Update 'user.js'

This commit is contained in:
Narsil 2020-11-25 05:51:03 -05:00
parent e1b80dba91
commit 89298012da
1 changed files with 23 additions and 7 deletions

30
user.js
View File

@ -560,6 +560,7 @@ user_pref("security.remote_settings.crlite_filters.enabled", false);
user_pref("security.remote_settings.crlite_filters.bucket", ""); user_pref("security.remote_settings.crlite_filters.bucket", "");
user_pref("security.remote_settings.crlite_filters.collection", ""); user_pref("security.remote_settings.crlite_filters.collection", "");
user_pref("security.remote_settings.crlite_filters.signer", ""); user_pref("security.remote_settings.crlite_filters.signer", "");
user_pref("security.pki.crlite_mode", 2);
// ------------------------------------- // -------------------------------------
// Pref : Disable Default Browser Agent // Pref : Disable Default Browser Agent
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html // https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
@ -1458,15 +1459,26 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers) // Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
// >>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>
// Pref : Enable HTTPS-only-mode // Pref : Enable HTTPS-only-mode [FF76+]
// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2] // [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/ // [SETTING] Privacy & Security>HTTPS-Only Mode
// * [1] https://bugzilla.mozilla.org/1613063 [META] // [TEST] http://example.com [upgrade]
// * [2] https://bugzilla.mozilla.org/1647829 ***/ // [TEST] http://neverssl.org/ [no upgrade]
// user_pref("dom.security.https_only_mode", true); // https://bugzilla.mozilla.org/1613063 [META]
// https://bugzilla.mozilla.org/1647829 ***/
user_pref("dom.security.https_only_mode", true); [FF76+]
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+] // user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
// -------------------------------------
// Pref: Enable HTTPS-Only mode for local resources [FF77+] ***/
// user_pref("dom.security.https_only_mode.upgrade_local", true); // user_pref("dom.security.https_only_mode.upgrade_local", true);
// ------------------------------------- // -------------------------------------
// Pref: Disable HTTP background requests [FF82+]
// When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
// sends HTTP requests in order to check if the server supports HTTPS or not.
// This is done to avoid waiting for a timeout which takes 90 seconds
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
user_pref("dom.security.https_only_mode_send_http_background_request", false);
// -------------------------------------
// Pref : Require safe negotiation // Pref : Require safe negotiation
// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that. // Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server. // Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
@ -2379,7 +2391,11 @@ user_pref("privacy.firstparty.isolate", true);
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage // https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
user_pref("privacy.firstparty.isolate.restrict_opener_access", true); user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
user_pref("privacy.firstparty.isolate.block_post_message", true); user_pref("privacy.firstparty.isolate.block_post_message", true);
// // -------------------------------------
// Pref: Enable scheme with FPI [FF78+]
// [NOTE] Experimental: existing data and site permissions are incompatible
// and some site exceptions may not work e.g. HTTPS-only mode ***/
// user_pref("privacy.firstparty.isolate.use_site", true);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING) // Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
// >>>>>>>>>>>>>>>>>>>> // >>>>>>>>>>>>>>>>>>>>