Provide a method for ExtensionSettings key blocked_install_message to have a default value
Reported by
samuel.k...@airbnb.com,
Jul 2
|
|||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3472.3 Safari/537.36
Steps to reproduce the problem:
1. Use the new ExtensionSettings policy in a blacklist mode.
2. Put a 'blocked_install_message' in the '*' default.
3. Block an extension directly by identifier.
4. The blocked install message is not shown for the blocked extension
Example policy:
ExtensionSettings: {'*' => {'installation_mode': 'allowed', 'blocked_install_message': 'Please contact security@example.com for approval.'}, 'kbfnbcaeplbcioakkpcpgfkobkghlhen': {'installation_mode': 'blocked'}}
What is the expected behavior?
Blocked install message in the '*' default applies as the default to blocked extensions.
What went wrong?
This isn't really an issue if you're operating in a whitelist mode, but if you're operating in a blacklist mode then currently the way to show a blocked message for each extension requires that text to be included with every single blocked extension.
It's not very hard to generate this programmatically, but it can result in an absurdly long policy here. Additionally, many administrators may be hand editing this policy, so copying and pasting the same text over and over isn't so great.
I would like to have the ability to have customized text per extension as is currently possible, but also avoid shipping the same text hundreds or thousands of times because it has to be bundled for every single blocked extension.
Did this work before? No
Chrome version: 69.0.3472.3 Channel: dev
OS Version: OS X 10.14.0
Flash Version:
,
Jul 3
,
Jul 4
,
Jul 4
Thinking about this some more, what would really make sense to me would be a method to provide default settings that apply to *all* extensions. Currently, extension settings can be specified for individual extension identifiers, or the special * identifier which applies to all unmatched extensions. It would be great to have second special identifier like 'default' which would apply to all extensions, whether they are specified by their ID or fall under *. This would allow us to have a blocked_install_message which applies to all extensions, but also to have runtime_blocked_hosts for all extensions where we'd specify our sensitive origins, and then whitelist individual extensions through runtime_allowed_hosts. A bit different from *, but would simplify many use cases.
,
Jul 11
add privard@ to determine if this is a valid FR.
,
Aug 10
Mac triage: assigning directly to privard@ to get this out of our triage queue :) |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by yanglee@chromium.org
, Jul 2