-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to allow installing a specific signed extension outside of the AMO #1145
Comments
I've done some more testing, and here's where it gets weird: Instead of creating a separate entry for the extension with the For instance, if I add But, if I add I'm guessing that I'm either putting the wrong URL here (or doing something else wrong without realizing...) or that this is probably undesired/a bug, due to the inconsistency. This solution wouldn't be ideal anyways since I'd rather just whitelist the specific extension ID, but would be better than nothing. |
fYI, I've been out. I'll look at this tomorrow. |
It's something about how https://gitflic.ru/project/magnolia1234/bpc_uploads/blob/raw?file=bypass_paywalls_clean-latest.xpi is being served by the website. Even in a browser without policies set, if I go to that URL, it tries to download the XPI, not install it. It needs to be served with the mime type: application/x-xpinstall |
Also, because install_sources is checked first, that's why you need to set that value. We won't try to install an addon with a specific addon ID if it comes from a source that isn't allowed in the first place. I think Chrome behaves the same way. |
No worries, thanks for your time looking at this :) For context, I'll try to explain my use case here: Essentially, I'm trying to limit installing extensions & themes to the AMO for users, with exceptions to allow installing certain extensions outside of the AMO (Ex. Mullvad's, BPC Clean, etc). I'm trying to avoid setting Hopefully this makes sense & I'm curious if there's a better way to accomplish this that I'm missing.
Hmm. I should've thought to test without policies, good thinking. Is this something the dev can fix or is it something on What's interesting is that directly installing the extension through policies like this works fine:
Ok, that makes sense. But for my case, if I add the source, since I'm not setting `"installation_mode": "blocked"' globally, wouldn't that allow any add-on from that source to be installed? I think it'd be nice to be able to make exceptions for allowing certain add-ons outside of the AMO without having to trust another source entirely. I could see this being implemented through the
|
I've looked into this and I think using install_sources is really your only option here. You could set allowed_types to be just themes, but then extensions couldn't be installed from AMO. As far as the gitflic.ru site goes, I don't know enough about how that site is serving files to know how they can fix it. The reason it works if you do a normal_installed is because we download the XPI and install it no matter what. I do agree it would be great if we could allow an explicit ID from anywhere regardless of the source. I'll open a bug to look into this. |
Understood. Will stick to that then for the time being.
👍 Makes sense. The extension was previously hosted on GitHub which worked fine, so I'm guessing it is something specifically with how gitflic.ru is serving the files. I'll file an issue with the dev and see what the options are.
💯 Please keep me posted. |
Hey there,
So, I want to block users from installing extensions outside of the AMO... but for example, let's say I want them to be able to install the signed extension:
magnolia@12.34
, which is unavailable in the AMO.Relevant policies from my
policies.json
:Despite these policies being set, when I try to install the extension from its Gitflic Page at the following URL:
https://gitflic.ru/project/magnolia1234/bpc_uploads/blob/raw?file=bypass_paywalls_clean-latest.xpi
, the installation is still being blocked.Other examples of this include Mullvad's Browser Extension.
I feel like I'm missing something silly here... but I've read through the docs and I'm not quite sure what.
Any ideas here?
Thank you for your time. :)
The text was updated successfully, but these errors were encountered: