with iOs26 it works so so great, that every time i look something up ChatGPT is the first thing to Seach the web for everything about it then, i can read it an it gives a link for me to go to if i wont to further look inti it ,this on I Phone SE 3 Generation ,it has better Siiri to better on the I Phone SE 3rd Generation.

I have a business scenario where I want to guide users to Safari and open a Safari extension. How can I open Safari from my app and navigate to a specific webpage?

Hello! I have a few questions about integrating an OAuth2 API into my Swift application. I am using this API to access user data from the website (users will authenticate themselves within the app). I have seen other apps use this API in the way that I am describing it so I know that it is possible. However, I am not sure how to implement it. Are there any recommended ways to use an OAuth2 API in my application? The API that I am using does not specifically say that it supports PKCE. However, I have heard from some sources that it does. If it does not support PKCE, how do I still create a secure app infrastructure that will pass App Store Review? At a more basic level, what is the difference between OAuth2 and PKCE? What should I use in my app? Are there any resources to learn a little bit more about these protocols so that I understand them better? Thanks!

Title: Content Overlapping Address Bar After Clicking Links in Safari, tested on iPhone 11 (iOS 18.1.1) Description: When browsing in Safari on iPhone (iOS 18.1.1), the one-tab bar (address bar) collapses as expected when scrolling down a page. However, after clicking on a link and loading the next page, the content appears to overlap the collapsed address bar. This results in parts of the content being hidden or obscured by the address bar, which affects the user experience, especially on mobile devices with limited screen space. This issue is reproducible on Next.js applications and can be observed on websites such as rotterdam.nl and halderberge.nl. Steps to Reproduce: Enable the One-Tab Bar: Go to Settings > Safari and enable the one-tab bar feature. Open the website rotterdam.nl or halderberge.nl in Safari on an iPhone 11 (iOS 18.1.1). Scroll down the page so that the top address bar collapses. Click on any link on the page to load a new one. Once the new page loads, observe that the content appears on top of the collapsed address bar, causing parts of the content to be hidden or obscured. Expected Result: The content should not overlap or be hidden behind the collapsed address bar after the page reloads. The layout should adjust properly without interference from the address bar, providing a smooth user experience. Actual Result: When the new page loads, the content overlaps or appears on top of the collapsed address bar, causing parts of the content to be hidden or obscured. Device(s) Affected: iPhone 11 running iOS 18.1.1. OS Version: iOS 18.1.1 Technical Notes: To address this issue, the following solutions have been attempted with no success: Viewport Meta Tag: <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" /> This was added to help ensure proper layout on mobile devices, but did not resolve the issue. CSS Safe Area Insets: body { padding-top: env(safe-area-inset-top); } This CSS rule was applied to account for the safe area and prevent content from being hidden under the address bar, but it did not solve the overlapping issue. Scroll Position Adjustment (for scroll-to-top button): Adjusting the scroll behavior by changing the scroll position to {top: 1} instead of {top: 0} was a successful workaround to keep the address bar collapsed when clicking the "scroll to top" button. However, this did not resolve the issue when navigating between pages or changing routes, where the content still overlaps the collapsed address bar.

