Hello, I am developing Safari Content Blocker extension and discovered that it frequently fails to load with large amount of rules. Currently I have over 45k and most of the time when I reload the extension on iOS 18 (iPhone 12) it ends with error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.SafariServices.ContentBlockerLoader" UserInfo={NSDebugDescription=connection to service named com.apple.SafariServices.ContentBlockerLoader} #0 And the simpler message is just: Couldn’t communicate with a helper application. From what I managed to find (for example here - https://developer.apple.com/forums/thread/756931) the limit for blocking rules should be 150k items. It was previously 50k but got increased years ago. Is there anything special I need to do to get the extension to work reliably with say 100k items? I am usng the JSON format from the docs: { "trigger": { ... }, "action": { ... } }, { "trigger": { ... }, "action": { ... } } ] My trigger is url-filter and the action is type: block I was thinking about providing multiple JSON files in attachments property of NSExtensionItem but apparently that is not supported. Thanks for help!

I have a Safari App Extension which allows users to switch between last open tabs with a shortcut option+tab in the same way it's possible to switch between last open apps with command+tab. Here is how i do it: I inject a content script on all websites which has the only thing – key listener for option+tab presses. When a user presses option+tab, that keyboard listener detects it and sends a message to the Safari Handler. Then Safari Handler sends a message to the containing app and it shows a panel with last open tabs. This approach has a problem: it shows a message to a user in settings: "Can read sensitive info from web pages, including passwords..." Which is bad, because in reality i don't read passwords. If i remove SFSafariContentScript key in the Safari App Extension target's Info.plist, then this message about reading sensitive data disappears, but then i loose the ability to open the tabs panel. How can I open my app window with a shortcut without frightening a user? It's possible to listen to global key presses, but that would require a user to grant the app permissions of Accessibility (Privacy & Security) in macOS system settings, which also sounds shady. I know an app which does not require an Accessibility permission: https://apps.apple.com/ua/app/tabback-lite/id6469582909 and at the same time it does not tell a user about reading sensitive data in the extension settings. Here is my app: https://apps.apple.com/ua/app/tab-finder/id6741719894 It's open-source: https://github.com/kopyl/safari-tab-switcher

I’m encountering an issue with a Safari extension bundled with our main application (F-Secure). The extension is not appearing consistently in Safari settings on a customer’s iPad running iOS 18.3. Below are the details of the issue: Issue Description The Safari extension is bundled with the main app (F-Secure). After installing the app, the extension should automatically appear in Settings > Safari > Extensions, where the user can enable it. On the customer’s iPad, the extension is missing from the Safari settings. It briefly appeared once but then disappeared again.

Hello, We’ve been using the CesiumJS WebGL library for several years, both on our website and within embedded WebViews in our iOS application. Since upgrading to iOS versions 18.2 and 18.3, we’ve started receiving numerous user complaints regarding application crashes on various iPad and iPhone models when loading CesiumJS. The crashes occur as soon as the 3D view initializes, and the error consistently reported is: "WebGL context lost" This issue appears to be a WebGL-related crash potentially triggered by GPU memory handling or allocation limits. However, we are not detecting any abnormal memory consumption prior to the crash, and the same setup works perfect on older iOS versions and on all Android devices and versions. Steps to Reproduce: Open: https://www.flightradar24.com/30.47,-94.84/8 Click on any aircraft icon on the map. In the aircraft details panel at the bottom, click on the “3D view” tab. On iOS 18.2 or 18.3, the page will crash shortly after initializing CesiumJS WebGL. Affected Devices: This issue is occurring across a wide range of devices, including: iPad 9th Generation iPad Pro (11-inch, 2nd Gen) iPhone SE (2020 and 2022) iPhone 11, 11 Pro iPhone XR iPhone Mini All of the above are running iOS 18.2 or 18.3. The problem does not occur on Android or previous iOS versions. Request: Has anyone else encountered similar issues with WebGL context loss after upgrading to iOS 18.2 or 18.3? Are there any known changes in memory limits or WebGL behavior in these recent iOS updates? We’d appreciate any insight or suggestions on workarounds or potential fixes. Thank you!

We’re encountering an issue when trying to add non-standard headers to outgoing requests using Declarative Net Request (DNR) rules in our Safari Web Extension. Tested on macOS 15.4 with Safari 18.4. Specifically, when attempting to add a custom header such as "X-Custom-Header" using a DNR rule, the header does not appear in the request. We are able to add standard headers like "Authorization" and "Cookie" to the request successfully using the same method. This behavior suggests that Safari may be filtering or blocking non-standard headers when set via DNR rules, unlike other browsers. In Chrome and Firefox, the same rule adds the "X-Custom-Header" header without any issue. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

Can someone please help me: I do not have the brain space (85yo) to figure out an Apple Script or Java Script app to do this simple task. I have spent a few hours each day, over several days, and have made zero progress on such an apparently simple task. I wish to create an Automator App for the macOS Safari browser that will schedule (via a Calendar Event) the download of the 48hr data behind the hourly Fuel Mix Plot Data from the AEMO Web Site, every Monday, Wednesday, Friday and Sunday. Here is the link to the AEMO web site: AEMO, Energy Systems, Electricity, National Electricity Market (NEM), Data (NEM),Data Dashboard https://www.aemo.com.au/energy-systems/electricity/national-electricity-market-nem/data-nem/data-dashboard-nem The 48 hour hourly Fuel Mix data is found by selecting the "Fuel Mix" button (which by default will display the NEM Current Trend). The 48 hour trend is displayed by tapping on the small "Current" pulldown menu, and selecting "48 hrs". The 48hr Data is down loaded by selecting the small circular button just to the right of the pulldown menu. a) AEMO Web Site: https://www.aemo.com.au/energy-systems/electricity/national-electricity-market-nem/data-nem/data-dashboard-nem b) Main Menu, and underlying html, c) Fuel Mix menu, Pulldown list, DownLoad button, and underlying html, I am familiar with C++ and have built Xcode Apps, and used Excel Macros extensively in the past. Thank you. Robert.

Whenever I make a safari view controller on XCode26 Beta 5, there appears to be a blurry white overlay overtop the controller. This worked fine in XCode26 Beta 2, with no code differences. Anyone have any suggestions?

Does webkit have a way to display a smart banner for a home screen web app similar to how a smart banner can be displayed for native apps? I recently noticed (10/23) that Twitter showed a smart banner encouraging Home Screen web app on my Mac running Sonoma. How is this done?

Hi! We are having a hard time with the universal link, help is appreciated! Thanks in advance! The universal link doesn't work after installation for some time. A user has to wait for from 5 to a couple of hours after the app is installed on the device. This has also affected App reviewers since we need the universal link to work for successful login. Each submission will receive a rejection of we cannot login and it will be approved until we kindly ask them to try again. I believe the JSON is delivered to devices by Apple's CDN system and the fact that it works on most devices most of the time should imply that we have a valid apple-app-site-association setup. So I am really confused about the wait time, which is giving us trouble with app review and a bad user experience

Hello, I’m encountering a problem with WebSocket connections in Safari on iOS 18.1 and later when initiated from an iframe. The same implementation works perfectly in other browsers like Chrome but fails in Safari. In Safari, the WebSocket connection fails with error message "WebSocket connection to 'wss://MY_CONNECTION_URL' failed: The internet connection appears to be offline." Has anyone else faced this? Is this a known limitation or bug in Safari? Any workarounds or solutions would be greatly appreciated. Thank you!

Hi Apple Team, Can we use SFSafariViewController to launch a 3rd party passkey authentication experience from a native iOS app? Regards

Hi folks, When doing HLS v6 live streaming with fmp4 chunks we noticed that when the encoder timestamps slightly drift and a #EXT-X-DISCONTINUITY tag is created in either the audio or video playlist (in an ABR setup), the tag is not correctly handled by the player leading to a broken playback containing black screen or no audio (depending on which playlist the tag is printed in). We noticed that this is often true when the number of tags is odd between the playlists (eg. the audio playlist contains 1 tag and the video contains 2 tags will result in a black screen with audio). By using the same "broken" source but using Shaka player instead won't break the playback at all. Are there any possible fix (or upcoming) for AV Player?

I want use the Safari Extension to decorate the window.fetch function, But No matter how I try, I can't get the fetch function to execute correctly. I was going through the documentation: https://developer.apple.com/documentation/safariservices/using-injected-style-sheets-and-scripts and found this sentence: "Injected scripts have an implied namespace — you don’t have to worry about your variable or function names conflicting with those of the website author, nor can a website author call functions in your extension. In other words, injected scripts and scripts that you include in the webpage run in isolated worlds, with no access to each other’s functions or data." Does this mean I can't modify the window object in the content script just like a Chrome extension does with the webpage? BTW, In chrome I use chrome.scripting.executeScript API, and in plasmo I just use world: "MAIN" content script's config to achieved this feature.

When using iOS VoiceOver to navigate a webpage, selecting a element correctly activates the :focus-visible state. However, when VoiceOver moves to a non-button element (such as a or ), the previously focused button retains its :focus-visible state. The focus indicator only updates when VoiceOver moves to another . This behavior can be confusing for screen reader users, as it creates the appearance of multiple elements being focused simultaneously. It also differs from expected keyboard navigation behavior, where focus styles typically update as soon as the user moves to a new interactive element. Is this an intentional VoiceOver behavior, or could this be a bug? If intentional, is there a recommended workaround to ensure correct focus indication when moving between different types of elements? Steps to Reproduce: Enable VoiceOver on an iOS device. Navigate using swipe gestures or explore-by-touch to focus on a . Observe that the button correctly receives the :focus-visible styling. Move to a non-button element (e.g., a with tabindex="0" or an ). Notice that the button still retains its :focus-visible state, even though VoiceOver has moved to a new element. Expected Behavior: The previously focused should lose its :focus-visible state when VoiceOver moves to a different interactive element, just as it does when using keyboard navigation. Actual Behavior: The :focus-visible state remains on the previously focused button unless VoiceOver moves to another . This can create confusion by displaying multiple focus indicators at once. Tested On: iOS 17.7, 18.3.1 iOS Safari iPhone 11 Pro, iPhone 14 Pro Max

I'm posting a question here as I have encountered an issue while seeking help from engineers in the thread. thread773837 If the "Not Secure Connection Warnings" is enabled in Settings > App > Safari, are HTTP connections not allowed under any circumstances? I also posted a question about NSAllowsLocalNetworking not being applied, and I was informed that ATS (App Transport Security) is not related to SFSafariViewController. If that's the case, what feature causes the error "Safari cannot open the page. Error: Failed to navigate to an HTTP URL with HTTPS-only mode enabled"? I am currently working to resolve this issue.

