diff options
author | Moonchild <moonchild@palemoon.org> | 2022-08-24 02:48:44 +0200 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2022-08-24 02:48:44 +0200 |
commit | 29c1150eef769522cf4a17a1ce647ce43a19d6cf (patch) | |
tree | c148a5d0bca4dcee3b73db89cce24d4295fdbf05 | |
parent | db1c5741cdf5d93b93f4e07677159d757c7eb84f (diff) | |
download | uxp-29c1150eef769522cf4a17a1ce647ce43a19d6cf.tar.gz |
Issue #1975 - Follow-up: Enable Origin header on same-origin by default.
I've used this setting without ill effects for weeks, including visiting
many a cloudflare-backed site. There is no issue there.
-rw-r--r-- | modules/libpref/init/all.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 4a57e5fcaa..317de736b0 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1467,8 +1467,8 @@ pref("network.http.referer.XOriginTrimmingPolicy", 0); pref("network.http.referer.XOriginPolicy", 0); // Include an origin header on non-GET and non-HEAD requests regardless of CORS -// 0=never send, 1=send when same-origin only, 2=always send -pref("network.http.sendOriginHeader", 0); +// 0=never send, 1=send when same-origin only, 2=always send (careful!) +pref("network.http.sendOriginHeader", 1); // Controls whether referrer attributes in <a>, <img>, <area>, <iframe>, and <link> are honoured pref("network.http.enablePerElementReferrer", true); |