Depends on how the extension works probably. Had the issue with some extension but the Qwant extension for example doesn't leak - you can check yourself when capturing the http(s) traffic with something like proxyman.
Interesting, something must have changed then - the qwant search extension definitely does not leak the search to the default search engine - I checked myself with Proxyman.
I don't know your setup but in my opinion something like proxyman / mitmproxy or even Wireshark would be the better way to analyse this.
I tested quite often and never saw the leak with Qwant.
I have Proxyman and Wireshark. IIRC I used Proxyman also when writing my blog post.
In any case, Little Snitch is not lying and inventing packets. I don't know why you aren't seeing anything, but as I said, it's a race condition, so that can happen, and in any case, I would say that it's a better way to analyze this by adding Little Snitch to your setup.
I quickly downloaded the kagi extension for testing and there I can see the leaking - the Qwant extension still does not leak. Maybe you could also test the Qwant extension?
I don't know why it's different for you and me then. I tested Qwant once again and saw not one call to duckduckgo (my default search engine) - now I'm over 100 searches while analysing with proxyman without one leak.
The kagi extension on the other hand leaked all my first 3 searches.
Something must be different.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
Hi, I added a part to the GitHub repo explaining this, basically its this:
- The extension requires permission to "Access all websites" solely to detect video players and enable Picture-in-Picture functionality across different websites
- No data is collected, stored, or shared with third parties
- All functionality operates locally on your device
As stated in the readme, this is my first coding project using Swift and Xcode. As a beginner, I welcome any help, suggestions, or contributions to improve the code and functionality!
Nice work! As someone who's about to try their hand at their first Safari extension (and first web extension period, something in the spirit of Tabs Outliner), do you have any tips or tricks you could share?
I read a lot online and of course LLMs can probably help you there. I would suggest if it's nothing macOS/safari specific you want to build, start using chrome and develop the extension for it first. If you want to add safari to the list of supported browser later, you can easily adapt the code (as long as safari supports the apis for it).
Thats true, but in the end the web extension itself can work with all browsers (if the apis are implemented of course). AutoPiP for example would work without any modifications in chrome/firefox but they implement their own PiP api so it doesn't activate the macOS native one...
