1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
diff --git a/settings/librewolf.cfg b/settings/librewolf.cfg
index 9b60c51..de990d5 100644
--- a/settings/librewolf.cfg
+++ b/settings/librewolf.cfg
@@ -91,14 +91,14 @@ lockPref("general.config.filename", "librewolf.cfg");
// http://kb.mozillazine.org/Network.cookie.cookieBehavior#1
// Blocking 3rd-party cookies breaks a number of payment gateways
// CIS 2.5.1
-lockPref("network.cookie.cookieBehavior", 1);
+defaultPref("network.cookie.cookieBehavior", 1);
// Pref : Cookies expire at the end of the session (when the browser closes)
// http://kb.mozillazine.org/Network.cookie.lifetimePolicy#2
// 0=until they expire (default)
// 2=until you close Firefox
// 3=for n days
-lockPref("network.cookie.lifetimePolicy", 2);
+defaultPref("network.cookie.lifetimePolicy", 0);
// Pref : Disable Cookie Exception Button
// WARNING Bug !!! This locks the button regardless of its value
@@ -120,7 +120,7 @@ lockPref("network.cookie.leave-secure-alone", true); // default: true
// nonsecureSessionOnly=true. This allows you to keep HTTPS cookies, but session-only HTTP ones
// [1] https://feeding.cloud.geek.nz/posts/tweaking-cookies-for-privacy-in-firefox/
// [2] http://kb.mozillazine.org/Network.cookie.thirdparty.sessionOnly
-lockPref("network.cookie.thirdparty.sessionOnly", true); // default : false
+defaultPref("network.cookie.thirdparty.sessionOnly", true); // default : false
lockPref("network.cookie.thirdparty.nonsecureSessionOnly", true); // (FF58+) // default false
// Also check "User Settings : Track Protection" for other cookies settings
@@ -289,6 +289,8 @@ defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
// Pref : Defaulting Settings : Does not remember history
defaultPref("places.history.enabled", false);
+// w.r. to issue #54
+defaultPref("places.history.expiration.max_pages", 2147483647)
// Pref : Settings history settings to custom by default
defaultPref("privacy.history.custom", true);
@@ -360,10 +362,10 @@ lockPref("browser.sessionstore.interval", 60000);
// ----------------------------------------------------------------------------------------------------
// Pref : Forms auto fill
-lockPref("extensions.formautofill.addresses.enabled", false);
-lockPref("extensions.formautofill.available", "off");
-lockPref("extensions.formautofill.creditCards.enabled", false);
-lockPref("extensions.formautofill.heuristics.enabled", false);
+defaultPref("extensions.formautofill.addresses.enabled", false);
+defaultPref("extensions.formautofill.available", "off");
+defaultPref("extensions.formautofill.creditCards.enabled", false);
+defaultPref("extensions.formautofill.heuristics.enabled", false);
// Pref : Require manual intervention to autofill known username/passwords in sign-in forms
// http://kb.mozillazine.org/Signon.autofillForms
@@ -761,13 +763,13 @@ lockPref("dom.w3c_pointer_events.enabled", false);
// Pref : Enable hardening against various fingerprinting vectors (Tor Uplift project)
// https://wiki.mozilla.org/Security/Tor_Uplift/Tracking
// https://bugzilla.mozilla.org/show_bug.cgi?id=1333933
-lockPref("privacy.resistFingerprinting", true);
+defaultPref("privacy.resistFingerprinting", true);
// Pref : 4503 : disable mozAddonManager Web API (FF57+)
// [NOTE] As a side-effect in FF57-59 this allowed extensions to work on AMO. In FF60+ you also need
// to sanitize or clear extensions.webextensions.restrictedDomains (see 2662) to keep that side-effect
// [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1384330,1406795,1415644,1453988
-lockPref("privacy.resistFingerprinting.block_mozAddonManager", true);
+defaultPref("privacy.resistFingerprinting.block_mozAddonManager", true);
// >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
// Section : Locale/Time/UserAgent
@@ -793,11 +795,11 @@ lockPref("intl.regional_prefs.use_os_locales", false);
// Pref : Locale and useragent.
// Already applied by resistFingerprinting ?
