-
Notifications
You must be signed in to change notification settings - Fork 507
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v100 #1423
v100 #1423
Conversation
@@ -741,6 +741,9 @@ user_pref("browser.download.useDownloadDir", false); | |||
user_pref("browser.download.alwaysOpenPanel", false); | |||
/* 2653: disable adding downloads to the system's "recent documents" list ***/ | |||
user_pref("browser.download.manager.addToRecentDocs", false); | |||
/* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+] | |||
* [SETTING] General>Files and Applications>What should Firefox do with other files ***/ | |||
user_pref("browser.download.always_ask_before_handling_new_types", true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it really giving extra security in this case? I think that's mostly provided by browser.download.useDownloadDir
, which is always going to kick in and prompt users in regardless of the mimetype.
this new pref mostly seems like an usability thing to give users the option to handle downloads with granularity, but I don't think picking a certain app to handle a file is necessarily security related. it's also somewhat annoying for users who want to just save a file and will be prompted twice like in past releases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
probably (I didn't test and am only assuming 2651 kicks in correctly, I don't really care TBH) not in our default arkenfox
But as a standalone pref, the description is correct - it adds security, because 2651's default in FF is true - e.g. if users override 2651
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so you plan to leave both flipped for redundancy? (speaking exclusively of the user.js)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it though? asking where to save is not the same as asking how to handle a mime type
- https://www.thinkbroadband.com/download
- download the 5mb zip file (continue on HTTPS error)
- result: native save dialog (zero to do with FF options)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
asking how to handle a mime type
but is this really security related? it seems like a convenience thing more than anything (except if 2651
is set to false, but at that point the user knows he's taking the choice).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
k, I think we can safely collapse it now :-) (edit: reverted the collapse since I figured you may want it for visibility)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'd rather leave patch discussions expanded
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like v101 then.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what looks like v101?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my mac screen is so small I had never noticed the [FF101+]
in the damn comment because I had to scroll horizontally, don't mind me :-}
checked toggling strict mode via UI changes this, also my FF100+AF has it modified true, so that means it's also runtime + ETP mode switching via user.js friendly (default is false) FYI: the next one coming up is `privacy.query_stripping.enabled` (probably FF102, but pref added in FF101)
FYI: 2654: https://bugzilla.mozilla.org/show_bug.cgi?id=1747343