v100 (#1423 )

v100 deprecated
https://bugzilla.mozilla.org/1752621 - replaced with network.http.http2* prefs
2025-09-01 09:28:31 +02:00 · 2022-05-09 18:49:38 +00:00 · 2022-05-05 23:33:44 +00:00 · 2022-04-09 09:45:45 +00:00 · 2022-04-08 21:30:22 +00:00 · 2022-04-08 21:28:16 +00:00
4 changed files with 30 additions and 16 deletions
--- a/prefsCleaner.sh
+++ b/prefsCleaner.sh
--- a/scratchpad-scripts/arkenfox-cleanup.js
+++ b/scratchpad-scripts/arkenfox-cleanup.js
@ -3,7 +3,7 @@
  - removed from the arkenfox user.js
  - deprecated by Mozilla but listed in the arkenfox user.js in the past

-  Last updated: 9-February-2022
+  Last updated: 5-May-2022

  Instructions:
  - [optional] close Firefox and backup your profile
@ -35,7 +35,12 @@
    /* FF92+ */
    'browser.urlbar.suggest.quicksuggest', // 95
    'dom.securecontext.whitelist_onions', // 97
+    'network.http.spdy.enabled', // 100
+    'network.http.spdy.enabled.deps',
+    'network.http.spdy.enabled.http2',
+    'network.http.spdy.websockets',
    'layout.css.font-visibility.level', // 94
+    'security.csp.enable', // 99
    'security.ssl3.rsa_des_ede3_sha', // 93
    /* FF79-91 */
    'browser.cache.offline.storage.enable',
--- a/updater.sh
+++ b/updater.sh
@ -2,7 +2,7 @@

 ## arkenfox user.js updater for macOS and Linux

-## version: 3.3
+## version: 3.4
 ## Author: Pat Johnson (@overdodactyl)
 ## Additional contributors: @earthlng, @ema-pe, @claustromaniac

@ -106,7 +106,7 @@ Optional Arguments:
 download_file() { # expects URL as argument ($1)
  declare -r tf=$(mktemp)

-  $DOWNLOAD_METHOD "${tf}" "$1" && echo "$tf" || echo '' # return the temp-filename or empty string on error
+  $DOWNLOAD_METHOD "${tf}" "$1" &>/dev/null && echo "$tf" || echo '' # return the temp-filename or empty string on error
 }

 open_file() { # expects one argument: file_path
--- a/user.js
+++ b/user.js
@ -1,7 +1,7 @@
 /******
 *    name: arkenfox user.js
-*    date: 10 March 2022
-* version: 98
+*    date: 9 May 2022
+* version: 100
 *     url: https://github.com/arkenfox/user.js
 * license: MIT: https://github.com/arkenfox/user.js/blob/master/LICENSE.txt

@ -741,6 +741,9 @@ user_pref("browser.download.useDownloadDir", false);
 user_pref("browser.download.alwaysOpenPanel", false);
 /* 2653: disable adding downloads to the system's "recent documents" list ***/
 user_pref("browser.download.manager.addToRecentDocs", false);
+/* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+]
+ * [SETTING] General>Files and Applications>What should Firefox do with other files ***/
+user_pref("browser.download.always_ask_before_handling_new_types", true);

