v100 #1423
v100 #1423
Conversation
| @@ -741,6 +741,9 @@ user_pref("browser.download.useDownloadDir", false); | |||
| user_pref("browser.download.alwaysOpenPanel", false); | |||
| /* 2653: disable adding downloads to the system's "recent documents" list ***/ | |||
| user_pref("browser.download.manager.addToRecentDocs", false); | |||
| /* 2654: enable user interaction for security by always asking how to handle new mimetypes [FF101+] | |||
| * [SETTING] General>Files and Applications>What should Firefox do with other files ***/ | |||
| user_pref("browser.download.always_ask_before_handling_new_types", true); | |||
There was a problem hiding this comment.
is it really giving extra security in this case? I think that's mostly provided by browser.download.useDownloadDir, which is always going to kick in and prompt users in regardless of the mimetype.
this new pref mostly seems like an usability thing to give users the option to handle downloads with granularity, but I don't think picking a certain app to handle a file is necessarily security related. it's also somewhat annoying for users who want to just save a file and will be prompted twice like in past releases.
There was a problem hiding this comment.
probably (I didn't test and am only assuming 2651 kicks in correctly, I don't really care TBH) not in our default arkenfox
But as a standalone pref, the description is correct - it adds security, because 2651's default in FF is true - e.g. if users override 2651
There was a problem hiding this comment.
so you plan to leave both flipped for redundancy? (speaking exclusively of the user.js)
There was a problem hiding this comment.
is it though? asking where to save is not the same as asking how to handle a mime type
- https://www.thinkbroadband.com/download
- download the 5mb zip file (continue on HTTPS error)
- result: native save dialog (zero to do with FF options)
There was a problem hiding this comment.
asking how to handle a mime type
but is this really security related? it seems like a convenience thing more than anything (except if 2651 is set to false, but at that point the user knows he's taking the choice).
There was a problem hiding this comment.
k, I think we can safely collapse it now :-) (edit: reverted the collapse since I figured you may want it for visibility)
There was a problem hiding this comment.
i'd rather leave patch discussions expanded
There was a problem hiding this comment.
what looks like v101?
There was a problem hiding this comment.
my mac screen is so small I had never noticed the [FF101+] in the damn comment because I had to scroll horizontally, don't mind me :-}
checked toggling strict mode via UI changes this, also my FF100+AF has it modified true, so that means it's also runtime + ETP mode switching via user.js friendly (default is false) FYI: the next one coming up is `privacy.query_stripping.enabled` (probably FF102, but pref added in FF101)
FYI: 2654: https://bugzilla.mozilla.org/show_bug.cgi?id=1747343