Open garywill opened 1 year ago
I am wondering whether this is right. I couldn't find a way to set a referrer manually, but using tab.update seems like a big change. Even if it works I'd expect to either set the requests to non-blocking or return cancel
instead of nothing.
return cancel instead of nothing
Your idea is right. I also think returning cancel is the right way. Returning cancel means canceling the original request and let the tabs.update
navigates tab to a new url.
But there seems to be a Firefox bug. Returning cancel makes the tabs.update
canceled also. On Chrome there's no such bug.
This is another of my addon, I did this: https://github.com/garywill/autoReferer/blob/84f17e1be5f57c9684b5fe163cc93941d02d96b2/g_background.js#L127-L131
Guess we need to file a bug to Mozilla:
return { redirectUrl: xxxxxxxxx, noReferer: true }
tabs.update
Skip redirect by returning
redirectUrl
will increase some privacy risk.Without this addon, clicking a link in
https://forum.com/post-xxxxxx
which is originally tohttps://redirect.forum.com/dest=http://badsite.com
. badsite.com can't see visitor's source postid from referer. The referer is justhttps://redirect.forum.com/
.After changing target url by returning a
redirectUrl
, the referer will expose visitor's sourcehttps://forum.com/post-xxxxxx
So, use
tab.update
to make referer empty