Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    [SOLVED] Fingerprint Issue with Brave

    Kopano WebApp
    1
    2
    550
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • h44z
      h44z last edited by h44z

      Hi,

      i recently encountered a problem with the Brave browser:

      it seems that Brave changes the Accept-Language request header which breaks the WebApp’s fingerprinting functionallity.

      For example, the initial login request has a Accept-Language header like

      Request URL: https://webmail.kopano.com/webapp/
      
      Accept-Language: de-AT;q=0.6
      

      Requests to CSS or JS resources then have a different Accept-Language header:

      Request URL: https://webmail.kopano.com/webapp/index.php?version=5.2.0.0-1+168.1&load=translations.js&lang=de_DE.UTF-8
      
      Accept-Language: de-AT,de;q=0.9,en-US;q=0.8,en;q=0.7,de-DE;q=0.6,en-AT;q=0.5
      

      If we now take a look at the fingerprinting mechanism, we can see that this results in different hash values -> the request for the translation.js script will terminate the whole WebApp session =(

      public static function getFingerprint() {
      		$properties = array();
      		
      		$properties['HTTP_ACCEPT_LANGUAGE'] = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : 'HTTP_ACCEPT_LANGUAGE_NOT_FOUND'; // <--- THIS IS PROBLEMATIC
      		$properties['HTTP_USER_AGENT'] = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'HTTP_USER_AGENT_NOT_FOUND';
      		$properties['REMOTE_USER'] = isset($_SERVER['REMOTE_USER']) ? $_SERVER['REMOTE_USER'] : 'REMOTE_USER_NOT_FOUND';
      		
      		return md5(json_encode($properties));
      	}
      

      Has anyone experienced a similar problem and knows a fix for that browser behaviour? For now I just changed the hash calculation to exclude the Accept-Language header…

      1 Reply Last reply Reply Quote 0
      • h44z
        h44z last edited by

        Okay never mind, found the problem: seems that the new Brave release enabled a anti-fingerprinting technique by default:

        12d14a4c-ab10-40f8-b9ba-91e44be901b5-image.png

        Disabling this feature in the Brave Shields settings fixes the problem.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post