It seems Safari 18's fetch() does not include credentials even credentials: include and safari extension has host_permissions for that domain. Is there anyone has this problem? I try to request in popup.js like this: const response = await fetch( url, { method: 'GET', mode: 'cors', credentials: 'include', referrerPolicy: 'no-referrer', } ); and it does not include the cookie from host_permissions. Those code worked in Safari 17 (macOS Sonoma).

Hi, I am having issue with WebAssembly not able to load wasm file on Safari web extension. It is showing CompileError: Refused to create a WebAssembly object because 'unsafe-eval' or 'wasm-unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'wasm-unsafe-eval'". It was working fine 2 month ago, my original CPS is "script-src 'self' 'unsafe-eval'". But now it is not accepting 'unsafe-eval', I also tried 'wasm-unsafe-eval' did not work. Is there any changes on Safari browser regarding the CSP for WebAssenbly? Please let me know what CPS value will work. Here is the example code on how I load the WebAssembly wasm file. fetch('test_wasm_lib.wasm') .then(response => { if (!response.ok) throw new Error('Network response was not ok'); return response.arrayBuffer(); }) .then(bytes => WebAssembly.instantiate(bytes)) .then(results => { // Use your WebAssembly instance here console.log('load wasm success') }) .catch(error => { console.error('Error loading WASM:', error); });

Hi everyone, I’m working on an app that uses WKWebView. Due to security concerns, our customers want the app to disable copy-paste functionality and similar options (such as Lookup and Share, allowing users to extract text from the app or save it as a file. I was able to disable copy-paste and remove UIMenu options like Lookup and Share. Everything worked fine until the iOS 18.1 beta, which introduced a new menu called Writing Tools (Apple Intelligence) that has its own copy and share buttons I've tried several ways to remove it Remove all UIMenu items using canPerformAction, and it works for all menus but Writing Tools, which still remains override func canPerformAction(_ action: Selector, withSender sender: Any?) -> Bool { return false } Remove it from UIMenuBuilder override func buildMenu(with builder: UIMenuBuilder) { builder.remove(menu: .lookup) builder.remove(menu: .share) } But unfortunately, UIMenuBuilder does not have an identifier for Writing Tools, and it seems like there are no API changes from Xcode 15 to Xcode 16 (https://developer.apple.com/documentation/uikit/uimenu/identifier) It seems like the only way to disable it through MDM configuration (key: allowWritingTools), but we don't use MDM https://developer.apple.com/documentation/devicemanagement/restrictions Environment iOS Version: iOS 18.1 beta4 Device: iPhone 15 Pro App platform: iOS Xcode version: 16.0 MacOS: 15.0 Thank you

Hi, there. I am trying to use ServiceWorker on iPad to retry a request that has a communication error. However, I am having trouble with the process being terminated after 70 seconds. Occurs at least on iPadOS 17.6.1 and 16.3. The following is the service worker code to reproduce the problem: self.addEventListener('fetch', (event) => { if (event.request.url.includes('test.html')) { event.respondWith(longRunFetch()); } }); async function longRunFetch(request) { await new Promise(resolve => setTimeout(resolve, 75000)); return new Response('Fetch completed'); } When this code is executed on an iPad and a request is made to test.html, the service worker stops after about 70 seconds. When it stops, it falls back to the network request and the contents of test.html are displayed. The service worker thread appears to be killed and is unavailable until the browser is restarted. If timeout is set to 65000, 'Fetch completed' is displayed as expected. Why is the process terminated in 70 seconds? Is there any way to continue processing beyond 70 seconds?

After updating Xcode to the latest version we observed that SFSafariViewController is not loading web pages on Xcode 16 Simulator with iOS 18, whenever it is presented the View Controller is empty (does not load any content) and the app freezes, but other screens that use WKWebView are working normally. Also, during tests on physical devices with iOS 18 it seems to work just fine, so it might be just a IDE version problem. Is anyone experiencing the same issue? If so, did anyone find a solution for it?

