Xa uxubusha
I-header ye-X-Client-Data ayifihlwanga kwaye nokuziphatha kwayo
Inhloko
Iheda ixelwe ukuba ayinalwazi lwamntu kwaye ichaza kuphela imeko yofakelo lweChrome kunye neempawu zovavanyo ezisebenzayo. Ukuba i-telemetry yokusetyenziswa kwesikhangeli kunye nengxelo yokuphahlazeka ivaliwe kwizicwangciso, ukuvelisa isiseko se-X-Client-Data ye-header value isebenzisa kuphela i-13 bits ye-entropy (i-8000 indibaniselwano eyahlukeneyo), enganelanga ukuchongwa.
Ngenxa yokuba i-header ikwadibanisa ezinye izicwangciso zenkqubo kunye neeparameters, ekugqibeleni imixholo ye-X-Client-Data ifanelekile njengomthombo owongezelelweyo wedatha yokuchongwa komsebenzisi ongathanga ngqo ngexesha elifutshane (izakhono zovavanyo zenziwe kwaye zikhubaziwe ngokuhamba kwexesha, nto leyo ekhokelela kutshintsho lwexabiso ngamaxesha athile kwi-X-Client-Data).
Nangona kunjalo, ukongeza kwi-entropy yokuqala, xa uvelisa ixabiso le-X-Client-Data, kukho kwakhona ukulandelelana kwembewu okubuyiswe ngabancedisi beGoogle kwaye kuxhomekeke kwilizwe, idilesi ye-IP kunye nezinye iikhrayitheriya iGoogle ezibona zibalulekile (umzekelo, akukho nto ithintela. wena ekubuyiseni ulandelelwano olukhulu olungenamkhethe , oluzakuba sisazisi kanye).
Ukongezelela, ukujonga usebenzisa iimaski ze-Google ze-domain xa uthumela i-X-Client-Data ayibandakanyi iimeko apho umhlaseli angabhalisa i-domain njenge "youtube.xn--55qx5d" kwaye uqale ukuqokelela izichazi.
umthombo: opennet.ru