Explicitly define new security preferences. Fixes #703.

[policy-templates.git] / README.md

diff --git a/README.md b/README.md
index e5cada0570d5ff9d071ec32d924c27a30af58dc2..d9b391c057e6547787ece2fa0f1f5654fc77caf0 100644 (file)
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
 | **[`Preferences`](#preferences)** | Set and lock preferences.
-| **[`Preferences (Deprecated)`](#preferences--deprecated)** | Set and lock some preferences.
+| **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
 | **[`Proxy`](#proxy)** | Configure proxy settings.
 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -181,7 +181,7 @@ Configure sites that support integrated authentication.
 
 See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
 
-`PrivateBrowsing` enables integrated authentication in prviate browsing.
+`PrivateBrowsing` enables integrated authentication in private browsing.
 
 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
 **CCK2 Equivalent:** N/A\
@@ -1592,7 +1592,7 @@ Value (string):
   <dict>
     <key>InvalidCertificate</key>
     <true/> | <false/>
-    <key><SafeBrowsing/key>
+    <key>SafeBrowsing</key>
     <true/> | <false/>
   </dict>
 </dict>
@@ -2071,11 +2071,11 @@ Value (string):
   <dict>
     <key>Value</key>
     <true/> | <false/>
-    <key><Locked</key>
+    <key>Locked</key>
     <true/> | <false/>
-    <key><Cryptomining</key>
+    <key>Cryptomining</key>
     <true/> | <false/>
-    <key><Fingerprinting</key>
+    <key>Fingerprinting</key>
     <true/> | <false/>
     <key>Exceptions</key>
     <array>
@@ -2130,7 +2130,7 @@ Value (string):
   <dict>
     <key>Enabled</key>
     <true/> | <false/>
-    <key><Locked</key>
+    <key>Locked</key>
     <true/> | <false/>
   </dict>
 </dict>
@@ -3343,7 +3343,7 @@ Value (string):
   <dict>
     <key>Enabled</key>
     <true/> | <false/>
-    <key><EnablePermissions</key>
+    <key>EnablePermissions</key>
     <true/> | <false/>
   </dict>
 </dict>
@@ -3359,7 +3359,7 @@ Value (string):
 }
 ```
 ### Permissions
-Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
 
 `Allow` is a list of origins where the feature is allowed.
 
@@ -3772,24 +3772,38 @@ ui.
 widget.
 ```
 as well as the following security preferences:
-```
-security.default_personal_cert
-security.insecure_connection_text.enabled
-security.insecure_connection_text.pbmode.enabled
-security.insecure_field_warning.contextual.enabled
-security.mixed_content.block_active_content
-security.osclientcerts.autoload
-security.ssl.errorReporting.enabled
-security.tls.hello_downgrade_check
-security.warn_submit_secure_to_insecure
-```
+| Preference | Type | Default
+| --- | --- | ---
+| security.default_personal_cert | string | Ask Every Time
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
+| security.insecure_connection_text.enabled | bool | false
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
+| security.insecure_connection_text.pbmode.enabled | bool | false
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
+| security.insecure_field_warning.contextual.enabled | bool | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If set to false, remove the warning for inscure login fields.
+| security.mixed_content.block_active_content | boolean | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
+| security.osclientcerts.autoload | boolean | false
+| &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
+| security.ssl.errorReporting.enabled | boolean | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
+| security.tls.hello_downgrade_check | boolean | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
+| security.warn_submit_secure_to_insecure | boolean | true
+| &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting s form from https to http.
+
 Using the preference as the key, set the `Value` to the corresponding preference value.
 
 `Status` can be "default", "locked", "user" or "clear"
 
+Default preferences can be modified by the user.
+
 If a value is locked, it is also set as the default.
 
-User preferences persist across invocations of Firefox.
+User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy.
+
+User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
 
 See the examples below for more detail.