Opera to block third-party extension installations

Martin Brinkmann
Jun 23, 2012
Opera
|
7

A few days ago we reported that Google has started to block third party extension installations in Canary and Dev builds of the web browser. Two workarounds are currently available which both require the user to know about them. It is however possible that Google will make changes to the process before it lands in the stable branch of the Internet browser.

Opera Software only a few days later announced that it too would change the extension installation process for third-party extensions due to security concerns. The latest Opera Next releases are already showcasing part of the new process.

Only extension installations that originate from addons.opera.com or extension-updates.opera.com will go through without issues like before. These sites are hard coded into the list of trusted websites and cannot be removed by the user. Every other site needs to be added to the list of trusted repositories before extensions can be installed that originate from it.

opera trusted websites

Currently, a dialog is displayed on the screen when a user tries to install a third-party extension from another website.

Here it is then possible to add the site to the list of trusted repositories, or commence with the installation of the extension right away. Opera has plans to change the procedure in coming releases to block users from simply clicking yes to install the extension in the web browser.

Extension developers can still drag a config.xml from an unzipped extension into the browser to install it for testing purposes.

So we are going to change the default procedure to install extensions. For users who understand the risks we will require explicitly white-listing sites before you can install extensions from them. By default, addons.opera.com will be whitelisted. We will also maintain developer mode - dragging a config.xml from an unzipped extension, so testing and prototyping is easy.

It remains to be seen how Opera Software will implement the changes in the browser. One thing is for certain though: the company seems to be way more transparent than Google when it comes to these changes in the browser.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. vinczej said on September 14, 2012 at 9:34 am
    Reply

    On b1592 i Can’t get this dialog window. It blocks without any alert the third party extensions.

    It’s any way to bypass this blocking?

    1. Martin Brinkmann said on September 14, 2012 at 9:56 am
      Reply

      Try downloading locally and installing via drag and drop.

      1. vinczej said on September 14, 2012 at 11:04 am
        Reply

        Thanks for reply, Martin!

        I could install the third party extension with the dialog box “Secure sites”, added the necessary site to the list.

      2. Martin Brinkmann said on September 14, 2012 at 11:22 am
        Reply

        Yes that is another option ;)

  2. Mike said on June 23, 2012 at 3:25 pm
    Reply

    Was going to say the same thing Roman did, this is pretty much exactly the way Firefox has done it forever, not flat out blocking third party site installs, just blocking them without prompting / warning a user to add an exception for that site. Its the way google chrome needs to to it too.

  3. Roman Winterson said on June 23, 2012 at 2:17 pm
    Reply

    reminds me of the same thing in Firefox.. except it has white listing in the about:config entry and it has been there for ages

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.