I've successfully built a Safari extension for my app, but I've noticed that some applications have a slightly different style when opening the native modal through the "aA" button (I'm not referring to the injected cloned modal, but the "native" one). There are two major differences I observed: the first is the header color, which is gray instead of the regular white, and the second is that this modal doesn't open in full screen when dragged to the top, unlike the regular one. I'm interested in knowing how they achieved this. I couldn’t find any information about it anywhere on the web/docs. Thanks!

Hi, We provide a Safari App Extension to our customers. It follows the standard Safari Extension App layout - the Extension is inside the App, the App takes care of installing the Extension in Safari. The Extension requires the Input Monitoring and Screen Recording permissions to be granted from the user. At some point during its execution, the Extension runs the code that triggers the TCC permission prompt. When the user goes to Security & Privacy Preferences dialog and clicks on the checkbox next to the Extension entry to grant the permission, the checkbox remains unchecked, however, the permissions are actually granted. This is the issue, and it is confusing for the user. Moreover, if the user decides not to grant the permissions (closes the initial prompt by clicking on the 'Deny' button) s/he will be prompted again when the Extension runs the next time (and every time). The App that contains the Extension does not suffer the same problem. Its entry in Security & Privacy Preferences responds correctly to checking/unchecking the checkbox. Unfortunately, the permissions granted to the app do not apply to the Extension contained within. Querying the main TCC database (/Library/Application Support/com.apple.TCC/TCC.db) shows one kTCCServiceListenEvent entry for the app, identified by its BundleID (permissions granted). For the Extension there are two entries - one identified by the the BundleID (permissions granted) and the other identified by the path to the Extension (permissions not granted). kTCCServiceListenEvent|/Volumes/Common/Sandboxes/Monterey/AppExtPermissons/DerivedData/AppExtPermissons/Build/Products/Debug/AppExtPermissons.app/Contents/PlugIns/AppExtPermissons Extension.appex|1|0 kTCCServiceListenEvent|com.gemalto.AppExtPermissons|0|2 kTCCServiceListenEvent|com.gemalto.AppExtPermissons.Extension|0|2 The system logs show some tccd-related errors when trying to check the checkbox: Console logs when trying to grant permissions We suspect this might be the reason why the checkbox next to the Extension entry under Input Monitoring in Security & Privacy does not respond to clicks. The same problem applies to granting Screen Recording permissions to the Extension. I constructed a minimal example based on the default Safari App Extension project - basically only added code that would trigger the permission granting prompt in the App and the Extension. Can provide a link to a zip if deemed useful. Are we doing something wrong, maybe missing an ID or a plist string somewhere?

Hey! We are developing a Safari Web Extension which requires the background script for localhost Web Socket communication (it doesn't work if we try to connect from the injected content script), everything works fine but we need it to be accessible from any URL since we have a SDK that is distributed to the customers and the domain name depends on each of them, is there a way to do this? Or is there any workaround to not have to use browser.runtime.connect or browser.runtime.sendMessage for communication between the injected content script and the background script? We have tried to use <all_urls> but that's not allowed for externally_connectable. Thanks!

Ignoring the fact that we still need to use MV2 in order to use webRequest in Safari (with the persistent: true flag set, a requirement not needed in FireFox MV2), there are certain requests that never have a request side event raised for them, but do have their associated response side events raised. I've noticed this specifically for cases where the request contains a raw or binary request body. A simple way to reproduce this, is to log into Twitter which uses binary payloads. You will notice if you add listeners to any of onBeforeSendHeaders,onSendHeaders, or onBeforeRequest that you get zero events for any request that would be the login request. Now if you also add a listener to onResponseStarted however, you will get a response event for the login request (including the requestId of the request that never had a request side event raised). Please could Safari just do what FireFox and Chromium do and have the request body be stored in either requestBody.formBody (if the payload was of a form-like mime type), or if not just have the raw data stored in requestBody.raw. At this point, I'd even take the requestBody being a parsed form object OR a binary array, but having the request event just swallowed by the browser, I'm assuming due to it being unable to parse it to an object, is poor. The webRequest API for Safari is completely unaligned to Chromium based browsers and FireFox. In Chromium webRequest works just fine with MV3 service workers, and in FireFox it works just fine with non-persistent background scripts. As for webNavigation, the APIs behaviour seems unaligned too. I mean, entering a new URL into the address bar of the current tab doesn't even raise a navigation event. This seems like one of the most basic navigation related actions that an extension would want to know about. :exploding-head:

I am trying to write a safari web extension that redirects users to Y URL if they type X URL without ever loading the X URL. The piece of code that I have attached below works smoothly on chrome, but not on safari. background.js function onBeforeNavigate(event) { const redirectURL = "https://google.com/" chrome.tabs.update(event.tabId, { url: redirectURL }) } chrome.webNavigation.onBeforeNavigate.addListener(onBeforeNavigate,{ url: [ {urlMatches: "https://girlcodeit.com/*"}, {urlMatches: "http://girlcodeit.com/*"} ] }) manifest.json "manifest_version": 2, "name": "", "description": "", "version": "1.0", "background": { "scripts": [ "background.js" ] }, "permissions": [ "webNavigation", "tabs" ] } I have tried writing browser.tabs.update and just tabs.update in place of chrome.tabs.update in safari version, no change. I want to achieve the redirection anyhow through a safari web extension, please suggest changes in this one or share any other approaches. webRequestBlocking is not supported by Safari, so that doesn't work either.

Hey, Is it possible to automatic install AppStore extension on Mac clients without interaction from the user? We have a lot of users who don't have an Apple ID. And as we have quite a lot of freelancers and temporary workers we mostly have users without an Apple ID and find it not making sense for these users to create an ID. Any ideas? Thanks.

I'm building a Safari content blocker extension. The app is able to use SFContentBlockerManager.reloadContentBlocker to update the content blocker's JSON rules. However, I'm also trying to update the rules in the background through a daemon. The daemon app is embedded inside the main app, and is registered by the main app through SMAppService. The issue I'm running into is I can't get both the GUI app and the daemon to both update the content blocker: If I embed the Safari extension inside the main app and not the daemon, the main app is able to update the extension, but the daemon fails with an "operation couldn’t be completed" error (supposedly because it isn't the owner of the app) Alternatively, if I embed the extension inside the daemon, the main GUI app can no longer update the extension (also failing with "operation couldn't be completed" If I try to embed the extension inside both the main app and the daemon, it works fine when running from Xcode, but App Store Connect verification fails because it won't allow an bundle ID with two periods after the main app ID (e.g. the main app is com.example.App, the daemon is com.example.App.daemon, and the extension is com.example.App.daemon.extension) I'm wondering if I'm missing something here? Is there a way to get Safari to recognize both the main app and the daemon as "owners" of the extension? Thanks in advance!

My Chrome extension runs fine on Chrome, but when I use the following command to run it on Safari, I find that the result returned by chrome.runtime.sendMessage is always Undefined. xcrun safari-web-extension-converter --app-name MySafariTest dist The following is my code content.js: async test() { return chrome.runtime.sendMessage({ method: "test" }) } let result = await this.test() // result is always undefined background.js: chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { sendResponse("test123") }); I want to know if there is any way to make the content script and background script of Chrome communicate normally in Safari?

safari web extensions cannot carry cookies through jquery ajax in popup scripts. I found that it is possible in Chrome, but when converted to run on Safari using safari-web-extension-converter, the ajax requests do not pass the cookie over. Is there any way to solve this problem?

To reproduce this bug: Create a simple Safari App Extension using the SFSafariWindow.getAllTabs method Open a few tabs in Safari and save them to a named tab group Quit Safari with Command + Q Open Safari and navigate to the saved named tab group (do not navigate to other tabs, those non-active tabs will be suspended until we navigate to them) Trigger the SFSafariWindow.getAllTabs method in our Safari App Extension Ideally we should get all tabs in the tab group of the window, but instead we only get the active tab Did I miss anything to make it work as expected?

I am writing a midi polyfill, to bridge Core Midi with Safari. This, in itself, is not a problem. The problem is that the Web Extension will get suspended the moment it's no longer actively called. This means that no callbacks due to midi changes from core midi can be passed back to the web page. If I use a setInterval call in background.js, then this keeps the extension alive somewhat, but the setInterval self ping will get aborted eventually, making the Extension suspend itself. I know of a fairly contrived workaround using the container application over XPC, but I am hoping there is a way to keep the Web Extension alive - or at least keep a thread in the same process as the Web Extension alive. Or any such workaround. Setting background to "persistent": true does not seem to make any difference.

Hi Everyone, We are using mac os 13.6.1, Xcode Version 14.2 (14C18). We have create a new target in the project for "Share Extension". After running the code our app is not visible when we share content from apple news and safari. Please do let me know in case anyone need more information. Thanks in Advance.

Hi, Currently, our app extension needs to get PDF file( Safari generates itself from the url) with Reader PDF options mode( or PDF options mode). So, How to get PDF file in Safari with Reader PDF options mode( or PDF options mode) for our app extension? Is there any need to declare anything special in the Info.plist file of the extension? Does the Safari extension support exporting these PDF files? Or only used for OS default apps? Thanks.

Hi. For my Safari Web Extension, using getMatchedRules() from declarativeNetRequest does not seem to work. I've declared the permission for declarativeNetRequestFeedback in my manifest.json file and tried the activeTab permission too. getMatchedRules() was added in a previous Safari release and was adjusted in Safari 16.4. I'm using Safari 16.5. It only returns an empty array when it's called. I know the rules are there and they're being applied from the static rules json, it's just that getMatchedRules() is not showing them for some reason. I'm using: const rules = await browser.declarativeNetRequest.getMatchedRules(); But it only ever returns: {rulesMatchedInfo: []} Can anyone tell me what I'm doing wrong please? The same code works fine in Chromium based browsers. Thank you.

Is there a way to pass/read cookies from SFSafariViewController to my application?

Hi, I'm trying to convert a chrome extension to a safari extension and I have some unsupported permissions that don't work in safari. They are chrome.enterprise.networkingAttributes and chrome.enterprise.deviceAttributes Is there a way to get the ip address of the device in a Safari extension. The page we use this in is written in typescript. Thank you

In Safari 17.0 App Extension user is able to modify per-site permissions due to which extension is not able to inspect the url's and content. Is there any way to restrict the user from modifying per-site permissions for the specific extension through api or mdm ?