I'm developing a Safari extension and need the background script to be able to use the browser.webRequest.onBeforeRequest API when certain pages are loaded (let's say, example.com pages).
I have this in my manifest.json:
...
"permissions":["*://*.example.com/*"]
...
And I have this in the Info.plist for the extension target in my macOS app:
...
<key>NSExtension</key>
<dict>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.Safari.web-extension</string>
<key>NSExtensionPrincipalClass</key>
<string>$(PRODUCT_MODULE_NAME).SafariWebExtensionHandler</string>
<key>SFSafariWebsiteAccess</key>
<dict>
<key>Level</key>
<string>Some</string>
<key>Allowed Domains</key>
<array>
<string>example.com</string>
</array>
</dict>
</dict>
...
The extension is working except that the extension does not by default have access to example.com pages. When I build the extension in Xcode and load it in Safari, then go to Safari > Preferences > Extensions > My Extension > Edit Websites, example.com is listed under "Configured Websites", but with the Ask option selected. If I update it to Allow, the extension works as expected.
How can I configure the app such that the extension automatically has access to example.com pages when the user activates it? I've seen other extensions that have access to webpages automatically, but I don't know how they do it.
Many, many thanks for your help!
Documents reviewed:
https://developer.apple.com/documentation/safariservices/safari_app_extensions/safari_app_extension_info_property_list_keys/adjusting_website_access_permissions
https://developer.apple.com/documentation/safariservices/safari_web_extensions/managing_safari_web_extension_permissions
It appears that that's the default and can't be changed. Safari simply handles the hosts in permissions as suggested websites rather than pre-approved websites. The user has to manually enable each website in the options or via the "browser action" button.
Related
I am reading conflicting information so unsure what to do.
According to this document: https://help.branch.io/developers-hub/docs/ios-basic-integration#2-configure-associated-domains
I need to submit a URL Scheme. Recommendations? Apple says reverse DNS.
According to this document: https://branch.io/glossary/uri-schemes/
URL Schemes are obsolete.
What should I do?
A Branchster here -
While most of the redirection happens through Universal Links on iOS there can be certain situations where a third-party app is not able to trigger UL and in that case, the fallback redirection using URI schemes comes into the picture.
Ideally, you should set up both Universal Links and URI schemes in your Info.plist file so that you cover all the edge cases. You can check out the recommendations for the URI scheme here though just ensure it is something unique to your app.
To start you need to configure your Branch Dashboard enabling Universal Links toggle and entering your URI scheme and app information -
You can then proceed to enter the same information in your project's Info.plist file -
<key>branch_universal_link_domains</key>
<array>
<string>sample.app.link</string>
<string>sample-alternate.app.link</string>
<string>sample.test.app.link</string>
<string>sample-alternate.test.app.link</string>
</array>
<key>CFBundleURLTypes</key>
<array>
<dict>
<key>CFBundleTypeRole</key>
<string>Editor</string>
<key>CFBundleURLSchemes</key>
<array>
<string>com.your.schene</string>
</array>
<key>CFBundleURLName</key>
<string>com.branch.monster</string>
</dict>
</array>
<key>branch_key</key>
<dict>
<key>live</key>
<string>key_live_</string>
<key>test</key>
<string>key_test_</string>
</dict>
I've been having this problem for over a month now, this error occurs whenever I try to login to my react-native app using a mobile device.
This is the error
And this is the code to login in my react native app
There's this part of the docs you need to take note of. What you are missing is adding an App Transport Security exception, since you are not using localhost as server, and https is required.
By default, iOS will block any request that's not encrypted using SSL.
If you need to fetch from a cleartext URL (one that begins with http)
you will first need to add an App Transport Security exception. If you
know ahead of time what domains you will need access to, it is more
secure to add exceptions only for those domains; if the domains are
not known until runtime you can disable ATS completely. Note however
that from January 2017, Apple's App Store review will require
reasonable justification for disabling ATS. See Apple's documentation
for more information.
An example of ATS is as follows, in info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
For android, similarly from docs
On Android, as of API Level 28, clear text traffic is also blocked by
default. This behaviour can be overridden by setting
android:usesCleartextTraffic in the app manifest file.
You can refer to https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic
If you are using some api that is hosted on some server. It must have https because in latest devices http request is forbidden.
I have followed all the Apple documentation for setting up a service for a right click menu list and for the services list:
I have made all the relevant info.plist entries. (send types, port name, menu title, instance method, etc.)
I have created the method which handles services.
I have added service registration code in the app.
I built my app, put it in the application directory, logged out and back in.
Despite all this I cannot see my service in any menu item.
EDIT**
Here is the services part of my info.plist:
<key>NSServices</key>
<array>
<dict>
<key>NSMenuItem</key>
<dict>
<key>default</key>
<string>MyApp/Send to MyApp</string>
</dict>
<key>NSMessage</key>
<string>contentService</string>
<key>NSPortName</key>
<string>MyApp</string>
<key>NSSendTypes</key>
<array>
<string>NSStringPboardType</string>
<string>NSFileContentsPboardType</string>
</array>
</dict>
</array>
What am I doing wrong? thanks in advance.
I have followed all the Apple documentation for setting up a serviceā¦
Ah, that's the problem: You stopped there. You also need to add the NSRequiredContext key to your service to get it to be enabled by default on Snow Leopard and later.
Fortunately, while the Services documentation doesn't mention that NSRequiredContext is required, the Information Property List Key Reference does explain the value you must provide for it.
I went to Twitter's resource page here (https://twitter.com/about/resources/tweetbutton) and got the following code:
Tweet<script type="text/javascript" src="//platform.twitter.com/widgets.js"></script>
When I put this in my Wordpress template, I don't get the Twitter button -- I just get the text "Tweet". However, when I change the src for widgets.js to include https:// or http:// at the beginning it works.
Could it be that it's just an error that they forgot the protocol? Also, do you think it is better to use https (for consistency with the share link) versus http, or does it not matter?
Thanks for your suggestions.
The URL "//example.com/script.js" tells the browser to open the URL using the protocol of the current page, which is likely to be "file://" if your browser opened an html file on your own machine. Of course, you don't have a file called "file://example.com/script.js" on your computer.
In the past, urls for embedded widgets used to include the protocol (http or https), but a site visitor would receive warnings whenever a secure page loaded a script from an insecure page, and sometimes even vice versa. Now, widgets from Twitter, Google Analytics, and other sites no longer specify the protocol so that the same embed code can work on any page on the internet. The downside is that this does not work when you embed such a widget into a file and view it on your own browser by double-clicking it!
I am trying to access my Twitter API but the call is failing due to the redirect. Does anybody know why this is happening and or how I can fix it? Yes, I am signed in.
Are you using the "Use HTTPS" on Chrome, or a similar extension?
For me, it redirects http://dev.twitter.com to https://dev.twitter.com, which in turn redirects to https://twitter.com
Ideally, the extension would offer more control in how it matches domains. Meanwhile, a quick workaround is to open an incognito window, for which extensions are disabled, and view dev.twitter.com there.