Native manifests are specially formatted JSON files that are provisioned on the user's computer by some means outside the extension installation process. For example, a native manifest might be provisioned by a device administrator or by a native application installer.
There are three different types of native manifest:
Native messaging manifests | Enable a feature called native messaging, in which an extension can communicate with a native app installed on the device. |
Managed storage manifests | Define read-only data that an extension can access using the storage.managed API. |
PKCS #11 manifests | Enable an extension to use the pkcs11 API to enumerate PKCS #11 security modules and install them in Firefox. |
For all native manifests, you need to arrange things so the browser can find the manifest. The section on manifest location describes these rules.
The native messaging manifest contains a single JSON object with the following properties:
Name | Type | Description |
---|---|---|
name | String | Name of the native application. This must match the name passed into On MacOS and Linux, it must also match the native messaging manifest's filename (excluding the On Windows, it must match the name of the registry key you create, that contains the location of the native messaging manifest. The name must match the following regular expression: |
description | String | Description of the native application. |
path | String | Path to the native application. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute. |
type | String | Describes the method used to connect the extension with the app. Currently, only one value can be given here, |
allowed_extensions | Array of String | An array of Add-on ID values. Each value represents an extension which is allowed to communicate with this native application. Note that this means you will probably want to include the |
For example, here's a manifest for the ping_pong
native application:
{ "name": "ping_pong", "description": "Example host for native messaging", "path": "/path/to/native-messaging/app/ping_pong.py", "type": "stdio", "allowed_extensions": [ "[email protected]" ] }
This allows the extension whose ID is [email protected]
to connect, by passing the name ping_pong
into the relevant runtime
API function. The application itself is at /path/to/native-messaging/app/ping_pong.py
.
The managed storage manifest contains a single JSON object with the following properties:
Name | Type | Description |
---|---|---|
name | String | The ID of the extension that can access this storage, given as the ID you've specified in the extension's |
description | String | Human readable description, ignored by Firefox. |
type | String | This must be |
data | Object | A JSON object that may contain any valid JSON values, including strings, numbers, booleans, arrays, or objects. This will become the data in the |
For example:
{ "name": "[email protected]", "description": "ignored", "type": "storage", "data": { "color": "management thinks it should be blue!" } }
Given this JSON manifest, the [email protected]
extension could access the data using code like this:
let storageItem = browser.storage.managed.get('color'); storageItem.then((res) => { console.log(`Managed color is: ${res.color}`); });
The PKCS #11 manifest is a file containing a JSON object with the following properties:
Name | Type | Description |
---|---|---|
name | String | Name of the PKCS #11 module. This must match the name used in the On MacOS and Linux, it must also match the manifest's filename (excluding the extension). On Windows, it must match the name of the registry key you create, which contains the location of the manifest. The name must match the following regular expression: |
description | String | Description of the module. This is used to set the friendly name for the module in the browser's UI (for example, the "Security Devices" dialog in Firefox). |
path | String | Path to the module. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute. |
type | String | This must be "pkcs11" . |
allowed_extensions | Array of String | An array of Add-on ID values. Each value represents an extension which is allowed to interact with the module. Note: This means you will probably want to include the |
For example:
{ "name": "my_module", "description": "My test module", "type": "pkcs11", "path": "/path/to/libpkcs11testmodule.dylib", "allowed_extensions": ["[email protected]"] }
Given this JSON manifest, saved as my_module.json
, the [email protected]
extension could install the security module at /path/to/libpkcs11testmodule.dylib
using code like this:
browser.pkcs11.installModule("my_module");
On Linux and macOS, you need to store the manifest in a particular place. On Windows, you need to create a registry key that points to the manifest's location.
The detailed rules are the same for all the manifest types, except that the penultimate component of the path identifies the type of manifest. The examples below show the form for each of the three different types. In all the examples, <name>
is the value of the name
property in the manifest.
For global visibility, create a registry key with the following name:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\<name> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ManagedStorage\<name> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\<name>
The key should have a single default value, which is the path to the manifest.
Warning: As of Firefox 64, the 32-bit registry view (Wow6432Node) will be checked first for these keys, followed by the "native" registry view. Use whichever is appropriate for your application.
For Firefox 63 and older: This key should not be created under Wow6432Node, even if the app is 32-bit. Previous versions of the browser will always look for the key under the "native" view of the registry, not the 32-bit emulation. To ensure that the key is created in the "native" view, you can pass the KEY_WOW64_64KEY
or KEY_WOW64_32KEY
flags into RegCreateKeyEx
. See Accessing an Alternate Registry View.
For per-user visibility, create a registry key with the following name:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts\<name> HKEY_CURRENT_USER\SOFTWARE\Mozilla\ManagedStorage\<name> HKEY_CURRENT_USER\SOFTWARE\Mozilla\PKCS11Modules\<name>
The key should have a single default value, which is the path to the manifest.
For global visibility, store the manifest in:
/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json /Library/Application Support/Mozilla/ManagedStorage/<name>.json /Library/Application Support/Mozilla/PKCS11Modules/<name>.json
For per-user visibility, store the manifest in:
~/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json ~/Library/Application Support/Mozilla/ManagedStorage/<name>.json ~/Library/Application Support/Mozilla/PKCS11Modules/<name>.json
For global visibility, store the manifest in either:
/usr/lib/mozilla/native-messaging-hosts/<name>.json /usr/lib/mozilla/managed-storage/<name>.json /usr/lib/mozilla/pkcs11-modules/<name>.json
or:
/usr/lib64/mozilla/native-messaging-hosts/<name>.json /usr/lib64/mozilla/managed-storage/<name>.json /usr/lib64/mozilla/pkcs11-modules/<name>.json
For per-user visibility, store the manifest in:
~/.mozilla/native-messaging-hosts/<name>.json ~/.mozilla/managed-storage/<name>.json ~/.mozilla/pkcs11-modules/<name>.json
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Native_manifests