Allowing Only Certain Sites to Install Add-ons

Recently I was asked if there was a way to allow only certain sites to install add-ons but block any other sites that try to install add-ons. While Firefox does not have a built in way to do this, I was able to figure something out.

My first thought was to use nsIContentPolicy. This is how add-ons like Adblock block content on web pages. Unfortunately, while it worked for some files, I discovered that sites that use InstallTrigger (like AMO) bypass nsIContentPolicy. I’ve opened a bug for this, but I’m not sure it will be fixed, and either way, I need to do something now.

For my next try, I turned to the Add-on install confirmation dialog. I realized that this dialog has all the information that I need to whitelist add-ons. So I specified an overlay of the xpinstall confirm dialog in my chrome.manifest:

overlay chrome://mozapps/content/xpinstall/xpinstallConfirm.xul chrome://xpiwhitelist/content/xpinstallConfirm-overlay.xul

Then I explicitly overlaid the dialog so that I could use my own onLoad handler:

<?xml version="1.0"?>
<overlay xmlns="">
  <script src="chrome://xpiwhitelist/content/xpinstallConfirm-overlay.js"/>
  <dialog id="xpinstallConfirm" onload="onLoad()"/>

In my Javascript, I check the domain of the XPI, and if it is not one I support, I simply display an alert and close the window.


function onLoad() {
  var args = window.arguments[0].wrappedJSObject;
  var numItemsToInstall = args.installs.length;
  for (var i=0; i <  args.installs.length; i++) {
    if (args.installs[i]
      if (args.installs[i] == "") {
  Services.prompt.alert(window, "Error", "Software installation has been blocked by your administrator except for approved domains.");

I got the information on what is passed to the xpinstallConfirm dialog from looking at the Mozilla source code.

And that’s how you can whitelist certain sites for add-ons. IF you need more information on how to actually create an add-on using this information, check out this post.

Update: You might also want to set the preference “xpinstall.whitelist.required” to false. This will prevent the doorhanger message from appearing. Because we’re using our own whitelist/blacklist, we don’t need use the one built into Firefox.

And as always, if you need help customizing Firefox for your organization, Kaply Consulting can help.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *

23 thoughts on “Allowing Only Certain Sites to Install Add-ons

    • Yes, the doorhanger will be displayed. But when you go to install the actual add-on, it will fail.

      It’s much more difficult to get rid of the doorhanger.

        • But Firefox still allows the user to give permission with one click.

          The scenario here is an enterprise that wants to prevent users from installing add-ons from any site except their own.

      • Mike, I’m doing automated testing of xpi installs and am failing to find any way to automate accepting the doorhanger. I use Selenium and it doesn’t “see” it by id or any other means. Is there any way to get rid of the doorhanger for my automated tests?

          • To confirm, the doorhanger is the dialog that says “You should only install software from authors whom you trust”? I may be calling this dialog by the wrong name, then. Because there is a prior small popdown from FF that I can get rid of by adding the site to the whitelist, but this larger dialog still displays.

            • You can’t get rid of the larger dialog. That’s the install dialog and that always shows.

              (Well you could right an extension that doesn’t show that dialog)

              • Mike – Thanks again for your input. I was regretfully coming to that conclusion after much searching the web. It turns out that the dialog is part of the application, not part of the DOM, which is why Selenium can’t see it (but Ranorex, which can test desktop apps too, can). Best regards.

  1. The sad thing is that I designed it exactly the way you want it: if the site wasn’t in the whitelist pref the user was not aware of the install attempt whatsoever. The user’s choice at that point was supposed to be to save the file locally and install it from there (not much point in making it harder to install than some random .exe installer).

    Worked that way in Netscape and Mozilla Suite, but was “too hard” for the Firefox community. The infobar should die, maybe allow it if you set an “I am a developer” pref.

    • to be fair, pre-Firefox there really weren’t add-ons to speak of so making it easy before there was a robust AMO did help popularize them.

  2. Excellent post, thanks. This would be an awesome feature to build into the CCK Wizard. In my current organization I would use it with an empty whitelist so all Add-ons installs would fail.

  3. I thought xpinstall.whitelist.required defaulted to false anyway (although I noticed that Firefox actually has UI for this preference where SeaMonkey chooses to have UI for the xpinstall.enabled preference instead.)

    • If you set the xpinstall.enabled preference to false and lock it using something like the CCK, it will disable add-on installations.

  4. The past few weeks I’ve been surfing the Internet for information on how to modify FireFox, and as it turns out… I end up on one of your blogs most of the times :=)

    Now I have a question about this blog post here.

    I was able to find the chrome.manifest file and add the first line mentioned.

    But where should I place the two code snippets? Which files, and where are they located?
    I’m using FireFox on Windows, if that helps.

    I’d like to test this modification you mention, to only allow addon installations from an own server.
    For some reason that does not work when using these vars – that will either allow installations from any place, or no place at all;

    Thank you in advance, Patrick

    • You need to create the files in the chrome/content directory.

      I can just send you a working extension if you want.

      • Thank you Mike. I’ll try this tomorrow morning.

        Will this also create the Addon Installation Confirmation ‘website’? Or how is that enabled? Or is this not a modification of that website?

      • I think I’ll take you up on your offer to send me a working copy. If you would please.

        For some reason nothing seems to happen in my situation 🙂

        The following file was edited;
        The following were created;

  5. Hi Mike,
    we ‘ve been using this code since years to prevent our users to install addons we didn’t look at before. I tried it at ff 45.1 esr but unfortunately it does not work anymore. Is it still possible to use it at the actual release and what has to be changed to get it working again?

    • Unfortunately there has been a complete rewrite of how add-ons are installed since I wrote this. I’ll try to look at rewriting it, but I can’t make any promises.