From f2837e90998cca95fafea24493110ce8daace166 Mon Sep 17 00:00:00 2001
From: Nick Krantz <125900171+nick-livefront@users.noreply.github.com>
Date: Tue, 24 Feb 2026 16:39:49 -0600
Subject: [PATCH] normalize origin for comparison (#19212)

---
 libs/platform/src/util.spec.ts | 20 ++++++++++++++++++++
 libs/platform/src/util.ts      |  9 +++++++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/libs/platform/src/util.spec.ts b/libs/platform/src/util.spec.ts
index fda563db7ea..0455113919f 100644
--- a/libs/platform/src/util.spec.ts
+++ b/libs/platform/src/util.spec.ts
@@ -17,6 +17,21 @@ describe("urlOriginsMatch", () => {
       "chrome-extension://abc123/popup.html",
       "chrome-extension://abc123/bg.js",
     ],
+    [
+      "safari extension GUID uppercase in suspect",
+      "safari-web-extension://d8726ae3-f81f-4d3a-85a0-64c2cb453e39/",
+      "safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
+    ],
+    [
+      "safari extension GUID uppercase in canonical",
+      "safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
+      "safari-web-extension://d8726ae3-f81f-4d3a-85a0-64c2cb453e39/",
+    ],
+    [
+      "safari extension GUID uppercase on both sides",
+      "safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/popup.html",
+      "safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/bg.js",
+    ],
   ])("returns true when %s", (_, canonical, suspect) => {
     expect(urlOriginsMatch(canonical as string | URL, suspect as string | URL)).toBe(true);
   });
@@ -31,6 +46,11 @@ describe("urlOriginsMatch", () => {
       "https://sub.example.com",
     ],
     ["non-special scheme hosts differ", "chrome-extension://abc123/", "chrome-extension://xyz789/"],
+    [
+      "safari extension GUIDs differ (mixed case)",
+      "safari-web-extension://D8726AE3-F81F-4D3A-85A0-64C2CB453E39/",
+      "safari-web-extension://AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE/",
+    ],
   ])("returns false when %s", (_, canonical, suspect) => {
     expect(urlOriginsMatch(canonical, suspect)).toBe(false);
   });
diff --git a/libs/platform/src/util.ts b/libs/platform/src/util.ts
index b59e713fba3..2a23a45485d 100644
--- a/libs/platform/src/util.ts
+++ b/libs/platform/src/util.ts
@@ -45,9 +45,14 @@ export function urlOriginsMatch(canonical: string | URL, suspect: string | URL):
   const canonicalOrigin = effectiveOrigin(canonicalUrl);
   const suspectOrigin = effectiveOrigin(suspectUrl);
 
-  if (!canonicalOrigin || !suspectOrigin) {
+  // Safari sends the extension GUID in uppercase while the canonical URL is lowercase,
+  // Normalize both to lowercase and trim trailing slashes to avoid browser specific issues.
+  const normalizedCanonicalOrigin = canonicalOrigin?.replace(/\/$/, "").toLowerCase();
+  const normalizedSuspectOrigin = suspectOrigin?.replace(/\/$/, "").toLowerCase();
+
+  if (!normalizedCanonicalOrigin || !normalizedSuspectOrigin) {
     return false;
   }
 
-  return canonicalOrigin === suspectOrigin;
+  return normalizedCanonicalOrigin === normalizedSuspectOrigin;
 }