X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/ff3f0348955d1b95c68b6ccf6f4b718891ebd982..2e3ed8c724a4967f74b53a7b0b5e5ba842b44eda:/README.md?ds=sidebyside diff --git a/README.md b/README.md index 4e0ac9c..d38e25a 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed. | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace. | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. +| **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version. | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user. @@ -44,7 +45,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases. | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. -| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. +| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar. @@ -55,11 +56,13 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it. | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS. +| **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains. | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates. | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page. -| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. +| **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. +| **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar. | **[`Handlers`](#handlers)** | Configure default application handlers. | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. @@ -69,7 +72,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user. -| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.. +| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. @@ -78,6 +81,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. +| **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites. | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture. @@ -101,8 +105,10 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar. | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. +| **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. +| **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts. @@ -110,6 +116,58 @@ Policies can be specified using the [Group Policy templates on Windows](https:// Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/). +For GPO and Intune, the extension developer should provide an ADMX file. + +**Compatibility:** Firefox 68\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### macOS +``` + + 3rdparty + + Extensions + + uBlock0@raymondhill.net + + adminSettings + + selectedFilterLists + + ublock-privacy + ublock-badware + ublock-filters + user-filters + + + + + + +``` +#### policies.json +``` +{ + "policies": { + "3rdparty": { + "Extensions": { + "uBlock0@raymondhill.net": { + "adminSettings": { + "selectedFilterLists": [ + "ublock-privacy", + "ublock-badware", + "ublock-filters", + "user-filters" + ] + } + } + } + } + } +} +``` + ### AllowedDomainsForApps Define domains allowed to access Google Workspace. @@ -193,6 +251,49 @@ Value (string): } } ``` +### AppUpdatePin + +Prevent Firefox from being updated beyond the specified version. + +You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version. + +You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version. + +You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version. + +**Compatibility:** Firefox 102,\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\AppUpdatePin = "106." +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin +``` +Value (string): +``` + + +``` +#### macOS +``` + + AppUpdatePin + 106. + +``` +#### policies.json +``` +{ + "policies": { + "AppUpdatePin": "106." + } +} +``` ### AppUpdateURL Change the URL for application update if you are providing Firefox updates from a custom update server. @@ -941,7 +1042,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -950,7 +1051,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -959,7 +1060,7 @@ OMA-URI: Value (string): ``` - + ``` OMA-URI: ``` @@ -1073,80 +1174,6 @@ Value (string): } } ``` -### DisableSetDesktopBackground -Remove the "Set As Desktop Background..." menuitem when right clicking on an image. - -**Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `removeSetDesktopBackground`\ -**Preferences Affected:** N/A - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 -``` -#### Windows (Intune) -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground -``` -Value (string): -``` - or -``` -#### macOS -``` - - DisableSetDesktopBackground - | - -``` -#### policies.json -``` -{ - "policies": { - "DisableSetDesktopBackground": true | false - } -} -``` -### DisableMasterPasswordCreation -Remove the master password functionality. - -If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality. - -If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent. - -**Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `noMasterPassword`\ -**Preferences Affected:** N/A - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 -``` -#### Windows (Intune) -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation -``` -Value (string): -``` - or -``` -#### macOS -``` - - DisableMasterPasswordCreation - | - -``` -#### policies.json -``` -{ - "policies": { - "DisableMasterPasswordCreation": true | false - } -} -``` ### DefaultDownloadDirectory Set the default download directory. @@ -1316,6 +1343,7 @@ Value (string): DisabledCiphers CIPHER_NAME + | ``` @@ -1604,6 +1632,45 @@ Value (string): } } ``` +### DisableMasterPasswordCreation +Remove the master password functionality. + +If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality. + +If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `noMasterPassword`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation +``` +Value (string): +``` + or +``` +#### macOS +``` + + DisableMasterPasswordCreation + | + +``` +#### policies.json +``` +{ + "policies": { + "DisableMasterPasswordCreation": true | false + } +} +``` ### DisablePasswordReveal Do not allow passwords to be shown in saved logins @@ -1873,8 +1940,43 @@ Value (string): } } ``` +### DisableSetDesktopBackground +Remove the "Set As Desktop Background..." menuitem when right clicking on an image. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeSetDesktopBackground`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground +``` +Value (string): +``` + or +``` +#### macOS +``` + + DisableSetDesktopBackground + | + +``` +#### policies.json +``` +{ + "policies": { + "DisableSetDesktopBackground": true | false + } +} +``` ### DisableSystemAddonUpdate -Prevent system add-ons from being installed or update. +Prevent system add-ons from being installed or updated. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ @@ -2384,6 +2486,72 @@ Enable policy support on macOS. ``` +### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + +Disable warnings based on file extension for specific file types on domains. + +This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name. + +Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) = +``` +[ + { + "file_extension": "jnlp", + "domains": ["example.com"] + } +] +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings +``` +Value (string): +``` + + +``` +#### macOS +``` + + ExemptDomainFileTypePairsFromFileTypeDownloadWarnings + + + file_extension + jnlp + domains + + example.com + + + + +``` +#### policies.json +``` +{ + "policies": { + "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{ + "file_extension": "jnlp", + "domains": ["example.com"] + }] + } +} +``` ### Extensions Control the installation, uninstallation and locking of extensions. @@ -2788,6 +2956,51 @@ Value (string): } } ``` +### GoToIntranetSiteForSingleWordEntryInAddressBar +Whether to always go through the DNS server before sending a single word search string to a search engine. + +If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search. + +The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered. + +If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page. + +You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`. + +Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`. + +**Compatibility:** Firefox 104, Firefox ESR 102.2\ +**CCK2 Equivalent:** `N/A`\ +**Preferences Affected:** `browser.fixup.dns_first_for_single_words` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar +``` +Value (string): +``` + or +``` +#### macOS +``` + + GoToIntranetSiteForSingleWordEntryInAddressBar + | + +``` +#### policies.json +``` +{ + "policies": { + "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false + } +} +``` ### Handlers Configure default application handlers. This policy is based on the internal format of `handlers.json`. @@ -3769,6 +3982,50 @@ Value (string): } } ``` +### PasswordManagerExceptions +Prevent Firefox from saving passwords for specific sites. + +The sites are specified as a list of origins. + +**Compatibility:** Firefox 101\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org" +Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions +``` +Value (string): +``` + + +``` +#### macOS +``` + + PasswordManagerExceptions + + https://example.org + https://example.edu + + +``` +#### policies.json +``` +{ + "policies": { + "PasswordManagerExceptions": ["https://example.org", + "https://example.edu"] + } +} +``` + ### PDFjs Disable or configure PDF.js, the built-in PDF viewer. @@ -4287,13 +4544,14 @@ Using the preference as the key, set the `Value` to the corresponding preference `Status` can be "default", "locked", "user" or "clear" -Default preferences can be modified by the user. - -If a value is locked, it is also set as the default. +* `"default"`: Read/Write: Settings appear as default even if factory default differs. +* `"locked"`: Read-Only: Settings appear as default even if factory default differs. +* `"user"`: Read/Write: Settings appear as changed if it differs from factory default. +* `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup. -User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```. +`"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```. -User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. +`"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. See the examples below for more detail. @@ -5499,6 +5757,40 @@ Value (string): } } ``` +### StartDownloadsInTempDirectory +Force downloads to start off in a local, temporary location rather than the default download directory. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.downloads.start_downloads_in_tmp_dir` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory +``` +Value (string): +``` + or +``` +#### macOS +``` + + StartDownloadsInTempDirectory + | + +``` +#### policies.json +``` +{ + "policies": { + "StartDownloadsInTempDirectory": true | false +} +``` ### UserMessaging Prevent Firefox from messaging the user in certain situations. @@ -5513,9 +5805,11 @@ Prevent Firefox from messaging the user in certain situations. `SkipOnboarding` If true, don't show onboarding messages on the new tab page. +`MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98) + **Compatibility:** Firefox 75, Firefox ESR 68.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled` +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla` #### Windows (GPO) ``` @@ -5524,6 +5818,7 @@ Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: @@ -5533,6 +5828,7 @@ OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla ``` Value (string): ``` @@ -5553,6 +5849,8 @@ Value (string): | SkipOnboarding | + MoreFromMozilla + | ``` @@ -5564,12 +5862,48 @@ Value (string): "WhatsNew": true | false, "ExtensionRecommendations": true | false, "FeatureRecommendations": true | false, - "UrlbarInterventions": true | false - "SkipOnboarding": true | false + "UrlbarInterventions": true | false, + "SkipOnboarding": true | false, + "MoreFromMozilla": true | false } } } ``` +### UseSystemPrintDialog +Use the system print dialog instead of the print preview window. + +**Compatibility:** Firefox 102\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `print.prefer_system_dialog` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog +``` +Value (string): +``` + or +``` +#### macOS +``` + + UseSystemPrintDialog + | + +``` +#### policies.json +``` +{ + "policies": { + "UseSystemPrintDialog": true | false + } +} +``` ### WebsiteFilter Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. The arrays are limited to 1000 entries each.