wxt
wxt copied to clipboard
wxt-dev
fix(security): Use `import.meta.hot` for communication with Vite 6.0.9+ (and 5.4.14+) dev server
Overview
WXT previously relied on connecting to Vite's dev server manually, instead of using import.meta.hot. Vite 6.0.9 introduced several changes that broke WXT's dev mode:
-
Vite introduced a randomly generated auth token to ensure of your application can access it
This broke WXT because WXT doesn't know what the token is. While it is possible to get the token from the dev server, it would take quite a bit of refactoring to route the token into the background script during development, so I'm not gonna do that. Instead, WXT now uses
import.meta.hot.For MV2, WXT dynamically imports the
vite/clientpackage from the dev server. For MV3, we're updating dev mode to always setbackground.type: "module"in the manifest.
[!WARNING] This is technically a breaking change to dev mode, however, it should have no effect. WXT will continue to bundle the background as IIFE if you don't specify
type: "module"in your entrypoint.
- CORS: TODO
Manual Testing
Install the new version from pkg.pr.new and spin up your extension in dev mode:
pnpm i https://pkg.pr.new/wxt@XXXX
pnpm dev
Related Issue
- This PR closes #1360
- This PR closes #1362
Deploy Preview for creative-fairy-df92c4 ready!
| Name | Link |
|---|---|
| Latest commit | d815ebf831fe84ab4a1c09261018a0bb413ba604 |
| Latest deploy log | https://app.netlify.com/sites/creative-fairy-df92c4/deploys/67a74af7ffebd200087379c1 |
| Deploy Preview | https://deploy-preview-1411--creative-fairy-df92c4.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify site configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Status update. I should have it all working, but for some reason I can't load the vite client from the server, debugging this.