How to restrict the IE11 plugin to access only via specified website

[ಮೋಹನ್ ಗೌಡ]

Thanks Firebreath team for responding to all our queries, we have another situation here (explained below), please help us to resolve the same.

We have used Firebreath 2.0 to generate IE11 plugin, which is working fine, But we have a concern from our customer where IE Manage add-on window shows that the plugin can be accessed from any website (please check the attachment screenshot)

you have approved this add-on to run on the following websites

*

So we want to specify our website url instead of * while installing the plugin itself.

Please suggest how to achieve this.

Thanks in advance

Mohan KH

[Richard Bateman]

I have no idea. sorry I can't help :-/

Richard

--

---
You received this message because you are subscribed to the Google Groups "firebreath-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebreath-de...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Victor Abrash]

For IE11, google "activex sitelock.h", should lead you to https://www.microsoft.com/en-us/download/details.aspx?id=23438.  This was designed for ActiveX controls, but shows how you can basically use the URL of the page to determine whether to allow your plugin to load.  A similar (but still old) link that isn't so Windows-specific is https://chromium.googlesource.com/external/omaha/+/7274410f62ef28144a49ac54e315f037f5e01b96/plugins/sitelock.h, which does the same thing for NPAPI plugins.

You'll need to get your page URL via (something like): FB::BrowserHostPtr& host->getDOMWindow()->getLocation().  This is old FB1 code, I don't know the equivalent for FB2.

Note that going this route adds security, but can be a pain since you have to explicitly list all the domains you want to allow, and if your domain changes later you have to recompile the code.

Victor

[ಮೋಹನ್ ಗೌಡ]

Hi Victor,

Thanks for your response,

The actual problem is, on clicking IE manage add-ons + more info of our plugin, IE will show a window (Attached the same)

saying "you have approved this add-on to run on the following websites" with * 

where * is giving an impression that somebody can access our plugin. which we do not want.

So we want to change that * to show as our domain like xyz.com

We found that IE is creating a registry entry with * for our plugin, this can be changed manually to show our domain. 

or if we delete this entry, IE is asking user on first time access.  "Allow only for this site" or "All site" on clicking Allow for this site, IE will add only our domain instead of *

So, we think there might be some option in the plugin installation path which could be enabled/disabled, So that IE will not add * directly.

instead it will ask the user on first access.

Thanks,

Mohan KH