More informative `User-Agent` header

nodejs / undici

An HTTP/1.1 client, written from scratch for Node.js

https://nodejs.github.io/undici

MIT License

6.24k stars 542 forks source link

More informative `User-Agent` header #1475

Open LiviaMedeiros opened 2 years ago

LiviaMedeiros commented 2 years ago

This would solve...

User-Agent with additional information might help server to be aware of possible features, limitations and quirks of client.

The implementation should look like...

Default user-agent having value of `undici/${version}` or `undici/${version} Node.js/${nodeVersion}`.

I have also considered...

`undici/${version} (${osInfo}) Node.js/${nodeVersion}` but it's probably too much.

Additional context

Quirks that deserve decisions on server side might be discovered much later than corresponding version had released.

mcollina commented 2 years ago

In my experience parsing user-agents is a primary source of ReDoS for servers. It's not something we should encourage on the default setting.

I think we should support configuring it on the Agent and applying it to all requests (this might be a good thing to have for other headers too).

jimmywarting commented 2 years ago

In node-fetch we decided on exposing the most minimal information possible to avoid leaking any information that might be harmful... we ultimate decided that we would use a complete static string https://github.com/node-fetch/node-fetch/issues/527

some off topic stuff

Something i perhaps wished we did later right from the gecko in node-fetch was for the possibility to construct a own `fetch` instance... Something like: ```js const fetch = new Fetch({ origin: 'http://localhost.com', userAgent: 'undici/1.0.0', httpAgent: new Agent( ... ) }) ``` Then it would allow creating new fetch instances that would be affected by somebody else's code. and you would be able to use relative urls like `fetch('/cat.png')`