Support Disabling add-ons installation *except* from whitelisted websites
Categories
(Firefox :: Enterprise Policies, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox64 | --- | affected |
People
(Reporter: StefanG_QA, Assigned: mkaply)
Details
Attachments
(2 files, 1 obsolete file)
STR: 1. Create a configuration profile using the below example <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://addons.mozilla.org</string> <string>https://duckduckgo.com</string> </array> <key>Default</key> <false/> </dict> 2. Install the configuration profile 3. Go to https://addons.mozilla.org or https://duckduckgo.com and try to install any addon AR: Add-ons cannot be installed from the allowed pages ER: Add-ons should be installed from the allowed pages STR: 1. Create a configuration profile using the below example <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://addons.mozilla.org</string> </array> <key>Default</key> <true/> </dict> 2. Install the configuration profile 3. Go to https://addons.mozilla.org or https://duckduckgo.com and try to install any addon AR: Firefox displays a prompt "Allow Nihglty to install software on your computer". When Allow button is pressed addon is installed ER: Firefox should not display a prompt to Allow addon installation. Add-on should not be installed. The same behavior is observed if JSON file is used to set the policy.
Reporter | ||
Comment 1•5 years ago
|
||
Comment 2•5 years ago
|
||
Stefan, there are two different prompts that show up when installing add-ons: 1st - asking if the website itself can ask for extensions to be installed "Firefox/Nightly prevented this site from asking you to install add-ons" 2nd - asking for confirmation if the specific add-on can be installed "Add DuckDuckGo Privacy Essentials?" This policy only bypasses the 1st one, the 2nd can't be bypassed. https://addons.mozilla.org is already whitelisted by default in Firefox to not show the 1st one. Can you confirm that, with this policy, the 1st popup is skipped on the duckduckgo example?
Reporter | ||
Comment 3•5 years ago
|
||
If I`m using the following example: <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://addons.mozilla.org</string> <string>https://duckduckgo.com</string> </array> <key>Default</key> <true/> </dict> I can confirm that the 1st prompt is skipped on either duckduckgo.com or addons.mozilla.org. However, when using the same example but with Default set to false: <key>InstallAddonsPermission</key> <dict> <key>Allow</key> <array> <string>https://addons.mozilla.org</string> <string>https://duckduckgo.com</string> </array> <key>Default</key> <false/> </dict>
Reporter | ||
Comment 4•5 years ago
|
||
I`m not able to install any addon. I see the following message "Software installation has been disabled by your system administrator." I would expect to be able to install addon from either https://addons.mozilla.org or https://duckduckgo.com since they are listed in the Allow array. Let me know if my expectation is wrong!
Assignee | ||
Comment 5•5 years ago
|
||
> Let me know if my expectation is wrong!
That's the way we want it to work. I'm working to see if we can make that happen.
Assignee | ||
Comment 6•5 years ago
|
||
Updated•5 years ago
|
Comment 7•5 years ago
|
||
As noted in phabricator comments, the way that xpinstall.enabled and Add-ons Install permission interact (and the policy) is a bit confusing, and ideally we should figure out some clearer combination of settings. Since this has only been reported by QA, and not, as far as I know, a big requirement from users, I suggest we mark this as wontfix for now unless we hear that people really need this.
Hello everyone,
I am not sure if this is the right place to raise this, I just spent a few hours with this topic before I found this bug report.
I wanted to disable addon installation in firefox in general, but I would like to allow an approved whitelist of addons/sources. I tried to solve this with the new firefox group policies https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy.
For my understanding this should be covered by following policies:
GPedit:
Computerconfiguration\Administrative templates\Mozilla\FirefoxAddons
Allow add-on installs from websites = Enabled
Allowed sites = Enabled (with the respective whitelist)
I did some tests, but unfortunaltey I got the same results that Stefan got above.
Is it planned to resolve this issue?
BR
Patrick
Assignee | ||
Comment 9•5 years ago
|
||
Actually, this has been a major request from Github.
This will be my first priority when I'm working on policies.
Assignee | ||
Updated•5 years ago
|
Updated•5 years ago
|
Assignee | ||
Comment 10•5 years ago
|
||
This is going to be handled in bug 1522823.
We'll be supporting ExtensionSettings in Chrome, so you'll be able to whitelist domains as new install sources or individual addons.
Description
•