Author: Will Fulmer, Chief Engineering Officer
NPAPI, or the Netscape Plugin API, is a framework used by many browsers for 3rd party plugin integration. When a webpage contains content that cannot be handled natively within the browser, a third-party plugin is enabled and it then becomes responsible for interpreting and executing that content.
Over the last 12 months, Google has changed the default behavior of NPAPI plugins within the Google Chrome browser. Over the course of the next 8 months, Google will continue their disabling and full-removal of NPAPI plugins.
Since early 2014, Google Chrome users have experienced these issues allowing various plugins within the browser.
Here is a timeline of the Google Chrome and NPAPI deprecation.
|January 2014||Chrome 32 – User acknowledgement required for non-whitelisted NPAPI plugins|
|Mid 2014||Chrome 37 – “Plug-in blocked” displayed in Omnibox. Required to selectively allow plugin|
|January 2015||All NPAPI plugins blocked by default and each must be selected to allow.|
|April 2015||Chrome 43 – NPAPI support disabled by default. Google will unpublish all extensions requiring NPAPI from the Chrome Web Store. There will be manual overrides that can be enabled (chrome://flags/#enable-npapi) of the browser or deployed programatically via Enterprise Policy|
|September 2015||Chrome 45 – Chrome will remove the override and NPAPI support permanently removed|
What does this mean for me and/or my users?
In the very short term – April 2015 – users are going to require a change in order to support applications that still leverage NPAPI plugins. Some of these plugins include functionality for addins such as Adobe Flash, Microsoft Silverlight, and Citrix Receiver.
In order to support NPAPI plugins after the April 2015 Google Crome release, one of two methodologies will be required:
Google plans to implement an override, accessible on the browser’s experimental page: chrome://flags/#enable-npapi
When set to enabled, it will re-enable support for NPAPI plugins.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome and, create a new key called ‘EnabledPlugins’
Create string values (REG_SZ) for all plugins that should be enabled by Enterprise Policy
Software\Policies\Chromium\EnabledPlugins\1 = “Java”
Software\Policies\Chromium\EnabledPlugins\2 = “Shockwave Flash”
Software\Policies\Chromium\EnabledPlugins\3 = “Chrome PDF Viewer”
Citrix has released a blog post detailing what changes are required to circumvent this disabling of NPAPI extenstions. This will yield temporarily relief until September 2015, when NPAPI support will be completely removed from Chrome.
The workarounds provided by Citrix include
– Re-enabling support for NPAPI plugins
– Customizing Citrix Receiver for Web
– Enabling Google Chrome To Open Citrix ICA files Automatically
To recap the Google Chrome Timeline:
Phase 1 Behavior – January 2015
– NPAPI Plugins disabled by default.
– Users prompted to ‘Allow’ the plugin to run if plugin is currently disabled
Phase 2 Behavior – April 2015
– Google Chrome disabling all NPAPI Plugins
– NPAPI plugins can be re-enabled by using chrome://flags/#enable-npapi
– Enterprise users can enable plugins through an Enterprise Policy
Phase 3 Behavior – September 2015
– NPAPI Plugins completely disabled with no functionality to re-enable
About the Author
Will Fulmer is the Chief Engineering Officer of Helient and a Solutions Architect with 10 plus years of industry experience. His designs establish the technical infrastructure and implementation standards including heavy concentrations on virtualization, storage, cloud-based solutions and business continuity. Will continues forward movement with an innovative view of redeveloping the highly available datacenter while realizing optimal operational performance and delivering greater manageability. Recent projects include NetApp and Nutanix storage platforms, utilizing VMware and Citrix infrastructure to support Site Recovery Manager, Exchange 2010 and fully redundant Virtual Desktop Infrastructures.
If you have any questions or need more information, please do not hesitate to contact email@example.com.