Minimum firewall allowlist for installing extension via force install?
392 views
Skip to first unread message
Todd Schiller
Apr 17, 2024, 2:53:57 PM4/17/24
to Chromium Extensions
We have an enterprise customer who needs to block access to google.com because of the games (e.g., Pacman game) available via the homepage
Do you have a full list of firewall URL rules required to install Chrome Extensions? Is is just the update site? Or are there other URLs?:
They've tried allowlisting that URL, but the install appears to have not installed correctly
Thanks,
Todd
Oliver Dunk
Apr 18, 2024, 6:27:51 AM4/18/24
to Todd Schiller, Chromium Extensions
Hi Todd,
We don't publish a list of required endpoints I'm afraid.
Could you share more about what you are seeing when you try to install the extension?
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/cae34a83-3638-4e8f-9750-c8ce0b303c5an%40chromium.org.
Todd Schiller
Apr 29, 2024, 3:16:07 PM4/29/24
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Todd Schiller
Hi Oliver,
Thanks for your patience, I was tracking down information. I believe the extension was never installed in the browser
Our customer observed the network calls with Wireshark. It looks like they'd also need to allowlist the "*.googleusercontent.com" domains in order for the extension to be retrieved? They're seeing traffic to the following:
lh3.googleusercontent.com
Thanks for your patience, I was tracking down information. I believe the extension was never installed in the browser
Our customer observed the network calls with Wireshark. It looks like they'd also need to allowlist the "*.googleusercontent.com" domains in order for the extension to be retrieved? They're seeing traffic to the following:
lh3.googleusercontent.com
Thanks,
Todd
Todd Schiller
Apr 29, 2024, 9:15:34 PM4/29/24
to Chromium Extensions, Todd Schiller, Oliver Dunk, Chromium Extensions
Perhaps only clients2.googleusercontent.com is required to retrieve the extension? (It seems to match the clients2.google.com update site subdomain)
lh3.googleusercontent.com appears to be image content for the Chrome Webstore. It's unclear what the lh7 might correspond with -- I'm trying to get a Wireshark capture from them covering the lh7 request.
lh3.googleusercontent.com appears to be image content for the Chrome Webstore. It's unclear what the lh7 might correspond with -- I'm trying to get a Wireshark capture from them covering the lh7 request.
The concern with allowlisting wildcard googleusercontent.com would be that some of the subdomains are for user-generated sites.
Thanks,
Todd
Oliver Dunk
Apr 30, 2024, 6:53:44 AM4/30/24
to Todd Schiller, Chromium Extensions
Hi Todd,
I believe clients2.google.com does a redirect to clients2.googleusercontent.com which is where the extension is downloaded from.
Perhaps they could try allowlisting that and see if it works?
I appreciate not wanting to allowlist googleusercontent, but I'm not aware of an alternative I'm afraid (beyond hosting these extensions themselves and installing from a local update server).
Reply all
Reply to author
Forward
0 new messages