we are using angular and Html5 to develop our application, in our application we play videos that are placed on s3. Video when played on desktop borwser are adequatley audible but when played on iPad their volume is too low to be audible. I have tried video.volume =1 but it does not work for iPad because this property is only readable for ios devices. I have tried using javascript audioContext. It worked for my local machine. But when code is deployed on some hosted environments, it just does not work. Did anyone face the same issue? Any help regarding it will be appreciated.

When a tab goes to sleep, all its resources gets killed. When the user has any interaction it gets active again. However, if there is an audio in the tab, it does not play again even after user interaction. One has to reload/reopen the tab. Is this how it should work? Is there a fix for this?

I'm porting to Safari a Chrome/Firefox Extension that makes use of declarativeNetRequest.updateDynamicRules to remove some HTTP headers from requests to a specific URL. This works mostly fine, except for some headers for which this is not allowed by WebKit, such as the Priority header (which is however served by Safari). An annoying corner-case I found is that of the Cookie header. When trying to remove it from the request by adding the following rule { id: <rule id>, priority: <rule priority>, action: { type: "modifyHeaders", requestHeaders: [{ "header": "Cookie", "operation": "remove" }] }, condition: { urlFilter: <my url>, resourceTypes: ["main_frame", "sub_frame"] } } nothing error is thrown, yet the Cookie header is still being sent. This rule however works for other headers, such as Referer. Changing "Cookie" for "cookie" does not help. Questions: Is there an alternative way of removing the Cookie header from the HTTP request? Is this just a bug in WebKit? Is there any way of removing "unsupported" headers such as Priority? Any help or references are appreciated. Edited: more specific description of the corner-case.

Hi Apple Devs & WebKit Team, We operate https://outdoorgala.com — a verified, HTTPS-secure Canadian ecommerce site focused on elite outdoor safety gear. We're Indigenous-owned, based in Alberta, and take customer trust and compliance seriously. However, Safari (iOS + macOS) is falsely flagging our site as “deceptive,” preventing customers from accessing us — even though: We use GoDaddy Website Builder with no redirections or malware All product links are clean, HTTPS-secure, and tracked ethically We recently implemented a fully compliant cookie banner (Accept/Decline logic) A public security.txt and OpenPGP key has been published: https://outdoorgala.com/security No phishing, malware, or cloaking behavior exists on the site We’ve already submitted a review via: ➡️ https://websitereview.apple.com And filed a bug report via Feedback Assistant (FB17608544) What else can be done to speed up review or get flagged domains unblocked in Safari? This is hurting our business and blocking consumer access — despite following all Apple guidelines. Would appreciate any insights or escalation tips. Thank you! – Derek Eiteneier Founder, Outdoor Gala

I have a question. In the file located at /Library/Preferences/com.apple.networkd.plist, if the dict entry for enable_unified_http is set to true or if the value is missing, there is an issue where the video player does not run on MacOS Sequoia Safari 18.0. I found that setting it to false allows it to function properly. Could you explain what this setting does and whether it is possible to change this setting to false within the app?

I am using GTM in my project, and the OneTrust cookie consent script is loading in GTM. After ruling out iOS 18.3.1, I am unable to click on the OneTrust preference center since the GTM script is not loading. This issue i faced for safari browser

I'm trying to set up a smart app banner for my app, but it doesn't appear on the website when I try to test it. I have the meta tag on my website: <meta name="apple-itunes-app" content="app-id=6740216045" /> When I inspect the website, I can see that the meta tag is showing up in the head, but the banner is nowhere to be found. I tried clearing website data but still no dice.

Hi, I'm developing an extension and I need to debug console logs that are logged in the Service Worker. The worker is configured in the manifest and is generally working as expected: However, when I open the browser, go to any site, and open Develop -> Service Workers or Develop -> Web Extension Background Content it is not visible there, so I can't really access the logs: But then I noticed that if I go out of focus from the browser for some time (and probably let the SW die), it becomes visible and I can open it without an issue: So, a couple of questions: Why isn't it instantly accessible? The extension Service Worker dev tools should be accessible regardless of what is happening to the tab or the browser, even if the SW terminates. Why does it eventually appear under Web Extension Background Content instead of the Service Workers when it is in fact an SW?

I've observed a discrepancy in cookie consent options between iOS 18.0 and 18.1 on some websites, such as www2.hm.com. On iOS 18.0, I see "Accept All Cookies" and "Only Required Cookies" options, whereas on iOS 18.1, the options change to "Accept All Cookies" and "Cookie Settings." I would like to understand if this behavior is related to differences in how websites detect the operating system version (iOS 18.0 vs. 18.1) or browser changes within the iOS update. Has anyone else experienced similar variations in cookie consent banners, and could this be tied to differences in the user agent or website A/B testing for different OS versions? Any insights or technical clarifications would be appreciated!

I'm using navigator.geolocation.getCurrentPosition to retrieve the users coordinates in a PWA built with Nextjs. getCurrentPosition is called by clicking on a button. If getCurrentPosition is called afterwards, the cached value is returned. On Safari, If I refresh the page, or logout, login and call getCurrentPosition again, the getCurrentPosition error callback is called with an error code 2 - POSITION_UNAVAILABLE. After around five minutes, getCurrentPosition can be called again. Is there some kind of throttling restriction on Safari navigator.geolocation.getCurrentPosition?

Hello, Do notifications works on a PWA who are in a European iPhone ? Regards Ed

<script src="https://js.braintreegateway.com/web/3.92.0/js/client.min.js"></script>

We have a Safari extension that's been up on the App Store for about 18 months with no apparent issues. This week, however, while working on an update, we uninstalled the production version on our test machines and installed a developer version. When we had some issues, we tried to go back to the production version downloaded from the App Store, but we get an pop saying "Unable to download App." In the log, the most obviously relevant error is 'Operation not permitted'. This occurs on several machines and different logins on those machines in both norma and safe modes. However, on another machine that never had one installed, we could still install the app from the app store, so I suspect there is something left behind that needs to be removed, but I don't know what. FWIW, I see the download directory getting created under /Applications, but it is promptly removed when the failure popup appears. Any suggestions?

We confirmed a problem at Safari on iPadOS 18.2 or after version. For confirmation, we made a HTML document (see below HTML1) what include ‘method="POST" target="_blank"’ and tested the form however server received GET method and there is no parameter, server did not receive “id” parameter. We confirmed that fact in captured packet and log file that on the server. HTML1: We also made another HTML document (see below HTML2) what include submit button, but the server received GET method as above. HTML2: And we also confirmed that it behaves differently depending on the network environment. If the form targets a name that does not exist (ex. target=” A12345”), behaves differently http or https. http: Safari opened new tag, but the server received GET method. Normally, Safari open new tag and the server receive POST method. https: Safari opened new tag, and the server received POST method. It is normally. If the form targets ‘_blank’, the server received GET method on http or https both. We think Safari change the method POST to GET and delete parameters. It is not conformed to the HTML specification if is that true. We confirmed it was not happened at Safari on iPadOS 17.4, and Windows PC (Edge, Chrome). The method what the server received is POST. We find same problem in Apple Support Community (see below URL). https://discussionsjapan.apple.com/thread/255987615 (Described in Japanese) Is it a bug in Safari on iPadOS 18.2 or after version? Do you have plan to fix? Or if fixed the bug, when do you release fixed version.

When the iCloud Passwords Chrome extension is on, there is a 400-500ms lag between clicking on a non-password field and the UI reflecting any changes made by a .on("focus") jQuery listener. When the extension is disabled, there is no lag. See below the performance profiles for the same 4 click events. Extension ON: Extension OFF:

I am currently developing a Chrome, Firefox and Safari web extension, and I am facing a CSP issue on the content script on Safari. The extension I develop has a content script that injects an img tag in the DOM of web pages the user is visiting. That img tag fetches its content at a specific URL. On Chrome and on Firefox, the img tag content fetches the content at the URL with no issue on every web pages, including those that set the CSP header img-src. On Safari, I'm getting the following error on web sites that set the img-src CSP header: Refused to load https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113 because it does not appear in the img-src directive of the Content Security Policy. Here is the actual CSP img-src header content of the web page where, on Safari, the injected img tag does not load the content at https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113: Content-Security-Policy: img-src https://secure.adnxs.com https://www.facebook.com https://.garmin.cn 'self' data: .garmin.com .trustarc.com .truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://.criteo.com https://.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://.teads.tv https://www.googletagmanager.com https://bat.bing.com https://.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com .akamaihd.net https://.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com; My question is, is the page CSP blocking the img tag injected in the web page by the extension's content script? If so, is this behavior documented somewhere, or is it a Safari bug? I saw there is a similar post on the forum, but I couldn't find if the issue is a bug or if it's the expected behavior on Safari: https://developer.apple.com/forums/thread/651542?login=true. Thank you very much for your help.

Hello, I was going through the Apple Pay API documentation and noticed ambiguity on the exact process to complete merchant validation. One of the documentation mentions that the validation url will be Your server posts a request using mutual TLS (mTLS) by calling the Apple Pay server’s Payment Session endpoint. Endpoint (Global) POST https://apple-pay-gateway.apple.com/paymentservices/paymentSession Endpoint (China region) POST https://cn-apple-pay-gateway.apple.com/paymentservices/paymentSession Referencing the url: https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/requesting_an_apple_pay_payment_session whereas the other references that the value should be used as provided by the onvalidatemerchant event object with the property validationURL. Refer: https://developer.apple.com/documentation/apple_pay_on_the_web/apple_pay_js_api/providing_merchant_validation Can someone confirm which is the correct approach to follow ?

I built and extension for chrome, edge, and firefox. I'm porting the chrome extension to safari using the safari-web-extension-converter tool. This has worked successfully and I was able to publish my extension to the app store. I made some updates to the service worker code recently and I'm now being hit with an error when trying to load my unsigned extension into safari: The service_worker script failed to load due to an error. I've looked online at some other forums and haven't found anything helpful around how to debug this kind of error. Because the service worker is non-persistent in safari, I don't have access to the console logs of the service worker through the Develop > Web Extension Background Context menu. Has anyone successfully debugged this kind of error? Are there logs I can pull directly from safari that would help me here? Thanks in advance for the help!

Hi, I’m encountering an unexpected issue in Safari. Specifically, navigator.clipboard.writeText() fails when called from a content script in my extension immediately after sending a message to background.js while it works fine in Chrome and Firefox. Is this expected? Environment Safari 18.2 (20620.1.16.11.8) Technology Preview 210 macOS Sequoia 15.2 (24C101) Example This is a minimal reproducible example, which adds a button to example.com: https://github.com/mshibanami/ClipboarAPIIssueExample Below is the related code: // content.js copyButton.addEventListener('click', async () => { // 👇️ This call seems to trigger the issue await chrome.runtime.sendMessage({}); try { await navigator.clipboard.writeText(text); alert(`✅ Copied '${text}' to clipboard!`); } catch (err) { alert(err + '\n\n' + `navigator.userActivation.isActive: ${navigator.userActivation.isActive}`); } }); // background.js chrome.runtime.onMessage.addListener(() => { }); When I click the button, I expect the text to be copied successfully. However, I receive an error in Safari.: Interestingly, if I remove chrome.runtime.sendMessage(), the clipboard operation works without any problems. Also, note that navigator.userActivation.isActive is true, which might mean it's not related to the User Activation API. Misc. This might be related to another question I posted here: https://developer.apple.com/forums/thread/772275

正常情况下，浏览器执行PUT请求会返回上传进度 在Safari 浏览器上，Ipad 16，Ipad 17 均正常，Ipad 18 上传进度返回一直不变 ipad版本兼容性问题 ipad （16+Safari）：动作正常（逐步显示上传进度） ipad （17+Safari）：动作正常（逐步显示上传进度） ipad （18+Safari）：动作不正常（显示1%直到完成）