Skip to content

Commit

Permalink
change cookies from block all to allow 1st party (#477)
Browse files Browse the repository at this point in the history
* change cookies from block all to allow 1st party

see arkenfox/user.js#439

* and fixup readme as well
  • Loading branch information
earthlng authored and Thorin-Oakenpants committed Aug 15, 2018
1 parent f03b075 commit 63e0f33
Showing 1 changed file with 6 additions and 10 deletions.
16 changes: 6 additions & 10 deletions user.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,7 @@
* https://github.com/ghacksuserjs/ghacks-user.js/wiki/1.3-Implementation
3. If you skipped steps 1 and 2 above (shame on you), then here is the absolute minimum
* Auto-installing updates for Firefox and extensions are disabled (section 0302's)
* Some user data is erased on close (section 2800), namely history (browsing, form, download)
* Cookies are denied by default (2701), we use site exceptions. In Firefox 58 and lower, this breaks
extensions that use IndexedDB, so you need to allow exceptions for those as well: see [1] below
[1] https://github.com/ghacksuserjs/ghacks-user.js/wiki/4.1.1-Setting-Extension-Permission-Exceptions
* Some user data is erased on close (section 2800). Change this to suit your needs
* EACH RELEASE check:
- 4600s: reset prefs made redundant due to privacy.resistFingerprinting (RPF)
or enable them as an alternative to RFP or for ESR users
Expand Down Expand Up @@ -1338,14 +1335,14 @@ user_pref("security.dialog_enable_delay", 700); // default: 1000 (milliseconds)
serviceWorkers :
***/
user_pref("_user.js.parrot", "2700 syntax error: the parrot's joined the bleedin' choir invisible!");
/* 2701: disable cookies on all sites [SETUP]
/* 2701: disable 3rd-party cookies and site-data [SETUP]
* You can set exceptions under site permissions or use an extension
* 0=allow all 1=allow same host 2=disallow all 3=allow 3rd party if it already set a cookie
* [SETTING] Privacy & Security>History>Custom Settings>Accept cookies from sites
* [NOTE] Blocking 3rd party controls 3rd party access to localStorage, IndexedDB, Cache API and Service Worker Cache.
* Blocking 1st party controls access to localStorage and IndexedDB (note: Service Workers can still use IndexedDB).
* [1] https://www.fxsitecompat.com/en-CA/docs/2015/web-storage-indexeddb-cache-api-now-obey-third-party-cookies-preference/ ***/
user_pref("network.cookie.cookieBehavior", 2);
user_pref("network.cookie.cookieBehavior", 1);
/* 2702: set third-party cookies (i.e ALL) (if enabled, see above pref) to session-only
and (FF58+) set third-party non-secure (i.e HTTP) cookies to session-only
[NOTE] .sessionOnly overrides .nonsecureSessionOnly except when .sessionOnly=false and
Expand Down Expand Up @@ -1401,8 +1398,7 @@ user_pref("dom.caches.enabled", false);
// user_pref("dom.storageManager.enabled", false);

/*** 2800: SHUTDOWN [SETUP]
You should set the values to what suits you best. Be aware that the settings below clear
browsing, download and form history, but not cookies (use exceptions or an extension).
You should set the values to what suits you best.
- "Offline Website Data" includes appCache (2730), localStorage (2710),
Service Worker cache (2740), and QuotaManager (IndexedDB (2720), asm-cache)
- In both 2803 + 2804, the 'download' and 'history' prefs are combined in the
Expand All @@ -1419,7 +1415,7 @@ user_pref("privacy.sanitize.sanitizeOnShutdown", true);
* However, this may not always be the case. The interface combines and syncs these
* prefs when set from there, and the sanitize code may change at any time ***/
user_pref("privacy.clearOnShutdown.cache", true);
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("privacy.clearOnShutdown.cookies", true);
user_pref("privacy.clearOnShutdown.downloads", true); // see note above
user_pref("privacy.clearOnShutdown.formdata", true); // Form & Search History
user_pref("privacy.clearOnShutdown.history", true); // Browsing & Download History
Expand All @@ -1432,7 +1428,7 @@ user_pref("privacy.clearOnShutdown.siteSettings", false); // Site Preferences
* [NOTE] Regardless of what you set privacy.cpd.downloads to, as soon as the dialog
* for "Clear Recent History" is opened, it is synced to the same as 'history' ***/
user_pref("privacy.cpd.cache", true);
user_pref("privacy.cpd.cookies", false);
user_pref("privacy.cpd.cookies", true);
// user_pref("privacy.cpd.downloads", true); // not used, see note above
user_pref("privacy.cpd.formdata", true); // Form & Search History
user_pref("privacy.cpd.history", true); // Browsing & Download History
Expand Down

0 comments on commit 63e0f33

Please sign in to comment.