Native manifests
Native manifests are specially formatted JSON files that are provisioned on the user's computer by some means outside the extension installation process. For example, a native manifest might be provisioned by a device administrator or by a native application installer.
There are three different types of native manifest:
Native messaging manifests | Enable a feature called native messaging, in which an extension can communicate with a native app installed on the device. |
Managed storage manifests |
Define read-only data that an extension can access using the
storage.managed API.
|
PKCS #11 manifests |
Enable an extension to use the pkcs11 API
to enumerate PKCS #11 security modules and install them in Firefox.
|
For all native manifests, you need to arrange things so the browser can find the manifest. The section on manifest location describes these rules.
Native messaging manifests
The native messaging manifest contains a single JSON object with the following properties:
Name | Type | Description |
---|---|---|
name |
String |
Name of the native application.
This must match the name passed into
On MacOS and Linux, it must also match the native messaging manifest's
filename (excluding the On Windows, it must match the name of the registry key you create, that contains the location of the native messaging manifest.
The name must match the following regular expression:
|
description |
String | Description of the native application. |
path |
String |
Path to the native application. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute. |
type |
String |
Describes the method used to connect the extension with the app.
Currently, only one value can be given here, |
allowed_extensions |
Array of String |
An array of Add-on ID values. Each value represents an extension which is allowed to communicate with this native application.
Note that this means you will probably want to include the
|
For example, here's a manifest for the ping_pong
native application:
{
"name": "ping_pong",
"description": "Example host for native messaging",
"path": "/path/to/native-messaging/app/ping_pong.py",
"type": "stdio",
"allowed_extensions": [ "ping_pong@example.org" ]
}
This allows the extension whose ID is ping_pong@example.org
to connect, by passing the name ping_pong
into the relevant runtime
API function. The application itself is at /path/to/native-messaging/app/ping_pong.py
.
Managed storage manifests
The managed storage manifest contains a single JSON object with the following properties:
Name | Type | Description |
---|---|---|
name |
String |
The ID of the extension that can access this storage, given as the ID
you've specified in the extension's
|
description |
String | Human readable description, ignored by Firefox. |
type |
String |
This must be |
data |
Object |
A JSON object that may contain any valid JSON values, including
strings, numbers, booleans, arrays, or objects. This will become the
data in the |
For example:
{
"name": "favourite-color-examples@mozilla.org",
"description": "ignored",
"type": "storage",
"data":
{
"color": "management thinks it should be blue!"
}
}
Given this JSON manifest, the favourite-color-examples@mozilla.org
extension could access the data using code like this:
let storageItem = browser.storage.managed.get('color');
storageItem.then((res) => {
console.log(`Managed color is: ${res.color}`);
});
PKCS #11 manifests
The PKCS #11 manifest is a file containing a JSON object with the following properties:
Name | Type | Description |
---|---|---|
name |
String |
Name of the PKCS #11 module. This must match the name used in the On MacOS and Linux, it must also match the manifest's filename (excluding the extension). On Windows, it must match the name of the registry key you create, which contains the location of the manifest.
The name must match the following regular expression:
|
description |
String |
Description of the module. This is used to set the friendly name for the module in the browser's UI (for example, the "Security Devices" dialog in Firefox). |
path |
String |
Path to the module. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute. |
type |
String | This must be "pkcs11" . |
allowed_extensions |
Array of String |
An array of Add-on ID values. Each value represents an extension which is allowed to interact with the module.
Note: This means you will probably want to include
the
|
For example:
{
"name": "my_module",
"description": "My test module",
"type": "pkcs11",
"path": "/path/to/libpkcs11testmodule.dylib",
"allowed_extensions": ["my-extension@mozilla.org"]
}
Given this JSON manifest, saved as my_module.json
, the my-extension@mozilla.org
extension could install the security module at /path/to/libpkcs11testmodule.dylib
using code like this:
browser.pkcs11.installModule("my_module");
Manifest location
On Linux and macOS, you need to store the manifest in a particular place. On Windows, you need to create a registry key that points to the manifest's location.
The detailed rules are the same for all the manifest types, except that the penultimate component of the path identifies the type of manifest. The examples below show the form for each of the three different types. In all the examples, <name>
is the value of the name
property in the manifest.
Windows
For global visibility, create a registry key with the following name:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\<name>
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ManagedStorage\<name>
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\<name>
The key should have a single default value, which is the path to the manifest.
Warning: As of Firefox 64, the 32-bit registry view (Wow6432Node) will be checked first for these keys, followed by the "native" registry view. Use whichever is appropriate for your application.
For Firefox 63 and older: This key should not be created under Wow6432Node, even if the app is 32-bit. Previous versions of the browser will always look for the key under the "native" view of the registry, not the 32-bit emulation. To ensure that the key is created in the "native" view, you can pass the KEY_WOW64_64KEY
or KEY_WOW64_32KEY
flags into RegCreateKeyEx
. See Accessing an Alternate Registry View.
For per-user visibility, create a registry key with the following name:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts\<name>
HKEY_CURRENT_USER\SOFTWARE\Mozilla\ManagedStorage\<name>
HKEY_CURRENT_USER\SOFTWARE\Mozilla\PKCS11Modules\<name>
The key should have a single default value, which is the path to the manifest.
macOS
For global visibility, store the manifest in:
/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json
/Library/Application Support/Mozilla/ManagedStorage/<name>.json
/Library/Application Support/Mozilla/PKCS11Modules/<name>.json
For per-user visibility, store the manifest in:
~/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json
~/Library/Application Support/Mozilla/ManagedStorage/<name>.json
~/Library/Application Support/Mozilla/PKCS11Modules/<name>.json
Linux
For global visibility, store the manifest in either:
/usr/lib/mozilla/native-messaging-hosts/<name>.json
/usr/lib/mozilla/managed-storage/<name>.json
/usr/lib/mozilla/pkcs11-modules/<name>.json
or:
/usr/lib64/mozilla/native-messaging-hosts/<name>.json
/usr/lib64/mozilla/managed-storage/<name>.json
/usr/lib64/mozilla/pkcs11-modules/<name>.json
For per-user visibility, store the manifest in:
~/.mozilla/native-messaging-hosts/<name>.json
~/.mozilla/managed-storage/<name>.json
~/.mozilla/pkcs11-modules/<name>.json