How to require permissions to be enabled in Firefox using Manifest v3? - firefox

As of January 17, Firefox now supports Manifest v3 in Firefox 109.0.
I have an add-on I am testing with Manifest v3 and it requires access to a variable on reddit.com.
I want to make the "Access your data for sites in the *://reddit.com domain" permission required, since the extension does not work without it.
What needs to be done to make it so it does not show as optional since I want the user to not have to explicitly turn on the permission from the Permissions tab?
I want it show as required similar to this image (source):
Here's a trimmed down version of an example Manifest file that shows the permission as optional.
{
"manifest_version": 3,
"name": "Example",
"description": "Example",
"version": "3.16.1",
"content_scripts": [
{
"run_at": "document_idle",
"matches": ["*://*.reddit.com/"],
"js": ["script.js"]
}
]
}
I have tried adding "permissions": ["https://*.reddit.com/*"], but it still shows as optional.
I also tried "permissions": ["*://reddit.com"] and "host_permissions": ["*://reddit.com"] but nothing is causing it to be required.
I have a Chrome extension which is working with the same manifest v3 file.

The only solution I have found is to set optional permissions.
https://developer.chrome.com/docs/extensions/reference/permissions/
I added the permission setting itself to the listener. Of course, I check beforehand that such permissions do not already exist.
browser.action.onClicked.addListener((tab: Tab) => {
browser.permissions.request({
origins: ['*://*.reddit.com/']
})
});

Related

Electron-builder macOS notarization problem with puppeteer library: Not all binaries are signed

I am currently struggling with notarizing my app with electron builder for macOS! The app uses puppeteer which causes the error that the ".localChromium" folder does not get signed! I already tried a lot of things but I was not able to fix this problem.
Here is my configuration for the package.json file:
"build": {
"asar": true,
"asarUnpack": "node_modules/puppeteer/.local-chromium/**/*",
"publish": [
{
"provider": "generic",
"url": "http://www.someProvider.com"
}
],
"appId": "SomeApp",
"afterSign": "notarize.js",
"mac": {
"icon": "build/logo.png",
"category": "public.app-category.productivity",
"target": [
"dmg", "zip"
],
"signIgnore": "/node_modules/puppeteer/.local-chromium/",
"gatekeeperAssess": false
}
This is just the lastest configuration I tried! (I read about the signIgnore property on a GitHub post where someone mentioned a similar problem and was able to fix it with this, but this hasn't changed anything - I tried multiple paths in case this one is a wrong expression). I also tried to set the "hardendedRuntime" property to true.
To use puppeteer-core is not an option!
These are some errors I receive - they all state that the content in the .localChromium folder isn't signed:
Does anyone know how to fix this problem?
I solved this by using puppeteer-in-electron. Just replace import puppeteer from 'puppeteer' with import puppeteer from 'puppeteer-core'. That way .local-chromium wont be included with your electron app because it will just use the chromium that is built in along with electron. You will also need to remove puppeteer from package.json

Automatically add addon from app.json, heroku.yml or other config

I would like to provide a button from github to directly deploy an app.
Its a go application which serves some website.
Now for persistent data it requires an addon "Heroku Postgres".
I tried defining a heroku.yml with:
setup:
addons:
- plan: heroku-postgresql
I tried app.json with:
{
"addons": ["heroku-postgresql:hobby-dev"]
}
But it does nothing at all, it never adds the addon. I know I can add it manually through the website or CLI, but I want a fully automatic way - if that is possible.
It should look something like this
"addons": [
{
"plan": "heroku-postgresql",
"options": {
"version": "12"
}
}
]
Example app.json from heroku

How can I log messages in content script of firefox extension?

I am new to Firefox extension (add-on) development. I'm injecting a content script through my sidebar code-behind using the browser.tabs.executeScript() API. And I run my extension using web-ext run command.
The problem is, my log doesn't appear in developer console and when I go to tools console, I can see the following error:
Error: Missing host permission for the tab
Mozilla defines a host permission as given through pattern matching of page URL. And of course adding the following to my manifest.json file fixes the issue:
"content_scripts": [
{
"matches": ["<all_urls>"],
"js": ["content-script.js"]
}
]
But I'd like to inject the content script on demand, not based on the page URL.
Another way is to send messages through API to my sidebar code-behind and then log it there in my extension console. But this requires a bit of implementation. On the other hand, It makes me wondering why shouldn't I be able to simply log a message to developer console through an injected script?
This is my code:
manifest.json:
{
"manifest_version": 2,
"name":"My Extension",
"version":"1.0",
"sidebar_action":{
"default_title": "My sidebar",
"default_panel": "sidebar/panel.html"
},
"permissions":[]
}
panel.js:
browser.tabs.executeScript({ file: "content-script.js" });
content-script.js:
console.log('first line of content script');
I found it. The term <all_urls> can be used as a permission:
"permissions":["<all_urls>"]
Then console.log() works within content script.
However, it is not recommended to include this permission: Avoid host permission "<all_urls>" if you can

How to hide or make relative the paths that appear in the files inside the conda-meta folder?

