Open Bug 1805205 Opened 3 years ago Updated 3 years ago

Allow extension permissions to be overridden by policy via blocked_permissions and runtime_blocked_hosts

Categories

(WebExtensions :: General, enhancement, P3)

Product:
WebExtensions
Component:
General
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: mkaply, Unassigned)

References

Details

(Whiteboard: [addons-jira])

As part of Chrome's ExtensionSettings policy, they allow enterprises to override the permission settings of addons.

See:

https://support.google.com/chrome/a/answer/9867568?_ga=2.58964141.183798175.1670859767-454583867.1670859767&visit_id=638064565927108020-957982549&p=Configure_ExtensionSettings_policy&rd=1

In particular, blocked_permissions.

So you can deny the clipboard permission even though an extension wants it.

They also allow extension to allow or deny hosts even if an extension requests it.

So if an addons wants all_urls, you can still deny access to company websites.

We should implement these.

Whiteboard: [addons-jira]
Severity: -- → N/A
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.