|
1 | 1 | /****** |
2 | 2 | * name: arkenfox user.js |
3 | | -* date: 9 April 2022 |
4 | | -* version: 99 |
| 3 | +* date: 9 May 2022 |
| 4 | +* version: 100 |
5 | 5 | * url: https://github.com/arkenfox/user.js |
6 | 6 | * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt |
7 | 7 |
|
@@ -741,6 +741,9 @@ user_pref("browser.download.useDownloadDir", false); |
741 | 741 | user_pref("browser.download.alwaysOpenPanel", false); |
742 | 742 | /* 2653: disable adding downloads to the system's "recent documents" list ***/ |
743 | 743 | user_pref("browser.download.manager.addToRecentDocs", false); |
| 744 | +/* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+] |
| 745 | + * [SETTING] General>Files and Applications>What should Firefox do with other files ***/ |
| 746 | +user_pref("browser.download.always_ask_before_handling_new_types", true); |
744 | 747 |
|
745 | 748 | /** EXTENSIONS ***/ |
746 | 749 | /* 2660: lock down allowed extension directories |
@@ -1174,13 +1177,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies |
1174 | 1177 | * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/ |
1175 | 1178 | // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2] |
1176 | 1179 | // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2] |
1177 | | -/* 7009: disable HTTP2 |
1178 | | - * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] |
1179 | | - * [1] https://w3techs.com/technologies/details/ce-http2/all/all ***/ |
1180 | | - // user_pref("network.http.spdy.enabled", false); |
1181 | | - // user_pref("network.http.spdy.enabled.deps", false); |
1182 | | - // user_pref("network.http.spdy.enabled.http2", false); |
1183 | | - // user_pref("network.http.spdy.websockets", false); // [FF65+] |
1184 | 1180 | /* 7010: disable HTTP Alternative Services [FF37+] |
1185 | 1181 | * [WHY] Already isolated with network partitioning (FF85+) ***/ |
1186 | 1182 | // user_pref("network.http.altsvc.enabled", false); |
@@ -1209,6 +1205,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies |
1209 | 1205 | * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/ |
1210 | 1206 | // user_pref("network.cookie.cookieBehavior", 5); |
1211 | 1207 | // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true); |
| 1208 | + // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+] |
1212 | 1209 | // user_pref("privacy.partition.network_state.ocsp_cache", true); |
1213 | 1210 | // user_pref("privacy.trackingprotection.enabled", true); |
1214 | 1211 | // user_pref("privacy.trackingprotection.socialtracking.enabled", true); |
@@ -1356,6 +1353,15 @@ user_pref("app.update.background.scheduling.enabled", false); |
1356 | 1353 | // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP |
1357 | 1354 | // [-] https://bugzilla.mozilla.org/1754301 |
1358 | 1355 | user_pref("security.csp.enable", true); // [DEFAULT: true] |
| 1356 | +// FF100 |
| 1357 | +// 7009: disable HTTP2 - replaced by network.http.http2* prefs |
| 1358 | + // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1] |
| 1359 | + // [1] https://w3techs.com/technologies/details/ce-http2/all/all |
| 1360 | + // [-] https://bugzilla.mozilla.org/1752621 |
| 1361 | + // user_pref("network.http.spdy.enabled", false); |
| 1362 | + // user_pref("network.http.spdy.enabled.deps", false); |
| 1363 | + // user_pref("network.http.spdy.enabled.http2", false); |
| 1364 | + // user_pref("network.http.spdy.websockets", false); // [FF65+] |
1359 | 1365 | // ***/ |
1360 | 1366 |
|
1361 | 1367 | /* END: internal custom pref to test for syntax errors ***/ |
|
0 commit comments