How to restrict Handlers policy to trusted sites?

[Pieter Breugelmans]

Hi all,

The Handlers policy makes it possible to configure default application handlers. For example, a custom protocol scheme:

{

  "schemes": {

    "foo": {

      "action": "useSystemDefault",

      "ask": false

    }

  }

}

This is a very useful feature for enterprise applications that have their own protocol schemes to launch an application on the client yet from a security point of view, it appears to lack the ability to restrict this to specific sites.For comparison, Chromium's AutoLaunchProtocolsFromOrigins  policy is configurable per-protocol/per-site.

Enterprise application running within a corporate domain e.g. myapp.mycorp.com and thus only URI's like foo://myapp. mycorp .com (or wildcard like . mycorp .com) should be able to launch automatically. Any external website trying to call a URI like foo://some.domain.com should not result in an automated launch of the application.

Am I correct to conclude that the Handlers policy does not (yet) offer this functionality? If so, are there any plans to support that?

Kind regards,

Pieter Breugelmans

[Mike Kaply]

We don't support this (yet).

I've opened a bug.

https://bugzilla.mozilla.org/show_bug.cgi?id=1706119

Mike

--
You received this message because you are subscribed to the Google Groups "enter...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to enterprise+...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/enterprise/5a0b525f-c704-4384-ad72-424754bc7fb1n%40mozilla.org.

[Pieter Breugelmans]

Hi Mike,

Appreciate the quick turnaround time on Bug 1706119 so thanks a lot for that.

I saw that it is targeted for 90 Branch but can you clarify if this change will also get included as of Firefox ESR 78.12, or does this only become part the ESR when Firefox ESR 91.0 gets released later this year?

Kind regards,

Pieter Breugelmans

[Mike Kaply]

On Thu, Apr 29, 2021 at 11:29 AM Pieter Breugelmans <pieter.br...@gmail.com> wrote:

Hi Mike,

Appreciate the quick turnaround time on Bug 1706119 so thanks a lot for that.

Glad it was an easy one :)

 

I saw that it is targeted for 90 Branch but can you clarify if this change will also get included as of Firefox ESR 78.12, or does this only become part the ESR when Firefox ESR 91.0 gets released later this year?

It's on my list for uplift, so it will be in 78.12

Mike

[Pieter Breugelmans]

Hi Mike,

So we do NOT need a separate issue created again mozilla / policy-templates am I correct?

Kind regards,

Pieter Breugelmans

[Mike Kaply]

On Fri, May 7, 2021 at 9:14 AM Pieter Breugelmans <pieter.br...@gmail.com> wrote:

Hi Mike,

So we do NOT need a separate issue created again mozilla / policy-templates am I correct?

Correct. As we move closer to release, I create templates for all the new things that are going into the release.

[Pieter Breugelmans]

Hi Mike,

Do you have an any insights how the behavior of the new policy will be like? In particular I'm thinking of the following scenario:

• An existing Firefox profile
• The foo scheme is already known and stored in the handlers.json file of the profile
• The default action for the foo scheme is set to Always ask, as seen under Application Menu --> Options --> Applications (as stored in handlers.json)
  

The system administrator will set up the new AutoLaunchProtocolsFromOrigins policy that defines urls of the foo:// to be launched automatically from the mycompany.example.com domain.

In this scenario, will the AutoLaunchProtocolsFromOrigins take precedence (auto launch) over the 'profile level' configuration (Always ask) for those origins as defined by the browser policy?

Kind regards,

Pieter Breugelmans

[Mike Kaply]

You'll still get the dialog to choose the application.

The only dialog that is avoided in this scenario is this one:

You'll go directly to Choose Application.

Mike