So recently Intune add support for controlling safari web extension enablement using the new ddm configuration added in Macos 15, but unfortunately I can't make it work no matter what I try. On the destination machine I see the that a user declaration for safari extension has been created, but there is not details on which extension they applied and it seems faulty (See attachment) I have 2 questions: Has anyone managed to make it work? Is there a way to test this declaration like I can do with Mobile config by manually load it to the machine? Thank you.

My Safari extension has a WKWebView in the main app and an HTML popup window in Safari. For some reason, both are in dark mode on visionOS, even though the device environment is light and Safari tabs are also showing light mode. Why does this happen, and how can I change it?

I have an issue with web ads not working in Safari versions earlier than 16.4. While debugging Safari Web Ads I found out that I don't get postbacks from versions 16.4 or below from Safari, although there are no technical limitations and the documentation says that web ads should work starting from versions 16.1 https://developer.apple.com/documentation/storekit/skadnetwork/skadnetwork_release_notes/skadnetwork_4_release_notes For ads that appear in an app, the app is built with iOS 16.1 SDK or later. For web ads, the ad appears in Safari 16.1 or later.`` Maybe I missed something and Apple didn't update the documentation, is that normal? Maybe it's related to this release and there was a technical problem with Apple? https://developer.apple.com/documentation/ios-ipados-release-notes/ios-ipados-16_4-release-notes/#SKAdNetwork Has anyone encountered the same problem and how did you fix it? Thanks!

iOS 18 WKWebView images are not loading, no errors in older versions. The example while loading HTML is as follows. A problem occurs when you pull an image from a url. To get a URL image you need a cookie or something. I add them too, but it doesn't work on iOS 18. I get the error "An error occurred trying to load the resource." and a blue question mark on the screen. webView.configuration.websiteDataStore.httpCookieStore.setCookie(cookie) <html> <head> <style> body { font-family: -apple-system; margin: 0; padding: 0; text-align: center; } img { width: 100%; height: auto; } </style> </head> <body> <h1>Resim Görüntüleme</h1> <img src="https://xx.***.xx/example.png"> </body> </html> """

Hai guys, I'm trying to do autofocus on the search input while user clicks the search icon but its not working as expected in iPhone and iPad so go through some blogs and stackoverflow they mentioned the apple has removed the focus() from touchable device for usablity reason is anyone come up with the same issue or having solution for this kindly share. That must be helpful for me.

Dependent fields for multi-select options and dropdown fields are not displaying in Safari, although they work correctly in Chrome and Firefox. Scenario You have a form built with ASP.NET and Razor, where users need to select multiple options from a dropdown list to trigger the display of dependent fields. Multi-Select Dropdown: The form has a multi-select dropdown for choosing different categories (Category A, Category B, etc.). Dependent Fields: Based on the user's selection, certain dependent fields should become visible. For example, if the user selects Category A, an additional input field titled "Details for Category A" should be shown. Expected Behavior (Chrome & Firefox) When the user selects Category A or Category B, the corresponding input fields are displayed dynamically, functioning as expected. Issue in Safari : In Safari, the dependent fields do not show up when a user selects any category. It's as if the JavaScript or the CSS responsible for displaying these fields is not executing correctly. CHROME SAFARI Browser: Safari (Version 18.0 (20619.1.26.31.6)) Operating System: MacOS (sequoia 15.0) Device: MacBook Pro 14 Inch Apple M3 Pro , iPhone 14 iOS 18.0

Hi, I am developing the Click & Read web add-on for Chromium, Firefox and Safari. We use xcrun safari-web-extension-converter tool to generate the Safari add-on. The build on Xcode had no meaning errors/warnings, until we had to switch to a more up-to-date MacBook (required as deprecated Mac had no support for latest macOS and thus for Xcode compatibility !). So now I build my add-on on an Apple M1 MB Air on Sequoia 15.0 with latest Xcode, but I encounter an error ? or warning ? : NSBundle file:///System/Library/PrivateFrameworks/MetalTools.framework/ principal class is nil because all fallbacks have failed Unable to create bundle at URL ((null)): normalized URL null Unable to create bundle at URL ((null)): normalized URL null Unable to create bundle at URL ((null)): normalized URL null But it doesn't prevent the add-on build to complete as I am able to open it onto Safari. Then, when loading the add-on on a test web page, I get this error on safari console: Error: Invalid call to runtime.connect(). No runtime.onConnect listeners found. BTW, the same add-on Dist works as expected on Chrome or Firefox (on macOS). So it seems the runtime listener runtime.onConnect.addListener isn't initiated on Background script... Thanks for your feedback and help

We are using declarativeNetRequest.getMatchedRules() to get the matched rules' URLs. When user switches website in the same tab, it returns URLs which were blocked in the previous website also, within past 5 minutes. Is it possible to fetch getMatchedRules() only for current webpage in the same tab?

I have noticed that storage.local.get API works differently in Safari 18 compare to other browsers and Safari 17. browser.storage.local.set({abc: 123}) browser.storage.local.get(console.log) // {abc: 123} browser.storage.local.get({abc: null}, console.log) // expect {abc: 123} but got undefined instead. According to MDN, storage.local.get should work with an object with object names as keys and the default value as value. According to Safari 18 Release notes, this may be related to a fix: 'Fixed getting an empty key from storage. (99440265) (FB11427769)'.

We used declarativeNetRequest.getMatchedRules() to retrieve the blocked URLs. While we do receive a list, we noticed that the URLs captured do not always reflect the ones the content blocker is actively blocking at that moment. However, upon reloading the same page, the correct URLs appear. Screenshots are attached for your reference. First load: After reload:

I have a homepage with an iframe containing my app LocalStorage, but when opening my app page the LocalStorage is lost. structuration of the page: homepage : domain.com iframe and app : app.domain.com the localstorage is set up directly within the iframe and postmessage between iframe and parent works. We see in the parent page that the LocalStorage for the sub-domain is set but opening the sub-domain on a new window it disappears : The problem is detected On Safari 18 only.

I have noticed that tabs.onRemoved works differently in Safari 18 comparing to other browsers and Safari 17. Open a tab e.g. apple.com Take note of the active tab id using this code: browser.tabs.query({currentWindow: true, active: true}, (x) => console.log(x[0].id)) Add a listener on onRemoved: browser.tabs.onRemoved.addListener(console.log) on the active tab, navigate to e.g. https://developer.mozilla.org Take note of the active tab id again (using the same tabs.query). Expect: there should be no console.log of onRemoved. the active tab id stays the same. Actual: there is a console.log of onRemoved. the active tab id is changed. Please help. If this is a bug introduced in Safari 18, it would break a lot of JS Web extensions.

Hi. I've noticed on both iOS 17 and iPadOS 16 that when an user opens a website in a WKWebview (e.g from Gmail), then requests it to be opened in the external Safari app (through the "compass" icon), their localStorage data is not transferred to the Safari tab. This behaviour breaks web experiences that rely on data being locally stored, e.g auth tokens or user identification data. It effectively stops users from being able to use some websites outside of an in-app context. I am aware of Webkit's tracking prevention mechanisms such as https://webkit.org/tracking-prevention/#partitioned-third-party-localstorage, but I don't think this should apply to this case. Here the user is navigating between two Safari tabs (one internal and one external) on the same domain, exact same URL, by pressing a native Safari webview icon. There is no third-party cross-domain tracking happening. Is this a bug or intended behaviour?

Hi, I had been working on an extension without any issues, running it from Xcode and debugging locally in Safari. However, without making any code changes, and after uninstalling the extension, it stopped appearing in Safari after building for local debugging. Does anyone know what might be happening or how I can clean up the system? Thanks a lot and best regards.

When user opens a new tab and loads a website, the declarativeNetRequest.getMatchedRules() returns nil and on reloading in the same tab it returns the URLs blocked. Is this an expected behaviour?