From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Mon, 10 Jun 2024 15:48:10 +0000 (-0400)
Subject: Merge pull request #1094 from willdurand/patch-1
X-Git-Tag: v5.12~12
X-Git-Url: https://git.p6c8.net/policy-templates.git/commitdiff_plain/996c285a6814fc1931221c6d79540f31da858290?hp=-c

Merge pull request #1094 from willdurand/patch-1

Add `temporarily_allow_weak_signatures` to `ExtensionSettings`
---

996c285a6814fc1931221c6d79540f31da858290
diff --combined docs/index.md
index 277ee14,b793adc..8eaf0ab
--- a/docs/index.md
+++ b/docs/index.md
@@@ -120,7 -120,6 +120,7 @@@ Unfortunately, JSON files do not suppor
  | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
  | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
  | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
 +| **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation.
  | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
  | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
  | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
@@@ -128,7 -127,7 +128,7 @@@
  
  ### 3rdparty
  
 -Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
 +Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
  
  For GPO and Intune, the extension developer should provide an ADMX file.
  
@@@ -1222,14 -1221,6 +1222,14 @@@ Configure cookie preferences
  
  `Locked` prevents the user from changing cookie preferences.
  
 +`Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
 +
 +`AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
 +
 +`RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
 +
 +`ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
 +
  **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
  **CCK2 Equivalent:** N/A\
  **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
@@@ -1239,6 -1230,10 +1239,6 @@@
  Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
  Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
  Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
 -Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
 -Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
 -Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
 -Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
  Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
  Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
@@@ -1273,6 -1268,39 +1273,6 @@@ Value (string)
  ```
  OMA-URI:
  ```
 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
 -```
 -Value (string):
 -```
 -<enabled/> or <disabled/>
 -```
 -OMA-URI:
 -```
 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
 -```
 -Value (string):
 -```
 -<enabled/>
 -<data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
 -```
 -OMA-URI:
 -```
 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
 -```
 -Value (string):
 -```
 -<enabled/> or <disabled/>
 -```
 -OMA-URI:
 -```
 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
 -```
 -Value (string):
 -```
 -<enabled/> or <disabled/>
 -```
 -OMA-URI:
 -```
  ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
  ```
  Value (string):
@@@ -1314,6 -1342,14 +1314,6 @@@ Value (string)
      <array>
        <string>http://example.org</string>
      </array>
 -    <key>Default</key>
 -    <true/> | <false/>
 -    <key>AcceptThirdParty</key>
 -    <string>always | never | from-visited</string>
 -    <key>ExpireAtSessionEnd</key>
 -    <true/> | <false/>
 -    <key>RejectTracker</key>
 -    <true/> | <false/>
      <key>Locked</key>
      <true/> | <false/>
      <key>Behavior</key>
@@@ -1331,6 -1367,10 +1331,6 @@@
        "Allow": ["http://example.org/"],
        "AllowSession": ["http://example.edu/"],
        "Block": ["http://example.edu/"],
 -      "Default": true | false,
 -      "AcceptThirdParty": "always" | "never" | "from-visited",
 -      "ExpireAtSessionEnd": true | false,
 -      "RejectTracker": true | false,
        "Locked": true | false,
        "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
        "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
@@@ -1698,7 -1738,7 +1698,7 @@@ Disable Firefox studies (Shield)
  
  **Compatibility:** Firefox 60, Firefox ESR 60\
  **CCK2 Equivalent:** N/A\
 -**Preferences Affected:** N/A
 +**Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
  
  #### Windows (GPO)
  ```
@@@ -2848,6 -2888,7 +2848,7 @@@ The configuration for each extension i
  | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
  | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
  | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
+ | `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms.
  
  **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
  **CCK2 Equivalent:** N/A\
@@@ -3507,7 -3548,7 +3508,7 @@@ Configure the default extension instal
  
  **Compatibility:** Firefox 60, Firefox ESR 60\
  **CCK2 Equivalent:** `permissions.install`\
 -**Preferences Affected:** `xpinstall.enabled`
 +**Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
  
  #### Windows (GPO)
  ```
@@@ -4719,9 -4760,6 +4720,9 @@@ pdfjs. (Firefox 84, Firefox ESR 78.6
  places.
  pref.
  print.
 +privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0)
 +privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
 +privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
  signon. (Firefox 83, Firefox ESR 78.5)
  spellchecker. (Firefox 84, Firefox ESR 78.6)
  toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
@@@ -4745,11 -4783,7 +4746,11 @@@ as well as the following security prefe
  | security.insecure_connection_text.pbmode.enabled | bool | false
  | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
  | security.mixed_content.block_active_content | boolean | true
 -| &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
 +| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
 +| security.mixed_content.block_display_content | boolean | false
 +| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0)
 +| security.mixed_content.upgrade_display_content | boolean | true
 +| &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
  | security.osclientcerts.autoload | boolean | false
  | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
  | security.OCSP.enabled | integer | 1
@@@ -5978,40 -6012,6 +5979,40 @@@ Value (string)
    }
  }
  ```
 +### StartDownloadsInTempDirectory
 +Force downloads to start off in a local, temporary location rather than the default download directory.
 +
 +**Compatibility:** Firefox 102\
 +**CCK2 Equivalent:** N/A\
 +**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
 +
 +#### Windows (GPO)
 +```
 +Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
 +```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +#### macOS
 +```
 +<dict>
 +  <key>StartDownloadsInTempDirectory</key>
 +  <true/> | <false/>
 +</dict>
 +```
 +#### policies.json
 +```
 +{
 +  "policies": {
 +    "StartDownloadsInTempDirectory": true | false
 +}
 +```
  ### SupportMenu
  Add a menuitem to the help menu for specifying support information.
  
@@@ -6063,25 -6063,21 +6064,25 @@@ Value (string)
    }
  }
  ```
 -### StartDownloadsInTempDirectory
 -Force downloads to start off in a local, temporary location rather than the default download directory.
 +### TranslateEnabled
 +Enable or disable webpage translation.
  
 -**Compatibility:** Firefox 102\
 +Note: Web page translation is done completely on the client, so there is no data or privacy risk.
 +
 +If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy.
 +
 +**Compatibility:** Firefox 126\
  **CCK2 Equivalent:** N/A\
 -**Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
 +**Preferences Affected:** `browser.translations.enable`
  
  #### Windows (GPO)
  ```
 -Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
 +Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0
  ```
  #### Windows (Intune)
  OMA-URI:
  ```
 -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled
  ```
  Value (string):
  ```
@@@ -6090,7 -6086,7 +6091,7 @@@
  #### macOS
  ```
  <dict>
 -  <key>StartDownloadsInTempDirectory</key>
 +  <key>TranslateEnabled</key>
    <true/> | <false/>
  </dict>
  ```
@@@ -6098,8 -6094,7 +6099,8 @@@
  ```
  {
    "policies": {
 -    "StartDownloadsInTempDirectory": true | false
 +    "TranslateEnabled": true | false
 +  }
  }
  ```
  ### UserMessaging