
Testers Say IE11 Includes 'Like Gecko' in User Agent String - somethingnew
http://news.slashdot.org/story/13/03/25/0215212/testers-say-ie-11-can-impersonate-firefox-via-user-agent-string
======
claudius
RFC 2616[0] says in section 14.43 that user agents SHOULD send a User-Agent
field. Is there any particular reason why it is still sensible to send such a
field at all, rather than maybe something more generic like ‘Crawler’,
‘Graphical’ and ‘Terminal’ (to distinguish the three cases that might come to
mind immediately)?

In other words, what benefit does a User-Agent field have nowadays when people
are told to check for capabilities rather than products, apart from allowing
fancy statistics which company currently has the long^Whighest bar in the user
agent statistics?

[0] <https://www.ietf.org/rfc/rfc2616>

~~~
kijin
There are several situations where a web app has no choice but to rely on the
user agent string to vary its behavior.

For example, when you let a user download a file, you usually send a header
such as:

    
    
        Content-Disposition: attachment; filename=FILENAME
    

But what do you do if the filename contains non-ASCII characters? There are
RFCs, but every browser has its own rules about encoding, and IE is especially
problematic because it tries to second-guess your intentions at every
opportunity. You can't use capability detection to solve this problem, because
browsers don't execute CSS/JS when they just download files. If you really
want to make it perfect for every user, you'll probably need to write a
slightly different version of the download script for every browser, and
several for IE 6/7/8/9/10.

Another valid reason for sniffing the user agent string is when you're trying
to offer browser-specific instructions. For example, when you go to Dropbox's
download page, they show you how to save and run the installer. They wrote
different versions for most of the major browsers/platforms.

There are fewer reasons to use the user agent string when you're just trying
to compose a web page. But composing web pages is not the only thing you do
when you run a web application.

~~~
claudius
I understand the point about browser-specific instructions, but using the
User-Agent to decide how to encode a file name sounds…wrong. Imagine your
email client checking the email client of the recipient to decide how to
encode the file name of the file you attached – sure, it’s nice if it is
possible, but in general, standards are supposed to be, well, standards, and
not caring about broken software might help motivate vendors to fix it.

And even for browser-specific instructions, it would make more sense in my
opinion to let users choose the browser for which they want to see
instructions[0]: The tool I use to query information is not necessarily the
tool I need help with. A bicycle shop also doesn’t decide to only sell shoes
or cars if you walk or drive there rather than arriving on a bicycle[1].

[0] I didn’t check Dropbox, so it might well be that they also give people a
choice here.

[1] Google’s PlayStore specifically annoyed me there recently as it didn’t let
me _view_ the description of an extension in Opera, telling me that I would
need Chrome to download and use it – I do, but I’d like to know if this
extension is worth installing Chrome or not beforehand.

~~~
jaytaylor
I can vouch for the legitimacy of what he's saying. There are definitely cases
where the only way to make browser download operations (whether it be a file
download or certain kinds of XHR requests) work right in IE, Chrome, and
FireFox is to write a special case for IE or potentially all 3 of them.

------
tzaman
Dear Microsoft,

other browser vendors release new versions on a regular basis, regardless of
the operating system number. This enables browser-related technologies to
evolve at a more rapid pace. So please do us all a favor and stop _locking_
major IE releases to Windows versions and just try to imitate what others do.
We won't judge you for copying, promise.

Sincerely, Web developers

~~~
wkdown
Is this because it is tied to Window Explorer (the Windows file system)? Or is
it because the developers are dense.

~~~
TazeTSchnitzel
Internet Explorer usually relies on new OS features which have to be
backported. Also, Microsoft never releases IE for versions of Windows that
have gone out of support (Windows XP and Vista), because they don't want to
have to do the extra work to do so, and because their policy on out-of-support
is exactly that: mo new updates.

~~~
yuhong
Out of _mainstream_ support. See <http://support.microsoft.com/lifecycle/>

~~~
TazeTSchnitzel
Yes. Extended support means no updates aside from security.

------
MattBearman
This actually seems like a really smart move on MS's part. I've seen far to
many sites that have blanket conditionals for any msie browser, which will
potentially disable supported HTML5 / CSS3 features in IE9 +

------
xixora1
Check what @ppk says: <http://mobilism.nl/blog/2013/03/ie11-to-disguise-
itself>

~~~
mrspeaker
For the non-clickers: It's Webkit, not Firefox that it will be disguising
itself as:

"The 'like Gecko' string has been part of most WebKit-browser UA strings from
time immemorial, but has never been used by Firefox, which instead uses
'Gecko'".

~~~
Millennium
The first versions of Safari had "like Gecko," so its WebKit heritage is long
indeed. Maybe MSIE should use "sort of like Gecko" instead?

------
notatoad
If companies are going to start messing with user agent strings again, can we
please try to restore some sanity? How about "Internet Explorer 11.0" as a
user agent? Would that be so hard?

~~~
wonderzombie
_Would that be so hard?_

Are you being facetious? As far as users are concerned, IE would be broken.
Users don't care that it's because of, say, websites with broken useragent
sniffing.

