[keycloak-dev] Avoid older user agents?
Bill Burke
bburke at redhat.com
Tue Aug 6 12:04:39 EDT 2013
For SSO login, we should support as old as possible (no javascript,
backward compatible to HTML 4? 3? 2? I don't know you tell me....).
For admin UI, we can be more restrictive, IMO. The admin UI, is not
just a UI though. It is a set of REST services that can be called from
javascript (or whatever langage/platform you want). For security
reasons we might want to restrict the types of browsers that can make
these REST requests.
On 8/6/2013 10:14 AM, Gabriel Cardoso wrote:
> An important question is to define which older browsers we have to support. Does Red Hat have a list of them? Who defines this?
>
> Gabriel
>
> On Aug 6, 2013, at 10:24 AM, Bill Burke wrote:
>
>> Older browsers don't support HttpOnly cookies, right? So, maybe we
>> don't set login cookies for these older browsers. For SSO, this will
>> require a relogin every time. For the admin UI, we just won't allow
>> interaction with older browsers. We'll do this by checking the
>> User-Agent header.
>>
>> https://issues.jboss.org/browse/KEYCLOAK-23
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list