input type="file"でアップロードした画像データからGPS情報が除去されます。 こちらはiPadOS16.5.1で発生しておりました。 iPadOS17.4.1、iPadOS18.3では正常にGPS情報が保持されます。 iOS、iPadOSのアップデートでGPS情報を保持するよう修正されたと見受けられますが、リリースノートを参照しても上記修正についての記事を見つけられませんでした。 お手数ですが、上記修正に該当する記事をご教示頂けませんでしょうか。 どうぞよろしくお願い致します。

I tried to create a content blocker for Safari and did it through Safari App Extension and Safari Web Extension. The XCode project for Safari Extension creates 2 applications: the “Main Application” (which is compiled into ".app") and the “Safari Extension” itself (which is compiled into ".appex"). If you want to create a content blocker, you must add “Content Blocker Extension” from the “File → New → Target” menu. This will be the third application in the group, which is also compiled into "*.appex". And now about differences... The first difference is that Web Extension does not have the right to work on any domains by default, unlike App Extension. For the App Extension, in the "info.plist" in the "SFSafariWebsiteAccess" section, we can remove "Allowed Domains" and in "Level" replace "Some" to "All". This is important because the content blocker should work on any domain, and not be turned on manually for each individual. This will not work in Web Extension and will have to be activated for each domain separately. The second significant difference between Web Extension and App Extension is that for security reasons it is more limited in page management. Web Extensions are supposedly focused on a common API for all browsers (Firefox, Chrome, Opera, Edge, Safari), but if I use Safari and want maximum integration with it, then I don't care about all those browsers. In this case, I don't need Web Extension. App Extension functions as a client-server even within the “Main Application”. This is quite expensive and can be fixed. You can remove the “webView” component from storyBoard and remove this files: “script.js”, “main.html”, “style.css”. After this you will get the pure storyBoard without any tinsel and communication between these layers. That’s will work perfectly because these are native Swift applications. p.s. To show the "Safari Extension" window after clicking on the icon on the toolbar, you need to change key from "Command" to "Popover" in the "info.plist" in the section "SFSafariToolbarItem" in the "Action". write your additions...

I want use the Safari Extension to decorate the window.fetch function, But No matter how I try, I can't get the fetch function to execute correctly. I was going through the documentation: https://developer.apple.com/documentation/safariservices/using-injected-style-sheets-and-scripts and found this sentence: "Injected scripts have an implied namespace — you don’t have to worry about your variable or function names conflicting with those of the website author, nor can a website author call functions in your extension. In other words, injected scripts and scripts that you include in the webpage run in isolated worlds, with no access to each other’s functions or data." Does this mean I can't modify the window object in the content script just like a Chrome extension does with the webpage? BTW, In chrome I use chrome.scripting.executeScript API, and in plasmo I just use world: "MAIN" content script's config to achieved this feature.

I am a newby to JavaScript, suggested to me to use to automate the task of opening of a Web page, selecting three internal buttons in sequence to download the underlying chart data. I have created the App via Automator on macOS, to run the Script, successfully open the Web Page, but cannot find a way to select and click() on the buttons. Can someone please help me. Robert. This is the code suggested by Grok 3 Beta, but I see this error: Error: First parameter passed to Document Constructor must be an object. function run(input, parameters) { var Safari = Application('Safari'); Safari.activate(); // Open the AEMO data dashboard (Grok 3 Beta recomendation opens the web page correctly) Safari.Document().make(); Safari.windows[0].currentTab.url = 'https://www.aemo.com.au/energy-systems/electricity/national-electricity-market-nem/data-nem/data-dashboard-nem'; delay(10); // Wait for page to load // Click the Fuel Mix tab (target the active in the tabs) Safari.Document(0).doJavaScript("document.querySelector('.tabs .active').click()"); delay(5); // Wait for tab content to load // Select 48 hrs from the dropdown Safari.Document(0).doJavaScript("document.querySelector('#interval').value = '48H'; document.querySelector('#interval').dispatchEvent(new Event('change'))"); delay(5); // Wait for selection to take effect // Click the download button Safari.Document(0).doJavaScript("document.querySelector('.visualisation-icon-button').click()"); return input; }

I recently noticed that putting the app on background for some time, then switching back to it again causes the WKWebView to reload the current page, same with just hitting f5 on it. How do we disable this behavior?

There is no problem with the content display of each tab, but the tab bar is completely buggy. If you open 5 or more tabs and browse tabs after the 5, the first 4 tab bars will be completely blacked out, and you don't even know how many tabs you have. If you click on the place where the tab title probably exists, the tab is displayed as if the partial display of the tab bar has been restored. There is no problem with content display. But because it is unclear what tab is open, the browsing experience is at its lowest. If you switch to the tab after the 5th, the first 4 will return to the blackout state again. Of course, it is the latest software configuration at the moment. There is no shortage of memory at 24GB. I recently started developing a Safari extension with AppExtension, but is that due to it?

We are building a Safari web extension utilising native messaging, to send messages to the Swift native part of the app. We sometimes experience, that the beginRequest handler is executed multiple times, at the same time. We have a special part of the code in the handler, that must be run only once. Because it uses NS defaults storage, and also because it calls our servers. We have tried to use a serial dispatch queue, as well as other locking and mutex techniques, to no success. We suspect that the instances of the handler are isolated in a way, that these locks don’t work (maybe they don’t share memory?). But we are not sure. When looking at os_logs from the handlers, they all share the same PID. Has anyone experienced anything similar and can shed some light on what's going on?

Description When creating an Apple ID via the web form, if the user’s chosen password contains their own name, the server correctly returns an error (e.g., "Password cannot contain your name") in the PUT request's JSON response. However, this error is not shown on the frontend, leaving users unaware of why the form silently fails or stalls. Steps to Reproduce Go to the Apple ID account creation page (https://appleid.apple.com/account). Enter valid account details where the password includes the user's first or last name (e.g., Johnacb2331!l for a user named John Doe). Complete all fields, including phone number verification and captcha. Submit the form and monitor the Network tab in your browser’s DevTools. Observe that the form appears to hang, loop, or silently fail. Open the PUT request to /account — the response JSON will contain the relevant validation error (e.g., “Password cannot contain your name”), but the user is not shown this. Expected Behavior The password validation error (e.g., containing the user’s name) should be immediately displayed in the UI next to the password field to inform the user and allow for correction. Actual Behavior No error is shown in the UI. The form appears to fail silently, leaving the user confused. The actual reason for failure is only visible through browser developer tools in the PUT response payload. Impact This can lead to: User frustration and confusion Increased support overhead Poor UX in a critical flow (account creation) Environment Browser: chrome 136.0.7103.114 Platform: Web (https://appleid.apple.com) Date observed: 31/5/25 Suggested Fix Ensure that password validation messages from backend responses surface in the frontend, especially for common user input issues like including names in passwords. No screenshots as I can not create a new account

Hello. In Safari there are no eorking nee skins or walpapers!

We're using the PaymentRequestAPI, and to my surprise I see that if we open the payment dialog then don't interact with it - biometrics to approve or cancel/X button - it sits there open indefinitely. Is there any way to tell it to only sit there for some limited time period before canceling?

Is it a specification that the Service Worker doesn’t work in an internal iframe only when the parent page in a WebView is file://? It works in Mobile Safari under the same conditions, and we couldn’t find any specification that says Service Worker-like behavior doesn’t work with this combination. Step to reproduce: We use Vite to develop the application. For the iframe in Webview, Install vite-plugin-pwa with version ^0.20.5 Add VitePWA({...}) to plugins[] array in vite.config.ts Build and preview the app: npm run build && npm run preview. We open a Webview with file:// and then open the iframe with the URL to which we preview the app (We use ngrok to create the URL). Then we open Safari and inspect the Webview but inside the Developer > Service workers tab doesn’t have a registered service worker. For safari, we do the same step 1-3, We open Safari browser with the URL that we have deployed the app (The same URL we used in the iframe in Webview). We go inside the Developer > Service workers tab and it has a registered service worker. Environment: Simulator: IOS 18.2 Safari: MacOS 15.2 Expectation: Safari and the iframe in Webview should have a registered service worker inside the Developer > Service workers.

On iOS 18 only, I've been getting this error from the didFailToContinueUserActivityWithType in AppDelegate, the activity needed for universal links. It didn't happen on previous versions of it. Has anyone encountered this ?

As of IOS 18.3, there browser.tabs.create methods active property which is supposed to determine whether a tab get open in the active window or not is not working as it should. I have the active property set to false but the tab still gets opened and is active on the window. Tested on older ios versions 18.2 and below and it works as it should. please advise

I'm encountering an issue with ReactPlayer where videos fail to play when the playback rate is set to 3x, but this problem only occurs on iOS. The same functionality works perfectly fine on Android devices and desktop browsers like Chrome and Firefox. Here are the details of my setup: ReactPlayer version: 2.16.0 Video format: [MP4, hls ] Tested devices: iPhone 13 Expected behavior: Videos should play smoothly at 3x speed. Actual behavior: Videos fail to load or play when playbackRate is set to 3.0. I've read that iOS Safari might have limitations regarding playback rate due to performance or energy efficiency, but I couldn't find any official documentation to confirm this. If anyone has faced a similar issue or knows the root cause (or a workaround), I'd really appreciate your insights. Additionally, if there are official resources or documentation about playback rate limitations on iOS Safari, please share them. Thanks in advance for your help!

