For enterprise use, the popup blocker feature is required but it is needed that their internal websites are "allowed" by default. Other permissions also. Thus I developed an addon "Permission Auto Registerer" to register site permissions based on preferences given by the system administrator via MCD (Mission Control Desktop) mechanism. https://addons.mozilla.org/firefox/addon/permissions-auto-registerer/ After XUL is ended, I need something to alter it - WebExtensions APIs to do it, or something others.
Summary: Add ability to manage site permissions by the system administrator (add, remove, update) → Add ability to manage site permissions via WebExtensions APIs (add, remove, update)
3 years ago
To be discussed at Dec. 13, 2016 WE triage meeting. Agenda: https://docs.google.com/document/d/1S1QrBK1hrulE7dlLiQzjMupHUUSwDYRYAOXiqtMHe-k/edit#
Thanks for reporting this. We have discussed it in the team and believe that it is not a good idea to open up permissions to be set by enterprise environments like MCD. The workaround is to provide a specific extension in the environment you are in that would allow permissions for the site. Therefore, we are marking this bug as WONTFIX. Nevertheless, we value your input and hope to hear from you again for any other issues you may have.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
> The workaround is to provide a specific extension in the environment you are in that would allow > permissions for the site. Sorry, I'm confused. This conclusion seems inconsistent - we cannot give permissions for specific (internal) websites via future addons because WebExtensions don't support such a feature. Could you give more explanation for bases of the decision? Your explanation seems to say: in enterprise environment we still need to use legacy (XUL/XPCOM-based or SDK-based) addon to do it. Or, that it my misunderstanding and the decision said that Firefox won't support such usecase?
Can you give me a list of permissions you would like to give sites that are not already available using WebExtension permissions? I can see specific APIs to grant permission to certain features being made available, but what we will not be allowing is a general switch that would allow MCD to blanket-allow or deny permissions.
Flags: needinfo?(philipp) → needinfo?(yuki)
(In reply to Philipp Kewisch [:Fallen] from comment #4) > Can you give me a list of permissions you would like to give sites that are > not already available using WebExtension permissions? Hmm, I think this discussion is not in the right ballpark. Did you mean that?: "Don't think to give special permissions to scripts in webpages silently, instead you (I) must migrate features of such internal webpages to WebExtensions addon and offer to use it together with those webpages to your (my) customer company." It is reasonable if it is enough easy to do, but there are some barriers. The largest reason is: our customers may not accept the approach because they have very few money to maintain their systems and they need cheapest way to make their internal systems available on Firefox. Second, the customer or the vendor who developed the internal system may not provide the original source codes for us, especially it is a SaaS application like Salesforce - this is the main reason why it is hard to do to migrate features of those webpages to WE addons.
(In reply to YUKI "Piro" Hiroshi from comment #5) > (In reply to Philipp Kewisch [:Fallen] from comment #4) > > Can you give me a list of permissions you would like to give sites that are > > not already available using WebExtension permissions? > > Hmm, I think this discussion is not in the right ballpark. Did you mean > that?: "Don't think to give special permissions to scripts in webpages > silently, instead you (I) must migrate features of such internal webpages to > WebExtensions addon and offer to use it together with those webpages to your > (my) customer company." Then I have to explain it to my customers as a Mozilla's official decision and ask to them to consider to accept it, if I've understand the meaning of the decision rightly as above. Is there any misreads?
I suspect that the fundamental issue here is that the permissions you need to modify aren't available externally (notably not in prefs) so the only way to get to them was the old-style direct manipulation of internal permissions APIs via XUL/XPCOM? So the fact that this was done from an add-on is a by-product of that limitation. The problem may not necessarily be that we don't support this use case, more that WebExtensions are the wrong approach for this kind of job.
So would it be the right approach to file a bug against Core/AutoConfig component and request an MCD API that pre-configures permissions?
(In reply to Masatoshi Kimura [:emk] from comment #8) > So would it be the right approach to file a bug against Core/AutoConfig > component and request an MCD API that pre-configures permissions? I think that would be a good approach.
Thank you. Filed bug 1328442.
You need to log in before you can comment on or make changes to this bug.