firefox: apparently HTTPS Only mode can be set here contrary to the documentation

Also generic hardening(?)
2024-11-10 02:29:22 +01:00 · 2024-05-16 15:03:01 +03:00 · 2024-05-16 15:03:01 +03:00 · 5158b52da4
commit 5158b52da4
parent 83d53b8c17
2 changed files with 42 additions and 0 deletions
--- a/etc/firefox/policies/README.md
+++ b/etc/firefox/policies/README.md
@ -13,6 +13,7 @@ per whatever I am doing.
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->

 - [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
+- [General warning](#general-warning)
 - [Extensions](#extensions)
  - [Privacy Badger](#privacy-badger)
    - [Duplicate](#duplicate)
@ -33,6 +34,12 @@ This file takes priority over
 `/usr/share/librewolf/distribution/policies.json` so don't apply this or
 a lot of LibreWolf specific customizations stops being in force.

+## General warning
+
+This is meant for me and devices I maintain for self-dogfooding so there are
+opinions. Including those Firefox won't accept and will appear as warnings or
+errors in `about:config` depending on the release channel or even all of them.
+
 ## Extensions

 They are mostly self-explanatory.
--- a/etc/firefox/policies/policies.json
+++ b/etc/firefox/policies/policies.json
@ -251,6 +251,16 @@
        "Type": "boolean",
        "Value": false
      },
+      "dom.block_download_insecure": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "dom.security.https_only_mode": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
      "extensions.webextensions.restrictedDomains": {
        "Status": "locked",
        "Type": "string",
@ -351,6 +361,26 @@
        "Type": "string",
        "Value": "#ffb700"
      },
+      "privacy.donottrackheader.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "privacy.donottrackheader.value": {
+        "Status": "locked",
+        "Type": "number",
+        "Value": 1
+      },
+      "privacy.globalprivacycontrol.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
+      "privacy.globalprivacycontrol.functionality.enabled": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
      "security.OCSP.require": {
        "Status": "locked",
        "Type": "boolean",
@ -366,6 +396,11 @@
        "Type": "boolean",
        "Value": true
      },
+      "security.ssl.enable_ocsp_must_staple": {
+        "Status": "locked",
+        "Type": "boolean",
+        "Value": true
+      },
      "security.ssl.enable_ocsp_stapling": {
        "Status": "locked",
        "Type": "boolean",