Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(security): Use import.meta.hot for communication with Vite 6.0.9+ (and 5.4.14+) dev server #1411

Draft
wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

fix(security): Use import.meta.hot for communication with Vite 6.0.9+ (and 5.4.14+) dev server #1411

wants to merge 14 commits into from

Conversation

aklinker1
Copy link
Collaborator

Overview

WXT previously relied on connecting to Vite's dev server manually, instead of using import.meta.hot. Vite 6.0.9 introduced several changes that broke WXT's dev mode:

  • Vite introduced a randomly generated auth token to ensure of your application can access it

    This broke WXT because WXT doesn't know what the token is. While it is possible to get the token from the dev server, it would take quite a bit of refactoring to route the token into the background script during development, so I'm not gonna do that. Instead, WXT now uses import.meta.hot.

    For MV2, WXT dynamically imports the vite/client package from the dev server. For MV3, we're updating dev mode to always set background.type: "module" in the manifest.

Warning

This is technically a breaking change to dev mode, however, it should have no effect. WXT will continue to bundle the background as IIFE if you don't specify type: "module" in your entrypoint.

  • CORS: TODO

Manual Testing

Install the new version from pkg.pr.new and spin up your extension in dev mode:

pnpm i https://pkg.pr.new/wxt@XXXX
pnpm dev

Related Issue

@netlify Netlify
Copy link

netlify bot commented Feb 8, 2025
edited
Loading

Deploy Preview for creative-fairy-df92c4 ready!

Name Link
🔨 Latest commit d815ebf
🔍 Latest deploy log https://app.netlify.com/sites/creative-fairy-df92c4/deploys/67a74af7ffebd200087379c1
😎 Deploy Preview https://deploy-preview-1411--creative-fairy-df92c4.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

aklinker1
aklinker1 commented Feb 8, 2025
View reviewed changes
packages/wxt/build.config.ts Outdated
Comment on lines 40 to 41
'http://localhost:3000/@id/wxt/background-client',
'http://localhost:3000/@vite/client',
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO:

Suggested change
'http://localhost:3000/@id/wxt/background-client',
'http://localhost:3000/@vite/client',
'__DEV_SERVER_ORIGIN__/@id/wxt/background-client',
'__DEV_SERVER_ORIGIN__/@vite/client',

aklinker1
aklinker1 commented Feb 8, 2025
View reviewed changes
packages/wxt/package.json
@@ -123,7 +127,7 @@
"publish-browser-extension": "^2.2.2",
"scule": "^1.3.0",
"unimport": "^3.13.1",
"vite": "^5.0.0 || ^6.0.0",
"vite": "^5.0.0 || <=6.0.8",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"vite": "^5.0.0 || <=6.0.8",
"vite": "^5.0.0 || ^6.0.0",

aklinker1
aklinker1 commented Feb 8, 2025
View reviewed changes
packages/wxt/src/virtual/reload-html.ts
Comment on lines +1 to 6
if (import.meta.hot) {
import.meta.hot.on('wxt:reload-page', (event) => {
// "popup.html" === "/popup.html".substring(1)
if (event.detail === location.pathname.substring(1)) location.reload();
});
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: Test

aklinker1
aklinker1 commented Feb 8, 2025
View reviewed changes
packages/wxt/src/core/builders/vite/plugins/devServerGlobals.ts Outdated
};

const wxtBackgroundClientUrl = `http://${server.hostname}:${server.port}/@id/wxt/background-client`;
console.log({ wxtBackgroundClientUrl });
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO remove

aklinker1
aklinker1 commented Feb 8, 2025
View reviewed changes
packages/wxt/src/virtual/background-entrypoint.ts Outdated
}
});
}
console.log('__WXT_BACKGROUND_CLIENT_IMPORT__');
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: Remove

@aklinker1 aklinker1 changed the title fix(security): Use import.meta.hot for communication with Vite 6.0.9+ dev server fix(security): Use import.meta.hot for communication with Vite 6.0.9+ (and 5.4.14+) dev server Feb 8, 2025
@aklinker1
Copy link
Collaborator Author

aklinker1 commented Feb 12, 2025
edited
Loading

Status update. I should have it all working, but for some reason I can't load the vite client from the server, debugging this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Timeraa Timeraa Awaiting requested review from Timeraa Timeraa will be requested when the pull request is marked ready for review Timeraa is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dev websocket connection failed Popup HTML auto refresh does not work with Vite 6.0.9+
1 participant
@aklinker1