[opensource-dev] [POLICY] Configurable HTTP user-agent string

Thomas Shikami thomas.shikami at online.de
Fri May 7 10:31:33 PDT 2010

Previous message: [opensource-dev] [POLICY] Configurable HTTP user-agent string
Next message: [opensource-dev] [POLICY] Configurable HTTP user-agent string
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tigro Spottystripes schrieb:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> don't the user agent string already tells servers about some of the
> browser's capabilities with the current format?
>
> the current one for my Firefox is:
> Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.9.2.3)
> Gecko/20100401 Firefox/3.6.3 (.NET CLR 3.5.30729) Mnenhy/0.8.2
>   
Just noting, that user-agent string is always in the format: 
Name/Version (optional comment)
where Name is an alphanumeric string without whitespace, Version is a 
numeric string or dottet decimals. And the optional comment a list if 
strings delimited by semicolon+space

Though Emerald viewer has a broken user-agent string:

Mozilla/5.0 (Windows; U; Windows NT 6.1; chrome://navigator/locale/navigator.properties; rv:1.8.1.21) Gecko/20090305 SecondLife/Emerald Viewer (default skin)

There it says SecondLife/Emerald instead of SecondLife/1.23.5.1634 and Viewer seems to be it's own token in this. The correct user agent would be:

Mozilla/5.0 (Windows; U; Windows NT 6.1; chrome://navigator/locale/navigator.properties; rv:1.8.1.21) Gecko/20090305 SecondLife/1.23.5.1634 (Emerald Viewer; default skin)

Just like it is with every other viewer out there. I talked to LGG about this once, seems like it still isn't fixed. This fact makes it impossible to use User-Agent to detect, if the Emerald Viewer in question has restricted exports or not.
This could be the issue for Second Life search not working correctly on emerald as well, as the parsers for user-agent strings are confused by this non-standard behaviour.

To opt out, a viewer might send something like ... SecondLife/1.0.0.0 (compatible; default skin) or ... SecondLife/2.0.0.0 (compatible; default skin), though yet this has to be checked with LL, if that counts as spoofing viewer identifier or not.
My IANAL interpretation is, that the viewer identifier used to connect to login.*.lindenlab.com is the one that may not be spoofed.

Previous message: [opensource-dev] [POLICY] Configurable HTTP user-agent string
Next message: [opensource-dev] [POLICY] Configurable HTTP user-agent string
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the opensource-dev mailing list