diff --git a/4.1-Extensions.md b/4.1-Extensions.md index 8cf3e47..9c32b97 100644 --- a/4.1-Extensions.md +++ b/4.1-Extensions.md @@ -1,15 +1,15 @@ Preferences alone are **not enough**. Extensions can be more powerful, such as offering whitelists/blacklists and more granular control. This may allow you to set a preference at a `deny-all` level, but get back functionality on sites where you need it. An extension can also solve issues where the browser itself has no current solution. This list covers privacy and security related extensions only. While we believe these are the very best of the best, this can be subjective depending on your needs. We are also not saying you have to use all these extensions. -### :small_orange_diamond: Links +### :small_orange_diamond: Relevant Links - * [#655](https://github.com/ghacksuserjs/ghacks-user.js/issues/655) submissions for this list - * [#350](https://github.com/ghacksuserjs/ghacks-user.js/issues/350) prefs vs extensions - * [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) CSP issues (see below) + * [#655](https://github.com/ghacksuserjs/ghacks-user.js/issues/655) Submissions + * [#350](https://github.com/ghacksuserjs/ghacks-user.js/issues/350) Prefs & Extensions + * [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/664) CSP issues ### :small_orange_diamond: Extensions These are all, where applicable, best configured to `deny-all` and whitelist. -:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). See [#664](https://github.com/ghacksuserjs/ghacks-user.js/issues/497) and bugzillas [1421725](https://bugzilla.mozilla.org/show_bug.cgi?id=1421725), [1477696](https://bugzilla.mozilla.org/show_bug.cgi?id=1477696) and [1462989](https://bugzilla.mozilla.org/show_bug.cgi?id=1462989). **Some** CSP items to be aware of are highlighted below. +:exclamation: **CSP**: When multiple extensions use CSP injection to modify headers, **only one wins** and predicting the winner is like [rolling a dice](https://github.com/ghacksuserjs/ghacks-user.js/issues/265#issuecomment-393935989). **Some** CSP items to be aware of are highlighted below. * [uBlock Origin](https://addons.mozilla.org/firefox/addon/ublock-origin/) ✔ [Privacy](https://github.com/gorhill/uBlock/wiki/Privacy-policy) | [GitHub](https://github.com/gorhill/uBlock) * :exclamation: **CSP**: Uncheck `Dashboard > Settings > Block remote fonts`. Font **rules** use CSP [unsure about font filters]. Use Request Control instead.