Firefox and Chrome load resources with max-age differently?

I’m trying to troubleshoot something on the client and I believe it has something to do with the the browser caching requests.

I’m loading the same page on Firefox and Chrome (Canary). When I look in the network tab, I see different behavior.

There server response has a max-age set for cache control. I see that Chrome always loads from (disk cache) if max-age has not been reached. But for Firefox, I’ll see it load the resource not from cache once in a while before max-age has been reached. Also I’m seeing 304 ‘not modified’ in Firefox, but not in Chrome.

Can someone help explain what I’m seeing?

Here are some screenshots of the Network tabs… Firefox network tab Chrome network tab

Firefox: What would be more secure/private: storing session cookies or saving password in the browser?

I am wondering, assuming the latest version of Firefox, which of the following options would be more preferable security-wise (e.g. assess and/or password to user account will be stolen) and which one privacy-wise (exposing user to the least advertisement tracking etc.):

  1. Storing session cookies (i.e. logging in and never logging out), but not saving password & username in browser built-in Password Manager.
  2. Saving password & username in built-in Password Manager (without Master Password) and setting cookies and site data to be cleared when browser is closed.

P.S.: I am aware that using Master Password for password storage will increase security of the stored passwords. Though I am not wondering how to improve given options, but would like to asses them “as is”.

Customize default Prompt options (camera to share) when I trigger camera in Firefox with code development

I am having 2 cameras in my PC. When I try to trigger camera in firefox it always opens a permission prompt box with a webcam options. But I don’t want to show the camera options in the prompt box. So Is there any customizable thingy to customize the Prompt box for firefox by updated any javascript changes (I am a developer. So want to fix it by code updation itself for my web application) Anyone please help me resolve this problem ?

Firefox 72 not displaying CSS Custom Cursor from SVG file

I’m currently experimenting with CSS custom cursors:

cursor: url(' [... URL HERE...'), auto; 

and I’m finding that Firefox 72 is not happy with either SVG cursors or GIF cursors (though it is entirely happy with PNG cursors).

According to: Can I Use CSS property: cursor: url() there shouldn’t be a problem.

But clearly there is.

Can anyone shed any light on what the issue is here, please?

Is it that:

  • Firefox does not support SVG cursors and caniuse.com is misinformed ?
  • Firefox does support SVG cursors and I am doing something else wrong?

Added:

Oh. That’s odd. Not working on Chrome 79 either. No idea what’s up then.

How do I allow Mozilla Firefox to use internet? [closed]

At my school Mozilla firefox is blocked for students, so only teachers could access it. The PCs are running on Linux Gnome. It has nothing to do with the cable, network manager or ifconfig eth0 up. It is only in Mozilla. You think it could be somewhere in Mozilla‘s settings (no proxy is used) .

As I was 12 I went in a IT Academy, where we had the same thing, so we couldn’t play any Flash games. We fixed it, by changing port in Mozilla in the right one, which people have seen once from a teacher.

I am saying it, because I couldn’t find the same option in the settings now.

Any information would help, thanks!

What use would a privacy browser, such as Firefox Focus for iPhone, have for an internal web server?

The Mozilla Foundation has a “privacy browser” called Firefox Focus that is available for example iPhone (here). This browser has an always-on ad blocking function.

I was checking the third-party licenses used by this iPhone version (image shown below) and noticed that it includes the use of GCDWebServer.

[3rd-party licenses used by Firefox Focus]

The GitHub page for GCDWebServer says that:

GCDWebServer is a modern and lightweight GCD based HTTP 1.1 server designed to be embedded in iOS, macOS & tvOS apps.

There is a support information for this browser here but the documentation does not mention the use of an internal web server.

This issue has relevance in evaluating the risks from possible open ports in connection with determining whether to allow this browser in corporate bring-your-own-device configuration.

Question: What use would a mobile device web browser have for running an embedded web server?

How can I trace/debug the origin of a specific POST/JS variable in JavaScript in Firefox?

Premise: I’m trying to automate posting on Stack Exchange. Not for abuse, but to have my own interface instead of having to bookmark and use the various “StackSites” and being subjected to the insulting “Viewed 1 times” bug which is never fixed no matter how many times it’s reported.

I have everything ready except for one small detail: the POST variable “i1l” is only set through JavaScript, in an extremely convoluted manner, to the point where I’m convinced that it is specifically done to stop any kind of automation. (Also, to make it clear, SE prevents any client that doesn’t have JavaScript enabled from posting at all.)

I asked about it previously here: https://stackoverflow.com/questions/59306239/how-do-i-make-sense-of-this-apparently-deliberately-obscurified-js-code

One of the comments mentions Stack Exchange apparently being open source now, and links to a GitHub URL, but I searched all over it and found no mention at all of this variable. It’s only present in the (heavily minified/obscurified) JavaScripts loaded on the actual site. So clearly it isn’t open source after all, at least not fully.

As it’s a complete mystery to me how this variable is determined, and it needs the right value or else it doesn’t let you post, I’m wondering if somebody can tell me how to “debug”/trace this specific variable in Firefox.

I cannot use their API because it requires you to have an account and only use that, which is not good for privacy. I want to be able to “ask as guest” for the StackSites that support it, and the API doesn’t let you do that.

I frankly doubt it would help me much even if I could follow this variable around, step by step, because the JS code I have dug up seems absolutely nonsensical to me. The very name is extremely cryptic and nothing indicates what it would be used for if not to prevent people from posting.

Note: Even if I were to abuse this, which again I’m not, the “one post per IP address per 90 minutes” limit, as well as the constant “too much abuse from your network, sorry” messages make it nearly impossible to abuse anyway. I get those constantly when trying to post perfectly legitimate questions.

Site collection is not working in IE11 but works in Chrome and Firefox

I have a site, which was created using sharepoint online, that works fine on Chrome and Firefox but not working in IE11. It works fine once I change the document mode (in developer mode) to 11 instead of 10. Not sure how to make it work without changing the document mode as this is not a solution (Can’t change this setting for the computers of anyone who visits the website).