So I read the article and there are some mistakes that we need to correct: - add-ons are don't need developer mode to work. They need to be privileged apps, so either be served by the marketplace (https://bugzilla.mozilla.org/show_bug.cgi?id=1110914) or sideloaded, or installed while in dev mode, or shared to you. But once installed, you don't need any special privileges for them to apply.
- `filter` is a regexp that applies to the *url of the page* that is being loaded, not to the app manifest url. That means that you can inject in any web content, not only apps. - add-ons are enbled by default when installed. We fixed that in https://bugzilla.mozilla.org/show_bug.cgi?id=1162791 - I'm unsure about the cross-origin policy. I'd like this section to be removed until we investigate properly. - Hosted add-ons work if you can install privileged hosted apps. But you very likely want add-ons to work offline so I would not host until we have hosted packages support. Fabrice On 06/09/2015 03:38 AM, Chris Mills wrote: > >> On 9 Jun 2015, at 11:22, Benjamin Francis <[email protected]> wrote: >> >> On 8 June 2015 at 08:56, Douglas Sherk <[email protected]> wrote: >> >> https://developer.mozilla.org/en-US/Firefox_OS/Add-ons >> >> A question - do addons only apply to apps installed in the app registry? I >> ask because the content model we've been discussing for v3.x [1] removes the >> artificial distinction between web apps and web sites and between app >> windows and browser windows and allows any web site to be pinned, regardless >> of whether it provides a manifest. The implementation we're currently >> working on still makes use of the metadata in W3C manifests, but removes the >> need for the app registry for the vast majority of content. >> >> We need to figure out if and how addons interact with pinned web sites. >> >> https://developer.mozilla.org/en-US/Firefox_OS/Developer_Mode >> >> Can we add some kind of highly visible warning to this page to explain that >> "developer mode" is basically "no security mode" and that it's very unsafe >> to use this on your everyday device? It appears to disable most of the >> security checks we have in place for the most sensitive APIs and I certainly >> wouldn't want to have that turned on for my dogfooding device. > > That’s a really good call, Ben. Added. > _______________________________________________ > dev-gaia mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-gaia > -- Fabrice Desré b2g team Mozilla Corporation _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
