From 1fb5aad1796596e6c875bfaf1eed71324a7d64df Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Wed, 25 May 2022 16:23:01 -0400 Subject: lw 100.0.2 dpkg rc1 --- librewolf/debian/librewolf_settings/librewolf.cfg | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'librewolf/debian/librewolf_settings/librewolf.cfg') diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg index 8525c82..8f07322 100755 --- a/librewolf/debian/librewolf_settings/librewolf.cfg +++ b/librewolf/debian/librewolf_settings/librewolf.cfg @@ -6,7 +6,7 @@ * * WARNING: please make sure the first line of this file is empty. this is a known bug. */ -defaultPref("librewolf.cfg.version", "6.0"); +defaultPref("librewolf.cfg.version", "6.4"); /** INDEX @@ -54,7 +54,7 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true); * we disable it but cookies and site data are still cleared per session unless exceptions are set. * all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want. */ -defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", true); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); defaultPref("privacy.sanitize.timeSpan", 0); @@ -208,10 +208,10 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); * our strategy with revocation is to perform all possible checks with CRL, but when a cert * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * increase security. - * switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP. + * crlite is in mode 3 by default, which allows us to detect false positive with OCSP. */ defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks +defaultPref("security.pki.crlite_mode", 3); // default defaultPref("security.OCSP.enabled", 1); // default defaultPref("security.OCSP.require", true); // set to hard-fail @@ -255,7 +255,6 @@ lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); lockPref("browser.safebrowsing.provider.google4.dataSharingURL", ""); /** [SECTION] OTHERS */ -lockPref("security.csp.enable", true); // enforce csp, default defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing defaultPref("pdfjs.enableScripting", false); // disable js scripting in the built-in pdf reader @@ -301,15 +300,11 @@ defaultPref("browser.search.suggest.enabled", false); defaultPref("browser.search.update", false); defaultPref("browser.urlbar.trimURLs", false); /** - * quicksuggest is a feature of firefox that shows sponsored suggestions. we disable it in full - * but the list could and should be trimmed at some point. the scenario controls the opt-in, while - * the second pref disables the feature and hides it from the ui. + * the pref disables the whole feature and hide it from the ui + * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057). + * this also includes the best match feature, as it is part of firefox suggest. */ -lockPref("browser.urlbar.quicksuggest.scenario", "history"); -lockPref("browser.urlbar.quicksuggest.enabled", false); -lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); -lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); -lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default +pref("browser.urlbar.quicksuggest.enabled", false); /** [SECTION] DOWNLOADS * user interaction should always be required for downloads, as a way to enhance security by asking @@ -476,6 +471,8 @@ defaultPref("browser.contentblocking.report.monitor.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("browser.contentblocking.report.show_mobile_app", false); +lockPref("browser.vpn_promo.enabled", false); +lockPref("browser.promo.focus.enabled", false); // ...about:addons recommendations sections and more defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); defaultPref("extensions.getAddons.showPane", false); -- cgit