We have created a website whose users must be limited to within the confines of a physical establishment or building. If they leave the building they should not be able to load and interact with the website.
We are at an impasse as to what solution to use to solve this issue with.
We’ve explored doing this with bluetooth low energy by having a desktop computer configured as a beacon to send out signals to visitors of the website whose mobile devices will have javascript code scanning for this particular bleutooth beacon device. ble web API is marked as experimental so users must go to chrome flags to enable to feature before javascript ble code will run, though – the flow of navigating away and enabling the flag, then relaunching chrome is not a good user experience at all. This messing with flags is not something everyday users should be doing all the time anyways.
Another option is to have the website’s javascript scan wifi and somehow check if the wifi is the one at the establishment, maybe?
My proposal was this option; to use navigator.geolocation to get the coordinates of the user and the reading’s accuracy rating, and checking if this is within the coordinates of the establishment. I’ve been told that the accuracy is too low for this use case by another engineer on the team. I don’t know enough about its accuracy to refute this. Can someone more experienced weigh in on this assessment?
Another option is checking user IP as mentioned in (Is it possible/feasible to limit website access to a geographic area?) this post but if the accuracy is city-level, that would be too inaccurate for this use case.
What’s the best path forward? Any other options we haven’t considered? Thoughts on options we have considered?