I’m trying to understand how the Reddit app knows to open in its anonymous mode when a link is opened from Safari’s Private Browsing mode. Does Safari explicitly pass any flag or metadata indicating the request originated from Private Browsing? Or is it inferred by the absence of shared cookies, session tokens, or other stateful data? If the detection is based on the absence of cookies, could this logic misidentify other stateless scenarios as ‘private’?

I'm trying to set up a smart app banner for my app, but it doesn't appear on the website when I try to test it. I have the meta tag on my website: <meta name="apple-itunes-app" content="app-id=6740216045" /> When I inspect the website, I can see that the meta tag is showing up in the head, but the banner is nowhere to be found. I tried clearing website data but still no dice.

I'm porting to Safari a Chrome/Firefox Extension that makes use of declarativeNetRequest.updateDynamicRules to remove some HTTP headers from requests to a specific URL. This works mostly fine, except for some headers for which this is not allowed by WebKit, such as the Priority header (which is however served by Safari). An annoying corner-case I found is that of the Cookie header. When trying to remove it from the request by adding the following rule { id: <rule id>, priority: <rule priority>, action: { type: "modifyHeaders", requestHeaders: [{ "header": "Cookie", "operation": "remove" }] }, condition: { urlFilter: <my url>, resourceTypes: ["main_frame", "sub_frame"] } } nothing error is thrown, yet the Cookie header is still being sent. This rule however works for other headers, such as Referer. Changing "Cookie" for "cookie" does not help. Questions: Is there an alternative way of removing the Cookie header from the HTTP request? Is this just a bug in WebKit? Is there any way of removing "unsupported" headers such as Priority? Any help or references are appreciated. Edited: more specific description of the corner-case.

I'm not sure if this is even the right place to ask this, or voice this complaint if there's no fix. If not, please direct me where to go. I'm trying to switch all my development over to Safari, but the tab sidebar is driving me absolutely insane. Let's say I have a bunch of tab groups expanded, and I collapse the sidebar to focus on the webapp I am building. When I toggle to show the sidebar again, every single tab group is collapsed. Why is it 2 clicks to see the tabs in the sidebar? Even with zero tab groups, and just tabs in the workspace, if you collapse the sidebar it'll collapse the list of tabs. Is there some hidden setting for this? Who do we have to complain to?

Hi, We have configured WKAppBoundDomains and are using limitsNavigationsToAppBoundDomains to enable Service Workers, which works perfectly. However, we are now unable to load a WKWebView with any domain that is not included in the app-bound domains. For these other WKWebView instances, we have explicitly set config.limitsNavigationsToAppBoundDomains = false, but it doesn’t seem to have any effect. We don’t require access to the restricted APIs enabled by app-bound domains for these instances—we simply want them to load and perform basic website functionality. Is there a way to enable Service Workers selectively in some WKWebView instances while allowing others to remain unaffected by the App-Bound Domains restriction? Thank you for your help! Best regards, Rose Ding

Hi everyone, We're facing a challenge with Apple's WKWebView and its WKAppBoundDomains limit. Our web app is hosted across multiple dedicated domains to ensure security and isolation for our customers. Additionally, we rely on a service worker to provide offline functionality within our app. To enable the service worker in our WebView app, we must specify the domains within the app-bound domains list. The issue we're encountering is the 10-domain limit, which is restrictive since our app needs to support access to more than 10 domains. Has anyone found a workaround for this limitation? Or does Apple provide any exceptions to this rule if a strong case is presented? We’d greatly appreciate any insights or experiences you can share. Thanks in advance!

I'm tasked with securing a Safari browser extension that my organization created. It is using WebExtensions and has been launched across various browser extension stores, including Safari. I've searched for many hours on this and find very very little information on how to secure it. (Pretty much just https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Content_Security_Policy.) Is there anything more extensive/comprehensive? I'll be dealing with Safari Desktop as well as Safari iOS. By comparison, when looking for resources for securing the Firefox version of the extension, I found https://extensionworkshop.com/documentation/develop/build-a-secure-extension/, which I think is a great resource. Some of that content applies to Safari, but it's hard to know to what extent. I'll need to secure Safari web and Safari mobile (i.e. iOS), but for now I'm focused on web. (But if you have anything on mobile, then please let me know also.) Thank you!

