"The Safari web extension packager enables you to package and distribute your Safari extensions using App Store Connect from any web browser, without requiring a Mac or access to Xcode." I upload the unzipped folder I'd test in Chrome://extensions to the Safari web extension packager in App store connect. I get error: Embedded binary's bundle identifier is not prefixed with the parent app's bundle identifier. The only solution i've seen to this error involves xcode/a mac, being without which doesn't help

Hi Apple Developer Community and Support, We are implementing Apple Pay on the Web and are encountering a persistent issue with merchant validation when the ApplePaySession is initiated from a JavaScript application running within a cross-origin iframe. Our Setup: Top-Level Domain: https://application.my.com/ (where the Apple Pay button is displayed, and the iframe is embedded) iFrame Content Origin: https://cashier.my.com/ (Our custom JavaScript application that handles the Apple Pay integration and directly calls our Payment Service Provider's (PSP) API for merchant validation). iFrame allow attribute: The iframe correctly includes allow="payment *". The Problem: When a user clicks the Apple Pay button, the ApplePaySession is successfully created and the Apple Pay sheet opens in Safari iOS. This suggests the browser recognizes the allow="payment *" attribute and allows the API calls. However, during the session.onvalidatemerchant callback, our JavaScript code makes a direct API call to our PSP (Nuvei)'s endpoint. This call consistently fails with an "Invalid domain name!" error, and the Apple Pay sheet then shows "Payment Not Completed." PSP's Diagnosis: Our PSP (Nuvei) has investigated and stated that for this specific endpoint (getAppleValidationApiFlow.do), "there is no explicit way to pass domain to the endpoint and domain for which session is issued is based on 'Referer' header." Our Question for Apple: Given that Safari 17+ now supports allow="payment" for cross-origin iframes to enable Apple Pay APIs, we have the following questions: What is Apple's official guidance or expectation regarding the Referer header for ApplePaySession.onvalidatemerchant calls when the ApplePaySession is instantiated from a cross-origin iframe? Is it expected that the Referer header for calls originating from the iFrame will always be the iFrame's origin? Does Apple's merchant validation process (when the PSP calls apple-pay-gateway.apple.com/paymentservices/startSession) itself rely on or interpret the Referer from the initial client-to-PSP call? Are there recommended best practices or standard approaches for PSP integrations in this cross-origin iFrame scenario to ensure the Referer validation (or equivalent domain validation) is correctly satisfied? We're trying to understand if our PSP's specific reliance on the Referer for this validation is a standard requirement implicitly set by Apple for this flow, or if there are other architectural approaches that should allow this scenario to work seamlessly. Thank you for any insights or guidance you can provide.

Hi everyone, My web application has two services: myapp.com and account.myapp.com. The first manages all app content, while the latter handles the authentication, with Sign In with Apple included. The tech stack is mainly composed of React, JS, and Express. We'd like to allow users to authenticate inside a dialog on some pages of myapp.com. To avoid replicating stuff from one service to another, we put an iframe inside the dialog to show the authentication standard page from account.myapp.com. Email and Facebook processes work fine, but we have the following issues with Sign in with Apple: On desktop, not Safari, a pop-up window opens when you click on the Apple button, and it works as expected. On desktop Safari, the pop-up window is blocked. We want the native Apple pop-up to show instead of a generic browser new window. On mobile, nothing happens on click Obviously, outside the iframe, everything works as expected. I can't seem to find anything related to an iframe constraint in the Sign in with Apple docs. Is this feasible?

I am trying to build and run a Safari Web Extension from Xcode and I have enabled "Allow unsigned extensions" in Safari settings. However, I see the below pop up: And, if click on the "Quit and Open Safari Extensions Preferences..." button, the project stops running on Xcode and nothing happens. What can be the issue? The extension works and runs fine if I get it from the Mac App Store and this only happens when running from Xcode. I even tried completely uninstalling the mac app store version and still facing the same issue.

