We have an app store app that hosts an internal webserver we use as a proxy and it works for a period until iOS 18.3.x decides our cert is no longer valid at which point our customer have reinstall the app. This has only become a problem on iOS18.3. We publish the self-signed with out app, and it is valid and accepted until it's not. We know the cert is valid and our implementation of the local proxy has not changed. If we install a cert on the device and trust it, then the app will start behaving normally again without reinstall. We have replicated this locally and the error we are seeing is: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _WKRecoveryAttempterErrorKey=<WKReloadFrameErrorRecoveryAttempter: 0x301111e40>, networkTaskDescription=LocalDataTask <541390E2-65FA-47AB-80B1-10209D6C761A>.<3>, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=( "<cert(0x108e3b700) s: 127.0.0.1 i: 127.0.0.1>", "<cert(0x108e3b980) s: 127.0.0.1 i: 127.0.0.1>" ), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://localhost:8082/Blablal/?device=ios&sftouch=1&pgport=8081&secure=1, NSErrorFailingURLStringKey=https://localhost:8082/blahblah/?device=ios&sftouch=1&pgport=8081&secure=1, NSUnderlyingError=0x301e1d680 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802}}, _NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <541390E2-65FA-47AB-80B1-10209D6C761A>.<3>" ), _kCFStreamErrorCodeKey=-9802, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <541390E2-65FA-47AB-80B1-10209D6C761A>.<3>, networkTaskMetricsPrivacyStance=NotEligible, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x302670a50>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.}

My Mac app and its Safari web extension share an app group, and I want to notify the web extension native process when the app makes a change to the app group NSUserDefaults, but I can't find a good way to do this. According to the documentation, "You can use key-value observing to register observers for specific keys of interest in order to be notified of all updates, regardless of whether changes are made within or outside the current process." In my testing, however, this doesn't work in the web extension process. I'm using NSUserDefaults addObserver forKeyPath, but observeValueForKeyPath never gets called. I've also tried NSDistributedNotificationCenter, but the web extension process doesn't receive the notifications sent by the main app. Are either of these supposed to work? If not, are there any alternatives?

I'm referring to the following: https://developer.apple.com/documentation/automaticassessmentconfiguration I can't find this information anywhere. I'm wondering if I can enable and disable this function in Safari or other browsers on my website.

Hi Team, I'm using the simple mailto functionality in the demo page and when I tested the same via Safari mailto functionality is not working. However, the same feature is working as expected via Chrome. Demo: https://jsfiddle.net/xut0ed4y/ Kindly help.me to resolve this issue.

When the iCloud Passwords Chrome extension is on, there is a 400-500ms lag between clicking on a non-password field and the UI reflecting any changes made by a .on("focus") jQuery listener. When the extension is disabled, there is no lag. See below the performance profiles for the same 4 click events. Extension ON: Extension OFF:

Hello, We do not have explicitly set it our website, but still Smart Banner appears since we have universal link setup. (current URL matches the universal link patterns set in your apple-app-site-associations file ). Also, I understand it appears only for users having our app installed. We do not want to show this banner in any case. is there any way to choose not to show the app banner? either setting additional meta or any other way would work. regards, Hussain

After updating to iOS 18.4, our web application (with service workers) crashes on devices that accessed it prior to the update. This issue also affects hybrid mobile apps using the same web application; reinstalling the app resolves it by refetching and reinstalling service workers. Debugging is challenging because clearing the cache or reinstalling the app fixes the problem, and no useful error logs are available. Has anyone encountered similar crashes related to service workers after an iOS update and have any insights into the cause?

Does webkit have a way to display a smart banner for a home screen web app similar to how a smart banner can be displayed for native apps? I recently noticed (10/23) that Twitter showed a smart banner encouraging Home Screen web app on my Mac running Sonoma. How is this done?

