ASWebAuthenticationSession cookie

Seeing an issue where document.cookie is returning an expired cookie. This cookie is correctly not sent in requests and is not displayed in the web inspector (Storage -> Cookies). Problem persists until safari is restarted. Affects the following user agents... Mozilla/5.0 (iPhone; CPU iPhone OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1 Mozilla/5.0 (iPhone; CPU iPhone OS 15_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1 Mozilla/5.0 (iPhone; CPU iPhone OS 15_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Flipboard/4.2.140 Mozilla/5.0 (iPad; CPU OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/99.0.4844.59 Mobile/15E148 Safari/604.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15 Mozilla/5.0 (iPhone; CPU iPhone OS 15_3 like Mac OS X) AppleWebKit/605.1.15 (K

As we know, we can use WKContentRuleList to block url requests/cookies or perform other actions in WKWebView. Is there any way that we can know what has been blocked by the WKWebView based on that WKContentRuleList?

On June 7, 2023, I put the paid app in the AppStore, filled out all the agreements, tax and banking information. The only thing that is still not filled out is the tax information for Australia, when I want to fill it out - they ask me if I am an Australian taxpayer and if I have an Australian taxpayer ID, when I check that no, they tell me that in this case you do not need to fill out anything, and this form remains unfilled. I tried many things, cleared cookies, logged in through another clean browser, wrote three letters to support in four days, in response to me - silence. Even if I just have to wait, I want to know for sure, rather than guess at the possible causes as a consequence of the silence of support.

I am using WKWebView inside my Swift App for SSO login. Now, SSO session is retained due to cookies saved. In Android there's an option to clear the cache or clear data from their settings Apps. Can I make my iOS App eligible for such a feature? I don't want to give an option inside my Application to clear the cache. is there any external option available which can be used for this inspite of Re-installing the application.

Hi, I am using ShazamKit to detect songs from a live stream. I am using matchStreamingBuffer with a PCMBuffer. It looks like it works for the most part, but sometimes it throws an NSException. Here's the code calling the match: engine.mainMixerNode.installTap(onBus: 0, bufferSize: 4096, format: options.audioFormat) { buffer, time in do { self.session.matchStreamingBuffer(buffer, at: time) } catch { } } The exception: Supplied audio format is not supported { mediaType:'soun' mediaSubType:'lpcm' mediaSpecific: { ASBD: { mSampleRate: 44100.000000 mFormatID: 'lpcm' mFormatFlags: 0x29 mBytesPerPacket: 4 mFramesPerPacket: 1 mBytesPerFrame: 4 mChannelsPerFrame: 2 mBitsPerChannel: 32 } cookie: {(null)} ACL: {Stereo (L R)} FormatList Array: { Index: 0 ChannelLayoutTag: 0x650002 ASBD: { mSampleRate: 44100.000000 mFormatID: 'lpcm' mFormatFlags: 0x29 mBytesPerPacket: 4 mFramesPerPacket: 1 mBytesPerFrame: 4 mChannelsPerFrame: 2 mBitsPerChannel: 32 }} } extensions: {(null)} } This is the stack stack: 0 CoreFounda

I’m having a very odd problem in which my URLSession response works the first time, but almost always fails on subsequent calls. It’s taken me forever to debug because I needed to examine the response headers to determine anything at all. I used Proxyman based on a recommendation from Donny Wals -- https://www.donnywals.com/debugging-network-traffic-with-proxyman/ -- and — as far as I can tell — the only differences between the calls is that the first call returns: HTTP/1.1 200 OK Date: Tue, 06 Jun 2023 14:06:08 GMT Server: Apache Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control Vary: Accept-Encoding,User-Agent Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Content-Encoding: gzip Set-Cookie: PHPSESSID=d10701af2da595b698c57f183e76a709; path=/ Upgrade: h2 Connection: Upgrade,

We need to append some values in the User-Agent HTTP header for our SSO flows. We use the ASWebAuthenticationSession class as you should, but I can't find any information on how to modify the headers in this web view. I have tried setting the global user agent via UserDefaults.standard.register(defaults: [UserAgent: fakeUserAgent]) While it does change the User-Agent in WKWebView, it seemingly does not impact the ASWebAuthenticationSession. There are also no configuration settings to change headers or User-Agent on ASWebAuthenticationSession. Is it not possible by security design?

I've developed a ios safari web extension for my app and everything seemed to work fine in the simulator and on my device. However, I've noticed that in some cases when the user tries to give permission to the extension inside safari, the system displays an alert asking for permissions to all the sites saved in the user's keychain. It's really strange. I've not been able to always reproduce this behavior, sometimes it works normally and it asks for permission just for the domain where the user is on. The issue has become a real problem when I've discovered that when the user has a lot of saved passwords for sites in the keychain, the Safari freezes when asking for permission and becomes absolutely unusable, forcing the user to close it. Here is the manifest for my extension: { manifest_version: 2, content_security_policy: script-src 'self' https://ssl.google-analytics.com; object-src 'self', background: { scripts: [ browser-polyfill.js, background.js ], persistent: false }, content_scripts: [{ js: [ browser-p