Hello everyone, wanted to chime in and give some updates regarding a resolution for the issues being discussed here.
First I want to mention that the problem happening with Safari isn’t just a Bitwarden issue, though we did re-architect elements of the inline menu that have exacerbated the problem. Safari introduced a significant bug with the release of v17.4 back in March which causes a lockup of the extension’s background script when communicating with content scripts. Extensive details on what I’ve found surrounding the issue can be seen within this Github comment.
That comment also provides some short term suggestions on how to resolve the problem. A long term resolution of this issue will require the release of Safari v18, which will be coming this Fall with the next MacOS update.
Second, the passkeys issue with Safari is related to a separate bugfix that we implemented to resolve some major problems happening within webmail clients that load their content within iframes.
The fix that we implemented delays the injection of our passkeys content script until the HTML of the page has loaded. This fixed the problems we were seeing reported for various webmail clients.
Unfortunately, this delay is also creating the issues with passkeys in Safari that are being expressed in this thread. In effect, the extension is not able to inject the script early enough for Safari to parse and run it before a given website makes a call to the Webauthn passkeys API.
We have a fix going out with the next extension release that should bring the implementation back to parity, while keeping the webmail bugfix in place.
For a more permanent solution, I’m speaking with team members regarding moving forward with Manifest v3 on Safari and Firefox. We have a POC that has been implemented and seems to be working well, but testing is still underway and it’s likely that we will release Mv3 for Firefox before Safari for a variety of reasons.