X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/993e729316b044de2e0e938ab6507b8e5a91380a..2bcd66831f4c1e46d517c9c56f76add99e5c1388:/docs/index.md?ds=inline diff --git a/docs/index.md b/docs/index.md index 67a23bc..3939dc8 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,7 +1,6 @@ Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`. Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example: - ``` { "policies": { @@ -12,6 +11,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries } } ``` +Note: The `policies.json` must use the UTF-8 encoding. | Policy Name | Description | --- | --- | @@ -80,6 +80,8 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`Handlers`](#handlers)** | Configure default application handlers. | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. +| **[`HttpAllowlist`](#httpallowlist)** | Configure origins that will not be upgraded to HTTPS. +| **[`HttpsOnlyMode`](#httpsonlymode)** | Configure HTTPS-Only Mode. | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting. @@ -100,6 +102,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. +| **[`PostQuantumKeyAgreementEnabled`](#postquantumkeyagreementenabled)** | Enable post-quantum key agreement for TLS. | **[`Preferences`](#preferences)** | Set and lock preferences. | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing. @@ -3535,6 +3538,92 @@ Value (string): } } ``` +### HttpAllowlist +Configure sites that will not be upgraded to HTTPS. + +The sites are specified as a list of origins. + +**Compatibility:** Firefox 127\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\HttpAllowlist\1 = "http://example.org" +Software\Policies\Mozilla\Firefox\HttpAllowlist\2 = "http://example.edu" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpAllowlist +``` +Value (string): +``` + + +``` +#### macOS +``` + + HttpAllowlist + + http://example.org + http://example.edu + + +``` +#### policies.json +``` +{ + "policies": { + "HttpAllowlist ": ["http://example.org", + "http://example.edu"] + } +} +``` +### HttpsOnlyMode +Configure HTTPS-Only Mode. + +| Value | Description +| --- | --- | +| allowed | HTTPS-Only Mode is off by default, but the user can turn it on. +| disallowed | HTTPS-Only Mode is off and the user can't turn it on. +| enabled | HTTPS-Only Mode is on by default, but the user can turn it off. +| force_enabled | HTTPS-Only Mode is on and the user can't turn it off. + +**Compatibility:** Firefox 127\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `dom.security.https_only_mode` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\HttpsOnlyMode = "allowed", "disallowed", "enabled", "force_enabled" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpsOnlyMode +``` +Value (string): +``` + + +``` +#### macOS +``` + + HttpsOnlyMode + allowed | disallowed | enabled | force_enabled + +``` +#### policies.json +``` +{ + "policies": { + "HttpsOnlyMode": "allowed" | "disallowed" | "enabled" | "force_enabled" + } +} +``` ### InstallAddonsPermission Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs. @@ -4272,7 +4361,6 @@ Value (string): } } ``` - ### PDFjs Disable or configure PDF.js, the built-in PDF viewer. @@ -4726,6 +4814,41 @@ Value (string): } } ``` +### PostQuantumKeyAgreementEnabled +Enable post-quantum key agreement for TLS. + +**Compatibility:** Firefox 127\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `security.tls.enable_kyber`, `network.http.http3.enable_kyber` (Firefox 128) + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PostQuantumKeyAgreementEnabled = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PostQuantumKeyAgreementEnabled +``` +Value (string): +``` + or +``` +#### macOS +``` + + PostQuantumKeyAgreementEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "PostQuantumKeyAgreementEnabled": true | false + } +} +``` ### Preferences Set and lock preferences. @@ -6143,7 +6266,7 @@ Value (string): Prevent Firefox from messaging the user in certain situations. -`WhatsNew` Remove the "What's New" icon and menuitem. +`WhatsNew` Remove the "What's New" icon and menuitem. (*Deprecated*) `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages. @@ -6159,11 +6282,10 @@ Prevent Firefox from messaging the user in certain situations. **Compatibility:** Firefox 75, Firefox ESR 68.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla` +**Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 @@ -6174,7 +6296,6 @@ Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0 #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions @@ -6191,8 +6312,6 @@ Value (string): UserMessaging - WhatsNew - | ExtensionRecommendations | FeatureRecommendations @@ -6213,7 +6332,6 @@ Value (string): { "policies": { "UserMessaging": { - "WhatsNew": true | false, "ExtensionRecommendations": true | false, "FeatureRecommendations": true | false, "UrlbarInterventions": true | false,