Firefox "about:config" referential #11
Replies: 3 comments
-
|
= On viability sending no Referer alike = Referer alike [1] HTTP headers (controlled by several "network.http" entries): Plausible uses are few [2], else are mostly misuses by some trying to maintain security but have no idea what makes security. Unfortunately, a number of sites indeed erroneously rely on such. However, based on various observations: |
Beta Was this translation helpful? Give feedback.
-
|
= "security.ssl3.ecdhe_rsa_aes_128_sha" = Which configures "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" (0xC013): For reference: ECDHE is the key exchange algorithm: Choosing AES-128 or AES-256 wouldn't really matter for this case: |
Beta Was this translation helpful? Give feedback.
-
|
= Assistive bookmarklet dealing with inapt hover handling = Hover, "mouseover" alike: I there coin the below bookmarklet to workaround: 2 variants differ only in whether to prefer "parentElement" or not. Unrolled and commented: (function () {
var body = document.getElementsByTagName( "body" )[0],
x0 = document.createElement( "textarea" );
/* ↓ ".cssText" may be required for legacy browsers. */
x0.style.cssText = "position: fixed; z-index: 2147483647; left: 0; top: 0; width: 100%; height: " + ( innerHeight || document.documentElement.clientHeight ) * 0.25 + "px; opacity: 0.8; color: black; background-color: white; font-size: 14px; font-family: monospace";
// ^ "document.documentElement.clientHeight" may work quirky:
// https://stackoverflow.com/questions/1248081/how-to-get-the-browser-viewport-dimensions#8876069
x0.onfocus = function () { this.style.opacity = 1; };
x0.onblur = function () {
this.parentNode.removeChild( this );
body.removeChild( x1 ); // This "x1" would be the "x1" of corresponding invocation.
};
/*
"margin-bottom" on the textarea itself doesn't work the same manner.
*/
var x1 = document.createElement( "div" );
x1.style.height = x0.style.height;
x1.id = "___pad";
function insert () {
var _ = document.querySelector( "body > div:empty#___pad" );
_ && _.previousSibling.onblur(); // Programmatic "blur" does not necessarily trigger "onblur".
body.insertBefore( x0,
body.insertBefore( x1, body.firstChild ) );
};
try {
var f0 = function ( event ) {
removeEventListener( "mousedown", f0, true );
removeEventListener( "touchstart", f0, true );
// "useCapture" is preferred for working with other Event Listeners: that may interfere via "stopPropagation" alike.
// .
// See also:
// https://quirksmode.org/js/events_order.html
// https://caniuse.com/?search=addEventListener
// ↓ "innerText" eats whitespace.
x0.textContent = ( event.target.parentElement ? /* "parentNode" differs. */
event.target.parentNode.outerHTML : // nor "parentNode", "parentElement" etc.
event.target.shadowRoot ? // "shadowRoot" has no "outerHTML"; ^
( x0.style.border = "1px solid red",
(function rs ( et ) {
// https://docs.apify.com/academy/node-js/scraping-shadow-doms
var _ = document.createElement( "q" );
// ^ Using "template" as the element may miraculously fail. (blank output no explanation)
for ( var i = 0; i < et.childNodes.length; ++ i ) {
var x = et.childNodes[i],
_x = x.cloneNode(); // "childNodes" passes by reference.
// I.e. "x.innerHTML" cast on the original.
_x.innerHTML = ( x.shadowRoot ? rs( x.shadowRoot ) : "" ) + rs( x );
_.appendChild( _x );
};
return _.innerHTML;
})( event.target.shadowRoot ) ) : event.target.outerHTML );
// ^ https://stackoverflow.com/questions/37016564/how-to-serialize-an-html-dom-including-shadow-dom#37016747
// Caveat misinformation.
insert();
event.stopImmediatePropagation();
event.preventDefault();
// ^ https://www.uriports.com/blog/easy-fix-for-unable-to-preventdefault-inside-passive-event-listener/#what-is-the-intervention-violation-about
// https://caniuse.com/?search=addEventListener+passive
/*
( event.target.nodeName.toLowerCase() === "a" ) && (
setTimeout( function ( x ) { event.target.href = x; }, 0, event.target.href ),
event.target.href = "javascript:" ); // Workaround link click event not cancelable.
