ExtensionSettings Policy's blocked_install_message does not always display
Categories
(Firefox :: Enterprise Policies, defect, P1)
Tracking
()
People
(Reporter: eddie.rowe, Assigned: mkaply)
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
RyanVM
:
approval-mozilla-esr68+
|
Details | Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Steps to reproduce:
-
Configure the ExtensionSettings policiy by way of the policies.json file in the C:\Program Files\Mozilla Firefox\distribution\ folder so that all extensions are blocked by default.
"ExtensionSettings": {
"*": {
"blocked_install_message": "Custom Message Still Needs to Go Here...",
"install_sources": ["https://addons.mozilla.org/"],
"installation_mode": "blocked",
"allowed_types": ["extension", "theme", "dictionary", "langpack"]
} -
Open about:addons and attempt to install an extension such Facebook Container.
Actual results:
Error message "Firefox prevented this site from asking you to install software on your computer." received. The installation was blocked, but our custom message was not displayed to alert the employee who blocked the installation and why.
Expected results:
Error message should have been the custom one that was specified in the policy. If attempting the installation from https://addons.mozilla.org/en-US/firefox/addon/facebook-container/?src=search, I receive the message I was expecting.
"Facebook Container (@contain-facebook) is blocked by your system administrator. Custom Message Still Needs to Go Here...".
Reporter | ||
Comment 1•4 years ago
|
||
All testing was performed with Firefox ESR 68.3.0 (x86).
Assignee | ||
Updated•4 years ago
|
Assignee | ||
Comment 2•4 years ago
|
||
So Chrome doesn't have this scenario, so I need an opinion on what to do here. The block happens before the install even starts (because it's domain based), so I don't have the extension name or ID, so I can't use the existing message.
Should I just append the custom message on to the end of the "Firefox prevented this site from asking you to install software on your computer."?
Or do we need a new message for this case?
Assignee | ||
Comment 3•4 years ago
|
||
Eddie, I would love your opinion on this.
Should I create a new message that says:
" Your administrator has prevented this site from asking you to install software on your computer." + Custom message:
Or:
""Firefox prevented this site from asking you to install software on your computer." " + Custom message
Assignee | ||
Comment 4•4 years ago
|
||
One small caveat. If I just append the message, I can fix it in the ESR. If I add the message, that won't be done until the next ESR.
Although I can append the message in the ESR for now and do the bigger fix for the next ESR.
Reporter | ||
Comment 5•4 years ago
|
||
I think appending the "custom message" as configured by "blocked_install_message" would work. The user knows the add-on was blocked, but without the "custom message" it is not clear who did the blocking. The appended custom message points them to the right group to assistance to get the add-on on the approved list.
Assignee | ||
Comment 6•4 years ago
|
||
Updated•4 years ago
|
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/7bcc7fd0a88e If an origin is blocked, show the custom policy message if it is there. r=mixedpuppy
Pushed by cbrindusan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2ee6c4c25052 Fix Eslint. CLOSED TREE
Comment 9•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/7bcc7fd0a88e
https://hg.mozilla.org/mozilla-central/rev/2ee6c4c25052
Assignee | ||
Comment 10•4 years ago
|
||
Comment on attachment 9120871 [details]
Bug 1607937 - If an origin is blocked, show the custom policy message if it is there. r?mixedpuppy
Beta/Release Uplift Approval Request
- User impact if declined: Error message from admin doesn't display in some cases.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: No
- Needs manual test from QE?: Yes
- If yes, steps to reproduce: In bug
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Only related to policy, has automated test.
- String changes made/needed:
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: IT Admin only feature
- User impact if declined: Error message from admin doesn't display in some cases.
- Fix Landed on Version: 74
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Only related to policy, has automated test.
- String or UUID changes made by this patch:
Assignee | ||
Updated•4 years ago
|
Comment 11•4 years ago
|
||
Comment on attachment 9120871 [details]
Bug 1607937 - If an origin is blocked, show the custom policy message if it is there. r?mixedpuppy
Improves the error message displayed for blocked addon installations. Approved for 73.0b8 and 68.5esr.
Comment 12•4 years ago
|
||
bugherder uplift |
Comment 13•4 years ago
|
||
bugherder uplift |
Updated•4 years ago
|
Comment 14•4 years ago
|
||
I am attempting to reproduce your issue, but I cannot seem to block the installation of extensions using the policies.json snippet from comment 0.
My steps:
- Download an affected build (Nightly v74.0a1 from 2020-01-13.
- Create a policies.json text file containing:
"ExtensionSettings": {
"*": {
"blocked_install_message": "Custom Message Still Needs to Go Here...",
"install_sources": ["https://addons.mozilla.org/"],
"installation_mode": "blocked",
"allowed_types": ["extension", "theme", "dictionary", "langpack"]
}
- Go to the build's folder, create a folder named "distribution" and copy the policies.json file in it.
- Open browser.
- Attempt to install Facebook Container add-on.
Result: No error message was displayed and the extension was installed.
In conclusion, the snippet seems to be incorrect. It appears like it's missing a bracket. I tried closing it at the end and it does not work like that either. I can't verify it if I can't reproduce it. What am I missing?
Assignee | ||
Comment 15•4 years ago
|
||
Try this:
{
"policies": {
"ExtensionSettings": {
"*": {
"blocked_install_message": "Custom Message Still Needs to Go Here...",
"install_sources": ["https://addons.mozilla.org/"],
"installation_mode": "blocked",
"allowed_types": ["extension", "theme", "dictionary", "langpack"]
}
}
}
}
You can try my extension install here - https://mike.kaply.com/cck2/ - to see it blocked.
Comment 16•4 years ago
|
||
Thank you, Mike!
I managed to reproduce this issue on Nightly v74.0a1 fro 2020-01-13 and on Release v72.0.1 and v72.0.2 with the policies.json correction and the extension you provided. This issue does not reproduce when using the Facebook Container extension.
I then managed to perform the steps in the fixed builds (Nightly v74.0a1 from 2020-01-23, Beta v73.0b8 and ESR v68.5.0esr) and this is the displayed message:
"Firefox prevented this site from asking you to install software on your computer. Custom Message Still Needs to Go Here...";
and not as the expected result in comment 0:
"Facebook Container (@contain-facebook) is blocked by your system administrator. Custom Message Still Needs to Go Here...".
According to the expected result from comment 0, this bug is only partially fixed, since the custom message is displayed, but the first part is not.
Should this be considered a valid fix or not?
Assignee | ||
Comment 17•4 years ago
|
||
According to the expected result from comment 0, this bug is only partially fixed, since the custom message is displayed, but the first part is not.
Should this be considered a valid fix or not?
When we block things at the domain level, we have no information about the extension that was actually going to be installed. So all we can do is show the "Firefox prevented this site" and add the administrator message.
So this is the best fix we can do.
Comment 18•4 years ago
|
||
Thank you, Mike. This considered I will deem this fix verified.
Description
•