Closed Bug 1459089 Opened 7 years ago Closed 7 years ago

Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox62 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 62
Tracking Flags:
Tracking Status
firefox62 --- fixed

People

(Reporter: igt0, Assigned: igt0)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting])

Attachments

(1 file)

0001-Bug-1459089-Don-t-use-OS-Locale-when-resistFingerpri.patch
1.01 KB, patch
mcomella
: review+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Build ID: 20180326160923 Steps to reproduce: 1. Go to about:config 2. Change the privacy.resistFingerprinting preference to true 3. Go to the android Input & Language settings 4. Change the language Actual results: The HTTP Accept-Language header adds the OS Language. Expected results: The HTTP Accept-Language header should not change based on OS values.
Attachment #8973081 - Flags: review?(michael.l.comella)
Flags: needinfo?(michael.l.comella)
I'll get to this as soon as I can but I'll be at Google IO this week: only a r? is necessary.
Flags: needinfo?(michael.l.comella)
Flags: needinfo?(nchen)
Comment on attachment 8973081 [details] [diff] [review] 0001-Bug-1459089-Don-t-use-OS-Locale-when-resistFingerpri.patch Review of attachment 8973081 [details] [diff] [review]: ----------------------------------------------------------------- When resistFingerprinting is set, this change prevents `osLocale` from being appended to `chosen` via `unshift`, which prevents it from getting set into the `intl.accept_languages` preference: this seems reasonable to me. I don't know that it guarantees that it's not sent with the Accept header but if it works for you, it works for me! :) I apologize for taking so long to get back to you, Igor. If this happens again (which I will try my best to avoid), please feel free to ping me on IRC to remind me to review it!
Attachment #8973081 - Flags: review?(michael.l.comella) → review+
Blocks: uplift_tor_fingerprinting
Whiteboard: [fingerprinting]
Pushed by rgurzau@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/a25b2c7238f4 Don't use OS Locale when resistFingerprinting is enabled. When the OS Locale is used, it leaks the OS language in the HTTP Accept-Language header. r=mcomella
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/a25b2c7238f4
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
status-firefox62: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 62
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: