I am developing a browser add-on for Firefox.
I would like to ask a question.
Is it possible to publish the add-on in an unlisted way, but making sure that when it is installed in the browser it always maintains the same internal UUID (which does not correspond to the add-on ID)?
If it is not possible to do this by publishing it unlisted, would it be possible to do so by publishing it in your store in a listed way?
I assume the UUID you’re referring to would be used to uniquely identify the extension for update and installation purposes. If so, the answer is no. Firefox add-ons are uniquely identified by the add-on ID. More specifically, the "id" field in the browser_specific_settings manifest.json field.
That said, this may be an XY problem. What are you trying to accomplish? Why do you want to uniquely identify an extension using something other than the ID?
The problem is the following: I need to make some API calls to a certain domain from the add-on I developed. Due to the server CORS, I am unable to get a response from the server. The add-on is distributed throught .xpi file.
Every time the add-on is installed, the UUID changes, so also the origin changes, making impossible to put the origin path in CORS settings in the server (I don’t want to put * in CORS).
For these reasons, I need to find a way to make the origin “fixed” per every add-on installation.
When pasting code here, place triple backticks ``` on the line above and below the code, that will activate code format, which is much better than a screenshot .
Also, could you paste here also your fetch code?
Note that you are requesting host permission for example.org (didn’t you meant use example.com?), so this allows you to make fetch from example.org page.
Make sure to check the docs to help you create proper match pattern:
Also, be aware that adding host permission into existing extension will notify all existing users! So if your extension is already deployed, it’s better to use optional_host_permissions, and then request it at runtime.
In that case, the only explanation is, that you are not running the fetch from the background scrip .
Write a console.log(location.href) before the fetch to see what file you are running?
Damn, I hate when things makes no sense .
Any chance you are using some other extension that can intercept and modify requests?
I’m getting out of ideas… Could you, as an experiment, add "<all_urls>" permission? That should give you access to all hosts. Just to verify that this is indeed a missing host issue.
Unfortunately it continues to give 403 error even with “<all_urls>”.
But I ask you a question… if I put a string like “moz-extension://{{ID}}” in the CORS settings of the server, where “ID” corresponds to the “id” field in the browser_specific_settings manifest.json field, would it work?
In any case, what do know is that the extension ID is changing with each installation (in Firefox, in Safari it changes on each browser start, only Chrome keeps it the same), so you shouldn’t use on the server.