Hi, I have tried to research how safari clean up the cookie when it reaches maximum limit (4kb) on internet but cannot find a good answer. Anyone can help me to give an answer for this question? Thanks in advance

Dear Apple Developer Support Team, I am writing regarding critical issues we are facing with Safari web push notifications in our application iLiveMyLife.io, which is severely impacting our ability to maintain reliable communication with our users. Issue Description: We are experiencing persistent problems with Safari push notification tokens expiring or becoming invalid without any notification to our server. This creates several critical issues: Users stop receiving notifications without any indication of failure Our notification delivery system has no way to detect token expiration The expiration appears to happen frequently (seemingly almost daily in some cases) There is no reliable mechanism to re-establish push communication without users manually revisiting the app Technical Impact: Our messaging functionality becomes completely unreliable We must resort to email or SMS as fallback mechanisms, which is not feasible for a real-time communication platform This makes building any reliable messaging application on Safari practically impossible The Broader Context: What makes this situation particularly challenging is that all potential alternative browser APIs that could help address this issue appear to be deliberately disabled or restricted in Safari: Background Service Workers don't function in the background on iOS Safari Background Sync API is not supported WebSockets cannot operate when the app is closed There's no way to programmatically check the validity of push tokens The combination of these limitations creates a situation where developers have no viable technical path to build reliable notification systems for PWAs on Safari. This appears to be a systematic restriction rather than individual API limitations. Requested Information: Is there a recommended approach to detect Safari push token expiration? Are there alternative notification mechanisms for PWA applications on Safari that offer more reliability? Is there documentation on the lifecycle of Safari push tokens that could help us implement proper handling? Are there plans to improve the Web Push API implementation in Safari to address these reliability issues? Could you clarify if these limitations are intentional design decisions or technical constraints that might be addressed in future updates? Business Impact: This issue fundamentally undermines our platform's core functionality. For a collaborative tool, reliable notifications are essential - users cannot collaborate effectively if they miss updates because their push tokens silently expired. The current state creates confusion among our users, who don't understand why they suddenly stop receiving notifications. Any guidance or assistance you could provide would be greatly appreciated. We're committed to providing an excellent experience on Safari, but the current push notification limitations make this extremely challenging. Thank you for your time and consideration. Best regards, Ilya

I am currently developing a Chrome, Firefox and Safari web extension, and I am facing a CSP issue on the content script on Safari. The extension I develop has a content script that injects an img tag in the DOM of web pages the user is visiting. That img tag fetches its content at a specific URL. On Chrome and on Firefox, the img tag content fetches the content at the URL with no issue on every web pages, including those that set the CSP header img-src. On Safari, I'm getting the following error on web sites that set the img-src CSP header: Refused to load https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113 because it does not appear in the img-src directive of the Content Security Policy. Here is the actual CSP img-src header content of the web page where, on Safari, the injected img tag does not load the content at https://axxlfrmnpq.cloudimg.io/www.macifavantages.fr/wp-content/uploads/2021/06/Garmin-logo.png?func=bound&w=225&h=113: Content-Security-Policy: img-src https://secure.adnxs.com https://www.facebook.com https://.garmin.cn 'self' data: .garmin.com .trustarc.com .truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://res.garmin.com https://.criteo.com https://.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://.teads.tv https://www.googletagmanager.com https://bat.bing.com https://.yahoo.com https://sync.outbrain.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com .akamaihd.net https://.tealiumiq.com https://deploytealium.com https://pixel.mediaiqdigital.com; My question is, is the page CSP blocking the img tag injected in the web page by the extension's content script? If so, is this behavior documented somewhere, or is it a Safari bug? I saw there is a similar post on the forum, but I couldn't find if the issue is a bug or if it's the expected behavior on Safari: https://developer.apple.com/forums/thread/651542?login=true. Thank you very much for your help.

The order nor -webkit-order properties of a child element of a flex parent dosen't work in Safari 18.3. Works correctly in FireFox and Chrome.

I am currently developing an app using WKWebView. In iOS 17, Apple introduced ProxyConfiguration, and I have two questions regarding its usage: Is there a way to use ProxyConfiguration to distinguish between HTTP and HTTPS traffic? I have reviewed the documentation but couldn’t find a clear method for this. As an alternative approach, I am attempting to determine the request scheme within WKWebView and switch proxyConfigurations just before loading the request. My current implementation sends requests to hoge_a by default and switches to hoge_b only for HTTP traffic. 　 if #available(iOS 17.0, *) { if URLString.contains("http:") { webView.configuration.websiteDataStore.proxyConfigurations = [hoge_b] } } webView.load(request) if #available(iOS 17.0, *) { if URLString.contains("http:") { webView.configuration.websiteDataStore.proxyConfigurations = [hoge_a] } } 　 2. Since I modify proxyConfigurations every time webView.load(request) is called, are there any potential issues or concerns with this approach? I would appreciate any insights you may have on either of these questions.

Howdy, WKWebView feature request: allow Fullscreen API without User Gestures similar to ElectronJS' userGesture: true flag that allows devs to bypass user gesture restriction for Fullscreen API and similar executeJavaScript(code[, userGesture]) https://www.electronjs.org/docs/latest/api/web-contents#contentsexecutejavascriptcode-usergesture afaik this is allowed because of a fairly recent update to Chromium that also allows users to give Fullscreen API permissions per domain https://chromeos.dev/en/posts/using-the-fullscreen-api-without-gestures Would be greatly useful for a use case in my cross-platform app, so I can avoid rewriting all platforms to use Chromium Thanks