-Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
+Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
| security.OCSP.require | boolean | false
| If true, if an OCSP request times out, the connection fails.
+| security.osclientcerts.assume_rsa_pss_support | boolean | true
+| If false, we don't assume an RSA key can do RSA-PSS.
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
```
### SecurityDevices
+Add or delete PKCS #11 modules.
+
+**Compatibility:** Firefox 114, Firefox ESR 112.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
+Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
+```
+Value (string):
+```
+<enabled/>
+<data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADDPATH_TO_LIBRARY_FOR_DEVICE"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
+```
+Value (string):
+```
+<enabled/>
+<data id="SecurityDevices" value="1NAME_OF_DEVICE_TO_REMOVE"/>
+```
+#### macOS
+```
+<dict>
+ <key>SecurityDevices</key>
+ <dict>
+ <key>Add<key>
+ <dict>
+ <key>NAME_OF_DEVICE_TO_ADD</key>
+ <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
+ </dict>
+ <key>Delete</add>
+ <array>
+ <string>NAME_OF_DEVICE_TO_DELETE</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "SecurityDevices": {
+ "Add": {
+ "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
+ },
+ "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
+ }
+ }
+}
+```
+### SecurityDevices (Deprecated)
+
Install PKCS #11 modules.
**Compatibility:** Firefox 64, Firefox ESR 60.4\
</dict>
</dict>
```
-
#### policies.json
```
{
git.p6c8.net / policy-templates.git / blobdiff