New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add allow_browser to set minimum versions for your application #50505
Conversation
railties/lib/rails/generators/rails/app/templates/public/426.html
Outdated
Show resolved
Hide resolved
Co-authored-by: Niklas Häusele <niklas.haeusele@hey.com>
This should have a changelog, if anyone wants to add it 🙏 |
* main: ✂️ cut trailing whitespace Switch to headless chrome by default (rails#50512) Fix generator output paths New default files Errant debug puts Add changelog entry for rails#50505 [ci skip] (rails#50513) Default to creating GitHub CI files (rails#50508)
* main: Add brakeman as development dependency Fix skipped rubocop test typo (rails#50519) Update the puma startup message docs: remove unneeded whitespace from start of code blocks Add changelog entry for rails#50512 Add step to keep screenshots of failed system tests Fix name casing ✂️ cut trailing whitespace Switch to headless chrome by default (rails#50512) Fix generator output paths New default files Errant debug puts Add changelog entry for rails#50505 [ci skip] (rails#50513) Default to creating GitHub CI files (rails#50508) Remove unnecessary require Fix railspect not validating alphabetical order
based loosely on the upcoming Rails 8 feature: rails/rails#50505
FYI https://twitter.com/aviflombaum/status/1746985145884619205 seems wrong |
How so? He’s using a custom user agent string that says he’s using an old browser. Looks like this is working as designed. |
iPhone 12 Pro is a 3 year old phone. Admittedly without knowing the exact headers it’s hard to be certain, but my first reaction is that Rails apps should work on phones sold this decade regardless of if they are on the latest iOS version or not. |
It's not about the phone, it's about the fact that the user agent says that phone is running iOS 14 or something. An iPhone 12 Pro can be upgraded to the latest iOS no problem. |
iOS 16.4 is supported by: iPhone 14, iPhone 14 Plus, iPhone 14 Pro, iPhone 14 Pro Max, iPhone 13, iPhone 13 mini, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 12, iPhone 12 mini, iPhone 12 Pro, iPhone 12 Pro Max, iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max, iPhone XS, iPhone XS Max, iPhone XR, iPhone X, iPhone 8, iPhone 8 Plus, iPhone SE (3rd generation), and iPhone SE (2nd generation). So that's phones 5-6 years old. Anyway, this is a generated default. People can change it if they want something more lax. |
Agree on iOS 16 being a reasonable target. Using a Safari on iOS 16 user agent from https://whatmyuseragent.com/platforms/ios/ios/16 3.2.2 :008 > UserAgent.parse("Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Mobile/15E148 Safari/604.1").version
=> #<UserAgent::Version 16.0> So iOS 16 is blocked by default (this PR requires Safari >= 17.2). Would you consider a PR to change the default? |
Ah yes, I see that we're on with 17.2. That'll give you access to all the latest stuff including css :has. I think we should be skating to where the puck is going to. We're not five minutes from release, so would prefer to keep it where it is. Either way, it's an exposed option, so you can always change it. |
Specify the browser versions that will be allowed to access all actions (or some, as limited by only: or except:).
Only browsers matched in the hash or named set passed to versions: will be blocked if they're below the versions specified.
This means that all other browsers, as well as agents that aren't reporting a user-agent header, will be allowed access.
A browser that's blocked will by default be served the file in public/426.html with a HTTP status code of "426 Upgrade Required".
In addition to specifically named browser versions, you can also pass :modern as the set to restrict support to browsers natively supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has. This includes Safari 17.2+, Chrome 119+, Firefox 121+, Opera 104+.
You can use https://caniuse.com to check for browser versions supporting the features you use.
You can use ActiveSupport::Notifications to subscribe to events of browsers being blocked using the browser_block.action_controller event name.
Examples: