Locking down Safari/Firefox Extensions

@discounteggroll For Firefox, i'd look at CCK, might be something there.

For Safari, I'm not sure what the options are. Maybe something can be set for Safari via a config profile? With Safari 9, Apple started to lock things down in regards to extensions, & erm... I might be a little to blame.. so, sorry about that!

It would be great if the JSS added an easy way to block or allow extensions on Popular Browsers. Seems like it would be easy code to write for the smart people at Jamf and then for us not so smart admins out in the world we could do a better job keeping student computers clean.

For FireFox you can easily set profiles: https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
Same as with chrome: https://www.chromium.org/administrators/policy-list-3#ExtensionInstallBlacklist https://www.chromium.org/administrators/configuring-other-preferences

Safari is very limited on this: see https://www.jamf.com/jamf-nation/discussions/15324/disabling-safari-extensions
It's possible to block certain extensions by dropping them into /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist

Do you have a better link for this? seems like navigating to this one takes me to a page that is no longer active:
https://support.mozilla.org/en-US/kb/block-add-ons-firefox-enterprise

i was able to blacklist all chrome extensions, and whitelist a selected few, still attempting to figure out firefox.

You can create a new configuration profile.
Therefore you have to upload a plist file at "Application & Custom Settings"
Here is an example plist:

Preference Domain: org.mozilla.org

<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>EnterprisePoliciesEnabled</key> <true/> <key>ExtensionSettings</key> <dict> <key>*</key> <dict> <key>installation_mode</key> <string>blocked</string> </dict> key>uBlock0@raymondhill.net</key <dict> <key>installation_mode</key> <string>allowed</string> <key>install_url</key> <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string> </dict> key>@contain-facebook</key <dict> <key>installation_mode</key> <string>allowed</string> <key>install_url</key> <string>https://addons.mozilla.org/firefox/downloads/latest/facebook-container/latest.xpi</string> </dict> </dict> </dict> </plist>

This plist will blacklist every firefox extension and whitelist specific ones.

In this case the addons uBlock origin and Facebook Container are allowed.
You can also force the installation of plugins if you want by using installation mode "force_installed" instead of "allow".

More information about the parameters you can find here:
https://github.com/mozilla/policy-templates#extensions

This addon can help to figure out the extension ID:
https://github.com/mkaply/queryamoid/releases/tag/v0.1

I can't get this to work. I created a new configuration profile and pasted your code in die Application & Custom Settings as Property List. But it doesn't work. Also tested the code posted here: https://github.com/mozilla/policy-templates#macos-47

Can someone please help me?

Any update so this?

Unfortunately not

Hi @Tim_Apple - I've been playing around with this today and have a working config if it helps you at all.

Here's the contents of my Application & Custom Settings -> Upload plist 

The preference domain is org.mozilla.firefox

This config will block all extensions by default and allow the install of a single one (1Password in this example).

Good luck!

circling back. I came up with something similar to @psmac . Now if I could figure out how to make this a JSON. where you could create a field to enter this , i'd be golden

<key>{d634138d-c276-4fc8-924b-40a0ea21d284}</key>