I'm having issues with opening up role="link". links in wkwebview. Is there a way in my decideforpolicy to allow these links to open up in the current webview vs another window like a traditional web browser does? Thank you ahead of time.

Hello, Do notifications works on a PWA who are in a European iPhone ? Regards Ed

I'm working on a school project to build a webpage for Vision Pro users. I'm using Xcode to build this webpage because it has .reality files. This webpage only works on Safari because I took a spatial image with my Vision Pro, and it's .heic file type. I put the .png version below the .heic file that is supposed to have the spatial effect. I deployed this project on Vercel, please use Safari to check out the link: https://spatial-design-project.vercel.app There's another issue in this project, I downloaded the Cosmonaut .reality file on Apple Quick Look Gallery to test on my webpage. However, when I open it on Vision Pro, the file won't load, it says "Failed to load layers". Does it have something to do with the server for serving this file type? Should I use an actual web hosting company for this website? Here is my GitHub repo <div class="hero"> <div class="hero-text"> <h1>La Sal Peak</h1> <p>The Do-It-All Enduro Bike</p> </div> </div> <div class="hero2"> <div class="hero-text"> <h1>La Sal Peak</h1> <p>The Do-It-All Enduro Bike</p> </div> </div> .hero { position: relative; display: flex; align-items: flex-end; justify-content: flex-start; height: 100vh; background: url("assets/heroImage.heic") no-repeat center center/cover; color: white; } .hero2 { position: relative; display: flex; align-items: flex-end; justify-content: flex-start; height: 100vh; background: url("assets/hero.png") no-repeat center center/cover; color: white; }

Hi Team, We’re encountering an issue where Open Graph metadata (e.g., og:image) isn’t rendering properly on iOS/macOS platforms or WhatsApp previews. Here’s a brief summary of the problem: SSL Configuration: Our SSL Labs report shows a grade of B due to: Improper certificate chain setup. Outdated cipher suites (e.g., TLS_RSA_WITH_3DES). Support for deprecated TLS protocols (1.0/1.1). Frontend Observations: Metadata (e.g., og:image) is not reliably picked up on iOS/macOS crawlers. Crawlers may have issues accessing assets due to CORS or TLS limitations. What We Need: Guidance on resolving Open Graph preview issues specific to iOS/macOS environments. Best practices for ensuring compatibility with Apple’s crawlers and WhatsApp on iOS. Suggestions for optimizing server-side SSL/TLS configurations and frontend setup to improve metadata visibility. We’re currently using Next.js 14 for the frontend. Any insights or debugging tips are greatly appreciated! Thanks in advance!

Apple Pay fails with an "AbortError" when the dialog for the fingerprint sensor opens. How do I find the cause of the "AbortError" which only occurs in the web integration in our production environment? In the sandbox environment, Apple Pay works flawlessly. This concerns a web integration of Apple Pay using the Apple Pay SDK, one version before 1.2.0. The error occurs when I call the show() method on the PaymentRequest object. The Apple Pay dialog opens with the fingerprint icon, but after one second, an exclamation mark appears, and the Apple Pay dialog closes again while throwing the "AbortError". I know that our Apple Pay integration worked for multiple customers in the production environment already. The current problem is that Apple's error message, called "AbortError," provides no indication of the cause. This could be greatly improved. One affected customer, for example, is the one with the Merchant ID … (Is it safe to post a Merchant ID in this forum?) I can reproduce the "AbortError" issue at any time using my iPhone with iOS 16.7.8.

We are building a Safari web extension utilising native messaging, to send messages to the Swift native part of the app. We sometimes experience, that the beginRequest handler is executed multiple times, at the same time. We have a special part of the code in the handler, that must be run only once. Because it uses NS defaults storage, and also because it calls our servers. We have tried to use a serial dispatch queue, as well as other locking and mutex techniques, to no success. We suspect that the instances of the handler are isolated in a way, that these locks don’t work (maybe they don’t share memory?). But we are not sure. When looking at os_logs from the handlers, they all share the same PID. Has anyone experienced anything similar and can shed some light on what's going on?

