Update 'user.js'

This commit is contained in:
Narsil 2021-04-04 13:52:59 -04:00
parent d82012aadb
commit 541e50a047
1 changed files with 21 additions and 10 deletions

31
user.js
View File

@ -857,6 +857,11 @@ user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// This is done to avoid waiting for a timeout which takes 90 seconds
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);
// -------------------------------------
// Treat .onion as a secure context [FF60+] [TOR]
// [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser
// https://bugzilla.mozilla.org/1382359 ***/
// user_pref("dom.securecontext.whitelist_onions", true);
//
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// CIPHERS [WARNING: do not meddle with your cipher suite]
@ -967,9 +972,8 @@ user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
// user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2 FF87+]
// user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
// -------------------------------------
// Hide (not spoof) referrer when leaving a .onion domain [FF54+]
// [NOTE] Firefox cannot access .onion sites by default. We recommend you use
// the Tor Browser which is specifically designed for hidden services
// Hide (not spoof) referrer when leaving a .onion domain [FF54+] [TOR]
// [NOTE] Firefox cannot access .onion sites by default: it is strongly recommended you just use Tor Browser
// https://bugzilla.mozilla.org/1305144 ***/
// user_pref("network.http.referer.hideOnionSource", true);
// -------------------------------------
@ -1019,6 +1023,7 @@ user_pref("media.gmp-manager.url.override", "");
// Disable all DRM content (EME: Encryption Media Extension)
// [SETUP-WEB] e.g. Netflix, Amazon Prime, Hulu, HBO, Disney+, Showtime, Starz, DirectTV
// [SETTING] General>DRM Content>Play DRM-controlled content
// [TEST] https://bitmovin.com/demos/drm
// https://www.eff.org/deeplinks/2017/10/drms-dead-canary-how-we-just-lost-web-what-we-learned-it-and-what-we-need-do-next ***/
user_pref("media.eme.enabled", false);
//
@ -1163,8 +1168,8 @@ user_pref("dom.push.userAgentID", "");
// Disable website access to clipboard events/content [SETUP-HARDEN]
// [NOTE] This will break some sites' functionality e.g. Outlook, Twitter, Facebook, Wordpress
// This applies to onCut/onCopy/onPaste events - i.e. it requires interaction with the website
// [WARNING] If both 'middlemouse.paste' and 'general.autoScroll' are true (at least one
// is default false) then enabling this pref can leak clipboard content
// [WARNING] In FF88 or lower, with clipboardevents enabled, if both 'middlemouse.paste' and
// 'general.autoScroll' are true (at least one is default false) then the clipboard can leak
// https://bugzilla.mozilla.org/1528289
user_pref("dom.event.clipboardevents.enabled", false);
// -------------------------------------
@ -1418,12 +1423,18 @@ user_pref("security.dialog_enable_delay", 700);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// PERSISTENT STORAGE
// >>>>>>>>>>>>>>>>>>>>>
// Disable 3rd-party cookies and site-data [SETUP-WEB]
// 0=Accept cookies and site data, 1=(Block) All third-party cookies, 2=(Block) All cookies,
// 3=(Block) Cookies from unvisited websites, 4=(Block) Cross-site and social media trackers (default)
// [NOTE] You can set exceptions under site permissions or use an extension
// Disable or isolate 3rd-party cookies and site-data [SETUP-WEB]
// 0 = Accept cookies and site data
// 1 = (Block) All third-party cookies
// 2 = (Block) All cookies
// 3 = (Block) Cookies from unvisited websites
// 4 = (Block) Cross-site tracking cookies (default)
// 5 = (Isolate All) Cross-site cookies (TCP: Total Cookie Protection / dFPI: dynamic FPI) [1] (FF86+)
// Option 5 with FPI enabled is ignored and not shown, and option 4 used instead
// [NOTE] You can set cookie exceptions under site permissions or use an extension
// [NOTE] Enforcing category to custom ensures ETP related prefs are always honored
// [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies ***/
// [SETTING] Privacy & Security>Enhanced Tracking Protection>Custom>Cookies
// https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
user_pref("network.cookie.cookieBehavior", 1);
user_pref("browser.contentblocking.category", "custom");
// -------------------------------------