Closed Bug 1607937 Opened 4 years ago Closed 4 years ago

ExtensionSettings Policy's blocked_install_message does not always display

Categories

(Firefox :: Enterprise Policies, defect, P1)

71 Branch
defect

Tracking

()

VERIFIED FIXED
Firefox 74
Tracking Status
firefox-esr68 --- verified
firefox73 --- verified
firefox74 --- verified

People

(Reporter: eddie.rowe, Assigned: mkaply)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Steps to reproduce:

  1. Configure the ExtensionSettings policiy by way of the policies.json file in the C:\Program Files\Mozilla Firefox\distribution\ folder so that all extensions are blocked by default.

    "ExtensionSettings": {
    "*": {
    "blocked_install_message": "Custom Message Still Needs to Go Here...",
    "install_sources": ["https://addons.mozilla.org/"],
    "installation_mode": "blocked",
    "allowed_types": ["extension", "theme", "dictionary", "langpack"]
    }

  2. Open about:addons and attempt to install an extension such Facebook Container.

Actual results:

Error message "Firefox prevented this site from asking you to install software on your computer." received. The installation was blocked, but our custom message was not displayed to alert the employee who blocked the installation and why.

Expected results:

Error message should have been the custom one that was specified in the policy. If attempting the installation from https://addons.mozilla.org/en-US/firefox/addon/facebook-container/?src=search, I receive the message I was expecting.

"Facebook Container (@contain-facebook) is blocked by your system administrator. Custom Message Still Needs to Go Here...".

All testing was performed with Firefox ESR 68.3.0 (x86).

Component: Untriaged → Enterprise Policies
Priority: -- → P1

So Chrome doesn't have this scenario, so I need an opinion on what to do here. The block happens before the install even starts (because it's domain based), so I don't have the extension name or ID, so I can't use the existing message.

Should I just append the custom message on to the end of the "Firefox prevented this site from asking you to install software on your computer."?

Or do we need a new message for this case?

Eddie, I would love your opinion on this.

Should I create a new message that says:

" Your administrator has prevented this site from asking you to install software on your computer." + Custom message:

Or:

""Firefox prevented this site from asking you to install software on your computer." " + Custom message

Flags: needinfo?(eddie.rowe)

One small caveat. If I just append the message, I can fix it in the ESR. If I add the message, that won't be done until the next ESR.

Although I can append the message in the ESR for now and do the bigger fix for the next ESR.

I think appending the "custom message" as configured by "blocked_install_message" would work. The user knows the add-on was blocked, but without the "custom message" it is not clear who did the blocking. The appended custom message points them to the right group to assistance to get the add-on on the approved list.

Flags: needinfo?(eddie.rowe)
Assignee: nobody → mozilla
Pushed by mozilla@kaply.com:
https://hg.mozilla.org/integration/autoland/rev/7bcc7fd0a88e
If an origin is blocked, show the custom policy message if it is there. r=mixedpuppy
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 74

Comment on attachment 9120871 [details]
Bug 1607937 - If an origin is blocked, show the custom policy message if it is there. r?mixedpuppy

Beta/Release Uplift Approval Request

  • User impact if declined: Error message from admin doesn't display in some cases.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: In bug
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Only related to policy, has automated test.
  • String changes made/needed:

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: IT Admin only feature
  • User impact if declined: Error message from admin doesn't display in some cases.
  • Fix Landed on Version: 74
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Only related to policy, has automated test.
  • String or UUID changes made by this patch:
Attachment #9120871 - Flags: approval-mozilla-esr68?
Attachment #9120871 - Flags: approval-mozilla-beta?
Flags: qe-verify+

Comment on attachment 9120871 [details]
Bug 1607937 - If an origin is blocked, show the custom policy message if it is there. r?mixedpuppy

Improves the error message displayed for blocked addon installations. Approved for 73.0b8 and 68.5esr.

Attachment #9120871 - Flags: approval-mozilla-esr68?
Attachment #9120871 - Flags: approval-mozilla-esr68+
Attachment #9120871 - Flags: approval-mozilla-beta?
Attachment #9120871 - Flags: approval-mozilla-beta+
QA Whiteboard: [qa-triaged]

I am attempting to reproduce your issue, but I cannot seem to block the installation of extensions using the policies.json snippet from comment 0.
My steps:

  1. Download an affected build (Nightly v74.0a1 from 2020-01-13.
  2. Create a policies.json text file containing:

"ExtensionSettings": {
"*": {
"blocked_install_message": "Custom Message Still Needs to Go Here...",
"install_sources": ["https://addons.mozilla.org/"],
"installation_mode": "blocked",
"allowed_types": ["extension", "theme", "dictionary", "langpack"]
}

  1. Go to the build's folder, create a folder named "distribution" and copy the policies.json file in it.
  2. Open browser.
  3. Attempt to install Facebook Container add-on.
    Result: No error message was displayed and the extension was installed.

In conclusion, the snippet seems to be incorrect. It appears like it's missing a bracket. I tried closing it at the end and it does not work like that either. I can't verify it if I can't reproduce it. What am I missing?

Flags: needinfo?(eddie.rowe)

Try this:

{
	"policies": {
		"ExtensionSettings": {
			"*": {
				"blocked_install_message": "Custom Message Still Needs to Go Here...",
				"install_sources": ["https://addons.mozilla.org/"],
				"installation_mode": "blocked",
				"allowed_types": ["extension", "theme", "dictionary", "langpack"]
			}
		}
	}
}

You can try my extension install here - https://mike.kaply.com/cck2/ - to see it blocked.

Flags: needinfo?(eddie.rowe)

Thank you, Mike!

I managed to reproduce this issue on Nightly v74.0a1 fro 2020-01-13 and on Release v72.0.1 and v72.0.2 with the policies.json correction and the extension you provided. This issue does not reproduce when using the Facebook Container extension.

I then managed to perform the steps in the fixed builds (Nightly v74.0a1 from 2020-01-23, Beta v73.0b8 and ESR v68.5.0esr) and this is the displayed message:
"Firefox prevented this site from asking you to install software on your computer. Custom Message Still Needs to Go Here...";
and not as the expected result in comment 0:
"Facebook Container (@contain-facebook) is blocked by your system administrator. Custom Message Still Needs to Go Here...".

According to the expected result from comment 0, this bug is only partially fixed, since the custom message is displayed, but the first part is not.
Should this be considered a valid fix or not?

Flags: needinfo?(mozilla)

According to the expected result from comment 0, this bug is only partially fixed, since the custom message is displayed, but the first part is not.
Should this be considered a valid fix or not?

When we block things at the domain level, we have no information about the extension that was actually going to be installed. So all we can do is show the "Firefox prevented this site" and add the administrator message.

So this is the best fix we can do.

Flags: needinfo?(mozilla)

Thank you, Mike. This considered I will deem this fix verified.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: