Summary Recently a number of bugs affecting our Safari extension have been introduced with various Safari 18.X updates. We've submitted feedback for all of these, but most have received no response. We need to raise this to your attention as it has been affecting our developer experience and causing a lot of frustration for our users. It's something that adds a lot of uncertainty for us. These issues affect core web functionalities but seem to be isolated to the Start Page or Extension environments. For example: using window.open, no longer works using window.location.href = ... no longer works Including a tag in our start page causes infinite reloading to occur. registering a content script more than once will crash Safari Details Unable to open new window as as start page extension in Safari 18 FB15879470 What happens: Calling window.open does nothing. This broke our links to our feedback submission, marketing site & help site. When: Nov 18, 2024 - Initial launch of Safari 18 on macOS Status: Open, No response Unable to open app url scheme with window.location.href in start page extension in iOS 18 FB15879596 What happens: Changing the URL in this way does nothing (well actually it does work about 10% of the time). This broke our navigation to in app payment. When: Nov 18, 2024 - Initial launch of Safari 18 on iOS Status: Open, No response New tab extensions broken FB16126043 What happens: Having a tag in your causes an infinite loop of reloading the start page. This broke our entire start page extension. When: Dec 19, 2024 - Safari 18.3 on iOS beta Status: 10 similar tickets found, marked for future OS update. We did get a response and a fix is identified for a future release window.open opens “about:blank” when called from Start Page extension. FB16427985 What happens: calling window.open from the start page opens about blank on iOS 18.3. Similar to the first issue, but slightly different behaviour. This broke our links to our feedback submission, marketing site & help site. When: Jan 30, 2025 - Safari 18.3 Status: Open, No response Registering a content script more than once causes Safari to crash in macOS 15.4 beta FB16831768 What happens: We have an optional content script that we were registering every time it was used. Although somewhat redundant, it was much simpler than checking if one was already registered and tracking if an updated one needed to replace it. This works fine on all other browsers and all prior Safari versions we've released it on. However if a user enables site blocker on the latest version, as soon as they visit any website, our content script registration causes Safari to crash. Essentially preventing users from using Safari until they uninstall our extension. When: Mar 11, 2025 - Safari 18.4 Status: Open, No response In Conclusion Luckily we have been able to isolate and find workarounds for most of these issues so far, but we are not guaranteed to in the future. We are raising this not only to have these issues looked into, but to raise awareness of the rising trend of basic functionality of Safari extensions breaking with Safari updates. We hope that this can influence a shift in your QA & feedback intake practices to ensure these issues are less frequent in the future. We are happy to raise future issues through your provided channels as they are discovered. But to have our feedback ignored and then have to rely solely on workarounds to prevent disruptions to our users' experience is concerning. We submitted this feedback to our developer relations contact, and he suggested we submit a TSI to look into these issues. In response to this, we were advised to post this here.

Hello, We’ve been using the CesiumJS WebGL library for several years, both on our website and within embedded WebViews in our iOS application. Since upgrading to iOS versions 18.2 and 18.3, we’ve started receiving numerous user complaints regarding application crashes on various iPad and iPhone models when loading CesiumJS. The crashes occur as soon as the 3D view initializes, and the error consistently reported is: "WebGL context lost" This issue appears to be a WebGL-related crash potentially triggered by GPU memory handling or allocation limits. However, we are not detecting any abnormal memory consumption prior to the crash, and the same setup works perfect on older iOS versions and on all Android devices and versions. Steps to Reproduce: Open: https://www.flightradar24.com/30.47,-94.84/8 Click on any aircraft icon on the map. In the aircraft details panel at the bottom, click on the “3D view” tab. On iOS 18.2 or 18.3, the page will crash shortly after initializing CesiumJS WebGL. Affected Devices: This issue is occurring across a wide range of devices, including: iPad 9th Generation iPad Pro (11-inch, 2nd Gen) iPhone SE (2020 and 2022) iPhone 11, 11 Pro iPhone XR iPhone Mini All of the above are running iOS 18.2 or 18.3. The problem does not occur on Android or previous iOS versions. Request: Has anyone else encountered similar issues with WebGL context loss after upgrading to iOS 18.2 or 18.3? Are there any known changes in memory limits or WebGL behavior in these recent iOS updates? We’d appreciate any insight or suggestions on workarounds or potential fixes. Thank you!

This is problematic when opening links to other websites that require separate authentication. A typical example would be a Gmail web app, and then trying to open a link to a GitHub PR. In the 18.0 release notes, this is mentioned as Added support for opening links directly in web apps on macOS. (113034778 It'd be great if this could be customizable so that one could choose the old behavior.

Hello. Environment Safari version 18.1 (22B81). Problem In my Safari Web Extension i need to determine the url of the active tab. I do it this way: const onError = (error) => { console.error(error); }; const getFrameUrl = async (frames) => { console.info(frames) }; const getAllFrames = (frames) => { browser.webNavigation.getAllFrames({ tabId: frames[0].id }).then(getFrameUrl, onError); }; browser.tabs.onUpdated.addListener(() => { browser.tabs.query({ currentWindow: true, active: true }).then(getAllFrames, onError); }); The problem is that if the tab url is a link in the blob protocol, then the result function browser.webNavigation.getAllFrames({ tabId: tabs[0].id }) is as follows: {frameId: 0, parentFrameId: -1, url: "", errorOccurred: false} In Safari version 17 the correct URL value was returned: {frameId: 0, parentFrameId: -1, url: "blob://<some id>", errorOccurred: false} How can I fix the problem? Environment Safari version 18.1 (22B81).

When I open com. apple. developer. web browser, I am unable to inject JavaScript into the webview through methods such as addUserScript. The console will prompt 'ignoring user script injection for non app bound domain'

Is this symbol, which Safari uses to the left of the address bar, in the public SF Symbols set? What's it called?

I’m experiencing an issue in WKWebView on iOS 26 Developer Beta 8. If a view's subview contains a WKWebView, using the CALayer's renderInContext method fails to capture the pixel at the current point, and the console outputs "unsupported surface format: &b38". The following code snippet was functioning as expected on iOS 18 and iOS 26 beta 1. However, it no longer works in the latest beta. Is this a known bug in the current iOS 26 betas, or is there a recommended workaround? - (BOOL)isTransparentAtTouchPoint:(CGPoint)point layer:(CALayer *)layer { unsigned char pixel[4] = {0}; CGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceRGB(); CGContextRef context = CGBitmapContextCreate(pixel, 1, 1, 8, 4, colorSpace, (CGBitmapInfo) kCGImageAlphaPremultipliedLast); CGContextTranslateCTM(context, -point.x, -point.y); [layer renderInContext:context]; CGContextRelease(context); CGColorSpaceRelease(colorSpace); CGFloat alpha = pixel[3] / 255.0f; return alpha < 0.01; }

A few observations Very slow response and loading times for both URLs, forms, and scrolling Frequently non-responsive touch-screen for on-page forms and actions Keyboard stays open with no option to get rid of it Auto zoom stuck in xoomed-in mode, often hiding "Save"/"Submit"-buttons Dowbload folder setting ignored Toggling of web inspector mode does not work In vertical mode, with address bar on top of screen, clicking items on bottom part of page is not registered as click, but makes the navigation bar pop up, hiding the clickable feature. For clicks to register, frequently 2-3 touches are required.

Good day, I'm attempting to check whether Apple Pay is available using the ApplePay JS API. Prior to upgrading to Safari 18.0+, I was using window.ApplePaySession.canMakePayments to show/hide the Apple Pay option. I've noticed with the new Safari version, the preferred method of checking the availability of Apple Pay is by using the applePayCapabilities method. When logging and inspecting the window object in Safari 18.0.1, this method seems to be missing from the ApplePaySession object. Additionally, my conditional code which is dependent on applePayCapabilities does not execute: if (typeof window !== 'undefined' && window.ApplePaySession) { // Safari version 17 and lower if (window.ApplePaySession.canMakePayments) { // set Apple Pay available } /** * On Safari version 18 and higher, we must check whether a user has a card saved in their wallet. * If this is the case, Apple Pay must be presented as the primary payment method. In our case, * this means selecting Apple Pay as the default payment method. */ if (window.ApplePaySession.applePayCapabilities) { const merchantIdentifier = '***'; const promise = window.ApplePaySession.applePayCapabilities( merchantIdentifier ); promise.then(capabilities => { switch (capabilities.paymentCredentialStatus) { case ApplePayCapabilities.CREDENTIALS_AVAILABLE: // set Apple Pay as available and default break; case ApplePayCapabilities.UNSUPPORTED: // not available break; default: // set Apple Pay as available only } }); } } I feel I'm missing something very simple here, help would be greatly appreciated!

It seems fetch() does not include credentials (cookie) even when credentials: include is used and Safari extension has host_permissions for that domain when using from a non-default Safari profile. It includes credentials (cookie) when using from the default profile (which has the default name Personal). Is there anyone who has this problem? I try to request in popup.js like this: const response = await fetch( url, { method: 'GET', mode: 'cors', credentials: 'include', referrerPolicy: 'no-referrer', } ); and it does not include the credentials (cookie) from host_permissions. I already posted https://developer.apple.com/forums/thread/764279, and opened feedback assistant (FB15307169). But it is still not fixed yet. (macOS 15.4 beta 3) I hope this is fixed soon.

I noticed that when logging in to idmsa.apple.com, my old email address still appears as an option, even though I’ve updated my Apple ID to a new email. I understand that passkeys rely on a public-private key pair, with the public key stored on the server (e.g., idmsa.apple.com) and the private key saved locally in iCloud Keychain. Could you please clarify: 1. How can I request Apple to delete the public key associated with my old email address from their servers? 2. Is there a way for users to manage or update server-side passkeys without contacting Apple support? 3. Does this behavior affect my account security in any way? Any advice or insights would be greatly appreciated!

We have an ObjC-based Mac App utility. A fair fraction of the functionality is built in JavaScript and resides in a couple of WKWebViews so that we can more easily share code with other platforms. Because it is a utility, usually the application will be hidden or at least not the frontmost application. But if the user hits a hotkey or provides certain other inputs, the app should respond immediately with a series of actions. In the Obj-C part of the code, we can do this to alert the system that our non-visible, non-active, application is doing something in response to the user input: [[NSProcessInfo processInfo] beginActivityWithOptions: NSActivityUserInitiatedAllowingIdleSystemSleep reason: @"Do the Thing"] To get the JavaScript to do the work needed, we call evaluateJavaScript:completionHandler: on one of the WKWebViews. The JavaScript performs a series of computations, then uses window.webkit.messageHandlers.xxxx.postMessage to return results to the ObjectiveC code, which then takes action based on various SDKs, and the user sees the result. The problem we are encountering is relatively infrequent, but it appears that macOS puts the 'Web Content' process (which every WKWebView has) to sleep, and sometimes delays of many seconds (sometimes over 15 seconds) occur between the evaluateJavaScript:completionHandler: call and the postMessage response. These observed delays are not related to complexity of the JavaScript computations or the amount of data being processed. Using the Console, we can see that evaluateJavaScript:completionHandler: seems to result in this message: 0x104682280 - [PID=0, throttler=0x1046e8498] ProcessThrottler::Activity::Activity: Starting background activity / 'WebPageProxy::runJavaScriptInMainFrameScriptWorld' Then shortly afterward: 0x104682280 - [PID=0, throttler=0x1046e8498] ProcessThrottler::Activity::invalidate: Ending background activity / 'WebPageProxy::runJavaScriptInMainFrameScriptWorld' So it seems that evaluateJavaScript:completionHandler: "wakes up" the WKWebView similar to the beginActivityWithOptions:. But many parts of our computation do some work, then expect the next "tick" in JavaScript to continue using the partial result to produce more work. I suspect that the delays are related to the WKWebView being put "back to sleep" before all the "next tick" code executes. Because these actions are taken in response to user invocation, delays of more than a fraction of a second are instantly noticeable and result in user dismay. Are there any configuration settings that can prevent the 'Web Content' process from going to sleep? Or (better) techniques or mechanisms that would force the process to "stay awake longer"? (Keeping in mind that the WKWebView is likely not visible, and/or the containing window may be hidden.)

