[tbb-commits] [Git][tpo/applications/tor-browser][base-browser-115.16.0esr-13.5-1] Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref

morgan (@morgan) git at gitlab.torproject.org
Wed Oct 16 22:33:01 UTC 2024



morgan pushed to branch base-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser


Commits:
bd216fff by Pier Angelo Vendrame at 2024-10-16T22:27:14+00:00
Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref

This commits makes it possible to disable OS spoofing in the HTTP
User-Agent header, to see if matching header and JS property improve
usability.

- - - - -


2 changed files:

- netwerk/protocol/http/nsHttpHandler.cpp
- toolkit/components/resistfingerprinting/nsRFPService.cpp


Changes:

=====================================
netwerk/protocol/http/nsHttpHandler.cpp
=====================================
@@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() {
     // obsService->AddObserver(this, "net:failed-to-process-uri-content", true);
   }
 
+  Preferences::AddWeakObserver(
+      this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
+
   MakeNewRequestTokenBucket();
   mWifiTickler = new Tickler();
   if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr;
@@ -2064,6 +2067,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
     // Inform nsIOService that network is tearing down.
     gIOService->SetHttpHandlerAlreadyShutingDown();
 
+    Preferences::RemoveObserver(
+        this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
+
     ShutdownConnectionManager();
 
     // need to reset the session start time since cache validation may
@@ -2189,6 +2195,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic,
     ShutdownConnectionManager();
     mConnMgr = nullptr;
     Unused << InitConnectionMgr();
+  } else if (!strcmp(topic, "nsPref:changed") &&
+             !NS_strcmp(
+                 data,
+                 u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) {
+    nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
   }
 
   return NS_OK;


=====================================
toolkit/components/resistfingerprinting/nsRFPService.cpp
=====================================
@@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent,
   // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
 
+  const bool spoofOs =
+      isForHTTPHeader &&
+      Preferences::GetBool(
+          "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
+
   // These magic numbers are the lengths of the UA string literals below.
   // Assume three-digit Firefox version numbers so we have room to grow.
   size_t preallocatedLength =
       13 +
-      (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
-                       : mozilla::ArrayLength(SPOOFED_UA_OS)) -
+      (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
+               : mozilla::ArrayLength(SPOOFED_UA_OS)) -
       1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 +
       2;
   userAgent.SetCapacity(preallocatedLength);
@@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent,
   // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0"
   userAgent.AssignLiteral("Mozilla/5.0 (");
 
-  if (isForHTTPHeader) {
+  if (spoofOs) {
     userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS);
   } else {
     userAgent.AppendLiteral(SPOOFED_UA_OS);



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bd216fffdab7a368029b486a08f23e7e7882d7b0

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bd216fffdab7a368029b486a08f23e7e7882d7b0
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20241016/ce84b4a2/attachment-0001.htm>


More information about the tbb-commits mailing list