/python.ini new file mode 100644 index 0000000000..dd54269c68 --- /dev/null +++ b/modules/libpref/test/python.ini @@ -0,0 +1,4 @@ +[DEFAULT] +subsuite = mozbuild + +[test_generate_static_pref_list.py] diff --git a/modules/libpref/test/test_generate_static_pref_list.py b/modules/libpref/test/test_generate_static_pref_list.py new file mode 100644 index 0000000000..2c8797099e --- /dev/null +++ b/modules/libpref/test/test_generate_static_pref_list.py @@ -0,0 +1,493 @@ +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, You can obtain one at http://mozilla.org/MPL/2.0/. + +import sys +import unittest +from os import path + +import mozpack.path as mozpath +import mozunit +import yaml + +try: + from StringIO import StringIO +except ImportError: + from io import StringIO + +sys.path.append(path.join(path.dirname(__file__), "..")) +from init.generate_static_pref_list import generate_code + +test_data_path = mozpath.abspath(mozpath.dirname(__file__)) +test_data_path = mozpath.join(test_data_path, "data") + +# A single good input with lots of different combinations. +good_input = """ +- name: my.bool + type: bool + value: false + mirror: never + +- name: my.int + type: int32_t + value: -123 + mirror: once + do_not_use_directly: false + rust: false + +- mirror: always + value: 999 + type: uint32_t + name: my.uint + rust: true + +- name: my.float # A comment. + type: float # A comment. + do_not_use_directly: true # A comment. + value: 0.0f # A comment. + mirror: once # A comment. + rust: true # A comment. + +# A comment. +- name: my.string + type: String + value: foo"bar # The double quote needs escaping. + mirror: never + include: foobar.h + +# A comment. +- name: my.string2 + type: String + value: "foobar" # This string is quoted. + mirror: never + +# A comment. +- name: my.atomic.bool + type: RelaxedAtomicBool + value: true + mirror: always + rust: true + +# A comment. +- name: my.datamutex.string + type: DataMutexString + value: "foobar" # This string is quoted. + mirror: always + +# Mirrored string-valued prefs are interesting in Rust. +- name: my.datamutex.string.rust + type: DataMutexString + value: "" + mirror: always + rust: true + +# YAML+Python interprets `10 + 10 * 20` as a string, and so it is printed +# unchanged. +- name: my.atomic.int + type: ReleaseAcquireAtomicInt32 + value: 10 + 10 * 20 + mirror: always + do_not_use_directly: true # A comment. + +# YAML+Python changes `0x44` to `68` because it interprets the value as an +# integer. +- name: my.atomic.uint + type: SequentiallyConsistentAtomicUint32 + value: 0x44 + mirror: once + +# YAML+Python changes `.4455667` to `0.4455667` because it interprets the value +# as a float. +- name: my-dashed.atomic.float + type: AtomicFloat + value: .4455667 + mirror: never + include: <math.h> +""" + +# The corresponding code for good_input. +good = {} + +good[ + "static_pref_list_all_h" +] = """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +#include "mozilla/StaticPrefList_my.h" +#include "mozilla/StaticPrefList_my_dashed.h" +""" + +good[ + "static_prefs_all_h" +] = """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +#include "mozilla/StaticPrefs_my.h" +#include "mozilla/StaticPrefs_my_dashed.h" +""" + +good["static_pref_list_group_h"] = { + "my": """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +NEVER_PREF("my.bool", bool, false) + +ONCE_PREF( + "my.int", + my_int, + my_int_AtStartup, + int32_t, -123 +) + +ALWAYS_PREF( + "my.uint", + my_uint, + my_uint, + uint32_t, 999 +) + +ONCE_PREF( + "my.float", + my_float, + my_float_AtStartup_DoNotUseDirectly, + float, 0.0f +) + +NEVER_PREF("my.string", String, "foo\\"bar") + +NEVER_PREF("my.string2", String, "foobar") + +ALWAYS_PREF( + "my.atomic.bool", + my_atomic_bool, + my_atomic_bool, + RelaxedAtomicBool, true +) + +ALWAYS_DATAMUTEX_PREF( + "my.datamutex.string", + my_datamutex_string, + my_datamutex_string, + DataMutexString, "foobar"_ns +) + +ALWAYS_DATAMUTEX_PREF( + "my.datamutex.string.rust", + my_datamutex_string_rust, + my_datamutex_string_rust, + DataMutexString, ""_ns +) + +ALWAYS_PREF( + "my.atomic.int", + my_atomic_int, + my_atomic_int_DoNotUseDirectly, + ReleaseAcquireAtomicInt32, 10 + 10 * 20 +) + +ONCE_PREF( + "my.atomic.uint", + my_atomic_uint, + my_atomic_uint_AtStartup, + SequentiallyConsistentAtomicUint32, 68 +) +""", + "my_dashed": """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +NEVER_PREF("my-dashed.atomic.float", AtomicFloat, 0.4455667) +""", +} + +good["static_prefs_group_h"] = { + "my": """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. +// Include it to gain access to StaticPrefs::my_*. + +#ifndef mozilla_StaticPrefs_my_h +#define mozilla_StaticPrefs_my_h + +#include "foobar.h" + +#include "mozilla/StaticPrefListBegin.h" +#include "mozilla/StaticPrefList_my.h" +#include "mozilla/StaticPrefListEnd.h" + +#endif // mozilla_StaticPrefs_my_h +""" +} + +good[ + "static_prefs_c_getters_cpp" +] = """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +extern "C" uint32_t StaticPrefs_my_uint() { + return mozilla::StaticPrefs::my_uint(); +} + +extern "C" float StaticPrefs_my_float_AtStartup_DoNotUseDirectly() { + return mozilla::StaticPrefs::my_float_AtStartup_DoNotUseDirectly(); +} + +extern "C" bool StaticPrefs_my_atomic_bool() { + return mozilla::StaticPrefs::my_atomic_bool(); +} + +extern "C" void StaticPrefs_my_datamutex_string_rust(nsACString *result) { + const auto preflock = mozilla::StaticPrefs::my_datamutex_string_rust(); + result->Append(*preflock); +} +""" + +good[ + "static_prefs_rs" +] = """\ +// This file was generated by generate_static_pref_list.py from (string input). DO NOT EDIT. + +pub use nsstring::nsCString; +extern "C" { + pub fn StaticPrefs_my_uint() -> u32; + pub fn StaticPrefs_my_float_AtStartup_DoNotUseDirectly() -> f32; + pub fn StaticPrefs_my_atomic_bool() -> bool; + pub fn StaticPrefs_my_datamutex_string_rust(result: *mut nsstring::nsACString); +} + +#[macro_export] +macro_rules! pref { + ("my.uint") => (unsafe { $crate::StaticPrefs_my_uint() }); + ("my.float") => (unsafe { $crate::StaticPrefs_my_float_AtStartup_DoNotUseDirectly() }); + ("my.atomic.bool") => (unsafe { $crate::StaticPrefs_my_atomic_bool() }); + ("my.datamutex.string.rust") => (unsafe { let mut result = $crate::nsCString::new(); $crate::StaticPrefs_my_datamutex_string_rust(&mut *result); result }); +} +""" + +# A lot of bad inputs, each with an accompanying error message. Listed in order +# of the relevant `error` calls within generate_static_pref_list.py. +bad_inputs = [ + ( + """ +- invalidkey: 3 +""", + "invalid key `invalidkey`", + ), + ( + """ +- type: int32_t +""", + "missing `name` key", + ), + ( + """ +- name: 99 +""", + "non-string `name` value `99`", + ), + ( + """ +- name: name_with_no_dot +""", + "`name` value `name_with_no_dot` lacks a '.'", + ), + ( + """ +- name: pref.is.defined.more.than.once + type: bool + value: false + mirror: never +- name: pref.is.defined.more.than.once + type: int32_t + value: 111 + mirror: always +""", + "`pref.is.defined.more.than.once` pref is defined more than once", + ), + ( + """ +- name: your.pref + type: bool + value: false + mirror: never +- name: my.pref + type: bool + value: false + mirror: never +""", + "`my.pref` pref must come before `your.pref` pref", + ), + ( + """ +- name: missing.type.key + value: false + mirror: never +""", + "missing `type` key for pref `missing.type.key`", + ), + ( + """ +- name: invalid.type.value + type: const char* + value: true + mirror: never +""", + "invalid `type` value `const char*` for pref `invalid.type.value`", + ), + ( + """ +- name: missing.value.key + type: int32_t + mirror: once +""", + "missing `value` key for pref `missing.value.key`", + ), + ( + """ +- name: non-string.value + type: String + value: 3.45 + mirror: once +""", + "non-string `value` value `3.45` for `String` pref `non-string.value`; add double quotes", + ), + ( + """ +- name: invalid.boolean.value + type: bool + value: true || false + mirror: once +""", + "invalid boolean value `true || false` for pref `invalid.boolean.value`", + ), + ( + """ +- name: missing.mirror.key + type: int32_t + value: 3 +""", + "missing `mirror` key for pref `missing.mirror.key`", + ), + ( + """ +- name: invalid.mirror.value + type: bool + value: true + mirror: sometimes +""", + "invalid `mirror` value `sometimes` for pref `invalid.mirror.value`", + ), + ( + """ +- name: non-boolean.do_not_use_directly.value + type: bool + value: true + mirror: always + do_not_use_directly: 0 +""", + "non-boolean `do_not_use_directly` value `0` for pref " + "`non-boolean.do_not_use_directly.value`", + ), + ( + """ +- name: do_not_use_directly.uselessly.set + type: int32_t + value: 0 + mirror: never + do_not_use_directly: true +""", + "`do_not_use_directly` uselessly set with `mirror` value `never` for " + "pref `do_not_use_directly.uselessly.set`", + ), + ( + """ +- name: non-string.include.value + type: bool + value: true + mirror: always + include: 33 +""", + "non-string `include` value `33` for pref `non-string.include.value`", + ), + ( + """ +- name: include.value.starts.with + type: float + value: M_PI + mirror: never + include: <cmath +""", + "`include` value `<cmath` starts with `<` but does not end with `>` for " + "pref `include.value.starts.with`", + ), + ( + """ +- name: non-boolean.rust.value + type: bool + value: true + mirror: always + rust: 1 +""", + "non-boolean `rust` value `1` for pref `non-boolean.rust.value`", + ), + ( + """ +- name: rust.uselessly.set + type: int32_t + value: 0 + mirror: never + rust: true +""", + "`rust` uselessly set with `mirror` value `never` for pref " + "`rust.uselessly.set`", + ), +] + + +class TestGenerateStaticPrefList(unittest.TestCase): + """ + Unit tests for generate_static_pref_list.py. + """ + + def test_good(self): + "Test various pieces of good input." + inp = StringIO(good_input) + pref_list = yaml.safe_load(inp) + code = generate_code(pref_list, "(string input)") + + self.assertEqual(good["static_pref_list_all_h"], code["static_pref_list_all_h"]) + + self.assertEqual(good["static_prefs_all_h"], code["static_prefs_all_h"]) + + self.assertEqual( + good["static_pref_list_group_h"]["my"], + code["static_pref_list_group_h"]["my"], + ) + self.assertEqual( + good["static_pref_list_group_h"]["my_dashed"], + code["static_pref_list_group_h"]["my_dashed"], + ) + + self.assertEqual( + good["static_prefs_group_h"]["my"], code["static_prefs_group_h"]["my"] + ) + + self.assertEqual( + good["static_prefs_c_getters_cpp"], code["static_prefs_c_getters_cpp"] + ) + + self.assertEqual(good["static_prefs_rs"], code["static_prefs_rs"]) + + def test_bad(self): + "Test various pieces of bad input." + + for (input_string, expected) in bad_inputs: + inp = StringIO(input_string) + try: + pref_list = yaml.safe_load(inp) + generate_code(pref_list, "(string input") + self.assertEqual(0, 1) + except ValueError as e: + self.assertEqual(str(e), expected) + + +if __name__ == "__main__": + mozunit.main() diff --git a/modules/libpref/test/unit/data/testParser.js b/modules/libpref/test/unit/data/testParser.js new file mode 100644 index 0000000000..be29430b2a --- /dev/null +++ b/modules/libpref/test/unit/data/testParser.js @@ -0,0 +1,98 @@ +// Note: this file tests only valid syntax (of default pref files, not user +// pref files). See modules/libpref/test/gtest/Parser.cpp for tests of invalid +// syntax. + +# +# comment + # comment £
+//
+// comment + // comment £ +/**/ + /* comment £ */ +/* comment + * and +some
+ # more + // comment */ +// comment /* +# comment /* +/* /* /* /* /* ...no nesting of C-style comments... */ + +// The following four lines have whitespace: \t, \v, \f, \r + + + +
+ +// This comment has the same whitespace:
+# This comment has other stuff: \n \r \t \v \f \r \a \b \? \' \" \\ \@ +/* This comment has more stuff: \x61 \u0061 \u1234 \uXYZ */ + +/*0*/ pref /*1*/ ( /*2*/ "comment1" /*3*/ , /*4*/ true /*5*/ ) /*6*/ ; /*7*/ + +pref # foo +( // foo +"comment2" /* +foo +*/,/*foo*/ +true#foo +)// +; /*7*/ + +pref + ( + "spaced-out" + , + true + ) + ; + +pref("pref", true); +sticky_pref("sticky_pref", true); +user_pref("user_pref", true); +pref("sticky_pref2", true, sticky); +pref("locked_pref", true, locked); +pref("locked_sticky_pref", true, locked, sticky,sticky, + locked, locked, locked); + +pref("bool.true", true); +pref("bool.false", false); + +pref("int.0", 0); +pref("int.1", 1); +pref("int.123", 123); +pref("int.+234", +234); +pref("int.+ 345", + 345); +// Note that both the prefname and value have tabs in them +pref("int.-0", -0); +pref("int.-1", -1); +pref("int.- /* hmm */ 456", - /* hmm */ 456); +pref("int.-\n567", - +567); +pref("int.INT_MAX-1", 2147483646); +pref("int.INT_MAX", 2147483647); +pref("int.INT_MIN+2", -2147483646); +pref("int.INT_MIN+1", -2147483647); +pref("int.INT_MIN", -2147483648); +//pref("int.overflow.max", 2147483648); // overflows to -2147483648 +//pref("int.overflow.min", -2147483649); // overflows to 2147483647 +//pref("int.overflow.other", 4000000000); // overflows to -294967296 +//pref("int.overflow.another", 5000000000000000); // overflows to 937459712 + +pref("string.empty", ""); +pref("string.abc", "abc"); +pref("string.long", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); +pref('string.single-quotes', '"abc"'); +pref("string.double-quotes", "'abc'"); +pref("string.weird-chars", "
"); +pref("string.escapes", "\" \' \\ \n \r"); +pref("string.x-escapes1", "Mozilla0\x4d\x6F\x7a\x69\x6c\x6C\x610"); +pref("string.x-escapes2", "A\x41 A_umlaut\xc4 y_umlaut\xff"); +pref("string.u-escapes1", "A\u0041 A_umlaut\u00c4 y_umlaut\u00ff0"); +pref("string.u-escapes2", "S_acute\u015a y_grave\u1Ef3"); +// CYCLONE is 0x1f300, GRINNING FACE is 0x1f600. We have to represent them via +// surrogate pairs. +pref("string.u-surrogates", + "cyclone\uD83C\uDF00 grinning_face\uD83D\uDE00"); + diff --git a/modules/libpref/test/unit/data/testPref.js b/modules/libpref/test/unit/data/testPref.js new file mode 100644 index 0000000000..0864e7ce8b --- /dev/null +++ b/modules/libpref/test/unit/data/testPref.js @@ -0,0 +1,6 @@ +user_pref("testPref.bool1", true); +user_pref("testPref.bool2", false); +user_pref("testPref.int1", 23); +user_pref("testPref.int2", -1236); +user_pref("testPref.char1", "_testPref"); +user_pref("testPref.char2", "älskar");
\ No newline at end of file diff --git a/modules/libpref/test/unit/data/testPrefLocked.js b/modules/libpref/test/unit/data/testPrefLocked.js new file mode 100644 index 0000000000..001b65122b --- /dev/null +++ b/modules/libpref/test/unit/data/testPrefLocked.js @@ -0,0 +1,2 @@ +pref("testPref.unlocked.int", 333); +pref("testPref.locked.int", 444, locked); diff --git a/modules/libpref/test/unit/data/testPrefLockedUser.js b/modules/libpref/test/unit/data/testPrefLockedUser.js new file mode 100644 index 0000000000..4da40b7abc --- /dev/null +++ b/modules/libpref/test/unit/data/testPrefLockedUser.js @@ -0,0 +1,3 @@ +// testPrefLocked.js defined this pref as a locked pref. +// Changing a locked pref has no effect. +user_pref("testPref.locked.int", 555); diff --git a/modules/libpref/test/unit/data/testPrefSticky.js b/modules/libpref/test/unit/data/testPrefSticky.js new file mode 100644 index 0000000000..ef1a02adfd --- /dev/null +++ b/modules/libpref/test/unit/data/testPrefSticky.js @@ -0,0 +1,2 @@ +pref("testPref.unsticky.bool", true); +pref("testPref.sticky.bool", false, sticky); diff --git a/modules/libpref/test/unit/data/testPrefStickyUser.js b/modules/libpref/test/unit/data/testPrefStickyUser.js new file mode 100644 index 0000000000..d929c670ad --- /dev/null +++ b/modules/libpref/test/unit/data/testPrefStickyUser.js @@ -0,0 +1,5 @@ +// testPrefSticky.js defined this pref as sticky. Once a sticky +// pref has been changed, it's written as a user_pref(). +// So this test file reflects that scenario. +// Note the default in testPrefSticky.js is also false. +user_pref("testPref.sticky.bool", false); diff --git a/modules/libpref/test/unit/data/testPrefUTF8.js b/modules/libpref/test/unit/data/testPrefUTF8.js new file mode 100644 index 0000000000..a409c4eb72 --- /dev/null +++ b/modules/libpref/test/unit/data/testPrefUTF8.js @@ -0,0 +1,6 @@ +user_pref("testPref.bool1", true); +user_pref("testPref.bool2", false); +user_pref("testPref.int1", 23); +user_pref("testPref.int2", -1236); +user_pref("testPref.char1", "_testPref"); +user_pref("testPref.char2", "älskar"); diff --git a/modules/libpref/test/unit/extdata/testExt.js b/modules/libpref/test/unit/extdata/testExt.js new file mode 100644 index 0000000000..17c6849692 --- /dev/null +++ b/modules/libpref/test/unit/extdata/testExt.js @@ -0,0 +1,2 @@ +pref("testPref.bool2", true); +pref("testExtPref.bool", true); diff --git a/modules/libpref/test/unit/head_libPrefs.js b/modules/libpref/test/unit/head_libPrefs.js new file mode 100644 index 0000000000..ef7044a641 --- /dev/null +++ b/modules/libpref/test/unit/head_libPrefs.js @@ -0,0 +1,37 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +const NS_APP_USER_PROFILE_50_DIR = "ProfD"; + +function do_check_throws(f, result, stack) { + if (!stack) { + stack = Components.stack.caller; + } + + try { + f(); + } catch (exc) { + equal(exc.result, result, "Correct exception was thrown"); + return; + } + ok(false, "expected result " + result + ", none thrown"); +} + +// Register current test directory as provider for the profile directory. +var provider = { + getFile(prop, persistent) { + persistent.value = true; + if (prop == NS_APP_USER_PROFILE_50_DIR) { + return Services.dirsvc.get("CurProcD", Ci.nsIFile); + } + throw Components.Exception( + "Tried to get test directory '" + prop + "'", + Cr.NS_ERROR_FAILURE + ); + }, + QueryInterface: ChromeUtils.generateQI(["nsIDirectoryServiceProvider"]), +}; +Services.dirsvc + .QueryInterface(Ci.nsIDirectoryService) + .registerProvider(provider); diff --git a/modules/libpref/test/unit/test_bug1354613.js b/modules/libpref/test/unit/test_bug1354613.js new file mode 100644 index 0000000000..e609c6805a --- /dev/null +++ b/modules/libpref/test/unit/test_bug1354613.js @@ -0,0 +1,21 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +function run_test() { + const BRANCH = "foo."; + const PREF_NAME = "testPref"; + const FULL_PREF_NAME = BRANCH + PREF_NAME; + + const FLOAT = 9.674; + const FUDGE = 0.001; + + let prefs = Services.prefs.getDefaultBranch(null); + + /* Test with a non-default branch */ + prefs.setCharPref(FULL_PREF_NAME, FLOAT); + let pb = Services.prefs.getBranch(BRANCH); + + let floatPref = pb.getFloatPref(PREF_NAME); + Assert.ok(FLOAT + FUDGE >= floatPref); + Assert.ok(FLOAT - FUDGE <= floatPref); +} diff --git a/modules/libpref/test/unit/test_bug345529.js b/modules/libpref/test/unit/test_bug345529.js new file mode 100644 index 0000000000..05fce35f57 --- /dev/null +++ b/modules/libpref/test/unit/test_bug345529.js @@ -0,0 +1,25 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +// Regression test for bug 345529 - crash removing an observer during an +// nsPref:changed notification. +function run_test() { + const PREF_NAME = "testPref"; + + var observer = { + QueryInterface: ChromeUtils.generateQI(["nsIObserver"]), + + observe: function observe(aSubject, aTopic, aState) { + Services.prefs.removeObserver(PREF_NAME, observer); + }, + }; + Services.prefs.addObserver(PREF_NAME, observer); + + Services.prefs.setCharPref(PREF_NAME, "test0"); + // This second call isn't needed on a clean profile: it makes sure + // the observer gets called even if the pref already had the value + // "test0" before this test. + Services.prefs.setCharPref(PREF_NAME, "test1"); + + Assert.ok(true); +} diff --git a/modules/libpref/test/unit/test_bug506224.js b/modules/libpref/test/unit/test_bug506224.js new file mode 100644 index 0000000000..033c5acc6e --- /dev/null +++ b/modules/libpref/test/unit/test_bug506224.js @@ -0,0 +1,25 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +function run_test() { + const PREF_NAME = "testPref"; + + var prefs = Services.prefs.getDefaultBranch(null); + var userprefs = Services.prefs.getBranch(null); + + prefs.setCharPref(PREF_NAME, "test0"); + prefs.lockPref(PREF_NAME); + Assert.equal("test0", userprefs.getCharPref(PREF_NAME)); + Assert.equal(false, userprefs.prefHasUserValue(PREF_NAME)); + + var file = do_get_profile(); + file.append("prefs.js"); + Services.prefs.savePrefFile(file); + + prefs.unlockPref(PREF_NAME); + prefs.setCharPref(PREF_NAME, "test1"); + Services.prefs.readUserPrefsFromFile(file); + + Assert.equal("test1", userprefs.getCharPref(PREF_NAME)); + Assert.equal(false, userprefs.prefHasUserValue(PREF_NAME)); +} diff --git a/modules/libpref/test/unit/test_bug577950.js b/modules/libpref/test/unit/test_bug577950.js new file mode 100644 index 0000000000..f9106a349f --- /dev/null +++ b/modules/libpref/test/unit/test_bug577950.js @@ -0,0 +1,17 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +function run_test() { + var observer = { + QueryInterface: ChromeUtils.generateQI(["nsIObserver"]), + + observe: function observe(aSubject, aTopic, aState) { + // Don't do anything. + }, + }; + + /* Set the same pref twice. This shouldn't leak. */ + Services.prefs.addObserver("UserPref.nonexistent.setIntPref", observer); + Services.prefs.addObserver("UserPref.nonexistent.setIntPref", observer); +} diff --git a/modules/libpref/test/unit/test_bug790374.js b/modules/libpref/test/unit/test_bug790374.js new file mode 100644 index 0000000000..d4271a7ff7 --- /dev/null +++ b/modules/libpref/test/unit/test_bug790374.js @@ -0,0 +1,50 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +function run_test() { + const PREF_NAME = "testPref"; + + var prefs = Services.prefs.getDefaultBranch(null); + var userprefs = Services.prefs.getBranch(null); + + /* First, test to make sure we can parse a float from a string properly. */ + prefs.setCharPref(PREF_NAME, "9.674"); + prefs.lockPref(PREF_NAME); + var myFloat = 9.674; + var fudge = 0.001; + var floatPref = userprefs.getFloatPref(PREF_NAME); + Assert.ok(myFloat + fudge >= floatPref); + Assert.ok(myFloat - fudge <= floatPref); + + /* Now test some failure conditions. */ + prefs.unlockPref(PREF_NAME); + prefs.setCharPref(PREF_NAME, ""); + prefs.lockPref(PREF_NAME); + do_check_throws(function () { + userprefs.getFloatPref(PREF_NAME); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + + prefs.unlockPref(PREF_NAME); + prefs.setCharPref(PREF_NAME, "18.0a1"); + prefs.lockPref(PREF_NAME); + + do_check_throws(function () { + userprefs.getFloatPref(PREF_NAME); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + + prefs.unlockPref(PREF_NAME); + prefs.setCharPref(PREF_NAME, "09.25.2012"); + prefs.lockPref(PREF_NAME); + + do_check_throws(function () { + userprefs.getFloatPref(PREF_NAME); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + + prefs.unlockPref(PREF_NAME); + prefs.setCharPref(PREF_NAME, "aString"); + prefs.lockPref(PREF_NAME); + + do_check_throws(function () { + userprefs.getFloatPref(PREF_NAME); + }, Cr.NS_ERROR_ILLEGAL_VALUE); +} diff --git a/modules/libpref/test/unit/test_changeType.js b/modules/libpref/test/unit/test_changeType.js new file mode 100644 index 0000000000..94f3a84f13 --- /dev/null +++ b/modules/libpref/test/unit/test_changeType.js @@ -0,0 +1,164 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Tests for changing the type of a preference (bug 985998) */ + +function run_test() { + var ps = Services.prefs; + + let defaultBranch = ps.getDefaultBranch(""); + let userBranch = ps.getBranch(""); + + // Prefs that only have a default value -- we can't change their type. + defaultBranch.setBoolPref("TypeTest.default.bool", true); + defaultBranch.setIntPref("TypeTest.default.int", 23); + defaultBranch.setCharPref("TypeTest.default.char", "hey"); + + Assert.equal(userBranch.getBoolPref("TypeTest.default.bool"), true); + Assert.equal(userBranch.getIntPref("TypeTest.default.int"), 23); + Assert.equal(userBranch.getCharPref("TypeTest.default.char"), "hey"); + + // Prefs that only have a user value -- we can change their type, but only + // when we set the user value. + userBranch.setBoolPref("TypeTest.user.bool", false); + userBranch.setIntPref("TypeTest.user.int", 24); + userBranch.setCharPref("TypeTest.user.char", "hi"); + + Assert.equal(userBranch.getBoolPref("TypeTest.user.bool"), false); + Assert.equal(userBranch.getIntPref("TypeTest.user.int"), 24); + Assert.equal(userBranch.getCharPref("TypeTest.user.char"), "hi"); + + // Prefs that have both a default and a user value -- we can't change their + // type. + defaultBranch.setBoolPref("TypeTest.both.bool", true); + userBranch.setBoolPref("TypeTest.both.bool", false); + defaultBranch.setIntPref("TypeTest.both.int", 25); + userBranch.setIntPref("TypeTest.both.int", 26); + defaultBranch.setCharPref("TypeTest.both.char", "yo"); + userBranch.setCharPref("TypeTest.both.char", "ya"); + + Assert.equal(userBranch.getBoolPref("TypeTest.both.bool"), false); + Assert.equal(userBranch.getIntPref("TypeTest.both.int"), 26); + Assert.equal(userBranch.getCharPref("TypeTest.both.char"), "ya"); + + // We only have a default value, and we try to set a default value of a + // different type --> fails. + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.default.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.default.bool", 5); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.default.int", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.default.int", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.default.char", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.default.char", 6); + }, Cr.NS_ERROR_UNEXPECTED); + + // We only have a default value, and we try to set a user value of a + // different type --> fails. + do_check_throws(function () { + userBranch.setCharPref("TypeTest.default.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setIntPref("TypeTest.default.bool", 5); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setCharPref("TypeTest.default.int", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setBoolPref("TypeTest.default.int", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setBoolPref("TypeTest.default.char", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setIntPref("TypeTest.default.char", 6); + }, Cr.NS_ERROR_UNEXPECTED); + + // We only have a user value, and we try to set a default value of a + // different type --> fails. + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.user.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.user.bool", 5); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.user.int", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.user.int", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.user.char", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.user.char", 6); + }, Cr.NS_ERROR_UNEXPECTED); + + // We only have a user value, and we try to set a user value of a + // different type --> SUCCEEDS. + userBranch.setCharPref("TypeTest.user.bool", "boo"); + Assert.equal(userBranch.getCharPref("TypeTest.user.bool"), "boo"); + userBranch.setIntPref("TypeTest.user.bool", 5); + Assert.equal(userBranch.getIntPref("TypeTest.user.bool"), 5); + userBranch.setCharPref("TypeTest.user.int", "boo"); + Assert.equal(userBranch.getCharPref("TypeTest.user.int"), "boo"); + userBranch.setBoolPref("TypeTest.user.int", true); + Assert.equal(userBranch.getBoolPref("TypeTest.user.int"), true); + userBranch.setBoolPref("TypeTest.user.char", true); + Assert.equal(userBranch.getBoolPref("TypeTest.user.char"), true); + userBranch.setIntPref("TypeTest.user.char", 6); + Assert.equal(userBranch.getIntPref("TypeTest.user.char"), 6); + + // We have both a default value and user value, and we try to set a default + // value of a different type --> fails. + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.both.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.both.bool", 5); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setCharPref("TypeTest.both.int", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.both.int", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setBoolPref("TypeTest.both.char", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + defaultBranch.setIntPref("TypeTest.both.char", 6); + }, Cr.NS_ERROR_UNEXPECTED); + + // We have both a default value and user value, and we try to set a user + // value of a different type --> fails. + do_check_throws(function () { + userBranch.setCharPref("TypeTest.both.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setIntPref("TypeTest.both.bool", 5); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setCharPref("TypeTest.both.int", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setBoolPref("TypeTest.both.int", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setBoolPref("TypeTest.both.char", true); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + userBranch.setIntPref("TypeTest.both.char", 6); + }, Cr.NS_ERROR_UNEXPECTED); +} diff --git a/modules/libpref/test/unit/test_defaultValues.js b/modules/libpref/test/unit/test_defaultValues.js new file mode 100644 index 0000000000..905675a1cf --- /dev/null +++ b/modules/libpref/test/unit/test_defaultValues.js @@ -0,0 +1,59 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Tests for providing a default value to get{Bool,Char,Float,Int}Pref */ + +function run_test() { + const ps = Services.prefs; + let prefName = "test.default.values.bool"; + do_check_throws(function () { + ps.getBoolPref(prefName); + }, Cr.NS_ERROR_UNEXPECTED); + strictEqual(ps.getBoolPref(prefName, false), false); + strictEqual(ps.getBoolPref(prefName, true), true); + ps.setBoolPref(prefName, true); + strictEqual(ps.getBoolPref(prefName), true); + strictEqual(ps.getBoolPref(prefName, false), true); + strictEqual(ps.getBoolPref(prefName, true), true); + + prefName = "test.default.values.char"; + do_check_throws(function () { + ps.getCharPref(prefName); + }, Cr.NS_ERROR_UNEXPECTED); + strictEqual(ps.getCharPref(prefName, ""), ""); + strictEqual(ps.getCharPref(prefName, "string"), "string"); + ps.setCharPref(prefName, "foo"); + strictEqual(ps.getCharPref(prefName), "foo"); + strictEqual(ps.getCharPref(prefName, "string"), "foo"); + + prefName = "test.default.values.string"; + do_check_throws(function () { + ps.getCharPref(prefName); + }, Cr.NS_ERROR_UNEXPECTED); + strictEqual(ps.getStringPref(prefName, ""), ""); + strictEqual(ps.getStringPref(prefName, "éèçà ê€"), "éèçà ê€"); + ps.setStringPref(prefName, "éèçà ê€"); + strictEqual(ps.getStringPref(prefName), "éèçà ê€"); + strictEqual(ps.getStringPref(prefName, "string"), "éèçà ê€"); + + prefName = "test.default.values.float"; + do_check_throws(function () { + ps.getFloatPref(prefName); + }, Cr.NS_ERROR_UNEXPECTED); + strictEqual(ps.getFloatPref(prefName, 3.5), 3.5); + strictEqual(ps.getFloatPref(prefName, 0), 0); + ps.setCharPref(prefName, 1.75); + strictEqual(ps.getFloatPref(prefName), 1.75); + strictEqual(ps.getFloatPref(prefName, 3.5), 1.75); + + prefName = "test.default.values.int"; + do_check_throws(function () { + ps.getIntPref(prefName); + }, Cr.NS_ERROR_UNEXPECTED); + strictEqual(ps.getIntPref(prefName, 3), 3); + strictEqual(ps.getIntPref(prefName, 0), 0); + ps.setIntPref(prefName, 42); + strictEqual(ps.getIntPref(prefName), 42); + strictEqual(ps.getIntPref(prefName, 3), 42); +} diff --git a/modules/libpref/test/unit/test_dirtyPrefs.js b/modules/libpref/test/unit/test_dirtyPrefs.js new file mode 100644 index 0000000000..e107bef363 --- /dev/null +++ b/modules/libpref/test/unit/test_dirtyPrefs.js @@ -0,0 +1,69 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* Tests for handling of the preferences 'dirty' flag (bug 985998) */ + +function run_test() { + const ps = Services.prefs; + + let defaultBranch = ps.getDefaultBranch(""); + let userBranch = ps.getBranch(""); + + let prefFile = do_get_profile(); + prefFile.append("prefs.js"); + + //* *************************************************************************// + // prefs are not dirty after a write + ps.savePrefFile(null); + Assert.ok(!ps.dirty); + + // set a new a user value, we should become dirty + userBranch.setBoolPref("DirtyTest.new.bool", true); + Assert.ok(ps.dirty); + ps.savePrefFile(null); + // Overwrite a pref with the same value => not dirty + userBranch.setBoolPref("DirtyTest.new.bool", true); + Assert.ok(!ps.dirty); + + // Repeat for the other two types + userBranch.setIntPref("DirtyTest.new.int", 1); + Assert.ok(ps.dirty); + ps.savePrefFile(null); + // Overwrite a pref with the same value => not dirty + userBranch.setIntPref("DirtyTest.new.int", 1); + Assert.ok(!ps.dirty); + + userBranch.setCharPref("DirtyTest.new.char", "oop"); + Assert.ok(ps.dirty); + ps.savePrefFile(null); + // Overwrite a pref with the same value => not dirty + userBranch.setCharPref("DirtyTest.new.char", "oop"); + Assert.ok(!ps.dirty); + + // change *type* of a user value -> dirty + userBranch.setBoolPref("DirtyTest.new.char", false); + Assert.ok(ps.dirty); + ps.savePrefFile(null); + + // Set a default pref => not dirty (defaults don't go into prefs.js) + defaultBranch.setBoolPref("DirtyTest.existing.bool", true); + Assert.ok(!ps.dirty); + // Fail to change type of a pref with default value -> not dirty + do_check_throws(function () { + userBranch.setCharPref("DirtyTest.existing.bool", "boo"); + }, Cr.NS_ERROR_UNEXPECTED); + Assert.ok(!ps.dirty); + + // Set user value same as default, not dirty + userBranch.setBoolPref("DirtyTest.existing.bool", true); + Assert.ok(!ps.dirty); + // User value different from default, dirty + userBranch.setBoolPref("DirtyTest.existing.bool", false); + Assert.ok(ps.dirty); + ps.savePrefFile(null); + // Back to default value, dirty again + userBranch.setBoolPref("DirtyTest.existing.bool", true); + Assert.ok(ps.dirty); + ps.savePrefFile(null); +} diff --git a/modules/libpref/test/unit/test_libPrefs.js b/modules/libpref/test/unit/test_libPrefs.js new file mode 100644 index 0000000000..93651568be --- /dev/null +++ b/modules/libpref/test/unit/test_libPrefs.js @@ -0,0 +1,450 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// It is necessary to manually disable `xpc::IsInAutomation` since +// `resetPrefs` will flip the preference to re-enable `once`-synced +// preference change assertions, and also change the value of those +// preferences. +Services.prefs.setBoolPref( + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", + false +); + +const PREF_INVALID = 0; +const PREF_BOOL = 128; +const PREF_INT = 64; +const PREF_STRING = 32; + +const MAX_PREF_LENGTH = 1 * 1024 * 1024; + +function makeList(a) { + var