librewolf-bot/settings
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

improve descriptions, trim one more pref

Browse source
This commit is contained in:
fxbrit 2021-09-23 12:17:54 +02:00
parent 06836b82ca
commit b6a082f761
2 changed files with 7 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
docs/Changelog.md
View file

@ -12,7 +12,7 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
- VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill. - VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill.
- vibrator API is so nieche that even tor does not change it. best to trim where possible. - vibrator API is so nieche that even tor does not change it. best to trim where possible.
- `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it. - `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it.
- `browser.safebrowsing.downloads.remote.*` are all controlled by the 3 prefs already in the .cfg, which is the same approach taken by tor browser. - `browser.safebrowsing.downloads.remote.*` are all controlled by the prefs already in the .cfg, which is the same approach taken by tor browser.
- graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable. - graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable.
- the pdf prefs and the bookmark backup are not really relevant to librewolf. - the pdf prefs and the bookmark backup are not really relevant to librewolf.
- as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default. - as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default.
@ -108,6 +108,7 @@ lockPref("webchannel.allowObject.urlWhitelist", ""); // deprecated
defaultPref("media.getusermedia.browser.enabled", false); defaultPref("media.getusermedia.browser.enabled", false);
defaultPref("media.getusermedia.screensharing.enabled", false); defaultPref("media.getusermedia.screensharing.enabled", false);
defaultPref("media.getusermedia.audiocapture.enabled", false); defaultPref("media.getusermedia.audiocapture.enabled", false);
defaultPref("dom.storage.next_gen", true); // default from v92.0
``` ```
#### Added preferences #### Added preferences

12
librewolf.cfg
View file

@ -102,8 +102,6 @@ defaultPref("dom.push.enabled", false); // disable push notifications
defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/" defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/"
defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications
defaultPref("dom.storage.next_gen", true); // will be default from v92.0, keep and eye on
// -------------------------------- // --------------------------------
// # CACHE AND TEMPORARY FILES // # CACHE AND TEMPORARY FILES
// -------------------------------- // --------------------------------
@ -124,9 +122,9 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page
defaultPref("media.peerconnection.enabled", false); // master switch defaultPref("media.peerconnection.enabled", false); // master switch
// limit potential IP leaks for webrtc users // limit potential IP leaks for webrtc users
defaultPref("media.peerconnection.ice.default_address_only", true); defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates
defaultPref("media.peerconnection.ice.no_host", true); defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users
// autoplay // autoplay
defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
@ -143,7 +141,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prev
defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP
// librewolf specifc pref, prevents rfp from forcing light theme // librewolf specifc pref that prevents rfp from forcing light theme, review
lockPref("privacy.override_rfp_for_color_scheme", false); lockPref("privacy.override_rfp_for_color_scheme", false);
defaultPref("webgl.disabled", true); // master switch, disable webgl defaultPref("webgl.disabled", true); // master switch, disable webgl
@ -153,7 +151,7 @@ defaultPref("webgl.disabled", true); // master switch, disable webgl
// -------------------------------- // --------------------------------
// certificates // certificates
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, review as could be deprecated defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching