i have programmed a website and struggle to get it to work on safari ios26. 100vh fixed positioned images do not fill the screen anymore. i could live with that, having two background coloured spaces at the top and at the bottom. but elements that scroll out of this new viewport are fully visible, as you can see on the enclosed screenshots. i have no idea how i could fix this and dont find any answer anywhere on the net?

I have a business scenario where I want to guide users to Safari and open a Safari extension. How can I open Safari from my app and navigate to a specific webpage?

Hello, I am developing a website which starts a web worker using the js code: const zarrWorker = new Worker('./zarr_file.js', { type: 'module' });. The script 'zarr_file.js' is served from the same origin with Cross-Origin-Embedder-Policy: require-corp and Cross-Origin-Opener-Policy: same-origin and it is importing external modules through the import statement (e.g. import * as zarr from "https://cdn.jsdelivr.net/npm/zarrita/+esm";). All the external modules are blocked by Safari with the error Worker load was blocked by Cross-Origin-Embedder-Policy, although I can see (by running curl on them) that they correctly set cross-origin-resource-policy: cross-origin`. The same website works fine in Chrome and Firefox. Is it a bug or is Safari implementing stricter policies? In the latter case what would be the solution?

Hi everyone, I want users not to see the system context menu when long-pressing text on a page in Safari on iOS. I found on MDN that the CSS property -webkit-touch-callout: none; can achieve this. But in reality, it doesn't really work. MDN documents URL: https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/-webkit-touch-callout Here’s a minimal example: function preventIOSSafariContextMenu() { if (document.getElementById(STYLE_ELEMENT_ID)) return; if (!IS_TOUCH_DEVICE) return; const style = document.createElement("style"); style.id = STYLE_ELEMENT_ID; style.textContent = ` html, body { -webkit-touch-callout: none !important; } `; (document.head || document.documentElement).appendChild(style); } The context menu persists. Has anyone else encountered this? Is this an intentional change in WebKit, or could it be a regression? If it’s intentional, is there a recommended alternative? Thanks in advance for any insights!

My Mac app and its Safari web extension share an app group, and I want to notify the web extension native process when the app makes a change to the app group NSUserDefaults, but I can't find a good way to do this. According to the documentation, "You can use key-value observing to register observers for specific keys of interest in order to be notified of all updates, regardless of whether changes are made within or outside the current process." In my testing, however, this doesn't work in the web extension process. I'm using NSUserDefaults addObserver forKeyPath, but observeValueForKeyPath never gets called. I've also tried NSDistributedNotificationCenter, but the web extension process doesn't receive the notifications sent by the main app. Are either of these supposed to work? If not, are there any alternatives?

In my chat web app I have button to upload images. On iOS in Safari I can see action sheet with "Media library", "Caption image or video", "Open files". Can I prevent opening this action sheet and directly open media library using HTML or JavaScript?

We are seeing network errors in Outlook mail on iOS and MacOS safari browsers. As per current investigation, we notice these network error when the user tries to use outlook after leaving it open on Safari for a while. Observations: Issue present in both MacOS and iOS safari. Issue is not present in other webkit browsers like brave and edge on iOS. Issue is reproable on both mini and big owa on safari browser. Issue is not related to post requests being sent in different packets on safari browser. Requests are only blocked for outlook.office/outlook.live domains What does not fix this issue? Reloading the application Clearing cookie, local storage or session storage Unregistering service workers Redirecting to a different page and coming back to outlook domain Re authenticating the users What fixes this issue? Reconnecting to wifi or mobile network Reconnecting vpn Removing safari from background and reopening Flushing the dns in setting

We are developing a mobile-first, browser-only web application that requires users to upload 20–200 images stored inside a single folder (for example, a merchant product directory). On iOS Safari: window.showDirectoryPicker() is not supported. is not supported. File System Access API is not available. Users must manually multi-select images from the Photos picker. This creates significant friction for bulk upload workflows. We are NOT requesting unrestricted file system access. We are asking whether a privacy-preserving, user-granted folder-scoped permission model is being considered for web applications. For example: User explicitly selects a folder. The web app receives scoped access only to that selected folder. Access is session-bound and revocable. No background or global storage access is required. Questions: Is folder-level access for web apps being considered for iOS Safari? Does installing a PWA provide any enhanced file access capability? Are there recommended best practices for handling bulk image uploads in browser-only iOS applications? Is there any roadmap alignment with the File System Access API standard? Our goal is to remain browser-only and maintain strict user privacy while improving usability for high-volume image workflows. Any clarification on intended platform direction would be appreciated.

When a DNR rule is set for a specific URL and the request receives a server-side redirect (e.g., 302) to a different URL that does not match the urlFilter, the rule still seems to apply to the redirected request. We are using macOS 15.4 and Safari 18.4. For example, consider two sequential calls: call1 and call2. call1 triggers a 302 redirect to call2. A DNR rule is created to add a "Cookie" header to call1 based on its URL. Unexpectedly, the same cookie is also added to call2, even though call2's URL does not match the rule's urlFilter. This results in the Set-Cookie response from call1 being ignored, and call2 receiving the manually set cookie instead—leading to incorrect behavior. This issue doesn't occur in Chrome or Firefox, where the rule is not applied to the redirected request if the URL no longer matches. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

While implementing Apple Maps into our web application, I have a scenario where I want to be able to drag and move some of my custom annotations around. While that is working, when "picking up" the annotation before dragging it, there is an animation which I believe is to represent the human interaction of picking up a pin from a map, I would like to cancel that animation and thought that would be possible by calling preventDefault() in the emitted long-press event, which the documentation states that annotations should emit if they are draggable. The thing is that I don't get this event to emit when long pressing an annotation. So I believe that I have found a bug. It's in this paragraph in the documentation https://developer.apple.com/documentation/mapkitjs/handling-map-events#Respond-to-map-interaction-events A long press occurs on the map outside an annotation. A long press may be the beginning of a panning or pinching gesture on the map. You can prevent the gesture from starting by calling the preventDefault() method of the event. Annotations need to be draggable to dispatch long-press events. In anybody else experiencing this or do you see any clear fix for this? Maybe there is another way to cancel that "picking up the annotation for dragging" animation. I have seemed to try anything else.

Hello, I followed the instructions to set up a custom logo for our domain name Allogarage.fr, both for the brand and the domain. Everything appears to be correctly configured in Apple Business backend for several weeks now, but the logo still doesn’t show up in Mail. Is the branded email feature available in France? Are there any additional steps required?

I am following up on Thread (https://developer.apple.com/forums/thread/733233). Currently, SFSafariExtensionManager.getStateOfSafariExtension only returns if an extension is enabled, but not if "Allow in Private Browsing" is toggled on. Is there an API in macOS 26 and Safari 19 that allows a native Safari App Extension to detect this specific permission?

Hi everyone, We're building a web application using Next.js that captures around 40 images across different routes as part of a guided user flow. At the beginning of the process, we explicitly request camera permission using navigator.mediaDevices.getUserMedia(...), and the user grants it successfully. However, as users proceed through the flow (navigating between routes), Safari on iOS intermittently re-prompts for camera access—despite the initial permission already being granted and the origin (domain) remaining unchanged. This repeated prompting interrupts the user experience significantly. What we’ve tried: Ensuring camera access is requested only once and reused where possible. Using persistent media stream across routes (where feasible). Testing across different iOS versions to confirm consistency. Questions: Is there a known workaround or best practice to persist camera access across route transitions in a SPA/PWA context on iOS? Are there any Safari-specific behaviors or restrictions related to WebRTC / getUserMedia we should be aware of? Would embedding the camera view in an iframe or maintaining a persistent component help avoid re-prompting? Any guidance or shared experience would be greatly appreciated. Thanks in advance!

Push Notification Issue in iOS PWA App We’ve been trying to implement push notifications in our iOS app, which is a wrapper around a Vite PWA built using PWA Builder. Here's a detailed overview of the issues we’re facing: Problem Summary We originally had a working Vite PWA and used Firebase Cloud Messaging (FCM) for push notifications. When converting this PWA to an iOS app using PWA Builder: The notification permission prompt did not behave as expected in Safari. Even after requesting permission via a user gesture (e.g., button press), FCM token was not received. On Safari (both Mac and Windows), permission sometimes works, but the token isn’t saved until Safari is closed and reopened. In the iOS PWA app, the FCM token never gets retrieved. We tried the same process on Chrome, and everything works flawlessly there. What We’ve Tried Wrapped the permission request and FCM token logic in a user gesture (e.g., button click), as recommended. Confirmed our manifest includes all necessary fields (see below). Tested across macOS, Windows, Safari (desktop), and the iOS app. Manifest.json { "name": "Periscopio", "short_name": "Periscopio", "start_url": "/", "display": "standalone", "background_color": "#f2f2f2", "lang": "en", "scope": "/", "description": "Facilitates the collection of primary data for market research purposes.", "icons": [ { "src": "/android-chrome-192x192.png", "sizes": "192x192", "type": "image/png", "purpose": "any" }, { "src": "/android-chrome-512x512.png", "sizes": "512x512", "type": "image/png", "purpose": "any" }, { "src": "/maskable_icon_x192.png", "sizes": "192x192", "type": "image/png", "purpose": "maskable" }, { "src": "/maskable_icon_x512.png", "sizes": "512x512", "type": "image/png", "purpose": "maskable" } ], "edge_side_panel": { "preferred_width": 400 }, "display_override": [ "window-controls-overlay", "standalone" ], "theme_color": "#08244c", "orientation": "portrait" } Core Logic (Plain TypeScript) 1. Request Notification Permission + FCM Token async function handleRequestPermission(): Promise<string | null> { try { console.log("Requesting notification permission..."); const permission = await Notification.requestPermission(); console.log("Notification permission result:", permission); if (permission === "denied") { console.error("Notification permission was denied."); return null; } const token = await requestFCMToken(); console.log("FCM Token:", token); if (token) { console.log("Notification setup successful."); return token; } else { console.error("Failed to retrieve FCM token."); return null; } } catch (error) { console.error("Error requesting FCM token:", error); return null; } } 2. FCM Token Logic async function requestFCMToken(): Promise<string | undefined> { try { let permission = Notification.permission; if (permission === "default") { console.log("Requesting notification permission..."); permission = await Notification.requestPermission(); } if (permission === "granted") { console.log("Notification permission granted."); const isSupportedBrowser = await isSupported(); if (!isSupportedBrowser) { console.error("This browser does not support FCM."); return; } const registration = await navigator.serviceWorker.register("/firebase-messaging-sw.js"); console.log("Service Worker registered:", registration); const token = await getToken(cloudMessaging, { vapidKey: "YOUR_PUBLIC_VAPID_KEY_HERE", serviceWorkerRegistration: registration, }); if (token) { console.log("FCM Token:", token); localStorage.setItem("fcmToken", token); return token; } else { console.warn("No registration token available. Request permission to generate one."); return; } } else if (permission === "denied") { console.warn("Permission to notify was denied."); return; } else { console.warn("Notification permission not granted."); return; } } catch (error) { console.error("Error getting FCM token:", error); return; } } Request for Help We’d really appreciate support from anyone who’s successfully implemented FCM push notifications in a Vite PWA wrapped as an iOS app using PWA Builder. Is there something we’re missing about how iOS Safari handles push permissions in PWA mode? Could there be an issue with the service worker or the manifest setup that causes the token not to register? Any Safari-specific quirks to be aware of? Thanks in advance!

WebAuthn can be used in Safari, but when using it with WKWebView, you need to set the default browser definition (com.apple.developer.web-browser). Is this correct? Also, is it possible that the terms of use will change or that it will no longer be available in WKWebView in the future?

Hello, why is Safari blocking my domains? https://fitgel.ru https://fittoma.ru https://ohota.pro There are no errors in them, other browsers respond normally.

Hello! I have a few questions about integrating an OAuth2 API into my Swift application. I am using this API to access user data from the website (users will authenticate themselves within the app). I have seen other apps use this API in the way that I am describing it so I know that it is possible. However, I am not sure how to implement it. Are there any recommended ways to use an OAuth2 API in my application? The API that I am using does not specifically say that it supports PKCE. However, I have heard from some sources that it does. If it does not support PKCE, how do I still create a secure app infrastructure that will pass App Store Review? At a more basic level, what is the difference between OAuth2 and PKCE? What should I use in my app? Are there any resources to learn a little bit more about these protocols so that I understand them better? Thanks!

In WKWebView, there is the WKUIDelegate method: func webView(_ webView: WKWebView, createWebViewWith configuration: WKWebViewConfiguration, for navigationAction: WKNavigationAction, windowFeatures: WKWindowFeatures) -> WKWebView? {} This delegate method provides a callback when a new window (for example, target="_blank") is requested in the web view. However, in native SwiftUI (iOS 26), WebView / WebPage APIs do not provide an equivalent delegate method to handle new window requests. As a workaround, I am using the following method: public func decidePolicy(for action: WebPage.NavigationAction, preferences: inout WebPage.NavigationPreferences) async -> WKNavigationActionPolicy {} In this method, when action.target == nil, I treat it as a new window request. My question: Is relying on action.target == nil in decidePolicy a reliable and future-safe way to detect new window requests in SwiftUI’s WebView, or is there a better or more recommended approach for handling target="_blank" / new window navigation in the SwiftUI WebView APIs? Code: public func decidePolicy(for action: WebPage.NavigationAction, preferences: inout WebPage.NavigationPreferences) async -> WKNavigationActionPolicy { guard let webPage = webPage else { return .cancel } // Handle case where target frame is nil (e.g., target="_blank" or window.open) // This indicates a new window request if action.target == nil { print("Target frame is nil - new window requested") // WORKAROUND: Until iOS 26 WebPage UI protocol is available, we handle new windows here // Try to create a new WebPage through UI plugins if handleCreateWebPage(for: webPage, navigationAction: action) != nil { // Note: The new WebPage has been created and published to the view return .allow } } return .allow }

Hello there, back in the old WebKit API there was the WKDownloadDelegate to handle download actions in WebViews. I was wondering how to handle download actions within the new WebKit in SwiftUI. Is there anything to use already or are there workarounds to handle downloads? Greetings, Thorben

I have an iOS app that generates and renders a custom HTML document inside a UIWebView. After updating a device to iOS 26, the same HTML is rendered with noticeably smaller fonts compared to previous iOS versions. No code or HTML changes were made. Context HTML is generated dynamically and rendered in a UIWebView The HTML is embedded inside a custom XML wrapper The issue happens only on iOS 26 Earlier iOS versions render the font size correctly