Merge branch 'main' into sam/netp-debug-command-disable-vpn

# By Mariusz Śpiewak (11) and others
# Via Bartek Waresiak (3) and others
* main: (52 commits)
  Release 7.108.0-3 (#2454)
  User Authentication (#2431)
  Fix BSK reference to tagged version (#2447)
  Set proper border color for widgets (#2446)
  Check subfeature state before reading rollout data (#2426)
  Remove the mock VPN invite code (#2442)
  Release 7.108.0-2 (#2445)
  Keep DuckDuckGo Settings after Fire Button (#2444)
  Release 7.108.0-1 (#2440)
  Release 7.107.1-1 (#2439)
  Updates internal user flag to reset state (#2438)
  Release 7.107.1-0 (#2437)
  Hide the debug menu when debug mode is not enabled (#2436)
  Autoconsent 9.7.2 (#2425)
  Release 7.108.0-0 (#2432)
  Autofill: Fix footer sizing for multiline labels (#2422)
  Add rollout for cookie popup management enabled by default (#2373)
  Update BSK with autofill 10.1.0 (#2414)
  Bump submodules/privacy-reference-tests from `a3acc21` to `6b7ad1e` (#2408)
  Add Autoconsent onByDefault subfeature (#2423)
  ...

# Conflicts:
#	DuckDuckGo.xcodeproj/project.pbxproj
#	DuckDuckGo.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved

.github/workflows/pr.yml

@@ -128,6 +128,9 @@ jobs:
 
     name: Make Release Build
 
+    # Dependabot doesn't have access to all secrets, so we skip this job
+    if: github.actor != 'dependabot[bot]'
+
     runs-on: macos-13-xlarge
     timeout-minutes: 30
 

.github/workflows/release.yml

@@ -20,15 +20,13 @@ on:
     branches:
     - release/**
     - hotfix/**
-    - coldfix/**
     - '!release/**-' # filter out PRs matching that pattern
     - '!hotfix/**-'
-    - '!coldfix/**-'
     types: [closed]
 
 jobs:
   make-release:
-    if: github.event.action == 0 || github.event.pull_request.merged == true # empty string returns 0; for case when workflow is triggered manually
+    if: github.event.action == 0 || (github.event.pull_request.merged == true && contains(github.event.pull_request.labels.*.name, 'Merge triggers release')) # empty string returns 0; for case when workflow is triggered manually
     runs-on: macos-13-xlarge
     name: Make App Store Connect Release
 
@@ -98,7 +96,7 @@ jobs:
 
     - name: Upload debug symbols to Asana
       if: ${{ always() && github.event.inputs.asana-task-url }}
-      env:
+      env:     
         ASANA_ACCESS_TOKEN: ${{ secrets.ASANA_ACCESS_TOKEN }}
       run: |
         if [[ -f ${{ env.dsyms_path }} ]]; then

.gitignore

@@ -74,3 +74,5 @@ fastlane/test_output
 
 Configuration/ExternalDeveloper.xcconfig
 scripts/assets
+
+DuckDuckGoTests/NetworkProtectionVPNLocationViewModelTests.swift*.plist

.maestro/release_tests/emailprotection.yaml

@@ -18,7 +18,9 @@ tags:
 - scroll
 - assertVisible: Email Protection
 - tapOn: Email Protection
+- assertVisible: Email privacy, simplified.
 - assertVisible:
     id: searchEntry
+- tapOn: 
+    id: "searchEntry"
 - assertVisible: https://duckduckgo.com/email/
-- assertVisible: Email privacy, simplified.

Configuration/Version.xcconfig

@@ -1 +1 @@
-MARKETING_VERSION = 7.106.0
+MARKETING_VERSION = 7.108.0

Core/AppPrivacyConfigurationDataProvider.swift

@@ -23,8 +23,8 @@ import BrowserServicesKit
 final public class AppPrivacyConfigurationDataProvider: EmbeddedDataProvider {
 
     public struct Constants {
-        public static let embeddedDataETag = "\"4e984b6034f1e27fe85fdad5f4bf37c9\""
-        public static let embeddedDataSHA = "d599888e7b447bbaeb2d9a7fd7ccf06956fce8976c316be2f497561a6832613e"
+        public static let embeddedDataETag = "\"4796cc720aa6849f3a8d27610ab20aac\""
+        public static let embeddedDataSHA = "1fb091f103d9b382cd1bc1bc1577591e63c8e11f7b2c3b52c2f5392b992295e2"
     }
 
     public var embeddedDataEtag: String {

Core/CookieStorage.swift

@@ -114,7 +114,7 @@ public class CookieStorage {
         }
 
         persistedCookiesByDomain.keys.forEach {
-            guard $0 != "duckduckgo.com" else { return } // DDG cookies are for SERP settings only
+            guard !URL.isDuckDuckGo(domain: $0) else { return } // DDG cookies are for SERP settings only
 
             if !preservedLogins.isAllowed(cookieDomain: $0) {
                 persistedCookiesByDomain.removeValue(forKey: $0)

