Development Basics

the source code

getting the source code / building the addon

See Setting up a development environment and Working with the Source Code.

XPI files

For distribution, the source code is packaged into .xpi files. XPI files are just zip archives which you can extract like any other. However, if you want to work on the source code you should take the code from the repository, because the XPI's content and the code in the src/ directory are not exactly the same.

addon development basics

XUL

RequestPolicy adds XUL elements to every browser window, such as the menu button. There's a great XUL Tutorial on MDN.

XPCOM

When developing Mozilla Add-Ons you will stumble upon XPCOM components:

• Creating XPCOM components
• JavaScript-specific guide

Development tools

There are some very useful tools for developing addons. To name some of them:

• the Browser Toolbox and other Firefox Developer Tools – to debug extensions
• the DOM Inspector and Inspect Context – inspect, browse, and edit the DOM of XUL windows

source code basics

The main source code lives in the src/ directory, unit tests in tests.

programming language

RequestPolicy is written in JavaScript. Some unit tests (Marionette) are written in Python.

entry points

When the addon is installed, the files install.rdf and chrome.manifest are parsed and bootstrap.js is executed. More infos:

• install.rdf: docs. It specifies the addon's ID, name, description and version string, as well as the web browsers' minVersion and maxVersion.
• chrome.manifest: docs, tutorial. It specifies the chrome://rpcontinued/ URI.
• bootstrap.js: docs

From bootstrap.js RequestPolicy is started up.

„Content Policy“ implementation

RequestPolicy's blocking functionality bases mostly on the nsIContentPolicy interface. RequestPolicy implements this interface by an XPCOM component. The component's shouldLoad function will be called for each request to decide whether or not the resource at a given location should be loaded.

general topics

URIs

Each request has a destination URI, and often also an origin URI. For information about about URIs see STD 66 (Internet standard) – especially Appendix A. There's also some information on wikipedia.

This is the ABNF definition of an URI:

scheme ":" hier-part [ "?" query ] [ "#" fragment ]

The „scheme“ often is http or https. The „hier-part“ normally is the host in the form of //www.example.com or //127.0.0.1.

domain names and the „Public Suffix List“

RequestPolicy treats domain names either as full domains (e.g. www.example.com) or regarding their „Base Domain“ (e.g. example.com). The Base Domain is determined using the „Public Suffix List“ (wikipedia, publicsuffix.org). Therefore, for example, the Base Domain of xyz.cloudfront.net is equally xyz.cloudfront.net, not cloudfront.net.

security

Have a look at the MDN articles Security check basics and Same-origin policy

Glossary

• ruleset: a list of rules. can be empty.
• rule: contains some selection specification (e.g. origin and destination) and a policy
• policy: whether requests matching a rule are allowed or blocked

Abbreviations

The following abbreviations are used

• RP: RequestPolicy; RPC: RequestPolicy Continued
• Fx: Firefox
• e10s: Electrolysis (aka multiprocess firefox)