-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What to do about Manifest V3 #666
Comments
Oh wow, a lot to unpack here. After reading the draft with proposed changes I wrote down some highlights with interesting changes and potential pain points (below). Will follow V3 as it unfolds, but it is very likely it will bring us additional maintenance cost. Restrict the blocking capabilities of the webRequest API
We use blocking capability of browser.webRequest.onBeforeSendHeaders.addListener(onBeforeSendHeaders, { urls: ['<all_urls>'] }, ['blocking', 'requestHeaders'])
browser.webRequest.onBeforeRequest.addListener(onBeforeRequest, { urls: ['<all_urls>'] }, ['blocking'])
browser.webRequest.onHeadersReceived.addListener(onHeadersReceived, { urls: ['<all_urls>'] }, ['blocking', 'responseHeaders']) Personally I don't think this change will stick in the form proposed in the draft as having If the worst comes to the worst, for the basic functionality we may be okay with Replace background pages with ServiceWorkers
We need a stable, persistent background presence to be able to run embedded js-ipfs node. If not, @Gozala had some ideas on keeping ServiceWorker alive in ipfs/in-web-browsers#137 (comment), but the net result will be to actually use more CPU by artificially keeping it alive than when having a background page. Restricting Origin Access
This sounds bad, as it suggests by default it will be click-to-run, but in later section about host permissions support for
Also, this blogpost from 2018 suggests how the UI will look like:
Cross-Origin Communication
As long they limit this restriction to Content Scripts, we should be fine. We do CORS-but-not-really to IPFS API only from the background page. "Not really" because we remove Origin header from requests made to API URL by js-ipfs-http-client running in WebExtension context to remove need for manual whitelisting via Promise-Based APIs
I was about to say its cool, as there will be no need for mozilla/webextension-polyfill, but we will probably need a polyfill for all the other breaking changes. Time will tell, so far issues to follow:
Dynamic Content Scripts (P2)
This is good news, as it would solve issue with ( Refactoring of various APIsAdditional work and duplicated code, but nothing critical. Sad realization: even if Firefox follows these V3 API changes, for some time it won't, while Chromium will, so it will be like writing websites in 90s with similar level of code duplication for achieving the same thing in two different browsers :| ps. what a perfect issue number 👌 |
Note that keeping SW alive is going to be an arms race with browsers. Also was proposing for Safari (As replacement for SharedWorker due to lack of it) is different as you'll have a clients (documents served from it) which is considered as legitimate case. |
Not so sure about it, they might ship their own content blocker (that would likely don't harm their Ad business) and call it a day |
I'm not sure if there are some way to engage with the corresponding people driving these changes but I think best bet would be to convince them to expose SharedWorker (or equivalent) for long lived tasks or maybe an official API that would provide a way to keep ServiceWorker alive. |
Extensions Developer Advocate at Chrome is doing office hours! My plan is to give an overview of what ipfs-companion does, potential API improvements and our concerns around Manifest V3. Update: We gave a brief demo and an overview of our needs during the office hours. There is still a lot of unknowns around Manifest V3 (especially no details on if/how Service-Worker-like API is going to replace JS process running in persistent background pages). As for We need to wait until another draft is published to see if our concerns are adressed. |
This comment has been minimized.
This comment has been minimized.
Some updates/clarifications from Simeon (Extensions Developer Advocate):
When they ship Developer Preview, we will prototype a port and see how V3 impacts Companion in practice, but based on analisys from Raymond Hill (uBlockOrigin) I would not be too optimistic:
|
Response from the Ghostery team suggests the manifest v3 performance claim does not hold. |
Update from Google https://blog.chromium.org/2019/06/web-request-and-declarative-net-request.html
Pretty bad news, means current
In our case the devil is in the details. Setting up a crude redirect of We could do DNSLink check in non-blocking We may lose
Shall see when Developer Preview lands. Related discussion thread: https://groups.google.com/a/chromium.org/forum/#!msg/chromium-extensions/qFNF3KqNd2E/8R9PWdCbBgAJ |
|
ipfs-companion/issues/808: Permanent in-depth review on Chrome Web Store:
|
Chrome team rolled out Manifest V3 into Canary:
I will dig into this deeper next week, but from a quick read it seems we need to refactor most of Companion to support both V2 (Brave, Firefox) and V3 (Google Chrome, future Chromium). It is unclear if we will be able to persist an embedded js-ipfs node in V3 at all. Quick API Checklist vs Impact on IPFS Companion (:ballot_box_with_check: means YES)
|
Redirects with V3 are broken at the moment: |
Manifest V3 now seems inevitable. After we wrap ongoing work in Q4, should build a PoC. |
|
Google, Microsoft, Apple, and Mozilla have launched the WebExtensions Community Group (WECG) to collaborate on standardizing browser extensions:
Working towards removing annoying differences between vendors is a good news, it also means the direction of "Manifest V3" is no longer controlled by Google on their own, and Microsoft's experiments with PWA and protocol handlers have some overlap with our use cases. Thin on details, time will tell if we end up in better place. |
This comment was marked as off-topic.
This comment was marked as off-topic.
Mozilla finally started accepting MV3 on their store starting November 21:
This is good news, means for the first time we can make a MV3 release and publish the same code to both Mozilla and Google. |
@tinytb @lidel https://groups.google.com/a/chromium.org/g/chromium-extensions/c/zQ77HkGmK9E We get some breathing room here, pushed to March '23 Thanks @ricmk |
The work we're doing for mv3 has been mostly encapsulated into a singular issue at #1152 @whizzzkid do we still need this issue? |
Update on March 29, 2023: https://groups.google.com/u/0/a/chromium.org/g/chromium-extensions/c/zQ77HkGmK9E Looks like MV3 deadline has been moved forward. |
@whizzzkid : what are the conditions for closing this issue? We have an answer for "what to do about Manifest v3" that is being tracked in #1152 . Can we resolve this and have the updates related to the rollout occur there? |
Implementation Plan exists: #1152 Work is in progress! |
Work happening in #1182, let's keep this open until it lands in |
For anyone still watching this issue for updates on Manifest V3,
More details in https://developer.chrome.com/blog/resuming-the-transition-to-mv3/ |
As flagged by @dignifiedquire the proposed webextention api changes under the banner of the v3 manifest work will reduce the scope of what ipfs-companion is able to do to bring ipfs to the browser
Proposed changes: https://docs.google.com/document/d/1nPu6Wy4LWR66EFLeYInl3NzzhHzc-qnk4w4PX-0XMw8/edit?usp=sharing
Tracking issue: https://bugs.chromium.org/p/chromium/issues/detail?id=896897&desc=2
Most significant is the move away from the webRequest api to the declarativeNetRequest api
https://developer.chrome.com/extensions/declarativeNetRequest
The
webRequest
api is blocking. Chromium asks the webextention what to do about each outbound http request at runtime. IPFS Companion makes use of this to let the user toggle between redirecting ipfs addresses to a local daemon or the public gateway.The
declarativeNetRequest
requires extentions to tell chromium in advance, what urls patterns they wish to block or redirect by defining them statically as rules in themanifest.json
There may well be other important changed for us in that doc, but this one stands out as the most significant.
The text was updated successfully, but these errors were encountered: