As the title suggests, given today’s overpowered device performance, shouldn’t Safari and WKWebView allow repainting during window resizing? Currently, all WKWebView-based apps pause page rendering during resize. When a user double-clicks the drag region, the sequence goes: pause rendering → enlarge or shrink the window → leave a blank area → repaint the page. The whole process feels inelegant—especially on devices that support ProMotion.

If we use webView.loadFileURL(indexURL, allowingReadAccessTo: readAccessURL) on an iPad it loads the data and navigation works. But if we place two hands on top of the screen and move a bit, all click events are not working anymore. It works again if we call loadFileURL again. We filled a bug report: FB19812304

Apple must comply with the requirements of the Level Index, the global digital credit gateway, and suspend gift cards and similar services until formal arrangements are made with service providers.

Since the transition to iOS 18.4, we have been having an issue where when loading an m3u8 file specified in the src attribute of a video tag in WKWebView, the ts file is loaded repeatedly. Are there any good ideas for this? Also, if there have been any changes to the specifications of WKWebView, we would appreciate it if you could let us know.

Hi, it seems that with iOS26 the system displays two entries in the screentime report for apps that use a WKWebView: one for the app itself and one for the website that was displayed in the app. We don't see this behaviour in iOS18.7. I'm reseaching how to disable the recording for the webviews in one of our apps (written in Swift with UIKit). The STWebpageController looked promising, especially the field suppressUsageRecording, but the whole class is poorly documented. We initialized it with the bundle identifier of the app and set the url of the wkwebview as the url in STWebpageController. It looks a bit like this: webView = WKWebView(frame: .zero, configuration: config) view.addSubview(webView) //setup STWebpageController webpageController = STWebpageController() do { try webpageController!.setBundleIdentifier(bundleIdentifier) } catch{ } webpageController!.suppressUsageRecording = true addChild(webpageController!) view.addSubview(webpageController!.view) webpageController!.view.frame = view.frame webpageController!.didMove(toParent: self) //load url in webView let request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalCacheData) webview.load(request) webpageController?.url = request.url This has no effect on the recorded screentime for the webview inside our app - we still see the same time for the container app and the included webview. Any suggestions? Thanks, Heiko

We have a Smart App Banner (including App Clip) on our website and have noticed today that the banner's background color has changed. It no longer has the default white background and blue button color, instead it has a background color that matches our page's background, and even the color of the button has changed. What's interesting is that we have not triggered this change at all. The colors seemingly changed by themselves. Looking at the Apple Documentation, no customization options are mentioned. Searching the web, the theme-color meta tag is mentioned in relation to this, however we haven't even included that tag on our page. What is triggering this color change then and how can we influence it?

Hi, I’m working with the SFExtensionProfileKey in my Safari Web Extension. As I understand it, this key is to get the UUID of the profile currently in use. However, it seems to be missing (no key in userInfo) when the default profile is active. Also, I haven’t found any API to get a profile’s human-readable name or list all available profiles. Could someone clarify: If the value of SFExtensionProfileKey is absent, can I safely assume the default profile is in use? Is there a supported way to get a profile’s display name? Does Safari expose an API for getting all profiles? Thanks in advance for your insights!

Hello all, As you may know, the company ProofPoint is an Apple partner, and is engaged (I think) to reduce misuse of icloud emails. We have two servers solely set up for our web-app, which is a specialised forum for apartment owners. The new servers were established about the same time, with the same provider, with clean new IP addresses - and as mentioned above, are only used for this web-app. During a testing phase a YEAR ago, we became aware that our in-house icloud emails weren't receiving notifications via the app, and further investigations revealed that the cause was that ProofPoint had placed a block on that server's IP. We immediately, via their website form initiated a Support Ticket, which, the site indicated was lodged, BUT we have never received any response to that Ticket, nor have we received any response to four subsequent Tickets we initiated - nothing. In over a year!! Yesterday, we contacted Apple support, but the devices area of support is the main section and they said it wasn't an issue they could assist with. Some relevant matters: SPF: DKIM: DMARC: are, I believe all configured correctly (and Gmail gives a PASS to all of them). The IP is not blacklisted by any list we are aware of. Our other server's IP isn't blocked by ProofPoint. So, literally at wits end, I'm reaching out to the developer subscribers here to see if they have any suggestions for us. We currently are unable to accept any new subscriber that is using an icloud email address, and that's an absurd situation to be in. Surely we don't have to go to the trouble and inconvenience of obtaining a new IP because of this!!! But when we can't get ANY response to the Support Tickets, it's really hard. Thanks

We are embedding TikTok Live streams inside our iOS app using WKWebView. The Live stream loads and plays normally at first. However, when the app goes to the background (for example, user presses the Home button or switches apps) and then returns to the foreground, the TikTok Live video and audio become paused and do not resume automatically. Expected behavior When the app returns from the background to the foreground, the video/audio should resume playback automatically Actual behavior Video/audio pauses after app resumes from background Any guidance would be greatly appreciated. Thank you.

window.location.href = "tel:02-xxxx-xxxx" Can the development team modify the screen text? Or can the country code be erased? What are the reasons for continuing to be "on the phone" if the country code is automatically attached to the phone like this?

Hi Team, Our team member trying to enroll through the invite in Apple Developer portal Note: Phone number is valid but still we are getting this error. It happens in all the browser

Hello, I have an authentication flow where my app communicates with a backend protected by F5 client certificate validation. The client certificate is distributed via MDM and is available in the device keychain, but not accessible directly from the app. When using ASWebAuthenticationSession (or SFSafariViewController) Safari can successfully pick up and present the certificate during authentication, so that part works fine. However, the backend’s authenticate endpoint only supports a POST request with an Authorization header, whereas ASWebAuthenticationSession only accepts a GET URL when starting the session. My questions are: How is this type of flow typically implemented in iOS? Should the backend provide a GET-based endpoint that redirects into the POST, or is there a recommended iOS pattern (e.g., an intermediate HTML page that does the POST after certificate validation)? Are there Apple guidelines on handling certificate-based auth with ASWebAuthenticationSession when the API requires POST, especially for In-House distributed apps? Any guidance or best practices would be very helpful.

I have a working answerer-only WebRTC client to view video from a remote device. This client, works in all common web browsers (Chrome, Edge, Firefox, etc.) except in Safari. After trying to debug the problem, I noticed that after calling await peerConnection.setLocalDescription(answer); RTCPeerConnection.iceGatheringState never changes to the "gathering" state and stays the default initial "new" state. This is a problem because the ICE candidates can never be gathered and thus the client in Safari does not work at all. What is surprising and weird is that by explicitly calling setLocalDescription(), ICE gathering should start as mentioned in the documentation: https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/icecandidate_event. However, in Safari, this never happens. I experienced this issue in both Safari 18.x and 21.x versions.

I am following up on Thread (https://developer.apple.com/forums/thread/733233). Currently, SFSafariExtensionManager.getStateOfSafariExtension only returns if an extension is enabled, but not if "Allow in Private Browsing" is toggled on. Is there an API in macOS 26 and Safari 19 that allows a native Safari App Extension to detect this specific permission?

Touch not working to close in-app close-ups since latest iOS 26 update

Hi Apple Devs & WebKit Team, We operate https://outdoorgala.com — a verified, HTTPS-secure Canadian ecommerce site focused on elite outdoor safety gear. We're Indigenous-owned, based in Alberta, and take customer trust and compliance seriously. However, Safari (iOS + macOS) is falsely flagging our site as “deceptive,” preventing customers from accessing us — even though: We use GoDaddy Website Builder with no redirections or malware All product links are clean, HTTPS-secure, and tracked ethically We recently implemented a fully compliant cookie banner (Accept/Decline logic) A public security.txt and OpenPGP key has been published: https://outdoorgala.com/security No phishing, malware, or cloaking behavior exists on the site We’ve already submitted a review via: ➡️ https://websitereview.apple.com And filed a bug report via Feedback Assistant (FB17608544) What else can be done to speed up review or get flagged domains unblocked in Safari? This is hurting our business and blocking consumer access — despite following all Apple guidelines. Would appreciate any insights or escalation tips. Thank you! – Derek Eiteneier Founder, Outdoor Gala

It’s the small things that make a difference, and the three dots at the top of the screen in Safari and Chrome are such examples. I’ve already accidentally deleted several tab groups by accident and try to relearn browsing is harder than it should be.

I coded two demo websites as follows (both written in NextJS): Website 1: I coded an interval counter that increments every 1 second. Website 2: I used the MediaRecorder API (described in the WebKit documentation: https://webkit.org/blog/11353/mediarecorder-api/). In the ondataavailable function, I periodically send a blob (once every 1 second) to my server. In the backend, I coded a POST API to upload this blob. I noticed that with website 1, the interval doesn't work when I run Safari in the background, even on iOS and iPadOS. However, website 2 works, meaning it still calls my API normally (I tried running Safari in the background for about 1-2 hours and it worked). So, does this mean Apple allows native APIs like MediaRecorder and its callbacks to run in the background?

Hi Apple Devs & WebKit Team, We operate https://excnum.com — a personal website currently under reconstruction. It's HTTPS-secure, hosted on a clean VPS, and now features a simple placeholder page with no active forms, scripts, or external redirects. However, Safari on both iOS and macOS is flagging it as a “deceptive website”, blocking all access. This warning appears even though: The site uses a valid SSL certificate via Cloudflare There are no redirects, tracking scripts, or dynamic code We serve a static landing page (“under maintenance”) with zero interaction No malware, phishing, or obfuscation exists — verified with multiple tools A review request has already been submitted at: https://websitereview.apple.com We believe the site may have been blacklisted previously under past ownership or prior configurations. It has since been completely restructured and cleared, but the Safari warning persists. This false flag is harming visibility and trust for an otherwise neutral website. Any advice on how to expedite re-evaluation or request a manual delisting from the deceptive site list would be much appreciated. Thank you! — Alex Admin, EXCNUM.COM