Closed Bug 1498745 Opened 5 years ago Closed 5 years ago

Support Disabling add-ons installation *except* from whitelisted websites

Categories

(Firefox :: Enterprise Policies, defect, P2)

Product:
Firefox
Component:
Enterprise Policies
Version:
64 Branch
Platform:
Unspecified
macOS
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1522823
Tracking Flags:
Tracking Status
firefox64 --- affected

People

(Reporter: StefanG_QA, Assigned: mkaply)

Details

Attachments

(2 files, 1 obsolete file)

Prompt.png
195.50 KB, image/png
Details
Install add-on
195.50 KB, image/png
Details
Attached image Prompt.png 
STR:
1. Create a configuration profile using the below example

<key>InstallAddonsPermission</key>
<dict>
	<key>Allow</key>
	<array>
		<string>https://addons.mozilla.org</string>
		<string>https://duckduckgo.com</string>
	</array>
	<key>Default</key>
	<false/>
</dict>

2. Install the configuration profile
3. Go to https://addons.mozilla.org or https://duckduckgo.com and try to install any addon

AR: Add-ons cannot be installed from the allowed pages
ER: Add-ons should be installed from the allowed pages


STR:
1. Create a configuration profile using the below example 
<key>InstallAddonsPermission</key>
<dict>
	<key>Allow</key>
	<array>
		<string>https://addons.mozilla.org</string>
	</array>
	<key>Default</key>
	<true/>
</dict>

2. Install the configuration profile
3. Go to https://addons.mozilla.org or https://duckduckgo.com and try to install any addon

AR: Firefox displays a prompt "Allow Nihglty to install software on your computer". When Allow button is pressed addon is installed
ER: Firefox should not display a prompt to Allow addon installation. Add-on should not be installed.



The same behavior is observed if JSON file is used to set the policy.
Attached image Install add-on 

    
    

    
  
Stefan, there are two different prompts that show up when installing add-ons:

1st - asking if the website itself can ask for extensions to be installed
"Firefox/Nightly prevented this site from asking you to install add-ons"

2nd - asking for confirmation if the specific add-on can be installed
"Add DuckDuckGo Privacy Essentials?"


This policy only bypasses the 1st one, the 2nd can't be bypassed. https://addons.mozilla.org is already whitelisted by default in Firefox to not show the 1st one.


Can you confirm that, with this policy, the 1st popup is skipped on the duckduckgo example?
Flags: needinfo?(stefan.georgiev)

    
    

    
  
If I`m using the following example:

<key>InstallAddonsPermission</key>
<dict>
	<key>Allow</key>
	<array>
		<string>https://addons.mozilla.org</string>
		<string>https://duckduckgo.com</string>
	</array>
	<key>Default</key>
	<true/>
</dict>

I can confirm that the 1st prompt is skipped on either duckduckgo.com or addons.mozilla.org. 

However, when using the same example but with Default set to false:

<key>InstallAddonsPermission</key>
<dict>
	<key>Allow</key>
	<array>
		<string>https://addons.mozilla.org</string>
		<string>https://duckduckgo.com</string>
	</array>
	<key>Default</key>
	<false/>
</dict>
Flags: needinfo?(stefan.georgiev)

    
    

    
  
I`m not able to install any addon. I see the following message "Software installation has been disabled by your system administrator." 

I would expect to be able to install addon from either  https://addons.mozilla.org or https://duckduckgo.com since they are listed in the Allow array. Let me know if my expectation is wrong!

    
    

    
  
> Let me know if my expectation is wrong!

That's the way we want it to work. I'm working to see if we can make that happen.

        Attachment #9024777 -
        Attachment is obsolete: true

    
    

    
  
As noted in phabricator comments, the way that xpinstall.enabled and Add-ons Install permission interact (and the policy) is a bit confusing, and ideally we should figure out some clearer combination of settings.

Since this has only been reported by QA, and not, as far as I know, a big requirement from users, I suggest we mark this as wontfix for now unless we hear that people really need this.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Summary: InstallAddonsPremission does not respect the specified "Allow" pages → Support Disabling add-ons installation *except* from whitelisted websites

    
    

    
  
Hello everyone,


I am not sure if this is the right place to raise this, I just spent a few hours with this topic before I found this bug report.


I wanted to disable addon installation in firefox in general, but I would like to allow an approved whitelist of addons/sources. I tried to solve this with the new firefox group policies https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy.


For my understanding this should be covered by following policies:


GPedit:

Computerconfiguration\Administrative templates\Mozilla\FirefoxAddons

Allow add-on installs from websites = Enabled

Allowed sites = Enabled (with the respective whitelist)


I did some tests, but unfortunaltey I got the same results that Stefan got above.

Is it planned to resolve this issue?


BR

Patrick



    
    

    
  
Actually, this has been a major request from Github.


This will be my first priority when I'm working on policies.


Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Assignee: nobody → mozilla
Priority: -- → P2

    
    

    
  
This is going to be handled in bug 1522823.


We'll be supporting ExtensionSettings in Chrome, so you'll be able to whitelist domains as new install sources or individual addons.


Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → DUPLICATE

          You need to log in
          before you can comment on or make changes to this bug.