Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add allow_browser to set minimum versions for your application #50505

Merged
merged 5 commits into from Dec 31, 2023
Merged

Add allow_browser to set minimum versions for your application #50505

merged 5 commits into from Dec 31, 2023

Conversation

dhh
Copy link
Member

@dhh dhh commented Dec 31, 2023

Specify the browser versions that will be allowed to access all actions (or some, as limited by only: or except:).

Only browsers matched in the hash or named set passed to versions: will be blocked if they're below the versions specified.

This means that all other browsers, as well as agents that aren't reporting a user-agent header, will be allowed access.

A browser that's blocked will by default be served the file in public/426.html with a HTTP status code of "426 Upgrade Required".

In addition to specifically named browser versions, you can also pass :modern as the set to restrict support to browsers natively supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has. This includes Safari 17.2+, Chrome 119+, Firefox 121+, Opera 104+.

You can use https://caniuse.com to check for browser versions supporting the features you use.

You can use ActiveSupport::Notifications to subscribe to events of browsers being blocked using the browser_block.action_controller event name.

Examples:

class ApplicationController < ActionController::Base
  # Allow only browsers natively supporting webp images, web push, badges, import maps, CSS nesting + :has 
  allow_browser versions: :modern
end

class ApplicationController < ActionController::Base
  # All versions of Chrome and Opera will be allowed, but no versions of "internet explorer" (ie). Safari needs to be 16.4+ and Firefox 121+.
  allow_browser versions: { safari: 16.4, firefox: 121, ie: false }
end

class MessagesController < ApplicationController
  # In addition to the browsers blocked by ApplicationController, also block Opera below 104 and Chrome below 119 for the show action.
  allow_browser versions: { opera: 104, chrome: 119 }, only: :show
end

@dhh dhh mentioned this pull request Dec 31, 2023
Closed
@dhh
Copy link
Member Author

dhh commented Dec 31, 2023

Again, flaky, unrelated test:

Screenshot 2023-12-31 at 18 47 39

@dhh @codergeek121
Update railties/lib/rails/generators/rails/app/templates/public/426.html
1003264 
Co-authored-by: Niklas Häusele <niklas.haeusele@hey.com>
@dhh dhh merged commit e3da4fc into main Dec 31, 2023
6 of 7 checks passed
@dhh dhh deleted the allow-browser branch December 31, 2023 18:19
@dhh dhh mentioned this pull request Dec 31, 2023
Closed
@zzak
Copy link
Member

zzak commented Dec 31, 2023

This should have a changelog, if anyone wants to add it 🙏

vipulnsward added a commit to vipulnsward/rails that referenced this pull request Dec 31, 2023
@vipulnsward
Add changelog entry for rails#50505 [ci skip]
3432123
@vipulnsward vipulnsward mentioned this pull request Dec 31, 2023
Merged
dhh pushed a commit that referenced this pull request Jan 1, 2024
@vipulnsward
Add changelog entry for #50505 [ci skip] (#50513)
5d56bb8
dhh added a commit that referenced this pull request Jan 1, 2024
@dhh
Merge branch 'main' into switch-to-headless-chrome-in-system-tests
f10e9e1 
* main:
  Fix generator output paths
  New default files
  Errant debug puts
  Add changelog entry for #50505 [ci skip] (#50513)
dhh added a commit to faqndo97/rails that referenced this pull request Jan 1, 2024
@dhh
Merge branch 'main' into pr/50511
dd15951 
* main:
  ✂️ cut trailing whitespace
  Switch to headless chrome by default (rails#50512)
  Fix generator output paths
  New default files
  Errant debug puts
  Add changelog entry for rails#50505 [ci skip] (rails#50513)
  Default to creating GitHub CI files (rails#50508)
dhh added a commit to koic/rails that referenced this pull request Jan 1, 2024
@dhh
Merge branch 'main' into pr/50506
b2bb539 
* main:
  Add brakeman as development dependency
  Fix skipped rubocop test typo (rails#50519)
  Update the puma startup message
  docs: remove unneeded whitespace from start of code blocks
  Add changelog entry for rails#50512
  Add step to keep screenshots of failed system tests
  Fix name casing
  ✂️ cut trailing whitespace
  Switch to headless chrome by default (rails#50512)
  Fix generator output paths
  New default files
  Errant debug puts
  Add changelog entry for rails#50505 [ci skip] (rails#50513)
  Default to creating GitHub CI files (rails#50508)
  Remove unnecessary require
  Fix railspect not validating alphabetical order
rubys added a commit to rubys/showcase that referenced this pull request Jan 13, 2024
@rubys
add a minimum browser version warning
1a8d9a4 
based loosely on the upcoming Rails 8 feature: rails/rails#50505
@ghiculescu
Copy link
Member

FYI https://twitter.com/aviflombaum/status/1746985145884619205

seems wrong

@dhh
Copy link
Member Author

dhh commented Jan 16, 2024

How so? He’s using a custom user agent string that says he’s using an old browser. Looks like this is working as designed.

@ghiculescu
Copy link
Member

iPhone 12 Pro is a 3 year old phone. Admittedly without knowing the exact headers it’s hard to be certain, but my first reaction is that Rails apps should work on phones sold this decade regardless of if they are on the latest iOS version or not.

@dhh
Copy link
Member Author

dhh commented Jan 16, 2024

It's not about the phone, it's about the fact that the user agent says that phone is running iOS 14 or something. An iPhone 12 Pro can be upgraded to the latest iOS no problem.

@dhh
Copy link
Member Author

dhh commented Jan 16, 2024

iOS 16.4 is supported by: iPhone 14, iPhone 14 Plus, iPhone 14 Pro, iPhone 14 Pro Max, iPhone 13, iPhone 13 mini, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone XS, iPhone XS Max, iPhone XR, iPhone X, iPhone 8, iPhone 8 Plus, iPhone SE (3rd generation), and iPhone SE (2nd generation). So that's phones 5-6 years old.

Anyway, this is a generated default. People can change it if they want something more lax.

@ghiculescu
Copy link
Member

ghiculescu commented Jan 16, 2024
edited

Agree on iOS 16 being a reasonable target. Using a Safari on iOS 16 user agent from https://whatmyuseragent.com/platforms/ios/ios/16

3.2.2 :008 > UserAgent.parse("Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1").version
 => #<UserAgent::Version 16.0>

So iOS 16 is blocked by default (this PR requires Safari >= 17.2). Would you consider a PR to change the default?

@dhh
Copy link
Member Author

dhh commented Jan 16, 2024

Ah yes, I see that we're on with 17.2. That'll give you access to all the latest stuff including css :has. I think we should be skating to where the puck is going to. We're not five minutes from release, so would prefer to keep it where it is. Either way, it's an exposed option, so you can always change it.

@nickjj nickjj mentioned this pull request Feb 6, 2024
Closed
@jamiemccarthy jamiemccarthy mentioned this pull request Feb 18, 2024
Open
@etiennebarrie etiennebarrie mentioned this pull request Apr 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codergeek121 codergeek121 codergeek121 left review comments

Assignees
No one assigned
Labels
actionpack railties
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dhh @zzak @ghiculescu @codergeek121