Add-on policy

Leonardo_Sedevcic · January 16, 2019, 7:05pm

it works with Chrome, i use a reg file then when i start the browser, the add-on is installed
i’m trying to achieve the same with Firefox.
once installed here:
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist

the add-on is installed when i start the browser, and it’s locked !
it’s also locked on incognito mode that’s what i like the most

i tried to install the add-on here:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions

but the add-on is never installed !!!

jscher2000 · January 17, 2019, 1:05am

I think Firefox is looking for local files, not URLs, under those registry keys.

Leonardo_Sedevcic · January 17, 2019, 12:23pm

I FOUND THIS:
https://blog.mozilla.org/addons/2018/02/22/removing-support-unpacked-extensions/

“With the release of Firefox 62 (currently scheduled for August 21, 2018) Mozilla will discontinue support for unpacked sideloaded extensions. You will no longer be able to load an extension via the Windows registry by creating an entry with an extension’s directory (i.e. unpacked) after Firefox 61. Starting with Firefox 62, extensions sideloaded via the Windows registry must be complete XPI files (i.e. packed).”

“Starting with Firefox 62, extensions sideloaded via the Windows registry must be complete XPI files (i.e. packed).”

to me that means IT IS FEASIBLE !!!

THIS IS WHAT I DO !!!

i have my signed XPI file, i load from url,
i tried:

HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions

but HOW to write the reg key ???

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
“https://mywebsite.be/upload/myid@hotmail.com.xpi”=String:1

OR

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
“https://mywebsite.be/upload/myid@hotmail.com.xpi”=String:1

OR

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
“https://mywebsite.be/upload/myid@hotmail.com.xpi”=String:1

i tried even with:

https://addons.mozilla.org/firefox/downloads/file/1234567/myadd-on-an+fx.xpi

i want to make this WORKING !!!

freaktechnik · January 17, 2019, 12:27pm

As mentioned before: Try pointing to a file in the local file system.

Leonardo_Sedevcic · January 17, 2019, 12:43pm

but how ?
something has to be wrong in this key:

“https://mywebsite.be/upload/myid@hotmail.com.xpi”=String:1

freaktechnik · January 17, 2019, 12:49pm

"C:\Some\Folder\Where\The\Signed\XPI\Is\Saved\addonid+fx.xpi"

Leonardo_Sedevcic · January 17, 2019, 1:43pm

but just that ???
"C:\Folder\addonid+fx.xpi”

don’t i have to write something like:
"C:\Folder\addonid+fx.xpi”=String:1 or something ?

i tried right now with this:

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
“C:\tmp\myid@hotmail.com+fx.xpi”

doesn’t work !

tried

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
“C:\tmp\myid@hotmail.com+fx.xpi”

doesn’t work !

tried

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
“C:\tmp\myid@hotmail.com+fx.xpi”

doesn’t work !

what about all those…

https://getadmx.com/HKLM/Software/Policies/Mozilla/Firefox

Leonardo_Sedevcic · January 17, 2019, 2:13pm

i tried right now with this reg file:

[-HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox\Extensions]
“1”=“https://addons.mozilla.org/firefox/downloads/file/1234567/myid@hotmail.com-an+fx.xpi”

the value is added in the registry, but the add-on is NOT installed !

Leonardo_Sedevcic · January 17, 2019, 2:53pm

I tried:

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"myid@hotmail.com"=“‪C:\tmp\myid@hotmail.com+fx.xpi”

doesn’t work !!!

so i tried again:

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"myid@hotmail.com"=“https://addons.mozilla.org/firefox/downloads/file/1234567/myaddon-1.9.82-an+fx.xpi”

doesn’t work !!!

Leonardo_Sedevcic · January 17, 2019, 3:31pm

WHERE i can add this in my manifest.json ?

I think this is the solution to my needs !!!

“This policy controls the installation, uninstallation and locking of extensions. Locked extensions cannot be disabled or uninstalled. For Install, you specify a list of URLs or paths. For Uninstall and Locked, you specify extension IDs.”

{
"policies": {
"Extensions": {
  "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
  "Uninstall": ["addon_id@mozilla.org"],
  "Locked":  ["addon_id@mozilla.org"]
}
}

Leonardo_Sedevcic · January 17, 2019, 4:10pm

i created this:

{
"policies": {
"Extensions": {
"Install": ["https://addons.mozilla.org/firefox/downloads/file/1234567/myid+fx.xpi",
 "//path/to/xpi"],
"Uninstall": ["myid@hotmail.com"],
"Locked":  ["myid@hotmail.com"]
},

"background": {
"scripts": ["background.js","search.js"],
"persistent": true
},

So what i have to put here: “//path/to/xpi”], ??

freaktechnik · January 17, 2019, 5:37pm

You may enjoy https://support.mozilla.org/kb/customizing-firefox-using-group-policy - in fact, likely all of https://support.mozilla.org/products/firefox-enterprise

Leonardo_Sedevcic · January 17, 2019, 6:17pm

i created a policies.json file with this inside:

{
"policies": {
"Extensions": {
"Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
"Uninstall": ["addon_id@mozilla.org"],
"Locked":  ["addon_id@mozilla.org"]
}
}
}

First want to know if it’s correct, two what valid path i have to add here: “//path/to/xpi”
i can’t belive inside the policies.json it’s just this small code to add !

freaktechnik · January 17, 2019, 6:23pm

Pretty sure you can have just one item in that array.

Leonardo_Sedevcic · January 17, 2019, 6:56pm

i get this error when i try to upload:

not sure where to put the policies.json…

freaktechnik · January 17, 2019, 6:58pm

As stated repeatedly before: the policies.json is not distributed with your XPI. It is to be installed on the users computer manually or via domain controls, see also support info linked earlier.

You may still want to make your JSON valid, though.

Leonardo_Sedevcic · January 17, 2019, 8:24pm

Ok i see, i installed the policies in windows manually from here:
https://github.com/mozilla/policy-templates/releases,
but now i have to change something in my manifest.json.

i followed this:

Policies can either be specified using the Group Policy templates
OR
by creating a file called “policies.json”.

1- On Windows, create a directory called “distribution”
where the ( EXE ?? )they mean xpi ? is located and PLACE the file “policies.json” there.

so now i have my file in that folder but how my add-on is going to call/use that file ???

my policies.json contains:

{
"policies": {
"Extensions": {
"Install": ["https://addons.mozilla.org/firefox/downloads/file/1234567/id+fx.xpi",
"C:\Windows\distribution\id+fx.xpi"],
"Uninstall": ["id@hotmail.com"],
"Locked":  ["id@hotmail.com"]
}
}

HOW i CALL that policy.json file ???

i resume:

i have my signed xpi in mozilla firefox add-ons,

and the only thing want is, when the add-on is installed, the user CAN’T disable it, it’s Locked !

so for that we use a policy.json file
and after that ???
how my add-on is going to use that file ?

Leonardo_Sedevcic · January 17, 2019, 8:19pm

This doesn’t work, i check with jsonlint.com:

{
"policies": {
	"Extensions": {
"Install": ["https://addons.mozilla.org/firefox/downloads/file/1234567/id+fx.xpi",
"C:\Windows\distribution\id+fx.xpi"],
		"Uninstall": ["id@hotmail.com"],
		"Locked": ["id@hotmail.com"]
	}
}
}

Error: Parse error on line 4:
…67/id+fx.xpi", "C:\Windows\distribu
-----------------------^
Expecting ‘STRING’, ‘NUMBER’, ‘NULL’, ‘TRUE’, ‘FALSE’, ‘{’, ‘[’, got ‘undefined’

if i drag & drop the file in firefox i get this:
SyntaxError: JSON.parse: bad escaped character at line 4 column 96 of the JSON data

if i remove this part:

“C:\Windows\distribution\id+fx.xpi”

the json file is valid, if i drag and drop the policy.json in firefox i get this message:
error_json_xpiinstall

so HOW to fix this problem ???

Leonardo_Sedevcic · January 21, 2019, 2:55pm

hi im trying to enable add-on access with policy:

<policy name="BlockAboutAddons" class="Both"
displayName="$(string.BlockAboutAddons)"  
explainText="$(string.BlockAboutAddons_Explain)" key="Software\Policies\Mozilla
\Firefox"
valueName="BlockAboutAddons">
  <parentCategory ref="firefox"/>
  <supportedOn ref="SUPPORTED_FF60"/>
  <enabledValue>
    <decimal value="1"/>
  </enabledValue>
  <disabledValue>
    <decimal value="0"/>
  </disabledValue>
</policy>

So in the windows registry i created & tried with those keys:

[HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox] 
"BlockAboutAddons"="1"

[HKEY_LOCAL_MACHINE\Software\Mozzilla\Firefox] 
"BlockAboutAddons"="1"

[HKEY_CURRENT_USER\Software\Policies\Mozilla\Firefox] 
"BlockAboutAddons"="1"

[HKEY_CURRENT_USER\Software\Mozilla\Firefox] 
"BlockAboutAddons"="1"

but nothing works i still have access to about:addons

serv-inc · July 2, 2019, 6:10pm

backslash (\) is a special char in JSON, see e.g. https://stackoverflow.com/questions/19176024/how-to-escape-special-characters-in-building-a-json-string. Better use double \\ to make sure.

As for the other, see https://github.com/serv-inc/safe-search/wiki/Bulletproof-installation for an example policies.json file. It should have worked on Windows once…