Subject: Unexpected system confirmation dialog when opening a Universal Link Description of the issue: We’re implementing a login flow using Native iOS apps, Universal Links, and OpenID Connect authentication. Our domain is correctly configured with the apple-app-site-association file, and Universal Links work as expected. However, under certain circumstances, the behavior differs on the same login page: The user connects to the OIDC provider in their mobile browser. Instead of automatically switching to the Native application, a popup asks the user to open the app. The behavior depends on how the login page is opened: When opened in a new browser tab, the Universal Link opens the app immediately without showing any system confirmation dialog. When the same tab is reused without a page refresh, iOS displays a system confirmation dialog asking the user to open the link in the app. This confirmation dialog doesn’t appear in the first scenario. This additional system dialog impacts the user experience, as we aim for a frictionless and seamless login flow with minimal confirmation steps. Question: Why does the app switch work automatically only the first time? Is this intentional iOS behavior? If so, what security requirement or system rule causes a confirmation dialog when reusing the same tab, but not when redirecting in a new tab or pressing a button on the reused tab? Is this expected design, or should we adjust our side to avoid this dialog? Environment details: Verified on two devices iOS versions: 18.7.2, 26.1 Thanks for your help.

The new WebView implementation in *OS 26 versions is a very valuable addition to the SwiftUI toolset. I was experimenting with it and was wondering how to implement a Pull To Refresh. While this was easily achievable with the "old" WKWebView I was not able to find an API to implement, for example, a page reload when the user uses a pull to refresh gesture. I tried to attach to a .refreshable(_:) modifier to the WebView but without success. Is there an official API for that or should maybe .refreshable(_:) already work and it's just a bug or is it simply not yet supported? Here is a minimal example I was trying but didn't succeed: struct ContentView: View { @State private var page = WebPage() var body: some View { NavigationStack { WebView(page) .refreshable { page.reload() } } } } Any help is much appreciated. Thank you!

I want to confirm the specifications and behavior of Safari. We have a system built on Microsoft Azure that uses Azure AD B2C for authentication. When we logging in, there is a phone authentication feature where a call is made to the registered phone number. However, this phone authentication does not work properly only on iPhone's Safari. The specific situation is listed below: When performing phone authentication on iPhone's Safari, a call is made from Azure AD B2C, and pressing the # button on the Safari screen can be done. But then, it transitions to an error screen. We tried multiple iPhone devices and multiple iOS versions, but the result was the same. But when accessing the system on a PC, and performing phone authentication, it works without any errors. Also when we use browsers other than Safari (for example, Google Chrome and Firefox) on the iPhone, the phone authentication works without any errors, too. Even with Safari, if the device displaying the login screen and the device making the call are different, phone authentication works without any errors, too.(it fails if they are the same device). We reached out Microsoft about this issue, and they responded that: The Azure resource called FrontDoor at the front end of Azure AD B2C supports the HTTP/2 protocol, and HTTP/2 protocol is used in communication with Safari. In Safari's HTTP/2 communication, when a call is received while the screen is displayed, a reset packet is sent to the web server (in this case, the web server is FrontDoor). This interrupts the session, causing a session termination error on the Azure AD B2C side, and phone authentication fails. Therefore, we would like to ask you the following two points: In HTTP/2 communication, does the Safari browser send a reset packet to the web server when it receives a phone call? If so, what is the cause of this behavior? And are there any measures to prevent the reset packet from being sent?

When we embed some of the youtube videos are unable to load in the Mobile app but at the same time it works in Website. I need to allow it in both places. I have tried both embed and native sdk for youtube in iOS.

