Featured

Is your extension ready for Firefox for Android? Be part of the launch of a new open mobile ecosystem

Scott DeVaney

12 responses

During the release cycle of Firefox 120, we’ll begin to see the emergence of dozens of new, openly available extensions on Firefox for Android on addons.mozilla.org (AMO). We’re taking a steady approach to opening up the mobile extension ecosystem to ensure Firefox for Android maintains strong performance standards while a vast new array of extensions are utilized for the first time in a mobile environment. If testing continues to progress well, we anticipate unveiling a fully open Firefox for Android extension ecosystem sometime in December. Stay tuned for details.

For developers interested in optimizing desktop extensions for Firefox for Android usage, now’s the perfect time to assess your extension and take necessary steps to make your extension part of the coming first wave of openly available extensions on Firefox for Android.

We anticipate strong interest from users excited to explore all the new ways they can customize Firefox for Android. Current trends indicate we’ll have at least 200+ new Firefox for Android extensions on AMO when open availability debuts in December. And while a couple hundred extensions is more variety than you’ll find on any other mobile browser, it is significantly fewer than the nearly 40,000 desktop Firefox extensions on AMO. So the opportunity for heightened discoverability with new users may be intriguing to some developers.

It’s also a great time for developers who are intrigued at the prospect of creating new ways Firefox for Android users will fundamentally experience the mobile web. Are there browsing problems unique to the mobile environment that web extensions can solve? How can we enhance mobile web experiences with extensions? How can extensions empower mobile users? It’s an open invitation to innovation.

For developers keen to learn more about making their desktop extensions compatible on Firefox for Android, here are some timely resources (in addition to Firefox Add-ons Discourse where you can hit us up anytime with questions)…

Webinar: Setup, testing, debugging 

Time: Wednesday, November 15 at 11am EDT

Senior Developer Relations Engineer Simeon Vincent will host his second webinar dedicated to Firefox for Android extension development and desktop migration. The November 15 session will focus on Firefox for Android development setup steps like getting started with Android Studio, creating a virtual device for QA and getting Firefox Nightly readied for remote debugging.

Register for the livestream!

Check out our first Firefox for Android webinar from October.

Open office hours 

Time: Every Monday, Tuesday

Simeon also hosts weekly open “office hours” for anyone interested in signing up to receive 1:1 guidance on Firefox for Android extension development. These open office hours are only scheduled to run through December, so don’t be shy to tap Simeon’s expertise as you prepare your extension for mobile release.

First 200 Firefox for Android extension developers (to email us) get a free t-shirt!

Sorry to bury the lede, but we’re also giving away this one of a kind “Early Add-opter” t-shirt to the first 200 developers who… 1) make their extension functional on Android; and 2) email us at firefox-android-addon-support [at] mozilla.com with a link to your extension’s AMO listing page. If your extension works as expected on Firefox for Android and you’re one of the first 200 to reach out we’ll be in touch with the t-shirt ordering details.

Can you imagine yourself wearing this t-shirt, just chilling after you’ve made your desktop extension compatible on Firefox for Android? 

Changes to Android extension signing

Simeon Vincent

7 responses

We recently identified a bug in the addons.mozilla.org (AMO) external API that caused all signing requests to mark extension submissions as being Android compatible. A fix for this bug will be pushed on Thursday, October 12th.

When the fix lands, the signing endpoint will stop marking extensions as being Android compatible by default, and instead check the extension’s manifest.json for a property in "browser_specific_settings" named “gecko_android”. If present, that object’s "strict_min_version" and "strict_max_version" properties will be used to set the Firefox for Android minimum and maximum values on AMO.

This change also affects community tools that send signing requests to AMO using the web API. This includes, but is not limited to:

What do I need to do?

To continue marking your extension as Android compatible on AMO, ensure that your manifest.json file includes a "browser_specific_settings.gecko_android" object. You can declare the minimum browser version supported using the "strict_min_version" properties of this object.

To stop marking your extension as Android compatible on AMO, ensure that your manifest.json file does not include a "browser_specific_settings.gecko_android" object.

For example, to signal that your extension works in Firefox for Android, you would include the following snippet in your extension’s manifest.