I want to confirm the specifications and behavior of Safari. We have a system built on Microsoft Azure that uses Azure AD B2C for authentication. When we logging in, there is a phone authentication feature where a call is made to the registered phone number. However, this phone authentication does not work properly only on iPhone's Safari. The specific situation is listed below: When performing phone authentication on iPhone's Safari, a call is made from Azure AD B2C, and pressing the # button on the Safari screen can be done. But then, it transitions to an error screen. We tried multiple iPhone devices and multiple iOS versions, but the result was the same. But when accessing the system on a PC, and performing phone authentication, it works without any errors. Also when we use browsers other than Safari (for example, Google Chrome and Firefox) on the iPhone, the phone authentication works without any errors, too. Even with Safari, if the device displaying the login screen and the device making the call are different, phone authentication works without any errors, too.(it fails if they are the same device). We reached out Microsoft about this issue, and they responded that: The Azure resource called FrontDoor at the front end of Azure AD B2C supports the HTTP/2 protocol, and HTTP/2 protocol is used in communication with Safari. In Safari's HTTP/2 communication, when a call is received while the screen is displayed, a reset packet is sent to the web server (in this case, the web server is FrontDoor). This interrupts the session, causing a session termination error on the Azure AD B2C side, and phone authentication fails. Therefore, we would like to ask you the following two points: In HTTP/2 communication, does the Safari browser send a reset packet to the web server when it receives a phone call? If so, what is the cause of this behavior? And are there any measures to prevent the reset packet from being sent?

Hi, we are experiencing a strange issue with our Web App. Our web app runs entirely on the same domain , and we are making several AJAX requests to the same server. The Error occurs only on Iphones, the app works completely fine on androids and computers. Most of the requests work fine, but suddenly, one specific request always fails with the following error: XMLHttpRequest cannot load https://demo2.artios.cz/app37g/v105/php/endpoint.php due to access control checks What we have checked so far: ✅ CORS headers seem correct. Also we operate entirely on the same domain, client and server. ✅ The same request works fine in computer and android devices. ✅ The issue occurs only on iPhone (tested on Chrome and Safari). ✅ Some requests to the same endpoint pass, but suddenly, this specific request always fails. ✅ There is no OPTIONS preflight request logged in the network tab, but we use only simple requests. ✅ We are making a POST request with multipart/form-data. What is Your advice, or where I can find more info about this error? We do not think the CORS is the problem. We have tried to inspect with WebInspector but with no relevant answers. Thank You very much!

Hi all, I need to detect if my web application (pure HTML / Javascript) is opened from: Safari from a Mac Safari from an iPad but by asking for the desktop version I tried to check for many properties (including the navigator.useragent) but no difference were visible. Anyone could help me? Thank you

In the Safari browser on mobile devices, the tags in an HTML element are styled with the system's default styles. I want the text inside the tags to be displayed without line breaks. However, in reality, the text wraps according to its length. May I ask if there are any methods to achieve this? (ps: CSS-related properties such as white-space: nowrap do not work.)

Problem Safari requires tabindex="0" for keyboard access to scrollable containers. Chrome (v130+) and Firefox (v4+) handle this automatically. Current Behavior Chrome/Firefox: Scrollable div with overflow: auto → automatically keyboard-accessible (Tab to focus, Arrow keys to scroll) Safari: Same element → NOT keyboard-accessible unless: Add tabindex="0", OR Container has focusable children Workaround <div style="overflow-y: auto; height: 300px;" tabindex="0"> <!-- content --> </div> Issue: Adds unnecessary tab stops on Chrome/Firefox where not needed. Request Will Safari support auto-focus for scrollable containers? (matching Chrome/Firefox) If not planned: Any official Apple guide for cross-browser scrollable accessibility? Timeline? If on roadmap, estimated Safari version? Can I subscribe for updates? Use Cases Dropdown menus Modal dialogs Tab panels Data tables Chat interfaces Reference: WCAG 2.1 Keyboard Accessible: https://www.w3.org/WAI/WCAG21/Understanding/keyboard.html Example component: https://www.radix-ui.com/themes/docs/components/scroll-area

Hello, can't find a better Forum and after all this is Apple Support here? Seems starting with iOS 26.2 RC2 our Newsletter is no longer rendered 'responsive' so with unuseable small font. Anybody any suggestion? Or maybe @apple fix the bug? Where would I even start to debug this? I don't have any iphone at hand so i only got screenshots from users. Our where can i contact the actual apple support? correct: invalid:

Hi Apple Devs & WebKit Team, We operate https://excnum.com — a personal website currently under reconstruction. It's HTTPS-secure, hosted on a clean VPS, and now features a simple placeholder page with no active forms, scripts, or external redirects. However, Safari on both iOS and macOS is flagging it as a “deceptive website”, blocking all access. This warning appears even though: The site uses a valid SSL certificate via Cloudflare There are no redirects, tracking scripts, or dynamic code We serve a static landing page (“under maintenance”) with zero interaction No malware, phishing, or obfuscation exists — verified with multiple tools A review request has already been submitted at: https://websitereview.apple.com We believe the site may have been blacklisted previously under past ownership or prior configurations. It has since been completely restructured and cleared, but the Safari warning persists. This false flag is harming visibility and trust for an otherwise neutral website. Any advice on how to expedite re-evaluation or request a manual delisting from the deceptive site list would be much appreciated. Thank you! — Alex Admin, EXCNUM.COM

How can i add Authorization header to a wkwebview. I checked https://developer.apple.com/documentation/foundation/nsurlrequest#1776617 which says Authorization header is a reserved http header and shouldn’t be set. I want to set it when requesting a url to the server which will be used for verification. How can i do that?

We have a Safari extension that's been up on the App Store for about 18 months with no apparent issues. This week, however, while working on an update, we uninstalled the production version on our test machines and installed a developer version. When we had some issues, we tried to go back to the production version downloaded from the App Store, but we get an pop saying "Unable to download App." In the log, the most obviously relevant error is 'Operation not permitted'. This occurs on several machines and different logins on those machines in both norma and safe modes. However, on another machine that never had one installed, we could still install the app from the app store, so I suspect there is something left behind that needs to be removed, but I don't know what. FWIW, I see the download directory getting created under /Applications, but it is promptly removed when the failure popup appears. Any suggestions?

Hi! My team and I are developing an education platform. One of our features is a auto-play flashcard feature where users can listen to their flashcards hands free. We are having an issue where the autoplay wont work for users with iPhone's. I think the rule is that user's are supposed to give consent to the auto-play. We do make the user hit play before it starts so that should be the "constent" but it's still not working. Anyone have ideas?

Push Notification Issue in iOS PWA App We’ve been trying to implement push notifications in our iOS app, which is a wrapper around a Vite PWA built using PWA Builder. Here's a detailed overview of the issues we’re facing: Problem Summary We originally had a working Vite PWA and used Firebase Cloud Messaging (FCM) for push notifications. When converting this PWA to an iOS app using PWA Builder: The notification permission prompt did not behave as expected in Safari. Even after requesting permission via a user gesture (e.g., button press), FCM token was not received. On Safari (both Mac and Windows), permission sometimes works, but the token isn’t saved until Safari is closed and reopened. In the iOS PWA app, the FCM token never gets retrieved. We tried the same process on Chrome, and everything works flawlessly there. What We’ve Tried Wrapped the permission request and FCM token logic in a user gesture (e.g., button click), as recommended. Confirmed our manifest includes all necessary fields (see below). Tested across macOS, Windows, Safari (desktop), and the iOS app. Manifest.json { "name": "Periscopio", "short_name": "Periscopio", "start_url": "/", "display": "standalone", "background_color": "#f2f2f2", "lang": "en", "scope": "/", "description": "Facilitates the collection of primary data for market research purposes.", "icons": [ { "src": "/android-chrome-192x192.png", "sizes": "192x192", "type": "image/png", "purpose": "any" }, { "src": "/android-chrome-512x512.png", "sizes": "512x512", "type": "image/png", "purpose": "any" }, { "src": "/maskable_icon_x192.png", "sizes": "192x192", "type": "image/png", "purpose": "maskable" }, { "src": "/maskable_icon_x512.png", "sizes": "512x512", "type": "image/png", "purpose": "maskable" } ], "edge_side_panel": { "preferred_width": 400 }, "display_override": [ "window-controls-overlay", "standalone" ], "theme_color": "#08244c", "orientation": "portrait" } Core Logic (Plain TypeScript) 1. Request Notification Permission + FCM Token async function handleRequestPermission(): Promise<string | null> { try { console.log("Requesting notification permission..."); const permission = await Notification.requestPermission(); console.log("Notification permission result:", permission); if (permission === "denied") { console.error("Notification permission was denied."); return null; } const token = await requestFCMToken(); console.log("FCM Token:", token); if (token) { console.log("Notification setup successful."); return token; } else { console.error("Failed to retrieve FCM token."); return null; } } catch (error) { console.error("Error requesting FCM token:", error); return null; } } 2. FCM Token Logic async function requestFCMToken(): Promise<string | undefined> { try { let permission = Notification.permission; if (permission === "default") { console.log("Requesting notification permission..."); permission = await Notification.requestPermission(); } if (permission === "granted") { console.log("Notification permission granted."); const isSupportedBrowser = await isSupported(); if (!isSupportedBrowser) { console.error("This browser does not support FCM."); return; } const registration = await navigator.serviceWorker.register("/firebase-messaging-sw.js"); console.log("Service Worker registered:", registration); const token = await getToken(cloudMessaging, { vapidKey: "YOUR_PUBLIC_VAPID_KEY_HERE", serviceWorkerRegistration: registration, }); if (token) { console.log("FCM Token:", token); localStorage.setItem("fcmToken", token); return token; } else { console.warn("No registration token available. Request permission to generate one."); return; } } else if (permission === "denied") { console.warn("Permission to notify was denied."); return; } else { console.warn("Notification permission not granted."); return; } } catch (error) { console.error("Error getting FCM token:", error); return; } } Request for Help We’d really appreciate support from anyone who’s successfully implemented FCM push notifications in a Vite PWA wrapped as an iOS app using PWA Builder. Is there something we’re missing about how iOS Safari handles push permissions in PWA mode? Could there be an issue with the service worker or the manifest setup that causes the token not to register? Any Safari-specific quirks to be aware of? Thanks in advance!

0x158c2ce18 - [pageProxyID=33, webPageID=34, PID=883] WebPageProxy::didFailProvisionalLoadForFrame: frameID=4294967298, isMainFrame=1, domain=NSURLErrorDomain, code=-999, isMainFrame=1, willInternallyHandleFailure=0 Error Domain=NSURLErrorDomain Code=-999 "已取消" UserInfo={_NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <9A09D8F8-351D-4BE3-A1F7-0E2E325DC7BA>.<4>, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <9A09D8F8-351D-4BE3-A1F7-0E2E325DC7BA>.<4>" ), NSLocalizedDescription=已取消, _WKRecoveryAttempterErrorKey=<WKReloadFrameErrorRecoveryAttempter: 0x159acf6c0>, networkTaskDescription=LocalDataTask <9A09D8F8-351D-4BE3-A1F7-0E2E325DC7BA>.<4>, NSErrorFailingURLStringKey=https://oamobile.zmmc.com.cn:28385/pages/Reports/ZBReport.aspx?ShowInLegend=true&appid=69b487001fcc11bc30c7344e50768c3c&userid=9784299b-cced-4702-91b0-0476511ba8d2, NSErrorFailingURLKey=https://oamobile.zmmc.com.cn:28385/pages/Reports/ZBReport.aspx?ShowInLegend=true&appid=69b487001fcc11bc30c7344e50768c3c&userid=9784299b-cced-4702-91b0-0476511ba8d2, networkTaskMetricsPrivacyStance=Unknown} Failed to terminate process: Error Domain=com.apple.extensionKit.errorDomain Code=18 "(null)" UserInfo={NSUnderlyingError=0x159bd1830 {Error Domain=RBSRequestErrorDomain Code=3 "No such process found" UserInfo={NSLocalizedFailureReason=No such process found}}} After upgrade to ios 26， if WKWebView load url which did not contain "#" will always ok. but load url contain “#” will cancel when start load, then result in white screen

