On Firefox fetch requests have a Origin header attached which contains a unique value (Bugzilla Issue). When the extension is fetching privacy settings for google and facebook, this header is included, and could be used by google/facebook for linking accounts or sessions.
This PR fixes the issue by using XMLHttpRequest for fetching these pages instead of fetch. Once Firefox 64 is release this should be fixed and we can revert this change.
On Firefox fetch requests have a
Origin
header attached which contains a unique value (Bugzilla Issue). When the extension is fetching privacy settings for google and facebook, this header is included, and could be used by google/facebook for linking accounts or sessions.This PR fixes the issue by using
XMLHttpRequest
for fetching these pages instead of fetch. Once Firefox 64 is release this should be fixed and we can revert this change.cc @konark-cliqz