From 36c11cb5d40e04e7af92064db7f791cca669f4a7 Mon Sep 17 00:00:00 2001 From: earthlng Date: Sat, 5 May 2018 20:14:57 +0200 Subject: [PATCH] 2600: downloads + extensions regroup (#417) * 2600: downloads + extensions regroup * fixup --- user.js | 73 ++++++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 35 deletions(-) diff --git a/user.js b/user.js index 91cbf08..44b43ed 100644 --- a/user.js +++ b/user.js @@ -1212,18 +1212,9 @@ user_pref("_user.js.parrot", "2600 syntax error: the parrot's run down the curta /* 2601: disable sending additional analytics to web servers * [1] https://developer.mozilla.org/docs/Web/API/Navigator/sendBeacon ***/ user_pref("beacon.enabled", false); -/* 2602: discourage downloading to desktop (0=desktop 1=downloads 2=last used) - * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ -user_pref("browser.download.folderList", 2); -/* 2603: enforce user interaction for security by always asking the user where to download ***/ -user_pref("browser.download.useDownloadDir", false); /* 2604: remove temp files opened with an external application * [1] https://bugzilla.mozilla.org/302433 ***/ user_pref("browser.helperApps.deleteTempFileOnExit", true); -/* 2605: disable adding downloads to the system's "recent documents" list ***/ -user_pref("browser.download.manager.addToRecentDocs", false); -/* 2606: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ -user_pref("browser.download.hide_plugins_without_extensions", false); /* 2607: disable page thumbnail collection * look in profile/thumbnails directory - you may want to clean that out ***/ user_pref("browser.pagethumbnails.capturing_disabled", true); // (hidden pref) @@ -1241,9 +1232,6 @@ user_pref("permissions.manager.defaultsUrl", ""); user_pref("devtools.webide.autoinstallADBHelper", false); user_pref("devtools.debugger.remote-enabled", false); user_pref("devtools.webide.enabled", false); -/* 2613: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) - * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ - // user_pref("extensions.webextensions.restrictedDomains", ""); /* 2617: enable Firefox's built-in PDF reader [SETUP] * [SETTING] General>Applications>Portable Document Format (PDF) * [SETTING-ESR52] Applications>Portable Document Format (PDF) @@ -1267,16 +1255,6 @@ user_pref("network.http.redirection-limit", 10); * [1] https://trac.torproject.org/projects/tor/ticket/10089 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/ user_pref("middlemouse.contentLoadURL", false); -/* 2621: enable warning when websites try to install extensions - * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons - * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ -user_pref("xpinstall.whitelist.required", true); // default: true -/* 2625: clear localStorage and UUID when an extension is uninstalled - * [NOTE] Both preferences must be the same - * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local - * [2] https://bugzilla.mozilla.org/1213990 ***/ -user_pref("extensions.webextensions.keepStorageOnUninstall", false); -user_pref("extensions.webextensions.keepUuidOnUninstall", false); /* 2626: disable optional user agent token * [1] https://developer.mozilla.org/docs/Web/HTTP/Headers/User-Agent/Firefox ***/ user_pref("general.useragent.compatMode.firefox", false); // default: false @@ -1299,12 +1277,6 @@ user_pref("browser.tabs.remote.allowLinkedWebInFileUriProcess", false); * [SETTING] to add site exceptions: Page Info>Permissions>Override Keyboard Shortcuts * [NOTE] At the time of writing, causes issues with delete and backspace keys ***/ // user_pref("permissions.default.shortcuts", 2); // 0 (default) or 1=allow, 2=block -/* 2662: disable "open with" in download dialog (FF50+) - * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) - * in such a way that it is forbidden to run external applications. - * [SETUP] This may interfere with some users' workflow or methods - * [1] https://bugzilla.mozilla.org/1281959 ***/ -user_pref("browser.download.forbid_open_with", true); /* 2663: disable MathML (Mathematical Markup Language) (FF51+) * [TEST] http://browserspy.dk/mathml.php * [1] https://bugzilla.mozilla.org/1173199 ***/ @@ -1318,12 +1290,6 @@ user_pref("webchannel.allowObject.urlWhitelist", ""); * [SETTING] Devtools>Advanced Settings>Enable browser chrome and add-on debugging toolboxes * [1] https://github.com/pyllyukko/user.js/issues/179#issuecomment-246468676 ***/ user_pref("devtools.chrome.enabled", false); -/* 2668: lock down allowed extension directories - * [WARNING] This will break extensions that do not use the default XPI directories - * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ - * [1] archived: https://archive.is/DYjAM ***/ -user_pref("extensions.enabledScopes", 1); // (hidden pref) -user_pref("extensions.autoDisableScopes", 15); /* 2671: disable in-content SVG (Scalable Vector Graphics) (FF53+) * [WARNING] SVG is fairly common (~15% of the top 10K sites), so will cause some breakage * including youtube player controls. Best left for "hardened" or specific profiles. @@ -1340,6 +1306,43 @@ user_pref("extensions.autoDisableScopes", 15); * [4] CVE-2017-5383: https://www.mozilla.org/security/advisories/mfsa2017-02/ * [5] https://www.xudongz.com/blog/2017/idn-phishing/ ***/ user_pref("network.IDN_show_punycode", true); +/** DOWNLOADS ***/ +/* 2640: discourage downloading to desktop (0=desktop 1=downloads 2=last used) + * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/ +user_pref("browser.download.folderList", 2); +/* 2641: enforce user interaction for security by always asking the user where to download ***/ +user_pref("browser.download.useDownloadDir", false); +/* 2642: disable adding downloads to the system's "recent documents" list ***/ +user_pref("browser.download.manager.addToRecentDocs", false); +/* 2643: disable hiding mime types (Options>General>Applications) not associated with a plugin ***/ +user_pref("browser.download.hide_plugins_without_extensions", false); +/* 2644: disable "open with" in download dialog (FF50+) + * This is very useful to enable when the browser is sandboxed (e.g. via AppArmor) + * in such a way that it is forbidden to run external applications. + * [SETUP] This may interfere with some users' workflow or methods + * [1] https://bugzilla.mozilla.org/1281959 ***/ +user_pref("browser.download.forbid_open_with", true); +/** EXTENSIONS ***/ +/* 2650: lock down allowed extension directories + * [WARNING] This will break extensions that do not use the default XPI directories + * [1] https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/ + * [1] archived: https://archive.is/DYjAM ***/ +user_pref("extensions.enabledScopes", 1); // (hidden pref) +user_pref("extensions.autoDisableScopes", 15); +/* 2651: clear localStorage and UUID when an extension is uninstalled + * [NOTE] Both preferences must be the same + * [1] https://developer.mozilla.org/Add-ons/WebExtensions/API/storage/local + * [2] https://bugzilla.mozilla.org/1213990 ***/ +user_pref("extensions.webextensions.keepStorageOnUninstall", false); +user_pref("extensions.webextensions.keepUuidOnUninstall", false); +/* 2652: disable webextension restrictions on certain mozilla domains (also see 4503) (FF60+) + * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ + // user_pref("extensions.webextensions.restrictedDomains", ""); +/* 2653: enable warning when websites try to install add-ons + * [SETTING] Privacy & Security>Permissions>Warn you when websites try to install add-ons + * [SETTING-ESR52] Security>General>Warn me when sites try to install add-ons ***/ +user_pref("xpinstall.whitelist.required", true); // default: true +/** SECURITY ***/ /* 2680: disable "image/" mime types bypassing CSP (FF51+) * [1] https://bugzilla.mozilla.org/1288361 ***/ user_pref("security.block_script_with_wrong_mime", true); @@ -1600,7 +1603,7 @@ user_pref("privacy.resistFingerprinting", true); // (hidden pref) (not hidden FF // user_pref("privacy.window.maxInnerHeight", 900); // (hidden pref) /* 4503: disable mozAddonManager Web API (FF57+) * [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need - * to sanitize or clear extensions.webextensions.restrictedDomains (see 2613) to keep that side-effect + * to sanitize or clear extensions.webextensions.restrictedDomains (see 2652) to keep that side-effect * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988 ***/ user_pref("privacy.resistFingerprinting.block_mozAddonManager", true); // (hidden pref)