I can't put my organization's policies in the background script

desenv.magma3 · February 17, 2025, 11:47pm

I have a corporate extension that needs to be hosted on mozilla addons. So I’m adapting my background script but I’m not able to get the group policies through the extension.

I used this code, what did I do wrong?

async function checkPolicy() {
    try {
        const policy = await browser.storage.managed.get(["selectedFilterLists"]);

        if (policy.selectedFilterLists) {
            return true;
        } else {
            return false;
        }
    } catch (error) {
        console.error(error);
        return false; 
    }
}

The code always enters else and returns nothing.

The group policy is being created like this in regedit:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\3rdparty\Extensions\ExtensionID]
"adminSettings"="{\"selectedFilterLists\":[\"ublock-privacy\",\"ublock-badware\",\"ublock-filters\",\"user-filters\"]}"

dotproto · February 18, 2025, 8:33am

Hey @desenv.magma3! FYI, I took the liberty of adding fenced code blocks to your post so the code displayed correctly.

I’m not too familiar with setting group policies, but the sample you shared doesn’t look right to me. First, the “ExtensionID” that appears in the key path should be the ID of the extension you’re trying to manage. Based on the value you provided, it appears that you’re trying to configure uBlock Origin. The ID of that extension is uBlock0@raymondhill.net.

I’m not familiar with policy management on Windows, but according to the Enterprise development documentation, you are strongly encouraged to use ADMX and ADML files to administer windows.

Alternatively, the storage.managed and native manifests documentation indicates that you can configure an extension’s managed storage by setting the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ManagedStorage\<name>

where <name> is the ID of the extension.

Also, the value being set in the registry key looks off. See uBO’s Deploying uBlock Origin docs for more detailed guidance on configuring this specific extension.

desenv.magma3 · February 18, 2025, 5:12pm

Hi @dotproto, I’m going to share here the response from the Mozilla team in the developer center.
They said I need to show the privacy terms and I can use “3rdparty” to automatically accept the terms.
This was their message:

“Please note that as per our policies for Data Disclosure, Collection and Management, we require add-ons to show a valid data collection disclosure and consent experience upon installation. Add-ons installed by Enterprise Policies can grant consent on user’s behalf programatically so as not to have to show the disclosure and consent experience to the end user. This can be achieved by setting a value via the ““3rdparty”” Enterprise Policy (policy-templates | Policy Templates for Firefox) and reading it with storage.managed API. Note that if the value isn’t set, the extension must show a valid disclosure and consent experience to the user.”

It was from the documentation they sent that I arrived at these Windows registry keys. And from this documentation (Enterprise development | Firefox Extension Workshop), I took the code to get information from storage.

But I still have doubts about where I should “configure” in the storage to say that my extension does not need my user’s consent.

dotproto · February 18, 2025, 9:31pm

Thanks for sharing that context, it helps quite a bit to better understand both what you’re trying to do with the keys and the broader context of how you plan to use managed storage. I’ll do my best to help get you sorted, or at least pointed in the right direction

It’s not clear to me whether or not you can manually set a registry key for the 3rdparty policy via a registry key like you tried to do. I’ve reached out to an engineer for clarification and will follow up when I hear back.

Let’s start small and work up. The reviewer shared a link and the docs on that page say to consult Adding policy support to your extension, which says:

Policies can be set in a few different ways, but the easiest way to test is using a file called policies.json.

On Windows, create a directory called distribution where the EXE is located and place the file there.
…
For our example, policies.json looks like this:
{
  "policies": {
    "3rdparty": {
      "Extensions": {
        "YOUR_EXTENSION_ID": {
          "STRING": "value",
          "BOOLEAN": true,
          "INTEGER": 10
        }
      }
    }
  }
}

Remember to replace YOUR_EXTENSION_ID with the extension ID from browser_specific_settings.gecko.id in your extension’s manifest.

Once you’ve done that, load the extension in Firefox, open the developer tools, and execute the following command.

await browser?.storage.managed.get(null);

If it returns undefined, you may have forgotten to set the “storage” permission in your extension’s manifest.
If this throws an error, you probably haven’t set a storage manifest in your extension.
If it returns an empty object, your policy configuration likely has an error.
If you get back an object that has properties named STRING, BOOLEAN, and INTEGER, everything is working as expected.