summaryrefslogtreecommitdiff
path: root/librewolf.cfg
diff options
context:
space:
mode:
Diffstat (limited to 'librewolf.cfg')
-rwxr-xr-xlibrewolf.cfg62
1 files changed, 35 insertions, 27 deletions
diff --git a/librewolf.cfg b/librewolf.cfg
index 6afe37a..56918a7 100755
--- a/librewolf.cfg
+++ b/librewolf.cfg
@@ -9,7 +9,7 @@
*/
-defaultPref("librewolf.cfg.version", "3.0");
+defaultPref("librewolf.cfg.version", "4.0");
// -------------------------------
// # SANITIZING, TP, SESSIONS
@@ -26,20 +26,20 @@ defaultPref("librewolf.cfg.version", "3.0");
pref("browser.contentblocking.category", "strict");
defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce
-defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until the browser is closed then delete everything minus exceptions
+defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear
// make third party and http cookies session-only
defaultPref("network.cookie.thirdparty.sessionOnly", true);
defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
/**
- this way of sanitizing would override the exceptions set by the users and just delete everything,
- therefore we tell it to delete everything but ignore data needed to stay logged into websites set
- manually as exceptions.
+ this way of sanitizing cookies would override the exceptions set by the users and just delete everything,
+ we disable it but cookies and site data are still cleared per session unless exceptions are set.
+ all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want.
*/
defaultPref("privacy.clearOnShutdown.cookies", false);
-defaultPref("privacy.clearOnShutdown.offlineApps", false);
defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
+defaultPref("privacy.sanitize.timeSpan", 0);
// disable browsing, search and form history
defaultPref("places.history.enabled", false);
@@ -128,13 +128,14 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page
// # MEDIA
// ----------------------
-// disable webrtc
-defaultPref("media.peerconnection.enabled", false); // master switch
-
-// limit potential IP leaks for webrtc users
-defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates
-defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates
-defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users
+/**
+ * limit potential private IP leaks for webrtc users.
+ * mDNS protects the value on linux, osx and win10+.
+ * these prefs protect the value when allowing mic and camera access, and for win7/8.x.
+ * */
+defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate
+defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used
+defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used
// autoplay
defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
@@ -153,8 +154,12 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced
defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default
-// librewolf specifc pref that prevents rfp from forcing light theme, review
-lockPref("privacy.override_rfp_for_color_scheme", false);
+/**
+ * increase the size of new RFP windows for better usability, while still using a rounded value.
+ * if the screen resolution is lower it will stretch to the biggest possible rounded value.
+ * */
+defaultPref("privacy.window.maxInnerWidth", 1600);
+defaultPref("privacy.window.maxInnerHeight", 900);
defaultPref("webgl.disabled", true); // master switch, disable webgl
@@ -167,11 +172,11 @@ defaultPref("fission.autostart", true); // enable fission by default
// certificates
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
-defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching
+defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching
-// crl with no OCSP fallback. commented for now but review
-// defaultPref("security.remote_settings.crlite_filters.enabled", true);
-// defaultPref("security.pki.crlite_mode", 2);
+// crl with no ocsp fallback
+defaultPref("security.remote_settings.crlite_filters.enabled", true);
+defaultPref("security.pki.crlite_mode", 2);
// safe negotiation
defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage
@@ -233,9 +238,6 @@ defaultPref("media.gmp-gmpopenh264.enabled", false);
// # LOCATION, LANGUAGE AND REGION
// ---------------------------------------------
-defaultPref("geo.enabled", false); // block geo api, behind a prompt so review
-defaultPref("permissions.default.geo", 2); // review as well
-
// use mozilla geo service as deault
defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
@@ -260,7 +262,13 @@ lockPref("browser.region.update.enabled", false);
// disable search suggestions
defaultPref("browser.urlbar.suggest.searches", false);
defaultPref("browser.search.suggest.enabled", false);
-pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI
+
+// firefox suggest, review to trim
+lockPref("browser.urlbar.quicksuggest.scenario", "history"); // prevent opt-in, doesn't work alone
+lockPref("browser.urlbar.quicksuggest.enabled", false); // disable suggest and hide its ui
+lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // disable suggestions from firefox
+lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // disable sponsored suggestions
+lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default
defaultPref("browser.search.region", "US"); // set a default search region for all users
defaultPref("browser.search.update", false); // do not update open search search engines
@@ -310,11 +318,11 @@ defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-co
// misc
defaultPref("browser.shell.checkDefaultBrowser", false); // do not check if default browser
-defaultPref("browser.tabs.drawInTitlebar", true); // hide titlebar
defaultPref("browser.aboutConfig.showWarning", false); // disable about:config warning
defaultPref("browser.download.autohideButton", false); // hide download button automatically
defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents
defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks in new tab
+defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whitelist
// --------------------------------------
// # EXTENSIONS
@@ -327,8 +335,7 @@ defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks
defaultPref("extensions.webextensions.restrictedDomains", "");
// set extensions scopes
-defaultPref("extensions.enabledScopes", 5);
-defaultPref("extensions.autoDisableScopes", 11);
+defaultPref("extensions.enabledScopes", 5); // hidden
defaultPref("extensions.postDownloadThirdPartyPrompt", false); // force install prompt for thrid party extensions
@@ -447,7 +454,8 @@ lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
lockPref("toolkit.telemetry.cachedClientID", "");
lockPref("toolkit.telemetry.previousBuildID", "");
lockPref("toolkit.telemetry.server_owner", "");
-lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF]
+lockPref("toolkit.coverage.opt-out", true); // hidden
+lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden
lockPref("toolkit.coverage.enabled", false);
lockPref("toolkit.coverage.endpoint.base", "");
lockPref("toolkit.crashreporter.infoURL", "");
bgstack15