A Firefox extension to open cloud profiles in separate containers.
Granted uses Multi-Account Containers, a privacy feature built in to Firefox which allows groups of browser tabs to be isolated from one another. Granted exposes a custom protocol handler ext+granted-containers which allows the extension to be triggered from the Granted CLI.
This extension operates with the minimum possible permissions and does not have the ability to read information from any web pages. By design, the extension does not have permission to read any information from the DOM when you are accessing cloud provider consoles. The extension uses a Background Script which can't directly access web page content.
The permissions that this extension requires are:
| Permission | Reason |
|---|---|
| contextualIdentities | used to manage tab containers via the contextualIdentity API |
| cookies | required to access container tab stores in order to list available identities |
| tabs | required to open a new tab in a container |
| storage | required to store information on the list of available containers |
Requirements:
-
Clone this repository: https://github.com/common-fate/granted-containers
-
Install dependencies
yarn install --frozen-lockfile -
Build the extension
yarn build
The extension is transpiled into the dist folder, and additionally zipped up and placed in the web-ext-artifacts folder.
We have a couple of Bash scripts set up to make internal distribution and testing of the extension simple. These scripts are written for MacOS.
-
Setup signing credentials for internal testing (this will load Firefox API credentials into the MacOS keychain)
./set_signing_credentials.sh -
Build the extension
yarn build -
Sign the extension
./sign.sh