more good stuff

2021-05-06 01:49:02 +02:00 · 2021-05-06 01:49:02 +02:00 · 6f5190f26a
commit 6f5190f26a
parent 7889fa9ce7
2 changed files with 200 additions and 17 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -58,6 +58,7 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false);
 defaultPref("general.warnOnAboutConfig", false);
 defaultPref("network.auth.subresource-http-auth-allow", 1);
 defaultPref("browser.display.use_system_colors", false);
 <<<<<<< HEAD
 =======
 defaultPref("intl.accept_languages", "en-US, en");
 =======
@ -105,6 +106,8 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false);
 defaultPref("general.warnOnAboutConfig", false);
 defaultPref("network.auth.subresource-http-auth-allow", 1);
 >>>>>>> 0267245 (added some new prefs from arkenfox)
 =======
 >>>>>>> e7a5601 (more good stuff)
 ```
 #### Modified
@ -128,6 +131,7 @@ defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cooki
 lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242
 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed
 defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384);
 <<<<<<< HEAD
 =======
 lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost
 =======
@ -150,6 +154,8 @@ lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //
 =======
 defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed
 >>>>>>> 269747e (fixed lang fp, relaxed xorigin)
 =======
 >>>>>>> e7a5601 (more good stuff)
 ```
 #### Removed
@ -577,10 +583,14 @@ defaultPref("layers.acceleration.force-enabled", true); // out of scope, not wor
 lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled
 lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled
 <<<<<<< HEAD
 <<<<<<< HEAD
 lockPref("privacy.trackingprotection.lower_network_priority", false); // default
 =======
 lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled
 >>>>>>> 48fecfd (removed redundant stuff)
 =======
 lockPref("privacy.trackingprotection.lower_network_priority", false); // default
 >>>>>>> e7a5601 (more good stuff)
 lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled
 lockPref("signon.storeSignons", false); // Deprecated
 lockPref("browser.urlbar.filter.javascript", true); // default
@ -1060,6 +1070,7 @@ defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP,
 lockPref("general.buildID.override", "20100101"); // no benefit over RFP
 lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP
 defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP
 <<<<<<< HEAD
 >>>>>>> 934010b (removed overrides for spoofing)
 ```
@ -1370,6 +1381,29 @@ dom.storage.next_gen  ->  DISCUSS
 javascript.options.wasm  ->  DISCUSS
 security.pki.crlite_mode  ->  DISCUSS
 security.remote_settings.crlite_filters.enabled  ->  DISCUSS
 =======
 lockPref("security.insecure_connection_icon.enabled", true); // Default
 lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default
 lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default
 lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled
 lockPref("app.normandy.first_run", false); // default
 lockPref("browser.send_pings", false); // default
 lockPref("browser.send_pings.require_same_host", true); // default
 defaultPref("browser.tabs.closeTabByDblclick", true); // why?
 lockPref("devtools.debugger.force-local", true); // default
 lockPref("gfx.offscreencanvas.enabled", false); // default
 lockPref("media.webspeech.recognition.enable", false); // default
 lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default
 lockPref("remote.force-local", true); // default
 lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default
 lockPref("security.fileuri.strict_origin_policy", true); // default
 lockPref("security.insecure_field_warning.contextual.enabled", true); // default
 defaultPref("security.remote_settings.intermediates.enabled", true); // default
 lockPref("xpinstall.whitelist.required", true); // default
 lockPref("browser.sessionhistory.max_entries", 20); // why?
 lockPref("extensions.webapi.testing", false); // hidden but default false
 lockPref("canvas.capturestream.enabled", false); // any real benefit?
 >>>>>>> e7a5601 (more good stuff)
 ```
 <<<<<<< HEAD
 >>>>>>> 0267245 (added some new prefs from arkenfox)
@ -1547,4 +1581,132 @@ lockPref("browser.contentblocking.report.vpn-ios.url", "");
 lockPref("browser.contentblocking.report.vpn-android.url", "");
 */
 ```
 <<<<<<< HEAD
 >>>>>>> 48fecfd (removed redundant stuff)
 =======
 #### Unlocked
 Locked prefs that were unlocked, more should be unlocked probably
 ```
 lockPref("general.config.filename", "librewolf.cfg");
 // Unlocked as some think it increases fingerprint, they can now disable it
 defaultPref("privacy.donottrackheader.enabled", true);
 // Unlocked as some think it increases fingerprint, they can now disable it
 defaultPref("permissions.default.geo", 2);
 defaultPref("extensions.getAddons.themes.browseURL", "")
 defaultPref("pdfjs.enableWebGL", false);
 defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
 defaultPref("pdfjs.enabledCache.state", false);
 defaultPref("alerts.showFavicons", false); // default: false
 defaultPref("security.remote_settings.intermediates.enabled", true);
 // Unlocked as some think it increases fingerprint, they can now disable it
 defaultPref("dom.battery.enabled", false);
 defaultPref("browser.tabs.closeTabByDblclick", true);
 // Unlocked as known to cause breakage
 defaultPref("dom.event.clipboardevents.enabled", false);
 // already default and no reason to lock it
 lockPref("network.http.referer.trimmingPolicy", 0); 
 defaultPref("extensions.blocklist.enabled", false);
 defaultPref("extensions.blocklist.detailsURL", "");
 defaultPref("extensions.blocklist.itemURL", "");
 // someone might want to have it on for security concerns
 defaultPref("security.OCSP.enabled", 0);
 defaultPref("security.OCSP.require", false);
 defaultPref("reader.parse-on-load.enabled", false);
 ```
 #### Made default
 Prefs that were user set and are now default
 ```
 defaultPref("signon.management.page.breach-alerts.enabled", false);
 defaultPref("signon.management.page.breachAlertUrl", "");
 defaultPref("startup.homepage_override_url", "about:blank");
 defaultPref("startup.homepage_welcome_url", "about:blank");
 defaultPref("startup.homepage_welcome_url.additional", "");
 defaultPref("identity.sendtabpromo.url", "");
 ```
 #### To discuss
 Prefs that need to be addressed and potential roadmap
 ```
 Open points:
 // How much should we lock?
 // How in depth should we go with urls
 // SB - make re-enabling easier, test connections
 // GEO - review to allow easier re-enabling
 // evaluate certificate handling (oscp, crlite, blocklist)
 missing from arkenfox in need of discussion:
 security.pki.crlite_mode  ->  DISCUSS
 security.remote_settings.crlite_filters.enabled  ->  DISCUSS
 dom.security.https_only_mode_send_http_background_request  ->  DISCUSS
 browser.download.useDownloadDir  ->  do we want to ask for download location each time?
 ```
 #### Commented
 Prefs that need to be addressed and that were disabled for now
 ```
 // all covered by previous prefs
 // defaultPref("media.navigator.video.enabled", false);
 // defaultPref("media.peerconnection.use_document_iceservers", false);
 // defaultPref("media.peerconnection.identity.enabled", false);
 // defaultPref("media.peerconnection.identity.timeout", 1);
 // defaultPref("media.peerconnection.turn.disable", true);
 // defaultPref("media.peerconnection.ice.tcp", false);
 ```
 ## How to...
 #### Stay logged
 Add website to exceptions before login, both http and https link
 #### Enable DRM content
 ```
 media.eme.enabled = true
 media.gmp-widevinecdm.visible = true
 media.gmp-widevinecdm.enabled = true
 media.gmp-provider.enabled = true
 media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
 ```
 #### Use video conferencing
 ```
 media.peerconnection.enabled = true
 media.peerconnection.ice.no_host = true
 dom.webaudio.enabled = true
 ```
 screensharing `media.getusermedia.screensharing.enabled = true`
 #### Enable addons search
 ```
 extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"
 ```
 #### Enable addons manual updates
 ```
 extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=
 %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=
 %ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=
 %APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=
 %CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"
 ```
 #### Enable OCSP certificate checking
 ```
 security.OCSP.enabled = 1
 ```
 you probably also want `security.OCSP.require = true`
 #### Hardened setup
 ```
 defaultPref("javascript.options.asmjs", false);                                       defaultPref("javascript.options.wasm", false);
 defaultPref("webgl.disabled", true);
 defaultPref("privacy.resistFingerprinting.letterboxing", true);
 ```
 >>>>>>> e7a5601 (more good stuff)
--- a/librewolf.cfg
+++ b/librewolf.cfg
@ -187,6 +187,7 @@ if (home_directory) {
 >>>>>>> 01804b5 (add tags for .md rendering)
 // -----------------------------------
 <<<<<<< HEAD
 <<<<<<< HEAD
 <<<<<<< HEAD
 lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway
@ -197,6 +198,9 @@ defaultPref("browser.contentblocking.category", "custom"); // changing to other
 =======
 defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI
 >>>>>>> 48fecfd (removed redundant stuff)
 =======
 defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more
 >>>>>>> e7a5601 (more good stuff)
 lockPref("privacy.trackingprotection.enabled", false);
 lockPref("privacy.trackingprotection.pbmode.enabled", false);
 lockPref("privacy.trackingprotection.socialtracking.enabled", false);
@ -237,7 +241,6 @@ lockPref("browser.contentblocking.database.enabled", false);
 lockPref("browser.contentblocking.reportBreakage.url", "");
 // hide ui elements
 lockPref("browser.contentblocking.cfr-milestone.enabled", false);
 lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false);
 lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false);
 lockPref("browser.contentblocking.report.hide_vpn_banner", true);
@ -247,6 +250,7 @@ lockPref("browser.contentblocking.report.monitor.enabled", false);
 lockPref("browser.contentblocking.report.proxy.enabled", false);
 lockPref("browser.contentblocking.report.vpn.enabled", false);
 <<<<<<< HEAD
 // Windows only?
