Hello, While developing an extension for Safari using Manifest V3, I encountered an issue where my service worker stops functioning; it simply disappears, and I'm unable to revive it in any way. I've attempted to send messages from popup.js and content.js, and even tried setting an alarm with a 20-second interval. However, the worker remains unresponsive until the browser or the extension is reloaded. The logic of my extension operates through background.js (worker). What steps should I take to restore the functionality of the worker? Thank you for your assistance.

I have a web site that uses CSS linear-gradient with color-mix for a background of a division. It shows up just fine in Safari on iOS and iPadOS 17.4.1. When do a screenshot, and select "Full Page", the background-image becomes all black and the text in the division is unreadable. Here is an example of what I am doing. div.ugly { background-image: linear-gradient(to right, yellow, color-mix(in srgb, red, blue)); } Any ideas how to get this to not turn black? I've tried using a print media query but the "Full Page" screenshot does not use that. It looks like it might be a bug in iOS/iPadOS. Thanks, Mike

Hi! When I tap on text field in a block with position: sticky then there is appears an empty space between keyboard and block . How to rid of it?

Hi! I've faced with a problem while using input navigation arrows. When I focus the last field and then click on the down arrow - it takes me to the first field in the beginning of the screen

I have a page that needs to display a large PNG image (1024 x 100247 ) Everything works fine in Chrome and Edge, but failed in safari. this is test image : https://storage-staging.passton.jp/images/2024/03/11/E0R6G8FKd3B3iLPO.png is there any limit in safari ?

<div class="container" style="background-size: contain; user-select: none; pointer-events: none; height: 787.5px; width: 1400px;"> <div class="container__header">header</div> <span> <div class="video-container" style="inset: 17.853% 68% 11.747% 1%; z-index: 2; opacity: 1;"> <div class="video-container__placeholder-image">image</div> <div class="video-container__content"> <div class="some-info"></div> <div class="video-canvas"></div> <div class="other-info"></div> </div> </div> <div class="video-container" style="inset: 17.853% 1% 11.747% 33%; z-index: 1; opacity: 1;"> <div class="video-container__placeholder-image">image</div> <div class="video-container__content"> <div class="video-canvas"> <div class="player" style="width: 100%; height: 100%; position: relative; overflow: hidden; background-color: black;"> <video playsinline="" muted="" style="object-fit: cover; width: 100%; height: 100%; position: absolute; left: 0px; top: 0px;"></video> </div> </div> </div> </div> </span> </div> The page looks like Then, the html changed as follows, <div class="container" style="background-size: contain; user-select: none; pointer-events: none; height: 787.5px; width: 1400px;"> <div class="container__header">header</div> <span> <div class="video-container" style="inset: 100% 100% 0% 0%; z-index: 2; opacity: 0;"> <div class="video-container__placeholder-image">image</div> <div class="video-container__content"> <div class="some-info"></div> <div class="video-canvas"></div> <div class="other-info"></div> </div> </div> <div class="video-container" style="style="inset: 6.106% 5.98719% 0%; z-index: 3; opacity: 1;""> <div class="video-container__placeholder-image">image</div> <div class="video-container__content"> <div class="video-canvas"> <div class="player" style="width: 100%; height: 100%; position: relative; overflow: hidden; background-color: black;"> <video playsinline="" muted="" style="object-fit: cover; width: 100%; height: 100%; position: absolute; left: 0px; top: 0px;"></video> </div> </div> </div> </div> </span> </div> From the mac developer tools, the width of the video is 1400px, but it render like the size is same as before in iOS17+(iOS17.1 and iOS17.3.1). The expected results looks like the actual results are looks like I tried the same operators in iOS 14.6 and 16.4 and it worked as expected, this problem likes only exists in iOS17+. Please help me to resolve this problom. Thanks.

I'm wondering if there's a way to capture the SSL/TLS key log / ephemeral keys from Safari for troubleshooting like there is for Firefox & Chrome by setting the SSLKEYLOGFILE environment variable. I'm troubleshooting an issue where Safari doesn't load certain CSS and JPEG elements on the first load, but when hitting refresh, those same elements load fine. Clearing the cache or using "disable caches" in the network tab of the inspector will cause the elements to fail to load again. Safari shows that it received a header, but no content. Wireshark shows four TCP/RST packets coming from the client / Safari. The same site loads without issue every time using Firefox or Chromium. I'm hoping that someone knows how to capture the TLS session keys from Safari so I can look deeper into the packet capture and figure out if Safari is incorrectly parsing the server's response or if there is some subtle corruption in the response that Safari rejects, but other browsers accept. So, does anyone know how to capture the raw data transfer or TLS session keys from Safari? Thank you!

Safari is allowing users to create multiple passkeys despite setting the excludeCredentials in PublicKeyCredentialCreationOptions (https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#excludecredentials). I also included appidExclude(https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions#appidexclude) but it was still allowing me to create multiple passkeys on the same iCloud account. This does not happen in other browsers. Can anyone point me to any documentation regarding this? Much appreciated https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API/WebAuthn_extensions#appidexclude https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#excludecredentials

Since iOS 17.4 when open a camera in Safari, video stop when download popup appear and video doesn't restart expect when go to home menu and reopen Safari This comportment wasn't present before 17.4 To Reproduce : https://zcqqjd.csb.app/ Step 1 : Click on start Camera Step 2 : Click on Download Picture

My organization is using mutual TLS authentication for HTTPS, with PIV cards storing the certs. We observe that some OS X devices send only the leaf certs when establishing the mTLS connection, whereas others send the entire chain. We cannot validate the leaf cert without the intermediate cert, so those clients are rejected. What drives the decision whether to send the whole chain, vs the leaf cert only? For more details, and some things we observed. The PIV cards are US DoD CAC cards: https://www.cac.mil/common-access-card/ The client cert chain on the card looks like this: Leaf client cert, CN=LastName.Name Intermediate cert, CN=DOD ID CA-70 "Root" cert, CN=DoD Root CA 6 through 8.: Additional interoperability certs. Our system is set up to trust the "root" cert CN=DoD Root CA 6. Neither the leaf cert, nor other certs in the chain are trusted by Apple Keychain Trust Store by default. We find that most laptops will send the entire chain, 1 through 8, when establishing the mTLS connection with our servers. This allows us to validate them correctly. On a subset of OS X devices, Google Chrome will only send the leaf chain. This happens even when we use exact same PIV card, and exact same PIV reader as on working laptops. Safari will not send any cert at all. We found that if we explicitly add the CN=DoD Root CA 6 to the Apple Trust Store, Google Chrome and Safari will start sending a short chain, containing only certs 1 through 3. This allows the server to validate them. When we remove it from Trust Store, Chrome is back to sending only leaf, but Safari will not even send the leaf. Again, this only happens on some laptops; on most of the laptops, both Safari and Google Chrome will send the entire chain, regardless of whatever is set up in Trust Store. My suspicion is that for some reason, on those laptops, Safari will not send the client certs that OS X doesn't trust. This makes sense, but this is not the behavior we want. We want the same behavior on the working laptops, which is to send the whole chain. All of our laptops are on OS X 14.4

Our app uses Azure B2C for SSO login, and we are noticing a bug on Safari 17.x (any browser on iOS 17.x, and Safari 17 on Mac OS) where the Azure B2C cookies go missing during the registration process, which leads to a broken user experience. The following cookies are the ones that go missing The only forum posts related to this issue I have come across are these: https://techcommunity.microsoft.com/t5/azure/azure-app-on-ios-17-not-working/m-p/3958809 Which links to this https://techcommunity.microsoft.com/t5/intune-customer-success/day-zero-support-for-ios-ipados-17-and-macos-14/ba-p/3930010 Is this in bug that will be fixed in an upcoming release on Safari 17.x?

Even when iOS's '"." Shortcut' keyboard setting is enabled, double-tapping the spacebar in WKWebView doesn't insert a period. While making WKWebView editable , "." shortcut is not working. It works fine when any other external keyboard is used. I am facing this issue in WKWebView using apple keyboard. Even forceful adding javascript to replace double tap of space bar to period character logic is not working.

Hi I am using safari in iPad OS (17.4). when I am checking the user agent, It is showing like Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 there is no indication that it's from iPad. How would I detect iPad from user agent whereas on IPhone it can easily be detected. Could you please help me here?

I use three Macs for development of a web application. On each of the Macs (macOS 14.4) I used mkcert to install a local CA and to issue developer certificates (all separately). Accessing the web app with https://localhost:8080 works fine on two Macs with all browsers, but on one Mac Safari claims to have another root CA for localhost which it does not trust. And I cannot override the trust settings. Using Keychain Access I do not find this certificate. Safari shows it like this: Scrolling down I can see DNS Names localhost, localhost.localdomain and lvl.me, so I suspect it is a leftover from trying to install a root CA before using mkcert. The mkcert certificate looks like this and I can see it in the System keychain: So Safari complains and I cannot tell it to trust the server certificate as the CA does not fit (I think). Firefox and Chrome open the website just fine after warning me and me telling them to do so. I tried to find the wrong CA using Keychain Access and Terminal (security find-certificate -a -c localhost, security find-certificate -a -c lvh...) but in vain. Where can I find this certificate and how can I delete it?

I had my website perfectly opening before the iOS 15 update for iPhones. But after that whenever anyone is opening my website it shows blank screen. It is working fine MacBook safari, chrome and all other android devices. Here is the link to the website : [https://startstaging.web.app/PO/1709528483037) I have cleared history, cache, have done resetting the phone, still it hasn't done anything. I don't know how to make it work, do help.

Why is the image on the tab page not updated in real time when the href value of the tag element changes?

Hi, We have recently observed that support for PWAs has been ended in the EU region in iOS 17.4. The changes were visible while the OS was in beta as well. We have a web app with our user base in the US. Is there any plan for these restrictions to be implemented in any other region?

It is 2024. WebGPU has been available for Safari on desktops since December of last year, as well as other browsers for quite some time. It's about time it was made available on the IPAD; at the very least as an advanced feature. WebGPU provides many opportunities to create compelling experiences in other browsers on different device, but not in the Safari browser for IPAD users. I bought an IPAD a few years ago, but the lack of ability and sub-par software, is one of the reasons I can't justify buying another, and many students feel this way. I know so many that are still buying android and surface pros because we are being held back from both creating and consuming newly possible web experiences when we use IOS devices. There are quite a few other things we need, such as a proper set of dev tools, even just for the browser, but webGPU is a must in order to stay competitive. Students who bought IPADs for school and for development need to be allowed to keep up with those using other platforms. Machine Learning, Signal processing, image processing, anything could benefit from compute shaders and uniforms... massive number crunching capability is a must going forward in the web, and those with IPADs need to be allowed to take part. More capabilities will equal more sales.

I'm revisiting code I developed a while back for managing data entry about users, which includes giving them a username and password in the form that an administrator uses. I thought I'd found a way previous to get Safari to NOT try to over-write a field called username with the administrator's username and to NOT store the password they'd entered / reset against their credentials stored in the administrator's keychain. It seems to still be working in other browsers, but for Safari, it's stubbornly popping up "save this password" and offering to autofill... it's driving me nuts. Is there a solution?

We have a payment process in an app which involves loading up a Web page to allow a user to enter credit card details, and to complete a transaction. This web page may result in a 3D-Secure step up challenge. For PCI compliance purposes we launch this in a SFSafariViewController. This 3D secure process involves a collection of redirects, with a final one back to us known as the "Merchant Page". In here, we want to do one more redirect, using a custom URL scheme, to allow the app to recognise that the process has completed, and can safely dismiss the SFSafariViewController. In those cases where no "step up 3d challenge" occurs, the process works well, the final redirect occurs, and our app successfully dismisses the SFSafariViewController. However, in a step up challenge, the Merchant Page loads, but any attempt to do the final custom redirect does not execute. I believe this is a feature of Safari - What I think is going on is that enough time has passed since there was user interaction on the page, and the final redirect, which isn't a https or http link (it is a myapp:// link) simply gets ignored. We've tried a lot of things. One thing works: If we provide a button, and when it is tapped, it sets window.location.href = 'myapp://success?', this works. This is a clue to if it is cause by lack of user interaction. We've tried lots of things: Rather than a javascript redirect, we tried server side redirecting; we tried all of the HTTP 300 response codes. They were all ignored We tried the meta refresh (which we know is kinda deprecated). We tried window.location.href = , window.location.assign(), document.location.href, document.location.assig(), etc. We tried issuing an Ajax XMLHttpRequest, but this failed because it isn't https or http We even tried to suggest our non-standard URL was the source of a script, just to trigger it but it didn't work. We've tried calling in during body onload We've tried calling it using a timeout in case timing was relevant. My gut feeling here is this is a feature. I've used Safari Debugging, and it literally steps over the window.location.href assignment, and doesn't produce a warning or an error. We've added try/catch, and no exception was thrown. Again, it leads me to believe this is all by design (perhaps to prevent ad fraud or something?). I was kinda hoping that in the response, we'd be able to specify a CORS header that tells the browser that "it will be ok to use resources from myapp://", but haven't found the right one. We may end up having to simply produce a button with a message "Your transaction has completed, please press here to dismiss", but it is terrible UX that is unnecessary. I've seen a number of posts elsewhere suggesting that redirects without user interaction can be considered suspicious, and I've experience of this same problem on another browser. If anyone has cracked this one, I'd love to know how