Open anarcat opened 9 years ago
gorhill
commented
9 years ago Well if the site's behavior depends on the user agent string to be specific values, there is nothing HTTPSB can do. One thing to try is to stick to user agent strings which are close to the real one, i.e do not try to appear as a Firefox or IE browser, stick to user agent strings of Chromium-based browsers.
ghost
commented
9 years ago A similar thing can occur with referers.
I disable referer hiding on HTTPS, but I allow user agent spoofing, but all the values look like legitimate Chrome values.
I recommend disabling that option and using "Referer Control", blocking all refers unless an issue occurs, then making exceptions.
Maybe a similar addon exists for User-Agent?
On Friday, August 8, 2014, Raymond Hill notifications@github.com wrote:
Well if the site's behavior depends on the user agent string to be specific values, there is nothing HTTPSB can do. One thing to try is to stick to user agent strings which are close to the real one, i.e do not try to appear as a Firefox or IE browser, stick to user agent strings of Chromium-based browsers.
— Reply to this email directly or view it on GitHub https://github.com/gorhill/httpswitchboard/issues/393#issuecomment-51606874 .
anarcat
commented
9 years ago well, i wonder if it isn't that the UA changes during the "session" with paypal...
gorhill
commented
9 years ago What are the UA strings you currently use?
gorhill
commented
9 years ago The UA string can change during a session. I remember wondering whether I should store the UA for specific pages, and then decided against it. So if it's the source of the problem, I guess I will have to store and reuse it for a page. I think that would be reasonable given that the primary goal is to avoid tracking across many sites, and in any case, a new UA string would be used after leaving the site and coming back after a few minutes.
gorhill
commented
9 years ago I recommend disabling that option and using "Referer Control", blocking all refers unless an issue occurs, then making exceptions.
Not recommended to use another add-on which also modifies outbound or inbound headers, as only one extension is allowed to do so, which could undermine HTTPSB's ability to do its job (removing cookie headers, preventing inline javascript execution, etc.)
ghost
commented
9 years ago So far I haven't seem to run into the issue if I ensure only 1 extension can modify one part of the header.
But yes, if I have User-Agent spoofing enabled (I don't, on ANY addon), HTTPSB causes Tampermonkey to get errors for some reason because Tampermonkey did something to the User-Agent somewhere for some reason that I'm not aware of.
I only have Referer Control capable/enabled of editing Referer and so far there has been no conflict.
The more I configure things, the less add-ons I'll have eventually, because I've had DoNotTrackMe getting errored by Disconnect for too long, and Disconnect is looking to soon get removed since I don't really need it.
On Friday, August 8, 2014, Raymond Hill notifications@github.com wrote:
I recommend disabling that option and using "Referer Control", blocking all refers unless an issue occurs, then making exceptions.
Not recommended to use another addo-on which also modifies outbound or inbound headers, as only one extension is allowed to do so, which could undermine HTTPSB's ability to do its job (removing cookie headers, preventing inline javascript execution, etc.)
— Reply to this email directly or view it on GitHub https://github.com/gorhill/httpswitchboard/issues/393#issuecomment-51609146 .
When using Paypal, even if I enable all resources in HTTPSB, the page loads then blanks out completely unless I disable user agent spoofing.