Explore the integration of web technologies within your app. Discuss building web-based apps, leveraging Safari functionalities, and integrating with web services.

All subtopics
Posts under Safari & Web topic

Post

Replies

Boosts

Views

Activity

Apple Pay on the Web sheet fails with PKPaymentAuthorizationStateFatalError after successful merchant validation (PROD trust policy)
Environment macOS 26.5.1 (Build 25F80) Safari 26.5 Apple Pay JS API version 8 Using https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js Reproduces on the staging website (Does not reproduce on the production website with non sandbox account) Signed into a Sandbox Tester Apple ID, with a test credit card registered exactly per Apple Pay Sandbox Testing — this is the only card in Wallet on the laptop Merchant validation is performed by our staging backend against our real (non-sandbox) merchant identity/certificate — i.e. a sandbox tester card being evaluated against a staging merchant session, which per the sandbox testing documentation is the expected/supported setup for testing on a live site without a separate merchant sandbox environment Summary After completeMerchantValidation() succeeds and the merchant session is accepted, the payment sheet still terminates with PKPaymentAuthorizationStateFatalError a few hundred milliseconds later, right after the native side logs a second "Evaluating merchant session using PROD trust policy." for the same session. The user sees "Payment failed" and the sheet closes. This happens on the very first attempt, with no user interaction beyond tapping the Apple Pay button — no shipping address is even selected before the failure. Since the sandbox tester card + production merchant session combination is the setup the sandbox testing guide describes, we'd expect the sheet to proceed to onpaymentauthorized (Apple's sandbox docs describe payments as being processed as $0 test transactions in this mode) rather than fail natively before that stage is ever reached. Steps to reproduce Visit an item page with an Apple Pay button. Tap the Apple Pay button to open the payment sheet. The sheet presents normally; no interaction with shipping address or payment method is required for the failure to occur. Within ~1 second, the sheet dismisses and displays a "Payment failed" error state. Minimal reproduction of the JS side const session = new ApplePaySession(8, { countryCode: 'US', currencyCode: 'USD', supportedNetworks: ['visa', 'masterCard', 'amex', 'discover'], merchantCapabilities: ['supports3DS'], total: { label: 'Merchant', amount: '10.00' }, }); session.onvalidatemerchant = async () => { const merchantSession = await validateMerchantOnServer(); // succeeds session.completeMerchantValidation(merchantSession); // accepted — see log below }; session.onpaymentmethodselected = () => { session.completePaymentMethodSelection({ newTotal: { label: 'Merchant', amount: '10.00' }, }); }; session.oncancel = event => console.log('cancelled', event); session.begin(); We reproduced this with both our full checkout implementation and this stripped-down request object (no shipping contact required, no line items) — same failure either way, which rules out anything about our order/line-item data. What we expected The sheet to proceed to the biometric authorization step and dispatch onpaymentauthorized once the user confirms. What actually happens The sheet fails immediately with a PKPaymentAuthorizationStateFatalError transition, even though every JS-side completion call (completeMerchantValidation, the payment-method selection) succeeded and returned PKPaymentAuthorizationStatusSuccess. System log (captured via log stream --info --debug --predicate 'process == "Safari" OR process == "passd" OR process == "com.apple.PassKit.PaymentAuthorizationUIExtension"') 21:50:41.544 PaymentCoordinator::beginPaymentSession() -> 1 21:50:41.570 Received prepareWithPaymentRequest: <private> 21:50:42.297 PaymentCoordinator::validateMerchant() 21:50:42.563 PaymentCoordinator::completeMerchantValidation() 21:50:42.564 Received merchant session update with status:PKPaymentAuthorizationStatusSuccess session:<private> 21:50:42.564 Evaluating merchant session using PROD trust policy. <- 1st occurrence, passes 21:50:42.572 PaymentCoordinator::didSelectPaymentMethod() 21:50:42.572 PaymentCoordinator::completePaymentMethodSelection() 21:50:42.653 Evaluating merchant session using PROD trust policy. <- 2nd occurrence 21:50:42.656 State machine change state from ClientCallback to PrepareTransactionDetails with param: <private> 21:50:43.391 Task Completed: <private> 21:50:43.393 State machine change state from PrepareTransactionDetails to PKPaymentAuthorizationStateFatalError with param: <private> 21:50:43.393 Error Payment failed with fatal error <private> 21:50:45.130 PaymentCoordinator::didCancelPaymentSession() The first "Evaluating merchant session using PROD trust policy." line passes (the flow continues to didSelectPaymentMethod). The second occurrence is immediately followed by Task Completed and then the FatalError transition, which suggests PassKit re-validates the merchant session's trust a second time right before PrepareTransactionDetails, and that second check is what's rejecting the session — even though the identical session object was accepted moments earlier at completeMerchantValidation(). What we've tried / ruled out Confirmed every JS completion method (completeMerchantValidation, completePaymentMethodSelection) is called and returns success — no 30-second timeout, no missing completion call, no thrown exception on our side. Reproduced with a minimal, hardcoded ApplePayPaymentRequest (fixed $10.00 total, no shipping fields) — rules out anything about our real order/line-item/sales-tax data. Reproduced on the main branch and independently on our staging deployment running unmodified code — rules out anything specific to our recent frontend changes. The <private> redaction in the system log prevents us from seeing what specifically fails during the second trust evaluation. Confirmed the sandbox tester card and its registration follow the sandbox testing guide exactly — it's the only card on the device, and no other Wallet cards are involved. Question What does PassKit's second "Evaluating merchant session using PROD trust policy" check (immediately before PrepareTransactionDetails) actually validate, beyond what's already checked at completeMerchantValidation() time? Is a sandbox tester card being evaluated against a production merchant session expected to pass this second check, or does sandbox testing per the linked guide require something additional on the merchant/session side (e.g. a specific field on the merchant session, or a specific environment value) that our backend isn't setting? Is there a way to get an unredacted reason for the rejection — e.g. via a private-data-enabled log profile or another diagnostic — since the redacted system log alone doesn't surface one?
0
0
31
1d
app-site-association.cdn-apple.com | Cache not updating
We're handling our universal links (deep links) via our custom router written in express.js. We recently update our .well-known format as per: https://developer.apple.com/documentation/xcode/supporting-associated-domains Our own domain link shows them correctly if we apply cache bust to it: Normal link: https://links.sastaticket.pk/.well-known/apple-app-site-association Cache bust: https://links.sastaticket.pk/.well-known/apple-app-site-association?1 Now, since app-site cache is not updating at: https://app-site-association.cdn-apple.com/a/v1/links.sastaticket.pk Our main domain link is not getting updated response either. Its been more than 72 hours now. Any help, how to push the app-site cache to update? I can provide more context if needed, Thanks
2
0
464
1d
CDN域名端口改变
你好,我的app使用的域名在阿里云进行了CDN加速,并配置了80的端口,后来我将端口改成443端口,导致如今app使用异常,是否将端口改回80端口就能恢复访问呢,如有建议,感激回复。
Topic: Safari & Web SubTopic: General
1
0
45
1d
iOS 27 DB2: WebAudio / AudioContext Live Stream Stalls on Metadata/Track Transitions (MediaToolbox & Sandbox Violations)
Tested iPhone 16 Pro Max running DB2 Since using iOS 27 Developer Beta, Progressive Web Apps (PWAs) and applications using WKWebView that route live streaming audio (such as Icecast/SHOUTcast streams) through the Web Audio API (AudioContext / MediaElementAudioSourceNode for canvas visualizers) experience silent playback freezes during track changes. The JavaScript context remains active, and the HTMLMediaElement reports no errors or pauses, but the low-level system audio daemon (audiod) disconnects. The logs indicate a state desynchronization in MediaToolbox triggered by inline metadata frame updates, coupled with massive sandbox violations. Steps to reproduce: Run a PWA or WKWebView on iOS 27 Developer Beta that loads a live audio stream using an tag. Route the media element into the Web Audio API (e.g., audioContext.createMediaElementSource(audioElement)). Play the stream and lock the screen or let it run in the foreground. Wait for a track transition to occur on the live stream server (which pushes an inline ICY metadata update). Observed Result: Audio instantly goes silent at the track boundary. JavaScript rendering loops remain active, but the stream is dead. List of important errors: MediaToolbox parsing failure: <<<< FigStreamPlayer >>>> fpfs_CacheRenderChain: Caching unexpected mediatype metadata Reasoning: When the stream updates its inline metadata, MediaToolbox (FigStreamPlayer) fails to handle the frame descriptor correctly, halting the stream decoder render chain. Audio engine state desynchronization: <<<< FigStreamPlayer >>>> fpfs_SetRateOnTrack: [...] setting rate on track before it has reached playing state - 4 instead Reasoning: WebKit attempts to keep playing or setting the playback rate, but MediaToolbox fails because the underlying decoder track is stuck in an uninitialized/stalled state (4). System Audio Daemon Disconnection: Subsystem: com.apple.audioanalytics | Process: audiod Reporter disconnected. ( function=sendMessage, reporterID=... ) Reasoning: Because the rendering stream stalled, the system audio daemon (audiod) forcibly severs the audio session connection to the browser container. Massive Sandbox Log Flooding (WebKit.WebContent): Sandbox: com.apple.WebKit.WebContent(2719) deny(1) syscall-unix 179 Reasoning: WebKit's WebAudio thread tries to log trace markers to XNU's kdebug_trace64 (syscall 179) but is blocked by the WebContent sandbox profile, resulting in a loop of thousands of denials that clog the thread. What needs to be fixed: MediaToolbox (FigStreamPlayer): Fix the regression where incoming live stream metadata frames stall the render chain when connected to a Web Audio node. WebKit Sandbox Profiles: Update the iOS WebContent, Network, and GPU sandbox rules to allow necessary tracing/diagnostic calls (syscall-unix 179 and mach-lookup com.apple.diagnosticd) in developer beta builds to prevent thread-blocking loops.
0
0
63
2d
Liquid Glass Icon Support for Progressive Web Apps (PWAs)
Hello there, Is it possible to customize the appearance of PWA icons for Liquid Glass? There was a similar question regarding the different icon appearances a few years ago (see thread). Though, as there never was a real conclusion I want to check if there are ways to achieve this by now? So, is it possible to define custom PWA icons for the dark and monochrome (now clear) modes? Can we maybe even use a fully custom Icon Composer icon for Safari PWAs? The icons attribute supports a purpose object with the value monochrome. Can this be used in any way here? If there is no way to customize it, is there at least a way to stop the auto conversion? In my case the white background get’s automatically replaced with the dark mode gradient, but for some reason the black logo isn’t converted/inverted to white leading to black on black logo. Which of course is not intended! I’d appreciate any help or pointer to a resource on that.
0
1
48
3d
MacOS shortcut for running Javascript on a Safari page fails
I'm trying to run a MacOS shortcut using the "Run JavaScript on Active Safari Tab" action. I consistently get the error "Make sure that 'Allow JavaScript from Apple Events' is enabled in the Develop menu in Safari." The Develop menu in Safari does not contain this switch (in Tahoe 26.5.1), but if you go to Developer Settings... a dialog opens that includes the required switch. I've ensured that the switch is set on, but I continue to get the runtime error in the shortcut JavaScript. What am I missing?
0
0
72
4d
Safari 26.5 Web Audio API Glitch: Automatic background audio playback triggering fast-forwarded "buffer catch-up" burst
https://streamable.com/y16s4q When I leave the Spotify Web Player open on its homepage and remain completely idle (without any physical user interaction or clicks), the page somehow self-triggers an active audio stream. Instantly, Safari's standard "This tab is playing audio" speaker icon appears normally on the right side of the URL/Address bar. Simultaneously, the browser emits a 1–2 second burst of extremely accelerated, fast-forwarded, and chaotic audio (resembling a time-stretch or "Alvin and the Chipmunks" effect) before going silent or stabilizing.
1
0
173
6d
How should WKWebView configure networkServiceType for 5G network slicing?
I’m adding 5G network slicing support to a web browser app using WKWebView. The app declares: com.apple.developer.networking.slicing.appcategory: webBrowser-9003 com.apple.developer.networking.slicing.trafficcategory: defaultslice-1 The documentation says that apps should also set networkServiceType on URLRequest or URLSessionConfiguration. However, most requests made by a WKWebView, including subresources, JavaScript fetches, and WebSockets, are created internally by WebKit. Is declaring webBrowser-9003 and defaultslice-1 sufficient for WKWebView traffic, or is there a supported way to configure the network service type for the entire WKWebView network session?
0
0
149
1w
Capacitor WKWebView on iPhone TestFlight cannot connect to Firebase Realtime Database, RTDB reconnect timeout after 25000ms, iPad works
on hybrid app , capacitor enabled , vuejs , firebase realtime database loading data to welcome page and the rest of data for language learning application, using websockets and firebase database problem: ios iphone when the app is built and run it doesnt load the data for welcome page and the rest of data. tried longpolling instead of websockets, tried directly REST api connection to firebase but no success on both. ps. App Check token is successfully acquired (JS SDK token ready) but Realtime Database reconnects always time out on all iPhones in TestFlight while the same build works on iPad.
Topic: Safari & Web SubTopic: General
0
0
155
1w
In the iOS 26.4 beta version of WKWebView, it is impossible to establish an IP type WebSocket connection!
In iOS 26.4 beta, I noticed that when loading pages using WKWebView and using WebSocket to establish IP type addresses, the connection duration was several seconds and sometimes even failed to connect (normally, the connection duration should be in milliseconds). However, when establishing WebSocket connections using domain names, the connections were normal. Additionally, I discovered a special scenario: When directly establishing WebSocket connections using IP type addresses, it remained in the "connect" state. At the same time, based on Wireshark packet capture, it was found that no TCP connection was sent at this time. However, if two connections with the same address were established simultaneously, those two connections could successfully connect. This bug has seriously affected the use of my application service. Is there a chance that this version will solve the problem?
4
11
1.5k
1w
Safari 17.6 (17618.3.11.11.7, 17618) Crashes on Attempt to Run Extension in Developer Mode
Hi, I'm trying to test out an extension I'm building in Xcode and every time I try to test it, Safari crashes immediately. On later versions of Mac OS, e.g. Sequoia, there's no problem. I'm building this extension as part of a Mac Catalyst app that is a hybrid iPad/Mac OS app. On Safari 26.3 (20623.2.7.18.1) I can just add the source tree as a temporary extension and it works fine. But the .appex file for the same thing is causing the older Safari 17.6 (17618.3.11.11.7, 17618) to throw a fit. Trying to get through this with LLMs has focused on whether the extension target is for iOS and Mac OS or just Mac OS alone, and futzing with UIDeviceFamily the Build Settings. But basically it just doesn't work no matter what I do, and Safari shouldn't crash. Here's the .appex's Info.plist after compilation: % defaults read /Users/[username]/Library/Developer/Xcode/DerivedData/PlainSite-[gibberish]/Build/Products/Debug-maccatalyst/PlainSite.app/Contents/PlugIns/PlainSiteRecycler.appex/Contents/Info.plist { BuildMachineOSBuild = 21H1320; CFBundleIdentifier = "com.thinkcomputer.[product].[extension]"; CFBundleShortVersionString = "1.0"; CFBundleSupportedPlatforms = ( MacOSX ); CFBundleVersion = 2; DTCompiler = "com.apple.compilers.llvm.clang.1_0"; DTPlatformBuild = 14C18; DTPlatformName = macosx; DTPlatformVersion = "13.1"; DTSDKBuild = 22C55; DTSDKName = "macosx13.1"; DTXcode = 1420; DTXcodeBuild = 14C18; LSMinimumSystemVersion = "12.0"; NSExtension = { NSExtensionAttributes = { SafariWebExtensionPath = src; }; NSExtensionPointIdentifier = "com.apple.Safari.web-extension"; NSExtensionPrincipalClass = "PlainSiteRecycler.SafariWebExtensionHandler"; }; UIDeviceFamily = ( 2, 6 ); } Crash log: Hardware Model: MacBookPro12,1 Process: Safari [44241] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 17.6 (17618.3.11.11.7) Code Type: X86-64 (Native) Role: Background Parent Process: launchd [1] Coalition: com.apple.Safari [1098] Date/Time: 2026-06-12 13:29:10.8546 -0700 Launch Time: 2026-06-12 13:27:27.7047 -0700 OS Version: macOS 12.7.6 (21H1320) Release Type: User Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_PROTECTION_FAILURE at 0x00007ff7b77d1ff8 Exception Codes: 0x0000000000000002, 0x00007ff7b77d1ff8 VM Region Info: 0x7ff7b77d1ff8 is in 0x7ff7b3fd2000-0x7ff7b77d2000; bytes after start: 58720248 bytes before end: 7 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL MALLOC_SMALL 7fa313000000-7fa313800000 [ 8192K] rw-/rwx SM=PRV GAP OF 0x54a07d2000 BYTES ---> STACK GUARD 7ff7b3fd2000-7ff7b77d2000 [ 56.0M] ---/rwx SM=NUL ... for thread 0 Stack 7ff7b77d2000-7ff7b7fd2000 [ 8192K] rw-/rwx SM=PRV thread 0 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [44241] Highlighted by Thread: 0 Backtrace not available No thread state (register information) available Binary Images: 0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ??? Error Formulating Crash Report: dyld_process_info_create failed with 5 Failed to create CSSymbolicatorRef - corpse still valid ¯_(ツ)/¯ thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port EOF Full Report {"app_name":"Safari","timestamp":"2026-06-12 13:29:12.00 -0700","app_version":"17.6","slice_uuid":"af2262af-647d-3262-adc8-e52c3ef7579e","build_version":"17618.3.11.11.7","platform":0,"bundleID":"com.apple.Safari","share_with_app_devs":0,"is_first_party":0,"bug_type":"309","os_version":"macOS 12.7.6 (21H1320)","incident_id":"8F871759-8566-49DE-A6F9-EE73128BB836","name":"Safari"} { "uptime" : 100000, "procLaunch" : "2026-06-12 13:27:27.7047 -0700", "procRole" : "Background", "version" : 2, "userID" : 503, "deployVersion" : 210, "modelCode" : "MacBookPro12,1", "procStartAbsTime" : 102649791496150, "coalitionID" : 1098, "osVersion" : { "train" : "macOS 12.7.6", "build" : "21H1320", "releaseType" : "User" }, "captureTime" : "2026-06-12 13:29:10.8546 -0700", "incident" : "8F871759-8566-49DE-A6F9-EE73128BB836", "bug_type" : "309", "pid" : 44241, "procExitAbsTime" : 102752878214260, "cpuType" : "X86-64", "procName" : "Safari", "procPath" : "/Applications/Safari.app/Contents/MacOS/Safari", "bundleInfo" : {"CFBundleShortVersionString":"17.6","CFBundleVersion":"17618.3.11.11.7","CFBundleIdentifier":"com.apple.Safari"}, "buildInfo" : {"ProjectName":"Safari","SourceVersion":"7618003011011007","ProductBuildVersion":"618G22","BuildVersion":"12"}, "storeInfo" : {"deviceIdentifierForVendor":"28124F28-A4EB-556C-A50C-D710162ABDA6","thirdParty":true}, "parentProc" : "launchd", "parentPid" : 1, "coalitionName" : "com.apple.Safari", "crashReporterKey" : "134BE33B-9612-8725-73E0-95998174507F", "wakeTime" : 67008, "sleepWakeUUID" : "F942DC6A-04DF-4EE2-AA9F-DB3EDCB24AC3", "sip" : "enabled", "isCorpse" : 1, "exception" : {"codes":"0x0000000000000002, 0x00007ff7b77d1ff8","rawCodes":[2,140701912080376],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_PROTECTION_FAILURE at 0x00007ff7b77d1ff8"}, "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":44241}, "usedImages" : [ { "size" : 0, "source" : "A", "base" : 0, "uuid" : "00000000-0000-0000-0000-000000000000" } ], "sharedCache" : { "base" : 140703277129728, "size" : 19331678208, "uuid" : "246818c3-4b9f-3462-bcaf-fdf71975e5fe" }, "legacyInfo" : { "threadHighlighted" : 0 }, "trialInfo" : { "rollouts" : [ { "rolloutId" : "61301e3a61217b3110231469", "factorPackIds" : { "SIRI_FIND_MY_CONFIGURATION_FILES" : "652886aa2c02f032beae8316" }, "deploymentId" : 240000028 }, { "rolloutId" : "5ffde50ce2aacd000d47a95f", "factorPackIds" : { }, "deploymentId" : 240000550 } ], "experiments" : [ ] }, "reportNotes" : [ "dyld_process_info_create failed with 5", "Failed to create CSSymbolicatorRef - corpse still valid ¯\(ツ)_/¯", "thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port", "thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port", "thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port" ] } Any help would be greatly appreciated!
2
0
746
1w
Supported way for iOS Safari Web Extension to hand off captured data to containing app for processing?
In 2018, Apple staff noted that Safari App Extensions had no direct API to communicate with the containing app, and suggested app groups or opening a custom URL scheme as workarounds. On iOS Safari Web Extensions, app groups work for persistence, but opening the containing app from the native extension/background flow does not appear reliable. iOS launch policy seems to require a direct user gesture, and I have not found a documented way for the extension flow to reliably continue into the containing app. Is there a supported iOS architecture for completing an extension-initiated workflow in the containing app, or is the intended model to persist data and require the user to manually open the app? My current architecture is: JavaScript in the Safari Web Extension extracts article content from the page. The native Extension Handler receives that content via native messaging. The Extension Handler writes an encoded request into the App Group container. The containing app watches the App Group container using DispatchSource.makeFileSystemObjectSource and processes new requests. This works on macOS. It also works on iOS when the containing app is already running. The problem is that on iOS, if the containing app is not already running, there is no app process to observe the filesystem event or process the request. I have tried treating the Extension Handler as the place to do more work, but in practice it seems suited only for short-lived relay/persistence work. It is not a reliable place for my app’s main processing pipeline, which includes rendering article content and uploading it to a third-party service. My app is a Safari-native “read later” style tool that uploads simplified articles to the reMarkable Cloud. The containing app contains most of the functionality: SwiftUI UI, WebKit/WebPage rendering, account/cloud logic, and upload orchestration. The Safari extension captures the article, but the app needs to run to complete the user-visible workflow. From a user’s perspective, tapping the Safari extension toolbar button is the action that initiates the workflow. Is there any supported way for that user-initiated extension action to launch or wake the containing iOS app so it can process pending App Group requests? Or should Safari Web Extensions on iOS be designed only to persist work and then ask the user to manually open the containing app? If manual app launch is the intended model, it would be helpful for the documentation to state this explicitly. The current tripartite model strongly suggests that the JavaScript extension, native handler, and containing app can collaborate as parts of one workflow, but on iOS the containing app appears to be available only out-of-band unless already running.
0
0
207
2w
Apple Pay Web: Multiple active PPCs for one Merchant ID?
Hi,
 We’re implementing Apple Pay on the Web for a multi-tenant platform via a PSP. The PSP operates multiple HSM/clusters and gave us multiple CSRs, asking us to register all.
Our understanding: a Merchant ID can hold several PPCs over time, but only one is active at once. Questions Is there any supported way to keep more than one PPC active simultaneously for the same Merchant ID? If not, what does Apple recommend for web-only, multi-tenant setups: a single MID with PSP-side decryption & sub-merchant separation, or separate MIDs per brand/region? Any official guidance on PPC rotation and handling many domains for Apple Pay on the Web? links to official docs or prior Apple responses would be appreciated.
2
0
1.1k
2w
Safari Extension Service Worker not working until page reload
Hello, I am developing a Safari extension that uses service workers and all works well. When the extension is updated, a new content script is injected into the current open tabs however the service worker connection with the new content script does not get established. I confirmed both the old content script and new one is on the page, but the new one just doesn't execute which means it will not connect to the service worker. In Chrome a newly injected content script does work and in FireFox it is handled by FireFox automatically. How can this be done in Safari? Any help would be appreciated.
0
0
221
2w
Safari shows “Fraudulent Website Warning” for a clean domain. How to request re-evaluation?
Hello, Safari on iOS is showing a “Fraudulent Website Warning” for our domain: https://doobler.ru/ We are trying to understand how to properly diagnose this and request a re-evaluation. The website has a valid HTTPS certificate and does not currently appear to be flagged by the reputation tools we checked, including Google Safe Browsing / Search Console / VirusTotal. However, some iPhone users still see the Safari warning, while others do not. What we have checked so far: HTTPS certificate is valid No mixed-content or obvious redirect issues found Google Safe Browsing does not show the domain as unsafe Google Search Console does not show security issues VirusTotal does not show active malware/phishing detections The warning appears only for some users/devices We submitted a review request through Apple’s Website Review form, but have not received any response yet We would like to know: Is there any way to confirm whether the warning comes from Apple’s own reputation system, Google Safe Browsing, or another provider used by Safari? How long does Apple Website Review usually take for Safari fraudulent website warnings? Is there a recommended process for requesting re-evaluation if the warning appears to be a false positive? Are there specific technical signals Safari checks that we should verify, such as redirects, third-party scripts, domain reputation, or brand/phishing heuristics? This is affecting real users, so any guidance on the correct escalation or diagnostic path would be appreciated. Thank you.
0
0
171
2w
Apple Pay on the Web sheet fails with PKPaymentAuthorizationStateFatalError after successful merchant validation (PROD trust policy)
Environment macOS 26.5.1 (Build 25F80) Safari 26.5 Apple Pay JS API version 8 Using https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js Reproduces on the staging website (Does not reproduce on the production website with non sandbox account) Signed into a Sandbox Tester Apple ID, with a test credit card registered exactly per Apple Pay Sandbox Testing — this is the only card in Wallet on the laptop Merchant validation is performed by our staging backend against our real (non-sandbox) merchant identity/certificate — i.e. a sandbox tester card being evaluated against a staging merchant session, which per the sandbox testing documentation is the expected/supported setup for testing on a live site without a separate merchant sandbox environment Summary After completeMerchantValidation() succeeds and the merchant session is accepted, the payment sheet still terminates with PKPaymentAuthorizationStateFatalError a few hundred milliseconds later, right after the native side logs a second "Evaluating merchant session using PROD trust policy." for the same session. The user sees "Payment failed" and the sheet closes. This happens on the very first attempt, with no user interaction beyond tapping the Apple Pay button — no shipping address is even selected before the failure. Since the sandbox tester card + production merchant session combination is the setup the sandbox testing guide describes, we'd expect the sheet to proceed to onpaymentauthorized (Apple's sandbox docs describe payments as being processed as $0 test transactions in this mode) rather than fail natively before that stage is ever reached. Steps to reproduce Visit an item page with an Apple Pay button. Tap the Apple Pay button to open the payment sheet. The sheet presents normally; no interaction with shipping address or payment method is required for the failure to occur. Within ~1 second, the sheet dismisses and displays a "Payment failed" error state. Minimal reproduction of the JS side const session = new ApplePaySession(8, { countryCode: 'US', currencyCode: 'USD', supportedNetworks: ['visa', 'masterCard', 'amex', 'discover'], merchantCapabilities: ['supports3DS'], total: { label: 'Merchant', amount: '10.00' }, }); session.onvalidatemerchant = async () => { const merchantSession = await validateMerchantOnServer(); // succeeds session.completeMerchantValidation(merchantSession); // accepted — see log below }; session.onpaymentmethodselected = () => { session.completePaymentMethodSelection({ newTotal: { label: 'Merchant', amount: '10.00' }, }); }; session.oncancel = event => console.log('cancelled', event); session.begin(); We reproduced this with both our full checkout implementation and this stripped-down request object (no shipping contact required, no line items) — same failure either way, which rules out anything about our order/line-item data. What we expected The sheet to proceed to the biometric authorization step and dispatch onpaymentauthorized once the user confirms. What actually happens The sheet fails immediately with a PKPaymentAuthorizationStateFatalError transition, even though every JS-side completion call (completeMerchantValidation, the payment-method selection) succeeded and returned PKPaymentAuthorizationStatusSuccess. System log (captured via log stream --info --debug --predicate 'process == "Safari" OR process == "passd" OR process == "com.apple.PassKit.PaymentAuthorizationUIExtension"') 21:50:41.544 PaymentCoordinator::beginPaymentSession() -> 1 21:50:41.570 Received prepareWithPaymentRequest: <private> 21:50:42.297 PaymentCoordinator::validateMerchant() 21:50:42.563 PaymentCoordinator::completeMerchantValidation() 21:50:42.564 Received merchant session update with status:PKPaymentAuthorizationStatusSuccess session:<private> 21:50:42.564 Evaluating merchant session using PROD trust policy. <- 1st occurrence, passes 21:50:42.572 PaymentCoordinator::didSelectPaymentMethod() 21:50:42.572 PaymentCoordinator::completePaymentMethodSelection() 21:50:42.653 Evaluating merchant session using PROD trust policy. <- 2nd occurrence 21:50:42.656 State machine change state from ClientCallback to PrepareTransactionDetails with param: <private> 21:50:43.391 Task Completed: <private> 21:50:43.393 State machine change state from PrepareTransactionDetails to PKPaymentAuthorizationStateFatalError with param: <private> 21:50:43.393 Error Payment failed with fatal error <private> 21:50:45.130 PaymentCoordinator::didCancelPaymentSession() The first "Evaluating merchant session using PROD trust policy." line passes (the flow continues to didSelectPaymentMethod). The second occurrence is immediately followed by Task Completed and then the FatalError transition, which suggests PassKit re-validates the merchant session's trust a second time right before PrepareTransactionDetails, and that second check is what's rejecting the session — even though the identical session object was accepted moments earlier at completeMerchantValidation(). What we've tried / ruled out Confirmed every JS completion method (completeMerchantValidation, completePaymentMethodSelection) is called and returns success — no 30-second timeout, no missing completion call, no thrown exception on our side. Reproduced with a minimal, hardcoded ApplePayPaymentRequest (fixed $10.00 total, no shipping fields) — rules out anything about our real order/line-item/sales-tax data. Reproduced on the main branch and independently on our staging deployment running unmodified code — rules out anything specific to our recent frontend changes. The <private> redaction in the system log prevents us from seeing what specifically fails during the second trust evaluation. Confirmed the sandbox tester card and its registration follow the sandbox testing guide exactly — it's the only card on the device, and no other Wallet cards are involved. Question What does PassKit's second "Evaluating merchant session using PROD trust policy" check (immediately before PrepareTransactionDetails) actually validate, beyond what's already checked at completeMerchantValidation() time? Is a sandbox tester card being evaluated against a production merchant session expected to pass this second check, or does sandbox testing per the linked guide require something additional on the merchant/session side (e.g. a specific field on the merchant session, or a specific environment value) that our backend isn't setting? Is there a way to get an unredacted reason for the rejection — e.g. via a private-data-enabled log profile or another diagnostic — since the redacted system log alone doesn't surface one?
Replies
0
Boosts
0
Views
31
Activity
1d
app-site-association.cdn-apple.com | Cache not updating
We're handling our universal links (deep links) via our custom router written in express.js. We recently update our .well-known format as per: https://developer.apple.com/documentation/xcode/supporting-associated-domains Our own domain link shows them correctly if we apply cache bust to it: Normal link: https://links.sastaticket.pk/.well-known/apple-app-site-association Cache bust: https://links.sastaticket.pk/.well-known/apple-app-site-association?1 Now, since app-site cache is not updating at: https://app-site-association.cdn-apple.com/a/v1/links.sastaticket.pk Our main domain link is not getting updated response either. Its been more than 72 hours now. Any help, how to push the app-site cache to update? I can provide more context if needed, Thanks
Replies
2
Boosts
0
Views
464
Activity
1d
CDN域名端口改变
你好,我的app使用的域名在阿里云进行了CDN加速,并配置了80的端口,后来我将端口改成443端口,导致如今app使用异常,是否将端口改回80端口就能恢复访问呢,如有建议,感激回复。
Topic: Safari & Web SubTopic: General
Replies
1
Boosts
0
Views
45
Activity
1d
iOS 27 DB2: WebAudio / AudioContext Live Stream Stalls on Metadata/Track Transitions (MediaToolbox & Sandbox Violations)
Tested iPhone 16 Pro Max running DB2 Since using iOS 27 Developer Beta, Progressive Web Apps (PWAs) and applications using WKWebView that route live streaming audio (such as Icecast/SHOUTcast streams) through the Web Audio API (AudioContext / MediaElementAudioSourceNode for canvas visualizers) experience silent playback freezes during track changes. The JavaScript context remains active, and the HTMLMediaElement reports no errors or pauses, but the low-level system audio daemon (audiod) disconnects. The logs indicate a state desynchronization in MediaToolbox triggered by inline metadata frame updates, coupled with massive sandbox violations. Steps to reproduce: Run a PWA or WKWebView on iOS 27 Developer Beta that loads a live audio stream using an tag. Route the media element into the Web Audio API (e.g., audioContext.createMediaElementSource(audioElement)). Play the stream and lock the screen or let it run in the foreground. Wait for a track transition to occur on the live stream server (which pushes an inline ICY metadata update). Observed Result: Audio instantly goes silent at the track boundary. JavaScript rendering loops remain active, but the stream is dead. List of important errors: MediaToolbox parsing failure: <<<< FigStreamPlayer >>>> fpfs_CacheRenderChain: Caching unexpected mediatype metadata Reasoning: When the stream updates its inline metadata, MediaToolbox (FigStreamPlayer) fails to handle the frame descriptor correctly, halting the stream decoder render chain. Audio engine state desynchronization: <<<< FigStreamPlayer >>>> fpfs_SetRateOnTrack: [...] setting rate on track before it has reached playing state - 4 instead Reasoning: WebKit attempts to keep playing or setting the playback rate, but MediaToolbox fails because the underlying decoder track is stuck in an uninitialized/stalled state (4). System Audio Daemon Disconnection: Subsystem: com.apple.audioanalytics | Process: audiod Reporter disconnected. ( function=sendMessage, reporterID=... ) Reasoning: Because the rendering stream stalled, the system audio daemon (audiod) forcibly severs the audio session connection to the browser container. Massive Sandbox Log Flooding (WebKit.WebContent): Sandbox: com.apple.WebKit.WebContent(2719) deny(1) syscall-unix 179 Reasoning: WebKit's WebAudio thread tries to log trace markers to XNU's kdebug_trace64 (syscall 179) but is blocked by the WebContent sandbox profile, resulting in a loop of thousands of denials that clog the thread. What needs to be fixed: MediaToolbox (FigStreamPlayer): Fix the regression where incoming live stream metadata frames stall the render chain when connected to a Web Audio node. WebKit Sandbox Profiles: Update the iOS WebContent, Network, and GPU sandbox rules to allow necessary tracing/diagnostic calls (syscall-unix 179 and mach-lookup com.apple.diagnosticd) in developer beta builds to prevent thread-blocking loops.
Replies
0
Boosts
0
Views
63
Activity
2d
Liquid Glass Icon Support for Progressive Web Apps (PWAs)
Hello there, Is it possible to customize the appearance of PWA icons for Liquid Glass? There was a similar question regarding the different icon appearances a few years ago (see thread). Though, as there never was a real conclusion I want to check if there are ways to achieve this by now? So, is it possible to define custom PWA icons for the dark and monochrome (now clear) modes? Can we maybe even use a fully custom Icon Composer icon for Safari PWAs? The icons attribute supports a purpose object with the value monochrome. Can this be used in any way here? If there is no way to customize it, is there at least a way to stop the auto conversion? In my case the white background get’s automatically replaced with the dark mode gradient, but for some reason the black logo isn’t converted/inverted to white leading to black on black logo. Which of course is not intended! I’d appreciate any help or pointer to a resource on that.
Replies
0
Boosts
1
Views
48
Activity
3d
MacOS shortcut for running Javascript on a Safari page fails
I'm trying to run a MacOS shortcut using the "Run JavaScript on Active Safari Tab" action. I consistently get the error "Make sure that 'Allow JavaScript from Apple Events' is enabled in the Develop menu in Safari." The Develop menu in Safari does not contain this switch (in Tahoe 26.5.1), but if you go to Developer Settings... a dialog opens that includes the required switch. I've ensured that the switch is set on, but I continue to get the runtime error in the shortcut JavaScript. What am I missing?
Replies
0
Boosts
0
Views
72
Activity
4d
Safari 26.5 Web Audio API Glitch: Automatic background audio playback triggering fast-forwarded "buffer catch-up" burst
https://streamable.com/y16s4q When I leave the Spotify Web Player open on its homepage and remain completely idle (without any physical user interaction or clicks), the page somehow self-triggers an active audio stream. Instantly, Safari's standard "This tab is playing audio" speaker icon appears normally on the right side of the URL/Address bar. Simultaneously, the browser emits a 1–2 second burst of extremely accelerated, fast-forwarded, and chaotic audio (resembling a time-stretch or "Alvin and the Chipmunks" effect) before going silent or stabilizing.
Replies
1
Boosts
0
Views
173
Activity
6d
How should WKWebView configure networkServiceType for 5G network slicing?
I’m adding 5G network slicing support to a web browser app using WKWebView. The app declares: com.apple.developer.networking.slicing.appcategory: webBrowser-9003 com.apple.developer.networking.slicing.trafficcategory: defaultslice-1 The documentation says that apps should also set networkServiceType on URLRequest or URLSessionConfiguration. However, most requests made by a WKWebView, including subresources, JavaScript fetches, and WebSockets, are created internally by WebKit. Is declaring webBrowser-9003 and defaultslice-1 sufficient for WKWebView traffic, or is there a supported way to configure the network service type for the entire WKWebView network session?
Replies
0
Boosts
0
Views
149
Activity
1w
Capacitor WKWebView on iPhone TestFlight cannot connect to Firebase Realtime Database, RTDB reconnect timeout after 25000ms, iPad works
on hybrid app , capacitor enabled , vuejs , firebase realtime database loading data to welcome page and the rest of data for language learning application, using websockets and firebase database problem: ios iphone when the app is built and run it doesnt load the data for welcome page and the rest of data. tried longpolling instead of websockets, tried directly REST api connection to firebase but no success on both. ps. App Check token is successfully acquired (JS SDK token ready) but Realtime Database reconnects always time out on all iPhones in TestFlight while the same build works on iPad.
Topic: Safari & Web SubTopic: General
Replies
0
Boosts
0
Views
155
Activity
1w
In the iOS 26.4 beta version of WKWebView, it is impossible to establish an IP type WebSocket connection!
In iOS 26.4 beta, I noticed that when loading pages using WKWebView and using WebSocket to establish IP type addresses, the connection duration was several seconds and sometimes even failed to connect (normally, the connection duration should be in milliseconds). However, when establishing WebSocket connections using domain names, the connections were normal. Additionally, I discovered a special scenario: When directly establishing WebSocket connections using IP type addresses, it remained in the "connect" state. At the same time, based on Wireshark packet capture, it was found that no TCP connection was sent at this time. However, if two connections with the same address were established simultaneously, those two connections could successfully connect. This bug has seriously affected the use of my application service. Is there a chance that this version will solve the problem?
Replies
4
Boosts
11
Views
1.5k
Activity
1w
Safari 17.6 (17618.3.11.11.7, 17618) Crashes on Attempt to Run Extension in Developer Mode
Hi, I'm trying to test out an extension I'm building in Xcode and every time I try to test it, Safari crashes immediately. On later versions of Mac OS, e.g. Sequoia, there's no problem. I'm building this extension as part of a Mac Catalyst app that is a hybrid iPad/Mac OS app. On Safari 26.3 (20623.2.7.18.1) I can just add the source tree as a temporary extension and it works fine. But the .appex file for the same thing is causing the older Safari 17.6 (17618.3.11.11.7, 17618) to throw a fit. Trying to get through this with LLMs has focused on whether the extension target is for iOS and Mac OS or just Mac OS alone, and futzing with UIDeviceFamily the Build Settings. But basically it just doesn't work no matter what I do, and Safari shouldn't crash. Here's the .appex's Info.plist after compilation: % defaults read /Users/[username]/Library/Developer/Xcode/DerivedData/PlainSite-[gibberish]/Build/Products/Debug-maccatalyst/PlainSite.app/Contents/PlugIns/PlainSiteRecycler.appex/Contents/Info.plist { BuildMachineOSBuild = 21H1320; CFBundleIdentifier = "com.thinkcomputer.[product].[extension]"; CFBundleShortVersionString = "1.0"; CFBundleSupportedPlatforms = ( MacOSX ); CFBundleVersion = 2; DTCompiler = "com.apple.compilers.llvm.clang.1_0"; DTPlatformBuild = 14C18; DTPlatformName = macosx; DTPlatformVersion = "13.1"; DTSDKBuild = 22C55; DTSDKName = "macosx13.1"; DTXcode = 1420; DTXcodeBuild = 14C18; LSMinimumSystemVersion = "12.0"; NSExtension = { NSExtensionAttributes = { SafariWebExtensionPath = src; }; NSExtensionPointIdentifier = "com.apple.Safari.web-extension"; NSExtensionPrincipalClass = "PlainSiteRecycler.SafariWebExtensionHandler"; }; UIDeviceFamily = ( 2, 6 ); } Crash log: Hardware Model: MacBookPro12,1 Process: Safari [44241] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 17.6 (17618.3.11.11.7) Code Type: X86-64 (Native) Role: Background Parent Process: launchd [1] Coalition: com.apple.Safari [1098] Date/Time: 2026-06-12 13:29:10.8546 -0700 Launch Time: 2026-06-12 13:27:27.7047 -0700 OS Version: macOS 12.7.6 (21H1320) Release Type: User Report Version: 104 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_PROTECTION_FAILURE at 0x00007ff7b77d1ff8 Exception Codes: 0x0000000000000002, 0x00007ff7b77d1ff8 VM Region Info: 0x7ff7b77d1ff8 is in 0x7ff7b3fd2000-0x7ff7b77d2000; bytes after start: 58720248 bytes before end: 7 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL MALLOC_SMALL 7fa313000000-7fa313800000 [ 8192K] rw-/rwx SM=PRV GAP OF 0x54a07d2000 BYTES ---> STACK GUARD 7ff7b3fd2000-7ff7b77d2000 [ 56.0M] ---/rwx SM=NUL ... for thread 0 Stack 7ff7b77d2000-7ff7b7fd2000 [ 8192K] rw-/rwx SM=PRV thread 0 Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [44241] Highlighted by Thread: 0 Backtrace not available No thread state (register information) available Binary Images: 0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ??? Error Formulating Crash Report: dyld_process_info_create failed with 5 Failed to create CSSymbolicatorRef - corpse still valid ¯_(ツ)/¯ thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port EOF Full Report {"app_name":"Safari","timestamp":"2026-06-12 13:29:12.00 -0700","app_version":"17.6","slice_uuid":"af2262af-647d-3262-adc8-e52c3ef7579e","build_version":"17618.3.11.11.7","platform":0,"bundleID":"com.apple.Safari","share_with_app_devs":0,"is_first_party":0,"bug_type":"309","os_version":"macOS 12.7.6 (21H1320)","incident_id":"8F871759-8566-49DE-A6F9-EE73128BB836","name":"Safari"} { "uptime" : 100000, "procLaunch" : "2026-06-12 13:27:27.7047 -0700", "procRole" : "Background", "version" : 2, "userID" : 503, "deployVersion" : 210, "modelCode" : "MacBookPro12,1", "procStartAbsTime" : 102649791496150, "coalitionID" : 1098, "osVersion" : { "train" : "macOS 12.7.6", "build" : "21H1320", "releaseType" : "User" }, "captureTime" : "2026-06-12 13:29:10.8546 -0700", "incident" : "8F871759-8566-49DE-A6F9-EE73128BB836", "bug_type" : "309", "pid" : 44241, "procExitAbsTime" : 102752878214260, "cpuType" : "X86-64", "procName" : "Safari", "procPath" : "/Applications/Safari.app/Contents/MacOS/Safari", "bundleInfo" : {"CFBundleShortVersionString":"17.6","CFBundleVersion":"17618.3.11.11.7","CFBundleIdentifier":"com.apple.Safari"}, "buildInfo" : {"ProjectName":"Safari","SourceVersion":"7618003011011007","ProductBuildVersion":"618G22","BuildVersion":"12"}, "storeInfo" : {"deviceIdentifierForVendor":"28124F28-A4EB-556C-A50C-D710162ABDA6","thirdParty":true}, "parentProc" : "launchd", "parentPid" : 1, "coalitionName" : "com.apple.Safari", "crashReporterKey" : "134BE33B-9612-8725-73E0-95998174507F", "wakeTime" : 67008, "sleepWakeUUID" : "F942DC6A-04DF-4EE2-AA9F-DB3EDCB24AC3", "sip" : "enabled", "isCorpse" : 1, "exception" : {"codes":"0x0000000000000002, 0x00007ff7b77d1ff8","rawCodes":[2,140701912080376],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_PROTECTION_FAILURE at 0x00007ff7b77d1ff8"}, "termination" : {"flags":0,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":44241}, "usedImages" : [ { "size" : 0, "source" : "A", "base" : 0, "uuid" : "00000000-0000-0000-0000-000000000000" } ], "sharedCache" : { "base" : 140703277129728, "size" : 19331678208, "uuid" : "246818c3-4b9f-3462-bcaf-fdf71975e5fe" }, "legacyInfo" : { "threadHighlighted" : 0 }, "trialInfo" : { "rollouts" : [ { "rolloutId" : "61301e3a61217b3110231469", "factorPackIds" : { "SIRI_FIND_MY_CONFIGURATION_FILES" : "652886aa2c02f032beae8316" }, "deploymentId" : 240000028 }, { "rolloutId" : "5ffde50ce2aacd000d47a95f", "factorPackIds" : { }, "deploymentId" : 240000550 } ], "experiments" : [ ] }, "reportNotes" : [ "dyld_process_info_create failed with 5", "Failed to create CSSymbolicatorRef - corpse still valid ¯\(ツ)_/¯", "thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port", "thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port", "thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port" ] } Any help would be greatly appreciated!
Replies
2
Boosts
0
Views
746
Activity
1w
Supported way for iOS Safari Web Extension to hand off captured data to containing app for processing?
In 2018, Apple staff noted that Safari App Extensions had no direct API to communicate with the containing app, and suggested app groups or opening a custom URL scheme as workarounds. On iOS Safari Web Extensions, app groups work for persistence, but opening the containing app from the native extension/background flow does not appear reliable. iOS launch policy seems to require a direct user gesture, and I have not found a documented way for the extension flow to reliably continue into the containing app. Is there a supported iOS architecture for completing an extension-initiated workflow in the containing app, or is the intended model to persist data and require the user to manually open the app? My current architecture is: JavaScript in the Safari Web Extension extracts article content from the page. The native Extension Handler receives that content via native messaging. The Extension Handler writes an encoded request into the App Group container. The containing app watches the App Group container using DispatchSource.makeFileSystemObjectSource and processes new requests. This works on macOS. It also works on iOS when the containing app is already running. The problem is that on iOS, if the containing app is not already running, there is no app process to observe the filesystem event or process the request. I have tried treating the Extension Handler as the place to do more work, but in practice it seems suited only for short-lived relay/persistence work. It is not a reliable place for my app’s main processing pipeline, which includes rendering article content and uploading it to a third-party service. My app is a Safari-native “read later” style tool that uploads simplified articles to the reMarkable Cloud. The containing app contains most of the functionality: SwiftUI UI, WebKit/WebPage rendering, account/cloud logic, and upload orchestration. The Safari extension captures the article, but the app needs to run to complete the user-visible workflow. From a user’s perspective, tapping the Safari extension toolbar button is the action that initiates the workflow. Is there any supported way for that user-initiated extension action to launch or wake the containing iOS app so it can process pending App Group requests? Or should Safari Web Extensions on iOS be designed only to persist work and then ask the user to manually open the containing app? If manual app launch is the intended model, it would be helpful for the documentation to state this explicitly. The current tripartite model strongly suggests that the JavaScript extension, native handler, and containing app can collaborate as parts of one workflow, but on iOS the containing app appears to be available only out-of-band unless already running.
Replies
0
Boosts
0
Views
207
Activity
2w
Apple Pay Web: Multiple active PPCs for one Merchant ID?
Hi,
 We’re implementing Apple Pay on the Web for a multi-tenant platform via a PSP. The PSP operates multiple HSM/clusters and gave us multiple CSRs, asking us to register all.
Our understanding: a Merchant ID can hold several PPCs over time, but only one is active at once. Questions Is there any supported way to keep more than one PPC active simultaneously for the same Merchant ID? If not, what does Apple recommend for web-only, multi-tenant setups: a single MID with PSP-side decryption & sub-merchant separation, or separate MIDs per brand/region? Any official guidance on PPC rotation and handling many domains for Apple Pay on the Web? links to official docs or prior Apple responses would be appreciated.
Replies
2
Boosts
0
Views
1.1k
Activity
2w
Safari Extension Service Worker not working until page reload
Hello, I am developing a Safari extension that uses service workers and all works well. When the extension is updated, a new content script is injected into the current open tabs however the service worker connection with the new content script does not get established. I confirmed both the old content script and new one is on the page, but the new one just doesn't execute which means it will not connect to the service worker. In Chrome a newly injected content script does work and in FireFox it is handled by FireFox automatically. How can this be done in Safari? Any help would be appreciated.
Replies
0
Boosts
0
Views
221
Activity
2w
Safari shows “Fraudulent Website Warning” for a clean domain. How to request re-evaluation?
Hello, Safari on iOS is showing a “Fraudulent Website Warning” for our domain: https://doobler.ru/ We are trying to understand how to properly diagnose this and request a re-evaluation. The website has a valid HTTPS certificate and does not currently appear to be flagged by the reputation tools we checked, including Google Safe Browsing / Search Console / VirusTotal. However, some iPhone users still see the Safari warning, while others do not. What we have checked so far: HTTPS certificate is valid No mixed-content or obvious redirect issues found Google Safe Browsing does not show the domain as unsafe Google Search Console does not show security issues VirusTotal does not show active malware/phishing detections The warning appears only for some users/devices We submitted a review request through Apple’s Website Review form, but have not received any response yet We would like to know: Is there any way to confirm whether the warning comes from Apple’s own reputation system, Google Safe Browsing, or another provider used by Safari? How long does Apple Website Review usually take for Safari fraudulent website warnings? Is there a recommended process for requesting re-evaluation if the warning appears to be a false positive? Are there specific technical signals Safari checks that we should verify, such as redirects, third-party scripts, domain reputation, or brand/phishing heuristics? This is affecting real users, so any guidance on the correct escalation or diagnostic path would be appreciated. Thank you.
Replies
0
Boosts
0
Views
171
Activity
2w