如何在编辑后签署 Firefox 插件?
How to sign Firefox addon after editing it?
所以故事是这样的。我调试了一个引发大量警告的站点:
Strict-Transport-Security: The connection to the site is
untrustworthy, so the specified header was ignored.
那是因为本地主机没有合适的证书。但这很烦人,我找不到过滤掉 firebug 控制台的选项。所以我决定进入代码。我发现 firebug 在 ~/.mozilla/firefox/blablabla.bla/extensions/firebug@software.joehewitt.com.xpi 里面,这是我可以用 Vim 打开的 zip,然后到达 content/firebug/console/errrors.js,找到一个变量 pointlessErrors 并附加我的消息给它。
Firefox 忽略更改,但在我重新启动它后,它给我消息说 firebug 未验证且已禁用。我可能很好,因为它可以保护我免受很多风险,但我确信我的变化。
如何告诉 firefox 呢?或者如何正确更改插件?
或者 Firefox 是否有一些选项可以让 Strict-Transport-Security 闭嘴? (我知道,我知道,一个问题太多了,但我想找到最好的解决方案)。
您问题标题的答案can be found in the Mozilla wiki:
上面写着:
How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
- You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed
on AMO, and you'll be able to submit your add-on files without having
them published on the site. Please read the Distribution Policy for
more details.
- You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
- There is an API you can use for signing.
话虽如此,但还有更简单的方法来签署扩展程序:
- 转到
about:config 并将 xpinstall.signatures.required 设置为 false。
- 安装 Nightly, Developer Edition 或无品牌版本的 Firefox
这是来自 wiki 的相关答案:
What are my options if I want to install unsigned extensions in Firefox?
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be
special unbranded versions of Release and Beta that will have this
setting, so that add-on developers can work on their add-ons without
having to sign every build. To disable signature checks, you will need
to set the
xpinstall.signatures.required preference to "false".
- type
about:config into the URL bar in Firefox
- in the Search box type
xpinstall.signatures.required
- double-click the preference, or right-click and selected "Toggle", to set it to
false.
关于取消有关 Strict Transport Security 的警告的问题,我看到了一些其他可能的解决方案:
- 通过 HTTP 而不是 HTTPS 访问您的本地主机。
- 禁止在本地主机上发送
Strict-Transport-Security header。
- 安装正确的证书。
请注意,显示此警告是出于安全目的,因此通常禁用它存在一些风险。
所以故事是这样的。我调试了一个引发大量警告的站点:
Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored.
那是因为本地主机没有合适的证书。但这很烦人,我找不到过滤掉 firebug 控制台的选项。所以我决定进入代码。我发现 firebug 在 ~/.mozilla/firefox/blablabla.bla/extensions/firebug@software.joehewitt.com.xpi 里面,这是我可以用 Vim 打开的 zip,然后到达 content/firebug/console/errrors.js,找到一个变量 pointlessErrors 并附加我的消息给它。
Firefox 忽略更改,但在我重新启动它后,它给我消息说 firebug 未验证且已禁用。我可能很好,因为它可以保护我免受很多风险,但我确信我的变化。
如何告诉 firefox 呢?或者如何正确更改插件?
或者 Firefox 是否有一些选项可以让 Strict-Transport-Security 闭嘴? (我知道,我知道,一个问题太多了,但我想找到最好的解决方案)。
您问题标题的答案can be found in the Mozilla wiki:
上面写着:
How do I get my add-ons signed if they are not hosted on addons.mozilla.org (AMO)?
- You will need to create an AMO account and submit your add-on. There will be an option where you indicate the add-on won't be listed on AMO, and you'll be able to submit your add-on files without having them published on the site. Please read the Distribution Policy for more details.
- You can also use the jpm sign command to generate a signed XPI that can be self-hosted.
- There is an API you can use for signing.
话虽如此,但还有更简单的方法来签署扩展程序:
- 转到
about:config并将xpinstall.signatures.required设置为false。 - 安装 Nightly, Developer Edition 或无品牌版本的 Firefox
这是来自 wiki 的相关答案:
What are my options if I want to install unsigned extensions in Firefox?
- The Developer Edition and Nightly versions of Firefox will have a setting to disable signature enforcement. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build. To disable signature checks, you will need to set the
xpinstall.signatures.requiredpreference to "false".
- type
about:configinto the URL bar in Firefox- in the Search box type
xpinstall.signatures.required- double-click the preference, or right-click and selected "Toggle", to set it to
false.
关于取消有关 Strict Transport Security 的警告的问题,我看到了一些其他可能的解决方案:
- 通过 HTTP 而不是 HTTPS 访问您的本地主机。
- 禁止在本地主机上发送
Strict-Transport-Securityheader。 - 安装正确的证书。
请注意,显示此警告是出于安全目的,因此通常禁用它存在一些风险。