GPO WIsh: Force pdf.js rendering

[Kaya84]

In a corporate environment for specific application design, firefox need to render PDF inside firefox using integrated preview. Actually, if a user select "download always", this broke up the preview. Is it possible to add a gpo rules like "Force using of pdf preview inside firefox"? User can always download the file using the specific button, if wanted.

[cypherstream]

I agree. You could add this to my request regarding pdf.js customization: https://github.com/mozilla/policy-templates/issues/349

I ended up using autoconfig.cfg referenced by an autoconfig.js file that group policy copies from a DFS file share down to the Mozilla Firefox program files folder.

But yeah the GPO's are far from a be all end all. We use the GPO's for some things and the autoconfig.cfg file that specifies pref(" ", ); statements together to get firefox how we want it for many things, including pdf.js. Search about:config for pdf.js and there are quite a few potential entries in there to play with.

[mkaply]

Can you let me know what preferences in particular are missing?

[cypherstream]

Here is what we are using config files for. I know some of it can be done in GPO like the NTLM stuff, but it remains here from doing it this way for awhile.

autoconfig.js

// Firefox autoconfig.js 4-01-2019
pref("general.config.filename", "autoconfig.cfg");
pref("general.config.filename", "cert_override.cfg");
pref("general.config.obscure_value", 0);

autoconfig.cfg (our domain name changed to domain.com for the sake of this post)

//Firefox autoconfig.cfg 3-11-2019
pref("pdfjs.defaultZoomValue", "page-width");
pref("security.enterprise_roots.enabled", true);
pref("network.automatic-ntlm-auth.trusted-uris", ".domain.com");
pref("network.negotiate-auth.trusted-uris", "domain.com");
pref("browser.shell.checkDefaultBrowser", false);
pref("accessibility.force_disabled", 1);
pref("security.pki.distrust_ca_policy", 0);
pref("datareporting.policy.firstRunURL", "");
pref("browser.newtabpage.activity-stream.disableSnippets", true);
pref("browser.newtabpage.activity-stream.feeds.favicon", false);
pref("browser.newtabpage.activity-stream.feeds.migration", false);
pref("browser.newtabpage.activity-stream.feeds.newtabinit", false);
pref("browser.newtabpage.activity-stream.feeds.places", false);
pref("browser.newtabpage.activity-stream.feeds.prefs", false);
pref("browser.newtabpage.activity-stream.feeds.section.highlights", false);
pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
pref("browser.newtabpage.activity-stream.feeds.section.topstories.options", "");
pref("browser.newtabpage.activity-stream.feeds.sections", false);
pref("browser.newtabpage.activity-stream.feeds.snippets", false);
pref("browser.newtabpage.activity-stream.feeds.systemtick", false);
pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
pref("browser.newtabpage.activity-stream.feeds.topsites", false);
pref("browser.newtabpage.activity-stream.migrationExpired", true);
pref("browser.newtabpage.activity-stream.prerender", false);
pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
pref("browser.newtabpage.activity-stream.showSponsored", false);
pref("browser.newtabpage.activity-stream.showTopSites", false);
pref("browser.newtabpage.activity-stream.telemetry", false);
pref("browser.newtabpage.activity-stream.telemetry.ping.endpoint", "");
pref("browser.newtabpage.activity-stream.telemetry.ut.events", false);
pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
pref("browser.onboarding.enabled", false);
pref("network.captive-portal-service.enabled", false);
pref("browser.ping-centre.telemetry", false);
pref("toolkit.telemetry.archive.enabled", false);
pref("toolkit.telemetry.bhrPing.enabled", false);
pref("toolkit.telemetry.enabled", false);
pref("toolkit.telemetry.firstShutdownPing.enabled", false);
pref("toolkit.telemetry.hybridContent.enabled", false);
pref("toolkit.telemetry.newProfilePing.enabled", false);
pref("toolkit.telemetry.reportingpolicy.firstRun", false);
pref("toolkit.telemetry.shutdownPingSender.enabled", false);
pref("toolkit.telemetry.rejected", true);
pref("toolkit.telemetry.server", "");
pref("toolkit.telemetry.unified", false);
pref("toolkit.telemetry.unifiedIsOptIn", false);
pref("toolkit.telemetry.updatePing.enabled", false);
pref("toolkit.telemetry.prompted", 2);
pref("toolkit.telemetry.rejected", true);
pref("experiments.activeExperiment", false);
pref("experiments.enabled", false);
pref("experiments.supported", false);
pref("network.allow-experiments", false);
pref("browser.disableResetPrompt", true);
pref("datareporting.policy.dataSubmissionEnabled", false);
pref("datareporting.healthreport.infoURL", "");
pref("datareporting.healthreport.uploadEnabled", false);

cert_override.cfg

//
const {classes: Cc, interfaces: Ci, utils: Cu} = Components;
Cu.import("resource://gre/modules/Services.jsm");
Cu.import("resource://gre/modules/FileUtils.jsm");

var profileDir = Services.dirsvc.get("ProfD", Ci.nsIFile);
var certDBFile = profileDir.clone();
certDBFile.append("cert_override.txt")
// If cert_override.txt isn't there, it's a new profile
if (!certDBFile.exists()) {
  var defaultProfileDir = Services.dirsvc.get("GreD", Ci.nsIFile);
  defaultProfileDir.append("defaults");
  defaultProfileDir.append("profile");
  try {
    copyDir(defaultProfileDir, profileDir);
  } catch (e) {
    Components.utils.reportError(e);
  }
}

function copyDir(aOriginal, aDestination) {
  var enumerator = aOriginal.directoryEntries;
  while (enumerator.hasMoreElements()) {
    var file = enumerator.getNext().QueryInterface(Components.interfaces.nsIFile);
    if (file.isDirectory()) {
      var subdir = aDestination.clone();
      subdir.append(file.leafName);
      try {
        subdir.create(Ci.nsIFile.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY);
        copyDir(file, subdir);
      } catch (e) {
        Components.utils.reportError(e);
      }
    } else {
      try {
        file.copyTo(aDestination, null);
      } catch (e) {
        Components.utils.reportError(e);
      }
    }
  }
}

autoconfig.cfg, autoconfig.js, cert_override.cfg and cert_override.txt all copied to their proper locations using Group Policy Preferences (from Windows share down to C:\Program Files\Mozilla Firefox).

We have Firefox ESR 64-bit deployed and kept up to date using SolarWinds Patch Manager which pushes third party updates / applications over to the WSUS server for installation via the Windows Update mechanism.

[mkaply]

1. That's a lot of preferences (many of which are unnecessary/duplicates).
2. Many of those are controlled by policy.
3. You'll need to continue to use Autoconfig. Most of those prefs, I won't be adding to policy. They are way too obscure.

[Kaya84]

Please don't broke up my request. I asked only for "Force using of pdf preview inside firefox" gpo, even if other options are welcome, I think it's better if you post these in your issue request. thanks

[mkaply]

@Kaya84 Don't worry, haven't lost your request.

[Kaya84]

@mkaply Thank u very much.

[dyd0u]

Hi, I'm interested in this feature too.

Maybe we could now use the new handlers policy settings? A new action usePDFjs or useInternalViewer could be created and set for PDF mimetype/extension, and the settings would be:

{
  "mimeTypes": {
    "application/pdf": {
      "action": "usePDFjs",
      "ask": false
    }
  }
}

@mkaply, what do you think ?

[mkaply]

So this is the default. Are you saying where the cases where Firefox tries to download a PDF, force it in Firefox?

Like:

https://smallpdf.com/shared#pt=02fdd17c-5a41-4a2c-a381-e094422dca8d

[dyd0u]

Sorry my explanation was not clear.

It is the same request as @Kaya84 in his first post. Today, if a user checks "Do this automatically..." when downloading a PDF (like the sample you sent), the setting is saved and all PDFs (including those that should be opened with PDFjs) are downloaded. I would like to prevent this and force all PDFs to be opened with PDFjs with GPO it so the user can't change it. That way, even if a user checks the case when downloading, the setting is automatically reapplied next time FF is opened.

In other terms, I would like a way to set action: 3 in handlers.json (Open in Firefox) with GPO. That's why I thought we could use the new handlers policy settings.

[mkaply]

So looked into doing this and unfortunately found that do this automatically doesn't work for downloaded PDF files at all (independent of policies). Once that is fixed, I'll add this option in.

[mkaply]

https://bugzilla.mozilla.org/show_bug.cgi?id=1659794

[lucamanga]

+1 we need this to be fixed, too.

[mkaply]

So I've looked into this more, and the issue is the content-disposition header.

Many websites say "you will download this" and we can't make Firefox open those up automatically.

I would suggest looking into an addon like this:

https://addons.mozilla.org/en-US/firefox/addon/no-pdf-download/