Firefox Community Forum

Hi Firefoxians,

I need to ask regardining this security.cert_pinning.enforcement_level. how can i set this value using the windwos server GPO? i could not find this even after copying the firefox.admx file. could someone please guide me how can i acheive it?

I would really appreciate the help!

Regards Sheras

FF 133.0.3 (64bit) OSX 13.6 Ventura

Am having trouble reliably accessing any site that uses Cloudflare.

No extensions are installed, no UA switching.

Have tried:

• Default settings as well as purposefully turning various settings "off", both with existing and brand new profiles.
• Disabling "Enhanced tracking protection", but it does appears to be hard-coded "on" as it appears as "Enabled" when any new site is visited, even even though about:protections clearly states "Enhanced Tracking Protection: OFF".
• Multiple DNS providers (Google -> 8.8.8.8, 8.8.4.4), (OpenDNS -> 208.67.222.222, 208.67.220.220), (Cloudflare -> 1.1.1.1, 1.0.0.1)

The issue with Cloudflare is getting past its endless "Verify you are human" turnstyle checkbox. As stated above ETP is supposedly "off". Even went ahead and added "https://cloudflare.com" and "https://challenges.cloudflare.com" to the ETP exceptions list (which should be unneccesary as ETP is supposedly "off").

Though this ticket was a few years old, followed all steps from https://support.mozilla.org/bm/questions/1273784 to no effect.

Double-checked:

Settings -> Privacy and Security: ETP -> Custom -> ALL unchecked (cookies, Tracking Content, Cryptominers, Known fingerprinters, Suspected fingerprinters) DNS over HTTPS -> Off

about:config: network.cookie.cookieBehavior -> 0 privacy.socialtracking.block_cookies.enabled => false privacy.trackingprotection.enabled privacy.trackingprotection.pbmode.enabled privacy.trackingprotection.cryptomining.enabled privacy.trackingprotection.fingerprinting.enabled

Going to any site and clicking the protection "Heart" icon still shows enhanced tracking protection to be "Enabled" (though it should not be). On any Cloudflare site, selecting "Disabled" immediately brings up the "Verify you are human" checkbox ad infinitum.

Just for fun, inspected a page a couple of times (the new serenity.ai search engine), clearing cookies & cache each time, noting the network tab via inspect. The only thing that appeared to change was the value of a cookie, and cloudflare's Ray ID. Two responses were in error, a 403 and a 401:

Request Headers (403): GET /search/new?q=pending&newFrontendContextUUID=4f32d4c2-d660-4ff0-9887-2a3aae266a9b HTTP/2 Host: www.perplexity.ai User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Referer: https://www.perplexity.ai/ Connection: keep-alive Cookie: __cf_bm=DNF1kEWfzAVxab2PKJWFLyU0IXE4b5LNz.PIeoJOkOM-1734448407-1.0.1.1-cS8gMWSRlFpgYv_.cZdM9mQ9DGzIsHM9wFfeFHhXwA0zY1vtZPh0rn4dDiC63I.z.w93j4IcSXrQnpjOuNyM1w; AWSALB=lTKv0yx38yEkkWzEYB967kh1SykONJgcXE9Ge6jOe93Ty6rjgkH/Z3fBTxkSNUqRnXDgFFI+KYesnIBGiZH490IN/2pXP88ymp9yPPEyygVgD81friGNeJZgn45BTyocfNyYmsqEskUA+rHB0ltxa1YhhpxrUABoqY/udkHGsyL4vlSvuzYJ4MOWwWlS4g==; AWSALBCORS=lTKv0yx38yEkkWzEYB967kh1SykONJgcXE9Ge6jOe93Ty6rjgkH/Z3fBTxkSNUqRnXDgFFI+KYesnIBGiZH490IN/2pXP88ymp9yPPEyygVgD81friGNeJZgn45BTyocfNyYmsqEskUA+rHB0ltxa1YhhpxrUABoqY/udkHGsyL4vlSvuzYJ4MOWwWlS4g==; pplx.visitor-id=4bc3f08b-020e-439e-8e93-15f8b6af0f83; __cflb=02DiuDyvFMmK5p9jVbVnMNSKYZhUL9aGkVUmJ5FqcYiD2; _dd_s=rum=0&expire=1734449360079; cf_clearance=UZ9n6kS.QQutYN0gn.BNstdZs_YZ764L76SAZVNJPjk-1734448407-1.2.1.1-u9UM_ZNPiKyD4aznyWVe1SJiRAquh36ZYaCGE7Np4pK_beiYl.c4oV23VoufQ8xzQ72Z_Enav6x.H37HHoRduCFPk_BCdFRrpPi1qYVJmHbUmgqEcash1cfl9bMUkoimji9AgONyabWAOng7o4fvRcjRyf.HdQVDXij2eVr_zzxm1Yt484iGVG6cyelIgm.xkIAaHpnmiBlnJElUdeaH5ptdBjdprkgL6S9LmMq6cQSz1xYmef2gH7yyC.kkIcZypX7uazKwOnrpe3QJnJTN3YNG_8NddGw3UOdrU.3AWSTyVv7_TjskqV3GrvUImEISakVICmxuRDZ7v9xi5DdMwJ__ocBaSEghOpbpPAoYANE; next-auth.csrf-token=772ac4d1fe8dfdfc70db3336892bafe3e7738102b83aa8269663e3444d1a1aa6%7Cd4206f57d899feb21c14f1aff27d0ce596dfb06c928c52d7cda16f3dc9a52eec; next-auth.callback-url=https%3A%2F%2Fwww.perplexity.ai; __stripe_mid=d89f9abf-fdd8-4910-b012-9a0a1da2b3405fa7e8; __stripe_sid=b520bbae-1a2d-4363-9e2e-3f058998c945eff199; pplx.metadata={%22qc%22:1%2C%22qcu%22:0%2C%22qcm%22:0%2C%22qcc%22:0%2C%22qcd%22:0%2C%22hli%22:false%2C%22hcga%22:false%2C%22hcds%22:false%2C%22hso%22:false%2C%22hfo%22:false} Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=0, i TE: trailers

Response Headers (403): HTTP/2 403 date: Tue, 17 Dec 2024 15:14:20 GMT content-type: text/html; charset=UTF-8 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: same-origin origin-agent-cluster: ?1 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy: same-origin x-content-options: nosniff x-frame-options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: Gdpf2G2P84icaUc9eXBrWRoMXFniOcc94+Rt+ymiXoU/cQYKq8+xzyEgik2f0RThFUI4k5JP9g+7skl51OBeTGu39RBCR7yL/tmwF/QGgJBjDwK3EIC0tYjHpE5BW4phtvO78Z9jG2iIgdkLyHJdhw==$aGNrRFcXEu22z86D/jnmkA== cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT vary: Accept-Encoding server: cloudflare cf-ray: 8f37dcbbeae32e6a-DFW content-encoding: gzip X-Firefox-Spdy: h2

Fetch (403): await fetch("https://www.perplexity.ai/search/new?q=pending&newFrontendContextUUID=9d97fef3-8197-4a4a-841f-690468857281", {

   "credentials": "include",
   "headers": {
       "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0",
       "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
       "Accept-Language": "en-US,en;q=0.5",
       "Upgrade-Insecure-Requests": "1",
       "Sec-Fetch-Dest": "document",
       "Sec-Fetch-Mode": "navigate",
       "Sec-Fetch-Site": "same-origin",
       "Sec-Fetch-User": "?1",
       "Priority": "u=0, i"
   },
   "referrer": "https://www.perplexity.ai/",
   "method": "GET",
   "mode": "cors"

});

Request Headers (401): GET /cdn-cgi/challenge-platform/h/b/pat/8f37dcbe4d1e2836/1734448460780/74c530203e547de34250ba4b3b0818fccad4eb8dceb870bebc84a25ac4424ca4/8ST9YViz3dffgoY HTTP/2 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/d8tib/0x4AAAAAAADnPIDROrmt1Wwj/dark/fbE/normal/auto/ Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Priority: u=4 Cache-Control: max-age=0 TE: trailers

Response Headers (401): HTTP/2 401 date: Tue, 17 Dec 2024 15:14:20 GMT content-type: text/plain; charset=utf-8 content-length: 1 www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gdMUwID5UfeNCULpLOwgY_MrU643OuHC-vISiWsRCTKQAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIHTFMCA-VH3jQlC6SzsIGPzK1OuNzrhwvryEolrEQkykABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIHTFMCA-VH3jQlC6SzsIGPzK1OuNzrhwvryEolrEQkykABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAnjx4ES9FK_7HoOz2eOuAOLsLJohAAACh84h85AqhAgNOQHBXgzvaRlSVTWSxbxqMaM7_mzi_nXEX7uTPY4QjDPwxO1-MTMRr9MTdbId3v2KeXk7Utq2UL3Sqq1pUAFuYr5f3iNWvcUTPA2uQnM5rA2Y6y4ihqGeKzjo4Ws3RUng4UG_XpnH7TLtkaQT2lSlx1KW3HVmqe3s2nErL6VnmuSSy2fq44coBInPp7ynWCw8_3S_-dcI8a5go7lg2mavoCR40euH5CdnAunVSViDwmvWwAp-1utTaVRH5Js528pcl79qQZBn4JNqyILi_Ymqw1LSnr8eYgV1xj4dzW1hJqQIDAQAB", max-age=20 server: cloudflare cf-ray: 8f37dcc06f682836-DFW alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

Fetch (401): await fetch("https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8f37e12ccc22e79a/1734448642308/b0f60510f953d7fa51138545e66632922718d191f21dd45996658b37e0dd46d0/BgNyxuJHfe5Ju1e", {

   "credentials": "omit",
   "headers": {
       "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0",
       "Accept": "*/*",
       "Accept-Language": "en-US,en;q=0.5",
       "Sec-Fetch-Dest": "empty",
       "Sec-Fetch-Mode": "cors",
       "Sec-Fetch-Site": "same-origin",
       "Priority": "u=4",
       "Cache-Control": "max-age=0"
   },
   "referrer": "https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/2iqu9/0x4AAAAAAADnPIDROrmt1Wwj/dark/fbE/normal/auto/",
   "method": "GET",
   "mode": "cors"

});

Had also reported this issue over at Cloudflare a while back; they were not very forthcoming as to why this behavior might be occurring. Often their own forum would get the endless turnstyle with FF.

Other browsers do not have this issue, and while I very much like Firefox, in recent releases it has become all but unusable where Cloudflare is concerned.

Please advise how to reliable get past Cloudflare's endless "Verify you are human" turnstyle.

Thanks!

Hi,

I am developing a website of my own and in that website I want to implement a handler for Content-Security-Policy violation reports. I want to test if this handler works as I expect and therefore I have configured a webpage such that is will report CSP violations (I see them in the web developer console) and I want to have them sent to my application's CSP-violation handler.

In my test environment, the application is running on localhost. I have run my web application both on HTTP and HTTPS (with a self-signed certificate), but in neither case Firefox is sending any reports to my application.

My CSP headers look as follows: Content-Security-Policy: report-uri http://localhost:5281/csp-violation;base-uri 'none';default-src 'self';form-action 'none';frame-ancestors 'none';report-to csp-viol;script-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg';style-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg' Reporting-Endpoints: csp-viol=http://localhost:5281/csp-violation Report-To: {"group":"csp-viol","max_age":10886400,"endpoints":[{"url":"http://localhost:5281/csp-violation"}]}

When I run my application using HTTPS, all HTTP in the endpoints will also be HTTPS.

I have verified that when I post something by hand to http://localhost:5281/csp-violation, my handler is executed, so that is not the issue. I believe that Firefox is just not sending the reports. Is there a way to configure Firefox such that it will send the CSP violation reports to my application when run on HTTP(S) on localhost?

Sincerely, Marcel

I recently reset my laptop, when I logged into my mozilla account on my firefox, it is hasn't synced my passwords, hisotry, bookmarks and extensions. The sync is on, I've eevn tried to manually initiate sync. Did not work.

As I am sure as with others, the extension for True Key no long functions on Mozilla. While I understand your need for them to comply with your rules, but just pulling the rug out from under its users without prior notification could have put some of us who use it for critical reasons a great deal of anxiety. Hopefully, you are collaborating with them to get the extension back on the browser.

I have been experiencing severe performance issues with video playback on Youtube. Videos are subject to heavy lagging, and its not just the video, but the entire browser starts lagging. This doesn't happen every time, once every few times. This only occurs on Firefox, and I didn't experience this on Chrome or other browsers. Any help would be appreciated.

le fichier imap.orange.fr : est rempli à 494 GO Comment le vider ? The file imap.orange.fr is filles with 494 GO How to empty it ? Thank you in advance

So yea I've noticed opened Youtube tabs will just randomly start the video playing while I'm in another tab, it's really annoying. I've tried disabling all extensions but it continues to happen. Anyone know whats going on, it's been happening for a really long time.

Using Windows 11 Firefox version 133.0.

How do I permanently change the "overflows" attribute of the new sidebar button to false so it doesn't disappear on me when I resize the window and I still need my tabs?