Publish Safari Extensions as a Safari App Extensions

[heubergen]

Apple came up with a new idea to integrate Extensions in Safari; https://developer.apple.com/documentation/safariservices/safari_app_extensions

Currently the old technique is only deprecated but in Safari Technology Preview it already started to not work anymore at all (meaning extensions doesn't work even if you upgrade from a older version where the extensions was installed)

[kspearrin]

Looks like a completely different API https://developer.apple.com/documentation/safariservices/safari_app_extensions/converting_a_safari_extension_to_a_safari_app_extension

Meaning we'd have to write a whole new app just to support Safari :-/

[heubergen]

I guess it's something you have do check with your usage statistic if it makes sense or not. Obviously as a user I would like to see it.

[bwydoogh]

@kspearrin Safari Technology Preview 80 was released yesterday (see https://webkit.org/blog/8825/release-notes-for-safari-technology-preview-80/)... and there is the end for the Bitwarden extension 🙁... it is gone and cannot be installed anymore. Any update on this topic, any plans, ... ?

[kspearrin]

@bwydoogh No sorry, no updates. At this time, I am not sure we will be able to continue supporting Safari in the near future.

1. Apple has introduced a completely new way of writing extensions for Safari. As far as I understand, this means that we cannot use our existing browser extension code any longer. All other browsers use a standard way of writing extensions (called WebExtensions) with web technologies like HTML, JavaScript, CSS. Apple's new way requires re-writing the extension interface and backend using native Swift/Objective-C. I am not versed in these languages.
2. Safari currently accounts for <2% of our browser extension users. Maintaining a completely different browser extension codebase for that many users isn't feasible.
3. For someone who is not well versed in the Apple development ecosystem, Apple's documentation and other community resources on writing Safari Extension Apps (the new way) is pretty sparse.

If someone who is knowledgeable with writing Safari Extension Apps, or even better, making an existing WebExtension somehow work with Apple's new API, wants to provide some consulting on how we can bring Bitwarden back to Safari, please let me know.

[mackaaij]

As a user and somebody who wants to tell other people Bitwarden is available where you need it, I want Bitwarden to survive new versions of Safari as well. So I really hope this will be fixed. Maybe call for help a bit louder (by using other channels you have at your disposal)?

For now, I filed a complaint at Apple as suggested over here: https://apple.stackexchange.com/questions/337094/safari-12-compatible-versions-of-ad-blockers-fail-to-block-many-ads

I’m not deep into this topic but I suggested Apple to wait with shutting down extensions until they support webextensions to allow developers to work in a common codebase between browsers. I feel this will be a problem for more extensions but also for new extensions to come so I hope they’ll act on it.

[mackaaij]

In a chat with me on CrowdIn (as I noticed translations were behind), @kspearrin mentioned "Our desktop app for macOS uses Electron with JavaScript, HTML, and CSS. It isn't a native codebase with Swift/Obj-C like these new Safari Extension Apps require." I found this on Stackoverflow, hopefully it's similar enough or gives handles to move this topic forward: https://stackoverflow.com/questions/45612515/how-to-embed-a-mac-app-extension-in-an-electron-app

[elb101]

Safari version in Catalina beta no longer supports Bitwarden. Recommend that Safari support is officially depreciated and official announcement made.

[t-rothe]

Yeah, as far as I know Bitwarden just works fine in other browsers on Catalina so may be not worth the work. Still, how big of a thing is this extension in Electron by now? I just found https://blog.yimingliu.com/2018/11/14/notes-on-porting-a-safari-extension-to-a-safari-app-extension/ which I think is the only way:

Do I really have to port all my global.js / background.js Javascript code to Swift / Objective-C?

The idea is that we embed a WKWebview instance inside the app extension, and have that WKWebview view act as a bridge between the old global.js and the new content script. The WKWebview loads the old global.html file, and shuttles calls from the injected script to the JS inside itself using evaluateJavascript, and then dispatches the evaluated results back to the content script.

For a trivial example, this approach seems to work — though I have not tested it extensively. I imagine for complex use cases though, the time spent re-building global.js to work inside a WKWebview is about the same (or more) than just rewriting it in Objective-C or Swift.

The implementation with Electron should work similar, although maybe in the end maintaining the extension alongside the other platforms/browsers may be more extensive then this.

[halostatue]

If Bitwarden doesn’t retain Safari integration, then it’s useless to people who use Safari and can’t be recommended as alternatives to LastPass or 1Password. Some people use Safari because it’s not controlled by an advertising company (unlike Chrome) and because it respects their battery (unlike Firefox). I will be withdrawing recommendations of Bitwarden as a lower-cost alternative to 1Password and LastPass unless this is fixed. I’m not expecting the Bitwarden to take action because of my comment (I’m not currently spending any money with Bitwarden, and the amount of money my company would have spent on Bitwarden is relatively small), but it should be clear that for some people, the lack of Safari support is a lack of support period.

[mackaaij]

I am about to recommend Bitwarden over LastPass in a book :) Would appreciate serious reconsideration as it looks like there is new information about this issue. Safari is the default webbrowser in macOS and besides the reasons mentioned above it is hard for regular users to switch webbrowser.

LastPass isn’t working nicely with Safari for me either, its menu is drawn partly off the screen (I reported this of course but they’re not acting on it). This fact, and the fact LastPass is more cumbersome and worse in support makes me still prefer Bitwarden over LastPass at the moment.

[elb101]

I just switched to 1password. Moved into the Apple ecosystem in effort to attain more privacy. iCloud Keychain wasn't cutting it for me, and I was about to move into Bitwarden before this happened.

@kspearrin Please remove Safari from supported platforms on the Bitwarden website until you decide for sure that you'll support it. It is misleading.

[t-rothe]

@otherbrito Safari is still supported by Bitwarden on MacOS 10.14 and older. In addition, Catalina e.g. MacOS 10.15 is just going to be released this fall. So in short: nothing misleading. Especially for those, who do not want to upgrade or who can not upgrade.

[elb101]

I wouldn't call that quite "nothing misleading" unless the caveat of "those who do not want to or can not upgrade" is clearly communicated before download.

Those who do not upgrade their systems (and I speak purely those who can no longer receive security updates, but can absolutely upgrade to a newer system that can) are like the antivaxxers of personal computing, in opinion.

[t-rothe]

Right, ok, anyway, let’s get back to the technical discussion here on github. Has any bitwarden engineer looked into this (and the above) more closely in the meanwhile? Last thing we heard was end of April, any news on this side?

[kspearrin]

We are not removing Safari from our website. Nothing has been finalized about our continued support of Safari. As I mentioned in my previous post, I was hoping someone would reach out to me that could consult on how we can make Bitwarden work under the new App Extension model. Someone has, and I have been working with them on the feasibility of such. Additional updates will be provided in this thread as they become available.

[Crocmagnon]

That's great news! Thanks for sharing that with us 😄

[OneOkami]

I'm currently trialing a switch to Bitwarden from Lastpass and just wanted to chime in and express my appreciation for at least trying to work with the community to find a way to continue supporting Bitwarden in Safari.

The two primary reasons for me being inclined to switch are that you have at least a decent native Windows vault app from what I've experienced so far (Lastpass has practically abandoned support for theirs and I don't wanna touch it with a 10-foot poll) and Bitwarden is open source making it more auditable. I do have and use a MacBook in addition to my Windows machine and I'm strongly inclined to use Safari right now because of its relatively significant power efficiency and if I do make the full-on switch to Bitwarden it would benefit me to have a fully functional extension for Safari.

That being said, I'm one who is generally strongly in favor of supporting and promoting cross-platform standards so I also sympathize if you ultimately decide the special porting hurdles are not worth it and deprecate Safari support. For me Chromium and Firefox are not preferred on my MacBook for battery life reasons but it's also not the end of the world if that's what I have to end up using for consistent and reliable Bitwarden extension support.

[KarimGeiger]

Hey, I don’t want to sound rude or anything, but I’d love to hear if there’s any (rough) timeline of when the extension will be available for Safari? A rough number like a few weeks or months would be sufficient for me.

Additionally, if you guys need a beta tester, I’d be happy to help.

Thanks for working on it!

[t-rothe]

Hey, I don’t want to sound rude or anything, but I’d love to hear if there’s any (rough) timeline of when the extension will be available for Safari? A rough number like a few weeks or months would be sufficient for me.

Additionally, if you guys need a beta tester, I’d be happy to help.

Thanks for working on it!

Right, as you may have noticed here, it is quite unclear if it may return to MacOS 10.15 and higher in any way. So if it does, you may expect this to be on a longer term roadmap. As I understand the current developers correctly, there is currently more need for someone experienced in conversion or overwriting code to a system extension. Which all comes along with maintaining it separately, which may not be worth it. Workaround as mentioned earlier is the use of Firefox or chrome for now.

Just as a clearification for myself to one of the developers: This problem is not only persisting in the safari extension, but also in the MacOS Main application , right? As it occurs to me at least.

[cofatoeu]

This problem is not only persisting in the safari extension, but also in the MacOS Main application , right? As it occurs to me at least.

I didn't notice any problems with the main app.

[Crocmagnon]

The macOS desktop app shouldn't have any issue. Apple only changed its policies about Safari extensions.

[kspearrin]

An update here:

I have been successful in porting (read: hacking) the existing Bitwarden web extension into Safari's new app extensions model. I am about 80% of the way there, but I see no reason why we can't have this functioning (albeit with some quirks) for the most part here in the next couple of weeks.

One thing that I still haven't decided on: Should we bundle distribution of the browser extension into the desktop app or should we distribute it separately on its own?

[KarimGeiger]

Awesome to hear! Let me know if you need a beta tester.

I personally don’t mind whether it’s its own package or bundled. I probably would go for the bundled version, but that’s just me.

[ghost]

I would also love to help test, thanks for all the hard work!

As for bundled vs separate, would you still offer just the extension in the Apple App Store? I think most users probably use just the browser extension (feel free to correct me if I'm wrong), and I would personally prefer to be able to download just one and/or the other.

[pavankjadda]

Appreciate the work. I would be happy to be part of the bets test.

[maxwowpow]

I'm for the standalone, as some may use brave/chrome/ff etc instead of safari.

[halostatue]

@kspearrin The Safari browser extension should be bundled with the application. This does not prevent people who use Chrome, &c. from using the extensions from those browsers and does not force a second download on Safari users. Both 1Password and LastPass include their Safari browser extension with the main application, and every other app I’ve seen that has a browser extension does the same.

I have two applications that are just browser extensions: a URL handler for NewsBlur and PIPifier.

[satysin]

Excellent news on the progress made :)

I am also happy to help test when/if needed.

As for distribution I don't really have a preference. Whatever is easiest for you to maintain would get my vote. I have no issue grabbing a separate download if it saves you hassle.

[TheRijn]

Good to hear that there is some progress, I'm currently user the Safari 13 beta on macOS 10.14.6, which also removes all "old" extensions, so when Catalina will roll out this will probably roll out to Mojave and High Sierra users as well.

For the distribution of the new extension, I think you should include it with the desktop app, LastPass is doing it the same way, you'll always need to enable the Safari extension (in the Safari settings) after you install an app that includes an extension, so people that do not want it will not get it ;)

[kspearrin]

@ all

Here is a beta build of the v1.16 Bitwarden desktop app, which now includes a bundled Safari App Extension (v1.42). Please test and let me know how it's working for you and if there are any issues.

Known issues

1. "New login" and "password change" notifications may not work due to bug in Safari. See blocker from Apple here: https://forums.developer.apple.com/thread/121765
2. File picker for attachment upload will cause the popup window to lose focus and then close, preventing you from being able to select a file.
3. Self-hosted servers will not work with the extension due to CORS issues with the popup webview. This is fixed in the next server update.

Download

Please uninstall any previously installed version of the Bitwarden desktop app, then download and install the latest .dmg below. If you were using the older Safari JavaScript extension that was installed from the Safari Extension Gallery, this new version should automatically replace it (no need to uninstall it).

Beta 2 (latest) - https://cdn.bitwarden.net/misc/Bitwarden-1.16.0-beta2.dmg Beta 1 - https://cdn.bitwarden.net/misc/Bitwarden-1.16.0-beta1.dmg

[satysin]

Installed on Mojave fine. Replaced the existing Bitwarden extension without issue which is nice. After a 1 minute test it seems to work okay on the surface. Fills in details when asked. I can confirm the two known issues.

[Toddehawk]

Sorry..... :-) I read over this

Self-hosted servers will not work with the extension due to CORS issues with the popup webview. This is fixed in the next server update.

Installed on Catalina Beta 19A536g Put old version into trash Extension is visible under Safari Version 13.0 (15608.2.2) Entered my own server and got this:

Ein Fehler ist aufgetaucht Origin file:// is not allowed by Access-Control-Allow-Origin.

Do you have any hint?

[kspearrin]

@Toddehawk See known issue no. 3 above.

Self-hosted servers will not work with the extension due to CORS issues with the popup webview. This is fixed in the next server update.

[wyolinc]

Can verify installs working well with Catalina Public Beta 19A536g and Safari 13.0 (15608.2.2). Can also verify known issues with notifications on update password and new login. Thanks for your work on this @kspearrin!

[ghost]

The beta provided (desktop app and extension) work well. Will there by any options in the future for extension only?

[kspearrin]

Since I am not hearing back any issues from folks, I am going to assume this is working well and should hopefully have a release out soon.

@jmauss No plans at this time, since this appears to be how Apple wants us to distribute the extensions now.

[ghost]

That makes sense, I am just now understanding how they are handling extensions moving forward. Thanks for the hard work, I am so happy to see continued Safari support!

[adusak]

@kspearrin I might have discovered an issue with form filling shortcut with the new extension. Repo steps

1. Start Safari
2. Sign in to Bitwarden extension (now cmd + \ shortcut works)
3. Drag some tab in to a separate window
4. cmd + \ shortcut stops working

note: The shortcut seems to be generally not working when you have multiple windows of safari open regardless of the order of logging in/creating the windows.

Safari Version 13.0 (15608.2.5) macOS 10.15 beta 7

[kspearrin]

@adusak Thanks. Should be fixed for release.

[kspearrin]

beta2 has been posted with the fix for @adusak

See https://cdn.bitwarden.net/misc/Bitwarden-1.16.0-beta2.dmg

[ghost]

Thank you!!! Beta 2 works great for me

[pavankjadda]

Thanks for the hard work. I stopped using Safari after Catalina update, I can use it again.

[Goeste]

@kspearrin Seriously, THANK YOU for your work, already done! Do you have any updates on the third point in regards to self-hosted servers?

3. Self-hosted servers will not work with the extension due to CORS issues with the popup webview. This is fixed in the next server update.

Best regards and keep up the good work!

goeste

[kspearrin]

@Goeste Server v1.32 went live today with the needed fix for self-hosted server and the Safari extension.

[Goeste]

Server v1.32 went live today with the needed fix for self-hosted server and the Safari extension.

AWESOME!! will update tmrw and give feedback on 1.3.2

Best, goeste

[Toddehawk]

@Goeste Server v1.32 went live today with the needed fix for self-hosted server and the Safari extension.

Works perfectly on latest Catalina Beta with self hosted installation!

Great Work ! @kspearrin You are the best :-)

Best regards Thorsten

[pavankjadda]

Found an issue with Beta 2. Bitwarden asking for Master password every 5 minutes. I tried to logout and login, still see the issue. I enabled unlock with pin option with 30 minutes timeout as shown below

[Goeste]

@kspearrin THX! just updated and cannot experience any issues for now. Will provide info if, in any case, an unwanted behaviour arises.

Thank you again for your work & help to get Mac useres back on track ;)

Best, Felix

[KarimGeiger]

Thanks so much for implementing the Safari Extension. It seems to work quite fine for me now with a custom server.

However, I found a site that didn't seem to work with Safari. I can't autofill on this site: https://my.sevdesk.de/#/login When I try, it just says "Unable to auto-fill the selected item on this page. Copy and paste the information instead". I already tried restarting the browser and clearing the site cache, but nothing seems to work for it. Probably because it's a form that loads via JavaScript?

[kspearrin]

@KarimGeiger I am not able to reproduce the issue here. Maybe wait until the page fully loads before opening the extension?