  "browser_specific_settings": {
    "gecko_android": {}
  }

You may also want to check the version compatibility settings for your extension on AMO.

Test Firefox Android extensions and help developers prepare for an open mobile ecosystem in December

Scott DeVaney

21 responses

In August we encouraged developers to start preparing their desktop extensions for Firefox Android open availability on addons.mozilla.org (AMO). The project is progressing well and we’re on track to launch the open mobile ecosystem on AMO in December. We have more infrastructure development and testing to complete in the coming weeks, but as we move toward release we’ll keep you informed of the project’s status right here on this blog, add-ons forums, and social channels.

To help our developer community prepare for Firefox Android open extension availability on AMO — and to ensure Firefox Android users have an exciting selection of extensions to choose from — we’ve compiled a list of popular desktop extensions (with mobile API compatibility) we’re inviting the add-ons community to help test on Firefox Android. If you’re intrigued to try some new extensions on your Firefox Android phone and offer feedback, we’d love to hear your thoughts.

How to test Firefox Android extensions (Beta, Nightly)

Test extensions are only currently discoverable on AMO via 119 Beta and 120 Nightly versions of Firefox Android. If you’re not already on Beta or Nightly, please follow these links for installing Firefox Android Beta and Nightly.

Once you’re ready to roll with Firefox Android (Beta/Nightly) on your phone, just follow these simple test steps:

  1. Check out this spreadsheet of test extensions. They were compiled because they possess a combination of Android API compatibility and relative popularity on Firefox desktop.
  2. Find a test extension that interests you and navigate to addons.mozilla.org on your Firefox Android (Beta/Nightly) phone and search for the extension you want to test, then install it.
  3. Follow the testing guide on this feedback form and play around with the extension.
  4. Report your impressions of the experience on the feedback form.

Then feel free to repeat testing with as many other test extensions as you like. Have fun with it! The feedback you provide will be extremely helpful to developers hoping to optimize their desktop extensions for Android usage.

Are you a developer hoping to make your extension available on Firefox Android?

If you have a desktop extension you want to prepare for Android availability on AMO, a good place to start is checking your desktop extension’s APIs against those supported for Android. It is also important that developers migrate to non-persistent background pages. In order to mark your extension as compatible with Firefox Android, add the gecko_android key inside browser_specific_settings (more info) in your manifest.json file (this is also a requirement when submitting your extension using the AMO API, e.g. with the web-ext tool). During this period you are welcome to update your extension on AMO to address issues while running in Firefox Android; and mark your extension as Android compatible to be ready for discoverability on AMO in December.

Please note — once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

It’s been exciting to see so many developers embrace this moment to make their desktop extensions available for a new mobile audience. When AMO opens the general availability of Android extensions in December, Firefox Android users will be thrilled at all of the innovative ways they’ll be able to customize their mobile browsing experience.

If you’re a developer with technical questions about mobile extension migration, please visit our support forum for Firefox Android extensions. You can also book office hours support every Monday and Tuesday.

Prepare your Firefox desktop extension for the upcoming Android release

Scott DeVaney

52 responses

In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We’ll announce a definite launch date in early September, but it’s safe to expect a roll-out before the year’s end. Here’s everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO…

Firefox will become the only major Android browser to support an open extension ecosystem

For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

“There is so much creative potential to unlock within the mobile browser space. Mozilla wants to provide developers with the best support we can so they’re equipped and empowered to build modern mobile WebExtensions.” — Giorgio Natili, Firefox Director of Engineering

To support our ecosystem of extension developers, we will create additional guides, resources and host community events to support your transition to a managed multi-process environment like Android.

Transition background scripts to non-persistent event pages

We recently introduced support for multi-process in Firefox for Android Nightly. This means extensions are no longer hosted in the main process as Firefox’s user interface. This is a key consideration since Android is prone to shutting down resource-intensive processes, such as extensions. To mitigate the risk of unexpected extension termination, we’ve introduced event page architecture to be non-persistent and more resilient to process termination. Thus we strongly encourage developers to transition from persistent backgrounds to non-persistent Event pages to improve their extension’s stability. In summary, this means:

  • Update your manifest.json background key and add “persistent”: false.
  • Ensure listeners are registered synchronously at the top-level.
  • Record global state in the storage API, for example storage.session.
  • Change timers to alarms.
  • Switch from using extension.getBackgroundPage for calling a function from the background page, to extension messaging or runtime.getBackgroundPage.

