POSTing Multipart/Form-Data from an XMLHttpRequest

I’m working on an add-on where I have a need to POST JSON data to the server. Unfortunately that JSON contains ampersands, so in order to use POST, I would have to encode the data in some way that the server could decode. This seemed like extra unnecessary work to me. I decided to use the “multipart/form-data” header which would allow me to send the data unmodified. Unfortunately, documentation on this was lacking. So this post is just to put up sample code on how to do this in case someone else needs it. In this case, I am simply passing data=foo where foo is the JSON.

var xhr = Components.classes[";1"].createInstance(Components.interfaces.nsIXMLHttpRequest);"POST", url, true);

var boundary = '---------------------------';
boundary += Math.floor(Math.random()*32768);
boundary += Math.floor(Math.random()*32768);
boundary += Math.floor(Math.random()*32768);
xhr.setRequestHeader("Content-Type", 'multipart/form-data; boundary=' + boundary);
var body = '';
body += '--' + boundary + '\r\n' + 'Content-Disposition: form-data; name="';
body += "data";
body += '"\r\n\r\n';
body += JSON.stringify(JAVASCRIPT OBJECT);
body += '\r\n'
body += '--' + boundary + '--';
xhr.setRequestHeader('Content-length', body.length);
xhr.onload = function() {

There were no server changes required at all. The PHP handled the data the same way it would have if it was an “application/x-www-form-urlencoded” POST.

Belorussian provided by Patricia

Submitting a DMCA Takedown for a Persona

Update: I did eventually find the terms of service. You have to be logged in to in order to see them. Also, the DMCA information is linked at the bottom of as “Legal Notices”.

Although I couldn’t find the terms of service for submitting a Persona to, the FAQs indicates that you must agree to the following:

  1. You either own all the elements of your design OR you are authorized worldwide to reproduce and distribute them (and allow others to do so) by the owner or the law.
  2. Your design does not contain provocative, offensive, or sexual content (i.e., it is G or PG-rated).
  3. Your design does not include identifiable elements of any non-celebrity person(s) other than yourself or individuals who have given you permission to do so.
  4. Your design does not depict violence or Nazi imagery, nor is it discriminatory or hateful.
  5. Your design does not relate to gambling.
  6. Your design does not violate any applicable law or regulation or the rights of any person or entity.

    It’s pretty clear from through the Personas inventory, that a lot of people are simply ignoring these restrictions, and Mozilla doesn’t have the volunteer capacity to enforce them.

    So if you discover an image that is a violation of your trademark or copyright, you must submit a DMCA takedown notice in order to get it removed. I was unable to find this information on, but I did find it on the main Mozilla website, so I wanted to share it with anyone who needs it.

    Be aware, though, that based on the information at the end of that section, Mozilla might post your DMCA request to the Chilling Effects website.

    New CCK Wizard on AMO

    My latest CCK Wizard is now officially available on AMO.

    As noted in previous posts, this version primarily focused on coexistence of multiple CCKs, as well as updating the proxy configuration to match Firefox 3.6. I also added some usability enhancements, including the ability to open an existing configuration.

    The most interesting feature I brought back is the ability to hide a CCK so that it can’t be uninstalled. Here’s some background.

    With Firefox 3.5 and previous, there were two options you could add to your extension that only affected it if it was installed in the same directory as the EXE – hidden and locked. Locked preventing the extension from being uninstalled (but it could still be disabled – so kind of useless) and hidden preventing it from being seen at all (which of course prevented it from being disabled or locked). Mozilla removed hidden for Firefox 3.6 but left locked behind. What I’ve done is made it so that if you specify locked, it means hidden. This was the easiest way to make this work and has the nice side effect that if in your deployment, you need to hide other extensions, just mark them as locked.

    Support for the CCK Wizard is provided through Google Code.


    Do you need to do even more customization of Firefox for your organization? That’s what we do. Contact Kaply Consulting.

