My website ccflood.us is a simple map that uses a CSV file for the data that is displayed on the map. It uses the ESRI JS API. Recently the points on the map began missing the text in the boxes only on Apple devices that have been upgraded to iOS 18. Has anyone also had this happen to their site? If you have upgraded to iOS 18, try this site on your iPhone then look at it on an Android phone or your desktop browser. You should seet the values in the boxes and a "+" at points that have no value. If you've had this happen with your site or have heard of a fix, please reply to this post.

Sometimes the Safari App Extension i'm developing does not show up in my Safari Extensions unless i change mu bundle identifier to some unique name. Even if I delete all other apps i've built with the same (and different) bundle ID, the extension is still does not show up. The only solution for me is to always change the bundle ID. For example: Now it is "kopyl.tab-finder-10" If i change it to "kopyl.tab-finder-11", the extension does show up in the Safari extensions settings page again. Is there any other way to fix it?

Since Safari requires a macOS app as a container for Web Extensions, is there a way to establish native messaging directly from SafariWebExtensionHandler using stdin/stdout? Or does Safari enforce a different communication mechanism? I’d like to keep the same approach as other browsers. Any guidance on making this work would be appreciated!

I am new to PHP. I have developed my own web site with a lot of javascript in simple HTML files. I want to do some extensions with PHP but I can't make a simple web page function. I am sure something simple is wrong. Help! Here is the test web page I made: hello.html <html>  <head>   <title>Hello World</title>  </head>  <body>   <?php echo 'Hello World!'; ?>  </body> </html> Pointing Safari at hello.html gives me a new tab with the correct title, but no "Hello World" in the page itself. Here is the output of php --version: WARNING: PHP is not recommended PHP is included in macOS for compatibility with legacy software. Future versions of macOS will not include PHP. PHP 7.3.24-(to be removed in future macOS) (cli) (built: Jun 17 2021 21:41:13) ( NTS ) Copyright (c) 1997-2018 The PHP Group Zend Engine v3.3.24, Copyright (c) 1998-2018 Zend Technologies

I build websites and my current build has seven videos on the first page built with the html 'video' tag. The page renders on all browsers and Android and on Safari on my mac but on my iPhone safari they appear black and then play correctly when clicked. This has changed since the last update.

We’re encountering an issue when trying to add non-standard headers to outgoing requests using Declarative Net Request (DNR) rules in our Safari Web Extension. Tested on macOS 15.4 with Safari 18.4. Specifically, when attempting to add a custom header such as "X-Custom-Header" using a DNR rule, the header does not appear in the request. We are able to add standard headers like "Authorization" and "Cookie" to the request successfully using the same method. This behavior suggests that Safari may be filtering or blocking non-standard headers when set via DNR rules, unlike other browsers. In Chrome and Firefox, the same rule adds the "X-Custom-Header" header without any issue. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

Is there a way to read all URLs of the currently open Safari TabGroup from a Safari Extension? In macOS and iOS

I'm building a macOS Google Chrome extension. I need to be able to send messages from the Chrome extension to the macOS app What's the set up flow? I've heard about native messaging, but I struggle to implement it. I've heard about XPC, but not sure JS can send messages to a macOS XPC service.

Hello! I've made a Safari extension that supports command "ReTab", and a couple of month ago, adding a customized macOS shortcut for Safari with menu title "ReTab" did trigger the extension. However, it's not working anymore and I'm not sure if it's from macOS/Safari update or because I changed manifest from v2 to v3 - could you help check if there's anything wrong with either the manifest.json or background.js? (the default Cmd+E still works) Thank you in advance! Xun manifest.json: { "manifest_version": 3, "default_locale": "en", "name": "ReTab", "description": "Go to the last active tab with Cmd+E!", "version": "1.4", "homepage_url": "https://LycheeIsle.com", "background": { "service_worker": "background.js" }, "action": { "default_icon": "images/toolbar-icon.svg" }, "permissions": [ "commands", "tabs", "storage" ], "commands": { "ReTab": { "suggested_key": { "default": "Command+E" }, "description": "Go to the last active tab" } }, "options_page": "options.html" } in background.js, I have this line which should listen to the command, and Cmd+E works but any customized shortcut for "ReTab" in Safari doesn't: browser.commands.onCommand.addListener(async (command) => { if (command === "ReTab" || command === "retab") { await retab() } });

I'm encountering an issue with ReactPlayer where videos fail to play when the playback rate is set to 3x, but this problem only occurs on iOS. The same functionality works perfectly fine on Android devices and desktop browsers like Chrome and Firefox. Here are the details of my setup: ReactPlayer version: 2.16.0 Video format: [MP4, hls ] Tested devices: iPhone 13 Expected behavior: Videos should play smoothly at 3x speed. Actual behavior: Videos fail to load or play when playbackRate is set to 3.0. I've read that iOS Safari might have limitations regarding playback rate due to performance or energy efficiency, but I couldn't find any official documentation to confirm this. If anyone has faced a similar issue or knows the root cause (or a workaround), I'd really appreciate your insights. Additionally, if there are official resources or documentation about playback rate limitations on iOS Safari, please share them. Thanks in advance for your help!

Hi there, I have a problem that , after I add website at dock but unable to turn on the website from dock & pop up message also mention that app was damaged. This problem appears after I factory reset my iMac. Please kindly advise. Thank guys.

We are currently implementing the payment flow, and for handling payment details — including card entry and validation — we are utilizing a WKWebView. The webview securely loads the payment provider’s page, ensuring sensitive information such as card numbers are entered and validated directly within the web context. I’d like to clarify that this change has not yet been released to Production. As part of a feature enhancement to our existing payment flow, we are transitioning to a new payment vendor, SnapPay. While trying to load the SnapPay URL embedded within an iFrame in our iOS app, I observed the following error in the Xcode console. While this error may be generic, I wanted to highlight it: 825a18 - [pageProxyID=7, webPageID=8, PID=67346] WebPageProxy::didFailLoadForFrame: frameID=24, isMainFrame=0, domain=NSURLErrorDomain, code=-999 Upon investigating, we compared the headers from our existing payment URL and SnapPay's URL, and found that SnapPay includes the following Content-Security-Policy (CSP) header: Content-Security-Policy: frame-ancestors ... "Content-Security-Policy" value="default-src 'self'; script-src 'self' https://hcaptcha.com https://.hcaptcha.com https://code.jquery.com https://www.gstatic.com https://code.jquery.com/jquery-3.3.1.min.js https://test.lightbox.cardx.com/v1/lightbox.min.js https://www.ssa.gov/accessibility/andi/ https://c.evidon.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://hcaptcha.com https://.hcaptcha.com https://fonts.googleapis.com/css https://stage.snappayglobal.com/Resource/ https://www.ssa.gov/accessibility/andi/andi.css 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' *.googleapis.com *.gstatic.com ; connect-src 'self' https://demo1.cditechnology.com https:; form-action https://hcaptcha.com https: 'self' *.ipg-online.com secure.bluepay.com https://test.api.lightbox.cardx.com https://3ds-acs.test.modirum.com/ https://demo1.cditechnology.com/; frame-ancestors https://snappaydirect-perf.fiserv.com 'self' file: https: http; frame-src .snappayglobal.com 'self' https://hcaptcha.com https://.hcaptcha.com https: https://www.google.com .ipg-online.com secure.bluepay.com https://.cardconnect.com https://test.api.lightbox.cardx.com/ https://test.lightbox.cardx.com https://paywithcardx.com/payment/auth.cgi securepayments.cardpointe.com *.cardpointe.com https://3ds-acs.test.modirum.com/ https://www.yokohamatire.com http://uat1-txt.ad.portal.texas.gov https://uat1-txt.ad.portal.texas.gov " After multiple working sessions with the SnapPay team, we were able to confirm that when they disable CSP or remove the frame-ancestors directive, the iFrame loads successfully within our app. However, SnapPay cannot change on their CSP. To enable the iFrame to load in the iOS app, we added the following line of code: webView.configuration.preferences.setValue(true, forKey: "allowFileAccessFromFileURLs"). This resolved the issue with loading the iFrame. Note: the file being loaded is a local .html file,. Before submitting this update to the App Store, I’d like to confirm whether this usage of allowFileAccessFromFileURLs is acceptable for App Store review. I wanted to confirm that with this change is there a security concern for WKWebview?

Hello, I am developing a Mac application via Mac Catalyst and encountering an issue with WKWebView. Specifically, I'm loading a webpage (e.g., https://translate.google.com) in WKWebView, but when I press the copy button on the page, the content doesn't actually copy to the clipboard. I've attempted modifying the UserAgent without any success. Here is the relevant part of my code: override func viewDidLoad() { super.viewDidLoad() let config = WKWebViewConfiguration() config.preferences = WKPreferences() config.defaultWebpagePreferences.preferredContentMode = .desktop let webView = WKWebView(frame: .zero, configuration: config) webView.translatesAutoresizingMaskIntoConstraints = false view.addSubview(webView) webView.scrollView.showsVerticalScrollIndicator = false webView.backgroundColor = UIColor.white webView.scrollView.backgroundColor = UIColor.white webView.leadingAnchor.constraint(equalTo: view.leadingAnchor).isActive = true webView.topAnchor.constraint(equalTo: view.topAnchor).isActive = true webView.trailingAnchor.constraint(equalTo: view.trailingAnchor).isActive = true webView.bottomAnchor.constraint(equalTo: view.bottomAnchor).isActive = true if let url = URL(string: "https://translate.google.com") { let req = URLRequest(url: url) webView.load(req) } }

Hello, I followed the instructions to set up a custom logo for our domain name Allogarage.fr, both for the brand and the domain. Everything appears to be correctly configured in Apple Business backend for several weeks now, but the logo still doesn’t show up in Mail. Is the branded email feature available in France? Are there any additional steps required?

Hi everyone, My web application has two services: myapp.com and account.myapp.com. The first manages all app content, while the latter handles the authentication, with Sign In with Apple included. The tech stack is mainly composed of React, JS, and Express. We'd like to allow users to authenticate inside a dialog on some pages of myapp.com. To avoid replicating stuff from one service to another, we put an iframe inside the dialog to show the authentication standard page from account.myapp.com. Email and Facebook processes work fine, but we have the following issues with Sign in with Apple: On desktop, not Safari, a pop-up window opens when you click on the Apple button, and it works as expected. On desktop Safari, the pop-up window is blocked. We want the native Apple pop-up to show instead of a generic browser new window. On mobile, nothing happens on click Obviously, outside the iframe, everything works as expected. I can't seem to find anything related to an iframe constraint in the Sign in with Apple docs. Is this feasible?

I have a Safari extension that plays audio via the javascript AudioContext API. It was working fine under iOS 17 and is now broken under iOS 18. It does not play audio at all. I've tried in both the iOS 18 public beta and the iOS 18.1 developer beta. It is broken in both of them. I've also created Feedback item FB15170620 which has a url attached to a page I created which demonstrates the issue.

Hi Apple Devs & WebKit Team, We operate https://outdoorgala.com — a verified, HTTPS-secure Canadian ecommerce site focused on elite outdoor safety gear. We're Indigenous-owned, based in Alberta, and take customer trust and compliance seriously. However, Safari (iOS + macOS) is falsely flagging our site as “deceptive,” preventing customers from accessing us — even though: We use GoDaddy Website Builder with no redirections or malware All product links are clean, HTTPS-secure, and tracked ethically We recently implemented a fully compliant cookie banner (Accept/Decline logic) A public security.txt and OpenPGP key has been published: https://outdoorgala.com/security No phishing, malware, or cloaking behavior exists on the site We’ve already submitted a review via: ➡️ https://websitereview.apple.com And filed a bug report via Feedback Assistant (FB17608544) What else can be done to speed up review or get flagged domains unblocked in Safari? This is hurting our business and blocking consumer access — despite following all Apple guidelines. Would appreciate any insights or escalation tips. Thank you! – Derek Eiteneier Founder, Outdoor Gala

When the “Use Strong Password?” dialog appears and I select “Not Now” to manually enter my own password, the password I type is displayed in plain text instead of being masked. Since the input field is of type="password", the entered characters should be hidden as is standard for password inputs. Is there a way to prevent this behavior and ensure that the password is properly hidden even after dismissing the strong password suggestion dialog?

Hi there, I use the Clipboard API to create formatted project links with a "copy link" button. This has been really versatile for end users. When they paste into their email, they get a hyperlinked project name that leads to the project, and when they paste into the URL bar, they just get the project URL. It used to be that pasting into Messages on Mac would yield the same behavior as pasting into the URL bar. But recently, Messages started only pasting the inner text of the HTML clipboard, so no URL, just the project name, which isn’t very useful for a copy link function. Is there any way to ensure that Messages pastes the URL while maintaining my formatting options on other surfaces?

I tried to create a content blocker for Safari and did it through Safari App Extension and Safari Web Extension. The XCode project for Safari Extension creates 2 applications: the “Main Application” (which is compiled into ".app") and the “Safari Extension” itself (which is compiled into ".appex"). If you want to create a content blocker, you must add “Content Blocker Extension” from the “File → New → Target” menu. This will be the third application in the group, which is also compiled into "*.appex". And now about differences... The first difference is that Web Extension does not have the right to work on any domains by default, unlike App Extension. For the App Extension, in the "info.plist" in the "SFSafariWebsiteAccess" section, we can remove "Allowed Domains" and in "Level" replace "Some" to "All". This is important because the content blocker should work on any domain, and not be turned on manually for each individual. This will not work in Web Extension and will have to be activated for each domain separately. The second significant difference between Web Extension and App Extension is that for security reasons it is more limited in page management. Web Extensions are supposedly focused on a common API for all browsers (Firefox, Chrome, Opera, Edge, Safari), but if I use Safari and want maximum integration with it, then I don't care about all those browsers. In this case, I don't need Web Extension. App Extension functions as a client-server even within the “Main Application”. This is quite expensive and can be fixed. You can remove the “webView” component from storyBoard and remove this files: “script.js”, “main.html”, “style.css”. After this you will get the pure storyBoard without any tinsel and communication between these layers. That’s will work perfectly because these are native Swift applications. p.s. To show the "Safari Extension" window after clicking on the icon on the toolbar, you need to change key from "Command" to "Popover" in the "info.plist" in the section "SFSafariToolbarItem" in the "Action". write your additions...