Skip to content

fix: add world: MAIN to Firefox page script registration #17466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 19, 2025
Merged

fix: add world: MAIN to Firefox page script registration #17466

merged 4 commits into from
Nov 19, 2025
+8 −5

Conversation

@addisonbeck
Copy link
Contributor

@addisonbeck addisonbeck commented Nov 18, 2025
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-28387
sibling change from the same jira ticket: #17429
pr adding eslint rules to try to catch this pattern in the future: #17437

📔 Objective

This PR enhances how Firefox handles FIDO2 page script registration. The current MV2 implementation uses DOM script injection which exposes extension resource URLs in the page context where websites can observe them.

This PR adds the world: "MAIN" parameter to registerContentScriptsMv2() call in Firefox MV2 registration. This executes scripts directly in the page context without creating observable DOM elements.

It might be wise to also review the HTML I used for testing. It is shared in the Recreation Steps in Jira.

Note For Autofill

Autofill, we are mixing team boundaries a bit here. This change is in autofill code but really page registration as a general concept is probably more of a platform domain. For now I've just made the change needed to patch this bug, but platform will be revisiting this in a later sprint to build out a page registration api your team can call. This is going to be planned on https://bitwarden.atlassian.net/browse/PM-28388

📸 Screenshots

Before and after with me locally serving the HTML shared in Jira

Screenshot 2025-11-18 at 2 05 18 PM

⏰ Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Protected functional changes with optionality (feature flags)
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • ❓ (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes

This was referenced Nov 18, 2025
Merged
Merged
@github-actions
Copy link
Contributor

github-actions bot commented Nov 18, 2025
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsb3aa3649-8f30-4e2d-8ac4-804108224f52

Great job! No new security vulnerabilities introduced in this pull request

@addisonbeck addisonbeck force-pushed the add-world-main-to-firefox-fido2-reg branch from bc0ddf7 to 718e62d Compare November 18, 2025 18:00
@addisonbeck addisonbeck force-pushed the add-world-main-to-firefox-fido2-reg branch from 718e62d to b34bdd9 Compare November 18, 2025 18:05
@addisonbeck addisonbeck added the needs-qa Marks a PR as requiring QA approval label Nov 18, 2025
@addisonbeck addisonbeck force-pushed the add-world-main-to-firefox-fido2-reg branch from b34bdd9 to 0f23439 Compare November 18, 2025 22:04
@addisonbeck addisonbeck requested review from a team and djsmith85 November 18, 2025 22:05
@addisonbeck addisonbeck marked this pull request as ready for review November 18, 2025 22:05
@addisonbeck addisonbeck requested a review from a team as a code owner November 18, 2025 22:05
@claude
Copy link

claude bot commented Nov 18, 2025
edited
Loading

Claude Code is working…

I'll analyze this and get back to you.

View job run

@codecov
Copy link

codecov bot commented Nov 18, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 41.20%. Comparing base (e44ab1b) to head (5a1e879).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main   #17466   +/-   ##
=======================================
  Coverage   41.20%   41.20%           
=======================================
  Files        3543     3543           
  Lines      101912   101912           
  Branches    15282    15282           
=======================================
+ Hits        41988    41995    +7     
+ Misses      58159    58152    -7     
  Partials     1765     1765

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jprusik
jprusik previously approved these changes Nov 18, 2025
View reviewed changes
djsmith85
djsmith85 previously approved these changes Nov 19, 2025
View reviewed changes
@djsmith85 djsmith85 removed the request for review from jholland-livefront November 19, 2025 10:59
@djsmith85 djsmith85 mentioned this pull request Nov 19, 2025
Closed
1 task
@addisonbeck addisonbeck dismissed stale reviews from djsmith85 and jprusik via 5a1e879 November 19, 2025 20:02
@addisonbeck addisonbeck removed the needs-qa Marks a PR as requiring QA approval label Nov 19, 2025
@addisonbeck addisonbeck enabled auto-merge (squash) November 19, 2025 20:11
@addisonbeck addisonbeck merged commit 6d1c474 into main Nov 19, 2025
108 of 110 checks passed
@addisonbeck addisonbeck deleted the add-world-main-to-firefox-fido2-reg branch November 19, 2025 20:13
@bw-ghapp
Copy link
Contributor

bw-ghapp bot commented Nov 19, 2025

⚠️ Changes in this PR impact the Autofill experience of the browser client ⚠️

BIT has tested the core experience with these changes and the feature flag configuration used by vault.bitwarden.com

Caution

Unfortunately, one or more of these tests failed. 😞

Please resolve the failure before merging; reach out to @bitwarden/team-autofill-dev if you'd like help.

You can view the detailed results of the tests here.

@bw-ghapp
Copy link
Contributor

bw-ghapp bot commented Nov 19, 2025

⚠️ Changes in this PR impact the Autofill experience of the browser client ⚠️

BIT has tested the core experience with these changes and all feature flags disabled.

Caution

Unfortunately, one or more of these tests failed. 😞

Please resolve the failure before merging; reach out to @bitwarden/team-autofill-dev if you'd like help.

You can view the detailed results of the tests here.

addisonbeck added a commit that referenced this pull request Nov 19, 2025
@addisonbeck
fix: add world: MAIN to Firefox page script registration (#17466)
253a4e5 
* chore: update @types/firefox-webext-browser

* fix: add world: MAIN to Firefox page script registration

* review: add world property to registration type
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blackwood blackwood blackwood approved these changes

@jprusik jprusik jprusik left review comments

@djsmith85 djsmith85 djsmith85 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@addisonbeck @jprusik @djsmith85 @blackwood