ageng/ClearUrls
1
0
Fork 0
mirror of https://gitlab.com/KevinRoebert/ClearUrls synced 2025-12-18 15:15:37 +07:00
Code Issues Projects Releases Wiki Activity

Block ETag tracking on outgoing request, instead of incoming response

Browse Source 
This change more directly addresses the privacy concern where servers can identify whether a given client has previously downloaded some content. This tracking occurs when a request for an already-cached resource is sent to the server with an `If-None-Match` header. If the cached resource was previously received with a unique `ETag`, the server can uniquely identify the user. Rather than blocking the client from reading `ETag` values (which may be safely be used for other purposes; see #177), this change prevents servers from being informed about whether the client has any cached content.

Fixes #177.
This commit is contained in:
Brian Helba
2022-06-02 21:24:53 -04:00
committed by Kevin R
parent 82d987a08e
commit 783f1fc99a
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
core_js/eTagFilter.js
View File

@@ -19,28 +19,29 @@
/*jshint esversion: 6 */ /*jshint esversion: 6 */
/** /**
* Filters eTag headers from web requests. * Filters headers containing eTag values from web requests.
*/ */
function eTagFilter(requestDetails) { function eTagFilter(requestDetails) {
if(!requestDetails.responseHeaders || !storage.eTagFiltering if(!requestDetails.requestHeaders || !storage.eTagFiltering
|| storage.localHostsSkipping && checkLocalURL(new URL(requestDetails.url))) return {}; || storage.localHostsSkipping && checkLocalURL(new URL(requestDetails.url))) return {};
const responseHeaders = requestDetails.responseHeaders; const requestHeaders = requestDetails.requestHeaders;
const filteredHeaders = responseHeaders.filter(header => { const filteredHeaders = requestHeaders.filter(header => {
return header.name.toLowerCase() !== "etag"; // Browsers may automatically send an If-None-Match header with
return header.name.toLowerCase() !== "if-none-match";
}); });
if(filteredHeaders.length < responseHeaders.length) { if(filteredHeaders.length < requestHeaders.length) {
pushToLog(requestDetails.url, requestDetails.url, translate("eTag_filtering_log")); pushToLog(requestDetails.url, requestDetails.url, translate("eTag_filtering_log"));
increaseBadged(false, requestDetails); increaseBadged(false, requestDetails);
increaseGlobalURLCounter(1); increaseGlobalURLCounter(1);
return {responseHeaders: filteredHeaders}; return {requestHeaders: filteredHeaders};
} }
} }
browser.webRequest.onHeadersReceived.addListener( browser.webRequest.onBeforeSendHeaders.addListener(
eTagFilter, eTagFilter,
{urls: ["<all_urls>"]}, {urls: ["<all_urls>"]},
["blocking", "responseHeaders"] ["blocking", "requestHeaders"]
); );