New Discussion

Notifications

You’re not receiving notifications from this thread.

How to use the Browser Guard in Rails Discussion

6
General
Chris Oliver Chris Oliver

If you're building a no build Rails application that makes use of modern browser features (like ONCE Campfire!), you'll definitely want to use this.

Werner Laude Werner Laude

There is one trap to take care for: If your are using https://pagespeed.web.dev/ (Googles SEO tool) - you will get a -406 not acceptable - error. Looks like the pagespeed crawler is not recognized.

Chris Oliver Chris Oliver

That's probably a bug in the UserAgent bot check I would imagine.

https://github.com/rails/rails/blob/v7.2.0/actionpack/lib/action_controller/metal/allow_browser.rb#L88

Hailey Nelson Hailey Nelson

This adds a solid layer of security against session hijacking in Rails.

tomkathy tomkathy

To use the Browser Guard feature introduced in Rails 7.2, you can leverage the allow_browser method to restrict access to your application based on the user’s browser version. This is particularly useful for applications relying on modern browser features (e.g., WebP images, Web Push, CSS Nesting, or Importmaps) that may not work in outdated browsers.

Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 90,335+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.