HTTP user agents that don't identify fail for Zotero >= v5.0.71
I understand that Zotero v5.0.71 introduces a new security mechanim that aims to block 'browsers' from accessing its API. However, when a user agent doesn’t set the `User-Agent` header, this triggers:
> Error: this.headers['user-agent'] is undefined
> Source File: chrome://zotero/content/xpcom/server.js
> Line: 434
(This is for Zotero v5.0.72.)
This, effectively, blocks HTTP requests from 'simple' user agents, most prominently Pandoc.
See:
* https://github.com/retorquere/zotero-better-bibtex/issues/1233
* https://github.com/egh/zotxt/issues/11
* https://github.com/odkr/pandoc-zotxt.lua/issues/1
From what I understand, allowing for the `User-Agent` header to *not* be set wouldn't impact the new security policy. So, would it be too much to ask to test whether that header is present and deem any user agent that doesn't set it not-a-browser?
Thanks a lot!
> Error: this.headers['user-agent'] is undefined
> Source File: chrome://zotero/content/xpcom/server.js
> Line: 434
(This is for Zotero v5.0.72.)
This, effectively, blocks HTTP requests from 'simple' user agents, most prominently Pandoc.
See:
* https://github.com/retorquere/zotero-better-bibtex/issues/1233
* https://github.com/egh/zotxt/issues/11
* https://github.com/odkr/pandoc-zotxt.lua/issues/1
From what I understand, allowing for the `User-Agent` header to *not* be set wouldn't impact the new security policy. So, would it be too much to ask to test whether that header is present and deem any user agent that doesn't set it not-a-browser?
Thanks a lot!
I don't want to argue over what "should" means; whether you require user agents to set this field is, of course, up to you. Still, it’s a "should" ;-).
As for biber, I have checked myself the following:
- Accessing the library using the browser results in 403.
- Accessing the library using curl works.
- Accessing the library using biber results in 403.
I guess I could check how biber calls remote libraries.
Curl works fine on this url, and I get D1082902501.
User-Agent
, so it will be rejected from Zotero 5.0.71 on. It needs to either use a different UA string or passZotero-Allowed-Request: 1
.I guess I'll have to open an issue with biber.
Thanks