61-beta

Use wget if curl is not available (#451 )
* Use wget if curl is not available On most GNU/Linux distributions wget is often preinstalled, while curl is not. * Bump updater.sh version
2025-09-01 17:38:30 +02:00 · 2018-07-06 12:25:41 +00:00 · 2018-07-06 14:06:01 +02:00 · 2018-07-05 15:32:19 +00:00 · 2018-07-05 10:16:20 +00:00 · 2018-07-04 16:49:26 +00:00
3 changed files with 118 additions and 88 deletions
--- a/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js
+++ b/scratchpad-scripts/ghacks-clear-FF60inclusive-[removed].js
@ -1,6 +1,7 @@
 /***
- This will reset the preferences that have been removed completely
+ This will reset the preferences that have been removed completely from the ghacks user.js.
- from the ghacks user.js up to and including release 60-beta
+
 Last updated: 03-Jun-2018
 For instructions see:
 https://github.com/ghacksuserjs/ghacks-user.js/wiki/3.1-Resetting-Inactive-Prefs-[Scripts]
@ -85,6 +86,19 @@
    'security.block_script_with_wrong_mime',
    'security.fileuri.strict_origin_policy',
    'security.sri.enable',
    /* 61-beta */
    'browser.laterrun.enabled',
    'browser.offline-apps.notify',
    'browser.rights.3.shown',
    'browser.slowStartup.maxSamples'
    'browser.slowStartup.notificationDisabled',
    'browser.slowStartup.samples',
    'browser.storageManager.enabled',
    'dom.allow_scripts_to_close_windows',
    'dom.disable_window_flip',
    'network.http.fast-fallback-to-IPv4',
    'offline-apps.quota.warn',
    'services.blocklist.signing.enforced',
    /* reset parrot: check your open about:config after running the script */
    '_user.js.parrot'
  ]
--- a/updater.sh
+++ b/updater.sh
@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 ### ghacks-user.js updater for Mac/Linux
-## author: @overdodactyl
+## author: @overdodactyl, @ema-pe
-## version: 1.3
+## version: 1.4
 ## DON'T GO HIGHER THAN VERSION x.9 !! ( because of ASCII comparison in check_for_update() )
@ -12,6 +12,15 @@ update_pref=${1:--ask}
 currdir=$(pwd)
 DOWNLOAD_TO_STDOUT="curl -s"
 DOWNLOAD_TO_FILE="curl -O"
 # Use wget if curl is not available.
 if [[ -z $(command -v "curl") ]]; then
  DOWNLOAD_TO_STDOUT="wget --quiet --output-document=-"
  DOWNLOAD_TO_FILE="wget"
 fi
 ## get the full path of this script (readlink for Linux, greadlink for Mac with coreutils installed)
 sfp=$(readlink -f "${BASH_SOURCE[0]}" 2>/dev/null || greadlink -f "${BASH_SOURCE[0]}" 2>/dev/null)
@ -24,7 +33,7 @@ cd "$(dirname "${sfp}")"
 ## Used to check if a new version of updater.sh is available
 update_available="no"
 check_for_update () {
-  online_version="$(curl -s ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')"
+  online_version="$($DOWNLOAD_TO_STDOUT ${updater} | sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p')"
  path_to_script="$(dirname "${sfp}")/updater.sh"
  current_version="$(sed -n '5 s/.*[[:blank:]]\([[:digit:]]*\.[[:digit:]]*\)/\1/p' "$path_to_script")"
  if [[ "$current_version" < "$online_version" ]]; then
@ -36,7 +45,7 @@ check_for_update () {
 update_script () {
  echo -e "This script will be backed up and the latest version of updater.sh will be executed.\n"
  mv updater.sh "updater.sh.backup.$(date +"%Y-%m-%d_%H%M")"
-  curl -O ${updater} && echo -e "\nThe latest updater script has been downloaded\n"
+  $DOWNLOAD_TO_FILE ${updater} && echo -e "\nThe latest updater script has been downloaded\n"
  # make new file executable
  chmod +x updater.sh
@ -60,7 +69,7 @@ main () {
  if [ -e user.js ]; then
    echo "Your current user.js file for this profile will be backed up and the latest ghacks version from github will take its place."
    echo -e "\nIf currently using the ghacks user.js, please compare versions:"
-    echo "  Available online: $(curl -s ${ghacksjs} | sed -n '4p')"
+    echo "  Available online: $($DOWNLOAD_TO_STDOUT ${ghacksjs} | sed -n '4p')"
    echo "  Currently using:  $(sed -n '4p' user.js)"
  else
    echo "A user.js file does not exist in this profile. If you continue, the latest ghacks version from github will be downloaded."
@ -80,7 +89,7 @@ main () {
    # download latest ghacks user.js
    echo "downloading latest ghacks user.js file"
-    curl -O ${ghacksjs} && echo "ghacks user.js has been downloaded"
+    $DOWNLOAD_TO_FILE ${ghacksjs} && echo "ghacks user.js has been downloaded"
    if [ -e user-overrides.js ]; then
      echo "user-overrides.js file found"
@ -94,6 +103,7 @@ main () {
  cd "${currdir}"
 }
 update_pref="$(echo $update_pref | tr '[A-Z]' '[a-z]')"
 if [ $update_pref = "-donotupdate" ]; then
  main
--- a/user.js
+++ b/user.js
@ -1,8 +1,8 @@
 /******
 * name: ghacks user.js
-* date: 15 May 2018
+* date: 06 July 2018
-* version 60-beta: Call Me Pants, Maybe
+* version 61-beta: You Can't Hurry Pants
-*   "Your stare was holding, ripped JEANS, skin was showin'"
+*   "My mama said, "You can't hurry pants. No, you'll just have to wait""
 * authors: v52+ github | v51- www.ghacks.net
 * url: https://github.com/ghacksuserjs/ghacks-user.js
 * license: MIT: https://github.com/ghacksuserjs/ghacks-user.js/blob/master/LICENSE.txt
@ -65,23 +65,21 @@ user_pref("general.warnOnAboutConfig", false);
 /*** 0100: STARTUP ***/
 user_pref("_user.js.parrot", "0100 syntax error: the parrot's dead!");
-/* 0101: disable "slow startup" options
+/* 0101: disable default browser check
- * warnings, disk history, welcomes, intros, EULA, default browser check ***/
+ * [SETTING] General>Startup>Always check if Firefox is your default browser ***/
 user_pref("browser.slowStartup.notificationDisabled", true);
 user_pref("browser.slowStartup.maxSamples", 0);
 user_pref("browser.slowStartup.samples", 0);
 user_pref("browser.rights.3.shown", true);
 user_pref("browser.startup.homepage_override.mstone", "ignore");
 user_pref("startup.homepage_welcome_url", "");
 user_pref("startup.homepage_welcome_url.additional", "");
 user_pref("startup.homepage_override_url", ""); // what's new page after updates
 user_pref("browser.laterrun.enabled", false);
 user_pref("browser.shell.checkDefaultBrowser", false);
-/* 0102: set start page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
+/* 0102: set START page (0=blank, 1=home, 2=last visited page, 3=resume previous session)
 * [SETTING] General>Startup>When Firefox starts ***/
-   // user_pref("browser.startup.page", 0);
+user_pref("browser.startup.page", 0);
-/* 0103: set your "home" page (see 0102) ***/
+/* 0103: set HOME+NEWWINDOW page
-   // user_pref("browser.startup.homepage", "https://www.example.com/");
+ * about:home=Activity Stream (default, see 0514), custom URL, about:blank
 * [SETTING] Home>New Windows and Tabs>Homepage and new windows ***/
 user_pref("browser.startup.homepage", "about:blank");
 /* 0104: set NEWTAB page
 * true=Activity Stream (default, see 0514), false=blank page
 * [SETTING] Home>New Windows and Tabs>New tabs ***/
 user_pref("browser.newtabpage.enabled", false);
 user_pref("browser.newtab.preload", false);
 /*** 0200: GEOLOCATION ***/
 user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely deceased!");
@ -90,7 +88,7 @@ user_pref("_user.js.parrot", "0200 syntax error: the parrot's definitely decease
   // user_pref("geo.enabled", false);
 /* 0201b: set a default permission for Location (FF58+)
 * [SETTING] to add site exceptions: Page Info>Permissions>Access Your Location
- * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Location>Settings ***/
+ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Location>Settings ***/
 user_pref("permissions.default.geo", 2); // 0=always ask (default), 1=allow, 2=block
 /* 0202: disable GeoIP-based search results
 * [NOTE] May not be hidden if Firefox has changed your settings due to your locale
@ -201,9 +199,6 @@ user_pref("browser.tabs.crashReporting.sendReport", false);
 user_pref("browser.crashReports.unsubmittedCheck.enabled", false); // (FF51+)
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false); // (FF51-57)
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); // (FF58+)
 /* 0360: disable new tab tile ads & preload & marketing junk ***/
 user_pref("browser.newtab.preload", false);
 user_pref("browser.newtabpage.enabled", false);
 /* 0370: disable "Snippets" (Mozilla content shown on about:home screen)
 * [1] https://wiki.mozilla.org/Firefox/Projects/Firefox_Start/Snippet_Service ***/
 user_pref("browser.aboutHomeSnippets.updateUrl", "data:,");
@ -236,7 +231,6 @@ user_pref("extensions.blocklist.url", "https://blocklists.settings.services.mozi
 * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be
 * revoked, extensions and plugins to be disabled, and gfx environments that cause problems or crashes ***/
 user_pref("services.blocklist.update_enabled", true);
 user_pref("services.blocklist.signing.enforced", true);
 /* 0403: disable individual unwanted/unneeded parts of the Kinto blocklists ***/
   // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates
   // user_pref("services.blocklist.addons.collection", "");
@ -300,11 +294,11 @@ user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 /* 0421: enable more Tracking Protection choices under Options>Privacy & Security>Use Tracking Protection
 * Displays three choices: "Always", "Only in private windows", "Never" ***/
 user_pref("privacy.trackingprotection.ui.enabled", true);
-/* 0422: enable "basic" or "strict" tracking protecting list - ONLY USE ONE!
+/* 0422: set which Tracking Protection block list to use
 * [WARNING] We don't recommend enforcing this from here, as available block lists can change
 * [SETTING] Privacy & Security>Tracking Protection>Change Block List
 * [SETTING-ESR52] Privacy>Use Tracking Protection>Change Block List ***/
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256"); // basic
   // user_pref("urlclassifier.trackingTable", "test-track-simple,base-track-digest256,content-track-digest256"); // strict
 /* 0423: disable Mozilla's blocklist for known Flash tracking/fingerprinting (FF48+)
 * [1] https://www.ghacks.net/2016/07/18/firefox-48-blocklist-against-plugin-fingerprinting/
 * [2] https://bugzilla.mozilla.org/1237198 ***/
@ -337,12 +331,6 @@ user_pref("privacy.trackingprotection.ui.enabled", true);
     [2] https://dxr.mozilla.org/mozilla-central/source/browser/extensions
 ***/
 user_pref("_user.js.parrot", "0500 syntax error: the parrot's cashed in 'is chips!");
 /* 0501: disable experiments
 * [1] https://wiki.mozilla.org/Telemetry/Experiments ***/
 user_pref("experiments.enabled", false);
 user_pref("experiments.manifest.uri", "");
 user_pref("experiments.supported", false);
 user_pref("experiments.activeExperiment", false);
 /* 0502: disable Mozilla permission to silently opt you into tests ***/
 user_pref("network.allow-experiments", false);
 /* 0503: disable Normandy/Shield (FF60+)
@ -352,8 +340,10 @@ user_pref("network.allow-experiments", false);
 user_pref("app.normandy.enabled", false);
 user_pref("app.normandy.api_url", "");
 user_pref("app.shield.optoutstudies.enabled", false);
-/* 0505: block URL used for System Add-on updates (FF44+)
+user_pref("shield.savant.enabled", false); // (FF61+)
- * [NOTE] You will not get any System Add-on updates except when you update Firefox ***/
+/* 0505: disable System Add-on updates
 * [NOTE] In FF61 and lower, you will not get any System Add-on updates except when you update Firefox ***/
   // user_pref("extensions.systemAddon.update.enabled", false); // (FF62+)
   // user_pref("extensions.systemAddon.update.url", "");
 /* 0506: disable PingCentre telemetry (used in several System Add-ons) (FF57+)
 * Currently blocked by 'datareporting.healthreport.uploadEnabled' (see 0333) ***/
@ -450,7 +440,6 @@ user_pref("_user.js.parrot", "0700 syntax error: the parrot's given up the ghost
 * [NOTE] It is a myth that disabling IPv6 will speed up your internet connection
 * [1] https://www.howtogeek.com/195062/no-disabling-ipv6-probably-wont-speed-up-your-internet-connection/ ***/
   // user_pref("network.dns.disableIPv6", true);
   // user_pref("network.http.fast-fallback-to-IPv4", true); // default: true
 /* 0702: disable HTTP2 (which was based on SPDY which is now deprecated)
 * HTTP2 raises concerns with "multiplexing" and "server push", does nothing to enhance
 * privacy, and in fact opens up a number of server-side fingerprinting opportunities
@ -475,18 +464,22 @@ user_pref("network.proxy.socks_remote_dns", true);
 /* 0706: remove paths when sending URLs to PAC scripts (FF51+)
 * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
 * [1] https://bugzilla.mozilla.org/1255474 ***/
-user_pref("network.proxy.autoconfig_url.include_path", false);
+user_pref("network.proxy.autoconfig_url.include_path", false); // default: false
 /* 0707: disable (or setup) DNS-over-HTTPS (DoH) (FF60+)
 * TRR = Trusted Recursive Resolver
 * .mode: 0=off, 1=race, 2=TRR first, 3=TRR only, 4=race for stats, but always use native result
 * [WARNING] DoH bypasses hosts and gives info to yet another party (e.g. Cloudflare)
- * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/ ***/
+ * [1] https://www.ghacks.net/2018/04/02/configure-dns-over-https-in-firefox/
 * [2] https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/ ***/
   // user_pref("network.trr.mode", 0);
   // user_pref("network.trr.bootstrapAddress", "");
   // user_pref("network.trr.uri", "");
 /* 0708: disable FTP (FF60+)
 * [1] https://www.ghacks.net/2018/02/20/firefox-60-with-new-preference-to-disable-ftp/ ***/
   // user_pref("network.ftp.enabled", false);
 /* 0709: disable using UNC (Uniform Naming Convention) paths (FF61+)
 * [1] https://trac.torproject.org/projects/tor/ticket/26424 ***/
 user_pref("network.file.disable_unc_paths", true); // (hidden pref)
 /*** 0800: LOCATION BAR / SEARCH BAR / SUGGESTIONS / HISTORY / FORMS [SETUP]
     If you are in a private environment (no unwanted eyeballs) and your device is private
@ -613,7 +606,7 @@ user_pref("signon.autofillForms", false);
 * Don't let sites dictate use of saved logins and passwords. Increase security through
 * stronger password use. The trade-off is the convenience. Some sites should never be
 * saved (such as banking sites). Set at true, informed users can make their own choice. ***/
-user_pref("signon.storeWhenAutocompleteOff", true);
+user_pref("signon.storeWhenAutocompleteOff", true); // default: true
 /* 0907: display warnings for logins on non-secure (non HTTPS) pages
 * [1] https://bugzilla.mozilla.org/1217156 ***/
 user_pref("security.insecure_password.ui.enabled", true);
@ -927,15 +920,11 @@ user_pref("network.http.referer.defaultPolicy.pbmode", 2); // (FF59+) default: 2
 * TBB (Tor Browser Bundle) which is specifically designed for the dark web
 * [1] https://bugzilla.mozilla.org/1305144 ***/
 user_pref("network.http.referer.hideOnionSource", true);
-/* 1610: ALL: disable the DNT HTTP header, which is essentially USELESS
+/* 1610: ALL: enable the DNT (Do Not Track) HTTP header
 * It is voluntary and most ad networks do not honor it. DNT is *NOT* how you stop being data mined.
 * Don't encourage a setting that gives any legitimacy to 3rd parties being in control of your privacy.
 * Sending a DNT header *highly likely* raises entropy, especially in standard windows.
 * [SETTING] Privacy & Security>Tracking Protecting>Send websites a "Do Not Track"...
 * [SETTING-ESR52] Privacy>Use Tracking Protecting>manage your Do Not Track settings
- * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref (e.g. in default PB Mode)
+ * [NOTE] DNT is enforced with TP (see 0420) regardless of this pref ***/
- * [NOTE] If you use NoScript MAKE SURE to set the pref noscript.doNotTrack.enabled to match ***/
+user_pref("privacy.donottrackheader.enabled", true);
 user_pref("privacy.donottrackheader.enabled", false);
 /*** 1700: CONTAINERS [SETUP]
     [1] https://support.mozilla.org/kb/containers-experiment
@ -968,11 +957,14 @@ user_pref("plugin.defaultXpi.state", 0);
 /* 1802: enable click to play and set to 0 minutes ***/
 user_pref("plugins.click_to_play", true);
 user_pref("plugin.sessionPermissionNow.intervalInMinutes", 0);
-/* 1803: set a plugin state: 0=deactivated 1=ask 2=enabled (Flash example)
+/* 1803: disable NPAPI plugins (Add-ons>Plugins)
- * you can set all these plugin.state's via Add-ons>Plugins or search for plugin.state in about:config
+ * 0=deactivated, 1=ask, 2=enabled
 * ESR52.x is the last branch to *fully* support NPAPI, FF52+ stable only supports Flash
 * [NOTE] ESR52 users should check plugin.state* for other installed NPAPI plugins
 * [NOTE] You can still over-ride individual sites e.g. youtube via site permissions
 * [1] https://www.ghacks.net/2013/07/09/how-to-make-sure-that-a-firefox-plugin-never-activates-again/ ***/
-   // user_pref("plugin.state.flash", 0);
+user_pref("plugin.state.flash", 0);
 user_pref("plugin.state.java", 0);
 /* 1805: disable scanning for plugins [WINDOWS]
 * [1] http://kb.mozillazine.org/Plugin_scanning
 * plid.all = whether to scan the directories specified in the Windows registry for PLIDs.
@ -1033,7 +1025,7 @@ user_pref("media.getusermedia.audiocapture.enabled", false);
 /* 2024: set a default permission for Camera/Microphone (FF58+)
 * 0=always ask (default), 1=allow, 2=block
 * [SETTING] to add site exceptions: Page Info>Permissions>Use the Camera/Microphone
- * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Camera/Microphone>Settings ***/
+ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Camera/Microphone>Settings ***/
   // user_pref("permissions.default.camera", 2);
   // user_pref("permissions.default.microphone", 2);
 /* 2026: disable canvas capture stream
@ -1065,9 +1057,7 @@ user_pref("dom.disable_window_open_feature.resizable", true); // default: true
 user_pref("dom.disable_window_open_feature.status", true); // status bar - default: true
 user_pref("dom.disable_window_open_feature.titlebar", true);
 user_pref("dom.disable_window_open_feature.toolbar", true);
-/* 2202: disable meddling with open windows ***/
+/* 2202: prevent scripts moving and resizing open windows ***/
 user_pref("dom.allow_scripts_to_close_windows", false); // default: false
 user_pref("dom.disable_window_flip", true); // window z-order - default: true
 user_pref("dom.disable_window_move_resize", true);
 /* 2203: open links targeting new windows in a new tab instead
 * This stops malicious window sizes and some screen resolution leaks.
