I am working in React Native and trying to use Deeplink. When app is installed code is working fine but when app is not installed not redirecting to App Store in Safari instead of that in Chrome that is working fine
in safari when i click i got this error message
"safari cannot open the page because the address is invalid"
this is my apple-app-site-association file code
{
"applinks": {
"apps": [],
"details": [
{
"appID": "CS666P223.com.seecard",
"paths": [
"",
"/recover/",
"/settings/*"
]
}
]
} ,
"webcredentials": {
"apps": [ "CS666P223.com.seecard" ]
}
}
and this is my code in next
"use client"
export default function Home() {
// Helper function for device detection
// const isiOS = () => /iPhone|iPad|iPod/i.test(navigator.userAgent);
const isAndroid = () => /Android/i.test(navigator.userAgent);
const isiOS = () => {
const userAgent = navigator.userAgent || navigator.vendor;
return (
/iPhone|iPad|iPod/.test(userAgent) ||
(navigator.platform === "MacIntel" && navigator.maxTouchPoints > 1)
);
};
const openAndSaveCard = () => {
try {
// let fallbackLink = '';
if (isiOS() || isAndroid()) {
const card_id = "3434bee9675ee44b3dc65";
const card_owner_id = "34349675ee44b3dc43";
const card_for_saved = {
"cardId": card_id,
"ownerId": card_owner_id
};
console.log("=-=-card_for_saved",card_for_saved)
const encodedData = encodeURIComponent(JSON.stringify(card_for_saved));
window.location.href = `saveseecard://open?id=${encodedData}`;
const androidAppStoreLink = 'https://play.google.com/store/apps/details?id=com.seecard';
const iosAppStoreLink = 'https://apps.apple.com/np/app/seecard/id6502513661';
fallbackLink = isAndroid() ? androidAppStoreLink : iosAppStoreLink;
const timeout = setTimeout(function () {
if (document.hasFocus()) {
window.location.href = fallbackLink;
}
}, 2000);
window.addEventListener('blur', () => {
clearTimeout(timeout);;
});
} else {
alert("Your device doesn't support deep linking for this app.");
}
} catch (e) {
console.log("Error:", e);
}
};
return (
<div className="cIcon ml-10 purpleBg"
// onClick={() => { openAndSaveCard() }}
onClick={openAndSaveCard}
>
<p className="container-text">Save Card</p>
</div>
</main>
</div>
);
}
General
RSS for tagExplore the integration of web technologies within your app. Discuss building web-based apps, leveraging Safari functionalities, and integrating with web services.
Post
Replies
Boosts
Views
Activity
DNR rules redirecting to an extension path lead to an error page: “Safari can’t open the page. The error is: “The operation couldn’t be completed. (NSURLErrorDomain error -1008.)” (NSURLErrorDomain:-1,008).”
Here is a demo extension that replicates the bug: https://github.com/lenacohen/Safari-Test-Extensions/tree/main/dnr-extension-path-redirect
This is an example of a redirect rule that leads to an error page instead of the extension path page:
chrome.declarativeNetRequest.updateDynamicRules({addRules: [
{
id: 2,
priority: 1,
action: {
type: "redirect",
redirect: {
extensionPath: "/web_accessible_resources/test_redirect.html"
}
},
condition: {
urlFilter: "||washingtonpost.com^",
resourceTypes: [
"main_frame"
]
}
}
]});
The extension path is included in web_accessible_resources in the extension manifest:
"web_accessible_resources": [{
"resources": [
"web_accessible_resources/test_redirect.html"
],
I also submitted a bug report on Apple's Feedback Assistant: FB16607632
Animated AVIFs don't work properly on Safari, with inconsistent behavior across iPhone models.
On iPhone 14 Pro (A16, iOS 18.3.1), playback works fine, but on iPhone 15 (A16, iOS 18.3.1), it shows as a still image.
iPhone 16 Pro (A18, iOS 18.4 beta) plays correctly, and M1 Pro MacBook handles it well too.
Oddly, Xcode simulator (M1 Pro) only plays a specific file on iPhone 14 Pro. Is this tied to AV1 decoding differences (hardware vs. software) or a WebKit rendering issue? Any insights or documentation would help!
Note: The tested images are commercial files, so I can’t attach them here, but I’m happy to share those upon request.
In a project to create a web extension for Safari, using scripting.registerContentScript() API to inject a bunch of scripts into web pages, I needed to manage a dynamic whitelist (i.e., web pages where the scripts should not be injected).
Fortunately, scripting.registerContentScripts() gives you the option of defining a list of web pages to be considered as a whitelist, using the excludeMatches parameter in the directive, to represent an array of pages where the script should not be injected.
Here just a sample of what I mean:
const matches = ['*://*/*'];
const excludeMatches = ['*://*.example.com/*'];
const directive = {
id: 'injected-jstest',
js: ['injectedscript.js'],
matches: matches,
excludeMatches: excludeMatches,
persistAcrossSessions: false,
runAt: 'document_start'
};
await browser.scripting.registerContentScripts([directive])
.catch(reason => { console.log("[SW] >>> inject script error:",reason); });
Of course, the whitelist (the excludeMatches array) is not static, but varies over time according to the needs of the moment.
Everything works perfectly in Chromium browsers (Chrome, Edge, ...) and Firefox, but fails miserably in Safari. In fact, Safari seems to completely ignore the excludeMatches parameter and injects the script even where it should not.
Has anyone had the same problem and solved it somehow?
NOTE : To test the correctness and capabilities of the API in each browser, I created a simple repository on Github with the extension code for Chromium, Firefox and Safari (XCode project).
I want to write an app, that lets users restore all oben windows and tabs from any given point in a TimeMachine backup. The store location seems to have changed. In earlier versions it was possible to restore the open windows and tabs by retrieving
/Users/[UserName]/Library/Containers/com.apple.Safari/Data/Library/Safari/SafariTabs.db
…/SafariTabs.db-shm
…/SafariTabs.db-wal
As of 18.3 this doesn’t work any more, even though these files get updated with the use of Safari
What else would I need to retrieve from a back up disk?
Thank you very much for any hints!
TLDR: I’m searching for a possibility to allow the usage of passkeys and hardware keys for any website in a wkwebview
INFO: The browser is macOS ONLY
Hi, I couldn’t really find documentation or forums posts on how to implement Webauthn for signin or hardware security keys for a second factor. Or rather where those events are triggered to be handled. In Safari you have that popover, that lets you either authenticate through Passwords or with a security key.
When I visit webauthn.io for testing and click either register or authenticate I get
Told not to present authorization sheet: Error Domain=com.apple.AuthenticationServicesCore.AuthorizationError Code=1 "(null)"
ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)"
If I add
func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping @MainActor (URLSession.AuthChallengeDisposition, URLCredential?) -> Void)
and
func webView(_ webView: WKWebView, authenticationChallenge challenge: URLAuthenticationChallenge, shouldAllowDeprecatedTLS decisionHandler: @escaping @MainActor (Bool) -> Void)
it doesn’t seem to change anything.
I found something about the ASWebAuthenticationSessionWebBrowserSupported entitlement, but by my understanding this is used so a browser can get opened upon some other app calling a ASWebAuthenticationSession.
Has anyone some guidance for me? I feel like webauthn and yubikey support are important security measures for our users.
https://codeberg.org/miakoring/Amethyst/src/branch/main/Amethyst/Shared/ViewComponents/WebKit/WebViewModel.swift
is the code for my webviewmodel.
Delegates are in the Delecate folder https://codeberg.org/miakoring/Amethyst/src/branch/main/Amethyst/Shared/ViewComponents/WebKit
This is a rare occurrence on our site, having only detected 4 instances of it over the past few weeks, where 10s of thousands of transactions have occurred successfully.
We only call the following PaymentRequest API onClick from the <apple-pay-button>:
async function startApplePay(merchantIdentifier, amount) {
...
try {
const request = new PaymentRequest([ applePayMethod ], paymentDetails);
...
catch (e) {
// cancel, just stay here
if (e.name === "AbortError") {
if (consoleLog) console.log("Payment canceled", e);
logServer("INFO", "Payment canceled");
}
else {
handleError("Error caught: " + e.name + ", " + e.cause + ", " + e.message);
}
}
Where the "handleError" else case is what gets triggered:
Error caught: SecurityError, undefined, show() must be triggered by user activation.
All 4 instances have been from iPads, but with that small of a sample size, we can't tell whether that's relevant or coincidence. Different iOS versions, but looks like same Safari version.
Here are the 4 User Agents we've seen thus far:
Mozilla/5.0 (iPad; CPU OS 18_2_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/352.0.715618234 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 17_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/352.0.715618234 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 18_3_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/133.0.6943.33 Mobile/15E148 Safari/604.1
Mozilla/5.0 (iPad; CPU OS 18_2_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/133.0.6943.33 Mobile/15E148 Safari/604.1
<script src="https://js.braintreegateway.com/web/3.92.0/js/client.min.js"></script>
We are testing our safari web extension (https://apps.apple.com/us/app/whatfix-for-jnj-centris/id6723895659) on an iPad 7th Gen (iPadOS v - 17.4.1)
I am sharing a video link where you can see the widget (named Self Help) appears on the application. However after a couple of refreshes, it vanishes. This widget is powered by the extension.
We tried connecting the iPad to Mac and opened the webinspector. The extension content script sends a message to the service worker and it is expected to send back a response which it is not doing
We believe it is related to an issue that has been highlighted multiple times in the developer forum -
https://developer.apple.com/forums/thread/758346
We have tried using several workaorunds as suggested by peer developers in the thread but we are unable to revive the service worker once it is killed.
We would like to understand from you, how to recover from this issue. Is there any workaround that we can apply to make sure that extension works fine?
It would be immensely helpful if we can get on a call to explain the issue further
Video Link: https://www.icloud.com/iclouddrive/0a7NR7BzDQHHU8zCHERuySBMw#RPReplay%5FFinal1740034010
I have a Safari App Extension which allows users to switch between last open tabs with a shortcut option+tab in the same way it's possible to switch between last open apps with command+tab.
Here is how i do it:
I inject a content script on all websites which has the only thing – key listener for option+tab presses.
When a user presses option+tab, that keyboard listener detects it and sends a message to the Safari Handler.
Then Safari Handler sends a message to the containing app and it shows a panel with last open tabs.
This approach has a problem: it shows a message to a user in settings: "Can read sensitive info from web pages, including passwords..."
Which is bad, because in reality i don't read passwords.
If i remove SFSafariContentScript key in the Safari App Extension target's Info.plist, then this message about reading sensitive data disappears, but then i loose the ability to open the tabs panel.
How can I open my app window with a shortcut without frightening a user?
It's possible to listen to global key presses, but that would require a user to grant the app permissions of Accessibility (Privacy & Security) in macOS system settings, which also sounds shady.
I know an app which does not require an Accessibility permission: https://apps.apple.com/ua/app/tabback-lite/id6469582909 and at the same time it does not tell a user about reading sensitive data in the extension settings.
Here is my app: https://apps.apple.com/ua/app/tab-finder/id6741719894 It's open-source: https://github.com/kopyl/safari-tab-switcher
Failed to verify your identity. Try again.
Recently we started noticing in Safari v18.2 browser an unexpected useragent set for https://www.espn.com pages like -
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36" (recognized as Chrome by most UA detection logic) and breaks our video playback in some scenarios.
When digging into this we came across site specific quirks and the "Disable site-specific hacks" setting which fixed the playback functionality and set a more expected UA - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.2 Safari/605.1.15".
Is the unexpected UA being set somewhere in Safari/Webkit? Can this be removed so site functionality works without needing to find the "Disable site-specific hacks" setting?
Hi,
I'm developing an extension and I need to debug console logs that are logged in the Service Worker. The worker is configured in the manifest and is generally working as expected:
However, when I open the browser, go to any site, and open Develop -> Service Workers or Develop -> Web Extension Background Content it is not visible there, so I can't really access the logs:
But then I noticed that if I go out of focus from the browser for some time (and probably let the SW die), it becomes visible and I can open it without an issue:
So, a couple of questions:
Why isn't it instantly accessible? The extension Service Worker dev tools should be accessible regardless of what is happening to the tab or the browser, even if the SW terminates.
Why does it eventually appear under Web Extension Background Content instead of the Service Workers when it is in fact an SW?
I am using GTM in my project, and the OneTrust cookie consent script is loading in GTM. After ruling out iOS 18.3.1, I am unable to click on the OneTrust preference center since the GTM script is not loading.
This issue i faced for safari browser
A DNR rule with lower priority is being applied before a DNR rule of higher priority on Safari. Specifically, a low-priority DNR block rule that matches a request is being applied before a high-priority DNR redirect rule that matches the same request, preventing the redirect from occurring. The only way to get the high-priority redirect rule to occur is to remove the DNR block rule. This does not occur on other browsers.
I have already submitted a Feedback Assistant report about this bug: FB16535579
How to reproduce:
Create/install a web extension on Safari with the declarativeNetRequest and declarativeNetRequestWithHostAccess permissions
Open the Web Extension Background Content console and add a redirect rule with a high priority number. For example:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
{id: 5000, condition: {urlFilter: "||www.google-analytics.com*/ga.js", resourceTypes: ["script"], domainType: "thirdParty"}, priority: 80, action: {type: "redirect", redirect: {url: “http://www.apple.com/”}}}
]})
Add a block rule of lower priority for the same urlFilter:
await chrome.declarativeNetRequest.updateDynamicRules({addRules: [
{id: 5001, condition: {urlFilter: "||www.google-analytics.com^", domainType: "thirdParty"}, priority: 1, action: {type: "block"}}
]})
Visit https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html
Check the network tab and see that neither a request to Google Analytics nor apple.com appear. This means that the request to Google Analytics was blocked instead of being / before being redirected
Remove the block rule:
await chrome.declarativeNetRequest.updateDynamicRules({removeRuleIds: [5001]})
Reload https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html.
Check the network tab and confirm that there is a request to apple.com, showing that the redirect rule is only applied if the lower-priority block rule is removed. The priority of the DNR rules should handle this without having to remove a DNR rule.
I have confirmed that the incorrect application of DNR rule priority happens on other top level domains, with other urlFilters, and with other redirect URLs. I confirmed that this is happening while I’ve granted my extension permissions on all websites.
I am posting here because we have an urgent issue affecting the operation of our service and are in need of a solution after our own analysis has come up with few answers.
Beginning in iOS 18.2.x, we experienced exactly the same issue as the author of this thread, as we are also operating a service that allows for device certificate login for users configured to require one:
https://developer.apple.com/forums/thread/767374
The author seems to have resolved the issue but the fix mentioned in the thread did not resolve our problem for iOS devices with iOS 18.2.x installed and the contents of that private support ticket are, of course, not visible to us. Furthermore, we have a different issue that surfaced with the release of iOS 18.3.x.
Namely, the issue in iOS 18.3.x is more severe than the one in iOS 18.2.x, in that instead of simply taking a long time for the certificate/identity selection dialog to appear, it simply fails immediately and is returning a “no certificate selected” response to our server.
One thing to note here is that, curiously, if we wait for several seconds (about 10-15 seconds) this behavior is not replicated. So, it seems there is potentially something going in the background, and the certificate selection process will only occur successfully like before if we wait. This is a very unideal workaround.
