diff --git a/user.js b/user.js index 4ba1ea0..e8cfb0b 100644 --- a/user.js +++ b/user.js @@ -283,6 +283,7 @@ user_pref("security.remote_settings.crlite_filters.enabled", false); user_pref("security.remote_settings.crlite_filters.bucket", ""); user_pref("security.remote_settings.crlite_filters.collection", ""); user_pref("security.remote_settings.crlite_filters.signer", ""); +user_pref("security.pki.crlite_mode", 2); // ------------------------------------- // Pref : Block unwanted connections user_pref("app.feedback.baseURL", ""); @@ -797,14 +798,24 @@ user_pref("security.mixed_content.block_object_subrequest", true); // ------------------------------------- // Enable HTTPS-Only mode [FF76+] // When "https_only_mode" (all windows) is true, "https_only_mode_pbm" (private windows only) is ignored -// [WARNING] This is experimental [1] and you can't set exceptions if FPI is enabled (fixed in FF83) -// [SETTING] to add site exceptions: Page Info>Permissions>Use insecure HTTP (FF80+) +// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily // [SETTING] Privacy & Security>HTTPS-Only Mode +// [TEST] http://example.com [upgrade] +// [TEST] http://neverssl.org/ [no upgrade] // https://bugzilla.mozilla.org/1613063 [META] // https://bugzilla.mozilla.org/1647829 ***/ user_pref("dom.security.https_only_mode", true); // [FF76+] user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] -user_pref("dom.security.https_only_mode.upgrade_local", true); // [FF77+] +// ------------------------------------- +// Enable HTTPS-Only mode for local resources [FF77+] ***/ +// user_pref("dom.security.https_only_mode.upgrade_local", true); +// ------------------------------------- +// Disable HTTP background requests [FF82+] +// When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox +// sends HTTP requests requests in order to check if the server supports HTTPS or not. +// This is done to avoid waiting for a timeout which takes 90 seconds +// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/ +user_pref("dom.security.https_only_mode_send_http_background_request", false); // >>>>>>>>>>>>>>>>>>>>> // CIPHERS [WARNING: do not meddle with your cipher suite] // >>>>>>>>>>>>>>>>>>>>> @@ -1375,8 +1386,10 @@ user_pref("network.cookie.lifetimePolicy", 2); // You are better off using an extension for more granular control ***/ // user_pref("dom.storage.enabled", false); // ------------------------------------- -// Disable offline cache ***/ -user_pref("browser.cache.offline.enable", false); +// Enforce no offline cache storage (appCache) +// The API is easily fingerprinted, use the "storage" pref instead ***/ +// user_pref("browser.cache.offline.enable", false); +user_pref("browser.cache.offline.storage.enable", false); // [FF71+] [DEFAULT: false FF84+] // ------------------------------------- // Disable service worker cache and cache storage // [NOTE] We clear service worker cache on exiting Firefox @@ -1468,6 +1481,10 @@ user_pref("privacy.firstparty.isolate", true); // https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage ***/ // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true] // user_pref("privacy.firstparty.isolate.block_post_message", true); +// Enable scheme with FPI [FF78+] +// [NOTE] Experimental: existing data and site permissions are incompatible +// and some site exceptions may not work e.g. HTTPS-only mode ***/ +// user_pref("privacy.firstparty.isolate.use_site", true); // ------------------------------------- // Enable site partitioning (FF78+) // https://bugzilla.mozilla.org/1590107 [META] */