From 58c28f62226cff0c897ed608fb74134e4ebd1602 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Mon, 4 Jul 2022 11:15:48 -0400 Subject: lw 102.0 rc1 --- librewolf/debian/librewolf_settings/librewolf.cfg | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'librewolf/debian/librewolf_settings/librewolf.cfg') diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg index 176a0e6..f2452a0 100755 --- a/librewolf/debian/librewolf_settings/librewolf.cfg +++ b/librewolf/debian/librewolf_settings/librewolf.cfg @@ -6,7 +6,7 @@ * * WARNING: please make sure the first line of this file is empty. this is a known bug. */ -defaultPref("librewolf.cfg.version", "6.5"); +defaultPref("librewolf.cfg.version", "6.6"); /** INDEX @@ -80,7 +80,7 @@ defaultPref("browser.sessionstore.interval", 60000); // increase time between se * currently we set the same query stripping list that brave uses: * https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29 */ -defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); /** * librewolf specific pref that allows to include the query stripping lists in uBO by default. * the asset file is fetched every 7 days. @@ -188,7 +188,6 @@ defaultPref("webgl.disabled", true); /** [SECTION] CERTIFICATES */ defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs -defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates /** * enable safe negotiation and show warning when it is not supported. might cause breakage. */ @@ -199,10 +198,9 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * increase security. * crlite is in mode 3 by default, which allows us to detect false positive with OCSP. + * in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check. */ defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 3); // default -defaultPref("security.OCSP.enabled", 1); // default defaultPref("security.OCSP.require", true); // set to hard-fail /** [SECTION] TLS/SSL */ @@ -282,13 +280,11 @@ defaultPref("media.gmp-provider.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); /** [SECTION] SEARCH AND URLBAR - * disable search suggestion and do not update opensearch engines. urls should also be - * displayed in full instead of trimming them. + * disable search suggestion and do not update opensearch engines. */ defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.search.suggest.enabled", false); defaultPref("browser.search.update", false); -defaultPref("browser.urlbar.trimURLs", false); /** * the pref disables the whole feature and hide it from the ui * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057). @@ -403,6 +399,8 @@ defaultPref("devtools.selfxss.count", 0); // required for devtools console to wo lockPref("browser.translation.engine", ""); // remove translation engine defaultPref("accessibility.force_disabled", 1); // block accessibility services defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels +// NOTE/TODO: net really the right category/section, probably? +defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) -- cgit