[Openid-specs-fapi] Issue #65: user-agent header requirement is not a security feature (openid/fapi)

Nat Sakimura issues-reply at bitbucket.org
Tue Jan 31 15:15:10 UTC 2017


New issue 65: user-agent header requirement is not a security feature
https://bitbucket.org/openid/fapi/issues/65/user-agent-header-requirement-is-not-a

Nat Sakimura:

“shall send User-Agent header that identifies the client, e.g., User-Agent: Intuit/1.2.3 Mint/4.3.1; and”
The note says that this is not a security feature. 
It is dangerous to depend on it. It is just FYI. 
The "shall" should be changed to "should".

Responsible: Nat


More information about the Openid-specs-fapi mailing list