Content update: uBlock Origin Suggested Settings

I updated the uBlock Origin Suggested Settings page because it was slightly out of date. Now about that Content Security Policy thing...

At this time there's a very nasty issue with Firefox regarding Content Security Policy headers and how add-ons interact with headers. You can read more about this on the FAQ: Firefox Hardening page (search for "CSP"). uBlock Origin uses CSP if you enable the option 'Block remote fonts'. Also i found that CSP is used in both the EasyList and EasyPrivacy filter lists. If 'Block remote fonts' and the aforementioned filter lists are disabled, this seems to avoid any CSP issues with uBO, at least as long as you enable only the options i suggest in the uBlock Origin Suggested Settings guide and you use only the extensions recommended by myself in my Firefox configuration guides or those recommended by the 'ghacks' fellas, and you configure them as i/they/we suggest.

The problem here is that if you, like me, use the dynamic filtering ability of uMatrix to control JavaScript, along with uBlock Origin to control static filtering, then in-line JavaScript may run even if you have it blocked in uMatrix. The solution was to disable and re-enable uMatrix as soon as Firefox was started, however if we can avoid the CSP issue with uBlock, as i seem to have done in my case, then there's no need to go through this rigamarole every time Firefox starts. This was my other reason for editing the uBlock Origin Suggested Settings page where now EasyList and EasyPrivacy are both disabled and i enabled other ad/tracking filters instead.

Regarding remote fonts, there is another way to block them in uBlock without enabling the 'Block remote fonts' option and this is outlined in the uBlock Origin Suggested Settings guide.

Leave a Reply

Your email address will not be published. Required fields are marked *