-
Notifications
You must be signed in to change notification settings - Fork 22.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document support for "incognito": "split" #33661
base: main
Are you sure you want to change the base?
Conversation
files/en-us/mozilla/add-ons/webextensions/manifest.json/incognito/index.md
Outdated
Show resolved
Hide resolved
Preview URLs
External URLs (1)URL:
(comment last updated: 2024-05-24 01:07:45) |
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@@ -70,6 +70,8 @@ This article provides information about the changes in Firefox 127 that affect d | |||
|
|||
## Changes for add-on developers | |||
|
|||
- Firefox now installs extensions using the `"split"` value of the manifest.json [`"incognito"`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito) key. However, Firefox doesn't support split mode, and extensions are installed using the `"not_allowed"` value ([Firefox bug 1876924](https://bugzil.la/1876924)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The previous phrasing could be misinterpreted as Firefox somehow installing extensions according to the incognito key.
- Firefox now installs extensions using the `"split"` value of the manifest.json [`"incognito"`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito) key. However, Firefox doesn't support split mode, and extensions are installed using the `"not_allowed"` value ([Firefox bug 1876924](https://bugzil.la/1876924)). | |
- Firefox now supports installation of extensions that specify the `"split"` value of the manifest.json [`"incognito"`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito) key. Previously such extensions cannot be installed, now they can but "split" is treated as an alias of the `"not_allowed"` value ([Firefox bug 1876924](https://bugzil.la/1876924)). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Rob--W I can see that "using" might be an issue, but I do feel we need to state that "split" mode isn't supported, or it might seem we are arbitrarily preventing extensions from using that option. How about:
- Firefox now installs extensions using the `"split"` value of the manifest.json [`"incognito"`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito) key. However, Firefox doesn't support split mode, and extensions are installed using the `"not_allowed"` value ([Firefox bug 1876924](https://bugzil.la/1876924)). | |
- Firefox now installs extensions that specify the `"split"` value of the manifest.json [`"incognito"`](/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/incognito) key. However, as Firefox doesn't support split mode and to preserve the integrity of incognito browsing `"split"` is treated as an alias of the `"not_allowed"` value ([Firefox bug 1876924](https://bugzil.la/1876924)). |
- "split": the extension will be split between private and non-private windows. There are effectively two copies of the extension running: one sees only non-private windows, the other sees only private windows. Each copy has isolated access to Web APIs (so, for example, [`localStorage`](/en-US/docs/Web/API/Window/localStorage) is not shared). However, the WebExtension API [`storage.local`](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/local) is shared. (**Note:** this setting is not supported by Firefox.) | ||
- "split": the extension is split between private and non-private windows. There are effectively two copies of the extension running: one sees only non-private windows, the other sees only private windows. Each copy has isolated access to Web APIs (so, for example, [`localStorage`](/en-US/docs/Web/API/Window/localStorage) is not shared). However, the WebExtension API [`storage.local`](/en-US/docs/Mozilla/Add-ons/WebExtensions/API/storage/local) is shared. | ||
|
||
> **Note:** Firefox doesn't support "split" mode. Extensions that request this option in Firefox are installed using "not_allowed". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the recommendation to delete the incognito key from manifest.json if an extension is designed to maintain the privacy expectations of Private browsing mode.
The main thing is to not leak state from private browsing to non-private browsing. A common mistake of extensions is to send the data from a content script (potentially in a tab in a private browsing window) to an external server through a network request from the background page. Since the background script shares the same cookies as the main browsing session, this would result in the activity from the private browsing window being linkable to the non-private browsing session. A way to avoid this is to use the credentials: "omit"
flag in fetch (along with cache: "no-cache"
), or the mozAnon: true
option in XMLHttpRequest.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- can I clarify that the recommendation is only for Firefox? I.e., can it be added to this note? Also, should we clarify the effect of not specifying
"incognito"
as the docs don't say anything about that at the moment (and is that no key the same as"incognito": "not_allowed"
? - should we update Background scripts with the details in the second para and then link to from here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The recommendation to delete the incognito key is specifically for Firefox, because of the negative effect of including it.
The recommendation to design extension to be privacy-friendly applies to all extensions that use incognito:spanning (which is the default in all browsers and thus widely applicable).
About background page - yes let's add the pointer to the section on cross-origin access. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Background_scripts#cross-origin_access
This pull request has merge conflicts that must be resolved before it can be merged. |
This pull request has merge conflicts that must be resolved before it can be merged. |
Description
Addresses the documentation requirements for Bug 1876924 Treat "incognito":"split" as a warning instead of a hard error
Related issues and pull requests
Related BCD changes: mdn/browser-compat-data#23124