We'd like to start planning a CentralNotice campaign targeting users of very ancient, insecure browsers, the canonical example being IE-on-XP. The real measure we want to target on isn't the UA so much as the TLS cipher choice, which Varnish is aware of and can regex-filter on. The message in the campaign banner would be some kind of warning to the user that thier connection and/or browser is insecure and/or outdated, and link them to an informative page like https://wikitech.wikimedia.org/wiki/HTTPS:_Browser_Recommendations .
The outstanding questions right now are these:
- How can we communicate selectivity for a CN campaign from Varnish to CN, with Varnish making the call on whether the user belongs to the set to show the campaign to? Is there a generic mechanism for CN to trigger on seeing a special Cookie value that Varnish could set, for instance?
- Alternatively, could we have CN make the decision for itself based on the client's User-Agent string (navigator.userAgent)? That might be an acceptable alternative as well, if we could construct regular expressions that reliably target only the oldest popular browsers/platforms (e.g. IE-on-XP, Android 2.x, etc). The downside is this wouldn't catch some edge cases we know of where e.g. a modern User-Agent gets downgraded cryptographic negotiation due to a poorly-configured corporate TLS proxy, but it would still be better than nothing.
- Are these older UAs (IE[78]/XP? Android 2.x?) even capable of displaying CN notices, or does the CN JS face some compatibility issues there? Related: does CN work on mobile, and for these older edge cases?