diff --git a/docs/Changelog.md b/docs/Changelog.md index f45e831..8bd48c5 100755 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -396,6 +396,7 @@ lockPref("canvas.capturestream.enabled", false); // any real benefit? lockPref("network.http.redirection-limit", 10); // small benefit from having it at default 20, and break some payments defaultPref("dom.event.clipboardevents.enabled", false); // causes breakage with small benefits, moved to hardened setup lockPref("webgl.disable-fail-if-major-performance-caveat", true); // default +lockPref("network.trr.send_empty_accept-encoding_headers", false); // why? // fxaccounts is disabled in policies lockPref("identity.fxaccounts.enabled", false); @@ -663,10 +664,10 @@ defaultPref("browser.search.update", false); Prefs that need to be addressed and potential roadmap ``` Open points: -// How much should we lock? +// How much should we lock? -> being addressed, see above // How in depth should we go with urls // SB - make re-enabling easier, test connections -// GEO - review to allow easier re-enabling +// GEO - review to allow easier re-enabling -> tested that adding mozilla service urls does not harm at all, could be changed // evaluate certificate handling (oscp, crlite, blocklist) missing from arkenfox in need of discussion: @@ -675,51 +676,3 @@ security.remote_settings.crlite_filters.enabled -> DISCUSS dom.security.https_only_mode_send_http_background_request -> DISCUSS browser.download.useDownloadDir -> do we want to ask for download location each time? ``` - -## How to... -#### Stay logged -Add website to exceptions before login, both http and https link -#### Enable DRM content -``` -media.eme.enabled = true -media.gmp-widevinecdm.visible = true -media.gmp-widevinecdm.enabled = true -media.gmp-provider.enabled = true -media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml -``` -#### Use video conferencing -``` -media.peerconnection.enabled = true -media.peerconnection.ice.no_host = true -dom.webaudio.enabled = true -``` -screensharing `media.getusermedia.screensharing.enabled = true` -#### Enable addons search -``` -extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%" -``` -#### Enable addons manual updates -``` -extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= -%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS= -%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion= -%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%" -``` -#### Enable OCSP certificate checking -``` -security.OCSP.enabled = 1 -``` -you probably also want `security.OCSP.require = true` -#### Enable WebGL -``` -defaultPref("webgl.disabled", false); -lockPref("webgl.enable-webgl2", true); -``` -#### Hardened setup -``` -defaultPref("javascript.options.asmjs", false); // disable asm.js -defaultPref("javascript.options.wasm", false); // disable web assembly -defaultPref("privacy.resistFingerprinting.letterboxing", true); // enable letterboxing -defaultPref("dom.event.clipboardevents.enabled", false); // disable user triggered clipboard access -``` \ No newline at end of file diff --git a/librewolf.cfg b/librewolf.cfg index bd8bab6..01628c3 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -165,10 +165,9 @@ defaultPref("media.getusermedia.audiocapture.enabled", false); // # DNS // ---------------------------- -lockPref("network.trr.mode", 5); -lockPref("network.trr.bootstrapAddress", ""); -lockPref("network.trr.uri", ""); -lockPref("network.trr.send_empty_accept-encoding_headers", false); +defaultPref("network.trr.mode", 5); +defaultPref("network.trr.bootstrapAddress", ""); +defaultPref("network.trr.uri", ""); defaultPref("network.dns.disableIPv6", true); lockPref("network.dns.disablePrefetch", true);