Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OnBrowserCheck in IW15.2.20
#1
Hi Alexandre,

I use following code to disable unsupported browsers but keep support for some apps using a rest api

Code:
// Step 1. OnBrowserCheck
procedure TIWServerController.IWServerControllerBaseBrowserCheck(
  aSession: TIWApplication; var rBrowser: TBrowser);
begin
  // REST method is often called from a non-browser. change this so the call is accepted
  if (rBrowser is TOther) and aSession.Request.PathInfo.StartsWith('/restapi/')
  then begin
    rBrowser.Free;
    // accept the unknown browser as Firefox (probably the best idea)
    rBrowser := TFireFox.Create(TFireFox.MIN_VERSION);
  end
  // handle unknown and non-supported browsers, they don't belong there (often script kiddies)
  else if not rBrowser.IsSupported
  then begin
    rBrowser.Free;  // free current browser object because it will throw an exception otherways
    rBrowser := TFireFox.Create(TFireFox.MIN_VERSION);

    TerminateSession(aSession, 403, 'Forbidden');
  end;
end;

In IW15.2.20 requesting the restapi gives a AV because aSession is nil like stated in the release notes.
Can I test the request in this function in another way?
Reply
#2
There is a failure in the release notes and I'll fix it.

If you need access to the session object during browser validation, please set

ServerController.SessionOptions.BrowserCheckBeforeNewSession to FALSE

It will behave like before, meaning that the SessionObject will be assigned when the event is triggered.

The default BrowserCheckBeforeNewSession is TRUE (it is a breaking change if you have code referencing ASession parameter in OnBrowserCheck event).

If browser validation fails there is no point in creating a session object....
Reply
#3
FYI, OnBrowserCheck code, most of the time, is unnecessary in newer IW 15.2.x versions because a default - and supported - browser instance (Chrome) is always created when the actual User Agent string is not known, unless the browser is known to be unsupported (for instance, when the user has Internet Explorer 6).
Reply
#4
Release notes have been updated:

https://www.atozed.com/2020/11/15-2-20-h/
Reply
#5
Ok. Thanks. I'll test it.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)