Explore the integration of web technologies within your app. Discuss building web-based apps, leveraging Safari functionalities, and integrating with web services.

All subtopics

Post

Replies

Boosts

Views

Activity

Safari Security Vulnerability - CSP policy bypassed script on Safari while chrome successfully blocking it.
on our web pages we have allowed certain sources of scripts though content-security-policy meta tag which is working fine as expected on Chrome browser and on Internet Edge. However there is a script called morosa.top when it inserted in our html page, safari is not able to block it while it was supposed to block. if this script gets executed it start taking screenshots of screen and post it to hacker. Please check this could be a potential issue. [Edited by Moderator]
1
0
720
Dec ’23
By build is yet not approved
Its been more than 32 days that i have submitted by build and neither has it been rejected nor approved, i have emailed them but havent got any reply. The details of my app are as follows: App Name BigBatteryChatBot Upload Date Nov 14, 2023 at 11:17 AM Build SDK 20C52 Bundle Version String 1 Original File Name 458dfc10-e358-4424-870b-989edef3e8d7.ipa Bundle ID com.bigbattery.chatbotcustomer
0
0
621
Dec ’23
Flexbox item not appearing on Safari (iOS 17.1.2)
I have a Website live on http://chatwithsanta.azurewebsites.net/ It uses Flexbox to show chat messages and a chat message input. Specifically, the Body is a flexbox container with a message screen containing messages, and a message input form at the bottom. This layout works in Chrome on desktop, even when Chrome is set to simulate an iPhone 12 Pro layout. But the form does not appear on my own iPhone. What should I do?
0
0
543
Dec ’23
Safari 17 blocking my JavaScript SDK completely in Private Browsing Mode
Hi Safari team, I am a product manager working for a large content recommendation company. Our JavaScriot SDK is running on more than 9000 leading publishers worldwide and has been certified to be aligned with global legal and privacy regulations and guidelines. We have the following problem: Since the launch of Safari 17 (in iOS, iPadOS, and MacOS) - we can see our JavaScript SDK blocked when the user uses the private browsing mode Safari 17 sometimes identifies our loading and rendering JavaSctipt files as any request/action by our domain to be a tracking activity (we see the JavaScript files in the console tagged with “Blocked connection to known tracker” log) In previous Safari versions, we only got the tracking functionality blocked, allowing our content to render We have the following questions: Can JavaScript running in Safari detect the user has the privacy mode turned on? Was there something specific in Safari 17 “Tracking Protection” functionality that now blocks content rendering on the page in addition to tracking activity? Context: We can run our JavaScript without performing any form of tracking, either directly by my domain or any other 3rd party vendor we are working with. We will render our content without performing any form of tracking or fingerprinting We are already following Apple’s iOS IDFA guidelines. Our iOS SDK, for example, detects and respects when the user opts out from sharing the IDFA on an iOS app running our code. In that case, we show our content without breaching the App Tracking Transparency framework rules. Besides sponsored content, our JavaScript SDK also powers organic recommendations for our clients. With Safari 17 blocking anything in private browsing mode, we see unfair interference with organic engagement. Please let us know if you provide guidance to allow our JavaScript SDK to render content when the user uses the private browsing mode, adhering to the privacy requirements. Thank you for helping! Omri.
0
2
1.4k
Dec ’23
iOS 17 Safari dropped support for #canonicalWebPageURL links?
iOS 17 Safari will not successfully open .reality (Reality Composer) files from a weblink. For example, this code works fine on iOS 16: The same code generates this message on iOS 17 after clicking on the link: "Object requires a newer version of iOS." QuickLook fails to render anything. I validated that the .reality file works fine when opened from iOS 17 Files app, so it's not a damaged file.
0
1
578
Dec ’23
Safari memory leak when webgl scene dipose and rebuid serval times
I have created a scene using THREEJS that loads GLTF files and image-format tile maps. When I repeatedly destroy and rebuild the scene, I notice that the memory keeps increasing in the Safari browser, but the same code performs normally in the Chrome browser. I have ensured that I properly dispose of all relevant resources when destroying the scene. THREEJS Version: r138 Google Chrome Version: 119.0.6045.200 Safari Version: 17.0(19616.1.27.211.1) Is there anyone who can give me some advice? Thanks!!!
1
0
464
Dec ’23
Crash entering Picture in Picture from webview on Mac Catalyst or Made for iPad
Crash seems to be in a private Apple framework. There's some other reports of this floating around but no solutions so far. Any ideas? *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[WebAVPlayerLayer startRedirectingVideoToLayer:forMode:]: unrecognized selector sent to instance 0x6000037033c0' *** First throw call stack: ( 0 CoreFoundation 0x0000000187d56800 __exceptionPreprocess + 176 1 libobjc.A.dylib 0x000000018784deb4 objc_exception_throw + 60 2 CoreFoundation 0x0000000187e083bc -[NSObject(NSObject) __retain_OA] + 0 3 CoreFoundation 0x0000000187cc0a84 forwarding + 1572 4 CoreFoundation 0x0000000187cc03a0 _CF_forwarding_prep_0 + 96 5 AVKit 0x00000001bdc81f30 -[__AVPlayerLayerView startRoutingVideoToPictureInPicturePlayerLayerView] + 156 6 AVKit 0x00000001bdcf1d48 -[AVPictureInPicturePlatformAdapter(Common) _setRoutingVideoToHostedWindow:pictureInPictureViewController:source:] + 84 7 AVKit 0x00000001bdcd952c -[AVPictureInPicturePlatformAdapter startPictureInPicture] + 380 8 AVKit 0x000000022883000c -[AVPictureInPicturePlatformAdapterAccessibility startPictureInPicture] + 44 9 AVKit 0x00000001bdcddea0 -[AVPictureInPictureController startPictureInPicture] + 216 10 WebCore 0x00000001c75277c8 -[WebAVPlayerViewController startPictureInPicture] + 128 11 libdispatch.dylib 0x0000000102c64f14 _dispatch_call_block_and_release + 32
2
0
765
Dec ’23
WebGPU issue with unpack4x8unorm on Safari Technology Preview 185
Hi, With Safari Technology Preview Release 185 (Safari 17.4, WebKit 19618.1.9.8) the compiler seems to struggle with unpack4x8unorm() instruction (at least). https://www.w3.org/TR/WGSL/#unpack4x8unorm-builtin Repro code: https://skal65535.github.io/webgpu/bug_unpack.html This modified version of 'hello triangle' should display a single triangle but doesn't. Uncommenting line 51 makes the triangle appear. Actually, adding the instruction: _ = unpack4x8unorm(0xdeadbeef); anywhere in the code triggers the bug, no matter if the line is used or not. Tested on a MacBook Pro M1 Sonoma 14.2.1 (23C71) Works fine with Chrome 120.0.6099.109 (Official Build) (arm64)
1
0
410
Dec ’23
Immersive AR mode of WebXR in visionOS Safari
After enabling WebXR following instructions from https://developer.apple.com/forums/thread/732629, I can successfully run WebXR, but it is limited to VR. I cannot get AR running. If I try await navigator.xr.isSessionSupported("immersive-ar"), the result is false. But if I try await navigator.xr.isSessionSupported("immersive-vr"), the result is true. I double checked that I specifically checked the box "WebXR Augmented Reality Module" in the Safari feature flags. Any idea how to enable WebXR AR mode? Thanks in advance!
1
1
1.1k
Dec ’23
Significant Safari 17.2.1 animation slowdown on MacOS 12.7.2
https://www.kardland.com uses Javascript and animation for playing a could solitaire card games. Playing FreeCell for example (https://kardland.com/freecell.html), initially the animation is okay as cards are auto-put-away for the player. But as the game continues it gets more and more sluggish to the point it becomes nearly unplayable. I have a 92MB screen recording but am apparently unable to attach to this post.
1
0
340
Dec ’23
chrome extension converted to safari, chrome.runtime.sendMessage does not work on iOS
My Chrome extension runs fine on Chrome, but when I use the following command to run it on Safari, I find that the result returned by chrome.runtime.sendMessage is always Undefined. xcrun safari-web-extension-converter --app-name MySafariTest dist The following is my code content.js: async test() { return chrome.runtime.sendMessage({ method: "test" }) } let result = await this.test() // result is always undefined background.js: chrome.runtime.onMessage.addListener((request, sender, sendResponse) => { sendResponse("test123") }); I want to know if there is any way to make the content script and background script of Chrome communicate normally in Safari?
0
0
527
Dec ’23
Updating Safari content blocker from daemon
I'm building a Safari content blocker extension. The app is able to use SFContentBlockerManager.reloadContentBlocker to update the content blocker's JSON rules. However, I'm also trying to update the rules in the background through a daemon. The daemon app is embedded inside the main app, and is registered by the main app through SMAppService. The issue I'm running into is I can't get both the GUI app and the daemon to both update the content blocker: If I embed the Safari extension inside the main app and not the daemon, the main app is able to update the extension, but the daemon fails with an "operation couldn’t be completed" error (supposedly because it isn't the owner of the app) Alternatively, if I embed the extension inside the daemon, the main GUI app can no longer update the extension (also failing with "operation couldn't be completed" If I try to embed the extension inside both the main app and the daemon, it works fine when running from Xcode, but App Store Connect verification fails because it won't allow an bundle ID with two periods after the main app ID (e.g. the main app is com.example.App, the daemon is com.example.App.daemon, and the extension is com.example.App.daemon.extension) I'm wondering if I'm missing something here? Is there a way to get Safari to recognize both the main app and the daemon as "owners" of the extension? Thanks in advance!
2
1
537
Dec ’23
Animated AVIF is rendered slowly on Safari
Animated AVIF is rendered slowly on Safari Tested with MacBook pro (16" 2019) and Safari (Version 17.0 - 19616.1.27.211.1) and also on several iPhone models (14, 15 Pro) (over BrowserStack) When using macBook pro (16" 2019) with Chrome (Version 120.0.6099.129) it is rendered OK example for 720p@25FPS: https://res.cloudinary.com/yaronshmueli/image/upload/cases/animated_AVIF_Apple/world_flight_fast_decode_tile_clmn_btiolg.avif
1
2
898
Dec ’23
WebXR Mixed Reality Supported in Safari Vision OS?
I understand that fully immersive experiences, Quicklook using USDZ, and the newly adopted element tag for 3D objects are all supported in WebXR in Safari on Vision OS. What about Mixed Reality in WebXR? Meaning augmented reality experiences seen using passthrough on the apple vision pro where you can see your environment in combination with the webXR experience. (not fully immersive) Can you run full webXR experiences in passthrough mode? Or just view 3D models.
4
2
986
Dec ’23
WebSocket connection failed while sending 10KB binary data
Hello, I'm creating a WebSocket connection to my server from the safari browser via console tab like below. let socket = new WebSocket('wss://localhost:1200/WS_TEST?client=123&session=1234'); socket.onopen = function (event) { console.log('WebSocket connection opened:', event); }; socket.onmessage = function (event) { console.log('Received buffer', event.data); }; Once the connection established, The server sends multiple data which includes text and binary data. When the server sends binary data more than 10KB after sending text data in the same socket, the WebSocket connection is getting failed. EX: Frame Type(Text): "Hi" Frame Type(Binary): just binary frame of size 11KB When the server send the binary data alone, the connection is not affected even the size is more than 100KBs EX: Frame Type(Binary): just binary frame of size 100KB
1
0
399
Jan ’24
Add to apple calendar is not working react PWA app on iPhone
Add to apple calendar is not working react PWA app on iPhone I have developed react PWA app reactjs - v16.14.0 and testing in my iphone13. I have used **npm library ** which opens google,outlook, apple calender event properly on android device, on IOS google and outlook works fine but add to apple calendar event doesnt not show any popup or not showing any error. I have reported one issue on this library forum but they have mentioned that Apple blocks the dynamic generation of ics files I am looking for resolution for this. Let me know proper way to add event in apple calender considering javascript library. [Edited by Moderator]
0
0
923
Jan ’24