Hello, In iOS 26 beta, we are seeing an unexpected behavior when using SwiftUI WebView (or a custom WKWebView via UIViewRepresentable). When an alert is presented above the WebView, the WebView immediately reloads to its initial page. The alert itself also disappears instantly, making it impossible for the user to interact with it. This issue occurs both with the new SwiftUI WebView / WebPage API and with a wrapped WKWebView. The problem was not present in previous iOS versions (iOS 17/18). Steps to reproduce: Create a SwiftUI view with a WebView (pointing to any URL). Add a toolbar button that toggles a SwiftUI alert. Run the app on iOS 26 beta. Tap the button to trigger the alert. Expected behavior: The WebView should remain as-is, and the alert should stay visible until the user dismisses it. Actual behavior: As soon as the alert appears, the WebView reloads and resets to the initial page. The alert disappears immediately. Minimal Example: struct ContentView: View { @State private var showAlert = false var body: some View { NavigationStack { WebView(URL(string: "https://apple.com")!) .toolbar { ToolbarItem(placement: .topBarTrailing) { Button("Close") { showAlert = true } } } .alert("Confirm close?", isPresented: $showAlert) { Button("Cancel", role: .cancel) {} Button("Close", role: .destructive) {} } } } } I'm using Xcode Version 26.0 beta 7 Thanks for your help.

After upgrading to Safari version 18, we encountered an issue with my extension’s background script not being able to access cookies. Previously, in Safari versions 17 and below, the extension worked as expected. Now, when the extension tries to retrieve cookies using browser.cookies.getAll(), it returns an empty list. However, if we open the extension’s developer tools, the cookies are visible and accessible. It seems that Safari only provides cookie data after the developer tools have been opened. However, after relaunching Safari and launching the extension without opening the developer tools, browser.cookies.getAll() still returns an empty list. Has anyone else experienced this? STEPS TO REPRODUCE Download this minimal app : https://www.icloud.com/iclouddrive/0bajlhnuQaG6T5NsFKXEB0U9Q#test%5Fcookies Compile test_mv2 extension (in test_cookies.getAll.zip). Launch test_mv2.app and activate extension. Click on the extension's button (browserAction). Open the developer tools. Observe an empty list of cookies. Click on the extension's button (browserAction). Cookies are retrieved as expected.

Hi, I was implementing Apple pay button by checking active wallet and at least one cards active. I am using applePayCapabilities as per DOCS but i am still getting the same type of response with apple pay wallet enabled and without apple pay wallet enabled on different devices as Loading the Apple Pay SDK: script.src = "https://applepay.cdn-apple.com/jsapi/1.latest/apple-pay-sdk.js"; script.crossOrigin = "anonymous"; document.head.appendChild(script); script.onload = function() { console.log("Apple Pay SDK loaded successfully"); // Initialize Apple Pay or perform actions that require the SDK here }; script.onerror = function() { console.error("Error loading Apple Pay SDK"); }; Calling applePayCapabilities method: window.ApplePaySession.applePayCapabilities("merchant.com.example").then(r => console.log(r)) Output: {paymentCredentialStatus: "paymentCredentialsAvailable"} Image attachments of applePayCapabilities: Devices Config Used:- Chip - Apple M3 Pro macOs - Sequoia 15.0.1 memory - 36 GB Safari Version - 18.0.1

There is a display issue when viewing HTML containing ruby tags on Safari for iPad. The layout appears distorted. Steps to reproduce: Preparation: Device: iPad mini (MUQY2J/A) / iPad Air (MM9F3J/A) Open Safari. Access the following URL: https://67440d05c7b448995b6e5619--admirable-muffin-193494.netlify.app/ The text in the left cell overlaps with the text in the right cell. Please refer to the attached file: Notes: This issue does not occur when ruby tags are absent. The same issue occurs in Chrome as well (possibly a WebKit-related problem?).

I am working Web to App flow for my product. Tolink to my app from web service, I define uri scheme from app and use it from my web site. But, when I try to use this scheme from mobile safari web, It sometimes failed with message that uri is invalid. That is weird It failed SOMETIMES not always Even I tried with same url. In my device, there is current version app. Why this happen? How can I resolve this issue?

I have a Net8 Maui WebView app and whenever I use magnifier, it crashes. The magnifier works on iOS18 and lower but crashes on iOS26+ Exception **Type:** CALayerInvalidGeometry **Value:** CALayer position contains NaN: [nan 65]. Layer: <CALayer:0x123e88e40; position = CGPoint (0 0); bounds = CGRect (0 0; 0 48); delegate = <_UIEditMenuListView: 0x116f2f200; frame = (nan 0; 0 48); anchorPoint = (inf, 0); alpha = 0; layer = <CALayer: 0x123e88e40>>; sublayers = (<CALayer: 0x125232df0>, <CALayer: 0x123e88e70>); opaque = YES; allowsGroupOpacity = YES; anchorPoint = CGPoint (inf 0); opacity = 0> Stacktrace __exceptionPreprocess in unknown file [Line null, column null] (Not in app) objc_exception_throw in unknown file [Line null, column null] (Not in app) +[NSException raise:format:] in unknown file [Line null, column null] (Not in app) CA::Layer::set_position in unknown file [Line null, column null] (Not in app) -[CALayer setPosition:] in unknown file [Line null, column null] (Not in app) -[UIView _backing_setPosition:] in unknown file [Line null, column null] (Not in app) -[UIView setCenter:] in unknown file [Line null, column null] (Not in app) -[_UIEditMenuContentPresentation _displayPreparedMenu:titleView:reason:didDismissMenu:configuration:] in unknown file [Line null, column null] (Not in app) __54-[_UIEditMenuContentPresentation _displayMenu:reason:]_block_invoke in unknown file [Line null, column null] (Not in app) -[UIEditMenuInteraction _editMenuPresentation:preparedMenuForDisplay:completion:] in unknown file [Line null, column null] (Not in app) -[_UIEditMenuContentPresentation _displayMenu:reason:] in unknown file [Line null, column null] (Not in app) -[_UIEditMenuContentPresentation displayMenu:configuration:] in unknown file [Line null, column null] (Not in app) __58-[UIEditMenuInteraction presentEditMenuWithConfiguration:]_block_invoke in unknown file [Line null, column null] (Not in app) __80-[UIEditMenuInteraction _prepareMenuAtLocation:configuration:completionHandler:]_block_invoke in unknown file [Line null, column null] (Not in app) __109-[UITextContextMenuInteraction _editMenuInteraction:menuForConfiguration:suggestedActions:completionHandler:]_block_invoke in unknown file [Line null, column null] (Not in app) __107-[UITextContextMenuInteraction _querySelectionCommandsForConfiguration:suggestedActions:completionHandler:]_block_invoke in unknown file [Line null, column null] (Not in app)

Test Scenario: Initial Setup: Register a passkey on Chrome (MacBook) with cross-platform option The passkey syncs to iPhone via iCloud Both devices share same iCloud account Authentication Tests: Chrome on MacBook: Using hybrid transport (QR code with iPhone) → PRF output A Using platform authenticator → PRF output B (different) Safari on MacBook: Only uses platform authenticator → PRF output B Expected Behavior: When using same credential ID and salt, PRF output should be consistent across browsers/devices

Whenever I make a safari view controller on XCode26 Beta 5, there appears to be a blurry white overlay overtop the controller. This worked fine in XCode26 Beta 2, with no code differences. Anyone have any suggestions?