How can i add Authorization header to a wkwebview. I checked https://developer.apple.com/documentation/foundation/nsurlrequest#1776617 which says Authorization header is a reserved http header and shouldn’t be set. I want to set it when requesting a url to the server which will be used for verification. How can i do that?

Hi there, I use the Clipboard API to create formatted project links with a "copy link" button. This has been really versatile for end users. When they paste into their email, they get a hyperlinked project name that leads to the project, and when they paste into the URL bar, they just get the project URL. It used to be that pasting into Messages on Mac would yield the same behavior as pasting into the URL bar. But recently, Messages started only pasting the inner text of the HTML clipboard, so no URL, just the project name, which isn’t very useful for a copy link function. Is there any way to ensure that Messages pastes the URL while maintaining my formatting options on other surfaces?

the backdrop is not work through css variable, but it works well through the certain value. and the problem wasn't appear in old version

We have a web application that uses high resolution images to validate the authenticity of products. For this purpose we want to use the best camera to make the high resolution camera, on iPhone Pro devices this camera is the ultra-wide angle camera. The issue we have is how to confidently select that camera from the list returned by navigator.mediaDevices.enumerateDevices. We can't use the device ID as it change every time (and for every user), we could use the camera name but the string is translate to the device language which is very problematic. We could also just select a specific item in the list but we are not sure that the order is preserved and it makes it hard to deal with other iPhone models that don't have that ultra wide angle camera. Selecting a specific camera looks like an essential feature not only for us. What is the best option, we are looking for something that is future proof and easily scalable.

hi, i have this problem. i need to use a webview to charge a file locally, to be more specific a file SCORM, like a mini web project. so i was making tests and the way to see all te content is in a http server. i mean if i click in the index.html of the file in my computer the page doesn't charge all the content, so i opened visual studio code and running Live Server thats provide me a project in http, well with that the project works. in android i'm make the example with something called WebViewAssetLoader, with that i can setup asset loader to handle local asset paths and override a WebView client, and if request is to local file, intercept and serve local. i want to know if in swift i have a way to intecept it a serve local this is one of the a lot of ways that i was tried and this is the example that works for me in android

Dependent fields for multi-select options and dropdown fields are not displaying in Safari, although they work correctly in Chrome and Firefox. Scenario You have a form built with ASP.NET and Razor, where users need to select multiple options from a dropdown list to trigger the display of dependent fields. Multi-Select Dropdown: The form has a multi-select dropdown for choosing different categories (Category A, Category B, etc.). Dependent Fields: Based on the user's selection, certain dependent fields should become visible. For example, if the user selects Category A, an additional input field titled "Details for Category A" should be shown. Expected Behavior (Chrome & Firefox) When the user selects Category A or Category B, the corresponding input fields are displayed dynamically, functioning as expected. Issue in Safari : In Safari, the dependent fields do not show up when a user selects any category. It's as if the JavaScript or the CSS responsible for displaying these fields is not executing correctly. CHROME SAFARI Browser: Safari (Version 18.0 (20619.1.26.31.6)) Operating System: MacOS (sequoia 15.0) Device: MacBook Pro 14 Inch Apple M3 Pro , iPhone 14 iOS 18.0

When a video in Safari is played in fullscreen mode and the user pauses it, an overlay (such as a play button or other controls) appears. This affects the user experience, as we want to avoid showing the overlay during fullscreen viewing after the video is paused. Expected Behavior: The overlay should not appear after the video is paused in fullscreen mode. Steps to Reproduce: Open a webpage https://slides-dev.pitchavatar.com/rtxuf in Safari. Start playing the video. Enter fullscreen mode. Pause the video. The overlay appears after the video is paused. Screenshot: Additional Information: Safari version: Safari 18.0.1 (20619.1.26.31.7) Environment: macOS Sequoia 15.0.1 (24A348) We would like to know if there is there any way to prevent the overlay from appearing in Safari when the video is paused in fullscreen mode.