1
0

minor edits

This commit is contained in:
Thorin-Oakenpants 2018-02-06 23:50:30 +00:00 committed by GitHub
parent a290b3ad3d
commit ca11a88189
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -844,9 +844,9 @@ user_pref("gfx.font_rendering.graphite.enabled", false);
// user_pref("font.system.whitelist", ""); // (hidden pref) // user_pref("font.system.whitelist", ""); // (hidden pref)
/*** 1600: HEADERS / REFERERS /*** 1600: HEADERS / REFERERS
Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Only *cross domain* referers need controlling and XOriginPolicy (1603) is perfect for that. Thus we enforce
Thus we enforce the default values for 1601, 1602, 1605 and 1606 to minimize breakage, the default values for 1601, 1602, 1605 and 1606 to minimize breakage, and only tweak 1603 and 1604.
and only tweak 1603 (+1604).
Our default settings provide the best balance between protection and amount of breakage. Our default settings provide the best balance between protection and amount of breakage.
To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2). To harden it a bit more you can set XOriginPolicy (1603) to 2 (+ optionally 1604 to 1 or 2).
To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config, To fix broken sites, temporarily set XOriginPolicy=0 and XOriginTrimmingPolicy=2 in about:config,