Hello all, As you may know, the company ProofPoint is an Apple partner, and is engaged (I think) to reduce misuse of icloud emails. We have two servers solely set up for our web-app, which is a specialised forum for apartment owners. The new servers were established about the same time, with the same provider, with clean new IP addresses - and as mentioned above, are only used for this web-app. During a testing phase a YEAR ago, we became aware that our in-house icloud emails weren't receiving notifications via the app, and further investigations revealed that the cause was that ProofPoint had placed a block on that server's IP. We immediately, via their website form initiated a Support Ticket, which, the site indicated was lodged, BUT we have never received any response to that Ticket, nor have we received any response to four subsequent Tickets we initiated - nothing. In over a year!! Yesterday, we contacted Apple support, but the devices area of support is the main section and they said it wasn't an issue they could assist with. Some relevant matters: SPF: DKIM: DMARC: are, I believe all configured correctly (and Gmail gives a PASS to all of them). The IP is not blacklisted by any list we are aware of. Our other server's IP isn't blocked by ProofPoint. So, literally at wits end, I'm reaching out to the developer subscribers here to see if they have any suggestions for us. We currently are unable to accept any new subscriber that is using an icloud email address, and that's an absurd situation to be in. Surely we don't have to go to the trouble and inconvenience of obtaining a new IP because of this!!! But when we can't get ANY response to the Support Tickets, it's really hard. Thanks

Hi,
 We’re implementing Apple Pay on the Web for a multi-tenant platform via a PSP. The PSP operates multiple HSM/clusters and gave us multiple CSRs, asking us to register all.
Our understanding: a Merchant ID can hold several PPCs over time, but only one is active at once. Questions Is there any supported way to keep more than one PPC active simultaneously for the same Merchant ID? If not, what does Apple recommend for web-only, multi-tenant setups: a single MID with PSP-side decryption & sub-merchant separation, or separate MIDs per brand/region? Any official guidance on PPC rotation and handling many domains for Apple Pay on the Web? links to official docs or prior Apple responses would be appreciated.

Hi everyone, i'm running into a problem with my personal domain being flagged as 'deceptive website' in safari, and i can't figure out how to fix it Domain: neon0404.space This is just my personal domain - i use it for adguard home, vaultwarden, some test stuff, sometimes small web tools for friends or family Nothing illegal or malicious has ever been hosted there On july 6, i launched a very simple web utility for a friend when he opened it on ios safari, he got the red 'deceptive website warning' I checked this on other different devices - all got the same warning The next day (july 7) i submitted a review request via websitereview.apple.com, but got no reply I did some digging and found that safari safe browsing daemon pulls data from google safe browsing, tencent safe browsing, and some apple's internal lists So, going one-by-one https://transparencyreport.google.com/safe-browsing/search showed up that domain is flagged for something shady Signed up in google search console and saw my domain was flagged for 'malware links' (with no related urls listed), so looked like a false positive I audited everything related to this domain on august 5 - nothing suspicious Next day i requested a review in Google Search Console, just next day Google confirmed that everything is ok and removed the flag So, i thought, maybe this was the key and requested another review via websitereview.apple.com (august 7) No reply, domain still flagged While i was waiting, i checked domain in Tencent (https://urlsec.qq.com/check.html) - no issues Other services like VirusTotal, Norton and Sucuri showed up same result - no issues I attempted to contact regular support (even though it's not their area of responsibility), but just in case They, as expected, couldn't do anything At this point it feels like a dead end, so i'm here Has anyone been through this before? Is there any other way to escalate the review process with apple? Really appreciate any advice, as this domain is personal and linked to my username, which i want to use later

ios26beta8 mesh不切换

Hello, We are setting up Apple Sign In in one of our non production websites but we keep getting a "oauth code says expired or revoked" error. We have created a brand new service ID and key for this but are still getting this error.

