macOS Sierra was launched yesterday, and with it came a new version of Safari, Safari 10.
Along with new features like Apple Pay, Safari 10 in Sierra introduces changes in the way it allows Flash content to run.
Flash is now off by default but it can be easily enabled for each site that needs it.
Flash content embedded through object/embed tags
Flash content embedded directly is replaced in the page by a Click to use overlay
If you include Flash content in the page directly, through the embed & object tags, without using any kind of Flash Player detection, a button labeled Click to use Flash will show up instead of the Flash content. Here’s the button showing up on the About Flash Player page on adobe.com
At this point the .swf file is not yet loaded. In our tests the .swf file was missing from both Safari’s Web Inspector > Network tab and Apache’s access logs.
Flash content can be enabled on a website Once or Every Time
Clicking the Click to use Flash button/overlay will bring up a Safari dialog box with 3 options:
The dialog box allows you to use Flash on the entire site:
- Every Time
- Once (default, highlighted)
- or Cancel
Clicking Once refreshes the page with Flash Player turned on. Once also means that if you close the tab you will be prompted to run Flash content again on the same website.
Clicking Every Time adds the site to a list with all the websites allowed to run Flash content. The list can be accessed at
Safari > Preferences > Security > Plug-in Settings… > Adobe Flash Player together with the default value (Off, On or Ask) to be used for all other sites.
The user will be prompted to run Flash content on each subdomain or host
If you allow Flash content on www.example.com you will be prompted to allow it on example.com and/or forum.example.com.
Using Flash Player Detection Leads To A Bad Experience
Flash Player detection will lead users to download Flash Player (even if it’s already installed)
If you use any kind of Flash Player detection in place like SWFObject, Flash Player will NOT be detected – since Flash Player is now by default Off for all websites – leading your web page to show the alternate content/HTML version (if any).
Any link to download Flash Player is intercepted by Safari (only when you already have FP installed)
In most cases the alternate content is actually a link to download & install Flash Player from http://www.adobe.com/go/getflashplayer.
When such a link is clicked and you have Flash Player installed, Safari hijacks the click (it happens with the https version too), and, instead of taking the user to the download page, it brings up the use Flash on “site.com” dialog box:
This link hijack is sure to create confusion among Safari users.
Since clicking the link doesn’t work, I tried typing it directly in the URL field. Going directly to http://www.adobe.com/go/getflashplayer with Flash Player installed warns you that you already have Flash Player installed and offers you a shortcut enabling Flash for all sites:
Safari Power Saver
Safari Power Saver – pauses cross-site ad-like plugin (Flash) content – introduced as part of OS X Mavericks in 2013, is still present and enabled by default in Safari 10 on macOS Sierra. Chrome 45 also introduced cross site Flash content pausing in 2015 (here & here).
Back in May 2016 Google outlined a plan named HTML5 by default to push HTML5 by default in Chrome in Q4 2016 in a very similar way to how Apple implemented it in Safari 10.
On August 9 2016 in a post titled Flash and Chrome, Google announced that Chrome 55, due this December, will indeed make HTML5 the default experience:
In December, Chrome 55 will make HTML5 the default experience, except for sites which only support Flash. For those, you’ll be prompted to enable Flash when you first visit the site. Aside from that, the only change you’ll notice is a safer and more power-efficient browsing experience.
Yesterday, in a new post on the Chromium-dev mailing list, Anthony LaForge revealed that Chrome 55 will indeed turn off Flash by default but only for sites that are not frequently visited (based on their Site Engagement score). A much less stricter approach than Safari’s.
What to do about it
My recommendation is to remove any kind of Flash Player detection and directly embed the Flash content.
When Flash content is embedded using object/embed tags Safari 10 will show the Click to use overlay, and correctly instruct the user to install Flash Player if its actually missing.
That’s builds up to a much better experience than the one in which Flash Player detection is involved.
When detection is involved, via SWFObject or other scripts, users are forced into a corner of confusion with the following scenario most likely to take place:
- Flash Player is reported as missing (even if it is present)
- User clicks link to download and install
- Safari hijacks the link and presents a dialog box with a contradictory message (use Flash)
2.1M websites are affected [AT LEAST]
The Click to use overlay is an elegant solution but not advertising Flash Player’s presence will affect visitors of at least 2.1M websites who use SWFObject for Flash Player detection, sites that are now forced to change their code to avoid a bad user experience.
Safari is thus taking a rather hard stance on Flash despite the fact that many (big) sites still use Flash and the fact that Safari doesn’t support many of the HTML5 features that are possible with other browsers including WebRTC and MediaRecorder API, thus leaving developers and users with no solutions for some use cases.