search

mozilla / policy-templates

Policy Templates for Firefox
Mozilla Public License 2.0
1.14k stars 406 forks source link

Extension blocking #930

Open akiralight opened 2 years ago

akiralight commented 2 years ago

If we allow only certain extensions in ExtensionSettings, like this: 

{
"*": {
  "allowed_types": ["theme","locale","dictionary"]
},
"id_extension1@aaa": {
  "installation_mode": "allowed"
},
"id_extension2@bbb": {
  "installation_mode": "allowed"
}
}

or this

{
"*": {
  "install_sources": ["https://site1.com,","https://site2.com"],
  "allowed_types": ["theme","locale","dictionary","extensions"]
},
"id_extension1@aaa": {
  "installation_mode": "allowed"
},
"id_extension2@bbb": {
  "installation_mode": "allowed"
}
}

then all previously installed extensions in Firefox will be disabled (grayed out). We don't want to block previously installed extensions (which were manually installed on computers before we started managing through policy), but only control the installation of new extensions. how to do it? It would be nice to have the option "Do not remove or block already installed extensions"

akiralight commented 2 years ago

Or maybe it would be better to add two "installation_mode" options, like with Chrome's policy: "blocked": blocks installation of the extension. "removed": blocks installation of the extension and removes it from the device if already installed.

Then the following configuration:

{
  "*": {
    "install_sources": ["about:addons","https://addons.mozilla.org/"],
    "installation_mode": "blocked",
    "allowed_types": ["extension"]
  },

will block the installation of new extensions, but will not block or remove already installed extensions. And the "removed" option will remove all extensions except allowed

mkaply commented 2 years ago

I've thought about that, but 1. I've already documented what blocked does (blocks and remove) and 2. In looking at the architecture of how this is implemented, there's no straightforward way to do that. Essentially you'd be saying at some point in time (once the policy is implemented) to maintain the list of extensions that the user has as allowed, but not allow any in the future.

And in most cases, if you're choosing to manage the extensions people have, you probably don't want them to have some random extension installed.

akiralight commented 2 years ago

there's no straightforward way to do that. For example how it is done in Chrome: blocked—Users can’t install the extension. removed—(Chrome version 75 or later) Users can’t install the extension. If users previously installed the extension, Chrome Browser removes it.

mkaply commented 2 years ago

Due to how Firefox implements addons, this really isn't feasible.

I implemented blocked the way Chrome implemented removed.