That’s on Mac. PWAs on Mac aren’t a new capability since Chrome et al have had it for a long time. I’d be more interested if they improved iOS PWA capabilities
> When a user adds a website to their Dock, Safari will copy the website’s cookies to the web app. That way, if someone is logged into their account in Safari, they will remain logged in within the web app. This will only work if the authentication state is stored within cookies. Safari does not copy over any other kind of local storage. After a user adds a web app to the Dock, no other website data is shared, which is great for privacy.
This seems like a strange decision.
1. Auth with local storage can be quite nice if you don't need to send the cookies to the server on every request.
2. This will lead to different login states in the browser and in the "app" which is not what I would expect and can be inconvenient if you open links to that website.
With the `SameSite=strict` option on modern browsers and the `HttpOnly` (plus `Secure` to only run in SSL secured context), Cookies are more secure and the way to go instead of storing credentials anywhere accessible from within JavaScript. Before SameSite=strict, cookies were a security nightmare and often resultet in XSRF attacks, and required XSRF mitigations (like xsrf tokens), but this is no longer the case as all modern browsers support it.
Wish they would do this on iOS (and allow a custom install button). They recently removed shared Caches between serviceworkers in Safari and the PWA on iOS, requiring to relogin after every PWA "install" :(
As for your (2) point, I think cookies is the only thing that should be copied. LocalStorage or IndexedDB could result in inconsistwncies and breakage (PWA and Website code can version missmatch).
> Web apps on Mac support web push, badging, and all the usual web standards implemented by WebKit, just like web apps on iOS and iPadOS.
Not a lie, but they leave out an important part: To have webpush or badges on iOS you need to "install" the web app - but since iOS PWAs block custom install buttons, the user had to know thst he has to push "Share" and "Add to home screen". To my experience, almost noone knows this or does this.
If I remember correctly, Safari addressed many transform-related bugs two years ago, which resulted in me noticing fewer bugs (quite drastically). Around that time, Safari became my primary development browser, which may have also contributed to this observation.
Based on Web Platform Test [0], it looks like Chromium browsers are not performing any better in this area.
But I feel the pain of having to carefully test 2D/3D transform and animation on all browsers across platforms (even Safari on iOS and macOS can have different behaviors).
You're getting downvoted but to be honest, it's true -- Safari's layout engine and JS execution is just so glitchy and unpredictable. I'm guessing it's because they're prioritizing speed/efficiency over accuracy, but as a web dev it's...frustrating.
samwillis|2 years ago
Interesting to see Safari adding JPEG XL support just as Chrome dropped it:
https://news.ycombinator.com/item?id=35589179
https://news.ycombinator.com/item?id=33399940
simpleintheory|2 years ago
chocolatkey|2 years ago
dwaite|2 years ago
kevincox|2 years ago
This seems like a strange decision.
1. Auth with local storage can be quite nice if you don't need to send the cookies to the server on every request.
2. This will lead to different login states in the browser and in the "app" which is not what I would expect and can be inconvenient if you open links to that website.
littlecranky67|2 years ago
With the `SameSite=strict` option on modern browsers and the `HttpOnly` (plus `Secure` to only run in SSL secured context), Cookies are more secure and the way to go instead of storing credentials anywhere accessible from within JavaScript. Before SameSite=strict, cookies were a security nightmare and often resultet in XSRF attacks, and required XSRF mitigations (like xsrf tokens), but this is no longer the case as all modern browsers support it.
littlecranky67|2 years ago
As for your (2) point, I think cookies is the only thing that should be copied. LocalStorage or IndexedDB could result in inconsistwncies and breakage (PWA and Website code can version missmatch).
zwily|2 years ago
littlecranky67|2 years ago
Not a lie, but they leave out an important part: To have webpush or badges on iOS you need to "install" the web app - but since iOS PWAs block custom install buttons, the user had to know thst he has to push "Share" and "Add to home screen". To my experience, almost noone knows this or does this.
scarface_74|2 years ago
DANmode|2 years ago
So there has to be a tasteful user notification informing them that the site has enabled that feature in the manifest?
FractalHQ|2 years ago
itsuka|2 years ago
Based on Web Platform Test [0], it looks like Chromium browsers are not performing any better in this area.
[0] https://wpt.fyi/results/css?label=master&label=experimental&...
But I feel the pain of having to carefully test 2D/3D transform and animation on all browsers across platforms (even Safari on iOS and macOS can have different behaviors).
warning26|2 years ago
meepmorp|2 years ago
nmstoker|2 years ago
dwaite|2 years ago
pjmlp|2 years ago