Safari Icon

Safari

Apple web browser on macOS and iOS.
13 Stories
All Topics

Apple appleinsider.com

How Apple could kill CAPTCHAs

AppleInsider explains Apple’s new Private Access Tokens (PAT) tech announced at WWDC:

Using a new HTTP authentication method called PrivateToken, a server uses cryptography to verify a client passed an iCloud attestation check.

When the client needs a token it contacts an attester — in this case, Apple — which performs the process using certificates stored in the device’s Secure Enclave.

I’ve been waiting for someone to kill CAPTCHAs for us, but this will be an Apple-only solution for now:

The company is working to help make Private Access Tokens a web standard, but there is no mention of tokens working on Android or Windows. People on those platforms may have to put up with CAPTCHAs, for now — or wait for Microsoft’s and Google’s work on the matter.

I believe this is the draft of the standard that they’re referring to. Cloudflare also has a nice article on their work in this space.

WebKit Blog Icon WebKit Blog

Meet Web Push

One of the smaller (but big for webdevs) announcements from yesterday’s WWDC keynote was Web Push coming to Safari. It’s built on three web standards all working together. What does it do, well it enables websites to “notify their users of time-sensitive or high-priority events, even if the user does not currently have the site open.”

As long as you’ve coded your web application to the standards you will be able to reach Safari 16 users on macOS Ventura. You don’t need to join the Apple Developer Program to send Web Push notifications.

That’s good news, but is this feature something users want? I can think of zero websites that I’ve allowed to send me notifications even when Safari is open, let alone when I’m not even browsing the web.

Jen Simmons posted a nice thread on Twitter alongside the announcement and fielded many people’s questions/concerns along the way.

WebKit Blog Icon WebKit Blog

New WebKit features in Safari 15

With the release of Safari 15 for macOS Monterey, iPadOS 15, iOS 15, and watchOS, as well as macOS Big Sur and macOS Catalina, WebKit brings significant advancements in privacy and security, improved interoperability, and a host of new features for web developers. Take a look.

We discussed a few of these in-depth on JS Party #195, but at the time I was referencing the beta features announcement and it was 404ing during the show. This is a much better resource.

Chris Coyier CSS-Tricks

On (the lack of) iOS browser choice

Chris Coyier does a great job rounding up and summarizing conversations around #AppleBrowserBan:

Just last week I got one of those really?! 🤨 faces when this fact came up in conversation amongst smart and engaged fellow web developers: there is no browser choice on iOS. It’s all Safari. You can download apps that are named Chrome or Firefox, or anything else, but they are just veneer over Safari. If you’re viewing a website on iOS, it’s Safari.

Six Colors Icon Six Colors

Safari Keyword Search hits 2.0, comes to iOS

Dan Moren writing for Six Colors:

Safari Keyword Search is a little tool that allows you to define shortcuts for searching specific sites. For example, you could type “imdb George Clooney” to be taken directly to the IMDb search results for George Clooney, or “w iPhone 13” to go straight to the Wikipedia page for the iPhone 13. You can also define your own shortcuts, so, for example, I’ve defined “sc” as a Google search limited to sixcolors.com, which helps me quickly turn up articles here…

On iOS 15, Mobile Safari supports web extensions. That means this free and awesome tool is now available on the go, where it shortcuts are even more useful.

Safari httptoolkit.tech

Safari isn't protecting the web, it's killing it

Tim Perry:

There’s been a lot of discussion recently about how “Safari is the new IE”

I don’t want to rehash the basics of that, but I have seen some interesting rebuttals, most commonly: Safari is actually protecting the web, by resisting adding unnecessary and experimental features that create security/privacy/bloat problems.

That is worth further discussion, because it’s widespread, and wrong.

Six Colors Icon Six Colors

Safari will reject long-lived HTTPS certificates starting September 1

Dan Moren writing for Six Colors:

News out of last week’s meeting of the CA/Browser Forum is that Apple has announced Safari will no longer accept HTTPS certificates older than about 13 months, as of September 1.

The rationale? Shorter certificate lifetimes are safer, for a variety of reasons. For one thing, it prevents a valid (and perhaps abandoned) certificate from being stolen or misappropriated by a bad actor, then used to trick consumers. While there is a process for revoking known bad certificates, it’s cumbersome and many browsers don’t even check the revocation lists.

This may be annoying to many of us in the short-term (our certificate here at changelog.com is a few years old), but it’s a good thing for the security of the web. Suddenly, Let’s Encrypt’s 90 day expirations look both prudent and prescient.

Safari adage.com

Apple's new anti-tracking feature in Safari takes toll

The irony here is that the site we’re linking to for this story is FULL of display ads. The web and mobile web for content sites, blogs, and the like tend to borderline on a confusing and/or terrible experience because of ads, modals, takeover screens, content that seems like content but is just content in disguise…then, THEN…the retargeting. I can see why Apple, with their focus on the users privacy, that this feature is a Safari thing and being lead by Apple.

The feature—blandly dubbed “Intelligent Tracking Prevention,” or “ITP 2”— is the second major iteration of its anti-tracking tool, which was first introduced last year. The update prevents marketers from targeting Safari users across the web. For example, someone who visits Nike’s website can’t be targeted elsewhere on the web, such as Google search or the New York Times website.

I’m all for websites finding ways to make money from smart relationships, partnerships, and “ads,” but they must be delivered in well-mannered and tasteful ways that does not objectify the reader or their privacy.

WebKit Blog Icon WebKit Blog

PWAs on Safari?!

Workers will be at your service in an upcoming release of Safari — specifically Safari Technology Preview 48, macOS High Sierra 10.13.4 and iOS 11.3 beta seed 2.

Youenn Fablet, software engineer at Apple, writes:

While WebKit’s implementation and feature set is quickly evolving, we believe it has reached an important milestone in terms of functionality and compliance: applications using service workers for offline support or network/cache optimizations run successfully on latest WebKit builds. Let’s now dive into the specifics…

There are threads on Twitter here and here you should check out for commentary on this spec.

This news comes after Microsoft announces PWAs are coming to Microsoft Edge and Windows.

Player art
  0:00 / 0:00