Cannot enable proxy when using firefox enterprise policies.json on NixOS

[Mag1cByt3s]

[ENV]
Firefox 127.0
FoxyProxy Standard 8.9
NixOS Unstable

[ISSUE]
I cannot enable the proxy "BurpSuite" I added via policies.json. The proxy gets added to foxyproxy however once I click on it to activate the proxy, nothing happens, the state of foxyproxy does not change, the icon does not change. Once i click on my proxy, the radio button gets set to the proxy but thats it. Once i click on it again it is back to "Disabled".

Here is my NixOS config for firefox:

{ config, pkgs, lib, ... }:

{
  programs.firefox = {
    enable = true;
    policies = {
      "AppAutoUpdate" = false;
      "BackgroundAppUpdate" = false;
      "DisableFeedbackCommands" = true;
      "DisableFirefoxAccounts" = true;
      "DisableFirefoxStudies" = true;
      "DisablePocket" = true;
      "DisableTelemetry" = true;
      "DisplayBookmarksToolbar" = "always";
      "DisplayMenuBar" = "default-off";
      "DontCheckDefaultBrowser" = true;
      "EnableTrackingProtection" = {
        "Value" = true;
        "Locked" = true;
        "Cryptomining" = true;
        "Fingerprinting" = true;
        "EmailTracking" = true;
      };
      "Extensions" = {
        "Install" = [
          "https://addons.mozilla.org/firefox/downloads/latest/darkreader/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/wappalyzer/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/simple-modify-header/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/simple-translate/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/foxyproxy-standard/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/violentmonkey/latest.xpi"
          "https://addons.mozilla.org/firefox/downloads/latest/shodan-addon/latest.xpi"
        ];
      };
      "ExtensionSettings" = {
        "*" = {
          "installation_mode" = "force_installed";
          "allowed_types" = ["extension"];
          "default_area" = "navbar";
        };
      };
      "ExtensionUpdate" = true;
      "FirefoxHome" = {
        "Search" = false;
        "TopSites" = false;
        "SponsoredTopSites" = false;
        "Highlights" = false;
        "Pocket" = false;
        "SponsoredPocket" = false;
        "Snippets" = false;
        "Locked" = true;
      };
      "FirefoxSuggest" = {
        "WebSuggestions" = true;
        "SponsoredSuggestions" = false;
        "ImproveSuggest" = false;
        "Locked" = true;
      };
      "GoToIntranetSiteForSingleWordEntryInAddressBar" = true;
      "HardwareAcceleration" = true;
      "NetworkPrediction" = false;
      "NewTabPage" = false;
      "NoDefaultBookmarks" = true;
      "OfferToSaveLogins" = false;
      "OfferToSaveLoginsDefault" = false;
      "PasswordManagerEnabled" = false;
      "PromptForDownloadLocation" = true;
      "RequestedLocales" = "en-US";
      "SanitizeOnShutdown" = {
        "Cache" = true;
        "Cookies" = true;
        "Downloads" = false;
        "FormData" = true;
        "History" = false;
        "Sessions" = true;
        "SiteSettings" = false;
        "OfflineApps" = true;
        "Locked" = true;
      };
      "SearchSuggestEnabled" = true;
      "ShowHomeButton" = false;
      "SSLVersionMin" = "tls1";
      "UserMessaging" = {
        "WhatsNew" = false;
        "ExtensionRecommendations" = false;
        "FeatureRecommendations" = false;
        "UrlbarInterventions" = false;
        "SkipOnboarding" = true;
        "MoreFromMozilla" = false;
        "Locked" = true;
      };
      "UseSystemPrintDialog" = true;
      "Certificates" = {
        "Install" = ["/etc/ssl/certs/BurpSuiteCA.der"];
      };
      "3rdparty" = {
        "Extensions" = {
          "[email protected]" = {
            "mode" = "enable";
            "sync" = false;
            "autoBackup" = false;
            "showPatternProxy" = false;
            "passthrough" = "";
            "container" = {
              "incognito" = "";
              "container-1" = "";
              "container-2" = "";
              "container-3" = "";
              "container-4" = "";
            };
            "commands" = {
              "setProxy" = "";
              "setTabProxy" = "";
              "quickAdd" = "";
            };
            "data" = [
              {
                "active" = true;
                "title" = "BurpSuite";
                "type" = "http";
                "hostname" = "localhost";
                "port" = "8080";
                "username" = "";
                "password" = "";
                "cc" = "";
                "city" = "";
                "color" = "#e66100";
                "pac" = "";
                "pacString" = "";
                "proxyDNS" = true;
                "include" = [];
                "exclude" = [];
              }
            ];
            "managed" = false;
          };
        };
      };
    };
  };
}

[erosman]

I cannot enable the proxy "BurpSuite" I added via policies.json

When an enterprise policy is in effect, users wont be able to change anything.
The purpose of an enterprise policy is for the admin (not users) to control the options.

[Mag1cByt3s]

But actually using the foxyproxy addon by changing between proxies or disabling the proxies is not really a 'change', is it?

If the user cannot use the addon anymore by turning on or off the proxy it kind of defeats the whole purpose.

[erosman]

But actually using the foxyproxy addon by changing between proxies or disabling the proxies is not really a 'change', is it?

That would conflict with #42 (comment)

"mode" = "enable";

There is no such mode. As per Help:

"mode": "disable", // mandatory: current option, necessary to enable

[Mag1cByt3s]

So there is no way to simply add the proxy and let the user decide when to enable it and when not?

[erosman]

Enterprise policy is not designed for that purpose. However, if there is a popular demand, a recommended settings feature can be worked on.

See also: #132

[lap1nou]

Greetings @erosman and thank you for your work,

I would also be very interested in such a feature.

Also, I tried a workaround using a storage.managed manifest file, here is my file:

{
  "name": "[email protected]",
  "type": "storage",
  "data": {
    "mode": "enable",
    "sync": false,
    "passthrough": "",
    "container": {},
    "commands": {},
    "data": [
      {
      "active":  true,
      "title":  "BurpSuite",
      "type":  "http",
      "hostname":  "localhost",
      "port":  "8080",
      "username":  "",
      "password":  "",
      "cc":  "",
      "city":  "",
      "color":  "#e66100",
      "pac":  "",
      "pacString":  "",
      "proxyDNS":  true,
      "include":  [],
      "exclude":  []
    }
  ]
  }
}

I wrote it here: /usr/lib/mozilla/managed-storage/[email protected], but it doesn't seems to work, I can't see my proxy added in the extension, do you have an idea why ?

Regards.

[erosman]

@lap1nou As mentioned previously, "mode": "enable", is wrong.

Does the policy show on about:policies?

[lap1nou]

Hey @erosman thank you for your answer,

My policy is working fine, but I'm trying to use this: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/managed, in order to add some preconfigured proxy to Foxyproxy, maybe I misunderstood the goal of this.

My end goal is to simply be able to preconfigure proxy (add them) but let the user decide wether he want to enable them or not.

Regards.

[erosman]

My end goal is to simply be able to preconfigure proxy (add them) but let the user decide wether he want to enable them or not.

At the moment, that is not possible. Enterprise Policy is set to remove control from the users and give control to the admin.

However, as mentioned in #138 (comment), if there is enough demand, a recommended-settings feature can be added to FoxyProxy.