cef icon indicating copy to clipboard operation
cef copied to clipboard

Published 20 hours ago verified publisher icon chromiumembedded

chrome: Add support for programmatic extension management

Open magreenblatt opened this issue 2 years ago • 3 comments

Original report by me.

Extensions with the Chrome runtime can currently be installed and managed via chrome://extensions and various existing admin mechanisms. It should also be possible for applications to programmatically manage extensions. For example:

  • Pre-install a bundled or downloaded extension
  • Dynamically install an extension without user interaction
  • Allow or block loading of specific extensions only
  • Allow or block access to specific extension APIs or origins (for example, don’t allow network interception of application-internal origins)

magreenblatt avatar Feb 16 '23 19:02 magreenblatt

Original comment by Dmitry Azaraev (Bitbucket: Mystic Artifact).

I would like to see design around this, this is probably issue with requirements formulation.

Allow or block access to specific extension APIs or origins (for example, don’t allow network interception of application-internal origins)

This is doesn’t looks realistic, or have edge cases: because access to API is controlled by granted permissions. (I’m guess you did not meant to implement secondary layer of access control.)

But if you install extension, especially dynamically, you generally doesn’t know which permissions it requires, and here 2 strategies are sensible: allow everything what extension wants (otherwise why you install it at all?), or allow only what is allowed by “policy” (probably subject of this point, but you ends with broken extension).

This ends (like I’m implement for self), is generally to install with granted permissions which manifest requires (otherwise extension will be broken anyway). [It fits mine goal, but this is not universal rule]

Both cases are pretty valid, but might be hard to express. :)

magreenblatt avatar Feb 23 '23 18:02 magreenblatt

We have some similar needs, but don't need fine-grained permission management.

  • Include bundled extensions with our browser. If needed we could call some API to trigger installation the first time our app is run
  • Obtain a list of installed extensions
  • Block the use installation of new extensions (it would probably be enough to detect that an extension has been added)
  • Enable and disable extensions during app execution (present our own UI for users to turn them on and off)

We have been using the Alloy extension framework, so some of this might already be possible with the Chrome framework or chromium and we just don't know that yet.

HarmlessDave avatar Jul 12 '23 16:07 HarmlessDave

The extension API as it currently exists (CefExtension, CefExtensionHandler, etc) will be removed in #3685.

magreenblatt avatar May 03 '24 18:05 magreenblatt