Highlights
Firefox: download finally works
The popup's Download original button used to silently fail on Firefox because the popup loses focus mid-fetch and the synchronous <a download>.click() fires into a popup that's already tearing down. The download flow is now driven from the background script: popup → message → background fetches with x-api-key, wraps the bytes in a blob URL, hands that to chrome.downloads.download(). Background scripts have no focus to lose, so the download manager picks it up reliably.
The downloads permission is added on the Firefox build only (Chrome's popup-side path already worked, so Chrome users won't see a re-permission prompt on update).
Archive after save
A new toggle in Settings → Save to Immich → Archive after save. When on, every successfully saved item is also marked archived in Immich — it disappears from the main timeline, stays in your default album (if you set one), and remains searchable. Works on both old (isArchived: true) and modern (visibility: "archive") Immich; the call sends both fields.
Recommended API-key scopes updated
The welcome page and Settings → Connection now list two more scopes in the click-to-copy "Minimal" set:
asset.download— required by the popup's Download original action on modern Immich.asset.update— required by the new Archive after save toggle.
Both rows are optional in the sense that the corresponding feature degrades gracefully if you don't grant them, but if you ever hit a 403 on download or archive, regenerating the key with these ticked is the fix. Toast messages on archive-failure now name the missing scope explicitly instead of silently swallowing the error.
"Replace new tab page" defaults to off for fresh installs
Multiple users complained that they didn't realise the extension would replace their new tab. Fresh installs now opt out by default; the welcome-page toggle is the explicit opt-in. Existing users keep their current setting via an upgrade migration that writes featureNewtab=true into storage if it was never explicitly stored — so the new default doesn't accidentally turn off the feature for anyone who was happy with it.
The Settings copy now spells out the browser limitation: "Once an extension declares a new-tab override in its manifest, the browser routes every new tab through it — there is no way for the extension to release the new tab back to the browser's default at runtime. To fully restore the browser's own new tab, remove the extension."
Friendlier error messages
- Connection failures now identify the most likely cause (server down, wrong URL, self-signed cert, http/https mixed-content) instead of leaking the raw
NetworkError when attempting to fetch resource. On Firefox, the message also points toabout:addons → Permissions → "Access your data for all websites"if host_permissions weren't granted. - Save-to-Immich failures distinguish blob-URL-only sites (Instagram-style dynamic image embedding), CORS-blocked CDNs, and ordinary network errors with actionable copy.
- The save flow now tries the source page's content script first (page context with the page's
Refererand cookies), falls back to the SW. Recovers many cases where the background-script fetch is rejected by CDNs that accept the page's request.
Safari (macOS) — experimental
Initial Safari support thanks to @Tekkiech (PR #5). The release workflow now also produces an immich-companion-safari-<version>.zip containing an Xcode project generated from the same Chrome zip — no source duplication, regenerated fresh on every release.
To install: download the Safari zip from the assets below, unzip, open Immich Companion.xcodeproj in Xcode, sign with your free Apple ID, click Run. Full step-by-step in SAFARI.md, including the bundle-ID parent-prefix gotcha and the "Allow Unsigned Extensions" dance.
Caveat: a few flows (right-click Save to Immich, share-link toast, periodic ping) likely don't work yet on Safari because Safari doesn't support background.type: "module". The popup search, options page, and inline content-script toasts do work. SAFARI.md lists exactly which manifest keys Safari rejects.
Smaller things
- "Clear history" in the Saved tab is now visibly a button. It used to render as muted text because of an
all: unsetcarry-over. - New
SECURITY.mddocumenting the disclosure flow, threat model, and where the API key is and isn't read across the codebase. - The public privacy-policy gist auto-syncs from
PRIVACY.mdon every push tomainvia a new GitHub Actions workflow. The gist URL is permanent; published store listings keep pointing at it without manual updates.
Install
- Chrome Web Store — auto-updates within ~1–2 days of approval. Also covers Edge, Brave, Vivaldi, Arc, and Opera.
- Firefox Add-ons — auto-updates within ~1 day of approval.
- Safari (macOS, experimental) — download
immich-companion-safari-0.7.0.zipbelow; follow SAFARI.md for the Xcode build steps.
Or download the matching Chrome / Firefox zip below and load it manually (chrome://extensions → Load unpacked / about:debugging → Load Temporary Add-on…).
Full Changelog: v0.6.1...v0.7.0