o = {}; + for (var i = 0; i < a.length; i++) { + o[a[i]] = ""; + } + return o; +} + +function run_test() { + const ps = Services.prefs; + + //* *************************************************************************// + // Nullsafety + + do_check_throws(function () { + ps.getPrefType(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.getBoolPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.setBoolPref(null, false); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.getIntPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.setIntPref(null, 0); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.getCharPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.setCharPref(null, null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.getStringPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.setStringPref(null, null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.clearUserPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.prefHasUserValue(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.lockPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.prefIsLocked(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.unlockPref(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.deleteBranch(null); + }, Cr.NS_ERROR_INVALID_ARG); + do_check_throws(function () { + ps.getChildList(null); + }, Cr.NS_ERROR_INVALID_ARG); + + //* *************************************************************************// + // Nonexisting user preferences + + Assert.equal(ps.prefHasUserValue("UserPref.nonexistent.hasUserValue"), false); + ps.clearUserPref("UserPref.nonexistent.clearUserPref"); // shouldn't throw + Assert.equal( + ps.getPrefType("UserPref.nonexistent.getPrefType"), + PREF_INVALID + ); + Assert.equal(ps.root, ""); + + // bool... + do_check_throws(function () { + ps.getBoolPref("UserPref.nonexistent.getBoolPref"); + }, Cr.NS_ERROR_UNEXPECTED); + ps.setBoolPref("UserPref.nonexistent.setBoolPref", false); + Assert.equal(ps.getBoolPref("UserPref.nonexistent.setBoolPref"), false); + + // int... + do_check_throws(function () { + ps.getIntPref("UserPref.nonexistent.getIntPref"); + }, Cr.NS_ERROR_UNEXPECTED); + ps.setIntPref("UserPref.nonexistent.setIntPref", 5); + Assert.equal(ps.getIntPref("UserPref.nonexistent.setIntPref"), 5); + + // char + do_check_throws(function () { + ps.getCharPref("UserPref.nonexistent.getCharPref"); + }, Cr.NS_ERROR_UNEXPECTED); + ps.setCharPref("UserPref.nonexistent.setCharPref", "_test"); + Assert.equal(ps.getCharPref("UserPref.nonexistent.setCharPref"), "_test"); + + //* *************************************************************************// + // Existing user Prefs and data integrity test (round-trip match) + + ps.setBoolPref("UserPref.existing.bool", true); + ps.setIntPref("UserPref.existing.int", 23); + ps.setCharPref("UserPref.existing.char", "hey"); + + // getPref should return the pref value + Assert.equal(ps.getBoolPref("UserPref.existing.bool"), true); + Assert.equal(ps.getIntPref("UserPref.existing.int"), 23); + Assert.equal(ps.getCharPref("UserPref.existing.char"), "hey"); + + // setPref should not complain and should change the value of the pref + ps.setBoolPref("UserPref.existing.bool", false); + Assert.equal(ps.getBoolPref("UserPref.existing.bool"), false); + ps.setIntPref("UserPref.existing.int", 24); + Assert.equal(ps.getIntPref("UserPref.existing.int"), 24); + ps.setCharPref("UserPref.existing.char", "hej då!"); + Assert.equal(ps.getCharPref("UserPref.existing.char"), "hej då!"); + + // prefHasUserValue should return true now + Assert.ok(ps.prefHasUserValue("UserPref.existing.bool")); + Assert.ok(ps.prefHasUserValue("UserPref.existing.int")); + Assert.ok(ps.prefHasUserValue("UserPref.existing.char")); + + // clearUserPref should remove the pref + ps.clearUserPref("UserPref.existing.bool"); + Assert.ok(!ps.prefHasUserValue("UserPref.existing.bool")); + ps.clearUserPref("UserPref.existing.int"); + Assert.ok(!ps.prefHasUserValue("UserPref.existing.int")); + ps.clearUserPref("UserPref.existing.char"); + Assert.ok(!ps.prefHasUserValue("UserPref.existing.char")); + + //* *************************************************************************// + // Large value test + + let largeStr = new Array(MAX_PREF_LENGTH + 1).join("x"); + ps.setCharPref("UserPref.large.char", largeStr); + largeStr += "x"; + do_check_throws(function () { + ps.setCharPref("UserPref.large.char", largeStr); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + + //* *************************************************************************// + // getPrefType test + + // bool... + ps.setBoolPref("UserPref.getPrefType.bool", true); + Assert.equal(ps.getPrefType("UserPref.getPrefType.bool"), PREF_BOOL); + + // int... + ps.setIntPref("UserPref.getPrefType.int", -234); + Assert.equal(ps.getPrefType("UserPref.getPrefType.int"), PREF_INT); + + // char... + ps.setCharPref("UserPref.getPrefType.char", "testing1..2"); + Assert.equal(ps.getPrefType("UserPref.getPrefType.char"), PREF_STRING); + + //* *************************************************************************// + // getBranch tests + + Assert.equal(ps.root, ""); + + // bool ... + ps.setBoolPref("UserPref.root.boolPref", true); + let pb_1 = ps.getBranch("UserPref.root."); + Assert.equal(pb_1.getBoolPref("boolPref"), true); + let pb_2 = ps.getBranch("UserPref.root.boolPref"); + Assert.equal(pb_2.getBoolPref(""), true); + pb_2.setBoolPref(".anotherPref", false); + let pb_3 = ps.getBranch("UserPref.root.boolPre"); + Assert.equal(pb_3.getBoolPref("f.anotherPref"), false); + + // int ... + ps.setIntPref("UserPref.root.intPref", 23); + pb_1 = ps.getBranch("UserPref.root."); + Assert.equal(pb_1.getIntPref("intPref"), 23); + pb_2 = ps.getBranch("UserPref.root.intPref"); + Assert.equal(pb_2.getIntPref(""), 23); + pb_2.setIntPref(".anotherPref", 69); + pb_3 = ps.getBranch("UserPref.root.intPre"); + Assert.equal(pb_3.getIntPref("f.anotherPref"), 69); + + // char... + ps.setCharPref("UserPref.root.charPref", "_char"); + pb_1 = ps.getBranch("UserPref.root."); + Assert.equal(pb_1.getCharPref("charPref"), "_char"); + pb_2 = ps.getBranch("UserPref.root.charPref"); + Assert.equal(pb_2.getCharPref(""), "_char"); + pb_2.setCharPref(".anotherPref", "_another"); + pb_3 = ps.getBranch("UserPref.root.charPre"); + Assert.equal(pb_3.getCharPref("f.anotherPref"), "_another"); + + //* *************************************************************************// + // getChildlist tests + + // get an already set prefBranch + let pb1 = ps.getBranch("UserPref.root."); + let prefList = pb1.getChildList(""); + Assert.equal(prefList.length, 6); + + // check for specific prefs in the array : the order is not important + Assert.ok("boolPref" in makeList(prefList)); + Assert.ok("intPref" in makeList(prefList)); + Assert.ok("charPref" in makeList(prefList)); + Assert.ok("boolPref.anotherPref" in makeList(prefList)); + Assert.ok("intPref.anotherPref" in makeList(prefList)); + Assert.ok("charPref.anotherPref" in makeList(prefList)); + + //* *************************************************************************// + // Default branch tests + + // bool... + pb1 = ps.getDefaultBranch(""); + pb1.setBoolPref("DefaultPref.bool", true); + Assert.equal(pb1.getBoolPref("DefaultPref.bool"), true); + Assert.ok(!pb1.prefHasUserValue("DefaultPref.bool")); + ps.setBoolPref("DefaultPref.bool", false); + Assert.ok(pb1.prefHasUserValue("DefaultPref.bool")); + Assert.equal(ps.getBoolPref("DefaultPref.bool"), false); + + // int... + pb1 = ps.getDefaultBranch(""); + pb1.setIntPref("DefaultPref.int", 100); + Assert.equal(pb1.getIntPref("DefaultPref.int"), 100); + Assert.ok(!pb1.prefHasUserValue("DefaultPref.int")); + ps.setIntPref("DefaultPref.int", 50); + Assert.ok(pb1.prefHasUserValue("DefaultPref.int")); + Assert.equal(ps.getIntPref("DefaultPref.int"), 50); + + // char... + pb1 = ps.getDefaultBranch(""); + pb1.setCharPref("DefaultPref.char", "_default"); + Assert.equal(pb1.getCharPref("DefaultPref.char"), "_default"); + Assert.ok(!pb1.prefHasUserValue("DefaultPref.char")); + ps.setCharPref("DefaultPref.char", "_user"); + Assert.ok(pb1.prefHasUserValue("DefaultPref.char")); + Assert.equal(ps.getCharPref("DefaultPref.char"), "_user"); + + //* *************************************************************************// + // pref Locking/Unlocking tests + + // locking and unlocking a nonexistent pref should throw + do_check_throws(function () { + ps.lockPref("DefaultPref.nonexistent"); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + do_check_throws(function () { + ps.unlockPref("DefaultPref.nonexistent"); + }, Cr.NS_ERROR_ILLEGAL_VALUE); + + // getting a locked pref branch should return the "default" value + Assert.ok(!ps.prefIsLocked("DefaultPref.char")); + ps.lockPref("DefaultPref.char"); + Assert.equal(ps.getCharPref("DefaultPref.char"), "_default"); + Assert.ok(ps.prefIsLocked("DefaultPref.char")); + + // getting an unlocked pref branch should return the "user" value + ps.unlockPref("DefaultPref.char"); + Assert.equal(ps.getCharPref("DefaultPref.char"), "_user"); + Assert.ok(!ps.prefIsLocked("DefaultPref.char")); + + // setting the "default" value to a user pref branch should + // make prefHasUserValue return false (documented behavior) + ps.setCharPref("DefaultPref.char", "_default"); + Assert.ok(!pb1.prefHasUserValue("DefaultPref.char")); + + // unlocking and locking multiple times shouldn't throw + ps.unlockPref("DefaultPref.char"); + ps.lockPref("DefaultPref.char"); + ps.lockPref("DefaultPref.char"); + + //* *************************************************************************// + // resetBranch test + + // NOT IMPLEMENTED YET in module/libpref. So we're not testing ! + // uncomment the following if resetBranch ever gets implemented. + /* ps.resetBranch("DefaultPref"); + do_check_eq(ps.getBoolPref("DefaultPref.bool"), true); + do_check_eq(ps.getIntPref("DefaultPref.int"), 100); + do_check_eq(ps.getCharPref("DefaultPref.char"), "_default");*/ + + //* *************************************************************************// + // deleteBranch tests + + // TODO : Really, this should throw!, by documentation. + // do_check_throws(function() { + // ps.deleteBranch("UserPref.nonexistent.deleteBranch");}, Cr.NS_ERROR_UNEXPECTED); + + ps.deleteBranch("DefaultPref"); + let pb = ps.getBranch("DefaultPref"); + pb1 = ps.getDefaultBranch("DefaultPref"); + + // getting prefs on deleted user branches should throw + do_check_throws(function () { + pb.getBoolPref("DefaultPref.bool"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb.getIntPref("DefaultPref.int"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb.getCharPref("DefaultPref.char"); + }, Cr.NS_ERROR_UNEXPECTED); + + // getting prefs on deleted default branches should throw + do_check_throws(function () { + pb1.getBoolPref("DefaultPref.bool"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb1.getIntPref("DefaultPref.int"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb1.getCharPref("DefaultPref.char"); + }, Cr.NS_ERROR_UNEXPECTED); + + //* *************************************************************************// + // savePrefFile & readPrefFile tests + + // set some prefs + ps.setBoolPref("ReadPref.bool", true); + ps.setIntPref("ReadPref.int", 230); + ps.setCharPref("ReadPref.char", "hello"); + + // save those prefs in a file + let savePrefFile = do_get_cwd(); + savePrefFile.append("data"); + savePrefFile.append("savePref.js"); + + if (savePrefFile.exists()) { + savePrefFile.remove(false); + } + savePrefFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0o666); + ps.savePrefFile(savePrefFile); + ps.resetPrefs(); + + // load a preexisting pref file + let prefFile = do_get_file("data/testPref.js"); + ps.readUserPrefsFromFile(prefFile); + + // former prefs should have been replaced/lost + do_check_throws(function () { + pb.getBoolPref("ReadPref.bool"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb.getIntPref("ReadPref.int"); + }, Cr.NS_ERROR_UNEXPECTED); + do_check_throws(function () { + pb.getCharPref("ReadPref.char"); + }, Cr.NS_ERROR_UNEXPECTED); + + // loaded prefs should read ok. + pb = ps.getBranch("testPref."); + Assert.equal(pb.getBoolPref("bool1"), true); + Assert.equal(pb.getBoolPref("bool2"), false); + Assert.equal(pb.getIntPref("int1"), 23); + Assert.equal(pb.getIntPref("int2"), -1236); + Assert.equal(pb.getCharPref("char1"), "_testPref"); + Assert.equal(pb.getCharPref("char2"), "älskar"); + + // loading our former savePrefFile should allow us to read former prefs + + // Hack alert: on Windows nsLocalFile caches the size of savePrefFile from + // the .create() call above as 0. We call .exists() to reset the cache. + savePrefFile.exists(); + + ps.readUserPrefsFromFile(savePrefFile); + // cleanup the file now we don't need it + savePrefFile.remove(false); + Assert.equal(ps.getBoolPref("ReadPref.bool"), true); + Assert.equal(ps.getIntPref("ReadPref.int"), 230); + Assert.equal(ps.getCharPref("ReadPref.char"), "hello"); + + // ... and still be able to access "prior-to-readUserPrefs" preferences + Assert.equal(pb.getBoolPref("bool1"), true); + Assert.equal(pb.getBoolPref("bool2"), false); + Assert.equal(pb.getIntPref("int1"), 23); + + //* *************************************************************************// + // preference Observers + + class PrefObserver { + /** + * Creates and registers a pref observer. + * + * @param prefBranch The preference branch instance to observe. + * @param expectedName The pref name we expect to receive. + * @param expectedValue The int pref value we expect to receive. + */ + constructor(prefBranch, expectedName, expectedValue) { + this.pb = prefBranch; + this.name = expectedName; + this.value = expectedValue; + + prefBranch.addObserver(expectedName, this); + } + + QueryInterface(aIID) { + if (aIID.equals(Ci.nsIObserver) || aIID.equals(Ci.nsISupports)) { + return this; + } + throw Components.Exception("", Cr.NS_NOINTERFACE); + } + + observe(aSubject, aTopic, aState) { + Assert.equal(aTopic, "nsPref:changed"); + Assert.equal(aState, this.name); + Assert.equal(this.pb.getIntPref(aState), this.value); + pb.removeObserver(aState, this); + + // notification received, we may go on... + do_test_finished(); + } + } + + // Indicate that we'll have 3 more async tests pending so that they all + // actually get a chance to run. + do_test_pending(); + do_test_pending(); + do_test_pending(); + + let observer = new PrefObserver(ps, "ReadPref.int", 76); + ps.setIntPref("ReadPref.int", 76); + + // removed observer should not fire + ps.removeObserver("ReadPref.int", observer); + ps.setIntPref("ReadPref.int", 32); + + // let's test observers once more with a non-root prefbranch + pb = ps.getBranch("ReadPref."); + observer = new PrefObserver(pb, "int", 76); + ps.setIntPref("ReadPref.int", 76); + + // Let's try that again with different pref. + observer = new PrefObserver(pb, "another_int", 76); + ps.setIntPref("ReadPref.another_int", 76); +} diff --git a/modules/libpref/test/unit/test_locked_file_prefs.js b/modules/libpref/test/unit/test_locked_file_prefs.js new file mode 100644 index 0000000000..29b5270df5 --- /dev/null +++ b/modules/libpref/test/unit/test_locked_file_prefs.js @@ -0,0 +1,51 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +// This file tests the `locked` attribute in default pref files. + +const ps = Services.prefs; + +// It is necessary to manually disable `xpc::IsInAutomation` since +// `resetPrefs` will flip the preference to re-enable `once`-synced +// preference change assertions, and also change the value of those +// preferences. +Services.prefs.setBoolPref( + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", + false +); + +add_test(function notChangedFromAPI() { + ps.resetPrefs(); + ps.readDefaultPrefsFromFile(do_get_file("data/testPrefLocked.js")); + Assert.strictEqual(ps.getIntPref("testPref.unlocked.int"), 333); + Assert.strictEqual(ps.getIntPref("testPref.locked.int"), 444); + + // Unlocked pref: can set the user value, which is used upon reading. + ps.setIntPref("testPref.unlocked.int", 334); + Assert.ok(ps.prefHasUserValue("testPref.unlocked.int"), "has a user value"); + Assert.strictEqual(ps.getIntPref("testPref.unlocked.int"), 334); + + // Locked pref: can set the user value, but the default value is used upon + // reading. + ps.setIntPref("testPref.locked.int", 445); + Assert.ok(ps.prefHasUserValue("testPref.locked.int"), "has a user value"); + Assert.strictEqual(ps.getIntPref("testPref.locked.int"), 444); + + // After unlocking, the user value is used. + ps.unlockPref("testPref.locked.int"); + Assert.ok(ps.prefHasUserValue("testPref.locked.int"), "has a user value"); + Assert.strictEqual(ps.getIntPref("testPref.locked.int"), 445); + + run_next_test(); +}); + +add_test(function notChangedFromUserPrefs() { + ps.resetPrefs(); + ps.readDefaultPrefsFromFile(do_get_file("data/testPrefLocked.js")); + ps.readUserPrefsFromFile(do_get_file("data/testPrefLockedUser.js")); + + Assert.strictEqual(ps.getIntPref("testPref.unlocked.int"), 333); + Assert.strictEqual(ps.getIntPref("testPref.locked.int"), 444); + + run_next_test(); +}); diff --git a/modules/libpref/test/unit/test_parsePrefs.js b/modules/libpref/test/unit/test_parsePrefs.js new file mode 100644 index 0000000000..53bb55dc7e --- /dev/null +++ b/modules/libpref/test/unit/test_parsePrefs.js @@ -0,0 +1,136 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +"use strict"; + +// // This undoes some of the configuration from +// Services.dirsvc +// .QueryInterface(Ci.nsIDirectoryService) +// .unregisterProvider(provider); + +class PrefObserver { + constructor() { + this.events = []; + } + + onStringPref(...args) { + // // What happens with an exception here? + // throw new Error(`foo ${args[1]}`); + this.events.push(["string", ...args]); + } + + onIntPref(...args) { + this.events.push(["int", ...args]); + } + + onBoolPref(...args) { + this.events.push(["bool", ...args]); + } + + onError(message) { + this.events.push(["error", message]); + } +} + +const TESTS = { + "data/testPrefSticky.js": [ + ["bool", "Default", "testPref.unsticky.bool", true, false, false], + ["bool", "Default", "testPref.sticky.bool", false, true, false], + ], + "data/testPrefStickyUser.js": [ + ["bool", "User", "testPref.sticky.bool", false, false, false], + ], + "data/testPrefLocked.js": [ + ["int", "Default", "testPref.unlocked.int", 333, false, false], + ["int", "Default", "testPref.locked.int", 444, false, true], + ], + // data/testPrefLockedUser is ASCII. + "data/testPrefLockedUser.js": [ + ["int", "User", "testPref.locked.int", 555, false, false], + ], + // data/testPref is ISO-8859. + "data/testPref.js": [ + ["bool", "User", "testPref.bool1", true, false, false], + ["bool", "User", "testPref.bool2", false, false, false], + ["int", "User", "testPref.int1", 23, false, false], + ["int", "User", "testPref.int2", -1236, false, false], + ["string", "User", "testPref.char1", "_testPref", false, false], + ["string", "User", "testPref.char2", "älskar", false, false], + ], + // data/testParsePrefs is data/testPref.js as UTF-8. + "data/testPrefUTF8.js": [ + ["bool", "User", "testPref.bool1", true, false, false], + ["bool", "User", "testPref.bool2", false, false, false], + ["int", "User", "testPref.int1", 23, false, false], + ["int", "User", "testPref.int2", -1236, false, false], + ["string", "User", "testPref.char1", "_testPref", false, false], + // Observe that this is the ISO-8859/Latin-1 encoding of the UTF-8 bytes. + // (Note that this source file is encoded as UTF-8.) This appears to just + // be how libpref handles this case. This test serves as documentation of + // this infelicity. + ["string", "User", "testPref.char2", "älskar", false, false], + ], +}; + +add_task(async function test_success() { + for (let [path, expected] of Object.entries(TESTS)) { + let prefObserver = new PrefObserver(); + + let prefsFile = do_get_file(path); + let data = await IOUtils.read(prefsFile.path); + + Services.prefs.parsePrefsFromBuffer(data, prefObserver, path); + Assert.deepEqual( + prefObserver.events, + expected, + `Observations from ${path} are as expected` + ); + } +}); + +add_task(async function test_exceptions() { + const { AddonTestUtils } = ChromeUtils.importESModule( + "resource://testing-common/AddonTestUtils.sys.mjs" + ); + + let s = `user_pref("testPref.bool1", true); + user_pref("testPref.bool2", false); + user_pref("testPref.int1", 23); + user_pref("testPref.int2", -1236); + `; + + let onErrorCount = 0; + let addPrefCount = 0; + + let marker = "2fc599a1-433b-4de7-bd63-3e69c3bbad5b"; + let addPref = (...args) => { + addPrefCount += 1; + throw new Error(`${marker}${JSON.stringify(args)}${marker}`); + }; + + let { messages } = await AddonTestUtils.promiseConsoleOutput(() => { + Services.prefs.parsePrefsFromBuffer(new TextEncoder().encode(s), { + onStringPref: addPref, + onIntPref: addPref, + onBoolPref: addPref, + onError(message) { + onErrorCount += 1; + console.error(message); + }, + }); + }); + + Assert.equal(addPrefCount, 4); + Assert.equal(onErrorCount, 0); + + // This is fragile but mercifully simple. + Assert.deepEqual( + messages.map(m => JSON.parse(m.message.split(marker)[1])), + [ + ["User", "testPref.bool1", true, false, false], + ["User", "testPref.bool2", false, false, false], + ["User", "testPref.int1", 23, false, false], + ["User", "testPref.int2", -1236, false, false], + ] + ); +}); diff --git a/modules/libpref/test/unit/test_parser.js b/modules/libpref/test/unit/test_parser.js new file mode 100644 index 0000000000..0b37eef47d --- /dev/null +++ b/modules/libpref/test/unit/test_parser.js @@ -0,0 +1,116 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +// It is necessary to manually disable `xpc::IsInAutomation` since +// `resetPrefs` will flip the preference to re-enable `once`-synced +// preference change assertions, and also change the value of those +// preferences. +Services.prefs.setBoolPref( + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", + false +); + +function run_test() { + const ps = Services.prefs; + + ps.resetPrefs(); + ps.readDefaultPrefsFromFile(do_get_file("data/testParser.js")); + + Assert.equal(ps.getBoolPref("comment1"), true); + Assert.equal(ps.getBoolPref("comment2"), true); + Assert.equal(ps.getBoolPref("spaced-out"), true); + + Assert.equal(ps.getBoolPref("pref"), true); + Assert.equal(ps.getBoolPref("sticky_pref"), true); + Assert.equal(ps.getBoolPref("user_pref"), true); + Assert.equal(ps.getBoolPref("sticky_pref2"), true); + Assert.equal(ps.getBoolPref("locked_pref"), true); + Assert.equal(ps.getBoolPref("locked_sticky_pref"), true); + Assert.equal(ps.prefIsLocked("locked_pref"), true); + Assert.equal(ps.prefIsLocked("locked_sticky_pref"), true); + + Assert.equal(ps.getBoolPref("bool.true"), true); + Assert.equal(ps.getBoolPref("bool.false"), false); + + Assert.equal(ps.getIntPref("int.0"), 0); + Assert.equal(ps.getIntPref("int.1"), 1); + Assert.equal(ps.getIntPref("int.123"), 123); + Assert.equal(ps.getIntPref("int.