@ -1098,7 +1088,7 @@ user_pref("dom.popup_allowed_events", "click dblclick");
     including service and shared workers. Shared workers can be utilized by multiple scripts and
     communicate between browsing contexts (windows/tabs/iframes) and can even control your cache.
-     [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter).
+     [WARNING] Disabling "web workers" might break sites
     [UPDATE] uMatrix 1.2.0+ allows a per-scope control for workers (2301-deprecated) and service workers (2302)
              #Required reading [#] https://github.com/gorhill/uMatrix/releases/tag/1.2.0
@ -1123,7 +1113,7 @@ user_pref("dom.webnotifications.enabled", false); // (FF22+)
 user_pref("dom.webnotifications.serviceworker.enabled", false); // (FF44+)
 /* 2305: set a default permission for Notifications (see 2304) (FF58+)
 * [SETTING] to add site exceptions: Page Info>Permissions>Receive Notifications
- * [SETTING] to manage site exceptions: Privacy & Security>Permissions>Notifications>Settings ***/
+ * [SETTING] to manage site exceptions: Options>Privacy & Security>Permissions>Notifications>Settings ***/
   // user_pref("permissions.default.desktop-notification", 2); // 0=always ask (default), 1=allow, 2=block
 /* 2306: disable push notifications (FF44+)
 * web apps can receive messages pushed to them from a server, whether or
@ -1254,12 +1244,6 @@ user_pref("mathml.disabled", true);
 * [1] https://trac.torproject.org/projects/tor/ticket/10089
 * [2] http://kb.mozillazine.org/Middlemouse.contentLoadURL ***/
 user_pref("middlemouse.contentLoadURL", false);
 /* 2612: disable remote JAR files being opened, regardless of content type (FF42+)
 * [1] https://bugzilla.mozilla.org/1173171
 * [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/ ***/
 user_pref("network.jar.block-remote-files", true);
 /* 2613: disable JAR from opening Unsafe File Types ***/
 user_pref("network.jar.open-unsafe-types", false);
 /* 2614: limit HTTP redirects (this does not control redirects with HTML meta tags or JS)
 * [WARNING] A low setting of 5 or under will probably break some sites (e.g. gmail logins)
 * To control HTML Meta tag and JS redirects, use an extension. Default is 20 ***/
@ -1303,7 +1287,9 @@ user_pref("pdfjs.disabled", false);
 /* 2650: discourage downloading to desktop (0=desktop 1=downloads 2=last used)
 * [SETTING] To set your default "downloads": General>Downloads>Save files to ***/
 user_pref("browser.download.folderList", 2);
-/* 2651: enforce user interaction for security by always asking the user where to download ***/
+/* 2651: enforce user interaction for security by always asking the user where to download
 * [SETTING] General>Downloads>Always ask you where to save files
 * [SETTING-ESR52] General>Downloads>Always ask me where to save files ***/
 user_pref("browser.download.useDownloadDir", false);
 /* 2652: disable adding downloads to the system's "recent documents" list ***/
 user_pref("browser.download.manager.addToRecentDocs", false);
@ -1408,8 +1394,8 @@ user_pref("network.cookie.leave-secure-alone", true); // default: true
 * [WARNING] This *will* break other extensions including legacy, and *will* break some sites ***/
   // user_pref("dom.indexedDB.enabled", false);
 /* 2730: disable offline cache
- * [NOTE] This is required 'true' for Storage API (2750) ***/
+ * [NOTE] For FF51-FF60 (ESR not included), this is required 'true' for Storage API (2750) ***/
-   // user_pref("browser.cache.offline.enable", false);
+user_pref("browser.cache.offline.enable", false);
 /* 2730b: disable offline cache on insecure sites (FF60+)
 * [1] https://blog.mozilla.org/security/2018/02/12/restricting-appcache-secure-contexts/ ***/
 user_pref("browser.cache.offline.insecure.enable", false);
@ -1417,26 +1403,18 @@ user_pref("browser.cache.offline.insecure.enable", false);
 * [1] https://support.mozilla.org/questions/1098540
 * [2] https://bugzilla.mozilla.org/959985 ***/
 user_pref("offline-apps.allow_by_default", false);
 /* 2732: display a notification when websites ask to store data for offline use
 * [SETTING-ESR52] Advanced>Network>Tell me when a website asks to store data for offline use ***/
 user_pref("browser.offline-apps.notify", true);
 /* 2733: set size of warning quota for offline cache (default 51200)
 * Offline cache is only used in rare cases to store data locally. FF will store small amounts
 * (default <50MB) of data in the offline (application) cache without asking for permission. ***/
   // user_pref("offline-apps.quota.warn", 51200);
 /* 2740: disable service workers cache and cache storage
 * [1] https://w3c.github.io/ServiceWorker/#privacy ***/
 user_pref("dom.caches.enabled", false);
-/* 2750: disable Storage API
+/* 2750: disable Storage API (FF51+)
 * The API gives sites the ability to find out how much space they can use, how much
 * they are already using, and even control whether or not they need to be alerted
 * before the user agent disposes of site data in order to make room for other things.
