"Remove Extension" browser action does not respect enterprise policy
Categories
(WebExtensions :: Frontend, defect)
Tracking
(firefox-esr60 unaffected, firefox65 wontfix, firefox66 verified, firefox67 verified)
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox65 | --- | wontfix |
firefox66 | --- | verified |
firefox67 | --- | verified |
People
(Reporter: chamilton, Assigned: Oriol)
References
Details
Attachments
(3 files)
47 bytes,
text/x-phabricator-request
|
lizzard
:
approval-mozilla-beta+
|
Details | Review |
55.62 KB,
image/png
|
Details | |
138.37 KB,
image/gif
|
Details |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
Steps to reproduce:
- Downloaded the Firefox ADMX template and properly installed them.
- Opend GPedit.msc and browsed to the User Configuration->Administrative Templates->Mozilla->Firefox->Extensions
- Configured the setting "Prevent extensions from being disabled or removed" and added each on their own line: uBlock0@raymondhill.net, webrootsecure@webroot.com, ciscowebexstart1@cisco.com
-
- Per the GPO settings I retrieved the Extendion ID (not the internal UUID).
Actual results:
- After performing a gpupdate (which isn't technically required, but is good to do) firefox opens normally, I see my plugins, but I ran right click uBlock and click remove extension. This will uninstall this extension still. Seems to only effect uBlock but I don't have a large list
Expected results:
Nothing, clicking remove should simply do nothing. Which is exactly what happens for my Webroot plugin, just not uBlock.
Updated•5 years ago
|
Comment 1•5 years ago
|
||
Which version of Firefox are you using?
If it's newer than 63, can you go to about:policies and see if all 3 extensions are listed in the policy there, and make sure no errors are reported? (there'll be a visible "Errors" tab if there are any errors)
Updated•5 years ago
|
Reporter | ||
Comment 2•5 years ago
|
||
FF 65.0 64bit
I do see some:
Policy Errors
Unknown policy: DisableDefaultCheck
Unknown policy: DisableRights
Unknown policy: DisableBrowserMilestone
Unknown policy: SupressUpdatePage
Unknown policy: DisableAddonWizard
Under Active I see this in extensions:
Extensions Install "https://addons.mozilla.org/firefox/downloads/file/1376832/"
"https://addons.mozilla.org/firefox/downloads/file/986672/"
Locked "uBlock0@raymondhill.net"
"webrootsecure@webroot.com"
"ciscowebexstart1@cisco.com"
Comment 3•5 years ago
|
||
Thank you for the report and the information. I was able to reproduce this bug.
Comment 4•5 years ago
|
||
This action should either be disabled or hidden if it has been disabled by policy. To check it one can use:
Services.policies.isAllowed(`modify-extension:$
Comment 5•5 years ago
|
||
(gah, submitted too early)
Services.policies.isAllowed(
modify-extension:${id}
);
However, the most correct fix would be check if the add-on has the permission PERM_CAN_UNINSTALL, as policies are not the only reason that it might be set.
Assignee | ||
Comment 6•5 years ago
|
||
So from Felipe's comment I guess I only need to copy https://searchfox.org/mozilla-central/rev/69d3c6c61dca9a41f14797cd9924733289238d1a/toolkit/components/extensions/parent/ext-management.js#239
Assignee | ||
Comment 7•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Pushed by ncsoregi@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/df8ffcb184de
Disable browser action's "Remove Extension" if the addon can't be uninstalled. r=Felipe
Backout by dluca@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1c5bac504475 Backed out changeset df8ffcb184de for Browser-chrome failures in browser/components/downloads/test/browser/browser_downloads_autohide.js. CLOSED TREE
Assignee | ||
Comment 10•5 years ago
|
||
Just a missing conditional, but I have pushed to try to be sure
https://treeherder.mozilla.org/#/jobs?repo=try&revision=59f8a9aca575cf571205859c7866d0d24d253b54
Assignee | ||
Comment 11•5 years ago
|
||
OK, the problem was that various tests install extensions without useAddonManager, then they have an ID but AddonManager.getAddonByID(id) doesn't work.
I have updated the code to be more robust and detect when AddonManager.getAddonByID returns null.
https://treeherder.mozilla.org/#/jobs?repo=try&revision=895a619048cf7ed73472d756050ca43f3cff42bb
Assignee | ||
Updated•5 years ago
|
Comment 12•5 years ago
|
||
Pushed by fgomes@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/dd561f2bb0f9
Disable browser action's "Remove Extension" if the addon can't be uninstalled. r=Felipe
Comment 13•5 years ago
|
||
bugherder |
Comment 14•5 years ago
|
||
Verified as fixed using Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0
I will attach a postfix screenshot where it is visible that uBlock Origin and Enhancer for YouTube cannot be deleted on Fx67 (I added uBlock0@raymondhill.net and enhancerforyoutube@maximerf.addons.mozilla.org to "Prevent extensions from being disabled or removed")
Updated•5 years ago
|
Comment 15•5 years ago
|
||
Comment 16•5 years ago
|
||
We should get this on beta. Maybe even release?
Comment 17•5 years ago
|
||
Assignee | ||
Comment 18•5 years ago
|
||
Comment on attachment 9041011 [details]
Bug 1522820 - Disable browser action's "Remove Extension" if the addon can't be uninstalled. r=Felipe
Beta/Release Uplift Approval Request
Feature/Bug causing the regression
User impact if declined
Enterprise policy preventing add-on from being removed can be bypassed in toolbar button's context menu.
Is this code covered by automated tests?
No
Has the fix been verified in Nightly?
Yes
Needs manual test from QE?
Yes
If yes, steps to reproduce
- Install uBlock Origin add-on.
- Right-click the uBlock Origin's toolbar button
- "Remove Extension" should be enabled
- Close Firefox.
- In the Firefox installation directory, create a folder named
distribution
, and create apolicies.json
file inside it with:
{
"policies": {
"Extensions": {
"Locked": ["uBlock0@raymondhill.net"]
}
}
}
- Open Firefox
- Right-click the uBlock Origin's toolbar button
- "Remove Extension" should be disabled
List of other uplifts needed
None
Risk to taking this patch
Low
Why is the change risky/not risky? (and alternatives if risky)
Just checking if the add-on has the permission to be uninstalled before offering to do so.
String changes made/needed
Comment 19•5 years ago
|
||
Comment on attachment 9041011 [details]
Bug 1522820 - Disable browser action's "Remove Extension" if the addon can't be uninstalled. r=Felipe
Fix for recent regression (in 65), verified in Nightly.
Let's uplift for beta 7.
Comment 20•5 years ago
|
||
bugherder uplift |
Comment 21•5 years ago
|
||
Verified as fixed in latest beta 7.
Updated•5 years ago
|
Updated•5 years ago
|
Description
•