Opened 4 months ago

Closed 4 months ago

#29445 closed task (fixed)

Tor Browser is denying ESR policies.json. This should work because TB is ESR fork.

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201903R
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://www.ghacks.net/2018/05/21/enterprise-policy-generator-add-on-for-firefox/

What:
Create a file "TorBrowser/distribution/policies.json" to disable telemetry and other annoyances

Expected behavior:
The browser obey policies.json because Tor Browser is based on Firefox ESR

Actual result:
"Only Allowed on ESR" error message on Browser Console

Child Tickets

Change History (7)

comment:1 Changed 4 months ago by tom

This is because of this check here:

https://searchfox.org/mozilla-central/rev/cb7faaf6b4ad2528390186f1ce64618dea71031e/browser/components/enterprisepolicies/EnterprisePolicies.js#305

Amusingly, this means it should work on the Alpha bundle.

I don't know if Tor wants to support this however.

comment:2 Changed 4 months ago by gk

Cc: mcs brade added
Priority: HighMedium
Status: newneeds_information

mcs/brade: What had been the reason for not using esr as the update channel for the stable series, given that Tor Browser is based on that series?

comment:3 in reply to:  2 ; Changed 4 months ago by mcs

Replying to gk:

mcs/brade: What had been the reason for not using esr as the update channel for the stable series, given that Tor Browser is based on that series?

Kathy and I don't remember all of the details, but probably we knew we needed two update channels for our public releases and chose release and alpha. At this point (assuming we want to support the enterprise policy features), it might be easiest to patch the code mentioned in comment:1.

comment:4 in reply to:  3 Changed 4 months ago by gk

Status: needs_informationnew

Replying to mcs:

Replying to gk:

mcs/brade: What had been the reason for not using esr as the update channel for the stable series, given that Tor Browser is based on that series?

Kathy and I don't remember all of the details, but probably we knew we needed two update channels for our public releases and chose release and alpha. At this point (assuming we want to support the enterprise policy features), it might be easiest to patch the code mentioned in comment:1.

Works for me.

comment:5 Changed 4 months ago by cypherpunks

esr didn't exist then ;)

comment:6 Changed 4 months ago by mcs

Keywords: TorBrowserTeam201903R added
Status: newneeds_review

Here is a patch:
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug29445-01&id=7ce43156780e3b91f35481cce1eb4afed56a4b0f

As an "escape hatch", support for enterprise policies can still be disabled by setting browser.policies.testing.disallowEnterprise = false (but I would guess that Mozilla only intends that pref to be used for automated tests).

comment:7 Changed 4 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me, merged to tor-browser-60.5.1esr-8.5-1 (commit 7ce43156780e3b91f35481cce1eb4afed56a4b0f).

Note: See TracTickets for help on using tickets.