s83/user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-04-30 14:03:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

move referer.XOriginPolicy to optional hardening #1707

Browse source
This commit is contained in:
Thorin-Oakenpants 2023-08-26 07:42:07 +00:00 committed by GitHub
parent 36e0e9bf88
commit ddb5acf3ec
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
user.js
View file

@ -18,7 +18,6 @@
* Some site breakage and unintended consequences will happen. Everyone's experience will differ * Some site breakage and unintended consequences will happen. Everyone's experience will differ
e.g. some user data is erased on exit (section 2800), change this to suit your needs e.g. some user data is erased on exit (section 2800), change this to suit your needs
* While not 100% definitive, search for "[SETUP" tags * While not 100% definitive, search for "[SETUP" tags
e.g. third party images/videos not loading on some sites? check 1601
5. Some tag info 5. Some tag info
[SETUP-SECURITY] it's one item, read it [SETUP-SECURITY] it's one item, read it
[SETUP-WEB] can cause some websites to break [SETUP-WEB] can cause some websites to break
@ -48,7 +47,7 @@
1000: DISK AVOIDANCE 1000: DISK AVOIDANCE
1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP) 1200: HTTPS (SSL/TLS / OCSP / CERTS / HPKP)
1400: FONTS 1400: FONTS
1600: HEADERS / REFERERS 1600: REFERERS
1700: CONTAINERS 1700: CONTAINERS
2000: PLUGINS / MEDIA / WEBRTC 2000: PLUGINS / MEDIA / WEBRTC
2400: DOM (DOCUMENT OBJECT MODEL) 2400: DOM (DOCUMENT OBJECT MODEL)
@ -515,18 +514,13 @@ user_pref("_user.js.parrot", "1400 syntax error: the parrot's bereft of life!");
// user_pref("layout.css.font-visibility.standard", 1); // user_pref("layout.css.font-visibility.standard", 1);
// user_pref("layout.css.font-visibility.trackingprotection", 1); // user_pref("layout.css.font-visibility.trackingprotection", 1);
/*** [SECTION 1600]: HEADERS / REFERERS /*** [SECTION 1600]: REFERERS
full URI: https://example.com:8888/foo/bar.html?id=1234 full URI: https://example.com:8888/foo/bar.html?id=1234
scheme+host+port+path: https://example.com:8888/foo/bar.html scheme+host+port+path: https://example.com:8888/foo/bar.html
scheme+host+port: https://example.com:8888 scheme+host+port: https://example.com:8888
[1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/ [1] https://feeding.cloud.geek.nz/posts/tweaking-referrer-for-privacy-in-firefox/
***/ ***/
user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!"); user_pref("_user.js.parrot", "1600 syntax error: the parrot rests in peace!");
/* 1601: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [SETUP-WEB] Breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram
* If "2" is too strict, then override to "0" and use Smart Referer extension (Strict mode + add exceptions) ***/
user_pref("network.http.referer.XOriginPolicy", 2);
/* 1602: control the amount of cross-origin information to send [FF52+] /* 1602: control the amount of cross-origin information to send [FF52+]
* 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/ * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
user_pref("network.http.referer.XOriginTrimmingPolicy", 2); user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
@ -979,6 +973,10 @@ user_pref("_user.js.parrot", "5500 syntax error: this is an ex-parrot!");
* [TEST] https://ipleak.org/ * [TEST] https://ipleak.org/
* [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/ * [1] https://www.internetsociety.org/tag/ipv6-security/ (Myths 2,4,5,6) ***/
// user_pref("network.dns.disableIPv6", true); // user_pref("network.dns.disableIPv6", true);
/* 5510: control when to send a cross-origin referer
* 0=always (default), 1=only if base domains match, 2=only if hosts match
* [NOTE] Will cause breakage: older modems/routers and some sites e.g banks, vimeo, icloud, instagram ***/
// user_pref("network.http.referer.XOriginPolicy", 2);
/*** [SECTION 6000]: DON'T TOUCH ***/ /*** [SECTION 6000]: DON'T TOUCH ***/
user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!"); user_pref("_user.js.parrot", "6000 syntax error: the parrot's 'istory!");
@ -1074,7 +1072,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
// user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006 // user_pref("dom.securecontext.allowlist_onions", true); // [FF97+] 1382359/1744006
// user_pref("network.http.referer.hideOnionSource", true); // 1305144 // user_pref("network.http.referer.hideOnionSource", true); // 1305144
/* 7007: referers /* 7007: referers
* [WHY] Only cross-origin referers (1600s) need control ***/ * [WHY] Only cross-origin referers (1602, 5510) matter ***/
// user_pref("network.http.sendRefererHeader", 2); // user_pref("network.http.sendRefererHeader", 2);
// user_pref("network.http.referer.trimmingPolicy", 0); // user_pref("network.http.referer.trimmingPolicy", 0);
/* 7008: set the default Referrer Policy [FF59+] /* 7008: set the default Referrer Policy [FF59+]