Firefox logo

Extensions in Firefox 77

Firefox 77 is loaded with great improvements for the WebExtensions API. These additions to the API will help you provide a great experience for your users.

Optional Permissions

Since Firefox 57, users have been able to see what permissions an extension wants to access during the installation process.  The addition of any new permissions to the extension triggers another notification that users must accept during the extension’s next update.  If they don’t, they won’t receive the updated version.

These notifications were intended to provide transparency about what extensions can do and help users make informed decisions about whether they should complete the installation process. However, we’ve seen that users can feel overwhelmed by repeated prompts. Worse, failure to see and accept new permissions requests for updated versions can leave users stranded on older versions.

We’re addressing this with optional permissions.  First, we have made a number of permissions optional. Optional permissions don’t trigger a permission prompt for users during installation or when the extension updates. It also means that users have less of a chance of becoming stranded.

If you use the following permissions, please feel welcome to move them from the permissions manifest.json key to the optional_permissions key:

  • management
  • devtools
  • browsingData
  • pkcs11
  • proxy
  • session

Second, we’re encouraging developers who use optional permissions to request them at runtime. When you use optional permissions with the permissions.request API, permission requests will be triggered when permissions are needed for a feature. Users can then see which permissions are being requested in context of using the extension. For more information, please see our guide on requesting permissions at runtime.

As an added bonus, we’ve also implemented the permissions.onAdded and permissions.onRemoved events, allowing you to react to permissions being granted or revoked.

Merging CSP headers

Users who have multiple add-ons installed that modify the content security policy headers of requests may have been seeing their add-ons behave erratically and will likely blame the add-on(s) for not working. Luckily, we now properly merge the CSP headers when two add-ons modify them via webRequest. This is especially important for content blockers leveraging the CSP to block resources such as scripts and images.

Handling SameSite cookie restrictions

We’ve seen developers trying to work around SameSite cookie restrictions. If you have been using iframes on your extension pages and expecting them to behave like first party frames, the SameSite cookie attribute will keep your add-on from working properly. In Firefox 77, the cookies for these frames will behave as if it was a first party request. This should ensure that your extension continues to work as expected.

Other updates

Please also see these additional changes:

I’m very excited about the number of patches from the community that are included in this release. Please congratulate Tom Schuster, Ajitesh, Tobias, Mélanie Chauvel, Atique Ahmed Ziad, and a few teams across Mozilla that are bringing these great additions to you. I’m looking forward to finding out what is in store for Firefox 78, please stay tuned!

10 comments on “Extensions in Firefox 77”

  1. zakius wrote on

    still no way to implement gestures or hotkeys properly, I see

  2. Stefan wrote on

    Earlier i wrote the following:

    “Why does Firefox 75 reset all my settings i do for the addons ? Why does Firefox 75 at every start nag me about the addons have been successfully installed ? They are set in about:config to NOT autoupdate they seem still to do it anyway ! I utterly hate Firefox Quantum !!!!!!!”

    I solved it finally. It had to with user rights on the profile folder on my external harddrive. It was easy as that !

    Just wanted other to know how i solved the problem.

  3. Stefan wrote on

    * It had to with = it had to do with…..

  4. Bingo wrote on

    Oh, a Firefox update. Will it break addons AGAIN?
    …Yes. NoScript is no longer working properly.

    Great design, really an amazing browser if you want to spend too much time with fixing regressions… :-/

  5. Alex wrote on

    The change for CSP broke numerous userscripts since extensions like Greasemonkey can no longer modify the CSP to allow local scripts.

  6. Nate wrote on

    So I have a lot of clients who use an Add-on of mine, and now after this update, EVERY single client needs to update their system because the update breaks the add-on… requires them to re-authorize it and most of them don’t know how to do that. There are also some settings in user.js that it breaks.

    Stefan wrote:
    “I solved it finally. It had to with user rights on the profile folder on my external harddrive. It was easy as that !”

    But I think that this is not a very good fix when you have to do this possibly hundreds of times on different machines. Is there any configuration option that allows the system to automatically accept extensions like before? This is really annoying! Help anyone?

    1. Caitlin Neiman wrote on

      Hey Nate, we’d like to investigate this more. Can you file a bug to

  7. jorge wrote on

    this version of firefox removed all the extensions I had installed (onetab, lastpass, ublock origin, etc…). How can this be fixed?

    1. Caitlin Neiman wrote on

      Sounds like something went very wrong! Have you tried for help?

  8. Tiger wrote on

    The same happened here, and I must admit I panicked a bit, until I discovered that it was actually just a came of restarting Firefox, and everything was back to normal again =)