[Openid-specs-fapi] Issue #65: user-agent header requirement is not a security feature (openid/fapi)
issues-reply at bitbucket.org
Tue Jan 31 15:15:10 UTC 2017
New issue 65: user-agent header requirement is not a security feature
“shall send User-Agent header that identifies the client, e.g., User-Agent: Intuit/1.2.3 Mint/4.3.1; and”
The note says that this is not a security feature.
It is dangerous to depend on it. It is just FYI.
The "shall" should be changed to "should".
More information about the Openid-specs-fapi