Browse Source

Remove "X-Requested-With"

When any app uses Android’s WebView to load a web page, WebView attaches an extra header, named X-Requested-With, with the value set to the application ID. 
That include Lightning-I2P browser by R4SAS. 
Google doesn’t want to make it easy to get rid of the X-Requested-With header. However, there is a mechanism for replacing header information. This doesn’t allow a program to stop sending the X-Requested-With header.

More info on: https://www.stoutner.com/the-x-requested-with-header/
pull/1816/head
Jigen 2 years ago committed by GitHub
parent
commit
519c0fe81d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      libi2pd_client/HTTPProxy.cpp

1
libi2pd_client/HTTPProxy.cpp

@ -252,6 +252,7 @@ namespace proxy { @@ -252,6 +252,7 @@ namespace proxy {
req.RemoveHeader("From");
req.RemoveHeader("Forwarded");
req.RemoveHeader("DNT"); // Useless DoNotTrack flag
req.RemoveHeader("X-Requested-With"); // Android Webview send this with the value set to the application ID
req.RemoveHeader("Accept", "Accept-Encoding"); // Accept*, but Accept-Encoding
/* drop proxy-disclosing headers */
req.RemoveHeader("X-Forwarded");

Loading…
Cancel
Save