Closed Bug 1735806 Opened 2 years ago Closed 1 year ago

Specifying install_sources still allows installs from


(Firefox :: Enterprise Policies, defect, P2)




99 Branch
Tracking Status
firefox99 --- fixed


(Reporter: mkaply, Assigned: mkaply)




(1 file)

If you specify install_sources in policy, it should only allow installs from that domain.

We still allow installs from in that case

I swear this worked when we first implemented.

The issue is that installs from AMO don't go through isInstallAllowedByPolicy which checks the install_sources list.

AMO uses the mozAddonManager API here:

I thought we had code at one point to do this properly, but I guess I'm wrong.

The easiest fix would be to flip "privacy.resistFingerprinting.block_mozAddonManager" if install_sources doesn't contain

I don't think it would be straightforward to call Services.policies.allowedInstallSource(aInstallingPrincipal.URI) from the CPP.iam, d

William, do you have any other thoughts?

Basically this policy allows you to specify the only URLs where addons are allowed to be installed from using match patterns.

Flags: needinfo?(wdurand)

Looking at the original patch, I don't see any coverage for mozAddonManager. I think we can still call isInstallAllowedByPolicy() for mozAddonManager, probably here: (as suggested by :rpl) but we didn't try.

Flags: needinfo?(wdurand)
See Also: → 1522823

So the only downside to throwing the error there is that AMO shows the error, we don't get an error via the doorhanger, but I'm not convinced that's a big deal.

But we would have that same problem using mozAddonManager as well.

I'll see if there's some way to do the doorhanger in this case.

Assignee: nobody → mozilla

The severity field is not set for this bug.
:mkaply, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(mozilla)
Severity: -- → S2
Flags: needinfo?(mozilla)
Priority: -- → P2
Pushed by
Don't allow installs from AMO if not in policy install_sources r=willdurand,extension-reviewers,rpl,flod
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in before you can comment on or make changes to this bug.