Dear Apple Developer Experts,
We're experiencing an intermittent issue with WKWebView in our macOS application where local HTML file access is occasionally denied by the sandbox, despite proper implementation and permissions. We seek your guidance in understanding and resolving this issue. Issue Description:
The WKWebView occasionally fails to load local HTML files stored in the app's Contents/Resources directory Error occurs in WebKit Networking Process with sandbox denial Issue is intermittent and can be resolved by app restart or WebKit Networking Process restart Affects all local HTML files in the same directory once the issue occurs
Technical Details:
Error from Kernel Log:
2025-02-07 14:57:17.179821 +0800 kernel Sandbox: com.apple.WebKit.Networking(58661) deny(1) file-read-data /Applications/DingTalk.app/Contents/Resources/webcontent/contact-2024.html
WKWebView Delegate Error (captured in WKNavigationDelegate method):
- (void)webView:(WKWebView *)webView didFailProvisionalNavigation:(WKNavigation *)navigation withError:(NSError *)error
Error Details: Domain: NSPOSIXErrorDomain Code: 1 Description: "Operation not permitted" UserInfo: { networkTaskMetricsPrivacyStance: Unknown, _NSURLErrorFailingURLSessionTaskErrorKey: LocalDataTask <3694CA1E-481B-4E06-975D-E3A56AD56C0F>.<1>, _kCFStreamErrorDomainKey: 1, _kCFStreamErrorCodeKey: 1 }
Key Observations:
Error is captured in WKNavigationDelegate's didFailProvisionalNavigation method The issue affects all local HTML files in the same directory once it occurs Temporary workarounds we've discovered:
- Restarting the application completely resolves the issue
- Without restarting the application, terminating the "WebKit Networking Process" via Activity Monitor causes the process to automatically restart, and this resolves the issue and load works again
Additional Information:
We've collected complete system diagnostics (system_logs.logarchive) at the time of failure The issue appears similar to discussions in Apple Developer Forums (https://developer.apple.com/forums/thread/110072), though we're uncertain if it's the same root cause We've prepared a minimal demo project demonstrating:
-
Our release version app can be downloaded from: https://dtapp-pub.dingtalk.com/dingtalk-desktop/mac_dmg/Release/M1-Beta/DingTalk_v7.6.45_43521682_universal.dmg?spm=0.0.0.0.UuwovG&file=DingTalk_v7.6.45_43521682_universal.dmg for examining our app's codesign, sandbox, and entitlements configurations if needed
-
Important Investigation Finding:
We attempted to simulate the issue by using chmod 000 /path/to/test.html, but this produces a different error: CopyError Domain=NSURLErrorDomain Code=-1102 Description="You do not have permission to access the requested resource." UserInfo={ NSLocalizedDescription=You do not have permission to access the requested resource., NSErrorFailingURLStringKey=file:///Users/sunus/Library/Developer/Xcode/DerivedData/WKWebViewLocalDemo-eumardnlfbmwgnhkaadglsrrhzhs/Build/Products/Debug/WKWebViewLocalDemo.app/Contents/Resources/test.html, NSUnderlyingError=0x600003aedc50 {Error Domain=kCFErrorDomainCFNetwork Code=-1102 "(null)"} } This error is distinctly different from our original issue's "Operation not permitted" error, suggesting that the sandbox denial we're experiencing is not a simple file permission issue.
Questions:
Is this a known issue with the WebKit sandbox in recent macOS versions? Are there recommended best practices or workarounds to prevent this sandbox denial? Could this be related to the WebKit Networking Process's sandbox configuration? Are there additional diagnostics or logs we should collect to help investigate this issue?
We appreciate your assistance in investigating this issue. Please let us know if you need any additional information or clarification.
STEPS TO REPRODUCE
- Open App
- Then loads the local file in /WKWebViewLocalDemo.app/Contents/Resources/test.html
PS, We also submit a DTS & Feedback
DTS:Case-ID: 11876957 Feedback-ID: FB16493282
sysdiagnose is in the Feedback-ID: FB16493282 is uploaded