Safari, UA Sniffing, and HTTP_ACCEPT
Mark Pilgrim reports that the new Safari web browser for Mac reports its User Agent (UA) string to be this:
Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/48 (like Gecko) Safari/48
I have already written about the evil twisted path of UA sniffing but let me summarize again, because clearly some people still don't get it.
UA sniffing is a bad idea.
Don't believe me? WebStandards.org: Dear Web Developers: Browser Sniffing is Stupid
Why is sniffing stupid?
Short answer: Browsers lie.
Medium Answer: Web designers made bad decisions by starting to UA sniff a long time ago and that made web browser programmers determine that they had to lie.
Long answer: Read my link above.
Once again, here is Opera 7's default UA string on Windows XP:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.0 [en]
Reading from right to left that says: Hey, this is Opera 7 pretending to be Internet Explorer 5.5 or Internet Explorer 6.0 (some dumbos sniff for MSIE 5.5 and block MSIE 6.0 and tell you to upgrade your browser!) or Mozilla 4.0. Mozilla is Netscape's name for Netscape. Except now there is a browser called Mozilla, but it isn't called Mozilla in the UA string, well it is, but it's really called Gecko because EVERYONE presends to be Mozilla.
ARGH!
Stop the insanity!
Stop UA Sniffing!
Support web standards!
Some folks who ought to know better (including Mark Pilgrim, who almost always knows better) were caught by Safari because it uses the word "Gecko" in the UA string. Everyone assumed that "Gecko" would be sacrosanct in the UA string to mean "This really is a Gecko based browser."
As of today, that assumption no longer holds water.
The Netscape/Mozilla folks really ought to be pleased with themselves, they have created not one, but two UA strings that everyone wanted to pretend to be... first it was Mozilla because Netscape supported tables before IE did (so when IE supported it, they found they were locked out of some sites because looked at the UA string for the word "Mozilla", and now Gecko because everyone considers it to be the premier rendering engine.
Some folks who ought to know better, folks who support web standards and want to get away from hacks, were tripped up by this, because they were UA sniffing to serve pages as application/xhtml+xml. This is wrong, wrong, wrong!!! If you want to sniff for something, use the HTTP_ACCEPT.
There is no reason for any browser to lie in the HTTP_ACCEPT header, and it is there to tell you what it can handle.
Want to be able to set the MIME type using HTTP_ACCEPT and PHP?
<?php
$ACCEPT = $_SERVER["HTTP_ACCEPT"];
if (strstr($ACCEPT,'application/xhtml')) {
header("Content-type: application/xhtml+xml");
}
?>
Use that and you will not have to go back and check the UA string for every new browser that comes out... sort of like writing to web standards and not having to worry about checking your HTML in every browser that comes out.
I would like to THANK Apple for doing this, because it helps to expose (again) what a really really bad idea it is to depend on the UA string for anything!!!
Are you ready to admit your UA sniffing addiction and pledge to try and quit cold turkey? If so, add a comment to this post... maybe we'll start a support group.
Comments
That solution is not 100% reliable, I'm afraid. It is possible to specify a preference level, q, saying how willing to accept a certain MIME type the browser is. So "application/xhtml; q=0.0" would mean the browser can NOT handle XHTML at all.
(This is from the top off my head, so I'm not 100% sure about the above syntax.)
Posted by: Jan! | January 8, 2003 10:24 AM
Also Safari does not send the User_Agent string when requesting .ico files - I filter those agents that do not send a user_agent string - spam bots often don't send a user string either.
Safari User_agents get added to my 'banned list' and can no longer access my site - poor them!
Scott
Posted by: scott | February 7, 2003 04:13 AM
So let me get this right, Safari identifies itself as pretty much every browser out there APART from KHTML and IE? And I thought the Gecko string was bad.
Posted by: Ian | February 21, 2003 05:16 AM
How about that?! Opera 7 *does* lie. It sends a false HTTP_ACCEPT string. It *does* support application/xhtml+xml, though it doesn't admit it. Here's its HTTP_ACCEPT string: "text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1". Now... What do you say about that? I don't have anything against Opera. Well... I do, but that's not important right now. Nothing much, anyway. But this really pisses me off. Should I sniff for it in order to send application/xhtml+xml content? I don't think so...
Posted by: Vlad | September 20, 2003 05:31 PM
Opera 7.2 (just released) fixes that flaw.
Posted by: TjL | September 24, 2003 10:08 AM