Self-host (CDN) install

This guide targets organisations whose IT policy forbids installing extensions from Chrome Web Store or Firefox Add-ons: air-gapped networks, banks, public sector, critical infrastructure operators. We publish signed artifacts on cdn-safeprompt.m-kis.fr which you can force-install via your GPO, Intune or Workspace policies.

Install steps

Step 1 — Verify integrity (SHA256)

Before any deployment, download release.json and compare its SHA256 to the hash you compute locally on the .crx / .xpi (see the "Cryptographic verification" section below).

Step 2 — Chrome / Edge: force-install via GPO or Intune

Add cdn-safeprompt.m-kis.fr to your allowed install sources, then point the force-install entry to the auto-update manifest:

chrome-policy.json

{
  "ExtensionInstallSources": ["https://cdn-safeprompt.m-kis.fr/*"],
  "ExtensionInstallForcelist": [
    "<chrome-extension-id>;https://cdn-safeprompt.m-kis.fr/extensions/chrome-update.xml"
  ]
}

Step 3 — Firefox: policies.json

Drop the following policies.json into the Firefox configuration folder for the organisation (typically /etc/firefox/policies/policies.json on Linux, or %ProgramFiles%\Mozilla Firefox\distribution\policies.json on Windows):

policies.json

{
  "policies": {
    "ExtensionSettings": {
      "[email protected]": {
        "installation_mode": "force_installed",
        "install_url": "https://cdn-safeprompt.m-kis.fr/extensions/safeprompt-1.0.0.xpi"
      }
    }
  }
}

Cryptographic verification

Always compare the SHA256 published in release.json against the hash you compute locally before mass deployment.

verify-release.sh

curl -s https://cdn-safeprompt.m-kis.fr/extensions/release.json | jq .chrome

verify-sha.sh

sha256sum safeprompt-1.0.0.crx
# Compare with the value of .chrome.sha256 from release.json

Auto-update

Auto-update manifests are published next to the artifacts. Chrome polls these URLs every 5 hours; Firefox every 12 hours.

chrome update_url

https://cdn-safeprompt.m-kis.fr/extensions/chrome-update.xml

firefox update_url

https://cdn-safeprompt.m-kis.fr/extensions/firefox-update.json

Need help?

The SafePrompt team supports first-time air-gapped deployments. Reach out for out-of-band hashes, an extension dump in your internal format, or an audit of your deployment strategy. Email us ([email protected])

← Back to documentation