librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

more good stuff

Browse source
This commit is contained in:
fxbrit 2021-05-06 01:49:02 +02:00
parent 7889fa9ce7
commit 6f5190f26a
2 changed files with 200 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

162
Changelog.md
View file

@ -58,6 +58,7 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false);
defaultPref("general.warnOnAboutConfig", false);
defaultPref("network.auth.subresource-http-auth-allow", 1);
defaultPref("browser.display.use_system_colors", false);
<<<<<<< HEAD
=======
defaultPref("intl.accept_languages", "en-US, en");
=======
@ -105,6 +106,8 @@ defaultPref("extensions.postDownloadThirdPartyPrompt", false);
defaultPref("general.warnOnAboutConfig", false);
defaultPref("network.auth.subresource-http-auth-allow", 1);
>>>>>>> 0267245 (added some new prefs from arkenfox)
=======
>>>>>>> e7a5601 (more good stuff)
```
#### Modified
@ -128,6 +131,7 @@ defaultPref("privacy.cpd.offlineApps", false); // For consistency with new cooki
lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555"); // Previously redirected to localhost:4242
defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed
defaultPref("media.memory_cache_max_size", 65536); // previously lockPref("media.memory_cache_max_size", 16384);
<<<<<<< HEAD
=======
lockPref("devtools.performance.recording.ui-base-url", ""); // Previously redirected to localhost
=======
@ -150,6 +154,8 @@ lockPref("services.sync.prefs.sync.browser.contentblocking.category", false); //
=======
defaultPref("media.autoplay.blocking_policy", 2); // Previously media.autoplay.enabled.user-gestures-needed
>>>>>>> 269747e (fixed lang fp, relaxed xorigin)
=======
>>>>>>> e7a5601 (more good stuff)
```
#### Removed
@ -577,10 +583,14 @@ defaultPref("layers.acceleration.force-enabled", true); // out of scope, not wor
lockPref("privacy.trackingprotection.testing.report_blocked_node", false); // default false and we have tracking protection disabled
lockPref("privacy.trackingprotection.origin_telemetry.enabled", false); // default false and we have tracking protection disabled
<<<<<<< HEAD
<<<<<<< HEAD
lockPref("privacy.trackingprotection.lower_network_priority", false); // default
=======
lockPref("privacy.trackingprotection.lower_network_priority", false); // default false and we have tracking protection disabled
>>>>>>> 48fecfd (removed redundant stuff)
=======
lockPref("privacy.trackingprotection.lower_network_priority", false); // default
>>>>>>> e7a5601 (more good stuff)
lockPref("telemetry.origin_telemetry_test_mode.enabled", false); // default false and we have tracking protection disabled
lockPref("signon.storeSignons", false); // Deprecated
lockPref("browser.urlbar.filter.javascript", true); // default
@ -1060,6 +1070,7 @@ defaultPref("general.oscpu.override", "Windows NT 6.1"); // no benefit over RFP,
lockPref("general.buildID.override", "20100101"); // no benefit over RFP
lockPref("browser.startup.homepage_override.buildID", "20100101"); // no benefit over RFP
defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0"); // no benefit over RFP and without may increase FP
<<<<<<< HEAD
>>>>>>> 934010b (removed overrides for spoofing)
```
@ -1370,6 +1381,29 @@ dom.storage.next_gen -> DISCUSS
javascript.options.wasm -> DISCUSS
security.pki.crlite_mode -> DISCUSS
security.remote_settings.crlite_filters.enabled -> DISCUSS
=======
lockPref("security.insecure_connection_icon.enabled", true); // Default
lockPref("security.insecure_connection_icon.pbmode.enabled", true); // Default
lockPref("browser.bookmarks.restore_default_bookmarks", false); // Default
lockPref("browser.contentblocking.cfr-milestone.enabled", false); // not needed with contenblocking disabled
lockPref("app.normandy.first_run", false); // default
lockPref("browser.send_pings", false); // default
lockPref("browser.send_pings.require_same_host", true); // default
defaultPref("browser.tabs.closeTabByDblclick", true); // why?
lockPref("devtools.debugger.force-local", true); // default
lockPref("gfx.offscreencanvas.enabled", false); // default
lockPref("media.webspeech.recognition.enable", false); // default
lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false); // default
lockPref("remote.force-local", true); // default
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true); // default
lockPref("security.fileuri.strict_origin_policy", true); // default
lockPref("security.insecure_field_warning.contextual.enabled", true); // default
defaultPref("security.remote_settings.intermediates.enabled", true); // default
lockPref("xpinstall.whitelist.required", true); // default
lockPref("browser.sessionhistory.max_entries", 20); // why?
lockPref("extensions.webapi.testing", false); // hidden but default false
lockPref("canvas.capturestream.enabled", false); // any real benefit?
>>>>>>> e7a5601 (more good stuff)
```
<<<<<<< HEAD
>>>>>>> 0267245 (added some new prefs from arkenfox)
@ -1547,4 +1581,132 @@ lockPref("browser.contentblocking.report.vpn-ios.url", "");
lockPref("browser.contentblocking.report.vpn-android.url", "");
*/
```
<<<<<<< HEAD
>>>>>>> 48fecfd (removed redundant stuff)
=======
#### Unlocked
Locked prefs that were unlocked, more should be unlocked probably
```
lockPref("general.config.filename", "librewolf.cfg");
// Unlocked as some think it increases fingerprint, they can now disable it
defaultPref("privacy.donottrackheader.enabled", true);
// Unlocked as some think it increases fingerprint, they can now disable it
defaultPref("permissions.default.geo", 2);
defaultPref("extensions.getAddons.themes.browseURL", "")
defaultPref("pdfjs.enableWebGL", false);
defaultPref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
defaultPref("pdfjs.enabledCache.state", false);
defaultPref("alerts.showFavicons", false); // default: false
defaultPref("security.remote_settings.intermediates.enabled", true);
// Unlocked as some think it increases fingerprint, they can now disable it
defaultPref("dom.battery.enabled", false);
defaultPref("browser.tabs.closeTabByDblclick", true);
// Unlocked as known to cause breakage
defaultPref("dom.event.clipboardevents.enabled", false);
// already default and no reason to lock it
lockPref("network.http.referer.trimmingPolicy", 0);
defaultPref("extensions.blocklist.enabled", false);
defaultPref("extensions.blocklist.detailsURL", "");
defaultPref("extensions.blocklist.itemURL", "");
// someone might want to have it on for security concerns
defaultPref("security.OCSP.enabled", 0);
defaultPref("security.OCSP.require", false);
defaultPref("reader.parse-on-load.enabled", false);
```
#### Made default
Prefs that were user set and are now default
```
defaultPref("signon.management.page.breach-alerts.enabled", false);
defaultPref("signon.management.page.breachAlertUrl", "");
defaultPref("startup.homepage_override_url", "about:blank");
defaultPref("startup.homepage_welcome_url", "about:blank");
defaultPref("startup.homepage_welcome_url.additional", "");
defaultPref("identity.sendtabpromo.url", "");
```
#### To discuss
Prefs that need to be addressed and potential roadmap
```
Open points:
// How much should we lock?
// How in depth should we go with urls
// SB - make re-enabling easier, test connections
// GEO - review to allow easier re-enabling
// evaluate certificate handling (oscp, crlite, blocklist)
missing from arkenfox in need of discussion:
security.pki.crlite_mode -> DISCUSS
security.remote_settings.crlite_filters.enabled -> DISCUSS
dom.security.https_only_mode_send_http_background_request -> DISCUSS
browser.download.useDownloadDir -> do we want to ask for download location each time?
```
#### Commented
Prefs that need to be addressed and that were disabled for now
```
// all covered by previous prefs
// defaultPref("media.navigator.video.enabled", false);
// defaultPref("media.peerconnection.use_document_iceservers", false);
// defaultPref("media.peerconnection.identity.enabled", false);
// defaultPref("media.peerconnection.identity.timeout", 1);
// defaultPref("media.peerconnection.turn.disable", true);
// defaultPref("media.peerconnection.ice.tcp", false);
```
## How to...
#### Stay logged
Add website to exceptions before login, both http and https link
#### Enable DRM content
```
media.eme.enabled = true
media.gmp-widevinecdm.visible = true
media.gmp-widevinecdm.enabled = true
media.gmp-provider.enabled = true
media.gmp-manager.url = https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml
```
#### Use video conferencing
```
media.peerconnection.enabled = true
media.peerconnection.ice.no_host = true
dom.webaudio.enabled = true
```
screensharing `media.getusermedia.screensharing.enabled = true`
#### Enable addons search
```
extensions.getAddons.search.browseURL = "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"
```
#### Enable addons manual updates
```
extensions.update.url = "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=
%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=
%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=
%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=
%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%"
```
#### Enable OCSP certificate checking
```
security.OCSP.enabled = 1
```
you probably also want `security.OCSP.require = true`
#### Hardened setup
```
defaultPref("javascript.options.asmjs", false); defaultPref("javascript.options.wasm", false);
defaultPref("webgl.disabled", true);
defaultPref("privacy.resistFingerprinting.letterboxing", true);
```
>>>>>>> e7a5601 (more good stuff)

55
librewolf.cfg
View file

@ -187,6 +187,7 @@ if (home_directory) {
>>>>>>> 01804b5 (add tags for .md rendering)
// -----------------------------------
<<<<<<< HEAD
<<<<<<< HEAD
<<<<<<< HEAD
lockPref("browser.contentblocking.category", "custom"); // changing to other options is currently broken anyway
@ -197,6 +198,9 @@ defaultPref("browser.contentblocking.category", "custom"); // changing to other
=======
defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI
>>>>>>> 48fecfd (removed redundant stuff)
=======
defaultPref("browser.contentblocking.category", "custom"); // do not lock as it breaks UI even more
>>>>>>> e7a5601 (more good stuff)
lockPref("privacy.trackingprotection.enabled", false);
lockPref("privacy.trackingprotection.pbmode.enabled", false);
lockPref("privacy.trackingprotection.socialtracking.enabled", false);
@ -237,7 +241,6 @@ lockPref("browser.contentblocking.database.enabled", false);
lockPref("browser.contentblocking.reportBreakage.url", "");
// hide ui elements
lockPref("browser.contentblocking.cfr-milestone.enabled", false);
lockPref("browser.contentblocking.cryptomining.preferences.ui.enabled", false);
lockPref("browser.contentblocking.fingerprinting.preferences.ui.enabled", false);
lockPref("browser.contentblocking.report.hide_vpn_banner", true);
@ -247,6 +250,7 @@ lockPref("browser.contentblocking.report.monitor.enabled", false);
lockPref("browser.contentblocking.report.proxy.enabled", false);
lockPref("browser.contentblocking.report.vpn.enabled", false);
<<<<<<< HEAD
// Windows only?
