From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Thu, 23 Jul 2020 19:07:24 +0000 (-0500)
Subject: Add AllowSession to Cookies policy
X-Git-Tag: v2.1~2^2
X-Git-Url: https://git.p6c8.net/policy-templates.git/commitdiff_plain/e0e0f4346a774542d6d867868463b49d99ee1081?hp=--cc

Add AllowSession to Cookies policy
---

e0e0f4346a774542d6d867868463b49d99ee1081
diff --git a/README.md b/README.md
index 16e5280..4216c47 100644
--- a/README.md
+++ b/README.md
@@ -680,6 +680,8 @@ Configure cookie preferences.
 
 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
 
+`AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
+
 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
 
 `Default` determines whether cookies are accepted at all.
@@ -692,13 +694,14 @@ Configure cookie preferences.
 
 `Locked` prevents the user from changing cookie preferences.
 
-**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
 **CCK2 Equivalent:** N/A\
 **Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy`
 
 #### Windows (GPO)
 ```
 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
+Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
@@ -718,6 +721,15 @@ Value (string):
 ```
 OMA-URI:
 ```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Allow" value="1&#xF000;https://example.edu"/>
+```
+OMA-URI:
+```
 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
 ```
 Value (string):
@@ -775,6 +787,10 @@ Value (string):
     <array>
       <string>http://example.com</string>
     </array>
+    <key>AllowSession</key>
+    <array>
+      <string>http://example.edu</string>
+    </array>
     <key>Block</key>
     <array>
       <string>http://example.org</string>
@@ -798,6 +814,7 @@ Value (string):
   "policies": {
     "Cookies": {
       "Allow": ["http://example.org/"],
+      "AllowSession": ["http://example.edu/"],
       "Block": ["http://example.edu/"],
       "Default": true | false,
       "AcceptThirdParty": "always" | "never" | "from-visited",
diff --git a/mac/org.mozilla.firefox.plist b/mac/org.mozilla.firefox.plist
index 5ab46d2..232504f 100644
--- a/mac/org.mozilla.firefox.plist
+++ b/mac/org.mozilla.firefox.plist
@@ -97,6 +97,10 @@
 		<array>
 			<string>https://www.example.org/</string>
 		</array>
+		<key>Allowsession</key>
+		<array>
+			<string>https://www.example.edu/</string>
+		</array>
 		<key>Block</key>
 		<array>
 			<string>https://www.example.edu/</string>
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index da3c870..49abcae 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">DRM-Medien Erweiterungen</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">Erlaubte Seiten</string>
+      <string id="AllowSession">Erlaubte Seiten (Session Only)</string>
       <string id="Block">Gesperrte Seiten</string>
       <string id="AppAutoUpdate">Automatisches Update</string>
       <string id="AppAutoUpdate_Explain">Wenn diese Richtlinieneinstellung aktiviert ist, wird Firefox automatisch ohne Zustimmung des Benutzers aktualisiert.
@@ -347,6 +348,9 @@ Wenn Sie die Richtlinieneinstellungen nicht konfigurieren oder aktivieren, kÃ¶nn
       <string id="Cookies_Allow_Explain">Wenn Sie die Richtlinieneinstellung aktivieren, sind Cookies immer fÃ¼r die angegebenen URLs erlaubt. Wenn eine Top-Level-Domain angegeben ist (http://example.org), sind Cookies auch fÃ¼r alle Sub-Domains zulÃ¤ssig.
 
 Wenn Sie die Richtlinieneinstellung deaktivieren oder nicht konfigurieren, wird die Standard Cookie Richtlinie verwendet.</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">Wenn Sie die Richtlinieneinstellung aktivieren, sind Cookies fÃ¼r die angegebenen URLs gesperrt. Wenn eine Top-Level-Domain angegeben ist (http://example.org), werden Cookies von allen Sub-Domains ebenfalls blockiert.
 
 Wenn Sie die Richtlinieneinstellung deaktivieren oder nicht konfigurieren, sind Cookies standardmÃ¤Ãig nicht blockiert.</string>
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index cbe754d..4e3e152 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">Encrypted Media Extensions</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">Allowed Sites</string>
+      <string id="AllowSession">Allowed Sites (Session Only)</string>
       <string id="Block">Blocked Sites</string>
       <string id="AppAutoUpdate">Application Autoupdate</string>
       <string id="AppAutoUpdate_Explain">If this policy is enabled, Firefox is automatically updated without user approval.
@@ -346,6 +347,9 @@ If this policy is disabled or not configured, the default add-on policy is follo
 If this policy is not configured or enabled, add-ons can be installed.</string>
       <string id="Cookies_Allow_Explain">If this policy is enabled, cookies are always allowed for the origins indicated. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
 
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
 If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">If this policy is enabled, cookies are blocked for the origins indicated. If a top level domain is specified (http://example.org), cookies are blocked from all subdomains as well.
 
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index 81d29c2..278afbe 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">Extensiones de medios cifrados</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">Sitios permitidos</string>
+      <string id="AllowSession">Sitios permitidos (Session Only)</string>
       <string id="Block">Sitios bloqueados</string>
       <string id="AppAutoUpdate">ActualizaciÃ³n automÃ¡tica de aplicaciÃ³n</string>
       <string id="AppAutoUpdate_Explain">Si esta polÃ­tica estÃ¡ habilitada, Firefox se actualizarÃ¡ automÃ¡ticamente sin la aprobaciÃ³n del usuario.
@@ -347,6 +348,9 @@ Si esta polÃ­tica no estÃ¡ configurada o habilitada, se podrÃ¡n instalar complem
       <string id="Cookies_Allow_Explain">Si esta polÃ­tica estÃ¡ habilitada, las cookies siempre estarÃ¡n permitidas para los orÃ­genes indicados. Si se especifica un dominio de nivel superior (http://ejemplo.org), tambiÃ©n se permitirÃ¡n cookies para todos los subdominios.
 
 Si esta polÃ­tica estÃ¡ deshabilitada o no estÃ¡ configurada, se seguirÃ¡ la polÃ­tica de cookies predeterminada.</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">Si esta polÃ­tica estÃ¡ habilitada, las cookies estarÃ¡n bloqueadas por los orÃ­genes indicados. Si se especifica un dominio de nivel superior (http://ejemplo.org), tambiÃ©n se bloquearÃ¡n las cookies de todos los subdominios.
 
 Si esta polÃ­tica estÃ¡ deshabilitada o no estÃ¡ configurada, las cookies no estarÃ¡n bloqueadas de manera predeterminada.</string>
diff --git a/windows/firefox.admx b/windows/firefox.admx
index f9b6403..45a8006 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -283,6 +283,13 @@
         <list id="Permissions" key="Software\Policies\Mozilla\Firefox\Cookies\Allow" valuePrefix=""/>
       </elements>
     </policy>
+    <policy name="Cookies_AllowSession" class="Both" displayName="$(string.AllowSession)" explainText="$(string.Cookies_AllowSession_Explain)" key="Software\Policies\Mozilla\Firefox" presentation="$(presentation.Permissions)">
+      <parentCategory ref="Cookies"/>
+      <supportedOn ref="SUPPORTED_FF79"/>
+      <elements>
+        <list id="Permissions" key="Software\Policies\Mozilla\Firefox\Cookies\AllowSession" valuePrefix=""/>
+      </elements>
+    </policy>
     <policy name="Cookies_Block" class="Both" displayName="$(string.Block)" explainText="$(string.Cookies_Block_Explain)" key="Software\Policies\Mozilla\Firefox" presentation="$(presentation.Permissions)">
       <parentCategory ref="Cookies"/>
       <supportedOn ref="SUPPORTED_FF60"/>
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index da95bbe..1557630 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">Encrypted Media Extensions</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">Sites autorisÃ©s</string>
+      <string id="AllowSession">Sites autorisÃ©s (Session Only)</string>
       <string id="Block">Sites bloquÃ©s</string>
       <string id="AppAutoUpdate">Application Autoupdate</string>
       <string id="AppAutoUpdate_Explain">Si cette stratÃ©gie est activÃ©e, Firefox est automatiquement mis a jour sans aprobation de l'utilisateur.
@@ -347,6 +348,9 @@ Si cette stratÃ©gie n'est ni configurÃ©e ni activÃ©e, des modules complÃ©mentair
       <string id="Cookies_Allow_Explain">Si cette stratÃ©gie est activÃ©e, les cookies sont toujours autorisÃ©s pour les origines indiquÃ©es. Si un domaine de premier niveau est spÃ©cifiÃ© (http://example.org), les cookies sont Ã©galement autorisÃ©s pour tous les sous-domaines.
 
 Si cette stratÃ©gie est dÃ©sactivÃ©e ou non configurÃ©e, la stratÃ©gie de cookie par dÃ©faut est appliquÃ©e.</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">Si cette stratÃ©gie est activÃ©e, les cookies sont bloquÃ©s pour les origines indiquÃ©es. Si un domaine de premier niveau est spÃ©cifiÃ© (http://example.org), les cookies sont Ã©galement bloquÃ©s pour tous les sous-domaines.
 
 Si cette stratÃ©gie est dÃ©sactivÃ©e ou non configurÃ©e, les cookies ne sont pas bloquÃ©s par dÃ©faut.</string>
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index c5818ed..3351d7a 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">Encrypted Media Extensions</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">Siti consentiti</string>
+      <string id="AllowSession">Siti consentiti (Session Only)</string>
       <string id="Block">Siti bloccati</string>
       <string id="AppAutoUpdate">Aggiornamento automatico applicazione</string>
       <string id="AppAutoUpdate_Explain">Se questo criterio Ã¨ abilitato, Firefox Ã¨ aggiornato automaticamente senza l'approvazione dell'utente.
@@ -347,6 +348,9 @@ Se questo criterio non Ã¨ configurato o Ã¨ abilitato, Ã¨ possibile installare co
       <string id="Cookies_Allow_Explain">Se questo criterio Ã¨ abilitato, i cookie dai siti indicati sono sempre consentiti. Se Ã¨ specificato un dominio di primo livello (http://example.org), i cookie sono consentiti anche da tutti i sottodomini.
 
 Se questo criterio Ã¨ disabilitato o non configurato, viene seguita la politica predefinita per i cookie.</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">Se questo criterio Ã¨ abilitato, i cookie dai siti indicati sono bloccati. Se Ã¨ specificato un dominio di primo livello (http://example.org), i cookie sono bloccati anche da tutti i sottodomini.
 
 Se questo criterio Ã¨ disabilitato o non configurato, i cookie non sono bloccati per impostazione predefinita.</string>
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index 3a3d5b4..333e40f 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -55,6 +55,7 @@
       <string id="EncryptedMediaExtensions_group">å å¯åªé«æ´ååè½</string>
       <string id="PDFjs_group">PDFjs</string>
       <string id="Allow">åè¨±çç¶²ç«</string>
+      <string id="AllowSession">åè¨±çç¶²ç« (Session Only)</string>
       <string id="Block">å°éçç¶²ç«</string>
       <string id="AppAutoUpdate">æç¨ç¨å¼èªåæ´æ°</string>
       <string id="AppAutoUpdate_Explain">è¥åç¨æ­¤ååï¼Firefox æä¸ç¶ä½¿ç¨èåæèªåæ´æ°ã
@@ -345,6 +346,9 @@ Mozilla å»ºè­°æ¨ä¸è¦åç¨ Telemetryãéé Telemetry æ¶éå°çè³è¨å¯
       <string id="Cookies_Allow_Explain">è¥åç¨æ­¤ååï¼å°åè¨±ä¾èªæå®ä¾æºç¶²åç Cookieãè¥æå®äºé ç´ç¶²ååç¨±ï¼ä¾å¦ http://example.orgï¼ï¼ä¹å°åè¨±ææä¾èªå­ç¶²åç Cookieã
 
 è¥åç¨æä¸è¨­å®æ­¤ååï¼åéµå¾ªé è¨­ç Cookie ååã</string>
+      <string id="Cookies_AllowSession_Explain">If this policy is enabled, cookies are allowed for the origins indicated, but removed at the end of the session. If a top level domain is specified (http://example.org), cookies are allowed for all subdomains as well.
+
+If this policy is disabled or not configured, the default cookie policy is followed.</string>
       <string id="Cookies_Block_Explain">è¥åç¨æ­¤ååï¼å°å°éä¾èªæå®ä¾æºç¶²åç Cookieãè¥æå®äºé ç´ç¶²ååç¨±ï¼ä¾å¦ http://example.orgï¼ï¼ä¹å°å°éææä¾èªå­ç¶²åç Cookieã
 
 è¥åç¨æä¸è¨­å®æ­¤ååï¼åé è¨­ä¸å°é Cookieã</string>
