๐ Documentation
Support & Deployment
Quick-start guides, troubleshooting, and enterprise deployment resources.
๐ Quick Start
Chrome Deployment
Use ExtensionInstallForcelist policy to push the extension from the Chrome Web Store or self-hosted CRX with update_url.
Firefox Deployment
Use enterprise policies.json with Extensions.Install pointing to your XPI file path or HTTPS URL.
Policy Server Setup
Run the Node.js policy server with ADMIN_TOKEN env var, then point extensions to your /policy.json endpoint.
๐ง Installation Methods
Chrome Enterprise
- Registry path:
HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist - Format:
[EXTENSION_ID];[UPDATE_URL] - Update URL (Web Store):
https://clients2.google.com/service/update2/crx - Self-hosted: Point to your own update.xml manifest (see docs/packaging.md)
Firefox Enterprise
- Policy file:
C:\Program Files\Mozilla Firefox\distribution\policies.json - Install key:
policies.Extensions.Install(array of URLs or paths) - Example:
"file:///C:/extensions/cage-access-guard.xpi" - Updates: Set
browser_specific_settings.gecko.update_urlin manifest
๐ Policy & Logging Server
Health check: /health (public endpoint, returns
Policy endpoint:
Log endpoint:
{"ok": true})Policy endpoint:
GET /policy.json (requires x-admin-token header)Log endpoint:
POST /log (accepts JSON event payloads)
Environment Variables
PORTโ Server port (default: 8787)ADMIN_TOKENโ Token for /policy.json auth (required for policy sync)DATA_DIRโ Audit log storage directoryADMIN_PASSWORD_HASHโ SHA-256 hash for /auth endpoint (optional)
๐ ๏ธ Troubleshooting
Extension not loading
- Check browser policies are applied:
chrome://policyorabout:policies - Verify extension ID matches registry/policy config
- For Firefox: ensure XPI path is accessible and not blocked by file permissions
Policy not syncing
- Test policy endpoint manually:
curl -H "x-admin-token: TOKEN" https://yourserver/policy.json - Check browser console for network errors (F12 โ Console)
- Verify CORS headers if policy server is on a different domain
- Check firewall rules allow outbound HTTPS to policy server
Restrictions not applying
- Verify policy JSON syntax is valid (use a JSON validator)
- Check route matchers:
typemust be one of: path_prefix, path_equals, url_includes, regex - UI selectors are case-sensitive; inspect actual DOM elements to confirm selectors
- Clear extension cache: remove and reinstall (enterprise installs will auto-restore)
๐ Need hands-on help?
Email info@zstechlabs.com with:
Email info@zstechlabs.com with:
- Browser version & OS
- Screenshot of browser policy page
- Extension console logs (if applicable)
- Description of expected vs. actual behavior