lockPref("default-browser-agent.enabled", false);
>>>>>>> 034d451 (reorganized tracking section + 3rd set of changes)
@ -257,6 +261,10 @@ lockPref("default-browser-agent.enabled", false);
=======
// AUTOPLAY
>>>>>>> a35eb4b (re-organized and reviewed)
=======
// ----------------------------------
// # AUTOPLAY
>>>>>>> e7a5601 (more good stuff)
// ----------------------------------
defaultPref("media.autoplay.default", 5);
@ -264,10 +272,14 @@ defaultPref("media.autoplay.blocking_policy", 2);
// -----------------------------------------
<<<<<<< HEAD
<<<<<<< HEAD
// # PASSWORD MANAGER
=======
// PASSWORD MANAGER
>>>>>>> a35eb4b (re-organized and reviewed)
=======
// # PASSWORD MANAGER
>>>>>>> e7a5601 (more good stuff)
// -----------------------------------------
lockPref("signon.rememberSignons", false);
@ -295,6 +307,7 @@ lockPref("browser.search.update", false);
>>>>>>> 45bf63e (processed everything up to EOF)
// --------------------------------
<<<<<<< HEAD
// # SANITIZING, COOKIES AND HISTORY
// --------------------------------
@ -313,6 +326,9 @@ defaultPref("privacy.cpd.offlineApps", false); // just for consistency to avoid
=======
// SEARCH AND URLBAR
>>>>>>> 653a6ed (knocked out some more prefs)
=======
// # SEARCH AND URLBAR
>>>>>>> e7a5601 (more good stuff)
// --------------------------------
defaultPref("browser.urlbar.dnsResolveSingleWordsAfterSearch", 0);
@ -350,7 +366,6 @@ defaultPref("browser.formfill.enable", false);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
defaultPref("places.history.enabled", false);
defaultPref("privacy.history.custom", true);
lockPref("browser.sessionhistory.max_entries", 20);
<<<<<<< HEAD
<<<<<<< HEAD
@ -720,7 +735,6 @@ lockPref("security.tls.enable_0rtt_data", false);
lockPref("security.tls.version.enable-deprecated", false);
lockPref("security.tls.version.fallback-limit", 3);
lockPref("browser.xul.error_pages.expert_bad_cert", true); // advanced ui infos
lockPref("security.insecure_field_warning.contextual.enabled", true);
// to check
lockPref("network.stricttransportsecurity.preloadlist", false);
@ -933,9 +947,12 @@ lockPref("extensions.systemAddon.update.enabled", false);
lockPref("xpinstall.signatures.devInfoURL", "");
<<<<<<< HEAD
<<<<<<< HEAD
=======
lockPref("extensions.webapi.testing", false); // hidden prefs // default false
>>>>>>> 48fecfd (removed redundant stuff)
=======
>>>>>>> e7a5601 (more good stuff)
lockPref("extensions.webservice.discoverURL", "");
lockPref("webextensions.storage.sync.serverURL", "");
lockPref("extensions.screenshots.upload-disabled", true);
@ -943,10 +960,13 @@ lockPref("lightweightThemes.getMoreURL", "");
defaultPref("extensions.postDownloadThirdPartyPrompt", false);
<<<<<<< HEAD
<<<<<<< HEAD
<<<<<<< HEAD
=======
=======
lockPref("xpinstall.whitelist.required", true); // default
>>>>>>> 7732277 (imrpoved referers and language settings)
=======
>>>>>>> e7a5601 (more good stuff)
<<<<<<< HEAD
// to check
@ -1239,6 +1259,7 @@ lockPref("dom.ipc.plugins.reportCrashURL", false);
lockPref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
lockPref("plugin.state.flash", 0);
<<<<<<< HEAD
// more important stuff
lockPref("browser.shell.shortcutFavicons", false);
defaultPref("alerts.showFavicons", false);
@ -1386,21 +1407,18 @@ lockPref("gfx.font_rendering.opentype_svg.enabled", false);
// # MISC
// --------------------------------
=======
>>>>>>> e7a5601 (more good stuff)
// more important stuff
lockPref("browser.shell.shortcutFavicons", false);
defaultPref("alerts.showFavicons", false);
defaultPref("browser.link.open_newwindow", 3);
defaultPref("browser.link.open_newwindow.restriction", 0);
lockPref("security.data_uri.block_toplevel_data_uri_navigations", true);
lockPref("network.file.disable_unc_paths", true); // (hidden pref)
lockPref("network.gio.supported-protocols", ""); // (hidden pref)
lockPref("network.auth.subresource-img-cross-origin-http-auth-allow", false);
lockPref("plugin.default.state", 1);
