Web lists-archives.com

Re: Firefox: how to find what setting values mean?




Em 28-06-2018 13:28, Dave Royal escreveu:
Balaco ocalaB <ocalab@xxxxxxxxxxxxx> Wrote in message:

Items without documentation:

1) network.http.referer.XOriginPolicy

2) network.http.referer.XOriginTrimmingPolicy

3) network.http.referer.spoofSource

4) network.http.referer.trimmingPolicy

Where to ask them to be done? How? If you can do it, please do so.

The 'official' documentation is MDN
<https://developer.mozilla.org/en-US/docs/Mozilla/Preferences>
Obviously, it's incomplete.
The way to ask for a correction or addition is by raising a bug.
 If your bug justified the effort it might be done.

If you want to know what an undocumented pref does, search for it
 in bugzilla.mozilla.org. I just did that and found that
 "network.http.referer.XOriginPolicy=1 ensures that referer
 information is not leaked between different domains". If you
 don't understand that, or want to know more, I suggest searching
 for 'cross origin policy' or 'same origin policy' in
 MDN.


Thank you very much for the pointer and your comments.

I understand them, and cross origin referer is something I usually (and frequently) do not want to ever do. I just hate some systems which use a "hidden" referer requirement for login pages - I called it hidden because the error is wrong user+password, instead of anything pointing to the actual cause. Automated login prevention? That "security" is so easy to automatically bypass that I do not even comment when someone repeat that argument. For these "secure" situations, I do these steps: manually change the setting; log in; undo the setting changes and normally use the system and every other tabs.

By the way, I just found some more referer settings information in another mozilla.org page:

https://wiki.mozilla.org/Security/Referrer


--
=
  1.a. Você quer fazer um comentário, mas não quer mostrar
       quem você é?
  1.b. Do you want to make a comment for me, but do not want
       to show who you are?

  2.a. Você pode fazê-lo aqui:
  2.b. You may do it here:

  https://queroouvir.sarahah.com/
_______________________________________________
general mailing list
general@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/general