diff options
author | Job Bautista <jobbautista9@protonmail.com> | 2022-07-25 18:56:46 +0800 |
---|---|---|
committer | Job Bautista <jobbautista9@protonmail.com> | 2022-07-25 18:56:46 +0800 |
commit | b20b9797dcb42766f9ad114e3093cb241f4258a0 (patch) | |
tree | 3b15dbc4ab2ff9705755974a86c0ee8e2023b264 /modules | |
parent | 6542ca6bcdf836ee1fb82b75d77adb0e9604b97b (diff) | |
download | uxp-b20b9797dcb42766f9ad114e3093cb241f4258a0.tar.gz |
Issue #1975 - Implement Origin header CSRF mitigation.
Backported from Mozilla bug 446344.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/libpref/init/all.js | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index f391dd4739..d17082364a 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1462,6 +1462,10 @@ pref("network.http.referer.XOriginTrimmingPolicy", 0); // 0=always send, 1=send iff base domains match, 2=send iff hosts match pref("network.http.referer.XOriginPolicy", 0); +// Include an origin header on non-GET and non-HEAD requests regardless of CORS +// 0=never send, 1=send when same-origin only, 2=always send +pref("network.http.sendOriginHeader", 0); + // Controls whether referrer attributes in <a>, <img>, <area>, <iframe>, and <link> are honoured pref("network.http.enablePerElementReferrer", true); |