Sec-CH-UA: Send only the major version by default.

Rather than sending a `Sec-CH-UA` header containing the full version number by default (e.g. "Chromium 99.0.1232.12"), send only the major version (e.g. "Chromium 99"). This does not effect the value of `UserAgent.version` obtained from `navigator.getUserAgent()`, but only the HTTP request header. Bug: 928669 Change-Id: I074e244a3918b0bdab4453c2f56dc737c506f732 Reviewed-on: https://chromium-review.googlesource.com/c/1475438 Reviewed-by: Jochen Eisinger <[email protected]> Reviewed-by: Tarun Bansal <[email protected]> Commit-Queue: Mike West <[email protected]> Cr-Commit-Position: refs/heads/master@{#633726}
natechapin · Feb 20, 2019 · f70ff91 · f70ff91
1 parent c0a12da
commit f70ff91
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 0 deletions.
diff --git a/client-hints/resources/sec-ch-ua.py b/client-hints/resources/sec-ch-ua.py
@@ -0,0 +1,11 @@
+def main(request, response):
+    ua = request.headers.get('sec-ch-ua', '')
+    response.headers.set("Content-Type", "text/html")
+    response.headers.set("Accept-CH", "UA")
+    response.headers.set("Accept-CH-Lifetime", "10")
+    response.content = '''
+<script>
+  window.opener.postMessage({ header: "%s" }, "*");
+</script>
+Sec-CH-UA: %s
+''' % (ua, ua)
diff --git a/client-hints/sec-ch-ua.http.html b/client-hints/sec-ch-ua.http.html
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script>
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      var w;
+      window.onmessage = e => {
+        assert_equals(e.data.header, "", "The `Sec-CH-UA` header is not delivered.");
+        w.close();
+        resolve();
+      };
+      w = window.open("./resources/sec-ch-ua.py");
+    });
+  }, "Open HTTP window: no `Sec-CH-UA` header.")
+</script>
diff --git a/client-hints/sec-ch-ua.https.html b/client-hints/sec-ch-ua.https.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<head>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script>
+  var minor = "";
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      var w;
+      window.onmessage = e => {
+        try {
+          assert_not_equals(e.data.header, "", "The `Sec-CH-UA` header is delivered.");
+          minor = e.data.header;
+        } catch (ex) {
+          reject(ex);
+        }
+        w.close();
+        resolve();
+      };
+      w = window.open("./resources/sec-ch-ua.py");
+    });
+  }, "Open HTTPS window prior to opt-in: `Sec-CH-UA` header with minor version.")
+
+  promise_test(t => {
+    return new Promise((resolve, reject) => {
+      var w;
+      window.onmessage = e => {
+        try {
+          assert_not_equals(e.data.header, "", "The `Sec-CH-UA` header is delivered.");
+          assert_not_equals(e.data.header, minor, "The `Sec-CH-UA` header is different after the opt-in than before.");
+        } catch (ex) {
+          reject(ex);
+        }
+        w.close();
+        resolve();
+      };
+      w = window.open("./resources/sec-ch-ua.py");
+    });
+  }, "Open HTTPS window post-opt-in: `Sec-CH-UA` header with minor version.")
+</script>
+</head>