Hi Apple Devs & WebKit Team, We operate https://excnum.com — a personal website currently under reconstruction. It's HTTPS-secure, hosted on a clean VPS, and now features a simple placeholder page with no active forms, scripts, or external redirects. However, Safari on both iOS and macOS is flagging it as a “deceptive website”, blocking all access. This warning appears even though: The site uses a valid SSL certificate via Cloudflare There are no redirects, tracking scripts, or dynamic code We serve a static landing page (“under maintenance”) with zero interaction No malware, phishing, or obfuscation exists — verified with multiple tools A review request has already been submitted at: https://websitereview.apple.com We believe the site may have been blacklisted previously under past ownership or prior configurations. It has since been completely restructured and cleared, but the Safari warning persists. This false flag is harming visibility and trust for an otherwise neutral website. Any advice on how to expedite re-evaluation or request a manual delisting from the deceptive site list would be much appreciated. Thank you! — Alex Admin, EXCNUM.COM

Subject: iOS 26 WKWebView: Remote Pages Become Unresponsive After Loading Local HTML Files Description We're experiencing a critical issue with WKWebView in a React Native 0.64.3 application where remote web pages become completely unresponsive after loading local HTML files in iOS 26. It works well before iOS26. Environment: React Native 0.64.3 iOS 26.0 Xcode 26.0.1 Using custom WKWebView implementations in Native modules Problem Details App loads local HTML files using loadFileURL:allowingReadAccessToURL: Later, when loading remote pages via loadRequest:, the remote pages load successfully but become unresponsive to user interactions This occurs even when using different WKWebView instances The issue is reproducible 100% of the time once a local file has been loaded Restarting the app and loading remote pages directly works fine Code Example: // Loading local file (works fine) [self.webView loadFileURL:localFileURL allowingReadAccessToURL:accessURL]; // Later, loading remote page (loads but becomes unresponsive) NSURLRequest *request = [NSURLRequest requestWithURL:remoteURL]; [self.webView loadRequest:request]; What We've Tried: Using different WKWebView instances for local vs remote content Comprehensive cleanup in dealloc (removing all user scripts and message handlers) Loading blank HTML before switching to remote content Using shared WKProcessPool (understanding its limitations in iOS 15+) Ensuring proper decisionHandler management in navigation delegates Resetting WKWebView configuration settings Clearing cookies and cache between loads Using loadFileRequest:allowingReadAccessToURL: instead of loadFileURL: Key Observations: The remote page renders correctly and network requests complete No JavaScript errors in console The view hierarchy appears normal in Debug View Hierarchy Touch events seem to be delivered but not processed by the web content Questions: Has Apple introduced new security restrictions in iOS 26 that affect the transition from file:// URLs to http:// URLs? Are there specific WKWebView configuration changes required for React Native applications in iOS 26? Could this be related to the React Native bridge or JavaScript context persistence? Any insights or workarounds would be greatly appreciated, as this is blocking our iOS 26 compatibility.

Hi, I’m trying to detect whether my Safari Web Extension is running in Safari or Safari Technology Preview. Is there a reliable way to do that? I can get the executable path of the parent process using proc_pidpath(). However, unlike Chrome or Firefox, Safari extensions run under /sbin/launchd as the parent process, not the responsible process (browser’s binary). In this scenario, I need the executable path of the actual browser process, but I haven’t found a way to get it. Also, Safari doesn’t implement the Web Extension API’s browser.runtime.getBrowserInfo(), unlike Firefox. I haven’t tested it yet, but I’m considering checking the user agent string, though I’m not sure how reliable that would be. Use Case Some users use my Safari extension as a web development tool and want to enable some features exclusively in Safari Technology Preview, while using other features only in standard Safari. If I could detect which browser is in use, I could provide the appropriate functionality for them.

Enabling Private Relay seems to block XHR in Safari from reaching a local HTTPS server hosted by an iOS app, though it works in other browsers. Before (working): JS → https://local.example.com → 127.0.0.1 → OK After (blocked / no DNS reply probably): JS → https://local.example.com → ERR Is there any way to restore local domain access or mitigate this issue?

Hi Apple Devs & WebKit Team, We operate https://outdoorgala.com — a verified, HTTPS-secure Canadian ecommerce site focused on elite outdoor safety gear. We're Indigenous-owned, based in Alberta, and take customer trust and compliance seriously. However, Safari (iOS + macOS) is falsely flagging our site as “deceptive,” preventing customers from accessing us — even though: We use GoDaddy Website Builder with no redirections or malware All product links are clean, HTTPS-secure, and tracked ethically We recently implemented a fully compliant cookie banner (Accept/Decline logic) A public security.txt and OpenPGP key has been published: https://outdoorgala.com/security No phishing, malware, or cloaking behavior exists on the site We’ve already submitted a review via: ➡️ https://websitereview.apple.com And filed a bug report via Feedback Assistant (FB17608544) What else can be done to speed up review or get flagged domains unblocked in Safari? This is hurting our business and blocking consumer access — despite following all Apple guidelines. Would appreciate any insights or escalation tips. Thank you! – Derek Eiteneier Founder, Outdoor Gala

Hello, We are setting up Apple Sign In in one of our non production websites but we keep getting a "oauth code says expired or revoked" error. We have created a brand new service ID and key for this but are still getting this error.

I have a website that has been built in Wordpress and hosted on wordpress engine. In testing now and on the i phone with safari browser it keeps crashing after short time 2/3 minutes, content does not display properly pages go blank etc. Has anyone experienced this /have a solution? Thanks

I have a website I’m working on that uses WordPress and element mentor pro. Basically everything is custom HTML in individual containers and custom CSS for each page. The problem that I’m running into is there needs to be a pop-up and the easiest way to do that is just use the element or proper pop-ups however, the overlay is not extending into the safe areas on the bottom or top notch. I’ve been trying to figure out a way to fix this, and I cannot get it to work. I’ve tried having CSS in every imaginable way to get it to extend the overlay.. The other issue is for this website there is no header. It’s just a container that’s the hero content and for some reason that also will not extend into the top-notch safe area. It extends to the bottom notch just fine but not the top notch and there’s just a white bar there where I prefer it be the background gradient that I have set up for the hero however, nothing I do will get it to push into that top notch safe area either. Hoping someone else had this issue and can help me out

In the safari or chrome app, when I want to change tabs, I can go into a grid view of the tabs. In this grid, each tab shows the content of the page. When I click on one of the tabs, the content of the page expands to fill the entire screen (and shrinks when I go back to grid). I'm creating my own browser and I'm trying to replicate this same functionality. I'm using WebKit on XCode 16.4, iOS 18. However, I'm unable to figure out how Chrome and Safari did this. First, I thought that I could take a snapshot of the page and then use that image as the thumbnail. However, very often the image is of the wrong size - likely due to the webview shrinking for the animation. Making the animation wait until the image is made available did help in making it more consistent. The above errors happen whenever I spam the new tab and then click the tab grid button. It only is misaligned on the very last new tab. Please help on this. // OpenedTab.swift Button(action: { tab.getThumbnail { tabManager.selectedTab = nil } }) { ZStack { Image(systemName: "square") .resizable() .frame(width: 25, height: 25) Text(tabManager.tabs.count.description) .font(.subheadline) } } // TabState.swift func getThumbnail(completionHandler: (() -> Void)? = nil) { webView.takeSnapshot(with: nil) { img, err in if let err = err { print("Snapshot err: \(err)") } else { self.thumbnail = img completionHandler?() } } } Also, something I'm noticing is that for some reason, the image is slightly bigger than the header of the tab card. It also happens in the progress view if the thumbnail isn't available. The images above show it too. I have no clue why this is happening and I would love advice on this too. struct TabCardView: View { @StateObject var manager = TabManager.shared @ObservedObject var tab: TabState var namespace: Namespace.ID @State var width: CGFloat = 0 var body: some View { GeometryReader { geo in VStack(spacing: 0) { HStack(spacing: 1) { Text(tab.title ?? tab.url.host() ?? "") .font(.caption2) .padding(.horizontal, 4) .padding(.vertical, 10) Button(action: { manager.close(tab: tab) }) { Image(systemName: "multiply") } } .frame(height: 40) .frame(width: geo.size.width) // .padding(.horizontal, 7) .background(.tertiary) .matchedGeometryEffect(id: tab.id.uuidString + "title", in: namespace) ZStack { if let thumbnail = tab.thumbnail { Image(uiImage: thumbnail) .resizable() .aspectRatio(contentMode: .fill) .frame(width: geo.size.width, height: 160, alignment: .top) .clipped() } else { Color.black.brightness(0.8) ProgressView() } } .frame(width: geo.size.width, height: 160) .matchedGeometryEffect(id: tab.id.uuidString + "container", in: namespace) } .frame(width: geo.size.width) } .frame(height: 200) .clipShape(RoundedRectangle(cornerRadius: 16)) .shadow(radius: 2) .padding(.all, 7) .overlay( RoundedRectangle(cornerRadius: 20) .stroke(.blue, lineWidth: manager.previousTab?.id == tab.id ? 5 : 0) ) .shadow(radius: 1) } }

