Hello. Let me explain the problem really quickly.
I have an addon which is self-distributed. In my manifest.json I have the following bit of code:
"applications": {
"gecko": {
"id": "@my-addon",
"update_url": "https://www.example.com/extension"
}
}
What this allows me to do is have Firefox automatically check this update_url for addon updates every 24 hours, or you can check for updates manually from about:addons page.
Here lies the problem - example.com is a server that I own, and the example.com/extensions route is a special one that only allows access to users which are authenticated. So if I log in to example.com and then go to said URL, my browser (Firefox) would automatically send any stored cookies for that domain in the headers of that request.
However, Firefox does not send any cookies along with the request when it’s checking for updates:
If I open the Browser Console, I can see that the request has failed, and if I check my server logs I can see why it has failed - credentials (cookies) are missing.
Why is all of this a problem? It’s a problem because I don’t want the extensions update manifest to be publicly accessible, I want only authenticated users to be able to access it.
So my question is, how do I get around this problem?
Cheers!