]> git.p6c8.net - policy-templates.git/blobdiff - docs/index.md
git.p6c8.net / policy-templates.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add new security prefs
[policy-templates.git] / docs / index.md
diff --git a/docs/index.md b/docs/index.md
index c817f11b845d7d75450a028f7df06e54f06d8770..6d7aaa2a1909405fa35222c87579940f23c5680c 100644 (file)
--- a/docs/index.md
+++ b/docs/index.md
@@ -1266,15 +1266,26 @@ Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compati
 
 `Enabled` indicates whether Firefox should use DLP. Note that if this value is true and no DLP agent is running, all DLP requests will be denied unless `DefaultResult` is set to 1 or 2.
 
+`InterceptionPoints` controls settings for specific interception points.
+
+* The `Clipboard` entry controls clipboard operations for files and text.
+  * `Enabled` indicates whether clipboard operations should use DLP. The default is true.
+* The `DragAndDrop` entry controls drag and drop operations for files and text.
+  * `Enabled` indicates whether drag and drop operations should use DLP. The default is true.
+* The `FileUpload` entry controls file upload operations for files chosen from the file picker.
+  * `Enabled` indicates whether file upload operations should use DLP. The default is true.
+* The `Print` entry controls print operation.
+  * `Enabled` indicates whether print operations should use DLP. The default is true.
+
 `IsPerUser` indicates whether the pipe the DLP agent has created is per-user or per-system. The default is true, meaning per-user.
 
 `PipePathName` is the name of the pipe the DLP agent has created and Firefox will connect to. The default is "path_user".
 
 `ShowBlockedResult` indicates whether Firefox should show a notification when a DLP request is denied. The default is true.
 
-**Compatibility:** Firefox 132\
+**Compatibility:** Firefox 136\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
+**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.interception_point.clipboard.enabled`, `browser.contentanalysis.interception_point.drag_and_drop.enabled`, `browser.contentanalysis.interception_point.file_upload.enabled`, `browser.contentanalysis.interception_point.print.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
 
 #### Windows (GPO)
 ```
@@ -1286,6 +1297,10 @@ Software\Policies\Mozilla\Firefox\ContentAnalysis\ClientSignature = "My DLP Comp
 Software\Policies\Mozilla\Firefox\ContentAnalysis\DefaultResult = 0x0 | 0x1 | 0x2
 Software\Policies\Mozilla\Firefox\ContentAnalysis\DenyUrlRegexList = "https://example\.com/.* https://subdomain\.example\.com/.*"
 Software\Policies\Mozilla\Firefox\ContentAnalysis\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Clipboard\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\DragAndDrop\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\FileUpload\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Print\Enabled = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\ContentAnalysis\IsPerUser = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\ContentAnalysis\PipePathName = "pipe_custom_name"
 Software\Policies\Mozilla\Firefox\ContentAnalysis\ShowBlockedResult = 0x1 | 0x0
@@ -1364,6 +1379,38 @@ Value (string):
 ```
 OMA-URI:
 ```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_Clipboard
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_DragAndDrop
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_FileUpload
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_Print
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_IsPerUser
 ```
 Value (string):
@@ -1401,6 +1448,20 @@ Value (string):
       "DefaultResult": 0 | 1 | 2,
       "DenyUrlRegexList": "https://example\.com/.* https://subdomain\.example\.com/.*",
       "Enabled": true | false,
+      "InterceptionPoints": {
+        "Clipboard": {
+          "Enabled": true | false
+        },
+        "DragAndDrop": {
+          "Enabled": true | false
+        },
+        "FileUpload": {
+          "Enabled": true | false
+        },
+        "Print": {
+          "Enabled": true | false
+        }
+      },
       "IsPerUser": true | false,
       "PipePathName": "pipe_custom_name",
       "ShowBlockedResult": true | false,
@@ -2476,7 +2537,7 @@ This policy only works on Windows through GPO (not policies.json).
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
@@ -5252,6 +5313,8 @@ Set and lock preferences.
 
 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
 
+**NOTE** There are too many preferences for us to provide documentation on them all. The source file [StaticPrefList.yaml](https://searchfox.org/mozilla-central/source/modules/libpref/init/StaticPrefList.yaml) contains information on many of them.
+
 Preferences that start with the following prefixes are supported:
 ```
 accessibility.
@@ -5315,6 +5378,8 @@ as well as the following security preferences:
 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
 | security.osclientcerts.assume_rsa_pss_support | boolean | true
 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
+| security.pki.certificate_transparency.disable_for_hosts
+| security.pki.certificate_transparency.disable_for_spki_hashes
 | security.pki.certificate_transparency.mode | integer | 0
 | &nbsp;&nbsp;&nbsp;&nbsp; Configures Certificate Transparency support mode (Firefox 133)
 | security.ssl.enable_ocsp_stapling | boolean | true
My copy of the policy templates for Firefox

patrick-canterino.de