Doc URL: https://developer.apple.com/documentation/applepayontheweb/requesting-an-apple-pay-payment-session How can I send a POST request using PHP, and what certificates are required? Currently, I have downloaded the following files on the backend: merchant_id.cer, apple_pay.cer, and a local cert.p12 file This my code: But,run error:cURL Error: unable to set private key file: '***/private.pem' type PEM%

The “Add to Home Screen” feature for bookmarks is not working in Safari on iOS 26.

When trying to create an anchor with the download attribute it does not work for PDF files, it displays the files inline. Also when the download attribute is set the target attribute is ignored too. The tag: ... The behavior: It displaies the file in line. The correct behavior: The file should be downloaded and not displayed or at least displayed but with the "_blank" target (new tab). This is an issue when working with WebSockets which is closed when the file is opened inline.

I have compiled some Java code to WebAssembly via TeaVM and wrapped it in a PWA. The resulting code runs nicely in Firefox and Chrome but throws an exception in Safari. CompileError: WebAssembly.Module doesn't parse at byte 1657: invalid extended GC op 24, in function at index 2251 Can anybody tell me what's wrong with that code? I mean it can't be so bad if Firefox and Chrome can parse and run it without problems. I am using the most recent versions of all browsers and the offending code can be found here: Run the demo via: https://mpmediasoft.de/demos/Emmentaler/Emmentaler-Demo-TeaVM-Wasm/index.html The offending wasm file is: https://mpmediasoft.de/demos/Emmentaler/Emmentaler-Demo-TeaVM-Wasm/tvw/ModelBridgeTeaVM.wasm With Safari the demo just shows some empty space instead of a complex polygon. You can see the error in the javascript console of Safari.

Posting this here since Apple Discussion Forums kept deleting this citing it was a "developer issue" even though it's not and there's no way to appeal. Can someone help me? I can't get 2FA SMS/Email Codes to autofill in Brave or Chrome as of this writing. Has anyone else had this issue?

Chrome's Incognito mode can not open app from universal link on iOS. It's opened a web page instead of launching the app even the app already installed on the iOS device.

The icon (new file downloaded) inside the search bar on Safari does not display after downloading a file. To update the search bar and display the icon you have to open the search bar and then close it again to see that a new file was downloaded.

When the “Use Strong Password?” dialog appears and I select “Not Now” to manually enter my own password, the password I type is displayed in plain text instead of being masked. Since the input field is of type="password", the entered characters should be hidden as is standard for password inputs. Is there a way to prevent this behavior and ensure that the password is properly hidden even after dismissing the strong password suggestion dialog?

I am testing stuff on a website, and it worked well on any mobile browser till iOS18. Now that I am testing iOS26, even with the latest BETA (3) everything works smoothly on any other mobile browser but Safari. Previously I had the bug, which now has been patched, for status-bar, which was flickering too, but popover and page issue seems still there. I have persistent popover and ajax navigation, and both are rendering with bugs and fouc while view/page changes. Example: If I have an element which must stay on its place and its width is 100vw: while page changes it blinks, shrinks, flicker and jumps on rendering, while it simply must stay as is.. Animations and page transitions work smoothly on Chrome mobile (latest iOS 26 beta 3) , while breaking on Safari. I did open a feedback FB18328720, but seems no one caring. Any idea guys? ** Video of the bug (which is huge!) : ** https://youtube.com/shorts/rY3oxUwDd7w?feature=share Cheers

In our web application some functionalities will allow user to upload multiple images (More than 25 images) in a single page It is working find in all OS and browsers except iOS When user try to upload images directly from camera there will be some overlaps, duplication, missing etc. This is happening in both Safari and Chrome, we had a thorough check in our application and found every thing is working fine from our end You can reproduce the issue by creating a web page which accept more than 50 images (we tried the same in ASP MVC Core & PHP) and showing the images in order access the page through your iPhone using Safari or Chrome Try to upload images directly from your camera, try sequential images (Image of a stop watch, or some thing like that) so that you can easily identify the order of files uploaded and check the listing page of uploaded image (Try these steps multiple times) You can find some images are duplicated and some are missing

I'm developing an application that makes use of a WebView. When resuming the app I occasionally run into an issue where the application just shows as a blank page. In the Console.app I see a stack trace, however the details are hidden (see below). The stack trace is thrown from JavaScriptCore. default 13:37:07.029261+0200 outlinerrs_dioxus 1 0x1b80cd678 <private> default 13:37:07.029360+0200 outlinerrs_dioxus 2 0x1b7d50e30 <private> default 13:37:07.029369+0200 outlinerrs_dioxus 3 0x1047ec800 <private> default 13:37:07.029539+0200 outlinerrs_dioxus 4 0x1b7d37924 <private> default 13:37:07.029548+0200 outlinerrs_dioxus 5 0x1b8102a78 <private> default 13:37:07.029789+0200 outlinerrs_dioxus 6 0x1b8100cb8 <private> default 13:37:07.029834+0200 outlinerrs_dioxus 7 0x1b7ba7b0c <private> default 13:37:07.029851+0200 outlinerrs_dioxus 8 0x1b879a520 <private> default 13:37:07.029870+0200 outlinerrs_dioxus 9 0x1b817f204 <private> default 13:37:07.030159+0200 outlinerrs_dioxus 10 0x1b76bfce8 <private> default 13:37:07.030186+0200 outlinerrs_dioxus 11 0x1b76ad838 <private> default 13:37:07.030245+0200 outlinerrs_dioxus 12 0x1b76bd76c <private> default 13:37:07.030324+0200 outlinerrs_dioxus 13 0x1b22c827c <private> default 13:37:07.030424+0200 outlinerrs_dioxus 14 0x1b22c8034 <private> default 13:37:07.030461+0200 outlinerrs_dioxus 15 0x19d6df230 <private> default 13:37:07.030514+0200 outlinerrs_dioxus 16 0x19d6df1a4 <private> default 13:37:07.030584+0200 outlinerrs_dioxus 17 0x19d6bcc6c <private> default 13:37:07.030592+0200 outlinerrs_dioxus 18 0x19d6928b0 <private> default 13:37:07.030601+0200 outlinerrs_dioxus 19 0x19d691c44 <private> default 13:37:07.030607+0200 outlinerrs_dioxus 20 0x23ca6e498 GSEventRunModal default 13:37:07.030675+0200 outlinerrs_dioxus 21 0x1a300cddc <private> default 13:37:07.031049+0200 outlinerrs_dioxus 22 0x1a2fb1b0c UIApplicationMain default 13:37:07.031064+0200 outlinerrs_dioxus 23 0x104a76278 <private> default 13:37:07.031070+0200 outlinerrs_dioxus 24 0x1047a0064 <private> default 13:37:07.031254+0200 outlinerrs_dioxus 25 0x104781efc <private> default 13:37:07.031343+0200 outlinerrs_dioxus 26 0x1047493e0 <private> default 13:37:07.031352+0200 outlinerrs_dioxus 27 0x10477e1c8 <private> default 13:37:07.031358+0200 outlinerrs_dioxus 28 0x1047a0184 <private> default 13:37:07.031373+0200 outlinerrs_dioxus 29 0x1047a033c <private> default 13:37:07.031409+0200 outlinerrs_dioxus 30 0x104733724 <private> default 13:37:07.031451+0200 outlinerrs_dioxus 31 0x104464e98 <private> I tried to create com.apple.WebKit.plist in /Library/Preferences/Logging/Subsystems with the following contents: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>DEFAULT-OPTIONS</key> <dict> <key>Enable-Private-Data</key> <true/> </dict> </dict> </plist> Does anyone know how to reveal the hidden logs?