+234"), 234); + Assert.equal(ps.getIntPref("int.+ 345"), 345); + Assert.equal(ps.getIntPref("int.-0"), -0); + Assert.equal(ps.getIntPref("int.-1"), -1); + Assert.equal(ps.getIntPref("int.- /* hmm */\t456"), -456); + Assert.equal(ps.getIntPref("int.-\n567"), -567); + Assert.equal(ps.getIntPref("int.INT_MAX-1"), 2147483646); + Assert.equal(ps.getIntPref("int.INT_MAX"), 2147483647); + Assert.equal(ps.getIntPref("int.INT_MIN+2"), -2147483646); + Assert.equal(ps.getIntPref("int.INT_MIN+1"), -2147483647); + Assert.equal(ps.getIntPref("int.INT_MIN"), -2147483648); + + Assert.equal(ps.getCharPref("string.empty"), ""); + Assert.equal(ps.getCharPref("string.abc"), "abc"); + Assert.equal( + ps.getCharPref("string.long"), + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" + ); + Assert.equal(ps.getCharPref("string.single-quotes"), '"abc"'); + Assert.equal(ps.getCharPref("string.double-quotes"), "'abc'"); + Assert.equal( + ps.getCharPref("string.weird-chars"), + "\x0d \x09 \x0b \x0c \x06 \x16" + ); + Assert.equal(ps.getCharPref("string.escapes"), "\" ' \\ \n \r"); + + // This one is ASCII, so we can use getCharPref() and getStringPref + // interchangeably. + Assert.equal( + ps.getCharPref("string.x-escapes1"), + "Mozilla0\x4d\x6F\x7a\x69\x6c\x6C\x610" + ); + Assert.equal(ps.getStringPref("string.x-escapes1"), "Mozilla0Mozilla0"); + + // This one has chars with value > 127, so it's not valid UTF8, so we can't + // use getStringPref on it. + Assert.equal( + ps.getCharPref("string.x-escapes2"), + "AA A_umlaut\xc4 y_umlaut\xff" + ); + + // The following strings use \uNNNN escapes, which are UTF16 code points. + // libpref stores them internally as UTF8 byte sequences. In each case we get + // the string in two ways: + // - getStringPref() interprets it as UTF8, which is then converted to UTF16 + // in JS. I.e. code points that are multiple bytes in UTF8 become a single + // 16-bit char in JS (except for the non-BMP chars, which become a 16-bit + // surrogate pair). + // - getCharPref() interprets it as Latin1, which is then converted to UTF16 + // in JS. I.e. code points that are multiple bytes in UTF8 become multiple + // 16-bit chars in JS. + + Assert.equal( + ps.getStringPref("string.u-escapes1"), + "A\u0041 A_umlaut\u00c4 y_umlaut\u00ff0" + ); + Assert.equal( + ps.getCharPref("string.u-escapes1"), + "A\x41 A_umlaut\xc3\x84 y_umlaut\xc3\xbf0" + ); + + Assert.equal( + ps.getStringPref("string.u-escapes2"), + "S_acute\u015a y_grave\u1Ef3" + ); + Assert.equal( + ps.getCharPref("string.u-escapes2"), + "S_acute\xc5\x9a y_grave\xe1\xbb\xb3" + ); + + Assert.equal( + ps.getStringPref("string.u-surrogates"), + "cyclone\uD83C\uDF00 grinning_face\uD83D\uDE00" + ); + Assert.equal( + ps.getCharPref("string.u-surrogates"), + "cyclone\xF0\x9F\x8C\x80 grinning_face\xF0\x9F\x98\x80" + ); +} diff --git a/modules/libpref/test/unit/test_stickyprefs.js b/modules/libpref/test/unit/test_stickyprefs.js new file mode 100644 index 0000000000..d344d208ab --- /dev/null +++ b/modules/libpref/test/unit/test_stickyprefs.js @@ -0,0 +1,196 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/licenses/publicdomain/ */ + +const ps = Services.prefs; + +// It is necessary to manually disable `xpc::IsInAutomation` since +// `resetPrefs` will flip the preference to re-enable `once`-synced +// preference change assertions, and also change the value of those +// preferences. +Services.prefs.setBoolPref( + "security.turn_off_all_security_so_that_viruses_can_take_over_this_computer", + false +); + +// A little helper to reset the service and load one pref file. +function resetAndLoadDefaults() { + ps.resetPrefs(); + ps.readDefaultPrefsFromFile(do_get_file("data/testPrefSticky.js")); +} + +// A little helper to reset the service and load two pref files. +function resetAndLoadAll() { + ps.resetPrefs(); + ps.readDefaultPrefsFromFile(do_get_file("data/testPrefSticky.js")); + ps.readUserPrefsFromFile(do_get_file("data/testPrefStickyUser.js")); +} + +// A little helper that saves the current state to a file in the profile +// dir, then resets the service and re-reads the file it just saved. +// Used to test what gets actually written - things the pref service decided +// not to write don't exist at all after this call. +function saveAndReload() { + let file = do_get_profile(); + file.append("prefs.js"); + ps.savePrefFile(file); + + // Now reset the pref service and re-read what we saved. + ps.resetPrefs(); + + // Hack alert: on Windows nsLocalFile caches the size of savePrefFile from + // the .create() call above as 0. We call .exists() to reset the cache. + file.exists(); + + ps.readUserPrefsFromFile(file); +} + +// A sticky pref should not be written if the value is unchanged. +add_test(function notWrittenWhenUnchanged() { + resetAndLoadDefaults(); + Assert.strictEqual(ps.getBoolPref("testPref.unsticky.bool"), true); + Assert.strictEqual(ps.getBoolPref("testPref.sticky.bool"), false); + + // write prefs - but we haven't changed the sticky one, so it shouldn't be written. + saveAndReload(); + // sticky should not have been written to the new file. + try { + ps.getBoolPref("testPref.sticky.bool"); + Assert.ok(false, "expected failure reading this pref"); + } catch (ex) { + Assert.ok(ex, "exception reading regular pref"); + } + run_next_test(); +}); + +// Loading a sticky `pref` then a `user_pref` for the same pref means it should +// always be written. +add_test(function writtenOnceLoadedWithoutChange() { + // Load the same pref file *as well as* a pref file that has a user_pref for + // our sticky with the default value. It should be re-written without us + // touching it. + resetAndLoadAll(); + // reset and re-read what we just wrote - it should be written. + saveAndReload(); + Assert.strictEqual( + ps.getBoolPref("testPref.sticky.bool"), + false, + "user_pref was written with default value" + ); + run_next_test(); +}); + +// If a sticky pref is explicicitly changed, even to the default, it is written. +add_test(function writtenOnceLoadedWithChangeNonDefault() { + // Load the same pref file *as well as* a pref file that has a user_pref for + // our sticky - then change the pref. It should be written. + resetAndLoadAll(); + // Set a new val and check we wrote it. + ps.setBoolPref("testPref.sticky.bool", false); + saveAndReload(); + Assert.strictEqual( + ps.getBoolPref("testPref.sticky.bool"), + false, + "user_pref was written with custom value" + ); + run_next_test(); +}); + +// If a sticky pref is changed to the non-default value, it is written. +add_test(function writtenOnceLoadedWithChangeNonDefault() { + // Load the same pref file *as well as* a pref file that has a user_pref for + // our sticky - then change the pref. It should be written. + resetAndLoadAll(); + // Set a new val and check we wrote it. + ps.setBoolPref("testPref.sticky.bool", true); + saveAndReload(); + Assert.strictEqual( + ps.getBoolPref("testPref.sticky.bool"), + true, + "user_pref was written with custom value" + ); + run_next_test(); +}); + +// Test that prefHasUserValue always returns true whenever there is a sticky +// value, even when that value matches the default. This is mainly for +// about:config semantics - prefs with a sticky value always remain bold and +// always offer "reset" (which fully resets and drops the sticky value as if +// the pref had never changed.) +add_test(function hasUserValue() { + // sticky pref without user value. + resetAndLoadDefaults(); + Assert.strictEqual(ps.getBoolPref("testPref.sticky.bool"), false); + Assert.ok( + !ps.prefHasUserValue("testPref.sticky.bool"), + "should not initially reflect a user value" + ); + + ps.setBoolPref("testPref.sticky.bool", false); + Assert.ok( + ps.prefHasUserValue("testPref.sticky.bool"), + "should reflect a user value after set to default" + ); + + ps.setBoolPref("testPref.sticky.bool", true); + Assert.ok( + ps.prefHasUserValue("testPref.sticky.bool"), + "should reflect a user value after change to non-default" + ); + + ps.clearUserPref("testPref.sticky.bool"); + Assert.ok( + !ps.prefHasUserValue("testPref.sticky.bool"), + "should reset to no user value" + ); + ps.setBoolPref("testPref.sticky.bool", false, "expected default"); + + // And make sure the pref immediately reflects a user value after load. + resetAndLoadAll(); + Assert.strictEqual(ps.getBoolPref("testPref.sticky.bool"), false); + Assert.ok( + ps.prefHasUserValue("testPref.sticky.bool"), + "should have a user value when loaded value is the default" + ); + run_next_test(); +}); + +// Test that clearUserPref removes the "sticky" value. +add_test(function clearUserPref() { + // load things such that we have a sticky value which is the same as the + // default. + resetAndLoadAll(); + ps.clearUserPref("testPref.sticky.bool"); + + // Once we save prefs the sticky pref should no longer be written. + saveAndReload(); + try { + ps.getBoolPref("testPref.sticky.bool"); + Assert.ok(false, "expected failure reading this pref"); + } catch (ex) { + Assert.ok(ex, "pref doesn't have a sticky value"); + } + run_next_test(); +}); + +// Test that a pref observer gets a notification fired when a sticky pref +// has it's value changed to the same value as the default. The reason for +// this behaviour is that later we might have other code that cares about a +// pref being sticky (IOW, we notify due to the "state" of the pref changing +// even if the value has not) +add_test(function observerFires() { + // load things so there's no sticky value. + resetAndLoadDefaults(); + + function observe(subject, topic, data) { + Assert.equal(data, "testPref.sticky.bool"); + ps.removeObserver("testPref.sticky.bool", observe); + run_next_test(); + } + ps.addObserver("testPref.sticky.bool", observe); + + ps.setBoolPref( + "testPref.sticky.bool", + ps.getBoolPref("testPref.sticky.bool") + ); + // and the observer will fire triggering the next text. +}); diff --git a/modules/libpref/test/unit/test_warnings.js b/modules/libpref/test/unit/test_warnings.js new file mode 100644 index 0000000000..a6782f5c59 --- /dev/null +++ b/modules/libpref/test/unit/test_warnings.js @@ -0,0 +1,62 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +function makeBuffer(length) { + return new Array(length + 1).join("x"); +} + +/** + * @resolves |true| if execution proceeded without warning, + * |false| if there was a warning. + */ +function checkWarning(pref, buffer) { + return new Promise(resolve => { + let complete = false; + let listener = { + observe(event) { + let message = event.message; + if ( + !