v68: Expose privacy.firstparty.isolate.block_post_message in about:config by default

[laniakea64]

https://github.com/MrAlex94/Waterfox/blob/f8a37ef0e898f9199f050559ac6bdf931b35a93d/caps/OriginAttributes.h#L95-L99

https://github.com/MrAlex94/Waterfox/blob/f8a37ef0e898f9199f050559ac6bdf931b35a93d/caps/OriginAttributes.cpp#L34-L36

This boolean pref is not visible in about:config by default. I think it was added in Mozilla bug 1492607, and I don't see any rationale there for why it's completely hidden. It sounds like it could be an interesting security option, so should Waterfox expose this pref in about:config by default?

To be clear, I think Waterfox should leave the default value of this pref as-is. From this line...
https://github.com/MrAlex94/Waterfox/blob/f8a37ef0e898f9199f050559ac6bdf931b35a93d/caps/OriginAttributes.cpp#L22
... and comments in the Mozilla bug, I believe its default value is false, but I'm not 100% sure, so didn't submit a pull request.

[grahamperrin]

… I don't see any rationale there for why it's completely hidden. …

https://www.reddit.com/r/firefox/comments/ciev66/-/ev4njjg/ maybe

[laniakea64]

I believe its default value is false, but I'm not 100% sure, so didn't submit a pull request.

Ok, looking also at the code for the related tests makes it even clearer that this pref defaults to false -
https://github.com/MrAlex94/Waterfox/blob/19fe621225c69b3a8df8f60cc5d68bd0422601e4/browser/components/originattributes/test/browser/browser_postMessage.js#L94-L110

FWIW, I've now had this feature enabled in my daily-use Waterfox profile for a while, and I haven't noticed any issues from it.