Core/DailyPixel.swift

@@ -71,10 +71,16 @@ public final class DailyPixel {
     public static func fireDailyAndCount(pixel: Pixel.Event,
                                          error: Swift.Error? = nil,
                                          withAdditionalParameters params: [String: String] = [:],
+                                         includedParameters: [Pixel.QueryParameters] = [.atb, .appVersion],
                                          onDailyComplete: @escaping (Swift.Error?) -> Void = { _ in },
                                          onCountComplete: @escaping (Swift.Error?) -> Void = { _ in }) {
         if !pixel.hasBeenFiredToday(dailyPixelStorage: storage) {
-            Pixel.fire(pixelNamed: pixel.name + "_d", withAdditionalParameters: params, onComplete: onDailyComplete)
+            Pixel.fire(
+                pixelNamed: pixel.name + "_d",
+                withAdditionalParameters: params,
+                includedParameters: includedParameters,
+                onComplete: onDailyComplete
+            )
         } else {
             onDailyComplete(Error.alreadyFired)
         }
@@ -83,7 +89,12 @@ public final class DailyPixel {
         if let error {
             newParams.appendErrorPixelParams(error: error)
         }
-        Pixel.fire(pixelNamed: pixel.name + "_c", withAdditionalParameters: newParams, onComplete: onCountComplete)
+        Pixel.fire(
+            pixelNamed: pixel.name + "_c",
+            withAdditionalParameters: newParams,
+            includedParameters: includedParameters,
+            onComplete: onCountComplete
+        )
     }
 
     private static func updatePixelLastFireDate(pixel: Pixel.Event) {

Core/FeatureFlag.swift

@@ -35,6 +35,7 @@ public enum FeatureFlag: String {
     case networkProtectionWaitlistAccess
     case networkProtectionWaitlistActive
     case subscription
+    case autoconsentOnByDefault
 }
 
 extension FeatureFlag: FeatureFlagSourceProviding {
@@ -64,6 +65,8 @@ extension FeatureFlag: FeatureFlagSourceProviding {
             return .remoteReleasable(.subfeature(AutofillSubfeature.onByDefault))
         case .incontextSignup:
             return .remoteReleasable(.feature(.incontextSignup))
+        case .autoconsentOnByDefault:
+            return .remoteReleasable(.subfeature(AutoconsentSubfeature.onByDefault))
         }
     }
 }

Core/PixelEvent.swift

@@ -119,9 +119,6 @@ extension Pixel {
         case daxDialogsFireEducationShown
         case daxDialogsFireEducationConfirmed
         case daxDialogsFireEducationCancelled
-        case daxDialogsAutoconsentShown
-        case daxDialogsAutoconsentConfirmed
-        case daxDialogsAutoconsentCancelled
 
         case defaultBrowserButtonPressedSettings
 
@@ -312,6 +309,7 @@ extension Pixel {
         case networkProtectionKeychainErrorFailedToCastKeychainValueToData
         case networkProtectionKeychainReadError
         case networkProtectionKeychainWriteError
+        case networkProtectionKeychainUpdateError
         case networkProtectionKeychainDeleteError
 
         case networkProtectionWireguardErrorCannotLocateTunnelFileDescriptor
@@ -341,6 +339,7 @@ extension Pixel {
         case networkProtectionWaitlistTermsAccepted
         case networkProtectionWaitlistNotificationShown
         case networkProtectionWaitlistNotificationLaunched
+        case networkProtectionWaitlistRetriedInviteCodeRedemption
 
         case networkProtectionGeoswitchingOpened
         case networkProtectionGeoswitchingSetNearest
@@ -521,6 +520,8 @@ extension Pixel {
         case emailIncontextModalExitEarlyContinue
 
         case compilationFailed
+
+        case appRatingPromptFetchError
     }
 
 }
@@ -620,9 +621,6 @@ extension Pixel.Event {
         case .daxDialogsFireEducationShown: return "m_dx_fe_s"
         case .daxDialogsFireEducationConfirmed: return "m_dx_fe_co"
         case .daxDialogsFireEducationCancelled: return "m_dx_fe_ca"
-        case .daxDialogsAutoconsentShown: return "m_dax_dialog_autoconsent_shown"
-        case .daxDialogsAutoconsentConfirmed: return "m_dax_dialog_autoconsent_confirmed"
-        case .daxDialogsAutoconsentCancelled: return "m_dax_dialog_autoconsent_cancelled"
 
         case .defaultBrowserButtonPressedSettings: return "m_db_s"
 
