We have written a PAC script that blocklists certain domains and whitelists others. We went to Settings > Network > Wi-Fi (the network we are using), then clicked on Details, and under Proxies, we added the PAC file URL in the Automatic Proxy Configuration section. We tried hosting the PAC file both on localhost and on a separate HTTP server. After saving the settings, we tested several URLs. The blocking and allowing behavior works correctly in all browsers except Safari. Below is the PAC script we are using for your reference. The script works as expected in browsers other than Safari. This is how the PAC script URL looks: http://localhost:31290/proxy.pac function FindProxyForURL(url, host) { var blacklist = new Set(["facebook.com", "deepseek.com"]); var b_list = [...blacklist]; for (let i = 0; i < b_list.length; i++) { let ele = b_list[i] + "*"; if (shExpMatch(host, ele) || shExpMatch(url, ele)) { return "PROXY localhost:8086"; } } if (isIPBlocked(whitelist_subnet, hostIP)) { return "PROXY localhost:8087"; } if (isIPBlocked(blacklist_subnet, hostIP)) { return "PROXY localhost:8086"; } return "PROXY localhost:8080"; }

For many years, I've noticed that although in native code I can handle continuous and simultaneous Apple pencil and touch inputs using UIKit, Safari and WKWebView's PointerEvents only seem to allow you to use one input type at a time. i.e. Apple Pencil down blocks touch input until lifted and touch input blocks Apple Pencil input. It's as though requiresexclusivetouchtype has been set in the underlying webkit implementation. There's decades of research (e.g. https://dl.acm.org/doi/10.1145/1866029.1866036 ) and several existing native applications in production showing that multimodal inputs open-up many unique and useful applications and interactions. Even a simple "hold object with finger" + "draw with stylus" controls are the norm. I recently built a native application using multimodal simultaneous inputs, but this is impossible to port to web due to the unexpected behavior of PointerEvents (and touch events, and mouse events; any variant exhibits the same behavior). I've researched and attempted to apply every possible flag, change, and css code to get this working, but I think the behind-the-scenes implementation is what's blocking the simultaneous touch types. This is unexpected and undesired behavior because it's inconsistent with the native behavior. If it's unintended, it's a big priority to fix for creating better user experiences on the iPad. If it's intended, I do not believe that's reasonable (even if it might be more complex and used for more advanced applications). Please expose a way to support simultaneous touch types in iPadOS/iOS in both Safari and WKWebView. At minimum, may we have a discussion on how to support the desired behavior? The simplest solution I can think of is to provide a webkit-platform-specific boolean in Safari and WKWebView called requiresExclusiveTouchType, which is set to False by default to keep the current behavior, and settable to True to get the more flexible behavior I'm expecting.

On iOS 18 only, I've been getting this error from the didFailToContinueUserActivityWithType in AppDelegate, the activity needed for universal links. It didn't happen on previous versions of it. Has anyone encountered this ?

Since Safari requires a macOS app as a container for Web Extensions, is there a way to establish native messaging directly from SafariWebExtensionHandler using stdin/stdout? Or does Safari enforce a different communication mechanism? I’d like to keep the same approach as other browsers. Any guidance on making this work would be appreciated!

When CHIPS was introduced in 18.4 it worked well, however on 18.5 it does not appear to work. There do not appear to be release notes about this in 18.5, so can someone provide definitive if this is a defect that will be fixed, or have they already been deprecated?

"The Safari web extension packager enables you to package and distribute your Safari extensions using App Store Connect from any web browser, without requiring a Mac or access to Xcode." I upload the unzipped folder I'd test in Chrome://extensions to the Safari web extension packager in App store connect. I get error: Embedded binary's bundle identifier is not prefixed with the parent app's bundle identifier. The only solution i've seen to this error involves xcode/a mac, being without which doesn't help

This is my first post, so please forgive me if it is to the wrong area. I've been using Tahoe for a few days and, overall, it's very stable. But the one thing that has bothered me to no end is Safari's new behavior with respect to its header (Address bar, Favorite bookmarks bar, tab bar) background color. The web content of the active tab seems to affect everything - and oftentimes makes things completely unreadable - at least in "Dark" mode. For instance, if a web page uses a white background, the Favorites bookmark labels are the same color as the bookmark background, so reading the labels is simply impossible. At other times, they're just very difficult to read. Similarly, it is almost always impossible to tell which tab is the active one - my only workaround is to try 100% brightness....or to just guess. When Apple previously experimented with letting content bleed through to the top, there was a setting for stopping it - but I don't see such a setting anymore. Do you you know of any way to stop this effect?

