Blocking users of poorly supported browsers

Install & Config
#1

I’ve been providing instances of Jitsi Meet based on the docker-compose instructions lately.
Based on reports here [1] and also what I heard elsewhere it seems that often problems come from using poorly supported browsers, particularly Firefox.

I was considering blocking users not using Chrome/Chromium, on an instance using the docker-compose install method I added this to the site-confs/default config of nginx:

if ($http_user_agent !~* (Chrome|Chromium|okhttp)) {
	return 403;
}

(has to go into the server section, this can be done either by logging into the web container or changing the template beforehand. the okhttp is needed so the jitsi app still works.)

Now I’m wondering if this is a smart way of doing this or if people have better ideas. And whether it would be a good idea to provide this as an option for the docker setup (could be made a setting in .env, and maybe coupled with not just a 403 page, but a page informing the user).
Also I saw forum posts [2] indicating that there already is a warning shown, however I don’t see such a warning.

[1] Jitsi-Meet : Google Chrome vs Firefox
[2] Browser support warning when using the latest firefox (71.0) version on meet.jit.si

#2

Have a look in the interface_config.js:

// Names of browsers which should show a warning stating the current browser
// has a suboptimal experience. Browsers which are not listed as optimal or
// unsupported are considered suboptimal. Valid values are:
// chrome, chromium, edge, electron, firefox, nwjs, opera, safari
OPTIMAL_BROWSERS: ['chrome', 'chromium', 'nwjs', 'electron'],

// Browsers, in addition to those which do not fully support WebRTC, that
// are not supported and should show the unsupported browser page.
UNSUPPORTED_BROWSERS: ['safari'],

I mapped it into nginx using this directive after copying it from /usr/local…

location = /interface_config.js {
    alias /etc/jitsi/interface_config.js;
    # kill cache
    add_header Last-Modified $date_gmt;
    add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
    if_modified_since off;
    expires off;
    etag off;
}

This shows a browser warning after joining.

1 Like
#3

I’ve blocked all non-Chrome/Chromium users for the time being:

# cat /etc/nginx/sites-enabled/example.org
[...]
    error_page 403 /only_chrome.html;
    location = /only_chrome.html {
        root   html;
        allow all;
    }
[...]
    location ~ ^/([^/?&:'"]+)$ {
        if ($http_user_agent !~* (Chrome|Chromium|okhttp) ) {
                return 403;
        }

        try_files $uri @root_path;
    }

    location @root_path {
        if ($http_user_agent !~* (Chrome|Chromium|okhttp) ) {
                return 403;
        }

        rewrite ^/(.*)$ / break;
    }
[...]
# cat /usr/share/nginx/html/only_chrome.html
<html>
        <head>
        <title>Only Chrome/Chromium supported</title>
        </head>
        <body>
                <p>
                Browser not supported. Please use Chrome or Chromium.
                </p>
        </body>
</html>

be aware that this is an ugly hack (it will cause you being reborn as a kitten - you know what that means!) that should only be in use until https://bugzilla.mozilla.org/show_bug.cgi?id=1164187 is fixed.

#4

WORST IDEA EVER:
[https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/](http://NGINX: IF is EVIL)