search

WICG / ua-client-hints

Wouldn't it be nice if `User-Agent` was a (set of) client hints?
https://wicg.github.io/ua-client-hints/
Other
590 stars 77 forks source link

Client Hints are sent in Headless Chrome when User Agent is Overridden #366

Closed sanjalijha closed 4 months ago

sanjalijha commented 6 months ago

Headless Chrome, when triggered using the old mode (--headless or --headless=old), sends 3 Client Hints containing the HeadlessChrome brand. [For eg. "Not/A)Brand";v="8", "Chromium";v="126", "HeadlessChrome";v="126"]. The new headless mode in Chrome, triggered by (--headless=new), sends Client Hints containing the Google Chrome brand ["Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"].

When the User Agent is overridden, for both the new and old modes, Headless Chrome still sends Low Entropy Client Hints.

When the feature UACHOverrideBlank is enabled, blank headers are sent when the User Agent is overridden. This feature is disabled by default in Headless Chrome (i.e. UACHOverrideBlank=false).

Is this behavior intentional? Can the Headless Chrome default behavior be updated to sending blank client hints when the User Agent is overridden (enabling UACHOverrideBlank by default)? This eliminates the need to validate that the Client Hints and User Agent are consistent when the User Agent is overridden.

Command to reproduce the issue - chrome --headless –dump-dom https://echo.opera.com/ –-user-agent=“hello world” or chrome --headless=new –dump-dom https://echo.opera.com/ –-user-agent=“hello world”

Output -

GET / HTTP/1.1

Remote: 99.0.82.187 49255

Host:echo.opera.com
Connection:keep-alive
sec-ch-ua:"Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"
sec-ch-ua-mobile:?0
sec-ch-ua-platform:"macOS"
Upgrade-Insecure-Requests:1
User-Agent:hello world
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site:none
Sec-Fetch-Mode:navigate
Sec-Fetch-User:?1
Sec-Fetch-Dest:document
Accept-Encoding:gzip, deflate, br, zstd
Accept-Language:en-US,en;q=0.9

Raw request

  0: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a   GET / HTTP/1.1..
 10: 48 6f 73 74 3a 20 65 63 68 6f 2e 6f 70 65 72 61   Host: echo.opera
 20: 2e 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e   .com..Connection
 30: 3a 20 6b 65 65 70 2d 61 6c 69 76 65 0d 0a 73 65   : keep-alive..se
 40: 63 2d 63 68 2d 75 61 3a 20 26 23 33 34 3b 4e 6f   c-ch-ua: "No
 50: 74 2f 41 29 42 72 61 6e 64 26 23 33 34 3b 3b 76   t/A)Brand";v
 60: 3d 26 23 33 34 3b 38 26 23 33 34 3b 2c 20 26 23   ="8", &#
 70: 33 34 3b 43 68 72 6f 6d 69 75 6d 26 23 33 34 3b   34;Chromium"
 80: 3b 76 3d 26 23 33 34 3b 31 32 36 26 23 33 34 3b   ;v="126"
 90: 2c 20 26 23 33 34 3b 47 6f 6f 67 6c 65 20 43 68   , "Google Ch
 a0: 72 6f 6d 65 26 23 33 34 3b 3b 76 3d 26 23 33 34   rome";v="
 b0: 3b 31 32 36 26 23 33 34 3b 0d 0a 73 65 63 2d 63   ;126"..sec-c
 c0: 68 2d 75 61 2d 6d 6f 62 69 6c 65 3a 20 3f 30 0d   h-ua-mobile: ?0.
 d0: 0a 73 65 63 2d 63 68 2d 75 61 2d 70 6c 61 74 66   .sec-ch-ua-platf
 e0: 6f 72 6d 3a 20 26 23 33 34 3b 6d 61 63 4f 53 26   orm: "macOS&
 f0: 23 33 34 3b 0d 0a 55 70 67 72 61 64 65 2d 49 6e   #34;..Upgrade-In
100: 73 65 63 75 72 65 2d 52 65 71 75 65 73 74 73 3a   secure-Requests:
110: 20 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20    1..User-Agent: 
120: 68 65 6c 6c 6f 20 77 6f 72 6c 64 0d 0a 41 63 63   hello world..Acc
130: 65 70 74 3a 20 74 65 78 74 2f 68 74 6d 6c 2c 61   ept: text/html,a
140: 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c   pplication/xhtml
150: 2b 78 6d 6c 2c 61 70 70 6c 69 63 61 74 69 6f 6e   +xml,application
160: 2f 78 6d 6c 3b 71 3d 30 2e 39 2c 69 6d 61 67 65   /xml;q=0.9,image
170: 2f 61 76 69 66 2c 69 6d 61 67 65 2f 77 65 62 70   /avif,image/webp
180: 2c 69 6d 61 67 65 2f 61 70 6e 67 2c 2a 2f 2a 3b   ,image/apng,*/*;
190: 71 3d 30 2e 38 2c 61 70 70 6c 69 63 61 74 69 6f   q=0.8,applicatio
1a0: 6e 2f 73 69 67 6e 65 64 2d 65 78 63 68 61 6e 67   n/signed-exchang
1b0: 65 3b 76 3d 62 33 3b 71 3d 30 2e 37 0d 0a 53 65   e;v=b3;q=0.7..Se
1c0: 63 2d 46 65 74 63 68 2d 53 69 74 65 3a 20 6e 6f   c-Fetch-Site: no
1d0: 6e 65 0d 0a 53 65 63 2d 46 65 74 63 68 2d 4d 6f   ne..Sec-Fetch-Mo
1e0: 64 65 3a 20 6e 61 76 69 67 61 74 65 0d 0a 53 65   de: navigate..Se
1f0: 63 2d 46 65 74 63 68 2d 55 73 65 72 3a 20 3f 31   c-Fetch-User: ?1
200: 0d 0a 53 65 63 2d 46 65 74 63 68 2d 44 65 73 74   ..Sec-Fetch-Dest
210: 3a 20 64 6f 63 75 6d 65 6e 74 0d 0a 41 63 63 65   : document..Acce
220: 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69   pt-Encoding: gzi
230: 70 2c 20 64 65 66 6c 61 74 65 2c 20 62 72 2c 20   p, deflate, br, 
240: 7a 73 74 64 0d 0a 41 63 63 65 70 74 2d 4c 61 6e   zstd..Accept-Lan
250: 67 75 61 67 65 3a 20 65 6e 2d 55 53 2c 65 6e 3b   guage: en-US,en;
260: 71 3d 30 2e 39 0d 0a 0d 0a                        q=0.9....

Page generated at Wed Apr 24 19:04:25 2024

`

Tanych commented 6 months ago

Hi,

When the User Agent is overridden, for both the new and old modes, Headless Chrome still sends Low Entropy Client Hints.

This is intended behavior, since we don't know how the users override the user-agent, we only send low-entropy client hints to bypass application (e.g. web application firewall) check whether any client hints sent over the head.

When the feature UACHOverrideBlank is enabled, blank headers are sent when the User Agent is overridden. This feature is disabled by default in Headless Chrome (i.e. UACHOverrideBlank=false). Is this behavior intentional? Can the Headless Chrome default behavior be updated to sending blank client hints when the User Agent is overridden (enabling UACHOverrideBlank by default)?

UACHOverrideBlank is disabled by default as intended, the reason why we didn't enabled this feature by default is that: Sending low entropy hints with empty values may cause requests being blocked by web application firewall software, etc.

See context on https://crbug.com/40270800.

miketaylr commented 4 months ago

Going to close this as intended behavior (but also, this is Chrome-specific, and not really a good fit for the spec's repo).

bvattikonda commented 2 months ago

@Tanych if there is a mismatch between the client hints and the overridden User-Agent header, is that behavior considered working as intended?

@miketaylr what would be a good forum to post these bugs on? Should we move this to bugs.chromium.org?