user.js: Loosen referer spoofing to allow use of Google Hangouts web app?
I know, any privacy-conscious user would not use Hangouts for messaging. But, assuming I have to…
With the default user.js file, the Google Hangouts web app does not allow sending messages. Receiving messages works just fine. Upon inspection of the errors in the Firefox console, it seems that the referer spoofing configuration (such as discussed in #227) might be the root cause. See the json error response below. Can anyone suggest a slightly looser configuration for the referer options to balance privacy with working Hangouts? Let me know if more information is needed.
Thanks!
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "ipRefererBlocked",
"message": "The referrer https://clients6.google.com/voice/v1/users/@me/account?checkHangoutsCallingPermission=false&key=[REDACTED]&locale=en&alt=protojson does not match the referrer restrictions configured on your API key. Please use the API Console to update your key restrictions.",
"extendedHelp": "https://console.developers.google.com/apis/credentials?project=[REDACTED]"
}
],
"code": 403,
"message": "The referrer https://clients6.google.com/voice/v1/users/@me/account?checkHangoutsCallingPermission=false&key=[REDACTED]&locale=en&alt=protojson does not match the referrer restrictions configured on your API key. Please use the API Console to update your key restrictions."
}
}
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 15 (8 by maintainers)
That’s
network.http.referer.XOriginPolicy = 2but that’s not enough for Hangouts apparently since Google uses different sub-domains.That said,
network.http.referer.XOriginPolicy = 1, which does work with Hangouts, is pretty much equivalent from a privacy point of view. If Google can see you in their access logs when you access their server, they can most likely also see you in their access logs on a different server they own.I can confirm that the Google Hangouts web app works with this setting as well: