-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Romain Tartière edited this page Dec 23, 2024
·
39 revisions
http://kb.mozillazine.org/About:config_entries
firefox::pref { 'dom.security.https_only_mode': value => true }
firefox::pref { 'signon.rememberSignons': value => false }
firefox::pref { 'pdfjs.disabled': value => true }
firefox::pref { 'network.IDN_show_punycode': value => true }
firefox::pref { 'security.mixed_content.block_display_content': value => true }
# 1 - TLS 1.0 (default)
# 2 - TLS 1.1
# 3 - TLS 1.2
# 4 - TLS 1.3
firefox::pref { 'security.tls.version.min': value => 3 }
# Disable controversial 0-RTT in TLS 1.3
firefox::pref { 'security.tls.enable_0rtt_data': value => false }
firefox::pref { 'security.ssl.enable_false_start': value => false }
firefox::pref { 'identity.fxaccounts.enabled': value => false }
firefox::pref { 'identity.fxaccounts.toolbar.enabled': value => false } # Toolbar is UX but here because of the previous linehttp://kb.mozillazine.org/Network.IDN_show_punycode
https://wiki.mozilla.org/Security/Referrer
firefox::pref { 'network.http.sendRefererHeader': value => 0 } # [1]
firefox::pref { 'network.http.referer.trimmingPolicy': value => 2 } # [2]
firefox::pref { 'network.http.referer.XOriginTrimmingPolicy': value => 2 }
firefox::pref { 'network.http.referer.XOriginPolicy': value => 2 } # [1, when generating tokens]
firefox::pref { 'network.http.referer.spoofSource': value => true }
firefox::pref { 'network.http.sendSecureXSiteReferrer': value => false }
firefox::pref { 'privacy.donottrackheader.enabled': value => true }
firefox::pref { 'privacy.trackingprotection.enabled': value => true }
firefox::pref { 'app.shield.optoutstudies.enabled': value => true }
firefox::pref { 'browser.urlbar.suggest.searches': value => false }
# 0 = accept all cookies by default (default)
# 1 = only accept from the originating site (block third party cookies)
# 2 = block all cookies by default
# 3 = use p3p settings (note: this is only applicable to older Mozilla Suite and Seamonkey versions.)
# 4 ~= block third party trackers (undocumented)
firefox::pref { 'network.cookie.cookieBehavior': value => 1 } # [3]
firefox::pref { 'privacy.firstparty.isolate': value => true }
firefox::pref { 'security.ssl.disable_session_identifiers': value => true }- [1] Breaks login on ovh.com
- [2] Breaks login on gitlab.com
- [3] Breaks meteo.pf if != 0
Depending on your DNS configuration, you may want to switch off DNS over HTTPS which is enabled by default in Firefox and relies on CloudFlare services as Trusted Recursive Resolver. Read A cartoon intro to DNS over HTTPS, Cloudflare Resolver for Firefox and DNS over HTTPS is coming whether ISPs and governments like it or not to decide if it makes sense for you to disable this. It is also possible to adjust the configuration to rely on another DNS over HTTPS provider, see Configure DNS Over HTTPS in Firefox
# 0: Off by default (default)
# 1: Firefox will choose based on which is faster
# 2: TRR preferred, fall back to DNS on failure
# 3: TRR only, no DNS fallback
# 5: TRR completely disabled
firefox::pref { 'network.trr.mode': value => 5 }firefox::pref { 'browser.compactmode.show': value => true }
firefox::pref { 'browser.fixup.alternate.enabled': value => false }
firefox::pref { 'browser.fixup.dns_first_for_single_words': value => true }
firefox::pref { 'browser.newtabpage.enabled': value => false }
firefox::pref { 'browser.search.widget.inNavBar': value => false }
firefox::pref { 'browser.startup.homepage': value => 'about:blank' }
firefox::pref { 'browser.startup.page': value => 3 }
firefox::pref { 'browser.translations.automaticallyPopup': value => false }
firefox::pref { 'browser.uidensity': value => 1 }
firefox::pref { 'browser.urlbar.formatting.enabled': value => false }
firefox::pref { 'browser.urlbar.suggest.topsites': value => false }
firefox::pref { 'browser.urlbar.trimURLs': value => false }
firefox::pref { 'dom.event.clipboardevents.enabled': value => false }
firefox::pref { 'intl.locale.requested': value => 'fr' }
firefox::pref { 'media.autoplay.enabled': value => false }
firefox::pref { 'network.protocol-handler.external.mailto': value => false } # Do not ask to handle mailto: links
firefox::pref { 'security.insecure_connection_icon.enabled': value => true }
firefox::pref { 'security.insecure_connection_icon.pbmode.enabled': value => true }
firefox::pref { 'security.insecure_connection_text.enabled': value => true }
firefox::pref { 'security.insecure_connection_text.pbmode.enabled': value => true }
firefox::pref { 'toolkit.legacyUserProfileCustomizations.stylesheets': value => true }
firefox::pref { 'widget.gtk.overlay-scrollbars.enabled': value => false }class { 'firefox':
policies => {
'ExtensionSettings' => {
'<xpi-name>' => {
installation_mode => 'normal_installed',
install_url => 'https://addons.mozilla.org/firefox/downloads/latest/<extension-name>/latest.xpi',
},
},
},
}Where:
-
<xpi-name>is the name of the .xpi file when the extension is installed, as present in the~/.mozilla/firefox/<profile-name>/extensionsdirectory and without the.xpiextension; -
<extension-name>is the name of the extension that appear in the address bar on https://addons.mozilla.org/, i.e.https://addons.mozilla.org/en/firefox/addon/<extension-name>.
For example, the Firefox Multi-Account Containers is available from https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/ and is installed as ~/.mozilla/firefox/<profile-name>/extensions/@testpilot-containers.xpi. It can be managed this way:
class { 'firefox':
policies => {
'ExtensionSettings' => {
'@testpilot-containers' => {
installation_mode => 'normal_installed',
install_url => 'https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi',
},
},
},
}