I’m currently struggling to get my addon approved on AMO because of 'unsafe-eval'
being used to make vuejs work in the options_ui
. The only current solution seems to be to move to Webpack if vuejs is to, but that adds a layer of complexity I don’t want to deal with.
The previous attempt was with WebComponents, but it was a much more cumbersome (and unfruitful) experience compared to vuejs.
It would be much more preferable (and fun) to explore self-distribution. How can that be achieved safely?
Current research
Self signing
-
xpisign.py: seems to be missing the step about how to generate a
.pem
cert, but that should be possible to figure out -
outdated mozilla doc: was able to generate an .xpi but it’s not clear yet how to automate it for CI and if it still works
Installing self-signed extensions
This is where I’m really struggling.
-
xpinstall.signatures.required=false
seems to drastic. Allowing just any unsigned extension is hopefully not the only to allow installation from sources other than AMO. -
xpinstall.whitelist
has documentation on mozillazine but I couldn’t get it to work withlocalhost
. There’s alsoxpinstall.whitelist.add
, however it’s unclear to me how to use that. Should it be the extension ID e.gxpinstall.whitelist.add.<ID>
?
The firefox help discussion doesn’t explain whyxpinstall.whitelist.add.36
means getpersonas.com. Where does that ID come from?