Hello all, I'm building a web application in ASP.NET MVC (.NET Framework 4.7.2), from this web app I need to send push notifications to users. For the ones who are logged in with windows/android, everything works as expected, but I can't manage to get it work on the apple side. If I use the same methods to subscribe to push notifications, it shows me the popup that asks the user to enable push notifications, and then I get an endpoint like this: https://web.push.apple.com/QKC1Muic0H7... It doesn't work using this (taking the part after https://web.push.apple.com/), I keep getting "Bad device token" (trying to send the notification via APNS). Then I found out that there is another method to register the device from the frontend, and this one should give me the real device token: window.safari.pushNotification.requestPermission But this one doesn't show me the popup, it gives me "denied" without a reason. I'm trying to a test application which is here https://pwa.vctplanner.it, the web push id is web.it.vctplanner, I created a push package downloadable from POST https://pwa.vctplanner.it/api/v2/PushPackages/web.it.vctplanner, and the code from the frontend is this: function registerSafariPush() { // Controlla se Safari Push Notifications è disponibile if (!('safari' in window) || !('pushNotification' in window.safari)) { console.log("Safari Push Notifications non supportate su questo browser."); return; } // Il tuo Website Push ID registrato su Apple Developer var websitePushId = "web.it.vctplanner"; // Controlla lo stato della permission var permissionData = window.safari.pushNotification.permission(websitePushId); switch (permissionData.permission) { case 'default': // L'utente non ha ancora deciso window.safari.pushNotification.requestPermission( 'https://pwa.vctplanner.it', // URL del server che serve il Push Package websitePushId, {}, // dati opzionali da inviare al server function (permission) { if (permission.permission === 'granted') { console.log("Notifiche push abilitate!"); sendSubscriptionToServer({ endpoint: permission.deviceToken }); } else { console.log("Notifiche push non abilitate dall'utente."); } } ); break; case 'denied': // L'utente ha negato console.log("Notifiche push negate."); break; case 'granted': // L'utente ha già autorizzato console.log("Notifiche push già autorizzate."); sendSubscriptionToServer({ endpoint: permissionData.deviceToken }); break; } } Any suggestions of what I'm missing? Is there a complete guide to how generate the push package? Thank you

We are experiencing an issue with Safari in all versions from 18.0 to 18.5 that does not occur in version 17. It affects both iPhones and Macs. And does not happen in Chrome or Windows. The problem is impacting our customers, and our monitoring tools show a dramatic increase in error volume as more users buy/upgrade to iOS 18. The issue relates to network connectivity that is lost randomly. I can reliably reproduce the issue online in production, as well as on my local development environment. For example our website backoffice has a ping, that has a frequency of X seconds, or when user is doing actions like add to a cart increasing the quantity that requires backend validation with some specific frequency the issue is noticable... To test this I ran a JS code to simulate a ping with a timer that calls a local-dev API (a probe that waits 2s to simulate "work") and delay the next HTTP requests with a dynamic value to simulate network conditions: Note: To even make the issue more clear, I'm using GET with application/json payload to make the request not simple, and require a Pre-flight request, which doubles the issue. (async () => { for (let i = 0; i < 30; i++) { try { console.log(`Request start ${i} ${new Date().toLocaleString()}`); const res = await fetch(`https://api.redated.com:8090/1/*****/probe?`, { method: 'GET', mode: "cors", //headers: {'Content-Type': 'text/plain'}, headers: { 'Content-Type': 'application/json' }, }); console.log(`Request end ${i} ${new Date().toLocaleString()} status:`, res.status); } catch (err) { console.error(`Request ${i} ${new Date().toLocaleString()} error:`, err); } let delta = Math.floor(Math.random() * 10); console.log("wait delta",delta); await new Promise(r => setTimeout(r, 1000 - delta)); } })(); For simplicity lets see a case where it fails 1 time only out of 10 requests. (Adjusting the "delta" var on the time interval create more or less errors...) This are the results: The network connection was lost error, which is false, since this is on my localhost machine, but this happens many times and is very reproducible in local and production online. The dev-tools and network tab shows empty for status error, ip, connection_id etc.. its like the request is being terminated very soon. Later I did a detailed debugging with safari and wireshark to really nail down the network flow of the problem: I will explain what this means: Frame 10824 – 18:52:03.939197: new connection initiated (SYN, ACK, ECE). Frame 10831 – 18:52:04.061531: Client sends payload (preflight request) to the server. Frame 10959 – 18:52:09.207686: Server responds with data to (preflight response) to the client. Frame 10960 – 18:52:09.207856: Client acknowledges (ACK) receipt of the preflight response. Frame 10961 – 18:52:09.212188: Client sends the actual request payload after preflight OK and then server replies with ACK. Frame 11092 – 18:52:14.332951: Server sends the final payload (main request response) to the client. Frame 11093 – 18:52:14.333093: captures the client acknowledging the final server response, which marks the successful completion of the main request. Frame 11146 – 18:52:15.348433: [IMPORTANT] the client attempts to send another new request just one second later, which is extremely close to the keep-alive timeout of 1 second. The last message from the server was at 18:52:14.332951, meaning the connection’s keep-alive timeout is predicted to end around 18:52:15.332951 but it does not. The new request is sent at 18:52:15.348433, just microseconds after the predicted timeout. The request leaves before the client browser knows the connection is closed, but by the time it arrives at the server, the connection is already dead. Frame 11147 – 18:52:15.356910: Shows the server finally sending the FIN,ACK to indicate the connection is closed. This happens slightly later than the predicted time, at microsecond 356910 compared to the expected 332951. The FIN,ACK corresponds to sequence 1193 from the ACK of the last data packet in frame 11093. Conclusions: The root cause is related to network handling issues, when the server runs in a setting of keep-alive behavior and keep-alive timeout (in this case 1s) and network timming issue with Safari reusing a closed connection without retrying. In this situation the browser should retry the request, which is what other browsers do and what Safari did before version 18, since it did not suffer from this issue. This behaviour must differ from previous Safari versions (however i read all the public change logs and could not related the regression change). Also is more pronounced with HTTP/1.1 connections due to how the keep-alive is handled. When the server is configured with a short keep-alive timeout of 1 second, and requests are sent at roughly one-second intervals, such as API pings at fixed intervals or user actions like incrementing a cart quantity that trigger backend calls where the probability of failure is high. This effect is even more apparent when the request uses a preflight with POST because it doubles the chance, although GET requests are also affected. This was a just a test case, but in real production our monitoring tools started to detect a big increment with this network error at scale, many requests per day... which is very disrupting, because user actions are randomly being dropped when the user actions and timming happens to be just near a previous connection, where keep alive timeout kicks-in, but because the browser is not yet notified it re-uses the same connection, but by the time it arrived the server is a dead connection. The safari just does nothing about it, does not even retry, be it a pre-flight or not, it just gives this error. Other browsers don't have this issue. Thanks!

I've been using Sign In with Apple for Web for the last six months, and it works well enough. Now, I'm updating the domain of the main application (we got the .com! yeah!) However, I can't find a way in the configuration UI to update the allowed redirect URLs for the application. I go to Identifiers -> My App -> Capabilities -> Sign In with Apple -> Edit button. It just allows me to edit whether this is a primary ID, or grouped ID, plus a callback URL (which I'm not currently using.)

Safari Web Extension for enterprice distribution: If I press run button on xcode it shows the safari web extension toggle and works perfect When installed through exported ipa, the web extension toggle dissapears, it doesnt matter how it was installed through mdm, link, or directly ipa from xcode I just exported an ipa as debugging and it worked when I pushed the ipa

MacOS: 12 ( Monterrey ) Safari: 17.6 Demo Site: https://applepaydemo.apple.com/ At the bottom where the Apple Pay button should appear, I see a warning something like "This browser doesn't support Apple Pay, please use safari" along with a link to requirements for apple pay. All the requirements are fulfilled, OS and Safari's version are above the minimum required. Link was opened in Safari. And the other thing is if I open the same site in Chrome, I can see the apple pay button and when I click on it a QR appears which is the expected behaviour. How to resolve this?

If the Safari Technology Preview window is located on an external monitor with DisplayLink and the computer goes to sleep (screen saver), when it returns, it closes with an error. If the window is located on another monitor that is connected by USB, it does not close. Equipo: Macbook Pro M4 Pro SO: MacOS Sequoia 15.6.1 Safari Technology Preview: Release 227 (preview version work fine) DisplayLink Manager: 13.0.1 (build 46)

I'm trying to use DNR to force safe search with Qwant search engine. Under certain circumstances (scenario described below) the search is performed with an API which contains the safe search level in a URL parameter. A typical query URL is https://api.qwant.com/v3/search/web?q=test&count=10&locale=fr_FR&offset=0&device=desktop&tgp=1&safesearch=0&displayed=true&llm=true. I want a DNR rule to force safesearch to be 2 (= strict) (from some javascript code) : { id: 1, priority: 1, action: { type: 'redirect', "redirect": { "transform": { "queryTransform": { "addOrReplaceParams": [{ "key": "safesearch", "value": "2" }] } } } }, condition: { "urlFilter": "api.qwant.com/v3/search", "resourceTypes": ["xmlhttprequest"] }, } When this rule is activated, I end up with a URL with the original safesearch parameter AND the forced one : https://api.qwant.com/v3/search/web?q=test&count=10&locale=fr_FR&offset=0&device=desktop&tgp=1&safesearch=0&displayed=true&llm=true&safesearch=2. To reproduce this request (with the previous DNR rule in place) : navigate to https://www.qwant.com search for some string (test in my case). This displays the list of results ; click the engine button at the top right to display the settings pane ; inspect network request performed by this page ; change the Adult filter in the list -> the results are automatically updated with the new settings. The web request shows URL with the 2 safesearch parameters. I already used addOrReplaceParams in 'standard' contexts (main_frame) and it works just fine. Any hint on what goes on ? Thank you.

Hello, I have an authentication flow where my app communicates with a backend protected by F5 client certificate validation. The client certificate is distributed via MDM and is available in the device keychain, but not accessible directly from the app. When using ASWebAuthenticationSession (or SFSafariViewController) Safari can successfully pick up and present the certificate during authentication, so that part works fine. However, the backend’s authenticate endpoint only supports a POST request with an Authorization header, whereas ASWebAuthenticationSession only accepts a GET URL when starting the session. My questions are: How is this type of flow typically implemented in iOS? Should the backend provide a GET-based endpoint that redirects into the POST, or is there a recommended iOS pattern (e.g., an intermediate HTML page that does the POST after certificate validation)? Are there Apple guidelines on handling certificate-based auth with ASWebAuthenticationSession when the API requires POST, especially for In-House distributed apps? Any guidance or best practices would be very helpful.

Hello everyone, We've had our app rejected twice under Guideline 3.2.2 regarding charitable donations, and we're seeking clarification on the correct implementation. We've read the guidelines but want to confirm the technical approach with the community's experience. The Rejection Reason: Apple states: "We still noticed that your app includes the ability to collect charitable donations within the app..." They specify that since we are not an approved nonprofit, we must use one of the alternatives, primarily: "provide a link to your website that launches the default browser or SFSafariViewController for users to make a donation." Our Current (Rejected) Implementation: User taps a "Help" button in our native app. A native modal appears inside our app where the user enters their donation amount and email address for the receipt. The user clicks "Donate," which then opens an SFSafariViewController to our website's payment page (e.g., Stripe, PayPal). The amount and email are passed as URL parameters to pre-fill the form. Our Questions for the Community: Is the issue solely the fact that we have a native modal for data entry? We understand we cannot process the payment in-app, but we thought collecting the intent (amount, email) was acceptable before handing off to Safari. What is the definitive, compliant flow? Option A: Should the "Help" button do nothing more than open an SFSafariViewController to a generic donations landing page on our website (https://ourwebsite.com/donate), with no data pre-filled? The user must then navigate and enter all information on the website itself. Option C: The rejection also mentions SMS. Has anyone had success implementing a "Text-to-Donate" link instead of a web flow? Wording: The button in our app currently says "Donate". Should this be changed to a more passive call to action like "Visit Website to Donate" to make it absolutely clear the transaction is external? We want to ensure our next submission is successful. Any insight, especially from developers who have successfully navigated this exact rejection, would be immensely helpful. Thank you.

Video in Landscape takes 2 taps on X to close.This issue can be replicated on iphone 14 ios 18.5.There is no issue on iPhone 15 ios 18.5.

Thank you for supporting me. My environment Device: iPhone 15 Pro OS: iOS 26.0 Public Beta (23A5336a) In iOS 26, three types of tabs were added to Safari. Depending on the option, the behavior of the fixed header and footer can be unstable. *Tab settings can be changed in the iOS Settings app under "Apps -> Safari" > "Tabs." The following behavior differs depending on the tab. Compact When scrolling down, the header and footer shift up by a few pixels. A margin is created between the footer and the URL input field. Bottom Behaves the same as "Compact." Top The header is completely hidden below the URL input field at the top of the screen, leaving a margin below the footer. Below is the sample code to check the operation. <!doctype html> <html lang="ja"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width,initial-scale=1" /> <title>固定ヘッダー/フッター + モーダル</title> <style> :root { --header-h: 56px; --footer-h: 56px; } body { margin: 0; font-family: sans-serif; line-height: 1.6; background: #f9fafb; padding-top: var(--header-h); padding-bottom: var(--footer-h); } header .inner, footer .inner { width: 100%; max-width: var(--max-content-w); padding: 0 16px; display: flex; align-items: center; justify-content: space-between; } header, footer { position: fixed; left: 0; right: 0; display: flex; align-items: center; justify-content: center; z-index: 100; background: #fff; } header { top: 0; height: var(--header-h); border-bottom: 1px solid #ddd; } footer { bottom: 0; height: var(--footer-h); border-top: 1px solid #ddd; } main { padding: 16px; } .btn { padding: 8px 16px; border: 1px solid #2563eb; background: #2563eb; color: #fff; border-radius: 6px; cursor: pointer; } /* モーダル関連 */ .modal { position: fixed; inset: 0; display: none; z-index: 1000; } .modal.is-open { display: block; } .modal__backdrop { position: absolute; inset: 0; background: rgba(0,0,0,0.5); } .modal__panel { position: relative; max-width: 600px; margin: 10% auto; background: #fff; border-radius: 8px; padding: 20px; z-index: 1; } .modal__head { display: flex; justify-content: space-between; align-items: center; margin-bottom: 12px; } .modal__title { margin: 0; font-size: 18px; font-weight: bold; } .modal__close { background: none; border: none; font-size: 20px; cursor: pointer; } </style> </head> <body> <header> <div class="inner"> <h1>デモページ</h1> <button id="openModal" class="btn">モーダルを開く</button> </div> </header> <main class="container" id="main"> <h2>スクロール用の適当なコンテンツ1</h2> <p>ヘッダーとフッターは常に表示されます。モーダルボタンを押すと、画面いっぱいのダイアログが開きます。</p> <!-- ダミーカードを複数 --> <section class="grid"> <div class="card"><strong>カード1</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード2</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード3</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード4</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード5</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード6</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード7</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード8</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード9</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> <div class="card"><strong>カード10</strong><p>適当なテキスト。適当なテキスト。適当なテキスト。</p></div> </section> </main> <footer> <small>&copy; 2025 Demo</small> </footer> <!-- モーダル --> <div class="modal" id="modal"> <div class="modal__backdrop"></div> <div class="modal__panel"> <div class="modal__head"> <h2 class="modal__title">モーダル</h2> <button class="modal__close" id="closeModal">&times;</button> </div> <p>これは白いビューのモーダルです。背景は黒く半透明で覆われています。</p> </div> </div> <script> const modal = document.getElementById('modal'); const openBtn = document.getElementById('openModal'); const closeBtn = document.getElementById('closeModal'); const backdrop = modal.querySelector('.modal__backdrop'); openBtn.addEventListener('click', () => { modal.classList.add('is-open'); }); function closeModal() { modal.classList.remove('is-open'); } closeBtn.addEventListener('click', closeModal); backdrop.addEventListener('click', closeModal); window.addEventListener('keydown', (e) => { if (e.key === 'Escape' && modal.classList.contains('is-open')) { closeModal(); } }); </script> </body> </html>

window.location.href = "tel:02-xxxx-xxxx" Can the development team modify the screen text? Or can the country code be erased? What are the reasons for continuing to be "on the phone" if the country code is automatically attached to the phone like this?

window.location.href = 'tel:0216700310'; I ran the code in an IOS environment. The number was displayed when the call button on the device appeared. However, other IOS devices besides some devices came out as a number starting with +82, and I received feedback that the call was not connected properly. I wonder what could be caused by only some devices. And I would also like to ask what can be done to allow the numbers on the code to be displayed and called as they are.

Hello, In iOS 26 beta, we are seeing an unexpected behavior when using SwiftUI WebView (or a custom WKWebView via UIViewRepresentable). When an alert is presented above the WebView, the WebView immediately reloads to its initial page. The alert itself also disappears instantly, making it impossible for the user to interact with it. This issue occurs both with the new SwiftUI WebView / WebPage API and with a wrapped WKWebView. The problem was not present in previous iOS versions (iOS 17/18). Steps to reproduce: Create a SwiftUI view with a WebView (pointing to any URL). Add a toolbar button that toggles a SwiftUI alert. Run the app on iOS 26 beta. Tap the button to trigger the alert. Expected behavior: The WebView should remain as-is, and the alert should stay visible until the user dismisses it. Actual behavior: As soon as the alert appears, the WebView reloads and resets to the initial page. The alert disappears immediately. Minimal Example: struct ContentView: View { @State private var showAlert = false var body: some View { NavigationStack { WebView(URL(string: "https://apple.com")!) .toolbar { ToolbarItem(placement: .topBarTrailing) { Button("Close") { showAlert = true } } } .alert("Confirm close?", isPresented: $showAlert) { Button("Cancel", role: .cancel) {} Button("Close", role: .destructive) {} } } } } I'm using Xcode Version 26.0 beta 7 Thanks for your help.

It‘s called Track Configuration API found in the iOS 26.0 Public Beta 5. No explanation anywhere on the web Or release notes, it’s not mentioned anywhere. I‘m very interested in new tracking innovations. And another small thing I‘ve never found out, what is „fingerprint related quirk“ is that an insider joke Or something? I don‘t know it‘s actions. Thank you for answering

Hello all, As you may know, the company ProofPoint is an Apple partner, and is engaged (I think) to reduce misuse of icloud emails. We have two servers solely set up for our web-app, which is a specialised forum for apartment owners. The new servers were established about the same time, with the same provider, with clean new IP addresses - and as mentioned above, are only used for this web-app. During a testing phase a YEAR ago, we became aware that our in-house icloud emails weren't receiving notifications via the app, and further investigations revealed that the cause was that ProofPoint had placed a block on that server's IP. We immediately, via their website form initiated a Support Ticket, which, the site indicated was lodged, BUT we have never received any response to that Ticket, nor have we received any response to four subsequent Tickets we initiated - nothing. In over a year!! Yesterday, we contacted Apple support, but the devices area of support is the main section and they said it wasn't an issue they could assist with. Some relevant matters: SPF: DKIM: DMARC: are, I believe all configured correctly (and Gmail gives a PASS to all of them). The IP is not blacklisted by any list we are aware of. Our other server's IP isn't blocked by ProofPoint. So, literally at wits end, I'm reaching out to the developer subscribers here to see if they have any suggestions for us. We currently are unable to accept any new subscriber that is using an icloud email address, and that's an absurd situation to be in. Surely we don't have to go to the trouble and inconvenience of obtaining a new IP because of this!!! But when we can't get ANY response to the Support Tickets, it's really hard. Thanks

