Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: external node in Firefox 85+ #957

Merged
merged 1 commit into from
Jan 7, 2021
Merged

fix: external node in Firefox 85+ #957

merged 1 commit into from
Jan 7, 2021

Conversation

lidel
Copy link
Member

@lidel lidel commented Jan 7, 2021

This PR fixes Companion in Firefox 85 (and 86 Nightly) and closes #955

Underlying issue

Based on my debugging session with Firefox Nightly stopped leaking unique extension ID via Origin header. Probably to reduce the surface for fingerprinting, which is pretty funny considering that around v72 Chromium moved... in the opposite direction: Chromium was sending anonymous Origin: null and now v86 sends extension ID instead 🤷‍♂️

Overall, the behavior of Origin HTTP header in XHRs coming from within browser extension is not reliable: vendors change this behavior back and forth, often contradicting each other.

Fix

Refactored the way we detect requests coming from the Companion extension to be independent of the brittle Origin HTTP header – instead, we now inspect requests via lower level WebExtension API and updated + added new tests for both Firefox in Chromium variants.


Wassily Kandinsky “Origin Study. IPFS Companion in different User Agents”, 1913

@lidel
fix: external node in Firefox 85
3d9643b 
Closes #955 and refactors the way we detect requests coming from the
Companion extension to be independent from the brittle Origin HTTP
header. Instead, we now inspet request via lower level WebExtension API.

Added tests for both Firefox in Chromium.
@lidel lidel modified the milestones: v2.16, v2.17 Jan 7, 2021
@lidel lidel merged commit 95dbb50 into master Jan 7, 2021
@lidel lidel deleted the fix/origin-hackery-firefox-85 branch January 7, 2021 12:37
@github-actions github-actions bot mentioned this pull request Feb 16, 2023
Closed
@github-actions github-actions bot mentioned this pull request Sep 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.17
Development

Successfully merging this pull request may close these issues.

Origin header set to null causing 403 by IPFS API
1 participant
@lidel