added t:new and --patches flag

2024-12-11 16:41:49 +01:00 · 2024-12-11 16:41:49 +01:00 · 0b44140463
commit 0b44140463
parent 2fad12ea91
17 changed files with 227 additions and 59 deletions
--- a/pre-compile-patches/securefox-doh.patch
+++ b/pre-compile-patches/securefox-doh.patch
@ -0,0 +1,20 @@
+t:pref
+i:/browser/app/profile/firefox.js
+o:/browser/app/profile/firefox.js
+
+pref("network.trr.mode", 3); // Max Protection: only use DoH; do not fall back to native DNS
+pref("network.trr.max-fails", 5); // Reduce max fail attempts
+pref("network.trr.uri", "https://dns10.quad9.net/dns-query"); // Default resolver for DoH (Quad9)
+pref("network.trr.custom_uri", "https://dns10.quad9.net/dns-query"); // Custom URI for DoH (Quad9)
+pref("network.trr.bootstrapAddr", "9.9.9.9"); // Bootstrap address for Quad9's DoH
+pref("network.trr.disable-ECS", true); // Disable EDNS Client Subnet
+pref("network.trr.allow-rfc1918", false); // Block private addresses in TRR responses
+pref("network.trr.skip-AAAA-when-not-supported", true); // Skip IPv6 lookups when not supported
+pref("network.trr.clear-cache-on-pref-change", true); // Clear cache on preference changes
+pref("network.trr.wait-for-portal", false); // Do not wait for captive portal detection
+pref("network.trr.excluded-domains", ""); // No additional exclusions for DoH
+pref("network.trr.builtin-excluded-domains", "localhost,local"); // Default built-in exclusions
+pref("network.trr.use_ohttp", false); // Disable Oblivious HTTP for DNS (unsupported by Quad9)
+pref("network.dns.echconfig.enabled", false); // Disable Encrypted Client Hello (ECH) (unsupported by Quad9)
+pref("network.dns.http3_echconfig.enabled", false); // Disable ECH for HTTP/3 (unsupported by Quad9)
+pref("network.dns.echconfig.fallback_to_origin_when_all_failed", false); // Disable fallback to non-ECH