X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/31a8bb0ce06ab91697868bbd3576ac57a66dfd1d..464ce99bdfb3f48a722e1d2f376242ea0ad8a326:/docs/index.md diff --git a/docs/index.md b/docs/index.md index 5892ef6..277ee14 100644 --- a/docs/index.md +++ b/docs/index.md @@ -17,10 +17,13 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | --- | --- | | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed. | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace. +| **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs. | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version. | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. +| **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses. +| **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods. | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user. | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only). | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). @@ -117,6 +120,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. +| **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation. | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. @@ -124,7 +128,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries ### 3rdparty -Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/). +Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy). For GPO and Intune, the extension developer should provide an ADMX file. @@ -219,6 +223,42 @@ Value (string): } } ``` +### AllowFileSelectionDialogs + +Enable or disable file selection dialogs. + +**Compatibility:** Firefox 124\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `widget.disable_file_pickers` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate +``` +Value (string): +``` + or +``` +#### macOS +``` + + AllowFileSelectionDialogs + | + +``` +#### policies.json +``` +{ + "policies": { + "AllowFileSelectionDialogs": true | false + } +} +``` ### AppAutoUpdate Enable or disable **automatic** application update. @@ -485,6 +525,82 @@ Value (string): } } ``` +### AutofillAddressEnabled + +Enables or disables autofill for addresses. + +This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information. + +**Compatibility:** Firefox 125, Firefox ESR 115.10\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `extensions.formautofill.addresses.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled +``` +Value (string): +``` + or +``` +#### macOS +``` + + AutofillAddressEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "AutofillAddressEnabled": true | false + } +} +``` +### AutofillCreditCardEnabled + +Enables or disables autofill for payment methods. + +This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information. + +**Compatibility:** Firefox 125, Firefox ESR 115.10\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `extensions.formautofill.creditCards.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled +``` +Value (string): +``` + or +``` +#### macOS +``` + + AutofillCreditCardEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "AutofillCreditCardEnabled": true | false + } +} +``` ### AutoLaunchProtocolsFromOrigins Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname. @@ -1106,6 +1222,14 @@ Configure cookie preferences. `Locked` prevents the user from changing cookie preferences. +`Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead) + +`AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead) + +`RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead) + +`ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead) + **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy` @@ -1115,10 +1239,6 @@ Configure cookie preferences. Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" -Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" -Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign" Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign" Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 @@ -1153,39 +1273,6 @@ Value (string): ``` OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default -``` -Value (string): -``` - or -``` -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty -``` -Value (string): -``` - - -``` -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd -``` -Value (string): -``` - or -``` -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker -``` -Value (string): -``` - or -``` -OMA-URI: -``` ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked ``` Value (string): @@ -1227,14 +1314,6 @@ Value (string): http://example.org - Default - | - AcceptThirdParty - always | never | from-visited - ExpireAtSessionEnd - | - RejectTracker - | Locked | Behavior @@ -1252,10 +1331,6 @@ Value (string): "Allow": ["http://example.org/"], "AllowSession": ["http://example.edu/"], "Block": ["http://example.edu/"], - "Default": true | false, - "AcceptThirdParty": "always" | "never" | "from-visited", - "ExpireAtSessionEnd": true | false, - "RejectTracker": true | false, "Locked": true | false, "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign", "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign", @@ -1623,7 +1698,7 @@ Disable Firefox studies (Shield). **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** N/A +**Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features` #### Windows (GPO) ``` @@ -3432,7 +3507,7 @@ Configure the default extension install policy as well as origins for extension **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `permissions.install`\ -**Preferences Affected:** `xpinstall.enabled` +**Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features` #### Windows (GPO) ``` @@ -4644,6 +4719,9 @@ pdfjs. (Firefox 84, Firefox ESR 78.6) places. pref. print. +privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0) +privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11) +privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11) signon. (Firefox 83, Firefox ESR 78.5) spellchecker. (Firefox 84, Firefox ESR 78.6) toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4) @@ -4667,7 +4745,11 @@ as well as the following security preferences: | security.insecure_connection_text.pbmode.enabled | bool | false |     If set to true, adds the words "Not Secure" for insecure sites in private browsing. | security.mixed_content.block_active_content | boolean | true -|     If false, mixed active content (HTTP and HTTPS) is not blocked. +|     If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked. +| security.mixed_content.block_display_content | boolean | false +|     If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0) +| security.mixed_content.upgrade_display_content | boolean | true +|     If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0) | security.osclientcerts.autoload | boolean | false |     If true, client certificates are loaded from the operating system certificate store. | security.OCSP.enabled | integer | 1 @@ -5896,6 +5978,40 @@ Value (string): } } ``` +### StartDownloadsInTempDirectory +Force downloads to start off in a local, temporary location rather than the default download directory. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory +``` +Value (string): +``` + or +``` +#### macOS +``` + + StartDownloadsInTempDirectory + | + +``` +#### policies.json +``` +{ + "policies": { + "StartDownloadsInTempDirectory": true | false +} +``` ### SupportMenu Add a menuitem to the help menu for specifying support information. @@ -5947,21 +6063,25 @@ Value (string): } } ``` -### StartDownloadsInTempDirectory -Force downloads to start off in a local, temporary location rather than the default download directory. +### TranslateEnabled +Enable or disable webpage translation. -**Compatibility:** Firefox 102\ +Note: Web page translation is done completely on the client, so there is no data or privacy risk. + +If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy. + +**Compatibility:** Firefox 126\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir` +**Preferences Affected:** `browser.translations.enable` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled ``` Value (string): ``` @@ -5970,7 +6090,7 @@ Value (string): #### macOS ``` - StartDownloadsInTempDirectory + TranslateEnabled | ``` @@ -5978,7 +6098,8 @@ Value (string): ``` { "policies": { - "StartDownloadsInTempDirectory": true | false + "TranslateEnabled": true | false + } } ``` ### UserMessaging