domi
/
foxgirl-settings
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve descriptions, trim one more pref

master
fxbrit 2021-09-23 12:17:54 +02:00 committed by fabrizio
parent 174bd0c152
commit c16c0911f3
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/Changelog.md
View File

@ -12,7 +12,7 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
- VR access is behind a prompt and, despite being unlikely, it could be fingerprinted. with all this on the table it's just not worth and overkill.
- vibrator API is so nieche that even tor does not change it. best to trim where possible.
- `extensions.getAddons.link.url"` is showed only when no extension is installed and it's not a bad suggestion to get addons from addons.mozilla.org so we can remove it.
- `browser.safebrowsing.downloads.remote.*` are all controlled by the 3 prefs already in the .cfg, which is the same approach taken by tor browser.
- `browser.safebrowsing.downloads.remote.*` are all controlled by the prefs already in the .cfg, which is the same approach taken by tor browser.
- graphite [is no longer as concerning](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=firefox+graphite) and blocking it is likely fingerprintable.
- the pdf prefs and the bookmark backup are not really relevant to librewolf.
- as reported [here](https://bugzilla.mozilla.org/show_bug.cgi?id=1606624) the shared memory pref is no longer needed, so we can switch it back to default.
@ -108,6 +108,7 @@ lockPref("webchannel.allowObject.urlWhitelist", ""); // deprecated
defaultPref("media.getusermedia.browser.enabled", false);
defaultPref("media.getusermedia.screensharing.enabled", false);
defaultPref("media.getusermedia.audiocapture.enabled", false);
defaultPref("dom.storage.next_gen", true); // default from v92.0
```
#### Added preferences

12
librewolf.cfg
View File

@ -102,8 +102,6 @@ defaultPref("dom.push.enabled", false); // disable push notifications
defaultPref("dom.push.serverURL", ""); // default "wss://push.services.mozilla.com/"
defaultPref("dom.serviceWorkers.enabled", false); // disable service workers, must enable for push notifications
defaultPref("dom.storage.next_gen", true); // will be default from v92.0, keep and eye on
// --------------------------------
// # CACHE AND TEMPORARY FILES
// --------------------------------
@ -124,9 +122,9 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page
defaultPref("media.peerconnection.enabled", false); // master switch
// limit potential IP leaks for webrtc users
defaultPref("media.peerconnection.ice.default_address_only", true);
defaultPref("media.peerconnection.ice.no_host", true);
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true);
defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates
defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates
defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users
// autoplay
defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked
@ -143,7 +141,7 @@ defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true); // prev
defaultPref("browser.startup.blankWindow", false); // if set to true it breaks RFP windows resizing
defaultPref("browser.display.use_system_colors", false); // default but enforced due to RFP
// librewolf specifc pref, prevents rfp from forcing light theme
// librewolf specifc pref that prevents rfp from forcing light theme, review
lockPref("privacy.override_rfp_for_color_scheme", false);
defaultPref("webgl.disabled", true); // master switch, disable webgl
@ -153,7 +151,7 @@ defaultPref("webgl.disabled", true); // master switch, disable webgl
// --------------------------------
// certificates
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, review as could be deprecated
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning
defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching