Don't set a user-agent header by default. #540
Closed
Commits on Jun 7, 2019
-
Don't set a user-agent header by default.
I'm not entirely sure why this behavior was added to begin with. It was originally added in 1259128, which only has "add native-tls and serde json support" as the commit message, so I'm not even sure if it was intentional or just meant to temporarily work around some other issue. Reqwest is not a user agent, and should not identify itself as such. To give a more concrete example of what I mean, `curl` the CLI tool which is directly making a request on behalf of a user identifies itself as such. `libcurl` the library used to programatically make HTTP requests (e.g. to build a user agent) does not. Why does this matter? Some services, including GitHub and crates.io choose to block traffic that does not provide a user agent. Services which do this typically do so for a reason. Ultimately `reqwest/0.9.18` is no more useful to someone operating a service than an empty string. If folks have a legitimate privacy concern with setting one, they can still set it to "hello" or whatever non-identifying value they want -- but by setting a default user agent, that choice is being made for them, and they may not even be aware that the service they're hitting is requesting a unique user agent. If someone makes a request to crates.io without supplying a user agent header, they'll receive the following response: We require that all requests include a `User-Agent` header. To allow us to determine the impact your bot has on our service, we ask that your user agent actually identify your bot, and not just report the HTTP client library you're using. Including contact information will also reduce the chance that we will need to take action against your bot. Bad: User-Agent: reqwest/0.9.1 Better: User-Agent: my_crawler Best: User-Agent: my_crawler (my_crawler.com/info) User-Agent: my_crawler (help@my_crawler.com) If you believe you've received this message in error, please email help@crates.io and include the request id {}. But if they're using reqwest, they won't get the opportunity to think about this, I end up blocking their traffic because their request rate is slightly too high but I have no other way to politely ask them to slow it down, and everybody is worse off for it. The majority of APIs that I've interacted with over the years don't require a user agent, so most users of reqwest shouldn't ever notice this change. This of course will break some users (anyone who's using reqwest to hit crates.io and not setting an explicit UA for example), but I believe the benefit for both the people writing bots and those operating services they're hitting is worth it.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.