README
express-block-ie
Customisable Express middleware to block access from varying versions of Internet Explorer (Including Edge).
Summary
This middleware allows you to outright deny access from users using Internet Explorer and Edge. While this is a bit of a sledgehammer method, sometimes your application uses technologies not supported by Microsoft's browser. This middleware can be used as an easy means of enforcing access control to your application based on the end users browser.
The usual disclaimer regarding browser blocking applies: This middleware makes use of user agents, which can be faked. As such, this method of access control is not fully foolproof. You should always check for feature support and build your applications in a backwards compatible manner where possible.
Usage
The main middleware function takes an options object. More on configuration in the Option reference section.
const blockIE = require('express-block-ie')
const options = {
statusCode: 403,
message: 'Please switch to a supported browser! Supported browsers are: Chrome, Firefox, Safari'
}
app.use(blockIE(options))
Note: By default, all Internet Explorer versions are blocked - this includes Edge! This behaviour can be changed in the configuration, more on that below.
Option reference
statusCode
The HTTP status code to send when a request comes from Internet Explorer. Defaults to 403
.
message
The message to send in response to a request from Internet Explorer. Can be a string, object or anything supported by Express' res.send().
Defaults to 'You are using an unsupported browser ([browser] version [version]). Please switch to a supported browser.'
, where the [browser]
and [version]
placeholders will be replaced by the browser name (Internet Explorer or Edge) and the browser version respectively.
Tip: These placeholders will be replaced by default unless the handler
option is modified. So long as message
is a string, you can use them as well!
blockEdge
Whether to deny access from Edge or not. Defaults to true
.
blockIE11
Whether to deny access from Internet Explorer 11 or not. Defaults to true
.
blockIE10
Whether to deny access from Internet Explorer 10 and below or not. Defaults to true
.
handler
The function to execute when a request comes from Internet Explorer. This function has access to the req
, res
and next
properties from Express. Additionally, a result
parameter is supplied with the results from the browser detection.
The result
property is an object, provided by check-ie. It has the following structure.
{
isIE: true,
name: 'Internet Explorer',
version: 11
}
Note: The name property will be either Internet Explorer or Edge.
Default:
(req, res, next, result) => {
const processMessage = (browserName, browserVersion) => {
return options.message
.replace(/\[browser\]/gi, browserName)
.replace(/\[version\]/gi, browserVersion)
}
// If message is a string, replace browser and version placeholders - otherwise send raw message
const msg = typeof options.message === 'string' ? processMessage(result.name, result.version) : options.message
res.status(options.statusCode).send(msg)
}
Note: You will lose access to the options
object when overriding the handler function.
License
MIT © Linus Willner and Curtis Fowler.