From ca568a61a69eeae3a6019d63a702582d6aab38bd Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Tue, 14 Dec 2021 14:02:14 -0500 Subject: Revert "95.0 attempt 1" on branch 94.0-1 This reverts commit 054ebfe88fc8dd0f73f303e13991505c61e55639. --- librewolf.cfg | 62 ++++++++++++++++++++++++++--------------------------------- 1 file changed, 27 insertions(+), 35 deletions(-) (limited to 'librewolf.cfg') diff --git a/librewolf.cfg b/librewolf.cfg index 56918a7..6afe37a 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -9,7 +9,7 @@ */ -defaultPref("librewolf.cfg.version", "4.0"); +defaultPref("librewolf.cfg.version", "3.0"); // ------------------------------- // # SANITIZING, TP, SESSIONS @@ -26,20 +26,20 @@ defaultPref("librewolf.cfg.version", "4.0"); pref("browser.contentblocking.category", "strict"); defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce -defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear +defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until the browser is closed then delete everything minus exceptions // make third party and http cookies session-only defaultPref("network.cookie.thirdparty.sessionOnly", true); defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true); /** - this way of sanitizing cookies would override the exceptions set by the users and just delete everything, - we disable it but cookies and site data are still cleared per session unless exceptions are set. - all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want. + this way of sanitizing would override the exceptions set by the users and just delete everything, + therefore we tell it to delete everything but ignore data needed to stay logged into websites set + manually as exceptions. */ defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); -defaultPref("privacy.sanitize.timeSpan", 0); // disable browsing, search and form history defaultPref("places.history.enabled", false); @@ -128,14 +128,13 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page // # MEDIA // ---------------------- -/** - * limit potential private IP leaks for webrtc users. - * mDNS protects the value on linux, osx and win10+. - * these prefs protect the value when allowing mic and camera access, and for win7/8.x. - * */ -defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate -defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used +// disable webrtc +defaultPref("media.peerconnection.enabled", false); // master switch + +// limit potential IP leaks for webrtc users +defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates +defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users // autoplay defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked @@ -154,12 +153,8 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default -/** - * increase the size of new RFP windows for better usability, while still using a rounded value. - * if the screen resolution is lower it will stretch to the biggest possible rounded value. - * */ -defaultPref("privacy.window.maxInnerWidth", 1600); -defaultPref("privacy.window.maxInnerHeight", 900); +// librewolf specifc pref that prevents rfp from forcing light theme, review +lockPref("privacy.override_rfp_for_color_scheme", false); defaultPref("webgl.disabled", true); // master switch, disable webgl @@ -172,11 +167,11 @@ defaultPref("fission.autostart", true); // enable fission by default // certificates defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates -defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching +defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching -// crl with no ocsp fallback -defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 2); +// crl with no OCSP fallback. commented for now but review +// defaultPref("security.remote_settings.crlite_filters.enabled", true); +// defaultPref("security.pki.crlite_mode", 2); // safe negotiation defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage @@ -238,6 +233,9 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // # LOCATION, LANGUAGE AND REGION // --------------------------------------------- +defaultPref("geo.enabled", false); // block geo api, behind a prompt so review +defaultPref("permissions.default.geo", 2); // review as well + // use mozilla geo service as deault defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); @@ -262,13 +260,7 @@ lockPref("browser.region.update.enabled", false); // disable search suggestions defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.search.suggest.enabled", false); - -// firefox suggest, review to trim -lockPref("browser.urlbar.quicksuggest.scenario", "history"); // prevent opt-in, doesn't work alone -lockPref("browser.urlbar.quicksuggest.enabled", false); // disable suggest and hide its ui -lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // disable suggestions from firefox -lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // disable sponsored suggestions -lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default +pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI defaultPref("browser.search.region", "US"); // set a default search region for all users defaultPref("browser.search.update", false); // do not update open search search engines @@ -318,11 +310,11 @@ defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-co // misc defaultPref("browser.shell.checkDefaultBrowser", false); // do not check if default browser +defaultPref("browser.tabs.drawInTitlebar", true); // hide titlebar defaultPref("browser.aboutConfig.showWarning", false); // disable about:config warning defaultPref("browser.download.autohideButton", false); // hide download button automatically defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks in new tab -defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whitelist // -------------------------------------- // # EXTENSIONS @@ -335,7 +327,8 @@ defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whi defaultPref("extensions.webextensions.restrictedDomains", ""); // set extensions scopes -defaultPref("extensions.enabledScopes", 5); // hidden +defaultPref("extensions.enabledScopes", 5); +defaultPref("extensions.autoDisableScopes", 11); defaultPref("extensions.postDownloadThirdPartyPrompt", false); // force install prompt for thrid party extensions @@ -454,8 +447,7 @@ lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default lockPref("toolkit.telemetry.cachedClientID", ""); lockPref("toolkit.telemetry.previousBuildID", ""); lockPref("toolkit.telemetry.server_owner", ""); -lockPref("toolkit.coverage.opt-out", true); // hidden -lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden +lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] lockPref("toolkit.coverage.enabled", false); lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.crashreporter.infoURL", ""); -- cgit