1.0.1 • Published 5 years ago

express-block-ie v1.0.1

Weekly downloads
2
License
MIT
Repository
github
Last release
5 years ago

express-block-ie

Customisable Express middleware to block access from varying versions of Internet Explorer (Including Edge).

Summary

This middleware allows you to outright deny access from users using Internet Explorer and Edge. While this is a bit of a sledgehammer method, sometimes your application uses technologies not supported by Microsoft's browser. This middleware can be used as an easy means of enforcing access control to your application based on the end users browser.

The usual disclaimer regarding browser blocking applies: This middleware makes use of user agents, which can be faked. As such, this method of access control is not fully foolproof. You should always check for feature support and build your applications in a backwards compatible manner where possible.

Usage

The main middleware function takes an options object. More on configuration in the Option reference section.

const blockIE = require('express-block-ie')

const options = {
  statusCode: 403,
  message: 'Please switch to a supported browser! Supported browsers are: Chrome, Firefox, Safari'
}

app.use(blockIE(options))

Note: By default, all Internet Explorer versions are blocked - this includes Edge! This behaviour can be changed in the configuration, more on that below.

Option reference

statusCode

The HTTP status code to send when a request comes from Internet Explorer. Defaults to 403.

message

The message to send in response to a request from Internet Explorer. Can be a string, object or anything supported by Express' res.send().

Defaults to 'You are using an unsupported browser ([browser] version [version]). Please switch to a supported browser.', where the [browser] and [version] placeholders will be replaced by the browser name (Internet Explorer or Edge) and the browser version respectively.

Tip: These placeholders will be replaced by default unless the handler option is modified. So long as message is a string, you can use them as well!

blockEdge

Whether to deny access from Edge or not. Defaults to true.

blockIE11

Whether to deny access from Internet Explorer 11 or not. Defaults to true.

blockIE10

Whether to deny access from Internet Explorer 10 and below or not. Defaults to true.

handler

The function to execute when a request comes from Internet Explorer. This function has access to the req, res and next properties from Express. Additionally, a result parameter is supplied with the results from the browser detection.

The result property is an object, provided by check-ie. It has the following structure.

{
  isIE: true,
  name: 'Internet Explorer',
  version: 11
}

Note: The name property will be either Internet Explorer or Edge.

Default:

(req, res, next, result) => {
  const processMessage = (browserName, browserVersion) => {
    return options.message
      .replace(/\[browser\]/gi, browserName)
      .replace(/\[version\]/gi, browserVersion)
  }

  // If message is a string, replace browser and version placeholders - otherwise send raw message
  const msg = typeof options.message === 'string' ? processMessage(result.name, result.version) : options.message

  res.status(options.statusCode).send(msg)
}

Note: You will lose access to the options object when overriding the handler function.

License

MIT © Linus Willner and Curtis Fowler.

iebrowserblockexpressmiddlewareinternet explorer
check-iedefaults
1.0.1

5 years ago

1.0.0

5 years ago