After entering user credentials, we have the user navigate to a dedicated certificate authentication page. On the BIG IP side, upon users visiting this page, we have it configured to apply an SSL profile that contains appropriate CAs for the given user, and then requests to the browser that a new connection requiring a certificate be made.
We are investigating this by checking logs in in a variety of places:
We can verify in BigIP logs that a response is being returned to the server without a certificate included. For the sake of our application, this is handled as a “user did not select a certificate” event, and thus the attempted login is failed. Using the MacOS “Console” application, we are able to see the following logs from the “trustd” process of the target iOS 18.3.x device:
Failure case:
debug 11:19:49.648581+0900 trustd XPC [com.apple.WebKit[1034]/1#25 LF=0] operation: trust_evaluate (8)
debug 11:19:49.648766+0900 trustd complex trust settings anchor
Successful case (after waiting 10-15 seconds after initial login page load/before moving to certificate page):
debug 11:26:02.803153+0900 trustd XPC [MobileSafari[1031]/1#169 LF=0] operation: trust_evaluate (8)
debug 11:26:02.804219+0900 trustd non ev score: 121 <private>
There appears to be no attempt by MobileSafari to initiate the display of a certificate selection window in the failure cases. The iOS device is swift to return a response with no certificate selected to Big IP, and the result of “no certificate selected” is thus propagated through Big IP and ultimately to our web service.
Does anyone have any advice or information on the following?
Recommended tools to gather more data that may be pertinent.
Any ideas on changes in iOS 18.2.x+ that could have resulted in the behavior changing as described above?
If more information is necessary, I will do my best to supply it. Thank you in advance!
We are currently running a lightweight server within our iOS mobile app to pass a unique device ID via localhost for device-based restrictions. The setup works by binding a user's email to their device ID upon login, and later, when they attempt to log in via a browser, we retrieve this ID by making a request to http://localhost:8086/device-info.
However, we're encountering an issue when making this request. Here’s the error message:
Error fetching device info: TypeError { }
r@webkit-masked-url://hidden/:27:166011
value@webkit-masked-url://hidden/:27:182883
@webkit-masked-url://hidden/:27:184904
We are making this request from an HTTPS website, and we suspect this could be related to mixed-content restrictions. Could you guide us on how to properly make localhost requests over HTTPS, especially in a production environment with the necessary security measures?
Any insights or best practices on resolving this issue would be greatly appreciated.
I reported this bug one year ago in https://developer.apple.com/forums/thread/746406, but as it is not been fixed yet, I'm going to try by opening this new incident report.
iOS is not working for the Unicode Variation Selector-15 (U+FE0E) for all the characters.
Can you please apply that variation selector to all your Unicode characters?
I) Steps to reproduce the issue:
navigate in safari to the page https://eurovot.com/vs.htm
II) Expected result:
as the 1st column of characters have the Variation Selector-15 (U+FE0E) applied, and the 2nd column have the Variation Selector-16 (U+FE0F) applied, the first column should always display text characters (in orange) and the second column emoji characters.
III) Error result:
some characters are working fine in the 1st column and displayed as text (in orange colour), but some other aren't displayed as text, they wrongly displayed as emojis instead.
I'm referring to the following:
https://developer.apple.com/documentation/automaticassessmentconfiguration
I can't find this information anywhere. I'm wondering if I can enable and disable this function in Safari or other browsers on my website.
I'm posting a question here as I have encountered an issue while seeking help from engineers in the thread. thread773837
If the "Not Secure Connection Warnings" is enabled in Settings > App > Safari, are HTTP connections not allowed under any circumstances?
I also posted a question about NSAllowsLocalNetworking not being applied, and I was informed that ATS (App Transport Security) is not related to SFSafariViewController. If that's the case, what feature causes the error "Safari cannot open the page. Error: Failed to navigate to an HTTP URL with HTTPS-only mode enabled"?
I am currently working to resolve this issue.