Intent to Prototype: Sec-CH-UA-Full-Version-List user-agent client hint

87 views
Skip to first unread message

Victor Tan

unread,
Nov 2, 2021, 8:14:11 PM11/2/21
to blin...@chromium.org, Mike Taylor

Contact emails

vict...@chromium.org, mike...@chromium.org, jadek...@chromium.org


Specification

https://wicg.github.io/ua-client-hints/#sec-ch-ua-full-version-list


Summary

The Sec-CH-UA-Full-Version-List request header field gives a server information about the full version for each brand in its brands list.


Blink component

Privacy>Fingerprinting


Motivation

As raised in UA-CH Issue 196, Sec-CH-UA-Full-Version can be considered too tightly bound to the  primary brand in the brand list, especially for embedders. In order to prevent classes of bugs where a site might think the fictional “Hamburger” browser is not up to date (because its version scheme is different, and lower than Chromium’s), we propose to expose the full version of each brand in the brand list, by requesting this new client hint.

Here’s what that would look like:

Sec-CH-UA-Full-Version-List: “Hamburger”; v="92.0.902.73", "Chromium"; v="92.0.4515.131", "?Not:Your Browser"; v="3.1.2.0"

Eventually, it will make sense to deprecate and remove Sec-CH-UA-Full-Version (assuming usage allows us to do so). But we do not intend to do that until we ship its replacement.


Initial public proposal

https://github.com/WICG/ua-client-hints/issues/196


TAG review

https://github.com/w3ctag/design-reviews/issues/640


TAG review status

Pending (there’s a pre-existing review, but this hint came up in the review process as feedback from other browsers)


Risks

Interoperability and Compatibility

This is a new hint, so it should not create compatibility issues.

Gecko: Non-harmful (https://mozilla.github.io/standards-positions/#ua-client-hints)

WebKit: No signal

Web developers: No signals

Debuggability

No special DevTools support needed. It should just work™.


Is this feature fully tested by web-platform-tests?

It will be.


Flag name

UserAgentClientHintFullVersionList


Requires code in //chrome?

False


Tracking bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1249246


Launch bug

https://bugs.chromium.org/p/chromium/issues/detail?id=1260418


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5703317813460992


Reply all
Reply to author
Forward
0 new messages