From 49505be50cd03afc36dcdc2ea0aae4c3f8e48ca3 Mon Sep 17 00:00:00 2001 From: Aminda Suomalainen Date: Sat, 24 Feb 2024 16:55:00 +0200 Subject: [PATCH] LibreAwoo: just stop using defaultPref so things actually get applied --- conf/librewolf.overrides.cfg | 144 +++++++++++++++++------------------ 1 file changed, 72 insertions(+), 72 deletions(-) diff --git a/conf/librewolf.overrides.cfg b/conf/librewolf.overrides.cfg index a1bfb97b..34db6ec6 100644 --- a/conf/librewolf.overrides.cfg +++ b/conf/librewolf.overrides.cfg @@ -85,10 +85,10 @@ pref("reader.parse-on-load.force-enabled", true); // TRR & ECH // Mode 2 allows fallback to system resolver, 3 is TTR-only -//defaultPref("network.trr.mode", 2); -defaultPref("network.trr.mode", 3); +//pref("network.trr.mode", 2); +pref("network.trr.mode", 3); pref("network.trr.early-AAAA", true); -defaultPref("network.trr.uri", "https://dns0.eu"); +pref("network.trr.uri", "https://dns0.eu"); //pref("network.trr.uri", "https://dns.adguard-dns.com/dns-query"); // NOTE: ECH requires TRR, so mode 2 may not use it. pref("network.trr.disable-ECS", false); @@ -106,9 +106,9 @@ pref("browser.cache.disk.enable", true); pref("browser.cache.memory.enable", true); // Start from homepage, don't restore the previous session (excluding pinned tabs)' -defaultPref("browser.startup.page", 1); +pref("browser.startup.page", 1); // Simplified DDG experience without prompts for extension and all -defaultPref("browser.startup.homepage", "https://start.duckduckgo.com"); +pref("browser.startup.homepage", "https://start.duckduckgo.com"); // https://codeberg.org/librewolf/settings/src/branch/master/librewolf.cfg begins @@ -117,10 +117,10 @@ pref("privacy.partition.always_partition_third_party_non_cookie_storage", true); pref("privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage", false); /** prevent media cache from being written to disk in pb, but increase max cache size to avoid playback issues */ -defaultPref("browser.privatebrowsing.forceMediaMemoryCache", true); -defaultPref("media.memory_cache_max_size", 65536); -defaultPref("browser.shell.shortcutFavicons", false); // disable favicons in profile folder -defaultPref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps +pref("browser.privatebrowsing.forceMediaMemoryCache", true); +pref("media.memory_cache_max_size", 65536); +pref("browser.shell.shortcutFavicons", false); // disable favicons in profile folder +pref("browser.helperApps.deleteTempFileOnExit", true); // delete temporary files opened with external apps /** [SECTION] LOGGING * these prefs are off by default in the official Mozilla builds, @@ -139,22 +139,22 @@ pref("network.auth.subresource-http-auth-allow", 1); // block HTTP authenticatio * as a general rule, the behavior of referes which are not cross-origin should not * be changed. */ -defaultPref("network.http.referer.XOriginTrimmingPolicy", 2); +pref("network.http.referer.XOriginTrimmingPolicy", 2); /** [SECTION] WEBRTC * there is no point in disabling webrtc as mDNS protects the private IP on linux, osx and win10+. * the private IP address is only used in trusted environments, eg. allowed camera and mic access. */ -defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used +pref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used /** [SECTION] PROXY */ -defaultPref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy -defaultPref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention to prevent proxy bypass -defaultPref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used +pref("network.gio.supported-protocols", ""); // disable gio as it could bypass proxy +pref("network.file.disable_unc_paths", true); // hidden, disable using uniform naming convention to prevent proxy bypass +pref("network.proxy.socks_remote_dns", true); // forces dns query through the proxy when using one +pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy when one is used /** [SECTION] DNS */ -defaultPref("network.dns.disablePrefetch", true); // disable dns prefetching +pref("network.dns.disablePrefetch", true); // disable dns prefetching pref("network.dns.skipTRR-when-parental-control-enabled", false); // Arkenfox user.js v117 /** [SECTION] PREFETCHING AND SPECULATIVE CONNECTIONS @@ -163,12 +163,12 @@ pref("network.dns.skipTRR-when-parental-control-enabled", false); // Arkenfox u pref("network.predictor.enabled", false); pref("network.prefetch-next", false); pref("network.http.speculative-parallel-limit", 0); -defaultPref("browser.places.speculativeConnect.enabled", false); +pref("browser.places.speculativeConnect.enabled", false); // disable speculative connections and domain guessing from the urlbar -defaultPref("browser.urlbar.speculativeConnect.enabled", false); +pref("browser.urlbar.speculativeConnect.enabled", false); // RFP + DarkReader? -Aminda -defaultPref("browser.display.use_system_colors", false); // default, except Win +pref("browser.display.use_system_colors", false); // default, except Win // RFP I configured by myself before and window size won't affect me due to Sway // and I manually enabled letterboxing above. -Aminda @@ -176,7 +176,7 @@ defaultPref("browser.display.use_system_colors", false); // default, except Win pref("webgl.disabled", false); /** [SECTION] CERTIFICATES */ -defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs +pref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs /** * enable safe negotiation and show warning when it is not supported. might cause breakage * if the the server does not support RFC 5746, in tha case SSL_ERROR_UNSAFE_NEGOTIATION @@ -191,13 +191,13 @@ pref("security.ssl.treat_unsafe_negotiation_as_broken", true); * crlite is in mode 3 by default, which allows us to detect false positive with OCSP. * in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check. */ -defaultPref("security.remote_settings.crlite_filters.enabled", true); +pref("security.remote_settings.crlite_filters.enabled", true); pref("security.OCSP.require", true); // set to hard-fail, might cause SEC_ERROR_OCSP_SERVER_ERROR /** [SECTION] TLS/SSL */ pref("security.tls.enable_0rtt_data", false); // disable 0 RTT to improve tls 1.3 security pref("security.tls.version.enable-deprecated", false); // make TLS downgrades session only by enforcing it with pref(), default -defaultPref("browser.xul.error_pages.expert_bad_cert", true); // show relevant and advanced issues on warnings and error screens +pref("browser.xul.error_pages.expert_bad_cert", true); // show relevant and advanced issues on warnings and error screens /** [SECTION] PERMISSIONS */ pref("permissions.delegation.enabled", false); // force permission request to show real origin @@ -218,21 +218,21 @@ pref("browser.region.update.enabled", false); * disable search suggestion and do not update opensearch engines. */ -defaultPref("browser.urlbar.suggest.searches", false); -defaultPref("browser.search.suggest.enabled", false); -defaultPref("browser.search.update", false); -defaultPref("browser.search.separatePrivateDefault", true); // [FF70+] // Arkenfox user.js v119 -defaultPref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+] // Arkenfox user.js v119 -defaultPref("browser.urlbar.suggest.mdn", true); +pref("browser.urlbar.suggest.searches", false); +pref("browser.search.suggest.enabled", false); +pref("browser.search.update", false); +pref("browser.search.separatePrivateDefault", true); // [FF70+] // Arkenfox user.js v119 +pref("browser.search.separatePrivateDefault.ui.enabled", true); // [FF71+] // Arkenfox user.js v119 +pref("browser.urlbar.suggest.mdn", true); -defaultPref("browser.urlbar.addons.featureGate", false); -defaultPref("browser.urlbar.mdn.featureGate", false); -defaultPref("browser.urlbar.pocket.featureGate", false); -defaultPref("browser.urlbar.trending.featureGate", false); -defaultPref("browser.urlbar.weather.featureGate", false); +pref("browser.urlbar.addons.featureGate", false); +pref("browser.urlbar.mdn.featureGate", false); +pref("browser.urlbar.pocket.featureGate", false); +pref("browser.urlbar.trending.featureGate", false); +pref("browser.urlbar.weather.featureGate", false); // these are from Arkenfox, I decided to put them here. -defaultPref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox user.js v118 +pref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox user.js v118 /** @@ -241,34 +241,34 @@ defaultPref("browser.download.start_downloads_in_tmp_dir", true); // Arkenfox us * this also includes the best match feature, as it is part of firefox suggest. */ pref("browser.urlbar.quicksuggest.enabled", false); -defaultPref("browser.urlbar.suggest.weather", false); // disable weather