Closed Bug 1544724 Opened 5 years ago Closed 5 years ago

DoH Privacy Enhancement: Do not set the 'accept-language' header for DoH requests

Categories

(Core :: Networking: DNS, enhancement, P3)

Product:
Core
Component:
Networking: DNS
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox72 --- fixed

People

(Reporter: n-mzbz, Assigned: valentin)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

Bug 1544724 - Do not set the 'accept-language' header for DoH requests r=dragana
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

Steps to reproduce:

This is a DoH privacy enhancement request similar to bug 1543201
but instead of the user-agent header this is about the accept-language header that firefox apparently sends to the DoH server.

To minimize unnecessary exposure of this kind of data to the DoH server, this header should not be set in DoH requests.

The header is not required by RFC8484 as can be seen in the sample requests:
https://tools.ietf.org/html/rfc8484#section-4.1.1

Type: defect → enhancement
Assignee: nobody → valentin.gosu
Blocks: 1434852
Priority: -- → P2
Whiteboard: [necko-triaged]
Assignee: valentin.gosu → nobody
Priority: P2 → P3

I care about my privacy, and I would not like a DNS provider to know more about me than necessary. It is all the more fodder for tracking. So if you could find a way to disable this it would be nice. If some hints are provided I could give it a try to disable it myself. Please let me know!

I did manage to write a patch for bug 1543201 but I am a bit stuck on this one, and I hope you can help.
The trick is to get TRR.cpp to convey to HttpBaseChannel.cpp and thence to nsHttpHandler.cpp to not add a Languages header.

There is no current infrastructure to make that happen, and unlike in 1543201 we can't just override the header to something like 'dns/dns', which would be silly.

I've looked at various avenues of getting the data from TRR to channel to handler, but because of my very limited understanding of the Firefox codebase, I don't know what the best way is. nsILoadInfo seems a logical place, but it is hard to be sure.

If someone tells me the path, I will carve it out quickly.

Thanks!

Version: 66 Branch → Trunk
Assignee: nobody → valentin.gosu
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/2ad5e37e0256
Do not set the 'accept-language' header for DoH requests r=dragana

https://hg.mozilla.org/mozilla-central/rev/2ad5e37e0256

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: