I have one extension to be installed on the enterprise network machines. There are host permissions required to access All websites data. How can I, as an Admin, enable this host permissions for the installation ?

This browser add-on is manifest v3 based.

Hmm, I'm looking at ExtensionSettings policy and I do not see permissions there:

https://github.com/mozilla/policy-templates#extensionsettings

As you know, Google has been working on Manifest v3 for much longer than Mozilla. Do they have a policy for this? Maybe Mozilla will follow at some point.

If you don't find another solution and it's your own add-on, you could create a Manifest v2 version of it.

Hmm, I'm looking at ExtensionSettings policy and I do not see permissions there: https://github.com/mozilla/policy-templates#extensionsettings As you know, Google has been working on Manifest v3 for much longer than Mozilla. Do they have a policy for this? Maybe Mozilla will follow at some point. If you don't find another solution and it's your own add-on, you could create a Manifest v2 version of it.

Yes, Chrome has these policy settings in place for manifest v3.

Okay, I searched on https://chromeenterprise.google/policies/#ExtensionSettings and found

• "runtime_allowed_hosts"
• "runtime_blocked_hosts"

There is an issue open but no indication of when this might be added:

https://github.com/mozilla/policy-templates/issues/862

If there is any other specific information you want to mention, please be specific.

Okay, I searched on https://chromeenterprise.google/policies/#ExtensionSettings and found

• "runtime_allowed_hosts"
• "runtime_blocked_hosts"

There is an issue open but no indication of when this might be added: https://github.com/mozilla/policy-templates/issues/862 If there is any other specific information you want to mention, please be specific.

Thanks Jeff. That was helpful. We are having one browser extension for security related product. And earlier we have an enterprise installation for this add-on with manifest v2 version. We do not had this host permissions at that time and as an Administrator we were able to set policies to allow the all websites data permissions. Recently we have migrated to manifest v3 and we can see that these permissions are not bydefault enabled in enterprise installation of add-on. User have to manually go to the settings and allow these permissions, then only the addon is able to work as expected.

Okay, I searched on https://chromeenterprise.google/policies/#ExtensionSettings and found

• "runtime_allowed_hosts"
• "runtime_blocked_hosts"

There is an issue open but no indication of when this might be added: https://github.com/mozilla/policy-templates/issues/862 If there is any other specific information you want to mention, please be specific.

So we wanted to understand if we are missing any extra settings which needs to be enabled in manifest v3.

We have opened a bug for this - https://bugzilla.mozilla.org/show_bug.cgi?id=1805205 - but haven't started work on it yet.

We have opened a bug for this - https://bugzilla.mozilla.org/show_bug.cgi?id=1805205 - but haven't started work on it yet.

Mike, thanks for your feedback.

We urgently need some help with this issue. 'Access your data for all websites' is a permission we need for our core functionality. We need this permission to be granted by default to our users. At minimum, we need a way for organization administrators to grant it without end user involvement. Can you or a manager please help?

Currently, Firefox's manifest v3 requirements does not let our extension set the permission 'Access your data for all websites' to a 'Required permission for core functionality', where permissions are granted by default. Instead, 'Access your data for all websites' is in 'Optional permissions for added functionality' (see attached). It is not granted by default without the end user granting it. 'Access your data for all websites' is 100% required for our core functionality, which is scanning web pages for phishing.

This issue is an urgent blocker for our manifest v3 enterprise security add on, which is solely deployed and managed by organization administrators. End users are not be able to manually go to permissions in their Firefox browsers and change the permissions.

In Firefox v2 and Chrome v3, 'Access your data for all websites' is allowed by default. You mentioned creating a manifest v2 version, but that will soon be deprecated in Firefox (if not, please clarify).

Can you or a manager help resolve this urgent issue? To clarify: we need the 'Access your data for all websites' permission to be granted by default or at minimum some way for organization admins to set grant it.

Thanks,

I appreciate your feedback and I'll get it prioritized.

Note that we'll be supporting v2 for a bit, so you should be able to stick with that.

Reference screenshot of permissions.

And just to clarify, does chrome allow you to set Access your data for all websites to non optional outside of enterprise? Or only via enterprise policy?

And just to clarify, does chrome allow you to set Access your data for all websites to non optional outside of enterprise? Or only via enterprise policy?

Yes Mike. Chrome allows us to set these permissions as enterprise policies. Currently we are not facing this issue in Chrome manifest v3 release.

And just to clarify, does chrome allow you to set Access your data for all websites to non optional outside of enterprise? Or only via enterprise policy?

Chrome allows this only in case of enterprise policies are set.

Here is the screenshot of permission in case of Chrome enterprise installation of extension with manifest v3 template.

And just to clarify, does chrome allow you to set Access your data for all websites to non optional outside of enterprise? Or only via enterprise policy?

Mike, my bad to reply to the last conversation on this. This policies are applied to enterprise as well as outside the enterprise.

FYI, we believe Chrome is going to make this policy optional by default as well so enterprise policy will be the only way to set it.

FYI, we believe Chrome is going to make this policy optional by default as well so enterprise policy will be the only way to set it.

Mike, May I know why do you think that ? I mean, is it stated anywhere by Google ?

https://developer.chrome.com/docs/extensions/mv3/intro/platform-vision/#future-related-changes

Moving forward, we'll be changing host permissions to be optional by default, with explicit user consent required to grant site access. We'll also be providing new ways for users to defer permission grants until run time, so that users understand the context of the permission being requested. These changes are intended to provide greater user visibility of permissions.

Hey Mike, Jeff,

Thanks for the information above.

In terms of estimated dates, do you have any reference links or other people at Mozilla where we could get clarity on:-

-When Mozilla is going to implement these enterprise policy settings to override the default settings -When manifest v2 support will be deprecated

If you do not know the answers to the above, we would greatly appreciate you pointing us towards any people or online resources where we could get answers.

Again, these timelines have a critical impact on our Mozilla Firefox product and thus our business.

Much thanks for your help,

https://developer.chrome.com/docs/extensions/mv3/intro/platform-vision/#future-related-changes Moving forward, we'll be changing host permissions to be optional by default, with explicit user consent required to grant site access. We'll also be providing new ways for users to defer permission grants until run time, so that users understand the context of the permission being requested. These changes are intended to provide greater user visibility of permissions.

Hey Mike, Jeff,

In terms of estimated dates, do you have any reference links or other people at Mozilla where we could get clarity on:-

-When Mozilla is going to implement these enterprise policy settings to override the default settings -When manifest v2 support will be deprecated

If you do not know the answers to the above, we would greatly appreciate you pointing us towards any people or online resources where we could get answers.

Again, these timelines have a critical impact on our Mozilla Firefox product and thus our business.

Much thanks for your help,