+**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
+
+**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
+
Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
| Policy Name | Description
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
+| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
+| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
-### AppAutoUpdate
-
-Enable or disable **automatic** application update.
+### AllowedDomainsForApps
-If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
+Define domains allowed to access Google Workspace.
-If set to false, application updates are downloaded but the user can choose when to install the update.
+This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
-If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
+If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
-**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**Compatibility:** Firefox 89, Firefox ESR 78.11\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `app.update.auto`
+**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
```
Value (string):
```
-<enabled/> or <disabled/>
+<enabled/>
+<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
```
#### macOS
```
<dict>
- <key>AppAutoUpdate</key>
- <true/> | <false/>
+ <key>AllowedDomainsForApps</key>
+ <string>managedfirefox.com,example.com</string>
</dict>
```
#### policies.json
```
{
"policies": {
- "AppAutoUpdate": true | false
+ "AllowedDomainsForApps": "managedfirefox.com,example.com"
}
}
```
-### AllowedDomainsForApps
+### AppAutoUpdate
-Define domains allowed to access Google Workspace.
+Enable or disable **automatic** application update.
-This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
+If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
-If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
+If set to false, application updates are downloaded but the user can choose when to install the update.
-**Compatibility:** Firefox 89, Firefox ESR 78.11\
+If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** N/A
+**Preferences Affected:** `app.update.auto`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
```
Value (string):
```
-<enabled/>
-<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
+<enabled/> or <disabled/>
```
#### macOS
```
<dict>
- <key>AllowedDomainsForApps</key>
- <string>managedfirefox.com,example.com</string>
+ <key>AppAutoUpdate</key>
+ <true/> | <false/>
</dict>
```
#### policies.json
```
{
"policies": {
- "AllowedDomainsForApps": "managedfirefox.com,example.com"
+ "AppAutoUpdate": true | false
}
}
```
```
<enabled/> or <disabled/>
```
+### LegacySameSiteCookieBehaviorEnabled
+Enable default legacy SameSite cookie behavior setting.
+
+If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>LegacySameSiteCookieBehaviorEnabled</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LegacySameSiteCookieBehaviorEnabled": true | false
+}
+```
+### LegacySameSiteCookieBehaviorEnabledForDomainList
+Revert to legacy SameSite behavior for cookies on specified sites.
+
+If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
+```
+Value (string):
+```
+<enabled/>
+<data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1example.org2example.edu"/>
+```
+#### macOS
+```
+<dict>
+ <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
+ <array>
+ <string>example.org</string>
+ <string>example.edu</string>
+ </array>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
+ "example.edu"]
+ }
+}
+```
### LocalFileLinks
Enable linking to local files by origin.
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ShowHomeButton
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
```
Value (string):
```
git.p6c8.net / policy-templates.git / blobdiff