If you’ve ever used Wi-Fi on an airplane, in a cafe, or at a hotel, you're probably familiar with the experience of navigating through a set of agreements, watching an advertisement, or purchasing a plan to get on the Internet. These “captive” networks are important ways to get online, but all too often they lead to headaches. “How do I get to the login page? How much time do I have left before my plan runs out?”

Good news: You can make this process smoother and more consistent for people using your network with iOS 14 and macOS Big Sur. If you run a captive Wi-Fi network, or if you build captive network solutions, now is the time to start updating — and here’s everything you need to know to get started.

Advertise a captive network

Traditionally, captive networks rely on intercepting traffic from the person connected. By default, iOS and macOS automatically send a probe when joining your network for the first time to detect this interception, and display the captive portal login page. If the session expires, however, this interception can interfere with pages someone accesses in Safari and other apps: Safari might load the wrong page, or display a security warning.

You can make this experience better for everyone by integrating the DHCP or IPv6 Router Advertisement (RA) options for Captive Portals on iOS 14 and macOS Big Sur. These options are part of a new standard that allows your access point to advertise that it is “captive” when a device first joins, rather than rely on traffic interception.

While the experience looks the same for legacy captive networks and networks that adopt these standards, updating gives your network a more reliable way to communicate captivity status to someone’s device, and lays the groundwork for new functionality supported by the standards.

If your network supports these options, iOS and macOS will begin processing the captive network status automatically. Within each option is a URL that provides the status of a captive network session as JSON. Note that if you use multiple methods to advertise the captive network, such as both DHCP and IPv6 RA, the URLs must match.

DHCP Option: 114 (Captive-Portal)
    Length: 38
    Value: https://example.org/captive-portal/api

DHCPv6 Option: 103 (Captive-Portal)
    Length: 38
    Value: https://example.org/captive-portal/api

IPv6 RA Option: 37 (Captive-Portal)
    Length: 38
    Value: https://example.org/captive-portal/api

Provide session status updates

When you adopt this standard, your captive network can also provide detailed status information about the connection to your devices through a JSON API. This lets the devices know whether or not they can access the Internet, which webpage to present to the user, and how much time is left in a session.

HTTP/1.1 200 OK
Cache-Control: private
Date: Mon, 22 Jun 2020 05:08:13 GMT
Content-Type: application/captive+json
{
    "captive": false,
    "user-portal-url": "https://example.org/portal.html",
    "venue-info-url": "https://flight.example.com/entertainment",
    "seconds-remaining": 326,
    "can-extend-session": true
}

Your Captive Portal API server must be running on a host with TLS encryption. This ensures that your communication to client devices can’t be modified or intercepted.

Connecting in 3, 2, 1

If you build captive network solutions, start supporting the latest standards to advertise your captive network and provide session status updates. Try it out with iOS 14 and macOS Big Sur. And if your company deploys captive network portals, contact your router vendor to make sure they’re ready to deploy the latest standards for captive networks.

Resources

Specification for Captive Portal Advertisement

Specification for Captive Portal JSON API

Manage captive Wi-Fi networks

NEHotspotHelper