When a build a conda environment like this
conda create --prefix env python=3.6.5
Some absolute paths appear in some json files in the conda-meta folder. How can I avoid it? I just want to use relative paths here or I just want to hide them completely. Is there a way to achieve this? Are they mandatory? See extracted_package_dir, source or package_tarball_full_path attributes:
{
"arch": "x86_64",
"build": "py36_0",
"build_number": 0,
"channel": "https://repo.anaconda.com/pkgs/main/win-64",
"constrains": [],
"depends": [
"python >=3.6,<3.7.0a0"
],
"extracted_package_dir": "C:\\Users\\UserName\\AppData\\Local\\conda\\conda\\pkgs\\certifi-2019.3.9-py36_0",
"features": "",
"files": [
"Lib/site-packages/certifi-2019.03.09-py3.6.egg-info",
"Lib/site-packages/certifi/__init__.py",
"Lib/site-packages/certifi/__main__.py",
"Lib/site-packages/certifi/__pycache__/__init__.cpython-36.pyc",
"Lib/site-packages/certifi/__pycache__/__main__.cpython-36.pyc",
"Lib/site-packages/certifi/__pycache__/core.cpython-36.pyc",
"Lib/site-packages/certifi/cacert.pem",
"Lib/site-packages/certifi/core.py"
],
"fn": "certifi-2019.3.9-py36_0.tar.bz2",
"license": "ISC",
"link": {
"source": "C:\\Users\\UserName\\AppData\\Local\\conda\\conda\\pkgs\\certifi-2019.3.9-py36_0",
"type": 1
},
"md5": "e1faa30cf88c0cd141dfe71e70a9597a",
"name": "certifi",
"package_tarball_full_path": "C:\\Users\\UserName\\AppData\\Local\\conda\\conda\\pkgs\\certifi-2019.3.9-py36_0.tar.bz2",
"paths_data": {
"paths": [
[...]
If I remove the whole folder the environment become useless and I cannot activate it anymore in order to install, update or remove new packages.
I want to do this to encapsulate the environment in one application and I do not want to have my original absolute paths in the computer of the final user.
My Use Case
I am developing an electron app that uses a tornado server (that uses python)
Currently I am using electron-builder to add the environment to the installer and works pretty well, but one drawback is the conda-meta folder I commented above. What I do now is to remove it manually when I want to make an installer.
That will probably break conda. It's not written to treat those as relative paths. If you told us more about your use case, maybe we could help. Are you trying to redistribute an installed environment? Have you see the "constructor" or "conda-pack" projects?
Finally the best solution I found was to ignore the folder when creating the final installer with electron-builder.
So I have applied the directive extraResources to add the conda environment except the folder conda-meta. And I have added the filter "!conda-meta${/*}", the meaning is explained here
Remember that !doNotCopyMe/**/* would match the files in the doNotCopyMe directory, but not the directory itself, so the empty directory would be created. Solution — use macro ${/*}, e.g. !doNotCopyMe${/*}.
The result in the package.json file:
"extraResources": [
{
"from": "../env",
"to": "env",
"filter": [
"**/*",
"!*.pyc",
"!conda-meta${/*}"
]
}
],

Heroku Pipeline Deploy Hook HTTP in app.json

I am setting up a Heroku pipeline and I want to add the "add-on" attribute however I did not see them be applied to my environment.
The format of the add ons block is:
"addons": [
"sendgrid",
{
"plan": "deployhooks:http",
"as": "SLACK-ENG-STATUS",
"options": {
"url": "THIS IS A RANDOM URL"
}
}
],
Is that the correct syntax to create the add-on? I do not see the configuration in the staging app when I directly deploy to it.
Do you expect your addon to be created on deploy? Because that is not how the app.json works. The app.json only created your addons for:
Review apps (https://devcenter.heroku.com/articles/github-integration-review-apps#app-json)
When you use the platform API to create your app (https://devcenter.heroku.com/articles/setting-up-apps-using-the-heroku-platform-api), including through the Heroku Button
If you already have an existing app, entries in the app.json will not modify it on deploy.

Resources