Hello All, On our iOS app, we plan to show tutorial (WKWebview) only in case user has safari extension disabled. How can iOS app know about status of Safari extension. Thanks, Anup

I have a Safari Extension which replaces default new tab and puts a link on a generated new tab. This link can be either usual URL link, or a URL Scheme, something like plecoapi://x-callback-url/df?hw=${char}&sec=dict In iOS 17 and previosly, this link worked flawlessly. In iOS 18, including 18.2, this X-Callback-URL link works only once, if I kill Safari process, reopen Safari and tap the link. Each subsequent tap will just reload the page, link won't work anymore until the next Safari reload. Usual URL links works every time without a problem.

The order nor -webkit-order properties of a child element of a flex parent dosen't work in Safari 18.3. Works correctly in FireFox and Chrome.

I have a content blocker that generally works correctly, but I need to block an element that has certain text in it. For example, <span id="theId">Some text</span> is easy enough to block because I can locate the id and block that, but what if there is no id, or the id is completely random? What if it's just <span>Some text</span>? How do I block that? Let's say this is my only content blocker rule: [ { "action": { "type": "css-display-none", "selector": ":has-text(/Some text/i)" }, "trigger": { "url-filter": ".*" } } ] No errors are seen when the rule is loaded, so it's syntactically correct, it just doesn't block the HTML. I gather this is because :has-text() works on attributes, not contents, so it works on alt, href, aria-label etc. but not on the contents of the element itself. How do I block Some text in my example above? Thanks!

I'm looking for answer or documentation on gatekeeper and launching a MacOS app via a url scheme/custom protocol. Our application is delivered via a zip file downloaded from the web. We utilize a url scheme. The act of extracting the app from the zip registers the url scheme with the OS. From previous research/testing we found we had to break the gatekeeper lock (have the user move the app from the downloaded location) to ensure that the url is honored on first launch of the application. To ensure user compliance, we added a check to make sure that the lock has been removed by looking at the quarantine attribute. This flow is not ideal. I am looking for alternatives and was previously under the impression that if we were to move to a DMG then that would provide the user a better user experience for moving it. However, now that I am getting around to looking into it, I am seeing some implied statements that this is not the case and that the quarantine bit will just be moved from the DMG to the app. Questions: Does a DMG allow the app to be launched via custom protocol without prior launch or movement? With a notarized app, will the custom protocol work on a subsequent launch, even without prior movement?

The new WebView implementation in *OS 26 versions is a very valuable addition to the SwiftUI toolset. I was experimenting with it and was wondering how to implement a Pull To Refresh. While this was easily achievable with the "old" WKWebView I was not able to find an API to implement, for example, a page reload when the user uses a pull to refresh gesture. I tried to attach to a .refreshable(_:) modifier to the WebView but without success. Is there an official API for that or should maybe .refreshable(_:) already work and it's just a bug or is it simply not yet supported? Here is a minimal example I was trying but didn't succeed: struct ContentView: View { @State private var page = WebPage() var body: some View { NavigationStack { WebView(page) .refreshable { page.reload() } } } } Any help is much appreciated. Thank you!

Hi, this is my first post in the community, so please correct me if i am posting this somewhat in a wrong manner. Im using my Apple M1 Pro(14inch, 2021) and installed the os 26 yesterday. Today, I was using Safari, and all of sudden it gets frozen, then the following window popped up. Is this something expected? i.e. my usage is somewhat unusual or is there any report around potential memory leak in Safari? appreciate any suggestions, as Safari is my main browser and currently on hold due to this issue. Thanks

Is this symbol, which Safari uses to the left of the address bar, in the public SF Symbols set? What's it called?

I have an extension which was working fine on older Safari version, but it is getting killed after I upgraded the browser to Safari 18 and higher. From the system logs I could see, Safari is sending the KILL signal to my browser 2024-11-12 13:51:01.536167-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] signal service: caller = Safari[45238], value = 0x9 2024-11-12 13:51:01.536453-0600 0xfab Default 0x0 382 7 WindowServer: (SkyLight) [com.apple.SkyLight:default] [ ConnectionDebug ] Closing conn 0xf955b, PID 45463 in session 257 on console2024-11-12 13:51:01.536474-0600 0x95b674 Default 0x0 1 0 launchd: [gui/503 [100018]:] service inactive: com.apple.xpc.launchd.unmanaged.SafariExtension.45463 2024-11-12 13:51:01.536479-0600 0x95b674 Default 0x0 1 0 launchd: [gui/503 [100018]:] removing inactive unmanaged service: com.apple.xpc.launchd.unmanaged.SafariExtension.454632024-11-12 13:51:01.537354-0600 0x95b907 Default 0x0 354 0 launchservicesd: [com.apple.processmanager:front-35286506] QUITTING: pid=45463 asn=0x-0x176176 foreground=0 wasFront=0 2024-11-12 13:51:01.537375-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] exited due to SIGKILL | sent by launchd[1], ran for 342ms 2024-11-12 13:51:01.537380-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] service state: exited 2024-11-12 13:51:01.537384-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] internal event: EXITED, code = 0 2024-11-12 13:51:01.537385-0600 0x95b672 Default 0x0 1 0 launchd: [pid/45238/SafariExt [45463]:] job state = exited Just before this, I see a macOS error 2024-11-12 13:51:06.789342-0600 0x95b74f Default 0x0 45238 0 Safari: (Security) [com.apple.securityd:security_exception] MacOS error: -67054 This occurs only in my customer machines but not in my test machines. I have verified the code signing, certificate validity & entitlements are fine.