I’m a developer working on a Safari Web Extension that’s distributed via the App Store and also tested locally through Xcode. I’m running into an issue that’s affecting my ability to debug errors reported to my Sentry error logging instance from production. The Problem When an error is thrown in one of my extension scripts (e.g., background.js, popup.js, or content.js), the error is sent to Sentry but the captured JavaScript error stack trace replaces the file paths with the webkit-masked-url://hidden placeholder like this: ReferenceError: Cannot access uninitialized variable. at ? (webkit-masked-url://hidden/:14677:28) at ? (webkit-masked-url://hidden/:16307:3) This happens consistently across both App Store builds and local Xcode runs. It prevents me from seeing which script the error came from or resolving the actual source code lines using uploaded source maps in Sentry. My Setup Safari Version: 18.5 (Stable on macOS) Distribution: App Store and local Xcode development Extension Type: Safari Web Extension Error Reporting: Sentry (@sentry/browser SDK) Bundler: Webpack with inline-source-map What I’ve Confirmed I can see the actual source files in Safari’s Web Inspector under the Sources tab when the extension is running. My source maps are uploaded to Sentry correctly and are associated with the matching release. Errors from Safari are being captured by Sentry, but the file URLs are masked, so stack traces cannot be resolved against my original source. My Question Is this behavior (masking file URLs in stack traces with webkit-masked-url://hidden/) intentional for Safari Web Extensions? If so, is there any supported method or workaround to allow exception stack traces to reveal the original script path (e.g., popup.js, background.js) so tools like Sentry or even console logs can point to real locations? I fully understand the privacy/security rationale behind the masking, but as the extension developer, this is making it extremely difficult to debug runtime issues in production. I’d really appreciate any insight into: Whether this masking is expected and permanent behavior If there are any entitlements, debug settings, or Info.plist keys that can alter this behavior for development or for trusted/own extensions If Apple recommends a different way to log extension errors that includes script name or source references Thanks in advance for your help! I’m happy to share more technical details or try out suggestions.

Description When creating an Apple ID via the web form, if the user’s chosen password contains their own name, the server correctly returns an error (e.g., "Password cannot contain your name") in the PUT request's JSON response. However, this error is not shown on the frontend, leaving users unaware of why the form silently fails or stalls. Steps to Reproduce Go to the Apple ID account creation page (https://appleid.apple.com/account). Enter valid account details where the password includes the user's first or last name (e.g., Johnacb2331!l for a user named John Doe). Complete all fields, including phone number verification and captcha. Submit the form and monitor the Network tab in your browser’s DevTools. Observe that the form appears to hang, loop, or silently fail. Open the PUT request to /account — the response JSON will contain the relevant validation error (e.g., “Password cannot contain your name”), but the user is not shown this. Expected Behavior The password validation error (e.g., containing the user’s name) should be immediately displayed in the UI next to the password field to inform the user and allow for correction. Actual Behavior No error is shown in the UI. The form appears to fail silently, leaving the user confused. The actual reason for failure is only visible through browser developer tools in the PUT response payload. Impact This can lead to: User frustration and confusion Increased support overhead Poor UX in a critical flow (account creation) Environment Browser: chrome 136.0.7103.114 Platform: Web (https://appleid.apple.com) Date observed: 31/5/25 Suggested Fix Ensure that password validation messages from backend responses surface in the frontend, especially for common user input issues like including names in passwords. No screenshots as I can not create a new account

As the title suggests, given today’s overpowered device performance, shouldn’t Safari and WKWebView allow repainting during window resizing? Currently, all WKWebView-based apps pause page rendering during resize. When a user double-clicks the drag region, the sequence goes: pause rendering → enlarge or shrink the window → leave a blank area → repaint the page. The whole process feels inelegant—especially on devices that support ProMotion.

There is no plus button ![](" https://developer.apple.com/kr/forums/content/attachment/4c286784-7329-4e31-a5b1-8dd0c9aaf9ad" "title=test.png;width=2330;height=982")

I am following up on Thread (https://developer.apple.com/forums/thread/733233). Currently, SFSafariExtensionManager.getStateOfSafariExtension only returns if an extension is enabled, but not if "Allow in Private Browsing" is toggled on. Is there an API in macOS 26 and Safari 19 that allows a native Safari App Extension to detect this specific permission?

I am testing stuff on a website, and it worked well on any mobile browser till iOS18. Now that I am testing iOS26, even with the latest BETA (3) everything works smoothly on any other mobile browser but Safari. Previously I had the bug, which now has been patched, for status-bar, which was flickering too, but popover and page issue seems still there. I have persistent popover and ajax navigation, and both are rendering with bugs and fouc while view/page changes. Example: If I have an element which must stay on its place and its width is 100vw: while page changes it blinks, shrinks, flicker and jumps on rendering, while it simply must stay as is.. Animations and page transitions work smoothly on Chrome mobile (latest iOS 26 beta 3) , while breaking on Safari. I did open a feedback FB18328720, but seems no one caring. Any idea guys? ** Video of the bug (which is huge!) : ** https://youtube.com/shorts/rY3oxUwDd7w?feature=share Cheers

