From 027fa12fc3fbc138dc8bbbb50b066735943d8b27 Mon Sep 17 00:00:00 2001 From: sommerfeld Date: Tue, 19 May 2026 15:16:09 +0100 Subject: revert: drop snxctl-chromium wrapper, snx-rs works with default browser now User confirms snx-rs's SAML loopback no longer needs chromium routing. Remove: - dot_local/bin/snxctl-chromium (PATH-override wrapper) - dot_local/share/snx-rs/bin/xdg-open (chromium shim) - snx-rs LibreWolf SAML note in user-overrides.js The waybar snx-vpn toggle now just runs `snxctl connect` detached, no wrapper indirection. --- firefox/user-overrides.js | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'firefox') diff --git a/firefox/user-overrides.js b/firefox/user-overrides.js index 52059c2..aa79951 100644 --- a/firefox/user-overrides.js +++ b/firefox/user-overrides.js @@ -29,17 +29,6 @@ user_pref("media.gmp-manager.url", "https://aus5.mozilla.org/update/3/GMP/%VERSI /** Network **/ user_pref("network.dns.disableIPv6", false); // keep IPv6 enabled -// NOTE on snx-rs SAML loopback callbacks (Check Point VPN): -// LibreWolf force-upgrades http://127.0.0.1:/ to HTTPS and -// enables LNA blocking, which both break the snx-rs SAML handoff. -// `dom.security.https_only_mode.upgrade_local = false` and -// `network.lna.local-network-to-localhost.skip-checks = true` were tried -// here and did NOT actually fix the SAML flow — left disabled. The -// working fix is the wrapper script ~/.local/bin/snxctl-chromium, which -// routes snx-rs's xdg-open through flatpak ungoogled-chromium via a -// systemd --user drop-in. See dot_local/share/snx-rs/bin/xdg-open and -// dot_config/systemd/user/snx-rs.service.d/10-chromium-saml.conf. - /** Resist Fingerprinting **/ user_pref("privacy.resistFingerprinting.testGranularityMask", 4); user_pref("privacy.resistFingerprinting.exemptedDomains", "meet.google.com,teams.microsoft.com"); -- cgit v1.3.1