WKWebview of iOS 18 includes Safari browser. When playing videos, some videos show "NotSupportedError: The operation is not supported.", but it is normal on iOS15 devices. The video link is as follows. Even if it is downloaded and referenced locally in HTML, it cannot be played, so it is ruled out that it is a network problem. https://ydtj-adas.oss-cn-shanghai.aliyuncs.com/e6yun.com/exam/exam/a35447b496b94e5e9a6aab27d62c867e.mp4 cannot be played https://ydtj-adas.oss-cn-shanghai.aliyuncs.com/e6yun.com/exam/exam/82d970957a7d4e8d88c13cd101143005.mp4 can be played

Merhaba ben Müslüm İkuz blog sayfam için Safari tarayıcıdan siteye çok fazla istek geliyor. Sayaçlara girdiğimde uygulama safari olarak gözüküyor ve binlerce sayfa isteği gelmiş. Bu bir siber saldırı mı ? site adress https://ikuz.com.tr/

Hi! I'm trying to implement ASWebAuthenticationSession to log in to my app via the web app backend. However, I'm a bit confused about the cookies that this has access to. When I set prefersEphemeralWebBrowserSession=false it does not seem to use the cookies from Safari. Or at least, I'm logged into my web app in Safari, but when I use ASWebAuthenticationSession I still have to log in again. Does it not share session cookies with Safari? I did notice that if I don't use an ephemeral session, once I log out and try to log back in my app does automatically log me in but that's actually unhelpful in my opinion because now I have no way to clear that session because it only lives in the ASWebAuthenticationSession context. If that's the case I may as well use the ephemeral session then because it seems to have only drawbacks.

After upgrading to Xcode 15.2 or above(Till Xcode 16.2), users are unable to open Site B (HTTP URL) from Site A (HTTP URL) within our Browser app when loaded in WKWebView. Clicking the link to Site B results in a spinning wheel, but the site does not load. This issue is not present when the app is built with Xcode 15.0.1. Additionally: Users are connected to a VPN, which is required to access the sites. Site A and Site B are on different domains (cross-domain request). Expected Behavior: Clicking the link to Site B should successfully load the site with user information passed from Site A. Current Behavior: Clicking the link results in a spinning wheel, but Site B does not load inside WKWebView. Technical Details: Both Site A and Site B use HTTP (not HTTPS). Site A and Site B have different domains (cross-domain request). Do not use location.href for transitions. Instead, we temporarily set about:blank in an iframe and then submit data via a form to the target system’s URL within the iframe. This approach worked in Xcode 15.0.1 but fails in Xcode 15.2 or above. Users are connected to a VPN, which is required to access the sites. WKWebview is not receiving navigation delegate callback for Site B Steps to Reproduce: Ensure the device is connected to a VPN. Open the app (using WKWebView) built with Xcode 15.2 or above. Load Site A (HTTP) within the app in WKWebView. Click the link to Site B (HTTP), which should open in an iframe. Observe that a spinning wheel appears, but Site B does not load. Environment: Xcode Versions Affected: 15.2 or above (issue present), 15.0.1 (no issue) iOS Version: All iOS versions Devices: iPad Questions: Has there been any change in WKWebView’s handling of HTTP URLs or VPN-related network traffic in Xcode 15.2? Are there any new security policies, iframe restrictions, or VPN-related changes in this version that might be affecting this behavior? Request for Assistance: Can you confirm if this is a known issue or an intended change? Are there any workarounds available?

SwiftUI List Accessibility VoiceOver

Device: iPhone 15pro, ios26.0 (23A 341) IOS version: 26.0 (23A 341) When using position: sticky; bottom: 0, the div is expected to stick to the bottom of the viewport when the browser toolbar hides while scrolling. However, it stops at the height where the toolbar was, instead of moving down with the disappearing toolbar. In the image below, the red-bordered navigation shows the situation where it does not stick to the bottom. i

I have had zero luck anywhere else and it’s at this point infuriating. February 23rd of this year I submitted a ticket in Feedback regarding how Safari for me has been broken. I can’t load any website at all, I have cleared cache, data, you name it. I have reset the phone after doing so and as I type this today on a brand new iPhone 17 Pro Max it still doesn’t work. Every single app that prompts a Safari window to sign in also doesn’t work and crashes just as Safari the app does. Sometimes I get a message that pops up that says “Webkit encountered an internal error” before it crashes. I can’t provide a screen recording or screen shots because Safari just crashes. I genuinely don’t know what to do or where to go for an answer and i’ve submitted seven updates to my open Feedback ticket since February 23rd 2025, spanning months from that original date and yet no change or help has came from it. I am clueless on how to even begin to go about fixing it and agitated because it’s been so long, so many other apps effected by this, even on a brand new device Safari still does not work for me. Any help at all would be greatly appreciated I used to have a 15 Pro Max but now on the 17 Pro Max and throughout the entire time i’ve been on the developer beta. Maybe that is the issue i’m unsure because now i’m just on iOS 26 so I don’t know if it’s just stuck like this forever. Again any help would be appreciated. I have not went physically to Apple yet to get this solved it‘s been a last resort, considering my options I might have to clear time to go. I’ve been using Chrome ever since this issue.

Hi, I am developing the Click & Read web add-on for Chromium, Firefox and Safari. We use xcrun safari-web-extension-converter tool to generate the Safari add-on, with up-to-date MacBook MacOS, Xcode et Safari : Sequoia 15.3.2, Safari Version 18.3.1 (20620.2.4.11.6), XCode Version 16.0 (16A242d). We have updated our addon to Manifest v3, having the Background script as Server Worker "background": { "service_worker": "background.js", "type": "module" } self.addEventListener("activate", (event) => { console.info("Service Worker activated", event); event.waitUntil( self.registration.pushManager .subscribe({ userVisibleOnly: true, applicationServerKey: urlBase64ToUint8Array( process.env.VAPID_PUBLIC_KEY ), }) .then(async (subscription) => { console.info("[Service Worker] Extension is subscribed to push"); const { subscription: savedSubscription } = await getLocalStorageKeyData("subscription"); if (savedSubscription) fetchApi({ url: `${API_SERVER_URL}/subscription/remove/${savedSubscription.keys.auth}`, }); // Remove previous subscription from server on addon activate currentBrowser.storage.local.set({ subscription: subscription.toJSON(), }); // Save subscription in local storage currentBrowser.runtime.setUninstallURL( `${API_SERVER_URL}/subscription/remove/${ subscription.toJSON().keys.auth }` ); // Set uninstall URL to remove notification subscription on addon uninstall fetchApi({ url: `${API_SERVER_URL}/subscription`, reqInit: { body: JSON.stringify(subscription.toJSON()), method: "POST", headers: { "Content-Type": "application/json", }, }, }); }) .catch((error) => { console.error("Push subscribe error: ", error); }) // Subscribe to push notifications ); }); When trying to subscribe the addon instance to our Push server, we get this error : Push subscribe error: NotAllowedError: User denied push permission Our NodeJS backend is using the web-push librabry : https://github.com/web-push-libs/web-push) to save subscriptions and make notifications push. By looking for same errors on forums, the best hint I found is that it could be related to the testing is done on localhost (addon is built from XCode onto Safari, and Push server is running on localhost). Thanks for your help !

Hi! Is there any fix: Sounds are not recreated while using websites with, for example, virtual piano keyboard or metronome.

