Dear all, I have a web application, where it is possible to book a subscription on a monthyl / yearly basis via PayPal. Normally the users use the safari function "add-to-homescreen" for baving the webapp directly on the homescreen. Nevertheless, since one of the last updates, it is not possible to book a subscription via PayPal. But this is only for the homescreen variant. If i open it directly in safari everthying works as desigend. Looking forward to get some help from you. Thank you!

I'm trying to implement WebAuthn conditional credential creation but I'm not able to get it to work. From this video https://www.youtube.com/watch?v=p8a6ODX1zHY I understand I should call navigator.credentials.create with "mediation: conditional" but the explainer at https://github.com/w3c/webauthn/wiki/Explainer:-Conditional-Registration-Extension also mentions a call to navigator.credentials.get with "mediation: conditional" and "extensions: { conditionalCreate: true }". The explainer seems to suggest they should be called both but for me, both calls never resolve with a credential or an error. What am I doing wrong?

Hello, We have a Safari extension in the app store for about two years. Our extension relies on syncing the data available in a desktop application to the extension. For this we always used SFSafariApplication.dispatchMessage to sync the data without the extension requesting it. And it used to work just fine. Now it appears that dispatchMessage is being marked as unavailable to extensions, so now xcode 16 is failing to build the extension. Also the documentation (Send messages from the app to JavaScript) still indicates that we can use dispatchMessage to initiate communication from the mac os app. Is there a way to achieve this as it is required for our extension to function, and that's how we have built it for chrome and firefox (one codebase).

I have a small example project that ran on both the simulator and a connected iPhone but now it and all other projects are failing with the same error. I am using Xcode 16.0 on MacOS Sonoma 14.6.1., iPhone 11 with iOS 18. Thank you in advance. The error is: Failed to resolve host network app id to config: bundleID: com.apple.WebKit.Networking instance ID: Optional([_EXExtensionInstanceIdentifier: 1163B5D2-09D3-4704-9564-61099502138B]) WebContent process (0x114018680) took 1.375772 seconds to launch GPU process (0x1140a0630) took 1.228457 seconds to launch Networking process (0x114034d00) took 1.426249 seconds to launch 0x105820a20 - [pageProxyID=7, webPageID=8, PID=34786] WebPageProxy::didFailProvisionalLoadForFrame: frameID=1, isMainFrame=1, domain=NSURLErrorDomain, code=-1200, isMainFrame=1, willInternallyHandleFailure=0 Message from debugger: killed Below is the code from one of the examples: import UIKit import WebKit class ViewController: UIViewController { let webView: WKWebView = { let prefs = WKWebpagePreferences() prefs.allowsContentJavaScript = true let configuration = WKWebViewConfiguration() configuration.defaultWebpagePreferences = prefs let webView = WKWebView(frame: .zero, configuration: configuration) return webView }() override func viewDidLoad() { super.viewDidLoad() view.addSubview(webView) guard let url = URL(string: "https://google.com") else { return } webView.load(URLRequest(url: url)) //evaluate JavaScript DispatchQueue.main.asyncAfter(deadline: .now()+5){ self.webView.evaluateJavaScript("document.body.innerHTML") { result, error in guard let html = result as? String, error == nil else { return } print(html) } } } override func viewDidLayoutSubviews(){ super.viewDidLayoutSubviews() webView.frame = view.bounds } }

we are using angular and Html5 to develop our application, in our application we play videos that are placed on s3. Video when played on desktop borwser are adequatley audible but when played on iPad their volume is too low to be audible. I have tried video.volume =1 but it does not work for iPad because this property is only readable for ios devices. I have tried using javascript audioContext. It worked for my local machine. But when code is deployed on some hosted environments, it just does not work. Did anyone face the same issue? Any help regarding it will be appreciated.

When creating an AddtoCalendar (ics, google, yahoo, outlook) Safari detects tracking only for outlook.live and outlook.office via the url used to add an event to the online calendar. I would like to inform web users that if this option is activated and they want to add the event to their online outlook calendar, they will need to temporarily deactivate this security feature! Is it possible to detect this option in jsx? Would there be a solution, like requesting authorisation to locate on a website, to allow only this url or this site (outlook.live or outlook.office) for tracking? I'm obviously thinking of something simple for the web user: a button to click.

