commit c8f7cd3fec5d5845179fcf71ad46888f2d14c8b0 Author: Pier Angelo Vendrame pierov@torproject.org Date: Thu Feb 17 09:53:48 2022 +0100
Bug 19850: Disable Plaintext HTTP Clearnet Connections
The HTTPS-Only mode of Firefox starts a background connection to verify whether HTTP is available, if the HTTPS connection does not start within a timeout. This commit disables this feature in Safer and Safest modes. --- modules/security-prefs.js | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-)
diff --git a/modules/security-prefs.js b/modules/security-prefs.js index d02e0d94..c41458fa 100644 --- a/modules/security-prefs.js +++ b/modules/security-prefs.js @@ -19,16 +19,17 @@ let log = (level, msg) => logger.log(level, msg); // bind NoScript settings to the extensions.torbutton.security_slider // (see noscript-control.js). const kSecuritySettings = { - // Preference name : [0, 1-high 2-m 3-m 4-low] - "javascript.options.ion" : [, false, false, false, true ], - "javascript.options.baselinejit" : [, false, false, false, true ], - "javascript.options.native_regexp" : [, false, false, false, true ], - "mathml.disabled" : [, true, true, true, false], - "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], - "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], - "svg.disabled" : [, true, false, false, false], - "javascript.options.asmjs" : [, false, false, false, true ], - "javascript.options.wasm" : [, false, false, false, true ], + // Preference name : [0, 1-high 2-m 3-m 4-low] + "javascript.options.ion" : [, false, false, false, true ], + "javascript.options.baselinejit" : [, false, false, false, true ], + "javascript.options.native_regexp" : [, false, false, false, true ], + "mathml.disabled" : [, true, true, true, false], + "gfx.font_rendering.graphite.enabled" : [, false, false, false, true ], + "gfx.font_rendering.opentype_svg.enabled" : [, false, false, false, true ], + "svg.disabled" : [, true, false, false, false], + "javascript.options.asmjs" : [, false, false, false, true ], + "javascript.options.wasm" : [, false, false, false, true ], + "dom.security.https_only_mode_send_http_background_request" : [, false, false, false, true ], };
// The Security Settings prefs in question.