-
-
Notifications
You must be signed in to change notification settings - Fork 387
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
strips x-client-data headers from outgoing requests #2549
base: master
Are you sure you want to change the base?
Changes from 4 commits
9bc1826
db6c883
9266243
a3ae9f8
935f409
b8e1a7b
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -168,6 +168,22 @@ function loadOptions() { | |
}); | ||
} | ||
|
||
// only show the x-client-data header setting if in Chrome & Chromium browsers | ||
// TODO: more accurate way to determine this is a Chrome or Chromium browser | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
We could try doing feature detection (always better than guessing based on UA). Something like, on Privacy Badger startup, make a dummy request to a Google domain. This request should get cancelled, but before it does, we'll see the headers and set our internal |
||
if (!chrome.runtime.getBrowserInfo) { | ||
$("#remove-x-client-data-toggle").show(); | ||
$("#toggle-x-client-data-header-mode") | ||
.prop("checked", OPTIONS_DATA.settings.removeXClientDataHeaders) | ||
.on("click", function () { | ||
const removeXClientDataHeaders = $("#toggle-x-client-data-header-mode").prop("checked"); | ||
|
||
chrome.runtime.sendMessage({ | ||
type: "updateSettings", | ||
data: { removeXClientDataHeaders } | ||
}); | ||
}); | ||
} | ||
|
||
if (OPTIONS_DATA.webRTCAvailable && OPTIONS_DATA.legacyWebRtcProtectionUser) { | ||
$("#webRTCToggle").show(); | ||
$("#toggle_webrtc_mode") | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should phrase this in a way that's intelligible to non-technical people. Take a look at our existing privacy overrides. Something like
Disable sending [NON TECHNICAL DESCRIPTION OF VARIATIONS HEADER DATA] to Google ("X-Client-Data header")
.And, yes, exactly, we should also have a "learn more" icon that links to somewhere helpful.