Reject Manifest V2 extensions at upload with a clear error#293
Conversation
Chromium no longer loads Manifest V2 extensions. Without an explicit check, an uploaded MV2 extension is accepted and silently fails to load in the browser. Validate manifest_version on upload and return a 400 explaining that the extension must be Manifest V3. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: PR is unclear which repo it belongs to; please specify if this is in To monitor this PR anyway, reply with |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using high effort and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 97df01a. Configure here.
1 participant
Summary
Chromium hasn't supported Manifest V2 extensions for ~a while. Right now if a user uploads a MV2 extension it's accepted by the upload endpoint, extracted, and wired into
--load-extension/ the enterprise policy. Then silently fails to load when Chromium starts, with no signal back to the caller.This adds an explicit
manifest_versioncheck at upload time:policy.ManifestVersionreadsmanifest_versionfrom the extractedmanifest.json. A missing manifest is not an error (crx + update.xml installs may not ship an unpacked manifest; Chromium validates those itself).applyExtensionZipItemsrejects any extension whose manifest declares version 1 or 2 with a 400 explaining it must be upgraded to Manifest V3. The existing cleanup path removes the partially-extracted dir.Test plan
CI
Note
Low Risk
Adds upload-time validation only; no auth or policy persistence changes beyond failing fast with 400s before install completes.
Overview
Extension zip uploads now validate
manifest.jsonimmediately after extraction, before policy/flags updates or Chromium restart.policy.ManifestVersionreadsmanifest_versionfrom the unpacked manifest. A missing manifest is allowed (e.g. crx +update.xmlflows). Malformed JSON returnsErrInvalidManifestand surfaces as a 400 with a clear message. Extensions declaring Manifest V1 or V2 are rejected with a 400 explaining Chromium requires Manifest V3. Failed validation still uses the existing partial-directory cleanup on the upload path.Unit tests cover
ManifestVersionfor MV3, MV2, missing file, and invalid JSON.Reviewed by Cursor Bugbot for commit cf25794. Bugbot is set up for automated code reviews on this repo. Configure here.