Reputation: 8067
How to sign Firefox addon after editing it?
So the story is like this. I debug a site which throws a lot of warnings:
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
That is because there is no proper certificate for localhost. But that is very annoying and I was not able to find option to filter out firebug console. So I decided to go into code. I found that firebug is inside ~/.mozilla/firefox/blablabla.bla/extensions/[email protected] and that is zip which I could open with Vim and got to content/firebug/console/errrors.js, find there a variable pointlessErrors and append my message to it.
Firefox ignores changes but after I restart it, it gives me message that firebug was not verified and was disabled. I's probably good, because it will protect me from lot's of risks, but I'm sure in my changes.
How to tell firefox that? Or how to properly make changes to plugins?
Or is there some option for Firefox to shut up about Strict-Transport-Security? (I know, I know, too many questions in one question, but I want to find best solution).
Upvotes: 1
Views: 3159
Answers (1)
Reputation: 20115
The answer to your question's title can be found in the Mozilla wiki:
There it says:
How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
- You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed on AMO, and you'll be able to submit your add-on files without having them published on the site. Please read the Distribution Policy for more details.
- You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
- There is an API you can use for signing.
Having said that, there are easier alternatives to signing the extension:
- Go to
about:configand setxpinstall.signatures.requiredtofalse. - Install the Nightly, Developer Edition or unbranded version of Firefox
Here's the related answer from the wiki:
What are my options if I want to install unsigned extensions in Firefox?
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build. To disable signature checks, you will need to set the
xpinstall.signatures.requiredpreference to "false".
- type
about:configinto the URL bar in Firefox- in the Search box type
xpinstall.signatures.required- double-click the preference, or right-click and selected "Toggle", to set it to
false.
Regarding the question about getting rid of the warning regarding Strict Transport Security I see a few other possible solutions:
- Access your localhost via HTTP instead of HTTPS.
- Suppress sending the
Strict-Transport-Securityheader on localhost. - Install a proper certificate.
Note that this warning is shown for security purposes, so there is some risk in disabling it generally.
Upvotes: 3
Related Questions
- Targeting only Firefox with CSS
- Find out whether Chrome console is open
- How to manually send HTTP POST requests from Firefox or Chrome browser
- How can I tell if a DOM element is visible in the current viewport?
- How to disable paste protection in Mozilla Firefox Developer Console?
- How to find xpath of an element in firefox inspector
- Suppress Firefox/Firebug SHA-1 warning
- Firefox addon global object vs. firebug console global object