]> git.p6c8.net - policy-templates.git/blobdiff - docs/index.md
Merge pull request #1094 from willdurand/patch-1
[policy-templates.git] / docs / index.md
index 5892ef642aac58759e625a1ed57a8f4135d9d4ad..8eaf0ab5f2e38e8d1098d1b1519be02293673f4a 100644 (file)
@@ -17,10 +17,13 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
 | --- | --- |
 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
 | --- | --- |
 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
+| **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
+| **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
+| **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
@@ -117,6 +120,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
+| **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation.
 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
@@ -124,7 +128,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries
 
 ### 3rdparty
 
 
 ### 3rdparty
 
-Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
+Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
 
 For GPO and Intune, the extension developer should provide an ADMX file.
 
 
 For GPO and Intune, the extension developer should provide an ADMX file.
 
@@ -219,6 +223,42 @@ Value (string):
   }
 }
 ```
   }
 }
 ```
+### AllowFileSelectionDialogs
+
+Enable or disable file selection dialogs.
+
+**Compatibility:** Firefox 124\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `widget.disable_file_pickers`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>AllowFileSelectionDialogs</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "AllowFileSelectionDialogs": true | false
+  }
+}
+```
 ### AppAutoUpdate
 
 Enable or disable **automatic** application update.
 ### AppAutoUpdate
 
 Enable or disable **automatic** application update.
@@ -485,6 +525,82 @@ Value (string):
   }
 }
 ```
   }
 }
 ```
+### AutofillAddressEnabled
+
+Enables or disables autofill for addresses.
+
+This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
+
+**Compatibility:** Firefox 125, Firefox ESR 115.10\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.formautofill.addresses.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>AutofillAddressEnabled</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "AutofillAddressEnabled": true | false
+  }
+}
+```
+### AutofillCreditCardEnabled
+
+Enables or disables autofill for payment methods.
+
+This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
+
+**Compatibility:** Firefox 125, Firefox ESR 115.10\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.formautofill.creditCards.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>AutofillCreditCardEnabled</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "AutofillCreditCardEnabled": true | false
+  }
+}
+```
 ### AutoLaunchProtocolsFromOrigins
 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
 
 ### AutoLaunchProtocolsFromOrigins
 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
 
@@ -1106,6 +1222,14 @@ Configure cookie preferences.
 
 `Locked` prevents the user from changing cookie preferences.
 
 
 `Locked` prevents the user from changing cookie preferences.
 
+`Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
+
+`AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
+
+`RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
+
+`ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
+
 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
 **CCK2 Equivalent:** N/A\
 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
 **CCK2 Equivalent:** N/A\
 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
@@ -1115,10 +1239,6 @@ Configure cookie preferences.
 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
-Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
-Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
@@ -1153,39 +1273,6 @@ Value (string):
 ```
 OMA-URI:
 ```
 ```
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
-```
-Value (string):
-```
-<enabled/> or <disabled/>
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
-```
-Value (string):
-```
-<enabled/>
-<data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
-```
-Value (string):
-```
-<enabled/> or <disabled/>
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
-```
-Value (string):
-```
-<enabled/> or <disabled/>
-```
-OMA-URI:
-```
 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
 ```
 Value (string):
 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
 ```
 Value (string):
@@ -1227,14 +1314,6 @@ Value (string):
     <array>
       <string>http://example.org</string>
     </array>
     <array>
       <string>http://example.org</string>
     </array>
-    <key>Default</key>
-    <true/> | <false/>
-    <key>AcceptThirdParty</key>
-    <string>always | never | from-visited</string>
-    <key>ExpireAtSessionEnd</key>
-    <true/> | <false/>
-    <key>RejectTracker</key>
-    <true/> | <false/>
     <key>Locked</key>
     <true/> | <false/>
     <key>Behavior</key>
     <key>Locked</key>
     <true/> | <false/>
     <key>Behavior</key>
@@ -1252,10 +1331,6 @@ Value (string):
       "Allow": ["http://example.org/"],
       "AllowSession": ["http://example.edu/"],
       "Block": ["http://example.edu/"],
       "Allow": ["http://example.org/"],
       "AllowSession": ["http://example.edu/"],
       "Block": ["http://example.edu/"],
-      "Default": true | false,
-      "AcceptThirdParty": "always" | "never" | "from-visited",
-      "ExpireAtSessionEnd": true | false,
-      "RejectTracker": true | false,
       "Locked": true | false,
       "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
       "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
       "Locked": true | false,
       "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
       "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
@@ -1623,7 +1698,7 @@ Disable Firefox studies (Shield).
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** N/A\
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** N/A
+**Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
 
 #### Windows (GPO)
 ```
 
 #### Windows (GPO)
 ```
@@ -2773,6 +2848,7 @@ The configuration for each extension is another dictionary that can contain the
 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
+| `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms.
 
 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
 **CCK2 Equivalent:** N/A\
 
 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
 **CCK2 Equivalent:** N/A\
@@ -3432,7 +3508,7 @@ Configure the default extension install policy as well as origins for extension
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** `permissions.install`\
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** `permissions.install`\
-**Preferences Affected:** `xpinstall.enabled`
+**Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
 
 #### Windows (GPO)
 ```
 
 #### Windows (GPO)
 ```
@@ -4644,6 +4720,9 @@ pdfjs. (Firefox 84, Firefox ESR 78.6)
 places.
 pref.
 print.
 places.
 pref.
 print.
+privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0)
+privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
+privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
 signon. (Firefox 83, Firefox ESR 78.5)
 spellchecker. (Firefox 84, Firefox ESR 78.6)
 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
 signon. (Firefox 83, Firefox ESR 78.5)
 spellchecker. (Firefox 84, Firefox ESR 78.6)
 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
@@ -4667,7 +4746,11 @@ as well as the following security preferences:
 | security.insecure_connection_text.pbmode.enabled | bool | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
 | security.mixed_content.block_active_content | boolean | true
 | security.insecure_connection_text.pbmode.enabled | bool | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
 | security.mixed_content.block_active_content | boolean | true
-| &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
+| security.mixed_content.block_display_content | boolean | false
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0)
+| security.mixed_content.upgrade_display_content | boolean | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
 | security.osclientcerts.autoload | boolean | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
 | security.OCSP.enabled | integer | 1
 | security.osclientcerts.autoload | boolean | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
 | security.OCSP.enabled | integer | 1
@@ -5896,6 +5979,40 @@ Value (string):
   }
 }
 ```
   }
 }
 ```
+### StartDownloadsInTempDirectory
+Force downloads to start off in a local, temporary location rather than the default download directory.
+
+**Compatibility:** Firefox 102\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>StartDownloadsInTempDirectory</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "StartDownloadsInTempDirectory": true | false
+}
+```
 ### SupportMenu
 Add a menuitem to the help menu for specifying support information.
 
 ### SupportMenu
 Add a menuitem to the help menu for specifying support information.
 
@@ -5947,21 +6064,25 @@ Value (string):
   }
 }
 ```
   }
 }
 ```
-### StartDownloadsInTempDirectory
-Force downloads to start off in a local, temporary location rather than the default download directory.
+### TranslateEnabled
+Enable or disable webpage translation.
 
 
-**Compatibility:** Firefox 102\
+Note: Web page translation is done completely on the client, so there is no data or privacy risk.
+
+If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy.
+
+**Compatibility:** Firefox 126\
 **CCK2 Equivalent:** N/A\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
+**Preferences Affected:** `browser.translations.enable`
 
 #### Windows (GPO)
 ```
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled
 ```
 Value (string):
 ```
 ```
 Value (string):
 ```
@@ -5970,7 +6091,7 @@ Value (string):
 #### macOS
 ```
 <dict>
 #### macOS
 ```
 <dict>
-  <key>StartDownloadsInTempDirectory</key>
+  <key>TranslateEnabled</key>
   <true/> | <false/>
 </dict>
 ```
   <true/> | <false/>
 </dict>
 ```
@@ -5978,7 +6099,8 @@ Value (string):
 ```
 {
   "policies": {
 ```
 {
   "policies": {
-    "StartDownloadsInTempDirectory": true | false
+    "TranslateEnabled": true | false
+  }
 }
 ```
 ### UserMessaging
 }
 ```
 ### UserMessaging

patrick-canterino.de