fixup! Firefox preference overrides.

bug 41627: Enable network.http.referer.hideOnionSource in base-browser (cherry picked from commit 90df17da)

fixup! Firefox preference overrides.
926c3f33 · Richard Pospesel · 9c96c84b · 926c3f33
Commit 926c3f33 authored 2 years ago by Richard Pospesel
--- a/browser/app/profile/001-base-profile.js
+++ b/browser/app/profile/001-base-profile.js
@@ -68,6 +68,12 @@ pref("browser.pagethumbnails.capturing_disabled", true);
 pref("dom.security.https_only_mode", true);
 pref("dom.security.https_only_mode_pbm", true);

+// tor-browser#22320: Hide referer when comming from a .onion address
+// We enable this here (rather than in Tor Browser) in case users of other
+// base-browser derived browsers configure it to use a system Tor daemon
+// to visit onion services.
+pref("network.http.referer.hideOnionSource", true);
+
 // Require Safe Negotiation ( https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27719 )
 // Blocks connections to servers that don't support RFC 5746 [2] as they're potentially vulnerable to a
 // MiTM attack [3]. A server without RFC 5746 can be safe from the attack if it disables renegotiations