It states something about "your organisation's security requirements", do they document what requirements cause this rejection page? Some kind if changed default perhaps?

▲

insanitybit 7 hours ago | parent | next [-]

No, this is easily the biggest flaw in CAA - there is no way to discover which policy broke your access. I have reported this to Google multiple times, even sent this directly to a Google SecEng (a well known one) to route internally. The issue persists and makes configuring CAA extremely painful and error prone.

	▲	kmeisthax 4 hours ago \| parent [-]
		I am convinced there's someone who thinks debuggable security policies are a security risk and deliberately designs security APIs to be as inscrutable as possible.

▲

tyingq 8 hours ago | parent | prev [-]

Maybe not, but I have the feeling Google doesn't like that FF continues to support manifest v2.

	▲	lokar 8 hours ago \| parent [-]
		I think it's just that some of the device policy restrictions the Org admin can choose to enable don't work in FF. So if they require them, no FF.