History

Aminda Suomalainen 05a3cb6c08 firefox: allow private ECS		2024-05-16 19:48:39 +03:00
..
README.md	firefox: apparently HTTPS Only mode can be set here contrary to the documentation	2024-05-16 15:03:01 +03:00
policies.json	firefox: allow private ECS	2024-05-16 19:48:39 +03:00

README.md

Firefox `policies.json`

https://mozilla.github.io/policy-templates/

The file is pretty self-explanatory, but I prefer Chromium way of handling enterprise policies since it allows me to cut them to multiple different files per whatever I am doing.

WARNING TO LIBREWOLF USERS
General warning
Extensions
- Privacy Badger
  - Duplicate
Search engines
Useful looking things for the future
- Certificate installations
Things that look useful, but aren’t
- WebSiteFilter

WARNING TO LIBREWOLF USERS

This file takes priority over /usr/share/librewolf/distribution/policies.json so don’t apply this or a lot of LibreWolf specific customizations stops being in force.

General warning

This is meant for me and devices I maintain for self-dogfooding so there are opinions. Including those Firefox won’t accept and will appear as warnings or errors in about:config depending on the release channel or even all of them.

Extensions

They are mostly self-explanatory.

Privacy Badger

jid1-MnnxcxisBPnSXQ-eff@jetpack - Downloaded directly from EFF.

Configured to learn locally and also in incognito as opposed to only relying on vendor list. Also not display the “Welcome to Privacy Badger screen”.

Duplicate

-      "jid1-MnnxcxisBPnSXQ-eff@jetpack": {
-        "install_url": "https://www.eff.org/files/privacy-badger-latest.xpi",
+      "jid1-MnnxcxisBPnSXQ@jetpack": {
+        "install_url": "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi",

The EFF.org version won’t sync and if you sync with unmanaged computer, you will have two PrivacyBadgers. Congratulations?

Search engines

Policy SearchEngines is only allowed on ESR.

But who cares? Anyway thus DuckDuckGo extension is installed by default so when testing this policy I won’t have to see Google.

Additionally it’s a lie since at least Nightly reads it too without complaining.

Useful looking things for the future

Certificate installations

In the certificates section

{
  "Install": ["my_certificate_here.pem"]
}

Things that look useful, but aren’t

WebSiteFilter

{
  "policies": {
    "WebsiteFilter": {
      "Block": ["<all_urls>"],
      "Exceptions": ["http://example.org/*"]
    }
  }
}

Ok, nice, but my policy is already forcing AdNauseam which enforces my blocklist which is more practical.

Granted users can use private browsing mode to get past it, but I am not blocking actively malicious domains.

README.md Unescape Escape

Firefox policies.json