I'm embedding a page into an APP developed with Xcode through WKWebView, but I've encountered style issues with the page rendered by WKWebView. I simplify the problem as follows. Open this link with Safari: https://cofficlab.github.io/JuiceEditor-Playground What is the light blue part? How can it be removed? If this is a feature, what is the name? Chrome doesn't have this problem.

I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?

I’m deploying a pac file through jamf using the auto global http proxy. The purpose of this file is to block some traffic on the network level. We’re deploying the pac on iPhones. I tried to use || shExpMatch(url, “*.pdf”) to block any url with .pdf but iOS seems to just skip that line without implementing it. Am I doing something wrong or is there an apple specific function that I should use? thanks

I'm porting to Safari a Chrome/Firefox Extension that makes use of declarativeNetRequest.updateDynamicRules to remove some HTTP headers from requests to a specific URL. This works mostly fine, except for some headers for which this is not allowed by WebKit, such as the Priority header (which is however served by Safari). An annoying corner-case I found is that of the Cookie header. When trying to remove it from the request by adding the following rule { id: <rule id>, priority: <rule priority>, action: { type: "modifyHeaders", requestHeaders: [{ "header": "Cookie", "operation": "remove" }] }, condition: { urlFilter: <my url>, resourceTypes: ["main_frame", "sub_frame"] } } nothing error is thrown, yet the Cookie header is still being sent. This rule however works for other headers, such as Referer. Changing "Cookie" for "cookie" does not help. Questions: Is there an alternative way of removing the Cookie header from the HTTP request? Is this just a bug in WebKit? Is there any way of removing "unsupported" headers such as Priority? Any help or references are appreciated. Edited: more specific description of the corner-case.

Hey there guys! I'm new to this, and have been learning JavaScript on Udemy. I'm trying to do everything inside of Safari, instead of using Chrome. But I'm stuck on something that I feel is kind of small, but has been nagging at the back of my brain. When I go to the 'Inspector Developer Tools' (command + option + i), then go to 'Sources', and go to 'Console Snippets', I'm trying to figure out how to delete any JavaScript files from the Console Snippets selection. In Chrome, when you navigate to the Chrome equivalent, if I right click on the file, there's an option to remove the file, but on Safari the only option I get is to Run Console Snippet. Does anyone know how to remove or delete a JavaScript file from the Console Snippets section in Safari? I have no extensions installed.

Hi, We have configured WKAppBoundDomains and are using limitsNavigationsToAppBoundDomains to enable Service Workers, which works perfectly. However, we are now unable to load a WKWebView with any domain that is not included in the app-bound domains. For these other WKWebView instances, we have explicitly set config.limitsNavigationsToAppBoundDomains = false, but it doesn’t seem to have any effect. We don’t require access to the restricted APIs enabled by app-bound domains for these instances—we simply want them to load and perform basic website functionality. Is there a way to enable Service Workers selectively in some WKWebView instances while allowing others to remain unaffected by the App-Bound Domains restriction? Thank you for your help! Best regards, Rose Ding

Styling overlap occurs between the input field style and the generated strong password field in Safari browser. Is there a way to completely override the original input field style with the styling of the filled strong password?

Hi everyone, I'm developing a minimal Safari web extension for macOS and trying to implement "Sign in with Apple" directly from the extension popup, as per Apple's guidelines it's prohibited to open a new tab/window: Guideline 4.0 - Design: The user is taken to a new Safari window or tab to sign in or register for an account, which provides a poor user experience. What I've Done So Far Created an App ID with "Sign in with Apple" enabled and configured. Created a Service ID with the "Sign in" feature enabled. Enabled "Sign in with Apple" for native targets in Xcode Added the following JavaScript code in my popup.html file to initialize the Apple JS API and handle authentication via a popup: &lt;script type="text/javascript" src="https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js"&gt;&lt;/script&gt; &lt;script&gt; // have tried many different configurations here - nothing works! AppleID.auth.init({ clientId: '&lt;valid client ID&gt;', redirectURI: '&lt;valid URL&gt;', usePopup: true, }); document.getElementById('sign-in-button-apple') .addEventListener('click', () =&gt; { AppleID.auth.signIn().then((response) =&gt; { console.log('Success', response) }).catch((error) =&gt; { console.error('Error', error) }); }); &lt;/script&gt; I also added event listeners for AppleID events: document.addEventListener('AppleIDSignInOnSuccess', (event) =&gt; { console.log('Success', event); }); document.addEventListener('AppleIDSignInOnFailure', (event) =&gt; { console.log('Error', event); }); Issue When I click the "Sign in" button in the popup, a native macOS dialog appears for authorization. However, after confirming sign-in, the modal just closes and no response (success or error) is logged in the console. Expected behavior To receive a success message or an error in the console about the authorization process result. Questions Service ID Configuration: Since the popup's location URL is safari-web-extension://&lt;random-url&gt;, I can't add it to the supported redirect URLs in the Service ID settings. Is there a way to work around this? Safari Web Extension Setup: Are there specific configurations required in Xcode to enable "Sign in with Apple" within a Safari web extension? Sign-In Method: Am I correctly implementing the signIn method in the JavaScript code? Could there be any constraints or special considerations for running it within an extension popup? I would greatly appreciate any guidance, examples, or documentation that can help resolve this issue. Thank you in advance!

