search

arkenfox / user.js

Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
MIT License
9.43k stars 508 forks source link

Easier way to batch import and export site exceptions? #1829

Closed qupig closed 2 months ago

qupig commented 2 months ago

After using the arkenfox recommended prefs (2810/2815), we need to manually add Cookies site exceptions to keep the required website logged in.

Is there a way to easily import and export this list of exceptions in batches instead of adding them one by one manually? The same goes for backing up this list, which doesn't even allow copying.

I know of two possible ways:

But they are not very easy and come with risks that make them unsuitable for most regular users.

Likewise, I didn't find a way to manage them in the Web Extension API.

This is probably outside the scope of arkenfox/user.js, but it would be helpful for making it easy to adopt arkenfox, so asking the question here to see if there's some way to do it that I'm not aware of?

[WARNING] Be selective with what sites you "Allow", as they also disable partitioning (1767271)

I noticed the WARNING and Bug 1767271, perhaps using this Exceptions to manage cookie sanitize is not an ideal way before the permissions is actually split up, otherwise disabling the dFPI of exception sites at same time may not be what most users expect.

glitsj16 commented 2 months ago

Have you looked into using Firefox Enterprise Policies yet?

$ cat /etc/firefox/policies/policies.json
{
  "policies": {
    "Cookies": {
      "Allow": ["https://example.org/","https://example.net/"]
    }
  }
}

Might pose issues of its own though. Like having to 'merge' JSON files if the OS package manager already places a policies.json in the filesystem when installing Firefox. But with jq it's doable.

Thorin-Oakenpants commented 2 months ago

yup, out of scope and somewhat messy, and I wouldn't want to directly meddle with the site settings sqlite file

That dFPI and exceptions sharing the same key is fucking annoying and a migration is impossible because there is no way to tell which is which. If/when they ever fix it, I'm going to recommend everyone wipe their exceptions period, and start over

qupig commented 2 months ago

@glitsj16 Good to know, thank you.

But I wouldn't add any sites to the cookie exception at this time, disabling their dFPI is an unacceptable side effect, preferring to use containers and extension APIs for assisted isolation and sanitization.

@glitsj16 @Thorin-Oakenpants Thank you again for everything you created and provided!

Thorin-Oakenpants commented 2 months ago

But I wouldn't add any sites to the cookie exception at this time

depends. I only have (five?) exceptions = all for same site logins, nothing is required cross-domain - and those authorized domains are not going to show up as third parties (uBO)

Lots of ways to work around it - like your containers. Just such a shame it hasn't been addressed yet