Closed Bug 1491664 Opened Last year Closed Last year

"ImportEnterpriseRoots": false does not work


(Firefox :: Enterprise Policies, defect, P1)

60 Branch



Firefox 64
Tracking Status
firefox64 --- fixed


(Reporter: soeren.hentzschel, Assigned: mkaply)




(1 file)

The ImportEnterpriseRoots does not work as expected. According to the documentation both true and false values are allowed:

But it doesn't matter if you set ImportEnterpriseRoots to true or false. In both cases Firefox locks the pereference security.enterprise_roots.enabled to true.

Maybe it's not intended to set the value to false. I looked at the code and the code doesn't handle different values, it always set security.enterprise_roots.enabled to true when the ImportEnterpriseRoots policy is used. In this case the documentation is wrong. But I guess it makes sense to allow both values, as documented, to lock the setting.

First reported here:
Summary: ImportEnterpriseRoots policy is broken → "ImportEnterpriseRoots": false does not work
Hi Mike,

even if you will fix the implementation or the documentation at a later point, could you please at least clarify whether the implementation or the documentation is wrong? Because if it's work as intended and only the documentation is wrong then I have to change the option in the Enterprise Policy Generator add-on and I have to make sure that there are no migrations problems with already saved configurations. It would be a help for me to know if I have to schedule time for this.

Thank you!
Flags: needinfo?(mozilla)
I'm definitely planning to fix this in the code, but it was written to spec originally.

I've updated the documentation.
Assignee: nobody → mozilla
Flags: needinfo?(mozilla)
Priority: -- → P1
Pushed by
Allow true and false for ImportEnterpriseRoots policy. r=Felipe
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 64
You need to log in before you can comment on or make changes to this bug.