lockPref("plugin.state.flash", 0);
lockPref("gfx.offscreencanvas.enabled", false); // default: false
lockPref("canvas.capturestream.enabled", false);
lockPref("network.IDN_show_punycode", true);
lockPref("security.fileuri.strict_origin_policy", true);
defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP
// pocket, to check if we can remove
lockPref("extensions.pocket.enabled", false);
@ -1416,7 +1434,6 @@ defaultPref("pdfjs.enabledCache.state", false);
// remote agent
lockPref("remote.enabled", false);
lockPref("remote.force-local", true);
// settings and behavior
lockPref("browser.shell.checkDefaultBrowser", false);
@ -1434,14 +1451,11 @@ lockPref("accessibility.force_disabled", 1);
lockPref("browser.uitour.enabled", false);
lockPref("middlemouse.contentLoadURL", false);
defaultPref("accessibility.typeaheadfind", false);
lockPref("browser.bookmarks.restore_default_bookmarks", false);
defaultPref("browser.tabs.closeTabByDblclick", true);
lockPref("media.webspeech.recognition.enable", false);
lockPref("network.manage-offline-status", false);
lockPref("browser.helperApps.deleteTempFileOnExit", true);
lockPref("browser.pagethumbnails.capturing_disabled", true);
lockPref("browser.bookmarks.max_backups", 2);
lockPref("reader.parse-on-load.enabled", false);
defaultPref("reader.parse-on-load.enabled", false);
// devtools
defaultPref("devtools.debugger.remote-enabled", false);
@ -1450,7 +1464,6 @@ lockPref("devtools.performance.recording.ui-base-url", "http://localhost:55555")
lockPref("devtools.devices.url", "");
lockPref("devtools.remote.adb.extensionURL", ""); // [FF64+]
lockPref("devtools.remote.adb.extensionID", ""); // default adb@mozilla.org [FF64+]
lockPref("devtools.debugger.force-local", true);
defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-community/browser/linux/-/issues/80
// ui
@ -1479,7 +1492,6 @@ lockPref("accessibility.support.url", "");
lockPref("app.support.baseURL", "");
lockPref("browser.uitour.url", "");
lockPref("webchannel.allowObject.urlWhitelist", "");
lockPref("browser.chrome.errorReporter.infoURL", "");
lockPref("browser.dictionaries.download.url", "");
lockPref("browser.geolocation.warning.infoURL", "");
lockPref("browser.search.searchEnginesURL", "");
@ -1502,7 +1514,7 @@ lockPref("gecko.handlerService.schemes.webcal.0.uriTemplate", "");
lockPref("browser.cache.offline.storage.enable", false);
lockPref("browser.privatebrowsing.forceMediaMemoryCache", true); // [FF75+]
lockPref("media.memory_cache_max_size", 16384);
defaultPref("media.memory_cache_max_size", 65536);
// --------------------------------
// # WEBGL AND PERFORMANCE
@ -1694,11 +1706,14 @@ lockPref("app.shield.optoutstudies.enabled", false);
lockPref("beacon.enabled", false);
lockPref("browser.ping-centre.telemetry", false);
<<<<<<< HEAD
// ping
lockPref("browser.send_pings", false);
lockPref("browser.send_pings.require_same_host", true);
>>>>>>> 8b7a898 (updated and started editing external protocols)
=======
>>>>>>> e7a5601 (more good stuff)
// discovery
lockPref("browser.discovery.enabled", false);
lockPref("browser.discovery.containers.enabled", false);
@ -1777,6 +1792,7 @@ lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
<<<<<<< HEAD
<<<<<<< HEAD
>>>>>>> 8b7a898 (updated and started editing external protocols)
=======
lockPref("dom.ipc.plugins.reportCrashURL", false);
@ -1876,6 +1892,8 @@ lockPref("breakpad.reportURL", "");
lockPref("browser.tabs.crashReporting.sendReport", false);
lockPref("browser.crashReports.unsubmittedCheck.enabled", false);
lockPref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
=======
>>>>>>> e7a5601 (more good stuff)
// captive portal
lockPref("network.captive-portal-service.enabled", false);
@ -2229,6 +2247,9 @@ lockPref("toolkit.winRegisterApplicationRestart", false);
lockPref("security.family_safety.mode", 0);
<<<<<<< HEAD
<<<<<<< HEAD
=======
>>>>>>> e7a5601 (more good stuff)
// Windows only?
lockPref("default-browser-agent.enabled", false);