JUST ENDED
|

Web Extensions Q&A

Connect with Apple engineers in the Web Extensions Q&A on the Apple Developer Forums.
Safari & Web Web Extensions

Post

Replies

Boosts

Views

Activity

Any way to avoid Content Security Policy violations for elements inserted by extensions?
Hi! It seems like in Safari, elements inserted into a page by web extensions (such as and elements) are currently subject to the page's Content Security Policy. If the CSP is strict enough, this prevents these elements from loading. Based on my testing, I've found that this behavior is different in other browsers, where a page's CSP is not applied to elements inserted by an extension. Is this expected behavior in Safari, or might it be considered a bug? Any advice on working around these restrictions, as it currently prevents my extension from working correctly on websites with a strict CSP?
Topic: Safari & Web SubTopic: Web Extensions
2
0
57
3d
Network Extension behaviour with PAC
Hello, We have a Network extension transparent proxy (NETransparentProxyProvider) that receives browser TCP flows as NEAppProxyTCPFlow. For each flow we create an NWConnection to the flow's original destination and set NEParameters.preferNoProxies = true - expecting the outbound connection to bypass the user's HTTP/HTTPS proxy and PAC so it goes to the destination server directly. However, in practice we see connections still being redirected to local proxy after being evaluated against the PAC rules using the destination IP and port. Our questions are: Could we expect preferNoProxies to be respected when a PAC exist on the endpoint and supersede the PAC rule decision? If yes, what would be the best way to file a bug and what information do you need? If not, is there any other way of making sure that the outbound NWConnection created by the transparent proxy is not redirected to a proxy and goes directly to the destination? One other way of avoiding our NWConnection being redirected to the proxy is to use hostname instead of destination IP. Would there be a reliable way of getting hostname for the NEAppProxyTCPFlow so that PAC can correctly filter all NWConnection based on rules? We have explored remoteHostname but it's generally not available for connections from browsers other than Safari.
Topic: Safari & Web SubTopic: Web Extensions
1
0
87
3d
Any way to avoid Content Security Policy violations for elements inserted by extensions?
Hi! It seems like in Safari, elements inserted into a page by web extensions (such as and elements) are currently subject to the page's Content Security Policy. If the CSP is strict enough, this prevents these elements from loading. Based on my testing, I've found that this behavior is different in other browsers, where a page's CSP is not applied to elements inserted by an extension. Is this expected behavior in Safari, or might it be considered a bug? Any advice on working around these restrictions, as it currently prevents my extension from working correctly on websites with a strict CSP?
Topic: Safari & Web SubTopic: Web Extensions
Replies
2
Boosts
0
Views
57
Activity
3d
Limiting user interaction when installing a Safari extension
Is there an MDM solution that will give a Safari extension all the permissions it needs with no interaction from the end user?
Topic: Safari & Web SubTopic: Web Extensions
Replies
3
Boosts
1
Views
109
Activity
3d
Network Extension behaviour with PAC
Hello, We have a Network extension transparent proxy (NETransparentProxyProvider) that receives browser TCP flows as NEAppProxyTCPFlow. For each flow we create an NWConnection to the flow's original destination and set NEParameters.preferNoProxies = true - expecting the outbound connection to bypass the user's HTTP/HTTPS proxy and PAC so it goes to the destination server directly. However, in practice we see connections still being redirected to local proxy after being evaluated against the PAC rules using the destination IP and port. Our questions are: Could we expect preferNoProxies to be respected when a PAC exist on the endpoint and supersede the PAC rule decision? If yes, what would be the best way to file a bug and what information do you need? If not, is there any other way of making sure that the outbound NWConnection created by the transparent proxy is not redirected to a proxy and goes directly to the destination? One other way of avoiding our NWConnection being redirected to the proxy is to use hostname instead of destination IP. Would there be a reliable way of getting hostname for the NEAppProxyTCPFlow so that PAC can correctly filter all NWConnection based on rules? We have explored remoteHostname but it's generally not available for connections from browsers other than Safari.
Topic: Safari & Web SubTopic: Web Extensions
Replies
1
Boosts
0
Views
87
Activity
3d