ray-lothian
commented
5 years ago We do spoof the value of navigator.userAgent!
Closed madduck closed 5 years ago
ray-lothian
commented
5 years ago We do spoof the value of navigator.userAgent!
Without also ensuring that the value of navigator.userAgent is set to the spoofed string, it will be trivial for any site capable of serving JavaScript (and having it executed) to infer and ignore the spoofed request header.
With the WWW becoming ever less useful without at least allowing 1st-party JS, this may compromise the effectiveness of this add-on when confronted with antagonists willing to post back data from client-side. It'd be nice to plug this last leak.
(shamelessly copied from https://github.com/LeoTindall/randomua/issues/6)