-lockPref("intl.locale.requested", "en-US");
+defaultPref("intl.locale.requested", "en-US");
// Pref : Spoof User-agent (re-enabled)
// See https://gitlab.com/librewolf-community/librewolf/issues/26
-lockPref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0, 45");
+defaultPref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0, 45");
// Pref : This does not work with resistFingerprinting. Still needed for ESR.
lockPref("general.appname.override", "Netscape");
@@ -1077,7 +1079,8 @@ lockPref("extensions.webextensions.identity.redirectDomain", "");
// Pref : CSP Settings For Extensions I/II : Extension Firewall Feature
// Uncomment to disable network for the extensions
// Enable-Firewall-Feature-In-The-Next-Line extensions-firewall >>>>>>
-lockPref("extensions.webextensions.base-content-security-policy", "default-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; script-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' moz-extension: blob: filesystem:;");
+// defaultPref("extensions.webextensions.base-content-security-policy", "default-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; script-src 'self' moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' moz-extension: blob: filesystem:;");
+defaultPref("extensions.webextensions.base-content-security-policy", "script-src 'self' https://* moz-extension: blob: filesystem: 'unsafe-eval' 'unsafe-inline'; object-src 'self' https://* moz-extension: blob: filesystem:;");
// Pref : CSP Settings For Extensions II/II : Extension Firewall Feature
// This value is applied after the first one (just ignore this)
@@ -1419,22 +1422,22 @@ lockPref("extensions.getAddons.compatOverides.url", "");
// https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE%
// Pref :
-lockPref("extensions.getAddons.get.url", "");
+defaultPref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE%");
// Default Value
// https://services.addons.mozilla.org/api/v3/addons/search/?guid=%IDS%&lang=%LOCALE%
// Pref :
-lockPref("extensions.getAddons.langpacks.url", "");
+defaultPref("extensions.getAddons.langpacks.url", "https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION%");
// Default Value
// https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION%
// Pref :
-lockPref("extensions.getAddons.link.url", "");
+defaultPref("extensions.getAddons.link.url", "https://addons.mozilla.org/%LOCALE%/firefox/");
// Default Value
// https://addons.mozilla.org/%LOCALE%/firefox/
// Pref :
-lockPref("extensions.getAddons.search.browseURL", "");
+defaultPref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%");
// Default Value
// https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
@@ -1469,7 +1472,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
// https://accounts.firefox.com/
// Pref :
-lockPref("extensions.update.url", "");
+defaultPref("extensions.update.url", "https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%");
// Default Value
// https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=
// %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=
@@ -2065,7 +2068,7 @@ lockPref("app.releaseNotesURL", "");
// Pref :
lockPref("app.update.auto", false);
-lockPref("extensions.update.autoUpdateDefault", false);
+defaultPref("extensions.update.autoUpdateDefault", false);
lockPref("app.update.staging.enabled", false);
lockPref("app.update.silent", false);
lockPref("app.update.lastUpdateTime.telemetry_modules_ping", 0);
@@ -2178,10 +2181,10 @@ lockPref("extensions.blocklist.itemURL", "");
lockPref("extensions.blocklist.url", "");
// Pref :
-lockPref("extensions.update.background.url", "");
+defaultPref("extensions.update.background.url", "https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%¤tAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%");
// Pref :
-lockPref("extensions.getAddons.showPane", false);
+defaultPref("extensions.getAddons.showPane", false);
// Pref :
lockPref("extensions.webservice.discoverURL", "");
@@ -2473,7 +2476,7 @@ lockPref("security.dialog_enable_delay", 700);
// Pref : Opt-out of add-on metadata updates
// https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/
-lockPref("extensions.getAddons.cache.enabled", false);
+defaultPref("extensions.getAddons.cache.enabled", false);
// Pref : Opt-out of theme (Persona) updates
// https://support.mozilla.org/t5/Firefox/how-do-I-prevent-autoamtic-updates-in-a-50-user-environment/td-p/144287
@@ -2506,7 +2509,7 @@ lockPref("plugin.sessionPermissionNow.intervalInMinutes", 0);
// Pref : Update addons automatically
// https://blog.mozilla.org/addons/how-to-turn-off-add-on-updates/
-lockPref("extensions.update.enabled", false);
+defaultPref("extensions.update.enabled", false);
// Pref : Enable add-on and certificate blocklists (OneCRL) from Mozilla
// Updated at interval defined in extensions.blocklist.interval (default: 86400)
@@ -3230,4 +3233,4 @@ lockPref("security.tls.unrestricted_rc4_fallback", false);
//lockPref("toolkit.telemetry.unifiedIsOptIn", true);
//lockPref("ui.key.menuAccessKey", 0);
//lockPref("view_source.tab", false);
-lockPref("xpinstall.signatures.required", false);
+defaultPref("xpinstall.signatures.required", true);
|