[sandboxed-tor-browser/master] Default disable `dom.securecontext.whitelist_onions`. - tor-commits

24 Jul 2017

commit 26c9478ed9539a12a3a2939ccd7ef28ce916215d
Author: Yawning Angel yawning@schwanenlied.me
Date:   Mon Jul 24 15:59:07 2017 +0000
Default disable `dom.securecontext.whitelist_onions`.
Honestly, bluring the line between CA signed HTTPS and onions is terrible.
---
 ChangeLog                  | 1 +
 data/installer/mozilla.cfg | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 0484a7b..bc20c39 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@ Changes in version 0.0.12 - UNRELEASED:
  * Bug 22984: Force IDNs to be displayed as punycode to thwart homograph
               attacks.
  * Bug 22967: Force disable crashdump reporting.
+ * Default disable `dom.securecontext.whitelist_onions`.
Changes in version 0.0.11 - 2017-07-18:
  * Bug 22910: Deprecate the volatile extension dir option.
diff --git a/data/installer/mozilla.cfg b/data/installer/mozilla.cfg
index dc03adb..1b8f97d 100644
--- a/data/installer/mozilla.cfg
+++ b/data/installer/mozilla.cfg
@@ -37,3 +37,7 @@ lockPref("extensions.blocklist.enabled", false);
// Force IDNs to be displayed as punycode to thwart homograph attacks.
 defaultPref("network.IDN_show_punycode", true);
+
+// Anything that tries to blur the line between CA signed HTTPS and Onion
+// Services is misguided at best.
+defaultPref("dom.securecontext.whitelist_onions", false);

    