Comments (9)
OAuth2 was active all the time on Microsoft Exchange. Then I found your user.js, edited it, activated user-agent override, and installed user.js. I did not enable RFP at first, because I was interested in user-agent and in google I read I have to disable RFP to deal with user-agent. To be clear, I made 2 experiments with empty user-agent right now:
This setup breaks login to Microsoft Exchange:
privacy.resistFingerprinting=false
general.useragent.override=""
This setup has no errors:
privacy.resistFingerprinting=true
general.useragent.override=""
My current working setup:
privacy.resistFingerprinting=false
general.useragent.override="Generic"
from thunderbird-user.js.
I checked user-agent in sent messages.
privacy.resistFingerprinting=true makes "Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0"
privacy.resistFingerprinting=false makes "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0"
Not a big difference, but, well, maybe you are right, let the core handle it.
Thank you!
from thunderbird-user.js.
Please see above commits and tell me what you think !
If you're OK, I'll backport 50afdb9 to v78-ESR.
Bye, thanks again ! 🙏
from thunderbird-user.js.
Thank you! I'm happy with those commits. Bye!
from thunderbird-user.js.
Hi! Just for your information. Occasionally I found out some details regarding empty user agent string and Office365:
Microsoft bug in Office 365, introduced around 2019-08-27, where the login page fails with "OpenIdConnect" "ArgumentNullException".
from thunderbird-user.js.
Hi @giving-sesame ! Many thanks for your message, you'll find below my quick review for your suggestions :
- For
mail.suppress_content_language
, you are right, from this Tails issue, it seems that it is missing (as well asmail.sanitize_date_header
). I'll add them for 91 and 78 ESR. Notes to myself : added in TB 52 and in TB 76.
Fornetwork.trr.send_accept-language_headers
, it defaults tofalse
, and even Arkenfox does not specify it. I'd rather leave it alone too here. - Actually, documentation (from upstream Arkenfox) indicates that UA is spoofed.
On the other side,general.useragent.override
section documentation ("NON-RFP") already notes that they should (must ?) not be used with RFP. - Do you have an external reference for this issue ? A quick Google query didn't bring up any relevant result.
- OK !
Thanks again, bye 👋
from thunderbird-user.js.
Regarding issue 3:
This is my own experience. My company uses Microsoft Exchange via Office365 server. So in Thunderbird I have Owl addon to access it. Once I looked through the headers and did not like that my user-agent and languages are published there. I think it could be harmful. So I started looking for any solutions. At first I found mail.suppress_content_language and network.trr.send_accept-language_headers parameters. Then - your user.js.
I wanted to avoid publishing user-agent at all, so I left general.useragent.override empty. After starting TB I got error "The page isn't redirecting properly", address outlook.office.com/owa/auth. It took me some time to find the guilty parameter. I set it to "Generic" and everything is fine now.
from thunderbird-user.js.
Thanks again for your fast answer.
Do I have to assume RFP broke your OAuth against Microsoft Exchange ? Or maybe you didn't even enable it at first ?
If I don't misread you, without enabling it and with manually resetted User-Agent (using general.useragent.override
) to prevent leakage, it didn't work.
Note : from ESR-78 and ESR-91 sources, it seems this parameter is ignored when RFP is enforced.
Feel free to tell me I misunderstood your experience 🙏
from thunderbird-user.js.
OAuth2 was active all the time on Microsoft Exchange.
Yes ! I was mentioning RFP, and not OAuth 😉
I did not enable RFP at first, because I was interested in user-agent and in google I read I have to disable RFP to deal with user-agent.
Seems legit according to the snippets linked in my previous response !
I made 2 experiments with empty user-agent right now:
Thanks, that's clear and what I had in mind.
So I'll edit the template to add a note about the issue you experienced 👍
However, about :
general.useragent.override="Generic"
I don't think it is a good idea to set your UA to something "unusual".
Indeed your privacy would be improved as you prevent system info leakages, but it has to be leveraged by the fact that you might be alone in this situation.
Also see project (simplified) rationale.
I would encourage you to enable RFP and let Mozilla's core handle User-Agent.
Bye 👋
from thunderbird-user.js.
Related Issues (20)
- Documentation Error HOT 1
- [BUG] Can't download any attachment HOT 4
- [RFC] misc. prefs HOT 5
- [BUG] Mail content exceptions broken HOT 5
- [RFC] remove signon.rememberSignons HOT 4
- [RFC] What causes the "open link with..." dialog? HOT 2
- [BUG] Can't add Yahoo account to Thunderbird (OAuth2 + ReCaptcha) HOT 16
- [BUG] Duplicated preference network.cookie.lifetimePolicy HOT 1
- [RFC] Remove some unnessecary configs HOT 3
- Created a overwrite project HOT 1
- broken link HOT 1
- link fix HOT 1
- FC: support arkenfoxes override file and updater script HOT 4
- [RFC] clean up actually used settings HOT 3
- [BUG] fix installation of Addons HOT 8
- [RFC] convert the script into modules HOT 1
- [BUG] blank message list and message view (including all elements)
- how to remove the "open link in external app" confirmation dialog
- [RFC] Local Mail autoconfig files HOT 5
- CVE in Thunderbirds PDF viewer HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from thunderbird-user.js.