Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an API to trigger extension update #112

Open
nir-walkme opened this issue Oct 18, 2021 · 2 comments
Open

Add an API to trigger extension update #112

nir-walkme opened this issue Oct 18, 2021 · 2 comments
Labels
enhancement Enhancement or change to an existing feature

Comments

@nir-walkme
Copy link

Currently, browsers are checking for new versions of an extension in an interval of a few hours. Sometimes it can take more than a day for an extension to get updated for a user.

This may have critical outcomes in case the extension update was meant to fix a security vulnerability or a critical bug.
In today's world where SaaS applications are dominant, this behavior is no longer the standard. Today's users expect instant updates in case of a security vulnerability or a critical bug.
Moreover, modern hackers are used to exploiting zero day vulnerabilities very fast and every second counts until the vulnerability gets fixed.

Manifest V3 makes this problem even more severe. In Manifest V3 remotely hosted code is no longer allowed. This means that more critical code will be embedded in the extension and not served from a remote domain. The need to update the extension quickly now becomes more imperative.

We suggest to add an API for the extensions to ask the browser to check for extension update (either if it hosted on the store or remotely hosted).

The typical use case would be:

  1. The extension is communicating frequently with a remote server to receive configuration and data.
  2. In case of a security vulnerability or a critical bug and after a fix was released, the remote server would notify the extension.
  3. The extension would call the mentioned new API.
  4. The browser will check if an update exists and will install the new version.
@carlosjeurissen
Copy link
Contributor

All in favor of this! Been dealing with this in the past as well. Seems the review time of the stores is the biggest bottleneck, but any time we can save can be welcome.

One could think about an API like:

browser.management.getUpdateAvailable()

Which would return a promise with a boolean stating an update is available or not. Or it could return an object with additional info on the update like the version number and updateUrl.

An update could then be installed using:

browser.management.installUpdate()

Still it's worth exploring how we can speed up the review process on stores as well.

@xeenon xeenon added the enhancement Enhancement or change to an existing feature label Oct 25, 2021
@carlosjeurissen
Copy link
Contributor

As mentioned during the 2021-10-28 meeting, a way to check if an update exists is currently available in Chrome, Edge and Opera. See:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime/requestUpdateCheck

dotproto pushed a commit that referenced this issue Oct 29, 2021
List of issues/PRs in order of appearance in the input:
04b18b4 
- Issues: #109, #103, #112, #44
- PRs: -
- Mentioned issues without link to issue: -
@dotproto dotproto mentioned this issue Oct 29, 2021
Merged
dotproto pushed a commit that referenced this issue Oct 29, 2021
Publish minutes of 2021-10-28 meeting
4b6d808 
List of issues/PRs in order of appearance in the input:
- Issues: #109, #103, #112, #44
- PRs: -
- Mentioned issues without link to issue: -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement or change to an existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xeenon @carlosjeurissen @nir-walkme