Our UI-less share extension (com.apple.services) appears in Safari and Chrome. We raise a popup "Open in (app)..." via the Action.js script document.location.href = urlScheme://... in Safari. However, in Chrome, while our extension executes, parses the URL item attachment from Chrome, it never triggers that popup or opens our app. How can a UI-less share extension open our app from Chrome? Is the accepted practice, despite guidelines, turning the com.apple.ui-services view controller invisible and auto-openURLing? Several apps on the store appear to do this, immediately popping their app without any confirmation dialog or UI in both Safari and Chrome. https://stackoverflow.com/a/79369242

Hello Community, My application was rejected by Apple App Review, citing Guideline 4.7 and "non-embedded," which I believe is incorrect. All transactions are signed and sent directly through the app with explicit user permission. Additionally, there's an issue with min apps where users can access the functionality via a browser to interact with the service. This feature has been part of my old application and hasn't changed in the new update. It’s the same functionality as used by popular wallets like Metamask Uniswap Coinbase Which also employ web3 technology. Over the past two weeks, I've tried to communicate with Apple's support team but have been ignored or received only generic rejection emails. This has left me frustrated and concerned about the time and resources I’ve invested in developing and supporting this app. Could you please help me find a solution? Your assistance would be greatly appreciated!

Who can help me, I am running into a WebKit crash on ios 17 and I cannot reproduce it in the debug environment. Crashes happen in these iOS version：17.6.1, 17.5.1, 17.7.5, 17.4, 17.7, 17.4.1, 17.7.3, 17.6 WebKit IPC::Connection::cancelReply<Messages::WebPage::PerformDragControllerAction, WebKit::WebPageProxy::performDragControllerAction(WebKit::DragControllerAction, WebCore::DragData&, std::__1::optional<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > > const&)::$_26>(WebKit::WebPageProxy::performDragControllerAction(WebKit::DragControllerAction, WebCore::DragData&, std::__1::optional<WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits> > > const&)::$_26&&) (in WebKit) WebKit WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*) (in WebKit) WebKit IPC::Connection::cancelAsyncReplyHandlers() (in WebKit) WebKit IPC::Connection::invalidate() (in WebKit) WebKit WebKit::AuxiliaryProcessProxy::shutDownProcess() (in WebKit) WebKit WebKit::WebProcessProxy::shutDown() (in WebKit) WebKit WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch(WebKit::ProcessTerminationReason) (in WebKit) WebKit WebKit::WebProcessProxy::didClose(IPC::Connection&) (in WebKit) WebKit IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (in WebKit) WebKit IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() (in WebKit) WebKit WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5, void, >::call() (in WebKit) JavaScriptCore WTF::RunLoop::performWork() (in JavaScriptCore) JavaScriptCore WTF::RunLoop::performWork(void*) (in JavaScriptCore) CoreFoundation ___CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (in CoreFoundation) CoreFoundation ___CFRunLoopDoSource0 (in CoreFoundation) CoreFoundation ___CFRunLoopDoSources0 (in CoreFoundation) CoreFoundation ___CFRunLoopRun (in CoreFoundation) CoreFoundation _CFRunLoopRunSpecific (in CoreFoundation) GraphicsServices _GSEventRunModal (in GraphicsServices) UIKitCore -[UIApplication _run] (in UIKitCore) UIKitCore _UIApplicationMain (in UIKitCore) homework main (in homework:main.m:39) dyld start (in dyld)

SwiftUI List Accessibility VoiceOver

Hello all, As you may know, the company ProofPoint is an Apple partner, and is engaged (I think) to reduce misuse of icloud emails. We have two servers solely set up for our web-app, which is a specialised forum for apartment owners. The new servers were established about the same time, with the same provider, with clean new IP addresses - and as mentioned above, are only used for this web-app. During a testing phase a YEAR ago, we became aware that our in-house icloud emails weren't receiving notifications via the app, and further investigations revealed that the cause was that ProofPoint had placed a block on that server's IP. We immediately, via their website form initiated a Support Ticket, which, the site indicated was lodged, BUT we have never received any response to that Ticket, nor have we received any response to four subsequent Tickets we initiated - nothing. In over a year!! Yesterday, we contacted Apple support, but the devices area of support is the main section and they said it wasn't an issue they could assist with. Some relevant matters: SPF: DKIM: DMARC: are, I believe all configured correctly (and Gmail gives a PASS to all of them). The IP is not blacklisted by any list we are aware of. Our other server's IP isn't blocked by ProofPoint. So, literally at wits end, I'm reaching out to the developer subscribers here to see if they have any suggestions for us. We currently are unable to accept any new subscriber that is using an icloud email address, and that's an absurd situation to be in. Surely we don't have to go to the trouble and inconvenience of obtaining a new IP because of this!!! But when we can't get ANY response to the Support Tickets, it's really hard. Thanks

How can i add Authorization header to a wkwebview. I checked https://developer.apple.com/documentation/foundation/nsurlrequest#1776617 which says Authorization header is a reserved http header and shouldn’t be set. I want to set it when requesting a url in wkwebview for authentication purpose?

Hey everyone, After installing iOS 26 beta, I started noticing unexpected behavior in our input event handlers. Specifically, when users type into an field, event.target.value is always an empty string — but only when the JS file is loaded from a specific domain (e.g., t1.daumcdn.net). The exact same code works perfectly when hosted on other domains like t2.daumcdn.net or search1.daumcdn.net. 👉 I created a demo here: 🔗 CodePen Demo The scripts loaded from each domain are 100% identical (apart from the top-level selector). Before iOS 26 beta, this worked fine. I suspect this is related to ITP or some new cross-origin behavior in Safari, but I’d love to know if anyone else is running into this — or if someone knows a workaround. Thanks!

Hi, when I display an HTML page with a on Safari iOS, I get a nice UI. Great! At the first look I see a video frame with an arrow-in-a-circle button in the middle. Very nice. I click on the arrow and I get a fullscreen view while the video begins to play. I watch the video then I pause it then I click on the top-left x button. So I go back to my html page and the video is perfectly there as it was before. But, there is an annoying new detail. The video frame is really dark, it still presents all the controls and a "different" arrow button to play it again. In other words that nice video-frame, that nice picture, is not longer visible on the page. That nice page with nice pictures has now an almost-black rectangle. Too bad. Sure I can click on the video (outside the controls) then the controls and the black overlaying frame disappear. I can see that nice picture again. Finally. Well, but the arrow-in-a-circle button to play the video disappeared. Now the user cannot longer understand that's a video to play. It looks just like any other pictures to admire statically. Is any way to get the previous first look of the video? The one clear, with the current frame and the arrow-in-a-circle look?

When practicing a post request today I forgot to use the setvalue method. Why is this method important and needed for a post request? Don't we just encode the data to JSON and put that as the httpbody and make the request

The extension popups don't seem to support the dark mode media query. The only way the query gets detected is when a color-scheme is added: <meta name="color-scheme"content="light dark">

Hey everyone, After installing iOS 26 beta, I started noticing unexpected behavior in our input event handlers. Specifically, when users type into an field, event.target.value is always an empty string — but only when the JS file is loaded from a specific domain (e.g., t1.daumcdn.net). The exact same code works perfectly when hosted on other domains like t2.daumcdn.net or search1.daumcdn.net. 👉 I created a demo here: 🔗 https://codepen.io/bzasklcu-the-sans/pen/rNXogxL The scripts loaded from each domain are 100% identical (apart from the top-level selector). Before iOS 26 beta, this worked fine. I suspect this is related to ITP or some new cross-origin behavior in Safari, but I’d love to know if anyone else is running into this — or if someone knows a workaround. Thanks!

In our web application some functionalities will allow user to upload multiple images (More than 25 images) in a single page It is working find in all OS and browsers except iOS When user try to upload images directly from camera there will be some overlaps, duplication, missing etc. This is happening in both Safari and Chrome, we had a thorough check in our application and found every thing is working fine from our end You can reproduce the issue by creating a web page which accept more than 50 images (we tried the same in ASP MVC Core & PHP) and showing the images in order access the page through your iPhone using Safari or Chrome Try to upload images directly from your camera, try sequential images (Image of a stop watch, or some thing like that) so that you can easily identify the order of files uploaded and check the listing page of uploaded image (Try these steps multiple times) You can find some images are duplicated and some are missing

現在新しいWebViewを使ってwebページを読み込むiPadプログラムを作成中ですが、読み込んだ後に部分のボタンをタップしても何も起こりません。safariで通常通りページを開いてボタンをタップするときちんと写真ライブラリ・カメラで撮るなどのポップアップが表示されます。下記がコードです。Webページは単純化のためにのみを配置しています。 struct SwiftUIWebView: View { @State private var webPage = WebPage() private let url = URL(string: "https://www.****.com/")! var body: some View { WebView(webPage) .onAppear { // URLを読み込む webPage.load(URLRequest(url: url)) } } } 何か追加のコードが必要なのでしょうか？

How can I set it as a formal payment environment if I can make the payment now without any deduction?

