From 17a189396bd87a4e076f8165c78a062027396957 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Sun, 19 May 2024 14:05:04 +0300 Subject: [PATCH] initial commit of firefox-forbidden-policies.js (autoconfig take#2) --- .mikaela_install | 12 ++++-- conf/autoconfig.js | 3 +- conf/autoconfig.js.online | 2 +- conf/firefox-forbidden-policies.js | 63 ++++++++++++++++++++++++++++++ etc/firefox/policies/policies.json | 2 +- 5 files changed, 75 insertions(+), 7 deletions(-) create mode 100644 conf/firefox-forbidden-policies.js diff --git a/.mikaela_install b/.mikaela_install index 9b99bb64..d132241c 100755 --- a/.mikaela_install +++ b/.mikaela_install @@ -20,11 +20,15 @@ cat etc/ssh/ssh_config >~/.ssh/config cat .editorconfig >~/.editorconfig mkdir -p ~/.local/firefox/defaults/pref/ cat conf/autoconfig.js >~/.local/firefox/defaults/pref/autoconfig.js -cat conf/librewolf.overrides.cfg >~/.local/firefox/librewolf.overrides.cfg -cat conf/librewolf.overrides.cfg >~/public_html/autoconfig.js +#cat conf/librewolf.overrides.cfg >~/.local/firefox/librewolf.overrides.cfg +cat conf/firefox-forbidden-policies.js >~/.local/firefox/firefox-forbidden-policies.js +#cat conf/librewolf.overrides.cfg >~/public_html/autoconfig.js +cat conf/firefox-forbidden-policies.js >~/public_html/autoconfig.js mkdir -p ~/.librewolf/ ~/.var/app/io.gitlab.librewolf-community/.librewolf/ -cat conf/librewolf.overrides.cfg >~/.librewolf/librewolf.overrides.cfg -cat conf/librewolf.overrides.cfg >~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg +#cat conf/librewolf.overrides.cfg >~/.librewolf/librewolf.overrides.cfg +cat conf/firefox-forbidden-policies.js >~/.librewolf/librewolf.overrides.cfg +#cat conf/librewolf.overrides.cfg >~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg +cat conf/firefox-forbidden-policies.js >~/.var/app/io.gitlab.librewolf-community/.librewolf/librewolf.overrides.cfg mkdir -p ~/.local/share/applications ln -sfv ~/.shell-things/local/share/applications ~/.local/share/applications/shell-things rm -fv ~/.shell-things/local/share/applications/applications diff --git a/conf/autoconfig.js b/conf/autoconfig.js index 69ef551c..30b1c53a 100644 --- a/conf/autoconfig.js +++ b/conf/autoconfig.js @@ -3,6 +3,7 @@ // However the file below belongs to ../../ e.g. /usr/lib/64/firefox/ or // ~/.local/firefox/ -pref("general.config.filename", "librewolf.overrides.cfg"); +//pref("general.config.filename", "librewolf.overrides.cfg"); +pref("general.config.filename", "firefox-forbidden-policies.js"); pref("general.config.obscure_value", 0); // vim: filetype=javascript diff --git a/conf/autoconfig.js.online b/conf/autoconfig.js.online index 1aa5ce84..14af47d8 100644 --- a/conf/autoconfig.js.online +++ b/conf/autoconfig.js.online @@ -1,6 +1,6 @@ // This file belongs to Firefox `default/pref` directory as `autoconfig.js`. // E.g. /usr/lib64/firefox/defaults/pref/autoconfig.js -//pref("autoadmin.global_config_url","https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg"); +//pref("autoadmin.global_config_url","https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js"); pref("autoadmin.global_config_url","file:///home/aminda/public_html/autoconfig.js"); pref("general.config.obscure_value", 0); pref("autoadmin.refresh_interval", 120); diff --git a/conf/firefox-forbidden-policies.js b/conf/firefox-forbidden-policies.js new file mode 100644 index 00000000..139a0355 --- /dev/null +++ b/conf/firefox-forbidden-policies.js @@ -0,0 +1,63 @@ +// Remember to start writing at line 2. This is my second attempt at Firefox +// autoconfig after being taught by LibreAwoo, but this time I am trying to +// avoid duplicating my browser policy, which you can find from the same +// repository, etc/firefox/policies/policies.json + +// If autoconfig is not found, fallback. Also means this file. +pref("autoadmin.failover_to_cached", true); +pref( + "autoadmin.global_config_url", + "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js", +); +pref("autoadmin.offline_failover", true); +pref("autoadmin.refresh_interval", 120); + +// Automatically click cookiebanners although uBlock Origin might block them +pref("cookiebanners.bannerClicking.enabled", true); +pref("cookiebanners.service.mode", 2); +pref("cookiebanners.service.mode.privateBrowsing", 2); + +// Play animated images only once, accessibility. +pref("image.animation.mode", "once"); + +// Spoof en-US as language to scripts +pref("javascript.use_us_english_locale", true); + +// DNT although PrivacyBadger from policy handles this +pref("privacy.donottrackheader.enabled", true); +pref("privacy.donottrackheader.value", 1); + +// More tunable privacy.resistfingerprinting. I have lost the privacy game +// many times before this point, so this is nothing. +pref("privacy.fingerprintingProtection", true); +pref( + "privacy.fingerprintingProtection.overrides", + "+AllTargets,-KeyboardEvents,-SpeechSynthesis,-CSSPrefersColorScheme,-CSSPrefersReducedMotion,-NavigatorPlatform,-NavigatorUserAgent,-JSDateTimeUTC,-HttpUserAgent,-FontVisibilityRestrictGenerics,-FontVisibilityBaseSystem,-FontVisibilityLangPack", +); +pref("privacy.fingerprintingProtection.pbmode", true); +// (Incompatible with the above) +pref("privacy.resistFingerprinting", false); +pref("privacy.resistFingerprinting.block_mozAddonManage", true); +// Letterboxing from Tor Browser, I like it in general. +pref("privacy.resistFingerprinting.letterboxing", true); +// Still Incompatible with the above +pref("privacy.resistFingerprinting.pbmode", false); + +// Enable containers without extensions (although those are forced by the +// policy. TODO: Remove these as they are in the policy, but disallowed by +// current ESR +pref("privacy.userContext.enabled", true); +pref("privacy.userContext.ui.enabled", true); + +// Enables reading mode for all pages (at least in theory) +pref("reader.parse-on-load.force-enabled", true); + +// Ensure OCSP stapling is enabled, especially if the server has it +pref("security.ssl.enable_ocsp_must_staple", true); + +// TODO: Consider removing this when ESR updates as only it needs this for +// ECH, which is otherwise the default= +pref("security.tls.ech.grease_http3", true); + +// No making configuration on the last line of the file! +// diff --git a/etc/firefox/policies/policies.json b/etc/firefox/policies/policies.json index 7b550a16..a858668a 100644 --- a/etc/firefox/policies/policies.json +++ b/etc/firefox/policies/policies.json @@ -251,7 +251,7 @@ "Comment": "Preference not allowed for stability reasons. :(", "Status": "locked", "Type": "string", - "Value": "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/librewolf.overrides.cfg" + "Value": "https://gitea.blesmrt.net/mikaela/shell-things/raw/branch/master/conf/firefox-forbidden-policies.js" }, "autoadmin.offline_failover": { "Comment": "Preference not allowed for stability reasons. :(",