X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/0101ddba43889ddefe9b62d23f8fbbbc087ec134..55d1d84bbc71aa851f2727fdeabbec32d7084f8e:/README.md diff --git a/README.md b/README.md index e8f1148..9cd4d11 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** -Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. +Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`. | Policy Name | Description | --- | --- | @@ -69,7 +69,9 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. +| **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. +| **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock some preferences. | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading. @@ -1558,8 +1560,8 @@ Value (string): { "policies": { "DisableSecurityBypass": { - "InvalidCertificate": true false, - "SafeBrowsing": true false + "InvalidCertificate": true | false, + "SafeBrowsing": true | false } } } @@ -2017,10 +2019,10 @@ Value (string): { "policies": { "EnableTrackingProtection": { - "Value": [true, false], - "Locked": [true, false], - "Cryptomining": [true, false], - "Fingerprinting": [true, false], + "Value": true | false, + "Locked": true | false, + "Cryptomining": true | false, + "Fingerprinting": true | false, "Exceptions": ["https://example.com"] } } @@ -2068,8 +2070,8 @@ Value (string): { "policies": { "EncryptedMediaExtensions": { - "Enabled": [true, false], - "Locked": [true, false] + "Enabled": true | false, + "Locked": true | false } } ``` @@ -2964,6 +2966,56 @@ Value (string): } } ``` +### PDFjs +Disable or configure PDF.js, the built-in PDF viewer. + +If `Enabled` is set to false, the built-in PDF viewer is disabled. + +If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text. + +Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions. + +**Compatibility:** Firefox 77, Firefox ESR 68.9\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions +``` +Value (string): +``` +or +``` +#### macOS +``` + + PDFjs + + Enabled + | + + | + + +``` +#### policies.json +``` +{ + "policies": { + "PSFjs": { + "Enabled": true | false, + "EnablePermissions": true | false + } +} +``` ### Permissions Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. @@ -3205,6 +3257,42 @@ Value (string): } } ``` +### PictureInPicture + +Enable or disable Picture-in-Picture. + +**Compatibility:** Firefox 78, Firefox ESR 78\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PictureInPicture = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PictureInPicture +``` +Value (string): +``` + or +``` +#### macOS +``` + + PictureInPicture + | + +``` +#### policies.json +``` +{ + "policies": { + "PictureInPicture": true | false + } +} +``` ### PopupBlocking Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. @@ -3567,17 +3655,17 @@ Value (string): "policies": { "Proxy": { "Mode": "none", "system", "manual", "autoDetect", "autoConfig", - "Locked": [true, false], + "Locked": true | false, "HTTPProxy": "hostname", - "UseHTTPProxyForAllProtocols": [true, false], + "UseHTTPProxyForAllProtocols": true | false, "SSLProxy": "hostname", "FTPProxy": "hostname", "SOCKSProxy": "hostname", "SOCKSVersion": 4 | 5 "Passthrough": "", "AutoConfigURL": "URL_TO_AUTOCONFIG", - "AutoLogin": [true, false], - "UseProxyForDNS": [true, false] + "AutoLogin": true | false, + "UseProxyForDNS": true | false } } }