Hi everyone, I want users not to see the system context menu when long-pressing text on a page in Safari on iOS. I found on MDN that the CSS property -webkit-touch-callout: none; can achieve this. But in reality, it doesn't really work. MDN documents URL: https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Properties/-webkit-touch-callout Here’s a minimal example: function preventIOSSafariContextMenu() { if (document.getElementById(STYLE_ELEMENT_ID)) return; if (!IS_TOUCH_DEVICE) return; const style = document.createElement("style"); style.id = STYLE_ELEMENT_ID; style.textContent = ` html, body { -webkit-touch-callout: none !important; } `; (document.head || document.documentElement).appendChild(style); } The context menu persists. Has anyone else encountered this? Is this an intentional change in WebKit, or could it be a regression? If it’s intentional, is there a recommended alternative? Thanks in advance for any insights!

Hello We've encountered an issue with WKWebView in the latest iOS 26 beta. When loading a PDF URL, the background of the PDF viewer now displays as a dark gray instead of the expected white. Device: iOS 26 Simulator/Device Component: WKWebView Issue: The background color of the loaded PDF is gray. Expected Behavior: The background should be white, as it has been in all previous iOS versions. Link for Testing: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf We confirmed that the same PDF and code render with a white background on iOS 26 and earlier. Questions: Is this an intentional change in iOS 26's WKWebView? If so, is there a new property or configuration setting available to control the background color of the PDF viewer within WKWebView? We would like to have the ability to set it back to white. Any insights, workarounds, or information on this matter would be greatly appreciated. Thank you.

We attempted to perform automated testing (using Python) on an 11th generation iPad (iPad A16) using Selenium 4.38.0, but we were unable to capture webpage screenshots using the function "driver.save_screenshot(filename)". However, this issue did not occur on an iPad Air 4. During our debugging of the "WebDriver.py" script, we found that after issuing the screenshot command, a status value of 500 was returned, accompanied by an "unknown error". We have communicated with the Selenium team and provided the main Python code(https://github.com/SeleniumHQ/selenium/issues/16555). They suggested that the problem likely lies within the SafariWebDriver, rather than in the "remote_webdriver.py" file. Additionally, we tried using the SafariWebDriver provided by Safari Technology Preview, but the problem persisted.

Hi, I’m working with the SFExtensionProfileKey in my Safari Web Extension. As I understand it, this key is to get the UUID of the profile currently in use. However, it seems to be missing (no key in userInfo) when the default profile is active. Also, I haven’t found any API to get a profile’s human-readable name or list all available profiles. Could someone clarify: If the value of SFExtensionProfileKey is absent, can I safely assume the default profile is in use? Is there a supported way to get a profile’s display name? Does Safari expose an API for getting all profiles? Thanks in advance for your insights!

I am following up on Thread (https://aninterestingwebsite.com/forums/thread/733233). Currently, SFSafariExtensionManager.getStateOfSafariExtension only returns if an extension is enabled, but not if "Allow in Private Browsing" is toggled on. Is there an API in macOS 26 and Safari 19 that allows a native Safari App Extension to detect this specific permission?

Steps to Reproduce 1. Create a native UIViewController with a WKWebView, loading test-1.html (contains position:fixed header that displays correctly). 2. Push another UIViewController also with a WKWebView, this time loading test-2.html. 3. In test-2.html, tap into the to summon the on-screen keyboard. 4. Without calling blur(), perform an interactive swipe-back gesture to go back to the first view controller. 5. Observe that the fixed header in test-1.html is now offset downward by approximately the height of the keyboard and does not return to its original position. demo-link : https://bugs.webkit.org/attachment.cgi?id=476324

YouTube now requires a Referer to be sent to be able to embed Youtube videos, otherwise the videos won't work. But WKWebView doesn't send a Referer when using a custom scheme, so Youtube videos stopped working in that case. This affects Ionic apps, both using Cordova or Capacitor. There's an open issue for Cordova and another one for Capacitor. In these apps, the app is served using a custom scheme like capacitor://localhost or ionic://localhost. I tried modifying the Ionic WebView source code to force adding a referrer to the URL loaded using WKWebView's loadRequest: [request addValue:@"https://my.test.app" forHTTPHeaderField:@"Referer"]; [_engineWebView loadRequest:request] But the Referer is still not sent in the Requests, I guess because the app is using a custom scheme (e.g. capacitor://localhost). However, if I modify this code to force loading an "online URL" (using https) instead of capacitor://localhost, then the my.test.app Referer is sent to the requests. Is there any way to make WKWebView send a Referer when using a custom scheme?

iOS 18.4 introduces the new WKWebExtension API to support extensions in WKWebView. However, for extensions that have migrated to Manifest V3 and use an extension service worker as the background script, it's currently not possible to inspect them through Safari. This is only thing I can see, I don't know how to inspect the details of the "background.js" I'm wondering—has this changed? Is it now possible to inspect extension service workers?

As the title suggests, given today’s overpowered device performance, shouldn’t Safari and WKWebView allow repainting during window resizing? Currently, all WKWebView-based apps pause page rendering during resize. When a user double-clicks the drag region, the sequence goes: pause rendering → enlarge or shrink the window → leave a blank area → repaint the page. The whole process feels inelegant—especially on devices that support ProMotion.

Dear Apple Developer Support Team, I am writing regarding critical issues we are facing with Safari web push notifications in our application iLiveMyLife.io, which is severely impacting our ability to maintain reliable communication with our users. Issue Description: We are experiencing persistent problems with Safari push notification tokens expiring or becoming invalid without any notification to our server. This creates several critical issues: Users stop receiving notifications without any indication of failure Our notification delivery system has no way to detect token expiration The expiration appears to happen frequently (seemingly almost daily in some cases) There is no reliable mechanism to re-establish push communication without users manually revisiting the app Technical Impact: Our messaging functionality becomes completely unreliable We must resort to email or SMS as fallback mechanisms, which is not feasible for a real-time communication platform This makes building any reliable messaging application on Safari practically impossible The Broader Context: What makes this situation particularly challenging is that all potential alternative browser APIs that could help address this issue appear to be deliberately disabled or restricted in Safari: Background Service Workers don't function in the background on iOS Safari Background Sync API is not supported WebSockets cannot operate when the app is closed There's no way to programmatically check the validity of push tokens The combination of these limitations creates a situation where developers have no viable technical path to build reliable notification systems for PWAs on Safari. This appears to be a systematic restriction rather than individual API limitations. Requested Information: Is there a recommended approach to detect Safari push token expiration? Are there alternative notification mechanisms for PWA applications on Safari that offer more reliability? Is there documentation on the lifecycle of Safari push tokens that could help us implement proper handling? Are there plans to improve the Web Push API implementation in Safari to address these reliability issues? Could you clarify if these limitations are intentional design decisions or technical constraints that might be addressed in future updates? Business Impact: This issue fundamentally undermines our platform's core functionality. For a collaborative tool, reliable notifications are essential - users cannot collaborate effectively if they miss updates because their push tokens silently expired. The current state creates confusion among our users, who don't understand why they suddenly stop receiving notifications. Any guidance or assistance you could provide would be greatly appreciated. We're committed to providing an excellent experience on Safari, but the current push notification limitations make this extremely challenging. Thank you for your time and consideration. Best regards, Ilya

I have a website I’m working on that uses WordPress and element mentor pro. Basically everything is custom HTML in individual containers and custom CSS for each page. The problem that I’m running into is there needs to be a pop-up and the easiest way to do that is just use the element or proper pop-ups however, the overlay is not extending into the safe areas on the bottom or top notch. I’ve been trying to figure out a way to fix this, and I cannot get it to work. I’ve tried having CSS in every imaginable way to get it to extend the overlay.. The other issue is for this website there is no header. It’s just a container that’s the hero content and for some reason that also will not extend into the top-notch safe area. It extends to the bottom notch just fine but not the top notch and there’s just a white bar there where I prefer it be the background gradient that I have set up for the hero however, nothing I do will get it to push into that top notch safe area either. Hoping someone else had this issue and can help me out

We would appreciate it if you could provide the detailed flow of recurring payments and the unsubscribe process using the Apple Pay JS API, specifically in cases where the PSP decrypts the Apple Pay token before sending it to the payment gateway. Thank you very much for your kind assistance.

Could somebody provide hello world example of Safari Extension which is able to call on-device Foundation Model (Apple Intelligence)? I cannot find any examples yet

Enabling Private Relay seems to block XHR in Safari from reaching a local HTTPS server hosted by an iOS app, though it works in other browsers. Before (working): JS → https://local.example.com → 127.0.0.1 → OK After (blocked / no DNS reply probably): JS → https://local.example.com → ERR Is there any way to restore local domain access or mitigate this issue?

Hi Apple Team, We’ve noticed a couple of issues with launching default App Clip in safari and would appreciate your guidance. App Clip Popup Timing: When launching the App Clip using default URL, we sometimes see the small App Clip popup appear before the App Clip banner is displayed. Ideally, the banner should appear first. Cached URL Handling: In certain cases, the App Clip appears to be using a cached URL instead of the most recent one. For example, when we invoke two different App Clip URLs with unique parameters, the App Clip sometimes launches using the previous URL’s data instead of the new one. This behavior is inconsistent and makes it difficult to ensure users are directed to the correct experience each time. Could you please help us understand whether this is expected behavior or if there are any known issues or recommended solutions? Thank you for your time and support. Example

In my application, I use HTML pages to display the interface. Since it’s a cross-platform app, the pages and interactions work properly on other platforms. However, in WebKit, because HTTPS protocol is used, JS requests from the page cannot use the ws protocol but must use the wss protocol under HTTPS. Is there any way to allow a webpage under HTTPS to use ws requests normally? Google Chrome can do this.

I understand that you want echoCancellation and noiseSuppression in most cases, but I would like to be able to turn off all the filter processes for this particular use case. When I set echoCancellation: false in navigator.mediaDevices.getUserMedia, Safari 26 on MacOS produces stereo recording even if I set channelCount: 1. When I set echoCancellation: true, it produces mono recording as expected. How can I get mono recording with echoCancellation: false and channelCount: 1? Thanks!

We’re seeing an issue in our Safari Web Extension where not all cookies from the Set-Cookie response header are accessible. We are using macOS 15.4 and Safari 18.4. In the webRequest.onHeadersReceived callback, the Set-Cookie header returned by Safari only includes some of the cookies set by the server. If multiple Set-Cookie headers are present, we seem to receive only a partial list, some cookies are missing entirely. In Chrome and Firefox, the same callback provides all cookies set by the server without issue. We are looking for assistance in fixing these issues and having our Safari Extension function the same as it does in Firefox and Chrome.

Hello, I have an authentication flow where my app communicates with a backend protected by F5 client certificate validation. The client certificate is distributed via MDM and is available in the device keychain, but not accessible directly from the app. When using ASWebAuthenticationSession (or SFSafariViewController) Safari can successfully pick up and present the certificate during authentication, so that part works fine. However, the backend’s authenticate endpoint only supports a POST request with an Authorization header, whereas ASWebAuthenticationSession only accepts a GET URL when starting the session. My questions are: How is this type of flow typically implemented in iOS? Should the backend provide a GET-based endpoint that redirects into the POST, or is there a recommended iOS pattern (e.g., an intermediate HTML page that does the POST after certificate validation)? Are there Apple guidelines on handling certificate-based auth with ASWebAuthenticationSession when the API requires POST, especially for In-House distributed apps? Any guidance or best practices would be very helpful.

I have a very specific issue that happens only on iOS Simulator version 18.4. It does NOT happen when I run my app on a real iOS 18.4 device through Testflight. My app displays a WebView (courtesy of Capacitor, url scheme capacitor://). Inside that Webview I'm using Firebase JS API (11.2.0) and calling signInWithEmailAndPassword, which works well in all other contexts, i.e. browser, Android webview, iOS webview in all other Simulator versions, and on real devices. Only when running in Simulator 18.4, I get a failed network request: cannot parse response Fetch API cannot load https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?... due to access control checks. Failed to load resource: cannot parse reponse error: FirebaseError: (auth/network-request-failed) Everything is working correctly for both: Capacitor app webview installed on a real 18.4 device with Testflight Safari (non-webview) in the 18.4 Simulator The issue is severe for us, because we are unable to develop our app and test it in the simulator on 18.4 Simulator before pushing it through Testflight internal release. Request headers on the failed request (no response status or headers available). Request Accept: / Content-Type: application/json Origin: capacitor://localhost Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) - AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 X-Client-Version: Mobile/JsCore/11.2.0/FirebaseCore-web X-Firebase-Client: (...)