Hey,
I'm working on a macOS application that includes a Safari Web Extension plugin (.appex). Both the main application and the extension are properly signed and notarized. After downloading and installing my app, the Safari extension becomes only usable if the user enables the "Allow unsigned extensions" option in Safari's settings, suggesting that the extension is perceived as unsigned despite being correctly signed and notarized.
Here are the details of my configuration:
Both the main app and the extension use the same signing certificate.
The Bundle Identifiers are correctly configured and unique.
The developer team is the same for both.
App Groups are defined and identical for both.
"Automatically manage signing" is enabled.
Version and build numbers are identical in the identity settings.
Minimum Deployment Target is set to macOS 12.
In the extension's Info.plist, NSExtensionPointIdentifier is set to com.apple.Safari.web-extension and NSExtensionPrincipalClass is set to $(PRODUCT_MODULE_NAME).SafariWebExtensionHandler.
I've tested this behavior across different macOS versions and computers, but the issue persists.
Has anyone experienced something similar, or does anyone have an idea what might be causing this?