Hello, I was going through the Apple Pay API documentation and noticed ambiguity on the exact process to complete merchant validation. One of the documentation mentions that the validation url will be Your server posts a request using mutual TLS (mTLS) by calling the Apple Pay server’s Payment Session endpoint. Endpoint (Global) POST https://apple-pay-gateway.apple.com/paymentservices/paymentSession Endpoint (China region) POST https://cn-apple-pay-gateway.apple.com/paymentservices/paymentSession Referencing the url: https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session whereas the other references that the value should be used as provided by the onvalidatemerchant event object with the property validationURL. Refer: https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/providing_merchant_validation Can someone confirm which is the correct approach to follow ?

We are currently running a lightweight server within our iOS mobile app to pass a unique device ID via localhost for device-based restrictions. The setup works by binding a user's email to their device ID upon login, and later, when they attempt to log in via a browser, we retrieve this ID by making a request to http://localhost:8086/device-info. However, we're encountering an issue when making this request. Here’s the error message: Error fetching device info: TypeError { } r@webkit-masked-url://hidden/:27:166011 value@webkit-masked-url://hidden/:27:182883 @webkit-masked-url://hidden/:27:184904 We are making this request from an HTTPS website, and we suspect this could be related to mixed-content restrictions. Could you guide us on how to properly make localhost requests over HTTPS, especially in a production environment with the necessary security measures? Any insights or best practices on resolving this issue would be greatly appreciated.

タイトルの通り，seleniumからsafariを起動して操作したいのですが，ユーザーエージェントの変更ができずにおります． ご存知の方は解決方法をご教示いただけますと幸いです． 以下はChromeで操作するためのコードですが，これと同等のことをSafariで行いたいです． 特にUserAgentとviewportの設定についてご教示いただけますと幸いです． import time,os import chromedriver_binary from selenium import webdriver from selenium.webdriver import Safari from selenium.webdriver.safari.options import Options as SafariOptions from selenium.webdriver.common.by import By from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.support import expected_conditions as EC from selenium.webdriver.support.select import Select from selenium.webdriver.chrome import service # selenium 4 from selenium.webdriver.chrome.service import Service as ChromeService from selenium.webdriver.chrome.options import Options from webdriver_manager.chrome import ChromeDriverManager #WEBブラウザの起動 chrome_options = Options() #chrome_options.add_argument("--headless") #chrome_options.add_argument("--disable-gpu") #chrome_options.add_argument("--no-sandbox") driver = webdriver.Chrome(service=ChromeService(ChromeDriverManager().install()),options = chrome_options) viewport = { "width": 390, "height": 844, "deviceScaleFactor": 3, "mobile": True } #Chromeの時の設定 ua = "Mozilla/5.0 (iPhone; CPU iPhone OS 15_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1" driver.execute_cdp_cmd("Emulation.setDeviceMetricsOverride", viewport) # ユーザエージェントの変更 driver.execute_cdp_cmd("Emulation.setUserAgentOverride", {"userAgent": ua}) # ページにアクセス driver.get("https://...") #具体的なURLは省略

I have a Safari extension that plays audio via the javascript AudioContext API. It was working fine under iOS 17 and is now broken under iOS 18. It does not play audio at all. I've tried in both the iOS 18 public beta and the iOS 18.1 developer beta. It is broken in both of them. I've also created Feedback item FB15170620 which has a url attached to a page I created which demonstrates the issue.

Having the app localised and configured to Dutch from Belgium (nl_BE), I open a url with WKWebView. The website locale detects Dutch from Netherlands (nl_NL)

**Description: ** We have implemented a process to launch a native app from a browser (Safari) via universal links. However, under certain conditions, the app does not launch seamlessly, and an error page is displayed in the browser. In such cases, a button to open the app appears at the top of the error page, and pressing this button successfully opens the app. The error page is a blank white page with only the following error message displayed: "NoSuchKeyThe specified key does not exist." We want to confirm the detailed specifications and conditions of the behavior where seamless transition via universal links fails. If there are means to suppress or control the occurrence of this issue, please let us know. Configuration: OS: iOS 18.1 Device: iPad 9th generation, 10th generation **Reproduction Steps: ** When attempting to launch the app via a universal link, a pop-up appears asking "Do you want to allow this page to open ?" If 'Cancel' is pressed in this pop-up, the issue occurs the next time the app is launched via a universal link. However, we have also confirmed that this issue can occur due to operations other than this one, and we have not been able to pinpoint the conditions under which it occurs. Therefore, we would like to confirm the detailed specifications and conditions leading to the occurrence of this issue.

<script src="https://js.braintreegateway.com/web/3.92.0/js/client.min.js"></script>

Hi i Need help, my phone keeps getting all these updates and rapid security features on it at first I thought it was just the normal updates but i started to pay more attention and it's not. i have the beta updates on my phone iPad and Apple Watch but when I go in to see if it in my updates like apple said to do it wasn't in there. Also all my apps are developer apps I'm not able to get normal ones and if I can the next time I go on it it's not how it was. I really don't know what to do, I've gotten 2 new phones because I thought it was just bad software but I researched a lot and I think someone it hacking me. everytime I look something up on safari it takes me to a whole other website or its completly altered and doesnt look like it usually does. Someone please help me lmao I actually think I'm going to lose my mind.

Hi Team, We’re encountering an issue where Open Graph metadata (e.g., og:image) isn’t rendering properly on iOS/macOS platforms or WhatsApp previews. Here’s a brief summary of the problem: SSL Configuration: Our SSL Labs report shows a grade of B due to: Improper certificate chain setup. Outdated cipher suites (e.g., TLS_RSA_WITH_3DES). Support for deprecated TLS protocols (1.0/1.1). Frontend Observations: Metadata (e.g., og:image) is not reliably picked up on iOS/macOS crawlers. Crawlers may have issues accessing assets due to CORS or TLS limitations. What We Need: Guidance on resolving Open Graph preview issues specific to iOS/macOS environments. Best practices for ensuring compatibility with Apple’s crawlers and WhatsApp on iOS. Suggestions for optimizing server-side SSL/TLS configurations and frontend setup to improve metadata visibility. We’re currently using Next.js 14 for the frontend. Any insights or debugging tips are greatly appreciated! Thanks in advance!

Hi, When we using Safari on MacOS with IPv6 we found that the XSRF-TOKEN can be set into the cookies. We have set-cookie in the authentication response headers 'Set-Cookie: XSRF-TOKEN=*******; SameSite=Strict; Secure'. It works by using Safari with IPv4. And also works with Chrome/FireFox with IPv4/IPv6. And also worked with Safari 15.6.1 over IPv6. May I know if this an issue or by design? Anyone aware of this? Thanks.

There is something wrong with WKWebView. it crash. that: - (void)viewDidLoad { [super viewDidLoad]; [self.wkwebView evaluateJavaScript:@"navigator.userAgent" completionHandler:^(id _Nullable result, NSError * _Nullable error) { }]; } crash info ------------------------------------- Translated Report (Full Report Below) ------------------------------------- Incident Identifier: 2430792E-CF51-4EF1-94CF-EC72AC601B2C CrashReporter Key: 50bcb858d8f2af8c94fc75188b8a740c78e148ff Hardware Model: iPhone11,6 Process: Youkui4Phone [956] Path: /private/var/containers/Bundle/Application/198201AE-A0DE-4E8F-B84A-2209122A5783/Youkui4Phone.app/Youkui4Phone Identifier: com.youku.YouKu.InHouse Version: 11.1.13.8339 (2042174090) Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: com.youku.YouKu.InHouse [600] Date/Time: 2024-12-17 16:11:51.5863 +0800 Launch Time: 2024-12-17 15:47:19.4488 +0800 OS Version: iPhone OS 18.1.1 (22B91) Release Type: User Baseband Version: 7.00.00 Report Version: 104 Exception Type: EXC_CRASH (SIGKILL) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: FRONTBOARD 2343432205 <RBSTerminateContext| domain:10 code:0x8BADF00D explanation:scene-update watchdog transgression: app<com.youku.YouKu.InHouse(EEEC9FA9-AFA2-4648-B178-EFFB7C9FE91D)>:956 exhausted real (wall clock) time allowance of 10.00 seconds ProcessVisibility: Foreground ProcessState: Running WatchdogEvent: scene-update WatchdogVisibility: Foreground WatchdogCPUStatistics: ( "Elapsed total CPU time (seconds): 13.120 (user 13.120, system 0.000), 22% CPU", "Elapsed application CPU time (seconds): 2.732, 4% CPU" ) reportType:CrashLog maxTerminationResistance:Interactive> Triggered by Thread: 0 Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 libsystem_kernel.dylib 0x1e503ff90 __psynch_cvwait + 8 1 libsystem_pthread.dylib 0x21d17aa50 _pthread_cond_wait + 1204 2 JavaScriptCore 0x1ab495ce8 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 1900 3 JavaScriptCore 0x1ab4852e4 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char>>::lockSlow(WTF::Atomic<unsigned char>&) + 216 4 JavaScriptCore 0x1ac413cc0 JSC::JSLock::lock() + 568 5 JavaScriptCore 0x1ac45d0f0 JSC::JSRunLoopTimer::Manager::timerDidFireCallback() + 808 6 JavaScriptCore 0x1ab49e218 WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_0::__invoke(__CFRunLoopTimer*, void*) + 96 7 CoreFoundation 0x194cda894 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32 8 CoreFoundation 0x194cda538 __CFRunLoopDoTimer + 1012 9 CoreFoundation 0x194cda08c __CFRunLoopDoTimers + 288 10 CoreFoundation 0x194c793b4 __CFRunLoopRun + 1856 11 CoreFoundation 0x194c78830 CFRunLoopRunSpecific + 588 12 GraphicsServices 0x1e0c581c4 GSEventRunModal + 164 13 UIKitCore 0x1977deeb0 -[UIApplication _run] + 816 14 UIKitCore 0x19788d5b4 UIApplicationMain + 340 15 Youkui4Phone 0x105160fcc main + 56 16 dyld 0x1ba666ec8 start + 2724

The app analytics tab for my account is empty. It doesn't show any bundle IDs or apps that have been launched. Is this normal for WatchOS apps? Here's a screenshot of the tab: https://cloud.goodsmile.studio/hT5fL2HY

Hello everyone. I have a very strange behavior with smart app banners in Safari. When I don't have installed app on my phone, I can't see the banner on our product main page. When I installed the app, I can see the banner, which allows me to go directly to the app. When I put any other app's ID in the meta tag it works perfectly even if I don't have its installed app. So the code is right, what can be the reason of this behavior? Any settings of the app are required?

Hi everyone, I'm facing an issue with accessing device orientation and motion events in Safari on my iPhone (iOS 18). Despite trying several guides and solutions, I cannot find the option to allow access to motion and orientation for websites in the browser settings. I’ve checked privacy settings, and the device is up to date. Can anyone guide me on how to enable this feature in Safari or share any workarounds? Thanks in advance!

I have a simple Safari extension for iOS. In its popup, I want a button that will open the app via a universal link. I have this kind-of working, except that Safari opens the actual online destination of the link with a banner at the top saying "Open in the XXXX app" and an OPEN button. What do I have to do to go directly to the app? More generally, I know that if I copy-and-paste a universal link into the Safari address bar, Safari does the same thing - but it does go directly to the app from an <a href="...."> link. In my app extension JavaScript, I set window.location. Presumably this is too similar to pasting into the address bar. Is there some alternative to setting window.location that is more like clicking on a link and will go directly to the universal link's app? Thanks.

Hi there, we have found a problem, after switching audio tracks multi times when play the HLS, there will be a few seconds of no sound playing after audio track switching, Is there a solution to this problem?

I'm trying to use ES6 module imports in a Safari Web Extension, but despite enabling "type": "module" in the manifest, imports are not functioning as expected. Specifically when working with a project structure that includes multiple directories. A root directory containing the manifest.json and main entry point scripts A scripts/ folder housing core functionality modules A common/ directory for shared utilities, constants, and helper functions A background.js file in the root that attempts to import from these various directories When trying to import modules from the scripts/ and common/ directories into my background.js, I'm encountering complete import failures. How can I correctly implement cross-directory module imports in Safari Web Extensions?

I can open an app (e.g. tiktok) from a website of mine by using the deeplink “tiktok://open”, if the app is installed on my iphone. What's the deeplink to launch TestFlight? Thanks in advance

I have multiple web views of the same domain that share the same local storage, as expected. One of them though, is loading a .webarchive file. The web archive is of the same domain, and is loaded using the same base URL. For some reason, in most cases, the local storage is not shared with this web view when loading the web archive, although if I make that same web view load the actual live web page it does share local storage. I say in most cases, because for some users it works as expected, but for a significant portion of users it isn't sharing local storage. I think that the main difference between working and not is iOS version. iOS 17 seems to be able to share the local storage but iOS 18 does not. I can't find anything related in the release notes of iOS 18 versions. There is nothing in the documentation for load(_:mimeType:characterEncodingName:baseURL:), or the header file, that explains anything specific about local storage and webarchive loading. Does anyone know for sure how local storage is handled when a webarchive is loaded into a web view, and did something change with iOS 18 in regards to this?

In a project to create a web extension for Safari, using scripting.registerContentScript() API to inject a bunch of scripts into web pages, I needed to manage a dynamic whitelist (i.e., web pages where the scripts should not be injected). Fortunately, scripting.registerContentScripts() gives you the option of defining a list of web pages to be considered as a whitelist, using the excludeMatches parameter in the directive, to represent an array of pages where the script should not be injected. Here just a sample of what I mean: const matches = ['*://*/*']; const excludeMatches = ['*://*.example.com/*']; const directive = { id: 'injected-jstest', js: ['injectedscript.js'], matches: matches, excludeMatches: excludeMatches, persistAcrossSessions: false, runAt: 'document_start' }; await browser.scripting.registerContentScripts([directive]) .catch(reason => { console.log("[SW] >>> inject script error:",reason); }); Of course, the whitelist (the excludeMatches array) is not static, but varies over time according to the needs of the moment. Everything works perfectly in Chromium browsers (Chrome, Edge, ...) and Firefox, but fails miserably in Safari. In fact, Safari seems to completely ignore the excludeMatches parameter and injects the script even where it should not. Has anyone had the same problem and solved it somehow? NOTE : To test the correctness and capabilities of the API in each browser, I created a simple repository on Github with the extension code for Chromium, Firefox and Safari (XCode project).