准备将你的扩展从清单 v2 更新到 v3Prepare to update your extensions from Manifest v2 to v3

本文档列出了作为清单 v3 的一部分实现的重要更改,这是 Chromium 扩展平台的下一个版本。This document lists important changes that's being implemented as part of Manifest v3, which is the next version of the Chromium Extensions platform. 我们将在实施过程中更新此文档。We'll update this document as the implementation progresses. 有关将扩展迁移到清单 v3 的详细指南,请导航到 清单 V3 迁移For detailed guidance on migrating your extension to Manifest v3, navigate to Migrating to Manifest V3.

远程托管代码Remotely hosted code

如今,扩展可以远程托管其代码的一部分,并且在验证过程中不将其包含在扩展程序包中。Today, extensions can host parts of their code remotely, and not include it as part of the extension package during the validation process. 虽然这提供了在不重新提交对应用商店的扩展的情况下更改代码的灵活性,但在安装后可以利用该代码。While this offers flexibility to change code without resubmitting the extension to the store, the code can be exploited after installation. 为了确保 Microsoft Edge 加载项 列出已验证的扩展,我们禁止扩展使用远程托管的代码。To ensure Microsoft Edge Add-ons lists validated extensions, we're disallowing extensions from using remotely hosted code. 此更改使扩展更安全。This change makes extensions more secure. 开发人员将需要打包和提交扩展所使用的所有代码以进行验证。Developers will need to package and submit all code that's used by the extension for validation. 或者,开发人员可以在 沙盒环境中使用 eval ( # A1 函数。Alternatively, developers can use the eval() function in a sandboxed environment.

运行时主机权限Run-time host permissions

在安装时,扩展可能会请求访问所有网站和内容的总权限。At installation time, extensions may request blanket permissions to access all sites and content. 这些权限允许扩展以最小的干预进行操作,并为用户隐私和安全带来风险。These permissions allow extensions to operate with minimum intervention, and create a risk to user privacy and security. 为提高透明度,我们为用户提供了在运行时允许或限制访问网站的控件。To improve transparency, we're providing controls for users to allow or restrict access to websites at runtime.

内容脚本中的跨源请求Cross-origin requests in content scripts

"今日内容脚本" 可以请求对任何来源(包括网站不允许的来源)的访问权限。Today content scripts can request access to any origin including origins that aren't allowed by the website. 此行为中断了交叉起源原则。This behavior breaks cross-origin principles. 接下来,我们将要求内容脚本拥有与它们所注入的页面相同的权限,从而关闭潜在的安全 loophole。Going forward, we'll require content scripts to have the same permissions as the page they're injected into, closing a potential security loophole. 若要执行跨源请求,你需要使用后台脚本将回复中继回内容脚本。To perform cross-origin requests, you'll need to use background scripts to relay responses back to content scripts. 这些更改可在标志之后使用。These changes are available and behind a flag. 有关详细信息,请导航到 "此 文档"。For more information, navigate to this document.

Web 请求 APIWeb Request API

我们正在将 Web 请求 api 替换为 声明性 Net Request api,但将继续保持 web 请求 api 的见习功能。We're replacing Web Request API with Declarative Net Request API, but will continue to keep Web Request API's observational capabilities. 除了在某些特定情况下,扩展需要 Web 请求 API 的见习功能,我们建议仅使用 DNR Api。Except in some specific scenarios where observational capabilities of the Web Request API are required by the extension, we recommend using the DNR APIs only. 我们认为,此更改将对使用功能丰富的声明性功能的扩展产生积极影响。We believe this change will have positive impact on extensions that use feature-rich declarative capabilities. 随着更多扩展转换为 DNR Api,此更改将改进用户隐私,这有助于增强对使用扩展的信任。As more extensions transition to the DNR APIs, this change will improve user privacy, which contributes to enhancing trust in the use of extensions. 企业可以继续对通过企业策略管理的扩展使用 Web 请求 API 的阻止行为。Enterprises can continue to use the blocking behavior of the Web Request API for extensions managed through enterprise policies. 有关扩展策略的详细信息,请导航到 Microsoft Edge-"策略"。For more information about extension policies, navigate to Microsoft Edge – Policies.

后台服务工作人员Background service workers

服务工作者可在未带里的测试中进行测试。Service workers are available for testing in Canary. 若要将扩展从背景页迁移到服务工作人员,请参阅 从背景页迁移到服务工作人员To migrate your extensions from background pages to service workers, refer to Migrating from Background Pages to Service Workers. 我们正在评估 & 调查此变更对开发人员和用户带来的影响。We're evaluating & investigating the impact that this change brings to both developers and users. 我们将在以后对此文档的更改添加其他详细信息。We'll add additional details on this change to this document in the future.

这些更改将在 Microsoft Edge 中提供什么情况?When will these changes be available in Microsoft Edge?

当前的声明性 net request API 实现可在我们的稳定和 Beta 通道中使用。The current declarative net request API implementation is available in our Stable and Beta channels. 开发人员可以测试这些更改,并提供反馈。Developers can test these changes, and provide feedback. 我们将参与开发工作,并调查进一步的更改。We'll contribute to development efforts and investigate further changes.

频道名称Channel name 描述Description
Microsoft Edge 84 稳定Microsoft Edge 84 Stable DNR API 可用于测试DNR API is available for testing
Microsoft Edge 85 BetaMicrosoft Edge 85 Beta 标题修改支持可用Header modification support is available

对 Chromium 进行更改后,我们将共享时间线,以便开发人员可以更新其代码并将扩展重新发布到应用商店。When the changes are made to Chromium, we'll share timelines so that developers can update their code and republish extensions to the store.

我们将继续发布博客上的更新。We'll continue publishing updates on our blog. 你可以通过 TechCommunity提供有关这些更改的反馈。You can provide your feedback on these changes through TechCommunity.