What Safari’s 7-day cap on script-writeable storage means for PWA developers
Confusion about an announcement of upcoming changes to Apple Safari’s Intelligent Tracking Prevention (ITP) led to accusations of Apple intentionally trying to destroy Progressive Web Apps (PWAs) “just as they were taking off.” It turns out that that’s not the case. However, the changes still have serious ramifications for web developers and marketers.
Developers face numerous challenges as browser support varies for features they might want to use with modern websites. It has always been daunting dealing with so much variance. Increases in complexity further affect deployment across a wide spectrum of services. If PWA application support in Safari was restricted to a 7-day period, it would seriously impede progress in an exciting area where significant effort is expended.
After 5-years of development, JavaScript-based PWAs provide developers with opportunities to extend website content to load offline, and for online content to refresh local documents stored using JavaScript. Unfortunately, some have abused the extension of storage from cookies to “localStorage” and application cache stores for tracking personally identifying variables.
It would be a shame if that abuse led to only seven days for all storage. Certainly indexedDB API and localStorage are affected by this policy change and developers need to take that into consideration. Apple has clarified its position specifically with respect to web app Service Worker registrations and cache.
Safari’s script-writable storage
The storage available via cookies is very restricted, and removing cookies after seven days for reasons that involve privacy and security, as is ITP policy, is justifiable. Extending that policy to also remove “script writable storage” is a logical next step, except that listing the example of “Service Worker registrations and cache” sounded off warning bells to developers of PWAs.
The Safari policy regarding cookies is not a strict seven-day time limit. It involves a counter for up to seven unused days. That means every time a user opens Safari and visits your website, your seven-day counter for cookies and script-writable storage is reset to another seven days. Empty days don’t count against you when the user doesn’t use Safari.
It’s when they open Safari and browse without visiting your website on a particular day that days are added to your tally. You have seven such days until your cookies and all “script writable storage” is removed. It’s the user inactivity with your site that counts against you. Users will need to revisit your site in order for you to be able to write storage and start with a new counter.
You get infinite days with PWAs.
That’s not good enough for PWAs. Apple recognizes that.
By virtue of the way PWAs work, once your app is added to the home screen it will never run up a seven-day tally. That’s because Safari itself is not loading your app (even though the launcher invokes Safari Webkit’s WebView object).
The launcher has its own counter that is entirely separate from Safari’s counter, and each app shell operates from within its own separated process. A self-referencing counter by your app can only reset itself on each use. Since it resets itself each time, never, say, opening a different app, you get infinity storage until and unless the user removes your app.
It is notable that the Webkit team addressed the confusion with the note: “If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.”
Why should we care?
PWA development and use is picking up steam. As a Google-initiated project, Safari support is important to its success. Google engineers were among those seriously concerned about the new Safari policy change. The phrase “script-writable storage” in the context of only seven-days unused lifespan was initially thought to threaten that success.
It may not be the intention of ITP to delete data in first party relationships which includes PWA home screen apps. It is, however, their intention to further crimp down default privacy in Safari to only really enable a robust first-party relationship, clearing out all unused data after a 7-day counter. At least now marketers know how their days are numbered in Safari.
More development tips for SEOs
http://feeds.searchengineland.com/~r/searchengineland/~3/21bfMXrPtUg/what-safaris-7-day-cap-on-script-writeable-storage-means-for-pwa-developers-332519