From 6376328c98d54178290c5f659a7536f098d0a4ef Mon Sep 17 00:00:00 2001 From: R4SAS Date: Thu, 22 Dec 2022 17:55:51 +0000 Subject: [PATCH] [http proxy] do not remove X-Requested-With for *HttpRequest (#1816) Signed-off-by: R4SAS --- libi2pd_client/HTTPProxy.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libi2pd_client/HTTPProxy.cpp b/libi2pd_client/HTTPProxy.cpp index 451c9c74..b9d4d48c 100644 --- a/libi2pd_client/HTTPProxy.cpp +++ b/libi2pd_client/HTTPProxy.cpp @@ -252,7 +252,6 @@ namespace proxy { req.RemoveHeader("From"); req.RemoveHeader("Forwarded"); req.RemoveHeader("DNT"); // Useless DoNotTrack flag - req.RemoveHeader("X-Requested-With"); // Android Webview send this with the value set to the application ID req.RemoveHeader("Accept", "Accept-Encoding"); // Accept*, but Accept-Encoding /* drop proxy-disclosing headers */ req.RemoveHeader("X-Forwarded"); @@ -260,6 +259,18 @@ namespace proxy { /* replace headers */ req.UpdateHeader("User-Agent", "MYOB/6.66 (AN/ON)"); + /** + * i2pd PR #1816: + * Android Webview send this with the value set to the application ID, so we drop it, + * but only if it does not belong to an AJAX request (*HttpRequest, like XMLHttpRequest). + */ + if(req.GetHeader("X-Requested-With") != "") { + auto h = req.GetHeader ("X-Requested-With"); + auto x = h.find("HttpRequest"); + if (x == std::string::npos) // not found + req.RemoveHeader("X-Requested-With"); + } + /** * according to i2p ticket #1862: * leave Referer if requested URL with same schema, host and port,