reorganized and improved some entries
This commit is contained in:
fxbrit
parent
aab4a2f7aa
commit
6ee5571749
2 changed files with 79 additions and 50 deletions
25
Changelog.md
25
Changelog.md
|
|
@ -416,6 +416,9 @@ defaultPref("extensions.webextensions.tabhide.enabled", false); // Deprecated
|
|||
lockPref("dom.enable_performance", false); // conflicting with RFP
|
||||
lockPref("dom.enable_performance_navigation_timing", false); // conflicting with RFP
|
||||
<<<<<<< HEAD
|
||||
<<<<<<< HEAD
|
||||
=======
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
lockPref("security.mixed_content.upgrade_display_content", true); // not worth having https://github.com/arkenfox/user.js/issues/754
|
||||
lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false); // Deprecated
|
||||
lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false); // Deprecated
|
||||
|
|
@ -429,6 +432,7 @@ lockPref("security.ssl3.rsa_des_ede3_sha", false); // known to leak and increase
|
|||
lockPref("security.ssl3.rsa_aes_256_sha", false); // known to leak and increase fingerprint
|
||||
lockPref("security.ssl3.rsa_aes_128_sha", false); // known to leak and increase fingerprint
|
||||
lockPref("browser.safebrowsing.allowOverride", false); // we do not have SB enabled so we don't care if the bypass button is shown
|
||||
<<<<<<< HEAD
|
||||
defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why should be disable this?
|
||||
lockPref("services.blocklist.onecrl.collection", ""); // Deprecated
|
||||
lockPref("font.blacklist.underline_offset", ""); // knwown to increase fingerprint
|
||||
|
|
@ -856,6 +860,11 @@ lockPref("identity.fxaccounts.service.sendLoginUrl", ""); // Deprecated
|
|||
>>>>>>> 55c94dc (reorganized, revisited)
|
||||
=======
|
||||
>>>>>>> c16522a (added re-enabling guides)
|
||||
=======
|
||||
defaultPref("browser.ctrlTab.recentlyUsedOrder", false); // why?
|
||||
lockPref("services.blocklist.onecrl.collection", ""); // Deprecated
|
||||
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
```
|
||||
|
||||
#### Unlocked
|
||||
|
|
@ -933,7 +942,14 @@ lockPref("network.http.referer.trimmingPolicy", 0);
|
|||
defaultPref("extensions.blocklist.enabled", false);
|
||||
defaultPref("extensions.blocklist.detailsURL", "");
|
||||
defaultPref("extensions.blocklist.itemURL", "");
|
||||
<<<<<<< HEAD
|
||||
>>>>>>> c16522a (added re-enabling guides)
|
||||
=======
|
||||
|
||||
// someone might want to have it on for security concerns
|
||||
defaultPref("security.OCSP.enabled", 0);
|
||||
defaultPref("security.OCSP.require", false);
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
```
|
||||
|
||||
## How to...
|
||||
|
|
@ -1097,5 +1113,14 @@ extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionC
|
|||
%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=
|
||||
%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=
|
||||
%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"
|
||||
<<<<<<< HEAD
|
||||
>>>>>>> c16522a (added re-enabling guides)
|
||||
```
|
||||
=======
|
||||
```
|
||||
#### Enable OCSP certificate checking
|
||||
```
|
||||
security.OCSP.enabled = 1
|
||||
```
|
||||
you probably also want `security.OCSP.require = true`
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
|
|
|
|||
102
librewolf.cfg
102
librewolf.cfg
|
|
@ -660,6 +660,7 @@ lockPref("network.http.altsvc.enabled", false);
|
|||
lockPref("network.http.altsvc.oe", false);
|
||||
defaultPref("dom.security.https_only_mode", true);
|
||||
defaultPref("dom.security.https_only_mode_pbm", true);
|
||||
lockPref("network.http.redirection-limit", 10);
|
||||
|
||||
// --------------------------------------
|
||||
// TLS
|
||||
|
|
@ -685,6 +686,7 @@ lockPref("network.stricttransportsecurity.preloadlist", false);
|
|||
|
||||
defaultPref("privacy.resistFingerprinting", true);
|
||||
defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true);
|
||||
lockPref("browser.startup.blankWindow", false); // breaks RFP windows resizing
|
||||
|
||||
// --------------------------------------
|
||||
// LANGUAGE AND REGION
|
||||
|
|
@ -1027,27 +1029,18 @@ lockPref("app.normandy.dev_mode", false);
|
|||
// SECURITY
|
||||
// --------------------------------
|
||||
|
||||
// certs
|
||||
// certificates
|
||||
lockPref("security.cert_pinning.enforcement_level", 2);
|
||||
lockPref("security.OCSP.enabled", 0);
|
||||
lockPref("security.OCSP.require", false);
|
||||
defaultPref("security.OCSP.enabled", 0);
|
||||
defaultPref("security.OCSP.require", false);
|
||||
lockPref("security.ssl.enable_ocsp_stapling", true);
|
||||
lockPref("security.pki.sha1_enforcement_level", 1);
|
||||
|
||||
// mixed content
|
||||
lockPref("security.mixed_content.upgrade_display_content", true);
|
||||
lockPref("security.mixed_content.block_object_subrequest", true);
|
||||
lockPref("security.mixed_content.block_display_content", true);
|
||||
lockPref("security.mixed_content.block_active_content", true);
|
||||
|
||||
// ciphers
|
||||
lockPref("security.pki.sha1_enforcement_level", 1);
|
||||
lockPref("security.ssl3.rsa_des_ede3_sha", false);
|
||||
lockPref("security.ssl3.rsa_aes_256_sha", false);
|
||||
lockPref("security.ssl3.rsa_aes_128_sha", false);
|
||||
lockPref("security.ssl3.ecdh_ecdsa_rc4_128_sha", false);
|
||||
lockPref("security.ssl3.ecdh_rsa_rc4_128_sha", false);
|
||||
lockPref("security.ssl3.rsa_seed_sha", false);
|
||||
|
||||
// reduce breakage
|
||||
defaultPref("security.remote_settings.intermediates.enabled", true);
|
||||
|
||||
|
|
@ -1084,7 +1077,12 @@ lockPref("security.insecure_connection_text.pbmode.enabled", true);
|
|||
lockPref("browser.safebrowsing.malware.enabled", false);
|
||||
lockPref("browser.safebrowsing.passwords.enabled", false);
|
||||
lockPref("browser.safebrowsing.phishing.enabled", false);
|
||||
<<<<<<< HEAD
|
||||
>>>>>>> 55c94dc (reorganized, revisited)
|
||||
=======
|
||||
|
||||
// downloads and unwanted software
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
lockPref("browser.safebrowsing.downloads.enabled", false);
|
||||
lockPref("browser.safebrowsing.downloads.remote.enabled", false);
|
||||
lockPref("browser.safebrowsing.downloads.remote.block_dangerous", false);
|
||||
|
|
@ -1093,6 +1091,7 @@ lockPref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", fal
|
|||
lockPref("browser.safebrowsing.downloads.remote.block_uncommon", false);
|
||||
lockPref("browser.safebrowsing.downloads.remote.url", "");
|
||||
<<<<<<< HEAD
|
||||
<<<<<<< HEAD
|
||||
|
||||
// could try re-enabling some of these urls to see if it causes connections
