The new Safari extension 2.0 does not work

webba

Just adding my +1 to this thread - the new Safari iOS extension is quite bad. I have submitted the feedback to Apple under their feedback page for Safari on iOS https://www.apple.com/feedback/safari.html to get Kagi added as a choice of search engine.

Vlad

webba Thanks, ultiamtely we need to solve the problem at its root and this is exactly how to do it.

andreagrandi

webba I did it too a few weeks ago. They deserve an expensive fine from antitrust and the usual aut / aut from EU until they let people add a custom engine.

andreagrandi

Vlad I’m noticing from the posted videos that some of us have an ad block installed (me included). Could it be some incompatibility with other existing extensions?

kagiuser9219

Same deal as others. Using Safari extension 2.0.2 on iOS 17.2.1 on iPhone 15 Pro Max. Have Ecosia set as the search engine in Safari as well as the search engine in the extension.

Searching seems to only work if Safari is freshly launched. If I force-quit Safari and relaunch it, I can search for a few minutes, but if I later come back to Safari, all searches go to Ecosia and I have to force-quit the app again. It makes Kagi basically unusable. I never had any issues with the old extension. Video is included.

Xavez

andreagrandi I’m starting a test with all other extensions disabled. Had the same hypothesis… let’s see if it takes us anywhere.

timefrancesco

Same issue on here:

iOS 17.2.1
iPhone 15 Pro & iPad mini 6

The extension works after a fresh lunch but doesn't work when returning from background.
To replicate the issue:

Launch Safari -> Kagi works
Go back to home screen
Wait 15-20 mins, or open other memory intensive apps (games, camera, etc)
Reopen Safari -> Kagi doesn't work.

randomusername

If anyone is curious for alternatives, I've switched to using: "Search Engines for Safari" on MacOS and "Customize Search Engine" on iOS. The main benefit is that they only require permissions to DuckDuckGo instead of every webpage like Kagi. Even if this extension is fixed, I won't switch back unless the current permissions setting is changed, especially now that I know it's possible to avoid that.

"Search Engines for Safari": https://apps.apple.com/fr/app/search-engines-for-safari/id1588019370
"Customize Search Engine": https://apps.apple.com/fr/app/customize-search-engine/id6445840140

Edit: The permission section was incorrect, official extension has same permission setup.

andreagrandi

randomusername the new Kagi extension has been released exactly to solve that permission problem: it now only requires permissions to DuckDuckGo only.

Thanks for the suggestions anyway, but I'm curious: how does the extension behave with private Safari sessions?

randomusername

andreagrandi You're absolutely right, I was confused with how iOS extensions work. It showed "All Websites" with the ask / deny / allow options. I didn't realize that I could go to DuckDuckGo.com and only allow that website. I will edit my comment.

For your other question, It behaves the same as the Kagi extension, you put in your private session link in the app.

andreagrandi

randomusername I just tried "Customize Search Engine" on iOS. In normal session it works, but it's a bit slow and every time I can see that I'm being redirected from DDG (with Kagi extension you are still redirected but I never saw DDG before). Instead with the private session, I just get a blank page. Maybe I haven't filled those configuration fields correctly. Could you post a screen of how you configured it (hiding your session token of course) ? Thanks

randomusername

andreagrandi

In "top of url", I copy and paste my session url from Kagi account settings and put in the following:

https://kagi.com/search?token=abc&q=

I've appended &q=

Yes, the screen flashing is a bit of a bother.

nannat

Tested with all other extensions disabled; no dice. To reproduce:

Open Safari, do a normal search from the search bar: goes fine to Kagi
Exit the app, don't close it from the background
Wait an hour
Open Safari, do a normal search from the search bar: goes to DDG

And yes, I am using the latest version of the new iOS extension, and I am sure everything is configured correctly (DDG selected from Safari settings and from the Kagi app, all domains allowed for the Kagi extension).

andreagrandi

randomusername

've appended &q=

ah that's what I was missing, thanks!

nanoscrew

Cross-posting from the Discord Help channel:

Kagi Search for Safari Extension Update:

The 2.0 update has not met the standards for reliability that our community expects. To get people back to searching reliably on Kagi in Safari, we’re making the following updates:

We are rolling back the App Store versions on both iOS and macOS to the 1.x codebase. You will see the next versions for both platforms as 2.1.0, but they each are running the last-known-good builds (1.0.4 macOS, 1.0.10 iOS).
The 2.x Universal extension is still under development. Future releases based off of the new codebase will have broader testing before public release.
All 3 codebases are now available in our browser_extensions repo on Github to review code and contribute.

As soon as the rollback extensions are on the App Store, we'll share an update here. To everyone who has updated to the new versions, had issues, submitted feedback, answered my questions, or upvoted the feedback posts: thank you for your understanding and patience through this.

andreagrandi

nanoscrew nice decision! Thanks for listening to our feedback

nanoscrew

metaeaux

Thank you for the sample code. We've looked into declarativeNetRequest-based solutions in the past, but they weren't chosen because they did not reduce the level of permissions required. Reducing permissions to no more than "Browsing History" was a primary objective for the 2.0 extension. declarativeNetRequest, as far as I can tell, shows up as "Browsing History and Tracking Information", which is what the 1.x extensions requested as well. This is how Safari 17 displays the permissions for each scenario:

That said, at this point, we need to consider reliability issues. While 2.0 had significant issues with reliability, 1.x on both platforms suffered from reliability issues as well. Combining the codebases and reducing permissions was meant to increase reliability and decrease maintenance cost for the extension. But if the extension is unreliable, even temporarily, it's a major disruption to a paid service, so it's worth exploring this alternative API as a solution.

I'm working on a proof-of-concept using your sample code as a starting point, moving the majority of settings over to the toolbar popup, and allowing the session token to be dynamically updated in the extension instead of hardcoding into json ruleset. I'd like to share the code and a TestFlight build once it's ready, aiming for Friday 5-Jan. Some remaining issues include:

Allowing !g/!ddg/etc search engine bangs. If you allowed the extension access to (for example) google.com, !g <search query> will always return you right back to Kagi's <search query> results page.
User experience when viewing the extension permissions page. To make sure we only ask for permissions if you're viewing pages on Google/DuckDuckGo/etc, we need to provide every single country-specific/alias domain in the manifest.json under host_permissions. This is a list of 261 domains. Subdomains can use a wildcard, but TLDs cannot (e.g. "://.google.com.au/" needs to be listed as well as "://.google.com/". You are not allowed to do "://.google./"). This isn't a problem in day-to-day searching, but it could confuse users as to why there's a 261-domain list in Safari -> Settings -> Websites -> Kagi Search for Safari
The redirect seems to break in a weird way if the modifyHeaders action is not applied on kagi.com requests. If we redirect to kagi.com/search?q=<search query> without the modifyHeaders rule applied, we get redirected to the sign-in page, even if we're in normal browsing mode, and are logged into kagi.com. If we redirect to www.kagi.com/search?q=<search query>, Kagi does its own redirect stripping out the www and the session cookie is re-applied to the request automatically. This helps if people don't want private browsing enabled and therefore don't copy in their session link into the extension. I'm asking the Kagi web devs if this is something expected with secure cookies, or if it's a bug in Safari's implementation, but regardless, at least there's a workaround, even if a bit clunky.

So, in conclusion: the declarativeNetRequest API looks promising from a reliabilty perspective, but the permissions issue is concerning. Having Safari declare that Kagi's extension "can be used to track you" does not align with Kagi's philosophy of not tracking users. Having the code be open-source helps, but we've received feedback that the permissions text in Safari is a major factor in their decision to use Kagi or not, so we cannot take this lightly. We'd love to hear from the community about this. (And if anybody you know can convince the Safari team to allow custom search engines natively, we'd appreciate that very much 😸)

metaeaux

nanoscrew

Thanks for following up on this. I think the permissions issue is a valid concern because declarativeNetRequest could be used to add tracking, but overall it's actually much more private and trustworthy because third parties like Kagi can't actually observe web navigation directly. Some info in an FAQ or blog post could help clarify this to users, along with the source code being open. Another benefit is that it doesn't depend on redirecting from a javascript process. There's some interesting info here about how Safari handles DNR rules internally.

My private extension handles search engine bangs by using regex rules. For example, the DNR regexFilter for duckduckgo.com I use is ^https:\/\/duckduckgo\\.com\/\\?q=[^!].*. I have created rulesets for handling search bangs, for example, wikipedia uses: ^https?:\/\/duckduckgo\\.com\/\\?q=!w\\+(.*)&

The long website permissions would be quite confronting to users. But perhaps the instructions to users could focus on enabling the plugin within the Safari tab open to their default search engine, so that they don't have to see the list and scroll to find their search engine.

Funnily enough I did some experimentation to see if DNR could modify autocomplete yesterday. I wasn't successful, but I did find that redirecting duckduckgo to http://kagi.com/api/autosuggest?q= avoids the need to use modifyHeaders to add the cookie, and ends up redirecting to http://kagi.com/search?q=. As far as I understand it, the DNR redirect won't include cookies in the headers. Since Kagi does a redirect when the token is included, the modifyHeaders rule gets executed to add the cookie and allows the search to go through. In any case, I believe fixes for this issue can be handled server side by Kagi. It would be much nicer for the Kagi extension to inject the session token as a cookie than as a URL parameter.

I have sent feedback months ago to Apple about adding Kagi as a search engine. I can try pinging Jen Simmons on Mastodon to see if custom search engines could gain any traction.

metaeaux

nanoscrew

You might be able to workaround the long list of host permissions by using optional permissions instead.

Dustin

@nanoscrew

Having Safari declare that Kagi's extension "can be used to track you" does not align with Kagi's philosophy of not tracking users. Having the code be open-source helps, but we've received feedback that the permissions text in Safari is a major factor in their decision to use Kagi or not, so we cannot take this lightly.

I agree that the tracking declarations Safari makes are very off-putting. While I trust Kagi and trust the extension and am happy to see the code being open sourced, fundamentally it is a large hurdle for potential customers to overcome.

I have filed feedback with Apple about allowing custom search engines or adding Kagi to the list.

I will note that Jen Simmons is very active on Mastodon if that's a helpful outreach at all: https://front-end.social/@jensimmons

Vlad

metaeaux

but overall it's actually much more private and trustworthy because third parties like Kagi can't actually observe web navigation directly.

You know this and we know this, but most people do not. Apple's scary messaging does not help. Documentation does not help as people rarely read it. The fact the extension is open source does not help.

This caused a lot of negative messaging we received around the permissions which is the main reaon we went the long way around trying to achieve both. In ideal circumstances we should not be spending time and resources on this at all, and thanks for sending feedback to Apple.

We plan to have the proof of concept with dNR open sourced by the end of the week, and we invite you to contribute once it is out there.

sigmasirrus

Thanks for working on the issue. I think Apple lets you reset the App Store ratings when you publish a new version. You may want to do that.

Also, when I search for “Kagi”, it only brings up Orion. If I search for “Kagi search” the extension comes up.

« Previous Page Next Page »