Firefox "about:config" referential #11
Replies: 3 comments
-
|
= On viability sending no Referer alike = Referer alike [1] HTTP headers (controlled by several "network.http" entries): Plausible uses are few [2], else are mostly misuses by some trying to maintain security but have no idea what makes security. Unfortunately, a number of sites indeed erroneously rely on such. However, based on various observations: Legal note: ---- [ MasterQuestionable @ CE 2025-04-13 16:26:11 UTC: ---- [ pal1000 @ CE 2025-04-14 07:25:10 UTC: ---- [ MasterQuestionable @ CE 2025-04-14 11:38:28 UTC: And? Many thanks. ] ---- [ pal1000 @ CE 2025-04-14 13:50:34 UTC: Well, a spectacular failure: Demonstrable by [ https://developer.mozilla.org/play ] or alike. Took some bothersome debugging to figure out: Mere an instance of: |
Beta Was this translation helpful? Give feedback.
-
|
= "security.ssl3.ecdhe_rsa_aes_128_sha" = Which configures "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" (0xC013): For reference: ECDHE is the key exchange algorithm: Choosing AES-128 or AES-256 wouldn't really matter for this case: |
Beta Was this translation helpful? Give feedback.
-
|
= Assistive bookmarklet dealing with inapt hover handling = Hover, "mouseover" alike: I there coin the below bookmarklet to workaround: 2 variants differ only in whether to prefer "parentElement" or not. Unrolled and commented: (function () {
var body = document.getElementsByTagName( "body" )[0],
x0 = document.createElement( "textarea" );
/* ↓ ".cssText" may be required for legacy browsers. */
x0.style.cssText = "position: fixed; z-index: 2147483647; left: 0; top: 0; width: 100%; height: " + ( innerHeight || document.documentElement.clientHeight ) * 0.25 + "px; opacity: 0.8; color: black; background-color: white; font-size: 14px; font-family: monospace";
// ^ "document.documentElement.clientHeight" may work quirky:
// https://stackoverflow.com/questions/1248081/how-to-get-the-browser-viewport-dimensions#8876069
x0.onfocus = function () { this.style.opacity = 1; };
x0.onblur = function () {
this.parentNode.removeChild( this );
body.removeChild( x1 ); // This "x1" would be the "x1" of corresponding invocation.
};
/*
"margin-bottom" on the textarea itself doesn't work the same manner.
*/
var x1 = document.createElement( "div" );
x1.style.height = x0.style.height;
x1.id = "___pad";
function insert () {
var _ = document.querySelector( "body > div:empty#___pad" );
_ && _.previousSibling.onblur(); // Programmatic "blur" does not necessarily trigger "onblur".
body.insertBefore( x0,
body.insertBefore( x1, body.firstChild ) );
};
try {
var f0 = function ( event ) {
removeEventListener( "mousedown", f0, true );
removeEventListener( "touchstart", f0, true );
// "useCapture" is preferred for working with other Event Listeners: that may interfere via "stopPropagation" alike.
// .
// See also:
// https://quirksmode.org/js/events_order.html
// https://caniuse.com/?search=addEventListener
// ↓ "innerText" eats whitespace.
x0.textContent = ( event.target.parentElement ? /* "parentNode" differs. */
event.target.parentNode.outerHTML : // nor "parentNode", "parentElement" etc.
event.target.shadowRoot ? // "shadowRoot" has no "outerHTML"; ^
( x0.style.border = "1px solid red",
(function rs ( et ) {
// https://docs.apify.com/academy/node-js/scraping-shadow-doms
var _ = document.createElement( "q" );
// ^ Using "template" as the element may miraculously fail. (blank output no explanation)
for ( var i = 0; i < et.childNodes.length; ++ i ) {
var x = et.childNodes[i],
_x = x.cloneNode(); // "childNodes" passes by reference.
// I.e. "x.innerHTML" cast on the original.
_x.innerHTML = ( x.shadowRoot ? rs( x.shadowRoot ) : "" ) + rs( x );
_.appendChild( _x );
};
return _.innerHTML;
})( event.target.shadowRoot ) ) : event.target.outerHTML );
// ^ https://stackoverflow.com/questions/37016564/how-to-serialize-an-html-dom-including-shadow-dom#37016747
// Caveat misinformation.
insert();
event.stopImmediatePropagation();
event.preventDefault();
// ^ https://www.uriports.com/blog/easy-fix-for-unable-to-preventdefault-inside-passive-event-listener/#what-is-the-intervention-violation-about
// https://caniuse.com/?search=addEventListener+passive
/*
( event.target.nodeName.toLowerCase() === "a" ) && (
setTimeout( function ( x ) { event.target.href = x; }, 0, event.target.href ),
event.target.href = "javascript:" ); // Workaround link click event not cancelable.
// ^ May not work reliably enough: there seems to be sort of race condition. (and conflict with Shadow DOM)
*/
};
function fn ( e ) {
removeEventListener( "click", fn, true );
e.stopImmediatePropagation(); e.preventDefault(); };
// "mousedown", "touch" related may eventually cause "click".
addEventListener( "click", fn, true );
addEventListener( "mousedown", f0, true );
// ^ "mousedown" may behave as if "click" on Mobile.
addEventListener( "touchstart", f0, true ); // So "touchstart" would be needed.
} catch ( e ) {
x0.textContent = e; insert(); };
})();
/*
Known limitations:
|1| May not work on "<iframe>" due to browsers' isolation handling.
[ ^ Workaround: Navigate to the frame src directly. ]
|2| Limited support for ShadowRoot handling. (that created with `mode: "closed"` would be unsalvageable)
|3| If the page erroneously relied on "body.firstChild" alike...
[ See also: https://github.com/liriliri/eruda/issues/150#issuecomment-2306083410 ]
Use "document.documentElement.outerHTML" to output the entire rendered HTML.
(may not include the Shadow DOM)
uBO's "/code-viewer.html" (Code viewer) shall be also helpful:
https://github.com/uBlockOrigin/uBlock-issues/wiki/Code-viewer
*/]] |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Live document aligning with current Firefox.
Targeted Mobile (Fenix), but general concepts apply.
Afraid never to be "completed" unless Firefox be "completed"...
[[
|*| accessibility.force_disabled: 1
|*| app.update.auto: false
|*| apz.allow_double_tap_zooming: false
|*| apz.max_tap_time: 350
|*| apz.overscroll.enabled: false
|*| apz.second_tap_tolerance: 0.1
|*| apz.zoom-to-focused-input.enabled: false
|*| apz.zoom_animation_duration_ms: 0
|*| browser.region.network.url:
|*| device.sensors.enabled: false
|*| dom.event.clipboardevents.enabled: true
|*| dom.event.contextmenu.enabled: false
|*| dom.interactive_widget_default_resizes_visual: false
|*| dom.select_events.enabled: false
|*| dom.webgpu.enabled: false
|*| extensions.webcompat-reporter.enabled: false
|*| extensions.webcompat.enable_shims: false
|*| extensions.webcompat.perform_injections: false
|*| extensions.webcompat.perform_ua_overrides: false
|*| general.appversion.override:
|*| general.buildID.override:
|*| general.oscpu.override:
|*| general.platform.override:
|*| general.smoothScroll: false
|*| general.useragent.override: Mozilla/5.0 (Linux; rv:999) Gecko/20100101 Firefox/999
|*| image.http.accept: */*
|*| intl.accept_languages: en
|*| layout.accessiblecaret.height: 48.88
|*| layout.accessiblecaret.margin-left: -24.88
|*| layout.accessiblecaret.width: 48.88
|*| layout.css.devPixelsPerPx: 1
|*| media.peerconnection.enabled: false
|*| media.peerconnection.ice.default_address_only: true
|*| media.peerconnection.ice.no_host: true
|*| media.peerconnection.ice.proxy_only_if_behind_proxy: true
|*| network.IDN_show_punycode: true
|*| network.connectivity-service.enabled: false
|*| network.dns.disablePrefetch: true
|*| network.http.accept: */*
|*| network.http.priority_header.enabled: false
|*| network.http.referer.spoofSource: true
|*| network.http.referer.trimmingPolicy: 2
|*| network.http.sendRefererHeader: 0
|*| network.http.speculative-parallel-limit: 0
|*| network.predictor.enabled: false
|*| network.prefetch-next: false
|*| network.trr.confirmationNS: skip
|*| network.trr.mode: 3
|*| network.trr.uri: https://1.1.1.1/dns-query
|*| privacy.antitracking.enableWebcompat: false
|*| privacy.bounceTrackingProtection.enabled: false
|*| privacy.donottrackheader.enabled: false
|*| privacy.globalprivacycontrol.enabled: true
|*| privacy.globalprivacycontrol.functionality.enabled: true
|*| security.OCSP.enabled: 0
|*| security.pki.crlite_mode: 2
|*| security.ssl3.ecdhe_ecdsa_aes_128_sha: false
|*| security.ssl3.ecdhe_ecdsa_aes_256_sha: false
|*| security.ssl3.ecdhe_rsa_aes_128_sha: false
|*| security.ssl3.ecdhe_rsa_aes_256_sha: false
|*| security.ssl3.rsa_aes_128_gcm_sha256: false
|*| security.ssl3.rsa_aes_128_sha: false
|*| security.ssl3.rsa_aes_256_gcm_sha384: false
|*| security.ssl3.rsa_aes_256_sha: false
|*| ui.mouse.radius.enabled: false
|*| ui.textScaleFactor: 100
|*| ui.touch.radius.enabled: false
|*| webgl.disabled: true
]]
See also: https://github.com/mozilla-mobile/fenix/issues/4584#issuecomment-1186040690
Current:
about:config?filter=^(?:(?:(?:d(?:evice%5C.sensors|om%5C.(?:event%5C.c(?:lipboardevents|ontextmenu)|select_events))|javascript|media%5C.peerconnection)%5C.en|webgl%5C.dis)abled|general%5C.useragent%5C.override|intl%5C.accept_languages|network%5C.(?:cookie%5C.cookieBehavior|http%5C.sendRefererHeader|trr%5C.(?:mode|uri))|security%5C.ssl3%5C.ecdhe_rsa_aes_128_sha|ui%5C.textScaleFactor)%24
[
|*| Name: Quirkiness Panel
|*| URL:
about:config?filter=^(?:network\.http\.accept(?!_include_images)|(?:general\.(?:appversion|buildID|oscpu|platform|useragent)\.override|apz\.allow_double_tap_zooming|privacy\.(?:donottrackheader|globalprivacycontrol\.functionality)\.enabled)$)][
|*| Name: !
|*| URL: about:config?filter=^(?:(?:(?:apz%5C.(?:overscroll|zoom-to-focused-input)|d(?:evice%5C.sensors|om%5C.(?:event%5C.c(?:lipboardevents|ontextmenu)|select_events|webgpu))|privacy%5C.(?:bounceTrackingProtection|donottrackheader|globalprivacycontrol(?:%5C.functionality)?)|ui%5C.(?:mouse|touch)%5C.radius)%5C.en|(?:accessibility%5C.force_|webgl%5C.)dis)abled|dom%5C.interactive_widget_default_resizes_visual|privacy%5C.antitracking%5C.enableWebcompat|ap(?:p%5C.update%5C.auto|z%5C.(?:allow_double_tap_zooming|(?:max_tap_tim|second_tap_toleranc)e|zoom_animation_duration_ms))|browser%5C.region%5C.network%5C.url|extensions%5C.webcompat(?:-reporter%5C.enabled|%5C.(?:enable_shim|perform_(?:injection|ua_override))s)|general%5C.(?:smoothScroll|(?:appversion|buildID|oscpu|platform|useragent)%5C.override)|i(?:mage%5C.http%5C.accept|ntl%5C.accept_languages)|layout%5C.(?:accessiblecaret%5C.(?:(?:heigh|margin-lef)t|width)|css%5C.devPixelsPerPx)|media%5C.peerconnection%5C.(?:enabled|ice%5C.(?:no_host|(?:default_address_onl|proxy_only_if_behind_prox)y))|network%5C.(?:IDN_show_punycode|connectivity-service%5C.enabled|dns%5C.disablePrefetch|http%5C.(?:accept|priority_header%5C.enabled|referer%5C.(?:spoofSource|trimmingPolicy)|s(?:endRefererHeader|peculative-parallel-limit))|pre(?:dictor%5C.enabled|fetch-next)|trr%5C.(?:confirmationNS|mode|uri))|security%5C.(?:OCSP%5C.enabled|pki%5C.crlite_mode|ssl3%5C.(?:ecdhe_(?:ecdsa|rsa)_aes_(?:128|256)_sha|rsa_aes_(?:128_(?:gcm_sha256|sha)|256_(?:gcm_sha384|sha))))|ui%5C.textScaleFactor)%24 ]
On regular channel Firefox, workaround:
chrome://geckoview/content/config.xhtml?filter=aboutConfig
.
https://bugzilla.mozilla.org/show_bug.cgi?id=1813163#c18
Note: Desktop version Firefox seems to lack the "about:config" filter support.
And doesn't seem to accept RegEx?
.
"about:config?filter=" no longer brings up the settings?
https://old.reddit.com/r/firefox/comments/eno1ym?sort=old#fe2yoxi
; no more working.
Probable workaround:
https://github.com/xiaoxiaoflood/firefox-scripts#restore-removed-pages
https://old.reddit.com/r/firefox/comments/10y7p94?sort=old#j825wov
----
Use Searchfox to search Firefox code source to find the relevant config details.
E.g. https://searchfox.org/mozilla-central/search?regexp=true&q=(%5CW|^)apz%5C.overscroll(%5CW|%24)
.
[ https://searchfox.org/ ] has more related help.
Go [ https://regex101.com/ ] for RegEx.
See also:
https://bugzilla.mozilla.org/show_bug.cgi?id=1908089
https://bugzilla.mozilla.org/show_bug.cgi?id=1711622#c36
.
"That not exist in source: mostly couldn't exist in program."
All of my Bugzilla:
https://bugzilla.mozilla.org/[email protected]&emailtype1=exact&emailreporter1=1&emaillongdesc1=1&splitheader=1&columnlist=bug_type,longdescs.count,short_desc,product,component,reporter,bug_status,resolution,opendate,changeddate&order=changeddate%20DESC,reporter,short_desc
----
`
dom.interactive_widget_default_resizes_visual: false` for a recent (~ 202409) serious regression in Nightly.More details:
https://github.com/microsoft/vscode/issues/221685#issuecomment-2542498195
https://bugzilla.mozilla.org/show_bug.cgi?id=1884807#c6
https://bugzilla.mozilla.org/buglist.cgi?splitheader=1&columnlist=bug_type,longdescs.count,short_desc,product,component,reporter,bug_status,resolution,opendate,changeddate&order=changeddate%20DESC,reporter,short_desc&f1=short_desc&o1=allwordssubstr&v1=keyboard+height
"overscroll" is related with this:
https://bugzilla.mozilla.org/show_bug.cgi?id=1838064#c0
(UI scroll bleeding)
; false good.
~~Disabling "one_touch_pinch" for preference of using double-click select.~~
(which may interfere with the double-click zooming ("pinch") )
Using `
apz.allow_double_tap_zooming: false` with `apz.one_touch_pinch.enabled: true` (default) shall be more pleasant:The double-click-hold-slide zooming is quite handy. And not really the conflict source.
.
But caveat some configs may be rewritten each app start: "apz.allow_double_tap_zooming" is one.
Notable others include: "privacy.globalprivacycontrol" related, "intl.accept_languages".
https://bugzilla.mozilla.org/show_bug.cgi?id=1871964#c3
[ "202501"
Speculatively enabled GPC:
https://bugzilla.mozilla.org/show_bug.cgi?id=1912841#c2
(Tor uses now?)
So no more touching "privacy.globalprivacycontrol.functionality.enabled".
See also:
https://github.com/mullvad/mullvad-browser/issues/237#issuecomment-2340223499
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42777#note_3051355
[ "ClipboardEvent"
Reverted `
dom.event.clipboardevents.enabled: false`. (favoring more usability)Concerns: https://github.com/microsoft/vscode/issues/166231#issuecomment-1334536748
(VSCW) Pasting without ClipboardEvent API now has workaround: gave correct result.
Though lags a lot... Seemingly simulated typing into the editor each character?
.
"Cut" without remains not working.
Note: "dom.event.clipboardevents.enabled" can be toggled on-the-fly without needing refresh. ] ]
Disabled "mouse.radius", "touch.radius" for:
Certain elements maybe adjacent but distinct: such fobbing only worsens the situation.
Reduced "second_tap_tolerance" for more efficient operation: very much also for the same cause.
`
apz.zoom-to-focused-input.enabled: false` is to disable the thoughtless counterproductive zoom jump when focusing on text-input."webcompat" related is for:
https://github.com/mozilla-extensions/webcompat-addon/issues/356
(conflict potential)
On the User-Agent choice:
https://github.com/MasterInQuestion/talk/discussions/10
Various comments on web security:
https://github.com/MasterInQuestion/talk/discussions/30
For somehow failing Cloudflare checks:
https://github.com/webcompat/web-bugs/issues/139311#issuecomment-2266721390
"Secret Settings"
https://bugzilla.mozilla.org/show_bug.cgi?id=1890150#c5
https://github.com/mozilla/gecko-dev/blob/master/mobile/android/fenix/app/src/main/res/values/static_strings.xml
Caveat:
It's strongly not recommended to blindly branch on the latest Nightly:
There had been even outright start-up crashes that went into issuing...
Beta Was this translation helpful? Give feedback.
All reactions