W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Controlling the User-Agent header from script

From: Jonas Sicking <jonas@sicking.cc>
Date: Tue, 14 Oct 2014 02:38:01 -0700
Message-ID: <CA+c2ei-OF8V5vhCym1R6M8XXw7RvdNSts61SeyHQpEgdAdpM8g@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@whatwg.org>
On Tue, Oct 14, 2014 at 12:06 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Oct 14, 2014 at 1:02 AM, Jonas Sicking <jonas@sicking.cc> wrote:
>> We'd definitely need to treat the header as a content-set header from
>> a CORS perspective. Otherwise we'd have problems not just with pages
>> behind firewalls, but also websites that use cookies for
>> authentication. I.e. most websites.
>
> I thought maybe if we just allow it to be omitted (and not set to any
> value) it would be okay. Just like we allow Referrer to be omitted.
> But maybe not.

I'd rather not. Seems like an unknown amount of risk for a pretty low
value. I would imagine that the main use case is to set a different
UA, not remove the UA.

/ Jonas
Received on Tuesday, 14 October 2014 09:39:09 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC