Missing options to allow automatic execution of content script

Suppose we have the following manifest.json file:

{
    "manifest_version": 3,
    "name": "Hello",
    "version": "0.1.0",
    "content_scripts": [
        {
            "matches": [
                "https://www.example.com/*"
            ],
            "js": [
                "index.js"
            ]
        }
    ]
}

Firefox treats host_permission as optional, meaning that the content script index.js is not executed by default. Instead, it requires users to first click the extension toolbar button.

On Firefox for desktop, users can also right-click the toolbar button and switch the option from Only When Clicked to Always Allow on [HOST] to grant persistent permission for the host.

However, it appears that Firefox for Android does not support this right-click functionality. Consequently, there is no method available to automatically grant the host permission to execute the content script.

Yep, you summed up the situation quite well. The only other thing I’d add is that Firefox for Android does not currently allow users to manage host permission grants in the Add-on Manager user interface. This is a known issue and there are a couple relevant bugs tracking related work including 1811563 and 1863829.

At the moment, the main way I’d advise a developer work around this is by opening a post-installation onboarding page to request host permissions. You can also add a host permissions controls to your extension’s options page.

This on desktop is currently the single biggest reason why I still haven’t moved from MV2 to MV3, the host permission awareness to the user is horribly and poorly designed. It is very invisible, and confusing - why a flimsy glowing ball of all things for something that can be extremely important for an extension to even work goes beyond me.

Would it be possible to provide us with official example(s) on how we could make that more visible to the user post-installation as a best practice? I would be very interested in exploring that option.

Ideally Firefox would prompt the user to allow this on installation, but I have not seen any progress on this done.

We understand the frustrations around the current MV3 host permissions experience and are considering ways to address them. I don’t have anything more specific at the moment, but I wanted to at least acknowledge the issue.

2 Likes

Perhaps I was a bit confusing with the criticism added in my last reply, but what I was most interested in was the suggestion you gave:

… opening a post-installation onboarding page to request host permissions. You can also add a host permissions controls to your extension’s options page.

Are there any official examples explaining how we can do something like that?

Apologies, I actually meant to include a reply to that as well but I zoned out and hit submit, then wandered away.

@rob and I just presented at FOSDEM 2024. Rob prepared a demo that shows off a basic implementation of host permissions controls in the extension’s options page. You can find the example extension here.

While we don’t have guidance specifically about a post-install onboarding flow. I’m planning to adapt the content of the talk into an MDN article, and an onboarding flow would make a natural addition to that page. We will also be migrating the sample extensions we prepared for this talk into the webextensions-samples repo in the coming weeks.

2 Likes

Seems like the presentation video(s) are not working, such a shame, but the example is very much alive. Thank you for linking them!