Since it's been recently announced that legacy safari extensions are deprecated, I have started working rewriting existing codebase. But I have run into several problems. Without getting into details about poor swift/object-c APIs. There seem to be other problems.
When injecting an iframe into a page via js on some pages I get this error
[blocked] The page at about:blank was not allowed to display insecure content from safari-extension://extension.path/tooltip.html.
And on other pages:
Refused to load safari-extension://extension.path/tooltip.html because it appears in neither the child-src directive nor the default-src directive of the Content Security Policy.
This seems to happen on the "HTTPS" pages. On the "HTTP" pages, iframe seems to be injected alright, however, iframe js context doesn't seem to have a
window.safari
property injected thus it's not able to communicate with swift/objective-c code.
I am missing, something? This a limitation of the new standard or just bugs?