X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/d73a023a5777302c00cf56f7cb98476b99a11fca..e181c50bd14bf3eed4ade5031047c6b0391eb57d:/README.md diff --git a/README.md b/README.md index d31a81a..4216c47 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. -| **[`MasterPassword`](#masterpassword)** | Require or prevent using a master password. +| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. @@ -569,6 +569,8 @@ Value (string): Trust certificates that have been added to the operating system certificate store by a user or administrator. +Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509). + See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail. **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\ @@ -678,6 +680,8 @@ Configure cookie preferences. `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https. +`AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https. + `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https. `Default` determines whether cookies are accepted at all. @@ -690,13 +694,14 @@ Configure cookie preferences. `Locked` prevents the user from changing cookie preferences. -**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy` #### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" +Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" @@ -716,6 +721,15 @@ Value (string): ``` OMA-URI: ``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession +``` +Value (string): +``` + + +``` +OMA-URI: +``` ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block ``` Value (string): @@ -773,6 +787,10 @@ Value (string): http://example.com + AllowSession + + http://example.edu + Block http://example.org @@ -796,6 +814,7 @@ Value (string): "policies": { "Cookies": { "Allow": ["http://example.org/"], + "AllowSession": ["http://example.edu/"], "Block": ["http://example.edu/"], "Default": true | false, "AcceptThirdParty": "always" | "never" | "from-visited", @@ -2127,6 +2146,34 @@ Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi" Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org" Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2479,7 +2526,7 @@ Value (string): "ask": true | false, "handlers": [{ "name": "Gmail", - "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" + "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" }] } }, @@ -2555,30 +2602,34 @@ Value (string): #### policies.json ``` { - "mimeTypes": { - "application/msword": { - "action": "useSystemDefault", - "ask": false - } - }, - "schemes": { - "mailto": { - "action": "useHelperApp", - "ask": true | false, - "handlers": [{ - "name": "Gmail", - "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" - }] - } - }, - "extensions": { - "pdf": { - "action": "useHelperApp", - "ask": true | false, - "handlers": [{ - "name": "Adobe Acrobat", - "path": "/usr/bin/acroread" - }] + "policies": { + "Handlers": { + "mimeTypes": { + "application/msword": { + "action": "useSystemDefault", + "ask": false + } + }, + "schemes": { + "mailto": { + "action": "useHelperApp", + "ask": true | false, + "handlers": [{ + "name": "Gmail", + "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s" + }] + } + }, + "extensions": { + "pdf": { + "action": "useHelperApp", + "ask": true | false, + "handlers": [{ + "name": "Adobe Acrobat", + "path": "/usr/bin/acroread" + }] + } + } } } } @@ -2903,23 +2954,23 @@ Value (string): } } ``` -### MasterPassword -Require or prevent using a master password. +### PrimaryPassword +Require or prevent using a primary (formerly master) password. -If this value is true, a master password is required. If this values is false, it works the same as `DisableMasterPasswordCreation` and removes the master password functionality. +If this value is true, a primary password is required. If this value is false, it works the same as `DisableMasterPasswordCreation` and removes the primary password functionality. -**Compatibility:** Firefox 78, Firefox ESR 78\ +**Compatibility:** Firefox 79, Firefox ESR 78.1\ **CCK2 Equivalent:** `noMasterPassword`\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\MasterPassword = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/MasterPassword +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword ``` Value (string): ``` @@ -2928,7 +2979,7 @@ Value (string): #### macOS ``` - MasterPassword + PrimaryPassword | ``` @@ -2936,7 +2987,7 @@ Value (string): ``` { "policies": { - "MasterPassword": true | false + "PrimaryPassword": true | false } } ``` @@ -3706,7 +3757,10 @@ Set and lock certain preferences. |     If false, the Widevine plugin is not downloaded. | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true |     If false, WebRTC is disabled -| media.peerconnection.ice.obfuscate_host_addresses.whitelist | string | Firefox 72, Firefox ESR 68.4 | N/A +| media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A +|     If set, a list of domains for which mDNS hostname obfuscation is +disabled +| media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A |     If set, a list of domains for which mDNS hostname obfuscation is disabled | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false @@ -3745,6 +3799,15 @@ Value (string): ``` or ``` +OMA-URI: (periods are replaced by underscores) +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name +``` +Value (string): +``` + + +``` #### macOS ```