W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

[whatwg] Controlling the User-Agent header from script

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 13 Oct 2014 15:53:20 +0200
Message-ID: <CADnb78gvheAX5TNk9DJJJ7z1N+jTqfqS4Xk4VNc=Wv2LRPVeGw@mail.gmail.com>
To: WHATWG <whatwg@whatwg.org>
Per XMLHttpRequest User-Agent has been off limits for script. Should
we keep it that way for fetch()? Would it be harmful to allow it to be
omitted?

https://github.com/slightlyoff/ServiceWorker/issues/399

A possible attack I can think of would be an firewall situation that
uses the User-Agent header as authentication check for certain
resources.


-- 
https://annevankesteren.nl/
Received on Monday, 13 October 2014 13:53:45 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC