undefined | Better HN

0 pointsdathinab4y ago0 comments

Firefox, Chrome, Edge and Opera support it (including mobile).

Internet Explorer is dead (ok, is a Zombie. But was supper-seeded by Edge for most users).

Safari is sadly not yet supported.

The nice thing is that you can employ security enhancements based on this technique even if it's not supported by all your clients.

I.e. you can automatically reject requests if the headers are given and have a bad value, which would add additional protection against certain attacks for all users except the ones stuck on IE or Safari.

0 comments

drchickensalad4y ago

Safari truly is IE in 2021

twsted4y ago

This is a story that you can often hear on HN but I don't think it's correct. There were three correlated reasons for the bad reputation of IE some years ago:

1. it was largely dominant, so people thought they could develop just taking that browser in consideration

2. for the previous point, MS started to develop proprietary features (like ActiveX)

3. at a certain point its development was stopped for a long time

Safari certainly cannot match the first two reasons. But it cannot match the third either, because the development of standard web features is going on at good pace (see <https://webkit.org/status/>).

Ajedi324y ago

Those might be the reasons why users disliked IE, but the reason developers dislike IE were/are somewhat different:

1. It doesn't support many of the latest web standards

2. A large enough percentage of users use it that it can't be simply ignored

Both of those points apply to modern Safari. Less so to IE these days as #2 becomes less and less applicable; hence "Safari is the new IE".

reader_mode4y ago

Developers hated having to work around missing features for IE even when FF and Chrome took over the market, Safari is the exact same, except you can't even update the rendering engine on iOS, Apple doesn't want webapps to eat away at app store profit (notice how shitty and slow moving the webgl/webgpu thing has been mostly due to iOS Safari)

spartanatreyu4y ago

Counterpoints:

> Safari certainly cannot match the first two reasons.

1. Most users view websites on their phones. Safari is the only browser on iPhone (there are other browser skins, but they're all forced to run on top of Safari). The market share of iOS devices is usually about at least 50% in developed nations.

2. iOS has proprietary features, it is known as the App Store. If you want to develop certain things, you must use the app store, the browser is locked out of those features (even if all other browser vendors have them).

> But it cannot match the third either, because the development of standard web features is going on at good pace (see <https://webkit.org/status/>).

3. I probably don't need to go into this point since it's common knowledge that Safari has always been the least compliant browser in terms of web standards. Their history of holding back features or implementing features with critical flaws that make them useless has been a recurring trend for the last decade. Just because they have checked a box on a table, doesn't mean the feature is anything close to useable.

no_way4y ago

Right now but you can reasonably develop a website which will work in Chrome and Firefox even without testing (not talking about any supper modern features), but Safari is riddled with bugs you wouldn't expect. Recently I have encountered multiple bugs regarding svg clipping in safari. Safari 14 also broke localstorage and indexeddb it's almost funny how bad safari is at actually just working.

1 more reply

atonse4y ago

I don’t quite understand this argument. Can you give me a couple examples of Safari holding back major parts of web design? Or is it more obscure stuff like some webGL engine?

Because I use Safari specifically for privacy reasons and it also used to never trigger my fans to full speed just to play videos, like Chrome. I also have read that while Safari does tend to take longer, their implementations tend to be more polished. But this was more like a tweet so take that anecdata with a grain of salt.

danielheath4y ago

I often try to use a feature and it doesn't work properly on one browser. It's nearly always mobile safari. This week, I've dealt with scroll-snap (which makes URL anchors work correctly with a sticky header) being supported but only for some layouts (every other browser works).

Today I spent hours debugging why pages with a particular iframe embed would log you out of the parent site on Safari / iOS. Possibly because the same first-party resource was requested from both outside and inside the frame? Not sure yet.

If you attempt to use localStorage from a private tab on safari, it reports that it's present and working, but raises an exception on any access (every other platform either does not expose localStorage in private tabs, or clears it after).

vbezhenar4y ago

Absence of push notifications makes it impossible to develop a lots of web apps.

Also more user-friendly way to install desktop shortcut would help tremendously to make web apps more popular. Of course Apple is not interested with that, but it's still sad.

darthmaim4y ago

Here are some examples: https://infrequently.org/2021/04/progress-delayed/

speedgoose4y ago

An an user, safari is great. Has a web developer, safari is hell.