I have a simple Safari extension which contains only Javascript and no native code. Currently I have the placeholder SafariWebExtensionHandler.swift that Xcode created when I added the extension. It's not doing anything useful, but simply deleting it doesn't seem to work. Can I have an extension that includes no native code?

Hi everyone, We work on a macOS plugin which then gets loaded into another application. I'm trying to load a webpage in that application through our plugin using a WKWebView & I set my class as the navigationDelegate for the same. I do not receive any callbacks for the WKNavigationDelegate methods. I have debugged & made sure that the navigationDelegate is actually set to my class. Here is a sample code of what I'm doing : [[NSApplication sharedApplication] runModalForWindow:self.mWindowController.window]; - (void)windowDidLoad { [super windowDidLoad]; [self.window makeKeyAndOrderFront:self]; [self.window orderFrontRegardless]; if (self.mLoadingView == nil) { self.mLoadingView = [[LoadingView alloc] initWithFrame:[[self.window contentView] frame]]; } [[self.window contentView] addSubview:self.mLoadingView]; [self.mLoadingView showLoadingView]; [self.window setLevel:NSMainMenuWindowLevel]; [self loadWebPage]; } -(void)loadWebPage { [self.mWKWebView setUIDelegate:self]; [self.mWKWebView setNavigationDelegate:self]; [self.mWKWebView stopLoading]; NSURL *lURL = [self samplePageURL]; WKNavigation *lNavigation = [self.mWKWebView loadRequest:[NSURLRequest requestWithURL:lURL]]; } - (void)webView:(WKWebView *)pWKWebView didFinishNavigation:(WKNavigation *)pNavigation { [self removeLoadingview]; [self.mWKWebView evaluateJavaScript:@"document.body.setAttribute('oncontextmenu', 'event.preventDefault();');" completionHandler:nil]; } I do not get any calls in the webView:didFinishNavigation: & I also tried other methods like webView:didStartProvisionalNavigation, webView:didFailProvisionalNavigation:withError: etc but did not receive any call in those either. Instead of runModalForWindow: if I use showWindow: on the mWindowController the webpage somehow loads but I still don't get any callbacks & so the loadingview subview is also present. The WKWebView is placed in a storyboard, and I have an IBOutlet connected to it in my class. Has anyone faced a similar issue or can point me to something I might be missing? All help is appreciated. Thanks in advance.

Hello, I am developing Safari Content Blocker extension and discovered that it frequently fails to load with large amount of rules. Currently I have over 45k and most of the time when I reload the extension on iOS 18 (iPhone 12) it ends with error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named com.apple.SafariServices.ContentBlockerLoader" UserInfo={NSDebugDescription=connection to service named com.apple.SafariServices.ContentBlockerLoader} #0 And the simpler message is just: Couldn’t communicate with a helper application. From what I managed to find (for example here - https://developer.apple.com/forums/thread/756931) the limit for blocking rules should be 150k items. It was previously 50k but got increased years ago. Is there anything special I need to do to get the extension to work reliably with say 100k items? I am usng the JSON format from the docs: { "trigger": { ... }, "action": { ... } }, { "trigger": { ... }, "action": { ... } } ] My trigger is url-filter and the action is type: block I was thinking about providing multiple JSON files in attachments property of NSExtensionItem but apparently that is not supported. Thanks for help!

We have a Web Extension that uses firebase for auth. It was working fine until the latest version of Safari 18.3 got released few days ago on January 27, 2025. All of out extension versions stopped working on it; even the ones that are published on App Store. It uses FirebaseJS v9.23.0. Same version of the extension are working fine on other browsers. We use onAuthStateChanged to listen to auth related events; but it is never fired now.