Closed Bug 1805967 Opened 1 year ago Closed 1 year ago

Freeze `rv:` segment in the User Agent string to `rv:109.0` to avoid erroneous IE11 detection

Categories

(Web Compatibility :: Interventions, defect, P1)

Product:
Web Compatibility
Component:
Interventions
Type:
defect

Tracking

(firefox-esr102 unaffected, firefox108 unaffected, firefox109 unaffected, firefox110blocking fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox108 --- unaffected
firefox109 --- unaffected
firefox110 blocking fixed

People

(Reporter: denschub, Assigned: denschub)

References

(
URL
)

Details

Attachments

(2 files)

Bug 1805967 - cap rv: bits in User Agent string to 109 because some sites detect IE11 based on rv:11*, r?#necko-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1805967 - keep android the same because the issue doesn't occur there and its tests are unhappy
48 bytes, text/x-phabricator-request
Details | Review

As per this investigation, it looks like there is a server-side UA sniffing issue on bestbuy.com - which can be worked around by capping the version number to 109. So let's prepare to do that, as we can always back that intervention out if our outreach succeeds.

Note that this might also be relevant on bestbuy.ca and potentially other ccTLDs.

I can reproduce this bug with Firefox versions 110-119 on Windows. Versions >= 120 work fine.

status-firefox108: --- → unaffected
status-firefox109: --- → unaffected
status-firefox110: --- → affected
status-firefox-esr102: --- → unaffected

With a Firefox 110 on Linux I cannot reproduce the Bestbuy problem, but I came across one on another website: https://www.bilibili.com/read/cv14753471

Let me pick the piece of code at the head of this page that causes the chaos:

0 < navigator.userAgent.indexOf('rv:11')

I guess it's trying to detect IE 11 since IE 11 user agent also contains the string "rv:11":

Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko

Here's another one on cvs.com: https://webcompat.com/issues/115559

[Tracking Requested - why for this release]:

I believe that this set of issues should be at least an S2 for the Firefox product, and should block Release.
These issues with these mainstream websites will definitely push users away from Firefox.

Severity: -- → S2
Type: enhancement → defect
tracking-firefox110: --- → ?
Priority: -- → P1

Affected:

navigator.userAgent
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:110.0) Gecko/20100101 Firefox/110.0"

Unaffected:

navigator.userAgent
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36'

https://github.com/webcompat/web-bugs/issues/115403 this is a major site in France, affected by the same issue. I suspect this is the tip of the iceberg.

tracking-firefox110: +blocking

The bug is marked as blocking firefox110 (nightly). However, the bug still isn't assigned.

:denschub, could you please find an assignee for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit auto_nag documentation.

Flags: needinfo?(dschubert)
Assignee: nobody → dschubert
Flags: needinfo?(dschubert)

I have tested the known breakage on webcompat.com, as well as bilibili.com, and can confirm that with Gijs' patch, I no longer get blocked. I cannot test leboncoin.fr as they're locking my VPN and my home's static IP out because apparently I'm a robot - but from the testing that Raul did in the report, I'm confident that this fixes the issue as well.

Gijs, I noticed that the current version says rv:110.0 with a minor-version, but your patch only shows rv:109, without minor version. Would it be possible to have it say rv:109.0 instead? I didn't notice any breakage because of that difference, but let's stay on the safe side.

Flags: needinfo?(gijskruitbosch+bugs)

Adjusting the bug title to reflect what we're currently planning to do.

Summary: Add UA v109 (?) cap to bestbuy.com → Freeze `rv:` segment in the User Agent string to `rv:109.0` to avoid erroneous IE11 detection

(In reply to Dennis Schubert [:denschub] from comment #9)

Gijs, I noticed that the current version says rv:110.0 with a minor-version, but your patch only shows rv:109, without minor version. Would it be possible to have it say rv:109.0 instead? I didn't notice any breakage because of that difference, but let's stay on the safe side.

Ugh, yes, good catch, I should have done that to begin with. Updated the patch. New trypush.

Flags: needinfo?(gijskruitbosch+bugs)
Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/c7d69ab92660
cap rv: bits in User Agent string to 109 because some sites detect IE11 based on rv:11*, r=necko-reviewers,kershaw
Pushed by csabou@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a186000b3a89
keep android the same because the issue doesn't occur there and its tests are unhappy. CLOSED TREE
Blocks: 1806675
No longer blocks: 1805407
Depends on: 1806690

(In reply to Dennis Schubert [:denschub] from comment #9)

I have tested the known breakage on webcompat.com, as well as bilibili.com, and can confirm that with Gijs' patch, I no longer get blocked. I cannot test leboncoin.fr as they're locking my VPN and my home's static IP out because apparently I'm a robot - but from the testing that Raul did in the report, I'm confident that this fixes the issue as well.

Gijs, I noticed that the current version says rv:110.0 with a minor-version, but your patch only shows rv:109, without minor version. Would it be possible to have it say rv:109.0 instead? I didn't notice any breakage because of that difference, but let's stay on the safe side.

I can confirm the fix for leboncoin.fr, on both mobile and desktop.

(In reply to Raul Bucata from comment #15)

(In reply to Dennis Schubert [:denschub] from comment #9)

I have tested the known breakage on webcompat.com, as well as bilibili.com, and can confirm that with Gijs' patch, I no longer get blocked. I cannot test leboncoin.fr as they're locking my VPN and my home's static IP out because apparently I'm a robot - but from the testing that Raul did in the report, I'm confident that this fixes the issue as well.

Gijs, I noticed that the current version says rv:110.0 with a minor-version, but your patch only shows rv:109, without minor version. Would it be possible to have it say rv:109.0 instead? I didn't notice any breakage because of that difference, but let's stay on the safe side.

I can confirm the fix for leboncoin.fr, on both mobile and desktop.

leboncoin.fr actually fixed their UA sniffing probably because multiple nightly users alerted them on Twitter about it, it works with rv:110 as well.

Regressions: 1817530
Depends on: 1818889
Regressions: 1837841
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: