Is it possible to enable/disable the enabled flag before the extension is loaded? we want to have a button in our app which controls the availability of the content blocker ruleSet in declarative_net_request in manifest (version 2). "declarative_net_request": { "rule_resources": [ { "id": "ruleset_1", "enabled": true, "path": "ruleset_1.json" } ] },

We are using manifest version 2, and currently some dynamic ads which come under the #document (documentURL) are not getting fetched and we are not able to block. is there an alternative for onBeginRequest in iOS Safari? How can we fetch the dynamic URLs otherwise?

We have observed that blocking content using Safari web extension does not fetch few URLS within the #document (documentURLs) because the onBeforeRequest webextension API is currently not available in Safari iOS. But it works fine using the Content blocking extension. We have a list of URLs which we want to block from the website. Which extension would you suggest the Content blocking extension or the Safari web extension?

Typically, you can use the @@extension_id special string to reference the absolute path into the bundled resources of an extension, such as an image or a custom font, in a CSS file. However, this broke with Safari 18. Consider this section in a popup.css file: .card-icon { height: 16px; width: 20px; background-image: url(safari-web-extension://__MSG_@@extension_id__/images/card.svg); background-size: 20px 16px; } In Safari 17.4, once loaded in the browser, @@extension_id is replaced with E8BEA491-9B80-45DB-8B20-3E586473BD47, and the background-image reads as so: background-image: url(safari-web-extension://E8BEA491-9B80-45DB-8B20-3E586473BD47/images/card.svg); But as of Safari 18, the @@extension_id just collapses to an empty string, and the background-image reads as so: background-image: url(safari-web-extension:///images/card.svg); and the svg fails to load with the following error: "Failed to load resource: You do not have permission to access the requested resource." This is a regression, does to match the behavior of the other major browsers, and should be fixed. Filed with Feedback ID: FB15104807

I’ve noticed that redirecting from one web page to another using DNR (Declarative Net Request) no longer works if: The source page is a search results page of the default search engine, and The user searches for a keyword from Safari’s address bar. Has this functionality been degraded, or is it an intentional restriction? I'd like a response from Apple. Steps to Reproduce Create a Safari extension that adds the following rule using browser.declarativeNetRequest.updateSessionRules() in background.js: { id: 37457985, priority: 1, action: { type: "redirect", redirect: { regexSubstitution: "https://search.brave.com/search?q=\\1" }, }, condition: { regexFilter: "https://duckduckgo.com/\\?(?:.*&)?q=([^&]*).*", resourceTypes: ["main_frame"] } } Enable the extension in Safari. Set Safari’s default search engine to DuckDuckGo. Type "hello" in the address bar to search for it. Expected: Search results for "hello" appear in Brave Search. Actual: Safari navigates to neither DuckDuckGo nor Brave Search. For further reference, please see: Sample Xcode project: GitHub link Demo video: GitHub link Environment I’ve confirmed this issue on the following environments: Safari Technology Preview 202 (macOS Sonoma 14.6.1 (23G93)) iOS 18 RC (22A3354) This issue does not occur in the latest release version of Safari 17.6 (19618.3.11.11.5) on macOS, so I believe it started with the current development version of Safari. Context My Safari extension, Redirect Web for Safari, uses DNR to redirect one web page to another. While the extension is not specifically designed to change the default search engine, some users use it to set their preferred search engine. Unfortunately, this issue will break their use case. Additional Information This issue only occurs when searching from the address bar. It does not happen when searching directly from https://duckduckgo.com. I haven’t submitted this issue via Feedback Assistant because I’m unsure if it’s a bug or intentional behavior. I’d like to confirm if this is by design first.

Messages intended for a port connection created in content scripts are unable to receive messages from the extension background script. Consider a content.js and background.js with the following contents: content.js: const port = chrome.runtime.connect({ name: 'TEST' }) // THIS IS NEVER RECEIVED port.onMessage.addListener((message) => { console.log('RECEIVED TEST MESSAGE', message) }) background.js: chrome.runtime.onConnect.addListener((port) => { if (port.name !== 'TEST') return console.log('test port connected', port) console.log('SENDING PORT MESSAGE') port.postMessage('HELLO') }) This behavior was broken in Sequoia, Safari 18. This behavior also does not match that of Firefox and Chrome, which are able to receive port messages in content scripts. It's also worth noting that UI documents with the same origin as the extension, such as a popup or iFrame, ARE able to use the port messaging as expected. However, this bug is a huge regression and should really be addressed. I've already filed an issue via Apple Feedback with the ID of FB14721836, over a month ago, but never received a response. I'm posting here for more visibility and hope a fix can be included before Sequoia goes live next week.

Hello! We have been testing the upcoming Safari 18 on macOS 15 Sequoia betas and noticed one inconsistent detail about Safari Web Extensions support compared to other browser which implement Web Extensions (Chrome, Edge, Firefox). Background We have a Safari Web extension which is monitoring navigation events using browser.tabs.onUpdated API. navigation event subscription code sample browser.tabs.onUpdated.addListener((tabId, changeInfo, details) => { onTabUpdated(tabId, changeInfo, details) }); navigation event handling code sample onTabUpdated(tabId, changeInfo, details) { console.log(`onTabUpdated: ${tabId}`, changeInfo, details); // check URL in the tab for safety } }); If the extension detects that the user navigates to an unsafe URL, it redirects the user to a page hosted by the extension. It's an HTML resource from the extension bundle. The extension is using browser.tabs.update API to redirect a specific tab to an internal page. const internalPage = browser.runtime.getURL("popup.html"); browser.tabs.update(tabId, { url: internalPage }); Discovered problem When we use browser.tabs.update API browser.tabs.update(tabId, { url: internalPage }); to redirect the user from an unsafe page, we notice that the redirected tab changes its identifier. We know that is the case because we see another API firing. It's called browser.tabs.onReplaced. We have a similar subscription for those events. When the page is redirected, the onTabReplaced handler is firing and informs us about the tab ID change after the redirect. onTabReplaced(addedTabId, removedTabId) { console.log(`onTabReplaced: ${removedTabId} -> ${addedTabId}`); } This is problematic for us in several ways: The extension keeps track of the tab ID so that when the embedded HTML page is loaded, it can still tell the user about the original URL that was blocked. The behavior observed in Safari 18 breaks current expectations of our code and breaks the functionality of our extension. This behavior is specific to Safari 18. Safari 17 does not behave this way which means that we will need to deploy an update to our Safari extension to mitigate that bug on the upcoming Safari version. Moreover, this behavior is not observed in other browsers which implement Web Extensions standard (Chrome, Edge, Firefox). All these browsers preserve the tab ID after redirect. That is a problem for us as we run the same code in all 4 browsers that we support. This will cause increase of code complexity to cover Safari as an exception out of common rule. Environment Safari version 18.0 (20619.1.26.31.6) and all prior Safari 18 betas. issue does not happen on Safari 17. macOS 15 beta 8 (24A5331b) and all prior macOS 15 betas. issue has been successfully reproduced on macOS 14 with Safari 18 betas which points to the fact that the issue is not exclusive to macOS 15. Safari 18 brings the faulty logic. The issue has been confirmed and reproduced in a sample Xcode prowejt provided by Apple called "Sea Creator". So the issue is not specific to a single extension. Feedback case FB14975378. It contains sample code, the full Xcode project, screenshots and sysdiagnose. Any advice or assistance is highly appreciated!

We have an iOS Safari extension currently distributed via Testflight. I’ve noticed that after an indeterminate period of time (sometimes days, sometimes weeks) our safari extension will stop working. It will need to be turned on again from the system general -> safari -> extensions menu. This is occurring on both iPhones and iPads running 17.6.1. Is there any condition that will cause the system to disable a safari extension, requiring the user to reopen iOS settings to re-enable?

We have an iOS Safari extension currently distributed via Testflight. I’ve noticed that after an indeterminate period of time (sometimes days, sometimes weeks) our safari extension will stop working and will need to be turned on again from the system general -> safari -> extensions menu. This is occurring on both iPhones and iPads running 17.6.1. Is there any condition that will cause the system to disable a safari extension, requiring the user to reopen iOS settings to re-enable?

Hey, Im trying to utilize the new DDM features introduce in Safari 18 & macOS 15 and enabling extension using my MDM (Intune in my case). For some reason, it doesn't seems to work on my mac machine running macOS 15 beta. Intune support claims that everything is configured as it should on their end, and there is a problem with device or configuration. I used Apple documentation and the configuration YAML in apple device management repo So I don't really sure what I am missing. Has someone managed to make it work using MDM (intune, jamf, etc')? And if so can he shared the configuration? Thanks.

Hello, I'm currently facing some issues with localization for the Safari extension on iOS: Issues with Language Tags: Folder names like pt-BR (Brazilian Portuguese) and pt-PT (European Portuguese) placed in the Resources/_locales/ directory are not displaying the respective languages correctly; instead, the default English is shown. Similarly, using folder names like zh-CN (Simplified Chinese) and zh-TW (Traditional Chinese) also results in default English display instead of the intended Chinese language. Conversely, when changing the folder names to pt (Portuguese general) and zh (Chinese general), the languages display correctly. Could you please provide any recommendations or tips regarding language tag settings and how to ensure they are properly recognized according to RFC 5646? Thanks for your help! Best,

Currently, after installing our Safari Extension, users must manually enable it within Safari Preferences under Extensions settings. This involves: Navigating to Safari Preferences. Selecting Extensions. Checking the checkbox to enable the Extension. Clicking on “Always Allow on Every Website” to grant necessary permissions. We are seeking guidance or the possibility of introducing an automation feature that would streamline these steps. The goal is to reduce manual user interaction. Are there existing APIs or methods within Safari's framework that we could utilize to automate these setup steps? What are the best practices for ensuring a smooth setup process? Thanks.

Hi all, I have a problem with trying to use UIApplication.shared.canOpenURL to open a specific web extension in the safari settings. When executing the code below the safari extension menu is shown but not the settings for the specific extension: if let url = URL(string: "App-prefs:SAFARI&path=WEB_EXTENSIONS/NAME_OF_EXTENSION") { if UIApplication.shared.canOpenURL(url) { UIApplication.shared.open(url, options: [:], completionHandler: nil) } } However, the weird thing is that when executing the above I can see some kind of an event that looks like it tries to click the specific extension. Furthermore, if I keep the settings open and tries to execute the code again it actually works, and the specific web extension's settings is open. Hope someone can help.

Hi :) I am building browser extension that is integral part of our bigger web service. Since it needs to authenticate with our web application to use its api. Extension was originally developed for the Chrome and there everything works perfectly fine without any additional work. When I am authenticated on the platform I am able to use extension on any website and while making api calls from extensions background script to the platform backend the cookie is automatically attached to it. I just do fetch without any headers etc everything works out of the box. Then I used the xcrun safari-web-extension-converter and converted the chrome extension to safari. I tested local build as well as build submitted to test flight and none of these seems to work the same way as on chrome. Meaning I am not able to make this safari extension pick up the cookie from my web application. I found that if I disable: prevent cross-site tracking in Safari Settings it works. But obviously its not a solution for the normal users. Can anyone help me to make it work? I am not very familiar with apple dev environment.

Hi, I'm experiencing an issue with my Safari extension on iOS 18. When trying to access images using browser.runtime.getURL(), it doesn't work as expected. The same code works on iOS 17 and earlier versions. Here's my manifest file and code snippet. "web_accessible_resources": [ { "resources": [ "html/*.html", "images/*.png", "images/*.gif", "images/*.svg", "json/*.json", "fonts/*.ttf", "css/*.css" ], "matches": [ "<all_urls>" ] }, "images/fs_loading.svg", "images/status_protected.svg", "images/safe_check_icon.svg" ] `var status_ok_svg = browser.runtime.getURL("images/status_protected.svg");` Note: Image all are added in Images folder only

My Safari extension (based off a Chrome one) is working fine in a Mac OS Safari version but when I try to run it on the phone I'm experiencing some bugs in communication with the backend, which I cannot troubleshoot because when I click on Develop > my_phone > Safari Extension Background Content I don't see any logs in there. Where the background logs are supposed to appear? How can I find them? I don't see them in Xcode either.

I was able to obtain the URL in iOS 17+ and lower versions by using the browser.tabs.getSelected method in background.js, and it was successful. I upgraded to iOS 18 and now this function is returning 'Undefined'. As a result, the Safari Extension feature is broken. Is this browser.tabs.getSelected no longer available or deprecated as of iOS 18? As an alternative, browser.tabs.query functions. is a useful substitute for that.

I'm testing my existing web extension with the new iOS version and browser.cookies.getAll({url: "https://myurl.com"}) stopped working. It returns an empty array. Is there another way to get the cookies?

Is there a way to detect if the user has tapped on "Turn Off Content Blockers" option on safari in ios or get a callback from the same?

I am developing a Safari browser extension related to our Saas product. In our Saas product we have many 2 Factor Authentification options and Google Authentification option. To make it simpler to the user, and because some Google Auth and 2FA using a hardware key is not working on extension. When logging in to the extension we ask him to connect to the Saas solution(redirect him), and we detect the email connected there and connect in the extension. As well as in the Saas solution we have all functionalities, including the payment settings, however the extension offers a limited functionalities, just basic ones. Now, i am trying to deploy my Safari browser extension but getting rejected by apple developers, for the below reasons: Guideline 3.1.1 - Business - Payments - In-App Purchase We still found in our review that your app or its metadata provides access to mechanisms other than in-app purchase for purchases or subscriptions to be used in the app, which does not comply with the App Review Guidelines. Specifically: Your app's Safari extension includes the following call-to-action and/or URL that directs users to external mechanisms for purchases or subscriptions to be used in the app: "+" on main Safari extension UI window > Website > Plan Settings > Payment Options. Next Steps To resolve this issue, please remove features, account registration links, and any other links to your site that could indirectly provide access to external purchase mechanisms. If you have any additional information to provide regarding the digital content and services in your app and how the guidelines apply to them, please reply to this message in App Store Connect and let us know. If there is information you'd like us to consider in our review of future submissions, please feel free to include it in the App Review Information section of App Store Connect. Guideline 4.8 - Design - Login Services The app still uses a third-party login service, but does not appear to offer an equivalent login option with the following features: The login option limits data collection to the user’s name and email address. The login option allows users to keep their email address private as part of setting up their account. The login option does not collect interactions with the app for advertising purposes without consent. Next Steps Revise the app to offer an equivalent login option that meets all of the above requirements. If the app already includes a login option that meets the above requirements, reply to App Review in App Store Connect, identify which login option meets the requirements, and explain why it meets the requirements. Note that Sign in with Apple meets the requirements specified in guideline 4.8. Can you please tell me what should i do to resolve this ?