Once you’re ready to test the mobile version of your extension, create a collection on AMO and test it on Firefox for Android Nightly (note you’ll need to make a one-time change to Nightly’s advanced settings; please see the “Enable general extension support setting in Nightly” section of this post for details). If you’d prefer to polish your extension before publishing it on AMO, you can also debug and run the extension with web-ext.

This is an exciting time for developers seeking to expand the reach of their desktop extensions into the mobile Android space. For community support and input, you’re welcome to join the conversation on Firefox Add-ons Discourse.

declarativeNetRequest available in Firefox

Rob Wu

3 responses

The declarativeNetRequest (DNR) extension API is now available to all extensions starting from Firefox 113, released last week. Extensions with functionality that can be expressed in terms of declarative rules are highly encouraged to transition to the DNR API. Documentation is available at declarativeNetRequest (MDN).

DNR allows extensions to declare rules that describe how the browser should handle network requests. These rules enable Firefox to process network requests without involving the extension further. In comparison with the blocking webRequest API, this offers the following benefits:

  • Privacy: Blocking network requests without host permissions. DNR offers more privacy by design because extension code does not get direct access to the request details. Thus request blocking functionality can be offered without requiring scary host permissions. This feature is especially useful in Manifest Version 3, where host permissions are available on an opt-in basis.
  • Performance: Network requests are not blocked on extension startup and response. DNR rules are evaluated independent of extension scripts. A background page is therefore not required. This characteristic is especially important for the reliability of extensions on Android, because the Android OS may terminate the background page outside of the control of the extension and browser.
  • Cross-browser: DNR is the only extension API for handling network requests that is available across the major browsers. Other than Firefox, DNR is also supported by Safari and Chromium-based browsers such as Chrome and Edge.

Some extensions require more flexibility than DNR offers, and we are committed to supporting both the DNR and blocking webRequest APIs to ensure that Firefox users have access to the best privacy tools available.

What’s next

The DNR implementation is not final. We are working on further optimizations and additional functionality, which are tracked as dependencies of bug 1687755. Our work is not limited to Firefox; where it makes sense we try to establish cross-browser consensus in the WebExtensions Community Group (WECG), as seen at WECG issues with topic:dnr.

Are you interested in experimenting with the declarativeNetRequest API? Try out one of the examples at https://github.com/mdn/webextensions-examples/tree/main/dnr-dynamic-with-options. New to Firefox extension development? See the Test and debug section of the Extension Workshop to get started.

New extensions available now on Firefox for Android Nightly

Scott DeVaney

8 responses

As we continue to develop extensions support on Firefox for Android, we’re pleased to announce new additions to our library of featured Android extensions. To access featured extensions on Firefox for Android, tap Settings -> Add-ons.

Based on currently available APIs, performance evaluations, and listening to requests from the Mozilla community, here are five new extensions now available to Firefox for Android users…

Firefox Relay

Mozilla’s own Firefox Relay is now available for mobile usage. The extension lets you easily generate email masks that will forward messages to your authentic email while hiding your address from unwanted spam, or worse, hackers.

Tampermonkey on Android.

Tampermonkey

One of the most popular userscript managers makes its way to mobile. Tampermonkey top features include automatic update checks, an intuitive display of running scripts, plus browser and cloud storage sync.

Read Aloud: A Text to Speech Voice Reader

Have you ever wanted your news or other web pages (even PDF’s) read aloud so your hands and eyes are free to focus on other things? Read-Aloud: A Text to Speech Voice Reader can now accommodate you on Android — in 40+ languages.

AdNauseum

More than just an effective ad blocker, AdNauseum punches back against privacy invasive ad tech by clicking a bunch of blocked ads in the background so advertisers can’t build an accurate profile of your interests.

ClearURLs

A simple extension that provides a powerful privacy feature — ClearURLs automatically strips away tracking elements from web links you open.

Create extension collections on Firefox for Android Beta

By following these instructions you can now create your own custom extension collections on Firefox for Android Beta (previously, collections were only available on Nightly). Name the collection anything you like, so long as there aren’t any spaces in its title. When creating your collection, you’ll see a number in the Custom URL field; this is your user ID. You’ll need the collection name and user ID to configure Beta in the following way:

Once created, simply add extensions to your collection. Each collection generates a custom URL so you’re to share it with others.

Are more extensions coming to Firefox for Android?

Absolutely. Right now we’re focused on implementing Manifest version 3 (MV3) for Firefox desktop (i.e. wide ranging foundational changes to WebExtensions API). In 2023 we’ll begin work on the mobile adoption of MV3. Though we’re still early in planning, MV3 will certainly offer a number of advances for mobile extensions, such as elegant handling of process restarts and improved security by splitting extensions into their own processes, while also retaining critical MV2 features that support privacy and ad blocking capabilities. Indeed our goal is to design MV3 for mobile in such a manner we’re able to open up the discoverability of mobile extensions beyond the short list available today. As plans take shape, we’ll be sure to keep you informed. In the meantime you’re welcome to join conversations about extensions development on Firefox Add-ons Discourse.

 

Manifest v3 signing available November 21 on Firefox Nightly

Shane Caraveo

11 responses

Starting November 21, 2022 add-on developers are welcome to upload their Firefox Manifest version 3 (MV3) compatible extensions to addons.mozilla.org (AMO) and have them signed as MV3 extensions. Getting an early jump on MV3 signing enables you to begin testing your extension’s future functionality on Nightly to ensure a smooth eventual transition to MV3 in Firefox.

To be clear, Firefox will continue to support MV2 extensions for the foreseeable future, even as we welcome MV3 extensions in the release to general availability in Firefox 109 (January 17, 2023). Our goal has been to ensure a seamless transition from MV2 to MV3 for extension developers. Taking a gradual approach and gathering feedback as MV3 matures, we anticipate opportunities will emerge over time to modify our initial MV3 offering. In these instances, we intend to take the time necessary to make informed decisions about our approach.

Towards the end of 2023 — once we’ve had time to evaluate and assess MV3’s rollout (including identifying important MV2 use cases that will persist into MV3) — we’ll decide on an appropriate timeframe to deprecate MV2. Once this timeframe is established, we’ll communicate MV2’s closure process with advance notice. For now, please see this guide for supporting both MV2 and MV3 versions of your extension on AMO.

Mozilla’s vision for Firefox MV3

Firefox MV3 offers simplified and consolidated APIs, enhanced security and privacy mechanisms, and functionality to better support mobile platforms. As we continue to collaborate with other browser vendors and the developer community to shape MV3, we recognize cross-browser compatibility as a fundamental consideration. That said, we’re also implementing distinct elements to suit Firefox’s product and community needs. We want to give extension developers creative flexibility and choice, while ensuring users maintain access to the highest standards of extension customization and security. Firefox MV3 stands apart from other iterations of MV3 in two critical ways:

  1. While other browser vendors introduced declarativeNetRequest (DNR) in favor of blocking Web Request in MV3, Firefox MV3 continues to support blocking Web Request and will support a compatible version of DNR in the future. We believe blocking Web Request is more flexible than DNR, thus allowing for more creative use cases in content blockers and other privacy and security extensions. However, DNR also has important performance and compatibility characteristics we want to support.
  2. Firefox MV3 offers Event Pages as the background script in lieu of service workers, though we plan to support service workers in the future for compatibility. Event Pages offer benefits like DOM and Web APIs that aren’t available to service workers, while also generally providing a simpler migration path.

Over subsequent releases next year, we’ll continue to expand Firefox MV3 compatibility.

MV3 also ushers an exciting user interface change in the form of the new extensions button (already available on Firefox Nightly). This will give users direct control over which extensions can access specific web sites.

The extensions button will give Firefox users direct control over website specific extension permissions.

Users are able to review, grant, or revoke MV3 extension access to any website. MV2 extensions will display in the button interface, but permissions access is unavailable. Please see this post for more information about the new extensions button.

