search

w3ctag / polyfills

Finding on polyfills
https://w3ctag.github.io/polyfills
18 stars 6 forks source link

Discourage UA sniffing #4

Closed triblondon closed 7 years ago

triblondon commented 7 years ago

@wheresrhys suggests that this part is too pro-UA-sniffing, and for the most part we should actively discourage it:

Consider using techniques such as feature detection in the browser to dynamically determine which polyfills to use, or User-Agent based browser identification to do so on a server.

Rhys:

Worth giving far stronger weighting to the feature detect approach, or possibly even discouraging UA sniffing. UA sniffing may be used by polyfill.io but despite there being a dedicated community and team, there have been frequent false positives & negatives, lots of weird edge cases to consider (e.g. in-app browsers) and there is no good single source of truth for which browsers support which features at which versions - in short, it's very difficult to do well, and arguably deserves to be considered harmful (with polyfill.io being the exception to the rule as the risks are understood and appropriate efforts are made to negate them)

cynthia commented 7 years ago

While this is the most practical approach, I'm not entirely sure if it should be advocated.

UA sniffing is extremely fragile (in a less than ideal world where everyone lies that they are Mozilla, WebKit, Safari, and nowadays even Chrome) and in particular is not welcoming to any new implementations. This has been a problem when I worked at Opera (due to sniffing for "Opera" without a version check), and also has affected Edge.

Adding a "unless absolutely necessary" condition could be a start, as I don't have a better suggestion on how to deal with this on the server side without re-inventing UA strings.

DavidBruant commented 7 years ago

there is no good single source of truth for which browsers support which features at which versions

And there cannot be. However polyfill.io is as close as you can get. And it's distributed in a reuse-friendly licence.

I'm torn on the usage of the User-Agent header but it feels worth it to prevent penalizing users on modern browsers. That said, the document should mention that it's an otherwise very bad practice. It should also offer recommendation on how to act when encountering an unknown User-Agent value.

triblondon commented 7 years ago

OK, I'm sold, we'll acknolwedge it's an option but recommend feature-detection

triblondon commented 7 years ago

Decided to remove the mention completely. We are not arguing against the technique, but advocating a feature-detection approach.