On 2014-10-13 15:53, Anne van Kesteren wrote: > Per XMLHttpRequest User-Agent has been off limits for script. Should > we keep it that way for fetch()? Would it be harmful to allow it to be > omitted? > > https://github.com/slightlyoff/ServiceWorker/issues/399 > > A possible attack I can think of would be an firewall situation that > uses the User-Agent header as authentication check for certain > resources. > > That's a server security issue and not a browser one, attackers would never use a "nice" browser for attacks anyway, what point is there in background checks for security guards if the window is always open so anyone can get in? ;) -- Roger "Rescator" Hågensen. Freelancer - http://www.EmSai.net/Received on Monday, 13 October 2014 22:48:19 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC