I understand some validation is needed (for libsoup), but checking RFC 7231 section 5 compliance appears to be something unique to our ports. Why? I was made aware some Tizen TVs use this "Mozilla/5.0 (SMART-TV; LINUX; Tizen 6.0) AppleWebKit/537.36 (KHTML, like Gecko) 76.0.3809.146/6.0 TV Safari/537.36 Oqee/SmartTV/1.0.138-1/Samsung/Tizen/6.0/UE50AU7105KXXC" which is not valid according to RFC 7231 but I had no trouble using that UA in other browsers (Chromium, Firefox). So can we relax this a bit please, making use there is no invalid characters or carriage return should be sufficient imho.
What's the benefit of allowing a WebKit client to knowingly set an invalid user agent header...?
(In reply to Michael Catanzaro from comment #1) > What's the benefit of allowing a WebKit client to knowingly set an invalid > user agent header...? Allowing a website that relies on an invalid user agent header.
Oqee/SmartTV/1.0.138-1/Samsung/Tizen/6.0/UE50AU7105KXXC I've never seen a user agent header like this before ever. If you're trying to impersonate Tizen, you might be able to get close enough by just removing the slashes. Usually web servers will search for substring matches rather than checking for an exact match.
If that doesn't work, then I suggest adding a WebKitSettings:allow-invalid-user-agent-headers setting and check that to decide whether to do the validation, so you can turn off the check but it remains by default to prevent application developers from accidentally messing up.
(Also, checking bug #201077, it looks like some work in libsoup would be needed to allow it.)
User agents can be weird. I have had the opportunity to go through a sample file of 1 million of them 10 years ago for a popular video website. Some of the user agents had personal phone number of their users.