I have a visionOS app using Apple's WebView and WebPage to display web content. When viewing a live YouTube stream last night, YouTube put up the warning in the area that would have the chat window: Oh no! It looks like you're using an older version of your browser. Please update it to use live chat. Anyone know if YouTube is generating this from the server based on the WebPage's user agent string, from Javascript running in the browser engine, or something else? Anyone know if and how it is possible to resolve this? (See right side of YouTube web page from a screen grab):

Dear Apple Developer Support Team, I am writing regarding critical issues we are facing with Safari web push notifications in our application iLiveMyLife.io, which is severely impacting our ability to maintain reliable communication with our users. Issue Description: We are experiencing persistent problems with Safari push notification tokens expiring or becoming invalid without any notification to our server. This creates several critical issues: Users stop receiving notifications without any indication of failure Our notification delivery system has no way to detect token expiration The expiration appears to happen frequently (seemingly almost daily in some cases) There is no reliable mechanism to re-establish push communication without users manually revisiting the app Technical Impact: Our messaging functionality becomes completely unreliable We must resort to email or SMS as fallback mechanisms, which is not feasible for a real-time communication platform This makes building any reliable messaging application on Safari practically impossible The Broader Context: What makes this situation particularly challenging is that all potential alternative browser APIs that could help address this issue appear to be deliberately disabled or restricted in Safari: Background Service Workers don't function in the background on iOS Safari Background Sync API is not supported WebSockets cannot operate when the app is closed There's no way to programmatically check the validity of push tokens The combination of these limitations creates a situation where developers have no viable technical path to build reliable notification systems for PWAs on Safari. This appears to be a systematic restriction rather than individual API limitations. Requested Information: Is there a recommended approach to detect Safari push token expiration? Are there alternative notification mechanisms for PWA applications on Safari that offer more reliability? Is there documentation on the lifecycle of Safari push tokens that could help us implement proper handling? Are there plans to improve the Web Push API implementation in Safari to address these reliability issues? Could you clarify if these limitations are intentional design decisions or technical constraints that might be addressed in future updates? Business Impact: This issue fundamentally undermines our platform's core functionality. For a collaborative tool, reliable notifications are essential - users cannot collaborate effectively if they miss updates because their push tokens silently expired. The current state creates confusion among our users, who don't understand why they suddenly stop receiving notifications. Any guidance or assistance you could provide would be greatly appreciated. We're committed to providing an excellent experience on Safari, but the current push notification limitations make this extremely challenging. Thank you for your time and consideration. Best regards, Ilya

Touch not working to close in-app close-ups since latest iOS 26 update

An Administrator account is executing safaridriver --enable but it doesn't apply to other standard user accounts and standard accounts can't enable it directly. Is this expected behavior? How can standard users make use of safaridriver?

Subject: iOS 26 WKWebView: Remote Pages Become Unresponsive After Loading Local HTML Files Description We're experiencing a critical issue with WKWebView in a React Native 0.64.3 application where remote web pages become completely unresponsive after loading local HTML files in iOS 26. It works well before iOS26. Environment: React Native 0.64.3 iOS 26.0 Xcode 26.0.1 Using custom WKWebView implementations in Native modules Problem Details App loads local HTML files using loadFileURL:allowingReadAccessToURL: Later, when loading remote pages via loadRequest:, the remote pages load successfully but become unresponsive to user interactions This occurs even when using different WKWebView instances The issue is reproducible 100% of the time once a local file has been loaded Restarting the app and loading remote pages directly works fine Code Example: // Loading local file (works fine) [self.webView loadFileURL:localFileURL allowingReadAccessToURL:accessURL]; // Later, loading remote page (loads but becomes unresponsive) NSURLRequest *request = [NSURLRequest requestWithURL:remoteURL]; [self.webView loadRequest:request]; What We've Tried: Using different WKWebView instances for local vs remote content Comprehensive cleanup in dealloc (removing all user scripts and message handlers) Loading blank HTML before switching to remote content Using shared WKProcessPool (understanding its limitations in iOS 15+) Ensuring proper decisionHandler management in navigation delegates Resetting WKWebView configuration settings Clearing cookies and cache between loads Using loadFileRequest:allowingReadAccessToURL: instead of loadFileURL: Key Observations: The remote page renders correctly and network requests complete No JavaScript errors in console The view hierarchy appears normal in Debug View Hierarchy Touch events seem to be delivered but not processed by the web content Questions: Has Apple introduced new security restrictions in iOS 26 that affect the transition from file:// URLs to http:// URLs? Are there specific WKWebView configuration changes required for React Native applications in iOS 26? Could this be related to the React Native bridge or JavaScript context persistence? Any insights or workarounds would be greatly appreciated, as this is blocking our iOS 26 compatibility.

We would appreciate it if you could provide the detailed flow of recurring payments and the unsubscribe process using the Apple Pay JS API, specifically in cases where the PSP decrypts the Apple Pay token before sending it to the payment gateway. Thank you very much for your kind assistance.

I am developing an SSO Extension so that I can have SSO with Keycloak across applications. OIDC/OAuth2 works very well. But I am struggling with SAML. It works, but it seems that the form submission is always triggered twice. I use decisionHandler(.cancel) to stop the form submission and redirect it to the browser. I still get the form submitted both by the extension and by the browser. At some point I tried to allow the form submission in the Extension so that I get the redirect with the response to the browser. It still triggered another submission. Does anyone experience this issue?

While implementing Apple Maps into our web application, I have a scenario where I want to be able to drag and move some of my custom annotations around. While that is working, when "picking up" the annotation before dragging it, there is an animation which I believe is to represent the human interaction of picking up a pin from a map, I would like to cancel that animation and thought that would be possible by calling preventDefault() in the emitted long-press event, which the documentation states that annotations should emit if they are draggable. The thing is that I don't get this event to emit when long pressing an annotation. So I believe that I have found a bug. It's in this paragraph in the documentation https://developer.apple.com/documentation/mapkitjs/handling-map-events#Respond-to-map-interaction-events A long press occurs on the map outside an annotation. A long press may be the beginning of a panning or pinching gesture on the map. You can prevent the gesture from starting by calling the preventDefault() method of the event. Annotations need to be draggable to dispatch long-press events. In anybody else experiencing this or do you see any clear fix for this? Maybe there is another way to cancel that "picking up the annotation for dragging" animation. I have seemed to try anything else.

Hello all, I'm trying to retrieve geolocation data on the web, but I'm having trouble with the altitude value, which seems to differ from what I get on Android. When using navigator.geolocation.getCurrentPosition in Safari, is the altitude value based on mean sea level, or is it ellipsoidal altitude based on the WGS84 ellipsoid? altitude (WebKit JS): https://developer.apple.com/documentation/webkitjs/coordinates/1631861-altitude altitude (Core Location): https://developer.apple.com/documentation/corelocation/cllocation/altitude ellipsoidalAltitude (Core Location): https://developer.apple.com/documentation/corelocation/cllocation/ellipsoidalaltitude If anyone has any insight into this topic I would greatly appreciate it!

Environment • Device: any iPhone running iOS 26 Developer Beta 5 (23A5308g) • Xcode: 16.3 Short description The app crashes the moment the user tries to long-press to select text inside a WKWebView, double-tap an image with Text (magnifier appears) The exception is CALayer position contains NaN. frame = (nan,0;0,48) chorPoint=(inf, 0) and it is thrown in the UI process. Build & run any project that hosts a WKWebView. Inject the following CSS via script (this is what we do to suppress the native callout menu): WKWebView *webView = [[WKWebView alloc] initWithFrame:self.view.bounds configuration:[WKWebViewConfiguration new]]; NSString *js = @"document.documentElement.style.webkitUserSelect='none';" "document.documentElement.style.webkitTouchCallout='none';"; [webView evaluateJavaScript:js completionHandler:nil]; [self.view addSubview:webView]; Incident Identifier: EE6FB046-5087-4F15-A72D-A74965347A30 CrashReporter Key: 29e8e58e02a07557adb4ce3f463d764f3ce8bbd5 Hardware Model: iPhone16,1 Process: wallet [642] Path: /private/var/containers/Bundle/Application/4B4E609A-C8BF-4C56-AB2A-1638249B98A5/wallet.app/wallet Identifier: xxxxxxx Version: xxxx AppStoreTools: 16F7 AppVariant: 1:iPhone16,1:18 Code Type: ARM-64 (Native) Role: Foreground Parent Process: launchd [1] Coalition: xxxxxx Date/Time: 2025-08-06 12:05:24.0732 +0800 Launch Time: 2025-08-06 11:49:40.3802 +0800 OS Version: iPhone OS 26.0 (23A5308g) Release Type: Beta Baseband Version: 3.02.02 Report Version: 104 Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Termination Reason: SIGNAL 6 Abort trap: 6 Terminating Process: wallet [642] Triggered by Thread: 0 Application Specific Information: abort() called Thread 0 Crashed: 0 libsystem_kernel.dylib 0x22da0f0cc __pthread_kill + 8 1 libsystem_pthread.dylib 0x1e097b7e8 pthread_kill + 268 2 libsystem_c.dylib 0x191361f1c abort + 124 3 libc++abi.dylib 0x182e7a808 __abort_message + 132 4 libc++abi.dylib 0x182e69484 demangling_terminate_handler() + 304 5 libobjc.A.dylib 0x182d7bf28 _objc_terminate() + 156 6 wallet 0x1068ff8c8 0x1046f4000 + 35698888 7 libc++abi.dylib 0x182e79bdc std::__terminate(void (*)()) + 16 8 libc++abi.dylib 0x182e7d314 __cxxabiv1::failed_throw(__cxxabiv1::__cxa_exception*) + 88 9 libc++abi.dylib 0x182e7d2bc __cxa_throw + 92 10 libobjc.A.dylib 0x182d7992c objc_exception_throw + 448 11 CoreFoundation 0x185e908d4 +[NSException raise:format:] + 128 12 QuartzCore 0x18678a874 CA::Layer::set_position(CA::Vec2<double> const&, bool) + 160 13 QuartzCore 0x1869a7270 -[CALayer setPosition:] + 52 14 UIKitCore 0x18c4ac564 -[UIView _backing_setPosition:] + 176 15 UIKitCore 0x18cefdf0c -[UIView setCenter:] + 220 16 UIKitCore 0x18cd9f794 -[_UIEditMenuContentPresentation _displayPreparedMenu:titleView:reason:didDismissMenu:configuration:] + 936 17 UIKitCore 0x18cd9f3c0 __54-[_UIEditMenuContentPresentation _displayMenu:reason:]_block_invoke + 104 18 UIKitCore 0x18ced1060 -[UIEditMenuInteraction _editMenuPresentation:preparedMenuForDisplay:completion:] + 384 19 UIKitCore 0x18cd9f2e4 -[_UIEditMenuContentPresentation _displayMenu:reason:] + 304 20 UIKitCore 0x18cd9f0d8 -[_UIEditMenuContentPresentation displayMenu:configuration:] + 64 21 UIKitCore 0x18ced0344 __58-[UIEditMenuInteraction presentEditMenuWithConfiguration:]_block_invoke + 260 22 UIKitCore 0x18ced1f8c __80-[UIEditMenuInteraction _prepareMenuAtLocation:configuration:completionHandler:]_block_invoke + 80 23 UIKitCore 0x18cc8403c __109-[UITextContextMenuInteraction _editMenuInteraction:menuForConfiguration:suggestedActions:completionHandler:]_block_invoke + 180 24 UIKitCore 0x18cc84584 __107-[UITextContextMenuInteraction _querySelectionCommandsForConfiguration:suggestedActions:completionHandler:]_block_invoke + 148 25 WebKit 0x1a05ae5d4 WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>::operator()(WebKit::DocumentEditingContext&&) + 64 26 WebKit 0x1a05bb468 WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (IPC::Connection*, IPC::Decoder*)> IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::RequestDocumentEditingContext, WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>>(WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Connection*, IPC::Decoder*), void, IPC::Connection*, IPC::Decoder*>::call(IPC::Connection*, IPC::Decoder*) + 196 27 WebKit 0x19fcf5db8 WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Connection*, IPC::Decoder*>::call(IPC::Connection*, IPC::Decoder*) + 64 28 WebKit 0x19fce54f0 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 340 29 WebKit 0x19fcf5aa0 IPC::Connection::dispatchIncomingMessages() + 536 30 JavaScriptCore 0x19a8f85d4 WTF::RunLoop::performWork() + 552 31 JavaScriptCore 0x19a8f838c WTF::RunLoop::performWork(void*) + 36 32 CoreFoundation 0x185da6230 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28 33 CoreFoundation 0x185da61a4 __CFRunLoopDoSource0 + 172 34 CoreFoundation 0x185d83c6c __CFRunLoopDoSources0 + 232 35 CoreFoundation 0x185d598b0 __CFRunLoopRun + 820 36 CoreFoundation 0x185d58c44 _CFRunLoopRunSpecificWithOptions + 532 37 GraphicsServices 0x224ce0498 GSEventRunModal + 120 38 UIKitCore 0x18b6c84b8 -[UIApplication _run] + 792 39 UIKitCore 0x18b66cbc0 UIApplicationMain + 336 40 wallet 0x1046f8558 0x1046f4000 + 17752 41 dyld 0x182dcdb18 start + 6332