How to restrict Handlers policy to trusted sites?

13 views
Skip to first unread message

Pieter Breugelmans

unread,
Apr 17, 2021, 8:53:26 AMApr 17
to enter...@mozilla.org
Hi all,

The Handlers policy makes it possible to configure default application handlers. For example, a custom protocol scheme:

{
  "schemes": {
    "foo": {
      "action": "useSystemDefault",
      "ask": false
    }
  }
}

This is a very useful feature for enterprise applications that have their own protocol schemes to launch an application on the client yet from a security point of view, it appears to lack the ability to restrict this to specific sites.For comparison, Chromium's AutoLaunchProtocolsFromOrigins  policy is configurable per-protocol/per-site.

Enterprise application running within a corporate domain e.g. myapp.mycorp.com and thus only URI's like foo://myapp. mycorp .com (or wildcard like . mycorp .com) should be able to launch automatically. Any external website trying to call a URI like foo://some.domain.com should not result in an automated launch of the application.

Am I correct to conclude that the Handlers policy does not (yet) offer this functionality? If so, are there any plans to support that?

Kind regards,
Pieter Breugelmans

Mike Kaply

unread,
Apr 19, 2021, 12:58:53 PMApr 19
to Pieter Breugelmans, enter...@mozilla.org
We don't support this (yet).

I've opened a bug.


Mike

--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/5a0b525f-c704-4384-ad72-424754bc7fb1n%40mozilla.org.

Pieter Breugelmans

unread,
Apr 29, 2021, 12:29:31 PM (12 days ago) Apr 29
to enter...@mozilla.org, mka...@mozilla.com, enter...@mozilla.org, Pieter Breugelmans
Hi Mike,

Appreciate the quick turnaround time on Bug 1706119 so thanks a lot for that.

I saw that it is targeted for 90 Branch but can you clarify if this change will also get included as of Firefox ESR 78.12, or does this only become part the ESR when Firefox ESR 91.0 gets released later this year?

Kind regards,
Pieter Breugelmans

Mike Kaply

unread,
Apr 29, 2021, 12:32:51 PM (12 days ago) Apr 29
to Pieter Breugelmans, enter...@mozilla.org
On Thu, Apr 29, 2021 at 11:29 AM Pieter Breugelmans <pieter.br...@gmail.com> wrote:
Hi Mike,

Appreciate the quick turnaround time on Bug 1706119 so thanks a lot for that.

Glad it was an easy one :)
 

I saw that it is targeted for 90 Branch but can you clarify if this change will also get included as of Firefox ESR 78.12, or does this only become part the ESR when Firefox ESR 91.0 gets released later this year?

It's on my list for uplift, so it will be in 78.12

Mike

Pieter Breugelmans

unread,
May 7, 2021, 10:14:12 AM (4 days ago) May 7
to enter...@mozilla.org, mka...@mozilla.com, enter...@mozilla.org, Pieter Breugelmans
Hi Mike,

So we do NOT need a separate issue created again mozilla / policy-templates am I correct?

Kind regards,
Pieter Breugelmans

Mike Kaply

unread,
May 7, 2021, 10:32:48 AM (4 days ago) May 7
to Pieter Breugelmans, enter...@mozilla.org
On Fri, May 7, 2021 at 9:14 AM Pieter Breugelmans <pieter.br...@gmail.com> wrote:
Hi Mike,

So we do NOT need a separate issue created again mozilla / policy-templates am I correct?

Correct. As we move closer to release, I create templates for all the new things that are going into the release.
Reply all
Reply to author
Forward
0 new messages