Hello,
We are developing a Safari Web Extension that uses a cookie-based authentication mechanism. The extension makes a request to an endpoint e.g. /login, and this endpoint expects a cookie (e.g., sessionId) to be included with the request. Everything works correctly when running in the default Safari profile.
However, when I install and run the same extension in a new, non-default profile, the behaviour changes:
- The request to /login is still made
- The cookie sent is not as expected
- As a result, the response returns null user data
- I confirmed that logging into the site in the new profile (in a tab) works, but the extension does not appear to share the session/cookie state with the login tab
We’ve tried explicitly setting "credentials": "include" in the request but that still didn’t share the cookie in the extension context in the non-default profile.
My questions:
- Is there away to allow cookie-based session sharing between a tab and an extension in non-default profiles in safari?
- Would switching to a token-based auth mechanism (e.g., Bearer tokens ) be the recommended workaround?
I’d appreciate any insights or guidance from those who’ve run into similar issues.
Thanks in advance!