Test your browser
Test your browser is a tool that performs feature detection as well as blacklist detection against the browser and reports whether or not the browser can be used with the BankID Web-client. Some features are required for the client to function, such as CORS and XDM, while others are only recommended features that will be used by the client if available, such as cookies and geolocation.
The tool is a HTML-wrapper around the bid-browser-test JavaScript API. The JavaScript API version documentation is maintained in BankID Services Interface Description.pdf, found in the releasepackages available for banks and partners on bankid.no. Documentation of the HTML-wrapped version is found below and can easily be used if there is no need for customisation beyond language.
The HTML tool is available at https://tools.bankid.no (for pre-production, see https://tools-preprod.bankid.no/browser-test ), and merchants may embed this page as part of their web site through the use of an iframe or by linking directly to it.
<iframe src="https://tools.bankid.no/browser-test"></iframe>
Below is an overview of the features that are being tested.
Required features are mandatory for the BankID Web-client in order to function. It is required that the user upgrade their browser should the feature not be supported by their browser. features are not mandatory for the BankID Web-client to function, but will be used by the client if available. It is recommended that the user upgrade their browser should the feature not be supported by their browser.
Recommended features are not mandatory for the BankID Web-client to function, but will be used by the client if available. It is recommended that the user upgrade their browser should the feature not be supported by their browser.
Feature | Explanation | Upgrade? | Notes |
---|---|---|---|
Cross-origin resource sharing (CORS) | Checks to see if the browser supports CORS through XMLHttpRequest as defined by the W3C, or through XDomainRequest in IE 8/9. | Required Recommended[1] | [1] The BankID Web-client uses XMLHttpRequest (XHR) to implement CORS, however, if unsupported, it will fallback to Microsoft's XDomainRequest (XDR) in IE 8 and 9. The test for CORS therefore becomes green if XHR/CORS is supported, yellow if XDR/CORS is supported, or red if neither is supported. |
Cross-document messaging (XDM) | Checks to see if the browser supports XDM through postMessage in window as defined by the W3C. | Required | |
Scalable vector graphics (SVG) | Checks to see if the browser supports SVG image generation as defined by the W3C. | Required | |
Object.keys | Checks to see if the browser supports Object.keys as defined in the ECMAScript 5-specification. | Required | |
Selectors API | Checks to see if the browser supports document.querySelector and document.querySelectorAll as defined by the W3C. | Required | |
JSON | Checks to see if the browser supports the JSON object and its parse and stringify methods as defined in the ECMAScript 5-specification. | Required | |
Element.outerHTML | Checks to see if the browser supports Element.outerHTML as defined by the W3C. | Required | Although support for Element.outerHTML is very basic, it allows the test to fail on most legacy browsers that would otherwise fail to support the BankID Web-client. |
Cookies | Checks to see if cookies are enabled and available through document.cookie. | Recommended | The test only relies on JavaScript to read and write a single cookie called BankID_Cookie_Test which expires after five seconds. |
Canvas | Checks to see if the browser supports the HTML5 canvas element as defined by the W3C. | Recommended | |
Web Storage API | Checks to see if the browser supports localStorage as defined by the W3C. | Recommended | |
Geolocation API | Checks to see if the browser supports geolocation as defined by the W3C. | Recommended |
Some of these technologies are not yet widely supported and because of this they are disabled by default. The following tests may however be enabled by setting the extended-parameter to true.
Feature | Explanation | Upgrade? | Notes |
---|---|---|---|
Content security policy (CSP) | Checks to see if the browser honours/understands CSP as defined by the W3C by asserting the failure of inline code-evaluation using eval. | Recommended | Enforcing CSP is highly recommended in order to protect against cross-site scripting (XSS)-attacks, however, no version of Internet Explorer currently (IE 11) supports CSP and that because of this the test is disabled by default. |
Web Cryptography API | Checks to see if the browser supports window.crypto as defined by the W3C. | Recommended | |
Web Graphics Library (WebGL) | Checks to see if the browser supports WebGL as defined by the Khronos Group. | Recommended | |
Web Real-Time Communication API (WebRTC) | Checks to see if the browser supports WebRTC as defined by the W3C. | Recommended | |
ShadowDOM | Checks to see if the browser supports ShadowDOM as defined by the W3C. | Recommended |
The Test your browser tool is configurable through parameters passed in the URL and enables the merchant to tailor the tool to their needs, such as language.
Parameter | Explanation | Default | Example |
---|---|---|---|
locale | Specifies the language to be used throughout the tool. Currently, only Norwegian bokmål (nb) and English (en) are supported. | Norwegian bokmål (nb) | https://tools.bankid.no/browser-test?locale=nb |
friendly | Hides technical details from the user if set to true. This results in the following:
| On (true) | https://tools.bankid.no/browser-test?friendly=false |
extended | Runs an extended feature detection against the user's browser if set to true, running additional tests against the following browser features:
| Off (false) | https://tools.bankid.no/browser-test?extended=true |
debug | Prints out various details during the feature detection. | Off (false) | https://tools.bankid.no/browser-test?debug=true |