install_sources do not block intsllastion from other sources #810
Comments
|
It looks like there is a bug where addons.mozilla.org is still being allowed when install_sources is specified. I'm investigating. Is there a limited number of addons that you want to install from your website? If so, I can give you a workaround. Also, install_sources needs to be a match pattern, so it should be https://website.local/* |
|
Do you mean ID-based addon installation via ExtensionSettings? This option was also considered. But there is another problem. When the ExtensionSettings are defined, all existing Firefox extensions are disabled and cannot be enabled by the user. It is unacceptable for us to disable extensions previously installed through "Estensions" policy (like Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://.../somefile.xpi"). It would be nice if we could disable the "Extensions" policy and enable the "ExtensionSettings" policy, and all previously installed extensions remain enabled. But I have not found a way to do this. |
|
I'll get this bug fixed ASAP and you should be good Another thought is you could just block addons.mozilla.org via the WebsiteFilter |
|
Hello, |
|
The code is in review right now. Should have it soon |
|
Hi, |
|
Yes, this bug was finally fixed in Firefox 99. Unfortunately we couldn't backport to the ESR, but it will be in ESR 102. |
I want to only allow extensions to be installed from our internal local website and block installation from other sources (including addons.mozilla.org). I specify the ExtensionSettings policy as follows:
{
"*": {
"blocked_install_message": "My message",
"install_sources": ["https://website.local"],
"allowed_types": ["extension"]
}
}
Waiting: only xpi files from https://website.local allowed to install in Firefox, others will be blocked.
Reality: I can still install any extensions from https://addons.mozilla.org
Why is this happening and how to get the desired result?
The text was updated successfully, but these errors were encountered: