morgan pushed to branch base-browser-115.16.0esr-13.5-1 at The Tor Project / Applications / Tor Browser

Commits: bd216fff by Pier Angelo Vendrame at 2024-10-16T22:27:14+00:00 Bug 42467: Make OS HTTP User-Agent OS spoofing configurable by pref

This commits makes it possible to disable OS spoofing in the HTTP User-Agent header, to see if matching header and JS property improve usability.

- - - - -

2 changed files:

- netwerk/protocol/http/nsHttpHandler.cpp - toolkit/components/resistfingerprinting/nsRFPService.cpp

Changes:

===================================== netwerk/protocol/http/nsHttpHandler.cpp ===================================== @@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() { // obsService->AddObserver(this, "net:failed-to-process-uri-content", true); }

+ Preferences::AddWeakObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + MakeNewRequestTokenBucket(); mWifiTickler = new Tickler(); if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr; @@ -2064,6 +2067,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, // Inform nsIOService that network is tearing down. gIOService->SetHttpHandlerAlreadyShutingDown();

+ Preferences::RemoveObserver( + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns); + ShutdownConnectionManager();

// need to reset the session start time since cache validation may @@ -2189,6 +2195,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, ShutdownConnectionManager(); mConnMgr = nullptr; Unused << InitConnectionMgr(); + } else if (!strcmp(topic, "nsPref:changed") && + !NS_strcmp( + data, + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) { + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true); }

return NS_OK;

===================================== toolkit/components/resistfingerprinting/nsRFPService.cpp ===================================== @@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent

+ const bool spoofOs = + isForHTTPHeader && + Preferences::GetBool( + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true); + // These magic numbers are the lengths of the UA string literals below. // Assume three-digit Firefox version numbers so we have room to grow. size_t preallocatedLength = 13 + - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) - : mozilla::ArrayLength(SPOOFED_UA_OS)) - + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS) + : mozilla::ArrayLength(SPOOFED_UA_OS)) - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2; userAgent.SetCapacity(preallocatedLength); @@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0" userAgent.AssignLiteral("Mozilla/5.0 (");

- if (isForHTTPHeader) { + if (spoofOs) { userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS); } else { userAgent.AppendLiteral(SPOOFED_UA_OS);

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/bd216fff...