ExtensionSettings policy
We're exploring adopting a default deny policy for Firefox extensions in our enterprise. However when I tested this by creating a custom policies.json Firefox unexpectedly removed all extensions for me, including the ones I thought I had allow listed. Here is my policies.json but just keeping in the Facebook Container add-on to illustrate:
{
"policies": {
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"installation_mode": "blocked",
"allowed_types": ["theme", "dictionary", "locale"]
},
"@contain-facebook.xpi": { "installation_mode": "allowed" }
}
}
}
What I would like is to to allow pre-approved extensions (including if they already are installed) and all other types of add-on, but remove and prohibit installation of unapproved extensions.
Can anyone assist, please?
الحل المُختار
So if you remove
"installation_mode": "blocked",
It should work as you expect.
The allowed_types line is effectively acting as if everything is blocked.
That being said, there probably is a bug here, because blocking everything causes other things to happen, and you probably want that.
Read this answer in context 👍 1All Replies (5)
It's this line:
"allowed_types": ["theme", "dictionary", "locale"]
You really don't even need that, so you can just remove.
The problem is you didn't put extensions on that list so they aren't allowed...
And also the ID for the Facebook container is just @contain-facebook
I wrote an extension that helps you find IDs from any page on AMO:
Thanks, Mike. Rookie mistake with the ID. I actually ended up following this StackOverflow advice to use about:debugging which seems to achieve the same.
However I still can't get allowed_types to work the way I think it should. What I want to happen is default allow for all dictionary, locale and theme add-ons, but default deny for extension add-ons unless the ID is included explicitly. My reading of the documentation is
"*": { "allowed_types": ["theme", "dictionary", "locale"] }
should provide for this. So for example the below configuration allows the Facebook Container extension but denies all other add-ons including dictionaries, when what I want is for all dictionaries to be allowed:
{
"policies": {
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"installation_mode": "blocked",
"allowed_types": ["dictionary"]
},
"@contain-facebook": { "installation_mode": "allowed" }
}
}
}
الحل المُختار
So if you remove
"installation_mode": "blocked",
It should work as you expect.
The allowed_types line is effectively acting as if everything is blocked.
That being said, there probably is a bug here, because blocking everything causes other things to happen, and you probably want that.
My recollection is that I tested this against Chrome and it worked the same, but I'll double check.
Thanks, now I understand. For the archives, this is what works for me:
{
"policies":
{
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"allowed_types": ["theme", "dictionary", "locale"]
},
"@contain-facebook": { "installation_mode": "allowed" }
}
}
}
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.