Atozed Forums
OnBrowserCheck in IW15.2.20 - Printable Version

+- Atozed Forums (
+-- Forum: Atozed Software Products (
+--- Forum: IntraWeb (
+---- Forum: English (
+----- Forum: IntraWeb General Discussion (
+----- Thread: OnBrowserCheck in IW15.2.20 (/thread-2105.html)

OnBrowserCheck in IW15.2.20 - jeroen.rottink - 11-09-2020

Hi Alexandre,

I use following code to disable unsupported browsers but keep support for some apps using a rest api

// Step 1. OnBrowserCheck
procedure TIWServerController.IWServerControllerBaseBrowserCheck(
  aSession: TIWApplication; var rBrowser: TBrowser);
  // REST method is often called from a non-browser. change this so the call is accepted
  if (rBrowser is TOther) and aSession.Request.PathInfo.StartsWith('/restapi/')
  then begin
    // accept the unknown browser as Firefox (probably the best idea)
    rBrowser := TFireFox.Create(TFireFox.MIN_VERSION);
  // handle unknown and non-supported browsers, they don't belong there (often script kiddies)
  else if not rBrowser.IsSupported
  then begin
    rBrowser.Free;  // free current browser object because it will throw an exception otherways
    rBrowser := TFireFox.Create(TFireFox.MIN_VERSION);

    TerminateSession(aSession, 403, 'Forbidden');

In IW15.2.20 requesting the restapi gives a AV because aSession is nil like stated in the release notes.
Can I test the request in this function in another way?

RE: OnBrowserCheck in IW15.2.20 - Alexandre Machado - 11-10-2020

There is a failure in the release notes and I'll fix it.

If you need access to the session object during browser validation, please set

ServerController.SessionOptions.BrowserCheckBeforeNewSession to FALSE

It will behave like before, meaning that the SessionObject will be assigned when the event is triggered.

The default BrowserCheckBeforeNewSession is TRUE (it is a breaking change if you have code referencing ASession parameter in OnBrowserCheck event).

If browser validation fails there is no point in creating a session object....

RE: OnBrowserCheck in IW15.2.20 - Alexandre Machado - 11-10-2020

FYI, OnBrowserCheck code, most of the time, is unnecessary in newer IW 15.2.x versions because a default - and supported - browser instance (Chrome) is always created when the actual User Agent string is not known, unless the browser is known to be unsupported (for instance, when the user has Internet Explorer 6).

RE: OnBrowserCheck in IW15.2.20 - Alexandre Machado - 11-10-2020

Release notes have been updated:

RE: OnBrowserCheck in IW15.2.20 - jeroen.rottink - 11-10-2020

Ok. Thanks. I'll test it.