"We have a multi-tenant EdTech platform serving over 1500 clients, each with a unique domain (e.g., client1.eduapp.com). We use WKWebView in a native shell. Due to WKAppBoundDomains restriction, we can't dynamically list all domains. How can we support dynamic tenants while maintaining cookie persistence" "Can Apple suggest a best practice or alternative approach for apps using WebView/PWA shell architecture across multiple client domains?" Problem: We cannot predefine all 1500 domains in WKAppBoundDomains due to limitations. As a result: Service workers fail to register, breaking PWA functionality Ex: Offline.

After the first installation (out of AppStore) of the extension in the browser, the content script is correctly inserted into the page (twice for some reason) and a message is sent from the root of the content script to the background script, which responds correctly. However, if an event handler is registered within the content script, within which the message is also sent to the background script, it will never reach the background script. window.addEventListener("message", function (event) { // We only accept messages from ourselves if (event.source !== window) { return; } if (event.data.source && event.data.source === appIdentification) { browser.runtime.sendMessage(event.data); } }, false); It does not matter with what delay the event handler is called (i.e. the background script is not asleep). If I refresh the page or close and reopen the browser and reload the page, everything works correctly and the message sent from the event handler is already delivered to the background script. The event handler is used so that the extension code is uniform for all browsers (Chrome, Safari, Edge, Opera, Firefox), i.e. it is not intended to use externally_connectable for sending messages from the webpage directly to the background script, which Safari should support. The expected behavior is that the extension will work even after the first installation, as is the case with other browsers. Procedure: Enter the test website: https://www.mssf.cz/testapp/check_client.aspx Do the initial installation of the extension (could be downloaded from here: https://1drv.ms/f/c/76f4c93826df41a0/Ej5MQX9ctyhHv_P9_t_6uAwB05ET-nzXuMhPeu56nOgkWg?e=cudqRJ) Set a breakpoint in the event handler for "message" within the content script, open the background script and set a breakpoint in the event handler for onMessage Click on the "Validate certificate" button on the page loaded in point 1 Step through the content script to the point where the message is sent to the background script, the breakpoint within the background script is never hit, which is an error, the message should come to the background script

We are currently running a lightweight server within our iOS mobile app to pass a unique device ID via localhost for device-based restrictions. The setup works by binding a user's email to their device ID upon login, and later, when they attempt to log in via a browser, we retrieve this ID by making a request to http://localhost:8086/device-info. However, we're encountering an issue when making this request. Here’s the error message: Error fetching device info: TypeError { } r@webkit-masked-url://hidden/:27:166011 value@webkit-masked-url://hidden/:27:182883 @webkit-masked-url://hidden/:27:184904 We are making this request from an HTTPS website, and we suspect this could be related to mixed-content restrictions. Could you guide us on how to properly make localhost requests over HTTPS, especially in a production environment with the necessary security measures? Any insights or best practices on resolving this issue would be greatly appreciated.

Hello, I have an authentication flow where my app communicates with a backend protected by F5 client certificate validation. The client certificate is distributed via MDM and is available in the device keychain, but not accessible directly from the app. When using ASWebAuthenticationSession (or SFSafariViewController) Safari can successfully pick up and present the certificate during authentication, so that part works fine. However, the backend’s authenticate endpoint only supports a POST request with an Authorization header, whereas ASWebAuthenticationSession only accepts a GET URL when starting the session. My questions are: How is this type of flow typically implemented in iOS? Should the backend provide a GET-based endpoint that redirects into the POST, or is there a recommended iOS pattern (e.g., an intermediate HTML page that does the POST after certificate validation)? Are there Apple guidelines on handling certificate-based auth with ASWebAuthenticationSession when the API requires POST, especially for In-House distributed apps? Any guidance or best practices would be very helpful.