Feature #3233: limit repo server's abilty to track clients - Bazaar - Guardian Project Dev (ARCHIVED SITE)

Copy

Feature #3233

limit repo server's abilty to track clients

Added by hans almost 4 years ago. Updated almost 2 years ago.

Status:

Closed

Start date:

04/08/2014

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

Component:

Description

https://f-droid.org/repository/issues/?do=view_issue&issue=476

// Get a remote file. Returns the HTTP response code.
// If 'etag' is not null, it's passed to the server as an If-None-Match
// header, in which case expect a 304 response if nothing changed.
// In the event of a 200 response ONLY, 'retag' (which should be passed
// empty) may contain an etag value for the response, or it may be left
// empty if none was available.

The problem: The server can send unique etags, and use it as a GUID replacement.

Proposed solution: Make a HEAD request first and compare the etag with the stored one. If it does not match, then send the GET request, but without If-none-match header. This gives the server only one try to guess the etag.

See: http://lucb1e.com/rp/cookielesscookies/

History

#1 Updated by hans over 2 years ago

Target version deleted (~~134~~)

#2 Updated by hans almost 2 years ago

Status changed from New to Closed

moved to here:
https://gitlab.com/fdroid/fdroidclient/issues/562

Copy

Also available in: Atom PDF

Core Apps » Bazaar

Issues

Custom queries

Feature #3233

limit repo server's abilty to track clients

History

#1 Updated by hans over 2 years ago

#2 Updated by hans almost 2 years ago