New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
privacy.resistFingerprinting breaks addons.mozilla.com #333
Comments
This is a known problem, as the option spoofs all the tells AMO uses to detect browser version. |
Try loading the page without JS. Or click on the green icon while the page is still loading (you must be quick), as the version checking happens only when the page is fully loaded. Or you can use other tools to download the XPI. |
This bug seems to be debating the same thing we're discussing. |
FYI: the new AMO is going to use mozAddonManager web API (which is not affected by resistFingerprinting). This means AMO etc (see below) in future will work (but not other sites). I have no idea when the new AMO will land (here is the repo: https://github.com/mozilla/addons-frontend ) Whitelisted sites are here if (host.Equals("addons.mozilla.org") ||
host.Equals("discovery.addons.mozilla.org") ||
host.Equals("testpilot.firefox.com")) {
return true;
} Edit: In case that's not clear, only those three sites can read your addons and firefox version - no leakage worries PS: Here is the bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=1394448 |
Just mentioning, it's fairly trivial to spoof a domain on public networks after the KRACK attack. Looks like I'll be using "privacy.resistFingerprinting.block_mozAddonManager". |
The config setting
privacy.resistFingerprinting
breaks the AMO. With this setting enabled, going on the AMO causes the website to detect a different version of the browser which causes it to install incompatible versions of the plugins.For example, I'm using Firefox Nightly and going to the AMO page for uMatrix has the webstore telling me that I can install the last stable release which is defintiely incompatible with my browser. Also, the WebExt version which is available under a development release is marked as incompatible.
I haven't spoofed my User Agent String and I have narrowed the issue down to this preference by bisecting through all my prefs.
The text was updated successfully, but these errors were encountered: