======================================================================================================================== Build Notes v2 : ======================================================================================================================== - Files to remove : crash-reporter... crash-reporter... removed-files update... update... update... browser/feature/webcomp... browser/feature/webcomp... browser/feature/... - Tor files to remove : Classic removal plus https-everywhere addon profile.meek-http-helper... - Patching release : >browser.omni.ja.chrome.browser.content.browser.preferences.in-content.privacy.origin (patch with winrar) Tor : patch mozilla.cfg - Tor windows : Install it to desktop then get the files (Only the lnk file is a new file compared to compressed version) remove lnk file add link.vbs add bat file - Tor mac : Under mac, mount and extract all content to a folder Copy by command .DS_Store (from dmg to folder) run "codesign --remove-signature Tor\ Browser.app". With disk utils, create a dmg from a folder (nocompression rw) We are converting iso-dmg to dmg... ======================================================================================================================== JS Note & Debugging : ======================================================================================================================== // ---------- // CSP Note : // ---------- // // Syntax : // One or more sources can be allowed for the default-src policy: // Content-Security-Policy: default-src ; // Content-Security-Policy: default-src ; // // default-src is a fallback for : // - child-src // - connect-src // - font-src // - frame-src // - img-src // - manifest-src // - media-src // - object-src // - prefetch-src // - script-src // - style-src // - worker-src // // can be one of the following: // // 'none' // Refers to the empty set; that is, no URLs match. The single quotes are required. // // 'self' // Refers to the origin from which the protected document is being served, // including the same URL scheme and port number. You must include the single quotes. // Some browsers specifically exclude blob and filesystem from source directives. // Sites needing to allow these content types can specify them using the Data attribute. // // 'unsafe-inline' // Allows the use of inline resources, such as inline