Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Commit

Permalink
Remove brave from the user agent string
Browse files Browse the repository at this point in the history 
Partial fix for #242

Auditors: @bbondy
  • Loading branch information
@diracdeltas
diracdeltas committed Apr 5, 2016
1 parent 0827c91 commit 327fcc7
Showing 1 changed file with 12 additions and 11 deletions.
23 changes: 12 additions & 11 deletions app/filtering.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,15 +124,24 @@ function registerForBeforeSendHeaders (session) {
// For efficiency, avoid calculating sendDNT on every request. This means the
// browser must be restarted for changes to take effect.
const sendDNT = getSetting(settings.DO_NOT_TRACK)
let spoofedUserAgent
const braveRegex = new RegExp('brave/.+? ', 'gi')

session.webRequest.onBeforeSendHeaders(function (details, cb) {
let requestHeaders = details.requestHeaders

// To minimize fingerprintability, remove Brave from the UA string.
// This can be removed once https://github.com/atom/electron/issues/3602 is
// resolved
spoofedUserAgent = spoofedUserAgent || requestHeaders['User-Agent'].replace(braveRegex, '')

This comment has been minimized.

Sign in to view

Copy link
@bbondy

bbondy Apr 5, 2016

Member

should it be replaced with more than nothing? Like Chrome or something?

This comment has been minimized.

Sign in to view

Copy link
@diracdeltas

diracdeltas Apr 5, 2016

Author Member

Not on OS X at least.
Brave after this change: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.108 Safari/537.36
Chrome latest stable: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36

This comment has been minimized.

Sign in to view

Copy link
@weems

weems via email Apr 5, 2016

This comment has been minimized.

Sign in to view

Copy link
@diracdeltas

diracdeltas Apr 5, 2016

Author Member

So we don't want sites to know a user is on Brave?

See #242. will be ok to let sites know users are on Brave when is a high enough population of Brave users
requestHeaders['User-Agent'] = spoofedUserAgent

// Using an electron binary which isn't from Brave
if (!details.firstPartyUrl) {
cb({})
return
}

let requestHeaders = details.requestHeaders
let customHeaders = false
for (let i = 0; i < beforeSendHeadersFilteringFns.length; i++) {
let results = beforeSendHeadersFilteringFns[i](details)
if (!module.exports.isResourceEnabled(results.resourceName)) {
Expand All @@ -144,7 +153,6 @@ function registerForBeforeSendHeaders (session) {
}
if (results.customCookie) {
requestHeaders.Cookie = results.customCookie
customHeaders = true
}
}

Expand All @@ -155,23 +163,16 @@ function registerForBeforeSendHeaders (session) {
// Clear cookie and referer on third-party requests
if (requestHeaders['Cookie']) {
requestHeaders['Cookie'] = undefined
customHeaders = true
}
if (requestHeaders['Referer'] && !refererExceptions.includes(hostname)) {
requestHeaders['Referer'] = undefined
customHeaders = true
}
}
if (sendDNT) {
requestHeaders['DNT'] = '1'
customHeaders = true
}

if (customHeaders) {
cb({ requestHeaders })
} else {
cb({})
}
cb({ requestHeaders })
})
}

Expand Down

2 comments on commit 327fcc7

@diracdeltas
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that this doesn't change navigator.userAgent; will do in a follow-up

@bbondy
Copy link
Member

@bbondy bbondy commented on 327fcc7 Apr 5, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

++ otherwise

Please sign in to comment.