Patchwork [V2] url: add distribution and version to user-agent request header (BC)

login
register
mail settings
Submitter Gregory Szorc
Date July 15, 2016, 2:18 a.m.
Message ID <bd76ffdbb2701c2debb6.1468549105@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15864/
State Accepted
Headers show

Comments

Gregory Szorc - July 15, 2016, 2:18 a.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1468549006 25200
#      Thu Jul 14 19:16:46 2016 -0700
# Node ID bd76ffdbb2701c2debb6d2cc1e07a518c6269cc3
# Parent  52433f89f816e21ca992ac8c4a41cba0345f1b73
url: add distribution and version to user-agent request header (BC)

As a server operator, I've always wanted to know what Mercurial
version clients are running so I can track version adoption and
make informed decisions about which versions of Mercurial to
support in extensions. Unfortunately, there is no easy way to discern
this today: the best you can do is look for high-level feature usage
(e.g. bundle2) or sniff capabilities from bundle2 commands. And these
things aren't changed frequently enough to tell you anything that
interesting.

Nearly every piece of software talking HTTP sends its version in
the user agent. This includes web browsers, curl, and even Git.

This patch adds the distribution name and version to the user-agent
HTTP request header. We choose "Mercurial" for the distribution
name because that seems appropriate. The version string comes
from __version__.

The value is inside parenthesis for a few reasons:

* The version *may* contain spaces
* Alternate forms like "Mercurial/<version>" imply structure and
  since the user agent should not be used by servers for protocol
  or feature negotiation/detection, we don't want to even give the
  illusion that the value should be parsed. A free form field is
  the most hostile to parsing.

Flagging the patch as BC so it shows up in release notes. This
change should be backwards compatible. But I wouldn't be surprised if
a server somewhere is filtering on the exact old user agent string. So
I want to make noise about this change.
Augie Fackler - July 18, 2016, 11:58 a.m.
On Thu, Jul 14, 2016 at 07:18:25PM -0700, Gregory Szorc wrote:
> # HG changeset patch
> # User Gregory Szorc <gregory.szorc@gmail.com>
> # Date 1468549006 25200
> #      Thu Jul 14 19:16:46 2016 -0700
> # Node ID bd76ffdbb2701c2debb6d2cc1e07a518c6269cc3
> # Parent  52433f89f816e21ca992ac8c4a41cba0345f1b73
> url: add distribution and version to user-agent request header (BC)

queued this, thanks

>
> As a server operator, I've always wanted to know what Mercurial
> version clients are running so I can track version adoption and
> make informed decisions about which versions of Mercurial to
> support in extensions. Unfortunately, there is no easy way to discern
> this today: the best you can do is look for high-level feature usage
> (e.g. bundle2) or sniff capabilities from bundle2 commands. And these
> things aren't changed frequently enough to tell you anything that
> interesting.
>
> Nearly every piece of software talking HTTP sends its version in
> the user agent. This includes web browsers, curl, and even Git.
>
> This patch adds the distribution name and version to the user-agent
> HTTP request header. We choose "Mercurial" for the distribution
> name because that seems appropriate. The version string comes
> from __version__.
>
> The value is inside parenthesis for a few reasons:
>
> * The version *may* contain spaces
> * Alternate forms like "Mercurial/<version>" imply structure and
>   since the user agent should not be used by servers for protocol
>   or feature negotiation/detection, we don't want to even give the
>   illusion that the value should be parsed. A free form field is
>   the most hostile to parsing.
>
> Flagging the patch as BC so it shows up in release notes. This
> change should be backwards compatible. But I wouldn't be surprised if
> a server somewhere is filtering on the exact old user agent string. So
> I want to make noise about this change.
>
> diff --git a/mercurial/url.py b/mercurial/url.py
> --- a/mercurial/url.py
> +++ b/mercurial/url.py
> @@ -500,18 +500,30 @@ def opener(ui, authinfo=None):
>          ui.debug('http auth: user %s, password %s\n' %
>                   (user, passwd and '*' * len(passwd) or 'not set'))
>
>      handlers.extend((httpbasicauthhandler(passmgr),
>                       httpdigestauthhandler(passmgr)))
>      handlers.extend([h(ui, passmgr) for h in handlerfuncs])
>      opener = urlreq.buildopener(*handlers)
>
> -    # 1.0 here is the _protocol_ version
> -    opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
> +    # The user agent should should *NOT* be used by servers for e.g.
> +    # protocol detection or feature negotiation: there are other
> +    # facilities for that.
> +    #
> +    # "mercurial/proto-1.0" was the original user agent string and
> +    # exists for backwards compatibility reasons.
> +    #
> +    # The "(Mercurial %s)" string contains the distribution
> +    # name and version. Other client implementations should choose their
> +    # own distribution name. Since servers should not be using the user
> +    # agent string for anything, clients should be able to define whatever
> +    # user agent they deem appropriate.
> +    agent = 'mercurial/proto-1.0 (Mercurial %s)' % util.version()
> +    opener.addheaders = [('User-agent', agent)]
>      opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
>      return opener
>
>  def open(ui, url_, data=None):
>      u = util.url(url_)
>      if u.scheme:
>          u.scheme = u.scheme.lower()
>          url_, authinfo = u.authinfo()
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel@mercurial-scm.org
> https://www.mercurial-scm.org/mailman/listinfo/mercurial-devel

Patch

diff --git a/mercurial/url.py b/mercurial/url.py
--- a/mercurial/url.py
+++ b/mercurial/url.py
@@ -500,18 +500,30 @@  def opener(ui, authinfo=None):
         ui.debug('http auth: user %s, password %s\n' %
                  (user, passwd and '*' * len(passwd) or 'not set'))
 
     handlers.extend((httpbasicauthhandler(passmgr),
                      httpdigestauthhandler(passmgr)))
     handlers.extend([h(ui, passmgr) for h in handlerfuncs])
     opener = urlreq.buildopener(*handlers)
 
-    # 1.0 here is the _protocol_ version
-    opener.addheaders = [('User-agent', 'mercurial/proto-1.0')]
+    # The user agent should should *NOT* be used by servers for e.g.
+    # protocol detection or feature negotiation: there are other
+    # facilities for that.
+    #
+    # "mercurial/proto-1.0" was the original user agent string and
+    # exists for backwards compatibility reasons.
+    #
+    # The "(Mercurial %s)" string contains the distribution
+    # name and version. Other client implementations should choose their
+    # own distribution name. Since servers should not be using the user
+    # agent string for anything, clients should be able to define whatever
+    # user agent they deem appropriate.
+    agent = 'mercurial/proto-1.0 (Mercurial %s)' % util.version()
+    opener.addheaders = [('User-agent', agent)]
     opener.addheaders.append(('Accept', 'application/mercurial-0.1'))
     return opener
 
 def open(ui, url_, data=None):
     u = util.url(url_)
     if u.scheme:
         u.scheme = u.scheme.lower()
         url_, authinfo = u.authinfo()