[I submitted this to the Feedback portal: FB7750481]
I’ve built a Safari App Extension (not using the recently-announced Web Extensions) which allows users to show and hide user-generated comments on websites, hiding by default. It lets users see comments with a single click of a toolbar button. It then remembers their choice in an encrypted whitelist. I use my toolbar button’s icon to indicate the current state of the content blocker to the user.
Because this is a general-purpose App Extension compatible with any website, I must request the All level for SFSafariWebsiteAccess. Otherwise I can’t indicate to the user whether or not their extension is active on any given page.
Safari 14 introduces new permission request dialogs for when a user turns on an extension which requests sensitive browsing activity information. As far as I can tell, developers have no means to justify these requests and provide more context, so users may be left with unanswered questions when they try to turn on an extension.
[An example of this is as follows:]
Are you sure you want to turn on the extension "Example Extension?"
This extension can see all your browsing history.
[ Cancel ] [ Turn On ]
My use of this data is very innocuous. I simply use it to let the user know where the extension is active, and to store a whitelisted site. I don’t track users and I don’t share or sell their info. I have no way to tell them this at the point where they would most likely have questions about it.
There are well-established Info.plist keys for requesting permission from the user for use of their private data and giving them more context. Examples include NSLocationWhenInUseUsageDescription, NSCameraUsageDescription, NSMicrophoneUsageDescription, and many others. I am requesting a similar kind of plist key which would describe the required permissions to the user so they can understand how their data will be used and make an informed choice.
Post
Replies
Boosts
Views
Activity
My app was rejected from the App Store because it quits when the last window is closed. This behavior is intentional because my app isn't a document-based app. 16 of Apple's own bundled Mac apps that follow a similar design pattern also exhibit this behavior. Nevertheless, I'm preparing a contingency plan in the unlikely case that App Review rejects my appeal.
I have a code branch which modifies my app's behavior to stay open when the window is closed. I restore the window if the user switches back to the app, and also have a menu item under the Window menu (mapped to ⌘0, just like Mail and Calendar) to restore the window.
My question is: Calendar, for example, has a specific entry in the Window menu (Window > Calendar) for restoring the window if you close it. This entry is always present and displayed with a checkmark when the window is open and unminimized. When I try to do this in my app, I have duplicated entries: one entry that I specified in Interface Builder, and one entry that's managed by the system. How do you think Apple is managing their menu item in Calendar?
Hi,
In the WWDC23 session “What’s new in Safari extensions,” the presenter says:
There are four ways to build Safari extensions: content blockers, share extensions, app extensions, and web extensions.
Safari 17 continues to support all of these types, but the future of browser customization lies in web extensions.
I take that to mean that content blocker extensions won’t be supported indefinitely, so I would like to get ahead of this by migrating my CSS content blocker to a web extension. However, I don’t see an API which allows for declarative CSS blocking in the same privacy-preserving way.
I like the current way of building CSS content blockers because I can block page content without requesting any additional permissions. This provides a very smooth user experience, but I don’t see any way to do this using Safari web extensions.
This method of blocking content is even referenced in the video, but only as a way to draw parallels to Declarative Net Request. Did I miss a change that allows me to build a privacy-preserving CSS content blocker in a web extension?