Hi everyone, I’m encountering a critical reliability issue with message passing in my Safari Web Extension on iOS 18.4.1 and iOS 18.5. In my extension, I’m using the standard messaging API. The background script sends a message to the content script using browser.tabs.sendMessage(...), and the content script registers a listener via: browser.runtime.onMessage.addListener(handler); This setup has been working reliably in all prior versions of iOS. However, after updating to iOS 18.4.1 and 18.5, I’ve noticed the following behavior: ✅ The content script is successfully injected, and onMessage.addListener is registered (I see logging confirming this). ✅ The background script sends the message using the correct tabId (also confirmed via logs). ❌ The content script’s onMessage listener is not consistently triggered. ⚠️ This issue is intermittent, sometimes the message is received, sometimes it is silently dropped. ❌ No exceptions or errors are thrown in either script, the message appears to be sent, but not picked up from the content script message listener.

I'm building a macOS extension that needs to track multi-step navigation chains (A → B → C) to adjust behavior based on where users came from. Current approach: Using webNavigation.onBeforeNavigate to detect intermediate steps, but experiencing issues in Safari that don't occur on Chrome/Firefox/Edge. Questions: Is webNavigation the right API for tracking redirect chains in Safari? Does ITP/Private Browsing affect event delivery? Any alternative approaches recommended? (Safari version 26.0.1) Any guidance appreciated!

I’m experiencing a crash in WKWebView on iOS 26 Developer Beta 5 and Beta 6 with the following exception: CALayer position contains NaN: [nan 65] The crash occurs when the following CSS properties are applied to content displayed in WKWebView: -webkit-user-select: none; -webkit-touch-callout: none; This issue happens consistently whenever these styles are set, leading to the crash inside WKWebView. Is this a known bug in the current iOS 26 betas, or is there a recommended workaround?

The passkey authentication dialog appears, and after unlocking with Touch ID, the dialog closes without any notification of success or failure. This issue occurs with high frequency. access to the https://passkeys-demo.appspot.com/ register account and create passkey. logoff access to the url again you can see the passkey dialog unlock device then the dialog disappears nothing happens reload the page proceed 5) to 6) nothing happens or success webauthn.

Hi everyone, I’m encountering a serious reliability issue with message passing in my Safari extension on iOS 18.4.1 and iOS 18.5 In my extension, I use the standard messaging API where the background script sends a message to the content scrip. The content script is listening using: browser.runtime.onMessage.addListener(handler); This setup has been working reliably in previous versions of iOS, but since updating to iOS 18.4.1 and iOS 18.5, I’ve noticed that messages sent from the background script are not consistently received by the content script. From my logs, I can confirm that: The background script is sending the message. The content script’s listener is not always triggered. There are no errors or exceptions logged in either script. It seems as if browser.runtime.onMessage.addListener is either not getting registered in time or failing silently in some instances. This issue is intermittent and does not occur all the time. Has anyone else experienced similar issues in iOS 18.4.1 and 18.5? Are there any known changes or workarounds for ensuring reliable communication between background and content scripts in this version? Any help or insights would be greatly appreciated. Thanks!

(related post: How to optimize my app for for a carrier-provided satellite network? ) I am trying to implement an app so that it works under a carrier-provided satellite network. The app uses (AS)WebAuthenticationSession for signing in. If the app is entitled to access a satellite network, will (AS)WebAuthenticationSession work as well? How about WKWebView and SFSafariViewController? Is there a way to test(simulate) a ultra-constrained network on a device or a simulator to see the expected behavior? Thanks,

We have a SAML-based SSO App Extension that uses WKWebView to load the SAML login request. This implementation has been working correctly on iOS versions prior to 26. However, starting with iOS 26, the extension consistently crashes when calling WKWebView.load(_:). The crash occurs inside WebKit, specifically in: /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp at WebKit::WebPageProxy::loadRequest(...) No app-level exception is thrown, and the extension terminates with: Thread 10: EXC_BREAKPOINT (code=1, subcode=0x1a31dbe00) It appears that WKWebView initialization or WebsiteDataStore creation is now restricted in extension contexts on iOS 26, but this change is not documented in the SDK release notes. Could you please confirm if this is an intentional sandbox restriction in iOS 26 or a regression in WebKit? Steps to reproduce: Implement an App Extension using ASAuthorizationProviderExtensionAuthorizationRequest. Create a WKWebView instance in the extension. Attempt to load a SAML login request (POST request with headers). Observe immediate crash on iOS 26 (works fine on earlier versions). Expected behavior: WKWebView should load the request or fail gracefully as in prior releases, without crashing the extension process. Request: Please clarify if WKWebView usage inside extensions is officially unsupported as of iOS 26, and if so, recommend an alternative approach for handling SSO flows.

Hi there! I'm new to App Development and I'm running into the following error when playing audio on a website loaded through a WKWebView: 0x112000cc0 - ProcessAssertion::acquireSync Failed to acquire RBS assertion 'WebKit Media Playback' for process with PID=70.197, error: Error Domain=RBSServiceErrorDomain Code=1 "(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)" UserInfo={NSLocalizedFailureReason=(originator doesn't have entitlement com.apple.runningboard.assertions.webkit AND originator doesn't have entitlement com.apple.multitasking.systemappassertions)} Looking through this forum, it seems more people have this issue, yet no one has found a solution (or posted it...). The solutions that I did find (Background Modes capability, webView.configuration.allowsInlineMediaPlayback = true), did nothing. To make sure the issue had nothing to do with my own code, I created an empty project to reproduce the issue. I'm not sure on the best way to share it, but it's a small file (forgive me, I have no clue what it does, actually chatGPT made it for me. My real application is a WebApp wrapped with Capacitor, so it handles all the Swift stuff) import SwiftUI import WebKit struct WebView: UIViewRepresentable { let urlString: String func makeUIView(context: Context) -> WKWebView { let webView = WKWebView() webView.configuration.allowsInlineMediaPlayback = true webView.configuration.allowsAirPlayForMediaPlayback = true webView.navigationDelegate = context.coordinator return webView } func updateUIView(_ uiView: WKWebView, context: Context) { if let url = URL(string: urlString) { let request = URLRequest(url: url) uiView.load(request) } } func makeCoordinator() -> Coordinator { Coordinator(self) } class Coordinator: NSObject, WKNavigationDelegate { var parent: WebView init(_ parent: WebView) { self.parent = parent } func webView(_ webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: Error) { print("Web page loading failed: \(error.localizedDescription)") } } } struct WebViewDemo: View { var body: some View { NavigationView { WebView(urlString: "https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_audio_all") .navigationBarTitle("Web View") } } } struct WebView_Previews: PreviewProvider { static var previews: some View { WebViewDemo() } } Nothing special, right? When I build the app and navigate to a website that has an tag (https://www.w3schools.com/html/tryit.asp?filename=tryhtml5_audio_all). I still see the error when I play the audio. It plays nonetheless, but the error is there. I'm not at all interested in actually playing audio in the background/when the app is closed/suspended. I just want the error to go away! I've tried different iOS versions (14,15,16,17), but the problem persists. Anyone know what's happening?

It seems Safari 18's fetch() does not include credentials even credentials: include and safari extension has host_permissions for that domain. Is there anyone has this problem? I try to request in popup.js like this: const response = await fetch( url, { method: 'GET', mode: 'cors', credentials: 'include', referrerPolicy: 'no-referrer', } ); and it does not include the cookie from host_permissions. Those code worked in Safari 17 (macOS Sonoma).

I'm experiencing a Safari Web Extension issue where the non-persistant background script seems to crash after 30 seconds even when the content script is messaging it. Here is a minimal-reproducible example. When running in an emulator, the background script will stay responsive forever. However, when running on a physical device, the background script becomes non-responsive after 30 seconds of activity. It never becomes responsive again until I toggle the extensions enable/disable toggle, after which it stays active for 30 seconds and then crashes again.

We are experiencing an issue with Safari in all versions from 18.0 to 18.5 that does not occur in version 17. It affects both iPhones and Macs. And does not happen in Chrome or Windows. The problem is impacting our customers, and our monitoring tools show a dramatic increase in error volume as more users buy/upgrade to iOS 18. The issue relates to network connectivity that is lost randomly. I can reliably reproduce the issue online in production, as well as on my local development environment. For example our website backoffice has a ping, that has a frequency of X seconds, or when user is doing actions like add to a cart increasing the quantity that requires backend validation with some specific frequency the issue is noticable... To test this I ran a JS code to simulate a ping with a timer that calls a local-dev API (a probe that waits 2s to simulate "work") and delay the next HTTP requests with a dynamic value to simulate network conditions: Note: To even make the issue more clear, I'm using GET with application/json payload to make the request not simple, and require a Pre-flight request, which doubles the issue. (async () => { for (let i = 0; i < 30; i++) { try { console.log(`Request start ${i} ${new Date().toLocaleString()}`); const res = await fetch(`https://api.redated.com:8090/1/*****/probe?`, { method: 'GET', mode: "cors", //headers: {'Content-Type': 'text/plain'}, headers: { 'Content-Type': 'application/json' }, }); console.log(`Request end ${i} ${new Date().toLocaleString()} status:`, res.status); } catch (err) { console.error(`Request ${i} ${new Date().toLocaleString()} error:`, err); } let delta = Math.floor(Math.random() * 10); console.log("wait delta",delta); await new Promise(r => setTimeout(r, 1000 - delta)); } })(); For simplicity lets see a case where it fails 1 time only out of 10 requests. (Adjusting the "delta" var on the time interval create more or less errors...) This are the results: The network connection was lost error, which is false, since this is on my localhost machine, but this happens many times and is very reproducible in local and production online. The dev-tools and network tab shows empty for status error, ip, connection_id etc.. its like the request is being terminated very soon. Later I did a detailed debugging with safari and wireshark to really nail down the network flow of the problem: I will explain what this means: Frame 10824 – 18:52:03.939197: new connection initiated (SYN, ACK, ECE). Frame 10831 – 18:52:04.061531: Client sends payload (preflight request) to the server. Frame 10959 – 18:52:09.207686: Server responds with data to (preflight response) to the client. Frame 10960 – 18:52:09.207856: Client acknowledges (ACK) receipt of the preflight response. Frame 10961 – 18:52:09.212188: Client sends the actual request payload after preflight OK and then server replies with ACK. Frame 11092 – 18:52:14.332951: Server sends the final payload (main request response) to the client. Frame 11093 – 18:52:14.333093: captures the client acknowledging the final server response, which marks the successful completion of the main request. Frame 11146 – 18:52:15.348433: [IMPORTANT] the client attempts to send another new request just one second later, which is extremely close to the keep-alive timeout of 1 second. The last message from the server was at 18:52:14.332951, meaning the connection’s keep-alive timeout is predicted to end around 18:52:15.332951 but it does not. The new request is sent at 18:52:15.348433, just microseconds after the predicted timeout. The request leaves before the client browser knows the connection is closed, but by the time it arrives at the server, the connection is already dead. Frame 11147 – 18:52:15.356910: Shows the server finally sending the FIN,ACK to indicate the connection is closed. This happens slightly later than the predicted time, at microsecond 356910 compared to the expected 332951. The FIN,ACK corresponds to sequence 1193 from the ACK of the last data packet in frame 11093. Conclusions: The root cause is related to network handling issues, when the server runs in a setting of keep-alive behavior and keep-alive timeout (in this case 1s) and network timming issue with Safari reusing a closed connection without retrying. In this situation the browser should retry the request, which is what other browsers do and what Safari did before version 18, since it did not suffer from this issue. This behaviour must differ from previous Safari versions (however i read all the public change logs and could not related the regression change). Also is more pronounced with HTTP/1.1 connections due to how the keep-alive is handled. When the server is configured with a short keep-alive timeout of 1 second, and requests are sent at roughly one-second intervals, such as API pings at fixed intervals or user actions like incrementing a cart quantity that trigger backend calls where the probability of failure is high. This effect is even more apparent when the request uses a preflight with POST because it doubles the chance, although GET requests are also affected. This was a just a test case, but in real production our monitoring tools started to detect a big increment with this network error at scale, many requests per day... which is very disrupting, because user actions are randomly being dropped when the user actions and timming happens to be just near a previous connection, where keep alive timeout kicks-in, but because the browser is not yet notified it re-uses the same connection, but by the time it arrived the server is a dead connection. The safari just does nothing about it, does not even retry, be it a pre-flight or not, it just gives this error. Other browsers don't have this issue. Thanks!

our company created a web safari extension. before iOS 26 (beta) release we would archive our extension and install to our devices no problem. since iOS 26 (beta) (we also tried in beta 4 23A5297m) the extension would archive perfectly but when installing the extension would just not run. its found in settings under safari extension, but when enabled the extension and open safari it will show error message "Ext" is no longer available. to rule out all code issues, we built a new project from scratch with a new bundle id, tried to archive with no problem, but when installed in an iphone 16 with iOS 26 BETA (23A5297m) same error ocurs it installs but when opening safari it will give an error message saying extension is no longer available. attached in the google drive link is a zip file of the new project, a zip file with a succesfull build of the ipa file with enterprise distribute, a video of the entire proccess and the error that the iphone gives. also attached a log file from the iphone that includes the install and the crash of the app. within the logs there is a log saying Error occurred during transaction: The provided identifier "dev.sacal.ext" is invalid. before ios 26 the exact steps worked perfectly. https://drive.google.com/file/d/1PYDOv8IRvRY_ouqiOc0sJdcfh0CHbL72/view?usp=sharing

I am trying to run JavaScript only after the page has loaded, and according to here - https://developer.apple.com/documentation/safariservices/safari_app_extensions/injecting_a_script_into_a_webpage, I should use DOMContentLoaded. However, it does not seem to work. This is my content.js file: function runOnStart() {     document.addEventListener('DOMContentLoaded', function(e) {         document.body.style.background = "rgb(20, 20, 20)";         document.html.style.background = "rgb(20, 20, 20)";                var divElements = document.body.getElementsByTagName('div');         for(var i = 0; i < divElements.length; i++) {             let elem = divElements[i];             elem.style.background = "rgba(255, 255, 255, 0.05)";         }     }); } runOnStart(); If I take the code outside of the event listener, it runs fine, but a lot of the elements haven't loaded in yet so it doesn't work as it should. The function is definitely running, but the event listener simply doesn't work. I appreciate any help you can give!