mirror of
https://github.com/ironfox-oss/IronFox.git
synced 2026-06-11 09:44:46 -04:00
f7530d12c6
That being said, we still improve upon Firefox's standard certificate pinning, notably: * We remove AffirmTrust & Entrust for Google's domains (as Google no longer uses these CAs, and in fact even plans to distrust them in Chrome entirely...) * We pin our domains * We pin Brave's domains (with info they provide from https://github.com/brave/brave-core/blob/master/chromium_src/net/tools/transport_security_state_generator/input_file_parsers.cc) * We pin `aus4.mozilla.org`, `aus5.mozilla.org`, `firefox.com`, & `telemetry.mozilla.org` (which are typically only set to `test` mode, meaning they're not enforced) * We remove the pin for `dns.google.com` (to ensure Google DNS is always available for those who use it) Signed-off-by: celenity <celenity@celenity.dev>