Sometimes the Safari App Extension i'm developing does not show up in my Safari Extensions unless i change mu bundle identifier to some unique name. Even if I delete all other apps i've built with the same (and different) bundle ID, the extension is still does not show up. The only solution for me is to always change the bundle ID. For example: Now it is "kopyl.tab-finder-10" If i change it to "kopyl.tab-finder-11", the extension does show up in the Safari extensions settings page again. Is there any other way to fix it?

I am currently developing a Chrome, Firefox and Safari web extension, and I am facing a CSP issue on the content script on Safari. The extension I develop has a content script that injects an img tag in the DOM of web pages the user is visiting. That img tag fetches its content at a specific URL. On Chrome and on Firefox, the img tag content fetches the content at the URL with no issue on every web pages, including those that set the CSP header img-src. On Safari, I'm getting the following error on web sites that set the img-src CSP header: Refused to load https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113 because it does not appear in the img-src directive of the Content Security Policy. Here is the actual CSP img-src header content of the web page where, on Safari, the injected img tag does not load the content at https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113: Content-Security-Policy: img-src https://secure.adnxs.com https://www.facebook.com https://.garmin.cn 'self' data: .garmin.com .trustarc.com .truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://.criteo.com https://.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://.teads.tv https://www.googletagmanager.com https://bat.bing.com https://.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com .akamaihd.net https://.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com; My question is, is the page CSP blocking the img tag injected in the web page by the extension's content script? If so, is this behavior documented somewhere, or is it a Safari bug? I saw there is a similar post on the forum, but I couldn't find if the issue is a bug or if it's the expected behavior on Safari: https://developer.apple.com/forums/thread/651542?login=true. Thank you very much for your help.

As of IOS 18.3, there browser.tabs.create methods active property which is supposed to determine whether a tab get open in the active window or not is not working as it should. I have the active property set to false but the tab still gets opened and is active on the window. Tested on older ios versions 18.2 and below and it works as it should. please advise

hi, I'm having an issue with Safari devlop menu "Web Extension Background Content" menu item being grayed out. I cant do any debugging right now and its becoming mission critical for us. Any help is appreciated. Thank you,

We have a Web Extension that uses firebase for auth. It was working fine until the latest version of Safari 18.3 got released few days ago on January 27, 2025. All of out extension versions stopped working on it; even the ones that are published on App Store. It uses FirebaseJS v9.23.0. Same version of the extension are working fine on other browsers. We use onAuthStateChanged to listen to auth related events; but it is never fired now.

Hello, I am developing Safari Content Blocker extension and discovered that it frequently fails to load with large amount of rules. Currently I have over 45k and most of the time when I reload the extension on iOS 18 (iPhone 12) it ends with error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.SafariServices.ContentBlockerLoader" UserInfo={NSDebugDescription=connection to service named com.apple.SafariServices.ContentBlockerLoader} #0 And the simpler message is just: Couldn’t communicate with a helper application. From what I managed to find (for example here - https://developer.apple.com/forums/thread/756931) the limit for blocking rules should be 150k items. It was previously 50k but got increased years ago. Is there anything special I need to do to get the extension to work reliably with say 100k items? I am usng the JSON format from the docs: { "trigger": { ... }, "action": { ... } }, { "trigger": { ... }, "action": { ... } } ] My trigger is url-filter and the action is type: block I was thinking about providing multiple JSON files in attachments property of NSExtensionItem but apparently that is not supported. Thanks for help!

I want use the Safari Extension to decorate the window.fetch function, But No matter how I try, I can't get the fetch function to execute correctly. I was going through the documentation: https://developer.apple.com/documentation/safariservices/using-injected-style-sheets-and-scripts and found this sentence: "Injected scripts have an implied namespace — you don’t have to worry about your variable or function names conflicting with those of the website author, nor can a website author call functions in your extension. In other words, injected scripts and scripts that you include in the webpage run in isolated worlds, with no access to each other’s functions or data." Does this mean I can't modify the window object in the content script just like a Chrome extension does with the webpage? BTW, In chrome I use chrome.scripting.executeScript API, and in plasmo I just use world: "MAIN" content script's config to achieved this feature.

I have an extension which was working fine on older Safari version, but it is getting killed after I upgraded the browser to Safari 18 and higher. From the system logs I could see, Safari is sending the KILL signal to my browser 2024-11-12 13:51:01.536167-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] signal service: caller = Safari[45238], value = 0x9 2024-11-12 13:51:01.536453-0600 0xfab Default 0x0 382 7 WindowServer: (SkyLight) [com.apple.SkyLight:default] [ ConnectionDebug ] Closing conn 0xf955b, PID 45463 in session 257 on console2024-11-12 13:51:01.536474-0600 0x95b674 Default 0x0 1 0 launchd: [gui/503 [100018]:] service inactive: com.apple.xpc.launchd.unmanaged.SafariExtension.45463 2024-11-12 13:51:01.536479-0600 0x95b674 Default 0x0 1 0 launchd: [gui/503 [100018]:] removing inactive unmanaged service: com.apple.xpc.launchd.unmanaged.SafariExtension.454632024-11-12 13:51:01.537354-0600 0x95b907 Default 0x0 354 0 launchservicesd: [com.apple.processmanager:front-35286506] QUITTING: pid=45463 asn=0x-0x176176 foreground=0 wasFront=0 2024-11-12 13:51:01.537375-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] exited due to SIGKILL | sent by launchd[1], ran for 342ms 2024-11-12 13:51:01.537380-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] service state: exited 2024-11-12 13:51:01.537384-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] internal event: EXITED, code = 0 2024-11-12 13:51:01.537385-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] job state = exited Just before this, I see a macOS error 2024-11-12 13:51:06.789342-0600 0x95b74f Default 0x0 45238 0 Safari: (Security) [com.apple.securityd:security_exception] MacOS error: -67054 This occurs only in my customer machines but not in my test machines. I have verified the code signing, certificate validity & entitlements are fine.

I am using SFSafariViewController to process payments via a Stripe checkout URL. Once the payment is completed, the user is redirected to a success URL. I have also added associated domains for deep linking. Below is my implementation: func presentCheckout(url: String) { showProgressHUD() let checkoutURL = URL(string: url)! safariVC = SFSafariViewController(url: checkoutURL) safariVC.delegate = self self.present(safariVC, animated: true) } // Delegate method implementations func safariViewControllerDidFinish(_ controller: SFSafariViewController) { print("SafariViewController dismissed") // Handle dismissal } func safariViewController(_ controller: SFSafariViewController, initialLoadDidRedirectTo URL: URL) { print(URL.absoluteString) if URL.absoluteString.contains("xsworld/payment/stripe/checkout/success") { controller.dismiss(animated: true) { if URL.absoluteString.contains("/v1/resources/xsworld/payment/stripe/checkout") { NotificationCenter.default.post( name: Notification.Name("StripePaymentStatus"), object: nil, userInfo: ["url": URL] ) } } } else if URL.absoluteString.contains("xsworld/payment/stripe/checkout/cancel") { // Handle failure NotificationCenter.default.post( name: Notification.Name("StripePaymentStatus"), object: nil, userInfo: ["url": URL] ) } } func safariViewController(_ controller: SFSafariViewController, didCompleteInitialLoad didLoadSuccessfully: Bool) { if didLoadSuccessfully { print("Initial page loaded successfully") } else { print("Initial page load failed") } } Issue: The safariViewController(_:initialLoadDidRedirectTo:) method does not always get called after the payment is completed. Sometimes it works as expected, and sometimes it does not trigger at all. What I’ve Tried: Ensuring the associated domains for deep linking are correctly set up. Checking the success and failure URLs. Debugging to see if the redirect happens but is not detected. What I Need Help With: I want to ensure that the redirection always works after the payment process is completed, whether through deep linking or another reliable approach. How can I guarantee that my app correctly detects and handles the redirect every time? Any guidance or best practices would be greatly appreciated.

