[tda]

I seriously thought that implementing some site specific custom rendering behaviour was meant as a joke. Why change html/css for a website when you can just implement some hardcoded site specific behaviour straight in the rendering engine? What could possibly go wrong?

But after having a closer look at the PR, the 1900 LOC monstrosity Quirks.cpp actually seems to exist with lots of things like

    if (host == "tripadvisor.com"_s || host.endsWith(".tripadvisor.com"_s))
        m_needsRelaxedCorsMixedContentCheckQuirk = true;

Fixing CORS issues has never been easier

[thepra]

That's messed up, why should I put up with CORS when others have a special treatment...

[its-summertime]

Its used here: https://github.com/WebKit/WebKit/blob/dc1354a1d26db54d17f7d3...

Seems to be specifically for (not) upgrading images and videos from http to https, nothing else.

[jorlow]

If a browser has too many compatibility issues, users will switch away. Outreach to the sites in question takes time and is often unsuccessful. Quirks is the pragmatic answer.

[lye]

WebKit is used by the second most popular browser after Chrome. Don't forget iOS users.

https://gs.statcounter.com/browser-market-share

[knallfrosch]

My iOS/Safari is so bad, I have both Firefox and Chrome installed as a backup in case it doesn't work. They should start fixing Safari for real instead of adding Quirks.

[jraph]

I have bad news for you. On iOS, Firefox and Chrome use the same WebKit as Safari (because Apple doesn't allow third party browser engines on its App store).

[dizhn]

Didn't they allow alternative engines recently?

They even have emulators now. Undoubtedly a change forced on them by the EU.

[fallingknife]

So Microsoft got dragged through anti-trust hell for just bundling IE with Windows and letting you install whatever browser you wanted after that, but Apple gets away with literally banning you from installing the browser you want on your own device, but that's ok? Make it make sense.

[hhh]

what’s wrong with ios/safari? i don’t really ever have issues

[flessner]

Safari on MacOS is really nice, fast and offers everything I need... but every 3 months or so I stumble on a website that refuses to work at all - rendering looks off, buttons don't work etc...

Switching to Chrome usually fixes it - but I always question my sanity for about 10 minutes until I try it in Chrome.

[tyho]

That's an odd way of saying the third most popular browser.

[Terretta]

If you click link, look at chart, you'll see they mean second.

[stavros]

That's always confusing. They should have said "the second most popular browser (after Chrome)", or something like that.

[lapcat]

I don't know about quirks specifically, but often it takes many, many months before a WebKit commit actually ships to end users in Safari.

Anyway, Apple engineers aren't known for their outreach.

[mort96]

I hate CORS. Garbage like this is a large reason why. CORS works differently in every browser and every website.

I don't hate CORS when writing my own stuff, to be clear. Adding Access-Control-Allow-Origin: * to my own website's headers is easy enough. I hate when I'm using a website and something doesn't work and I look at the console and see CORS errors. Opening the same website in Chrome usually works.

I hate CORS.

[upheaval7276]

>CORS works differently in every browser and every website.

Do you have some examples of this?

[mort96]

Not anything concrete, just memories of things not working, me looking at the JS console, seeing CORS errors, and seeing it work in Chrome, as I described. And the comment I replied to showed that it works differently between websites, namely:

    if (host == "tripadvisor.com"_s || host.endsWith(".tripadvisor.com"_s))
        m_needsRelaxedCorsMixedContentCheckQuirk = true;

[upheaval7276]

That's a site-specific partial exemption from the same origin policy, as far as i can tell (without further context at the moment). Not a difference in how CORS works generally across Safari.

CORS is frustrating for a lot of developers as it can be tough to gain a complete understanding of the spec, and an understanding of the same origin policy is required. But implementation of the CORS spec(s) isn't notably different across modern browsers, now that IE is out of the picture. CORS was a real nightmare in IE. Microsoft even introduced an XHR cousin named XDR in IE10 to handle cross-origin requests, and it wasn't even a complete implementation of CORS.

This is a great resource to gain a more comprehensive understanding: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

[mort96]

I don't hate CORS from a developer perspective, I hate it from a user perspective, and from a broader "health of the web" perspective. Because, as I said, it works differently between browsers and it works differently between websites within the same browser. Mostly these differences just mean I have to use Chrome instead of my preferred browser.

[orphea]

I guess a similar thing is happening with GPU drivers and games.

[CapsAdmin]

yes, and drivers (used to at least) check the filename of the exe causing unexpected behaviour like performance degradation or even gains in some cases

[jamesfinlayson]

Still now I'd say - Counter-Strike 2's release was foreshadowed by nvidia or ATI having cs2.exe in some config files last year.

[wruza]

In cases like benchmarking software, I guess.

[easyThrowaway]

I wonder if any of those rules could be (mis)used to workaround or defeat iOs/macOs security features?