I’m experiencing an issue in WKWebView on iOS 26 Developer Beta 8. If a view's subview contains a WKWebView, using the CALayer's renderInContext method fails to capture the pixel at the current point, and the console outputs "unsupported surface format: &b38". The following code snippet was functioning as expected on iOS 18 and iOS 26 beta 1. However, it no longer works in the latest beta. Is this a known bug in the current iOS 26 betas, or is there a recommended workaround? - (BOOL)isTransparentAtTouchPoint:(CGPoint)point layer:(CALayer *)layer { unsigned char pixel[4] = {0}; CGColorSpaceRef colorSpace = CGColorSpaceCreateDeviceRGB(); CGContextRef context = CGBitmapContextCreate(pixel, 1, 1, 8, 4, colorSpace, (CGBitmapInfo) kCGImageAlphaPremultipliedLast); CGContextTranslateCTM(context, -point.x, -point.y); [layer renderInContext:context]; CGContextRelease(context); CGColorSpaceRelease(colorSpace); CGFloat alpha = pixel[3] / 255.0f; return alpha < 0.01; }

Area: WebKit (Safari) Description: I am reporting an issue where our application's core functionality is being broken by Safari's Intelligent Tracking Prevention (ITP). ITP's "Link Tracking Protection" feature automatically strips specific query parameters from URLs. We understand this is an intentional privacy feature. However, our application requires these query parameters to carry essential, non-tracking data, such as authentication tokens or specific app-state information to function correctly. When a user navigates to our site, Safari strips these parameters, this means our client-side application never receives the necessary data, which breaks core features and leads to a failed user experience. This is a significant issue for our application as it prevents users from accessing their content. We are seeking guidance on how to resolve this. Questions for Apple: Is there a recommended way to identify and flag essential, non-tracking query parameters so that Safari's ITP does not strip them? Our parameters are critical for app functionality, not for third-party tracking. What is the recommended best practice for building web applications that rely on URL parameters while adhering to ITP's privacy-first model? We want to ensure our application is compatible with modern browser privacy features without compromising functionality. Could you provide a detailed explanation of what criteria ITP uses to decide which parameters to strip? Understanding the underlying logic would help us restructure our URLs to avoid this issue. Device Information: Operating System: iOS and macOS Safari Version: Latest stable versions on both platforms Device Models: All relevant models and device types

As you see in the image, when I fullscreen in WKWebView, it shows black instead of the webpage in full screen. It works fine in Sequoia. It has happened to me since beta 1, but I post it now, because we’re in beta 8 and it’s not fixed. What’s going on? Can somebody tell me if they have the same issue?

WebAuthn can be used in Safari, but when using it with WKWebView, you need to set the default browser definition (com.apple.developer.web-browser). Is this correct? Also, is it possible that the terms of use will change or that it will no longer be available in WKWebView in the future?

Hey, very strange problem I have on iOS when shared web as an app (pwa) to home screen. Whenever I use it via safari browser on iPhone, it works 100% fine every time. However, when I put it as an app on home screen, first time I open it it works fine, when i close it and reopen again, it just doesnt start recording. I have to restart my phone for it to work. So it works one time, I guess somehow it doesnt end stream or something, but in code I've tried all the possible ways to close and clean the track. tried GPT, Claude, Gemini solutions. nothing worked, it just works 1 time as PWA. my last hope is someone else encountered this issue and may try to help me ? https://pastebin.com/85i2L2vH

I'm creating an iPad app using Xcode 26 Beta 6. I have the following simple code and web page, but when I tap the file selection button, nothing appears. Do I need to add any additional code? code struct SwiftUIWebView: View { @State private var webPage = WebPage() private let url = URL(string: "https://www.xxxx.com/")! var body: some View { WebView(webPage) .onAppear { webPage.load(URLRequest(url: url)) } } } web page <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Test</title> </style> </head> <body> <div id="container"> <input type="file" /> </div> </body> </html>

If we use webView.loadFileURL(indexURL, allowingReadAccessTo: readAccessURL) on an iPad it loads the data and navigation works. But if we place two hands on top of the screen and move a bit, all click events are not working anymore. It works again if we call loadFileURL again. We filled a bug report: FB19812304

Hi everyone, We’ve recently run into an issue with Apple Pay on the web and would appreciate some clarification. Background: Previously, we integrated Apple Pay without using the Apple Pay JS SDK. We relied on ApplePaySession.canMakePayments() to check availability, and it worked fine. After Apple announced support for browsers beyond Safari, we switched to the Apple Pay JS SDK. According to Apple’s documentation, we should now use applePayCapabilities() for capability checks in third-party browsers. Our current behavior: We implemented applePayCapabilities(). Initially, it was returning either paymentCredentialStatusUnknown or paymentCredentialsUnavailable. Based on those values, we displayed the Apple Pay button. The problem: About a week ago, on the same device/browser, applePayCapabilities() started returning applePayUnsupported. Setup: MacBook Pro 13-inch (M1, 2020), Google Chrome Version 136.0.7103.93. The Apple documentation says: “Don’t show an Apple Pay button or offer Apple Pay” when the result is applePayUnsupported. However, at the same time, canMakePayments() is returning true. This creates a direct conflict between the two recommendations: canMakePayments() → true ⇒ show the button. applePayCapabilities() → applePayUnsupported ⇒ don’t show the button. Question: What’s the correct approach here? Should we prioritize applePayCapabilities() and hide the button, or is it acceptable to continue relying only on canMakePayments() as the source of truth for showing Apple Pay? Any insights from others who’ve run into this contradiction would be very helpful. Thanks in advance!

Can anyone of Apple give a status update whats planed with CC module scripts? Issue: https://bugs.webkit.org/show_bug.cgi?id=227967

Our UI-less share extension (com.apple.services) appears in Safari and Chrome. We raise a popup "Open in (app)..." via the Action.js script document.location.href = urlScheme://... in Safari. However, in Chrome, while our extension executes, parses the URL item attachment from Chrome, it never triggers that popup or opens our app. How can a UI-less share extension open our app from Chrome? Is the accepted practice, despite guidelines, turning the com.apple.ui-services view controller invisible and auto-openURLing? Several apps on the store appear to do this, immediately popping their app without any confirmation dialog or UI in both Safari and Chrome. https://stackoverflow.com/a/79369242

On iOS 26 Beta, WKWebView consistently crashes when interacting with pages that use -webkit-user-select: none. This issue does not reproduce in Safari, but only when the same content is loaded inside a WKWebView. Steps to Reproduce: Install iOS 26 Beta. Open a WKWebView that loads a webpage with the following style applied globally: -webkit-user-select: none; Perform the following gesture sequence inside the WKWebView: Double tap anywhere in the web content. On the second tap, keep your finger pressed (do not lift). While still holding the second tap, drag your finger across the screen (pan). This sequence reliably produces the crash. Expected Result: No crash. The gesture should either be ignored or handled gracefully. Actual Result: The app crashes 100% of the time with the following exception: #0 0x000000013f1a0874 in __pthread_kill () #1 0x00000001357522ec in pthread_kill () #2 0x00000001801ad950 in abort () #3 0x00000001802fa26c in __abort_message () #4 0x00000001802ea1a4 in demangling_terminate_handler () #5 0x0000000180077218 in _objc_terminate () #6 0x00000001802f9758 in std::__terminate () #7 0x00000001802fc7c0 in __cxxabiv1::failed_throw () #8 0x00000001802fc7a0 in __cxa_throw () #9 0x000000018009c1bc in objc_exception_throw () #10 0x00000001804f38f8 in +[NSException raise:format:] () #11 0x000000018c5fb570 in -[CALayer setPosition:] () #12 0x0000000185d02414 in -[UIView _backing_setPosition:] () #13 0x00000001867ec978 in -[UIView setCenter:] () #14 0x0000000186666468 in -[_UIEditMenuContentPresentation _displayPreparedMenu:titleView:reason:didDismissMenu:configuration:] () #15 0x0000000186666088 in __54-[_UIEditMenuContentPresentation _displayMenu:reason:]_block_invoke () #16 0x00000001867b3ed4 in -[UIEditMenuInteraction _editMenuPresentation:preparedMenuForDisplay:completion:] () #17 0x0000000186665fb0 in -[_UIEditMenuContentPresentation _displayMenu:reason:] () #18 0x0000000186665de4 in -[_UIEditMenuContentPresentation displayMenu:configuration:] () #19 0x00000001867b3260 in __58-[UIEditMenuInteraction presentEditMenuWithConfiguration:]_block_invoke () #20 0x00000001867b4c98 in __80-[UIEditMenuInteraction _prepareMenuAtLocation:configuration:completionHandler:]_block_invoke () #21 0x000000018653ff80 in __109-[UITextContextMenuInteraction _editMenuInteraction:menuForConfiguration:suggestedActions:completionHandler:]_block_invoke () #22 0x0000000186540448 in __107-[UITextContextMenuInteraction _querySelectionCommandsForConfiguration:suggestedActions:completionHandler:]_block_invoke () #23 0x000000018dba84f8 in WTF::Detail::CallableWrapper<WTF::CompletionHandler<void (IPC::Connection*, IPC::Decoder*)> IPC::Connection::makeAsyncReplyCompletionHandler<Messages::WebPage::RequestDocumentEditingContext, WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>>(WTF::CompletionHandler<void (WebKit::DocumentEditingContext&&)>&&, WTF::ThreadLikeAssertion)::'lambda'(IPC::Connection*, IPC::Decoder*), void, IPC::Connection*, IPC::Decoder*>::call () #24 0x000000018dca14cc in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Connection*, IPC::Decoder*>::call () #25 0x000000018e2d5c54 in IPC::Connection::dispatchMessage () #26 0x000000018e2d6118 in IPC::Connection::dispatchIncomingMessages () #27 0x00000001997f9c58 in WTF::RunLoop::performWork () #28 0x00000001997fa930 in WTF::RunLoop::performWork () #29 0x000000018044d4dc in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #30 0x000000018044d424 in __CFRunLoopDoSource0 () #31 0x000000018044cc0c in __CFRunLoopDoSources0 () #32 0x000000018044bd84 in __CFRunLoopRun () #33 0x0000000180446e24 in _CFRunLoopRunSpecificWithOptions () #34 0x00000001924c19bc in GSEventRunModal () #35 0x00000001862217a8 in -[UIApplication _run] () #36 0x00000001862259d0 in UIApplicationMain () Same issues below. https://developer.apple.com/forums/thread/796799 https://developer.apple.com/forums/thread/796501 https://developer.apple.com/forums/thread/796874 https://developer.apple.com/forums/thread/796686

Can someone please tell me which experimental WebKit feature would cause safari to keep timing out on certain sites with a lot of Java script due to heavy cpu drainage. I can provide analytics data if this helps.

現在新しいWebViewを使ってwebページを読み込むiPadプログラムを作成中ですが、読み込んだ後に部分のボタンをタップしても何も起こりません。safariで通常通りページを開いてボタンをタップするときちんと写真ライブラリ・カメラで撮るなどのポップアップが表示されます。下記がコードです。Webページは単純化のためにのみを配置しています。 struct SwiftUIWebView: View { @State private var webPage = WebPage() private let url = URL(string: "https://www.****.com/")! var body: some View { WebView(webPage) .onAppear { // URLを読み込む webPage.load(URLRequest(url: url)) } } } 何か追加のコードが必要なのでしょうか？

When practicing a post request today I forgot to use the setvalue method. Why is this method important and needed for a post request? Don't we just encode the data to JSON and put that as the httpbody and make the request

//Is my post method correct because google and claude are telling me I must use content type for the json and use .setvalue. I thought that my process was correct because I encode the data to turn into json and then make the request func createTask(_ task: Task) async throws -> Task { if let url = URL(string: "(baseURL)/todos"){ var request = URLRequest(url: url) request.httpMethod = "POST" let encoder = JSONEncoder() do{ let data = try encoder.encode(task) request.httpBody = data let (data, response) = try await URLSession.shared.data(for: request) return task //we want to make encoder and then turn the data into json and put it in body } catch{ throw JSONErrors.encodingFailed } } else{ throw URLError(.badURL) } }