W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: remove/deprecate User-Agent header?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 19 Aug 2010 15:12:39 +0200
Message-ID: <4C6D2DC7.4070605@gmx.de>
To: Paul Wise <pabs3@bonedaddy.net>
CC: ietf-http-wg <ietf-http-wg@w3.org>
On 19.08.2010 14:57, Paul Wise wrote:
> ...
>> That doesn't mean there aren't good ones.
>
> Do you have any examples? I'm unable to think of any.
> ...

Sometimes it's necessary to do the Right Thing, although some UAs break 
when you attempt to.

For instance, using RFC 2231 / RFC 5987 encoding in Content-Disposition 
(fails with IE/Safari/Chrome), or when sending a proper Vary response 
header (which causes all kinds of trouble in old IE versions).

>> Independently of that, what *effect* do you think making it "illegal" has?
>
> Hopefully to stop user-agents from sending the header at all, servers
> from providing access to it in their logs or environment variables and
> web applications and sites from using it in hacks to discriminate
> against users of browsers from the wrong vendor.
>
> If you mean at the protocol level, I would suggest servers return 400
> Bad Request when a client sends User-Agent.

U-A is widely used for working around UA bugs. If we made it illegal we 
probably would need to replace it with something that provides that 
functionality. I'm not sure how that would be different from what we 
have today, nor how to deploy it in practice.

Best regards, Julian
Received on Thursday, 19 August 2010 13:13:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:24 GMT