Alex Meub

About the Apple Captive Network Assistant

Heads up! This post is no longer current. Check out the WBA’s Captive Network Portal Behavior site for a better resource on the Captive Network Assistant.

If you’re a mac user, you likely have seen a strange popup window appear on your computer when you try to connect to the internet at a hotel, coffee shop or airport. It looks like this:

This popup is a utility built in to Mac OS called the Captive Network Assistant (CNA). The idea was to make it easier for users to authenticate on visitor-based WiFi networks that require some form of authentication (usually initiated from a web form) to get online.

They are referred to as “captive” networks as the user is held captive - unable to browse the web freely - until they accept the terms and conditions, purchase access, etc.

How it works

To check if the user is on a captive network, a “probe” process runs immediately after the user associates with the WiFi SSID. On macOS 10.12.1, a request is made to following URL:

http://captive.apple.com/hotspot-detect.html

If the source of the page is simply the text Success, the process assumes the user is on a normal network and does not display a popup. If, however, the URL does not return the success message due to forced captive portal redirection, the CNA popup is trigged and the captive portal page is displayed in the popup.

Limitations

On macOS 10.12.1, the CNA popup is a hardcoded browser window that has limited browser functionality. It displays a browser window that is 900px wide by 572px tall. It has other limitations that are important to be aware of:

  • It cannot save cookies
  • It cannot launch new tabs or other browser windows
  • It cannot display window.alert() or window.confirm() javascript popups
  • It cannot be resized

CNA Preview Tool

I created a really simple preview tool for previewing how pages look inside the CNA popup. You check it out here. Keep in mind that preview pages must allow themselves to be iframed.