suggestions in urlbar once they are no longer behind feature gate +pref("browser.urlbar.suggest.weather", false); // disable weather suggestions in urlbar once they are no longer behind feature gate /** [SECTION] DOWNLOADS * user interaction should always be required for downloads, as a way to enhance security by asking * the user to specific a certain save location. */ -defaultPref("browser.download.useDownloadDir", false); -defaultPref("browser.download.autohideButton", false); // do not hide download button automatically -defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents -defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction +pref("browser.download.useDownloadDir", false); +pref("browser.download.autohideButton", false); // do not hide download button automatically +pref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents +pref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction /** [SECTION] AUTOPLAY * block autoplay unless element is right-clicked. this means background videos, videos in a different tab, * or media opened while other media is played will not start automatically. * thumbnails will not autoplay unless hovered. exceptions can be set from the UI. */ -defaultPref("media.autoplay.default", 5); +pref("media.autoplay.default", 5); /** [SECTION] POP-UPS AND WINDOWS * prevent scripts from resizing existing windows and opening new ones, by forcing them into * new tabs that can't be resized as well. */ -defaultPref("dom.disable_window_move_resize", true); -defaultPref("browser.link.open_newwindow", 3); -defaultPref("browser.link.open_newwindow.restriction", 0); +pref("dom.disable_window_move_resize", true); +pref("browser.link.open_newwindow", 3); +pref("browser.link.open_newwindow.restriction", 0); /** [SECTION] MOUSE */ -defaultPref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mouse middle click on new tab button to trigger searches or page loads +pref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mouse middle click on new tab button to trigger searches or page loads @@ -279,16 +279,16 @@ defaultPref("browser.tabs.searchclipboardfor.middleclick", false); // prevent mo * is set to profile+applications (https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/). * an installation prompt should always be displayed. */ -//defaultPref("extensions.webextensions.restrictedDomains", ""); -defaultPref("extensions.enabledScopes", 5); // hidden -defaultPref("extensions.postDownloadThirdPartyPrompt", false); +//pref("extensions.webextensions.restrictedDomains", ""); +pref("extensions.enabledScopes", 5); // hidden +pref("extensions.postDownloadThirdPartyPrompt", false); /** * the pref disables quarantined domains. * this is a security feature, we should remove it with v116 as there will be a UI to control this per-extension. * unless we patch remote settings we rely on static dumps. this means even if we did not flip this pref it would * not make a difference at the moment. */ -defaultPref("extensions.quarantinedDomains.enabled", false); +pref("extensions.quarantinedDomains.enabled", false); /** [SECTION] SYSTEM * built-in extension are not allowed to auto-update. additionally the reporter extension @@ -296,7 +296,7 @@ defaultPref("extensions.quarantinedDomains.enabled", false); */ // Aminda questions the security of not automatically updating built-in extensions. pref("extensions.systemAddon.update.enabled", true); -//defaultPref("extensions.systemAddon.update.url", ""); +//pref("extensions.systemAddon.update.url", ""); lockPref("extensions.webcompat-reporter.enabled", false); lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); @@ -304,43 +304,43 @@ lockPref("extensions.webcompat-reporter.newIssueEndpoint", ""); * disable the default password manager built into the browser, including its autofill * capabilities and formless login capture. */ -defaultPref("signon.rememberSignons", false); -defaultPref("signon.autofillForms", false); -defaultPref("extensions.formautofill.addresses.enabled", false); -defaultPref("extensions.formautofill.creditCards.enabled", false); -defaultPref("signon.formlessCapture.enabled", false); +pref("signon.rememberSignons", false); +pref("signon.autofillForms", false); +pref("extensions.formautofill.addresses.enabled", false); +pref("extensions.formautofill.creditCards.enabled", false); +pref("signon.formlessCapture.enabled", false); /** [SECTION] CONTAINERS * enable containers and show the settings to control them in the stock ui */ -defaultPref("privacy.userContext.enabled", true); -defaultPref("privacy.userContext.ui.enabled", true); +pref("privacy.userContext.enabled", true); +pref("privacy.userContext.ui.enabled", true); /** [SECTION] DEVTOOLS * disable remote debugging. */ pref("devtools.debugger.remote-enabled", false); // default, but subject to branding so keep it -defaultPref("devtools.selfxss.count", 0); // required for devtools console to work +pref("devtools.selfxss.count", 0); // required for devtools console to work // Aminda has no idea what is that. /** [SECTION] SHOPPING * disable the fakespot shopping sidebar */ -defaultPref("browser.shopping.experience2023.enabled", false); -defaultPref("browser.shopping.experience2023.optedIn", 2); -defaultPref("browser.shopping.experience2023.active", false); +pref("browser.shopping.experience2023.enabled", false); +pref("browser.shopping.experience2023.optedIn", 2); +pref("browser.shopping.experience2023.active", false); /** [SECTION] OTHERS */ pref("webchannel.allowObject.urlWhitelist", ""); // remove web channel whitelist -defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) +pref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) /** [SECTION] NEW TAB PAGE * we want NTP to display nothing but the search bar without anything distracting. * the three prefs below are just for minimalism and they should be easy to revert for users. */ -defaultPref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); -defaultPref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); -defaultPref("browser.newtabpage.activity-stream.feeds.topsites", false); +pref("browser.newtabpage.activity-stream.section.highlights.includeDownloads", false); +pref("browser.newtabpage.activity-stream.section.highlights.includeVisited", false); +pref("browser.newtabpage.activity-stream.feeds.topsites", false); // hide stories and sponsored content from Firefox Home lockPref("browser.newtabpage.activity-stream.feeds.section.topstories", false); lockPref("browser.newtabpage.activity-stream.showSponsored", false); @@ -355,22 +355,22 @@ lockPref("browser.newtabpage.activity-stream.default.sites", ""); /** [SECTION] ABOUT * remove annoying ui elements from the about pages, including about:protections */ -defaultPref("browser.contentblocking.report.lockwise.enabled", false); +pref("browser.contentblocking.report.lockwise.enabled", false); lockPref("browser.contentblocking.report.hide_vpn_banner", true); lockPref("browser.contentblocking.report.vpn.enabled", false); lockPref("browser.contentblocking.report.show_mobile_app", false); lockPref("browser.vpn_promo.enabled", false); lockPref("browser.promo.focus.enabled", false); // ...about:addons recommendations sections and more -defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false); -defaultPref("extensions.getAddons.showPane", false); -defaultPref("lightweightThemes.getMoreURL", ""); // disable button to get more themes +pref("extensions.htmlaboutaddons.recommendations.enabled", false); +pref("extensions.getAddons.showPane", false); +pref("lightweightThemes.getMoreURL", ""); // disable button to get more themes // ...about:preferences#home -defaultPref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button +pref("browser.topsites.useRemoteSetting", false); // hide sponsored shortcuts button // ...and about:config -defaultPref("browser.aboutConfig.showWarning", false); +pref("browser.aboutConfig.showWarning", false); // hide about:preferences#moreFromMozilla -defaultPref("browser.preferences.moreFromMozilla", false); +pref("browser.preferences.moreFromMozilla", false); /** [SECTION] RECOMMENDED * disable all "recommend as you browse" activity. @@ -379,7 +379,7 @@ lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", f lockPref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); // Maybe Windows specific, but looks useful. -defaultPref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store +pref("network.protocol-handler.external.ms-windows-store", false); // prevent links from launching windows store lockPref("security.family_safety.mode", 2); // Remove pre-Win10-specific codepath // vim: filetype=javascript