12

I face a strange behavior in a Safari extension with Safari 9.1 (11601.5.17.1). I try to insert a new Iframe with an src pointing to an html file in the extension package using "safari-extension://...".

The URL is correct and the content is displayed in a new tab, if I click on the link from the error message displayed in the console.

[blocked] The page at https:// was not allowed to run insecure content from safari-extension://com.mycompany.myextension-7KZE138RQQ/3d4c3273/js/proxy.js.

It seems the URL with safari-extension scheme is not considered as secured and safari applies "no http in https page" security policy. It used to work before (before what? I don't know.).

Any idea? Could that behavior be changed with a specific Content-security-policy?

Thanks

Ankur Alankar Biswal
  • 1,184
  • 1
  • 12
  • 23
Emmanuel Sellier
  • 526
  • 1
  • 5
  • 13

2 Answers2

3

This is probably because you are using http in your iframe src. Try changing it to https and it should work.

Andrey B.
  • 31
  • 4
1

You need to configure your safari to display the mixed content,

Follow these steps.

1. Open up Preferences by selecting "Preferences" from the "Safari" menu.

2. Click on the the "Security" (tab) icon near the top of the dialog.

3. Make sure that the "Ask before sending a non-secure form to a secure website" option is unchecked.

Hope this helps!

David R
  • 14,711
  • 7
  • 54
  • 72
  • Thanks David Actually I identified the problem occurs only when I activate the "Developer" menu. Once it has been activated, my (own) extension will still fail... The problem does not occur when I reset (manually) Safari and install the extension with an already existing .safariextz package. Until I reactivate the developer menu again... Looks like a bug or something – Emmanuel Sellier Aug 22 '16 at 11:13
  • 10
    BTW, Safari 9 does not allow anymore to disable this security option. – Emmanuel Sellier Aug 22 '16 at 11:22
  • Uhh... I was not able to reproduce the problem after a new manual reset. Even after activating the developer menu. – Emmanuel Sellier Aug 22 '16 at 11:27
  • I had the same problem today... Problem was solved after : 1/ Create package from Extension Builder 2/ Uninstall extension (JS) from Extension Builder 3/ Quit safari and install package 4/ Uninstall extension 5/ Restart safari and reinstall extension through Extension Builder 6/ Works fine... – Emmanuel Sellier Dec 05 '17 at 16:28
  • I've been having the same problem today, but only on a very few domains. (to my knowledge). Works on most http/https pages, but so far I found one https domain where I got same error as the question.. – Anders Dec 17 '17 at 11:29
  • 14
    Not a good answer from a developer perspective. Users can't be expected to do this to eliminate the problem. – FabricioG Oct 04 '19 at 16:49
  • 1
    @FabricioG I'm facing the same problem, development on localhost is very difficult without this feature – Luke Brown Oct 06 '19 at 08:02
  • Any other solution for the latest safari ? – Nilesh Sep 05 '20 at 03:12