1605: change to active enforced - user.js - Unnamed repository; edit this file 'description' to name the repository.

commit 93f6aea06afd0fefc37f8df84a4129e4ee1354a8
parent 00fa8f1b50dbc717ef9cc702679f3829d91fee05
Author: Thorin-Oakenpants <Thorin-Oakenpants@users.noreply.github.com>
Date:   Thu, 19 Aug 2021 13:17:07 +0000

1605: change to active enforced
Diffstat:
M user.js  | 8 ++++----

1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/user.js b/user.js
@@ -805,10 +805,10 @@ user_pref("network.http.referer.XOriginPolicy", 2);
 /* 1604: CROSS ORIGIN: control the amount of information to send [FF52+]
  * 0=send full URI (default), 1=scheme+host+port+path, 2=scheme+host+port ***/
 user_pref("network.http.referer.XOriginTrimmingPolicy", 2);
-/* 1605: ALL: disable spoofing a referer
- * [WARNING] Do not set this to true, as spoofing effectively disables the anti-CSRF
- * (Cross-Site Request Forgery) protections that some sites may rely on ***/
-   // user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
+/* 1605: ALL: enforce no spoofing of referer
+ * Spoofing effectively disables the anti-CSRF (Cross-Site Request Forgery)
+ * protections that some sites may rely on ***/
+user_pref("network.http.referer.spoofSource", false); // [DEFAULT: false]
 /* 1606: ALL: set the default Referrer Policy [FF59+]
  * 0=no-referer, 1=same-origin, 2=strict-origin-when-cross-origin, 3=no-referrer-when-downgrade
  * [NOTE] This is only a default, it can be overridden by a site-controlled Referrer Policy

	user.js Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README