Sandboxing a macOS application can bring interesting questions on the table. One of them is certainly “which entitlement shall I enable?”
This short article is a small reminder on how to use a
The sample application provided with this article presents a simple window
with a single view: a
On start, the website Automatisez.net is loaded
After this initial version, we’ll see what are the impacts of the sandbox.
This is the easy path.
The initial version of the example application is configured to run without sandboxing.
Launch it and you will see that the web page loads properly, as expected.
In the project editor, select the application target and select the “capabilities” tab:
- turn on the option “App Sandbox”;
- build and run the application.
You should see the application window, but the content shall not load.
Make it work
If you intend to use a
WKWebView in your sandboxed application you
need to also ask for a specific entitlement: Outgoing Connections (client).
WebkitEntitlementDemo.entitlements the corresponding key value
On this screenshot you can seen entitlement for sandboxed application.
If you are using WebKit, you shall have the option Outgoing Connections (client) checked.
You have to allow network outgoing connection of the
WKWebView will not
be able to work as expected.
Few final words
It seems obvious to enable network connection when you intend to use a web browser component.
The trap with
WKWebView is that this entitlement is required even if
you do not access networks and limit yourself to your application bundle content
resources, like embedded help files.