42 lines
2.1 KiB
Nix
42 lines
2.1 KiB
Nix
{
|
|
/*** [SECTION 4000]: FPI (FIRST PARTY ISOLATION)
|
|
1278037 - indexedDB (FF51+)
|
|
1277803 - favicons (FF52+)
|
|
1264562 - OCSP cache (FF52+)
|
|
1268726 - Shared Workers (FF52+)
|
|
1316283 - SSL session cache (FF52+)
|
|
1317927 - media cache (FF53+)
|
|
1323644 - HSTS and HPKP (FF54+)
|
|
1334690 - HTTP Alternative Services (FF54+)
|
|
1334693 - SPDY/HTTP2 (FF55+)
|
|
1337893 - DNS cache (FF55+)
|
|
1344170 - blob: URI (FF55+)
|
|
1300671 - data:, about: URLs (FF55+)
|
|
1473247 - IP addresses (FF63+)
|
|
1492607 - postMessage with targetOrigin "*" (requires 4002) (FF65+)
|
|
1542309 - top-level domain URLs when host is in the public suffix list (FF68+)
|
|
1506693 - pdfjs range-based requests (FF68+)
|
|
1330467 - site permissions (FF69+)
|
|
1534339 - IPv6 (FF73+)
|
|
1721858 - WebSocket (FF92+)
|
|
***/
|
|
/* 4001: enable First Party Isolation [FF51+]
|
|
* [SETUP-WEB] May break cross-domain logins and site functionality until perfected
|
|
* [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1260931,1299996 ***/
|
|
"privacy.firstparty.isolate" = true;
|
|
/* 4002: enforce FPI restriction for window.opener [FF54+]
|
|
* [NOTE] Setting this to false may reduce the breakage in 4001
|
|
* FF65+ blocks postMessage with targetOrigin "*" if originAttributes don't match. But
|
|
* to reduce breakage it ignores the 1st-party domain (FPD) originAttribute [2][3]
|
|
* The 2nd pref removes that limitation and will only allow communication if FPDs also match.
|
|
* [1] https://bugzilla.mozilla.org/1319773#c22
|
|
* [2] https://bugzilla.mozilla.org/1492607
|
|
* [3] https://developer.mozilla.org/docs/Web/API/Window/postMessage ***/
|
|
# // user_pref("privacy.firstparty.isolate.restrict_opener_access", true); // [DEFAULT: true]
|
|
# // user_pref("privacy.firstparty.isolate.block_post_message", true);
|
|
/* 4003: enable scheme with FPI [FF78+]
|
|
* [NOTE] Experimental: existing data and site permissions are incompatible
|
|
* and some site exceptions may not work e.g. HTTPS-only mode (see 1244) ***/
|
|
# // user_pref("privacy.firstparty.isolate.use_site", true);
|
|
}
|