[X] My Assistant

What addons are broken by that setting? Nothing should be using HSTS priming...

By "it" I meant the mainstream release in general, not the HSTS Priming setting specifically; I just wasn't as clear as I could've been, apparently.

I would presume the mainstream release also does the same, but it breaks some of my addons

I probably should've put this on a different line, to more clearly differentiate it from the sentences before it.

Failurefox devs will do far worse than toggling HSTS priming with the upcoming releases.

To answer your question, this setting isn't breaking anything here, but I had to rebuild my entire database thanks to the browser being dumb enough to include protocols while hashing bookmarks in the dreaded Places sqlite database (and as such seeing HTTP and HTTPS as completely different versions of the same exact thing - funfact, changing it explicitly to HTTPS isn't enough, you have to rehash every single entry).

Their security concerns should be moved to efforts in order to remove lazy WONTFIXes and work on making that absolute trainwreck of a browser become great again - like, I don't know, Firefox 11. Almost every alternative sucks as well so if they use this as an argument, I won't really go against them.

tl;dr: Use plain HTML or JSON, don't use Places. ZERO reason to use Places; if the browser forcing you to do so is one here's a cool tip, you can bypass almost every single thing they force down your throat. (Offtopic I know. Sorry about that.)

This post has been edited by Luna_Flina: Apr 24 2017, 18:20

Their security concerns should be moved to efforts in order to remove lazy WONTFIXes and work on making that absolute trainwreck of a browser become great again - like, I don't know, Firefox 11. Almost every alternative sucks as well so if they use this as an argument, I won't really go against them.

There were some good attempts at making decent browsers. Two ideas that are still good that have been implemented in at least one such browser are:

1. Make the core of it the JS engine. And run *two* such engines: one as the meat of a browser tab and another as the page sandbox.

Reasoning: you need to process the DOM fast, and you do not reparse HTML at every page change. Instead you want the core engine to handle the rendering, and you focus *all* security concerns as the communication between the two engines. Add-ons should be much easier to write too.

2. Make every tab a separate *process*

Reasoning: Memory leaks happen, add-ons just go bonkers with this stuff from time to time and the engines themselves fail at this too. A separate process has its memory pages managed by the kernel and, once terminated, will get all its memory correctly scratched. The old reasoning about per page threads do not apply anymore. The time between process start vs. thread start is negligible within the time needed to render a page.

Unfortunately the feature madness in the recent 3rd browser war killed of pretty much all these projects. I think the the min browser is the only one alive that uses idea 1. , and the surf browser is the only one alive that implements idea 2. Both of them are too minimalistic for general public use and do not have a plugin system.