Version 0.0.2 has just been published to the Chrome Extension Store for review and I’m hoping it will be approved and in the hands of Inboxes users in a short while. While there’s no new features in this release, a fair amount has changed under the hood. This post aims to run you through what’s chaged.
Upgraded to Chrome Extension Manifest v3
Chrome extensions all have a file called the manifest. It tells the Chrome Store what the extension is called, which servers it should be permitted to talk to, what permissions are allowed and where to find the background processes.
The old Manifest v2 was a little bit all over the place, and allowed extension developers to do some pretty whacky things. The new v3 manifest offers new APIs and ways of working, which I think give Google more control over how extensions work. Given browsers are used for banking and other important daily uses, it’s entirely reasonable that Google should want to be restrictive in what an extension can do.
A big perk of upgrading to manifest v3 however is speedier extension review times. Given that v2 could take a week to be reviewed, and then another one for any disputes, I’m hoping this will significantly cut down the development time of new releases.
Chrome Alerts permission
I’ve needed to request a new “alerts” permission. As I said earlier, extensions had a lot of freedom to do what they wanted. Now it’s a lot more restrictive. Part of this includes the background process life-cycle.
In many cases, extensions likely don’t need to have a running process in the background at all times. The previous version of Inboxes had a script which would check periodically with the server to get your unread email count. Now, it uses Chrome Alerts to wake up the background process, grab the data, update the icon, and then make the background process inactive. Much nicer (especially for things like battery life!).
iFrame JS Content Security Policy
I discovered an overly protective security “bug” which affected websites when clicking links in an email. The iframe sandbox is used to prevent things like javascript from hijacking the extension, accessing your emails and reading other sensitive bits. What I missed out was the allow-popups-to-escape-sandbox
content security policy tag. Adding this iframe CSP fixes this issue, and allows websites to work as normal if you click to them from within the restrictive sandboxe iframe.
A change to how news is displayed
Inboxes has a news endpoint to allow me to push useful news to users of the app. For example, I’m pretty certain I’ll need a news item within the app informing users of the new alerts
permission for version 0.0.2.
The previous version of the news feature only allowed for a little text. With some small changes, I can now customise it a little more and add background images as well as add background colours. Nothing crazy, but it should help make the news feature a little more effective when it comes to sharing important updates.
Posted on: November 7, 2021 by Patrick