Scenario Overview: In our app, we open an in-app browser to complete a third-party consent flow. The sequence is: App → Website A (set cookie and redirect) → Google → Website A (check cookie) → App After upgrading the app, the first consent attempt fails because the cookie cannot be written, causing the check cookie step to fail. However, if we use the native Safari browser, this issue does not occur. Observed Behavior: Scenario Result Upgrade app → Consent ❌ Fail Upgrade app → Consent fail → Consent again immediately ✅ Pass Upgrade app → Consent fail → Upgrade again after 1–2h → Consent ✅ Pass Upgrade app → Consent fail → Upgrade again after 1d → Consent ❌ Fail Install a new app → Consent ✅ Pass Upgrade app → Consent, cancel flow → Consent again ✅ Pass Install new app → Wait for upgrade → Upgrade app → Consent ✅ Pass Install new app → Wait 1–2h → Upgrade app → Consent ✅ Pass Investigation: From Safari documentation, this seems related to Intelligent Tracking Prevention (ITP), which restricts cross-site cookie behavior during first-party interactions. However, I haven’t found a clear mitigation strategy yet. Question: Has anyone encountered similar issues with Safari ITP after app upgrades? Are there recommended approaches to ensure cookies persist across this redirect flow?

Hey everyone, After installing iOS 26 beta, I started noticing unexpected behavior in our input event handlers. Specifically, when users type into an field, event.target.value is always an empty string — but only when the JS file is loaded from a specific domain (e.g., t1.daumcdn.net). The exact same code works perfectly when hosted on other domains like t2.daumcdn.net or search1.daumcdn.net. 👉 I created a demo here: 🔗 CodePen Demo The scripts loaded from each domain are 100% identical (apart from the top-level selector). Before iOS 26 beta, this worked fine. I suspect this is related to ITP or some new cross-origin behavior in Safari, but I’d love to know if anyone else is running into this — or if someone knows a workaround. Thanks!

I have a working answerer-only WebRTC client to view video from a remote device. This client, works in all common web browsers (Chrome, Edge, Firefox, etc.) except in Safari. After trying to debug the problem, I noticed that after calling await peerConnection.setLocalDescription(answer); RTCPeerConnection.iceGatheringState never changes to the "gathering" state and stays the default initial "new" state. This is a problem because the ICE candidates can never be gathered and thus the client in Safari does not work at all. What is surprising and weird is that by explicitly calling setLocalDescription(), ICE gathering should start as mentioned in the documentation: https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/icecandidate_event. However, in Safari, this never happens. I experienced this issue in both Safari 18.x and 21.x versions.

