Firefox policies exception fails: blocks printix registration URL

[dduehren]

The folllowing URL is being blocked, despite many attempts to enter URLs that should have allowed it, including the exact URL. I don't know if it's too long, has a redirect in it, or some other reason, but it gets blocked. Below I've pasted both the URL and the policies.json file.
``{
"policies": {
"FirefoxHome": {
"Search": false,
"TopSites": false,
"SponsoredTopSites": false,
"Highlights": false,
"Pocket": false,
"SponsoredPocket": false,
"Snippets": false,
"Locked": false
}
,
"DisablePrivateBrowsing": true,
"DisplayMenuBar": "default-on",

"Homepage": {
  "URL": "https://secure.therapservices.net/auth/login",
  "Locked": true
}

,
"ManagedBookmarks": [
{
"toplevel_name": "OFCO managed bookmarks folder"
},
{
"url": "http://intranet.ofco.internal/?page_id=125&test=%username%&reauth=sso",
"name": "Intranet"
},
{
"url": "https://access.paylocity.com",
"name": "Paylocity"
},
{
"url": "https://secure.therapservices.net/auth/login",
"name": "Therap"
},
{
"name": "Microsoft links",
"children": [
{
"url": "https://www.office.com",
"name": "office.com"
},
{
"url": "https://www.microsoft365.com/",
"name": "Microsoft365.com"
}
]
}
]
,
"WebsiteFilter": {
"Block": ["<all_urls>"],
"Exceptions": ["https://www.opportunityfound.org/",
"https://secure.therapservices.net/",
"https://www.therapservices.net/",
"https://therapservices.zoom.us/",
"https://help.therapservices.net/",
"https://2025therapnational.sched.com/",
"https://access.paylocity.com/",
"https://assets.printix.net/",
"https://api.printix.net/",
"https://auth.printix.net/",
"https://sign-in.printix.net/",
"https://drivers.printix.net/",
"https://software.printix.net/",
"wss://websocket.proxyendpoint.printix.net/",
"https://localhost:21343/",
"https://mozilla.org/",
"http://intranet.ofco.internal/*"
]
}
,
"Preferences": {
"browser.search.update": {
"Value": false,
"Status": "locked"
}
}
}
}

``

[mkaply]

The allowed URLS are match patterns so you need to add a /* on the end on all of them (similar to what you did for the last one)

So for instance:

https://secure.therapservices.net/*

worked for me. And then for something like mozilla:

https://*.mozilla.org/*

See

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Match_patterns

[mkaply]

Sorry, for your specific URL

https://auth.printix.net/*

I verified that works.

[dduehren]

Well if you look at the json I provided, you’ll note that that specific URL is included and in my testing DOES NOT work. We are generally running the latest 64 bit version, have Ninja One set up to keep it up to date. Are also running eset anti-virus, and don’t know if that’s were the problem is. Of course it works when we don’t have the file installed. I even tried the full URL and that didn’t work either. As a separate question, we are using to install Firefox with Ninja One as SYSTEM. This causes Firefox to require ADMIN privileges to do the update. Is there a way to allow the updates to happen automatically? Thanks, David From: Michael Kaply ***@***.***> Sent: Friday, January 3, 2025 12:14 PM To: mozilla/policy-templates ***@***.***> Cc: David Duehren ***@***.***>; Author ***@***.***> Subject: Re: [mozilla/policy-templates] Firefox policies exception fails: blocks printix registration URL (Issue #1176) Sorry, for your specific URL https://auth.printix.net/* I verified that works. — Reply to this email directly, view it on GitHub<#1176 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ACAY6Z43O6PJIZF7S27S3DD2I3VRNAVCNFSM6AAAAABT7PRUXGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNRZG43DCMZVGA>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

[mkaply]

It looks like some of my email got lost

I was saying that if you change it to:

"https://auth.printix.net/*",

in the policy, it will work (that's what I tested).

These are not URLs, they are pattern matches, so you have to provide the * on the end (for all of the URLs)

As far as automatic updates, you need to make sure the maintenance service has the right permissions as well.

https://support.mozilla.org/en-US/kb/what-mozilla-maintenance-service

[dduehren]

I have found a work around to the printix problem and may have had a typo. Now I have two sites that I can't unblock. They fit into the overall scheme above and both seem to get blocked on the very first GET.
First the sites:
https://opwdd.ny.gov/
https://nadsp.org/

Second the jsohn - only partial.
"://www.nadsp.org/",
"://www.nadsp.org/",
"://opwdd.ny.gov*",

On another browser, both of them have some additional sites that show up, but when things are blocked both of these get stuck on the first GET. I've added all the additional sites from a browser that isn't blocked. Generally if it's an additional site, it only blocks at the additional site. This block happens right away and doesn't get any further. Seems really basic and both sites are a) behaving similarly and b) hare hosted on cloudfare.

[mkaply]

You need to put the /* on the end.

 "://www.nadsp.org/*",
 "://opwdd.ny.gov/*",

[dduehren]

I tried with both org/* and org*, neither worked. Neither work with one or the other or both.

[mkaply]

Never mind, github formatting problem.

[mkaply]

I was trying to debug this, but it looks like nadsp.org is down. I'll look tomorrow

I think the answer is:

           *://*.nadsp.org/*

[dduehren]

Thanks for looking. The opwwd.ny.gov site behaves the same way.