mirror/arkenfox-user.js
1
1
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-09-28 15:11:15 +02:00
Code Issues Wiki

1600 revamp & 52+53 new prefs

Browse Source
This commit is contained in:
Roman-Nopantski 2017-03-08 04:24:22 +13:00 committed by GitHub
parent 530f7bc39d
commit f87a860188
1 changed files with 33 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
user.js
View File

@ -650,26 +650,43 @@ user_pref("font.blacklist.underline_offset", "");
user_pref("gfx.font_rendering.graphite.enabled", false); user_pref("gfx.font_rendering.graphite.enabled", false);
/*** 1600: HEADERS / REFERERS [SETUP] /*** 1600: HEADERS / REFERERS [SETUP]
Except for 1602, these can all be best handled by an extension to block/spoof Except for DNT (Do Not Track), referers are best controlled by an extension.
all and then whitelist if needed, otherwise too much of the internet breaks. We highly recommend that you block all referers, and then whitelist sites on a
http://www.ghacks.net/2015/01/22/improve-online-privacy-by-controlling-referrer-information/ granular, per domain level. That said, it is still important to set defaults.
full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+path+port: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888
#Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/ #Required reading: https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ ***/
user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); user_pref("ghacks_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1602: disable the DNT HTTP header (this is essentially USELESS and raises entropy) /* 1601: ALL: control when images/links send a referer
* 0=never, 1=send only when links are clicked, 2=for links and images (default)
* [NOTE] Recommended left at default. Focus on XSS and granular cross origin referer control ***/
user_pref("network.http.sendRefererHeader", 2);
/* 1602: ALL: control the amount of information to send
* 0=send full URI (default), 1=scheme+host+path+port, 2=scheme+host+port
* [NOTE] Cross origin requests can be fine tuned in 1603 + 1604. Limiting same origin requests
* is rather pointless. Recommended left at default for zero same origin breakage ***/
user_pref("network.http.referer.trimmingPolicy", 0);
/* 1603: CROSS ORIGIN: fine-tune when to send a referer [SETUP]
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [NOTE] 1 = less breakage, possible leakage 2 = less leakage, more breakage ***/
user_pref("network.http.referer.XOriginPolicy", 1);
/* 1604: CROSS ORIGIN: control the amount of information to send (FF52+)
* 0=send full URI 1=scheme+host+path+port 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
/* 1605: ALL: disable spoofing a referer
* Spoofing increases your exposure to cross-site request forgeries ***/
user_pref("network.http.referer.spoofSource", false);
/* 1606: ALL: set the default Referrer Policy (FF53+)
* 0=no-referer 1=same-origin 2=strict-origin-when-cross-origin
* 3=no-referrer-when-downgrade (default)
* [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy
* https://www.w3.org/TR/referrer-policy/ * https://bugzilla.mozilla.org/show_bug.cgi?id=1304623 ***/
// user_pref("network.http.referer.userControlPolicy", 3);
/* 1610: ALL: disable the DNT HTTP header (this is essentially USELESS and raises entropy)
* This setting is under Options>Privacy>Tracking>Request that sites not track you * This setting is under Options>Privacy>Tracking>Request that sites not track you
* [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/ * [NOTE] if you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/
// user_pref("privacy.donottrackheader.enabled", true); user_pref("privacy.donottrackheader.enabled", false);
/* 1603: referer, WHEN to send
* 0=never, 1=send only when links are clicked, 2=for links and images (default) ***/
// user_pref("network.http.sendRefererHeader", 2);
/* 1604: referer, SPOOF or NOT (default=false) ***/
// user_pref("network.http.referer.spoofSource", false);
/* 1605: referer, HOW to handle cross origins
* 0=always (default), 1=only if base domains match, 2=only if hosts match ***/
user_pref("network.http.referer.XOriginPolicy", 1);
/* 1606: referer, WHAT to send (limit the information)
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
// user_pref("network.http.referer.trimmingPolicy", 0);
/*** 1800: PLUGINS ***/ /*** 1800: PLUGINS ***/
user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!"); user_pref("ghacks_user.js.parrot", "1800 syntax error: the parrot's pushing up daisies!");