aboutsummaryrefslogtreecommitdiff
path: root/archive/debugging/debug-notes.log
diff options
context:
space:
mode:
Diffstat (limited to 'archive/debugging/debug-notes.log')
-rw-r--r--archive/debugging/debug-notes.log216
1 files changed, 216 insertions, 0 deletions
diff --git a/archive/debugging/debug-notes.log b/archive/debugging/debug-notes.log
new file mode 100644
index 0000000..b6999af
--- /dev/null
+++ b/archive/debugging/debug-notes.log
@@ -0,0 +1,216 @@
+========================================================================================================================
+Build Notes v2 :
+========================================================================================================================
+
+- Compress tar.xz
+
+ tar cfJ <archive.tar.xz> <files>
+
+- Files to remove :
+
+ crash-reporter...
+ crash-reporter...
+ removed-files
+ update...
+ update...
+ update...
+ browser/feature/webcomp...
+ browser/feature/webcomp...
+ browser/feature/...
+
+- Tor files to remove :
+
+ Classic removal plus
+ https-everywhere addon
+ profile.meek-http-helper...
+
+- Patching release :
+
+ >browser.omni.ja.chrome.browser.content.browser.preferences.in-content.privacy.origin (patch with winrar)
+ Tor : patch mozilla.cfg
+
+- Tor windows :
+
+ Install it to desktop then get the files
+ (Only the lnk file is a new file compared to compressed version)
+ remove lnk file
+ add link.vbs
+ add bat file
+
+- Tor mac :
+
+ Under mac, mount and extract all content to a folder
+ Copy by command .DS_Store (from dmg to folder)
+ run "codesign --remove-signature Tor\ Browser.app".
+ With disk utils, create a dmg from a folder (nocompression rw)
+ We are converting iso-dmg to dmg...
+
+========================================================================================================================
+JS Note & Debugging :
+========================================================================================================================
+
+// ----------
+// CSP Note :
+// ----------
+//
+// Syntax :
+// One or more sources can be allowed for the default-src policy:
+// Content-Security-Policy: default-src <source> <source>;
+// Content-Security-Policy: default-src <source>;
+//
+// default-src is a fallback for :
+// - child-src
+// - connect-src
+// - font-src
+// - frame-src
+// - img-src
+// - manifest-src
+// - media-src
+// - object-src
+// - prefetch-src
+// - script-src
+// - style-src
+// - worker-src
+//
+// <source> can be one of the following:
+//
+// 'none'
+// Refers to the empty set; that is, no URLs match. The single quotes are required.
+//
+// 'self'
+// Refers to the origin from which the protected document is being served,
+// including the same URL scheme and port number. You must include the single quotes.
+// Some browsers specifically exclude blob and filesystem from source directives.
+// Sites needing to allow these content types can specify them using the Data attribute.
+//
+// 'unsafe-inline'
+// Allows the use of inline resources, such as inline <script> elements, javascript:
+// URLs, inline event handlers, and inline <style> elements. You must include the single quotes.
+//
+// 'unsafe-eval'
+// Allows the use of eval() and similar methods for creating code from strings.
+// You must include the single quotes.
+//
+// <scheme-source>
+// A schema such as 'http:' or 'https:'. The colon is required, single quotes
+// shouldn't be used. You can also specify data schemas (not recommended).
+// - data: Allows data: URIs to be used as a content source. This is insecure;
+// An attacker can also inject arbitrary data: URIs.
+// Use this sparingly and definitely not for scripts.
+// - mediastream: Allows mediastream: URIs to be used as a content source.
+// - blob: Allows blob: URIs to be used as a content source.
+// - filesystem: Allows filesystem: URIs to be used as a content source.
+//
+// <host-source>
+// Internet hosts by name or IP address, as well as an optional URL scheme and/or port number.
+// The site's address may include an optional leading wildcard (the asterisk character, '*'),
+// and you may use a wildcard (again, '*') as the port number, indicating that all
+// legal ports are valid for the source.
+// Examples:
+// - http://*.example.com: Matches all attempts to load from any subdomain of example.com using the http: URL scheme.
+// - mail.example.com:443: Matches all attempts to access port 443 on mail.example.com.
+// - https://store.example.com: Matches all attempts to access store.example.com using https:.
+//
+// Sources :
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src
+
+// -----------------
+// Process Isolation
+// -----------------
+//
+// Pref : Separate process for protocol
+// defaultPref("extensions.webextensions.protocol.remote", true); //default true
+//
+// Pref : Separate process for protocol extension
+// defaultPref("extensions.webextensions.remote", false); //default true
+//
+// Process remote (separating process) can partially firewall extension by
+// denying access to some moz-extension (extension internal url like settings page)
+// but this is not reliable not usable for a purpose of firewalling
+// Setting this to false will break moz-extension URI loading
+// unless other process sandboxing and extension remoting prefs are changed.
+// Note, extensions.webextensions.protocol.remote=false is for
+// debugging purposes only. With process-level sandboxing, child
+// processes (specifically content and extension processes), will
+// not be able to load most moz-extension URI's when the pref is
+// set to false.
+
+// ------------------
+// Restricted Domains
+// ------------------
+//
+// "extensions.webextensions.restrictedDomains"
+//
+// gHacks set this to empty ""... this is list of blocked domain for ext.
+// Default value :
+// "accounts-static.cdn.mozilla.net,accounts.firefox.com,addons.cdn.mozilla.net,addons.mozilla.org,
+// api.accounts.firefox.com,content.cdn.mozilla.net,content.cdn.mozilla.net,discovery.
+// addons.mozilla.org,input.mozilla.org,install.mozilla.org,oauth.accounts.firefox.
+// com,profile.accounts.firefox.com,support.mozilla.org,sync.services.
+// mozilla.com,testpilot.firefox.com"
+//
+// Managed in
+// AddonManagerWebAPI.cpp
+// WebExtensionPolicy.cpp
+//
+// Check function (When fail directly return deny) :
+//
+// WebExtensionPolicy::IsRestrictedURI
+// - Check againt restrictedDomains (false-allow) domains->Contains
+// - Check if IsValidSite (deny access) (false-allow)
+// --- Check if empty string --(false-allow)
+// --- Check https/http --(false-allow)
+// --- Check SSL --(false-allow)
+// --- Allow those domain directly --(true---deny)
+// "addons.mozilla.org"
+// "discovery.addons.mozilla.org"
+// "testpilot.firefox.com"
+// --- If pref "extensions.webapi.testing" --(true---deny)
+// is true, it allow access to other
+// sites list
+// --- Return false --(false-allow)
+// - Return false (false-allow)
+
+// -----------------
+// Other Possibility
+// -----------------
+//
+// Other possibility (securefox extension) compare requests to url... filter etc...
+//
+// Other possibility... recompile and make it a native feature... (may be for futur version)
+// Just invert the code to be !domains->Contains and thus allow only listed domain
+//
+// Other hidden setting
+// int dom.ipc.keepProcessesAlive.extension //hidden settings
+//
+// Conclusion : patching binary "IsRestrictedURI" function OR build own version
+// Durable solution is to rebuild... this feature is paused until futur versions
+//
+
+// ---------------------------------------
+// Pref : CSP Settings For Extensions I/II
+// ---------------------------------------
+//
+// Default Value : "
+// script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline';
+// object-src 'self' https://* moz-extension: blob: filesystem:;
+// "
+//
+// Default Deny Value : "
+// default-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline';
+// script-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline';
+// object-src 'self' moz-extension: blob: filesystem:;
+// "
+//
+// Strict Deny Value : "
+// default-src 'self' moz-extension: blob: filesystem:;
+// script-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline';
+// object-src 'self' moz-extension: blob: filesystem:;
+// "
+//
+// Super Strict Deny Value : "
+// default-src 'none';
+// script-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline';
+// object-src 'self' moz-extension: blob: filesystem:;
+// "
bgstack15