-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set of UA strings needs more explanation #21
Comments
I came here to ask this as well. If the intention is to allow browsers to indicate that they're part of the same rendering engine equivalence class, I think it would be more clear to have this represented in a
It'd also be great to understand what the spec would/would not mandate here. For example, I can imagine a browser wanting to lie about being another browser for compatibility reasons unless a developer explicitly asked for more information by using |
For what it's worth, the set behavior may also be useful for bots / crawlers to identify themselves. Currently bots typically stick their name somewhere in the middle of a legacy User-Agent string that's otherwise similar to the browser they want to emulate. And this behavior of including the robot name in the UA is actually strongly suggested by the draft robots.tx standard:
With the new spec, if multiple brands & versions are allowed, then the header could convey both the browser the robot wants to emulate, and the name of the robot itself. |
I don't think this issue was solved. The examples still are only about the mechanics of this, not the why. And they give unrealistic examples. They don't answer the OP's question. |
@domenic - fair enough
Yes, the idea is to enable expression of equivalence sets, while trying to reduce the possibility of strict comparisons.
The expectation is that browsers that don't typically find themselves on block-lists will be responsible to do the GREASEing, in order to discourage sites from blocking other browsers.
I don't expect the random examples to be standardized. I can see such examples appearing in order to prevent "If there's a browser I don't know, I'll block it" type of logic on the server side. |
Having an explicit "Engine" hint runs a risk of making it harder for different browsers that are running on the same engine to do different things (e.g. turn on different flags by default). Maybe the set for e.g. Chromium based browsers should include "Chromium" as well. but not having an explicit engine hint gives us flexibility to include or remove such hints, as web compat evolves.
That's interesting and not something I considered. A "real UA" hint? :) |
I would assume that if a browser wanted to lie about which browser (i.e. Vivaldi not advertising as such) that it also wouldn't do so if the server asked nicely, but I could be wrong. My hope is that if a browser knows it's generally compatible with Chromium-based browsers, then it would generally be compatible with browser with "Chromium" in it's set. Conversely, if it's seeing a lot of errors in it's logs, it could take an intersection of the sets to find a connection if it's deeper than "Chromium" (i.e. if Opera ships with a feature turned off by default that Chrome usually has on) |
It feels like adding I'm likely writing this from a biased perspective, since we've been (and are continuing to work through) numerous UA-related issues on sites, but the bugs we've seen so have have fallen largely into two categories:
As I touched on above, I believe that any solution we build here should aim to discourage individual browser detection unless absolutely necessary and move developers towards equivalence class detection/feature detection instead. What I'm currently envisioning (which would be great to discuss either here or in a separate issue) is a sort of tiered approach which would likely need to be mandated by spec in order to be effective:
@yoavweiss, thoughts? |
Created #4 to attempt a more realistic explanation.
I agree it smells similar. One difference might arise if Chrome itself did not add it every single time.
You spelled "experience" wrong :)
Having UA be a set and having that set include words servers necessarily do not understand would (hopefully) result in servers avoid block-listing new UAs that also include their well-known "equivalence class".
Having UA also include their own string in the set, on top of their equivalence class would hopefully help servers implement that properly, even if on a browser-by-browser basis. (that is, they'd have to distinguish I worry that a "give me your really real UA string, plz" API will end up being abused for block-listing, so I'd be hesitant to provide one...
If we were to adopt such a scheme in 2013, Chromiums would now say "WebKit, Chromium". So, at the end, I'm not sure that compat forces operating on such a hint would be different from those operating on the browser name.
Prescriptive standards don't work when they are contrasted by user pain. I suspect that minority browsers, when faced with that dilemma, would not choose loosing users in order to be spec compliant :/
That can hopefully work for most features, but I'm not sure that is something that would always satisfy, e.g. services like polyfill.io. |
How can I get a robust & reliable & real major version? Background: My web extension relies on Chrome version (from the current user-agent string) to work around some of Chromium bugs when the extension scripts get loading. Currently I can specify that my scripts run on document start and do (patch) whatever I want in a pure fresh environment. Problem: If |
I'd expect the major versions to align, so e.g. don't expect Edge to lie about the relative Chrome version that it considers to be in its equivalence class. |
So will all browsers with Chromium cores in a same major version |
Not necessarily, but I wouldn't expect them to lie about the Chrome version that they are equivalent to. |
I'm happy with the examples. However I'll node that it says |
https://github.com/WICG/ua-client-hints#should-the-ua-string-be-a-set and https://wicg.github.io/ua-client-hints/#abstract-opdef-set-the-sec-ch-ua-header-for-a-request step 5 indicate that instead of a single "Brand Version" string, some clients may sometimes send "Brand Version, OtherBrand OtherVersion".
The explainer section doesn't do a good job explaining why any user agent would possibly do this, or why it would work.
Reading between the lines, the idea might be that this is an escape valve so that e.g. Edge 79 could lie and say that it's
Edge 79, Chrome 79
orChrome 79, Edge 79
? And then Edge would have to hope that Chrome does the same thing, cooperatively, otherwise sites would just always assume those two strings mean "Edge"? So this is kind of a way of allowing browsers to advertise that they're part of a (rendering-engine-based) equivalence class?Is the intention that Edge would do this every time it sent
Sec-CH-UA
, or just sometimes? (GREASE seems to be "sometimes".)Or is the README's more-random examples actually what is intended? Will there be a list of totally-fake browser names that people start using, like the literal example
NotBrowser
? Will this list of fake names be shared (standardized?), or will each browser vendor make up their own?The text was updated successfully, but these errors were encountered: