I have a Safari App Extension which allows users to switch between last open tabs with a shortcut option+tab in the same way it's possible to switch between last open apps with command+tab.
Here is how i do it:
I inject a content script on all websites which has the only thing – key listener for option+tab presses.
When a user presses option+tab, that keyboard listener detects it and sends a message to the Safari Handler.
Then Safari Handler sends a message to the containing app and it shows a panel with last open tabs.
This approach has a problem: it shows a message to a user in settings: "Can read sensitive info from web pages, including passwords..."
Which is bad, because in reality i don't read passwords.
If i remove SFSafariContentScript key in the Safari App Extension target's Info.plist, then this message about reading sensitive data disappears, but then i loose the ability to open the tabs panel.
How can I open my app window with a shortcut without frightening a user?
It's possible to listen to global key presses, but that would require a user to grant the app permissions of Accessibility (Privacy & Security) in macOS system settings, which also sounds shady.
I know an app which does not require an Accessibility permission: https://apps.apple.com/ua/app/tabback-lite/id6469582909 and at the same time it does not tell a user about reading sensitive data in the extension settings.
Here is my app: https://apps.apple.com/ua/app/tab-finder/id6741719894 It's open-source: https://github.com/kopyl/safari-tab-switcher
Safari and Web
RSS for tagEnable web views and services in your apps.
Posts under Safari and Web tag
142 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
In a project to create a web extension for Safari, using scripting.registerContentScript() API to inject a bunch of scripts into web pages, I needed to manage a dynamic whitelist (i.e., web pages where the scripts should not be injected).
Fortunately, scripting.registerContentScripts() gives you the option of defining a list of web pages to be considered as a whitelist, using the excludeMatches parameter in the directive, to represent an array of pages where the script should not be injected.
Here just a sample of what I mean:
const matches = ['*://*/*'];
const excludeMatches = ['*://*.example.com/*'];
const directive = {
id: 'injected-jstest',
js: ['injectedscript.js'],
matches: matches,
excludeMatches: excludeMatches,
persistAcrossSessions: false,
runAt: 'document_start'
};
await browser.scripting.registerContentScripts([directive])
.catch(reason => { console.log("[SW] >>> inject script error:",reason); });
Of course, the whitelist (the excludeMatches array) is not static, but varies over time according to the needs of the moment.
Everything works perfectly in Chromium browsers (Chrome, Edge, ...) and Firefox, but fails miserably in Safari. In fact, Safari seems to completely ignore the excludeMatches parameter and injects the script even where it should not.
Has anyone had the same problem and solved it somehow?
NOTE : To test the correctness and capabilities of the API in each browser, I created a simple repository on Github with the extension code for Chromium, Firefox and Safari (XCode project).
I'm posting a question here as I have encountered an issue while seeking help from engineers in the thread. thread773837
If the "Not Secure Connection Warnings" is enabled in Settings > App > Safari, are HTTP connections not allowed under any circumstances?
I also posted a question about NSAllowsLocalNetworking not being applied, and I was informed that ATS (App Transport Security) is not related to SFSafariViewController. If that's the case, what feature causes the error "Safari cannot open the page. Error: Failed to navigate to an HTTP URL with HTTPS-only mode enabled"?
I am currently working to resolve this issue.
When using iOS VoiceOver to navigate a webpage, selecting a element correctly activates the :focus-visible state. However, when VoiceOver moves to a non-button element (such as a or ), the previously focused button retains its :focus-visible state. The focus indicator only updates when VoiceOver moves to another .
This behavior can be confusing for screen reader users, as it creates the appearance of multiple elements being focused simultaneously. It also differs from expected keyboard navigation behavior, where focus styles typically update as soon as the user moves to a new interactive element.
Is this an intentional VoiceOver behavior, or could this be a bug? If intentional, is there a recommended workaround to ensure correct focus indication when moving between different types of elements?
Steps to Reproduce:
Enable VoiceOver on an iOS device.
Navigate using swipe gestures or explore-by-touch to focus on a .
Observe that the button correctly receives the :focus-visible styling.
Move to a non-button element (e.g., a with tabindex="0" or an ).
Notice that the button still retains its :focus-visible state, even though VoiceOver has moved to a new element.
Expected Behavior:
The previously focused should lose its :focus-visible state when VoiceOver moves to a different interactive element, just as it does when using keyboard navigation.
Actual Behavior:
The :focus-visible state remains on the previously focused button unless VoiceOver moves to another . This can create confusion by displaying multiple focus indicators at once.
Tested On:
iOS 17.7, 18.3.1
iOS Safari
iPhone 11 Pro, iPhone 14 Pro Max
Hi all,
Chrome has it already - animation-timeline aka scroll-animations.
I can nowhere find any informations on what's the status in Safari/Webkit.
Seems like they do not have it on the agenda at all?
Does anyone know anything - I wanted to push a feature request for that - but also seem there is no feature request list anymore for webkit.
See: https://www.w3.org/TR/scroll-animations/
Cheers and kind regards!
I want use the Safari Extension to decorate the window.fetch function, But No matter how I try, I can't get the fetch function to execute correctly. I was going through the documentation: https://developer.apple.com/documentation/safariservices/using-injected-style-sheets-and-scripts
and found this sentence:
"Injected scripts have an implied namespace — you don’t have to worry about your variable or function names conflicting with those of the website author, nor can a website author call functions in your extension. In other words, injected scripts and scripts that you include in the webpage run in isolated worlds, with no access to each other’s functions or data."
Does this mean I can't modify the window object in the content script just like a Chrome extension does with the webpage?
BTW, In chrome I use chrome.scripting.executeScript API, and in
plasmo I just use world: "MAIN" content script's config to achieved this feature.
Hello,
I am developing Safari Content Blocker extension and discovered that it frequently fails to load with large amount of rules. Currently I have over 45k and most of the time when I reload the extension on iOS 18 (iPhone 12) it ends with error:
Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.SafariServices.ContentBlockerLoader" UserInfo={NSDebugDescription=connection to service named com.apple.SafariServices.ContentBlockerLoader} #0
And the simpler message is just:
Couldn’t communicate with a helper application.
From what I managed to find (for example here - https://developer.apple.com/forums/thread/756931) the limit for blocking rules should be 150k items.
It was previously 50k but got increased years ago.
Is there anything special I need to do to get the extension to work reliably with say 100k items?
I am usng the JSON format from the docs:
{
"trigger": {
...
},
"action": {
...
}
},
{
"trigger": {
...
},
"action": {
...
}
}
]
My trigger is url-filter and the action is type: block
I was thinking about providing multiple JSON files in attachments property of NSExtensionItem but apparently that is not supported.
Thanks for help!
I am currently operating an app using an embedded web server that communicates over local HTTP.
Recently, when opening Safari, I started encountering the following error message:
"Safari cannot open the page. Error: Failed to navigate to an HTTP URL with HTTPS-only mode enabled."
However, I am currently in a situation where switching to HTTPS is difficult. Are there any solutions to resolve this issue besides using HTTPS?
Thank you.🙏
Hi there,
I use the Clipboard API to create formatted project links with a "copy link" button. This has been really versatile for end users. When they paste into their email, they get a hyperlinked project name that leads to the project, and when they paste into the URL bar, they just get the project URL.
It used to be that pasting into Messages on Mac would yield the same behavior as pasting into the URL bar. But recently, Messages started only pasting the inner text of the HTML clipboard, so no URL, just the project name, which isn’t very useful for a copy link function.
Is there any way to ensure that Messages pastes the URL while maintaining my formatting options on other surfaces?
I'm developing an application that needs smooth framerates within a wkwebview that interacts with native code. However, requestAnimationFrame by default is still throttled to 60hz even if all my target devices (the iPad Pro for example) have supported 120hz for a long time already. I noticed that the latest Safari in 18.3 beta supports unlocked framerates, but that's only under Safari feature flags. To my knowledge, these flags do not apply to WKWebView. Is there a way to enable unlocked framerate in WKWebView via requestAnimationFrame? (Calling JS at a faster rate from the native code side will not work, almost definitely, since WKWebView will still render at its own rate.)
This is an experimental application for internal use and I'm okay if there are temporary beta solutions available.
Hi folks,
When doing HLS v6 live streaming with fmp4 chunks we noticed that when the encoder timestamps slightly drift and a #EXT-X-DISCONTINUITY tag is created in either the audio or video playlist (in an ABR setup), the tag is not correctly handled by the player leading to a broken playback containing black screen or no audio (depending on which playlist the tag is printed in).
We noticed that this is often true when the number of tags is odd between the playlists (eg. the audio playlist contains 1 tag and the video contains 2 tags will result in a black screen with audio).
By using the same "broken" source but using Shaka player instead won't break the playback at all.
Are there any possible fix (or upcoming) for AV Player?
When a tab goes to sleep, all its resources gets killed. When the user has any interaction it gets active again. However, if there is an audio in the tab, it does not play again even after user interaction. One has to reload/reopen the tab.
Is this how it should work?
Is there a fix for this?
Safari throw a ViewTransition error, called ' Unhandled Promise Rejection: AbortError: Old view transition aborted by new view transition.' however, i don't find how to catch it.
i used 'try..catch' or Promise.catch, or catch it in finished/ready/updateCallbackDone Promise. These all don't work.
PWA works perfectly fine in safari browsers in mac but in mobile devices it
is not working it just shows, There is no internet connection. found a fix from ios release - https://developer.apple.com/documentation/safari-release-notes/safari-17_2-release-notes
but actually it is not solving the issue. in my case even it is not throwing the issue -
fix is - Fixed a cache miss bug in DOMCache that triggered service worker fetch errors. (115740959) (FB13188943)
Hi there,
I have a problem that , after I add website at dock but unable to turn on the website from dock & pop up message also mention that app was damaged. This problem appears after I factory reset my iMac. Please kindly advise. Thank guys.
Is it a specification that the Service Worker doesn’t work in an internal iframe only when the parent page in a WebView is file://? It works in Mobile Safari under the same conditions, and we couldn’t find any specification that says Service Worker-like behavior doesn’t work with this combination.
Step to reproduce:
We use Vite to develop the application.
For the iframe in Webview,
Install vite-plugin-pwa with version ^0.20.5
Add VitePWA({...}) to plugins[] array in vite.config.ts
Build and preview the app: npm run build && npm run preview.
We open a Webview with file:// and then open the iframe with the URL to which we preview the app (We use ngrok to create the URL).
Then we open Safari and inspect the Webview but inside the Developer > Service workers tab doesn’t have a registered service worker.
For safari, we do the same step 1-3,
We open Safari browser with the URL that we have deployed the app (The same URL we used in the iframe in Webview).
We go inside the Developer > Service workers tab and it has a registered service worker.
Environment:
Simulator: IOS 18.2
Safari: MacOS 15.2
Expectation: Safari and the iframe in Webview should have a registered service worker inside the Developer > Service workers.
Python version 3.9.1
Selenium version 4.25.0
Safari version 18.1.1
I want to operate Safari using Selenium. For this purpose, I would like to set the UserAgent to iOS and change the viewport. What should I do? The following is the content programmed with the Chrome driver. I would like to achieve this using the Safari driver.
import time,os
import chromedriver_binary
from selenium import webdriver
from selenium.webdriver import Safari
from selenium.webdriver.safari.options import Options as SafariOptions
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.support.select import Select
from selenium.webdriver.chrome import service
# selenium 4
from selenium.webdriver.chrome.service import Service as ChromeService
from selenium.webdriver.chrome.options import Options
from webdriver_manager.chrome import ChromeDriverManager
driver = webdriver.Chrome(service=ChromeService(ChromeDriverManager().install()),options = chrome_options)
# iPhone 13 params
viewport = {
"width": 390,
"height": 844,
"deviceScaleFactor": 3,
"mobile": True
}
#Chrome setting
ua = "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1"
driver.execute_cdp_cmd("Emulation.setDeviceMetricsOverride", viewport)
# change user agent
driver.execute_cdp_cmd("Emulation.setUserAgentOverride", {"userAgent": ua})
# ページにアクセス
driver.get("https://hogehoge")
I have an endpoint that generates a .ics file. From my mobile app, I open the browser (Safari) and retrieve the .ics file. In Safari, the events are displayed as expected, and I can use the "Add All" button to add them to the calendar. After clicking "Add All," I can select the desired calendar, and the events are successfully added (see screenshots 1 and 2 below).
Here’s the initial .ics file response:
BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
PRODID:NAME
BEGIN:VEVENT
DTSTAMP:20250101T195917Z
DTSTART:20250102T131600
DTEND:20250102T142500
SUMMARY:My Event 1
UID:unique-uid1
LAST-MODIFIED:20250101T155715Z
DESCRIPTION:Description
SEQUENCE:1
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20250101T195917Z
DTSTART:20250103T131600
DTEND:20250103T135600
SUMMARY:My Event 2
UID:unique-uid2
LAST-MODIFIED:20250101T155715Z
DESCRIPTION:Description
SEQUENCE:1
END:VEVENT
END:VCALENDAR
Later, I updated the .ics file with new event details:
BEGIN:VCALENDAR
VERSION:2.0
CALSCALE:GREGORIAN
PRODID:NAME
BEGIN:VEVENT
DTSTAMP:20250102T195917Z
DTSTART:20250104T131600
DTEND:20250104T142500
SUMMARY:My Event 1 Update
UID:unique-uid1
LAST-MODIFIED:20250104T155715Z
DESCRIPTION:Description
SEQUENCE:2
END:VEVENT
BEGIN:VEVENT
DTSTAMP:20250102T195917Z
DTSTART:20250105T131600
DTEND:20250105T142500
SUMMARY:My Event 2 Update
UID:unique-uid2
LAST-MODIFIED:20250102T155715Z
DESCRIPTION:Description
SEQUENCE:2
END:VEVENT
END:VCALENDAR
I updated everything according to the iCalendar documentation:
UID remained unchanged
SEQUENCE has been updated
DTSTAMP has been updated
LAST-MODIFIED has been updated
However it seems like that Safari can't handle updates on events.
In the preview we can see the changes, but when I click on "Add All" button, nothing happens.
The same behavior is working with other calendars like Outlook (web view) or Google Calendar.
My Questions:
Is there a property missing from my .ics file that is necessary for iOS Safari to handle updates?
Is Safari not designed to handle event updates in this way?
Should I consider moving to a subscription-based solution to manage updates more reliably?
Any insights or suggestions would be greatly appreciated!
Hi Apple Team,
Can we use SFSafariViewController to launch a 3rd party passkey authentication experience from a native iOS app?
Regards
I'm using navigator.geolocation.getCurrentPosition to retrieve the users coordinates in a PWA built with Nextjs. getCurrentPosition is called by clicking on a button. If getCurrentPosition is called afterwards, the cached value is returned. On Safari, If I refresh the page, or logout, login and call getCurrentPosition again, the getCurrentPosition error callback is called with an error code 2 - POSITION_UNAVAILABLE. After around five minutes, getCurrentPosition can be called again.
Is there some kind of throttling restriction on Safari navigator.geolocation.getCurrentPosition?