Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use the new navigator.userAgentData with fallback to navigator.userAgent #588

Closed
Erdragh opened this issue Jul 26, 2022 · 9 comments
Closed

Comments

@Erdragh
Copy link

Erdragh commented Jul 26, 2022

Chromium and userAgent

As it seems, Chromium and by extension Chrome, Edge, Brave, Opera, etc. will deprecate userAgent in the near future.

Replacement / new Solution

The new replacement for this will be navigator.userAgentData.

Here are the docs on userAgentData, which is still experimental and not supported by Firefox. As such userAgent should still be used as a fallback, as described here:

https://web.dev/migrate-to-ua-ch/

@tapananand
Copy link

It seems Chrome has started rolling out changes for this, are there any plans to make these changes in the near future?

@tapananand
Copy link

@faisalman Can you please comment on whether this is being considered or not?

@faisalman
Copy link
Owner

Partially yes, for browsers that are Chrome-based, I'm considering to also use navigator.userAgentData as a fallback whenever some particular values like device.type or os.name were not found by just simply parsing the legacy navigator.userAgent ..

@tapananand
Copy link

@faisalman Thanks for your response! Shouldn't the first try should be to use navigator.userAgentData since that's more structured?

@nberg79
Copy link

nberg79 commented Jan 17, 2023

@faisalman

The changes that will be enacted cause the default user agent string to have some values frozen and some values reduced.

Currently minor version reduction has rolled out (April, 2022) and the Desktop UA reduction is rolling out in a phased approach from October 25th until Feb 7th. Additional information about the current phase can be found here. Following the Desktop UA Reduction we will start rolling out the Mobile UA reduction phase on Feb 7th. 

These changes are being enacted to enhance privacy for end users and to help reduce digital fingerprinting. For use cases that still need the data we have developed User-Agent Client Hints as a new expansion to the Client Hints API enabling developers to access information about a user's browser in a privacy-preserving and ergonomic way. The spirit of the API is that users who need the data take action to ask for it instead of all data being provided passively.

There are two main ways of getting the full user agent values supported by UACH. You can specify your needs via headers or you can use the JS API to query the information you need.

I invite everyone to review the attached centralized information pertaining to the changes. Additionally I would recommend focusing on the JS API section and checking out the JS API demo.

UA-R / UA-CH Quick Start

Education

Timeline

  • Full UA-Reduction proposed rollout plan
  • Key Dates (As of Jan 6th, 2023) (schedule)
    • Chrome 100 release (Mar 29th, 2022)(Deployed)
    • Chrome 101 release (Apr 26th, 2022)(Deployed)
      • Minor build version is frozen to 0.0.0 and applies to all page loads on desktop or mobile that are not part of the Reverse Origin Trial.
    • Chrome 107 release (Oct 25th, 2022)(Deploying)
      • Desktop based UA string is fully reduced for all page loads that are not part of the Reverse Origin Trial.
    • Chrome 110 release (Feb 7th, 2023)
      • Android Mobile and Tablet based UA string is fully reduced for all page loads that are not part of the Reverse Origin Trial.

Migration

Testing

smoroz pushed a commit to optimizely/ua-parser-js that referenced this issue Feb 3, 2023
* FIX: Wechat Desktop for Windows compatible with new version

* Move to check typeof for window for different envs

* Fix faisalman#413 Bug resulting Motorola model O

* Fix faisalman#367 faisalman#425 Detect Instagram in-app browser

* Add funding support links

* Fix faisalman#450 Sony Xperia Z2 Tablet

* Fix faisalman#454 Improve Samsung detection

* Add Nintendo Switch

* Fix faisalman#366 Amazon Alexa Echo Show

* Fix faisalman#339 Add Weibo

* Fix faisalman#407 ZTE Nubia misidentified as Nextbook Tablet

* FIX: new wechat desktop's unsafe regex

* Fix faisalman#433 faisalman#434 Huawei devices

* Fix faisalman#475 Nokia version incomplete

* Fix faisalman#470 Identify Android TV as SmartTV

* Latest Xperia lineup

* Fix faisalman#430 Playstation 5

* Fix faisalman#449 Lenovo Tablet

* Casually save some bytes

* Fix faisalman#401 Rearrange the order of regexes to improve hit-rate performance

* Fix faisalman#427 - Trying GitHub Actions

* Change mocha reporter for CI

* Action doesn't work, should be under /.github/workflows folder perhaps

* Fix faisalman#438 Add Zebra devices

* Update README contents & structures

* Enforce maximum limit to user-agent input

* Move documentation upwards and..mAkE tHe LoG0 BiG99eR!!1!1!

* Add CDN links & insert npm fund

* Fix faisalman#422 Add ARMHF in CPU Arch detection

* Fix faisalman#279 Remap old Edge versions <= 44 as suggested by @mikemaccana @callaginn

* Fix faisalman#448 Add AT&T & Vodafone devices

* Fix faisalman#209 Add CHANGELOG

* Add Electron

* Simplify Huawei detection

* Release as 0.7.25

* Refine some OS detection

* Add new OS: Raspbian

* Add Device: Surface Duo

* Add some test cases for Samsung, Huawei, Xiaomi

* Detect ARMEABI as ARM

* Casually save some bytes

* Refine some detection with more test cases

* Add new device.vendor: Vivo

* Fix faisalman#342 - Enforce all regexes to comply with safe-regex as a safeguard against possible ReDoS vulnerability

* Fix regexes that were marked as unsafe by safe-regex module

* Refine device detection with more test cases

* Add new device.vendor: Realme

* Release as 0.7.26

* Better tablet detection:
- Huawei MediaPad M/T
- Galaxy Tab SM-P
- Kindle Fire without Silk

* Better tablet detection:
- Fix lenovo phone / tablet detection

* Better tablet detection - Build.

* Better tablet detection:
- iPad using Facebook browser on some occasions
- More Huawei tablets
- Asus ZenPad Z8s (P00J)

* Small refactor

* Add new Engine & Browser: Flow

* Add new browser: Firefox Reality

* Add new device: Fairphone

* Add string check to setUA method

* Release as 0.7.27

* More test for latest phones with unique form factor (fold/flip/qwerty/swivel)

* Add new device & browser: Tesla

* Minor rearrangement

* More test for tablet devices

* Update contributor list

* Fix faisalman#492 LG TV WebOS detection

* Delete redundant code

* Refactor code: saving bytes towards 15KB minified

* Update readme: use https for demo link

* Test for Firefox UAs, add new browser: Klar, add new OS: Maemo

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent/Firefox

* Revert breaking fix faisalman#279 and release as 0.7.28

* Improve detection rule for Mac on PowerPC

* Improve device detection: categorize PDA as mobile

* Improve browser detection: Netscape with version

* Improve os detection: Windows Mobile without version

* Add new OS: HP-UX

* Add new browsers: Obigo, UP.Browser

* Add new device vendor: Roku

Source: https://github.com/WhichBrowser/Parser-PHP/blob/master/tests/data/television/roku.yaml

* Refine some OS detection

Source:
- https://www.zytrax.com/tech/web/browser_ids.htm
- https://developers.whatismybrowser.com/useragents/explore/operating_system_name/

* Remove oldEdge map

* Replace `\s` with space, saving ~0,3KB

* ES3 compat-fix: remove trailing comma

* Improve device detection: Huawei, Xiaomi, Realme, LG, OnePlus, ASUS, ZTE, Fairphone

* Improve CPU detection for ARM64

* Improve device detection: LG Android TV

* Add new OS: Android-x86, Deepin, elementary OS, GhostBSD, Linspire, Manjaro, Sabayon

User-Agent source: whatismybrowser.com

* Fix faisalman#500 Sharp devices misjudged as Huawei devices

* Fix faisalman#506 - add test for Huawei ART-L29

* Fix faisalman#509 add support for Internet Explorer 8

* Create SECURITY.md

A simple instruction for security researchers.

* Improve regex efficiency when trimming long ua string

https://blog.stevenlevithan.com/archives/faster-trim-javascript

* Add Huawei models

* Sony Xperia 1ii

* Samsung Galaxy S20 5G

* Add different oculus browser

* Oculus devices

* cleanup

* cleanup

* change to single line regex

* Enable to detect OPPO Reno5 A correctly.

* Securing the 0.7.x version (issue faisalman#536)

* Securing the 0.8.x version (issue faisalman#536)

* Securing the 1.x version (issue faisalman#536)

* feat: require the use of `===` and `!==`

* Update ua-parser.js

* ✨ Use AST to verify whether regexes are safe

* Bump version 0.7.31

* Fix faisalman#559: Sony Xperia 1 III misidentified as Acer tablet

* Fix faisalman#533: Detect Sony BRAVIA as SmartTV

* Fix faisalman#562 - Xiaomi Mi CC9

* Fix faisalman#561 - Increase UA_MAX_LENGTH to 275

* pr feedback

* v100 tests

* Add support for HuaweiBrowser

* update readme

* package.json: specify the folders to include

* add KakaoTalk App, KakaoStory App regex

* Add Kakao App, Naver App

* Add iOS Naver, Kakao regex

* fix browser-test typo

* Add LinkedIn app.

* Rename 'HuaweiBrowser' to 'Huawei Browser'

* Fix faisalman#565 - Add new OS: HarmonyOS

* Fix faisalman#558 - WeGame mistakenly identified as WeChat

* Increase UA_MAX_LENGTH to 350

* Fix faisalman#532 - Detect Xiaomi Mi TV as smarttv

* Fix faisalman#513 - Add new browser: DuckDuckGo

* Fix faisalman#516 - Add Focus into list of possible browser.name

* ci: add GitHub token permissions for workflow

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

* fixed sony bravia smart tv, added sharp AQUOS TV

* Safari and Mobile Safari began to include commas in the minor version numbers.

* Fix faisalman#502 faisalman#580 : Add notice for desktop device type

* Refine small redundancy

* Fix faisalman#596 - Detect Galaxy Tab S8 as tablet

* Add test case

* improved documentation

* Bump version 0.7.32

* Add new browser: Cobalt

* Fix documentation

`readme.md` refers to a `parser.getResults` function, which does not exist. This PR corrects the function name to `getResult`.

* Support Panasonic Viera Smart TVs

* Support Panasonic 2018+ smart tvs

* Add test for panasonic 2020 smart tv

* Add test for panasonic SAT receiver

* Support Loewe Smart TVs

* Add tests for JVC smart tvs

* Support philips smart tvs

* Add samsung testcases

* Add support for TechniSAT TVs and SATs

* Fix faisalman#605 - Identify Macintosh as Apple device

* Remove unsafe regex in trim() function

`trim()` function contains a regular expression that is vulnerable to ReDoS but was uncaught by `safe-regex` module.

* Bump version 0.7.33

* Fix faisalman#557 faisalman#612 faisalman#629 - Update the changelog

* Fix faisalman#621 - Detect Oculus Quest Pro

* Utilize navigator.userAgentData as a fallback faisalman#588

* Improve Kakao/Naver detection + add test

* Fix faisalman#619 - Move Sharp up to be checked before Huawei

* Rearrange the recently added smarttv detection

* Fix faisalman#620 - Add new Device: Kobo

* Fix faisalman#601 - Detect Chrome OS without version

* Update manifest

* fix: Don't act as a jQuery plugin

* build: 0.7.24 custom version

* Rebuilt min versions

---------

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: ruicong <466403866@qq.com>
Co-authored-by: David Annez <david.annez@gmail.com>
Co-authored-by: Faisal Salman <f@faisalman.com>
Co-authored-by: sUP <dani3l@gmail.com>
Co-authored-by: o.drapeza <o.drapeza@tinkoff.ru>
Co-authored-by: liujunlve <liujunlve@henhaoji.com>
Co-authored-by: Ziding Zhang <zidingz@gmail.com>
Co-authored-by: Paris Morgan <paris@8thwall.com>
Co-authored-by: Ryohei Shima <shima01dev@gmail.com>
Co-authored-by: chenhui9279 <chenhui9279@autohome.com.cn>
Co-authored-by: sunny-mwx <30586210+sunny-mwx@users.noreply.github.com>
Co-authored-by: Hans Ott <hansott@hotmail.be>
Co-authored-by: XhmikosR <xhmikosr@gmail.com>
Co-authored-by: KnifeLemon <role___play@naver.com>
Co-authored-by: Dante <duanjl.china@gmail.com>
Co-authored-by: JBYoshi <12983479+JBYoshi@users.noreply.github.com>
Co-authored-by: Varun Sharma <varunsh@stepsecurity.io>
Co-authored-by: Jacky Choo <jackychoo@adly-macbook.local>
Co-authored-by: nabetama <mao.nabeta@gmail.com>
Co-authored-by: kNoAPP <alldoneb@gmail.com>
Co-authored-by: Mok <mok@moekm.com>
Co-authored-by: Oscar Becerra <oscarbecerra@google.com>
Co-authored-by: Riley Shaw <rileyjshaw@users.noreply.github.com>
Co-authored-by: Garrit Franke <garrit@slashdev.space>
Co-authored-by: Garrit Franke <32395585+garritfra@users.noreply.github.com>
Co-authored-by: smoroz <smoroz>
Co-authored-by: Spencer Wilson <spencer.wilson@optimizely.com>
Co-authored-by: Luis Rivas <luis.rivas024@gmail.com>
@tapananand
Copy link

@faisalman Thanks for the above commit. I see that we are now falling back to UA-CH as you mentioned. But since we are still first getting the values from the UA string, won't we get wrong results now in some cases? For example, the OS version. Is the recommendation here to not use UA parser for those cases and instead directly use getHighEntropyValues API?

@tapananand
Copy link

@faisalman Can you please comment on the above?

@faisalman
Copy link
Owner

faisalman commented Feb 23, 2023

@tapananand for the time being, yes, but I don't rule out the possibility of adding client-hints API into this library in the near future..

@faisalman
Copy link
Owner

Moving user agent client hints-related issue here: #408

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants