search

ghostwords / chameleon

Browser fingerprinting protection for everybody.
Mozilla Public License 2.0
534 stars 60 forks source link

Breaks some images. #10

Closed ghost closed 10 years ago

ghost commented 10 years ago

Chameleon seems to cause some images to not load, and I looked in the console and there were warnings about the mime type.

An example is http://www.nsaneforums.com/topic/233507-the-windowless-plane-of-the-future-will-now-become-a-reality-in-2024/

With Chameleon on for me, all the images in the first post show up as broken placeholders.

ghostwords commented 10 years ago

Chameleon wasn't sending an appropriate Accept header for images. Chameleon now sends an image-specific Accept header for image resources, one that should match Tor/Firefox's. If you could, please check this is the case.

Chameleon is probably still sending incorrect Accept headers for other resource types, like audio/video elements and external stylesheets. I left a note in the code to investigate later.

Thanks for the report!

ghost commented 10 years ago

I checked the latest Tor (4.0.1 Browser Bundle on OS X 10.9.5), and a jpeg on that example site is "image/png,image/;q=0.8,/*;q=0.5".

That matches the change. As far as testing the build, I'm not setup to compile the latest commit to see if it fixes the images.

ghostwords commented 10 years ago

Cool, thanks for checking! Is there a typo in your comment? Chameleon sends image/png,image/*;q=0.8,*/*;q=0.5 (notice the extra asterisks) for images.

You don't need to build anything to run the latest code: just follow the instructions here.

ghost commented 10 years ago

"image/png,image/;q=0.8,/*;q=0.5"

Must have gotten filtered out.

ghost commented 10 years ago

Yes, GitHub is filtering it. What you posted is exactly what I see in Tor Browser 4.0.1 inspector on jpegs.

ghost commented 10 years ago

I confirmed downloading the latest "master" and loading unpacked doesn't break that site, whereas the latest "release" did.

On Tue, Nov 11, 2014 at 1:33 PM, Alexei notifications@github.com wrote:

Cool, thanks for checking! Is there a typo in your comment? Chameleon sends image/png,image/;q=0.8,/*;q=0.5 (notice the extra asterisks) for images.

You don't need to build anything to run the latest code: just follow the instructions here https://github.com/ghostwords/chameleon#installation.

— Reply to this email directly or view it on GitHub https://github.com/ghostwords/chameleon/issues/10#issuecomment-62593798.

ghostwords commented 10 years ago

Nice!