- * [NOTE] If Storage API is enabled, then Offline Cache (2730) must be also be enabled
+ * [NOTE] For FF51-FF60 (ESR not included), if Storage API is enabled, then Offline Cache (2730) must be also be enabled
 * [1] https://developer.mozilla.org/docs/Web/API/StorageManager
 * [2] https://developer.mozilla.org/docs/Web/API/Storage_API
 * [3] https://blog.mozilla.org/l10n/2017/03/07/firefox-l10n-report-aurora-54/ ***/
-   // user_pref("dom.storageManager.enabled", false); // (FF51+)
+   // user_pref("dom.storageManager.enabled", false);
   // user_pref("browser.storageManager.enabled", false); // controls "Site Data" UI visibility (FF53+)
 /*** 2800: SHUTDOWN [SETUP]
     You should set the values to what suits you best. Be aware that the settings below clear
@ -1557,7 +1535,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
 ** 1337161 - hide gamepads from content (see 4606) (FF56+)
 ** 1372072 - spoof network information API as "unknown" (see 4607) (FF56+)
 ** 1333641 - reduce fingerprinting in WebSpeech API (see 4608) (FF56+)
- ** 1372069 & 1403813 - block geolocation requests (same as if you deny a site permission) (see 0201, 0211) (FF56+)
+ ** 1372069 & 1403813 & 1441295 - block geolocation requests (same as denying a site permission) (see 0201, 0211) (FF56-62)
 ** 1369309 - spoof media statistics (see 4610) (FF57+)
 ** 1382499 - reduce screen co-ordinate fingerprinting in Touch API (see 4611) (FF57+)
 ** 1217290 & 1409677 - enable fingerprinting resistance for WebGL (see 2010-12) (FF57+)
@ -1574,6 +1552,7 @@ user_pref("privacy.firstparty.isolate.restrict_opener_access", true);
      Modifier events suppressed are SHIFT and both ALT keys. Chrome is not affected.
      FF60: Fix keydown/keyup events (1438795)
 ** 1337157 - disable WebGL debug renderer info (see 4613) (FF60+)
 ** 1459089 - disable OS locale in HTTP Accept-Language headers [ANDROID] (FF62+)
 ***/
 user_pref("_user.js.parrot", "4500 syntax error: the parrot's popped 'is clogs");
 /* 4501: enable privacy.resistFingerprinting (FF41+)
@ -1704,6 +1683,11 @@ user_pref("_user.js.parrot", "4700 syntax error: the parrot's taken 'is last bow
 /*** 5000: PERSONAL [SETUP]
     Non-project related but useful. If any of these interest you, add them to your overrides ***/
 user_pref("_user.js.parrot", "5000 syntax error: this is an ex-parrot!");
 /* WELCOME & WHAT's NEW NOTICES ***/
   // user_pref("browser.startup.homepage_override.mstone", "ignore"); // master switch
   // user_pref("startup.homepage_welcome_url", "");
   // user_pref("startup.homepage_welcome_url.additional", "");
   // user_pref("startup.homepage_override_url", ""); // What's New page after updates
 /* WARNINGS ***/
   // user_pref("browser.tabs.warnOnClose", false);
   // user_pref("browser.tabs.warnOnCloseOtherTabs", false);
@ -1748,7 +1732,7 @@ user_pref("pageThumbs.enabled", false);
 // 2503: (31+) disable network API - replaced by dom.netinfo.enabled
   // [-] https://bugzilla.mozilla.org/960426
 user_pref("dom.network.enabled", false);
-// 2600s: (35+) disable WebSockets
+// 2600's: (35+) disable WebSockets
   // [-] https://bugzilla.mozilla.org/1091016
 user_pref("network.websocket.enabled", false);
 // 1610: (36+) set DNT "value" to "not be tracked" (FF21+)
@ -1806,7 +1790,7 @@ user_pref("browser.safebrowsing.provider.google.appRepURL", ""); // browser.safe
 // 1200's: block rc4 whitelist
   // [-] https://bugzilla.mozilla.org/1215796
 user_pref("security.tls.insecure_fallback_hosts.use_static_list", false);
-// 2300s: disable SharedWorkers
+// 2300's: disable SharedWorkers
   // [1] https://trac.torproject.org/projects/tor/ticket/15562
   // [-] https://bugzilla.mozilla.org/1207635
 user_pref("dom.workers.sharedWorkers.enabled", false);
@ -2043,7 +2027,7 @@ user_pref("media.eme.chromium-api.enabled", false); // (FF55+)
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1393497
 user_pref("devtools.webide.autoinstallFxdtAdapters", false);
-// 2600s: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
+// 2600's: disable SimpleServiceDiscovery - which can bypass proxy settings - e.g. Roku
   // [1] https://trac.torproject.org/projects/tor/ticket/16222
   // [-] https://bugzilla.mozilla.org/1393582
 user_pref("browser.casting.enabled", false);
@ -2104,7 +2088,7 @@ user_pref("dom.idle-observers-api.enabled", false);
 user_pref("browser.newtabpage.directory.source", "data:text/plain,");
 user_pref("browser.newtabpage.enhanced", false);
 user_pref("browser.newtabpage.introShown", true);
-// 0512: disable Shield (FF53-FF59) - replaced internally by Normandy (see 0503)
+// 0512: disable Shield (FF53+) - replaced internally by Normandy (see 0503)
   // Shield is an telemetry system (including Heartbeat) that can also push and test "recipes"
   // [1] https://wiki.mozilla.org/Firefox/Shield
   // [2] https://github.com/mozilla/normandy
@ -2115,14 +2099,36 @@ user_pref("extensions.shield-recipe-client.api_url", "");
   // [-] https://bugzilla.mozilla.org/1433324
 user_pref("browser.newtabpage.activity-stream.enabled", false);
 // 2301: disable workers
   // [WARNING] Disabling workers *will* break sites (e.g. Google Street View, Twitter)
   // [NOTE] CVE-2016-5259, CVE-2016-2812, CVE-2016-1949, CVE-2016-5287 (fixed)
   // [-] https://bugzilla.mozilla.org/1434934
 user_pref("dom.workers.enabled", false);
-// 5000s: open "page/selection source" in a new window
+// 5000's: open "page/selection source" in a new window
   // [-] https://bugzilla.mozilla.org/1418403
   // user_pref("view_source.tab", false);
 // * * * /
 // ***/
 /* ESR60.x still uses all the following prefs
 // [NOTE] replace the * with a slash in the line above to re-enable them
 // FF61
 // 0501: disable experiments
   // [1] https://wiki.mozilla.org/Telemetry/Experiments
   // [-] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1420908,1450801
 user_pref("experiments.enabled", false);
 user_pref("experiments.manifest.uri", "");
 user_pref("experiments.supported", false);
 user_pref("experiments.activeExperiment", false);
 // 2612: disable remote JAR files being opened, regardless of content type (FF42+)
   // [1] https://bugzilla.mozilla.org/1173171
   // [2] https://www.fxsitecompat.com/en-CA/docs/2015/jar-protocol-support-has-been-disabled-by-default/
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
 user_pref("network.jar.block-remote-files", true);
 // 2613: disable JAR from opening Unsafe File Types
   // [-] https://bugzilla.mozilla.org/show_bug.cgi?id=1427726
 user_pref("network.jar.open-unsafe-types", false);
 // * * * /
 // ***/
 /* END: internal custom pref to test for syntax errors ***/
 user_pref("_user.js.parrot", "SUCCESS: No no he's not dead, he's, he's restin'!");
Author	SHA1	Message	Date
Thorin-Oakenpants	a81d013e45	61-beta	2018-07-06 12:25:41 +00:00
Emanuele Petriglia	857cbd8c24	Use wget if curl is not available (#451 ) * Use wget if curl is not available On most GNU/Linux distributions wget is often preinstalled, while curl is not. * Bump updater.sh version	2018-07-06 14:06:01 +02:00
Thorin-Oakenpants	c9543519c7	0100s: startpage, home+newwindow, newtab FF61 introduced quite a few changes, including removing the ability to set a blank startpage in the UI, and a new Home options tab with unified Activity Stream (AS) defaults and dropdown options. Because the only way to stop AS on startup is to enforce a blank page (pref 0102), and setting this auto changes `home+newwindow` (0103) and `newtab` (0104) to a blank page, then we're just going to go ahead and enforce that on all of them. For more info see the discussion in #426	2018-07-05 15:32:19 +00:00
Thorin-Oakenpants	d34894e965	2730 + 2750: Storage API + Offline Cache ESR52.x doesn't use the new site storage UI. FF61+ the issue is resolved, so let's enforce offline cache (2730) as false again	2018-07-05 10:16:20 +00:00
Thorin-Oakenpants	70abeda9d4	2730 + 2750: Storage API + Offline Cache https://bugzilla.mozilla.org/show_bug.cgi?id=1450448#c20	2018-07-04 16:49:26 +00:00
Thorin-Oakenpants	dceef9d1db	0503: disable savant	2018-07-04 12:53:21 +00:00
Thorin-Oakenpants	9386fb5581	61 deprecated/removed prefs	2018-07-04 09:41:30 +00:00
Thorin-Oakenpants	56acb4cff5	disable UNC paths	2018-07-04 09:15:44 +00:00
