hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ortwin Glück (JIRA) <j...@apache.org>
Subject [jira] Commented: (HTTPCLIENT-655) User-Agent string violates RFC
Date Wed, 06 Jun 2007 18:41:26 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12502025
] 

Ortwin Glück commented on HTTPCLIENT-655:
-----------------------------------------

Hi Roland,

I agree that changing the User-Agent string may break existing filtering rules. So better
don't change that now.

System properties: Well, yes, they are a bit nasty (SecurityManager comes to mind). But that's
the official way to obtain that sort of information. Look at other User-Agent strings and
you will see that most of them carry this information.

Spaces are legal within a comment. That is the text between parantheses.

Okay, I'll happily contribute a User-Agent validator :-)

Odi

> User-Agent string violates RFC
> ------------------------------
>
>                 Key: HTTPCLIENT-655
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-655
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 3.1 RC1
>            Reporter: Ortwin Glück
>            Priority: Minor
>
> Our User-Agent says "Jakarta Commons-HttpClient/3.1-rc1". But space is a reserved character
to separate individual *products* and comments according to RFC 2616, section 14.43. Jakarta
is not a product. At the same time we may want to drop the Jakarta name altogether.
> We should change this to something more standard like: 
> "Apache-HttpClient/3.1-rc1 ("+ System.getProperty("os.name") +";"+ System.getProperty("os.arch")
+") "+
> "Java/"+ System.getProperty("java.vm.version") +" ("+ System.getProperty("java.vm.vendor")
+")"
> which renders:
> "Apache-HttpClient/3.1-rc1 (Windows XP 5.1;x86) Java/1.5.0_08 (Sun Microsystems Inc.)"
> Sun's internal Http client uses something like "Java/1.5.0_08".
> I am completely ignoring the fact that real-world user agents use almost arbitrary strings.
> Some fine examples of misbehaviour from my private logs:
> "Jakmpqes dihurxf wfyiupsc" -- apparently somebody has to hide something...
> "Missigua Locator 1.9"
> "Poodle predictor 1.0"
> "shelob v1.0"
> "ISC Systems iRc Search 2.1"
> "ping.blogug.ch aggregator 1.0"
> "http://www.uni-koblenz.de/~flocke/robot-info.txt"  -- ...sigh
> I am very tempted to write a User-Agent string validator that prevents misuse of this
field in HttpClient.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message