NativeAlphaForAndroid icon indicating copy to clipboard operation
NativeAlphaForAndroid copied to clipboard
verified publisher icon cylonid

Minimize XRW in the WebViewActivity

Open APraxx opened this issue 2 years ago • 4 comments

Minimize the X-Requested-With (XRW) header for privacy

Until Google offers other means, like their Blog suggests, this seems like a sensible solution.

Reference: https://android-developers.googleblog.com/2023/02/improving-user-privacy-by-requiring-opt-in-to-send-x-requested-wih-header-from-webview.html

APraxx avatar Jun 11 '23 00:06 APraxx

Hi, thanks for bringing this to my attention. The header in question is not set from WebView v114 onwards, so this should not be necessary any more.

cylonid avatar Aug 12 '24 14:08 cylonid

Hi,

Thanks i read that too but couldn't see it in practice. Maybe i need to recompile because i still see it. Was leaky hack anyway because it won't work on images and resources.

Other thing i noticed is original user agent is available through SEC-CH-UA, but i don't know if that's not a browser thing.

APraxx avatar Aug 12 '24 16:08 APraxx

#141 refers to the mentioned SEC-CH-UA

APraxx avatar Oct 28 '24 19:10 APraxx

Tested on my current setup X-Requested-With still there

Reproduce: open: duckduckgo.com search for: user agent in the last line it shows on my phone

APraxx avatar Oct 28 '24 21:10 APraxx