Resist Fingerprinting (RFP) breaks dark mode in about:logins (*pages)
Categories
(Firefox :: about:logins, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox71 | --- | fix-optional |
firefox72 | --- | fix-optional |
People
(Reporter: vtol, Unassigned)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: regression)
currently Lockwise's about:logins is not adhering to OS/browser dark theme (browser.in-content.dark-mode
)
Comment 1•5 years ago
•
|
||
Hmm, it should be adhering to the OS dark mode. Are you sure you have app dark mode enabled on your machine ?
https://uk.pcmag.com/news-analysis/122487/how-to-enable-dark-mode-in-windows-10
Indeed, it does work with a maiden profile, what breaks it though is
user_pref("privacy.resistFingerprinting", true)
which I suspect related to bug 1588540 and thus closing this bug in favour of bug 1588540
Comment 3•5 years ago
•
|
||
Thanks for figuring this out! Makes sense as the in-content dark mode uses prefers-color-scheme
.
Been sort of an epiphany to reckon that setting being the culrpit. The matter apparently been discussed already in bug 1535189 but prior it started to break the theme coherency of internal about:pages.
reopening in light of bug 1535189comment #12
Cause being RFP not responding to any media@
queries.
Also not knowing whether other about:pages will be coded with CSS Media Queries Level 5 code prefers-color-scheme
this should probably be sorted in general.
Comment 6•5 years ago
|
||
Presumably here we check IsSystemPrincipal and that's false.
The answer is probably a comprehensive fix in Bug 1450398 for these types of exceptions....
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 7•5 years ago
|
||
Bug 1535189 could not have regressed this. There was no change in that bug.
Comment 8•5 years ago
|
||
My thinking is that here we should check if the scheme is about: and exempt from RFP then. This will affect a lot more than just the color scheme of about:logins, so it needs a bit of thought, but I don't think we should be allowing anything that could result in about: pages making people fingerprintable from the web so probably safe?
I filed Bug 1642679 looking at how to check the scheme of the Document.
We may want to apply the same scheme check to the DocShell and Principal functions....
This would be a much smaller/tighter fix than Bug 1450398, but Bug 1450398 still contains the comprehensive answer.
Maybe we could use the URI_DANGEROUS_TO_LOAD
flag? That way moz-extension pages that are not exposed to the web would also be immune RFP.
Comment 10•4 years ago
|
||
I don't think this is a regression. The resist finger printing pref has set the preferred color scheme to light is it was first implemented in https://hg.mozilla.org/mozilla-central/rev/4739353088fcad81bc126deab56e8de0fad7a88a#l10.13
Comment 14•4 years ago
|
||
Bug 1701691 fixed this in another way by using the color of the theme instead of prefers-color-scheme.
Updated•3 years ago
|
Description
•