User Profile

I'm trying to convert a Safari App Extension to the newer Safari Web Extension API, and having an issue with an injected iFrame we use to protect user data. Inside our provided iFrame which which we source from: safari-web-extension://<ID_HERE>/<HTML_FILE_HERE> and is externally_connectable via the manifest.json. Any scripts that run inside the iFrame are able to initiate communication with background scripts with no problem. However, any message initiated from background never registers on any onMessage listener. For example: // iframe.js // WORKS FINE browser.runtime.sendMessage({ greeting: "hello" }) .then((response) => { &#9;&#9;console.log("Received response: ", response); }); // NEVER FIRES browser.runtime.onMessage.addListener((request, sender, sendResponse) => { &#9;&#9;console.log("Received request: ", request); }); I'm convinced this is an Apple bug because this same scenario for the App Extensions receives the request from the background scripts no problem. Can anyone prove me otherwise?

I'm trying to find a way to block any requests to domains my app decides not to trust. I've discovered the default capabilities of App Transport Security - https://developer.apple.com/documentation/bundleresources/information_property_list/nsapptransportsecurity, which is a great start, but would still allow a remote connection to a third party that uses HTTPS. I ask this in the context of a Safari App Extension, although I'm sure this could apply to any macOS/iOS application. Web extensions (Chrome/Firefox/Edge) already provide this capability, and I'd like to secure my application accordingly.

I'm very excited about bring web extensions back to Safari. I have an existing Safari App Extension and would like to port it back to Safari Web Extensions. I have a question about backwards compatibility. Will Safari 14 be backwards compatible with older OS such as High Sierra or Mojave?