iOS 18.4 introduces the new WKWebExtension API to support extensions in WKWebView. However, for extensions that have migrated to Manifest V3 and use an extension service worker as the background script, it's currently not possible to inspect them through Safari. This is only thing I can see, I don't know how to inspect the details of the "background.js" I'm wondering—has this changed? Is it now possible to inspect extension service workers?

I have multiple web views of the same domain that share the same local storage, as expected. One of them though, is loading a .webarchive file. The web archive is of the same domain, and is loaded using the same base URL. For some reason, in most cases, the local storage is not shared with this web view when loading the web archive, although if I make that same web view load the actual live web page it does share local storage. I say in most cases, because for some users it works as expected, but for a significant portion of users it isn't sharing local storage. I think that the main difference between working and not is iOS version. iOS 17 seems to be able to share the local storage but iOS 18 does not. I can't find anything related in the release notes of iOS 18 versions. There is nothing in the documentation for load(_:mimeType:characterEncodingName:baseURL:), or the header file, that explains anything specific about local storage and webarchive loading. Does anyone know for sure how local storage is handled when a webarchive is loaded into a web view, and did something change with iOS 18 in regards to this?

Hi everyone, I’m working on a web project developed on Adobe Experience Manager (AEM), where we’ve built a custom component that embeds Apple Podcasts episodes using the official iframe provided via https://embed.podcasts.apple.com. Everything works correctly from a rendering point of view, but we are now exploring ways to track user interactions with the embedded player, specifically events such as: start, play, pause, progress milestones (e.g. 25%, 50%, etc.). This data would be used to send analytics events to Adobe Analytics. So far, we haven’t found any documentation or JavaScript API that would allow us to listen to these events. We'd like to ask: Is there any official way to track playback events from an Apple Podcasts iframe? Any information, clarification, or direction would be really appreciated. Thanks in advance! Thanks, Adriana

Hi! I'm working on a web extension for Safari and I need to send messages from the containing application to JavaScript. For this I use the method class func dispatchMessage( withName messageName: String, toExtensionWithIdentifier identifier: String, userInfo: [String : Any]? = nil ) async throws of the SFSafariApplication class. If the site is opened in Safari in normal mode, everything works as expected. However, if the site is "docked", the messages are not transmitted to this "Web App".

Hello I built a WordPress website with a three.js/react front page. On iOS chrome, Android chrome, and desktop chrome all is working well. However, on Safari mobile when the animation loads a downward swipe causes the page to refresh rather than scroll as is intended and working correctly on all the other browsers. Strangely, scroll up works initially and then downward scroll begins to work. I have tried various iterations of overscroll behavior but still cannot aolbe the issue. Any help would be appreciated.

Is there a way to read all URLs of the currently open Safari TabGroup from a Safari Extension? In macOS and iOS

I'm referring to the following: https://developer.apple.com/documentation/automaticassessmentconfiguration I can't find this information anywhere. I'm wondering if I can enable and disable this function in Safari or other browsers on my website.

Hi there, we have found a problem, after switching audio tracks multi times when play the HLS, there will be a few seconds of no sound playing after audio track switching, Is there a solution to this problem?

Is it a specification that the Service Worker doesn’t work in an internal iframe only when the parent page in a WebView is file://? It works in Mobile Safari under the same conditions, and we couldn’t find any specification that says Service Worker-like behavior doesn’t work with this combination. Step to reproduce: We use Vite to develop the application. For the iframe in Webview, Install vite-plugin-pwa with version ^0.20.5 Add VitePWA({...}) to plugins[] array in vite.config.ts Build and preview the app: npm run build && npm run preview. We open a Webview with file:// and then open the iframe with the URL to which we preview the app (We use ngrok to create the URL). Then we open Safari and inspect the Webview but inside the Developer > Service workers tab doesn’t have a registered service worker. For safari, we do the same step 1-3, We open Safari browser with the URL that we have deployed the app (The same URL we used in the iframe in Webview). We go inside the Developer > Service workers tab and it has a registered service worker. Environment: Simulator: IOS 18.2 Safari: MacOS 15.2 Expectation: Safari and the iframe in Webview should have a registered service worker inside the Developer > Service workers.

ios26beta8 mesh不切换

Hi. I'm a developer of Tab Finder (https://apps.apple.com/us/app/tab-finder/id6741719894) My problem is that every time i switch from my first window to a second window, the tabs in the validateToolbarItem() are INcorrect on a first call, but when I switch back from the second window to my main window, the tabs are CORRECT even on a first call. To demonstrate it, i recorded a video: https://youtu.be/RwskzrSJ8u0 To run the same sample extension from the video, you can get the code from this GitHub repo: https://github.com/kopyl/test-tabs-change Its only purpose is to log URLs of an active page of all tabs. The SafariExtensionHandler's code of the sample app is very simple: import SafariServices func printOpenTabsHost(in window: SFSafariWindow) async { let tabs = await window.allTabs() log("Logging tabs for a new window: \(window.hashValue)") for tab in tabs { let page = await tab.activePage() let properties = await page?.properties() let url = properties?.url log(url?.absoluteString ?? "No URL") } } class SafariExtensionViewController: SFSafariExtensionViewController { static let shared = SafariExtensionViewController() } class SafariExtensionHandler: SFSafariExtensionHandler { override func validateToolbarItem(in window: SFSafariWindow, validationHandler: @escaping ((Bool, String) -> Void)) { Task { await printOpenTabsHost(in: window) } validationHandler(true, "") } override func popoverViewController() -> SFSafariExtensionViewController { return SafariExtensionViewController.shared } } Could you please tell if i'm missing something and how to see the actual tabs inside the overridden validateToolbarItem call of the SafariExtensionHandler (or in any other way, I'm okay with any implementation as long as it works).

We are experiencing a problem that seems to be caused by a specification changes for Safari. We would like to discuss how to solve this problem. Sample JavaScript: <html> <head> <script> function jumpPage(code) { document.main.code.value = code; win1=window.open("","win1","toolbar=no,resizable=yes,menubar=no,scrollbars=yes,status=yes,left=0,top=0"); win1.resizeTo(width=screen.availWidth,height=screen.availHeight); document.main.action="details"; document.main.target="win1"; document.main.submit(); } </script> </head> <body> <form name="main" method="post" action="" target=""> <a href="javascript:jumpPage('001')">details</a> <input type="hidden" name="code" value=""> </body> </html> This JavaScript performs the following actions when a link is clicked. Open a window using window.open in JavaScript Submit the above opened window by post method to the target in JavaScript. When this operation is performed, the process in (2) could submit to the target page with “POST” method before iOS18.1, but will transition to the page with“GET”method from iOS18.2 onward. All protocols are http. This problem does not occur if the URL is specified as an IP address, but it does occur if the host name is specified as. Please let me know how to use with“POST”method as in iOS 18.2 or earlier. Best regards,

Hello, I am studying a possible scenario. Let's say I create an App Clip that features a WKWebView. The WKWebView hosts a sort of webapp that uses local storage and IndexDB. When the complete app is installed, are the data persisted so the WKWebView of the complete app finds them as it was reading them before? Are the data transferred by the operating system to a new location but still accessed the same way by the WKWebView (Or even the location is the same because it is the WKWebView special storage)? Or are they wiped out? Thank you in advance Best regards

Steps to Reproduce 1. Create a native UIViewController with a WKWebView, loading test-1.html (contains position:fixed header that displays correctly). 2. Push another UIViewController also with a WKWebView, this time loading test-2.html. 3. In test-2.html, tap into the to summon the on-screen keyboard. 4. Without calling blur(), perform an interactive swipe-back gesture to go back to the first view controller. 5. Observe that the fixed header in test-1.html is now offset downward by approximately the height of the keyboard and does not return to its original position. demo-link : https://bugs.webkit.org/attachment.cgi?id=476324

Hi everyone, I'm facing an issue with accessing device orientation and motion events in Safari on my iPhone (iOS 18). Despite trying several guides and solutions, I cannot find the option to allow access to motion and orientation for websites in the browser settings. I’ve checked privacy settings, and the device is up to date. Can anyone guide me on how to enable this feature in Safari or share any workarounds? Thanks in advance!

When we embed some of the youtube videos are unable to load in the Mobile app but at the same time it works in Website. I need to allow it in both places. I have tried both embed and native sdk for youtube in iOS.

Hi, we are experiencing a strange issue with our Web App. Our web app runs entirely on the same domain , and we are making several AJAX requests to the same server. The Error occurs only on Iphones, the app works completely fine on androids and computers. Most of the requests work fine, but suddenly, one specific request always fails with the following error: XMLHttpRequest cannot load https://demo2.artios.cz/app37g/v105/php/endpoint.php due to access control checks What we have checked so far: ✅ CORS headers seem correct. Also we operate entirely on the same domain, client and server. ✅ The same request works fine in computer and android devices. ✅ The issue occurs only on iPhone (tested on Chrome and Safari). ✅ Some requests to the same endpoint pass, but suddenly, this specific request always fails. ✅ There is no OPTIONS preflight request logged in the network tab, but we use only simple requests. ✅ We are making a POST request with multipart/form-data. What is Your advice, or where I can find more info about this error? We do not think the CORS is the problem. We have tried to inspect with WebInspector but with no relevant answers. Thank You very much!

I have a website that has been built in Wordpress and hosted on wordpress engine. In testing now and on the i phone with safari browser it keeps crashing after short time 2/3 minutes, content does not display properly pages go blank etc. Has anyone experienced this /have a solution? Thanks

I'm running apache with following configuration. /cc require TLS client certificate / not require TLS client certificate Starting with ios 18.4, accessing /cc after / fails with following error: AH02261: Re-negotiation handshake failed, referer: https://www.example.com/... SSL Library Error: error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate -- No CAs known to server for verification? It seems like ios 18.4 does not support TLS re-negotiation. (It worked with ios 18.3 and before) Is this an expected behavior or a bug?

We are currently implementing the payment flow, and for handling payment details — including card entry and validation — we are utilizing a WKWebView. The webview securely loads the payment provider’s page, ensuring sensitive information such as card numbers are entered and validated directly within the web context. I’d like to clarify that this change has not yet been released to Production. As part of a feature enhancement to our existing payment flow, we are transitioning to a new payment vendor, SnapPay. While trying to load the SnapPay URL embedded within an iFrame in our iOS app, I observed the following error in the Xcode console. While this error may be generic, I wanted to highlight it: 825a18 - [pageProxyID=7, webPageID=8, PID=67346] WebPageProxy::didFailLoadForFrame: frameID=24, isMainFrame=0, domain=NSURLErrorDomain, code=-999 Upon investigating, we compared the headers from our existing payment URL and SnapPay's URL, and found that SnapPay includes the following Content-Security-Policy (CSP) header: Content-Security-Policy: frame-ancestors ... "Content-Security-Policy" value="default-src 'self'; script-src 'self' https://hcaptcha.com https://.hcaptcha.com https://code.jquery.com https://www.gstatic.com https://code.jquery.com/jquery-3.3.1.min.js https://test.lightbox.cardx.com/v1/lightbox.min.js https://www.ssa.gov/accessibility/andi/ https://c.evidon.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://hcaptcha.com https://.hcaptcha.com https://fonts.googleapis.com/css https://stage.snappayglobal.com/Resource/ https://www.ssa.gov/accessibility/andi/andi.css 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' *.googleapis.com *.gstatic.com ; connect-src 'self' https://demo1.cditechnology.com https:; form-action https://hcaptcha.com https: 'self' *.ipg-online.com secure.bluepay.com https://test.api.lightbox.cardx.com https://3ds-acs.test.modirum.com/ https://demo1.cditechnology.com/; frame-ancestors https://snappaydirect-perf.fiserv.com 'self' file: https: http; frame-src .snappayglobal.com 'self' https://hcaptcha.com https://.hcaptcha.com https: https://www.google.com .ipg-online.com secure.bluepay.com https://.cardconnect.com https://test.api.lightbox.cardx.com/ https://test.lightbox.cardx.com https://paywithcardx.com/payment/auth.cgi securepayments.cardpointe.com *.cardpointe.com https://3ds-acs.test.modirum.com/ https://www.yokohamatire.com http://uat1-txt.ad.portal.texas.gov https://uat1-txt.ad.portal.texas.gov " After multiple working sessions with the SnapPay team, we were able to confirm that when they disable CSP or remove the frame-ancestors directive, the iFrame loads successfully within our app. However, SnapPay cannot change on their CSP. To enable the iFrame to load in the iOS app, we added the following line of code: webView.configuration.preferences.setValue(true, forKey: "allowFileAccessFromFileURLs"). This resolved the issue with loading the iFrame. Note: the file being loaded is a local .html file,. Before submitting this update to the App Store, I’d like to confirm whether this usage of allowFileAccessFromFileURLs is acceptable for App Store review. I wanted to confirm that with this change is there a security concern for WKWebview?