Hi, I’m experiencing a persistent issue with the iOS on-screen keyboard in mobile Safari. My website (built with PHP, but the issue is clearly on the frontend) has a fixed header (position: fixed; top: 0). However, when a user focuses on an input field and the keyboard opens, the entire viewport shifts upward. No matter what I try, the keyboard seems to push everything up: The header does not stay fixed at the top of the screen In some cases, it briefly stays, then animates/jumps as if trying to reposition itself It feels like the whole layout is being moved rather than just the visible area adjusting I’ve already tried: Removing transforms on the header Forcing position: fixed with top: 0 Avoiding 100vh Testing without custom JavaScript related to viewport handling But the behavior remains the same: opening the keyboard causes the entire layout to shift. Is this expected behavior due to how iOS handles the visual viewport? Is there a reliable way to keep a fixed header truly fixed when the keyboard appears? Any insight or recommended approach would be greatly appreciated. Thanks!

What I am trying to do I am building a browser-based exam proctoring platform that runs in Safari and Chrome on iPad. I need to detect when a candidate opens another app or browser tab in Slide Over (the floating panel) while the exam is running in the background. This is a pure web app - no native wrapper, no MDM. What I've already tried I tried listening to window blur and focus events neither fires when Slide Over is triggered on Chrome. I tried document.visibilitychange - same result, it never fires during Slide Over. I tried the resize event but it is completely inconsistent on iPadOS Chrome. For Split View I am computing the ratio of window.innerWidth to window.screen.width and flagging below 0.80 as a likely split. That works. But Slide Over doesn't change the viewport at all - the exam tab stays full width in the background. So my ratio check is completely blind to it. My question Is there any JavaScript API, browser event, visualViewport property, or any other web-accessible signal that fires or changes when iPadOS enters Slide Over mode — specifically from a page running inside Safari or Chrome (WKWebView)? Even an indirect signal would help. If there's truly no way to detect this from a web page today, is there a recommended pattern or workaround that others have used? I've seen the interaction heartbeat approach (flagging when no pointerdown arrives for N seconds) but that's too noisy for an exam context where a candidate may be reading a long question.

Dear Apple Product Team, I would like to propose a usability enhancement for Safari on iOS that, in my opinion, would significantly improve the user experience. Current Situation: Currently, to change the default search engine in Safari, users must navigate to Settings → Safari → Search Engine, select their preferred option, and return to browsing. This workflow requires multiple taps and interrupts the user's flow. Proposed Solution: Add a quick search engine selector to the bottom toolbar in Safari (adjacent to the Smart Search field). Tapping this control would display a compact menu allowing users to instantly switch between available search engines (Google, DuckDuckGo, Bing, Yahoo, Ecosia, etc.) without leaving the browser. Key Benefits: ⚡️ Time-saving: Instant switching without navigating through Settings 🎯 Flexibility: Use different search engines for different query types (e.g., DuckDuckGo for privacy, Google for local results) 📱 Intuitive UX: Consistent with iOS design patterns and gesture-based navigation 🔧 Enhanced productivity: Streamlines research workflows for power users Implementation Suggestion: Long-press or tap-and-hold on the search field could trigger the selector Alternatively, a small chevron/icon next to the search field could open the menu Selected engine could persist per-tab or session-based, based on user preference I believe this feature aligns with Apple's commitment to privacy, efficiency, and user-centric design. Thank you for considering this suggestion for future iOS releases.

Our app uses WKWebView to load web pages, and we're encountering a crash with WKScreenTimeConfigurationObserver on iOS 26.1 and above. However, there are no WKScreenTimeConfigurationObserver-related code calls in our project. The crash log is as follows: NSInternalInconsistencyException Cannot update for observer <WKScreenTimeConfigurationObserver 0x13be821e0> for the key path "configuration.enforcesChildRestrictions" from <STScreenTimeConfigurationObserver 0x13be808e0>, most likely because the value for the key "configuration" has changed without an appropriate KVO notification being sent. Check the KVO compliance of the STScreenTimeConfigurationObserver class. We want to confirm if this is a system bug. How can we fix it?

Updated to the latest developer beta and while on VPN I am no longer able to connect to any website with Safari. Firefox has no issues with the connection and the computer is definitely online. Firefox is able to load and use both internal pages and external sites, without any issue. Other apps on the computer are able to access the network. Safari fails immediately, with "There was a bad response from the server." If I enable developer mode and look at the network tab in Safari I don't see any requests going out for the pages, it just immediately loads ErrorPage.html and page-load-errors.css Disconnect from VPN and everything works again. Anyone else seeing this?

On macOS 26, when a passkey sign-in flow is started in Safari or another WebKit-based browser (for example, DuckDuckGo browser), smart cards become inaccessible as soon as the password manager selection UI is shown, but only if the website offers “Security Key” as one of the passkey storage/authentication options. At that moment, it appears the system starts polling connected smart cards and does not properly release the transaction/session. As a result, other applications and libraries can no longer communicate with the smart card until the passkey UI is dismissed, and in practice the card may remain unavailable until the passkey sign-in flow is fully completed. This does not happen in Chrome. This does not happen if the website does not offer the “Security Key” option. This does not happen during passkey registration; the issue affects sign-in only. From our investigation, Safari/WebKit appears to open communication with connected smart cards and keep the transaction/session active. Because of that: • our own smart card code blocks while waiting for a PC/SC transaction to begin; • the system pcsctest utility also hangs and does not continue until the passkey selection UI is closed; • a minimal sample using TKSmartCard also blocks on beginSession(). This suggests the smart card is locked not only at the PC/SC level, but also at the CryptoTokenKit level. This issue is critical for us. We are developing a password manager that supports storing keys on a smart card, and due to this behavior we cannot access our card while Safari/WebKit is showing the passkey flow. Is there any way to stop safari from accessing smartcards? Any terminal commands/settings/workarounds?

I'm experiencing a native crash on iOS 26+ with WebKit with title: EXC_BAD_ACCESS (KERN_INVALID_ADDRESS). The stack trace points to UIKit/WebKit animation and context menu handling, and the crash occurs while a WebView is presented or dismissed. Crashed: com.apple.main-thread 0 WebKit 0x7bcfac <redacted> + 12 1 WebKit 0xaf5c34 <redacted> + 84 2 UIKitCore 0x34ebdc -[_UIContextMenuAnimator performAllCompletions] + 248 3 UIKitCore 0x7f997c block_destroy_helper.72 + 1840 4 UIKitCore 0x7fb4b4 objectdestroy.36Tm + 88 5 UIKitCore 0x7ad354 objectdestroy.3Tm + 30500 6 UIKitCore 0x5c0e5c __swift_memcpy192_8 + 4352 7 UIKitCore 0x21944 block_copy_helper.374 + 40 8 UIKitCore 0x1dc174 -[_UIGroupCompletion _performAllCompletions] + 160 9 UIKitCore 0x35d0c4 -[_UIGravityWellEffectBody .cxx_destruct] + 180 10 UIKitCore 0x215018 -[UIScrollView _contentLayoutGuideIfExists] + 72 11 UIKitCore 0x943e4 NSStringFromUIEdgeInsets + 304 12 UIKitCore 0x94348 NSStringFromUIEdgeInsets + 148 13 UIKitCore 0x8f598 __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 14 UIKitCore 0x1995d8c -[UIViewAnimationBlockDelegate _sendDeferredCompletion:] + 92 15 libdispatch.dylib 0x1adc _dispatch_call_block_and_release + 32 16 libdispatch.dylib 0x1b7fc _dispatch_client_callout + 16 17 libdispatch.dylib 0x38b10 _dispatch_main_queue_drain.cold.5 + 812 18 libdispatch.dylib 0x10ec8 _dispatch_main_queue_drain + 180 19 libdispatch.dylib 0x10e04 _dispatch_main_queue_callback_4CF + 44 20 CoreFoundation 0x6a2b4 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 21 CoreFoundation 0x1db3c __CFRunLoopRun + 1944 22 CoreFoundation 0x1ca6c _CFRunLoopRunSpecificWithOptions + 532 23 GraphicsServices 0x1498 GSEventRunModal + 120 24 UIKitCore 0x9ddf8 -[UIApplication _run] + 792 25 UIKitCore 0x46e54 UIApplicationMain + 336 26 - 0xedf88 main + 24 (AppDelegate.swift:24) 27 ??? 0x196686e28 (Missing)

com.apple.WebKit.WebContent process is being killed by the kernel’s memorystatus jetsam mechanism when it exceeds the ActiveHard 2048 MB limit, even though the iPhone has 12 GB physical RAM and hundreds of thousands of free pages available. This causes the exact same WebProcess → GPUProcess crash that was reported in thread 822200, but now the root cause is clearly visible in the kernel log. The crash only occurs on iPhones, never on iPads (even older ones). Environment Failing devices: iPhone 17 Pro (12 GB RAM) x 2 — iOS 26.3, 26.4, 26.4.1 Working devices (same page, same iOS): iPad Pro 2018 — iOS 26.1 (stable) iPad Pro 2025 — iOS 26.4 (completely stable) Reproduces in Safari and in WKWebView (Capacitor/Ionic app) Actual Logs (kernel + WebKit) `logApr 15 21:23:33 iPhone kernel[0] : memorystatus: com.apple.WebKit.WebContent [1596] exceeded mem limit: ActiveHard 2048 MB (fatal) Apr 15 21:23:33 iPhone kernel[0] : memorystatus: killing process 1596 [com.apple.WebKit.WebContent] in high band FOREGROUND (100) - memorystatus_available_pages: 196999 0x1110ec640 - [PID=4689] WebProcessProxy::didClose: (web process 0 crash) 0x1110ec640 - [PID=4689] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash 0x117048018 - [pageProxyID=7, webPageID=8, PID=4689] WebPageProxy::processDidTerminate: (pid 4689), reason=Crash 0x1130e8640 - [PID=0] WebProcessProxy::gpuProcessExited: reason=IdleExit ... (multiple RBSRequestErrorDomain Code=4 "Target process has a higher termination resistance..." errors)` Expected Behavior With 12 GB RAM and ~197k free pages, the WebContent process should not be killed at only 2 GB. The same heavy animation page runs stably on iPad (which apparently has a higher ActiveHard limit for WebKit). Additional Notes This is not a leak in the web page itself — the crash happens even when total system memory is plentiful. The 2048 MB ActiveHard limit appears to be applied specifically to iPhone device class, while iPad gets a more generous budget. The issue has existed since at least iOS 26.3 and affects both Safari and embedded WKWebView. This seems like an overly aggressive jetsam policy for WebKit on iPhone compared to the available hardware. Could the WebContent process’s memory limit be increased for modern iPhones (12 GB+ models)? Increased Memory Limit not worked for com.apple.WebKit.WebContent. I can only add this to my app. Thank you!

Hello. I am using Cordova Webview to select a photo from the album, save it locally, and then pass the saved path to the web for display. It displayed correctly up to OS 26.3.x, but starting from OS 26.4.x, I am unable to retrieve images from local paths. Part displayed in Cordova Webview I have also confirmed the existence of the corresponding file in the src path. Are there any known bugs or solutions? Thank you.

Under iOS 26 or macOS 26 I experience some issues when trying to delete certain cookies via WKWebsiteDataStore.httpCookieStore.deleteCookie(). Most cookies can be deleted just fine, but a few simply can not be deleted anymore. Calling the deleteCookie() function with a valid cookie (retrieved via getAllCookies()) does nothing. This is not an issue under iOS 18.x or macOS 15.x or older. Looking at the exact cookie data does not show anything special which would explain why certain cookies can't be deleted anymore. It is still possible to delete cookies via WKWebsiteDataStore.removeData(ofTypes:, for:), but of course then much more data is deleted, not just individual cookies. So this is not a solution, because it is important to be able to delete individual cookies. Does anyone has a workaround or solution for this macOS/iOS bug?

Whenever I call allDataStoreIdentifiers the app just crashes, tested on both iOS 26.1 simulator and iOS 18.7 device. #0 0x00000001b0d958fc in WTF::RunLoop::dispatch () #1 0x00000001af8e0650 in WTF::Detail::CallableWrapper<WebKit::WebsiteDataStore::fetchAllDataStoreIdentifiers(WTF::CompletionHandler<void (WTF::Vector<WTF::UUID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)>&&)::$_0, void>::call () #2 0x00000001b0d96eb4 in WTF::dispatchWorkItem<WTF::(anonymous namespace)::DispatchWorkItem> () #3 0x000000010bfd6064 in _dispatch_client_callout () #4 0x000000010bfc491c in _dispatch_lane_serial_drain () #5 0x000000010bfc55a4 in _dispatch_lane_invoke () #6 0x000000010bfd1894 in _dispatch_root_queue_drain_deferred_wlh () #7 0x000000010bfd0eb0 in _dispatch_workloop_worker_thread () #8 0x0000000223cbca0c in _pthread_wqthread () Enqueued from com.apple.main-thread (Thread 1) Queue : com.apple.main-thread (serial) #0 0x000000010bfc16f0 in dispatch_async_f () #1 0x00000001af8df11c in WebKit::WebsiteDataStore::fetchAllDataStoreIdentifiers () #2 0x00000001af8dff80 in +[WKWebsiteDataStore(WKPrivate) _fetchAllIdentifiers:] () #3 0x0000000104b91714 in closure #1 in closure #1 in closure #1 in SystemHealthLiveClient.load() at /Users/superx3man/Documents/Code/chefaio-app-ios/ChefAIO/Sources/View/HomeTabs/Settings/SystemHealth/SystemHealth+Client.swift:29 I'm wondering if there's a workaround on this crash.

Summary Our app’s WKWebView triggers a WebContent / GPU process crash on iPhone 15 running iOS 26.4. The same flow works on iPad running iOS 26.4. Environment Failing: iPhone 15, iOS 26.4 Working: iPad, iOS 26.4 Web stack: WKWebView / WebKit (Safari & Web) What we see The WKWebView web process terminates; logs show WebProcess and GPU process exits, followed by RBS assertion failures and (in one WebContent process) repeated containermanagerd XPC invalidation. Expected Web content loads and remains stable like on iPad 26.4. Actual Web process crashes; page goes blank or WebView recovers only after reload. Logs 0x10715d518 - [pageProxyID=14, webPageID=15, PID=3629] WebPageProxy::dispatchProcessDidTerminate: reason=Crash\ 0x10715ce18 - [pageProxyID=22, webPageID=23, PID=3629] WebPageProxy::dispatchProcessDidTerminate: reason=Crash\ 0x1480f01e0 - GPUProcessProxy::didClose:\ 0x1480f01e0 - GPUProcessProxy::gpuProcessExited: reason=Crash\ 0x14808c640 - [PID=3633] WebProcessProxy::gpuProcessExited: reason=Crash\ 0x14808cb80 - [PID=3634] WebProcessProxy::gpuProcessExited: reason=Crash\ WebContent[3633] 0x10d07ebc0 - GPUProcessConnection::didClose\ Error acquiring assertion: <Error Domain=RBSAssertionErrorDomain Code=2 "Specified target process 3630 does not exist" UserInfo=\{NSLocalizedFailureReason=Specified target process 3630 does not exist\}>\ 0x148128600 - ProcessAssertion::acquireSync Failed to acquire RBS assertion 'XPCConnectionTerminationWatchdog' for process with PID=3630, error: (null)\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 1 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 2 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 3 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 4 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 5 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 6 of 6\ WebContent[3634] _container_query_get_result_at_index: error = 2\uc0\u8594 (51) XPC_INVALID_REPLY;\ WebContent[3634] container_system_group_path_for_identifier: error = ((container_error_t)51) XPC_INVALID_REPLY\ WebContent[3634] 0x11107ebc0 - GPUProcessConnection::didClose\

Reproduction Steps:a. Create a WKWebView instance and set a custom string to customUserAgent.b. Load any web page (e.g., https://example.com).c. Check the User-Agent field in the request headers via packet capture tools or Web Inspector. Expected Result:The custom User-Agent should be appended to the default system identifier (Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15...), instead of being completely overwritten. Actual Result:The User-Agent is fully replaced with: NetworkingExtension/8624.1.16.10.6 Network/5812.102.3 iOS/26.4, and all basic system identifiers are missing. Additional Information: Device: iPhone 16 Pro Max iOS Version: 26.4 (Build 20T5127) WKWebView setup: Directly set using the customUserAgent property Network Extension features are not used in the project, but the NetworkingExtension identifier still appears in the User-Agent

升级到iOS18.7.7 App 使用网络访问xxxx 网址的时候报错： “此服务器的证书无效。你可能正在连接到一个伪装成“xxxx”的服务器，这会威胁到你的机密信息的安全。”

Observed versions: Reproduced on Tahoe / Safari 26 and iOS 26 Safari. Not reproduced on v18 Safari. Not reproduced in Chrome with the same reduced test setup. We are seeing a Safari-only rendering issue affecting an ad creative inside an iframe on both desktop Safari and iOS Safari. What we observe: The issue is reproducible in Safari on OS X and iOS v26. We do not reproduce it in Chrome with the same test setup. We can reproduce it in a minimal test case, outside our site app code. The issue appears tied to the rendered iframe document/layout, not our outer page layout. The problematic rendered structure inside the iframe looks like this: <div class="GoogleActiveViewElement" style="display:inline"> <ins class="dcmads" style="display:inline-block;width:320px;height:50px"> <script src="https://www.googletagservices.com/dcm/dcmads.js"></script> </ins> </div> Here is a simplified, local-reproducible version for testing: <div class="GoogleActiveViewInnerContainer" style="left:0px; top:0px; width:100%; height:100%; position:fixed; pointer-events:none; z-index:-9999;"></div> <div class="GoogleActiveViewElement" style="display:inline"> <ins class="dcmads" style="display:inline-block;width:320px;height:50px"> <script> document.write( '<a target="_blank" href="#"><img ' + 'src="data:image/svg+xml;utf8,' + encodeURIComponent( '<svg xmlns="http://www.w3.org/2000/svg" width="320" height="50">' + '<rect width="320" height="50" fill="#ffd8d8"/>' + '<text x="160" y="30" text-anchor="middle" font-family="Arial" font-size="14" fill="#222">' + 'img placeholder' + '</text>' + '</svg>' ) + '" ' + ' alt="Advertisement" border="0" width="320" height="50" style="display:block" /></a>' ); </script> </ins> </div> In Safari, this produces extra vertical spacing / cutoff above the ad. In the test code you will only notice an added top spacing, but when rendered in a live ad, the bottom gets cut off. A few details that may help: If we manually change the inner ins.dcmads from display:inline-block to display:inline, or adding overflow:hidden, the spacing issue goes away. If the loader script is moved outside the ins during manual experimentation, the issue also goes away. This makes it look like a Safari layout/rendering issue involving an inline wrapper around an inline-block ad container during script-driven rendering. Questions: Is this a known Safari/WebKit layout issue involving inline + inline-block content in iframe documents? Has there been any recent Safari/WebKit change that could affect this rendering path? Is there a preferred reduced repro format for reporting layout issues like this?

Background We are investigating Safari’s Prevent Cross‑Site Tracking feature (part of Intelligent Tracking Prevention / Link Tracking Protection) on iOS and macOS (latest versions). We fully understand and respect Safari’s privacy objectives and are not requesting any whitelisting or relaxation of protections. Our goal is to understand how Safari determines when and where query parameter stripping is applied, so we can design a compliant and predictable implementation. Based on public WebKit and privacy documentation, it is understood that Safari’s tracking prevention behavior may be influenced by: Tracker classification sources such as: DuckDuckGo Tracker Radar https://github.com/duckduckgo/tracker-radar EasyList / EasyPrivacy https://easylist.to/easylist/easyprivacy.txt WebKit privacy architecture and heuristics, including behavior described in: WebKit “Private Browsing 2.0” / Link Tracking Protection documentation https://webkit.org/blog/15697/private-browsing-2-0/ Request for Guidance To help us align fully with Safari’s privacy model, we respectfully request guidance on: How Safari determines, at a domain or subdomain level, when to apply query parameter stripping under Prevent Cross‑Site Tracking. Whether evaluation may be influenced by: Tracker classification sources (e.g., domain reputation or known tracking endpoints) Runtime network behavior (such as cross‑site analytics requests) Subdomain‑specific context or historical behavior Whether Prevent Cross‑Site Tracking is evaluated: Per navigation event Per domain or subdomain Based on cumulative or runtime signals Whether Apple recommends specific design patterns or alternatives for handling essential, non‑tracking URL data in a way that is compatible with Safari’s privacy protections. Our objective is to design a solution that respects Safari’s intent and avoids reliance on fragile or unpredictable URL‑based behavior.

Hi team, may I know how I can access the report for the Safari Smart App Banner here please? We want to know how many people taps to views or install the app from that specific banner. Please advise on this. Thank you.

I want to build a WebKit website, specifically for AI coding. Is there a custom code design or application code for this? I've already implemented a few SEO optimizations on my homepage. Could you please check and reply? seokurdu.com

I'm unclear on the implications of Apple's App Review Guideline 5.2.2: If your app uses, accesses, monetizes access to, or displays content from a third-party service, ensure that you are specifically permitted to do so under the service’s terms of use. Authorization must be provided upon request. If a paid subscription app uses a licensed search API to retrieve and display links to publicly available third-party web content, is the API license generally enough for compliance? Or does Apple expect separate authorization from each underlying website whose content appears in the search results?

I would like to script my Mac to close a specific iCloud Tab of my choice that is open on my iPhone. This is for Accessibility reasons. Ideally, I’d prefer to do this without using GUI scripting. AppleScript methods only seem to see tabs in Windows Extensions also do not seem to have visibility of the other types of tabs I've tried many options so far, but all seem to not work and are also far too brittle even if they did. I have a feeling I'm missing something! 1. Toolbar Dropdown In Desktop Safari you can enable a toolbar button “iCloud Tabs” which when clicked shows a list of the tabs currently open on your other devices. If you hover one, an X appears which can be clicked to close the tab. When you next use Safari on the remote device that tab will be closed. If it’s already open and awake then the removal happens around one second later. It’s quick. (But I did try GUI scripting and I can get to the row in the outline in the popup, but I can’t get the cross to appear to click it) 2. Start Page they’re also listed on favorites:// “start page” but there are issues viewing all and no way to search them. There used to be a search field until Safari ~15. 3. Omnibar They’re also shown in omni/address bar, but getting the correct item to appear at all or in a predictable position is fragile. 4. Sidebar Another alternative to the favorites/"start page" layout. Same issues. 5. Modifying Safari Database directly Changes are not mirrored to the cloud. It seems Safari does a cloudd request that I can't do.