On Tue, Apr 26, 2022 at 7:22 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 7:15 PM Stephen Gallagher sgallagh@redhat.com wrote:
On Tue, Apr 26, 2022 at 6:52 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
...
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
Could you expand on this please? I'd just like to have some information to kick back at the requesting parties.
Last time I tried it a few months back, Chrome switched to DoH automatically under a variety of corporate VPN configurations I tested from my workplace (split DNS, tunnel DNS, etc.). The experience when that happens is confusing depending on how the VPN works. Mine just results in unresolvable things some of the time, but I know other workplaces have more painful experiences when that happens.
I just did a bit of research on it. I guess I can see where it might be problematic enabled by default, but Firefox (upstream, not sure about our build) has had it enabled by default for three years. I guess I don't love the idea of being inconsistent here.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
Yeah, I dunno. Does Cloudflare know about it yet?
I don't know. I've reported it to Gitlab and asked them to reach out to Cloudflare via their support channels, but I don't think that's happened yet. They haven't even responded to our bug report at all so far. Even if they do, Fedora represents such a small percentage of Cloudflare's potential user base that I cannot see them prioritizing a fix very highly.
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
For the record, I'm talking about: https://chrome.google.com/webstore/detail/plasma-integration/cimiefiiaegbelh... I forgot to include the link in the previous message.
I figured that was the one you're talking about. There's also a Firefox counterpart too that I think would be worth having too.
https://addons.mozilla.org/en-US/firefox/addon/plasma-integration/ I presume?
It probably is worthwhile, but as I'm only maintainer of the fedora-chromium-config package, it's out of scope for this particular discussion.
(Long-term, it might not be a bad idea to rename from fedora-chromium-config to fedora-browser-config and handle Firefox and/or other browsers in a common place. For now, though, I'm trying to limit it to what I am already familiar with.)