Opera to block third-party extension installations
A few days ago we reported that Google has started to block third party extension installations in Canary and Dev builds of the web browser. Two workarounds are currently available which both require the user to know about them. It is however possible that Google will make changes to the process before it lands in the stable branch of the Internet browser.
Opera Software only a few days later announced that it too would change the extension installation process for third-party extensions due to security concerns. The latest Opera Next releases are already showcasing part of the new process.
Only extension installations that originate from addons.opera.com or extension-updates.opera.com will go through without issues like before. These sites are hard coded into the list of trusted websites and cannot be removed by the user. Every other site needs to be added to the list of trusted repositories before extensions can be installed that originate from it.
Currently, a dialog is displayed on the screen when a user tries to install a third-party extension from another website.
Here it is then possible to add the site to the list of trusted repositories, or commence with the installation of the extension right away. Opera has plans to change the procedure in coming releases to block users from simply clicking yes to install the extension in the web browser.
Extension developers can still drag a config.xml from an unzipped extension into the browser to install it for testing purposes.
So we are going to change the default procedure to install extensions. For users who understand the risks we will require explicitly white-listing sites before you can install extensions from them. By default, addons.opera.com will be whitelisted. We will also maintain developer mode - dragging a config.xml from an unzipped extension, so testing and prototyping is easy.
It remains to be seen how Opera Software will implement the changes in the browser. One thing is for certain though: the company seems to be way more transparent than Google when it comes to these changes in the browser.Advertisement
reminds me of the same thing in Firefox.. except it has white listing in the about:config entry and it has been there for ages
Was going to say the same thing Roman did, this is pretty much exactly the way Firefox has done it forever, not flat out blocking third party site installs, just blocking them without prompting / warning a user to add an exception for that site. Its the way google chrome needs to to it too.
On b1592 i Can’t get this dialog window. It blocks without any alert the third party extensions.
It’s any way to bypass this blocking?
Try downloading locally and installing via drag and drop.
Thanks for reply, Martin!
I could install the third party extension with the dialog box “Secure sites”, added the necessary site to the list.
Yes that is another option ;)