User Profile

When using DeclarativeNetrequest, I get an error that "regexSubstitution" is not a valid action type. The full error message: "`redirect` is missing either a `url`, `extensionPath`, or `transform` key" Regex based conditions are supported, but regex substitution for the redirect action is not. Is this intended behaviour? Note: I'm calling the API as browser.declarativeNetRequest.updateDynamicRules({ addRules: [ { action: {redirect: {regexSubstitution: "https://www.somesite.com/\\1"}, type: "redirect"}, condition: {regexFilter: ".*?://test/(.*?)", resourceTypes: ["main_frame"]}, priority: 1, id: 1, } ]})

Can we disable ITP for Safari web extension pages (including the new tab page)? Extension pages are trusted views as the user has installed the extension and granted permissions. ITP adding storage and cookie isolation here affects functionality for any embedded frames in extension pages. StorageAccess API i also not useful here since the GUID of the parent extension page will change every time the browser launches, nullifying the granted access.

Safari technology preview 16.4 adds support for modifyHeaders. While this works for any sites making fetch requests, it doesn't seem to work for any requests initiated by the web extension itself. For eg, this doesn't work: browser.declarativeNetRequest.updateDynamicRules({ addRules: [{ "id": 1, "priority": 1, "action": { "type": "modifyHeaders", "requestHeaders": [ { "header": "origin", "operation": "set", "value": "https://www.bar.com" } ] }, "condition": { // Any URL that the extension has permissions for "urlFilter": "http://foo.com", "resourceTypes": ["main_frame", "xmlhttprequest"] } }], }) This also relates to https://developer.apple.com/forums/thread/654839 While extensions can ignore CORS errors, its still important to be able to allow-list a fixed extension origin on the server before serving any requests to the same. Since the extension GUID changes on every refresh we can't rely on it. There should be a way to change this for requests to an origin that the extension has been granted permissions to.

Hi guys, I'm working on porting an extension to safari-web-extension, and seeing that any content I load inside an iframe on the extension managed new tab page has its storage partitioned due to ITP. By comparison, on Firefox, at least on the new tab page, iframes do not have their storage partitioned. Even if we get storage permission by prompting the user using Storage Access API, it would get revoked on the next browser launch since the GUID of the new tab page would be refreshed by Safari. Is there a workaround for this, or alternatively can we ensure that storage access permission is origin agnostic at least on the new tab page for Safari web extensions? Keeping it strictly against the origin would not make sense for new tab page in any case since the browser will keep refreshing the page origin on every launch.

Hi, I'm working on a Safari web extension and seeing some issues due to the background page GUID changing every time the browser is launched. From some other posts I see that the GUID for the background page is refreshed to avoid fingerprinting. Is there is an option / configuration to disable the refresh or provide a fixed GUID?We'd like to allow requests only from specific origins apart from relying on CORS which requires having a fixed background page origin.