Extension no longer works in Firefox 45 ESR - seems to be CSP issue

[Jaifroid]

I was testing #903 in a portable version of Firefox 45 ESR (on Windows), and was puzzled that the extension version I was testing did not seem to have access to the iframe. Accessing the PWA directly works with no problem (in jQuery mode only), but in the extension, access to the iframe is blocked.

I thought it might be because I was testing an unsigned extension, so I installed the signed version from the Mozilla add-ons web site, but this shows the same issue. Typical console.log errors are shown below. This doesn't affect the Firefox OS simulator. It must have something to do with what is considered a secure origin in that version of Firefox, but I'm very surprised we didn't catch this before.

While we shouldn't spend long on this old version, we do claim officially to support Firefox >= 45, so if we can fix (through CSP?) we should.

[mossroy]

I had seen this when working on #878 and had opened #879

[mossroy]

Yes, we have to either fix this, or update our compatibility claim (which is also declared on the browser stores)

It might be the occasion to consider dropping compatibility with some of the oldest browser engines, if it might simplify maintenance in the mid/long-term.
I'm very proud we kept the broad compatibility we currently have. But, if the project will have less resources than before, it might be a way to keep it maintained without too much overhead.

[Jaifroid]

I had seen this when working on #878 and had opened #879

I had forgotten about that. I think it's OK to have this separate issue specifically on the blocked access to the iframe, since it's fundamental.

It might be the occasion to consider dropping compatibility with some of the oldest browser engines

Let's see if there is an "easy" fix first. I don't know if it ever worked on this version (in an extension -- it works from localhost or from https://...), or if we broke something at some point.

[Jaifroid]

According to https://blog.mozilla.org/addons/2015/12/21/webextensions-in-firefox-45-2/, support for extensions was in an "alpha" state in Firefox 45. And in https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions it is stated:

In Firefox, from version 56 onwards, extensions automatically get host permissions for their own origin, which is of the form:

moz-extension://60a20a9b-1ad4-af49-9b6c-c64c98c37920/

where 60a20a9b-1ad4-af49-9b6c-c64c98c37920 is the extension's internal ID.

Given that we need host permission to be able to access resources on the same origin in an extension, it seems that our code would only work in an extenson from Firefox 56 onwards. I cannot see any way of adding the host permission to the manifest programmatically when we cannot predict the extension's ID. It is not fixed, each user's ID will be different.

So I think we have to specify that the Firefox extension is only supported from 56, but that non-extension usage is supported from Firefox 45.

[Jaifroid]

I've now tested Firefox 52 ESR and it works fine in that version (JQuery mode only). I don't have intermediate releases to test, as I'm relying on portableapps, and they go straight from 45 to 52 (ESR versions).

[mossroy]

Thanks for the tests.
In this case, you could update the README for that, and also the minimum required Firefox version in the Firefox extension store