cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Major Upgrade of SPS Packages for Mozilla Firefox

Major Upgrade of SPS Packages for Mozilla Firefox

Good news, everyone! The Mozilla Firefox packages are now far more amazing than ever before!

It all started with the policies.json file, that Mozilla appears to be pushing on people now. It is a JSON file, which contains a bunch of settings for Firefox. Some of the settings that come from the old config file (default name: mozilla.cfg) are now in the policies.json file (such as settings for automatic updates), and a bunch of new ones was added to policies.json as well.

However, a lot of the policies.json stuff requires configuration; for instance, a customer may want Firefox to use DNS over HTTPS, rather than regular DNS queries. This requires a so-called provider, which is unique to the customer, and a bunch of other stuff. 

Firefox Package Behavior

  • The package will no longer delete old config files and/or policies.json files (when we say config files from now, it will mean both mozilla.cfg and policies.json, else we will mention them specifically by name).
    • Previously, the package deleted the old config files to ensure that we had no overlaps with optional parameters. Now, we will read the old config files, and merge it with any optional parameters, as well as the two new flags "Include Policy File" and "Include Config File", to create one fully functioning configuration. To make that merge work, we had to set up a hierarchy that determines which option takes precedence over the others: optional parameters > included policies.json > included mozilla.cfg > old policies.json file > old mozilla.cfg file. So if a package flag sets a setting to one thing, and any kind of config sets it to something else, the package flag is what will be set in the resulting file.
    • The package will try to find the old mozilla.cfg, even if the customer has named it differently (such as I-refuse-to-conform-to-standards-because-I-am-a-special-snowflake.cfg). However, if the old config file is obfuscated, we cannot read it, and it will be ignored; a message will, of course, be logged in that case.
  • The package will migrate settings from the old config format to the new policies format, if necessary.
    • Many customers probably have old mozilla.cfg files lying around on their machines (maybe even from using our packages), using the old configuration format. If the package encounters such a setting, it will now be updated to the new policies.json format automatically! This also goes for the included mozilla.cfg file! As always, a message will be logged in that case.
  • Bunch of performance optimizations
    • The already very fast packages are now even faster, by a few hundred milliseconds!

New flags

  • /ignoreoldconfig
    • This flag will make the package ignore old config/policy files when merging configs/policies.
    • In our products, this will be named "Ignore old config files"
    • Writes to policies.json.
  • /noaboutconfig
    • Prevents access to about: config inside Firefox. It writes to policies.json
    • In our products, this will be named "Block user access to config"
    • Writes to policies.json.
  • /noaboutaddons
    • Prevents access to about:addons inside Firefox. It writes to policies.json
    • In our products, this will be named "Block user access to addons"
    • Writes to policies.json.
  • /noaboutprofiles
    • Prevents access to about:profiles inside Firefox. It writes to policies.json
    • In our products, this will be named "Block user access to profiles"
    • Writes to policies.json.
  • /noprofilerefresh
    • Prevents the user from "refreshing" their profile (also known as cleaning up Firefox), as well as preventing a new popup (introduced by Mozilla) that may come up, whenever Firefox is re-installed.
    • In our products, this will be named "No profile refresh"
    • Writes to policies.json.
  • /noaboutsupport
    • Prevents access to about:support inside Firefox.
    • In our products, this will be named "Block user access to support"
    • Writes to policies.json.
  • /nodesktopbackground
    • Prevents the user from right-clicking pictures and selecting "use as desktop background".
    • In our products, this will be named "Block use as desktop background"
    • Writes to policies.json.
  • /nomasterpassword
    • Prevents the user from creating a master password in Firefox.
    • In our products, this will be named "Block master password creation"
    • Writes to policies.json.
  • /nopdfviewer
    • Prevents the user from using the built-in PDF viewer in Firefox.
    • In our products, this will be named "No built-in PDF viewer"
    • Writes to policies.json.
  • /nodevtools
    • Prevents the user from accessing the developer tools inside Firefox.
    • In our products, this will be named "No developer tools"
    • Writes to policies.json.
  • /nofirefoxaccounts
    • Prevents the user from setting up Firefox accounts in Firefox.
    • In our products, this will be named "No Firefox accounts"
    • Writes to policies.json.
  • /nopocket
    • Prevents the user from accessing/using Pocket inside Firefox.
    • In our products, this will be named "Disable Pocket"
    • Writes to policies.json.
  • /noincognito
    • Prevents the user from accessing/using the incognito mode of Firefox.
    • In our products, this will be named "Disable incognito browsing"
    • Writes to policies.json.
  • /includepolicy
    • This flag allows a customer to embed a policies.json file, with the SPS package, inside the CSI/SVM package. This is similar to how the /trustedsites flag works for Java.
    • The format for this file must follow the Mozilla guidelines, found here: https://github.com/mozilla/policy-templates/blob/master/README.md. It must be formatted as a fully functional policies.json file, that would work standalone as well.
    • In our products, this will be named "Include custom policies.json"
  • /includeconfig

Changed flags

  • /nomigration
    • This flag now writes to policies.json as well as mozilla.cfg. (Mozilla only partially ported this setting)
  • /noupdate
    • This flag now writes to policies.json instead of mozilla.cfg.
  • /nodefault
    • This flag now writes to policies.json instead of mozilla.cfg.
  • /nocollectstats
    • This flag now writes to policies.json instead of mozilla.cfg.
  • /trustrootcert
    • This flag now writes to policies.json instead of mozilla.cfg.
  • /norights
    • Added an extra line, to be written to the config file.
Tags (1)
Was this article helpful? Yes No
No ratings
Version history
Revision #:
3 of 3
Last update:
‎Sep 27, 2019 06:15 PM
Updated by:
 
Contributors