 /** EXTENSIONS ***/
 /* 2660: lock down allowed extension directories
@ -854,7 +857,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
    418986 - limit window.screen & CSS media queries (FF41)
      [TEST] https://arkenfox.github.io/TZP/tzp.html#screen
   1281949 - spoof screen orientation (FF50)
-   1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50)
+   1281963 - hide the contents of navigator.plugins and navigator.mimeTypes (FF50-99)
      FF53: fixes GetSupportedNames in nsMimeTypeArray and nsPluginArray (1324044)
   1330890 - spoof timezone as UTC0 (FF55)
   1360039 - spoof navigator.hardwareConcurrency as 2 (FF55)
@ -899,6 +902,7 @@ user_pref("privacy.sanitize.timeSpan", 0);
   1461454 - spoof smooth=true and powerEfficient=false for supported media in MediaCapabilities (FF82)
 FF91+
    531915 - use fdlibm's sin, cos and tan in jsmath (FF93, ESR91.1)
+   1756280 - enforce navigator.pdfViewerEnabled as true and plugins/mimeTypes as hard-coded values (FF100)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting [FF41+]
@ -1081,9 +1085,6 @@ user_pref("extensions.blocklist.enabled", true); // [DEFAULT: true]
 /* 6002: enforce no referer spoofing
 * [WHY] Spoofing can affect CSRF (Cross-Site Request Forgery) protections ***/
 user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
-/* 6003: enforce CSP (Content Security Policy)
- * [1] https://developer.mozilla.org/docs/Web/HTTP/CSP ***/
-user_pref("security.csp.enable", true); // [DEFAULT: true]
 /* 6004: enforce a security delay on some confirmation dialogs such as install, open/save
 * [1] https://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ***/
 user_pref("security.dialog_enable_delay", 1000); // [DEFAULT: 1000]
@ -1176,13 +1177,6 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] Defaults are fine. They can be overridden by a site-controlled Referrer Policy ***/
   // user_pref("network.http.referer.defaultPolicy", 2); // [DEFAULT: 2]
   // user_pref("network.http.referer.defaultPolicy.pbmode", 2); // [DEFAULT: 2]
-/* 7009: disable HTTP2
- * [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
- * [1] https://w3techs.com/technologies/details/ce-http2/all/all ***/
-   // user_pref("network.http.spdy.enabled", false);
-   // user_pref("network.http.spdy.enabled.deps", false);
-   // user_pref("network.http.spdy.enabled.http2", false);
-   // user_pref("network.http.spdy.websockets", false); // [FF65+]
 /* 7010: disable HTTP Alternative Services [FF37+]
 * [WHY] Already isolated with network partitioning (FF85+) ***/
   // user_pref("network.http.altsvc.enabled", false);
@ -1211,6 +1205,7 @@ user_pref("_user.js.parrot", "7000 syntax error: the parrot's pushing up daisies
 * [WHY] Arkenfox only supports strict (2701) which sets these at runtime ***/
   // user_pref("network.cookie.cookieBehavior", 5);
   // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault", true);
+   // user_pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // [FF100+]
   // user_pref("privacy.partition.network_state.ocsp_cache", true);
   // user_pref("privacy.trackingprotection.enabled", true);
   // user_pref("privacy.trackingprotection.socialtracking.enabled", true);
@ -1353,6 +1348,20 @@ user_pref("app.update.background.scheduling.enabled", false);
 // 7006: onions - replaced by new 7006 "allowlist"
   // [-] https://bugzilla.mozilla.org/1744006
   // user_pref("dom.securecontext.whitelist_onions", true); // 1382359
+// FF99
+// 6003: enforce CSP (Content Security Policy)
+   // [1] https://developer.mozilla.org/docs/Web/HTTP/CSP
+   // [-] https://bugzilla.mozilla.org/1754301
+user_pref("security.csp.enable", true); // [DEFAULT: true]
+// FF100
+// 7009: disable HTTP2 - replaced by network.http.http2* prefs
+   // [WHY] Passive fingerprinting. ~50% of sites use HTTP2 [1]
+   // [1] https://w3techs.com/technologies/details/ce-http2/all/all
+   // [-] https://bugzilla.mozilla.org/1752621
+   // user_pref("network.http.spdy.enabled", false);
+   // user_pref("network.http.spdy.enabled.deps", false);
+   // user_pref("network.http.spdy.enabled.http2", false);
+   // user_pref("network.http.spdy.websockets", false); // [FF65+]
 // ***/

 /* END: internal custom pref to test for syntax errors ***/
Author	SHA1	Message	Date
Thorin-Oakenpants	d6b26e7558	v100 (#1423 )	2022-05-09 18:49:38 +00:00
Thorin-Oakenpants	7ff46e02dd	v100 deprecated https://bugzilla.mozilla.org/1752621 - replaced with network.http.http2* prefs	2022-05-05 23:33:44 +00:00
fabrizio	4ff931781a	Merge pull request #1419 from arkenfox/v99 v99	2022-04-09 09:45:45 +00:00
Thorin-Oakenpants	9aae0a62b0	tidy deprecated, misc RFP changes	2022-04-08 21:30:22 +00:00
Thorin-Oakenpants	eb98f06d69	security.csp.enable https://bugzilla.mozilla.org/1754301	2022-04-08 21:28:16 +00:00
fxbrit	81561840a1	deprecate security.csp.enable	2022-04-08 11:43:39 +02:00
i-c-u-p	64bc683c3f	Made prefsCleaner.sh executable (#1416 ) Changed permissions of prefsCleaner.sh from 644 to 755 to be able to run it via "./prefsCleaner.sh" with out first executing "chmod +x prefsCleaner.sh".	2022-04-08 07:03:43 +00:00
earthlng	b4225baaf2	Update updater.sh	2022-03-19 07:47:46 +00:00
matthias-z	e00497fd51	Fix newline issue when downloading files in updater.sh (#1397 )	2022-03-19 07:46:08 +00:00