Hello - we have a Mac application that uses a browser extension and the web extension JS APIs to communicate with Safari. During user testing we found that the tab title and tab URL properties are empty when obtaining the set of open windows via windows.get() after a Safari restart. We are testing with Safari 18.4 (20621.1.15.11.10). We have made a TestFlight version of our app and extension available to help with testing: https://testflight.apple.com/join/Va8Zdv9d. Screenshot and screen recording are attached to the Feedback ID supplied below. STEPS TO REPRODUCE Install Tabby via the TestFlight link Enable the Tabby for Safari extension in the Safari extensions dialog Grant permissions for Tabby for Safari to all windows all the time Within Safari, open two windows each with at least two tabs Within the Tabby app, ensure you see the windows and tabs listed correctly (tab title displayed for each) Quit and restart Safari Expected behavior Safari re-opens existing windows and Tabby displays title for each tab Observed Safari re-opens existing windows but within Tabby all tabs except the current tab are displayed with a title of “Start Page”. Under the hood the tab title and tab URL properties are empty when returned via a windows.get() call after Safari restarts. NAME AND APPLE ID OF APP Tabby - Browser Tab Manager 1586203406 FEEDBACK ASSISTANT ID FB16389506

Subject: Unexpected system confirmation dialog when opening a Universal Link Description of the issue: We’re implementing a login flow using Native iOS apps, Universal Links, and OpenID Connect authentication. Our domain is correctly configured with the apple-app-site-association file, and Universal Links work as expected. However, under certain circumstances, the behavior differs on the same login page: The user connects to the OIDC provider in their mobile browser. Instead of automatically switching to the Native application, a popup asks the user to open the app. The behavior depends on how the login page is opened: When opened in a new browser tab, the Universal Link opens the app immediately without showing any system confirmation dialog. When the same tab is reused without a page refresh, iOS displays a system confirmation dialog asking the user to open the link in the app. This confirmation dialog doesn’t appear in the first scenario. This additional system dialog impacts the user experience, as we aim for a frictionless and seamless login flow with minimal confirmation steps. Question: Why does the app switch work automatically only the first time? Is this intentional iOS behavior? If so, what security requirement or system rule causes a confirmation dialog when reusing the same tab, but not when redirecting in a new tab or pressing a button on the reused tab? Is this expected design, or should we adjust our side to avoid this dialog? Environment details: Verified on two devices iOS versions: 18.7.2, 26.1 Thanks for your help.

We have a SAML-based SSO App Extension that uses WKWebView to load the SAML login request. This implementation has been working correctly on iOS versions prior to 26. However, starting with iOS 26, the extension consistently crashes when calling WKWebView.load(_:). The crash occurs inside WebKit, specifically in: /Library/Caches/com.apple.xbs/Sources/WebKit/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp at WebKit::WebPageProxy::loadRequest(...) No app-level exception is thrown, and the extension terminates with: Thread 10: EXC_BREAKPOINT (code=1, subcode=0x1a31dbe00) It appears that WKWebView initialization or WebsiteDataStore creation is now restricted in extension contexts on iOS 26, but this change is not documented in the SDK release notes. Could you please confirm if this is an intentional sandbox restriction in iOS 26 or a regression in WebKit? Steps to reproduce: Implement an App Extension using ASAuthorizationProviderExtensionAuthorizationRequest. Create a WKWebView instance in the extension. Attempt to load a SAML login request (POST request with headers). Observe immediate crash on iOS 26 (works fine on earlier versions). Expected behavior: WKWebView should load the request or fail gracefully as in prior releases, without crashing the extension process. Request: Please clarify if WKWebView usage inside extensions is officially unsupported as of iOS 26, and if so, recommend an alternative approach for handling SSO flows.

navigator.permissions.query -> permissionStatus.onchange is Supposed to listen to the event of a change in permissions in the browser settings. This works for all browsers, but in Safari for iOS and MacOS this seems to be broken in the currently recent versions 17.x Example: navigator.permissions.query({ name: 'notifications' }).then((permissionStatus) => { permissions = permissionStatus.state; // this value gets set correctly permissionStatus.onchange = () => { // This will not get executed when permissions have been changed // within the safari settings app, or iOS Settings for PWA or Safari }; }); Can someone from Apple's Webkit Team please comment on this? Thank you. T.

The extension popups don't seem to support the dark mode media query. The only way the query gets detected is when a color-scheme is added: <meta name="color-scheme"content="light dark">

Hi everyone, I’m encountering a serious reliability issue with message passing in my Safari extension on iOS 18.4.1 and iOS 18.5 In my extension, I use the standard messaging API where the background script sends a message to the content scrip. The content script is listening using: browser.runtime.onMessage.addListener(handler); This setup has been working reliably in previous versions of iOS, but since updating to iOS 18.4.1 and iOS 18.5, I’ve noticed that messages sent from the background script are not consistently received by the content script. From my logs, I can confirm that: The background script is sending the message. The content script’s listener is not always triggered. There are no errors or exceptions logged in either script. It seems as if browser.runtime.onMessage.addListener is either not getting registered in time or failing silently in some instances. This issue is intermittent and does not occur all the time. Has anyone else experienced similar issues in iOS 18.4.1 and 18.5? Are there any known changes or workarounds for ensuring reliable communication between background and content scripts in this version? Any help or insights would be greatly appreciated. Thanks!

Safari Version 14.0.1 (16610.2.11.51.8) I am porting a Chrome/Firefox/Edge extension to Safari Web Extension. Mostly, the process was painless, I am, however, seeing quite different behavior in the tab ids generated by Safari compared to Chrome, Firefox, and Edge. My extension has callbacks for each of these browser.webNavigation events: browser.webNavigation.onBeforeNavigate browser.webNavigation.onCommitted browser.webNavigation.onDOMContentLoaded In each of these I rely on the tab id for various future tab targeting operations. When opening a new tab, the details object passed to each of these callbacks has a non-zero tabId on Chrome, Firefox, and Edge. However, in Safari, the tabId is always zero. To debug, I added one more callback: browser.webNavigation.onCompleted At this point Safari finally has a non-zero tabId in the details param. Needless to say this is causing some consternation with achieving the same outcomes as tab tracking on Chrome, Firefox, and Edge. It's like Safari is treating new tabs as "non tabs" until navigation completes. You can even see it when trying to get the tab by tabId=0: browser.tabs.get(tabId) // tabId=0 here &#9;.then(tab => { &#9;&#9;// tab is undefined &#9;}); Seems like this might be a bug. I can't imagine why the behavior is so different from other browsers. Any ideas on how to work around?

The crash is specific to iOS 26.2 WKScriptMessageHandler delegate func userContentController(_ userContentController: WKUserContentController, didReceive message: WKScriptMessage) Name attribute is accessible but WKScriptMessage body attribute causes crash The object seems to be not accessible

Since iOS 18.1 launched as a beta, we've been getting reports from end users on iPhone 15 Pro and iPhone 15 Pro Max specifically. They're reporting that our WebView is unable to load our local HTML content. I'm curious if anyone else has had their app or users run into this issue? So far I've tried installing the most recent XCode Beta 16B5014f and installed an 18.1 emulator, but our app worked fine. It's also working fine on all my real devices, but we don't have a 15 Pro to test on. I'm curious if this is related to the processor on these devices and how they are intended to support Apple's new AI coming in 18.1.

I’m experiencing a crash in WKWebView on iOS 26 Developer Beta 5 and Beta 6 with the following exception: CALayer position contains NaN: [nan 65] The crash occurs when the following CSS properties are applied to content displayed in WKWebView: -webkit-user-select: none; -webkit-touch-callout: none; This issue happens consistently whenever these styles are set, leading to the crash inside WKWebView. Is this a known bug in the current iOS 26 betas, or is there a recommended workaround?

