When attempting to authorize an Apple Payment on an iOS 18 device using the scannable code in a non-Safari browser (i.e. Chrome), the payment sheet displays briefly, then dismisses. This same exact implementation of Apple Pay on the Web works flawlessly in Safari, so this feels like a bug given that the merchant session works fine in Safari. The following errors were found in my iOS device logs: (PassbookUIService) Codable: Failed to decode Merchant Session Created: Error Domain=NSCocoaErrorDomain Code=4864 UserInfo={NSDebugDescription=<private>, NSCodingPath=<private>} (PassbookUIService) Session 29592: Fatal Error: Failed to decode merchant session created`

Hi, we have PWA for which we´ve built a wrapper using PWA Builder tool and we are experiencing an issue with apple sign in. When we try to redirect the user to "https://appleid.apple.com/auth/authorize?...params...", a bottom sheet login prompt appears and only once the user signs in using the prompt he is then redirected to the url where he needs to sign in again and then we get the callback. We want to get rid of that bottom sheet prompt. The code we´ve tried: ` iosButton.addEventListener('click', function () { window.location.href = "https://appleid.apple.com/auth/authorize?client_id=xxxxx&redirect_uri=xxxxx&response_type=code%20id_token&scope=name%20email&response_mode=form_post"; });` The alternative code we´ve tried for which it seems that nothing happens, we only see the "Started" alert, we´ve confirmed that there is no other error : ` <script src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"></script> <script> (function initAppleSignIn() { try { window.AppleID.auth.init({ clientId: "{{ env('APPLE_WEB_CLIENT_ID') }}", scope: "name email", redirectURI: window.location.origin +"/auth/apple/callback", usePopup: true }); } catch (e) { console.warn('Apple Sign-In init skipped:', e); } })(); function appleButtonClicked() { alert("Started"); try { const res = await window.AppleID.auth.signIn(); } catch (err) { alert("Got error"); } alert("Got here"); } </script>

DNR rules redirecting to an extension path lead to an error page: “Safari can’t open the page. The error is: “The operation couldn’t be completed. (NSURLErrorDomain error -1008.)” (NSURLErrorDomain:-1,008).” Here is a demo extension that replicates the bug: https://github.com/lenacohen/Safari-Test-Extensions/tree/main/dnr-extension-path-redirect This is an example of a redirect rule that leads to an error page instead of the extension path page: chrome.declarativeNetRequest.updateDynamicRules({addRules: [ { id: 2, priority: 1, action: { type: "redirect", redirect: { extensionPath: "/web_accessible_resources/test_redirect.html" } }, condition: { urlFilter: "||washingtonpost.com^", resourceTypes: [ "main_frame" ] } } ]}); The extension path is included in web_accessible_resources in the extension manifest: "web_accessible_resources": [{ "resources": [ "web_accessible_resources/test_redirect.html" ], I also submitted a bug report on Apple's Feedback Assistant: FB16607632

PLATFORM AND VERSION iOS Development environment: Xcode 16.2, macOS 15.3.2 Run-time configuration: iOS 15-18 This happens in iOS, and leads to to the hybrid home page showing users as wrongly unauthenticated, since the at cookie is missing. For context, we have a JWT token that is stored in the Keychain, and on app launch, before any WKWebViews are created, we synchronize this to the WKWebsiteDataStore as an at cookie. We have analytics instrumentation on our websitef to show that WKWebView randomly refuses to send out any cookies. – The following is a snippet from an explanation to the WebKit Slack: We are having an issue on iOS, in which WKWebView loads pages (and even subsequent reloads) without any cookies, even though we have stored cookies in WKWebsiteDataStore.default() before hand right after application launch and becoming a key window. We reference this object, store it as a singleton, (as well as a process pool), and then all webview configurations are initialized with the same data store, the same process pool, every call on the main thread. From reading the source code, it seems that if the internal IPC logic fails, the APIs for deleting and setting data records and cookies fail without any feedback in completion handlers. This bug often happens when returning from the background on iOS after a few hours. Sometimes it happens on cold launches of the app. We have mitigated a similar issue (no cookies being sent) by implementing webViewWebContentProcessDidTerminate and reloading the webview ourselves, we found that whatever webview does to reload if that method is not implemented leads to cookies not being used. There have been multiple reports of WKWebView losing cookies in recent iOS versions, and we have tried to implement all of the workarounds listed. Setting a maximumAge to the cookies we store, and doing a _ = await websiteDataStore.dataRecords(ofTypes: Set([WKWebsiteDataTypeCookies])) before accessing or modifying websiteDataStore.httpCookieStore Question: is it safe to work with WKWebsiteDataStore before a WKWebView is added as a view, if so are there any timing considerations? Are there any logs that we can take a look at, this issue is very hard to reproduce, about 2% of our users face it at scale? Is there anything that could be happening within our process (runloop issues, timing) that could be causing this issue? See multiple reports from other companies that have faced the issue: "Now the Thermonuclear Problem with WKWebViewDataStorage" https://medium.com/axel-springer-tech/synchronization-of-native-and-webview-sessions-with-ios-9fe2199b44c9 STEPS TO REPRODUCE They don't exist, because the issue only happens at scale. We just know that no cookies are sent for a small percentage of requests. We believe this to be an issue in which Webkit fails to communicate internally with whatever IPC mechanisms it has. We have not been able to reproduce this issue consistently. The best we can give is that it happens after a few hours that the app is in the background. This happens regardless of whether the WKWebsiteDataStore is persistent or not, but seems to be much worse when it is persistent. Thus we have disabled persistnet data stores and relied on nonPersistent. The issue is bad enough that we are trying to move away from relying on cookies for iOS and just use request headers which we can only set on the top level request of WKWebView. DTS Case-ID: 13154329

Hello - we have a Mac application that uses a browser extension and the web extension JS APIs to communicate with Safari. During user testing we found that the tab title and tab URL properties are empty when obtaining the set of open windows via windows.get() after a Safari restart. We are testing with Safari 18.4 (20621.1.15.11.10). We have made a TestFlight version of our app and extension available to help with testing: https://testflight.apple.com/join/Va8Zdv9d. Screenshot and screen recording are attached to the Feedback ID supplied below. STEPS TO REPRODUCE Install Tabby via the TestFlight link Enable the Tabby for Safari extension in the Safari extensions dialog Grant permissions for Tabby for Safari to all windows all the time Within Safari, open two windows each with at least two tabs Within the Tabby app, ensure you see the windows and tabs listed correctly (tab title displayed for each) Quit and restart Safari Expected behavior Safari re-opens existing windows and Tabby displays title for each tab Observed Safari re-opens existing windows but within Tabby all tabs except the current tab are displayed with a title of “Start Page”. Under the hood the tab title and tab URL properties are empty when returned via a windows.get() call after Safari restarts. NAME AND APPLE ID OF APP Tabby - Browser Tab Manager 1586203406 FEEDBACK ASSISTANT ID FB16389506

I want to print the content of a WKWebView. I've done some searching, and many people have struggled with this over the years. Some claimed success, but their solutions don't work for me. One person created images for each pages and printed that, but then if you were to print to PDF, you'd get a PDF containing images rather than text. If I just call the printView(_:)) method of the view, I get blank pages. With the following more elaborate code, I get a partial printout, 11 out of what should be about 13 pages. let info = NSPrintInfo.shared info.topMargin = 72.0; info.bottomMargin = 72.0; info.leftMargin = 72.0; info.rightMargin = 72.0; info.isVerticallyCentered = false; info.isHorizontallyCentered = false; info.horizontalPagination = .fit; info.verticalPagination = .automatic; let printOp = webView!.printOperation( with: info ) printOp.canSpawnSeparateThread = true printOp.view?.frame = NSMakeRect( 0, 0, info.paperSize.width, info.paperSize.height ) printOp.runModal(for: webView.window!, delegate: self, didRun: nil, contextInfo: nil ) When I run the above under the debugger, I see console messages saying CGContextClipToRect: invalid context 0x0. Once the print dialog appears, if I touch (but not change) the selected printer, then the page count changes to the correct value.

I have a very specific issue that happens only on iOS Simulator version 18.4. It does NOT happen when I run my app on a real iOS 18.4 device through Testflight. My app displays a WebView (courtesy of Capacitor, url scheme capacitor://). Inside that Webview I'm using Firebase JS API (11.2.0) and calling signInWithEmailAndPassword, which works well in all other contexts, i.e. browser, Android webview, iOS webview in all other Simulator versions, and on real devices. Only when running in Simulator 18.4, I get a failed network request: cannot parse response Fetch API cannot load https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?... due to access control checks. Failed to load resource: cannot parse reponse error: FirebaseError: (auth/network-request-failed) Everything is working correctly for both: Capacitor app webview installed on a real 18.4 device with Testflight Safari (non-webview) in the 18.4 Simulator The issue is severe for us, because we are unable to develop our app and test it in the simulator on 18.4 Simulator before pushing it through Testflight internal release. Request headers on the failed request (no response status or headers available). Request Accept: / Content-Type: application/json Origin: capacitor://localhost Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) - AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 X-Client-Version: Mobile/JsCore/11.2.0/FirebaseCore-web X-Firebase-Client: (...)

"The Safari web extension packager enables you to package and distribute your Safari extensions using App Store Connect from any web browser, without requiring a Mac or access to Xcode." I upload the unzipped folder I'd test in Chrome://extensions to the Safari web extension packager in App store connect. I get error: Embedded binary's bundle identifier is not prefixed with the parent app's bundle identifier. The only solution i've seen to this error involves xcode/a mac, being without which doesn't help

We encountered an issue with universal links where the link failed to open the iOS application from Safari when triggered by an javascript outside a click event. However, when we modified the code to open the link directly via a user click, the application launched as expected. Based on our testing, this issue seems to occur only when there is information for the application cached in Safari (i.e. IDP page cached, redirects to our app, javascript based universal link navigation fails). Here is a code example of what caused the universal link failure: const openUniversalLink = () => { buttonClicked = True } useEffect(()=> { if (buttonClicked) { window.location.href = universal_link } } <Button onClick={openUniversalLink} /> Here is a code example of what caused our universal links to open successfully: const openUniversalLink = () => { window.location.href = universal_link } <Button onClick={openUniversalLink} /> Are there defined practices of when we are able to open universal links triggered by javascript vs when they must be opened directly through user action?

Hi Apple Team, We’ve noticed a couple of issues with launching default App Clip in safari and would appreciate your guidance. App Clip Popup Timing: When launching the App Clip using default URL, we sometimes see the small App Clip popup appear before the App Clip banner is displayed. Ideally, the banner should appear first. Cached URL Handling: In certain cases, the App Clip appears to be using a cached URL instead of the most recent one. For example, when we invoke two different App Clip URLs with unique parameters, the App Clip sometimes launches using the previous URL’s data instead of the new one. This behavior is inconsistent and makes it difficult to ensure users are directed to the correct experience each time. Could you please help us understand whether this is expected behavior or if there are any known issues or recommended solutions? Thank you for your time and support. Example

We have a JavaScript api that queries our Secure Browser to get the network information – signal strength, network name, plugged in/wifi. Everything worked fine through the Tahoe betas, still does. Now we are getting on the network name and this is breaking our UI. Was this an intentional change or a bug? The other two properties still appear to be working. And it works in all lower MacOS versions. We are currently obtaining it through AppleScript try   set ssid to do shell script "system_profiler SPAirPortDataType | awk '/Current Network Information:/ {getline; sub(/^ +/, ""); sub(/:$/, ""); print}'"   if ssid is equal to "" then     return "Not connected to any Wi-Fi network."   else     return ssid   end if on error errMsg   return "Error: " & errMsg end try

We’re seeing an issue in our Safari Web Extension where not all cookies from the Set-Cookie response header are accessible. We are using macOS 15.4 and Safari 18.4. In the webRequest.onHeadersReceived callback, the Set-Cookie header returned by Safari only includes some of the cookies set by the server. If multiple Set-Cookie headers are present, we seem to receive only a partial list, some cookies are missing entirely. In Chrome and Firefox, the same callback provides all cookies set by the server without issue. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

Problem As the title says, Safari lost all my tabs once I updated to macOS 15.4. I do of course have "Safari opens with: All windows from last session" set. This has been my default for many years. Past Mitigation In the past I had a script that I could use to backup ~/Library/Safari that would save all my bookmarks and tabs. Unfortunately they made this method of backup non-function sometime around when tab groups were introduced. Suggestion Fortunately my tab groups are still intact. But this sort of problem doesn't give me a lot of confidence. I haven't had something like this happen in a while, but when it does happen, it's quite frustrating. Apple really needs to recognize that this sort of thing can and will happen and they should make it easier for users to manually save/restore their tabs. Problem with forums To add insult to injury, as I was typing this message in the forum, I decided to select "Edit Bookmarks"... which proceeded to replace the current window with my bookmarks, thereby losing my post! It did this without warning of page content changes (which I get from most other websites). I felt somewhat relieved that the forum had recognized a previous draft and offered for me to continue. However, when I selected it, it brought me back to an old post... that was actually posted! smh

The app I work on uses WKWebView to render customer data. In iPadOS 26, we observe that there is a delay when resizing the window (and thus the web view) before the content is re-rendered. The same behavior is visible in Safari. For demonstration purposes, consider this test page: https://phet-dev.colorado.edu/html/build-an-atom/0.0.0-3/simple-text-only-test-page.html Initially, the window is small: Then when the window is expanded, the content scales up temporarily: It eventually re-renders to the correct size, but then if you make the window small again, you get (temporarily): Is there anyway around this behavior? We would love to have the content reflow interactively.

Summary Recently a number of bugs affecting our Safari extension have been introduced with various Safari 18.X updates. We've submitted feedback for all of these, but most have received no response. We need to raise this to your attention as it has been affecting our developer experience and causing a lot of frustration for our users. It's something that adds a lot of uncertainty for us. These issues affect core web functionalities but seem to be isolated to the Start Page or Extension environments. For example: using window.open, no longer works using window.location.href = ... no longer works Including a tag in our start page causes infinite reloading to occur. registering a content script more than once will crash Safari Details Unable to open new window as as start page extension in Safari 18 FB15879470 What happens: Calling window.open does nothing. This broke our links to our feedback submission, marketing site & help site. When: Nov 18, 2024 - Initial launch of Safari 18 on macOS Status: Open, No response Unable to open app url scheme with window.location.href in start page extension in iOS 18 FB15879596 What happens: Changing the URL in this way does nothing (well actually it does work about 10% of the time). This broke our navigation to in app payment. When: Nov 18, 2024 - Initial launch of Safari 18 on iOS Status: Open, No response New tab extensions broken FB16126043 What happens: Having a tag in your causes an infinite loop of reloading the start page. This broke our entire start page extension. When: Dec 19, 2024 - Safari 18.3 on iOS beta Status: 10 similar tickets found, marked for future OS update. We did get a response and a fix is identified for a future release window.open opens “about:blank” when called from Start Page extension. FB16427985 What happens: calling window.open from the start page opens about blank on iOS 18.3. Similar to the first issue, but slightly different behaviour. This broke our links to our feedback submission, marketing site & help site. When: Jan 30, 2025 - Safari 18.3 Status: Open, No response Registering a content script more than once causes Safari to crash in macOS 15.4 beta FB16831768 What happens: We have an optional content script that we were registering every time it was used. Although somewhat redundant, it was much simpler than checking if one was already registered and tracking if an updated one needed to replace it. This works fine on all other browsers and all prior Safari versions we've released it on. However if a user enables site blocker on the latest version, as soon as they visit any website, our content script registration causes Safari to crash. Essentially preventing users from using Safari until they uninstall our extension. When: Mar 11, 2025 - Safari 18.4 Status: Open, No response In Conclusion Luckily we have been able to isolate and find workarounds for most of these issues so far, but we are not guaranteed to in the future. We are raising this not only to have these issues looked into, but to raise awareness of the rising trend of basic functionality of Safari extensions breaking with Safari updates. We hope that this can influence a shift in your QA & feedback intake practices to ensure these issues are less frequent in the future. We are happy to raise future issues through your provided channels as they are discovered. But to have our feedback ignored and then have to rely solely on workarounds to prevent disruptions to our users' experience is concerning. We submitted this feedback to our developer relations contact, and he suggested we submit a TSI to look into these issues. In response to this, we were advised to post this here.

Hi, in our app we have a WKWebView with complex web content that is loaded with cachePolicy: .reloadIgnoringLocalCacheData. If the app is in the background for several hours and returns in the foreground we noticed that the system reloads the webpage, but it does so with a cachePoliy returnCacheDataElseLoad. This could break the app if older cache content is present. To reproduce start an app in the simulator (tested with iOS 17.2), put it in the background and via activity monitor stop the processes com.apple.Webkit.WebContent com.apple.Webkit.networking After foreground the reload will happen. Two questions: why is this reload happening after some hours in the background? We haven't seen any crash reports related to this. It mostly happens on one of our test devices (iphone13 with iOS17.2.1). why is the webview reloading with a modified cachePolicy (returnCacheDataElseLoad)? Our temporary fix is to detect this case in "webView:decidePolicyFor navigationAction decisionHandler", cancel the request and reload with modified cachePolicy. Any ideas? Thanks, Heiko Sample code: class ViewController: UIViewController, WKNavigationDelegate, WKUIDelegate { var webView: WKWebView! override func viewDidLoad() { super.viewDidLoad() let config = WKWebViewConfiguration() webView = WKWebView(frame: .zero, configuration: config) webView.uiDelegate = self webView.navigationDelegate = self view.addSubview(webView) let myRequest = URLRequest(url: URL(string: "https://www.apple.com")!, cachePolicy: .reloadIgnoringLocalCacheData) print("request \(myRequest)") webView.load(myRequest) } func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) { print("start loading \(String(describing: navigationAction.request.url)), cache:\(navigationAction.request.cachePolicy)") decisionHandler(.allow) } override func viewDidLayoutSubviews() { super.viewDidLayoutSubviews() let fullscreen = CGRect.init(x: 0, y: 0, width: view.frame.size.width, height: view.frame.size.height) webView.frame = fullscreen } }

I would like to know if there is a way to disable Smart Punctuation from the webpage rather than requiring the user to do so from the settings. Adding a "inputmode=verbatim" attribute to the input HTML tags for my webpage did that for all the web browsers I tested on Windows, Ubuntu, Android, and MacOS. I tested Chrome and Firefox on all platforms, as well as Edge on Windows and Safari on Mac and iOS. So far the only time it did not disable Smart Punctuation was on Safari on iOS, but it did on MacOS.

Hi, We are facing a major issue with our application. We are using FolioReaderkit to read epub files. Currently, it's working on the iOS 18.1 device and simulator, but it's not working on the iOS 18.2 and later version devices. we are facing this error in Folioreaderkit

Our current iOS application utilizes WKWebView to display a web application. We've observed intermittent deletion of non-expired 1st-party persistent cookies within this web application, leading to session drops. Here are our environment details and specific questions: Environment: App Build: Built with Xcode 16.2. WebView Class: WKWebView. Cookie Type: 1st-Party Persistent Cookie (Explicit expiration set, not a session cookie). Domain Configuration: The content server and the cookie-issuing server are the same (same IP address, same eTLD+1). The Cookie is set via the Set-Cookie HTTP Header on the server side. Questions: Automatic Deletion Policy: Are there any scenarios (e.g., related to iOS system behavior, Safari policies, or Intelligent Tracking Prevention (ITP)) where iOS or Safari might automatically delete non-expired 1st-party persistent cookies used by WKWebView? Deletion Conditions: If the answer to Q1 is Yes, under what specific conditions (e.g., memory pressure, inactivity, storage limits, specific ITP criteria) does this cookie deletion occur, and does the behavior differ significantly across various iOS versions? OS Update Impact: Are there any known specifications or documented cases where an iOS version update itself triggers the mass deletion of existing cookies stored in the WKWebsiteDataStore? Mitigation Strategy: If this automatic deletion is a known behavior, what mitigation strategies are officially recommended to ensure the persistence of essential 1st-party authentication cookies (e.g., manual synchronization with WKHTTPCookieStore or Keychain/UserDefaults)? Official Documentation: If the answer to Q1 is Yes, please provide URLs to any official Apple documentation or technical notes that detail the specifications or behavior of 1st-party persistent cookie deletion within WKWebView.

We’ve noticed that the ApplePaySession.applePayCapabilities() check has stopped working correctly in Safari over the past couple of days. Behavior observed: 1.) In Safari Private Window, paymentCredentialStatus behaves as expected and case 1 is triggered. 2.) In a normal Safari window, it always triggers case 3 (paymentCredentialsUnavailable), even when the user has active cards provisioned in Wallet. We tested across multiple devices, and the behavior is consistent. if (window.ApplePaySession) { var merchantIdentifier = 'YOUR MERCHANT IDENTIFIER'; var promise = ApplePaySession.applePayCapabilities(merchantIdentifier); promise.then(function(capabilities) { switch (capabilities.paymentCredentialStatus) { case "paymentCredentialsAvailable": // Show Apple Pay button as primary option case "paymentCredentialStatusUnknown": // Offer Apple Pay case "paymentCredentialsUnavailable": // Consider showing Apple Pay button case "applePayUnsupported": // Don’t show Apple Pay button } }) } This used to work fine until a few days ago, but now the capability check in non-private Safari windows always indicates unavailable, even with valid active cards. Has anyone else faced this issue recently? Could this be a Safari regression or a change on Apple’s side? Thanks in advance!