In Q4 2021, the Add-ons Engineering team will start implementing
new functionality to further restrict how websites may distribute and
offer add-ons for installation. This will require add-on authors who wish
to distribute their add-ons on a website to declare the website origin in
the add-on manifest. More than one origin may be listed, but we may
limit the total number allowed. The add-on will only be installable from
the origins listed and
addons.mozilla.org.
At
a future date TBC, the manifest entry will be required for all new
add-ons and all updates to existing add-ons. Pre-existing add-ons will
continue to work with the current 3rd party install flow. This
functionality will also be required for all add-ons using the future
Manifest Version 3 in Firefox.
Functionality for Enterprise
Policy and 3rd party Firefox distributions will continue to exist,
allowing those use cases to continue installing add-ons as they do today.
Technical Details
This example is accurate at the time of this writing, but may evolve as we progress through the project.
All
add-ons have a manifest.json file that defines a set of information
about the add-on, as well as defining various features used. Developers
will be required to add the following to the manifest.
Example manifest snippet:
"browser_specific_settings": {
"gecko": {
"install_origins": [
"https://example.com",
"https://foo.example.com"
]
}
},
The install origins must be explicit. The "
install_origins” array may be empty, which would limit installation to
addons.mozilla.org, or through local installation such as Enterprise Policy.
More details will be made available as we progress, alongside documentation of the requirements.
Kind regards,
Stuart Colville (on behalf of the Add-ons Engineering team)
--
Stuart Colville / Engineering Manager Add-ons
Slack / Matrix / Github / Bugzilla: muffinresearch