Allow certain client hints in request headers. #14155
Conversation
| @@ -15,7 +15,15 @@ namespace blink { | |||
|
|
|||
| void EnabledClientHints::SetIsEnabled(const WebClientHintsType type, | |||
| const bool should_send) { | |||
| enabled_types_[static_cast<int>(type)] = false; | |||
| switch (type) { | |||
| case WebClientHintsType::kUA: | |||
There was a problem hiding this comment.
What value do we send for this one? The Chromium one or the Chrome one?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-CH-UA#examples
There was a problem hiding this comment.
We send "Chromium";v="103", ".Not/A)Brand";v="99"
There was a problem hiding this comment.
Ok, so we will look different from Chrome then.
There was a problem hiding this comment.
@mkarolin shouldn't this be the same as whats in navigator.userAgentData (which is different from both Chrome and Chromium)
There was a problem hiding this comment.
Doesn't seem like it. There's a whole bunch of code that determines branding for client hints, specifically in blink::UserAgentBrandList GetUserAgentBrandList. We get the Chromium one because we don't unset CHROMIUM_BRANDING when building. If we unset it we would get ".Not/A)Brand";v="99", "Brave Browser";v="103", "Chromium";v="103"
There was a problem hiding this comment.
I think thats what we want, as long as it wouldn't change the standard UA string (do you know if it would?)
There was a problem hiding this comment.
Doesn't appear so, the UA string is Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
There was a problem hiding this comment.
Added a patch to apply branding to the UA CH.
|
(slightly modified from Slack) Looks great, though, either in this or in a follow up PR, would it be possible to:
|
mkarolin
force-pushed
the
maxk-allow-certain-client-hints
branch
from
a1f6c08 to
28219c5
Compare
mkarolin
force-pushed
the
maxk-allow-certain-client-hints
branch
from
28219c5 to
b373ae1
Compare
mkarolin
force-pushed
the
maxk-allow-certain-client-hints
branch
from
b373ae1 to
f5737fa
Compare
|
@iefremov would you mind taking another look, please? |
Allowed hints are: kUA kUAMobile kUAPlatform Fixes brave/brave-browser#24009
Allows using brand name in the client hint so that our UACH is ".Not/A)Brand";v="99", "Brave Browser";v="103", "Chromium";v="103" instead of "Chromium";v="103", ".Not/A)Brand";v="99"
mkarolin
force-pushed
the
maxk-allow-certain-client-hints
branch
from
f5737fa to
b6cdc2d
Compare
We will roll out via Griffin.
…opyValues Fixes brave/brave-browser#23491 It seems uaFullVersion was always leaking but the fullVersionList started leaking because of the change in #14155 where brand was added to GetUserAgentBrandList function in components/embedder_support/user_agent_utils.cc which broke the BraveContentBrowserClient::GetUserAgentMetadata expectation that the brand list would only contain 2 items (instead of now 3). This fix adjusts the BraveContentBrowserClient::GetUserAgentMetadata expectations and removes adding the Brave brand to the lists because it's already there. Now we just need to zero out 3 last components of the full versions list and uaFullVersion string. Also, adds a browser test to check the sizes of the lists and versions values.
Fixes brave/brave-browser#24009
Per @pes10k we can allow
sec-ch-ua,sec-ch-ua-mobile, andsec-ch-ua-platformclient hints since theyaren’t privacy harming, since they’re already in the UA effectively. This change makes us fall back onto Chromium code for those 3 client hints.Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed)Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on
Test Plan: