DoH Privacy Enhancement: Do not set the 'accept-language' header for DoH requests
Categories
(Core :: Networking: DNS, enhancement, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: n-mzbz, Assigned: valentin)
References
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Steps to reproduce:
This is a DoH privacy enhancement request similar to bug 1543201
but instead of the user-agent header this is about the accept-language header that firefox apparently sends to the DoH server.
To minimize unnecessary exposure of this kind of data to the DoH server, this header should not be set in DoH requests.
The header is not required by RFC8484 as can be seen in the sample requests:
https://tools.ietf.org/html/rfc8484#section-4.1.1
Updated•6 years ago
|
Updated•6 years ago
|
I care about my privacy, and I would not like a DNS provider to know more about me than necessary. It is all the more fodder for tracking. So if you could find a way to disable this it would be nice. If some hints are provided I could give it a try to disable it myself. Please let me know!
I did manage to write a patch for bug 1543201 but I am a bit stuck on this one, and I hope you can help.
The trick is to get TRR.cpp to convey to HttpBaseChannel.cpp and thence to nsHttpHandler.cpp to not add a Languages header.
There is no current infrastructure to make that happen, and unlike in 1543201 we can't just override the header to something like 'dns/dns', which would be silly.
I've looked at various avenues of getting the data from TRR to channel to handler, but because of my very limited understanding of the Firefox codebase, I don't know what the best way is. nsILoadInfo seems a logical place, but it is hard to be sure.
If someone tells me the path, I will carve it out quickly.
Thanks!
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Comment 5•5 years ago
|
||
bugherder |
Description
•