Added changelog

Block ETag tracking on outgoing request, instead of incoming response
This change more directly addresses the privacy concern where servers can identify whether a given client has previously downloaded some content. This tracking occurs when a request for an already-cached resource is sent to the server with an `If-None-Match` header. If the cached resource was previously received with a unique `ETag`, the server can uniquely identify the user. Rather than blocking the client from reading `ETag` values (which may be safely be used for other purposes; see #177), this change prevents servers from being informed about whether the client has any cached content. Fixes #177.
2025-12-16 14:15:36 +07:00 · 2022-06-07 11:20:29 +02:00 · 2022-06-07 11:14:58 +02:00
3 changed files with 20 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Require Firefox >= 55
 - Require Chrome >= 37

+## [1.25.0] - 2022-XX-XX
+
+### Compatibility note
+- Require Firefox >= 55
+- Require Chrome >= 37
+
+### Changed
+- Incoming etags are no longer filtered, but outgoing responses are. This should fix some bugs with filtered etags. See [#124](https://github.com/ClearURLs/Addon/pull/214)
+
 ## [1.24.1] - 2022-03-25

 ### Compatibility note
--- a/core_js/eTagFilter.js
+++ b/core_js/eTagFilter.js
@@ -19,28 +19,29 @@
 /*jshint esversion: 6 */

 /**
- * Filters eTag headers from web requests.
+ * Filters headers containing eTag values from web requests.
 */
 function eTagFilter(requestDetails) {
-    if(!requestDetails.responseHeaders || !storage.eTagFiltering
+    if(!requestDetails.requestHeaders || !storage.eTagFiltering
        || storage.localHostsSkipping && checkLocalURL(new URL(requestDetails.url))) return {};
-    const responseHeaders = requestDetails.responseHeaders;
+    const requestHeaders = requestDetails.requestHeaders;

-    const filteredHeaders = responseHeaders.filter(header => {
-       return header.name.toLowerCase() !== "etag";
+    const filteredHeaders = requestHeaders.filter(header => {
+        // Browsers may automatically send an If-None-Match header with
+        return header.name.toLowerCase() !== "if-none-match";
    });

-    if(filteredHeaders.length < responseHeaders.length) {
+    if(filteredHeaders.length < requestHeaders.length) {
        pushToLog(requestDetails.url, requestDetails.url, translate("eTag_filtering_log"));
        increaseBadged(false, requestDetails);
        increaseGlobalURLCounter(1);

-        return {responseHeaders: filteredHeaders};
+        return {requestHeaders: filteredHeaders};
    }
 }

-browser.webRequest.onHeadersReceived.addListener(
+browser.webRequest.onBeforeSendHeaders.addListener(
    eTagFilter,
    {urls: ["<all_urls>"]},
-    ["blocking", "responseHeaders"]
+    ["blocking", "requestHeaders"]
 );
--- a/manifest.json
+++ b/manifest.json
@@ -1,7 +1,7 @@
 {
  "manifest_version": 2,
  "name": "ClearURLs",
-  "version": "1.24.1",
+  "version": "1.25.0",
  "author": "Kevin Roebert",
  "description": "__MSG_extension_description__",
  "homepage_url": "https://docs.clearurls.xyz",