Issue #1975 - Follow-up: Enable Origin header on same-origin by default.

I've used this setting without ill effects for weeks, including visiting many a cloudflare-backed site. There is no issue there.
author: Moonchild <moonchild@palemoon.org> 2022-08-24 02:48:44 +0200
committer: Moonchild <moonchild@palemoon.org> 2022-08-24 02:48:44 +0200
commit: 29c1150eef769522cf4a17a1ce647ce43a19d6cf (patch)
tree: c148a5d0bca4dcee3b73db89cce24d4295fdbf05
parent: db1c5741cdf5d93b93f4e07677159d757c7eb84f (diff)
download: uxp-29c1150eef769522cf4a17a1ce647ce43a19d6cf.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
index 4a57e5fcaa..317de736b0 100644
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -1467,8 +1467,8 @@ pref("network.http.referer.XOriginTrimmingPolicy", 0);
 pref("network.http.referer.XOriginPolicy", 0);
 
 // Include an origin header on non-GET and non-HEAD requests regardless of CORS
-// 0=never send, 1=send when same-origin only, 2=always send
-pref("network.http.sendOriginHeader", 0);
+// 0=never send, 1=send when same-origin only, 2=always send (careful!)
+pref("network.http.sendOriginHeader", 1);
 
 // Controls whether referrer attributes in <a>, <img>, <area>, <iframe>, and <link> are honoured
 pref("network.http.enablePerElementReferrer", true);
author	Moonchild <moonchild@palemoon.org>	2022-08-24 02:48:44 +0200
committer	Moonchild <moonchild@palemoon.org>	2022-08-24 02:48:44 +0200
commit	29c1150eef769522cf4a17a1ce647ce43a19d6cf (patch)
tree	c148a5d0bca4dcee3b73db89cce24d4295fdbf05
parent	db1c5741cdf5d93b93f4e07677159d757c7eb84f (diff)
download	uxp-29c1150eef769522cf4a17a1ce647ce43a19d6cf.tar.gz