Hello there, back in the old WebKit API there was the WKDownloadDelegate to handle download actions in WebViews. I was wondering how to handle download actions within the new WebKit in SwiftUI. Is there anything to use already or are there workarounds to handle downloads? Greetings, Thorben

When a DNR rule is set for a specific URL and the request receives a server-side redirect (e.g., 302) to a different URL that does not match the urlFilter, the rule still seems to apply to the redirected request. We are using macOS 15.4 and Safari 18.4. For example, consider two sequential calls: call1 and call2. call1 triggers a 302 redirect to call2. A DNR rule is created to add a "Cookie" header to call1 based on its URL. Unexpectedly, the same cookie is also added to call2, even though call2's URL does not match the rule's urlFilter. This results in the Set-Cookie response from call1 being ignored, and call2 receiving the manually set cookie instead—leading to incorrect behavior. This issue doesn't occur in Chrome or Firefox, where the rule is not applied to the redirected request if the URL no longer matches. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

Hi all, Question: Can Apple confirm that, on macOS 15 without MDM/supervision, there is no supported API, entitlement, auth right, or config file that can enable a Safari App Extension without some form of user interaction? Environment • OS / Safari: macOS 15.0.1 (Sequoia), Safari 18.x • Distribution: Signed, notarized, stapled PKG installs a host app that contains a Safari App Extension • Management: No MDM allowed (and thus no supervision) • Goal: Have the extension come up enabled immediately after install, without requiring the user to click the checkbox in Safari Settings ▸ Extensions What we already know / tried Normal install flow – After PKG install, the extension shows up disabled. User must check the box to enable. SFSafariApplication.showPreferencesForExtension(...) – We can deep‑link the user to our row, but they still need to click “Enable.” Accessibility/UI scripting – We can script the click if the user grants our helper Accessibility permission. That still involves user interaction. .mobileconfig with Safari Extensions Management (AlwaysOn) – From what I can tell, this requires a supervised device enrolled in MDM. Installing that profile manually on an unsupervised Mac does not enforce the “AlwaysOn” state. Auth rights / Developer mode – Looked at auth.db rights like com.apple.Safari.allow-unsigned-app-extensions, and the Develop menu “Allow Unsigned Extensions.” Neither appears to auto‑enable a signed extension, and we don’t want to use private/unsupported APIs anyway. Thanks in advance for any clarification.

I have a simple Safari extension for iOS. In its popup, I want a button that will open the app via a universal link. I have this kind-of working, except that Safari opens the actual online destination of the link with a banner at the top saying "Open in the XXXX app" and an OPEN button. What do I have to do to go directly to the app? More generally, I know that if I copy-and-paste a universal link into the Safari address bar, Safari does the same thing - but it does go directly to the app from an <a href="...."> link. In my app extension JavaScript, I set window.location. Presumably this is too similar to pasting into the address bar. Is there some alternative to setting window.location that is more like clicking on a link and will go directly to the universal link's app? Thanks.

I am trying to cache fonts natively in a hybrid app, so that CSS hosted in an https website loaded in WKWebView through loadRequest can reference them like this for a performance boost: @font-face { font-family: 'MyFont'; src: url('my-assets://Gordita-bold-subset.woff') format('woff'); font-weight: normal; font-style: normal; } The problem happens when I register a WKURLSchemeHandler for my-assets. The handler never gets called and the Safari Web Insepctor shows this: [blocked] The page at https://www.x.com/ requested insecure content from my-assets://Gordita-bold-subset.woff. This content was blocked and must be served over HTTPS. Interestingly enough, if we try to serve content with <img src="my-assets://test.png" this restriction does not apply. Are there any workarounds other than using the private API WKProcessPool._registerURLSchemeAsSecure?

Safari Extension Error: “Non-persistent background content cannot listen to webRequest events.” after macOS 15.4 / Safari 18.4 Update We’re seeing the following error in the Safari Extensions tab after updating to macOS 15.4 and Safari 18.4: “Non-persistent background content cannot listen to webRequest events.” This error did not appear prior to the update, and we haven’t found any official documentation stating that webRequest API is no longer supported in Safari. In our extension (Manifest V3), we are using the webRequest.onHeadersReceived callback to intercept response headers and read updated cookies. While the functionality itself still works as expected. we’re able to access the response headers and this error is now shown in the Extension settings page. We are not seeing this issue in other browsers (Chrome, Firefox) using the same Manifest V3 setup. Is there any plan to deprecate webRequest support in Manifest V3 for Safari? We’d appreciate any clarification or guidance on how to handle this going forward.