@@ -810,6 +808,7 @@ extension Pixel.Event {
         case .networkProtectionKeychainErrorFailedToCastKeychainValueToData: return "m_netp_keychain_error_failed_to_cast_keychain_value_to_data"
         case .networkProtectionKeychainReadError: return "m_netp_keychain_error_read_failed"
         case .networkProtectionKeychainWriteError: return "m_netp_keychain_error_write_failed"
+        case .networkProtectionKeychainUpdateError: return "m_netp_keychain_error_update_failed"
         case .networkProtectionKeychainDeleteError: return "m_netp_keychain_error_delete_failed"
         case .networkProtectionWireguardErrorCannotLocateTunnelFileDescriptor: return "m_netp_wireguard_error_cannot_locate_tunnel_file_descriptor"
         case .networkProtectionWireguardErrorInvalidState: return "m_netp_wireguard_error_invalid_state"
@@ -833,6 +832,7 @@ extension Pixel.Event {
         case .networkProtectionWaitlistTermsAccepted: return "m_netp_waitlist_terms_accepted"
         case .networkProtectionWaitlistNotificationShown: return "m_netp_waitlist_notification_shown"
         case .networkProtectionWaitlistNotificationLaunched: return "m_netp_waitlist_notification_launched"
+        case .networkProtectionWaitlistRetriedInviteCodeRedemption: return "m_netp_waitlist_retried_invite_code_redemption"
 
         case .networkProtectionGeoswitchingOpened: return "m_netp_imp_geoswitching"
         case .networkProtectionGeoswitchingSetNearest: return "m_netp_ev_geoswitching_set_nearest"
@@ -1015,6 +1015,8 @@ extension Pixel.Event {
         // MARK: - Return user measurement
         case .debugReturnUserAddATB: return "m_debug_return_user_add_atb"
         case .debugReturnUserUpdateATB: return "m_debug_return_user_update_atb"
+
+        case .appRatingPromptFetchError: return "m_d_app_rating_prompt_fetch_error"
         }
 
     }

Core/UserDefaultsPropertyWrapper.swift

@@ -83,11 +83,11 @@ public struct UserDefaultsWrapper<T> {
         case autofillCredentialsHasBeenEnabledAutomaticallyIfNecessary =
                 "com.duckduckgo.ios.autofillCredentialsHasBeenEnabledAutomaticallyIfNecessary"
 
-        case featureFlaggingDidVerifyInternalUser = "com.duckduckgo.app.featureFlaggingDidVerifyInternalUser"
+        // .v2 suffix added to fix https://app.asana.com/0/547792610048271/1206524375402369/f
+        case featureFlaggingDidVerifyInternalUser = "com.duckduckgo.app.featureFlaggingDidVerifyInternalUser.v2"
 
         case voiceSearchEnabled = "com.duckduckgo.app.voiceSearchEnabled"
 
-        case autoconsentPromptSeen = "com.duckduckgo.ios.autoconsentPromptSeen"
         case autoconsentEnabled = "com.duckduckgo.ios.autoconsentEnabled"
 
         case shouldScheduleRulesCompilationOnAppLaunch = "com.duckduckgo.ios.shouldScheduleRulesCompilationOnAppLaunch"

Core/WebCacheManager.swift

@@ -56,10 +56,6 @@ extension WebCacheManagerDataStore {
 }
 
 public class WebCacheManager {
-
-    private struct Constants {
-        static let cookieDomainsToPreserve = ["duckduckgo.com", "surveys.duckduckgo.com"]
-    }
 
     public static var shared = WebCacheManager()
 
@@ -223,7 +219,7 @@ public class WebCacheManager {
 
         func keep(_ cookie: HTTPCookie) -> Bool {
             return logins.isAllowed(cookieDomain: cookie.domain) ||
-                Constants.cookieDomainsToPreserve.contains(cookie.domain)
+                URL.isDuckDuckGo(domain: cookie.domain)
         }
 
         let dataStore = WKWebsiteDataStore.default()
@@ -270,7 +266,7 @@ public class WebCacheManager {
                     // Remove legacy HTTPCookieStorage cookies
                     let storageCookies = HTTPCookieStorage.shared.cookies ?? []
                     let storageCookiesToRemove = storageCookies.filter {
-                        !logins.isAllowed(cookieDomain: $0.domain) && !Constants.cookieDomainsToPreserve.contains($0.domain)
+                        !logins.isAllowed(cookieDomain: $0.domain) && !URL.isDuckDuckGo(domain: $0.domain)
                     }
 
                     let protectedStorageCookiesCount = storageCookies.count - storageCookiesToRemove.count
@@ -389,7 +385,7 @@ extension WKWebsiteDataStore: WebCacheManagerDataStore {
     public func preservedCookies(_ preservedLogins: PreserveLogins) async -> [HTTPCookie] {
         let allCookies = await self.httpCookieStore.allCookies()
         return allCookies.filter {
-            preservedLogins.isAllowed(cookieDomain: $0.domain)
+            URL.isDuckDuckGo(domain: $0.domain) || preservedLogins.isAllowed(cookieDomain: $0.domain)
         }
     }
 

Core/ios-config.json

@@ -1,6 +1,6 @@
 {
     "readme": "https://github.com/duckduckgo/privacy-configuration",
-    "version": 1705931475791,
+    "version": 1706872224316,
     "features": {
         "adClickAttribution": {
             "readme": "https://help.duckduckgo.com/duckduckgo-help-pages/privacy/web-tracking-protections/#3rd-party-tracker-loading-protection",
@@ -4228,6 +4228,9 @@
                 {
                     "domain": "tirerack.com"
                 },
+                {
+                    "domain": "sephora.com"
+                },
                 {
                     "domain": "earth.google.com"
                 },
@@ -4253,7 +4256,7 @@
                     "privacy-test-pages.site"
                 ]
             },
-            "hash": "549a6e76edaf16c1fffced31b97e9553"
+            "hash": "c34f2a525dac6f93a6d87bad377dbe9d"
         },
         "harmfulApis": {
             "settings": {
@@ -4488,6 +4491,11 @@
             "state": "disabled",
             "hash": "841fa92b9728c9754f050662678f82c7"
         },
+        "notificationPermissions": {
+            "exceptions": [],
+            "state": "disabled",
+            "hash": "728493ef7a1488e4781656d3f9db84aa"
+        },
         "privacyDashboard": {
             "exceptions": [],
             "features": {
@@ -5440,6 +5448,12 @@
                                     "triblive.com"
                                 ]
                             },
+                            {
+                                "rule": "doubleclick.net/pixel",
+                                "domains": [
+                                    "sbs.com.au"
+                                ]
+                            },
                             {
                                 "rule": "doubleclick.net",
                                 "domains": [
@@ -5543,6 +5557,12 @@
                                 "domains": [
                                     "<all>"
                                 ]
+                            },
+                            {
+                                "rule": "ezodn.com",
+                                "domains": [
+                                    "reisezoom.com"
+                                ]
                             }
                         ]
                     },
@@ -5847,7 +5867,8 @@
                                     "pandora.com",
                                     "paper-io.com",
                                     "rawstory.com",
-                                    "usatoday.com"
+                                    "usatoday.com",
+                                    "washingtonpost.com"
                                 ]
                             }
                         ]
@@ -6375,6 +6396,16 @@
                             }
                         ]
                     },
+                    "mailerlite.com": {
+                        "rules": [
+                            {
+                                "rule": "mailerlite.com",
+                                "domains": [
+                                    "<all>"
+                                ]
+                            }
+                        ]
+                    },
                     "maxymiser.net": {
                         "rules": [
                             {
@@ -7216,6 +7247,16 @@
                             }
                         ]
                     },
+                    "tremorhub.com": {
+                        "rules": [
+                            {
+                                "rule": "tremorhub.com/getTVID",
+                                "domains": [
+                                    "sbs.com.au"
+                                ]
+                            }
+                        ]
+                    },
                     "trustpilot.com": {
                         "rules": [
                             {
@@ -7530,7 +7571,7 @@
                     "domain": "sundancecatalog.com"
                 }
             ],
-            "hash": "f918a51b5651f2e3a99945ba530f3264"
+            "hash": "374040a08f2e59051d7618509b9f65d4"
         },
         "trackingCookies1p": {
             "settings": {