-
-
Notifications
You must be signed in to change notification settings - Fork 25
Developer explanations
The GPC signals can be broken down into a DOM signal and setting headers. Our DOM signal is being set by a content script that injects a script to set navigator.globalPrivacyControl to true. When a user wishes to opt-in to sales, a second content script immediately removes the DOM signal. Our headers are done similarly. Using declarativeNetRequest, we set a static universal rule that adds the Sec-GPC and DNT headers, both with a value of 1. When a user chooses to opt back in, we create a site-specific dynamic rule that immediately removes these headers.
We had an issue open (issue #192) regarding these 3rd party domains not loading properly prior to our 2.0.0 release. We realized that our cache of requests made, which are sent to the popup when it is opened, didn't clear properly when a user navigated to a new site. We ultimately decided to clear this cache by using webNavigation.onBeforeNavigate, since it gets the closest to clearing all the previously collected domains while dropping as few new connections as possible. There are ways of messing with the APIs available to us to better approximate which requests belong to which page, but we decided our solution worked well enough for the time being.