Git-Mirrors/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2024-06-26 06:22:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

0912: HTTP Auth sub-resources #585 (#602)

Browse Source
This commit is contained in:
Thorin-Oakenpants 2018-12-18 01:41:37 +13:00 committed by GitHub
parent 55c2cacbce
commit 5bd5f6b28e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
user.js
View File

@ -645,6 +645,13 @@ user_pref("signon.formlessCapture.enabled", false);
* [2] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1217152,1319119 ***/
user_pref("signon.autofillForms.http", false);
user_pref("security.insecure_field_warning.contextual.enabled", true);
/* 0912: limit (or disable) HTTP authentication credentials dialogs triggered by sub-resources [FF41+]
* hardens against potential credentials phishing
* 0=don't allow sub-resources to open HTTP authentication credentials dialogs
* 1=don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
* 2=allow sub-resources to open HTTP authentication credentials dialogs (default)
* [1] https://www.fxsitecompat.com/en-CA/docs/2015/http-auth-dialog-can-no-longer-be-triggered-by-cross-origin-resources/ ***/
user_pref("network.auth.subresource-http-auth-allow", 1);
/*** [SECTION 1000]: CACHE / SESSION (RE)STORE / FAVICONS [SETUP-CHROME]
ETAG [1] and other [2][3] cache tracking/fingerprinting techniques can be averted by