 lockPref("default-browser-agent.enabled", false);
 >>>>>>> 034d451 (reorganized tracking section + 3rd set of changes)
@ -257,6 +261,10 @@ lockPref("default-browser-agent.enabled", false);
 =======
 // AUTOPLAY
 >>>>>>> a35eb4b (re-organized and reviewed)
 =======
 // ----------------------------------
 // # AUTOPLAY
 >>>>>>> e7a5601 (more good stuff)
 // ----------------------------------
 defaultPref("media.autoplay.default", 5);
@ -264,10 +272,14 @@ defaultPref("media.autoplay.blocking_policy", 2);
 // -----------------------------------------
 <<<<<<< HEAD
 <<<<<<< HEAD
 // # PASSWORD MANAGER
 =======
 // PASSWORD MANAGER
 >>>>>>> a35eb4b (re-organized and reviewed)
 =======
 // # PASSWORD MANAGER
 >>>>>>> e7a5601 (more good stuff)
 // -----------------------------------------
 lockPref("signon.rememberSignons", false);
@ -295,6 +307,7 @@ lockPref("browser.search.update", false);
 >>>>>>> 45bf63e (processed everything up to EOF)
 // --------------------------------
 <<<<<<< HEAD
 // # SANITIZING, COOKIES AND HISTORY
 // --------------------------------
@ -313,6 +326,9 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid
 =======
 // SEARCH AND URLBAR
 >>>>>>> 653a6ed (knocked out some more prefs)
 =======
 // # SEARCH AND URLBAR
 >>>>>>> e7a5601 (more good stuff)
 // --------------------------------
 defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
@ -350,7 +366,6 @@ defaultPref("browser.formfill.enable", false);
 defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
 defaultPref("places.history.enabled", false);
 defaultPref("privacy.history.custom", true);
 lockPref("browser.sessionhistory.max_entries", 20);
 <<<<<<< HEAD
 <<<<<<< HEAD
@ -720,7 +735,6 @@ lockPref("security.tls.enable_0rtt_data", false);
 lockPref("security.tls.version.enable-deprecated", false);
 lockPref("security.tls.version.fallback-limit", 3);
 lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos
 lockPref("security.insecure_field_warning.contextual.enabled", true);
 // to check
 lockPref("network.stricttransportsecurity.preloadlist",	false);
@ -933,9 +947,12 @@ lockPref("extensions.systemAddon.update.enabled", false);
 lockPref("xpinstall.signatures.devInfoURL", "");
 <<<<<<< HEAD
 <<<<<<< HEAD
 =======
 lockPref("extensions.webapi.testing", false); // hidden prefs // default false
 >>>>>>> 48fecfd (removed redundant stuff)
 =======
 >>>>>>> e7a5601 (more good stuff)
 lockPref("extensions.webservice.discoverURL", "");
 lockPref("webextensions.storage.sync.serverURL", "");
 lockPref("extensions.screenshots.upload-disabled", true);
@ -943,10 +960,13 @@ lockPref("lightweightThemes.getMoreURL", "");
 defaultPref("extensions.postDownloadThirdPartyPrompt", false);
 <<<<<<< HEAD
 <<<<<<< HEAD
 <<<<<<< HEAD
 =======
 =======
 lockPref("xpinstall.whitelist.required", true); // default
 >>>>>>> 7732277 (imrpoved referers and language settings)
 =======
 >>>>>>> e7a5601 (more good stuff)
 <<<<<<< HEAD
 // to check
@ -1239,6 +1259,7 @@ lockPref("dom.ipc.plugins.reportCrashURL", false);
 lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
 lockPref("plugin.state.flash", 0);
 <<<<<<< HEAD
 // more important stuff
 lockPref("browser.shell.shortcutFavicons", false);
 defaultPref("alerts.showFavicons", false);
@ -1386,21 +1407,18 @@ lockPref("gfx.font_rendering.opentype_svg.enabled", false);
 // # MISC
 // --------------------------------
 =======
 >>>>>>> e7a5601 (more good stuff)
 // more important stuff
 lockPref("browser.shell.shortcutFavicons", false);
 defaultPref("alerts.showFavicons", false);
 defaultPref("browser.link.open_newwindow", 3);
 defaultPref("browser.link.open_newwindow.restriction", 0);
 lockPref("security.data_uri.block_toplevel_data_uri_navigations", true);
 lockPref("network.file.disable_unc_paths", true); // (hidden pref)
 lockPref("network.gio.supported-protocols", ""); // (hidden pref)
 lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
 lockPref("plugin.default.state", 1);
 lockPref("plugin.state.flash", 0);
 lockPref("gfx.offscreencanvas.enabled", false); // default: false
 lockPref("canvas.capturestream.enabled", false);
 lockPref("network.IDN_show_punycode", true);
-lockPref("security.fileuri.strict_origin_policy", true);
+defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP
 // pocket, to check if we can remove
 lockPref("extensions.pocket.enabled", false);
@ -1416,7 +1434,6 @@ defaultPref("pdfjs.enabledCache.state", false);
 // remote agent
 lockPref("remote.enabled", false);
 lockPref("remote.force-local", true);
 // settings and behavior
 lockPref("browser.shell.checkDefaultBrowser", false);
@ -1434,14 +1451,11 @@ lockPref("accessibility.force_disabled", 1);
 lockPref("browser.uitour.enabled", false);
 lockPref("middlemouse.contentLoadURL", false);
 defaultPref("accessibility.typeaheadfind", false);
 lockPref("browser.bookmarks.restore_default_bookmarks", false);
 defaultPref("browser.tabs.closeTabByDblclick", true);
 lockPref("media.webspeech.recognition.enable", false);
 lockPref("network.manage-offline-status", false);
 lockPref("browser.helperApps.deleteTempFileOnExit", true);
 lockPref("browser.pagethumbnails.capturing_disabled", true);
 lockPref("browser.bookmarks.max_backups", 2);
-lockPref("reader.parse-on-load.enabled", false);
+defaultPref("reader.parse-on-load.enabled", false);
 // devtools
 defaultPref("devtools.debugger.remote-enabled", false);
@ -1450,7 +1464,6 @@ lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555")
 lockPref("devtools.devices.url", "");
 lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+]
 lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+]
 lockPref("devtools.debugger.force-local", true);
 defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80
 // ui
@ -1479,7 +1492,6 @@ lockPref("accessibility.support.url", "");
 lockPref("app.support.baseURL", "");
 lockPref("browser.uitour.url", "");
 lockPref("webchannel.allowObject.urlWhitelist", "");
 lockPref("browser.chrome.errorReporter.infoURL", "");
 lockPref("browser.dictionaries.download.url", "");
 lockPref("browser.geolocation.warning.infoURL", "");
 lockPref("browser.search.searchEnginesURL", "");
@ -1502,7 +1514,7 @@ lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
 lockPref("browser.cache.offline.storage.enable", false);
 lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
-lockPref("media.memory_cache_max_size", 16384);
+defaultPref("media.memory_cache_max_size", 65536);
 // --------------------------------
 // # WEBGL AND PERFORMANCE
@ -1694,11 +1706,14 @@ lockPref("app.shield.optoutstudies.enabled", false);
 lockPref("beacon.enabled", false);
 lockPref("browser.ping-centre.telemetry", false);
 <<<<<<< HEAD
 // ping
 lockPref("browser.send_pings", false);
 lockPref("browser.send_pings.require_same_host", true);
 >>>>>>> 8b7a898 (updated and started editing external protocols)
 =======
 >>>>>>> e7a5601 (more good stuff)
 // discovery
 lockPref("browser.discovery.enabled", false);
 lockPref("browser.discovery.containers.enabled", false);
@ -1777,6 +1792,7 @@ lockPref("browser.tabs.crashReporting.sendReport", false);
 lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
 lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
 <<<<<<< HEAD
 <<<<<<< HEAD
 >>>>>>> 8b7a898 (updated and started editing external protocols)
 =======
 lockPref("dom.ipc.plugins.reportCrashURL", false);
@ -1876,6 +1892,8 @@ lockPref("breakpad.reportURL", "");
 lockPref("browser.tabs.crashReporting.sendReport", false);
 lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
 lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
 =======
 >>>>>>> e7a5601 (more good stuff)
 // captive portal
 lockPref("network.captive-portal-service.enabled", false);
@ -2229,6 +2247,9 @@ lockPref("toolkit.winRegisterApplicationRestart", false);
 lockPref("security.family_safety.mode", 0);
 <<<<<<< HEAD
 <<<<<<< HEAD
 =======
 >>>>>>> e7a5601 (more good stuff)
 // Windows only?
 lockPref("default-browser-agent.enabled", false);