How do you patch it? The extensions themselves (presumably) need to access the same web accessible r...

what • yesterday at 9:12 PM • 1 reply • view on HN

How do you patch it? The extensions themselves (presumably) need to access the same web accessible resources from their content scripts. How do you differentiate between some extension’s content script requesting the resource and LinkedIn requesting it?

Replies

jsheard • yesterday at 9:15 PM

Firefox already mitigates this by randomizing the extension path: https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

    The file is then available using a URL like: moz-extension://<extension-UUID>/images/my-image.png"
    <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance.
    This prevents websites from fingerprinting a browser by examining the extensions it has installed.

➕ show 1 reply

alt Hacker News

Replies