Extension in Safari Fails Auth in Non-Default Profile When Using Cookie-Based Mechanism

Hello, We are developing a Safari Web Extension that uses a cookie-based authentication mechanism. The extension makes a request to an endpoint e.g. /login, and this endpoint expects a cookie (e.g., sessionId) to be included with the request. Everything works correctly when running in the default Safari profile. However, when I install and run the same extension in a new, non-default profile, the behaviour changes:

  • The request to /login is still made
  • The cookie sent is not as expected
  • As a result, the response returns null user data
  • I confirmed that logging into the site in the new profile (in a tab) works, but the extension does not appear to share the session/cookie state with the login tab

We’ve tried explicitly setting "credentials": "include" in the request but that still didn’t share the cookie in the extension context in the non-default profile.
My questions:

  • Is there away to allow cookie-based session sharing between a tab and an extension in non-default profiles in safari?
  • Would switching to a token-based auth mechanism (e.g., Bearer tokens ) be the recommended workaround?

I’d appreciate any insights or guidance from those who’ve run into similar issues. 


Thanks in advance!

Extension in Safari Fails Auth in Non-Default Profile When Using Cookie-Based Mechanism
 
 
Q