I'm developing a web extension for Safari on iOS using MV3. The extension is working fine in Chrome, but in Safari I experience some seemingly random issues. I would like to debug it, but here is my problem. I have my iPhone connected via cable to Mac, and it works fine with XCode, so I assume this part is OK. I open Safari or Safari Tech Preview (doesn't matter) on my Mac, developers options are enabled, and in the Develop menu, under my iPhone section, there are things I can debug. There is an entry "[Ext name] - Extension Service Worker" but when I click it, it's empty. Web inspector pops up, but there are no network requests, no logs, nothing. I know the extension is working, because I can stream log to my HTTP server, but I don't see them here at all. I can use console to trigger commands like chrome.storage.local.get(null, console.log) and it shows my local store, so why I don't see any logs? Also, the background script is not visible in the Sources tab, just one weird request: navigator.serviceWorker.register('safari-web-extension://E3449EA7-EC25-4696-8E6C-[ID HERE]/background.js'); </script> Any ideas what went wrong? The entire team of 4 people has the same issue and we can't move forward because of that. Also, the Develop => Service workers or any other menu section doesn't show my service worker. Logs for websites running on my phone are visible and in general web inspector for them works fine.

Hi Developers, I am working on a small project and I noticed that my website header looks different in Safari on macOS compared to Windows browsers like Chrome and Edge. In Safari, the header text and spacing look slightly shifted (screenshot attached). On Windows browsers, everything looks perfectly aligned. Here is my live project for reference: https://gratuitycalculatorae.com/ Screenshot from Safari (macOS): Is this related to Safari-specific CSS rendering? Should I use -webkit- specific fixes or is there a better cross-browser solution? Any guidance or best practices would be really helpful. Thanks

I have a UI application built with the Vue framework, using Vuetify for the UI components. There's a div with the class v-application--wrap, which is provided by Vuetify. This class internally includes the following style rule. .v-application--wrap { backface-visibility: hidden; display: flex; flex: 1 1 auto; flex-direction: column; max-width: 100%; min-height: 100vh; position: relative; } The pages were rendering correctly up to version 18.3, but after upgrading to version 18.4, we encountered layout issues related to height. Upon investigation, we discovered that the min-height property was no longer being interpreted or applied correctly. Replacing min-height with height resolved the issue, and the pages began loading as expected. Any insights into why this behavior is occurring would be greatly appreciated.

Hi all, Managing Safari usage in an enterprise environment and I’m looking for ways to disable or restrict the QUIC protocol to enforce network-level security policies (e.g., content filtering). Does Safari offer any settings to disable QUIC, or is there a known workaround to prevent Safari from using it? Appreciate any insights or guidance.

I have "http://localhost:8080" showing the index page I've created but php is not handled though an extension is running. Haven't even tried mySQL yet but since there is no reference to it in https.conf the same problem will exist. Homebrew extension running also. https.conf: #PHP was deprecated in macOS 11 and removed from macOS 12 #LoadModule php7_module libexec/apache2/libphp7.so There are no php.so files on my machine and again no mention of mysql What should I enter in http.conf to activate these functionalities? Thanks. PS could you reference a tutorial on using Safari and Web inspector

I'm encountering an issue with front camera video recordings via browser (Safari/Chrome) on devices running iOS/iPadOS 18 and above: On iPad, the recorded video appears upside down. On iPhone, the recorded video is rotated 90 degrees. The rear camera functions correctly without orientation issues. This problem seems specific to browser-based recordings, as the native Camera app records videos with the correct orientation. Has anyone else experienced this behavior? Is there a known workaround or fix? The preview while recording is fine, the recorded video is oriented incorrectly.

Our team has implemented a video player using the HTML5 tag, but we have identified an issue with loading media files. While Safari on iOS 18.0 downloads each TS file listed in the m3u8 playlist correctly, on iOS 18.4 and 18.5, a single TS file is downloaded repeatedly. Our statistics indicate that approximately six requests are made per second for the same TS file. Is this intended behavior? If not, are there any known workaround or solutions? If this issue is due to the OS or browser, are there any plans to address it in iOS 18.6 or a future release? Could you advise on the proper channel to submit a bug report for this issue? Similar issues have been reported in the past with WKWebView. The previous thread is here: https://developer.apple.com/forums/thread/784134