( + message.startsWith("Warning: attempting to write") && + message.includes(pref) + ) + ) { + return; + } + if (complete) { + return; + } + complete = true; + info("Warning while setting " + pref); + Services.console.unregisterListener(listener); + resolve(true); + }, + }; + do_timeout(1000, function () { + if (complete) { + return; + } + complete = true; + info("No warning while setting " + pref); + Services.console.unregisterListener(listener); + resolve(false); + }); + Services.console.registerListener(listener); + Services.prefs.setCharPref(pref, buffer); + }); +} + +add_task(async function () { + // Simple change, shouldn't cause a warning + info("Checking that a simple change doesn't cause a warning"); + let buf = makeBuffer(100); + let warned = await checkWarning("string.accept", buf); + Assert.ok(!warned); + + // Large change, should cause a warning + info("Checking that a large change causes a warning"); + buf = makeBuffer(32 * 1024); + warned = await checkWarning("string.warn", buf); + Assert.ok(warned); +}); diff --git a/modules/libpref/test/unit/xpcshell.ini b/modules/libpref/test/unit/xpcshell.ini new file mode 100644 index 0000000000..0778b8659f --- /dev/null +++ b/modules/libpref/test/unit/xpcshell.ini @@ -0,0 +1,28 @@ +[DEFAULT] +head = head_libPrefs.js +support-files = + data/testPref.js + extdata/testExt.js + +[test_warnings.js] +[test_bug345529.js] +[test_bug506224.js] +[test_bug577950.js] +[test_bug790374.js] +[test_stickyprefs.js] +skip-if = (os == "win" && socketprocess_networking) +support-files = data/testPrefSticky.js data/testPrefStickyUser.js +[test_locked_file_prefs.js] +skip-if = (os == "win" && socketprocess_networking) +support-files = data/testPrefLocked.js data/testPrefLockedUser.js +[test_changeType.js] +[test_defaultValues.js] +[test_dirtyPrefs.js] +[test_libPrefs.js] +[test_bug1354613.js] +[test_parser.js] +support-files = data/testParser.js +[test_parsePrefs.js] +support-files = + data/testPrefUTF8.js +head = diff --git a/modules/libpref/test/unit_ipc/test_existing_prefs.js b/modules/libpref/test/unit_ipc/test_existing_prefs.js new file mode 100644 index 0000000000..4efce784b0 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_existing_prefs.js @@ -0,0 +1,20 @@ +function isParentProcess() { + let appInfo = Cc["@mozilla.org/xre/app-info;1"]; + return ( + !appInfo || + Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT + ); +} + +function run_test() { + if (!isParentProcess()) { + do_load_child_test_harness(); + + var pb = Services.prefs; + pb.setBoolPref("Test.IPC.bool.new", true); + pb.setIntPref("Test.IPC.int.new", 23); + pb.setCharPref("Test.IPC.char.new", "hey"); + + run_test_in_child("test_observed_prefs.js"); + } +} diff --git a/modules/libpref/test/unit_ipc/test_initial_prefs.js b/modules/libpref/test/unit_ipc/test_initial_prefs.js new file mode 100644 index 0000000000..9c5e8991cf --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_initial_prefs.js @@ -0,0 +1,14 @@ +function isParentProcess() { + return Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; +} + +function run_test() { + if (!isParentProcess()) { + const pb = Services.prefs; + pb.setBoolPref("Test.IPC.bool", true); + pb.setIntPref("Test.IPC.int", 23); + pb.setCharPref("Test.IPC.char", "hey"); + + run_test_in_child("test_existing_prefs.js"); + } +} diff --git a/modules/libpref/test/unit_ipc/test_large_pref.js b/modules/libpref/test/unit_ipc/test_large_pref.js new file mode 100644 index 0000000000..79c1330c36 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_large_pref.js @@ -0,0 +1,104 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Large preferences should not be set in the child process. +// Non-string preferences are not tested here, because their behavior +// should not be affected by this filtering. +// + +function isParentProcess() { + return Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; +} + +function makeBuffer(length) { + let string = "x"; + while (string.length < length) { + string = string + string; + } + if (string.length > length) { + string = string.substring(length - string.length); + } + return string; +} + +// from prefapi.h +const MAX_ADVISABLE_PREF_LENGTH = 4 * 1024; + +const largeString = makeBuffer(MAX_ADVISABLE_PREF_LENGTH + 1); +const smallString = makeBuffer(4); + +const testValues = [ + { name: "None", value: undefined }, + { name: "Small", value: smallString }, + { name: "Large", value: largeString }, +]; + +function prefName(def, user) { + return "Test.IPC.default" + def.name + "User" + user.name; +} + +function expectedPrefValue(def, user) { + if (user.value) { + return user.value; + } + return def.value; +} + +function run_test() { + const pb = Services.prefs; + let defaultBranch = pb.getDefaultBranch(""); + + let isParent = isParentProcess(); + if (isParent) { + // Preferences with large values will still appear in the shared memory + // snapshot that we share with all processes. They should not, however, be + // sent with the list of changes on top of the snapshot. + // + // So, make sure we've generated the initial snapshot before we set the + // preference values by launching a child process with an empty test. + sendCommand(""); + + // Set all combinations of none, small and large, for default and user prefs. + for (let def of testValues) { + for (let user of testValues) { + let currPref = prefName(def, user); + if (def.value) { + defaultBranch.setCharPref(currPref, def.value); + } + if (user.value) { + pb.setCharPref(currPref, user.value); + } + } + } + + run_test_in_child("test_large_pref.js"); + } + + // Check that each preference is set or not set, as appropriate. + for (let def of testValues) { + for (let user of testValues) { + if (!def.value && !user.value) { + continue; + } + let pref_name = prefName(def, user); + if (isParent || (def.name != "Large" && user.name != "Large")) { + Assert.equal(pb.getCharPref(pref_name), expectedPrefValue(def, user)); + } else { + // This is the child, and either the default or user value is + // large, so the preference should not be set. + let prefExists; + try { + let val = pb.getCharPref(pref_name); + prefExists = val.length > 128; + } catch (e) { + prefExists = false; + } + ok( + !prefExists, + "Pref " + pref_name + " should not be set in the child" + ); + } + } + } +} diff --git a/modules/libpref/test/unit_ipc/test_locked_prefs.js b/modules/libpref/test/unit_ipc/test_locked_prefs.js new file mode 100644 index 0000000000..037427e495 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_locked_prefs.js @@ -0,0 +1,39 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +// Locked status should be communicated to children. + +function isParentProcess() { + return Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; +} + +function run_test() { + const pb = Services.prefs; + + let bprefname = "Test.IPC.locked.bool"; + let iprefname = "Test.IPC.locked.int"; + let sprefname = "Test.IPC.locked.string"; + + let isParent = isParentProcess(); + if (isParent) { + pb.setBoolPref(bprefname, true); + pb.lockPref(bprefname); + + pb.setIntPref(iprefname, true); + pb.lockPref(iprefname); + + pb.setStringPref(sprefname, true); + pb.lockPref(sprefname); + pb.unlockPref(sprefname); + + run_test_in_child("test_locked_prefs.js"); + } + + ok(pb.prefIsLocked(bprefname), bprefname + " should be locked in the child"); + ok(pb.prefIsLocked(iprefname), iprefname + " should be locked in the child"); + ok( + !pb.prefIsLocked(sprefname), + sprefname + " should be unlocked in the child" + ); +} diff --git a/modules/libpref/test/unit_ipc/test_observed_prefs.js b/modules/libpref/test/unit_ipc/test_observed_prefs.js new file mode 100644 index 0000000000..9f6984d555 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_observed_prefs.js @@ -0,0 +1,12 @@ +function isParentProcess() { + return Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; +} + +function run_test() { + if (!isParentProcess()) { + const pb = Services.prefs; + Assert.equal(pb.getBoolPref("Test.IPC.bool.new"), true); + Assert.equal(pb.getIntPref("Test.IPC.int.new"), 23); + Assert.equal(pb.getCharPref("Test.IPC.char.new"), "hey"); + } +} diff --git a/modules/libpref/test/unit_ipc/test_sharedMap.js b/modules/libpref/test/unit_ipc/test_sharedMap.js new file mode 100644 index 0000000000..c9a001d7a0 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_sharedMap.js @@ -0,0 +1,362 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// This file tests the functionality of the preference service when using a +// shared memory snapshot. In this configuration, a snapshot of the initial +// state of the preferences database is made when we first spawn a child +// process, and changes after that point are stored as entries in a dynamic hash +// table, on top of the snapshot. + +const { XPCShellContentUtils } = ChromeUtils.importESModule( + "resource://testing-common/XPCShellContentUtils.sys.mjs" +); + +XPCShellContentUtils.init(this); + +let contentPage; + +const { prefs } = Services; +const defaultPrefs = prefs.getDefaultBranch(""); + +const FRAME_SCRIPT_INIT = ` + var { prefs } = Services; + var defaultPrefs = prefs.getDefaultBranch(""); +`; + +function try_(fn) { + try { + return fn(); + } catch (e) { + return undefined; + } +} + +function getPref(pref) { + let flags = { + locked: try_(() => prefs.prefIsLocked(pref)), + hasUser: try_(() => prefs.prefHasUserValue(pref)), + }; + + switch (prefs.getPrefType(pref)) { + case prefs.PREF_INT: + return { + ...flags, + type: "Int", + user: try_(() => prefs.getIntPref(pref)), + default: try_(() => defaultPrefs.getIntPref(pref)), + }; + case prefs.PREF_BOOL: + return { + ...flags, + type: "Bool", + user: try_(() => prefs.getBoolPref(pref)), + default: try_(() => defaultPrefs.getBoolPref(pref)), + }; + case prefs.PREF_STRING: + return { + ...flags, + type: "String", + user: try_(() => prefs.getStringPref(pref)), + default: try_(() => defaultPrefs.getStringPref(pref)), + }; + } + return {}; +} + +function getPrefs(prefNames) { + let result = {}; + for (let pref of prefNames) { + result[pref] = getPref(pref); + } + result.childList = prefs.getChildList(""); + return result; +} + +function checkPref( + pref, + proc, + val, + type, + userVal, + defaultVal, + expectedFlags = {} +) { + info(`Check "${pref}" ${proc} value`); + + equal(val.type, type, `Expected type for "${pref}"`); + equal(val.user, userVal, `Expected user value for "${pref}"`); + + // We only send changes to the content process when they'll make a visible + // difference, so ignore content process default values when we have a defined + // user value. + if (proc !== "content" || val.user === undefined) { + equal(val.default, defaultVal, `Expected default value for "${pref}"`); + } + + for (let [flag, value] of Object.entries(expectedFlags)) { + equal(val[flag], value, `Expected ${flag} value for "${pref}"`); + } +} + +function getPrefList() { + return prefs.getChildList(""); +} + +const TESTS = { + "exists.thenDoesNot": { + beforeContent(PREF) { + prefs.setBoolPref(PREF, true); + + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + }, + contentStartup(PREF, val, childList) { + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + ok(childList.includes(PREF), `Child list includes "${PREF}"`); + + prefs.clearUserPref(PREF); + ok( + !getPrefList().includes(PREF), + `Parent list doesn't include "${PREF}"` + ); + }, + contentUpdate1(PREF, val, childList) { + ok( + !getPrefList().includes(PREF), + `Parent list doesn't include "${PREF}"` + ); + ok(!childList.includes(PREF), `Child list doesn't include "${PREF}"`); + + prefs.setCharPref(PREF, "foo"); + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + checkPref(PREF, "parent", getPref(PREF), "String", "foo"); + }, + contentUpdate2(PREF, val, childList) { + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + ok(childList.includes(PREF), `Child list includes "${PREF}"`); + + checkPref(PREF, "parent", getPref(PREF), "String", "foo"); + checkPref(PREF, "child", val, "String", "foo"); + }, + }, + "doesNotExists.thenDoes": { + contentStartup(PREF, val, childList) { + ok( + !getPrefList().includes(PREF), + `Parent list doesn't include "${PREF}"` + ); + ok(!childList.includes(PREF), `Child list doesn't include "${PREF}"`); + + prefs.setIntPref(PREF, 42); + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + }, + contentUpdate1(PREF, val, childList) { + ok(getPrefList().includes(PREF), `Parent list includes "${PREF}"`); + ok(childList.includes(PREF), `Child list includes "${PREF}"`); + + checkPref(PREF, "parent", getPref(PREF), "Int", 42); + checkPref(PREF, "child", val, "Int", 42); + }, + }, +}; + +const PREFS = [ + { type: "Bool", values: [true, false, true] }, + { type: "Int", values: [24, 42, 73] }, + { type: "String", values: ["meh", "hem", "hrm"] }, +]; + +for (let { type, values } of PREFS) { + let set = `set${type}Pref`; + + function prefTest(opts) { + function check( + pref, + proc, + val, + { + expectedVal, + defaultVal = undefined, + expectedDefault = defaultVal, + expectedFlags = {}, + } + ) { + checkPref( + pref, + proc, + val, + type, + expectedVal, + expectedDefault, + expectedFlags + ); + } + + function updatePref( + PREF, + { userVal = undefined, defaultVal = undefined, flags = {} } + ) { + info(`Update "${PREF}"`); + if (userVal !== undefined) { + prefs[set](PREF, userVal); + } + if (defaultVal !== undefined) { + defaultPrefs[set](PREF, defaultVal); + } + if (flags.locked === true) { + prefs.lockPref(PREF); + } else if (flags.locked === false) { + prefs.unlockPref(PREF); + } + } + + return { + beforeContent(PREF) { + updatePref(PREF, opts.initial); + check(PREF, "parent", getPref(PREF), opts.initial); + }, + contentStartup(PREF, contentVal) { + check(PREF, "content", contentVal, opts.initial); + check(PREF, "parent", getPref(PREF), opts.initial); + + updatePref(PREF, opts.change1); + check(PREF, "parent", getPref(PREF), opts.change1); + }, + contentUpdate1(PREF, contentVal) { + check(PREF, "content", contentVal, opts.change1); + check(PREF, "parent", getPref(PREF), opts.change1); + + if (opts.change2) { + updatePref(PREF, opts.change2); + check(PREF, "parent", getPref(PREF), opts.change2); + } + }, + contentUpdate2(PREF, contentVal) { + if (opts.change2) { + check(PREF, "content", contentVal, opts.change2); + check(PREF, "parent", getPref(PREF), opts.change2); + } + }, + }; + } + + for (let i of [0, 1]) { + let userVal = values[i]; + let defaultVal = values[+!i]; + + TESTS[`type.${type}.${i}.default`] = prefTest({ + initial: { defaultVal, expectedVal: defaultVal }, + change1: { defaultVal: values[2], expectedVal: values[2] }, + }); + + TESTS[`type.${type}.${i}.user`] = prefTest({ + initial: { userVal, expectedVal: userVal }, + change1: { defaultVal: values[2], expectedVal: userVal }, + change2: { + userVal: values[2], + expectedDefault: values[2], + expectedVal: values[2], + }, + }); + + TESTS[`type.${type}.${i}.both`] = prefTest({ + initial: { userVal, defaultVal, expectedVal: userVal }, + change1: { defaultVal: values[2], expectedVal: userVal }, + change2: { + userVal: values[2], + expectedDefault: values[2], + expectedVal: values[2], + }, + }); + + TESTS[`type.${type}.${i}.both.thenLock`] = prefTest({ + initial: { userVal, defaultVal, expectedVal: userVal }, + change1: { + expectedDefault: defaultVal, + expectedVal: defaultVal, + flags: { locked: true }, + expectFlags: { locked: true }, + }, + }); + + TESTS[`type.${type}.${i}.both.thenUnlock`] = prefTest({ + initial: { + userVal, + defaultVal, + expectedVal: defaultVal, + flags: { locked: true }, + expectedFlags: { locked: true }, + }, + change1: { + expectedDefault: defaultVal, + expectedVal: userVal, + flags: { locked: false }, + expectFlags: { locked: false }, + }, + }); + + TESTS[`type.${type}.${i}.both.locked`] = prefTest({ + initial: { + userVal, + defaultVal, + expectedVal: defaultVal, + flags: { locked: true }, + expectedFlags: { locked: true }, + }, + change1: { + userVal: values[2], + expectedDefault: defaultVal, + expectedVal: defaultVal, + expectedFlags: { locked: true }, + }, + change2: { + defaultVal: values[2], + expectedDefault: defaultVal, + expectedVal: defaultVal, + expectedFlags: { locked: true }, + }, + }); + } +} + +add_task(async function test_sharedMap_prefs() { + let prefValues = {}; + + async function runChecks(op) { + for (let [pref, ops] of Object.entries(TESTS)) { + if (ops[op]) { + info(`Running ${op} for "${pref}"`); + await ops[op]( + pref, + prefValues[pref] || undefined, + prefValues.childList || undefined + ); + } + } + } + + await runChecks("beforeContent"); + + contentPage = await XPCShellContentUtils.loadContentPage("about:blank", { + remote: true, + }); + registerCleanupFunction(() => contentPage.close()); + + contentPage.addFrameScriptHelper(FRAME_SCRIPT_INIT); + contentPage.addFrameScriptHelper(try_); + contentPage.addFrameScriptHelper(getPref); + + let prefNames = Object.keys(TESTS); + prefValues = await contentPage.legacySpawn(prefNames, getPrefs); + + await runChecks("contentStartup"); + + prefValues = await contentPage.legacySpawn(prefNames, getPrefs); + + await runChecks("contentUpdate1"); + + prefValues = await contentPage.legacySpawn(prefNames, getPrefs); + + await runChecks("contentUpdate2"); +}); diff --git a/modules/libpref/test/unit_ipc/test_sharedMap_static_prefs.js b/modules/libpref/test/unit_ipc/test_sharedMap_static_prefs.js new file mode 100644 index 0000000000..a8181bf2cb --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_sharedMap_static_prefs.js @@ -0,0 +1,76 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +"use strict"; + +// Tests that static preferences in the content process +// correctly handle values which are different from their +// statically-defined defaults. +// +// Since we can't access static preference values from JS, this tests relies on +// assertions in debug builds to detect mismatches. The default and user +// values of two preferences are changed (respectively) before a content +// process is started. Once the content process is launched, the +// preference service asserts that the values stored in all static prefs +// match their current values as known to the preference service. If +// there's a mismatch, the shell will crash, and the test will fail. +// +// For sanity, we also check that the dynamically retrieved preference +// values in the content process match our expectations, though this is +// not strictly part of the test. + +const PREF1_NAME = "dom.webcomponents.shadowdom.report_usage"; +const PREF1_VALUE = false; + +const PREF2_NAME = "dom.mutation-events.cssom.disabled"; +const PREF2_VALUE = true; + +const { XPCShellContentUtils } = ChromeUtils.importESModule( + "resource://testing-common/XPCShellContentUtils.sys.mjs" +); + +XPCShellContentUtils.init(this); + +const { prefs } = Services; +const defaultPrefs = prefs.getDefaultBranch(""); + +add_task(async function test_sharedMap_static_prefs() { + equal( + prefs.getBoolPref(PREF1_NAME), + PREF1_VALUE, + `Expected initial value for ${PREF1_NAME}` + ); + equal( + prefs.getBoolPref(PREF2_NAME), + PREF2_VALUE, + `Expected initial value for ${PREF2_NAME}` + ); + + defaultPrefs.setBoolPref(PREF1_NAME, !PREF1_VALUE); + prefs.setBoolPref(PREF2_NAME, !PREF2_VALUE); + + equal( + prefs.getBoolPref(PREF1_NAME), + !PREF1_VALUE, + `Expected updated value for ${PREF1_NAME}` + ); + equal( + prefs.getBoolPref(PREF2_NAME), + !PREF2_VALUE, + `Expected updated value for ${PREF2_NAME}` + ); + + let contentPage = await XPCShellContentUtils.loadContentPage("about:blank", { + remote: true, + }); + registerCleanupFunction(() => contentPage.close()); + + /* eslint-disable no-shadow */ + let values = await contentPage.spawn([[PREF1_NAME, PREF2_NAME]], prefs => { + return prefs.map(pref => Services.prefs.getBoolPref(pref)); + }); + /* eslint-enable no-shadow */ + + equal(values[0], !PREF1_VALUE, `Expected content value for ${PREF1_NAME}`); + equal(values[1], !PREF2_VALUE, `Expected content value for ${PREF2_NAME}`); +}); diff --git a/modules/libpref/test/unit_ipc/test_update_prefs.js b/modules/libpref/test/unit_ipc/test_update_prefs.js new file mode 100644 index 0000000000..51e2c458c5 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_update_prefs.js @@ -0,0 +1,34 @@ +function isParentProcess() { + return Services.appinfo.processType == Ci.nsIXULRuntime.PROCESS_TYPE_DEFAULT; +} + +function run_test() { + if (isParentProcess()) { + do_load_child_test_harness(); + + var pb = Services.prefs; + + // these prefs are set after the child has been created. + pb.setBoolPref("Test.IPC.bool.new", true); + pb.setIntPref("Test.IPC.int.new", 23); + pb.setCharPref("Test.IPC.char.new", "hey"); + + run_test_in_child("test_observed_prefs.js", testPrefClear); + } +} + +function testPrefClear() { + var pb = Services.prefs; + pb.clearUserPref("Test.IPC.bool.new"); + + sendCommand( + 'var pb = Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefBranch);\n' + + 'pb.prefHasUserValue("Test.IPC.bool.new");\n', + checkWasCleared + ); +} + +function checkWasCleared(existsStr) { + Assert.equal(existsStr, "false"); + do_test_finished(); +} diff --git a/modules/libpref/test/unit_ipc/test_user_default_prefs.js b/modules/libpref/test/unit_ipc/test_user_default_prefs.js new file mode 100644 index 0000000000..3307522513 --- /dev/null +++ b/modules/libpref/test/unit_ipc/test_user_default_prefs.js @@ -0,0 +1,72 @@ +const pb = Services.prefs; + +// This pref is chosen somewhat arbitrarily --- we just need one +// that's guaranteed to have a default value. +const kPrefName = "intl.accept_languages"; // of type char, which we +// assume below +var initialValue = null; + +function check_child_pref_info_eq(continuation) { + sendCommand( + 'var pb = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);\n' + + // Returns concatenation "[value],[isUser]" + 'pb.getCharPref("' + + kPrefName + + '")+ "," +' + + 'pb.prefHasUserValue("' + + kPrefName + + '");', + function (info) { + let [value, isUser] = info.split(","); + Assert.equal(pb.getCharPref(kPrefName), value); + Assert.equal(pb.prefHasUserValue(kPrefName), isUser == "true"); + continuation(); + } + ); +} + +function run_test() { + // We finish in clean_up() + do_test_pending(); + + initialValue = pb.getCharPref(kPrefName); + + test_user_setting(); +} + +function test_user_setting() { + // We rely on setting this before the content process starts up. + // When it starts up, it should recognize this as a user pref, not + // a default pref. + pb.setCharPref(kPrefName, "i-imaginarylanguage"); + // NB: processing of the value-change notification in the child + // process triggered by the above set happens-before the remaining + // code here + check_child_pref_info_eq(function () { + Assert.equal(pb.prefHasUserValue(kPrefName), true); + + test_cleared_is_default(); + }); +} + +function test_cleared_is_default() { + pb.clearUserPref(kPrefName); + // NB: processing of the value-change notification in the child + // process triggered by the above set happens-before the remaining + // code here + check_child_pref_info_eq(function () { + Assert.equal(pb.prefHasUserValue(kPrefName), false); + + clean_up(); + }); +} + +function clean_up() { + pb.setCharPref(kPrefName, initialValue); + // NB: processing of the value-change notification in the child + // process triggered by the above set happens-before the remaining + // code here + check_child_pref_info_eq(function () { + do_test_finished(); + }); +} diff --git a/modules/libpref/test/unit_ipc/xpcshell.ini b/modules/libpref/test/unit_ipc/xpcshell.ini new file mode 100644 index 0000000000..e2a444f774 --- /dev/null +++ b/modules/libpref/test/unit_ipc/xpcshell.ini @@ -0,0 +1,14 @@ +[DEFAULT] +head = +skip-if = toolkit == 'android' + +[test_existing_prefs.js] +[test_initial_prefs.js] +[test_large_pref.js] +[test_locked_prefs.js] +[test_observed_prefs.js] +[test_update_prefs.js] +[test_sharedMap.js] +[test_sharedMap_static_prefs.js] +skip-if = !debug # Relies on debug assertions to catch failure cases. +[test_user_default_prefs.js] |