Hello All, On our iOS app, we plan to show tutorial (WKWebview) only in case user has safari extension disabled. How can iOS app know about status of Safari extension. Thanks, Anup

I’m currently porting a Chrome Extension to Safari and integrating it with native messaging in a Safari Web Extension. As part of this, I’m building a proxy to forward messages between the web extension and a socket in another application, both ways. Additionally, the socket occasionally broadcasts messages that also need to be sent to the web extension. The issue I’m facing is that the app extension terminates whenever I call context.completeRequest(returningItems: nil), which prevents me from listening for incoming messages from the socket (I'm using the Network Framework). To work around this, I’ve tried not calling context.completeRequest(returningItems: nil), which keeps the app extension running. However, I’m unsure if this is the right approach—currently, I’m simply ignoring the response and relying entirely on SFSafariApplication.dispatchMessage. According to the documentation, the app extension lifecycle ends when the system terminates it, but I need to keep the socket listener active. Has anyone encountered a similar issue, or does anyone have suggestions for maintaining the socket connection while adhering to the app extension lifecycle? Any insights would be greatly appreciated!

Is there a way to read all URLs of the currently open Safari TabGroup from a Safari Extension? In macOS and iOS

I've been developing a Safari web extension for MacOS and iOS, and I'm running into a very strange issue. I ported over my Chrome extension to Safari, and for several days as I was iterating on the extension (change code, build, run, test in Safari), everything worked perfectly fine. Once I was finished with the extension, I followed the instructions on how to prepare to submit the Safari web extension (and it's containing MacOS and iOS apps) to the App Store for review. For the MacOS app and Safari web extension on Mac, I changed my target from "My Mac" (which I'd been using for testing), to "Any Mac". I then went to the "Product" menu in Xcode and selected "Archive" That's when things started to go wrong. The next time I went to Safari, my web extension could no longer find critical files to run the extension (such as background.js, popup.html, etc.) This was despite there being no code changes before or after me creating a build archive. When I restarted Safari, the extension no longer appeared in the list of extensions within preferences. No matter what I do (clean build folder and re-run, restart Safari, restart Xcode, restart computer), nothing will get my extension to show up in Safari again. Note that this does not happen with the Safari web extension in the iOS simulator. It only happens on Mac. I was confident that my extension was working, so I submitted my extension to the Mac App Store for review. It was approved, and a few users have downloaded it and it works totally fine. To further try to figure out what's going on, I created a new sample Xcode project. From the new project screen, I chose the "Safari web extension" under "Multiplatform". Without making any code changes, I build and run that project, and the default MacOS app and Safari web extension from the template. I then immediately create an archive (with no code changes). Once I try to run the project for my Mac again, the extension no longer works. So I have verified that this problem does not have to do with my extension's code, but I cannot for the life of me figure out what is wrong. I have examined every possible build setting, but given that I ran a default project template, made no changes, and it still had this problem, I'm not sure what else could be wrong.

I am a developer working on a Safari extension that handles video playback, and I’ve encountered an issue with Safari version 18.2. When I open the developer tools to inspect the browser, videos fail to play as expected. It worked well on safari version 18.1. Details: Safari Version: 18.2 Operating System: macOS Sequoia v15.2 Additional Information: I’ve tested the extension with various video formats and sites. Clearing the cache and disabling other extensions did not resolve the issue. There are no error messages displayed in the console related to the extension. If I close inspecting, then extension(video playback) works well. I would appreciate any insights or suggestions on how to address this issue, as it impacts the functionality of my extension. Thank you for your help!

Hi, I’m encountering an unexpected issue in Safari. Specifically, navigator.clipboard.writeText() fails when called from a content script in my extension immediately after sending a message to background.js while it works fine in Chrome and Firefox. Is this expected? Environment Safari 18.2 (20620.1.16.11.8) Technology Preview 210 macOS Sequoia 15.2 (24C101) Example This is a minimal reproducible example, which adds a button to example.com: https://github.com/mshibanami/ClipboarAPIIssueExample Below is the related code: // content.js copyButton.addEventListener('click', async () => { // 👇️ This call seems to trigger the issue await chrome.runtime.sendMessage({}); try { await navigator.clipboard.writeText(text); alert(`✅ Copied '${text}' to clipboard!`); } catch (err) { alert(err + '\n\n' + `navigator.userActivation.isActive: ${navigator.userActivation.isActive}`); } }); // background.js chrome.runtime.onMessage.addListener(() => { }); When I click the button, I expect the text to be copied successfully. However, I receive an error in Safari.: Interestingly, if I remove chrome.runtime.sendMessage(), the clipboard operation works without any problems. Also, note that navigator.userActivation.isActive is true, which might mean it's not related to the User Activation API. Misc. This might be related to another question I posted here: https://developer.apple.com/forums/thread/772275

Hello. We are adding a Safari extension to our app and we have some questions about communication between the app and its extension. We have added the nativeMessaging permission to the extension so that it can communicate with the app and communication between both are doing very well. Our question is about the security of communications between the two. How can we be sure the native app communicates well with the correct extension? Can the Safari extension communicate with another native app or can the native app receive messages from another extension?

I have a Safari Extension which replaces default new tab and puts a link on a generated new tab. This link can be either usual URL link, or a URL Scheme, something like plecoapi://x-callback-url/df?hw=${char}&sec=dict In iOS 17 and previosly, this link worked flawlessly. In iOS 18, including 18.2, this X-Callback-URL link works only once, if I kill Safari process, reopen Safari and tap the link. Each subsequent tap will just reload the page, link won't work anymore until the next Safari reload. Usual URL links works every time without a problem.

I'm trying to use DDM manager Safari Extensins in macOS Sequoia. I generate json and load it by mdm and ddm , but it doesn't seems to work. The json I loading is the following: { "Type": "com.apple.configuration.safari.extensions.settings", "Payload": { "ManagedExtensions": { "*": { "State": "AlwaysOn", "PrivateBrowsing": "AlwaysOn", "AllowedDomains": [], "DeniedDomains": [] } } }, "Identifier": "com.test.safari" } This following image is macOS Sequoia Console log. It show the "com.apple.configuration.safari.extensions.settings" had been run successfully, and no errors. macOS Sequoia response is the following: { "StatusItems" : { "management" : { "declarations" : { "activations" : [ { "active" : true, "identifier" : "com.example.act", "valid" : "valid", "server-token" : "5cc191206d1b1933" } ], "configurations" : [ { "active" : true, "identifier" : "com.test.safari", "valid" : "unknown", "server-token" : "29d3ec5ab48e6367" } ], "assets" : [ ], "management" : [ ] } } }, "Errors" : [ ] } you can see macOS Sequoia response , The "valid" value is always "unknown" at ""identifier" : "com.test.safari", but "Errors" is empty, Safari app don't load extensions , the SafariExtensionSettings" ddm don't work, Is there anything wrong with "SafariExtensionSettings" json? or how can I debug it

I'm trying to use DDM manager Safari Extensins in macOS Sequoia. I generate json and load it by mdm and ddm , but it doesn't seems to work. The json I loading is the following: { "Type": "com.apple.configuration.safari.extensions.settings", "Payload": { "ManagedExtensions": { "*": { "State": "AlwaysOn", "PrivateBrowsing": "AlwaysOn", "AllowedDomains": [], "DeniedDomains": [] } } }, "Identifier": "com.test.safari" } macOS Sequoia response is the following: { "StatusItems" : { "management" : { "declarations" : { "activations" : [ { "active" : true, "identifier" : "com.example.act", "valid" : "valid", "server-token" : "5cc191206d1b1933" } ], "configurations" : [ { "active" : true, "identifier" : "com.test.safari", "valid" : "unknown", "server-token" : "29d3ec5ab48e6367" } ], "assets" : [ ], "management" : [ ] } } }, "Errors" : [ ] } you can see, The "valid" value is always "unknown" at ""identifier" : "com.example.act", but "Errors" is empty, Safari app don't load extensions , the SafariExtensionSettings" ddm don't work, Is there anything wrong with "SafariExtensionSettings" json? or how can I debug this bug .

Enhancement in managing tabs in Safari It would really be awesome to bring the fascinating tab management feature of Arc Browser to Safari across iOS, iPadOS and macOS. Especially below listed features; Multitask Create Organize Rev Up Release Notes For further info , here is the official link of Arc Browser, https://resources.arc.net/hc/en-us/categories/16435255982103-Features.