I am wondering if Safari Web extension have Single Purpose Policy like Chrome. Here are some description on Single Purpose Policy, reference from https://developer.chrome.com/docs/extensions/mv3/single_purpose/#three . Please let me know if Safari extension has policy like this, thanks!

Declarative net Request modify header rule is not working for safari. Works fine on all other browsers (chrome, edge , FF etc) Error: [Error] Error: Invalid call to declarativeNetRequest.updateDynamicRules(). Error with rule at index 0: Rule with id 100 is invalid. The header x-source is not recognized. > > let x = [{ "id": 100, "priority": 1, "action": { "type": "modifyHeaders", "requestHeaders": [ { "header": "x-source", "operation": "set", "value": "test" } ] }, "condition": { "urlFilter": "https://*/*" } }] await browser.declarativeNetRequest.updateDynamicRules({ addRules: x }); However, if I change the header name to "Origin" it works. Is there a restriction on which all header names are supported?

We have a native safari extension for macOS with an NSTokenField and completions. When clicking one of the completions in the list, the window for the extension closes as though you had clicked outside of it, even if you click in the portion that intersects the popup. If I run the extension as a regular app, the issue doesn't happen. The click registers and adds the token from the completion list. I filed feedback (FB12606023), but need to fix the issue also. Is this somehow expected in a popup?

Sometimes Safari is rendering the icon for an active extension in its original provided colored representation, other times Safari is applying an overlay color in line with the system's highlight color. This difference can even be seen seen on the Safari Extensions Developer home page: https://developer.apple.com/safari/extensions/images/extensions-hero-large_2x.png You will notice that Grammarly's icon is shown in it's original color format, while the others aren't. Example of extensions where the icon is shown in color: Bitwarden Grammarly 1Password Consent-O-Matic I've compared the source code of Bitwarden and Consent-o-Matic with my own extension and cannot find any differences in the settings or image properties (resolution, DPI, file type, color profile). If I take the exact PNG source files from said open source extensions and replace them in my own source code, these icons show up in full color. Does this perhaps mean there is a bug in Safari's processing of the icons where it fails to overlay the icon with the highlight color in some cases? I and I assume many developers with me would like to understand what determines this difference. Ideally, there is a consistent UX where the end user has the choice between icons in color or highlight color overlay.

Hi From the video, Safari will pop up a banner for these enabled app extension, which can let user set per-site option, when upgrade to Safari17(MacOS14). Such as following: For enterprise, there are too many users install app extensions. We want to set these by management tools. We have following questions: For upgrade users, Is there any way or tools to disable this banner or grant "ALLOW" for user automatically? Such as MDM tools. For fresh install user, is there any way to grant per-site permission automatically by MDM tools or others? Thanks. Best wishes eric_wang_mac

We are not able to enable our enterprise safari extension by default at the time of installation. We would like to know if it is possible ? If Yes, what are the ways or can you point to the reference documentation for the same, where we can find the steps to deploy safari extension in the enterprise without user intervention.

Hello, According to MDN, Safari v15.4+ should fully support declarativeNetRequest.Redirect, including regexSubstitution, but when I use it in a rule I get this: Rule: EXT_PAGE = '/hello.html'; RULES = [{ id: 1, action: { type: 'redirect', redirect: { regexSubstitution: EXT_PAGE + '#\\0' }, }, condition: { requestDomains: ['example.com'], regexFilter: '^.+$', resourceTypes: ['main_frame', 'sub_frame'], }, }]; browser.declarativeNetRequest.updateDynamicRules({ removeRuleIds: RULES.map(r => r.id), addRules: RULES, }); Error: Invalid call to declarativeNetRequest.updateDynamicRules(). Error with rule at index 0: Rule with id 1 is invalid. redirect is missing either a url, extensionPath, or transform key.

I am currently utilizing local servers to facilitate interactions with local resources. However, I am exploring if there are solutions that would enable direct file access through the file:// protocol. I cannot access the developer tools and feature flags. Specifically, the option "Show features for web developers" seems to be deactivated. This is happening within the ASan WebKit build. I am running this using Tools/Scripts/run-safari. Any insights or potential solutions to these issues would be greatly appreciated.

browser.scripting.registerContentScripts was introduced in Safari 16.4. However, in Safari 16.6, we have just noticed that browser.scripting.registerContentScripts removes content scripts declared in the manifest (FB12817504). Any work-arounds?

0 I integrate with safriService (SFSafariViewController) to log in through a single sign-on password, the problem was the first time I log in using SFSafariViewController but the authentication follow not complete the first time so the safari browser still appear & can not direct into my app after authentication follow to become a success, another behavior is when I login again the authentication follow work fine & get the token then directed into my app fine so the main problem is the first time I login SFSafariViewController does not catch the user auth if let url = URL(string: "url") { let safariVC = SFSafariViewController(url: url) safariVC.delegate = self safariVC.dismissButtonStyle = .done present(safariVC, animated: true, completion: nil) } extension DouWebViewVC: SFSafariViewControllerDelegate { func safariViewController(_ controller: SFSafariViewController, didCompleteInitialLoad didLoadSuccessfully: Bool) { if didLoadSuccessfully { print("didLoadSuccessfully") // Do something with the URL here } } //initialLoadDidRedirectTo func safariViewController(_ controller: SFSafariViewController, initialLoadDidRedirectTo requestUrl: URL) { let absoluteUrl = requestUrl.absoluteString print("requestUrl(requestUrl)") } func safariViewControllerDidFinish(_ controller: SFSafariViewController) { print("safariViewControllerDidFinish") } }

Hi! I'm working on an iOS Safari extension that has a ServiceWorker. Lately we've noticed that this ServiceWorker seems to get killed seemingly at random, and there are no logs or crash reports to tell us what happened. I'm hypothesizing that iOS might be shutting down Safari ServiceWorkers when the ProcessInfo.thermalState approaches .serious. I have circumstantial evidence that our ServiceWorker tends to get killed more often at higher levels of thermalState but can't yet say conclusively that this is the case. I can't find any direct evidence of this on internet searches either. Is anyone able to shed light onto this topic? The specific symptoms are: ServiceWorker stops, and the menu entry for its console window no longer appears on macOS Safari. No crash logs via Xcode or Sentry, and no Console messages as far as we could tell (caveat: MobileSafari generates a LOT of messages! We might have missed it.) If attached via debugger, the native part of our extension just disappears and the debugger loses connection with no error message. ServiceWorker no longer works for the lifetime of the Safari process. Sometimes, when we kill Safari and restart, we can get the ServiceWorker back. This usually requires toggling our extension's "enabled" state in system settings. In some cases, even killing/relaunching Safari and toggling the system setting doesn't bring our ServiceWorker back. I'm hypothesizing right now that this happens when the thermal state is high. I've tried simulating a serious/critical thermal state in the Xcode Devices window, but couldn't repro the ServiceWorker problem. I don't know if that setting affects the whole system, though, or just our own apps. Help appreciated! Yuna

I can check if my Safari app extension is enabled using the SFSafariExtensionManager getStateOfSafariExtensionWithIdentifier API for default. But in case the user disables the extension for his own profile, I want to know if my safari app extension is enabled in that particular safari profile programatically using API. I'm trying this with Safari 17 on macOS 14 Beta. It's possible? If so, what API can do this for me?

I've created a Safari Extension app using the MultiPlanform option. I can successfully distribute the iOS app for beta testing with TestFlight, but when I try to do this with the macOS version, I get the following error: The product archive is invalid. The Info.plist must contain a LSApplicationCategoryType key, whose value is the UTI for a valid category. For more details, see "Submitting your Mac apps to the App Store". For the record, I searched for the mentioned document and couldn't find it. A link would be nice. Regardless, when I look at the macOS (App) in the Navigator Panel, there is no Info.plist file. There is one, however, in iOS (App). When I open Test Flight on my Mac, I see the app, but that's most likely because I have an M1 chip. I can't find any documentation on this, so I'm asking: Do I need to create an Info.plist file for the macOS (App), and if so, what do I need to put in there? If I don't need this, how do I deal with this error? Thanks in advance for any helpful advice.

I recently saw Carrot Shopping has a Allow Permissions badge next to its mobile safari extension icon in the toolbar for prompting user to allow permissions. I searched everywhere including the official safari extension documentation for turning this feature on for our extension, but I haven't been able to find anything related to this badge. Has anyone have any experience enabling this badge for their mobile safari extension? Would be super helpful if someone can guide me to the right documentation.

I have a Safari extension needs to store more than 10GB data in indexedDB. I added unlimitedStorage permission to my extension, but there's still a limitation about 1.5GB, after write 1.5GB data in indexedDB, all put operation will failed with 'Failed to PutOrAdd in database because not enough space for domai' At this time, storage.local can still write. I'm not sure why, but Firefox and Chrome both can give unlimited storage for the indexedDB, so, please apply the permission also for indexedDB! It's hard to manage a big data by the raw storage.local API.

Hello, I have developed a Safari extension that intercepts browser requests. I'm utilizing the chromeWebRequest API for this purpose. You can find more information about it here: https://developer.chrome.com/docs/extensions/reference/webRequest/ I have successfully retrieved all the headers for the request. However, I am facing an issue when trying to retrieve the request body, particularly when the content-type of the request is multipart/form-data. I would greatly appreciate any assistance with this matter. Thank you.

Hello, I have a browser extension that is already released for other browsers, and I want to start releasing for Safari as well, and I have a few questions about the payments system. My extension allows users to unlock features by making a payment through Stripe or PayPal and receiving a license key. For Safari I want to use Apple’s IAP system as I already know that this is a requirement but I also want to allow people that already purchased the license through other browsers to use it with Safari. So my question, Am I allowed to allow people bring their license keys purchased from other browsers? Throughout the Safari extension I will only use Apple’s IAP system and offer the same price as on other browsers. So I will not ”reward” people with discounts if they use other payment processors outside of Safari. Thank you!

Hello, I am trying to download a file from the extension's settings page with the following code, but I cannot set the filename no matter what I try. It keeps downloading as Unknown.txt. The same code works well if I do it through a hosted page with an actual URL. let downloadFile = function(contents, filename) { var element = document.createElement('a'); element.setAttribute('href', 'data:application/octet-stream,' + encodeURIComponent(contents)); element.setAttribute('download', filename); element.style.display = 'none'; document.body.appendChild(element); element.click(); document.body.removeChild(element); } downloadFile('test', 'file.txt'); Is this intended or a bug?

Hi, I converted chrome extension MV3 to safari web extension. The privacy api is not supported in safari, https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy. Is there other equivalent api that can be used in Safari?

Hello, In the latest macOS Sonoma and Safari 17 update, Safari App Extensions that were previously running without any issues (for years) suddenly stopped working. Digging a little into the source code and debugger, I found out that basic API calls do not work anymore, for example: SFSafariApplication.getActiveWindow { (window) in ... } or the async version: let window = await SFSafariApplication.activeWindow() getActiveWindow callback is never called and let window = await ... waits forever. Is there anything updated in the security model of Safari 17 that I should be aware of? Or any API updates. I repeat, the extensions worked for 5 years without any issue and also work perfectly in Safari 16 and macOS Ventura. Thank you.