Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit usage of navigator userAgent, appVersion, and platform #90

Closed
jessegreenberg opened this issue Jul 27, 2021 · 12 comments
Closed

Audit usage of navigator userAgent, appVersion, and platform #90

jessegreenberg opened this issue Jul 27, 2021 · 12 comments
Assignees
@jonathanolson
Labels
priority:2-high

Comments

@jessegreenberg
Copy link
Contributor

Putting in phet-core because that is where platorm.js lives, but there are usages of these in a few places in the project.

@Nancy-Salpepi noticed this warning while testing involving a reduction in the amount of information available in the User Agent string.
image

Here is information from Chrome about the changes and timeline: https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html
@Nancy-Salpepi Nancy-Salpepi mentioned this issue Jul 27, 2021
Closed
5 tasks
@jessegreenberg
Copy link
Contributor Author

Just noting the parts from https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html that I found important:

Regarding timeline:

no User-Agent string changes will be coming to the stable channel of Chrome in 2021.

Regarding compatibility:

Once this is complete, you will still be able to reliably get the browser major version, platform name, and distinguish between desktop and mobile (or tablet), solely from the User-Agent string. For more advanced use cases, you should migrate to the User Agent Client Hints API.

Our plan was designed with backwards compatibility in mind, and while any changes to the User Agent string need to be managed carefully, we expect minimal friction for developers as we roll this out (i.e., existing parsers should continue to operate as expected).

If your site, service, library or application relies on certain bits of information being present in the User Agent string such as Chrome minor version, OS version number, or Android device model, you will need to begin the migration to use the User Agent Client Hints API instead.

If you don’t require any of these, then no changes are required and things should continue to operate as they have to date.

I don't see anything in platform.js about Chrome version number, OS version number, or Android device model. So we may be OK with this change. But adding to developer meeting to review with the team and check if anything should be done.

@jonathanolson jonathanolson self-assigned this Jul 27, 2021
@samreid
Copy link
Member

samreid commented Jul 28, 2021

I noted that there are numerous usages of navigator.userAgent outside of platform.js as well. A few usages of navigator.platform elsewhere.

@jessegreenberg
Copy link
Contributor Author

Discussed 8/19/21 at developer meeting:

It doesn't seem like we are using the features of the user agent strings that are being changed. According to https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html there will be a trail version that we can test before the change goes live. When that is ready we can do some testing to make sure everything is still running OK.

@jonathanolson mentioned there might be some impacts on yotta but there likely isn't much we can do about it.

We added a reminder to the dev meeting doc to see if a Trail version of chrome with this change is ready yet since there aren't any dates listed in https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html for when that will happen.

@zepumph
Copy link
Member

zepumph commented Mar 10, 2022

Bringing back up to dev meeting.

@jessegreenberg
Copy link
Contributor Author

According to https://blog.chromium.org/2021/09/user-agent-reduction-origin-trial-and-dates.html and https://developer.chrome.com/blog/user-agent-reduction-origin-trial/

We can register for a trail version with user agent reduction here: https://developer.chrome.com/origintrials/#/view_trial/-7123568710593282047

We have until April 19th 2022 to register.

@zepumph
Copy link
Member

zepumph commented Apr 7, 2022

We We feel like this is worthy of discussion, but want to wait for @jonathanolson to be present. Before next week we would like to register in the link above, thanks for doing that @jessegreenberg.

MK sees that chrome's message recommends navigator.userAgentData, but @samreid mentioned that it is not broadly supported by browsers.

We will discuss next week!

@jessegreenberg
Copy link
Contributor Author

We do NOT want to register PhET for a trail, apparently that impacts all users of our origin!

When Chrome offers an origin trial for a feature, you can register for the trial to enable the feature for all users on your origin, without requiring them to toggle any flags or switch to an alternative build of Chrome (though they may need to upgrade).

But I think we can register localhost and use that to test locally.

@zepumph
Copy link
Member

zepumph commented Apr 7, 2022

High priority to make sure we get to this next week.

@jessegreenberg
Copy link
Contributor Author

jessegreenberg commented Apr 7, 2022
edited
Loading

So I thought by "registering" we would be able to download a trial version of Chrome. But you actually have to enable this feature with a response header from your own server. So here are the steps I took to be able to test this. I had to modify the source of http-server. If you have access to a config file with something like apache maybe you will have an easier time.

  // For Chrome testing
  this.headers['Origin-Trial'] = '{{THE_KEY_YOU_RECEIVED_FROM_STEP_1}}';
  this.headers['Accept-CH'] = 'Sec-CH-UA-Reduced';
  this.headers['Critical-CH'] = 'Sec-CH-UA-Reduced';
  • Start the http-server.
  • You should be able to see the origin trial active in the "Application" tab of the Chrome dev tools in the "Frames" section
    image

And I can see a difference in the user agent string, such as the minor version of Chrome being 0.0.0
image

Here it is without the headers:
image

@jessegreenberg jessegreenberg mentioned this issue Apr 8, 2022
Open
@jessegreenberg
Copy link
Contributor Author

I don't think we have anything to worry about here for sims. Here is the best list I found with examples about what is changing: https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-4

To summarize:

  • The chrome minor version number in the user agent string is being replaced by '0.0.0' always.
  • The Windows version will always be reported as '10.0' and never change.
  • The "device model" for mobile devices will always be reported as 'K', and never change. The Android version will always be reported as '10.0' and never change.
  • navigator.platform is being reduced to https://www.chromium.org/updates/ua-reduction/#reduced-navigatorplatform-values-for-all-versions
  • navigator.appVersoin will be an alias for navigator.userAgent.

Assigning to @jonathanolson to confirm if you agree and also to consider if there are implications for yotta.

@jonathanolson
Copy link
Contributor

No implications for yotta (we don't use the data that was reduced). I've scanned everything and I agree that this should not affect sims. It looks like our normal detections should work.

@jessegreenberg
Copy link
Contributor Author

jessegreenberg commented Apr 13, 2022
edited
Loading

Comments during status meeting today confirmed that this is safe for us, we can close.

@jessegreenberg jessegreenberg removed their assignment Apr 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanolson jonathanolson

Labels
priority:2-high
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jonathanolson @samreid @jessegreenberg @zepumph