We’re currently trying to implement Apple Pay on our checkout flow pages, which are part of a NextJS application. Due to the fact that our checkout flow is a React-based application, we’re not using the element, but a custom button. We are using the Apple Pay JS API. It seems like we are getting most of the pieces in place, however we’re not having any success with the session.onvalidatemerchant event. Currently when a user clicks the Apple Pay button, the Apple Pay dialog appears briefly with a ‘Payment not completed.’ message and then closes immediately. Given the nature of the issue it seems like it could possibly be a configuration error, but we’re not really sure how to check that everything is configured as it should be. Some questions that we have at the current moment: What version of the Apple Pay API should we be using? Should the domainName value that we’re passing to Apple contain https:// ? Should we be calling the https://apple-pay-gateway.apple.com/paymentservices/paymentSession endpoint directly from our front-end code? Should we pass data to session.completeMerchantValidation(sessionData); as a JavaScript object or JSON?

I have tried to initialize service workers, but they only work in the WebView. When I open an iframe from that WebView, they do not function. Below is my implementation. Is this an issue because iOS does not support service workers in iframes? Please help me answer this. :man-bowing: self.addEventListener('install', event => { // Apply this service worker immediately self.skipWaiting(); }); const putInCache = async (request, response) => { const cache = await caches.open("v1"); await cache.put(request, response); }; const customCache = async ({ request, preloadResponsePromise }) => { }; self.addEventListener("fetch", (event) => { event.respondWith( customCache({ request: event.request, preloadResponsePromise: event.preloadResponse, }), ); });

Hi. I have reviewed the process of integrating Apple Pay on the web, but I still don’t understand how to implement it. For example: I currently have software A and a payment website that my software provides to restaurants. So, how can I integrate Apple Pay on the restaurants' payment websites? I read that to integrate, we need to register for a Merchant ID with Apple Pay. So, is it the restaurants or the software provider who should register? Each restaurant will have a different website domain -> does that mean when registering the Merchant ID, the website domain is the payment website of each restaurant? When Apple Pay provides the verification file, the sales software (i.e., the payment website) must help the restaurants upload that file to the payment website of each restaurant, right? To verify if it is valid or not depends on Apple Pay, right? If it is valid, the Apple Pay payment button will be displayed, correct?

Hi, I'm developing a PWA and I'm experiencing a host of strange issues exclusively with Safari and push notifications, none of which happen with other browsers (Chrome, Firefox, Edge, other Chromium-based browsers). I've been testing primarily on mobile, so it may be (although it's unlikely) that desktop Safari behave differently. The most severe issue is that the indexedDB global is undefined when the service worker is awoken by a push notification. This completely breaks things. I've recently updated to iOS 18.1.1 and I've seen this issue only recently, so it may be related to an update. The notifications endpoint keeps changing and notifications are missed. This issue is weird to make sense of, but the gist of it is that, after restarting the app, registration.pushManager.getSubscription() will, seemingly incorrectly, give null, triggering a call (in our app) to registration.pushManager.subscribe, which will give entirely different subscription information. "Deleted" notification endpoints keep on working (POSTing to them will return 201), instead of returning an error like Google, Microsoft & Mozilla do. This is perhaps not a critical, but it does complicate things on the backend, as we have few meaningful ways of automatically removing these endpoints. This may be related to 2 in that the endpoint is "created" but "forgotten". Sometimes (quite often) pushing a push notification will not result in any notification on the device, even if the handler has debug code to always display a notification for incoming messages. The endpoint will return a 201 response code. I've added some logic to our server to send a push notification as soon as a new push endpoint is seen, and this notification is shown, so it's the "background" notifications that are somehow missed. Testing shows that this may be related to 2, as in instances where the endpoint remains consistent, notifications seem to be delivered. Notification permissions are displayed inconsistently depending on the API used. Notification.permission seems to have the correct value, but navigator.permissions.query seems to always return 'prompt', regardless of the actual permission status. As a corollary to this, the onchange listener never seems to fire on Safari when a permission change occurs. I've searched in this forum, the Web and the WebKit bug tracker, and haven't been able to find anyone else experiencing these issues, other than the inconsistency of querying permissions. I suspect these are WebKit bugs, but it may also be that things are being done in a sequence that is "wrong" for Safari, which is not documented anywhere. Like I said, things work well in all other browsers. I have code to share where the issues can be reproduced reliably, but I don't at the moment have a minimal example. I would appreciate any help or direction with these matters.

Dear all, I have a web application, where it is possible to book a subscription on a monthyl / yearly basis via PayPal. Normally the users use the safari function "add-to-homescreen" for baving the webapp directly on the homescreen. Nevertheless, since one of the last updates, it is not possible to book a subscription via PayPal. But this is only for the homescreen variant. If i open it directly in safari everthying works as desigend. Looking forward to get some help from you. Thank you!

I wanted to create a public contact card so when my clients click a button on my website it traverses them through the iMessage API and instantly adds a contact card with photo and name as a background task. If there is implications my next question was going to be if there is a possible way to create a public contact card where for example I could redirect a client to iMessage and when starting a new conversation if they type in a name it pops up instead of needing to utilize a phone number? I am trying to explain my thought process as much as possible but I have been typing for hours. In simple terms is there a possibility to create a public contact card that can be accessed or texted by anyone who types in a name into new conversation bar?

I'm embedding a page into an APP developed with Xcode through WKWebView, but I've encountered style issues with the page rendered by WKWebView. I simplify the problem as follows. Open this link with Safari: https://cofficlab.github.io/JuiceEditor-Playground What is the light blue part? How can it be removed? If this is a feature, what is the name? Chrome doesn't have this problem.

we are using angular and Html5 to develop our application, in our application we play videos that are placed on s3. Video when played on desktop borwser are adequatley audible but when played on iPad their volume is too low to be audible. I have tried video.volume =1 but it does not work for iPad because this property is only readable for ios devices. I have tried using javascript audioContext. It worked for my local machine. But when code is deployed on some hosted environments, it just does not work. Did anyone face the same issue? Any help regarding it will be appreciated.

I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?

I'm porting to Safari a Chrome/Firefox Extension that makes use of declarativeNetRequest.updateDynamicRules to remove some HTTP headers from requests to a specific URL. This works mostly fine, except for some headers for which this is not allowed by WebKit, such as the Priority header (which is however served by Safari). An annoying corner-case I found is that of the Cookie header. When trying to remove it from the request by adding the following rule { id: <rule id>, priority: <rule priority>, action: { type: "modifyHeaders", requestHeaders: [{ "header": "Cookie", "operation": "remove" }] }, condition: { urlFilter: <my url>, resourceTypes: ["main_frame", "sub_frame"] } } nothing error is thrown, yet the Cookie header is still being sent. This rule however works for other headers, such as Referer. Changing "Cookie" for "cookie" does not help. Questions: Is there an alternative way of removing the Cookie header from the HTTP request? Is this just a bug in WebKit? Is there any way of removing "unsupported" headers such as Priority? Any help or references are appreciated. Edited: more specific description of the corner-case.

Hey there guys! I'm new to this, and have been learning JavaScript on Udemy. I'm trying to do everything inside of Safari, instead of using Chrome. But I'm stuck on something that I feel is kind of small, but has been nagging at the back of my brain. When I go to the 'Inspector Developer Tools' (command + option + i), then go to 'Sources', and go to 'Console Snippets', I'm trying to figure out how to delete any JavaScript files from the Console Snippets selection. In Chrome, when you navigate to the Chrome equivalent, if I right click on the file, there's an option to remove the file, but on Safari the only option I get is to Run Console Snippet. Does anyone know how to remove or delete a JavaScript file from the Console Snippets section in Safari? I have no extensions installed.

Hi, We have configured WKAppBoundDomains and are using limitsNavigationsToAppBoundDomains to enable Service Workers, which works perfectly. However, we are now unable to load a WKWebView with any domain that is not included in the app-bound domains. For these other WKWebView instances, we have explicitly set config.limitsNavigationsToAppBoundDomains = false, but it doesn’t seem to have any effect. We don’t require access to the restricted APIs enabled by app-bound domains for these instances—we simply want them to load and perform basic website functionality. Is there a way to enable Service Workers selectively in some WKWebView instances while allowing others to remain unaffected by the App-Bound Domains restriction? Thank you for your help! Best regards, Rose Ding

Styling overlap occurs between the input field style and the generated strong password field in Safari browser. Is there a way to completely override the original input field style with the styling of the filled strong password?

Hi everyone, I'm developing a minimal Safari web extension for macOS and trying to implement "Sign in with Apple" directly from the extension popup, as per Apple's guidelines it's prohibited to open a new tab/window: Guideline 4.0 - Design: The user is taken to a new Safari window or tab to sign in or register for an account, which provides a poor user experience. What I've Done So Far Created an App ID with "Sign in with Apple" enabled and configured. Created a Service ID with the "Sign in" feature enabled. Enabled "Sign in with Apple" for native targets in Xcode Added the following JavaScript code in my popup.html file to initialize the Apple JS API and handle authentication via a popup: &lt;script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"&gt;&lt;/script&gt; &lt;script&gt; // have tried many different configurations here - nothing works! AppleID.auth.init({ clientId: '&lt;valid client ID&gt;', redirectURI: '&lt;valid URL&gt;', usePopup: true, }); document.getElementById('sign-in-button-apple') .addEventListener('click', () =&gt; { AppleID.auth.signIn().then((response) =&gt; { console.log('Success', response) }).catch((error) =&gt; { console.error('Error', error) }); }); &lt;/script&gt; I also added event listeners for AppleID events: document.addEventListener('AppleIDSignInOnSuccess', (event) =&gt; { console.log('Success', event); }); document.addEventListener('AppleIDSignInOnFailure', (event) =&gt; { console.log('Error', event); }); Issue When I click the "Sign in" button in the popup, a native macOS dialog appears for authorization. However, after confirming sign-in, the modal just closes and no response (success or error) is logged in the console. Expected behavior To receive a success message or an error in the console about the authorization process result. Questions Service ID Configuration: Since the popup's location URL is safari-web-extension://&lt;random-url&gt;, I can't add it to the supported redirect URLs in the Service ID settings. Is there a way to work around this? Safari Web Extension Setup: Are there specific configurations required in Xcode to enable "Sign in with Apple" within a Safari web extension? Sign-In Method: Am I correctly implementing the signIn method in the JavaScript code? Could there be any constraints or special considerations for running it within an extension popup? I would greatly appreciate any guidance, examples, or documentation that can help resolve this issue. Thank you in advance!

Hi Team, We’re encountering an issue where Open Graph metadata (e.g., og:image) isn’t rendering properly on iOS/macOS platforms or WhatsApp previews. Here’s a brief summary of the problem: SSL Configuration: Our SSL Labs report shows a grade of B due to: Improper certificate chain setup. Outdated cipher suites (e.g., TLS_RSA_WITH_3DES). Support for deprecated TLS protocols (1.0/1.1). Frontend Observations: Metadata (e.g., og:image) is not reliably picked up on iOS/macOS crawlers. Crawlers may have issues accessing assets due to CORS or TLS limitations. What We Need: Guidance on resolving Open Graph preview issues specific to iOS/macOS environments. Best practices for ensuring compatibility with Apple’s crawlers and WhatsApp on iOS. Suggestions for optimizing server-side SSL/TLS configurations and frontend setup to improve metadata visibility. We’re currently using Next.js 14 for the frontend. Any insights or debugging tips are greatly appreciated! Thanks in advance!

How to handle it? regular downloads I already go working through Navigation and download delegates

I am working on some open source documentation genereator tools which should support pwa on apple. I want to check whether some private apple meta tags are still supported like apple-touch-icon, I can only found some archived docs: https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html I searched for almost an hour but I can not find anything related to safari and it's behavior in the new documentation. So I want to ask: do I miss anything? or apple is dropping docs for safari?

Hello, Do notifications works on a PWA who are in a European iPhone ? Regards Ed

Hi, When we using Safari on MacOS with IPv6 we found that the XSRF-TOKEN can be set into the cookies. We have set-cookie in the authentication response headers 'Set-Cookie: XSRF-TOKEN=*******; SameSite=Strict; Secure'. It works by using Safari with IPv4. And also works with Chrome/FireFox with IPv4/IPv6. And also worked with Safari 15.6.1 over IPv6. May I know if this an issue or by design? Anyone aware of this? Thanks.

Hi Apple developers, I am very new to XCode and Swift, I am planning to build an app for iOS from a web. I tried to use WKWebView to handle the web , I managed to redirect some of the links to Safari, however some button/links didn't trigger .linkActivated function and encounter the error as "Your browser preventing this app to open “URL”. If I copy the URL to Safari is able to open, I trying to research on web but can't find any related solution for my case. Here is the code in my app: import UIKit import WebKit import SafariServices class ViewController: UIViewController, WKNavigationDelegate { var webView: WKWebView! override func viewDidLoad() { super.viewDidLoad() // Initialize WKWebView let webConfiguration = WKWebViewConfiguration() //enable javascript webConfiguration.preferences.javaScriptEnabled = true webView = WKWebView(frame: self.view.frame, configuration: webConfiguration) webView.navigationDelegate = self self.view.addSubview(webView) // Load a web page as webview if let url = URL(string: "https://myurl") { let request = URLRequest(url: url) webView.load(request) } //console log webView.evaluateJavaScript("console.log('Button clicked!')") { result, error in if let error = error { print("Error executing JavaScript: \(error.localizedDescription)") } else { print("JavaScript result: \(String(describing: result))") } } } func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) { if let url = navigationAction.request.url, navigationAction.navigationType == .linkActivated { // Check if URL is external and open it in Safari if UIApplication.shared.canOpenURL(url) { UIApplication.shared.open(url, options: [:], completionHandler: nil) decisionHandler(.cancel) // Prevent loading the link in the WebView } else { decisionHandler(.allow) // Allow loading if URL cannot be opened in Safari } } else { decisionHandler(.allow) // Allow the WebView to load the URL normally } } }