firefox: apparently HTTPS Only mode can be set here contrary to the documentation

Also generic hardening(?)
This commit is contained in:
Aminda Suomalainen 2024-05-16 15:03:01 +03:00
parent 83d53b8c17
commit 5158b52da4
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
2 changed files with 42 additions and 0 deletions

View File

@ -13,6 +13,7 @@ per whatever I am doing.
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
- [General warning](#general-warning)
- [Extensions](#extensions)
- [Privacy Badger](#privacy-badger)
- [Duplicate](#duplicate)
@ -33,6 +34,12 @@ This file takes priority over
`/usr/share/librewolf/distribution/policies.json` so don't apply this or
a lot of LibreWolf specific customizations stops being in force.
## General warning
This is meant for me and devices I maintain for self-dogfooding so there are
opinions. Including those Firefox won't accept and will appear as warnings or
errors in `about:config` depending on the release channel or even all of them.
## Extensions
They are mostly self-explanatory.

View File

@ -251,6 +251,16 @@
"Type": "boolean",
"Value": false
},
"dom.block_download_insecure": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"dom.security.https_only_mode": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"extensions.webextensions.restrictedDomains": {
"Status": "locked",
"Type": "string",
@ -351,6 +361,26 @@
"Type": "string",
"Value": "#ffb700"
},
"privacy.donottrackheader.enabled": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"privacy.donottrackheader.value": {
"Status": "locked",
"Type": "number",
"Value": 1
},
"privacy.globalprivacycontrol.enabled": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"privacy.globalprivacycontrol.functionality.enabled": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"security.OCSP.require": {
"Status": "locked",
"Type": "boolean",
@ -366,6 +396,11 @@
"Type": "boolean",
"Value": true
},
"security.ssl.enable_ocsp_must_staple": {
"Status": "locked",
"Type": "boolean",
"Value": true
},
"security.ssl.enable_ocsp_stapling": {
"Status": "locked",
"Type": "boolean",