Manifest v3 update (Mozilla Firefox)

silversurfer

Level 85
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,732
Two years ago, Google proposed Manifest v3, a number of foundational changes to the Chrome extension framework. Many of these changes introduce new incompatibilities between Firefox and Chrome. As we previously wrote, we want to maintain a high degree of compatibility to support cross-browser development. We will introduce Manifest v3 support for Firefox extensions. However, we will diverge from Chrome’s implementation where we think it matters and our values point to a different solution.

For the last few months, we have consulted with extension developers and Firefox’s engineering leadership about our approach to Manifest v3. The following is an overview of our plan to move forward, which is based on those conversations.

High level changes​

  • In our initial response to the Manifest v3 proposal, we committed to implementing cross-origin protections. Some of this work is underway as part of Site Isolation, a larger reworking of Firefox’s architecture to isolate sites from each other. You can test how your extension performs in site isolation on the Nightly pre-release channel by going to about: preferences#experimental and enabling Fission (Site Isolation). This feature will be gradually enabled by default on Firefox Beta in the upcoming months and will start rolling out a small percentage of release users in Q3 2021.
    Cross-origin requests in content scripts already encounter restrictions by advances of the web platform (e.g. SameSite cookies, CORP) and privacy features of Firefox (e.g. state partitioning). To support extensions, we are allowing extension scripts with sufficient host permissions to be exempted from these policies. Content scripts won’t benefit from these improvements, and will eventually have the same kind of permissions as regular web pages (bug 1578405). We will continue to develop APIs to enable extensions to perform cross-origin requests that respect the user’s privacy choices (e.g. bug 1670278, bug 1698863).
  • Background pages will be replaced by background service workers (bug 1578286). This is a substantial change and will continue to be developed over the next few months. We will make a new announcement once we have something that can be tested in Nightly.
  • Promise-based APIs: Our APIs have been Promise-based since their inception using the browser.* namespace and we published a polyfill to offer consistent behavior across browsers that only support the chrome.* namespace. For Manifest v3, we will enable Promise-based APIs in the chrome.* namespace as well.
  • Host permission controls (bug 1711787): Chrome has shipped a feature that gives users control over which sites extensions are allowed to run on. We’re working on our own design that puts users in control, including early work by our Outreachy intern Richa Sharma on a project to give users the ability to decide if extensions will run in different container tabs (bug 1683056). Stay tuned for more information about that project!
  • Code execution: Dynamic code execution in privileged extension contexts will be restricted by default (bug 1687763). A content security policy for content scripts will be introduced (bug 1581608). The existing userScripts and contentScripts APIs will be reworked to support service worker-based extensions (bug 1687761).

Implementation timeline​

Manifest v3 is a large platform project, and some parts of it will take longer than others to implement. As of this writing, we are hoping to complete enough work on this project to support developer testing in Q4 2021 and start accepting v3 submissions in early 2022. This schedule may be pushed back or delayed due to unforeseeable circumstances.

We’d like to note that it’s still very early to be talking about migrating extensions to Manifest v3. We have not yet set a deprecation date for Manifest v2 but expect it to be supported for at least one year after Manifest v3 becomes stable in the release channel.
 

silversurfer

Level 85
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,732

Mozilla expects to launch extensions Manifest V3 support in Firefox in late 2022​

Mozilla plans to introduce support for the extensions Manifest V3 in the organization's Firefox web browser in late 2022. Preview versions are already available in development editions of the web browser.

While Mozilla plans to introduce support for Manifest V3 in Firefox, it won't remove support for APIs that are essential to privacy extensions. Content blockers and other privacy extensions will continue to function in Firefox as before, provided that developers continue to support them.

Firefox extensions won't be limited by Manifest V3​

Mozilla announced in 2019 that it would implement support for Manifest V3 in Firefox but would make adjustments to certain limitations. A new blog post on the Mozilla Add-ons Community blog sheds light on the adoption and the differences between Mozilla's and Google's implementation.

The decision to remove the blocking part of the WebRequest API and to replace it with the limiting declarativeNetRequest API was at the center of the controversy. Mozilla notes that the new API limits "capabilities of certain types of privacy extensions without adequate replacement".

Mozilla will keep the WebRequest API in Firefox to make sure that privacy extensions are not limited in providing the functionality they are designed for. The organization will implement the declarativeNetRequest API for compatibility reasons according to the blog post.

Mozilla will "continue to work with content blockers and other key consumers of this API to identify current and future alternatives where appropriate".

Firefox will also support Event Pages in Manifest V3 and introduce support for Service Workers in future releases.

Developers may turn on the preview in the following way in current development editions of the browser:
  1. Load about:config in the web browser's address bar.
  2. Confirm that you will be careful.
  3. Search for extensions.manifestV3.enabled and set the preference to TRUE with a click on the toggle.
  4. Search for xpinstall.signatures.required and set the preference to FALSE.
  5. Restart Firefox.
Extensions may then be installed via about:debugging. Permanent installation of Manifest V3 extensions is possible in Nightly and Developer editions of the Firefox web browser. The implementation is not complete at the time of writing.