I am working on some open source documentation genereator tools which should support pwa on apple. I want to check whether some private apple meta tags are still supported like apple-touch-icon, I can only found some archived docs: https://developer.apple.com/library/archive/documentation/AppleApplications/Reference/SafariWebContent/ConfiguringWebApplications/ConfiguringWebApplications.html I searched for almost an hour but I can not find anything related to safari and it's behavior in the new documentation. So I want to ask: do I miss anything? or apple is dropping docs for safari?

Hello, Do notifications works on a PWA who are in a European iPhone ? Regards Ed

How to handle it? regular downloads I already go working through Navigation and download delegates

Hi Team, We’re encountering an issue where Open Graph metadata (e.g., og:image) isn’t rendering properly on iOS/macOS platforms or WhatsApp previews. Here’s a brief summary of the problem: SSL Configuration: Our SSL Labs report shows a grade of B due to: Improper certificate chain setup. Outdated cipher suites (e.g., TLS_RSA_WITH_3DES). Support for deprecated TLS protocols (1.0/1.1). Frontend Observations: Metadata (e.g., og:image) is not reliably picked up on iOS/macOS crawlers. Crawlers may have issues accessing assets due to CORS or TLS limitations. What We Need: Guidance on resolving Open Graph preview issues specific to iOS/macOS environments. Best practices for ensuring compatibility with Apple’s crawlers and WhatsApp on iOS. Suggestions for optimizing server-side SSL/TLS configurations and frontend setup to improve metadata visibility. We’re currently using Next.js 14 for the frontend. Any insights or debugging tips are greatly appreciated! Thanks in advance!

Hi everyone, I’m working on an app that uses WKWebView. Due to security concerns, our customers want the app to disable copy-paste functionality and similar options (such as Lookup and Share, allowing users to extract text from the app or save it as a file. I was able to disable copy-paste and remove UIMenu options like Lookup and Share. Everything worked fine until the iOS 18.1 beta, which introduced a new menu called Writing Tools (Apple Intelligence) that has its own copy and share buttons I've tried several ways to remove it Remove all UIMenu items using canPerformAction, and it works for all menus but Writing Tools, which still remains override func canPerformAction(_ action: Selector, withSender sender: Any?) -> Bool { return false } Remove it from UIMenuBuilder override func buildMenu(with builder: UIMenuBuilder) { builder.remove(menu: .lookup) builder.remove(menu: .share) } But unfortunately, UIMenuBuilder does not have an identifier for Writing Tools, and it seems like there are no API changes from Xcode 15 to Xcode 16 (https://developer.apple.com/documentation/uikit/uimenu/identifier) It seems like the only way to disable it through MDM configuration (key: allowWritingTools), but we don't use MDM https://developer.apple.com/documentation/devicemanagement/restrictions Environment iOS Version: iOS 18.1 beta4 Device: iPhone 15 Pro App platform: iOS Xcode version: 16.0 MacOS: 15.0 Thank you

Hi, When we using Safari on MacOS with IPv6 we found that the XSRF-TOKEN can be set into the cookies. We have set-cookie in the authentication response headers 'Set-Cookie: XSRF-TOKEN=*******; SameSite=Strict; Secure'. It works by using Safari with IPv4. And also works with Chrome/FireFox with IPv4/IPv6. And also worked with Safari 15.6.1 over IPv6. May I know if this an issue or by design? Anyone aware of this? Thanks.