The Firefox platform team has been working on a new security architecture that isolates sites from each other, down to separating cross-origin iframes from the tab’s process. This new model, nicknamed Fission, is currently available for opt-in testing in Nightly. The platform team is planning to begin roll-out to Nightly and Beta users later this year.
So far, we have identified two changes with Fission enabled that will impact extensions:
-
Content scripts injecting extension iframes (from a
moz-extension://
url) and accessing them directly via the.contentWindow
property will be incompatible with Fission, since that iframe will run in a different process. The recommended pattern, as always, is to use postMessage and extension messaging instead. -
The synchronous canvas drawWindow API will be deprecated, since it’s unable to draw out-of-process iframes. You should switch to the captureTab method, which we are looking to extend with more functionality to provide a sufficient replacement.
If you are the developer of an extension that uses one of these features, we recommend that you update your extension in the coming months to avoid potential breakages.
We’re working to make the transition to Fission as smooth as possible for users and extension developers, so we need your help: please test your extensions with Fission enabled, and report any issues on Bugzilla as blocking the fission-webext meta bug. If you need help or have any questions, please post in this thread, or come find us on Matrix.
We will continue to monitor changes that will require add-ons to be updated. We encourage you to follow our blog to stay up to date on the latest developments. If more changes to add-ons are necessary we will reach out to developers individually or announce the changes here.