I'm sure it's even more complicated than that, to be honest. But the
overarching principle something Josh Bloch articulated. He said something to
the effect that any interface that you publish, even if it includes _strings_
(e.g. a pretty-printed stack trace), will inevitably become part of the
interface.

~~~
notatoad
I'm not being facetious, i'm honestly asking. How many websites are actually
still sniffing the user agent and depending on that Mozilla/5.0 bullshit at
the beginning? what would break?

anybody who's surfed with a changed user agent for a while care to comment?

------
zalew
> Microsoft also included the command "Like Gecko" which instructs the website
> to send back the same version of the website as they would to Firefox

seriously, who does that? 'msie5.0 mozilla', good times. 'like gecko' => msie
trying to look like webkit, who tries to look like firefox. yeah, makes
perfect sense. could anyone give an example of a modern application that
checks against the user agent string?

~~~
Banduin
Chrome?

> Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko)
> Chrome/26.0.1410.40 Safari/537.31

~~~
zalew
I meant 'who does check that user agent', edited to clarify.

~~~
daleharvey
A lot of people, on Firefox OS we have a blacklist of sites we have to send
Android like user agents to so we are served mobile friendly content:
[https://github.com/mozilla-b2g/gaia/blob/master/build/ua-
ove...](https://github.com/mozilla-b2g/gaia/blob/master/build/ua-override-
prefs.js)

Its a sad situation.

~~~
jgraham
See also:
[https://github.com/operasoftware/browserjs/blob/master/deskt...](https://github.com/operasoftware/browserjs/blob/master/desktop/spoofs.xml)

------
gavinlynch
"> Microsoft also included the command "Like Gecko" which instructs the
website to send back the same version of the website as they would to Firefox"

This is a little misleading. "Like Gecko" is not used in the Firefox UA
String. It just says Gecko. "Like Gecko" is a component of Webkit-based
browsers. So IE is emulating Webkit emulating Firefox, and dries the "MS" of
"MSEI" for their string, and going with just "IE".

via Peter Paul-Koch: "IE11 to disguise itself as WebKit (and not Firefox!)",
<http://mobilism.nl/blog/2013/03/ie11-to-disguise-itself>

------
Achshar
Wasn't it once that other browsers sent MSIE UA to look like IE? How times
change.

------
darkchasma
Oh, wonderful, another quirks mode. The moment FF implements something that IE
doesn't, we're right back into the shit.

------
awjr
This version of IE (11) comes from the leaked Windows Blue build 9364. What
you might want to consider is how MS real world test IE11 without broadcasting
the user agent. I'm guessing this 'beta' version is reporting itself as
Firefox to disguise itself from server logs.

~~~
notatoad
It still clearly identifies itself as "IE 11.0". They aren't trying to hide
anything.

------
bionsuba
Because changing the user agent for this has worked to great effect before. /s

------
benatkin
This is good. I just had to add a meta tag to force IE9 and IE10 into IE8
Standards Mode. This was a 5 year old site that was coded to work in IE6 that
stopped working properly on IE9.

~~~
Offler
Could you not just fix it? Or drop support for IE6/7/8 and only support the
newer IE browsers?

~~~
benatkin
Considering the task assigned to me was to make it properly on IE9, I don't
think so. The meta tag was a piece of cake, though. It was the month or so
when one person on the client's staff couldn't use it, before the client
reported it to me, that was troubling.

To answer the second part of your question, it worked on IE 6/7/8 and removing
the hacks would have required digging into old code. The meta tag was much
quicker!

------
bdcravens
If you're checking versions and not features, you're doing it wrong.

~~~
dsego
Really. How about iOS 6 safari having support for fixed elements that breaks
every time the keyboard pops up?

------
bargl
I want to start by saying, this article needs a giant dose of grain-o-salt.
The PS4 was leaked like how many times? And, we all know how that went.

However, As someone who is locked into an app that is tied to IE 6-7, I don't
relish the idea of being forced to re-write some 50,000+ lines of legacy code.

This does however force our customers to seriously consider putting out an
effort to redesign in the first place.

~~~
tanzam75
> _I don't relish the idea of being forced to re-write some 50,000+ lines of
> legacy code._

You don't have to. Simply set the DOCTYPE to force IE7 quirks mode.

This move is clearly intended to improve compatibility with Internet
applications.

~~~
bargl
Isn't that what the article is talking about... I.E. this could break a lot of
custom CSS within our application. Anything that is hacky and works with ie
6-8 will need to be redone.

Is that right or did I read the premise of this article completely wrong? I
know you are right for IE 9/ IE 10, but if they change IE 11 to force us to
redo our CSS then... that sucks (but is kinda good too cuz I hate the legacy
crap code we have).

~~~
tanzam75
The article said that the user-agent string was changing -- it said nothing
about quirks mode going away.

If you have an IE6-only intranet application, then by definition you are not
depending on user-agent sniffing. In that case, you depend on the continued
availability of quirks mode -- not on the user-agent string.

If you have an intranet application that uses user-agent sniffing to support
_both_ legacy IE and standards-compliant browsers, then you should simply do
nothing. The change in the user-agent string will cause Internet Explorer 11
to be treated as a "like Gecko" browser. This is as it should be, as IE 11 is
a standards-compliant browser.

~~~
bargl
Thanks man! After doing some research on the User Agent (of which I was
woefully uninformed) I've found out that I have more research to do...

------
wkdown
I misread this and got excited thinking IE was going to drop Trident in favor
of Gecko, in the same way Opera is switching to Webkit.

------
mkr-hn
We will pile hacks on top of hacks until the web is indistinguishable from a
very drunk and very angry magician.

------
Shish2k
April 1st already? I know I'm terrible at keeping track of time, but I
could've sworn we were still about a week away x_x

