notkshitij/Betterfox
1
0
Fork 0
mirror of https://github.com/yokoffing/Betterfox.git synced 2026-06-12 07:30:47 +05:30
Code Issues Releases Wiki Activity

remove HTTPS Only mode since we ship it now

yokoffing
2025-12-18 15:45:30 -05:00
parent 2955f67854
commit 5cd1004ff3
1 changed files with 0 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Optional-Hardening.md
-33
@@ -54,39 +54,6 @@ user_pref("urlclassifier.features.socialtracking.skipURLs", "");
***
### HTTPS-Only Mode
Betterfox already [blocks](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L810-L827) HTTP subresources from loading on HTTPS pages. We also [attempt to upgrade](https://github.com/yokoffing/Betterfox/blob/df5fc26a1bdccd30e01f3c1dfe69a09a2c050410/Securefox.js#L545-L550) all site navigation, only falling back to insecure connections when a website does not support it.
> [!WARNING]
> HTTPS-Only Mode sometimes causes annoying navigational errors when using DoH. <br>
> [!NOTE]
> HTTPS doesn't mean "trust this." It means "this is private." <br>
> You may be having a private conversation with Satan. <br>
> — [Scott Hanselman](https://www.hanselman.com/blog/how-do-we-know-if-mobile-apps-are-secure)
#### Option 1: Private windows only
Firefox will get explicit permission from you before connecting to a site insecurely in [Private Browsing](https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history) (Firefox [incognito mode](https://support.mozilla.org/en-US/kb/common-myths-about-private-browsing)).
```javascript
// PREF: enable HTTPS-Only Mode
// Warn me before loading sites that don't support HTTPS
// when using Private Browsing windows.
user_pref("dom.security.https_only_mode_pbm", true);
user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
```
#### Option 2: All windows
Firefox will get explicit permission from you before connecting to a site insecurely in Normal and Private Browsing.
```javascript
// PREF: enable HTTPS-Only Mode
// Warn me before loading sites that don't support HTTPS
// in both Normal and Private Browsing windows.
user_pref("dom.security.https_only_mode", true);
user_pref("dom.security.https_only_mode_error_page_user_suggestions", true);
```
***
### Captive portal detection
Captive portals allow you to connect to public Wi-Fi by redirecting to login pages (think hotels, airports, etc.). You can safely disable Mozilla's [captive portal detection](https://support.mozilla.org/en-US/kb/captive-portal) on most **desktop** computers.