Firefox 83 alleviates need for HTTP to HTTPS add-ons

Firefox 83 alleviates the need for HTTP to HTTPS redirect add-ons such as HTTPS Everywhere and HTTPZ, however the feature is not enabled by default. Here's how to enable it...

If you're not running a custom user.js file (if you don't know what that is, you're probably not), enter about:config in the address bar and in the filter field at the top enter dom.security.https_only_mode. Set that preference to 'true' and you're done.

If you are running the 'arkenfox' user.js, you should have a user-overrides.js where you keep your personal preferences. In this case, just add the dom.security.https_only_mode preference to it:

user_pref("dom.security.https_only_mode", true);

If you use your own user.js, you already know what to do.

This preference will force all websites to use an encrypted connection (HTTPS). In the case where that isn't possible, Firefox will display a warning from which you can temporarily override the redirect and load the website without using encryption. If you always want to allow the unencrypted connection, you can add an exception for the site by clicking the lock icon in the address bar.

While the new functionality isn't as transparent as with the HTTPZ add-on, it's a welcome and overdue addition in my opinion.

Content update: Firefox Extensions - My Picks

I updated the page, Firefox Extensions - My Picks. Notable changes:

  • removed HTTPZ - this shouldn't be needed anymore since Firefox v83 (note that dom.security.https_only_mode must be enabled).
  • removed Maximize All Windows (Minimalist Version) - no longer needed, at least not on my system (KDE window rules can now be used)
  • replaced Toggle Fonts with Enforce Browser Fonts

Here's something you Firefox folks can fool with: uniform fonts

One of the things i hate about many websites is that they override your personal font choices. Even here the CMS i'm using does this, but i'm going to look in to changing that.

I like UNIFORM fonts and font sizes across the board - i don't want websites forcing their crappy/ugly/too small/too large fonts on me and so i'm testing changing fonts globally with some CSS. The reason i started fooling with this is because i was going through the 'arkenfox' user.js again and came across this recently added warning...

/* 1401: disable websites choosing fonts (0=block, 1=allow)
 * This can limit most (but not all) JS font enumeration which is a high entropy fingerprinting vector
 * [WARNING] **DO NOT USE**: in FF80+ RFP covers this, and non-RFP users should use font vis (4618)
 * [SETTING] General>Language and Appearance>Fonts & Colors>Advanced>Allow pages to choose... ***/
   // user_pref("browser.display.use_document_fonts", 0);

So if we can't set the pref to '0', which is what i've been dong for years, we can (maybe) use CSS instead. The following is (at the moment) injected into all websites using Stylus, but you can also do this in userContent.css. Exceptions can be added where necessary. This is an early example that may need a lot of tweaking:

h1, h2, h3, h4, h5, h6 {
    font-family: sans-serif !important;
}
a, p, aside {
    font-family: sans-serif !important;
    font-size: 1em;
}
code, kbd, tt, var, samp, pre {
    font-family: monospace !important;
    font-size: 1em;
}

Make sure browser.display.use_document_fonts is set to 1 in abut:config (if you're using my user-overrides.js, change it there too) and disable any add-ons that mess with font stuff.

I'd like to hear any feedback you might have.

Update: user-overrides.js for Firefox

I updated my user-overrides.js supplement for the 'arkenfox' user.js for Firefox. Changes can be seen here and the file can be downloaded here.

Mainly i removed all prefs which are duplicated in the 'arkenfox' user.js and had the same value. My reasoning for having duplicate prefs was to make it easier on users so they wouldn't have to sift through the much longer user.js file, however i don't think i should be discouraging that.