colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: firefox: tune user.js settings

Browse Source
This commit is contained in:
Colin
2024-12-02 18:45:09 +00:00
parent bdfd0a8901
commit b4823f0c41
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/common/programs/firefox/user.js
View File

@@ -15,12 +15,24 @@
// - number
// anything else (e.g. arrays, objects) MUST be represented as strings (use backticks for multiline/raw strings)
///// RESET UNWANTED ARKENFOX CHANGES
// browser.sessionstore.privacy_level: 0, 1, 2
// 0: persist partially-filled forms to disk, across browser restarts
defaultPref("browser.sessionstore.privacy_level", 0);
// enable 0-round-trip TLS resumption, at the expense that MITM can replay the client's first packet.
defaultPref("security.tls.enable_0rtt_data", true);
// OCSP queries SSL cert revocation status on every connect; that means letting a 3rd party know every site you visit.
// disable that, how in hell is that good for privacy.
// N.B.: i'm pretty sure this keeps CRlite enabled, which is the better implementation of cert revocation (i.e. performed locally).
// see: <https://blog.mozilla.org/security/2020/01/09/crlite-part-1-all-web-pki-revocations-compressed/>
defaultPref("security.OCSP.enabled", 0);
// if we can't query the revocation status of a SSL cert because the issuer is offline,
// treat it as unrevoked.
// see: <https://librewolf.net/docs/faq/#im-getting-sec_error_ocsp_server_error-what-can-i-do>
defaultPref("security.OCSP.require", false);
// kinda weird to send ALL my domain connections to a 3rd party server, just disable OCSP
defaultPref("security.OCSP.enabled", 0);
defaultPref("browser.display.use_system_colors", true);
// i think this is the thing which greys out download buttons for N milliseconds
defaultPref("security.dialog_enable_delay", 0);
// DISABLE DNS OVER HTTPS; use the system resolver.
defaultPref("network.trr.mode", 5);
@@ -28,6 +40,9 @@ defaultPref("network.trr.mode", 5);
// enable webGL
defaultPref("webgl.disabled", false);
// use the system PDF viewer: it's there for a reason
defaultPref("pdfjs.disabled", true);
// scrollbar configuration, see: <https://artemis.sh/2023/10/12/scrollbars.html>
// style=4 gives rectangular scrollbars
// could also enable "always show scrollbars" in about:preferences -- not sure what the actual pref name for that is