Safari redirect to base64 encoded html fails on iOS 14

For years i've been able to redirect a webpage to some html content that is hardcoded in base64, either using the mete refresh tag like this:
Code Block <!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="refresh" content="0;url=data:text/html;base64,PCFET0NUWVBFIEhUTUw+CjxodG1sPgogICAgPGhlYWQ+CiAgICAgICAgPHRpdGxlPldlPC90aXRsZT4KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KICAgIDwvaGVhZD4KICAgIDxib2R5PgogICAgICAgIFRFU1QKICAgICAgICAKICAgIDwvYm9keT4KPC9odG1sPgo=">
</head>


or using javascript like this:
Code Block <!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<script>
window.location.href = 'data:text/html;base64,PCFET0NUWVBFIEhUTUw+CjxodG1sPgogICAgPGhlYWQ+CiAgICAgICAgPHRpdGxlPldlPC90aXRsZT4KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KICAgIDwvaGVhZD4KICAgIDxib2R5PgogICAgICAgIFRFU1QKICAgICAgICAKICAgIDwvYm9keT4KPC9odG1sPgo=';
</script>
</body>


The redirect no longer seems to work on iOS 14.

I'm hoping this hasn't been changed by design, but I don't think it has as the page renders just fine if I paste the string into the URL bar:

data:text/html;base64,PCFET0NUWVBFIEhUTUw+CjxodG1sPgogICAgPGhlYWQ+CiAgICAgICAgPHRpdGxlPldlPC90aXRsZT4KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KICAgIDwvaGVhZD4KICAgIDxib2R5PgogICAgICAgIFRFU1QKICAgICAgICAKICAgIDwvYm9keT4KPC9odG1sPgo=

I have a live app on the App Store that's been running for 7 years that relies heavily on this.

Does anyone know of another way to redirect to a base64 encoded webpage?

Accepted Reply

Safari 14 no longer allows pages to perform top-level meta redirects to data URLs. This brings Safari anti-phishing behavior in line with Firefox, Chrome, and Edge.

You can of course perform a direct navigation to a dataURL.

Replies

Please file a Feedback Assistant issue for this behavior, and include the FBnnnnnnnn ID in this forum.

Why do you need to redirect to base64 anyway? Seems to be a very suspicious method for a redirect and I would not be surprised if that change was no coincidence - indeed I hope it was on purpose as it would be great for the user.

Other browsers, like Firefox and Chrome also already block these kind of redirects, so you should have these problems on all modern platforms. More info can be found on MDN and the Mozilla Blog.
There's many use cases for this, specifically to show a hardcoded webpages without a server.
I've used this method for 7 years for a web app stored as a web clip on the home screen, without the need for a web server.
Feedback: FB7760968
Safari 14 no longer allows pages to perform top-level meta redirects to data URLs. This brings Safari anti-phishing behavior in line with Firefox, Chrome, and Edge.

You can of course perform a direct navigation to a dataURL.
Thanks for the update and the info on being able to directly navigate to a dataURL. I have been able to find a fix/workaround for my app.
Code Block
<html>
<head>
</head>
<body>
<script>
document.body.innerHTML = decodeURIComponent(escape(window.atob('PCFET0NUWVBFIEhUTUw+CjxodG1sPgogICAgPGhlYWQ+CiAgICAgICAgPHRpdGxlPldlPC90aXRsZT4KICAgICAgICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1VVEYtOCIgLz4KICAgIDwvaGVhZD4KICAgIDxib2R5PgogICAgICAgIFRFU1QKICAgICAgICAKICAgIDwvYm9keT4KPC9odG1sPgo=')));
</script>
</body>
</html>


@dazboj can you please share your fix, because I got same error since iOS14 while downloading PDF content from api server