Starting with iOS 26.2, when Safari tabs are set to Bottom or Compact view, some pages are not rendering properly. The error does not occur in Top view. For some pages, scrolling causes rendering to be very slow, causing the user to experience page breaks and missing parts. If the user waits a few seconds, the missing parts of the page will appear, but the issue will reoccur when scrolling further. We have tested this on all available iOS devices and the issue occurs on all iPhones running iOS 26.2. The issue does not occur on iOS 26.1, and we have not experienced it on devices running iOS 18. The issue can be reproduced on the following pages with an iPhone running iOS 26.2: https://fotosakademia.hu/products/course/fotografia-kozephaladoknak-haladoknak https://oktatas.kurzusguru.hu/products/course/az-online-kurzuskeszites-alapjai

From a mail app or similar, when opening a webpage in Safari as an external browser, JavaScript on the webpage stops running if Safari goes into the background. Is there a way to prevent this from happening? Sample code for the counter: Behavior: Upon returning from the background, the counter continues for about 7-8 seconds but does not progress further. For example, if Safari is kept in the background for about 20 seconds and then brought back, the counter stops at around 7-8 seconds and only resumes counting after returning to the foreground. Expectation: The counter should continue running even if Safari goes into the background.

The passkey authentication dialog appears, and after unlocking with Touch ID, the dialog closes without any notification of success or failure. This issue occurs with high frequency. access to the https://passkeys-demo.appspot.com/ register account and create passkey. logoff access to the url again you can see the passkey dialog unlock device then the dialog disappears nothing happens reload the page proceed 5) to 6) nothing happens or success webauthn.

Safari 18.0.1 on macOS 15.01 doesn't support the Passkey PRF extension during cross-device WebAuthn authentication when using QR code scanning, while it works correctly with iCloud passkeys. Steps to Reproduce: Clone and setup: git clone https://github.com/quocle108/passkey-prf-test yarn yarn start Test iCloud Passkey Flow: Open http://localhost:3000 in Safari Open DevTools (Cmd+Option+I) Click "Register" Choose "Passkey on iCloud" Expected console output: PRF supported: true Test Cross-Device Flow: Click "Register" Choose "Phone/Tablet" Scan QR with mobile device Expected: PRF supported: true PRF extension should be supported in cross-device flow, matching iCloud passkey behavior. Actual: PRF supported: false Cross-device flow returns empty extension results. Verify in Chrome Repeat steps 2-3 in Chrome Both flows return proper PRF extension results: PRF supported: true Test Environment: Browser: Safari 18.1.1 , Chrome 131.0.6778.70 OS: macOS 15.01 Mobile: iOS 18.x / Galaxy Note9 Android 10 Test repo: https://github.com/quocle108/passkey-prf-test

Trying to implement my own forward/back buttons for the new SwiftUI WebView and reading the documentation I’m totally lost. What’s the recommended way of implementing forward/back behavior with this component?

Hi Apple engineers! We are making an iOS browser and are planing to deliver a feature that allows enterprise customers to use a MAM key to set a PAC file for proxy. It's designed to support unmanaged device so the MDM based solutions like 'Global HTTP Proxy MDM payload' or 'Per-App VPN' simply don't work. After doing some research we found that with WKWebView, the only framework allowed on iOS for web browsing, there's no API for programmatically setting proxy. The closes API is the WKURLSchemeHandler, but it's for data management not network request interception, in other word it can not be used to handle HTTP/HTTPS request well. When we go from the web-view level to the app level, it seems there's no API to let an app set proxy for itself at an app-level, the closest API is Per-App VPN but as mentioned above, Per-App VPN is only available for managed device so we can't use that as well. Eventually we go to the system level, and try to use Network Extension, but there's still obstacles. It seems Network Extension doesn't directly provide a way to write system proxy. In order to archive that, we may have to use Packet Tunnel Provider in destination IP mode and create a local VPN server to loop back the network traffic and do the proxy stuff in that server. In other word, the custom VPN protocol is 'forward directly without encryption'. This approach looks viable as we see some of the network analysis tools use this approach, but still I'd like to ask is this against App Store Review Guidelines? If the above approach with Network Extension is not against App Store Review Guidelines, I have a further question that, what is the NEProxySettings of NETunnelNetworkSettings for? Is it the proxy which proxies the VPN traffic (in order to hide source IP from VPN provider) or it is the proxy to use after network traffic goes into the virtual private network? If none of the above is considered recommended, what is the recommended way to programmatically set proxy on WKWebView on an unmanaged device (regardless of where the proxy runs, web-view/app/system)?

I'm a web developer of WebRTC based web app for video and audio calls. After updating to iOS 26.1 beta I noticed, that my app can't use microphone anymore. When I'm calling to getUserMedia with audio set to true, Safari returns error "No AVAudioSessionCaptureDevice device". Other WebRTC demo apps also can't access microphone on this firmware. And maybe it's connected somehow, but safari can't detect connected AirPods Pro 2 as an input device. So, this bug brakes any WebRTC app, that uses microphones.

iPadOS 26, dark mode Open Safari Search for anything or open a website that has white background Kill Safari Open Safari again I still can reproduce it with Safari on iPadOS 26.0.1 This issue also happens to my app when opening a HTML/JS on WKWebView with white background while using dark mode. I did send a feedback ticket when using iPadOS 26 beta but havent seen any reply. This is my first time sending a feedback so I dont know if Apple would reply or not.

Hi, We are facing a major issue with our application. We are using FolioReaderkit to read epub files. Currently, it's working on the iOS 18.1 device and simulator, but it's not working on the iOS 18.2 and later version devices. we are facing this error in Folioreaderkit

Hello, my application experiences crashes related to JavaScriptCore in iOS 17 and 18. I would like to consult about potential causes, to determine whether it is a bug in JavaScriptCore or an issue with my code implementation. First, the crash stack always includes the call to JSC::MarkedBlock::aboutToMarkSlow(unsigned int). In the iOS 17 version, the crash occurs on this line, typically JSC::MarkedBlock::aboutToMarkSlow(unsigned int) + 88. In iOS 18 and later, the stack crashes atJSC::MarkedBlock::dumpInfoAndCrashForInvalidHandle(WTF::AbstractLocker&, JSC::HeapCell*). I checked the source code of JavaScriptCore for both iOS 17.6 and iOS 18.2 and observed modifications in the implementation of aboutToMarkSlow. My question is under what circumstances could this crash occur? crash.log I have attached a crash log encountered in iOS 18, hoping you can provide more effective information for problem diagnosis, especially since there are specific details worth noting near the crash registers. INVALID HANDLE: MarkedBlock = 0x141158000; heapCell = 0x14115bfa0; type = 0 INVALID HANDLE: found 24 0s at beginning of block INVALID HANDLE: block in another VM: 1, block in another VM: 1; other VM is 0x1324b6000 Moreover, in iOS 18.4, due to the implementation of dumpInfoAndCrashForInvalidHandleV2, the message has changed to: INVALID HANDLE 587: markedBlock=0x303518000; heapCell=0x303518fe0; cellFirst8Bytes=0; subspaceHash=0; contiguousZeros=0; totalzeros=0; blockVM=0x0; actualVM=0x0; isBlockVMValid=0; isBlockInSet=0; isBlockInDir=0; foundInBlockVM=0; INVALID HANDLE 606: markedBlock=0x303518000; heapCell=0x303518fe0; cellFirst8Bytes=0; subspaceHash=0; contiguousZeros=16384; totalZeros=16384; blockVM=0x0; actualVM=0x0; isBlockVMValid=0; isBlockInSet=0; isBlockInDir=0; foundInBlockVM=0; INVALID HANDLE 615: markedBlock=0x303518000; heapCell=0x303518fe0; cellFirst8Bytes=0; subspaceHash=0; contiguousZeros=16384; totalZeros=16384; blockVM=0x0; actualVM=0x0; isBlockVMValid=0; isBlockInSet=1; isBlockInDir=1; foundInBlockVM=0; (Further INVALID HANDLE messages follow the same format) I hope this provides you with more information.