If you’re planning to migrate your MV2 extension to MV3, there are steps you can take today to get started. We always encourage feedback from our developer community, so don’t hesitate to get in touch:

Extensions button and how to handle permissions in Manifest V3

Juha-Matti Santala

39 responses

Manifest V3 (MV3) is bringing new user-facing changes to Firefox, including an extensions button to manage installed and enabled browser extension permissions (origin controls), providing Firefox users control over extension access to their browsers. The first building blocks of this button were added to Nightly in Firefox 107 and will become available with the general release of MV3 in Firefox 109.

Extensions button

The extensions button will give Firefox users direct control over website specific extension permissions.

In MV2, host permissions are granted by the user at the time of install and there’s no elegant way for the user to change this setting (short of uninstalling/reinstalling and choosing different permissions). But with the new extensions button in MV3 in Firefox, users will have easy access and persistent control over which extensions can access any web page, at any time. Users are free to grant ongoing access to a website, or make a choice per visit. To enable this, MV3 treats host permissions (listed in the extension manifest) as opt-in.

The button panel will display the user’s installed and enabled extensions and their current permission state. In addition to managing host permissions, the panel also allows the user to manage, remove, or report the extension. Extensions with browser actions will behave similarly in the toolbar as in the panel.

Manifest V2 (MV2) extensions will also display in the panel; however users can’t take actions for MV2 host permissions since those were granted at installation and this choice cannot be reversed in MV2 without uninstalling the extension and starting again.

You can also find more information about the extensions button from support.mozilla.org

How to deal with opt-in permissions in extension code

The Permissions API provides a way for developers to read and request permissions.

With permissions.request(), you can request specific permissions that have been defined as optional permissions in the manifest:

const permissionsToRequest = {
  permissions: ["bookmarks", "history"],
  origins: ["https://developer.mozilla.org/"]
}

async function requestPermissions() {
  function onResponse(response) {
    if (response) {
      console.log("Permission was granted");
    } else {
      console.log("Permission was refused");
    }

    return browser.permissions.getAll();
  }

  const response = await browser.permissions.request(permissionsToRequest);
  const currentPermissions = await onResponse(response);

  console.log(`Current permissions:`, currentPermissions);
}

This is handy when the request for permissions is tied to a user action like selecting a context menu item. Note that you cannot request for a permission that is not defined in the manifest.

Other times, you’ll want to react to a permission being granted or removed. This can be done with permissions.onAdded and permissions.onRemoved respectively.


function handleAdded(permissions) {
  console.log(`New API permissions: ${permissions.permissions}`);
  console.log(`New host permissions: ${permissions.origins}`);
}

browser.permissions.onAdded.addListener(handleAdded);

Finally, you can check for already existing permissions in two different ways: permissions.getAll() returns a list of all granted permissions and permissions.contains(permissionsToCheck) checks for specific permissions and resolves to true if, and only if, all checked permissions are granted.


// Extension permissions are:
// "webRequest", "tabs", "*://*.mozilla.org/*"

let testPermissions1 = {
  origins: ["*://mozilla.org/"],
  permissions: ["tabs"]
};

const testResult1 = await browser.permissions.contains(testPermissions1);
console.log(testResult1); // true

We always encourage feedback from our developer community, so don’t hesitate to get in touch:

Begin your MV3 migration by implementing new features today

Shane Caraveo

21 responses

Early next year, Firefox will release Mozilla’s Manifest V3 (MV3). Therefore, it’s an ideal time to consider migrating your Manifest V2 extensions. One of our goals throughout our approach to MV3 has been to gradually release new WebExtensions features that enable you to begin implementing APIs that are compatible with MV3. To this end, we recently released some exciting new features you should know about…

 

MV3 changes you can make to your extension right now

 

Event Pages

In Firefox MV3, we’re providing Event Pages as the background script. Event Pages retain several important features, including access to DOM and WebAPIs that are not available with the new service worker backgrounds used in Google Chrome.

We enabled Event Pages for MV2 (aka non-persistent background pages that can be closed and respawned based on browser events) in Firefox 106. This update is a major step toward MV3 because all extensions must adopt Event Pages in MV3. But you can make this change today and use new Event Pages benefits such as:

  • Resiliency against unexpected system crashes. Now we can restart a corrupted background page without hindering the user.
  • No need for an extension reboot to reset a background page.
  • Save on memory resources by putting idle background pages to sleep.

How do I implement Event Pages?

To turn your background into an Event Page, set `persistent: false` on the background page in your manifest.json. Here’s more info on background scripts with implementation details.

Now that your background script is non-persistent, you need to tell Firefox when to wake up the page if it’s suspended. There are two methods available:

  1. Use an event listener like `browser.tabs.onCreated` in your background script.  Event listeners must be added at the top level execution of your script. This way, if your background is sleeping Firefox knows to wake the script whenever a new tab is spawned. This works with nearly all events in the WebExtensions API. Here’s more info on adding listeners. (Note that Firefox recognizes arguments passed to addListener and does not create multiple listeners for the same set of arguments.)
  2. Use `browser.runtime.getBackgroundPage` if you need a background page to run processes unrelated to events. For instance, you may need a background script to run a process while the user is involved with a browser action or side panel. Use this API anytime you need direct access to a background page that may be suspended or closed. Here’s more info on background script functions.

Menus and Scripting APIs also support persistent data:

  • Menu items created by an event page are available after they’re registered — even if the event page is terminated. The event page respawns as necessary to menu events.
  • Registered scripts can be injected into matching web pages without the need for a running Event Page.

Scripting

You can take another big step toward MV3 by switching to the new Scripting API. This API consolidates several scripting related APIs — contentScripts.register(), tabs.insertCSS(), tabs.removeCSS(), and tabs.executeScript() — and adds capabilities to register, update, and unregister content scripts at runtime.

Also, arbitrary strings can no longer be executed because the code parameter has been removed. So you’ll need to move any arbitrary strings executed as scripts into files contained within the extension, or to the func property used with, if necessary, the args parameter.

This API requires the scripting permission.

Preparing for MV3 restrictions

MV3 will impose enhanced restrictions on several features. Most of these restrictions are outlined in the MV3 migration guide. By following the steps detailed in the guide, there are some ways you can begin modifying your MV2 extension to make it comply more closely with MV3 requirements. A few noteworthy areas include…

Conform to MV3’s Content Security Policy

Mozilla’s long-standing add-on policies prohibit remote code execution. In keeping with these policies, the content_security_policy field no longer supports sources permitting remote code in script-related directives, such as script-src or `’unsafe-eval’`. The only permitted values for the `script-src` directive is `’self’` and `’wasm-unsafe-eval’`. `’wasm-unsafe-eval’` must be specified in the CSP if an extension wants to use WebAssembly. In MV3, content scripts are subject to the same CSP as other parts of the extension.

Historically, a custom extension CSP required object-src to be specified. This is not required in MV3 and was removed from MV2 in Firefox 106 (see object-src in content_security_policy on MDN). This change makes it easier for extensions to customize the CSP with minimal boilerplate.

The Content Security Policy (CSP) is more restrictive in MV3. If you are using a custom CSP in your MV2 add-on, you can validate the CSP by temporarily running it as an MV3 extension.  See the MV3 migration guide for details.

Upgrade insecure requests – https by default

When communicating with external servers, extensions will use https by default. Extensions should replace the “http:” and ”ws:” schemes in their source code with secure alternatives, “https:” and ”wss:”. The default MV3 CSP includes the upgrade-secure-requests directive, to enforce the use of secure schemes even if an insecure scheme was used.

Extensions can opt out of this https requirement by overriding the content_security_policy and omitting the upgrade-secure-requests, provided that no user data is transmitted insecurely through the extension.

Opt-in permissions

All MV3 permissions, including host permissions, are opt-in for users. This necessitated a significant Firefox design change — the introduction of the extensions button — so users can easily grant or deny website specific permissions at any time (the button is enabled on Firefox Nightly for early testing and feedback).

The extensions button gives Firefox users direct control over website specific extension permissions.

Therefore, you must ensure your extension has permission whenever it accesses APIs covered by a permission, accesses a tab, or uses Fetch API. MV2 already has APIs that enables you to check for permissions and watch for changes in permission. When necessary, you can get the current permission status. However, rather than always checking, use the permissions.onAdded and permissions.onRemoved event APIs to watch for changes.

Update content scripts

While content scripts continue to have access to the same extension APIs in MV3 as in MV2, most of the special exceptions and extension specific capabilities have been removed from the web platform APIs (DOM APIs). In particular, the extension’s host permissions no longer apply to Fetch and XMLHttpRequest.

