Problem on deploying new WebExtension scriptly

Andrew Swan aswan at
Thu Nov 16 23:07:41 UTC 2017

Nothing has changed recently with regard to how extensions can be
sideloaded, see the MDN docs at:

>From a quick glance at the original poster's shell script, it looks like
some very old logic about profiles (we no longer use extensions.sqlite for
instance, also the hardcoded string axkhqz5b is probably wrong).  If you
really want to use the profile, you should parse profiles.ini and then put
your xpi file in the extensions/ subdirectory of the chosen profile, not
the top-level profile directory.


On Thu, Nov 16, 2017 at 8:28 AM, Jerry Krinock <jerry at>

> > On 201711-16, at 00:26, 朱旻 <minmin3772 at> wrote:
> >
> > Hi, guys from Firefox team:
> >       I'm a developer of FF Addon on OS X.
> >       Recently I've just ported my legacy Addon to new WebExtension and
> got a problem.
> >       My addon is self-host, that is instead of uploading on AMO, I
> deploy it with my own app. I used to copy signed XPI file to user's profile
> folder, and it can be automatically recognized and installed by FF. Yet the
> new WebExtension XPI doesn't work like that. Every time I copied it to
> profile/extension folder, the XPI just disappeared after FF restart.
> Welcome to the new world.  In order to install extensions nowadays, your
> native app or script should invoke the `open` command on the .xpi file.  If
> Firefox is not running, it will launch into its default profile and present
> a popover asking the user for permission to install.  If Firefox is
> running, it will show that popover in the frontmost tab and, or course,
> install it into whatever profile it happens to be running in.
> The new world has challenges for user experience:
> (a) You must check to see if more than one profile is exists, and if so
> instruct the user to (re)-launch Firefox into the desired profile.
> (b) If the user clicks in the wrong window, or is for whatever reason not
> attentive to the popover, the popover will disappear and the user is left
> scratching their head.  (I hope I live long enough to see popovers to go
> out of style.)
> I presume that the old way of “side loading” was disabled because it was
> thought to be insecure to allow extensions to be installed without user
> interaction.  You can try to argue with security, but you will always lose
> :))
> _______________________________________________
> Dev-addons mailing list
> Dev-addons at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Dev-addons mailing list