Flatpak version of Firefox nightly doesn't pick up chrome-gnome-shell

[gitjod]

I installed the flatpak of Firefox nightly on Fedora Silverblue 28 and have chrome-gnome-shell installed: https://gitlab.gnome.org/GNOME/chrome-gnome-shell.

The rpm version of Firefox installed on the system picks up chrome-gnome-shell fine but the flatpak version doesn't. When I go to https://extensions.gnome.org/ in the flatpak firefox it see the message on the webpage: "Although GNOME Shell integration extension is running, native host connector is not detected. Refer documentation for instructions about installing connector."

I don't know if this is a firefox nightly issue or a flatpak issue

[rmader]

Well that sounds right, actually :) Flatpak is a sandbox after all.
Basically there are two scenarios:

• you installed chrome-gnome-shell on the system. Then firefox is not allowed to talk to it and some portal would be needed. And most importantly, the user would need to get asked for permission to change her shell. I guess many people would say 'no' here, as the whole benefit of the sandbox would be lost. Seriously, being able to install GS-extensions is equal to full control over the users session. Imagine an app on your phone asking for full permissions to do anything.
• you installed chrome-gnome-shell in the same sandbox as firefox. Then it shouldn't be able to do anything by design

Off-topic: I have to say I really hope the gnome devs change their mind about how they distribute gs-extensions. GS-extensions are highly security sensitive. I don't think a website is the right spot for them. People should be able to install them through gnome-software, that's were they belong.

[gitjod]

Thanks yes your points make sense. I tried both installing chrome-gnome-shell on the system and installing it in the same sandbox as firefox. This worked for flash-plugin but as you point out in the case of chrome-gnome-shell it wouldn't work. Basically chrome-gnome-shell can't see outside the sandbox.

[gitjod]

Given chrome-gnome-shell when installed on the system works with google-chrome which is sandboxed, the expectation should be that it should work with a flatpaked firefox in a similar manner. Is there anyway you can achieve this with your flatpak of firefox or are you reluctant to do this given your understandable reservations that you have expressed in your comment above?

[wvengen]

Google Chrome is not (generally) sandboxed as an app, but has ways to effectively 'sandbox' code running on a webpage. This is quite different from Firefox running as a flatpak, which sandboxes the whole app. So even if Firefox itself misbehaves, it is still protected by the sandbox. So the answer is that Firefox can't install GNOME Shell extensions without introducing serious security concerns as explained above.