CSP for content scripts

With MV2 no CSP is applied to content scripts. In MV3, content scripts are subjected to the same CSP as other parts of the extension (see CSP for content scripts on MDN). Notably, this means that remote code cannot be executed from the content script. Some existing uses can be replaced with functionality from the Scripting API such as func and args (see the “Scripting” section above), which is available to MV2 extensions.

XHR and Fetch

With MV2 you also have access to some APIs, such as XMLHttpRequest and Fetch, from both extension and web page contexts. This allows for cross origin requests in a way that is not available in MV3. In MV3, XHR and Fetch operate as if the web page itself was using them, and are subject to cross origin controls.

Content scripts can continue using XHR and Fetch by first making requests to background scripts. A background script can then use Fetch to get the data and return the necessary information to the content script. To avoid privacy issues, set the “credentials” option to “omit” and cache option to “no-cache”. In the future, we may offer an API to support the make-request-on-behalf-of-a-document-in-a-tab use case.

Will Chrome MV3 extensions work in Firefox MV2?

The release of MV3 in Firefox is distinct from Chrome. Add-ons intended to work across different browsers will, in most cases, require some level of adjustment to be compatible in both Firefox and Chrome. That said, we are committed to a high level of compatibility. We will be providing additional APIs and features in the near future. If you’ve converted your Chrome extension to Google’s MV3, you may be able to consolidate some of those changes into your Firefox MV2 extension. Here are a few areas to investigate:

  • Service Workers are not yet available in Firefox; however many scripts may work interchangeably between Service Workers and Event Pages, depending on functionality. To get things working, you may need to remove service worker specific APIs. See Service Worker Global Scope for more information.
  • DNR is not yet available in Firefox. Firefox retains WebRequest blocking in MV3, which can be used in place of DNR. When DNR is available, simple request modifications can be moved over to DNR.
  • The storage.session API is not yet available in Firefox. You can use other storage mechanisms in the meantime.

Hopefully, we’ve provided helpful information so you can use the new MV2 features to start your migration to MV3. As always, we appreciate your feedback and welcome questions. Here are the ways to get in touch:

Hello from the new developer advocate

Juha-Matti Santala

12 responses

Hello extension developers, I’m Juhis, it’s a pleasure to meet you all. In the beginning of August I joined Mozilla and the Firefox add-ons team as a developer advocate. I expect us to see each other quite a lot in the future. My mom taught me to always introduce myself to new people so here we go!

My goal is to help all of you to learn from each other, to build great add-ons and to make that journey an enjoyable experience. Also, I want to be your voice to the teams building Firefox and add-ons tooling.

My journey into the world of software

I’m originally from Finland and grew up in a rather small town in the southwest. I got excited about computers from a very young age. I vividly remember a moment from my childhood when my sister created a digital painting of two horses, but since it was too large for the screen, I had to scroll to reveal the other horse. That blew my four-year old mind and I’ve been fascinated by the opportunities of technology ever since.

After some years working in professional software development, I realized I could offer maximum impact by building communities and helping others become developers rather than just coding myself. Ever since, I’ve been building developer communities, organized meetups, taught programming and served as a general advocate for the potentials of technology.

I believe in the positive empowerment that technology can bring to individuals all around the world. Whether it’s someone building something small to solve a problem in their daily life, someone building tools for their community, or being able to build and run your own business, there are so many ways we can leverage technology for good.

Customize your own internet experience with add-ons

The idea of shaping your own internet experience has been close to my heart for a long time. It can be something relatively simple like running custom CSS through existing extensions to make a website more enjoyable to use, or maybe it’s building big extensions for thousands of other people to enjoy. I’m excited to now be in a position where I can help others to build great add-ons of their own.

To understand better what a new extensions developer goes through, I built an extension following our documentation and processes. I built it for fellow Pokemon TCG players who want a a more visual way to read decklists online. Pokemon TCG card viewer can be installed from addons.mozilla.org. It adds a hover state to card codes it recognizes and displays a picture of the card on hover.

Best way to find me is in the Mozilla Matrix server as @hamatti:mozilla.org in the Add-ons channel. Come say hi!

Tags:

Categories: Uncategorized