Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
67,563
37,945


On iOS 15, iPadOS 15, and macOS Monterey, Safari will automatically upgrade web connections for sites to the HTTPS protocol, in the case they're loaded in HTTP.

safari-ios15.jpg

The new feature largely went unnoticed during the WWDC keynote, but it is highlighted on the macOS Monterey and iOS/iPadOS 15 feature pages. Apple says that Safari now "automatically upgrades sites known to support HTTPS from insecure HTTP."

Safari on iOS 15, macOS Monterey, and iPadOS 15 all received major redesigns, including new Tab groups, synchronizable start pages, web extensions for iOS and iPadOS, and more. Learn more about iOS 15 and macOS Monterey in our dedicated roundups.


Article Link: Safari on iOS 15 and macOS Monterey Automatically Upgrades Web Connections to HTTPS on Compatible Sites for Improved Security
 
Last edited:
This HSTS preload which every other browser has had for like 5 years+.

Safari supports HSTS, but preload is a list of websites in a database on the device that it knows support TLS, so it never lets you connect to them over HTTP.
 
Last edited:
I thought it already did that. Here I am using BigSur (sadly on a 2014 MBP which is not supported by Monterey) and low and behold, the macrumors address bar shows a little lock link, clicking it shows https. So what is different?
 
I didn't follow the keynote that closely yesterday - that Safari UI is very... different.

I'm worried what my websites are going to look like with that new UI at the top.

I've long thought that bookmarks, history, and tabs should all kind of get blurred together... the browser should intelligently pick what's actually in memory. Kind of think of websites all just like apps on iOS - iOS automatically picks which are and aren't in memory. The only difference between apps and websites is that websites are accessed before bookmarking, while apps have to be installed (analogous to bookmarking) before accessing them.
 
I didn't follow the keynote that closely yesterday - that Safari UI is very... different.

I'm worried what my websites are going to look like with that new UI at the top.

I've long thought that bookmarks, history, and tabs should all kind of get blurred together... the browser should intelligently pick what's actually in memory. Kind of think of websites all just like apps on iOS - iOS automatically picks which are and aren't in memory. The only difference between apps and websites is that websites are accessed before bookmarking, while apps have to be installed (analogous to bookmarking) before accessing them.
It scans the site and pics the most prevalent color. For this forum it uses the darkblue of the top bar for instance to color everything. For a site like Windows Central everything is super bright pink and PCGamer is bright flashy red. (I tested this)

Not a big fan. Vivaldi uses the same UI and it feels obnoxious a lot of the time.
 
I really don't like the way the tabs are displayed - it breaks away from the look macOS has with tabs across other apps etc.

I find the current version of Safari and its layout is very linear, I like the persistent url at the top of the page, favourites, then my tabs. I hope there are options for putting the favourites up top, I don't want a sidebar.

Gosh I sound like a whiner. But that's what forums are for!
 
  • Like
Reactions: dburkhanaev
I thought it already did that. Here I am using BigSur (sadly on a 2014 MBP which is not supported by Monterey) and low and behold, the macrumors address bar shows a little lock link, clicking it shows https. So what is different?
MacRumors uses HTTPS because they have a signed certificate from one of the certificate authorities. Some sites to this day are HTTP, so without the lock. Just many sites are HTTPS mainly due to having users sign in, which you want to keep that information secure.

so safari will upgrade http sites to https connection.

I’m curious how it’ll affect sites that dynamically build links such as a Single Page Application in JavaScript.
 
Kinda thought that is something it already did.

I have the plugin HTTPEverywhere just in case it doesn't. I guess it might not be needed.

But how many people actually use Safari? Just curious... I've used ForeFox for what feels like my entire life (although I'm not that young) since it stems from Mozilla, and Netscape Navigator at some point. I actually found some very early Netscape CD's a few weeks ago. Those were the days. (But these are too)
 
With the new MacOS UI that removes a dedicated window title bar and crams everything into the top row, have developers considered how it will affect users trying to move a window when the top does not have enough empty space to drag using the mouse without accidentally clicking on something?
 
I really don't like the way the tabs are displayed - it breaks away from the look macOS has with tabs across other apps etc.
That's hilarious, now that you mention it. We just spent the last 15 years copying the Safari tabs to all the rest of Apple's apps, and now suddenly Safari has totally changed their tabs so we're back to where we were 15 years ago, consistency wise. Everything else from Apple is doing one thing, and Safari is off doing its own completely different thing.
 
  • Haha
Reactions: fahlman
Don’t know why it took them so long to implement this but better late than never.
I'm still missing something. It has been like this for awhile. Is there a technical distinction between going to https and https? It has automatically done that for a few years, so what is the distinction?
 
  • Like
Reactions: MacBH928
Most websites do that themselves:
If you approach a website via http it switches to https.
 
Seems redundant since any web site worth its salt has already used load balancer or web server to redirect from http to https over a decade ago. Difference is this is a local browser redirector. Seems more like marketing piece for DuckDuckGo and other companies that preach privacy lip service to get more market share. If it's anything like DuckDuckGo database they're shady AF, porn, etc. sites that you shouldn't be on to begin with.

https://staticcdn.duckduckgo.com/https/smarter_encryption_latest.tgz
 
  • Disagree
Reactions: ArtOfWarfare
MacRumors uses HTTPS because they have a signed certificate from one of the certificate authorities. Some sites to this day are HTTP, so without the lock. Just many sites are HTTPS mainly due to having users sign in, which you want to keep that information secure.

so safari will upgrade http sites to https connection.

I’m curious how it’ll affect sites that dynamically build links such as a Single Page Application in JavaScript.
Uh, no.
Apple has no way of "upgrading" sites to https, that can only be done by the operator of the site/server.
Either you run over https, or you don't, Apple has no say whatsoever on that.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.