[Openid-specs-fapi] Issue #65: user-agent header requirement is not a security feature (openid/fapi)
Nat Sakimura
issues-reply at bitbucket.org
Tue Jan 31 15:15:10 UTC 2017
New issue 65: user-agent header requirement is not a security feature
https://bitbucket.org/openid/fapi/issues/65/user-agent-header-requirement-is-not-a
Nat Sakimura:
“shall send User-Agent header that identifies the client, e.g., User-Agent: Intuit/1.2.3 Mint/4.3.1; and”
The note says that this is not a security feature.
It is dangerous to depend on it. It is just FYI.
The "shall" should be changed to "should".
Responsible: Nat
More information about the Openid-specs-fapi
mailing list