Hi everyone, We’ve recently run into an issue with Apple Pay on the web and would appreciate some clarification. Background: Previously, we integrated Apple Pay without using the Apple Pay JS SDK. We relied on ApplePaySession.canMakePayments() to check availability, and it worked fine. After Apple announced support for browsers beyond Safari, we switched to the Apple Pay JS SDK. According to Apple’s documentation, we should now use applePayCapabilities() for capability checks in third-party browsers. Our current behavior: We implemented applePayCapabilities(). Initially, it was returning either paymentCredentialStatusUnknown or paymentCredentialsUnavailable. Based on those values, we displayed the Apple Pay button. The problem: About a week ago, on the same device/browser, applePayCapabilities() started returning applePayUnsupported. Setup: MacBook Pro 13-inch (M1, 2020), Google Chrome Version 136.0.7103.93. The Apple documentation says: “Don’t show an Apple Pay button or offer Apple Pay” when the result is applePayUnsupported. However, at the same time, canMakePayments() is returning true. This creates a direct conflict between the two recommendations: canMakePayments() → true ⇒ show the button. applePayCapabilities() → applePayUnsupported ⇒ don’t show the button. Question: What’s the correct approach here? Should we prioritize applePayCapabilities() and hide the button, or is it acceptable to continue relying only on canMakePayments() as the source of truth for showing Apple Pay? Any insights from others who’ve run into this contradiction would be very helpful. Thanks in advance!

We are encountering an issue where the Safari extension we are developing stops working while in use on relatively new iOS versions (confirmed on 17.5.1, 17.6.1, and 18). Upon checking the Safari console, the content script is displayed in the extension script, so the background script or Service Worker must be stopping. The time until it stops is about 1 minute on 17.5.1 and about one day on 17.6.1 or 18. When it stops, we would like to find a way to restart the Service Worker from the extension side, but we have not found a method to do so yet. To restart the extension, the user needs to turn off the corresponding extension in the iPhone settings and then turn it back on. As mentioned in the following thread, it is written that the above bug was fixed in 17.6, but we recognize that it has not been fixed. https://forums.developer.apple.com/forums/thread/758346 On 17.5.1, adding the following process to the background script prevents it from stopping for about the same time as on 17.6 and above. // Will be passed into runtime.onConnect for processes that are listening for the connection event const INTERNAL_STAYALIVE_PORT = "port.connect"; // Try wake up every 9S const INTERVAL_WAKE_UP = 9000; // Alive port var alivePort = null; // Call the function at SW(service worker) start StayAlive(); async function StayAlive() { var wakeup = setInterval(() => { if (alivePort == null) { alivePort = browser.runtime.connect({ name: INTERNAL_STAYALIVE_PORT }); alivePort.onDisconnect.addListener((p) => { alivePort = null; }); } if (alivePort) { alivePort.postMessage({ content: "ping" }); } }, INTERVAL_WAKE_UP); } Additionally, we considered methods to revive the Service Worker when it stops, which are listed below. None of the methods listed below resolved the issue. ① Implemented a process to create a connection again if the return value of sendMessage is null. The determination of whether the Service Worker has stopped is made by sending a message from the content script to the background script and checking whether the message return value is null as follows. sendMessageToBackground.js let infoFromBackground = await browser.runtime.sendMessage(sendParam); if (!infoFromBackground) { // If infoFromBackground is null, Service Worker should have stopped. browser.runtime.connect({name: 'reconnect'}); // ← reconnection process // Sending message again infoFromBackground = await browser.runtime.sendMessage(sendParam); } return infoFromBackground.message; Background script browser.runtime.onConnect.addListener((port) => { if (port.name !== 'reconnect') return; port.onMessage.addListener(async (request, sender, sendResponse) => { sendResponse({ response: "response form background", message: "reconnect.", }); }); ② Verified whether the service worker could be restarted by regenerating Background.js and content.js. sendMessageToBackground.js export async function sendMessageToBackground(sendParam) { let infoFromBackground = await browser.runtime.sendMessage(sendParam); if (!infoFromBackground) { executeContentScript(); // ← executeScript infoFromBackground = await browser.runtime.sendMessage(sendParam); } return infoFromBackground.message; } async function executeContentScript() { browser.webNavigation.onDOMContentLoaded.addListener((details) => { browser.scripting.executeScript({ target: { tabId: details.tabId }, files: ["./content.js"] }); }); } However, browser.webNavigation.onDOMContentLoaded.addListener was not executed due to the following error. @webkit-masked-url://hidden/:2:58295 @webkit-masked-url://hidden/:2:58539 @webkit-masked-url://hidden/:2:58539 ③ Verify that ServiceWorker restarts by updating ContentScripts async function updateContentScripts() { try { const scripts = await browser.scripting.getRegisteredContentScripts(); const scriptIds = scripts.map(script => script.id); await browser.scripting.updateContentScripts(scriptIds);//update content } catch (e) { await errorLogger(e.stack); } } However, scripting.getRegisteredContentScripts was not executed due to the same error as in 2. @webkit-masked-url://hidden/:2:58359 @webkit-masked-url://hidden/:2:58456 @webkit-masked-url://hidden/:2:58456 @webkit-masked-url://hidden/:2:58549 @webkit-masked-url://hidden/:2:58549 These are the methods we have considered. If anyone knows a solution, please let us know.

Hi everyone, i'm running into a problem with my personal domain being flagged as 'deceptive website' in safari, and i can't figure out how to fix it Domain: neon0404.space This is just my personal domain - i use it for adguard home, vaultwarden, some test stuff, sometimes small web tools for friends or family Nothing illegal or malicious has ever been hosted there On july 6, i launched a very simple web utility for a friend when he opened it on ios safari, he got the red 'deceptive website warning' I checked this on other different devices - all got the same warning The next day (july 7) i submitted a review request via websitereview.apple.com, but got no reply I did some digging and found that safari safe browsing daemon pulls data from google safe browsing, tencent safe browsing, and some apple's internal lists So, going one-by-one https://transparencyreport.google.com/safe-browsing/search showed up that domain is flagged for something shady Signed up in google search console and saw my domain was flagged for 'malware links' (with no related urls listed), so looked like a false positive I audited everything related to this domain on august 5 - nothing suspicious Next day i requested a review in Google Search Console, just next day Google confirmed that everything is ok and removed the flag So, i thought, maybe this was the key and requested another review via websitereview.apple.com (august 7) No reply, domain still flagged While i was waiting, i checked domain in Tencent (https://urlsec.qq.com/check.html) - no issues Other services like VirusTotal, Norton and Sucuri showed up same result - no issues I attempted to contact regular support (even though it's not their area of responsibility), but just in case They, as expected, couldn't do anything At this point it feels like a dead end, so i'm here Has anyone been through this before? Is there any other way to escalate the review process with apple? Really appreciate any advice, as this domain is personal and linked to my username, which i want to use later

Hi,
 We’re implementing Apple Pay on the Web for a multi-tenant platform via a PSP. The PSP operates multiple HSM/clusters and gave us multiple CSRs, asking us to register all.
Our understanding: a Merchant ID can hold several PPCs over time, but only one is active at once. Questions Is there any supported way to keep more than one PPC active simultaneously for the same Merchant ID? If not, what does Apple recommend for web-only, multi-tenant setups: a single MID with PSP-side decryption & sub-merchant separation, or separate MIDs per brand/region? Any official guidance on PPC rotation and handling many domains for Apple Pay on the Web? links to official docs or prior Apple responses would be appreciated.