Our extension uses fecth API from the background to check if the user is properly logged. But we get this error message : Refused to connect to https://example.com/foo/user because it does not appear in the connect-src directive of the Content Security Policy. Even if the link https://example.com/foo/user is specified in the manifest : { ... "content_security_policy": "script-src 'self';object-src 'self'; connect-src 'https://example.com/foo/user' ", ... } We've tried "content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/foo/user" "content_security_policy": "script-src 'self';object-src 'self'; connect-src https://example.com/*" "content_security_policy": "script-src 'self';object-src 'self'; connect-src * " Same error message when we're trying to make a WebSocket connection (wss://exampe.com/service/bar). For info, our Chrome/Firefox extension work perfectly with connect-src * directive . Does someone have the same issue? If yes, how did you manage to make it work?

Can we distribute a Safari WebExtension within our notarized macOS app outside of the App Store? The documentation says: you must be a member of the Apple Developer Program to distribute them through the App Store. But it is not clear if it is mandatory. Note : we can distribute a Safari App Extension outside the App Store.