From 9bc182696f24822c0fd1f9bddfb72d2a3c61bc05 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Thu, 8 Oct 2020 11:10:26 -0700 Subject: [PATCH 1/6] strip x-client-data headers from requests in webrequest script --- src/js/webrequest.js | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/js/webrequest.js b/src/js/webrequest.js index fc043fe4aa..057ab319b0 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -206,11 +206,11 @@ function onBeforeSendHeaders(details) { if (_isTabChromeInternal(tab_id)) { // DNT policy requests: strip cookies if (type == "xmlhttprequest" && url.endsWith("/.well-known/dnt-policy.txt")) { - // remove Cookie headers + // remove Cookie headers and X-Client-Data headers let newHeaders = []; for (let i = 0, count = details.requestHeaders.length; i < count; i++) { let header = details.requestHeaders[i]; - if (header.name.toLowerCase() != "cookie") { + if (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "x-client-data") { newHeaders.push(header); } } @@ -256,10 +256,10 @@ function onBeforeSendHeaders(details) { if (action == constants.COOKIEBLOCK || action == constants.USER_COOKIEBLOCK) { let newHeaders; - // GET requests: remove cookie headers, reduce referrer header to origin + // GET requests: remove cookie headers and X-client-data headers, reduce referrer header to origin if (details.method == "GET") { newHeaders = details.requestHeaders.filter(header => { - return (header.name.toLowerCase() != "cookie"); + return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "x-client-data"); }).map(header => { if (header.name.toLowerCase() == "referer") { header.value = header.value.slice( @@ -270,10 +270,10 @@ function onBeforeSendHeaders(details) { return header; }); - // remove cookie and referrer headers otherwise + // remove cookie, referrer, and X-Client-Data headers otherwise } else { newHeaders = details.requestHeaders.filter(header => { - return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "referer"); + return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "referer" && header.name.toLowerCase() != "x-client-data"); }); } From db6c8834da8d9a0f0266eb3dd33fa510e2de4a9e Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 29 Sep 2021 17:51:48 -0700 Subject: [PATCH 2/6] add message for options page strip x-client-data headers --- src/_locales/en_US/messages.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/_locales/en_US/messages.json b/src/_locales/en_US/messages.json index 68f8a74541..ec853036b2 100644 --- a/src/_locales/en_US/messages.json +++ b/src/_locales/en_US/messages.json @@ -129,6 +129,10 @@ "message": "Prevent WebRTC from leaking local IP address", "description": "Checkbox label on the general settings page" }, + "options_x_client_data_setting": { + "message": "Remove \"x-client-data\" header from outgoing requests", + "description": "Checkbox label on the general settings page for removing the x-client-data header on chromium browsers" + }, "intro_welcome": { "message": "Privacy Badger automatically learns to block invisible trackers. Take a minute to see how.", "description": "Intro page welcome paragraph." From 92662434d8cb61388740a5a7fe0ee21ba57a83b2 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 29 Sep 2021 17:52:22 -0700 Subject: [PATCH 3/6] add html chunk for x-client-data option --- src/skin/options.html | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/skin/options.html b/src/skin/options.html index 79ddee605a..f1c8d7ca2c 100644 --- a/src/skin/options.html +++ b/src/skin/options.html @@ -252,6 +252,14 @@

+ From a3ae9f83dd639922e6bca39e05b9983232e5eb10 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 29 Sep 2021 17:53:38 -0700 Subject: [PATCH 4/6] toggle visibility of x-client-data option, modify how check is made when stripping headers --- src/js/background.js | 7 +++++++ src/js/options.js | 16 ++++++++++++++++ src/js/webrequest.js | 16 ++++++++++------ 3 files changed, 33 insertions(+), 6 deletions(-) diff --git a/src/js/background.js b/src/js/background.js index a3cec271b8..66165876d1 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -844,6 +844,7 @@ Badger.prototype = { learnLocally: false, migrationLevel: 0, preventWebRTCIPLeak: false, + removeXClientDataHeaders: false, seenComic: false, sendDNTSignal: true, showCounter: true, @@ -1125,6 +1126,12 @@ Badger.prototype = { return this.getSettings().getItem("checkForDNTPolicy"); }, + isRemoveXClientDataHeaderEnabled: function() { + if (!chrome.runtime.getBrowserInfo) { + return this.getSettings().getItem("removeXClientDataHeaders"); + } + }, + isFlocOverwriteEnabled: function() { if (document.interestCohort) { return this.getSettings().getItem("disableFloc"); diff --git a/src/js/options.js b/src/js/options.js index 608546e90d..0b5ad34528 100644 --- a/src/js/options.js +++ b/src/js/options.js @@ -168,6 +168,22 @@ function loadOptions() { }); } + // only show the x-client-data header setting if in Chrome & Chromium browsers + // TODO: more accurate way to determine this is a Chrome or Chromium browser + if (!chrome.runtime.getBrowserInfo) { + $("#remove-x-client-data-toggle").show(); + $("#toggle-x-client-data-header-mode") + .prop("checked", OPTIONS_DATA.settings.removeXClientDataHeaders) + .on("click", function () { + const removeXClientDataHeaders = $("#toggle-x-client-data-header-mode").prop("checked"); + + chrome.runtime.sendMessage({ + type: "updateSettings", + data: { removeXClientDataHeaders } + }); + }); + } + if (OPTIONS_DATA.webRTCAvailable && OPTIONS_DATA.legacyWebRtcProtectionUser) { $("#webRTCToggle").show(); $("#toggle_webrtc_mode") diff --git a/src/js/webrequest.js b/src/js/webrequest.js index 057ab319b0..2f38a329d3 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -203,14 +203,18 @@ function onBeforeSendHeaders(details) { type = details.type, url = details.url; + // option to remove x-client-data headers as well + const removeXClientData = badger.isRemoveXClientDataHeaderEnabled(); + if (_isTabChromeInternal(tab_id)) { // DNT policy requests: strip cookies if (type == "xmlhttprequest" && url.endsWith("/.well-known/dnt-policy.txt")) { - // remove Cookie headers and X-Client-Data headers + // remove Cookie headers let newHeaders = []; + for (let i = 0, count = details.requestHeaders.length; i < count; i++) { let header = details.requestHeaders[i]; - if (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "x-client-data") { + if (header.name.toLowerCase() != "cookie" || (removeXClientData && header.name.toLowerCase() != 'x-client-data')) { newHeaders.push(header); } } @@ -256,10 +260,10 @@ function onBeforeSendHeaders(details) { if (action == constants.COOKIEBLOCK || action == constants.USER_COOKIEBLOCK) { let newHeaders; - // GET requests: remove cookie headers and X-client-data headers, reduce referrer header to origin + // GET requests: remove cookie (and x-client-data if option is set) headers, reduce referrer header to origin if (details.method == "GET") { newHeaders = details.requestHeaders.filter(header => { - return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "x-client-data"); + return (header.name.toLowerCase() != "cookie" || (removeXClientData && header.name.toLowerCase() != 'x-client-data')); }).map(header => { if (header.name.toLowerCase() == "referer") { header.value = header.value.slice( @@ -270,10 +274,10 @@ function onBeforeSendHeaders(details) { return header; }); - // remove cookie, referrer, and X-Client-Data headers otherwise + // remove cookie, referrer (and x-client-data if option is set) otherwise } else { newHeaders = details.requestHeaders.filter(header => { - return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "referer" && header.name.toLowerCase() != "x-client-data"); + return (header.name.toLowerCase() != "cookie" && header.name.toLowerCase() != "referer" && (removeXClientData && header.name.toLowerCase() != 'x-client-data')); }); } From 935f4096d8d2b3f6d911913539230662059437ab Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Fri, 1 Oct 2021 10:07:26 -0700 Subject: [PATCH 5/6] nit naming reference for x-client-data variables and comments --- src/js/background.js | 4 ++-- src/js/options.js | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/js/background.js b/src/js/background.js index 66165876d1..c3690c4d0a 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -844,7 +844,7 @@ Badger.prototype = { learnLocally: false, migrationLevel: 0, preventWebRTCIPLeak: false, - removeXClientDataHeaders: false, + removeXClientDataHeader: false, seenComic: false, sendDNTSignal: true, showCounter: true, @@ -1128,7 +1128,7 @@ Badger.prototype = { isRemoveXClientDataHeaderEnabled: function() { if (!chrome.runtime.getBrowserInfo) { - return this.getSettings().getItem("removeXClientDataHeaders"); + return this.getSettings().getItem("removeXClientDataHeader"); } }, diff --git a/src/js/options.js b/src/js/options.js index 0b5ad34528..1461b51d12 100644 --- a/src/js/options.js +++ b/src/js/options.js @@ -168,18 +168,18 @@ function loadOptions() { }); } - // only show the x-client-data header setting if in Chrome & Chromium browsers + // only show the x-client-data header setting if in Chrome // TODO: more accurate way to determine this is a Chrome or Chromium browser if (!chrome.runtime.getBrowserInfo) { $("#remove-x-client-data-toggle").show(); $("#toggle-x-client-data-header-mode") - .prop("checked", OPTIONS_DATA.settings.removeXClientDataHeaders) + .prop("checked", OPTIONS_DATA.settings.removeXClientDataHeader) .on("click", function () { - const removeXClientDataHeaders = $("#toggle-x-client-data-header-mode").prop("checked"); + const removeXClientDataHeader = $("#toggle-x-client-data-header-mode").prop("checked"); chrome.runtime.sendMessage({ type: "updateSettings", - data: { removeXClientDataHeaders } + data: { removeXClientDataHeader } }); }); } From b8e1a7bc434d39dfcd1774bf769f0c425034ecf7 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Fri, 1 Oct 2021 10:09:15 -0700 Subject: [PATCH 6/6] add warning tooltip and learn more link icon to x-client-data option in settings page --- src/_locales/en_US/messages.json | 8 ++++++-- src/skin/options.html | 2 ++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/_locales/en_US/messages.json b/src/_locales/en_US/messages.json index ec853036b2..b58aac7a88 100644 --- a/src/_locales/en_US/messages.json +++ b/src/_locales/en_US/messages.json @@ -130,8 +130,12 @@ "description": "Checkbox label on the general settings page" }, "options_x_client_data_setting": { - "message": "Remove \"x-client-data\" header from outgoing requests", - "description": "Checkbox label on the general settings page for removing the x-client-data header on chromium browsers" + "message": "Remove Chrome-only identifier from being sent on Google sites", + "description": "Checkbox label on the general settings page for removing the x-client-data header on Chrome" + }, + "x_client_data_warning": { + "message": "Chrome HTTP header \"x-client-data\" purportedly used to test new features on Google sites, may cause breakage", + "description": "warning tooltip that appears next to the x-client-data option on the settings page" }, "intro_welcome": { "message": "Privacy Badger automatically learns to block invisible trackers. Take a minute to see how.", diff --git a/src/skin/options.html b/src/skin/options.html index f1c8d7ca2c..cefd9d6376 100644 --- a/src/skin/options.html +++ b/src/skin/options.html @@ -257,6 +257,8 @@

+ +