Dah00n4y ago

I have done web-development both in the bad IE days but also recently and IMO it wasn't as bad to develop for IE as it is for Safari today. Safari is broken in strange and random ways and missing odd features and is a moving target (and seem to break more with time). Developing for IE was extremely well documented (especially in later versions) and avoiding pitfalls was very easy, even for people new to creating webpages using a few Google searches. Not so for Safari - unless you cut it completely off from all modern advances on the web. It just felt worse back then because IE was much more widespread.

vanviegen4y ago

Were you actually doing any serious web development in the mid 2000s? Because I have a feeling you wouldn't be saying this if you were.. :-)

1 more reply

sgift4y ago

And even for the same reason: If the browser was too good "no one" (very loosely defined here) would need to buy Apps anymore. :(

philistine4y ago

Let's completely sidestep the whole debate that we always have. This is a safety feature, Safari will implement it, you can bet on it. It's merely going to be the last to do it.

thayne4y ago

And yet safari is the last major browser to implement it.

robertoandred4y ago

People who say this never had to develop for IE.

alexghr4y ago

Yep, I don't know why my first thought was that malicious actors could just bypass this by using external HTTP clients (like curl) when in fact this spec is meant to augment CORS: browsers _will_ send these headers to the server and the server can choose to honour them or not (well, in the CORS case the browser will block the request if the response headers are incorrect).

It's defense in depth :D

Cyph0n4y ago

> supper-seeded

I think you meant superseded (pronounced super-seeded).

rrdharan4y ago

Fascinating, TIL that superseded is correct and superceded is and has been wrong for four hundred years :):

https://www.merriam-webster.com/dictionary/supercede

j / k navigate · click thread line to collapse

0 comments

drchickensalad4y ago

Safari truly is IE in 2021

twsted4y ago

This is a story that you can often hear on HN but I don't think it's correct. There were three correlated reasons for the bad reputation of IE some years ago:

1. it was largely dominant, so people thought they could develop just taking that browser in consideration

2. for the previous point, MS started to develop proprietary features (like ActiveX)

3. at a certain point its development was stopped for a long time

Ajedi324y ago

Those might be the reasons why users disliked IE, but the reason developers dislike IE were/are somewhat different:

1. It doesn't support many of the latest web standards

2. A large enough percentage of users use it that it can't be simply ignored

Both of those points apply to modern Safari. Less so to IE these days as #2 becomes less and less applicable; hence "Safari is the new IE".

reader_mode4y ago

spartanatreyu4y ago

Counterpoints:

> Safari certainly cannot match the first two reasons.

> But it cannot match the third either, because the development of standard web features is going on at good pace (see <https://webkit.org/status/>).

no_way4y ago

1 more reply

atonse4y ago

I don’t quite understand this argument. Can you give me a couple examples of Safari holding back major parts of web design? Or is it more obscure stuff like some webGL engine?

danielheath4y ago

vbezhenar4y ago

Absence of push notifications makes it impossible to develop a lots of web apps.

Also more user-friendly way to install desktop shortcut would help tremendously to make web apps more popular. Of course Apple is not interested with that, but it's still sad.

darthmaim4y ago

Here are some examples: https://infrequently.org/2021/04/progress-delayed/

speedgoose4y ago

An an user, safari is great. Has a web developer, safari is hell.

Dah00n4y ago

vanviegen4y ago

Were you actually doing any serious web development in the mid 2000s? Because I have a feeling you wouldn't be saying this if you were.. :-)

1 more reply

sgift4y ago

And even for the same reason: If the browser was too good "no one" (very loosely defined here) would need to buy Apps anymore. :(

philistine4y ago

Let's completely sidestep the whole debate that we always have. This is a safety feature, Safari will implement it, you can bet on it. It's merely going to be the last to do it.

thayne4y ago

And yet safari is the last major browser to implement it.

robertoandred4y ago

People who say this never had to develop for IE.

alexghr4y ago

It's defense in depth :D

Cyph0n4y ago

> supper-seeded

I think you meant superseded (pronounced super-seeded).

rrdharan4y ago

Fascinating, TIL that superseded is correct and superceded is and has been wrong for four hundred years :):

https://www.merriam-webster.com/dictionary/supercede

j / k navigate · click thread line to collapse