oembed metadata request User-Agent should specify a Rocket.Chat identifier

[gabek]

Description:

When URLs are sent in Rocket.Chat the oembed request uses a spoofed User-Agent. This value is configurable in the Admin settings, but the default should be tweaked to specify it's coming from Rocket.Chat.

Server Setup Information:

• Version of Rocket.Chat Server: 3.6.3
• Operating System: Linux
• Deployment Method: docker
• Number of Running Instances: 1
• DB Replicaset Oplog: yes
• NodeJS Version: the one in docker
• MongoDB Version: 4.x

Steps to reproduce:

1. Send a message with a URL in it.
2. Rocket.Chat makes a request to that URL with the default setting of User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36.

Expected behavior:

The default setting should allow this request to be made with a User-Agent that specifies that it is Rocket.Chat making the request.

Actual behavior:

Due to the spoofed User-Agent the destination web server is unable to know that this is Rocket.Chat making the request, and cannot determine it should be treated as a bot.

Server Setup Information

This is a hosted install.

[close-issue-app]

This issue was closed because it does not use our bug report issue template.

Please make sure to use it and fill it as much as you can so we can provide better and faster support.

The following sections must not be removed, or else the BOT will close it immediately again:

• Steps to reproduce
• Expected behavior
• Actual behavior
• Server Setup Information

[close-issue-app]

This issue was closed because it does not use our bug report issue template.

Please make sure to use it and fill it as much as you can so we can provide better and faster support.

The following sections must not be removed, or else the BOT will close it immediately again:

• Steps to reproduce
• Expected behavior
• Actual behavior
• Server Setup Information

[geekgonecrazy]

@sampaiodiego how do we make the pesky bot leave the issue open? In this case if it’s hosted they don’t necessarily know the details.

[close-issue-app]

This issue was closed because it does not use our bug report issue template.

Please make sure to use it and fill it as much as you can so we can provide better and faster support.

The following sections must not be removed, or else the BOT will close it immediately again:

• Steps to reproduce
• Expected behavior
• Actual behavior
• Server Setup Information

[geekgonecrazy]

There.. gotta say not a fan that it wouldn’t let me reopen

[sampaiodiego]

<offtopic>

@sampaiodiego how do we make the pesky bot leave the issue open? In this case if it’s hosted they don’t necessarily know the details.

only the server version is required (hopefully this will help #19078 )

There.. gotta say not a fan that it wouldn’t let me reopen

the only current way to let it open is if the issue has all the required info. we can add some maintainers to the config file that would skip it though.

</offtopic>

talking about the issue itself, we used that user-agent because some websites don't send proper HTML to scrap when using "non-browser" user-agent (like Twitter for example).. but maybe we can append some rocket.chat info to the user agent? 🤔 need to test how to still make it valid though