Open derekdata opened 6 years ago
anewuser
commented
6 years ago I believe your user case falls out of the scope of this extension.
You can use Bugzilla to request a way to protect extension/toolbar changes, if there isn't any already.
A school is supposed to have a properly configured network instead of relying on client-side software, and parents can look up for actual parental control tools, including these extensions:
derekdata
commented
6 years ago I understand that this may be outside of the scope of this extension. If so, that's fine. But -- this is a real use case and this extension works the best out of anything I have seen for whitelisting websites.
Yes, this should always be used with network layer security as well, but there are some things that just can't be managed well outside of the browser. For example, Khan Academy loads assets from many different domains, including youtube.com. I want to allow youtube.com embedded video content to be loaded from khanacademy.org, but I don't want to allow people to browse directly to youtube.com. I know of no good way to do this at the network level; it is something that requires knowledge only the browser has (is this a youtube video loading within a khanacademy.org document or one on youtube.com?). If I block youtube.com at the network level - Khan Academy can't have embedded videos. If I allow it, then browsing to youtube.com works. This is why Google chose to implement their "Supervised User" control in Chrome; the browser has the knowledge.
The "Family Friendly Filter" extension does not allow whitelisting, so it does not work for my use case. The "Fox Filter" extension doesn't allow password protection without a subscription; it also allows the page requested to "flash" onto the screen before blocking the site.
By making a small change in Request Control to not show the toolbar icon based on a preference, there would be no way for users to manipulate the add on if about:addons were disabled using Firefox GPO.
Thanks for your consideration.
crssi
commented
6 years ago You can resolve your problem with uBlock Origin (uBO) with the filter ||youtube.com^$document,first-party
That is for youtube... about p0rn, you can also use appropriate block lists for uBO.
Cheers
derekdata
commented
6 years ago @crssi - thanks for the suggestion, but from what I understand, using uBlock Origin would suffer from the same issues that I am raising here, namely that a user can disable it through the toolbar icon.
tumpio
commented
6 years ago I don't think Firefox supports dynamically controlling the Toolbar icon. It is given as a manifest entry that describes the add-on's behaviour. Either Firefox would need to add support for it or I would need to provide a version of the add-on that doesn't use toolbar icon.
You could also try if you can lock this setting "browser.uiCustomization.state" that controls the Firefox UI state.
Expected behavior
When I use Firefox Group Policy Options (in Firefox 60), I can prevent changes to all add-ons through the
about:addonspage by disabling theabout:addonspage. I can also prevent the extension from being disabled or uninstalled through GPO. I cannot, however, prevent a user from disabling or editing Request Control settings because there is an icon placed on the toolbar that allows a user to do this without having to visit theabout:addonspage.In a previous issue, #49, a similar concern was raised (since the issue is locked I cannot comment there, otherwise I would have). Suggested solutions to solving this problem given on #49 do not work in the use case of a parent/school wanting to whitelist a certain set of sites and prevent users from editing that list.
1) OpenDNS is not a comprehensive solution and its whitelist does not work well because of third-party resources that just about every website needs to include 2) Locking the Firefox profile with GPO or by other means does not prevent the Request Control extension from being disabled through the toolbar icon
The suggestion would be to add a password or a setting that prevents the toolbar icon from appearing or allowing modification of settings.
Actual behavior
No password is required, and there is no option to permanently remove the toolbar icon.