// ^ May not work reliably enough: there seems to be sort of race condition. (and conflict with Shadow DOM)
*/
};
function fn ( e ) {
removeEventListener( "click", fn, true );
e.stopImmediatePropagation(); e.preventDefault(); };
// "mousedown", "touch" related may eventually cause "click".
addEventListener( "click", fn, true );
addEventListener( "mousedown", f0, true );
// ^ "mousedown" may behave as if "click" on Mobile.
addEventListener( "touchstart", f0, true ); // So "touchstart" would be needed.
} catch ( e ) {
x0.textContent = e; insert(); };
})();
/*
Known limitations:
|1| May not work on "<iframe>" due to browsers' isolation handling.
[ ^ Workaround: Navigate to the frame src directly. ]
|2| Limited support for ShadowRoot handling. (that created with `mode: "closed"` would be unsalvageable)
|3| If the page erroneously relied on "body.firstChild" alike...
[ See also: https://github.com/liriliri/eruda/issues/150#issuecomment-2306083410 ]
Use "document.documentElement.outerHTML" to output the entire rendered HTML.
(may not include the Shadow DOM)
uBO's "/code-viewer.html" (Code viewer) shall be also helpful:
https://github.com/uBlockOrigin/uBlock-issues/wiki/Code-viewer
*/]] |
Beta Was this translation helpful? Give feedback.
-
Live document aligning with current Firefox.
Targeted Mobile (Fenix), but general concepts apply.
Afraid never to be "completed" unless Firefox be "completed"...
[[
|*| accessibility.force_disabled: 1
|*| app.update.auto: false
|*| apz.allow_double_tap_zooming: false
|*| apz.max_tap_time: 350
|*| apz.overscroll.enabled: false
|*| apz.second_tap_tolerance: 0.1
|*| apz.zoom-to-focused-input.enabled: false
|*| apz.zoom_animation_duration_ms: 0
|*| browser.region.network.url:
|*| device.sensors.enabled: false
|*| dom.event.clipboardevents.enabled: true
|*| dom.event.contextmenu.enabled: false
|*| dom.interactive_widget_default_resizes_visual: false
|*| dom.select_events.enabled: false
|*| dom.webgpu.enabled: false
|*| extensions.webcompat-reporter.enabled: false
|*| extensions.webcompat.enable_shims: false
|*| extensions.webcompat.perform_injections: false
|*| extensions.webcompat.perform_ua_overrides: false
|*| general.appversion.override:
|*| general.buildID.override:
|*| general.oscpu.override:
|*| general.platform.override:
|*| general.smoothScroll: false
|*| general.useragent.override: Mozilla/5.0 (Linux; rv:999) Gecko/20100101 Firefox/999
|*| image.http.accept: */*
|*| intl.accept_languages: en
|*| layout.accessiblecaret.height: 48.88
|*| layout.accessiblecaret.margin-left: -24.88
|*| layout.accessiblecaret.width: 48.88
|*| layout.css.devPixelsPerPx: 1
|*| media.peerconnection.enabled: false
|*| media.peerconnection.ice.default_address_only: true
|*| media.peerconnection.ice.no_host: true
|*| media.peerconnection.ice.proxy_only_if_behind_proxy: true
|*| network.IDN_show_punycode: true
|*| network.connectivity-service.enabled: false
|*| network.dns.disablePrefetch: true
|*| network.http.accept: */*
|*| network.http.priority_header.enabled: false
|*| network.http.referer.spoofSource: true
|*| network.http.referer.trimmingPolicy: 2
|*| network.http.sendRefererHeader: 0
|*| network.http.speculative-parallel-limit: 0
|*| network.predictor.enabled: false
|*| network.prefetch-next: false
|*| network.trr.confirmationNS: skip
|*| network.trr.mode: 3
|*| network.trr.uri: https://1.1.1.1/dns-query
|*| privacy.antitracking.enableWebcompat: false
|*| privacy.bounceTrackingProtection.enabled: false
|*| privacy.donottrackheader.enabled: false
|*| privacy.globalprivacycontrol.enabled: true
|*| privacy.globalprivacycontrol.functionality.enabled: true
|*| security.OCSP.enabled: 0
|*| security.pki.crlite_mode: 2
|*| security.ssl3.ecdhe_ecdsa_aes_128_sha: false
|*| security.ssl3.ecdhe_ecdsa_aes_256_sha: false
|*| security.ssl3.ecdhe_rsa_aes_128_sha: false
|*| security.ssl3.ecdhe_rsa_aes_256_sha: false
|*| security.ssl3.rsa_aes_128_gcm_sha256: false
|*| security.ssl3.rsa_aes_128_sha: false
|*| security.ssl3.rsa_aes_256_gcm_sha384: false
|*| security.ssl3.rsa_aes_256_sha: false
|*| ui.mouse.radius.enabled: false
|*| ui.textScaleFactor: 100
|*| ui.touch.radius.enabled: false
|*| webgl.disabled: true
]]
See also: https://github.com/mozilla-mobile/fenix/issues/4584#issuecomment-1186040690
Current:
about:config?filter=^(?:(?:(?:d(?:evice%5C.sensors|om%5C.(?:event%5C.c(?:lipboardevents|ontextmenu)|select_events))|javascript|media%5C.peerconnection)%5C.en|webgl%5C.dis)abled|general%5C.useragent%5C.override|intl%5C.accept_languages|network%5C.(?:cookie%5C.cookieBehavior|http%5C.sendRefererHeader|trr%5C.(?:mode|uri))|security%5C.ssl3%5C.ecdhe_rsa_aes_128_sha|ui%5C.textScaleFactor)%24
[
|*| Name: Quirkiness Panel
|*| URL:
about:config?filter=^(?:network\.http\.accept(?!_include_images)|(?:general\.(?:appversion|buildID|oscpu|platform|useragent)\.override|apz\.allow_double_tap_zooming|privacy\.(?:donottrackheader|globalprivacycontrol\.functionality)\.enabled)$)][
|*| Name: !
|*| URL: about:config?filter=^(?:(?:(?:apz%5C.(?:overscroll|zoom-to-focused-input)|d(?:evice%5C.sensors|om%5C.(?:event%5C.c(?:lipboardevents|ontextmenu)|select_events|webgpu))|privacy%5C.(?:bounceTrackingProtection|donottrackheader|globalprivacycontrol(?:%5C.functionality)?)|ui%5C.(?:mouse|touch)%5C.radius)%5C.en|(?:accessibility%5C.force_|webgl%5C.)dis)abled|dom%5C.interactive_widget_default_resizes_visual|privacy%5C.antitracking%5C.enableWebcompat|ap(?:p%5C.update%5C.auto|z%5C.(?:allow_double_tap_zooming|(?:max_tap_tim|second_tap_toleranc)e|zoom_animation_duration_ms))|browser%5C.region%5C.network%5C.url|extensions%5C.webcompat(?:-reporter%5C.enabled|%5C.(?:enable_shim|perform_(?:injection|ua_override))s)|general%5C.(?:smoothScroll|(?:appversion|buildID|oscpu|platform|useragent)%5C.override)|i(?:mage%5C.http%5C.accept|ntl%5C.accept_languages)|layout%5C.(?:accessiblecaret%5C.(?:(?:heigh|margin-lef)t|width)|css%5C.devPixelsPerPx)|media%5C.peerconnection%5C.(?:enabled|ice%5C.(?:no_host|(?:default_address_onl|proxy_only_if_behind_prox)y))|network%5C.(?:IDN_show_punycode|connectivity-service%5C.enabled|dns%5C.disablePrefetch|http%5C.(?:accept|priority_header%5C.enabled|referer%5C.(?:spoofSource|trimmingPolicy)|s(?:endRefererHeader|peculative-parallel-limit))|pre(?:dictor%5C.enabled|fetch-next)|trr%5C.(?:confirmationNS|mode|uri))|security%5C.(?:OCSP%5C.enabled|pki%5C.crlite_mode|ssl3%5C.(?:ecdhe_(?:ecdsa|rsa)_aes_(?:128|256)_sha|rsa_aes_(?:128_(?:gcm_sha256|sha)|256_(?:gcm_sha384|sha))))|ui%5C.textScaleFactor)%24 ]
On regular channel Firefox, workaround:
chrome://geckoview/content/config.xhtml?filter=aboutConfig
.
https://bugzilla.mozilla.org/show_bug.cgi?id=1813163#c18
Note: Desktop version Firefox seems to lack the "about:config" filter support.
And doesn't seem to accept RegEx?
.
"about:config?filter=" no longer brings up the settings?
https://old.reddit.com/r/firefox/comments/eno1ym?sort=old#fe2yoxi
; no more working.
Probable workaround:
https://github.com/xiaoxiaoflood/firefox-scripts#restore-removed-pages
https://old.reddit.com/r/firefox/comments/10y7p94?sort=old#j825wov
----
Use Searchfox to search Firefox code source to find the relevant config details.
E.g. https://searchfox.org/mozilla-central/search?regexp=true&q=(%5CW|^)apz%5C.overscroll(%5CW|%24)
.
[ https://searchfox.org/ ] has more related help.
Go [ https://regex101.com/ ] for RegEx.
See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=1908089
https://bugzilla.mozilla.org/show_bug.cgi?id=1711622#c36
.
"That not exist in source: mostly couldn't exist in program."
All of my Bugzilla:
https://bugzilla.mozilla.org/[email protected]&emailtype1=exact&emailreporter1=1&emaillongdesc1=1&splitheader=1&columnlist=bug_type,longdescs.count,short_desc,product,component,reporter,bug_status,resolution,opendate,changeddate&order=changeddate%20DESC,reporter,short_desc
----
`
dom.interactive_widget_default_resizes_visual: false` for a recent (~ 202409) serious regression in Nightly.More details:
https://github.com/microsoft/vscode/issues/221685#issuecomment-2542498195
https://bugzilla.mozilla.org/show_bug.cgi?id=1884807#c6
https://bugzilla.mozilla.org/buglist.cgi?splitheader=1&columnlist=bug_type,longdescs.count,short_desc,product,component,reporter,bug_status,resolution,opendate,changeddate&order=changeddate%20DESC,reporter,short_desc&f1=short_desc&o1=allwordssubstr&v1=keyboard+height
"overscroll" is related with this:
https://bugzilla.mozilla.org/show_bug.cgi?id=1838064#c0
(UI scroll bleeding)
; false good.
~~Disabling "one_touch_pinch" for preference of using double-click select.~~
(which may interfere with the double-click zooming ("pinch") )
Using `
apz.allow_double_tap_zooming: false` with `apz.one_touch_pinch.enabled: true` (default) shall be more pleasant:The double-click-hold-slide zooming is quite handy. And not really the conflict source.
.
But caveat some configs may be rewritten each app start: "apz.allow_double_tap_zooming" is one.
Notable others include: "privacy.globalprivacycontrol" related, "intl.accept_languages".
https://bugzilla.mozilla.org/show_bug.cgi?id=1871964#c3
[ "202501"
Speculatively enabled GPC:
https://bugzilla.mozilla.org/show_bug.cgi?id=1912841#c2
(Tor uses now?)
So no more touching "privacy.globalprivacycontrol.functionality.enabled".
See also:
https://github.com/mullvad/mullvad-browser/issues/237#issuecomment-2340223499
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42777#note_3051355
[ "ClipboardEvent"
Reverted `
dom.event.clipboardevents.enabled: false`. (favoring more usability)Concerns: https://github.com/microsoft/vscode/issues/166231#issuecomment-1334536748
(VSCW) Pasting without ClipboardEvent API now has workaround: gave correct result.
Though lags a lot... Seemingly simulated typing into the editor each character?
.
"Cut" without remains not working.
Note: "dom.event.clipboardevents.enabled" can be toggled on-the-fly without needing refresh. ] ]
Disabled "mouse.radius", "touch.radius" for:
Certain elements maybe adjacent but distinct: such fobbing only worsens the situation.
Reduced "second_tap_tolerance" for more efficient operation: very much also for the same cause.
`
apz.zoom-to-focused-input.enabled: false` is to disable the thoughtless counterproductive zoom jump when focusing on text-input."webcompat" related is for:
https://github.com/mozilla-extensions/webcompat-addon/issues/356
(conflict potential)
On the User-Agent choice:
https://github.com/MasterInQuestion/talk/discussions/10
Various comments on web security:
https://github.com/MasterInQuestion/talk/discussions/30
For somehow failing Cloudflare checks:
https://github.com/webcompat/web-bugs/issues/139311#issuecomment-2266721390
"Secret Settings"
https://bugzilla.mozilla.org/show_bug.cgi?id=1890150#c5
https://github.com/mozilla/gecko-dev/blob/master/mobile/android/fenix/app/src/main/res/values/static_strings.xml
Caveat:
It's strongly not recommended to blindly branch on the latest Nightly:
There had been even outright start-up crashes that went into issuing...
Beta Was this translation helpful? Give feedback.
All reactions