Hi, I'm trying to convert a chrome extension to a safari extension and I have some unsupported permissions that don't work in safari. They are chrome.enterprise.networkingAttributes and chrome.enterprise.deviceAttributes Is there a way to get the ip address of the device in a Safari extension. The page we use this in is written in typescript. Thank you

In Safari 17.0 App Extension user is able to modify per-site permissions due to which extension is not able to inspect the url's and content. Is there any way to restrict the user from modifying per-site permissions for the specific extension through api or mdm ?

If I store a wep page as WebApp on MacOS, as described here: https://support.apple.com/de-de/104996 I cant use any Safari plugins in that WebApp How to use plugins? is it blocked by MacOS/Safari generally? Does the Safari Plugin/Extension need to support this explicitly?

I'm not sure what is special about Gmail of if this is an issue on other sites as well, but my declarativeNetRequest rules are totally ignored in a Safari Extension that runs on Gmail. I make an web extension that blocks email trackers (1x1 pixel images embedded in emails to track if and when you open email sent to you). All images in Gmail are loaded through Google's proxy: googleusercontent.com/proxy/#originalURL But no matter what I do, I can't block a single image that is loaded in an email. To try and prove it is a bug in Safari, I created a new template web extension in Xcode. I block all resourceTypes (images and other should be all that is needed) and added two rules: Block all images loaded through Google's proxy server (this should block all embedded images in all emails) Block any image with copper in the URL (just in case the blocking doesn't apply to the proxy root url for some reason). {   "id": 1,   "priority": 1,   "action": { "type": "block" },   "isUrlFilterCaseSensitive": false,   "condition": {    "regexFilter": "googleusercontent.com/proxy",    "resourceTypes": [     "image",     "media",     "main_frame",     "sub_frame",     "stylesheet",     "script",     "font",     "xmlhttprequest",     "ping",     "websocket",     "other"    ]   }  },  {   "id": 2,   "priority": 1,   "action": { "type": "block" },   "isUrlFilterCaseSensitive": false,   "condition": {    "regexFilter": "copper",    "resourceTypes": [     "image",     "media",     "main_frame",     "sub_frame",     "stylesheet",     "script",     "font",     "xmlhttprequest",     "ping",     "websocket",     "other"    ]   }  } ] = = = = = = Even though I know this isn't needed, I also added the requester domain (mail.google.com) and the proxy domain (googleusercontent.com) to the permissions list in the manifest file: ... "declarative_net_request": {    "rule_resources": [{      "id": "ruleset_1",      "enabled": true,      "path": "rules.json"     }]   },  "permissions": [    "declarativeNetRequest",    "*://mail.google.com/*",   "*://*.googleusercontent.com/proxy/*" ] = = = = = = If I open an email from copper, the image still loads in Gmail: = = = = = = If I right click and select "Open Image in New Tab", the image will not load and I am told it was blocked = = = = = = If I open a test page that has two images in it, one the image from the email, the image is blocked and the other image is not (as expected, the second image is from wikipedia and should not be blocked) = = = = = = Running the same extension in Chrome DOES block the image in Gmail (and in all the other cases too) = = = = = = Sidenotes: This is a reposting of this post which was locked when the wwdc21-10131 tag was applied to the post which disabled my ability to reply, comment, or update the post. Please do NOT apply tags that lock the post. As requested on the original post by @bweinstein, I filed a bug report on Feedback assistant under FB 10544296 last year and haven't gotten any replies on it. I verified before reposting this (on Mar 1, 2023) that the bug still exists.

I'm not sure what is special about Gmail, but my declarativeNetRequest rules are totally ignored. I make an web extension that blocks email trackers (1x1 pixel images embedded in emails to track if and when you open email sent to you). All images in Gmail are loaded through Google's proxy: googleusercontent.com/proxy/#originalURL But no matter what I do, I can't block a single image that is loaded in an email. To try and prove it is a bug in Safari, I created a new template web extension in Xcode. I block all resourceTypes (images and other should be all that is needed) and added two rules: Block all images loaded through Google's proxy server (this should block all embedded images in all emails) Block any image with copper in the URL (just in case the blocking doesn't apply to the proxy root url for some reason).  {   "id": 1,   "priority": 1,   "action": { "type": "block" },   "isUrlFilterCaseSensitive": false,   "condition": {    "regexFilter": "googleusercontent.com/proxy",    "resourceTypes": [     "image",     "media",     "main_frame",     "sub_frame",     "stylesheet",     "script",     "font",     "xmlhttprequest",     "ping",     "websocket",     "other"    ]   }  },  {   "id": 2,   "priority": 1,   "action": { "type": "block" },   "isUrlFilterCaseSensitive": false,   "condition": {    "regexFilter": "copper",    "resourceTypes": [     "image",     "media",     "main_frame",     "sub_frame",     "stylesheet",     "script",     "font",     "xmlhttprequest",     "ping",     "websocket",     "other"    ]   }  } ] Even though I know this isn't needed, I also added the requester domain (mail.google.com) and the proxy domain (googleusercontent.com) to the permissions list in the manifest file: ... "declarative_net_request": {    "rule_resources": [{      "id": "ruleset_1",      "enabled": true,      "path": "rules.json"     }]   },  "permissions": [    "declarativeNetRequest",    "*://mail.google.com/*",   "*://*.googleusercontent.com/proxy/*" ] If I open an email from copper, the image still loads in Gmail If I right click and select "Open Image in New Tab", the image will not load and I am told it was blocked If I open a test page that has two images in it, one the image from the email, the image is blocked and the other image is not (as expected, the second image is from wikipedia and should not be blocked) Running the same extension in Chrome DOES block the image in Gmail (and in all the other cases too)

When using a content rules file prepared for Safari with a size of, for instance, 20MB, we encountered a crash on iOS 17. This is surprising given that just a few versions back Safari has increased the content rules limit to 150k. Now with this issue introduced, even when a content blocker is under the old 50k limit, we may not be able to register it. Technical Details: We use a class that implements the beginRequest(with context: NSExtensionContext) method from the NSExtensionRequestHandling protocol. For this implementation, we utilize NSItemProvider initialized with init(contentOf: URL), where the URL points to path/to/file.json. The crash arises when invoking context.completeRequest(returningItems: [], completionHandler: nil), with context being an instance of NSExtensionContext. Notably, using the same 20MB file and identical code, no such crash was observed on iOS 16.6.1 or iOS 12.5.7. Steps to Reproduce: In the host app, invoke SFContentBlockerManager.reloadContentBlocker(...). Within the beginRequest(with context: NSExtensionContext) method of the class implementing the NSExtensionRequestHandling protocol:Instantiate NSItemProvider(contentOf: <PATH/TO/FILE.json>) using a large-sized rule set (e.g., 20MB or more). Execute context.completeRequest(returningItems: [], completionHandler: nil). Note: The issue is specific to iOS 17. On other versions, no crash is observed. Expected behavior: The content blocker extension should operate without crashing. Actual behavior: The content blocker extension crashes. Also, we have opened another ticket in Feedback Assistant, its ID: FB13282146. UPD: We recently tested on iOS 17.1.1, and the issue still persists.

When using password autofill on Safari 17.1 (Sonoma 14.1 on M1 Mac), and a third party password manager, the quicktype bar doesn't appear. However on an Intel Mac with the same version of Sonoma and same Autofill configuration, it works as seen on Ventura. Feedback assistant report has been submitted (FB13333122).

Hi there, I've run into an issue when using runtime ports to communicate between the popup and the background of an extension. Specifically, onConnect (in the background page) is not being triggered when my extension page is displayed subsequently to a Declarative Net Request Redirection. Basically, I have DNR that redirect from 'app.mydomain.com' to my extension with a rule such as : { priority: 1, action: { type: 'redirect', redirect: { regexSubstitution: `safari-web-extension://mknlkpphjfngbollbeipeekihpdomdmd/index.html\\1#/\\2`, }, }, condition: { regexFilter: `^https?://w*\\.?app\\.mydomain\\.com(\\??[^/#]*)[^#]*#?/?(.*)$`, resourceTypes: ['main_frame'], }, }, The redirect works fine, but the onConnect is never triggered in the background page. If I load the page extension directly (without a redirect being done), it works absolutly fine. I see no error or warning. Any idea on why this issue occurs and how I could solve it ? Thanks a lot

Hello, I have a macOS app that helps navigation through running apps published on the App Store. I would like to create a Safari extension for macOS that would allow the user to open directly one of the last used tabs. Activate a tab is not a problem following the documentation, but my question is: can I allow the opening of a tab that is not in the frontmost window of the current instance of Safari? Security policies about window.focus() function are restrictive also for code executed directly in the "background" script of the extension? P.S. For example, in a Sandbox application you cannot activate directly a window but just a running application as it was left, so I cannot select the interested Safari's window from the macOS app. Thank you!

Hi guys I'm developing an extension for Safari using web browser api but Safari does not support management object and getSelft() function. Does anyone know how to check if the extension is installed in development mode? window.browser.management.getSelf(({ installType }) => { if(installType === "development") { // Do some stuff... } })

Hello, I am in the process of converting a Web Extension to a Safari Extension. I need to use browser.downloads.onCreated.addListener in my extension but the browser.downloads API is not supported yet. Do I have another way to do that?

I made a extension using safari extension in Xcode, I tried to find ways to run it and test, was able to test it but was not able to add it on my safari, is there any guidance or solution for it?

Hello, I try to develop extension for safari. I edited info.plist but I can't see my menu items. My Info.plist page <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NSExtension</key> <dict> <key>NSExtensionPointIdentifier</key> <string>com.apple.Safari.web-extension</string> <key>NSExtensionPrincipalClass</key> <string>$(PRODUCT_MODULE_NAME).SafariWebExtensionHandler</string> </dict> <key>SFSafariContextMenu</key> <array> <dict> <key>Text</key> <string>Search for selected text in MyApplication.</string> <key>Command</key> <string>Search</string> </dict> <dict> <key>Text</key> <string>Add an entry for selected text in MyApplication.</string> <key>Command</key> <string>Add</string> </dict> </array> <key>SFSafariWebsiteAccess</key> <dict> <key>Level</key> <string>All</string> </dict> </dict> </plist>

Hello, I would like to track the amount of downloads, on Apple Store, of users coming from the Safari Smart Banner. The smart banner is displayed but we don't have any data in Apple Store. How can I track these downloads? We have a campaign link and I've tried three different ways and it didn't work. Thanks. I've tried: <meta name="apple-itunes-app" content="app-id=605512447, affiliate-data=pt=2000418&ct=iOS%20Smart%20Banner&mt=8”/> <meta name="apple-itunes-app" content="app-id=605512447, affiliate-data=pt=2000418&ct=iOS%20Smart%20Banner”/> <meta name="apple-itunes-app" content="app-id=605512447, affiliate-data=ct=iOS%20Smart%20Banner”/>

I'm porting a Chrome extension to Safari. The Chrome extension's manifest version is 3 and must stay 3. I've encountered an error around webRequest API where Safari allows this API only on persistent background pages which available only on manifest v2. So, my questions are: Is it possible to use webRequest API on manifest v3 Safari extension? If no, is there any alternative API to listen to requests? Is it something that going to be supported soon? It feels really strange that his basic API is not supported by Safari while the rest of browsers supports this.

Hi, I converted chrome extension MV3 to safari web extension. The privacy api is not supported in safari, https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/privacy. Is there other equivalent api that can be used in Safari?

Hello, I am trying to download a file from the extension's settings page with the following code, but I cannot set the filename no matter what I try. It keeps downloading as Unknown.txt. The same code works well if I do it through a hosted page with an actual URL. let downloadFile = function(contents, filename) { var element = document.createElement('a'); element.setAttribute('href', 'data:application/octet-stream,' + encodeURIComponent(contents)); element.setAttribute('download', filename); element.style.display = 'none'; document.body.appendChild(element); element.click(); document.body.removeChild(element); } downloadFile('test', 'file.txt'); Is this intended or a bug?

Hello, I have a browser extension that is already released for other browsers, and I want to start releasing for Safari as well, and I have a few questions about the payments system. My extension allows users to unlock features by making a payment through Stripe or PayPal and receiving a license key. For Safari I want to use Apple’s IAP system as I already know that this is a requirement but I also want to allow people that already purchased the license through other browsers to use it with Safari. So my question, Am I allowed to allow people bring their license keys purchased from other browsers? Throughout the Safari extension I will only use Apple’s IAP system and offer the same price as on other browsers. So I will not ”reward” people with discounts if they use other payment processors outside of Safari. Thank you!