ExtensionSettings policy
We're exploring adopting a default deny policy for Firefox extensions in our enterprise. However when I tested this by creating a custom policies.json Firefox unexpectedly removed all extensions for me, including the ones I thought I had allow listed. Here is my policies.json but just keeping in the Facebook Container add-on to illustrate:
{
"policies": {
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"installation_mode": "blocked",
"allowed_types": ["theme", "dictionary", "locale"]
},
"@contain-facebook.xpi": { "installation_mode": "allowed" }
}
}
}
What I would like is to to allow pre-approved extensions (including if they already are installed) and all other types of add-on, but remove and prohibit installation of unapproved extensions.
Can anyone assist, please?
선택된 해결법
So if you remove
"installation_mode": "blocked",
It should work as you expect.
The allowed_types line is effectively acting as if everything is blocked.
That being said, there probably is a bug here, because blocking everything causes other things to happen, and you probably want that.
문맥에 따라 이 답변을 읽어주세요 👍 1모든 댓글 (5)
It's this line:
"allowed_types": ["theme", "dictionary", "locale"]
You really don't even need that, so you can just remove.
The problem is you didn't put extensions on that list so they aren't allowed...
And also the ID for the Facebook container is just @contain-facebook
I wrote an extension that helps you find IDs from any page on AMO:
Thanks, Mike. Rookie mistake with the ID. I actually ended up following this StackOverflow advice to use about:debugging which seems to achieve the same.
However I still can't get allowed_types to work the way I think it should. What I want to happen is default allow for all dictionary, locale and theme add-ons, but default deny for extension add-ons unless the ID is included explicitly. My reading of the documentation is
"*": { "allowed_types": ["theme", "dictionary", "locale"] }
should provide for this. So for example the below configuration allows the Facebook Container extension but denies all other add-ons including dictionaries, when what I want is for all dictionaries to be allowed:
{
"policies": {
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"installation_mode": "blocked",
"allowed_types": ["dictionary"]
},
"@contain-facebook": { "installation_mode": "allowed" }
}
}
}
선택된 해결법
So if you remove
"installation_mode": "blocked",
It should work as you expect.
The allowed_types line is effectively acting as if everything is blocked.
That being said, there probably is a bug here, because blocking everything causes other things to happen, and you probably want that.
My recollection is that I tested this against Chrome and it worked the same, but I'll double check.
Thanks, now I understand. For the archives, this is what works for me:
{
"policies":
{
"ExtensionSettings": {
"*": {
"blocked_install_message": "Only approved Firefox extensions can be installed, please email your request to itdept@example.org",
"allowed_types": ["theme", "dictionary", "locale"]
},
"@contain-facebook": { "installation_mode": "allowed" }
}
}
}