miketaylr / user-agent-reduction

This repository is for documenting and discussing all matters related to User Agent Reduction in Chromium.
Other
9 stars 7 forks source link

User-Agent Reduction deprecation trial registration help #13

Closed kumarrishav closed 1 year ago

kumarrishav commented 1 year ago

Describe the issue A clear and concise description of what the issue is.

For ex:

Which account should be used while registering for the User-Agent Reduction deprecation trial? How does it validate that the user who is doing the registration actually owns the domain or subdomain because it's the server/domain owner that infected the token?

Use case: Let's say I own the domain https://www.foo.com and I want that all users of https://www.foo.com should give full UA.

Is it the presence of Origin-Trial: <ORIGIN TRIAL TOKEN> in the response header that tells the owner of the domain or subdomain is the same person who created the token?

Environment:

To Reproduce Steps to reproduce the behavior:

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

miketaylr commented 1 year ago

Is it the presence of Origin-Trial: in the response header that tells the owner of the domain or subdomain is the same person who created the token?

Yes, precisely - if you are able to add a header to the server, that means you are in theory authorized. It's not possible to opt in another origin into an origin trial. Does that answer your question?

miketaylr commented 1 year ago

Going to close due to lack of activity.