diff --git a/home/.chezmoiscripts/universal/run_onchange_after_40-chrome.tmpl b/home/.chezmoiscripts/universal/run_onchange_after_40-chrome.tmpl index 358de679..89fd2995 100644 --- a/home/.chezmoiscripts/universal/run_onchange_after_40-chrome.tmpl +++ b/home/.chezmoiscripts/universal/run_onchange_after_40-chrome.tmpl @@ -5,25 +5,51 @@ {{ includeTemplate "universal/logg" }} ### Ensure Chrome policies directory is present -if [ ! -d /etc/opt/chrome/policies/managed ]; then - logg info 'Creating directory /etc/opt/chrome/policies/managed' - sudo mkdir -p /etc/opt/chrome/policies/managed -fi +for POLICY_DIR in "/opt/google/chrome/policies" "/etc/chromium/policies" "/etc/brave/policies"; do + ### Managed policies + if [ ! -f "$POLICY_DIR/managed/policies.json" ]; then + logg info "Ensuring directory $POLICY_DIR/managed exists" + sudo mkdir -p "$POLICY_DIR/managed" + logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/chrome/managed.json to $POLICY_DIR/managed/policies.json" + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/chrome/managed.json" "$POLICY_DIR/managed/policies.json" + fi -### Add Chrome policy -if [ -f "$HOME/.config/chrome/policies.json" ]; then - logg info 'Copying policies.json to /etc/opt/chrome/policies/managed/policies.json' - sudo cp -f "$HOME/.config/chrome/policies.json" /etc/opt/chrome/policies/managed/policies.json -fi + ### Recommended policies + if [ ! -f "$POLICY_DIR/recommended/policies.json" ]; then + logg info "Ensuring directory $POLICY_DIR/recommended exists" + sudo mkdir -p "$POLICY_DIR/recommended" + logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/chrome/recommended.json to $POLICY_DIR/recommended/policies.json" + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/chrome/recommended.json" "$POLICY_DIR/recommended/policies.json" + fi +done ### Add Chrome extension JSON -for EXTENSION_DIR in "/opt/google/chrome/extensions" "$HOME/Library/Application Support/Google/Chrome/External Extensions" "$HOME/Library/Application Support/Microsoft/Edge/External Extensions"; do - if [ -d "$EXTENSION_DIR" ]; then +for EXTENSION_DIR in "/opt/google/chrome/extensions" "/etc/chromium/extensions" "/etc/brave/extensions" "$HOME/Library/Application Support/Google/Chrome/External Extensions" "$HOME/Library/Application Support/Microsoft/Edge/External Extensions" "$HOME/Library/Application Support/BraveSoftware/Brave-Browser/Extensions" ; do + ### Ensure program-type is installed + if [ -d "$(dirname "$EXTENSION_DIR")" ]; then + ### Ensure extension directory exists + if [ "$EXTENSION_DIR" == '/opt/'* ] || [ "$EXTENSION_DIR" == '/etc/'* ]; then + if [ ! -d "$EXTENSION_DIR" ]; then + logg info "Creating directory $EXTENSION_DIR" + sudo mkdir -p "$EXTENSION_DIR" + fi + else + if [ ! -d "$EXTENSION_DIR" ]; then + logg info "Creating directory $EXTENSION_DIR" + mkdir -p "$EXTENSION_DIR" + fi + fi + + ### Add extension JSON logg info "Adding Chrome extensions to $EXTENSION_DIR" for EXTENSION in {{ list (.chromeExtensions | toString | replace "[" "" | replace "]" "") | uniq | join " " }}; do logg info "Adding Chrome extension ($EXTENSION)" EXTENSION_ID="$(echo "$EXTENSION" | sed 's/^.*\/\([^\/]*\)$/\1/')" - cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/chrome/extension.json" "$EXTENSION_DIR/${EXTENSION_ID}.json" + if [ "$EXTENSION_DIR" == '/opt/'* ] || [ "$EXTENSION_DIR" == '/etc/'* ]; then + sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/chrome/extension.json" "$EXTENSION_DIR/${EXTENSION_ID}.json" + else + cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/chrome/extension.json" "$EXTENSION_DIR/${EXTENSION_ID}.json" + fi done else logg info "$EXTENSION_DIR does not exist" diff --git a/home/dot_config/chrome/managed.json b/home/dot_config/chrome/managed.json new file mode 100644 index 00000000..e7538a22 --- /dev/null +++ b/home/dot_config/chrome/managed.json @@ -0,0 +1,4 @@ +{ + "MetricsReportingEnabled": false +} + \ No newline at end of file diff --git a/home/dot_config/chrome/policies.json b/home/dot_config/chrome/policies.json deleted file mode 100644 index 705817cf..00000000 --- a/home/dot_config/chrome/policies.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "PasswordManagerEnabled": false -} - \ No newline at end of file diff --git a/home/dot_config/chrome/recommended.json b/home/dot_config/chrome/recommended.json new file mode 100644 index 00000000..8fa59eba --- /dev/null +++ b/home/dot_config/chrome/recommended.json @@ -0,0 +1,6 @@ +{ + "DefaultBrowserSettingEnabled": true, + "PasswordManagerEnabled": false, + "SafeBrowsingEnabled": true, + "TranslateEnabled": true +} \ No newline at end of file diff --git a/home/dot_local/config/chrome-policy.sample b/home/dot_local/config/chrome-policy.sample new file mode 100644 index 00000000..d83e7b44 --- /dev/null +++ b/home/dot_local/config/chrome-policy.sample @@ -0,0 +1,1115 @@ +/ Policy template for Linux. +// Uncomment the policies you wish to activate and change their values to +// something useful for your case. The provided values are for reference only +// and do not provide meaningful defaults! +{ + // Cross-origin HTTP Basic Auth prompts + //------------------------------------------------------------------------- + // Controls whether third-party sub-content on a page is allowed to pop-up an + // HTTP Basic Auth dialog box. Typically this is disabled as a phishing + // defense. If this policy is not set, this is disabled and third-party sub- + // content will not be allowed to pop up a HTTP Basic Auth dialog box. + + //"AllowCrossOriginAuthPrompt": false, + + // Allow invocation of file selection dialogs. + //------------------------------------------------------------------------- + // Allows access to local files on the machine by allowing Google Chrome to + // display file selection dialogs. If you enable this setting, users can open + // file selection dialogs as normal. If you disable this setting, whenever + // the user performs an action which would provoke a file selection dialog + // (like importing bookmarks, uploading files, saving links, etc.) a message + // is displayed instead and the user is assumed to have clicked Cancel on the + // file selection dialog. If this setting is not set, users can open file + // selection dialogs as normal. + + //"AllowFileSelectionDialogs": true, + + // Allow running plugins that are outdated + //------------------------------------------------------------------------- + // Allows Google Chrome to run plugins that are outdated. If you enable this + // setting, outdated plugins are used as normal plugins. If you disable this + // setting, outdated plugins will not be used and users will not be asked for + // permission to run them. If this setting is not set, users will be asked + // for permission to run outdated plugins. + + //"AllowOutdatedPlugins": true, + + // Enable alternate error pages + //------------------------------------------------------------------------- + // Enables the use of alternate error pages that are built into Google Chrome + // (such as 'page not found') and prevents users from changing this setting. + // If you enable this setting, alternate error pages are used. If you disable + // this setting, alternate error pages are never used. If you enable or + // disable this setting, users cannot change or override this setting in + // Google Chrome. If this policy is left not set, this will be enabled but + // the user will be able to change it. + + //"AlternateErrorPagesEnabled": true, + + // Always runs plugins that require authorization + //------------------------------------------------------------------------- + // Allows Google Chrome to run plugins that require authorization. If you + // enable this setting, plugins that are not outdated always run. If this + // setting is disabled or not set, users will be asked for permission to run + // plugins that require authorization. These are plugins that can compromise + // security. + + //"AlwaysAuthorizePlugins": true, + + // Kerberos delegation server whitelist + //------------------------------------------------------------------------- + // Servers that Google Chrome may delegate to. Separate multiple server names + // with commas. Wildcards (*) are allowed. If you leave this policy not set + // any server will be accepted for integrated authentication. + + //"AuthNegotiateDelegateWhitelist": "foobar.example.com", + + // Supported authentication schemes + //------------------------------------------------------------------------- + // Specifies which HTTP Authentication schemes are supported by Google Chrome. + // Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate + // multiple values with commas. If this policy is left not set, all four + // schemes will be used. + + //"AuthSchemes": "basic,digest,ntlm,negotiate", + + // Authentication server whitelist + //------------------------------------------------------------------------- + // Specifies which servers should be whitelisted for integrated + // authentication. Integrated authentication is only enabled when Google + // Chrome receives an authentication challenge from a proxy or from a server + // which is in this permitted list. Separate multiple server names with + // commas. Wildcards (*) are allowed. If you leave this policy not set any + // server will be accepted for integrated authentication. + + //"AuthServerWhitelist": "*example.com,foobar.com,*baz", + + // Enable AutoFill + //------------------------------------------------------------------------- + // Enables Google Chrome's AutoFill feature and allows users to auto complete + // web forms using previously stored information such as address or credit + // card information. If you disable this setting, AutoFill will be + // inaccessible to users. If you enable this setting or do not set a value, + // AutoFill will remain under the control of the user. This will allow them to + // configure AutoFill profiles and to switch AutoFill on or off at their own + // discretion. + + //"AutoFillEnabled": false, + + // Automatically select client certificates for these sites + //------------------------------------------------------------------------- + // Allows you to specify a list of url patterns that specify sites for which + // Google Chrome should automatically select a client certificates, if the + // site requests a certificate. If this policy is left not set no auto- + // selection will be done for any site. + + //"AutoSelectCertificateForUrls": ["{\"pattern\":\"https://www.example.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\"}}}"], + + // Continue running background apps when Google Chrome is closed + //------------------------------------------------------------------------- + // Determines whether a Google Chrome process is started on OS login and keeps + // running when the last browser window is closed, allowing background apps to + // remain active. The background process displays an icon in the system tray + // and can always be closed from there. If this policy is set to True, + // background mode is enabled and cannot be controlled by the user in the + // browser settings. If this policy is set to False, background mode is + // disabled and cannot be controlled by the user in the browser settings. If + // this policy is left unset, background mode is initially disabled and can be + // controlled by the user in the browser settings. + + //"BackgroundModeEnabled": true, + + // Block third party cookies + //------------------------------------------------------------------------- + // Blocks third party cookies. Enabling this setting prevents cookies from + // being set by web page elements that are not from the domain that is in the + // browser's address bar. Disabling this setting allows cookies to be set by + // web page elements that are not from the domain that is in the browser's + // address bar and prevents users from changing this setting. If this policy + // is left not set, third party cookies will be enabled but the user will be + // able to change that. + + //"BlockThirdPartyCookies": false, + + // Enable Bookmark Bar + //------------------------------------------------------------------------- + // Enables the bookmark bar on Google Chrome. If you enable this setting, + // Google Chrome will show a bookmark bar. If you disable this setting, users + // will never see the bookmark bar. If you enable or disable this setting, + // users cannot change or override it in Google Chrome. If this setting is + // left not set the user can decide to use this function or not. + + //"BookmarkBarEnabled": true, + + // Clear site data on browser shutdown + //------------------------------------------------------------------------- + // This policy is an override for the "Clear cookies and other site data when + // I close my browser" content settings option. When set to enabled Google + // Chrome will delete all locally stored data from the browser when it is shut + // down. If set to disabled site data will not be cleared on exit. If this + // policy is left not set Google Chrome will use the default which is to + // preserve site data on shut down and the user will be able to change this. + // If the "RestoreOnStartup" policy is set to restore URLs from previous + // sessions this policy will not clear cookies or other data relevant to + // restoring the previous browsing session completely. + + "ClearSiteDataOnExit": true, + + // Enable Google Cloud Print proxy + //------------------------------------------------------------------------- + // Enables Google Chrome to act as a proxy between Google Cloud Print and + // legacy printers connected to the machine. If this setting is enabled or + // not configured, users can enable the cloud print proxy by authentication + // with their Google account. If this setting is disabled, users cannot + // enable the proxy, and the machine will not be allowed to share it's + // printers with Google Cloud Print. If this policy is left not set, this + // will be enabled but the user will be able to change it. + + //"CloudPrintProxyEnabled": true, + + // Enable submission of documents to Google Cloud Print + //------------------------------------------------------------------------- + // Enables Google Chrome to submit documents to Google Cloud Print for + // printing. NOTE: This only affects Google Cloud Print support in Google + // Chrome. It does not prevent users from submitting print jobs on web sites. + // If this setting is enabled or not configured, users can print to Google + // Cloud Print from the Google Chrome print dialog. If this setting is + // disabled, users cannot print to Google Cloud Print from the Google Chrome + // print dialog + + //"CloudPrintSubmitEnabled": true, + + // Allow cookies on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to set cookies. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultCookiesSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"CookiesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block cookies on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to set cookies. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultCookiesSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"CookiesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Allow session only cookies on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to set session only cookies. If this policy is left not set the + // global default value will be used for all sites either from the + // 'DefaultCookiesSetting' policy if it is set, or the user's personal + // configuration otherwise. If the "RestoreOnStartup" policy is set to + // restore URLs from previous sessions this policy will not be respectred and + // cookies will be stored permanently for those sites. + + //"CookiesSessionOnlyForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Set Chrome as Default Browser + //------------------------------------------------------------------------- + // Configures the default browser checks in Google Chrome and prevents users + // from changing them. If you enable this setting, Google Chrome will always + // check on startup whether it is the default browser and automatically + // register itself if possible. If this setting is disabled, Google Chrome + // will never check if it is the default browser and will disable user + // controls for setting this option. If this setting is not set, Google + // controls for setting this option. If this setting is not set, Google + // Chrome will allow the user to control whether it is the default browser and + // whether user notifications should be shown when it isn't. + + //"DefaultBrowserSettingEnabled": true, + + // Default cookies setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to set local data. Setting + // local data can be either allowed for all websites or denied for all + // websites. If this policy is left not set, 'AllowCookies' will be used and + // the user will be able to change it. + + //"DefaultCookiesSetting": 1, + + // Default geolocation setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to track the users' physical + // location. Tracking the users' physical location can be allowed by default, + // denied by default or the user can be asked every time a website requests + // the physical location. If this policy is left not set, 'AskGeolocation' + // will be used and the user will be able to change it. + + //"DefaultGeolocationSetting": 0, + + // Default images setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to display images. + // Displaying images can be either allowed for all websites or denied for all + // websites. If this policy is left not set, 'AllowImages' will be used and + // the user will be able to change it. + + //"DefaultImagesSetting": 1, + + // Default JavaScript setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to run JavaScript. Running + // JavaScript can be either allowed for all websites or denied for all + // websites. If this policy is left not set, 'AllowJavaScript' will be used + // and the user will be able to change it. + + //"DefaultJavaScriptSetting": 1, + + // Default notification setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to display desktop + // notifications. Displaying desktop notifications can be allowed by default, + // denied by default or the user can be asked every time a website wants to + // show desktop notifications. If this policy is left not set, + // 'AskNotifications' will be used and the user will be able to change it. + + //"DefaultNotificationsSetting": 2, + + // Default plugins setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to automatically run + // plugins. Automatically running plugins can be either allowed for all + // websites or denied for all websites. If this policy is left not set, + // 'AllowPlugins' will be used and the user will be able to change it. + + //"DefaultPluginsSetting": 1, + + // Default popups setting + //------------------------------------------------------------------------- + // Allows you to set whether websites are allowed to show pop-ups. Showing + // popups can be either allowed for all websites or denied for all websites. + // If this policy is left not set, 'BlockPopups' will be used and the user + // will be able to change it. + + //"DefaultPopupsSetting": 1, + + // Enable the default search provider + //------------------------------------------------------------------------- + // Enables the use of a default search provider. If you enable this setting, + // a default search is performed when the user types text in the omnibox that + // is not a URL. You can specify the default search provider to be used by + // setting the rest of the default search policies. If these are left empty, + // the user can choose the default provider. If you disable this setting, no + // search is performed when the user enters non-URL text in the omnibox. If + // you enable or disable this setting, users cannot change or override this + // setting in Google Chrome. If this policy is left not set, the default + // search provider is enabled, and the user will be able to set the search + // provider list. + + "DefaultSearchProviderEnabled": true, + + // Default search provider encodings + //------------------------------------------------------------------------- + // Specifies the character encodings supported by the search provider. + // Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are + // tried in the order provided. This policy is optional. If not set, the + // default will be used which is UTF-8. This policy is only respected if the + // 'DefaultSearchProviderEnabled' policy is enabled. + + //"DefaultSearchProviderEncodings": ["UTF-8", "UTF-16", "GB2312", "ISO-8859-1"], + + // Default search provider icon + //------------------------------------------------------------------------- + // Specifies the favorite icon URL of the default search provider. This + // policy is optional. If not set, no icon will be present for the search + // provider. This policy is only respected if the + // 'DefaultSearchProviderEnabled' policy is enabled. + + //"DefaultSearchProviderIconURL": "http://search.my.company/favicon.ico", + + // Default search provider instant URL + //------------------------------------------------------------------------- + // Specifies the URL of the search engine used to provide instant results. The + // URL should contain the string '{searchTerms}', which will be replaced at + // query time by the text the user has entered so far. This policy is + // optional. If not set, no instant search results will be provided. This + // policy is only respected if the 'DefaultSearchProviderEnabled' policy is + // enabled. + + //"DefaultSearchProviderInstantURL": "http://search.my.company/suggest?q={searchTerms}", + + // Default search provider keyword + //------------------------------------------------------------------------- + // Specifies the keyword, which is the shortcut used in the omnibox to trigger + // the search for this provider. This policy is optional. If not set, no + // keyword will activate the search provider. This policy is only considered + // if the 'DefaultSearchProviderEnabled' policy is enabled. + + //"DefaultSearchProviderKeyword": "mis", + + // Default search provider name + //------------------------------------------------------------------------- + // Specifies the name of the default search provider. If left empty or not + // set, the host name specified by the search URL will be used. This policy + // is only considered if the 'DefaultSearchProviderEnabled' policy is enabled. + + "DefaultSearchProviderName": "Google", + + // Default search provider search URL + //------------------------------------------------------------------------- + // Specifies the URL of the search engine used when doing a default search. + // The URL should contain the string '{searchTerms}', which will be replaced + // at query time by the terms the user is searching for. This option must be + // set when the 'DefaultSearchProviderEnabled' policy is enabled and will only + // be respected if this is the case. + + "DefaultSearchProviderSearchURL": "http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350&q={searchTerms}", + + // Default search provider suggest URL + //------------------------------------------------------------------------- + // Specifies the URL of the search engine used to provide search suggestions. + // The URL should contain the string '{searchTerms}', which will be replaced + // at query time by the text the user has entered so far. This policy is + // optional. If not set, no suggest URL will be used. This policy is only + // respected if the 'DefaultSearchProviderEnabled' policy is enabled. + + //"DefaultSearchProviderSuggestURL": "http://search.my.company/suggest?q={searchTerms}", + + // Disable Developer Tools + //------------------------------------------------------------------------- + // Disables the Developer Tools and the JavaScript console. If you enable + // this setting, the Developer Tools can not be accessed and web-site elements + // can not be inspected anymore. Any keyboard shortcuts and any menu or + // context menu entries to open the Developer Tools or the JavaScript Console + // will be disabled. Setting this option to disabled or leaving it not set + // will allow the use to use the Developer Tools and the JavaScript console. + + "DeveloperToolsDisabled": true, + + // Disable support for 3D graphics APIs + //------------------------------------------------------------------------- + // Disable support for 3D graphics APIs. Enabling this setting prevents web + // pages from accessing the graphics processing unit (GPU). Specifically, web + // pages can not access the WebGL API and plugins can not use the Pepper 3D + // API. Disabling this setting or leaving it not set potentially allows web + // pages to use the WebGL API and plugins to use the Pepper 3D API. The + // default settings of the browser may still require command line arguments to + // be passed in order to use these APIs. + + //"Disable3DAPIs": false, + + // Disable CNAME lookup when negotiating Kerberos authentication + //------------------------------------------------------------------------- + // Specifies whether the generated Kerberos SPN is based on the canonical DNS + // name or the original name entered. If you enable this setting, CNAME + // lookup will be skipped and the server name will be used as entered. If you + // disable this setting or leave it not set, the canonical name of the server + // will be determined via CNAME lookup. + + //"DisableAuthNegotiateCnameLookup": false, + + // Specify whether the plugin finder should be disabled + //------------------------------------------------------------------------- + // If you set this setting to enabled the automatic search and installation of + // missing plugins will be disabled in Google Chrome. Setting this option to + // disabled or leave it not set the plugin finder will be active. + + //"DisablePluginFinder": true, + + // Disable Print Preview + //------------------------------------------------------------------------- + // Disable print preview. This setting is used to force the use of the system + // print dialog instead of print preview. + + //"DisablePrintPreview": false, + + // Disable SSL record splitting + //------------------------------------------------------------------------- + // Specifies whether SSL record splitting should be disabled. Record splitting + // is a workaround for a weakness in SSL 3.0 and TLS 1.0 but can cause + // compatibility issues with some HTTPS servers and proxies. If the policy is + // not set, or is set to false, then record splitting will be used on SSL/TLS + // connections which use CBC ciphersuites. + + //"DisableSSLRecordSplitting": true, + + // Disable SPDY protocol + //------------------------------------------------------------------------- + // Disables use of the SPDY protocol in Google Chrome. If this policy is + // enabled the SPDY protocol will not be available in Google Chrome. Setting + // this policy to disabled will allow the usage of SPDY. If this policy is + // left not set, SPDY will be available. + + //"DisableSpdy": true, + + // Specify a list of disabled plugins + //------------------------------------------------------------------------- + // Specifies a list of plugins that are disabled in Google Chrome and prevents + // users from changing this setting. The wildcard characters '*' and '?' can + // be used to match sequences of arbitrary characters. '*' matches an + // arbitrary number of characters while '?' specifies an optional single + // character, i.e. matches zero or one characters. The escape character is + // '\', so to match actual '*', '?', or '\' characters, you can put a '\' in + // front of them. If you enable this setting, the specified list of plugins + // is never used in Google Chrome. The plugins are marked as disabled in + // 'about:plugins' and users cannot enable them. Note that this policy can be + // overriden by EnabledPlugins and DisabledPluginsExceptions. If this policy + // is left not set the user can use any plugin installed on the system except + // for hard-coded incompatible, outdated or dangerous plugins. + + //"DisabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], + + // Specify a list of plugins that the user can enable or disable + //------------------------------------------------------------------------- + // Specifies a list of plugins that user can enable or disable in Google + // Chrome. The wildcard characters '*' and '?' can be used to match sequences + // of arbitrary characters. '*' matches an arbitrary number of characters + // while '?' specifies an optional single character, i.e. matches zero or one + // characters. The escape character is '\', so to match actual '*', '?', or + // '\' characters, you can put a '\' in front of them. If you enable this + // setting, the specified list of plugins can be used in Google Chrome. Users + // can enable or disable them in 'about:plugins', even if the plugin also + // matches a pattern in DisabledPlugins. Users can also enable and disable + // plugins that don't match any patterns in DisabledPlugins, + // DisabledPluginsExceptions and EnabledPlugins. This policy is meant to + // allow for strict plugin balcklisting where the 'DisabledPlugins' list + // contains wildcarded entries like disable all plugins '*' or disable all + // Java plugins '*Java*' but the administrator wishes to enable some + // particular version like 'IcedTea Java 2.3'. This particular versions can be + // specified in this policy. If this policy is left not set any plugin that + // matches the patterns in the 'DisabledPlugins' will be locked disabled and + // the user won't be able to enable them. + + //"DisabledPluginsExceptions": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], + + // Disable URL protocol schemes + //------------------------------------------------------------------------- + // Disables the listed protocol schemes in Google Chrome. URLs using a scheme + // from this list will not load and can not be navigated to. If this policy + // is left not set or the list is empty all schemes will be accessible in + // Google Chrome. + + //"DisabledSchemes": ["file", "mailto"], + + // Set disk cache directory + //------------------------------------------------------------------------- + // Configures the directory that Google Chrome will use for storing cached + // files on the disk. If you set this policy, Google Chrome will use the + // provided directory regardless whether the user has specified the '--disk- + // cache-dir' flag or not. If this policy is left not set the default cache + // directory will be used and the user will be able to override it with the + // '--disk-cache-dir' command line flag. + + //"DiskCacheDir": "${user_home}/Chrome_cache", + + // Set disk cache size in bytes + //------------------------------------------------------------------------- + // Configures the cache size that Google Chrome will use for storing cached + // files on the disk. If you set this policy, Google Chrome will use the + // provided cache size regardless whether the user has specified the '--disk- + // cache-size' flag or not. If the value of this policy is 0, the default + // cache size will be used but the user will not be able to change it. If + // this policy is not set the default size will be used and the user will be + // able to override it with the --disk-cache-size flag. + + //"DiskCacheSize": 104857600, + + // Enable network prediction. + //------------------------------------------------------------------------- + // Enables network prediction in Google Chrome and prevents users from + // changing this setting. If you enable or disable this setting, users cannot + // change or override this setting in Google Chrome. If this policy is left + // not set, this will be enabled but the user will be able to change it. + + //"DnsPrefetchingEnabled": true, + + // Set download directory + //------------------------------------------------------------------------- + // Configures the directory that Google Chrome will use for downloading files. + // If you set this policy, Google Chrome will use the provided directory + // regardless whether the user has specified one or enabled the flag to be + // prompted for download location every time. If this policy is left not set + // the default download directory will be used and the user will be able to + // change it. + + //"DownloadDirectory": "/home/${user_name}/Downloads", + + // Enables or disables bookmark editing + //------------------------------------------------------------------------- + // Enables or disables editing bookmarks in Google Chrome. If you enable this + // setting, bookmarks can be added, removed or modified. This is the default + // also when this policy is not set. If you disable this setting, bookmarks + // can not be added, removed or modified. Existing bookmarks are still + // available. + + //"EditBookmarksEnabled": false, + + // Include non-standard port in Kerberos SPN + //------------------------------------------------------------------------- + // Specifies whether the generated Kerberos SPN should include a non-standard + // port. If you enable this setting, and a non-standard port (i.e., a port + // other than 80 or 443) is entered, it will be included in the generated + // Kerberos SPN. If you disable this setting or leave it not set, the + // generated Kerberos SPN will not include a port in any case. + + //"EnableAuthNegotiatePort": false, + + // Whether online OCSP/CRL checks are performed + //------------------------------------------------------------------------- + // In light of the fact that soft-fail, online revocation checks provide no + // effective security benefit, they are disabled by default in Google Chrome + // version 19 and later. By setting this policy to true, the previous + // behaviour is restored and online OCSP/CRL checks will be performed. If the + // policy is not set, or is set to false, then Chrome will not perform online + // revocation checks in Chrome 19 and later. + + //"EnableOnlineRevocationChecks": false, + + // Specify a list of enabled plugins + //------------------------------------------------------------------------- + // Specifies a list of plugins that are enabled in Google Chrome and prevents + // users from changing this setting. The wildcard characters '*' and '?' can + // be used to match sequences of arbitrary characters. '*' matches an + // arbitrary number of characters while '?' specifies an optional single + // character, i.e. matches zero or one characters. The escape character is + // '\', so to match actual '*', '?', or '\' characters, you can put a '\' in + // front of them. The specified list of plugins is always used in Google + // Chrome if they are installed. The plugins are marked as enabled in + // 'about:plugins' and users cannot disable them. Note that this policy + // overrides both DisabledPlugins and DisabledPluginsExceptions. If this + // policy is left not set the user can disable any plugin installed on the + // system. + + //"EnabledPlugins": ["Java", "Shockwave Flash", "Chrome PDF Viewer"], + + // Enterprise web store name + //------------------------------------------------------------------------- + // The name of the enterprise web store, which will appear underneath the app + // icon on the new tab page. This setting has no effect if + // EnterpriseWebStoreURL is not set. If this setting is disabled, the + // enterprise web store app (if it exists) will be labeled with its URL. + + //"EnterpriseWebStoreName": "WidgCo Chrome Apps", + + // Enterprise web store URL + //------------------------------------------------------------------------- + // Specifies the URL for the enterprise web store. When this setting is + // enabled, an app will appear on the new tab page which, when clicked, will + // take the user to the specified URL. Extensions and apps can be installed + // from this page without extra warnings being presented to the user. If this + // policy is set, the EnterpriseWebStoreName setting should also be set. If + // this setting is disabled, no enterprise web store app will appear on the + // new tab page. + + //"EnterpriseWebStoreURL": "http://company-intranet/chromeapps", + + // Configure extension installation blacklist + //------------------------------------------------------------------------- + // Allows you to specify which extensions the users can NOT install. + // Extensions already installed will be removed if blacklisted. A blacklist + // value of '*' means all extensions are blacklisted unless they are + // explicitly listed in the whitelist. If this policy is left not set the + // user can install any extension in Google Chrome. + + //"ExtensionInstallBlacklist": ["extension_id1", "extension_id2"], + + // Configure the list of force-installed extensions + //------------------------------------------------------------------------- + // Allows you to specify a list of extensions that will be installed silently, + // without user interaction. Each item of the list is a string that contains + // an extension ID and an update URL delimited by a semicolon (;). The + // extension ID is the 32-letter string found e.g. on chrome://extensions when + // in developer mode. The update URL should point to an Update Manifest XML + // document as described at + // http://code.google.com/chrome/extensions/autoupdate.html. For each item, + // Google Chrome will retrieve the extension specified by the extension ID + // from the update service at the specified update URL and silently install + // it. For example, + // lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx + // installs the Google SSL Web Search extension from the standard Chrome Web + // Store update URL. For more information about hosting extensions, see: + // http://code.google.com/chrome/extensions/hosting.html. Users will be + // unable to uninstall extensions that are specified by this policy. If you + // remove an extension from this list, then it will be automatically + // uninstalled by Google Chrome. If this policy is left not set the user can + // uninstall any extension in Google Chrome. + + //"ExtensionInstallForcelist": ["lcncmkcnkcdbbanbjakcencbaoegdjlp;https://clients2.google.com/service/update2/crx"], + + // Configure extension installation whitelist + //------------------------------------------------------------------------- + // Allows you to specify which extensions are not subject to the blacklist. A + // blacklist value of * means all extensions are blacklisted and users can + // only install extensions listed in the whitelist. By default, all + // extensions are whitelisted, but if all extensions have been blacklisted by + // policy, the whitelist can be used to override that policy. + + //"ExtensionInstallWhitelist": ["extension_id1", "extension_id2"], + + // GSSAPI library name + //------------------------------------------------------------------------- + // Specifies which GSSAPI library to use for HTTP Authentication. You can set + // either just a library name, or a full path. If no setting is provided, + // Google Chrome will fall back to using a default library name. + + //"GSSAPILibraryName": "libgssapi_krb5.so.2", + + // Prevent app promotions from appearing on the new tab page + //------------------------------------------------------------------------- + // When set to True, promotions for Chrome Web Store apps will not appear on + // the new tab page. Setting this option to False or leaving it not set will + // make the promotions for Chrome Web Store apps appear on the new tab page + + //"HideWebStorePromo": false, + + // Use New Tab Page as homepage + //------------------------------------------------------------------------- + // Configures the type of the default home page in Google Chrome and prevents + // users from changing home page preferences. The home page can either be set + // to a URL you specify or set to the New Tab Page. If you enable this + // setting, the New Tab Page is always used for the home page, and the home + // page URL location is ignored. If you disable this setting, the user's + // homepage will never be the New Tab Page, unless its URL is set to + // 'chrome://newtab'. If you enable or disable this setting, users cannot + // change their homepage type in Google Chrome. Leaving this policy not set + // will allow the user to choose whether the new tab page is his home page on + // his own. + + "HomepageIsNewTabPage": false, + + // Configure the home page URL + //------------------------------------------------------------------------- + // Configures the default home page URL in Google Chrome and prevents users + // from changing it. The home page type can either be set to a URL you + // specify here or set to the New Tab Page. If you select the New Tab Page, + // then this policy is ignored. If you enable this setting, users cannot + // change their home page URL in Google Chrome, but they can still can choose + // the New Tab Page as their home page. Leaving this policy not set will + // allow the user to choose his home page on his own if HomepageIsNewTabPage + // is not set too. + + "HomepageLocation": "http://www.google.com/cse/home?cx=partner-pub-6065445074637525:8941524350", + + // Allow images on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to display images. If this policy is left not set the global + // default value will be used for all sites either from the + // 'DefaultImagesSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"ImagesAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block images on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to display images. If this policy is left not set the global + // default value will be used for all sites either from the + // 'DefaultImagesSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"ImagesBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Import bookmarks from default browser on first run + //------------------------------------------------------------------------- + // This policy forces bookmarks to be imported from the current default + // browser if enabled. If enabled, this policy also affects the import dialog. + // If disabled, no bookmarks are imported. If it is not set, the user may be + // asked whether to import, or importing may happen automatically. + + //"ImportBookmarks": true, + + // Import browsing history from default browser on first run + //------------------------------------------------------------------------- + // This policy forces the browsing history to be imported from the current + // default browser if enabled. If enabled, this policy also affects the import + // dialog. If disabled, no browsing history is imported. If it is not set, + // the user may be asked whether to import, or importing may happen + // automatically. + + //"ImportHistory": true, + + // Import of homepage from default browser on first run + //------------------------------------------------------------------------- + // This policy forces the home page to be imported from the current default + // browser if enabled. If disabled, the home page is not imported. If it is + // not set, the user may be asked whether to import, or importing may happen + // automatically. + + //"ImportHomepage": true, + + // Import saved passwords from default browser on first run + //------------------------------------------------------------------------- + // This policy forces the saved passwords to be imported from the previous + // default browser if enabled. If enabled, this policy also affects the import + // dialog. If disabled, the saved passwords are not imported. If it is not + // set, the user may be asked whether to import, or importing may happen + // automatically. + + //"ImportSavedPasswords": true, + + // Import search engines from default browser on first run + //------------------------------------------------------------------------- + // This policy forces search engines to be imported from the current default + // browser if enabled. If enabled, this policy also affects the import dialog. + // If disabled, the default search engine is not imported. If it is not set, + // the user may be asked whether to import, or importing may happen + // automatically. + + "ImportSearchEngine": false, + + // Incognito mode availability. + //------------------------------------------------------------------------- + // Specifies whether the user may open pages in Incognito mode in Google + // Chrome. If 'Enabled' is selected or the policy is left unset, pages may be + // opened in Incognito mode. If 'Disabled' is selected, pages may not be + // opened in Incognito mode. If 'Forced' is selected, pages may be opened + // ONLY in Incognito mode. + + //"IncognitoModeAvailability": 1, + + // Enable Instant + //------------------------------------------------------------------------- + // Enables Google Chrome's Instant feature and prevents users from changing + // this setting. If you enable this setting, Google Chrome Instant is + // enabled. If you disable this setting, Google Chrome Instant is disabled. + // If you enable or disable this setting, users cannot change or override this + // setting. If this setting is left not set the user can decide to use this + // function or not. + + //"InstantEnabled": true, + + // Allow JavaScript on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to run JavaScript. If this policy is left not set the global + // default value will be used for all sites either from the + // 'DefaultJavaScriptSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"JavaScriptAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block JavaScript on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to run JavaScript. If this policy is left not set the global + // default value will be used for all sites either from the + // 'DefaultJavaScriptSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"JavaScriptBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Maximal number of concurrent connections to the proxy server + //------------------------------------------------------------------------- + // Specifies the maximal number of simultanious connections to the proxy + // server. Some proxy servers can not handle high number of concurrent + // connections per client and this can be solved by setting this policy to a + // lower value. The value of this policy should be lower than 100 and higher + // than 6 and the default value is 32. Some web apps are known to consume + // many connections with hanging GETs, so lowering below 32 may lead to + // browser networking hangs if too many such web apps are open. Lower below + // the default at your own risk. If this policy is left not set the default + // value will be used which is 32. + + //"MaxConnectionsPerProxy": 32, + + // Set media disk cache size in bytes + //------------------------------------------------------------------------- + // Configures the chache size that Google Chrome will use for storing cached + // media files on the disk. If you set this policy, Google Chrome will use + // the provided cache size regardless whether the user has specified the + // '--media-cache-size' flag or not. If the value of this policy is 0, the + // default cache size will be used but the user will not be able to change it. + // If this policy is not set the default size will be used and the user will + // be able to override it with the --media-cache-size flag. + + //"MediaCacheSize": 104857600, + + // Enable reporting of usage and crash-related data + //------------------------------------------------------------------------- + // Enables anonymous reporting of usage and crash-related data about Google + // Chrome to Google and prevents users from changing this setting. If you + // enable this setting, anonymous reporting of usage and crash-related data is + // sent to Google. If you disable this setting, anonymous reporting of usage + // and crash-related data is never sent to Google. If you enable or disable + // this setting, users cannot change or override this setting in Google + // Chrome. If this policy is left not set the setting will be what the user + // chose upon installation / first run. + + //"MetricsReportingEnabled": true, + + // Allow notifications on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to display notifications. If this policy is left not set the + // global default value will be used for all sites either from the + // 'DefaultNotificationsSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"NotificationsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block notifications on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to display notifications. If this policy is left not set the + // global default value will be used for all sites either from the + // 'DefaultNotificationsSetting' policy if it is set, or the user's personal + // configuration otherwise. + + //"NotificationsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Allow users to show passwords in Password Manager + //------------------------------------------------------------------------- + // Controls whether the user may show passwords in clear text in the password + // manager. If you disable this setting, the password manager does not allow + // showing stored passwords in clear text in the password manager window. If + // you enable or do not set this policy, users can view their passwords in + // clear text in the password manager. + + "PasswordManagerAllowShowPasswords": false, + + // Enable the password manager + //------------------------------------------------------------------------- + // Enables saving passwords and using saved passwords in Google Chrome. If + // you enable this setting, users can have Google Chrome memorize passwords + // and provide them automatically the next time they log in to a site. If you + // disable this setting, users are not able to save passwords or use already + // saved passwords. If you enable or disable this setting, users cannot + // change or override this setting in Google Chrome. If this policy is left + // not set, this will be enabled but the user will be able to change it. + + "PasswordManagerEnabled": false, + + // Allow plugins on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to run plugins. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultPluginsSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"PluginsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block plugins on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to run plugins. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultPluginsSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"PluginsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Allow popups on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are + // allowed to open popups. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultPopupsSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"PopupsAllowedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Block popups on these sites + //------------------------------------------------------------------------- + // Allows you to set a list of url patterns that specify sites which are not + // allowed to open popups. If this policy is left not set the global default + // value will be used for all sites either from the 'DefaultPopupsSetting' + // policy if it is set, or the user's personal configuration otherwise. + + //"PopupsBlockedForUrls": ["http://www.example.com", "[*.]example.edu"], + + // Enable printing + //------------------------------------------------------------------------- + // Enables printing in Google Chrome and prevents users from changing this + // setting. If this setting is enabled or not configured, users can print. + // If this setting is disabled, users cannot print from Google Chrome. + // Printing is disabled in the wrench menu, extensions, JavaScript + // applications, etc. It is still possible to print from plugins that bypass + // Google Chrome while printing. For example certain Flash applications has + // the print option in their context menu, and that will not be disabled. If + // this policy is left not set, this will be enabled but the user will be able + // to change it. + + //"PrintingEnabled": true, + + // Proxy bypass rules + //------------------------------------------------------------------------- + // Google Chrome will bypass any proxy for the list of hosts given here. This + // policy only takes effect if you have selected manual proxy settings at + // 'Choose how to specify proxy server settings'. You should leave this + // policy not set if you have selected any other mode for setting proxy + // policies. For more detailed examples, visit: + // http://www.chromium.org/developers/design-documents/network-settings#TOC- + // Command-line-options-for-proxy-sett + + //"ProxyBypassList": "http://www.example1.com,http://www.example2.com,http://internalsite/", + + // Choose how to specify proxy server settings + //------------------------------------------------------------------------- + // Allows you to specify the proxy server used by Google Chrome and prevents + // users from changing proxy settings. If you choose to never use a proxy + // server and always connect directly, all other options are ignored. If you + // choose to use system proxy settings or auto detect the proxy server, all + // other options are ignored. If you choose fixed server proxy mode, you can + // specify further options in 'Address or URL of proxy server' and 'Comma- + // separated list of proxy bypass rules'. If you choose to use a .pac proxy + // script, you must specify the URL to the script in 'URL to a proxy .pac + // file'. For detailed examples, visit: http://www.chromium.org/developers + // /design-documents/network-settings#TOC-Command-line-options-for-proxy-sett + // If you enable this setting, Google Chrome ignores all proxy-related options + // specified from the command line. Leaving this policy not set will allow + // the users to choose the proxy settings on their own. + + //"ProxyMode": "direct", + + // URL to a proxy .pac file + //------------------------------------------------------------------------- + // You can specify a URL to a proxy .pac file here. This policy only takes + // effect if you have selected manual proxy settings at 'Choose how to specify + // proxy server settings'. You should leave this policy not set if you have + // selected any other mode for setting proxy policies. For detailed examples, + // visit: http://www.chromium.org/developers/design-documents/network-settings + // #TOC-Command-line-options-for-proxy-sett + + //"ProxyPacUrl": "http://internal.site/example.pac", + + // Address or URL of proxy server + //------------------------------------------------------------------------- + // You can specify the URL of the proxy server here. This policy only takes + // effect if you have selected manual proxy settings at 'Choose how to specify + // proxy server settings'. You should leave this policy not set if you have + // selected any other mode for setting proxy policies. For more options and + // detailed examples, visit: http://www.chromium.org/developers/design- + // documents/network-settings#TOC-Command-line-options-for-proxy-sett + + //"ProxyServer": "123.123.123.123:8080", + + // Enable firewall traversal from remote access host + //------------------------------------------------------------------------- + // Enables usage of STUN and relay servers when remote clients are trying to + // establish a connection to this machine. If this setting is enabled, then + // remote clients can discover and connect to this machines even if they are + // separated by a firewall. If this setting is disabled and outgoing UDP + // connections are filtered by the firewall, then this machine will only allow + // connections from client machines within the local network. If this policy + // is left not set the setting will be enabled. + + //"RemoteAccessHostFirewallTraversal": false, + + // Action on startup + //------------------------------------------------------------------------- + // Allows you to specify the behavior on startup. If you choose 'Open home + // page' the home page will always be opened when you start Google Chrome. If + // you choose 'Restore the last session', the URLs that were open last time + // Google Chrome was closed will be reopened and the browsing session will be + // restored as it was left. Choosing this option disables some settings that + // rely on sessions or that perform actions on exit (such as Clear browsing + // data on exit or session-only cookies). If you choose 'Open a list of + // URLs', the list of 'URLs to open on startup' will be opened when a user + // starts Google Chrome. If you enable this setting, users cannot change or + // override it in Google Chrome. Disabling this setting is equvalent to + // leaving it not configured. The user will still be able to change it in + // Google Chrome. + "RestoreOnStartup": 4, + + // URLs to open on startup + //------------------------------------------------------------------------- + // If 'Open a list of URLs' is selected as the startup action, this allows you + // to specify the list of URLs that are opened. If left not set no URL will be + // opened on start up. This policy only works if the 'RestoreOnStartup' + // policy is set to 'RestoreOnStartupIsURLs'. + + "RestoreOnStartupURLs": ["http://www.google.com/cse?cx=partner-pub-6065445074637525:8941524350"], + + // Enable Safe Browsing + //------------------------------------------------------------------------- + // Enables Google Chrome's Safe Browsing feature and prevents users from + // changing this setting. If you enable this setting, Safe Browsing is always + // active. If you disable this setting, Safe Browsing is never active. If + // you enable or disable this setting, users cannot change or override this + // setting in Google Chrome. If this policy is left not set, this will be + // enabled but the user will be able to change it. + + //"SafeBrowsingEnabled": true, + + // Disable saving browser history + //------------------------------------------------------------------------- + // Disables saving browser history in Google Chrome and prevents users from + // changing this setting. If this setting is enabled, browsing history is not + // saved. If this setting is disabled or not set, browsing history is saved. + + //"SavingBrowserHistoryDisabled": true, + + // Enable search suggestions + //------------------------------------------------------------------------- + // Enables search suggestions in Google Chrome's Omnibox and prevents users + // from changing this setting. If you enable this setting, search suggestions + // are used. If you disable this setting, search suggestions are never used. + // If you enable or disable this setting, users cannot change or override this + // setting in Google Chrome. If this policy is left not set, this will be + // enabled but the user will be able to change it. + + //"SearchSuggestEnabled": true, + + // Show Home button on toolbar + //------------------------------------------------------------------------- + // Shows the Home button on Google Chrome's toolbar. If you enable this + // setting, the Home button is always shown. If you disable this setting, the + // Home button is never shown. If you enable or disable this setting, users + // cannot change or override this setting in Google Chrome. Leaving this + // policy not set will allow the user to choose whether to show the home + // button. + + "ShowHomeButton": true, + + // Disable synchronization of data with Google + //------------------------------------------------------------------------- + // Disables data synchronization in Google Chrome using Google-hosted + // synchronization services and prevents users from changing this setting. If + // you enable this setting, users cannot change or override this setting in + // Google Chrome. If this policy is left not set Google Sync will be + // available for the user to choose whether to use it or not. + + "SyncDisabled": true, + + // Enable Translate + //------------------------------------------------------------------------- + // Enables the integrated Google Translate service on Google Chrome. If you + // enable this setting, Google Chrome will show an integrated toolbar offering + // to translate the page for the user, when appropriate. If you disable this + // setting, users will never see the translation bar. If you enable or + // disable this setting, users cannot change or override this setting in + // Google Chrome. If this setting is left not set the user can decide to use + // this function or not. + + "TranslateEnabled": false, + + // Block access to a list of URLs + //------------------------------------------------------------------------- + // Blocks access to the listed URLs. This policy prevents the user from + // loading web pages from blacklisted URLs. A URL has the format + // 'scheme://host:port/path'. The optional scheme can be http, https or ftp. + // Only this scheme will be blocked; if none is specified, all schemes are + // blocked. The host can be a hostname or an IP address. Subdomains of a + // hostname will also be blocked. To prevent blocking subdomains, include a + // '.' before the hostname. The special hostname '*' will block all domains. + // The optional port is a valid port number from 1 to 65535. If none is + // specified, all ports are blocked. If the optional path is specified, only + // paths with that prefix will be blocked. Exceptions can be defined in the + // URL whitelist policy. These policies are limited to 100 entries; subsequent + // entries will be ignored. If this policy is not set no URL will be + // blacklisted in the browser. + + //"URLBlacklist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com", "*"], + + // Allows access to a list of URLs + //------------------------------------------------------------------------- + // Allows access to the listed URLs, as exceptions to the URL blacklist. See + // the description of the URL blacklist policy for the format of entries of + // this list. This policy can be used to open exceptions to restrictive + // blacklists. For example, '*' can be blacklisted to block all requests, and + // this policy can be used to allow access to a limited list of URLs. It can + // be used to open exceptions to certain schemes, subdomains of other domains, + // ports, or specific paths. The most specific filter will determine if a URL + // is blocked or allowed. The whitelist takes precedence over the blacklist. + // This policy is limited to 100 entries; subsequent entries will be ignored. + // If this policy is not set there will be no exceptions to the blacklist from + // the 'URLBlacklist' policy. + + //"URLWhitelist": ["example.com", "https://ssl.server.com", "hosting.com/bad_path", "http://server:8080/path", ".exact.hostname.com"] + +} \ No newline at end of file