From 5adc3d7a64e52aa38753fe64f160ab6c79128169 Mon Sep 17 00:00:00 2001
From: Michael Kaply <345868+mkaply@users.noreply.github.com>
Date: Mon, 12 Jul 2021 13:42:13 -0500
Subject: [PATCH] Add policy docs for AutoLaunchProtocolsFromOrigins

---
 README.md                     | 95 ++++++++++++++++++++++++++++++++++-
 mac/org.mozilla.firefox.plist | 11 ++++
 windows/de-DE/firefox.adml    | 14 ++++--
 windows/en-US/firefox.adml    |  6 +++
 windows/es-ES/firefox.adml    |  6 +++
 windows/firefox.admx          |  7 +++
 windows/fr-FR/firefox.adml    |  6 +++
 windows/it-IT/firefox.adml    |  6 +++
 windows/ru-RU/firefox.adml    |  6 +++
 windows/zh-CN/firefox.adml    | 14 ++++--
 windows/zh-TW/firefox.adml    |  6 +++
 11 files changed, 168 insertions(+), 9 deletions(-)
diff --git a/README.md b/README.md
index df48c65..19ed9e2 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
+| **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
@@ -370,6 +371,98 @@ Value (string):
   }
 }
 ```
+### AutoLaunchProtocolsFromOrigins
+Define a list of external protocols that can be used from listed origins without prompting the user.
+
+The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
+
+The schema is:
+```
+{
+ "items": {
+  "properties": {
+   "allowed_origins": {
+    "items": {
+     "type": "string"
+    },
+    "type": "array"
+   },
+   "protocol": {
+    "type": "string"
+   }
+  },
+  "required": [
+   "protocol",
+   "allowed_origins"
+  ],
+  "type": "object"
+ },
+ "type": "array"
+}
+```
+**Compatibility:** Firefox 90, Firefox ESR 78.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
+```
+[
+  {
+    "protocol": "zoommtg",
+    "allowed_origins": [
+      "https://somesite.zoom.us"
+    ]
+  }
+]
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
+```
+Value (string):
+```
+<enabled/>
+<data id="JSON" value='
+[
+  {
+    "protocol": "zoommtg",
+    "allowed_origins": [
+      "https://somesite.zoom.us"
+    ]
+  }
+]'/>
+```
+#### macOS
+```
+<dict>
+  <key>AutoLaunchProtocolsFromOrigins</key>
+  <array>
+    <dict>
+      <key>protocol</key>
+      <string>zoommtg</string></dict>
+      <key>allowed_origins</key>
+      <array>
+        <string>https://somesite.zoom.us</string>
+      </array>
+    </dict>
+  </array>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "AutoLaunchProtocolsFromOrigins": [{
+      "protocol": "zoommtg",
+      "allowed_origins": [
+        "https://somesite.zoom.us"
+      ]
+    }]
+  }
+}
+```
 ### BackgroundAppUpdate
 
 Enable or disable **automatic** application update **in the background**, when the application is not running.
@@ -3196,7 +3289,7 @@ Value (string):
   <array>
     <dict>
       <key>toplevel_name</key>
-      <string>My managed bookmarks folder</string></dict>
+      <string>My managed bookmarks folder</string>
       <dict>
         <key>url</key>
         <string>example.com</string>
diff --git a/mac/org.mozilla.firefox.plist b/mac/org.mozilla.firefox.plist
index d354a0a..01efdb7 100644
--- a/mac/org.mozilla.firefox.plist
+++ b/mac/org.mozilla.firefox.plist
@@ -46,6 +46,17 @@
 		<key>Locked</key>
 		<true/>
 	</dict>
+  <key>AutoLaunchProtocolsFromOrigins</key>
+  <array>
+    <dict>
+      <key>protocol</key>
+      <string>zoommtg</string></dict>
+      <key>allowed_origins</key>
+      <array>
+        <string>https://somesite.zoom.us</string>
+      </array>
+    </dict>
+  </array>
 	<key>BlockAboutAddons</key>
 	<true/>
 	<key>BlockAboutConfig</key>
diff --git a/windows/de-DE/firefox.adml b/windows/de-DE/firefox.adml
index d09f5e1..70cb551 100644
--- a/windows/de-DE/firefox.adml
+++ b/windows/de-DE/firefox.adml
@@ -846,15 +846,21 @@ For detailed information on creating the policy, see https://github.com/mozilla/
       <string id="AllowedDomainsForApps_Explain">If this policy is enabled, users can only access Google Workspace for the specified domains (separated by a comma). To allow access to Gmail, you can add consumer_accounts.
 
 If this policy is disabled or not configured, users can access any account on Google Workspace as well as Gmail.</string>
+      <string id="BackgroundAppUpdate">Background updater</string>
+      <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
+
+If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf true gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, ist die Einstellung auf false gesperrt.
 
 FÃ¼r eine Beschreibung der Einstellung, siehe:
 
 https://github.com/mozilla/policy-templates/blob/master/README.md#preferences (Englisch)</string>
-      <string id="BackgroundAppUpdate">Background updater</string>
-      <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
-
-If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
       <string id="Preferences_String_Explain">Wenn diese Richtlinieneinstellung aktiviert ist, ist die Einstellung auf den spezifizierten String-Wert gesperrt. Wenn diese Richtlinieneinstellung deaktiviert ist, hat sie keinen Effekt.
 
 FÃ¼r eine Beschreibung der Einstellung, siehe:
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
index 55fc59e..f60936d 100644
--- a/windows/en-US/firefox.adml
+++ b/windows/en-US/firefox.adml
@@ -851,6 +851,12 @@ If this policy is disabled or not configured, users can access any account on Go
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false.
 
 For a description of the preference, see:
diff --git a/windows/es-ES/firefox.adml b/windows/es-ES/firefox.adml
index c034301..185cf85 100644
--- a/windows/es-ES/firefox.adml
+++ b/windows/es-ES/firefox.adml
@@ -851,6 +851,12 @@ If this policy is disabled or not configured, users can access any account on Go
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">Si esta polÃ­tica estÃ¡ habilitada, la preferencia se bloquea en true. Si esta polÃ­tica estÃ¡ deshabilitada, la preferencia estÃ¡ bloqueada en false.
 
 Para una descripciÃ³n de la preferencia, visita:
diff --git a/windows/firefox.admx b/windows/firefox.admx
index 3af5f1e..8a5d010 100644
--- a/windows/firefox.admx
+++ b/windows/firefox.admx
@@ -3760,5 +3760,12 @@
         <decimal value="0"/>
       </disabledValue>
     </policy>
+    <policy name="AutoLaunchProtocolsFromOrigins" class="Both" displayName="$(string.AutoLaunchProtocolsFromOrigins)"  key="Software\Policies\Mozilla\Firefox" explainText="$(string.AutoLaunchProtocolsFromOrigins_Explain)" presentation="$(presentation.JSON)">
+      <parentCategory ref="firefox"/>
+      <supportedOn ref="SUPPORTED_FF81"/>
+      <elements>
+        <multiText id="JSON" valueName="AutoLaunchProtocolsFromOrigins"  maxLength="16384"/>
+      </elements>
+    </policy>
   </policies>
 </policyDefinitions>
diff --git a/windows/fr-FR/firefox.adml b/windows/fr-FR/firefox.adml
index d7bc70a..d6f65d3 100644
--- a/windows/fr-FR/firefox.adml
+++ b/windows/fr-FR/firefox.adml
@@ -850,6 +850,12 @@ If this policy is disabled or not configured, users can access any account on Go
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">Si cette stratÃ©gie est activÃ©e, la prÃ©fÃ©rence est verrouillÃ©e sur true. Si cette stratÃ©gie est dÃ©sactivÃ©e, la prÃ©fÃ©rence est verrouillÃ©e sur false.
 
 Pour une description de la prÃ©fÃ©rence, voir:
diff --git a/windows/it-IT/firefox.adml b/windows/it-IT/firefox.adml
index 40288d1..70ce540 100644
--- a/windows/it-IT/firefox.adml
+++ b/windows/it-IT/firefox.adml
@@ -852,6 +852,12 @@ If this policy is disabled or not configured, users can access any account on Go
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">Se questo criterio Ã¨ abilitato, la preferenza Ã¨ impostata a Vero e resa non modificabile. Se questo criterio Ã¨ disabilitato, la preferenza Ã¨ impostata a Falso e resa non modificabile.
 
 Per una descrizione della preferenza, si veda:
diff --git a/windows/ru-RU/firefox.adml b/windows/ru-RU/firefox.adml
index a413905..927e663 100644
--- a/windows/ru-RU/firefox.adml
+++ b/windows/ru-RU/firefox.adml
@@ -851,6 +851,12 @@ If this policy is disabled or not configured, users can access any account on Go
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain"> ÐÑÐ»Ð¸ ÑÑÐ° Ð¿Ð¾Ð»Ð¸ÑÐ¸ÐºÐ° Ð²ÐºÐ»ÑÑÐµÐ½Ð°, Ð¿ÑÐµÐ´Ð¿Ð¾ÑÑÐµÐ½Ð¸Ðµ Ð·Ð°Ð±Ð»Ð¾ÐºÐ¸ÑÐ¾Ð²Ð°Ð½Ð¾ Ð½Ð° true. ÐÑÐ»Ð¸ ÑÑÐ° Ð¿Ð¾Ð»Ð¸ÑÐ¸ÐºÐ° Ð¾ÑÐºÐ»ÑÑÐµÐ½Ð°, Ð¿ÑÐµÐ´Ð¿Ð¾ÑÑÐµÐ½Ð¸Ðµ Ð·Ð°Ð±Ð»Ð¾ÐºÐ¸ÑÐ¾Ð²Ð°Ð½Ð¾ Ð½Ð° false.
 
 ÐÐ¿Ð¸ÑÐ°Ð½Ð¸Ðµ Ð¿ÑÐµÐ´Ð¿Ð¾ÑÑÐµÐ½Ð¸Ñ ÑÐ¼ .:
diff --git a/windows/zh-CN/firefox.adml b/windows/zh-CN/firefox.adml
index 657dbf9..109a28a 100644
--- a/windows/zh-CN/firefox.adml
+++ b/windows/zh-CN/firefox.adml
@@ -841,14 +841,20 @@ If this policy is disabled or not configured, onboarding messages will be shown
 è¥ç¦ç¨æä¸è®¾å®æ­¤ååï¼åä¸ä¼å å¥åç®¡ççä¹¦ç­¾ã
 
 è¥éè¦å»ºç«ååçè¯¦ç»ä¿¡æ¯ï¼è¯·åè https://github.com/mozilla/policy-templates/blob/master/README.md#managedbookmarksã </string>
-      <string id="AllowedDomainsForApps">Define domains allowed to access Google Workspace</string>
-      <string id="AllowedDomainsForApps_Explain">If this policy is enabled, users can only access Google Workspace for the specified domains (separated by a comma). To allow access to Gmail, you can add consumer_accounts.
+    <string id="AllowedDomainsForApps">Define domains allowed to access Google Workspace</string>
+    <string id="AllowedDomainsForApps_Explain">If this policy is enabled, users can only access Google Workspace for the specified domains (separated by a comma). To allow access to Gmail, you can add consumer_accounts.
 
 If this policy is disabled or not configured, users can access any account on Google Workspace as well as Gmail.</string>
-      <string id="BackgroundAppUpdate">Background updater</string>
-      <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
+    <string id="BackgroundAppUpdate">Background updater</string>
+    <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+    <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+    <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
    <string id="Preferences_Boolean_Explain">è¥å¯ç¨æ­¤ååï¼åå¥½è®¾å®å°éå®ä¸º trueã è¥ç¦ç¨æ­¤ååï¼åå¥½è®¾å®åéå®ä¸ºfalseã
 
 è¥éè¦åå¥½è®¾ç½®çè¯¦ç»è¯´æï¼è¯·åèï¼
diff --git a/windows/zh-TW/firefox.adml b/windows/zh-TW/firefox.adml
index bc4de9f..06c3fa4 100644
--- a/windows/zh-TW/firefox.adml
+++ b/windows/zh-TW/firefox.adml
@@ -849,6 +849,12 @@ Mozilla å»ºè­°æ¨ä¸è¦åç¨ Telemetryãéé Telemetry æ¶éå°çè³è¨å¯
       <string id="BackgroundAppUpdate_Explain">If this policy disabled, the application will not try to install updates when the application is not running.
 
 If this policy is enabled or not configured, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.</string>
+      <string id="AutoLaunchProtocolsFromOrigins">Auto Launch Protocols From Origins</string>
+      <string id="AutoLaunchProtocolsFromOrigins_Explain">If this policy is enabled, you can define a list of external protocols that can be used from listed origins without prompting the user.
+
+If this policy is disabled or not configured, any site that invokes an external protocol will ask the user for permission.
+
+For detailed information on creating the policy, see https://github.com/mozilla/policy-templates/blob/master/README.md#autolaunchprotocolsfromorigins.</string>
       <string id="Preferences_Boolean_Explain">è¥åç¨æ­¤ååï¼åå¥½è¨­å®å°éå®çº trueãè¥åç¨æ­¤ååï¼åå¥½è¨­å®åéå®çº falseã
 
 è¥éè¦åå¥½è¨­å®çè©³ç´°èªªæï¼è«åèï¼
-- 
2.34.1

