Firefox is becoming more aggressive with their “Download a fresh copy of Firefox”, which in previous releases you could set the boolean value “app.update.auto = false” and suppress the update prompt. We are no longer able to do this and Firefox wants user to use the group policy file to make these changes now.
**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
| Policy Name | Description
| --- | --- |
| **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
| **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
| **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
| **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
| **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
| **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
| **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
| **[`Certificates`](#certificates)** |
| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
This file has been truncated. show original
The issue I have run into is that the policy file lives within the snap directory “/snap/firefox/current/distribution”. Is there a solution for this or would it be as simple as creating a symlink directory to my home snap folder and setting the policy file there.
1 Like
IMO this should be done by the snap publisher(Mozilla), contact them to set the policy.
1 Like
oSoMoN
April 4, 2019, 8:22pm
3
app.update.auto =false doesn’t suppress the update check, it simply commands firefox to not install automatically available updates, effectively resulting in a prompt.
As you stated, the recommended way of disabling update checks is a group policy indeed.
And as suggested by @Lin-Buo-Ren , this should be done by the snap publisher themselves.
Bug #1436457 is related.
oSoMoN
April 5, 2019, 8:46am
4
I experimented with adding a policies.json
file under distribution in a repacked firefox snap, with the following content:
{
"policies": {
"DisableAppUpdate": true
}
}
This disables updates, as expected. However, the about dialog has the following message, which might look scary to non-tech savvy users:
Updates disabled by your system administrator
This is still an improvement over the current situation, so I’m going to submit this upstream to see if the approach is acceptable.
1 Like
oSoMoN
April 5, 2019, 9:03am
5
Change submitted upstream for review.
2 Likes