Using Dexie in an extension

Add-ons Development
#1

Hi, I’m trying to develop my first firefox extension and I seem to be at a complete loss.

I’ve been trying to use Dexie anywhere in my extension for the past two days and finally found a way to get it running (bless open source projects) by downloading a version (dexie.js) and sourcing it from the background page. A background script, also sourced from the background page, will be using Dexie to process data received from a content script.

However, when loading the extension, the console gives the following warning: Content Security Policy:

The page’s settings blocked the loading of a resource at eval (“script-src”).

From what I’ve read, this is grounds for having the extension rejected from being submitted to addons.mozilla.org

Thankfully, on the Github page for Dexie, someone has already found a solution for preventing CSP violations: https://github.com/dfahlander/Dexie.js/issues/722#issuecomment-399978301

However, the supplied solution involves using webpack to build the extension, which seems like a lot of work just to get the library functioning properly in an extension.

So would using webpack to build the extension be the only method to incorporate Dexie into an extension that’s AMO compliant?

#2

You’ll have to use some kind of module bundler to use Dexie from what I can tell. They don’t seem to have a version that exports itself onto the window global or similar. However you don’t have to use webpack, you can also use slimmer solutions that provide the module loading just to load dexie and not force your entire code into a module pattern.

#3

Thank you for responding quickly!

I looked for some alternatives and Browserify seems to get the job done ridiculously easy. This seems kind of obvious, but I would still have to patch Dexie to prevent CSP violations, correct? Would including a “modified” library this way still be allowed as long as the method of replacing strings is documented?

Also, what other slimmer solutions would you have in mind? (Sorry for asking so many questions! I just started web development and it seems that most guides or doc pages online assume the reader knows much more than I do at the moment.)

#4

Earlier versions of Dexie did have code that violated CSP. This was fixed in version 3 och Dexie (dexie@3.x).

1 Like