0

Our company has a business rule that we should prevent our users from accessing our application from browsers that have not been completely tested by our QA team. This business rule is not changeable and our users know ahead of time that they can only use certain browsers to utilize our product.

To implement that business rule I am seeking a web library like Modernizr that uses feature detection to detect browsers. Modernizr is a feature detection library, not a browser detection library, and they've said that they won't add browser detection.

Are there any libraries out there that use feature detection techniques to verify user agent strings?

I would rather not user user agent sniffing alone. If I wanted to do user agent sniffing, I'd use something like Bowser.

The solution is not expected to need to be 100% correct. The solution only needs to be 90% correct.

Myer
  • 3,670
  • 2
  • 39
  • 51
  • You are correct that agent sniffing is not the answer, though it is nearly impossible to create what you're after, as there are way more browsers than you think and some are truly identical in terms of behaviour (try to differentiate all features between the latest Opera, Chrome and Brave, they all support the same javascript functionality and CSS properties). Imagine the work and data involved in gathering this data and maintaining it, there are new releases nearly every week (Chrome/Firefox/Opera/Edge are 'evergreen' so these update often) – Rogier Spieker Mar 07 '16 at 18:11
  • 1
    I think you are misunderstanding _why_ UA sniffing is discouraged. In your case you actually _do_ want UA detection. – Evan Davis Mar 07 '16 at 18:11
  • 1
    "prevent" seems radical – charlietfl Mar 07 '16 at 18:12
  • @charlietfl I didn't specify this business rule. – Myer Mar 07 '16 at 20:38

1 Answers1

1

In your case, you are really wanting UA sniffing because your QA team is testing on [let's say] Firefox and Internet Explorer and your business wants to disallow other browsers. However, you've probably read about all of the drawbacks of UA sniffing, the fact that browsers can spoof other browsers, difficulty in maintaining an up-to-date list, yadda yadda. Well thanks to npm you can have reliable and current UA sniffing and reconciliation via modules like useragent.

npm install useragent --save

If your QA team was actually testing features and your business rules were written by a reasonable and logical person, you could simply use feature detection like the rest of us. Instead, you're going to block users in 2016 from using your app/site because a naive project owner wants to only support browsers he/she is comfortable with (sigh).

Edit: If you really want to impress someone you can write functional tests which actually execute in the browser. You can automate the clicking of buttons/links, fill out forms, and write assertions against the side affects of these user actions. For example, you can fill out a signin form with invalid credentials, click submit, and expect the "Invalid login" error message to be displayed. Selenium is a very popular tool, but there are also free open source tools like FuncUnit and others which allow you to do this. Then you can use things like browserstack to run these tests in the browsers of your choice. There are also free tools like Testee which allow you in have machines with all your supported browsers installed so you can launch your functional tests in those browsers. This works both locally or in CI tools like Travis.

disclaimer: I work for the company that builds and maintains FuncUnit and Testee - the tools are free and open source and this is not an attempt to promote our company.

Ryan Wheale
  • 26,022
  • 8
  • 76
  • 96
  • don't see how you can ever really prevent spoofing – charlietfl Mar 07 '16 at 18:14
  • 1
    You can't really, at least not from the server. Most of the time it's robots who spoof, and often times they only halfway spoof so you can still tell it's a bot. I think libraries like useragent check for this, as they maintain an exhaustive list of _real_ UA strings. The only way to truly combat spoofing is client-side feature detection. – Ryan Wheale Mar 07 '16 at 18:17
  • So how do statistics programs like Google Analytics know with great certainty which browser, operating system and device is being used? – Stefan Nov 13 '17 at 06:57
  • User agent sniffing is very very reliable, but the drawback is that you have to keep up with it (browsers are constantly changing... daily). If your app has some hardcoded UA sniffing and you don't update it, then it will basically fail to work some time from now. Google, on the other hand, has teams of people updating its code every day. If you can afford to stay on top of your app, then use UA sniffing. – Ryan Wheale Nov 13 '17 at 17:56