search

ghostwords / chameleon

Browser fingerprinting protection for everybody.
Mozilla Public License 2.0
532 stars 61 forks source link

Breaks some images. #10

Closed ghost closed 9 years ago

ghost commented 9 years ago

Chameleon seems to cause some images to not load, and I looked in the console and there were warnings about the mime type.

An example is http://www.nsaneforums.com/topic/233507-the-windowless-plane-of-the-future-will-now-become-a-reality-in-2024/

With Chameleon on for me, all the images in the first post show up as broken placeholders.

ghostwords commented 9 years ago

Chameleon wasn't sending an appropriate Accept header for images. Chameleon now sends an image-specific Accept header for image resources, one that should match Tor/Firefox's. If you could, please check this is the case.

Chameleon is probably still sending incorrect Accept headers for other resource types, like audio/video elements and external stylesheets. I left a note in the code to investigate later.

Thanks for the report!

ghost commented 9 years ago

I checked the latest Tor (4.0.1 Browser Bundle on OS X 10.9.5), and a jpeg on that example site is "image/png,image/;q=0.8,/*;q=0.5".

That matches the change. As far as testing the build, I'm not setup to compile the latest commit to see if it fixes the images.

ghostwords commented 9 years ago

Cool, thanks for checking! Is there a typo in your comment? Chameleon sends image/png,image/*;q=0.8,*/*;q=0.5 (notice the extra asterisks) for images.

You don't need to build anything to run the latest code: just follow the instructions here.

ghost commented 9 years ago

"image/png,image/;q=0.8,/*;q=0.5"

Must have gotten filtered out.

ghost commented 9 years ago

Yes, GitHub is filtering it. What you posted is exactly what I see in Tor Browser 4.0.1 inspector on jpegs.

ghost commented 9 years ago

I confirmed downloading the latest "master" and loading unpacked doesn't break that site, whereas the latest "release" did.

On Tue, Nov 11, 2014 at 1:33 PM, Alexei notifications@github.com wrote:

Cool, thanks for checking! Is there a typo in your comment? Chameleon sends image/png,image/;q=0.8,/*;q=0.5 (notice the extra asterisks) for images.

You don't need to build anything to run the latest code: just follow the instructions here https://github.com/ghostwords/chameleon#installation.

— Reply to this email directly or view it on GitHub https://github.com/ghostwords/chameleon/issues/10#issuecomment-62593798.

ghostwords commented 9 years ago

Nice!