Can a notarized safari web extension (that is distributed outside the store) be permanently allowed to run in the Safari browser when a user selects 'Allow Unsigned extensions'?
Or do they have to keep doing it every single time they open the browser?
Post
Replies
Boosts
Views
Activity
I am performing some tests that involves the app extension and an external app connected through XPC
I get the following when I try to connect to an external app from the safari app extension with sandbox enabled
connection to service named "com.test.sample"was invalidated: failed at lookup with error 159 - Sandbox restriction." UserInfo={NSDebugDescription=The connection to service named com.test.sample was invalidated: failed at lookup with error 159 - Sandbox restriction.
I have tried:
Disabling the sandbox for the app extension target
Adding the entitlements file path in the test target
Both of which still give me the same result.
How can I proceed with this?
Does the entitlement for the sandbox only work when Safari is running the appex?
It appears that safari web extensions can only go through the app store.
In order to distribute it outside, is it sufficient to use a valid Developer ID cert or does it need to be notarized?
I understand that users would have to click Allow Unsigned Extensions.
Do they have to do this every single time even if a valid cert is used to sign the app?
A new instance of SafariWebExtensionHandler (which is set as the NSExtensionPrincipal class) inside the app extension is created for every incoming message from the browser extension.
Is this something that can be changed?
What is the lifecycle of this object?
If I have to instantiate other class objects, would they have to be singleton instances?
I am running a Safari Web extension and looking to launch a shell script from the containing app.
Error in process Error Domain=NSCocoaErrorDomain Code=4 "The file “test.command” doesn’t exist."
I get the above error when I try to access the binary.
I use NSOpenPanel to allow the user to give permission to access the file system.
The program works perfectly without the sandbox and so that ensures there is no file path error.
I have the following entitlements:
com.apple.security.scripting-targets
com.apple.security.files.user-selected.executable
com.apple.security.files.user-selected.read-write
let task = Process()
task.launchPath = "/Users/test/test.command"
let openPanel = NSOpenPanel()
openPanel.prompt = "Choose"
openPanel.canChooseFiles = false
openPanel.canChooseDirectories = true
do{
try task.run()
}catch{
os_log(.error,"Error in process")
print(" \(error)")
}
What could be the issue ?
What exactly are the differences in terms of privileges for sandboxed apps and XPC service?
Is it possible to run a compiled binary from a sandboxed app with proper entitlement and user permission ?
I tried giving the following permissions and it still did not run
com.apple.security.scripting-targets
com.apple.security.files.user-selected.executable
com.apple.security.files.user-selected.read-write
I am running a Safari Web Extension and i am unable to see any logs printed from func beginRequest.
What could be the potential cause of this ?
Can an external process be started by calling Process() method in an App Extension ? or is it sandboxed to restrict this access?
When a let port = chrome.runtime.connectNative('applicationId') is called in Safari Web Extension, does it create multiple ports that can individually communicate with the app extension ?
In chrome, every connectNative call spawns one process
How does it work in Safari ?
Is there a way for Safari Web Extensions to talk to the chrome native messaging processes ?
Also how does the communication from Safari Web Extension to App Extension happen ? is it using shared memory or sockets ?
I would like to create multiple App Extension processes from Safari Web Extension by calling the browser.runtime.connectNative API. Would this be feasible?
Is there another method to talk to multiple App extension binaries from the Safari Web extension other than using browser.runtime.connectNative
Does the Safari Web Extension always need to be bundled with app extension and native app? Can it talk to other app extensions/native app
A general question regarding the architecture of the web extensions in Safari 14.
Does it follow a similar strategy used by chrome ?
Do content scripts reside in a separate process or are they part of the same process as the webpage?
The Safari Web Extension can connect to the App extension via the the browser.runtime.sendNativeMessage and browser.runtime.connectNative APIs.
How many Native Messaging host processes can be created through the above APIs? Can new processes be spun up per browser.runtime.connectNative call just like in chrome? or is it always going to be one process ?
What other alternatives can we leverage
Would we always have to inject content script into a webpage in order to communicate from webpage to extension ?
Is there an externally_connectable API approach in Safari just like in chrome ?