From de21ffd178b3d9106de55de0216b4455e4b73ffb Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Thu, 9 Mar 2017 08:08:12 +1300 Subject: [PATCH] security.csp.experimentalEnabled --- user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/user.js b/user.js index b0f44eb..4ae61ab 100644 --- a/user.js +++ b/user.js @@ -1195,6 +1195,10 @@ user_pref("network.IDN_show_punycode", true); /* 2673: enforce CSP (Content Security Policy) (default is true) * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP ***/ user_pref("security.csp.enable", true); +/* 2674: enable CSP 1.1 experimental hash-source directive (FF29+) + * https://bugzilla.mozilla.org/show_bug.cgi?id=855326 + * https://bugzilla.mozilla.org/show_bug.cgi?id=883975 ***/ +user_pref("security.csp.experimentalEnabled", true); /*** 2697: USER AGENT (UA) SPOOFING Spoofing your UA to *LOWER* entropy *does* *not* *work*. It may even cause site breakage