正文：大家好， 当设备连接到没有互联网的 Wi-Fi SSID（例如，硬件设备的 AP）时，我看到 NSURLSession（multipathServiceType = NSURLSessionMultipathServiceTypeInteractive）和 WKWebView 之间的行为存在令人费解的差异。我正确启用了多路径授权，在这种情况下： NSURLSession 请求会自动回退到蜂窝网络并成功（无需用户干预，快速切换）。 WKWebView 加载失败或停滞：Web 内容未出现，即使系统网络路径得到满足并确认了真正的 Internet 可访问性，Web 视图似乎也没有使用蜂窝路径。 环境： iOS 版本：（例如 iOS 18.4） 设备：（例如 iPhone 15 Pro） 多路径权利：在应用程序中启用，使用 NSURLSessionMultipathServiceTypeInteractive 连接的 SSID：硬件设备 Wi-Fi，无需外部互联网 预期回退：一旦 Wi-Fi 没有互联网，就会自动到蜂窝网络，如 NSURLSession 所观察到的那样 我做了什么/观察到什么： 使用多路径的 NSURLSession 按预期工作：NSURLSessionConfiguration *cfg = [NSURLSessionConfiguration defaultSessionConfiguration];cfg.multipathServiceType = NSURLSessionMultipathServiceTypeInteractive;NSURLSession *session = [NSURLSession sessionWithConfiguration：cfg];NSURLRequest *req = [NSURLRequest requestWithURL：[NSURL URLWithString：@“https://www.apple.com/library/test/success.html”]];NSURLSessionDataTask *task = [session dataTaskWithRequest：req completionHandler：^（NSData *data， NSURLResponse *resp， NSError *err） { NSLog（@“NSURLSession result： %@， error： %@”， resp， err）; }];[任务简历];连接到设备 Wi-Fi（无外部 Internet）时，会话会悄悄地切换到手机网络并成功完成。 相同情况下WKWebView加载失败：[self.webView loadRequest：[NSURLRequest requestWithURL：[NSURL URLWithString：@“https://www.apple.com/library/test/success.html”]]];Web 视图要么显示负载失败，要么只是挂起，即使较低级别的监视报告网络路径已满足并且真正的 Internet 连接可用。 网络路径监控逻辑： 我使用 C API nw_path_monitor来监视nw_path_status_satisfied。 一旦观察到满意，我就会使用nw_connection（例如，连接 tohttps://www.apple.com/library/test/success.html）执行真正的连接检查，以验证真实的互联网流量是否可以通过蜂窝网络流动。 该检查通过，确认回退到手机网络，但 WKWebView 仍不会加载内容。同时，相同条件下的 NSURLSession 请求会立即成功。 示例日志记录跟踪：[+] nw_path_status_satisfied=1， hasWiFi=1， hasCellular=1 [+] Internet 连接测试：准备就绪（通过 nw_connection） [-] WKWebView 加载失败/停滞 [+] NSURLSession 请求成功完成 问题： 为什么当 Wi-Fi 没有 Internet 时，具有多路径服务类型的 NSURLSession 无缝使用蜂窝网络，但 WKWebView 不表现出相同的回退行为？WKWebView 是否不以相同的方式接受系统的多路径回退？在这种情况下，它是否使用不同的网络堆栈或忽略多路径授权？ 是否有一种受支持的方法可以强制 WKWebView 像 NSURLSession 一样运行？ 例如，我是否可以通过启用多路径的 NSURLSession 桥接内容，并通过自定义方案将其注入 WKWebView？ 是否有任何 WKWebView 配置标志、首选项或策略启用相同的自动接口切换？ 与原始 NSURLSession 相比，WKWebView 处理网络接换、路径满意度或多路径的方式是否存在已知限制或记录在案的差异？ 我排除/尝试过的： 已验证多路径授权是否包含且处于活动状态。 确认的网络路径“满足”，并且在调用 [webView loadRequest：] 之前，真正的 Internet 可访问性成功。 将 WKWebView 加载延迟到连接验证之后。 观察到 NSURLSession 请求在相同的连接条件下成功。 任何对内部差异、推荐的解决方法或 Apple 推荐的模式的见解，以使 Web 内容在“没有互联网的 Wi-Fi”+ 自动回退到蜂窝场景中变得健壮，我们将不胜感激。 谢谢！

Hello, most of the time I can scan my QR code which is associated with my website and my app clip launches. But some few times I've noticed the URL just opens to that URL in safari. I have had this app clip live for months now so should not be the normal 3 day or so wait. The app clip status is validated for debug and cache in build metadata. When I run diagnostics on my iPhone it says the URL is too long but the data reads every time the app clip is launched so I think that should be okay. My suspicion is that the URL I use hits my server and redirects to the actually app clip url. So I'm this might be causing the hiccup. But why so infrequently then? Only when the app clip fails to launch and I open the URL in safari do I see analytics from my server saying the QR URL was hit and had a status code 302 which redirects to a 404. (since that would be the app clip URL) So wondering if there is a way I can reproduce this issue and then resolve it :D

How did you test apple-app-site-association in non-production environments that are usually not public?

Dear Apple Developer Support, I’m developing a Chromium-based iOS browser and want to open the Safari settings page (Settings → Apps→ Safari) like Chrome’s “Import data from Safari” feature, where clicking “Go to settings” opens the Safari settings page. To reproduce this behavior in Chrome: 1.In Chrome, search “Import password from Safari.” 2.Restart Chrome. 3.Go to Chrome → Settings → Safari import → Import to Chrome → Go to settings. 4.You will see it opens Settings → Apps → Safari. Please see the attached file for steps to trigger this feature in Chrome. My attempt with App-Prefs:root=SAFARI only opens the Settings main page ,Is there a public API to open the Safari settings page directly? Look forward to your reply,many thanks

Command: com.apple.WebKit.Networking Path: /private/preboot/Cryptexes/OS/System/Library/ExtensionKit/Extensions/NetworkingExtension.appex/com.apple.WebKit.Networking Identifier: com.apple.WebKit.Networking Version: ??? (8621.3.11.10.3) Resource Coalition: "com.apple.mobilesafari"(1005) Architecture: arm64e Parent: launchd [1] PID: 1708

Hi Apple Developer Community and Support, We are implementing Apple Pay on the Web and are encountering a persistent issue with merchant validation when the ApplePaySession is initiated from a JavaScript application running within a cross-origin iframe. Our Setup: Top-Level Domain: https://application.my.com/ (where the Apple Pay button is displayed, and the iframe is embedded) iFrame Content Origin: https://cashier.my.com/ (Our custom JavaScript application that handles the Apple Pay integration and directly calls our Payment Service Provider's (PSP) API for merchant validation). iFrame allow attribute: The iframe correctly includes allow="payment *". The Problem: When a user clicks the Apple Pay button, the ApplePaySession is successfully created and the Apple Pay sheet opens in Safari iOS. This suggests the browser recognizes the allow="payment *" attribute and allows the API calls. However, during the session.onvalidatemerchant callback, our JavaScript code makes a direct API call to our PSP (Nuvei)'s endpoint. This call consistently fails with an "Invalid domain name!" error, and the Apple Pay sheet then shows "Payment Not Completed." PSP's Diagnosis: Our PSP (Nuvei) has investigated and stated that for this specific endpoint (getAppleValidationApiFlow.do), "there is no explicit way to pass domain to the endpoint and domain for which session is issued is based on 'Referer' header." Our Question for Apple: Given that Safari 17+ now supports allow="payment" for cross-origin iframes to enable Apple Pay APIs, we have the following questions: What is Apple's official guidance or expectation regarding the Referer header for ApplePaySession.onvalidatemerchant calls when the ApplePaySession is instantiated from a cross-origin iframe? Is it expected that the Referer header for calls originating from the iFrame will always be the iFrame's origin? Does Apple's merchant validation process (when the PSP calls apple-pay-gateway.apple.com/paymentservices/startSession) itself rely on or interpret the Referer from the initial client-to-PSP call? Are there recommended best practices or standard approaches for PSP integrations in this cross-origin iFrame scenario to ensure the Referer validation (or equivalent domain validation) is correctly satisfied? We're trying to understand if our PSP's specific reliance on the Referer for this validation is a standard requirement implicitly set by Apple for this flow, or if there are other architectural approaches that should allow this scenario to work seamlessly. Thank you for any insights or guidance you can provide.

I created a form field using: On Safari and Chrome desktop, it behaves as expected. Safari shows the current date in grey by default, and Chrome displays a format hint like dd.mm.yyyy, which is perfectly fine. On iOS, however, the field appears completely blank. I understand that the placeholder attribute is not part of the iOS date input behavior, which is technically fine. Still, it would be helpful if developers had the option to define a default display value. In the past, browsers prefilled date inputs, but many developers objected because they needed the field to be empty by default. I have searched extensively and tried several AI tools, and everywhere it says that this cannot be changed. Am I missing something, or is there any way to display a placeholder, the current date, or some kind of visual hint in iOS Safari? Right now, the empty field creates poor UX because users may overlook it. Since the field is required, this can easily lead to validation errors and additional friction. As a workaround, I used a CSS hack with input[type="date"]::before and a content attribute. I also added JavaScript to toggle a pseudo-placeholder value specifically for iOS. Is there a cleaner solution that avoids this workaround? Thanks in advance for your guidance.

In my application, I use HTML pages to display the interface. Since it’s a cross-platform app, the pages and interactions work properly on other platforms. However, in WebKit, because HTTPS protocol is used, JS requests from the page cannot use the ws protocol but must use the wss protocol under HTTPS. Is there any way to allow a webpage under HTTPS to use ws requests normally? Google Chrome can do this.

iOS 26 (from beta 1 to beta 2) We have a VPN app that installs a per-app VPN profile with SafariDomains to filter Safari network traffic. This setup works as expected on iOS versions lower than 26.0. See here more details on SafariDomains: https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf On iOS 26, all SafariDomains configured to go through the per-app VPN result in the following error: "Safari can’t open the page. The error was: Unknown Error" Additional Details: Only SafariDomains encounter this error. Other managed apps traffic through the per-app VPN works correctly. Steps to Reproduce: Install the VPN app with a per-app VPN profile. Configure SafariDomains with any URL (e.g., example.com). Open Safari and navigate to the configured URL. Example Configuration: We tested with a simple example by adding only one URL to SafariDomains (example.com). Logs from the console were captured at the moment Safari opened and encountered the error. safari_google2.txt Has anyone else encountered this issue on iOS 26? Any insights or solutions would be greatly appreciated. Thank you!

If we use webView.loadFileURL(indexURL, allowingReadAccessTo: readAccessURL) on an iPad it loads the data and navigation works. But if we place two hands on top of the screen and move a bit, all click events are not working anymore. It works again if we call loadFileURL again. We filled a bug report: FB19812304

aID is an ID service for 150+ newspaper sites in Norway. Since the middle of January the average login time with passkeys on our site https://www.aid.no/ has increased for Safari users, the number of logins using passkey in Safari has decreased dramatically. Previously Safari was the browser that provided the best user experience during login, since it triggered fingerprint reader straight away, but this behavior has vanished. Has something changed that we should be aware of, and is there something we can do to make conditional get great again? Without mediation conditional, the passkeys work as expected. In Chrome and Firefox, we get passkey suggestions in the username field, in Safari it's only password suggestions. To make things even stranger, the same code works as it used to in our test environment. It triggers a small popup by the username field and activates the fingerprint reader. If I cancel this, I can click on the Passwords icon and get passkey suggestion there.

Subject: Help Needed with App Clip Implementation Hi Team, I need some assistance with implementing App Clip behavior in safari and also experimenting using TestFlight app. Default App Clip URL: https://appclip.apple.com/id?p=com.jey.ppclient-prod.appclip Website for App Clip Integration: https://appclip-sand.vercel.app/customer Current Behavior: Default App Clip URL: When I embed the default App Clip URL in an HTML tag like below: Launch App Clip it does launch the App Clip. but it says the appclip not supported in your region I've already added this configuration under Local Experience in App Store Connect. Website Integration: I’ve registered the site using the Advanced App Clip Experience. The apple-app-site-association file is in place. When I visit the site, the App Clip does launch as expected. What I Need Help With: I want to launch the App Clip from a custom button click, using either: The default App Clip URL, or The website URL (e.g., https://appclip-sand.vercel.app/customer) with additional query parameters like userId or sessionId. Is there a supported way to achieve this—perhaps through JavaScript or a specific tag setup that works with either Local or Advanced Experience? Your guidance would be greatly appreciated. Thanks, Jey

(Error) When using Safari to access an internal website during development (using a self-signed certificate), may encounter issues where backend data fails to be retrieved.

window.location.href = "tel:02-xxxx-xxxx" Can the development team modify the screen text? Or can the country code be erased? What are the reasons for continuing to be "on the phone" if the country code is automatically attached to the phone like this?

I integrated Apple Pay on the web following the documentation, and verified that the payment works successfully in the sandbox environment using Safari on iOS and Mac. Later, I launched the Apple Pay payment code on a third-party web page that supports Apple Pay, and scanned the code with the camera of an eligible iOS device. The camera then displayed the Apple Pay button; after tapping it, a brief pop-up message saying ‘Service Unavailable’ appeared, and then it closed automatically. How can I troubleshoot and resolve this issue?

Safari Web Extension for enterprice distribution: If I press run button on xcode it shows the safari web extension toggle and works perfect When installed through exported ipa, the web extension toggle dissapears, it doesnt matter how it was installed through mdm, link, or directly ipa from xcode I just exported an ipa as debugging and it worked when I pushed the ipa

Please! is there an app or anything I can do ive posted multiple times. Ive researched all that I can even with screen time on and web limits it still lets u swipe to delete history! Yes it’s grayed out but u can still swipe and delete it!!