Under iOS 26 or macOS 26 I experience some issues when trying to delete certain cookies via WKWebsiteDataStore.httpCookieStore.deleteCookie(). Most cookies can be deleted just fine, but a few simply can not be deleted anymore. Calling the deleteCookie() function with a valid cookie (retrieved via getAllCookies()) does nothing. This is not an issue under iOS 18.x or macOS 15.x or older. Looking at the exact cookie data does not show anything special which would explain why certain cookies can't be deleted anymore. It is still possible to delete cookies via WKWebsiteDataStore.removeData(ofTypes:, for:), but of course then much more data is deleted, not just individual cookies. So this is not a solution, because it is important to be able to delete individual cookies. Does anyone has a workaround or solution for this macOS/iOS bug?

Reproduction Steps:a. Create a WKWebView instance and set a custom string to customUserAgent.b. Load any web page (e.g., https://example.com).c. Check the User-Agent field in the request headers via packet capture tools or Web Inspector. Expected Result:The custom User-Agent should be appended to the default system identifier (Mozilla/5.0 (iPhone; CPU iPhone OS 18_7 like Mac OS X) AppleWebKit/605.1.15...), instead of being completely overwritten. Actual Result:The User-Agent is fully replaced with: NetworkingExtension/8624.1.16.10.6 Network/5812.102.3 iOS/26.4, and all basic system identifiers are missing. Additional Information: Device: iPhone 16 Pro Max iOS Version: 26.4 (Build 20T5127) WKWebView setup: Directly set using the customUserAgent property Network Extension features are not used in the project, but the NetworkingExtension identifier still appears in the User-Agent

In iOS 26.4 beta, I noticed that when loading pages using WKWebView and using WebSocket to establish IP type addresses, the connection duration was several seconds and sometimes even failed to connect (normally, the connection duration should be in milliseconds). However, when establishing WebSocket connections using domain names, the connections were normal. Additionally, I discovered a special scenario: When directly establishing WebSocket connections using IP type addresses, it remained in the "connect" state. At the same time, based on Wireshark packet capture, it was found that no TCP connection was sent at this time. However, if two connections with the same address were established simultaneously, those two connections could successfully connect. This bug has seriously affected the use of my application service. Is there a chance that this version will solve the problem?

Summary Our app’s WKWebView triggers a WebContent / GPU process crash on iPhone 15 running iOS 26.4. The same flow works on iPad running iOS 26.4. Environment Failing: iPhone 15, iOS 26.4 Working: iPad, iOS 26.4 Web stack: WKWebView / WebKit (Safari & Web) What we see The WKWebView web process terminates; logs show WebProcess and GPU process exits, followed by RBS assertion failures and (in one WebContent process) repeated containermanagerd XPC invalidation. Expected Web content loads and remains stable like on iPad 26.4. Actual Web process crashes; page goes blank or WebView recovers only after reload. Logs 0x10715d518 - [pageProxyID=14, webPageID=15, PID=3629] WebPageProxy::dispatchProcessDidTerminate: reason=Crash\ 0x10715ce18 - [pageProxyID=22, webPageID=23, PID=3629] WebPageProxy::dispatchProcessDidTerminate: reason=Crash\ 0x1480f01e0 - GPUProcessProxy::didClose:\ 0x1480f01e0 - GPUProcessProxy::gpuProcessExited: reason=Crash\ 0x14808c640 - [PID=3633] WebProcessProxy::gpuProcessExited: reason=Crash\ 0x14808cb80 - [PID=3634] WebProcessProxy::gpuProcessExited: reason=Crash\ WebContent[3633] 0x10d07ebc0 - GPUProcessConnection::didClose\ Error acquiring assertion: <Error Domain=RBSAssertionErrorDomain Code=2 "Specified target process 3630 does not exist" UserInfo=\{NSLocalizedFailureReason=Specified target process 3630 does not exist\}>\ 0x148128600 - ProcessAssertion::acquireSync Failed to acquire RBS assertion 'XPCConnectionTerminationWatchdog' for process with PID=3630, error: (null)\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 1 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 2 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 3 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 4 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 5 of 6\ WebContent[3634] XPC connection to containermanagerd invalidated. Retry attempt 6 of 6\ WebContent[3634] _container_query_get_result_at_index: error = 2\uc0\u8594 (51) XPC_INVALID_REPLY;\ WebContent[3634] container_system_group_path_for_identifier: error = ((container_error_t)51) XPC_INVALID_REPLY\ WebContent[3634] 0x11107ebc0 - GPUProcessConnection::didClose\

Observed versions: Reproduced on Tahoe / Safari 26 and iOS 26 Safari. Not reproduced on v18 Safari. Not reproduced in Chrome with the same reduced test setup. We are seeing a Safari-only rendering issue affecting an ad creative inside an iframe on both desktop Safari and iOS Safari. What we observe: The issue is reproducible in Safari on OS X and iOS v26. We do not reproduce it in Chrome with the same test setup. We can reproduce it in a minimal test case, outside our site app code. The issue appears tied to the rendered iframe document/layout, not our outer page layout. The problematic rendered structure inside the iframe looks like this: <div class="GoogleActiveViewElement" style="display:inline"> <ins class="dcmads" style="display:inline-block;width:320px;height:50px"> <script src="https://www.googletagservices.com/dcm/dcmads.js"></script> </ins> </div> Here is a simplified, local-reproducible version for testing: <div class="GoogleActiveViewInnerContainer" style="left:0px; top:0px; width:100%; height:100%; position:fixed; pointer-events:none; z-index:-9999;"></div> <div class="GoogleActiveViewElement" style="display:inline"> <ins class="dcmads" style="display:inline-block;width:320px;height:50px"> <script> document.write( '<a target="_blank" href="#"><img ' + 'src="data:image/svg+xml;utf8,' + encodeURIComponent( '<svg xmlns="http://www.w3.org/2000/svg" width="320" height="50">' + '<rect width="320" height="50" fill="#ffd8d8"/>' + '<text x="160" y="30" text-anchor="middle" font-family="Arial" font-size="14" fill="#222">' + 'img placeholder' + '</text>' + '</svg>' ) + '" ' + ' alt="Advertisement" border="0" width="320" height="50" style="display:block" /></a>' ); </script> </ins> </div> In Safari, this produces extra vertical spacing / cutoff above the ad. In the test code you will only notice an added top spacing, but when rendered in a live ad, the bottom gets cut off. A few details that may help: If we manually change the inner ins.dcmads from display:inline-block to display:inline, or adding overflow:hidden, the spacing issue goes away. If the loader script is moved outside the ins during manual experimentation, the issue also goes away. This makes it look like a Safari layout/rendering issue involving an inline wrapper around an inline-block ad container during script-driven rendering. Questions: Is this a known Safari/WebKit layout issue involving inline + inline-block content in iframe documents? Has there been any recent Safari/WebKit change that could affect this rendering path? Is there a preferred reduced repro format for reporting layout issues like this?

Background We are investigating Safari’s Prevent Cross‑Site Tracking feature (part of Intelligent Tracking Prevention / Link Tracking Protection) on iOS and macOS (latest versions). We fully understand and respect Safari’s privacy objectives and are not requesting any whitelisting or relaxation of protections. Our goal is to understand how Safari determines when and where query parameter stripping is applied, so we can design a compliant and predictable implementation. Based on public WebKit and privacy documentation, it is understood that Safari’s tracking prevention behavior may be influenced by: Tracker classification sources such as: DuckDuckGo Tracker Radar https://github.com/duckduckgo/tracker-radar EasyList / EasyPrivacy https://easylist.to/easylist/easyprivacy.txt WebKit privacy architecture and heuristics, including behavior described in: WebKit “Private Browsing 2.0” / Link Tracking Protection documentation https://webkit.org/blog/15697/private-browsing-2-0/ Request for Guidance To help us align fully with Safari’s privacy model, we respectfully request guidance on: How Safari determines, at a domain or subdomain level, when to apply query parameter stripping under Prevent Cross‑Site Tracking. Whether evaluation may be influenced by: Tracker classification sources (e.g., domain reputation or known tracking endpoints) Runtime network behavior (such as cross‑site analytics requests) Subdomain‑specific context or historical behavior Whether Prevent Cross‑Site Tracking is evaluated: Per navigation event Per domain or subdomain Based on cumulative or runtime signals Whether Apple recommends specific design patterns or alternatives for handling essential, non‑tracking URL data in a way that is compatible with Safari’s privacy protections. Our objective is to design a solution that respects Safari’s intent and avoids reliance on fragile or unpredictable URL‑based behavior.

Hello All, I have a app which has a WKWebview loading some code from a remote origin - https://my-company.example.com When WKWebview loads remote origin, that page does load some of the sub-resources from in-app localhost server (GCDWebserver), i.e. reach out to a loopback based in-app GCDWebserver, now to provide a secure context I had an existing setup with self signed cert, CORS and everything needed for https on localhost. And the sub-resources used to load fine from https localhost till 26.4 Starting with iOS 26.4 it started breaking with TLSv1_ALERT_UNKNOWN_CA Is there any known guidance for this? Technically as per w3c spec, localhost is considered secure context by default right? and no special things need to be done. But ios/Webkit seem to be different in this regard. Is this a known issue, and is there any mitigation here? I'll try to provide a sample app soon if possible.

We are experiencing an issue after Xcode 26.0 to load local javascript files to WKWebView to render our own design. it used to work well, however after Xcode 26.0, when [self.webView loadFileURL:fileURL allowingReadAccessToURL:accessURL]; it returns [PID=1514] WebProcessProxy::hasAssumedReadAccessToURL(3198190): no access self.webRootPath = [[NSHomeDirectory() stringByAppendingPathComponent:@"Documents"] stringByAppendingPathComponent:CHAT_VIEW_WEB_ROOT]; NSFileManager *fileManager = [NSFileManager defaultManager]; NSError *error = nil; if (! [fileManager fileExistsAtPath:self.webRootPath]){ [fileManager createDirectoryAtPath:self.webRootPath withIntermediateDirectories:NO attributes:nil error:&error]; } NSURL *accessURL = [NSURL fileURLWithPath:self.webRootPath]; Not sure how to assign access permission to WKWebView. Any help much appreciated.

According to our crash analytics, our application crashes while a context menu is opened on a web view. This crash takes place on iOS 26+ only. The messages states that a web view is no longer inside active window hierarchy, however we doesn't modify web view instance's parent anyhow while the context menu is opened. Can you please help with a fix or at least workaround for this issue? What's your opinion for bug localization (application or framework)? NSInternalInconsistencyException UIPreviewTarget requires that the container view is in a window, but it is not. (container: <WKTargetedPreviewContainer: 0x14b442840; name=Context Menu Hint Preview Container>) userInfo: { NSAssertFile = "UITargetedPreview.m"; NSAssertLine = 64; } Crashed: CrBrowserMain 0 CoreFoundation __exceptionPreprocess + 164 1 libobjc.A.dylib objc_exception_throw + 88 2 Foundation -[NSMutableDictionary(NSMutableDictionary) initWithContentsOfFile:] + 0 3 UIKitCore -[UIPreviewTarget initWithContainer:center:transform:] + 660 4 UIKitCore (Missing) 5 UIKitCore (Missing) 6 UIKitCore (Missing) 7 UIKitCore (Missing) 8 UIKitCore (Missing) 9 UIKitCore -[_UIContextMenuPresentation present] + 56 10 UIKitCore +[UIView(UIViewAnimationWithBlocksPrivate) _modifyAnimationsWithPreferredFrameRateRange:updateReason:animations:] + 168 11 UIKitCore (Missing) 12 UIKitCore (Missing) 13 UIKitCore (Missing) 14 UIKitCore (Missing) 15 UIKitCore +[UIView(UIViewAnimationWithBlocks) _setupAnimationWithDuration:delay:view:options:factory:animations:start:animationStateGenerator:completion:] + 516 16 UIKitCore (Missing) 17 UIKitCore (Missing) 18 UIKitCore +[UIView __animateUsingSpringWithDampingRatio:response:interactive:initialDampingRatio:initialResponse:dampingRatioSmoothing:responseSmoothing:targetSmoothing:projectionDeceleration:retargetImpulse:animations:completion:] + 192 19 UIKitCore -[_UIRapidClickPresentationAssistant _animateUsingFluidSpringWithType:animations:completion:] + 316 20 UIKitCore -[_UIRapidClickPresentationAssistant _performPresentationAnimationsFromViewController:] + 516 21 UIKitCore -[_UIRapidClickPresentationAssistant presentFromSourcePreview:lifecycleCompletion:] + 400 22 UIKitCore __55-[_UIClickPresentationInteraction _performPresentation]_block_invoke_3 + 48 23 UIKitCore +[UIViewController _performWithoutDeferringTransitionsAllowingAnimation:actions:] + 140 24 UIKitCore __55-[_UIClickPresentationInteraction _performPresentation]_block_invoke_2 + 144 25 UIKitCore -[_UIClickPresentationInteraction _performPresentation] + 836 26 UIKitCore postPreviewTransition_block_invoke_2 + 104 27 UIKitCore handleEvent + 256 28 UIKitCore -[_UIClickPresentationInteraction _driverClickedUp] + 48 29 UIKitCore -[_UIClickPresentationInteraction clickDriver:didPerformEvent:] + 400 30 UIKitCore stateMachineSpec_block_invoke_5 + 48 31 UIKitCore handleEvent + 144 32 UIKitCore -[_UILongPressClickInteractionDriver _handleGestureRecognizer:] + 140 33 UIKitCore -[UIGestureRecognizerTarget _sendActionWithGestureRecognizer:] + 128 34 UIKitCore _UIGestureRecognizerSendTargetActions + 268 35 UIKitCore _UIGestureRecognizerSendActions + 268 36 UIKitCore -[UIGestureRecognizer _updateGestureForActiveEvents] + 308 37 UIKitCore -[UIGestureRecognizer gestureNode:didUpdatePhase:] + 300 38 Gestures (Missing) 39 Gestures (Missing) 40 Gestures (Missing) 41 Gestures (Missing) 42 UIKitCore -[UIGestureEnvironment _updateForEvent:window:] + 528 43 UIKitCore -[UIWindow sendEvent:] + 2924 44 UIKitCore -[UIApplication sendEvent:] + 396

According to our crash analytics, our application crashes while a context menu is closed (after being opened on a web view). This crash takes place on iOS 26+ only. Seems like WebCore::ElementContext::isSameElement is called after ElementContext has been destroyed, so it's a kind of use-after-free issue. Can you please help with a fix or at least workaround for this issue? What's your opinion for bug localization (application or framework)? EXC_BAD_ACCESS 0x0000000000000001 Crashed: CrBrowserMain 0 WebKit WebCore::ElementContext::isSameElement(WebCore::ElementContext const&) const + 12 1 WebKit __74-[WKSelectPicker contextMenuInteraction:willEndForConfiguration:animator:]_block_invoke + 84 2 UIKitCore -[_UIContextMenuAnimator performAllCompletions] + 248 3 UIKitCore (Missing) 4 UIKitCore (Missing) 5 UIKitCore (Missing) 6 UIKitCore (Missing) 7 UIKitCore (Missing) 8 UIKitCore -[_UIGroupCompletion _performAllCompletions] + 160 9 UIKitCore (Missing) 10 UIKitCore (Missing) 11 UIKitCore (Missing) 12 UIKitCore (Missing) 13 UIKitCore __UIVIEW_IS_EXECUTING_ANIMATION_COMPLETION_BLOCK__ + 36 14 UIKitCore -[UIViewAnimationBlockDelegate _sendDeferredCompletion:] + 92 15 libdispatch.dylib _dispatch_call_block_and_release + 32 16 libdispatch.dylib _dispatch_client_callout + 16 17 libdispatch.dylib _dispatch_main_queue_drain.cold.5 + 812 18 libdispatch.dylib _dispatch_main_queue_drain + 180 19 libdispatch.dylib _dispatch_main_queue_callback_4CF + 44 20 CoreFoundation __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 16 21 CoreFoundation __CFRunLoopRun + 1944 22 CoreFoundation _CFRunLoopRunSpecificWithOptions + 532 23 GraphicsServices GSEventRunModal + 120 24 UIKitCore -[UIApplication _run] + 792 25 UIKitCore UIApplicationMain + 336

I'm building a Capacitor iOS app with a plain <video> element playing an MP4 file inline. I want Picture-in-Picture to activate automatically when the user goes home — swipe up from the bottom edge of the screen (on an iPhone with Face ID) or press the Home button (on an iPhone with a Home button). Fullscreen → background works perfectly — iOS automatically enters Picture-in-Picture. But I need this to work from inline playback without requiring the user to enter fullscreen first. Setup <video id="video" playsinline autopictureinpicture controls src="http://podcasts.apple.com/resources/462787156.mp4"> </video> // AppDelegate.swift let audioSession = AVAudioSession.sharedInstance() try? audioSession.setCategory(.playback, mode: .moviePlayback) try? audioSession.setActive(true) UIBackgroundModes: audio in Info.plist allowsPictureInPictureMediaPlayback is true (Apple default) iOS 26.3.1, WKWebView via Capacitor What I've tried 1. autopictureinpicture attribute <video playsinline autopictureinpicture ...> WKWebView doesn't honor this attribute from inline playback. It only works when transitioning from fullscreen. 2. requestPictureInPicture() on visibilitychange document.addEventListener('visibilitychange', () => { if (document.visibilityState === 'hidden' && !video.paused) { video.requestPictureInPicture(); } }); Result: Fails with "not triggered by user activation". The visibilitychange event doesn't count as a user gesture. 3. webkitSetPresentationMode('picture-in-picture') on visibilitychange document.addEventListener('visibilitychange', () => { if (document.visibilityState === 'hidden' && !video.paused) { video.webkitSetPresentationMode('picture-in-picture'); } }); Result: No error thrown. The webkitpresentationmodechanged event fires with value picture-in-picture. But the PIP window never actually appears. The API silently accepts the call but nothing renders. 4. await play() then webkitSetPresentationMode document.addEventListener('visibilitychange', async () => { if (document.visibilityState === 'hidden') { await video.play(); video.webkitSetPresentationMode('picture-in-picture'); } }); Result: play() succeeds (audio resumes in background), but PIP still doesn't open. 5. Auto-resume on system pause + PIP on visibilitychange iOS fires pause before visibilitychange when backgrounding. I tried resuming in the pause handler, then requesting PIP in visibilitychange: video.addEventListener('pause', () => { if (document.visibilityState === 'hidden') { video.play(); // auto-resume } }); document.addEventListener('visibilitychange', () => { if (document.visibilityState === 'hidden' && !video.paused) { video.webkitSetPresentationMode('picture-in-picture'); } }); Result: Audio resumes successfully, but PIP still doesn't open. 6. Native JS eval from applicationDidEnterBackground func applicationDidEnterBackground(_ application: UIApplication) { webView?.evaluateJavaScript( "document.querySelector('video').requestPictureInPicture()" ) } Result: Same failure — no user activation context. Observations The event order on background is: pause → visibility: hidden webkitSetPresentationMode reports success (event fires, no error) but the PIP window never renders requestPictureInPicture() consistently requires user activation, even from native JS eval Audio can be resumed in background via play(), but PIP is a separate gate Fullscreen → background automatically enters Picture-in-Picture, confirming the WKWebView PIP infrastructure is functional Question Is there any way to programmatically enter PIP from inline playback when a WKWebView app goes to background? Or is this intentionally restricted by WebKit to fullscreen-only transitions? Any pointers appreciated. Thanks!

Fatal Exception: NSInternalInconsistencyException Cannot remove an observer <WKWebView 0x135137800> for the key path "configuration.enforcesChildRestrictions" from <STScreenTimeConfigurationObserver 0x13c6d7460>, most likely because the value for the key "configuration" has changed without an appropriate KVO notification being sent. Check the KVO-compliance of the STScreenTimeConfigurationObserver [class.] I noticed that on iOS 26, WKWebView registers STScreenTimeConfigurationObserver, Is this an iOS 26 system issue? What should I do?

Safari continues to display a "Fraudulent Website Warning" for openvan.camp despite the domain being clean across all major security databases for over a week. Chrome, Firefox, and all other browsers open the site without any warnings. Domain: openvan.camp Warning appeared: March 18, 2026 Warning type: Fraudulent Website Warning (red screen) Current security database status: Google Safe Browsing: ✅ Clean (transparencyreport.google.com) Google Search Console: ✅ No security issues Spamhaus DBL: ✅ Removed from blocklist Fortinet FortiGuard: ✅ Category "Travel" VirusTotal: ✅ 0/65 vendors URLVoid: ✅ 0/35 engines Steps taken: Removed the third-party ad network (Adsterra) that caused the original flag — March 18, 2026 Migrated hosting to Scaleway (AS12876, France), IP: 151.115.84.228 Configured SPF, DKIM, DMARC records Created functional abuse@ and postmaster@ role accounts Submitted review via websitereview.apple.com — no response after 5 days What we believe is happening: Apple's Safe Browsing database appears to have an independent entry for this domain that has not been updated despite all underlying security databases clearing the flag. Safari's warning persists even after deleting ~/Library/Safari/SafeBrowsing/ cache and re-downloading the database — which confirms this is not a local cache issue. Steps to reproduce: Open Safari on macOS or iOS Navigate to https://openvan.camp/ Safari displays "Fraudulent Website Warning" Open the same URL in Chrome — no warning Expected behavior: No warning should be shown. The domain is legitimate, clean, and verified. Has anyone experienced a similar issue? Is there any additional channel to escalate beyond websitereview.apple.com?

Subject: Cross-Domain Access Behaviour in WKWebView – Clarification Required Description: We are facing a cross-domain issue in our iOS application where WKWebView loads content from one domain and attempts to access resources/data from another domain. Current Setup: App Platform: iOS WebView: WKWebView iOS Version: 26 Primary Domain: *.franconnectqa.net Data/Analytics Domain: analytics.franconnectdev.net SSL: Valid certificates configured ATS: Enabled Issue: When WKWebView loads content from franconnectqa.net, it attempts to access resources or analytics from analytics.franconnectdev.net, resulting in cross-domain restrictions. We would like to understand: Does WKWebView support cross-domain resource access by default? Are there any configuration settings that allow controlled cross-domain access? Are there known limitations regarding cookies, local storage, or session sharing across domains? Does WKWebView enforce additional restrictions beyond standard browser CORS policies? Are there recommended best practices for handling cross-domain scenarios in WKWebView? Expected Behavior: We want to determine whether: Cross-domain access is supported under certain configurations, OR The recommended approach is to align all resources under the same domain. Kindly provide guidance on the supported architecture and any configuration recommendations.

Hi, we were recently approved for the com.apple.developer.web-browser.public-key-credential entitlement and have added it to our app. It initially worked as expected for a couple of days, but then it stopped working. We're now seeing the same error as before adding the entitlement: Told not to present authorization sheet: Error Domain=com.apple.AuthenticationServicesCore.AuthorizationError Code=1 "(null)" ASAuthorizationController credential request failed with error: Error Domain=com.apple.AuthenticationServices.AuthorizationError Code=1004 "(null)" Do you have any insights into what might be causing this issue? Thank you!

When using passkeys stored in iCloud Keychain (Passwords app) via Passkey Autofill in browsers other than Safari, the userVerification parameter is ignored and user verification (UV) is not performed. As a result, relying party servers that require userVerification = required fail validation because the UV flag is not set, causing passkey authentication to fail. This issue occurs when the following setting is disabled: Settings → Face ID & Passcode → Use Face ID For → Password AutoFill The issue is reproducible only with the following combination: Non-Safari browsers (e.g. Chrome) Passkeys stored in iCloud Keychain (Passwords app) Passkey Autofill The issue does not occur in the following cases: Safari with passkeys stored in any credential manager Non-Safari browsers using credential managers other than iCloud Keychain Steps to Reproduce: Go to Settings → General → Autofill & Passwords, and enable the Passwords app under “Autofill From”. Go to Settings → Face ID & Passcode → Use Face ID For, and disable “Password AutoFill”. Open Chrome and navigate to https://webauthn.io Enter a username and tap “Register” to create a passkey using the Passwords app (iCloud Keychain). On webauthn.io, go to Advanced Settings → Authentication Settings, and set “User Verification” to “Required”. Reload the page, tap the input field, and perform Passkey Autofill. User Verification is not triggered, and “Authentication failed” is displayed on webauthn.io. === This issue has already been reported via Feedback Assistant as FB21756948. I am posting here to confirm whether this behavior is working as intended or represents a bug, and to make other developers aware of the current behavior.

Hi, We're experiencing a WKWebView issue where the screen intermittently turns pure magenta (#FF00FF) in our production iOS app. After investigation, we traced this to WebKit's internal WKCompositingView.mm where [UIColor magentaColor] is used as a pending state indicator when coverView.hidden == NO. This matches rdar://163597990 / WebKit Bug 303157 ("Magenta flash when loading page"), which was fixed in commit 303720@main on 2025-12-01 via PR #54499. My question is simple: which iOS/Safari release includes this fix? We're on iOS 26.3 and still seeing the issue. We need to know: Is the fix already in iOS 26.3? (If so, there may be another unfixed code path) If not, which upcoming iOS version will include it? Our environment iOS 26.3, iPhone 15 Pro Max WKWebView with complex web content App codebase contains zero magenta color usage — this is purely from WebKit Related rdar://163597990 Bug 303157 — RESOLVED FIXED Bug 230531 — "Pages render as magenta after being in background" PR #54499 — Merged to main 2025-12-01 Any information about the release timeline would be very helpful. Thanks!

Before iOS 26.3, the WKWebView method open func loadFileURL(_ URL: URL, allowingReadAccessTo readAccessURL: URL) -> WKNavigation? worked fine when both parameters were passed the same path (e.g., h5path/index.html), allowing access to and loading of other files like CSS and JS within the h5path directory. However, in iOS 26.4 Beta, this results in an error, and the second parameter must point to a parent directory. Is this a bug?

Hi Team, We're trying to load an Image Ad inside WKWebView and we're wondering if we can adjust its width and height based on the loaded content. Currently, we're using evaluateJavaScript("document.body.scrollHeight") query to fetch the height of the content but often times we get incorrect value from it. We looked at the WKWebView documentation but couldn't find anything related to our use case. Could someone from the team guide us through the next step? Thanks

We are developing a mobile-first, browser-only web application that requires users to upload 20–200 images stored inside a single folder (for example, a merchant product directory). On iOS Safari: window.showDirectoryPicker() is not supported. is not supported. File System Access API is not available. Users must manually multi-select images from the Photos picker. This creates significant friction for bulk upload workflows. We are NOT requesting unrestricted file system access. We are asking whether a privacy-preserving, user-granted folder-scoped permission model is being considered for web applications. For example: User explicitly selects a folder. The web app receives scoped access only to that selected folder. Access is session-bound and revocable. No background or global storage access is required. Questions: Is folder-level access for web apps being considered for iOS Safari? Does installing a PWA provide any enhanced file access capability? Are there recommended best practices for handling bulk image uploads in browser-only iOS applications? Is there any roadmap alignment with the File System Access API standard? Our goal is to remain browser-only and maintain strict user privacy while improving usability for high-volume image workflows. Any clarification on intended platform direction would be appreciated.