|
||||
lockPref("browser.safebrowsing.id", "");
|
||||
|
|
@ -1100,6 +1099,11 @@ lockPref("browser.safebrowsing.id", "");
|
|||
lockPref("browser.safebrowsing.id", "");
|
||||
lockPref("browser.safebrowsing.allowOverride", false);
|
||||
>>>>>>> 55c94dc (reorganized, revisited)
|
||||
=======
|
||||
|
||||
// could try re-enabling some of these urls to see if it causes connections
|
||||
lockPref("browser.safebrowsing.id", "");
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
lockPref("browser.safebrowsing.blockedURIs.enabled", false);
|
||||
lockPref("browser.safebrowsing.provider.google4.pver", "");
|
||||
lockPref("browser.safebrowsing.provider.google4.advisoryName", "");
|
||||
|
|
@ -1286,48 +1290,45 @@ lockPref("javascript.options.shared_memory", false);
|
|||
// MISC
|
||||
// --------------------------------
|
||||
|
||||
lockPref("app.update.auto", false);
|
||||
lockPref("app.update.staging.enabled", false);
|
||||
lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0);
|
||||
lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
|
||||
lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
|
||||
// ui
|
||||
defaultPref("browser.tabs.drawInTitlebar", true);
|
||||
lockPref("browser.shell.checkDefaultBrowser", false);
|
||||
defaultPref("browser.aboutConfig.showWarning", false);
|
||||
defaultPref("browser.download.autohideButton", false);
|
||||
defaultPref("privacy.userContext.ui.enabled", true);
|
||||
|
||||
// more important stuff
|
||||
lockPref("browser.shell.shortcutFavicons", false);
|
||||
defaultPref("alerts.showFavicons", false); // default: false
|
||||
defaultPref("alerts.showFavicons", false);
|
||||
defaultPref("browser.link.open_newwindow", 3);
|
||||
defaultPref("browser.link.open_newwindow.restriction", 0);
|
||||
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true);
|
||||
|
||||
// settings
|
||||
lockPref("browser.shell.checkDefaultBrowser", false);
|
||||
defaultPref("startup.homepage_override_url", "about:blank");
|
||||
defaultPref("startup.homepage_welcome_url", "about:blank");
|
||||
defaultPref("startup.homepage_welcome_url.additional", "");
|
||||
lockPref("browser.startup.blankWindow", false);
|
||||
defaultPref("privacy.userContext.ui.enabled", true);
|
||||
defaultPref("privacy.userContext.enabled", true);
|
||||
defaultPref("browser.aboutConfig.showWarning", false);
|
||||
defaultPref("browser.download.autohideButton", false);
|
||||
defaultPref("browser.ctrlTab.recentlyUsedOrder", false);
|
||||
defaultPref("browser.link.open_newwindow", 3);
|
||||
defaultPref("browser.link.open_newwindow.restriction", 0);
|
||||
defaultPref("layout.spellcheckDefault", 2);
|
||||
defaultPref("general.autoScroll", false);
|
||||
defaultPref("clipboard.autocopy", false);
|
||||
defaultPref("browser.tabs.loadBookmarksInTabs", true);
|
||||
lockPref("browser.download.manager.addToRecentDocs", false);
|
||||
lockPref("webchannel.allowObject.urlWhitelist", "");
|
||||
|
||||
// pdf reader
|
||||
defaultPref("pdfjs.disabled", false);
|
||||
defaultPref("pdfjs.enableScripting", false);
|
||||
defaultPref("pdfjs.enableWebGL", false);
|
||||
defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
|
||||
defaultPref("pdfjs.enabledCache.state", false);
|
||||
defaultPref("browser.tabs.loadBookmarksInTabs", true);
|
||||
|
||||
defaultPref("devtools.debugger.remote-enabled", false);
|
||||
defaultPref("devtools.chrome.enabled", false);
|
||||
lockPref("toolkit.coverage.endpoint.base", "");
|
||||
lockPref("toolkit.coverage.opt-out", true);
|
||||
lockPref("toolkit.coverage.enabled", false);
|
||||
lockPref("webchannel.allowObject.urlWhitelist", "");
|
||||
lockPref("browser.download.manager.addToRecentDocs", false);
|
||||
lockPref("network.http.redirection-limit", 10);
|
||||
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true);
|
||||
lockPref("services.blocklist.onecrl.collection", ""); // could it be replaced by services.settings.security.onecrl.collection ?
