2024-02-01 18:48:27 +01:00
|
|
|
# Firefox `policies.json`
|
|
|
|
|
2024-02-12 16:10:51 +01:00
|
|
|
- https://mozilla.github.io/policy-templates/
|
|
|
|
|
2024-02-01 18:48:27 +01:00
|
|
|
The file is pretty self-explanatory, but I prefer Chromium way of handling
|
|
|
|
enterprise policies since it allows me to cut them to multiple different files
|
|
|
|
per whatever I am doing.
|
|
|
|
|
|
|
|
<!-- editorconfig-checker-disable -->
|
|
|
|
<!-- prettier-ignore-start -->
|
|
|
|
|
|
|
|
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
|
|
|
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
|
|
|
|
|
|
|
- [WARNING TO LIBREWOLF USERS](#warning-to-librewolf-users)
|
2024-05-13 18:33:30 +02:00
|
|
|
- [WARNING TO TRR/ENCRYPTED DNS USERS!](#warning-to-trrencrypted-dns-users)
|
2024-02-08 09:15:26 +01:00
|
|
|
- [Extensions](#extensions)
|
|
|
|
- [Privacy Badger](#privacy-badger)
|
|
|
|
- [Search engines](#search-engines)
|
2024-05-13 20:54:05 +02:00
|
|
|
- [Useful looking things for the future](#useful-looking-things-for-the-future)
|
|
|
|
- [Certificate installations](#certificate-installations)
|
2024-05-14 07:49:45 +02:00
|
|
|
- [Things that look useful, but aren't](#things-that-look-useful-but-arent)
|
|
|
|
- [WebSiteFilter](#websitefilter)
|
2024-02-01 18:48:27 +01:00
|
|
|
|
|
|
|
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
|
|
|
|
|
|
|
<!-- prettier-ignore-end -->
|
|
|
|
<!-- editorconfig-checker-enable -->
|
|
|
|
|
|
|
|
## WARNING TO LIBREWOLF USERS
|
|
|
|
|
|
|
|
This file takes priority over
|
|
|
|
`/usr/share/librewolf/distribution/policies.json` so don't apply this or
|
|
|
|
a lot of LibreWolf specific customizations stops being in force.
|
|
|
|
|
2024-05-13 18:33:30 +02:00
|
|
|
## WARNING TO TRR/ENCRYPTED DNS USERS!
|
|
|
|
|
|
|
|
If `policies.json` locks DNS over HTTPS, `trr.mode` gets locked into `2` which
|
|
|
|
means fallback to system resolver.
|
|
|
|
|
2024-02-08 09:15:26 +01:00
|
|
|
## Extensions
|
|
|
|
|
|
|
|
They are mostly self-explanatory.
|
|
|
|
|
|
|
|
### Privacy Badger
|
2024-02-01 18:48:27 +01:00
|
|
|
|
|
|
|
- `jid1-MnnxcxisBPnSXQ-eff@jetpack` - Downloaded directly from EFF.
|
|
|
|
|
|
|
|
Configured to learn locally and also in incognito as opposed to only relying
|
|
|
|
on vendor list. Also not display the "Welcome to Privacy Badger screen".
|
|
|
|
|
|
|
|
See also:
|
|
|
|
|
|
|
|
- https://github.com/EFForg/privacybadger/blob/master/doc/admin-deployment.md
|
|
|
|
- https://github.com/EFForg/privacybadger/blob/master/src/data/schema.json
|
2024-02-08 08:37:06 +01:00
|
|
|
|
2024-02-08 09:15:26 +01:00
|
|
|
## Search engines
|
|
|
|
|
2024-02-08 09:42:34 +01:00
|
|
|
> Policy SearchEngines is only allowed on ESR.
|
|
|
|
|
2024-02-11 12:23:04 +01:00
|
|
|
But who cares? Anyway thus DuckDuckGo extension is installed by default so
|
|
|
|
when testing this policy I won't have to see Google.
|
2024-03-24 07:17:31 +01:00
|
|
|
|
|
|
|
Additionally it's a lie since at least Nightly reads it too without
|
|
|
|
complaining.
|
2024-05-13 20:54:05 +02:00
|
|
|
|
|
|
|
## Useful looking things for the future
|
|
|
|
|
|
|
|
### Certificate installations
|
|
|
|
|
|
|
|
In the `certificates` section
|
|
|
|
|
|
|
|
```json
|
|
|
|
{
|
|
|
|
"Install": ["my_certificate_here.pem"]
|
|
|
|
}
|
|
|
|
```
|
2024-05-14 07:49:45 +02:00
|
|
|
|
|
|
|
## Things that look useful, but aren't
|
|
|
|
|
|
|
|
### WebSiteFilter
|
|
|
|
|
|
|
|
```json
|
|
|
|
{
|
|
|
|
"policies": {
|
|
|
|
"WebsiteFilter": {
|
|
|
|
"Block": ["<all_urls>"],
|
|
|
|
"Exceptions": ["http://example.org/*"]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
Ok, nice, but my policy is already forcing AdNauseam which enforces my
|
|
|
|
blocklist which is more practical.
|
|
|
|
|
|
|
|
Granted users can use private browsing mode to get past it, but I am not
|
|
|
|
blocking actively malicious domains.
|