diff --git a/schema/.source.json b/schema/.source.json index 4ae79d9..353352f 100644 --- a/schema/.source.json +++ b/schema/.source.json @@ -1,5 +1,5 @@ { "url": "https://raw.githubusercontent.com/mozilla/enterprise-firefox/enterprise-main/browser/components/enterprisepolicies/schemas/policies-schema.json", - "commit": "5fe866843302e864dd7b4fee3ee2d1acb902dd87", - "permalink": "https://github.com/mozilla/enterprise-firefox/blob/5fe866843302e864dd7b4fee3ee2d1acb902dd87/browser/components/enterprisepolicies/schemas/policies-schema.json" + "commit": "c64a9dbb4c497e353a2e2f5d2a7944bf7d00a0dd", + "permalink": "https://github.com/mozilla/enterprise-firefox/blob/c64a9dbb4c497e353a2e2f5d2a7944bf7d00a0dd/browser/components/enterprisepolicies/schemas/policies-schema.json" } diff --git a/schema/policies-schema.json b/schema/policies-schema.json index efdf2d8..284197d 100644 --- a/schema/policies-schema.json +++ b/schema/policies-schema.json @@ -1,5 +1,18 @@ { - "$schema": "http://json-schema.org/draft-04/schema#", + "$schema": "http://json-schema.org/draft-07/schema#", + "$comment": "Validation uses standard JSON Schema. Before validating, Firefox normalizes platform input in PolicySchemaValidator.sys.mjs: a value delivered as a JSON string is parsed where contentMediaType is application/json, and 0/1 integers become booleans. After validation, strings with format uri become URL objects, and a list entry that fails validation is dropped and logged rather than discarding the whole policy.", + "definitions": { + "url": { "type": "string", "format": "uri" }, + "urlOrEmpty": { + "type": "string", + "anyOf": [{ "format": "uri" }, { "maxLength": 0 }] + }, + "origin": { + "type": "string", + "format": "uri", + "pattern": "^([Ff][Ii][Ll][Ee]://.*|[Hh][Tt][Tt][Pp][Ss]?://[^/]+/?)$" + } + }, "type": "object", "properties": { "3rdparty": { @@ -32,7 +45,8 @@ "type": "object", "patternProperties": { "^.*$": { - "type": "JSON" + "type": ["object", "array"], + "contentMediaType": "application/json" } } } @@ -316,7 +330,7 @@ "examples": ["106."] }, "AppUpdateURL": { - "type": "URL", + "$ref": "#/definitions/url", "x-category": "Device update settings", "description": "Change the URL for application update if you are providing Firefox updates from a custom update server.", "examples": ["https://yoursite.com"] @@ -404,7 +418,8 @@ "examples": [true, false] }, "AutoLaunchProtocolsFromOrigins": { - "type": ["array", "JSON"], + "type": "array", + "contentMediaType": "application/json", "x-category": "Network security", "description": "Define a list of external protocols that can be used from listed origins without prompting the user.", "examples": [ @@ -420,9 +435,7 @@ "properties": { "allowed_origins": { "type": "array", - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "protocol": { "type": "string" @@ -510,10 +523,10 @@ "type": "string" }, "URL": { - "type": "URL" + "$ref": "#/definitions/url" }, "Favicon": { - "type": "URLorEmpty" + "$ref": "#/definitions/urlOrEmpty" }, "Placement": { "type": "string", @@ -590,7 +603,8 @@ ], "properties": { "Default": { - "type": ["array", "JSON"], + "type": "array", + "contentMediaType": "application/json", "items": { "properties": { "name": { @@ -785,24 +799,15 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "AllowSession": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Default": { "type": "boolean" @@ -1115,18 +1120,25 @@ "examples": [] }, "DisplayBookmarksToolbar": { - "type": ["boolean", "string"], + "anyOf": [ + { "type": "boolean" }, + { "type": "string", "enum": ["always", "never", "newtab"] } + ], "x-category": "Bookmarks", "description": "Set the initial state of the bookmarks toolbar.", - "examples": ["always"], - "enum": ["always", "never", "newtab"] + "examples": ["always"] }, "DisplayMenuBar": { - "type": ["boolean", "string"], + "anyOf": [ + { "type": "boolean" }, + { + "type": "string", + "enum": ["always", "never", "default-on", "default-off"] + } + ], "x-category": "Browser UI", "description": "Set the state of the menubar.", - "examples": ["always"], - "enum": ["always", "never", "default-on", "default-off"] + "examples": ["always"] }, "DNSOverHTTPS": { "type": "object", @@ -1145,9 +1157,7 @@ "Enabled": { "type": "boolean" }, - "ProviderURL": { - "type": "URLorEmpty" - }, + "ProviderURL": { "$ref": "#/definitions/urlOrEmpty" }, "ExcludedDomains": { "type": "array", "items": { @@ -1232,10 +1242,7 @@ }, "Exceptions": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Category": { "type": "string", @@ -1337,7 +1344,8 @@ } }, "ExtensionSettings": { - "type": ["object", "JSON"], + "type": "object", + "contentMediaType": "application/json", "x-category": "Extensions", "description": "Manage all aspects of extensions.", "examples": [ @@ -1411,12 +1419,24 @@ }, "temporarily_allow_weak_signatures": { "type": "boolean" + }, + "blocked_permissions": { + "type": "array", + "items": { + "type": "string" + } + }, + "allowed_permissions": { + "type": "array", + "items": { + "type": "string" + } } } } }, "patternProperties": { - "^.*$": { + "^(?!\\*$).