From d79bec6e8447f17ba0e70eb4cca4b29965d0b0a9 Mon Sep 17 00:00:00 2001 From: Troy Lamerton Date: Sun, 2 Sep 2018 20:31:35 +0200 Subject: [PATCH 1/4] spoof referer header of third party requests --- src/js/webrequest.js | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/js/webrequest.js b/src/js/webrequest.js index d7c7280112..555e300168 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -172,6 +172,21 @@ function onBeforeSendHeaders(details) { } else { return {}; } + } else { + const refererHeader = details.requestHeaders.find(header => header.name === "Referer"); + if (refererHeader) { + // console.log('before: referer', JSON.parse(JSON.stringify(details.requestHeaders))); + if (details.method === "GET") { + // spoof referer value + const requestUrl = new URL(details.url); + refererHeader.value = requestUrl.origin; + } else { + // remove referer header from non-GET request + const refererHeaderIndex = details.requestHeaders.indexOf(refererHeader); + details.requestHeaders.splice(refererHeaderIndex, 1); + } + // console.log('after: referer', details.requestHeaders); + } } var requestAction = checkAction(tab_id, requestDomain, frame_id); From cced561d43f68a975bf6e7b6629baff5f2c93fb6 Mon Sep 17 00:00:00 2001 From: Troy Lamerton Date: Sun, 2 Sep 2018 20:31:57 +0200 Subject: [PATCH 2/4] remove logs that were for debugging --- src/js/webrequest.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/js/webrequest.js b/src/js/webrequest.js index 555e300168..745b8ca8fc 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -173,9 +173,9 @@ function onBeforeSendHeaders(details) { return {}; } } else { + // spoof referer header for third party requests const refererHeader = details.requestHeaders.find(header => header.name === "Referer"); if (refererHeader) { - // console.log('before: referer', JSON.parse(JSON.stringify(details.requestHeaders))); if (details.method === "GET") { // spoof referer value const requestUrl = new URL(details.url); @@ -185,7 +185,6 @@ function onBeforeSendHeaders(details) { const refererHeaderIndex = details.requestHeaders.indexOf(refererHeader); details.requestHeaders.splice(refererHeaderIndex, 1); } - // console.log('after: referer', details.requestHeaders); } } From df0a7bb15fed086ba58b1ae7409d0720a84ba87a Mon Sep 17 00:00:00 2001 From: Troy Lamerton Date: Tue, 4 Sep 2018 08:48:33 +0200 Subject: [PATCH 3/4] Add checkbox to toggle Spoof referrer option --- src/_locales/en_US/messages.json | 6 +++++- src/js/background.js | 7 ++++++- src/js/options.js | 15 +++++++++++++++ src/js/webrequest.js | 27 +++++++++++++++------------ src/skin/options.html | 6 ++++++ 5 files changed, 47 insertions(+), 14 deletions(-) diff --git a/src/_locales/en_US/messages.json b/src/_locales/en_US/messages.json index 350363e23e..c15bf07ceb 100644 --- a/src/_locales/en_US/messages.json +++ b/src/_locales/en_US/messages.json @@ -135,6 +135,10 @@ "message": "Replace social widgets", "description": "Checkbox label on the general settings page" }, + "options_spoof_referrer_checkbox": { + "message": "Spoof the Referrer header", + "description": "Checkbox label for spoofing referrer on the general settings page" + }, "options_incognito_warning": { "message": "** Enabling learning in Private/Incognito windows may leave traces of your private browsing history on your computer. By default, Privacy Badger will block trackers it already knows about in Private/Incognito windows, but it won't learn about new trackers. You might want to enable this option if a lot of your browsing happens in Private/Incognito windows.", "description": "Detailed explanation shown under checkboxes on the general settings page" @@ -509,4 +513,4 @@ } } } -} \ No newline at end of file +} diff --git a/src/js/background.js b/src/js/background.js index 6ff4c6c3a0..e092f68f16 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -478,7 +478,8 @@ Badger.prototype = { sendDNTSignal: true, showCounter: true, showTrackingDomains: false, - socialWidgetReplacementEnabled: true + socialWidgetReplacementEnabled: true, + spoofReferrerEnabled: true }, /** @@ -636,6 +637,10 @@ Badger.prototype = { return this.getSettings().getItem("socialWidgetReplacementEnabled"); }, + isSpoofReferrerEnabled: function() { + return this.getSettings().getItem("spoofReferrerEnabled"); + }, + isDNTSignalEnabled: function() { return this.getSettings().getItem("sendDNTSignal"); }, diff --git a/src/js/options.js b/src/js/options.js index f45a8bee60..5bf5647de0 100644 --- a/src/js/options.js +++ b/src/js/options.js @@ -107,6 +107,7 @@ function loadOptions() { $("#show_counter_checkbox").prop("checked", badger.showCounter()); $("#replace_social_widgets_checkbox").on("click", updateSocialWidgetReplacement); $("#replace_social_widgets_checkbox").prop("checked", badger.isSocialWidgetReplacementEnabled()); + $("#spoof_referrer_checkbox").prop("checked", badger.isSpoofReferrerEnabled()); $("#enable_dnt_checkbox").on("click", updateDNTCheckboxClicked); $("#enable_dnt_checkbox").prop("checked", badger.isDNTSignalEnabled()); $("#check_dnt_policy_checkbox").on("click", updateCheckingDNTPolicy); @@ -330,6 +331,20 @@ function updateSocialWidgetReplacement() { }); } +/** + * Update setting for spoofing the referrer header of all 3rd party requests. + */ +function updateSpoofReferrer() { + const enabled = $("#spoof_referrer_checkbox").prop("checked"); + + chrome.runtime.sendMessage({ + type: "updateSettings", + data: { + spoofReferrerEnabled: enabled + } + }); +} + /** * Update DNT checkbox clicked */ diff --git a/src/js/webrequest.js b/src/js/webrequest.js index 745b8ca8fc..eb6d41a588 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -172,18 +172,21 @@ function onBeforeSendHeaders(details) { } else { return {}; } - } else { - // spoof referer header for third party requests - const refererHeader = details.requestHeaders.find(header => header.name === "Referer"); - if (refererHeader) { - if (details.method === "GET") { - // spoof referer value - const requestUrl = new URL(details.url); - refererHeader.value = requestUrl.origin; - } else { - // remove referer header from non-GET request - const refererHeaderIndex = details.requestHeaders.indexOf(refererHeader); - details.requestHeaders.splice(refererHeaderIndex, 1); + + } else if (badger.isSpoofReferrerEnabled()) { + if (badger.isPrivacyBadgerEnabled(tabDomain) && badger.isPrivacyBadgerEnabled(requestDomain)) { + // spoof referer header for third party requests + const refererHeader = details.requestHeaders.find(header => header.name === "Referer"); + if (refererHeader) { + if (details.method === "GET") { + // spoof referer value + const requestUrl = new URL(details.url); + refererHeader.value = requestUrl.origin; + } else { + // remove referer header from non-GET request + const refererHeaderIndex = details.requestHeaders.indexOf(refererHeader); + details.requestHeaders.splice(refererHeaderIndex, 1); + } } } } diff --git a/src/skin/options.html b/src/skin/options.html index 1e1a96de0a..01cb7fa720 100644 --- a/src/skin/options.html +++ b/src/skin/options.html @@ -150,6 +150,12 @@

+
+ +