Add DisableSecurityBypass policies

diff --git a/README.md b/README.md
index 1282d8cddaab5ba4b8cdfa35ea4a43769992ff7c..ea6126c7084b18c74adfc1825ff7e08598319120 100644 (file)
--- a/README.md
+++ b/README.md
@@ -219,6 +219,18 @@ This policy disables safe mode on Windows only
   }
 }
 ```
   }
 }
 ```

+### DisableSecurityBypass
+This policy prevents the user from bypassign security in certain cases.
+```
+{
+  "policies": {
+    "DisableSecurityBypass": {
+      "InvalidCertificate": [true|false], /* Prevents adding an exception when an invalid certificate is shown */
+      "SafeBrowsing": [true|false]        /* Prevents selecting "ignore the risk" and visiting a harmful site anyway */
+    }
+  }
+}
+```

 ### DisableSysAddonUpdate
 This policy prevents system add-ons from being updated or installed.
 ```
 ### DisableSysAddonUpdate
 This policy prevents system add-ons from being updated or installed.
 ```

diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 62d11731ec41a65c0d57d28b7e855512a660373d..efe877ea39e626bbc6fbcbf3a7f30d75879e8058 100644 (file)
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -69,6 +69,14 @@ If this policy is not configured or disabled, the "Forget" button is a
 If this policy is not configured or disabled, the &quot;Refresh Firefox&quot; button is available.</string>
       <string id="DisableSafeMode">Disable Safe Mode</string>
       <string id="DisableSafeMode_Explain">Prevents ability to restart in safe mode.</string>
 If this policy is not configured or disabled, the &quot;Refresh Firefox&quot; button is available.</string>
       <string id="DisableSafeMode">Disable Safe Mode</string>
       <string id="DisableSafeMode_Explain">Prevents ability to restart in safe mode.</string>

+      <string id="DisableSecurityBypass_InvalidCertificate">Prevent overriding certificate errors</string>
+      <string id="DisableSecurityBypass_InvalidCertificate_Explain">If this policy is enabled, the &quot;Add Exception&quot; button is not available when a certificate is invalid. This prevents the user from overriding the certificate error.
+
+If this policy is not configured or disabled, certificate errors can be overridden.</string>
+      <string id="DisableSecurityBypass_SafeBrowsing">Prevent overriding safe browsing errors</string>
+      <string id="DisableSecurityBypass_SafeBrowsing_Explain">If this policy is enabled, a user can not bypass the warning and visit a harmful site.
+
+If this policy is not configured or disabled, a user can choose to visit a harmful site.</string>

       <string id="DisableSysAddonUpdate">Disable System Addon Updates</string>
       <string id="DisableSysAddonUpdate_Explain">Prevent the browser from installing and updating system addons.</string>
       <string id="DisplayBookmarksToolbar">Display Bookmarks Toolbar</string>
       <string id="DisableSysAddonUpdate">Disable System Addon Updates</string>
       <string id="DisableSysAddonUpdate_Explain">Prevent the browser from installing and updating system addons.</string>
       <string id="DisplayBookmarksToolbar">Display Bookmarks Toolbar</string>

diff --git a/windows/firefox.admx b/windows/firefox.admx
index 7be7fce474bd6a57bca9430b427d525b90ce09ab..d560c6007f7e541a03a7838ba846d2f54d08b40d 100644 (file)
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -332,6 +332,26 @@
         <decimal value="0"/>
       </disabledValue>
     </policy>
         <decimal value="0"/>
       </disabledValue>
     </policy>

+    <policy name="DisableSecurityBypass_InvalidCertificate" class="Both" displayName="$(string.DisableSecurityBypass_InvalidCertificate)" explainText="$(string.DisableSecurityBypass_InvalidCertificate_Explain)" key="Software\Policies\Mozilla\Firefox\DisableSecurityBypass" valueName="InvalidCertificate">
+      <parentCategory ref="firefox"/>
+      <supportedOn ref="SUPPORTED_WINXPSP2"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy name="DisableSecurityBypass_SafeBrowsing" class="Both" displayName="$(string.DisableSecurityBypass_SafeBrowsing)" explainText="$(string.DisableSecurityBypass_SafeBrowsing_Explain)" key="Software\Policies\Mozilla\Firefox\DisableSecurityBypass" valueName="SafeBrowsing">
+      <parentCategory ref="firefox"/>
+      <supportedOn ref="SUPPORTED_WINXPSP2"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>

     <policy name="DisableSysAddonUpdate" class="Both" displayName="$(string.DisableSysAddonUpdate)" explainText="$(string.DisableSysAddonUpdate_Explain)" key="Software\Policies\Mozilla\Firefox" valueName="DisableSysAddonUpdate">
       <parentCategory ref="firefox"/>
       <supportedOn ref="SUPPORTED_WINXPSP2"/>
     <policy name="DisableSysAddonUpdate" class="Both" displayName="$(string.DisableSysAddonUpdate)" explainText="$(string.DisableSysAddonUpdate_Explain)" key="Software\Policies\Mozilla\Firefox" valueName="DisableSysAddonUpdate">
       <parentCategory ref="firefox"/>
       <supportedOn ref="SUPPORTED_WINXPSP2"/>