I wanted to create a public contact card so when my clients click a button on my website it traverses them through the iMessage API and instantly adds a contact card with photo and name as a background task. If there is implications my next question was going to be if there is a possible way to create a public contact card where for example I could redirect a client to iMessage and when starting a new conversation if they type in a name it pops up instead of needing to utilize a phone number? I am trying to explain my thought process as much as possible but I have been typing for hours. In simple terms is there a possibility to create a public contact card that can be accessed or texted by anyone who types in a name into new conversation bar?

I am currently developing a Chrome, Firefox and Safari web extension, and I am facing a CSP issue on the content script on Safari. The extension I develop has a content script that injects an img tag in the DOM of web pages the user is visiting. That img tag fetches its content at a specific URL. On Chrome and on Firefox, the img tag content fetches the content at the URL with no issue on every web pages, including those that set the CSP header img-src. On Safari, I'm getting the following error on web sites that set the img-src CSP header: Refused to load https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113 because it does not appear in the img-src directive of the Content Security Policy. Here is the actual CSP img-src header content of the web page where, on Safari, the injected img tag does not load the content at https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113: Content-Security-Policy: img-src https://secure.adnxs.com https://www.facebook.com https://.garmin.cn 'self' data: .garmin.com .trustarc.com .truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://.criteo.com https://.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://.teads.tv https://www.googletagmanager.com https://bat.bing.com https://.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com .akamaihd.net https://.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com; My question is, is the page CSP blocking the img tag injected in the web page by the extension's content script? If so, is this behavior documented somewhere, or is it a Safari bug? I saw there is a similar post on the forum, but I couldn't find if the issue is a bug or if it's the expected behavior on Safari: https://developer.apple.com/forums/thread/651542?login=true. Thank you very much for your help.

Need to connect HTTPS proxy (encrypt all data). If it is possible from iPhone or iPad through phone settings or special app?

the backdrop is not work through css variable, but it works well through the certain value. and the problem wasn't appear in old version

Since the transition to iOS 18.4, we have been having an issue where when loading an m3u8 file specified in the src attribute of a video tag in WKWebView, the ts file is loaded repeatedly. Are there any good ideas for this? Also, if there have been any changes to the specifications of WKWebView, we would appreciate it if you could let us know.

I am currently developing an app using WKWebView. In iOS 17, Apple introduced ProxyConfiguration, and I have two questions regarding its usage: Is there a way to use ProxyConfiguration to distinguish between HTTP and HTTPS traffic? I have reviewed the documentation but couldn’t find a clear method for this. As an alternative approach, I am attempting to determine the request scheme within WKWebView and switch proxyConfigurations just before loading the request. My current implementation sends requests to hoge_a by default and switches to hoge_b only for HTTP traffic. 　 if #available(iOS 17.0, *) { if URLString.contains("http:") { webView.configuration.websiteDataStore.proxyConfigurations = [hoge_b] } } webView.load(request) if #available(iOS 17.0, *) { if URLString.contains("http:") { webView.configuration.websiteDataStore.proxyConfigurations = [hoge_a] } } 　 2. Since I modify proxyConfigurations every time webView.load(request) is called, are there any potential issues or concerns with this approach? I would appreciate any insights you may have on either of these questions.

Good day, please send the code for your application to TestFlight. Rudolf Chejn

Hi, We have a native application with a webview part. When we open the app, we load webview resources in a false foreground. The webview communicates with the native part to query local variables, among other things. We have noticed that for the past few weeks, when the biometric component is presented to enter the fingerprint or faceId, while the component is displayed, the webview does not respond. We do not see the calls made by the webview, nor can we respond to them. Even if you open the Safari debugger, the webview does not respond UNTIL you close the biometric component in the native part. This has created a big problem in our app, and we wanted to know if it is an issue you had on your radar. Thank you very much.

Hello Community, My application was rejected by Apple App Review, citing Guideline 4.7 and "non-embedded," which I believe is incorrect. All transactions are signed and sent directly through the app with explicit user permission. Additionally, there's an issue with min apps where users can access the functionality via a browser to interact with the service. This feature has been part of my old application and hasn't changed in the new update. It’s the same functionality as used by popular wallets like Metamask Uniswap Coinbase Which also employ web3 technology. Over the past two weeks, I've tried to communicate with Apple's support team but have been ignored or received only generic rejection emails. This has left me frustrated and concerned about the time and resources I’ve invested in developing and supporting this app. Could you please help me find a solution? Your assistance would be greatly appreciated!

How can i add Authorization header to a wkwebview. I checked https://developer.apple.com/documentation/foundation/nsurlrequest#1776617 which says Authorization header is a reserved http header and shouldn’t be set. I want to set it when requesting a url to the server which will be used for verification. How can i do that?

Hi there, we have found a problem, after switching audio tracks multi times when play the HLS, there will be a few seconds of no sound playing after audio track switching, Is there a solution to this problem?

We are building a Safari web extension utilising native messaging, to send messages to the Swift native part of the app. We sometimes experience, that the beginRequest handler is executed multiple times, at the same time. We have a special part of the code in the handler, that must be run only once. Because it uses NS defaults storage, and also because it calls our servers. We have tried to use a serial dispatch queue, as well as other locking and mutex techniques, to no success. We suspect that the instances of the handler are isolated in a way, that these locks don’t work (maybe they don’t share memory?). But we are not sure. When looking at os_logs from the handlers, they all share the same PID. Has anyone experienced anything similar and can shed some light on what's going on?

SwiftUI List Accessibility VoiceOver

I'm posting a question here as I have encountered an issue while seeking help from engineers in the thread. thread773837 If the "Not Secure Connection Warnings" is enabled in Settings > App > Safari, are HTTP connections not allowed under any circumstances? I also posted a question about NSAllowsLocalNetworking not being applied, and I was informed that ATS (App Transport Security) is not related to SFSafariViewController. If that's the case, what feature causes the error "Safari cannot open the page. Error: Failed to navigate to an HTTP URL with HTTPS-only mode enabled"? I am currently working to resolve this issue.

So I have web Augmented Reality apps hosted on AWS S3. It worked fine for a month, but as soon as the IOS 18.4 update was installed they stopped working. It works on every other device and IOS versions. The URLs for the mentioned AR experiences: digitechonline.in/solsprefimaginewt8/ digitechonline.in/solsprefimaginewt8p2/ digitechonline.in/orocarear/ These AR experiences get stuck on the loading screen and either reload or give an error. Ideally the camera is supposed to open. I have tested it on Safari, Microsoft Edge and Google Chrome browsers. They were created through Unity webgl and hosted on AWS S3 bucket. Please provide a quick solution to this.

A DNR rule with lower priority is being applied before a DNR rule of higher priority on Safari. Specifically, a low-priority DNR block rule that matches a request is being applied before a high-priority DNR redirect rule that matches the same request, preventing the redirect from occurring. The only way to get the high-priority redirect rule to occur is to remove the DNR block rule. This does not occur on other browsers. I have already submitted a Feedback Assistant report about this bug: FB16535579 How to reproduce: Create/install a web extension on Safari with the declarativeNetRequest and declarativeNetRequestWithHostAccess permissions Open the Web Extension Background Content console and add a redirect rule with a high priority number. For example: await chrome.declarativeNetRequest.updateDynamicRules({addRules: [ {id: 5000, condition: {urlFilter: "||www.google-analytics.com*/ga.js", resourceTypes: ["script"], domainType: "thirdParty"}, priority: 80, action: {type: "redirect", redirect: {url: “http://www.apple.com/”}}} ]}) Add a block rule of lower priority for the same urlFilter: await chrome.declarativeNetRequest.updateDynamicRules({addRules: [ {id: 5001, condition: {urlFilter: "||www.google-analytics.com^", domainType: "thirdParty"}, priority: 1, action: {type: "block"}} ]}) Visit https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html Check the network tab and see that neither a request to Google Analytics nor apple.com appear. This means that the request to Google Analytics was blocked instead of being / before being redirected Remove the block rule: await chrome.declarativeNetRequest.updateDynamicRules({removeRuleIds: [5001]}) Reload https://efforg.github.io/privacybadger-test-fixtures/html/ga_surrogate.html. Check the network tab and confirm that there is a request to apple.com, showing that the redirect rule is only applied if the lower-priority block rule is removed. The priority of the DNR rules should handle this without having to remove a DNR rule. I have confirmed that the incorrect application of DNR rule priority happens on other top level domains, with other urlFilters, and with other redirect URLs. I confirmed that this is happening while I’ve granted my extension permissions on all websites.

In our web application some functionalities will allow user to upload multiple images (More than 25 images) in a single page It is working find in all OS and browsers except iOS When user try to upload images directly from camera there will be some overlaps, duplication, missing etc. This is happening in both Safari and Chrome, we had a thorough check in our application and found every thing is working fine from our end You can reproduce the issue by creating a web page which accept more than 50 images (we tried the same in ASP MVC Core & PHP) and showing the images in order access the page through your iPhone using Safari or Chrome Try to upload images directly from your camera, try sequential images (Image of a stop watch, or some thing like that) so that you can easily identify the order of files uploaded and check the listing page of uploaded image (Try these steps multiple times) You can find some images are duplicated and some are missing

On iOS (iPhone or iPad) the following behaviour happens: when both an HTML video element and an HTML audio element are playing on a page, and the video source ends, and the video source is programmatically forced to play again then the system will automatically pause the audio. See following stackblitz project for a sample: https://stackblitz.com/edit/ios-audio-paused-on-video-playing?file=README.md Steps to reproduce Feel free to try with both another audio and video source, here limited by the available space in Stackblitz plan. On an iPhone/iPad device or simulator, in Safari: browse to index.html when on iPhone, press iPhone Load to force preloading video. Not needed on iPad press Play to start playing both audio and video wait until clip ends and then restarts from 0:00 Expected Audio should keep on playing and eventually loop. Actual When clip restarts from 0, audio is put to pause by the system. Further details This does not happen e.g. on Mac Safari nor on another device/browser. Also, some alternative scenarios: when HTML video element has the muted attribute, the issue disappears and audio is not paused when HTML audio element is replace with Web Audio API, the issue disappears and audio is not paused

Since Safari requires a macOS app as a container for Web Extensions, is there a way to establish native messaging directly from SafariWebExtensionHandler using stdin/stdout? Or does Safari enforce a different communication mechanism? I’d like to keep the same approach as other browsers. Any guidance on making this work would be appreciated!

Is it a specification that the Service Worker doesn’t work in an internal iframe only when the parent page in a WebView is file://? It works in Mobile Safari under the same conditions, and we couldn’t find any specification that says Service Worker-like behavior doesn’t work with this combination. Step to reproduce: We use Vite to develop the application. For the iframe in Webview, Install vite-plugin-pwa with version ^0.20.5 Add VitePWA({...}) to plugins[] array in vite.config.ts Build and preview the app: npm run build && npm run preview. We open a Webview with file:// and then open the iframe with the URL to which we preview the app (We use ngrok to create the URL). Then we open Safari and inspect the Webview but inside the Developer > Service workers tab doesn’t have a registered service worker. For safari, we do the same step 1-3, We open Safari browser with the URL that we have deployed the app (The same URL we used in the iframe in Webview). We go inside the Developer > Service workers tab and it has a registered service worker. Environment: Simulator: IOS 18.2 Safari: MacOS 15.2 Expectation: Safari and the iframe in Webview should have a registered service worker inside the Developer > Service workers.