Native manifests

Native manifests are specially formatted JSON files that are provisioned on the user's computer by some means outside the extension installation process. For example, a native manifest might be provisioned by a device administrator or by a native application installer.

There are three different types of native manifest:

Native messaging manifests	Enable a feature called native messaging, in which an extension can communicate with a native app installed on the device.
Managed storage manifests	Define read-only data that an extension can access using the `storage.managed` API.
PKCS #11 manifests	Enable an extension to use the `pkcs11` API to enumerate PKCS #11 security modules and install them in Firefox.

For all native manifests, you need to arrange things so the browser can find the manifest. The section on manifest location describes these rules.

Native messaging manifests

The native messaging manifest contains a single JSON object with the following properties:

Name	Type	Description
`name`	String	Name of the native application. This must match the name passed into `runtime.connectNative()` or `runtime.sendNativeMessage()` by the extension. On MacOS and Linux, it must also match the native messaging manifest's filename (excluding the `.json` extension). On Windows, it must match the name of the registry key you create, that contains the location of the native messaging manifest. The name must match the following regular expression: `"^\w+(\.\w+)*$"`. This means that it may only contain (lowercase or uppercase) alphanumeric characters, underscores, and dots. It may not start or end with a dot, and a dot cannot be followed by another dot.
`description`	String	Description of the native application.
`path`	String	Path to the native application. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute.
`type`	String	Describes the method used to connect the extension with the app. Currently, only one value can be given here, `"stdio"`, which indicates that messages are received by the app using standard input (`stdin`) and sent using standard output (`stdout`).
`allowed_extensions`	Array of String	An array of Add-on ID values. Each value represents an extension which is allowed to communicate with this native application. Note that this means you will probably want to include the `browser_specific_settings` key in your extension's `manifest.json` file, so you can set an explicit ID during development.

For example, here's a manifest for the ping_pong native application:

json

{
  "name": "ping_pong",
  "description": "Example host for native messaging",
  "path": "/path/to/native-messaging/app/ping_pong.py",
  "type": "stdio",
  "allowed_extensions": [ "ping_pong@example.org" ]
}

This allows the extension whose ID is ping_pong@example.org to connect, by passing the name ping_pong into the relevant runtime API function. The application itself is at /path/to/native-messaging/app/ping_pong.py.

Managed storage manifests

The managed storage manifest contains a single JSON object with the following properties:

Name	Type	Description
`name`	String	The ID of the extension that can access this storage, given as the ID you've specified in the extension's `browser_specific_settings` key.
`description`	String	Human-readable description, ignored by Firefox.
`type`	String	This must be `"storage"`.
`data`	Object	A JSON object that may contain any valid JSON values, including strings, numbers, booleans, arrays, or objects. This will become the data in the `browser.storage.managed` storage area.

For example:

json

{
  "name": "favourite-color-examples@mozilla.org",
  "description": "ignored",
  "type": "storage",
  "data":
  {
    "color": "management thinks it should be blue!"
  }
}

Given this JSON manifest, the favourite-color-examples@mozilla.org extension could access the data using code like this:

let storageItem = browser.storage.managed.get('color');
storageItem.then((res) => {
  console.log(`Managed color is: ${res.color}`);
});

PKCS #11 manifests

The PKCS #11 manifest is a file containing a JSON object with the following properties:

Name	Type	Description
`name`	String	Name of the PKCS #11 module. This must match the name used in the `pkcs11` API. On MacOS and Linux, it must also match the manifest's filename (excluding the extension). On Windows, it must match the name of the registry key you create, which contains the location of the manifest. The name must match the following regular expression: `"^\w+(\.\w+)*$"`. This means that it may only contain lowercase alphanumeric characters, underscores and dots. It may not start or end with a dot, and a dot cannot be followed by another dot.
`description`	String	Description of the module. This is used to set the friendly name for the module in the browser's UI (for example, the "Security Devices" dialog in Firefox).
`path`	String	Path to the module. On Windows, this may be relative to the manifest itself. On MacOS and Linux it must be absolute.
`type`	String	This must be `"pkcs11"`.
`allowed_extensions`	Array of String	An array of Add-on ID values. Each value represents an extension which is allowed to interact with the module. Note: This means you will probably want to include the `browser_specific_settings` key in your extension's `manifest.json` file, so you can set an explicit ID during development.

For example:

json

{
  "name": "my_module",
  "description": "My test module",
  "type": "pkcs11",
  "path": "/path/to/libpkcs11testmodule.dylib",
  "allowed_extensions": ["my-extension@mozilla.org"]
}

Given this JSON manifest, saved as my_module.json, the my-extension@mozilla.org extension could install the security module at /path/to/libpkcs11testmodule.dylib using code like this:

browser.pkcs11.installModule("my_module");

Manifest location

On Linux and macOS, you need to store the manifest in a particular place. On Windows, you need to create a registry key that points to the manifest's location.

The detailed rules are the same for all the manifest types, except that the penultimate component of the path identifies the type of manifest. The examples below show the form for each of the three different types. In all the examples, <name> is the value of the name property in the manifest.

Windows

For global visibility, create a registry key with the following name:

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\NativeMessagingHosts\<name>

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\ManagedStorage\<name>

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\PKCS11Modules\<name>

The key should have a single default value, which is the path to the manifest.

Warning: As of Firefox 64, the 32-bit registry view (Wow6432Node) will be checked first for these keys, followed by the "native" registry view. Use whichever is appropriate for your application.

For Firefox 63 and older: This key should not be created under Wow6432Node, even if the app is 32-bit. Previous versions of the browser will always look for the key under the "native" view of the registry, not the 32-bit emulation. To ensure that the key is created in the "native" view, you can pass the KEY_WOW64_64KEY or KEY_WOW64_32KEY flags into RegCreateKeyEx. See Accessing an Alternate Registry View.

For per-user visibility, create a registry key with the following name:

HKEY_CURRENT_USER\SOFTWARE\Mozilla\NativeMessagingHosts\<name>

HKEY_CURRENT_USER\SOFTWARE\Mozilla\ManagedStorage\<name>

HKEY_CURRENT_USER\SOFTWARE\Mozilla\PKCS11Modules\<name>

The key should have a single default value, which is the path to the manifest.

macOS

For global visibility, store the manifest in:

/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json

/Library/Application Support/Mozilla/ManagedStorage/<name>.json

/Library/Application Support/Mozilla/PKCS11Modules/<name>.json

For per-user visibility, store the manifest in:

~/Library/Application Support/Mozilla/NativeMessagingHosts/<name>.json

~/Library/Application Support/Mozilla/ManagedStorage/<name>.json

~/Library/Application Support/Mozilla/PKCS11Modules/<name>.json

Linux

For global visibility, store the manifest in either:

/usr/lib/mozilla/native-messaging-hosts/<name>.json

/usr/lib/mozilla/managed-storage/<name>.json

/usr/lib/mozilla/pkcs11-modules/<name>.json

or:

    /usr/lib64/mozilla/native-messaging-hosts/<name>.json

    /usr/lib64/mozilla/managed-storage/<name>.json

    /usr/lib64/mozilla/pkcs11-modules/<name>.json

For per-user visibility, store the manifest in:

~/.mozilla/native-messaging-hosts/<name>.json

~/.mozilla/managed-storage/<name>.json

~/.mozilla/pkcs11-modules/<name>.json