I am Using Firefox 40 and followed Signing an XPI article to sign an XPI. Used certutil to sign the XPI, imported the X509.cacert in firefox Certificate Manager (Authorities tab) every step completed as mentioned in the article. Now if I install the XPI , I get popup.
Caution: This site would like to install an unverified add-on in Firefox
After installation the extension is working correctly.
However if I set the flag: xpinstall.signature.required to true and then try to install it . I get popup telling
This add-on could not be installed as it appears to be corrupt.
Followed the steps in the article multiple times just to make sure I din't miss anything ..but still the same issue. Would appreciate any pointers to where to look for the problem.
Extensions now have to be signed by mozilla unless you're using nightly/dev edition or a special unbranded release/beta builds.
See this page for further information.
If you want to distribute them yourself AMO should have an option to submit extensions for signing without listing them.
Related
I am facing the chrome extension issue. The following is the issue:
“UiPath.Core.BrowserOperationException: Cannot communicate with the browser, please check the UiPath extension”
I have UiPath Robot only so I cannot install extension from Studio. I am running the package from the tray.
Things I did to solve the issue by myself:
Removed extension and installed again (multiple times).
Cleared browsing data before execution.
Update the package few times.
Restarted my machine.
It's not clear whether you have installed the extension from the Chrome web store, but it is preferable to install the extension using the following command:
C:\Program Files\UiPath\Studio\UiPath\SetupExtensions.exe /chrome
This will work without having Studio installed. Also bear in mind that if you are launching Chrome in Incognito, you will need to explicitly allow the extension in Incognito by going to the following URL in Chrome:
chrome://extensions/
Choose "Details" on the UiPath extension, and "Allow in Incognito".
Further information can be found here: Extension for Chrome
Try this.
1 Use the StartProcess to start Internet explorer exe file from program files.
2 Send Url as argument eg “www.abc.com”
3 Use on element appear to check if the home page is loaded.
4 Attach browser and use the browser variable to pass to other workflows.
I created a simple Firefox extension (using WebExtensions) that I want to use every day in Firefox without publishing it on addons.mozilla.org (AMO). I was able to install it temporarily and verify that it works by going to about:debugging, clicking on the "Load Temporary Add-On" button, and opening the manifest.json file.
Since I want to use the extension without having to go through that process every time I restart Firefox, I packaged it into an XPI file and tried installing it like a regular local extension. I archived the two files (manifest.json, content_script.js) and the one directory (icons/) into a ZIP file and renamed it to test.xpi. At about:addons, I clicked the gear icon, selected "Install Add-on From File", and selected the test.xpi file. But Firefox always gave me the error
"This add-on could not be installed because it appears to be corrupt".
In creating the ZIP file, I was careful to keep the manifest file at the top of the archive, and did not include the containing folder itself. I tried following some detailed instructions on installing an XPI file locally, and even installed Cygwin in order to get access to the "zip" utility that the instructions mention, but I'm not able to find that utility in any of the Cygwin folders.
To see if the problem was a lack of a Mozilla signature, I submitted it to AMO (addons.mozilla.org) for signing. AMO signed it and provided me with a new XPI file, which I assumed to be installable since it was signed. But this officially created and signed XPI file still got the error that it was corrupt.
Does anyone have ideas as to how I can figure out what's causing this?
I was able to solve this: It turns out that the manifest requires an "id" property, even though the Mozilla documentation claims otherwise: "However, from Firefox 48 you can develop, debug, publish, and update extensions without needing to set an explicit ID at all." and "When do you need an add-on ID? If you are loading the add-on from it's [sic] XPI file, are not loading it temporarily using about:debugging and it is not signed [my XPI file was signed]".
I'm trying to develop an extension to run on the FirefoxDeveloperEdition (which doesn't require signing) on mac.
I followed the "Your first WebExtension" guide and everything works fine when using the "Load temporary add-on". But when I try to package it and install it using the "install add-on from file", it shows "this add-on could not be installed because it appears to be corrupt".
I zip all the files (borderify.js, manifest.json, icons, without the container folder) and change the suffix to .xpi. Is this the correct way of packaging? some answers mention that there should be a "install.rdf" ?, if so, how can I create that file? it seems there is no guide on the docs.
UPDATE:
I've tried using the mac builtin "compress n items", xpi file, also tried using web-ext build, xpi file. they all end up with the same error alert.
UPDATE 2:
I've set xpinstall.signatures.required false in about:config.
My firefox version is: 51.0a2 (2016-10-17) (64-bit)
Is there anyone able to load the unsigned xpi? Is it a Firefox bug? or is it just me?
If you want to install .xpi, you need to provide an id.
Add this to your manifest.json root
"applications": {
"gecko": {
"id": "borderify#mozilla.org",
}
}
It's not particularly well documented, specifically this page tells that "add-on will be assigned a randomly-generated temporary ID when you install it in Firefox.". However, that only seems to work for installing over about:debugging - xpi installation still requires an ID. It might be any string, since you've running it on DevEdition with disabled checks anyway.
Goes without saying, that would not work on release Firefox.
P.S: Ctrl-Shift-J will open a browser console that will usually contain additional information about the extension installation error - might be useful next time.
So the story is like this. I debug a site which throws a lot of warnings:
Strict-Transport-Security: The connection to the site is
untrustworthy, so the specified header was ignored.
That is because there is no proper certificate for localhost. But that is very annoying and I was not able to find option to filter out firebug console. So I decided to go into code. I found that firebug is inside ~/.mozilla/firefox/blablabla.bla/extensions/firebug#software.joehewitt.com.xpi and that is zip which I could open with Vim and got to content/firebug/console/errrors.js, find there a variable pointlessErrors and append my message to it.
Firefox ignores changes but after I restart it, it gives me message that firebug was not verified and was disabled. I's probably good, because it will protect me from lot's of risks, but I'm sure in my changes.
How to tell firefox that? Or how to properly make changes to plugins?
Or is there some option for Firefox to shut up about Strict-Transport-Security? (I know, I know, too many questions in one question, but I want to find best solution).
The answer to your question's title can be found in the Mozilla wiki:
There it says:
How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed
on AMO, and you'll be able to submit your add-on files without having
them published on the site. Please read the Distribution Policy for
more details.
You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
There is an API you can use for signing.
Having said that, there are easier alternatives to signing the extension:
Go to about:config and set xpinstall.signatures.required to false.
Install the Nightly, Developer Edition or unbranded version of Firefox
Here's the related answer from the wiki:
What are my options if I want to install unsigned extensions in Firefox?
The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be
special unbranded versions of Release and Beta that will have this
setting, so that add-on developers can work on their add-ons without
having to sign every build. To disable signature checks, you will need
to set the xpinstall.signatures.required preference to "false".
type about:config into the URL bar in Firefox
in the Search box type xpinstall.signatures.required
double-click the preference, or right-click and selected "Toggle", to set it to false.
Regarding the question about getting rid of the warning regarding Strict Transport Security I see a few other possible solutions:
Access your localhost via HTTP instead of HTTPS.
Suppress sending the Strict-Transport-Security header on localhost.
Install a proper certificate.
Note that this warning is shown for security purposes, so there is some risk in disabling it generally.
After hours and hours trying to get things working, I have this error in my console:
[CustomizableUI] Widget action-button--myAddonID-misspelutton not found, unable to remove from inner-toolbar-myAddonID-the-title-of-my-addon1 CustomizableUI.jsm:171
So, the addon's widget id is misspelled somehow and stuck somewhere. The term does not appear in any of my code.
Details: I originally built this addon using XUL overlays, and am rebuilding it with the Firefox AddOn SDK. I think (but I'm not sure) this problem happens like this: I installed my signed addon from the Firefox Addon Repo, and then I used jpm post --post-url http://localhost:8888/ to install it into Firefox Developer Edition running the Extension Auto-Installer.
In my code I had this, but I've removed it and everything that pertains to it:
const { CustomizableUI } = Cu.import('resource:///modules/CustomizableUI.jsm', {});
[update]
I have also tried this: uninstall the addon, enter customization mode and choose "Restore to Defaults" which resets all the toolbars to default. Then I exited Firefox and restarted it. When I run jpm to install the addon, the error code persists.
Funny thing also is this: when I view the button using the toolbox inspector, it shows the #id of that button just like in the error.
With that said, how do I resolve the problem without creating a new firefox profile?
The 'widget' module has been deprecated due to a number of performance and usability issues, and has been removed from the SDK as of Firefox 40. Please use the 'sdk/ui/button/action' or 'sdk/ui/button/toggle' module
https://developer.mozilla.org/Add-ons/SDK/High-Level_APIs/ui
https://developer.mozilla.org/Add-ons/SDK/Low-Level_APIs/ui_button_action
https://developer.mozilla.org/Add-ons/SDK/Low-Level_APIs/ui_button_toggle
Something was "jammed" in the profile.
I knew this after I removed all code relating to customizableUI, then uninstalling the addon and then using "Restore Defaults" in the customization panel, restarting Firefox and reinstalling the addon, but the problem persisted.
So instead of using this with my existing profile:
jpm post --post-url http://localhost:8888/
I used this to run it on a fresh clean one:
jpm run --binary "C:\Program Files (x86)\Firefox Developer Edition\firefox.exe"
(I was using post instead of run because I run multiple instances of Firefox and did not want run to cause them to exit; but adding --binary and the path to Firefox dev did the trick )
In a fresh profile everything works just fine, even with the code utilizing CustomizableUI. There are no errors relating to that in the console.