User Profile

I have used hash urls for my website and made safari extension for the same. For login/logout my extension opens ourdmain.in in new tab and listens to update methods. I have implemented chrome.tabs.onUpdated.addListener() to listen to tab updates and for chrome this is working fine but for Safari its not working properly. I have implemented following method in my background.js: chrome.tabs.onUpdated.addListener(function (tabID, changeInfo, tab) {  console.log("Updated tab (" + tabID + ")=>>> " + tab.url);  //chrome.tabs.sendMessage(tabID, { name: 'Chrome Tabs updated >>>>>> ' + tab.url });  if (tab.status == 'complete' && tab.url.startsWith(_config.baseURL + '/login?signedout=1')) {   console.log('Clearing extension state!');     }  if (tab.status == 'complete' && tab.url === _config.baseURL + '/dashboard?extension=1') { 				console.log("Login process");  } }); Here as you can see, I am tracking logout and login events based on URL updates. And on my wesite.in/login page when user is authenticated url will be changed to website.in/dashboard but page is not reloaded. And same happens for logout, website.in/dashboard url changes to website.in/login. Here, only URL changes and page is refreshed but not totally reloaded. However, this works perfectly fine with Chrome. Do we have any restriction over here for Safari? or can we have any solution? If I reload page manually, update method works perfect but I don't want to reload full page, no my routing url should work here?

When I enable extension for Safari, and first time I tap on the button, it shows me privacy dialog box and when I grant permission, the dialog box is dismissed and to make my extension work, I have to again click on the extension button. I have requirement that my extension should work only when user taps on the button post enabling the extension. So, for each and every page I visit I need to manually tap on button before my injected content-script comes into action. My background.js is where extension click method is registered and executes, chrome.browserAction.onClicked.addListener(function (tab) { 		getActiveTab(function (tabID) { 				chrome.tabs.sendMessage(tabID, { name: 'inject-content' }); 		}); }); function respond(message, sender, callback) { 		console.log(">>>> PROCESS MESSAGE => " + message); } chrome.runtime.onMessage.addListener(respond); Here, from background script, extension button is handled and when tapped, load() from content-script is called via chrome.tabs.sendMessage() and processes different things. My content-script.js is like, var loadInit = function loadInit(message, sender, callback) {   console.log("SAFARI => " + message.name);   if (message.name == 'inject-content') {    //chrome.runtime.onMessage.removeListener(loadInit)    load();   } }; console.log("SAFARI Message=> "); chrome.runtime.onMessage.addListener(loadInit); function load() { 		console.log("Loading action methods"); 		chrome.runtime.sendMessage({ init: true }); } Here, chrome.runtime.sendMessage() is handled in background script and code in respond() method will be executed. My query is, are we able to avoid second tap we make on extension button after we granted permission for the extension? Should permission grant not execute extension button code without explicit tap second time?

I have been working on an extension which I migrated with xcrun safari-web-extension-converter PATH. When I press extension button on safari toolbar it shows me message like, This extension would be able to read and alter webpages and see your browsing history on this website. This could include sensitive information, including passwords, phone numbers, and credit cards. However, my extension is only accessing url to bookmark it and localstorage to access user tokens, tabs so new tab with somedomain.in can be opened open bookmarked link into new tab. Here is excerpt from manifest.json, "permissions" : [   "*://*.domain.in/*",   "activeTab",   "storage",   "notifications",   "tabs"  ], "optional_permissions": ["activeTab", "*://*.domain.in/*"],     "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",  "web_accessible_resources": [   "corner.css",   "js/init.js",   "init.bundled.js",   "js/jquery.min.js",   "js/taggle.min.js",   "js/typeahead.bundle.min.js",   "ext.html.js",   "assets/*"  ], It feels access to sensitive information is a bit scary for extension which just stores and manages URLs. Would you suggest me any solution over here so I can use limited permission and avoid sensitive info message..?