- Jamf Nation Community
- Products
- Jamf Pro
- Modifying Firefox's Popup Exceptions File
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Modifying Firefox's Popup Exceptions File
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2010 06:13 AM
Well, I think the subject says it all.
Firefox uses a file in the users Firefox profile called permissions.sqlite
to track popup site exceptions. I've been asked to try and add a site for
everyone that's already deployed Firefox.
However, I don't want to overwrite any settings a user may already have on
their computer, otherwise I'd just replace the file with my own.
So, is it possible with a script to write the wanted value for sqlite to
this file?
Second thing is that unless you have done like I have and replaced the
randomly generated profile path with a standardized one how would you get it
to write it to all of those random locations? A little while back I started
modifying the profile.ini path and the profile directory below that level in
my packages to the same thing so it would be easier to do something there if
I needed to. However, there are quite a few older deployments that didn't
have that in it yet.
Any thoughts? Am I missing something obvious on this one? And yes, they have
to use Firefox for this particular web application. To me this didn't seem
like an easy request to fulfill and I honestly thought it was easier to just
send out a message to users on how to set it themselves...
Thanks in advance.
Craig E
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2010 07:08 AM
This sounds like a job for some awk and sed wizardry. I am looking at the file in terminal right now and it just plain text. So you can insert the text just fine. My Unix wizard skills on awk and sed, are limited....
but if you do this:
ls /Users/<username>/Library/Preferences/Application Support/Firefox/Profiles | sed 's/.default//'
That will return the random characters it gives a user their profile. You can hardcode that to a variable and then call for it later on. I guess a log in hook script would be the best way and use Casper's $3 to return the currently logged in user.
Then to add the URL a simple code like this might actually work, but not sure.
echo "myurl.com >> /path/to/file
I am not savvy enough with awk or sed to actually use them to write text to a file, which is probably the way "best practices" would be. That way you can mimic exactly how it is suppose to be in that file.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2010 08:12 AM
I didn’t really have any doubt it would be possible to target the permissions.sqlite file even in the random files...the bigger question is how to modify it properly without destroying it.
When I was just messing with adding and removing exceptions it did a bunch of odd things to the characters in front of that line, not consistent. I need to modify it the right way to not destroy what users already have.
Thanks, Tom!
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-21-2010 09:39 AM
I was really hoping there is a way to write to the file via the
Firefox-bin command line binary but I can't see to google it and their
manual page for the command line is horribly lacking some decent
syntaxes for usage.
Now, I think I found your solution....and I also needed to know this for
my own future packaging of firefox, but in the end I think I am going to
just say forget about it.
However, here is your gem for the day, its a small binary called sqlite3
which can be found here:
http://www.sqlite.org/download.html
This allows you to edit all of the sql files from the command line, via
shell script too. So you can push out this binary to the client
machines and use it to insert data into the tables. After all, these
are database files. From there you can use the insert command to insert
data into these files. I can't quite wrap my head around the syntax at
the moment but I am sure Google can provide a sample of how it works.
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-22-2010 06:30 AM
Heh, I had to do this a few months ago. I developed this bash script
lightly. It's not perfect. Most importantly, there's no handling for users
that don't have a Firefox profile. The script just fails. It also does not
work if you're using a profile other than default.
But it successfully injects your exemption into the sqllite database on the
current logged in user. Set your policy to once per user and VOILA!.
Exemption.
If anyone wants to clean it up or add handling for cases where the profile
doesn't exist or is not default, please feel free to modify, just return it
to the list.
Thanks & Enjoy.
-Sean
#!/bin/bash
##################################################
#
# Firefox Popup Blocker Exemption Script v1.0
# by Sean Hansell, JWT New York
#
# This is a script to add a popup exemption Firefox 3 for a specified URL.
#
##################################################
##################################################
# Declare Variables (Arg4 for compatibility with Casper, Args1-3 are
pre-declared if using Casper
exemption=$4
##################################################
# Grab the current user
user=ls -l /dev/console | awk '{print $3}'
echo "The current user is" $user
# If you want to exempt specific users, declare that here. For example. Root
and admin are exempt from this script. This should probably be declared in
an array, but I don't know how, yet.
if [ $user = admin ] || [ $user = root ]
then
echo "This policy does not apply to this user."
echo "Error: Exit Code 1. An exempt user has been specified."
exit 1
else
echo "This user is valid. Check for Firefox profile."
fi
# See if they've ever used Firefox before.
if [ "ls /Users/$user/Library/Application Support/ | grep Firefox" !
"Firefox" ]
then
echo "This user does not have a Firefox profile." # Maybe we want to
generate one somehow.
echo "Error: Exit Code 2: User specified does not have a Firefox Profile"
exit 2
else
echo "The default profile is present. Collecting the default Firefox profile
ID."
fi
# If they've used Firefox, get the ID of their default profile
profile=`ls /Users/$user/Library/Application Support/Firefox/Profiles/ |
grep default | awk '{print $1}'`
echo "The default profile ID is $profile. Checking to see if this exemption
already exists"
# 4. See if the exemption already exists
if [ "`sqlite3 -line /Users/$user/Library/Application
Support/Firefox/Profiles/$profile/permissions.sqlite 'select host from
moz_hosts' | grep $exemption | awk '{print $3}'`" = $exemption ]
then
echo "The exemption is already present. Cannot add it again."
echo "Error: Exit Code 3: The exemption specified already exists."
exit 3
else
echo "Could not find exemption. Adding the exemption..."
fi
# 5. Add the exemption to the sqlite database
sqlite3 -echo /Users/$user/Library/Application
Support/Firefox/Profiles/$profile/permissions.sqlite "insert into
moz_hosts(host, type, permission) values('$exemption', 'popup', 1)"
echo "Exemption for $exemption added successfully."
echo "Done: Script completed successfully"
exit 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-22-2010 06:39 AM
WOW! Thanks a bunch for this. I'll give it a whirl. Fortunately here almost
all user homes should have a default profile since our package does an FUT
with some basic settings. Almost all systems at this point have this in them
now so the first time the user logged in it got a default regardless of
whether they used it or not.
Craig E
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-22-2010 06:59 AM
Cool, thanks for this. I played with it for about 30 minutes yesterday but could not get the syntax right to write in more entries into the permissions.sql file
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 03-08-2016 04:33 PM
Old thread, I know, but I came across it via google looking for options on doing the same thing and figured I'd add what I found for future googlers. The solution I came across was to setup an AutoConfig file in Firefox and use the following to set the pop up settings:
https://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
https://mike.kaply.com/2012/03/30/customizing-firefox-default-profiles/ (code below is from the comments section of this page)
AutoConfig file contents:
\Popup Settings
Components.utils.import(“resource://gre/modules/Services.jsm”);
Components.utils.import(“resource://gre/modules/NetUtil.jsm”);
Services.perms.add(NetUtil.newURI(“http://YOURDOMAIN”), “popup”, Services.perms.ALLOW_ACTION);
Services.perms.add(NetUtil.newURI(“https://YOURDOMAIN”), “popup”, Services.perms.ALLOW_ACTION);
