forked from d3cim/mobile_user.js
Update 'user.js'
This commit is contained in:
parent
e1b80dba91
commit
89298012da
30
user.js
30
user.js
|
@ -560,6 +560,7 @@ user_pref("security.remote_settings.crlite_filters.enabled", false);
|
||||||
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
user_pref("security.remote_settings.crlite_filters.bucket", "");
|
||||||
user_pref("security.remote_settings.crlite_filters.collection", "");
|
user_pref("security.remote_settings.crlite_filters.collection", "");
|
||||||
user_pref("security.remote_settings.crlite_filters.signer", "");
|
user_pref("security.remote_settings.crlite_filters.signer", "");
|
||||||
|
user_pref("security.pki.crlite_mode", 2);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
// Pref : Disable Default Browser Agent
|
// Pref : Disable Default Browser Agent
|
||||||
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
|
// https://firefox-source-docs.mozilla.org/main/latest/toolkit/mozapps/defaultagent/default-browser-agent/index.html
|
||||||
|
@ -1458,15 +1459,26 @@ user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false); // [DESKTOP]
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
|
// Section : HTTPS (SSL/TLS / OCSP / Certs / HPKP / Ciphers)
|
||||||
// >>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
// Pref : Enable HTTPS-only-mode
|
// Pref : Enable HTTPS-only-mode [FF76+]
|
||||||
// * [WARNING] This is experimental, see [1] and you can't set exceptions if FPI is enabled, see [2]
|
// [SETTING] to add site exceptions: Page Info>HTTPS-Only mode>On/Off/Off temporarily
|
||||||
// https://www.ghacks.net/2020/03/24/firefox-76-gets-optional-https-only-mode/
|
// [SETTING] Privacy & Security>HTTPS-Only Mode
|
||||||
// * [1] https://bugzilla.mozilla.org/1613063 [META]
|
// [TEST] http://example.com [upgrade]
|
||||||
// * [2] https://bugzilla.mozilla.org/1647829 ***/
|
// [TEST] http://neverssl.org/ [no upgrade]
|
||||||
// user_pref("dom.security.https_only_mode", true);
|
// https://bugzilla.mozilla.org/1613063 [META]
|
||||||
|
// https://bugzilla.mozilla.org/1647829 ***/
|
||||||
|
user_pref("dom.security.https_only_mode", true); [FF76+]
|
||||||
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
|
// user_pref("dom.security.https_only_mode_pbm", true); // [FF80+]
|
||||||
|
// -------------------------------------
|
||||||
|
// Pref: Enable HTTPS-Only mode for local resources [FF77+] ***/
|
||||||
// user_pref("dom.security.https_only_mode.upgrade_local", true);
|
// user_pref("dom.security.https_only_mode.upgrade_local", true);
|
||||||
// -------------------------------------
|
// -------------------------------------
|
||||||
|
// Pref: Disable HTTP background requests [FF82+]
|
||||||
|
// When attempting to upgrade, if the server doesn't respond within 3 seconds, firefox
|
||||||
|
// sends HTTP requests in order to check if the server supports HTTPS or not.
|
||||||
|
// This is done to avoid waiting for a timeout which takes 90 seconds
|
||||||
|
// https://bugzilla.mozilla.org/buglist.cgi?bug_id=1642387,1660945 ***/
|
||||||
|
user_pref("dom.security.https_only_mode_send_http_background_request", false);
|
||||||
|
// -------------------------------------
|
||||||
// Pref : Require safe negotiation
|
// Pref : Require safe negotiation
|
||||||
// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
|
// Blocks connections to servers that don't support RFC 5746 as they're potentially vulnerable to a MiTM attack. A server *without* RFC 5746 can be safe from the attack if it disables renegotiations but the problem is that the browser can't know that.
|
||||||
// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
|
// Setting this pref to true is the only way for the browser to ensure there will be no unsafe renegotiations on the channel between the browser and the server.
|
||||||
|
@ -2379,7 +2391,11 @@ user_pref("privacy.firstparty.isolate", true);
|
||||||
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
// https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
|
||||||
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
|
||||||
user_pref("privacy.firstparty.isolate.block_post_message", true);
|
user_pref("privacy.firstparty.isolate.block_post_message", true);
|
||||||
//
|
// -------------------------------------
|
||||||
|
// Pref: Enable scheme with FPI [FF78+]
|
||||||
|
// [NOTE] Experimental: existing data and site permissions are incompatible
|
||||||
|
// and some site exceptions may not work e.g. HTTPS-only mode ***/
|
||||||
|
// user_pref("privacy.firstparty.isolate.use_site", true);
|
||||||
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
||||||
// Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
|
// Section : RFP (Resist Fingerprinting) / RFP Alternatives (USER AGENT SPOOFING)
|
||||||
// >>>>>>>>>>>>>>>>>>>>
|
// >>>>>>>>>>>>>>>>>>>>
|
||||||
|
|
Loading…
Reference in New Issue