Plugins Click-To-Play by Default in Firefox 31 ESR

In my previous post about the Firefox 31 ESR, I missed one other big change; most plugins will be click-to-play by default. You can read more about things in this blog post, but the gist is that click-to-play will be the default for plugins except for Flash and plug-ins that have been accepted onto the whitelist. You can view the current whitelist here.

If you have a plugin that you use within your organization and you need to make sure is enabled, you have a few choices.

  1. Change the plugin.default.state preference back to 2 so that the default is not click-to-play.
  2. Add a preference specific to your plugin that makes it enabled by default. The format is plugin.state.FILENAME where FILENAME is the filename of the plugin, lowercased with no extension and trailing numbers removed. So for instance, on Windows, the preference for Adobe Acrobat is plugin.state.nppdf and should be set to 2. The preference name will be different for different operating systems.
  3. Use the CCK2 to enable your plugin for a specific domain.
  4. Use the Click-to-Play Manager extension to enable your plugin for a specific domain.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 thoughts on “Plugins Click-To-Play by Default in Firefox 31 ESR

  1. Hi Mike. I have some specific questions regarding white listing domains to bypass CtP.
    Does the permission manager check for an exact match or can sub-domains match? e.g. let's say I have 3 domains:
    a.company.com
    b.company.com
    c.company.com
    If I add company.com to the permission manager (e.g. via the CCK), will plugins automatically work for all 3 domains or do I have to add each specific domain? If the later, that's not very scalable at all for an organization of any size.

    The preference option would work, of course, but that opens up a potential security issue as it enables it for ALL domains, not just for the organization. I'm thinking of Java here - I want to enable it for an org, but I really want CtP to be enabled for it outside the org and let the user choose.

    Any thoughts or is CtP just not mature enough yet?

    • Yes, setting the permission for company.com will set it for all subdomains as well. It uses the same mechanism as ppoup or cookie permissions.

      The way the CCK does this is it (since there is no way to do this properly in Firefox) is that it enumerate all of the plugins and then explicitly enables each plugin by name on the given domains.

      So all plugins are enabled for a given domain.