hiro/tridactyl
1
0
Fork 0
mirror of https://github.com/vale981/tridactyl synced 2025-03-04 17:11:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Keep .tridactylrc up to date with bovine3dom's

Browse source
This commit is contained in:
Oliver Blanthorn 2019-11-12 16:47:15 +00:00
parent 054ef164d0
commit e5c676a5c1
No known key found for this signature in database
GPG key ID: 2BB8C36BB504BFF3
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
.tridactylrc
View file

@ -109,6 +109,27 @@ command fixamo js tri.excmds.setpref("privacy.resistFingerprinting.block_mozAddo
" details, read the comment at the top of this file.
fixamo_quiet
" Equivalent to `set csp clobber` before it was removed. This weakens your
" defences against cross-site-scripting attacks and other types of
" code-injection by reducing the strictness of Content Security Policy on
" every site in a couple of ways.
"
" You may not wish to run this. Mozilla strongly feels that you shouldn't.
"
" It allows Tridactyl to function on more pages, e.g. raw GitHub pages.
"
" We remove the sandbox directive
" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox
" which allows our iframe to run (and anyone else's) on any website.
"
" We weaken the style-src directive
" https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src
" to allow us to theme our elements. This exposes you to 'cross site styling'
" attacks.
"
" Read https://wiki.mozilla.org/Security/CSP#Goals for more information.
jsb browser.webRequest.onHeadersReceived.addListener(tri.request.clobberCSP,{urls:["<all_urls>"],types:["main_frame"]},["blocking","responseHeaders"])
" Make quickmarks for the sane Tridactyl issue view
quickmark t https://github.com/tridactyl/tridactyl/issues?utf8=%E2%9C%93&q=sort%3Aupdated-desc+