When I download the example from Apple's documentation and add print("challenge: \(challenge.protectionSpace.authenticationMethod)") inside the func download(_ download: BADownload, didReceive challenge: URLAuthenticationChallenge) async method in SessionManager.swift, the output always shows NSURLAuthenticationMethodServerTrust. I never see NSURLAuthenticationMethodDefault.

Thank you for your quick response! I'm developing this exclusively for macOS. Just to clarify—does this mean the background script in the web extension will need to send requests to the app extension at regular intervals to check for messages from the socket? This doesn’t sound ideal, but if that’s the only way... ;)

Alright. I believe the only solution is to create an empty sandboxed app, launch it as an agent, and add the Content Blocker targets to that.