Document testing addons without signing

[Dexterp37]

Thanks to #64 we can provide pre-canned list of studies when building an addon. This unlocks a nice debugging possibility: as long as we add, to that list, the id of a study we're debugging, then we can sideload an addon using about:debugging without the need of signing.

[rhelmer]

Thanks to #64 we can provide pre-canned list of studies when building an addon. This unlocks a nice debugging possibility: as long as we add, to that list, the id of a study we're debugging, then we can sideload an addon using about:debugging without the need of signing.

This should work for Firefox Release and Chrome (their equivalent to about:debugging is to enable developer mode in chrome://extensions), for Nightly there's also the xpinstall.signatures.required pref which can enable a more realistic flow (the core add-on can trigger extension installation from an arbitrary URL in other words)

[rhelmer]

For example, the way I generally test the Ion Core extension is to run it with web-ext:

web-ext run --pref=extensions.experiments.enabled=true --pref=xpinstall.signatures.required=false -f nightly

Which installs the Ion Core as privileged and temporary, and allows unprivileged add-ons to be installed from any URL without additional security checks (there is a warning in the install prompt about the signature not being verified but it's not an additional prompt just part of the usual "Add" or "Cancel" one all add-on installs show)

[rhelmer]

FWIW there is no way currently to load an unsigned, privileged add-on in a non-temporary way. I don't think this should be a huge issue, but it does impact testing the landing page -> Ion Core Add-on flow. The only great option for this is to get the "dev-root" signed Core Add-on from Taskcluster in the github.com/mozilla-extensions org.