Francois Marier

icon indicating a website link https://fmarier.org icon indicating an email [email protected]

icon company @Brave icon location Vancouver, Canada icon location FOSS developer. Security engineer @brave, formerly @mozilla

Results 62 issues of Francois Marier

Database migration

1 comment

The current Dynamo DB doesn't allow for bulk updates and the kinds of queries we want to run to keep track of cost and date of last access. A few...

Expire unused Sync accounts

This is the server-side part of https://github.com/brave/brave-browser/issues/31902. Note all of the details have been decided on yet (most importantly the expiry time), but the intention is to expire unused accounts...

`<all_urls>` is not supported

For Chrome extensions, `` matches any URL that uses a permitted scheme (`http`, `https`, `file`, or `ftp`). `*://*/*` is the closest we can get with urlmatch but for Chrome extensions...

Keeping Request-OTR visits out of Rewards' AC list

1 comment

The Request-OTR feature allows websites to opt-in to having their visits not show up locally on the device (as if the site had been visited in a private window). These...

feature/rewards
priority/P3
OS/Desktop
privacy/request-otr

Use HTTPS link in MPL

2 comment

Update the link in the MPL license text to match the official license text from https://www.mozilla.org/en-US/MPL/

News' "add this RSS feed" functionality doesn't honor the HTTPS upgrade setting

4 comment

Steps To Reproduce: 1. Enable Brave News 2. In Brave settings (brave://settings/shields), set "Upgrade connections to HTTPS" to "Strict" 3. Open WireShark. Enable capturing. Set the display filter in WireShark...

priority/P3
QA/Yes
release-notes/include
OS/Desktop
feature/brave-news
https-upgrades

Override ChromePingManagerFactory

While client-side phishing detection was disabled in https://github.com/brave/brave-core/pull/9813, we could go further and override the [`ChromePingManagerFactory`](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/safe_browsing/chrome_ping_manager_factory.h;l=17?q=ChromePingManagerFactory&ss=chromium) to ensure that anything that pings Google servers (telemetry, client-side detection) is disabled.

release-notes/exclude
feature/safebrowsing

Crash Report

Brave Version: 1.68.101 Chromium: 126.0.6478.126 Operating System: Linux 6.9.3-76060903-generic URL (if applicable) where crash occurred: new tab Can you reproduce this crash? No What steps will reproduce this crash? (If...

crash
priority/P2

Alter base64 encoding before decoding it

1 comment

Here is an example of an email link tracker that we could debounce: `https://link.emlmind.com/en/mail_link_tracker?hash=66c5ibqsukgp7ikdzwu4ujmw7y7boyubuqqmaq86u5sjqdohiizkiackas9r171wq1go8tfs5eongbftyy5rh47j45mgawwfzgn66xho&url=aHR0cHM6Ly93d3cubWVsb3R0b2dyb3VwLmNvbS9zY2hlZHVsZQ~~&uid=Njg1OTgwOA~~&ucs=88ff10da1ab90c2435eec8aa3fb9fb04` since the `url` parameter includes the destination page using the Base64 encoding: `url=aHR0cHM6Ly93d3cubWVsb3R0b2dyb3VwLmNvbS9zY2hlZHVsZQ~~` However, this platform...

Debounce
blocked

Clean up substack URLs

We should collect a few more samples before removing all of these parameters, but it looks like the following parameters may not be needed: - `publication_id` - `post_id` - `triggerShare`...

Clean URLS