feat: remove outgoing cookie and user-agent headers (#8)

stoically · Nov 6, 2020 · 5ffe0f5 · 5ffe0f5
1 parent 799bc91
commit 5ffe0f5
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/src/background.ts b/src/background.ts
@@ -93,3 +93,25 @@ browser.webRequest.onBeforeRequest.addListener(
   { urls: ["<all_urls>"], types: ["main_frame"] },
   ["blocking"]
 );
+
+// remove outgoing user-agent so that we don't break if the user decides to
+// change the UA to something fancy
+//
+// remove cookie header. the calls to `fetch` from `stream-http` have
+// `credentials` by default set to `same-origin`, and since we have host
+// permissions for yt domains, this means we receive and send cookies. this
+// leads to breakage over time because yt starts to respond weirdly. it also
+// enables tracking from yt. this could be solved by setting `credentials` to
+// `omit`, but that's blocked upstream:
+// - https://github.com/jhiesey/stream-http/issues/119
+// - https://github.com/fent/node-miniget/issues/52
+// - https://github.com/stoically/humanetube/issues/8
+browser.webRequest.onBeforeSendHeaders.addListener(
+  (request) => ({
+    requestHeaders: request.requestHeaders?.filter(
+      (header) => !["cookie", "user-agent"].includes(header.name.toLowerCase())
+    ),
+  }),
+  { urls: ["<all_urls>"] },
+  ["blocking", "requestHeaders"]
+);