Closed Bug 1522823 Opened 2 years ago Closed 2 years ago

Missing Group Policy Option to blacklist ALL extension except whitelisted/allowed

Categories

(Firefox :: Enterprise Policies, defect, P1)

64 Branch
defect

Tracking

()

VERIFIED FIXED
Firefox 68
Tracking Status
firefox68 --- verified
firefox69 --- verified

People

(Reporter: chamilton, Assigned: mkaply)

References

Details

(Keywords: dev-doc-complete)

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36

Steps to reproduce:

  • Install the Firefox ADMX templated
  • Browse to the extensions options for Firefox
  • Configured "Extensions to uninstall" with a * for the value

Actual results:

Nothing (kind of expected)

Expected results:

  • We use this currently with Google Chrome's GPO settings.
  • We need to block/blacklist all extensions except for what we want to allow and/or force install.
  • Using a * is a easy way to do this if it works, but it does not work, nor is the naming or GPO options really geared towards that.
  • There is no "whitelist" settings for permitted extensions
Component: Untriaged → Enterprise Policies
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Assignee: nobody → mozilla
Status: NEW → ASSIGNED

This is a first pass. It needs more tests and I'm investigating emulating Chrome's URL blocking as well.

Duplicate of this bug: 1491932
Duplicate of this bug: 1498745
Duplicate of this bug: 1490433
Keywords: dev-doc-needed
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/61f3f19ee0de
Policy for whitelist/blacklist addons by ID. r=aswan,flod
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 68
Regressions: 1551867
QA Whiteboard: qe
Flags: qe-verify+
Duplicate of this bug: 1269288

Tested the implementation of the policy on windows 10 x64, ubuntu 18.04 and macOS 10.13 using Fx69.0b7, Fx68.0.1.
Testing was done using by applying the policy via .json file. Also note that, as mentioned in c#0, setting the * via GPO on windows, does nothing.
Tested using the parameters mentioned in the policies-schema.json file.

I have also tried installing an addon from a third party site while the installation mode was set to blocked, but received a notification that Firefox the site from installing addons. The prompt can be seen at this link.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Regressions: 1571120

There doesn't seem to be any existing documentation framework for this issue on MDN. This is the existing page:

Enterprise Deployment

The links on that page lead to support.mozilla.org, like this: How is Firefox Enterprise different from normal Firefox?

Let me know how you would like to document this.

Flags: needinfo?(mozilla)

This will be documented on our enterprise policy page here:

https://github.com/mozilla/policy-templates/blob/master/README.md

I had to remove the documentation for now because of a bad bug.

It will be updated for Firefox 69.

Flags: needinfo?(mozilla)

(In reply to Mike Kaply [:mkaply] from comment #11)

This will be documented on our enterprise policy page here:

https://github.com/mozilla/policy-templates/blob/master/README.md

I had to remove the documentation for now because of a bad bug.

It will be updated for Firefox 69.

Thanks for the update! I've pushed the documentation issue to the next sprint and added it to our Firefox 69 Epic.

Note added to the FX69 rel notes:

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/69#Other_changes

I don't think this requires any other documentation change, but let me know if the wording needs improving. Thanks!

LGTM. Thanks!

You need to log in before you can comment on or make changes to this bug.