chromium/components/policy/resources/templates/policy_definitions/Extensions/ExtensionSettings.yaml

caption: Extension management settings
desc: |-
  Setting the policy controls extension management settings for <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>, including any controlled by existing extension-related policies. The policy supersedes any legacy policies that might be set.

  This policy maps an extension ID or an update URL to its specific setting only. A default configuration can be set for the special ID <ph name="DEFAULT_SCOPE">"*"</ph>, which applies to all extensions without a custom configuration in this policy. With an update URL, configuration applies to extensions with the exact update URL stated in the extension manifest ( http://support.google.com/chrome/a?p=Configure_ExtensionSettings_policy ). If the 'override_update_url' flag is set to true, the extension is installed and updated using the "update" URL specified in the <ph name="EXTENSION_INSTALL_FORCELIST_POLICY_NAME">ExtensionInstallForcelist</ph> policy or in 'update_url' field in this policy. The flag 'override_update_url' is ignored if the 'update_url' is a Chrome Web Store url.

  On <ph name="MS_WIN_NAME">Microsoft® Windows®</ph> instances, apps and extensions from outside the Chrome Web Store can only be forced installed if the instance is joined to a <ph name="MS_AD_NAME">Microsoft® Active Directory®</ph> domain, joined to <ph name="MS_AAD_NAME">Microsoft® Azure® Active Directory®</ph> or enrolled in <ph name="CHROME_BROWSER_CLOUD_MANAGEMENT_NAME">Chrome Browser Cloud Management</ph>.

  On <ph name="MAC_OS_NAME">macOS</ph> instances, apps and extensions from outside the Chrome Web Store can only be force installed if the instance is managed via MDM, joined to a domain via MCX or enrolled in <ph name="CHROME_BROWSER_CLOUD_MANAGEMENT_NAME">Chrome Browser Cloud Management</ph>.
example_value:
  '*':
    allowed_types:
    - hosted_app
    blocked_install_message: Custom error message.
    blocked_permissions:
    - downloads
    - bookmarks
    install_sources:
    - https://company-intranet/chromeapps
    installation_mode: blocked
    runtime_allowed_hosts:
    - '*://good.example.com'
    runtime_blocked_hosts:
    - '*://*.example.com'
  abcdefghijklmnopabcdefghijklmnop:
    blocked_permissions:
    - history
    installation_mode: allowed
    minimum_version_required: 1.0.1
    toolbar_pin: force_pinned
    file_url_navigation_allowed: true
  bcdefghijklmnopabcdefghijklmnopa:
    allowed_permissions:
    - downloads
    installation_mode: force_installed
    runtime_allowed_hosts:
    - '*://good.example.com'
    runtime_blocked_hosts:
    - '*://*.example.com'
    update_url: https://example.com/update_url
  cdefghijklmnopabcdefghijklmnopab:
    blocked_install_message: Custom error message.
    installation_mode: blocked
  defghijklmnopabcdefghijklmnopabc,efghijklmnopabcdefghijklmnopabcd:
    blocked_install_message: Custom error message.
    installation_mode: blocked
  fghijklmnopabcdefghijklmnopabcde:
    blocked_install_message: Custom removal message.
    installation_mode: removed
  ghijklmnopabcdefghijklmnopabcdef:
    installation_mode: force_installed
    override_update_url: true
    update_url: https://example.com/update_url
  update_url:https://www.example.com/update.xml:
    allowed_permissions:
    - downloads
    blocked_permissions:
    - wallpaper
    installation_mode: allowed
features:
  dynamic_refresh: true
  per_profile: true
future_on:
- fuchsia
owners:
- [email protected]
- file://extensions/OWNERS
schema:
  patternProperties:
    ^[a-p]{32}(?:,[a-p]{32})*,?$:
      properties:
        allowed_permissions:
          $ref: ListOfPermissions
        blocked_install_message:
          description: text that will be displayed to the user in the chrome webstore
            if installation is blocked.
          type: string
        blocked_permissions:
          $ref: ListOfPermissions
        file_url_navigation_allowed:
          type: boolean
        installation_mode:
          enum:
          - blocked
          - allowed
          - force_installed
          - normal_installed
          - removed
          type: string
        minimum_version_required:
          pattern: ^[0-9]+([.][0-9]+)*$
          type: string
        override_update_url:
          type: boolean
        runtime_allowed_hosts:
          $ref: ListOfUrlPatterns
        runtime_blocked_hosts:
          $ref: ListOfUrlPatterns
        toolbar_pin:
          enum:
          - force_pinned
          - default_unpinned
          type: string
        update_url:
          type: string
      type: object
    '^update_url:':
      properties:
        allowed_permissions:
          $ref: ListOfPermissions
        blocked_permissions:
          $ref: ListOfPermissions
        installation_mode:
          enum:
          - blocked
          - allowed
          - removed
          type: string
      type: object
  properties:
    '*':
      properties:
        allowed_types:
          $ref: ExtensionAllowedTypes
        blocked_install_message:
          type: string
        blocked_permissions:
          $ref: ListOfPermissions
        install_sources:
          $ref: ExtensionInstallSources
        installation_mode:
          enum:
          - blocked
          - allowed
          - removed
          type: string
        runtime_allowed_hosts:
          $ref: ListOfUrlPatterns
        runtime_blocked_hosts:
          $ref: ListOfUrlPatterns
      type: object
  type: object
supported_on:
- chrome.*:62-
- chrome_os:62-
tags: []
type: dict
url_schema: https://www.chromium.org/administrators/policy-list-3/extension-settings-full