In a project to create a web extension for Safari, using scripting.registerContentScript() API to inject a bunch of scripts into web pages, I needed to manage a dynamic whitelist (i.e., web pages where the scripts should not be injected). Fortunately, scripting.registerContentScripts() gives you the option of defining a list of web pages to be considered as a whitelist, using the excludeMatches parameter in the directive, to represent an array of pages where the script should not be injected. Here just a sample of what I mean: const matches = ['*://*/*']; const excludeMatches = ['*://*.example.com/*']; const directive = { id: 'injected-jstest', js: ['injectedscript.js'], matches: matches, excludeMatches: excludeMatches, persistAcrossSessions: false, runAt: 'document_start' }; await browser.scripting.registerContentScripts([directive]) .catch(reason => { console.log("[SW] >>> inject script error:",reason); }); Of course, the whitelist (the excludeMatches array) is not static, but varies over time according to the needs of the moment. Everything works perfectly in Chromium browsers (Chrome, Edge, ...) and Firefox, but fails miserably in Safari. In fact, Safari seems to completely ignore the excludeMatches parameter and injects the script even where it should not. Has anyone had the same problem and solved it somehow? NOTE : To test the correctness and capabilities of the API in each browser, I created a simple repository on Github with the extension code for Chromium, Firefox and Safari (XCode project).

I want to migrate from a Safari App Extension to a Safari Web Extension, but don't know how to get rid of the message, telling users that my extension can access their passwords. Here is a message which I see: I was thinking that this might be because all Safari Web Extension get this type of access, but I have a Safari Web Extension which does not require such level of access: Here is the manifest: { "manifest_version": 2, "default_locale": "en", "name": "__MSG_extension_name__", "description": "__MSG_extension_description__", "version": "1.1", "icons": { "48": "images/icon-48.png" }, "background": { "scripts": [ "background.js" ], "persistent": true }, "browser_action": { "default_popup": "popup.html", "default_icon": { "16": "images/toolbar-icon-16.png" } }, "permissions": [ "nativeMessaging", "tabs" ] } and here is the Info.plist file: Here is the entire code of the extension: https://github.com/kopyl/web-extension-simplified

I am trying to build and run a Safari Web Extension from Xcode and I have enabled "Allow unsigned extensions" in Safari settings. However, I see the below pop up: And, if click on the "Quit and Open Safari Extensions Preferences..." button, the project stops running on Xcode and nothing happens. What can be the issue? The extension works and runs fine if I get it from the Mac App Store and this only happens when running from Xcode. I even tried completely uninstalling the mac app store version and still facing the same issue.

Please update Accessibility OS Settings for VoiceOver in iPhone iOS and iPadOS to include frames on the Rotor, and to make web navigation and component gestures easier to find and assign. Please add content to the iPhone and iPad Apple User Guide to use VoiceOver in web navigation with touch gestures. Specifically... iframes. There is no clear guidance in Apple documentation for VoiceOver users in iPhone or iPadOS to access iframes with touch gestures. A common belief as written on AppleVis, other blogs, and internet searches is that iframes in Safari or a webView in an app are only available with explore by touch. If explore by touch is the only option for some interactions, that needs to be included in Apple User Guides. If not, details on equivalent touch gestures for VO that have keyboard interactions in Mac need to be clear for users. VoiceOver for Mac includes a default keyboard interaction of VO-Command-F in its extensive User Guide (https://support.apple.com/guide/voiceover/by-images-or-frames-mchlp2740/mac). A user can include a rotor option for web navigation for iframes. VoiceOver for iPhone and iPad does not include a default swipe gesture assigned to frames. An option is not available for the Rotor. While there is iPhone User Guide guidance that gestures can be customized (https://support.apple.com/guide/iphone/customize-gestures-and-keyboard-shortcuts-iph59a8e6fd2/18.0/ios/18.0), it is not clear that for adding this gesture, "Move to the next frame" is tucked into the advanced navigation commands for VoiceOver Accessibility Settings in the OS. At least in my phone, the word "frame" was not searchable despite the All Commands screen using a search bar.

After updating to iOS 18.4, our web application (with service workers) crashes on devices that accessed it prior to the update. This issue also affects hybrid mobile apps using the same web application; reinstalling the app resolves it by refetching and reinstalling service workers. Debugging is challenging because clearing the cache or reinstalling the app fixes the problem, and no useful error logs are available. Has anyone encountered similar crashes related to service workers after an iOS update and have any insights into the cause?