Hello, following problems described here: https://developer.apple.com/forums/thread/765272 Last version of Safari apparently corrected previous bugs, however we encountered another problem. Right now Safari uses autocomplete feature of some kind (Siri suggested websites/Top hit) which triggers blocking while writing the name of the website. Probably somehow loads website in the background. Problem is, that this behavior is impossible to debug, because this autocomplete doesn't work, while the browser console is open. We are using content script for blocking. Please advise. Thanks very much

I built and extension for chrome, edge, and firefox. I'm porting the chrome extension to safari using the safari-web-extension-converter tool. This has worked successfully and I was able to publish my extension to the app store. I made some updates to the service worker code recently and I'm now being hit with an error when trying to load my unsigned extension into safari: The service_worker script failed to load due to an error. I've looked online at some other forums and haven't found anything helpful around how to debug this kind of error. Because the service worker is non-persistent in safari, I don't have access to the console logs of the service worker through the Develop > Web Extension Background Context menu. Has anyone successfully debugged this kind of error? Are there logs I can pull directly from safari that would help me here? Thanks in advance for the help!

Hi, I am developing the Click & Read web add-on for Chromium, Firefox and Safari. We use xcrun safari-web-extension-converter tool to generate the Safari add-on, with up-to-date MacBook MacOS, Xcode et Safari : Sequoia 15.3.2, Safari Version 18.3.1 (20620.2.4.11.6), XCode Version 16.0 (16A242d). We have updated our addon to Manifest v3, having the Background script as Server Worker "background": { "service_worker": "background.js", "type": "module" } self.addEventListener("activate", (event) => { console.info("Service Worker activated", event); event.waitUntil( self.registration.pushManager .subscribe({ userVisibleOnly: true, applicationServerKey: urlBase64ToUint8Array( process.env.VAPID_PUBLIC_KEY ), }) .then(async (subscription) => { console.info("[Service Worker] Extension is subscribed to push"); const { subscription: savedSubscription } = await getLocalStorageKeyData("subscription"); if (savedSubscription) fetchApi({ url: `${API_SERVER_URL}/subscription/remove/${savedSubscription.keys.auth}`, }); // Remove previous subscription from server on addon activate currentBrowser.storage.local.set({ subscription: subscription.toJSON(), }); // Save subscription in local storage currentBrowser.runtime.setUninstallURL( `${API_SERVER_URL}/subscription/remove/${ subscription.toJSON().keys.auth }` ); // Set uninstall URL to remove notification subscription on addon uninstall fetchApi({ url: `${API_SERVER_URL}/subscription`, reqInit: { body: JSON.stringify(subscription.toJSON()), method: "POST", headers: { "Content-Type": "application/json", }, }, }); }) .catch((error) => { console.error("Push subscribe error: ", error); }) // Subscribe to push notifications ); }); When trying to subscribe the addon instance to our Push server, we get this error : Push subscribe error: NotAllowedError: User denied push permission Our NodeJS backend is using the web-push librabry : https://github.com/web-push-libs/web-push) to save subscriptions and make notifications push. By looking for same errors on forums, the best hint I found is that it could be related to the testing is done on localhost (addon is built from XCode onto Safari, and Push server is running on localhost). Thanks for your help !

In the Safari browser on mobile devices, the tags in an HTML element are styled with the system's default styles. I want the text inside the tags to be displayed without line breaks. However, in reality, the text wraps according to its length. May I ask if there are any methods to achieve this? (ps: CSS-related properties such as white-space: nowrap do not work.)

I have a web extension that I want to send data to, and receive a response containing modified data. My understanding is that the native app is only contactable by a background script. How does a webpage contact the background script? One answer is by adding a content script, which is able to communicate with the background script using browser.native.sendMessage(). Unfortunately this triggers a warning that "this extension can read and alter web pages". I do not want to read and alter web pages, nor do I want users to be concerned about a permission the app doesn't need. I just want to receive data, and then return a response. What API should I be using to achieve this?

I'm currently experimenting to add 3d stereo images in HEIC format to my daily Mars Rover Images website https://areo.info/mars20 which can be opened on a Vision Pro. Only a few images are yet converted into that mode, those on the sol 1411 page. As I'm currently only working in the Vision Pro Simulator from Xcode, no real 3d effect if of course visible and I'm curious if anyone using the real hardware can confirm that the images are working. Especially the eye distance correction is important to know about as the Mars Rover camera has a much wider pupil distance than humans and while I entered that distance in the conversion tool, I'm not sure if it worked well. So feedback is welcome! For those who like to try to create stereo images themselves: I used https://developer.apple.com/documentation/ImageIO/writing-spatial-photos to create a HEIC file from two JPEGs.

When our Safari Web Extension makes a api request from its background script (registered via "scripts" in manifest.json, e.g., "background": { "scripts": ["js/background.bundle.js"] }) to our authenticated API endpoint (https://api-domain/user), the Cookie header is not included in the request. This occurs only when the extension is running within a non-default Safari User Profile. This causes our API to treat the user as unauthenticated. The exact same extension code, manifest, and API call work correctly (Cookie header is present and user is authenticated) when the extension is running in the Default Safari User Profile.

I have multiple web views of the same domain that share the same local storage, as expected. One of them though, is loading a .webarchive file. The web archive is of the same domain, and is loaded using the same base URL. For some reason, in most cases, the local storage is not shared with this web view when loading the web archive, although if I make that same web view load the actual live web page it does share local storage. I say in most cases, because for some users it works as expected, but for a significant portion of users it isn't sharing local storage. I think that the main difference between working and not is iOS version. iOS 17 seems to be able to share the local storage but iOS 18 does not. I can't find anything related in the release notes of iOS 18 versions. There is nothing in the documentation for load(_:mimeType:characterEncodingName:baseURL:), or the header file, that explains anything specific about local storage and webarchive loading. Does anyone know for sure how local storage is handled when a webarchive is loaded into a web view, and did something change with iOS 18 in regards to this?

I'm not sure if this is even the right place to ask this, or voice this complaint if there's no fix. If not, please direct me where to go. I'm trying to switch all my development over to Safari, but the tab sidebar is driving me absolutely insane. Let's say I have a bunch of tab groups expanded, and I collapse the sidebar to focus on the webapp I am building. When I toggle to show the sidebar again, every single tab group is collapsed. Why is it 2 clicks to see the tabs in the sidebar? Even with zero tab groups, and just tabs in the workspace, if you collapse the sidebar it'll collapse the list of tabs. Is there some hidden setting for this? Who do we have to complain to?

使用direct distribution进行分发时，safari web extension 在safari setting 中显示没有权限读取、修改或传输任何网页的内容。 但是我在看公证日志显示插件是正常的公证的 这导致safari extension 无法使用。 公证日志 https://www.coupert.com/img/2025-04-10/notarization-log.json

I have a UI application built with the Vue framework, using Vuetify for the UI components. There's a div with the class v-application--wrap, which is provided by Vuetify. This class internally includes the following style rule. .v-application--wrap { backface-visibility: hidden; display: flex; flex: 1 1 auto; flex-direction: column; max-width: 100%; min-height: 100vh; position: relative; } The pages were rendering correctly up to version 18.3, but after upgrading to version 18.4, we encountered layout issues related to height. Upon investigation, we discovered that the min-height property was no longer being interpreted or applied correctly. Replacing min-height with height resolved the issue, and the pages began loading as expected. Any insights into why this behavior is occurring would be greatly appreciated.

Howdy, WKWebView feature request: allow Fullscreen API without User Gestures similar to ElectronJS' userGesture: true flag that allows devs to bypass user gesture restriction for Fullscreen API and similar executeJavaScript(code[, userGesture]) https://www.electronjs.org/docs/latest/api/web-contents#contentsexecutejavascriptcode-usergesture afaik this is allowed because of a fairly recent update to Chromium that also allows users to give Fullscreen API permissions per domain https://chromeos.dev/en/posts/using-the-fullscreen-api-without-gestures Would be greatly useful for a use case in my cross-platform app, so I can avoid rewriting all platforms to use Chromium Thanks