Thorin-Oakenpants	1eac4185d2	4500: RFP geo reverted 63+	2018-06-26 03:48:47 +00:00
Thorin-Oakenpants	05021ac62e	2300: workers, fixes #446	2018-06-20 05:05:48 +00:00
Thorin-Oakenpants	a2b5e1e7cf	updated 03-Jun-2018	2018-06-04 00:28:43 +00:00
Thorin-Oakenpants	d9a1c83300	updated 03-Jun-2018	2018-06-04 00:27:20 +00:00
Thorin-Oakenpants	a4a9b9a675	cleanup #426 Both deprecated in FF61, but we'll remove them from the user.js - `services.blocklist.signing.enforced` is default true since FF50 - `browser.storageManager.enabled` only controls "Site Data" UI visibility	2018-06-04 00:23:16 +00:00
Thorin-Oakenpants	c61e633236	0707: added ref link	2018-06-01 04:32:52 +00:00
Thorin-Oakenpants	8783ae9ce8	start 61 commits	2018-05-31 01:35:51 +00:00
Thorin-Oakenpants	3264fbd9c3	finalize 60	2018-05-31 01:27:20 +00:00
earthlng	b8b3a4f7ed	enable DNT header by default pros and cons: see https://github.com/ghacksuserjs/ghacks-user.js/issues/422#issuecomment-392789507 + follow-up comments	2018-05-29 19:06:06 +02:00
Thorin-Oakenpants	7f1f9e124b	updated 29-May-2018	2018-05-29 16:12:07 +00:00
Thorin-Oakenpants	9b1cf28e89	0101: cleanup `laterrun` #434	2018-05-29 16:09:02 +00:00
Thorin-Oakenpants	acc5a1c2df	0101 welcomes+whatsnew -> 5000s #434	2018-05-29 02:25:54 +00:00
Thorin-Oakenpants	9a4032f4cd	updated 27-May-2018	2018-05-27 21:43:38 +00:00
Thorin-Oakenpants	f113cf84c3	0101: cleanup `rights.3` #434	2018-05-27 21:40:47 +00:00
Thorin-Oakenpants	c92ece7960	updated 26-May-2018	2018-05-26 18:49:44 +00:00
Thorin-Oakenpants	3e5667fb34	0101: more cleanup, #434	2018-05-26 18:48:38 +00:00
Thorin-Oakenpants	2bf238f384	updated to 26-May-2018	2018-05-26 16:49:39 +00:00
Thorin-Oakenpants	3edf7af85e	0101: cleanup, see #434	2018-05-26 16:45:46 +00:00
Thorin-Oakenpants	4b8b2d81a0	Create ghacks-clear-[removed].js	2018-05-26 05:00:04 +12:00
Thorin-Oakenpants	fde8035332	Delete ghacks-clear-FF60inclusive-[removed].js	2018-05-26 04:58:53 +12:00
Thorin-Oakenpants	01bd2a4f6d	0422: TP block lists: deduplicate, fixes #434	2018-05-25 15:44:27 +00:00
Thorin-Oakenpants	6d4b49d061	Update ghacks-clear-FF60inclusive-[removed].js	2018-05-25 14:53:11 +00:00
Thorin-Oakenpants	8e60f412e4	Update ghacks-clear-FF60inclusive-[removed].js	2018-05-25 14:52:22 +00:00
Thorin-Oakenpants	f60a87f97f	2730s: cleanup/removal #434 2732 was just enforcing default since at least FF52, and 2733 has never been used, was only there for info. Offline Cache or appCache (2730) is already behind a prompt (2731), and is already limited (in FF60+) to HTTPS (2730b).	2018-05-25 14:44:44 +00:00
Thorin-Oakenpants	449e32a8ca	2202: cleanup #434 both these removed prefs are enforcing the default in ESR52.x and FF60+ (and I assume FF52+) branches	2018-05-25 04:28:03 +00:00
Thorin-Oakenpants	35a9d3d1e1	0505: system add-on updates, fixes #172 Note: I am not 100% sure what happens with an app update. If this is divorced from that check now, you should be able to get FF updated without any system addons. We'll have to wait until 62 needs an update to test it. In the meantime I've edited the [NOTE]. I've also left this inactive (eg imagine if they pushed a critical update for formfill), so this is an end-user decision. Added to sticky to revisit this pref	2018-05-25 04:03:59 +00:00
Thorin-Oakenpants	c66d1b08e7	remove network.http.fast-fallback-to-IPv4 #433 the default is true anyway for ESR52.x and FF60+ (and I assume for FF52+) branches	2018-05-25 02:07:10 +00:00
Thorin-Oakenpants	0a63b6545d	4500: tweak	2018-05-23 17:53:16 +00:00
Thorin-Oakenpants	a8051b88e4	1803: 3rd time's a charm	2018-05-23 17:41:25 +00:00
Thorin-Oakenpants	87ce12925d	1803: tweak	2018-05-23 17:21:49 +00:00
Thorin-Oakenpants	d6a7531c67	1803: flash/java/npapi fixes #433	2018-05-23 17:05:29 +00:00
Thorin-Oakenpants	3a77e18ae8	RFP: OS locale & HTTP Accept-Language header https://bugzilla.mozilla.org/show_bug.cgi?id=1459089 . When/if it gets uplifted to 61, I'll update.	2018-05-23 11:07:06 +00:00
Thorin-Oakenpants	a635ae5dfb	2730 + 2750: Storage API + Offline Cache https://bugzilla.mozilla.org/show_bug.cgi?id=1450448	2018-05-23 08:55:19 +00:00
earthlng	02bac31e6a	nits (#423 )	2018-05-17 04:31:28 +12:00