ma1 pushed to branch mullvad-browser-128.3.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser Commits: 93669b13 by hackademix at 2024-10-08T09:06:43+02:00 fixup! Firefox preference overrides. Bug 43197: Disable automatic exception for HTTPS-First. - - - - - 1 changed file: - browser/app/profile/001-base-profile.js Changes: ===================================== browser/app/profile/001-base-profile.js ===================================== @@ -120,6 +120,8 @@ pref("dom.security.https_only_mode", true); // The previous pref automatically sets this to true (see StaticPrefList.yaml), // but set it anyway only as a defense-in-depth. pref("dom.security.https_only_mode_pbm", true); +// tor-browser#43197, defense in depth if ever https-only got disabled +pref("dom.security.https_first_add_exception_on_failiure", false); // tor-browser#22320: Hide referer when comming from a .onion address // We enable this here (rather than in Tor Browser) in case users of other View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/9366... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/commit/9366... You're receiving this email because of your account on gitlab.torproject.org.