*$": { "type": "object", "properties": { "installation_mode": { @@ -1437,9 +1457,7 @@ "updates_disabled": { "type": "boolean" }, - "update_url": { - "type": "URL" - }, + "update_url": { "$ref": "#/definitions/url" }, "default_area": { "type": "string", "enum": ["navbar", "menupanel"] @@ -1461,6 +1479,18 @@ }, "private_browsing": { "type": "boolean" + }, + "blocked_permissions": { + "type": "array", + "items": { + "type": "string" + } + }, + "allowed_permissions": { + "type": "array", + "items": { + "type": "string" + } } } } @@ -1597,7 +1627,8 @@ "examples": [true, false] }, "Handlers": { - "type": ["object", "JSON"], + "type": "object", + "contentMediaType": "application/json", "x-category": "Security", "description": "Configure default application handlers.", "examples": [ @@ -1690,18 +1721,13 @@ } ], "properties": { - "URL": { - "type": "URL" - }, + "URL": { "$ref": "#/definitions/url" }, "Locked": { "type": "boolean" }, "Additional": { "type": "array", - "strict": false, - "items": { - "type": "URL" - } + "items": { "$ref": "#/definitions/url" } }, "StartPage": { "type": "string", @@ -1711,13 +1737,11 @@ }, "HttpAllowlist": { "type": "array", + "items": { "$ref": "#/definitions/origin" }, "x-category": "Network security", "description": "Configure sites that will not be upgraded to HTTPS.", "examples": [["http://example.org", "http://example.edu"]], - "strict": false, - "items": { - "type": "origin" - } + "strict": false }, "HttpsOnlyMode": { "type": "string", @@ -1739,10 +1763,7 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Default": { "type": "boolean" @@ -1825,9 +1846,7 @@ "children": { "items": { "properties": { - "favicon": { - "type": "URL" - }, + "favicon": { "$ref": "#/definitions/url" }, "name": { "type": "string" }, @@ -1839,7 +1858,8 @@ }, "children": { "items": { - "type": "JSON" + "type": ["object", "array"], + "contentMediaType": "application/json" }, "type": "array" } @@ -1848,9 +1868,7 @@ }, "type": "array" }, - "favicon": { - "type": "URL" - }, + "favicon": { "$ref": "#/definitions/url" }, "name": { "type": "string" }, @@ -1863,7 +1881,8 @@ }, "type": "object" }, - "type": ["array", "JSON"], + "type": "array", + "contentMediaType": "application/json", "x-category": "Bookmarks", "description": "Configures a list of bookmarks managed by an administrator that cannot be changed by the user.", "examples": [ @@ -1940,7 +1959,7 @@ "examples": ["https://example.org"] }, "OverridePostUpdatePage": { - "type": "URLorEmpty", + "$ref": "#/definitions/urlOrEmpty", "x-category": "Startup", "description": "Override the upgrade page.", "examples": ["http://example.org"] @@ -1953,13 +1972,11 @@ }, "PasswordManagerExceptions": { "type": "array", + "items": { "$ref": "#/definitions/origin" }, "x-category": "Password manager", "description": "Prevent Firefox from saving passwords for specific sites.", "examples": [["https://example.org", "https://example.edu"]], - "strict": false, - "items": { - "type": "origin" - } + "strict": false }, "PDFjs": { "type": "object", @@ -2036,17 +2053,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2061,17 +2072,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2090,17 +2095,11 @@ }, "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Locked": { "type": "boolean" @@ -2112,17 +2111,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2137,17 +2130,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2162,17 +2149,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2187,17 +2168,11 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Block": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "BlockNewRequests": { "type": "boolean" @@ -2242,10 +2217,7 @@ "properties": { "Allow": { "type": "array", - "strict": false, - "items": { - "type": "origin" - } + "items": { "$ref": "#/definitions/origin" } }, "Default": { "type": "boolean" @@ -2262,7 +2234,8 @@ "examples": [true, false] }, "Preferences": { - "type": ["object", "JSON"], + "type": "object", + "contentMediaType": "application/json", "x-category": "Security", "description": "Set and lock preferences.", "examples": [ @@ -2370,7 +2343,7 @@ "type": "boolean" }, "AutoConfigURL": { - "type": "URLorEmpty" + "$ref": "#/definitions/urlOrEmpty" }, "FTPProxy": { "type": "string" @@ -2484,6 +2457,10 @@ }, "Locked": { "type": "boolean" + }, + "Exceptions": { + "type": "array", + "items": { "$ref": "#/definitions/origin" } } } }, @@ -2529,9 +2506,7 @@ "Name": { "type": "string" }, - "IconURL": { - "type": "URLorEmpty" - }, + "IconURL": { "$ref": "#/definitions/urlOrEmpty" }, "Alias": { "type": "string" }, @@ -2638,9 +2613,7 @@ } ], "patternProperties": { - "^(?!Add$|Delete$)": { - "type": "string" - } + "^(?!Add$|Delete$).*$": { "type": "string" } }, "properties": { "Add": { @@ -2752,9 +2725,7 @@ "Title": { "type": "string" }, - "URL": { - "type": "URL" - }, + "URL": { "$ref": "#/definitions/url" }, "AccessKey": { "type": "string" } @@ -2876,7 +2847,8 @@ "examples": [true, false] }, "WebsiteFilter": { - "type": ["object", "JSON"], + "type": "object", + "contentMediaType": "application/json", "x-category": "Browsing restrictions", "description": "Block websites from being visited.", "examples": [