W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: [XHR] Open issue: allow setting User-Agent?

From: Hallvord R. M. Steen <hallvord@opera.com>
Date: Thu, 11 Oct 2012 12:23:21 +0200
To: "'Julian Aubourg'" <j@ubourg.net>, annevankesteren@gmail.com, "Jungkee Song" <jungkee.song@samsung.com>
Cc: public-webapps@w3.org
Message-ID: <op.wl0e47ofa3v5gv@hr-desk>
Jungkee Song <jungkee.song@samsung.com> skreiv Thu, 11 Oct 2012 10:56:53  

> IMO browser spoofing either through the browser's main HTTP request or  
> XHR request is not the ultimate way to handle the browser sniffing  
> issues in practical service scenarios.

Well, it would be a lot nicer to write specs for an ideal "ultimate" world  
for sure ;-)

In *this* world, this limits what script authors can do in a way that will  
leave them unable to solve some problems.
However, that MAY still be a reasonable decision if there are good reasons  
to do so! I agree with you that this is a judgement call with both pros  
and cons.

In this specific case I don't understand the full reasoning behind the  
limitation. Some of the rationale sounds more like "we think somebody once  
may have said it would cause a security problem". And I would like us to  
have a stronger rationale and more evidence when we limit what authors are  
allowed to do.

Maybe other members of public-webapps could help me out by suggesting  
threat scenarios and use cases where this limitation seems relevant?

Hallvord R. M. Steen
Core tester, Opera Software
Received on Thursday, 11 October 2012 10:24:31 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:49 UTC