Reproduction Steps:a. Create a WKWebView instance and set a custom string to customUserAgent.b. Load any web page (e.g., https://example.com).c. Check the User-Agent field in the request headers via packet capture tools or Web Inspector. Expected Result:The custom User-Agent should be appended to the default system identifier (Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15...), instead of being completely overwritten. Actual Result:The User-Agent is fully replaced with: NetworkingExtension/8624.1.16.10.6 Network/5812.102.3 iOS/26.4, and all basic system identifiers are missing. Additional Information: Device: iPhone 16 Pro Max iOS Version: 26.4 (Build 20T5127) WKWebView setup: Directly set using the customUserAgent property Network Extension features are not used in the project, but the NetworkingExtension identifier still appears in the User-Agent

Is this code invalid on a phone running xcode16 iOS18? Class cls = NSClassFromString(@"WKBrowsingContextController"); SEL sel = NSSelectorFromString(@"registerSchemeForCustomProtocol:"); if ([(id)cls respondsToSelector:sel]) { [(id)cls performSelector:sel withObject:@"http"]; [(id)cls performSelector:sel withObject:@"https"]; } }

The title says it all, and I've filed FB FB22353950 that includes an Xcode 26.4 Screen Saver test project, QT movie demonstrating the error, and a PDF with complete steps to build and test. I'm asking here just to learn if this sounds familiar. The SS built on 26.4 fails in 26.4, works fine on 26.3.1. I'll supply the test files if there's interest. Thanks.

Body:
Hi all, I’m seeing a puzzling discrepancy in behavior between NSURLSession (with multipathServiceType = NSURLSessionMultipathServiceTypeInteractive) and WKWebView when the device is connected to a Wi-Fi SSID that has no internet (e.g., a hardware device’s AP). I have the Multipath entitlement properly enabled, and in this scenario: NSURLSession requests automatically fall back to cellular and succeed (no user intervention, fast switch). WKWebView loads fail or stall: the web content does not appear, and it seems like the web view is not using the cellular path even though the system network path becomes satisfied and real Internet reachability is confirmed. Environment: iOS version: (e.g., iOS 18.4) Device: (e.g., iPhone 15 Pro) Multipath entitlement: enabled in the app, using NSURLSessionMultipathServiceTypeInteractive Connected SSID: hardware device Wi-Fi with no external internet Expected fallback: automatic to cellular once the Wi-Fi has no internet, as observed with NSURLSession What I’ve done / observed: NSURLSession using Multipath works as expected:
NSURLSessionConfiguration *cfg = [NSURLSessionConfiguration defaultSessionConfiguration];
cfg.multipathServiceType = NSURLSessionMultipathServiceTypeInteractive;
NSURLSession *session = [NSURLSession sessionWithConfiguration:cfg];
NSURLRequest *req = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://www.apple.com/library/test/success.html"]];
NSURLSessionDataTask *task = [session dataTaskWithRequest:req completionHandler:^(NSData *data, NSURLResponse *resp, NSError *err) {
NSLog(@"NSURLSession result: %@, error: %@", resp, err);
}];
[task resume];
When connected to the device Wi-Fi (no external internet), the session quietly shifts to cellular and completes successfully. WKWebView fails to load under the same conditions:
[self.webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"https://www.apple.com/library/test/success.html"]]];
The web view either shows a load failure or just hangs, even though lower-level monitoring reports that the network path is satisfied and real Internet connectivity is available. Network path monitoring logic: I use the C API nw_path_monitor to watch for nw_path_status_satisfied. Once satisfied is observed, I perform a true connectivity check using nw_connection (e.g., connecting tohttps://www.apple.com/library/test/success.html) to verify that real Internet traffic can flow over cellular. That check passes, confirming fallback to cellular, but WKWebView still does not load content. Meanwhile, NSURLSession requests in the same condition succeed immediately. Sample logging trace:
[+] nw_path_status_satisfied=1, hasWiFi=1, hasCellular=1
[+] Internet connectivity test: ready (via nw_connection)
[-] WKWebView load failed / stalled
[+] NSURLSession request completed successfully Questions: Why does NSURLSession with the multipath service type seamlessly use cellular when the Wi-Fi has no internet, but WKWebView does not exhibit the same fallback behavior? Is WKWebView not honoring the system’s multipath fallback the same way? Does it use a different networking stack or ignore the multipath entitlement in this scenario? Is there a supported way to force WKWebView to behave like NSURLSession here? For example, can I bridge content through a multipath-enabled NSURLSession and inject it into WKWebView via a custom scheme? Are there any WKWebView configuration flags, preferences, or policies that enable the same automatic interface switching? Are there known limitations or documented differences in how WKWebView handles network interface switching, path satisfaction, or multipath compared to raw NSURLSession? What I’ve ruled out / tried: Verified the Multipath entitlement is included and active. Confirmed network path is “satisfied” and that real Internet reachability succeeds before calling [webView loadRequest:]. Delayed the WKWebView load until after connectivity verification. Observed that NSURLSession requests succeed under identical connectivity conditions. Any insight into internal differences, recommended workarounds, or Apple-recommended patterns for making web content robust in a “Wi-Fi with no internet” + automatic fallback-to-cellular scenario would be greatly appreciated. Thank you!

We're handling our universal links (deep links) via our custom router written in express.js. We recently update our .well-known format as per: https://developer.apple.com/documentation/xcode/supporting-associated-domains Our own domain link shows them correctly if we apply cache bust to it: Normal link: https://links.sastaticket.pk/.well-known/apple-app-site-association Cache bust: https://links.sastaticket.pk/.well-known/apple-app-site-association?1 Now, since app-site cache is not updating at: https://app-site-association.cdn-apple.com/a/v1/links.sastaticket.pk Our main domain link is not getting updated response either. Its been more than 72 hours now. Any help, how to push the app-site cache to update? I can provide more context if needed, Thanks

Steps to reproduce: Create a CSS grid with fractional column widths e.g. grid-template-columns: repeat(3, 518.7875px) Set browser zoom to 85% or 115% Observe columns misalign with background-size pattern Expected: Columns render consistently at all zoom levels Actual: Subpixel rounding causes visual misalignment macOS: 13/14/15 inch MacBook

Trying to implement my own forward/back buttons for the new SwiftUI WebView and reading the documentation I’m totally lost. What’s the recommended way of implementing forward/back behavior with this component?

WKWebView has set the option to disable selection ("document. documentElement. style. webkitUserSelect='none ';") and long press ("document. documentElement. style. webkitTouchCallout='none';"). If there is text on one of the images in WebView, simply tap the image twice and then long press the text. The program will crash with the following error message: 0 CoreFoundation 0x185e058c8 __exceptionPreprocess + 164 1 libobjc.A.dylib 0x182d797c4 objc_exception_throw + 88 2 CoreFoundation 0x185e908d4 -[NSException initWithCoder:] + 0 3 QuartzCore 0x18678a874 CA::Layer::set_position(CA::Vec2<double> const&, bool) + 160 4 QuartzCore 0x1869a7270 -[CALayer setPosition:] + 52 5 UIKitCore 0x18c4ac564 -[UIView _backing_setPosition:] + 176 6 UIKitCore 0x18cefdf0c -[UIView setCenter:] + 220 7 UIKitCore 0x18cd9f794 -[_UIEditMenuContentPresentation _displayPreparedMenu:titleView:reason:didDismissMenu:configuration:] + 936 8 UIKitCore 0x18cd9f3c0 __54-[_UIEditMenuContentPresentation _displayMenu:reason:]_block_invoke + 104 9 UIKitCore 0x18ced1060 -[UIEditMenuInteraction _editMenuPresentation:preparedMenuForDisplay:completion:] + 384 10 UIKitCore 0x18cd9f2e4 -[_UIEditMenuContentPresentation _displayMenu:reason:] + 304 11 UIKitCore 0x18cd9f0d8 -[_UIEditMenuContentPresentation displayMenu:configuration:] + 64 12 UIKitCore 0x18ced0344 __58-[UIEditMenuInteraction presentEditMenuWithConfiguration:]_block_invoke + 260 13 UIKitCore 0x18ced1f8c __80-[UIEditMenuInteraction _prepareMenuAtLocation:configuration:completionHandler:]_block_invoke + 80 14 UIKitCore 0x18cc8403c __109-[UITextContextMenuInteraction _editMenuInteraction:menuForConfiguration:suggestedActions:completionHandler:]_block_invoke + 180 15 UIKitCore 0x18cc84584 __107-[UITextContextMenuInteraction _querySelectionCommandsForConfiguration:suggestedActions:completionHandler:]_block_invoke + 148 16 WebKit 0x1a05ae5d4 WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>::operator()(WebKit::DocumentEditingContext&&) + 64 17 WebKit 0x1a05bb468 WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (IPC::Connection*, IPC::Decoder*)> IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::RequestDocumentEditingContext, WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>>(WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Connection*, IPC::Decoder*), void, IPC::Connection*, IPC::Decoder*>::call(IPC::Connection*, IPC::Decoder*) + 196 18 WebKit 0x19fcf5db8 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Connection*, IPC::Decoder*>::call(IPC::Connection*, IPC::Decoder*) + 64 19 WebKit 0x19fce54f0 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 340 20 WebKit 0x19fcf5aa0 IPC::Connection::dispatchIncomingMessages() + 536 Will the official version have this issue?

I'm in the process of supporting Apple Pay through a 2nd payment gateway for some users, so I need to support two separate Apple Pay relationships. Both require their own apple-developer-merchantid-domain-association. I don't see how I can have both files for the one domain. Is this possible? Is there a workaround other than just replacing the old file with the new one and hoping that doesn't disrupt anything. That seems to be the approach taken by others (https://developer.apple.com/forums/thread/695538) but it is too high risk for me without any confirmation from Apple that this is ok. I'd also like to avoid having to setup a 2nd domain for these customers, since the current domain is already quite embedded in their operations.

In a Safari Web Extension using Manifest V3, how can a content script access an HTML file that is bundled with the extension (e.g., to inject it as an iframe)? Safari's CSP seem to prevent the use of browser.runtime.getURL() in the MAIN world — is there a recommended way to load such resources securely?

I'm developing a cross-platform application using Tauri, which uses WebView technology as the GUI renderer. On macOS, it should be using WKWebView. Based on my tests, all applications developed with Tauri can only run at 60fps on macOS and cannot take advantage of ProMotion displays to achieve a 120fps refresh rate, whereas the same application can run at 120fps on other platforms. I have submitted this issue to Tauri on GitHub, and it appears that this cannot be resolved through external settings, but only by modifying the WKWebView code to support higher frame rates. Is there any possible solution to this?

This post is an effort to draw attention to a regression in Tahoe that has a large impact on our app. This bug was filed during seed 3 but remains open: FB18869578: Regression: WebView fails to render fonts registered with CTFontManagerRegisterFontURLs or ATSApplicationFontsPath The gist of it is that WKWebView fails to render text that is styled with a “font-family” that references a font that has been loaded into the app using either the ATSApplicationFontsPath Info.plist key or loaded dynamically with CTFontManagerRegisterFontURLs. The area where the text should be is just blank. There is more detail and a reproducer in the bug referenced above. We really hope this bug can get fixed before GA. If anyone else would like to try and reproduce it, you can download a test case from here: https://e3supportuploads.s3-accelerate.amazonaws.com/8739959ce24de40fa462798a532aaa99fbfc9affba4f2a3e71d397f9e30d2604

After App uses Network.framework PrivacyContext Api, dns has been encrypted, that is good. But when using wkwebview to load web page, wireshark captures normal dns request sent by wkwebview. Does wkwebview use DoH to resolve domain? if can, how to config params? If can not, is there anyway to stop wkwebview sending normal dns, such as local proxy.

Currently, im on MacOS Tahoe 26 Public Beta 2, build number 25A5327h. I just recently updated to this, and now, whenever I open some sites like Amazon, or ChatGPT, it freezes my entire browser and I have to force quit it. I tried deleting the SpeakSelection.plist file which everyone swore worked, but not for me. Is this because the new update messed with resource allocation or did my user data corrupt mid-update and i have to transfer all my stuff to a new user?

//Is my post method correct because google and claude are telling me I must use content type for the json and use .setvalue. I thought that my process was correct because I encode the data to turn into json and then make the request func createTask(_ task: Task) async throws -> Task { if let url = URL(string: "(baseURL)/todos"){ var request = URLRequest(url: url) request.httpMethod = "POST" let encoder = JSONEncoder() do{ let data = try encoder.encode(task) request.httpBody = data let (data, response) = try await URLSession.shared.data(for: request) return task //we want to make encoder and then turn the data into json and put it in body } catch{ throw JSONErrors.encodingFailed } } else{ throw URLError(.badURL) } }

Hello WebKit Team, I’m writing to ask if iOS provides a native way to intercept AJAX (XMLHttpRequest or fetch) calls inside WKWebView. On Android, this is handled via: shouldInterceptRequest(WebView view, WebResourceRequest request) but iOS currently seems to have no equivalent. We’ve tried: WKURLSchemeHandler → works only for custom schemes URLProtocol with WKProcessPool → unreliable for AJAX in WebView JavaScript injection → partial and unofficial Could you please clarify: Is there a recommended native approach to intercept AJAX requests? If not supported, is it planned for future releases? Any official workaround or guidance? This is critical for debugging, analytics, and compliance in hybrid apps.

在 iOS 平台使用 WKWebView 通过file://协议加载本地 HTML 文件时，存储在localStorage中的数据会在 App 后台切换、进程重启后偶尔丢失；但相同代码在安卓 / 鸿蒙平台无此问题。 现在的文档 仅明确了「默认数据存储（defaultDataStore）可将网站数据持久化到磁盘，非持久化存储（nonPersistent）仅存内存」的基础规则； 未提及「file://协议内容即使使用默认持久化存储，也会被归为临时内存存储」这一关键场景限制； 仅在WKURLSchemeHandler关联说明中隐含「自定义 URL 协议可处理 WebKit 原生不支持的 URL 方案」，但未直接关联file://的存储问题。 我找不到如何处理这个问题的官方文档，仅仅有其他的博客说需要增加http/https加载就没有这个问题。 请提供给我官方文档或者官方回复 关于出现这种file:/加载html出现问题的处理办法

My iOS app uses a WKWebView with a WKUIDelegate method (webView:createWebViewWithConfiguration:forNavigationAction:windowFeatures:) to handle popup windows. This works for most cases, but during OAuth flows on certain sites (e.g., canva.com), the popup WKWebView attempts to send results back to the main WKWebView using JavaScript like window.opener.postMessage(...). However, window.opener is always null in the popup, preventing the message from being posted and blocking login completion.I've researched this and found suggestions that it's by design, as WKWebView instances are isolated for security reasons. Has anyone encountered this and found a reliable workaround (e.g., bridging communication between the main and popup WKWebViews without relying on window.opener)?

When creating a passkey with the PRF extension on an iPhone 15 Pro Max using Safari on iOS 18.4.1, PublicKeyCredential.getClientExtensionResults reports true; however there is no hmac-secret extension in the authenticator data as required by WebAuthn Level 3.

As of iOS 26.1, Safari and WebKit views have an issue when rendering the <details> html tag. The disclosure-closed icon / character appears as an emoji arrow ▶️ instead of the unicode character ▸ (U+25B8 - Black Right-Pointing Small Triangle) For example: <details> <summary>Summary</summary> <p>Additional details....</p> </details> This wasn't the case in iOS 26.0 / iOS 18. From what I can observe it seems ▶ (U+25B6 - Black Right-Pointing Triangle) may be used in iOS 26.1 which renders as the emoji ▶️ on iOS (at least as far back as iOS 18). The only workaround I found for the moment is to specify explicit CSS to revert back to using the ▸ (U+25B8 - Black Right-Pointing Small Triangle) details > summary { list-style-type: "▸ "; } details[open] > summary { list-style-type: "▾ "; } Is this expected? I've filed a feedback for this FB20997955. Thanks!