Apple wydało najnowszą, 47 wersję eksperymentalnej, deweloperskiej wersji przeglądarki Safari - Safari Technology Preview.

Najnowsza wersja zawiera przede wszystkim zabezpieczenia przed atakiem typu Spectre wykorzystującym błędną konstrukcję procesorów, pozwalającą na dostęp do pamięci jądra.

Eksperymentalną przeglądarkę można pobrać ze strony w serwisie deweloperskim Apple. Jej dotychczasowi użytkownicy znajdą aktualizację w Mac App Store w zakładce „Aktualizacje”.

Pełna lista nowości i zmian (w oryginale):

Release 47

Storage Access API

  • Enabled allowing requests from non-sandboxed

  • Implemented frame-specific access in the document.cookie layer

  • Made document.hasStorageAccess() retrieve the current status from the network process

  • Refactored XPC for access removal to go straight from the web process to the network process

  • Removed the JavaScript confirm() prompt when requesting storage access

###Service Workers

  • Added support for response blob given to fetch events

  • Cancelled pending script loads when a Service Worker is being terminated

  • Changed Service Worker to expose redirect mode for navigation loads as manual

  • Changed extracting a body of type Blob to set the Content-Type to null instead of an empty string

  • Changed to use “error” redirect mode for fetching service worker scripts

  • Changed the Service Worker script fetch request to set the Service-Worker header

  • Changed Service Worker to not clean HTTP headers added by the application or by Fetch specification before Service Worker interception

  • Changed to reuse the document Service Worker for data URLs and blob URLs

  • Enabled User Timing and Resource Timing for Server Workers

  • Fixed the default scope used when registering a service worker

  • Fixed the Service Worker Registration promise sometimes not getting rejected when the script load fails

  • Fixed Service Worker served response tainting to keep its tainting

  • Fixed scopeURL to start with the provided scriptURL

  • Fixed self.importScripts() to obey updateViaCache inside service workers

  • Fixed Fetch handling to wait for the Service Worker’s state to become activated

  • Fixed SameOrigin and CORS fetch to fail on opaque responses served from a Service Worker

  • Fixed memory cache to not reuse resources with a different credential fetch option

  • Implemented “main fetch” default referrer policy setting

  • Prevented searching for service worker registration for non-HTTP navigation loads

  • Supported Service Worker interception of a request with blob body

Media

  • Enabled picture-in-picture from an inline element on suspend

  • Fixed playing media elements which call “pause(); play()” getting the play promise rejected

  • Fixed frame dropping during Flash video playback

  • Implemented