Customizing Firefox Using AutoConfig

AutoConfig files can be used to set and lock preferences that are not covered by group policy on Windows or the policies.json for Mac and Linux. This method can be used to automatically change user preferences or prevent the end user from modifiying specific preferences by locking them.

Setting up AutoConfig

To use AutoConfig, place two files into the Firefox directory. On Windows, they go in the same directory where Firefox is installed. On macOS, they go into the Contents/Resources directory of the Firefox.app.

The first file to create is named autoconfig.js and it must be placed into the defaults/pref directory. It should contain the following two lines:

pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);

The first line specifies the name of the AutoConfig file. The name of the file can be customized, but the location of the file cannot be changed.

The second line indicates that the AutoConfig should not be obscured. By default, Firefox expects the file to be byte shifted by 13 bytes in order to obfuscate it.

The second file to create is called firefox.cfg and it is placed at the top level of the Firefox directory. It should always begin with a commented line, such as:

// IMPORTANT: Start your code on the 2nd line

Although the extension of an AutoConfig file is typically .cfg, the AutoConfig file is a JavaScript file. This allows for additional Javascript to be written within the file to add different logic in different situations.

Functions of AutoConfig

The following functions are available within an AutoConfig file:

pref(prefName, value) – sets the user value of a preference. This function explicitly sets the preference as a user preference. That means that if the user has changed the value, it will get reset every time the browser is started.

defaultPref(prefName, value) – sets the default value of a preference. This is the value that a preference has when the user has not set any value or the user resets the preference. It can be permanently changed by the user.

lockPref(prefName, value) – sets the default value of a preference and locks it. This is the most commonly used function. Locking a preference prevents a user from changing it, and in most cases, disables the UI in preferences so it is obvious to the user that the preference has been disabled.

unlockPref(prefName) – unlocks a preference. As an example, this would be used in case where a preference should be locked for all users, but unlocked for particular users.

getPref(prefName) – retrieves the value of a preference. If the preference doesn’t exist, it displays an error. This function should only be used on preferences that always exist.

clearPref(prefName) – removes the user value of a preference, resetting it to its default value.

displayError(funcname, message) – displays an error in a specific format, which is a handy tool for debugging.

   Netscape.cfg/AutoConfig failed. Please contact your system administrator.
   Error: [funcname] failed: [message]

getenv(name) – used to query environment variables. This can allow access to things like usernames and other system information.

Disabling UI Elements

In cases where UI elements are not automatically disabled in the preferencess, there are some “disable_button” preferences that when locked, disable buttons. For example, including

lockPref("pref.privacy.disable_button.view_passwords",true);

in your AutoConfig file will disable the View Passwords button. Other preferences that lock buttons include:

  • pref.general.disable_button.default_browser
  • pref.browser.homepage.disable_button.current_page
  • pref.browser.homepage.disable_button.bookmark_page
  • pref.browser.homepage.disable_button.restore_default
  • security.disable_button.openCertManager
  • security.disable_button.openDeviceManager
  • app.update.disable_button.showUpdateHistory
  • pref.privacy.disable_button.cookie_exceptions
  • pref.privacy.disable_button.view_cookies
  • pref.privacy.disable_button.view_passwords
  • pref.privacy.disable_button.view_passwords_exceptions
  • pref.downloads.disable_button.edit_actions

Centralized Management

The AutoConfig file can be managed centrally. To do so, the location of a secondary AutoConfig file in the primary AutoConfig file:

pref("autoadmin.global_config_url","http://yourdomain.com/autoconfigfile.js");

The URL can be any protocol supported by Firefox, including the file: protocol to point to a file on a networked drive. The format of the remote AutoConfig file is the same as the AutoConfig file on the client, except that the first line is not ignored.

There are other preferences that control aspects of AutoConfig. The autoadmin.refresh_interval preference causes the AutoConfig to refresh at a given interval specified in minutes. There are also preferences related to how offline mode is handled, including autoadmin.offline_failover and autoadmin.failover_to_cached.

Every time an AutoConfig file is retrieved remotely, a backup copy of that file is created in the user’s profile directory called failover.jsc. If the preference autoadmin.failover_to_cached is set to false, Firefox reads the cached file, marks the browser as offline and locks the preference so the user cannot go online. If the preference is set to true, it simply uses the cached file and continues. The preference autoadmin.offline_failover controls whether or not the cached file is used when the user is offline. If it is set to true, the cached file is used.

User Specific Preferences

If user specific information needs to be included in the AutoConfig file, the following preference should be set:

pref("autoadmin.append_emailaddr", true);

This will append a question mark (?) and an email address to the request.

Because Firefox doesn’t use email addresses, the mail.identity.useremail preference must be set. If it is not set, Firefox will display a prompt asking for the email address. Because the AutoConfig file is a Javascript file, this preference can be set before setting autoadmin.global_config_url. For example:

var user = getenv("USER");
lockPref("mail.identity.useremail", user);
lockPref("autoadmin.global_config_url","http://yourdomain.com/autoconfigfile.js");

Was this article helpful? Please wait...

These fine people helped write this article: Wesley Branton, Joni. You can help too - find out how.