Don't major browsers essentially auto update? And to the extent that a device is so old that it can't support newer versions, surely it must be VERY old and perhaps is somewhat likely to be replaced sooner than later.
I think I'll probably carry on with not supporting browsers that don't have Sec-Fetch-Site. The alternative, Csrf tokens, actually causes me immense issues (they make caching very difficult, if not impossible).
(and I say all of this as someone who is specifically building something for the poorest folks. I'm extremely aware of and empathetic to their situation).
It still depends on the target audience. Some websites or apps are single-page applications (SPAs), can older devices handle that? For example, my mum’s Android phone was too slow to even load a page.
Secondly, users should upgrade their devices to stay safe online, since vulnerabile people are often scammed or tricked into downloading apps that contain malware.
So we should not cater to outdated browsers when they could pose a risk.
Yeah, I'm very amenable to this take. WordPress, for example, is infamous for having extreme backwards compatibility. But that often results in many sites being on ancient versions of php (and surely other tech as well). I'm of the opinion that they should all be running currently-supported versions of php and everything else. If you can't use my plugin because your server is shit, so be it.