    Weather Boom by Brand Thunder

    I’m really excited about the latest thing we’ve built at Brand Thunder. It’s an interactive browser theme that changes based on the weather.

    We’ve partnered with WeatherBug to give you all the weather information you could ever want. Forecasts, severe weather alerts, current conditions.

    We even use geolocation to try to figure out where you are.

    Give it a try – I think you’ll like it.

    Hiding the CCK

    In previous versions of the CCK, I provided the ability to hide and or/lock the CCK that is generated. Locking prevents the user from uninstalling the add-on, but it is rather useless since the user can still disable it. Hiding preventing the user from disabling or uninstalling.

    Unfortunately Mozilla removed the ability for an add-on to hide itself in Firefox 3.6.

    Luckily working around this is very easy and will be included in the next version of the CCK Wizard. In order to make this work, I’m going to provide one option that hides the add-on. Lock and hide will no longer be separate. This seems rather logical since the lock option is pretty useless by itself.

    Note that none of these options work unless the add-on is installed in the same directory where the Firefox executable is located.

    CCK Wizard Update and FAQs

    I’ve updated the CCK Wizard for Firefox 3.6. It’s available here. It will be on AMO once the translations are done and if no one finds any major issues. Here’s a summary of the changes:

    • Updated for new Firefox 3.6 proxy panel
    • Two CCKs can now coexist (Company Identifiers must be unique to each CCK)
    • Bundling XPIs and JARs no longer uses XPI bundles – they are explicitly installed upon first run of the CCK (please test this if you bundle multple XPIs)
    • All translated CCK Wizards should now be working
    • First run screen added to CCK Wizard install
    • A few bugs fixed

    Some other items of note:

    As I mentioned before, I’ve moved CCK Wizard development to Google Code. Please feel free to open up bugs there.

    Going forward, I’m going to add the ability to do more locking down of functionality in Firefox. If you have specific needs, please open bugs in Google Code.

    To close this post out, I want to answer a couple questions about CCK Wizard that are asked a lot.

    What is the right way to install the CCK?

    There are multiple ways the CCK can be installed based on your needs. I’ll go through all those ways.

    Standard install – The XPI that is created by the CCK Wizard is just a Firefox extension, so as such it can be placed on a web page and users can simply click to install. You can get more information on how to do this from the Mozilla developer center.

    In the Firefox directory – Extensions can be installed directly into the Firefox directory. Inside of the directory where the Firefox executable is located, there is a directory called extensions. Inside this directory, you can create a directory with the same ID as your CCK and then unzip your CCK into that directory. This is the only location where you can hide the add-on.

    As part of a Firefox install – I’ve previously documented how to bundle the CCK in the installer and how to package the installer on Windows. These instructions still hold true.

    Globally – There are designated locations in different operating systems where extensions can be installed and they are picked up by Firefox. You can get more information on these locations at the Mozilla Developer Center. This involves unzipping the CCK package in a specific location on the users hard drive into a directory that is named the same as the ID of the CCK. Using this method, you can manage the CCK package centrally and the user cannot uninstall the CCK from Firefox.

    Via the Windows Registry – If you are on Windows, extensions can be installed via the Windows registry. This is documented at the Mozilla Developer Center. This involves unzipping the CCK package that you created to a central location and then adding a registry key that tells Firefox where to find the CCK. Using this method, you can manage the CCK package centrally and the user cannot uninstall the CCK from Firefox.

    What do the options “Do not show this extension in the extension manager” and “Prevent the uninstall of this extension” do? They don’t seem to work for me.

    These options only work if your CCK is located in the extensions directory where the Firefox executable is located.

    If you have any more questions, feel free to ask in the comments.

    Do you need to do even more customization of Firefox for your organization? That’s what we do. Contact Kaply Consulting.

    Be Intentional

    Last Friday was the one year anniversary of when I was laid off from IBM so I decided to take a day to unplug and reflect on the past year. As I was sifting through my thoughts about the previous year, one thing kept coming to mind:

    Be intentional!

    I realized that I spent too much of the past year simply going with the flow and hoping things would work out. As a result, I was wasting a lot of time and energy. I was just letting life happen to me.

    You can’t live life like it’s one big accident. You have to live your life on purpose.

    Lots of speakers describe this concept. Stephen Covey says to “Be proactive.” Zig Ziglar says “If you aim at nothing, you will hit it every time.” Dave Ramsey says “Things don’t move unless you move them.”

    But here’s what I discovered. Deciding what to do isn’t enough. You also have to decide what NOT to do.

    You see, I can decide to work on something, but if at the same time, I don’t decide NOT to surf the web, or NOT to get distracted by Twitter and Facebook, I can end up thinking I’m working but in reality I’m just wasting time.

    Or I sit down at the TV to watch one show and three hours later I’m still sitting there because I didn’t decide NOT to watch anything after I finished the one show.

    When you are self employed or running a small business (or any business for that matter), you’ve got to be intentional. You’ve got to aim at something. You’ve go to be proactive. And you’ve got to move something. And you’ve got to eliminate the stuff that simply isn’t important.

    If you don’t, either nothing will happen or lots of stuff will happen, but none of it will really matter.

    So I moved things that I’ve been needing to move since I was laid off. I created a basic business plan. I created some revenue goals. And I created a mission statement.

    To delight my clients by creating Firefox extensions that meet or exceed their needs.

    So now I just have to make sure that every day I’m being intentional. For me, that means setting aside specific block of times to focus on specific tasks, including ALL my Firefox extensions. It means not checking my email every five minutes. It means using tools like SelfControl to make sure I’m not distracted. It means I need to stop saying “I should do this” and either do it or don’t do it.

    It means making sure that everything I do has purpose.

    Every time I sit at my computer or the TV or the XBox 360 need to make sure I do it intentionally. Or I’ll simply waste my time. I’ve got to have boundaries. It’s ok to spend some time on Facebook. An hour on Facebook? Probably not so much.

    So what are you doing to be intentional?

    Thanks to Steve Rowe – I had come up with a lot of this myself, but his blog post really solidified it.

    Addoncon Userpoints Idea

    At Addoncon, there was a lot of talk about how to compensate Firefox add-on developers. One of the ideas mentioned was some sort of user point system where points could be allocated to add-on developers by users and also based on usage and then the add-on developers could either donate it to a cause, turn it into merchandise, or turn it into real money.

    What this does is provide a way to compensate add-on developers for the contributions they are making to the overall Firefox brand equity.

    I have a longer summary of this idea on the Addoncon blog and would love to get feedback.

    CCK Wizard Status

    With the release of Firefox 3.6, people are already asking me about a new CCK Wizard. I am working on an update. You can get a beta of that here. Primary changes are more information on the proxy page, ability to open an existing CCK and better coexistence of multiple CCKs.

    Most interesting news on the CCK front is that I’ve decided to move it to Google Code instead of maintaining in the Mozilla trees. The URL is My primary reason for doing this is honestly that I’m not really contributing to Mozilla/Firefox proper anymore and messing with Mercurial isn’t worth it for me (I know, lame excuse.) It has some other advantages, though, like having my own bug reporting system and not having to get any reviews/approvals for checkins.

    So if you have ideas/suggestions/bugs for the CCK Wizard, please open them in Google Code.

    Also note that CCK Wizard is something I do on the side, so my time is limited. Contributions help. I know there are a lot of folks who depend on this for the business. Any and all love is appreciated.

    Extensions, Personas and Jetpack! Oh, My!

    As a result of Mike Connor’s post, there’s lots of discussion about extensions, theming, Personas and Jetpack. This is my livelihood, so I definitely have to jump in.

    First, let’s talk about Personas. I hate to burst everyone’s bubble, but:

    Personas is not lightweight theming. Personas is wallpaper.

    We’ve had it since Windows 3.0 (may be even before). It’s pretty wallpaper, but it’s still wallpaper.

    Lightweight theming is a different beast. Lightweight theming is the ability to theme the browser window WITHOUT theming the rest of the browser. So lightweight theming might involve changing things like browser background images (more than one), toolbar buttons, and possibly the URL bar or the tabs. I’ll be a little self serving and say that everything Brand Thunder does is lightweight theming. You can see examples at the gallery.

    Personas is not a suitable replacement for Firefox theming. It doesn’t even come close. And looking at the designs for future versions of Firefox, Personas becomes irrelevant – there’s very little browser chrome to even see the background images. (Clue to Firefox developers – make the new tab window transparent like Chrome).

    People point to Personas and say “look how popular it is – people must want theming that way.”

    Personas’ success is about marketing.

    Personas is the only extension that Mozilla markets. They market it on first run pages, download pages and home pages. It has a dedicated domain. It has special privileges for being installed without the add-on security warning. It was a recommended add-on from day one. They even have a custom bundle of Firefox that includes Personas!

    So please don’t tell me that Personas is the future. Personas is the present. Clearly a completely new solution will be needed for future Firefox versions.

    Now let’s talk about Jetpack.

    Jetpack is like giving me an Erector set when I used to have a Home Depot.

    Let’s look at the problems that Jetpack attempts to solve and see if a new programming model was necessary to solve them.

    Install without restart
    If extension developers were given a specific set of APIs that they could use that didn’t require restart, then extensions could be marked as “doesn’t need restart” and this problem would be solved. All Jetpack does is pre-grab parts of the Firefox UI so that when things are placed there, Jetpack handles their placement, not Firefox. This could be done with any extension API. It doesn’t require Jetpack.

    Ease of creation
    A learning curve is a learning curve. I don’t know jQuery, so Jetpack has a learning curve for me. Jetpack is simply trading one programming model for another. I’ve been to presentations where HTML developers were shown how extensions work and within one hour they could create extensions. Doing very interesting things with extensions might be difficult to learn, but that’s why you create an API. And that API does NOT have to be Jetpack specific. Packaging can be a little tricky, but again solvable outside of the context of Jetpack.

    If the extension API isn’t very user friendly, fix it. Isn’t that what FUEL was trying to accomplish? If you want a stable API that doesn’t change from release to release, create one. There’s no need this API needs to be created as a part of Jetpack.

    Forward compatibility
    Extensions break from release to release of Firefox. That’s just a fact of life. The only way to prevent this is to give extension developers a very tiny sandbox in which to play. We don’t want this. Give us a big sandbox and if we break, we break.

    The problem is not that you break us. The problem is short release cycles

    Right now, the Firefox team is aiming for six month release cycles. For an extension developer, the last two months of that cycle are when we can really start checking out things and it’s only in the last month that we can actually release addons that have the correct version in install.rdf (due to AMO restrictions.). Most extension developers have multiple extensions and probably a day job. Updating five or 10 or even hundreds of extensions can be quite problematic.

    Jetpack simply creates a new set of problems and a new context to solve those problems. We should try to fix those problems in the existing context.

    I think the core problem here is a disconnect between Mozilla Labs and the rest of the Mozilla community. Mozilla Labs operates in a very closed community, completely contrary to the way other Mozilla projects are done (at least for the initial phases of a project). I think that contributes to their myopic vision of the future of the browser. I’d much rather see Mozilla Labs work with the community to propose ideas and foster those ideas to create a real open source lab versus coming up with ideas and then trying to force those ideas on me.

    And incidentally, Internet Explorer is a great example of what happens when you give people a limited set of APIs to work with. They come up with elaborate hacks in order to make things work. And those definitely break from release to release. If you limit people, they will come up with ways around those limits. Please don’t limit me.