diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-12-12 12:15:44 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-12 12:15:44 +0000 |
commit | 9d26477548875a167a68556d746016f1f146223b (patch) | |
tree | ab48cdfbeee72be0f4a4387af4cc13b2fbf1b5c8 | |
parent | refactor playonlinux as wine redirect (#3811) (diff) | |
download | firejail-9d26477548875a167a68556d746016f1f146223b.tar.gz firejail-9d26477548875a167a68556d746016f1f146223b.tar.zst firejail-9d26477548875a167a68556d746016f1f146223b.zip |
curl HSTS cache support (#3813)
* add curl HSTS support
* add HSTS support
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/curl.profile | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 25c7796da..9b098f43c 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -430,6 +430,7 @@ blacklist ${HOME}/.config/Zulip | |||
430 | blacklist ${HOME}/.conkeror.mozdev.org | 430 | blacklist ${HOME}/.conkeror.mozdev.org |
431 | blacklist ${HOME}/.crawl | 431 | blacklist ${HOME}/.crawl |
432 | blacklist ${HOME}/.cups | 432 | blacklist ${HOME}/.cups |
433 | blacklist ${HOME}/.curl-hsts | ||
433 | blacklist ${HOME}/.curlrc | 434 | blacklist ${HOME}/.curlrc |
434 | blacklist ${HOME}/.dashcore | 435 | blacklist ${HOME}/.dashcore |
435 | blacklist ${HOME}/.devilspie | 436 | blacklist ${HOME}/.devilspie |
diff --git a/etc/profile-a-l/curl.profile b/etc/profile-a-l/curl.profile index 996ff51d3..5a5a7496a 100644 --- a/etc/profile-a-l/curl.profile +++ b/etc/profile-a-l/curl.profile | |||
@@ -7,6 +7,12 @@ include curl.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # curl 7.74.0 introduces experimental support for HSTS cache | ||
11 | # https://daniel.haxx.se/blog/2020/11/03/hsts-your-curl/ | ||
12 | # technically this file can be anywhere but let's assume users have it in ${HOME}/.curl-hsts | ||
13 | # if your setup diverts, add 'blacklist /path/to/curl/hsts/file' to your disable-programs.local | ||
14 | # and 'noblacklist /path/to/curl/hsts/file' to curl.local to keep the sandbox logic intact | ||
15 | noblacklist ${HOME}/.curl-hsts | ||
10 | noblacklist ${HOME}/.curlrc | 16 | noblacklist ${HOME}/.curlrc |
11 | 17 | ||
12 | blacklist /tmp/.X11-unix | 18 | blacklist /tmp/.X11-unix |