Group policy ExtensionInstallForcelist. Extension is not being installed when hosting from local server

There was a similar question here

ExtensionInstallForcelist
1 = pgdgchoanjdbkbbigcnlkfoflffhiheh;http://chrome.local.store:84/updates

Windows 10, member of Domain.
When I specify https://clients2.google.com/service/update2/crx, works fine. Switching to my host doesn’t work.

My server http://chrome.local.store:84/updates returns XML document:



  
    
  

And http://chrome.local.store:84/extensionContent returns file with MIME: application/x-chrome-extension and file name = Extension.crx.

Thank you in advance for any clue.

Automated testing of the Chrome ExtensionInstallForcelist policy with pytest-selenium

I am deploying a WebExtension for Chrome via an ActiveDirectory domain. The machines in this domain are not able to connect to the internet. Only websites hosted in the intranet are available. Consequently I am using the ExtensionInstallForcelist policy for installing the WebExtension in Chrome (without uploading it to the Chrome Web Store). In the intranet there exists a server, which is hosting the WebExtension (.crx file) and an update manifest XML file (which points to the .crx file).

Once the policy is applied, the WebExtension is installed in Chrome. The WebExtension is force-installed, so that the user does not have to activate it manually.

I want to test automated, if the WebExtension is still force-installed in a new Chrome version. I am using pytest-selenium for this. The problem is that the extension is not installed in the Chrome instance that was spawned by selenium. But the WebExtension is still force-installed in the Chrome instance that were spawned by the user on the same device.

I can install the extension via

options = webdriver.ChromeOptions()
options.add_extension("")

But I want to test if the deployment from the server works, so this do not take me further.

Any help will be appreciated, thanks!

Force install Microsoft Edge extension enterprise environment

I am trying to automatically install a Microsoft Edge Extension in an enterprise managed environment: Google Chrome allow this behavior (check this post for further information), but it seems impossible to do the same for Edge (the Edge extension policy states that “The installation must be initiated and completed by the user, using only the user experience provided by Microsoft Edge and the Microsoft Store”).
Has anyone faced this problem?
Thanks,
Daniele

ExtensionInstallForcelist policy issue since Chrome version 63.0.3239.84

I am deploying a WebExtension for Chrome via an ActiveDirectory domain.
The machines in this domain are not able to connect to the internet. Only websites hosted in the intranet are available.
Consequently I am using the ExtensionInstallForcelist policy for installing the WebExtension in Chrome (without uploading it to the Chrome Web Store).
In the intranet there exists a server, which is hosting the WebExtension (.crx file) and an update manifest XML file (which points to the .crx file).

With Chrome version 62.0.3202.94 everything is working. Once the policy is applied, the WebExtension is installed in Chrome. The WebExtension is force-installed, so that the user does not have to activate it manually.

But since Chrome version 63.0.3239.84 there occurs an issue. The WebExtension is installed, but deactivated immediately. Moreover I observed a weird behavior. After starting Chrome, the WebExtension is activated for a short moment, but then deactivated directly after. This happens several times until the behavior subsides. If Chrome is closed and restarted, this behavior is repeated. This behavior occurs on multiple devices and on machines in other domains.

I checked the url chrome://policy. The ExtensionInstallForcelist entry is correctly applied.

In the chrome_debug.log it seems that Chrome tries to check the WebExtension at some url, but the check fails. The issue occurs also for “version 63.0.3239.108” and “Version 64.0.3282.24 (official build) beta (64-bit)”. With version 62.0.3202.94 on the same machine everything is working.

For better overview I will use the following substitutions in the extracts from the chrome_debug.log

{extensionID} : The ID of my WebExtension
{url_to_update_manifest} : The url which delivers the update manifest XML file
{value} : A value

Extracts from the chrome_debug.log:

VERBOSE1:content_hash_fetcher.cc(252)] Missing verified contents for {extensionID}, fetching...
VERBOSE1:network_delegate.cc(30)] NetworkDelegate::NotifyBeforeURLRequest: https://clients2.google.com/service/update2/crx?response=redirect&x=uc%26installsource%3Dsignature%26id%3D{extensionID}%26v%3D1.0.1
VERBOSE1:network_delegate.cc(30)] NetworkDelegate::NotifyBeforeURLRequest: chrome-extension://{extensionID}/background.js
VERBOSE1:content_verify_job.cc(230)] job failed for {extensionID} background.js reason:1
VERBOSE1:content_verifier.cc(144)] VerifyFailed {extensionID} reason:1
VERBOSE1:script_context.cc(111)] Created context: [...]
VERBOSE1:content_hash_fetcher.cc(301)] URLFetchComplete for {extensionID} is_success:1 https://clients2.google.com/service/update2/crx?response=redirect&x=uc%26installsource%3Dsignature%26id%3D{extensionID}%26v%3D1.0.1
VERBOSE1:content_verifier.cc(229)] OnFetchComplete {extensionID} success:0
WARNING:chrome_content_verifier_delegate.cc(197)] Corruption detected in policy extension {extensionID} installed at: C:UsersTestuserAppDataLocalGoogleChromeUser DataDefaultExtensions{extensionID}1.0.1_2
VERBOSE1:network_delegate.cc(30)] NetworkDelegate::NotifyBeforeURLRequest: http://{url_to_update_manifest}/?os=win&arch=x64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=63.0.3239.108&lang=de&acceptformat=crx2,crx3&x=id%3D{extensionID}%26v%3D0.0.0.0%26installsource%3Dreinstall%26uc
VERBOSE1:network_delegate.cc(30)] NetworkDelegate::NotifyBeforeURLRequest: http://{url_to_update_manifest}
VERBOSE1:pending_extension_manager.cc(305)] Extension id {extensionID} was entered for update more than once.  old location: 7  new location: 7  old version: invalid  new version: invalid
VERBOSE1:install_signer.cc(435)] Sending request: {"hash":"{value}=","ids":["{value}","{value}","{value}","{value}","{extensionID}","{value}","{value}"],"protocol_version":1}
VERBOSE1:network_delegate.cc(30)] NetworkDelegate::NotifyBeforeURLRequest: https://www.googleapis.com/chromewebstore/v1.1/items/verify
VERBOSE1:install_signer.cc(460)] Got response: {"protocol_version":1,"invalid_ids":["{extensionID}"],"signature":"{value}==","expiry":"2018-03-13","pubkey_sha1_hash":"{value}"}
VERBOSE1:content_verify_job.cc(230)] job failed for {extensionID} background.js reason:1
VERBOSE1:content_verifier.cc(144)] VerifyFailed {extensionID} reason:1

I also looked into the changelog and the Chromium source code, but could not find the reason for this behavior.

https://chromium.googlesource.com/chromium/src/+log/62.0.3202.94..63.0.3239.84?pretty=fuller&n=10000

https://cs.chromium.org/chromium/src/extensions/browser/content_verifier.cc?sq=package:chromium&l=144

Any help will be appreciated, thanks!