I am creating a react app and am making use of Webauthn to use TouchID or FaceID for user authentication. I have built my app so that when the button is clicked, navigator.credentials.create is the only call made. With attestation set to none, there are no issues however as soon as I set attestation to direct I get an alert saying 'The operation can't be completed' and 'NotAllowedError: This request has been cancelled by the user.' is logged to console. The issue only presents itself on Safari and iOS devices however works perfectly on other browsers like Chrome. Has anyone encountered a similar issue and possibly know how to resolve it? Thanks Shay

I have to say Safari's (webkit) implementation of Intelligent Tracking Protection (ITP) and the Storage Access API has been challenging to get right. Situation: We have a company that has grown through acquisition and we are trying to implement a unified authentication scheme that uses cross-domain access to tokens stored in cookies Each portal implementing the scheme will have an iframe that hosts a component from an authentication domain and will use postMessage() to check for the existence of the necessary authentication token. The initial implementation worked for Chrome/Edge/Opera/other Chromium browsers, but needed to be adjusted to implement the Storage Access API to allow the authentication component to request 1st party storage access. This worked as documented in Firefox Safari throws an exception when requestStorageAccess() is called and the error object is undefined Here is some examples of the relevant code: Iframe <iframe class="portal-navigation-frame" allowtransparency="true" style="position:absolute; top: -60px; right: -250px;display:none;" id="authFrame" sandbox="allow-scripts allow-storage-access-by-user-activation allow-same-origin allow-top-navigation allow-forms" src="@Constants.AuthenticationUrl"></iframe> Authentication Component const authorizeStorageAccess = async () => { if (document.hasStorageAccess) { try{ if (await document.hasStorageAccess() == false) { console.log("authCommunicationService.authorizeStorageAccess", "does not have storage access"); if (document.requestStorageAccess) { await document.requestStorageAccess(); } else { console.log("authCommunicationService.authorizeStorageAccess", "requestStorageAccess not available"); } } else { console.log("authCommunicationService.authorizeStorageAccess", "already has access"); } } else { console.log("authCommunicationService.authorizeStorageAccess", "already has automatic access"); } catch (err) { console.log("authCommunicationService.authorizeStorageAccess", "error", err); } } }; Note: authorizeStorageAccess is called from a button event handler and only after the user has been redirected to the authentication domain to login and returned. Any assistance would be greatly appreciated. Jason

Hello there, I´m trying to display an in-line base64 pdf file on Safari 15.5. This solution was working on older Safari versions, but not with Safari 15. I´m using the following HTML tag: <embed src="data:application/pdf;base64,JVBER..."> Am I missing something, or is support for viewing PDFs in base64 no longer available?

I have used Safari as my primary browser for years now and it has evolved. Some very good updates and some bad. I have noticed since iOS 14 I believe when Apple started slowly implementing more security features that pages would show up wonky or unresponsive at times, but a clear browsing history and cookies would fix this issue. Then in iOS 15 and now 16b1 it’s become almost unusable on certain pages.  Again these issues have been ongoing since the updated security features started rolling out and in non beta releases For example. Some pages won’t load completely or when you try to use a drop down menu the pictures would overlap the drop down. Resets or clearing cookies/cache, history would not fix this issue. Even turning off some of the privacy features wouldn’t resolve this. Menus have become unresponsive, ie. registering a new user on a forum. The menus would are static with no way to change or update your dob or address.  I hope this makes sense so far. So here is what I have turned on and added extensions. Tracking is off in privacy & security [on] Block pop ups [on] Prevent cross-tracking [on] Hide IP and Address - Trackers & Websites // I can’t see it but I believe the Trackers & Websites is set to general location// [on] Fraudulent website warnings [on] Privacy Preserving Ad Measurements  All Advanced Safari settings are default and have not been touched  Extensions - 1Blocker (only these below are on) [on] Block Ads [on] Block Adult Sites [on] Block Annoyances [on] Block Trackers I have tested things for months now, toggling these off and back on. Trying to find the combination that works. I even removed all extensions and ran just the safari settings by themselves and it still renders some type of misfire with sites (menus being static or pictures over lapping drop down menus) The title says it all. How can I get safari back to working and have these privacy features on without the extra bugginess that Safari is doing? Thanks in advance!

I built a simple recorder on my website for users to record and playback audio. It works on ALL desktop browsers (including Safari) but when I use any browser on my iPhone, the mic is active at the opposite time. The flow is: ask permission > user allows mic access > user presses record > records audio > saves and plays back On iPhone what's happening is after the user allows permission, the mic goes active (visualized by the mic icon in safari browser) and then once the user presses record, it disables the mic. I am using getUserMedia within a React.js app Why is it doing this?

I'm developing a REST API app that generates some PDFs for my users, but there are only available for a certain period of time. To download them I'm using the a HTML tag: <a href="/api/items/1/generate?type=register" download="Important Letter.pdf"> <svg>...</svg> </a> This works fine in the normal flow of the use case, but if a user request a PDF outside of the download period, the server responds to the request with a 422 (Unprocessable Entity) HTML code, and place a json on the body of the request: HTTP/1.1 422 Unprocessable Entity Content-Type: application/json;charset=utf-8 {"error" : "Registration period expired", "type" : "expired", "data" : {"id" : 1}} Safari does not interpret this error and it generates the Important Letter.pdf file and writes the json content on it. Is there a wat to avoid this behavior and display an error message to the user? I was wondering if my server should send some specific error code.

When triggering a webkitRequestFullscreen event in response to a pointerdown event, the result is a fullscreen error. Using a pointerup event instead of pointerdown works fine. I'm using a <button> element to receive the event and in the event listener callback I'm attempting to call webkitRequestFullscreen() on a div. Is this expected behavior? note: this was observed using MacOS Simulator: iPad 9th Generation - iOS 15.4

I am storing token after login in localStorage and using it to make api requests. On safari I am facing issue that once I login and redirected to home page, after that If I go to any other route ex /user safari is clearing token stored in localstorage and thus I am getting logged out. It is a Vue web app and I am using Vue router for navigation. Can anyone please suggest something Thanks in advance

I'm working on ContentBlocker safari extension to block URLs. when the extension is disabled I want to redirect users to Settings/Safari/Extension. I tried these. prefs:root=Safari prefs:root=SAFARI&path=Content%20Blockers none of them is working. Can any please provide me proper solution?

Hello, I am Flip.Shop developer. Our site is having a problem displaying a Video whose size adjusts dynamically to the width and height of the parent component. Please visit this page: https://flip.shop and scroll through a few posts. On all normal browsers (Chrome/Firefox) the video loads nicely. But on Safari 15.5 (desktop and mobile) you can see a flicker for a while. The first frame of the video can't adjust to the size. Video component looks like this: <video preload="auto" loop="" playsinline="" webkit-playsinline="" x5-playsinline="" src="blob:https://flip.shop/1039dfe6-a1f4-4f80-822b-250665225c68" autoplay="" style="width: 100%; height: 100%;"> </video> and CSS of parent component looks like this: width: 100%; height: 100%; position: relative; & video { object-fit: cover; } Is there any solution to prevent video from going crazy in the Safari browser? The only workaround that seems to work is to show a poster covering the video until the video plays. Unfortunately, there is no event to inform that Safari is freaking out, so this poster has to be removed after a 300-500 millisecond timeout connected to the "play" event, which significantly delays the display of this video (on Safari).

We have a PWA mobile site at providentmetals.com. When someone visit our site for the first time or in private/incognito mode, we display the smart banner to promote the app download from the appstore. Since a few months ago, the smart banner stopped appearing in Safari and Chrome on iPhone.   The smart banner works fine on Android, however.   We have defined in the HTML and have tried everything possible but to no avail.   We thought it had something to do with https://developer.apple.com/documentation/apptrackingtransparency but that had been taken care of and the problem still exists.   What we know so far: • The App Banner in iOS Safari is triggered by a meta tag • The App Banner in Chrome (iOS and Android) is JavaScript based • The correct iTunes meta tag for triggering App Banner in iOS Safari is present on AMP, PWA, and Canonical pages. All the places. • Currently, banner is displayed on AMP pages in Safari, all releases. And PWA/canonical pages when viewed in iOS 13 and below. • In iOS 14, App Tracking Transparency was added, along with other privacy controls. This is where the banner stops working - iOS 14+. Any idea how to solve this issue?

We are currently experiencing a usability issue in our App. We also discovered this issue for sites in Safari as well. While using Voiceover in iOS 13.3+, we've discovered that VO skips all tables that are using a caption. This occurs when a user swipes to read the contents of the page. We also observed that using the "rotor" and choosing tables, it will not recognize that there is a table on the page. This has been repeated by multiple users on different devices. Our testing also encompassed VO on macOS Catalina and VO worked as expected for all tables we tested. Has anyone else come across this issue?

Seems SQL Lite database browsers can no longer open these files. Is there a way and can any explain what was changed?

(TL;DR at bottom) Hi everyone, Going into this I'd like to say first that I am by no means a web developer and I know nothing about how browsers are built. I've got a really specific use case that requires me to disable hardware acceleration on my browser. When away from each other, my partner and I like to watch shows and movies together over Zoom's Screen Sharing. For a while I've just been using Chrome to handle that and Safari for everything else. The reason I use Chrome for this is that when I turn off hardware acceleration on Chrome it lets me share my screen on websites like Netflix, Hulu, etc. without an empty screen appearing. But I just don't want Chrome on my computer anymore, if I can somehow get hardware acceleration off on Safari. It's nice to just use one browser for everything, especially since Safari is great for my battery. I looked into this online and something I read says that you just aren't able to do this anymore in Safari but then I asked my friend who does dabble in this sort of stuff and he says there's probably something under: Develop --&gt; Experimental Features that I can mess around with to turn it off. If anybody has pointers for me, I'd really appreciate it! Thanks :-) TL;DR - I'm looking for a way to turn off hardware acceleration on Safari like you are able to do in Chrome

Summary Safari "WebKit Build Archives" (AKA Safari nighties) crashes when opening Preferences. The Preference window doesn't even pop up before crashing. Steps to reproduce Download a nightly build of Safari https://webkit.org/build-archives/#mac-monterey-x86_64 Open run-webkit-archive Go got Safari > Preferences Observer crash Environment Does crash on: MacBook Pro (15-inch, 2017) macOS 12.2.1 and 12.3.1 WebKit Build Archives (249860@main, 249854@main, 249817@main, 292562) Spot checked a few others from Feb to April as well Do NOT crash on: Safari included with macOS 12.3.1 (Version 15.4 (17613.1.17.1.13)) Safari Technology Preview 143 (Safari 15.4, WebKit 17614.1.7.7) 142 141 Crash stack trace 2022-04-21 13:44:00.485 SafariForWebKitDevelopment[13786:133729] *** Assertion failure in -[NSMenuItem initWithTitle:action:keyEquivalent:], NSMenuItem.m:477 2022-04-21 13:44:00.487 SafariForWebKitDevelopment[13786:133729] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: aString != nil' *** First throw call stack: ( 0 CoreFoundation 0x00007ff8112d81e3 __exceptionPreprocess + 242 1 libobjc.A.dylib 0x00007ff811038c13 objc_exception_throw + 48 2 Foundation 0x00007ff81217ac23 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 267 3 AppKit 0x00007ff813c74759 -[NSMenuItem initWithTitle:action:keyEquivalent:] + 363 4 Safari 0x00007ff91e63417a +[NSMenuItem(BrowserExtras) safari_menuItemForFileAtPath:] + 140 5 Safari 0x00007ff91e505a0b -[GeneralPreferences _updateDownloadLocationMenu] + 158 6 libdispatch.dylib 0x00007ff810fda0cc _dispatch_call_block_and_release + 12 7 libdispatch.dylib 0x00007ff810fdb317 _dispatch_client_callout + 8 8 libdispatch.dylib 0x00007ff810fe7c78 _dispatch_main_queue_drain + 943 9 libdispatch.dylib 0x00007ff810fe78bb _dispatch_main_queue_callback_4CF + 31 10 CoreFoundation 0x00007ff81129a9c7 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9 11 CoreFoundation 0x00007ff81125b93f __CFRunLoopRun + 2771 12 CoreFoundation 0x00007ff81125a7ac CFRunLoopRunSpecific + 562 13 HIToolbox 0x00007ff819ee1ce6 RunCurrentEventLoopInMode + 292 14 HIToolbox 0x00007ff819ee1a4a ReceiveNextEventCommon + 594 15 HIToolbox 0x00007ff819ee17e5 _BlockUntilNextEventMatchingListInModeWithFilter + 70 16 AppKit 0x00007ff813c8153d _DPSNextEvent + 927 17 AppKit 0x00007ff813c7fbfa -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1394 18 Safari 0x00007ff91e16d8b5 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 224 19 AppKit 0x00007ff813c722a9 -[NSApplication run] + 586 20 AppKit 0x00007ff813c46227 NSApplicationMain + 817 21 Safari 0x00007ff91e1581c0 SafariMain + 464 22 dyld 0x000000011583e51e start + 462 ) libc++abi: terminating with uncaught exception of type NSException MessageReceiveQueueMap::addImpl - adding duplicate any id receiver 35

I have a website and I often see Safari clients making requests directly to the root of one of my subdomains. This behaviour is unique to Safari as other browsers and other devices aren't making these requests to the root of that subdomain. I serve no page on the root of that subdomain, but I do have pages on specific paths on that subdomain. The requests towards the root don't have any referer and don't seem to be coming from search engines or any other external source. Some clients have visited specific paths (where I serve content) before. I can't pinpoint what is triggering these requests from these devices. It also doesn't seem related to a specific version. Requests for favicons and Apple touch icons are all handled correctly so they aren't the cause of this issue. These is no additional path or query parameters in these requests. Could you please share if there is behaviour within Safari that could cause this request to the root of the subdomain? E.g. having a tab (with a specific path of my website) on standby and that Safari is making this request in the background? Thank you.

Date objects should be able to be constructed with strings formatted as YYYY-MM-DD . On Chrome-based browsers, both of the following are valid: new Date("2022-06-01") new Date("2022-6-01") although the second one does not strictly follow the format. However, it is extremely convenient to work with since you do not have to check for the string length and determine whether to add a 0 in the beginning. Yet, on my Safari browser, the code: new Date("2022-6-01") returns a date object of an invalid date. This is simple to fix, yet it poses an inconvenience during development. Is there any way to let Apple improve its JavaScript engine?

Can a notarized safari web extension (that is distributed outside the store) be permanently allowed to run in the Safari browser when a user selects 'Allow Unsigned extensions'? Or do they have to keep doing it every single time they open the browser?