Cloud Four Blog

Technical notes, War stories and anecdotes

Service Workers at Scale, Part II: Handling Fallback Resources

Part I of this series established that some of the challenges in building service workers for complex websites stem from having to accommodate page request variations. In this iteration, we’ll touch on how to handle similar variations in the acquiring and delivering of fallback resources.

Pre-caching fallback dependencies

A familiar pattern for caching dependencies is to request them in bulk during the installation stage. We began with this approach in our own service worker, specifying path strings for all fallback resources:

addEventListener('install', event => {
  event.waitUntil(
    caches.open('dependencies')
      .then(cache => {
        return cache.addAll([
          '/offline',
          '/books-offline',
          '/assets/offline-avatar.png',
          '/assets/offline-photo.png'
        ]);
      )
      .catch(err => console.warn(err))
      .then(skipWaiting())
  );
});

Cache.addAll() converts each element of the array it receives into a new Request object, so you can conveniently pass it an array of strings. This simple approach worked well during local development, but there were some issues on our more complicated test server. We needed more control over the requests made by Cache.addAll(), so we created them explicitly:

cache.addAll([
  new Request('/offline', {...}),
  new Request('/books-offline', {...}),
  new Request('/assets/offline-avatar.png', {...}),
  new Request('/assets/offline-photo.png', {...})
]);

Constructing our own requests gave us the ability to override their default options. The necessity to supply these options became obvious once we saw 401 responses to our fallback page requests. The server had enabled HTTP auth, so requests sent from our worker in attempt to pre-cache resources were failing.

The credentials option solved this problem, allowing our requests to break through the authentication barrier:

cache.addAll([
  new Request('/offline', {credentials: 'same-origin'}),
  // ...
]);

We also decided to use the cache option for future-proofing. This will be useful for controlling how requests interact with the HTTP cache. While it currently only works in Firefox Developer Edition, we included it to make sure pre-cached responses are fresh1:

cache.addAll([
  new Request('/assets/offline-photo.png', {cache: 'reload'}),
  // ...
]);

For an overview of other cache option values, check out Jake Archibald’s article with various examples of service worker and HTTP cache interoperability.

Responding with fallback images

Our pre-cache items include generic images intended to serve as “fallbacks” for unfulfilled requests. We needed to account for two different fallback image types, each with their own visual treatment:

  1. Images embedded in articles
  2. Avatars for authors and commenters

To determine which fallback should be used for a given request, we associated each with a URL hostname:

const fallbackImages = new Map([
  [location.hostname, '/assets/offline-photo.png'],
  ['secure.gravatar.com', '/assets/offline-avatar.png']
]);

Using a map like this, we can conveniently lookup the proper fallback based on the URL of an unfulfilled request:

function matchFallback (req) {
  const {hostname} = new URL(req.url);
 
  if (isImageRequest(req)) {
    const image = fallbackImages.get(hostname);
    return caches.match(image);
  }
 
  // ...
}

“Redirecting” to offline pages

As with our fallback images, we also needed to accommodate a bit of variation in our handling of fallback pages. Some pages that we wanted to make available offline had too many images to justify pre-caching. In these cases, simplified versions of those pages (minus the images) were created to use as substitutes, as if they were redirected.

Because all of the pages with offline variations are local, they can be mapped by their URL pathname, and incorporated into our matchFallback() handler accordingly:

const fallbackPages = new Map([
  ['/books', '/books-offline'],
  ['/workshops', '/workshops-offline']
]);
function matchFallback (req) {
  const {hostname, pathname} = new URL(req.url);
 
  if (isImageRequest(req)) {
    const imagePath = fallbackImages.get(hostname);
    return caches.match(imagePath);
  }
 
  if (isPageRequest(req)) {
    const pagePath = fallbackPages.get(pathname);
    return caches.match(pagePath);
  }
 
  // Use an new response if nothing better can be found.
  return Promise.resolve(new Response(/* ... */));
}

Coming up next: Cache trimming and invalidation

In the next part of this series, we’ll cover strategies for invalidating old caches and limiting the amount of storage space they can occupy.


  1. To fill in for the sparse browser implementation, it’s recommended to use some form of cache-busting when pre-caching static resources. 

Why Mobile First Design Works

Spending the last few days in New York City for Smashing Conference reminded me of an analogy for Mobile First Design that seems to resonate with people.

If you’ve made your life fit in a tiny New York apartment, you’ll have no trouble when you move to a house in the suburbs.

But going the other way, from a house full of stuff to a tiny apartment, is much more difficult.

Designing for small screens works the same way.

Android Instant Apps, Progressive Web Apps and the Future of the Web

Google’s announcement of Android Instant Apps caused me to fear for the future of the web for the first time.

I’ve participated in many native versus web debates over the years. We even contemplated becoming an iOS-only shop after working on the Obama ’08 iPhone App.

But we chose to bet on the future of the web, and I had never doubted that decision in the years since until seeing Android Instant Apps.

Why Android Instant Apps Unnerved Me

When we placed that bet on the web years ago, we didn’t bet on the web “winning”. I didn’t think there was a contest to win. I expected apps and web to live side-by-side, and thus far, it has played out that way.

Plus, there were three factors that made me believe the web was the correct long term bet:

  1. PhoneGap/Cordova showed how most apps could be built using web technology once the web got access to device capabilities and features like push notifications.
  2. Scott Jenson’s Mobile Apps Must Die and the Triumph of the Mundane made compelling arguments that the app store model wouldn’t scale into an Internet of Things future. This belief is the foundation of the Physical Web project.
  3. Worst-case scenario, it seemed like a good future could be made simply building websites to promote apps.

We’ve finally reached a point where the promise of PhoneGap is becoming reality due to browser advances and Progressive Web Apps. And yet just as that promise is about to bear fruit, Android Instant Apps come along.

Stephanie Rieger once observed that we often install apps; give them space on our devices; and use our bandwidth to update them all “just in case” we need them. What we really need is “just in time” apps instead of “just in case” apps.

We need to use apps and throw them away. These sorts of transient experiences are something the web is excellent and that apps are poor at providing.

That is until Android Instant Apps which, in theory, make just-in-time apps possible.

And it is notable that one of the examples Google is showing off not only uses a common Physical Web example—a parking meter, but also uses the Physical Web beacon to launch the Android Instant App without ever opening the browser.

And if search results can open apps without needing to install apps, well, there goes my future career building websites for those apps.

Android Instant Apps may be vaporware

This year’s I/O keynote was full of promises and short on shipping code. Android Instant Apps was a prime example.

The scuttlebutt at the event is that Android Instant Apps have a long ways to go before they are ready for prime time. There are big questions about security, privacy, performance, and user experience that remain to be solved. And converting existing apps to Android Instant Apps in a single day is…optimistic.

But even if there are challenges, Android Instant Apps are a shot across the bow of the web. If there was ever any doubt that the owners of native platforms would eliminate the web if they could, there should be no doubt now.

Progressive Web Apps

At I/O, Google also heavily promoted the best alternative that we’ve had yet to native apps: Progressive Web Apps. The fact they were both promoted by the same company at the same event still blows my mind.

Over the last few days, there has been a lot of debate about progressive web apps between people who appear to be in violent agreement with each other. There’s been a lot more discussion than I can cover here so I am going to try (and probably fail) to summarize the debate thusly:

  1. Early progressive web apps are not responsive, not progressive, and only work on one platform and thus Google shouldn’t be promoting them.
  2. Chrome’s criteria for the app install prompt doesn’t support URLs as well as it should.
  3. Progressive web apps are a Google thing that they’re pushing that only works on Android to the determent of the broader web.
  4. People spend far too much time talking about apps and trying to make things that compete with native.

On the first two points, there is mostly broad consensus. The folks on the Chrome team dislike that the best examples they have thus far all have shortcomings, but they are the best ones have so far. They want to encourage developers to make them better instead of chastising them for not doing everything right out of the gate.

I sympathize with both perspectives. I agree with Michael Scharnagl when he cautions us to not repeat the errors from the beginning of responsive web design when it comes to progressive web apps.

And yet, if a client came to us and said they wanted to move to responsive web design, but they felt it was risky, I might very well suggest they start by using device detection to route mobile traffic to a m-dot site where they could test the design before rolling it out further.

That is what the BBC did with their beta responsive web design and they were praised for their work. How is that substantially different than Flipkart’s Progressive Web App for which they are getting grief? Yes, it started on Android Chrome only, but they promised to make it work elsewhere and are about to deliver on those promises.

I think the only major difference is that by the time the BBC did their mobile-only beta, we already had the Boston Globe to look at. Plus, we didn’t have a large company like Google using the BBC site as an example.

Keep in mind, Flipkart had actually shutdown its mobile website earlier so this is a welcome return to the web for them.

As far as URLs are concerned, the Chrome team agrees. Both Chrome and Opera are working on ways to fix it.

I find the third point fruitless to discuss as it seems to emanate from distrust of Google. I understand why people distrust Google, but distrust often makes for circular conversations because you can never address the core issue.

Which bring us to the final point and the question of whether or not we’re spending too much time worrying about native.

The web that cried wolf

In response to some of the progressive web apps criticism, Alex Russell went on a bit of a Twitter rant about the challenges facing the web. Peter Gaston collected the tweets and added some thoughts. Bruce Lawson from Opera chimed in saying that Alex “is not being alarmist; it's true.

And yet, the day after Alex issued a clarion call to save the web, Recode’s big headline is that The App Boom is Over:

Last month, the top 15 app publishers saw downloads drop an average of 20 percent in the U.S., according to research from Nomura.

Because this isn’t the first time that someone has sounded the web’s death knell, people were rightly skeptical.

I’ve been in the skeptical camp in the past. And I’ve previously ascribed a lot of the concern about the web from Chrome Googlers to their internal battles with the Android team.

It can’t be fun to be part of the Google’s Web Developer Relations team—recently renamed from Chrome Developer Relations to emphasize that their role is to promote the web, not one browser—and have the company you work for releasing Android Instant Apps. Worse, announcing it at a conference where you have to spend the next three days answering multiple questions about it from people like me. (Sorry!)

But the Google Web DevRel team also has more opportunity to talk to people working in companies around the world. Same with Opera. It would be foolish to completely dismiss what they say.

Plus, in addition to my fears of Android Instant Apps, I’ve recently been spending some time in Google Trends and the graphs for web-related searches are a bit depressing.

Web development vs. Android Development Google Trends

Web design Google Trends

Lately, I vacillate on whether the web is endangered or poised for a massive growth due to the web’s new capabilities. Frankly, I think there are indicators both ways.

Pascal’s Wager

A few years ago, I watched a video on climate change that applied a decision matrix to the question of whether or not climate change is real. The matrix looked something like this for worst case scenarios:

Climate Change Do Something Do Nothing
Not real Spend money unnecessarily, possible global recession Status quo
Real Save the world Destroy the world

That’s simplified, but it gets at the heart of the matter. If climate change deniers are right, the worst case scenario is a recession which sucks, but is something we’ve recovered from. If climate change deniers are wrong, the consequences for inaction are something that puts our existence as a species at risk.

I’ve been thinking about a similar matrix for this question of whether or not the web is imperiled by native and if we should do the things that Google advocates. That decision matrix might look like this:

Web is threatened Build PWAs Don’t Build PWAs
Not real Users get a faster, better web experience Current slow web
Real Users get a faster, better web experience, plus we save the web Web loses to native

I need to provide a few caveats on this table. First, I’m not equating people who say the web is fine with climate change deniers. The scientific evidence and consensus on climate change is overwhelming. Whereas I already mentioned that support for whether or not the web is endangered seems to change daily.

Second, I used progressive web apps here, but I’m using them as a placeholder for doing the work necessary to create faster and better experiences on the web. Basically, whatever we need to do to have less of this:

And more experiences that are so snappy—particularly on mobile devices—that people aren’t driven to native apps.

Build better experiences

When I think about the problem this way, the question of whether or not the web is imperiled doesn’t matter. The collection of web tools under the umbrella of Progressive Web Apps provide a better experience for people using our sites. This should be a no brainer.

Yes, none of the current examples of Progressive Web Apps are perfect. We have yet to see the Boston Globe or ESPN of Progressive Web Apps.

I see that as opportunity. An opportunity to build Progressive Web Apps that show how these tools can provide a better experience for everyone regardless of the device or browser they are using.

And I’ll say it again, I really want to work on the Boston Globe of Progressive Web Apps, so if you want to be that site, we should talk.

Whether you see the web as threatened or see Chicken Little in people’s fears and whether you like progressive web apps or feel it is a stupid Google marketing thing, we can all agree that putting energy into improving the experience for the people using our sites is always a good thing.

Redesigning Ceasefire Oregon

Last fall after the Umpqua Community College shooting in Southern Oregon, I decided that my donations and support for Everytown weren’t enough. I wanted to do more. And I wanted to do something local.

I did some research and discovered a wonderful advocacy group called Ceasefire Oregon. They seemed to be both passionate about sensible gun legislation and also wonky which appealed to me.

Ceasefire Oregon is the best resource on local legislation. Unfortunately, the website was difficult to read and navigate.

Old Ceasefire Oregon Home Page

So we offered to help redesign Ceasefire Oregon on a pro-bono basis. And I’m pleased to announce that the new Ceasefire Oregon site has launched.

Ceasefire Oregon's new site

In addition to the opportunity to contribute to a great cause, we found several pieces of the project interesting from a technical and design perspective.

Rebranding Ceasefire Oregon

The first challenge was finding a way to convey what Ceasefire Oregon does in a logo. The old logo was a riff on a shooting range target which seemed less than ideal for a gun violence prevention group.

Ceasefire Oregon's Old Logo

We talked to Ceasefire Oregon about their goals and what they wanted to convey:

  • Change is possible
  • Empowered
  • Moving ahead
  • New future
  • Action

We collaborated with Ceasefire Oregon on mood boards to get closer to the brand. And then we began working on logo ideas.

Aileen designed an origami-like dove that captured everyone’s imagination. It became the centerpiece of the new design.

Ceasefire Oregon Dove

Once the dove was approved, Aileen began work on variations of the logo. We wanted to support both horizontal and vertical logos as well as different versions for the three different Ceasefire Oregon organizations.

Ceasefire Oregon Education Foundation Logo

Pattern library

After we had the high-level brand details sorted out, we moved immediately into building a pattern library.

Ceasefire Oregon Pattern Library

I want to highlight a couple of things in the pattern library.

First, because of the three different sites and their color schemes, there is a pull down menu in the upper left that allows you to switch which colors are being used. This is most noticeable when looking at buttons, blocks, and navigation.

Second, during development, our pattern libraries rarely follow a completely linear progression from smallest components to larger ones. You can see evidence of this in the sandbox where we experimented with designs.

Local WordPress Development

For many of our recent projects, our clients had well-established content management or ecommerce systems. This has meant that we were able to keep all of our development front-end and exclusively used local development tools.

Ceasefire Oregon needed a new content management system. The old site was running on Drupal 6 which has been discontinued. We decided to move them to WordPress.

We wanted to find a way to continue to work on our own local machines while doing work on a content management system. We ended up running vagrant installs of WordPress.

I also want to give a hearty endorsement to WordPress Migrate DB Pro. We lost a lot of time trying to get open source database syncing solutions to work. I wish we’d bought the plugin earlier.

Pattern Library to WordPress Theme

One of the thornier challenges we ran into was figuring out how to tie the output of the Ceasefire Oregon Pattern Library to the WordPress theme that we were developing.

We ended up with a solution that worked pretty well. The gulp process for the pattern library also created a compressed CSS file that was aliased into the Vagrant environment in the theme directory. Whenever we made changes to the pattern library, they were automatically reflected in our theme.

The biggest downside to this approach was that the repository was a mixture of pattern library and theme code. But this combination sped up our design and development so much that it was worth it.

Content Strategy and Modeling

We spent time working with Ceasefire Oregon on their content strategy. We’ve done a little bit of this in the past, but this was the first time we’ve run workshops with clients discussing content. It is clear that the new site benefits from this work.

I’m particularly proud of how Sara and Gerardo mapped the content into WordPress content types. The new legislation section makes it easy for Ceasefire Oregon to keep track of new and old bills. I expect it to become the canonical source of gun safety legislation relevant to Oregon.

Ceasefire Oregon's New Legislation Section

And much, much more

This article is inadequate for describing all of the hard work that went into this project by everyone on the Cloud Four team. I’m incredibly proud and grateful for everyone’s contributions. It means a great deal to me.

And I hope we get a chance to write in more detail about the way the site was built in the future.

Making Oregon Safer

We’re tremendously grateful and humbled by the work that Penny Okamoto, Joanne Skirving and the rest of the volunteers at Ceasefire Oregon do. If you feel strongly about sensible gun legislation, they deserve your support.

We’re honored to have had the opportunity to work with them and to contribute our small part towards helping make our community safer.

Autofill: What web devs should know, but don’t

Many people know that you can scan your credit credit in Mobile Safari. But how many web developers know how to create a form that supports that feature?

Not many I’d bet.

Photo of someone scanning their credit card

Photo source: Auto-Fill Credit Card Forms Using Your iPhone’s Camera in iOS 8. Used with permission.

It doesn’t help that Apple has provided zero documentation on how the scan credit card feature works.

But there is another factor at play here. The scan credit card feature is a subset of browser functionality that web developers have long ignored: autofill.

It’s understandable why web developers haven’t paid much attention to autofill. When you’re filling out forms with test data on a regular basis, autofill tends to get in the way.

But autofill is an important feature for our users. Google has found that “users complete forms up to 30% faster” when using autofill.

So let’s learn how autofill works, how to build forms that support cross browser autofill, and take advantage of new features like scanning credit cards.

How does autofill work?

Until recently, there were no standards when it came to autofill. Each browser implemented their autofill features differently and there was little documentation on how a browser determines what content a field expects.

Despite this chaotic situation, browsers seem to have settled on two main approaches:

1. Pre-determined autofill fields

Chrome, Opera and Safari have all taken the approach of identifying high-value form fields and providing a way to manage what the browser will autofill for those fields.

Opera Autofill Manager

For example, Opera provides autofill for addresses and credit cards. These can be managed in the preferences as shown above.

Chrome, Opera and Safari all differ on which fields they provide autofill for, but the basic fields needed to complete a checkout process are well supported.

Most users never have to see or edit these preferences in order to utilize autofill. The browser watches the person filling out forms and when it recognizes an address or a credit card, it will ask if the user wants them to save that information to reuse later.

2. Autofill any field

If the previous approach is like a scalpel applied to preselected fields only, this second approach is a chainsaw cutting down every field in view.

When a form is submitted, Microsoft Edge and Firefox will store the value submitted along with the value of the name attribute. If the browser sees a field in the future with a matching name attribute, it will provide autofill options. Firefox also appears to look at the id in addition to the name attribute

Because there are security and privacy concerns with this approach, the autocomplete off value has long been supported to prevent the browser from storing and autofilling sensitive information.

Which approach is better?

While the second approach works for more fields, as a developer, I much prefer the pre-determined autofill fields approach.

It makes it much easier to figure out what information the browser has to autofill. It is also easier to set up test profiles.

Plus, with the second approach, you actually need to submit a form in order for the browser to store values to use with autofill. The browser won’t remember your answers without the form submission.

It also makes me nervous to think that the browser might store credit card information in a non-encrypted way if it can’t clearly identify the type of field.

Given how concerned Microsoft and Mozilla are about security and privacy, I’m certain they’ve put protections in place. But I personally feel more secure looking at an autofill preferences pane and seeing credit card information clearly separated and understood by the browser.

All that said, I don’t know what end users prefer. The second system works in more places, but I’ve seen quite a few support questions where people have been trying to remove their autofill options from the browser history.

It will be interesting to see how Edge and Firefox change when they began to support the new autofill standard.

One behavior to watch for

Sometimes browsers require more than one field of a certain type before they will present you with autofill options.

For example, in the following animated GIF, Safari won’t offer to autofill the single cardholder field, but it will offer to autofill it once there is a second card number field.

Safari Autofill working with two fields, but not working with one field

However, if the only field being collected is the card number, then Safari will offer the autofill option.

My experience has been that creating isolated test cases for single fields can be challenging because of this behavior. At one point in my testing, I encountered Opera requiring three fields before it would autofill, but I can no longer recreate that behavior.

This should never be an issue for a user so long as your form is written to support autofill (more on this soon), but I note it here in case you’re attempting to troubleshoot autofill and encounter this behavior.

The standards-based approach to autofill

Thankfully, there is a way forward for autofill. HTML5 recently expanded the autocomplete attribute to provide hints to the browser about what content a field expects.

The autocomplete attribute has been around for several years. It started with two values: on and off. By default, the autocomplete attribute is set to on which means that the browser is free to store values submitted and to autofill them in the form.

However, some fields are poor candidates for autofill behavior. In that case, the autcomplete attribute can be set to off to tell the browser that this field should be not autofilled.

Recently, additional values have been added as options for the autocomplete attribute. These new options are called autofill detail tokens. These tokens tell the browser what information the field is looking for.

One type of token is called the autofill field names. The autofill field names tell the browser what type of information a field expects.

For example, one of the autofill field names is organization. The HTML5 specification says that organization refers to:

Company name corresponding to the person, address, or contact information in the other fields associated with this field

If you wanted to tell the browser to autofill the organization field, your code would look something like this:

<input type="text" name="foo" id="bar" autocomplete="organization">

The HTML5 specification has a great table listing all 53 possible autofill field names, what their intended use is, and what type of input must be used with it.

That’s autocomplete at its simplest, but it gets more powerful and a bit more complex.

Shipping and billing

The value of the autocomplete attribute is actually a space-separated list of tokens. So for example, if you wanted to collect shipping information, you would prepend the autocomplete value with the “shipping” token like so:

<textarea name="shipping-address" autocomplete="shipping street-address"></textarea>
<input type="text" name="shipping-city" autocomplete="shipping address-level2">
<input type="text" name="shipping-state" autocomplete="shipping address-level1">
<input type="text" name="shipping-country" autocomplete="shipping country-name">
<input type="text" name="shipping-postal-code" autocomplete="shipping postal-code">

The billing token works exactly the same way as shipping.

Telephones, email and instant messaging

Another token option applies to telephone, emails and instant messaging. For those services, there is an optional token to indicate if the autofill field name is referring to home, work, mobile, fax or pager.

For example:

<input type="tel" name="home-phone" autocomplete="home tel">
<input type="tel" name="work-phone" autocomplete="work tel">
<input type="email" name="home-email" autocomplete="home email">
<input type="url" name="chat" autocomplete="home impp">

Broad versus narrow autofill field names

The specification provides for both broad and narrow autofill field names for many of the types of information.

For example, in addition to the tel field which would be a single input containing a full telephone number, there are also:

  • tel-country-code
  • tel-national
  • tel-area-code
  • tel-local
  • tel-local-prefix
  • tel-local-suffix
  • tel-extension

The specification authors encourage you to use the broad autofill field names as often as possible:

Generally, authors are encouraged to use the broader fields rather than the narrower fields, as the narrower fields tend to expose Western biases. For example, while it is common in some Western cultures to have a given name and a family name, in that order (and thus often referred to as a first name and a surname), many cultures put the family name first and the given name second, and many others simply have one name (a mononym). Having a single field is therefore more flexible.

I agree with this recommendation. And as a practical matter, it means that it is important to pay attention to the table of values and make sure you’re using the right one for the field you’re working with.

Sections

The final feature of the new autocomplete attribute tokens is the ability to declare an arbitrary section to group fields.

A section is defined using a token that starts with section-. What comes after the dash is up to you. The specification provides this example of sections:

<fieldset>
<legend>Ship the blue gift to...</legend>
<label> Address:
  <input name="bc" autocomplete="section-blue shipping street-address">
</label>
<label> City:
  <input name="bc" autocomplete="section-blue shipping address-level2">
</label>
<label> Postal Code:
  <input name="bp" autocomplete="section-blue shipping postal-code">
</label>
</fieldset>
 
<fieldset>
<legend>Ship the red gift to...</legend>
<label> Address:
<input name="ra" autocomplete="section-red shipping street-address">
</label>
<label> City:
<input name="rc" autocomplete="section-red shipping address-level2">
</label>
<label> Postal Code:
<input name="rp" autocomplete="section-red shipping postal-code"> </label>
</fieldset>

All the tokens

Put all together, we’ve now got a much more complex set of tokens for the autocomplete attribute. And the order of the tokens matters.

First, you’re either using on and off values OR you’re using autofill field names. You can’t use them at the same time.

If you’re using the autofill tokens, the order is:

[section-](optional) [shipping|billing](optional) [home|work|mobile|fax|pager](optional) [autofill field name]

And keep in mind that [home|work|mobile|fax|pager] only applies for the telephone, email and chat autofill field names.

The longest possible set autofill token might look something like this:

<label for="foo">Mobile phone for delivery</label>
<input type="text" name="foo" id="foo" autocomplete="section-red shipping mobile tel">

Yay for standards! We’re done, right?

I’m afraid not. My hope is that eventually all of the browsers will support the expanded autocomplete standard, but that’s not the current situation.

I tested browsers on mobile and desktop to see what attributes the autofill appeared to honor. This is what I found:

Browse Version OS ID Name Autocomplete
Chrome 50 OS X 10.11.4 No Yes Yes
Opera 35 OS X 10.11.4 No Yes Yes
Firefox 46 OS X 10.11.4 Yes Yes No
Edge 25 Windows 10 No Yes No
Safari 9.1 OS X 10.11.4 Partial Partial Partial
Safari 9 iOS 9.3.1 Partial Partial Partial

Thus far, only Chrome and Opera clearly support the new autocomplete features.

Safari appears to have partial support, but because they don’t have documentation, I can’t tell if this is intentional or simply a regular expression match that happens to be looking at the autocomplete attribute as well as name and other attributes.

Safari’s strange behavior

Since the release of iOS 8’s credit card scanning feature, web developers have been reading tea leaves trying to divine what combination of markup Safari is looking for.

Some suggest that you have to have specific values in the name field. Others found values in ids work. Even labels seem to matter:

The Cardholder’s name is quite a bit more tricky. We messed around with various IDs for a long time and almost gave up. We couldn’t figure out an ID that would cause Card Scan to populate it. After much frustration we finally discovered that the TEXT of the label associated with the field matters. Setting the label text to “Name on card” was the magic trick.

I’ve done quite a bit of testing, and I’m still not confident that I understand fully what Safari is doing. However, I’ve seen enough to be able to draw some basic conclusions:

Contact and address fields support autocomplete

Safari recognizes the form I created that only includes autocomplete attributes. The moment I start typing in the first field, it offers to fill in the form with my contact information.

Safari offering to autofill my contact information on a form that only uses autocomplete attributes.

This all works as expected with a couple of caveats.

First, it is unclear what Safari is using to make decisions about what information to autofill from my contact in the Mac’s address book. My job title is filled in, but the company I work for isn’t.

Second, it doesn’t give users the option to select which information they want to use. My contact contains both my home address and my work address. Safari only wants to autofill my home address. I’m out of luck if I want to ship something to the office.

Payment fields are completely wonky

When it comes to the payment fields, Safari’s behavior changes completely. The autocomplete attribute is ignored.

Instead, there is some sort of magical heuristic that Safari is using. And because I’m not an Apple magician, it has been difficult to discern what Safari is actually doing:

Video of me struggling to figure out why some labels for payment fields work and some fail.

In the video above, I edit the labels of two fields. Both have autocomplete set as well as name and id which should help Safari identify the field.

And yet, Safari doesn’t recognize the fields until the labels are changed to Name on Card and Credit Card Number. As mentioned earlier, Safari needs to see more than one field to trigger autofill.

Then I try changing the label to CCNumber which continues to work. However, changing it to CC Number breaks the autofill.

Basically, Safari has an unpublished list of terms that it is searching for. Fortunately, Jacques Caron was able to extract a list of strings from the iOS Simulator that Safari appears to be looking for:

  • card number
  • cardnumber
  • cardnum
  • ccnum
  • ccnumber
  • cc num
  • creditcardnumber
  • credit card number
  • newcreditcardnumber
  • new credit card
  • creditcardno
  • credit card no
  • card#
  • card #
  • cvc2
  • cvv2
  • ccv2
  • security code
  • card verification
  • name on credit card
  • name on card
  • nameoncard
  • cardholder
  • card holder
  • name des karteninhabers
  • card type
  • cardtype
  • cc type
  • cctype
  • payment type
  • expiration date
  • expirationdate
  • expdate
  • month
  • date m
  • date mo
  • year
  • date y
  • date yr

In my experiments, both:

<input type="text" name="nameoncard">
<input type="text" name="ccnumber">

and:

<label for="foo">Name on Card</label>
<input type="text" id="foo" name="foo">
<label for="bar">Credit Card Number</label>
<input type="text" id="bar" name="bar">

will trigger Safari’s autofill and the scan credit card feature on iOS. However, putting the same values into the autocomplete attribute will not work.

Building a cross browser autofill form

Given what we’ve learned, is it truly possible to build a form that supports autofill across browsers? I think it is.

Or at least, we can get very close by taking these four steps.

1. Add autocomplete attributes

This is the future of autofill. Browsers that don’t recognize the values will ignore them.

This is progressive enhancement at its best.

2. Use common values for input name attributes

To take advantage of autofill for Firefox and Edge users, you have to hope that the values you pick for the name attribute match what developers on other sites have used.

One way to do this would be to survey popular sites and see what they use and then use the same values.

Or perhaps use the same values as the autocomplete field in hopes that as more web developers become familiar with the standard that they will start using those names for their fields.

Unfortunately, there is no way to guarantee that your Firefox and Edge users will have previously visited a form that uses the same name values as your form does.

3. Add name and/or label values that match the list Safari is looking for

Using the list that Jacques Caron was able to extract, you can modify the values for the name attribute or the label to match what Safari expects.

4. Make autofill part of your test plans

Lately, I’ve been asking audiences to raise their hands if autofill is part of their test plans. No one does.

I’ve been working on the web since 1996, and I have yet to see autofill as part of the test plan.

I suspect that autofill is a blindspot for web developers and designers. Therefore, it is critical we test our products to ensure that they work well with autofill.

The final form

Here is a sample form that supports autofill on Chrome, Safari, Opera, Firefox and Edge:

See the Pen Cross Browser Autofill Form — Selected Fields by Jason Grigsby (@grigs) on CodePen.

To see it in action, you’ll need to view it on CodePen under https or the browser won’t fill in the credit card information.

I’ve also built a form with all 53 fields in the autocomplete specification. No browser currently supports all 53 fields.

The future of autofill and forms

There is a lot of movement from browser makers towards tackling the problem of web payments. The Payment Request API is being co-authored by Mozilla, Microsoft, Google and Facebook.

Apple is participating in the Web Payments Working Group which is where the Payment Request API is being hashed out. So it appears that Apple is at least nominally onboard with the Payment Request API.

Plus, rumor has it that Apple Pay will be available on mobile web for the holiday shopping season which makes it feel like this new momentum around web payments might be real this time.

This renewed focus on streamling the web checkout process has me optimistic that support for autofill detail tokens will grow in the near term. And these tokens make creating forms that work with autofill so much simpler.

And most importantly, supporting autofill will make filling out forms less tedious for our users and lead to increased sales for e-commerce sites.