I've successfully built a Safari extension for my app, but I've noticed that some applications have a slightly different style when opening the native modal through the "aA" button (I'm not referring to the injected cloned modal, but the "native" one). There are two major differences I observed: the first is the header color, which is gray instead of the regular white, and the second is that this modal doesn't open in full screen when dragged to the top, unlike the regular one. I'm interested in knowing how they achieved this. I couldn’t find any information about it anywhere on the web/docs. Thanks!

Hi, We provide a Safari App Extension to our customers. It follows the standard Safari Extension App layout - the Extension is inside the App, the App takes care of installing the Extension in Safari. The Extension requires the Input Monitoring and Screen Recording permissions to be granted from the user. At some point during its execution, the Extension runs the code that triggers the TCC permission prompt. When the user goes to Security & Privacy Preferences dialog and clicks on the checkbox next to the Extension entry to grant the permission, the checkbox remains unchecked, however, the permissions are actually granted. This is the issue, and it is confusing for the user. Moreover, if the user decides not to grant the permissions (closes the initial prompt by clicking on the 'Deny' button) s/he will be prompted again when the Extension runs the next time (and every time). The App that contains the Extension does not suffer the same problem. Its entry in Security & Privacy Preferences responds correctly to checking/unchecking the checkbox. Unfortunately, the permissions granted to the app do not apply to the Extension contained within. Querying the main TCC database (/Library/Application Support/com.apple.TCC/TCC.db) shows one kTCCServiceListenEvent entry for the app, identified by its BundleID (permissions granted). For the Extension there are two entries - one identified by the the BundleID (permissions granted) and the other identified by the path to the Extension (permissions not granted). kTCCServiceListenEvent|/Volumes/Common/Sandboxes/Monterey/AppExtPermissons/DerivedData/AppExtPermissons/Build/Products/Debug/AppExtPermissons.app/Contents/PlugIns/AppExtPermissons Extension.appex|1|0 kTCCServiceListenEvent|com.gemalto.AppExtPermissons|0|2 kTCCServiceListenEvent|com.gemalto.AppExtPermissons.Extension|0|2 The system logs show some tccd-related errors when trying to check the checkbox: Console logs when trying to grant permissions We suspect this might be the reason why the checkbox next to the Extension entry under Input Monitoring in Security & Privacy does not respond to clicks. The same problem applies to granting Screen Recording permissions to the Extension. I constructed a minimal example based on the default Safari App Extension project - basically only added code that would trigger the permission granting prompt in the App and the Extension. Can provide a link to a zip if deemed useful. Are we doing something wrong, maybe missing an ID or a plist string somewhere?

I am developing a safari extension When a redirect occurs on a web page, I want to detect the redirect and obtain all redirect URLs. If there is any way, please let me know Below is what I tried manifest version is 3 1, Use webNabvigation in background.js browser.webNavigation.onBeforeNavigate.addListener(function(details) { console.log("Redirected to:", details.url); }); This works, but I couldn't get the expected URL 2, Use webRequest in background.js This resulted in an error as it was not possible to listen to events in a non-persistent background. This is caused by using manifest version 3.

Hey! We are developing a Safari Web Extension which requires the background script for localhost Web Socket communication (it doesn't work if we try to connect from the injected content script), everything works fine but we need it to be accessible from any URL since we have a SDK that is distributed to the customers and the domain name depends on each of them, is there a way to do this? Or is there any workaround to not have to use browser.runtime.connect or browser.runtime.sendMessage for communication between the injected content script and the background script? We have tried to use <all_urls> but that's not allowed for externally_connectable. Thanks!

Hey, Is it possible to automatic install AppStore extension on Mac clients without interaction from the user? We have a lot of users who don't have an Apple ID. And as we have quite a lot of freelancers and temporary workers we mostly have users without an Apple ID and find it not making sense for these users to create an ID. Any ideas? Thanks.

I'm building a Safari content blocker extension. The app is able to use SFContentBlockerManager.reloadContentBlocker to update the content blocker's JSON rules. However, I'm also trying to update the rules in the background through a daemon. The daemon app is embedded inside the main app, and is registered by the main app through SMAppService. The issue I'm running into is I can't get both the GUI app and the daemon to both update the content blocker: If I embed the Safari extension inside the main app and not the daemon, the main app is able to update the extension, but the daemon fails with an "operation couldn’t be completed" error (supposedly because it isn't the owner of the app) Alternatively, if I embed the extension inside the daemon, the main GUI app can no longer update the extension (also failing with "operation couldn't be completed" If I try to embed the extension inside both the main app and the daemon, it works fine when running from Xcode, but App Store Connect verification fails because it won't allow an bundle ID with two periods after the main app ID (e.g. the main app is com.example.App, the daemon is com.example.App.daemon, and the extension is com.example.App.daemon.extension) I'm wondering if I'm missing something here? Is there a way to get Safari to recognize both the main app and the daemon as "owners" of the extension? Thanks in advance!

My Chrome extension runs fine on Chrome, but when I use the following command to run it on Safari, I find that the result returned by chrome.runtime.sendMessage is always Undefined. xcrun safari-web-extension-converter --app-name MySafariTest dist The following is my code content.js: async test() { return chrome.runtime.sendMessage({ method: "test" }) } let result = await this.test() // result is always undefined background.js: chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { sendResponse("test123") }); I want to know if there is any way to make the content script and background script of Chrome communicate normally in Safari?

safari web extensions cannot carry cookies through jquery ajax in popup scripts. I found that it is possible in Chrome, but when converted to run on Safari using safari-web-extension-converter, the ajax requests do not pass the cookie over. Is there any way to solve this problem?

I am writing a midi polyfill, to bridge Core Midi with Safari. This, in itself, is not a problem. The problem is that the Web Extension will get suspended the moment it's no longer actively called. This means that no callbacks due to midi changes from core midi can be passed back to the web page. If I use a setInterval call in background.js, then this keeps the extension alive somewhat, but the setInterval self ping will get aborted eventually, making the Extension suspend itself. I know of a fairly contrived workaround using the container application over XPC, but I am hoping there is a way to keep the Web Extension alive - or at least keep a thread in the same process as the Web Extension alive. Or any such workaround. Setting background to "persistent": true does not seem to make any difference.

Hi Everyone, We are using mac os 13.6.1, Xcode Version 14.2 (14C18). We have create a new target in the project for "Share Extension". After running the code our app is not visible when we share content from apple news and safari. Please do let me know in case anyone need more information. Thanks in Advance.

Hi, Currently, our app extension needs to get PDF file( Safari generates itself from the url) with Reader PDF options mode( or PDF options mode). So, How to get PDF file in Safari with Reader PDF options mode( or PDF options mode) for our app extension? Is there any need to declare anything special in the Info.plist file of the extension? Does the Safari extension support exporting these PDF files? Or only used for OS default apps? Thanks.

Is there a way to pass/read cookies from SFSafariViewController to my application?

Hi, I'm trying to convert a chrome extension to a safari extension and I have some unsupported permissions that don't work in safari. They are chrome.enterprise.networkingAttributes and chrome.enterprise.deviceAttributes Is there a way to get the ip address of the device in a Safari extension. The page we use this in is written in typescript. Thank you

In Safari 17.0 App Extension user is able to modify per-site permissions due to which extension is not able to inspect the url's and content. Is there any way to restrict the user from modifying per-site permissions for the specific extension through api or mdm ?

If I store a wep page as WebApp on MacOS, as described here: https://support.apple.com/de-de/104996 I cant use any Safari plugins in that WebApp How to use plugins? is it blocked by MacOS/Safari generally? Does the Safari Plugin/Extension need to support this explicitly?

To reproduce this bug: Create a simple Safari App Extension using the SFSafariWindow.getAllTabs method Open a few tabs in Safari and save them to a named tab group Quit Safari with Command + Q Open Safari and navigate to the saved named tab group (do not navigate to other tabs, those non-active tabs will be suspended until we navigate to them) Trigger the SFSafariWindow.getAllTabs method in our Safari App Extension Ideally we should get all tabs in the tab group of the window, but instead we only get the active tab Did I miss anything to make it work as expected?

When using a content rules file prepared for Safari with a size of, for instance, 20MB, we encountered a crash on iOS 17. This is surprising given that just a few versions back Safari has increased the content rules limit to 150k. Now with this issue introduced, even when a content blocker is under the old 50k limit, we may not be able to register it. Technical Details: We use a class that implements the beginRequest(with context: NSExtensionContext) method from the NSExtensionRequestHandling protocol. For this implementation, we utilize NSItemProvider initialized with init(contentOf: URL), where the URL points to path/to/file.json. The crash arises when invoking context.completeRequest(returningItems: [], completionHandler: nil), with context being an instance of NSExtensionContext. Notably, using the same 20MB file and identical code, no such crash was observed on iOS 16.6.1 or iOS 12.5.7. Steps to Reproduce: In the host app, invoke SFContentBlockerManager.reloadContentBlocker(...). Within the beginRequest(with context: NSExtensionContext) method of the class implementing the NSExtensionRequestHandling protocol:Instantiate NSItemProvider(contentOf: <PATH/TO/FILE.json>) using a large-sized rule set (e.g., 20MB or more). Execute context.completeRequest(returningItems: [], completionHandler: nil). Note: The issue is specific to iOS 17. On other versions, no crash is observed. Expected behavior: The content blocker extension should operate without crashing. Actual behavior: The content blocker extension crashes. Also, we have opened another ticket in Feedback Assistant, its ID: FB13282146. UPD: We recently tested on iOS 17.1.1, and the issue still persists.

When using password autofill on Safari 17.1 (Sonoma 14.1 on M1 Mac), and a third party password manager, the quicktype bar doesn't appear. However on an Intel Mac with the same version of Sonoma and same Autofill configuration, it works as seen on Ventura. Feedback assistant report has been submitted (FB13333122).

Hi there, I've run into an issue when using runtime ports to communicate between the popup and the background of an extension. Specifically, onConnect (in the background page) is not being triggered when my extension page is displayed subsequently to a Declarative Net Request Redirection. Basically, I have DNR that redirect from 'app.mydomain.com' to my extension with a rule such as : { priority: 1, action: { type: 'redirect', redirect: { regexSubstitution: `safari-web-extension://mknlkpphjfngbollbeipeekihpdomdmd/index.html\\1#/\\2`, }, }, condition: { regexFilter: `^https?://w*\\.?app\\.mydomain\\.com(\\??[^/#]*)[^#]*#?/?(.*)$`, resourceTypes: ['main_frame'], }, }, The redirect works fine, but the onConnect is never triggered in the background page. If I load the page extension directly (without a redirect being done), it works absolutly fine. I see no error or warning. Any idea on why this issue occurs and how I could solve it ? Thanks a lot