I'm building a Safari content blocker extension. The app is able to use SFContentBlockerManager.reloadContentBlocker to update the content blocker's JSON rules. However, I'm also trying to update the rules in the background through a daemon. The daemon app is embedded inside the main app, and is registered by the main app through SMAppService. The issue I'm running into is I can't get both the GUI app and the daemon to both update the content blocker: If I embed the Safari extension inside the main app and not the daemon, the main app is able to update the extension, but the daemon fails with an "operation couldn’t be completed" error (supposedly because it isn't the owner of the app) Alternatively, if I embed the extension inside the daemon, the main GUI app can no longer update the extension (also failing with "operation couldn't be completed" If I try to embed the extension inside both the main app and the daemon, it works fine when running from Xcode, but App Store Connect verification fails because it won't allow an bundle ID with two periods after the main app ID (e.g. the main app is com.example.App, the daemon is com.example.App.daemon, and the extension is com.example.App.daemon.extension) I'm wondering if I'm missing something here? Is there a way to get Safari to recognize both the main app and the daemon as "owners" of the extension? Thanks in advance!

My Chrome extension runs fine on Chrome, but when I use the following command to run it on Safari, I find that the result returned by chrome.runtime.sendMessage is always Undefined. xcrun safari-web-extension-converter --app-name MySafariTest dist The following is my code content.js: async test() { return chrome.runtime.sendMessage({ method: "test" }) } let result = await this.test() // result is always undefined background.js: chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { sendResponse("test123") }); I want to know if there is any way to make the content script and background script of Chrome communicate normally in Safari?

safari web extensions cannot carry cookies through jquery ajax in popup scripts. I found that it is possible in Chrome, but when converted to run on Safari using safari-web-extension-converter, the ajax requests do not pass the cookie over. Is there any way to solve this problem?

I am writing a midi polyfill, to bridge Core Midi with Safari. This, in itself, is not a problem. The problem is that the Web Extension will get suspended the moment it's no longer actively called. This means that no callbacks due to midi changes from core midi can be passed back to the web page. If I use a setInterval call in background.js, then this keeps the extension alive somewhat, but the setInterval self ping will get aborted eventually, making the Extension suspend itself. I know of a fairly contrived workaround using the container application over XPC, but I am hoping there is a way to keep the Web Extension alive - or at least keep a thread in the same process as the Web Extension alive. Or any such workaround. Setting background to "persistent": true does not seem to make any difference.

Hi Everyone, We are using mac os 13.6.1, Xcode Version 14.2 (14C18). We have create a new target in the project for "Share Extension". After running the code our app is not visible when we share content from apple news and safari. Please do let me know in case anyone need more information. Thanks in Advance.

Hi, Currently, our app extension needs to get PDF file( Safari generates itself from the url) with Reader PDF options mode( or PDF options mode). So, How to get PDF file in Safari with Reader PDF options mode( or PDF options mode) for our app extension? Is there any need to declare anything special in the Info.plist file of the extension? Does the Safari extension support exporting these PDF files? Or only used for OS default apps? Thanks.

Is there a way to pass/read cookies from SFSafariViewController to my application?

Hi, I'm trying to convert a chrome extension to a safari extension and I have some unsupported permissions that don't work in safari. They are chrome.enterprise.networkingAttributes and chrome.enterprise.deviceAttributes Is there a way to get the ip address of the device in a Safari extension. The page we use this in is written in typescript. Thank you

In Safari 17.0 App Extension user is able to modify per-site permissions due to which extension is not able to inspect the url's and content. Is there any way to restrict the user from modifying per-site permissions for the specific extension through api or mdm ?

If I store a wep page as WebApp on MacOS, as described here: https://support.apple.com/de-de/104996 I cant use any Safari plugins in that WebApp How to use plugins? is it blocked by MacOS/Safari generally? Does the Safari Plugin/Extension need to support this explicitly?

To reproduce this bug: Create a simple Safari App Extension using the SFSafariWindow.getAllTabs method Open a few tabs in Safari and save them to a named tab group Quit Safari with Command + Q Open Safari and navigate to the saved named tab group (do not navigate to other tabs, those non-active tabs will be suspended until we navigate to them) Trigger the SFSafariWindow.getAllTabs method in our Safari App Extension Ideally we should get all tabs in the tab group of the window, but instead we only get the active tab Did I miss anything to make it work as expected?

Hi! I'm working on an iOS Safari extension that has a ServiceWorker. Lately we've noticed that this ServiceWorker seems to get killed seemingly at random, and there are no logs or crash reports to tell us what happened. I'm hypothesizing that iOS might be shutting down Safari ServiceWorkers when the ProcessInfo.thermalState approaches .serious. I have circumstantial evidence that our ServiceWorker tends to get killed more often at higher levels of thermalState but can't yet say conclusively that this is the case. I can't find any direct evidence of this on internet searches either. Is anyone able to shed light onto this topic? The specific symptoms are: ServiceWorker stops, and the menu entry for its console window no longer appears on macOS Safari. No crash logs via Xcode or Sentry, and no Console messages as far as we could tell (caveat: MobileSafari generates a LOT of messages! We might have missed it.) If attached via debugger, the native part of our extension just disappears and the debugger loses connection with no error message. ServiceWorker no longer works for the lifetime of the Safari process. Sometimes, when we kill Safari and restart, we can get the ServiceWorker back. This usually requires toggling our extension's "enabled" state in system settings. In some cases, even killing/relaunching Safari and toggling the system setting doesn't bring our ServiceWorker back. I'm hypothesizing right now that this happens when the thermal state is high. I've tried simulating a serious/critical thermal state in the Xcode Devices window, but couldn't repro the ServiceWorker problem. I don't know if that setting affects the whole system, though, or just our own apps. Help appreciated! Yuna

Hi. For my Safari Web Extension, using getMatchedRules() from declarativeNetRequest does not seem to work. I've declared the permission for declarativeNetRequestFeedback in my manifest.json file and tried the activeTab permission too. getMatchedRules() was added in a previous Safari release and was adjusted in Safari 16.4. I'm using Safari 16.5. It only returns an empty array when it's called. I know the rules are there and they're being applied from the static rules json, it's just that getMatchedRules() is not showing them for some reason. I'm using: const rules = await browser.declarativeNetRequest.getMatchedRules(); But it only ever returns: {rulesMatchedInfo: []} Can anyone tell me what I'm doing wrong please? The same code works fine in Chromium based browsers. Thank you.

When you have a blank Safari new tab open, the browser.tabs.query API inaccurately includes those tabs in results that include a url or title in the query options. To reproduce, open several tabs, and a blank new tab. Open the background page devtools, and execute the following command: browser.tabs.query({url: 'https://github.com/'}, console.log) In addition to any potentially valid results (if you have github.com open, for example), there will also be an entry for the blank tab, which has an empty, non-matching URL. Tab { active: true, audible: false, height: 1095, highlighted: true, id: 6, incognito: false, index: 3, isArticle: false, isInReaderMode: false, mutedInfo: {muted: false}, pendingUrl: "", pinned: false, status: "complete", title: "", url: "", width: 1792, windowId: 1 } I hope that this bug can be addressed, as it causes some unexpected behavior.

I'm tasked with securing a Safari browser extension that my organization created. It is using WebExtensions and has been launched across various browser extension stores, including Safari. I've searched for many hours on this and find very very little information on how to secure it. (Pretty much just https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy.) Is there anything more extensive/comprehensive? I'll be dealing with Safari Desktop as well as Safari iOS. By comparison, when looking for resources for securing the Firefox version of the extension, I found https://extensionworkshop.com/documentation/develop/build-a-secure-extension/, which I think is a great resource. Some of that content applies to Safari, but it's hard to know to what extent. I'll need to secure Safari web and Safari mobile (i.e. iOS), but for now I'm focused on web. (But if you have anything on mobile, then please let me know also.) Thank you!

I have updated my web extension to use Manifest v3. While trying to test, I get the error: _The service_worker script failed to load due to an error. _ I do not see details on the error, or a place where to find details. Any suggestions?

Hi there - I am trying to port over Chrome extension over to Safari Web extension. Looks like Safari has a very aggressive permissions flow which isn't a great user experience but I get the privacy benefits. I am trying to move some of my permissions like <all_urls> or tabs as optional permissions and build a flow where I can request the user for them in hopes that i can educate them as to why I need them similar to how Chrome/FF have it. However when i use browser.permissions.request - i always end up getting true without invoking the prompt. The prompt seems to come up regardless when i start visiting a website. Can someone help with this? Sounds more like a defect in Safari.

I am trying to write a safari web extension that redirects users to Y URL if they type X URL without ever loading the X URL. The piece of code that I have attached below works smoothly on chrome, but not on safari. background.js function onBeforeNavigate(event) { const redirectURL = "https://google.com/" chrome.tabs.update(event.tabId, { url: redirectURL }) } chrome.webNavigation.onBeforeNavigate.addListener(onBeforeNavigate,{ url: [ {urlMatches: "https://girlcodeit.com/*"}, {urlMatches: "http://girlcodeit.com/*"} ] }) manifest.json "manifest_version": 2, "name": "", "description": "", "version": "1.0", "background": { "scripts": [ "background.js" ] }, "permissions": [ "webNavigation", "tabs" ] } I have tried writing browser.tabs.update and just tabs.update in place of chrome.tabs.update in safari version, no change. I want to achieve the redirection anyhow through a safari web extension, please suggest changes in this one or share any other approaches. webRequestBlocking is not supported by Safari, so that doesn't work either.

My existing chrome extension has "Sign in with Apple" given that we have iOS users. When user clicks "Continue with Apple" button in the extension log in pop up, this is what we do: javascript window.open( 'https://appleid.apple.com/auth/authorize?client_id=' + clientID + '&amp;redirect_uri=' + backEndURL + '&amp;response_type=id_token%20code&amp;response_mode=form_post&amp;scope=email%20name', 'Sign in with Apple', 'height=500,width=400,left=600,top=200,status=no,location=no,toolbar=no,menubar=no' ) In chrome, this opens a popup window with that URL. In Safari Converted Web Extension, it opens custom Apple sign in flow, where it says: "Do you want to sign in to *** with your Apple ID YYY?" and then with my mac password I'm able to authenticate. Afterwards, nothing happens. Expected: a redirect to the URL specified in the window.open. Now let's do a trick: I'll wrap the above window.open code into javascript setTimeout (() = {window.open (...)}, 3000) Because of security reasons, safari then won't open the popup after 3s and will display a notification in the toolbar "Popup blocked..". If we allow the popup, then it finally opens as a normal window popup and after sign in, it redirects to our backend and it successfully authenticates. Any ides what how to solve this? P.S. We're not able to use embedded Sign in with Apple JS - https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/configuring_your_webpage_for_sign_in_with_apple script because we can't host a remote code in the extension (it will be deprecated soon). So, we arere using this. - https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/incorporating_sign_in_with_apple_into_other_platforms

Hi folks, We're building a Safari web extension and experiencing an issue to see it among extensions in Safari after installing the container app to /Applications and launching it. The app and extension is notarized and signed with Developer ID After an extensive investigation, we found the following log records in the Console app (the extension ID is redacted): Computing the code signing dictionary failed for extension with identifier com.youcompany.safariext Blocking extension with identifier: com.youcompany.safariext To debug the issue, we've created a HelloWorld-like extension generated by Xcode 12.2 beta 4 (http s://sharedartifacts.s3.eu-central-1.amazonaws.com/safariext.app.zip contains a signed app bundle) It also is under the same code signing issue. According to https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution/resolving_common_notarization_issues, we've run a few checks to verify: code signature ➜&#9;Desktop codesign -vvv --deep --strict ./safariext.app&#9;&#9;&#9;&#9;&#9; ...-prepared:/Users/nikolay/Desktop/safariext.app/Contents/PlugIns/safariext Extension.appex ...-validated:/Users/nikolay/Desktop/safariext.app/Contents/PlugIns/safariext Extension.appex ... ./safariext.app: valid on disk ./safariext.app: satisfies its Designated Requirement signing certificate ➜&#9;Desktop spctl -vvv --assess --type exec ./safariext.app&#9;&#9; ./safariext.app: accepted source=Notarized Developer ID origin=Developer ID secure timestamp ... Timestamp=25 Nov 2020 at 22:23:54 ... We seemed to have all checks good, the extension can be installed only if Safari is allowed to run unsigned extensions. Could anyone assist to debug/resolve this issue? Thanks