|
||||
lockPref("services.blocklist.addons.collection", "");
|
||||
lockPref("services.blocklist.plugins.collection", "");
|
||||
lockPref("services.blocklist.gfx.collection", "");
|
||||
|
||||
lockPref("network.file.disable_unc_paths", true); // (hidden pref)
|
||||
lockPref("network.gio.supported-protocols", ""); // (hidden pref)
|
||||
lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
|
||||
|
|
@ -1610,7 +1611,17 @@ lockPref("network.http.speculative-parallel-limit", 0);
|
|||
// OUTGOING CONNECTIONS
|
||||
// --------------------------------
|
||||
|
||||
<<<<<<< HEAD
|
||||
>>>>>>> 653a6ed (knocked out some more prefs)
|
||||
=======
|
||||
// updates
|
||||
lockPref("app.update.auto", false);
|
||||
lockPref("app.update.staging.enabled", false);
|
||||
lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0);
|
||||
lockPref("app.update.url.details", "https://gitlab.com/librewolf-community/browser");
|
||||
lockPref("app.update.url.manual", "https://gitlab.com/librewolf-community/browser");
|
||||
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
// connectivity service
|
||||
lockPref("network.connectivity-service.enabled", false);
|
||||
lockPref("network.connectivity-service.IPv6.url", "http://0.0.0.0");
|
||||
|
|
@ -1661,6 +1672,7 @@ lockPref("security.protectionspopup.recordEventTelemetry", false);
|
|||
lockPref("datareporting.healthreport.uploadEnabled", false);
|
||||
lockPref("datareporting.policy.dataSubmissionEnabled", false);
|
||||
<<<<<<< HEAD
|
||||
<<<<<<< HEAD
|
||||
lockPref("toolkit.coverage.endpoint.base", "");
|
||||
lockPref("toolkit.telemetry.coverage.opt-out", true); // [HIDDEN PREF]
|
||||
lockPref("toolkit.coverage.opt-out", true);
|
||||
|
|
@ -1696,6 +1708,11 @@ lockPref("security.protectionspopup.recordEventTelemetry", false);
|
|||
lockPref("datareporting.healthreport.uploadEnabled", false);
|
||||
lockPref("datareporting.policy.dataSubmissionEnabled", false);
|
||||
>>>>>>> 7887469 (reviewed and reorganized up to extensions)
|
||||
=======
|
||||
lockPref("toolkit.coverage.endpoint.base", "");
|
||||
lockPref("toolkit.coverage.opt-out", true);
|
||||
lockPref("toolkit.coverage.enabled", false);
|
||||
>>>>>>> 4041ab1 (reorganized and improved some entries)
|
||||
|
||||
// pocket
|
||||
>>>>>>> 653a6ed (knocked out some more prefs)
|
||||
|
|
@ -2045,19 +2062,6 @@ lockPref("social.remote-install.enabled", false);
|
|||
// Pref :
|
||||
lockPref("social.whitelist", "");
|
||||
|
||||
// Pref : Disable RC4
|
||||
// https://developer.mozilla.org/en-US/Firefox/Releases/38#Security
|
||||
// https://bugzilla.mozilla.org/show_bug.cgi?id=1138882
|
||||
// https://rc4.io/
|
||||
// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2566
|
||||
lockPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
|
||||
lockPref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
|
||||
lockPref("security.ssl3.rsa_rc4_128_md5", false);
|
||||
lockPref("security.ssl3.rsa_rc4_128_sha", false);
|
||||
lockPref("security.tls.unrestricted_rc4_fallback", false);
|
||||
|
||||
|
||||
|
||||
defaultPref("xpinstall.signatures.required", true);
|
||||
|
||||
// https://www.ghacks.net/2019/05/24/firefox-69-userchrome-css-and-usercontent-css-disabled-by-default/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue